Page provided by NetChico. Domain name registration via Network Chico Domains.
This page presents a comprehensive list of the programs you may find that run when you switch on your PC as typically identified by MSCONFIG or the registry "Run" keys - and whether you need them.
This is NOT a database of tasks/processes taken from Task Manager or the Close Program window (CTRL+ALT+DEL) but a database of startup applications, although you will find some of them listed via this method. Pressing CTRL+ALT+DEL identifies programs that are currently running - not necessarily at startup. For a list of tasks/processes you should try the Process Library from Uniblue, the list at PC Pitstop or one of the many others now available. Therefore, before ending a task/process via CTRL+ALT+DEL just because it has an "X" recommendation, please check whether it's in MSConfig or the registry first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+ALT+DEL. If in doubt, don't do anything.
A number of entries are repeated due to the way that different operating systems display startup items. For example, WinMe lists "POPROXY.EXE" as "Norton eMail Protect" in both MSCONFIG and the registry whereas WinXP lists it as "Poproxy" in MSCONFIG and "Noeton eMail Protect" in the registry.
To avoid the list becoming too large, all VIRUSES are shown using the registry version which is common to all Windows versions.
There are viruses and other pests that can add any number of different entries to the startups. They make additional entries under the registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Run and RunOnce keys, allowing them to run at startup.
If you want to know more about these types of programs why not start with a search at Wikipedia - the free, community maintained online encyclopedia. Then visit the Safer Networking and BleepingComputer malware forums.
o-----------------------------o
Key:
Variables:
| Status | Name/Startup Item | Command | Comments | Tested |
|---|---|---|---|---|
| X | system32.exe | Added by the AGOBOT-KU WORM! Note - has a blank entry under the Startup Item/Name field | No | |
| X | pathex.exe | Added by the MKMOOSE-A WORM! Note - has a blank entry under the Startup Item/Name field | No | |
| X | svchost.exe | Added by the DELF-UX TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%. Note - has a blank entry under the Startup Item/Name field | No | |
| X | MSPF.EXE | Added by a variant of the SDBOT WORM! This file is located in the Winnt or Windows folder. Note - has a blank entry under the Startup Item/Name field | No | |
| X | dllvirtual.exe | Added by the DADOBRA-IW TROJAN! Note - has a blank entry under the Startup Item/Name field | No | |
| X | dllvirtual.dll | Added by the DADOBRA-IW TROJAN! Note - has a blank entry under the Startup Item/Name field | No | |
| X | dllvirtual.js | Added by the DADOBRA-IW TROJAN! Note - has a blank entry under the Startup Item/Name field | No | |
| X | ajsha5.exe | Added by the SPYBOT-NX WORM! Note - has a blank entry under the Startup Item/Name field | No | |
| X | ne.exe | Added by the IRCBOT-ZL TROJAN! Note - has a blank entry under the Startup Item/Name field | No | |
| X | iexpl0re.exe | Added by the RBOT-SD WORM! Note - has a blank entry under the Startup Item/Name field | No | |
| X | gbpm.exe | Added by the DLOADR.ZZD WORM! Note - has a blank entry under the Startup Item/Name field | No | |
| X | regedit.exe /s appboost.reg | Added by the APPIX.D WORM! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run and HKCU\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blank. The Windows registry editor (regedit.exe) is a legitimate Microsoft file located in %Windir% and shouldn't be deleted. The file "appboost.reg" is located in %Windir% | No | |
| Y | !1_pgaccount | pgaccount.exe | DiamondCS ProcessGuard security software - stops malicious worms and trojans from being executed silently in the background, as well as a variety of other attacks. You will see one instant of pgaccount.exe for every active account on your system, and this is essential for PG to work properly | No |
| Y | !1_ProcessGuard_Startup | procguard.exe | DiamondCS ProcessGuard security software - stops malicious worms and trojans from being executed silently in the background, as well as a variety of other attacks | No |
| Y | !AVG Anti-Spyware | avgas.exe | System Tray access to and notifications for AVG Anti-Spyware 7.5. This has now been superseded by AVG Anti-Virus which includes Anti-Spyware | Yes |
| Y | !ewido | ewido.exe | System Tray access to and notifications for Ewido Anti-Spyware 4.0. Ewido is now part of AVG Technologies so this has been superseded by AVG Anti-Virus which includes Anti-Spyware | Yes |
| N | !NoLoad | winrecon.exe | WinRecon keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| U | $EnterNet | Enternet.exe | Connection manager for the EnterNet ISP. You can also use RASPPOE | No |
| X | $sys$cmp | $sys$xp.exe | Added by the RYKNOS.B TROJAN! Attempts to utilize the Sony Rootkit A.K.A. SecurityRisk.First4DRM security risk to hide itself on the compromised computer | No |
| X | $sys$crash | $sys$sonyTimer.exe | Added by the WELOMOCH TROJAN! | No |
| X | $sys$crash | $sys$sos$sys$.exe | Added by the WELOMOCH TROJAN! | No |
| X | $sys$crash | $sys$WeLoveMcCOL.exe | Added by the WELOMOCH TROJAN! | No |
| X | $sys$drv | $sys$drv.exe | Added by the RYKNOS TROJAN! Attempts to utilize the Sony Rootkit A.K.A. SecurityRisk.First4DRM security risk to hide itself on the compromised computer | No |
| X | $sys$momomomochin | $sys$sonyTimer.exe | Added by the WELOMOCH TROJAN! | No |
| X | $sys$momomomochin | $sys$sos$sys$.exe | Added by the WELOMOCH TROJAN! | No |
| X | $sys$momomomochin | $sys$WeLoveMcCOL.exe | Added by the WELOMOCH TROJAN! | No |
| X | $sys$umaiyo | $sys$sonyTimer.exe | Added by the WELOMOCH TROJAN! | No |
| X | $sys$umaiyo | $sys$sos$sys$.exe | Added by the WELOMOCH TROJAN! | No |
| X | $sys$umaiyo | $sys$WeLoveMcCOL.exe | Added by the WELOMOCH TROJAN! | No |
| U | $Volumouse$ | volumouse.exe | Volumouse from Nirsoft. "Provides you a quick and easy way to control the sound volume on your system - simply by rolling the wheel of your wheel mouse" | No |
| X | $WindowsRegKey%update | IEXPLORE.EXE | Added by the RBOT-EZ WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System% | No |
| ? | %cmpmixtitle% | %cmpmixstr% | Possibly related to C-Media Mixer Control panel? | No |
| N | %FP%012-L2TP fts.exe | fts.exe | 012.Net.il Israeli ISP software front-end | No |
| U | %FP%012-L2TP FWPortal.exe | FWPortal.exe | 012.Net.il Israeli ISP dial-up software | No |
| N | %FP%1776 Internet fts.exe | fts.exe | 1776 Internet US ISP software ISP software front-end | No |
| U | %FP%1776 Internet FWPortal.exe | FWPortal.exe | 1776 Internet US ISP dial-up software | No |
| N | %FP%AIRTEL fts.exe | fts.exe | Bharti Airtel Broadband - Indian ISP software front-end | No |
| N | %FP%Barak013 fts.exe | fts.exe | Barak013 Israeli ISP software front-end | No |
| U | %FP%Barak013 FWPortal.exe | FWPortal.exe | Barak013 Israeli ISP dial-up software | No |
| N | %FP%Friendly fts.exe | fts.exe | Friendly ISP software front-end | No |
| X | %Temp% | %Temp%\delwdef2008.bat | WinDefender 2008 rogue privacy program - not recommended, removal instructions here | No |
| X | %Windir%\winnl.exe | winnl.exe | Added by the KIDKITI TROJAN! | No |
| X | %Windir%\winnm.exe | winnm.exe | Added by the KIDKITI TROJAN! | No |
| X | WinData | services.exe | Added by the SOBER-AD WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\PoolData and note the space at the beginning of the "Startup Item" field | No |
| X | WinINet | services.exe | Added by the SOBER.R WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\ConnectionStatus and note the space at the beginning of the "Startup Item" field | No |
| X | ϵͳע�ï½ï¿½ï¿½ | zhuruqi.exe | Added by the QHOST.V TROJAN! | No |
| X | 'AdwarePro' | 'AdwarePro'.exe | AdWarePro rogue security software - not recommended | No |
| X | \SysInit | svchost.exe | Added by the STARTPA-BD TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %ProgramFiles%\Common Files | No |
| X | Services.dll | smss.exe | Added by the SOBER-L WORM! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\msagent\system and note the space at the beginning of the "Startup Item" field | No |
| X | WinCheck | services.exe | Added by the SOBER.V WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\ConnectionStatus\Microsoft and note the space at the beginning of the "Startup Item" field | No |
| X | Windows | services.exe | Added by the SOBER.X WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\WinSecurity and note the space at the beginning of the "Startup Item" field | No |
| X | WinStart | services.exe | Added by the SOBER.O WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\Connection Wizard\Status and note the space at the beginning of the "Startup Item" field | No |
| X | winsystem.sys | smss.exe | Added by the SOBER.K WORM! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\msagent\win32 and note the space at the beginning of the "Startup Item" field | No |
| Y | 'Ashampoo AntiSpyWare 2 Guard' | AntiSpyWare2Guard.exe | Part of Ashampoo® AntiSpyWare 2 from Ashampoo GmbH & Co. KG. This part is the realtime monitor that looks for changes on the users system such as BHO, Winsock LSPs, Windows Hosts file, Autostart entries, etc | Yes |
| X | (*)API Machine | winSOCKS.exe | Homepage hijacker, see here (* = any digit) | No |
| X | (*)Run | win32API.exe | Homepage hijacker, see here (* = any digit) | No |
| X | (Default) | media_driver.exe | Added by the TUPEG VIRUS! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank | No |
| X | (Default) | Shania.vbs | Added by the SHANIA BACKDOOR! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank | No |
| X | (Default) | NOTEPAD.exe | Added by the RUSTY WORM! Note - not to be confused with the valid Windows "NOTEPAD" text editor! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank | No |
| X | (Default) | [random filename].exe | Added by the BLACKMAL WORM! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run and HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blank | No |
| X | (Default) | twunk_32.exe | Added by the BLACKMAL.C WORM! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank | No |
| X | (Default) | winhelp.exe | Added by the BLACKMAL.C WORM! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank | No |
| X | (Default) | spolsvr2.exe | Added by the EVILSOCK.10 TROJAN! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank | No |
| X | (Default) | winbas12.exe | Adware, CoolWebSearch parasite related - detected by Kaspersky as the VB.DU TROJAN! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank | No |
| X | (Default) | Systrsy.exe | Added by the CDTRAY TROJAN! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank | No |
| X | (Default) | llsass.exe | Added by the PROXY-GG TROJAN! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank | No |
| X | (Default) | syspol.exe | Added by the DREMN-B TROJAN! Note - this malware actually changes the value data of the "(Default)" key in HKCU\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank | No |
| X | (Default) | winlog.exe | Unidentified adware. Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run and HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blank | No |
| X | (default) | rundll32.exe [path to DLL file],Do98Work | Added by the HESIVE.B TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. Note - this malware actually changes the value data of the "(Default)" key in HKCU\Run, HKLM\Run and HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blank | No |
| X | (Default) | winligom.exe | Added by the RBOT-GAI WORM! Note - this malware actually changes the value data of the "(Default)" key in HKCU\Run, HKLM\Run and HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blank | No |
| X | (Default) | 5640.exe | Added by the DOWNLD-ABF TROJAN! Note - this malware actually changes the value data of the "(Default)" key in HKCU\Run, HKLM\Run and HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blank | No |
| X | (Default) | QQUpdate.exe | Added by the QUADRULE.A WORM! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank | No |
| X | (Default) | Mcafee.exe | Added by the AGENT.AY TROJAN! Note - this is not a valid McAfee program and is located in %System%. This malware actually changes the value data of the "(Default)" key in HKCU\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank | No |
| X | (Default) | fada.exe | Added by the VB.HEI TROJAN! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run, HKLM\RunServices and HKCU\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank | No |
| X | (Default) | Default.exe | Added by the AUTORUN.BUK WORM! Note - this malware actually changes the value data of the "(Default)" key in HKLM\RunOnce & HKCU\RunOnce in order to force Windows to launch it at boot. The name field in MSConfig may be blank | No |
| X | (Default) | KEYBOARD.exe | Added by the AUTORUN.BUK WORM! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank | No |
| X | (Default) | msarti.com | Added by the SILLYFDC.CJ WORM! Note - this malware actually changes the value data of the "(Default)" key in HKLM\..\Policies\Explorer\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank | No |
| X | (Default) | msnupdate.exe | Added by the RBOT-GWT BACKDOOR! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run & HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blank | No |
| X | (L4r1$$4) (4nt1) (V1ruz) | SP00Lsv32.pif | Added by the ASSIRAL.B WORM! | No |
| X | *Bandook | msdll.exe | Added by an unidentified TROJAN - see here | No |
| X | *Intelli Mouse Pro Version 2.0B* | ncsjapi32.exe | Added by the BUZUS-O WORM! | No |
| X | *JanisRuckenbrodII | janis.com | Added by the POPS WORM! | No |
| X | *Microsoft Update | ctxma.exe | Added by the STMU TROJAN! | No |
| X | *Microsoft Update | cxma.exe | Added by the STMU TROJAN! | No |
| X | *Microsoft Update | wstcl.exe | Added by the STMU TROJAN! | No |
| X | *Microsoft Update | wucxt.exe | Added by the STMU TROJAN! | No |
| X | *Microsoft Update | wuytc.exe | Added by the STMU TROJAN! | No |
| X | *MS Setup | [random filename] | Virtumondo adware, also known as the VUNDO TROJAN! | No |
| X | *MSConfig32 | aecache.exe | Detected by F-Secure as the OBFUSCATED.GP TROJAN! | No |
| Y | *Restore | rstrui.exe | Part of Windows System Restore and added as a RunOnce registry entry. Leave alone | No |
| X | *Security Center | secctr.exe | Added by the SDBOT.BRO WORM! | No |
| Y | *StateMgr | statemgr.exe | Windows ME default for System Restore. Do NOT disable! | No |
| N | *WerKernelReporting | WerFault.exe | Part of Windows Error Reporting technology (WER) for Vista. WER captures software crash and hang data from end-users who agree to report it - see here | No |
| X | *windows update | wrauclt.exe | Added by the RBOT-QU WORM! | No |
| X | *windows update | wuanclt.exe | Added by the RBOT-PG WORM! | No |
| X | *windows update | wuaucrlt.exe | Added by the SPYBOT.HUR WORM! | No |
| X | *windows update | wuraclt.exe | Added by the RBOT-PO WORM! | No |
| X | *windows update | wurauclt.exe | Added by the RBOT-SY WORM! | No |
| X | *windows update | wsctl.exe | Added by the SPYBOT.PR WORM! | No |
| X | *windows update | wkmst.exe | Added by the SDBOT.AVD WORM! | No |
| X | *windows update | wscxt.exe | Added by the RBOT.AOS WORM! | No |
| X | *windows update | waurclt.exe | Added by a variant of the RBOT WORM! | No |
| X | *windows update | wuaruclt.exe | Added by the RBOT-TF WORM! | No |
| X | *Windows [filename] Checker | [filename] | Added by the KEDEBE-B WORM! | No |
| X | *WindowsAudio | systemupd.exe | Added by the AGENT-TH WORM! | No |
| X | *WinLogon | [trojan path] ren time:[random number] | Added by the VUNDO TROJAN! | No |
| X | *winstats | winstats.exe | Added by the GARGAFX TROJAN! | No |
| X | *wuauclt.exe | w****.exe [* = random char] | Added by a variant of the RBOT-UG WORM! Note - * in the filename represents a random char; variants spotted: wxmct.exe, wtmsv.exe, wxmst.exe, wmsvc.exe and so on... | No |
| X | *zggjmyd | zggjmyd.exe | Added by the AFCORE.O BACKDOOR! | No |
| X | ,main drive Loader | wininfo.exe | Suspected malware as it appears in 3 different registry locations - see here | No |
| X | -=+(L4r1$$4)+=-(4nt1)-=+(V1ru$)=-+ | ISASS.exe | Added by the ASSIRAL.B WORM! | No |
| Y | -FreedomNeedsReboot | ZkRunOnceR.exe | Internet Security Suite used by ISPs to protect customers against many attacks | No |
| X | .. | ABC2007.exe | Added by the DLOADR-ASH TROJAN! | No |
| X | .mscdr | lassa.exe | Added by the WEBUS.C TROJAN! | No |
| X | .mscdr | lsvchost.exe | Added by the WEBUS.D TROJAN! | No |
| X | .mscdsr | lsvchost.exe | Added by the BDOOR-CR BACKDOOR! | No |
| X | .mscsbl | svhost.exe | Added by the CMQ TROJAN! | No |
| X | .msfupdate | msveup.exe | Added by the ALLOCUP.A WORM! | No |
| X | .mssecure | mssecure.exe | Added by the DDOS_BOXED.X TROJAN! | No |
| ? | .NET config | sysmon32.exe | ?? | No |
| X | .NET. | msnmgnr.exe | Added by the DELF.AYF WORM! | No |
| X | .norton | rchost.exe | Added by the BOXED-H TROJAN! | No |
| X | .nvsvc | smss.exe | Added by the IRCBOT-FP TROJAN! Note - this is not the legitimate smss.exe process which should not normally figure in Msconfig/Startup! | No |
| X | .nvsvcb | smssb.exe | Added by the BOXED.CG TROJAN! | No |
| X | .Prog | services.exe | Added by the NEVEG.B or NEVEG.C WORMS! Note - this is not the legitimate services.exe process, which should not appear in Msconfig/Startup! | No |
| X | .Prog | winlogon.exe | Added by the NEVEG.A WORM! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup! | No |
| X | .protected | N/A | Smitfraud variant | No |
| X | .svchost | CSRSS.EXE | Added by the WEBUS.F TROJAN! Note - this worm replaces the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! | No |
| X | .TEXTCONV | csrss.exe | Added by the WEBUS TROJAN! Note - this is not the legitimate csrss.exe process which should not normally figure in Msconfig/Startup! | No |
| X | .TEXTCONV | lsass.exe | Added by the WEBUS.B TROJAN! Note - this is not the legitimate lsass.exe process which should not normally figure in Msconfig/Startup! | No |
| X | .WMAudio | csrss.exe | Added by the WEBUS TROJAN! Note - this is not the legitimate csrss.exe process which should not normally figure in Msconfig/Startup! | No |
| X | .WMAudio | lsass.exe | Added by the WEBUS.B TROJAN! Note - this is not the legitimate lsass.exe process which should not normally figure in Msconfig/Startup! | No |
| N | /l:eng | N/A | Related to the Dell OEM version of the Sound Blaster Audigy 2 sound card. If this item is listed and checked in startup, the System32 Folder will appear on every startup. A patch is available - filename R75304.EXE - that fixes the issue. You can find that file at support.dell.com by typing that name in the 'Search' box available there. It addresses the root of the problem in Creative's software and corrects it. Unfortunately there is no direct link to the file, but it's easily available using the search function | No |
| N | /s | N/A | Related to the Dell OEM version of the Sound Blaster Audigy 2 sound card. If this item is listed and checked in startup, the System32 Folder will appear on every startup. A patch is available - filename R75304.EXE - that fixes the issue. You can find that file at support.dell.com by typing that name in the 'Search' box available there. It addresses the root of the problem in Creative's software and corrects it. Unfortunately there is no direct link to the file, but it's easily available using the search function | No |
| U | 000 | pit.exe | PrivateEye surveillance software. Uninstall this software unless you put it there yourself | No |
| X | 000hpdllhos | hpdllhost.exe | LZIO.com adware downloader | No |
| U | 000StTHK | 000StTHK.exe | Toshiba Hot key functionality for the function keys (Fn-Esc, Fn-F1 (lock), Fn-F2, Fn-F3, Fn-F4, Fn-F5 (switching between laptop and CRT display output), etc...) | No |
| X | 0050726-007-i32-1 | 0050726-007-i32-1.exe | Added by the BANCBAN-EC TROJAN! | No |
| X | 007-Anti-Spyware.exe | 007-Anti-Spyware.exe | 007 Anti-Spyware rogue security software - not recommended | No |
| ? | 00DSKSVR00 | desksaver.exe saskda | Part of Advanced Desktop Shield, Easy Desktop Keeper, 1st Desktop Guard and Desktop Layout Keeper (and maybe others) - which give you the ability to save, restore, manage and lock your desktop layout that includes files and folders located on your desktop, placement of desktop icons, desired wallpaper and screen saver. The exact purpose of this startup entry is unknown at present | Yes |
| U | 00DSKSVR01 | desksaver.exe tray | System Tray access to Advanced Desktop Shield, Easy Desktop Keeper, 1st Desktop Guard and Desktop Layout Keeper (and maybe others) - which give you the ability to save, restore, manage and lock your desktop layout that includes files and folders located on your desktop, placement of desktop icons, desired wallpaper and screen saver. Disabling via the program's own options will leave this startup entry but it will not run - "desksaver.exe" does however run as it's also used as a service | Yes |
| U | 00ERSRRRNKY | eraser.exe | Part of Evidence Exterminator, 1st Evidence Remover and Evidence Destructor (and maybe others) - the same file for the same version being used by all programs. Security tools that ensure your security and privacy by destroying all hidden activity information on demand, according to a schedule or on each boot/shutdown. This entry provides System Tray access to the main program for on demand cleaning and is required if any automatic cleaning has been scheduled. Located in %ProgramFiles%\Evidence Exterminator, %ProgramFiles%\1st Evidence Remover, %ProgramFiles%\Evidence Destructor or maybe others | Yes |
| ? | 00notify33 | NetBrowser.exe | Part of Best Network Security, 1st Network Admin and Corporate Network Security (and maybe others) - network-based password-protected security software that lets you impose access restrictions to all your PC workstations you have in your corporate network to stop users from tampering with them. The exact purpose of this startup entry is unknown at present | Yes |
| Y | 00PCTFW | FirewallGUI.exe | System Tray access to PC Tools Firewall Plus from PC Tools - which "is a powerful personal firewall for Windows that protects your computer from intruders and controls the network traffic in and out of your PC" | Yes |
| ? | 00saskda | newlock.exe saskda | Part of Access Manager, 1st Security Agent, Security Administrator and PC Security Tweaker (and maybe others) - which let you control which users are allowed to access your PC and the level of access each user may have. You can choose to tweak access to lots of Control Panel applet functions, including Display, Network, Passwords, Printers, System, Add/Remove Programs, etc. The exact purpose of this startup entry is unknown at present but it appears to be related to the "Screen Lock" feature | Yes |
| Y | 00TCrdMain | TCrdMain.exe | Related to the flash card slot on a Toshiba laptop. Ending this process will disable access to the flash cards | No |
| U | 00THotkey | 00THotKey.exe | For Toshiba Satellite notebook series to use the front buttons, play, stop, next, prev. | No |
| U | 00THotkey | system32THotkey.exe | For Toshiba Satellite notebook series to use the front buttons, play, stop, next, prev | No |
| U | 0190 Warner | WARN0190.EXE | Anti-dialer program (Germany) | No |
| U | 0900 Warner | WARN0900.EXE | Anti-dialer program (Germany) | No |
| X | 0mcamcap | 0mcamcap.exe | Added by the COSIAM-H TROJAN! | No |
| X | 0utlook Express | *****.exe [* = random char] | Added by the RBOT-CC WORM! Note the first letter is actually the digit "0" and not a capital "o" | No |
| X | 0_AVD32 | xzboot.exe | Added by the AGENT-IWI TROJAN! | No |
| X | 1 | 1.exe | Added by the ESTEEMS TROJAN! | No |
| X | 1 | lsass.scr | Added by the BANCOS.V TROJAN! | No |
| X | 1 | svchost.scr | Added by the BANCOS.X TROJAN! | No |
| X | 1 | mrcmgr.exe | Added by the BANKER.RQK TROJAN! | No |
| X | 1 | KHATRA.exe | Added by the AUTOIT-BP WORM! | No |
| X | 1 | addit.exe | Added by the SDBOT-RI WORM! | No |
| N | 1&1 EasyLogin | EasyLogin.exe | 1&1 EasyLogin - quick access to webhost 1&1's Control Panel, Web-Mail and other applications via the System Tray | No |
| X | 1-sukarno | sukarno.exe | Added by the BRONTOK-CR WORM! | No |
| U | 101Clips | 101Clips.exe | 101Clips - "the simplest of all multi-clipboard programs. Just have it running minimized and it captures everything you cut or copy from other programs. It keeps the last 25" | No |
| X | 1029BB4B-16A9-4E77-AA3D-96930BD68EEC | sysockeu.exe | Added by the FAKEALERT-AH TROJAN! | No |
| X | 10Base-T | explore.exe | Added by the AGOBOT-IJ WORM! | No |
| X | 1111swapmgr.exe | 1111swapmgr.exe | Added by the BDOOR-IC BACKDOOR! | No |
| X | 1234klsjdc uiar924c af | sxgnsvuxct.exe | Added by the FAKEALERT-AM TROJAN! | No |
| X | 1234klsjdc uiar924c af | sysvtypkbjx.exe | Added by the FAKEALERT-AM TROJAN! | No |
| X | 123Monitor | SpywareFreeMonitor.exe | 1-2-3 Spyware Free rogue spyware remover - not recommended, see here | No |
| U | 12Ghosts Backup | 12backup.exe | 12Ghosts Backup - "Automatic Backups, HyperBackup for Multiple Versions, Registry Backup" | No |
| U | 12Ghosts Clip | 12clip.exe | 12Ghosts Clip - "Screen shots made easy" | No |
| U | 12Ghosts JustAWindow | 12window.exe | 12Ghosts JustAWindow - "Cover annoying ads, animated gifs, things you don't want to see" | No |
| U | 12Ghosts Popup-Killer | 12popup.exe | 12Ghosts Popup-Killer | No |
| U | 12Ghosts SaveLayout | 12autosl.exe | 12Ghosts SaveLayout - "Always (always!) keep the layout of your desktop icons" | No |
| U | 12Ghosts SetColor | 12color.exe | 12Ghosts SetColor - "Change your desktop icon text colors, also to transparent" | No |
| U | 12Ghosts ShowTime | 12showtime.exe | 12Ghosts Showtime - "Enhance the clock in your tray with font formatting, colors, date, time zones" | No |
| U | 12Ghosts Synchronize | 12sync.exe | 12Ghosts Synchronize - "Sync PC clock with an atomic clock over the Internet" | No |
| U | 12Ghosts Tower | 12tower.exe | 12Ghosts Tower - "Quickly access and manage all Ghosts (included in all packages)" | No |
| U | 12Ghosts TrayProtect | 12srvc.exe | 12Ghosts TrayProtect - "Hide tray icons, restore after a crash" | No |
| U | 12Ghosts Wash | 12wash.exe | 12Ghosts Wash - "Protect your privacy, clear browser history, delete and overwrite cache files" | No |
| N | 12Voip | 12Voip.exe | 12Voip - free internet telephony utility using the VoIP (Voice over Internet Protocol). Call online friends for free and regular phones either for free (limited use) or low rates. One of a number provided by Betamax - the others generally have different rate plans. Similar to the more popular Skype | Yes |
| ? | 17779Proj2002 | N/A | ?? | No |
| X | 180adsolution | 180adsolution.exe | 180solutions adware | No |
| X | 180ax | 180ax.exe | 180Search adware | No |
| X | 180ClientStubInstall | stubinstaller****.exe [* = digit] | 180Solutions adware related | No |
| X | 180ClientStubInstall | [path to trojan] | 180Solutions adware related | No |
| X | 180ClientStubInstall | ******.tmp [* = random digit/char] | 180Solutions adware related | No |
| X | 180sa | 180sa.exe | 180Search adware | No |
| X | 1916435341.exe | 1916435341.exe | Added by the DLOADR-AXU TROJAN! | No |
| X | 196_150_ni | 196_150_ni.exe | WinFixer web installer. Winfixer is "Foistware", pretending to be system optimization, protection and recovery software - stealth installed, see here | No |
| X | 197_150_ni_3 | 197_150_ni_3.exe | WinFixer web installer. Winfixer is "Foistware", pretending to be system optimization, protection and recovery software - stealth installed, see here | No |
| N | 1: | hpdrv.exe | HP utility for monitoring when and how many recoveries have been done | No |
| U | 1A:MacVisionTrayMonitor | TrayMonitor.exe | Part of MacVision by Jeff Bargmann - an discontinued program that makes your PC's desktop look and feel incredibly like that of a Macintosh OS8 computer. Handler that puts the icons that are in your system tray into the MacVision taskbar, beside the clock | No |
| Y | 1A:Stardock MCP | mcpserver.exe | Master Control Program for Stardock apps, in development. People should leave it running if they're using any of the Stardock applications | No |
| Y | 1A:Stardock TrayMonitor | TrayServer.exe | For monitoring tray icons - if disabled icons will not be displayed in ObjectBar or DesktopX | No |
| U | 1cla | 1cla.exe | 1 Click & Lock from Softstack.com - "a system tray security utility you can use to secure your desktop when you step away from your PC. It's secure and very easy-to-use. Just define a password, and select Lock to hide and deny access to your desktop to anyone without the proper password." The same program as Access Lock and Access Controller (and maybe others) - the same file for the same version is used by all programs but the filename is different in each case | Yes |
| U | 1cla.exe | 1cla.exe | 1 Click & Lock from Softstack.com - "a system tray security utility you can use to secure your desktop when you step away from your PC. It's secure and very easy-to-use. Just define a password, and select Lock to hide and deny access to your desktop to anyone without the proper password." The same program as Access Lock and Access Controller (and maybe others) - the same file for the same version is used by all programs but the filename is different in each case | Yes |
| ? | 1CmailS | NETMAIL.EXE | ?? | No |
| X | 1on1 | 1on1.exe | Adult content dialler | No |
| U | 1Srv32 | SpyAgent4.exe | SpyTech SpyAgent monitoring software. "Spy software that allows you to monitor EVERYTHING users do on your PC." | No |
| X | 1u7 | 1u7.exe | Added by the MURBAC-A TROJAN! | No |
| U | 1Win32Cfg | SpyBuddy.exe | SpyBuddy from ExploreAnywhere, Inc - is the "dependable computer monitoring solution that will reveal what your child or employee is really doing on the computer" | No |
| U | 1Win32Cfg | Keyloggerpro.exe | Keyloggerpro keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| X | 1WinCfg32 | WebMailSpy.exe | WebMailSpy spyware | No |
| X | 2-suharto | suharto.exe | Added by the BRONTOK-CR WORM! | No |
| X | 2020Downloader | mssvr.exe | 2020Search Toolbar | No |
| X | 2177F056-0AA6-4D6C-A944-13F71F341C29 | sysokuaw.exe | Added by the FAKEALERT-AH TROJAN! | No |
| U | 24Online Client | CyberoamClient.exe | Related to Cyberroam from Elitecore Technologies Ltd | No |
| X | 250kg | 250kg.exe | Added by the AUTORUN-TI WORM! | No |
| X | 252 | winmgr.exe | Added by the LEGMIR-AT TROJAN! | No |
| X | 27 | slsorve.exe | Added by the SLSORVE-A TROJAN! | No |
| X | 27 | csrss32.exe | Added by the SLSORVE-D TROJAN! | No |
| X | 27 | msm32.exe | Added by the SLSORVE-E TROJAN! | No |
| X | 2Search | main.exe | 2Search adware | No |
| X | 2thousandbuck | [path to file] | Added by the RANKY.L TROJAN! | No |
| U | 2wSysTray | 2portalmon.exe | 2Wire Homeportal user interface | No |
| X | 3-habibie | habibie.exe | Added by the BRONTOK-CR WORM! | No |
| X | 32-bit Thunking service | thunk32.exe | Added by the DERDERO.A WORM! | No |
| X | 32.exe | nvscv32.exe | Added by the AGENT-LOL TROJAN! | No |
| X | 333 | svchost.exe | Added by the JD-A TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "Syswm1i" directory | No |
| X | 360antiarp | [path to trojan] | Added by the PASTA.AIB TROJAN! | No |
| Y | 36X Raid Configurer | JMRaidSetup.exe | JMB36x series RAID configuration utility from JMicron Technology for their PCI Express to SATA II and PATA Host Controllers | No |
| X | 388529725448 | AutomaticUpdates.exe | Added by the SDBOT-DEN WORM! | No |
| ? | 39ELTFH25Z8SKF | Ezg1q5.exe | Seems to be associated with software by Resplendence SP ? | No |
| Y | 3c1807pd | 3cmlink.exe 3cpipe-3c1807pd | 3Com WinModem driver. See here for more WinModem information | No |
| Y | 3capplnk | 3capplnk.exe | US Robotics Modem driver | No |
| N | 3cdminic | 3CDMINIC.EXE | 3Com DMI (DynamicAccess Desktop Management Interface) Agent associated with 3Com network cards | No |
| Y | 3CM Link | 3cmcnkw.exe | Required for a US Robotics WinModem as it provides the link to Windows - won't work without it | No |
| Y | 3Cmlink | 3CmlinkW.exe | For a US Robotics WinModem. Provides the link to Windows as the CPU does the processing on WinModems - won't work without it. See here for more WinModem information | No |
| ? | 3Com Launcher | Launcher.exe | Related to networking products from 3Com Corporation. What does it do and is it required? | No |
| N | 3ComDMIAgent | 3CDMINIC.EXE | 3Com DMI (DynamicAccess Desktop Management Interface) Agent associated with 3Com network cards | No |
| Y | 3cpipe-USRpdA | USRmlnkA.exe | Modem driver files from US Robotics | No |
| X | 3D Text | 3D Text.scr | Added by the JERMY.A WORM! | No |
| U | 3Deep Control Panel | 3DeepCTL.EXE | 3Deep® from E-Color corrects lighting, shading and color for all your 2D and 3D games. Now superseded by 3DxWizzard™ | No |
| X | 3Dfx Acc | GFXACC.EXE | Added by the GIBE WORM! | No |
| N | 3dfx Task Manager | 3dfxMan.exe | System Tray application for 3dfx Voodoo 3/4/5 functions. Available via Start -> Programs | No |
| Y | 3dfx Tools | 3dfxCmn.dll | Updates the registry with information that can't be held for Voodoo 3/4/5 series graphics cards. Important for owners of these cards | No |
| Y | 3dfxv2ps.dll | 3dfxv2ps.dll | Updates the registry with info that can't be held for 3dfx Voodoo 2 video cards. Important for owners of these cards | No |
| ? | 3Dlabs Taskbar Display Manager | 3DLman.exe | 3DLabs graphics driver related. System Tray access to display settings? | No |
| U | 3DLabsHelperDemon | 3dldemon.exe | Directly from the programs author "It is a tiny program that is installed by the Permedia2/3 and probably other Oxygen-series cards. Normally it sits in the background doing nothing at all (sleeping on a semaphore), so it should take zero CPU time and virtually zero memory, since it will all be paged out to the hard drive." In most cases it can be safely disabled | No |
| Y | 3DMouse.EXE | 3DMouse.EXE | Dritek System Inc. 3D Mouse driver | No |
| X | 3d_sound | 3d_sound.exe | Added by the RIADOS-A TROJAN! | No |
| X | 3P_UDEC_IA | IAInstall.exe | Installer for the Internet Antivirus and Internet Antivirus Pro rogue security software - not recommended, removal instructions here | No |
| U | 3qdctl.exe | 3qdctl.exe | Provided with Terratec 128i PCI and similar sound cards. Loads a sound profile at bootup, restoring volume and other audio settings to a pre-determined default. Similar to Creative Lab's AudioHQ | No |
| Y | 3ware 3DM | 3dm.exe | Monitors status of the disk array on 3ware IDE RAID controllers | No |
| X | 4-gusdur | gusdur.exe | Added by the BRONTOK-CR WORM! | No |
| X | 456655 | explorer.exe | Added by the BIFROSE-DE TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System% | No |
| X | 4684735485910 | netdll32.exe | Added by the SDBOT-DEV WORM! | No |
| X | 49U5T1N4 | 49U5T1N4.exe | Added by the KORRON.B WORM! | No |
| X | 4da92ad5.exe | 4da92ad5.exe | Added by the DLOADR-WZ TROJAN! | No |
| X | 4k51k4 | 4k51k4.exe | Added by the BRONTOK-BH WORM! | No |
| U | 4oD | KHost.exe | Verisign Kontiki Delivery Management System - Windows-based client software that enables secure delivery of content to users' desktops | No |
| X | 4wd!!! | Natal!.pif | Added by the OPASERV.AI WORM! | No |
| X | 5-1-61-96 | members-area.exe | Adult content dialler | No |
| X | 5-2-46-112 | 5-2-46-112.exe | Adult content pop-up dialler. Removal instructions here | No |
| X | 5-megawati | megawati.exe | Added by the BRONTOK-CR WORM! | No |
| X | 55278 | grepclient1.exe | Added by the LINEAGE-S TROJAN! | No |
| X | 5p4m | [path to trojan] | Added by the LITEBOT-C TROJAN! | No |
| X | 5whgue21 | 5whgue21.exe | ClearSearch adware | No |
| X | 6-susilo b | sby.exe | Added by the BRONTOK-CR WORM! | No |
| X | 65438761234587528 | rkgnd.exe | ANG AntiVirus 09 rogue security software - not recommended, removal instructions here | No |
| X | 666 | Ska.exe | Added by the PIPES TROJAN! | No |
| X | 678 | lsas32.exe | Added by the SLSORVE-B TROJAN! | No |
| X | 756349DC-6D9E-4F2A-9B24-269661F073C3 | sysoghcx.exe | Added by the FAKEALERT-AH TROJAN! | No |
| X | 76112549345328287 | angpd.exe | ANG AntiVirus 09 rogue security software - not recommended, removal instructions here | No |
| X | 7f8e | z****.exe 9idf | Detected by NOD32 as the SMALL.ALI TROJAN! Note - it creates a number of extra z****.dll files in the %System% folder | No |
| U | 802.11b+g USB Wireless LAN Utility | ZDWlan.exe | 802.11b+g USB Wireless LAN Utility | No |
| U | 802.11g MIMO Wireless Utility | RaUI.exe | Wireless configuration utility for Railink 802.11g MIMO based products | No |
| U | 802.11g Wireless Adatper | Monitor.exe | Related to wireless card (802.11) adapter/standard. System Tray icon that provides a shortcut to "Wireless Connection Status" and allows to turn WL on and off. Supplier unknown. Adapter is miss-spelled | No |
| X | 852EBF20-A95D-4F1F-B9C2-B2CD24350F3E | sysodkcs.exe | Added by the FAKEALERT-AH TROJAN! | No |
| X | 98D0CE0C16B1 | rundll32.exe D0CE0C16B1, D0CE0C16B1 | BrowserAid/BrowserPal foistware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| X | 9m | winlog0n.exe | Added by the LEGMIR-AQK TROJAN! | No |
| X | 9UmxQPSiTJMbA | NVUKZ.exe | Added by the AGENT-LMN TROJAN! | No |
| Y | 9xadiras | 9xadiras.exe | Allied Telesyn AT series router/modem related - apparently required | No |
| X | 9xHtProtect | AVprotect9x.exe | Added by the NETSKY.M WORM! | No |
| X | ;Rundll | [filename] | Added by the PWSLEGMIR.E TROJAN! | No |
| X | ?ekio Startups | ?nksvc32.exe | Added by the AGOBOT-OV WORM where ? is a random character | No |
| X | @ | regedit -s win.dll | Added by the SEEKER.K TROJAN! Note that regedit is the the legitimate Windows Registry Editor and shouldn't be deleted. The "win.dll" file is located in %Windir% | No |
| X | @ | iexpl0res.exe | Added by the RBOT.AEX WORM! | No |
| X | @ | wincms.exe | Added by the RBOT.CBR WORM! | No |
| X | @ | winsys32.exe | Added by the DELF.CP BACKDOOR! Note that the entry under the Startup Item/Name field my be blank | No |
| N | @Hoc Toolbar | AtHoc.exe | One-click activated browsing toolbar used by various web-sites. See here for more info | No |
| N | @loha | reminder.exe | Registration reminder for @loha@home E-mail utility | No |
| X | @tour_ww | @tour_ww[1].exe | Adult content dialler | No |
| X | a | a.exe | Commercials file that registers itself in the system registry and redirects IE to a certain commercial website | No |
| X | a | jesse.exe | Added by the MELO-A WORM! | No |
| X | a | MsSvrdll.vbs | Added by the MUTAFROG!INF WORM! | No |
| X | A New Windows Updater | w32NTupdt.exe | Added by the MYTOB.BM WORM! | No |
| N | A Note | A Note.exe | "A Note is a program that lets you create post-it like notes on your Microsoft Windows desktop" | No |
| U | A Verizon App | VERIZO~1.EXE | Part of Verizon Online Support Manager | No |
| U | a² | a2guard.exe | a-Squared antitrojan - can be run on demand but necessary in Startup if you prefer the a² 'Background Guard' real time protection feature | No |
| U | a-squared | a2guard.exe | a-squared antitrojan - can be run on demand but necessary in Startup if you prefer the a² 'Background Guard' real time protection feature | No |
| Y | a-squared Anti-Dialer | a2adguard.exe | a-squared Anti-Dialer | No |
| Y | a-winpoet-service | winpppoverethernet.exe | WinPoET is the industry's first Windows-based PPP over Ethernet client. Developed by iVasion, WinPoET is attractive to equipment providers, modem suppliers, RBOCs and ISPs. For more info read here. It uses dial-up networking for new high-speed internet customers who are more familiar with analogue modems. If unchecked in MSCONFIG it reports Error 360 - Hardware Error in dial-up networking | No |
| U | A1000 Settings Utility | cpqa1000.exe | Compaq A1000 Print Fax All-in-One copy scan printer software. Required in the Startup in order to scan, print, copy and fax. Only required if you use these features | No |
| U | A4Proxy | A4Proxy.exe | Anonymity 4 Proxy - local proxy server that makes you anonymous when visiting web sites | No |
| X | A5118r | _default32142.pif | Added by the BRONTOK-AK WORM and variants! | No |
| X | A5118r | j6321422.exe | Added by the BRONTOK-AK WORM and variants! | No |
| X | A70F6A1D-0195-42a2-934C-D8AC0F7C08EB | rundll32.exe E6F1873B.DLL, D9EBC318C | BrowserAid/BrowserPal foistware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| X | aa bbcc dde effgghh jj | update.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| ? | AAACLEAN | AAACLEAN.INF | ?? | No |
| ? | AAAKeyboard | ?? | ?? | No |
| N | AAATraySaver | TraySaver.exe | System Tray management utility from Mike Lin which allows you to hide, show, restore icons that are lost in an Explorer crash, remove dead tray icons, minimize any window to the System Tray | No |
| X | aacmeyf | aacmeyf.exe | Added by the AF.20 TROJAN! | No |
| X | Aaep | opar.exe | PurityScan/Clickspring adware | No |
| U | AAK | aak.exe | Advanced Anti-Keylogger - "Anti-spy software to prohibit operation of any keyloggers currently in use or presently being developed anywhere" | No |
| U | aaLDISCN32 | LDISCN32.EXE | LANDesk® Management Suite software component | No |
| U | aaLDTaskCompletion | amclient.EXE | LANDesk® Management Suite software component | No |
| X | AAMSFree702 | Avengine.com | Added by the DELF.LJ TROJAN! | No |
| X | AAMSFree702 | sys.exe | Added by the BACKDOOR-CPC TROJAN! | No |
| X | Aaou | amee.exe | PurityScan adware | No |
| X | Aapp | adprot.exe | AdBlaster adware | No |
| X | aaprotect | [path to trojan] | Added by the BANCBAN-MJ TROJAN! | No |
| X | AASSKK2 | LSASS.EXE | Added by the SILLYFDC.BDB WORM! Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %AppData% | No |
| ? | aauclient | ACNUpdater.exe | Appears to be related to software from Accenture.com | No |
| U | AAW | Ad-Aware.exe | Ad-Aware SE Personal from Lavasoft - popular spyware/adware removal tool. Now superseded by Ad-Aware 2008 Free | No |
| U | AAWTray | AAWTray.exe | System Tray access to Ad-aware from Lavasoft - popular spyware/adware removal tool | No |
| ? | ab EazyScheduler | ezsched.exe | ?? | No |
| X | abass | abass.exe | Added by a variant of the Storm/Nuwar/Zhelatin WORM! See here for an example | No |
| N | ABBYY Community Agent | CAGENT.EXE | Installed with the Optical Character Recognition (OCR) software that comes bundled with a Compaq A3000 all-in-one printer/scanner. Its function appears to be to link you to the internet in an attempt to buy the 5.0 version of the software | No |
| U | ABC | keylogger.exe | Keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| X | abcdefgh | abcdefgh.exe | EPJ TROJAN! | No |
| U | ABIT uGuru | uGuru.exe | ABIT µGuru - on motherboards incorporating the µGuru processor this provides quick access to "hardware monitoring, overclocking, BIOS flashing and audio tweaking" | No |
| N | ABITEQ | abiteq.exe | Monitoring utility for ABIT Motherboards. Displays system voltages, temperatures and fan speeds | No |
| X | Abrada WIN32 | abrada.exe | Added by the DERMON-G TROJAN! | No |
| Y | ABRegmon | ABregmon.exe | Part of the ArcaVir antivirus suite from Polish company Arcabit. What does this part do? | No |
| U | Absolute Shield | dseraser.exe | Absolute Shield Evidence Eliminator - internet history eraser | No |
| U | Absolute StartUp monitor | ASMon.exe | Absolute Startup - startup monitor from F-Group Software | No |
| U | AbsoluteShield Internet Eraser | cseraser.exe | AbsoluteShield Internet Eraser - "protects your privacy by cleaning up all the tracks of your Internet and computer activities" | No |
| X | ABsr | absr.exe | Added by the AUTOUPDER TROJAN! | No |
| X | absr | mwsvm.exe | SeekSeek search hijacker related - see here | No |
| X | abtu | mp3serch.exe | Loads the executable for Lop.com - final version | No |
| X | abtu | lopsearch.exe | Loads the executable for Lop.com - beta version | No |
| U | AbyssWebServer | abyssws.exe | Abyss web server | No |
| X | Ac97Sound | snddrv.exe | Added by the VB.AXG TROJAN! | No |
| U | aca | aca.exe | Access Controller - "a desktop locking security utility you can use to protect your desktop when you are not near your PC. To activate protection, define a password in Options, and select the Lock command. Password protection can be automatically activated on boot or with a click of an icon in the system tray." The same program as 1 Click & Lock and Access Lock (and maybe others) - the same file for the same version is used by all programs but the filename is different in each case | Yes |
| U | aca.exe | aca.exe | Access Controller - "a desktop locking security utility you can use to protect your desktop when you are not near your PC. To activate protection, define a password in Options, and select the Lock command. Password protection can be automatically activated on boot or with a click of an icon in the system tray." The same program as 1 Click & Lock and Access Lock (and maybe others) - the same file for the same version is used by all programs but the filename is different in each case | Yes |
| U | AcBtnMgr_X63 | AcBtnMgr_X63.exe | "Lexmark Scan & Copy Control Program" for the Lexmark X63 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc | No |
| U | AcBtnMgr_X63.exe | AcBtnMgr_X63.exe | "Lexmark Scan & Copy Control Program" for the Lexmark X63 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc | No |
| U | AcBtnMgr_X73 | AcBtnMgr_X73.exe | "Lexmark Scan & Copy Control Program" for the Lexmark X73 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc | No |
| U | AcBtnMgr_X83 | AcBtnMgr_X83.exe | "Lexmark Scan & Copy Control Program" for the Lexmark X83 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc | No |
| U | AcBtnMgr_X84-X85 | AcBtnMgr_X84-X85.exe | "Lexmark Scan & Copy Control Program" for the Lexmark X84-X85 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc | No |
| U | acc | acc.exe | Advanced Call Center - "full-featured yet easy-to-use answering machine software for your voice modem" | No |
| X | ACCDEFRAGINFO | [path to worm] | Added by the DARBY-O WORM! | No |
| U | Accelerate | accelerate.exe | Webroot Accelerate - allows you to optimize Windows network registry settings in order to boost surfing speeds. Leave this enabled if you find it improves your connection | No |
| Y | AccelerometerSt | AccelerometerSt.exe | HP 3D DriveGuard uses a digital accelerometer protects your disk drive by parking and halting I/O requests if you drop your PC or if you move your PC with the display lid closed | No |
| Y | AccelerometerSysTrayApplet | AccelerometerSt.exe | HP 3D DriveGuard uses a digital accelerometer protects your disk drive by parking and halting I/O requests if you drop your PC or if you move your PC with the display lid closed | No |
| U | Access Connections | ACTray.exe | System Tray access to the ThinkVantage Access Connections connectivity-assistant program for IBM/Lenovo ThinkPad or 3000 Family notebook computers - "allowing users to seamlessly switch between wired and wireless environments, managing security settings, printers, home page and other location-specific settings automatically" | Yes |
| X | Access Control App | winsto.exe | Added by the AGENT.DGO TROJAN! | No |
| N | Access IBM Message Center | ibmmessages.exe | "The Access IBM Message Center displays messages to inform you about helpful software that may be pre-installed on your PC. The Message Center can also provide messages about new updates available from the IBM Support Center to keep your computer current" | Yes |
| N | Access Ramp Monitor | armon32.exe | Monitors your progress on the internet; hang-ups, connection speeds, internet congestion and traffic flow. It prevents some games from running also. To disable the Access Ramp Monitor (1) Open Windows Explorer (2) Open the Program Files folder (3) Open the MindSpring folder (4) Open the AccessRamp folder (5) Double-click on the ARMCfg32.exe file (6) Uncheck Enable Dialup Monitor and click OK (7) Restart the computer and try again | No |
| X | Access WebControl | [path to file] | Added by the PPDOOR-M TROJAN! | No |
| U | AccessManager | AccessMgr.exe | Part of SmartPipes SecureSite software. "SecureSite enables rapid turnup and enhanced administration of VPNs. It automates and simplifies tasks for VPN design and policy management, access control management, and key management" | No |
| X | AccessMedia P2P Loader | amp2pl.exe | My AccessMedia toolbar related, stealth installed! | No |
| U | AccessoriesPlus | clockplus.exe | Clock Plus, part of Accessories Plus allows you to select from dozens of alternatives for the Windows clock | No |
| N | AccessRamp Monitor01 | ARMon32a.exe | From a visitor "Just wanted to provide you with some info on Access Ramp software installed with Verizon DSL accounts in those areas that use the Winpoet PPPoE software. The Access Ramp TSRs are installed as part of IP Insight software (can't remember the software maker). You can decline to install IP Insight during Winpoet setup, or go into Add/Remove programs uninstall IP Insight by hand if it's already installed. It really doesn't do a darn thing for you. It was intended to help DSL techs monitor QoS, but the backend part was never implemented (at least as of earlier this year). This will not affect the user's ability or inability to access their DSL service." | No |
| N | AccessRampLAN01 | ARUpld32.exe | Version of the AccessRamp Monitor01 entry for LAN connections - a history uploader. The key in turning it off is a file named ARUCfg32.exe. This file (ARUCfg32.exe) does not show up in the startup process. If you have this file, you can execute it and remove all the monitoring activities it does. Removing all the checks in all the boxes (both tabs) still calls ARUpld32.exe to start when you start the dial up. You can block it from sending info if you have Zone Alarm installed. Renaming the extension of ARUCfg32.exe to ARUCfg32.exe1 works. The ARUpld32.exe is not loaded when launching the dial up client. Written by IP Insight and also included with Earthlink Total Access 2003 | No |
| Y | accrdsub | accrdsub.exe | ActivIdentity ActivClient - security software from ActivIdentity Corporation which "enables organizations to secure workstations with smart cards and smart USB tokens while enforcing strong authentication for desktop access and network login" | No |
| U | AcctMgr | AcctMgr.exe | Norton™ Password Manager - part of Norton SystemWorks 2004 - stores passwords and other personal information, and retrieves the data needed for email logins, shopping orders, banking, and other online activities - all from the safety of your own PC | No |
| N | AccuWeather.com® Desktop | AccuWeatherDesktop.exe | Desktop weather from AccuWeather | No |
| N | AccuWeatherDesktopAlerts | AccuWeatherDesktopAlerts.exe | Weather alerts for AccuWeather.com Desktop which "provides you with the most accurate, late-breaking weather conditions for the United States" | No |
| X | accwizz.exe | accwizz.exe | Added by the RULAND.A WORM! | No |
| X | accwizzz.exe | accwizzz.exe | Added by the RULAND.A WORM! | No |
| N | ACDaemon | ACDaemon.exe | Used to serve notice of product information and updates when running ArcSoft products such as TotalMedia, PhotoStudio 6 and Print Creations. Set the associated ArcSoft Connect Daemon (ACService.exe) service to Manual (via Start → Control Panel → Administrative Tools → Services) and run this entry manually via the Start menu when required | Yes |
| X | acdllib3 | bcdlmem.exe | Added by the MAILBOT-BA TROJAN! | No |
| N | ACDSee | ACDSee8Pro.exe | ACDSee 8 photo software. Organize, manage, enhance, and share all your valued photo memories | No |
| ? | Ace bows | Ace bows.exe | ?? | No |
| N | AceGain LiveUpdate | LiveUpdate.exe | "AceGain LiveUpdate can help to automate and optimize product updates. AceGain LiveUpdate will automatically detect new patch updates, driver updates or full product updates and automatically download and install them according to user configuration" | No |
| U | Acer Assist Launcher | launcher.exe | Acer Assist - program that provides information about new updates or notices from Acer | No |
| U | Acer eAP Launch Tool | EAPLAU~1.EXE | Empowering Technology Launcher, installed on Acer computer | No |
| ? | Acer Empowering Technology Monitor | SysMonitor.exe | Part of Acer Empowering Technology. What does it do and is it required? | No |
| U | Acer ePower Management | Acer ePower Management.exe | Part of Acer Empowering Technology. "Acer ePower Management is a straightforward interface that allows users to select from pre-configured power usage profiles, or to create their own customized profiles" | No |
| U | Acer ePower Management | ePowerTray.exe | Acer® PowerSmart Manager power management utility included on some models in the Aspire range of notebooks. Also appears as the Packard Bell PowerSave power management utility included on some of their notebook models - as Packard Bell is now owned by Acer | No |
| U | Acer ePower Management | ePowerTrayLauncher.exe | Launcher for the Acer® PowerSmart Manager power management utility included on some models in the Aspire range of notebooks | No |
| U | Acer ePresentation HPD | ePresentation.exe | Part of Acer Empowering Technology. Allows you to manage both internal and external displays | No |
| Y | Acer Launch Tool | Alaunch | Part of Acer eRecovery - "a powerful utility that does away with the need for recovery disks provided by the manufacturer, and also acts as a versatile standalone backup and recovery manager". This entry isn't normally running but once eRecovery starts it's used to re-install the software included with the system | Yes |
| N | Acer Product Registration | ACE1.exe | Acer Product Registration - remove when registration is completed | No |
| N | Acer Tour Reminder | Reminder.exe | Popup reminder to take the tour of your new Acer laptop | No |
| U | AcerGoto | AcerGoto.exe | Acer Computer "Goto Drive" Cold Swap Driver - a swappable second disk drive provides convenient backup of large files, or easy importation of data from user's previous computer | No |
| U | AcerNotebookManager | almxptray.exe | System Tray access on some Acer Notebooks to give faster access to system settings | No |
| U | AcerPowerkey | Powerkey.exe | PowerKey utility for Acer TravelMate notebook PCs. Allows the user to quickly switch between different power schemes by pressing Fn+F3 | No |
| X | Acess2007a | access2007a.exe | Added by the GAOBOT.PQA WORM! | No |
| X | Aceu | [random filename] | PurityScan adware | No |
| Y | acEventServ | acevtsrv.exe | ActivCard Gold from ActivIdentity, Inc. Smart card-based strong authentication software - for photo IDs, proximity badges for facility access and as digital identification and authentication | No |
| U | AClntUsr | AClntUsr.exe | Altiris AClient Service Windows Tray Icon | No |
| N | Acme.PCHButton | pchbutton.exe | Used by HP Instant Support | No |
| U | ACMonitor_X63 | ACMonitor_X63.exe | Button monitor for the Lexmark X63 all-in-one multifunction printer/copier/scanner. Works in conjunction with the "Lexmark Scan & Copy Control Program" button manager whose filename is "AcBtnMgr_X63.exe" | No |
| U | ACMonitor_X63.exe | ACMonitor_X63.exe | Button monitor for the Lexmark X63 all-in-one multifunction printer/copier/scanner. Works in conjunction with the "Lexmark Scan & Copy Control Program" button manager whose filename is "AcBtnMgr_X63.exe" | No |
| U | ACMonitor_X73 | ACMonitor_X73.exe | Button monitor for the Lexmark X73 all-in-one multifunction printer/copier/scanner. Works in conjunction with the "Lexmark Scan & Copy Control Program" button manager whose filename is "AcBtnMgr_X73.exe" | No |
| U | ACMonitor_X83 | ACMonitor_X83.exe | Button monitor for the Lexmark X83 all-in-one multifunction printer/copier/scanner. Works in conjunction with the "Lexmark Scan & Copy Control Program" button manager whose filename is "AcBtnMgr_X83.exe" | No |
| U | ACMonitor_X84-X85 | ACMonitor_X84-X85.exe | Button monitor for the Lexmark X84-X85 all-in-one multifunction printer/copier/scanner. Works in conjunction with the "Lexmark Scan & Copy Control Program" button manager whose filename is "AcBtnMgr_X84-X85.exe" | No |
| X | acocash | fastdown.exe | Adult content dialler | No |
| X | acocash | FASTFOWN.EXE | Adult content dialler | No |
| U | Acombo3dmouse | Acombo3d.exe | Mouse driver - required if you use non-standard Windows driver features | No |
| X | Aconti | aconti.exe | Adult content dialler | No |
| U | acoustic | acoustic.exe | Control panel program for Philips Acoustic Edge soundcard. Not required unless changed settings aren't retained | No |
| N | acpart | agpart11.exe | Program for finding trucks on-line | No |
| X | Acrobat | acrmon32.exe | Added by the SMALL-ECT TROJAN! | No |
| U | Acrobat Assistant | AcroTray.exe | Essential for creating PDF files with Adobe Acrobat and Acrobat Distiller. For Win9x/Me systems you can run this file manually beforehand. For WinXP systems this file must run at startup. Hence the "U" recommendation | No |
| U | Acrobat Assistant 7.0 | Acrotray.exe | Essential for creating PDF files with Adobe Acrobat and Acrobat Distiller. For Win9x/Me systems you can run this file manually beforehand. For WinXP systems this file must run at startup. Hence the "U" recommendation | No |
| U | Acrobat Assistant 8.0 | Acrotray.exe | Essential for creating PDF files with Adobe Acrobat and Acrobat Distiller. For Win9x/Me systems you can run this file manually beforehand. For WinXP systems this file must run at startup. Hence the "U" recommendation | No |
| X | Acrobat Read | acroup32.exe | Added by the VANBOT-BQ TROJAN! | No |
| N | Acrobat Speed Launch | acrobat_sl.exe | Speeds up the time it takes to load Adobe's Acrobat PDF creation and management tool. From version 7.0 onwards | No |
| U | ACROMOUSE | ACROMAPP.exe | Related to ACROMOUSE Laser mouse control | No |
| U | Acronis Popup Blocker | RunDll32.exe [path] Blocker.dll, Run | Part of Acronis Privacy Expert - anti-spyware and security suite | No |
| U | Acronis Scheduler Helper | schedhlp.exe | Part of Acronis True Image backup software. Co-operates with the "schedul2.exe" service to perform backup/restore tasks correctly. Required if you want to use True Image to do some real backup/restore tasks - not if you only want to explore/mount images | No |
| U | Acronis Scheduler2 Service | schedhlp.exe | Part of Acronis True Image - backup software. Co-operates with the "schedul2.exe" service to perform backup/restore tasks correctly. Required if you want to use True Image to do some real backup/restore tasks - not if you only want to explore/mount images | No |
| U | Acronis True Image | TimounterMonitor.exe | Part of Acronis True Image backup software. Monitor for the backup archive explorer for moving and viewing files within an archive | No |
| N | Acronis True Image Monitor | TrueImageMonitor.exe | Part of Acronis True Image - backup software. Can be disabled without affecting TrueImage | No |
| N | Acronis TrueImage Monitor | TrueImageMonitor.exe | Part of Acronis True Image - backup software. Can be disabled without affecting TrueImage | No |
| N | Acronis*True*Image Monitor | TrueImageMonitor.exe | Part of Acronis True Image - backup software. Can be disabled without affecting TrueImage | No |
| U | AcronisTimounterMonitor | TimounterMonitor.exe | Part of Acronis True Image backup software. Monitor for the backup archive explorer for moving and viewing files within an archive | No |
| N | AcronisTrueImage Monitor | TrueImageMonitor.exe | Part of Acronis True Image - backup software. Can be disabled without affecting TrueImage | No |
| X | Acroread | AcroRD32.exe | Added by the DLOADR-BDK TROJAN! Note - this is not the popular Adobe Reader | No |
| X | Acroread | GoogleUpdate.exe | Added by the AGENT-JGI TROJAN! Note - this is not a valid Google progam | No |
| U | Act! Preloader | Act8.exe | Sage Software's ACT! "enables individuals and small business customers to instantly access key contact and customer information, manage and prioritize activities, and track all contact-related communications so you can grow productive business relationships" | No |
| N | Action Manager 32 | am32.exe | Associated with a Plustech scanner. Small utility that runs in the background for doing fax/copy/etc. Available via Start -> Programs | No |
| ? | ActionAgent | actionagent.exe | "A COM server that runs on the client as part of the Dell OpenManage Client Instrumentation 6.x package; provides a simple method for a remote administrator to perform actions on the instrumented client". Is it required? | No |
| N | Activation | Activation.exe | Part of Microsoft Money | No |
| U | Activboard | MMKeybd.exe | Packard Bell ActiveBoard keyboard - multimedia keyboard manager. Required if you use the additional keys and want to see the status of the Num Lock, Caps Lock, Scroll Lock keys | No |
| U | ACTIVBOARD | ABoard.exe | Packard Bell ActiveBoard keyboard - multimedia keyboard manager. Required if you use the additional keys and want to see the status of the Num Lock, Caps Lock, Scroll Lock keys | No |
| X | Active Bit Station | abs.exe | Added by the MYTOB.BZ WORM! | No |
| N | Active CPU | acpu.exe | Active CPU - "easy to use tool for Windows 95/98/ME/NT/2000 that enables you to watch a graphical representation of your CPU's activity" | No |
| U | Active Desktop Calendar | ADC.EXE | XemiComputers Active Desktop Calendar | No |
| U | Active Email Monitor | aem25.exe | Active Email Monitor checks multiple accounts for email, serves as a SPAM filter and can also protect you from harmful items that can be sent via email | No |
| X | Active Security | asecurity.exe | Active Security rogue security software - not recommended, removal instructions here | No |
| U | Active shield | Activeshield.exe | Active Shield is "an heuristic screen that actively protects your computer from trojans, spyware, adware, trackware, dialers, keyloggers, and even some special kinds of viruses" | No |
| X | ActiveDesktop | systray32.exe | Added by the DABOOM WORM! | No |
| X | ACTIVEDS | ACTIVEDS.EXE | Added by the OPASERV.T WORM! | No |
| N | ActiveEyes | ActiveEyes.exe | ActiveEyes from TFI Technology is a small utility that you can use to liven up your desktop. It follows your mouse around and can tell you how far your cursor has travelled or point out where the cursor is. It's small, it's free and comes with a range of options and animations. Not needed - if unavailable via Start -> Programs, create your own shortcut | No |
| U | ActiveKeys.AAB635BD7D054a37A576 | akeys.exe | "Active Keys is a powerful yet easy-to-use tool for creating and managing keyboard shortcuts for any system action" | No |
| U | ActiveMenu | ActiveMenu.exe | Wild Tangent demo games that come with some HP computers. Unchecking it can prevent the games from running occasionally. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case | No |
| U | ActivePlus | activeplus.exe | Interactive Agents Plugin for Messenger Plus! (MSN Messenger add-on) | No |
| X | ActiveScan Antivirus | ActiveScan.exe | Added by the RBOT-FKQ WORM! | No |
| X | ActiveScript32 | nod.exe | Added by the SOHANA-AJ WORM! | No |
| Y | ActiveShield | mcvsshld.exe | ActiveShield - background scanner for older versions of McAfee VirusScan and the now obsolete McAfee VirusScan Online which scans files in the background as and when they are accessed, including scanning E-mails via the McAfee VirusScan E-mail Scan Module (McVSEscn.exe) | Yes |
| N | ActiveSpeed | AS.exe | Ascentive ActiveSpeed internet optimizer - not recommended, see here and here | No |
| X | ActiveSync | wcescom32.exe | Added by the MANCSYN-E TROJAN! | No |
| N | ActiveWords | AWMonitor.exe | ActiveWords from ActiveWord Systems, Inc. Like macro programs, ActiveWords sits in the background and watches as you type. When it recognizes that you've typed an ActiveWord, it takes the associated action, such as replacing your keystrokes with the text you've defined | No |
| X | ActiveX File Registration Service | filereg.exe | Added by the RBOT-DVD WORM! | No |
| X | ActiveX Streamer | msgfix.exe | Added by the SDBOT.NQ WORM! | No |
| X | ActiveXUpdate | svcss.exe | Added by a variant of the DEDLER.C TROJAN! | No |
| U | Activity | actik.exe | ActivityKey keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| N | ActivSurf | backweb*****.exe | Packard Bell ActivSurf - automatically detects an internet connection and downloads any available updates | No |
| U | ActMaker | ActMak25.exe | "ActMaker mouse and keyboard toolkit can record the daily operation of your computer and reduce your workload. You don't need to do any coding, nor are you required to know a lot about the computer" | No |
| U | ActMaker | ActMaker25.exe | ActMaker mouse and keyboard toolkit can record the daily operation of your computer and reduce your workload | No |
| U | ACTray | ACTray.exe | System Tray access to the ThinkVantage Access Connections connectivity-assistant program for IBM/Lenovo ThinkPad or 3000 Family notebook computers - "allowing users to seamlessly switch between wired and wireless environments, managing security settings, printers, home page and other location-specific settings automatically" | Yes |
| U | Actual Window Manager | ActualWindowManagerCenter.exe | Actual Window Manager from Actual Tools - "an innovative desktop organization application which introduces unconventional window controls and also automatic general window operations making your work more productive, convenient and enjoyable" | No |
| U | Actual Window Minimizer | ActualWindowMinimizerCenter.exe | Actual Window Minimizer - "allows minimizing any window to task tray notification area or to the edge of the screen" | No |
| X | ACTX1 | v1201.exe | Added by the VB.IS TROJAN! | No |
| U | ACU | ACU.exe | Atheros wireless Client Utility | No |
| U | ACU_QSB | ACU.exe | Atheros wireless Client Utility | No |
| U | ACWLIcon | ACWLIcon.exe | Part of the ThinkVantage Access Connections connectivity-assistant program for IBM/Lenovo ThinkPad or 3000 Family notebook computers - "allowing users to seamlessly switch between wired and wireless environments, managing security settings, printers, home page and other location-specific settings automatically." This is the System Tray icon giving notifications of and access to the Wireless Connection Status | Yes |
| U | Ad Arrest | adarrest.exe | Ad Arrest IE popup killer from GameFools | No |
| U | Ad Blocker | blocker.exe | Ad Blocker - blocks popups, and also removes banners, image ads and flash ads | No |
| U | Ad Blocker Pro | Ad Blocker Pro.exe | Ad Away popup and banner remover | No |
| U | Ad Muncher | AdMunch.exe | Ad Muncher removes adverts, pop-ups and general annoyances in your browser, file-sharing and messenger programs. Causes conflicts with Outlook, game sites and web-building applications | No |
| ? | Ad Online Guide | adonlineguide.exe | ?? | No |
| U | Ad-Aware | Ad-Aware.exe | Ad-Aware from Lavasoft - popular spyware/adware removal tool | No |
| X | Ad-Aware | Ad-Aware.exe | Added by the RBOT-ADJ WORM! Note - this is not the popular Ad-Aware spware/adware removal tool and is located in %System% | No |
| X | Ad-Eliminator | ad-eliminator.exe | Ad-Eliminator rogue spyware remover - not recommended, see here | No |
| U | Ad-Muncher | ADMUNCH.EXE | Ad Muncher removes adverts, pop-ups and general annoyances in your browser, file-sharing and messenger programs. Causes conflicts with Outlook, game sites and web-building applications | No |
| U | Ad-Protect | ad-protect.exe | Ad-Protect spyware and spam monitoring tool | No |
| U | Ad-watch | Ad-watch.exe | Part of Lavasoft Ad-aware Plus - realtime spyware-monitor watching your memory and registry for spyware that tries to install or change your system | No |
| U | AD2KClient | AD2KClient.exe | Executable for Active Disk from Iomega - allows software applications to be run directly from an Iomega Zip® disk. Required if you wish the applications to launch on insertion of a disk | No |
| N | Adaptec DirectCD | Directcd.exe | DirectCD primarily allows you to drag and drop files onto a suitably formatted CD-RW disc. Unless you use this on a frequent basis it isn't required and is available via Start -> Programs. Start the program before inserting a DirectCD formatted CD-RW in the drive. A re-boot is recommended if you close Adaptec DirectCD before re-opening it again later | No |
| N | AdaptecDirectCD | Directcd.exe | DirectCD primarily allows you to drag and drop files onto a suitably formatted CD-RW disc. Unless you use this on a frequent basis it isn't required and is available via Start -> Programs. Start the program before inserting a DirectCD formatted CD-RW in the drive. A re-boot is recommended if you close Adaptec DirectCD before re-opening it again later | No |
| X | AdAware | wini.exe | Added by the RBOT-XN WORM! | No |
| U | Adaware Bootup | Ad-aware.exe | Ad-Aware from Lavasoft - popular spyware/adware removal tool | No |
| X | Adaware lptt01 | adaware.exe | RapidBlaster variant (in a "Adaware" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here. Note - this is not the valid Lavasoft Adaware | No |
| X | Adaware ml097e | adaware.exe | RapidBlaster variant (in a "Adaware" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here. Note - this is not the valid Lavasoft Adaware | No |
| U | AdBin | AdBin.exe | AdBin - "Free and easy solution to managing your Window's hosts file. A fun way to block ads" | No |
| X | Add**.exe [* = random char] | Add**.exe [* = random char] | CoolWebSearch/HomeSearch adware - for examples, see this log | No |
| X | Add**32.exe [* = random char] | Add**32.exe [* = random char] | CoolWebSearch/HomeSearch adware - for examples, see this log | No |
| X | AddClass | AddClass.exe | CoolWebSearch Addclass parasite variant | No |
| X | AddClass | [Installation_Path] | Added by the STARTPAGE.F hijacker | No |
| X | AddClass | [path to trojan] | Added by the SECDL-A TROJAN! | No |
| U | AdDelete | AdDelete.exe | Banner advertisment blocker | No |
| X | AdDestroyer | AdDestroyer.exe | Virtual Bouncer - malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove, so definitely qualifies as unsolicited commercial software in itself. It also has an update feature that can download and execute arbitrary code. Warning - choose "custom" uninstall as "automatic" may remove other programs - see here | No |
| X | Additional Guard | WI[random characters].exe | Additional Guard rogue security software - not recommended, removal instructions here | No |
| X | ADDITIONAL Services | pkgadd.exe | Added by a variant of the IRCBOT TROJAN! | No |
| ? | addproxy | addproxy.exe | Related to Adobe Photoshop | No |
| ? | ADG | ADG.exe | SoundBlaster Audigy related? | No |
| N | ADGJdet | ADGJDet.exe | Added with SoundBlaster Live! or Audigy soundcards for headphone autodetection | No |
| Y | adi CleanUp | CleanUp.exe | Utility that only runs once after installing the drivers for Analog Devices SoundMax integrated soundcards to clean-up the files no longer required once the installation is complete. Other programs/drivers may use the same filename for the same purpose. In this case, the file is located in %System% and is listed under the HKLM\RunOnce registry key | Yes |
| Y | adi DSndUp | DSndUp.exe | Utility that only runs once after installing the drivers for Analog Devices SoundMax integrated soundcards. It's exact purpose is unknown at the present time but from the filename it's probably used to configure the default or generic speaker arrangement for the system it's used on | Yes |
| X | aDir | adirss.exe | Added by the SPAMSRV-E TROJAN! | No |
| Y | Adiras | Adiras.exe | ADSL USB modem related | No |
| X | adirka | adirka.exe | Added by the TIBS-QT TROJAN! | No |
| X | AdKiller | AD Defender.exe | Part of the Advanced Spyware Remover rogue spyware remover - not recommended, see here | No |
| X | adlhidp | psncc32.exe | Added by the SLAPER.AI TROJAN! | No |
| X | ADM Library Loader | admlib32.exe | Added by a variant of the SDBOT TROJAN! | No |
| X | Admanager Controller | AdManCtl.exe | Adware, probably a Windupdates variant | No |
| X | Admilli Service | AdmilliServ.exe | Windupdates adware variant | No |
| X | Administrator | svchost.scr | Added by the NOVACAL TROJAN! | No |
| X | Administrator | winlogon.exe | Added by the RUBBLE-C WORM! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup! | No |
| X | Administrator di Dago | Dago.exe | Added by the PUNYA-B WORM! | No |
| X | AdminSoft | sysfile.vbs | Added by the STARGRUB-A WORM! | No |
| ? | ADMTray.exe | admtray.exe | Part of Acer Empowering Technology. What does it do and is it required? | No |
| X | Adobe | Adobe.exe | Added by an unidentified VIRUS, WORM or TROJAN! | No |
| X | Adobe | sysconfig.exe | Added by an unidentified WORM or TROJAN! | No |
| X | adobe | gam.exe | Added by an unidentified WORM or TROJAN! | No |
| X | Adobe | sysbat32.exe | Added by the LOWZONES.T TROJAN! | No |
| X | Adobe | zteam.exe | Added by an unidentified TROJAN! | No |
| N | Adobe Acrobat | READER~1.EXE | Speeds up the time it takes to load the Adobe Reader PDF document reader. "The Speed Launcher quickly opens and closes all of the files that Acrobat or Adobe Reader will use when the application starts. Opening and closing the files allows your virus protection software to check these programs and add them to its list of safe files" - see here. Not required for Adobe Reader to function properly | No |
| N | Adobe Acrobat | Reader_sl.exe | Speeds up the time it takes to load the Adobe Reader PDF document reader. "The Speed Launcher quickly opens and closes all of the files that Acrobat or Adobe Reader will use when the application starts. Opening and closing the files allows your virus protection software to check these programs and add them to its list of safe files" - see here. Not required for Adobe Reader to function properly | Yes |
| X | Adobe Acrobat Distiller Application | acrotray.exe | Added by the RANDEX.DFJ WORM! | No |
| X | Adobe Acrobat Reader CFG | [random filename] | Added by a variant of the RBOT WORM! | No |
| N | Adobe Acrobat Speed Launcher | acrobat_sl.exe | Speeds up the time it takes to load Adobe's Acrobat PDF creation and management tool. From version 7.0 onwards | No |
| N | Adobe ARM | AdobeARM.exe | Adobe Reader Manager (ARM) - update/download manager added with Adobe Reader from version 9.2. Taken from the Adobe user forums - "AdobeARM.exe is a part of new Adobe AcrobatReader updater. If you manage updates yourself, it is absolutely safe to remove it from Run registry" - see here | No |
| X | Adobe Filter Platform | afilterplatform.exe | Added by the RBOT-OP WORM! | No |
| U | Adobe Gamma Loader | Adobe Gamma Loader.exe | Adjusts monitor colours across all programs, including Photoshop. It is needed by some graphics professionals who want their monitor calibrated. Most home users will not need it. In my case I can verify this as Photoshop loads fine | Yes |
| U | Adobe Gamma Loader.exe | Adobe Gamma Loader.exe | Adjusts monitor colours across all programs, including Photoshop. It is needed by some graphics professionals who want their monitor calibrated. Most home users will not need it. In my case I can verify this as Photoshop loads fine | No |
| N | Adobe Photo Downloader | apdproxy.exe | Part of Adobe's Photoshop Album or Photoshop Elements packages - starts each time you connect an external image device to your PC (see here) | No |
| N | Adobe Reader Speed Launch | Reader_sl.exe | Speeds up the time it takes to load the Adobe Reader PDF document reader. "The Speed Launcher quickly opens and closes all of the files that Acrobat or Adobe Reader will use when the application starts. Opening and closing the files allows your virus protection software to check these programs and add them to its list of safe files" - see here. Not required for Adobe Reader to function properly | Yes |
| N | Adobe Reader Speed Launch | READER~1.EXE | Speeds up the time it takes to load the Adobe Reader PDF document reader. "The Speed Launcher quickly opens and closes all of the files that Acrobat or Adobe Reader will use when the application starts. Opening and closing the files allows your virus protection software to check these programs and add them to its list of safe files" - see here. Not required for Adobe Reader to function properly | No |
| N | Adobe Reader Speed Launcher | Reader_sl.exe | Speeds up the time it takes to load the Adobe Reader PDF document reader. "The Speed Launcher quickly opens and closes all of the files that Acrobat or Adobe Reader will use when the application starts. Opening and closing the files allows your virus protection software to check these programs and add them to its list of safe files" - see here. Not required for Adobe Reader to function properly | Yes |
| U | Adobe Reader Synchronizer | AdobeCollabSync.exe | Adobe Synchronizer - installed along with Adobe Reader 8.x. "Synchronizer is a small application that runs in the background, providing synchronization of document reviews and Tracker subscriptions so that your data is available when you need it." See the link for more information | No |
| X | Adobe Reader32 | Acrord32.exe | Added by the RBOT-BLC WORM! Note - this is not the popular Adobe Reader | No |
| U | Adobe Version Cue CS2 | VersionCueCS2Tray.exe | File manager that's part of Adobe Creative Suite 2 - "find files fast, track versions across applications, link files together, and share them in creative collaboration without fear of overwriting someone else's work" | No |
| X | AdobeA | adobes.exe | Added by the FLOOD.BA TROJAN! | No |
| N | AdobeARM | AdobeARM.exe | Adobe Reader Manager (ARM) - update/download manager added with Adobe Reader from version 9.2. Taken from the Adobe user forums - "AdobeARM.exe is a part of new Adobe AcrobatReader updater. If you manage updates yourself, it is absolutely safe to remove it from Run registry" - see here | No |
| X | AdobeFonts | fonts.hta | Browser hijacker - redirecting to Hugesearch.net | No |
| X | AdobeManager | rundtl.exe | Added by the INJECT.IB TROJAN! | No |
| X | adobemgr | adobemgr.exe | Added by the ADCLICKER TROJAN! | No |
| X | AdobeReader | msni.exe | Added by the RBOT.DAO TROJAN! | No |
| X | AdobeReaderPro | msnxpsp.exe | Added by the RBOT-ASK or RBOT-AUS WORMS! | No |
| X | AdobeReaderPro | ntkernell32.exe | Added by the RBOT-ATY WORM! | No |
| X | AdobeReaderPro | msnserve.exe | Added by the SDBOT-AKH WORM! | No |
| X | AdobeReaderPro | updt.exe | Added by the IRCBOT-VQ WORM! | No |
| X | AdobeReaderPro | rruxdkf.exe | Added by the RBOT.ADF BACKDOOR! | No |
| X | AdobeReaderPro | svxhost.exe | Added by a variant of the RBOT WORM - see here | No |
| X | AdobeReaderPro | winslog.exe | Added by a variant of the RBOT WORM! | No |
| X | AdobeReaderPro | lxlfsprrj.exe | Added by the RBOT.BDZ BACKDOOR! | No |
| X | AdobeReaderPro | cbdzfrsl.exe | Added by the RBOT.AZQ BACKDOOR! | No |
| X | AdobeReaderPro | subset.exe | Added by the RBOT.OCU WORM! | No |
| X | AdobeReaderPro | winini.exe | Added by a variant of the RBOT WORM! | No |
| X | AdobeReaderPro | rvdjlefr.exe | Added by the RBOT-CQZ WORM! | No |
| X | AdobeReaderPro | spoolss.exe | Added by the SDBOT-AKZ WORM! | No |
| X | AdobeReaderPro | lssas.exe | Added by the RBOT-CLB WORM! | No |
| X | AdobeReaderPro | msnservex.exe | Added by the RBOT.AKM BACKDOOR! | No |
| X | AdobeReaderPro | msnsrcdv.exe | Added by the INJECT-H WORM! | No |
| X | AdobeReaderPro | chkdisk.exe | Added by the RBOT-BDV WORM! | No |
| X | AdobeReaderPro | service.exe | Added by the RBOT-BCA WORM! | No |
| X | AdobeReaderProfessional | msx64.exe | Added by the RBOT-GAT WORM! | No |
| X | AdobeReaderPros | sysmsn.exe | Added by the RBOT-BGH WORM! | No |
| N | AdobeUpdater | AdobeUpdater.exe | Automatic updater for Adobe software - run manually | No |
| N | AdobeVersionCue | VersionCueTray.exe | "An exclusive feature of the Adobe® Creative Suite, Version Cue™ helps you find files fast, track multiple versions of your files, and share your files for creative collaboration" | No |
| ? | Adobe_ID0EYTHM | VERSIO~2.EXE | Part of an Adobe product. What does it do and is it required? | No |
| X | Adobe_Reader | acrotray.exe | Added by the AGENT-LNS TROJAN! Note that the legitimate Adobe file (if installed) would normally be found in %ProgramFiles%\Adobe%\%ProgramName% (where %ProgramName% is Acrobat 9.0\Acrobat or Acrobat 7.0\Distillr for example) whereas this one is located in %ProgramFiles%\Adobe | No |
| X | adodemaster | adodemaster.exe | Downloader of Korean origin, detected as ADOD.28672 | No |
| X | Adope File Manager | lsasv.exe | Added by an unidentified WORM or TROJAN! | No |
| X | adp | adp.exe | Spyware installed by Net2Phone, Limewire, Cydoor, Grokster, KaZaa, etc | No |
| X | AdPopup | dcf5678.exe | Added by the AGENT-FZ TROJAN! | No |
| X | adprot | adprot.exe | AdBlaster adware | No |
| N | ADQuickAccess | Adtray.exe | After Dark for Windows. Screen saver creation program produced before screen savers became integrated into Win95 | No |
| X | ADriver | windrv.exe | Added by the DELF.WG TROJAN! | No |
| X | AdRoarUpdate | ARUpdate.exe | AdRoar adware updater | No |
| X | AdRotator.Application | [path to csrss.exe] | Added by the SMALL-AQ TROJAN! Note - this worm replaces the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! | No |
| X | AdRotator.Application | services.exe | FakeMessage/AdRotator adware. Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in an "Inetsrv" subfolder | No |
| X | ADS Adware Remover | ADS Adware Remover.exe | ADS Adware Remover, rogue adware remover - not recommended, see here | No |
| X | AdsBlocker | stopAds.exe | AdsBlocker - detected by NOD32 as DIALER.DW! | No |
| U | AdsCleaner | AdsCleaner.exe | "AdsCleaner is a powerful ad blocking software designed to stop ads (block banners ad, kill popup), guard your online privacy" | No |
| U | ADService | ADService.exe | Part of Active Disk from Iomega - allows software applications to be run directly from an Iomega Zip® disk. Required if you wish the applications to launch on insertion of a disk. Appears as a service in XP/Vista and under the "RunServices" registry key in Win98/ME | No |
| U | AdsGone | Adsgone.exe | AdsGone - pop-up stopper | No |
| N | ADSL Diagnostic Tools | mapiicon.exe | System tray access to ADSL modem diagnostic tools. Available via Start -> Programs | No |
| ? | ADSLSYSTEMTRAY | SystemtrayV100B.exe | Apparently Annex A ADSL modem related. What does it do and is it required? | No |
| Y | AdslTaskBar | rundll32.exe stmctrl.dll, TaskBar | ISP software, initializes DSL modem | No |
| X | AdslTaskBars | taskmng.exe | Added by the RBOT-AXZ WORM! | No |
| ? | ADSL_A2 | A2Installed | Associated with an Integrated Telecom Express (ITeX) ADSL driver installation. What does it do and is it required? | No |
| U | adsnwe | adsnwe.exe | EmailSpyMonitor E-mail surveillance software. Uninstall this software unless you put it there yourself | No |
| U | adsnwk | adsnwk.exe | Keylogger Spy Monitor keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| U | adsnws | adsnws.exe | ScreenSpyMonitor surveillance software. Uninstall this software unless you put it there yourself | No |
| U | aDSProcMngr | aDSProcMngr.exe | Part of PC Tools Disk Suite from PC Tools - which "is an all-in-one hard-disk management utility that integrates disk optimization, defragmentation and backup tools in one easy to use package". Proxy (or agent) for the Disk Suite Service. Based upon my experience, if this is disabled it does not appear to adversely affect on-demand or scheduled tasks but has a "U" recommendation as it's function isn't fully known | Yes |
| Y | ADSS | ADSS.exe | ADSS is part of Access Denied security and privacy software (Access Denied Security Server) that monitors power status and provides some other services for Screen Guard. Important to keep its running while using Access Denied | No |
| X | adstartup | automove.exe | Adlogix adware variant | No |
| X | Adstartup | Adstartup.exe | Adlogix adware | No |
| X | AdStatus Service | AdStatServ.exe | WindUpdates AdStatus Service adware | No |
| U | AdSubtract | adsub.exe | AdSubtract blocks ads, cookies, pop-up windows, animations, music, and more. Can be disabled from within AdSubtract. Available via the Start menu. Superseded by Trend Micro AntiSpyware which was subsequently discontinued | No |
| X | adtech2005 | adtech2005.exe | Detected by Kaspersky as the STARTPAGE.AW TROJAN! | No |
| X | adtech2006 | adtech2006.exe | Detected by Kaspersky as the VB.KC WORM! | No |
| X | Adtools Service | AdTools.exe | Windupdates Adware | No |
| ? | ADU | adu.exe | Related to Cisco Aironet wireless products. What does it do and is it required? | No |
| X | AdultX | AdultX.exe | Adult content dialler and hijacker | No |
| X | Adult_Chat | Adult_Chat.exe | Adult content dialler | No |
| X | Adult_Chat1 | Adult_Chat1.exe | Adult content dialler | No |
| X | AdUpdater | sysupudt.exe | Unidentified adware downloader/updater | No |
| U | ADUserMon | ADUserMon.exe | Part of Active Disk from Iomega - allows software applications to be run directly from an Iomega Zip® disk. Required if you wish the applications to launch on insertion of a disk | No |
| X | Advanced DHTML Enable | exo32.exe | Added by the RANCK-FI TROJAN! | No |
| X | Advanced DHTML Enable | [path to trojan] | Added by the AGENT.GLQ TROJAN! | No |
| X | Advanced Internet Protocol | cerf.exe | Added by a variant of the SPYBOT WORM! | No |
| X | Advanced Protection System | advpsys.exe | Added by a variant of the RBOT WORM! | No |
| X | Advanced Spyware Remover | Asr.exe | Advanced Spyware Remover rogue spyware remover - not recommended, see here | No |
| X | Advanced Spyware Remover Pro | Asr.exe | Advanced Spyware Remover rogue spyware remover - not recommended, see here | No |
| U | Advanced SystemCare 3 | AWC.exe | Advanced SystemCare from IObit - "helps protect, optimize, clean, and repair your computer and Registry." The PRO version adds automation, anti-spyware, privacy protection and performance tune-ups | No |
| X | Advanced Tool Checks | advchks.exe | Added by a variant of the RBOT WORM! | No |
| N | Advanced Tools Check | ADVCHK.EXE | Checks when you install a new version of a Norton product that you have uninstalled all previous versions. Serves as a reminder if you forget | No |
| U | Advanced Uninstaller PRO Installation Monitor | monitor.exe | Innovative Solutions Advanced Uninstaller PRO - "easy-to-use suite for uninstalling applications and keeping your computer fast, clean, and in its best shape" | No |
| X | AdvancedCleaner Free | UADC.exe | AdvancedCleaner rogue security software - not recommended | No |
| X | AdVantage | AdVantage.exe | MediaAdVantage adware | No |
| X | advap32 | [path to trojan] | Added by the MUTANT.AT TROJAN! | No |
| X | Advapi | Advapi.exe | Added by the NETDEVIL.12 WORM! | No |
| N | ADVCHK | ADVCHK.EXE | Checks when you install a new version of a Norton product that you have uninstalled all previous versions. Serves as a reminder if you forget | No |
| U | Advertising Killer | Akiller.exe | Advertising Killer - popup stopper | No |
| X | advmon32 | advmon32.exe | Added by a variant of the CRYPTER.C TROJAN! | No |
| U | Adware Agent | adware agent.exe | Adware Agent popup blocker | No |
| X | Adware Spy | AdwareSpy.exe | AdwareSpy rogue adware remover - not recommended | No |
| U | AdwareAlert | AdwareAlert.Exe | Adware program, previously not recommended (see here). It has now been delisted, so make sure you have the latest version | No |
| X | AdwareDelete | adwaredelete.exe | AdwareDelete rogue adware remover - not recommended, removal instructions here | No |
| X | AdwareKiller_schedules | schedules.exe | EAdwareKiller rogue spyware remover - not recommended, see here | No |
| X | AdwareKiller_tray | tray.exe | EAdwareKiller rogue spyware remover - not recommended, see here | No |
| X | AdwareProMFC | Ad-Ware Pro.exe | Ad-Ware Pro rogue security software - not recommended | No |
| X | AdwareProMFC | AntiTrojan Pro.exe | AntiTrojan Pro rogue security software - not recommended. Variant of Ad-Ware Pro | No |
| X | AdwareProtector | AdwareProtector.exe | Part of rogue security tools, including SystemDoctor, ErrorSafe and WinFixer | No |
| X | AdwareRemover2007 | AdwareRemover2007.exe | AdwareRemover2007 rogue security software - not recommended | No |
| X | AdwareSpy | AdwareSpy4.exe | AdwareSpy rogue adware remover - not recommended | No |
| X | Adware_ProNET | Adware_Pro.exe | Adware Pro rogue security software - not recommended, removal instructions here | No |
| X | Adwarz Spy Remover | ADWARZ.EXE | Added by the SPYBOT-EV WORM! | No |
| U | AEFltrs Application | AESTFltr.exe | Part of the XP installation of the AudioCommander user interface for Andrea USB devices - including features such as noise cancellation, graphic equalizer, echo Cancellation and beam forming. The exact purpose of this entry is unknown at present - hence the "U" recommendation | Yes |
| ? | Aeiwlsta.exe | Aeiwlsta.exe | IBM High Rate Wireless LAN Adapter driver. Is it required? | No |
| N | AELaunch | AELaunch.exe | Audio Applications Launcher for the Philips Acoustic Edge soundcard | No |
| X | AERVICESN | AERVICESN.exe | Added by the RANDON-AO WORM! | No |
| U | AESTFltr | AESTFltr.exe | Part of the XP installation of the AudioCommander user interface for Andrea USB devices - including features such as noise cancellation, graphic equalizer, echo Cancellation and beam forming. The exact purpose of this entry is unknown at present - hence the "U" recommendation | Yes |
| N | AeXAgentLogon | AeXAgentActivate.exe | Altiris Agent transmits information about your machine for the purpose of asset management and deployment | No |
| ? | AeXSWDUsr | AeXSWDUsr.exe | Altiris Express NS Client Manager software. Is it required? | No |
| U | AEZBProc | aptezbp.exe | IBM Aptiva keyboard customizer - enables certain special buttons on keyboard for CD operation, volume control, and few quickstart buttons. Keyboard will work without it but you lose the special functions | No |
| U | AFAFilter | windefault.exe | AFAFilter - internet filter software | No |
| X | afmsmsgs | afmsmsgs.exe | Added by the DLOADR-CUX TROJAN! | No |
| X | afskfask8 | fsfjasj8.exe | Added by the ONLINEG-L TROJAN! | No |
| N | AGEIA PhysX SysTray | TrayIcon.exe | System Tray access to display properties for AGEIA PhysX graphics cards. Unless you change your desktop resolution, etc, regularily use Control Panel -> Display Properties or right-click on the desktop | No |
| N | Agent | Agent.exe | Cyberlink's Power VCR II 3.0 is a TV tuner recording utility. If you want to schedule recordings you'll need this, otherwise can be disabled. Available via Start -> Programs | No |
| X | Agent | alsys.exe | Added by the DREF-V VIRUS! | No |
| X | agent | ppl.exe | Added by the DREF-U VIRUS! | No |
| X | Agent Browser | [random filename] | Added by the PPdoor.M-bdr backdoor TROJAN! | No |
| X | Agent Explorer | [random filename] | Unidentified adware | No |
| X | agent.exe | agent.exe | Part of rogue security tools, including Privacy Center, Privacy Components and Control Center | No |
| ? | Agente | Remupd.exe | Part of an older version of Panda Antivirus. Is this an update reminder (guess because of the name), virus definition update reminder or something similar? | No |
| X | agentsvr | agentsvr.exe | Detected by Kaspersky as Monker.A adware. Note - do not confuse with the Microsoft Agent Server application of the same name as described here - the legitimate file will always be located in the Windows\Msagent folder | No |
| U | Agere SoftModem Messaging Applet | AGRSMMSG.exe | Installed with the drivers for internal software modems based upon Lucent/Agere Systems chipsets - required if you use the SoftModem Assistant to configure the modem | Yes |
| U | AgfaCLnk | AgfaCLnk.exe | For Agfa digital cameras connected via USB. Enables Windows to access the contents of the memory stick (while the stick's still on the camera) via a virtual drive | No |
| X | agp | agp32.exe | Added by the GAOBOT.SY WORM! | No |
| U | AGRSMMSG | AGRSMMSG.exe | Installed with the drivers for internal software modems based upon Lucent/Agere Systems chipsets - required if you use the SoftModem Assistant to configure the modem | Yes |
| N | AGSatellite | AGSatellite.exe | Program from AudioGalaxy that lets you download some MP3s from their server. Available via Start -> Programs | No |
| U | ahfp | ahfp.exe | Advanced Hide Folders - "is powerful file security program. It allows to hide folders or hide files. Advanced Hide Folders is very useful to keep your personal data away from others. Others will not know where your personal files exist and they will not be able to accidentally view, delete or modify them either" | No |
| U | ahfprog | ahfp.exe | Advanced Hide Folders - "is powerful file security program. It allows to hide folders or hide files. Advanced Hide Folders is very useful to keep your personal data away from others. Others will not know where your personal files exist and they will not be able to accidentally view, delete or modify them either" | No |
| Y | AHNSD | AhnSD.exe | AhnLab V3 antivirus updater - leave enabled unless you manually update on a regular basis | No |
| ? | AHNUE | AHNUE.exe | ?? | No |
| X | AhorreMemoria | SysRep.exe | AhorreMemoria rogue system error and cleaning utility - not recommended. A member of the ErrClean family | No |
| X | ahost | ahost.exe | Added by a variant of the SDBOT WORM! | No |
| N | AHQInit | ahqinit.exe | Part of AudioHQ for the Soundblaster Live!. Appears as though it makes the AudioHW toolbar drop down from the top of the desktop and isn't required | No |
| X | Ahst | iebs.exe | PurityScan adware | No |
| X | AHU | [path to worm] | Added by the ANACON-B WORM! | No |
| X | AHU | ANACON.EXE | Added by the NACO.A WORM! | No |
| X | ahui32.exe | ahui32.exe | Added by the CERTIF-M TROJAN! | No |
| U | Ai Gear Help | GearHelp.exe | Included with some ASUS motherboards (such as the Maximus Extreme & Striker II Extreme), AI Gear "is a utility designed to configure and support all ASUS EPU (Energy Processing Unit) features." Provides system performance profiles to adjust CPU frequency and voltage for different computing needs. Part of AI Suite | No |
| U | Ai Nap | AiNap.exe | Included with some ASUS motherboards (such as the Maximus Extreme & Striker II Extreme), "AI Nap allows you to minimize the power consumption of your computer whenever you are away. Enable this feature for minimum power consumption and quieter system opearation." Part of AI Suite | No |
| U | Ai Quicker Help | AsRc.exe | ASUS DH Remote media portal launcher for their Digital Home range of motherboards that are designed for users to control the computer at a distance away, such as the M2N DH. "ASUS DH Remote is a convenient PC remote controller that gives users unprecedented control over their PCs from the comfort of their couches" | No |
| X | Aica | tuaa.exe | PurityScan adware | No |
| X | Aida | ttuh.exe | PurityScan adware | No |
| X | Aida | eetu.exe | PurityScan adware | No |
| ? | AidemHotKey | DVMAIN.EXE | Keyboard related | No |
| ? | AidemHotKey | KEYAPP.EXE | Keyboard related | No |
| U | aiepk | aiepk2.exe | Another IE Popup Killer - pop-up stopper | No |
| N | AIM | aim.exe | AOL Instant Messenger. If connected to the internet, automatically runs up AIM. Convenience more than anything. Available via Start -> Programs | No |
| U | AIM | AIM+.exe | AIM plus - a free add-on to AOL's Instant Messenger for Windows from Big-O Software | No |
| X | AIM Instant Message Cookies | [random filename] | Added by the RBOT-AFV WORM! | No |
| N | AIM Logger | AIMLogger.exe | AIM Logger - saves AIM (AOL Instant Messenger) conversations to log files. Can be started when you are using AIM | No |
| X | Aim Plugin | aimplugin.exe | Added by the GUAP-F WORM! | No |
| X | AIM reminder | AIM reminder.exe | Added by the BUDDY.E TROJAN! | No |
| N | Aim6 | AOLLaunch.exe | AOL Instant Messenger - start it when you want to use it | No |
| N | Aim6 | aim6.exe | AOL Instant Messenger - start it when you want to use it | No |
| X | AIM95 Startup | aim95.exe | Added by the AGOBOT.AEE WORM! | No |
| X | aimaol lptt01 | aimaol.exe | RapidBlaster variant (in a "Aimaol" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here | No |
| X | aimaol ml097e | aimaol.exe | RapidBlaster variant (in a "Aimaol" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here | No |
| U | aimb.exe" -h | aimb.exe | IMSufSentinel is a spy program which can record IM conversations, log keystrokes, record URLs visited, and take screenshots. If you didn't install this yourself remove it | No |
| N | AimingClick | AimingClick.exe | AimingClick from AimingTech. Web searching tool. Available via Start -> Programs | No |
| U | AimMonitor | AimMonitor.exe | AIM Monitor Sniffer surveillance software for the AIM instant messenger. Uninstall this software unless you put it there yourself | No |
| U | AIMPro | aimpro.exe | AIM Pro - secure instant messaging, video conferencing, on-line meetings and desktop and file sharing | No |
| N | AIMster | ?? | Peer to Peer (P2P) file sharing client that runs over the AOL Instant Messenger network. Available via Start -> Programs | No |
| N | AIMWDInstall | AIMWDInstall.exe | Version of the WildTangent on-line games installer that came with versions of AOL Instant Messenger. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case | No |
| Y | Aiptek Graphics Tablet (USB) | atwtusb.exe | USB interface for Aiptek Graphics Tablet (USB) | No |
| X | aircity | aircity.exe | Related to "Prutect" malware from e2Give | No |
| U | AirPort Base Station Agent | APAgent.exe | Airport Base Station Agent utility for Apple's AirPort wi-fi basestations. "Wireless solution for home, school, and business. As it blankets your space with a blazing-fast, secure wireless network, it opens up a world of possibilities for home entertainment, backups, printing, and more" | No |
| U | AJC Active Backup | AJCActBk.exe | AJC Active Backup from AJC Software - "Instantly backup files you change on your PC and keep multiple versions to undo" | No |
| X | AKEYNAME | WinServ.exe | Added by the EVILBOT.C TROJAN! | No |
| U | akeys | akeys.exe | "Active Keys is a powerful yet easy-to-use tool for creating and managing keyboard shortcuts for any system action" | No |
| X | akgkagaksad9 | fsakfask9.exe | Added by the ONLINEG-M TROJAN! | No |
| U | AKiller | akiller.exe | Advertising Killer - popup stopper | No |
| U | ala | ala.exe | Access Lock - "an easy-to-use system-tray security utility you can use to secure your desktop when you are away from your computer. Just configure the program, define a password and double click the Access Lock system-tray icon every time you need to disable and hide your desktop." The same program as 1 Click & Lock and Access Controller (and maybe others) - the same file for the same version is used by all programs but the filename is different in each case | Yes |
| U | ala.exe | ala.exe | Access Lock - "an easy-to-use system-tray security utility you can use to secure your desktop when you are away from your computer. Just configure the program, define a password and double click the Access Lock system-tray icon every time you need to disable and hide your desktop." The same program as 1 Click & Lock and Access Controller (and maybe others) - the same file for the same version is used by all programs but the filename is different in each case | Yes |
| U | Alarm Manager | Alarmapp.exe | Palm alarm event reminder that coordinates what is on your Palm with settings on your desktop | No |
| ? | AlarmWatcher | AlarmWatcher.exe | Associated with SynTPEnh and SynTPLpr which are from Synaptics for touchpads on laptops. What does it do and is it required? | No |
| Y | Alaunch | Alaunch | Part of Acer eRecovery - "a powerful utility that does away with the need for recovery disks provided by the manufacturer, and also acts as a versatile standalone backup and recovery manager". This entry isn't normally running but once eRecovery starts it's used to re-install the software included with the system | Yes |
| N | Album Fast Start | ABMTSR.EXE | Scanner software, not required for scanner to work | No |
| ? | AlcFDMonitor | ALCFDRTM.EXE | RealTek related - Real-Time SPDIF-in Monitor for nVidia chipset - is it required in startup? | No |
| ? | ALCFDRTM16 | ALCFDRTM16.com | RealTek related - Real-Time SPDIF-in Monitor for nVidia chipset - is it required in startup? | No |
| X | Alchem | Alchem.exe | ClickAlchemy adware | No |
| U | Alcmtr | ALCMTR.EXE | Realtek Azalia Audio - Event Monitor, installed with the XP/2K drivers for on-board Realtek HD audio codecs. Some users believe that Realtek uses this file in order to gather data about the customer but it's exact purpose is unknown and it doesn't run on an ALC885 based test system or try to access the internet. Some users report problems with their on-board sound if this is disabled - hence the "U" recommendation | Yes |
| X | Alcmtr | Malware Doctor.exe | MalwareDoc rogue security software - not recommended, removal instructions here | No |
| N | Alcohol | Alcohol.exe | Alcohol 120% - "a powerful Windows CD and DVD burning software that makes it easy to create backups of DVDs and CDs. In addition, the program lets you store your most used CDs as images on your computer, so you can call them up at the click of a button". The original can be stored in a safe place and the loading times are significantly reduced as the virtual drive is much faster | No |
| N | Alcohol 120% | Alcohol.exe | Alcohol 120% - "a powerful Windows CD and DVD burning software that makes it easy to create backups of DVDs and CDs. In addition, the program lets you store your most used CDs as images on your computer, so you can call them up at the click of a button". The original can be stored in a safe place and the loading times are significantly reduced as the virtual drive is much faster | Yes |
| N | Alcohol Soft Development Team | axcmd.exe | Part of Alcohol 120% - "a powerful Windows CD and DVD burning software that makes it easy to create backups of DVDs and CDs. In addition, the program lets you store your most used CDs as images on your computer, so you can call them up at the click of a button". This entry automatically re-loads a disk image in the virtual CD/DVD drive on a system reboot | Yes |
| N | Alcohol.exe Autorun | Alcohol.exe | Alcohol 120% - "a powerful Windows CD and DVD burning software that makes it easy to create backups of DVDs and CDs. In addition, the program lets you store your most used CDs as images on your computer, so you can call them up at the click of a button". The original can be stored in a safe place and the loading times are significantly reduced as the virtual drive is much faster | No |
| N | AlcoholAutomount | axcmd.exe | Part of Alcohol 120% - "a powerful Windows CD and DVD burning software that makes it easy to create backups of DVDs and CDs. In addition, the program lets you store your most used CDs as images on your computer, so you can call them up at the click of a button". This entry automatically re-loads a disk image in the virtual CD/DVD drive on a system reboot | No |
| ? | Alcom PCL Capture | FMW_PCAP.EXE | ?? | No |
| U | AlcWzrd | ALCWZRD.EXE | RealTek AlcWzrd Application, installed with the drivers for on-board Realtek HD audio codecs. On an ALC885 based test system it runs only once after the drivers have been installed and the startup entry is then removed. Disabling it appears to have no ill effects but it's exact purpose is unknown - hence the "U" recommendation | Yes |
| U | AlcxMonitor | Alcxmntr.exe | Installed with hardware drivers for a Realtek AC97 audio device. It's believed that Realtek uses this file in order to gather data about the customer. Some users report problems with their on-board sound if this is disabled - hence the "U" recommendation | No |
| X | aldefr ere service | tay0x.exe | Added by the RBOT-XS WORM! | No |
| X | alerter | alerter.exe | MAHA.F spyware | No |
| X | Alevir | Alevir.exe | Added by the OPASERV-A WORM! | No |
| X | AlevirOld | [worm filename] | Added by the OPASERV WORM! | No |
| N | Alexa | alexa.exe | Related to Alexa. Note - collects and stores information about the web pages you view, the data you enter in online forms and search programs and, with versions 5.0 and higher, the products you purchase online whilst using the toolbar. Although Alexa state's they do not attempt to analyze the data it may collect about you to determine who you are, some of your information collected by the software is personally identifiable. Please read the Privacy Policy. Not Recommended | No |
| X | AlexaToolbar | alt.exe | Identified by Ewido Security Suite (Ewido is now part of AVG Technologies) as the DELF.EB TROJAN! | No |
| X | AlfaCleaner | AlfaCleaner.exe | AlphaCleaner is now a stealth install using exploits on unpatched systems. Seen alongside RazeSpyware | No |
| U | AlfaClock Classic | AlfaClock.exe | AlfaClock Free Edition from AlfaSoft Research Labs - "enhances your taskbar clock (tray clock) with fully customizable clock display, alarms, time synchronization and more" | No |
| U | AlfaClock2 | AlfaClock2.exe | AlfaClock2 from AlfaSoft Research Labs -"enhances your tray clock functionality. Of course, you can customize the look, adjusting fonts, colors, backgrounds and more. But, the main goal of this program is to extend your tray clock functionality" | No |
| ? | ALFY Accellerator | AlfyAC~1.exe | ?? | No |
| X | ALG.EXE | iexplorer .exe | Added by the DEMOTRY-B WORM! | No |
| X | ALG32 | ALG32.EXE | Added by the STARTPAGE.K hijacker | No |
| X | algchk.exe | algchk.exe | Detected by Kaspersky as the VB.ATE TROJAN! | No |
| X | ALGU | ALGU.EXE | Added by the CWS-I TROJAN! | No |
| X | ALGU.exe | ALGU.exe | Added by the STARTPAGE.O TROJAN! | No |
| U | ALi5289 | ALi5289.exe | Related to Uli Integrated Drivers from Uli Electronics Inc | No |
| N | Alias SketchBook Snapshot | ALIASS~2.EXE | Screen-capture utility for Alias Sketchbook | No |
| N | AlienAutopsy | Test_BS.exe | Alienware computer technical support software | No |
| Y | ALiSndMgr | ALiSndMg.exe | ALi AC97 Sound driver | No |
| ? | AliUSBfix | GREENMK.exe | May be realted to a USB 2.0 PCI card - the IOgear GIC220OU? | No |
| X | Alive SYstem | scchost.exe | Added by the TOFDROP-B TROJAN! | No |
| X | Alive SYstem | scchostc.exe | Added by the TOFDROP-B TROJAN! | No |
| X | alkasr | ?????.exe | Added by the BALKART TROJAN! | No |
| U | All Aboard Status | stswin.exe | All Aboard! Internet Connection Sharing status icon | No |
| X | All Sea screen saver | TaskTray.exe | Free screensaver, installs lots of foistware - remove it | No |
| X | All Sea web link | FWLink.exe | Free screensaver, installs lots of foistware - remove it | No |
| N | AllerCalc | AllerCalc.exe | AllerCalc is an expression calculator which allows you to directly enter an expression to be evaluated. Can be started manually | No |
| X | Allopassw | [path to trojan] | Added by the RANKY.CU TROJAN! | No |
| U | AllSeeingEye | ase.exe | All-Seeing_Eye security software - "monitors everything that takes place on your computer, and alerts the user as soon as anything suspicious or out-of-the-ordinary is happening, providing the user with alternatives for possible actions" | No |
| U | allSnap | allSnap.exe | "allSnap is a small system tray app that makes all top level windows automatically align like they do in programs such as Winamp or Photoshop" | No |
| U | ALLTEL DSL Check-up Center | matcli.exe | "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". ALLTEL DSL Check-up Center is required to run with the Help and Support program. If you uncheck ALLTEL DSL Check-up Center and then run Help and Support it will add another ALLTEL DSL Check-up Center in the startup menu. If you remove this software in "add/remove programs" some help menus in help and support will not be available. You decide | No |
| U | AllToTray | ALLTOTRAY.EXE | AlltoTray from DNTSoft - minimize any program to your System Tray | No |
| X | ALM | csrss32.exe | Added by the ANACON-D VIRUS! | No |
| X | Alogrithm Link Queue | alq.exe | Added by a variant of the SDBOT WORM! | No |
| U | Alogserv | Alogserv.exe | From McAfee VirusScan for logging scanning activities. In some cases, if left running it can cause CPU % usage to go between 5-95% or go to and stay at 100%. Disabling it impacts on the reported last scan date. It is reported to cause jerky graphics response in many games. As of version 6, this is a critical component of McAfee and disabling it can cause a PC to lock up | No |
| U | ALPass | ALPass.exe | ALPass password manager | No |
| X | alpha | svchost.exe | Added by a variant of the DELF.IT TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! The location of this file varies | No |
| X | AlphaAnt | alpha.exe | Alpha Antivirus rogue security software - not recommended, removal instructions here | No |
| X | AlphaAV | AlphaAV.exe | Alpha Antivirus rogue security software - not recommended, removal instructions here | No |
| Y | Alps Electric USB Server | Monserv.exe | Alps Electric USB Server - required according to this article | No |
| U | AlpsPoint | Apoint.exe | Touchpad software for laptop PC's. For instance it is found on the Panasonic and Sony Vaio machines and allows part of the touchpad to be used for document or Web-page scrolling. Required for proper functioning of the pointing software but not required for the laptop to work | No |
| ? | ALServ | ALServ.exe | Altec Lansing AMS speaker related. What does it do and is it required? | No |
| X | ALTER DATA | [path] repcale.exe [path] beird.exe | Added by the IRCFLOOD.CD TROJAN! Both files are located in %System%\ccdew | No |
| X | Altnet | points manager.exe | Altnet TopSearch adware | No |
| X | AltnetPointsManager | points manager.exe | Altnet TopSearch adware | No |
| U | AltoMB_service | AltoMBsrv.exe | Alto Memory Booster from Alto Software - boost the computers performance via more intelligent and efficient memory management. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mind | No |
| U | ALTOOLS | AccessL.exe | ALTools family of PC utilities | No |
| X | AltPayments | AltPayments.exe | WeirdOnTheWeb adware | No |
| N | ALU Scheduler Service | ALUSchedulerSvc.exe | Symantec LiveUpdate scheduler for programs such as Norton AV or Internet Security | No |
| U | ALUAlert | ALUNotify.exe | Notification reminder for Symantec's LiveUpdate. Leave enabled unless you manually run LiveUpdate on a regular basis | No |
| N | Aluria Security Center | SecurityCenter.exe | Aluria Software's spyware removal tool - we can't really recommend this product as Aluria have recently partnered with WhenU, the well known adware company, see here | No |
| U | Aluria's Pop-Up Stopper | eps.exe | Aluria Pop-Stopper | No |
| N | Aluria's Spyware Eliminator | ASE.exe | Aluria Software's spyware removal tool - we can't really recommend this product as Aluria have recently partnered with WhenU, the well known adware company, see here | No |
| U | AlwaysOnTopMaker | AlwaysOnTopMaker.exe | Always On Top Maker - utilty to enable an application to always be displayed "on top" of others on the desktop | No |
| U | AlwaysReady Power Message APP | ARPWRMSG.EXE | "Away Mode" feature added with Update Rollup 2 for Windows XP Media Center Edition 2005 that allows the computer to appear off to the user while it continues to perform tasks that do not require user input, such as recording television and viewing Media Center Extender sessions. For more information see here | No |
| X | AmazingTens | AmazingTens.exe | Premium rate adult content dialler | No |
| U | AMD PowerNow! | GemBack.exe | AMD PowerNow! - "an innovative solution available on all AMD mobile processor-based notebooks that can effectively increase notebook battery life, while delivering performance on demand" | No |
| Y | amd_dc_opt | amd_dc_opt.exe | AMD Dual-Core Optimizer - "can help improve some PC gaming video performance by compensating for those applications that bypass the Windows API for timing by directly using the RDTSC (Read Time Stamp Counter) instruction" | No |
| N | America Online | aoltray.exe | Adds the AOL icon in the System Tray (*.* denotes version if present) for versions of AOL up to and including 9.0. Start AOL via the desktop or quick launch shortcuts or via Start → All Programs | Yes |
| N | America Online *.* Tray Icon | aoltray.exe | Adds the AOL icon in the System Tray (*.* denotes version if present) for versions of AOL up to and including 9.0. Start AOL via the desktop or quick launch shortcuts or via Start → All Programs | Yes |
| N | AME_CSA | rundll32 amecsa.cpl, RUN_DLL | Loads ADSL modem Control Panel applet | No |
| X | amircivil | svchost.exe… | Added by the AMIRECIVEL WORM! | No |
| U | AModemLockDown | ModemLockDown.exe | ModemLockDown - allows you to supervise internet access by disabling the modem, protects againt dialers accessing dial-up connections, etc | No |
| Y | Amon | AMON.EXE | Monitoring part of Eset's NOD32 virus-scanner | No |
| Y | Amonitor | amon.exe | Tiny Personal Firewall | No |
| U | AMO_Taskplaner.exe | AMO_Taskplaner.exe | Part of Ashampoo® Magical Optimizer from Ashampoo GmbH & Co. KG - which removes stagnant and unnecessary hard drive files, deletes Internet tracks and streamlines the registry by erasing invalid and orphaned entries. The Taskplaner automates this system optimization according to the user defined schedule and gives System Tray access to the main program | Yes |
| U | AMO_TA~1 | AMO_TA~1.EXE | Part of Ashampoo® Magical Optimizer from Ashampoo GmbH & Co. KG - which removes stagnant and unnecessary hard drive files, deletes Internet tracks and streamlines the registry by erasing invalid and orphaned entries. The Taskplaner automates this system optimization according to the user defined schedule and gives System Tray access to the main program | Yes |
| U | AMO_TA~1.EXE | AMO_TA~1.EXE | Part of Ashampoo® Magical Optimizer from Ashampoo GmbH & Co. KG - which removes stagnant and unnecessary hard drive files, deletes Internet tracks and streamlines the registry by erasing invalid and orphaned entries. The Taskplaner automates this system optimization according to the user defined schedule and gives System Tray access to the main program | Yes |
| U | AMP WinOFF | winoff.exe | WinOFF is " a utility designed to shut down Windows computers automatically, in a fully configurable way" | No |
| U | AMSG | Amsg.exe | Part of the IBM ThinkVantage Productivity Center. "The Message Center sends automatic notification on ThinkVantage Technologies integrated with your system. Once you're online" | No |
| X | amsgupdate | ams.exe | Added by a variant of the MAILBOT TROJAN! | No |
| N | AMSN | amsn.exe | aMSN Messenger is a multiplatform MSN messenger clone | No |
| X | amsn | amsn.exe | Added by the BANKER-BNZ TROJAN! | No |
| X | amva | amvo.exe | Added by the SILLYFDC-BR WORM! | No |
| N | Anapod Manager | anamgr.exe | Anapod Explorer from Red Chair Software "is the most advanced Windows iPod® software available, offering iPod® management through full Windows Explorer integration under My Computer" | No |
| X | anbv32 | nabv32.exe | Added by the TITOG.C WORM! | No |
| X | Andware Defence | Zsoft32.exe | Added by the GAOBOT.OO WORM! | No |
| X | angeleyes | msdll.exe | Added by the VB.PI TROJAN! | No |
| Y | ANIWZCS2Service | WZCSLDR2.exe | ALPHA Networks wireless driver | No |
| ? | ANIWZCSService | WZCSLDR.exe | D-Link wireless PCI adapter related. In some cases reported to cause excessive CPU activity | No |
| ? | AnnotateCheck | AnnCheck.exe | Genius Wizard Pen Tablet driver related. Is it required? | No |
| N | Announcements | Annclist.exe | MS WebTV for Windows. Used to display TV on your PC via a compatible video card with in-built tuner (such as ATI All-In-Wonder). If you don't use it - uninstall it | No |
| N | Anntext | Anntext.exe | Caere Pagekeeper text annotation server | No |
| U | AnonymityGateway | Anonymity Gateway.exe | Anonymity Gateway - privacy protection tool that conceals IP address preventing your surfing habits and your internet activity form being tracked by websites or Internet Service Providers | No |
| U | Anonymizer Total Net Shield | AnonTns.exe | Anonymizer Total Net Shield - ID protection and privacy software | No |
| Y | ANONYMIZER_SPYWAREKILLER | SpyWareKiller.exe | Anonymizer Spyware Killer, which was superseded by Anti-Spyware but is now discontinued | No |
| Y | ANONYMIZER_SPYWAREKILLER | AnonAntiSpyware.exe | Anonymizer Anti-Spyware - now discontinued | No |
| U | Another Internet Explorer Popup Killer | aiepk2.exe | Another IE Popup Killer - pop-up stopper | No |
| X | ansjava | [path to worm] | Added by the RANDON-AN WORM! | No |
| X | Anskya | PYSKY.NET.exe | Added by the DLOADER-MW TROJAN! | No |
| X | Answer Problem | dSAFsqs.exe | Added by the SDBOT-SC WORM! | No |
| U | AnswerTool | AnswerTool.exe | AnswerTool - save your E-mail replies in AnswerTool, then reuse them again and again | No |
| X | Anti | Isass.exe | Added by the BROPIA.K WORM! | No |
| X | Anti Spam Service | spamsvc.exe | Added by the MYTOB-BK WORM! | No |
| N | Anti-Blaxx Manager | Anti-Blaxx.exe | Anti-Blaxx - bypass blacklistings from different copy protections bypassing methods like virtual CD or DVD drives | No |
| U | Anti-keylogger check | antikey.exe | Anti-keylogger - protects against keylogger programs monitoring your keystrokes | No |
| U | Anti-Trojan-Watch | ATWatch.exe | Anti-Trojan Watch - trojan detector | No |
| X | Anti-Virus | vpms.exe | Added by a variant of the SLAPER TROJAN! | No |
| X | Anti-Virus | [random filename].exe | Added by the CAPROBAD-A TROJAN! | No |
| X | Anti-Virus Product Sync | [unprintable character][3 characters]log.exe | Added by the KEDEBE.D WORM! | No |
| X | Anti-Virus Update Scheduler | [path to trojan] | Added by the SPAMMIT-A TROJAN! | No |
| X | Anti-Virus Update Scheduler | winsp3.exe | Malware - detected by Kaspersky as the AGENT.FP TROJAN! | No |
| X | Anti-Virus Update Scheduler V1.39.12R | [path to trojan] | Added by the HEPLANE or STAPREW.B TROJANS! - different filenames have been spotted; examples: msvc.exe, kaspersky.exe, nrton.exe, wins.exe, gah32.exe, 1.tmp, syste.exe, alg.exe, socks.exe, winxpsp2.exe, tek9.exe, sks.exe, hihi.exe, s.exe, xps2.exe, dns2.exe, ikav32.exe and more... | No |
| X | AntiAdd.exe | AntiAdd.exe | AntiAdd rogue security software - not recommended, removal instructions here. A member of the AntiAID family | No |
| X | AntiAID | AntiAID.exe | AntiAID rogue security software - not recommended, removal instructions here. There are number of variants in this family sharing the same user interface - see here | No |
| X | AntiClicker | SVCHST32.EXE | Added by the CBH TROJAN! | No |
| U | antidialer.co.uk | Dialer_Watcher.exe | Dialer_Watcher is an application that allows you to detect dialers on your computer | No |
| Y | AntiFreeze | AntiFreeze.exe | AntiFreeze from Resplendence Software Projects - "offers a last recourse when you find your computer in a hung state". If your system has hung and AntiFreeze is running, a hotkey combination will suspend all but critical processes and allow you to save or recover your work | Yes |
| X | antihost | ahr.exe | Added by the BANCBAN-QJ TROJAN! | No |
| X | AntiKeep | AntiKeep.exe | AntiKeep rogue security software - not recommended, removal instructions here. A member of the AntiAID family | No |
| X | AntiKeep.exe | AntiKeep.exe | AntiKeep rogue security software - not recommended, removal instructions here. A member of the AntiAID family | No |
| X | AntiMalware | AntiMalware.exe | AntiMalware rogue security software - not recommended, removal instructions here | No |
| X | AntiMalwareGuard | amg.exe | AntiMalwareGuard rogue security software - not recommended, removal instructions here | No |
| X | AntiMalwareSuite | AMS.exe | AntiMalwareSuite rogue security software - not recommended, removal instructions here | No |
| X | AntiMalware_ProNET | AntiMalware_Pro.exe | AntiMalware Pro rogue security software - not recommended, removal instructions here | No |
| U | AntiPopUp | AntiPopUp.exe | AntiPopUp for IE - pop-up stopper | No |
| X | AntiSpionage | pgs.exe | AntiSpionage, German rogue security software - not recommended. A member of the AVSystemCare family | No |
| X | AntiSpionagePro | pgs.exe | AntiSpionagePro, German rogue security software - not recommended. A member of the AVSystemCare family | No |
| X | antispy | ANTIVIR.exe | IE AntiVirus rogue security software - not recommended, removal instructions here | No |
| X | antispy | ANTIVIRUS.exe | IE AntiVirus rogue security software - not recommended, removal instructions here | No |
| X | antispy | ieav.exe | IE AntiVirus rogue security software - not recommended, removal instructions here | No |
| X | antispy | scan.exe | IE AntiVirus rogue security software - not recommended, removal instructions here | No |
| X | AntiSpy2008 | AntiSpy2008.exe | Antispy 2008 rogue spyware remover - not recommended, removal instructions here | No |
| X | AntiSpyBoss | asb32.exe | AntiSpyBoss rogue security software - not recommended, removal instructions here | No |
| X | AntiSpyCheck | AntiSpyCheck.exe | AntiSpyCheck rogue spyware remover - not recommended, removal instructions here | No |
| X | AntiSpyCheck 2.1 | AntiSpyCheck 2.1.exe | AntiSpyCheck rogue spyware remover - not recommended, removal instructions here | No |
| X | AntiSpyCheck 2.1.0 | AntiSpyCheck.exe | AntiSpyCheck rogue spyware remover - not recommended, removal instructions here | No |
| X | AntiSpyGuard | AntiSpyGuard.exe | AntiSpyGuard rogue security software - not recommended, removal instructions here | No |
| X | AntiSpyKit | AntiSpyKit 5.3.exe | AntiSpyKit rogue spyware remover - not recommended, removal instructions here | No |
| X | AntiSpyKit 5.2 | AntiSpyKit 5.2.exe | AntiSpyKit rogue spyware remover - not recommended, removal instructions here | No |
| X | AntiSpyKit 5.3 | AntiSpyKit 5.3.exe | AntiSpyKit rogue spyware remover - not recommended, removal instructions here | No |
| X | AntiSpyMon | AntiSpyMon.exe | Antispyware Protector rogue security software - not recommended | No |
| X | antispysoldier | antispysoldier.exe | AntiSpyware Soldier rogue spyware remover - not recommended, removal instructions here | No |
| X | AntispySpider | antispyspider.exe | AntiSpySpider rogue spyware remover - not recommended, removal instructions here | No |
| X | AntispyStorm | AntispyStorm.exe | AntispyStorm rogue security software - not recommended, removal instructions here | No |
| X | AntiSpyware | AntiSpyware.exe | AntiSpywareApp rogue spyware remover - not recommended, see here | No |
| X | AntiSpyware Pro | AntiSpyware Pro.exe | AntiSpyware Pro 2009 rogue spyware remover - not recommended, removal instructions here | No |
| X | Antispyware PRO XP | asproxp.exe | AntiSpyware Pro XP rogue spyware remover - not recommended, removal instructions here | No |
| Y | AntiSpyWare2Guard | AntiSpyWare2Guard.exe | Part of Ashampoo® AntiSpyWare 2 from Ashampoo GmbH & Co. KG. This part is the realtime monitor that looks for changes on the users system such as BHO, Winsock LSPs, Windows Hosts file, Autostart entries, etc | Yes |
| X | AntiSpyware3000.exe | antispyware.exe | AntiSpyware 3000 rogue spyware remover - not recommended, removal instructions here | No |
| X | AntiSpywareBot | AntiSpywareBot.exe | AntiSpywareBot rogue spyware remover - not recommended | No |
| X | AntiSpywareControl | pgs.exe | AntiSpywareControl rogue security software - not recommended. A member of the AVSystemCare family | No |
| X | AntispywareD | AntispywareD.exe | AntiSpywareDeluxe rogue security software - not recommended, removal instructions here | No |
| X | AntiSpywareExpert | ase.exe | AntiSpywareExpert rogue security software - not recommended, removal instructions here | No |
| X | AntiSpywareGuard | asg.exe | AntiSpywareGuard rogue spyware remover - not recommended, removal instructions here | No |
| X | AntiSpywareMaster | asm.exe | AntiSpywareMaster rogue security software - not recommended, removal instructions here | No |
| X | AntiSpywareShield | AntiSpywareShield.exe | AntiSpywareShield rogue security software - not recommended, removal instructions here | No |
| X | AntiSpywareSuite | pgs.exe | AntiSpywareSuite rogue security software - not recommended. A member of the AVSystemCare family | No |
| X | AntiSpywareXP 2009 | AntiSpywareXP2009.exe | AntiSpywareXP 2009 rogue spyware remover - not recommended, removal instructions here | No |
| X | AntiTroy | AntiTroy.exe | AntiTroy rogue security software - not recommended, removal instructions here. A member of the AntiAID family | No |
| X | AntiTroy.exe | AntiTroy.exe | AntiTroy rogue security software - not recommended, removal instructions here. A member of the AntiAID family | No |
| X | AntiVer2008 | pgs.exe | AntiVer2008, French rogue security software - not recommended. A member of the AVSystemCare family | No |
| X | AntiVermeans | AntiVermeans.exe | Variant of the Antivermins rogue security software - not recommended, removal instructions here | No |
| X | AntiVermins | AntiVermins.exe | Antivermins rogue security software - not recommended, removal instructions here | No |
| X | AntiVermins 3.0 | AntiVermins 3.0.exe | Antivermins rogue security software - not recommended, removal instructions here | No |
| X | AntiVermins 3.3 | AntiVermins 3.3.exe | Antivermins rogue security software - not recommended, removal instructions here | No |
| X | AntiVerminser | AntiVerminser.exe | Variant of the Antivermins rogue security software - not recommended, removal instructions here | No |
| X | AntiVerminsPro | AntiVerminspro.exe | Antivermins rogue security software - not recommended, removal instructions here | No |
| X | antiviirus | antiviirus.exe | Added by a variant of the AGENT.KEU TROJAN! | No |
| X | Antivir | svchst.exe | Added by the RAGRUK-A TROJAN! | No |
| X | AntiVir | scvhost.exe | Added by the AGENT-DSF TROJAN! | No |
| X | AntiVir | winlog.exe | Added by the IRCBOT-TJ TROJAN! | No |
| X | AntiVir | smss.exe | Added by the DWNLDR-GWE TROJAN! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %ProgramFiles% | No |
| Y | AntiVir XP | AVwin.exe | AntiVir® PersonalEdition Classic - antivirus | No |
| X | Antivir64 | Antivir64.exe | Antivir64 rogue spyware remover - not recommended, removal instructions here | No |
| X | AntiviralGolden | AntiviralGolden.exe | AntiviralGolden rogue security software - not recommended, removal instructions here | No |
| X | AntiVirGear 3.7 | AntiVirGear 3.7.exe | AntiVirGear rogue security software - not recommended, removal instructions here | No |
| X | AntiVirGear 3.8 | AntiVirGear 3.8.exe | AntiVirGear rogue security software - not recommended, removal instructions here | No |
| X | AntiVirProtect | AntiVirProtect.exe | AntiVirProtect rogue security software - not recommended, removal instructions here | No |
| X | Antivirus | av.exe | Added by the SINKIN TROJAN! Resets IE start page to realphx.com | No |
| X | Antivirus | maja.exe | Added by the NETSKY.H WORM! | No |
| X | Antivirus | iexpl0res.exe | Added by an unidentified WORM or TROJAN! | No |
| X | AntiVirus | kaspery.exe | Added by a variant of the RBOT WORM! | No |
| X | AntiVirus | AntiVirus.exe | Added by the BANKER-EHB TROJAN! | No |
| X | Antivirus | Antvrs.exe | AntiVirus 2008 rogue security software - not recommended, removal instructions here | No |
| X | Antivirus | avm.exe | Antivirus Master rogue security software - not recommended, removal instructions here | No |
| X | Antivirus | vav.exe | Vista Antivirus 2008 rogue security software - not recommended, removal instructions here | No |
| X | Antivirus | aav.exe | Advanced Antivirus rogue security software - not recommended, removal instructions here | No |
| X | ANTIVIRUS | AVS.exe | Antivirus Sentry rogue security software - not recommended, removal instructions here | No |
| X | ANTIVIRUS | microAV.exe | Micro Antivirus 2009 rogue security software - not recommended, removal instructions here | No |
| X | Antivirus | MSA.exe | MS Antivirus rogue security software - not recommended, removal instructions here | No |
| X | ANTIVIRUS | UltraAV.exe | Ultra Antivirus 2009 rogue security software - not recommended, removal instructions here | No |
| X | Antivirus | xpa.exe | Xpert Antivirus Enterprise rogue security software - not recommended, removal instructions here | No |
| X | Antivirus | SPP.exe | Spyware Preventer rogue security software - not recommended, removal instructions here | No |
| X | Antivirus 2009 | av2009.exe | AntiVirus'09 rogue security software - not recommended, removal instructions here | No |
| X | Antivirus 2009 plus | Antivirus 2009 plus.exe | AntiVirus Plus rogue security software - not recommended, removal instructions here | No |
| X | Antivirus Agent Pro | aap.exe | Antivirus Agent Pro rogue security software - not recommended, removal instructions here | No |
| X | Antivirus Installer | [path to trojan] | Added by the BADGENT-A TROJAN! | No |
| X | Antivirus PC 2009 | avpc2009.exe | Antivirus PC 2009 rogue security software - not recommended, removal instructions here | No |
| X | Antivirus Pro 2009 | AntivirusPro2009.exe | AntiVirus Plus rogue security software - not recommended, removal instructions here | No |
| X | Antivirus Pro 2010 | AntivirusPro_2010.exe | Antivirus Pro 2010 rogue security software - not recommended, removal instructions here | No |
| X | AntiVirus Process | virprot.exe | Added by a variant of the SDBOT WORM! | No |
| X | Antivirus Protection Services | ccapp2.exe | Added by the RBOT.EXI WORM! | No |
| X | AntiVirus Update | updates.exe | Added by the RBOT-JF WORM! | No |
| X | AntiVirus Update | antivirus.exe | Added by the RBOT-IF WORM! | No |
| X | Antivirus Updates | avupdchk.exe | Added by the AGOBOT-IP WORM! | No |
| X | Antivirus-2008.exe | Antivirus-2008.exe | Antivirus 2008 rogue security software - not recommended. Detected by Sophos as the FAKEAV-BK TROJAN! | No |
| X | antivirus-2008pro.exe | antivirus-2008pro.exe | Antivirus 2008 PRO rogue security software - not recommended. Detected by Sophos as the FAKEAV-AW TROJAN! | No |
| X | Antivirus-Golden | Antivirus-Golden.exe | Antivirus-Golden rogue security software - not recommended | No |
| X | Antivirus.exe | Antivirus.exe | Antivirus rogue security software - not recommended, removal instructions here | No |
| X | Antivirus2008y | antvrs.exe | AntiVirus 2008 rogue security software - not recommended, removal instructions here | No |
| X | antivirus32 | antivirus.exe | Added by the SPYBOT.KAI WORM! | No |
| X | AntivirusBEST | Installer.exe | Installer for the AntivirusBEST rogue security software - not recommended. Removal instructions here | No |
| X | AntivirusBEST | abest.exe | AntivirusBEST rogue security software - not recommended, removal instructions here | No |
| X | AntivirusFiable | pgs.exe | AntivirusFiable, French rogue security software - not recommended. A member of the AVSystemCare family | No |
| X | AntivirusForAll | pgs.exe | AntivirusForAll rogue security software - not recommended. A member of the AVSystemCare family | No |
| X | AntivirusGold | AntivirusGold.exe | AntivirusGold rogue security software - not recommended, removal instructions here | No |
| X | AntivirusGold 5.1 | AntivirusGold 5.1.exe | AntivirusGold rogue security software - not recommended, removal instructions here | No |
| X | AntiVirusLab2009 | AntiVirusLab2009.exe | Antivirus Lab 2009 rogue security software - not recommended, removal instructions here | No |
| X | AntivirusOrdi | pgs.exe | AntivirusOrdi, French rogue security software - not recommended. A member of the AVSystemCare family | No |
| X | AntivirusPCPakke | pgs.exe | AntivirusPCPakke, Danish rogue security software - not recommended. A member of the AVSystemCare family | No |
| X | AntivirusPCSuite | pgs.exe | AntivirusPCSuite rogue security software - not recommended. A member of the AVSystemCare family | No |
| X | Antiviruspertutti | pgs.exe | Antiviruspertutti rogue security software - not recommended. A member of the AVSystemCare family | No |
| X | AntiVirusPro | AntiVirusPro.exe | Anti Virus Pro rogue security software - not recommended | No |
| X | AntiVirusProMFC | Antivirus Pro.exe | AntiVirus Pro rogue security software - not recommended | No |
| ? | AntiVirusProtection | qumk.exe | ?? | No |
| X | AntivirusProtection | antivirusprotection.exe | Antivirus Protection rogue security software - not recommended, removal instructions here | No |
| X | Antivirusscherm | pgs.exe | Antivirusscherm, Dutch rogue security software - not recommended. A member of the AVSystemCare family | No |
| X | AntivirusXP.exe | AntivirusXP.exe | Antivirus XP Pro rogue security software - not recommended, removal instructions here | No |
| X | AntiVirus_ProNET | AntiVirus_Pro.exe | AntiVirusPro rogue security software - not recommended, removal instructions here | No |
| X | AntiVituS | Base.exe | Added by the BAS.A WORM! | No |
| X | antiware | elite***32.exe [*** = random char] | Added by the DLOADER-HW TROJAN! | No |
| U | AntiWindowsMessenger | AntiMsMsg.exe | Anti-Windows_Messenger is a small application that prevents Windows Messenger from remaining resident in memory | No |
| X | AntiWorm2008 | pgs.exe | AntiWorm2008 rogue security software - not recommended. A member of the AVSystemCare family | No |
| X | anti_troj | anti_troj.exe | Malware installed by different rogue security software including SpyKillerPro. Also detected as the LODEAR.D TROJAN! | No |
| U | AnVir | AnVir.exe | AnVir Task Manager - "is a tool that controls everything running on computer and provides Windows enhancements that help in every-day work". Monitors and manages startup programs, processes and services. Also includes system tweaks, security risks, tray icons for monitoring CPU/memory/HDD and other utilities | Yes |
| U | AnVir Security Suite | AnVir.exe | AnVir Security Suite - "is a tool that controls everything running on computer and provides Windows enhancements that help in every-day work". Monitors and manages startup programs, processes and services. Also includes system tweaks, security risks, tray icons for monitoring CPU/memory/HDD and other utilities. This version includes an antivirus scanner and anti-rootkit tool | Yes |
| U | AnVir Task Manager | AnVir.exe | AnVir Task Manager - "is a tool that controls everything running on computer and provides Windows enhancements that help in every-day work". Monitors and manages startup programs, processes and services. Also includes system tweaks, security risks, tray icons for monitoring CPU/memory/HDD and other utilities | Yes |
| U | AnVir Task Manager Free | AnVir.exe | AnVir Task Manager Free - "is a tool that controls everything running on computer and provides Windows enhancements that help in every-day work". Monitors and manages startup programs, processes and services. Also includes system tweaks, security risks, tray icons for monitoring CPU/HDD and other utilities | Yes |
| U | AnVir Task Manager Pro | AnVir.exe | AnVir Task Manager Pro - "is a tool that controls everything running on computer and provides Windows enhancements that help in every-day work". Monitors and manages startup programs, processes and services. Also includes system tweaks, security risks, tray icons for monitoring CPU/memory/HDD and other utilities | Yes |
| U | anvshell | anvshell.exe | System Tray tool for ASUS video cards. If disabled you lose all the ASUS specific video card options in Control Panel -> Display Properties -> Advanced as well as the System Tray shortcuts toolbar | No |
| X | AnvTrgr | AnvTrgr.exe | AntivirusTrigger rogue security software - not recommended, removal instructions here | No |
| U | Any To-Do List | anytodo.exe | Any To-Do List "the ultimate software solution to keep yourself organized and reminded" | No |
| ? | anycom bluetooth | ftflauncher.exe | Associated with an Anycom bluetooth wireless card. What does it do and is it required? | No |
| U | AnyDVD | AnyDVD.exe | AnyDVD - descrambles DVD-Movies automatically in the background and the DVD appears unprotected and region code free. Also removes prohibited operations from the DVD such as skipping adverts - hence the "U" recommendation | No |
| U | AnyDVD | AnyDVDtray.exe | System Tray access to AnyDVD from SlySoft - which descrambles DVD-Movies automatically in the background and the DVD appears unprotected and region code free. Also removes prohibited operations from the DVD such as skipping adverts | No |
| X | anything | ATITAX.exe | Added by the FORBOT-DP WORM! | No |
| U | AnyTime | Atw.exe | AnyTime Organizer Deluxe from Individual Software Inc - "all the tools you need to organize your calendar, to-do list, and address book are combined in a familiar interface with hundreds of printable calendars, detailed expense reports, and a full range of programmable alarms" | No |
| U | AnyTime Organizer | AtDem.exe | AnyTime Organizer Deluxe from Individual Software Inc - "all the tools you need to organize your calendar, to-do list, and address book are combined in a familiar interface with hundreds of printable calendars, detailed expense reports, and a full range of programmable alarms" | No |
| U | AnyTime Organizer | Atw.exe | AnyTime Organizer Deluxe from Individual Software Inc - "all the tools you need to organize your calendar, to-do list, and address book are combined in a familiar interface with hundreds of printable calendars, detailed expense reports, and a full range of programmable alarms" | No |
| N | AO Tray | AOTray.Exe | System Tray application for AOpen soundcards. Can be run manually via Start -> Settings -> Control Panel | No |
| Y | aol | avp.exe | AOL's Active Virus Shield (by Kaspersky) - found in an AOLActive Virus Shield sub-directory | No |
| N | AOL | AOL.exe | Fast Start loads the AOL integrated email, instant messenger and web browser software in the background when you turn on your computer. This feature lets you quickly open AOL | Yes |
| X | AOL 9.0 Optimized | AOLClient.exe | Added by the SPYBOTER.A TROJAN! | No |
| U | AOL Broadband Check-Up | matcli.exe | "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". The AOL Self Support Tool is required to run with the Help and Support program. If you uncheck AOL and and then run Help and Support it will add another AOL entry in the startup menu. If you remove this software in "add/remove programs" some help menus in help and support will not be available. You decide | No |
| U | AOL Companion | companion.exe | The AOL Companion is a small window that appears when you connect to the service using verison 8.0 and early builds of version 9.0. "Use the Companion to quickly get to your favourite features, including your Buddy List, Favourite Places, Address Book, and more!" | Yes |
| X | Aol Configuration Loader | aimsng.exe | Added by the SDBOT-XE WORM! | No |
| N | AOL Fast Start | AOL.exe | Fast Start loads the AOL integrated email, instant messenger and web browser software in the background when you turn on your computer. This feature lets you quickly open AOL | Yes |
| X | AOL Instant Messanger | aim.exe | Added by the SDBOT-YT WORM! Note - this is not the popular AOL Instant Messenger utility | No |
| X | AOL Instant Messengar | aol.exe | Added by the AGOBOT-FN WORM! | No |
| X | AOL Instant Messenger | AlM.EXE | Added by unidentified malware. Note - there ia a lower case "L" between the A and M in the filename | No |
| X | Aol Instant Messenger | aolmsg.exe | Added by the KELVIR.AL WORM! | No |
| X | AOL Instant Messenger | aimsgr.exe | Added by the IRCBOT.N TROJAN! | No |
| X | AOL Instant Messenger 7.213 | aim9283.exe | Added by the SDBOT-ZF WORM! | No |
| X | AOL Instant Messenger dll runtime | MSAOL32dll.exe | Added by the RBOT-ATA WORM! | No |
| X | Aol Instant Messenger Fix | aolfix.exe | Added by the SDBOT-ABJ WORM! | No |
| X | AOL Messenger | [random filename] | Added by an unidentified VIRUS, WORM or TROJAN! | No |
| X | AOL Messenger | aolmsngr.exe | Added by the SDBOT-JF WORM! | No |
| X | AOL Messenger Optimized | AOLOpt.exe | Added by the AOLOPT TROJAN! | No |
| N | AOL Service Libraries | AOLSoftware.exe | Quoted from AOL Beta Team, "Manages a component essential to the operation of most current AOL software, client or not. You should be able to remove it from Startup (it'll just load when Explorer is launched, which will extend load time a bit), but do leave it on your system" | No |
| X | AOL Services Hosts | aolserviceshosts.exe | Added by an unidentified WORM or TROJAN! | No |
| U | AOL Spyware Protection | AOLSP Scheduler.exe | AOL's spyware protection program | No |
| U | AOL TopSpeedMonitor | aoltsmon.exe | AOL's TopSpeed "web-acceleration technology speeds up your web-browsing experience by storing and reusing elements of web pages that you visit, so pages appear much quicker on your next visit". Most important for those users who still access AOL via dial-up. Starts via a registry "RunServices" key on Windows 98/Me and as a service on Windows 2K/XP/Vista | No |
| Y | AolAcsDaemon1 | Acsd.exe | AOL Connectivity Service - automatically restores the connection to AOL should you lose it while online. Negates having to go through the procedure of signing back on manually. This version is obsolete and has been replaced by AOLACSD.EXE so update your version of AOL. Starts via a registry "RunServices" key on Windows 98/Me and as a service on Windows 2K/XP/Vista | No |
| Y | AolAcsDaemon1 | AOLACSD.EXE | AOL Connectivity Service - automatically restores the connection to AOL should you lose it while online. Negates having to go through the procedure of signing back on manually. Starts via a registry "RunServices" key on Windows 98/Me and as a service on Windows 2K/XP/Vista | No |
| ? | AOLCC | ACCAgnt.exe | AOL ISP software related, file located in a "AOL Computer Check-Up" folder. What does it do and is it required? | No |
| X | AolCon | config.com | Added by the TAPLAK WORM! | No |
| N | AOLDialer | AOLDial.exe | AOL ISP software dialer - can be activated through a desktop shortcut | No |
| N | AolFix | AolFix.exe | Run on Gateway Astra computers, and maybe a few others. Designed to repair a bad registry key in Gateway computers that would not allow AOL to run correctly. Not seen much any more and should only run once | No |
| X | AOLRegKey32 | AOREGSVR512.EXE | Unidentified malware - see here | No |
| ? | AOLSAV | AOLAgent.exe | AOL ISP related. What does it do and is it required? | No |
| N | AOLSoftware | AOLSoftware.exe | Quoted from AOL Beta Team, "Manages a component essential to the operation of most current AOL software, client or not. You should be able to remove it from Startup (it'll just load when Explorer is launched, which will extend load time a bit), but do leave it on your system" | No |
| X | AOLStart | AOLStart.exe | Added by the KRAIMER.12 TROJAN! | No |
| X | aolupdater.exe | aolupdater.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | Aornum | aornum.exe | Installed along with iWon Prize Machine. Based upon their privacy statement this can be regarded as spyware | No |
| N | AOTray | AOTray.Exe | System Tray application for AOpen soundcards. Can be run manually via Start -> Settings -> Control Panel | No |
| X | aouei | sysrtmvs.exe | Chivio dialer | No |
| Y | APC UPS Status | Display.exe | APC PowerChute® Personal Edition status icon | No |
| X | APCProtect.exe | APCProtect.exe | APCProtect rogue security software - not recommended, removal instructions here. A member of the AntiAID family | No |
| U | APC_SERVICE | mainserv.exe | APC PowerChute® Personal Edition - "safe system shutdown software with sophisticated power management functions." Appears as a service in XP/Vista and under the "RunServices" registry key in Win98 | No |
| Y | apc_tray | apc_tray.exe | Part of the APC UPS software loaded with the BACK-UPS CS 350 unit. Required to monitor the APC unit in case of power failure | No |
| X | APD123 | APD123.exe | PacerD Media/Pacimedia.com adware | No |
| X | aphex | aphex.exe | Added by the IRCBOT-OH TROJAN! | No |
| X | Api**.exe [* = random char] | Api**.exe [* = random char] | CoolWebSearch/HomeSearch adware - for examples, see this log | No |
| X | Api**32.exe [* = random char] | Api**32.exe [* = random char] | CoolWebSearch/HomeSearch adware - for examples, see this log | No |
| X | API32 | api32.exe | Added by the IRCBOT-B TROJAN! | No |
| X | APIClass | lexplore_.exe | Added by the MSNOPT-A TROJAN! | No |
| X | APIMon | apimonx.exe | Added by the TIBSER.A downloader TROJAN! | No |
| X | APIMon | winapix.exe | Added by a variant of the TIBSER.A downloader TROJAN! | No |
| X | APIMon | msreg.exe | Added by the DROPPER.Z TROJAN! | No |
| X | apisvc.exe | apisvc.exe | Added by a variant of the LAMEBOT TROJAN! | No |
| U | APL | APL.exe | Sage Software's ACT! The application pre-loader (apl.exe) is a self contained executable that pre-loads the necessary .NET framework and ACT! 2005 assemblies. This pre-loading of assemblies enhances ACT! startup, view load and dialog load times in some areas of the application | No |
| ? | Apmsrv9x | APMSRV9X.EXE | Intel AnyPoint Wireless II Home Network related. Now discontinued. What does it do and is it required? | No |
| U | Apoint | Apoint.exe | Touchpad software for laptop PC's. For instance it is found on the Panasonic and Sony Vaio machines and allows part of the touchpad to be used for document or Web-page scrolling. Required for proper functioning of the pointing software but not required for the laptop to work | No |
| X | App**32.exe [* = random char] | App**32.exe [* = random char] | CoolWebSearch/HomeSearch adware - for examples, see this log | No |
| X | App.EXEName | [path to worm] | Added by the BODIRU WORM! | No |
| U | Appcon | vAppCon.exe | Vital Application Console - part of POS-partner 2000 point-of-sale software from Vital. This is the taskbar icon and is enabled at startup by the "Auto-start when OS starts" option. Required for a connection to be established | No |
| X | appconn | appconn.exe | Added by the CARGAO WORM! | No |
| U | AppExtender | AppExtCB.exe | Loads the Confimax add-in for popular E-mail programs to confirm E-mails have been sent and received | No |
| X | appis.exe | appis.exe | Added by the AGENT-BC TROJAN! | No |
| N | AppleSyncNotifier | AppleSyncNotifier.exe | From WinPatrol PLUS by BillP Studios - "This file installs with iTunes and is used when syncing your iPhone, iTouch, iPod, etc." See here for more information | No |
| X | AppletINIT | INITIATE.EXE | Added by the AGOBOT.XV TROJAN! | No |
| Y | Application | mdmsetsp.exe | Aztech Labs modem driver | No |
| X | Application | csrss.exe | Added by the BEAGLE.EG WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | Application Adapter | abvsvc.exe | Added by the CHECKOUT WORM! | No |
| U | Application Explorer | Naldesk.exe | Novell Zenworks Application Explorer Executable. "For almost all users the Novell ZENworks agent (either Application Launcher or Application Explorer) will be run via the user's login script on each successful login. ZENworks is used to periodically deliver software updates and is also used to install the remote management components." | No |
| U | Application Explorer | NalView.exe | Application Explorer - file manager type access to Novell Application Launcher for installing and updating network residing applications | No |
| X | Application In System | Snxmsh.exe | Added by the AGENT-LNV TROJAN! | No |
| N | Application Launcher | Application Launcher.exe | System Tray accesss to Sony Ericsson PC Suite which "connects your phone to your computer and expands the capabilities of your phone". Start manually via the Start Menu (or optional desktop shortcut) before connecting the phone | Yes |
| X | Application Layer Browser | abgsvc.exe | Added by the ULPM.FX TROJAN! | No |
| X | Application Layer Gateway Service | algs.exe | Added by the LINKBOT.M WORM! | No |
| X | Application Layer Scheduler | agtsvc.exe | Added by the IRCBOT.BJJ BACKDOOR! | No |
| X | Application Layer Services | avrsvc.exe | Added by the IRCBOT.BJM BACKDOOR! | No |
| X | Application Manager | acnsvc.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | Application Manager | apnsvc.exe | Added by the SMALLTRO.FN TROJAN! | No |
| X | ApplicationProtocolRun | smsbvl32.exe | Added by the IRCBOT-CX TROJAN! | No |
| U | AppPlus | AppPlus.exe | AppPlus - "menu bar or tray launcher that docks to your desktop, floats or sits in your System Tray. Create graphic/text-based buttons that launch any number of programs, Websites, e-mail addresses or folders (which open in the AppPlus Menu System)" | No |
| Y | Apvxd | APVXDWIN.EXE | Part of Panda Antivirus and Internet Security. Required to enable permanent virus protection | No |
| Y | Apvxdwin | APVXDWIN.EXE | Part of Panda Antivirus and Internet Security. Required to enable permanent virus protection | No |
| Y | APVXDWIN | ClShield.exe | "Panda ClientShield with TruPrevent is designed for companies that want the best protection for their workstations. It protects against viruses and other known and unknown threats including spam, spyware, dangerous or time-wasting content, phishing scams, hackers and intruders" | No |
| Y | Apwheel | Apwheel.exe | Wheel support for an Alps mouse | No |
| X | apyginapygin | simenu.exe | Added by the SDBOT.BTR WORM! | No |
| U | AQ3HelperStartUp | AQ3HEL~1.EXE | ScreenScenes "Aquatica Water Worlds" screensaver. The freeware version comes with GAIN branded ads (pop-ups and others). ScreenScenes do however offer you the option of doing away with the ads by purchasing the screensaver for a whopping $30. Please note that Claria Corporation no longer support GAIN-Supported software - see here | No |
| X | aqadcup.exe | aqadcup.exe | Added by the AGENT.BG WORM! | No |
| Y | Aqua Dock | Aqua Dock.exe | Aqua Dock - 'free program that allows you to have an "OS X" style, nice animated launchbar/taskbar on your screen that reacts to your mouse when you mouse over it. Users can customize the look of each item on the dock and set various animation options for when the mouse is over an item on the dock. It is very easy to configure' | No |
| X | Aqujyjax | [path to file] | Added by the RANCK-CQ TROJAN! | No |
| X | Aqujyjax | aqujyjax.exe | Added by the SDBOT-YC WORM! | No |
| X | ara-key | [random filename] | Added by the ANTINNY WORM! | No |
| ? | ArabLionZ Drive | ArabLionZ.Drive.exe | ArabLionZ Drive - part of ArabLionZ XP Tools. What does it do and is it required? | No |
| Y | ArcaCheck | ArcaCheck.exe | Part of the ArcaVir antivirus suite from Polish company Arcabit. What does this part do? | No |
| X | arcaderockstar | arcaderockstar32.exe | Arcade Rockstar (now Gamevance) - free arcade games and prize tournaments. The program itself is clean, but the TOS and privacy statement say that you agree to allow the program to track/report your surfing and put popup advertising on your computer | No |
| X | Archive | archive.exe | Adware - detected by Kaspersky as the CENTIM.A TROJAN! | No |
| X | ARCHIVE CONTROL | fixupdattr.exe | Added by the MYTOB.GU WORM! | No |
| N | ArcSoft Connect | ACDaemon.exe | Used to serve notice of product information and updates when running ArcSoft products such as TotalMedia, PhotoStudio 6 and Print Creations. Set the associated ArcSoft Connect Daemon (ACService.exe) service to Manual (via Start → Control Panel → Administrative Tools → Services) and run this entry manually via the Start menu when required | Yes |
| N | ArcSoft Connection Service | ACDaemon.exe | Used to serve notice of product information and updates when running ArcSoft products such as TotalMedia, PhotoStudio 6 and Print Creations. Set the associated ArcSoft Connect Daemon (ACService.exe) service to Manual (via Start → Control Panel → Administrative Tools → Services) and run this entry manually via the Start menu when required | Yes |
| N | ARCSolo Recovery | N/A | Backup software by Computer Associates - no longer supported | No |
| U | Ardamax Keylogger | akl.exe | Ardakey keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| N | ares | ares.exe | "Ares is a free open source file sharing program that enables users to share any digital file including images, audio, video, software, documents, etc" | No |
| N | areslite | AresLite.exe | "Ares is a free open source file sharing program that enables users to share any digital file including images, audio, video, software, documents, etc" | No |
| U | Argentum Backup | ab.exe | Argentum Backup - a small backup program that lets you easily back up your documents and folders | No |
| X | Aritima | aritima.exe | Added by the ARITIM WORM! | No |
| X | Arman | [path to worm] | Added by the IRCBOT-TG WORM! | No |
| U | ARMOR2NET | Armor2net.exe | Related to Armor2net personal firewall (possibly contains or is related to a product known as ArmorWall - which is a known rogue, see here - hence the "U" recommendation) | No |
| X | aromis | aromis.exe | Added by the NUWAR.JQ WORM! | No |
| N | AROReminder | aro.exe | Advanced Registry Optimizer - "scan, identify, clean and repair errors in your Windows registry with a single click". Reminder that states that you are in trial mode | No |
| U | Arovax AntiSpyware | arovaxantispyware.exe | Part of Arovax AntiSpyware from Arovax, LLC - that offers an "innovating, powerful, speedy and extremely easy to use Spyware protection program". Runs a system scan when Windows starts and adds a System Tray icon | Yes |
| Y | Arovax Shield | ArovaxShield.exe | Part of Arovax Shield from Arovax, LLC - that "detects and notifies you about all major online threats trying to penetrate your system, isolates & blocks them". Runs the main program in the background and adds a System Tray icon | Yes |
| U | arovaxantispyware | arovaxantispyware.exe | Part of Arovax AntiSpyware from Arovax, LLC - that offers an "innovating, powerful, speedy and extremely easy to use Spyware protection program". Runs a system scan when Windows starts and adds a System Tray icon | Yes |
| Y | ArovaxShield | ArovaxShield.exe | Part of Arovax Shield from Arovax, LLC - that "detects and notifies you about all major online threats trying to penetrate your system, isolates & blocks them". Runs the main program in the background and adds a System Tray icon | Yes |
| U | ARPWRMSG | ARPWRMSG.EXE | "Away Mode" feature added with Update Rollup 2 for Windows XP Media Center Edition 2005 that allows the computer to appear off to the user while it continues to perform tasks that do not require user input, such as recording television and viewing Media Center Extender sessions. For more information see here | No |
| U | Artera | arteraui.exe | Artera Turbo Internet Accelerator - "surf faster, boost download speed". Only required if you find it helps improve your performance | No |
| N | Arucer | rundll32 Arucer.dll,Arucer | Provides support for the Energizer UsbCharger (Energizer UsbCharger.exe) utility that detects and shows the charging status for the Energizer® Duo USB/mains battery charger. This entry will be re-instated the next time you run the main program and is not disabled by deselecting "Launch program automatically" from the program's options | Yes |
| N | Arucer Dynamic Link Library | rundll32 Arucer.dll,Arucer | Provides support for the Energizer UsbCharger (Energizer UsbCharger.exe) utility that detects and shows the charging status for the Energizer® Duo USB/mains battery charger. This entry will be re-instated the next time you run the main program and is not disabled by deselecting "Launch program automatically" from the program's options | Yes |
| ? | AS00 Gear511 | Gear511.exe | Software for Netgear wireless network cards. Unknown whether it is required for the wireless card to run but does not seem to be a resource hog. Not required for laptop to run if the wireless network card will not be used. Is it at all required? | No |
| N | AS00_Gear511 | Gear511.exe | Netgear wireless LAN configuration utility | No |
| U | AS00_WN511B | WN511B.exe | Netgear RangeMax NEXT wireless adapter configuration utility | No |
| ? | AS00_WPN511 | WPN511.exe | NetgearRev MFC Application - software for Netgear wireless network cards - what does it do and is it required in startup? | No |
| X | ASC-AntiSpyware | WinCleaner.exe | WinCleaner 2009 rogue security software - not recommended, removal instructions here | No |
| X | ASC-AntiSpyware | WinAntivirus.exe | Win Antivirus Vista/XP rogue security software - not recommended, removal instructions here | No |
| X | asc32 | asc 2.1.exe | AntiSpyCheck rogue spyware remover - not recommended, removal instructions here | No |
| X | asccacA | asacsqgl.exe | Added by the MULTIDRP.AA TROJAN! | No |
| X | ASDd | ASDd.exe | AntiSpywareDeluxe rogue security software - not recommended, removal instructions here | No |
| X | ASDPLUGIN | dsldbaccess.exe | AsdPlug premium rate adult content dialer | No |
| X | ASDPLUGIN | canada.exe | AsdPlug premium rate adult content dialer | No |
| X | ASDPLUGIN | france.exe | AsdPlug premium rate adult content dialer | No |
| X | ASDPLUGIN | fullgames.exe | AsdPlug premium rate adult content dialer | No |
| X | ASDPLUGIN | 100171be.exe | AsdPlug premium rate adult content dialer | No |
| X | ASDPLUGIN | 100176br.exe | AsdPlug premium rate adult content dialer | No |
| X | ASDPLUGIN | adult1.exe | AsdPlug premium rate adult content dialer | No |
| X | ASDPLUGIN | Austria.exe | AsdPlug premium rate adult content dialer | No |
| X | ASDPLUGIN | belgium_nm.exe | AsdPlug premium rate adult content dialer | No |
| X | ASDPLUGIN | czech.exe | AsdPlug premium rate adult content dialer | No |
| X | ASDPLUGIN | dbaccess.exe | AsdPlug premium rate adult content dialer | No |
| X | ASDPLUGIN | dslgeaccess.exe | AsdPlug premium rate adult content dialer | No |
| X | ASDPLUGIN | Finland.exe | AsdPlug premium rate adult content dialer | No |
| X | ASDPLUGIN | geaccess.exe | AsdPlug premium rate adult content dialer | No |
| X | ASDPLUGIN | mexico.exe | AsdPlug premium rate adult content dialer | No |
| X | ASDPLUGIN | netherlands.exe | AsdPlug premium rate adult content dialer | No |
| X | ASDPLUGIN | turkey.exe | AsdPlug premium rate adult content dialer | No |
| X | ASDPLUGIN | uk_nm.exe | AsdPlug premium rate adult content dialer | No |
| X | ASDPLUGIN | Xadult1.exe | AsdPlug premium rate adult content dialer | No |
| X | ASDPLUGIN | temp532.exe | AsdPlug premium rate adult content dialer | No |
| X | asdsaxcxz13 | dasxcsx13.exe | Added by the LEGMIR-ARF TROJAN! | No |
| X | asdx | xwinrpc32.exe | Added by the AGOBOT.VO WORM! | No |
| N | ASE Scheduler | ASE Scheduler.exe | Aluria Software's spyware removal tool - we can't really recommend this product as Aluria have recently partnered with WhenU, the well known adware company, see here and here | No |
| Y | Ashampoo AntiSpyWare 2 | AntiSpyWare2Guard.exe | Part of Ashampoo® AntiSpyWare 2 from Ashampoo GmbH & Co. KG. This part is the realtime monitor that looks for changes on the users system such as BHO, Winsock LSPs, Windows Hosts file, Autostart entries, etc | Yes |
| Y | Ashampoo AntiSpyWare 2 Guard | AntiSpyWare2Guard.exe | Part of Ashampoo® AntiSpyWare 2 from Ashampoo GmbH & Co. KG. This part is the realtime monitor that looks for changes on the users system such as BHO, Winsock LSPs, Windows Hosts file, Autostart entries, etc | Yes |
| Y | Ashampoo AntiVirus Service | GuardGui.exe | System Tray access to the main user interface for Ashampoo® AntiVirus from Ashampoo GmbH & Co. KG. | Yes |
| U | Ashampoo Core Tuner | ct.exe | Ashampoo® Core Tuner from Ashampoo GmbH & Co. KG - a utility which helps you to get the most out of a multi-processor (or dual core) computer. "For instant results you just need to select Auto-Optimize to optimize all the programs you are running or Boost to give more power to a single program". This entry loads Core Tuner with Windows (required if you use any optimized profiles) and gives System Tray access | Yes |
| Y | Ashampoo FireWall | FireWall.exe | Ashampoo® Firewall FREE from Ashampoo GmbH & Co. KG | Yes |
| Y | Ashampoo FireWall PRO | FireWall.exe | Ashampoo® Firewall PRO from Ashampoo GmbH & Co. KG | Yes |
| U | Ashampoo HDD Control Guard | HDDControlGuard.exe | Part of Ashampoo® HDD Control from Ashampoo GmbH & Co. KG - a hard drive monitoring utility which also incorporates defragmentation and cleaners for browsing history and unnecessary files. This entry loads the Ashampoo HDD Control Guard component on startup which runs in the background and monitors the hard drives and provides System Tray access | Yes |
| U | Ashampoo Magical Defrag | aDefragCtrl.exe | System Tray access to the main user interface for Ashampoo® Magical Defrag from Ashampoo GmbH & Co. KG - which "runs in the background as a service, defragmenting when necessary to keep the hard disk tidy" | Yes |
| U | Ashampoo Magical Optimizer Taskplaner | AMO_TA~1.EXE | Part of Ashampoo® Magical Optimizer from Ashampoo GmbH & Co. KG - which removes stagnant and unnecessary hard drive files, deletes Internet tracks and streamlines the registry by erasing invalid and orphaned entries. The Taskplaner automates this system optimization according to the user defined schedule and gives System Tray access to the main program | Yes |
| U | Ashampoo Magical Optimizer Taskplaner | AMO_Taskplaner.exe | Part of Ashampoo® Magical Optimizer from Ashampoo GmbH & Co. KG - which removes stagnant and unnecessary hard drive files, deletes Internet tracks and streamlines the registry by erasing invalid and orphaned entries. The Taskplaner automates this system optimization according to the user defined schedule and gives System Tray access to the main program | Yes |
| N | ashampoo Magical UnInstall | MagicalUnInstall.exe | Ashampoo® Magical UnInstall from Ashampoo GmbH & Co. KG - which monitors each new program installation, saving a log of the current configuration and using this as a reference to completely uninstall it if you chose to do so at a later date | Yes |
| U | Ashampoo PopUpBlocker | PopUpKiller.exe | Ashampoo popup blocker, part of Magical Security (was Privacy Protector Plus) | No |
| N | ashampoo UnInstaller Watcher | UIWatcher.exe | Part of the Ashampoo® UnInstaller series from Ashampoo GmbH & Co. KG - including UnInstaller Platinum 2, UnInstaller 3 and UnInstaller 4. These monitor and record program installations and allows you to remove them completely, so that no trace is left. This is the installion monitor that sits in the System Tray and detects the launch of installation programs | Yes |
| Y | ashAvast | ashAvast.exe | Part of Avast antivirus | No |
| X | ashcap | servirsess.exe | SpySure spyware | No |
| Y | ashDisp | ashDisp.exe | System Tray access to and notifications for avast! Antivirus - giving left-click access to the On-Access Scanner, right-click access to other options and event notifications | Yes |
| X | ashDsp.exe | ashDsp.exe | Added by a variant of the SDBOT WORM! | No |
| X | ASHLT | Ashlt.exe | Ashlt adware | No |
| Y | ashMaiSv | ashmaisv.exe | E-mail scanning part of avast! Antivirus. Starts via a registry "Run" key on Windows 98/Me and as a service on Windows 2K/XP/Vista | No |
| X | Asia | easm.exe | PurityScan adware | No |
| X | Asicfc | icfca.exe | Added by the AGENT.AAJE WORM! | No |
| U | AsioReg | regsvr32.exe ctasio.dll | ASIO (Audio Stream In/Out) drivers for the SoundBlaster Audigy 2 series soundcards - for recording and home project studios. Required if you use this functionality | No |
| U | AsioThk32Reg | rregsvr32.exe ctasio.dll | ASIO (Audio Stream In/Out) drivers for the SoundBlaster Audigy 2 series soundcards - for recording and home project studios. Required if you use this functionality | No |
| U | ASK | rundll32.exe [path] ASK.dll rdl | Stealth Keylogger keystroke logger/monitoring program - remove unless you installed it yourself! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| X | asl | Aslru.exe | Added by the BANCOS-CU TROJAN! | No |
| U | ASM | ASMonitor.exe | Active Security Monitor from AOL - helps you determine how vulnerable your PC is to computer viruses, spyware and other dangers and learn what steps you can take to improve your protection | No |
| U | Asmw Soft Popups Burner | popups burner.exe | Popup blocker, part of Asmw Soft PC Optimizer | No |
| X | asnconsole | msasn.exe | Added by the RBOT.EVU TROJAN! | No |
| X | ASocksrv | SocksA.exe | Added by the VB.CBW WORM! | No |
| X | asp-srvc | asp-srvc.exe | Added by the AGOBOT-KG WORM! | No |
| X | ASP.NET State Service | csrss.exe | Added by the DLOADER-QI TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | ASP.NET State Service | crsass.exe | Added by the BANLOAD-M TROJAN! | No |
| X | ASP.NET State Service | servicos..exe | Added by the DADOBRA-I TROJAN! | No |
| N | asp4tray | asp4tray.exe | System Tray application for Aureal Vortex based soundcards. Can be run manually via Start -> Settings -> Control Panel | No |
| Y | AspireTimeMachine | acertmb.exe | System recovery software supplied with some Acer notebook PCs. Similar to GoBack and the restore program in WinXP, allowing you to restore a PC back to a working state with minimal re-entry | No |
| X | ASpyC | ASpyC.exe | AntiSpyCheck rogue spyware remover - not recommended, removal instructions here | No |
| X | asrupdate.exe | asrupdate.exe | Added by the VB.ATZ TROJAN! | No |
| X | Ass and titties | CMD32.EXE | Added by the SDBOT-GG BACKDOOR! | No |
| X | assistse | ASSISTSE.EXE | CnsMin (Chinese Keywords) hijacker related | No |
| X | AST | AST | Added by the VB.AH TROJAN! | No |
| X | AST | AST.exe | AutoStarter parasite | No |
| U | ASTART | astart.exe | ASUS TweakEnable - restores manually changed settings for ASUS based video cards such as overclocking. Only required if you use non-standard settings | No |
| X | AStart | AStart | Added by the VB.AH TROJAN! | No |
| N | asTray | Astray.exe | Voyetra Audio Station - part of Voyetra's Ultimate MP3 & CD Manager. MP3 and digital music jukebox/organizer | No |
| N | Astro | Astro.exe | Checks for updates to Quicken on a system reboot | No |
| X | Astrum | Astrum.exe | Astrum Antivirus Pro rogue security software - not recommended, removal instructions here | No |
| X | asus | asus.exe | Added by the RBOT-OC WORM! | No |
| ? | ASUS Camera ScreenSaver | ASScrProlog.exe | Either a valid program on some ASUS laptops - such as the F3 and F5 series or unsafe, according to PREVX and InCode Solutions. Can any ASUS owners with this file confirm? File is located in %Windir% | No |
| N | ASUS Live Update | ALU.exe | ASUS Live Update utility for their motherboards | No |
| N | ASUS Probe | AsusProb.exe | ASUS video card fan/thermal monitor - only required if you overclock your card or live in a hot area | No |
| ? | ASUS Screen Saver Protector | ASScrPro.exe | Either a valid program on some ASUS laptops - such as the F3 and F5 series or unsafe, according to PREVX and InCode Solutions. Can any ASUS owners with this file confirm? File is located in %Windir% | No |
| U | ASUS SmartDoctor | VGAProbe.exe | ASUS video card fan/thermal monitor | No |
| U | ASUS TweakEnable | astart.exe | ASUS TweakEnable - restores manually changed settings for ASUS based video cards such as overclocking. Only required if you use non-standard settings | No |
| N | ASUSGamerOSD | GamerOSD.exe | GamerOSD by ASUSTek - for "real-time overclocking, benchmarking and video capturing in any PC game". Free for ASUS graphics cards, 30-day trial for non-ASUS graphics cards | No |
| N | ASUSKey | V38SHELL.EXE | System tray Icon for quickly changing video modes | No |
| ? | AsusStartupHelp | AsRunHelp.exe | Unknown ASUS motherboard utility. What does it do and is it required? | No |
| X | asussvc | asussvc.exe | Added by the AGENT-FPB TROJAN! | No |
| U | asustweakenable | ATweak.exe | ASUS TweakEnable - restores manually changed settings for ASUS based video cards such as overclocking. Only required if you use non-standard settings | No |
| N | ASUSWebStorage | ASUSWSDashBoard.exe | System Tray access to ASUS Webstorage online backup and sharing utility which is pre-installed on some ASUS systems or available for free (with 1GB available) for others. Disable unless you want to automatically backup and sync your files every time your system starts | Yes |
| N | AsusWSDashBoard | ASUSWSDashBoard.exe | System Tray access to ASUS Webstorage online backup and sharing utility which is pre-installed on some ASUS systems or available for free (with 1GB available) for others. Disable unless you want to automatically backup and sync your files every time your system starts | Yes |
| N | ASWDP | ASWDP.exe | MLS Pulse - real estate software. Keeps the home buyer/seller continually informed on the status of his/her local/regional real estate market | No |
| X | ASWnk | aswnk.exe | Adult content dialler | No |
| U | AT&T Self Support Tool | matcli.exe | AT&T Resolution Assistant. "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, state, etc and gets written to a log file". Resolution Assistant is required to run with the Help and Support program. If you uncheck AT&T Self Support Tool and then run Help and Support it will add another in the startup menu. If you remove Resolution Assistant via add/remove programs some menus in help and support will not be available. You decide | No |
| U | AT-Watch | ATWatch.exe | Anti-Trojan Watch - trojan detector | No |
| X | atapidrv | atapidrv.exe | Added by the AGOBOT-SL WORM! | No |
| U | atchk | atchk.exe | AMT Status Message from Intel. Users can manage this, read the article. See here for more information on Intel AMT | No |
| X | atf.exe | pgs.exe | Part of the PCSecureSystem rogue security software - not recommended. A member of the AVSystemCare family | No |
| X | atf_reinstall | atf.exe | Part of the AVSystemCare rogue security software - not recommended. See here | No |
| U | Athan | Athan.exe | Athan - an application that calculates and reminds the five daily Islamic prayer times for anywhere in the world | No |
| U | ATI 2D Component | Ati2mdxx.exe | Installed with the drivers for some ATI based discrete graphics cards and on-board/mobile chipsets. After testing it's exact function isn't known at this time and it doesn't appear to be running even with the startup entry enabled - hence the "U" recommendation | Yes |
| X | ATI Active Graphics Card Monitor | atievx.exe | Added by the IRCBOT-TL WORM! | No |
| X | ATI AS Filter | msnse.exe | Added by the RBOT-CCY WORM! Note - modifies the HOSTS file by appending numerous lines, preventing access to the virus cleaning websites | No |
| N | ATI CATALYST System Tray | CLI.exe SystemTray | System Tray access to ATI's Catalyst™ Control Center. Note that this has "SystemTray" appended to CLI.exe in the "Command" column of MSCONFIG. Not required to run the control center - which is available via a right-click on the desktop | No |
| U | ATI Desktop Component | ATIPTAXX.EXE | Installed with the drivers for some ATI based discrete graphics cards and on-board/mobile chipsets. Provides System Tray access to display settings (including desktop resolution, color depth and multi-display schemes), help and troubleshooting. Unless you often change your display settings this isn't really required as all the settings are available via the system Control Panel under "Display" | Yes |
| N | ATI DeviceDetect | ATIDtct.EXE | Utility meant for future use of the ATI TV WONDER USB 2.0 video driver and can be disabled | No |
| X | ATI Display | ATIDisplay.exe | Added by the BDOOR-AFH BACKDOOR! | No |
| X | ATI Display Driver | atixd.exe | Added by the RBOT-FOV WORM! | No |
| X | Ati Display Settings | atividx.exe | Added by the RBOT-GAS WORM! | No |
| N | ATI GART Set-up Utility | Atigart.exe | Program that checks the motherboard chipset and determines which GART driver bundle to install on ATI video cards. If you have one, once installed it shouldn't be needed | No |
| U | ATI Launchpad | launchpd.exe | Convenient way to start all your Multimedia Center applications (DVD, Video CD, CD Audio, File Player). You can right-click LaunchPad, and uncheck Load on Startup in the menu | No |
| X | ATI Rage3d Pro | AtiRage4dPro.exe | Added by the AGOBOT-OG WORM! | No |
| Y | ATI Remote Control | ATIRW.exe | ATI Remote Wonder™ - PC wireless remote control driver. Required if you use it | No |
| Y | ATI Remote Control | ATIX10.exe | ATI Remote Wonder™ - PC wireless remote control driver. Required if you use it | No |
| N | ATI Scheduler | Atisched.exe | Component that remains resident in memory and automatically launches the ATI VIDEO PLAYER at a user selected time and date. Delete the shortcut in the Start -> Programs -> Startup folder as well. Functions could re-enable the program to load at start-up and re-introduce the shortcut. Try it and see | No |
| N | ATI Task Application | Atitkad.exe | System Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Start -> Settings -> Control Panel -> Display | No |
| N | ATI Task Application (Atikey) | Atitask.exe | System Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Start -> Settings -> Control Panel -> Display | No |
| U | ATI Technologies Inc. HydraVision Desktop Manager | HydraDM.exe | Part of HYDRAVISION - ATI's software for managing mutliple displays and virtual desktops. This is the HYDRAVISION Desktop Manager - which "customizes the behaviour of windows and dialog boxes, allows you to set up Hotkeys for navigation in multiple display configurations and applies special effects like transparency and shadows to you desktop" | Yes |
| U | ATI Technologies Inc. HydraVision Viewport | HydraMD.exe | Part of HYDRAVISION - ATI's software for managing mutliple displays and virtual desktops. This is HYDRAVISION MultiDesk - which "creates, organizes and arranges up to nine active multi-monitor desktop combinations and allows you to cycle between them with a mouse." There is an optional System Tray icon or a hotkey can be configured to cycle through the desktops | Yes |
| X | ATI Technology Startup | techstart.exe | Added by the RBOT-AEU WORM! | No |
| X | ATI Video Driver Control | atigfx.exe | Added by the RBOT-FWL WORM! | No |
| X | ATI Video Driver Control | btorrent.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | ATI Video Driver Controls | [path to worm] | Added by the SDBOT-DDS WORM! | No |
| X | ATI VIDEO REGKEY | ati2vid.exe | Added by the SDBOT.UR WORM! | No |
| ? | Ati2cwxx | Ati2cwxx.exe | For some ATI video cards. Probably used to access features and may not be required - for example the ATI Radeon works fine without it | No |
| X | Ati2evxx | Ati2evxx.com | Added by the BACKDOOR-CPC TROJAN! | No |
| X | ati2f104 | ati2f104.exe | Added by the DLOADR-BBW TROJAN! | No |
| U | Ati2mdxx | Ati2mdxx.exe | Installed with the drivers for some ATI based discrete graphics cards and on-board/mobile chipsets. After testing it's exact function isn't known at this time and it doesn't appear to be running even with the startup entry enabled - hence the "U" recommendation | Yes |
| N | ATICCC | cli.exe runtime | ATI's Catalyst™ CONTROL CENTER. Required if you want to change graphics settings on a regular basis but you must have internet access and Microsoft's .NET framework installed. Note that this has "runtime" appended to cli.exe in the "Command" column of MSCONFIG. Recommend that start the program manually via Start → Programs → ATI Catalyst Control Center → Advanced → Restart Runtime as it can cause problems when starting Windows | No |
| N | ATICCC | CLIStart.exe | Puts the ATI Catalyst™ Control Center Icon/Shortcut on the System Tray - available via Start → Programs | No |
| X | aticpaxx.exe | aticpaxx.exe | Added by the RBOT-XP WORM! | No |
| U | AtiCwd | AtiCwd.exe | This utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video card | No |
| U | AtiCwd | AtiCwd32.exe | This utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video card | No |
| U | AtiCwd | Ati2cwad.exe | This utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video card | No |
| U | AtiCwd32 | AtiCwd.exe | This utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video card | No |
| U | AtiCwd32 | AtiCwd32.exe | This utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video card | No |
| U | AtiCwd32 | Ati2cwad.exe | This utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video card | No |
| X | AtiDisplayDrv | atidrvxx.exe | Added by the RBOT-VZ WORM! | No |
| X | atidriver | reaIplayer.exe | Added by the WARPIGS-E WORM! Note the uppercase "I" in the filename, rather than a lower case "L" | No |
| N | AtiGart | Atigart.exe | Program that checks the motherboard chipset and determines which GART driver bundle to install on ATI video cards. If you have one, once installed it shouldn't be needed | No |
| N | AtiKey | AtiKey32.exe | System Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Start -> Settings -> Control Panel -> Display | No |
| N | AtiKey | atiptkad.exe | System Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Control Panel → Display | No |
| N | Atikey | Atitask.exe | System Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Start -> Settings -> Control Panel -> Display | No |
| U | ATIMACE | MACE.exe | ATI Technologies Control Centre - installed alongside ATI graphics hardware and provides additional configuration options for these devices in the Managed Access to Catalyst™ Environment (MACE) component | No |
| U | ATIModeChange | Ati2mdxx.exe | Installed with the drivers for some ATI based discrete graphics cards and on-board/mobile chipsets. After testing it's exact function isn't known at this time and it doesn't appear to be running even with the startup entry enabled - hence the "U" recommendation | Yes |
| X | AtiPanel | atip.exe | Added by the TACTSLAY.U TROJAN! | No |
| X | atipatxx | atipatxx.exe | Added by the SMALL-ED TROJAN! | No |
| N | ATIPOLAB | ati2evxx.exe | Hotkey handler for ATI desktop and mobile graphics chipsets. Users report that most of the hotkeys aren't well documented, they aren't therefore used and it can consume lots of CPU resources on some computers. Unless you use the hotkeys leave it disabled. Starts via a registry "Run" key on Windows 98/Me and as a service on Windows 2K/XP/Vista | No |
| U | ATIPOLAB | ati2evae.exe | ATI Polling Program - part of the ATI graphics driver e.g. on some Fujitsu-Siemens Notebooks | No |
| N | ATIPOLL | ati2evxx.exe | Hotkey handler for ATI desktop and mobile graphics chipsets. Users report that most of the hotkeys aren't well documented, they aren't therefore used and it can consume lots of CPU resources on some computers. Unless you use the hotkeys leave it disabled. Starts via a registry "Run" key on Windows 98/Me and as a service on Windows 2K/XP/Vista | No |
| U | AtiPTA | Ati2ptxx.exe | Control panel for the ATI series of video cards allowing access to such features as display resolution, colour depth, etc. Available via Start -> Settings -> Control Panel -> Display. Some users may need it if they have optimised their settings | No |
| U | ATIPTA | ATIPTAXX.EXE | Installed with the drivers for some ATI based discrete graphics cards and on-board/mobile chipsets. Provides System Tray access to display settings (including desktop resolution, color depth and multi-display schemes), help and troubleshooting. Unless you often change your display settings this isn't really required as all the settings are available via the system Control Panel under "Display" | Yes |
| U | AtiPTA | Atiptaab.exe | Control panel for the ATI series of video cards allowing access to such features as display resolution, colour depth, etc. Available via Start → Settings → Control Panel → Display. Some users may need it if they have optimised their settings | No |
| U | AtiPTAAA | Ati2ptxx.exe | Control panel for the ATI series of video cards allowing access to such features as display resolution, colour depth, etc. Available via Start -> Settings -> Control Panel -> Display. Some users may need it if they have optimised their settings | No |
| U | AtiPTAAA | ATIPTAXX.EXE | Installed with the drivers for some ATI based discrete graphics cards and on-board/mobile chipsets. Provides System Tray access to display settings (including desktop resolution, color depth and multi-display schemes), help and troubleshooting. Unless you often change your display settings this isn't really required as all the settings are available via the system Control Panel under "Display" | No |
| U | atiptaxx | Ati2ptxx.exe | Control panel for the ATI series of video cards allowing access to such features as display resolution, colour depth, etc. Available via Start -> Settings -> Control Panel -> Display. Some users may need it if they have optimised their settings | No |
| U | ATIPTAXX | ATIPTAXX.EXE | Installed with the drivers for some ATI based discrete graphics cards and on-board/mobile chipsets. Provides System Tray access to display settings (including desktop resolution, color depth and multi-display schemes), help and troubleshooting. Unless you often change your display settings this isn't really required as all the settings are available via the system Control Panel under "Display" | Yes |
| X | atiptext | atiptext.exe | Added by the COSIAM-A TROJAN! | No |
| U | AtiQiPcl | AtiQiPcl.exe | Used for hardware DVD decoding on ATI video cards supporting this feature. Not required unless you regularly play DVD's | No |
| Y | ATIRmtWndr | ATIX10.exe | ATI Remote Wonder™ - PC wireless remote control driver. Required if you use it | No |
| U | ATISmart | ati2s9ag.exe | ATI's "SMARTGART", which is included with the Catalyst™ drivers. When the system boots, it runs a couple of bus tests & tries to apply the most stable settings | No |
| U | AtiSound | csrss.exe | WinSpy surveillance software. Uninstall this software unless you put it there yourself. Note - this is not the same file as the csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "ComRoot" subfolder | No |
| X | atisrc2 | windfind.exe | Added by the WINDFIND-A TROJAN! | No |
| X | ATITech | Active.exe | Added by the ROAMER-A TROJAN! | No |
| U | atitray | atitray.exe | ATI Tray Tools - allows quick access to ATI graphics card settings | No |
| U | AtiTrayTools | atitray.exe | ATI Tray Tools - allows quick access to ATI graphics card settings | No |
| X | atiupdate | ATIUPDATE5.EXE | Added by the DEBESKI.A TROJAN! | No |
| X | atiupdate | msshed32.exe | Added by the DELF.EP downloader TROJAN! | No |
| X | ATIUpdater | atiupdxx.exe | Added by the RBOT-ABX WORM! | No |
| X | Atiupdpl | atiupdpl.exe | Added by the SMALL.AOS TROJAN! | No |
| X | ativopen | ativopen.exe | Premium rate adult content dialler | No |
| Y | ATIX10 | atix10.exe | ATI Remote Wonder™ - PC wireless remote control driver. Required if you use it | No |
| U | ATKMEDIA | DMEDIA.EXE | Driver for the media buttons on the front of some Asus laptops, such as Forward,back,stop,pause etc | No |
| X | Atl**.exe [* = random char] | Atl**.exe [* = random char] | CoolWebSearch/HomeSearch adware - for examples, see this log | No |
| X | Atl**32.exe [* = random char] | Atl**32.exe [* = random char] | CoolWebSearch/HomeSearch adware - for examples, see this log | No |
| X | ATM Control | adpn.exe | Added by the MMS.A WORM! | No |
| N | ATnotes | atnotes.exe | Loads the ATnotes program for virtual sticky notes for your desktop. Available via Start -> Programs | No |
| U | Atomic Time Synchronizer | TimeSync.exe | TimeSync - lets you synchronize your computer's clock with any internet atomic clock | No |
| X | Atomic-x27 | Atomic-x27.exe | Added by the KATOMIK-A WORM! | No |
| X | Atomic-x27C | AtomicpartC.exe | Added by the KATOMIK-A WORM! | No |
| U | Atomic.exe | Atomic.exe | Atomic Clock Sync - synchronizes your computer's time with the NIST time server | No |
| N | Atomica | atomica.exe | Atomica runs from the System Tray and allows the user to find out more about a word or phrase on any screen by pointing at it with the mouse and clicking button one while holding down the Alt key | No |
| U | AtomicTime | ATOMICTIME.EXE | AtomicTime - utility that synchronizes your PC clock to an atomic clock | No |
| U | Atrack | atrack.exe | New feature of Norton Internet Security (NIS) and Norton Personal Firewall (NPF) 3.0 is the Alert Tracker, an instant notification feature. The Alert Tracker displays information about events as they happen. This way, when a rule has been triggered or an access to the Internet made, you know about it immediately rather than finding out about it when you check your logs or notice that the NIS icon indicates a security alert | No |
| U | Atray | Atray.exe | Active Tray is a utility which lets you configure the system tray. You can also create your own tray icons | No |
| U | ATSpooler | AppsTraka.exe | DeskTopScout keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| U | ATTBroadbandUpdate | SAUpdate.exe | Big Brother from Quest Software. System and network monitor | No |
| U | ATTRedUpdate | AutoUpdate.exe | Additional item added to start-ups after AT&T took over the now bankrupt Excite@home high-speed internet service. Included for automatically downloading and installing updates. Leave it unless you plan to regularly run it to check for updates | No |
| X | AttuneClientEngine | attune_ce.exe | Aveo Attune automated helpdesk software - adware/spyware | No |
| X | AttuneContentUpdater | attune_cu.exe | Aveo Attune automated helpdesk software - adware/spyware | No |
| X | AttuneDiscovery | attune_di.exe | Aveo Attune automated helpdesk software - adware/spyware | No |
| X | Attunel | Attunel.exe | Aveo Attune automated helpdesk software - adware/spyware | No |
| X | AttuneSystray | attune_st.exe | Aveo Attune automated helpdesk software - adware/spyware | No |
| N | aTuner | atuner.exe | aTuner - tweak tool for GeForce based graphics cards | No |
| Y | atwtusb | atwtusb.exe | USB interface for Aiptek Graphics Tablet (USB) | No |
| X | AtxBrw | Iexplor.exe | "Pop Marketing" adware | No |
| U | au | DealioAu.exe | Dealio Toolbar is a free shopping comparison toolbar that allows users to search for a wide range of consumer products | No |
| U | AU Agent | AUagent.exe | Au Agent from Zilab Software. Win2K/NT enhancement tool. Allows you to run applications under any security context without closing the whole logon session to process a new logon | No |
| X | au.exe | au.exe | Added by the BEAGLE.B WORM! | No |
| Y | AUCBPNP | aucbnpn.exe | Adaptec USB CardBus Safe-Eject - driver for the Adaptec USB 2.0 CardBus which provides USB 2.0 ports for laptop users via a PCMCIA card slot | No |
| X | Aucompat | Aucompat.exe | Added by the GEMA TROJAN! | No |
| X | Audcntr | audcntr.exe | Added by the GEMA TROJAN! | No |
| ? | AudCtrl | RunDll32 AudCtrl.dll, RCMonitor | Audio control panel? | No |
| X | audi32 | audi32.exe | Added by the RANCK-FL TROJAN! | No |
| X | AUDIO | SOUND.exe | Added by the PLOYB-A TROJAN! | No |
| X | Audio Device Manager | winfp.exe | Added by the IRCBOT-XS WORM! | No |
| X | Audio Device Manager | WinNT.exe | Added by the IRCBOT.USP BACKDOOR! | No |
| X | Audio Device Manager | WNDXP.exe | Added by the IRCBOT.AJL BACKDOOR! | No |
| X | Audio Device Manager | sfhgj.exe | Added by the IRCBOT-ZA BACKDOOR! | No |
| X | audiocfg.exe | audiocfg.exe | Added by the VB.ATE WORM! | No |
| X | Audiocntl | audiocntl.exe | Added by a variant of the CRYPTER.C TROJAN! | No |
| N | AudioCommander | AudioCommander.exe | System Tray access to the AudioCommander user interface for Andrea USB devices - including features such as noise cancellation, graphic equalizer, echo Cancellation and beam forming | Yes |
| N | AudioCommander Application | AudioCommander.exe | System Tray access to the AudioCommander user interface for Andrea USB devices - including features such as noise cancellation, graphic equalizer, echo Cancellation and beam forming. This entry is taken from the XP version of Windows Defender | Yes |
| N | AudioCommanderVista | AudioCommander.exe | System Tray access to the AudioCommander user interface for Andrea USB devices - including features such as noise cancellation, graphic equalizer, echo Cancellation and beam forming. This entry is taken from the registry "Run" key in the Vista version | Yes |
| N | AudioDeck | ADeck.exe | ADeck.exe is a system tray application for VIA's sound cards which offers quick access to a number of sound card related items | No |
| X | Audiodrv | audiodrv.exe | Added by the CRYPTER-C TROJAN! | No |
| U | AudioDrvEmulator | DLLML.exe AudDrvEm.dll | Related to Creative DLL Module Loader for the Sound Blaster X-Fi (and maybe others). This program is non-essential process to the running of the system, but should not be terminated unless suspected to be causing problems | No |
| N | AudioHQ | Ahqtb.exe | For Creative Soundblaster Live! series soundcards. System tray application for SB Live! functions. Available via Start -> Programs | No |
| X | AudioHQ | audiohq.exe | Added by the BANKER-EHK TROJAN! | No |
| N | AudioHQU | AHQTBU.EXE | System Tray application installed with the drivers for Creative Labs SoundBlaster Live! Can be run from Start -> Programs | No |
| X | audioinf | audioinf.exe | Added by a variant of the CRYPTER.C TROJAN! | No |
| X | AudioMan | Explorer.sm1 | Added by the HUPIGON.IFZ BACKDOOR! | No |
| X | audlmne32 | dcmsxe.exe | Added by the MAILBOT-CF TROJAN! | No |
| X | Audoi Device Loader | smssv.exe | Added by the AGOBOT-ZY WORM! | No |
| X | augmsg | AUGMSG.EXE | Added by the SPYBOT-CO WORM! | No |
| X | auloadplx | mplprogsm.exe | Added by the SLAPER.K TROJAN! | No |
| X | AUNPS2 | RUNDLL32 AUNPS2.DLL, _Run@16 | AUNPS adware | No |
| X | aupd | symcsvc.exe | Added by the ABWIZ.D TROJAN! | No |
| X | aupd | sysvcs.exe | Added by the ABWIZ.C TROJAN! | No |
| X | aupd | sywsvcs.exe | Added by the ORSE-M TROJAN! | No |
| Y | Aureal A3D Interactive Audio | sa3dsrv.exe | For Aureal based 3D soundcards. A3D sound features won't work with this disabled | No |
| Y | Aureal A3D Interactive Audio Init | A3dInit.exe | For Aureal based 3D soundcards. A3D sound features won't work with this disabled | No |
| U | Auslogics BoostSpeed | boostspeed.exe | System Tray access to Auslogics BoostSpeed system optimization utility - which allows you to "Start programs faster. Speed up computer start time. Increase Internet speed, optimize your Internet Explorer, Firefox and E-mail programs" | Yes |
| U | Auslogics BoostSpeed 4 | boostspeed.exe | System Tray accesss to Auslogics BoostSpeed 4 system optimization utility - which "Start programs faster. Speed up computer start time. Increase Internet speed, optimize your Internet Explorer, Firefox and E-mail programs" | Yes |
| X | ausvc | ausvc.exe | Added by the AUTOUPDER TROJAN! | No |
| X | Auth Starter Ident | startauth.exe | Added by the RBOT-WP WORM! | No |
| Y | Authentic-ID Toolbar | wintmr.exe | System Tray access to Child Control parental control software by Salfield | No |
| Y | Authentic-ID Toolbar | rundll32.exe [path] ToolbarATL.dll, LoadTrayIcon | Authentic-ID Toolbar - website authentication utility. Warns you when a site is recognized for phishing or isn't authentic, for example | No |
| X | authz | authz.exe | Added by an unidentified VIRUS, WORM or TROJAN! | No |
| X | auto | win32.exe | Added by the SMALL!SD5 TROJAN! | No |
| X | auto | auto.exe | Added by the DOQ.GEN.Y BACKDOOR! | No |
| X | Auto CD-ROM Startup | cdaccess.exe | Added by the SPYBOT.BLA WORM! | No |
| U | Auto EPSON PictureMate Deluxe on X | E_FATI9TA.EXE | Epson Status Monitor 3 for the PictureMate Deluxe compact photo printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus C45 Series on X | E_S4I3T1.EXE | Epson Status Monitor 3 for the Stylus C45 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus C48 Series on X | E_S10IC2.EXE | Epson Status Monitor 3 for the Stylus C48 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus C48 Series on X | E_S4I091.EXE | Epson Status Monitor 3 for the Stylus C48 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus C60 Series on X | E_S10IC2.EXE | Epson Status Monitor 3 for the Stylus C60 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus C62 Series on X | E_S10IC2.EXE | Epson Status Monitor 3 for the Stylus C62 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus C64 Series on X | E_S4I2C1.EXE | Epson Status Monitor 3 for the Stylus C64 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus C82 Series on X | E_S0HIC1.EXE | Epson Status Monitor 3 for the Stylus C82 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus C84 Series on X | E_S4I2D1.EXE | Epson Status Monitor 3 for the Stylus C84 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus C87 Series on X | E_FATIABL.EXE | Epson Status Monitor 3 for the Stylus C87 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus CX3200 on X | E_S10IC2.EXE | Epson Status Monitor 3 for the Stylus CX3200 printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus CX3600 Series on X | E_FATI9BE.EXE | Epson Status Monitor 3 for the Stylus CX3600 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus CX3700 Series on X | E_FATIACP.EXE | Epson Status Monitor 3 for the Stylus CX3700 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus CX3800 Series on X | E_FATIACA.EXE | Epson Status Monitor 3 for the Stylus CX3800 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus CX4200 Series on X | E_FATIAEA.EXE | Epson Status Monitor 3 for the Stylus CX4200 Series printer - for monitoring printer status, checking ink levels, etc, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus CX4500 Series on X | E_FATI9AP.EXE | Epson Status Monitor 3 for the Stylus CX4500 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus CX4600 Series on X | E_FATI9AA.EXE | Epson Status Monitor 3 for the Stylus CX4600 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus CX4800 Series on X | E_FATIADA.EXE | Epson Status Monitor 3 for the Stylus CX4800 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus CX5000 Series on X | E_FATIBVA.EXE | Epson Status Monitor 3 for the Stylus CX5000 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus CX5400 on X | E_S4I2G1.EXE | Epson Status Monitor 3 for the Stylus CX5400 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus CX5500 Series on X | E_FATICAP.EXE | Epson Status Monitor 3 for the Stylus CX5500 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus CX6000 Series on X | E_FATIBIA.EXE | Epson Status Monitor 3 for the Stylus CX6000 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus CX6400 on X | E_S4I2L1.EXE | Epson Status Monitor 3 for the Stylus CX6400 printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus CX6600 Series on X | E_FATI9EE.EXE | Epson Status Monitor 3 for the Stylus CX6600 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus CX6600 Series on X | E_FATI9EA.EXE | Epson Status Monitor 3 for the Stylus CX6600 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus CX7400 Series on X | E_FATICDA.EXE | Epson Status Monitor 3 for the Stylus CX7400 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus CX7800 Series on X | E_FATIAFA.EXE | Epson Status Monitor 3 for the Stylus CX7800 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus CX9400Fax Series on X | E_FATICFA.EXE | Epson Status Monitor 3 for the Stylus CX9400Fax Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus D78 Series on X | E_FATIBGE.EXE | Epson Status Monitor 3 for the Stylus D78 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus D88 Series on X | E_FATIABE.EXE | Epson Status Monitor 3 for the Stylus D88 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus DX3800 Series on X | E_FATIACE.EXE | Epson Status Monitor 3 for the Stylus DX3800 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus DX4800 Series on X | E_FATIADE.EXE | Epson Status Monitor 3 for the Stylus DX4800 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus DX6000 Series on X | E_FATIBIE.EXE | Epson Status Monitor 3 for the Stylus DX6000 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus Photo 1400 Series on X | E_FATIBUA.EXE | Epson Status Monitor 3 for the Stylus Photo 1400 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus Photo 820 Series on X | E_S10IC2.EXE | Epson Status Monitor 3 for the Stylus Photo 820 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus Photo R1800 on X | E_FATI9LA.EXE | Epson Status Monitor 3 for the Stylus Photo R1800 printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus Photo R200 Series on X | E_S4I2H1.EXE | Epson Status Monitor 3 for the Stylus Photo R200 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus Photo R200 Series on X | E_S4I0H2.EXE | Epson Status Monitor 3 for the Stylus Photo R200 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus Photo R220 Series on X | E_FATIAIE.EXE | Epson Status Monitor 3 for the Stylus Photo R220 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus Photo R2400 on X | E_FATI9SA.EXE | Epson Status Monitor 3 for the Stylus Photo R2400 printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus Photo R2400 on X | E_FATI9SE.EXE | Epson Status Monitor 3 for the Stylus Photo R2400 printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus Photo R260 Series on X | E_FATIBNA.EXE | Epson Status Monitor 3 for the Stylus Photo R260 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus Photo R280 Series on X | E_FATICKA.EXE | Epson Status Monitor 3 for the Stylus Photo R280 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus Photo R300 Series on X | E_S4I2F1.EXE | Epson Status Monitor 3 for the Stylus Photo R300 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus Photo R300 Series on X | E_S4I0F2.EXE | Epson Status Monitor 3 for the Stylus Photo R300 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus Photo R320 Series on X | E_FATI9FA.EXE | Epson Status Monitor 3 for the Stylus Photo R320 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus Photo R340 Series on X | E_FATIAJE.EXE | Epson Status Monitor 3 for the Stylus Photo R340 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus Photo R800 on X | E_FATI9YE.EXE | Epson Status Monitor 3 for the Stylus Photo R800 printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus Photo RX420 Series on X | E_FATI9CE.EXE | Epson Status Monitor 3 for the Stylus Photo RX420 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus Photo RX500 on X | E_S4I2K1.EXE | Epson Status Monitor 3 for the Stylus Photo RX500 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus Photo RX600 on X | E_S4I2M1.EXE | Epson Status Monitor 3 for the Stylus Photo RX600 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus Photo RX680 Series on X | E_FATICJA.EXE | Epson Status Monitor 3 for the Stylus Photo RX680 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus Photo RX700 Series on X | E_FATI9IA.EXE | Epson Status Monitor 3 for the Stylus Photo RX700 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus Pro 7600 on X | E_S10IC2.EXE | Epson Status Monitor 3 for the Stylus Pro 7600 printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| X | Auto File System Conversion Utility | scricon.exe | Added by the SDBOT.EYB WORM! | No |
| X | auto repair system | qualityx.exe | Added by an unidentified WORM or TROJAN - probably a SPYBOT variant | No |
| U | Auto Run Software for Photo Frame | PhotoManager.exe | Management software for Philips digital PhotoFrame range. Used to edit photos and transfer them directly from a PC via a USB cable. Start manually when you connect the device | Yes |
| X | Auto Start | dosin.exe | Added by the SDBOT-GO BACKDOOR! | No |
| X | Auto Start | sndvol32.exe | Added by the SLINBOT.AX BACKDOOR! | No |
| X | Auto Start | windos.exe | Added by the SLINBOT.BO BACKDOOR! | No |
| U | Auto Switch | TASKBAR.exe | Related to 2-port Bitronics AutoSwitch kit from Belkin | No |
| N | Auto T Bar | autotbar.exe | If you disable the HP VIEW toolbar in IE and rearrange the toolbars on a reboot they will be back as they were before if this is left enabled | No |
| X | Auto Updat | WindowsSys32.exe | Added by a variant of the FORBOT WORM! | No |
| X | Auto updat | crcss.exe | Added by the SDBOT.AAG WORM! | No |
| X | Auto updat | SysDebug.exe | Added by the FORBOT-BA WORM! | No |
| X | Auto Update | AUP.exe | Added by an unididentified WORM or TROJAN! | No |
| X | Auto Update | dma.exe | Added by the RBOT-AVO WORM! | No |
| X | Auto Update | svchost.exe | Added by the DUMARDI-A TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | Auto Updater | asclt.exe | Added by the SLINBOT.CJ BACKDOOR! | No |
| X | Auto Updates | svchost.exe | Added by the CHEUKO-A TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | Auto WinUpdate | taskmrg.exe | Added by the RBOT-AFA WORM! | No |
| X | AutoAdministrator | SERVICES.EXE | Added by the PUNYA-A WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Root%\Application Data\WINDOWS | No |
| U | Autobar | autobar.exe | Connect buttons on the keyboard for internet direct access, etc. on HP computers | No |
| N | AutoCAD | acstart17.exe | Preloads part of AutoCAD into disk cache at startup to speed up the launch of the main program when needed. Not required as most AutoCAD users tend to either open the program once and leave it open or open it occasionally to check drawings | Yes |
| N | AutoCAD Startup Accelerator | acstart16.exe | Preloads part of AutoCAD into disk cache at startup to speed up the launch of the main program when needed. Not required as most AutoCAD users tend to either open the program once and leave it open or open it occasionally to check drawings | No |
| N | AutoCAD Startup Accelerator | acstart17.exe | Preloads part of AutoCAD into disk cache at startup to speed up the launch of the main program when needed. Not required as most AutoCAD users tend to either open the program once and leave it open or open it occasionally to check drawings | Yes |
| X | autochk | rundll32.exe autochk.dll,_IWMPEvents@16 | Added by the OPACHKI.A TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "autochk.dll" file is found in %System% | No |
| X | autochk | rundll32.exe protect.dll,_IWMPEvents@16 | Added by the OPACHKI.A TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "protect.dll" file is found in %UserProfile% | No |
| U | autoclk | autoclk.exe | Autoclik is a Windows utility "that allows you to perform all mouse activity with absolutely no clicking" | No |
| X | AutoDiscovery/AutoPurge (ADAP) Service | wmiadapi.exe | Added by the RBOT.FLT WORM! | No |
| N | AutoEA | Ahqrun.exe | For Creative Soundblaster Live! series soundcards. Specify for any audio application what audio preset to automatically associate with currently active speaker output. Available via AudioHQ | No |
| X | AUTOEXE | AUTOEXE.exe | Added by the SEMAPI-A WORM! | No |
| X | autoload | cftmon.exe | Added by the SOCKS-E WORM! | No |
| X | autoload | spooll.exe | Added by the SILLYFDC WORM! | No |
| X | autoload | windowsupdate.exe | Added by the POLYCRYP.DY TROJAN! | No |
| X | autoload | spool.exe | Added by the AGENT-GSG TROJAN! | No |
| X | Autoloaderaproposclient | Apropos_Client_Loader.exe | AproposMedia adware | No |
| X | Autoloaderaproposclient | cxtpls_loader.exe | AproposMedia adware | No |
| X | AutoLoaderEnvoloAutoUpdater | auto_update_loader.exe | Envolo/AproposMedia adware updater | No |
| N | AutoMate Task Service | automate.exe | Task scheduler for Unisyn Automate 4 task automation/macro running software. Available via a desktop shortcut or Start → Programs | No |
| U | AutoMate5 | Am5HkWnd.exe | "Automate is the Leading Software for Automation of front and back-office business processes.It provides all the tools necessary to completely automate business processes, regardless of their complexity" | No |
| U | AutoMate6 | AMEM.exe | AutoMate 6 for automating repetitive tasks | No |
| X | Automated Windows Updates | wauclt.exe | Added by the GAOBOT.AJD WORM! | No |
| X | Automatic Defrag Manager | defrag.exe | Added by the RBOT-AKE WORM! | No |
| X | Automatic Media Update | CACHE.RVD | Added by an unidentified WORM/TROJAN! | No |
| X | Automatic Media Update | HPLNT32.RVD | Added by an unidentified WORM/TROJAN! | No |
| X | Automatic Microsoft Windows Updater | suchost.exe | Added by the RBOT-EQ WORM! | No |
| X | Automatic Updates | algs.exe | Added by the IRCBOT-AAM TROJAN! | No |
| X | Automatic Windows Updater | Update.exe | Added by the GAOBOT.AO WORM! | No |
| N | Automatically launches the United Devices Agent when you start your computer | UD.EXE | The United Devices Agent can recycle your PC's unused resources and use them to perform valuable scientific and medical research without disturbing your usual computer use - similar to SETI@home but for medical research. Available via Start > Programs | No |
| X | autoMe | wscript.exe solution.vbs | Added by the VBS.SASAN WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted. The "solution.vbs" file is found in %Windir% | No |
| X | Autopdate | Autopdate.exe | Added by the RBOT-AGL WORM! | No |
| N | AUTOPROP | REGPROP.EXE WMPADDIN.DLL | Both the files are in the MS Office/Bots/FP_WMP directory. Apparently, it registers the FrontPage WiMP extension | No |
| X | AutoProtect | AutoProtect.vbs | Added by the KILLBAT-C WORM! | No |
| X | AUTOPROTECTU | navapq32.exe | Added by an unidentified WORM or TROJAN! | No |
| X | autorepair | dexs.exe | Added by a variant of the SDBOT WORM! | No |
| X | autorn | autorn.exe | Added by the SILLYFDC.BCY WORM! | No |
| U | Autoroute SMTP | AutoSmtp.exe | Autoroute SMTP - "automatic switching between SMTP servers depending on what network you are currently working in." You need to have two Internet service providers | No |
| X | autorun | autorun.exe | Added by the AUTOM-B WORM! | No |
| X | autorun | sxs.exe | Added by the SMALLVBS-A WORM! | No |
| X | autorun | winmain.exe | Added by a variant of the DELF.CNS TROJAN! | No |
| X | AutoRun | allrs.exe | Added by the MUDROP.LJ TROJAN! | No |
| X | autorundemo | [path to trojan] | Added by the AGENT-FPX TROJAN! | No |
| X | AUTORUN_VAL | AntiSpyCheck 2.1.exe | AntiSpyCheck rogue spyware remover - not recommended, removal instructions here | No |
| X | AUTORUN_VAL | asc 2.1.exe | AntiSpyCheck rogue spyware remover - not recommended, removal instructions here | No |
| ? | AutoShutdown | pssvc.exe | Utility to fix vCard Export in MS Outlook 2000 - although why are these together? | No |
| U | AutoSizer | AUTOSIZER.EXE | AutoSizer - utility that automatically maximizes windows when they're opened | No |
| N | AutoSpell | autospel.exe | AutoSpell - spell checker (version 6.*) | No |
| N | AutoSpell 5 | ASWATC32.EXE | AutoSpell - spell checker | No |
| U | AutoSys | autosys.exe | Winguardian surveillance software. Uninstall this software unless you put it there yourself | No |
| N | autotbar | autotbar.exe | If you disable the HP VIEW toolbar in IE and rearrange the toolbars on a reboot they will be back as they were before if this is left enabled | No |
| N | AutoTKit | AUTOTKIT.EXE | On HP PC's. Unclear what purpose it serves - but there's a known issue with Internet Explorer Toolbar settings not being saved with it enabled | No |
| N | autoupd | autoupd.exe | Raxco Software Auto Update utility."Used to keep your software up-to-date" | No |
| X | autoupd | autoupd.exe | Added by an unidentified VIRUS, WORM or TROJAN! - found in a folder of the same name | No |
| X | autoupdate | rundll32 DATADX.DLL,SHStart | Added by a variant of the QOOLOGIC TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "DATADX.DLL" file is found in %System% | No |
| X | autoupdate | rundll32 SUPDATE.DLL,SHStart | Added by a variant of the QOOLOGIC TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "SUPDATE.DLL" file is found in %System% | No |
| X | AutoUpdate | smss.exe | Added by WINSPY.88! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\debug64 | No |
| X | Autoupdate Service | kaka.exe | Added by the SYMPE-B TROJAN! | No |
| X | Autoupdate Service | [path to trojan] | Added by the AGENT-CB TROJAN! | No |
| X | AutoUpdate32 | services.exe | Added by WINSPY.88! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\debug64 | No |
| X | AutoUpdater | aupdate.exe | Tinybar variant | No |
| X | AutoUpdater | AutoUpdate.exe | PeopleonPage foistware | No |
| X | autoupdatev2 | [path to file] | Added by the DROPPER-BM TROJAN! | No |
| X | autoupdatev2 | autoupdatev2.exe | Detected by Kaspersky as the AGENT.FQ TROJAN! | No |
| X | AutoVirusProtection | ciscv.exe | Added by a variant of the RBOT WORM! | No |
| X | auto__antiav__key | antiav_exe.exe | Added by the BAGLEDI-AA TROJAN! | No |
| X | auto__hloader__key | hloader_exe.exe | Added by the BAGLE.AB TROJAN! | No |
| X | aux.exe | aux.exe | Added by the ZINS TROJAN! | No |
| X | auxAudioDevice | aux32.exe | Added by the AIZU WORM! | No |
| N | AUXXTRAY | au30setp.exe | System Tray application for Aureal Vortex based soundcards. Can be run manually via Start -> Settings -> Control Panel | No |
| X | AV | UPDATE-28062004.exe[25 blank spaces].vbs | Added by the MIDFIN WORM! | No |
| X | AV | Antivir.exe | Antivir rogue security software - not recommended, removal instructions here | No |
| X | av | expressav.exe | Express Antivirus 2009 rogue security software - not recommended, removal instructions here | No |
| X | AV AntiSpyware | ava.exe | AV AntiSpyware rogue security software - not recommended, removal instructions here | No |
| X | AV Care | AvCare.exe | AvCare rogue security software - not recommended, removal instructions here | No |
| X | AV Client | patch31345.exe | Added by the MYDOOM.AD WORM! | No |
| X | AV Industry | patch31345.exe | Added by the MYDOOM.AD WORM! | No |
| X | AV UpDate | Update.exe | Added by the FUROOT-A TROJAN! | No |
| N | AvaFind | AvaFind.exe | AvaFind file search utility | No |
| X | AVantivirus | Avconsol.exe | Added by the MSNVB-D WORM! | No |
| X | avast | troyan.exe | Added by the SMALL.CZ TROJAN! | No |
| Y | Avast! | ashServ.exe | Main part of avast! Antivirus - including the resident protection, virus chest and scheduler. Starts via a registry "Run" key on Windows 98/Me and as a service on Windows 2K/XP/Vista | No |
| Y | avast! | ashDisp.exe | System Tray access to and notifications for avast! Antivirus - giving left-click access to the On-Access Scanner, right-click access to other options and event notifications | Yes |
| Y | avast! Antivirus | ashDisp.exe | System Tray access to and notifications for avast! Antivirus - giving left-click access to the On-Access Scanner, right-click access to other options and event notifications | Yes |
| Y | avast! Web Scanner | Ashwebsv.exe | Web scanning part of avast! Antivirus. Starts via a registry "Run" key on Windows 98/Me and as a service on Windows 2K/XP/Vista | No |
| Y | Avast32 | Astart32.exe | Part of Avast! anti-virus software | No |
| X | avc | avmon.exe | Added by an unidentified TROJAN! | No |
| U | AvconsoleEXE | Avconsol.exe | From McAfee VirusScan up to version 4.x and Dr Solomon's VirusScan. Used to schedule regular scans. If you don't have scans scheduled you don't need it | No |
| X | Avengine | Avengine.com | Added by the DELF.LJ TROJAN! | No |
| X | AveoAttune | atmdlusr.exe | Aveo Attune automated helpdesk software - adware/spyware | No |
| U | AVFX Engine | StartFX.exe | Advanced Video FX - supported by a number of Creative Web Cameras. "Have more fun by adding a wide range of special effects and backgrounds to your video chat with Advanced Video FX" | No |
| X | AvG | svchost323.exe | Added by the RBOT-ZA WORM! | No |
| Y | AVG Anti-Spyware | avgas.exe | System Tray access to and notifications for AVG Anti-Spyware 7.5. This has now been superseded by AVG Anti-Virus which includes Anti-Spyware | Yes |
| Y | AVG Anti-Virus system | avgcc.exe | System Tray access to and notifications for the 7.* series of anti-virus products from AVG Technologies. If this entry is disabled, the core product functions will work properly but you will lose quick access to the Control Center and miss notifications of potential problems and updates | Yes |
| Y | AVG Anti-Virus System | avgemc.exe | E-mail scanner for the 7.* series of anti-virus products from AVG Technologies. This process scans incoming and outgoing E-mails for viruses and other malware. From version 7.1 onwards this entry only appears in 9x/Me as a startup entry, it loads as a service in 2K and higher | Yes |
| Y | AVG Anti-Virus System | avgw.exe | This entry is included with the 7.* series of anti-virus products from AVG Technologies. Once installed (or on first run for a different user) it runs the configuration sequence to set up the product and doesn't run on subsequent restarts | Yes |
| X | Avg Antivirus | icpldrvx.exe | Added by the BANKER.BYU TROJAN! | No |
| X | AVG AntiVirus Scanner | avgscnx.exe | Added by the SILLYFDC.BBE WORM! Note - this is not a legitimate AVG entry | No |
| X | AVG AntiVirus Updater | avgwusv.exe | Added by the SILLYFDC.BAX WORM! Note - this is not a legitimare AVG entry | No |
| X | AVG Grisoft Updater | updater.exe | Added by the AGOBOT-OT WORM! | No |
| Y | AVG IDS | AVGIDSUI.exe | System Tray access to and notifications for AVG Identity Protection - identity theft prevention which is available as a stand-alone product or included with AVG Internet Security. "Always-on identity theft prevention for Windows from one of the world's most trusted security companies. Shop and ensure safe surfing of the web, make yourself secure in the knowledge that your passwords, account information, credit card numbers, social security numbers and other valuables are safe from identity thieves." It also loads the background activity monitoring process (AVGIDSMonitor.exe) | Yes |
| U | AVG Internet Security | avgtray.exe | System Tray access to and notifications for the range of internet security products from AVG Technologies - including Internet Security, Anti-Virus and their free products such as Anti-Virus Free and LinkScanner®. If this entry is disabled, the core product functions will work properly but you will lose quick access to the main window and miss notifications of potential problems and updates | Yes |
| Y | AVG7_AMSVR | AVGAMSVR.EXE | This is the AVG7 Alert Manager for the 7.* series of anti-virus products from AVG Technologies. It is essential for both scheduled activities (such as automatic updates and scans) and for displaying alerts and reports via the Control Center (avgcc.exe). Appears in 9x/Me as a startup entry and as a service in 2K and higher | No |
| Y | AVG7_CC | avgcc.exe | System Tray access to and notifications for the 7.* series of anti-virus products from AVG Technologies. If this entry is disabled, the core product functions will work properly but you will lose quick access to the Control Center and miss notifications of potential problems and updates | Yes |
| Y | AVG7_EMC | avgemc.exe | E-mail scanner for the 7.* series of anti-virus products from AVG Technologies. This process scans incoming and outgoing E-mails for viruses and other malware. From version 7.1 onwards this entry only appears in 9x/Me as a startup entry, it loads as a service in 2K and higher | Yes |
| Y | AVG7_Run | avgw.exe | This entry is included with the 7.* series of anti-virus products from AVG Technologies. Once installed (or on first run for a different user) it runs the configuration sequence to set up the product and doesn't run on subsequent restarts | Yes |
| U | AVG8_TRAY | avgtray.exe | System Tray access to and notifications for the 8.* series of internet security products from AVG Technologies - including Internet Security, Anti-Virus and their free products such as Anti-Virus Free and LinkScanner®. If this entry is disabled, the core product functions will work properly but you will lose quick access to the main window and miss notifications of potential problems and updates | Yes |
| U | AVG9_TRAY | avgtray.exe | System Tray access to and notifications for the 9.* series of internet security products from AVG Technologies - including Internet Security, Anti-Virus and their free products such as Anti-Virus Free and LinkScanner®. If this entry is disabled, the core product functions will work properly but you will lose quick access to the main window and miss notifications of potential problems and updates | Yes |
| Y | avgamsvr.exe | Avgamsvr.exe | This is the AVG7 Alert Manager for the 7.* series of anti-virus products from AVG Technologies. It is essential for both scheduled activities (such as automatic updates and scans) and for displaying alerts and reports via the Control Center (avgcc.exe). Appears in 9x/Me as a startup entry and as a service in 2K and higher | No |
| Y | avgas | avgas.exe | System Tray access to and notifications for AVG Anti-Spyware 7.5. This has now been superseded by AVG Anti-Virus which includes Anti-Spyware | Yes |
| Y | avgcc | avgcc.exe | System Tray access to and notifications for the 7.* series of anti-virus products from AVG Technologies. If this entry is disabled, the core product functions will work properly but you will lose quick access to the Control Center and miss notifications of potential problems and updates | Yes |
| Y | avgcc32 | avgcc32.exe | System Tray access to and notifications for the 6.* (and maybe earlier) series of anti-virus products from AVG Technologies. Also enables scheduled tests, Outlook E-mail plug-in and automatic updates | No |
| Y | AVGCtrl | AVGCtrl.exe | Part of AntiVir® PersonalEdition Classic antivirus | No |
| Y | avgemc | avgemc.exe | E-mail scanner for the 7.* series of anti-virus products from AVG Technologies. This process scans incoming and outgoing E-mails for viruses and other malware. From version 7.1 onwards this entry only appears in 9x/Me as a startup entry, it loads as a service in 2K and higher | Yes |
| Y | avgfwsrv | AVGFWSRV.EXE | Integrated firewall for the 7.* series of anti-virus products from AVG Technologies. Protects the users computer from outside attacks, typically from the internet. Starts via a registry "RunServices" key on Windows 98/Me and as a service on Windows 2K/XP/Vista | No |
| Y | AVGIDS | AVGIDSUI.exe | System Tray access to and notifications for AVG Identity Protection - identity theft prevention which is available as a stand-alone product or included with AVG Internet Security. "Always-on identity theft prevention for Windows from one of the world's most trusted security companies. Shop and ensure safe surfing of the web, make yourself secure in the knowledge that your passwords, account information, credit card numbers, social security numbers and other valuables are safe from identity thieves." It also loads the background activity monitoring process (AVGIDSMonitor.exe) | Yes |
| Y | AVGIDSUI | AVGIDSUI.exe | System Tray access to and notifications for AVG Identity Protection - identity theft prevention which is available as a stand-alone product or included with AVG Internet Security. "Always-on identity theft prevention for Windows from one of the world's most trusted security companies. Shop and ensure safe surfing of the web, make yourself secure in the knowledge that your passwords, account information, credit card numbers, social security numbers and other valuables are safe from identity thieves." It also loads the background activity monitoring process (AVGIDSMonitor.exe) | Yes |
| Y | avgmsvr.exe | avgmsvr.exe | AVG Anti-Virus 7.0 related | No |
| Y | AVGnt | AVGnt.exe | AntiVir® PersonalEdition Classic antivirus. System Tray icon and control program | No |
| Y | Avgserv9.exe | Avgserv9.exe | Background monitoring and scanning for the 6.* (and maybe earlier) series of anti-virus products from AVG Technologies when running on 9x/Me. Loaded from the "RunServices" registry key | No |
| U | avgtray | avgtray.exe | System Tray access to and notifications for the range of internet security products from AVG Technologies - including Internet Security, Anti-Virus and their free products such as Anti-Virus Free and LinkScanner®. If this entry is disabled, the core product functions will work properly but you will lose quick access to the main window and miss notifications of potential problems and updates | Yes |
| Y | AVGuard | AVGuard.exe | AntiVir® PersonalEdition Classic antivirus. Background task which scans files transparently | No |
| Y | AVG_CC | avgcc32.exe | System Tray access to and notifications for the 6.* (and maybe earlier) series of anti-virus products from AVG Technologies. Also enables scheduled tests, Outlook E-mail plug-in and automatic updates | No |
| Y | AVG_EMC | AVGEMC.exe | AVG Anti-Virus 7.0 Email Cleaner. Scans incoming and outgoing email for viruses | No |
| Y | AVG_RegCleaner | AVGREGCL.exe | Boot time registry cleaner for the 7.* series of anti-virus products from AVG Technologies - for checking the registry for virus additions and other security problems | No |
| X | avidrv | drvsc.exe | Detected by Kaspersky as the AGENT.PH TROJAN! | No |
| X | Avimgt | Avimgt.exe | Added by the GEMA TROJAN! | No |
| X | Avimgt32 | Avimgt32.exe | Added by the GEMA TROJAN! | No |
| Y | avinit | AVINIT9X.EXE | Command Antivirus related | No |
| X | Avira Anti-Virus Pro 2008 | explorear.exe | Added by an unidentified WORM or TROJAN! | No |
| X | AvirTr | AvirTr.exe | AntivirusTrigger rogue security software - not recommended, removal instructions here | No |
| Y | AVK Mail Checker | AVKPop.exe | eXtendia AVK AntiVirus email checker | No |
| Y | AVKBar | AVKBar.exe | GData AntiVirusKit Anti-virus | No |
| Y | AVKTray | AVKTray.exe | System Tray access to the antivirus part of G Data range of internet security products | No |
| Y | AvMaiSrv | Avmaisrv.exe | Part of Avast! anti-virus software - E-mail scanner | No |
| X | AVManager | csrss.exe | Added by the AUTORUN-DV WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ~A~m~B~u~R~a~D~u~L~ subfolder | No |
| ? | AvMenu | AVMenu.exe | Part of the ArcaVir antivirus suite from Polish company Arcabit. What does this part do and is it required? | No |
| Y | AVMWlanClient | wlangui.exe | Related to broadband products from avm.de | No |
| X | avnort | formatsys.exe | Added by the SERFLOG.A WORM! | No |
| X | avnort | msmbw.exe | Added by the SERFLOG.A WORM! | No |
| X | avnort | serbw.exe | Added by the SERFLOG.A WORM! | No |
| Y | avp | avp.exe | Kaspersky anti-virus and AOL's Active Virus Shield (by Kaspersky) - found in either a Kaspersky or AOL sub-directory | No |
| X | AVP | [path to trojan] | Added by the MUTBO-A TROJAN! | No |
| X | avp | avp.exe | Detected by Kaspersky as the ALPHABET.B TROJAN! | No |
| X | avp | win*.tmp.exe [* is a number] | Added by a variant of the ALPHABET TROJAN! | No |
| X | avp | xar6000v7.exe | Detected by Kaspersky as the ALPHABET.B TROJAN! | No |
| X | AVP-SE | avp-32.exe | Added by the AGOBOT.FS WORM! | No |
| X | avpa | avpo.exe | Added by the LEGMIR-ARK TROJAN! | No |
| Y | avpcc | avpcc.exe | Kaspersky Labs anti-virus | No |
| X | avpl | Antivirus.exe | AntiVirus Plasma rogue security software - not recommended, removal instructions here | No |
| X | AvpM | AvpM.exe | Added by the STARTPAGE-ID TROJAN! Note - this is not the popular Kaspersky antivirus and this file is located in %Windir%\pchealth\UploadLB\Config | No |
| X | avpms | avpms.exe | Added by the ONLINEGAMES.CPV TROJAN! | No |
| X | Avpr | avpr.exe | Added by the MYDOOM.AF WORM! | No |
| X | AVPSrv | AVPSrv.exe | Added by the ONLINE-GEN TROJAN! | No |
| X | avptask | [path to trojan] | Added by the NOFERE-G TROJAN! | No |
| X | avptask | expl0rer.exe | Added by the AGENT.JJO TROJAN! | No |
| X | Avptask | rund1132.exe | Added by the AGENT.PKZ TROJAN! | No |
| X | AvpWx | WErcx.exe | Detected by Kaspersky as a variant of the AGENT.A TROJAN! | No |
| X | Avril Lavigne - Muse | [random filename] | Added by the AVRIL-A WORM! | No |
| X | avrlabs | avrlabs.exe | VirusResponse Lab 2009 rogue security software - not recommended | No |
| X | avscan | avscan.exe | Added by the SILLYFDC.BCR WORM! The file is in the users %Temp% directory | No |
| X | AVScan | winav.exe | Unidentfied rogue security software | No |
| X | AvScan | avscan.exe | Antivirus System PRO and Spyware Protect 2009 rogue security software. The file is located in %ProgramFiles%\<rogue name> | No |
| Y | AVSCHED32 | AVSched32.exe | AntiVir® PersonalEdition Classic - antivirus | No |
| Y | AVSchedScan | SCHSC9X.EXE | Command Antivirus related | No |
| X | AVSeguro | pgs.exe | AVSeguro, Spanish rogue security software - not recommended. A member of the AVSystemCare family | No |
| X | AvSer | dsm.exe | Added by the SERFLOG.B WORM! | No |
| X | AvSer | msmpatch.exe | Added by the SERFLOG.B WORM! | No |
| X | AvSer | svosm.exe | Added by the SERFLOG.B WORM! | No |
| X | AvSer | sysup.exe | Added by the SERFLOG.B WORM! | No |
| X | avserve.exe | avserve.exe | Added by the SASSER WORM! | No |
| X | avserve2.exe | avserve2.exe | Added by the SASSER.B or SASSER.C WORMS! | No |
| X | avserve3.exe | avserve3.exe | Added by the SASSER.G WORM! | No |
| U | AVStation premium | AVStation agent.exe | Related to Samsung AV Station - instant playback of music, photos, videos | No |
| X | AVSTRT | navpsrvc.exe | Added by the FORBOT-EF WORM! | No |
| X | AVSystemCare | pgs.exe | AVSystemCare rogue security software - not recommended. There are number of variants in this family sharing the same filename and user interface - see here | No |
| X | avtapi | avtapi.exe | Added by the AGENT.AM TROJAN! Note - example names include "XviD", "Winamp Remote", "Windows Media Player" and "Futuremark" | No |
| N | Avtray | Avtray.exe | Command Antivirus tray icon | No |
| X | AVupdate32 Update | AVupdate32.exe | Added by the RBOT.CNI TROJAN! | No |
| ? | AVWLPSTA | AVWLPSTA.exe | PRISM Status Tray Applet - but what is it for and is it required? | No |
| Y | AVWUpd32 | AVWUPD32.EXE | AntiVir® PersonalEdition Classic - updater | No |
| Y | avx communicator | xcommsur.exe | Anti-virus part of BitDefender virus scanner/firewall | No |
| Y | Avxlive | avxlive.exe | Bullguard or BitDefender antivirus | No |
| Y | avxlni | avxinit.exe | Anti-virus part of BitDefender virus scanner/firewall | No |
| ? | Avxnews | ?? | ?? | No |
| U | Awatch | Awatch.exe | Diagnosis tool that monitors DSL connections, installed alongside DSL drivers from AVM Fritz's range of modem products | No |
| U | AwaySch | AwaySch.EXE | Part of the IBM ThinkVantage Productivity Center. "The Away Manager application allows you preselect and run routine tasks to maintain your system's performance" | No |
| U | AWC | AWC.exe | Advanced SystemCare from IObit - "helps protect, optimize, clean, and repair your computer and Registry." The PRO version adds automation, anti-spyware, privacy protection and performance tune-ups | No |
| N | awhost32 | awhost32.exe | Part of Symantec's pcAnywhere remote PC management software. Provides an automatic startup of the client PC in host mode in conjuction with a host-definition file, so system administrators can access the machine. Can cause a 10% reduction in speed and not recommended | No |
| U | AWMON | Ad-Watch.exe | Part of Lavasoft Ad-aware Plus - realtime spyware-monitor watching your memory and registry for spyware that tries to install or change your system | No |
| U | AWMON | Ad-Monitor.exe | F-Secure Anti-Spyware | No |
| X | Awoa | smmo.exe | PurityScan adware | No |
| U | awplite | awplite.exe | AllWallpapers Lite desktop wallpaper changer | No |
| ? | AWUSGSTA | AWUSGSTA.exe | Reportedly related to a USB Wifi Adapter - is it required at startup? | No |
| U | awxDTools | awxDTools.dll, awxRegisterDll | AwxDTools related - a Windows Shell-Extension for the Daemon-Tools. It extends the context-menu of ImageFiles supported by Daemon-Tools (i.e.: *.cue, *.iso, *.ccd ...) | No |
| N | axcmd | axcmd.exe | Part of Alcohol 120% - "a powerful Windows CD and DVD burning software that makes it easy to create backups of DVDs and CDs. In addition, the program lets you store your most used CDs as images on your computer, so you can call them up at the click of a button". This entry automatically re-loads a disk image in the virtual CD/DVD drive on a system reboot | Yes |
| ? | AxFilter | Rundll32 AXFILTER.DLL, Rundll32 | ?? | No |
| U | AXIS Print System DriverScanner | DriverScanner.exe | Part of AXIS Print System from AXIS Communications - "adds printer discovery, printer driver installation printing on Windows platforms. Printing is enabled by AXIS Print Monitor, which is one of the components. Another component in AXIS Print System is AXIS IP Installer." Now discontinued | No |
| U | AXIS Print System DriverServer | DriverServer.exe | Part of AXIS Print System from AXIS Communications - "adds printer discovery, printer driver installation printing on Windows platforms. Printing is enabled by AXIS Print Monitor, which is one of the components. Another component in AXIS Print System is AXIS IP Installer." Now discontinued | No |
| U | AXIS Print System TrayIcon | TrayIcon.exe | System Tray access to AXIS Print System from AXIS Communications - "adds printer discovery, printer driver installation printing on Windows platforms. Printing is enabled by AXIS Print Monitor, which is one of the components. Another component in AXIS Print System is AXIS IP Installer." Now discontinued | No |
| X | AXPDefender | AXPDefender.exe | Advanced XP Defender rogue security software - not recommended, removal instructions here | No |
| X | AXPFixer | AXPFixer.exe | AdvancedXPFixer rogue security software - not recommended, removal instructions here | No |
| X | AXVenore | AXVenore.exe | Added by an unidentified TROJAN - see here | No |
| U | AzMixerSel | AzMixerSel.exe | Related to Realtek_Azalia Mixer Selector | No |
| Y | azmodem | azexe.exe | Aztech Labs modem driver | No |
| ? | a_vpd | vpd.exe | Located in an IBMTOOLS\VPD sub-directory. What does it do and is it required? | No |
| N | B'sCLiP | BSCLIP.exe | CD recording utility that comes with a lot of CDR/CDRW drives and isn't required | No |
| X | b.exe | b.exe | Added by the SDBOT.BND WORM! | No |
| N | B.Reader | remin.exe | Birthday Reminder 5.0 - as the name implies | No |
| X | b3d | BDEsecureinstall.exe | B3d Projector foistware - periodically trys to access the internet. (1) Uninstall it via Start -> Settings -> Control Panel -> Add/Remove Programs. (2) Remove the BDEsecureinstall.exe if still present in the "System" directory. (3) Disable and ideally delete it from the registry. (4) Remove the "BDE" directory and all its contents | No |
| X | b3dUpdate | Zupdate.exe | Associated with B3d Projector foistware - see here | No |
| U | b9 | B9.exe | FireTrust Benign - allows you to receive e-mail which is safe from viruses, worms, scripts, web bugs, privacy threats and other security risks, without affecting your e-mail. "Benign neutralizes or strips out the code that makes viruses, worms, scripts and other potentially harmful things run" | No |
| X | b99 | msmm.exe | ClientMan parasite variant | No |
| X | bab | svchst32.exe | Added by the AGENT.Q TROJAN! | No |
| X | babeie | rundll32 cnbabe.dll, dllstartup | CommonName Toolbar spyware. To uninstall see here | No |
| N | Babylon Client | Babylon.exe | Babylon-Pro is a powerful information tool that instantly provides relevant information, translations & conversions for any word or value you click on" | No |
| N | Babylon Translator | Babylon.exe | "Babylon-Pro is a powerful information tool that instantly provides relevant information, translations & conversions for any word or value you click on" | No |
| X | Back Updates | Uninstall.log.vbs | Added by the YPSAN.D WORM! | No |
| U | Back2zip | Back2zip.exe | Back2zip is a simple and elegant backup solution which uses the industry's most powerful ZIP and ZIP-64 technologies to constantly monitor your documents and make sure that they are always properly backed up | No |
| X | Backdoor.NuAgent | agent.exe | Added by the AGENT-DP TROJAN! | No |
| X | Background Intelligent Transfer Service | [path] rundll32.exe | Added by the VB-ZD TROJAN! Note - this is not the legitimate rundll32.exe process, which is found in %Windir% (98/ME) or %System% (NT/2K/XP) | No |
| U | BackgroundSwitcher | bgswitch.exe | Originally included with Microsoft's XP PowerToys (but now withdrawn - see here, Background Switcher allows your desktop background to periodically change | No |
| U | BackgroundSwitcher | BackgroundSwitcher.exe | John's Background Switcher (or JBS for short) periodically changes the background image on your computer (like every hour or every day) to something interesting | No |
| N | Backpack UDF | bpudfmon.exe | Backpack UDF packet writing software for Microssolutions' Back Pack external CD-RW drive. Similar to DirectCD. Run manually before insert an appropriately formatted CD-RW disk | No |
| X | backup | [path to worm] | Added by the AGOBOT-H WORM! | No |
| U | Backup NOW! Scheduler | Schdlr32.exe | Scheduled backups for the NTI Backup Now archiving utility. If a backup job has been scheduled, this entry places an icon in the System Tray and will automatically load the main program and execute the backup at the set time - as long as the backup media is present | Yes |
| X | Backup One | smbguard.exe | Added by the SDBOT-MI WORM! | No |
| X | Backup Service | backup.svc | Unidentified adware | No |
| X | BackUp Windows 2009 | [random].exe | Added by the AGENT-LUJ TROJAN! | No |
| U | Backup4all OTB Agent | B4AOTB.exe | "Backup4all is an award-winning data backup software for Windows. This backup utility was designed to protect your valuable data from partial or total loss by automating backup tasks, password protecting and compressing it to save storage space" | No |
| U | BackupExecScheduler | besch.exe | Veritas "Back Up My PC" software | No |
| ? | BackupNotify | backupnotify.exe | HP Digital Imaging related. What does it do and is it required? | No |
| N | BackWeb | backweb.exe | Automatically detects an internet connection and downloads any available updates. Typical on Compaq and HP PC's but not restricted to those OEM's. Resource hog and often causes malfunctions. Available via Start -> Programs | No |
| N | Backwork | Backwork.exe | Backwork trojan detector | No |
| U | BACPI10 | bacpi10a.exe | Known as "PowerKey" - a minimalistic keyboard driver that allows power management keys on BTC keyboards to function properly in older OS's (i.e. Win95/98/NT4). Also adds an icon to the system tray | No |
| N | BacsTray | BacsTray.exe | Broadcom Advanced Control Suite - for modems and set top boxes based upon Broadcom chipsets. Not required unless you have networking problems | No |
| X | BADDATE | BADDATE.EXE | Added by an unidentified VIRUS, WORM or TROJAN! | No |
| X | Badx | HELLRAIDER.EXE | Added by the MINDCTRL.A BACKDOOR! | No |
| X | BagleAV | csrss.exe | Added by the NETSKY.AB WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | Bakra | IEHost.EXE | Added by the MULTIDR-AH TROJAN! | No |
| X | bal | SYSMONMS.EXE | Added by the FAKEALERT TROJAN! | No |
| X | Band-Aid | [path to file] | Added by the RANKY.O TROJAN! | No |
| U | bandmon | bandmon.exe | Rokario Bandwidth Monitor | No |
| X | Bandook | ali.exe | Added by the EXEMAS-B TROJAN! | No |
| N | Bandwidth Meter Pro | BandwidthMeterPro.exe | System Tray access to Bandwidth Meter Pro - "an easy-to-use network software for bandwidth usage monitoring and reporting. It monitors traffic of all network connections on your computer and displays graphical and numerical download and upload speeds in real-time" | Yes |
| U | Bandwidth Monitor Pro | Bandwidth Monitor Pro.exe | Bandwidth Monitor Pro - utililty to track your current download/upload limit that may be set by your ISP | No |
| N | BandwidthMeterPro | BandwidthMeterPro.exe | System Tray access to Bandwidth Meter Pro - "an easy-to-use network software for bandwidth usage monitoring and reporting. It monitors traffic of all network connections on your computer and displays graphical and numerical download and upload speeds in real-time" | Yes |
| U | Banpopup by Pratik | Banpopup.exe | Banpopup - popup killer | No |
| X | bantool | bantool.exe | Malware installed by different rogue security software including SpyKillerPro | No |
| X | bantool | ie_ban.exe | Detected as the VB.PO TROJAN! | No |
| X | Bar Ding lolt | Analiz.exe | Added by the RBOT-RP WORM! | No |
| X | bargains | bargains.exe | BargainBuddy adware | No |
| X | bargains | bargainbuddy.exe | BargainBuddy adware | No |
| X | BaRloNdDiLhep | services.exe | Added by the AUTORUN.DIB WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ~A~m~B~u~R~a~D~u~L~� subfolder | No |
| ? | Bart Station | station.sbrt | Related to PeoplePC ISP. May be a dialler for dial-up accounts? | No |
| U | Bart Station | PPCOLink.exe | Dialer for PeoplePC ISP | No |
| X | BarTheme | bartent32.exe | Added by the AGOBOT-UG WORM! | No |
| N | bascstray | BascsTray.exe | Broadcom Advanced Control Suite - for modems and set top boxes based upon Broadcom chipsets. Not required unless you have networking problems | No |
| X | Bat | secure2.bat | Added by the ZCREW.C TROJAN! | No |
| N | Batchreg1 | N/A | Part of the Windows System Recovery process. Added to the registry via Msbatch.inf. The existence of this key or process after the last reboot during installation indicates an unsuccessful installation, as that key should be deleted automatically. See here | No |
| U | BatInfEx | rundll32.exe [path] BatInfEx.dll,BMMAutonomicMonitor | Part of the Battery MaxiMiser and Power Management Features set for some IBM/Lenovo Thinkpad notebooks. This entry is needed for the battery information and monitoring program as well as the Battery Maximizer Wizard | Yes |
| U | BatLogEx | rundll32.exe [path] BatLogEx.DLL,StartBattLog | Part of the Battery MaxiMiser and Power Management Features set for some IBM/Lenovo Thinkpad notebooks. This entry logs changes in battery conditions such as charging, discharging, life, etc | Yes |
| X | BatSrv | batserv2.exe | Detected by Kaspersky as the LOCKSY.M WORM! | No |
| U | Battery Scope | batmgr.exe | Monitors battery levels on a notebook/laptop PC | No |
| U | BatteryBar | batterybar.exe | BatteryBar - displays battery usage, and the current percentage of battery power left | No |
| Y | batterymiser | batterymiser.exe | Battery Miser power management utility for LG Notebooks | No |
| Y | BatteryMiser 5 | BatteryMiser5.exe | Battery Miser 5 power management utility for LG Notebooks | No |
| X | BatzBack | BatzBack.scr | Added by the BACKZAT WORM! | No |
| U | BAUSB | BAUSB.exe | Boston Acoustics Audio, USB driver | No |
| X | bawindo | bawindo.exe | Added by the BEAGLE.AR or BEAGLE.AU WORMS! | No |
| U | Bayden SlickRun | sr.exe | "SlickRun is a floating command line utility for Windows. It gives you almost instant access to any program or website. SlickRun allows you to create command aliases (known as MagicWords), so C:\Program Files\Outlook Express\msimn.exe becomes MAIL" | Yes |
| U | BayMgr | DockApp.exe | Hot-swappable drive management on laptops allowing you to change drives without closing down Windows. Only required if you frequently swap bay devices | No |
| U | Bayswap | bayswap.exe | Hot-swappable drive management on Compaq Notebooks which allows you to swap drives without closing down Windows. Only required if you frequently swap bay devices | No |
| U | Bayswap2 | TbUpdate.exe | Hot-swappable drive management on Compaq Notebooks which allows you to swap drives without closing down Windows. Only required if you frequently swap bay devices | No |
| N | BBC Alerts | BBC_Alerts.exe | BBC Alerts - "You can now have all the latest news and sports headlines delivered straight to your desktop with the new BBC Alerts service" | No |
| U | BBC News alerts | skinkers.exe | BBC News Desktop Alerts service - see here. Desktop alert and breaking news e-mail services let you find out about all the latest news as it happens | No |
| ? | BBDial | BT Broadband.exe | Part of BT Broandband - is it required? | No |
| N | BBLauncher.exe | BBLauncher.exe | BounceBack Professional - back-up software | No |
| N | bbSysTray | bbSysTray.exe | Philips CD-RW related - "the 'Blue Button' feature gives users the chance to receive convenient online support for their possible device problems or questions" | No |
| U | bbui | bbui.exe | AOL DSL status monitor displaying a red/green icon indicating if you have a connection | No |
| U | bca | bca.exe | BeClean Agent - registry, history, temp files, etc cleaner | No |
| U | BCDetect | bcdetect.exe | Bcdetect.exe searches the system to make sure Creative drivers are installed for the video card. It loads the BlasterControl when the drivers are detected. Your choice - try it and see | No |
| Y | BCMDMMSG | bcmdmmsg.exe | BCM voicemodem driver. Required for dial-up if you have one of these modems | No |
| U | BCMHal | rundll32.exe bcmhal9x.dll, bcinit | BlasterControl for Creative video cards - controls for desktop settings, monitor configuration, colour adjustments and performance tuning. May be needed to retain settings | No |
| Y | BCMSMMSG | BCMSMMSG.exe | BCM voicemodem driver. Required for dial-up if you have one of these modems | No |
| ? | bcmwltry | bcmwltry.exe | Broadcom Corporation Wireless Network Tray Applet. Is it required? | No |
| N | BCNT | bcnt.exe | AWS Weatherbug related. What does it do? | No |
| X | BCPC | bcpc.exe | BroadcastPC adware variant | No |
| X | bcpc_c | bcpc_c.exe | BroadcastPC adware variant | No |
| U | BCTweak | bctweak.exe | BlasterControl for Creative video cards - controls for desktop settings, monitor configuration, colour adjustments and performance tuning. May be needed to retain settings | No |
| X | Bcvsrv32 | bcvsrv32.exe | Added by the GAOBOT.BQJ WORM! | No |
| X | Bcvsrv32 | he3.exe | Added by the AGOBOT.AKB WORM! | No |
| X | Bcvsrv32 | msxml22.exe | Added by the AGOBOT.AKH WORM! | No |
| X | Bcvsrv32 | msc32.exe | Added by the AGOBOT.AKD WORM! | No |
| X | Bcvsrv32 | msbvd32.exe | Added by the AGOBOT-SR WORM! | No |
| X | Bcvsrv32 | system2.exe | Added by the AGOBOT-PU BACKDOOR! | No |
| N | BCWipeTM | bcwipetm.exe | BCWipe Task Manager - scheduler for BCWipe so that it runs at convenient times. You can set a time for running the task, as well as special options for the task. Run manually when needed | No |
| X | BD | dc.exe | Added by the RASDOOR-A TROJAN! | No |
| Y | BDAgent | bdagent.exe | BitDefender Agent - for BitDefender internet security products. Maintains settings (for all users) and provides alerts and System Tray access to the main program. Note - for the System Tray icon to be displayed the Terminal Services service must be set to either "Manual" or "Automatic". It can also be licensed by other products such as versions of The Shield Deluxe from PCSecurityShield (see here) - who's reputation is poor | No |
| X | bdfger | gggasw.exe | Added by the SDBOT-RT WORM! | No |
| Y | BDMCon | Bdmcon.exe | BitDefender antivirus | No |
| Y | BDNewsAgent | bdnagent.exe | BitDefender antivirus - updater | No |
| Y | BDOESRV | bdoesrv.exe | Bitdefender 8 antivirus and firewall | No |
| U | BDRegion | brs.exe | Part of Cyberlink's PowerDVD version 8 - removes the Blu-ray region on a DVD | No |
| Y | BDSwitchAgent | bdswitch.exe | Bitdefender 8 antivirus and firewall | No |
| Y | BDWizReg | bdwizreg.exe | Configuration wizard for BitDefender internet security products. Only runs once the product has been installed. Guides you through the steps necessary to configure the BitDefender modules, applies settings to cover your requirements and security needs and takes the first actions to making your computer virus-free | Yes |
| U | BearFlix | BearFlix.exe | BearFlix is optimized for the fast download of video files | No |
| N | BearShare | bearshare.exe | BearShare file sharing client. Versions known to include spyware - see here | No |
| U | BeatNik Internet Clock | BeatNik.exe | BeatNik Internet Clock is a Windows clock add-on that supports 'skins'. It can also synchronize your computer's clock with an atomic clock | No |
| X | Beawver | saqevre.exe | Added by a variant of the RANKY TROJAN! | No |
| X | BedreigingsMonitoor | pgs.exe | BedreigingsMonitoor rogue security software - not recommended. A member of the AVSystemCare family | No |
| X | Beegees Update | beegees.exe | Added by the SDBOT-ADK WORM! | No |
| ? | BEEI | beei.exe | ?? | No |
| U | BeFaster | befaster3.exe | BeFaster internet connection optimization tool | No |
| X | begins | 0.exe | Added by the MYTOB-HE WORM! | No |
| ? | BEHL | BEHL.exe | ?? | No |
| ? | BEHLO | BEHLO.exe | ?? | No |
| U | beidsystemtray | beidsystemtray.exe | Related to Belgium Identity Card card reader | No |
| U | Belgacom | sprtcmd.exe /P Belgacom | Self-help support tool for Belgacom broadband users (provided by SupportSoft, Inc). Identifies and automatically fixes typical problems that may occur with your high-speed internet service | No |
| U | Belkin F5D8013 N Wireless Notebook Card Utility | Belkinwcui.exe | Wireless configuration utility for the Belkin F5D8013 N Wireless Notebook Card | No |
| U | Belkin F5D8053 N Wireless USB Adapter Utility | Belkinwcui.exe | Wireless configuration utility for the Belkin F5D8053 N Wireless USB Adapter | No |
| U | Belkin F5D8073 N Wireless ExpressCard Adapter Utility | Belkinwcui.exe | Wireless configuration utility for the Belkin F5D8073 N Wireless ExpressCard Adapter | No |
| N | Belkin PCMCIA WLAN Monitor | monitorbk.exe | Belkin USB Network Adapter Management utility - can be started manually | No |
| U | Belkin Wireless G Notebook Card Client Utility | Belkinwcui.exe | Wireless configuration utility for the Belkin F5D701F Wireless G Notebook Card | No |
| U | Belkin Wireless USB Utility | Belkinwcui.exe | Wireless configuration utility for the Belkin F5D7050 Wireless G USB Adapter | No |
| U | Belkin Wireless Utility | Belkinwcui.exe | Wireless configuration utility for some Belkin cards such as the F5D7000 Wireless G Desktop Card | No |
| U | BellSouthAlertManager.exe | BellSouthAlertManager.exe | Related to BellSouth Alert Manager | No |
| U | BelNotify | rundll32.exe [path] NPBelv32.dll, RunDll32_BelNotify | "BelTech from Belarc enables licensees to offer automated, Web-based problem resolution to their end-users. BelTech allows the end-user to simply go to a web page and automatically resolve their problem or point them to the right solution. BelTech Manager allows non-programmers to rapidly and easily deploy and maintain this service" | No |
| ? | BELORVBI | BELORVBI.exe | ?? | No |
| ? | Belsta.exe | Belsta.exe | Configuration tool for Belkin wireless network cards. Required to change the card's configuration. Is it required for correct operation once the confuiguration is changed? | No |
| X | Belt | Belt.exe | VX2.Transponder parasite updater/installer related | No |
| X | Benadril Alert Tool | benadrilalert.exe | Plug-in for WeatherBug advising when pollen count in your area is high - prompting you to buy Benadril | No |
| X | BeschermingsTool | SysRep.exe | BeschermingsTool, Dutch rogue system error and cleaning utility - not recommended. A member of the ErrClean family | No |
| U | BestCrypt Auto Open | BestCrypt.exe | BestCrypt from Jetico, Inc. "Keeps your confidential data in a strongly encrypted form on your disk and provides you with transparent access" | No |
| X | BestPopUpKiller | BestPopupKiller.exe | Popup killer by Swanksoft - not recommended, see here | No |
| X | BestsellerAntivirus | pgs.exe | BestsellerAntivirus rogue security software - not recommended. A member of the AVSystemCare family | No |
| U | BestSync 2008 | BestSyncApp.exe | System Tray access to BestSync® 2008 from Risefly Software - "a professional utility for synchronizing files between your local folders and Network Drives, FTP servers, Removable Media (such as an USB disk)" | No |
| X | BeSys | [path to file] | BeSys adware | No |
| X | beta | svchost.exe | Added by a variant of the DELF.IT TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! The location of this file varies | No |
| X | BF4P | bf4p.exe | Added by the IRCBOT.GEN WORM! | No |
| X | bfxtray | [path to trojan] | Added by the AGENT-GEB TROJAN! | No |
| Y | bg | bullguard.exe | Bullguard antivirus and firewall. The P2P version is free with KaZaA Media Desktop and Grokster | No |
| U | BGInfo | Bginfo.exe | BGinfo automatically displays relevant information about a Windows computer on the desktop's background, such as the computer name, IP address, service pack version, and more | No |
| U | BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} | NMBgMonitor.exe | Associated with Nero Scout, added by version 7 of the Nero digital media suite (CD & DVD burning, authoring, etc). Thanks to Help2Go.com, if you feel this is draining more resources that necessary you can disable it by clicking here | No |
| Y | BGNewsAgent | bgnewsag.exe | BullGuard antivirus updater | No |
| N | bgsmsnd | bgsmsnd.exe | Printer driver to generate PDF files from any program | No |
| X | Bharatayuda | GNB.exe | Added by the BHARAT.A WORM! | No |
| N | BHOCop | BHOCop.exe | PC Magazine's BHO Cop that lets you see what browser helper objects are installed. Useful for detecting spyware | No |
| U | BHODemon 2.0 | BHODemon.exe | BHODemon "protects you from unknown Browser Helper Objects (BHOs), by letting you enable/disable them individually. When running, it also monitors your Registry and alerts you when a BHO is installed. Best of all, BHODemon knows about the most common BHOs - the good ones, and the not-so-good ones!". If you prefer forgoing resident protection, the application can also be run on demand | No |
| U | BHR | BHR.exe | Browser Hijack Retaliator - recovers your browser after it has been hijacked by spyware, adware, etc | No |
| U | BI1HelperStartUp | BI1HEL~1.EXE | ScreenScenes "Beach Islands" screensaver. The freeware version comes with GAIN branded ads (pop-ups and others). ScreenScenes do however offer you the option of doing away with the ads by purchasing the screensaver for a whopping $30. Please note that Claria Corporation no longer support GAIN-Supported software - see here | No |
| X | BIE | Rundll32.exe [path] BDSrHook.dll, Rundll32 | BDplugin parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| X | BIG | biggy.exe | Added by the DELBOT-AG WORM! | No |
| N | BigDog303 | VM303_STI.EXE | Vmicro webcam USB utility - allows the webcam to initiate data transfer to a program. Create a shortcut and start it manually when needed | No |
| N | BigDog305 | VM305_STI.EXE | Vmicro webcam USB utility - allows the webcam to initiate data transfer to a program. Create a shortcut and start it manually when needed | No |
| ? | BigDogPath | VM_STI.EXE | Bundled with some software for digital cameras that use a USB connection - what does it do and is it required? | No |
| N | bigfix | BIGFIX.EXE | BigFix can automatically download and read technical support information provided by computer and software manufacturers and other technical support experts (published in the form of Fixlet® Messages) and can automatically check your computer for bugs, configuration conflicts, and security holes. Should only be started manually as it's a resource hog | Yes |
| X | biglow | biglow.exe | Added by a variant of the Storm/Nuwar/Zhelatin WORM! See here for an example | No |
| X | bigoris | bigoris.exe | Added by the DORF-AZ TROJAN! | No |
| U | BigPond Toolbar | bpumTray.exe | Telstra BigPond Toolbar - "Introducing the free and easy to use BigPond Toolbar that is designed to make your internet experience and managing your Telstra internet account a whole lot easier" | No |
| N | BigPondCable | bpcable.exe | Telstra Bigpond Cable login software - can be started manually | No |
| Y | BigPondWirelessBroadbandCM | BigPond_CM.exe | Related to BigPond_Wireless_Broadband Service by Telstra | No |
| X | bikini | bikini.exe | Added by the LOWZONE-CX TROJAN! | No |
| X | BillGatesLoh.exe | BillGatesLoh.exe | Added by the AGENT-FZO TROJAN! | No |
| N | Billminder | Billmind.exe | Can be setup in Quicken to remind user of due payments. Available via Start -> Programs | No |
| X | bin32hpu | ppstub.exe | PrecisionPop adware | No |
| X | bingdian | Bingdian.vbs | Added by the BINGD WORM! | No |
| ? | Bingo Charm | charms.exe | Some kind of screen icon kind of like desk flag, but it gives you a choice of icons? | No |
| U | Biomenu | menusw.exe | Related to Sony VAIO - passwords, encryption, and a biometric fingerprint sensor | No |
| U | Bionix Wallpaper 5 | Bionix Wallpaper 5.exe | BioniX Wallpaper Changer - "the most advanced wallpaper changer/wallpaper manager software in the world" | No |
| U | BioniXWallpaper | Bionix Wallpaper 5beta.exe | BioniX Wallpaper Changer - "the most advanced wallpaper changer/wallpaper manager software in the world" | No |
| U | BioniXWallpaper | BioniX Wallper.exe | BioniX Wallpaper Changer - "the most advanced wallpaper changer/wallpaper manager software in the world" | No |
| U | BioniXWallpaper | BionixWallpaper5.exe | BioniX Wallpaper Changer - "the most advanced wallpaper changer/wallpaper manager software in the world" | No |
| X | Bios | Bios32.exe | Added by an unidentified VIRUS, WORM or TROJAN! | No |
| X | bios | bios.exe | Added by the BANCBAN-PW TROJAN! | No |
| X | BIOS XP Loader | [random filename] | Added by the RBOT-IC WORM! | No |
| X | BIOS1 | BIOS1.EXE | Added by the OPASERV.T WORM! | No |
| ? | BIOVCIP | BIOVCIP.exe | ?? | No |
| ? | BisonHK | BisonHK.exe | Related to a Bison webcam - which is used on notebooks from a number of manufacturers including Acer, Asus, Lenovo & Samsung. What does it do and is it required? | No |
| Y | BisonInst0402 | BR040286.exe | Driver for integrated notebook webcams from Bison Electronics Inc - such as the Acer Crystal Eye | No |
| N | BitComet | BitComet.exe | BitComet P2P client - can be launched from Start -> Programs | No |
| Y | BitDefender 12 | bdwizreg.exe | Configuration wizard for BitDefender internet security products. Only runs once the product has been installed. Guides you through the steps necessary to configure the BitDefender modules, applies settings to cover your requirements and security needs and takes the first actions to making your computer virus-free | Yes |
| Y | BitDefender 2009 | IEShow.exe | Anti-phishing component of BitDefender internet security products. Anti-phishing prevents sensitive data such as usernames, passwords and credit card details being acquired by web-sites and E-mails masquerading as a trustworthy sources. This entry is from the 2009 versions. It can also be licensed by other products such as versions of The Shield Deluxe from PCSecurityShield (see here) - who's reputation is poor | No |
| Y | BitDefender 2009 | bdagent.exe | BitDefender Agent - for BitDefender internet security products. Maintains settings (for all users) and provides alerts and System Tray access to the main program. Note - for the System Tray icon to be displayed the Terminal Services service must be set to either "Manual" or "Automatic". It can also be licensed by other products such as versions of The Shield Deluxe from PCSecurityShield (see here) - who's reputation is poor | No |
| Y | BitDefender Antiphishing Helper | IEShow.exe | Anti-phishing component of BitDefender internet security products. Anti-phishing prevents sensitive data such as usernames, passwords and credit card details being acquired by web-sites and E-mails masquerading as a trustworthy sources. It can also be licensed by other products such as versions of The Shield Deluxe from PCSecurityShield (see here) - who's reputation is poor | No |
| X | BitDefender Antivirus | BITDEFENDERX.EXE | Added by a variant of the SPYBOT WORM! | No |
| Y | BitDefender Communicator | xcommsvr.exe | BitDefender antivirus | No |
| U | BitDefender for MSN Messenger | msnmon.exe | Bitdefender anti-virus for MSN Messenger - no longer supported at the BitDefender website | No |
| U | BitDefender for Yahoo! Messenger | yahmon.exe | Bitdefender anti-virus for Yahoo! Messenger - no longer supported at the BitDefender website | No |
| Y | BitDefender Live! Init | bdinit.exe | BitDefender antivirus | No |
| Y | BitDefender Scan Server | bdss.exe | BitDefender antivirus | No |
| Y | BitDefender Virus Shield | vsserv.exe | BitDefender antivirus | No |
| Y | bitdefenderlive | avxlive.exe | Main program of BitDefender virus scanner/firewall | No |
| U | BitDefender_P2P_Startup | BitDefender_P2P_Startup.exe | Bitdefender anti-virus for P2P clients - no longer supported at the BitDefender website | No |
| X | Bittorrent | bittorrent.exe | Added by the RJUMP-D WORM! Note - do not confuse with the legitimate BitTorrent file-sharing client which is normally located in %ProgramFiles%\BitTorrent. This one is located in %Windir% | No |
| N | BitTorrent | bittorrent.exe | BitTorrent file sharing client - from BitTorrent, Inc. For more information about the protocol see here. As BitTorrent is a peer-to-peer (P2P) file-sharing client used to distribute large amounts of data between multiple users make sure you have good, up-to-date virus protection and check any downloads | Yes |
| N | BitTorrent DNA | btdna.exe | "BitTorrent DNA is a FREE content delivery service based on the BitTorrent protocol which brings the power of user-contributed bandwidth to traditional content publishers while leaving publishers in full control of their files". Now a stand-alone product where the user creates the download, DNA used to be included with and used by earlier versions of the main BitTorrent client. As files are downloaded via a file-sharing network make sure you have good, up-to-date virus protection and check any downloads. Start manually via Control Panel → DNA | Yes |
| N | bittorrent.exe | bittorrent.exe | BitTorrent file sharing client - from BitTorrent, Inc. For more information about the protocol see here. As BitTorrent is a peer-to-peer (P2P) file-sharing client used to distribute large amounts of data between multiple users make sure you have good, up-to-date virus protection and check any downloads | Yes |
| N | BitWare Print Monitor | bwprnmon.exe | FaxServe network fax software | No |
| N | BJ Printer Status Monitor | Cjstsr.exe | Canon BJ printer status monitor | No |
| N | BJ Status Monitor 5xx | CJSTRxx.EXE | Canon printer status monitor - where "xx" is different depending upon the version. Not required as you can check the printer status via My Computer -> Printers | No |
| N | bjcfd | cdf.exe | BroadJump Client Foundation. Broadband troubleshooting software installed by various companies. Not required and you can remove it via Add/Remove programs | No |
| U | BJLaunchEXE | BJLaunch.exe | Memory Card Utility for the Canon i470D, i475D and i905D photo printers - which allows "your computer to access the memory card reader feature of your printer" | No |
| U | BJPD HID Control | TVMon.exe | Related to Canon Photo viewer | No |
| N | BlackBerryAutoUpdate | RIMAutoUpdate.exe | Automatic updates for BlackBerry smartphones, provided by Research In Motion. Run manually when required | No |
| N | BlackICE PC Protection | blackice.exe | Loads the user interface for the BlackICE PC Protection (was Defender) firewall program. From the parent site - '(the user interface) starts in the "Startup" menu and adds itself to the taskbar. The user interface is independent from the rest of the system and only displays the output or reconfigures the system. It does not need to be running for the rest of the system to run.' See also LoadBlackD | No |
| N | BlackIce Utility | blackice.exe | Loads the user interface for the BlackICE PC Protection (was Defender) firewall program. From the parent site - '(the user interface) starts in the "Startup" menu and adds itself to the taskbar. The user interface is independent from the rest of the system and only displays the output or reconfigures the system. It does not need to be running for the rest of the system to run.' See also LoadBlackD | No |
| U | blads | blads.exe | A Tweak-XP component, blocks advertisement banners in Internet Explorer. Can be enabled/disabled via Tweak-XP / Internet Tweaks | No |
| X | blah service | winupdate.exe | Added by the GAOBOT.BIA WORM! | No |
| X | blah service | winsysengine.exe | Added by the RBOT-KI WORM! | No |
| X | blah service | internet.exe | Added by a variant of the RBOT WORM! | No |
| X | blah service | smnp.exe | Added by the RBOT.IZ WORM! | No |
| X | blah service | msnmsgrr.exe | Added by the RBOT.PZ WORM! | No |
| X | blah service | tazkmgr.exe | Added by the RBOT.UA WORM! | No |
| X | blah service | FaLeH.exe | Added by the RBOT-AES WORM! | No |
| X | blah service | microsoft.exe | Added by a variant of the RBOT WORM! | No |
| X | blah service | evosys.exe | Added by a variant of the RBOT WORM! | No |
| X | blah service | win32.exe | Added by the RBOT-AXO WORM! | No |
| X | Blah service | CCAPPS32.EXE | Added by the RBOT.TV WORM! | No |
| X | blah services | iczw.exe | Added by the RBOT-GMP WORM! | No |
| X | blahh service | msengine.exe | Added by a variant of the RBOT WORM! | No |
| X | blahx service | msnjompa.exe | Added by the SDBOT.AML WORM! | No |
| X | Blank AntiViri | AUT0EXEC.BAT StartUp | Added by the BRONTOK-CJ WORM! | No |
| N | BlazeChanger | FBZPaper.exe | Ember graphic file viewer, manager, and touch-up system | No |
| ? | BlazeServoTool | MediaDetector.exe | Related to BlazeDVD from BlazeVideo - which "is leading powerful and easy-to-use DVD player software." What does it do and is it required? | No |
| N | bldbubg | bldbubg.exe | Part of Dell Alerts which provides customers with an update on latest updates for his/her system | No |
| X | BLF | blf.exe | Added by the DELBOT-M WORM! | No |
| U | blinkx | blinkx.exe | Blinkx Desktop "Smart Folders" software | No |
| N | Blitzz BWI715 | WLANmon.exe | Blitzz Technology BWI715 Wireless PC modem connection monitor | No |
| X | BLMessagingIntegration | blengine.exe | BuddyLinks adware | No |
| U | BlockAds | blads.exe | A Tweak-XP component, blocks advertisement banners in Internet Explorer. Can be enabled/disabled via Tweak-XP / Internet Tweaks | No |
| X | BlockChecker | Block-checker.exe | BlockChecker adware | No |
| X | BlockDefense | BlockDefense.exe | BlockDefense rogue security software - not recommended, removal instructions here. A member of the WiniGuard family | No |
| X | Blocker System611 Monitoring | PopUpBlocker611.exe | Added by the RBOT.BLJ WORM! | No |
| X | BlockKeeper | BlockKeeper.exe | BlockKeeper rogue security software - not recommended, removal instructions here. A member of the WiniGuard family | No |
| X | BlockProtector.exe | BlockProtector.exe | BlockProtector rogue security software - not recommended, removal instructions here. A member of the WiniGuard family | No |
| X | BlockScanner | BlockScanner.exe | BlockScanner rogue security software - not recommended. A member of the WiniGuard family | No |
| N | BlockTracker | BlockTracker.exe | If present on a HP machine it tracks all the processes and logs them to a blocklog.txt file | No |
| X | BlockWatcher | BlockWatcher.exe | BlockWatcher rogue security software - not recommended, removal instructions here. A member of the WiniGuard family | No |
| U | BLOG | rundll32.exe [path] BatLogEx.DLL,StartBattLog | Part of the Battery MaxiMiser and Power Management Features set for some IBM/Lenovo Thinkpad notebooks. This entry logs changes in battery conditions such as charging, discharging, life, etc | Yes |
| U | blsloader | blsloader.exe | BellSouth ISP Internet Tools | No |
| X | blss | blss.exe | Added by the BLARUL TROJAN! | No |
| N | BLSTAPP | blstapp.exe | Puts access to Creative's BlasterControl in the System Tray | No |
| N | Blubster | Blubster.exe | Related to Blubster Music sharing service | No |
| U | Blue Frog | bluefrog.exe | Blue Frog by Blue Security Inc. - actively fights spam by posting complaints on the sites advertised by the spam you receive | No |
| X | Blue Service | [path to trojan] | Added by the BANCOS-BCW TROJAN! | No |
| ? | BlueLight_uoltray | exec.exe | Related to BlueLight Internet. What does it do and is it required? | No |
| U | BlueSoleil | BLUESO~1.EXE | BlueSoleil Bluetooth wireless manager from IVT Corporation | No |
| U | BlueSpace NE | BlueSpaceNE.exe | "BlueSpace NE is a utility program used to run the Bluetooth function on VAIO computers that support the Bluetooth function or on VAIO computers connected to the Bluetooth USB adapter". Shortcut available via Start -> Programs | No |
| X | Bluetooth Config | btwindin32.exe | Added by the SDBOT-DFN WORM! | No |
| U | Bluetooth Connection Assistant | LBTWiz.exe | Bluetooth connection manager for Logitech based bluetooth wireless products | No |
| ? | Bluetooth HCI Monitor | RunDll32 HCIMNTR.DLL,RunCheckHCIMode | Related to the Bluetooth short-range wireless communications technology. For more information on Bluetooth see here. What does it do and is it required? | No |
| U | BluetoothAuthenticationAgent | rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent | If your system has Bluetooth (either integrated or via an adapter) and use's Microsoft's support software/drivers, this entry is required in order to successfully "pair" your system with a Bluetooth device (such as a mobile phone, PDA, headset) using this wireless protocol (via a PIN). Should you get the error message, "Rundll irprops.cpl missing entry Bluetooth authentication agent", click here for more information | Yes |
| U | BluetoothAuthenticationAgent | rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent | If your system has Bluetooth (either integrated or via an adapter) and use's Microsoft's support software/drivers, this entry is required in order to successfully "pair" your system with a Bluetooth device (such as a mobile phone, PDA, headset) using this wireless protocol (via a PIN) | Yes |
| U | blueyonder Instant Support Tool | matcli.exe | Blueyonder Instant Support Tool. "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, state, etc and gets written to a log file". Blueyonder Instant Support Tool is required to run with the Help and Support program. If you uncheck it and then run Help and Support it will add another in the startup menu. If you remove Blueyonder Instant Support Tool via add/remove programs some menus in help and support will not be available. You decide | No |
| X | bm | bm.exe | Part of the AVSystemCare rogue security software and other members of this family. See here for more examples | No |
| N | BMail Installation | FTP_back.exe | Part of iMesh - a file sharing system. Reported by Norton AntiVirus as a trojan. Once deleted does not prevent file sharing working. Older versions of iMesh re-instate this but the newer versions do not | No |
| X | Bman | BMan1.exe | Abcsearch.com/DealHelper adware variant | No |
| U | BMMGAG | RunDll32 [path] pwrmonit.dll,StartPwrMonitor | Part of the Battery MaxiMiser and Power Management Features set for some IBM/Lenovo Thinkpad notebooks. This entry displays the battery gauge icon in the Taskbar (not the System Tray). Provides shortcuts to the proprietary power saving settings and to a battery information window | Yes |
| N | BMMLREF | BMMLREF.EXE | Part of the Battery MaxiMiser and Power Management Features set for some IBM/Lenovo Thinkpad notebooks. The purpose of this entry is unknown at present. It doesn't normally appear to be running if left enabled at startup and it doesn't run if the Battery MaxiMiser Wizard is open - hence the "N" status | Yes |
| N | BMMLREF.EXE | BMMLREF.EXE | Part of the Battery MaxiMiser and Power Management Features set for some IBM/Lenovo Thinkpad notebooks. The purpose of this entry is unknown at present. It doesn't normally appear to be running if left enabled at startup and it doesn't run if the Battery MaxiMiser Wizard is open - hence the "N" status | Yes |
| U | BMMMONWND | rundll32.exe [path] BatInfEx.dll,BMMAutonomicMonitor | Part of the Battery MaxiMiser and Power Management Features set for some IBM/Lenovo Thinkpad notebooks. This entry is needed for the battery information and monitoring program as well as the Battery Maximizer Wizard | Yes |
| X | BMN | bm.exe | Part of VirtualPCGuard, VirusGuardPlus and other members of the AVSystemCare family of rogue security software suites. See here for more examples | No |
| X | BMN | strpmon.exe | Part of CleanPCTool, CleanupTool and other members of the ErrClean rogue system error and cleaning utility and other members of this family. See here for more examples | No |
| X | BMN | dcmon.exe | SystemDoctor rogue security software - not recommended, removal instructions here | No |
| U | BMO MasterCard Wallet | EWALLET.EXE | The wallet conveniently stores billing, shipping and payment information on your PC | No |
| X | Bmonq | bmonq.exe | Added by the CLICKER.HZ TROJAN! | No |
| N | BMupdate | BMupdate.exe | Related to the BookmarkCentral entry. Typically added after downloading drivers for Visioneer scanners for example, and you install the driver self-install | No |
| X | bmw | bmw.exe | Added by the AGOBOT.BBV BACKDOOR! | No |
| X | bmz | bmz.exe | 180Search adware | No |
| X | Bndt32 | Bndt32.exe | Added by the LACON WORM! | No |
| X | Bnexe | [random filename] | Added by the KITRO.D (or ARGEN.A) WORM! | No |
| U | BO1HelperStartUp | BO1HEL~1.EXE | ScreenScenes "Butterfly Oasis" screensaver. The freeware version comes with GAIN branded ads (pop-ups and others). ScreenScenes do however offer you the option of doing away with the ads by purchasing the screensaver for a whopping $30. Please note that Claria Corporation no longer support GAIN-Supported software - see here | No |
| U | BO1HelperStartUp | Bo1helper.exe | ScreenScenes "Butterfly Oasis" screensaver. The freeware version comes with GAIN branded ads (pop-ups and others). ScreenScenes do however offer you the option of doing away with the ads by purchasing the screensaver for a whopping $30. Please note that Claria Corporation no longer support GAIN-Supported software - see here | No |
| X | Boarddata | [path] repcale.exe [path] palsp.exe | Added by a variant of the RANDON.AN WORM! Both files are often located in %System% | No |
| X | boat32 | boat32.exe | Added by a variant of the RBOT WORM! | No |
| X | boby | csrs.scr | Added by the BANCBAN-PC TROJAN! | No |
| X | boby | netburn.scr | Added by the BANCBAN-OX TROJAN! | No |
| X | boby. | Isass.scr | Added by the BANCBAN-OH TROJAN! | No |
| Y | BOC-412 | BOC412.exe | NSClean (now Comodo) BOClean anti-malware software - "Protect yourself from online identity theft. The greatest threat on the Internet today is having your personal information hijacked remotely". Version 4.12 | No |
| Y | BOC-420 | BOC420.exe | NSClean (now Comodo) BOClean anti-malware software - "Protect yourself from online identity theft. The greatest threat on the Internet today is having your personal information hijacked remotely". Version 4.20 | No |
| Y | BOC-421 | BOC421.exe | NSClean (now Comodo) BOClean anti-malware software - "Protect yourself from online identity theft. The greatest threat on the Internet today is having your personal information hijacked remotely". Version 4.21 | No |
| Y | BOC-422 | BOC422.exe | NSClean (now Comodo) BOClean anti-malware software - "Protect yourself from online identity theft. The greatest threat on the Internet today is having your personal information hijacked remotely". Version 4.22 | No |
| Y | BOC-423 | BOC423.exe | Comodo BOClean anti-malware software - "Protect yourself from online identity theft. The greatest threat on the Internet today is having your personal information hijacked remotely". Version 4.23 | No |
| Y | BOC-424 | BOC424.exe | Comodo BOClean anti-malware software - "Protect yourself from online identity theft. The greatest threat on the Internet today is having your personal information hijacked remotely". Version 4.24 | No |
| Y | BOC-425 | BOC425.exe | Comodo BOClean anti-malware software - "Protect yourself from online identity theft. The greatest threat on the Internet today is having your personal information hijacked remotely". Version 4.25 | No |
| Y | BOC-426 | BOC426.exe | Comodo BOClean anti-malware software - "Protect yourself from online identity theft. The greatest threat on the Internet today is having your personal information hijacked remotely". Version 4.26 | No |
| Y | BOC-427 | BOC427.exe | Comodo BOClean anti-malware software - "Protect yourself from online identity theft. The greatest threat on the Internet today is having your personal information hijacked remotely". Version 4.27 | No |
| Y | BOCleanautostart | Boclean.exe | NSClean's BOClean anti-trojan software | No |
| U | BOINC Manager | boincmgr.exe | BOINC manager - "controls the use of your computer's disk, network, and processor resources" | No |
| U | Boingo Wireless Utility | Icon###XXX#X#.exe | Starts the Boingo Wireless utility, used to detect and login into Boingo wireless hotspots. The filename may be autogenerated when installing, two different variations along the lines listed here, where # is a number and X is a letter. Shortcut available via Start -> Programs | No |
| X | bolenja | bolenja.exe | Added by the WANTVI.BF TROJAN! | No |
| X | bolenjx | bolenjx.exe | Added by the ELDYCOW.O TROJAN! | No |
| X | boler.exe | syser.exe | Added by the RBOT-AYS WORM! | No |
| U | bombshel | BOMB32.EXE | Part of McAfee Nuts & Bolts. Protects your Windows system from application failure and crashes - similar to Norton Crashguard. Your choice - may cause problems | No |
| X | Bonzi Buddy | ?? | Bonzi Buddy adware - see here for removal instructions | No |
| X | BONZI Task Switcher | Taskswitch.exe | Added by the SPYBOT.DTR WORM! | No |
| X | boo | boo.exe | Adware downloader - detected by Kaspersky as the FAVADD.O TROJAN! | No |
| X | BookedSpace | RunDLL32.EXE bs2.dll,DllRun | BookedSpace parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "bs2.dll" file is located in %Windir% | No |
| N | BookmarkCentral | BMLauncher.exe | Bookmark Express - "offers a more flexible way to manage Web site bookmarks, regardless of which browser you use" | No |
| N | BookMarkSink | syncit.exe | Bookmark synchronization utility | No |
| N | BookMarkSync | syncit.exe | Sync2IT BookMarkSync - "real-time automatic synchronization service that allows you to access your bookmarks, favorites and favorite files from any computer or any browser". Only installed with the users explicit permission and generally only remains running if the user decides to subscribe to the service. If it is no longer required it should be uninstalled to prevent a large number of clients 'checking in' to the server that have no chance of synchronizing | No |
| N | BookMarkSync2It | sync2it.exe | Sync2IT BookMarkSync - "real-time automatic synchronization service that allows you to access your bookmarks, favorites and favorite files from any computer or any browser". Only installed with the users explicit permission and generally only remains running if the user decides to subscribe to the service. If it is no longer required it should be uninstalled to prevent a large number of clients 'checking in' to the server that have no chance of synchronizing | No |
| U | Boost XP Service | bxservice.exe | Boost XP from Systweak - WinXP tweaking utility | No |
| U | BoostSpeed | boostspeed.exe | System Tray accesss to Auslogics BoostSpeed 4 system optimization utility - which "Start programs faster. Speed up computer start time. Increase Internet speed, optimize your Internet Explorer, Firefox and E-mail programs" | Yes |
| X | boot | boot.exe | Added by the PUPPET-A TROJAN! Located in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| U | Boot | Boot.exe | Part of Acer Empowering Technology. "Acer ePower Management is a straightforward interface that allows users to select from pre-configured power usage profiles, or to create their own customized profiles". Located in Acer\Empowering Technology\ePower | No |
| X | Boot Check | bootchk.exe | Added by the DELBOT-AB WORM! | No |
| X | Boot Client | bootcli.exe | Added by the IRCBOT-ACF BACKDOOR! | No |
| X | Boot Config | bootconfig.exe | Added by the FLOOD-EV TROJAN! | No |
| X | Boot K | bootk.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Boot Manager | Njgal.exe | Added by the KILO TROJAN! | No |
| X | Boot Manager | bootmng.exe | Added by a variant of the SPYBOT WORM! | No |
| X | Boot Server | bootserver.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Boot Service | bootservice.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Boot Service | bootsv.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Boot Verify | bootvfy.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | BootCfg | Install.log.vbs | Added by the YPSAN.D WORM! | No |
| X | BootCTRL | bootctrl.exe | Added by an unidentified WORM or TROJAN! | No |
| X | BootLoader | BootLoader.exe.vbs | Added by the WATERWORKS WORM! | No |
| X | bootpd.exe | bootpd.exe | Added by the AGENT-DT TROJAN! | No |
| ? | Boots Insert Detect | InsDetect.exe | Part of Boots Picture Suite. Detects a digital camera is plugged into a USB port or when a memory card with photos is inserted? | No |
| X | BootsCfg | wscript.exe [path] Date.POP.vbs | Added by the KUULLIO WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted | No |
| X | BootsCfg | wscript.exe [path] All Users.vbs | Added by the SPILTRON WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted | No |
| X | BootsCfg | wscript.exe [path] All Users.vbe | Added by the SPILTRON WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted | No |
| X | BootsCfg | wscript.exe Install.log.vbs | Added by the YPSAN.E WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted. The "Install.log.vbs" file is located in %System% | No |
| X | bootsec | NAVSSE.exe | Added by the FORBOT-CY WORM! | No |
| Y | BootSkin Startup Jobs | BootSkin.exe | Stardock BootSkin is a program that allows users to change their Windows 2000 and Windows XP boot screens | No |
| U | BootStatus | BOOTST~1.EXE | Visual Basic program that pops up a small window on startup telling you how many times the machine has been booted that day. Once you exit it, it has no more effect on resources | No |
| U | BootWarn | BootWarn.exe | From here: "Norton AntiVirus Boot Warning. This program is installed as a startup item when you install Norton AntiVirus, and also sometimes when you do a LiveUpdate which updates Norton AntiVirus significantly enough that a reboot is needed to complete the installation. We believe its purpose to be to warn the end-user that he must reboot his PC before using Norton AntiVirus in those cases when a reboot did not happen with the result that Norton AntiVirus did not fully complete its installation or software updating. Recommendation : Start Norton AntiVirus from "Start → Programs → Norton AntiVirus". If Norton AntiVirus comes up without problems, then fix this entry from the Msconfig Startup tab - it was left behind by mistake and is no longer needed now that Norton AntiVirus is fully installed and opens without error messages" | No |
| X | boot_reg | [path to file] | Added by the BANCBAN-CA TROJAN! | No |
| X | boot_reg | svchot.exe | Added by the BANCBAN-BQ TROJAN! | No |
| X | BortMedVirus | pgs.exe | BortMedVirus rogue security software - not recommended. A member of the AVSystemCare family | No |
| U | borzoi | blg.exe | Borzoi surveillance software. Uninstall this software unless you put it there yourself | No |
| N | Bose Wave/PC Monitor | wavepcmonitor.exe | System Tray access for this system (more info on the system here). Available via Start -> Programs | No |
| X | BossIdea | winlogin.exe | Added by the LINEAGE-I TROJAN! | No |
| ? | Boston | Boston.exe | Part of the Boston Acoustics USB speaker systems. What does it do and is it required? | No |
| X | Bot Loader | svchostt.exe | Added by the GAOBOT.ALV WORM! | No |
| X | Bouncer RunStartup | bouncer.exe | Virtual Bouncer - malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove, so definitely qualifies as unsolicited commercial software in itself. It also has an update feature that can download and execute arbitrary code. Warning - choose "custom" uninstall as "automatic" may remove other programs - see here | No |
| X | Bouncer RunStartup | LiveUpdate.exe | Virtual Bouncer - malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove, so definitely qualifies as unsolicited commercial software in itself. It also has an update feature that can download and execute arbitrary code. Warning - choose "custom" uninstall as "automatic" may remove other programs - see here | No |
| X | boy lovers of bsd | ilikeboys.exe | Added by the MYTOB.LY WORM! | No |
| U | bpcpost.exe | bpcpost.exe | MS TV Viewer Post Setup Program. Part of MS WebTV for Windows. Used to display TV on your PC via a compatible video card with in-built tuner (such as ATI All-In-Wonder). If you don't use it - uninstall it | No |
| X | BPCV2 | BPCV2.exe | BroadcastPC adware | No |
| X | BPCv2 re | bpc2 re inst.exe | BroadcastPC adware variant | No |
| U | BPK | bpk.exe | Blazing Tools Perfect Keylogger keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| N | BPServer | G6FTPSrv.exe | BulletProof FTP Server | No |
| U | BQTray.exe | BQTray.exe | System Tray access to BurnQuick CD burning software. Only required if you use the queueing facility, hence the U recommendation. Create your own desktop shortcut to start manually | No |
| X | Brasil | Brasil.exe | Added by the OPASERV.E WORM! | No |
| X | Brasil | BRASIL.PIF | Added by the OPASERV.E WORM! | No |
| X | BrasilOld | [worm filename] | Added by the OPASERV.P WORM! | No |
| X | brastk | brastk.exe | Added by the DORF-BV TROJAN! | No |
| X | Brave-Sentry | BraveSentry.exe | BraveSentry rogue security software - not recommended, removal instructions here | No |
| X | BraveSentry | BraveSentry.exe | BraveSentry rogue security software - not recommended, removal instructions here | No |
| X | braviax | braviax.exe | Added by the FAKEALER.LE TROJAN! | No |
| X | Brct | trdb.exe | Detected by Kaspersky as the PURITYSCAN.Y TROJAN! | No |
| U | Break_Reminder | BREAK REMINDER.exe | Break Reminder - Remind yourself to take breaks to prevent computer related injuries. See here | No |
| Y | Bredbandsbolaget | servicecenter.exe | Related to the Brebband Swedish Broadband provider | No |
| X | Breg | bcre.exe | BroadcastPC adware variant | No |
| X | Breg | bptre.exe | BroadcastPC adware variant | No |
| X | Breg | breg.exe | BroadcastPC adware | No |
| X | Bridge | rundll32.exe [path] Bridge.dll,Load | Flingstone.com browser hijacker. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| Y | Brindys BriTray | BRITRAY.EXE | Main process for the following applications: GEDEX, SICARIO, BRINOTES, BRIRESPA, SICURE, TRASGO, UNDOCS, FRESH & BRIFAME (all of them from Brindys Software). Performs the following tasks [un]installation, web software autoupdate, notification windows, interprocess communication, tray bar icons & menus, alarms (brinotes), and common web launching from the mentioned applications. Can be stopped safely once run if so desired | No |
| U | BrmfRmPA | BrmfRmPA.exe | Brother resource manager - needed for a Brother MFC printer/copiert/scanner and PC to properly communicate | No |
| U | broadband medic | matcli.exe | NTL's Broadband Medic. "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". Broadband Medic is required to run with the Help and Support program. If you uncheck Broadband Medic and then run Help and Support it will add another in the startup menu. If you remove Broadband Medic via add/remove program some menus in Help and Support will not be available. You decide | No |
| N | Broadband Wizard | bbwiz.exe | Starts Broadband Wizard so it runs in the System Tray. This application tests and optimizes your Cable or DSL connection. Available via Start -> Programs | No |
| N | BroadCamRun | broadCam.exe | BroadCam is an easy to use video streamer designed to broadcast live video using a webcam (or other camera) and microphone | No |
| U | Broadcom Wireless Manager UI | bcmntray.exe | Related to Broadcom Network Adapters for additional configuration options for these devices. Should not be terminated unless suspected to be causing problems | No |
| N | Broadcom Wireless Manager UI | wltray.exe | System tray access to wireless LAN card configuration options | No |
| X | Bron-Spizaetus | CVT.exe | Added by the RONTOKBRO WORM! | No |
| X | Bron-Spizaetus | norBtok.exe | Added by the RONTOKBRO.B WORM! | No |
| X | Bron-Spizaetus | [path to file] | Added by the BRONTOK-F WORM! | No |
| X | Bron-Spizaetus | bronstab.exe | Added by the RONTOKBRO.C WORM! | No |
| X | Bron-Spizaetus | eksplorasi.exe | Added by the RONTOKBRO.J WORM! | No |
| X | Bron-Spizaetus | ElnorB.exe | Added by the RONTOKBRO.D WORM! | No |
| X | Bron-Spizaetus | sempalong.exe | Added by the BRONTOK-E WORM! | No |
| X | Bron-Spizaetus | RakyatKelaparan.exe | Added by the BRONTOK-J or BRONTOK-L WORMS! | No |
| X | Bron-Spizaetus-5118REPM | komodo-6321422.exe | Added by the BRONTOK-R WORM! | No |
| X | Bron-Spizaetus-cfgmktoq | bbm-qotkmgfc.exe | Added by the BRONTOK-M WORM! | No |
| X | Bron-Spizaetus-cfgmmnru | bbm-urnmmgfc.exe | Added by the BRONTOK-N WORM! | No |
| X | BRoNToK | BRoNToK.exe | Added by the BRONTOK-CG WORM! | No |
| X | BrowseProxy | FindService.exe | Actual Names (AdvSearch) Internet Keywords parasite | No |
| X | browser | msgaol.exe | Added by the TACTSLAY.C TROJAN! | No |
| X | browser | s_menu.exe | Added by the TACTSLAY.C TROJAN! | No |
| X | browser | browse.exe | Added by the TACTSLAY.C TROJAN! | No |
| X | browser | deamon.exe | Added by the TACTSLAY.C TROJAN! | No |
| X | browser aid | browseraid.exe | BrowserAid/BrowserPal foistware | No |
| X | Browser Help Svc | BHSV.EXE | Added by the RBOT-AVQ WORM! | No |
| Y | Browser Hijack Blaster | bhblaster.exe | Browser Hijack Blaster - protects your system from browser hijackers and spyware that alters your IE settings. Now replaced by SpywareGuard | No |
| U | Browser Launcher | Commandr.exe | Logitech internet keyboard "Commander" software - loads the software for the shortcut keys on the keyboard. Not required unless you want to use the short cut keys | No |
| X | Browser Pal | adblck.exe | BrowserAid/BrowserPal foistware | No |
| U | Browser Sentinel | BrowserSentinel.exe | Browser Sentinel - notifies you if a program wants to penetrate into Internet explorer, add itself to the Windows auto-run list or change your home page | No |
| X | BrowserUpdateSched | [random filename] | ZenoSearch adware | No |
| N | BrowserWebCheck | loadwc.exe | Checks to make sure that IE is still your default browser | No |
| X | BrO_AcT | BrO-AcT.exe | Added by the SILLYFDC-D WORM! | No |
| X | brwdiag | [path to worm] | Added by the STRATIO-BN WORM! | No |
| X | BS Mediaplayer | bsplyr.exe | Added by the RBOT-OU WORM! | No |
| N | BS Player | bsplayer.exe | BSplayer - A video player used to play avi, mpg, wmv and other multimedia files | No |
| N | BsCLiP | BSCLIP.exe | CD recording utility that comes with a lot of CDR/CDRW drives and isn't required | No |
| ? | BsMnt | BsMnt.exe | Related to a Bison webcam - which is used on notebooks from a number of manufacturers including Acer, Asus, Lenovo & Samsung. What does it do and is it required? | No |
| X | Bsoft lppt01 | Bsoft.exe | RapidBlaster variant (in a "BelmontSoft" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here | No |
| N | bsplayer | bsplayer.exe | BSplayer - a video player used to play avi, mpg, wmv and other multimedia files | No |
| X | BsRte | MemoteXZZ.exe | Added by the AUTORUN-AJU WORM! | No |
| X | BSserver | FileKan.exe | Added by the VB.CBW WORM! | No |
| X | BSVCHOST | SVCH0ST.EXE | Added by the VOXOM TROJAN! Notice the digit "0" in the filename rather than the upper case "o" | No |
| X | Bsx3 | RunDLL32.EXE bs3.dll,DllRun | BookedSpace parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "bs3.dll" file is located in %Windir% | No |
| X | BT | [path to trojan] | Added by the LITEBOT-B TROJAN! | No |
| U | BT Broadband Basic Help | matcli.exe | "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". BT Broadband Help is required to run with the Help and Support program. If you uncheck BT Broadband Help and and then run Help and Support it will add another BT Broadband Help in the startup menu. If you remove this software in "add/remove programs" some help menus in help and support will not be available. You decide | No |
| U | BT Broadband Desktop Help | matcli.exe | "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". BT Broadband Help is required to run with the Help and Support program. If you uncheck BT Broadband Help and and then run Help and Support it will add another BT Broadband Help in the startup menu. If you remove the BT Broadband Help in the add/remove program some help menus in help and support will not be available. You decide | No |
| U | BT Broadband Help | matcli.exe | "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". BT Broadband Help is required to run with the Help and Support program. If you uncheck BT Broadband Help and and then run Help and Support it will add another BT Broadband Help in the startup menu. If you remove the BT Broadband Help in the add/remove program some help menus in help and support will not be available. You decide | No |
| X | BT00003* | abcdefg23.exe | Added by the VB-VT TROJAN where * = 5,6 or 7! | No |
| X | BT00003* | hiklmnop27.exe | Added by the VB-VT TROJAN where * = 2,3 or 4! | No |
| U | btbb_wcm_McciTrayApp | McciTrayApp.exe | System tray access to Motive's Broadband 2.0 configuration and repair utility | No |
| U | BtcMaestro | KMaestro.exe | Multimedia keyboard manager. Required if you use the multimedia keys | No |
| N | btdna | btdna.exe | "BitTorrent DNA is a FREE content delivery service based on the BitTorrent protocol which brings the power of user-contributed bandwidth to traditional content publishers while leaving publishers in full control of their files". Now a stand-alone product where the user creates the download, DNA used to be included with and used by earlier versions of the main BitTorrent client. As files are downloaded via a file-sharing network make sure you have good, up-to-date virus protection and check any downloads. Start manually via Control Panel → DNA | Yes |
| N | btdna.exe | btdna.exe | "BitTorrent DNA is a FREE content delivery service based on the BitTorrent protocol which brings the power of user-contributed bandwidth to traditional content publishers while leaving publishers in full control of their files". Now a stand-alone product where the user creates the download, DNA used to be included with and used by earlier versions of the main BitTorrent client. As files are downloaded via a file-sharing network make sure you have good, up-to-date virus protection and check any downloads. Start manually via Control Panel → DNA | Yes |
| ? | btinst | btinst.exe | Associated with an Anycom bluetooth wireless card. What does it do and is it required? | No |
| U | BTModemProtection | BTModemProtection.exe | BT Privacy Online modem protection software, see here | No |
| X | btmsre.exe | btmsre.exe | Added by the SDBOT.AM WORM! | No |
| U | BTopenworld | DialBTYahoo.exe | BT Yahoo! internet connection manager | No |
| ? | BTSETBOOTKEY | BTSetBootKey.exe | Related to a USB Bluetooth adaptor. What does it do and is it required? | No |
| U | BtStart | btstart.exe | Broadcom (formerly WIDCOMM) Bluetooth Connectivity Software | No |
| U | BTTray | BTTray.exe | System tray icon which shows the status of a Bluetooth wireless module (either integrated or via an adapter). Most systems with such a module installed can enable/disable the module and the icon changes from blue/white to blue/red when the module is turned off. Also allows access to explore bluetooth places, setup wizard, advanced configuration, quick connect and shutdown device. This entry is required in order to successfully "pair" your system with a Bluetooth device (such as a mobile phone, PDA, headset) using this wireless protocol (via a PIN) | Yes |
| Y | BTUSRBDG | BtUsrBdg.exe | Used with a Mitsumi USB Bluetooth adaptor (and maybe others) | No |
| Y | BTUSRBDGF | BtUsrBdg.exe | Used with a Mitsumi USB Bluetooth adaptor (and maybe others) | No |
| X | BTV | btv.exe | BroadcastPC adware | No |
| X | BtvC | btvclean.exe | BroadcastPC adware | No |
| Y | Bubble | Bubble.exe | Part of Windows SteadyState, which is designed to make life easier for people who set up and maintain shared computers - enabling the system administrator to prevent users from making changes to the system configuration, windows desktop, restricting program access, etc. It's intended for shared user environments such as internet cafés, libraries and schools but can be used in any environment. Bubble allows notification messages to appear on a computer managed by Windows SteadyState | Yes |
| N | Buddyizer | Buddyizer.exe | Part of the AIMster Peer to Peer (P2P) file sharing application that runs over the AOL Instant Messenger network | No |
| U | BUFFALO Power Save Utility for HD | HDManage.exe | Power Save utility for Buffalo backup hard discs | No |
| N | Bug Eliminator | Bug_Elim.exe | Bug Eliminator - "performs a complete health check on your computer safely, securely, and silently!" | No |
| X | BugsDestroyer | SysRep.exe | BugsDestroyer rogue system error and cleaning utility - not recommended. A member of the ErrClean family | No |
| U | bugwatcher service | bugwatcher.exe | Bugtoaster is a service that sends reports on system/program crashes (certain types) back to Bugtoaster. They relay information to program authors and provide, if available, any known solutions to the crashes. It doesn't take up any room in memory, just activates in the event of certain program failures | No |
| N | BuildBU | bldbubg.exe | Part of Dell Alerts which provides customers with an update on latest updates for his/her system | No |
| X | BuildLab | services.exe | Added by the NEVEG.B or NEVEG.C WORMS! Note - this is not the legitimate services.exe process, which should not appear in Msconfig/Startup! | No |
| X | BuildLab | winlogon.exe | Added by the NEVEG.A WORM! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup! | No |
| X | BuildLabs | csrss.exe | Added by the WEBUS TROJAN! Note - this is not the legitimate csrss.exe process which should not normally figure in Msconfig/Startup! | No |
| X | BuildLabs | lsass.exe | Added by the WEBUS.B TROJAN! Note - this is not the legitimate lsass.exe process which should not normally figure in Msconfig/Startup! | No |
| X | bulk | bulk.exe | Added by the AGOBOT-ACR WORM! | No |
| U | Bulldog Service | upsd.exe | Belkin's Bulldog Plus control software which runs under Windows 95 or later and monitors the UPS (Uninterrupted Power Supply) via a serial or USB link | No |
| N | BulletProof FTP Server | bpftpserver.exe | BulletProof FTP Server | No |
| Y | BullGuard | mgui.exe | Part of Bullguard antivirus | No |
| Y | BullGuard | BullGuard.exe | Part of BullGuard antivirus | No |
| U | BullGuard Update | avxlive.exe | Part of Bullguard antivirus. Leave enabled unless you manually update virus definitions | No |
| Y | BullGuard XComm | XCOMMSVR.EXE | Part of Bullguard antivirus | No |
| Y | BullGuardInit | AVXINIT.EXE | Part of Bullguard antivirus | No |
| Y | BullguardoptIn | bulldownload.exe | Part of Bullguard antivirus | No |
| X | BullsEye | bargains.exe | BargainBuddy adware | No |
| X | BullsEye Network | bargains.exe | BargainBuddy adware | No |
| ? | BullsEye Tracker | BeTrack.exe | Bullseye - intelligent research assistant | No |
| X | Bunx | beagle.exe | Added by the LEBREAT-E WORM! | No |
| X | buritos | buritos.exe | Identified as a variant of the Downloader.FraudLoad.C malware | No |
| N | BurnQuick Queue | BQTray.exe | System Tray access to BurnQuick CD burning software. Only required if you use the queueing facility, hence the U recommendation. Create your own desktop shortcut to start manually | No |
| U | Button Server | bttnserv.exe | Found on a Compaq PC, for the extra buttons on the keyboard for the speaker volume, media player, sleep and internet buttons. If the buttons aren't used on the keyboard or your's doesn't have them, then it isn't required | No |
| N | ButtonKey | ButtonKey.exe | CyberView TWAIN driver for the Pacific Image range of 35mm film scanners. Enables the one touch scanning button and places an icon an the System Tray. Use your scanners software or run it manually by creating a shortcut | No |
| N | Buzme | Bmui.exe | Buzme by RingCentral, Inc - internet call waiting. Intercepts telephone calls like an answering machine and plays the voice message on your PC. Only required when you're on-line and via dial-up modem | No |
| U | BuzMe | RCUI.exe | Display Client for the BuzMe Internet Call Waiting Service | No |
| U | Buzof.exe | buzof.exe | Buzof from Basta Computing "enables you to automatically answer, close or minimize virtually any recurring window including messages, prompts, and dialog boxes" | No |
| X | BVWORSFM | bvworsfm.exe | Added by the DLUCA-AD TROJAN! | No |
| X | Bwddwss | [path to trojan] | Added by the RANKY.BD TROJAN! | No |
| N | bwprnmon.exe | bwprnmon.exe | FaxServe network fax software | No |
| X | bxproxy | bxproxy.exe | Added by the BXPROXY TROJAN! | No |
| X | bxproxy | [random].dll | SoftStop rogue security software - not recommended | No |
| X | bxsx5 | RunDLL32.EXE bsx5.dll,DllRun | BookedSpace parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "bsx5.dll" file is located in %Windir% | No |
| X | bxxs5 | RunDLL32.EXE bxxs5.dll,dllrun | BookedSpace parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "bxxs5.dll" file is located in %Windir% | No |
| X | Bymer.Scanner | Wininit.exe | Added by the BYMER WORM! | No |
| X | Bymer.Scanner | Msinit.exe | Added by the BYMER WORM! | No |
| U | BySoft FreeRAM | FreeRAM.exe | "Bysoft FreeRAM is a program that frees up ram manually or automatically. It shows current memory status , memory load and CPU usage graphically". MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mind | No |
| X | c | c:\archiv~1\win.com | Added by the CUYDOC TROJAN! | No |
| U | C-Media Echo Control | EchoCtrl.exe | C-Media produce audio chipsets that are often found on popular motherboards with on-board audio. You may need it if you use the echo control feature of C-Media Mixer | No |
| N | C-Media Mixer | Mixer.exe | C-Media produce audio chipsets that are often found on popular motherboards with on-board audio. Provides System Tray access to change audio settings. Available via Start -> Settings -> Control Panel or Start -> Programs | No |
| U | C2K | CYB2K.EXE | CYBERsitter 2000 or 2001 - anti-adult content filter primarily. Required if you want the sites you visit filtered without having to load the software every time you launch your browser | No |
| U | c32cs2 | c32cs2.exe | Cyber Sentinel - internet filtering software | No |
| X | C7 | [path to worm] | Added by the MEDIAKILL.A WORM! | No |
| U | C:\Program Files\dfjdkjfdkjfldjf\dfjdkjfdkjfldjf\winlogin.exe | CritProc.exe | KeyProwler keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| U | C:\Program Files\NetMeter\NetMeter.exe | NetMeter.exe | "Net Meter is a small, customizable network bandwidth monitoring program for Win9x/Me/NT4/2K/XP. NetMeter is and will always stay freeware. The program has been tested extensively on Win2K/XP, but it should work just as well on all other Win32 operating systems" | No |
| X | C:\WINDOWS\IEXPLOR.EXE | IEXPLOR.EXE | "Pop Marketing" adware | No |
| X | C:\WINDOWS\system32\SetupCmd.exe | SetupCmd.exe | Detected by Kaspersky as the AGENT.AAW TROJAN! | No |
| X | C:\WINDOWS\WinTask.exe | WinTask.exe | "Pop Marketing" adware | No |
| U | CA-AMAgent | amagent.exe | Unicenter Asset Management is a solution for proactively managing IT assets in a business environment. It provides full-featured asset tracking capabilities through automated discovery, hardware inventory, network inventory, software inventory, configuration management, software usage monitoring, license management and extensive cross-platform reporting | No |
| Y | CaAvTray | CAVTray.exe | eTrust™ EZ Antivirus system tray application from Computer Associates | No |
| X | Cabchk | Cabchk.exe | Added by the GEMA TROJAN! | No |
| X | Cabchk32 | Cabchk32.exe | Added by the GEMA TROJAN! | No |
| X | CABCInstall | CABCInstall.exe | Ignite Technologies (was CABC) content delivery software | No |
| X | Cable Modem Adapter | WindowsSec.exe | Added by the WOOTBOT.A WORM! | No |
| U | CacheBoost | trayicon.exe | CacheBoost "optimizes the System Cache-Management of Windows XP/2000/NT and Windows .Net Servers, resulting in a performance boost" | No |
| X | CacheLoader | [path to trojan] | Added by the DLOADER-NZ TROJAN! | No |
| N | Cacheman | Cacheman.exe | Freeware disk cache tweaker from Outer Technologies. Should only be run once and not loaded at start-up | No |
| Y | CacheMgr | CacheMgr.exe | Sophos Antivirus Remote Update | No |
| U | CacheSentry Pro | CacheSentry Pro.exe | "CacheSentry Pro is a program that takes over the management of the Internet Explorer (and AOL) web browser cache" | No |
| N | CACStarter | cacstart.exe | Cash A Check - check writing software | No |
| U | Caddais BackupOnDemand | BODMon.exe | Caddais BackupOnDemand - "runs in the background and monitors your important files for changes. Within seconds of changing, modified files are automatically backed up to an archive location" | No |
| U | Cadenza | CdzSvc.exe | Cadenza mNotes for Palm and Pocket PC enables users to access Lotus Notes on their mobile devices | No |
| U | CADS | cads.exe | Cyber Sentinel - internet filtering software | No |
| U | CafeStation | CafeStation.exe | "CafeSuite is the solution for your internet cafe. Our software provides you with ameans to control the workstations, manage customer database, sell products and generate detailed reports and statistics" | No |
| Y | cafwc | cafw.exe | CA Personal Firewall - part of the CA Internet Security Suite | No |
| N | CAgent | CAgent.exe | Abbyy Fine Reader OCR (Optical Character Recognition) software for scanning and converting documents | No |
| X | cAgOu | [filename].hta | Added by the KAKWORM WORM! | No |
| N | CahootWebcard | CahootWebcard.exe | "The Cahoot Webcard is a virtual card that allows you to use your Cahoot credit card online without ever having to expose your real card numbers over the web. It works by generating one-off transaction numbers as a substitute for your real cahoot credit card details". Run manually when needed | No |
| X | caidiysetup | diynetsetupuni.exe | DIYNet adware | No |
| Y | CAISafe | isafe.exe | Part of Computer Associates eTrust EZ Antivirus | No |
| U | CaISSDT | caissdt.exe | Computer Associates Dashboard Tray applet | No |
| N | Cal Reminder Shortcut | calrem.exe | Produces a pop-up reminder of events scheduled using the MS Office Calendar | No |
| X | calc | rundll32.exe [path] ntuser.dll,_IWMPEvents@0 | Added by the OPACHKI.A TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "ntuser.dll" file is located in %UserProfile% | No |
| X | calc | rundll32.exe calc.dll,_IWMPEvents@0 | Added by the OPACHKI.A TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "calc.dll" file is located in %System% | No |
| X | Calc Microsoft Windows | wincalc.exe | Added by an unidentied WORM or TROJAN! | No |
| X | CALC32 | CALC32.EXE | Added by the SPYBOT-EC WORM! | No |
| N | Calendar 200X Reminder | calendar.exe | Calendar 200X - shows holidays, reminders of various anniversaries,tasks etc | No |
| U | Calendarscope | cs.exe | Calendarscope calendar software | No |
| X | calk | calk.exe | Added by the STARTPA-FH TROJAN! | No |
| X | Call Function System32 | sddriver.exe | Added by a variant of the SDBOT TROJAN! | No |
| X | Call32 | Call32.exe | Added by the SPAMMIT-H TROJAN! | No |
| Y | CallBumping | cbpopw.exe | Related to the Gazel 128 PCI ISDN adapter. Required if you use it | No |
| U | CallCenter Main Application | V3calmcp.exe | "V3 Inc. CallCenter is a free 32-bit, integrated fax, voicemail and data communications application with a simple to use interface providing fax send and receive functionality, basic (single mailbox) answering machine capability, and sophistcated data communications." Main application | No |
| U | CallCenter Printer Interface | V3faxecp.exe | "V3 Inc. CallCenter is a free 32-bit, integrated fax, voicemail and data communications application with a simple to use interface providing fax send and receive functionality, basic (single mailbox) answering machine capability, and sophistcated data communications." Fax printer | No |
| N | CallControl | ftctrl32.exe | FaxTalk Messenger Pro is a Windows TAPI based 32-bit application. When installed, the software automatically loads FaxTalk CallControl when you start Windows. When FaxTalk CallControl is running, any TAPI compliant application can request to use the modem from Windows | No |
| N | CamCheck | CamCheck.exe | NuCam camera software related | No |
| U | Cameno | Cameno.exe | Cameno is a program which brings tabbed windows to MSN Messenger 6.0 and above | No |
| U | Camera Assistant Software | traybar.exe | Camera Assistant Software utility for Toshiba laptops - allows you to take pictures with and control the integrated WebCam | No |
| U | Camera Detector | CAMDET~*.EXE | ACDSee Auto Device Detector detects when a device is connected to your PC and gives you the option to acquire images from it automatically | No |
| U | Camera Detector | Camdetect.exe | ACDSee Auto Device Detector detects when a device is connected to your PC and gives you the option to acquire images from it automatically | No |
| U | Camera Detector | DEVDET~*.EXE | ACDSee Auto Device Detector detects when a device is connected to your PC and gives you the option to acquire images from it automatically | No |
| ? | CameraApplicationLauncher | CameraApplicationLaunchpadLauncher.exe | Supports the integrated webcam on IBM/Lenovo Thinkpad notebooks. What does it do and is it required? | No |
| N | Camio Viewer x | IXApplet.exe | Image viewing program that comes with digital cameras. Shows pictures that are in the camera before downloading them. "x" in the name is the version | No |
| ? | CamMonitor | hpqcmon.exe | From HP and related to digital imaging | No |
| N | Canada | Canada.exe | Known to be a dialler - but is it maliscous or clean? | No |
| U | Canary | canary-std.exe | Canary keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| X | candy | command32.exe | Added by the RBOT-LV WORM! | No |
| X | candynet | Taskmsg.exe | Added by the RBOT-NA WORM! | No |
| U | CANoe | CANoe32.exe | CANoe from Vector Informatik. Development and test tool for Engine Control Units (ECU) based upon the CAN, LIN, MOST, FlexRay, Ethernet and J1708 bus systems | No |
| U | Canon MultiPASS Status Monitor | monitr32.exe | Cannon Multi-Pass status monitor - your choice | No |
| ? | Canon PC1200 iC D600 iR1200G Status Window | CAPM1LAK.EXE | Cannon printer related - is it required in startup? | No |
| N | Canon Printer Monitor BJCxxx | Cjstlst.exe | Trayicon for Canon printer. xxx denotes model. Available via Start -> Programs | No |
| U | CanonMyPrinter | BJMyPrt.exe | Printer software for Canon Bubblejet printers | No |
| U | CanonSolutionMenu | CNSLMAIN.exe | Canon's Solution Menu dialog box leads you quickly toward documentation, utilities, and help files | No |
| ? | CAP3ON | CAP3ONN.EXE | Canon driver, purpose unknown. Is it required in startup? | No |
| Y | capfasem | capfasem.exe | CA Personal Firewall - part of the CA Internet Security Suite | No |
| N | Capfax | capfax.exe | PhoneTools fax software | No |
| U | capfupgrade | capfupgrade.exe | CA Personal Firewall - part of the CA Internet Security Suite | No |
| U | CAPing | CAPing.exe | Citibank Citianywhere software | No |
| Y | Capon | Capon.exe | Canon printer driver | No |
| Y | Capon | Caponn.exe | Canon printer driver | No |
| X | Captcha7 | rundll captcha.dll | Added by the TINY.WRE TROJAN! | No |
| X | CaptionMgr32 | crssr.exe | Added by the ZAR.A WORM! | No |
| X | capture | capture.exe | Added by the THEEF-B TROJAN! | No |
| N | Capture Express 2000 | capexp.exe | Capture Express - screen capture utility | No |
| N | CaptureBat | Capture.exe | !Quick Screen Capture from EtruSoft Inc. - "allows you to take screenshots from any part of your screen in more than 10 ways, and save images in BMP/JPG/GIF formats" | No |
| N | Carbonite Backup | CarboniteUI.exe | "Carbonite's online backup service starts automatically and works quietly and continuously in the background protecting your data" | No |
| N | Card Monitor | REGCNT09.exe | For the USB connection on a Panasonic PV-DV701 Digital Camcorder. Available via Start -> Programs | No |
| ? | CardScan AutoSync | CSyncCfg.exe | Related to the CardScan business card reader range of products. May be related to synchronization with E-mail software and mobile devices (see here)? | No |
| X | Care20 | Care20.exe | TopMoxie adware | No |
| U | Care2GTU | Care2GTU.exe | Care2 Green Thumbs-Up (from the Care2 site). Every online purchase helps environmental causes; tells you how eco-friendly a company really is, thanks to over 200 company profiles from Coop America. Saves 1 square foot of rainforest every day you use it. If it works and you like it, keep it | No |
| U | carpserv | carpserv.exe | Associated with Zoltrix and Conexant modems - enables the internal modem speaker, allowing you to listen to the dial-up sounds for example | No |
| X | CARPserver | CARPserver.exe | Added by the BANKER-AN TROJAN! | No |
| U | CARPservice | carpserv.exe | Associated with Zoltrix and Conexant modems - enables the internal modem speaker, allowing you to listen to the dial-up sounds for example | No |
| X | cartao | [path to file] | Added by the DLOADER-QD TROJAN! | No |
| X | cartao | conflicted.exe | Added by the DADOBRA-DV TROJAN! | No |
| X | cartao | killing.exe | Added by the DLOADER-QN TROJAN! | No |
| X | cartao | cartao.exe | Added by the BANKER-FA TROJAN! | No |
| X | CAS Client | casclient.exe | CasinoClient adware | No |
| X | Cas2Stub | cas2stub.exe | CasinoClient adware | No |
| U | CasAgnt | CasAgnt.exe | Program by Extended Systems which allows you to sync your Casio PDA with your PC | No |
| X | Casdvqwa | bmqnzkg.exe | Added by the RANDEX.BE WORM! | No |
| X | caseyvideo | caseyvideo.exe | Malware causing adult content popups | No |
| X | caseyvideo[*] [* = digit] | caseyvideo[*].exe [* = digit] | Malware causing adult content popups | No |
| X | CashBack | cashback.exe | Part of eXact Advertising Software, consisting of "CashBack by BargainBuddy", BullsEye Network and NaviSearch | No |
| X | CashFiesta | Cashfiesta.exe | CASHFIESTA.A pay-per-surf adware | No |
| N | Cashsurfers Cashbar Navigator | Cashbar.Exe | Cashsurfers CashBar Navigator - "The CashBar rotates banner advertisements once per minute and provides you with access to up to date special offers and deals" | No |
| X | CashToolbar | MSCStat.exe | Added by the DOWNLOADER-MY TROJAN! | No |
| X | CashToolbar | svchost.exe | BrowserAid/CashToolbar adware! Note - this is not the legitimate svchost.exe process which should not normally figure in Msconfig/Startup! | No |
| X | Casino Royale | jamesbond.exe | Added by the RBOT-FZO WORM! | No |
| X | Cassandra | [10 to 14 random char]THD.EXE | Added by the KREPPER-AI TROJAN! | No |
| X | Cassandra | cassandra.exe | SuperSpider hijacker - a CoolWebSearch parasite variant. Also detected as a variant of the KREPPER TROJAN! | No |
| X | CasStub | casstub.exe | Added by the CASS-A TROJAN! | No |
| X | Catalyst Control Centre | atixvdm.exe | Added by the RBOT.DMW TROJAN! | No |
| X | catsrv | catsrv.exe | Added by the PAPLOK TROJAN! | No |
| Y | CAVRID | CAVRID.exe | eTrust™ EZ Antivirus Real Time Infection Report from Computer Associates | No |
| Y | CAVS | CAVS.exe | Cheyenne (now eTrust) antivirus | No |
| X | CAZNOVAS | CAZNOVAS.exe | Added by the CAZNO TROJAN! | No |
| X | CBACK.EXE | CBACK.EXE | Added by the PENTA-A TROJAN! | No |
| U | cbInterface | cbInterface.exe | System Tray access to Cobian Backup versions 8 thru 10 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program using the default settings as service on an NT based OS (NT/2K/XP/Vista). If you don't have regularly scheduled backups then choose the startup installation option and run it manually when required | Yes |
| X | cbvcs | urretnd.exe | Added by the FRETHOG-C WORM! | No |
| U | CBWAttn | CBWAttn.exe | Required for Bitware to answer incoming faxes, can cause sleep mode problems | No |
| U | CBWHost | CBWHost.exe | Required for Bitware to answer incoming faxes, can cause sleep mode problems | No |
| ? | CBWUser | CBWDial.exe | Associated with Bitware that integrates fax, voice, pager, and data communications on your desktop | No |
| X | CC2KUI | comet.exe | Comet Cursor adware | No |
| X | ccagent.exe | ccagent.exe | Control Center rogue security software - not recommended, removal instructions here | No |
| X | Ccao | regedit.exe | Probably a variant of MediaTickets adware. Note - this is not the valid Windows registry editor which resides in %Windir% and will not figure in Msconfig/Startup! This version resides in a "mduu" subfolder, which may change | No |
| Y | ccApp | ccApp.exe | Part of earlier versions of Norton AntiVirus - Auto-protect and E-mail check will not function without this | Yes |
| X | ccApp | [random filename] | Added by the OBSORB TROJAN! Note the random filename compared to the valid Norton AntiVirus | No |
| X | ccApp | WMADZ.EXE | Added by the RBOT-LJ WORM! | No |
| X | ccApp | .EXE | Added by the RBOT-LJ WORM! | No |
| X | ccApp | gcasServ.exe | Added by a variant of the RBOT WORM! Do not confuse with the Microsoft AntiSpyware executable of the same name | No |
| X | ccApp | example.exe | TwoSeven spyware | No |
| X | ccAppr | svcrhost.exe | Added by the TACTSLAY.A TROJAN! | No |
| X | ccAppr | expIorer.exe | Added by the TACTSLAY.A TROJAN! | No |
| X | ccAppr | outIook.exe | Added by the TACTSLAY.A TROJAN! | No |
| X | ccAppr | svcshost.exe | Added by the TACTSLAY.A TROJAN! | No |
| X | ccApps | services.exe | Added by the NEVEG.B or NEVEG.C WORMS! Note - this is not the legitimate services.exe process, which should not appear in Msconfig/Startup! | No |
| X | ccApps | winlogon.exe | Added by the NEVEG.A WORM! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup! | No |
| X | ccApps | N/A | Added by the KANGAROO-A TROJAN! | No |
| X | ccApps | ccApps.exe | Added by the KANGAROO-B WORM! | No |
| X | ccctp | HistoryJMTi.exe | Added by the GANBATE.A WORM! | No |
| U | CCD Manager | DDS.EXE | Project Labs Century CD manager for their CD/DVD storage device | No |
| N | Ccdecode | rundll32.exe streamci, StreamingDeviceSetup | Part of the closed caption decdoder/MS VBI codec. Should only run once | No |
| X | ccDHCP32 | ccDHCP32.exe | Added by the AGOBOT-HJ WORM! | No |
| Y | CCDoctorLogonTesting | ccdoctor.exe | Checks your system to make sure it's configured properly for running IBM Rational ClearCase, a source code management tool. ClearCase is fairly sophisticated so there are a lot of system-related things that can cause it grief. If you run ClearCase you should not disable this as it provides a valuable service, but technically it isn't required to use the ClearCase product | No |
| Y | ccenter | CCenter.exe | RAV AntiVirus | No |
| Y | CcEvtMgr | ccEvtMgr.exe | Part of Norton AntiVirus 2003. Event manager for scheduling weekly scans and or automatic virus updates. Used to start automatically via "ccApp" and was not required as a seperate entry but a recent update changed this | No |
| X | ccEvtMrg.exe | ccEvtMrg.exe | Added by the RBOT.GZ WORM! | No |
| X | ccExecute | bootcfg1.exe | Added by the NEMSI-B VIRUS! | No |
| X | ccHelp | ccHelp.hta | Searchq adware | No |
| U | CCleaner | CCleaner.exe | CCleaner from Piriform Ltd. - "is a freeware system optimization, privacy and cleaning tool." Features include removing unused files, cleaning internet history cleaning, managing startup programs and a fully featured registry cleaner | Yes |
| X | ccpApps | csrss.exe | Added by the WEBUS TROJAN! Note - this is not the legitimate csrss.exe process which should not normally figure in Msconfig/Startup! | No |
| X | ccpApps | lsass.exe | Added by the WEBUS.B TROJAN! Note - this is not the legitimate lsass.exe process which should not normally figure in Msconfig/Startup! | No |
| U | ccProxy | CCPROXY.EXE | Part of Norton Internet Security, proxy server that is used to support the parental controls. If you turn parental controls off at user level the process is not loaded. Reported to cause excessive CPU usage | No |
| X | ccPrxy.exe | ccPrxy.exe | Added by the SHIPUP-H WORM! | No |
| Y | CcPxySvc | CCPXYSVC.exe | Part of Norton's AntiVirus 2003, Internet Security and Firewall products. E-mail proxy service - required for E-mail scanning and the firewall | No |
| X | ccreg | explorer.exe | Added by the ZCREW BACKDOOR! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System% | No |
| Y | ccRegVfy | ccRegVfy.exe | Part of earlier versions of Norton AntiVirus - "ccRegVfy.exe is responsible for checking the integrity of the NAV registry entries to make sure that the information has not been changed by a malicious threat or a hack" | Yes |
| X | ccRegVfY | expIorer.exe | Added by the TACTSLAY.A TROJAN! | No |
| X | ccRegVfY | svcrhost.exe | Added by the TACTSLAY.A TROJAN! | No |
| X | ccRegVfY | svcshost.exe | Added by the TACTSLAY.A TROJAN! | No |
| X | ccRegVfY | outIook.exe | Added by the TACTSLAY.A TROJAN! | No |
| X | ccrss | msdtc.exe | Added by the STAP-C WORM! | No |
| Y | ccSetMgr | ccSetMgr.exe | Part of Norton AntiVirus 2004. What does it do? | No |
| X | ccStart | ccStart.exe | Added by the AGOBOT-IR WORM! | No |
| X | ccSvcHst.exe | ccSvcHst.exe | Added by the SDBOT-DIW WORM! | No |
| X | ccsvit.exe | ccsvit.exe | Added by the STARTPA-HP TROJAN! | No |
| U | cctray | cctray.exe | Part of CA Internet Security Suite | No |
| X | ccUpdate | ccUpdate.exe | Added by the AGOBOT.YS WORM! | No |
| U | ccUpdMgr | ccUpdMgr.exe | In Loco Parentis remote surveillance software. Uninstall this software unless you put it there yourself! | No |
| U | CCUTRAYICON | CCU_TrayIcon.exe | Related to Traybar Launcher from Intel Corporation belonging to Intel® Viiv® | No |
| U | ccWasher | aolwasher.exe | Webroot Cache & Cookie Washer - cleaning browser tracks, including cache, cookies, history, mail trash, drop-down address bar, auto-complete forms and downloaded program files for IE, Netscape and AOL | No |
| U | CCWC7a | ac.exe | Moleculesoft Cache, Cookie & Windows Cleaner. No longer supported but available for free | No |
| U | CCWC7I | idxl.exe | Moleculesoft Cache, Cookie & Windows Cleaner. No longer supported but available for free | No |
| U | CCWC7s | stealth.exe | Moleculesoft Cache, Cookie & Windows Cleaner. No longer supported but available for free | No |
| Y | CCWinTray | wintmr.exe | System Tray access to Child Control parental control software by Salfield | No |
| N | CD Storage Master | cdstorager.exe | CD Storage Master - a program designed to catalog CD information, boasts a number of handy features for organizing your collection | No |
| U | CD-DVD Lock for Win95/98/Me/2k/XP | CDVAgent.exe | Loads CD-DVD Lock from Ixis Research, Ltd - which is "intended for restricting read or write access to removable media devices such as CD, DVD, floppy and flash, as well as for restricting access to certain partitions of hard disk drives. You can restrict access by two ways: hide your devices from viewing or lock access to them". If disabled, hidden and locked drives still retain their original status so the user will only be able to change their status them via the main UI | Yes |
| X | cd1 | cd1.exe | Premium rate adult content dialler | No |
| N | CDANTSRV | CDANTSRV.exe | C-Dilla License Management software. Used for any program that uses C-dilla Protection, example: 3D Studio Max 4.x. It loads as a service automatically but is not needed unless you run said program. Can be started and stopped manually | No |
| X | Cdcompat | Cdcompat.exe | Added by the GEMA TROJAN! | No |
| X | cddrv32 | cddrv32.exe | Added by a variant of the CRYPTER.C TROJAN! | No |
| N | CDInterceptor | cdi.exe | CD indexer for measuring the speed of CD players | No |
| Y | cdloader | cdloader2.exe | From MagicJack - "A softphone device that allows you to attach an analog phone into the PC so you can have a traditional-style phone system in your house without any monthly charge" | No |
| U | CDLoader | sb32mon.exe | Part of the SpyBuddy keystroke logger/monitoring program - see here. Remove unless you installed it yourself! | No |
| X | CdnCtr | cdnup.exe | CNNIC Update pest | No |
| X | cdoosoft | herss.exe | Added by the SILLYFDC.BCT WORM! | No |
| X | cdoosoft | olhrwef.exe | Added by the AUTORUN-AAG WORM! | No |
| X | CDriver | windrv.exe | Added by the DELF.WG TROJAN! | No |
| X | CDriver | svchost.exe | Added by a variant of the DELF.IT TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! The location of this file varies | No |
| X | Cdrom Controller | cdromcntrl.exe | Added by the BATTRY-A TROJAN! | No |
| X | cds | cds.exe | Added by the SPYMON TROJAN! | No |
| X | CDSpeed.exe | CDSpeed.exe | Added by the IRCBOT.AEX BACKDOOR! | No |
| N | CDTray | CDTray.exe | On HP PCs, this is the small CD icon next to the time | No |
| U | CDVAgent | CDVAgent.exe | Loads CD-DVD Lock from Ixis Research, Ltd - which is "intended for restricting read or write access to removable media devices such as CD, DVD, floppy and flash, as well as for restricting access to certain partitions of hard disk drives. You can restrict access by two ways: hide your devices from viewing or lock access to them". If disabled, hidden and locked drives still retain their original status so the user will only be able to change their status them via the main UI | Yes |
| U | CeEKEY | CeEKey.exe | Hot Key utility included on Toshiba Satellite laptops | No |
| U | CeEPOWER | cepmtray.exe | Toshiba's Power Management Utility - allows the user to setup different profiles for both AC power and Battery Power on laptops. Contols CPU speed, Monitor Shut Off, Hard Drive Shut-Off, Monitor Brightness, System Stand-by and System Hibernate times | No |
| ? | Ceic | Ceic.exe | ?? | No |
| X | Cekirge | [path to worm] | Added by the KERGEZ.A WORM! | No |
| X | center | [random name]32.exe | Added by the BOFRA.A WORM! | No |
| X | CentralProcessor | taskimgr.exe | Added by the BANCOS.J TROJAN! | No |
| ? | CEPA | wsot.exe | ?? | No |
| X | Cerb | DivXx.exe | Added by the KEYLOG-LV TROJAN! | No |
| U | CertificateRegistration | SafeSignCertReg.exe | SafeSign Certificate Registration Utility for Microsoft Crypto applications | No |
| U | CertReg | certreg.exe | Related to Gemplus Card Reader | No |
| Y | CertStoreInit | CertStoreInit | Aladdin eToken authentication and password management | No |
| Y | certtool | certtool.exe | Part of Client Security Software for IBM\Lenovo notebooks. If you have configured the software via the associated wizard this will need to be running if you want to mount password protected areas of the disk (created with SafeGuard PrivateDisk), use the password manager or file/folder encryption options | No |
| N | CesarFTP FTP Server | server.exe | CesarFTPd - FTP server | No |
| X | cesmain.dll | Rundll32.exe [path] cmail.dll, Rundll32 | CnsMin (Chinese Keywords) hijacker related. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| X | CEventMgr | Cell.exe | Added by the BIFROSE-AK TROJAN! | No |
| N | CFD | CFD.exe | BroadJump Client Foundation. Broadband troubleshooting software installed by various companies. Not required and you can remove it via Add/Remove programs | No |
| X | CFDStart | WinMuschi.exe | WINMUSCHI dialler | No |
| X | cfgboost | cfgboot.exe | Added by an unidentified WORM or TROJAN! | No |
| Y | cfgintpr | cfgintpr.exe | Configuration Interpreter - part of Tiny Personal Firewall V4 | No |
| X | cfgmgr51 | RunDLL32.EXE cfgmgr51.dll,DllRun | BookedSpace parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "cfgmgr51.dll" file is located in %Windir% | No |
| X | cfgmgr52 | RunDLL32.EXE cfgmgr52.dll,DllRun | BookedSpace parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "cfgmgr52.dll" file is located in %Windir% | No |
| N | cfgwiz | cfgwiz.exe | Introduced with Norton Anti-Virus 2002, this is a real resource hog. Many NAV users will find they can live without loading it | No |
| U | CFi ShellToys Utility Manager | CFiShlMan.exe | Manager for CFi ShellToys from Cool Focus International Ltd - which "puts all the tools you need right where you need them - just a click away on your context menu. Right-click one or more files or folders, the desktop or the window background for instant access to 50 context-sensitive shell extensions" | No |
| ? | cFosDNT | cFosDNT.exe | cFos DSL Modem driver related. What does it do and is it required? | No |
| ? | cFosInst_Check | cfosinst.exe | cFos DSL Modem driver related. What does it do and is it required? | No |
| U | cFosSpeed | cFosSpeed.exe | cFos Software Internet acceleration program related. Note - may be necessary for the software to work properly | No |
| U | CFSServ.exe | CFSServ.exe | Belongs to Toshiba's configfree utility and searches for Wireless Devices | No |
| X | cftmon | sfcmonit.exe | Added by a variant of the AGENT.ERG TROJAN! | No |
| X | cftmon | WindowsUpdate.exe | Added by the AGENT.AQK BACKDOOR! | No |
| X | cftmon32 | taskmgr*.exe [* = number] | Added by the SOWSAT.C and SOWSAT.J WORMS! | No |
| X | cfy | cfy.exe | Surfenhance.com SearchForIt adware variant | No |
| X | CGI Firewall Script | CGIAGENT.EXE | Added by the BROPIA-U WORM! | No |
| U | CGServer | cgserver.exe | Associated with an Eicon Networks ISDN or ADSL modem. Call Guard Server (CGserver) watches your modem and blocks incoming or outgoing calls. You need cgard.exe (from Startmenu) to configure cgserver with rules and telephone numbers. Good against unwanted dialer programs | No |
| X | Cgtask Services | cgtask.exe | Added by the LALA.B TROJAN! | No |
| X | Cgywin | cgywin32.exe | Added by the RBOT-AEI WORM! | No |
| U | ChamClock | ChamClock.exe | Chameleon Clock - system tray clock replacement | No |
| X | change-me-now | msgfix1.exe | Added by the SDBOT.ZD WORM! | No |
| U | ChangeICON | SPMSMON.EXE | Card reader related program. Note - may cause problems with My Computer loading at startup. Disabling through MsConfig seems to solve the problem | No |
| ? | ChangeLines | chngline.exe | ?? | No |
| X | ChansonsMP3 | rundll32.exe MSA64CHK.dll,DllMostrar | MatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System% | No |
| Y | Charter High-Speed Security Suite | fspex.exe | Charter High-Speed Security Suite - security software in collaboration with F-Secure | No |
| X | Chat login | chatlogin.exe | Added by the ANTINNY.F WORM! | No |
| N | Chatango | Chatango.exe | Chatango - "allows people to be connected in real time through their Web browsers. Include your Chatango contact link or button when you create eBay auctions, blogs, personal websites, Friendster profiles, and your visitors will be able to contact you instantly, without downloading anything, or registering. Alo use it to send email to your friends, allowing them to respond to you in real time!." The 'MessageCatcher' icon in the System Tray notifies you when you get a message. When you get a message, a little alert pops up, which you can click on and start chatting immediately | No |
| U | ChatStat | ChatStat.exe | ChatStat from ChatStat Technologies, Inc. Provides live chat assistance in up to 16 languages allows your operators to be more productive | No |
| N | Chcenter | chcenter.exe | IMSI HiJaak - "the easiest way to convert, capture, and manage all your graphic files" | No |
| X | Chckup | Netverchk.exe | Covert Sys Exec malware variant | No |
| X | chcp.exe | chcp.exe | Added by the SDBOT.BMH BACKDOOR! | No |
| X | che32 | che.ocx.vbs | Added by the ADENU-B VIRUS! | No |
| X | Cheatle | GigaByte.exe | Added by the SHODI.B VIRUS! | No |
| U | cheatmonitor | start.exe | CheatMonitor surveillance software. Uninstall this software unless you put it there yourself | No |
| X | Check | Check.exe | Added by the VB-DRN WORM! | No |
| N | Check for One Touch Update | wiseupdt.exe | Checks for updates for Visioneer OneTouch scanners | No |
| N | Check for TWS Updates | WiseUpdt.exe | Interactive Brokers - check for update to their standalone Java-based trading platform | No |
| U | Check Messenger | cmesseng.exe | Check Messenger from Qchex.com - program that helps you manage the activity of your Qchex account. Qchex appear to be no longer in buisness | No |
| U | Check&Get | Check&Get.exe | Check&Get from ActiveURLs. Manages your browser bookmarks and favorites. Monitors Web sites for changes and updates, captures and highlights the changed contents | No |
| N | CheckCustomWorksUpdate | CheckCWupdate.exe | Update checker, part of CustomWorks - "customize any embroidery designs to design your own unique creations" | No |
| U | CheckDialer | ChkDial.exe | Added by the CheckDialer modem connection monitoring tool | No |
| X | Checkdisk | mscas.exe | Added by the VAGON-A TROJAN! | No |
| X | CheckFaultKernel | mswdm.exe | Added by the SMALL-CSK TROJAN! | No |
| U | CheckIt | ToolBox.exe | CheckIt Toolbox from WinCheckIt Diagnostic Software. Toolbox automatically backs up critical system files (such as .ini files and the Windows Registry), and performs a check on various system parameters at intervals you specify | No |
| U | CheckIt 86 | CheckIt86.exe | CheckIt 86 popup blocker | No |
| Y | CheckMsgPlus | MsgPlusH.dll, VerifyInstallation | Added by MSN Messenger Plus, a third party extension to MSN Messenger. This is the auto-update feature - see here for more info. | No |
| X | checkrun | elite***32.exe [* = random char] | EliteBar adware | No |
| X | checkrun | elitelsj32.exe | Added by the MULTIDR-ER TROJAN! | No |
| X | CheckScan32 | regload16.exe | Added by the AEBOT.K WORM! | No |
| ? | checktime | ct.exe | Found in the HPSelectFrontend directory on a HP machine. What is it's purpose and is it required? | No |
| Y | CheckVCR | IOMagic.exe | Driver for the I/OMagic Personal Video Recorder (DR-PCTV100) | No |
| X | CheckWinPerf | perfinfo.exe | Added by a variant of the IRCBOT TROJAN! | No |
| U | CherryKeyMan | KeyMan.exe | Multimedia keyboard manager for the Cherry keyboard series. Only required if you use any of the special keys | No |
| X | chiCkie | chiCkie.exe | Added by the CHIKO WORM! | No |
| U | ChicoSys | webtmr.exe | Child Control parental control software | No |
| U | ChikkaDefault | ChikkaLauncher.exe | Chikka PC text messanger and IM client | No |
| U | ChilyClient | ChilyClient.exe | Chily Employee Activity Monitoring surveillance software. Uninstall this software unless you put it there yourself | No |
| X | china11msn | CHINA11MSN.EXE | Added by the ENVID.O WORM! | No |
| U | ChineseStar | cstar.exe | Chinese language support software | No |
| U | CHIPDRIVEPinManager | sokscmpn.exe | ChipDrive Smartcard software | No |
| U | CHIPDRIVESmartcardManager | SCMgr.exe | ChipDrive Smartcard software | No |
| X | CHK Disker | chkdsker.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | CHK NT | chkntf.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| N | CHKADMIN | CHKADMIN.EXE | Compaq Network Management System. When running, it places an icon in the system tray titled "Intelligent Manageability" | No |
| X | ChkDisk | chk_disk.exe | Added by an unidentified WORM or TROJAN! | No |
| X | chkdrv | iemon.exe | Detected by Symantec as the ADCLICKER TROJAN! | No |
| X | chkdsk | autoexec.bat | Added by the ANPES WORM! | No |
| U | ChkMail | ChkMail.exe | Mail-checking program supplied with Acer notebooks | No |
| U | ChoiceMail | CHOICEMAIL.EXE | ChoiceMail from DigiPortal Software. Block spam with an Email firewall | No |
| X | Choke | Choke.exe -blahhh | Added by the CHOKE WORM! | No |
| X | chope | runlli32.exe | Added by the QQPASS-U TROJAN! | No |
| X | chostsv | chostsv.exe | Added by the BANPAES.C TROJAN! | No |
| U | CHotKey | mhotkey.exe | Enables special keys on Chicony keyboards. Special combinations include Internet, E-mail, vol+, vol-, mute, etc. Only required for extended features | No |
| U | CHotKey | MK9805.EXE | Enables special keys on Chicony keyboards. Special combinations include Internet, E-mail, vol+, vol-, mute, etc. Only required for extended features | No |
| U | CHotKey | zHotkey.exe | Enables special keys on Chicony keyboards. Special combinations include Internet, E-mail, vol , vol-, mute, etc. Only required for extended features | No |
| N | Christmas Music Player | TTEST6.EXE | "Christmas Music Player brings the music of the Christmas Holiday to your desktop" | No |
| ? | ChromeMark | keysh.exe | Related to this. Don't know what keysh.exe does though and if it's required | No |
| ? | ChronitelInitTV | CHTVINIT.EXE | ?? | No |
| U | chrono | chrono.exe | Chronograph is a simple utility that synchronizes internal computer clock to the atomic time. Chronograph automatically maintains correct time using atomic clock servers of the National Institute of Standards and Technology (NIST)." Shows seconds and shows the date without having to hover the mouse. Shows a calendar when hovered over | No |
| X | Ci Svr | cisvr.exe | Added by the IRCBOT.AWN BACKDOOR! | No |
| X | ci1gnt | ci1gnt.exe | Detected by Kaspersky as the AGENT.DHU TROJAN! | No |
| X | CiaBackdoor | msldr.com | Added by a VIRUS! | No |
| X | cihost.exe | cihost.exe | Added by the LINST TROJAN! | No |
| N | CIJxP2PSERVER | CIJxP2PS.EXE | Compaq printer utility which is required in order to make the printer work correctly - "x" depends upon the model, ie, for IJ300 x=3, for IJ700 x=7 | No |
| Y | Cingular Communication Manager | CingularCCM.exe | Cingular Communication Manager - now taken over by AT&T. "provides a robust set of wireless communication tools for businesses and individuals. With wireless access to email, the Internet, business applications and corporate intranets, mobile users can be more productive while they're out of the office" | No |
| X | Cinnabd Prompt32 | CmdPrompt32.pif | Added by the ASSIRAL-B WORM! | No |
| N | CIO | che7e1~1.exe | ChatItOut webcam chat program | No |
| X | Ciodiag | DECCONF.EXE | Added by the STRAT.EL TROJAN! | No |
| X | CirebonPunya | XXrocks.exe | Added by the BHARAT.A WORM! | No |
| X | Cisco Systems | [path to worm] | Added by the AUTORUN.UHR WORM! | No |
| U | Cisco Systems VPN Client | ipsecdialer.exe | Cisco VPN Client - lets local users gain Administrator privileges on the operating system | No |
| U | Cisco Systems VPN Client | vpngui.exe | Sets up IPSec communications for Cisco's VPN Client | No |
| N | CISrvr Program | CISRVR.EXE | Related to internet setup on Compaq PC's | No |
| X | Cissi | Cissi.exe | Added by the CISSI.A WORM! | No |
| U | CitiUCS | CitiUCS.exe | Citibank Virtual Account Numbers - "With this free service for Citi cardmembers, you never have to give out your real credit card number online" | No |
| N | CitiVAN | CitiVAN.exe | Option from Citibank to change a credit card number in a random fashion for each purchase. The number will only be used once and never again | No |
| X | cjb | cjb.exe | Added by the AGENT.ALZE TROJAN! | No |
| X | cjb | cjb*.exe | Added by a variant of the AGENT.ALZE TROJAN - where * is a random digit and the file is located in %ProgramFiles%\cjb | No |
| X | CJET | CJet.exe | FFToolBar adware toolbar | No |
| Y | Cjstcom | Cjstcom.exe | Canon printer BJ status language monitor | No |
| Y | ClamWin | ClamTray.exe | ClamWin antivirus | No |
| X | Classes | int1.exe | "Switch" premium rate adult content dialler variant | No |
| X | Classes | intl.exe | "Switch" premium rate adult content dialler variant | No |
| X | Classes | run_21.exe | "Switch" premium rate adult content dialler variant | No |
| X | Classes | srv.exe | "Switch" premium rate adult content dialler variant | No |
| X | Classes | srv2.exe | "Switch" premium rate adult content dialler variant | No |
| X | Classes | MSTAR2.EXE | "Switch" premium rate adult content dialler variant | No |
| X | Classes | mstart.exe | "Switch" premium rate adult content dialler variant | No |
| U | ClauerUpdate | ClUpdate.exe | Automatic updates for the software supporting the Clau-ACCV and Clauer-idCAT digital certificate USB keys | No |
| X | clcbt.exe | clcbt.exe | Added by the AGENT.CBA TROJAN! | No |
| X | clcl3 | clcl3.exe | Added by the AGENT.ES TROJAN! | No |
| X | clcl7 | clcl7.exe | Added by a variant of the Covert Sys Exec TROJAN! | No |
| U | CLCLSet | CLCL.exe | CLCL clipboard caching utility | No |
| N | Clean Access Agent | CCAAgent.exe | Cisco Clean Access Agent from Cisco Systems, Inc | No |
| X | Clean Mgr | cleanmg.exe | Added by the IRCBOT.BBO BACKDOOR! | No |
| X | Clean up | service.exe | Added by the AGENT-FPY TROJAN! | No |
| X | Cleanator | Cleanator.exe | Cleanator rogue privacy program - not recommended, removal instructions here | No |
| ? | CleanEasyImg | cleanall.exe | ?? | No |
| X | Cleaner2009 Freeware | UCLN.exe | Cleaner2009 rogue privacy program - not recommended, removal instructions here | No |
| X | CleanPCTool | SysRep.exe | CleanPCTool rogue system error and cleaning utility - not recommended. A member of the ErrClean family | No |
| ? | CleanRegPath | CleanReg.exe | Apparently Annex A ADSL modem related. What does it do and is it required? | No |
| U | CleanSweep Smart Sweep- Internet Sweep | Csinsm32.exe | Automatic logging of installs from Norton CleanSweep - available via Start -> Programs | No |
| N | CleanSweep Useage Watch | CSUSEM32.EXE | Quarterdeck/Norton CleanSweep component - tracks how often you use files and alerts you to files that have not been used for a specified period of time | No |
| U | CleanTemp | CLEANT~1.EXE | CleanTemp - deletes the contents of the TEMP directory when Windows starts and then closes - using no memory | No |
| U | CleanTemp | CleanTemp.exe | CleanTemp - deletes the contents of the TEMP directory when Windows starts and then closes - using no memory | No |
| N | Cleanup | ONICTASK.EXE | Internet Cleanup from Allume Systems (used to be by OnTrack) - cleans up tracks left by browsing the internet | No |
| Y | CleanUp | mcappins.exe | Used by older versions of McAfee internet security related products to clean up installation files that are no longer required once the product is installed. This entry will normally only appear once the product has been installed before the system is rebooted | Yes |
| Y | CleanUp | CleanUp.exe | Utility that only runs once after installing the drivers for Analog Devices SoundMax integrated soundcards to clean-up the files no longer required once the installation is complete. Other programs/drivers may use the same filename for the same purpose. In this case, the file is located in %System% and is listed under the HKLM\RunOnce registry key | Yes |
| ? | CleanupProgram | cleanup.exe | Sony Vaio related - what does it do and is it required? Located in a C:\Sonysys folder | No |
| X | CleanupTool | SysRep.exe | CleanupTool rogue system error and cleaning utility - not recommended. A member of the ErrClean family | No |
| X | clean_service | clean_service.cmd | Added by the REFAZ WORM! | No |
| U | CleverKeys | CK.exe | CleverKeys - "is free software that provides instant access to definitions at Dictionary.com, synonyms at Thesaurus.com, facts at Reference.com and more - from almost all Windows programs, including word processors, Web browsers and most e-mail programs" | No |
| X | clfmon | clfmon.exe | Added by the TACTSLAY.E TROJAN! | No |
| X | clfmon | nvsvca32.exe | Added by the TACTSLAY.E TROJAN! | No |
| X | clfmon.exe | clfmon.exe | Added by the AGENT-BJ TROJAN! | No |
| X | Cli Confg | cliconfig.exe | Added by a variant of the SPYBOT WORM! See here | No |
| X | CLI Services | clisrv.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| N | Click Radio Tuner | clickr~1.exe | ClickRadio - subscription service playing radio music via the internet | No |
| N | Click Tray Calendar | ClickT~1.EXE | ClickTray Calendar - shows holidays, reminders of various anniversaries,tasks etc | No |
| N | ClickMe | ClickMe.exe | ClickM "JOKE" program | No |
| U | Clickoff | Clickoff.exe | Clickoff automatically dismisses annoying dialog boxes | No |
| N | ClickSight Launcher | cs.exe | Launcher for the ClickSight® marketing tool from ClickStream Technologies - which "is a patented data-collection technology that helps independent software vendors understand the current and future usage of their product" | No |
| X | ClickTheButton | CTB.EXE | ClickTheButton adware | No |
| X | ClickTheButton | csrss.exe | ClickTheButton adware. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "drivers" subfolder | No |
| X | ClickTheButton | cd_load.exe | Added by the DOWNLOADER-MY TROJAN! | No |
| X | CLICONFG | CLICONFG.EXE | Added by the OPASERV.T WORM! | No |
| U | Client Access API Daemon | cwbappcd.exe | IBM iSeries Client Access, see here | No |
| N | Client Access Check Version | cwbckver.exe | Part of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. Checks the software version on your PC to that of the iSeries it is connected to. Not required - and can be turned off in the Client Access properties. It's a waste of resources | No |
| ? | Client Access Express Welcome | cwbwlwiz.exe | Welcome wizard launcher - Part of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. What does it do and is it required? | No |
| N | Client Access Help Update | cwbinhlp.exe | Client Access Help Registry Update Function - part of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. It only updates the help files on your PC to match the level of the attached iSeries | No |
| N | Client Access Service | CwbSvStr.Exe | Part of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. Useful if you are going to access the iSeries through Windows Explorer to move files back and forth between Windows folders and iSeries folders. This is a tool that is only used by Client Access administrators (usually) so it is not required - a waste of resources | No |
| U | Client Access Taskbar | cwbuitsk.exe | IBM iSeries Client Access taskbar, see here | No |
| X | Client Agent | ipxwping.exe | Added by the PPDOOR-N TROJAN! | No |
| X | Client Agent | photes.exe | Added by the PPDOOR-P TROJAN! | No |
| X | Client Agent | [path to file] | Added by the PPDOOR-J TROJAN! | No |
| ? | Client agent for ARCserve | W95AGENT.EXE | Part of Brightstor ARCserve Backup from Computer Associates. What does it do and is it required? | No |
| X | Client for Microsoft Networks | msclient32.exe | Added by the SDBOT-BXQ WORM! | No |
| N | Client Security Solution | cssauth.exe | Part of Thinkvantage Client Security Solution for Lenovo ThinkPad notebooks and ThinkCentre desktops. Once configured via the associated setup screens this loads via winlogon.exe (and loads the password manager) and therefore disabling this entry has no effect | Yes |
| X | Client Server Control Process | [path to trojan] | Added by the AGENT-HR TROJAN! | No |
| X | Client Server Run Time Proccess | csrsrv.exe | Added by a variant of the SDBOT WORM! | No |
| X | Client Server Runtime | [path to worm] | Added by the POEBOT-KR WORM! | No |
| X | Client Server Runtime Process | csrsss.exe | Added by the SDBOT-LD WORM! | No |
| X | Client Server Runtime Process | csrs.exe | Added by the LINKBOT.M WORM! | No |
| X | Client Server Runtime Process | smmss.exe | Backdoor TROJAN! Possible SDBOT-GEN variant | No |
| X | Client Update | wup.exe | Added by the OPANKI.O WORM! | No |
| Y | Cliente DLO | DLOClientu.exe | Part of the backup suites from VERITAS - Backup Exec and NetBackup. Both have now been replaced by their Symantec equivalents since they acquired VERITAS in 2005 | No |
| X | ClientMan1 | mscman.exe | ClientMan parasite variant | No |
| N | Clik Status Monitor | toolsclickstat.exe | Part of Iomega Tools to let you know whether an Iomega PocketZip (nee Clik) removable drive cartridge is installed | No |
| X | Clip Service Manager | clipmg.exe | Added by the DELF.DXJ TROJAN! | No |
| X | Clip Servicer | clipsrvc.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Clip Srv | clipsv.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | clipboard.exe | clipboard.exe | Added by an unidentified WORM or TROJAN! | No |
| N | Clipbook Service | Clipsrv.exe | Supports Windows XP ClipBook Viewer, which allows pages to be seen by remote ClipBooks | No |
| U | clipdiary | clipdiary.exe | Clipdiary from Softvoile - "Free Clipboard Manager for keeping the clipboard history" | No |
| N | ClipMate5x | ClipMt5x.exe | Clip Mate 5.x by Thornsoft. Utility that allows you to store more than one item in the clipboard. Available via Start -> Programs | No |
| N | Clipmate6 | CLIPMT60.EXE | Clip Mate 6 by Thornsoft. Utility that allows you to store more than one item in the clipboard. Available via Start -> Programs | No |
| N | ClipMate7 | ClipMate.exe | Clip Mate 7 by Thornsoft - utility that allows you to store more than one item in the clipboard | No |
| N | Clipomatic | Clipomatic.exe | Mike Lin's Clipomatic is a clipboard cache program - it remembers what was copied to the clipboard even after new data is copied, and allows you to retrieve the old data | No |
| N | Clipsrv | Clipsrv.exe | Supports Windows XP ClipBook Viewer, which allows pages to be seen by remote ClipBooks | No |
| X | ClipSrv | clipserv.exe | Added by the SDBOT-AAV and SDBOT-AFE WORMS! | No |
| X | ClipSrv | CLIPBRD3D.EXE | Added by the MOFEI-D WORM! | No |
| X | Clipsvc | clipsv.exe | Added by the BLACKHOLE.F BACKDOOR! | No |
| N | ClipTrak | ClipTrak.exe | ClipTrak - clipboard extender | No |
| N | ClipTrakker | ClipTrakker.exe | Cliptrakker - clipboard extender | No |
| N | CLISTART | CLIStart.exe | Puts the ATI Catalyst™ Control Center Icon/Shortcut on the System Tray - available via Start → Programs | No |
| X | clkhost | [path to trojan] | Added by the WIXUD-B TROJAN! | No |
| U | CLMFrontPanel | clmpanel.exe | System tray status/display/configuration utility for a number of modems. Can be disabled by right-clicking on the tray icon. If disabled, connection status is lost | No |
| ? | CLMLServer for HP TouchSmart | CLMLSvc.exe | Found on the HP Touchsmart range of desktops and notebooks. What does it do and is it required? | No |
| ? | clnwall | rundll.exe setupx.dll, InstallHinfSection ..delwall.inf | ?? | No |
| X | clock | [various filenames] | LiveChat Adware - known file names include: mssetup.exe, kstatus.exe, spoolsv.exe, sptsupd.exe, osk.exe, msswchx.exe, netdde.exe, msbkup.exe | No |
| X | Clock Manager | amsngr.exe | Added by the SDBOT-XM TROJAN! | No |
| X | ClockSync | Sync.exe | ClockSync - synchronizes your system clock with an internet time server. It's by WhenU, the makers of the Save Now spyware, and they're usually seen in tandem, so it's advised to replace it with one of may spyware free alternatives available | No |
| U | ClockWise | CLOCKWISE.EXE | ClockWise - produced by R J Software - a time utility. It is a schedueler not only for dates, but you can choose it to run programs at any time. It also updates the time by connecting to an atomic clock server. This is a spyware-free alternative to ClockSync | No |
| U | ClocX | ClocX.exe | ClocX - places a clock on the desktop that can be moved and then changed into a calendar plus you can set alarms etc? | No |
| U | CloneCD | CloneCDTray.exe | System tray for the now discontinued CloneCD. The only useful option is "Hide CDR Media" only available via this tray. Has additional unknown functions in later versions | No |
| U | CloneCDElbyCDFL | ElbyCheck.exe | From Elaborate Bytes who make CloneCD - monitors the installed filters of CD-ROMs/DVD-ROMs. Note - under Win2K removing this from startup causes the CD drive in the computer to not be recognized in the OS and after rechecking it prompts that the driver has been corrupted and asks you to restart the computer to fix it | No |
| U | CloneCDTray | CloneCDTray.exe | System tray for the now discontinued CloneCD. The only useful option is "Hide CDR Media" only available via this tray. Has additional unknown functions in later versions | No |
| ? | Clotusorgreg0 | prtStart.exe [path] Orgprt.exe | IBM Lotus SmartSuite related. In a LotusOrgReg folder. Unclear what exactly it does? | No |
| X | Clre | mmdc.exe | Added by the PURSCAN-AI TROJAN! | No |
| X | ClrSchLoader | [path to file] | ClearSearch adware | No |
| X | CLSID | com.exe | Adult content dialler | No |
| X | CLSID | dll.exe | Adult content dialler | No |
| X | CLSID | msgplus.exe | Adult content dialler | No |
| X | CLSID | plugin.exe | Adult content dialler | No |
| X | CLSID | sed.exe | Adult content dialler | No |
| X | CLSID | msgplus.exe | Premium rate adult content dialer. Note - this is NOT the MSN Messenger 'MessengerPlus' extension | No |
| X | CLSRSS | LSACS.EXE | Added by the SILLYFDC-X WORM! | No |
| U | ClUpdate | ClUpdate.exe | Automatic updates for the software supporting the Clau-ACCV and Clauer-idCAT digital certificate USB keys | No |
| ? | CM-SmWizard | SmWizard.exe | SmartWizard MFC Application - associated with C-Media who produce audio chipsets commonly used for on-board sound on motherboards. What does it do and is it required? | No |
| U | cma | cma.exe | DeskSite CMA siftware - "retrieves new content from the DeskSite Data Center" | No |
| X | CMAPP | cmappclient.exe | CasClient adware - also detected as the CMAPP TROJAN! | No |
| N | Cmaudio | Rundll32 cmicnfg.cpl, CMICtrlWnd | System tray control panel for C-Media based soundcards - often included on popular motherboards with in-built audio. Available via Start -> Settings -> Control Panel | No |
| X | Cmd | cmd32.exe | Added by the TANKED WORM! | No |
| X | cmd32 | configs.exe | Hijacker, also detected as the QURL-2 TROJAN! | No |
| X | cmd64 | cmd64.exe | CoolWebSearch Msconfd parasite variant | No |
| X | cmdbcs | cmdbcs.exe | Added by the LINEAG-GKW TROJAN! | No |
| X | cmdcon | cmdcon.exe | Added by the CRYPTER.A TROJAN! | No |
| X | cmds | vtsqn.dll | Added by a variant of the VUNDO TROJAN! | No |
| X | CmdShell.exe | CmdShell.exe | Added by the BCKDR-QHY BACKDOOR! | No |
| X | CME | cme.exe | Part of Gator advertising spyware - see here for removal instructions. Please note that Claria Corporation no longer support GAIN-Supported software - see here | No |
| X | CmeSYS | CMEsys.exe | Part of Gator advertising spyware - see here for removal instructions. Please note that Claria Corporation no longer support GAIN-Supported software - see here | No |
| X | CmeUPD | CMEupd.exe | Part of Gator advertising spyware - see here for removal instructions. Please note that Claria Corporation no longer support GAIN-Supported software - see here | No |
| X | CMFibula | CMFibula.exe | CASClient adware | No |
| N | CmFlywaveName | CmFlywav.exe | Driver for Linksys Wireless-G Music Bridge | No |
| U | CMGrdian | CMGrdian.exe | McAfee Guardian shortcut menu on the System Tray (looks like a castle) given access to Internet Security, Browser Buddy, File Guardian and help. Included with older versions of McAfee Internet Security and possibly others | No |
| U | CMGShieldUI | CMGShieldUI.exe | UI for CMG (CREDANT Mobile Guardian) Shield from Credant Technologies. "The CMG Shield resides on devices and external media to enforce security policies even if the device is disconnected from the network." Used to protect sensitive corporate on laptops, handhelds, smartphones, USB drives and CD-DVDs | No |
| X | CMMan | CMMan.exe | Added by the CMAPP TROJAN! | No |
| X | Cmmon32Sys | cmmon32.exe | Added by the SMALL.CL TROJAN! | No |
| X | cmonitor | startupmon.exe | SystemDoctor rogue security software - not recommended, removal instructions here | No |
| X | cmonitor | pasmon.exe | SystemDoctor rogue security software - not recommended, removal instructions here | No |
| U | CmPCIaudio | RunDll32 CMICNFG3.CPL, CMICtrlWnd | Registers the Control Panel applet for a C-Media PCI sound card | No |
| U | CMPDPSRV | CMPDPSRV.EXE | Printer Driver Plus from ViewAhead Technology (formerly DeviceGuys, Inc.). "Printer Driver Plus seamlessly integrates all the necessary components of a printer driver, plus more". Installed with some Compaq and Lexmark printers | No |
| X | Cmpnt | Devices2.exe | Added by the TOMPAI-D TROJAN! | No |
| X | Cmpnt | mainsv.exe | Added by the TOMPAI-C TROJAN! | No |
| X | cmrss | cmrss.exe | Added by the DELF.DU TROJAN! | No |
| X | cmrss | crmss.exe | Added by the DLOADER-EK TROJAN! | No |
| X | cmrss | [path to trojan] | Added by the DLOADER-QQ TROJAN! | No |
| X | cmrst | cmrst.exe | Added by the BANCOS.S TROJAN! | No |
| X | cmrst | cmrst.scr | Added by the DLOADER-FP TROJAN! | No |
| X | cms | iserver.exe | Added by the DLOADER-WK TROJAN! | No |
| X | CMSally | callmesally.exe | Added by the CASAL.A TROJAN! | No |
| U | CMSETTINGS | ctmn.exe | Part of NetNanny Chat Monitor | No |
| X | cmsound | vcpdll.exe | Added by the TCXMEDI-D downloader TROJAN! | No |
| X | cmsound | vcsystem.exe | Added by the TCXMEDI-D downloader TROJAN! | No |
| X | cmss | system.exe | Added by a variant of the RBOT WORM! | No |
| X | cmssapp | iexplore_.exe | Added by the BANCBAN-CQ TROJAN! | No |
| X | cmssapp | iexplore.exe | Added by the BANCBAN-GF TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | cmssSystemProcess | csmss.exe | Added by the AGENT-CO TROJAN! | No |
| X | cmssSystemProcess | mcsmss.exe | Added by the PROXYSER-F TROJAN! | No |
| X | cmssSystemProcess | csms.exe | Added by the AGENT-Y TROJAN! | No |
| X | CMSystem | CMSystem.exe | CASClient adware | No |
| X | cmt101 | cmt101.exe | Added by a variant of the CRYPTER.C TROJAN! | No |
| ? | CmUCRRun | CmUCReye.exe | Related to Medion Display Information. What does it do and is it required? | No |
| X | cmx32 | cmx32.exe | Added by the GEMA.D TROJAN! | No |
| X | Cn323 | cnfrm33.exe | Added by the MIMAIL.G WORM! | No |
| X | Cn911 | ODBCJET.exe | Added by the BIFROSE-PR TROJAN! | No |
| X | CNBABE | CNBABE.EXE | Appears to be spyware added by KAZAA (and maybe others) that displays pop-up ads whilst you're browsing | No |
| N | cnet | kontiki.exe | Kontiki Delivery Manager - Windows-based client software that enables secure delivery of content to users' desktops | No |
| Y | cnfgCav | CMain.exe | Part of Comodo Antivirus | No |
| X | Cnfrm32 | cnfrm.exe | Added by the MIMAIL.D WORM! | No |
| X | CnsMax | Internat.exe | Added by the POINTEX TROJAN! Note - the real internat.exe resides in %windir%\system (where %windir% is the Windows directory - C:\Windows or C:\Winnt) whereas this version resides in %windir% | No |
| X | CnsMin | Rundll32.exe [path] CNSMIN.DLL, Rundll32 | CnsMin (Chinese Keywords) hijacker related. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| Y | CnwiDeviceAgent | cnwida.exe | Part of the Canon imagePROGRAF W8400 printer management software | No |
| Y | CnxAdslL | CnxAdslL.exe | DLink, Zoom, or Conexant modem driver | No |
| N | CnxDslTaskBar | CnxDslTb.exe | Connexant DSL Taskbar as used on Acess Runner and Samsung AHT-E310 ADSL modems | No |
| U | CobBU | CobBU.exe | Cobian Backup versions 6 and 7 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (NT/2K/XP). If you don't have regularly scheduled backups then choose the startup option and run it manually when required | Yes |
| U | Cobian | Cobian.exe | Cobian Backup versions 8 thru 10 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (NT/2K/XP/Vista). If you don't have regularly scheduled backups then choose the startup option and run it manually when required | Yes |
| U | Cobian Backup | cbInterface.exe | System Tray access to Cobian Backup 10 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program using the default settings as service on an NT based OS (NT/2K/XP/Vista). If you don't have regularly scheduled backups then choose the startup installation option and run it manually when required | Yes |
| U | Cobian Backup | CobBU.exe | Cobian Backup 6 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (NT/2K/XP). If you don't have regularly scheduled backups then choose the startup option and run it manually when required | Yes |
| U | Cobian Backup 10 | Cobian.exe | Cobian Backup 10 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (XP/Vista/7). If you don't have regularly scheduled backups then choose the startup option and run it manually when required | Yes |
| U | Cobian Backup 10 Interface | cbInterface.exe | System Tray access to Cobian Backup 10 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program using the default settings as service on an NT based OS (NT/2K/XP/Vista). If you don't have regularly scheduled backups then choose the startup installation option and run it manually when required | Yes |
| U | Cobian Backup 6 | CobBU.exe | Cobian Backup 6 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (NT/2K/XP). If you don't have regularly scheduled backups then choose the startup option and run it manually when required | Yes |
| U | Cobian Backup 7 | CobBU.exe | Cobian Backup 7 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (NT/2K/XP). If you don't have regularly scheduled backups then choose the startup option and run it manually when required | Yes |
| U | Cobian Backup 7 Application | CobBU.exe | Cobian Backup 7 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (NT/2K/XP). If you don't have regularly scheduled backups then choose the startup option and run it manually when required | Yes |
| U | Cobian Backup 7 Interface | cobui.exe | System Tray access to Cobian Backup 7 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program using the default settings as service on an NT based OS (NT/2K/XP). If you don't have regularly scheduled backups then choose the startup installation option and run it manually when required | Yes |
| U | Cobian Backup 8 | Cobian.exe | Cobian Backup 8 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (NT/2K/XP/Vista). If you don't have regularly scheduled backups then choose the startup option and run it manually when required | Yes |
| U | Cobian Backup 8 interface | cbInterface.exe | System Tray access to Cobian Backup 8 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program using the default settings as service on an NT based OS (NT/2K/XP/Vista). If you don't have regularly scheduled backups then choose the startup installation option and run it manually when required | Yes |
| U | Cobian Backup 9 | Cobian.exe | Cobian Backup 9 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (NT/2K/XP/Vista). If you don't have regularly scheduled backups then choose the startup option and run it manually when required | Yes |
| U | Cobian Backup 9 interface | cbInterface.exe | System Tray access to Cobian Backup 9 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program using the default settings as service on an NT based OS (NT/2K/XP/Vista). If you don't have regularly scheduled backups then choose the startup installation option and run it manually when required | Yes |
| U | Cobian Backup Amanita | cbInterface.exe | System Tray access to Cobian Backup 9 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program using the default settings as service on an NT based OS (NT/2K/XP/Vista). If you don't have regularly scheduled backups then choose the startup installation option and run it manually when required | Yes |
| U | Cobian Backup Amanita | Cobian.exe | Cobian Backup 9 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (NT/2K/XP/Vista). If you don't have regularly scheduled backups then choose the startup option and run it manually when required | Yes |
| U | Cobian Backup Black Moon | cbInterface.exe | System Tray access to Cobian Backup 8 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program using the default settings as service on an NT based OS (NT/2K/XP/Vista). If you don't have regularly scheduled backups then choose the startup installation option and run it manually when required | Yes |
| U | Cobian Backup Black Moon | Cobian.exe | Cobian Backup 8 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (NT/2K/XP/Vista). If you don't have regularly scheduled backups then choose the startup option and run it manually when required | Yes |
| U | Cobian Backup Boletus | Cobian.exe | Cobian Backup 10 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (XP/Vista/7). If you don't have regularly scheduled backups then choose the startup option and run it manually when required | Yes |
| U | Cobian Backup Interface 6 | cobui.exe | System Tray access to Cobian Backup 6 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program using the default settings as service on an NT based OS (NT/2K/XP). If you don't have regularly scheduled backups then choose the startup installation option and run it manually when required | Yes |
| U | cobui | cobui.exe | System Tray access to Cobian Backup versions 6 and 7 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program using the default settings as service on an NT based OS (NT/2K/XP). If you don't have regularly scheduled backups then choose the startup installation option and run it manually when required | Yes |
| X | CodeClean | CCIntro.exe | CodeClean rogue security software - not recommended | No |
| U | Codename Dashboard | dashboard.exe | Codename: Dashboard - "an application that resides at the side of your screen. Built on the Microsoft .NET Framework, it is a host for interchangeable components through which C.D. allows you to have any information you want, on your desktop, all the time" | No |
| ? | COEMsgDisplay | COEMsgDisplay.exe | Part of HP's PC Common Operating Environment (PC COE) project. Located in %ProgramFiles%\Hewlett-Packard\PC COE. What does it do and is it required? | No |
| X | cof.updit | [random filename] | Added by a variant of the SDBOT WORM! | No |
| U | CognizanceTS | rundll32.exe [path] AsTsVcc.dll, RegisterModule | Cognizance Corp Identity And Access Management suite | No |
| X | Coldlife -icmp | Systray.exe | Added by the FLOOD.AV TROJAN! Note - this is not the legitimate systray.exe process | No |
| N | CollaborationHost | p2phost.exe | Signs a user into the People Near Me feature at login in Windows 7 and Vista. People Near Me enables you to use certain peer-to-peer (P2P) programs on a network - that "identifies people nearby who are using computers and allows those people to send you invitations for programs such as Windows Meeting Space. They can only invite you to participate in programs that are installed on your computer." Available via Start → Control Panel | Yes |
| U | coloreal | coloreal.exe | Makes colours sharper and brighter, but will only work with coloreal capable monitors | No |
| N | Colorific | Hgcctl95.exe | Colorific® from E-Color - "delivers accurate gamma and color temperature across your entire system - monitor to printer and digital camera to monitor." Now superseded by ColorWizzard™ | No |
| N | Colorific Control Panel | Hgcctl95.exe | Colorific® from E-Color - "delivers accurate gamma and color temperature across your entire system - monitor to printer and digital camera to monitor." Now superseded by ColorWizzard™ | No |
| X | COM Service | mscom32.com | Added by the BEASTY.H TROJAN! | No |
| X | COM Service | msynvr.com | Added by the BEASTY.G TROJAN! | No |
| X | COM Service | msjclh.com | Added by the BEASTY.E TROJAN! | No |
| X | COM Service | msdrce.com | Added by the BEASTY.I TROJAN! | No |
| X | COM Service | msflyx.com | Added by the BEASTDO-O TROJAN! | No |
| X | COM+ Event System | DRWTSN16.EXE | Added by the LOVGATE.AB WORM! | No |
| X | COM+ EventSystem Services | ECSERVER.EXE | Added by a variant of the SDBOT WORM! | No |
| X | Com+ Sys | csrs.exe | Added by the FORBOT-BT WORM! | No |
| X | COM+ System Applications | lsas.exe | Added by the AGOBOT.SE WORM! | No |
| X | COM++ System | exploier.exe | Added by the LOVGATE.Z WORM! | No |
| X | COM++ System | suchost.exe | Added by the LOVGATE-F WORM! | No |
| X | COM++ System | svchost.exe... | Added by a variant of the LOVGATE WORM! | No |
| N | COM-IP | COMIP.EXE | COM-IP Virtual Modem Driver (COM-IP Creates a Fake Serial Port that allows you to use older DOS Based Communications Programs over Telnet. Type atdt host.domain.com instead of atdt 5551212) | No |
| U | com.codeode.cactusspamfilter | cactusspamfilter.exe | Cactus Spam - free easy-to-use spam blocker | No |
| U | com.codeode.privacymantra | privacymantra.exe | "Privacy Mantra keeps your computer clean from online and offline tracks" | No |
| U | ComAgent | ComAgent.exe | ComAgent - MDaemon's instant messaging client | No |
| X | combo.exe | combo.exe | Added by the CHIMO-C TROJAN! | No |
| X | combop.exe | combop.exe | Added by the BOWFEED-A TROJAN! | No |
| X | Comcast Network | ribiva.exe | Added by a variant of the IRC TROJAN! | No |
| X | ComcastSUPPORT | tgkill.exe | Comcast (the cable folks who are replacing @home in some parts of the USA) have struck a deal with Tioga to provide an "enhanced" support and self-repairing tool. This is "beta" at present and was made available to download by mistake at present. Remove via Start -> Settings -> Add/Remove Programs | No |
| X | COMCFG | comcfg.exe | Added by the TOADCOM.A TROJAN! | No |
| X | comctl32 | comctl32.exe | Adware - detected by Kaspersky as the AGENT.AM TROJAN! | No |
| U | COMDRV32 | svdhost.exe | Orvell Monitoring 2003 surveillance software. Uninstall this software unless you put it there yourself. Note - asks for permission to contact the IP address of http://www.protectcom.com/ | No |
| U | Comm Driver | commh32.exe | G Data "PC Spion". PC monitoring and surveilling software, captures all users activity on the PC, see here. Disable/remove if you didn't install it yourself! | No |
| X | Command | system.exe | Added by the GATECRASH.A or GATECRASH.B TROJANS! | No |
| X | Command | Gotit.exe | Added by the TITOG WORM! | No |
| X | COMMAND | command.exe | Added by the QQPASS.E TROJAN! | No |
| X | command | javaw.exe | Added by the AGOBOT-LG WORM! | No |
| X | Command Prompt32 | CmdPrompt32.pif | Added by the ASSIRAL.B WORM! | No |
| U | Command WorkStation 4 | cws 4.exe | EFI's Command WorkStation makes "managing demanding workflows easier by centralizing job management. The software automatically identifies the Fiery servers on the network and offers customization options for displaying information" - for high-end print environments | No |
| X | command32 | command32.exe | Added by the LINEADI-A TROJAN! | No |
| N | CommCtr | commctr.exe | "Net2Phone CommCenter is the latest in Internet voice technology allowing you to place calls easily all over the world right from your PC!". Available via Start -> Programs | No |
| Y | Common Client | ccApp.exe | Part of earlier versions of Norton AntiVirus - Auto-protect and E-mail check will not function without this | Yes |
| Y | Common Client | ccRegVfy.exe | Part of earlier versions of Norton AntiVirus - "ccRegVfy.exe is responsible for checking the integrity of the NAV registry entries to make sure that the information has not been changed by a malicious threat or a hack" | Yes |
| X | Common Files | twain.exe | Added by the AGENT.BEA TROJAN! | No |
| X | CommonService | winup.exe | Added by the DLOADR-BJJ TROJAN! | No |
| Y | COMMUNICATOR | Communicator.exe | Part of Microsoft Office Communicator, which is an integrated communications client that allows information workers to communicate in real time using a range of different communication options, including instant messaging (IM), voice, and video | No |
| U | Comodo Firewall | CPF.exe | Comodo Firewall | No |
| Y | COMODO Firewall Pro | cfp.exe | Comodo Firewall Pro | No |
| U | Comodo Launch Pad Tray | CLPTray.exe | System Tray access to LaunchPad as bundled with Comodo's freebie offerings such as Comodo Anti-Virus. Some allege that LaunchPad is impossible-to-uninstall adware, or worse - see here | No |
| Y | COMODO Memory Firewall | cmf.exe | "Comodo Memory Firewall is a buffer overflow detection and prevention tool which provides the ultimate defence against one of the most serious and common attack types on the Internet - the buffer overflow attack" | No |
| U | Companion Module | companion.exe | The AOL Companion is a small window that appears when you connect to the service using verison 8.0 and early builds of version 9.0. "Use the Companion to quickly get to your favourite features, including your Buddy List, Favourite Places, Address Book, and more!" | Yes |
| X | CompanionWizard | compwiz.exe | Part of WinAntiVirusPro 2007 rogue security software (and possibly others) - not recommended, see here | No |
| U | Compaq Alerter | CPQAlert.exe | Compaq's Insight Manager Agent - a tool that allows for "fault, performance, and configuration management". Recommended for corporate users only. It's best removed if installed but not wanted, rather than disabled at startup. See here for more information | No |
| N | Compaq Computer Corp SCCenter Module | SCCENTER.EXE | For Compaq PC's. Part of Backweb | No |
| ? | Compaq Computer Security | Rundll32.exe SECURE32.CPL, Service | ?? | No |
| N | Compaq Connections | COMPAQ~1.EXE | See here - "messaging service that automatically sends you support information, tips, ideas, and special offers from HP and our partners, especially designed for HP and Compaq desktop computer owners" | No |
| N | Compaq Connections | BackWeb-1940576.exe | See here - "messaging service that automatically sends you support information, tips, ideas, and special offers from HP and our partners, especially designed for HP and Compaq desktop computer owners". * can be any digit | No |
| N | Compaq Connections | Compaq Connections.exe | See here - "messaging service that automatically sends you support information, tips, ideas, and special offers from HP and our partners, especially designed for HP and Compaq desktop computer owners" | No |
| N | Compaq DMI | cpqdmi.exe | Compaq version of the Desktop Management Interface | No |
| X | Compaq Drivers | F1rewalls.exe | Added by the SDBOT-WD WORM! | No |
| N | Compaq Internet Setup | inetwizard.exe | For Compaq PC's. Runs Compaq internet setup wizard and offers you to signup from ISP list | No |
| X | Compaq Jes Drivers | winjes.exe | Added by the SDBOT-XR WORM! | No |
| U | Compaq Knowledge Center | silent.exe & matcli.exe | "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, state, etc and gets written to a log file while silent.exe executes matcli.exe quietly in the background. Compaq Knowledge Center is required to run with the Help and Support program. If you uncheck Compaq Knowledge Center and and then run help and Support it will add another Compaq Knowledge Center in the startup menu. If you remove the Compaq Knowledge Center in the add/remove program some help menus in help and support will not be available like Fix my Presario, Preference, and Contact Technical Support". You decide | No |
| N | Compaq Message Server | COMPAQ-RBA.EXE | Applies to the CPQBootPerfDB entry as well. These files generate some kind of server or servlet that attempts to connect with Compaq online. They are like Trojans, but fairly harmless. They send information on the "Compaq Advisor/Compaq Message Screener" application that comes with every Compaq computer and provide feedback on how computer users use the Message Advisor. These messages appear occasionally and instruct and advise users on their computer and its use. They generally attempt to get you (these messages) to connect to Compaq's website. They may be safely disabled via (1) MSCONFIG or (2) Start -> Programs -> Compaq Advisor -> Advisor Settings under the "advanced" tab. Not required and can cause problems | No |
| U | Compaq PK Daemon | cpqkl.exe | For Compaq laptops for programming user configurable keys. Not required unless you use them | No |
| X | Compaq Print Fax | cpqa1000.exe | Added by the SDBOT.BCV WORM! Please take note of the difference between the legitimate Compaq Fax Utility Name (A1000 Settings Utility) and the name (Compaq Print Fax) used by this worm | No |
| X | Compaq Service Drivers | systeminfos.exe | Added by the SDBOT-XC WORM! | No |
| X | Compaq Service Drivers | compq.exe | Added by a variant of the SDBOT WORM! | No |
| X | Compaq Service Drivers | navapqwa.exe | Added by the SDBOT.BBQ WORM! | No |
| X | Compaq Service Drivers | amsn.exe | Added by a variant of the SDBOT WORM! | No |
| X | Compaq Service Drivers | compqs.exe | Added by a variant of the SDBOT WORM! | No |
| X | Compaq Service Drivers | msnt.exe | Added by the SDBOT.CQL WORM! | No |
| X | Compaq Service Drivers | NtKernelSystem.exe | Added by a variant of the SDBOT WORM! | No |
| X | Compaq Service Drivers | wincmd.exe | Added by the RBOT.ATV WORM! | No |
| X | Compaq Service Drivers | wind32.exe | Added by a variant of the SDBOT WORM! | No |
| X | Compaq Service Drivers | winmsn.exe | Added by a variant of the SDBOT WORM! | No |
| X | Compaq Service Drivers | compaq.exe | Added by the SDBOT-AFU WORM! | No |
| X | Compaq Service Drivers | msnsvc.exe | Added by the RBOT.BKT WORM! | No |
| X | Compaq Service Drivers | ntsys32.exe | Added by the RBOT.CIW WORM! | No |
| X | Compaq Service Drivers | winsvc.exe | Added by the SDBOT-AGD WORM! | No |
| X | Compaq Service Drivers 32 | compq32.exe | Added by a variant of the SDBOT WORM! | No |
| X | Compaq Service Drivrs | copq.exe | Added by a variant of the RBOT WORM! | No |
| X | Compaq Services Drivers | ndt32.exe | Added by the RBOT.CQZ WORM! | No |
| X | Compaq Sound Drivers For WINDOWS | sounddr.exe | Added by the SDBOT-XG WORM! | No |
| N | Compaq Video CD Watcher | ?? | For Compaq PC's. MPEG viewer | No |
| X | Compaq32 Service Drivers | ms32.exe | Added by the SDBOT.BWH WORM! | No |
| X | Compaq32 Service Drivers | msconfig32.exe | Added by the SDBOT-ADC WORM! | No |
| X | Compaq32 Service Drivers | msnt32.exe | Added by the RBOT.BVF WORM! | No |
| ? | CompaqHW Comp Manager | cpqhcm.exe | Running on a Compaq laptop - any ideas? | No |
| N | CompaqPrinTray | printray.exe | Puts printer icon in the System Tray. When this option is disabled you will no longer be able to access the Control Program or Printer Driver directly from your desktop | No |
| X | Compaqs Service Driver | copypad32.exe | Added by the SDBOT.CSO WORM! | No |
| X | Compaqs Service Drivers | compqs.exe | Added by a variant of the SDBOT WORM! | No |
| N | CompaqSystray | cpqpscp.exe | Compaq System Tray icon | No |
| X | Compatibility Service Process | regsvs.exe | Added by the GAOBOT.YN WORM! | No |
| X | Compd Service Drivrs | codq.exe | Added by a variant of the SDBOT WORM! | No |
| X | Compliant | [worm filename] | Added by the RBOT-LB WORM! | No |
| X | ComPlus Applications | twain.exe | Added by the AGENT.AQO TROJAN! | No |
| U | ComproRemote | ComproRemote.exe | VideoMate TV tuner and capture card - remote control driver | No |
| U | ComproSchedulerDTV | ComproSchedulerDTV.exe | VideoMate TV tuner and capture card - scheduler | No |
| U | CompuSpy | CompuSpy.exe | CompuSpy surveillance software. Uninstall this software unless you put it there yourself | No |
| U | CompuSpy KeyLogger | cswin2008.exe | CompuSpy surveillance software. Uninstall this software unless you put it there yourself | No |
| X | Computer Defender 2009 | cd2009.exe | Computer Defender 2009 rogue security software - not recommended, removal instructions here | No |
| X | Computing Technologie Firewall | lsauth.exe | Added by the SDBOT-WX WORM! | No |
| N | COMSMDEXE | comsmd.exe | 3Com tray icon | No |
| X | ComStart | Trojan Guarder.exe | TrojanGuarder rogue security software - not recommended | No |
| X | ComTry Web Searcher | wstray.exe | Comtry MP3 Downloader related - spyware | No |
| X | comxt | comxt.exe | Added by the COMXT TROJAN! | No |
| X | con | [path to trojan] | Added by the BRAVE-A TROJAN! | No |
| ? | Concurre | concurre.exe | ?? | No |
| X | ConducteurPrive | GDC.exe | ConducteurPrive rogue privacy tool - not recommended. A member of the PCPrivacyTool family | No |
| X | ConfidentSurf | GDC.exe | ConfidentSurf rogue privacy tool - not recommended. A member of the PCPrivacyTool family | No |
| X | ConfidentUser | SRP.exe | ConfidentUser rogue security software - the site's "online scanner" is detected by Kaspersky as WinFixer.ba | No |
| X | Config | service.exe | Added by the ISRAZ.B WORM! | No |
| X | Config | WinService32.exe | Added by the CRUTCHA-A TROJAN! | No |
| X | Config | winconfig.exe | Added by the GIP.113.B1 TROJAN! | No |
| X | Config | CONFIG.EXE | Added by the PSWGIP.B TROJAN! | No |
| X | Config | TaskUpdate.exe | Added by the MDROP-BRO TROJAN! | No |
| X | Config Loadation | iEEexplore.exe | Added by the SDBOT.H TROJAN! | No |
| X | Config Loadatiorin | I3Explorer.exe | Added by the SDBOT.H TROJAN! | No |
| X | Config Loader | svchosl.exe | Added by the GAOBOT.P WORM! | No |
| X | Config Loader | sysldr32.exe | Added by the GAOBOT WORM! | No |
| X | Config Loader | scvhost.exe | Added by the GAOBOT.AE or GAOBOT.AO WORMS! | No |
| X | Config Loader | svhost.exe | Added by a variant of the AGOBOT/GAOBOT WORM! | No |
| X | Config Loader | svchost2.exe | Added by the AGOBOT.XE WORM! | No |
| X | Config Loader | [worm filename] | Added by the AGOBOT-AE WORM! | No |
| X | Config Loader | SYSMGR.EXE | Added by the AGOBOT.C WORM! | No |
| X | Config Loader | wincrt32.exe | Added by the AGOBOT-AW WORM! | No |
| X | Config Loader for Microsoft Windows | mwincfg32.exe | Added by the AGOBOT.BD WORM! | No |
| X | Config Loader2 | explores.exe | Added by the GAOBOT.BT WORM! | No |
| X | Config Loadr | winsys32.exe | Added by the AGOBOT-HN WORM! | No |
| X | Config33.exe | Config33.exe | Added by the SDBOT.T TROJAN! | No |
| X | ConfiggLoader | cart322.exe | Added by the GAOBOT.DJ WORM! | No |
| U | ConfigSafe | CFGSAFE.EXE | ConfigSafe - lets you identify changes to the registry, INI files, System asset files, system hardware, network connections, and operating system versions -- provides a restore function. Your choice | No |
| U | ConfigSafe | AUTOCHK.EXE | ConfigSafe - lets you identify changes to the registry, INI files, System asset files, system hardware, network connections, and operating system versions -- provides a restore function. Your choice | No |
| N | ConfigServices | Config.exe | Part of initial setup on a Compaq PC | No |
| X | configsetup | configsetup32.exe | Added by the AGOBOT-AFP WORM! | No |
| X | Configuration | explorer32.exe | Added by the SDBOT-ML WORM! | No |
| X | configuration | apphost.exe | Added by the SDBOT-VP WORM! | No |
| X | Configuration | ntsys32.exe | Added by the SDBOT-LN WORM! | No |
| X | Configuration | msgfixs.exe | Added by the SDBOT-NN WORM! | No |
| X | Configuration Default | Wuxat.exe | Added by the SPYBOT-CA WORM! | No |
| X | Configuration Driver | scghost.exe | Added by the SDBOT-DLA WORM! | No |
| X | Configuration File | Winset32.exe | Added by the FLUX.101 TROJAN! | No |
| X | Configuration Loaded | wupdated.exe | Added by the MOEGA or MOEGA.AG or MOEGA.AP WORMS! | No |
| X | Configuration Loaded | lssas.exe | Added by a variant of the SDBOT WORM! | No |
| X | Configuration Loaded | iexploree.exe | Added by the SDBOT-KC WORM! | No |
| X | Configuration Loader | aim95.exe | Added by the LOADCFG or SDBOT TROJANS! | No |
| X | Configuration Loader | cmd32.exe | Added by the LOADCFG or SDBOT TROJANS! | No |
| X | Configuration Loader | syscfg32.exe | Added by the SDBOT.B BACKDOOR! | No |
| X | Configuration Loader | service5.exe | Added by the GAOBOT.AF WORM! | No |
| X | Configuration Loader | lfass.exe | Added by a variant of the AGOBOT/GAOBOT WORM! | No |
| X | Configuration Loader | sycfg34.exe | Added by the GAOBOT.AN WORM! | No |
| X | Configuration Loader | wincrt32.exe | Added by the GAOBOT.BF WORM! | No |
| X | Configuration Loader | windex.exe | Added by the GAOBOT.BZ WORM! | No |
| X | Configuration Loader | dosrun32.exe | Added by the GAOBOT.AO WORM! | No |
| X | Configuration Loader | Service.exe | Added by the GAOBOT.AO WORM! | No |
| X | Configuration Loader | Servicess.exe | Added by the GAOBOT.AO WORM! | No |
| X | Configuration Loader | sw32.exe | Added by the AGOBOT.BQ WORM! | No |
| X | Configuration Loader | System.exe | Added by the GAOBOT.AO WORM! | No |
| X | Configuration Loader | Winreg.exe | Added by the GAOBOT.AO WORM! | No |
| X | Configuration Loader | sysinfo.exe | Added by the GAOBOT.FQ WORM! | No |
| X | Configuration Loader | microsoft.exe | Added by the GAOBOT.JB WORM! | No |
| X | Configuration Loader | confgldr.exe | Added by the GAOBOT.GEN!POLY WORM! | No |
| X | configuration loader | winicfg32.exe | Added by the GAOBOT.RQ WORM! | No |
| X | Configuration Loader | svhst.exe | Added by the GAOBOT.YC WORM! | No |
| X | Configuration Loader | msgfix.exe | Added by the GAOBOT.AUS or SDBOT.J or SDBOT-QG WORMS! | No |
| X | Configuration Loader | msnss.exe | Added by the GAOBOT.AUS WORM! | No |
| X | Configuration Loader | IEXPL0RE.EXE | Added by the SDBOT BACKDOOR! Note the number "0" in the filename | No |
| X | Configuration Loader | loadcfg32.exe | Added by the SDBOT BACKDOOR! Note the number "0" in the filename | No |
| X | Configuration Loader | MSTasks.exe | Added by the LOADCFG or SDBOT TROJANS! | No |
| X | Configuration Loader | systemry.exe | Added by a variant of the AGOBOT/GAOBOT WORM! | No |
| X | Configuration Loader | ccSort.exe | Added by the AGOBOT.SR WORM! | No |
| X | Configuration Loader | smss32.exe | Added by the AGOBOT.MB WORM! | No |
| X | Configuration Loader | wincffg.exe | Added by the AGOBOT.A3 WORM! | No |
| X | Configuration Loader | seru32.exe | Added by the SDBOT-VR WORM! | No |
| X | Configuration Loader | botss.exe | Added by the SDBOT-XS WORM! | No |
| X | Configuration Loader | ldasp.exe | Added by the AGOBOT.BH WORM! | No |
| X | Configuration Loader | msgcfgsrv.exe | Added by a variant of the AGOBOT/GAOBOT WORM! | No |
| X | Configuration Loader | smsai.exe | Added by the SDBOT-YE WORM! | No |
| X | Configuration Loader | svupdate.exe | Added by the RANDEX.DXP WORM! | No |
| X | Configuration Loader | crcss.exe | Added by the AGOBOT.ADG WORM! | No |
| X | Configuration Loader | lexplore.exe | Added by the RBOT-AGX WORM! Note - the executable is spelt with a lower case "L" rather than an lower or upper case "i" which is the case with Internet Explorer | No |
| X | Configuration Loader | scvhost.exe | Added by the AGOBOT-AAE and SDBOT.AR WORMS! | No |
| X | Configuration Loader | svchost.exe | Added by the PARADROP-A WORM! Note - this is not the legitimate svchost.exe process which should not normally figure in Msconfig/Startup! | No |
| X | Configuration Loader | svchost2.exe | Added by the AGOBOT.JR WORM! | No |
| X | Configuration Loader | dezi.exe | Added by the SDBOT-OB WORM! | No |
| X | Configuration Loader | mouse.exe | Added by a variant of the AGOBOT/GAOBOT WORM! | No |
| X | Configuration Loader | msg.exe | Added by the SDBOT.BT WORM! | No |
| X | Configuration Loader | WinHelper.exe | Added by a variant of the AGOBOT/GAOBOT WORM! | No |
| X | Configuration Loader | extrac.exe | Added by the SDBOT-AFP WORM! | No |
| X | Configuration Loader | DVD-Player.exe | Added by a variant of the SDBOT WORM! | No |
| X | Configuration Loader | IEXPLORE.EXE | Added by the SDBOT-KW WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System% | No |
| X | Configuration Loader | svchost.exe | Added by the PARADROP-AI WORM! Note - this is not the legitimate svchost.exe process which should not normally figure in Msconfig/Startup! | No |
| X | Configuration Loader | wincore.exe | Added by the SDBOT.BHE WORM! | No |
| X | Configuration Loader | configldr.exe | Added by the AGOBOT-PP TROJAN! | No |
| X | Configuration Loader | ahnhst.exe | Added by the AGOBOT.MX WORM! | No |
| X | Configuration Loader | ntdm.exe | Added by the AGOBOT.RV WORM! | No |
| X | Configuration Loader | msnmsgr.exe | Added by the SDBOT-SO WORM! Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %System% | No |
| X | Configuration Loader | svschost.exe | Added by the SDBOT-NS WORM! | No |
| X | Configuration Loader | wump.exe | Added by the AGOBOT-BU BACKDOOR! | No |
| X | Configuration Loader | WinSys32ys.exe | Added by the SDBOT.BCS WORM! | No |
| X | Configuration Loader | cvcd.exe | Added by the AGOBOT-DH BACKDOOR! | No |
| X | Configuration Loader | asnclt32.exe | Added by the AGOBOT-EB BACKDOOR! | No |
| X | Configuration Loader | soundconf.exe | Added by the AGOBOT-MH WORM! | No |
| X | Configuration Loader | win32exec.exe | Added by the SDBOT-LA WORM! | No |
| X | Configuration Loader | mservs.exe | Added by the SDBOT-NM WORM! | No |
| X | Configuration Loader | update.exe | Added by the SDBOT-OS WORM! | No |
| X | Configuration Loader | FILENAME.EXE | Added by the AGOBOT-DQ WORM! | No |
| X | Configuration Loader | explore.exe | Added by the GAOBOT.GW WORM! | No |
| X | Configuration Loader | msgfixy.exe | Added by the SLINBOT.QW BACKDOOR! | No |
| X | Configuration Loader Service | Winsys32.exe | Added by the RBOT-YV WORM! | No |
| X | Configuration Loader Service | devl32.exe | Added by the SDBOT-XY WORM! | No |
| X | Configuration Loader10 | ip7.exe | Added by the AGOBOT-ANZ WORM! | No |
| X | Configuration Loading | svchos1.exe | Added by the GAOBOT.DK WORM! | No |
| X | Configuration Loading | configldr.exe | Added by the AGOBOT-EC WORM! | No |
| X | Configuration Loading Service | wscel.exe | Added by the SDBOT-WJ WORM! | No |
| X | Configuration Loadr | iexplore.exee | Added by an unidentified WORM or TROJAN! | No |
| X | Configuration Manager | CNFGLD32.EXE | Added by the SDBOT TROJAN! | No |
| X | Configuration Manager | Cnfgldr.exe | Added by the SDBOT TROJAN! | No |
| X | Configuration Manager | cfg32.exe | BookedSpace parasite. Note - the "cfg32.exe" file is located in %Windir% | No |
| X | Configuration Servecie | sewins.exe | Added by the SDBOT-COH WORM! | No |
| X | Configuration Service | suchost.exe | Added by the TREB TROJAN! | No |
| X | Configuration Services | mswords.exe | Added by the SDBOT-YM WORM! | No |
| N | Configuration Utility | CONFIG.EXE | Controls linksys wireless connection. Available from the Desktop | No |
| U | Configuration Utility | wlanutil.exe | NetGear Wireless LAN configuration utility for the MA311 802.11b (and maybe other cards) | No |
| X | Configuration Wizard | Cfgwiz32.exe | Added by a variant of the HACKTACK TROJAN! Not to be confused with the legitimate MS "ISDN Configuration Wizard" (Cfgwiz32.exe) | No |
| X | Configuration32 Loader32 | winamp32.exe | Added by the SDBOT-BIC WORM! | No |
| X | Configurations Asclt | asclt.exe | Added by the SDBOT-MX WORM! | No |
| U | ConfigUtility | ConfigUtility.exe | Wireless management utility for the HWC54G Hi-Speed Wireless-G CardBus Card from Hawking Technologies, Inc | No |
| X | ConfigVir | services.exe | Added by the AUTORUN-DV WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ~A~m~B~u~R~a~D~u~L~ subfolder | No |
| X | ConfLoader | sysconf16.exe | Added by the SDBOT-FB TROJAN! | No |
| N | Conmgr | conmgr.exe | Starts Winfax pro at startup | No |
| U | ConMgr.exe | conmgr.exe | Connection Manager as used by Earthlink and others. If you need this to ensure a proper connection but don't want to connect at startup try creating your own shortcut | No |
| X | conmswf | conrnbne.exe | Added by the SDBOT-DEX WORM! | No |
| U | Connect Kasamba | Kasamba.exe | "Finding the expert help that you need is easy on Kasamba. With more than 30,000 registered experts in over 600 categories to choose from, chances are, we`ll have just the right professional in the exact area of expertise that you need" | No |
| X | Connect2Party | connect2party.exe | Adult content dialler | No |
| U | Connection Keeper | ConKeepM.exe | "Connection Keeper is an invaluable time-saving tool for dial-up users. This free program simulates Internet browsing (at a random interval) to prevent your connection from appearing idle, thus preventing your ISP from dropping your connection due to inactivity" | No |
| N | Connection Manager | CManager.exe | SBC Yahoo DSL service connection manager. You can connect from the network connections. Users having problems with this have been advised to uninstall the connection manager via Add/Remove Programs and it won't affect the service | No |
| X | Connectivity Tool | [path to trojan] | Added by the LITEBOT-E TROJAN! | No |
| X | Connector | SYS.EXE | Nunci premium rate dialer | No |
| X | Connector | sms.EXE | Added by the ExDial-B premium rate adult content dialer | No |
| N | CONNECTScheduler | CONNECTScheduler.exe | Scheduler for updating Sony's CONNECT music download service | No |
| X | Cons | consol32.exe | Hijacker - redirects to an adult content portal, where foistware like ISTBar gets stealth installed | No |
| X | conscorr | conscorr.exe | VX2.Transponder parasite updater/installer related | No |
| X | Console de Gerenciamento Microsoft | csrss.exe | Unidentified malware! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "Level4" subfolder | No |
| X | Console de Gerenciamento Microsoft | csrss.exe | Added by the BANCBAN-ET TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "Central de Segurança" subfolder | No |
| U | Consumer Input | ConsumerInput.exe | Consumer Input Toolbar. Opt-in market research monitoring you browsing habits - see the FAQ | No |
| U | Consumer Input Rewarded with MyPoints, Consumer Input | ConsumerInputRewardedwithMyPoints, ConsumerInput.exe | Consumer Input Toolbar. Opt-in market research monitoring you browsing habits - see the FAQ | No |
| U | Consumer Input Rewarded with MyPoints, Consumer Input Update | ConsumerInputRewardedwithMyPoints, ConsumerInputUa.exe | Consumer Input Toolbar. Opt-in market research monitoring you browsing habits - see the FAQ | No |
| ? | Contacte | contacte.exe | Some kind of driver? | No |
| X | Content connector | [random filename].exe | Added by the DIALER-Y TROJAN! Note - uses a random filename and random folders. Usually the folder containing the file is a Temp folder | No |
| X | Content Service | winserv[LETTER].exe | PurityScan adware | No |
| X | ContentDownload | rundll32.exe MSA64CHK.dll,DllMostrar | MatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System% | No |
| X | ContentEraser | GDC.exe | ContentEraser rogue privacy tool - not recommended. A member of the PCPrivacyTool family | No |
| X | ContentService | winservn.exe | PurityScan adware - see here | No |
| X | ContinueInstall | bpsinstall.exe | BrowserAid/BrowserPal foistware | No |
| X | Contraviro | Contraviro.exe | Contraviro rogue security software - not recommended, removal instructions here | No |
| X | ContraVirus | ContraVirusPro.exe | ContraVirus rogue security software - not recommended, removal instructions here | No |
| X | ContraVirus | ContraVirus.exe | ContraVirus rogue security software - not recommended, removal instructions here | No |
| X | Control | rundll32.exe ctrlpan.dll, Restore ControlPanel | CoolWebSearch Msconfd parasite variant | No |
| U | Control Center | Center.exe | Associated with Hawking Technologies, Inc wireless products. Located in %Program Files%\Hawking\WLAN Card Utilities | No |
| X | Control handler | ***********.exe [* = random char] | CoolWebSearch parasite variant | No |
| X | Control handler | ahjinst.exe | CoolWebSearch parasite variant | No |
| X | Control handler | [10 to 14 random char]THD.EXE | Added by the KREPPER-AI TROJAN! | No |
| N | control panel | smctrlw.exe | System Tray icon for a Silicon Motion LynxEM based PCI Graphics Card | No |
| X | Control Panel | System.exe | Added by the DANI TROJAN! | No |
| X | control panel software service | cprs.exe | Added by the RBOT-FPI WORM! | No |
| X | Controladores | [path to trojan] | Added by the TELEFO-A TROJAN! | No |
| Y | ControlCenter | ctlcntr.exe | Part of Lenovo's (IBM) ThinkVantage Fingerprint Software - used on laptops and keyboards with integrated fingerprint readers | No |
| N | ControlCenter2.0 | brctrcen.exe | Brother scanner 'Control Center' application - can be started manually | No |
| N | ControlCentreTray | XWCTray.exe | System Tray access for the Xerox ControlCentre 2.0 software for their range of printers, copiers, faxes, etc | No |
| X | Controlled Resource System Service | crss.exe | Added by the AGOBOT.GH WORM! | No |
| N | Controller | WFXCTL32.EXE | From Symantec's TalkWorks Pro and WinFax. Appears if you chose to have the program appear in the taskbar (System Tray) during installation and displays a yellow fax/telephone icon. Available via Start -> Programs | No |
| X | ControlPanel | rundll32 internat.dll, LoadKeyboardProfile | CoolWebSearch parasite variant | No |
| X | ControlPanel | host32.exe internat.dll, LoadKeyboardProfile | Added by a vairant of the DELF.DW TROJAN! | No |
| X | ControlPanel | cmd32.exe internat.dll,LoadKeyboardProfile | Added by the DLOADER-HF TROJAN. Note - the "cmd32.exe" file is found in %System% | No |
| X | ControlPanel | systemctrl.exe internet.dll, LoadNetworkProfile | Browser hijacker, also detected as STARTPA-FX | No |
| X | ControlPanel | [path to executable] internat.dll,LoadKeyboardProfile | Added by the BIZVES-A TROJAN! | No |
| X | ControlPanel | popcorn.exe internat.dll, LoadKeyboardProfile | Added by the BIZVES-B TROJAN! | No |
| X | ControlPanel | popcorn64.exe rundll.dll, LoadMouseProfile | Added by the DLOADER-OI TROJAN! | No |
| X | ControlPanel | popcorn72.exe rundll.dll, LoadMouseProfile | Added by the DLOADER-RA TROJAN! | No |
| X | ControlPanel | svcc.exe internat.dll,LoadKeyboardProfile | WorldSearch adware - re-directing searches to "world-search.biz". Note - the "private.exe" file is found in %System% | No |
| X | ControlPanel | popcorn320.exe rundll.dll, LoadMouseProfile | Added by a variant of the DLOADER-RA TROJAN! | No |
| X | ControlPanel | private.exe internat.dll,LoadMouseCarpetProfile | Added by the CLICKER-AZ TROJAN! Creates the files sdfff, fdsf and zxczxc. In %System% creates the files d.exe, s.exe and r.exe. Note - the "private.exe" file is found in %System% | No |
| X | ControlPanel | twink64.exe internat.dll,LoadKeyboardProfile | Added by the DLOADER-BW TROJAN. Note - the "twink64.exe" file is found in %System% | No |
| X | ControlServiceMgr | csmsv.exe | Added by the AGENT-XC TROJAN! | No |
| U | Cookie Cop 2 | CookieCop.exe | Cookie Cop 2 from PC Magazine - cookie manager. Allows you to decide which internet sites can add "cookies" related to their sites for the next time you return | No |
| U | Cookie Pal | CPBRWTCH.EXE | Kookaburra Software's Cookie Pal cookie manager. Allows you to decide which internet sites can add "cookies" related to their sites for the next time you return | No |
| U | CookieJar | Cookiejar.exe | Cookie Jar cookie manager from Jason's Toolbox. Allows you to decide which internet sites can add "cookies" related to their sites for the next time you return. No longer being actively supported | No |
| U | CookiePatrol | CookiePatrol.exe | CookiePatrol - cookie interceptor stopping spyware cookies that used to be part of PestPatrol before CA's aquisition | No |
| U | CookieWall | cookie.exe | CookieWall from Analog X. Allows you to decide which internet sites can add "cookies" related to their sites for the next time you return | No |
| X | cookw | cookw.exe | Part of the ErrClean rogue system error and cleaning utility - not recommended. See here | No |
| U | Cool Desk | cdesk.exe | Cool Desk is a virtual desktops manager. "Ever you wished to have several screens on your computer? Cool Desk creates up to 9 virtual desktops and offers you to have different windows on each of them". Not required but may be of use to you | No |
| X | CoolDownloads | rundll32.exe MSA64CHK.dll,DllMostrar | MatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System% | No |
| U | CoolMon | CoolMon.exe | "CoolMon monitors vital system stats and almost anything else you wish to display on the desktop" | No |
| X | CoolMP3 | rundll32.exe MSA64CHK.dll,DllMostrar | MatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System% | No |
| U | CoolSwitch | taskswitch.exe | ALT+TAB replacement Powertoy for Windows XP - enhances the graphics displayed when you want to switch between programs running full-screen | No |
| N | Coolwallpaper | cwm_tray.exe | Cool Wallpaper software allows you to manage high quality photos as desktop wallpaper and screen savers | No |
| X | coolwebprogram | clrssn.exe | CoolWebSearch Smartsearch parasite variant | No |
| N | Copernic Desktop Search | DesktopSearch.exe | Copernic Desktop Search - "Easily search your entire hard drive in less than a second to pinpoint the right file, e-mail, music or pictures" | No |
| U | Copernic Desktop Search 2 | DesktopSearchService.exe | Copernic Desktop Search - search agent | No |
| U | CopernicPerUserTaskMgr | CopernicPerUserTaskMgr.exe | Automatic tasking feature of Copernic Pro multi-search engine tool | No |
| Y | Copperhead | razerhid.exe | Razer Copperhead mouse driver | No |
| U | Copy handler | Copy Handler.exe | Copy Handler lets you copy between hard disks, floppies, local networks, CDs, and many other storage media. Copy Handler gives you the power to pause, resume, restart, and cancel during the copying and moving processes | No |
| N | Copyright | mwcpyrt.exe | Displays copyright information on IBM ThinkPads | No |
| X | Core Process Aplication | ccapl.exe | Added by the QHOSTS.G TROJAN! | No |
| X | Core Process Aplication x16 | ccapl16.exe | Added by the SPYBOT.AFT WORM! | No |
| X | Core Process Aplication x32 | ccapl32.exe | Added by the SRAMLER.E TROJAN! | No |
| X | Core System Hardware | syscorehd.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| U | CoreCenter | CoreCenter.exe | MSI Core Center - motherboard utility for monitoring CPU speed, voltages, temperatures and fans speeds as well as overclocking | No |
| U | CoreCenter | CORECE~1.EXE | MSI Core Center - motherboard utility for monitoring CPU speed, voltages, temperatures and fans speeds as well as overclocking | No |
| X | Coreguard Antivirus 2009 | Coreguard 2009.exe | Coreguard Antivirus 2009 rogue security software - not recommended, removal instructions here | No |
| N | Corel Colleagues & Contacts Reminders | cffrem.exe | Corel Colleagues & Contracts - all-in-one organizer for scheduling meetings, maintaining addresses, etc. Part of the now defunct Corel Print Office | No |
| N | Corel Desktop Application Director | dadx.exe | The Desktop Application Director (DAD) gives you easy access to all Corel applications - x represents ther version number. Available via Start -> Programs | No |
| N | Corel Family & Friends reminders | CFFREM.EXE | Corel Family & Friends - all-in-one calender, address book and list manager. Part of the now defunct Corel Print House Magic | No |
| N | Corel Photo Downloader | MediaDetect.exe | Related to Corel Photo Album | No |
| N | Corel Registration | Remind32.exe | If you don't want to register Corel products and be reminded about it every 2 weeks disable it | No |
| N | Corel Registration Reminder | Remind32.exe | If you don't want to register Corel products and be reminded about it every 2 weeks disable it | No |
| N | Corel Reminder | NAVBROWSER.EXE | If you don't want to register Corel products and be reminded about it every 2 weeks disable it | No |
| N | Corel Reminder | NAVBrowser.exe | Registration reminder for CorelDRAW 10 | No |
| N | CorelCENTRAL 10 | I_26dadCC.exe | CorelCENTRAL 10 - personal information manager (PIM). Supplied as part of Corel WordPerfect Office 2002. Available via Start -> Programs | No |
| X | CorelDraw Toolbox | CorelDraw.exe | Added by the SDBOT-VZ WORM! | No |
| N | CorelMedia FoldersIndexer8 | MFindexer.exe | Part of CorelDraw bundles for indexing media files - similar to "fast find" in MS Office | No |
| N | CorelMedia FoldersIndexer8 | MFINDE~1.EXE | Part of CorelDraw bundles for indexing media files - similar to "fast find" in MS Office | No |
| X | CoreSrv | coresrv.exe | Some IRC trojans/worms use this - see here for more information | No |
| ? | CORESYS | coresys.exe | ?? | No |
| X | Corporate Microsoft Update | uptask.exe | Added by the RBOT-GVB WORM! | No |
| N | CorrectConnect | CConnect.exe | Broadband ISP diagnostic tool - as used by NTL and Cox Communications. Shortcut available | No |
| X | cosine | cosine.exe | Added by the RBOT-SW WORM! | No |
| U | CostAware | niIPCApp.exe | NetInternals CostAware - download quota measuring tool | No |
| X | Counterstrike Service Agent | czrzns.exe | Added by the MEDBOT.AR WORM! | No |
| N | Country Select | pctptt.exe | Country selection for a PCtel HSP56 based modem. Often found in OEM (Dell,Compaq, HP, etc) systems for their modems included on the motherboard or as a separate card. Once you've set the modem up to the chosen country it's not required | No |
| N | CountrySelection | pctptt.exe | Country selection for a PCtel HSP56 based modem. Often found in OEM (Dell,Compaq, HP, etc) systems for their modems included on the motherboard or as a separate card. Once you've set the modem up to the chosen country it's not required | No |
| ? | Coupon Offers | ?? | ?? | No |
| X | couponica | couponica.exe | Adware - see here | No |
| ? | CP | CopyProtectionNotifier.exe | Related to Emuzed Systems and Middleware. Comes included with Windows XP Media Edition | No |
| U | CP32NOT | CP32BTN.EXE | For the programmable "one-touch" buttons on HP laptops (and others?). Safe to disable if you don't use these buttons | No |
| U | CP4HPOT | OneTouch.EXE | One Touch keyboard driver. Required if you use the additional keys | No |
| N | CP888M1 | CP888M1.EXE | Related to EZbutton quick launcher for the Media player app that comes with certain laptops | No |
| ? | CPA9P2PSERVER | CPA9P2PS.exe | Found on a Compaq Presario but what is it? | No |
| X | cpanel | winlogin32.exe | Added by the RBOT-FOY WORM! | No |
| U | CPATR10 | CPATR10.EXE | Dritek/Compal ATR10 Easy Button driver. Used on certain laptops (e.g. Toshiba, Compaq) to translate special hotkeys such as Play/Pause and Constrast | No |
| U | CPBrWtch | CPBrWtch.exe | Kookaburra Software's Cookie Pal cookie manager. Allows you to decide which internet sites can add "cookies" related to their sites for the next time you return | No |
| X | CPCmscl0ck | CPCmsclock.ExE | Added by the IRCFLOOD.BF TROJAN! | No |
| Y | CPD_EXE | CPD.EXE | Firewall bundled with McAfee VirusScan 6.* | No |
| X | cpl | deamon.exe | Added by the TACTSLAY.C TROJAN! | No |
| X | cpl | msgaol.exe | Added by the TACTSLAY.C TROJAN! | No |
| X | cpl | s_menu.exe | Added by the TACTSLAY.C TROJAN! | No |
| X | cpl | browse.exe | Added by the TACTSLAY.C TROJAN! | No |
| N | CplBTQ00 | CplBTQ00.EXE | Related to EZbutton quick launcher for the Media player app that comes with certain laptops | No |
| N | CPLDBL10 | CPLDBL10.exe | Related to EZbutton quick launcher for the Media player app that comes with certain laptops | No |
| X | cpntmgc | wincomp.exe | Added by the WINTRIM.A TROJAN! | No |
| X | cpntmgc | simcss.exe | Added by the MAGICON.A TROJAN! | No |
| X | cpntmgc | navpmc.exe | Added by the SIMCSS TROJAN! | No |
| X | cpntmgc | winmgts.exe | Added by the WINTRIM-B TROJAN! | No |
| ? | CPortPatch | cppatch.exe | CPortPatch is a utility is required for Dell laptops that are using a docking station. Is it needed though? | No |
| Y | CPQAcDc | CPQAcDc.exe | Compaq PowerCon power management software for laptops | No |
| U | CPQAlert | CPQAlert.exe | Compaq's Insight Manager Agent - a tool that allows for "fault, performance, and configuration management". Recommended for corporate users only. It's best removed if installed but not wanted, rather than disabled at startup. See here for more information | No |
| N | CPQBootPerfDB | CPQBootPerfDB.EXE | See the entry for Compaq Message Server | No |
| Y | CPQCalib | CPQCalib.exe | Compaq PowerCon power management software for laptops | No |
| N | CPQDFWAG | CpqDfwAg.exe | For Compaq PC's. Runs Compaq diagnostics on every boot | No |
| U | CPQEASYACC | cpqeadm.exe | For Compaq PC's. Allows the use of programmable keys on mulimedia keyboards. Required if you use the additional keys | No |
| U | CPQEASYACC | StartEAK.exe | Easy Access Button Support for Compaq PCs. Allows the use of programmable keys on multimedia keyboards. Required if you use the additional keys | No |
| U | CPQEASYACC | STARTDRV.exe | For Compaq PC's. Allows the use of programmable keys on mulimedia keyboards. Required if you use the additional keys | No |
| U | cpqeaui | cpqeaui.exe | For Compaq PC's. Allows the use of programmable keys on mulimedia keyboards. Required if you use the additional keys | No |
| U | cpqek | kcpqek.exe | For Compaq PC's. Easy Access button support for the keyboard | No |
| X | CPQHotKeys | hotkeysvc.exe | Added by the RBOT-XA WORM! | No |
| U | CPQInet Runtime Service | CpqInet.exe | For Compaq PC's. Allows AOL and Compuserve to use the Easy Access buttons for the internet. Is not required if you don't use the ISP providers | No |
| N | CPQINKAGENT | cpqinkag.exe | That is the Compaq Ink Agent for some inkjet printers, it lets users know when their ink cartridges are getting close to empty (by how many pages they have printed) | No |
| U | cpqns | cpqnpcss.exe | Related to Compaq.Net - not required if you don't use that | No |
| N | Cpqset | Cpqset.exe | Default settings software in Hewlett Packard notebook | No |
| Y | CPQSTUTFIX | stutfix.exe | For Compaq PC's. Fixes audio stutter problems for ESS Maestro soundcards. You can download it here. This is a Compaq originated file and has been verified as free from viruses by McAfree/Norton | No |
| U | CPQTEAM | cpqteam.exe | This program is bundled with HP servers. When loaded a system tray icon will be available that launches the HP Network Configuration Tool | No |
| X | cpr | cpr | Adroar.com adware downloader | No |
| X | cprocsvc | cproc.exe | Added by MSIL.AGENT.C TROJAN! | No |
| U | Cpu Level Up help | CpuLevelUpHelp.exe | Included with some ASUS motherboards (such as the Maximus Extreme & Striker II Extreme), "the CPU Level Up application allows you to overclock immediately with OC profile presets in Windows without the hassle of booting the BIOS." Part of AI Suite | No |
| X | CPU Manager | cpumgr.exe | Added by the PANDEM.B WORM! | No |
| U | CPU Power Monitor | CpuPowerMonitor.exe | Included with some ASUS motherboards (such as the Maximus Extreme & Striker II Extreme). Associated with the "Energy Saving" feature of AI Gear - which "is a utility designed to configure and support all ASUS EPU (Energy Processing Unit) features." Part of AI Suite | No |
| X | CPU Temp Control | wuitgurd.exe | Added by the RBOT-AHV WORM! | No |
| X | CPU Watcher | rundll32.exe cpu.dll,load | Added by the DLOADER-LO TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "cpu.dll" file is located in %Windir% | No |
| X | CPU Windows Status | cpustats.exe | Added by a variant of the RBOT WORM! | No |
| U | CPUcool | Cpucool.exe | Program to keep the processor cool when idle in "overclocked" systems. Also available via Start -> Settings -> Control Panel | No |
| N | CPUMon | CPUMon.exe | "CPUMon continuously displays the updated system statistics in a floating window as well as in system tray area" | No |
| X | Cpusave | Cpusave.exe | Added by the GEMA TROJAN! | No |
| X | Cpusave32 | Cpusave32.exe | Added by the GEMA TROJAN! | No |
| X | CPVHOST Settings | cpvhost.exe | Added by a variant of the SDBOT TROJAN! | No |
| X | cpyt | hidep.exe | Added by the MIRJACK-A TROJAN! | No |
| X | cqlyg | world_cup_.bat | Added by the WCUP.A WORM! | No |
| ? | CQSCP2P SERVER | ?? | "Compaq printer utility which is required in the startup menu in order to make the printer work correctly". Personally I doubt whether it is actually needed | No |
| ? | CQSCP2PS | ?? | "Compaq printer utility which is required in the startup menu in order to make the printer work correctly". Personally I doubt whether it is actually needed | No |
| X | Cr**.exe [* = random char] | Cr**.exe [* = random char] | CoolWebSearch/HomeSearch adware - for examples, see this log | No |
| X | Cr**32.exe [* = random char] | Cr**32.exe [* = random char] | CoolWebSearch/HomeSearch adware - for examples, see this log | No |
| U | cracked_windows1 | cracked_windows1.exe | Cracked Windows popup killer | No |
| X | crash0001 | restorecrashwin32.bat | Added by the AGENT-ZC TROJAN! | No |
| X | CrashDump | [path to trojan] | Added by the DROPPER.EAT TROJAN! | No |
| N | CrazyTalk Serve | rundll32.exe CrazyTalk.dll, DIIServeMediaFile | CrazyTalk from Reallusion - "the worlds only facial animation tool that gives you the power to create talking animated images from a single photograph, complete with emotions." Can apparently be installed without your knowledge as well as being a legitimate download in it's own right from sites such as TUCOWS | No |
| U | CRBroadCasting | CRBroadCasting.exe | CardReader2 from On Track Inovations Ltd. USB Card Reader | No |
| X | CRC Value Verifier | crsss32.exe | Added by a variant of the RBOT WORM! | No |
| X | CRC Value Verifier | Crsss64.exe | Added by the RBOT-NY WORM! | No |
| X | CRC Value Verifier | svchost32.exe | Added by the RBOT-OA WORM! | No |
| X | CRC Value Verifier | crsss.exe | Added by the SPYBOT.UK WORM! | No |
| X | Crc32stats Dependencies | Crc32stats.exe | Added by the MYTOB.GT WORM! | No |
| X | CRCSS | crcss.exe | Added by the IRCBOT-TH WORM! | No |
| U | Creata Mail | JMSrvr.exe | Creata_Mail. Smileys, stationary and more for you email. Required if you want to access the program from Outlook or Outlook Express | No |
| X | Create A Monster | createAMonster.exe | Kudd.com CreateAMonster. Reportedly stealth installed and Look2Me adware related | No |
| N | CreateCD | Createcd.exe | Adaptec Easy CD Creator system tray application (pre version 5). Available via Start -> Programs | No |
| N | CreateCD50 | Createcd50.exe | Adaptec Easy CD Creator version 5 system tray application. Available via Start -> Programs | No |
| X | Creates stractures for system management | stacture.exe | Added by the SDBOT-DHS WORM! | No |
| N | Creative AGP Wizard | agpwiz.exe | Part of Creative's BlasterControl | No |
| X | Creative Audio Drivers | creative.exe | Added by the RBOT-FKR WORM! | No |
| N | Creative Detector | CTDetect.exe | Auto-detect and play a DVD when using a Creative Soundblaster Audigy2 soundcard. Uses about 2.2 MB of memory. Disable it by heading to the MediaSource DVD Audio Player, selecting Tools, then uncheck the Auto Start box. It should not start up automatically again | No |
| N | Creative Launcher | CTLauncher.exe | For Creative Soundblaster Live! series soundcards. Adds a quick-launch bar to the top of the display and a System Tray icon. Available via Start -> Programs | No |
| U | Creative Live! Cam Manager | CTLCMgr.exe | Creative Live! Cam Manager | No |
| U | Creative MediaSource Go | CTCMSGo.exe | Creative MediaSource Go! is a combination of a short-cut bar and launcher for the Creative MediaSource™ player/organizer - which "enables you to manage your entire digital music collection on both your computer and your Creative portable music player effortlessly" | No |
| U | Creative MediaSource Go | CTCMSGoU.exe | Creative MediaSource Go! is a combination of a short-cut bar and launcher for the Creative MediaSource™ player/organizer - which "enables you to manage your entire digital music collection on both your computer and your Creative portable music player effortlessly" | No |
| N | Creative PCI Audio Configuration Utility | starter.exe | System Tray icon to configure a Creative Soundblaster PCI soundcard. Not required and re-instates itself when un-checked. Try one of the solutions on this special page. Similar to EnsoniqMixer | No |
| N | Creative Software Update | AutoUpdate.exe | Auto-updater for Creative Labs software | No |
| N | Creative WebCam Tray | Camtray.exe | Creative WebCam tray control - can be started manually | No |
| X | Creative.exe | Creative.exe | Added by the PROLIN WORM! | No |
| N | CreativeDiscNotifier | CTNOTIFY.EXE | For Creative Soundblaster Live! series soundcards. Detects when you insert a CD-ROM, DVD-ROM, etc. Available via Start -> Settings -> Control Panel | No |
| U | CreativeMixer | CTMIX32.EXE | Creative soundcard System Tray access to, for example, volume slider controls as normally provided by the "speaker" icon. Not required unless you adjust any settings otherwise available via the standard icon | No |
| ? | CreativeTaskScheduler | CTSched.exe | Creative Task Scheduler. What does it do and is it required? | No |
| X | Critical Error Safe32 | GetWaylayer32.exe | Added by the RBOT.IAL WORM! | No |
| X | Critical Update Check | battlenet.exe | Added by the DELF-LB TROJAN! | No |
| N | CriticalUpdate | Wucrtupd.exe | MS Windows Critical Update Notification. If you want to keep Windows up-to-date, check the Windows Update site | No |
| X | CriticalUpdate | wucrtupd.exe | Added by the NOALA.B WORM! Note - this file is located in the Windows or Winnt folder, and must not be confused with the legitimate Windows process of the same name as described here | No |
| X | crmssrlt | [random filename] | Added by a variant of the SLAPER TROJAN! | No |
| X | Crnsava | scrnsave.pif | Added by the SDBOT-ZV WORM! | No |
| X | cronos | MARCO!.SCR | Added by the OPASERV.G WORM! | No |
| X | CrossMenu | CrossMenu | Toshiba CrossMenu Utility - allows the user to create their own menus | No |
| U | CrossMenu | CrossMenu.exe | Toshiba CrossMenu Utility - allows the user to create their own menus | No |
| X | CRP386 Networking | crp386.exe | Added by the IRCBOT.N TROJAN! | No |
| X | crs | crs.exe | Added by the AGOBOT-TJ WORM! | No |
| X | crsmons | iomssls.exe | Added by the BACKDR-AU TROJAN! | No |
| X | CRSS | CRSS.exe | Added by the AGOBOT-RM WORM! | No |
| X | CRSS | lssas.exe | Added by an unidentified WORM or TROJAN! | No |
| X | crsss | crsss.exe | Added by the AUTORUN.FM WORM! | No |
| X | CRSSXP SysInfo | crssxp.exe | Added by a variant of the SDBOT TROJAN! | No |
| X | Crusty | dmcpl.exe | Added by the RUSTY WORM! | No |
| X | cryptdlg | cryptdlg.exe | Added by an unidentified TROJAN! | No |
| U | cryptoexpert | cexpert.exe | CryptoExpert from SecureAction Research. Advanced on the fly encryption system | No |
| X | Cryptographic Service | ******.exe [* = random char] | Added by the KORGO.W or KORGO.X or KORGO.AB WORMS! | No |
| ? | Crystal 3D Audio Control | CWD3DSND.EXE | Crystal 3D Audio sound driver. Is it required? | No |
| X | CS | tsc.exe | Cyber Security rogue security software - not recommended, removal instructions here | No |
| X | CS Update | copy /Y [path] ActivationManager.dll.upd [path] ActivationManager.dll | Added by an unidentified malware | No |
| N | csaRem | spqmdmui.exe | Compaq modem country selection | No |
| Y | CSAV_CheckViruses | vchk.exe | Command Antivirus related | No |
| U | csc | csc.exe | Command line compiler for Microsoft C# it gets installed with the .NET SDK | No |
| X | cscripts | cscripts.exe | Added by the BDOOR-AAP BACKDOOR! | No |
| X | CSCRS Value | cscrs.exe | Added by the RBOT-AAA WORM! | No |
| X | CSCRS Value Check | MsPMSPSd.exe | Added by a variant of the SDBOT WORM! | No |
| X | Csec | cs.exe | Cyber Security rogue security software - not recommended, removal instructions here | No |
| N | csecwiz | csecwiz.exe | Setup wizard for the Client Security Software for IBM\Lenovo notebooks. This entry only runs once, after the software has been installed and the notebook rebooted for the first time. If the wizard isn't completed a shortcut is available via the Start menu until it is | No |
| X | cserv32 | cserv32.exe | Added by the STRATION.EC WORM! | No |
| X | CsimPlayer | CsimPlayer.exe | Added by the KOOBFACE-AD WORM! | No |
| U | CSINJECT.EXE | CSINJECT.EXE | Part of Quarterdeck/Norton CleanSweep. "Csinject must be loaded in order for Smart Sweep to automatically monitor installations and properly track registry changes" | No |
| X | csm Win Updates | csm.exe | Added by the ZOTOB.B WORM! | No |
| X | CSNetManagerXp | isass.exe | Added by the HIDER-O TROJAN! | No |
| X | csoftok | softok.exe | Added by the QQPASS.G TROJAN! | No |
| X | csos | csos.exe | Added by the SDBOT-DFE WORM! | No |
| X | csrcs | csrcs.exe | Added by the AGENT-HUA TROJAN! | No |
| X | csrs | csrs.exe | Added by the GAOBOT.GEN!POLY WORM! | No |
| X | csrsc | csrsc.exe | Added by an unidentified VIRUS, WORM or TROJAN! | No |
| X | CSRSS | CSRSS.EXE | Search page hijacker, redirecting to h**p://www.search-aide.com/. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! | No |
| X | Csrss | csrss.exe | Added by the CHOD WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a random subfolder | No |
| X | csrss | csrss.exe | Added by the KEYLOG-AQ KEYLOGGER! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | csrss | csrss.exe | Added by the CHODE-J WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a random subfolder | No |
| X | csrss | msmsgs.exe | Added by the CHODE-J BACKDOOR! Note - this malware uses MSN Messenger (which is located in %Program Files%\Messenger) in the background to propogate itself | No |
| X | csrss | nwiz.exe | Added by the CHODE-J WORM! | No |
| U | csrss | csrss.exe | BeyondKeylog surveillance software. Uninstall this software unless you put it there yourself. Note - this is not the same file as the csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %ProgramFiles%\Supremtec | No |
| X | Csrss | CSRSS.EXE | Added by the PUNYA-B WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in C:\Documents and Settings\Administrator\Local Settings\Application Data\WINDOWS | No |
| X | csrss | ssms.exe | Added by an unidentified malware | No |
| X | Csrss Host | csrhost.exe | Added by the IRCBOT.BIZ WORM! | No |
| X | CSRSS Loader | csrsss.exe | Added by the AGOBOT.TX WORM! | No |
| X | csrss.exe | csrss.exe | Added by the DALBUG WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | csrssLevel4 | csrss.exe | Unidentified malware! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "Level4" subfolder | No |
| X | CSRSSU | CSRSSU.exe | CoolWebSearch parasite variant - hijacking to Slawsearch.com. Also detected as the CWS-E TROJAN! | No |
| X | CSRSSW | CSRSSW.EXE | Added by the CWS-F TROJAN! | No |
| X | CSRSWIN | [trojan filename] | Added by the WINSHELL.50 TROJAN! | No |
| X | CSRSX | [trojan filename] | Added by the WINSHELL.50.B TROJAN! | No |
| X | csrvss | csrvss.exe | Added by a variant of the SDBOT TROJAN! | No |
| U | CSS Server | CSSServer.exe | ComSpySysSvr surveillance software. Uninstall this software unless you put it there yourself | No |
| N | cssauth | cssauth.exe | Part of Thinkvantage Client Security Solution for Lenovo ThinkPad notebooks and ThinkCentre desktops. Once configured via the associated setup screens this loads via winlogon.exe (and loads the password manager) and therefore disabling this entry has no effect | Yes |
| ? | cssauthe | cssauthe.exe | Part of the Client Security Solution on an IBM ThinkVantage (now Lenovo) PC - "a suite of ThinkVantage Technology tools designed to help protect access to your computer operating system and your sensitive data. The Client Security Solution integrates the hardware protection of its embedded chip with the protection afforded by its secure software." What does this do and is it required?" | No |
| Y | CSScheduleCheck | SCHWIZEX.EXE | Part of ConfigSafe - lets you identify changes to the registry, INI files, System asset files, system hardware, network connections, and operating system versions - provides a restore function. This part takes a snapshot of your system following a healthy re-boot | No |
| X | cssrs | cssrs.exe | Added by the BANCBAN-DW TROJAN! | No |
| X | cssrss.exe | cssrss.exe | Malware installed by different rogue security software including SpyKillerPro | No |
| X | csss | Csss.exe | Added by the BALICK TROJAN! | No |
| U | CSS_Central | CSS_1631.EXE | CSS Communication Agent (95 Host) from Command Software Systems (now Authentium). "CSS Central™ provides administrators with a powerfully proactive tool to effectively manage and maintain the anti-virus strategy from a centralized console" | No |
| X | CSV10P1 | CSP001.exe | ClearSearch adware | No |
| X | CSV10P70 | CSv10P070.exe | ClearSearch adware | No |
| X | CSV7P26 | CSV7P26.exe | ClearSearch adware | No |
| X | CSV7P70 | CSV7P070.exe | ClearSearch adware | No |
| X | CSV7P91 | CSV7P91.exe | ClearSearch adware | No |
| U | csvdea | csvdea.exe | SpyArsenalLog surveillance software. Uninstall this software unless you put it there yourself | No |
| X | csvhost.exe | csvhost.exe | Added by the CIMUZ-BD TROJAN! | No |
| Y | ct | ct.exe | ct.exe is a file is for the HP Learning Adventure software and if you use this software it is required to run it | No |
| X | CT Control Settings | CTSVCCD.EXE | Added by the RBOT-YS WORM! | No |
| U | CTAPR2 | CTAPR2.exe | Console Launcher for the Creative Sound Blaster X-Fi series | No |
| N | CTAVTray | CTAvTray.exe | For Creative Soundblaster Live! series soundcards. Plays the EAX animation on start-up and adds a System Tray icon for it. Available via AudioHQ | No |
| U | CTCheck | CTCheck.exe | Associated with the ZEN range of MP3 players from Creative Technology Ltd. A visitor recommended the "U" status but what does it do? | No |
| U | CTCMonitor | CTCMonitor.exe | Click-to-Convert - document-to-HTML or doc-to-PDF converter. Only required if you are going to use the File -> Print method of using Click-to-Convert. If converting directly from MS Office, it is not required | No |
| X | CTDrive | rundll32.exe drvmod.dll | Added by a variant of the OP DIALER! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "drvmod.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| N | CTDVDDet | CTDVDDet.exe | Auto-detect and play a DVD when using a Creative Soundblaster Audigy2 soundcard. Uses about 2.2 MB of memory. Disable it by heading to the MediaSource DVD Audio Player, selecting Tools, then uncheck the Auto Start box. It should not start up automatically again | No |
| X | CTF Device Loader | ctfmond.exe | Added by the AGOBOT-FO WORM! | No |
| X | ctf.exe | ctf.exe | Added by a variant of the BIFROSE TROJAN! | No |
| X | ctflog manager | ctflog.exe | Added by the DONBOMB.A TROJAN! | No |
| X | CTFM0N.exe | CTFM0N.exe | Added by the STARTPAGE.P TROJAN! Notice the digit "0" in both columns rather than the upper case "o" | No |
| X | ctfmom | ctfnom.exe | Added by the BCKDR-QTA BACKDOOR! | No |
| U | ctfmon | ctfmon.exe | Supports multiple languages and alternative method inputs in Windows and MS Office. The language bar is displayed alongside the System Tray if more than one keyboard layout is enabled (for switching input languages) or, for example, if speech is selected as an alternative input for MS Office or Notepad. Required to support advanced text services (such as right to left text) for East Asian users. Can be disabled via Start → Control Panel → Regional and Language Options → Languages → Text Services and Input Languages → Details → Advanced → System Configuration → Turn off advanced text services (which also turns off the language bar). See also here and here. Can also cause problems with some other programs if left enabled - see here for such an example | Yes |
| X | ctfmon | taskmgr32*.exe [* = number] | Added by the SOWSAT.B WORM! | No |
| X | ctfmon | cftmon.exe | Added by the DELIVE-A BACKDOOR! Note - this is not the legitimate ctfmon.exe process associated with alternate text inputs which is always located in %System%. This one is located in %Windir% | No |
| X | ctfmon | mIRC.dll | Added by the DELBOT-E TROJAN! | No |
| X | ctfmon | WinConst.exe | Added by the ASSASIN-G TROJAN! | No |
| U | CTFMon | ctfmon.exe | Family KeyLogger keystroke logger/monitoring program - remove unless you installed it yourself! Note - this is not the legitimate ctfmon.exe process associated with alternate text inputs which is always located in %System%. This one is located in a "CTF" sub-folder | No |
| X | ctfmon | msnmsgr.exe | Added by the BDOOR-JV BACKDOOR! Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %System% | No |
| X | CTFMON | wscript.exe /E:vbs winjpg.jpg | Added by the RUNAUTO.F WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted. The "winjpg.jpg" file is located in %System% | No |
| X | CTFMON | wscript.exe /E:vbs regedit.sys | Added by the VBSAUTO-A WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted. The "regedit.sys" file is located in %System% | No |
| X | CTFMON | win.exe | Added by the VBS.RUNAUTO.G WORM! | No |
| X | Ctfmon | wmisys.exe | Added by the IRCBOT-ADS WORM! | No |
| X | ctfmon | WinUP.exe | Added by the BANKER-VV TROJAN! | No |
| X | CTFMON.CPL | CTFM0N.CMD | Detected by Symantec as the SILLYFDC WORM! See here | No |
| X | Ctfmon.exe | ctfmon32.exe | CoolWebSearch Ctfmon32 parasite variant | No |
| X | ctfmon.exe | ctfmon.exe | Added by the RAIDYS TROJAN! Note - this overwrites the legitimate ctfmon.exe process associated with alternate text inputs which is located in %System% | No |
| X | ctfmon.exe | msupdate32.exe | Spy Sheriff/SpywareNO malware, also detected as the SPYHOAX-A TROJAN, pretends to be a spyware remover! - file names spotted sofar include VXH8JKDQ2.EXE, NS6281400.so, CVXH8JKDQ2.EXE, down3.exe, sefe.exe, winstall.exe, and tool2.exe | No |
| U | ctfmon.exe | ctfmon.exe | Supports multiple languages and alternative method inputs in Windows and MS Office. The language bar is displayed alongside the System Tray if more than one keyboard layout is enabled (for switching input languages) or, for example, if speech is selected as an alternative input for MS Office or Notepad. Required to support advanced text services (such as right to left text) for East Asian users. Can be disabled via Start → Control Panel → Regional and Language Options → Languages → Text Services and Input Languages → Details → Advanced → System Configuration → Turn off advanced text services (which also turns off the language bar). See also here and here. Can also cause problems with some other programs if left enabled - see here for such an example | Yes |
| X | ctfmon.exe | ctfmon.exe eminem.exe | Added by the BHARAT.A WORM! | No |
| X | CTFMON.EXE | svchost.exe | Added by the JUEGO-B WORM! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | CTFMON32 | CTFMON32.EXE | CoolWebSearch Ctfmon32 parasite variant - also detected as the CWS-E TROJAN! | No |
| X | ctfmon32 | [random filename].exe | Added by the RBOT-GSN WORM! | No |
| X | ctfmon32 | taskmgr32*.exe [* = digit] | Added by the SOWSAT.C WORM! | No |
| X | ctfmona | ctfmona.exe | Added by the DLOADR-BME TROJAN! | No |
| X | CTFMONSS | CTFMONSS.EXE | Added by the CWS-F TROJAN! | No |
| X | ctfmun | ctfmun.exe | Added by the AGENT.ACEZ TROJAN! | No |
| X | ctfnnon | ctfmon.exe | Added by the TURKOJAN.IL BACKDOOR! Note - this is not the legitimate ctfmon.exe process associated with alternate text inputs which is always located in %System%. This one is located in %Windir% | No |
| X | ctfnom | rundIl32.exe | Added by the LEGMIR-AW TROJAN! | No |
| X | ctfnom.exe | SVOHOST.exe | Added by the DIGIDOR-A TROJAN! | No |
| X | ctfnom.exe | OSRSS.exe | Added by the DLOADER-UQ TROJAN! | No |
| X | cthelp | cthelp.exe | Added by the SDBOT TROJAN! | No |
| U | CTHELPER | CTHELPER.EXE | CTHELPER is a background task that is a plug-in manager for Creative drivers. The theory is that 3rd party manufacturers can use the CTHELPER plug-in interface to produce drivers, add-on features, and fixes that will integrate with a tighter fit with Creative's sound drivers and utilities. Given its purpose CTHELPER would normally be classified as a "leave alone" background task. It also allows Creative speaker setup to be synchronized with Windows Control Panel speaker setting. Without it running that check box in Creative speaker setting is not functional (settings are not in sync). Unfortunately there are often problems with CTHELPER, most notably that it can use 100% of CPU time so it's best left disabled unless you need it | No |
| X | CTHelper | cthelper.exe | Added by the RBOT-XB WORM! Note - do not confuse with the Creative application of the same name described here | No |
| X | CTHELPER | svhost.exe | Added by the SDBOT-RZ WORM! | No |
| X | CTime | [path to trojan] | Added by the HTTPDOS TROJAN! | No |
| X | CTin10 | CTin10.exe | Added by the BANCOS.E TROJAN! | No |
| X | CtModule | CtModule.exe | Added by the CLICKER-EG TROJAN! | No |
| X | CTMON.EXE | cfmon.exe | Added by the CLCKR-AN TROJAN! | No |
| U | CTNMRUN | ctnmrun.exe | Detects the Creative NOMAD jukebox/MP3 player at the time it is attached to USB and starts the needed application (Creative PlayCentre 2) that you use to copy MP3 files to and from it. This is required if you want PlayCentre 2 to take control of the NOMAD once connected | No |
| ? | CTPDPSRV | CTPDPSRV.EXE | Compaq A3000 printer driver (in the %System%\spool\DRIVERS\W32\X86 folder). Is it required? | No |
| N | CTPerformanceUtility | CTPowUti.exe | Related to Creative PowerSysTrayApp. This program is a non-essential process, but should not be terminated unless suspected to be causing problems | No |
| X | ctpmon | ctpmon.exe | System Registry Cleaner - stealth installed foistware from sysregistry.com | No |
| N | CTRegRun | CTRegRun.exe | For Creative Soundblaster Live! series soundcards. Reminds you to register your card with Creative | No |
| U | CtrlVol | CtrlVol.exe | Volume control key on Acer, Fujitsu and other laptops | No |
| ? | CTSched | CTSched.exe | Creative Task Scheduler. What does it do and is it required? | No |
| N | CTStartup | CTEaxSpl.exe | Splash screen with sound on every boot up. Installed with a Sound Blaster Audigy soundcard | No |
| U | CTSVolFE | CTSVolFE.exe | Creative Labs Mixer applet for the Sound Blaster Audigy | No |
| U | CTSVolFE.exe | CTSVolFE.exe | Creative Labs Mixer applet for the Sound Blaster Audigy | No |
| N | CTSyncU.exe | CTSyncU.exe | Creative Sync Manager - synchronizes music tracks on your computer with your player | No |
| U | CTsysVol | CTSYSVOL.exe | Creative sound card volume controls | No |
| ? | cttdpsrv | cttdpsrv.exe | ?? | No |
| X | CTUpdate | ctupdclt.exe | Added by the RBOT-ABG WORM! | No |
| N | CTxfiHlp | CTXFIHLP.EXE | Added by the installation of a Creative Labs X-Fi sound card. This particular process provides the help functionality for your card | No |
| N | CTXFIREG | CTxfiReg.exe | Creative Labs sound card driver related. It appears that it isn't required and maybe registration related | No |
| X | Ctykd | [path to file] | SMALL.SN spyware | No |
| N | CTZDetec.exe | CTZDetec.exe | Auto-detect feature of Creative Media Lite which assists you in managing your music, ripping CDs and transferring other stored music to your Zen Stone MP3 player | No |
| X | CU1 | VCClient.exe | Associated with the Surf Sidekick adware and should be removed | No |
| X | CU2 | VCMain.exe | Associated with the Surf Sidekick adware and should be removed | No |
| Y | cuagentExe | Cuagent.exe | Command Antivirus related | No |
| X | CueX44 | Dago.exe | Added by the PUNYA-B WORM! | No |
| X | CueX44_stil_here | WINLOGON.EXE | Added by the PUNYA-A WORM! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup! | No |
| X | cuo | cuo.exe | Added by the BUGBEAR.A WORM! | No |
| X | Current Security Config | csecure.exe | Added by the RBOT-AMO WORM! | No |
| X | Current32 | msnpla.exe | Added by the SDBOT-DIS WORM! | No |
| N | CurseClient | CurseClient.exe | CurseClient add-on manager for World of Warcraft and Warhammer Online games | No |
| N | cursor | Screendragon_VS_Taskbar.exe | ScreenDragon video player | No |
| N | CursorXP | CursorXP.exe | CursorXP from Stardock - tool for creating mouse cursors | No |
| U | Curtain | Curtain.exe | Curtain (from Chaotic Visions) - "is a Windows utility which gives you the power to hide any window or group of windows to your system tray" | No |
| U | Customizer2000 | logon.exe | Automatic logon feature of Customizer 2000 - "a special utility which is designed to optimize Win9x/ME performance. The program lets you explore the many hidden settings in Windows, and make changes" | No |
| N | CuteMX | CuteMX.EXE | File sharing utility | No |
| X | Cvfjx | ANACON.EXE | Added by the NACO.A WORM! | No |
| X | cvhnykzx | keepSafe.exe | Added by the KILLAV.KAX TROJAN! | No |
| X | cvmonitor.exe | cvmonitor.exe | Added by the SDBOT.BV WORM! | No |
| X | cvmsyslpd | sdservss.exe | Added by the MAILBOT-BY TROJAN! | No |
| Y | CVPND | cvpnd.exe | Sub-system used by Cisco VPN client for making a connection to a remote IPSec server | No |
| U | CW | cw4.exe | Chat Watch "is a monitoring and logging software for online chat and instant messaging programs" | No |
| U | CWatch | cw.exe | ChatWatch - chat monitoring tool | No |
| N | cwbckver | cwbckver.exe | Part of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. Checks the software version on your PC to that of the iSeries it is connected to. Not required - and can be turned off in the Client Access properties. It's a waste of resources | No |
| N | cwbinhlp | cwbinhlp.exe | Client Access Help Registry Update Function - part of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. It only updates the help files on your PC to match the level of the attached iSeries | No |
| N | cwbsvstr | cwbsvstr.exe | Part of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. Useful if you are going to access the iSeries through Windows Explorer to move files back and forth between Windows folders and iSeries folders. This is a tool that is only used by Client Access administrators (usually) so it is not required - a waste of resources | No |
| ? | cwbwlwiz | cwbwlwiz.exe | Welcome wizard launcher - Part of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. What does it do and is it required? | No |
| ? | Cwcdschk.exe | Cwcdschk.exe | IBM Thinkpad related? | No |
| U | cwcptray | cwcptray.exe | Related to ContentWatch Parental Control internet filter | No |
| X | cwingllib | atllsimm.exe | Added by a variant of the SDBOT WORM! | No |
| X | cwriter | ucookw.exe | Part of the ErrClean rogue system error and cleaning utility and other members of this family. See here for more examples | No |
| U | cwupdate | cwupdate.exe | ContentProtect from ContentWatch - internet filter | No |
| X | cximddl | ldfrmmd.exe | Added by the BUZUS.CQMU TROJAN! | No |
| N | CXMon | Hpi_Monitor.exe | Autodetects when a HP camera is attached to the computer and launches the "HP Photoimaging Software". Available via Start -> Programs | No |
| N | Cyber | cyberchk.exe | Part of Belkins "Multimedia Cleaning Kit" and is automatically installed when you run their optical disk drive cleaning utility - to remind you to clean your drive after "x" amount of time has passed | No |
| U | Cyber Trio | showmode.exe | From G-Tek Technologies. Allows you to set the PC in one of three modes, Standard, Enhanced and Kiddo. Standard is full function, Enhanced prevents accidental damage and Kiddo is a play environment for kids. Pre-installed on some Packard Bell PCs | No |
| U | Cyber-Defender 2003 | uwcdsvr.exe | Cyber Defender 2003 | No |
| N | Cyber-shot Viewer Media Check Tool | SPUVolumeWatcher.exe | Part of the Sony Picture Uility software supplied with Sony Cyber-shot digital cameras. Automatically invokes an import process if the camera is connected and has media on it | No |
| X | cyberfree.exe | ****.dat [* = random char] | Unidentified adware | No |
| U | Cyberhawk | CHTray.exe | Cyberhawk from Novatix. Protects against viruses, spyware, identity theft | No |
| U | CyberLat Ram Cleaner | CLRamCleaner.exe | CyberLat RAM Cleaner - memory optimizer. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mind | No |
| U | CyberLat Ram Cleaner | CyberLat Ram Cleaner 1.1.exe | CyberLat RAM Cleaner - memory optimizer. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mind | No |
| N | Cyberlink PowerCinema 3.0 | PCMService.exe | Part of Cyberlink's PowerCinema - which can be used to watch movies, play music and even watch TV in a central location. Commonly, PC manufacturers will base their own multimedia player/organizer on PowerCinema (such as Dell's Media Experience and Acer's Arcade Deluxe). Disabling this entry will not prevent PowerCinema working and doing so can prevent problems such as the screensaver not starting or a laptop not entering standby/hibernation/sleep-mode | Yes |
| N | CyberMedia Agent | CMAGENT.EXE | Part of CyberMedia's Oil Change program. Not normally required. Note - if you have TextBridge, CyberMedia Agent may attach itself to TextBridge and cause TextBridge to crash everything if this is disabled | No |
| U | CyberPatrolNew | cphq.exe | "CyberPatrol is one of the most powerful and popular client-based, browser independent, Internet safety software solutions for Windows-based standalone PCs available today" | No |
| X | CyberWolf | CyberWolf.exe | Added by the KICKIN.A (or CYDOG.C) WORM! | No |
| X | CyDoor | CD_Load.exe | Adware. Check here for information about Cy-Door and here for a program that can remove it | No |
| X | CydoorUpdate | CD_Load.exe | Adware. Check here for information about Cy-Door and here for a program that can remove it | No |
| ? | CYNHKey | CYNHKey.exe | ?? | No |
| N | CyphTray | CyphTray.exe | Cypherus - encryption software | No |
| U | CypressLinkMon | CypressLinkMon.exe | Related to CypressViewer from Siemens that "allows ACUSON Cypress cardiovascular system PLUS users to store, view, and analyze Cypress system PLUS studies on a standard Windows PC" | No |
| X | D SYSTEM | dd.exe | Added by the MYTOB-FN WORM! | No |
| Y | D-Link Air USB Utility | AirCFG.exe | D-Link wireless PCI adapter related | No |
| Y | D-Link Air Utility | AirCFG.exe | D-Link wireless PCI adapter related | No |
| N | D-Link AirPlus DWL-650+ Utility | WLANMON.exe | D-Link Air Plus Wireless PC modem connection monitor | No |
| Y | D-Link AirPlus G | AirGCFG.exe | D-Link Airplus Wireless Router driver | No |
| Y | D-Link AirPlus G Wireless Utility | AirPlus.exe | D-Link AirPlus G wireless configuration and monitoring utility | No |
| U | D-Link AirPlus XtremeG | AirPlusCFG.exe | D-Link AirPlus XtremeG wireless configuration utility | No |
| N | D066UUtility | D066UUTY.EXE | TWAIN driver for the CanoScan D660U flatbed scanner. Start scanning via your scanner management software | No |
| X | D3**.exe [* = random char] | D3**.exe [* = random char] | CoolWebSearch/HomeSearch adware - for examples, see this log | No |
| X | D3**32.exe [* = random char] | D3**32.exe [* = random char] | CoolWebSearch/HomeSearch adware - for examples, see this log | No |
| X | d3dupdate.exe | bbeagle.exe | Added by the BEAGLE.A WORM! | No |
| U | D4 | D4.exe | Dimension 4 - network time synchronization freeware - starts-up, adjusts the system clock, then shuts down | No |
| X | d9fw5i91p | d9fw5i91p.exe | Added by the AGENT-GIW BACKDOOR! | No |
| X | dabrun | rundll32.exe dabapi.dll, Rundll32 | SinaUpdateCenter adware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "dabapi.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| N | DACONFIGEXE | daconfig.exe | 3Com NIC Diagnostics. Available via Start -> Programs | No |
| Y | DadApp | dadapp.exe | "DadApp is the SW utility that controls the programmable buttons on Dell Laptops. Not required, but should be left in because it can create a hassle and doesn't always restore functionality to those buttons once unchecked and rechecked" - direct from Dell | No |
| N | Daemon | DAEMON32.EXE | Pre-loads game profiles for MS Sidewinder game controllers prior to release 2.0 of the software. Recommend upgrade. Available via Start -> Programs | No |
| U | Daemon | Daemon.exe | Daemon Tools - used to map an image-file (.iso, .bin etc) to a virtual CD/DVD-drive | No |
| X | Daemon | daemon.exe c daemon2.exe | Added by the SELOTIMA.A WORM! | No |
| U | DAEMON Tools | daemon.exe | Daemon Tools - used to map an image-file (.iso, .bin etc) to a virtual CD/DVD-drive | No |
| U | DAEMON Tools Pro Agent | DTProAgent.exe | DAEMON Tools Pro converts your computer games CD/DVD discs into "virtual discs" or so called "disc image" files, which run directly on your hard drive' | No |
| U | DAEMON Tools-1033 | Daemon.exe | Daemon Tools - used to map an image-file (.iso, .bin etc) to a virtual CD/DVD-drive | No |
| X | dago | fault.exe | Added by the PUNYA-A WORM! | No |
| N | Daily Planner | dayplan.exe | Daily Planner - discontinued, and now part of KMCS Deluxe System Suite. Tool to plan your days, and check activities off as you complete them | No |
| X | Daily Weather Forecast | weather.exe | Added by the DLOADER-IP TROJAN! | No |
| X | DamedWare Services | dwdrce.exe | Added by the RBOT-AOJ WORM! | No |
| X | DanBtR270414 | DanBtR270414.exe | Added by the VB-NIB WORM! | No |
| U | Dancer | DncLE.exe | Part of Microsoft Plus! Digital Media Edition - see here | No |
| X | Danton* | [random filename] | Added by the DANTON TROJAN! where * = random number | No |
| N | Dap | DAP.exe | Download Accelerator Plus from Speedbit. Download manager for resuming downloads, amongst other features. Available via Start -> Programs. Note that the free version is adware based | No |
| X | dark | imgst.scr | Added by the BANCOS.U TROJAN! | No |
| X | dark | imgrt.scr | Added by the BANCBAN-FH TROJAN! | No |
| X | dark | csrs.scr | Added by the BANCBAN-GT or BANCBAN-GU TROJANS! | No |
| X | DarkDevil.Grasiele.BR | Grasiele.VBS | Added by the LEMBRA WORM! | No |
| X | DarKNesS LsasS | LsasS23.exe | Added by an unidentified WORM or TROJAN! | No |
| X | DASDS VSAVdjs | dsabdw.exe | Added by the SDBOT-RE WORM! | No |
| ? | DashBarState | dashIE | ?? | No |
| ? | DashIE | N/A | Could be related to "Dash Power Shopping" tool bar in IE? | No |
| X | daskaskfsak6 | dsfids6.exe | Added by the ONLINEG-J TROJAN! | No |
| X | daskgfkkcx15 | dasdsaads15.exe | Added by the ONLINEG-Q TROJAN! | No |
| X | dasxdads | fsdqd.exe | Added by the GAOBOT.BIQ WORM! | No |
| X | Data | System.dat.vbs | Added by the BISCUIT.A WORM! | No |
| X | data | msngs.exe | Added by the RBOT-ADQ WORM! | No |
| X | Data File | vdehost.exe | Added by the SDBOT-DOS TROJAN! | No |
| X | Data Layer 2 | datalayer.exe | Added by the RBOT-BNF WORM! Note - do not confuse with the legitimate Nokia file sharing the same filename - this one is located in %System% | No |
| N | Data LifeGuard | BACKWE~1.EXE | Data LifeGuard diagnostic tools for Western Digital's series of hard drives | No |
| N | Data LifeGuard LifeLine Lite installer | DLGLI.EXE | Backweb installer - see here | No |
| X | Data Restore Service | prq8.exe | Added by the KELVIR.AI WORM! | No |
| X | Data789 | Regedit.exe ....data789.tmp | Homepage hijacker | No |
| X | DATABASE MySql | [path] repcale.exe [path] beird.exe | Added by the RANDON-AL WORM! Both files are often located in %System%\qsws | No |
| N | DataCaching | FlashKsk.exe | SmartMedia Card management from the installation of a SanDisk reader for a camera's SmartMedia card and also adds the "Unplug and Eject Hardware" System Tray icon | No |
| U | DataKeeper | DataKeeper.exe | PowerQuest DataKeeper (now owned by Symantec) backup software | No |
| Y | DataLayer | DataLayer.exe | Part of Nokia PC Suite version 5 - which "is a free PC software product that allows you to connect your Nokia device to a PC and access mobile content as if the device and the PC were one." Required by the Nokia status/connection monitor (NclTray.exe) | Yes |
| Y | DataLayer | DATALA~1.EXE | Part of Nokia PC Suite version 5 - which "is a free PC software product that allows you to connect your Nokia device to a PC and access mobile content as if the device and the PC were one." Required by the Nokia status/connection monitor (NclTray.exe) | No |
| N | DataViz Inc Messenger | DvzIncMsgr.exe | Installed with DataViz "Documents to Go" software | No |
| N | DataViz Messenger | DvzMsgr.exe | DataViz Documents to Go - "allows you to use your Word, Excel and PowerPoint files on your handheld anywhere, anytime. In addition, it now synchronizes e-mail with attachments, PDF files, pictures and Excel-like charts" | No |
| X | Datcheck | datcheck.exe | Added by the KEYPANIC TROJAN! | No |
| X | Date Manager | datemanager.exe | Date Manager - calender program. Spyware/adware based provided by The Gator Corporation. Please note that Claria Corporation no longer support GAIN-Supported software - see here | No |
| ? | Datechecker | N/A | Could be related to this? | No |
| X | DateMakerIntl | DateMakerIntl.exe | Premium rate adult content dialler | No |
| X | DAupdate | DAupdate.exe | NavEnhance adware | No |
| ? | DAW9532.exe | DAW9532.EXE | Loaded during installation of some 3Com network cards. Enables their DynamicAccess desktop management software. Is it required? | No |
| U | DayToday | DAYTODAY.EXE | DayToday from RoboMagic Software Corp. Displays the date on the taskbar | No |
| U | DAZEL Delivery Agent | DcDaemon.exe | Control and send documents, etc, to any destination. The Dazel Corporation has now been taken over by HP | No |
| X | dbar_starter | starter.exe | Deskbar adware - adds a search bar to your Windows taskbar which performs searches on www.w-w-w-dot-com.com | No |
| X | DbgHlp32 | DbgHlp32.exe | Added by the WINKO.AO WORM! | No |
| U | DBISQL9 | dbisqlg.exe | Related to SQL Anywhere from Sybase. A comprehensive package providing data management and data exchange technologies | No |
| N | dbserv | dbserv.exe | Database Server for Norton Ghost on Win2k Pro. Ghost works fine when it is disabled | No |
| X | dc | dc.exe | Added by the COIDUNG-A WORM! | No |
| X | dc2k5 | SVIQ.EXE | Added by the COIDUNG-A WORM! | No |
| U | DC300 Monitor | cmonitor.exe | Monitor for a Acer DC300 digital camera | No |
| X | DC6 | dc6_startupmon.exe | Part of the WinAntiVirus Pro 2006 rogue security software - not recommended | No |
| X | DC6cw | DC6cw.exe | Part of the DriveCleaner rogue security software - not recommended, removal instructions here | No |
| X | DC6_Check | uwasdc.exe | Part of the WinAntiSpyware 2006 and WinAntiSpyware 2007 rogue spyware removers - not recommended | No |
| X | DC6_check | dc6_startupmon.exe | Part of the WinAntiVirus Pro 2006 rogue security software - not recommended | No |
| X | dc6_check | dcmon.exe | SystemDoctor rogue security software - not recommended, removal instructions here | No |
| X | DCE Manager | dcemgr.exe | Added by the TUMAG TROJAN! | No |
| U | DCfssvc | dcfssvc.exe | Associated with digital cameras and can cause problems which disappear if disabled. If this program is unchecked in startup, your camera will not cause your computer to open a pop-up window when you connect it. Leave enabled if you can't load pictures from your camera/dock - Kodak's dock is an example | No |
| U | dcfssve | dcfssvc.exe | Associated with digital cameras and can cause problems which disappear if disabled. If this program is unchecked in startup, your camera will not cause your computer to open a pop-up window when you connect it. Leave enabled if you can't load pictures from your camera/dock - Kodak's dock is an example | No |
| X | DCOM Server | [path to trojan] | Added by the AGENT-CCQ BACKDOOR! | No |
| X | Dcom System Patch | Microsoft.exe | Added by the RANDEX.MS WORM! | No |
| X | dcsm | dcsm.exe | Part of the PrivacyProtector and DriveCleaner rogue security tools | No |
| N | DDCActiveMenu | DDCActiveMenu.exe | Digital Distribution Channel - formally part of the WildTangent on-line games delivery service. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case | No |
| N | DDCM | DDCMan.exe | Digital Distribution Channel - formally part of the WildTangent on-line games delivery service. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case | No |
| N | DDCMan | DDCMan.exe | Digital Distribution Channel - formally part of the WildTangent on-line games delivery service. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case | No |
| X | ddeproc | ddeproc.exe | Webcelerator from eAcceleration speeds your Web browsing by both remembering where you have been and anticipating where you will go. Only needed if you find it improves web browsing. Now no longer available and supported and when available was classed as spyware - see here | No |
| U | ddhelper | W815DM.EXE | Enuff Parental Control Software by Akrontech | No |
| X | DDialler | DDialler.exe | Adult content dialler | No |
| X | ddivmwa | [random filename] | Added by a variant of the SLAPER TROJAN! | No |
| U | DDLAgent | DDLAgent.exe | Loads Hide and Protect any Drives - which "can be used to restrict read or write access to removable media devices such as CD, DVD, floppy, flash and USB drives. You can also restrict access to partitions of hard disk drives". If disabled, hidden and locked drives still retain their original status so the user will only be able to change their status them via the main UI | Yes |
| U | ddoctorv2 | sprtcmd.exe /P ddoctorv2 | Comcast Desktop Doctor (provided by SupportSoft, Inc) is a free self-help tool for Comcast broadband users. Identifies and automatically fixes typical problems that may occur with your high-speed internet service | No |
| X | DDriver | windrv.exe | Added by the DELF.WG TROJAN! | No |
| X | DDriver | svchost.exe | Added by a variant of the DELF.IT TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! The location of this file varies | No |
| ? | DDT | N/A | ?? | No |
| U | DDWMon | ddwmon.exe | Direct Disc Writer Event Monitor from TOSHIBA | No |
| X | de32gen | de32gen.exe | Added by a variant of the CRYPTER.C TROJAN! | No |
| N | DeadAIM | rundll32.exe DeadAIM.ocm, ExportedCheckODLs | DeadAIM - feature enhancing product for AOL's Instant Messenger program | No |
| X | DeadKitty | DeadKitty.exe | Added by the DEADCAT-A WORM! | No |
| X | DealHelperBrwsr | dhbrwsr.exe | DealHelper adware | No |
| X | DealHelperDown | download.exe | DealHelper adware | No |
| X | DealHelperUpdate | DHUpdt.exe | DealHelper adware | No |
| X | Death.exe | Death.exe | Added by the DELF-ERW TROJAN! | No |
| X | Debug | DebugW32.exe | Added by the GUBED TROJAN! | No |
| X | Debugger | dbg32.exe | Added by the MYTOB-FW WORM! | No |
| X | Debugger | explorer32dbg.exe | Added by the CWS-M TROJAN! | No |
| X | Debugger | iexplore_dbg.exe | Added by the CWS-M TROJAN! | No |
| X | debugger | help.pif | Added by the DELF-DRA WORM! | No |
| X | DebugMonitor | debugmonitor.exe | Added by the MYDOOM.BG WORM! | No |
| U | DeeEnEs | DeeEnEs.exe | DeeEnEs - automatically updates a dynamic IP address when it changes | No |
| X | deejay | forboo.exe | Added by the FORBOT-AY WORM! | No |
| X | Deewoo | ncntnkwd.exe | Identified as a variant of the AdWare.Win32.ZenoSearch.am malware | No |
| X | Default | explore.vbs | Added by the ALLEM WORM! | No |
| X | Default | mtask.vbe | Added by the ALLEM WORM! | No |
| X | default | shell32.exe | Added by the BINGHE TROJAN! | No |
| X | Default | _default.pif | Added by the RUBBLE-C WORM! | No |
| U | default | mskbw.exe | PC Surveillance PRO surveillance software. Uninstall this software unless you put it there yourself | No |
| U | Default Manager | DefMgr.exe | Part of MSN Toolbar from version 4.0 onwards which includes the Bing search engine. Via Start → All Programs → Microsoft Default Manager you can elect to keep Bing as the default search engine and set it to notify you of any changes to your browsers default settings. Not required if you choose not to use Bing | Yes |
| X | Default System Research | vhchost.exe | Added by the TARNO.I TROJAN! | No |
| X | Default web browser | IexpIore.exe | Added by the OBLIVION.B TROJAN! Note - do not confuse "IexpIore.exe" with "iexplore.exe" (Internet Explorer), the first has a captial "i" in place of lower case "L" | No |
| X | DefaultConfiguration | defaultconfh.exe | Added by the AGOBOT-JC WORM! | No |
| X | Default_Page_URL | http://find.naupoint.com | Naupoint browser hijacker | No |
| X | Default_Search_URL | http://find.naupoint.com | Naupoint browser hijacker | No |
| X | defender | defender25.exe | DollarRevenue adware | No |
| X | defender | dfndref_7.exe | DollarRevenue adware | No |
| X | DefensaAntiMalware | pgs.exe | DefensaAntiMalware, Spanish rogue security software - not recommended. A member of the AVSystemCare family | No |
| X | DefenseNetSurfage | GDC.exe | DefenseNetSurfage rogue privacy tool - not recommended. A member of the PCPrivacyTool family | No |
| ? | defergui | defergui.exe | Related to IBM Standard Software Installer. What does it do and is it required? | No |
| U | DefMgr | DefMgr.exe | Part of MSN Toolbar from version 4.0 onwards which includes the Bing search engine. Via Start → All Programs → Microsoft Default Manager you can elect to keep Bing as the default search engine and set it to notify you of any changes to your browsers default settings. Not required if you choose not to use Bing | Yes |
| X | defragm_check | defragment.exe | CoolWebSearch parasite variant | No |
| X | defragsys | svchost.exe | Added by the BIFROSE-TH TROJAN! Note - this is not the legitimate svchost.exe process which should normally figure in Msconfig/Startup! | No |
| U | DefragTaskBar | defragTaskBar.exe | System Tray access to Ashampoo® Magical Defrag 2 from Ashampoo GmbH & Co. KG - which "works is similar to a screensaver. Whenever the computer is idle the program cuts in automatically and starts cleaning up your hard disk" | Yes |
| U | defragTaskBar.exe | defragTaskBar.exe | System Tray access to Ashampoo® Magical Defrag 2 from Ashampoo GmbH & Co. KG - which "works is similar to a screensaver. Whenever the computer is idle the program cuts in automatically and starts cleaning up your hard disk" | Yes |
| U | defwatch | defwatch.exe | Detects out-of-date virus definitions for Norton Anti-Virus Corporate Edition and runs the Defwatch Wizard. Only required if you don't update the virus definitions manually on a regular basis | No |
| U | Deko550 | Deko550.exe | Associated with the Deko550 entry-level SD real-time graphics system from Avid Technology | No |
| U | Delay | delayrun.exe | On HP PCs this program is used to help prevent conflicts or timing issues on fast computers | No |
| X | DelayLoad | msprint.exe | Added by a variant of the Win32.Agent.ryo malware - see here | No |
| U | Delayrun | delayrun.exe | On HP PCs this program is used to help prevent conflicts or timing issues on fast computers | No |
| N | DelayShred | ShrCL.EXE | McAfee Shredder - not required at startup. You can run it manually via McAfee Security Center | No |
| ? | delcab | deltreew.exe C:\cabs | ?? | No |
| X | Delete Me | worm.exe | Added by the DOOMHUNTER WORM! | No |
| U | DeleteHistoryFree | dhf.exe | Delete History Free - "Privacy protection software for deleting Internet surfing and other computer activity tracks from your PC" | No |
| U | Dell AIO Printer A920 | dlbkbmgr.exe | System Tray application for the Dell Photo AIO Printer 920 that enables scan or fax functions to run directly from the printer via the buttons | No |
| U | Dell AIO Printer A940 | dlbabmgr.exe | System Tray application for the Dell Photo AIO Printer 940 that enables scan or fax functions to run directly from the printer via the buttons | No |
| U | Dell AIO Printer A960 | dlbfbmgr.exe | System Tray application for the Dell Photo AIO Printer 960 that enables scan or fax functions to run directly from the printer via the buttons | No |
| N | Dell Alert | DAMon.exe | "Dell Alert" utility, that's supposed to make interaction with Support easier | No |
| U | Dell DataSafe Scheduler | DataSafeOnlineScheduler.exe | Scheduler for Dell DataSafe™ Online which "helps protect your music, photos and other important files by placing backup copies on a secure storage site using your internet connection" | No |
| U | Dell Photo AIO Printer 922 | dlbtbmgr.exe | System Tray application for the Dell Photo AIO Printer 922 that enables scan or fax functions to run directly from the printer via the buttons | No |
| U | Dell Photo AIO Printer 942 | dlbubmgr.exe | System Tray application for the Dell Photo AIO Printer 942 that enables scan or fax functions to run directly from the printer via the buttons | No |
| U | Dell Photo AIO Printer 962 | dlbxmon.exe | DellPhoto AIO Printer 962 Device Monitor | No |
| N | Dell QuickSet | quickset.exe | Dell taskbar icon allowing you to quickly change settings | No |
| Y | Dell Webcam Central | WebcamDell.exe | Dell Webcam Central - webcam management software controlling aspects such as picture control, anti-motion blur and face tracking | No |
| N | DELL Webcam Manager | DellWMgr.exe | Dell Webcam Manager - Webcam management software provided on Dell PCs | No |
| N | Dell Wireless Manager UI | wltray.exe | System tray access to wireless LAN card configuration options | No |
| Y | DellAutomatedPCTuneUp | PTAgnt.exe | PC TuneUp from Dell - "silently monitors your system, automatically running needed maintenance during idle time to keep you at peak performance" | No |
| ? | DellDMI | delldmi.exe | Possibly part of Dell OpenManage Client Instrumentation - software that allows remote management application programs to access information about, monitor the status of or change the state of the client computer, such as shutting it down remotely. Uses the DMI and/or common information model (CIM) protocols, which are systems management protocols defined by industry standards? | No |
| U | DELLMMKB | DELLMMKB.EXE | Multimedia keyboard control for Dell based PCs - only required if you use the multimedia keys | No |
| N | DellSC | dellsc.exe | Dell Solution Center - web-based troubleshooting tools and educational offerings | No |
| U | DellSupport | DSAgnt.exe | Dell Support Agent offers additional support and update features for your Dell computer or laptop | No |
| U | DellSupportCenter | sprtcmd.exe /P DellSupportCenter | Dell Support Center (provided by SupportSoft, Inc) is a free self-help tool for Dell users. Identifies and automatically fixes typical problems that may occur with your high-speed internet service | No |
| U | DellTouch | MMKeybd.exe | Dell multimedia keyboard manager. Required if you use the additional keys | No |
| U | DellTouch | DELLMMKB.EXE | Multimedia keyboard control for Dell based PCs - only required if you use the multimedia keys | No |
| ? | DellTransferAgent | TransferAgent.exe | Found on Dell computers. What does it do and is it required? | No |
| X | delmsbb | delmsbb.exe | 180Search adware | No |
| X | delsaap | delsaap.exe | NCase adware | No |
| ? | delstart | delstart.exe | Reportedly part of BT ISP software - what does it do and is it required in startup? | No |
| X | delsubmit | rundll32.exe advpack.dll, DelNodeRunDLL32 submit.exe | CoolWebSearch parasite variant | No |
| U | DeltaIITaskbarApp | DeltaIITray.exe | System Tray access to the Delta Control Panel for the M-Audio Delta series of PCI audio cards | No |
| ? | DelTmp | DelTemp.exe | Added to the startup list after installing a Creative SoundBlaster Audigy soundcard. Deletes temporary files once an installation is complete? | No |
| N | DeltTray | deltray.exe | System Tray access to the control panel for the M-Audio Delta 44 PCI Analog Recording Interface. Available via a desktop shortcut, Start -> Programs or Start -> Settings -> Control Panel | No |
| X | DeluxeCommunications | Dxc.exe | Deluxe Communications adware - successor to SurfSideKick | No |
| X | DELXP Protocol | delxp.exe | Added by a variant of the SDBOT WORM! | No |
| ? | demon | demon.exe | Part of the French Wanadoo ADSL extense pack. What does it do and is it required? | No |
| X | Deneca | Virus salvado | Added by the DELUZ VIRUS! | No |
| X | Depassx | Xfsa.exe | Added by the SDBOT-SK WORM! | No |
| U | DepFrez | frzstate.exe | Deep Freeze from Faronics Coporation. "Freezes" the current software configuration so that an a re-boot all changes made refer back to their original settings. Not required for most users - more likely to be used by system administrators, for example | No |
| X | deryheruxc | keepSafe.exe | Added by the KILLAV.KAX TROJAN! | No |
| X | DescargaBromas | rundll32.exe MSA64CHK.dll,DllMostrar | MatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System% | No |
| ? | Description of Shortcuts | *.exe | * seems to be a sequence of alphanumerics that can be different, i.e., 1960F8A9, 4EBD23F5, etc. Each of these files would appear to be a shortcut, i.e., 4EBD23F5 is actually Works Calender Reminder (found via a registry search) | No |
| X | Desire | desires.exe | Adult content dialler | No |
| ? | desk-top-service | desk-top-service.exe | ?? | No |
| X | DeskAd Service | DeskAdServ.exe | DeskAd.Service adware | No |
| N | DeskColor | DESKCOLOR.EXE | Provides transparent icon text backgrounds and coloured icon text | No |
| N | Deskflag | Deskflag.exe | DeskFlag - animated USA flag on the desktop | No |
| X | DeskMateAutoUpdate | DeskMateAutoUpdate.exe | DeskMates: Virtual scantily clad girls enhance your desktop. BargainBuddy adware related | No |
| U | deskmech | deskmech.exe | Part of Desktop Maestro from PC Tools - which "combines the features of our award winning products, Registry Mechanic and Privacy Guardian to ensure that you have the range of tools at your fingertips to ensure optimal system performance, stability and user privacy". This entry is created when Desktop Maestro is installed on XP and loads the System Tray icon and runs a registry scan at startup - if either are enabled | Yes |
| U | desksaver | desksaver.exe | Part of Advanced Desktop Shield, Easy Desktop Keeper, 1st Desktop Guard and Desktop Layout Keeper (and maybe others) - which give you the ability to save, restore, manage and lock your desktop layout that includes files and folders located on your desktop, placement of desktop icons, desired wallpaper and screen saver. For more details please see the 00DSKSVR01 or 00DSKSVR00 entries | Yes |
| U | desksaver.exe | desksaver.exe | Part of Advanced Desktop Shield, Easy Desktop Keeper, 1st Desktop Guard and Desktop Layout Keeper (and maybe others) - which give you the ability to save, restore, manage and lock your desktop layout that includes files and folders located on your desktop, placement of desktop icons, desired wallpaper and screen saver. For more details please see the 00DSKSVR01 or 00DSKSVR00 entries | Yes |
| U | Desksite CMA | cma.exe | DeskSite CMA siftware - "retrieves new content from the DeskSite Data Center" | No |
| U | DeskSlide | DeskSlide.exe | "DeskSlide is utility for automating wallpaper changes on your desktop" | No |
| X | Desktop | rundll32.exe msconfd.dll, Restore ControlPanel | Added by the BOOKMARKER TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "msconfd.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| X | desktop | desktop.exe | Added by the SDBOT.MD WORM! | No |
| X | Desktop | Desktop.com | Added by the VB-DRN WORM! | No |
| X | desktop | desktop.ini.vbs | IE-Title malware | No |
| N | Desktop Architect | DATRAY.EXE | Desktop theme manager available here - for managing the desktop appearance, fonts, sounds, etc | No |
| U | Desktop Calendar | Desktop Calendar.exe | Desktop Calendar - "Desktop Calendar is a highly customizable calendar program that turns your desktop into a traditional wall calendar, by rotating the background image on a monthly basis" | No |
| X | Desktop Defender 2010 | Desktop Defender 2010.exe | Desktop Defender 2010 rogue security software - not recommended, removal instructions here | No |
| U | Desktop Maestro | deskmech.exe | Part of Desktop Maestro from PC Tools - which "combines the features of our award winning products, Registry Mechanic and Privacy Guardian to ensure that you have the range of tools at your fingertips to ensure optimal system performance, stability and user privacy". This entry is created when Desktop Maestro is installed on XP and loads the System Tray icon and runs a registry scan at startup - if either are enabled | Yes |
| U | Desktop Maestro Vista Tray | RMTray.exe | Part of Desktop Maestro from PC Tools - which "combines the features of our award winning products, Registry Mechanic and Privacy Guardian to ensure that you have the range of tools at your fingertips to ensure optimal system performance, stability and user privacy". This entry is created when Desktop Maestro is installed on Vista and loads the System Tray icon (deskmech.exe) on runs a registry scan at startup - if either are enabled | Yes |
| N | Desktop Plant | AZARE10S.PLT | Vritual plant from here - this version is an Azalea, there are others so the filename may be different | No |
| X | Desktop Search | desktop.exe | iSearch adware | No |
| N | Desktop Service Centre | DSC.exe | OptusNet DSL or Dial-Up connection software | No |
| N | Desktop Weather | THE WEATHER CHANNEL.exe | Desktop Weather by The Weather Channel - provides current temperature, conditions, alerts, etc | No |
| N | Desktop Weather 3 | THE WEATHER CHANNEL.exe | Desktop Weather 3 by The Weather Channel - provides current temperature, conditions, alerts, etc | No |
| N | Desktop Weather 3 | THEWEA~1.EXE | Desktop Weather 3 by The Weather Channel - provides current temperature, conditions, alerts, etc | No |
| U | DesktopIconToy | DesktopIconToy.exe | "Desktop Icon Toy is an easy to use desktop icon enhancement tool, which allows you to make many funny but useful patterns out of your windows desktop icons" | No |
| U | DesktopMaestro | deskmech.exe | Part of Desktop Maestro from PC Tools - which "combines the features of our award winning products, Registry Mechanic and Privacy Guardian to ensure that you have the range of tools at your fingertips to ensure optimal system performance, stability and user privacy". This entry is created when Desktop Maestro is installed on XP and loads the System Tray icon and runs a registry scan at startup - if either are enabled | Yes |
| U | DesktopMaestro | RMTray.exe | Part of Desktop Maestro from PC Tools - which "combines the features of our award winning products, Registry Mechanic and Privacy Guardian to ensure that you have the range of tools at your fingertips to ensure optimal system performance, stability and user privacy". This entry is created when Desktop Maestro is installed on Vista and loads the System Tray icon (deskmech.exe) on runs a registry scan at startup - if either are enabled | Yes |
| N | desktopmgr | desktopmgr.exe | Synchronisation manager for the cradles for the Research In Motion range of wireless handhelds, including the "Blackberry" | No |
| X | DesktopUpdate | rundll32.exe MSA64CHK.dll,DllMostrar | MatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System% | No |
| U | DesktopX | DESKTOPX.EXE | A program that replaces the regular Desktop and Taskbar, and can be changed to the user's liking | No |
| N | deskup | deskup.exe | Adds Iomega Zip drive icons to the desktop | No |
| U | desp2k | desp2k.exe | Part of the Turbo Analyzer tool from LightComm Brazil Telecom that analyzes and corrects ADSL configurations | No |
| X | destroyb11 | destroyb11.exe | Added by the DELF-KO TROJAN! | No |
| U | detect | idetect.exe | iNTERNET Turbo from Clasys Ltd. "It accelerates any Windows 95/98/Me/NT/2000/XP internet connection in seconds". If you find it helps your connectivity leave it enabled | No |
| ? | detect | turbodetect.exe | ?? | No |
| N | Detector | detector.exe | USB port detector for LG scanners. Sits in the System Tray, and when it detects the scanner through the USB port, you can run the scanner software from the tray. It is not required at all, since you can use the scan software from almost any photo editing software | No |
| U | DetectorApp | DetectorApp.exe | Related to Roxio MyDVD (was Sonic) DVD authoring software | No |
| ? | DevconDefaultDB | READREG | Appears to be related to older Creative Soundblaster soundcards | No |
| X | Development Environment | devenv.exe | Added by the DELBOT-AH WORM! | No |
| U | DEventAgent | eventagt.exe | DEvent Agent Module client - part of Dell OpenManage and used for server management. Only required if you use this | No |
| X | devenv | smvss.exe | Added by the DEDLER-G TROJAN! | No |
| X | Device Configuration Loader | msdvc32.exe | Added by a variant of the AGOBOT/GAOBOT WORM! | No |
| U | Device Detector | DevDetect.exe | ACDSee Auto Device Detector detects when a device is connected to your PC and gives you the option to acquire images from it automatically | No |
| N | Device Detector 2 | DevDtct2.exe | Installed by various Olympus products, this program detects the active connection of a speech device (voice recorder, etc) to a USB port then runs specific client software used to access that device. The DevDtct2 process has a "high" priority level which can negatively impact system resources | No |
| X | Device Hardware | devicehnd.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Device IO System | deviceio.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Device Management | wnsystem.exe | Added by the AGOBOT-LH WORM! | No |
| X | Device Manager | wfxmgr.exe | Added by the RBOT.AJU WORM! | No |
| X | Device Security | dvcsecure.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Device Security Driver | devicesec.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Device Security Manager | dvcsecure.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| U | DeviceDiscovery | hpotdd01.exe | Detection of new imaging, printing and other peripherals on HP machines such as USB printers, cameras and Bluetooth products | No |
| X | DevicePath | Proyecto1.exe | Added by the GRUEL WORM! | No |
| X | DevicePath | Root.exe | Added by the GRUEL WORM! | No |
| U | Devices | olesvr.exe | Salfeld Child Control - parental control software | No |
| X | Devicewin | [path to trojan] | Added by the BANKER-AEV TROJAN! | No |
| U | devldr16 | devldr16.exe | Associated with some Creative Labs sound cards. Provides audio support for DOS applications. Not needed if you don't have those. Required if you use "Sound Play Control" and "Sound Recorder". To disable: (1) Disable via MSCONFIG (2) Start → Settings → Control Panel → System → Device Manager then disable "Creative SB16 Emulation" under Creative Miscellaneous Devices | No |
| U | devldr16.exe | devldr16.exe | Associated with some Creative Labs sound cards. Provides audio support for DOS applications. Not needed if you don't have those. Required if you use "Sound Play Control" and "Sound Recorder". To disable: (1) Disable via MSCONFIG (2) Start -> Settings -> Control Panel -> System -> Device Manager then disable "Creative SB16 Emulation" under Creative Miscellaneous Devices | No |
| ? | Devlog | devlog.exe | Apparently mainboard/chipset related, by a French company called AS Media - what exactly is it, and is it required | No |
| X | dfgfdgrergd | [path to trojan] | Added by the RANKY.CK TROJAN! | No |
| ? | DGJM | DGJM.exe | ?? | No |
| X | dgtstart | dgtstart.exe | DigitalNames.g adware | No |
| U | dguard | dguard.exe | eAcceleration Stop-Sign security software related. Previously not recommended, see here | No |
| X | DHCP | smss.exe | Added by the WINSPY.AG TROJAN! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\display | No |
| X | DHCP Server | regsvr.exe | Added by the RBOT-PR WORM! | No |
| X | DHCP32 | services.exe | Added by the WINSPY.AG TROJAN! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\display | No |
| Y | dhcpagnt | dhcpagnt.exe | Intel DSL modem driver - leave enabled or you'll have to re-install the drivers | No |
| X | DhcpCep | PYJJKIME.exe | Added by the AGENT-BXQ TROJAN! | No |
| ? | DHNUXB | DHNUXB.exe | ?? | No |
| X | DI2 | [path to file] | BroadcastPC adware | No |
| N | diagent | diagent.exe | System Tray access for Creative Diagnostics for the Creative SoundBlaster series soundcards. Available via Start -> Programs | No |
| X | Diagnostic | diagnostic.exe | Added by the ALPHA-C TROJAN! | No |
| X | Diagnostic Agent | diagent.exe | Added by the AGOBOT-CW WORM! | No |
| X | Dial22 | dlm.exe | Adult content dialler | No |
| X | Dial33 | dlm.exe | Adult content dialler | No |
| X | Dialer | rundll32.exe MSA32CHK.dll,Reg | MatrixDialer/Lanzar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA32CHK.dll" file is located in %System% | No |
| U | Dialer Control | dc.exe | Dialer-Control. Detects and protects from premium rate adult content diallers | No |
| U | Dialer Detect | dd.exe | DialerDetect detects stealth installed premium rate diallers, and sounds the alarm when such a connection is being installed without you knowing it | No |
| U | Dialgo SDK | PhoneAnswer.exe | Dialgo Wave Modem ActiveX - "Telephone Answering Machine for scripting your own professional call center business scripts using a voice modem. Features Caller-ID, Wave Playback, Wave Recording, Digit Monitoring, POP3 e-mail Manipulation, Speech Recognition and Synthesis" | No |
| X | DialNet | mxt32.exe | Adult content dialler | No |
| N | Dialog Box Assistant | OSDEx.exe | Dialog Box Assistant from Duality Software. Helps with the standard Open and Save As dialog boxes by showing recently used files and folders | No |
| N | Dialog Helper | PDDLGHLP.EXE | Dialog Helper from PowerDesk Pro by Ontrack. Helps with the standard Open and Save As dialog boxes by showing recently used files and folders. Available via Start -> Programs | No |
| X | DialUp Network Application | Rnaap.exe | Added by a variant of the SDBOT WORM! | No |
| X | Diam prlaer | oqedrhg.exe | Added by the SDBOT-DEU WORM! | No |
| ? | Diamondview | Diamondview.exe | Manulife Financial Insurance program. Is it required at startup? | No |
| X | DIECOX | csrss.exe | Added by a variant of the ATM.GEN TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! | No |
| X | Diesel | Recalculate.exe | Added by the LAZAR TROJAN! | No |
| U | DietK | DietK.exe | Diet Kazaa add-on for Kazaa Media Desktop - "removes all adware and popups, built in Download Accelerator, makes searches faster and helps produce more results" | No |
| U | DigiCell | DigiCell.exe | MSI DigiCell - "the most useful and powerful utility that MSI has spent much research and efforts to develop, helps users to monitor and configure all the integrated peripherals of the system, such as audio program, power management, MP3 files management and communication / 802.11g WLAN settings. Moreover, with this unique utility, you will be able to activate the MSI well-known features, Live Update and Core Center" | No |
| X | DigiD | DigitalSound.exe | Adware downloader | No |
| N | DigiGuide | CLIENT.EXE | TV guide and reminder | No |
| N | DigiGuide | client01.exe | TV guide and reminder | No |
| U | Digisoft AntiDialer | AntiDialer.exe | Digisoft AntiDialer | No |
| U | DigiSrv | DigiSrv.exe | Related to camera software from DigitalDreams | No |
| N | Digital Dashboard | devgulp.exe | For Compaq PC's. Loads Digital Dashboard options | No |
| N | Digital Line Detect | DLG.exe | Detects whether your are plugged into a digital telephone line and displays the information graphically. Installed by Dell (and maybe others) and is included with all Connexant V.92 and Broadcom modems | No |
| Y | Digital Patrol Update 5 | update.exe | Digital Patrol - "a powerful anti trojan scanner, which detects and eliminates more than 180'000 Trojan Horses and Spywares. Digital Patrol detects viruses, trojans, worms, spyware, malicious ActiveX controls and Java applets" | No |
| N | Digital River eBot | downlo~1.exe | Digital River Systems EBOT for downloading software from their site. In some cases, if you purchase software online for a download from a software manufacturer, you will be sent to this online company's site for the download after the purchase is complete. Read more here | No |
| X | DigitalNames | DigitalNamesStart.exe | DigitalNames spyware variant | No |
| N | DigitalWizard | ISWizard.exe | InstallShield's DigitalWizard - free, complete Digital Content Management Solution that makes it easy to experience digital content | No |
| N | DigitalWizard Monitor | dwMon.exe | InstallShield's DigitalWizard - free, complete Digital Content Management Solution that makes it easy to experience digital content | No |
| U | DIGServices | DIGServices | Created by Disney but licensed to ESPN for watching videos | No |
| N | DIGServices | DIGServices.exe | Created by Disney but licensed to ESPN for watching videos | No |
| N | DIGStream | digstream.exe | DIGStream Cache Manager - part of ESPN Motion and Disney Motion that periodically check for new videos and indication they're available in the System Tray. Starting ESPN Motion/Disney Motion starts digstream automatically | No |
| U | Dimension | Dimension.exe | Dimension - a program which lets you customize MSN messenger such as adding animated and coloured nicknames, personal toast creator, war tools (login flooder), and allows viewing and interacting with the raw MSN protocol | No |
| U | Dimension4 | d4.exe | Dimension 4 - network time synchronization freeware - starts-up, adjusts the system clock, then shuts down | No |
| X | Dino3 | dino3.exe | Related to Jurassic Park III and enables a dinosaur to walk across the screen. Also generates adverts and classified as adware as a result | No |
| X | Dinst | dinst.exe | IMIServer/IEPlugin adware | No |
| X | Diomacd | fdafbfd.exe | Added by the MULDROP.F TROJAN! | No |
| X | Dir1 | caKe | Added by the CAKE WORM! | No |
| X | Direct settings | sdchost.exe | Added by the DAEMONI-I TROJAN! | No |
| U | Direct Update | DUControl.exe | DirectUpdate dynamic DNS updater | No |
| X | Direct X Direct3D | dxd3d.exe | Added by a variant of the SDBOT WORM! | No |
| X | Direct X Opengl | dxopengl.exe | Added by a variant of the RBOT-CJ WORM! | No |
| X | direct3d.exe | direct3d.exe | Added by the CERTIF-F TROJAN! | No |
| N | DirectCD | DirectCD.exe | DirectCD primarily allows you to drag and drop files onto a suitably formatted CD-RW disc. Unless you use this on a frequent basis it isn't required and is available via Start -> Programs. Start the program before inserting a DirectCD formatted CD-RW in the drive. A re-boot is recommended if you close Adaptec DirectCD before re-opening it again later | No |
| X | Director Video | btnmgern.exe | Added by the MYTOB-KL WORM! | No |
| Y | Directory Opus Desktop Dblclk | dopusrt.exe | Directory Opus - an advanced file manager. "Directory Opus goes beyond the simple file manager metaphor, and offers you a complete replacement for Windows Explorer and many other utility programs for handling FTP, ZIP, viewing files and images, running slideshows and more" | No |
| X | directs.exe | directs.exe | Added by the BEAGLE.O or BEAGLE.R or BEAGLE.S or BEAGLE.T WORMS! | No |
| U | DIRECTVDSL | Directvdsl.exe | Starts DirectTV DSL modem at boot up. Can also be started manually | No |
| X | DirectX | ddhelp32.exe | Added by the BIONET.318 TROJAN! Note - not the DirectX helper which is ddhelp.exe | No |
| X | directx | Directx.exe | Added by the SDBOT.D TROJAN! | No |
| X | directx | Sqlexploit.exe | Added by the SDBOT.D TROJAN! | No |
| X | DirectX | DirectX.exe | Added by the BLAXE or LOGPOLE WORMS! | No |
| X | directx | NTCmd.exe | Added by the SDBOT.D TROJAN! | No |
| X | directx | PipeCmd.exe | Added by the SDBOT.D TROJAN! | No |
| X | DirectX 32 | directx32.exe | Added by a variant of the AGOBOT/GAOBOT WORM! | No |
| X | DirectX Driver | stdhost.exe | Added by the SDBOT.GVJ BACKDOOR! | No |
| X | DirectX Driver | stdhost.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | DirectX For Microsoft Windows | dtxservice.exe | Added by the PROGENT TROJAN! | No |
| X | DirectX for Microsoft Windows | Fservice.exe | Added by the PRORAT TROJAN! | No |
| X | DirectX for Microsoft Windows | Sservice.exe | Added by the PRORAT TROJAN! | No |
| X | DirectX For Microsoft® Windows | fservice.exe | Added by the PRORAT-L TROJAN! | No |
| X | DirectX For Microsoft® Windows | fservice.exe | Added by the PRORAT-P TROJAN! | No |
| X | DirectX shell driver | [path to trojan] | Added by the MARKTMAN-B TROJAN! | No |
| X | Directx Startup Drivers | direct.exe | Added by the RBOT.UXL WORM! | No |
| X | DirectX Video Driver | dxterm5.exe | Added by the WILAB-A TROJAN! | No |
| X | DirectX64 | DirectXset.exe | Added by the BROWNEY.A WORM! | No |
| X | DirectX9 | direct3d.exe | Added by the AGENT.EAK TROJAN! | No |
| X | DirectX9 | svchost32.exe | Added by the RBOT.AQG WORM! | No |
| X | DirectX9 Diag | dx9diag.exe | Added by the RBOT-ALT WORM! | No |
| X | DirecX | DirecX.exe | Added by the AGOBOT-HU BACKDOOR! | No |
| U | Dirkey | Dirkey.exe | Dirkey - small utility that allows you to bookmark up to 9 folders by using the Ctrl+Alt+1..9 shortcut keys in an Open/Save File dialog or in Windows Explorer. After this the Ctrl+1..9 shortcut keys can be used in the same or another window to go to any of the 9 bookmarked folders | No |
| X | DirLocker | dirlock.exe | Added by the AUTORUN-AMS WORM! | No |
| ? | Disable EHCI | nousb20.exe | ?? | No |
| N | Disc Detector | CtNotify.exe | For Creative sound cards. Detects when you insert a CD, DVD, etc | No |
| ? | disc detector | qnetquestnotifty.exe | ?? | No |
| ? | discoveg | discoveg.exe | ?? | No |
| ? | DISCover | DISCover.exe | Related to DISCover Drop from Digital Interactive Systems Corporation. What does it do and is it required? | No |
| N | DiscoverDeskshop | Deskshop.exe | Discover Deskshop - single use "virtual" credit card | No |
| U | DiscUpdateManager | DiscUpdMgr.exe | Disc Update Manager for Digital interactive's DISCover Console. Provider of on-demand video games | No |
| N | DiscUpdateManager | DiscUpdateMgr.exe | DISCover from Digital Interactive Systems Corporation Inc. "The company's patented Drop 'n' Play technology provides a simple, console-like experience when playing PC titles allowing for seamless play of CD/DVD-based games while its unique Parental Control system incorporates ESRB ratings to help users limit access to younger players" | No |
| U | DiscWizardMonitor.exe | DiscWizardMonitor.exe | Seagate DiscWizard - hard disk utility for Seagate's SATA and PATA (IDE) drives | No |
| X | Disk Check | chkdsk32.exe | Added by the IM TROJAN! | No |
| U | Disk Cleaner | DiskCleaner.Exe | Hard disk management part of TuneUp Utilities from TuneUp Distribution GmbH | No |
| X | Disk Defragmentation Loader | pmsvcr.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | Disk Essensial Tools | detsvc.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | Disk Keeper | [path to trojan] | Added by the SMALL-VE TROJAN! | No |
| X | Disk Keeper | SECURITY.EXE | Daosearch adware | No |
| X | Disk Manager | diskver.exe | Added by the RBOT.AQT WORM! | No |
| X | Disk Master | [trojan name] | Added by the DISTER TROJAN! - a spam relayer | No |
| X | Disk Panel Configuration | dpcsvc.exe | Added by the IRCBOT.BSQ BACKDOOR! | No |
| X | Disk Panel Setup | npcsvc.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | DiskCheck | msdarkend.exe | Added by an unidentified WORM or TROJAN! | No |
| N | DiskeeperSystray | DkIcon.exe | DisKeeper defragmentation software - can be started manually | No |
| X | diskinf | diskinf.exe | Added by the CRYPTER.A TROJAN! | No |
| ? | DISKMON.EXE | DISKMON.EXE | ?? | No |
| N | Disknag | disknag.exe | Dell program that reminds you to make your backup diskettes | No |
| X | DiskRetter | SysRep.exe | DiskRetter, German rogue system error and cleaning utility - not recommended. A member of the ErrClean family | No |
| X | Diskstart | Code.exe | Adult content dialler | No |
| X | Diskstart | cat.exe | MS-Connect dialler | No |
| X | Diskstart | hit.exe | Adult content dialler | No |
| X | Diskstart | Snt.exe | Adult content dialler | No |
| U | DiskSuite | aDSProcMngr.exe | Part of PC Tools Disk Suite from PC Tools - which "is an all-in-one hard-disk management utility that integrates disk optimization, defragmentation and backup tools in one easy to use package". Proxy (or agent) for the Disk Suite Service. Based upon my experience, if this is disabled it does not appear to adversely affect on-demand or scheduled tasks but has a "U" recommendation as it's function isn't fully known | Yes |
| U | Disk_Monitor | Disk_Monitor.exe | Multi-media, Smartmedia, Compact Flash card reader for reading digital camera cards. Device is recognised as internal USB disk drive. Necessary if camera cards are to be recognised as soon as they are inserted into the reader | No |
| X | disnisa | disnisa.exe | Added by the DORF-AE WORM! | No |
| X | Dispatcher | dispatcher.exe | Added by the DLOADR-AS TROJAN! | No |
| U | display | The_Eye.exe | ComSpySysSvr surveillance software. Uninstall this software unless you put it there yourself | No |
| X | Display | backup.exe | Added by the BRONTOK-CR WORM! | No |
| X | Display Drivers | cssrs.exe | Added by the AGOBOT.FX WORM! | No |
| N | Display Settings | hptasks.exe | Allows for the adjustment of the display for LCD screen, CRT Monitor and TV output on HP computers | No |
| U | DisplayFusion | DisplayFusion.exe | DisplayFusion from Binary Fortress Software - "is a fantastic application that can make your dual monitor (or triple monitor or more) life much, much easier! From allowing you to use a different wallpaper on each monitor, to integrating with Flickr for image searching, to providing hotkeys for managing your application windows" | No |
| N | DisplayTrayIcon | TrayIcon.exe | System Tray access to display properties for ABIT graphics cards. Unless you change your desktop resolution, etc regularily use Control Panel -> Display | No |
| U | Disspy | disspy.exe | Disspy spyware detection and removal software | No |
| X | Dist-FBGeneve | GDC.exe | NettoyeurDePC French rogue privacy tool - not recommended. A member of the PCPrivacyTool family | No |
| N | Distiller Assistant 3.01 | DISTASST.EXE | From Adobe. Creates PDF universal files for Acrobat Reader. Available via Start -> Programs | No |
| X | Distributed File System | Dfsvc.exe | Added by the MYFIP.A or MYFIP.K WORMS! | No |
| X | Distributed File System | kernel32dll.exe | Added by the MYFIP-C or MYFIP.K WORMS! | No |
| X | Distributed File System | blade.exe | Added by the MYFIP.AC WORM! | No |
| X | Distributed File System | win.exe | Added by the MYFIP.AB WORM! | No |
| X | Distributed Link Tracking | ascvt.exe | Added by the AGOBOT-GH BACKDOOR! | No |
| U | distributed.net client | DNETC.EXE | Dsitributed computing projects client from Distributed.net where numerous computers are used to share a projects workload - similar to SETI@Home and Folding@Home. Also prone to being distributed by viruses | No |
| Y | Dit | dit.exe | "Drive Icon and Label Utility" - assigns drive icons and names to flash memory cards. Required, otherwise the drives aren't found | No |
| X | Dit | dit.exe | Added by the LAZAR-A TROJAN! Note - this is located in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| N | DiTask.exe | DiTask.exe | Associated with an Eicon Networks ISDN or ADSL modem. System Tray icon which shows you the status of your lines (free, occupied with incoming or outgoing call). Available via Start -> Programs | No |
| ? | Divamon.exe | Divamon.exe | Associated with an Eicon Networks Diva ISDN or ADSL modem - what does it do and is it required? | No |
| X | divx | divxenc.exe | Added by the SPBOT.B TROJAN! | No |
| X | Divx | codll.exe | Added by the GRAVEBOT-A TROJAN! | No |
| X | DivX MediaPlayer 7.0 | Dr.DivX.exe | Added by the ALADINZ.G TROJAN! | No |
| X | DivX Player | DivXPlayer.exe | Added by a variant of the RBOT WORM! | No |
| X | DivX Updater | DivX.Exe | Added by the NALDEM TROJAN or MASTAK VIRUS! | No |
| X | DIVX Video Player | DIVXPloyer.exe | Added by an unidentified WORM or TROJAN! | No |
| X | Divx4 codec | devldr32.exe | Added by an unidentfied VIRUS! Note - this is not the legitimate Creative Labs devldr32.exe file | No |
| ? | Dixons Insert Detect | InsDetect.exe | Part of Dixons Picture Suite. Detects a digital camera is plugged into a USB port or when a memory card with photos is inserted? | No |
| N | DJRegFix | regedit /s c:\hp\djregfix.reg | DJRegFix showed up first in WinME as a "clever" way to ensure that all Hewlett-Packard DeskJet printers actually worked with WinME - since most were having major problems. This "utility" adds the functionality and compatibility HP forgot to add in its WinME drivers | No |
| ? | DJSNetCN | DJSNetCN.exe | "Symantec Licensing Detect Internet Connection", part of Norton Antivirus. What does it do and is it required? | No |
| X | djtopr1150.exe | djtopr1150.exe | WebRebates adware | No |
| X | dKernel | dKernel.exe | Added by the DECOY-A WORM! | No |
| Y | DkService | DkService.exe | From Executive Software's Diskeeper defragmenting utility - a replacement for Windows Disk Defragmenter. It's recommended to leave this enabled, otherwise you could have problems starting it manually. | No |
| X | DKTime | dktime.exe | Added by the LUNII TROJAN! | No |
| X | Dkware lptt01 | dkware.exe | RapidBlaster variant (in a "DonkeySoft" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here | No |
| X | Dkware ml097e | dkware.exe | RapidBlaster variant (in a "DonkeySoft" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here | No |
| ? | dkzzixm | dkzzixm.exe | ?? | No |
| Y | dla | tfswctrl.exe | Drive letter access to a UDF packet writer for CD-RW - from HP, Veritas an others. Similar to Roxio's DirectCD and does the same thing. From HP - "This is a needed file as it controles the readability of the Combo drives. Without this file loading the end user will be able to burn CD's but wont be able to read them. The drive itself will be able to read store bought master Cd's without the file but not burnt ones" | Yes |
| Y | DLA | DLACTRLW.EXE | Drive letter access to a UDF packet writer for CD-RW - from HP, Veritas and others. Similar to Roxio's DirectCD and does the same thing. From HP - "This is a needed file as it controles the readability of the Combo drives. Without this file loading the end user will be able to burn CD's but wont be able to read them. The drive itself will be able to read store bought master Cd's without the file but not burnt ones" | Yes |
| Y | DLACTRLW | DLACTRLW.EXE | Drive letter access to a UDF packet writer for CD-RW - from HP, Veritas and others. Similar to Roxio's DirectCD and does the same thing. From HP - "This is a needed file as it controles the readability of the Combo drives. Without this file loading the end user will be able to burn CD's but wont be able to read them. The drive itself will be able to read store bought master Cd's without the file but not burnt ones" | Yes |
| Y | DLACTRLW.EXE | DLACTRLW.EXE | Drive letter access to a UDF packet writer for CD-RW - from HP, Veritas and others. Similar to Roxio's DirectCD and does the same thing. From HP - "This is a needed file as it controles the readability of the Combo drives. Without this file loading the end user will be able to burn CD's but wont be able to read them. The drive itself will be able to read store bought master Cd's without the file but not burnt ones" | Yes |
| N | DlaTray | Dlatray.exe | System Tray access to DLA - Drive letter access to HP's and Veritas' version of DirectCD. Does the same thing as DirectCD. From HP - "This is a needed file as it controles the readability of the Combo drives. Without this file loading the end user will be able to burn CD's but wont be able to read them. The drive itself will be able to read store bought master Cd's without the file but not burnt ones" | No |
| N | dlbcserv | dlbcserv.exe | Related to Dell Photo Printers and provides additional configuration options for these devices | No |
| Y | DLBTCATS | rundll32 [path] DLBTtime.dll, _RunDLLEntry@16 | Resolves a timing problem where a Dell service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll) | No |
| Y | DLBUCATS | rundll32 [path] DLBUtime.dll, _RunDLLEntry@16 | Resolves a timing problem where a Dell service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll) | No |
| Y | DLBXCATS | rundll32 [path] DLBXtime.dll, _RunDLLEntry@16 | Resolves a timing problem where a Dell service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll) | No |
| Y | DLCCCATS | rundll32 [path] DLCCtime.dll,_RunDLLEntry@16 | Resolves a timing problem where a Dell service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll). If you use the 964 printer, Dell recommends leaving dlcctime.dll in place as it fixes compatibility issues on some Dell systems. If you receive an error message on system startup that reads: "Error in C:\WINDOWS\System32\spool\drivers\W32\x86\3DLCCtime.dll Missing entry: RunDLLEntry" Dell offers help here | No |
| U | dlccmon.exe | dlccmon.exe | Dell Photo AIO Printer 924 device monitor | No |
| Y | DLCDCATS | rundll32 [path] DLCDtime.dll, _RunDLLEntry@16 | Resolves a timing problem where a Dell service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll) | No |
| U | dlcdmon.exe | dlcdmon.exe | Dell Photo AIO Printer 944 device monitor | No |
| Y | DLCFCATS | rundll32 [path] DLCFtime.dll, _RunDLLEntry@16 | Resolves a timing problem where a Dell service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll) | No |
| Y | DLCGCATS | rundll32 [path] DLCGtime.dll, _RunDLLEntry@16 | Resolves a timing problem where a Dell service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll) | No |
| U | dlcgmon.exe | dlcgmon.exe | Dell Photo AIO Printer 810 device monitor | No |
| Y | DLCICATS | rundll32 [path] DLCItime.dll, _RunDLLEntry@16 | Resolves a timing problem where a Dell service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll) | No |
| X | dlcipscl | dcpavss.exe | Added by the MAILBOT-CB TROJAN! | No |
| Y | DLCJCATS | rundll32 [path] DLCJtime.dll, _RunDLLEntry@16 | Resolves a timing problem where a Dell service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll) | No |
| U | dlcjmon.exe | dlcjmon.exe | Dell Photo AIO Printer 964 device monitor | No |
| Y | DLCQCATS | rundll32 [path] DLCQtime.dll, _RunDLLEntry@16 | Resolves a timing problem where a Dell service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll) | No |
| U | dlcqmon.exe | dlcqmon.exe | Dell Photo AIO Printer 966 device monitor | No |
| Y | DLCXCATS | rundll32 [path] DLCXtime.dll, _RunDLLEntry@16 | Resolves a timing problem where a Dell service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll) | No |
| U | dlcxmon.exe | dlcxmon.exe | Dell Photo AIO Printer 926 device monitor | No |
| X | dlder | dlder.exe | Dlder spyware. Also creates a fake "explorer.exe" file and can be installed via versions of Grokster, Lime Wire and KaZaA file-sharing utilities | No |
| X | DlDir1 | caKe | Added by the CAKE WORM! | No |
| U | dldtamon | dldtamon.exe | Dell AIO Printer V305 device monitor | No |
| U | dldtmon | dldtmon.exe | Dell AIO Printer V305 device monitor | No |
| U | dldtmon.exe | dldtmon.exe | Dell AIO Printer V305 device monitor | No |
| ? | DLForcerExe | DLForcerEXE.exe | ?? | No |
| N | DLF_00000B00 | Vcdlf.exe | Known to cause problems with "Out of memory" errors (see here). Otherwise, it's purpose is unknown | No |
| N | DLG | DLGCHBW.exe | Backweb part of Data LifeGuard - diagnostic tools for Western Digital's series of hard drives. Automatically detects an internet connection and downloads any available updates | No |
| N | DLHelperEXE | WATCH.exe | Download helper distributed with some software that allows the software installation to redirect download locations. Not required once the installation is finished | No |
| X | DLHelperEXE.exe | N/A | Downloader for Microgaming/Casino software - stealth installed | No |
| X | dlhost | dlhost.exe | Added by the EXPHOOK-A TROJAN! | No |
| X | DLINK dfe drivers for Windows NT | windfe.exe | Added by the RANDEX.AK WORM! | No |
| U | DLink System Tray | dlnetst.exe | Related to D-Link DGE-530T PCI card for servers and workstations | No |
| X | Dlite | dllmanager.exe | Added by the WOOTBOT.DN WORM! | No |
| X | Dll Boot Loader on Startup (do not remove this) | [various filenames] | Added by an unidentified TROJAN! | No |
| X | Dll Link | svchoist.exe | Added by the AUTOSKY WORM! | No |
| X | Dll Link | svchost.exe | Added by the AUTOSKY WORM! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in Documents and Settings\<User>\Favourites folder | No |
| X | DLL Manager | dllmngr32.exe | Added by a variant of the RBOT WORM! | No |
| X | DLL Service Manager | [path to worm] | Added by the RPCBOT.F TROJAN! | No |
| X | dll services | [random filename].exe | Added by a variant of the SDBOT WORM! | No |
| X | DLL32 | dllmem32.exe | Added by the KWBOT.E WORM! | No |
| X | DLL32 | dllhost.dll | Added by the SUCLOVE.A WORM! | No |
| X | dllcache.exe | dllcache.exe | Added by the VISPAT.A WORM! | No |
| X | DllCacherv2 | dllcachev2.exe | Added by the LATEDA TROJAN! | No |
| X | dllcvss | [random filename] | Added by a variant of the SLAPER TROJAN! | No |
| X | dlldmt | dlldmt.exe | Added by a variant of the CRYPTER.C TROJAN! | No |
| X | DllExecutable | [path to file] | Added by the VB-SP WORM! | No |
| X | dllhelp | dllhelp.exe | Added by the STARTPAGE.DQ hijacker | No |
| X | dllhelp | dllhlp.exe | Added by the Downloader-HI TROJAN! | No |
| X | DLLHost | dllhst.exe | Added by the DELBOT-AC WORM! | No |
| X | DllHost | dllhost.exe | Added by the PROSTI.AA BACKDOOR! Note - this is not the legitimate dllhost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\Inf | No |
| X | dllhostxp.exe | dllhostxp.exe | Browser hijacker and adware downloader | No |
| X | DllLoader | lssas.exe | Added by the BDOOR-JE BACKDOOR! | No |
| X | Dlload | killer.exe | Added by the KILLAV-FK TROJAN! | No |
| X | dllreg | dllreg.exe | Added by the CRYPTER.A TROJAN! | No |
| X | DLLService32 | dllsvc32.exe | Added by the AGOBOT.VX WORM! | No |
| X | DLLUPDATE32 | dllupdate32.exe | Added by the AGOBOT.IA WORM! | No |
| N | DLM.exe | DLM.exe | IGN Download Manager has become a requirement for downloading files through FilePlanet.com. It is based on Internet Explorer and it installs through an ActiveX-plugin, hence Internet Explorer must be installed beforehand and downloads has to be initialized through that browser | No |
| N | dlmMgr | AdobeDownloadManager.exe | Adobe Download Manager - "can prevent you from having to start from the beginning should your download process be interrupted, and it offers a level of service not possible | No |
| Y | DLO Agent | DLOClientu.exe | Part of the backup suites from VERITAS - Backup Exec and NetBackup. Both have now been replaced by their Symantec equivalents since they acquired VERITAS in 2005 | No |
| U | DLPSP | DLPSP.EXE | Dell laser printer status monitor | No |
| X | dlsp2mx | dlsp2mx.exe | Added by the MPB-B DIALER! An uninstall option can be accessed via the Add or Remove Programs dialog in the Windows Control Panel. The software is listed as "dlsp2mx" | No |
| ? | DLT | dlt.exe | ?? | No |
| X | dluca | dluca.exe | Added by the DLUCA.C TROJAN! | No |
| X | dluxde | dluxde.exe | All-In-One-Telcom (adult content dialler) variant | No |
| X | Dluxjp | Dluxjp.exe | Added by the DLUCA.D TROJAN! | No |
| X | Dm Hr | lpns.exe | Added by the IRCBOT.WORM.61673 WORM! | No |
| X | DM mgr | dm_mgr.exe | Added by the JITTAR TROJAN! | No |
| X | dm***.exe [* = random char] | dm***.exe [* = random char] | Wareout - malware masquerading as a spyware and dialer remover | No |
| N | DMAScheduler | DMAScheduler.exe | Related to DigitalMedia Plus Archiver. This program is non-essential process to the running of the program, but should not be terminated unless suspected to be causing problems | No |
| X | DMC | dmc.exe | Added by Trojan-Downloader.Win32.Dluca.bv TROJAN! | No |
| U | DMHotKey | DMLoader.exe | HotKey access to the Samsung Display Manager on laptops and ultra-mobiles that support it - such as the M55 and Q1 | No |
| N | DMILDR | dmildr.exe | Part of Dell OpenManage Client Instrumentation - software that allows remote management application programs to access information about, monitor the status of or change the state of the client computer, such as shutting it down remotely. Uses the DMI and/or common information model (CIM) protocols, which are systems management protocols defined by industry standards. Available via Start -> Programs | No |
| X | dmime | dmime.exe | Malware installed by different rogue security software including SpyKillerPro | No |
| N | DMISL | DMISL.EXE | DMI (Desktop Management Interface) Service Layer for Intel TokenExpress network card software. DMI support for the Intel network card managed through the Desktop Management Interface. See here for more information | No |
| N | DMISLAPP | DMISLAPP.exe | DMI (Desktop Management Interface) Service Layer for Intel TokenExpress network card software. DMI support for the Intel network card managed through the Desktop Management Interface. See here for more information | No |
| ? | dmjay | dmjay.exe | ?? | No |
| X | dmloader | dmloader.exe | Added by a variant of the RBOT WORM! | No |
| X | Dmsvc32 | Dmsvc32.exe | Added by the AGOBOT.ABU WORM! | No |
| X | dmtdll | dmtdll.exe | Added by a variant of the CRYPTER.C TROJAN! | No |
| U | DmwClient | dmwclient.exe | DMW "anti-cheating" software for online gaming | No |
| U | DMXLauncher | DMXLauncher.exe | Part of Dell's Media Experience, a multimedia suite which offers the user functionality to organise and play music and digital video files | No |
| X | dm[3 random letters].exe | dm[3 random letters].exe | Added by the RUINDEM TROJAN! | No |
| X | DM_server | dmserver.exe | Comet Cursor adware | No |
| X | dm_service | [path to file] | Added by the MITGLIEDER.P TROJAN! | No |
| N | DNA | btdna.exe | "BitTorrent DNA is a FREE content delivery service based on the BitTorrent protocol which brings the power of user-contributed bandwidth to traditional content publishers while leaving publishers in full control of their files". Now a stand-alone product where the user creates the download, DNA used to be included with and used by earlier versions of the main BitTorrent client. As files are downloaded via a file-sharing network make sure you have good, up-to-date virus protection and check any downloads. Start manually via Control Panel → DNA | Yes |
| X | dnam | d140113.a.Stub.EXE | Added by the STUB_A TROJAN! | No |
| N | Dnar | Dnar.exe | Installed on some Dell workstations and DMI related. Tries to access the internet and is known to not be required - but what does it do? | No |
| Y | DNE Binding Watchdog | rundll dnes.dll, DnDneCheckBindings | Deterministic NDIS Extender (DNE). DNE is an NDIS-compliant module which appears to be a network device driver to all protocol stacks and a protocol driver to all network device drivers. Part of Gilat Communications internet satellite systems. Required if you have this system. Also installed by Winproxy - a proxy program for sharing internet connections through one computer. Required if you want it to work | No |
| Y | DNE DUN Watchdog | rundll dnes.dll, DnDneCheckDUN13 | Deterministic NDIS Extender (DNE). DNE is an NDIS-compliant module which appears to be a network device driver to all protocol stacks and a protocol driver to all network device drivers. Part of Gilat Communications internet satellite systems. Required if you have this system. Also installed by Winproxy - a proxy program for sharing internet connections through one computer. Required if you want it to work | No |
| X | DNHelper32 | DNHlp32.exe | Added by an unidentified WORM or TROJAN! | No |
| X | DNS | mc-58-12-0000080.exe | Shorty adware - also detected as the AGENT.FD TROJAN! | No |
| X | DNS | mc-58-12-0000093.exe | Shorty adware - also detected as the AGENT.FD TROJAN! | No |
| X | DNS | mc-110-12-0000079.exe | Shorty adware - also detected as the AGENT.FD TROJAN! | No |
| X | DNS | mc-58-12-0000120.exe | Shorty adware - also detected as the AGENT.FD TROJAN! | No |
| X | DNS | mc-58-12-0000140.exe | Shorty adware - also detected as the AGENT.FD TROJAN! | No |
| X | DNS | [worm filename] | Added by the BCKDR-CQG BACKDOOR! | No |
| X | Dns Resolver | dnsrslve.exe | Added by the RBOT-WS WORM! | No |
| X | DNS Service | dnsresolver.exe | Added by the RBOT-PQ WORM! | No |
| X | DNS Service | dnssvc.exe | Added by the DELBOT-Z WORM! | No |
| ? | DNS2GoClient | dns2goclient.exe | DNS2Go is a Domain Name System that will make your computer accessible anytime, anywhere by associating a domain name of your choice to your currently assigned IP address. Is it required? | No |
| N | DNS7reminder | Ereg.exe Ereg.ini | ScanSoft (Nuance) Dragon NaturallySpeaking registration reminder. Version 7 | No |
| X | DnsCache | Wscript.exe dns_cache.vbs | Added by the AUTORUN-AWI WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted. The "dns_cache.vbs" file is located in %System% | No |
| X | DNSCacheBoost | dnsping.exe | Added by the DNSBUST-A TROJAN! | No |
| X | dnscleaner | dnscleaner.exe | CoolWebSearch parasite variant | No |
| X | DNSE | DNSE.exe | Part of rogue security tools, including WinAntiVirus Pro 2007, PcTurboPro and SystemDoctor | No |
| ? | DNXVC | dnxvc.exe | ?? | No |
| X | doc | doc.exe | Added by the AGOBOT-BJ WORM! | No |
| X | DocTor | Doctor.exe | Added by the DOTOR.A WORM! | No |
| X | Doctor Antivirus 2008 | antvr.exe | Doctor Antivirus 2008 rogue security software - not recommended, removal instructions here | No |
| N | DocuMagix Init | PWATCH.EXE | PaperMaster is an application for the PC designed to automate the process of organizing, archiving, and retrieving digital versions of files. Start manually if needed | No |
| U | Document Manager | docmgr.exe | Wave Systems Corp. Document Manager - "provides secure storage and management capabilities for file and folder level encryption" | No |
| X | Doggy Style | MsPMSPSd.exe | Added by the SDBOT-AAP WORM! | No |
| X | DOGStart | GSDOGST.EXE | Added by an unidentified VIRUS, WORM or TROJAN! A possibility is a trojan known as PENIS | No |
| ? | Doing | doing.exe | ?? | No |
| X | doit.exe | doit.exe | Added by the FORBOT-EK WORM! | No |
| X | DokterFix | SysRep.exe | DokterFix, Dutch rogue system error and cleaning utility - not recommended. A member of the ErrClean family | No |
| X | Domain Name Resolve Service | dnsresolver.exe | Added by the KIMAN.A WORM! | No |
| X | DomPlayer Service | wakeservice.exe | DomPlayer adware | No |
| U | Don't Panic | dontpanicdemodp.exe | 30-day trial version of Don't Panic privacy software from Panicware. "Clean up Internet tracks and quickly hide personal documents with this privacy suite." | No |
| U | Don't Panic Pop-Up Stopper | dpps2.exe | Pop-Up Stopper Companion from Panicware. Pop-up blocker integrated into the IE toolbar. Note that the Pro version doesn't load in startup as it is installed as an Internet Explorer toolbar. Can cause problems with IE if you use WinXP and uninstall Service Pack 1. Uninstalling the software leaves it in the startup group | No |
| U | Don't Panic! | DP.EXE | Don't Panic! privacy software from Panicware. "Clean up Internet tracks and quickly hide personal documents with this privacy suite" | No |
| X | Dontworry | mysaym.exe | Added by the SDBOT-RC WORM! | No |
| U | Dopus | dopus.exe | Directory Opus - a file manager from GPSoft | No |
| N | DoroServer | DoroServer.exe | Doro PDF Writer from The SZ Development. All what you need for creating pdf files | No |
| X | dos | dos64.exe | Adware downloader trojan | No |
| X | Dos Prompt Loader | cygwin.exe | Added by the SDBOT-VV WORM! | No |
| ? | Dosbat | ?? | ?? | No |
| X | Dot1XCfg | Dot1XCfg.exe | Added by the AGOBOT.EA TROJAN! | No |
| U | DoubleDesktop | dd.exe | "DoubleDesktop is a smart and elegant system tray utility that effectively doubles the width of your Windows desktop" | No |
| N | DoUWantIt | duwi.exe | DoUWantIt - online shopping assistant. Start it manually | No |
| X | Dowmingzu | Dowmingzu.dll.vbs | Added by the SOLOW-E WORM! | No |
| X | down | hlp32.exe | Added by the DLOADER.BG TROJAN! | No |
| X | down | [trojan filename] | Added by the SMALL-QJ TROJAN! | No |
| U | Down2Home | Down2Home.exe | Down2Home - "monitors your ADSL/Cablemodem/Dialup traffic and provides you with usefull statistics about the amount of data your PC has transferred" | No |
| N | Download Accelerator Manager Free Edition | dam.exe | Download Accelerator Manager Free Edition from Tensons Corp | No |
| N | Download Accelerator Plus 5.0 | DAP.exe | Download Accelerator Plus from Speedbit. Download manager for resuming downloads, amongst other features. Available via Start -> Programs. Note that the free version is adware based | No |
| X | Download Plus | DownloadPlus.exe | DownloadPlus adware | No |
| N | Download Wonder | DownloadWonder.exe | Download Wonder from Forty Software. Download manager for resuming downloads, amongst other features | No |
| N | DownloadAccelerator | DAP.EXE | Download Accelerator Plus from Speedbit. Download manager for resuming downloads, amongst other features. Available via Start -> Programs. Note that the free version is adware based | No |
| X | DownloadLegalMusic | rundll32.exe MSA64CHK.dll,DllMostrar | MatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System% | No |
| X | DownloadMP3 | rundll32.exe MSA64CHK.dll,DllMostrar | MatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System% | No |
| X | DownloadsAndMP3 | rundll32.exe MSA64CHK.dll,DllMostrar | MatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System% | No |
| X | DownloadWare | dw.exe | DownloadWare adware | No |
| X | DownloadWare Engine | Dwe.exe | DownloadWare adware | No |
| X | Downxz | Downxz.bat | Added by the MYDOOM.W WORM | No |
| Y | DpAgent | dpagent.exe | Part of the DigitalPersona range of fingerprint authentication applications - which are use to replace passwords with fingerprint recognition. Included on some Dell laptop models (such as the Vostro 1720) for example | No |
| N | DPAgnt | DPAgnt.exe | digitalPersona fingerprint scanner | No |
| Y | DPAS | DPASNT.exe | DefenderPro AntiSpy spyware remover - now incorporated Defender Pro 15-in-1 and 5-in-1 | No |
| Y | DPASUpdate | DPASAutoUpdate.exe | Automatic updates for DefenderPro AntiSpy spyware remover - now incorporated Defender Pro 15-in-1 and 5-in-1 | No |
| Y | Dpcnav | dpcnav.exe | DirecWay from DirectTV (now HughesNet) - satellite based high-speed internet access | No |
| N | DPConfig | DPConfig.exe | Compuware DevPartner Studio Configuration Utility, a tool for software developers - System Tray access to configure the utility's analysis. Not required at startup, can be launched from the Start Menu programs group when needed | No |
| X | dpcproxy | dpcproxy.exe | Added by the GOLDENP-A TROJAN! | No |
| Y | DPCProxyLoadOnStartup | dpcstart.exe | DirecWay from DirectTV (now HughesNet) - satellite based high-speed internet access | No |
| Y | Dpcstart | dpcstart.exe | DirecWay from DirectTV (now HughesNet) - satellite based high-speed internet access | No |
| X | dpi | dpi.exe | Delfin Media Viewer or "Promulgate" adware | No |
| X | dpnsvr32 | dpnsvr32.exe | Added by the AOLPASS-B TROJAN! | No |
| U | dpps2 | dpps2.exe | Pop-Up Stopper Companion from Panicware. Pop-up blocker integrated into the IE toolbar. Note that the Pro version doesn't load in startup as it is installed as an Internet Explorer toolbar. Can cause problems with IE if you use WinXP and uninstall Service Pack 1. Uninstalling the software leaves it in the startup group | No |
| X | dps | dps.exe | SmartestSearch parasite - poses as a foistware, bogus adware/spyware remover called "scumware-remover" | No |
| N | dptracker | dptracker.exe | CamTrack webcam software that enhances the way people video chat | No |
| U | DpUtil | TEDTray.exe | Main executable for TOSHIBA DualPoint Utility Main Module. It is a system tray icon program that provides configuration options for dual pointing device | No |
| X | DR service | [path to worm] | Added by the RBOT-CZT WORM! | No |
| N | Drag'n'Drop_Autolaunch | Autolaunch.exe | Iomega HotBurn - CD-RW burning software | No |
| ? | DragDrop | DragDrop.exe | ?? | No |
| N | DragnDrop_Autolaunch | Autolaunch.exe | Iomega HotBurn - CD-RW burning software | No |
| X | DRam Monitor 23 | tskman3.exe | Added by a variant of the RBOT WORM! | No |
| X | DRam prmaessor | [random filename] | Added by the RBOT.CSG WORM! | No |
| X | DRam prosesor | [random filename] | Added by the SPYBOT.EE WORM! | No |
| X | DRam prosessor | [random filename] | Added by the RBOT.CSG WORM! | No |
| X | DRam prosessor | plscd.exe | Added by the RBOT.CYA WORM! | No |
| X | DRam prosessor | HWAPI.exe | Added by a variant of the RBOT WORM! Note - this is not the McAfee HackerWatch process which has the same filename | No |
| X | DRam prosessor | WindowsUpdate.exe | Added by the RBOT-BBZ WORM! | No |
| X | DRam prosessor | msupdate.exe | Added by the DELF-FAW TROJAN! | No |
| X | DRam prosessor | winupl.exe | Added by the RBOT-BCQ WORM! | No |
| X | DRam rar proc | winupdaterar.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | DRam rare proc | updaterarwin.exe | Added by the RBOT-GQW WORM! | No |
| X | DRan posessor | DAP.exe | Added by a variant of the SDBOT WORM! | No |
| X | DrAntispy | DrAntispy.exe | DrAntiSpy rogue security software - not recommended | No |
| X | DrCache | MSTDC.EXE | Added by the BDOOR-JM BACKDOOR! | No |
| X | dreams | server.exe | Added by a variant of the SDBOT WORM! | No |
| X | DrefIW | SysDrefIWv2.exe | Added by the DREF-C WORM! | No |
| X | DrefIW | SysDref.exe | Added by the DREF-D WORM! | No |
| ? | dregfix | ph_finder.exe | ?? | No |
| N | DrgToDsc | DrgToDsc.exe | Part of Roxio EasyCD Creator 6.0 - places the Roxio Drag-to-Disc icon in you system tray. "Easily drag and drop files for burning to CD or DVD. Disc formatting and burning will happen automatically". Not required for Roxio to work properly | No |
| ? | dried.exe | dried.exe | ?? | No |
| X | drin | [path to trojan] | Added by the SMALL.DPB TROJAN! | No |
| X | DriveCleaner 2006 Free | UDC2006.exe | DriveCleaner rogue security software - not recommended, removal instructions here | No |
| X | DriveCleaner Free | UDC.exe | DriveCleaner rogue security software - not recommended, removal instructions here | No |
| X | DriveDefender | GDC.exe | DriveDefender rogue privacy tool - not recommended. A member of the PCPrivacyTool family | No |
| U | DriveIcons | DriveIcon.exe | Drive Icons from Realtek - shows a specific icon for each card type for their card reader controllers | No |
| U | DriveLED | OODLed.exe | O&O DriveLED - hard disk monitoring and crash prevention | No |
| X | Driver | gbot.exe | Added by the JUNTADOR.K TROJAN! | No |
| X | Driver32 | Scam32.exe | Added by the SIRCAM WORM! | No |
| X | DriverCheck | svchost.exe | Added by the DELF-KR TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "DriverLoad" sub-directory of the Root folder (C:\), (D:\), etc | No |
| X | DriverConf | dvrconf.exe | Added by the AGOBOT-IY WORM! | No |
| X | DriverDB | svcmdx32.exe | Added by the BERPI TROJAN! | No |
| X | DriverLoad | svchost.exe | Added by the DELF-KR TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "DriverLoad" sub-directory of the Root folder (C:\), (D:\), etc | No |
| U | DriverMagicLogon | dmschedule.exe | Part of DriverMagic - "the easiest way to locate device drivers" | No |
| N | DriverMax | devices.exe | DriverMax from Innovative Solutions - "a new tool that allows you to download the latest driver updates for your computer. No more searching for rare drivers on discs or on the web or inserting one installation CD after the other" | No |
| X | DriverModule | csrnvrt.exe | Added by the IRCBOT.I TROJAN! | No |
| X | DriverPath | system32.exe | Added by the PRORAT-S TROJAN! | No |
| X | Drivers for Internet Explorer | accesweb.exe | Added by the STARTPAGE.FW TROJAN! | No |
| X | Drives swap | AV1i.exe | Anti-Virus Number-1 rogue security software - not recommended, removal instructions here | No |
| N | DriveSelect | driveselect.exe | DVD X Copy XPress by 321 Studios. Creates a pop-up at Windows startup that asks for the DVD drive to be selected. Available via Start -> Programs | No |
| X | DriveSystem | maxpaynowti1.exe | Added by the TIBS.AZT TROJAN! | No |
| U | drkly16j | rundll32.exe drkly16j.dll, ServiceCheck | KidsWatch Time Control parental control software | No |
| X | DRM Upgrade | drmupgd.exe | Added by the IRCBOT.AWU BACKDOOR! | No |
| U | dRMON SmartAgent | SmartAgt.exe | Part of the network monitoring program group for 3Com NIC cards. See here for more info | No |
| X | drmsrv32 | stmhosts.exe | Added by the AGENT.AGWU TROJAN! | No |
| X | drmu | W95Mm.exe | Homepage hijacker installing a toolbar: http://tdko.com/. Lop.com in disguise | No |
| X | Drmupgds | Drmupgds.exe | Maxfiles adware | No |
| X | drocher | d.exe | Adult content dialler | No |
| X | DropSpam Lifestyle | dslifestyle.exe | Dropspam adware | No |
| X | DrProtection | DrProtection.exe | DrProtection rogue security software - not recommended | No |
| X | drvddll.exe | drvddll.exe | Added by the BEAGLE.AP WORM! | No |
| X | Drvddll_exe | drvddll.exe | Added by the BEAGLE.X WORM! | No |
| U | DrvIcon | DrvIcon.exe | "Vista Drive Icon changes the drive icons shown in Windows "My Computer", to a nearly Vista drive icon, showing the drive's free space with a smooth colored horizontal bar" | No |
| ? | DrvListnr | DrvListnr.exe | Analog Devices SoundMAX soundcard related. What does it do and is it required? | No |
| U | drvlsnr | drvlsnr.exe | Compaq/ADI SoundMAX integrated digital audio controller related. May solve a problem if your sound cuts out unexpectedly | No |
| U | DrvMon.exe | DrvMon.exe | Alcor drive monitor software | No |
| X | drvnetw | drvnetw.exe | Added by the BROGGER-B TROJAN! | No |
| X | drvr32h | drvr32h.exe | Added by an unidentified VIRUS, WORM or TROJAN! | No |
| X | drvrmanager | drvrquery32.exe | Added by the BOOHOO WORM! | No |
| X | DrvStart | HPMedia.exe | Added by the BANCBAN-QE TROJAN! | No |
| X | drvsys.exe | drvsys.exe | Added by the BEAGLE.W WORM! | No |
| X | drvsyskit | hidr.exe | Added by the BAGLE.HR WORM! | No |
| X | drvupd | rundll32 ..drvupd.inf | Hijacker - drvupd.inf file installs a "searchforge.com" hijack | No |
| X | drv_st_key | hidn.exe | Added by the BEAGLE.FF WORM! | No |
| X | DrWatson | drwatson_.exe | Added by the LOHAV-S TROJAN! | No |
| X | DrWatson | drwatson_32.exe | Added by the LOHAV-S TROJAN! | No |
| X | DrWeb Antivirus | DRWEBAV.EXE | Added by an unidentified WORM or TROJAN! | No |
| Y | Drwebscheduler | Drwebscd.exe | DrWeb antivirus related - scheduler that allows you to manage an automatic launch of applications, in particular the antivirus scanner or the update subsystem | No |
| X | DR_S | DR_S.exe | IstBar adware | No |
| X | ds | ds.exe | Added by the SPYMON TROJAN! | No |
| U | DS Clock | dsclock.exe | Digital desktop clock including synchronization with atomic servers - see here | No |
| X | dS35DLL | ffqca.exe | Added by the SDBOT-KV WORM! | No |
| X | dsa | dsa.exe | Homepage hijacker - redirecting to downseek.com | No |
| X | DSAcass | [path to file] | Added by the RANKY.M TROJAN! | No |
| X | dsadlsa14 | dsakfsak14.exe | Added by the ONLINEG-P TROJAN! | No |
| X | DSB | DSB.exe | EnergyPlugin adware | No |
| U | dscactivate | dsca.exe | Dell Support Agent offers additional support and update features for your Dell computer or laptop | No |
| X | dsd | zz.exe | Added by the RBOT-FOX WORM! | No |
| N | DSentry | DSentry.exe | Anti-spyware from Dell. Seems that after Dell found out certain applications being installed from DVD's would report back information about what customers were watching, they decided to implement an anti-spyware service. Run manually before installation starts | No |
| X | dsfghjgj | keepSafe.exe | Added by the KILLAV.KAX TROJAN! | No |
| X | Dsi | dp-******.exe | Added by an unidentified adware where ****** are random characters | No |
| X | Dsi | dp-him.exe | Added by the MULTIDR-AH TROJAN! | No |
| X | Dskcompat | Dskcompat.exe | Added by the GEMA TROJAN! | No |
| U | DSKEY | DsKey.exe | Part of PC PhoneHome - "secretly sends an invisible email message to an email address of your choice containing the physical location of your computer every time you get an Internet connection". Security software from Brigadoon Security Group for tracking down lost/stolen computers | No |
| X | DSKEY | [path to trojan] | Added by the STARTER-G TROJAN! | No |
| N | DSL Monitor | spdstrm.exe | Comes with Efficient Networks DSL Modems. Little red/green/yellow flashing icon in system tray | No |
| Y | DSLagentexe | DSLagent.exe | Used in conjunction with USB connected ADSL modems from Eicon Networks (as used by BT for its Broadband internet service for example). Required for a permanent ADSL connection | No |
| Y | dslmon | dslmon.exe | Sagem DSL modem related. Apparently needed to detect the modem | No |
| U | DSLSTATEXE | dslstat.exe | System tray connection status for ADSL modems from Eicon Networks (as used by BT Broadband for example) | No |
| X | DsmSer | dsm.exe | Added by the SERFLOG.B WORM! | No |
| X | DsmSer | msmpatch.exe | Added by the SERFLOG.B WORM! | No |
| X | DsmSer | svosm.exe | Added by the SERFLOG.B WORM! | No |
| X | DsmSer | sysup.exe | Added by the SERFLOG.B WORM! | No |
| Y | DSndUp | DSndUp.exe | Utility that only runs once after installing the drivers for Analog Devices SoundMax integrated soundcards. It's exact purpose is unknown at the present time but from the filename it's probably used to configure the default or generic speaker arrangement for the system it's used on | Yes |
| X | DsplObjects | windspl.exe | Added by the BEAGLE.DN WORM! | No |
| X | DSS | dssagent.exe | Registration reminder for Mattel Interactive (Broderbund) applications and games. Spyware as it sends encrypted emails about the system back to the originators of the program. Also a resource hog. See here for more info | No |
| X | DSS | [path to trojan] | Added by the DSSDOOR-C TROJAN! | No |
| X | DSService | dmrss.exe | Added by the AGOBOT-XX WORM! | No |
| ? | DSSSGENS | dssagens.exe | ?? | No |
| X | dstiosys | plsitctl.exe | Added by the MAILBOT-BX TROJAN! | No |
| X | DSystemDriver | windrv.exe | Added by the DELF.WG TROJAN! | No |
| U | DT 11Mbps WLAN PC Card Station | DTCARDMonitor.exe | 11Mbps PC Card based wireless LAN connection monitor - possibly from Deutsche Telekom | No |
| U | DT 11Mbps WLAN USB Station | DTUSBMonitor.exe | 11Mbps USB based wireless LAN connection monitor - possibly from Deutsche Telekom | No |
| U | DT HPW | DTHtml.exe | HP My Display from HP. Rebranded version of Display Tune from Portrait Displays, Inc. - which "is the perfect software utility to initially set-up and adjust your display to achieve its optimum performance. All adjustments are made through a simple graphical user interface" | No |
| U | DT Task | DTHtml.exe | Display Tune from Portrait Displays, Inc. - which "is the perfect software utility to initially set-up and adjust your display to achieve its optimum performance. All adjustments are made through a simple graphical user interface." Also licensed and renamed by manufacturers such as Gateway (EzTune), HP (HP My Display), Hyundai ImageQuest (ImageTune), LG (forteManager) and ViewSonic (PerfectSuite™ Plus) | No |
| N | DU Meter | DUMETER.EXE | Hagel Technologies internet bandwidth monitor | No |
| U | DualCoreCenter | StartUpDualCoreCenter.exe | Unified control center for overclocking both the graphics card and the CPU, but for the program to have its full functionality you must have an MSI mainboard with a CoreCell chip | No |
| ? | Duane Reade Insert Detect | InsDetect.exe | Part of Duane Read Picture Suite & Digital Image Pack. Detects a digital camera is plugged into a USB port or when a memory card with photos is inserted? | No |
| X | duck | duck.exe | Added by the AGOBOT-AVG WORM! | No |
| N | Dulux WeatherShield WeatherDesk | weather.exe | Dulux WeatherShield WeatherDesk - latest weather information from across Australia | No |
| X | Dumeter Services | dumeter.exe | Added by the SDBOT-AEQ WORM! | No |
| X | dumprep | spoolc.exe | Detected by Kaspersky as a variant of the AGENT.CXF TROJAN! | No |
| X | dumprep | dump-k.exe | Added by the BUZUS-U WORM! | No |
| N | dumprep 0 -k | dumprep 0 -k | Used in connection with memory dumps - you can disable these by - right clicking on My Computer, selecting Properties and then the Advanced tab. Click on the Settings button in 'Startup and Recovery'. In the bottom pane - under 'Write debugging information' - click on the down arrow and then select 'None' - OK your way out | No |
| N | dumprep 0 -u | dumprep 0 -u | Used in connection with memory dumps - you can disable these by - right clicking on My Computer, selecting Properties and then the Advanced tab. Click on the Settings button in 'Startup and Recovery'. In the bottom pane - under 'Write debugging information' - click on the down arrow and then select 'None' - OK your way out | No |
| X | DUN_SERVICES3 | dun3.exe | Added by the SOKIRON TROJAN! | No |
| X | Duweculey | yujixit.exe | Added by the SDBOT.BRP WORM! | No |
| X | Duwee wong Cerbon | Cirebons.exe | Added by the BHARAT.A WORM! | No |
| X | DVAScvssdfa | AsSDdwd.exe | Added by the LIOTEN.IP TROJAN! | No |
| U | DVD Device Lock for Win95/98/Me/2k/XP | DDLAgent.exe | Loads Hide and Protect any Drives - which "can be used to restrict read or write access to removable media devices such as CD, DVD, floppy, flash and USB drives. You can also restrict access to partitions of hard disk drives". If disabled, hidden and locked drives still retain their original status so the user will only be able to change their status them via the main UI | Yes |
| X | DVD Upgrade | dvdupgd.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| N | dvd43 | DVD43_Tray.exe | DVD43 is "a small tool that integrates into Windows and overrides CSS copy-protection found on DVD movies" | No |
| U | DVD43 | DVD43.exe | DVD43 is a small tool that overrides CSS copy-protection found on DVD movies | No |
| X | dvd98 | windvd98.exe | Added by the CULT.P WORM! | No |
| N | DVD@ccess | DVDAccess.exe | Part of DVD Studio Pro from Apple Inc. - "The DVD@CCESS feature allows you to add additional interactivity to your DVD title when it is played on a computer" | No |
| ? | DVDAgent | DVDAgent.exe | Found on the HP Touchsmart range of desktops and notebooks. What does it do and is it required? | No |
| U | DVDBitSet | DVDBitSet.exe | DVD+RW Drive/Disc Compatibility Setting. Installed with HP DVD+RW drives to enhance compatibility with existing readers. You can also set a DVD+RW default drive write mode which is always used | No |
| ? | DVDCheck | DVDCheck.exe | Related to an Intervideo program. What does it do and is it required in startup? | No |
| X | Dvdcompat | Dvdcompat.exe | Added by the GEMA TROJAN! | No |
| N | DVDLauncher | DVDLauncher.exe | Part of Cyberlink's Power Cinema - allows you to play DVDs upon insertion | No |
| N | DVDSentry | DSentry.exe | Anti-spyware from Dell. Seems that after Dell found out certain applications being installed from DVD's would report back information about what customers were watching, they decided to implement an anti-spyware service. Run manually before installation starts | No |
| N | DVDTray | DVDTray.exe | HP CD/DVD Tray icon installed with the DVD writer software. Periodically checks for new drive firmware | No |
| N | DVDUpgrade | DVDUpgrd.exe | Microsoft program to upgrade your DVD decoder program - see Q306331. Available via Start -> Programs | No |
| N | DVDXGhost | DVDGhost.EXE | DVD Ghost - "utility to make your software DVD players and DVD copy/backup softwares restriction-free, and copy/backup DVD to hard disk" | No |
| U | dvHighMem | cfgmng32.exe | Related to PureSight PC - designed to offer maximum flexibility and choice as families manage their internet use | No |
| Y | Dvp95 | Dvp95.exe | Scan engine for F-Secure and Command antivirus software based on the F-Prot AntiVirus engine | No |
| Y | dvpapi9x | DVPAPI9X.exe | Command AntiVirus for Windows 95/98/Me | No |
| Y | DvpInitExe | Dvpinit.exe | Command Antivirus related | No |
| Y | dvprpt | Dvprpt.exe | Command Antivirus related | No |
| X | dvraudio | dvraudio.exe | Added by a variant of the CRYPTER.C TROJAN! | No |
| X | dvsfss | fbsfsdrs.exe | Added by the SDBOT-QA WORM! | No |
| U | DVSync | dvsync.exe | DVSync is the program that allows you to synchronize your daVinci's PDA's data with your Personal Information Manager on the PC | No |
| X | DvVideo32 | dvvid32.exe | Added by the TINY.FD TROJAN! | No |
| X | Dvx | wsxsvc.exe | Delfin Media Viewer or "Promulgate" adware variant | No |
| X | dw | dw.exe | DownloadWare adware | No |
| N | DW4 | Weather.exe | Desktop Weather 4 by The Weather Channel - provides current temperature, conditions, alerts, etc | No |
| N | DW4 | DesktopWeather.exe | Desktop Weather 4 by The Weather Channel - provides current temperature, conditions, alerts, etc | No |
| N | DW6 | DesktopWeather.exe | Desktop Weather 6 by The Weather Channel - provides current temperature, conditions, alerts, etc | No |
| U | DWHeartbeatMonitor | DWHeartbeatMonitor.exe | DWHeartbeatMonitor.exe is installed alongside the Weather.com instant messaging utility. This is a non-essential process. Disabling or enabling this is down to user preference | No |
| N | DwlClient | support.exe | Download manager for Dell support alerts | No |
| X | dwqblwppx.exe | [random].exe | Okcashbackmall adware | No |
| X | dwqblwpvl.exe | [random].exe | Okcashbackmall adware | No |
| X | dwqblwrsq.exe | [random].exe | Okcashbackmall adware | No |
| U | DWQueuedReporting | dwtrig20.exe | Used to launch Microsoft Error Reporting (DW20.exe) - if, for example, there have been an error downloading malware definition updates for Windows Defender - which gives the user the chance to send the error report to Microsoft to improve their software | Yes |
| N | dwStart | FireWall.exe | The Shield firewall from pcsecurityshield.com. Not recommended by some (see here) and there are better free alternatives out there such as Zone Alarm. Located in %ProgramFiles%\PCSecurityShield\The Shield Firewall | No |
| U | dwtrig20 | dwtrig20.exe | Used to launch Microsoft Error Reporting (DW20.exe) - if, for example, there have been an error downloading malware definition updates for Windows Defender - which gives the user the chance to send the error report to Microsoft to improve their software | Yes |
| X | DW_Start | rwwnw64d.exe | Identified as a variant of the AdWare.Win32.ZenoSearch.am malware | No |
| X | Dx | sys*.exe [* = random number] | Added by the DEXTER.A WORM! | No |
| X | Dx8compat | Dx8compat.exe | Added by the GEMA TROJAN! | No |
| X | dxdiag diagnose | msidxdia.exe | Added by a variant of the RBOT WORM! | No |
| X | dxdiags.exe | dxdiags.exe | Added by the CERTIF-G TROJAN! | No |
| X | DxDialog | dxdlg32.exe | Added by the VB-CXT TROJAN! | No |
| X | dxdll32 | ntxdll.exe | Added by the GAOBOT.CPX WORM! | No |
| N | DXDllRegExe | dxdllreg.exe | Created when you select "Yes" to check the "WHQL Digital signatures" in the DirectX9 files at the first time you open it | No |
| X | DxLoad | DX3DRndr.exe | Added by the GIBE.B WORM! | No |
| N | DXM6Patch_981116 | p_981116.exe | Win32 cabinet self extractor. More info here | No |
| X | dxmsrv | dxmsrv.exe | Added by an unidentified WORM or TROJAN! | No |
| X | Dxsty | Dxsty.exe | Added by the GEMA TROJAN! | No |
| X | Dxupdate.exe | Dxupdate.exe | Added by the MAFEG WORM! | No |
| X | dxvid | dxvid.exe | Added by the DLUCA-Y TROJAN! | No |
| X | DyFuCA | optimize.exe | Adult content dialler - see here | No |
| X | DyFuCA Active Alert | actalert.exe | Adult content dialler - see here | No |
| X | Dynamic DHCP | dydhcp.exe | Added by the RINBOT.B TROJAN! | No |
| X | Dynamic Dns Binary | dynitora.exe | Added by the RBOT-WT WORM! | No |
| X | Dynamic Dns Binary | CMD16.EXE | Added by the RBOT-XM WORM! | No |
| X | Dynamic Dns Binary | winxp34.exe | Added by a variant of the RBOT WORM! | No |
| X | Dynamic Dns Binary | WinHelpcfn.exe | Added by a variant of the RBOT WORM! | No |
| X | Dynamic Link Library loader | Loader32.exe | Added by the KOL TROJAN! | No |
| U | DynDNS Updater | DynDNS.exe | Dynamic DNS IP address updater tool, used as a client for Dynamic DNS service providers such as http://www.DynDNS.org | No |
| N | DynDNS-Updater Traytool | ddutray.exe | DynDNS updater tray icon - allows easy configuration of the Dynamic DNSSM service. Can be run manually | No |
| X | DynHttp Dns Binary | dynizari.exe | Added by a variant of the RBOT WORM! | No |
| U | DynSite | DynSite.exe | DynSite - dynamic DNS client, also called an automatic IP updater | No |
| U | Dynu Basic Client | dynubas.exe | Dynu online dynamic IP update client. Useful when using a dial up modem | No |
| ? | DZKillMe | DZSAVEME.EXE | ?? | No |
| U | D_V_T | dvt.exe | DICOM Validation Tool - "DICOM is increasingly being used as the standard communication mechanism when integrating various medical products in a hospital environment" | No |
| ? | D_V_T | dvt.exe | Installation could be a crack/hack to NOD32 - see here. Seen and removed in many logs. Investigate it further and if the file C:\d_v_t.reg is present then it should be fixed. Not to be confused with the DICOM entry here | No |
| X | E-Card | ecard.exe | Added by the YODI WORM! | No |
| U | E-color | IconMgr.Exe | Sets the colour of your monitor when running games that recognise E-Color so that you get 'what the game designer intended' when you see the game. Also allows monitor callibration through a program called 3-Deep. If you play a lot of games it can be useful. Can be disabled from starting up from within the program | No |
| N | E-Color Registration | SonnReg.exe | Registration for Colorific® and 3Deep® monitor calibration sofware from E-Color. Now superseded by ColorWizzard™ and 3DxWizzard™ | No |
| X | E-nrgyPlus | E-nrgyPlus.exe | Energyplus - tracks internet activity including websites visited and queries made at popular search engines. This information along with some system information is sent to a remote site | No |
| U | e-Surveiller Station | estation.exe | ESurveiller - surveillance software. Uninstall this software unless you put it there yourself | No |
| U | E06DXLRD_7604703 | EDICT.EXE | Related to Microsoft Encarta dictionary functions | No |
| N | E6TaskPanel | TaskPanl.exe | Earthlink Task Panel - part of Earthlink TotalAccess 2003 internet access software. Quick access to internet, E-mail and web-space | No |
| N | EA Core | Core.exe | Electronic Arts EA Link software - "gives you a secure yet simple way to download EA PC games and patches, as well as other exclusive content" | No |
| U | eabconfg.cpl | EabServr.exe | Easy Access Buttons control panel on Compaq laptops. Only required if you use the extra keys | No |
| X | Eac Download | download.exe | Webcelerator from eAcceleration speeds your Web browsing by both remembering where you have been and anticipating where you will go. Only needed if you find it improves web browsing. Now no longer available and supported and when available was classed as spyware - see here | No |
| U | EACLEAN | eaclean.exe | For Compaq PC's. Easy Access button support for the keyboard | No |
| X | Eac_Cnry | canary.exe | Added by the CANARY TROJAN! | No |
| ? | Eac_rnvdl | ANTIVIRUS_INSTALL.EXE | ?? | No |
| U | EanthologyApp | EANTHO~1.EXE | eAcceleration Stop-Sign security software related. Previously not recommended, see here | No |
| U | EanthologyApp | eanthology.exe | eAcceleration Stop-Sign security software related. Previously not recommended, see here | No |
| U | eanthology_install.exe | eanthology_install.exe | eAcceleration Stop-Sign security software related. Previously not recommended, see here | No |
| U | eanth_critical_update_alert | sys_alert.exe | eAcceleration Stop-Sign security software related. Previously not recommended, see here | No |
| U | eanth_critical_update_alert | EANTHO~1.EXE | eAcceleration Stop-Sign security software related - previously not recommended (see here). It has now been delisted, so make sure you have the latest version | No |
| U | eanth_system_patcher | sys_alert.exe | eAcceleration Stop-Sign security software related. Previously not recommended, see here | No |
| N | Eapcisetup | sbsetup.exe | Rockwell RipTide soundcard application software. Sound works without it | No |
| N | EAPCISETUP | wizard.exe | Part of the Creative Sounblaster PIC Installation Wizard. Probably left as a result of a failed installation | No |
| Y | Earthlink Protection Control Center | elnk_pcc.exe | EarthLink Protection Control Center - "powerful, integrated security program makes it easier than ever to protect yourself against viruses, spyware, and hackers-all from one convenient location" | No |
| N | EarthLink ToolBar 5.0 | etoolbar.exe | EarthLink Toolbar is a tool to help you get to all of the resources of the internet. EarthLink 5.0 Setup adds a few basic buttons to the Toolbar, but you can delete these or add more buttons any time | No |
| U | Easy Key | easykey.exe | For programming of the built-in functions keys on some laptops (and maybe desktops). Required if these are used | No |
| N | Easy Start Button | esb.exe | Provides functionality on certain laptops that have additional keys. Not required unless you use the extra keys | No |
| U | Easy-PrintToolBox | BJPSMAIN.EXE | A utility to launch the applications that are bundled with a Canon bubblejet printer | No |
| X | EasyAV | EasyAV.exe | Added by the NETSKY.S or NETSKY.T WORMS! | No |
| X | EasyDates | EasyDates.exe | Premium rate adult content dialler | No |
| X | EasyDates_gb | EasyDates_gb.exe | "Edate-A" premium rate adult content dialler | No |
| X | EasyDates_nl | EasyDates_nl.exe | Adult content dialler | No |
| U | EasyKey | easykey.exe | For programming of the built-in functions keys on some laptops (and maybe desktops). Required if these are used | No |
| U | EasyKeyboardLogger | EasyKeyboardLogger.exe | EasyKeyLogger keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| U | EasyLinkAdvisor | LinksysAgent.exe | Linksys EasyLink Advisor - "the free application that provides and easy way to setup, view, manage, and repair your network" | No |
| X | EasyMessage | em2.exe | 180solutions adware | No |
| N | EasyNetwork | McENUI.exe | McAfee's EasyNetwork user interface - "enables secure file sharing, simplifies file transfers, and automates printer sharing among the computers in your home network." Part of McAfee's security products such as Total Protection and Internet Security | Yes |
| X | EasySearchBar | ESBUpdate.exe | EasySearchBar adware downloader | No |
| X | easyServ | Server.exe | Added by the EASYSERV TROJAN! | No |
| X | EasySpywareCleaner | EasySpywareCleaner.exe | EasySpywareCleaner rogue spyware remover - not recommended, removal instructions here | No |
| U | EasySync Pro | XCPCMenu.exe | "IBM® Lotus® EasySync® Pro is a personal productivity solution that provides data synchronization between your IBM Lotus Notes® desktop and handheld devices running PalmOS and Windows CE/Pocket PC operating systems" | No |
| U | EasySync Pro - 3CmPlm | AutoDet.exe | 3Com Palm PC specific translator for IBM® Lotus® EasySync® Pro - "a personal productivity solution that provides data synchronization between your IBM Lotus Notes® desktop and handheld devices running PalmOS and Windows CE/Pocket PC operating systems" | No |
| U | EasySync Pro - LtNts4 | NtsAgent.exe | Lotus Notes 4 specific translator for IBM® Lotus® EasySync® Pro - "a personal productivity solution that provides data synchronization between your IBM Lotus Notes® desktop and handheld devices running PalmOS and Windows CE/Pocket PC operating systems" | No |
| U | EasySync Pro - PocketPC | AUTODE~1.EXE | Windows Mobile Pocket PC specific translator for IBM® Lotus® EasySync® Pro - "a personal productivity solution that provides data synchronization between your IBM Lotus Notes® desktop and handheld devices running PalmOS and Windows CE/Pocket PC operating systems" | No |
| U | EasySync Pro - PocketPC | AutoDetect.exe | Windows Mobile Pocket PC specific translator for IBM® Lotus® EasySync® Pro - "a personal productivity solution that provides data synchronization between your IBM Lotus Notes® desktop and handheld devices running PalmOS and Windows CE/Pocket PC operating systems" | No |
| U | EasyTuneIII | EasyTune.exe | Tuning (overclocking) utility for Gigabyte motherboards. Shortcut available | No |
| U | EasyTuneIV | ET4Tray.exe | Tuning (overclocking) utility for Gigabyte motherboards. Shortcut available | No |
| U | EasyTuneV | GUI.exe | Tuning (overclocking) utility for Gigabyte motherboards. Shortcut available | No |
| X | easywww | easywww2.exe | Added by an unidentified VIRUS, WORM or TROJAN! | No |
| U | eAudio | eAudio.exe | Part of Acer Empowering Technology. Acer eAudio Management provides centralized control over notebook audio and specialized audio modes for movies, music and games | No |
| X | EbatesMoeMoneyMaker | wjview ...Code | Ebates adware | No |
| X | EbatesMoeMoneyMaker0 | EbatesMoeMoneyMaker0.exe | Ebates adware | No |
| X | eBay Toolbar | EBAYTBAR.EXE | eBay Toolbar - reportes as spyware as it "phones home" | No |
| U | eBayToolbar | eBayTBDaemon.exe | eBay toolabar related - also contains eBay account Guard which monitors for fraudulent eBay sites | No |
| X | ebmmm | ebatesmmmv.exe | Ebates adware | No |
| U | eBoard | Eboard.exe | eMachines multimedia keyboard manager. Required if you use the extra keys | No |
| N | eBot | DownloadWizard.exe | eBot from Digital River - "helps ensure your computer always has the latest technology, fixes, add-ons, upgrades and 'cool stuff'." Can optionally be installed with software such as Net Nanny internet filtering software. Available via Start -> Programs | No |
| U | EC21 | EZQ.EXE | Related to EC21 "the world's largest B2B marketplace to facilitate online trades between exporters and importers from all around the world" | No |
| U | ECenter | gtb.exe | Dell E-Center/Google Toolbar related | No |
| N | ECenter | EULALauncher.exe | End User License Agreement (EULA) launcher - related to Dell E-Center/Google Toolbar | No |
| X | ecko | claro.exe | Added by the DLOADR-AQJ TROJAN! | No |
| ? | ecpe | ECPE.EXE | ?? | No |
| U | eDataSecurity Loader | eDSloader.exe | Part of Acer Empowering Technology. "Acer eDataSecurity Management is a handy file encryption utility that protects files from being accessed by unauthorized persons, using passwords and advanced encryption algorithms" | No |
| N | edexter | edexter.exe | eDexter supplements internet filtering by substituting local images for filtered images in order to prevent browser stalls and other annoyances. Can be activated manually when starting the browser | No |
| X | editpad | editpad.exe | Added by the CONSPER-B TROJAN! | No |
| N | EDLoader | DTLoader.exe | Effective Desktop from MiniStars Software - desktop management software no longer being supported | No |
| U | eDonkey2000 | edonkey2000.exe | File sharing network - not recommended as the free version of this application should be avoided as it installs, without permission, New.Net, Webhancer, WebSearch Toolbar and WinTools | No |
| U | EDRestore | ?? | Set Point from Easy Desk Software - "small utility that automatically sets System Restore points for WinME/XP" | No |
| X | educational writer | [random filename] | Added by the RBOT-LZ WORM! | No |
| U | Edwizard | Edwizard.exe | SafeGuard Easy - "provides total company-wide protection for sensitive information on laptops and workstations. Boot protection, pre-boot user authentication and hard disk encryption using powerful algorithms guarantee against unauthorized access and hacker attacks" | No |
| X | EDxMC110 | Isass.exe | Added by the VB-NIA WORM! | No |
| X | Edzy AntiVirus | dppsfa.exe | Added by a variant of the RBOT WORM! | No |
| X | Eech | hoor.exe | PurityScan adware | No |
| N | EEventManager | EEventManager.exe | Part of the Epson Creativity Suite supplied with their multi-function printer/scanners, Event Manager launches File Manager or PageManager for EPSON automatically when you press the B&W Start or Color Start button on the control panel in Scan mode | No |
| X | Efata | [random 5 characters].exe | Added by the FLUKAN-D WORM! | No |
| U | eFax 4.1 | J2GDllCmd.exe | DLL Command Utility for version 4.1 of eFax Messenger from j2 Global Communications, Inc. - which "is powerful Internet fax software that makes it easy to create, annotate, sign, zoom and print faxes from any computer" | No |
| U | eFax 4.1 | J2GTray.exe | System Tray access to version 4.1 of eFax Messenger from j2 Global Communications, Inc. - which "is powerful Internet fax software that makes it easy to create, annotate, sign, zoom and print faxes from any computer" | No |
| U | eFax 4.2 | J2GDllCmd.exe | DLL Command Utility for version 4.2 of eFax Messenger from j2 Global Communications, Inc. - which "is powerful Internet fax software that makes it easy to create, annotate, sign, zoom and print faxes from any computer" | No |
| U | eFax 4.2 | J2GTray.exe | System Tray access to version 4.2 of eFax Messenger from j2 Global Communications, Inc. - which "is powerful Internet fax software that makes it easy to create, annotate, sign, zoom and print faxes from any computer" | No |
| U | eFax 4.3 | J2GDllCmd.exe | DLL Command Utility for version 4.3 of eFax Messenger from j2 Global Communications, Inc. - which "is powerful Internet fax software that makes it easy to create, annotate, sign, zoom and print faxes from any computer" | No |
| U | eFax 4.3 | J2GTray.exe | System Tray access to version 4.3 of eFax Messenger from j2 Global Communications, Inc. - which "is powerful Internet fax software that makes it easy to create, annotate, sign, zoom and print faxes from any computer" | No |
| U | eFax 4.4 | J2GDllCmd.exe | DLL Command Utility for version 4.4 of eFax Messenger from j2 Global Communications, Inc. - which "is powerful Internet fax software that makes it easy to create, annotate, sign, zoom and print faxes from any computer" | No |
| U | eFax 4.4 | J2GTray.exe | System Tray access to version 4.4 of eFax Messenger from j2 Global Communications, Inc. - which "is powerful Internet fax software that makes it easy to create, annotate, sign, zoom and print faxes from any computer" | No |
| U | eFax DllCmd | J2GDllCmd.exe | DLL Command Utility for eFax Messenger from j2 Global Communications, Inc. - which "is powerful Internet fax software that makes it easy to create, annotate, sign, zoom and print faxes from any computer" | No |
| U | eFax DllCmd 3.5 | J2GDllCmd.exe | DLL Command Utility for version 3.5 of eFax Messenger from j2 Global Communications, Inc. - which "is powerful Internet fax software that makes it easy to create, annotate, sign, zoom and print faxes from any computer" | No |
| U | eFax DllCmd 4.0 | J2GDllCmd.exe | DLL Command Utility for version 4.0 of eFax Messenger from j2 Global Communications, Inc. - which "is powerful Internet fax software that makes it easy to create, annotate, sign, zoom and print faxes from any computer" | No |
| U | eFax Live Menu 3.3 | J2GDllCmd.exe | DLL Command Utility for version 3.3 of eFax Messenger from j2 Global Communications, Inc. - which "is powerful Internet fax software that makes it easy to create, annotate, sign, zoom and print faxes from any computer" | No |
| N | eFax Tray Menu | HotTray.exe | eFax Messenger Tray Menu system tray icon for eFax Messenger Plus. Available via Start -> Programs. Disabling instructions available here | No |
| U | eFax Tray Menu | J2GTray.exe | System Tray access to eFax Messenger from j2 Global Communications, Inc. - which "is powerful Internet fax software that makes it easy to create, annotate, sign, zoom and print faxes from any computer" | No |
| U | eFax Tray Menu 3.3 | J2GTray.exe | System Tray access to version 3.3 of eFax Messenger from j2 Global Communications, Inc. - which "is powerful Internet fax software that makes it easy to create, annotate, sign, zoom and print faxes from any computer" | No |
| U | eFax Tray Menu 3.5 | J2GTray.exe | System Tray access to version 3.5 of eFax Messenger from j2 Global Communications, Inc. - which "is powerful Internet fax software that makes it easy to create, annotate, sign, zoom and print faxes from any computer" | No |
| U | eFax Tray Menu 4.0 | J2GTray.exe | System Tray access to version 4.0 of eFax Messenger from j2 Global Communications, Inc. - which "is powerful Internet fax software that makes it easy to create, annotate, sign, zoom and print faxes from any computer" | No |
| N | eFax.com Tray Menu | HotTray.exe | eFax Messenger Tray Menu system tray icon for eFax Messenger Plus. Available via Start -> Programs. Disabling instructions available here | No |
| X | efaxs lptt01 | efaxs.exe | RapidBlaster variant (in a "efaxs" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here | No |
| X | efaxs ml097e | efaxs.exe | RapidBlaster variant (in a "efaxs" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here | No |
| U | EFI Hot Folders | hffw.exe | "EFI Hot Folders improves productivity by simplifying the printing of PostScript and PDF files into a select, drag, and drop process. Once users create Hot Folders with different printing and finishing parameters, files are printed without opening an application or print driver menu." Part of EFI's high-end printing solutions | No |
| U | EFI Job Monitor | [path] efjm.dll,run | Ricoh Imagio Printer/Scanner driver status monitor | No |
| U | Efpap.exe | Efpap.exe | Easy File & Folder Protector. Deny access to certain files and folders, or to hide them securely from viewing and searching | No |
| X | egikugu | napolecy.exe | Added by the SDBOT.AOE WORM! | No |
| N | EgisTecLiveUpdate | EgisUpdate.exe | Software updater for biometric and data encryption products from EgisTec Inc | No |
| Y | egui | egui.exe | User interface for ESET NOD32 Antivirus and Smart Security | No |
| X | ehSched | ehSched.exe | Added by the SDBOT-DHF WORM! | No |
| U | ehTray | ehtray.exe | Media Center Tray Applet - part of Windows Media Center on XP MCE, Vista and Windows 7 (where it doesn't run as a startup). Allows Windows Media Center to be started by pressing the green button on a remote control and also displays System Tray notifications, such as recording status (successful or non-successful), EPG download notification, etc | Yes |
| U | ehTray.exe | ehTray.exe | Media Center Tray Applet - part of Windows Media Center on XP MCE, Vista and Windows 7 (where it doesn't run as a startup). Allows Windows Media Center to be started by pressing the green button on a remote control and also displays System Tray notifications, such as recording status (successful or non-successful), EPG download notification, etc | Yes |
| X | ei10.exe | ei10.exe | Added by the AGOBOT-NK WORM! | No |
| U | Eicon NetworksLAN_DAEMON | watch.exe | Associated with an Eicon Networks ISDN or ADSL modem. Watch protocols your connection with numbers and duration. You need callvu.exe (from Start Menu) to see your connection statistics. You can manually start watch.exe before you go online. Needs diinfo.exe (started by DiTask) to work correctly which can be started manually | No |
| U | Eicon TechnologyLAN_DAEMON | watch.exe | Associated with an Eicon Networks ISDN or ADSL modem. Watch protocols your connection with numbers and duration. You need callvu.exe (from Start Menu) to see your connection statistics. You can manually start watch.exe before you go online. Needs diinfo.exe (started by DiTask) to work correctly which can be started manually | No |
| X | eixfi | china.bat | Added by the WCUP.A WORM! | No |
| X | eKerberos | eKerberos.exe | eKerberos rogue security software - not recommended | No |
| U | Elbycheck | ElbyCheck.exe | From Elaborate Bytes who make CloneCD - monitors the installed filters of CD-ROMs/DVD-ROMs. Note - under Win2K removing this from startup causes the CD drive in the computer to not be recognized in the OS and after rechecking it prompts that the driver has been corrupted and asks you to restart the computer to fix it | No |
| U | Electron Microscope | EMIII.exe | Electron Microscope or EM - is a program used to track Stanford's distributed computing program client called Folding at Home, FAH. It will monitor up to 50 clients and give you the details about each client's progress as the FAH client runs. EM will also show you what each change in the protein looks like as the process continues | No |
| X | Element | Element.txt | Added by the ELEM TROJAN! | No |
| X | element furth | [path] repcale.exe [path] palsp.exe | Added by a variant of the RANDON.AN WORM! Both files are often located in %System%\vert | No |
| X | elitemedia | elitemediapop.exe | Added by the LOWZONE-BB TROJAN! Also known as Elitebar/EliteToolbar/EliteSidebar adware | No |
| X | EliteProtector | EliteProtector.exe | EliteProtector rogue spyware remover - not recommended, removal instructions here | No |
| N | elm | Elmenv.exe | ViaTech eLicense for securing, distributing and selling music online | No |
| X | ELNKProxy | smproxy.exe | Surfmonkey adware | No |
| U | ELSA WINman Suite | Winmsuit.exe | Allows you to totally customize your ELSA graphics card settings, including overclocking the GPU | No |
| Y | ElsaCapiCtl | Rcapi.exe | Assumed to stand for Remote Common Application Programming Interface (RCAPI), this was installed with an Elsa Microlink ISDN modem. If it is not there you can not bring up the dialog box which is sometimes needed to reset the modem | No |
| U | ELSAChipGuard | elsavect.exe | ChipGuard for ELSA graphics cards - monitoring solution which monitors both the GPU temperature and fan speed, and will halt the system if either are at dangerous levels and restore the default clock speeds upon reboot. Leave enabled if overclocking | No |
| U | ELSBLaunch | ELSBLaunch.exe | EarthLink SpamBlocker | No |
| N | EMA.exe | EMA.EXE | Time management system which helps you to manage your time and appointments | No |
| U | eMachines eBoard | Eboard.exe | eMachines multimedia keyboard manager. Required if you use the extra keys | No |
| Y | Email Protection | emlproxy.exe | AntiVirus Quick Heal - E-mail protection | No |
| Y | EmailScan | mcvsescn.exe | Related to McAfee AntiVirus suite - used to automatically scan incoming e-mails | No |
| X | eMakeSV | EMAKESV.EXE | "Switch" adult content dialer | No |
| X | eMakeSV | EMAKE2B.EXE | "Switch" adult content dialer | No |
| U | EMBASSY Trust Suite Secure Update | AutoUpdate.exe | Updates for Wave Systems Corp. Embassy Trust Suite - "delivers advanced levels of security to the client PC using the TPM security chip found on most enterprise PCs today" | No |
| X | eMCryT Sh3ars Panagers | [path to worm] | Added by the RBOT-AWI WORM! | No |
| X | eMessenger | emsn.exe | Added by the RBOT.AHO BACKDOOR! | No |
| U | EMMeter | EMMeter.exe | "Express Meter lets you track and manage software usage so you can avoid purchasing and supporting applications that aren't being used, and prevent the use of unauthorized programs" | No |
| X | emoc0re | emo.exe | Added by the AGOBOT-AGE WORM! | No |
| U | Emouse | Emouse.exe | Genius mouse driver - required if you use non-standard Windows driver features | No |
| U | emoze | emoze.exe | emoze pcConnector - "Push your personal & business emails, contacts & calendar directly to your mobile device!" | No |
| X | empin | e121307.exe | Delfin Media Viewer adware related | No |
| X | empin | e121307.Stub.exe | Delfin Media Viewer adware related | No |
| ? | Empowering Technology Launcher | eAPLauncher.exe | Part of Acer Empowering Technology. What does it do and is it required? | No |
| ? | EmpoweringTechnology | Framework.Launcher.exe | Part of Acer Empowering Technology. What does it do and is it required? | No |
| X | emre1 | emre1.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | emsw.exe | emsw.exe | Attune HelpExpress - spyware. Disable and uninstall - see here | No |
| X | emule | emule.exe | Added by the RBOT-ALZ WORM! Note - do not confuse with the legitimate eMule peer-to-peer (P2P) file-sharing program which is normally located in %ProgramFiles%\eMule. This one is located in %System% | No |
| N | eMule | emule.exe | eMule - "one of the biggest and most reliable peer-to-peer file sharing clients around the world. Thanks to it's open source policy many developers are able to contribute to the project, making the network more efficient with each release". As eMule is a is a peer-to-peer (P2P) file-sharing client used to distribute large amounts of data between multiple users make sure you have good, up-to-date virus protection and check any downloads | No |
| N | eMuleAutoStart | emule.exe | eMule - "one of the biggest and most reliable peer-to-peer file sharing clients around the world. Thanks to it's open source policy many developers are able to contribute to the project, making the network more efficient with each release". As eMule is a is a peer-to-peer (P2P) file-sharing client used to distribute large amounts of data between multiple users make sure you have good, up-to-date virus protection and check any downloads | No |
| N | eMusicClient Systray | eMusicClient.exe | eMusic MP3 download software | No |
| U | EM_EXEC | EM_EXEC.EXE | Logitech Mouseware driver. Needed to support some additional functionality of Logitech mice/trackballs such as "SmartMove". If you disable it and find you don't need it leave it disabled | No |
| N | EN4060C Taskbar | en4060ct.exe | Comes with Efficient Networks DSL Modems. Little red/green/yellow flashing icon in system tray | No |
| X | enBrowser | [name of file] | WINBO adware | No |
| ? | encapsulated command tool | wintr.com | ?? | No |
| N | Encarta Dictionary Quickshelf | QSHLFED.EXE | Provides quick access to Encarta's Dictionary features? | No |
| N | ENCMONITOR | monitor.exe | The Encompass Monitor. This program is the Connect Direct Program. It is more trouble than it is worth and few use it | No |
| N | Encoder Agent | WMENCAGT.EXE | MS Windows Media Encoder, which already has a shortcut in the Start Menu if installed | No |
| U | Encompass_ENCMONTR | ENCMONTR.EXE | Optional simple browser from Yahoo (Encompass) | No |
| ? | ENCSurf | surfboard.exe | ?? | No |
| N | Energizer FileSaver | Energizer FileSaver.exe | Energizer FileSaver - UPS back-up utility for Energizer UPS products. From their Tech Support staff this is known to have a memory leak since it's release - with no fix planned! It will grab 2-5 handles per second and crash the average system in less than 3 days - therefore not recommended | No |
| X | EnergyPlugIn | EnergyPlugin.exe | EnergyPlugin adware variant | No |
| U | enginecs2 | enginecs2.exe | Cyber Sentinel - internet filtering software | No |
| Y | EngUtil | EngUtil.exe | Part of Roxio EasyCD Creator 6.0 - corrects any modification made to the Roxio Engine, it exits after checking | No |
| X | Enh Win Updt | enhupdt.exe | Adware - detected by Kaspersky as the ONECLICKNETSEARCH.H TROJAN! | No |
| X | enhance32 | enhance32.exe | Added by the CRYPTER.A TROJAN! | No |
| N | EnigmaPopupStop | EnigmaPopupStop.exe | Part of Enigma SpyHunter - not recommended, see here | No |
| ? | ENSApServer2_0 | APSERVER.EXE | Intel AnyPoint Wireless II Home Network related. Now discontinued. What does it do and is it required? | No |
| ? | ENSMIX32.EXE | ENSMIX32.EXE | Sound card driver. Is it required? | No |
| U | EnsoniqMixer | starter.exe | Puts the Ensoniq mixer in system tray. From Ensoniq Technologies "Our mixer is a critical part of the soundcard as it fixes sound problems and replaces the MS mixer which can no longer be used". If you find you don't need it - try one of the solutions on this special page. Similar to Creative PCI Audio Configuration Utility | No |
| U | Entbloess 2 | Entbloess2.exe | Related to Window-Switcher (now Reflex Vision) - it allows you to see previews of all your open applications via a single keystroke in a manner similar to Apple's Exposé, for Windows 2K/XP | No |
| U | Enterprise Harmony | rsMenu.exe | Enterprise Harmony 99 for CASIO - synchronization software for use with Microsoft® Outlook 97/98/2000 | No |
| U | Enterprise Harmony '99 | rsMenu.exe | Enterprise Harmony 99 for CASIO - synchronization software for use with Microsoft® Outlook 97/98/2000 | No |
| X | Enterprise Suite | WE[random characters].exe | Enterprise Suite rogue security software - not recommended, removal instructions here | No |
| U | Enterra Icon Keeper | IcnKeepr.exe | Icon Keeper - "tool to save and restore icon positions on the desktop" | No |
| X | EntraOcio | rundll32.exe MSA64CHK.dll,DllMostrar | MatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System% | No |
| X | Enumerate Service | wsys.exe | Added by the MANIFEST TROJAN! | No |
| Y | EnvyHFCPL | EnMixCPL.exe | VIA Envy24 PCI Audio Controller driver | No |
| U | eonemng | eOneMng.exe | eOne Manager, provides access to the buttons on the keyboard and on the front of the console for the eMachines eOne PC | No |
| U | EOUApp | EOUWiz.exe | Intel ProSET Wireless related - provides additional configuration options for these devices | No |
| U | EOUWiz | EOUWiz.exe | Intel ProSET Wireless related - provides additional configuration options for these devices | No |
| U | EPGServiceTool | EPGClient.exe | Electronic Programme Guide (EPG) for the WinTV range of TV Tuners from Hauppauge | No |
| U | EPGServiceTool | EPGCLI~1.EXE | Electronic Programme Guide (EPG) for the WinTV range of TV Tuners from Hauppauge | No |
| U | EPM-DM | epm-dm.exe | Device Manager - part of Acer Empowering Technology. "Acer ePower Management is a straightforward interface that allows users to select from pre-configured power usage profiles, or to create their own customized profiles" | No |
| U | ePowerManagement | ePM.exe | Part of Acer Empowering Technology. "Acer ePower Management is a straightforward interface that allows users to select from pre-configured power usage profiles, or to create their own customized profiles" | No |
| U | ePower_DMC | ePower_DMC.exe | Part of Acer Empowering Technology. "Acer ePower Management is a straightforward interface that allows users to select from pre-configured power usage profiles, or to create their own customized profiles" | No |
| U | EPoXUSDM | USDM.EXE | EPoX Universal Serial Data Monitor - a diagnostics tool that shows Temps, Fan Speeds, Voltages...etc | No |
| N | ePrint 3.0 Service | EPRINT3.EXE | LEADTOOLS ePrint file conversion software - "convert any file to and from over 150 document and image formats including searchable PDF, DOC, HTML, TXT, Multi-page TIFF, JPG, GIF, PNG and many more!" Can be started manually | No |
| N | ePrint 4.0 Service | EPRINT4.EXE | A component of the "LEADTOOLS ePrint File Conversion Software - Convert ANY file to and from over 150 document and image formats including searchable PDF, DOC, HTML, TXT , Multi-page TIFF, JPG, GIF, PNG and many more!" Can be started manually | No |
| U | ePrompter | ePrompter.exe | ePrompter - E-mail notification software | No |
| N | EPS | e_srcv02.exe | According to the Epson info: "Use this utility to automatically check for errors and also check the level of ink remaining." This utility can also be started on demand when about to print as follows: File menu > Print to bring up the print dialog box. Click on the Properties button which will bring up a display with 4 tabs. Click the Utility tab to get a list of utilities that can be executed including the Status Monitor 3 Environment Check | No |
| N | EPS | e_srcv03.exe | According to the Epson info: "Use this utility to automatically check for errors and also check the level of ink remaining." This utility can also be started on demand when about to print as follows: File menu > Print to bring up the print dialog box. Click on the Properties button which will bring up a display with 4 tabs. Click the Utility tab to get a list of utilities that can be executed including the Status Monitor 3 Environment Check | No |
| X | Epsilon Squared | vmmreg32.exe | Added by the AGENT.MVC TROJAN! | No |
| N | EPSON Background Monitor | STMS.EXE | Supposed to keep an Epson printer ready for quick printing. Users report little difference whether it is on or not | No |
| U | EPSON CardMonitor | EPSON CardMonitor1.0.exe | Monitors the PCMCIA memory card slot on EPSON cameras and printers and launches PhotoStarter or PhotoPrint | No |
| U | EPSON PictureMate Deluxe | E_FATI9TA.EXE | Epson Status Monitor 3 for the PictureMate Deluxe compact photo printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Status Monitor 3 | E_[various].EXE | Epson Status Monitor 3 for their range of printer and AIO devices - for monitoring printer status, checking ink levels, etc | No |
| N | EPSON Status Monitor 3 Environment Check | e_srcv03.exe | According to the Epson info: "Use this utility to automatically check for errors and also check the level of ink remaining." This utility can also be started on demand when about to print as follows: File menu > Print to bring up the print dialog box. Click on the Properties button which will bring up a display with 4 tabs. Click the Utility tab to get a list of utilities that can be executed including the Status Monitor 3 Environment Check | No |
| N | EPSON Status Monitor 3 Environment Check | e_srcv02.exe | According to the Epson info: "Use this utility to automatically check for errors and also check the level of ink remaining." This utility can also be started on demand when about to print as follows: File menu > Print to bring up the print dialog box. Click on the Properties button which will bring up a display with 4 tabs. Click the Utility tab to get a list of utilities that can be executed including the Status Monitor 3 Environment Check | No |
| N | EPSON Status Monitor 3 Environment Check 2 | e_srcv03.exe | According to the Epson info: "Use this utility to automatically check for errors and also check the level of ink remaining." This utility can also be started on demand when about to print as follows: File menu > Print to bring up the print dialog box. Click on the Properties button which will bring up a display with 4 tabs. Click the Utility tab to get a list of utilities that can be executed including the Status Monitor 3 Environment Check | No |
| N | EPSON Status Monitor 3 Environment Check 2 | e_srcv02.exe | According to the Epson info: "Use this utility to automatically check for errors and also check the level of ink remaining." This utility can also be started on demand when about to print as follows: File menu > Print to bring up the print dialog box. Click on the Properties button which will bring up a display with 4 tabs. Click the Utility tab to get a list of utilities that can be executed including the Status Monitor 3 Environment Check | No |
| U | EPSON Stylus C120 Series | E_FATICCA.EXE | Epson Status Monitor 3 for the Stylus C120 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus C40 Series | E_S10IC2.EXE | Epson Status Monitor 3 for the Stylus C40 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus C41 Series | E_S10IC2.EXE | Epson Status Monitor 3 for the Stylus C41 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus C42 Series | E_S10IC2.EXE | Epson Status Monitor 3 for the Stylus C42 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus C43 Series | E_S08IC1.EXE | Epson Status Monitor 3 for the Stylus C43 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus C43 Series | E_S10IC2.EXE | Epson Status Monitor 3 for the Stylus C43 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus C44 Series | E_S10IC2.EXE | Epson Status Monitor 3 for the Stylus C44 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus C45 Series | E_S4I3T1.EXE | Epson Status Monitor 3 for the Stylus C45 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus C46 Series | E_S4I0T1.EXE | Epson Status Monitor 3 for the Stylus C46 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus C48 Series | E_S4I091.EXE | Epson Status Monitor 3 for the Stylus C48 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus C60 Series | E_S10IC2.EXE | Epson Status Monitor 3 for the Stylus C60 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus C61 Series | E_S10IC2.EXE | Epson Status Monitor 3 for the Stylus C61 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | Epson Stylus C62 Series | E-S0BIC1.EXE | Epson Status Monitor 3 for the Stylus C62 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus C62 Series | E_S10IC2.EXE | Epson Status Monitor 3 for the Stylus C62 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus C63 Series | E_S10IC2.EXE | Epson Status Monitor 3 for the Stylus C63 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus C64 Series | E_S10IC2.EXE | Epson Status Monitor 3 for the Stylus C64 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus C64 Series | E_S4I2C1.EXE | Epson Status Monitor 3 for the Stylus C64 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus C66 Series | E_S4I0S2.EXE | Epson Status Monitor 3 for the Stylus C66 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus C67 Series | E_FATIAAL.EXE | Epson Status Monitor 3 for the Stylus C67 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | Epson Stylus C82 Series | E_S0HIC1.EXE | Epson Status Monitor 3 for the Stylus C82 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus C82 Series | E_S10IC2.EXE | Epson Status Monitor 3 for the Stylus C82 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus C84 Series | E_S10IC2.EXE | Epson Status Monitor 3 for the Stylus C84 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus C84 Series | E_S4I2D1.EXE | Epson Status Monitor 3 for the Stylus C84 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus C87 Series | E_FATIABL.EXE | Epson Status Monitor 3 for the Stylus C87 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus CX2900 Series | E_FATIBFP.EXE | Epson Status Monitor 3 for the Stylus CX2900 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus CX3100 | E_S10IC2.EXE | Epson Status Monitor 3 for the Stylus CX3100 printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus CX3200 | E_S10IC2.EXE | Epson Status Monitor 3 for the Stylus CX3200 printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus CX3600 Series | E_FATI9BE.EXE | Epson Status Monitor 3 for the Stylus CX3600 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus CX3700 Series | E_FATIACP.EXE | Epson Status Monitor 3 for the Stylus CX3700 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus CX3800 Series | E_FATIACA.EXE | Epson Status Monitor 3 for the Stylus CX3800 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus CX3900 Series | E_FATIBEP.EXE | Epson Status Monitor 3 for the Stylus CX3900 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus CX4200 Series | E_FATIAEA.EXE | Epson Status Monitor 3 for the Stylus CX4200 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus CX4500 Series | E_FATI9AP.EXE | Epson Status Monitor 3 for the Stylus CX4500 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus CX4600 Series | E_FATI9AA.EXE | Epson Status Monitor 3 for the Stylus CX4600 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus CX4700 Series | E_FATIADL.EXE | Epson Status Monitor 3 for the Stylus CX4700 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus CX4800 Series | E_FATIADA.EXE | Epson Status Monitor 3 for the Stylus CX4800 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus CX5000 Series | E_FATIBVA.EXE | Epson Status Monitor 3 for the Stylus CX5000 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus CX5400 | E_S4I2G1.EXE | Epson Status Monitor 3 for the Stylus CX5400 printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus CX5500 Series | E_FATICAP.EXE | Epson Status Monitor 3 for the Stylus CX5500 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus CX6000 Series | E_FATIBIA.EXE | Epson Status Monitor 3 for the Stylus CX6000 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus CX6500 Series | E_FATI9EP.EXE | Epson Status Monitor 3 for the Stylus CX6500 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus CX6600 Series | E_FATI9EE.EXE | Epson Status Monitor 3 for the Stylus CX6600 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus CX6600 Series | E_FATI9EA.EXE | Epson Status Monitor 3 for the Stylus CX6600 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus CX7000F Series | E_FATIBKA.EXE | Epson Status Monitor 3 for the Stylus CX7000F Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus CX7400 Series | E_FATICDA.EXE | Epson Status Monitor 3 for the Stylus CX7400 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus CX7800 Series | E_FATIAFA.EXE | Epson Status Monitor 3 for the Stylus CX7800 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus CX8300 Series | E_FATICEP.EXE | Epson Status Monitor 3 for the Stylus CX8300 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus CX8400 Series | E_FATICEA.EXE | Epson Status Monitor 3 for the Stylus CX8400 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus CX9300F Series | E_FATICFP.EXE | Epson Status Monitor 3 for the Stylus CX9300F Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus CX9400Fax Series | E_FATICFA.EXE | Epson Status Monitor 3 for the Stylus CX9400Fax Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus D68 Series | E_FATIAAE.EXE | Epson Status Monitor 3 for the Stylus D68 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus D78 Series | E_FATIBGE.EXE | Epson Status Monitor 3 for the Stylus D78 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus D88 Series | E_FATIABE.EXE | Epson Status Monitor 3 for the Stylus D88 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus DX3800 Series | E_FATIACE.EXE | Epson Status Monitor 3 for the Stylus DX3800 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus DX4000 Series | E_FATIBEE.EXE | Epson Status Monitor 3 for the Stylus DX4000 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus DX4400 Series | E_FATICAE.EXE | Epson Status Monitor 3 for the Stylus DX4400 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus DX4800 Series | E_FATIADE.EXE | Epson Status Monitor 3 for the Stylus DX4800 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus DX5000 Series | E_FATIBVE.EXE | Epson Status Monitor 3 for the Stylus DX5000 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus DX6000 Series | E_FATIBIE.EXE | Epson Status Monitor 3 for the Stylus DX6000 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus DX7000F Series | E_FATIBKE.EXE | Epson Status Monitor 3 for the Stylus DX7000F Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus DX7400 Series | E_FATICDE.EXE | Epson Status Monitor 3 for the Stylus DX7400 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus DX8400 Series | E_FATICEE.EXE | Epson Status Monitor 3 for the Stylus DX8400 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus Photo 1400 Series | E_FATIBUA.EXE | Epson Status Monitor 3 for the Stylus Photo 1400 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus Photo 2200 | E_S10IC2.EXE | Epson Status Monitor 3 for the Stylus Photo 2200 printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus Photo 825 | E_S10IC2.EXE | Epson Status Monitor 3 for the Stylus Photo 825 printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus Photo 925 | E_S10IC2.EXE | Epson Status Monitor 3 for the Stylus Photo 925 printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus Photo R1800 | E_FATI9LA.EXE | Epson Status Monitor 3 for the Stylus Photo R1800 printer - for monitoring printer status, checking ink levels, etc, etc | No |
| U | EPSON Stylus Photo R200 Series | E_S4I0H2.EXE | Epson Status Monitor 3 for the Stylus Photo R200 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus Photo R220 Series | E_S6I2I1.EXE | Epson Status Monitor 3 for the Stylus Photo R220 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus Photo R220 Series | E_FATIAIE.EXE | Epson Status Monitor 3 for the Stylus Photo R220 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus Photo R240 Series | E_FATIAHE.EXE | Epson Status Monitor 3 for the Stylus Photo R240 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus Photo R2400 | E_FATI9SA.EXE | Epson Status Monitor 3 for the Stylus Photo R2400 printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus Photo R2400 | E_FATI9SE.EXE | Epson Status Monitor 3 for the Stylus Photo R2400 printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus Photo R260 Series | E_FATIBNA.EXE | Epson Status Monitor 3 for the Stylus Photo R260 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus Photo R280 Series | E_FATICKA.EXE | Epson Status Monitor 3 for the Stylus Photo R280 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus Photo R285 Series | E_FATICKE.EXE | Epson Status Monitor 3 for the Stylus Photo R285 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus Photo R300 Series | E_S4I2F1.EXE | Epson Status Monitor 3 for the Stylus Photo R300 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus Photo R300 Series | E_S10IC2.EXE | Epson Status Monitor 3 for the Stylus Photo R300 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus Photo R300 Series | E_S4I0F2.EXE | Epson Status Monitor 3 for the Stylus Photo R300 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus Photo R320 Series | E_FATI9FA.EXE | Epson Status Monitor 3 for the Stylus Photo R320 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus Photo R340 Series | E_FATIAJE.EXE | Epson Status Monitor 3 for the Stylus Photo R340 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus Photo R380 Series | E_FATIBOA.EXE | Epson Status Monitor 3 for the Stylus Photo R380 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus Photo R800 | E_FATI9YE.EXE | Epson Status Monitor 3 for the Stylus Photo R800 printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus Photo RX420 Series | E_FATI9CE.EXE | Epson Status Monitor 3 for the Stylus Photo RX420 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus Photo RX430 Series | E_FATI9CP.EXE | Epson Status Monitor 3 for the Stylus Photo RX430 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus Photo RX500 | E_S4I2K1.EXE | Epson Status Monitor 3 for the Stylus Photo RX500 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus Photo RX530 Series | E_FATIAGP.EXE | Epson Status Monitor 3 for the Stylus Photo RX530 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus Photo RX600 | E_S4I2M1.EXE | Epson Status Monitor 3 for the Stylus Photo RX600 printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus Photo RX640 Series | E_FATIAME.EXE | Epson Status Monitor 3 for the Stylus Photo RX640 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus Photo RX680 Series | E_FATICJA.EXE | Epson Status Monitor 3 for the Stylus Photo RX680 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus Photo RX700 Series | E_FATI9IA.EXE | Epson Status Monitor 3 for the Stylus Photo RX700 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus Pro 4000 | E_S10IC2.EXE | Epson Status Monitor 3 for the Stylus Pro 4000 printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus Pro 7600 | E_S10IC2.EXE | Epson Status Monitor 3 for the Stylus Pro 7600 printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus SX200 Series | E_FATIEFE.EXE | Epson Status Monitor 3 for the Stylus SX200 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON SX100 Series | E_FATIEDE.EXE | Epson Status Monitor 3 for the SX100 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON TX100 Series | E_FATIEDP.EXE | Epson Status Monitor 3 for the TX100 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON WorkForce 30 Series | E_FATIEEA.EXE | Epson Status Monitor 3 for the WorkForce 30 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON WorkForce 500 Series | E_FATIEQA.EXE | Epson Status Monitor 3 for the WorkForce 500 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON WorkForce 600 Series | E_FATIEKA.EXE | Epson Status Monitor 3 for the WorkForce 600 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EpsonPhotoStarter | EPSON_PhotoStarter.exe | Only needed if you want to make full use of the capabilities of an Epson printer that included this | No |
| X | Eptr | nopdb.exe | Added by an unidentified WORM or TROJAN! | No |
| X | EQAdvice | EQAdvice.exe | NewAds1 adware | No |
| X | EQArticle | EQArticle.exe | EQArticle adware | No |
| ? | Equipmen | Equipmen.exe | ?? | No |
| U | Eraser | eraser.exe | Eraser - "an advanced security tool for Windows which allows you to completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns". This entry starts the Scheduler with Windows and provides a System Tray icon for on-demand access. Located in %ProgramFiles%\Eraser | Yes |
| U | eraser | eraser.exe | Part of Evidence Exterminator, 1st Evidence Remover and Evidence Destructor (and maybe others) - the same file for the same version being used by all programs. Security tools that ensure your security and privacy by destroying all hidden activity information on demand, according to a schedule or on each boot/shutdown. This entry provides System Tray access to the main program for on demand cleaning and is required if any automatic cleaning has been scheduled. Located in %ProgramFiles%\Evidence Exterminator, %ProgramFiles%\1st Evidence Remover, %ProgramFiles%\Evidence Destructor or maybe others | Yes |
| U | eraser.exe | eraser.exe | Part of Evidence Exterminator, 1st Evidence Remover and Evidence Destructor (and maybe others) - the same file for the same version being used by all programs. Security tools that ensure your security and privacy by destroying all hidden activity information on demand, according to a schedule or on each boot/shutdown. This entry provides System Tray access to the main program for on demand cleaning and is required if any automatic cleaning has been scheduled. Located in %ProgramFiles%\Evidence Exterminator, %ProgramFiles%\1st Evidence Remover, %ProgramFiles%\Evidence Destructor or maybe others | Yes |
| Y | eRecoveryService | check.exe | Now part of Acer Empowering Technology. "Acer eRecovery Management is a powerful utility that does away with the need for recovery disks provided by the manufacturer, and also acts as a versatile standalone backup and recovery manager". Whilst the exact purpose of this entry isn't known it runs and closes so leave it enabled in case it's required | Yes |
| U | eRecoveryService | Monitor.exe | Part of Acer Empowering Technology. "Acer eRecovery Management is a powerful utility that does away with the need for recovery disks provided by the manufacturer, and also acts as a versatile standalone backup and recovery manager" | No |
| U | eRecoveryService | eRAgent.exe | Part of Acer Empowering Technology. "Acer eRecovery Management is a powerful utility that does away with the need for recovery disks provided by the manufacturer, and also acts as a versatile standalone backup and recovery manager" | No |
| N | Ereg | reg32.exe | EReg is a software registration tool incorporated on products such as those by Broderbund, Connectix, Hewlett-Packard, The Learning Company, and Sierra. Needless to say you don't need it | No |
| X | erfgddfk | wind2ll2.exe | Added by the BEAGLE.CQ WORM! | No |
| X | erghgjhgdr | windlhhl.exe | Added by the BEAGLE.BG WORM! | No |
| X | erghgjhjgdr | windlhhl.exe | Added by the BEAGLE.BG or BEAGLE.BH or BEAGLE.BI or BEAGLE.BJ WORMS! | No |
| ? | erm | erm.exe | ?? | No |
| X | Eroca | Eroca.exe | Insider.i adware | No |
| X | eros.exe | eros.exe | Adult content dailler | No |
| X | ErrClean | SysRep.exe | ErrClean rogue system error and cleaning utility - not recommended. There are number of variants in this family sharing the same filename and user interface - see here | No |
| X | ErreurChasseur | SysRep.exe | ErreurChasseur, French rogue system error and cleaning utility - not recommended. A member of the ErrClean family | No |
| N | Error Nuker | ErrorNuker.exe | ErrorNuker registry cleaner - only required if you want the application to run a scan at startup. The program can be launched manually if required | No |
| X | Error Safe | ers.exe | ErrorSafe rogue system error and cleaning utility - not recommended | No |
| X | Error Safe Free | uers.exe | ErrorSafe rogue system error and cleaning utility - not recommended | No |
| X | ErrorFix | ErrorFix.exe | ErorrFix rogue system error and cleaning utility - not recommended, see here for a blog where a support person admits they lie in order to secure a sale | No |
| X | ErrorGuard | ErrorGuard.exe | ErrorGuard rogue spyware remover - not recommended, removal instructions here | No |
| X | errorhandler | errorhandler.exe | ErrorHandler adware | No |
| X | ErrorRepairTool | ErrorRepairTool.exe | ErrorRepairTool rogue system error and cleaning utility - not recommended | No |
| X | ErrorSafe | ers.exe | ErrorSafe rogue system error and cleaning utility - not recommended | No |
| X | ErrorSafeFree | UERS.exe | ErrorSafe rogue system error and cleaning utility - not recommended | No |
| X | ERS | ers_startupmon.exe | Part of the WinAntiVirus Pro 2006 rogue security software - not recommended | No |
| X | ERScw | ERScw.exe | Part of the ErrorSafe rogue system error and cleaning utility - not recommended | No |
| X | ERS_check | ers_startupmon.exe | Part of the WinAntiVirus Pro 2006 rogue security software - not recommended | No |
| X | ERS_Check | uwasers.exe | Part of the WinAntiSpyware 2006 and WinAntiSpyware 2007 rogue spyware removers - not recommended | No |
| X | erthegdr | windll2.exe | Added by the BEAGLE.CG WORM! | No |
| X | erthgdr | windll.exe | Added by the BEAGLE.AO or BEAGLE.AQ WORMS! | No |
| X | erthgdr | svc.exe | Added by the BEAGLE.BN or BEAGLE.BP WORM! | No |
| X | erthgdr2 | svc23.exe | Added by the BAGLE.CG WORM! | No |
| ? | ERTS0749 | ERTS0749.exe | IBM Warranty Notification - presumably it's a reminder to either register or that warranty is about to expire? | No |
| X | ertyuop | rttrwq.exe | Added by the AUTORUN-APA WORM! | No |
| U | ERUNT AutoBackup | AUTOBACK.EXE | ERUNT backup utility - when added to the user's startup folder automatically backs up the registry each time the system boots, resulting in numerous backups that can be restored | No |
| X | erwghjjrjt | ucbcg.exe | Added by the SMALL.CUL TROJAN! | No |
| U | ES Current Services | [FILE NAME].exe | 123Keylogger surveillance software. Uninstall this software unless you put it there yourself | No |
| Y | eSafe Protect | ESPWatch.exe | eSafe from Aladdin - internet security for gateway and E-mail servers | No |
| U | ESB | esb.exe | Easy Start Button - provides functionality on certain laptops that have additional keys. Not required unless you use the extra keys | No |
| Y | eScan Monitor | AVKWCTL9X.EXE | MicroWorld eScan antivirus | No |
| U | eScan Scheduler | avkserv.exe | MicroWorld eScan antivirus scheduler | No |
| U | eScan Updater | Trayicos.exe | MicroWorld eScan antivirus updater - allows users to automatically download updates and set the auto time interval for downloads | No |
| X | EScorcher | escorcher.exe | Part of eScorcher anti-virus software - responsible for performing virus checks and deletions. Used to collect information about the user and therefore treated as spyware - now the web-site is dead | No |
| N | ESFTP | esftp.exe | ESftp - FTP client for transfering files between a local PC and another remote computer | No |
| U | eSnips | ClientGW.exe | eSnips Client Gateway from eSnips | No |
| X | Esoh | Esoh123.exe | Added by the AGOBOT.FF WORM! | No |
| X | Especial | Deneca.bat | Added by the DELUZ VIRUS! | No |
| X | Esph | ortu.exe | PurityScan adware | No |
| N | ESPN BottomLine | bline.exe | ESPN BottomLine. "You can dock the BottomLine to the top or bottom of your screen or drag it around on your desktop, without even worrying about a browser. As long you keep the BottomLine running, you will continue to receive live scores and breaking news, and by clicking on any score or news item, you will be taken directly to the corresponding page on ESPN.com for a full break down." | No |
| ? | ESS Daemon | Essd.exe | Related to an ESS based soundacard. Is it required? | No |
| ? | essapm | essapm.exe | ESS Solo soundcard driver. Is it required? | No |
| Y | Essdc | essdc.exe | Related to an ESS Solo soundcard. Seems as though it's required | No |
| ? | ESSNDSYS | ESSNDSYS.EXE | Related to an ESS based soundacard. Is it required? | No |
| Y | ESSOLO | ESSOLO.exe | Sound card driver that re-instates itself every time it's removed | No |
| Y | esspk | esspk.exe | ESS Technology modem speaker driver file. Required to get on-line with this modem | No |
| U | EssSpkPhone | essspk.exe | ESS Technologies Call waiting, which gets installed by the drivers for V92 modems based on ESS Technologies chipsets | No |
| ? | eSupInit | eSupCmd.exe | Related to SupportSoft (aka Support.com) "Real-Time Service Management software". What does it do and is it required? | No |
| X | Esutityde | osutityde.exe | Added by the SDBOT.BQD WORM! | No |
| X | ETB Tester | etbtest.exe | Added by the RBOT-ABR WORM! | No |
| X | etbrun | elit***32.exe [* = random char] | EliteBar adware | No |
| U | eTCertManger | eTCrtMng.exe | eToken Certificate Manager from Aladdin Knowledge Systems, Inc. A USB-based authentication, providing strong user authentication and password management solutions | No |
| X | eth0 driver | exec.exe | Added by the SPYBOT-Z WORM! | No |
| N | Ethernet | tcaudiag.exe | 3Com NIC Installation/Diagnostic MFC application. Diagnostics may be run from the Start -> Programs | No |
| X | ethernet | airftp.exe | Added by a variant of the SDBOT WORM! | No |
| X | ethernet | msnger.exe | Added by a variant of the SDBOT WORM! | No |
| X | ethernet | msftp.exe | Added by the SDBOT.BXJ WORM! | No |
| X | ethernet adapter | csrmss.exe | Added by a variant of the RBOT WORM! | No |
| X | Ethernet Driver | cmsrrs.exe | Added by a variant of the RBOT WORM! | No |
| X | Ethernet Drivers | smrrs.exe | Added by the RBOT-AAK WORM! | No |
| X | Ethernet Drivers | ethernet.exe | Added by the GAOBOT.CEZ WORM! | No |
| X | Ethernet Linking | ethernet.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | Etraffic | JavaRun.exe | TopMoxie adware | No |
| Y | eTrust EZ Firewall | efpeadm.exe | eTrust EZ Firewall | No |
| U | eTrust PestPatrol Active Protection | PPActiveDetection.exe | PestPatrol real-time protection feature. "Stops spyware before it infects your system" | No |
| X | eTrust Realtime Monitor | realmon.exe | Added by the LAZAR.B TROJAN! | No |
| Y | eTrustCIPE | ezdsmain.exe | eTrust EZ Deskshield from Computer Associates. Protects against malicious email attachments and unauthorized use of email by detecting and blocking unusual behavior | No |
| X | eTunnel | winfw.exe | Added by an unidentified TROJAN! | No |
| U | Eudora | Eudora.exe | Eudora from Qualcomm allows you to receive and send Internet e-mails | No |
| X | EUP Service | eupsvc.exe | Added by the DELBOT-Q WORM! | No |
| U | EuroGlot | EuroGlot.exe | Euroglot - "multilanguage translating system, available in the languages Dutch, English, French, German, Spanish and Italian" | No |
| ? | Event Log | eventlog.exe | ?? | No |
| N | Event Planner Reminders | PLNRNote.exe | Part of Sierra/Hallmark Card Studio - System Tray notification of events such as birthdays and anniversaries that you've scheduled with the customizable Event Planner | No |
| N | Event Planner Reminders Tray Icon | PLNRnote.exe | Part of Sierra/Hallmark Card Studio - System Tray notification of events such as birthdays and anniversaries that you've scheduled with the customizable Event Planner | No |
| N | Event Reminder | pmremind.exe | Event reminder for calendar dates, etc from Broderbund PrintMaster. Disable using the program's own option (if available) or a startup manager as it will re-instate if disabled via MSConfig | No |
| X | EventApplicationCmd | smschk.exe | Added by the IRCBOT-AO TROJAN! | No |
| U | EVENTLISTENER | EvLstnr.exe | Used with a Nikon digital camera to recognize when the camera is plugged in | No |
| N | eventmgr | eventmgr.exe | Used with a Microtek scanner. Manages the scanner's button events. Available via Start -> Programs | No |
| X | eventwvr | eventwvr.exe | Added by the COSIAM_G TROJAN! | No |
| ? | EverioService | EverioService.exe | Related to the Cyberlink software supplied with JVC's Everio camcorders. What does it do and is it required? | No |
| U | EVGAPrecision | EVGAPrecision.exe | EVGA Precision overclocking utility - "allows you to fine tune your EVGA graphics card for the maximum performance possible, with Core/Shader/Memory clock tuning, real time monitoring support including in-game, Logitech Keyboard LCD Display support, and compatibility with almost all EVGA graphics cards." Also works with many other brands of NVIDIA GeForce based graphics cards | Yes |
| U | Evidence Cleaner | ecleaner.exe | Evidence Cleaner cleans up tracks left by your PC and Internet activities | No |
| N | Evidence Eliminator | ee.exe | Evidence Eliminator - cover the tracks of your browsing habits and E-mails if you think you need to. Run manually on a regular basis | No |
| X | Evil | Evil.exe | Added by the MYTOB.JM WORM! | No |
| N | evntsvc | evntsc.exe | Application Scheduler installed along with RealOne Player. Once installed, it runs independently of RealOne Player. See here for more information, including how to disable it. Also see evntsvc and Realsched. Note that eventsvc.exe no longer appears to be in a newer version. To disable "tkbell.exe" in the new version (1) Start RealOne Player (2) Tools -> Preferences (3) Automatic services in the Categories pane (4) Uncheck all options and then OK | No |
| U | EVOLOSTA | EVOLOSTA.EXE | Evolo Status Monitor for wireless network cards. Allows a user to enter a specific access-point mode SSID, peer-to-peer mode channel, link speed, WEP encryption options, and has enable/disable and rescan buttons. It is not needed if using Windows XP or higher, as they have this built-in to the control panel. Also, if the user is very sure that there is ONLY ONE network available to connect to, then they can remove this. If it is not in startup, and the user needs to run it, they can simply type EVOLOSTA in the Start -> Run dialog to run it | No |
| U | Evoluent Mouse Manager | EvoMouExec.exe | Mouse manager for Evoluent VertcialMouse | No |
| X | EvtHtm | evthtm.exe | Added by the DLUCA-EJ TROJAN! | No |
| U | EW Message Server | msg32.exe | Conexant (older versions are Brooktree) Wavestream Message Server - associated with Conexant based audio devices | No |
| N | eWare Startup | iWareStart.exe | eWare iWare task bar. Not required | No |
| Y | ewido | ewido.exe | System Tray access to and notifications for Ewido Anti-Spyware 4.0. Ewido is now part of AVG Technologies so this has been superseded by AVG Anti-Virus which includes Anti-Spyware | Yes |
| Y | ewido anti-spyware | ewido.exe | System Tray access to and notifications for Ewido Anti-Spyware 4.0. Ewido is now part of AVG Technologies so this has been superseded by AVG Anti-Virus which includes Anti-Spyware | Yes |
| X | Ewth | tasn.exe | PurityScan adware | No |
| X | ewupdater | ewupdater.exe | EasyWebSearch adware updater | No |
| X | example | [random filename].exe | Added by the NUCLEAR BACKDOOR! Note - this trojan file is located in %Windir%\NR | No |
| N | Excite Platform | Exlaunch.exe | Loads an Icon in the startup tray that allows you to receive service update notices for Excite@Home if you desire (note that since Excite@Home appears to be winding down this becomes irrelevant). May also allow you to kill the Excite Toolbar that automatically loads in Internet Explorer | No |
| ? | Excite Private Messenger Pipe | x8impipe.exe | ?? | No |
| N | ExciteAssistantEXE | ASSISTANT.EXE | With Excite Assistant, you can access a wide variety of online information, including email, news, and stock quotes without having to have a browser window open | No |
| X | exdl.exe | exdl.exe | BargainBuddy adware | No |
| X | exe lptt01 | exe.exe | RapidBlaster variant (in a "Exe" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here | No |
| X | exe ml097e | exe.exe | RapidBlaster variant (in a "Exe" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here | No |
| X | execfg4 | execfg4.exe | Added by the ELECTRON WORM! | No |
| X | ExecUser | ExecUser.exe | Added by a variant of the RBOT WORM! | No |
| ? | Execute | delfolders.exe | ?? | No |
| X | ExeName32 | Warm.scr | Added by the SCOLD WORM! | No |
| X | ExFilter | Rundll32.exe [path] cdnspie.dll, ExecFilter | CNNIC Update pest | No |
| ? | exgiwsl | exgiwsl.exe | ?? | No |
| U | Exif Launcher | Exiflaquickdcr.exe | USB mass storage driver used by some digital cameras such as the Fuji Finepix. Only required if you use it regularly | No |
| U | Exif Launcher | QuickDCF.exe | USB mass storage driver used by some digital cameras such as the Fuji Finepix. Only required if you use it regularly | No |
| U | ExitKiller | Ekiller.exe | Exit Killer - automatically closes pop-up windows in your browser | No |
| ? | exmon | hpimoniter.exe | Some kind of hp digital camera maybe or a photo smart connection probe? | No |
| X | Exn | exn.exe | Added by the IRCBOT.RJ WORM! | No |
| X | exo.exe | exo.exe | Added by the AGOBOT.ALD WORM! | No |
| X | exp1orer.exe | exp1orer.exe | Added by the DLOAD-FG TROJAN! Notice the digit "1" used in both the startup entry and filename, rather than a lower case "L" | No |
| X | Expatch | [random filename] | Added by the PWSLMIR-G TROJAN! | No |
| X | expcrt | [random filename] | Added by a variant of the SLAPER TROJAN! | No |
| X | ExpertAntivirus | ExpertAntivirus.exe | ExpertAntivirus rogue security software - not recommended, removal instructions here | No |
| X | EXPL0RE.EXE | EXPL0RE.EXE | Added by the POPNO-A TROJAN! Note that the filename is spelled using the digit "0" instead of the uppercase letter "o" | No |
| X | Expl0rer soft | expl0rer.pif | Added by the RBOT-AQR WORM! | No |
| X | expler | Updadv.exe | Added by the QQPASS-N TROJAN! | No |
| X | Explkw | expup.exe | Keywords hijacker | No |
| X | explord.exe | explord.exe | Added by the DLOADR-AYW TROJAN! | No |
| X | explore | explore.exe | Added by any number of VIRUSES, WORMS or TROJANS! | No |
| X | Explore | Explorer.exe | Added by the IRC.FLOOD.G BACKDOOR! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System% | No |
| X | Explore | explore.exe | Adult content dialler | No |
| X | explore manager | explore.exe | Added by the DONBOMB.A TROJAN! | No |
| X | explore.exe | Explore.exe | Added by the GRAYBIRD.G TROJAN! | No |
| X | exploreff.exe | exploreff.exe | Added by the FINFANSE TROJAN! | No |
| X | explorep.exe | explorep.exe | Added by the LINEAG-I TROJAN! | No |
| U | explorer | explorer.exe | Starts Windows Explorer. Unless this has been manually added to startups or added by another program it could be a virus such as PE_BISTRO or DVLDR or MYDOOM.C. Note that it is also not the explorer.exe task/service you'll see when via CTRL+ALT+DEL | No |
| X | explorer | wscript.exe [filename] | Sneaky way to start any VBS script. Many viruses use VBS files. Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted | No |
| X | Explorer | shellexpl.exe | Added by the SHELDOR TROJAN! | No |
| X | explorer | expl32.exe | Added by the RATSOU TROJAN! | No |
| X | Explorer | [path to worm] | Added by the AUTEX WORM! | No |
| X | Explorer | shellexp.exe | Added by the AGENT-ZY TROJAN! | No |
| X | EXPLORER | EXPL0RER.EXE | Added by the BEASTDO-Y TROJAN! Note the "0" in the filename rather than upper case "o" | No |
| X | EXPLORER | sys.exe | Added by the SILLYFDC-A TROJAN! | No |
| X | Explorer | config_.com | Added by the FLOPPY-D WORM! | No |
| X | Explorer | drv.exe | Added by the SMALL-FD TROJAN! | No |
| X | explorer | [path to trojan] | Added by the AGENT-EU TROJAN! | No |
| X | explorer | explorer.exe | Added by the KEYLOG-AK TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%\service | No |
| X | EXPLORER | EXPLORER.exe | Added by the NETHIEF-P TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%\ShellExt | No |
| X | explorer | explorer.exe | Added by the BLOCKEY-A TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%\config | No |
| X | explorer | Yinstall.exe | PurityScan/Clickspring adware | No |
| X | Explorer | Windows Explorer.exe | Added by the SILLYFDC-I WORM! | No |
| X | Explorer | explorar.vbs | Added by the DESKTO-A WORM! | No |
| X | Explorer | TXP1atform.exe | Added by the FUJACKS.CA VIRUS! | No |
| X | explorer | system.exe | Added by the AGENT-FI TROJAN! | No |
| X | Explorer | msrstart.exe | Added by the SOPICLICK TROJAN! | No |
| X | Explorer 2238 | [path to trojan] | Added by the AGENT-CPI TROJAN! | No |
| X | Explorer Loader | explr32.exe | Added by the AGOBOT.N WORM! | No |
| X | Explorer Loader | explorerl.exe | Added by the SDBOT-ADI WORM! | No |
| X | Explorer lptt01 | explorer.exe | RapidBlaster variant (in a "explorer" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here.Note - this is not the legitimate Windows Explorer (explorer.exe) which would not normally appear in Msconfig/Startup unless you added it manually! | No |
| X | EXPLORER MICROSOFT SYSTEM | explore.exe | Added by a variant of the RBOT WORM! | No |
| X | Explorer ml097e | explorer.exe | RapidBlaster variant (in a "explorer" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here.Note - this is not the legitimate Windows Explorer (explorer.exe) which would not normally appear in Msconfig/Startup unless you added it manually! | No |
| X | Explorer soft | explorer.pif | Added by the RBOT-APK WORM! | No |
| X | Explorer soft | explorer.com | Added by the RBOT-ARM WORM! | No |
| X | Explorer Updater | IEXPLORE.exe | Added by the SDBOT-WO WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System% | No |
| X | explorer.exe | explorer.exe | Added by the AGENT-EW or PWS-CY TROJANS! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System% | No |
| X | explorer.exe | explorer.exe | Added by the DELF-ACL TROJAN! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in the Program Files folder | No |
| X | Explorer.exe | csrss.exe | Added by the JUEGO-B WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %AppData%\Microsoft | No |
| X | Explorer32 | Expl32.exe | Added by the HACKTACK.B TROJAN! | No |
| X | Explorer32 | explorer6s4.exe | Added by the Downloader.Win32.Small.biq TROJAN! | No |
| X | Explorer32 | efsdfgxg.exe | Added by the CLICKER-Y TROJAN! | No |
| X | Explorer5 | config_.com | Added by the VB.CBG WORM! | No |
| X | Explorer6.1.EXE | Explorer.exe | Added by the MYDOOM.B WORM! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! | No |
| X | explorerf.exe | explorerf.exe | Added by the AGENT-GDZ TROJAN! | No |
| X | ExplorerRun | conime.exe | Added by the DLDR-G TROJAN! Note - this is not the legitimate Console IME process of the same filename which is located in %System%. This one is located in %Temp% | No |
| X | ExploreUpdSched | [random filename] | ZenoSearch adware | No |
| X | exporet | winset.exe | Added by the QQPASS-I TROJAN! | No |
| U | Express ClickYes | ClickYes.exe | "Express ClickYes is a handy tool that runs in the system tray automatically clicks the Yes button for the Outlook Security security prompt, that asks you to confirm mail sending from third party applications" | No |
| U | Exshow95 | EXSHOW95.exe | Support software for some of the Kensington mice. Provides access to extra features like those available with enhanced Logitech and MS devices | No |
| N | Extender Resource Monitor | RMSysTry.exe | Related to Windows Media Center from Microsoft | No |
| X | External Dependencies | External.exe | Added by the MYTOB.EC WORM! | No |
| U | ExtraDNS | ExtraDNS.exe | ExtraDNS - DNS configuration tool | No |
| N | ExtraFilmHemmaAgent | Agent.exe | ExtraFilm Photo Assistant | No |
| ? | Extranet AutoDial | AutoExt.exe | Nortel Networks Contivity Extranet Switching Software | No |
| ? | ExxtremeHelperDemon | exxdemon.exe | Creative Exxtreme graphics card related? | No |
| N | Eye Tide Launcher | oneeyetideone.exe | Nascar wallpaper | No |
| X | EYORE | Notepad.scr | Added by the GIMLET-A WORM! | No |
| Y | EZ Firewall | ca.exe | eTrust EZ Armor Internet Security | No |
| U | EZ-DUB Finder | EZ-DUB.exe | Support software for the Lite-On EZ-DUB external DVD writer from Lite-On IT Corporation | No |
| N | ezagent | ezagent.exe | EzVCR recording software for the ASUS TV FM card. Available via Start -> Programs | No |
| N | EzButton | EzButton.EXE | EZbutton is a quick launcher for the Media player app that comes with certain laptops | No |
| N | EZDesk | EZDESK.EXE | Utility that remembers icon locations for each user and resolution. Available here | No |
| U | EZEJMNAP | EzEjMnAp.Exe | EasyEject Utility for IBM/Lenovo Thinkpad notebooks. Quote: "The IBM ThinkPad EasyEject Utility makes removing multiple devices from your computer faster and easier by enabling you to stop more than one device at once, rather than stopping each device individually." Configuration and performing of EasyEject actions is available via Fn+F9 key combination on some models | Yes |
| N | EZEJTRAY | EZEJTRAY.EXE | System Tray access to the EasyEject Utility for IBM/Lenovo Thinkpad notebooks. Quote: "The IBM ThinkPad EasyEject Utility makes removing multiple devices from your computer faster and easier by enabling you to stop more than one device at once, rather than stopping each device individually." Configuration and performing of EasyEject actions is available via Fn+F9 key combination on some models | Yes |
| N | ezHelper | ezHelper.exe | Part of the ezPeer+ ezHelper music sharing program. | No |
| X | eZmmod | mmod.exe | eZula TopText adware | No |
| ? | EZNORUN | EZNORUN.EXE | Easy Internet related? | No |
| N | EzPrint | ezprint.exe | Lexmark Fast Pics - helps users of their printers to enhance, print and manage their photos quickly and easily | No |
| Y | ezPS_Px | ezSP_PxEngine.exe | Engine that allows PrimoDVD from Veritas (was Prassi) and Drag'n Drop CD from Easy Systems (and maybe others) to record and protects against other software overwriting the settings | No |
| Y | ezPS_Px | ezSP_Px.exe | Engine that allows PrimoDVD from Veritas (was Prassi) and Drag'n Drop CD from Easy Systems (and maybe others) to record and protects against other software overwriting the settings | No |
| Y | ezShieldProtector for Px | ezSP_Px.exe | Engine that allows PrimoDVD from Veritas (was Prassi) and Drag'n Drop CD from Easy Systems (and maybe others) to record and protects against other software overwriting the settings | No |
| Y | ezShieldProtector for Px | ezSP_PxEngine.exe | Engine that allows PrimoDVD from Veritas (was Prassi) and Drag'n Drop CD from Easy Systems (and maybe others) to record and protects against other software overwriting the settings | No |
| U | EZSMART App | ezsmart.exe | EZ-S.M.A.R.T. hard drive monitoring software from StorageSoft - appears to be no longer supported | No |
| U | EzTune | dthtml.exe | EzTune from Gateway. Rebranded version of Display Tune from Portrait Displays, Inc. - which "is the perfect software utility to initially set-up and adjust your display to achieve its optimum performance. All adjustments are made through a simple graphical user interface" | No |
| X | ezula | eZmmod.exe | eZula TopText adware | No |
| X | eZulaMain | eZulaMain.exe | eZula TopText adware | No |
| X | eZuluMain | eZuluMain.exe | Comes with "KaZaA" installation. Advertising Spyware. Not required but KaZaA won't work | No |
| X | eZWO | wo.exe | eZula TopText adware | No |
| U | E_S10IC2 | E_S10IC2.EXE | Epson Status Monitor 3 for the Stylus C44 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | E_S23 | E_SICN03.exe | Epson printer status monitor - for checking ink levels, etc. | No |
| U | E_S4I2F1 | E_S4I2F1.EXE | Epson Status Monitor 3 for the Stylus Photo R300 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | E_S4I2G1 | E_S4I2G1.EXE | Epson Status Monitor 3 for the Stylus CX5400 printer - for monitoring printer status, checking ink levels, etc | No |
| U | E_SOEIC1 | E_SOEIC1.exe | Epson Status Monitor 3 - for monitoring printer status, checking ink levels, etc | No |
| U | E_S[numbers] | [path] E_[various].EXE [path] E_S[numbers].tmp | Temporary entry related to Epson Status Monitor 3 for their range of printer and AIO devices - for monitoring printer status, checking ink levels, etc | No |
| X | f | ftkclean.exe | FlashEnhancer adware | No |
| U | F-PROT Antivirus Tray application | FProtTray.exe | System Tray access to F-PROT Antivirus | No |
| X | F-Secure 2005 | svchost.exe | Added by the BIFROSE-CH TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| Y | F-Secure 2006 | fspex.exe | F-Secure Anti-Virus automatic updater | No |
| X | F-Secure Gatekeeper | [malware name].exe | Added by the NUWAR.AXQ WORM! | No |
| U | F-Secure Management Agent | FSMA32.EXE | F-Secure antivirus - F-Secure Policy Manager provides tools for administering F-Secure software products | No |
| Y | F-Secure Manager | FSM32.EXE | F-Secure antivirus - carry out scheduled virus scans automatically | No |
| Y | F-Secure Startup Wizard | FSSW.EXE | F-Secure antivirus | No |
| Y | F-Secure TNB | TNBUtil.exe | F-Secure antivirus | No |
| Y | F-StopW | F-StopW.exe | F-Prot anti-virus background scanner by F-Risk Software | No |
| U | f1Tray.exe | F1TRAY.EXE | System Tray icon for FusionOne's MightyPhone software. "MightyPhone is a concept for wirelessly synchronizing the data on your mobile phone with your web-based or PC based organizer" | No |
| ? | f23mxins | f23mxins | Related to the now discontinued ATI Fire GL3 graphics card. What does it do and is it required? | No |
| X | f2install.exe | f2install.exe | Added by the IEFEAT-I TROJAN! | No |
| U | F5D7050v3 | Belkinwcui.exe | Wireless configuration utility for the Belkin F5D7050 Wireless G USB Adapter | No |
| U | F5D8001 | Belkinwcui.exe | Wireless configuration utility for the Belkin F5D8001 N1 Wireless Desktop Card | No |
| U | F5D8011 | Belkinwcui.exe | Wireless configuration utility for the Belkin F5D8011 N1 Wireless Notebook Card | No |
| U | F5D8055v1 | Belkinwcui.exe | Wireless configuration utility for the Belkin F5D8055 Wireless N+ USB Adapter | No |
| U | F5D8071 | Belkinwcui.exe | Wireless configuration utility for the Belkin F5D8071 N1 Wireless ExpressCard | No |
| U | F5D9010 | Belkinwcui.exe | Wireless configuration utility for the Belkin F5D9010 Wireless G+ MIMO USB Network Adapter | No |
| U | F5D9050 | Belkinwcui.exe | Wireless configuration utility for the Belkin F5D9050 Wireless G+ MIMO USB Network Adapter | No |
| X | f607 | f607.exe | Added by the URAT.B TROJAN! | No |
| X | f73cdc8ee94e | btsendto.exe | Associated with mysearchnow.com/searchbar.html | No |
| X | f94mggfhfghodftdf | [path to trojan] | Added by the SMALL.JHZ TROJAN! | No |
| U | Fabrik Ultimate Backup Status | fabrikhomestat.exe | Status monitor for Fabrik Ultimate Backup from Fabrik Inc. "No matter what happens to the drive on your desk - a spilled drink, a curious toddler, a theft or a natural disaster - you know your files are still safe and secure on Fabrik Ultimate Backup's off-site servers" | No |
| X | FaltCheck | allps.exe | Added by the AGENT.RAP TROJAN! | No |
| U | FamilyKeyLogger | cisvc.exe | Family Keylogger keystroke logger/monitoring program - remove unless you installed it yourself! Located in %ProgramFiles%\FamilyKeyLogger | No |
| X | Fantasia injector | wincfg.exe | Added by the AGOBOT.US WORM! | No |
| ? | fapmon | fapmon.exe | Fair Access Policy monitor for DirecPC/DirecWay internet access | No |
| X | farkrish | farkrish.exe | Added by a variant of the Storm/Nuwar/Zhelatin WORM! See here for an example | No |
| X | farmmext | farmmext.exe | VX2.Transponder parasite updater/installer related | No |
| X | Fash | Fash.exe | Unidentified adware | No |
| X | faslkakj11 | kjgagklj11.exe | Added by the LEGMIE-ARE TROJAN! | No |
| N | fast | fast.exe | Installs as part of Windows XP PowerToys as an option for very-fast user switching (allowing a keystoke to switch users instead of using the login screen). It is only used for the hot-key switch and yet it hogs 1.5 megs of memory in two separate processes (one run by the user & one by the system). Optional install in PowerToys | No |
| X | Fast Antivirus 2009 | FastAV.exe | Fast Antivirus rogue security software - not recommended, removal instructions here | No |
| N | FAST Defrag | FAST2.EXE | FastDefrag defragmenting software | No |
| X | Fast Home | svcnvt.exe | Detected by Kaspersky as the DELF.KS TROJAN! This file may be found in the System folder on 9x machines, however as of this writing it has only been seen in the System32 folder | No |
| X | Fast Search | svcnv.exe | Homepage, Startpage hijacker. Possible variant of Trojan-Downloader.Win32.Delf | No |
| X | Fast start | Ntut.exe | Adware - deteced by Kaspersky as the FAVADD.I TROJAN! | No |
| X | Fast start | svcnt.exe | Adware - detected by Kaspersky as a variant of the FAVADD TROJAN! | No |
| U | FastCache | fc.exe | FastCache from AnalogX - speeds up browsing by resolving DNS requests locally | No |
| X | FastDownloads | rundll32.exe MSA64CHK.dll,DllMostrar | MatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System% | No |
| X | fastsmell | fastsmell.exe | Added by a variant of the Storm/Nuwar/Zhelatin WORM! See here for an example | No |
| X | FastStart | ntnut32.exe | Added by the STARTPAGE.L TROJAN! | No |
| X | FastStart | svcnut.exe | Browser hijacker - a variant of the STARTPAGE.L TROJAN! | No |
| X | FastStart | svcnut32.exe | Browser hijacker - a variant of the STARTPAGE.L TROJAN! | No |
| N | FastTrack Accelerator | SPEED UP.EXE | FastTrack Accelerator - "speedup" utility for programs that use the FastTrack network such as KaZaA Media Desktop, Grokster and Morpheus | No |
| X | FASTTRACKNETVISION | NETVISION.exe | DialCar-Z premium rate dialer | No |
| U | FastTVSync | FastTVSync.exe | Part of InterVideo (now Corel) DVD Copy - "fast DVD copying and file conversion software. In just three steps, you can copy videos to most DVD formats, or convert them for smooth, flawless viewing on your PSP® or iPod®. With broad format support and unique CopyLater™ technology, DVD Copy saves you time and ensures high-quality output like no other copying software" | No |
| N | FastUser | fast.exe | Installs as part of Windows XP PowerToys as an option for very-fast user switching (allowing a keystoke to switch users instead of using the login screen). It is only used for the hot-key switch and yet it hogs 1.5 megs of memory in two separate processes (one run by the user & one by the system). Optional install in PowerToys | No |
| N | FastUsr | fast.exe | Installs as part of Windows XP PowerToys as an option for very-fast user switching (allowing a keystoke to switch users instead of using the login screen). It is only used for the hot-key switch and yet it hogs 1.5 megs of memory in two separate processes (one run by the user & one by the system). Optional install in PowerToys | No |
| X | Fat32 Microsoft | fat32.exe | Added by the RBOT-EL WORM! | No |
| U | FatPipe | DHCP | Software enabling high speed internet browsing (2-4 times faster) and internet connection sharing for up to 5 users | No |
| U | Fatpipe Dialer | fpdialer.exe | Dailler for Fatpipe - software enabling high speed internet browsing (2-4 times faster) and internet connection sharing for up to 5 users | No |
| U | fatrecov | fatrecov.exe | SCKeyLog.j keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| U | FavoriteSync | FavoriteSync.exe | FavoriteSync keeps the same set of Internet Explorer Favorites on several computers in sync | No |
| U | FaxCenterServer | fm3032.exe | FaxMan integrates complete fax send and receive support into Windows applications without requiring additional fax software. Incorporated into software by Lexmark, MCI, Lotus, My Software, Broderbund, Traffic Software and many others | No |
| U | FaxCenterServer4_in_1 | fm3032.exe | FaxMan integrates complete fax send and receive support into Windows applications without requiring additional fax software. Incorporated into software by Lexmark, MCI, Lotus, My Software, Broderbund, Traffic Software and many others | No |
| U | FaxCtrl.exe | ASMediaProxyServer.exe | Part of Avaya's Contact Center Express - "a multi-channel, high-volume software solution from Avaya designed specifically for the intelligent routing and computer telephony integration (CTI) needs of medium-sized contact centers" | No |
| N | FaxTalk CallControl 6.0 | FTClCtrl.EXE | This allows the software to handle incoming and outgoing communications without requiring the FaxTalk Communicator application to be loaded into memory. Can be started manually | No |
| U | FBDirect | FBDirect.exe | Software that monitors the status of a Visioneer OneTouch scanner button and allows you to scan, fax, copy, print, and easily communicate by simply dragging and dropping scans on your PaperPort Desktop! | No |
| ? | FBI | FBISM.exe | Compaq related but what does it do? | No |
| X | FBSearch | FastBrowserSearchProtection.exe | Fast Browser Search/Search Guard Plus parasite - installed with "Make the Web Better" applications such as My Web Tattoo, My Face LOL and Google Easy Money Kit. See here and here for more information | No |
| X | FBSearch | SearchGuardPlus.exe | Fast Browser Search/Search Guard Plus parasite - installed with "Make the Web Better" applications such as My Web Tattoo, My Face LOL and Google Easy Money Kit. See here and here for more information | No |
| X | fc | runfc.exe | Added by the CAMPURF WORM! | No |
| X | FCEngine | FCEngine.exe | CASClient adware | No |
| X | FCHelp | FCHelp.exe | Added by either FCHelp adware or a variant of it | No |
| X | FCMan | FCMan.exe | FCHelp adware | No |
| X | Fdaemon security | fsecur.exe | Added by the SDBOT.KXO WORM! | No |
| X | FDD SYSTEM | Fdd.exe | Added by the MYTOB-FO WORM! | No |
| X | fddddHOME | dxxatp.exe | Added by the RANKY.AA TROJAN! | No |
| X | Fdr Command Module | sp2.exe | Added by the SDBOT.WP WORM! | No |
| X | FDriver | windrv.exe | Added by the DELF.WG TROJAN! | No |
| U | FD_SAP | FD.exe | Reported to be the autopassword program from the Sony Microvault thumb drive | No |
| X | FeCPY | fecpy.exe | FlashEnhancer adware | No |
| U | feedreader.exe | feedreader.exe | "Feedreader is a freeware Windows application that reads and displays Internet newsfeeds aka ATOM and RSS feeds based on XML" | No |
| X | feelalright | mirc.exe | Added by the IRCFLOOD-M WORM! | No |
| U | FEELitDeviceManager | feelitdm.exe | Associated with Immersion TouchSense devices (Logitech Wingman Force Feedback Mouse and possibly other peripherals) | No |
| X | fegoze | SVCH0ST.EXE | Added by the GRAYBIRD.D VIRUS! Note - the filename has the digit 0 rather then the uppercase "o" | No |
| U | Fellowes Proxy | R3proxy.exe | Installed with Fellowes EasyPoint mouse software. Not necessary for normal functioning of Fellowes mice but it is necessary to use the extended features of all Fellowes mice | No |
| X | Fen Startups | fensvc32.exe | Added by the RANDEX.CCF WORM! | No |
| X | Fenio Startups | fnesvc32.exe | Added by the AGOBOT-OS BACKDOOR! | No |
| U | FerrariWallPaper | FerrariWP.exe | Calendar that replaces the default desktop background image. It comes with every Acer Ferrari 3000 laptop. Also downloadable for members of www.ferrari.com | No |
| X | FestPlattenCleaner | SysRep.exe | FestPlattenCleaner, German rogue system error and cleaning utility - not recommended. A member of the ErrClean family | No |
| X | FestplattenReiniger | GDC.exe | FestplattenReiniger, German rogue privacy tool - not recommended. A member of the PCPrivacyTool family | No |
| X | ff | [path to worm] | Added by the RBOT-XL WORM! | No |
| X | ff | svhost32.exe | Added by the LINEAG-AFF TROJAN! | No |
| X | ffeqfqs | dqddss.exe | Added by the SDBOT-SG WORM! | No |
| X | ffeqOME | vcvsav.exe | Added by the RANKY.AB TROJAN! | No |
| X | ffis | ffisearch.exe | iSearch adware | No |
| Y | ffprsrv | ffprsrv.exe | File and Folder Privacy - is a "system security utility you can use to password-protect or hide your files and folders with a click of mouse. The program will always prompt to enter your access password when protection is enabled and a user is trying to access a protected file or folder". If this entry is disabled, any files/folders that are protected/hidden will no longer be accessible without first accessing the main program | Yes |
| Y | ffprsrv.exe | ffprsrv.exe | File and Folder Privacy - is a "system security utility you can use to password-protect or hide your files and folders with a click of mouse. The program will always prompt to enter your access password when protection is enabled and a user is trying to access a protected file or folder". If this entry is disabled, any files/folders that are protected/hidden will no longer be accessible without first accessing the main program | Yes |
| Y | ffpsrv | ffpsrv.exe | File & Folder Protector - "great easy-to-use password-protected security utility lets you password-protect certain files and folders, or to hide them securely from viewing and searching just with a click of mouse". If this entry is disabled, any files/folders that are protected/hidden will no longer be accessible without first accessing the main program | Yes |
| Y | ffpsrv.exe | ffpsrv.exe | File & Folder Protector - "great easy-to-use password-protected security utility lets you password-protect certain files and folders, or to hide them securely from viewing and searching just with a click of mouse". If this entry is disabled, any files/folders that are protected/hidden will no longer be accessible without first accessing the main program | Yes |
| U | FG1_00 | frntgate.exe | FrontGate MX - e-mail spam blocker | No |
| ? | fgl23DoubleScreenHooks | f23happ.exe | Related to the now discontinued ATI Fire GL3 graphics card. What does it do and is it required? | No |
| X | fGQEGqHOME | gwwgtp.exe | Added by the RANKY.J TROJAN! | No |
| X | FHPage | shdochp.exe | Added by the WINHOUND TROJAN! | No |
| X | FHStart | shdocsvc.exe | Added by the WINHOUND TROJAN! | No |
| U | Fhtisxk | fhtisxk.exe | XtraKeys keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| X | Fhzepgyi | HELLRAIDER.EXE | Added by the MINDCTRL.A BACKDOOR! | No |
| U | FieldForms Sync | SyncService.exe | Resco FieldForms. A solution for building of mobile forms that can be viewed or filled in on the run, on a wide range of mobile devices. Supports Microsoft Access databases, and provides for synchronization of other data as well | No |
| X | FiendlyType | csrss.exe | Added by the WEBUS TROJAN! Note - this is not the legitimate csrss.exe process which should not normally figure in Msconfig/Startup! | No |
| X | FILE | abcdefg.exe | Added by the KELVIR.DD WORM! | No |
| ? | file indexing service | msfindfile.exe | New version of MS FindFast and still a resource hog? | No |
| X | file laoder configuration | rnd32.exe | Added by the RBOT.BQJ WORM! | No |
| X | File Mapping Services | hp-1003.exe | Added by the RBOT.FAN WORM! | No |
| X | File Protection Monitor | filemon.exe | Added by a variant of the RBOT WORM! | No |
| X | File System | taskmqrs.exe | Added by a variant of the TOXBOT/CODBOT WORM! | No |
| X | File System | taskmqr.exe | Added by the RBOT.BWQ WORM! | No |
| X | File System Service | wmiprvsc.exe | Added by the AGOBOT-HZ TROJAN! | No |
| X | File-Sharing Wizard | shwizard.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | File0_0 | MD1.exe | Added by the DLOADER-OR TROJAN! | No |
| X | File1 | Dia Claro.htm | Added by the DLOADER-OR TROJAN! | No |
| X | FileFreedom_Plugin | wtm.exe | FileFreedom peer-to-peer sharing program | No |
| N | filehippo.com | UpdateChecker.exe | Checks for new releases available in the popular FileHippo.com repository for any software you may already have installed on your computer. Run manually when required | Yes |
| N | FileHippo.com Update Checker | UpdateChecker.exe | Checks for new releases available in the popular FileHippo.com repository for any software you may already have installed on your computer. Run manually when required | Yes |
| X | FileManager32 | Wscript.exe ChkMgr32.vbs | Added by the NOTUP.A WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted. The "ChkMgr32.vbs" file is located in %System% | No |
| X | filen | filen.exe | Added by the VBNAM-A WORM! | No |
| X | filename | filename.exe | Added by the VB.FSY TROJAN! | No |
| X | filename process | kerneldll.exe | Added by the AGOBOT-PO WORM! | No |
| X | filename process | explore.exe | Added by the AGOBOT-QN WORM! | No |
| X | filename process | Rundil16.exe | Added by the GAOBOT.ZX WORM! | No |
| X | FileSoft | Wscript.exe UpdataFiles.vbs | Added by the SST.B WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted. The "UpdataFiles.vbs" file is located in %Windir% | No |
| U | FilmLoop | FilmLoopService.exe | Related to FilmLoop - a photocasting network. Share your pictures with your family and friends | No |
| U | FilterGate | filtergate.exe | Filtergate internet filtering software - filters sounds, popup ads, background sound and other unnecessary website items | No |
| U | Filterguard | Filtrgrd.exe | An icon located in the lower left of the screen and looks like a lifesaver. This icon is a "short-cut" to access the basic features of SOS-Guardian, SOS-KidProof Lite, SOS Best Defense and SOS Pro such as Internet filtering utility. You can access this menu by "right-clicking" on the icon | No |
| X | FilterProgram | GDC.exe | FilterProgram rogue privacy tool - not recommended. A member of the PCPrivacyTool family | No |
| X | Find | find.exe | Added by the OPANKI WORM! | No |
| N | Find Fast | Findfast.exe | From older versions of MS Office - searches disk drives for Office file types and creates an index to make opening them easier. When indexing is in progress it can use lots of CPU time and memory - especially on slower/older machines | Yes |
| Y | Find Virus Launch Program | fvlaunch.exe | Part of Dr. Solomon's Antivirus | No |
| X | findfast | findfast.exe | Added by the DLOADER.PFR TROJAN! Note - the is not the legitimate file of the same name installed with older versions of MS Office | No |
| X | findfast.exe | findfast.exe | Identified as the RUNDIS.A TROJAN! Note - the is not the legitimate file of the same name installed with older versions of MS Office | No |
| X | FindHack | [path to worm] | Added by the KELVIR-BA WORM! | No |
| U | FinePrint Dispatcher v4 | fpdisp4a.exe | FinePrint Dispatcher - handles the spooling of print jobs to the FinePrint printer. Version 4.x of the software. "FinePrint saves ink, paper, time and money by controlling and enhancing printed output" | No |
| U | FinePrint Dispatcher v4 | fpdisp4.exe | FinePrint Dispatcher - handles the spooling of print jobs to the FinePrint printer. Version 4.x of the software. "FinePrint saves ink, paper, time and money by controlling and enhancing printed output" | No |
| U | FinePrint Dispatcher v5 | fpdisp5a.exe | FinePrint Dispatcher - handles the spooling of print jobs to the FinePrint printer. Version 5.x of the software. "FinePrint saves ink, paper, time and money by controlling and enhancing printed output" | No |
| N | FineReader7NewsReaderPro | AbbyyNewsReader.exe | ABBYY FineReader OCR software - version 7 | No |
| U | FingerPrintSoftware | fpapp.exe | Supports the fingerprint reader on selected IBM/Lenovo Thinkpad notebooks | No |
| X | Fire Wall services | [random filename] | Added by the IRCBOT-QY WORM! | No |
| X | Fire Wall services | wnlmzsfhobi.exe | Added by the IRCBOT-QY WORM! | No |
| ? | FireBox Control Panel | FireBox.exe | Control panel for the Presonus FireBox firewire based music recording system. Is it required? | No |
| X | FireExplore Update | FireExplore.exe | Added by a variant of the RBOT WORM! | No |
| X | FireFox | firefox.exe | Added by the RBOT-ATP WORM! Note - this is not the popular FireFox web browser and is located in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| X | Firefox Plugin Manager | firefoxpgm.exe | Added by the MSNPHOTO.E WORM! | No |
| X | FireFox Service Drivers | ssmss.exe | Added by a variant of the SDBOT WORM! | No |
| X | FireFox Startup Drivers | wuaclt.exe | Added by the RBOT.BYX WORM! | No |
| X | firefox.exe | firefox.exe | Added by the BANKER-EBO TROJAN! Note - this is not the popular FireFox web browser and is located in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| Y | FirePod | FIREPOD.EXE | Driver for the PreSonus FP10 (formerly FirePod) Firewire recording system | No |
| X | FiresWallservices | [random].exe | Added by the RBOT-FJT WORM! | No |
| X | Firevall Administrating | rndll.exe | Added by the PUSHBOT-B WORM! | No |
| X | firewal | firewal.exe | Added by the BANCBAN-QY TROJAN! | No |
| X | Firewall | wmlaunch .exe | Added by the ELIPTER.A or ELIPTER.B WORMS! Note the space at the beginning of the filename | No |
| X | Firewall | wmlaunch .exe | Added by the ELIPTER.D WORM! | No |
| X | Firewall | SP2 UPDATE.exe | Added by the ELITPER.E WORM! | No |
| X | Firewall | Firewall.bat | Added by the YPSAN.G WORM! | No |
| X | firewall | fw_304.exe | Added by the BDOOR-JQ BACKDOOR! | No |
| X | Firewall | ctfmon.exe | Added by a variant of the IRCBOT BACKDOOR! Note - this is not the legitimate ctfmon.exe process associated with alternate text inputs which is always located in %System%. This one is located in %Windir% | No |
| X | firewall | spoolsv.exe | Added by the DIZAN.F VIRUS! | No |
| X | firewall 2008 | logoneui.exe | Added by the SILLYFDC WORM! | No |
| X | Firewall auto setup | winlogon.exe | Added by the AGENT-EDB TROJAN! Note - this is not the legitimate winlogon.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Temp% | No |
| X | Firewall auto setup | [path to trojan] | Added by the AGENT-GLY TROJAN! | No |
| X | Firewall config | ReadMe.exe | Added by the SILLYFDC.BBT WORM! | No |
| X | Firewall Controls | sys32.exe | Added by the SDBOT-DGI WORM! | No |
| X | Firewall Policy | MidiDef32.exe | Added by the PIEBOT-A TROJAN! | No |
| X | Firewall Sp2 system | sys32Conf.exe | Added by the RBOT-ABT WORM! | No |
| X | Firewall Update System1 | WinedowsUpdater1.exe | Added by the RBOT-ARU WORM! | No |
| X | Firewall Updater | msnupdateit.exe | Added by the RBOT-AAQ WORM! | No |
| X | Firewall.exe | Firewall.exe | Added by the AGENT.AGL BACKDOOR! Located in %System% | No |
| Y | FireWall.exe | FireWall.exe | Ashampoo® Firewall PRO and Ashampoo® Firewall FREE from Ashampoo GmbH & Co. KG. Located in an Ashampoo related sub-directory of %ProgramFiles% | Yes |
| X | FirewallActivies | csrss.exe | Added by the BANKER-AQ TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "3041" subfolder | No |
| Y | FirewallGUI | FirewallGUI.exe | System Tray access to PC Tools Firewall Plus from PC Tools - which "is a powerful personal firewall for Windows that protects your computer from intruders and controls the network traffic in and out of your PC" | Yes |
| U | FirewallStartup | Firewallstartup.exe | Innovative Startup Firewall - "designed to protect your computer from programs that install themselves in the StartUp area of your Windows without asking for your approval. Innovative StartUp Firewall will help you keep your computer clean, fast and in it's best shape" | No |
| X | FirewallSvr | FirewallSvr.exe | Added by the NETSKY.X or NETSKY.Y WORMS! | No |
| X | firewall_anti | firewall_anti.exe | Added by the NETDENY-B TROJAN! | No |
| X | FireWire Driver | samx.exe | Added by the SDBOT.AE WORM! | No |
| X | FireWire Service | nvscv32.exe | Added by a variant of the SDBOT WORM! | No |
| X | FireWire Services | nvcsv32.exe | Added by a variant of the SPYBOT WORM! | No |
| X | First Home Page | http://find.naupoint.com | Naupoint browser hijacker | No |
| ? | First Principle Group | fpg.exe | Related to the E-Players Card from First Principle Group | No |
| X | FIX | WinFIX1.0.vbs | Added by the GORMLEZ-A WORM! | No |
| X | Fix Tool | Fix-Tool.exe | Fix Tool rogue system error and cleaning utility - not recommended | No |
| Y | Fix-it | mxtask.exe | Part of Ontrack's Fix-it Utilities Suite. Loads a System Tray icon that lets you access the full program. Needed if you run the crash guard, intellicluster, anti-virus, or autoupdater. Otherwise not required | No |
| Y | Fix-it AV | memcheck.exe | Part of Ontrack's Fix-it Utilities Suite anti-virus. Performs a quick check of memory for signs of any virus. Exits afterward and returns all resources used in one user's experience. Not required but could be left without a drain on resources | No |
| X | Fixnice | vcvw.exe | Added by the SDBOT TROJAN! | No |
| X | fjdslssdfd | mat2.exe | Added by the SLAPEW.C TROJAN! | No |
| U | FjMenu | FjMenu.exe | From the "Fujitsu Menu" tray icon you have instant access to the Control Panel, Tablet pc keyboard, Tablet and pen settings, Fujitsu display controls, brightness control, sounds and audio devices, capture screen, capture window, organize favorites, power options, printers and faxes, LCD brightness MIN, LCD brightness MAX, Enable/disable Button Panel and the Fujitsu menu settings, which are customizable | No |
| U | FJTWAIN Setup | FjtwSetup.exe | Fujitsu scanner utility | No |
| N | FJUPDNV_Chitose | fjdvrupd.exe | Driver update for a Fujitsu Siemens Lifebook laptop | No |
| X | FKS v2.0 | msngr.exe | Added by an unidentified WORM or TROJAN! | No |
| N | fkSysMon | fksysmon.exe | fkWrae SysMon - system monitor - "displays the current memory consumption, CPU and resource usage, date, time, Windows uptime, IP address and a lot more" | No |
| X | FlaCPY | flacpy.exe | FlashEnhancer adware | No |
| X | Flash Driver | [path to trojan] | Added by the AGENT.CWVT TROJAN! | No |
| X | Flash Media | %%%%%.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Flash Media | %%%.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Flash Media | [path to trojan] | Added by the IRCBOT.AUR TROJAN! | No |
| X | Flash Media | ^ ^^^ %% % ^% ^%%^ %^ .exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| X | Flash Media | ^^% ^ %%% %^%%%^%%^%^% % ^^%% % %^^^^ ^%%^%% .exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| X | Flash Media | ^^^^^.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Flash Media | ^^^^^^.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Flash Media | services.exe | Added by a variant of the IRCBOT BACKDOOR! See here. Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Temp% | No |
| X | Flash Media | zrpk��'�'%''msn'�%'fix''.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| X | Flash Media | % ^% ^^^ %^% %% ^ ^ %%% ^% %^ % %^^.exe | Added by a variant of the IRCBOT BACKDOOR! Note the space at the beginning of the filename | No |
| X | Flash Media | ^%%^%%%^% %^ ^ .exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| X | Flash Media | %^^%^^% %^^^^ .exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| X | Flash Media | ^%^^^%% ^ ^ %^^^^^ %^ ^%^^ ^%^^^^^ %^ ^^^%^%%.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| X | Flash Media | %^% ^ %^%% ^ % ^%%^^ %^^%^%^ ^%% %^.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| X | Flash Media | %%%%%%^^ ^ .exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| X | Flash Media | skxs��'�'%''msn'�%'fix''.exe | Added by the AGENT.ZOY TROJAN! | No |
| X | Flash Media | ^ %%^%^%.exe | Added by the FLUSH.A TROJAN! Note the space at the beginning of the filename | No |
| X | Flash Media | %% % ^^ % %% ^%^^ ^^^ % ^%% ^ ^.exe | Added by a variant of the IRCBOT BACKDOOR! See here. Note the space at the beginning of the filename | No |
| X | Flash Media | ^ ^ % ^ % % ^ ^ ^%% ^% %%^^.exe | Added by the IRCBOT.BAW BACKDOOR! | No |
| X | Flash Player2 | [path to worm] | Added by the IRCBOT.PD WORM! | No |
| ? | FLASH32 | -flash32.exe | ?? | No |
| X | Flash32 | FLASH32.COM | Added by the STARTER-F TROJAN! | No |
| U | FlashEnc | FlashEnc.exe | Supplied with EasyDisk USB pen devices. The utility manages the encryption and compressed folders options. It will create these folders if running on the USB key without permission, which is a pain. No need for it if you do not want these features | No |
| N | Flashget | FlashGet.exe | FlashGet download manager | No |
| X | Flashget Download Manager | Flashget.exe | Added by the RBOT-AGZ WORM! | No |
| X | FlashGuard | FlashGuard.exe | Added by the AUTOIT.AL WORM! | No |
| U | FlashMute | FlashMute.exe | "FlashMute is a tool which allows you to mute/unmute Flash Movies loaded in a browser exclusively, or alternatively all sounds produced by the browser" | No |
| N | FlashPath Monitor | SDSTAT.EXE | System Tray icon that you can't get rid of - and does not need to run!. Tells you the battery status in the floppy disk adapter for the smartmedia cards. Available via Start -> Programs | No |
| N | FlashPath Monitor | FLSHSTAT.EXE | System Tray icon that you can't get rid of - and does not need to run!. Tells you the battery status in the floppy disk adapter for the smartmedia cards. Available via Start -> Programs | No |
| N | FlashPath Status | SDSTAT.EXE | System Tray icon that you can't get rid of - and does not need to run!. Tells you the battery status in the floppy disk adapter for the smartmedia cards. Available via Start -> Programs | No |
| N | FlashPath Status | FLSHSTAT.EXE | System Tray icon that you can't get rid of - and does not need to run!. Tells you the battery status in the floppy disk adapter for the smartmedia cards. Available via Start -> Programs | No |
| X | Flashy Bot | Flashy.exe | Added by the GLUPZY.A WORM! | No |
| X | Flash_Player_Install | ying.exe | Constructor VC2000 malware | No |
| X | FlenCPY | flencpy.exe | FlashEnhancer adware | No |
| U | Flexicd | Flexicd.exe | CD player - part of the Win95 Power Toys | No |
| U | FlingRun | fling.exe | Fling - free FTP software from NCH Software | No |
| U | FLMBROWSERMOUSE | mouse32A.exe | Mouse utility for a Trust brand (and possibly others) mouse. If you disable this entry you will not be able to use any of the non-standard functions of the mouse | No |
| U | FLMK08KB | MMKEYBD.EXE | Multimedia keyboard manager. Required if you use the additional keys | No |
| U | FLMK08KB | KbdAp32A.exe | Keyboard utility for a Medion brand (and possibly others) keyboard. If you disable this entry you will not be able to use any of the keyboard hotkeys or other non-standard functions on the keyboard | No |
| U | FLMLABTECMOUSE | mouse32A.exe | Mouse utility for a Labtec brand (and possibly others) mouse. If you disable this entry you will not be able to use any of the non-standard functions of the mouse | No |
| U | FLMMEDIONMOUSE | mouse32a.exe | Mouse utility for a Medion branded Fellowes mouse | No |
| U | FLMOFFICE4DMOUSE | moffice.exe | Mouse utility for a Labtec brand (and possibly others) mouse. If you disable this entry you will not be able to use any of the non-standard functions of the mouse | No |
| U | FLMOFFICE4DMOUSE | mouse32a.exe | Mouse utility for a Micro Innovations brand (and possibly others) mouse. If you disable this entry you will not be able to use any of the non-standard functions of the mouse | No |
| U | FLMTRUSTKB | KbdAp32A.exe | Keyboard utility for a Trust brand keyboard. If you disable this entry you will not be able to use any of the keyboard hotkeys or other non-standard functions on the keyboard | No |
| U | FLMTRUSTMOUSE | mouse32a.exe | Mouse utility for a Trust brand (and possibly others) mouse. If you disable this entry you will not be able to use any of the non-standard functions of the mouse | No |
| X | FlnCPY | flncpy.exe | FlashEnhancer adware | No |
| X | FLooDNeT | FLooDeR.exe | Added by the ENDOOL TROJAN! | No |
| X | Floppy Master | [path to trojan] | Added by the ZONIT-F TROJAN! | No |
| ? | Flow Go TV | flogotv.exe | ?? | No |
| X | flps | flps.vbs | Added by the BYRON WORM! | No |
| X | flpycntl | flpycntl.exe | Added by the CRYPTER.C TROJAN! | No |
| ? | FLSVCI | FLSVCI.exe | ?? | No |
| Y | FltProcess | msinet.exe | Part of Cyber Patrol internet filtering software to restrict access to certain types of material on the internet. It can be disabled but do not ask how it's done | No |
| X | FlyswatDesktop | flydesk.exe | Advertising spyware | No |
| U | FmctrlTray | Fmctrl.EXE | Genius SM-Live Control Panel. Enhances audio output through Genius sound cards (makes a big difference and worth the 3MB Ram used) | No |
| X | fmnwebassist | fmnwebassist.exe | Adware popup generator | No |
| U | FMStart | Fmstart.exe | GFI FAXmaker - native fax connector for Microsoft Exchange Server or for networks, allows all users to send and receive faxes right from their desktop | No |
| X | FMSZ | fmsz.exe | Added by the FMSZ TROJAN! | No |
| X | fnmwebassist | fnmwebassist.exe | WinPL adware | No |
| ? | Focus | Focus.exe | ISDN configuration wizard? | No |
| X | Folder Service | wssdtu.exe | Added by the MANIFEST TROJAN! | No |
| U | Folder View | folderview.exe | Folder View enhances the Windows file Explorer by making all folders you need available in a single click | No |
| U | FolderClone v*.*.* | folderclone.exe | Folderclone backup and synchronization software | No |
| X | FolderRaper | [path to worm] | Added by the VB.GOZ WORM! | No |
| U | FolderShare | FolderShare.exe | "FolderShare allows you to create a private peer-to-peer network that will help you to synchronize files across multiple devices and access or share files with colleagues and friends" | No |
| N | Folding@home | WINFAH.EXE | Folding@Home is a distributed computing project which studies protein folding, misfolding, aggregation, and related diseases - must be running in order to access the internet to upload to the servers. Available via Start -> Programs | No |
| N | FoneSyncSystemTray | FoneSyncSystemTray.exe | System Tray icon for Nokia FoneSync utility for the 7160/7190 mobiles. Useful to send data from/to the cell phone and the computer. You can use it to backup data or even to input data through the computer keyboard (which naturally is much more comfortable). Run manually when required | No |
| X | Font Viewer | fontviewer.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | FontFix | fontfix.exe | Added by an unidentified VIRUS, WORM or TROJAN! | No |
| N | fontnav | FontNav.exe | Font Navigator from Bitstream Inc. - a font management utility | No |
| X | FontsLoader | ldfnt32.hta | Unidentified malware | No |
| X | FONTVIEW | FONTVIEW.EXE | Added by the OPASERV.T WORM! | No |
| U | FooBar 1.0 | FooBar.exe | FooBar - "combines fifteen high-quality productivity tools in a single toolbar that floats on your desktop or runs in the Windows task bar" | No |
| X | foobin lptt01 | adaware.exe | RapidBlaster variant (in a "foo1" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here | No |
| X | foobin ml097e | adaware.exe | RapidBlaster variant (in a "foo1" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here | No |
| X | fool | fool.exe | Added by the SILLYFDC.BCV WORM! | No |
| Y | FoolProof | fpwinldr.exe | FoolProof Security PC security software from SmartStuff | No |
| Y | FoolProofSweep | ?? | Part of FoolProof Security PC security software from SmartStuff | No |
| N | Forbes | ForbesAlerts.exe | Forbes Business News Alerts - displays business news headlines in a little window on the screen | No |
| X | ForceShow | rundll32.exe QaBar.dll, ForceShowBar | AdultLinks.QBar parasite related! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "QaBar.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| N | Forget Me Not | AGRemind.exe | Calendar reminder part of Broderbund's American Greetings® CreataCard® | No |
| U | forteManager | dthtml.exe | forteManager from LG. Rebranded version of Display Tune from Portrait Displays, Inc. - which "is the perfect software utility to initially set-up and adjust your display to achieve its optimum performance. All adjustments are made through a simple graphical user interface" | No |
| Y | FortiClient | FortiClient.exe | Fortinet security systems are the new generation of real time network protection systems | No |
| U | Fortis Secure Layer Config | cseinst.exe | Fortis Bank Home Banking part. Installed during the installation of the software necessary to run the Home Banking. According to Fortis Bank this will not in any way be harmful to the system or relay system information | No |
| X | fotos | fotos.exe | Added by the BANKER-FP TROJAN! | No |
| N | FotoStation Easy AutoLaunch | FotoStation Easy AutoLaunch.exe | Installed with a Nikon digital camera. Used to collect photos uploaded from camera program NkVwMon.exe. If your camera is not connected (via USB port) you do not need this program loaded either | No |
| U | Foul PX | FoulPX.exe | Foul PX, Optusnet usage stat checker | No |
| U | FourthDay | FourthDay.exe | The Fourth Day - "astronomical clock and almanac for your system tray" | No |
| X | FoWilCo | fowilco.exe | Added by the WOOTBOT.CR WORM! | No |
| X | foxdh | foxdhend.exe | Added by the MENGHUAN TROJAN! | No |
| X | foxdh | foxdh.exe | Added by the GWGHOST-Q TROJAN! | No |
| X | foxrxjh | foxrxjh.exe | Added by the GWGHOST-T TROJAN! | No |
| X | foxwudy9912 | service.exe | Added by the BANCOS-BT TROJAN! | No |
| Y | FP Loader | loadfp.exe | FoolProof Security - PC security software from SmartStuff | No |
| N | fpassist | fpassist.exe | Part of FreePDF (was FreePDF XP) - a utility used to create Adobe compatible PDF files from virtually any Windows application. This executable needs to be running when you want to send a printer output to a PDF file via the FreePDF virtual printer | Yes |
| ? | FPWGMWZD | FPWGMWZD.exe | ?? | No |
| N | Fpx | mnmsrvc.exe | Remote Desktop Sharing service part of Microsoft's Netmeeting allowing users to share items on their screens across remote locations | No |
| X | fqor | stub_113_4_0_4_0.exe | TargetSaver adware | No |
| X | FrameWork 2.5 | FrameWork.exe | Added by the RBOT-FMW WORM! Note - can terminate AV related processes | No |
| X | Framework module library | infocard.exe | Added by the BUZUS.AYX TROJAN! | No |
| X | Framework Windows | frmwrk32.exe | Added by the FAKEAV-KS TROJAN! | No |
| X | France | svchost.exe | Added by the MIMAIL.L WORM! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| U | Fraps | fraps.exe | Fraps Real-Time Video Capture software | No |
| N | Free Download Manager | fdm.exe | "Free Download Manager" - see here | No |
| ? | Free Downloads Monitor | fdcmon.exe | ?? | No |
| N | Free DVD Direct | FreeDVDDirect.exe | Free DVD Direct - provides a program to access a peer-to-peer (P2P) file-sharing network (see here) | No |
| U | Free Key Logger | freekeylogger.exe | Free Key Logger keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| U | Free Ram Optimizer | fro.exe | Free Ram Optimizer monitors your memory, and frees up ram if it falls below a certain minimum. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/ME. See this article and make up your own mind | No |
| X | FreeAttention | eqsefeqe.exe | Added by an unidentified WORM or TROJAN! | No |
| N | Freebie Notes | FreebieNotes.exe | Freebie Notes by Power Soft - create electronic notes (stickers) | No |
| N | FreeCall | FreeCall.exe | FreeCall - free internet telephony utility using the VoIP (Voice over Internet Protocol). Call online friends for free and regular phones either for free (limited use) or low rates. One of a number provided by Betamax - the others generally have different rate plans. Similar to the more popular Skype | Yes |
| Y | Freedom | Freedom.exe | Freedom Internet Security & Privacy - anti-virus, personal firewall and parental control. It also blocks ads, safeguards your personal information, encrypts your passwords, and much more. No longer available for sale | No |
| U | FreeMem Pro | FMEMPRO.EXE | FreeMem Pro - memory optimizer. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mind | No |
| U | FreeMemVn2 | FreeMem.exe | FreeMem - memory optimizer. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mind | No |
| X | FreeMP3download | rundll32.exe MSA64CHK.dll,DllMostrar | MatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System% | No |
| N | FreePDF Assistant | fpassist.exe | Part of FreePDF (was FreePDF XP) - a utility used to create Adobe compatible PDF files from virtually any Windows application. This executable needs to be running when you want to send a printer output to a PDF file via the FreePDF virtual printer | No |
| N | FreePDF_Assistant | fpassist.exe | Part of FreePDF (was FreePDF XP) - a utility used to create Adobe compatible PDF files from virtually any Windows application. This executable needs to be running when you want to send a printer output to a PDF file via the FreePDF virtual printer | Yes |
| U | FreeRAM XP | FreeRAM XP Pro *.exe | FreeRAM XP Pro - memory optimizer where * represents the version. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mind | No |
| U | FreeRAM XP | FreeRAM XP Pro.exe | FreeRAM XP Pro - memory optimizer. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mind | No |
| X | freestyle | lockx.exe | Added by the RBOT-ATH WORM! | No |
| U | freesurfer | fs20.exe | EMS Free Surfer mk II - pop-up stopper | No |
| X | freexstyle | lockbar.exe | Added by the LOXBOT.D WORM! | No |
| X | freexstyle | lockbr.exe | Added by the LOXBOT.C WORM! | No |
| X | freinst | pgs.exe | Part of the AVSystemCare rogue security software and other members of this family. See here for more examples | No |
| U | Fresh Desktop | freshdesktop.exe | Fresh Desktop is a utility that lets you manage vast collections of wallpapers for your desktop with ease. When run on bootup it changes the desktop wallpaper at startup or at specified intervals | No |
| N | freshclam | freshclam.exe | Auto update agent of the open source Clamwin virus scanner | No |
| ? | frguk | shdrkmck.exe | ?? | No |
| ? | FridaysInHellInstaller | FridaysInHellInstaller.exe | ?? | No |
| X | FriendlyType | lsass.exe | Added by the WEBUS.B TROJAN! Note - this is not the legitimate lsass.exe process which should not normally figure in Msconfig/Startup! | No |
| X | FriendlyTypeName | services.exe | Added by the NEVEG.B or NEVEG.C WORMS! Note - this is not the legitimate services.exe process, which should not appear in Msconfig/Startup! | No |
| X | FriendlyTypeName | winlogon.exe | Added by the NEVEG.A WORM! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup! | No |
| N | FriendlyWebQuick-Launch | SELFCERT.EXE | selfcert.exe is a stand alone program for creating your own digital certificates for macros - the .exe is installed as an extra basically by clicking on MS Office in add/remove programs and selecting remove - also I would do away with the FriendlyWebQuickLaunchBar as well | No |
| U | FRISK FP-Scheduler | F-Sched.exe | Scheduler for F-Prot anitvirus software. Leave enabled unless you scan manually on a regular basis | No |
| ? | FRITZ!DSL Startcenter | StCenter.exe | FRITZ! ISP software "StartCenter" User interface that allows you to manage, tweak and diagnose many aspects of your internet connection - is it required? | No |
| U | FRITZ!webProtect | FwebProt.exe | Firewall included in FRITZ! ISP DSL software | No |
| N | Fromine WinPopup | winpopup.exe | Instant Messenger program | No |
| X | froody | timoty.exe | Added by an unidentified malware | No |
| X | Frsk | frsk.exe | Unidentified adware downloader trojan | No |
| X | frun | derc32xz.exe | Added by an unidentified TROJAN! | No |
| Y | FRW_EXE | FRW.EXE | ConSeal Signal9 firewall - now McAfee Personal firewall | No |
| Y | frxmxins | frxmxins.exe | ATI 3D Studio MAX/VIZ driver | No |
| X | FS Agent | fagent.exe | Added by the VOLVER-B TROJAN! | No |
| X | FS6519 | FS6519.dll.vbs | Added by the SOLOW.B WORM! | No |
| Y | fsaa | fsaa.exe | F-Secure antivirus Authentication Agent - creates and stores private keys used by a client to access servers | No |
| N | FSCBoss | FSCBoss.exe | Free Store Club shop online software | No |
| ? | FSDPSRV | FSDPSRV.exe | ?? | No |
| X | fsdsft | [path to backdoor] | Added by the RANKY.S BACKDOOR! | No |
| X | FSH | svcnva.exe | Identified by Ewido Security Suite (Ewido is now part of AVG Technologies) as the DELF.KA TROJAN! | No |
| U | fsp | fsp.exe | Folder Shield - hide entire directories and thus prevent access by anyone else to your personal files and documents | No |
| Y | fspr | FolderShield.exe | Folder Shield - hide personal files and folders | No |
| N | FSScrCtl | FSScrCtl.exe | Screen saver control applet used by the "Stardust Screen Saver Toolkit" and "SolidWorks Screen Saver" | No |
| U | fsserv | fserv.exe | Farsighter Server - monitors a remote computer invisibly by streaming video to a viewer on your computer. You will know exactly what is happening on the remote computer as you see it in real-time | No |
| U | fssui | fsui.exe | System Tray access to and notifications from Windows Live Family Safety - optionally installed as part of Windows Live Essentials. "With Family Safety, you decide how your kids experience the Internet. Limit searches, monitor and block or allow websites, and decide who your kids can communicate with in Windows Live Spaces, Messenger, or Hotmail". Note - disabling this entry does not disable Family Safety and prevent it monitoring a users activity or restricting access | Yes |
| U | fssui | fssui.exe | System Tray access to and notifications from Windows Live OneCare Family Safety - part of the Live OneCare range and now superseded by Windows Live Family Safety which is part of Windows Live Essentials. Allows you to decide how your kids experience the Internet by limiting searches, monitoring and blocking/allowing websites and deciding who your kids can communicate with in Messenger or Hotmail. Note - disabling this entry does not disable Family Safety and prevent it monitoring a users activity or restricting access | Yes |
| X | fstsvc | rundll32.exe fstsvc.dll,start | Added by the AKBOT-AA WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "fstsvc.dll" file is found in %System% | No |
| U | fsui | fsui.exe | System Tray access to and notifications from Windows Live Family Safety - optionally installed as part of Windows Live Essentials. "With Family Safety, you decide how your kids experience the Internet. Limit searches, monitor and block or allow websites, and decide who your kids can communicate with in Windows Live Spaces, Messenger, or Hotmail". Note - disabling this entry does not disable Family Safety and prevent it monitoring a users activity or restricting access | Yes |
| X | FSW | FSW.exe | FreeScratchAndWin parasite | No |
| U | FSWebServer | fsws.exe | Easy File Sharing Web Server is a Windows program that allows you to host a secure peer-to-peer and web-based file sharing system without any additional software or services | No |
| X | ftk | ftkclean.exe | FlashEnhancer adware | No |
| X | FtkCPY | ftkcpy.exe | FlashEnhancer adware | No |
| U | FtLnSOP_setup | FtLnSOP.exe | Fujitsu scanner utility | No |
| U | FTMSFLT(USB) | FTMSFLTU.EXE | Fujitsu's Touch Panel Message Notifier | No |
| X | FTP FOR WINDOWS | ftpwin32.exe | Added by a variant of the RBOT WORM! | No |
| X | FTPGraber | FTPGraber.exe | Added by the DLOADER-DT TROJAN! | No |
| N | FTPManager | FTPDM.exe | "Robust FTP is a Windows-based file transfer client application that transfers files between a user's local PC and another, remote computer system connected via a modem and telephone lines or by a local-area network (with upload transfer resume and download transfer resume)". Can be started manually | No |
| U | Ftpqueue | Ftpsched.exe | Part of WS_FTP Pro from Ipswitch. Queueing facility for scheduling FTP transfers | No |
| ? | FtpServer.exe | FtpServer.exe | Part of the Sharpdesk from Sharp Electronics. "A desktop-based, personal document management application that lets users browse, edit, search, compose, process, and forward both scanned and native electronic documents". What does it do and is it required? | No |
| U | ftutil2 | rundll32.exe ftutil2.dll, SetWriteCacheMode | Related to Promise Technology's FastTrak SX4030/4060 PCI ATA Raid 5 controller (and possibly others) | No |
| X | FU | FUvirus.exe | Added by the VB-EJC TROJAN! | No |
| X | FuckD3w4 | FuckD3w4.exe | Added by the BRONTOK-DI WORM! | No |
| X | Fucker | fucker.vbs | Added by the CATCHER-A WORM! | No |
| U | Fujitsu Hotkey Utility | IndicatorUty.exe | Fujitsu Hotkey Utility displays icons on the screen when you use hotkeys on a Fujitsu Siemens Lifebook, eg, when you press the hotkey for muting the sound, a loudspeaker icon with a cross on it is displayed | No |
| U | Fujitsu Menu | FjMnuIco.exe | From the "Fujitsu Menu" tray icon you have instant access to the Control Panel, Tablet pc keyboard, Tablet and pen settings, Fujitsu display controls, brightness control, sounds and audio devices, capture screen, capture window, organize favorites, power options, printers and faxes, LCD brightness MIN, LCD brightness MAX, Enable/disable Button Panel and the Fujitsu menu settings, which are customizable | No |
| X | fukerservice | fukerz.exe | Added by a variant of the RBOT WORM! | No |
| X | FUKLBAR | bar.exe | PurityScan adware | No |
| N | FullAudio | WMPImporter.exe | Used to import settings from Windows Media Player into Music Now software (from www.musicnow.com - which is no longer available) and possibly others | No |
| X | Fun | Fun.exe | Added by the COIDUNG-A WORM! | No |
| N | FusionHdtvTray | FusionHdtvTray.exe | FusionTrayAgent - main executable for DVICO FusionHDTV software. It adds an icon to system tray that allows you to easily access Fusion HDTV software | No |
| U | FusionRC | FusionRC.exe | Remote control manager for DVICO FusionHDTV | No |
| U | FusionRemote | FusionRc.exe | Remote control manager for DVICO FusionHDTV | No |
| N | FusionTrayAgent | FusionHdtvTray.exe | FusionTrayAgent - main executable for DVICO FusionHDTV software. It adds an icon to system tray that allows you to easily access Fusion HDTV software | No |
| X | fvek | fvek.exe | Added by the DRIVOL-A TROJAN! | No |
| Y | FveNotify | fveNotify.exe | Windows Vista - BitLocker Drive Encryption Notification Utility. Available with Enterprise and Ultimate versions of Vista, "BitLocker prevents a thief who boots another operating system or runs a software hacking tool from breaking Windows Vista file and system protections or performing offline viewing of the files stored on the protected drive" - see here | No |
| X | FW Manager | fwcheck.exe | Added by the DELBOT-H WORM! | No |
| X | FWDMON.EXE | fwdmon.exe | Added by the PROXY-S TROJAN! | No |
| Y | fwenc.exe | fwenc.exe | Check Point SecuRemote VPN client - "dynamic and fixed IP addressing for all ISP services - dial-up, cable modem, or DSL - the ideal solution for telecommuters and mobile workers" | No |
| X | Fwr Command Module | fwr.exe | Added by the SDBOT-PP WORM! | No |
| N | fwrastrc | fwrastrc.exe | Dial-up software for Friendly Technologies/1NationOnLine free ISP | No |
| U | fwservice | fwservice | eAcceleration Stop-Sign security software related. Previously not recommended, see here | No |
| X | FX | ieloader.exe | Added by the SMALL.RR TROJAN! | No |
| X | Fxoekm | miyhart.exe | Added by the SDBOT-CZQ WORM! | No |
| U | fxredir | fxredir.exe | Canon MultiPASS fax redirector | No |
| X | fzg | svhost32.exe | Added by the DLOADER.BDK TROJAN! | No |
| X | f~a | ra32.exe | Added by the CAY TROJAN! | No |
| X | g.exe | g.exe | Added by the GRAYBIRD.Q TROJAN! | No |
| X | G00123 | [worm filename] | Added by the BUGBROS WORM! | No |
| X | G0mez | G0mez.vbs | Added by the GORMLEZ-A WORM! | No |
| X | G3 | GSMedia3.exe | Malware downloader - detected by Kaspersky as the VB.UX TROJAN! | No |
| ? | g3dctl | g3dctl.exe | ?? | No |
| X | G4G | [random filename] | Detected as Trojan-Downloader.Win32.VB.fki | No |
| U | G6FTP Server Tray Monitor | G6FTPTray.exe | System Tray monitoring tool for Gene6 FTP Server - "an advanced FTP server software for Windows developed specifically for security and high performance requirements" | No |
| X | ga6pcw | ga6pcw.exe | Part of the AVSystemCare rogue security software and other members of this family. See here for more examples | No |
| X | gac | gac.exe | Part of VirusVakt, Swedish rogue security software - not recommended. A member of the AVSystemCare family | No |
| ? | GACService | GACService.exe | Related to a Gemplus product. What does it do and is it required? | No |
| X | gadkgak12 | fsafsakx12.exe | Added by the ONLINEG-N TROJAN! | No |
| N | Gadu-Gadu | gg.exe | Polish language Instant Messaging client | No |
| N | Gadwin PrintScreen | PrintScreen.exe | Gadwin PrintScreen - utility to capture, print or save the current window | No |
| X | GAELICUM.EXE | GAELICUM.EXE | Added by the PENTA-A TROJAN! | No |
| X | gah95on6 | gah95on6.exe | ShopAtHome/SAHagent adware | No |
| U | gaim | gaim.exe | Gaim is an instant messenger client with capability to connect to AIM, ICQ, MSN Messenger, Yahoo, IRC, Jabber, Gadu-Gadu and Zephyr networks | No |
| U | Gainward | TBPanel.exe | Configuration utility for Gainward graphics cards. Not required unless you use non-default settings. Available via Start -> Settings -> Control Panel | No |
| X | game | shit.exe | Added by the Netclap Gold backdoor TROJAN! | No |
| X | game | patcher.scr | Added by the PSW-ED TROJAN! | No |
| N | Game Device | JOYUPDRV.EXE | Genius game controller profile activator | No |
| X | Game House | GameHouse.exe | Added by the DELF-DRA WORM! | No |
| N | GameDrive | GDTask.exe | GameDrive from FarStone - virtual CD/DVD drive emulator that allows you to run your PC games without the disc. Available via Start → Programs | No |
| X | Games Acceleration | svshost.exe | EasySearch adware | No |
| X | Games Acceleration | [path to trojan] | Added by the SMUTSRCH-A TROJAN! | No |
| X | Games Acceleration | svshost1.exe | Added by the DLOADR-AWD TROJAN! | No |
| X | Games toolbar | rundll32.exe [path] tbGame.dll DllShowTB | Topconverting.com/180Search "Games Toolbar" adware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| N | GameSpot | kontiki.exe | Kontiki Delivery Manager - Windows-based client software that enables secure delivery of content to users' desktops | No |
| U | gameutil.exe | gameutil.exe | Part of Redline RegTweak as supplied with Sapphire ATI graphics cards. You can configure different overlclocking settings on a per game basis and this sets those conditions following a re-boot | No |
| X | gamma | svchost.exe | Added by a variant of the DELF.IT TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! The location of this file varies | No |
| U | GammaHotKeys | setgamma.exe | Part of the RadeonTweaker program for adjusting ATI Radeon graphics cards. Allows you to adjust the gamma (or brightness) when playing a full-screen game without switching back to the desktop | No |
| X | gangsta | gangsta.exe | Added by the RIMA.A BACKDOOR! | No |
| U | GARO Status Monitor | cnwism.exe | Print monitor for certain Canon printers | No |
| X | gaSrv | gaSrv.exe | Detected by Panda as the DOWNLOADER.ALQ TROJAN! Adware downloader | No |
| X | gaSrve | gaSrve.exe | Detected by Panda as the DOWNLOADER.ALQ TROJAN! Adware downloader | No |
| X | Gate Personal Firewall | Systpl.exe | Added by the RBOT.ADC WORM | No |
| N | Gateway Extended Warranty | GWCares.exe | Gateway Extended Warranty reminder | No |
| X | Gator | gator.exe | Gator eWallet adware. Please note that Claria Corporation no longer support GAIN-Supported software - see here | No |
| X | Gator eWallet | gator.exe | Gator eWallet adware. Please note that Claria Corporation no longer support GAIN-Supported software - see here | No |
| X | Gay_Sexy_** | Gay_Sexy_**.exe | Premium rate adult content dialler (where * is a random char) | No |
| U | GazelDisplay | gsyno.exe | BT Digital Access USB - Gazel ISDN installation System Tray icon | No |
| Y | GBMHome7Agent | GBMAgent.exe | Genie Backup Manager Home 7 - backup software | No |
| Y | GBMLite7Agent | GBMAgent.exe | Genie Backup Manager Lite 7 - backup software | No |
| Y | GBMPro7Agent | GBMAgent.exe | Genie Backup Manager Pro 7 - backup software | No |
| Y | GBSpaceMan | SpaceMan.exe | GreenBorder - secure your browsing activities on the internet | No |
| U | GBTray | GBTray.exe | System Tray icon access to Roxio's (nee Adaptec) GoBack software which allows you to revert back to a previously working state on you hard drive if you install a new program and your system goes faulty - performing the same functions with extra features as System Restore on WinMe/XP systems. Disable before running Scandisk or Defrag. Not required for WinMe/XP users, recommended for Win9x/NT/2K users | No |
| X | gCac | gcac.exe | Added by the TACTSLAY.U TROJAN! | No |
| X | gcasDtServ | gcasDtServ.exe | Added by an unidentified WORM or TROJAN. Note - this is not related to Microsoft Antispyware which has a process bearing the same name which doesn't appear as a startup | No |
| Y | gcasServ | gcasServ.exe | Giant Antipsyware - now superseded by Microsoft's Windows Defender | No |
| X | gcasServ | realsched.exe | Added by a variant of the TACTSLAY.A TROJAN! Note - this is not the legitimate RealOne Player (realsched.exe) application of the same name | No |
| ? | GCC Reminder | gccrem.exe | Associated with AcraMax Greeting Card Creator. Is it a registration reminder? | No |
| N | GCS | GrabClipSave.exe | GrabClipSave screen capture tool | No |
| X | gcw | gcw.exe | Part of BestsellerAntivirus, PCSecureSystem and other members of the AVSystemCare family of rogue security software suites. See here for more examples | No |
| X | gdagdgajs | bbsbw.exe | Added by the SDBOT-QX WORM! | No |
| X | GDAX | [path to backdoor] | Added by the RANKY.K TROJAN! | No |
| X | gdcw | GDCW.exe | Part of the PCPrivacyTool rogue privacy tool - not recommended. See here | No |
| X | Gddlib | rundll32.exe gddlib.dll,start | Added by the AKBOT.EG WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "gddlib.dll" file is found in %System% | No |
| Y | GDFirewallTray | GDFirewallTray.exe | System Tray access to the firewall part of G Data range of internet security products | No |
| X | gdien32 | gdien32.exe | Added by the SINGU-P TROJAN! | No |
| X | gdimx | gdimx.exe | MPB-D dialer. Note - provides an uninstall option which can be accessed via the Add or Remove Programs dialog in the Windows Control Panel. The software is listed as "gdimx" | No |
| U | GDMgr.exe | gdmgr.exe | GuardMon is a commercial surveillance software program designed to monitor all forms of user activity on a computer | No |
| N | GDrive | GDriver.exe | Found on IBM systems. All it does is set the CDROM drive letter to G:. Set your drive letter manually via Start -> Settings -> Control Panel -> System -> Device Manager | No |
| N | Gearbox | confsvr.exe | NTL's Gearbox software for configuring internet connections with their NTLWorld software - does a similar job to the Internet Connection Wizard which can be used instead using the dial-up details available here | No |
| N | GEARsec | gearsec.exe | Installed by Apple Quicktime package - iPod®/iTunes® CDRW support. Can be disabled if you only require Quicktime player | No |
| X | GEDZAC | GEDZAC.exe | Added by the GEMEL WORM! | No |
| X | Gekio Startups | gnksvc32.exe | Added by the AGOBOT.AFJ WORM! | No |
| N | GemStRmW | GemStRmW.exe | For a GemPlus smart card reader. If it doesn't start automatically when you insert the smart card, start it manually | No |
| X | gencroot | gencroot.exe | Added by the SDBOT-AED WORM! | No |
| U | Gene USB Monitor | USBMonit.exe | Monitors USB ports for insertion of Sandisk USB flashdrives | No |
| X | General Antivirus | GenAvir.exe | General Antivirus rogue security software - not recommended, removal instructions here | No |
| X | general lptt01 | general.exe | RapidBlaster variant (in a "General" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here | No |
| X | general ml097e | general.exe | RapidBlaster variant (in a "General" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here | No |
| X | Generic host proccess for windows | SVCHOSTS.EXE | Added by the SPYBOT-GQ WORM! | No |
| X | Generic Host Process | SCHOST.EXE | Added by the RBOT-NC WORM! | No |
| X | Generic Host Process | svchost.exe | Added by the DLOADER-NX TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | Generic Host Process | camacttiv.exe | Detected by AVG as the CIADOOR.13 TROJAN! | No |
| X | Generic Host Process | lsassw.exe | Added by the AGOBOT-N WORM! | No |
| X | Generic Host Process for Win Services | mscvs.exe | Added by a variant of the SDBOT WORM! | No |
| X | Generic Host Process for Win32 Service | svlhost.exe | Added by the WOOTBOT.EX WORM! | No |
| X | Generic Host Process for Win32 Service | rpchost.exe | Added by the IRCBOT.DCN WORM! | No |
| X | Generic Host Process for Win32 Services | ntspcv.exe | Added by the SDBOT.S TROJAN! | No |
| X | Generic Host Process for Win32 Services | intspvc.exe | Added by the DINFOR.D WORM! | No |
| X | Generic Host Process for Win32 Services | winsvc.exe | Added by the SDBOT-O WORM! | No |
| X | Generic Host Process for Win32 Services | bazzi.exe | Added by the AHKER.E WORM! | No |
| X | Generic Host Process for Win32 Services | winsvc32.exe | Added by the SDBOT-P WORM! | No |
| X | Generic Host Process for Win32 Services | lspsvc.exe | Added by the MUMU.C WORM! | No |
| X | Generic Host Process for Win32 Services | SPSVC.EXE | Added by the SDBOT.DA WORM! | No |
| X | Generic Host Process for Win32 Services | svchost32.exe | Added by the AGOBOT.ALH WORM! | No |
| X | Generic Host Process for Win32 Services | svñhîst.exe | Added by the DLOADER.AK TROJAN! | No |
| X | Generic Host Process for Win32 Services | winlogon.exe | Added by a variant of the IRCBOT BACKDOOR! See here. Note - this is not the legitimate winlogon.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! | No |
| X | Generic Host Process for WinXP Services | mshelp.exe | Added by the AGENT-GQP TROJAN! | No |
| X | Generic Host Process2 System Backup | scvhost2.exe | Added by the RBOT-BAH WORM! | No |
| X | Generic Host Process326a System Backup | scvhost326a.exe | Added by a variant of the SDBOT WORM! | No |
| X | Generic Host Service | lshost.exe | Added by the RBOT.LU WORM! | No |
| X | Generic Service Process | regsvc32.exe | Added by the GAOBOT.UJ or GAOBOT.UL WORMS! | No |
| X | Generic Service Process | serv1ces.exe | Added by the AGOBOT-JK WORM! | No |
| X | Generic Service Process | nvsvc.exe | Added by the AGOBOT.BY WORM! Note - this is not the valid NVIDIA Driver Helper Service and is located in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| X | Generic Service Process | srvhost.exe | Added by the AGOBOT-FX WORM! | No |
| X | Generic Services Process | regsvc32.exe | Added by the GAOBOT.SY WORM! | No |
| X | GenericHostXP | WinLoaderXP.exe | Added by the BDOOR-ACX BACKDOOR! | No |
| Y | Genie USB Monitor | USBmonitor.exe | Port monitor for an external USB hard drive. Required to enable access to the drive | No |
| X | Genius Mose Driver | svghost.exe | Added by a variant of the SPYBOT WORM! See here | No |
| X | genserv path | sdqdqg.exe | Added by the SDBOT-RF WORM! | No |
| X | Geography TX 1.0 NT | CompuSpeed.vbs | Added by the NEWLEY-A WORM! | No |
| X | Gerenciamento de arquivos do Windows | Winmod32.exe | Added by the DLOADER-WG TROJAN! | No |
| X | german.exe | winsystems.exe | Added by the BAGLEDl-AE TROJAN! | No |
| X | german.exe | wintems.exe | Added by the BAGLE-AS TROJAN! | No |
| X | gescw | gescw.exe | Part of BeschermingsTool, SysDepannage and other members of the ErrClean rogue system error and cleaning utility and other members of this family. See here for more examples | No |
| X | Gestionnaire de disques universel | sysoobe.exe | Added by the TOADER-A TROJAN! | No |
| N | Get Smile | getsmile.exe | Puts smilie faces in your E-mail. Run manually when required | No |
| X | Get-Torrent Service | wakeservice.exe | Get-Torrent bittorrent client - Installs LOP adware | No |
| Y | Getca | InfoMyCa.exe | Monitor for a Belkin USB Wireless adapter | No |
| U | GetIT | GetIT.exe | "HP GET-IT (Graduate Entrepreneurship Training through Information Technologies) empowers under- or unemployed young people with business and IT skills - helping them find a job or start their own businesses" | No |
| X | GetitAll | rundll32.exe MSA64CHK.dll,DllMostrar | MatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System% | No |
| X | GetModule18 | GetModule18.exe | Internet Speed Monitor adware related - see example here | No |
| X | GetModule19 | GetModule19.exe | Internet Speed Monitor adware related - see example here | No |
| X | GetModule20 | GetModule20.exe | Internet Speed Monitor adware related - see example here | No |
| X | GetModule21 | GetModule21.exe | Internet Speed Monitor adware related - see example here | No |
| X | GetModule23 | GetModule23.exe | Internet Speed Monitor adware related | No |
| X | GetModule24 | GetModule24.exe | Internet Speed Monitor adware related - see example here | No |
| X | GetModule25 | GetModule25.exe | Internet Speed Monitor adware related - see example here | No |
| X | GetModule27 | GetModule27.exe | Internet Speed Monitor adware related | No |
| X | GetModule29 | GetModule29.exe | Internet Speed Monitor adware related - see example here | No |
| X | GetModule30 | GetModule30.exe | Internet Speed Monitor adware related | No |
| X | GetMP3 | rundll32.exe MSA64CHK.dll,DllMostrar | MatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System% | No |
| X | GetPack18 | GetPack18.exe | Internet Speed Monitor adware related - see example here | No |
| X | GetPack19 | GetPack19.exe | Internet Speed Monitor adware related - see example here | No |
| X | GetPack20 | GetPack20.exe | Internet Speed Monitor adware related - see example here | No |
| X | GetPack21 | GetPack21.exe | Internet Speed Monitor adware related - see example here | No |
| X | GetPack22 | GetPack22.exe | Internet Speed Monitor adware related | No |
| X | GetPack23 | GetPack23.exe | Internet Speed Monitor adware related | No |
| X | GetPack24 | GetPack24.exe | Internet Speed Monitor adware related - see example here | No |
| X | GetPack25 | GetPack25.exe | Internet Speed Monitor adware related | No |
| N | GetRight Tray Icon | GETRIGHT.EXE | GetRight from Headlight Software - download manager for resuming downloads and choosing multiple download locations. The freeware version is/was spyware. The registered version isn't if you don't install the Aureate/Radiate software. Available via Start -> Programs | No |
| X | GetTheMusic | rundll32.exe MSA64CHK.dll,DllMostrar | MatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System% | No |
| U | Getting started with MacDrive | MDGetStarted.exe | MacDrive 7 from Mediafour Corporation - "enables anyone using Windows Vista, XP, and 2003 Server to seamlessly access Mac disks (HFS/HFS+) of all types, including CDs, DVDs, hard drives, floppy, Zip, Jaz, and more!" | No |
| X | getwin | winB_.exe | Added by the BANKER-HS TROJAN! | No |
| X | gf1.0.0.2 | ggf.exe | Added by the EDFON.A TROJAN! | No |
| X | gfxtray | rundll32 ctccw32.dll,findwnd | Added by the AGENT.AOU BACKDOOR! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted, The "ctccw32.dll" is located in %System% | No |
| X | Ghost Relay | [random filename] | Added by the DNSCHANG.EK TROJAN! | No |
| U | GhostSecuritySuite | gss.exe | Ghost Security Suite - protect the registry from unauthorized reading and modification and other tools | No |
| N | GhostStartService | GhostStartService.exe | Required to run the Windows based wizard in Norton Ghost - added from the 2003 version. Will start automatically when you run the wizard | No |
| N | GhostStartTrayApp | GhostStartTrayApp.exe | System Tray access to Norton Ghost - added from the 2003 version | No |
| Y | GhostSurfDelSatellite | DeleteSatellite.exe | Part of SpyCatcher spyware remover from Tenebril. Prevents rogue programs from sending personal information to a remote user via the Internet. If you use SpyCatcher with real time scanning, you'll want to leave this file in place | No |
| X | gigabit.exe | gigabit.exe | Added by the BEAGLE.U WORM! | No |
| X | GigaByte | Cheatle.exe | Added by the SHODI.B VIRUS! | No |
| U | Giganews Accelerator | GiganewsAccelerator.exe | Giganews Accelerator from Giganews, Inc. - "a software-based news proxy which will allow you to compress headers and enable 256-bit SSL encryption, regardless of whether or not SSL is supported natively by your news client" | No |
| Y | Gilat SOM Enumerator | dllhost.exe | For Gilat Communications internet satellite systems - associated with SkyBlaster modem. Required if you have this system | No |
| Y | GilatFTC | ftc.exe | For Gilat Communications internet satellite systems - associated with SkyBlaster modem. Required if you have this system | No |
| X | gimmygames | [path to trojan] | Added by the DLOADR-LN TROJAN! | No |
| X | gimmysmileys | gimmysmileys.exe | GimmySmileys adware | No |
| X | GinaDll | ntgina.dll | Added by the ANIG.A WORM! | No |
| ? | GisdnLog | gisdnlog.exe | BT Digital Access USB | No |
| U | Glass2k | Glass2k.exe | "Glass2k is a small little program that allows Win2K/XP users to make any window transparent" | No |
| X | GLF Network Lan Monitor | NPFMNTOR.exe | Added by the RBOT-AGY WORM! | No |
| Y | Glide | Glidew32.exe | Cirque touchpad driver | No |
| X | Global Startup | WinDash.EXE | Detected by Kaspersky as the VB.Q WORM! | No |
| X | GlobalFlagACER | ACER.exe | Added by the VB.BL WORM! | No |
| X | GlobalSCAPE | [random filename] | Added by the RBOT-AYM WORM! | No |
| X | Glock Suite 1.1 | glock32.exe | Added by the TINY.GV TROJAN! | No |
| X | GLSetIT32 | msiexec16.exe | Added by the OPTIX PRO TROJAN! | No |
| X | GLSetIT32 | isass.exe | Added by a variant of the OPTIX PRO TROJAN! | No |
| X | GLSetT32 | smsiexec.exe | Added by the OPTIX-D TROJAN! | No |
| ? | gluon | gluon.exe | In a gluon/bin sub-directory | No |
| X | glv | glv.exe | Added by the DLOADER-NG TROJAN! | No |
| X | GMedia2 | GSM2.exe | Malware downloader - detected by Kaspersky as the VB.UX TROJAN! | No |
| X | GMedia2 | GSMedia3.exe | Malware downloader - detected by Kaspersky as the VB.UX TROJAN! | No |
| Y | Gmouse | Gmouse.exe | Amouse mouse driver - required if you use non-standard Windows driver features | No |
| X | Gmsvc32 | gmsvc32.exe | Added by the AGOBOT.ABN WORM! | No |
| U | Gnetmous | gnetmous.exe | Genius mouse driver - required if you use non-standard Windows driver features | No |
| U | GNETMOUSE | gnetmouse.exe | Genius mouse driver - required if you use non-standard Windows driver features | No |
| X | GNP Generic Host Process | svchost.exe | Added by the ZAPCHAS-F BACKDOOR! Note - this is not the legitimate svchost.exe process which should not normally figure in Msconfig/Startup! | No |
| ? | gnub | gnub.exe | ?? | No |
| X | go | cvir.exe | Added by the SILOV-A WORM! | No |
| X | Go And Start | svdll32.exe | Added by the RBOT.AI BACKDOOR! | No |
| X | Go!Zilla | gozilla.exe | Download manager for resuming downloads and choosing multiple download locations. Advertising spyware | No |
| X | Go!Zilla Monster Downloads | Go.exe | Download manager for resuming downloads and choosing multiple download locations. Advertising spyware | No |
| U | GoBack | GBMenu.exe | Roxio's (nee Adaptec) GoBack software which allows you to revert back to a previously working state on you hard drive if you install a new program and your system goes faulty - performing the same functions with extra features as System Restore on WinMe/XP systems. Disable before running Scandisk or Defrag. Not required for WinMe/XP users, recommended for Win9x/NT/2K users | No |
| U | GoBack | GBTray.exe | System Tray icon access to Roxio's (nee Adaptec) GoBack software which allows you to revert back to a previously working state on you hard drive if you install a new program and your system goes faulty - performing the same functions with extra features as System Restore on WinMe/XP systems. Disable before running Scandisk or Defrag. Not required for WinMe/XP users, recommended for Win9x/NT/2K users | No |
| U | GoBack Polling Service | GBPoll.exe | Roxio's (nee Adaptec) GoBack software which allows you to revert back to a previously working state on you hard drive if you install a new program and your system goes faulty - performing the same functions with extra features as System Restore on WinMe/XP systems. Disable before running Scandisk or Defrag. Not required for WinMe/XP users, recommended for Win9x/NT/2K users | No |
| U | GoBack Tray Icon | GBTray.exe | Roxio's (nee Adaptec) GoBack software which allows you to revert back to a previously working state on you hard drive if you install a new program and your system goes faulty - performing the same functions with extra features as System Restore on WinMe/XP systems. Disable before running Scandisk or Defrag. Not required for WinMe/XP users, recommended for Win9x/NT/2K users | No |
| X | GOG | GOG.exe | Added by the PHILIS.B VIRUS! | No |
| X | goidr | goidr.exe | Goidr adware | No |
| X | GoldenAntiSpy | pgs.exe | GoldenAntiSpy rogue security software - not recommended. A member of the AVSystemCare family | No |
| U | Goldensoft_MndlSvr | MndlSvr.exe | Goldensoft CD Ghost related - turns a computer into a 200X-speed CD-ROM tower. Working from the hard drive, users can simultaneously access as many as 23 virtual CD-ROM drives at a speed of 200X for true multitasking | No |
| X | Golum | services.exe | Added by the GOLUM.A TROJAN! Note - this is not the legitimate services.exe process, which should not appear in Msconfig/Startup! | No |
| X | golumm | services.exe | Added by the DLOADER-ET TROJAN! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "golumm" subfolder | No |
| X | good | badvir.exe | Added by the SILOV-B WORM! | No |
| X | google.exe | Added by the RBOT-AMW WORM! | No | |
| U | Google Desktop | GoogleDesktop.exe | Google Desktop - "a desktop search application that provides full text search over your email, files, music, photos, chats, Google Mail, web pages that you've viewed and more. By making your computer searchable, Google Desktop puts your information easily within your reach and frees you from having to manually organise your files, emails and bookmarks" | Yes |
| U | Google Desktop Search | GoogleDesktop.exe | Google Desktop - "a desktop search application that provides full text search over your email, files, music, photos, chats, Google Mail, web pages that you've viewed and more. By making your computer searchable, Google Desktop puts your information easily within your reach and frees you from having to manually organise your files, emails and bookmarks" | Yes |
| X | Google Earth | [random filename] | Added by the RBOT-AXK TROJAN! | No |
| N | Google Earth Viewer | GOOGLEMAPS.EXE | Google Earth "combines satellite imagery, maps and the power of Google Search to put the world's geographic information at your fingertips" | No |
| U | Google IME Autoupdater | GooglePinyinDaemon.exe | Google Pinyin Input Method Editor (IME) - allows a user to input Chinese characters by entering the pinyin of a Chinese character (with or without tone, depending on the system) and then presenting the user with a list of possible characters with that pronunciation | No |
| X | google Intrenet Explorer | google.pif | Added by the RBOT-ARA WORM! | No |
| U | Google Quick Search Box | GoogleQuickSearchBox.exe | Part of Google Toolbar (from version 6 onwards) for IE. The Quick Search Box sits between the "Start" button and Quick Launch toolbar and "lets you easily search both your computer and the Web from a slick-looking search box that comes up only when you need it" | Yes |
| X | Google service | Googlesetup.exe | Added by the IRCBOT-RJ WORM! | No |
| X | Google Service FR | GO0GLEFREE.EXE | Added by a variant of the SPYBOT WORM! | No |
| X | google toolbar | ggtb32.exe | Added by the AGOBOT-RR WORM! | No |
| N | Google Update | GoogleUpdate.exe | Update manager for the range of tools available from Google - such as the Chrome web browser and Picasa photo manager | No |
| N | Google Updater | GOOGLE~1.EXE | Downloads and installs updates for Google applications (Google Earth, Google Desktop, etc.) | No |
| N | Google Updater | GoogleUpdater.exe | Downloads and installs updates for Google applications (Google Earth, Google Desktop, etc.) | No |
| X | GoogleBot.exe | GoogleBot.exe | Added by the GB TROJAN! | No |
| N | GoogleDCClient | GoogleDCC.exe | Google Compute Client - only present if you installed the Google Toolbar with "Google Compute" client active. Does complex calculations in the background when idle. If you want to turn it off go to your browser, click on the little double-helix on the Google Toolbar, and click "Stop Computing". No longer supported | No |
| U | GoogleDesktop | GoogleDesktop.exe | Google Desktop - "a desktop search application that provides full text search over your email, files, music, photos, chats, Google Mail, web pages that you've viewed and more. By making your computer searchable, Google Desktop puts your information easily within your reach and frees you from having to manually organise your files, emails and bookmarks" | Yes |
| U | GoogleQuickSearchBox | GoogleQuickSearchBox.exe | Part of Google Toolbar (from version 6 onwards) for IE. The Quick Search Box sits between the "Start" button and Quick Launch toolbar and "lets you easily search both your computer and the Web from a slick-looking search box that comes up only when you need it" | Yes |
| U | googletalk | googletalk.exe | Google Talk "enables you to call or send instant messages to your friends for free-anytime, anywhere in the world". Can be launched manually | No |
| U | GoogleToolbarNotifier | GoogleToolbarNotifier.exe | Part of Google Toolbar (from version 4 onwards) for IE. "Google Toolbar Notifier allows you to set Google as your default search engine and prevents your search settings from being changed without your consent. An icon in your system tray blinks if the Notifier identifies an attempt to change your default search engine. You can click the icon to get more details and allow the change". There was a bug in earlier versions where disabling the option resulted in the entry still running at startup but this has now been resolved | Yes |
| U | GoToMyPC | g2svc.exe | ExpertCity GoToMyPc logon - web-based remote-access solution that allows individuals and companies to register their computers online and then securely access those computers from any web browser | No |
| U | GoTrusted | GoTrusted Secure Tunnel.exe | "GoTrusted is the fast, easy way to secure your PC's Internet data and protect your privacy" | No |
| X | GotSmiley | GotSmiley.exe | GotSmiley - ad supported program that provides the user with smileys for use in emails. Not recommended. Please note that Claria Corporation no longer support GAIN-Supported software - see here | No |
| X | gouday.exe | readme.exe | Added by the BEAGLE.C WORM! | No |
| X | govurarope | Rundll32.exe retasevo.dll,s | Added by the BHO-HG TROJAN! The "retasevo.dll" file is found in %System% | No |
| X | GP Updater | gpupdater.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | GPLv3 | [random name].dll | Vundo adware | No |
| X | gpmce | window.exe | Added by the VB.CK WORM! | No |
| X | gqgqqger | gqgeqegl.exe | Added by the SDBOT-CLJ WORM! | No |
| N | GRA | gra.exe | Looks at system resources at startup and warns you if they have dropped. Contains links to the Disk Clean Up, Defrag and Start Up Menu. It does have a link to a startup configuration utility. Similar to msconfig but can keep a list of disabled apps. Not really necessary. Only appears if you load the Gateway Startup Utility | No |
| ? | gramdate | 2Stop.exe | ?? | No |
| X | Graphic Driver | smss32.exe | Added by a variant of the RBOT WORM! | No |
| X | Graphic Loader | ntvdm32.exe | Added by a variant of the RBOT WORM! | No |
| X | Graphic Update | openglx.exe | Added by the IRCBOT.AMU WORM! | No |
| X | Graphics | _default.pif | Added by the AUTOSKY WORM! | No |
| X | Graphics adapter service | windll.exe | Added by the ATNAS.A WORM! | No |
| U | Gravis Appawareloader | dbserver.exe | Looks like it's associated with Gravis game controllers and the Keyset Manager, allowing the user to program the buttons for games that don't support them | No |
| U | Gravis Xperience Driver Support | Grxp4exe.exe | Driver for Gravis game controllers such as the Eliminator Aftershock. Must be loaded if you run the supplied application software for the controller to be recognized. Start it manually via a shortcut if not used | No |
| ? | GrdSys32 | GrdSys32.exe | X-Stream ISP software. Offers free Net access funded by on-screen ads. Is it required or can you create your own dial-up networking connection to use on demand? | No |
| X | GreasyPalmUpdate | GreasyPalmUpdate.exe | SearchFast adware | No |
| X | GreatDefender | GreatDefender.exe | GreatDefender rogue security software - not recommended, removal instructions here. A member of the AntiAID family | No |
| X | GreatDefender.exe | GreatDefender.exe | GreatDefender rogue security software - not recommended, removal instructions here. A member of the AntiAID family | No |
| X | GreatDownloads | rundll32.exe MSA64CHK.dll,DllMostrar | MatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System% | No |
| N | Greetings Workshop | GWREMIND.EXE | You really want to be reminded about somebody's birthday at the expense of resources? | No |
| X | gremier | wscript.exe gpremier.vbs | Added by the GPREMIER WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted. The "gpremier.vbs" file is located in %System% | No |
| X | Gremlin | intrenat.exe | Added by the DOOMJUICE WORM! | No |
| X | grinders | grinders.exe | Added by a variant of the Storm/Nuwar/Zhelatin WORM! See here for an example | No |
| N | Grokster | Grokster.exe | Grokster Peer-To-Peer File Sharing program | No |
| Y | Groove Virtual Office | Groove.exe | "Groove Virtual Office uses a peer-to-peer networking model to connect users in Groove Workspaces. In these workspaces geographically dispersed coworkers can do almost everything they could do in the same office. They can hold online meetings, store files and folders, save threaded discussions, scribble on whiteboards, share calendars, and track project information and timelines." Formerly by Groove Networks - now owned by Microsoft and part of MS Office | No |
| U | GrooveMonitor | GrooveMonitor.exe | Part of MS Office Groove - a stand-alone product or included with the Enterprise/Ultimate versions of MS Office 2007. "A collaboration software program that helps teams work together dynamically and effectively, even if team members work for different organizations, work remotely, or work offline". GrooveMonitor is responsible for synchronizing the Groove workspaces between the users PC and those of other workspace participants. If you don't use Groove to collaborate with co-workers you can safely disable this entry | Yes |
| U | GrooveMonitor Utility | GrooveMonitor.exe | Part of MS Office Groove - a stand-alone product or included with the Enterprise/Ultimate versions of MS Office 2007. "A collaboration software program that helps teams work together dynamically and effectively, even if team members work for different organizations, work remotely, or work offline". GrooveMonitor is responsible for synchronizing the Groove workspaces between the users PC and those of other workspace participants. If you don't use Groove to collaborate with co-workers you can safely disable this entry | Yes |
| U | GroupWise PDA Connect - 3CmPlm | AutoDet.exe | 3Com Palm PC specific translator for the GroupWise PDA Connect PDA synchronisation utility from Novell | No |
| U | GroupWise PDA Connect - GrpWse | Agnt.exe | GroupWise PDA Connect PDA synchronisation utility - from Novell | No |
| U | GroupWise PDA Connect - PocketPC | AUTODE~1.EXE | Windows Mobile Pocket PC specific translator for the GroupWise PDA Connect PDA synchronisation utility from Novell | No |
| U | GroupWise PDA Connect - ScheduleSync | SCHEDU~1.EXE | ScheduleSync specific translator for the GroupWise PDA Connect PDA synchronisation utility from Novell | No |
| N | GrpConv | grpconv.exe | Microsoft Windows Program Group Converter - used by installers (ONLY in the RunOnce keys) - provides the translation of groups and group items to folders and links. Also see this MS Knowledge Base article | No |
| X | GsAds | gms2.exe | PacerD_Media/Pacimedia.com adware | No |
| ? | Gscbc | Gscbc.exe | ?? | No |
| X | gshp | zzgshp.vbs | Homepage hi-jacker | No |
| N | Gsiconexe | Gsicon.exe | ADSL modem monitor from Eicon Networks (as used by BT for its Broadband internet service for example). Can safely be disabled without affecting the connection - all this does is give an indication of connectivity and access to the diagnostic facilities | No |
| ? | GsiFinal | rundll32 gspndll.dll,postInstall final | USB DSL modem related. What does it do and is it required? | No |
| ? | GSISETUP | [path] GsiInst.exe INSTALL [path] V205Res 13 | BT Voyager ADSL modem related - what does it do and is it required? | No |
| N | GSOrganizer | GSOrganizer.exe | GoldenSection Organizer (now WinOrganizer - personal information manager) | No |
| X | gssomatic | gssomatic.exe | Searchcentrix hijacker | No |
| Y | gStart | gStart.exe | gStart GPS software from Garmin | No |
| X | GStartup | GMT.exe | Gator spyware component - see here. Please note that Claria Corporation no longer support GAIN-Supported software - see here | No |
| X | gsv | gsv.exe | Added by the ROBAL 1.0 backdoor TROJAN! | No |
| X | GT | GT.EXE | Added by the SDBOT-AJ WORM! | No |
| X | GT15J4R49V | cpuserv.exe | Identified as a variant of the Trojan.Win32.Radi.gu malware | No |
| U | GTVEpg | GTVEpg.exe | Part of Got All Media - control your TV tuner and other utilities from your PC | No |
| U | GTVRec | GTVRec.exe | Part of Got All Media - control your TV tuner and other utilities from your PC | No |
| N | Gtwatch | gtwatch.exe | Associated with a Mustec scanner and not required | No |
| X | gtydf | iisca.exe | Added by the CLAGGER-BB TROJAN! | No |
| X | gtydf | iscca.exe | Added by the DWNLDR-GTK TROJAN! | No |
| X | gtydf | ggrrgg.exe | Added by the DLOADR-AZK TROJAN! | No |
| U | Guard | Guard.exe | Related to Phoenix Technologies Core Managed Environment (cME) Integration and Certification program | No |
| Y | GuardGui Application | GuardGui.exe | System Tray access to the main user interface for Ashampoo® AntiVirus from Ashampoo GmbH & Co. KG. | Yes |
| U | Guardian | CMGrdian.exe | McAfee Guardian shortcut menu on the System Tray (looks like a castle) given access to Internet Security, Browser Buddy, File Guardian and help. Included with older versions of McAfee Internet Security and possibly others | No |
| U | Guardian PC Security Tools | Pfft.exe | Boomerang Software's Guardian PC Security Tools - now rebranded as the eXtendia Security Suite | No |
| X | GuardPcs.exe | GuardPcs.exe | GuardPcs rogue security software - not recommended, removal instructions here. A member of the AntiAID family | No |
| X | guarnset | guarnset.exe | Adlogix adware | No |
| X | gummy | gummy.exe | Added by the VANEBOT-AQ WORM! | No |
| X | GURL | gurl.exe | GURLWatcher spyware | No |
| U | GuruNet | GuruNet.exe | GuruNet lets you click on any word on your screen to get the relevant information you want | No |
| X | GustavVED | [filename].exe | Added by the OPASERV.H WORM! | No |
| X | gvagfxj | rundll32 ...gvagfxj.dll | Unidentified adware, spyware or virus | No |
| Y | gw port controller | PORTCT95.EXE | From a visitor - "I must keep it active in start up or my Lexmark printer and RCA Cam program cannot discover a working port to work". From the file properties, the file is known as "Smart Thru Fax Drive Spy" and is supplied by Samsung | No |
| N | GWInkMonitor | GWInkMonitor.exe | Gateway ink monitor - makes an annoying popup that says your printer may be running out of ink, do you want to buy some! | No |
| X | gwiz | ntsystem.exe | Added by the NITWIZ.A TROJAN! | No |
| X | gwiz | arpl.exe | Detected by F-Prot as W32/Downloader-Sml-based | No |
| N | GWMDMMSG | GWMDMMSG.exe | Used with internal modems on Gateway and vprMatrix PCs. This is the "GTW modem messaging applet" and is not required for the modem to work correctly | No |
| U | GWMDMpi | GWMDMpi.exe | Used with internal modems on Gateway PCs such as the 450SX Notebook. Required for audio settings to be maintained and does not remain in memory once run. See here for more information | No |
| U | gwum | gwum.exe | Gigabyte utility manager. Loads if you have a Gigabyte motherboard and got a full bundle of utilities installed. Monitors CPU, fans, BIOS etc. Only used by system "tweakers" | No |
| ? | gyy | gyy.exe | Possibly Gator (and therefore spyware) related? | No |
| X | G_Host | gHost.exe | Added by the AUTOIT-BP WORM! | No |
| X | G_Server.exe | G_Server.exe | Added by the FEUTEL-C TROJAN! | No |
| X | G_Server1.2.exe | G_Server1.2.exe | Added by the GRAYBIRD-Z TROJAN! | No |
| U | H/PC Connection Agent | WCESCOMM.EXE | Connection manager for Microsoft ActiveSync - mobile device synchronization software for Windows XP (and earlier), supporting mobile deivces based upon the Windows CE OS (such as Pocket PC, Handheld PC and Windows Mobile). Automatically launches ActiveSync (if enabled) when the mobile device is connected. If disabled it will re-instate the next time ActiveSync runs - hence the reluctant "U" recommendation | Yes |
| Y | H2O | cledx.exe | Related to copyright protection products by SyncroSoft | No |
| U | H2OWIBU | CXWibu.exe | Related to CodeMeter from WIBU-SYSTEMS AG. Software protection hardware | No |
| X | h4te Service Drivers | h4te.exe | Added by a variant of the RBOT WORM! | No |
| X | hachimitsu-lemon | hachimitsu-lemon.exe | Added by the HACHILEM TROJAN! | No |
| X | HackMuFpt | HackMuFpt.exe | Added by the SCLOG-AG TROJAN! | No |
| X | hagent | avp.exe | Added by the "Herman Agent" remote access TROJAN! | No |
| X | Halflife | halflife2.exe | Added by the AGOBOT-OC BACKDOOR! Note - this file is not associated with Valve Corporation's Half-Life 2 game | No |
| U | HalifaxHowardCluster | skinkers.exe | "Howard the Weatherman" desktop client from Halifax by Skinkers - marketing/messaging tool. Leave enabled if you want to receive messages | No |
| Y | Hamachi | hamachi.exe | LogMeIn Hamachi remote control and VPN software | No |
| U | HaMFrontPanel | hampanel.exe | Displays a panel simulating modem lights for the Intel HaM internal modem. The lights are useful as a reminder to disconnect from the net if you are likely to forget, but otherwise pointless | No |
| U | Handy Backup 3.9 | hbagent.exe | Handy Backup - automatic backup of your critical data to virtually any type of storage media including CD-RW devices and remote FTP servers | No |
| X | HanUpdate | hanz.exe | Added by the RBOT-GLJ WORM! | No |
| N | Hard Disk Sentinel | HDSentinel.exe | Hard Disk Sentinel - a multi-OS hard disk drive monitoring application. Its goal is to find, test, diagnose and repair hard disk drive problems, display hard disk health, performance degradations and failures | No |
| X | Hard drive Controller | hdcontroller.exe | Added by the KIMAN.B WORM! | No |
| X | HardDriveGuard | SysRep.exe | HardDriveGuard rogue system error and cleaning utility - not recommended. A member of the ErrClean family | No |
| U | Hardware Doctor | Hwdoctor.exe | Winbond Hardware Doctor - as included on some motherboard using Winbond's hardware monitoring chips. Displays fan speeds, voltages, temperatures. Only required if you're concerned about your system temperature - typically for "overclocked" systems | No |
| X | Hardware Monitor Service | mshms.exe | Added by the WOLLF-A TROJAN! | No |
| X | Hardware Profile | hxdef.exe | Added by the LOVGATE.AB WORM! | No |
| X | Hardware Profile | hxdef.exe... | Added by the LOVGATE.Z WORM! | No |
| U | Hardware Sensors Monitor | hmonitor.exe | Utility to monitor fan speed and temperatures - similar to Motherboard Monitor. Only required if you're concerned about your system temperature - typically for "overclocked" systems | No |
| X | Hardware Shell Detection | WinHSD.exe | Added by a variant of the RBOT WORM! | No |
| U | Hare | hare.exe | Hare - improve and optimize performance of desktop/laptop PCs | No |
| U | Harmony 98 - CasioOrg | CasAgnt.exe | Enterprise Harmony 98 for CASIO - synchronization software for use with Microsoft® Outlook 97/98/2000 | No |
| X | HataDuzelticisi | SysRep.exe | HataDuzelticisi, Turkish rogue system error and cleaning utility - not recommended. A member of the ErrClean family | No |
| X | HATAPE | [path to trojan] | Added by the BANKER-QF TROJAN! | No |
| U | HawkEye | HAWK_95.EXE | Control Panel application for the old Number Nine graphics cards to change resolution, colour depth, etc. Available via Start -> Programs | No |
| U | HawkEye IV Control Panel | HAWK_32.EXE | Control Panel application for the old Number Nine graphics cards to change resolution, colour depth, etc. Available via Start -> Programs | No |
| U | Hawking HWU54G Utility | HWU54G.exe | Wireless management utility for the HWU54G Mini Wireless-G USB Adapter from Hawking Technologies, Inc | No |
| U | Hawking Wireless Utility | HWU8DD.exe | Wireless management utility for the HWU8DD Hi-Gain™ USB Wireless-G Dish Adapter from Hawking Technologies, Inc | No |
| X | Hbinst | Hbinst.exe | Hotbar adware | No |
| N | HC Reminder | hc.exe | For Compaq PC's. Help Compiler, crunches help database, will run without being in startup when needed | No |
| N | HCDetect | HCDetect.exe | MS HomeClick Network - simple home network setup and configuration program included with 3Com HomeConnect home networking products. Runs in the background for network printer notification, detection, and Internet Connection Sharing (ICS) taskbar icon. Not required - network can be set-up manually, also has a known memory leak problem | No |
| X | hcen | hcen.exe | Added by the SMALL.LR TROJAN! | No |
| U | hcenter | tgcmd.exe | Part of software from SupportSoft (aka Support.com) provided to manufacturers and ISPs that allows them to offer on-line support - to update drivers, fix faults, etc. Also see the TgAddServer entry. This part ensures the software is installed correctly (similar to an installation wizard) as reported by Cox. Regarded as spyware by some as it has the ability to retrieve user information. Whether it does so depends upon the provider. One Toshiba user reports problems with hibernate on his laptop if disabled - hence the "U" recommendation" | No |
| U | hcenter | hcenter.exe | Bellsouth help center. Part of software from SupportSoft (aka Support.com) provided to manufacturers and ISPs that allows them to offer on-line support - to update drivers, fix faults, etc. Also see the TgAddServer entry. This part ensures the software is installed correctly (similar to an installation wizard) as reported by Cox. Regarded as spyware by some as it has the ability to retrieve user information. Whether it does so depends upon the provider. One Toshiba user reports problems with hibernate on his laptop if disabled - hence the "U" recommendation" | No |
| X | hclean32.exe | hclean32.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| U | Hcontrol | hcontrol.exe | Hotkeys on an ASUS Notebook. Only required if you use the additional keys | No |
| N | hcsystray | hc_tray.exe | Kuma Notifier for the Shootout! game from the History Channel. "It lets you know whenever there's a new episode that's been released or an announcement from the Kuma team. Just click it to get up-to-the-minute game and event information" | No |
| N | HD Audio Control Panel | RtHDVCpl.exe | Realtek HD Audio Manager, installed with the Vista drivers for on-board Realtek HD audio codecs. Unless you have the default (but optional) System Tray icon enabled, the only purpose this entry serves is to detect and allow you to configure any devices plugged into the jacks - such as headphones and a microphone. With the System Tray icon enabled it will also inform you when devices are removed and give you access to the Sound Manager and other multimedia functions. The Sound Manager is also available via the Control Panel and this entry is therefore only required if you regularly change sound schemes | Yes |
| N | HDAShCut | HDAShCut.exe | High definition audio page shortcut for Realtek audio devices - not required | No |
| U | HDAudDeck | HDAudioCPL.exe | Vista control panel for VIA Vinyl HD Audio Codecs from VIA Technologies, Inc - such as the VT1708B | No |
| U | HDAudDeck | HDeck.exe | XP control panel for VIA Vinyl HD Audio Codecs from VIA Technologies, Inc - such as the VT1708B | No |
| X | HDAudio | hda.exe | Added by the TACTSLAY.U TROJAN! | No |
| X | HDAudio Driver 1.0 | [random filename].exe | Added by the TEADOOR-D TROJAN! | No |
| X | HDAudio Driver 2.0 | [random filename].exe | Added by the TEADOOR-E TROJAN! | No |
| U | HDDControlGuard | HDDControlGuard.exe | Part of Ashampoo® HDD Control from Ashampoo GmbH & Co. KG - a hard drive monitoring utility which also incorporates defragmentation and cleaners for browsing history and unnecessary files. This entry loads the Ashampoo HDD Control Guard component on startup which runs in the background and monitors the hard drives and provides System Tray access | Yes |
| U | HDDControlGuard.exe | HDDControlGuard.exe | Part of Ashampoo® HDD Control from Ashampoo GmbH & Co. KG - a hard drive monitoring utility which also incorporates defragmentation and cleaners for browsing history and unnecessary files. This entry loads the Ashampoo HDD Control Guard component on startup which runs in the background and monitors the hard drives and provides System Tray access | Yes |
| U | HDDHealth | hddhealth.exe | HDD Health is a "full-featured failure-prediction agent for machines using Windows 95, 98, NT, Me, 2000 and XP. Sitting in the system tray, it monitors hard disks and alerts you to impending failure" | No |
| U | HDDlife | HDDlife.exe | HDDlife checks the health of your hard drives at regular intervals and informs you about the results of these checks | No |
| ? | HDhelp | tbhdhelp.exe | Associated with Philips Edge series soundcards. Is it required? | No |
| X | hdlfoe df98ndf | svchots.exe | Added by a variant of the RBOT WORM! | No |
| X | hdlpscom | [8 random letters].exe | Added by the RBOT-FUL WORM! | No |
| X | HDriveSweeper | HDriveSweeper.exe | HDriveSweeper rogue privacy program - not recommended, removal instructions here | No |
| N | HDtray | HDtray.exe | Philips Edge Series Control Panel Tray Utility - system tray icon for a Philips Edge series soundcards. Available via Start -> Settings -> Control Panel | No |
| X | he3bbcff | rundll32.exe he3bbcff.dll, EnableRunDLL32 | LZIO.com adware downloader. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "he3bbcff.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| X | he3e3fc4 | rundll32.exe he3e3fc4.dll, EnableRunDLL32 | LZIO.com adware downloader. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "he3e3fc4.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| X | Hekio Startups | Hnksvc32.exe | Added by the AGOBOT-QE WORM! | No |
| X | HELLBOT TEST | 1hellbot.exe | Added by the MYDOOM.BO WORM! | No |
| X | HELLBOT3 | coolbot.exe | Added by the MYTOB.AB WORM! | No |
| X | hellfire | svchost.exe | Added by the LEOX.D TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | hellodolly | shost.exe | Added by the YODO WORM! | No |
| X | HelloInt | hello3.exe | Added by the CASAL.A TROJAN! | No |
| X | helloserv | helloserv.exe | Added by the ZHELATI.BHA WORM! | No |
| X | helloworld | nb32ext2.exe | Added by the MYDOOM.BV WORM! | No |
| X | helloworld | nb32ext3.exe | Added by the MYTOB.JT WORM! | No |
| X | helloworld3 | nb32ext4.exe | Added by the RITDOOR.A WORM! | No |
| ? | Help | helpext.exe | ?? | No |
| X | help | help.scr | Added by the BANCOS-BBU TROJAN! | No |
| X | Help | Wizardnil.exe | Added by the BANCOS-BCZ TROJAN! | No |
| X | Help | lshost.exe | Identified as a variant of the Trojan-Clicker.Win32.Delf.aro malware | No |
| X | Help Temp Files | netreg.exe | Added by the FORBOT-EM WORM! | No |
| X | Help Temp Files | emp32.exe | Added by the FORBOT-EC WORM! | No |
| U | HelpCenter | sprtcmd.exe /P HelpCenter | Self-help support tool for BellSouth's FastAccess® DSL (now owned by AT&T) broadband service (provided by SupportSoft, Inc). Identifies and automatically fixes typical problems that may occur with your high-speed internet service | No |
| U | HelpCenter4.1 | sprtcmd.exe /P HelpCenter4.1 | Self-help support tool for BellSouth's FastAccess® DSL (now owned by AT&T) broadband service (provided by SupportSoft, Inc). Identifies and automatically fixes typical problems that may occur with your high-speed internet service | No |
| X | helpctl.exe | helpctl.exe | Added by the GASLIDE TROJAN! | No |
| X | Helper | eschlp.exe | Added by the BLASTER.T WORM! | No |
| X | HELPER | greece_nm.exe | AsdPlug premium rate adult content dialer variant | No |
| X | HELPER | Netherlands.exe | AsdPlug premium rate adult content dialer variant | No |
| X | HELPER | new_zealand.exe | AsdPlug premium rate adult content dialer variant | No |
| X | HELPER | sweden.exe | AsdPlug premium rate adult content dialer variant | No |
| X | HELPER | canada.exe | AsdPlug premium rate adult content dialer variant | No |
| X | HELPER | france.exe | AsdPlug premium rate adult content dialer variant | No |
| X | HELPER | temp532.exe | AsdPlug premium rate adult content dialer variant | No |
| X | helper.dll | rundll32.exe [path] helper.dll | CnsMin (Chinese Keywords) hijacker related. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| X | HelpExp.exe | HelpExp.exe | Attune HelpExpress - spyware. Disable and uninstall - see here | No |
| X | helpmanager | spoler.exe | Added by the RANDEX.J WORM! | No |
| X | helpo | helpo.exe | Added by the BANLOA-BU TROJAN! | No |
| X | helpw | helpw.exe | Adware downloader | No |
| X | hen | [filename].exe | Added by the TARNO.G TROJAN! | No |
| X | heomstool | heomstool.exe | Added by the HEOMS TROJAN! | No |
| Y | HEProtect | HSockPE.exe | Part of the AntiSpam function of the HAURI ViRobot Desktop internet security suite | No |
| ? | HerculesCamService | CamService.exe | Related to the Hercules Dualpix HD Webcam. What does it do and is it required? | No |
| X | hErcUnes | softhost.exe | Added by the GARROCH WORM! | No |
| X | herjek | herjek.exe | Added by the NUWAR.APJ WORM! | No |
| U | Hermes Messenger | DGDRHE~1.EXE | A LAN messenger alternative to WinPopUp - Digital Dreams Software | No |
| X | Hewlett Packard Manager | hpmanager.exe | Added by the MYTOB.KE WORM! Note - this is not a valid Hewlett-Packard program | No |
| N | Hewlett Packard Recorder | Remind32.exe | HP multifunction registration | No |
| U | Hf | Hf.exe | Hide Folders - hide your folders so only you can view them | No |
| X | HF Security | hfsecure.exe | Added by the AGOBOT-TI WORM! | No |
| X | hfdtubvnx | keepSafe.exe | Added by the KILLAV.KAX TROJAN! | No |
| Y | hffsrv | hffsrv.exe | Hide Files & Folders - "great easy-to-use password-protected security utility working at Windows kernel level you can use to password-protect certain files and folders, or to hide them securely from viewing and searching just with a click of mouse". If this entry is disabled, any files/folders that are protected/hidden will no longer be accessible without first accessing the main program | Yes |
| Y | hffsrv.exe | hffsrv.exe | Hide Files & Folders - "great easy-to-use password-protected security utility working at Windows kernel level you can use to password-protect certain files and folders, or to hide them securely from viewing and searching just with a click of mouse". If this entry is disabled, any files/folders that are protected/hidden will no longer be accessible without first accessing the main program | Yes |
| U | hfxp | hfxp.exe | Hide Folders XP - hide your folders so only you can view them | No |
| X | hgkytwe | keepSafe.exe | Added by the KILLAV.KAX TROJAN! | No |
| X | hgqhp.exe | hgqhp.exe | Added by the FLUSH.F TROJAN! | No |
| N | HGTXPEI | FirstReboot.exe | Herucles Audio tool for the Hercules Game Theater XP soundcard. Available via Start -> Settings -> Control Panel | No |
| X | hhtnsn | rnxntup.exe | Added by a variant of the ORCU.B TROJAN! | No |
| ? | HiberMonitor | HCount.exe | ?? | No |
| U | Hibernation | hib32.exe | Reduces the power consumption when the laptop isn't being used to preserve battery power. Similar programs on other laptops reduce the processor clock rate, etc. Required if you run of battery regularly | No |
| X | Hid.exe | hid.exe | Added by the RATSOU.B TROJAN! | No |
| U | Hide and Protect any Drives for Win95/98/Me/2k/XP | HPDAgent.exe | Loads Hide and Protect any Drives - which allows you to "Protect Hard drive, CD, DVD, floppy and flash, and deny access to partitions of your hard drives. Stop unauthorized software installations and data leak by removable media". If disabled, hidden and locked drives still retain their original status so the user will only be able to change their status them via the main UI | Yes |
| X | hiden | hiden.exe | Added by the AGENT-IW TROJAN! | No |
| U | HideOE | HideOE.exe | HideOE - allows you to 'hide' Outlook Express or minimize it to the System Tray | No |
| X | HideRun.exe | Hiderun.exe and svhost.exe and pro.gif | Added by the BOOHOO WORM! | No |
| X | HideStyle | Ante Browse Trust.exe | IE toolbar taking you to Lop.com. If the exe is running, close it and remove the %ProgramFiles%\Stupidmore directory | No |
| U | Hidetools Spy Monitor | wmispe.exe | HideTools Spy Monitor surveillance software. Uninstall this software unless you put it there yourself | No |
| U | hidserv | hidserv.exe | This is the Human Interface Device Server for Win98SE/2000/Me/XP, it is required only if you are using USB Audio Devices you can disable via Msconfig. See here. Typical examples are USB multimedia keyboards with volume control and web-ready keyboards. For example - loaded by default with MS DSS80 Speakers because they have Volume, Mute and Bass controls on the speaker. Some users may experience problems disabling this - if this is the case then re-enable it. Equivalent to MMHid in Win98. On HP Computers, HIDSERV is the controller for the keyboard sound controls on the USB and PS/2 keyboards | No |
| X | hid_start | gzmrotate.dll | AdRotator/IconAds adware | No |
| U | High Definition Audio Property Page Shortcut | CHDAudPropShortcut.exe | Realtek audio card related. Probably adds the odd feature to one of the "Sounds" Control Panel applet tabs - doesn't appear to be required | No |
| N | High Definition Audio Property Page Shortcut | HDAShCut.exe | High definition audio page shortcut for Realtek audio devices - not required | No |
| U | High Definition Audio Property Page Shortcut | CHDAudPropShortcut.exe | Realtek audio card related. Probably adds the odd feature to one of the "Sounds" Control Panel applet tabs - doesn't appear to be required | No |
| X | HighKey1 | HighKey1.exe | Detected by AVG as GENERIC12.LHE - see here | No |
| Y | HighPoint ATA RAID Management Software | raidman.exe | HighPoint RAID management - hard disk striping/mirroring utility for increased performance and reliability. See here for more information on RAID | No |
| X | Highspeeddownloader | SetupClickHere.EXE | Homepage hijacker, redirecting to "turbo-search101.com" - see here | No |
| U | HijackThis | HijackThis.exe | "HijackThis is a free utility which quickly scans your Windows computer to find settings that may have been changed by spyware, malware or other unwanted programs". This option is added when you select Config → "Run HijackThis scan at startup..." once a scan has been performed | No |
| U | HijackThis startup scan | HijackThis.exe | "HijackThis is a free utility which quickly scans your Windows computer to find settings that may have been changed by spyware, malware or other unwanted programs". This option is added when you select Config → "Run HijackThis scan at startup..." once a scan has been performed | No |
| X | HijSrv32 | hijsrv.exe | Added by the BANKGERM-D TROJAN! | No |
| X | himem.exe | [path to worm] | Added by the STRATION-FW WORM! | No |
| X | HistoriaLout. | GDC.exe | HistoriaLout. rogue privacy tool - not recommended. A member of the PCPrivacyTool family | No |
| N | HistoryKill | histkill.exe | HistoryKill removes your web surfing path by removing the URL drop-list history, detailed history file, cache, and cookies in both IE and Netscape Navigator browsers. Available via Start -> Programs | No |
| U | Hitman Pro SurfRight Helper | srhelper.exe | Hitman Pro - a utility to start a number of Security Protection software. They can be started individualy | No |
| X | HitQ | HitQ.exe | Hijacker, for more information see here | No |
| U | HitwarePKLite | HITWAR~1.EXE | Hitware Popup Killer Lite | No |
| X | HIV | HIV.exe | Added by the HIVA TROJAN! | No |
| U | hk | hk.exe | KeyLoggerExp keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| U | hkcmd | hkcmd.exe | Hot Key handler for Intel desktop and mobile motherboard chipsets with integrated graphics. With this enabled, you can access settings like graphics properties and screen rotation via pre-programmed key combinations - such as CTRL+ALT+F12 which displays the graphics properties (otherwise available via a right-click on the desktop or the Control Panel). Different chipset versions may have different pre-programmed settings and in some cases these may be programmable | Yes |
| X | HKEYok | runlli32.exe | Added by the QQPASS-U TROJAN! | No |
| X | HKLM\\Run | svhost.exe | Added by the FORBOT-AO BACKDOOR (where HKLM\\Run represents HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run)! | No |
| X | HKLM\Run | windowsupdate.exe | Added by the FORBOT-BJ WORM (where HKLM\Run represents HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run)! | No |
| U | hkserv | HKserv.exe | Keyboard manager program required to use programmable power and function keys on some laptops such as the Sony PCG R505TS | No |
| U | hkss | hkss.exe | Compaq HotKey Support - multimedia keyboard support | No |
| X | HLcleanup | hlsetup2.exe | LinkReplacer/FFinder adware | No |
| X | hldrrr | hldrrr.exe | Added by the BAGLE-KF WORM! | No |
| X | hlhtxo.exe | hlhtxo.exe | Added by the QLOWZONES-27 TROJAN! | No |
| X | HLL Data Parameter | hllcxpa.exe | Added by the RBOT.AFG WORM! | No |
| X | HMI PowerSystem | hmisvc32.exe | Added by the RANDEX.CZZ WORM! | No |
| X | HML PowerSource | hmlsvc32.exe | Added by the SDBOT-XL WORM! | No |
| U | Hmonitor | Hmonitor.exe | Hardware sensor monitoring program. Only required if you overclock your system and want to check on the status | No |
| X | HMV PowerSource | hmusvc32.exe | Added by the SDBOT-YW WORM! | No |
| X | ho2stdll.exe | ho2stdll.exe | Added by the BANKER-HO TROJAN! | No |
| X | hohohhaha | ournik.com | Added by the IRCFLOOD.AL BACKDOOR! | No |
| X | HOI Services | holsvc32.exe | Added by the AGOBOT-SF WORM! | No |
| N | Holiday Lights | Holiday Lights.exe | Holiday Lights from Tiger Technologies. Festive desktop enhancement that adds lights. Available via Start -> Programs | No |
| X | Hollaback | slvhosts.exe | Added by the SDBOT.BMO WORM! | No |
| X | Home Antivirus 2010 | HomeAntivirus2010.exe | Home Antivirus 2010 rogue security software - not recommended, removal instructions here | No |
| N | Home Theater SchSvr | SchSvr.exe | WinScheduler is installed with Home Theater Remote Control for WinDVD from Intervideo. If you want to schedule recordings from your TV tuner card, you will need it. Available via Start -> Programs | No |
| U | HomeAlarm | HomeAlarm.exe | Chameleon Clock - system tray clock replacement | No |
| X | HomeAntivirus 2009 | HomeAntivirus2009.exe | HomeAntivirus 2009 rogue security software - not recommended, removal instructions here | No |
| X | HomeAV | homeav.exe | Home Personal Antivirus rogue security software - not recommended, removal instructions here | No |
| ? | HomeCentre WakeUp | LGWAKEUP.EXE | Associated with the no longer supported Xerox HomeCentre printer/scanner | No |
| U | HomeKeyLogger | KeyLogger.exe | SpyKeySpy surveillance software. Uninstall this software unless you put it there yourself | No |
| X | Homeland Network | HomelandNetwork.exe | Homeland Network Notifier - pops ads | No |
| X | homepage.monitor.exe | isamonitor.exe | Added by the ZLOB.MEDIA-CODEC TROJAN! This purports to be a Windows Media Player upgrade (with names such as "iCodecPack", "X Password Manager" and "Media-Codec") to allow the user to view adult oriented videos on certain websites - but actually downloads and installs additional malware on the user's machine. Various directories and filenames are used - see the link for details | No |
| U | HondaHelper | HondaHelper.exe | Part of Honda Music Link which allows you to use your Honda's audio system's controls to play and search for music on your iPod® in you car | No |
| ? | Honor | honor.exe | ?? | No |
| U | Hook99startup | hk2re.exe | "Hook99 enables the user to customize the start button. You can change or remove the text and replace the Windows flag on button with icon of your choice. Supports Windows icons, bitmaps and can extract icons from executables and libraries. Hook99 can also make the background of desktop icons captions transparent" | No |
| U | HookSys | HookSys.exe | SurfinGuard Pro from Finjan - internet protection software, protects against all malicious code delivered through executables, scripting files, ActiveX and Java | No |
| U | HornetMonitor | MntrHrnt.exe | Hornet Monitor - monitoring system that detects and responds to unauthorized access attempts and sources of channel interference on any local DSSS network | No |
| Y | HorngTech4D | bally4d.exe | HorngTech 4D mouse driver | No |
| X | Host | N/A | Added by the POPDIS or STARTPAGE.F TROJANS! | No |
| X | host | help.exe | IESearchToolbar parasite. Identified by Ewido Security Suite (Ewido is now part of AVG Technologies) as the DELF.LF TROJAN! | No |
| X | Host Process | mame.exe | Added by the RBOT-APO WORM! | No |
| X | Host Process | svchost.exe | Added by the IRCBOT.AGF BACKDOOR! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in the Fonts directory | No |
| X | hostdll.exe | hostdll.exe | Added by the BANKER-BO TROJAN! | No |
| U | HostManager | AOLHostManager.exe | Manages a component essential to the operation of most current AOL software. If you remove it from startup it will load when IE is launched, increasing launching time | No |
| N | HostManager | AOLSoftware.exe | Quoted from AOL Beta Team, "Manages a component essential to the operation of most current AOL software, client or not. You should be able to remove it from Startup (it'll just load when Explorer is launched, which will extend load time a bit), but do leave it on your system" | No |
| X | Hostname Manager Server | host32srv.exe | Added by a variant of the RBOT WORM! | No |
| X | Hostren.exe | Hostren.exe | Added by PWS.BANKER.F, a variant of the BANKER-BO TROJAN! | No |
| X | hostserv | hostserv.exe | Added by the RBOT.BPZ WORM! | No |
| X | hostserv | wiz98.exe | Added by a variant of the SDBOT WORM! | No |
| U | HostsFileMgr | winHostsEdit.exe | AdBin from Gilmore Software Development. An easy solution to managing your Window's hosts file | No |
| U | HostsMan | hm.exe | "HostsMan is a freeware application that lets you manage your Hosts file with ease". It is mainly intended to block specific domains (mostly advertising servers) by redirecting them to localhost, but can also be used to add any other domain/Ip combination that you want to be included in the HOSTS file | No |
| X | HostSrv | sachostx.exe | Added by the LOOKSKY.H WORM! Drops multiple files in the System (9x/ME) or System32 (NT/2K/XP) folders | No |
| X | HostSrv | sachostx.exe | Added by the LOOKSKY.A or LOOKSKY.F or LOOKSKY.G WORMS! | No |
| X | HostSrv | sachostx.exe... | Added by the LOOKSKY.E WORM! | No |
| X | HostSVC syse | HostSVC.exe | Added by the RBOT-ANZ WORM! | No |
| X | Hot 8.0 Live | hot.exe | Added by the BANKER.EIE TROJAN! | No |
| U | Hot Corners | Hotc.exe | Hot Corners - "lets you quickly activate or disable your screen saver by moving the mouse into a given corner of the screen" | No |
| X | HOT FIX | Gothic.exe | Added by the SDBOT.FIR WORM! | No |
| X | HOT FIX | filename.exe | Added by the SDBOT-DKM WORM! | No |
| X | Hot Inside | Hottest Story Ever.exe | Added by the BHARAT.A WORM! | No |
| U | Hot Key Kbd 2690 Daemon | SK2690DM.EXE | Multi-function keyboard driver. Allows the use of programmable keys on mulimedia keyboards. Required if you use the additional keys | No |
| U | Hot Key Kbd 9910 Daemon | SK9910DM.exe | Multi-function keyboard driver. Allows the use of programmable keys on mulimedia keyboards. Required if you use the additional keys | No |
| ? | Hot Party 22 | hotpart22.exe | ?? | No |
| X | HotAction_hr | hotaction_hr.exe | Added by the SITEICON-B DIALER! An uninstall option can be accessed via the Add or Remove Programs dialog in the Windows Control Panel. The software is listed as "HotAction_hr" | No |
| X | Hotbar | Hbinst.exe | Hotbar adware | No |
| X | Hotbar | HbOEAddOn.exe | Hotbar adware | No |
| X | HotbarOE | OEAddOn.exe | Hotbar adware | No |
| X | HotbarSA | HotbarSA.exe | Hotbar adware | No |
| X | hotdlll | remote.cmd | Added by the BANKER-EHG TROJAN! | No |
| X | hotdlll | vmmreg32.exe | BANKER.DX spyware | No |
| X | hotefix | msnmanegers.exe | Added by the IRCBRUTE.AS TROJAN! | No |
| X | hotfix | msnnmaneger.exe | Added by the WOOTBOT.AF WORM! | No |
| X | Hotfix Updat | svdhost32.exe | Added by the GAOBOT.ZW WORM! | No |
| U | HOTFOON2 | hotfoon4.exe | Related to Hotfoon - a developer and provider of Internet Telephony technology based on LTP (Lightweight Telephony Protocol) | No |
| U | HotIDE | hotide.exe | HotIDE allows Acer TravelMate owners to hot-swap external drives without switching of their notebooks | No |
| U | HotkeyApp | HotkeyApp.exe | Programmable keys on Acer, Fujitsu and other laptops | No |
| U | HotKeysCmds | hkcmd.exe | Hot Key handler for Intel desktop and mobile motherboard chipsets with integrated graphics. With this enabled, you can access settings like graphics properties and screen rotation via pre-programmed key combinations - such as CTRL+ALT+F12 which displays the graphics properties (otherwise available via a right-click on the desktop or the Control Panel). Different chipset versions may have different pre-programmed settings and in some cases these may be programmable | Yes |
| X | HotKeysCmds | [path to worm] | Added by the PAHATIA-A WORM! | No |
| X | HotPix | hotpix.exe | Adult content dialler | No |
| X | hotplug | hotplug.exe | Added by the SILLYDL TROJAN! | No |
| U | Hotplug | hot_plug.exe | Related to the SiS_Hot_Plug_Application. Enables automated driver loading for hotpluggable devices. If this service is stopped, hotplug devices will no longer function | No |
| N | HotSync Manager | hotsync.exe | Installed when connecting a Palm HotSync cradle up to a USB port. The Blue and Red Arrow Icon that enables Palm / Handspring Synchronizing. Available via Start → Programs | No |
| X | hotwetlove | hotwetlove.exe | Adult content dialler. Will not uninstall - components have to be manually deleted | No |
| X | Hot_Kiss | Hot_Kiss.exe | Adult content dialler | No |
| X | Hot_Tarts | Hot_Tarts.exe | Adult content dialler | No |
| X | Hot_Tarts_** | Hot_Tarts_**.exe | Premium rate adult content dialer (where * is a random char) | No |
| X | Hot_Tarts_Au | Hot_Tarts_Au.exe | Premium rate adult content dialler | No |
| X | Hot_Tarts_mc | Hot_Tarts_mc.exe | HotTarts adult content dialer | No |
| U | HoverDesk | HoverDesk.exe | HoverDesk - desktop replacement software | No |
| X | HP | mon.exe | Added by the SILLYFDC WORM! | No |
| ? | hp 1000 firmware | fwdl.exe | HP LaserJet 1000 related. Is it a driver or automatic firmware update (based upon the filename)? | No |
| U | HP AutoIndexer | hppautoindexer.exe | Installed by HP multi-function printer driver software, related to PC faxing. If you are not using the PC faxing feature you can go ahead and disable these services from the startup | No |
| N | HP CD Writer | hpcdtray.exe | System Tray access to a HP CD-Writer's functions. Available via Start -> Programs | No |
| N | HP CD-DVD | hpcdtray.exe | System Tray access to a HP CD-Writer's functions. Available via Start -> Programs | No |
| N | HP CD-Writer | hpcdtray.exe | System Tray access to a HP CD-Writer's functions. Available via Start -> Programs | No |
| X | hp center | BACKWEB-*****.exe | See here - "messaging service that automatically sends you support information, tips, ideas, and special offers from HP and our partners, especially designed for HP and Compaq desktop computer owners". Applies to certain HP Pavilion desktop computers between Fall 2001 and Spring 2003. * can be any digit | No |
| N | hp center UI | ShadowBar.exe | User Interface for HP Center - see here | No |
| N | HP Component Manager | hpcmpmgr.exe | Checks the internet for updated drivers/utilities for your HP product - update manually. Disabling will remove the error "Windows can't shutdown the computer because hpcmpmgr.exe can't be ended" | No |
| X | HP Deskjet | HP_DeskJet_500.exe | Added by the FORBOT-DA WORM! | No |
| X | HP Desktop | ccappms.exe | Added by the SDBOT-TG WORM! | No |
| U | HP Digital Imaging Monitor | hpqtra08.exe | System Tray access to HP Director. Required if you prefer to use the all-in-one buttons to manually scan documents or transfer photos froma camera, for example | No |
| U | HP Display Settings | hpdisply.exe | Sets default display settings. Unchecking this item has been reported to cure a "Problem sending command to keyboard" error message | No |
| U | HP Health Check Schedule | HPHC_Scheduler.exe | HP Health Check Scheduler from Hewlett-Packard | No |
| ? | HP IDScheduler | HPIDSCHD.exe | HP Instant Delivery Scheduler | No |
| N | HP Image Zone Fast Start | hpqthb08.exe | Improves the startup time of HP Image Zone. If you disable it, HP Image Zone takes a long time to start up only the first time you run it. Subsequent startups are much faster than the first time | No |
| N | HP Info Express | ?? | On HP PCs, allows the computer to automatically receive notifications from HP over the Internet. Associated with BackWeb | No |
| U | HP Instant Support | matcli.exe | "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, state, etc and gets written to a log file". HP Instant Support is required to run with the Help and Support program. If you uncheck HP Instant Support and and then run Help and Support it will add another HP Instant Support in the startup menu. If you remove the HP Instant Support in the add/remove program some help menus in help and support will not be available. You decide | No |
| N | HP Internet Center | SURFBRD.EXE | Loads the HP Internet center surfboard on startup. HP Internet Center allows you to customize the multimedia keys on the fly without having to go the Control Panel --> Keyboards to change them | No |
| N | HP JetDiscovery | HPJETDSC.EXE | HP JetAdmin software which monitors printing jobs on a network environment | No |
| N | HP JetSpeed Autostart | AUTOSTART.EXE | Autostart executable for the old multiplayer game HP Jetspeed | No |
| U | HP Laser Jet Director | hppdirector.exe | System Tray icon that opens various functions such as copy, fax, email, scan, copy plus, etc. Right-click on it and you see a few options such as the preceding bar plus About, Help, ToolBox, Exit, etc | No |
| ? | HP Network Registry Agent | hpnra.exe | ?? | No |
| ? | HP OfficeJet Series xxx Startup | HPOSTR03.EXE | xxx represents the series number - such as 700. What does it do and it it required? | No |
| ? | HP OfficeJet Series xxx Startup | HPOstr05.exe | xxx represents the series number - such as 700. What does it do and it it required? | No |
| N | HP Parallel Port Test | hppt.exe | Associated with a HP ScanJet scanner | No |
| X | HP Photo Manager | HPPhotoManager.exe | Added by the SDBOT.AXU WORM! | No |
| N | HP Photosmart Premier Fast Start | hpqthb08.exe | Improves the startup time of HP Image Zone. If you disable it, HP Image Zone takes a long time to start up only the first time you run it. Subsequent startups are much faster than the first time | No |
| ? | HP Port Resolver | hpbpro.exe | ?? | No |
| N | HP Precision Scan | hpmdlbwx.exe | HP multifunction scanner software. Available from HP Office Jet R Toolbox so not required | No |
| N | HP Presentation Ready | PresRdy.exe | HP Omnibook related: "Press a dedicated button above the keyboard and the system will instantly load your presentation software and change the screen resolution to match your display device" | No |
| U | hp psc 2000 Series | hpobnz08.exe | System Tray icon indicating when the printer is ready. Can be started manually with HP Director but takes time to start | No |
| U | HP RecordNow | ?? | From HP "Software for the CD writer. Do not prevent from starting unless the CD writer is never going to be used." | No |
| U | HP ScanPatch | HPScanFix.exe | Program that starts up and automatically fixes earlier versions of the Scanjet 5100c software. If a Scanjet 5100C scanner is not going to be used, then it is safe to remove or prevent from starting | No |
| N | HP ScanPicture | hpsplmwa.exe | HP multifunction scanner software. Available from HP Office Jet R Toolbox so not required | No |
| U | HP SchedIndexer | hppschedindexer.exe | Installed by HP multi-function printer driver software, related to PC faxing. If you are not using the PC faxing feature you can go ahead and disable these services from the startup | No |
| X | HP Service Drivers | hdsys.exe | Added by the SDBOT-ZE WORM! | No |
| ? | hp Silent Service | HpSrvUI.exe | HP related | No |
| N | HP Simple Trax | Hpcron.exe | Supplied with HP CD-RW drives - stores information about CD contents on your hard drive. Available via Start -> Programs or Desktop Icon | No |
| N | HP software update | HPWuSchd2.exe | HP software updates. If a shortcut doesn't exist create your own and run it manually | No |
| N | HP software update | HPWuSchd.exe | HP software updates. If a shortcut doesn't exist, create your own and run it manually | No |
| N | HP Status | hpstatus.exe | HP Printer Status and Alerts | No |
| ? | HP Status Server | hpboid.exe | Copied during installation of HP Inkjet Printer Drivers in Win2K/XP. What does it do and is it required? | No |
| U | HP TV Now | HpTvNow.exe | Application supplied with HP notebooks. It activates the S-Video port and is said to improve the quality of the output signal (resolution/timeouts) | No |
| X | HP Update Assistant | HPAware.exe | Added by the MRO TROJAN! | No |
| N | HP Updates | ?? | On HP PCs, allows the computer to automatically receive notifications from HP over the Internet. Associated with BackWeb | No |
| ? | HP Visualize Init | HpVisIni.exe | HP Visualize software related. What does it do and is it required? | No |
| N | HP-Aio Flight | Remind32.exe | HP multifunction registration | No |
| U | HPADVISOR | HPAdvisor.exe | HP Total Care Advisor - a suite of help and hardware check programs to help you check the health of your PCs | No |
| N | hpaiodevice | hpodev07.exe | Direct from HP - "Device Objects Server - detects all device events and handles all ongoing communication on the device. Loads in the Startup group (except when "portable" is chosen during installation)". Related to various HP all-in-one printer/scanner/copier devices. They print and copy fine with those files disabled, and the icon installed on the desktop that points to "hpodir07.exe" works just fine if you need to use the scanner | No |
| ? | HPAiODevice(hp officejet g series) | hpoavn07.exe | HP Printer related, reportedly lets file transfers from an HP device pass files through Windows firewall. Is it required? | No |
| N | HPAiODevice(hp psc 900 series) -1 | hpobrt07.exe | Installed with a Hewlett Packard 900 series colour printer, scanner, fax, photo card slot printer, copier. Assumed to perform an identical function to the hpaiodevice entry | No |
| N | HPAIO_PrintFolderMgr | hpoopm07.exe | Directly from HP: "This process has one purpose - detects if the device moves to a different port, and notifies other processes to look on the new port." For various HP all-in-one printer/scanner/copier devices. They print and copy fine with those files disabled, and the HP icon installed on the desktop that points to "hpodir07.exe" works just fine if you need to use the scanner | No |
| U | HPBootOp | HPBootOp.exe | "HP Boot Optimizer intelligently and dynamically launches software during startup, based on available resources, to improve startup performance" | No |
| X | hpcmd | cmd.exe | Added by the ADCLICK-DS TROJAN! | No |
| N | hpcmpmgr | hpcmpmgr.exe | Checks the internet for updated drivers/utilities for your HP product - update manually. Disabling will remove the error "Windows can't shutdown the computer because hpcmpmgr.exe can't be ended" | No |
| U | HPDAgent | HPDAgent.exe | Loads Hide and Protect any Drives - which allows you to "Protect Hard drive, CD, DVD, floppy and flash, and deny access to partitions of your hard drives. Stop unauthorized software installations and data leak by removable media". If disabled, hidden and locked drives still retain their original status so the user will only be able to change their status them via the main UI | Yes |
| U | HPDJ Taskbar Utility | hpztsb01.exe | HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer | No |
| U | HPDJ Taskbar Utility | hpztsb02.exe | HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer | No |
| U | HPDJ Taskbar Utility | hpztsb04.exe | HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer | No |
| U | HPDJ Taskbar Utility | hpztsb05.exe | HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer | No |
| U | HPDJ Taskbar Utility | hpztsb07.exe | HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer | No |
| U | HPDJ Taskbar Utility | hpztsb09.exe | HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer | No |
| U | HPDJ Taskbar Utility | hpztsb06.exe | HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer | No |
| U | HPDJ Taskbar Utility | hpztsb08.exe | HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer | No |
| U | HPDJ Taskbar Utility | hpztsb03.exe | HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer | No |
| U | HPDJ Taskbar Utility | hpztsb10.exe | HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer | No |
| U | HPDJ Taskbar Utility | hpztsb11.exe | HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer | No |
| U | HPDJ Taskbar Utility | hpztsb12.exe | HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer | No |
| U | HPDJ Taskbar Utility | hpztsb13.exe | HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer | No |
| N | hpfsched | hpfsched.exe | HPFSCHED is a small TSR that will remind you to clean the cartridges in your DeskJet from time to time in order to keep print quality high. It can be removed from the run line in win.ini if you do not want that feature | No |
| U | HPGamesActiveMenu | ActiveMenu.exe | Wild Tangent demo games that come with some HP computers. Unchecking it can prevent the games from running occasionally. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case | No |
| N | hpgs2wnd | hpgs2wnd.exe | Share-to-Web - HP-created software and Internet-based application that enables easy uploading and sharing of photos via affiliated photo-sharing Web sites. Available via Start → Programs | No |
| U | Hpha1mon | Hpha1mon.exe | Supports the memory card reader on some HP Photosmart and AIO (all-in-one) printers - displaying a System Tray icon for the drive and allowing you to transfer files directly via the SAVE button. This verison is applicable for version 2.0 to 2.3 drivers - see here. Known to cause 100% CPU load in some cases. Only needed if you use this feature | No |
| U | Hpha2mon | Hpha2mon.exe | Supports the memory card reader on some HP Photosmart and AIO (all-in-one) printers - displaying a System Tray icon for the drive and allowing you to transfer files directly via the SAVE button. This verison is applicable for version 3.1 to 3.2 drivers - see here. Known to cause 100% CPU load in some cases. Only needed if you use this feature | No |
| U | Hpha3mon | Hpha3mon.exe | Supports the memory card reader on some HP Photosmart and AIO (all-in-one) printers - displaying a System Tray icon for the drive and allowing you to transfer files directly via the SAVE button. This verison is applicable for version 3.3.138 to 3.4.13 drivers - see here. Known to cause 100% CPU load in some cases. Only needed if you use this feature | No |
| U | HPHmon03 | hphmon03.exe | Supports the memory card reader on some HP Photosmart and AIO (all-in-one) printers - displaying a System Tray icon for the drive and allowing you to transfer files directly via the SAVE button. Known to cause 100% CPU load in some cases. Only needed if you use this feature | No |
| U | HPHmon04 | hphmon04.exe | Supports the memory card reader on some HP Photosmart and AIO (all-in-one) printers - displaying a System Tray icon for the drive and allowing you to transfer files directly via the SAVE button. This verison is applicable for version 4.0 to 4.2 drivers - see here. Known to cause 100% CPU load in some cases. Only needed if you use this feature | No |
| U | hphmon05 | hphmon05.exe | Supports the memory card reader on some HP Photosmart and AIO (all-in-one) printers - displaying a System Tray icon for the drive and allowing you to transfer files directly via the SAVE button. This verison is applicable for version 5.0 to 5.3 drivers - see here. Known to cause 100% CPU load in some cases. Only needed if you use this feature | No |
| U | HPHmon06 | hphmon06.exe | Supports the memory card reader on some HP Photosmart and AIO (all-in-one) printers - displaying a System Tray icon for the drive and allowing you to transfer files directly via the SAVE button. This verison is applicable for version 6.0 drivers - see here. Known to cause 100% CPU load in some cases. Only needed if you use this feature | No |
| X | Hphome | hphome.js | Homepage hijacker | No |
| N | HPHUPD04 | hphupd04.exe | HP software update checker and wizard launcher. Available via Start -> Programs | No |
| N | HPHUPD05 | hphupd05.exe | HP software update checker and wizard launcher. Available via Start -> Programs | No |
| N | HPHUPD06 | hphupd06.exe | HP software update checker and wizard launcher. Available via the Start menu | No |
| N | HPHUPD07 | hphupd07.exe | HP software update checker and wizard launcher. Available via Start -> Programs | No |
| N | HPHUPD08 | hphupd08.exe | HP software update checker and wizard launcher. Available via Start -> Programs | No |
| ? | hpjsiroute | hpjsira.exe | Related to HP laserjet printers and IP addresses. An IP address is appended to the name field - ie "hpjsiroute192.168.1.2" | No |
| X | HPl Services | hmlsvc32.exe | Added by the AGOBOT-SI WORM and variants! | No |
| Y | HpLamp | HPLAMP.EXE | HP Scanner Utility that controls your scanners light bulb. Needed if it's switched on | No |
| U | hplampc | hplampc.exe | HP Scanner Lamp Utility - fixes an issue with the scanner lamp not going off | No |
| U | HPLaptopGamesActiveMenu | ActiveMenu.exe | Wild Tangent demo games that come with some HP computers. Unchecking it can prevent the games from running occasionally. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case | No |
| Y | HPLJ Config | SetConfig.exe | Connects system to networked HP printer. | No |
| U | HPLogiFinder | hp_finder.exe | HP LogiFinder helps detect and allows the use of the centre button for the Logitech mouse. Can be disabled if not used | No |
| U | HpMmKbd | HpMmKbd.exe | HP's multimedia keyboard driver which enables the end-user to use the automation features of the HP multimedia keyboard | No |
| U | HPMVTray | HPMVTray.exe | HP Media Vault Networked Storage Device - System Tray management utility | No |
| X | HPNT | hpdll.exe | Malware downloader - detected by Kaspersky as the VB.KU TROJAN! | No |
| N | hpodblia | hpodblia.exe | HP OfficeJet Scan Button Monitor on a multi-function printer/copier/scanner. Start your scanning software manually | No |
| N | hpoddt01.exe | N/A | Installed by the "HP Photo and Imaging Director" software. If you ask for the imaging software, this program will be started | No |
| U | hpoddt01.exe | hpotdd01.exe | Detection of new imaging, printing and other peripherals on HP machines such as USB printers, cameras and Bluetooth products | No |
| N | hpodlb08 | hpodlb08.exe | HP OfficeJet Scan Button Monitor on a multi-function printer/copier/scanner. Start your scanning software manually | No |
| Y | hpppt | hpppt.exe | Related to the drivers for HP ScanJet scanners | No |
| Y | hpppta | HPPPTA.exe | HP parallel port driver for certain hardware | No |
| X | HpPrinter | hpserver.exe | Added by the CMJSPY-W TROJAN! | No |
| N | HPPROPTY | HPPROPTY.EXE | HP LaserJet Toolbox | No |
| U | HPPWRSAV | HPPWRSAV.EXE | Power save related for HP Scanners. Many users have complained of system freezes with it running but it stops the light from remaining on all the time. Try www.hp.com, pick your OS option under the SUPPORT tab, follow the instructions and you will find an updated lamp control patch | No |
| ? | hpqcmon | hpqcmon.exe | From HP and related to digital imaging | No |
| ? | hpqSRMon | hpqSRMon.exe | Related to HP Digital Imaging products. What does it do and is it required? | No |
| U | HPSCANMonitor | hpsjvxd.exe | HP scanning software that enables you to scan images from your scanner. Needed if you're using the scanner | No |
| ? | hpScannerFirstBoot | scannerfb.exe | HP scanner related | No |
| X | hpSdwxmark | Gaddw.exe | Added by the SDBOT-RB WORM! | No |
| N | hpsjbmgr | hpsjbmgr.exe | HP ScanJet Button Manager. It allows users of the HPScanJet scanners to indicate what the buttons on the scanner will do automatically if pushed. Not required at startup, unless the scanner is used every day, such as in a business environment | No |
| N | HPStart | hpstart.wsf | This a script used by HP that runs the first time one of their computers is started. Can't imagine why it would be starting up after the first boot | No |
| X | hpsysconf1 | [random filename] | Added by a variant of the VIVIA.A TROJAN! | No |
| U | hpsysdrv | hpsysdrv.exe | This item keeps track of how many times the system has been recovered and the times of the first and last recoveries done on the system. Leaving unchecked will sometimes prevent the Keyboard Manager program from detecting that the computer is an HP. Since this program/driver was only made to run on HP, if it can't tell that it is an HP it will not run. If unchecked, it can prevent the running of the Application Recovery CDs, the use of the multimedia keys, and the HP Instant Support. Also seen that without it running, the Riptide Sound card that was installed on some older HP computers stops working | No |
| X | hptools | hptools.exe | Added by a variant of the SDBOT WORM! | No |
| X | hptools | microsoft.exe | Added by a variant of the SDBOT WORM! | No |
| N | HPU | ProvenTactics.exe | Proven Internet Marketing software | No |
| U | hpWirelessAssistant | HP Wireless Assistant.exe | The HP Wireless Assistant is a user application that provides a way to control the enablement of individual wireless devices (such as Bluetooth or WLAN devices) and that shows the state of the radios for these wireless devices | No |
| U | hpWirelessAssistant | HPWAMain.exe | Wireless application bundled with HP computers that allows you to control different settings on the computer's wireless devices such as Bluetooth and WLAN | No |
| N | HPZTS04 | hpzts04.exe | Hewlett Packard printer toolbox shortcut that resides in the system tray | No |
| U | hpztsb02 | hpztsb02.exe | HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer | No |
| U | hpztsb04 | hpztsb04.exe | HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer | No |
| U | hpztsb05 | hpztsb05.exe | HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer | No |
| U | hpztsb07 | hpztsb07.exe | HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer | No |
| U | hpztsb09 | hpztsb09.exe | HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer | No |
| U | hpztsbol | hpztsbol.exe | HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer | No |
| N | HP_dla | dlatray.exe | On HP PCs, tray icon for dla - which provides drive letter access to HP's and Veritas' version of DirectCD | No |
| X | HP_runner | front.exe | Added by the SILLYFDC WORM! | No |
| X | HQI Services | hqisvc32.exe | Added by the AGOBOT-RO WORM! | No |
| X | HQI Services | hqlsvc32.exe | Added by the AGOBOT-RP WORM! | No |
| N | hqtray | hqtray.exe | VMware Host Network Access Status Tray Application - part of both VMware Player (from version 2.0) and Workstation (until version 6.5) - which allow you to "run multiple operating systems simultaneously on a single PC." It's function is uknown at present and it displays no tray icon as the name suggests. Can be disabled without affecting the operation of either product | Yes |
| U | HR | Hr.exe | HiddenRecorder periodically takes screenshots of the computer. If you didn't install this yourself remove it | No |
| U | HREF.OCX | regsvr32.exe ....HREF.OCX | HREF.OCX is an ActiveX control developed by xFX JumpStart and used to provide HTML-alike clickable links on Windows-based programs such as PopUpKiller | No |
| X | hri | iexpl0re.exe | Added by the DLOADER.MAQ TROJAN! Note the number "0" in the filename | No |
| X | Hrn_qtv | hrnsvc32.exe | Added by the SDBOT-AET WORM! | No |
| X | Hservice | msservice.exe | Added by the AUTORUN-KL WORM! | No |
| X | hsim | isearch.exe | Unidentified malware | No |
| X | hsim | sexgame.exe | Unidentified malware | No |
| X | hsim | toolbar.exe | Unidentified malware | No |
| U | HSLAB Logger | logger.exe | HSLABLogger logs user activity and Internet activity. The gathered information can be sent to a predetermined email address. If you didn't install this yourself uninstall it | No |
| U | HSON | HSON.exe | Toshiba HotStart button support for instant-on entertainment on their laptops | No |
| U | HSTrans | hstrans.exe | Homescan Internet Transporter - part of ACNielson Homescan. Recognizes when the ACNielsen Homescan Scanner is attached to the computer and allows it to transmit scanner information to ACNielsen | No |
| ? | HsuGuiControl | HsuGuiControl.exe | Part of the Starband Internet satellite client. What does it do and is it required? | No |
| U | hsys | HSYS.EXE | Keylogger Express keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| U | Hti | npdor.exe | Appears in startup if you have chosen to participate in on survey by NPD Online Research. Required for the survey to work correctly. Otherwise not required | No |
| X | HTML Help System | hhs.pif | Added by the RBOT-ATB WORM! | No |
| X | HTML32 Help System | hhs32.pif | Added by the RBOT-ATE WORM! | No |
| U | HTpatch | htpatch.exe | HTpatch.exe is part of the SiS AGP patch - BUT unless your processor (and motherboard) supports HyperThreading (HT) and this feature is enabled it will actually SLOW your graphics card by around 6% | No |
| X | HtProtect | AVprotect.exe | Added by the NETSKY.L WORM! | No |
| X | htssv32.exe | htssv32.exe | Added by a variant of the SDBOT TROJAN! | No |
| X | HTTP Tunneling Server | mstunnel.exe | Added by the RBOT.EDL WORM! | No |
| X | http://www.lienvandekelder.be | LienVandeKelder.exe | Added by the MYTOB-AZ WORM! | No |
| X | http://www.lienvandekelder.be | Lien Van de Kelder.exe | Added by the MYTOB-AP WORM and variants! | No |
| X | http://www.lienvandekelder.be | Lien Vande Kelder.exe | Added by the MYTOB-AQ WORM! | No |
| X | http://www.lienvandekelder.be | Lien vd Kelder.exe | Added by the MYTOB-M WORM! | No |
| X | http://www.lienvandekelder.be | Lien.exe | Added by the MYTOB-CZ WORM! | No |
| X | http://www.lienvandekelder.be | Lientjeuh.exe | Added by the MYTOB-P WORM! | No |
| X | http://www.lienvandekelder.be | LienVdK.exe | Added by the MYTOB-U WORM! | No |
| X | http://www.lienvandekelder.be | Van de Kelder Lien.exe | Added by the MYTOB-BF WORM! | No |
| X | http://www.lienvandekelder.be | We Love Lien Van de Kelder.exe | Added by the MYTOB-CV WORM! | No |
| X | http://www.lienvandekelder.com | Lien Van de Kelder.exe | Added by the MYTOB-EQ WORM! | No |
| X | http://www.lienvandekelder.com/ | LienVandeKelder.exe | Added by the MYTOB-EO WORM! | No |
| X | httpd | c_pan.exe | Added by a variant of the DELF-A TROJAN! | No |
| X | httpd | deamon.exe | Added by the TACTSLAY.C TROJAN! | No |
| X | httpd | msgaol.exe | Added by the TACTSLAY.C TROJAN! | No |
| X | httpd | s_menu.exe | Added by the TACTSLAY.C TROJAN! | No |
| X | httpd | browse.exe | Added by the TACTSLAY.C TROJAN! | No |
| X | httpd | deamon.exe | Added by the TACTSLAY.C TROJAN! | No |
| X | https-ssl | https.exe | Added by the MOEGA.D WORM! | No |
| U | HughesNet Tools | matcli.exe | "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". HughesNet Tools is required to run with the Help and Support program. If you uncheck HughesNet Tools and then run Help and Support it will add another HughesNet Tools in the startup menu. If you remove the HughesNet Tools in the add/remove program some help menus in help and support will not be available. You decide | No |
| ? | huhdir | huhdir.exe | ?? | No |
| X | huigezi | HgzServer.exe | Added by the GRAYBIRD.C TROJAN! | No |
| X | huigezi | SP00LSV.EXE | Added by the GRAYBIRD.J BACKDOOR! Note the digit "0" in the command | No |
| X | Hvewsveqmg | ANACON.EXE | Added by the NACO.A WORM! | No |
| X | Hvid | Hvid.exe | Added by the GEMA TROJAN! | No |
| X | HWINFO* | HWINFO* | Added by the PUROL WORM! where * is a random character | No |
| Y | HWinst | N/A | For Gilat Communications internet satellite systems. Gilat rescue (Satellite system restore). Required if you have this system. Can cause a BSOD (blue screen of death) if left out | No |
| X | Hwp | system_wc.exe | Eziin adware | No |
| X | hws | hws.exe | Added by the STARTPA-CT TROJAN! | No |
| U | HWSetup | HWSetup.exe hwSetUP | "Toshiba Hardware Setup is the Toshiba configuration management tool available through Windows." Allows the user to change BIOS, hard disk, memory, boot disk priority and other settings | No |
| X | hxadsec | [path to trojan] | Added by the ADCLICK-AP TROJAN! | No |
| X | HXDL.EXE | HXDL.EXE | Attune HelpExpress - spyware. Disable and uninstall - see here | No |
| X | HXIUL.EXE | HXIUL.EXE | Attune HelpExpress - spyware. Disable and uninstall - see here | No |
| U | HydarVisionDesktopManager | desk95.exe | ATI's HydraVision desktop management software, allowing for multi-monitor support, as included in ATI HydraVision versions 2.5 and earlier. Has been reported to cause problems, such as this one. HydraVision can be uninstalled through Add/Remove Programs | No |
| U | HydraDM | HydraDM.exe | Part of HYDRAVISION - ATI's software for managing mutliple displays and virtual desktops. This is the HYDRAVISION Desktop Manager - which "customizes the behaviour of windows and dialog boxes, allows you to set up Hotkeys for navigation in multiple display configurations and applies special effects like transparency and shadows to you desktop" | Yes |
| U | HydraMD | HydraMD.exe | Part of HYDRAVISION - ATI's software for managing mutliple displays and virtual desktops. This is HYDRAVISION MultiDesk - which "creates, organizes and arranges up to nine active multi-monitor desktop combinations and allows you to cycle between them with a mouse." There is an optional System Tray icon or a hotkey can be configured to cycle through the desktops | Yes |
| U | HydraVisionDesktopManager | desk98.exe | ATI/Appian HydraVision Desktop Manager software - monitors and regulates window and dialog box placement according to user preferences when using a multi monitor setup | No |
| U | HydraVisionDesktopManager | HydraDM.exe | Part of HYDRAVISION - ATI's software for managing mutliple displays and virtual desktops. This is the HYDRAVISION Desktop Manager - which "customizes the behaviour of windows and dialog boxes, allows you to set up Hotkeys for navigation in multiple display configurations and applies special effects like transparency and shadows to you desktop" | Yes |
| U | HydraVisionViewport | viewport.exe | ATI/Appian HydraVision Desktop Manager software - monitors and regulates window and dialog box placement according to user preferences when using a multi monitor setup | No |
| U | HydraVisionViewPort | HydraMD.exe | Part of HYDRAVISION - ATI's software for managing mutliple displays and virtual desktops. This is HYDRAVISION MultiDesk - which "creates, organizes and arranges up to nine active multi-monitor desktop combinations and allows you to cycle between them with a mouse." There is an optional System Tray icon or a hotkey can be configured to cycle through the desktops | Yes |
| X | Hyper Files | phfhost.exe | Added by the AGENT-JQO TROJAN! | No |
| X | Hyper Start | instantmsgrs.exe | Added by the RBOT-NH WORM! | No |
| X | I am not Ranky. I am eTunnel! | msyervice.exe | Added by an unidentified WORM or TROJAN! | No |
| X | I am not Ranky. I am eTunnel! | winsys.exe | Added by an unidentified WORM or TROJAN! | No |
| X | I am not Ranky. I am eTunnel! | disney.exe | Added by an unidentified WORM or TROJAN! | No |
| X | I just want to say I love Milko and I need a drink | svchost.exe | Added by the CHIKO WORM! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in Documents and Settings\Administrator\Local Settings\Application Data | No |
| X | I-Worm.GiGu | uGiG.eXe | Added by the GINK WORM! | No |
| X | I/O Controllers | svcnet.exe | Added by the TIBIK-B TROJAN! | No |
| X | I386 | I386.exe | Added by the MYPOWER WORM! | No |
| ? | I81SHELL | I81SHELL.exe | Appears to be related to drivers for an Intel 810 graphics chipset on an ASUS motherboard | No |
| U | i8kfangui | i8kfangui.exe | Graphical interface for fan speed control | No |
| U | IAAnotif | Iaanotif.exe | Part of Intel® Matrix Storage Manager (formally known as Intel® Application Accelerator and Intel® Application Accelerator RAID Edition). Used in conjunction with the event monitor service (IAANTMON - Iaantmon.exe) to display event notifications (such as RAID volume status changes, HDD I/O errors or HDD SMART event) via a System Tray icon when an event occurs. Via this icon you can then choose to launch the Intel Matrix Storage Console or ignore the current alert | Yes |
| Y | iamapp | iamapp.exe | AtGuard personal firewall engine. As Atguard was bought by Symantec some time ago, it's now the Norton Personal Firewall executable as well | No |
| X | Iamnacho On Irc.MusIrc.com Is a Homosexual! | XBox64.exe | Added by the RANDEX.Y WORM! | No |
| ? | IaNvSrv | IaNvSrv.exe | Related to the option ROM part of the Intel® Matrix Storage Manager. Located in %ProgramFiles%\Intel\Intel Matrix Storage Manager\OROM\aNvSrv. What does it do and is it required? | No |
| ? | Iap | iap.exe | Possibly part of Dell OpenManage Client Instrumentation - software that allows remote management application programs to access information about, monitor the status of or change the state of the client computer, such as shutting it down remotely? | No |
| U | ias | ias.exe | InvisibleASpy keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| X | IASHLPR | IASHLPR.EXE | Added by the OPASERV.T WORM! | No |
| X | ibin | [path to trojan] | Added by the PERDA-C TROJAN! | No |
| X | ibm | ibm.exe | Added by the LEGMIR-AH TROJAN! | No |
| Y | IBM Client Security | certtool.exe | Part of Client Security Software for IBM\Lenovo notebooks. If you have configured the software via the associated wizard this will need to be running if you want to mount password protected areas of the disk (created with SafeGuard PrivateDisk), use the password manager or file/folder encryption options | No |
| N | IBM Client Security Software | csecwiz.exe | Setup wizard for the Client Security Software for IBM\Lenovo notebooks. This entry only runs once, after the software has been installed and the notebook rebooted for the first time. If the wizard isn't completed a shortcut is available via the Start menu until it is | No |
| X | IBM Keyboard Driver | ikeybdrv.exe | Added by the SDBOT.IC TROJAN! | No |
| Y | IBM Password Manager | pwmgr.exe | Part of Client Security Software for IBM\Lenovo notebooks - IBM® Client Security Password Manager "enables you to manage your sensitive and easy-to-forget login information, such as user IDs, passwords, and other personal information, with IBM Client Security. The IBM Client Security Password Manager stores all information through the IBM Security Chip so that your UVM user authentication policy controls access to your secure applications and Web sites." Can also be used with or without the Fingerprint Reader on select models | No |
| N | IBM RecordNow! | RecordNow.exe | IBM customized version of the RecordNow! CD-writing utility from Sonic Solutions | Yes |
| U | IBM ThinkPad EasyEject Support Application | EzEjMnAp.Exe | EasyEject Utility for IBM/Lenovo Thinkpad notebooks. Quote: "The IBM ThinkPad EasyEject Utility makes removing multiple devices from your computer faster and easier by enabling you to stop more than one device at once, rather than stopping each device individually." Configuration and performing of EasyEject actions is available via Fn+F9 key combination on some models | Yes |
| N | IBM ThinkPad EasyEject Tray Utility | EZEJTRAY.EXE | System Tray access to the EasyEject Utility for IBM/Lenovo Thinkpad notebooks. Quote: "The IBM ThinkPad EasyEject Utility makes removing multiple devices from your computer faster and easier by enabling you to stop more than one device at once, rather than stopping each device individually." Configuration and performing of EasyEject actions is available via Fn+F9 key combination on some models | Yes |
| N | IBM ThinkPad Tray Utility | TP98TRAY.EXE | System Tray access to the ThinkPad Configuration utility for IBM/Lenovo ThinkPad notebooks. "The ThinkPad Configuration utility is a control center to configure your ThinkPad hardware. With this utility, you can setup or change your device configurations for ThinkPad hardware and options" | Yes |
| U | IBM ThinkPad Utility | NPDTray.exe | System Tray access to Presentation Director for IBM/Lenovo Thinkpad notebooks - which allows you to create and quickly select between various single and mulitple display options. Scheme selection and settings are also available via Fn+F7 key combination on some models | Yes |
| U | IBM TrackPoint Accessibility Features | tp4ex.exe | Supports accessibility features for the TrackPoint stick and associated buttons on IBM/Lenovo ThinkPad notebooks. If features such as "Click Sound", "Button Lock" and "Cross Hair cursor" are enabled this entry will run at startup. If none of the accessibility features are used it remains as a startup entry but doesn't run | Yes |
| ? | IBM Warranty Notification | ERTS0749.exe | IBM Warranty Notification - presumably it's a reminder to either register or that warranty is about to expire? | No |
| N | ibmmessages | ibmmessages.exe | "The Access IBM Message Center displays messages to inform you about helpful software that may be pre-installed on your PC. The Message Center can also provide messages about new updates available from the IBM Support Center to keep your computer current" | Yes |
| ? | Ibmmon.exe | Ibmmon.exe | ?? | No |
| U | Ibmpmsvc | ibmpmsvc.exe | Power management driver for IBM laptops. Provides support for the use of four keys on the thinkpad keyboard with blue key tops - Fn, F3, F4 & F12 - which have specific functions to control the standby and hibernate buttons. Not required if you don't plan to go into standy or hibernate modes | No |
| ? | IBMPRC | ibmprc.exe | IBM application - what does it do and is it required? | No |
| U | IBMUltraBayHotSwapCPLLoader | IBMBAY2N.EXE | Supports hot swapping in Thinkpad UltraBay Option on IBM ThinkPad laptops | No |
| ? | IBMUltraBayHotSwapSound | IBMBAYSN.EXE | Supports hot swapping in Thinkpad UltraBay Option on IBM ThinkPad laptops. Is it needed though - does it just play a sound? | No |
| Y | IBM_PWMGR | pwmgr.exe | Part of Client Security Software for IBM\Lenovo notebooks - IBM® Client Security Password Manager "enables you to manage your sensitive and easy-to-forget login information, such as user IDs, passwords, and other personal information, with IBM Client Security. The IBM Client Security Password Manager stores all information through the IBM Security Chip so that your UVM user authentication policy controls access to your secure applications and Web sites." Can also be used with or without the Fingerprint Reader on select models | No |
| X | Ibs | ibs.exe | Added by the HIDEDIAL-B TROJAN! | No |
| U | IBWin Background process | IBackground.exe | IBackup for Windows | No |
| U | IBWin Monitor | IBMonitor.exe | IBackup for Windows | No |
| Y | IcaBar | icabar.exe | Related to Citrix MetaFrame | No |
| X | icasServ | icasServ.exe | Browser hijacker, redirecting to Searchforfree.info. Also detected as the ICASERV-A TROJAN! | No |
| X | icccomp | [8 random letters].exe | Added by the ZHELATIN.EQ WORM! | No |
| X | ICcontrol | iccontrol.exe | ICcontrol premium rate adult content dialer | No |
| X | icdd7ee6 | rundll32.exe icdd7ee6.dll, EnableRunDLL32 | LZIO.com adware downloader. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "icdd7ee6.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| X | icddefff | rundll32.exe icddefff.dll, EnableRunDLL32 | LZIO.com adware downloader. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "icddefff.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| Y | ICF | mfp.exe | McAfee Family Protection - which 'is easy-to-use and built to empower parents to say "yes" to their children's online interests while protecting them as they learn and explore' and "protects children of all ages from exposure to inappropriate content, social networking risks, strangers, and other threats" | Yes |
| N | ICH Synth | eusexe.exe | Sound related and can be disabled without affecting performance although advanced sound features may be sacrificed. May be related to Compaq PC's with "SoundMAX integrated Digital Audio" (Analog Devices Inc.) devices | No |
| X | icifati | yujixit.exe | Added by the SDBOT.ZZH WORM! | No |
| U | iClean | iClean.exe | IEClean - "advanced, comprehensive package of tools which perform a number of functions to allow you to control your online privacy" | No |
| U | ICM | ICM.EXE | Starts Internet Call Manager dialog box and/or taskbar icons at bootup. This is a subscription program from internetcallmanager.com that monitors a dialup phone line for incoming calls and handles voicemail | No |
| X | ICManagement | msic32.exe | Added by the MSIC BACKDOOR! | No |
| N | iCn | NAG.EXE | iChoose - shopping browser enhancement that alerts you to cheaper deals for goods you want to buy, if they exist. Not related to the Mac icon program of the same name | No |
| U | ICO | ICO.EXE | Found on some Sony Vaio, IBM Thinkpad and Dell (and possibly other) laptops and seems to be related to Mouse Suite 98 Daemon according to the properties. Required on the Dell Inspirion 530 as without it the Dell mouse suite does not load and mouse settings are not retained on a reboot. Appears to cause a behaviour where the desktop suddenly flips back up when playing DirectX associated games | No |
| N | Icon Animation | HDE.EXE | Part of McAfee Nuts & Bolts. Provides entertaining animation of your desktop icons | No |
| N | Icon Hearit 95 | hearit95.exe | Audio desktop customization utility from Moon Valley Software. Resource hog | No |
| N | Icon Hearit 98 | hearit98.exe | Audio desktop customization utility from Moon Valley Software. Resource hog | No |
| X | Icon lptt01 | icon.exe | RapidBlaster variant (in a "Icon" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here | No |
| X | Icon ml097e | icon.exe | RapidBlaster variant (in a "Icon" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here | No |
| Y | iconcache | icon.bat | Related to the Vista Customization Pack | No |
| Y | ICONCLNT | iconclnt.exe | APC PowerChute® Personal Edition tray icon | No |
| U | ICONDESK | ICONDESK.EXE | Small utility which will allow you the option of hiding or showing your desktop icons | No |
| N | Iconfig.exe | Iconfig.exe | Icon for LS-120 "Superdisk" | No |
| X | iConfigLoader | DIIhost.exe | Added by the GAOBOT.AO WORM! | No |
| N | Iconoid | Iconoid.exe | Iconoid is a desktop icon manager | No |
| N | Iconsaver | Iconsaver.exe | IconSaver is a desktop icon manager | No |
| X | ICQ | ICQNET.vbs | Added by the GORMLEZ-A WORM! | No |
| X | ICQ Agent | icq6.exe | Added by the AGENT-FZJ TROJAN! | No |
| X | ICQ Center | [path to worm] | Added by the RANDIN WORM! | No |
| X | ICQ Chat Service | icqjdhs.exe | Added by a variant of the RBOT WORM! | No |
| X | ICQ Hacking Pro | ICQpro.exe | Added by a variant of the NETSPY TROJAN! | No |
| N | ICQ Lite | ICQLite.exe | ICQ Lite - compact version of the popular messaging program | No |
| X | icq lite | scvhost.exe | Added by the AGENT-DSF TROJAN! | No |
| X | icq lite | winlog.exe | Added by the IRCBOT-TJ TROJAN! | No |
| X | ICQ Lite Messenger | ICQLITE.EXE | Added by an unidentified VIRUS, WORM or TROJAN! The legitimate ICQ Lite executable is located in %ProgramFiles%\ICQLITE whereas this one is located in %System% | No |
| X | ICQ Messenger 2002 | ICQ2002.exe | Added by the SDBOT-ABL WORM! | No |
| X | ICQ Net | winlogon.exe | Added by variants of the NETSKY WORMS! Note - this is not the legitimate winlogon.exe process which should not appear in Msconfig/Startup! | No |
| N | ICQ Plus | vplus.exe | ICQ Plus is a freeware utility makes your ICQ skinnable (change the look). Available via Start -> Programs | No |
| X | IcqBeta | webcamupdate.exe | Added by an unidentified TROJAN! | No |
| U | ICQMonitor | ICQMonitor.exe | ICQ Monitor Sniffer surveillance software for the ICQ instant messenger. Uninstall this software unless you put it there yourself | No |
| X | ICQMsn | [path to trojan] | Added by the RANCK-AH TROJAN! The most common example is "cbfks.exe" located in %System% | No |
| X | ICQNet | winlogon.exe | Added by the NETSKY-C WORM! Note - this is not the legitimate winlogon.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | icrosof Avps32 Control | av32.pif | Added by the RBOT-AVC WORM! | No |
| X | icrosoft Visual | plscx.exe | Added by the RBOT-AYO WORM! | No |
| X | icrosoft Visual InterDevc | zvslmqb.exe | Added by the RBOT-AYP WORM! | No |
| X | icrosoft Windows DLL Services Configuration | poker3.exe | Added by the SDBOT-AER WORM! | No |
| X | icrosoftf Avpx Control | avpx.exe | Added by the RBOT-AYN WORM! | No |
| U | ICSDCLT | rundll32.exe Icsdclt.dll, ICSClient | Internet Connection Sharing allows more than one computer to simultaneously access the internet with a single connection. Also required when networking two machines | No |
| N | ICServer | Icserver.exe | Intel Intercast viewer software. Gives access to selected internet pages which are broadcasted by several TV stations | No |
| Y | ICSMGR | ICSMGR.EXE | Monitors DNS and DHCP requests for ICS (Internet Connection Sharing). Needed if you're sharing the internet on various computers | No |
| X | ICU-Sucker | Service32.exe | Added by the ILLNOTIFIER.D TROJAN! | No |
| N | IC_KEY_3 | spvic.exe | Instant Chess related | No |
| N | ID Commander | IDCom.exe | Caller ID utility for identifying incoming telephone numbers | No |
| X | ID8525 | ID8525.exe | Added by the ID8525.A TROJAN! | No |
| X | ID8525 | id85255.exe | Added by the ID8525.A TROJAN! | No |
| ? | IDA | IDA.EXE | Part of HP's PC Common Operating Environment (PC COE) project. Located in %ProgramFiles%\Hewlett-Packard\PC COE. What does it do and is it required? | No |
| X | IDE | ide.exe | Added by the ASSASIN.F TROJAN! | No |
| X | IDE Loader | IDElibr32.exe | Added by the XILON TROJAN! Related to the game "Diablo II" | No |
| X | idecntl | idecntl.exe | Added by a variant of the CRYPTER.C TROJAN! | No |
| U | iDesktop | idesktop.exe | Immersion TouchWare Desktop software for devices such as the Logitech iFeel Mouse | No |
| X | idlesam | [8 random letters].exe | Added by the ZHELATIN.EQ WORM! | No |
| N | IDMan | IDMan.exe | Internet Download Manager - download files faster, schedule and resume | No |
| X | idmlssp | [random filename] | Added by a variant of the SLAPER TROJAN! | No |
| U | IDriveE Startup | IDrvieEStartup.exe | IDrive from Pro Softnet Corporation - free full featured online backup up to 2GB with the option of paying for more storage space and managing multiple accounts | No |
| X | IDTemplates | IDTemplate.exe | Added by the BRONTOK-H WORM! | No |
| N | IDW Logging Tool | idwlog.exe | Added with WinXP SP1. Usually only found in internal builds only to indicate the current build being used. Can cause slow network logon problems | No |
| X | IE configure | explorer.exe | Added by the LINEAGE-C TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! | No |
| U | IE Doctor | IEDoctor.exe | IE Doctor Toolbar - "IE Doctor can help you to Repair IE easily, protect IE and OE from all malicious changes. It can Repair the HomePage, context menu, IE toolbar button, startup items, Favorites, typed URLs and the entire Internet Options" | No |
| X | IE Java Update | iejava.exe | Added by the AGENT-HD TROJAN! | No |
| X | IE Menu Extension toolbar | rundll32.exe [path] tbextn.dll DllShowTB | Topconverting.com/180Search "IEMenuExtension" toolbar. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| U | IE New Window Maximizer | iemaximizer.exe | IE New Window Maximizer - automatically maximize new Internet Explorer and Outlook Express windows | No |
| X | IE Runtime | wini.exe | Added by the PICRATE.B WORM! | No |
| X | IE Runtimes | winis.exe | Added by the RBOT-ADZ TROJAN! | No |
| X | IE**.exe [* = random char] | IE**.exe [* = random char] | CoolWebSearch/HomeSearch adware - for examples, see this log | No |
| X | IE**32.exe [* = random char] | IE**32.exe [* = random char] | CoolWebSearch/HomeSearch adware - for examples, see this log | No |
| X | IE-Bar | iebar.exe | DesktopMedia adware | No |
| X | IE-Security | iescan.exe | IE-Security rogue spyware remover - not recommended, removal instructions here | No |
| X | IE-Security | wdscan.exe | IE-Security rogue spyware remover - not recommended, removal instructions here | No |
| X | IE6 | wkstmg.exe | Added by a variant of the SDBOT WORM! | No |
| X | IE6 | ssmss.exe | Added by the GAOBOT.DXO WORM! | No |
| X | IE6 | porn.pif | Added by the RBOT-ATF WORM! | No |
| X | IE6 | winsnt.exe | Added by the RBOT-GOV WORM! | No |
| X | IEACCESS | temp532.exe | AsdPlug premium rate adult content dialer variant | No |
| X | IEACCESS | surfya.exe | IEAccess premium rate adult content dialer variant | No |
| X | IEAgent update check | iewatch.exe | Added by the BOMKA TROJAN! | No |
| X | IECache | IECache.exe | Detected by Bitdefender as the DELF.OFC TROJAN! See here | No |
| N | iecheck | iecheck.exe | Integrity checker for IconEdit2 icon editor. It serves for IconEdit2 internal tasks only and can be safely deleted from the system if you are running the latest version of IconEdit2 | No |
| X | IECheck | MSDTCs.exe | Added by the TIRBOT-D WORM! | No |
| X | IECheck | xpssl.exe | Added by the TIRBOT-E WORM! | No |
| X | IECheck | mssvp.exe | Added by the TIRBOT-G WORM! | No |
| U | IECleanAux | Ieboot6.exe | IEClean by Kevin McAleavy - cookie manager, cache cleaner, history cleaner, etc. Performs cleaning tasks at startup | No |
| X | iedll | iedll.exe | Homepage hijacker, redirecting to coolwwwsearch.com | No |
| X | IEDriver | IEDriver.exe | IEDriver adware. Can be installed as part of peer-to-peer file sharing software called URLBlaze | No |
| X | IEDriver | xplore.exe | IeDriver adware variant | No |
| X | IEDriver | TD.exe | IeDriver adware variant | No |
| X | iedwa104 | iedwa104.exe | Added by the DLOADR-BBW TROJAN! | No |
| X | IEengine | IEeng.exe | STARTPAG.AI hijacker | No |
| X | IEexplorer AUpdate | IEexplore32.exe | Added by the RBOT-GRE WORM! | No |
| X | IEFeatures | IEFeatures.exe | Added by the POPMON.A TROJAN! - also known as PopMonster adware | No |
| X | IEFeatures | Internetfeatures.exe | Added by the POPMON.A TROJAN! - also known as PopMonster adware | No |
| X | IefxTray | IefxTray.exe | Added by the RILER-H TROJAN! | No |
| X | ieharv.exe | ieharv.exe | Added by the BANKER-HH TROJAN! | No |
| X | Iehelper | syslaunch.exe | Outwar adware downloader | No |
| X | iel2cde8 | rundll32.exe iel2cde8.dll, EnableRunDLL32 | LZIO.com adware downloader. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "iel2cde8.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| X | ielcaabe | rundll32.exe ielcaabe.dll, EnableRunDLL32 | LZIO.com adware downloader. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "ielcaabe.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| X | IELoader32 | iexplore32.exe | Added by the SPEX or SPEX.B WORMS! | No |
| X | Iesar | Iesar.exe | Browser hijacker - redirecting to an adult web page | No |
| X | Iesearch.exe | Iesearch.exe | LookNSearch adware | No |
| U | IEServer | IEServer.exe | HB Screen Spy surveillance software. Uninstall this software unless you put it there yourself | No |
| X | IESet | IExplorer.dll | Added by the PWS-BLUEDIT TROJAN! | No |
| X | iesetupi.exe | iesetupi.exe | Added by a variant of the RBOT WORM! | No |
| Y | IEShow | IEShow.exe | Anti-phishing component of BitDefender internet security products. Anti-phishing prevents sensitive data such as usernames, passwords and credit card details being acquired by web-sites and E-mails masquerading as a trustworthy sources. It can also be licensed by other products such as versions of The Shield Deluxe from PCSecurityShield (see here) - who's reputation is poor | No |
| X | iestart | iexp1orer.exe | Added by the NEMOG.C TROJAN! | No |
| N | ietsr | ietsr.exe | IEClean by Kevin McAleavy - cookie manager, cache cleaner, history cleaner, etc | No |
| X | ieupdate | MCP****.exe [**** = random char] | Added by the ASOXY TROJAN! | No |
| X | ieupdate | mcpdll32.exe | Adware downloader trojan | No |
| X | ieupdate | [random filename] | Added by the AGENT-C BACKDOOR! | No |
| X | ieupdates | ieupdates.exe | Added by a number of TROJANS such as DWNLDR-HGI and AGENT-HGA and the Antivirus 2009 rogue security software - see here | No |
| X | IEWinserv | winserv.exe | Added by the BANKER-MY TROJAN! | No |
| X | IEXPL0RER | IEXPL0RER.EXE | Added by the AGOBOT-QL WORM! Note the filename has a "0" rather than an upper case "o" | No |
| X | iexplo | iexplor.exe | Added by the SIDEA TROJAN! | No |
| X | IExploer | svshosts.exe | Added by the IRCBOT.BT TROJAN! | No |
| X | Iexploit | Iexploit.html | Added by the INKER.B WORM! | No |
| X | iexplor.exe | iexplor.exe | Added by an unidentified WORM or TROJAN! See here | No |
| X | Iexplore | iexplore.exe | Added by the BOXER TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System% | No |
| X | IEXPLORE | iexplore.exe | Added by the APHEXDOOR TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | IExplore | IEXPLORE.EXE | Added by the DLOADER-YZ TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in a "Custom" subfolder | No |
| X | IEXPLORE | IEXPLORE.EXE | Added by the BANKER-BWE TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System% | No |
| X | iExplore Ini | ie4uini.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Iexplore Services | iexplore.exe | Added by the LITHIUM BACKDOOR! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! | No |
| X | IEXPLORE.EXE | [path to trojan] | Added by the BANCOS-CJ TROJAN! | No |
| X | IEXPLORE.EXE | goot.exe | Added by the BIFROSE-C TROJAN! | No |
| X | IExplorer | Iexplor32.exe | Added by the BDOOR-BY BACKDOOR! | No |
| X | IExplorer | IExplorer.EXE | Added by the BANCOS-CH TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe) | No |
| X | IEXPLORER | msiecfg.exe | Added by the BDOOR-JU BACKDOOR or BANCBAN-IP TROJAN! | No |
| X | Iexplorer | explorer.exe | Added by the ZAPCHAS-AC TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System% | No |
| X | iexplorer lptt01 | iexplorer.exe | RapidBlaster variant (in a "iexplorer" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here | No |
| X | iexplorer ml097e | iexplorer.exe | RapidBlaster variant (in a "iexplorer" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here | No |
| X | Iexplorer.exe | Iexplorer.exe | Added by the BANCBAN-EN TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe) | No |
| X | IExplorer32 Java Scripting | IExplore32b.exe | Added by the RBOT.ABO WORM! | No |
| X | IExplorer32c Java Scripting | IExplore32cb.exe | Added by the RBOT.ABN WORM! | No |
| X | IExplorer6 Java Scripting | IExplore326.exe | Added by a variant of the SDBOT WORM! | No |
| X | IExplorer7 Java Scripting | IExplore327.exe | Added by a variant of the SDBOT WORM! | No |
| X | Iexplorerr.exe | Iexplorerr.exe | Added by the BANKER-EUT TROJAN! The file is located in %Windir%\Sun\Java\Deployment\logs | No |
| X | Iexplorerr.exe | Iexplorerr.exe | Added by the BANKER.AOVZ TROJAN! The file is located in %Windir%\msagent\gf | No |
| X | IExplorerService | WinSock.exe | Added by the AGENT.KIU TROJAN! | No |
| X | iExpresser | iexpresser.exe | Added by the SLENFBOT.AP WORM! | No |
| X | ifp | ipf.exe | Added by the CLAGGER-AG TROJAN! | No |
| X | ifperx | [random filename] | Added by a variant of the SLAPER TROJAN! | No |
| X | ifperx | xmliwvug.exe | Added by the SLAPER.U TROJAN! | No |
| U | IFSplash.exe | IFSplash.exe | I-FORCE driver for force feedback steering wheel | No |
| U | IFXSPMGT | ifxspmgt.exe | Part of the Infineon Security Platform Software - which supports the on-board TPM security device included with some laptops from suppliers such as Acer, ASUS, HP and Sony | No |
| X | igamatu | ekor.exe | Added by the SDBOT.AQ TROJAN! | No |
| X | igamatu | atecaca.exe | Added by the IRCBOT.R WORM! | No |
| U | igfxhkcmd | hkcmd.exe | Hot Key handler for Intel desktop and mobile motherboard chipsets with integrated graphics. With this enabled, you can access settings like graphics properties and screen rotation via pre-programmed key combinations - such as CTRL+ALT+F12 which displays the graphics properties (otherwise available via a right-click on the desktop or the Control Panel). Different chipset versions may have different pre-programmed settings and in some cases these may be programmable | Yes |
| U | igfxpers | igfxpers.exe | Installed with the graphics drivers for Intel desktop and mobile motherboard chipsets with integrated graphics. It's purpose or function isn't known at present but testing with it disabled would appear to indicate it isn't required - hence the recommended "U" status | Yes |
| X | igfxtras | svchots.exe | Added by the AUTORUN-AIW WORM! | No |
| U | IgfxTray | igfxtray.exe | System Tray access to display settings for Intel desktop and mobile motherboard chipsets with integrated graphics. With this enabled, you can access settings like graphics properties and hot key settings via the icon on the System Tray. Different chipset versions may have different options available. These options are normally also available via the system Control Panel - under Display (XP) or Personalization and Appearance (Vista) | Yes |
| ? | Iglpbv | Iglpbv.exe | ?? | No |
| N | igndlm.exe | DLM.exe | IGN Download Manager has become a requirement for downloading files through FilePlanet.com. It is based on Internet Explorer and it installs through an ActiveX-plugin, hence Internet Explorer must be installed beforehand and downloads has to be initialized through that browser | No |
| X | igsex2x | igsex2x.exe | NewDial premium rate adult content dialler | No |
| X | IGuardPc.exe | IGuardPc.exe | IGuardPc rogue security software - not recommended, removal instructions here. A member of the AntiAID family | No |
| ? | iHP-100 | iHPDetect.exe | Drive Letter Searcher, iRiver iHP-100 iHP and H Series player related - does it need to start with Windows every time? | No |
| X | iilc | IILC.EXE | Homepage hijacker | No |
| X | Iinl | iptl.exe | PurityScan adware | No |
| X | IISADMINS | systems.exe | Added by the AGOBOT.U WORM! | No |
| X | iisvers | iisvers.exe | Added by an unidentified TROJAN or adware | No |
| X | iiuyvyu | uzcx.exe | Added by the AGENT-EOF TROJAN! | No |
| N | iIWiper | Systemwiper.exe | System Wiper from iI Software - allows you to clear the history of your activites from you computer. Run manually on a regular basis | No |
| Y | IJ75P2PSERVER | IJ75P2PS.EXE | Printer utility which is required in order to make the printer work correctly | No |
| U | IJNetworkScanUtility | CNMNSUT.EXE | Network utility available for some Cannon scanners and multifunction devices. Allows the device to see computers on a network and those computers running the utility to control scanning via the Control Panel on the scanner - which saves you having to run back and forth between the scanner and your computer | No |
| Y | IKE Service 95 | IKEService.exe | Associated with PGP. The PGP Tray can be disabled, but without IKESERVICE you won't be able to de- or encrypt anything | No |
| U | iKeyWorks | IKEYMAIN.EXE | A4Tech wireless keyboard driver and utility | No |
| U | IKL | rundll32.exe [path] IKL.dll | IKL surveillance software. Uninstall this software unless you put it there yourself | No |
| X | ilasss | lsass.exe | Added by the INJECT-GZ TROJAN! Note - the legitimate lsass.exe process should not normally figure in Msconfig/Startup! | No |
| N | iLike | ilikesidebar.exe | iLike Sidebar for iTunes and Windows Media Player | No |
| X | iLLeGaL | Mplayer.exe | Added by the HOLAR.C (or GALIL) WORM! Note - this should not be comfused with Windows Media Player which has the same filename | No |
| X | iLLeGaL.exe | Mplayer.exe | Added by the HOLAR.C (or GALIL) WORM! Note - this should not be comfused with Windows Media Player which has the same filename | No |
| X | ilortgdg | keepSafe.exe | Added by the KILLAV.KAX TROJAN! | No |
| ? | ILO_Office_Manager | IntEdReg.exe /OFFMAN | Intense Educational Ltd - Language Office Software. Is it required? | No |
| U | iLyric | iLyric.exe | iLyric plugin for Winamp media player. Allows you to retrieve the lyrics for your songs with the press of a button | No |
| N | iM Start Center | iM_Tray.exe | Installed with the Sound Blaster Audigy range of soundcards. A radio tuner installed if the user chooses during installation. Available via Start -> Programs -> iM Networks -> iM Radio Tuner | No |
| X | Image | rundll32 [path] [trojan filename],Install | Added by the WINSHOW.Y TROJAN! | No |
| Y | Image & Restore | IMAGE32.exe | Part of McAfee Nuts & Bolts. Image/Restore can recover from drives that have been accidentally formatted or completely erased, if Image was recently run | No |
| X | Image Remote Players | sysvn.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| N | Image Transfer | SonyTray.exe | Sony Image Transfer software provides direct image transfer from your digital camera to a PC - can be started manually | No |
| U | ImageDrive-{hex numbers} | ImageDrive.exe | Nero ImageDrive from Ahead - virtual CD/DVD drive software | No |
| U | Imagefox | imagefox.exe | ImageFox 2.0 (formerly available from ACDSee) is an "add-on" graphics previewer for most Windows Open/Save As dialog boxes | No |
| X | Imagemgt32 | Imagemgt32.exe | Added by the GEMA TROJAN! | No |
| X | ImagePath | taskbarmngr.exe | Added by the SDBOT-XB WORM! | No |
| U | ImageTune | dthtml.exe | ImageTune from Hyundai ImageQuest. Rebranded version of Display Tune from Portrait Displays, Inc. - which "is the perfect software utility to initially set-up and adjust your display to achieve its optimum performance. All adjustments are made through a simple graphical user interface" | No |
| X | IMAPI | load.exe | Added by the DOWNDEL-A TROJAN! | No |
| N | iMarkup Client | iUtil.exe | Enables the iMarkup Client web page annotation utility to run in the background and be available in systray. Shortcut available via Start -> Programs | No |
| U | Imatio | imation.exe | Imation Disk Manager - enables you to create a password protected area on your Imation USB flash drive | No |
| X | imchat | imchat.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | IMClass | Svhosl.exe | Added by an unidentified WORM or TROJAN! | No |
| X | imcssl | xmliwvug.exe | Added by the SLAPER.U TROJAN! | No |
| X | IME | conime.exe | Added by the DLDR-G TROJAN! Note - this is not the legitimate Console IME process of the same filename which is located in %System%. This one is located in %Windir% | No |
| N | imekrmig | imekrmig.exe | Part of MS Input Method Editor which is used to ease the input of Asian characters in MS Office (Chinese, Japanese and this one is Korean) | No |
| N | IMEKRMIG6.1 | IMEKRMIG.EXE | Part of MS Input Method Editor which is used to ease the input of Asian characters in MS Office (Chinese, Japanese and this one is Korean) | No |
| N | Imesh | ?? | Imesh is a file sharing system | No |
| N | Imesh Auto Update | ?? | Update check for the Imesh file sharing system. Turn the update off under "options" | No |
| X | IMEvtMgr.exe | IMEvtMgr.exe | Added by the KEYLOG-AR TROJAN! | No |
| U | ImgIcon | ImgIcon.exe | Displays Iomega icons in Explorer/My Computer, ejects Zip disks on shutdown and displays a special delete confirmation box when deleting files on an Iomega drive. Available via Start -> Programs. If you disable it remember to eject disks first before powering the drive down - hence the "U" recommendation. Note - FreeCell may not run with ImgIcon running | No |
| X | imgit | [path to file] | Added by the BANKER-EM TROJAN! | No |
| N | ImgStart | ImgStart.exe | Used by Iomega drives. Details of its purpose can be found here. Available via Start -> Programs | No |
| N | ImgTask | Imgtask.exe | Related to WalletPix digital photo album. "On some computers, the Wallet Pix device will leave behind a memory-resident file called ImgTask.exe. This file will be located in the operating system directory on your computer (typically C:\windows or C:\winnt). You can remove this file at any time and it will not impact your computer's performance or functionality. The file will be restored each time you plug in the Wallet Pix though" | No |
| U | IMJPMIG | IMJPMIG.EXE | Microsoft's Input Method Editor for the Japanese language which is used to both display and enable the input of characters in e-mails, documents, web forms and other files - should you need to. Found on PCs where East Asian languages have been installed through the Regional and Language options icon in the Control Panel | Yes |
| X | IMJPMIG6.1 | HelpCat.exe | Added by the BESVERIT WORM! | No |
| U | IMJPMIG8.1 | IMJPMIG.EXE | Microsoft's Input Method Editor for the Japanese language which is used to both display and enable the input of characters in e-mails, documents, web forms and other files - should you need to. Found on PCs where East Asian languages have been installed through the Regional and Language options icon in the Control Panel | Yes |
| X | IMJPMIG8.2 | msime82.exe | Added by the VB-CYG WORM! | No |
| ? | immcheck.exe | immcheck.exe | Related to I-FORCE driver for force feedback steering wheel? | No |
| X | ImMsn | timed.exe | Added by the WEBDOR.AK TROJAN! | No |
| U | IMOL | IMOLApp.exe | IncrediMail for Office Outlook Add-On | No |
| U | Imonitor | Plguni.exe | Part of McAfee's QuickClean - which removes internet clutter and unwanted programs. This entry monitor changes made to the registry so that they can be undone later using QuickClean - such as removing programs. QuickClean is now integrated into their Total Protection, Internet Security and AntiVirus Plus products primarily as a file cleaner/shredder and no longer supports program removal | No |
| X | imonitor | [path to trojan] | Added by the IMONI-A TROJAN! | No |
| U | IMONTRAY | imontray.exe | System tray monitoring of fans, temperature, voltage, etc for Intel motherboards. Only needed if you "overclock" or live in hot environment. Can also cause problems when running on a laptop if you change PCMCIA cards | No |
| X | IMprocess | IM-svr.EXE | IMNames adware | No |
| U | ImScInst | ImScInst.exe | Microsoft's Input Method Editor which is used to both display and enable the input of characters from East Asian and Right-to-left (e.g. Arabic) languages in e-mails, documents and other files - should you need to. Found on PCs where these languages have been installed through the Regional and Language options icon in the Control Panel | Yes |
| U | ImScInst.exe | ImScInst.exe | Microsoft's Input Method Editor which is used to both display and enable the input of characters from East Asian and Right-to-left (e.g. Arabic) languages in e-mails, documents and other files - should you need to. Found on PCs where these languages have been installed through the Regional and Language options icon in the Control Panel | Yes |
| U | IMStart | IMStart.exe | InterMute security software related | No |
| U | IMVU | IMVUClient.exe | IMVU chat client that allows you to create "your own avatars who chat in animated 3D scenes" | No |
| X | imwinsrvc | acpmonsrv.exe | Added by the SLAPER.E TROJAN! | No |
| X | IMwire | imwireup.exe | SafeSurfing adware variant | No |
| X | imxecs | vbrun70sp4.exe | Added by the AGOBOT.ALA WORM! | No |
| X | im_autorn | im_1.exe | Added by the IMAV.A WORM! | No |
| X | im_autorn | im_2.exe | Added by the BAGLEDL-BO TROJAN! | No |
| Y | InCD | incd.exe | Ahead InCD packet writing software - similar to DirectCD. For Nero 5.0 or 5.5 (InCD3), it does not need to start with Windows. You can run InCD.exe manually before inserting an appropriately formatted CD-RW (CD-MRW) disk. For Nero 6.0, 6.3 or 6.6 (InCD4), it does need to start with Windows. It does not function correctly when you try to run it manually, and you will not have write access to MRW (Mount Rainier) formatted CD-RW (CD-MRW) or DVD-MRW disks. To regain write access and other features, InCD 4 must start with Windows | No |
| N | IncMail | IncMail.exe | "IncrediMail is an advanced, feature-rich email program that offers you an unprecedented interactive experience. Unique multimedia features will enable you to tailor your email experience so that it fits your mood and personality" | No |
| N | InControl Desktop Manager | DMHKEY.EXE | For Diamond Multimedia video cards. Allows System Tray access to desktop utilities such as screen resolution. Available via Start -> Programs | No |
| X | Incredible Keylogger | AdvKeylog.exe | IncredibleKeylogger spyware | No |
| N | Incredimail | incredimail.exe | "IncrediMail is an advanced, feature-rich email program that offers you an unprecedented interactive experience. Unique multimedia features will enable you to tailor your email experience so that it fits your mood and personality" | No |
| N | Incredimail | IncMail.exe | "IncrediMail is an advanced, feature-rich email program that offers you an unprecedented interactive experience. Unique multimedia features will enable you to tailor your email experience so that it fits your mood and personality" | No |
| X | Index Service | dllhost32.exe | Added by the AGOBOT.CH WORM! | No |
| U | Index Washer | WashIdx.exe | Window Washer from Webroot Software. Useful utility that deletes safe to remove files, cookies, browsing history, etc. Available via from Start -> Programs. Disable within the program options - otherwise it is re-enabled in MSCONFIG | No |
| ? | Indexer | Indexer.exe | Part of the Sharpdesk from Sharp Electronics. "A desktop-based, personal document management application that lets users browse, edit, search, compose, process, and forward both scanned and native electronic documents". What does it do and is it required? | No |
| X | Indexindicator | Indexindicator.exe | Added by the LAZAR TROJAN! | No |
| N | IndexSearch | IndexSearch.exe | Associated with PaperPort scanner software from ScanSoft | No |
| U | IndexTray | IndexTray.exe | Part of Sharpdesk from Sharp Electronics. "A desktop-based, personal document management application that lets users browse, edit, search, compose, process, and forward both scanned and native electronic documents" | No |
| U | IndicatorUty | IndicatorUty.exe | Fujitsu Hotkey Utility displays icons on the screen when you use hotkeys on a Fujitsu Siemens Lifebook, eg, when you press the hotkey for muting the sound, a loudspeaker icon with a cross on it is displayed | No |
| U | IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} | NMIndexStoreSvr.exe | Indexing service that catalogs all the media on your computer so that the files are available to all of the programs in the Nero suite of applications | No |
| X | ine | svchosts.exe | Added by the RBOT.BNL WORM! | No |
| X | INET | inetsync.exe | Meplex adware | No |
| X | Inet DataBase | Inetdbs.exe | Added by the QEDS WORM! | No |
| X | Inet Delivery | inetdl.exe | Inet Delivery adware | No |
| X | Inet Delivery | inetdl_2.exe | Inet Delivery adware | No |
| X | Inetapi | Netapi.exe | Added by the NETDEVIL.14 TROJAN! | No |
| U | inetcntrl | inetcntrl.exe | Bsafe Online - internet filter | No |
| ? | InetConf | inetconf.exe | ?? | No |
| U | Inetd | INETD32.EXE | Windows Inet Daemon from Hummingbird Communications. "Hummingbird Inetd has the advanced ability to conserve PC resources by listening for connection requests and launching server daemons". Provides PCs with the full functionality of a UNIX workstation | No |
| U | inetinfo.exe | inetinfo.exe | Executable used by MS Internet Information Server (IIS). If it's running, then so is IIS. Useful in knowing whether you require the patch for the Code Red worm. Comes with PWS (Personal Web Server) or NT4 and handles ASP-, PHP code (+ more) | No |
| X | inetinfomon manager | inetinfomon.exe | Added by the DONBOMB.A TROJAN! | No |
| X | inetmgr | inetmgr.exe | Actual Names (AdvSearch) Internet Keywords parasite | No |
| X | InetMSN | msnet.exe | Added by a variant of the SDBOT TROJAN! | No |
| X | InetServices | wsock32.exe | Added by the WOCK32-A TROJAN! | No |
| X | infamous.exe | wmplayer.exe | Added by unknown malware. WMPLAYER.EXE is stored in the location and uses the same name as Windows Media Player but that valid Windows program doesn't load at startup | No |
| X | InfeStop | InfeStopRemover.exe | InfeStop rogue spyware remover - not recommended, removal instructions here | No |
| X | info | smss.exe | Added by the VB.EIW WORM! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %System%\inetsrv | No |
| X | INFO DATA | apc.exe | Added by the RANDON.B WORM! | No |
| U | Info Select | is.exe | Info Select from Micro Logic - personal information manager | No |
| X | Info32x | Info32x.exe | Added by the GEMA TROJAN! | No |
| X | InfoData | rundll32.exe ********.dll, realset [* = random char] | Added by the VUNDO TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The random DLL file is found in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| U | InfoPenMSN | InfoPenIM.exe | InfoPenMSN is a MSN Messenger plugin that allows you to send data written/drawn by hand | No |
| ? | Infoplay.exe | Infoplay.exe | Written by New Media Properties, LLC and you're asked if you want to download and install it if you visit one of their search engine websites (which I chose not to). What does it do and is it needed? | No |
| X | Information Update | iu.exe | Detected by Kaspersky as the CENTIM.CH TROJAN! | No |
| U | Infra-red Monitor | IRMON.EXE | System Tray access to infra-red devices. Not required unless you use infra-red devices | No |
| X | infus | infus.exe | Adult content dialler | No |
| U | Infuzer | Infuzer.exe | Infuzer - "is a service that copies dates from the web or an email straight to your electronic calendar". Beware of the following adware trait - "Infuzer provides web site owners with a unique opportunity to communicate with their visitors in a way that is useful and relevant to them, as well as increasing return visits and brand awareness, and providing new e-commerce opportunities" | No |
| X | infwin | infwin.exe | VX2.Transponder parasite updater/installer related | No |
| X | Init | [path to trojan] | Added by the DROPPER.EAT TROJAN! | No |
| X | Init32 | Init32.exe | Added by the WINEX.A TROJAN! | No |
| X | Initial Page | install.exe | EasySearch browser hijack installer | No |
| Y | Initialize8x8 | 8x8_init.exe | Tool that initializes a Pinnacle PCTV card - maybe in capture or in showing overlay | No |
| X | inixs | minix32.exe | Added by the AGENT.CKQX TROJAN! | No |
| X | injob | injobs.exe | Added by the BINJO TROJAN! | No |
| N | Ink Monitor | InkMonitor.exe | Associated with Epson (and maybe other) printers. Tells you when the ink's running low and asks if you want to buy another cartridge on-line | No |
| N | InkWatch | InkWatch.exe | Associated with Canon (and maybe other) printers. Tells you when the ink's running low and asks if you want to buy another cartridge on-line | No |
| Y | InoRPC | InoRpc.exe | Associated with eTrust Antivirus/InoculateIT | No |
| Y | InoRT | InoRT9x.exe | Associated with the Realtime Monitor of eTrust Antivirus/InoculateIT version 6 virus scanners from Computer Associates. For NT/2K/XP users you may need a patch if seeing high CPU useage | No |
| U | InoTask | InoTask.exe | Scheduled scans and signature updates for eTrust Antivirus/InoculateIT version 6 virus scanners from Computer Associates. Leave enabled unless you manually update signatures or perform routine scans. If enabled it can result in high CPU useage when performing updates | No |
| X | iNotice | iservice.exe | Added by a variant of an MSN worm that tries to lure people to an infected site by using nude pictures and videos | No |
| ? | insCOA5 | insCOA5.exe | ?? | No |
| X | Insider | Insider.exe | Added by the AGENT.KMC TROJAN! | No |
| U | InstaAlert | InstaAlert.exe | "Kayako InstaAlert allows you to receive realtime alerts whenever a ticket gets updated under the assigned departments. The application displays popups as and when the tickets are created or replied to allowing you to answer your customer requests and issues promptly" | No |
| X | Instafinder | instafinder.exe | TopSearch.D adware | No |
| X | InstaFinderK | InstaFinderK inst.exe | InstaFinder adware | No |
| X | Install | Install.exe | Added by the BANCBAN-HG TROJAN! | No |
| X | Install part II | updates.exe | Added by the RELFEERWORM! | No |
| ? | Install Pending Files | sifxinst.exe | Uninstall program for Lanovation's Prism Deploy and Prism Pack adminstrators software deployement tools. For specific information see here. Is it required? | No |
| x | install32 | install32.exe | Added by the NUCLEAR.DG BACKDOOR! | No |
| N | InstallAurealDemos | InstallAurealDemos.js | Used to initialize the Aureal A3D demos InstallShield wizard | No |
| U | InstallBuddy | Ibtna.exe | InstallBuddy - automatically translates and installs your desktop documents, such as Adobe PDF, HTML, Microsoft Word, Excel and PowerPoint files, to your Palm organizer when you HotSync | No |
| X | InstallCleaner | InstallCleaner.exe | Added by the ANYHOMB.F TROJAN! | No |
| X | Installed shell32.dll | Office.exe... | Added by the LOVGATE.AO WORM! | No |
| X | Installed shell32.dll | Office.exe | Added by the LOVGATE.E WORM! | No |
| X | Installer | dial.exe | Malware - detected by Kaspersky as the AGENT.MM TROJAN! | No |
| ? | InstallNAIProduct | SETUP.EXE | Could be related to Network Associates Inc who own the McAfee VirusScan product amongst others. This was found in a directory called "VSC". Could it be an installation that failed and "SETUP.EXE" was left to run at startup as an error? | No |
| X | InstallProgram | [path to trojan] | Added by the AGENT-HHU TROJAN! | No |
| X | InstallProvider | newsoftware2007install.exe | Part of WinAntiVirusPro 2007 and Privacy Protector rogue security software (and possibly others) - not recommended | No |
| X | Installs SP2 | [path] repcale.exe [path] palsp.exe | Added by a variant of the RANDON.AN WORM! Both files are located in %System%\qpalsp | No |
| X | Installs SP4 | [path] repcale.exe [path] p0rd.exe | Added by the RANDON-AK WORM! Both files are located in %System%\ekrlgc | No |
| U | Installstub | installstub.exe | Tool for Outlook and Outlook Express from Plaxo for organising and keeping contacts organised and updated and providing online access to your contacts and access from PDA or mobile phone | No |
| X | Instance 001 | [path to worm] | Added by the ALASROU-A WORM! | No |
| X | Instant Access | rundll32.exe EGDHTML_1023.dll, InstantAccess | InstantAccess premium rate adult content dialler variant. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| X | Instant Access | rundll32.exe eg_auth_****.dll, InstantAccess [**** = digits] | InstantAccess premium rate adult content dialler variant. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| X | Instant Access | rundll32.exe EGCOMLIB_****.dll, InstantAccess [**** = digits] | InstantAccess premium rate adult content dialler variant. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| X | Instant Access | rundll32.exe EGCOMSERVICE_****.dll, InstantAccess [**** = digits] | InstantAccess premium rate adult content dialler variant. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| X | Instant Access | rundll32.exe p2esocks_****.dll, InstantAccess [**** = digits] | InstantAccess premium rate adult content dialler variant. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| X | Instant Access | mwsrvacc.exe | InstantAccess premium rate adult content dialer | No |
| X | Instant Access | linewsrv.exe | InstantAccess premium rate adult content dialer variant | No |
| X | Instant Buzz Daemon | IBDaemon.exe | Instant Buzz adware | No |
| X | Instant Messenger Service | imservice.exe | Detected by Kaspersky as the HEUR TROJAN! | No |
| X | instant messengers | instantmsgtr.exe | Added by the AGOBOT-PC BACKDOOR! | No |
| N | Instant Update Center | reminder.exe | Event reminder for calendar dates, etc from Broderbund PrintMaster. Disable using the program's own option (if available) or a startup manager as it will re-instate if disabled via MSConfig | No |
| U | Instant Wireless Configuration Utility | WUSB11cfg.exe | Utility used by the LINKSYS LINKSYS wireless USB Adapter (WUSB11) and indicates when a wireless access connection is made by a screen colour change. Also used for configuration | No |
| U | Instant Wireless Configuration Utility | WPC11Cfg.exe | Utility used by the LINKSYS wireless USB Adapter (WUSB11) and indicates when a wireless access connection is made by a screen colour change. Also used for configuration | No |
| N | InstantAccess | INSTAN~1.EXE | From TextBridge Pro 9.0 OCR scanner software. Available via Start -> Programs | No |
| U | InstantDrive | InstantDrive.exe | Pinnacle Systems (ex VOB) InstantDrive - creates a virtual CD-ROM drive on the computer's hard drive. Part of InstantCD/DVD burning software | No |
| X | InstantPleasure | instantpleasure.exe | Adult content dialler | No |
| X | InstantPleasureXXX | instantpleasurexxx.exe | Adult content dialler | No |
| N | InstantTray | PCLETray.exe | Pinnacle InstantCD/DVD disc creation software. Tray icon enabling a pop-up menu that lets you call up any of Instant CD/DVD's tools with one click. Can be started manually | No |
| X | instit | instit.bat | Added by the OPASERV.H WORM! | No |
| X | instit | INSTIT.BAT | Added by the OPASERV.K WORM! | No |
| ? | InstUtlR.exe | InstUtlR.exe | ?? | No |
| X | intdctrr | idctup20.exe | SafeSurfing adware variant | No |
| X | Intec Service Drivers | msmsgrs.exe | Added by the SDBOT-ADN WORM! | No |
| X | Intec Service Drivers | [path to worm] | Added by the RBOT-GLU WORM! | No |
| X | Intec Service Drivers | wing32.exe | Added by the RBOT.HAZ WORM! | No |
| X | Intec Service Drivers | msmsgredss.exe | Added by the SDBOT-AGL WORM! | No |
| X | Intec Services Driverrs | winrvc.exe | Added by a variant of the SDBOT WORM! | No |
| X | Intec Services Drivers | msupdate22e.exe | Added by the RBOT-CGC WORM! | No |
| U | IntegardTray | IntegardTray.exe | System Tray access to Integardparental control software from Race River Corp | No |
| U | Intel Active Monitor | imontray.exe | System tray monitoring of fans, temperature, voltage, etc for Intel motherboards. Only needed if you "overclock" or live in hot environment. Can also cause problems when running on a laptop if you change PCMCIA cards | No |
| X | Intel Audio Studio V2.0 | fmideploy.exe | Detected by VBA32 as the BIFROSE.ADR TROJAN! | No |
| X | Intel Driver | csrs.exe | Added by a variant of the SDBOT WORM! | No |
| U | Intel File Transfer | xfr.exe | Part of Intel's LANDesk Management Suite 6 and the Common Base Agent (CBA) - used for communicating between the core server and managed clients | No |
| U | Intel PDS | pds.exe | Intel Ping Discovery Service (PDS). Part of Intel's LANDesk Management Suite 6 and the Common Base Agent (CBA) - used for communicating between the core server and managed clients. Will start the dial-up if installed and enabled | No |
| X | Intel Physical Routine 1.2A | stnetlib.exe | Added by the BACKDR-AS BACKDOOR! | No |
| U | Intel Product Number Utility | IntelProcNumUtility.exe | Intel Processor Serial Number Control Utility allows you to enable and disable the processor serial number capability of an Intel PIII processor. You can find more information here. System Tray icon providing the user with a visual state indication. You can find more information here | No |
| N | Intel PROSet Tray Icon | promon.exe | System Tray icon for Intel PRO series ethernet adapters giving access to the diagnostic features | No |
| X | Intel Service Drivers | msconfig16.exe | Added by the MSCONFIG16 TROJAN! | No |
| X | Intel system tool | hookdump.exe | Added by the SPYRE-H TROJAN! | No |
| X | Intel system tool | winnook.exe | Added by the SPYRE-C TROJAN! | No |
| X | Intel system tool | svehost.exe | Added by the AGENT-EBT TROJAN! | No |
| X | Intel system works | iis.exe | Added by the RBOT.QGA WORM! | No |
| U | Intel(R) Common User Interface | igfxtray.exe | System Tray access to display settings for Intel desktop and mobile motherboard chipsets with integrated graphics. With this enabled, you can access settings like graphics properties and hot key settings via the icon on the System Tray. Different chipset versions may have different options available. These options are normally also available via the system Control Panel - under Display (XP) or Personalization and Appearance (Vista) | Yes |
| U | Intel(R) Common User Interface | hkcmd.exe | Hot Key handler for Intel desktop and mobile motherboard chipsets with integrated graphics. With this enabled, you can access settings like graphics properties and screen rotation via pre-programmed key combinations - such as CTRL+ALT+F12 which displays the graphics properties (otherwise available via a right-click on the desktop or the Control Panel). Different chipset versions may have different pre-programmed settings and in some cases these may be programmable | Yes |
| U | Intel(R) Common User Interface | igfxpers.exe | Installed with the graphics drivers for Intel desktop and mobile motherboard chipsets with integrated graphics. It's purpose or function isn't known at present but testing with it disabled would appear to indicate it isn't required - hence the recommended "U" status | Yes |
| X | intel32.exe | intel32.exe | Added by the SmitFraud alias SPYJACK-B TROJAN! | No |
| U | IntelAPMClient | amclient.exe | LANDesk® Management Suite software component | No |
| N | IntelAudioStudio | IntelAudioStudio.exe | "Intel Audio Studio combines Intel® High Definition audio hardware features with Sonic Focus* Audio Refinement and Dolby* technologies to provide you with a comprehensive tool that puts you in control of your audio experience". Audio utility supplied with some Intel motherboards | No |
| X | InteliSys | smss.exe | Advertisingvision adware. Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | intell32.exe | intell32.exe | Added by the SmitFraud alias Desktophijack.C TROJAN! | No |
| X | intell321.exe | intell321.exe | Added by the SPYJACK-B TROJAN! | No |
| X | Intelli Mouse Pro Version 2.0B | ncsjapi32.exe | Added by the BUZUS-O WORM! | No |
| X | Intelliflag_be.exe | Intelliflag_be.exe | Intelliflag spyware | No |
| U | IntelliPoint | point32.exe | Microsoft IntelliPoint utility (up to version 5.4) - required to support the programmable buttons and additional features and on Microsoft's range of mice, If this entry is disabled, any programmed buttons or program-specific settings will not be supported | Yes |
| U | IntelliPoint | ipoint.exe | Microsoft IntelliPoint utility (from version 5.5) - required to support the programmable buttons and additional features and on Microsoft's range of mice, If this entry is disabled, any programmed buttons or program-specific settings will not be supported | Yes |
| U | Intellitype | type32.exe | Microsoft IntelliType Pro utility (up to version 5.4) - required to support the multimedia keys, programmed keys and key macros on Microsoft's range of keyboards. If this entry is disabled, any programmed keys or actions will not be supported and keys will not function as expected in applications with advanced text services enabled | No |
| U | IntelMEM | IntelMEM.exe | Related to connection events on an Intel chipset based modem. It can alert you if the telephone line is being used when you're trying to get online (when you're using dial-up). It can also alert you if your modem line is disconnected. Furthermore, it can alert you if you have made a wrong connection with your modem line | No |
| X | Intelprc | Aas3lovu.exe | Added by the SILLYFDC-CG WORM! | No |
| U | IntelProcNumUtility | cpunumber.exe | Intel Processor Serial Number Control Utility allows you to enable and disable the processor serial number capability of an Intel PIII processor. You can find more information here. System Tray icon providing the user with a visual state indication. You can find more information here | No |
| Y | IntelWireless | ifrmewrk.exe | Associated with the Intel PRO/Set Wireless software | No |
| U | IntelZeroConfig | ZCfgSvc.exe | Zero Config MFC Application, part of Intel's ProSET utilities and installed by the drivers for many of Intel wireless network cards - essential to the proper functioning of many of the Intel ProSET utilities (but not all) and these System Tray ProSET utilities are a must if you are using your wireless connection, if only so you know when the signal is fading or dropping. The problem is that, in some PCs, ZCFGSVC can be incredibly badly behaved : taking up to 100% of CPU time and therefore resulting in an extremely slow PC, preventing the installation of software or Windows updates, or causing "Not Responding" or "End this Program" shutdown problems. If you experience this, try first the very latest drivers from Intel or your laptop manufacturer. If that still does not solve the problem and you have WinXP/2003, try setting the "Wireless Zero Configuration" service to disabled | No |
| ? | Intense Registry Service | IntEdReg.exe /CHECK | Intense Educational Ltd - Language Office Software. Is it required? | No |
| X | InterceptedSystem | [path to worm] | Added by the ANACON-B WORM! | No |
| Y | InterCheck Monitor | Icmon.exe | Part of Sophos ant-virus sofware | No |
| Y | InterCheckMonitor | ICMON.EXE | Part of Sophos anti-virus sofware | No |
| X | Interdll | Interdll.exe | Added by the DELF family of TROJANS! | No |
| X | Internal | [trojan filename] | Added by the SMOTHER and TRANSLAT TROJANS! | No |
| X | Internal | regedit.exe /s c[month number] | Added by the FORTNIGHT.D TROJAN! Note that the Windows registry editor (regedit.exe) is a legitimate Microsoft file located in %Windir% and shouldn't be deleted. The file "c[month number]" is located in %Windir%, ie, C:\Windows\c10 | No |
| X | Internal Memory File | sysintmemory.exe | Added by the RBOT-GKT WORM! | No |
| X | InternalSystray | Kazza.exe | Added by the OPTIXPRO.12.C BACKDOOR! Note - unlike the valid KaZaA executable, this is located in %System% | No |
| X | internat | internat.exe | Added by the LYDRA-F TROJAN! Note - the real internat.exe resides in %windir%\system (where %windir% is the Windows directory - C:\Windows or C:\Winnt) whereas this version resides in %windir% | No |
| X | Internat | systray.exe | Added by the ALADINZ.P TROJAN! Note - this is not the legitimate systray.exe process. If you right-click on the real systray.exe the "Properties" reveal it to be a Microsoft file | No |
| X | Internat | msgsrv32.exe | Added by the NYRUBOT-A BACKDOOR! Note - this is not the legitimate msgsvr32.exe process on a Win9x/Me system which should not appear in MSConfig/startup! | No |
| X | Internat | [trojan filename] | Added by the CMJSPY-Y TROJAN! | No |
| X | Internat Conf | bootconf.exe | Homepage hijacker, redirecting to coolwwwsearch.com; see for example here | No |
| N | internat.exe | internat.exe | Microsoft language selection icon in system tray, located in the System (Win98/Me) or System32 (WinNT/2K/XP) folder | No |
| X | Internat.exe | internat.exe | Added by the NETSNAKE TROJAN! Note - the real internat.exe resides in %windir%system (Win98/Me) or %windir%System32 (WinNT/2K/XP) (where %windir% is the Windows directory - C:\Windows or C:\Winnt) and has a "?" icon wheras this version resides in %windir% and has a ZIP icon | No |
| X | internct | WinSocks5.exe | Added by the GRAYBIRD.F TROJAN! | No |
| X | internet | smss.exe | Added by the MIFENG-K TROJAN! Note - this is not the legitimate smss.exe process which should NOT appear in Msconfig/Startup! | No |
| X | Internet | Internet.exe | Added by the PWS-CS TROJAN! | No |
| X | Internet | recruit.exe | Added by the RBOT-AJG WORM! | No |
| X | internet | [trojan filename].exe | Added by the MIFENG-D TROJAN! | No |
| X | Internet | winlogom.exe | Added by a variant of the SDBOT WORM! | No |
| X | Internet | nteusodp.exe | Added by the RBOT-GFJ WORM! | No |
| X | internet | winsas32.exe | Added by a variant of the SDBOT WORM! | No |
| X | internet | lsass.exe | Added by the DSPY-A TROJAN! Note - this is not the legitimate lsass.exe process which should not normally figure in Msconfig/Startup! | No |
| X | Internet | alm7tas.exe | Added by a variant of the RBOT WORM! | No |
| X | Internet | wins.exe | Added by the RBOT.AAYF WORM! | No |
| U | Internet Answering Machine | IAMNET~1.EXE | From Callwave. It offers a free utility to monitor your incoming phonecalls if you only have a single telephone line for internet access | No |
| U | Internet Answering Machine | IAM.exe | From Callwave - offers a free utility to monitor your incoming phonecalls if you only have a single telephone line for internet access | No |
| X | Internet Antivirus | IAvir.exe | Internet Antivirus rogue security software - not recommended, removal instructions here | No |
| X | Internet Antivirus Pro | IAPro.exe | Internet Antivirus Pro rogue security software - not recommended, removal instructions here | No |
| X | Internet Application Driver | expIorer.exe | Added by the IRCBOT-WK TROJAN! | No |
| U | Internet Call Director | ICD.EXE | TELUS Internet Call Director (ICD) provides Internet users with real-time call notification while connected to the Internet | No |
| U | Internet Call Manager | ICM.EXE | Starts Internet Call Manager dialog box and/or taskbar icons at bootup. This is a subscription program from internetcallmanager.com that monitors a dialup phone line for incoming calls and handles voicemail | No |
| X | Internet Config | svchosts.exe | Added by the SDBOT TROJAN! | No |
| X | Internet Connection Wizard | stisvsq.exe | EasySearch adware | No |
| X | Internet Connection Wizard | [path to trojan] | Added by the SMUTSRCH-A TROJAN! | No |
| X | Internet Connection Wizard | stisvsq1.exe | Added by the DLOADR-AWD TROJAN! | No |
| X | Internet Content Publisher | ICP.EXE | Added by the RBOT-UD WORM! | No |
| U | Internet Disk Cleaner | CLEARH~1.EXE | "Internet Disk Cleaner from Elongsoft "protects your privacy by cleaning up all Internet tracks and past computer activities" | No |
| U | Internet Download Accelerator | ida.exe | Internet Download Accelerator download manager | No |
| X | Internet download manager service | idman.exe | Added by the RBOT-BMS WORM! | No |
| X | Internet Exploere Services | urlmon32.dll.exe | Added by the EVIAN.C WORM! | No |
| X | Internet Explore Microsoft | lEXPLORE.EXE | Added by the RBOT-AOF WORM! Note - the executable is spelt with a lower case "L" rather than an lower or upper case "i" which is the case with Internet Explorer | No |
| X | Internet Explorer | iexplorer.exe | Added by the LORSIS WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) | No |
| X | Internet Explorer | IEXPLORE.EXE | Added by the RBOT-EY WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System% | No |
| X | Internet Explorer | IExplorer.exe | Added by the NETHIEF-O BACKDOOR! Note - this is not the legitimate Internet Explorer (iexplore.exe) | No |
| X | Internet Explorer | http.exe | Added as part of a new potential CWS infection, and part of a suite of programs that installs a web server, php, ftp server, socks, and mail server on your computer without your knowledge. These files are known to be part of an infection that transmits information about your bank accounts, passwords, and other financial information. It should be deleted immediately, you should enable your firewall, and you should contact your financial services in order to report the issue and to have your passwords changed | No |
| X | Internet Explorer | iexpiore.exe | Added by the RBOT-AZC WORM! | No |
| X | Internet Explorer | IEPLORE32.EXE | Added by the AGOBOT-CU WORM! | No |
| X | Internet Explorer | twain.exe | Added by the AGENT.BEA TROJAN! | No |
| X | Internet Explorer Agent | iexplorer.exe | Added by the AGENT-BH TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe) | No |
| X | Internet Explorer Configuration | IEXPLORE.EXE | Added by the SDBOT-UL WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System% | No |
| X | Internet Explorer Security | iexplore.pif | Added by the RBOT-ALQ WORM! | No |
| X | Internet Explorer Sys32 | isys32.exe | Added by the IRCBOT-ADA WORM! | No |
| X | Internet Explorer Updater | lexbac.exe | Added by the DOWNLOAD TROJAN! | No |
| X | Internet Explorer Updater | iexplorer.exe | Added by the REUR.B WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) | No |
| X | Internet Explorer6 | IEexplore.exe | Added by the RBOT.AGC WORM. Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System% | No |
| X | Internet Explorer6.0 | IEXPLORE.EXE | Added by the RBOT.ENZ WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System% | No |
| X | Internet Firewall Layer | tsqla.exe | Added by a variant of the SPYBOT WORM! | No |
| U | Internet History Eraser | HERASER.exe | Internet History Eraser - deletes your browsing tracks | No |
| X | Internet Loader1 | MSInstall61.exe | Added by the KWBOT.B WORM! | No |
| X | Internet Mail and News | msqdevl.exe | EasySearch adware | No |
| X | Internet Mail and News | [path to trojan] | Added by the SMUTSRCH-A TROJAN! | No |
| X | Internet Mail and News | msqdevl1.exe | Added by the DLOADR-AWD TROJAN! | No |
| X | Internet Optimizer | optimize.exe | Internet Optimizer parasite - detected by Sophos as the DLUCA-G TROJAN and variants | No |
| X | Internet Protocol Configuration Loader | ipcl32.exe | Added by the SDBOT TROJAN! | No |
| X | Internet Security 2010 | IS2010.exe | Internet Security 2010 rogue security software - not recommended, removal instructions here | No |
| X | Internet Security Service | msq32.exe | Added by the RBOT-GFP WORM! | No |
| X | Internet Security Service | msq23.exe | Added by the RBOT-GQL WORM! | No |
| X | Internet Security Service | msql23.exe | Added by the RBOT-GML WORM! | No |
| X | Internet Security Service | mysqlwin32.exe | Added by the RBOT.UX TROJAN! | No |
| X | Internet Send | More log.exe | Unidentfied adware | No |
| X | Internet Server | inetsrv.exe | Added by the STARTPA-EM TROJAN! | No |
| X | Internet Service | intersvc.exe | Added by the SPYBOT-DE WORM! | No |
| X | internet service | syscfg32.exe | Added by the RBOT-QS WORM! | No |
| X | internet service | ssvhost.exe | Added by a variant of the RBOT WORM! | No |
| X | internet service | svho0st98.exe | Added by the RBOT.EAT WORM! | No |
| X | Internet Services | systemdev.exe | Added by the SDBOT-PW WORM! | No |
| X | Internet Services | internet.exe | Added by the MYTOB.BT WORM! | No |
| X | Internet Services | interserv.exe | Added by the RBOT.BNT WORM! | No |
| X | Internet Services | Netsvc.exe | Added by the MYTOB.MN WORM! | No |
| X | INTERNET SERVISES | winz32.exe | Added by the KWBOT.Z WORM! | No |
| Y | Internet Sharing Server | iss_srvr.exe | Intel AnyPoint internet sharing software. Now discontinued | No |
| X | Internet Suspention | story.exe | Added by the WOOTBOT.HV WORM! | No |
| N | Internet Sweeper | Sweeper.exe | Internet Sweeper - removes unnecessart left over files after browsing the internet | No |
| U | Internet Timer | ITIMER.exe | Shareware dial-up connection call cost calculator from Ratsoft | No |
| X | Internet Washer Pro | iw.exe | Internet Washer manages temporary browser files, cookies, etc - a 'trial' Internet Washer Pro seems to have been widely stealth-installed around March 2003 | No |
| X | Internet.exe | Internet.exe | Added by the MAGICCALL VIRUS! | No |
| X | internet.exe | yinyin3345.vbs | Added by the YINI MACRO! | No |
| X | Internet2 Optimizer | wkfix.exe | Added by a variant of the RBOT WORM! | No |
| N | InternetCalls | InternetCalls.exe | InternetCalls - free internet telephony utility using the VoIP (Voice over Internet Protocol). Call online friends for free and regular phones either for free (limited use) or low rates. One of a number provided by Betamax - the others generally have different rate plans. Similar to the more popular Skype | Yes |
| X | InternetExplorer2 | windows.exe | Added by the SDBOT-CZP WORM! | No |
| X | InternetExplorer32 | iexplore32.exe | Added by the RBOT-GRA WORM! | No |
| X | InternetGetConnectedState | winupdate.exe | Added by the SDBOT-JN WORM! | No |
| X | InternetGetConnectedStateEx | winupdate.exe | Added by the SDBOT-JN WORM! | No |
| X | InternetShield | INTERN~1.EXE | InternetShield rogue security software - not recommended, see here | No |
| X | InternetShield | InternetShield.exe | InternetShield rogue security software - not recommended, see here | No |
| U | InternetSpy | InternetSpy.exe | Internet Spy - freeware keylogger that tracks all visited websites including the date and exact time these sites were visited. The information is stored in a file that may be accessed by the person who knows where it is saved. Remove unless you installed it yourself! | No |
| X | InternetWasherPro | iw.exe | Internet Washer manages temporary browser files, cookies, etc - a 'trial' Internet Washer Pro seems to have been widely stealth-installed around March 2003 | No |
| X | INTERNET_SERVISES | winz32.exe | Added by the SDBOT.Q TROJAN! | No |
| U | InternodeUsage | mum.exe | Australian ISP's free monthly download meter | No |
| X | Internt | Internt.exe | Added by the PEEPER or CARUFAX.A TROJANS! | No |
| X | Inters Configuration Loader | RCL0ADERS.exe | Added by the SDBOT-KX WORM! | No |
| X | Intersoft Msngr | intersoftmsngr.exe | Added by the AGOBOT-NW WORM! | No |
| N | InterTrust Quick Start | it_cpq~1.exe | InterTrust offers something known as Digital Rights Management to control legal software download and other E-commerce related business | No |
| X | InterU | WINDRV.EXE | Added by the IRCINTER.A TROJAN! | No |
| N | Intervideo Win Cinema Manager | WinCinemaMgr.exe | WinCinema Manager is needed when using the WinDVD Remote Control for WinDVD from Intervideo. Available via Start -> Programs | No |
| N | Intervideo Win Cinema Manager | WINCIN~1.EXE | WinCinema Manager is needed when using the WinDVD Remote Control for WinDVD from Intervideo. Available via Start -> Programs | No |
| N | Intervideo WinCinema Manager | WinCinemaMgr.exe | WinCinema Manager is needed when using the WinDVD Remote Control for WinDVD from Intervideo. Available via Start -> Programs | No |
| N | Intervideo WinCinema Manager | WINCIN~1.EXE | WinCinema Manager is needed when using the WinDVD Remote Control for WinDVD from Intervideo. Available via Start -> Programs | No |
| N | Intervideo WinScheduler | WinScheduler.exe | WinScheduler is installed with WinDVD Remote Control for WinDVD from Intervideo. If you want to schedule recordings from your TV tuner card, you will need it. Available via Start -> Programs | No |
| N | Intervideo WinScheduler | SchSvr.exe | WinScheduler is installed with WinDVD Remote Control for WinDVD from Intervideo. If you want to schedule recordings from your TV tuner card, you will need it. Available via Start -> Programs | No |
| N | InterVoip | InterVoip.exe | InterVoip - free internet telephony utility using the VoIP (Voice over Internet Protocol). Call online friends for free and regular phones either for free (limited use) or low rates. One of a number provided by Betamax - the others generally have different rate plans. Similar to the more popular Skype | Yes |
| U | InterWARN | interwarn.exe | InterWARN by Storm Alert Inc. Provides customized, automated access to critical weather and civil emergency information from the US National Weather Service. Required if audio and screen crawler alerts are desired. Also available via Start -> Programs | No |
| X | Intespention | IEXPLORE.exe | Added by the FORBOT-FL WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System% | No |
| X | Intmgr | Intmgr.exe | Added by the GEMA TROJAN! | No |
| X | intranet | SYS32CFG.EXE | Added by the SPYBOT-DW WORM! | No |
| X | Intranet | intranet.exe | Added by the CHIMOZ.AC TROJAN! | No |
| X | Intranet | schost.exe | Added by the RBOT.SV BACKDOOR! | No |
| X | Intranet Explorer | [random filename] | Added by the POEBOT.DK BACKDOOR! | No |
| X | Intrenat | Intrenat.exe | Added by the LEMIR.E TROJAN! | No |
| N | Introducing Media Manager | SPLASHA.EXE | MS Media Manager tour. Not required | No |
| N | Introduction-Registration | ?? | For Compaq PC's. Should only run first time, PC Introduction & Compaq registration | No |
| X | IntruderAlert | ia99.exe | Intruder Alert '99 from Bonzi - spyware | No |
| X | IntSys1 | [path to trojan] | Added by the BANLOA-ASE TROJAN! | No |
| U | Inventory Scan | LDISCN32.EXE | LANDesk® Management Suite software component | No |
| X | Ioadqm | Media Player.exe | Added by the HAWAWI WORM! | No |
| N | iobi | iobiClient.exe | iobi Home - a mail/voice service by Verizon | No |
| Y | iolo AntiVirus | ioloAV.exe | iolo AntiVirus | No |
| Y | iolo Personal Firewall | ioloFW.exe | iolo Personal Firewall | No |
| U | Iolo Task Agent | Task_Agent.exe | Iolo System Mechanic Task Agent. Scheduled maintenance | No |
| N | iolo Utility Bar | SMUtilityBar.exe | Iolo System Mechanic Utility Bar - can be launched manually | No |
| U | ioloDelayModule | delay.exe | Part of Iolo System Mechanic. Used to delay the start of an application which loads automatically as Windows loads | No |
| U | Iomega Automatic Backup | ibackup.exe | Iomega Automatic Backup - automatic backups for use with Iomega portable HDD | No |
| U | Iomega Automatic Backup 1.0.1 | ibackup.exe | Iomega Automatic Backup - automatic backups for use with Iomega portable HDD | No |
| N | Iomega Backup Scheduler | dtiom98.exe | Used by Iomega drives. Details of its purpose can be found here. Available via Start -> Programs | No |
| U | Iomega Disk Icons | IMGICON.EXE | Displays Iomega icons in Explorer/My Computer, ejects Zip disks on shutdown and displays a special delete confirmation box when deleting files on an Iomega drive. Available via Start -> Programs. If you disable it remember to eject disks first before powering the drive down - hence the "U" recommendation. Note - FreeCell may not run with ImgIcon running | No |
| U | Iomega Drive Icons | IMGICON.EXE | Displays Iomega icons in Explorer/My Computer, ejects Zip disks on shutdown and displays a special delete confirmation box when deleting files on an Iomega drive. Available via Start -> Programs. If you disable it remember to eject disks first before powering the drive down - hence the "U" recommendation. Note - FreeCell may not run with ImgIcon running | No |
| U | Iomega ImIconXP | imiconxp.exe | Iomega REV System Software - allows your Iomega REV drive to interact with the operating system via the Iomega REV UDF file system, and provides drag-and-drop file access, access and write protection, and formatting of the disks | No |
| ? | Iomega QuickSync | Quicksync.exe | ?? | No |
| N | Iomega Startup Options | IMGSTART.EXE | Used by Iomega drives. Details of its purpose can be found here. Available via Start -> Programs | No |
| N | Iomega Watch | IOWATCH.EXE | Used by Iomega drives. Available via Start -> Programs | No |
| N | IomegaWare | COMMANDER.EXE | Used by Iomega drives. Details of its purpose can be found here. Available via Start -> Programs | No |
| X | Iomega_loader | Iomega_loader.exe | Added by the ANTINNY.F WORM! | No |
| U | Iomon98.exe | Iomon98.exe | PC-Cillin 98 real time virus check. Can cause floppy disk accesses to hang | No |
| X | ioroxxo microsoft sux | system32.exe | Added by a variant of the RBOT WORM! | No |
| X | IP | IP.EXE | Added by the AGOBOT-QO WORM! | No |
| U | IP Changer 2.0 | IPChanger.exe | IP Changer 2.0 from Plustech Inc - network configuration management tool | No |
| X | IP Packet Redirect Service | ipredirect.exe | Added by the FORBOT.SM WORM! | No |
| X | IP Stack | ipstack.exe | Added by the AGOBOT.CW WORM! | No |
| X | IP**.exe [* = random char] | IP**.exe [* = random char] | CoolWebSearch/HomeSearch adware - for examples, see this log | No |
| X | IP**32.exe [* = random char] | IP**32.exe [* = random char] | CoolWebSearch/HomeSearch adware - for examples, see this log | No |
| N | iPalm | mon.exe | Installed with a Panasonic iPalm digital camera. Used to upload photos from the camera. If your camera is not connected (via USB port) you do not need this program loaded | No |
| X | IPC Connection | ipcconn.exe | Added by the RBOT-AEG WORM! | No |
| X | IPC Spool Manager | wnmgre.exe | Added by the SDBOT-ZC WORM! | No |
| X | IPC Spool Manager | winspec.exe | Added by the SDBOT-BLU WORM! | No |
| X | ipcfg.exe | ipcfg.exe | Adware - detected by McAfee as a variant of the ADCLICKER-BM TROJAN! | No |
| X | IPConfig | svcxnv32.exe | Added by the HACARMY.E TROJAN! | No |
| X | IPConfig | svcxnw32.exe | Added by a variant of the HACARMY.E TROJAN! | No |
| X | IPConfig | ipconfigs.exe | Added by the HACARMY.C BACKDOOR! | No |
| X | IpCtrl | ipcon32.exe | Added by an unidentified VIRUS, WORM or TROJAN! | No |
| X | IPFW | ipwf.exe | Added by the DLOADER-YF TROJAN! | No |
| ? | IPHSend | IPHSend.exe | AOL related. What does it do and is it required? | No |
| N | IPInSightLAN 01 | IPClient.exe | IP Insight is a Quality of Service monitor and diagnostic tool that isn't required - see here for more information. Included with services from BellSouth, Visual Networks and others. If you have more that one such service installed there may be two or more entries - i.e., IPInSightLAN 02, etc | No |
| N | IPInSightMonitor 01 | IPMon32.exe | IP Insight is a Quality of Service monitor and diagnostic tool that isn't required - see here for more information. Included with services from BellSouth, Visual Networks and others. If you have more that one such service installed there may be two or more entries - i.e., IPInSightMonitor 02, etc | No |
| Y | IPinst | N/A | For Gilat Communications internet satellite systems. Gilat rescue (Satellite system restore). Required if you have this system. Can cause a BSOD (blue screen of death) if left out | No |
| X | IPLog Security | iplogsec.exe | Added by the IRCBOT.GP BACKDOOR! | No |
| ? | iPlusAgent2 | iAgent2.exe | Related to iriver portable media products. What does it do and is it required? | No |
| X | ipmon.exe | ipmon.exe | Added by the RECERV or R3C.B TROJANS! | No |
| X | IpNetwork | ipnetwork.exe | Maxifiles adware | No |
| X | Ipnuker | Ipnuker.vbs | Added by the INKER.B WORM! | No |
| N | IPO3 | IP Operator 2005.exe | IP Operator 2005 - found on LG Electronics Notebook. The applet makes network connections easier to view and manage than does the standard Windows Network Connections tool. The WLAN module is easy to turn on or off with the press of a single button | No |
| X | Ipod Help | [9 random letters].exe | Added by a variant of the RBOT WORM! | No |
| X | iPOD USB Driver | IPODUSB.EXE | Added by a variant of the RBOT WORM! | No |
| X | iPod USB Service | iPODService.exe | Added by a variant of the RBOT WORM! Do not confuse with the Apple iPod process of the same name. The legitimate iPod file will always be located in the %ProgramFiles%\iPod\bin folder and is implemented as a system service, thus not listed in Msconfig/Startup! | No |
| U | iPodManager | iPodManager.exe | Apple iPod® management software for the iPod® player - updates, formating, restoring and other functions associated with the iPod® | No |
| ? | iPodWatcher | iPodWatcher.exe | Associated with Apple's iPod® player. Detects when the iPod® is connected? | No |
| U | ipoint | ipoint.exe | Microsoft IntelliPoint utility (from version 5.5) - required to support the programmable buttons and additional features and on Microsoft's range of mice, If this entry is disabled, any programmed buttons or program-specific settings will not be supported | Yes |
| X | IPOT Service Drivers | compaq.exe | Added by a variant of the FUROOTKIT TROJAN! | No |
| X | IPOT USB Service DRIVER | hpsebc087.exe | Added by the SDBOT-WA WORM! | No |
| X | IPOT USB Service DRV32 | hpsebc08.exe | Added by the SDBOT-WH WORM! | No |
| N | IPPDetect | IPP4Detect.exe | Part of Presto! Mr.Photo - "an ideal program for creating, sharing, and manag-ing digital images and videos" | No |
| X | ipreg | ipreg.exe | Added by the ZAGABAN-H TROJAN! | No |
| ? | iPrint LPT Redirector | nipplpte.exe | Related to Novell iPrint - "a printing solution that enables you to send documents to printers located throughout the Net." Is it required? | No |
| N | iPrint Tray | iprntctl.exe | Novell® iPrint - based on Novell Distributed Print Services - enables you to send documents to printers located throughout the Net | No |
| U | iProtectYou | ip.exe | iProtectYou - internet filtering/parental control and network monitoring software | No |
| X | iprun | iPY.exe | iProtectYou spyware | No |
| X | IPSEC Configuration | wsupdate.exe | Added by the AGOBOT-IQ WORM! | No |
| X | iPSec7 | ipsec7.exe | Added by the AGENT.AHVR TROJAN! | No |
| U | ipsecdialer | IPSECD~1.EXE | Cisco VPN Client - lets local users gain Administrator privileges on the operating system | No |
| U | ipsecdialer | ipsecdialer.exe | Cisco VPN Client - lets local users gain Administrator privileges on the operating system | No |
| Y | IPSecMon | IPSecMon.exe | Microsoft L2TP/IPSec VPN Client for Win98/Me/NT. Secure technology for making remote access virtual private network (VPN) connections across public networks such as the Internet | No |
| X | IPTable Configuration | Winipcfgs.exe | Added by a variant of the RBOT WORM! | No |
| N | iptray | iptray.exe | System Tray access to Intel Desktop Utilities - "provides you with the means to monitor system temperatures, voltages, fan speeds, and hard drive health; view detailed system information, and test your system hardware for common errors" | No |
| X | IPv6 Helper Driver | csass.exe | Added by the AGOBOT.TC WORM! | No |
| X | IPv6 STUN Service | netstun.exe | Added by a variant of the SDBOT WORM! | No |
| N | IPW | IPW.exe | Internet Phone Wizard from Actiontec - Voice over IP (VoIP) that allows you to "make and receive free Internet calls on your regular phone" whilst "at the same time, make and receive regular (landline) calls on your phone" | No |
| N | ipw | usbipw.exe | Related to Internet Phone Wizard from Actiontec - Voice over IP (VoIP) that allows you to "make and receive free Internet calls on your regular phone" whilst "at the same time, make and receive regular (landline) calls on your phone" | No |
| X | ipwf | ipwf.exe | Added by the SCHOEBERL TROJAN! | No |
| X | IpWins | ipwins.exe | IPWins adware | No |
| X | ipxwshel | ipxwshel.exe | Added by the WAREZOV.DG WORM! | No |
| X | ipyjy | woniz.exe | Added by the SDBOT.BQD WORM! | No |
| ? | IQES.exe | iqes.exe | ?? | No |
| U | Ir41_32.ax | regsvr32.exe Ir41_32.ax | Intel® Indeo® video 4.4 Decompression Filter related. The "Ir41_32.ax" file is located in %System% | No |
| X | irassync | irasyncd.exe | IRASSync adware | No |
| X | irc session | sessionmgr.exe | Added by the SDBOT-ACE WORM! | No |
| Y | IREIKE | IreIKE.exe | Microsoft L2TP/IPSec VPN Client for Win98/Me/NT. Secure technology for making remote access virtual private network (VPN) connections across public networks such as the Internet | No |
| N | iRis Active Monitor | winmon32.exe | Iris Antivirus - discontinued, replace with good alternative | No |
| N | iRiS AntiVirus Active Monitor | WIMMUN32.exe | Iris Antivirus - discontinued, replace with good alternative | No |
| U | iRiver AutoDB | MLService.exe | Associated with the iRiver Music Manager | No |
| N | iRiver Updater | Updater.exe | Updates for the iRiver Music Manager - used with their digital music players | No |
| U | IrMon | IRMON.EXE | System Tray access to infra-red devices. Not required unless you use infra-red devices | No |
| ? | IRPMonitor | itcnmon.exe | ?? | No |
| X | irssyncd | irssyncd.exe | SafeSurfing adware variant | No |
| X | Irwftp | [path to trojan] | Added by the BANCOS-AP TROJAN! | No |
| X | irwftp | iexplorer.exe | Added by the BANKER-AN TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe) | No |
| X | irwftp | ftpmon.exe | Added by the BANCBAN-BO TROJAN! | No |
| U | IrXfer | IrXfer.exe | Microsoft Infrared Transfer application | No |
| X | ir_ftp | ir_ftp.exe | Added by the IRFTP TROJAN! | No |
| X | ir_ftp | irwftp.exe | Added by the BANCOS.H TROJAN! | No |
| N | IS CfgWiz | cfgwiz.exe | Norton Internet Security configuration wizard | No |
| X | iSafeAV | iSafeAV.exe | iSafe AntiVirus rogue security software - not recommended, removal instructions here | No |
| X | isamini.exe | isamonitor.exe | Added by the ZLOB.MEDIA-CODEC TROJAN! This purports to be a Windows Media Player upgrade (with names such as "iCodecPack", "X Password Manager" and "Media-Codec") to allow the user to view adult oriented videos on certain websites - but actually downloads and installs additional malware on the user's machine. Various directories and filenames are used - see the link for details. The most popular for this example appears to be "Video ActiveX Object" | No |
| X | isamonitor.exe | isamonitor.exe | Added by the ZLOB.MEDIA-CODEC TROJAN! This purports to be a Windows Media Player upgrade (with names such as "iCodecPack", "X Password Manager" and "Media-Codec") to allow the user to view adult oriented videos on certain websites - but actually downloads and installs additional malware on the user's machine. Various directories and filenames are used - see the link for details | No |
| X | Isass | Isass.exe | Added by the FUTRO TROJAN! | No |
| X | IsassRenascimento | Issas.exe | Added by the BANKER.GAX TROJAN! | No |
| U | ISBMgr.exe | ISBMgr.exe | Related to Sony ISB Utility | No |
| X | iscch | iscch.exe | Added by the LCPRANK-A WORM! | No |
| N | isdbdc | isdbdc.exe | For Compaq PC's. May install properties in dial-up networking when you register with an ISP | No |
| U | isDeleteMe | isDel.bat | Used by Norton Internet Security to remove certain files and directories on reboot when uninstalling their product | No |
| N | ISDN Monitor | Linksts.exe | Tray icon which gets installed when you install the drivers for Asuscom internal ISDN modem cards (or rebadged Asuscom ISDN cards, such as MRi). This icon enables you to monitor or configure your ISDN card. Once you have configured your ISDN card correctly, you will never need to use this icon | No |
| U | ISDNwatch | IWatch.exe | FRITZ!X ISDNWatch - "dialing filter for more security and control on the ISDN PC. The PC is doubly protected against dialer programs and premium-service numbers: ISDNWatch allows the user to block calls to and from both individual numbers and whole number blocks" | No |
| X | iSecurity applet | rundll32.exe iSecurity.cpl,SecurityMonitor | Added by the DLOADER.UZO TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| X | ish-b.exe | ish-b.exe | Added by the IRCBOT-ACZ TROJAN! | No |
| U | ISHelp | help.exe | ISpy is a security risk that logs keystrokes and captures screenshots. If you didn't install this yourself uninstall it | No |
| U | iShield | iShield.exe | "GuardWare iShield blocks pornographic images when you surf the Internet on your computer using a web browser" | No |
| X | ishost.exe | ishost.exe | Added by the DLOADR-XJ TROJAN! | No |
| Y | ISLP2STA | ISLP2STA.EXE | A process from Cisco Systems Inc associated with Windows Update for wireless NIC drivers | No |
| X | ISMModule | ISMModule.exe | Internet Speed Monitor C adware related - see example here | No |
| X | ISMModule2 | ISMModule2.exe | Internet Speed Monitor C adware related - see example here | No |
| X | ISMModule3 | ISMModule3.exe | Internet Speed Monitor C adware | No |
| X | ISMModule4 | ISMModule4.exe | Internet Speed Monitor A adware related | No |
| X | ISMModule6 | ISMModule6.exe | Internet Speed Monitor C adware related - see example here | No |
| X | ISMModule7 | ISMModule7.exe | Internet Speed Monitor C adware related - see example here | No |
| X | ISMModule8 | ISMModule8.exe | Internet Speed Monitor C adware related | No |
| X | ISMPack5 | ISMPack5.exe | Internet Speed Monitor C adware related - see example here | No |
| X | ISMPack6 | ISMPack6.exe | Internet Speed Monitor C adware related - see example here | No |
| X | ISMPack7 | ISMPack7.exe | Internet Speed Monitor C adware | No |
| X | ISMPack8 | ISMPack8.exe | Internet Speed Monitor C adware related - see example here | No |
| Y | ISP.COM High Speed | slipgui.exe | User interface for Slipstream - internet acceleration through compression/decompression techniques, intelligent cacheing on the server side, and real-time conversion of large/high-bandwidth images to less bulky pix. Used by popular ISPs such as IceNet, Wanadoo, Terra, OnSpeed, United Online and AOL Canada. Required if the user's account is locked in to that proxy server | No |
| X | ISPSERVICE | psycho.exe | Added by the IRCFLOOD-O TROJAN! | No |
| X | ISPSERVICE | wintmp.exe | Added by the IRCBOT.GP BACKDOOR! | No |
| U | iSpyNOW | ispynow.exe | iSpyNOW - remote monitoring and surveillance software | No |
| X | Israfel | Israfel.vbs | Added by the GAGGLE.D or GAGGLE.E WORMS! | No |
| N | IsReminder | ISPopup.exe | Related to GuardWare iShield - this is the registration reminder for the trial version, so not required in startup | No |
| X | ISS | inet.exe | Meplex adware | No |
| X | issearch.exe | issearch.exe | Added by the ZLOB-QF TROJAN! | No |
| X | issEnc32Svr | issEnc32.exe | Added by a variant of the RBOT WORM! | No |
| N | ISSI EZUpdate Service | issimsvc.exe | Part of IBM Global Services - used internally by IBM for automatic updating of software and Microsoft patching | No |
| U | ISStart | ISStart.exe | LogitechGalleryRepair/LogitechVideoRepair - part of Logitech Image Studio - installed with Logitech QuickCam cameras. Required from version 8.11 onwards if you use the software to take pictures and capture videos, not if you don't. Also not required for versions up to and including 7.30 and after version 8.30 - hence the "U" rather than "Y" recommendation | No |
| Y | ISSVC | ISSVC.exe | Part of Norton Internet Security Suite | No |
| Y | ISS_Certtool | certtool.exe | Part of Client Security Software for IBM\Lenovo notebooks. If you have configured the software via the associated wizard this will need to be running if you want to mount password protected areas of the disk (created with SafeGuard PrivateDisk), use the password manager or file/folder encryption options | No |
| X | IST Service | istsvc.exe | ISTBar adware | No |
| X | ist service uninstall | [random filename] | ISTBar adware related | No |
| X | istinstall zazzer.exe | istinstall zazzer.exe | Unidentified adware downloader/installer | No |
| Y | ISTray | pctsTray.exe | System Tray access to both PC Tools Internet Security suite and Spyware Doctor antispyware from PC Tools | Yes |
| N | ISUSPM | isuspm.exe | InstallShield Update Service Scheduler. Automatically searches for and performs any updates to the software so you're always working with the most current version | No |
| N | ISUSPM Startup | ISUSPM.exe | InstallShield Update Service Scheduler. Automatically searches for and performs any updates to the software so you're always working with the most current version | No |
| N | ISUSScheduler | issch.exe | InstallShield Update Service Scheduler. Automatically searches for and performs any updates to the software so you're always working with the most current version | No |
| U | ISW.exe | ISW.exe | Related to Internet Security Wizard from AT&T (formerly BellSouth Premium Internet Security) alerts users about any potential security threats. It should not be uninstalled unless the user wants to completely remove all traces of AT&T Internet Security Suite | No |
| X | isxa | isxa.exe | Added by the SMALL-EIV TROJAN! | No |
| N | iSysCleaner | iSysCleaner.exe | iSysCleaner - a simple tool that searches for junk files on your computer and allows you to delete them. Simple cleaning maintenance can be done by the user | No |
| X | isystem | isystem.exe | Added by the CHORUS-A TROJAN! Searchforfree browser hijacker | No |
| X | ItalU | italfds.exe | Added by a TROJAN - see here | No |
| U | Itk | Itk.exe | In The Know - surveillance software that creates records of everything people do on a computer, ie, spying or monitoring depending upon how you call it | No |
| U | itk.exe | itk.exe | Insert ToggleKey by Mike Lin. ITK sounds a tone whenever you press Insert | No |
| U | iTouch | iTouch.exe | Loads the iTouch configuration program for Logitech keyboards. It's needed if your keyboard has shortcut buttons and if you use them. It's also needed if your keyboard does not have the num lock, caps lock, and scroll lock lights on it and you use the on-screen displays for num lock, caps lock, and scroll lock | No |
| N | ItsDeductiblePopUp | ItsDeductible.exe | ItsDeductible from Income Dynamics. Calculates your noncash donations quickly and easily. This startup entry checks a registry entry for the next 'PopUp' date and if it is a past or current date displays a program related tip | No |
| X | ITUNES | itune.exe | Added by the RBOT-ZU WORM! | No |
| X | ITUNES | itunes.exe | Added by a variant of the RBOT WORM! Note - do not confuse with the legitimate Apple iTunes process with the same filename which is always located in %ProgramFiles%\iTunes. This one is located in %System% | No |
| X | Itunes | dials.exe | Detected by Kaspersky as the AGENT.MM TROJAN! | No |
| X | Itunes | itunes.exe | Added by the OSCABOT-L WORM! Note - do not confuse with the legitimate Apple iTunes process with the same filename which is always located in %ProgramFiles%\iTunes. This one is located in %Windir% | No |
| Y | iTunes Helper | iTunesHelper.exe | Installed with Apple's iTunes for Windows. Uses ~3-4MB of memory and if disabled in MSCONFIG or deleted from the registry it will re-instate itself after running iTunes a few times - hence the reluctant Y recommendation | No |
| X | iTunes Music | iTunesHelper32.exe | Added by the SDBOT.CHK WORM! | No |
| X | iTunesAgent | ita.exe | Added by the TACTSLAY.U TROJAN! | No |
| X | itunesff | itunesff.exe | Added by the EB adult premium dialer | No |
| Y | iTunesHelper | iTunesHelper.exe | Installed with Apple's iTunes for Windows. Uses ~3-4MB of memory and if disabled in MSCONFIG or deleted from the registry it will re-instate itself after running iTunes a few times - hence the reluctant Y recommendation | No |
| U | itype | itype.exe | Microsoft IntelliType Pro utility (from version 5.5) - required to support the multimedia keys, programmed keys and key macros on Microsoft's range of keyboards. If this entry is disabled, any keys or key combinations that are changed by the user to perform functions other than default settings, defer back to their default settings and supported keys will not function in applications with advanced text services enabled | Yes |
| N | Iusage | netdet.exe | Internet Usage Monitor - utility to calculate the cost and time on the internet via dial-up | No |
| X | iut75 | uzcx.exe | Added by the DLOADER-AXV TROJAN! | No |
| X | iv | iv.exe | Part of the Internet Antivirus and Internet Antivirus Pro rogue security software - not recommended, removal instructions here | No |
| X | ivHost | taskManager.exe | Added by a variant of the SPYBOT WORM! See here | No |
| X | ivHost | [6 random letters].exe | Added by a variant of the SPYBOT WORM! See examples here and here | No |
| N | IVPServiceMgr | ivpsvmgr.exe | Toshiba IVP Service Manager application which appears as a red satellite dish icon in the System Tray. This is Toshiba's equivalent to the Windows Automatic Update feature as, whenever you are connected to the Internet, it will check for Windows updates and Toshiba updates | No |
| X | ivy.exe | ivy.exe | Added by the AGENT-ENZ TROJAN! | No |
| N | IW ControlCenter | iwctrl.exe | Pinnacle Systems InstantWrite enables you to use your CD-R, CD-RW and DVD-RAM drive just like a hard disk or floppy disk. You can drag and drop files, create new directories right on your CD-R, CD-RW or DVD-RAM. Maybe required if you use this feature on a regular basis | No |
| U | iwctrl | iwctrl.exe | Pinnacle Systems InstantWrite enables you to use your CD-R, CD-RW and DVD-RAM drive just like a hard disk or floppy disk. You can drag and drop files, create new directories right on your CD-R, CD-RW or DVD-RAM. Maybe required if you use this feature on a regular basis | No |
| U | IW_Drop_Icon | iwctrl.exe | Pinnacle Systems InstantWrite enables you to use your CD-R, CD-RW and DVD-RAM drive just like a hard disk or floppy disk. You can drag and drop files, create new directories right on your CD-R, CD-RW or DVD-RAM. Maybe required if you use this feature on a regular basis | No |
| X | ixplore | ixplore.exe | Added by the SDBOT-CY TROJAN! | No |
| X | ixproxy | [path to trojan] | Added by the XORPIX-A TROJAN! | No |
| X | ixsso | ixsso.exe | Added by the AGENT.AM TROJAN! Note - example names include "XviD", "Winamp Remote", "Windows Media Player" and "Futuremark" | No |
| X | iyelejiv | yujixit.exe | Added by the SDBOT.BJK WORM! | No |
| ? | IZE | N/A | ?? | No |
| N | j2 Tray Menu | HotTray.exe | eFax Messenger Tray Menu system tray icon for eFax Messenger Plus. Available via Start -> Programs. Disabling instructions available here | No |
| X | JA Cfg Util v2 | jacfg2.exe | Added by the RBOT-AL WORM! | No |
| X | JA Config 32 | Awesome32.exe | Added by a variant of the SDBOT WORM! | No |
| U | Jammer | jammer.exe | Jammer by Agnitum - "Jammer is the last word in Internet security. It combines a user-friendly interface with very sophisticated and powerful security measures that protect your Windows system while you are surfing the web" | No |
| X | Jammer2nd | Jammer2nd.exe | Added by the NETSKY.Z WORM! | No |
| X | java | remote.cmd | Added by the BANKER-EHG TROJAN! | No |
| X | java | system.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| X | Java applet | javaup.exe | Added by the SDBOT-ACF WORM! | No |
| X | Java Auto Update | ujm.exe | Added by the SDBOT-ADH WORM! | No |
| X | Java Runtime Environment | jbuild.exe | Added by the DELBOT-J WORM! | No |
| X | Java Runtime Value | runjava.exe | Added by the RBOT-DDJ WORM! | No |
| X | Java Runtimes | iexplore.exe | Added by the KILLAV.B WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This file is located in a %Windir%\Java\Java folder | No |
| X | Java Softe | Java32.com | Added by the RBOT.ECN WORM! | No |
| X | Java update | javaqs.exe | Added by the SWARLEY.A WORM! | No |
| X | Java Update | keeper.exe | Added by the AGENT-DIS TROJAN! | No |
| X | Java Update | svchost.exe.exe | Added by the AGENT-LBS TROJAN! | No |
| X | Java Virtual Machine | javaw.exe | Added by a variant of the RBOT WORM! | No |
| N | Java(TM) Platform SE 6 | jusched.exe | Checks with Sun's Java updates site to see if newer Java versions are available. Either visit the Java download page or click on Start → Control Panel → Java → Update → Update Now | Yes |
| N | Java(TM) Platform SE 6 U* | jusched.exe | Checks with Sun's Java updates site to see if newer Java versions are available. Either visit the Java download page or click on Start → Control Panel → Java → Update → Update Now. U* represents the update version, i.e., 6.0 Update 11 | Yes |
| N | Java(TM) Platform SE Auto Updater 2 0 | jusched.exe | Checks with Sun's Java updates site to see if newer Java versions are available. Either visit the Java download page or click on Start → Control Panel → Java → Update → Update Now | Yes |
| X | Java**.exe [* = random char] | Java**.exe [* = random char] | CoolWebSearch/HomeSearch adware - for examples, see this log | No |
| X | Java**32.exe [* = random char] | Java**32.exe [* = random char] | CoolWebSearch/HomeSearch adware - for examples, see this log | No |
| X | java-plugin | javasctp.exe | Added by the VB.AMX TROJAN! | No |
| X | Java32 Configuration Loader | msnmesgr.exe | Added by a variant of the RBOT WORM! | No |
| X | JavaCore | JavaCore.exe | Added by the MATCASH TROJAN! | No |
| X | Javascript | jscript.exe | Added by the DELBOT-AD WORM! | No |
| X | JavaScript Debugging Service | JsDbgMan.exe | Added by the DERDERO.E WORM! | No |
| X | JavaScriptMsxrs | Msxrs.exe | Added by the VB.BL WORM! | No |
| X | JavaTray | traymgr.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | JavaUpdate0.07 | [filename] | Added by the JUPDATE TROJAN! | No |
| X | JavaUpdateSched | jusched32.exe | Added by the BCKDR-CKB BACKDOOR! | No |
| X | JavaVM | java.exe | Added by the MYDOOM.M WORM and variants! Note - not to be confused with the valid Windows "java.exe" which is located in %System% as this is located in %Windir% | No |
| X | javawsa.exe | javawsa.exe | Added by the BANK-Y TROJAN! | No |
| X | jawa32 | jawa32.exe | Added by the AGENT.BG WORM! | No |
| X | Jawa322 | jawa32.exe | Added by a variant of the AGENT.BG trojan | No |
| N | JB | Jiffybar.exe | "Get Paid As You surf" application | No |
| X | jcidls | [random filename] | Added by a variant of the SLAPER TROJAN! | No |
| ? | Jessops Insert Detect | InsDetect.exe | Part of Jessops Picture Suite. Detects a digital camera is plugged into a USB port or when a memory card with photos is inserted? | No |
| N | Jet Detection | ADGJDet.exe | Added with SoundBlaster Live! or Audigy soundcards for headphone autodetection | No |
| Y | JetAdmin Discovery Indicator | HPJETDSC.EXE | HP JetAdmin software for HP JetDirect Print Servers. HPJETDSC.EXE is the file necessary for the JetAdmin Discovery Indicator (paper airplane in the taskbar). It gets launched automatically through the registry, and remains active to control the Discovery Indicator | No |
| X | jete | yujixit.exe | Added by the SDBOT.BRT WORM! | No |
| X | Jfwehnrt | ghgfjrs.exe | Added by the SDBOT-IJ WORM! | No |
| X | jiahus | svchqs.exe | Added by the WOWPWS-AL TROJAN! | No |
| X | jijbl | ezlwy.bat | Added by the REDDW WORM! | No |
| X | jkdfj94kgdftdf | winlogan.exe | Added by the ZLOB.BZ TROJAN! | No |
| U | JMB36X Configure | JMRaidTool.exe | JMB36x series RAID configuration utility from JMicron Technology for their PCI Express to SATA II and PATA Host Controllers | No |
| Y | JMB36X Configure | JMRaidSetup.exe | JMB36x series RAID configuration utility from JMicron Technology for their PCI Express to SATA II and PATA Host Controllers | No |
| U | JMB36X IDE Setup | JMInsIDE.exe | JMB36x series IDE (or Parallel ATA) configuration utility from JMicron Technology for their PCI Express to SATA II and PATA Host Controllers | No |
| U | JMB36X IDE Setup | xInsIDE.exe | JMB36x series IDE (or Parallel ATA) configuration utility from JMicron Technology for their PCI Express to SATA II and PATA Host Controllers. This is normally located in %Windir%\RaidTool | No |
| X | jmudkve.dll | rundll32.exe jmudkve.dll,mzrwkwf | Added by the AGENT-DJD TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "jmudkve.dll" file is found in %System% | No |
| X | Jnskdfmf9eldfd | csrssc.exe | Added by the AGENT.EBC TROJAN! | No |
| U | Job-oversigt | taskmon.exe | Task Monitor (on Danish language versions of Windows) - checks the disk-access patterns of programs when they are started and stores this information in log files in the Applog folder. Task Monitor also records the number of times you use a program. Task Monitor also records the number of times you use a program. The Disk Defragmenter tool uses this information to optimize your hard disk so that programs that you use frequently are loaded faster. Not required - but can be useful. Note: for Norton Anti-Virus 2002 users, loading TaskMonitor will typically solve many, if not most, of those annoying IE scripting errors (per Symantec's Knowledgebase) | No |
| U | JobHisInit | JobHisInit.exe | Used by Ricoh network printers to enable network printing from the client | No |
| U | Jog Serve | JogServ2.exe | "Jog Dial" on a Sony Vaio laptop. The dial can select various functions such as control audio. Needed if you use its features | No |
| U | JogServ2 | JogServ2.exe | "Jog Dial" on a Sony Vaio laptop. The dial can select various functions such as control audio. Needed if you use its features | No |
| X | johkjh | srvd.exe | Added by a variant of the SLAPER TROJAN! | No |
| X | john315 | srrvc.exe | Added by a variant of the MAILBOT-BI TROJAN! | No |
| X | johnj315 | srvc.exe | Added by a variant of the MAILBOT-BI TROJAN! | No |
| X | johnj3155 | srvcc.exe | Added by a variant of the MAILBOT-BI TROJAN! | No |
| X | johnj3cd | srvdc.exe | Added by a variant of the SLAPER TROJAN! | No |
| X | jon315 | [path to trojan] | Added by the MAILBOT-BI TROJAN! | No |
| ? | jotl | millenzje.exe | ?? | No |
| U | JOYTECH USB Neo S Controller | JoytechNeoSTrayIcon.exe | System Tray access to Joytech Neo S PC gamepad controller software | No |
| X | jpgdiag | [path to worm] | Added by the STRATION-AN WORM! | No |
| X | jpupd | jpupd.exe | Added by the DIALER.CM TROJAN! | No |
| X | Jreg | Jreg2b.exe | FlashEnhancer adware | No |
| X | jucheck | jucheck.exe | Added by the SCRIMGE.O WORM! | No |
| X | Jufualt | winxp2.exe | Added by the SDBOT-AAB WORM! | No |
| X | Jufualt | svhost.exe | Added by the SDBOT-ADJ WORM! | No |
| X | Jufualt | java2.exe | Added by the SDBOT.AOE WORM! | No |
| N | Juno_uoltray | exec.exe | Juno ISP software - not required | No |
| N | jusched | jusched.exe | Checks with Sun's Java updates site to see if newer Java versions are available. Either visit the Java download page or click on Start → Control Panel → Java → Update → Update Now | Yes |
| X | jusched | [path to trojan] | Added by the BANKER-BWR TROJAN! | No |
| X | jusched | jusched.exe | Added by the BANKER-BOV TROJAN! Note that this is not the legitimate Sun Microsystems file (of the same name) which is usually located in %Program Files%\Java\version number\bin. This one is located in %System% | No |
| X | jushed32.exe | jushed32.exe | CoolWebSearch parasite variant - also detected as the BIZTEN-L TROJAN! | No |
| X | jusodl | severe.exe | Added by the QQPASS.48436 TROJAN! | No |
| U | JussDropUtility | JussDrop.exe | Related to DropShots Inc. A subscription based service for family to connect, converse and share photos and videos | No |
| N | JustVoip | JustVoip.exe | JustVoip - free internet telephony utility using the VoIP (Voice over Internet Protocol). Call online friends for free and regular phones either for free (limited use) or low rates. One of a number provided by Betamax - the others generally have different rate plans. Similar to the more popular Skype | Yes |
| X | jutsu | jutsu.exe | Added by the RBOT-LS WORM! | No |
| U | jv16 PT TempFileTool | TempTool.exe | jv16 PowerTools File Cleaner - "allows you to find obsolete and left-over temporary files" | No |
| U | jv16PT - Privacy Protector | Task.jvb | jv16 PowerTools Privacy Protector - "allows you to protect your privacy by automatically clearing out all the unwanted history items and cookies from you computer, every time you start your computer" | No |
| U | Jv16pt Network Resident | jv16pt_network.exe | jv16 PowerTools network resident program. Only needed if you are using the program's network features | No |
| X | JvcHost | jvcsvc32.exe | Added by the AGOBOT-AIU WORM! | No |
| X | jvdnlssn | fljzsshc.exe | Flingstone.com adware - and its Golden Palace Casino program | No |
| X | JVM0 | JVM0.exe | Added by the BANLOA-AX TROJAN! | No |
| X | JVM0.12 | [random filename] | Added by the TEADOOR-A TROJAN! | No |
| X | JVM0.14 | [random filename] | Added by the TEADOOR-B TROJAN! | No |
| X | jvms.exe | jvms.exe | Added by the ORCU.B TROJAN! | No |
| X | JW Manager | jwmngr.exe | Added by the DELBOT-G WORM! | No |
| X | jxef1104 | jxef1104.exe | Added by the XIPI-A WORM! | No |
| X | JXL Radio | jxl.exe | Added by the RBOT-EBE WORM! | No |
| U | jx_Key | Rundll32 JXKey.dll,Rundll32Main | Boolospy keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| X | jysyqm | [random filename] | ZenoSearch adware | No |
| ? | Jzi16 | jzi16.exe | ?? | No |
| X | jzvfvsqpc | jzvfvsqpc.exe | Added by the AGENT-GWP BACKDOOR! | No |
| X | K2ps_full.task | K2ps_full.exe | Added by the JUNTADOR.K TROJAN! | No |
| N | K6CPU.EXE | K6CPU.EXE | Authenticates CPU as K6 in system properties | No |
| X | Kadoc | [random filename].exe | Added by the STAPREW TROJAN! | No |
| U | KADxMain | KADxMain.exe | System Tray access to IntelliSonic Speech Enhancement - by Knowles Acoustics. Designed to render speech from a user selectable direction, while canceling interfering speech from other directions, thus minimizing the effects of environmental noise and eliminating acoustic echo feedback. Found on some Dell and Fujitsu Seimens laptops | No |
| X | kak | kak.hta | Added by the KAKWORM WORM! | No |
| U | Kalender | Kalender.exe | UK's Kalender "helps you organizing your dates and tasks and reminds you of upcoming events" | No |
| U | Kalibump | Kalibump.exe | Used with the now unsupported Kali software for on-line gaming. This is used to automatically bump up the priority of WinProxy to GREATLY improve game speed when using a SOCKS proxy | No |
| X | kalvsys | kalv****.exe [* = random char] | EliteBar adware | No |
| X | kalvsys | kalv***32.exe [* = random char] | EliteBar adware | No |
| X | kamsoft | ckvo.exe | Added by the GAMANIA-BW TROJAN! | No |
| N | Kana Reminder | Reminder.exe | Kana Reminder is a program which can be used to set a reminder to be triggered at a specified time | No |
| U | Karen's Once-A-Day II | PTOAD.exe | "Have a job that should be run exactly once each day? Karen's Once-A-Day II is just what you need!" Scheduler that lets you specify progams, web pages and files that be run or opened automatically, the first time | No |
| U | KASP | OESpamTest.exe | Kaspersky Anti-Spam | No |
| X | Kasper Antivirus | KASPERANTIVIRUS.EXE | Added by a variant of the SPYBOT WORM! | No |
| Y | Kaspersky Anti-Hacker | KAVPF.exe | Kaspersky Anti-Hacker personal firewall - no longer available | No |
| Y | Kaspersky Anti-Virus Monitor | AvpM.exe | Kaspersky Anti-Virus Lite - no longer available | No |
| X | Kaspersky Antivirus | KasperskyAV.exe | Added by a variant of the RBOT WORM! | No |
| X | Kaspersky Email Security | javaupd.exe | Added by the SWARLEY.A WORM! | No |
| X | kaspersky32 | kasperskyLabs32.exe | Added by the RBOT-GOT WORM! | No |
| X | KasperskyAv | kaspersky.exe | Added by the MIMAIL.T WORM! Note - this has nothing to do with the real Kaspersky anti-virus | No |
| X | KasperskyAVEng | Kasperskyaveng.exe | Added by the NETSKY.V WORM! | No |
| X | KAT | KAT.vbs | Added by the SOAD-D WORM! | No |
| U | KatMouse | KatMouse.exe | KatMouse - utility to enhance the functionality of mice with a scroll wheel, offering 'universal' scrolling, etc | No |
| Y | kav | avp.exe | Kaspersky anti-virus and AOL's Active Virus Shield (by Kaspersky) - found in either a Kaspersky or AOL sub-directory | No |
| X | kava | kavo.exe | Added by the LINEAG-GLG TROJAN! | No |
| X | KAVFOX | win1ogoin.exe | Added by the GWGHOST-M TROJAN! | No |
| X | kavir | kavir.exe | Added by a variant of the Storm/Nuwar/Zhelatin WORM! See here for an example | No |
| X | KAVPersonal | svchost.exe | Added by the LINEAGE-V TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| Y | KAVPersonal50 | Kav.exe | Kaspersky Anti-Virus Personal 5.0 | No |
| X | KAVPersonal90 | wscntfy.exe | Added by the BANKER-FZ TROJAN! | No |
| Y | KavPFW | KavPFW.exe | KingSoft Personal Firewall | No |
| X | KavRuns | Windll.exe | Added by the TRYNOMA TROJAN! | No |
| Y | KavStart | KAVStart.exe | KingSoft Personal Firewall | No |
| Y | kavsvc | kavsvc.exe | Kaspersky antivirus | No |
| X | KavSvc | ******.exe reg_run [* = random char] | Added by the QOOLOGIC TROJAN! | No |
| X | kavsvc | [random 6 char filename] | Added by the QOOLOGIC TROJAN! Uses random file names (examples: nzkklz.exe, rzazzi.exe, ivpaan.exe) | No |
| X | KAVutil | [worm filename] | Added by the WINTOO.B WORM! | No |
| N | KAZAA | kazaa.exe | KAZAA is a file-sharing program which unfortunately being ad-based includes "Cy-door" adware. Check here for information about "Cy-door" and here for a program that can remove it | No |
| N | KAZAA | [path] kpp.exe [path] kazaalite.kpp | System Tray access to later versions of the Kazaa Lite P2P file sharing utility - namely the K++ and Resurrection variants. Kazaa Lite is the unauthorized modification of the original Kazaa Media Desktop - with the malware removed | No |
| X | Kazaa Download Accelerator Updater (required) | regsvr32 kdp****.dll [* = random char] | SafeguardProtect/Veevo hijacker. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The random DLL file is found in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| X | Kazaa lptt01 | kazaa.exe | RapidBlaster variant (in a "kazaa" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here. Note - this is not the valid KaZaA file sharing program which has the same executable name | No |
| X | Kazaa ml097e | kazaa.exe | RapidBlaster variant (in a "kazaa" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here. Note - this is not the valid KaZaA file sharing program which has the same executable name | No |
| X | KAZAACuf | 9 | Added by the KITRO.D (or ARGEN.A) WORM! | No |
| N | kazaalite | kazaalite.exe | Kazaalite is a file sharing client - not to be confused with the original Kazaa program. Unlike the original, this one does not contain any advertising or tracking mechanisms | No |
| N | KaZooM | KaZooM.Exe | KaZoom from Blue Haven Media - "add-on application that automatically speeds up the download process and finds the files you want with far more power than regular KaZaA searches" | No |
| X | kb | AUTO.txt | Added by the BRONTOK-CV WORM! | No |
| Y | KB891711 | KB891711.exe | Installed by the Windows KB891711 critical update, see this security bulletin - this file reportedly needs to continue running in order to patch the vulnerability, at least until a more practical solution is found. There have however been reports of fatal exception errors in systems running Windows 98, and in such a case Microsoft advises to either uninstall the patch (Add/Remove Programs) or prevent it from running at startup | No |
| Y | KB918547 | KB918547.EXE | Bug-fix for a Microsoft graphics rendering engine vulnerability - see here. Windows 98/Me only | No |
| Y | KB926239 | rundll32.exe apphelp.dll, ShimFlushCache | Microsoft KB926239 fix. Windows Media Player 10 may close unexpectedly on a Windows XP-based computer | No |
| U | KBD | KBD.EXE | Multimedia keyboard manager. Required if you use the multimedia keys | No |
| U | KBD | KbdStub.EXE | Key Watcher from HP - watches for Multimedia Keys on HP keyboards | No |
| U | KBD MediaCenter | MEDIACTR.EXE | Multimedia keyboard manager. Required if you use the multimedia keys | No |
| X | kbddrv32 | kbddrv32.exe | Added by the CRYPTER.A TROJAN! | No |
| X | kbddrvinf | kbddrvinf.exe | Added by the CRYPTER.A TROJAN! | No |
| N | KCeasy | KCeasy.exe | KCeasy - a Windows peer-to-peer filesharing application which uses giFT as its 'back end' foundation. The networks currently supported are OpenFT and Gnutella | No |
| U | KClient | kstatus.exe | KClient Kerberos client software for Win32 systems. It provides the libraries and utilities needed to use Kerberos-based PC applications developed by Computing Services such as KWeb and NiftyTelnet | No |
| X | Kcrner | Kcrner.exe | Added by the LINEAG-AIL TROJAN! | No |
| X | kdmsx | [8 random letters].exe | Added by the SDBOT.AIJ BACKDOOR! | No |
| N | kdx | KHost.exe | Verisign Kontiki Delivery Management System - Windows-based client software that enables secure delivery of content to users' desktops | No |
| U | KE9801 | DriBat32.exe | KE9801 multimedia keyboard driver - required if you use the multimedia keys | No |
| X | Keenvalue | Keenvalue.exe | KeenVal adware | No |
| X | KeepCop | KeepCop.exe | KeepCop rogue security software - not recommended, removal instructions here. A member of the AntiAID family | No |
| X | KeepCop.exe | KeepCop.exe | KeepCop rogue security software - not recommended, removal instructions here. A member of the AntiAID family | No |
| X | kell | liser.exe | Added by the AGENT.AUTP TROJAN! | No |
| U | KEMailKb | KEMailKb.EXE | Controls the buttons at the top of the Micro Innovations 650i Internet Access Keyboard. If you disable it you cannot use the buttons - like volume control or shut down | No |
| ? | Kemet | kemet.exe | ?? | No |
| U | KeNotify | KeNotify.exe | Toshiba utility found on their laptops. This program is responsible for the Toshiba LapTop Help 'FlashCards' utility that sits at the top of the screen giving easy access to the 'F keys' alternative functions such as Lock,Power Mode,Sleep etc | No |
| X | kERe | kERe.exe | Added by the BRONTOK-BT WORM! | No |
| U | Kerio VPN Client | kvpnclient.exe | Kerio VPN Client | No |
| X | kern64dll | [random filename] | Added by the TARNO.J TROJAN! | No |
| X | Kernal Fault Check | ntosrkl.exe | Added by a variant of the SDBOT WORM! | No |
| X | kernctl32 | rundll32 kctl32.dll, initialize | Added by the AGENT.AT TROJAN! | No |
| X | Kerne0223 | Kerne0223.exe | Added by the LEGMIR-ZA TROJAN! | No |
| X | Kernel | bboy.exe | Added by the MUMU.B WORM! | No |
| X | Kernel | services.exe | Added by the FOOZ-A TROJAN! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | kernel | kernel.exe | Added by the MATCASH.CF TROJAN! | No |
| X | KERNEL 32 | SKERNEL32.com | Added by the SEMAPI-A WORM | No |
| U | Kernel and Hardware Abstraction Layer | KHALMNPR.EXE | Part of the Logitech Setpoint software for their wired and wireless mice and trackballs. Sets the Windows mouse sensitivity to minimum. The idea is that you will use the SetPoint Control Panel to adjust your mouse sensitivity. This setting is maintained separately from the Windows setting, but is combined with the Windows setting to determine the final sensitivity. For this reason, KHALMNPR sets the Windows setting to 0 so it doesn't alter the one you set in SetPoint | No |
| X | Kernel Faults | ftphost.exe | Added by the RBOT.BHU WORM! | No |
| X | Kernel Loader | ntkrnl.exe | Added by the CERVIVEC.A WORM! | No |
| X | Kernel Manager | krnlmgr.exe | Added by the JUNY.A TROJAN! | No |
| X | Kernel Safe Mode | smss.exe | Added by the 78CRACK-A TROJAN! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | Kernel Services | service32.exe | Added by the PRX-B TROJAN! | No |
| X | kernel system daemon | ACTIVAT0R.exe | Added by the RANDEX.AW WORM! | No |
| X | kernel12.exe | kernel12.exe | Added by an unidentified WORM or TROJAN! | No |
| X | kernel32 | kern32.exe | Added by the BADTRANS.A WORM! | No |
| X | Kernel32 | Kernel32.exe | Added by a number of VIRUSES, WORMS and TROJANS! | No |
| X | kernel32 | kernel.dli | Added by the NETDEVIL.B TROJAN! | No |
| X | Kernel32 | Kernel.dll | Added by the REDLOF.M VIRUS! | No |
| X | kernel32 | kernel32.dlI | Added by the NETDEVIL.15 TROJAN! | No |
| X | Kernel32 | krnl32.exe | Added by the EPON WORM! | No |
| X | Kernel32 | Kernel32.win | Added by the GAGGLE.D or GAGGLE.E WORMS! | No |
| X | Kernel32 | kernel32s.exe | Added by the BCKDR-CIC BACKDOOR! | No |
| X | kernel32 | kernel32.dll.vbs | Added by the WEKODE-A WORM! | No |
| X | Kernel32 | svchosts.exe | Added by an unidentified WORM or TROJAN! | No |
| X | kernel32dll | guardpc.exe | Added by the FORBOT-CU WORM! | No |
| X | kernel44.dll | taskkill /f /fi "PID ge 0" /im * | Added by the VBS.LIDO WORM! | No |
| X | KernelCheck | sys****.exe [* = digit] | Added by an unidentified TROJAN! | No |
| X | KernelCheck | winser.exe | Added by the TSPY_LMIR.SL TROJAN! | No |
| X | KernelConfig | destiny32.exe | Added by the AGOBOT.AMB WORM! | No |
| N | kernelfaultcheck | dumprep 0 -k | Used in connection with memory dumps - you can disable these by - right clicking on My Computer, selecting Properties and then the Advanced tab. Click on the Settings button in 'Startup and Recovery'. In the bottom pane - under 'Write debugging information' - click on the down arrow and then select 'None' - OK your way out | No |
| N | kernelfaultcheck | dumprep 0 -u | Used in connection with memory dumps - you can disable these by - right clicking on My Computer, selecting Properties and then the Advanced tab. Click on the Settings button in 'Startup and Recovery'. In the bottom pane - under 'Write debugging information' - click on the down arrow and then select 'None' - OK your way out | No |
| X | KernelFaultCheck | ptool32.exe | Added by the LEGMIR-BN TROJAN! | No |
| X | KernelFaultCheck | msime.exe | Added by the TINY-P TROJAN! | No |
| X | KernelFaultCheck | tell32.exe | Added by the LEGMIR-BF TROJAN! | No |
| X | KernelFaultCheck | winabc3.exe | Added by the NUBYS-A VIRUS! | No |
| X | KernelFaultCheck | winbin.exe | Added by the DLOADR-AAX TROJAN! | No |
| X | KernelFaultChk | sms.exe | Added by the DEADHAT WORM! Do not confuse with the valid "kernelfaultcheck" which runs "dumprep 0 -k" or "dumprep 0 -u" | No |
| X | Kernell | systems.exe | Added by the TARNO.C TROJAN! | No |
| X | Kernell32 | Kernell.dll | Added by the DESTINY.A TROJAN! | No |
| X | KernellApps | csrss.exe | Added by the BANCBAN-AC TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "System" subfolder | No |
| X | KernellApps | lexplore.exe | Added by the BANCBAN-BS TROJAN! Note - the executable is spelt with a lower case "L" rather than an lower or upper case "i" which is the case with Internet Explorer | No |
| X | KernellApps | svshosti.exe | Added by the BANCBAN-V TROJAN! | No |
| X | KernellApps32 | smss.exe | Added by the BANCBAN-AN TROJAN! Note - this is not the legitimate smss.exe process which should not normally figure in Msconfig/Startup! | No |
| X | KernelRuntime | [path to worm] | Added by the MYTOB-JO WORM! | No |
| X | Kernelw | Kernelw32.exe | Added by the INDOR.E WORM! | No |
| X | Kernel_check | wmiprvse.exe | Added by the SONEBOT-B WORM! Note - this is not the legitimate wmiprvse.exe process which is always located in the %System%\wbem folder and should not normally figure in Msconfig/Startup! | No |
| X | key | sysxp.exe | Added by the BEAGLE.AB WORM! | No |
| X | key | sys_xp.exe | Added by the BEAGLE.AC WORM! | No |
| X | key | winxp.exe | Added by the BEAGLE.AG WORM! | No |
| X | Key Logger | csrss.exe | Added by the BUCHON.A WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in the root folder (ie, C:\) | No |
| N | Key Text | KeyText.exe | Key Text 2000 from MJMSoft Design - utility to automate repetitive keyboard tasks. Available via Start -> Programs | No |
| X | Key1 | Rlid.exe | Added by the LIXY TROJAN! | No |
| ? | Key2 | serve.exe | ?? | No |
| X | key2 | winlog.exe | Added by the BAGLEDI-AL TROJAN! | No |
| Y | KeyAccess | keyacc32.exe | KeyServer KeyAccess client software - "when the KeyServer program is launched, the KeyServer process becomes active so license requests from client computers can be serviced. Without KeyAccess, a keyed program cannot run, so license control is very secure" | No |
| X | Keybdcntl | keybdcntl.exe | Added by a variant of the CRYPTER.C TROJAN! | No |
| U | KeyBoard | Keyboard.exe | Labtec keyboard utility | No |
| X | keyboard | keyboard*.exe [* = number] | Detected by Kaspersky as the VB.ZG TROJAN! | No |
| X | keyboard | kybrdef_7.exe | DollarRevenue adware | No |
| X | keyboard | [path to trojan] | Added by the DLOADR-AOZ TROJAN! | No |
| X | Keyboard | lsass.exe | Added by the AGENT.US WORM! Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %CommonAppData%\Fearghus | No |
| N | Keyboard Customizer | TpKmapAp.exe | Part of the Keyboard Customizer Utility for IBM/Lenovo Thinkpad notebooks. This is the main user interface for the utility but it doesn't normally seem to be running if enabled at startup. Also, it doesn't appear to need to be running for custom key combinations to work (via TpKmapMn.exe) | Yes |
| U | Keyboard Manager | MMKeybd.exe | Multimedia keyboard manager. Required if you use the additional keys | No |
| Y | Keyboard Preload Check | Preload.exe | Millenium Multi-Function Keyboard driver | No |
| ? | Keyboard Status | KeyStat.exe | Multimedia keyboard manager for Medion desktop and notebook PCs? Located in %ProgramFiles%\Medion\KeyStat | No |
| X | keyboard_enum | keyboard_enum.exe | Added by the BDOOR-GP BACKDOOR! | No |
| U | keyhook | keyhook.exe | Hotkey manager for Silicon Integrated Systems (SiS) based graphics chipsets - disable unless you use hotkeys | Yes |
| U | KeyMaestro | kmaestro.exe | Multimedia keyboard manager. Required if you use the multimedia keys | No |
| U | keymap | keymap.exe | System Tray utility and background task used by games produced by Kesmai (published by Interactive Magic) and which enables you to program keys to do specific actions during the game | No |
| X | keymgrldr | rundll32 setupapi, InstallHinfSection... keymgr3.inf | CoolWebSearch Oemsyspnp parasite variant | No |
| U | KeyPatrol | KeyPatrol.exe | KeyPatrol - key logger detector using both behavioral and pattern-matching algorithms that used to be part of PestPatrol before CA's aquisition | No |
| U | keyplusplus | startk.exe | Key++ Invisible Spy Keylogger keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| X | keyserv | keyserv.exe | KeyThief spyware | No |
| U | Keyspan Digital Media Remote | KDMRdmn.exe | Remote control driver for Keyspan Digital Media Remote devices | No |
| U | keystroke | keystroke.exe | QuickLaunch surveillance software. Uninstall this software unless you put it there yourself | No |
| U | KeyWallet | KWallet.exe | "KeyWallet is a useful and convenient desktop utility that spares you the trouble of filling in your logins, passwords and other personal data manually" | No |
| X | kfienq | masbl.bat | Added by the KIFER TROJAN! | No |
| X | kgjdi27 | kgjdie27.exe | Added by the SDBOT.AP BACKDOOR! | No |
| X | Kgjg | rnnypbw.exe | Added by the QuickLinks/Forethought adware | No |
| X | KHATARNAK Loader | KHATARNAK.exe | Added by the AUTORUN.ACO WORM! | No |
| N | khooker | khooker.exe | SiS Keyboard Daemon. System Tray utility which gets installed by the drivers of the latter day SiS VGA cards. Can cause errors at startup and isn't required | No |
| X | Kiamat Sudah Dekat_16_04 | ISASS.exe | Added by the PAHATIA.B WORM! | No |
| U | KICKMON.EXE | KICKMON.EXE | KeepItClean - utility that deletes safe to remove files, cookies, browsing history, etc. This is the scheduler - if you don't schedule clean-ups it isn't required | No |
| U | Kill Popup | KillPopup.exe | KillPopup - pop-up stopper | No |
| X | KillAndClean | KillAndClean.exe | KillAndClean rogue spyware remover - not recommended, removal instructions here | No |
| X | kimochiz.exe | kimochiz.exe | Added by the MDROP-BB TROJAN! | No |
| N | Kinberlink | Kinberlink.exe | Kinberlink network messaging. Available via Start -> Programs | No |
| X | kiss | pingy.exe | Added by a variant of the IRCBOT BACKDOOR! The file is located in a random subfolder of %ProgramFiles% | No |
| X | KIT3 | hpprintqueue.exe | Added by the ADCLICK-DS TROJAN! | No |
| U | KK Loader | loadkk.exe | KeyKey XP Professional from KeyKey.com. "Monitor Instant Messages, Chats, Emails, Web Site URLs, Passwords, Computer Programs, Start Up and Shut Down time and much more completely undetected to the user." | No |
| X | KKM Service | kkm.exe | Added by the NANPY-I WORM! | No |
| X | KL AntiFunLove | flcss.exe | Added by the FUNLOVE.4099 VIRUS! | No |
| U | KLog | Keyspy.exe | KeyLoggPro.B keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| X | klop | [path to file] | Added by the AGENT-WQ TROJAN! | No |
| X | klop | [random].tmp | Found with Trojan.Win32.StartPage.aw. Possibly a variant of the AGENT-WQ TROJAN! | No |
| U | klp | run32dll.exe | PAL PC Spy - key recorder and screen capture utility which controls and monitors everything that happens on your pc and online | No |
| U | klp | explorer.exe | ComSurveilSys keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| U | KM9801U | MMHotKey.exe | Multimedia key handling for the relevant type of Turbo-Media keyboard. Shortcut available. Note that with this running it can crash DirectX8/9 under WinXP when a game switches to full-screen | No |
| U | kmw_run.exe | kmw_run.exe | Kensington MouseWorks - mouse/trackball software. Not required unles you use any special features | No |
| U | kmw_show.exe | kmw_show.exe | Kensington MouseWorks - mouse/trackball software. Not required unles you use any special features | No |
| X | KnowledgeBase GUI | wppewafaj.exe | Added by the RBOT-GRZ WORM! | No |
| U | KN_PanelApp | PanelApp.exe | KnowledgePanel online survey software | No |
| N | Kodak Batch Transfer | pezdow1.exe | Part of "Kodak Picture Easy" software for digital cameras. Includes the display of an icon in the System Tray to quickly transfer photos to a PC | No |
| U | Kodak EasyShare software | EasyShare.exe | Software bundled with Kodak digital cameras to manage the connection between the PC and the Camera. Can be started manually | No |
| N | Kodak Picture Easy *.* Batch Transfer | PezDownload.exe | Part of "Kodak Picture Easy" software for digital cameras. Includes the display of an icon in the System Tray to quickly transfer photos to a PC. *.* represents the version | No |
| N | Kodak Picture Transfer Software | pts.exe | Looks for Kodak camera connection and media insertion. Available via Start -> Programs | No |
| N | Kodak Software Updater | backweb*****.exe | Software updater for Kodak Easyshare digital cameras | No |
| N | KODAK Software Updater | Kodak Software Updater.exe | Software updater for Kodak Easyshare digital cameras | No |
| Y | KodakCCS | KodakCCS.exe | Kodak DC File System Driver | No |
| U | Komunikator | tlen.exe | Tlen - a Polish language instant messaging client | No |
| U | KONICA MINOLTA magicolor 2400W STD | MSTMON_S.EXE | Konica Minolta Magicolor 2400W colour printer monitor | No |
| N | Konni Symbol Autostart | KonniSymbol.exe | Gives configuration access to RagTime Solo professional business publishing software. RagTime Solo is the private user version of RagTime 5 | No |
| N | kontiki | kontiki.exe | Kontiki Delivery Manager - Windows-based client software that enables secure delivery of content to users' desktops | No |
| Y | KPDrv4XP | KPDrv4XP.exe | MediaKey USB Keypad Driver | No |
| Y | KPFW32.EXE | KPFW32.EXE | KingSoft Personal Firewall | No |
| Y | KPFWSvc.EXE | KPFWSvc.EXE | KingSoft Personal Firewall | No |
| X | Kr0n1C | Kr0n1C.exe | Added by the BRONTOK-BO WORM! | No |
| X | krag | krag.exe | Added by the AGENT-FOW WORM! | No |
| U | Kraidman | Kraidman.exe | "Toshiba RAID Support is a Toshiba EasyGuard feature that uses RAID Level 1 technology to minimise downtime by protecting against data loss and ensuring quick data recovery" - for Toshiba laptops | No |
| Y | Krait | razerhid.exe | Razer Krait mouse driver | No |
| U | KREC32 | krec32.exe | StarrCommander Pro Keystroke logging software | No |
| X | KRNL | Kernl32.exe | Added by the ZOMBY.B TROJAN! | No |
| X | Krnlcheck | csrss.exe | Added by the BOTNACHALA TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| U | Krnlmod | Krnlmod.exe | Keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| U | Kryptel Component Start | Kicker.exe | Kryptel encryption software | No |
| X | ksrlnhm | zxatgso.exe | Added by the DLOADER-LI TROJAN! | No |
| X | Ksrv32 | Ksrv32.exe | Added by the AGOBOT-PI WORM! | No |
| X | KTAX Auto Loader | ktax.exe | Added by the SDBOT-MZ WORM! | No |
| U | ktchnsnk | ktchnsnk.exe | HP program found with the Office Jet 500/600/700 series which initializes the Office Jet manager each time the computer is booted up or rebooted | No |
| Y | KTPWare | ktp.exe | Related to KTP Ware TSR Enhancements from ELANTECH | No |
| X | KV2005 | word.EXE | Added by the IW TROJAN! | No |
| X | kv3000 | lover.vbe | Added by the ZSYANG.B WORM! | No |
| X | kvasoft | kva8wr.exe | Added by the ONLINEG.ICC WORM! | No |
| X | kvern16.dll | regsvr32.exe kvern16.dll | DailyWinner adware. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The "kvern16.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| X | kviurs | kav.exe | Added by the SILLYFDC.BBJ WORM! | No |
| X | KvmSecure.exe | KvmSecure.exe | KvmSecure rogue security software - not recommended, removal instructions here | No |
| X | Kvsc3 | Kvsc3.exe | Added by the PWS-ANM TROJAN! | No |
| X | KV_HOST | cxjx.exe | Added by the LEGMIR-BB TROJAN! | No |
| X | kw3eef76 | rundll32.exe kw3eef76.dll, EnableRunDLL32 | LZIO.com adware downloader. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "kw3eef76.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| N | kX Mixer | kxmixer.exe | Provides Mixer and Control functionality to KxProject Audio driver for EMU10k based soundcards | No |
| U | KX509 | kx509_kfwk5.exe | Kerberos Secure Authentication for Windows | No |
| ? | KYE_Showicon | shwicon.exe | Card reader for memory cards from digital cameras. Is it required? | No |
| X | KYK Control Settings | KYSVCXD.EXE | Added by a variant of the RBOT WORM! | No |
| X | KYM Control Settings | phqghum.exe | Added by the RBOT.BQD WORM! | No |
| X | L0aders | faxneti.exe | Added by a variant of the SDBOT TROJAN! | No |
| X | l44sys** | freecell | Added by the VBS.LIDO WORM - where ** is a number between 1 and 12 | No |
| X | l44sys** | iexplore | Added by the VBS.LIDO WORM - where ** is a number between 65 and 76 | No |
| X | l44sys** | winmine | Added by the VBS.LIDO WORM - where ** is a number between 33 and 44 | No |
| X | L4r1$$a | L4r1$$a.pif | Added by the ASSIRAL-C WORM! | No |
| Y | Lachesis | razerhid.exe | Razer Lachesis mouse driver | No |
| U | LaCie Backup | LaCieBackup.exe | LaCie '1-Click' backup software for their range of mobile hard drives | No |
| U | laim | aimlite.exe | "AIM Lite is a reference application for testing some new client technology developed here at AOL®, with the goal of being a simple, fun, light IM client" | No |
| X | laltin | L90112201.Stub.exe | Delfin Media Viewer adware related | No |
| X | lameshit | [path to trojan] | Added by the LOWZONE-H TROJAN! | No |
| X | LAN Driver | landriver32.exe | Added by the RBOT.BT WORM! | No |
| X | lanbrup | lanbrup.exe | SafeSurfing adware | No |
| N | Lancement rapide d'Adobe Reader | reader_sl.exe | Speeds up the time it takes to load the Adobe Reader PDF document reader. "The Speed Launcher quickly opens and closes all of the files that Acrobat or Adobe Reader will use when the application starts. Opening and closing the files allows your virus protection software to check these programs and add them to its list of safe files" - see here. Not required for Adobe Reader to function properly. French version | No |
| U | LANDeskInventoryClient | LDIScn32.exe | LANDesk® Management Suite software component | No |
| U | LanguageMonitor | Oplmsb01.exe | OKI Printer language support monitor | No |
| ? | LanguageShortcut | Language.exe | Part of Cyberlink's PowerDVD prior to version 8. Language settings? | No |
| X | LanGuard | languard.exe | Adware downloader - also detected as the SECONDT-C TROJAN! | No |
| X | LanGuard | [path to trojan] | Added by the DLOADER-VO TROJAN! | No |
| X | lanmanwrk.exe | lanmanwrk.exe | Added by the AGENT.AIA TROJAN! | No |
| U | LANMessage Pro | LANMES~1.exe | LANMessage Pro - "a powerful tool for communicating with other people on your office/home network" | No |
| U | LanSpeed2 | LanSpeed2.exe | Monitors any traffic that is using a LAN adapter (Ethernet or Token ring network card) | No |
| ? | LanzarL2007 | [path] setup.exe | ?? | No |
| U | LaoKey | LaoKey.exe | Lao Script for Windows (LSWin) is an extension to the Windows operating system to allow Lao language to be used with many different Windows-based applications | No |
| U | Laplink PDASync 3.0 - LtNts4 | NtsAgnt.exe | Laplink PDASync for (IBM) Lotus Notes 4 - PDA synchronisation utility | No |
| U | Laplink PDASync 3.1 - PocketPC | AUTODE~1.EXE | Laplink PDASync for Windows Mobile Pocket PC - PDA synchronisation utility | No |
| U | Laplink PDASync 3.1 - ScheduleSync | ScheduleSync.exe | Laplink PDASync for ScheduleSync - PDA synchronisation utility | No |
| U | LapLink scheduler | Llsched.exe | Utility that automatically performs file transfers as unattended background operations | No |
| X | Laptop Access | Sage.exe | Added by the SDBOT-NB WORM! | No |
| X | Lar | Llass.exe | Added by the INOR-A TROJAN! | No |
| X | lar | [trojan filename] | Added by the ROXY.C TROJAN! | No |
| X | LARISSA ANTI VIRUS | LARISSA_ANTI_VIRUS.exe | Added by the KLASSIR TROJAN! | No |
| ? | Lasb | ewat.exe | ?? | No |
| X | LaserJet | spoolvs.exe | Added by the DLOADER.PFR TROJAN! This is not the file of the same name from older versions of MS Office - see the link for the location | No |
| X | LasErma | Ermasys32.exe | Added by the LERMA-A WORM! | No |
| X | LAsIAf32 | RePEAtLD.exe | Added by the REPEATLD WORM! | No |
| X | lasse | lasse.exe | Added by the NTOS TROJAN! | No |
| Y | LASTinst | N/A | For Gilat Communications internet satellite systems. Gilat rescue (Satellite system restore). Required if you have this system. Can cause a BSOD (blue screen of death) if left out | No |
| ? | Later | later.exe | ?? | No |
| U | LaunApp | LaunApp.exe | Part of Acer Launch Manager - programmable keys on such laptops as the TravelMate 610 | No |
| ? | Launcg | launcg.exe | ?? | No |
| U | Launch Ai Booster | OverClk.exe | Included with some ASUS motherboards (such as the Maximus Extreme & Striker II Extreme), "AI Booster allows you to overclock the CPU speed in Windows without the hassle of booting the BIOS." Part of AI Suite | No |
| N | Launch Application | LaunchApplication.exe | System Tray access to Nokia PC Suite - which "is a free PC software product that allows you to connect your Nokia device to a PC and access mobile content as if the device and the PC were one." This allows you (amongst other options) to backup your devices contents to your PC, use it to connect to the internet, transfer files and synchronize contacts, etc. Available from the start menu | Yes |
| N | Launch Context 5.0 | Launch.exe | Context - electronic dictionary | No |
| U | Launch K9 | K9.exe | K9 by Robert Keir - "an email filtering application that works in conjunction with your regular POP3 email program and automatically classifies incoming emails as spam (junk email) or non-spam without the need for maintaining dozens of rules or constant updates to be downloaded. It uses intelligent statistical analysis that can result in extremely high accuracy over time" | No |
| U | Launch LCDMon | LCDMon.exe | Driver/utility for Logitech G-Series gaming keyboards and mice | No |
| U | Launch LGDCore | LGDCore.exe | Driver/utility for Logitech G-Series gaming keyboards and mice | No |
| X | Launch Norton AntiVirus 2000 | jorgf.exe | Added by the RBOT-AUI WORM! | No |
| U | Launch PC Probe II | Probe2.exe | Included with some ASUS motherboards (such as the Maximus Extreme & Striker II Extreme), PC Probe II monitors, detects and alerts you if there are any problems with fan rotation, CPU temperature, system volatages and others | No |
| N | Launch YahooPOPs! at Windows startup | YAHOOPOPS.EXE | YahooPOPs - enables free POP3/SMTP access to Yahoo! Mail through a service on localhost that emulates the web interface. Available via Start -> Programs | No |
| U | LaunchAp | LaunchAp.exe | Programmable keys on Acer, Fujitsu and other laptops | No |
| Y | LaunchApp | Alaunch | Part of Acer eRecovery - "a powerful utility that does away with the need for recovery disks provided by the manufacturer, and also acts as a versatile standalone backup and recovery manager". This entry isn't normally running but once eRecovery starts it's used to re-install the software included with the system | Yes |
| N | LaunchApplication | LaunchApplication.exe | System Tray access to Nokia PC Suite - which "is a free PC software product that allows you to connect your Nokia device to a PC and access mobile content as if the device and the PC were one." This allows you (amongst other options) to backup your devices contents to your PC, use it to connect to the internet, transfer files and synchronize contacts, etc. Available from the start menu | Yes |
| U | Launchboard | lnchbrd.exe | "LaunchBoard software from Darwin turns your keyboard into a remote control for the Internet and your computer! With LaunchBoard 2.0, you can customize up to 38 keys on your PC keyboard to instantly launch Web Sites, start applications, perform custom macros, handle Windows shortcuts, store passwords, and perform loads of other customizable functions" | No |
| X | Launcher | launcher.exe | Spyware component related to DownloadWare and found in %ProgramFiles%\KFH | No |
| N | Launcher | relaunch.exe | Audio Applications Launcher for the Philips Rythmic Edge soundcard (the Philips Rhythmic Edge is the same as the Thunderbird PCI soundcard - see TBtray). Available via Start -> Programs | No |
| U | Launcher | launcher.exe | PC Angel recovery program from SoftThinks. Located in a "SMINST" sub-folder of the Windows or Winnt directory | No |
| U | Launcher | Launcher.exe | SpeedUpMyPC 2009 from Uniblue - which "lets you monitor and control all your PC resources with easy, one click instructions. System settings, internet usage, disk clutter, RAM and CPU are all automatically scanned, cleaned and optimized for peak performance." Located in %ProgramFiles%\Uniblue\SpeedUpMyPC | Yes |
| ? | LaunchList | LaunchList2.exe | Part of Pinnacle Studio video editing suite. What does it do and is it required? | No |
| U | LaunchU3 | LaunchU3.exe | U3 LaunchPad system software for U3 smart flash drives. Provides password protected access to applications and personal settings installed and saved on a U3 enabled drive - allowing the user to effectively treat any Windows Vista/XP/2000 PC as though it's their own PC | No |
| X | Lavasoft Ad-Aware | Ad-Aware.exe | Added by the RBOT-SO WORM! Note - this is not the popular Ad-Aware spware/adware removal tool and is located in %System% | No |
| U | Lavasoft Adwatch | Ad-watch.exe | Part of Lavasoft Ad-aware Plus - realtime spyware-monitor watching your memory and registry for spyware that tries to install or change your system | No |
| X | Layersecurity Servicemonitor | LSSMON.EXE | Added by the BANKER.ZAQ TROJAN! | No |
| X | layersldm | hostplsrvc.exe | Added by a variant of the SDBOT WORM! | No |
| X | Laz | Kernn.exe | Added by the BANCOS-LN WORM! | No |
| X | LBTWiz.exe | LBTWiz.exe | Added by the SDBOT-DHY WORM! Note - this is not the legitimate Logitech file which is normally located in %Program Files%\Logitech\SetPoint or %Program Files%\SetPoint. This one is located in %Windir% | No |
| X | Lcass | Lcass.exe | Added by the SILLYFDC-W WORM! | No |
| U | LCD Smartie | LCDSmartie.exe | "LCD Smartie is software for Windows that you can use to show lots of different types of information on your LCD/VFD." Typically used by the PC modding community to display statistics such as CPU temp, fan/cooler speed, etc on an LCD display | No |
| U | LCDC | LCDC.exe | LCDC is an application that displays various information on your LCD or VFD screen. The number of things that LCDC can do is expandable by Plugins | No |
| U | LCDMon | LCDMon.exe | Driver/utility for Logitech G-Series gaming keyboards and mice | No |
| Y | LCDPlayer | LCDPlyer.exe | Related to SuperAdBlocker | No |
| N | lcfep | lcfep.exe | Tivoli 'TME' System Tray icon - "'lcfep' is the program that displays statistics about the Endpoint. Apparently stopping/removing this process has no impact on the Endpoint itself which will continue to function normally" | No |
| ? | LCIDConfig | lcidchng.exe | ?? | No |
| U | LClock | lclock.exe | LClock is a program that makes the Windows' clock look like a Windows Longhorn Clock | No |
| X | lcvga | lcvga.exe | Added by the HOSTOL-A TROJAN! | No |
| X | ld | ld.exe | CoolWebSearch Tooncomics parasite affiliate variant - redirects to fastwebfinder.com | No |
| N | LDM | backweb-8876480.exe | Installed with the software for Logitech products. Automatically checks for software upgrades AND new products, services and special offerings from Logitech | No |
| N | LDM | ldmconf.exe | Installed with the software for Logitech products. Automatically checks for software upgrades AND new products, services and special offerings from Logitech | No |
| N | LDM | LogitechDesktopMessenger.exe | Installed with the software for Logitech products. Automatically checks for software upgrades AND new products, services and special offerings from Logitech | No |
| X | ldriver | ldriver.exe | Added by the CHORUS-A TROJAN! Searchforfree browser hijacker | No |
| U | LED TRAY | LEDTRAY.EXE | Installs a USB compact flash card reader or drive on start-up. The device is distributed by Microtech and is made by a company called SnapShot. Required if you want the reader to work | No |
| U | ledpointer | CNYHKey.exe | Chicony Electronics Multimedia Keyboard Hotkey Driver | No |
| N | LeechGet | LeechGet.exe | LeechGet download manager | No |
| X | leeman | leeman.exe | Added by the COSIAM-D TROJAN! | No |
| U | LELA | Linksys EasyLink Advisor.exe | System Tray access to Linksys EaasyLink Advisor - which "is designed to set up your home network. LELA can locate computers, routers, storage, cameras and printers as well as other devices connected to your network". Included with their newest routers | No |
| X | LEMSRV | lemsrv.exe | Added by the IRCBOT-TC TROJAN! | No |
| U | LENOVO.TPFNF6R | TPFNF6R.exe | Supports the Fn+F6 hotkey combination on IBM/Lenovo Thinkpad notebooks which mutes the microphone | No |
| N | LenovoOobeOffers | LenovoOobeOffers.exe | Displays product upgrades/offers from Lenovo on the first run of a new notebook/desktop. "Oobe" refers to the "Out of box experience" | No |
| X | LetsRock | [path to trojan] | Added by the RANKY.Y BACKDOOR! | No |
| X | LetsSearch | LetsSearch.exe | BrowserAid/BrowserPal foistware | No |
| X | Letum | [path to worm] | Added by the LETUM.A WORM! | No |
| U | Lexmark 1200 Series | lxczbmgr.exe | "Lexmark Scan & Copy Control Program" for the Lexmark 1200 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc | No |
| U | Lexmark 2200 Series | lxbvbmgr.exe | "Lexmark Scan & Copy Control Program" for the Lexmark 2200 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc | No |
| U | Lexmark 3100 Series | lxbrbmgr.exe | "Lexmark Scan & Copy Control Program" for the Lexmark 3100 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc | No |
| U | Lexmark 4200 Series | lxbmbmgr.exe | "Lexmark Scan & Copy Control Program" for the Lexmark 4200 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc | No |
| U | Lexmark 5000 Series Fax Server | fm3032.exe | FaxMan integrates complete fax send and receive support into Windows applications without requiring additional fax software | No |
| U | Lexmark 5200 series | lxbtbmgr.exe | "Lexmark Scan & Copy Control Program" for the Lexmark 5200 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc | No |
| U | Lexmark 5400 Series Fax Server | fm3032.exe | FaxMan integrates complete fax send and receive support into Windows applications without requiring additional fax software | No |
| U | Lexmark 6500 Series Fax Server | fm3032.exe | FaxMan integrates complete fax send and receive support into Windows applications without requiring additional fax software | No |
| U | Lexmark 7600 Series Fax Server | fm3032.exe | FaxMan integrates complete fax send and receive support into Windows applications without requiring additional fax software | No |
| U | Lexmark 9300 Series Fax Server | fm3032.exe | FaxMan integrates complete fax send and receive support into Windows applications without requiring additional fax software | No |
| X | Lexmark Print | lexmark.exe | Added by a variant of the SPYBOT WORM! See here | No |
| U | Lexmark X1100 Series | lxbkbmgr.exe | "Lexmark Scan & Copy Control Program" for the Lexmark X1100 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc | No |
| U | Lexmark X125 Settings Utility | LEX125SU.exe | Settings utility for the Lexmark X125 printer | No |
| U | Lexmark X5100 Series | lxbabmgr.exe | "Lexmark Scan & Copy Control Program" for the Lexmark X5100 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc | No |
| U | Lexmark X5400 Series Fax Server | fm3032.exe | FaxMan integrates complete fax send and receive support into Windows applications without requiring additional fax software | No |
| U | Lexmark X6100 Series | lxbfbmgr.exe | "Lexmark Scan & Copy Control Program" for the Lexmark X6100 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc | No |
| U | Lexmark X63 Button Manager | AcBtnMgr_X63.exe | "Lexmark Scan & Copy Control Program" for the Lexmark X63 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc | No |
| U | Lexmark X63 Button Monitor | ACMonitor_X63.exe | Button monitor for the Lexmark X63 all-in-one multifunction printer/copier/scanner. Works in conjunction with the "Lexmark Scan & Copy Control Program" button manager whose filename is "AcBtnMgr_X63.exe" | No |
| U | Lexmark X73 Button Manager | AcBtnMgr_X73.exe | "Lexmark Scan & Copy Control Program" for the Lexmark X73 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc | No |
| U | Lexmark X73 Button Monitor | ACMonitor_X73.exe | Button monitor for the Lexmark X73 all-in-one multifunction printer/copier/scanner. Works in conjunction with the "Lexmark Scan & Copy Control Program" button manager whose filename is "AcBtnMgr_X73.exe" | No |
| U | Lexmark X74-X75 | lxbbbmgr.exe | "Lexmark Scan & Copy Control Program" for the Lexmark X74-X75 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc | No |
| U | Lexmark X83 Button Manager | AcBtnMgr_X83.exe | "Lexmark Scan & Copy Control Program" for the Lexmark X83 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc | No |
| U | Lexmark X83 Button Monitor | ACMonitor_X83.exe | Button monitor for the Lexmark X83 all-in-one multifunction printer/copier/scanner. Works in conjunction with the "Lexmark Scan & Copy Control Program" button manager whose filename is "AcBtnMgr_X83.exe" | No |
| U | Lexmark X84-X85 Button Manager | AcBtnMgr_X84-X85.exe | "Lexmark Scan & Copy Control Program" for the Lexmark X84-X85 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc | No |
| U | Lexmark X84-X85 Button Monitor | ACMonitor_X84-X85.exe | Button monitor for the Lexmark X84-X85 all-in-one multifunction printer/copier/scanner. Works in conjunction with the "Lexmark Scan & Copy Control Program" button manager whose filename is "AcBtnMgr_X84-X85.exe" | No |
| N | LexmarkPrinTray | printray.exe | Lexmark Printer icon in the System Tray for quick access. Not required - uncheck via Printer configuration rather than MSCONFIG. Can also be listed as PrinTray | No |
| X | Lexmark_X79-55 | lsasss.exe | Added by the ZONEBAC TROJAN! | No |
| X | lexplore | lexplore.exe | Added by the BROPIA WORM! Note - the executable is spelt with a lower case "L" rather than an lower or upper case "i" which is the case with Internet Explorer | No |
| N | lexpps | lexpps.exe | For Lexmark printers. From Lexmark: "This enables bi-directional printing over a peer to peer network. If the printer is connected directly to your PC, the file is not used, (or should not be used) at all". It is known that firewalls can however alert you to "lexpps.exe" requesting server privileges | No |
| U | LexStart | lexstart.exe | Lexmark printer software may add Lexstart.exe in the startup folder to handle print commands that you send to the printer. Sometimes required for the printer to work correctly - not in the case of a Lexmark Z42 for instance | No |
| X | Lfh | Lfh.exe | Added by the ZAURGA-A TROJAN! | No |
| U | Lfsndmng | lfsndmng.exe | LightningFAX Enterprise Fax Server - "puts faxing at the fingertips of networked enterprise users. It enables rapid, secure sending and Direct-To-Desktop Delivery of mission-critical documents" | No |
| U | LG Direct Media Button Service | LGDMEBTN.exe | Supports the Direct Media button on LG Notebooks that support it - such as the S1 PRO EXPRESS DUAL. Pressing this button launches the application for watching movies or listening to music | No |
| N | LG Intelligent Update | autoupdate.exe | Automatic update utility for LG Notebooks | No |
| N | LG Magnifier | MagnifyingGlass.exe | Screen area magnifying utility for LG Notebooks | No |
| U | LGDCore | LGDCore.exe | Driver/utility for Logitech G-Series gaming keyboards and mice | No |
| X | lgfxTray | lgfxTray.exe | Added by the TAKEOBEL WORM! Note - the filename has a lower case "L" rather than an upper case "i" at the beginning and should not be confused with the valid Intel graphics file "igfxtray.exe" | No |
| X | lgm | lgm.exe | Added by the ACID-F WORM! | No |
| U | LGODDFU | fwupdate.exe | Auto firmware update program for LG Electronics CD-ROM/DVD writer | No |
| U | LgWDskTp | LgWDskTp.exe | Logitech Wireless Desktop mouse and keyboard software. There is an icon for this program on the taskbar next to the clock | No |
| N | lhttseng | rundll32.exe ..lhttseng.inf, RemoveCabinet | Left over after installation of the British English version of the Lernout & Hauspie Text To Speech (TTS) Engine | No |
| X | li-multi**** | li-multi****.exe | Adult web-dialler - **** is random | No |
| X | li-rcash00001 | vldial.exe | Added by the Vl TROJAN! | No |
| X | li-speed**** | dlres.exe | Adult web-dialler - **** is random | No |
| X | li-thund**** | li-thund****.exe | Adult web-dialler - **** is random | No |
| X | li-vita**** | li-vita****.exe | Adult web-dialler - **** is random | No |
| X | li01f948 | rundll32.exe li01f948.dll, EnableRunDLL32 | LZIO.com adware downloader. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "li01f948.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| X | LibreSystem | SysRep.exe | LibreSystem, French rogue system error and cleaning utility - not recommended. A member of the ErrClean family | No |
| X | libtec | rundll32.exe libtec.dll,start | Added by the AKBOT-AI WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "libtec.dll" file is found in %System% | No |
| N | LicCrtl | runservice.exe | Part of the eLicense Copy Protection scheme employed by some software and games. When this service is not running, the eLicense wrapper is unable to extract and execute the program | No |
| U | LicCtrl | rundll32.exe MMFS.DLL, Service | Part of the eLicense Copy Protection scheme employed by some software and games. When this service is not running, the eLicense wrapper is unable to extract and execute the program. Note that the "MMFS.DLL" file is located in the Winnt or Windows folder | No |
| X | License Manager | license_manager.exe | MediaPipe peer-to-peer file swapping program also reported as a hijacker | No |
| X | lich | lich.exe | Added by the QLOWZON-BN TROJAN! | No |
| U | LidPolicy | pwrschem.exe | A utility for configuring certain HP notebook models to enter Standby mode when the lid is closed only when running on battery | No |
| X | Life FireWall Update1 | FireWall-Update1.exe | Added by the RBOT-ARS WORM! | No |
| X | Life Personal Firewall | FirewallingV10.exe | Added by the RBOT-BKF WORM! | No |
| ? | LifeCam | LifeExp.exe | Related to Microsoft's LifeCam series of webcams. What does it do and is it required? | No |
| U | LifeChat | LifeChat.exe | Support software for Microsoft's "LifeChat" headsets - which are optimized for use with Windows Live Messenger | No |
| N | LifeDrive Manager | LifeDriveMgr.exe | Keeps the Palm LifeDrive Manager utility in the systray. Shortcut available via Start -> Programs | No |
| U | LifeDrive? Manager | LifeDriveMgrTray.exe | System Tray utility for the Palm LifeDrive Mobile Manager | No |
| ? | LifeExp | LifeExp.exe | Related to Microsoft's LifeCam series of webcams. What does it do and is it required? | No |
| N | LifeScape Media Detector | PicasaMediaDetector.exe | Media detector for Picasa's automatic photo organizer | No |
| X | lify | yujixit.exe | Added by a variant of the SDBOT WORM! | No |
| ? | LightFrame 3 | LightFrameV3.exe | Support software for Philips range of LCD Monitors that support LightFrame™ - which "reduces eye strain by surrounding your monitor frame with blue light that stimulates your visual senses for improved concentration and promotes an overall feeling of wellbeing". What does it do and is it required? | No |
| U | Lightning Download | Lightning.exe | Lightning Download download manager. Can be launched manually, but will need to start up if you want it to "catch clicks" off Internet Explorer | No |
| N | Lightscribe | LightScribeControlPanel.exe | System Tray access to the LightScribe Control Panel for CD/DVD writers based upon HP's LightScribe laser-etching process - which allows you to burn a label straight onto specially coated blank disks. Part of the main LightScribe System Software (LSS) | Yes |
| N | LightScribe Control Panel | LightScribeControlPanel.exe | System Tray access to the LightScribe Control Panel for CD/DVD writers based upon HP's LightScribe laser-etching process - which allows you to burn a label straight onto specially coated blank disks. Part of the main LightScribe System Software (LSS) | Yes |
| N | LightScribeControlPanel | LightScribeControlPanel.exe | System Tray access to the LightScribe Control Panel for CD/DVD writers based upon HP's LightScribe laser-etching process - which allows you to burn a label straight onto specially coated blank disks. Part of the main LightScribe System Software (LSS) | Yes |
| X | liibr | liibr.exe | Added by a variant of the Storm/Nuwar/Zhelatin WORM! | No |
| X | Limewire | LimeWire.exe | Added by the RBOT-AGH WORM! | No |
| N | LimeWire On Startup | LimeWire.exe | LimeWire - Peer to Peer (P2P) file-sharing client. Note - as with all P2P sharing programs they are susceptible to various forms of malware | No |
| N | LimeWire x.x | LimeWire.exe | LimeWire - Peer to Peer (P2P) file-sharing client. x.x represents the version number. Note - as with all P2P sharing programs they are susceptible to various forms of malware | No |
| X | limewirepro.exe | limewirepro.exe | Added by the IRCBOT-WA WORM! | No |
| X | Limpet | explorer16.exe | Added by the RBOT-AJD WORM! | No |
| N | Line Speed Meter V3.0 | LineSpeedMeter.exe | LineSpeedMeter - detect the download and upload speed of your internet connection | No |
| U | Lingvo Launcher | Lvagent.exe | ABBYY Lingvo Electronic Dictionaries | No |
| U | LingvoTraining | Tutor.exe | ABBYY Lingvo Electronic Dictionaries | No |
| X | Linker | LinkMaker.exe | Links adware | No |
| X | links | links.exe | Added by the LOWZONE-BI TROJAN! | No |
| X | LinkSafeness | LinkSafeness.exe | LinkSafeness rogue security software - not recommended, removal instructions here. A member of the AntiAID family | No |
| N | Linksts | linksts.exe | Tray icon which gets installed when you install the drivers for Asuscom internal ISDN modem cards (or rebadged Asuscom ISDN cards, such as MRi). This icon enables you to monitor or configure your ISDN card. Once you have configured your ISDN card correctly, you will never need to use this icon | No |
| X | Linksys Modem Drivers | linksys.exe | Added by the IRCBOT.VD WORM! | No |
| X | linkyuu | linkuyy.exe | Added by the DLOADER.MC TROJAN! | No |
| X | Linux | Linux.vbs | Added by the LOVELETTER.AS VIRUS! | No |
| U | LiquidView | lviewj.exe | "Liquid View lets you increase the legibility of the Microsoft Windows interface regardless of your display's native resolution. The software lets you increase the size of items that are hard to read on your monitor" | No |
| X | Lisa | Lisa.exe | Added by the SCOM-D premium rate adult content dialler | No |
| X | List checker 32 BIT | list32.exe | Added by the RBOT-AHO WORM! | No |
| X | Litebot | [path to trojan] | Added by the LITEBOT-A TROJAN! | No |
| N | LIU | LIU.exe | Logitech Internet Update. Used to update drivers/software for Logitech's Wingman, QuickCam, etc devices. Reports claim it doesn't work very well and you can manually update the files anyway | No |
| N | LIU | Rubicon.exe | Logitech Internet Update. Used to update drivers/software for Logitech's Wingman, QuickCam, etc devices. Reports claim it doesn't work very well and you can manually update the files anyway | No |
| N | Live Menu | Dllcmd32.exe | eFax Send button for eFax Messenger Plus. Available via Start -> Programs Disabling instructions available here | No |
| X | Live Messanger | livemsgr.exe | Added by the RBOT.BXX WORM! | No |
| X | Live Messanger | wllmsngr.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Live PC Care | LP[random characters].exe | Live PC Care rogue security software - not recommended, removal instructions here | No |
| ? | live rdr | loadloud.exe | ?? | No |
| X | Live update monitor | srvany32.exe | Added by the AGOBOT.AFM WORM! | No |
| X | live update monitor | umxlu32.exe | Added by the AGOBOT.ADK WORM! | No |
| X | Live Windows Messenger Version | msnmessage7.7.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Live Windows Messenger Version | msnmsngrlive.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| X | Live-Help | lmns.exe | Added by the RBOT-GHE WORM! | No |
| X | Live-Messenger.exe | Live-Messenger.exe | Added by the SILLYP2P WORM! | No |
| X | LiveAntispy | LiveAntispy.exe | LiveAntispy rogue security software - not recommended, removal instructions here | No |
| N | LiveMonitor | LMonitor.exe | MSI Live Update - auto-detects and suggests the latest BIOS/Driver/Utilities information | No |
| N | LiveNote | Livenote.exe | Asus graphics card driver live update feature | No |
| X | LiveSexCams | LiveSexCams.exe | Premium rate adult content dialler | No |
| U | LiveUpdate | LiveUpdate.exe | Web-update utility as used by various types of software - see here | No |
| X | LiveUpdate | [Windows username]05.exe | Added by the LINEAGE TROJAN! | No |
| X | LiveUpdate | smss.exe | Added by the VB.BAU BACKDOOR! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\isas | No |
| N | LiveUpdate | Copyer.exe | Samsung PC Studio is a Windows-based PC program package that you can use easily to manage personal data and multimedia files by connecting a Samsung Electronics Mobile phone (GSM/GPRS/UMTS) to your PC. You can launch the update manually - see the instructions here for example | No |
| X | LiveUpdate32 | services.exe | Added by the VB.BAU BACKDOOR! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\isas | No |
| X | Livre | Dibane.bat | Added by the BANEDI VIRUS! | No |
| X | Ljx | rundll32.exe | Added by the LINEAG-ABD TROJAN! Note - this is not the legitimate rundll32.exe process, which is found in %Windir% (98/ME) or %System% (NT/2K/XP). This one is located in %Windir%\inf | No |
| X | lk3h1 | [path to file] | Added by the MOSUCK-G TROJAN! | No |
| ? | LLMODCL2 | rundll.exe setupx.dll, InstallHinfSection ..LLMODCL2.INF | ?? | No |
| N | LM Status | LMSTATUS.EXE | Xerox WorkCenter XE - language monitor status application | No |
| X | LMA Manager | lmamanager.exe | Added by the TILEBOT-AD WORM! | No |
| U | LManager | QtZgAcer.EXE | Acer Launch Manager - on Acer laptops it allows users to configure shortcut keys and to set the operating state of the WLAN module and the (optional) Bluetooth radio | No |
| U | LManager | QtZpAcer.exe | Acer Launch Manager - on Acer laptops it allows users to configure shortcut keys and to set the operating state of the WLAN module and the (optional) Bluetooth radio | No |
| U | LManager | HotkeyApp.exe | Programmable keys on Acer, Fujitsu and other laptops | No |
| U | LManager | QtaET2S.EXE | Acer Launch Manager - on Acer laptops, provides configurability for the special keys on their range of multimedia keyboards | No |
| U | LManager | CPLBCL53.EXE | System Tray icon found on Acer Travelmate laptops that allow you control access to the Internet and email buttons and other computer configurations | No |
| U | Lmanager | LManager.exe | Acer Launch Manager - manages configuration of the multimedia keys on their range of notebooks, netbooks and desktops | No |
| X | lMAPl | lMAPl.exe | Added by the AGOBOT-RE WORM! | No |
| U | LMgrOSD | OSDCtrl.exe | OSD (on-screen-display) utility - part of Acer Launch Manager. Gives you control to customize the monitor to your liking...from sound, brightness, contrast, horizontal and vertical positions, phase, pixel clock, color and language | No |
| N | LMonitor | LMonitor.exe | MSI Live Update - auto-detects and suggests the latest BIOS/Driver/Utilities information | No |
| ? | lmpdpsrv | lmpdpsrv.exe | Related to a Lexmark printer/scanner. Printer sharing server? Is it required? | No |
| X | lmrt | lmrt.exe | Unidentified adware | No |
| N | LMSTATUS | LMSTATUS.EXE | Xerox WorkCenter XE - language monitor status application | No |
| Y | LMSXXD | LMSXXD.exe | Driver for Xerox XD series printer/copiers | No |
| X | lmu | LMU.exe | Detected by Kaspersky as the AGENT.BG TROJAN! | No |
| X | lnternet Explorer | AMSNDMGR.EXE | Added by the KWBOT.R WORM! Note that the "l" is a lower case "L" and not an upper case "I" | No |
| X | lnternet Update | lExplore.exe | Added by the RBOT-GRH WORM! Note - the executable is spelt with a lower case "L" rather than an lower or upper case "i" which is the case with Internet Explorer | No |
| X | lnwin.exe | lnwin.exe | Added by the DLOADR-ATC TROJAN! | No |
| X | load | mdm.exe | Added by the BINGHE TROJAN! Note - this is not the legitimate Machine Debug Manager (mdm.exe) process which is located in %ProgramFiles%\Common Files\Microsoft Shared\VS7Debug (98/Me/XP/Vista) or C:\WINDOWS\SYSTEM (Me only) | No |
| X | load | msgsr32.exe | Added by the SDBOT-QR WORM! | No |
| X | load | [path to worm] | Added by the KELVIR.AI WORM! | No |
| X | Load | MyGame.exe | Added by the LAMEYEAR-A WORM! | No |
| X | load | _Kerne1.exe | Added by the LINEAGE-AN TROJAN! | No |
| X | load | Internat.exe | Added by the WOWCRAFT TROJAN! | No |
| X | load | rundll32.exe | Added by the WOWCRAFT TROJAN! | No |
| X | load | svhost32.exe | Added by the WOWCRAFT TROJAN! | No |
| X | load | svchsot.exe | Added by the GWGHOST-O TROJAN! | No |
| X | load | explorer.exe | Added by the LINEAGE-OZ TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System% | No |
| X | load | Kerne121.exe | Added by the LINEAGE-ON TROJAN! | No |
| X | load | Kerne1211.exe | Added by the LINEAGE-DY TROJAN! | No |
| X | load | rundl132.exe | Added by the LOOKED-CK WORM! | No |
| X | load | ctftpscr32.exe | Added by the AGENT-FPN TROJAN! | No |
| X | Load | win32.exe | Added by the RUBBLE-A WORM! | No |
| X | load | QQ.exe | Added by the QUADRULE.A WORM! Note - this is not the Tencent QQ Asian instant messanger program which is located in %Windir% | No |
| X | load | WinExplorer.exe | Added by the VB.EIW WORM! | No |
| X | load | Systemfile.dll.vbs | Added by an unidentified WORM or TROJAN! See here | No |
| X | load | KHATRA.exe | Added by the ORBINA-A WORM! | No |
| X | Load Service | SvHost.exe | Added by the PESIN-D WORM! | No |
| U | LOAD WB | LOADWB.EXE | Part of Stardock's WindowBlinds custom desktop program. "WindowBlinds is the first utility of its kind. It extends Win98/NT/2K/XP to have a fully skinnable user interface. You can change the style of title bars, buttons, toolbars and much more". If you use it - keep it if not then uninstall it | No |
| X | Load-Guard | Wscript.exe LGuarg.exe.vbs | Added by the YENO.B and YENO.C WORMS! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted. The "LGuarg.exe.vbs" file is located in %Windir% | No |
| X | LOAD32 | Lorena.exe | Added by the MAPSON.C WORM! | No |
| X | load32 | load32.exe | Added by the NIBU, BAMBO TROJANS and DUMARU WORM! | No |
| X | load32 | l32x.exe | Added by the DUMARU.Z or DUMARU.Y or DUMARU.AD WORM! | No |
| X | load32 | 1111a.exe | Added by the DUMARU.AH WORM! | No |
| X | load32 | swchost.exe | Added by the TURTA.A WORM! | No |
| X | load32 | netda.exe | Added by the NIBU.E TROJAN! | No |
| X | load32 | winldra.exe | Added by the NIBU.J BACKDOOR or DUMARU-BI TROJAN! Note - also known as Srv.SSA-KeyLogger by Sunbelt Software which has developed a free removal tool for this keylogger | No |
| N | load= | adw30.exe | After Dark for Windows - screen saver program. Popular before screen savers were integrated into Win95 | No |
| U | load= | asistat.exe | Status monitor for an NEC SuperScript printer | No |
| ? | load= | cfgsys32.exe | ?? | No |
| U | load= | esspk.exe | Speakerphone capability through a soundcard for an ESS modem | No |
| Y | load= | hotkey.exe | Solo 5300 display driver for Win2K on some Gateway laptops | No |
| N | load= | HPWHRC.EXE | Loads the Status Window software for the HP Laserjet printers | No |
| ? | load= | WPSLOAD.EXE | Windows printing system that comes with the setup for Canon BJC series on the manufacturer's disk | No |
| N | load= | vi_grm.exe | Monitor drivers for Trio2x/3x based video cards - displays control panel for quick access to display settings | No |
| ? | load= | WINOSCFG.EXE | Could it be something to do with configuring Windows on a new PC from an OEM supplier? | No |
| Y | load= | wpshrc.exe | Required to prevent configuration errors on a Compaq LBP-660 and LBP-460 parallel port laser printers (and maybe others) | No |
| Y | load= | Bfrecv.exe | Bitware modem driver | No |
| X | load= | msater.exe | Added by the RETSAM TROJAN! | No |
| X | load= | shambl3r.exe | Added by the REMABL WORM! | No |
| X | load= | Spoolsv.exe | Added by the CIADOOR.B TROJAN! Note - this is not the legitimate spoolsv.exe which is always located in %System%. This one is located in %Windir% | No |
| ? | Load= | wtfeat.exe | Associated with the Wintab Digitizer | No |
| Y | load= | AICLIENT.EXE | Asset Insight from Tangram - asset managing software. Required if an organisation is running a centrally administered asset management system | No |
| X | load= | hint.exe | Added by the ATAK WORM! | No |
| X | load= | win32exec.exe | Added by the BITTER WORM! | No |
| X | load= | a1g.exe | Added by the ATAK.B WORM! | No |
| X | load= | dapdll.exe | Added by the ATAK.E WORM! | No |
| X | load= | svhost32.exe | Added by the LINEAGE-AB TROJAN! | No |
| Y | load= | 01comm32.exe | Related to Elsa CommPro (Communicate Pro) access software for Microlink modems - this software contains answering machine and fax functions, plus a terminal program, a WWW-browser launch function, Internet telephony, and address management. Required if you use those | No |
| X | load= | inetinfo.exe | Added by the PROXY-GG TROJAN! | No |
| X | load= | Kerne14.exe | Added by the LINEAGE-BA TROJAN! | No |
| X | Loadab1 | explorer.exe | Added by the LINEAGE-AJ TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %ProgramFiles% | No |
| Y | LoadBlackD | blackd.exe | This is the "intrusion detection system" of the BlackICE PC Protection (was Defender) firewall which loads independently of the "user interface" (BlackICE Utility) | No |
| U | LoadBtnHnd | BtnHnd.exe | Fujitsu Siemens Lifebook laptops have some buttons on the case that can be programmed to execute specified programs (like hotkeys). The buttons can also be used as a combination lock input | No |
| X | LoadDBackUp | BcTool.exe | Added by the GIBE WORM! | No |
| X | loaddll | loaddll.exe | Winvest spyware | No |
| X | loaddr | [path to trojan] | Added by the AGENT-DIY TROJAN! | No |
| Y | LoadDvpApi9x | DVPAPI9X.exe | Command AntiVirus for Windows 95/98/Me | No |
| X | loader | loader.exe | Homepage hijacker, redirecting to coolwwwsearch.com. Downloader for iedll.exe | No |
| X | loader | WMPLAYER.EXE | Unknown baddie - WMPLAYER.EXE is stored in the location and uses the same name as Windows Media Player but that valid Windows program doesn't load at startup | No |
| X | loader32 | sys*****.exe [***** = random digit] | Added by the DOMCOM TROJAN! | No |
| X | loader32 | Loader32.exe | Added by an unidentified TROJAN! | No |
| X | Loaders | HeIp.exe | Added by the SDBOT-ADB WORM! | No |
| X | loadfax | loadfax.exe | Added by the WINFLUX-C TROJAN! | No |
| X | LoadFonts | LoadFonts.vbs | Homepage hijacker that changes your homepage to an adult content site | No |
| X | LoadFonts | Tahoma.vbs | Homepage hijacker that changes your homepage to an adult content site | No |
| U | LoadFujitsuQuickTouch | QuickTouch.exe | Maps the keys on a Fujitsu Siemens Lifebook application panel to various programs and functions | No |
| X | LoadGolfCourses | LoadGolfCourses.exe | PlayMiniGolf.com foistware - stealth installed! | No |
| X | Loadhg | rundll32.exe | Added by the LINEAG-ABX TROJAN! | No |
| X | LoadHTML | rundll32.exe mshtmpre.dll, MShtmpre | Mshtmpre adware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "mshtmpre.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| X | LoadingAgent | ZipLoader32.exe | Added by the OBLIVION TROJAN! This executable is one of the most common but there are more | No |
| X | LoadingAgent | msload32.exe | Added by the OBLIVION TROJAN! This executable is one of the most common but there are more | No |
| X | LoadManager | msload.exe | Added by the OPASERV.T WORM! | No |
| X | loadMecq0 | explorer.exe | Added by the MUMUBOY.C TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %ProgramFiles% | No |
| X | loadMecq3 | rundll32.exe | Added by the LEGMIR-AS TROJAN! Note - this is not the legitimate rundll32.exe process, which is found in %Windir% (98/ME) or %System% (NT/2K/XP). This one is located in the root folder (i.e., C:\) | No |
| X | loadMect1 | explorer.exe | Added by the LINEAGE-L TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %ProgramFiles% | No |
| X | loadMefs | rundll32.exe | Added by the LEGMIR-JB TROJAN! Note - this is not the legitimate rundll32.exe process, which is found in %Windir% (98/ME) or %System% (NT/2K/XP). This one is located in %Windir%\inf | No |
| X | loadMefs | smss32.exe | Added by the FLOOD-EL TROJAN! | No |
| N | LoadMSvcmm | msvcmm32.exe | Auto-update for Movielink - internet movie rental System Tray access | No |
| X | LoadOrderVerification | [random filename] | Added by the TRON.A TROJAN! | No |
| U | Loadout Manager | nost_LM.exe | Manager for the Belkin Nostromo n50 SpeedPad game controller - see here | No |
| X | LoadPFW | wmimgr.exe | Added by the QEDS-B WORM! | No |
| X | LoadPowerProfile | ASDAPI.EXE | Added by the CABRO TROJAN! Not to be confused with the valid LoadPowerProfile entry where the command is Rundll32.exe powrprof.dll | No |
| U | LoadPowerProfile | Rundll32.exe powrprof.dll | Power management specifics such as monitor shut-off, system standby, etc. Associated with power management and is listed twice - see here. Loads your selected power scheme. May not be required - depends upon whether you modify the default Control Panel -> Power Options settings | No |
| X | LoadPowerProfile | Rundll.exe powerprof.dll | Added by the LOXOSCAM TROJAN! Note - do not confuse with the valid LoadPowerProfile entry! Notice that the infected version uses "Rundll.exe" whereas the uninfected version uses "Rundll32.exe" | No |
| X | LoadPowerProfile | rundl.exe | Added by the TOFAZZOL TROJAN! Not to be confused with the valid LoadPowerProfile entry where the command is Rundll32.exe powrprof.dll | No |
| X | LoadPowerProfile | Rundll32.exe | Added by the MIROOT WORM! Note - do not confuse with the valid LoadPowerProfile entry which has "powrprof.dll" appended to the command/data line | No |
| X | LoadPowerScheme | rundll32.exe powerprof.dll CheckPowerProfile | Ulubione adult content dialer. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| U | LoadQM | loadqm.exe | Installed with MSN Explorer and loads the MSN Queue Manager. Required to enable the WU AutoUpdate feature. Note that disabling this can sometimes prevent internet sharing working on Win2K Pro SP2. Reports also suggest that removing it will re-enable internet access - hence the "users choice" recommendation. If you have problems leave it, otherwise I recommend you disable it | No |
| X | loads.exe | loads.exe | MediaMotor adware | No |
| X | loads.exe | medload.exe | Medload adware | No |
| X | loads.exe | suploads.exe | Added by the AGENT-BZ TROJAN! | No |
| X | LoadService | Rest In Peace | Added by the KANGAROO-A WORM! | No |
| X | LoadService | Maaf, tempatmu bukan di sin | Added by the KAGEN-A TROJAN! | No |
| X | LoadService | Virus | Added by the CAGER.A WORM! | No |
| X | LoadSIPS | rundll32.exe SIPSPI32.dll, SIPSPI32 | 123Mania adware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "SIPSPI32.dll" file is found in the System folder | No |
| ? | LoadWatcher | Test.exe | Reportedly part of a webcam surveillance program that's supposed to test SMTP dialling in the event of an alert? Is this correct? | No |
| X | LoadWatcher | watcher.exe | Watcher spyware | No |
| X | loadwin | winset.exe | Added by the QQPASS-I TROJAN! | No |
| X | loadwin | winsys.exe | Added by the QQPASS-J TROJAN! | No |
| X | LoadWindowsFile | Kernel32.exe | Added by the DELF.B TROJAN! | No |
| X | LoadWindowsFile | winreg.exe | Added by the HUPIGON.A BACKDOOR! | No |
| X | Local Area Network | OpenGL.exe | Added by a variant of the RBOT WORM! | No |
| X | Local Authority Service | lsass.exe | Added by the MARKTMAN-C TROJAN! Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | Local Internet Connection | LIC.exe | Added by the SDBOT-YA WORM! | No |
| X | LOCAL INTERNET WEB DRIVERS FOR WIN32 | phqghume.exe | Added by a variant of the RBOT WORM! | No |
| X | Local Page | http://find.naupoint.com | Naupoint browser hijacker | No |
| X | Local runole service | srvc32.exe | Added by the SMALL-DP TROJAN! | No |
| X | Local Security Authority Servce | lssas.exe | Added by the POEBOT-T WORM! | No |
| X | Local Security Authority Service | lssas.exe | Added by the POEBOT-J WORM! | No |
| X | Local Security Authority Service | Isass.exe | Added by the LINKBOT.M WORM! | No |
| X | Local Service | Intenat.exe | Added by the NUCLEAR-J TROJAN! | No |
| X | Local Service | services.exe | Added by the P2PWORM-T WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\Cursors | No |
| X | Local-Settings-of-[User Name] | [User Name].exe | Added by the GAVGENT.A WORM! | No |
| U | LocalProxy | proxy4free.exe | "ProxyTools is a package of Perl network utilities designed mainly to assist those whose Internet access is censored, unreliable, or otherwise damaged. Uncensored access is provided to any outside service required (Usenet News, Web browsing, IRC, Socks etc.). Setup requires installation of Perl and some modules" | No |
| X | LocalSystem | svchost.exe | EHU adware. Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup! | No |
| X | Locator Service | [filename] | Added by the AGOBOT-KY TROJAN! | No |
| U | Lock My PC | lockpc.exe | Lock My PC - a tool for quick computer locking when you leave it unattended. It shows a lock screen, disables Windows hot keys and mouse | No |
| X | lofgyh | lofgyh.exe | Added by the SDBOT-TP WORM! | No |
| X | logg | logo_1.exe | Added by the PWFUZZ-A WORM! | No |
| X | Logical Disk Detection | mrisvc.exe | Added by the IRCBOT.AOW BACKDOOR! | No |
| N | Logiciel de transfert d'images KODAK | pts.exe | Looks for Kodak camera connection and media insertion. Available via Start -> Programs | No |
| U | Login | winlog.exe | Salfeld Child Control - parental control software | No |
| X | login | [path to trojan] | Added by the HOTWORD-A TROJAN! | No |
| X | Login | Login.exe | Added by the BANCBAN-AH TROJAN! | No |
| X | Login | lala.exe | Added by the BUGSPR-A TROJAN! | No |
| X | Login Screen Saver | login.scr | Added by the RBOT-AVN WORM! | No |
| X | Login Service | [path to file] | Added by the MIGMAF TROJAN! | No |
| X | LoginPassport | Lgnpsp32.exe | Added by the REDIST.C WORM! | No |
| X | loginui32 | loginui32.exe | Added by the LONGNU.A TROJAN! | No |
| X | Logitech | Logitech.exe | Added by the RBOT.BJH WORM! | No |
| U | Logitech BT Wizard | LBTWiz.exe | Bluetooth connection manager for Logitech based bluetooth wireless products | No |
| X | Logitech Camera | Soundcane.exe | Added by the SDBOT.MUC WORM! | No |
| X | Logitech Desktop | ApPache.exe | Added by the RBOT-YP WORM! | No |
| X | Logitech Desktop | IPCONN.EXE | Added by the SDBOT-WE WORM! | No |
| X | Logitech Desktop Controller | wrcam.exe | Added by a variant of the RBOT WORM! | No |
| N | Logitech Desktop Messenger | backweb-8876480.exe | Installed with the software for Logitech products. Automatically checks for software upgrades AND new products, services and special offerings from Logitech | No |
| N | Logitech Desktop Messenger | ldmconf.exe | Installed with the software for Logitech products. Automatically checks for software upgrades AND new products, services and special offerings from Logitech | No |
| N | Logitech Desktop Messenger | LogitechDesktopMessenger.exe | Installed with the software for Logitech products. Automatically checks for software upgrades AND new products, services and special offerings from Logitech | No |
| U | Logitech Hardware Abstraction Layer | Khalmnpr.exe | Part of the Logitech Setpoint software for their wired and wireless mice and trackballs. Sets the Windows mouse sensitivity to minimum. The idea is that you will use the SetPoint Control Panel to adjust your mouse sensitivity. This setting is maintained separately from the Windows setting, but is combined with the Windows setting to determine the final sensitivity. For this reason, KHALMNPR sets the Windows setting to 0 so it doesn't alter the one you set in SetPoint | No |
| U | Logitech Harmony Remote | HarmonyClient.exe | Logitech Harmony advanced universal remote | No |
| U | Logitech Harmony Remote Software 7 | HARMON~1.EXE | Logitech Harmony Advanced Universal Remote controller software | No |
| U | Logitech SetPoint | KEM.exe | Keyboard and mouse drivers and utilities for Logitech's latest products - supersedes iTouch and MouseWare on their older products. Required if you use special features such as multimedia keys | No |
| U | Logitech SetPoint | KHALMNPR.EXE | Part of the Logitech Setpoint software for their wired and wireless mice and trackballs. Sets the Windows mouse sensitivity to minimum. The idea is that you will use the SetPoint Control Panel to adjust your mouse sensitivity. This setting is maintained separately from the Windows setting, but is combined with the Windows setting to determine the final sensitivity. For this reason, KHALMNPR sets the Windows setting to 0 so it doesn't alter the one you set in SetPoint | No |
| U | Logitech SetPoint | Setpoint.exe | Logitech SetPoint Event Manager for their range of mice and keyboards. Required if you want to use the advanced features of these devices and is located in the LogitechSetpoint sub-folder of Program Files | No |
| U | Logitech Utility | Logi_MwX.exe | Logitech Mouseware driver. Needed to support some additional functionality of Logitech mice/trackballs such as "SmartMove". If you disable it and find you don't need it leave it disabled | No |
| N | Logitech Vid | vid.exe | "Logitech Vid™ is the fast and easy way to make a video call. And it's free for you and anyone you call with your Logitech webcam" | No |
| N | Logitech Wakeup | lgwakeup.exe | Loads at startup and monitors the scanner. When a document is inserted in the scanner the wakeup program feeds the document a fraction of a inch into the scanner and then it launches the control center software. From the control center you can select whether to fax or copy or print the scanned documents. If you uncheck the Logitech wakeup software from the startup it no longer launches the control center or feeds the document a fraction of an inch. You can manually launch the control center software via Start ->Programs and still be able to scan images | No |
| X | Logitech Wireless | logitechwls.exe | Added by the MYTOB-BS WORM! | No |
| U | LogitechCameraAssistant | CameraAssistant.exe | Related to Logitech QuickCams and provides additional configuration options for these devices | No |
| U | LogitechCameraService(E) | ElkCtrl.exe | Related to Logitech Camera Service and provides additional configuration options for these devices | No |
| Y | LogitechCommunicationsManager | communications_helper.exe | Installed with a Logitech Quickcam Messenger and if disabled the camera will not work - at least not in the quick capture mode | No |
| N | LogitechDesktopMessenger | LogitechDesktopMessenger.exe | Installed with the software for Logitech products. Automatically checks for software upgrades AND new products, services and special offerings from Logitech | No |
| U | LogitechGalleryRepair | ISStart.exe | LogitechGalleryRepair/LogitechVideoRepair - part of Logitech Image Studio - installed with Logitech QuickCam cameras. Required from version 8.11 onwards if you use the software to take pictures and capture videos, not if you don't. Also not required for versions up to and including 7.30 and after version 8.30 - hence the "U" rather than "Y" recommendation | No |
| N | LogitechImageStudioTray | LogiTray.exe | Logitech Image Studio - installed with Logitech QuickCams | No |
| N | LogitechQuickCamRibbon | quickcam10.exe | Installed with a Logitech Quickcam Messenger. Camera's software which is non-essential. When you open it, it allows you to open the quick capture, camera settings, etc | No |
| X | Logitechs | Logitechs.exe | Added by the SDBOT.BWE WORM! | No |
| N | LogitechSoftwareUpdate | ManifestEngine.exe | Updater, part of Logitech Image Studio - installed with Logitech QuickCam cameras | No |
| U | LogitechVideoRepair | ISStart.exe | LogitechGalleryRepair/LogitechVideoRepair - part of Logitech Image Studio - installed with Logitech QuickCam cameras. Required from version 8.11 onwards if you use the software to take pictures and capture videos, not if you don't. Also not required for versions up to and including 7.30 and after version 8.30 - hence the "U" rather than "Y" recommendation | No |
| N | LogitechVideoTray | LogiTray.exe | Logitech Image Studio - installed with Logitech QuickCams | No |
| N | LogitechVideo[inspector] | InstallHelper.exe | Logitech QuickCam software installation helper | No |
| N | LogiTray | LogiTray.exe | Logitech Image Studio - installed with Logitech QuickCams | No |
| U | Logi_Mwx | Logi_MwX.exe | Logitech Mouseware driver. Needed to support some additional functionality of Logitech mice/trackballs such as "SmartMove". If you disable it and find you don't need it leave it disabled | No |
| U | LogMeIn GUI | LogMeInSystray.exe | RemotelyAnywhere is a remote administration and remote control solution for Windows. It allows access to the host computer via the network (the LAN, an intranet or the Internet) - and on the client side all you need is a web browser, a terminal emulator or a WAP-enabled phone | No |
| U | LogMeIn GUI | ragui.exe | RemotelyAnywhere is a remote administration and remote control solution for Windows. It allows access to the host computer via the network (the LAN, an intranet or the Internet) - and on the client side all you need is a web browser, a terminal emulator or a WAP-enabled phone | No |
| X | Logo | [path to trojan] | Added by the DLOADER-RH TROJAN! | No |
| Y | Logoff | SCTUINotify.exe | Part of Windows SteadyState, which is designed to make life easier for people who set up and maintain shared computers - enabling the system administrator to prevent users from making changes to the system configuration, windows desktop, restricting program access, etc. It's intended for shared user environments such as internet cafés, libraries and schools but can be used in any environment. This entry displays the timeout messages on the restricted computer/account - which warns users how long they have until automatic log-off when they log-in and when there are only 2 minutes left | Yes |
| U | Logon Loader | LogonLoader.exe | Logon Loader - customize boot & login screens | No |
| U | Logon Loader Random | LogonLoader.exe | Logon Loader - customize boot & login screens | No |
| X | Logon<user> | CSRSS.EXE | Added by the BRONTOK-BH WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in Documents and Settings\<User>\Local Settings\Application Data\WINDOWS | No |
| X | Logon.exe | logon.exe | Added by the ZINS.A TROJAN! | No |
| X | LogonAdministrator | imoet.exe | Added by the RAHIWI.A WORM! | No |
| X | LogonAdministrator | CSRSS.EXE | Added by the KORRON.B WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in Documents and Settings\<User>\Local Settings\Application Data\WINDOWS | No |
| U | LogOnHook | LogOnHook.exe | Part of McAfee Data Backup (now Online Backup) - which "takes the hassle out of manually backing up all of your valuable digital files - from Microsoft Outlook email and contacts to treasured family photos". Available as a stand-alone product or included in Internet Security and Total Protection. The exact purpose of this entry is unknown at present but it unloads after startup | Yes |
| X | Logonrepclient1 | CSRSS.EXE | Added by the BRONTOK-BT WORM and variants! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in Documents and Settings\<User>\Local Settings\Application Data\WINDOWS | No |
| X | Logonsara | csrss.exe | Added by the BRONTOK-BS WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in Documents and Settings\<User>\Local Settings\Application Data\WINDOWS | No |
| U | LogonStudio | logonstudio.exe | WinCustomize LogonStudio - "Allows Windows XP users to edit, change, and apply new logon screens. LogonStudio comes built with a visual editor to make it easy to create your own logons which can then be uploaded to websites to be used by others users" | No |
| X | logonUiInit | Rundll32.exe rgtndz.dll | Identified as a variant of the Trojan-Clicker.Win32.Agent.bqy malware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "rgtndz.dll" file is found in %System% | No |
| X | LogService | wincalc.exe | Added by the PAPROXY TROJAN! | No |
| X | LogService | lsass.exe | Added by the BDOOR-IU BACKDOOR! Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | LogService | lsrss.exe | Added by the PAPROXY-D TROJAN! | No |
| U | LogService | LogService.exe | SmartKeylogger keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| U | LogWatch | logwat95.exe | Licensing patch for products installed on NT by Computer Associates such as eTrust. Detects and updates old versions of lic98.dll. Not required if you already have a newer version or the patch has been applied | No |
| X | lololol | _hideme_imhiddenlololol.exe | Added by the HIDEME-A TROJAN! | No |
| X | longos | WIWT.EXE | Added by the BANKER-CD TROJAN! | No |
| Y | Look 'n' Stop | looknstop.exe | Look 'n' Stop personal firewall | No |
| N | LookNMeet | Agent.exe | LooknMeet dating service | No |
| X | Lookup_Sys | lookupsys.exe | P04n trojan | No |
| X | LosMejoresMP3 | rundll32.exe MSA64CHK.dll,DllMostrar | MatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System% | No |
| X | LotsOfGames | rundll32.exe MSA64CHK.dll,DllMostrar | MatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System% | No |
| X | LotsOfJokes | rundll32.exe MSA64CHK.dll,DllMostrar | MatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System% | No |
| N | Lotus Organizer EasyClip | easyclip.exe | "The Easy Clip icon automates the collection of information from sources such as e-mail to create an Organizer address, appointment, task or Notepad page." Available via Start -> Programs | No |
| N | Lotus QuickStart | smartctr.exe | Lotus central application, called SmartCenter, which runs on the Windows desktop. SmartCenter toolbar stretches across the top or, optionally, the bottom of the screen. Uses a lot of resources. Available via Start -> Programs | No |
| U | Lotus SuiteStart | suitest.exe | Puts the individual Lotus components in the system tray taskbar when you start Windows. Can be disabled via MSCONFIG -> Startup as "Lotus SuiteStart 97 Edition". All individual components available via Start -> Programs | No |
| X | LotusHlp | LotusHlp.exe | Added by the WINKO.AO WORM! | No |
| N | LowRateVoip | LowRateVoip.exe | LowRateVoip - free internet telephony utility using the VoIP (Voice over Internet Protocol). Call online friends for free and regular phones either for free (limited use) or low rates. One of a number provided by Betamax - the others generally have different rate plans. Similar to the more popular Skype | Yes |
| X | LowRiskFileTypes | sysguard.exe | Added by the FAKEAV-UY TROJAN! | No |
| X | LowVersionSupport | [filename] | Added by the LASTRAS TROJAN! | No |
| U | LPMailChecker | LPMLCHK.exe | Part of Lenovo's ThinkVantage® Productivity Center on their ThinkPad notebooks or ThinkCentre desktops. Checks for incoming e-mail and blinks the ThinkVantage button LED | No |
| U | LPManager | LPMGR.exe | Part of Lenovo's (was IBM) ThinkVantage Productivity Center - "guides you to a host of information and tools to help you set up, understand, maintain, and enhance your ThinkPad® notebook or ThinkCentre® desktop" | No |
| X | Lpr | Lpr123.exe | Added by the REMPSTEAL password stealer TROJAN! | No |
| X | Lpr123 | Lpr123.exe | Added by the REMPSTEAL password stealer TROJAN! | No |
| U | LPS | Lps.exe | Local Port Scanner - "With LPS you're able to check your computer for open or listening ports" | No |
| U | LPtask | lptask.exe | Program Lock It And Protect Pro - lock and protect your folders from being opened, moved or deleted | No |
| X | LRBZ Utility 32 | lrbz32.exe | Added by the AGOBOT-JQ WORM! | No |
| N | LS120 Superdisk | ?? | Supposed to accelerate transfer rate on LS-120, contributes to system lockups | No |
| X | LSA | wfdmgr.exe | Added by the MYTOB.C WORM! | No |
| X | LSA | lsa.exe | Added by the SDBOT-YV WORM! | No |
| X | LSA | msdn.exe | Added by an unidentified malware | No |
| X | LSA Service | LSASS.exe | Added by the AHKER.G WORM! Note - this is not the legitimate lsass.exe process, which should not appear in Msconfig/Startup! | No |
| X | lsa Services | lsa2srv.exe | Added by the TAME-C WORM! | No |
| X | LSA Shell (Export Version) | LSASS.exe | Added by the AHKER.K WORM and variants. Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | LSA Shellu | lsass.exe | Added by the AUTORUN-CW WORM! Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %UserProfile% | No |
| X | LsaManager | lsamgr.exe | Added by the BEAGLE.DR WORM! | No |
| X | lsas | lsas.exe | Added by the BIGFAIRY-C WORM! | No |
| X | LSAShell | lsass.exe | Added by the DAPROSY WORM! Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | lsass | lsass.exe | Added by the RATSOU.B TROJAN! Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\Debug\UserMode | No |
| X | lsass | start.bat | Added by the ZCREW TROJAN! | No |
| X | lsass | [path to lsass.exe] | Added by the ALADINZ.F TROJAN! Note - this is not the legitimate lasss.exe process which should NOT appear in Msconfig/Startup! | No |
| X | lsass | lsasrv.exe | Added by the MYDOOM.AG or MYDOOM.AS or MYDOOM.AU WORMS! | No |
| X | Lsass | woekd.exe | Added by an unidentified WORM or TROJAN! | No |
| X | lsass | elite***32.exe | EliteBar adware | No |
| X | Lsass | Lsass.exe | Added by the ALCOP-B WORM! Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | Lsass | Lsass.exe | Added by the VOUMIT-A WORM! Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Root%\mirc32 | No |
| X | LsasS | Sygate.exe | Added by the SDBOT.BCA WORM! | No |
| X | Lsass | kavmm.exe | Added by an unidentified WORM or TROJAN! NOTE - do NOT confuse with the legitimate Kaspersky antivirus module as described here. Contrary to this impostor, the legitimate file will always be located in the Kaspersky Lab folder in Program Files | No |
| X | Lsass | LSASS.EXE | Added by the PUNYA-B WORM! Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %AppData% | No |
| X | LSASS 32 | ISASS32.pif | Added by the ASSIRAL-C WORM! | No |
| X | Lsass 32 Manager | lsass32.exe | Added by the SDBOT.EOG WORM! | No |
| X | lsass 32-biT | lsass32.exe | Added by the RBOT.QGC WORM! | No |
| X | LSASS Authority | lshosts32.exe | Added by the SDBOT-UY TROJAN! | No |
| X | LSASS Authority | lsvhosts.exe | Added by the SDBOT.BCE WORM! | No |
| X | LSASS Daemon | LSASSd.exe | Added by a variant of the AGOBOT/GAOBOT WORM! | No |
| X | lsass service | lsass2.exe | Added by a variant of the AGOBOT/GAOBOT WORM! | No |
| X | lsass16 | lsass16.exe | Added by the BANKER-BXX TROJAN! | No |
| X | lsass2k Update | lsass2k.exe | Added by a variant of the RBOT WORM! | No |
| X | LSASS32 | Isass32.exe | Added by the KELVIR.M WORM! | No |
| X | lsass32 | lsass32.exe | Added by the LYDRA-B TROJAN! | No |
| X | lsass64BiT.exe | lsass64BiT.exe | Added by the FORBOT-CK WORM! | No |
| X | lsassig | lsassig.exe | Added by the BANCOS-EC TROJAN! | No |
| X | lsasss | lsasss.exe | Added by the GEEKMY-A TROJAN! | No |
| X | lsasss.exe | lsasss.exe | Added by the SASSER.E WORM! | No |
| Y | lsburnwatcher | lsburnwatcher.exe | HP software which helps one create labels after a music CD is burned using LightScribe discs. If you want to use LightScribe labeling, do not prevent from starting | No |
| Y | LSBWatcher | lsburnwatcher.exe | HP software which helps one create labels after a music CD is burned using LightScribe discs. If you want to use LightScribe labeling, do not prevent from starting | No |
| X | lsess | lsess.exe | Added by the SINNAKA.A WORM! | No |
| X | lsmass | lsmass.exe | Added by the WALLOP-B TROJAN! | No |
| X | lsmss.exe | lsmss.exe | Added by the PROXY-GG TROJAN! | No |
| U | LSPFix | LSPmonitor.exe | eAcceleration Stop-Sign security software related. Previously not recommended, see here | No |
| X | lspins | igps.exe | Detected by Kaspersky as the VB.KC TROJAN! | No |
| U | LSPmonitor | LSPmonitor.exe | eAcceleration Stop-Sign security software related. Previously not recommended, see here | No |
| X | lssas | lssas.exe | Added by the AUTORUN.CEY WORM! | No |
| X | Lssas Monitoring Startup | LSSAS.EXE | Added by the RBOT.XJ WORM! | No |
| X | lssass | lssas.exe | Added by the AGOBOT.RL WORM! | No |
| X | LSvr | LSvr.exe | PowerStrip foistware. Note - this is not the same as the video tweaking utility of the same name here | No |
| Y | LT DAEMON | ltdaemon.exe | Acts as a data spooler for the DSL modem (similar to a cache). Do not uncheck if the DSL modem is being used | No |
| X | LTCISI | ltcisi.exe | Added by the DELBOT-AP WORM! | No |
| X | LTCISI | rckit.exe | Added by the IRCBOT-YJ BACKDOOR! | No |
| U | LtcyCfgApply | LtcyCfg.exe | PCI Latency Tool - "Utility to set PCI Latency and possibly prevent game stutter or improve FPS" for older AGP/PCI graphics cards | No |
| X | LTDMgr | LTDMgr.exe | PowerStrip foistware. Note - this is not the same as the video tweaking utility of the same name here | No |
| X | Ltho | dees.exe | PurityScan adware | No |
| X | LTM2 | MSGSRV32.EXE | Added by the LITMUS.A BACKDOOR! Note - this is not the legitimate msgsvr32.exe process on a Win9x/Me system which should not appear in MSConfig/startup! This one is located in %Windir%\Litmus | No |
| X | LTM2 | MPGSRV32.EXE | Added by the LITMUS.201 TROJAN! | No |
| X | LTM2 | MSGSRV320.EXE | Added by the LITMUS.C TROJAN! | No |
| X | LTM2 | winupdate.exe | Added by the LITMUS.203 TROJAN! | No |
| X | LTM2 | bible.exe | Added by the LITMUS.203 TROJAN! | No |
| X | LTM2 | winscan.exe | Added by the LITMUS-B TROJAN! | No |
| X | LTM2 | lssas.exe | Added by a variant of the LITMUS TROJAN! | No |
| X | LTM2 | MSGSSV32.EXE | Added by the FC.C TROJAN! | No |
| X | LTM2 | msns6 | Added by the LITMUS.C TROJAN! | No |
| X | LTM2 | RundlI.exe | Added by the MULTIDRP.BG TROJAN! | No |
| X | LTM2 | SVCHOST32.exe | Added by the LITMUS.203B TROJAN! | No |
| X | LTM2 | SVCHOSTÿ.exe | Added by the DROPPERFL.A TROJAN! | No |
| X | LTM2 | winvers16.exe | Added by the SMALL.ND TROJAN! | No |
| U | LtMoh | Ltmoh.exe | Modem On Hold utility - manages incoming/outgoing voice calls on a single phone line while being connected to the internet | No |
| Y | LTMSG | ltmsg.exe | Lucent Technologies (now Alcatel-Lucent) WinModem - which uses software rather than hardware, hence putting additional load on the CPU. Needed if you have it for loading the drivers. Popular before the advent of high-speed broadband and still used where broadband isn't available. See here for more WinModem information | No |
| Y | Lto Manager | DesktopLtoManager.exe | Related to Global Positioning System (GPS) found on HP iPAQ hw6500 unit and others | No |
| N | LTSMMSG | LTSMMSG.exe | Lucent Tech. Soft Modem Messaging application - may be found on Fujitsu Lifebook, Acer and Sony Vaio notebooks, maybe others too | No |
| X | LTSMSG | Shell32.exe | Added by the LEMIR.B TROJAN! | No |
| X | ltssvc | rundll32.exe ltssvc.dll,start | Added by the AKBOT-AG WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "ltssvc.dll" file is found in %System% | No |
| X | LTT2 | rundll32.exe | Added by the LINEAGE-BI TROJAN! | No |
| Y | LTWinModem1 | ltmsg.exe | Lucent Technologies (now Alcatel-Lucent) WinModem - which uses software rather than hardware, hence putting additional load on the CPU. Needed if you have it for loading the drivers. Popular before the advent of high-speed broadband and still used where broadband isn't available. See here for more WinModem information | No |
| X | ltwob | formatsys.exe | Added by the SERFLOG.A WORM! | No |
| X | ltwob | msmbw.exe | Added by the SERFLOG.A WORM! | No |
| X | ltwob | serbw.exe | Added by the SERFLOG.A WORM! | No |
| Y | LUCENT TECHNOLOGIES ltmsg | ltmsg.exe | Lucent Technologies (now Alcatel-Lucent) WinModem - which uses software rather than hardware, hence putting additional load on the CPU. Needed if you have it for loading the drivers. Popular before the advent of high-speed broadband and still used where broadband isn't available. See here for more WinModem information | No |
| U | LUGuard | LUGuard.exe | PC-Duo Remote Control enables your help desk technicians to take instant control of any remote desktop PC at any location across the LAN, WAN or internet | No |
| X | lup | lup.exe | Added by the IRCBOT_GEN WORM! | No |
| Y | Lusetup | LUSetup.exe | Symantec LiveUpdate installer - required to install a new version of the application. Will only run once, and the entry is automatically deleted after a reboot | No |
| U | LVComs | lvcoms.exe | Lvcomm server. Related to Logitech Quick Cam - works fine without it but it is needed for the Logitech ImageStudio software to connect to the camera | No |
| N | LVCOMSX | LVCOMSX.EXE | It provides extra functionality for Logitech multimedia webcam devices. When disabled the camera still works in quick capture but you can get a slight increase in picture quality - not so snowy and the movement wasn't so jerky | No |
| U | LWBKEYBOARD | KbdAp32A.exe | Keyboard utility for a Labtec brand (and possibly others) keyboard. If you disable this entry you will not be able to use any of the keyboard hotkeys or other non-standard functions on the keyboard | No |
| U | LWBMOUSE | lwbwheel.exe | Mouse driver - required if you use non-standard Windows driver features | No |
| U | LWBMOUSE | MOUSE32A.EXE | Mouse utility for a Lenovo brand (and possibly others) mouse. If you disable this entry you will not be able to use any of the non-standard functions of the mouse | No |
| N | Lwinst Run Profiler | lwtest.exe | Logitech Wingman Profiler for the Logitech joysticks. Available via Start -> Programs | No |
| X | lwjcjuti.exe | lwjcjuti.exe | Added by the DWNLDR-GTQ TROJAN! | No |
| Y | lxamsp32 | lxamsp32.exe | Lexmark Scan and Copy Control Program for the X63 (and maybe others) printer/scanner. Required for the scanner to work | No |
| ? | LXbbmgr | LXbbmgr.exe | Lexmark printer button manager? Is it required? | No |
| ? | LXBLKsk | LXBLKsk.exe | Lexmark related. What does it do, and is it required? | No |
| U | lxbrbmgr | lxbrbmgr.exe | "Lexmark Scan & Copy Control Program" for the Lexmark 3100 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc | No |
| ? | LXBRKsk | LXBRKsk.exe | Lexmark printer related. What does it do and is it required? | No |
| Y | LXBSCATS | rundll32 [path] LXBStime.dll, _RunDLLEntry@16 | Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll) | No |
| Y | LXBTCATS | rundll32 [path] LXBTtime.dll, _RunDLLEntry@16 | Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll) | No |
| N | lxbtmon.exe | lxbtmon.exe | Lexmark 5200 Series printer device monitor | No |
| Y | LXBUCATS | rundll32 [path] LXBUtime.dll, _RunDLLEntry@16 | Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll) | No |
| U | lxbumon.exe | lxbumon.exe | Lexmark 6200 Series printer device monitor | No |
| Y | LXBXCATS | rundll32 [path] LXBXtime.dll, _RunDLLEntry@16 | Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll) | No |
| U | lxbxmon.exe | lxbxmon.exe | Lexmark 7100 Series printer device monitor | No |
| Y | LXBYCATS | rundll32 [path] LXBYtime.dll, _RunDLLEntry@16 | Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll) | No |
| U | lxbymon.exe | lxbymon.exe | Lexmark P910 Series printer device monitor | No |
| Y | LXCCCATS | rundll32 [path] LXCCtime.dll, _RunDLLEntry@16 | Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll) | No |
| U | lxccmon.exe | lxccmon.exe | Lexmark 3300 Series printer device monitor | No |
| U | LXCDCATS | rundll32 [path] LXCDtime.dll, _RunDLLEntry@16 | Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll) | No |
| N | lxcdmon.exe | lxcdmon.exe | Lexmark 6300 Series printer device monitor | No |
| Y | LXCECATS | rundll32 [path] LXCEtime.dll, _RunDLLEntry@16 | Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll) | No |
| N | lxcemon.exe | lxcemon.exe | Lexmark 4300 Series printer device monitor | No |
| Y | LXCFCATS | rundll32 [path] LXCFtime.dll, _RunDLLEntry@16 | Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll) | No |
| Y | LXCGCATS | rundll32 [path] LXCGtime.dll, _RunDLLEntry@16 | Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll) | No |
| U | lxcgmon.exe | lxcgmon.exe | Lexmark 2300 Series printer device monitor | No |
| Y | LXCJCATS | rundll32 [path] LXCJtime.dll, _RunDLLEntry@16 | Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll) | No |
| N | lxcjmon.exe | lxcjmon.exe | Lexmark 8300 Series printer device monitor | No |
| Y | LXCQCATS | rundll32 [path] LXCQtime.dll, _RunDLLEntry@16 | Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll) | No |
| U | lxcqmon.exe | lxcqmon.exe | Lexmark 9300 Series printer device monitor | No |
| Y | LXCRCATS | rundll32 [path] LXCRtime.dll, _RunDLLEntry@16 | Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll) | No |
| U | lxcrmon.exe | lxcrmon.exe | Lexmark 2400 Series printer device monitor | No |
| Y | LXCTCATS | rundll32 [path] LXCTtime.dll, _RunDLLEntry@16 | Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll) | No |
| U | lxctmon.exe | lxctmon.exe | Lexmark 5400 Series printer device monitor | No |
| Y | LXCYCATS | rundll32 [path] LXCYtime.dll, _RunDLLEntry@16 | Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll) | No |
| U | lxcymon.exe | lxcymon.exe | Lexmark 3400 Series printer device monitor | No |
| Y | LXDBCATS | rundll32 [path] LXDBtime.dll, _RunDLLEntry@16 | Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll) | No |
| U | lxdcamon | lxdcamon.exe | Lexmark 1300 Series printer device monitor | No |
| Y | LXDCCATS | rundll32 [path] LXDCtime.dll, _RunDLLEntry@16 | Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details | No |
| U | lxdcmon.exe | lxdcmon.exe | Lexmark 1300 Series printer device monitor | No |
| U | lxddamon | lxddamon.exe | Lexmark 2500 Series printer device monitor | No |
| Y | LXDDCATS | rundll32 [path] LXDDtime.dll, _RunDLLEntry@16 | Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll) | No |
| U | lxddmon.exe | lxddmon.exe | Lexmark 2500 Series printer device monitor | No |
| U | lxdfamon | lxdfamon.exe | Lexmark 6500 Series printer device monitor | No |
| U | lxdfmon.exe | lxdfmon.exe | Lexmark 6500 Series printer device monitor | No |
| U | lxdiamon | lxdiamon.exe | Lexmark 3500-4500 Series printer device monitor | No |
| Y | LXDICATS | rundll32 [path] LXDItime.dll, _RunDLLEntry@16 | Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll) | No |
| U | lxdimon.exe | lxdimon.exe | Lexmark 3500-4500 Series printer device monitor | No |
| U | lxdjamon | lxdjamon.exe | Lexmark 1400 Series printer device monitor | No |
| U | LXDJCATS | rundll32 [path] LXDJtime.dll, _RunDLLEntry@16 | Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll) | No |
| U | lxdjmon.exe | lxdjmon.exe | Lexmark 1400 Series printer device monitor | No |
| U | lxdmamon | lxdmamon.exe | Lexmark 5000 Series printer device monitor | No |
| U | lxdmmon.exe | lxdmmon.exe | Lexmark 5000 Series printer device monitor | No |
| U | lxdvamon | lxdvamon.exe | Lexmark X5400 Series printer device monitor | No |
| U | lxdvmon.exe | lxdvmon.exe | Lexmark X5400 Series printer device monitor | No |
| U | lxdwamon | lxdwamon.exe | Lexmark 7600 Series printer device monitor | No |
| U | lxdwmon.exe | lxdwmon.exe | Lexmark 7600 Series printer device monitor | No |
| N | LXSUPMON | LXSUPMON.EXE | Lexmark printer related. The printer should work fine without it but what does it do? | No |
| ? | lycosInside | Lyc_SysTray.exe | Lycos eMail related - what does it do and is it required? | No |
| U | LyraHD2TrayApp | LYRAHD2TrayApp.exe | Related to RCA Lyra MP3 Player | No |
| X | LzioMediaUpdater | LzioMediaUpdater.exe | LZIO.com adware downloader | No |
| ? | M Player Post Installer | postinstallm.exe | ?? | No |
| X | M S DVD DirectX Dll Drivers | msxdl.exe | Added by the SDBOT-BJN WORM! | No |
| N | M-Audio Delta Taskbar Icon | DeltTray.exe | M-Audio Delta Control Panel for M-Audio brand Delta series audio cards. System Tray access to audio settings - available through Control Panel | No |
| U | M-Audio MobilePre Control Panel Launcher | MPTask.exe | Control Panel Launcher for MobilePre USB bus-powered preamp and audio interface from M-Audio | No |
| U | M-Audio Taskbar Icon | DeltaIITray.exe | System Tray access to the Delta Control Panel for the M-Audio Delta series of PCI audio cards | No |
| X | M-soft Office | M-soft Office.hta | HTA file which creates an executable on the hard drive which subsequently proceeds to download files from a malware site! | No |
| X | M1cr0s0ft S3rcurity | systemconfig.exe | Added by the RBOT.BKB WORM! | No |
| X | M1cr0s0ft Upd4t4zS | update32.exe | Added by the RBOT-MI WORM! | No |
| X | m32info | m32info.exe | Added by the CRYPTER.A TROJAN! | No |
| X | M3Development_WhenUSave_Installer | M3Development_WhenUSave_Installer.exe | WhenU.Save adware | No |
| N | M3Tray | m3tray.exe | Movielink - internet movie rental System Tray access | No |
| X | m66 | mlr66.exe | Added by the AGENT-ACR TROJAN! | No |
| U | MAAgent | MAAgent.exe | Related to MarkAny - a solution to prevent is unauthorized distribution of information through Floppy, CD, email, etc | No |
| U | MacDrive | MacDrive.exe | MacDrive 7 & MacDrive 6 CrossStripe Edition from Mediafour Corporation - "a perfect way to share files between Mac OS and Windows." Version 6 is not Vista compatible but doesn "include support for striped Mac arrays created with ATTO ExpressStripe software." | No |
| U | MacDrive application | MacDrive.exe | MacDrive 7 from Mediafour Corporation - "enables anyone using Windows Vista, XP, and 2003 Server to seamlessly access Mac disks (HFS/HFS+) of all types, including CDs, DVDs, hard drives, floppy, Zip, Jaz, and more!" | No |
| ? | MacDrive7.0.4TimeOutPatch | TimeOutPatch.EXE | Part of MacDrive 7 from Mediafour Corporation - "enables anyone using Windows Vista, XP, and 2003 Server to seamlessly access Mac disks (HFS/HFS+) of all types, including CDs, DVDs, hard drives, floppy, Zip, Jaz, and more!" Interim patch for an older version? Is it no longer required? | No |
| X | Macfee Security Patch | Mpfsheild.exe | Added by the RBOT-NP WORM! | No |
| U | Machine Debug Manager | MDM.EXE | Used by developers for debugging and is a component of several MS products including Office and Visual Studio. Those who have encountered it have unchecked it with no degradation in performance. It may cause your computer to "hang" if you have Visual Studio installed and this disabled because it appears to take over error handling - hence the U recommendation. For this entry it loads under the "RunServices" key in Me (located in C:\WINDOWS\SYSTEM). It also loads a service in XP/Vista (located in %ProgramFiles%\Common Files\Microsoft Shared\VS7Debug) | No |
| X | Machine Debug Manager | msdn.exe | Added by a variant of the RBOT WORM! | No |
| X | Machine Debug Manager | mdm.exe | Added by the SDBOT-APE WORM! Note - this is not the legitimate Machine Debug Manager (mdm.exe) process which is located in %ProgramFiles%\Common Files\Microsoft Shared\VS7Debug (98/Me/XP/Vista) or %System% (Me only). This one is located in %Windir% | No |
| X | Machine Debug Manager | mdms.exe | Added by the SDBOT-CH WORM! | No |
| X | Machine Update Soft | wusas.exe | Added by an unidfentified WORM! | No |
| X | machine-debugger | WMIPRVSW.exe | Added by the AGOBOT.WW WORM! | No |
| X | MachineTest | CMagesta.exe | Added by the SDBOT TROJAN! | No |
| X | mackfy.exe | msms.exe | Added by the SDBOT-DID WORM! | No |
| N | MacLic | MacLic.exe | Part of Conversions Plus from DataViz - allowing PC and MAC owners to share disks | No |
| N | MacLicense | MacLic.exe | Part of Conversions Plus from DataViz - allowing PC and MAC owners to share disks | No |
| N | MacName | MacName.exe | Part of Conversions Plus from DataViz - allowing PC and MAC owners to share disks | No |
| X | Macromedia 8 | Flash Player.exe | Added by the JAMBU-A WORM! | No |
| X | Macromedia Critical Updater | rarww.exe | Added by a variant of the RBOT WORM! | No |
| X | Macromedia Dreamweaver XM | macdwXM.exe | Added by the AGOBOT-RI WORM! | No |
| X | Macromedia Drive | Iexplor32.exe | Added by a variant of the RBOT WORM! | No |
| X | Macromedia Flash Update | scvhost.exe | Added by a variant of the RBOT WORM! | No |
| U | MACVNTFY | MACVNTFY.EXE | Part of MacDrive 6 CrossStripe Edition from Mediafour Corporation - "a perfect way to share files between Mac OS and Windows." Unlike the standard version of MacDrive 7, this version is not Vista compatible but does "include support for striped Mac arrays created with ATTO ExpressStripe software." | No |
| Y | MAD.EXE | MAD.EXE | MAD.exe is the MS Exchange 5.5 System Attendant and can also consume a large amount of resources - resolved by the latest Exchange 5.5 Service Pack. Also part of Exchange 2000 Server but does it have the same problems?. Apparently you need to leave this running but is it needed at start-up? | No |
| N | MadExe | LaunchRA.exe | Part of Dell Resolution Assistant - "a diagnostic program that allows you to contact Dell. When factory-installed by Dell, it allowed you to perform hardware and software diagnostics that provided alerts to potential problems and enabled real-time communication with Dell RA techs. You can now use RA only to contact Dell by e-mail" | No |
| U | MAFWTaskbarApp | MAFWTray.exe | Drivers for the M-Audio Firewire Audiophile - Interface | No |
| U | Magentic | Magentic.exe | Magentic by Incredimail - wallpaper/screensaver manager | No |
| N | MagicalUnInstall | MagicalUnInstall.exe | Ashampoo® Magical UnInstall from Ashampoo GmbH & Co. KG - which monitors each new program installation, saving a log of the current configuration and using this as a reference to completely uninstall it if you chose to do so at a later date | Yes |
| U | MagicDisc | MagicDisc.exe | MagicISO - "very helpful utility designed for creating and managing virtual CD drives and CD/DVD discs" | No |
| U | MagicDsk | MAGICDSK.EXE | Magic DeskTop is a small and novel utility which will allow you the option of hiding or showing your desktop icons | No |
| U | MagicKeyboard | PreMKBD.exe | Related to Samsung laptops. Provides ability to program keys to perform specific functions | No |
| U | MagicLinker3 | MagicLnk.exe | ThaiSoftware Thai Dictionary | No |
| N | Magitime | Magitime.exe | Magitime - connection tracking utility which monitors online time, expense, data transfer | No |
| N | MagUninstall | MagicalUnInstall.exe | Ashampoo® Magical UnInstall from Ashampoo GmbH & Co. KG - which monitors each new program installation, saving a log of the current configuration and using this as a reference to completely uninstall it if you chose to do so at a later date | Yes |
| X | mahmud | mahmud.exe | Added by a variant of the Storm/Nuwar/Zhelatin WORM! See here for an example | No |
| ? | Mail.com | mcalert.exe | Mail.com - free web-mail service. Does mcalert.exe notify you when new mail has arrived? | No |
| U | MailBell | mailbell.exe | MailBell e-mail notification tool that will notify you about new messages arrived to your mailbox. Works with both POP3 mailboxes and web-mail based systems. You should be able to set your mail system to check all accounts at regular intervals anyway if you prefer (in Outlook for instance) | No |
| X | MailBlocker | [path to trojan] | Added by the AGENT-LRJ TROJAN! | No |
| U | Mailbox Verifier | mboxvrfy.exe | Mailbox Verifier (MV) is free software that will notify you about new messages arrived to your mailbox. Only works with POP3 mailboxes (not web-mail based systems). You should be able to set your mail system to check all accounts at regular intervals anyway if you prefer (in Outlook for instance) | No |
| U | MailCleaner | MAILCLEANER.EXE | MailCleaner "protect your computer from viruses sent to your machine via the popular e-Mail reader Incredimail. In addition the program will check all incoming files downloaded by Internet Explorer, Netscape Navigator, ICQ and iMesh". Not recommended as it bundles GAIN adware. Please note that Claria Corporation no longer support GAIN-Supported software - see here | No |
| X | mailman.exe | mailman.exe | Added by the CERTIF-E TROJAN! | No |
| Y | MailScan Dispatcher | Launch.exe | MicroWorld MailScan Dispatcher splits each e-mail message into various components such as the header, body and attachment. Compressed formats (ZIP, ARJ, etc.) are scanned for viruses and cleaned | No |
| X | MailSkinner | mailskinner.exe | MailSkinner - an application by Electronic Group , notorious for its premium rate "drive by" installed adult content dialers (see here) | No |
| X | Mail_Check | Mail_Check.exe | Added by the PANOIL.C WORM! | No |
| U | MAIN | main.exe | SpyCop surveillance software detection - checks to see when your machine was last scanned and if it was more than a week asks if you want to scan | No |
| ? | Main Executable (HP) | HP05T0R5.exe | HP (Hewlett-Packard) related. Maybe related to printers. Now - what does it do? | No |
| X | main16 | main16.exe | Added by the CRYPTER.A TROJAN! | No |
| X | main32 | main32.exe | Added by the CRYPTER.A TROJAN! | No |
| X | MainDownloads | rundll32.exe MSA64CHK.dll,DllMostrar | MatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System% | No |
| X | MainStart | svcmfte32.exe | Added by the STINX-A TROJAN! | No |
| X | mainviewex | mainviewex.exe | Added by the GEMA.D TROJAN! | No |
| X | main_module | drvmmx32.exe | Added by the DILA TROJAN! | No |
| X | Major Microsoft Windows Driver Boot loader | bpool.exe | Added by the MYTOB.AJ WORM! | No |
| X | Malware Catcher 2009 | MCatcher.exe | Malware Catcher 2009 rogue security software - not recommended, removal instructions here | No |
| X | Malware Cleaner | [random numbers].exe | Malware Cleaner rogue security software - not recommended, removal instructions here | No |
| X | Malware Defense | mdefense.exe | Malware Defense rogue security software - not recommended, removal instructions here | No |
| X | Malware Destructor 2009 | MD345d.exe | Malware Destructor 2009 rogue security software - not recommended, removal instructions here | No |
| X | Malware Scanner | MalScr.exe | Malware Scanner rogue security software - not recommended, removal instructions here | No |
| U | Malware Sweeper | MalSwep.exe | Malware Sweeper - "Protects the user from malicious malware and monitors the sanity of the running programs" | No |
| X | Malware-Wipe | Malware-Wipe.exe | MalwareWipe rogue security software variant - not recommended, removal instructions here | No |
| X | Malware-Wiped | Malware-Wiped.exe | MalwareWipe rogue security software variant - not recommended, removal instructions here | No |
| X | MalwareAlarm | MalwareAlarm.exe | MalwareAlarm rogue security software - not recommended, removal instructions here | No |
| X | MalwareBot | MalwareBot.exe | MalwareBot rogue security software - not recommended, removal instructions here | No |
| Y | Malwarebytes' Anti-Malware | mbamgui.exe | System tray access to and realtime protection agent for the registered version of MalwareBytes' Anti-Malware - which is "considered to be the next step in the detection and removal of malware. In our product we have compiled a number of new technologies that are designed to quickly detect, destroy, and prevent malware." This entry also appears under the HKLM\RunOnce registry key during installation | Yes |
| Y | Malwarebytes' RogueRemover PRO | RogueRemoverPRO.exe | Part of Malwarebytes' RogueRemover PRO - the realtime "RogueMonitor will alert you before you download a rogue application keeping you safe and secure before trouble occurs." Now discontinued and the funtionality is included in Malwarebytes' Anti-Malware | Yes |
| X | MalwareCore 7.3 | MalwareCore 7.3.exe | MalwareCore rogue security software - not recommended, removal instructions here | No |
| X | MalwareCore 7.4 | MalwareCore 7.4.exe | MalwareCore rogue security software - not recommended, removal instructions here | No |
| X | MalwareCrush | MalwareCrush.exe | MalwareCrush rogue security software - not recommended, removal instructions here | No |
| X | malwaredef | malwaredef.exe | Malware Defender 2009 rogue security software - not recommended, removal instructions here | No |
| X | MalwareProMFC | MalwarePro.exe | MalwarePro rogue security software - not recommended, removal instructions here | No |
| X | MalwareRemoval | MalwareRemoval.exe | Added by a fake version of Microsoft's Malicious Software Removal Tool - removal instructions here | No |
| X | MalwareRemovalBot | MalwareRemovalBot.exe | MalwareRemovalBot rogue security software - not recommended, removal instructions here | No |
| X | MalwareStopper | MalwareStopper.exe | Malware Stopper rogue security software - not recommended | No |
| X | MalwaresWipeds | MalwareWipeds.exe | MalwareWipe rogue security software variant - not recommended, removal instructions here | No |
| X | MalwareWar 7.3 | MalwareWar 7.3.exe | MalwareWar rogue security software - not recommended, removal instructions here | No |
| X | MalwareWipe | MalwareWipe.exe | MalwareWipe rogue security software - not recommended, removal instructions here | No |
| X | MalwareWiped | MalwareWiped.exe | MalwareWipe rogue security software variant - not recommended, removal instructions here | No |
| X | MalwareWiped 5.5 | MalwareWiped 5.5.exe | MalwareWipe rogue security software variant - not recommended, removal instructions here | No |
| X | MalwareWiped 5.6 | MalwareWiped 5.6.exe | MalwareWipe rogue security software variant - not recommended, removal instructions here | No |
| X | MalwareWiped 5.7 | MalwareWiped 5.7.exe | MalwareWipe rogue security software variant - not recommended, removal instructions here | No |
| X | MalwareWiped 5.8 | MalwareWiped 5.8.exe | MalwareWipe rogue security software variant - not recommended, removal instructions here | No |
| X | MalwareWiped 6.1 | MalwareWiped 6.1.exe | MalwareWipe rogue security software variant - not recommended, removal instructions here | No |
| X | MalwareWiped 6.2 | MalwareWiped 6.2.exe | MalwareWipe rogue security software variant - not recommended, removal instructions here | No |
| X | MalwareWiped 6.3 | MalwareWiped 6.3.exe | MalwareWipe rogue security software variant - not recommended, removal instructions here | No |
| X | MalwareWiped 6.4 | MalwareWiped 6.4.exe | MalwareWipe rogue security software variant - not recommended, removal instructions here | No |
| X | MalwareWiped 6.9 | MalwareWiped 6.9.exe | MalwareWipe rogue security software variant - not recommended, removal instructions here | No |
| X | MalwareWipeds | MalwareWipeds.exe | MalwareWipe rogue security software variant - not recommended, removal instructions here | No |
| X | MalwareWipePro | MalwareWipePro.exe | MalwareWipe rogue security software variant - not recommended, removal instructions here | No |
| X | MalwareWiper | MalwareWiper.exe | MalwareWipe rogue security software variant - not recommended, removal instructions here | No |
| Y | Mamutu Guard | mamutu.exe | Mamutu from Emsi Software - behaviour based protection that "recognizes new and unknown Trojans, Worms and Viruses (Zero-Day attacks), without daily updates" | No |
| U | ManageDesk Lite | ManageDesk Lite.exe | ManageDesk Lite from Managebytes Desktop management software. Each desktop is a separate working space for you to use | No |
| X | ManageProtocolCtrl | csmsv.exe | Added by the LOOKSKY.B TROJAN! | No |
| X | manager | manager.exe | Detected by Kaspersky as the SMALL.CVT TROJAN! | No |
| U | Manager Monitor | monitor.exe | MindStorm AnalyzerPro from Secure Associates. "A security management tool for customers easy to manage report and analyze security events across heterogeneous security devices" | No |
| X | Managment Service | [random filename] | Added by the RBOT.BIS TROJAN! | No |
| N | Mania Win Restore | RESWIN.EXE | Pinball Mania for Windows from 21st Century Entertainment LTD (1995). Runs briefly at start-up then terminates. Available via Start -> Programs | No |
| X | manrotce | manrotce.exe | Added by unidentified malware | No |
| X | Mantis | [filename] | Added by the MANTIBE VIRUS! | No |
| X | MapEDC | MapEDC.exe | Added by the WaveRevenue-McBoo TROJAN! | No |
| X | MapiDrv | mpisvc.exe | Added by the MIPSIV TROJAN! | No |
| X | mapisvc32 | mapisvc32.exe | Added by the KX VIRUS and also recognised by Symantec as FPAI adware | No |
| X | Mapiyasha | Mapiyasha.exe | Added by the SILLYFDC-DM WORM! | No |
| X | mark the service | xxtra32.exe | Added by the SDBOT.APP WORM! | No |
| X | Martini | pinmart.exe | Added by a variant of the SDBOT WORM! | No |
| X | Mascro soft SDK updates2 | SDKrepair2.exe | Added by the SDBOT.BXM WORM! | No |
| X | maskrider | maskrider2001.vbs | Added by the SOLOW-G WORM! | No |
| U | masqform.exe | masqform.exe | PureEdge Viewer - provides automation framework to manage and deploy XML forms-based processes for e-business and e-government systems. PureEdge was taken over by IBM (see here) and the product became Workplace Forms | No |
| N | Mass storage check registry | rundll32.exe MSDServ.dll, check registry | Used with a USB based smartmedia card reader | No |
| X | Master | svcghost.exe | Added by the IRCBOT.RB TROJAN! | No |
| X | Master Card Updaate 32 | Mastercard32.exe | Added by a variant of the RBOT WORM! | No |
| U | Master Volume Spy | MASTERVOLUMESPY.EXE | Volume control for the Gateway Destination "DestiVu" media interface | No |
| X | MasterBoot Switch | popupkill.exe | Added by a variant of the RBOT WORM! | No |
| U | Matador | mlfbuddy.exe | MailFrontier - anti-spam application | No |
| U | Matador | mantispm.exe | MailFrontier Desktop (Matador) email spam blocker software | No |
| U | Matrix Screen Locker | matrix.exe | Matrix Screen Locker is a system tray application that allows for quick and secure PC lock when you wish. The screen does a "matrix style" scrolling characters effect when the lock is running | No |
| X | MatrixScreen | [filename] | Added by the MATRIXSCREEN TROJAN! | No |
| X | MatrixScreenSaver | mss.exe | Unidentified malware | No |
| N | Matrox Color Control | hgcctl95.exe | For Matrox video cards. Quick access to changing colors | No |
| N | Matrox Control Center | mgactrl.exe | For Matrox video cards. Quick access to settings | No |
| N | Matrox Diagnostic | mgadiag.exe | For Matrox video cards. Quick access to diagnostics | No |
| N | Matrox Powerdesk | PDesk.exe | "Matrox PowerDesk software provides extra multi-display desktop management controls" | No |
| N | Matrox PowerDesk 8 | matrox.powerdesk.exe | "Matrox PowerDesk software provides extra multi-display desktop management controls" | No |
| N | Matrox PowerDesk SE | Matrox.PowerDesk SE.exe | Matrox PowerDesk SE - multi-display desktop management controls | No |
| N | Matrox QuickDesk | mgaqdesk.exe | For Matrox video cards. Quick access to tweak your card to your liking | No |
| X | MAV_check | mav_startupmon.exe | Part of the WinAntiVirus Pro 2007 rogue security software - not recommended | No |
| X | mav_startupmon | mav_startupmon.exe | Part of the WinAntiVirus Pro 2007 rogue security software - not recommended | No |
| X | MaxAlerts | max.exe | Bonzi MaxALERT - spyware | No |
| X | MaxAntiSpy | MaxAntiSpy.exe | MaxAntispy Russian rogue spyware remover - not recommended | No |
| U | MaxBackSchedule | maxbackservice.exe | Backup scheduler for the Maxtor (now Seagate) range of external hard drives - part of Maxtor Quick Start | No |
| U | MaxBlastMonitor | MaxBlastMonitor.exe | Maxblast hard drive utility for Maxtor (Seagate) drives | No |
| X | Maxsized | gqasqs.exe | Added by the LIOTEN.IR WORM! | No |
| Y | MaxtorCombo | ComboButton.exe | Required to be able to use the Maxtor OneTouch button on your external Maxtor harddrive. It is used to start up backup software (Retrospect) | No |
| U | MaxtorOneTouch | OneTouch.exe | Maxtor OneTouch Hard Drives/OneTouch Family hard disk backup software | No |
| U | MaxtorReg | AUTOREG.EXE | Part of SYSagent - small utility for retrieving all the hardware and software information required by anyone administering a machine and/or the network it's a part of | No |
| Y | MayaPan | MayaPan.Exe | Audiotrak Maya soundcard driver | No |
| X | mb2np | [random filename] | Added by the IRCBOT.TJ WORM! | No |
| Y | mbamgui | mbamgui.exe | System tray access to and realtime protection agent for the registered version of MalwareBytes' Anti-Malware - which is "considered to be the next step in the detection and removal of malware. In our product we have compiled a number of new technologies that are designed to quickly detect, destroy, and prevent malware." This entry also appears under the HKLM\RunOnce registry key during installation | Yes |
| X | MbarInstall | [random filename] | Mirar adware | No |
| U | MBkLogOnHook | LogOnHook.exe | Part of McAfee Data Backup (now Online Backup) - which "takes the hassle out of manually backing up all of your valuable digital files - from Microsoft Outlook email and contacts to treasured family photos". Available as a stand-alone product or included in Internet Security and Total Protection. The exact purpose of this entry is unknown at present but it unloads after startup | Yes |
| U | MBM 4 | MBM4.exe | Motherboard Monitor 4 - only needed if you overclock your system and want to keep a check on system temperatures/voltages/etc. Available via Start -> Programs | No |
| U | MBM 5 | MBM5.exe | Motherboard Monitor 5 - only needed if you overclock your system and want to keep a check on system temperatures/voltages/etc. Available via Start -> Programs | No |
| U | MBMon | Rundll32 CTMBHA.DLL,MBMon | Creative Filter AudioControlMB Module - installed with the Creative Audigy line of sound cards and processors. Can be disabled without causing a problem | No |
| U | MBNet | mbnet.exe | MBNet (Portugal) Credit Card Processing software | No |
| U | MBProbe | mbrpobe.exe | MBProbe - only needed if you overclock your system and want to keep a check on system temperatures/voltages/etc. Available via Start -> Programs | No |
| U | mbssm32 | mbssm32.exe | Reported as Micro Bill Systems foistware - but not according to the company themselves, see here | No |
| X | mbssm32 | monstu.exe | Detected by AVG as the AGENT.CNM TROJAN - see here | No |
| X | MC | wintrims.exe | Added by the WINTRIM TROJAN! | No |
| X | MC | MAGICON.EXE | Added by the MAGICON.A TROJAN! | No |
| X | MC | N/A | Added by the SIMCSS TROJAN! | No |
| X | MC | WINTRIM.EXE | Added by the WINTRIM.A TROJAN! | No |
| X | McAfee | McAffeAv.exe | Added by the NETSKY.AL WORM! | No |
| X | mcafee | Win32.dll.vbs | Added by the CATCHER-B WORM! | No |
| X | Mcafee Anti Scan | NortonScn.exe | Added by a variant of the RBOT WORM! | No |
| X | McAfee Antivirus | McAfeeAV.exe | Added by a variant of the RBOT WORM! | No |
| X | Mcafee Antivirus Monitoring System326 | VSStatmn326.exe | Added by a variant of the SDBOT WORM! | No |
| X | Mcafee Antivirus Monitoring System32mn | VSStatmn32.exe | Added by a variant of the RBOT WORM! | No |
| X | McAfee Antivirus Protection | mcafeeAV.exe | Added by a variant of the RBOT WORM! | No |
| Y | McAfee Application Installer | mcappins.exe | Used by older versions of McAfee internet security related products to clean up installation files that are no longer required once the product is installed. This entry will normally only appear once the product has been installed before the system is rebooted | Yes |
| X | Mcafee Auto Protect | mcafeshield.exe | Added by the RBOT-UH WORM! | No |
| U | McAfee Backup | McAfeeDataBackup.exe | McAfee Online Backup (formerly Data Backup) - "takes the hassle out of manually backing up all of your valuable digital files - from Microsoft Outlook email and contacts to treasured family photos". Available as a stand-alone product or included in Internet Security and Total Protection | Yes |
| U | McAfee Backup and Restore | McAfeeDataBackup.exe | McAfee Online Backup (formerly Data Backup) - "takes the hassle out of manually backing up all of your valuable digital files - from Microsoft Outlook email and contacts to treasured family photos". Available as a stand-alone product or included in Internet Security and Total Protection | Yes |
| U | McAfee Data Backup | LogOnHook.exe | Part of McAfee Data Backup (now Online Backup) - which "takes the hassle out of manually backing up all of your valuable digital files - from Microsoft Outlook email and contacts to treasured family photos". Available as a stand-alone product or included in Internet Security and Total Protection. The exact purpose of this entry is unknown at present but it unloads after startup | Yes |
| U | McAfee Data Backup | McAfeeDataBackup.exe | McAfee Data Backup (now Online Backup) - "takes the hassle out of manually backing up all of your valuable digital files - from Microsoft Outlook email and contacts to treasured family photos". Available as a stand-alone product or included in Internet Security and Total Protection | Yes |
| Y | McAfee Desktop Firewall Tray | FireTray.exe | McAfee Desktop Firewall | No |
| Y | McAfee Family Protection | mfp.exe | McAfee Family Protection - which 'is easy-to-use and built to empower parents to say "yes" to their children's online interests while protecting them as they learn and explore' and "protects children of all ages from exposure to inappropriate content, social networking risks, strangers, and other threats" | Yes |
| Y | McAfee Firewall | CPD.EXE | Firewall bundled with McAfee VirusScan 6.*. Can also be listed as CPD_EXE | No |
| U | McAfee Guardian | CMGrdian.exe | McAfee Guardian shortcut menu on the System Tray (looks like a castle) given access to Internet Security, Browser Buddy, File Guardian and help. Included with older versions of McAfee Internet Security and possibly others | No |
| Y | McAfee Managed Desktop Agent | MYAGTSVC.EXE | Part of the now obsolete McAfee Managed VirusScan anti-virus and anti-spyware security tool for small businesses. Starts via a registry "RunServices" key on Windows 98/Me and as a service on Windows NT/2K/XP | No |
| U | McAfee Managed Services Tray | StartMyagtTry.exe | System tray notification for the now obsolete McAfee Managed VirusScan anti-virus and anti-spyware security tool for small businesses. Not required to be protected but you lose notifications | No |
| U | McAfee Online Backup | MOBKstat.exe | System Tray access to McAfee Online Backup (formerly Data Backup) - "takes the hassle out of manually backing up all of your valuable digital files - from Microsoft Outlook email and contacts to treasured family photos". Available as a stand-alone product or included in Internet Security and Total Protection | Yes |
| U | McAfee Online Backup Status | MOBKstat.exe | System Tray access to McAfee Online Backup (formerly Data Backup) - "takes the hassle out of manually backing up all of your valuable digital files - from Microsoft Outlook email and contacts to treasured family photos". Available as a stand-alone product or included in Internet Security and Total Protection | Yes |
| X | McAfee Online virus Scanner | avp.exe | Added by the RBOT-GCV WORM! Not to be confused with Kaspersky anti-virus and AOL's Active Virus Shield (by Kaspersky) - found in either a Kaspersky or AOL sub-directory | No |
| X | McAfee Online Virus Scanner | nzm.exe | Added by the IRCBOT.XV WORM! | No |
| U | McAfee QuickClean Imonitor | Plguni.exe | Part of McAfee's QuickClean - which removes internet clutter and unwanted programs. This entry monitor changes made to the registry so that they can be undone later using QuickClean - such as removing programs. QuickClean is now integrated into their Total Protection, Internet Security and AntiVirus Plus products primarily as a file cleaner/shredder and no longer supports program removal | No |
| Y | McAfee SecurityCenter | mcagent.exe | McAfee SecurityCenter is the main support center for McAfee's range of internet security products such as Total Protection, Internet Security and VirusScan. As well as providing System Tray access (via the "M" icon) for product configuration it also communicates with McAfee's servers to manage updates and virus alerts | Yes |
| Y | McAfee SecurityCenter | McUpdate.exe | Automatic virus definition and software updates/upgrades for older versions of McAfee VirusScan and the now obsolete McAfee VirusScan Online | Yes |
| X | mcafee Software Intrenet | mcafee.exe | Added by the RBOT-ATR WORM! Note - this is not a valid McAfee program | No |
| U | McAfee SpamKiller | MskAgent.exe | McAfee SpamKiller - rule-based and list-based spam filter. Available as a stand-alone product or included in older versions of Internet Security and Total Protection | Yes |
| Y | McAfee VirusScan | mcmnhdlr.exe | Part of older versions of McAfee VirusScan and the now obsolete McAfee VirusScan Online. When Windows boots it checks whether a virus scan is necessary before you do anything with your PC. Typically, this would be the case if a scan was scheduled at boot-up or if a virus was found during a previous scan and VirusScan determined a scan should be run at this time | Yes |
| Y | McAfee VirusScan | mcvsshld.exe | ActiveShield - background scanner for older versions of McAfee VirusScan and the now obsolete McAfee VirusScan Online which scans files in the background as and when they are accessed, including scanning E-mails via the McAfee VirusScan E-mail Scan Module (McVSEscn.exe) | Yes |
| Y | McAfee VirusScan | oasclnt.exe | On-access real-time scanner for older versions of McAfee VirusScan and the now obsolete McAfee VirusScan Online which scans files for malware as you access, create, copy or download them | Yes |
| X | Mcafee VirusScan Manager | mvcsvm.exe | Added by the SILLYFDC.BBV TROJAN! | No |
| X | McAfee Windows Protection | mcafee32.exe | Added by a variant of the SPYBOT WORM! | No |
| N | McAfee Winguage | ?? | Part of McAfee Nuts & Bolts. "WinGuage is a dynamic reporting tool that constantly monitors your use of Windows and your applications, to alert you to potential problems before they become serious". Resource hog. Available via Start -> Programs | No |
| U | McAfee.InstantUpdate.Monitor | RuLaunch.exe | Instant Updater for McAfee's VirusScan, Internet Security, Quick Clean, Uninstaller and Firewall products. In the case of VirusScan leave it enabled unless you update manually on a regular basis | No |
| U | McAfeeDataBackup | McAfeeDataBackup.exe | McAfee Online Backup (formerly Data Backup) - "takes the hassle out of manually backing up all of your valuable digital files - from Microsoft Outlook email and contacts to treasured family photos". Available as a stand-alone product or included in Internet Security and Total Protection | Yes |
| Y | McAfeeFireTray | Firetray.exe | McAfee Desktop Firewall | No |
| X | MCAFEEIPS | setup.exe | Added by the WHITEWELL TROJAN! | No |
| X | McAfeeScanPlus | McAfeeScanPlus.exe | Added by the MEPCOD TROJAN! This trojan file does not belong to any McAfee Antivirus Software and is found in the Windows or Winnt folder | No |
| Y | McAfeeUpdaterUI | UpdaterUI.exe | McAfee common updater user interface | No |
| Y | McAfeeUpdaterUI | UdaterUI.exe | Updater user interface for McAfee's VirusScan Enterprise corporate anti-virus and anti-spyware security tool | No |
| Y | McAfeeVirusScanService | Avsynmgr.exe | From McAfee VirusScan version 5.x. Runs VirusScan System Tray (Vsstat.exe), WebScanX (Webscanx.exe), VirusScan System Scan (Vshwin32.exe) and VirusScan Console (Avconsol.exe) under one application | No |
| Y | McAfeeWebscanX | WebScanX.exe | From McAfee VirusScan up to version 4.x. Provides functionality for VShield Download Scan and Internet Filter modules. Enables internet scanning. Guards against malicious ActiveX programs, etc | No |
| X | Mcaffe Antivirus | Mcafeescn.exe | Added by a variant of the SPYBOT WORM! | No |
| X | MCAFFE FLD LOADER | MCAFFEFLD.EXE | Added by the RBOT-PY WORM! | No |
| X | Mcaffee | mcsheild.exe | Added by the RBOT-FDP WORM! | No |
| Y | mcagent | mcagent.exe | McAfee SecurityCenter is the main support center for McAfee's range of internet security products such as Total Protection, Internet Security and VirusScan. As well as providing System Tray access (via the "M" icon) for product configuration it also communicates with McAfee's servers to manage updates and virus alerts | Yes |
| Y | MCAgentExe | mcagent.exe | McAfee SecurityCenter is the main support center for McAfee's range of internet security products such as Total Protection, Internet Security and VirusScan. As well as providing System Tray access (via the "M" icon) for product configuration it also communicates with McAfee's servers to manage updates and virus alerts | Yes |
| Y | mcagent_exe | mcagent.exe | McAfee SecurityCenter is the main support center for McAfee's range of internet security products such as Total Protection, Internet Security and VirusScan. As well as providing System Tray access (via the "M" icon) for product configuration it also communicates with McAfee's servers to manage updates and virus alerts | Yes |
| Y | mcappins | mcappins.exe | Used by older versions of McAfee internet security related products to clean up installation files that are no longer required once the product is installed. This entry will normally only appear once the product has been installed before the system is rebooted | Yes |
| X | mceipww | [8 random letters].exe | Added by the ZHELATIN.EQ WORM! | No |
| N | McENUI | McENUI.exe | McAfee's EasyNetwork user interface - "enables secure file sharing, simplifies file transfers, and automates printer sharing among the computers in your home network." Part of McAfee's security products such as Total Protection and Internet Security | Yes |
| N | MChanger | MChanger.exe | Media Changer - utility that allows you to change wallpapers, sounds, themes, etc | No |
| U | MCI USB Icon | USBIcon.exe | MCI USB software used for managing a USB card reader | No |
| N | McLogLch_exe | McLogLch.exe | Related to McAfee security suite. This is a non-essential program, but should not be disabled unless suspected to be causing problems | No |
| X | MCM3 | mcm3.exe | ShopAtHome/SAHagent adware variant | No |
| Y | mcmnhdlr | mcmnhdlr.exe | Part of older versions of McAfee VirusScan and the now obsolete McAfee VirusScan Online. When Windows boots it checks whether a virus scan is necessary before you do anything with your PC. Typically, this would be the case if a scan was scheduled at boot-up or if a virus was found during a previous scan and VirusScan determined a scan should be run at this time | Yes |
| N | MCPLaunch | MCPLaunch.exe | Launcher for Message Center Plus "which alerts you when conditions arise on your computer that require your attention" on IBM/Lenovo ThinkCentre desktops, Thinkpad notebooks and Value Line systems. Message Center Plus will periodically scan a Lenovo server for new messages that are appropriate for your system and never collects or transmits any information about you or your computer | Yes |
| N | McRegWiz | mcregwiz.exe | Product registration wizard for McAfee's range of internet security tools | No |
| X | Mcrosoftr Update | Mcrosoftr.exe | Added by a variant of the RBOT WORM! | No |
| Y | McShld9x | mcshld9x.exe | Window 9x/Me on-access scanner for older McAfee's internet security products such as VirusScan and VirusScan Online which scans files in real-time for malware as you access, create, copy or download them | No |
| X | Mcsoft | gfeqzvq.exe | Added by the SDBOT-NV WORM! | No |
| Y | MCTskShd | mctskshd.exe | Part of older versions of McAfee's internet security products such as VirusScan and VirusScan Online and used to schedule tasks such as automatic updates, virus scans, etc. Starts via a registry "Run" key on Windows 98/Me and as a service on Windows 2K/XP/Vista | No |
| Y | mcui_exe | mcagent.exe | McAfee SecurityCenter is the main support center for McAfee's range of internet security products such as Total Protection, Internet Security and VirusScan. As well as providing System Tray access (via the "M" icon) for product configuration it also communicates with McAfee's servers to manage updates and virus alerts | Yes |
| Y | McUpdate | McUpdate.exe | Automatic virus definition and software updates/upgrades for older versions of McAfee VirusScan and the now obsolete McAfee VirusScan Online | Yes |
| Y | MCUpdateExe | McUpdate.exe | Automatic virus definition and software updates/upgrades for older versions of McAfee VirusScan and the now obsolete McAfee VirusScan Online | Yes |
| Y | McVsRte | mcvsrte.exe | Part of older versions of McAfee's internet security products such as VirusScan and VirusScan Online. Starts via a registry "RunServices" key on Windows 98/Me and as a service on Windows 2K/XP/Vista | No |
| Y | mcvsshld | mcvsshld.exe | ActiveShield - background scanner for older versions of McAfee VirusScan and the now obsolete McAfee VirusScan Online which scans files in the background as and when they are accessed, including scanning E-mails via the McAfee VirusScan E-mail Scan Module (McVSEscn.exe) | Yes |
| X | MCX Update | wisp.exe | Added by the RBOT-AQH WORM! | No |
| X | MCX Updte | scorti.exe | Added by the RBOT-ARP WORM! | No |
| X | MD IE Plugin | md.exe | Marketdart spyware | No |
| X | MD IE Plugin | winy.exe | Adware | No |
| N | mdac_runonce | runonce.exe | Associated with MS Data Access Components (MDAC). Sometimes left over after installation - not required. NOTE :- don't delete "runonce.exe". | No |
| U | MDDiskProtect | MDDiskProtect.exe | Part of MacDrive 6 CrossStripe Edition from Mediafour Corporation - "a perfect way to share files between Mac OS and Windows." Unlike the standard version of MacDrive 7, this version is not Vista compatible but does "include support for striped Mac arrays created with ATTO ExpressStripe software." | No |
| U | MDDiskProtect.exe | MDDiskProtect.exe | Part of MacDrive 6 CrossStripe Edition from Mediafour Corporation - "a perfect way to share files between Mac OS and Windows." Unlike the standard version of MacDrive 7, this version is not Vista compatible but does "include support for striped Mac arrays created with ATTO ExpressStripe software." | No |
| X | mdetect | [path to trojan] | Added by the SPABOT TROJAN! | No |
| U | MDGetStarted | MDGetStarted.exe | MacDrive 7 from Mediafour Corporation - "enables anyone using Windows Vista, XP, and 2003 Server to seamlessly access Mac disks (HFS/HFS+) of all types, including CDs, DVDs, hard drives, floppy, Zip, Jaz, and more!" | No |
| U | MDGetStarted.exe | MDGetStarted.exe | MacDrive 7 from Mediafour Corporation - "enables anyone using Windows Vista, XP, and 2003 Server to seamlessly access Mac disks (HFS/HFS+) of all types, including CDs, DVDs, hard drives, floppy, Zip, Jaz, and more!" | No |
| X | Mdm | Mdm.vbs | Added by the WHITEHO VIRUS or TRAPPY WORM! | No |
| X | mdm | mdm.exe | Added by the LYDRA-F TROJAN! ! Note - this is not the legitimate Machine Debug Manager (mdm.exe) process which is located in %ProgramFiles%\Common Files\Microsoft Shared\VS7Debug (98/Me/XP/Vista) or C:\WINDOWS\SYSTEM (Me only). This one is located in %Windir% | No |
| U | MDM7 | MDM.EXE | Used by developers for debugging and is a component of several MS products including Office and Visual Studio. Those who have encountered it have unchecked it with no degradation in performance. It may cause your computer to "hang" if you have Visual Studio installed and this disabled because it appears to take over error handling - hence the U recommendation. For this entry it loads under the "RunServices" key in 98/Me. It also loads as a service in XP/Vista. In both cases it's located in %ProgramFiles%\Common Files\Microsoft Shared\VS7Debug | No |
| X | Mdmdll | mdmdll.exe | Added by the CRYPTER TROJAN! | No |
| X | Mdmdll32 | mdmdll32.exe | Added by a variant of the CRYPTER.C TROJAN! | No |
| X | MDN | MDNS.exe | Added by the SPYBOT.JPB WORM! | No |
| X | MDN | MDNZ.exe | Added by the RBOT.AQD WORM! | No |
| X | MDN | MDN.exe | Added by the RBOT.AOA WORM! | No |
| X | MDNS | service.exe | Mirar adware variant | No |
| X | mds.exe | mds.exe | Added by the MADS-A TROJAN! | No |
| U | MDSA Sentinel X | smss.exe | SentinelX surveillance software. Uninstall this software unless you put it there yourself. Note - this is not the same file as the smss.exe process which is always located in %System%. This one is located in %ProgramFiles%\MDSA Software | No |
| X | mdwmdmsp | mdwmdmsp.exe | Adware - detected by Kaspersky as the AGENT.AM TROJAN! | No |
| N | MECA | Meca.exe | Meca cross-platform communications technology, branded messengers will connect with AOL, MSN, Yahoo!, and ICQ users | No |
| X | MedGS | MEDGS1.exe | PacerD_Media/Pacimedia.com adware | No |
| X | Media Access | MediaAccK.exe | WindUpdates MediaPass adware | No |
| X | Media Adapter | bitblt.exe | Added by the HANSAH-A WORM! | No |
| U | Media Card Companion Monitor | MCC Monitor.exe | Monitor for Media Card Companion from ArcSoft. "Automates the tedious processes associated with downloading and sharing files from digital cameras, card readers, and other removable media" | No |
| U | Media Codec Update Service | update.exe | Windows Essentials Codec Pack 1.0 is a collection of the most commonly needed video and audio codecs. This program allows keeps these codecs updated | No |
| X | Media Gateway | MediaGateway.exe | WindUpdates MediaPass adware | No |
| X | Media Load | msn32.exe | Added by a unidentified WORM or TROJAN! | No |
| U | Media Manager Indexer | AIRSVCU.EXE | Part of MS Visual InterDev, Media Manager is an easy media file management system that works in conjunction with Windows Explorer. The Media Manager Indexer is a program that indexes all the information about your media files and puts it into a database | No |
| X | Media Pass | MediaPassK.exe | WindUpdates MediaPass adware | No |
| X | Media Pass | MediaPass.exe | WindUpdates MediaPass adware | No |
| X | Media Player | media.exe | Added by the FLDMEDIA-A TROJAN! | No |
| X | Media Player | wmplayer.exe | Added by a variant of the AGOBOT.BM WORM! Note - this is not the valid Windows Media Player as the file is located in %System% rather than %ProgramFiles%\Windows Media Player | No |
| X | Media Player | Sysdll.exe | Added by the BANKER-BR TROJAN! | No |
| X | Media Player | Sysnet.exe | BANKER.MW spyware | No |
| X | Media Player Update | xpsp1mfh.exe | Added by a variant of the RBOT WORM! | No |
| X | Media Plug x.1.2 | msdm.exe | Added by the MULDROP.352 VIRUS! | No |
| X | Media Server | msdts.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | Media Service | msn64.exe | Added by the SPYBOT.EV WORM! | No |
| X | Media service | msnmsgxr.exe | Added by the SDBOT.TF WORM! | No |
| X | Media service | SYSTEM64.EXE | Added by the RBOT.QV WORM! | No |
| X | Media service | notpad.exe | Added by a variant of the AGOBOT/GAOBOT WORM! | No |
| X | Media Services | [filename].exe | Added by the AGENT-BA BACKDOOR! | No |
| X | Media Software UPdater | sscs.exe | Added by the RBOT-ABE WORM! | No |
| X | Media Transfer Protocals | msstc.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | Media X Services | MSNGRx.exe | Added by the RBOT.AUL WORM! | No |
| X | Media-XP-Service-Pack3 | msnzx.exe | Added by the SDBOT-ACW WORM! | No |
| X | MEDIA32 | [path to trojan] | Added by the PURSCAN-Z TROJAN! | No |
| U | MediaButtons | MediaButtons.exe | Supports the eject button on the front on the Dell Studio Hybrid desktop. If disabled, the user will have to eject the CD/DVD by opening My Computer, right-clicking on the drive and selecting "Eject" from the available options | No |
| X | mediacodec.exe | mediacodec.exe | Added by the VSCODEC PRO TROJAN! | No |
| N | MediaFace Integration | Sethook.exe | Fellowes Neato® cd label design software. "Launch NEATO's MediaFACE II label making software directly from the productname toolbar" | No |
| U | Mediafour Mac Volume Notifications | MACVNTFY.EXE | Part of MacDrive 6 CrossStripe Edition from Mediafour Corporation - "a perfect way to share files between Mac OS and Windows." Unlike the standard version of MacDrive 7, this version is not Vista compatible but does "include support for striped Mac arrays created with ATTO ExpressStripe software." | No |
| U | Mediafour MacDrive | MacDrive.exe | MacDrive 7 & MacDrive 6 CrossStripe Edition from Mediafour Corporation - "a perfect way to share files between Mac OS and Windows." Version 6 is not Vista compatible but doesn "include support for striped Mac arrays created with ATTO ExpressStripe software." | No |
| U | Mediafour MacDrive | MDDiskProtect.exe | Part of MacDrive 6 CrossStripe Edition from Mediafour Corporation - "a perfect way to share files between Mac OS and Windows." Unlike the standard version of MacDrive 7, this version is not Vista compatible but does "include support for striped Mac arrays created with ATTO ExpressStripe software." | No |
| U | Mediafour MacDrive | MDGetStarted.exe | MacDrive 7 from Mediafour Corporation - "enables anyone using Windows Vista, XP, and 2003 Server to seamlessly access Mac disks (HFS/HFS+) of all types, including CDs, DVDs, hard drives, floppy, Zip, Jaz, and more!" | No |
| U | Mediafour XPlay Tray Notification Icon | Xptryicn.exe | Mediafour Xplay - allows you to use an Apple iPod digital music player with a PC running Windows. If not used regularily start manually before connecting the iPod | No |
| U | Mediafour XPlay Tray Notification Icon | Xptryicn.exe | Xplay 2 from Mediafour Corporation - "expands what you can do with any iPod, including the iPhone and touch, and a Windows computer." No longer supported | No |
| U | MediafourGettingStartedWithMacDrive6 | MacDrive.exe | MacDrive 6 CrossStripe Edition from Mediafour Corporation - "a perfect way to share files between Mac OS and Windows." Unlike the standard version of MacDrive 7, this version is not Vista compatible but does "include support for striped Mac arrays created with ATTO ExpressStripe software." | No |
| U | MediaKey | MediaKey.exe | Multimedia keyboard manager. Required if you use the multimedia keys | No |
| U | MediaLifeService | MediaLifeService.exe | Related to MediaPlay Cordless Mouse from Logitech | No |
| X | MediaLoads | dw.exe | Medialoads adware | No |
| X | MediaLoads Installer | dw.exe | Medialoads adware | No |
| N | MediaMonitor | Mediam~1.exe | Installed by Smartdisk MVP CD burning software. Software will work fine without it | No |
| X | mediamotor.exe | mmups.exe | Added by the AGENT-BY TROJAN! | No |
| X | MediaPath | Proyecto1.exe | Added by the GRUEL WORM! | No |
| X | MediaPath | Root.exe | Added by the GRUEL WORM! | No |
| X | MediaPipe P2P Loader | mpp2pl.exe | MediaPipe peer-to-peer file swapping program also reported as a hijacker | No |
| X | mediaplayer.exe | mediaplayer.exe | Added by the BANKER-EUT TROJAN! The file is located in %Windir%\Sun\Java\Deployment\logs | No |
| X | mediaplayer.exe | mediaplayer.exe | Added by the BANKER.AOVZ TROJAN! The file is located in %Windir%\msagent\gf | No |
| X | MediaPlayeS | MediaPlayer_update.exe | Added by the STARTER-K TROJAN! | No |
| X | mediapluscash.exe | mediapluscash.exe | MediaGateway adware | No |
| N | MediaRing Talk | mrtalk.exe | Media Ring Talk, voice recognition software, Resource hog. Available via Start -> Programs | No |
| X | MediaXPServicePack | mxpsp.exe | Added by the SDBOT.CDT WORM! | No |
| X | media_manager | mediaman.exe | Mini-Player, IMESH related foistware | No |
| X | media_stub | stub.exe | Mini-Player, IMESH related foistware | No |
| U | MEDIC | sprtcmd.exe /P MEDIC | Self-help support tool for an unidentified high-speed internet provider (provided by SupportSoft, Inc). Identifies and automatically fixes typical problems that may occur with your high-speed internet service | No |
| X | Medichi | medichi.exe | Added by the VIRANTIX.B TROJAN! | No |
| X | Medichi2 | medichi2.exe | Added by the VIRANTIX.B TROJAN! | No |
| U | medicsp2 | sprtcmd.exe /P medicsp2 | Self-help support tool for an unidentified high-speed internet provider (provided by SupportSoft, Inc). Identifies and automatically fixes typical problems that may occur with your high-speed internet service | No |
| ? | MedionVFD | MdionLCM.exe | Related to Medion Display Information. What does it do and is it required? | No |
| X | Meeting Connection | comsutil.exe | Added by the PPDOOR-E TROJAN! | No |
| X | Meeting Connection | wowdache.exe | Added by the PPDOOR-D TROJAN! | No |
| X | Meeting Connection | hgakdl32.exe | Looks like a variant of the PPDOOR-E TROJAN! | No |
| U | MegaPanel | HSTrans.exe | Homescan Internet Transporter - part of ACNielson Homescan. Recognizes when the ACNielsen Homescan Scanner is attached to the computer and allows it to transmit scanner information to ACNielsen | No |
| X | MegaVirusKit | pgs.exe | MegaVirusKit rogue security software - not recommended. A member of the AVSystemCare family | No |
| ? | meidntpa | vqgdpfrs.exe | ?? | No |
| X | melg34 | mdmd.exe | Added by an unidentified WORM or TROJAN - see here | No |
| X | melg3445 | mdmdd.exe | Added by a variant of the RBOT WORM! | No |
| X | mem32 | mem32.exe | Added by the AGENT-FWF WORM! | No |
| X | Members area | ******.exe [* = random digit] | Premium rate adult content dialer | No |
| X | MemConfig | SetupIE.com | Added by the TAPLAK WORM! | No |
| N | Memento | Memento.exe | Memento - simple app to keep text notes on your desktop | No |
| U | MemMonster | memmnstr.exe | MemMonster - memory optimizer. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mind | No |
| U | MemoKit | MK.EXE | Memory optimizer. It loads from startup group and it goes off as soon as the program (memokit.exe) is loaded in the System Tray. Mk.exe does not run while the memokit.exe is running. Probably loads a flash screen at startup and shutdown that stays on screen less than 5 seconds and gives you a button to push to purchase the full version. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mind | No |
| X | memory | outlookrem.exe | Added by the NOPIR.C WORM! | No |
| X | Memory Allocation Host | cihost.exe | Detected by Avast as a variant of the IRCBOT-CHZ WORM! | No |
| X | Memory Allocation Server | ciserv.exe | Added by an unidentified malware | No |
| X | Memory Allocation Services | cisrv.exe | Added by the IRCBOT.FC BACKDOOR! | No |
| X | Memory Check | memore.exe | Added by the KILLAV.C TROJAN! | No |
| X | Memory manager | himem32.exe | Added by the MANCSYN TROJAN! | No |
| X | Memory Manager | memorymanager.pif | Added by the DELF-JJ TROJAN! | No |
| X | Memory relocation service | reloc32.exe | Added by the RELFEERWORM! | No |
| X | Memory Service | freememory.exe | Added by the RBOT.GEN WORM! | No |
| N | Memory Stick Monitor | MSTAT.exe | Used with the Sony floppy disk adapter for memory sticks, showing if there is a stick in the computer | No |
| U | Memory Stick Monitor | MSstat.exe | Sony/SmartDisk memorystick-floppydisk-adapter software - allows you to read memorysticks in a normal floppydrive | No |
| X | Memory Watcher | MemoryWatcher.exe | MemoryWatcher spyware | No |
| U | Memory+ | tfimemsr.exe | Memory optimizer. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mind | No |
| U | MemoryBoost | MemoryBoost.exe | MemoryBoost - memory optimizing program made by Tenebril Inc. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/ME. See this article and make up your own mind | No |
| U | MemoryCardManager | MemCard.exe | Memory Card Manager - for removable memory cards found on Dell or Lexmark photo printers | No |
| X | MemoryManager | [random name].dll | Virtumondo adware related | No |
| X | MemoryMeter | MemoryMeter.exe | MemoryMeter - bundled with TVMedia adware | No |
| U | MemoryZipperPlus | memzip.exe | Memory Zipper Plus - "optimizes the memory management of your system and boost-up its performance amazingly!" | No |
| X | memreader.exe | memreader.exe | Added by the AGOBOT-TY WORM! | No |
| X | MEMreaload | MEMreaload.exe | Added by the LAZAR TROJAN! | No |
| X | MemScanner | MemScanner.exe | Part of Enigma SpyHunter - not recommended, see note | No |
| U | MemTurbo | memturbo.exe | MemTurbo memory optimizer. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mind | No |
| X | MenaceFighter | GDC.exe | MenaceFighter rogue privacy tool - not recommended. A member of the PCPrivacyTool family | No |
| X | MenaceSecure | pgs.exe | MenaceSecure rogue security software - not recommended. A member of the AVSystemCare family | No |
| N | MenuSnap | MenuSnap.exe | MenuSnap from Rietta Solutions. Utility that re-orders your Start Menu items alphabetically. You may not want this utility if you're able to do this manually by selecting Start -> Programs and right-clicking and choosing "Sort by Name" if availabe | No |
| N | Mercora | MercoraClient.exe | Mercora MusicSearch "Search, find and listen to music on the world's largest jukebox, built by people just like you". Note - if you subscribe make sure you read the Privacy Policy | No |
| N | Message Center Plus | MCPLaunch.exe | Launcher for Message Center Plus "which alerts you when conditions arise on your computer that require your attention" on IBM/Lenovo ThinkCentre desktops, Thinkpad notebooks and Value Line systems. Message Center Plus will periodically scan a Lenovo server for new messages that are appropriate for your system and never collects or transmits any information about you or your computer | Yes |
| X | Message Queuing | msmqs.exe | Added by the FREEFORS TROJAN! | No |
| N | MessagerStarter Freeserve | StartMessager.exe | Freeserve Messenger | No |
| U | Message_Blocker | messageblock.exe | Message Blocker - "prevents Outlook Express from loading images or other content from the internet without confirmation, as well as executing scripts when displaying a formatted email message" | No |
| X | Messanger | trillian.exe | Added by the RBOT.CKI WORM! | No |
| X | Messanger | deamon.exe | Added by the TACTSLAY.C TROJAN! | No |
| X | Messanger | msgaol.exe | Added by the TACTSLAY.C TROJAN! | No |
| X | Messanger | s_menu.exe | Added by the TACTSLAY.C TROJAN! | No |
| X | Messanger | browse.exe | Added by the TACTSLAY.C TROJAN! | No |
| X | Messenger | messenger.exe | Added by the KUTEX TROJAN! | No |
| X | Messenger | ntsubsys.exe | Added by the SDBOT.BGE WORM! | No |
| X | Messenger | Wmsngr.exe | Added by a variant of the RBOT WORM! | No |
| Y | Messenger | SCANMSG.EXE | AntiVirus Quick Heal - virus protection | No |
| N | Messenger | MsnMsgr.exe | Windows Live Messenger (was MSN Messenger) utility - available via the Start menu. Disable by clicking on the "Show menu" icon and select Tools → Options → General → deselect "Automatically run Windows Live Messenger when I log on to Windows". This is the Windows Defender/Vista MSConfig entry for version 8.* | Yes |
| N | Messenger | msmsgs.exe | Windows Messenger instant messenger utility included with Windows 2K/XP. Available via the Start menu. Go to Windows Messenger → Tools → Options → Preferences and uncheck "Run this program when Windows starts" | Yes |
| N | Messenger (Yahoo!) | YahooMessenger.exe | System Tray access to the Yahoo! Messenger instant messenger | Yes |
| X | Messenger Block | msngrblock.exe | Added by the PATOO WORM! | No |
| X | Messenger Explorer | m41n.exe | Added by the SDBOT-SA BACKDOOR! | No |
| X | Messenger Gateway | msmgs.exe | Added by the AGENT-IGK TROJAN! | No |
| X | Messenger Protocol | netsender.exe | Added by the SDBOT-ACC WORM! | No |
| X | Messenger Service | msmsgs.exe | Added by the SDBOT-ZB WORM! Note - this particular msmsgs.exe file is located in %System% and should not be mistaken for the MSN Messenger file of the same name which is located in %Program Files%\Messenger | No |
| X | Messenger Service | nvhost.exe | Added by the JLOK-A WORM! | No |
| X | Messenger Service Updater | svshost.exe | Added by the MYTOB.GC WORM! | No |
| X | Messenger Sharing Control | mnwsvc.exe | Added by a variant of the IRCBOT TROJAN! See here | No |
| X | Messenger start-up | Msgran.exe | Added by the GRAMOS WORM! | No |
| X | Messenger6 | command.pif | Added by the INZAE.B WORM! | No |
| X | Messenger91 | messengersystem.exe | Added by the RBOT-FPF WORM! | No |
| U | MessengerDiscovery | MessengerDiscovery.exe | MessengerDiscovery is a MSN Messenger add-on - adding over 70 new features. Now superseded by MessengerDiscovery Live - with support added for Windows Live | No |
| N | MessengerPlus | MsgPlus.exe | MessengerPlus - third party MSN Messenger extension that adds a number of useful features. Bundles the hard to remove C2Media LOP adware. The software does offer you a choice during setup - make sure to install MessengerPlus WITHOUT that "sponsor program"! | No |
| N | MessengerPlus2 | MsgPlus.exe | MessengerPlus - third party MSN Messenger extension that adds a number of useful features. Bundles the hard to remove C2Media LOP adware. The software does offer you a choice during setup - make sure to install MessengerPlus WITHOUT that "sponsor program"! | No |
| N | MessengerPlus3 | MsgPlus.exe | MessengerPlus - third party MSN Messenger extension that adds a number of useful features. Bundles the hard to remove C2Media LOP adware. The software does offer you a choice during setup - make sure to install MessengerPlus WITHOUT that "sponsor program"! | No |
| X | messengerskinner | MessengerSkinner.exe | Messenger Skinner malware - uses a rootkit to hide executable files | No |
| X | messnger | [worm filename] | Added by the DELODER WORM! | No |
| X | messnger | Dvldr32.exe | Added by the DELODER.A WORM! | No |
| N | Metacafe | MetacafeAgent.exe | Metacafe - video sharing on the web. Note - if you subscribe make sure you read the Privacy Policy | No |
| X | MeTaLRoCk (irc.musirc.com) has sex with printers | metalrock-is-gay.exe | Added by the RANDEX.Q WORM! | No |
| X | MeuPrograma | accwizz.exe | Added by the RULAND.A WORM! | No |
| X | Mfc**.exe [* = random char] | Mfc**.exe [* = random char] | CoolWebSearch/HomeSearch adware - for examples, see this log | No |
| X | Mfc**32.exe [* = random char] | Mfc**32.exe [* = random char] | CoolWebSearch/HomeSearch adware - for examples, see this log | No |
| ? | mfgboot | ?? | ?? | No |
| X | mfhsornwnduy | regsvr32.exe gisyflngpshcvuakv.dll | Pro AntiSpyware 2009 rogue spyware remover - not recommended, removal instructions here | No |
| X | mFilter | MNeck.exe | Added by the CLICKER-AG TROJAN! | No |
| X | mfin32 | mfin32.exe | MyFreeInternetUpdate - adware downloader | No |
| Y | mfp | mfp.exe | McAfee Family Protection - which 'is easy-to-use and built to empower parents to say "yes" to their children's online interests while protecting them as they learn and explore' and "protects children of all ages from exposure to inappropriate content, social networking risks, strangers, and other threats" | Yes |
| Y | MFP Server Agent | MFPAgent.exe | Multi Function Printer (MFP) Server Agent for Belkin's Wirless G All-in-One Print Server and ZyXEL's NPS-520 | No |
| X | Mfqneqfeb | vdddwq.exe | Added by the RANDEX.AP WORM! | No |
| ? | MGA Hook | Mgahook.exe | MATROX Graphics card related. What does it do and is it required? | No |
| N | MGA Quickdesk | MGAQDESK.EXE | For Matrox video cards. Quick access to tweak your card to your liking | No |
| U | Mgabg | Mgabg.exe | Matrox BIOS Guard - monitors a Matrox card's BIOS, and will reflash it when needed. Cards like the G400 have a nasty habit of losing their BIOS, especially on poor power supplies. If you make an emergency BIOS disk with the utility in their BIOS package, you can disable Mgabg.exe and just use the crash disk if/when needed | No |
| Y | mgavctrl | mgavrtcl.exe | Part of older versions of McAfee's internet security products such as VirusScan and VirusScan Online | No |
| Y | mgavrtclexe | mgavrtcl.exe | Part of older versions of McAfee's internet security products such as VirusScan and VirusScan Online | No |
| Y | mgavrtclexe | mgavrte.exe | Part of older versions of McAfee's internet security products such as VirusScan and VirusScan Online | No |
| N | MGA_CD_Install | mgasetup.exe | Matrox Millennium video driver. Not required once drivers installed | No |
| X | mgmtapi | mgmtapi.exe | Unidentified malware | No |
| U | MGSysCtrl | MGSysCtrl | Part of the System Control Manager for MSI notebooks - displays animations for hot key commands (such as turning the wirelss card on/off) | No |
| X | MHDOGStart | mhdogst.EXE | Added by an unidentified VIRUS, WORM or TROJAN! A possibility is a trojan known as PENIS | No |
| N | MHINIT | MHINIT.EXE | Part of the Cybermedia Clean Sweep package | No |
| X | mhs3 | mhs3.exe | Added by the PWS-ALZ TROJAN! | No |
| X | Mi7sft sdce | b0yz.exe | Added by the RBOT.CWG WORM! | No |
| X | Mi7sft sdce | MNSQ.exe | Added by the RBOT.DMU WORM! | No |
| X | Mi7sft sdce | scorti.exe | Added by the RBOT.ELC WORM! | No |
| X | Mickey Mouse Cereal | [random filename].exe | Added by the RANKY.Q TROJAN! | No |
| X | Micosoft Data Core | runservice.exe | Added by the IRCBOT.BK WORM! | No |
| X | Micosoft Data Core stuff | svshosts.exe | Added by the RBOT.FZA WORM! | No |
| X | Micosoft Startup | syscall.exe | Added by the SDBOT-JI WORM! | No |
| X | Micosoft Startup | systall.exe | Added by the SDBOT-GM BACKDOOR! | No |
| X | Micr Update | soundblaster.exe | Added by the SDBOT.NP WORM! | No |
| X | Micr Update System | upwin.exe | Added by the SDBOT.YS WORM! | No |
| X | Micr0s0ft Ms D0s | msdx.exe | Added by the RBOT-AON WORM! | No |
| X | Micr0s0ft Upd4t4z | svchost32.exe | Added by the RBOT.ALF WORM! | No |
| X | Micrcoft Exploerer | spoolsal.exe | Added by the RBOT-AKK WORM! | No |
| X | Micrcoft Exploerer | svchose.exe | Added by the RBOT-ASL WORM! | No |
| X | Micrcoft Updat | spoolsae.exe | Added by the RBOT-AIB WORM! | No |
| X | Micrcoft Updat | spoolsaex.exe | Added by the RBOT-AJM WORM! | No |
| X | Micrcoft Updat | Internet.exe | Added by the RBOT-ANA WORM! | No |
| X | Micrcsoft Certificate Services | cflmon.exe | Added by the RBOT-FWV WORM! | No |
| X | Micro CRC Protocol | scrc32.exe | Added by a variant of the SDBOT WORM! | No |
| X | Micro Office | [path to trojan] | Added by the BANCBAN-QC TROJAN! | No |
| X | Micro Process | appconf.exe | Added by an unidentified WORM or TROJAN! | No |
| X | Micro Update | dailin.exe | Added by the RBOT-ER WORM! | No |
| N | Microangelo Desktop | Muamgr.exe | Using MicroAngelo On Display, you can easily select the icon images that you prefer rather than the default icons displayed by Windows. On Display provides a consistent and elegant method to customize the icon display for almost every icon on your system | No |
| N | microAttuneDownload | atmdlusr.exe | Application Launcher, MS Office application. USR (US Robotics) modem auto updater. May be a sub-set of Attune | No |
| U | MicroBrew | MicroBrew2.exe | Related to Bluebeam PDF printer support. Prints AutoCAD .dwgs to PDF's | No |
| X | MicroCQ0 | explorer.exe | Added by the LINEAGE-AK TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %ProgramFiles% | No |
| U | MicroDialler | atdialler1.exe | Part of the Freeserve Connection Kit - changes the dial-up for Freeserve AnyTime if access problems are encountered | No |
| X | MicroedSoft Toolbar | Smoked.exe | Added by the RBOT-ALN WORM! | No |
| X | Microfinder lptt01 | mcf.exe | RapidBlaster variant (in a "mcf" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here | No |
| X | Microfinder ml097e | mcf.exe | RapidBlaster variant (in a "mcf" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here | No |
| X | Microfot Update | winldx32.exe | Added by a variant of the RBOT WORM! | No |
| X | Microft Exploerer | spoolsac.exe | Added by the RBOT-AMD WORM! | No |
| X | Microft Update 32 | winssx.exe | Added by the RBOT-AQS WORM! | No |
| X | MicroLoad | [random filename] | Added by the DARBY WORM! | No |
| X | Micromedia Flash Update | wdfmrg.exe | Added by a variant of the SDBOT WORM! | No |
| X | Micromedia Flash Update | xptxt.exe | Added by the RBOT-GAB WORM! | No |
| X | Microoft Timing | pupdate.exe | Added by a variant of the RBOT WORM! | No |
| X | MICROSFT ANTIVIRUS UPDATE SUPPORT | [random 10-letter filename].EXE | Added by the RBOT-AQA WORM! | No |
| X | MICROSFT ANTIVIRUS UPDATE SUPPORT | MSGUPDATED.EXE | Added by the RBOT-APZ WORM! | No |
| X | Microsft Conf 32 | msaconf.exe | Added by the RBOT.EYA WORM! | No |
| X | Microsft Confige 32 | msaconfigurez.exe | Added by the RBOT.CLC WORM! | No |
| X | Microsft Corporation Version 2001.12.4414 | comrel.exe | Added by a variant of the SDBOT TROJAN! | No |
| X | Microsft Corporation Version 2002.12.2414 | comserv.exe | Added by a variant of the SLAPER TROJAN! | No |
| X | MICROSFT MX UPDATE SUPPORT | taskmngrs.exe | Added by the RBOT-AUZ WORM! | No |
| X | MICROSFT MX UPDATE SUPPORT | winmx32.EXE | Added by the IRCBOT-FD WORM! | No |
| X | MICROSFT RAMA UPDATE SUPPORT | [random filename] | Added by the RBOT-ASM or RBOT-AUW WORMS! | No |
| X | MICROSFT RAMA UPDATE SUPPORT | MSN32.EXE | Added by the RBOT-AWJ WORM! | No |
| X | MICROSFT RAMA UPDATE SUPPORT | mtakthmyn.EXE | Added by the RBOT-AUJ WORM! | No |
| X | MICROSFT RAMA UPDATE SUPPORT | MSGUPDAT32.EXE | Added by the RBOT-BBB WORM! | No |
| X | Microsft Remote Procedure Daemon | msrpcd.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| X | Microsft Security Monitor Process | cmh.exe | Added by the EGGDROP.V WORM! | No |
| X | Microsft Security Monitor Process | mssmppp.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| X | Microsft Security Monitor Process | mssmpp.exe | Added by the SDBOT-DJW WORM! | No |
| X | Microsft Updtes | sarvice.exe | Added by a variant of the SDBOT WORM! | No |
| X | Microsft Upgraed | [random filename].exe | Added by a variant of the SDBOT WORM! | No |
| X | Microsft Windows Adapter 5.1.3013 | [random filename] | Added by the SMALL.HIT TROJAN! | No |
| X | microsft windows updates | mwupdate32.exe | Added by a variant of the TOXBOT/CODBOT WORM! | No |
| X | Microsof Value | nmatt.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsof Windows Host | svhost32.exe | Added by the RBOT.ADY WORM! | No |
| X | Microsof Winlog Host | wilogon32.exe | Added by the RBOT.XC WORM! | No |
| X | Microsofot x386 System Monitor | system32.exe | Added by the WOOTBOT.M WORM! | No |
| X | microsoft | svchost.exe | Added by the ASTEF or RESPAN WORMS! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup! | No |
| X | microsoft | microsoft.hta | HTA file which creates an executable on the hard drive which subsequently proceeds to download files from a malware site! | No |
| X | Microsoft | win32.exe | Added by the DARKMOON TROJAN! | No |
| X | Microsoft | iexplore.exe | Added by the QQROB-R TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System% | No |
| X | Microsoft | svchost.exe | Added by the ADUYO-A TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder | No |
| X | Microsoft | wuauclt.exe | Added by the QQROB-AAQ TROJAN! Note - this is not the legitimate wuauclt.exe process, which should not appear in Msconfig/Startup! | No |
| X | Microsoft | guard.exe | Added by a variant of the SDBOT WORM! | No |
| X | Microsoft | wcsntfy.exe | Added by the AGOBOT-AHT WORM! | No |
| X | Microsoft | ssmss.exe | Added by the RBOT-FZF WORM! | No |
| X | Microsoft | lsass.ppf | Added by the RBOT-GAA WORM! | No |
| X | Microsoft | msvchost.exe | Added by the RBOT-GAW WORM! | No |
| X | Microsoft | mixers.exe | Added by the AGOBOT-AHU WORM! | No |
| X | Microsoft | msmsger.exe | Added by a variant of the SDBOT WORM! | No |
| X | Microsoft | MSUPDATE.exe | Added by an unidentified WORM or TROJAN! | No |
| X | Microsoft | radnom.exe | Added by the RBOT-GHO WORM! | No |
| X | Microsoft | rtvcscan.exe | Added by the RBOT-GGU WORM! | No |
| X | Microsoft | taskbar.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft | updater.exe | Added by the RBOT-GHP WORM! | No |
| X | Microsoft | windl32.exe | Added by the SDBOT-DCZ WORM! | No |
| X | Microsoft | aim.exe | Added by the RBOT-GRY WORM! Note - this is not the popular AOL Instant Messenger utility | No |
| X | Microsoft | Explorerr.exe | Added by the IRCBOT-WG TROJAN! | No |
| X | Microsoft | kasperskyLive32.exe | Added by the RBOT-GRT WORM! | No |
| X | Microsoft | msngerf.exe | Added by the RBOT-GLW WORM! | No |
| X | Microsoft | netsrv.exe | Added by the RBOT-GOS WORM! | No |
| X | Microsoft | rundll.exe | Added by the RBOT-GSJ WORM! Note - this is NOT the Win9x/Me system file of the same name as described here | No |
| X | Microsoft | WinSecUp.exe | Added by the RBOT-GPL WORM! | No |
| X | Microsoft | wsim32.exe | Added by the RBOT-GTL WORM! | No |
| X | Microsoft | wplayer.exe | Added by the IRCBOT-ABP TROJAN! | No |
| X | Microsoft | mdms.exe | Added by the AGENT-GHY TROJAN! | No |
| X | Microsoft | Explorer.exe | Added by a variant of the RBOT WORM! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System% | No |
| X | Microsoft | install.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| X | Microsoft | internetdat.exe | Added by the RBOT.ETY BACKDOOR! | No |
| X | Microsoft | ntsvr.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft | schost.exe | Added by the RBOT.FEH BACKDOOR! | No |
| X | Microsoft | soundvol32.exe | Added by the RBOT.CIJ BACKDOOR! | No |
| X | Microsoft | sqlservice.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Microsoft | svhost.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| X | Microsoft | winampaa.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Microsoft | winline.exe | Added by the AGENT.KT TROJAN! | No |
| X | Microsoft | system32.exe | Added by the IRCBOT-ZZ WORM! | No |
| X | Microsoft | winsys32.exe | Added by the RBOT-GSQ WORM! | No |
| X | Microsoft | winnn.exe | Added by the RANDEX.GGP WORM! | No |
| X | Microsoft | symtea.exe | Added by the SPYBOT.AMTE WORM! | No |
| X | Microsoft | MicrosoftCorporation.exe | Added by the KILLFILES.AED TROJAN! | No |
| X | Microsoft Associates, Inc. | iexplorer.exe | Added by the LOVGATE.Z WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) | No |
| X | Microsoft (C) HTML Application host | [random filename] | Added by the RBOT-YB WORM! | No |
| X | Microsoft (R) Windows Configuration Backup Service | svchost.exe | Added by the RANKY.X TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in either a "config", "mapping" or "security" subfolder of the Winnt or Windows folder | No |
| X | Microsoft (R) Windows DLL Loader | rundll32.exe | Added by the RANKY.W TROJAN! Note - this is not the legitimate rundll32.exe process, which is found in %Windir% (98/ME) or %System% (NT/2K/XP). This one is located in %Windir%\dll | No |
| X | Microsoft (R) Windows Network Latency Controller | 1.tmp | Added by a generic password stealer TROJAN - see here | No |
| X | Microsoft (R) Windows Network Latency Controller | nlc.exe | Added by a generic password stealer TROJAN - see here | No |
| X | Microsoft (R) Windows Network Latency Controller | sp2vc.exe | Added by a generic password stealer TROJAN - see here | No |
| X | Microsoft (R) Windows Network Security Management Service | nsms.exe | Added by the RANKY.LC TROJAN! | No |
| X | Microsoft (R) Windows Protected Content Restoration Service | services.exe | Added by the AGENT.AGV BACKDOOR! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\etc | No |
| X | Microsoft (R) Windows Protocol Deployment Manager | [random].tmp | Added by an unidentified WORM or TROJAN! | No |
| X | Microsoft (R) Windows TCP/IP Socket Driver | [path to trojan] | Added by the PROXY-DD TROJAN! | No |
| X | Microsoft (R) Windows TCP/IP Socket Layer | services.exe | Added by the RBOT.ARM WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\winsock | No |
| X | Microsoft (R) Windows Update Service | wuauclt.exe | Added by a variant of the SDBOT WORM! Note - this is not the legitimate wuauclt.exe process, which should not appear in Msconfig/Startup! | No |
| X | Microsoft (R) Windows Vista/NT Runtime Compatibility Service | nrcs.exe | Added by the RANKY.X TROJAN! | No |
| X | Microsoft .NET Confingurator | msnconf.exe | Added by an unidentified VIRUS, WORM or TROJAN! | No |
| X | Microsoft 16Bit Update | wuapdate16.exe | Added by the RBOT.CZ WORM! | No |
| X | Microsoft 64 Bit Runtime Updater | wupdt64.exe | Added by a variant of the RBOT WORM! | No |
| U | Microsoft ActiveSync | WCESCOMM.EXE | Connection manager for Microsoft ActiveSync - mobile device synchronization software for Windows XP (and earlier), supporting mobile deivces based upon the Windows CE OS (such as Pocket PC, Handheld PC and Windows Mobile). Automatically launches ActiveSync (if enabled) when the mobile device is connected. If disabled it will re-instate the next time ActiveSync runs - hence the reluctant "U" recommendation | Yes |
| X | Microsoft ActiveX Debugger NT | [path to trojan] | Added by the BANCOS-DO TROJAN! | No |
| X | Microsoft Admin Protocal | MSADNIN.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft ADservice | [random filename] | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Agent | mdss32.exe | Added by the KEYLOG-AG TROJAN! | No |
| X | Microsoft Agent | svch0st.exe | Added by the VB-DRO WORM! | No |
| X | Microsoft ALG32 Protocol | alg32.exe | Added by a variant of the SPYBOT WORM! | No |
| X | Microsoft ALGXP Protocol | alg32.exe | Added by a variant of the SDBOT WORM! | No |
| X | Microsoft all | mmall.exe | Wopla.ac malware variant | No |
| N | Microsoft Announcement Listener | Annclist.exe | MS WebTV for Windows. Used to display TV on your PC via a compatible video card with in-built tuner (such as ATI All-In-Wonder). If you don't use it - uninstall it | No |
| X | Microsoft Ansti Update | msie.exe | Added by the RBOT-LE WORM! | No |
| X | Microsoft Anti Virus Controller | msavc.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Microsoft Anti Virus Controller | msavc32.exe | Added by the SDBOT.EPW BACKDOOR! | No |
| X | Microsoft Anti-Spy | [random filename] | Added by a variant of the SDBOT WORM! | No |
| X | Microsoft AntiSpyware | Bazzi.exe | Added by the AHKER.J WORM! | No |
| X | Microsoft AntiSpyware | KT06.pif | Added by the IRCBOT.GEN WORM! | No |
| X | Microsoft AOL Instant Messenger | MSAOL32.exe | Added by the RBOT-AAI WORM! | No |
| X | Microsoft AOL32 Protocol | aol32.exe | Added by a variant of the SPYBOT WORM! | No |
| X | Microsoft Application Center | mappc.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Application Manager | msapl32.exe | Added by the BROPIA-AE TROJAN! | No |
| X | Microsoft AUT Update | MSlti32.exe | Added by the RBOT-X WORM! | No |
| X | Microsoft AUT Update | MSlti16.exe | Added by the RBOT.EB WORM! | No |
| X | Microsoft Authority Service | lsass.exe | Added by the KALEL-D WORM! Note - this is not the legitimate lsass.exe process, which should not appear in Msconfig/Startup! | No |
| X | Microsoft auto update | winupdate.exe | Added by the BMBOT TROJAN! | No |
| X | Microsoft Auto Update | WINHLP16.EXE | Added by the RBOT.GY WORM! | No |
| X | Microsoft auto update | wuauclt.exe | Added by the CULT-B TROJAN! Note - this is not the legitimate wuauclt.exe process, which should not appear in Msconfig/Startup! | No |
| X | Microsoft Automatic Update Serivce | msautou.exe | Added by the RBOT-AOB WORM! | No |
| X | Microsoft Automatic Updater | Explorer.exe | Added by the RBOT-SG WORM! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System% | No |
| X | Microsoft AutoUpdater | svhost.exe | Added by the RBOT.QG WORM! | No |
| X | Microsoft Bool Value | MV2.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft boot system cfg32 | actboost.exe | Added by the BROPIA.R WORM! | No |
| U | Microsoft Broadband Networking | MSBNTray.exe | Microsoft Broadband Networking Tray Application | No |
| X | Microsoft Browser Services | Brwsr32.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | Microsoft Browser Services | Brwsr64.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | Microsoft Buffer App | msbuffer.exe | Added by the SLINBOT.NQ BACKDOOR! | No |
| X | Microsoft Cab Manager | exec.exe | Affilred adware | No |
| X | Microsoft Cab Manager | cab.exe | Added by the DELF-JJ TROJAN! | No |
| X | Microsoft Calculator | calc.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | Microsoft checker | MsPMSPTv.exe | Added by a variant of the SDBOT WORM! | No |
| X | Microsoft Client | mshost.exe | Added by the RBOT-AND WORM! | No |
| X | Microsoft Client | msclient.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Microsoft Client Pc | spoolsrv.exe | Added by the RBOT-AQM WORM! | No |
| X | Microsoft Client/Server Runtime Server Subsystem | csrs.exe | Added by a variant of the AGOBOT/GAOBOT WORM! | No |
| X | Microsoft Client/Server Runtime Server Subsystem | csrssa.exe | Added by a variant of the AGOBOT/GAOBOT WORM! | No |
| X | Microsoft Com Port Manager | svdhost.exe | Added by the SDBOT-NI WORM! | No |
| X | Microsoft Command C | sshost.exe | Added by the RBOT-CMK WORM! | No |
| X | Microsoft Command C | winhost32.exe | Added by the SDBOT-BBA WORM! | No |
| X | Microsoft Command Line | wincmd.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Conf Ldr | sysconf.exe | Added by a variant of the SDBOT TROJAN! | No |
| X | Microsoft ConfgKeys | wurmgrd32.exe | Added by the RBOT-ARX WORM! | No |
| X | Microsoft Config | msconf.exe | Added by the RBOT.PV WORM! | No |
| X | Microsoft Config | MSCONF.EXE | Added by the RBOT-LG WORM! | No |
| X | Microsoft Config 32 | msconfigx32.exe | Reported as the MSCONFIGX32 TROJAN! Possible Rbot variant | No |
| X | Microsoft Config 32bit | mscnfg32.exe | Added by the RBOT-Z WORM! | No |
| X | Microsoft Config File | config.exe | Added by the KILLFILES.GR TROJAN! This is malware that will attempt to delete all system dlls! | No |
| X | Microsoft Config Loader | msconfig32.exe | Added by the AGOBOT.XX WORM! | No |
| X | Microsoft Config Loader | msrun32.exe | Added by the AGOBOT-DY WORM! | No |
| X | Microsoft Config Loader | msconf32.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Configoration Service | msconfigs.exe | Added by the RBOT-ETT WORM! | No |
| X | Microsoft Configs 32 | msgconfigrs.exe | Added by a variant of the SDBOT WORM! | No |
| X | Microsoft Configuration | msconfig32.exe | Added by the SDBOT.MQ WORM! | No |
| X | Microsoft Configuration 35 | microsot1.exe | Added by an unidentified TROJAN! | No |
| X | Microsoft Configuration Wizard | taskmrg.exe | Added by the SDBOT-MX TROJAN! | No |
| X | Microsoft Configure 32 | msgconfigre.exe | Added by a variant of the AGOBOT/GAOBOT WORM! | No |
| X | Microsoft Connection Manager Monitor | cmmon.pif | Added by the RBOT-AKV WORM! | No |
| X | Microsoft Control Center | crtl.exe | Added by the RBOT-VX WORM! | No |
| X | Microsoft Core Support | MSxUP32.exe | Added by the RBOT-ANR WORM! | No |
| X | Microsoft Core Support | [random filename] | Added by a variant of the RBOT TROJAN! | No |
| X | Microsoft Corp SQL Certificates | sqlcer.exe | Added by the ZYBOT-C WORM! | No |
| X | Microsoft Corp SSL Certificates | windowz.exe | Added by the RBOT-GCZ WORM! | No |
| X | Microsoft Corp TLS Certificates | msauth.exe | Added by the RBOT-GAC WORM! | No |
| X | Microsoft Corp Updates | wupdates.exe | Added by the RBOT-AUU WORM! | No |
| X | Microsoft Corp. Host Services | svchosl.exe | Added by the RBOT-FMZ WORM! | No |
| X | Microsoft Corporaticn SQL Handler | sqlhandler.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Corporation | [random filename] | Added by various VIRUSES, WORMS & TROJANS! | No |
| X | Microsoft Corporation | jview.exe | Added by the RBOT-AOD WORM! | No |
| X | Microsoft Corporation Svchost Service | mssvc.exe | Added by a variant of the SDBOT WORM! See here | No |
| X | Microsoft Corporation Svchost Service | mswsc.exe | Added by the AGENT.MAB TROJAN! | No |
| X | Microsoft Corporation SYM monitor | mssym.exe | Added by the RBOT-GDB WORM! | No |
| X | Microsoft CP Web Manager | webcp.exe | Added by the IRCBOT.HP TROJAN! | No |
| X | Microsoft CPU Over Heat Manager | CPU.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | Microsoft CPXP Protocol | cpxp.exe | Added by the RBOT.ATP WORM! | No |
| X | Microsoft Critical Services | svhhost.exe | Added by the AGOBOT-AJA WORM! | No |
| X | Microsoft Crs Fix Serv | wincrs.exe | Added by the SDBOT.BWF WORM! | No |
| X | Microsoft CRT Monitor Manager | crtmon.exe | Added by the ROBOTON.A WORM! | No |
| X | Microsoft CSRSS Service | nsmscrs.exe | Added by the RBOT-BPT WORM! | No |
| X | Microsoft CSRSS32 Protocol | csrss32.exe | Added by a variant of the AGOBOT/GAOBOT WORM! | No |
| X | Microsoft CSRSS386 Protocol | csrss386.exe | Added by a variant of the SPYBOT WORM! | No |
| U | Microsoft CTF Loader | ctfmon.exe | Supports multiple languages and alternative method inputs in Windows and MS Office. The language bar is displayed alongside the System Tray if more than one keyboard layout is enabled (for switching input languages) or, for example, if speech is selected as an alternative input for MS Office or Notepad. Required to support advanced text services (such as right to left text) for East Asian users. Can be disabled via Start → Control Panel → Regional and Language Options → Languages → Text Services and Input Languages → Details → Advanced → System Configuration → Turn off advanced text services (which also turns off the language bar). See also here and here. Can also cause problems with some other programs if left enabled - see here for such an example | Yes |
| X | Microsoft Cvrt | mscvrt32.exe | Added by an unidentified VIRUS, WORM or TROJAN! | No |
| X | Microsoft Data Helper | cihost.exe | Malware, possibly a variant of the LINST TROJAN | No |
| X | Microsoft Data Machine | csdata32.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Database Handler | mssql32.exe | Added by the RANDEX.AX WORM! | No |
| X | Microsoft Datalog Application | msdata.exe | Added by a variant of the SDBOT WORM! | No |
| X | Microsoft DDE Control | wupades.exe | Added by a variant of the SDBOT WORM! | No |
| X | Microsoft DDEs Control | Erun.pif | Added by the RBOT-AMU WORM! | No |
| X | Microsoft Debug Manager Console | mdm32.exe | Added by the AGOBOT-AQ WORM! | No |
| X | Microsoft Debug Service | dbgbgr.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Decryption Technology | Msfenoe.exe | Added by the SPYBOT-DG WORM! | No |
| U | Microsoft Default Manager | DefMgr.exe | Part of MSN Toolbar from version 4.0 onwards which includes the Bing search engine. Via Start → All Programs → Microsoft Default Manager you can elect to keep Bing as the default search engine and set it to notify you of any changes to your browsers default settings. Not required if you choose not to use Bing | Yes |
| X | Microsoft Desktop Manager | msdesk32.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Dev | iexplorer32.exe | Added by a variant of the AGOBOT/GAOBOT WORM! | No |
| X | Microsoft Development Debugger | msdev.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Development Services | msdevelop.exe | Added by the RBOT-FWS WORM! | No |
| X | Microsoft Device Manager | msdevmgr32.exe | Added by the LATEDA.B TROJAN! | No |
| X | Microsoft Device Manager | mscmtl32.exe | Added by the AGENT.BMQ BACKDOOR! | No |
| X | Microsoft Device Manager | svcswin.exe | Added by the IRCBOT-YH TROJAN! | No |
| X | Microsoft Diagnostic | [random filename] | Added by the ACEBOT TROJAN! | No |
| X | Microsoft Diagnostic | msdiag32.exe | Added by the RBOT-UC WORM! | No |
| X | Microsoft Digital Clock | msclock.exe | Added by the NACKBOT-D WORM! | No |
| X | Microsoft Digital Cryptors | mdigits.exe | Added by the SDBOT.LM WORM! | No |
| X | Microsoft DirectX | Spoolserv.exe | Added by the DINFOR WORM! | No |
| X | Microsoft DirectX | rasmngr.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft DirectX | PDSched.exe | Added by the SDBOT.CN WORM! | No |
| X | Microsoft DirectX | wuamgrd.exe | Added by the SDBOT.MY WORM! | No |
| X | Microsoft DirectX | time123.exe | Added by the SDBOT.MD WORM! | No |
| X | Microsoft Directx | directxat.exe | Added by the SDBOT-BXF WORM! Note - disables autostart for the SharedAccess service and deactivates the Microsoft Internet Connection Firewall (ICF) | No |
| X | Microsoft Directx click | directxclick.exe | Added by a variant of the RBOT-GHT WORM! | No |
| X | Microsoft Directx clicks | directxclickers.exe | Added by the RBOT-GHT WORM! | No |
| X | Microsoft Directx push | directxpushup.exe | Added by a variant of the RBOT-GHT WORM! | No |
| X | Microsoft Directxsp | directxbt.exe | Added by a variant of the RBOT-GHT WORM! | No |
| X | Microsoft Directxspnew | directxnew.exe | Added by a variant of the RBOT-GHT WORM! | No |
| X | Microsoft DirktorWin | [random filename] | Added by the SPYBOT.GEN3 TROJAN! | No |
| X | Microsoft Disk Scanner | scansdisk.exe | Added by the WOOTBOT.DT WORM! | No |
| X | Microsoft DLL | fumeta.exe | Added by the RBOT-AUG WORM! | No |
| X | Microsoft Dll | runapidll.exe | Added by the RBOT-GRG WORM! | No |
| X | Microsoft DLL Authentification | dllsecure.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | Microsoft DLL Extensions | SystemDll.exe | Added by the RBOT-ADV WORM! | No |
| X | Microsoft dll Host Service | wkssr.exe | Added by a variant of the SDBOT WORM! | No |
| X | Microsoft DLL Host Service | dllmemhost.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | Microsoft DLL Host Service | svcdllhst.exe | Added by the AGENT.EAK TROJAN! | No |
| X | Microsoft dll Host Service | svchost.exe | Added by the RBOT.BMS BACKDOOR! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | Microsoft DLL Library | winlib32.exe | Added by the ATNAS.A WORM! | No |
| X | Microsoft Dll Management | windll.exe | Added by the RBOT-MT WORM! | No |
| X | Microsoft Dll Manager | microsoft32dll.exe | Added by the SHEUR.LH TROJAN! | No |
| X | Microsoft DLL Manager | dllmgr.exe | Added by the SDBOT-KJ WORM! | No |
| X | Microsoft DLL Monitor | dllmon32.exe | Added by the AGENT.WP WORM! | No |
| X | Microsoft DLL Monitor | dllmon64.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | Microsoft DLL Monitor | dllmonitor.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | Microsoft Dll Printer Manager | dllpt.exe | Added by the SDBOT.BIH WORM! | No |
| X | Microsoft DLL Service | servicedll.exe | Added by the IRCBOT.OX BACKDOOR! | No |
| X | Microsoft DLL Service | svcdll.exe | Added by a variant of the SPYBOT WORM! | No |
| X | Microsoft DLL Source | dllsrc.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | Microsoft DLL Verifier | file.exe | Added by the RBOT-AED WORM! | No |
| X | Microsoft DLL Verifier | chkfile.exe | Added by the RBOT-AOC WORM! | No |
| X | Microsoft DLL Verifier | csrssv.exe | Added by the RBOT-ATK WORM! | No |
| X | Microsoft DLL Verifier | mscon.exe | Added by the SDBOT.EAH WORM! | No |
| X | Microsoft DLL Verifier | winavguard.exe | Added by the SDBOT.AAD WORM! | No |
| X | Microsoft DLLSet32 | dllset32.exe | Added by the RBOT.OZ WORM! | No |
| X | Microsoft DNS Query | msdns.exe | Added by the AGENT-BS TROJAN! | No |
| X | Microsoft DNSx | mdnex.exe | Added by the DELBOT-AI WORM! | No |
| X | Microsoft Document | krisp.exe | Added by the SDBOT-RQ WORM! | No |
| X | Microsoft Domain Controller | mstc.exe | Added by the NUGACHE.A WORM! | No |
| X | Microsoft Driver | faet.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Driver Control | windrv.exe | Added by the SDBOT.FW WORM! | No |
| X | Microsoft Driver Manager | mswindrv.exe | Added by the FORBOT-EZ WORM! | No |
| X | Microsoft Driver Setup | msddrv42.exe | Added by the PALEVO WORM! | No |
| X | Microsoft Driver Setup | Jwrb.exe | Added by the AUTORUN-AOB WORM! | No |
| X | Microsoft Driver Setup | dllhost.exe | Added by the AUTORUN-AOZ WORM! | No |
| X | Microsoft Driver Setup | sysmngsr322.exe | Added by the BUZUS-AS TROJAN! | No |
| X | Microsoft Driver Setup | w7services.exe | Added by the AUTORUN-ARJ WORM! | No |
| X | Microsoft Driver Setup | mslsrv32.exe | Added by the SDBOT-DPF TROJAN! | No |
| X | Microsoft Driver Setup | ccdrive32.exe | Added by the AGENT-LYL TROJAN! | No |
| X | Microsoft driver update | Mshome.exe | Added by the SDBOT.BL WORM! | No |
| X | Microsoft Drivers | WSconf.exe | Added by a variant of the SDBOT WORM! | No |
| X | Microsoft ErgoPack | wserb32.exe | Added by the RBOT-RI WORM! | No |
| X | Microsoft EV32 Service | MSev32.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Event Engine | EvtEngn.exe | Added by the RBOT-XV WORM! | No |
| X | Microsoft Excel | msexcel.exe | Added by the RBOT-TQ WORM! | No |
| X | Microsoft Excele | msmsgs.exe | Added by the AGENT.AJQG TROJAN! Note - this particular msmsgs.exe file is located in %System% and should not be mistaken for the MSN Messenger file of the same name which is located in %Program Files%\Messenger | No |
| X | Microsoft Excell | wuamngr32.exe | Added by the RBOT-QH WORM! | No |
| X | Microsoft Executing | microsoft.exe | Added by the AGOBOT.UV WORM! | No |
| X | Microsoft Explorer | svapache.exe | Added by the RBOT-VR WORM! | No |
| X | Microsoft Explorer | explorer.scr | Added by the RBOT-ADH WORM! | No |
| X | Microsoft Explorer | explorer.pif | Added by the SDBOT-ACX WORM! | No |
| X | Microsoft Explorer | explorer.exe | Added by the POEBOT-LY WORM! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System% | No |
| X | Microsoft Explorer Service | msexplore.exe | Added by the IRCBOT.AYB BACKDOOR! | No |
| X | Microsoft explorer Update | internal.exe | Added by an unidentified WORM or TROJAN! | No |
| X | Microsoft Explorer(64) | explorer64.exe | Added by the SPYBOT-R WORM! | No |
| X | Microsoft Explorer2 | system.exe | Added by the IRCBOT.BS TROJAN! | No |
| X | Microsoft Explorer2 | nome.exe | Added by the RANDEX.AA WORM! | No |
| X | Microsoft Explorer2 | bitchbot.exe | Added by the SDBOT.EV WORM! | No |
| X | Microsoft EXPLOREXP Protocol | explorexp.exe | Added by a variant of the SPYBOT WORM! | No |
| X | Microsoft Features | ms32cfg.exe | Added by the RBOT.HO WORM! | No |
| X | Microsoft Features | msie.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft File Demand Manager | wmgrdf.exe | Added by a variant of the RBOT WORM! | No |
| N | Microsoft Find Fast | Findfast.exe | From older versions of MS Office - searches disk drives for Office file types and creates an index to make opening them easier. When indexing is in progress it can use lots of CPU time and memory - especially on slower/older machines | Yes |
| X | Microsoft Firewall | firewallsp2.exe | Added by the RBOT-MC WORM! | No |
| Y | MICROSOFT FIREWALL CLIENT | ISATRAY.EXE | MS Internet Security and Acceleration Server - see here | No |
| X | Microsoft FixUp | pevblbvr.exe | Added by the RBOT.DWK WORM! | No |
| X | Microsoft FixUp | wnpzjpuw.exe | Added by a variant of the SDBOT WORM! | No |
| X | microsoft frontpage | twain.exe | Added by the AGENT.AQO TROJAN! | No |
| X | Microsoft Games | gamemanager.exe | Added by the SPYBOT.AHQ WORM! | No |
| X | Microsoft Generic Update Manager | wupdate.exe | Added by the RBOT-AWC TROJAN! | No |
| X | Microsoft Genetic Procress | svchost.exe | Added by a variant of the SDBOT WORM! | No |
| X | Microsoft Genuine Logon | msnmsg.exe | Added by the IRCBOT-XH WORM! | No |
| X | Microsoft Genuine Logon | svchost.exe | Added by the SDBOT.EXT WORM! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder | No |
| X | MicroSoft Getway Dire | [random filename] | Added by the IRCBRUTE.AM WORM! | No |
| X | MicroSoft Getway mqbol | [12 random letters].exe | Added by the RBOT.GBA WORM! | No |
| X | Microsoft Gina V Encryption | MSGINAV.EXE | Added by an unidentified VIRUS, WORM or TROJAN! | No |
| N | Microsoft Greetings Reminder | MHPRMINF.EXE | You really want to be reminded about somebody's birthday at the expense of resources? | No |
| N | Microsoft Greetings Reminders | MHPRMIND.EXE | Microsoft Home Publishing greetings reminder | No |
| N | Microsoft Greetings Workshop Reminder | Gwremind.exe | You really want to be reminded about somebody's birthday at the expense of resources? | No |
| X | Microsoft HDCP for NT | msdhcp.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft HDCP for NT and Win9x | msdhcprs.exe | Added by a variant of the PEERBOT WORM! | No |
| X | Microsoft Help | svh0st.exe | Added by a variant of the SPYBOT WORM! | No |
| X | Microsoft Help | svchosl.exe | Added by the AGENT-GPX TROJAN! | No |
| X | Microsoft Help Support | mshelp32.exe | Addded by the KELVIR-BF WORM! | No |
| X | Microsoft Help SVC | msnmngr.exe | Added by the SDBOT-PQ WORM! | No |
| X | Microsoft Help System | mshelp32.exe | CoolWebSearch parasite variant | No |
| X | Microsoft Helpdesk Side | mshelpdsk.exe | Added by the SPYBOT.ANJJ WORM! | No |
| X | Microsoft Host Protocol | svhost.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Hosting Service | WINHOSTING.EXE | Added by the RBOT.AEV WORM! | No |
| X | Microsoft Hosts Service | Isass.exe | Added by a variant of the RBOT WORM! | No |
| X | microsoft hotmail monitor | mshotmon.exe | Added by the MYTOB-FL WORM! | No |
| X | Microsoft hren1 | mmhren1.exe | Added by a variant of the AGENT.IWW TROJAN! | No |
| X | Microsoft Hyptertext Helper | mshtha.exe | Added by a variant of the SPYBOT WORM! | No |
| X | Microsoft IDCN | mshe1p.exe | Added by an unidentified TROJAN! | No |
| X | Microsoft IE | Iexplore.exe | Added by the FORBOT-AG WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System% | No |
| X | Microsoft IE Execute shell | IEExec.exe | Added by the ALADINZ.N TROJAN! | No |
| X | MicroSoft IE Sasser | ISASS.EXE | Added by the SDBOT.MX WORM! | No |
| X | Microsoft IIS | syshost.exe | Added by the FRANCETTE WORM! | No |
| X | Microsoft IIS | [filename] | Added by the FRANCETTE-S WORM! | No |
| U | Microsoft IME 2002 | IMJPMIG.EXE | Microsoft's Input Method Editor for the Japanese language which is used to both display and enable the input of characters in e-mails, documents, web forms and other files - should you need to. Found on PCs where East Asian languages have been installed through the Regional and Language options icon in the Control Panel | Yes |
| X | Microsoft Inc. | iexplorer.exe | Added by the LOVGATE.E WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) | No |
| X | Microsoft Inc. | iexplorer.exe... | Added by the LOVGATE.AO WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) | No |
| X | Microsoft Incroporate | mfs.exe | Added by the RBOT-ANF WORM! | No |
| X | Microsoft Inet Xp.. | teekids.exe | Added by the BLASTER.C WORM! | No |
| X | Microsoft Information | securenet.exe | Added by the SDBOT.AJM WORM! | No |
| X | Microsoft Information Check | microsoft.exe | Added by the IRCBOT.AUH TROJAN! | No |
| X | Microsoft Initialization Service | initsvc.exe | Added by the IRCBOT.AXK BACKDOOR! | No |
| X | Microsoft Initialization Services | initserv.exe | Added by the IRCBOT-ABO TROJAN! | No |
| X | Microsoft Install Shield Services | rundll64 | Added by the RBOT-FSH WORM! | No |
| X | Microsoft Installshield | nundll32.exe | Added by the AGOBOT-AHZ WORM! | No |
| X | Microsoft Instant Messenger | msngmsngr32.exe | Added by the SPYBOTER.GEN TROJAN! | No |
| X | Microsoft Int Service | MsIntSrv.exe | Added by a variant of the RBOT WORM! | No |
| U | Microsoft IntelliPoint | ipoint.exe | Microsoft IntelliPoint utility (from version 5.5) - required to support the programmable buttons and additional features and on Microsoft's range of mice, If this entry is disabled, any programmed buttons or program-specific settings will not be supported | Yes |
| U | Microsoft IntelliPoint | point32.exe | Microsoft IntelliPoint utility (up to version 5.4) - required to support the programmable buttons and additional features and on Microsoft's range of mice, If this entry is disabled, any programmed buttons or program-specific settings will not be supported | Yes |
| U | Microsoft Intellitype Pro | speedkey.exe | Additional keyboard shortcuts on MS programmable keyboard | No |
| U | Microsoft IntelliType Pro | itype.exe | Microsoft IntelliType Pro utility (from version 5.5) - required to support the multimedia keys, programmed keys and key macros on Microsoft's range of keyboards. If this entry is disabled, any programmed keys or actions will not be supported and keys will not function as expected in applications with advanced text services enabled | Yes |
| U | Microsoft IntelliType Pro | type32.exe | Microsoft IntelliType Pro utility (up to version 5.4) - required to support the multimedia keys, programmed keys and key macros on Microsoft's range of keyboards. If this entry is disabled, any programmed keys or actions will not be supported and keys will not function as expected in applications with advanced text services enabled | Yes |
| X | Microsoft Internal AntiVirus Systems | dIlhost.exe | Added by the RBOT-AEV WORM! | No |
| X | Microsoft Internel Corporat | netvhost.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| X | Microsoft Internel Corporat | smbvhost.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| X | Microsoft Internet | expl0rer.exe | Added by a variant of the SPYBOT WORM! | No |
| X | Microsoft Internet | windows32.exe | Added by the SDBOT-F WORM! | No |
| X | Microsoft Internet | wincfg16.exe | Added by a variant of the SDBOT WORM! | No |
| X | Microsoft Internet Acceleration Utility | iau.exe | EasySearch adware | No |
| X | Microsoft Internet Acceleration Utility | [path to file] | Added by the AGENT-CX TROJAN! | No |
| X | Microsoft Internet Acceleration Utility | [path to trojan] | Added by the SMUTSRCH-A TROJAN! | No |
| X | Microsoft Internet Antivirus Protection | antivirus.exe | Detected by Kaspersky as the IRCBOT.BSK TROJAN! | No |
| X | Microsoft Internet Dumping Protocol | inetdump.exe | Added by the IRCBOT.BLL BACKDOOR! | No |
| X | Microsoft Internet Exp | iiexplorer.exe | Added by the RBOT-KX WORM! | No |
| X | Microsoft Internet Explorer | iexplore.exe | Added by the POEBOT-J WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System% | No |
| X | Microsoft Internet Explorer | iexplorer.exe | Added by the SDBOT-XN WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) | No |
| X | Microsoft Internet Explorer | crsys32.exe | Added by the RBOT.UZ WORM! | No |
| X | Microsoft Internet Explorer | movies.exe | Added by the BANCOS-DZ TROJAN! | No |
| X | Microsoft Internet Explorer | svzhost.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Internet Explorer | mccagent.exe | Added by the DLOADER-UD TROJAN! | No |
| X | Microsoft Internet Explorer | sysini.exe | Added by the DELF-LN TROJAN! | No |
| X | Microsoft Internet Explorer | svchost.exe | Added by the IRCBOT-AK TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "drivers" subfolder | No |
| X | Microsoft Internet Explorer | lEXPLORE.EXE | Added by the RBOT-AMM WORM! Note - the executable is spelt with a lower case "L" rather than an lower or upper case "i" which is the case with Internet Explorer | No |
| X | Microsoft Internet Explorer | svchosts.exe | Added by the BANCBAN-U TROJAN! | No |
| X | Microsoft Internet Explorer | [path to trojan] | Added by the BANCBAN-AS TROJAN! | No |
| X | Microsoft Internet Explorer | msngrt.exe | Added by the SDBOT-GU BACKDOOR! | No |
| X | Microsoft Internet Explorer Manager | ie.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | Microsoft Internet Explorer Update | ieupdate.exe | Added by the SHEUR.MH TROJAN! | No |
| X | Microsoft Internet Firewall | firewall.exe | Added by the IRCBOT.MD BACKDOOR! Located in %System% | No |
| X | Microsoft Internet Firewall Manager | GMT16.exe | Added by the RANDEX.AT WORM! | No |
| X | Microsoft Internet Firewall Update | updater.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | Microsoft Internet Services | Smss32.exe | Added by the RBOT.MS WORM! | No |
| X | Microsoft Internet Syncing | inetsync.exe | Added by the IRCBOT.BLL BACKDOOR! | No |
| X | Microsoft Intrenet Explorer | goaw.pif | Added by the RBOT-API WORM! | No |
| X | Microsoft Intrenet Explorer | Soundsyst.exe | Added by the RBOT-AQU WORM! | No |
| X | Microsoft Intrenet Explorer | cnsg.pif | Added by the RBOT-ARO WORM! | No |
| X | Microsoft Intrenet Explorer | wcumrg.exe | Added by the SDBOT-AFD WORM! | No |
| X | Microsoft IPC | system.exe | Added by the NULLBOT TROJAN! | No |
| X | Microsoft IPC | svshost.exe | Added by an unidentified VIRUS, WORM or TROJAN! | No |
| X | Microsoft IT Update | win64.exe | Added by the RBOT.GA WORM! | No |
| X | Microsoft IT Update | [random filename] | Added by a variant of the RBOT WORM! | No |
| X | Microsoft IT Update | IEserv.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft IT Update | msupdate.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft IT Update | winn43.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft IT Update | svchsst.exe | Added by the RBOT-DH WORM! | No |
| X | Microsoft IT Update | win43.exe | Added by the RBOT-SA WORM! | No |
| X | Microsoft IT Update | windows.exe | Added by the RBOT-JM WORM! | No |
| X | Microsoft IT Update | winsyst32.exe | Added by the RBOT-FC WORM! | No |
| X | Microsoft IT Update | Rhost32.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | Microsoft Java Virtual Machine | MsConfiG.exe | Added by the FORBOT-DV WORM! Note - this is not the legitimate msconfig.exe which should only appear in Msconfig/Startup if you leave the warning box unchecked after changing an Msconfig entry and rebooting | No |
| X | Microsoft Java Virtual Machine | msjvm.exe | Added by a variant of the SDBOT WORM! | No |
| X | Microsoft Java Virtual Machine | javavm.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Java Virtual Machine | msjavarxp.exe | Added by the FORBOT-DL WORM! | No |
| X | Microsoft Java Virtual Machine | winscr32.exe | Added by a variant of the WOOTBOT WORM! | No |
| X | Microsoft Java Windows Update | [filename] | Added by the RBOT-DZ WORM! | No |
| X | Microsoft JavaVM | msjarun.exe | Added by the RBOT-JW WORM! | No |
| X | Microsoft Kernel | Windows_kernel32.exe | Added by the NETSKY.AE WORM! | No |
| X | Microsoft Keyboard Enhance 2.0. | iasrecst.exe | Added by the BCKDR-QIL BACKDOOR! | No |
| X | Microsoft Keyboard Enhance V2.0 | iasrecst.exe | Detected by F-Prot as the DOWNLOADER2.AILI TROJAN! | No |
| X | Microsoft Kinetik Svc | msftksvc.exe | Added by the AGENT.AGDO TROJAN! | No |
| X | Microsoft LAN32 Protocol | lanXp.exe | Added by the RBOT-SS WORM! | No |
| X | MicroSoft Legal Service | Srb0ty.exe | Added by the SPYBOT.HW WORM! | No |
| X | MicroSoft Legal Syst3m32 | Syst3m32.exe | Added by the RBOT.UYL WORM! | No |
| X | Microsoft Lmhosting Service | lmhosts.exe | Added by the RBOT-RC WORM! | No |
| X | Microsoft Locals 332 | [random filename] | Added by the RBOT-KU WORM! | No |
| X | Microsoft Locals466 | xagwxzy.exe | Added by the SPYBOT.EL WORM! | No |
| U | Microsoft Location Finder | LocationFinder.exe | Microsoft Location Finder "is a client-side application that turns a regular WiFi enabled laptop, Tablet or PC into a location determining device without the addition of any separate hardware" | No |
| X | Microsoft Login | winlogin.exe | Added by the RBOT-AJP WORM! | No |
| X | Microsoft Logins | winlogins.exe | Added by the SPYBOT.BCZ WORM! | No |
| X | Microsoft LSA layer | MSLSA32.exe | Added by the RBOT-AKZ WORM! | No |
| X | Microsoft Lsass Center | Isass.exe | Added by a variant of the SDBOT WORM! | No |
| X | Microsoft Lsass Center | telecomes.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Lsass Manager | lsass.exe | Added by a variant of the SDBOT WORM! Note - this is not the legitimate lsass.exe process, which should not appear in Msconfig/Startup! | No |
| X | Microsoft Lsass Service | wintcp32.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | Microsoft LSASS386 Protocol | scvhost32.exe | Added by a variant of the SPYBOT WORM! | No |
| X | Microsoft LV | [path to file] | Added by the BDOOR-BDL BACKDOOR! | No |
| X | Microsoft Machine | winjava.exe | Added by a variant of the AGOBOT/GAOBOT WORM! | No |
| X | Microsoft machine | blah.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft machine | scvhost.exe | Added by the RBOT.AEU TROJAN! | No |
| X | Microsoft Machine | updata.exe | Added by the RBOT-DJ WORM! | No |
| X | Microsoft Machine | temp.exe | Added by the RBOT-FSQ WORM! | No |
| X | Microsoft Machine | winxp43.exe | Added by the RBOT-IA WORM! | No |
| X | Microsoft machine | arcpack.scr.exe | Added by the RBOT.ADF BACKDOOR! | No |
| X | Microsoft Machine Script | iexplorersis.exe | Added by the RBOT-CMH WORM! | No |
| X | Microsoft MachineUpdatese | tempes.exe | Added by the RBOT.EWN BACKDOOR! | No |
| X | Microsoft Macro Protection SubSsy | msacroprots386.exe | Added by the RBOT-KE WORM! | No |
| X | Microsoft Macro Protection Subsystems | msmacroprotxz.exe | Added by a variant of the SPYBOT WORM! | No |
| X | Microsoft Macro Protection Subsystems | Msmacroprot32.exe | Added by the RBOT.KN WORM! | No |
| X | Microsoft Manage Services | sychost.exe | Added by the SLENFBOT.AD WORM! | No |
| X | Microsoft Manage Services | schost.exe | Added by the SLENFBOT.B WORM! | No |
| X | Microsoft Management | lmas.exe | Added by the FORBOT-CZ WORM! | No |
| X | Microsoft Management Console | lssas.exe | EasySearch adware | No |
| X | Microsoft Management Console | [path to trojan] | Added by the SMUTSRCH-A TROJAN! | No |
| X | Microsoft Management Console | lssas1.exe | Added by the DLOADR-AWD TROJAN! | No |
| X | Microsoft Manager | msmanager.exe | Added by the MYTOB.LF WORM! | No |
| X | Microsoft Map PC | mappc.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Mapped PC | mappedpc.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft media | winmplayers.exe | Added by a variant of the SPYBOT WORM! | No |
| U | Microsoft Media Center Tray Applet | ehTray.exe | Media Center Tray Applet - part of Windows Media Center on XP MCE, Vista and Windows 7 (where it doesn't run as a startup). Allows Windows Media Center to be started by pressing the green button on a remote control and also displays System Tray notifications, such as recording status (successful or non-successful), EPG download notification, etc | Yes |
| X | Microsoft Media Manager | medman.exe | Added by the RBOT.EUZ WORM! | No |
| X | Microsoft Media player 9 | msmedia32.exe | Added by the RBOT-ADO WORM! | No |
| X | Microsoft media services | Iassd.exe | Added by a variant of the AGOBOT/GAOBOT WORM! | No |
| X | Microsoft media services | winmplayer.exe | Added by the RBOT.ZO WORM! | No |
| X | Microsoft MediaScope | winmes.exe | Added by the RBOT-XU WORM! | No |
| X | Microsoft Memory Dumping Protocol | memdump.exe | Added by the IRCBOT.BJK BACKDOOR! | No |
| X | Microsoft Memory Flow Cycle | flowcycle.exe | Added by the IRCBOT.WAD BACKDOOR! | No |
| X | Microsoft Memory Flow Cycle | flowcycles.exe | Added by the WAREZOV.AAK WORM! | No |
| X | Microsoft Message Machine | msmesg32.exe | Added by the SPYBOT.BI WORM! | No |
| X | Microsoft Messenger Management Controls | msmgmctl.exe | Added by the RBOT-APA WORM! | No |
| X | Microsoft messenger sd | msngersd.exe | Added by an unidentified TROJAN! | No |
| X | Microsoft Messenger Service | msmsg32.exe | Added by the RBOT.BOK WORM! | No |
| X | Microsoft Messenger XP | MSMSN32.exe | Added by the RBOT-ZP WORM! | No |
| X | Microsoft MicroP Protocol | wdgmr32.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Movie Maker | Mmaker.exe | Added by the IRCBOT.C TROJAN! Note that this is not a valid Microsoft program | No |
| X | Microsoft MSGPLUS32 Protocol | msgplus32.exe | Added by a variant of the SPYBOT WORM! | No |
| X | Microsoft MSN 7 Services | msnmsg.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| X | Microsoft MSN 7 Services | msnmsger.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| X | Microsoft MSN Messenger | msnmnsgr.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | Microsoft Msn Messenger | msmsgs.exe | Added by the BUZUS.AYX TROJAN! Note - this particular msmsgs.exe file is located in %System% and should not be mistaken for the MSN Messenger file of the same name which is located in %Program Files%\Messenger | No |
| X | Microsoft MSNGR32 Protocol | msngr32.exe | Added by a variant of the SPYBOT WORM! | No |
| X | Microsoft msnseru | msnseru.exe | Added by the RBOT-APB WORM! | No |
| X | Microsoft MsnST | msnst32.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft MSUPDATE | SpoolSvc.exe | Added by the SXTB-A TROJAN! | No |
| X | Microsoft Neser Experience | nese.exe | Added by the RBOT-YH WORM! | No |
| X | Microsoft NetMeeting Associates, Inc. | NetMeeting.exe | Added by the LOVGATE.AB WORM! | No |
| X | Microsoft Netview | gesfm32.exe | Added by the RANDEX.C WORM! | No |
| X | Microsoft Netview | mssvc32.exe | Added by an unidentified VIRUS, WORM or TROJAN! | No |
| X | Microsoft Netview Component v5.1 | msnv32.exe | Added by the RANDEX.F WORM! | No |
| X | Microsoft Network | msnet.exe | Added by the MOCKBOT.A WORM! | No |
| X | Microsoft Network | Networksystem.exe | Added by the SDBOT-AAI WORM! | No |
| X | Microsoft Network Daemon for Win32 | Netd32.exe | Added by the SDBOT.R TROJAN! | No |
| X | Microsoft Network Host | svc0host.exe | Added by the SDBOT-AEN WORM! | No |
| X | Microsoft Network Neighbourhood | networknbh.exe | Added by the RBOT.DMN WORM! | No |
| X | Microsoft Network Services Controller | mmsvc32.exe | Added by the NANPY-A WORM! | No |
| X | Microsoft Networking Agent For SP2 | msnac32.exe | Added by the SPYBOT.PEN WORM! | No |
| X | Microsoft Nod32 Service | nood32.exe | Added by the RBOT.EJP WORM! | No |
| X | Microsoft Norotn Anti Virus | mnhpot.exe | Added by the RBOT-GRO WORM! | No |
| X | Microsoft Norton Antivirus | norton.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | Microsoft NotePad | notepad.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft NT Drivers | ntdrv.exe | Added by the SDBOT.AJN TROJAN! | No |
| X | Microsoft NT Update | winexec32.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Nvidia Video | nvidia.exe | Added by a variant of the SDBOT WORM! | No |
| N | Microsoft Office | osa.exe | On older versions of MS Office this launches common Office components to help speed up the launch of Office programs. On slower machines it can be a resource hog and some users claim there's no difference with or without it - but it usually isn't required. This must be left enabled if you use the Microsoft Office Shortcut Bar (MSOFFICE.EXE) and have set it to load at startup. Available via Start → All Programs | Yes |
| N | Microsoft Office | Msoffice.exe | Feature included with older versions of MS Office giving you access to common Office functions and optional shortcuts to Office (and other) programs. Some people prefer it but a better way is to create desktop shortcuts if you want access these features and programs quickly. Also available via Start → All Programs | Yes |
| X | Microsoft Office | MSMSGR.exe | Added by the GAOBOT.BB WORM! | No |
| N | Microsoft Office | Osa9.exe | On older versions of MS Office this launches common Office components to help speed up the launch of Office programs. On slower machines it can be a resource hog and some users claim there's no difference with or without it - but it usually isn't required. This must be left enabled if you use the Microsoft Office Shortcut Bar (MSOFFICE.EXE) and have set it to load at startup. Available via Start → All Programs | Yes |
| X | Microsoft Office | lserv.exe | Added by the SDBOT.MH WORM! | No |
| X | Microsoft Office | Microsoft Office.hta | HTA file which creates an executable on the hard drive which subsequently proceeds to download files from a malware site! | No |
| X | Microsoft Office | msoicons.exe | Added by the RBOT-ZI WORM! - NOTE - do no confuse with the legitimate Msoicons.exe file described here. The latter wil not be listed among your startups! | No |
| X | Microsoft Office | Nxcao.exe | Added by the RBOT-ZE WORM! | No |
| X | Microsoft Office | nxcxtpr.exe | Added by the RBOT-YG WORM! | No |
| X | Microsoft Office | svxhost.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Office | msoffice32.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Office | msoff.exe | Added by the RAKER-C TROJAN! | No |
| X | Microsoft Office | microsoft.exe | Added by the BANKER-VF TROJAN! | No |
| X | Microsoft Office | msvcp.exe | Added by the AGENT-XK TROJAN! | No |
| X | Microsoft Office | msmsgr.exe | Added by the GAOBOT.BB WORM! | No |
| X | Microsoft Office | mdm.exe | Added by the IBOT-A TROJAN! Note - this is not the legitimate Machine Debug Manager (mdm.exe) process which is located in %ProgramFiles%\Common Files\Microsoft Shared\VS7Debug (98/Me/XP/Vista) or C:\WINDOWS\SYSTEM (Me only) | No |
| N | Microsoft Office Fast Cache | Fastboot.exe | Part of MS Office 95 (v7.0). According to this it improves the performance. Most likely a predecessor of MS Find Fast and can be disabled | No |
| U | Microsoft Office Groove | GROOVE.EXE | System Tray access to and alerts for MS Office Groove - a stand-alone product or included with the Enterprise/Ultimate versions of MS Office 2007. "A collaboration software program that helps teams work together dynamically and effectively, even if team members work for different organizations, work remotely, or work offline". Users can create workspaces and invite other Groove users to share the workspace and when a document is edited within the workspace the changes made become available to all other users in the workspace when they come online - synchronized using LAN, WAN and the Internet | Yes |
| X | Microsoft Office Monitor | alg2k.exe | Added by the SDBOT-CZO WORM! | No |
| X | Microsoft Office Monitor | aql32.exe | Added by the RBOT-GCY TROJAN! | No |
| N | Microsoft Office OneNote | ONENOTEM.EXE | System Tray access to MS Office OneNote 2003 & 2007 - an electronic notebook that allows you to create free-form notes, including text, graphics and audio/video. When running, ONENOTEM.EXE also enables the WINDOWS KEY combinations - such as WINDOWS KEY+N (new Side Note - 2007 only) and WINDOWS KEY+S (insert screen grab into a note). Leave the icon enabled in OneNote but move the shortcut from Start → All Programs → Startup to the desktop or elsewhere on the Start menu and run when needed | Yes |
| N | Microsoft Office OneNote 2003 Quick Launch | ONENOTEM.EXE | System Tray access to MS Office OneNote 2003 - an electronic notebook that allows you to create free-form notes, including text, graphics and audio/video. When running, ONENOTEM.EXE also enables the WINDOWS KEY+S key combination to insert screen grab into a note. Leave the icon enabled in OneNote but move the shortcut from Start → All Programs → Startup to the desktop or elsewhere on the Start menu and run when needed | Yes |
| X | Microsoft Office Quick Launcher | iau1.exe | Added by the DLOADR-AWD TROJAN! | No |
| N | Microsoft Office Shortcut Bar | Msoffice.exe | Feature included with older versions of MS Office giving you access to common Office functions and optional shortcuts to Office (and other) programs. Some people prefer it but a better way is to create desktop shortcuts if you want access these features and programs quickly. Also available via Start → All Programs | Yes |
| X | Microsoft Office Start | winupdates.exe | Added by the GAOBOT.BC WORM! | No |
| N | Microsoft Office Startup | osa.exe | On older versions of MS Office this launches common Office components to help speed up the launch of Office programs. On slower machines it can be a resource hog and some users claim there's no difference with or without it - but it usually isn't required. This must be left enabled if you use the Microsoft Office Shortcut Bar (MSOFFICE.EXE) and have set it to load at startup. Available via Start → All Programs | No |
| N | Microsoft Office Startup | Osa9.exe | On older versions of MS Office this launches common Office components to help speed up the launch of Office programs. On slower machines it can be a resource hog and some users claim there's no difference with or without it - but it usually isn't required. This must be left enabled if you use the Microsoft Office Shortcut Bar (MSOFFICE.EXE) and have set it to load at startup. Available via Start → All Programs | No |
| X | Microsoft Office Studio | scvhvst.exe | Added by the RANDEX.CST WORM! | No |
| X | Microsoft OfficeXP | officeXP.exe | Added by the KILLAV.MA WORM! | No |
| X | Microsoft Oftice | msmsgs.exe | Added by the IRCBOT.ALT WORM! Note - this particular msmsgs.exe file is located in %System% and should not be mistaken for the MSN Messenger file of the same name which is located in %Program Files%\Messenger | No |
| X | MicroSoft OneCare | FreeS3x.exe | Added by the SDBOT-DJT WORM! | No |
| X | Microsoft Opeions | IEXwe.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Outlook Express Protocol | svchst.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Patch Update | bootini.exe | Added by the RBOT-FMN WORM! | No |
| X | Microsoft PC Health Remote Assistance File Open & Save controls | sfrcdlg32.exe | Added by the RBOT-AVY WORM! | No |
| X | Microsoft PCHealth32 | [path to file] | Added by the NICE-A TROJAN! | No |
| X | Microsoft PCHealth32 | NDDENB.exe | Added by the PWSYAHOO-A TROJAN! | No |
| X | Microsoft PCI Manager | mspci.exe | Added by the RBOT.BBG WORM! | No |
| N | Microsoft People Near Me | p2phost.exe | Signs a user into the People Near Me feature at login in Windows 7 and Vista. People Near Me enables you to use certain peer-to-peer (P2P) programs on a network - that "identifies people nearby who are using computers and allows those people to send you invitations for programs such as Windows Meeting Space. They can only invite you to participate in programs that are installed on your computer." Available via Start → Control Panel | Yes |
| X | Microsoft Personal Firewalls | bakw.exe | Added by the RBOT-KS WORM! | No |
| X | Microsoft Problem Doctor | windr128.exe | Added by the SMALLTRO.EF TROJAN! | No |
| X | Microsoft Problem Doctor | windr32.exe | Added by a variant of the SMALLTRO.EF TROJAN! | No |
| X | Microsoft Problem Doctor | windr64.exe | Added by a variant of the SMALLTRO.EF TROJAN! | No |
| X | Microsoft Proc Driver32 | msprc.exe | Added by a variant of the WOOTBOT WORM! | No |
| X | Microsoft Procedure Call | MSPCALL.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Process Manager | process32.exe | Added by the CHECKOUT WORM! | No |
| X | Microsoft Profile Manager | profile.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | Microsoft PSTCP32 Data | pstcp32.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft QMGR | msnqmgr.exe | Added by the IRCBOT-S TROJAN! | No |
| X | Microsoft RDLL | sysconf32.exe | Added by a variant of the SDBOT TROJAN! | No |
| X | Microsoft Redirect | [path to file] | Added by the BANKER-FW TROJAN! | No |
| X | Microsoft Redirect | systen.exe | Added by the BANCOS-FO TROJAN! | No |
| X | Microsoft Regestry Edit Manager | regedit.exe | Added by the SHEUR.HC TROJAN! Note - this is not the valid Windows registry editor which resides in %Windir% and will not normally figure in Msconfig/Startup! This version resides in the %System% | No |
| X | Microsoft Regestry Manager | regedit32.exe | Added by a variant of the IRCBOT.ARD WORM! | No |
| X | Microsoft Regestry Manager | registry32.exe | Added by the IRCBOT.ARD WORM! | No |
| X | Microsoft Registro | svchostt.exe | Added by the BANCOS-DH TROJAN! | No |
| X | Microsoft Registry | csrse.exe | Added by the RBOT-PC WORM! | No |
| X | MicroSoft Remote Secure Service | MSRSS.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Restore | scrgrd.exe | Added by the SPYBOT.BR WORM! | No |
| X | Microsoft Router Manager | linksys.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | Microsoft Router Manager | router.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | Microsoft Rundll | windos.exe | Added by the SDBOT-WF WORM! | No |
| X | Microsoft Runtime | CfgDll32.exe | Added by the RANDEX.BD WORM! | No |
| X | Microsoft Safe Mode Manager | safemode.exe | Added by the IRCBOT.HM BACKDOOR! | No |
| X | Microsoft Scanreg | microsoftscanreg.exe | Added by the FRANRIV.A WORM! | No |
| X | Microsoft SCVHOST32 Protocol | scvhost32.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft sddcE Contol | taskmnegr.exe | Added by the RBOT-AUM WORM! | No |
| X | Microsoft sdk temp | sdktemp.exe | Added by the RBOT-ANP WORM! | No |
| X | Microsoft SDKP3 | mswinsdq.exe | Added by the RBOT-ARY WORM! | No |
| X | Microsoft Secure | Messenger.NET Service | Added by the FORBOT-AM WORM! | No |
| X | Microsoft Secure Messenger.NET Service | securitychk.exe | Added by the SDBOT.VT WORM! | No |
| X | Microsoft Security | winService.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft security adviser | mssadv.exe | Microsoft Security Adviser rogue security software - not recommended | No |
| X | Microsoft Security Center | savservices.exe | Added by the RBOT-ANU WORM! | No |
| X | Microsoft Security Center | wcsntfy.exe | Added by the SDBOT.BYD WORM! | No |
| X | Microsoft Security Controlers | fxsecues.exe | Added by a variant of the SDBOT WORM! | No |
| Y | Microsoft Security Essentials | msseces.exe | System Tray access to a notifications from Microsoft Security Essentials which "provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software" | Yes |
| X | Microsoft Security GManagers | [random filename] | Added by a variant of the SDBOT WORM! | No |
| X | Microsoft Security Hot Fix Update | mshotfix.exe | Affilred adware | No |
| X | Microsoft Security Management | winnt.exe | Added by the RBOT-MQ WORM! | No |
| X | Microsoft Security Management | winserv.exe | Added by the RBOT-MJ WORM! | No |
| X | Microsoft Security Management | winamp.exe | Added by a variant of the RBOT WORM! Note - this is NOT the popular Winamp media player which resides in a "Winamp" subdirectory of the Program Files directory | No |
| X | Microsoft Security Management | wuauct1.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Security Management | bling.exe | Added by the RBOT.XL WORM! | No |
| X | Microsoft Security Management | sp2fix.exe | Added by the RBOT.UB WORM! | No |
| X | Microsoft Security Manager | winamp.exe | Added by the RBOT.TU WORM! Note - this is NOT the popular Winamp media player which is located in %ProgramFiles%\Winamp. This one is located in %System% | No |
| X | Microsoft Security Monitor Process | mssmp.exe | Added by the RBOT-FUB WORM! | No |
| X | Microsoft Security Monitor Process | mnsmp.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| X | Microsoft Security Monitor Process | msmp.exe | Added by the RBOT.GKQ WORM! | No |
| X | Microsoft Security Monitor Process | mssm32.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | Microsoft Security Monitor Process | lsas.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Microsoft Security Monitor Process | msword.exe | Added by the VIRUT.P VIRUS! | No |
| X | Microsoft Security Monitor Process | service.exe | Added by the DELF.BERW BACKDOOR! | No |
| X | Microsoft Security Monitor Process | svcchost.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Microsoft Security Monitor Process | windowsupdate.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Microsoft Security Monitor Process | [random filename] | Added by variants of the RBOT WORM! See here | No |
| X | Microsoft Security Monitor Process | com.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| X | Microsoft Security Monitor Process | exel.exe | Added by the SDBOT.AFX BACKDOOR! | No |
| X | Microsoft Security Monitor Process | firewall.exe | Added by a variant of the IRCBOT BACKDOOR! Located in %System% | No |
| X | Microsoft Security Monitor Process | flash.exe | Added by the EGGDROP.EE BACKDOOR! | No |
| X | Microsoft Security Monitor Process | hel.exe | Added by the EGGDROP.V BACKDOOR! | No |
| X | Microsoft Security Monitor Process | HelpMe.exe | Added by the VB.BJO TROJAN! | No |
| X | Microsoft Security Monitor Process | kar.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Microsoft Security Monitor Process | lindicracker.exe | Added by the BIFROSE.GR BACKDOOR! | No |
| X | Microsoft Security Monitor Process | mail.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| X | Microsoft Security Monitor Process | mmp.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| X | Microsoft Security Monitor Process | mssm32.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| X | Microsoft Security Monitor Process | mssmpi32.exe | Added by a variant of the RBOT WORM! See here | No |
| X | Microsoft Security Monitor Process | nitty.exe | Added by the RBOT.AEU BACKDOOR! | No |
| X | Microsoft Security Monitor Process | ofice.exe | Added by the VIRUT.N VIRUS! | No |
| X | Microsoft Security Monitor Process | point.exe | Added by the IRCBOT.AVP BACKDOOR! | No |
| X | Microsoft Security Monitor Process | princ.exe | Added by the HUPIGON.WTL TROJAN! | No |
| X | Microsoft Security Monitor Process | web.exe | Added by the EGGDROP.V BACKDOOR! | No |
| X | Microsoft Security Monitor Process | winsys32.exe | Added by the VIRUT.N VIRUS! | No |
| X | Microsoft Security Monitor Process | winsyss32.exe | Added by the RBOT.AEU BACKDOOR! | No |
| X | Microsoft Security Monitor Process | word.exe | Added by the EGGDROP.DC BACKDOOR! | No |
| X | Microsoft Security Panager | [filename] | Added by the RBOT-ANL WORM! | No |
| X | Microsoft Security Panagers | [random filename] | Added by the RBOT-AIG WORM! | No |
| X | Microsoft Security Panagers | zzoboony.exe | Added by the RBOT-AOI WORM! | No |
| X | Microsoft Security Process | wininit.exe | Added by the RBOT-FKM WORM! | No |
| X | Microsoft Security System | mssecsys.exe | Added by the IRCBOT-WJ TROJAN! | No |
| X | Microsoft Security Update | security32.exe | Added by the DELF-JJ TROJAN! | No |
| X | Microsoft Server | rserv.exe | Added by the AGOBOT.AVS WORM! | No |
| X | Microsoft Server Applacations | msnmsg.exe | Added by the AGOBOT.BBM WORM! | No |
| X | Microsoft Server Applacations | wuauct1.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Server Applacations | lsasss.exe | Added by the RBOT-AQQ WORM! | No |
| X | Microsoft Server Applacations | Q8See.exe | Added by the SPYBOT.GEN3 TROJAN! | No |
| X | Microsoft Server Applacations | cli.exe | Added by the RBOT-GAQ WORM! | No |
| X | Microsoft Server Application | Sound.exe | Added by the RBOT-NE WORM! | No |
| X | microsoft server base | lass.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Server Process | svhst32.exe | Added by the BCKDR-QHR BACKDOOR! | No |
| X | Microsoft Service | microhost.exe | Added by the RBOT-LC WORM! | No |
| X | Microsoft Service | winsvc.exe | Added by the SPYBOT-DB WORM! | No |
| X | Microsoft Service | rundll.exe | Added by the POPO-A WORM! Note - this is NOT the Win9x/Me system file of the same name as described here | No |
| X | Microsoft Service | service.exe | Added by the IRCBOT-XX BACKDOOR! | No |
| X | Microsoft Service | winspl.exe | Spyman spyware | No |
| X | Microsoft Service 32 | mssvc32.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | Microsoft Service 32 | sysddm32.exe | Added by the SDBOT.AKC WORM! | No |
| X | Microsoft Service Access Manager | Access.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Microsoft Service Boot | sboot.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | Microsoft Service Controller | services.exe | Added by the KALEL-D WORM! Note - this is not the legitimate services.exe process, which should not appear in Msconfig/Startup! | No |
| X | Microsoft Service Disk Cycle | disksave.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | Microsoft Service Drivers | System.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Service Drivers | VSADNIM.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Service Execution Manager | execute.exe | Added by a variant of the IRCBOT TROJAN! See here | No |
| X | Microsoft Service firewall Manager | firewall.exe | Added by a variant of the SDBOT BACKDOOR! Located in %System% | No |
| X | Microsoft Service Host Manager | 32svchost.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | Microsoft Service Host Process | svchost.exe | Added by the KRYNOS.B WORM! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "Help" subfolder of the Winnt or Windows folder | No |
| X | Microsoft Service Information | msnservices.exe | Added by the RBOT.ID WORM! | No |
| X | Microsoft Service Login Manager | winlogin.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | Microsoft Service Manager | service32.exe | Added by the IRCBOT.WDW BACKDOOR! | No |
| X | Microsoft Service Manager | winsvc.exe | Added by a variant of the RBOT WORM! See here | No |
| X | Microsoft Service Pack | WindowsSP.exe | Added by the RBOT-RF WORM! | No |
| X | Microsoft Service Pack2.1 | svchost2.exe | Added by the RBOT.ASN BACKDOOR! | No |
| X | Microsoft Service Tools | MStools1.exe | Added by the RBOT-BHT WORM! | No |
| X | Microsoft Services | lsserv.exe | Added by an unidentified VIRUS, WORM or TROJAN! | No |
| X | Microsoft Services | lssrv.exe | Added by the RBOT.CW WORM! | No |
| X | Microsoft Services | services.exe | Added by the ALETS TROJAN! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | Microsoft Services | lsrv.exe | Added by the RBOT-BK WORM! | No |
| X | Microsoft Services | svshost.exe | Added by the ALETS.B TROJAN! | No |
| X | Microsoft Services | bsc32.exe | Added by the BDOOR-AW BACKDOOR! | No |
| X | Microsoft Services | Smss32.exe | Added by the RBOT-AD WORM! | No |
| X | Microsoft Services | svssshost.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Services | module.exe | Added by the LAVITS WORM! | No |
| X | Microsoft Services | msmpserv.exe | Added by the IRCBOT.BKA BACKDOOR! | No |
| X | Microsoft Services Unitd | MSU32.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Servicez Manager | servicemgrz.exe | Added by the RBOT-ASN WORM! | No |
| X | Microsoft Session Manager Subsystem | smss.exe | Added by the KALEL-D WORM! Note - this is not the legitimate smss.exe process which should NOT appear in Msconfig/Startup! | No |
| X | Microsoft Setup Initializazion | localhost.exe | Added by a variant of the IRCBOT TROJAN! | No |
| N | Microsoft Sidewinder Game Controller Software | SWTRAY.EXE | MS SideWinder game controller system tray icon. Available via Start -> Programs | No |
| X | Microsoft Sinsup | odjiwjf.exe | Added by the RBOT-DN WORM! | No |
| X | Microsoft Software | sysinfo33.exe | Added by the RBOT.LS WORM! | No |
| X | microsoft software | ****.exe [* = random char] | Added by an unidentified WORM or TROJAN! | No |
| X | Microsoft software | cdaccess.exe | Added by the RBOT.ABK WORM! | No |
| X | Microsoft Software Update | nmon.exe | Added by the RBOT.HZ WORM! | No |
| X | Microsoft Sound Driver | sound32.exe | Added by a variant of the SPYBOT WORM! | No |
| X | Microsoft Sound Technology | winsound.exe | Added by the RBOT-AGG WORM! | No |
| N | Microsoft Sound Volume Tool | mssvol.exe | This is a Blue version of the yellow speaker icon on the system tray and is used to edit advanced Sound Features that the MS DSS80 Speakers add. Should be accessible via Start -> Settings -> Control Panel | No |
| X | Microsoft Sounds | soundman.exe | Added by the RBOT-GCI WORM! | No |
| X | Microsoft SpA Service | msapps.exe | Added by the RBOT-VI WORM! | No |
| X | Microsoft SpA Service | win32.exe | Added by the RBOT.ATS WORM! | No |
| X | Microsoft SpA Service | Winupd32.exe | Added by the RBOT.LT WORM! | No |
| X | Microsoft SpAr Service | winsbsd32.exe | Added by the RBOT-RN WORM! | No |
| X | Microsoft Special offer | infoebay.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Spool ** Service | spool**.exe | Added by a variant of the IRCBOT TROJAN - where ** represents a 2 digit number | No |
| X | Microsoft Spool Server for Win32 | spoolsrv.exe | Added by the RANDEX.H WORM! | No |
| X | Microsoft Spool Svc | spoolsvc32.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| X | Microsoft Spooler Services | Spoolsv.exe | Added by a variant of the SPYBOT WORM! See here | No |
| X | MicroSoft ssadsadas3s1 | eXtream.exe | Added by the SPYBOT.ZK TROJAN! | No |
| X | MicroSoft ssadssjdhasjadas3s1 | kdjfsdklfjsl.exe | Added by the SDBOT.AEX WORM! | No |
| X | MicroSoft ssas3s1 | SADASDA.exe | Added by the RBOT.URF WORM! | No |
| X | Microsoft SSISVRI32 Protocol | ssisvri.exe | Added by a variant of the SPYBOT WORM! | No |
| X | Microsoft Standard Executions Library | win32lib.exe | Added by the RBOT-AUK WORM! | No |
| X | Microsoft standard protector | winsocks5.exe | Added by the SMALL.CF TROJAN! | No |
| X | Microsoft standard protector | [path to trojan] | Added by the STOX-C TROJAN! | No |
| X | Microsoft startup | wmpIayer.exe | Added by the IRCBOT.ACI TROJAN! | No |
| X | Microsoft Startup Manager | sysservice.exe | Added by the AVALANEC TROJAN! | No |
| N | Microsoft Sticky Notes | stikynot.exe | Microsoft Sticky Notes - virtual sticky notes tool from Windows Vista. This implementation of the popular yellow "Post-It" tool is part of the Tablet PC features and allows you to enter either handwriting (via a pen or mouse) or record a voice note. AVailable via Start → All Programs | Yes |
| X | Microsoft Stuff you know | winslogin.exe | Added by a variant of the SDBOT WORM! | No |
| X | Microsoft Sum32 | sum32.exe | Added by the RBOT-YW WORM! | No |
| X | Microsoft Support | sys32ms.exe | Added by the RBOT-AHI WORM! | No |
| X | microsoft support | svchostt.exe | Added by the AGOBOT.AWN WORM! | No |
| X | Microsoft SVC | mssvc.exe | Added by the BIFROSE-UQ TROJAN! | No |
| X | Microsoft Svchost local services | winoem.exe | Added by the RBOT-FPE WORM! | No |
| X | Microsoft Svchost local services | nzm23.exe | Added by the RBOT-GMC WORM! | No |
| X | Microsoft Svchost local services | msnserver.exe | Added by the RBOT-GPM WORM! | No |
| X | Microsoft Syn Manager | Manager.exe | Added by the SDBOT.BEF WORM! | No |
| X | Microsoft Synchronization Manager | asgard.exe | Added by the SDBOT-AEA WORM! | No |
| X | Microsoft Synchronization Manager | bot.exe | Added by the SDBOT.IH WORM! | No |
| X | Microsoft Synchronization Manager | netscape.exe | Added by the RANDEX.AE WORM! | No |
| X | Microsoft Synchronization Manager | slhost.exe | Added by the SDBOT.YH WORM! | No |
| X | Microsoft Synchronization Manager | svhost.exe | Added by the SDBOT-PY WORM! | No |
| X | Microsoft Synchronization Manager | WinLoginnn.exe | Added by the SPYBOT.FO WORM! | No |
| X | Microsoft Synchronization Manager | winupdate.exe | Added by the SDBOT.ER WORM! | No |
| X | Microsoft Synchronization Manager | xXx.exe | Added by the SDBOT-KZ WORM! | No |
| X | Microsoft Synchronization Manager | ___synmgr.exe | Added by the MASLAN.A or MASLAN.C WORMS! | No |
| X | Microsoft Synchronization Manager | al.exe | Added by the OPTXPRO.132 TROJAN! | No |
| X | Microsoft Synchronization Manager | win.exe | Added by the SDBOT.AK WORM! | No |
| X | Microsoft Synchronization Manager | java.exe | Added by a variant of the SDBOT WORM! | No |
| X | Microsoft Synchronization Manager | svchosts.exe | Added by the SDBOT-LM WORM! | No |
| X | Microsoft Synchronization Manager | winlogon32.exe | Added by the SDBOT.AEU WORM! | No |
| X | Microsoft Synchronization Manager | svxhost.exe | Added by the SDBOT-ZU WORM! | No |
| X | Microsoft Synchronization Manager | wincfg32.exe | Added by the SDBOT.DO WORM! | No |
| X | Microsoft Synchronization Manager | screen.exe | Added by the SDBOT-ACO WORM! | No |
| X | Microsoft Synchronization Manager | devldr32.exe | Added by a variant of the RBOT WORM! Note - do not confuse with the legitimate Creative Labs devldr32.exe file | No |
| X | Microsoft Synchronization Manager | explorer.exe | Added by the SDBOT-AEA WORM! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System% | No |
| X | Microsoft Synchronization Manager | firewire.exe | Added by the SDBOT-AFC WORM! | No |
| X | Microsoft Synchronization Manager | wmedia.exe | Added by the SDBOT.BFC WORM! | No |
| X | Microsoft Synchronization Manager | win932.exe | Added by the SDBOT.AH WORM! | No |
| X | Microsoft Synchronization Manager | mircup.exe | Added by the SDBOT.BQD WORM! | No |
| U | Microsoft Synchronization Manager | mobsync.exe | Microsoft Synchronization Manager for 2K/XP - used to update network copies of materials that were edited offline, such as documents, calendars, and e-mail messages. Available via Start → All Programs → Synchronize, this entry appears if you select Setup → "When I log on to my computer" | Yes |
| X | Microsoft Synchronization Manager 2 | svhostc.exe | Added by the SLINBOT.ST WORM! | No |
| X | MicroSoft sys32 | sysmsgr32.exe | Added by a variant of the SPYBOT WORM! See here | No |
| X | MicroSoft sys3s1 | h4ckn3t.exe | Added by the RBOT.QTY WORM! | No |
| X | Microsoft System | msupdtm.exe | Added by the SPYBOT.PKC WORM! | No |
| X | Microsoft System | mssys32.exe | Added by the PETTICK.A WORM! | No |
| X | Microsoft System | sys.exe | Added by the RBOT.AKI WORM! | No |
| X | Microsoft System | winamp1.exe | Added by the SDBOT-UF WORM! | No |
| X | Microsoft System Administration | system.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| X | Microsoft System Backup | [random filename] | Added by the RBOT-AGM WORM! | No |
| X | Microsoft System Checkup | Cool.exe | Added by the DONK.B WORM! | No |
| X | Microsoft System Checkup | Wnetlib.exe | Added by the DONK.C WORM! | No |
| X | Microsoft System Checkup | dbnetlib.exe | Added by the DONK.L WORM! | No |
| X | Microsoft System Checkup | Keymgr.exe | Added by the DONK.M WORM! | No |
| X | Microsoft System Checkup | inetman.exe | Added by the DONK.O WORM! | No |
| X | Microsoft System Checkup | ntsysmgr.exe | Added by the DONK.S WORM! | No |
| X | Microsoft System Checkup | ntsysman.exe | Added by the SDBOT-QW WORM! | No |
| X | Microsoft System Checkup | libsysmgr.exe | Added by the SDBOT-CAF WORM! | No |
| X | Microsoft System Checkup | sysmgr.exe | Added by the SDBOT-OO TROJAN! | No |
| X | Microsoft System Checkup | netapi32.exe | Added by the DONK-E WORM! | No |
| X | Microsoft System Checkup | wnetmgr.exe | Added by the DONK.Q WORM! | No |
| X | Microsoft System Checkup | libsys32.exe | Added by the SDBOT-ACK WORM! | No |
| X | Microsoft System Checkup | netlogin32.exe | Added by the SDBOT-GN BACKDOOR! | No |
| N | Microsoft System Configuration Utility | msconfig.exe | Entry that appears when you uncheck an item in the MSConfig Startup group and will disappear if on the next reboot you select the option to not be reminded that you are running in Selective Startup mode. Located in %System% (98/Me/Vista) or %Windir%\PCHealth\HelpCtr\Binaries (XP) | Yes |
| X | Microsoft System Debug | services32.exe | Added by the RBOT.AKH WORM! | No |
| X | Microsoft System DLL Services Configuration | windir32.exe | Added by the SDBOT-ACY TROJAN! | No |
| X | Microsoft System File | svchots.exe | Added by the RBOT.BYU WORM! | No |
| X | Microsoft System Firewall 2006.2 | msmsgr.exe | Added by a variant of the SDBOT WORM! | No |
| X | Microsoft System Firewall 2006.2 | msnmsgr.exe | Added by a variant of the SDBOT WORM! Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %System% | No |
| X | Microsoft System Firewall 2006.2 | reg32.exe | Added by a variant of the SDBOT WORM! | No |
| X | Microsoft System Init | mtmnr0.exe | Added by the SDBOT.BR TROJAN! | No |
| X | Microsoft System Monitor | monsys.exe | Added by the IRCBOT-YV TROJAN! | No |
| X | Microsoft System Monitor | system.exe | Added by the IRCBOT.AUT BACKDOOR! | No |
| X | Microsoft System NT | svhost.exe | Added by the SDBOT.COU WORM! | No |
| X | Microsoft System Restore Configuration | CBRSS.EXE | Added by a variant of the SPYBOT WORM! | No |
| X | Microsoft System Saver | [path to worm] | Added by the RBOT.BSK WORM! | No |
| X | Microsoft System Security Agent | MSTSA.EXE | Added by the RBOT.CCM WORM! | No |
| X | Microsoft System Service | dnservice.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | Microsoft System Service | taskmgr1.exe | Added by a variant of the SPYBOT WORM! See here | No |
| X | Microsoft System Service | winIogon2.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | Microsoft System Service Device | mssdh.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | Microsoft System Services | msnmgsr.exe | Added by the KELVIR.K WORM! | No |
| X | Microsoft System Services | msmsgr.exe | Added by the RBOT-ZH WORM! | No |
| X | Microsoft System Update | sysupdate.exe | Added by the SDBOT.DG WORM! | No |
| X | Microsoft system Value | sys57.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft System32 Update | cmsrg.exe | Added by the RBOT-GN WORM! | No |
| X | Microsoft Task Manager Daemon | spoolsrv.exe | Added by the SDBOT.FLL WORM! | No |
| X | Microsoft Task Messenger Config | taskmgsr.exe | Added by the SDBOT-JK WORM! | No |
| X | Microsoft task tray monitor | ctray.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Task32 Protocol | taskmgr32.exe | Added by a variant of the SDBOT WORM! | No |
| X | Microsoft Taskmanager Updater | keyboard.exe | Added by the RBOT-ALU WORM! | No |
| X | Microsoft TCP Protocol | wintcp32.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | Microsoft TCP Service | scvhost.exe | Added by the AGOBOT-L WORM! | No |
| X | Microsoft TCP/IP Connection Monitor | svchost32.exe | Added by the RBOT.KS WORM! | No |
| X | Microsoft Telecom Center | tellecom.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Telecoma Center | tellcoma.exe | Added by the RBOT-AWX WORM! | No |
| X | Microsoft Telecoms Center | telcoms.exe | Added by the IRCBOT.GEN WORM! | No |
| X | Microsoft Telecoms Center | xpfilesys.exe | Added by the RBOT.BCJ TROJAN! | No |
| X | Microsoft Telecoms Center | winupn.exe | Added by a variant of the SDBOT WORM! | No |
| X | Microsoft Telecoms Center | svcchost.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Time Manager | dveldr.exe | Added by the RBOT-HQ WORM! | No |
| X | MicroSoft Toolbar | key.exe | Added by the RBOT-AEW WORM! | No |
| X | Microsoft Transfer File Server | mtfs.exe | Added by the RBOT.AFE WORM! | No |
| X | Microsoft Tray | [random filename] | Added by the DELF.BZ TROJAN! | No |
| X | Microsoft TTL Verifier | msttl.exe | Added by the RBOT-GAP WORM! | No |
| X | Microsoft U | wuamkopxp.exe | Added by the RBOT-AHC WORM! | No |
| X | Microsoft UMA Update | MSuma32.exe | Added by the RBOT.FS WORM! | No |
| X | MICROSOFT UNPACCKER SYSTEM | unpak32.exe | Added by a variant of the RBOT WORM! | No |
| X | MICROSOFT UNPACK SYSTEM | winrarx.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Updat3 | mswkst32.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Update | Microsoft.exe | Added by the GAOBOT.AFJ WORM! | No |
| X | Microsoft Update | mssmgrd.exe | Added by the SDBOT.JT WORM! | No |
| X | Microsoft Update | mvsc.exe | Added by the SPYBOT.DAZ WORM! | No |
| X | Microsoft Update | ascdl.exe | Added by the GAOBOT.SY WORM! | No |
| X | Microsoft Update | Isac.exe | Added by the RBOT-AU WORM! | No |
| X | Microsoft Update | automgr32.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Update | mediap.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Update | Microsoftx.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Update | msconfg.exe | Added by the RBOT.H WORM! | No |
| X | Microsoft Update | Mslti32.exe | Added by the RBOT-LX WORM! | No |
| X | Microsoft Update | muamgrd.exe | Added by a variant of the AGOBOT/GAOBOT WORM! | No |
| X | Microsoft Update | navmgrd.exe | Added by the SDBOT.DP TROJAN! | No |
| X | Microsoft Update | Smss32.exe | Added by the RBOT-CB WORM! | No |
| X | Microsoft Update | sys32cfg.exe | Added by the RBOT.DR WORM! | No |
| X | Microsoft Update | VPC32.EXE | Added by the AGOBOT.XM WORM! | No |
| X | Microsoft Update | winsys32.exe | Added by the RBOT.BD WORM! | No |
| X | Microsoft Update | wuamgrd.exe | Added by the RBOT-LK WORM! | No |
| X | Microsoft Update | wuammgr32.exe | Added by the RBOT-AW WORM! | No |
| X | Microsoft Update | wudmate.exe | Added by the RBOT.AP WORM! | No |
| X | Microsoft Update | msawindows.exe | Added by the GAOBOT.AFJ WORM! | No |
| X | Microsoft Update | msiwin84.exe | Added by the GAOBOT.AFJ WORM! | No |
| X | Microsoft Update | wuamgrd32.exe | Added by the RBOT.ZB WORM! | No |
| X | Microsoft Update | NAV.exe | Added by the RBOT-IV WORM! | No |
| X | Microsoft Update | systemi32.exe | Added by a variant of the SPYBOT WORM! | No |
| X | Microsoft Update | xpupdate.exe | Added by the RBOT-QE WORM! | No |
| X | Microsoft Update | webm.exe | Added by the SDBOT.WK WORM! | No |
| X | Microsoft Update | wuagrd.exe | Added by the RBOT-FK WORM! | No |
| X | Microsoft Update | aaupdt.exe | Added by the RBOT-RQ WORM! | No |
| X | Microsoft Update | lsac.exe | Added by the GAOBOT.XW WORM! | No |
| X | Microsoft Update | Mupdate.exe | Added by the RBOT-AG WORM! | No |
| X | Microsoft Update | prowind32.exe | Added by a variant of the AGOBOT/GAOBOT WORM! | No |
| X | Microsoft Update | snlogsvc.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Update | svhost.exe | Added by the RBOT-PI WORM! | No |
| X | Microsoft Update | wauguard.exe | Added by the RBOT.AEE WORM! | No |
| X | Microsoft Update | winscv.exe | Added by the RBOT-BH WORM! | No |
| X | Microsoft Update | winsys.exe | Added by the RBOT-GV WORM! | No |
| X | Microsoft Update | wserv32.exe | Added by the RBOT.AF WORM! | No |
| X | Microsoft Update | wtm32.exe | Added by the RBOT-AQ WORM! | No |
| X | Microsoft Update | wumgrd.exe | Added by the SDBOT-KY WORM! | No |
| X | Microsoft Update | wuampd.exe | Added by the RBOT-UT WORM! | No |
| X | Microsoft Update | msupdate32.exe | Added by a variant of the SPYBOT WORM! | No |
| X | Microsoft Update | Botnet.exe | Added by the RBOT.AFL WORM! | No |
| X | Microsoft Update | sghost.exe | Added by the SDBOT.AKV WORM! | No |
| X | Microsoft Update | update_w.exe | Added by the RBOT-EW WORM! | No |
| X | Microsoft Update | windows24.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Update | wingrd32.exe | Added by the RBOT-DW WORM! | No |
| X | Microsoft Update | wssvr.exe | Added by the RBOT-OD WORM! | No |
| X | Microsoft Update | wuamagr32.exe | Added by the SPYBOT.CG WORM! | No |
| X | Microsoft Update | WinUpdate32.exe | Added by the RBOT-TI WORM! | No |
| X | Microsoft Update | wkfix.exe | Added by the RBOT-ABZ WORM! | No |
| X | Microsoft Update | Kkk.exe | Added by the RBOT-AHL WORM! | No |
| X | Microsoft Update | mcupdate.exe | Added by the RBOT.XT WORM! Note - this file is located in %System% and should not be confused with the McAfee antivirus executable as described here | No |
| X | Microsoft Update | Micr0s0ft.exe | Added by the AGOBOT.AAR WORM! | No |
| X | Microsoft Update | Msnmsngr.exe | Added by the RBOT.BQS WORM! | No |
| X | Microsoft Update | msupdate32.exe | Added by the SPYBOT.LZ WORM! | No |
| X | Microsoft Update | scvhost.exe | Added by the RBOT-AEM WORM! | No |
| X | Microsoft Update | svghost.exe | Added by the RBOT.BUJ WORM! | No |
| X | Microsoft Update | sys.exe | Added by the RBOT-AJ WORM! | No |
| X | Microsoft Update | up2dat5.exe | Added by a variant of the SDBOT WORM! | No |
| X | Microsoft Update | winamp.exe | Added by a variant of the RBOT WORM! Note - this is NOT the popular Winamp media player | No |
| X | Microsoft Update | win-mang.exe | Added by the RBOT-AFK WORM! | No |
| X | Microsoft Update | winupdater.exe | Added by the RBOT.BIN WORM! | No |
| X | Microsoft Update | wuamk0032.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Update | wuamk032.exe | Added by the RBOT-AHD WORM! | No |
| X | Microsoft Update | wuamk0p32.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Update | wuamkop.exe | Added by the RBOT-AFI WORM! | No |
| X | Microsoft Update | wuamkop32.exe | Added by the RBOT.BGU WORM! | No |
| X | Microsoft Update | wuampkd.exe | Added by the SDBOT.BBX WORM! | No |
| X | Microsoft Update | svzhost.exe | Added by the RBOT.OX WORM! | No |
| X | Microsoft Update | win32.exe | Added by a variant of the SDBOT WORM! | No |
| X | Microsoft Update | wininit.exe | Added by the RBOT-AKR WORM! | No |
| X | Microsoft Update | wuamgrd3.exe | Added by the RBOT-AMC WORM! | No |
| X | Microsoft Update | Wudates.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Update | ms.exe | Added by the SDBOT.CC WORM! | No |
| X | Microsoft Update | wuagmsd.exe | Added by the RBOT-AX WORM! | No |
| X | Microsoft Update | cmss.exe | Added by the RBOT-ATQ WORM! | No |
| X | Microsoft Update | wuamgrb.exe | Added by the RBOT-AZE WORM! | No |
| X | Microsoft Update | WINDOC.EXE | Added by the SDBOT.PF WORM! | No |
| X | Microsoft Update | phqghumea.exe | Added by the SDBOT.AFO WORM! | No |
| X | Microsoft Update | system32.exe | Added by the RBOT.IS WORM! | No |
| X | Microsoft Update | bling.exe | Added by the RBOT-AVK WORM! | No |
| X | Microsoft Update | Sygate.exe | Added by a variant of the SDBOT WORM! | No |
| X | Microsoft Update | update.exe | Added by a variant of the SDBOT WORM! | No |
| X | Microsoft Update | WinDrv32.exe | Added by the RBOT.EGW WORM! | No |
| X | Microsoft Update | devmks32.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft update | winupdate.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Update | msupdate.exe | Added by the BOROBOT-I TROJAN! | No |
| X | Microsoft Update | mixer.exe | Added by the RBOT-AIR WORM! | No |
| X | Microsoft Update | taskmgr32.exe | Added by the RBOT-CV WORM! | No |
| X | Microsoft Update | drive.exe | Added by the BIFROSE-PN WORM! | No |
| X | Microsoft Update | wangard.exe | Added by the RBOT-LH WORM! | No |
| X | MICROSOFT UPDATE | WUAGTRD.EXE | Added by the RBOT-CJ WORM! | No |
| X | Microsoft Update | spool.exe | Added by the AGENT-GJC TROJAN! | No |
| X | Microsoft Update | bnmveqfts.exe | Added by the BANLOAD.KWQ TROJAN! | No |
| X | Microsoft Update | dqbxhupdt | Added by a variant of the SDBOT WORM! See here | No |
| X | Microsoft Update | enule.exe | Added by the IRCBOT.DU BACKDOOR! | No |
| X | Microsoft Update | explorer.exe | Added by the RBOT.AEU BACKDOOR! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System% | No |
| X | Microsoft Update | imchemaoa.exe | Added by the BANLOAD.KWQ TROJAN! | No |
| X | Microsoft Update | livemessenger.com | Added by the ADLOAD-LN TROJAN! | No |
| X | Microsoft Update | msnmsgl.exe | Added by a variant of the SPYBOT WORM! See here | No |
| X | Microsoft Update | nnwyaupdt | Added by the RBOT.RHK BACKDOOR! | No |
| X | Microsoft Update | ntservice.exe | Added by the AGENT-DIS TROJAN! | No |
| X | Microsoft Update | rundll32.dll | Added by the CIADOOR.GN BACKDOOR! | No |
| X | Microsoft Update | wuamgrdx.exe | Added by a variant of the SPYBOT WORM! See here | No |
| X | Microsoft Update | wutr.exe | Added by the SPYBOT.AAR WORM! | No |
| X | Microsoft Update | SetPoints.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| X | Microsoft Update | system.exe | Added by a variant of the RBOT WORM! See here | No |
| X | Microsoft Update | service.exe | Added by a variant of the RBOT WORM! See here | No |
| X | Microsoft Update | msgn.exe | Added by the RBOT.RQ BACKDOOR! | No |
| X | Microsoft Update | wuamgrd16.exe | Added by the RBOT-BQ WORM! | No |
| X | Microsoft Update | windows32.exe | Added by the RBOT-BHQ WORM! | No |
| X | Microsoft Update 23 | NtKernelSystem.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Update 23 | spoolvs.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Update 32 | explore32.exe | Added by the SPYBOT.CYM WORM! | No |
| X | Microsoft Update 32 | MSupdate32.exe | Added by a variant of the SPYBOT WORM! | No |
| X | Microsoft Update 32 | wininit.exe | Added by the RBOT-ANY WORM! | No |
| X | Microsoft Update 32 | wininit32.exe | Added by the RBOT-AKJ WORM! | No |
| X | Microsoft Update 32 | [path to file] | Added by the RBOT-AJJ WORM! | No |
| X | Microsoft Update 32 | mscnfg.exe | Added by the RBOT-ALM WORM! | No |
| X | Microsoft Update 32 | servic.exe | Added by the RBOT-AXN WORM! | No |
| X | Microsoft Update 32 | winitXP32.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Update 32 | mssetup32.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Update 32 | wiit.exe | Added by the RBOT-AMS WORM! | No |
| X | Microsoft Update 32 | explorer.exe | Added by the RBOT-ARF WORM! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System% | No |
| X | Microsoft Update 32 | network.exe | Added by the RBOT-ARZ WORM! | No |
| X | Microsoft Update 32 | om4r.exe | Added by the RBOT-AQP WORM! | No |
| X | Microsoft Update 32 | winin.exe | Added by the RBOT-ARR WORM! | No |
| X | Microsoft Update 32 | wuinit.exe | Added by the AGOBOT-UE WORM! | No |
| X | Microsoft Update 32 | neta.exe | Added by the RBOT-AMI WORM! | No |
| X | Microsoft Update 32 | spoolvs.exe | Added by the RBOT-BBQ WORM! | No |
| X | Microsoft Update 32 | rundll32.exe | Added by the RBOT.AIE BACKDOOR! Note that this BACKDOOR modifies the file rundll32.exe, which is otherwise a legitimate Microsoft file used to launch DLL file types | No |
| X | Microsoft Update 32 | taskMangr.exe | Added by the RBOT.AIE BACKDOOR! | No |
| X | Microsoft Update 32 | winssx.exe | Added by the RBOT-ARW WORM! | No |
| X | Microsoft Update 33 | init.exe | Added by the RBOT-ATT WORM! | No |
| X | Microsoft Update 64 BIT | wininit32.exe | Added by the RBOT-AHE WORM! | No |
| X | Microsoft Update 64 BIT | winman32.exe | Added by the RBOT-AKI WORM! | No |
| X | Microsoft Update 64 BIT | schvost.exe | Added by the RBOT.CAU WORM! | No |
| X | Microsoft Update 64 BIT | winl32xe.exe | Added by the RBOT-AQO WORM! | No |
| X | Microsoft Update Clinic | svsipconfig.exe | Added by the RBOT.BR WORM! | No |
| X | MICROSOFT UPDATE CONFIGURATION | WIN32SNC.EXE | Added by the RBOT-AI WORM! | No |
| X | Microsoft Update Control | Ms64.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Update Debugger | wincfg32.exe | Added by the SPYBOT.ZC WORM! | No |
| X | Microsoft Update Device | flolo.exe | Added by a variant of the SPYBOT WORM! See here | No |
| X | Microsoft Update Device Drivers | wuauclt.exe | Added by a variant of the SDBOT WORM! Note - this is not the legitimate wuauclt.exe process, which should not appear in Msconfig/Startup! | No |
| X | Microsoft Update DLL | rxxhost.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Update Drivers | explorers.exe | Added by a variant of the SDBOT WORM! | No |
| X | Microsoft Update Emulator | kern-mxe.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Update Emulator | wuaddsff.exe | Added by the RBOT-GX WORM! | No |
| X | Microsoft Update Loader | [random filename] | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Update Loaders 2005 | winusers.exe | Added by the RBOT-AIQ WORM! | No |
| X | Microsoft Update Loaders 2006 | winusersystem32.exe | Added by a variant of the AGOBOT/GAOBOT WORM! | No |
| X | Microsoft Update Machine | expl0rer.exe | Added by the SDBOT.OK WORM! | No |
| X | Microsoft Update Machine | rxhost.exe | Added by the RBOT.FC WORM! | No |
| X | Microsoft Update Machine | servicz.exe | Added by the RBOT-HU WORM! | No |
| X | Microsoft Update Machine | SP2.exe | Added by the SPYBOT.FP WORM! | No |
| X | Microsoft Update Machine | winini.exe | Added by the RBOT-KV WORM! | No |
| X | Microsoft Update Machine | xvshost.exe | Added by the RBOT.QP WORM! | No |
| X | Microsoft Update Machine | memstat.exe | Added by the RBOT-OM WORM! | No |
| X | Microsoft Update Machine | ntce.exe | Added by the RBOT-FA WORM! | No |
| X | Microsoft Update Machine | system03.exe | Added by the RBOT-NM WORM! | No |
| X | Microsoft Update Machine | wuawx.exe | Added by the RBOT-CE WORM! | No |
| X | Microsoft Update Machine | zonealarm.exe | Added by the RBOT-BZ WORM! Note - this is not the valid Zone Labs firewall program! | No |
| X | Microsoft Update Machine | systemll.exe | Added by the RBOT-JT WORM! | No |
| X | Microsoft Update Machine | winupdt.exe | Added by the RBOT-FP WORM! | No |
| X | Microsoft Update Machine | svshost.exe | Added by the RBOT.AK WORM! | No |
| X | Microsoft Update Machine | wuamgd.exe | Added by the SDBOT.HQ WORM! | No |
| X | Microsoft Update Machine | wupdt32x.exe | Added by a variant of the SDBOT WORM! | No |
| X | Microsoft Update Machine | [random filename] | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Update Machine | linux.exe | Added by the RBOT-IM WORM! | No |
| X | Microsoft Update Machine | lmrss.exe | Added by the RBOT-DY WORM! | No |
| X | Microsoft Update Machine | windowsu.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Update Machine | wininigo.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Update Machine | winmgr.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Update Machine | Winmsixp32.exe | Added by the RBOT.DN WORM! | No |
| X | Microsoft Update Machine | Winregs32.exe | Added by the RBOT.DN WORM! | No |
| X | Microsoft Update Machine | winxpini.exe | Added by the RBOT-OB WORM! | No |
| X | Microsoft Update Machine | wuamgrd.exe | Added by the RBOT-HE WORM! | No |
| X | Microsoft Update Machine | wuagrd.exe | Added by the RBOT-GF WORM! | No |
| X | Microsoft Update Machine | LANWAKE.EXE | Added by the RBOT-QZ WORM! | No |
| X | Microsoft Update Machine | scvhost.exe | Added by the RBOT-GS WORM! | No |
| X | Microsoft Update Machine | winhost.exe | Added by the RBOT-GK WORM! | No |
| X | Microsoft Update Machine | winss.exe | Added by the RBOT.JU WORM! | No |
| X | Microsoft Update Machine | WUAMGRDXS.EXE | Added by the RBOT-GL WORM! | No |
| X | Microsoft Update Machine | crss32.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Update Machine | lsasse.exe | Added by the RBOT-DI WORM! | No |
| X | Microsoft Update Machine | qwerty.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Update Machine | rxxhost.exe | Added by the RBOT.EP WORM! | No |
| X | Microsoft Update Machine | servicez.exe | Added by the SPYBOT.BI WORM! | No |
| X | Microsoft Update Machine | spoolserv.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Update Machine | Systemnt.exe | Added by the RBOT.DA WORM! | No |
| X | Microsoft Update Machine | systemse.exe | Added by the RBOT-BD WORM! | No |
| X | Microsoft Update Machine | taskmngrs.exe | Added by the RBOT-CR WORM! | No |
| X | Microsoft Update Machine | windowsup.exe | Added by the RBOT-FV WORM! | No |
| X | Microsoft Update Machine | wuamgard.exe | Added by the SPYBOT.CS WORM! | No |
| X | Microsoft Update Machine | wupdate32.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Update Machine | system.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Update Machine | TMEMSER.EXE | Added by the RBOT-NQ WORM! | No |
| X | Microsoft Update Machine | winnie.exe | Added by the RBOT-ACD WORM! | No |
| X | Microsoft Update Machine | winortho.exe | Added by the RBOT-NW WORM! | No |
| X | Microsoft Update Machine | wins32.exe | Added by the RBOT.EZ WORM! | No |
| X | Microsoft Update Machine | serviz.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Update Machine | TASKMAN4.EXE | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Update Machine | wftestb.exe | Added by the RBOT-AFZ WORM! | No |
| X | Microsoft Update Machine | Win32.exe | Added by the SDBOT.UV WORM! | No |
| X | Microsoft Update Machine | windns.exe | Added by the RBOT.EF WORM! | No |
| X | Microsoft Update Machine | MSOICONS.EXE | Added by the RBOT.AWS WORM! Note - do no confuse with the legitimate Msoicons.exe file described here. The latter should not normally figure in Msconfig/Startup! | No |
| X | Microsoft Update Machine | WINSVC32.EXE | Added by the RBOT.CU WORM! | No |
| X | Microsoft Update Machine | ntsystem.exe | Added by the RBOT.GF WORM! | No |
| X | Microsoft Update Machine | winupdte.exe | Added by the RBOT-GKL WORM! | No |
| X | Microsoft Update Machine | jkfrnz.exe | Added by the RBOT-GOZ WORM! | No |
| X | Microsoft Update Machine | wlimyc.exe | Added by the RBOT-GQN WORM! | No |
| X | Microsoft Update Machine | xagwxzy.exe | Added by the RBOT.S WORM! | No |
| X | Microsoft Update Machine | jkydxg.exe | Added by the RBOT.AEA BACKDOOR! | No |
| X | Microsoft Update Machine | opmmve.exe | Added by the KOLABC.DES WORM! | No |
| X | Microsoft Update Machine | paxrxo.exe | Added by the PUSHBOT.A WORM! | No |
| X | Microsoft Update Machine | psmszw.exe | Added by the KOLABC.CC WORM! | No |
| X | Microsoft Update Machine | syadpo.exe | Added by the CIADOOR.GN BACKDOOR! | No |
| X | Microsoft Update Machine | systemi.exe | Added by the BUZUS.JKU TROJAN! | No |
| X | Microsoft Update Machine | thvfyq.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Update Machine | ubthec.exe | Added by the AGENT.AWZ TROJAN! | No |
| X | Microsoft Update Machine | winmngr.exe | Added by the RBOT.GKQ BACKDOOR! | No |
| X | Microsoft Update Machine | gbhglj.exe | Added by the IRCBOT-ZJ TROJAN! | No |
| X | Microsoft Update Machine | wuamgdr.exe | Added by the RBOT-IO BACKDOOR! | No |
| X | Microsoft Update Manager | WINRLS.EXE | Added by the RBOT-AF WORM! | No |
| X | Microsoft Update Manager | svshost.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Update Manager | scvhost.exe | Added by the AGOBOT.AXJ WORM! | No |
| X | Microsoft Update Manager | scvideo.exe | Added by the SDBOT-CVP TROJAN! | No |
| X | Microsoft Update Mechene | Updatez.exe | Added by the RBOT-GI WORM! | No |
| X | Microsoft Update Module | rundll24.exe | Added by the RBOT-PS WORM! | No |
| X | Microsoft Update Process | wmipcvse.exe | Added by the AGOBOT-JF TROJAN! | No |
| X | Microsoft Update Security Patch | mssecurityupdatepatch.exe | Added by the AGENT.EF TROJAN! | No |
| X | Microsoft Update Server | mssrv.exe | Added by an unidentified VIRUS, WORM or TROJAN! | No |
| X | Microsoft Update Service | csrss32.exe | Added by the AGOBOT-HC WORM! | No |
| X | Microsoft Update Service | mswin32.exe | Added by a variant of the SPYBOT WORM! | No |
| X | Microsoft update service | systemm.exe | Added by a variant of the SDBOT WORM! | No |
| X | Microsoft Update SERVICE | phqghum.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Update Service | msupdate.pif | Added by the RBOT-AQB WORM! | No |
| X | Microsoft Update Services | wcsnfty.exe | Added by the RBOT-AGK WORM! | No |
| X | Microsoft Update Services | wsnfty.exe | Added by the RBOT-AFU WORM! | No |
| X | Microsoft Update Time | wuam.exe | Added by the RBOT-M WORM! | No |
| X | Microsoft Update USB2 | wuammgrd32.exe | Added by the RBOT-ADT WORM! | No |
| X | Microsoft Update v2.6 | lxxex.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Update Win32a | winupdate32a.exe | Added by the RBOT-LO WORM! | No |
| X | Microsoft Update Win32x | winupdate32x.exe | Added by the RBOT-AJN WORM! | No |
| X | Microsoft Updater | winsys32.exe | Added by the RBOT.RL WORM! | No |
| X | Microsoft Updater | msconsole.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | Microsoft Updater | svhost.exe | Added by the AGENT.CDF TROJAN! | No |
| X | Microsoft Updater | vbcjlg.exe | Added by a variant of the SPYBOT WORM! See here | No |
| X | Microsoft Updater | wuamgrds.exe | Added by the RBOT.A WORM! | No |
| X | Microsoft Updater | winupdate.exe | Added by the AGENT-KIR TROJAN! | No |
| X | Microsoft Updater Resources | WinFixd32.exe | Added by the SPYBOT.CA WORM! | No |
| X | Microsoft UPDATER32 | lsass.exe | Added by the RANDEX.AR WORM! Note - this is not the legitimate Lsass.exe system file should normally NOT figure in Msconfig/Startup! | No |
| X | Microsoft UPDATER32 | LSASS32.EXE | Added by the RANDEX.AR WORM! | No |
| X | Microsoft Updaters | tskmgr.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Updaters | sysconfigs.exe | Added by the RBOT-DF TROJAN! | No |
| X | Microsoft Updaters Pros | WINDLL32XP.EXE | Added by the SPYBOTTER.GEN VIRUS! | No |
| X | Microsoft Updates | systemc32.exe | Added by the RBOT-GR WORM! | No |
| X | Microsoft Updates | wkssvr.exe | Added by the RBOT.R WORM! | No |
| X | Microsoft Updates | wkssvrs.exe | Added by the RBOT-EB WORM! | No |
| X | Microsoft Updates | wuamgrd.exe | Added by the RBOT-CO WORM! | No |
| X | Microsoft Updates | wtemp32.exe | Added by the RBOT-AHQ WORM! | No |
| X | Microsoft Updates | svehost.exe | Added by the RBOT-GRW WORM! | No |
| X | Microsoft Updates | svshost.exe | Added by the AGOBOT-AIW WORM! | No |
| X | Microsoft Updates | svdhost.exe | Added by the RBOT-GVH WORM! | No |
| X | Microsoft Updates | service.exe | Added by the POISON.HPT BACKDOOR! | No |
| X | Microsoft Updates | [worm filename] | Added by the AGOBOT-AIZ WORM! | No |
| X | Microsoft Updates | wgcptsud.exe | Added by the RBOT-GTF WORM! | No |
| X | Microsoft Updates | winit.exe | Added by the SDBOT-CSB WORM! | No |
| X | Microsoft Updates 2 USB | wgafixer.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Updates 5 USB | sp3fixer.exe | Added by the RBOT-ADS WORM! | No |
| X | Microsoft UpdateS Machine | wgrd.exe | Added by the RBOT-FI WORM! | No |
| X | Microsoft Updates Resources | WinFixIDs.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Updating | navguard.exe | Added by the RBOT.HW WORM! | No |
| X | Microsoft Updating | syswr.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Updating | wuamguards.exe | Added by the RBOT-BY WORM! | No |
| X | Microsoft Updating Client | websvc.exe | Added by the RBOT.AQ WORM! | No |
| X | Microsoft Updating Machine | sysc0de.exe | Added by the RBOT.RB WORM! | No |
| X | Microsoft Updatting | miroupdate.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Updote | [random filename] | Added by the RBOT-ARC WORM! | No |
| X | Microsoft UpMachine | doezs.exe | Added by the RBOT.BCT WORM! | No |
| X | Microsoft upnp Update | msie.exe | Added by the RBOT-LQ WORM! | No |
| X | Microsoft uptime Service | sysuptime.exe | Added by the RBOT-ACG WORM! | No |
| X | Microsoft uptime Service | sycuptime.exe | Added by the RBOT-AHY WORM! | No |
| X | Microsoft UpToDate Driver (32-bits) | [random filename].exe | Added by the SPYBOT.LXJ WORM! | No |
| X | Microsoft Urlmon | urlmon.exe | Added by the AGENT-GOO TROJAN! | No |
| X | Microsoft USA Plug | usaplug.exe | Added by the RBOT-DVC WORM! | No |
| X | Microsoft USB Windows2 Driver | usbautotuner.exe | Added by the SILLYFDC.BCL WORM! | No |
| X | Microsoft USB2 Driver | crmss.exe | Added by the RBOT-VK WORM! | No |
| X | Microsoft usnsvc Service | usnsvc.exe | Added by a variant of the KOBOT-C WORM! | No |
| N | Microsoft Utility Startup | OSA9.exe | On older versions of MS Office this launches common Office components to help speed up the launch of Office programs. On slower machines it can be a resource hog and some users claim there's no difference with or without it - but it usually isn't required. This must be left enabled if you use the Microsoft Office Shortcut Bar (MSOFFICE.EXE) and have set it to load at startup. Available via Start → All Programs | No |
| X | Microsoft Values | igfkishc.exe | Added by the RBOT-GLO WORM! | No |
| X | Microsoft Vertupdate | MSvert32.exe | Added by the MYTOB-CY WORM! | No |
| X | Microsoft Video Capture Controls | MSsrvs32.exe | Added by the SDBOT-AAK WORM! | No |
| X | Microsoft Video Controls | tskmsgr.exe | Added by a variant of the SPYBOT WORM! | No |
| X | Microsoft Video Driver | videodrv.exe | Added by the SDBOT-AGP WORM! | No |
| X | Microsoft Viewer Monitor Manager | viewmon.exe | Added by the XPAK.A TROJAN! | No |
| X | Microsoft Virtual Service Manager | vservice32.exe | Added by the MSNWORM.T WORM! | No |
| X | Microsoft Virual Machine | sms.exe | Added by the RBOT-SP WORM! | No |
| X | Microsoft Vista Upgrade Validation Service | cfmon.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| X | Microsoft Visual Application | vpcrtf.exe | Added by the IRCBOT-XJ TROJAN! | No |
| X | Microsoft Visual Debuger | mdm.exe | Added by the SDBOT-DOO WORM! Note - this is not the legitimate Machine Debug Manager (mdm.exe) process which is located in %ProgramFiles%\Common Files\Microsoft Shared\VS7Debug (98/Me/XP/Vista) or C:\WINDOWS\SYSTEM (Me only) | No |
| X | Microsoft Visual SourceSafe | services.exe | Added by the NEVEG.B or NEVEG.C WORMS! Note - this is not the legitimate services.exe process, which should not appear in Msconfig/Startup! | No |
| X | Microsoft Visual SourceSafe | winlogon.exe | Added by the NEVEG.A WORM! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup! | No |
| X | MicroSoft Visual SP | igxdfdfds.com | Added by the SDBOT.GAV WORM! | No |
| X | MicroSoft Visual SP2 | igfxsrvc32.exe | Added by the SDBOT.GAV WORM! | No |
| X | Microsoft Visual Studio | plscdksxg.exe | Added by the RBOT-AWV WORM! | No |
| X | Microsoft Visual Studio VSA | varpc32.exe | Added by a variant of the SPYBOT WORM! | No |
| X | Microsoft Web CP Manager | webcp32.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Microsoft Web Device | wdevice.exe | Added by a variant of the SDBOT WORM! | No |
| X | Microsoft web update | webmsn.exe | Added by the RBOT-EMQ WORM! | No |
| U | Microsoft Webserver | svctrl.exe | Personal web server program which enables you to create and host a web server from your computer. Not required for most people | No |
| X | Microsoft Win Corp TLS Verification | mswintls.exe | Added by the RBOT-GCT WORM! | No |
| X | Microsoft Win Update | WinUP.exe | Added by the RBOT-BPR WORM! | No |
| X | Microsoft WIN32 DOS | MSdos32.exe | Added by a variant of the SDBOT WORM! | No |
| X | Microsoft WIN32 Security | MSsec32.exe | Added by the RBOT-DOQ TROJAN! | No |
| X | MicroSoft Wind0ws Updater | winsupdater.exe | Added by a variant of the RBOT WORM! | No |
| X | MicroSoft Window Updater | winsupdater.exe | Added by the RBOT-ZZ WORM! | No |
| X | Microsoft Windows | mstask0.exe | Added by the SDBOT.FQ WORM! | No |
| X | Microsoft Windows | atup | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Windows | Microsoft Windows.hta | HTA file which creates an executable on the hard drive which subsequently proceeds to download files from a malware site! | No |
| X | Microsoft Windows | explorar.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Windows | [path to file] | Added by the BDOOR-LI BACKDOOR! | No |
| X | Microsoft Windows | bootini.exe | Added by the VANEBOT-K WORM! | No |
| X | Microsoft Windows | Kernel.exe | Added by the EDIBARA-A VIRUS! | No |
| X | Microsoft Windows | Kernel.vbs | Added by the EDIBARA-A VIRUS! | No |
| X | Microsoft Windows | pwjbvphi.exe | Added by the RBOT-GQK WORM! | No |
| X | Microsoft Windows (D) | iexplore.exe | Identified as a variant of the TrojanSpy.Agent malware | No |
| X | Microsoft Windows 128bit Subsystem | system12.exe | Added by the RANCK-CZ TROJAN! | No |
| X | Microsoft Windows 16Bit | mswinn16.exe | Added by a variant of the SPYBOT WORM! | No |
| X | Microsoft Windows 2000 | Winupdsdgm.exe | Added by the GAOBOT.AO WORM! | No |
| X | Microsoft Windows 32 Update | win32update.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | Microsoft Windows 32Bit | mswinn32.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Windows 64 Bit | mswin32.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Windows Adapter 5.1.3214 | [worm filename].exe | Added by the STRAT.GEN-3 WORM! | No |
| X | Microsoft Windows Client Firewall | msclt.exe | Added by the VANEBOT-F WORM! | No |
| X | Microsoft Windows Communicator for NT/XP | wincomm.exe | Added by the RBOT.ATH WORM! | No |
| X | Microsoft Windows Config 32 | win32conf.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Windows Control | mswctl32.exe | Added by the RBOT.JP WORM! | No |
| X | Microsoft Windows CSRSS | csrss.exe | Added by the KALEL-A WORM! Note - this worm replaces the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! | No |
| N | Microsoft Windows Desktop Search System Tray | WindowsSearch.exe | System Tray access to Windows Desktop Search for XP from Microsoft - which adds additional search options including a search box on the Taskbar. This version (3.0.1) also includes the Windows Search (WSearch) service which indexes files and e-mails items so you can quickly find words and phrases. Disabling this entry does not affect the normal operation and this is the Windows Defender entry | Yes |
| N | Microsoft Windows Desktop Search Tool Tray Admin | WindowsSearch.exe | System Tray access to Windows Desktop Search for XP from Microsoft - which adds additional search options including a search box on the Taskbar. For this version (2.6.*), this entry also runs the indexing function at startup which indexes files and e-mails items so you can quickly find words and phrases. Disabling this entry does not affect the normal operation and indexing will occur when you next perform a search. This is the Windows Defender entry | Yes |
| X | Microsoft Windows DHCP | ___r.exe | Added by the MASLAN.A or MASLAN.C WORMS! | No |
| X | Microsoft Windows DLL 32-BIT | msncheck32.exe | Added by the SDBOT-XX WORM! | No |
| X | Microsoft Windows DLL Services | mwindll.exe | Added by the SDBOT-VX WORM! | No |
| X | Microsoft Windows DLL Services Configuration | newdll.exe | Added by the SDBOT-ZR WORM! | No |
| X | Microsoft Windows DLL Services Configuration | newdll2.exe | Added by the SDBOT-ABD WORM! | No |
| X | Microsoft Windows DLL Services Configuration | poker.exe | Added by the SDBOT-ZY WORM! | No |
| X | Microsoft Windows DLL Services Configuration | poker3.exe | Added by the SDBOT-AAH WORM! | No |
| X | Microsoft Windows DLL Services Configuration | proxy.exe | Added by the SDBOT-ZL WORM! | No |
| X | Microsoft Windows DLL Services Configuration | windir32.exe | Added by the SDBOT.BHF WORM! | No |
| X | Microsoft Windows DLL Services Configuration | windir32a.exe | Added by a variant of the SDBOT.BHF WORM! | No |
| X | Microsoft Windows DLL Services Configuration | windll32.exe | Added by the SDBOT.BHD WORM! | No |
| X | Microsoft Windows DLL Services Configuration | winDSL.exe | Added by the SDBOT-ZG WORM! | No |
| X | Microsoft Windows DLL Services Configuration | dllmanager32.exe | Added by the SDBOT-BTU WORM! | No |
| X | Microsoft Windows DLLHandler | bitpaint.exe | Added by the SDBOT.AHG WORM! | No |
| X | Microsoft Windows Drivers | windrv.exe | Added by a variant of the SDBOT WORM! | No |
| X | Microsoft Windows DVR | windvr.exe | Added by the RBOT-AXD WORM! | No |
| X | Microsoft Windows Expl0rer | expl0rer.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Microsoft Windows Explorer | iexplorer.exe | Added by a variant of the RBOT WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) | No |
| X | Microsoft Windows Explorer | explorewin.exe | Added by the IRCBOT.WORM.212480.H WORM! | No |
| X | Microsoft Windows Express | Microsoft Update | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Microsoft Windows Express | websploit.exe | Added by a variant of the SPYBOT WORM! See here | No |
| X | Microsoft Windows Express | windowslogonb.exe | Added by the SDBOT.ABOO WORM! | No |
| X | Microsoft Windows Files Loader | cgy32win.exe | Added by the RBOT-AXR WORM! | No |
| X | Microsoft Windows Game Updater | msgame32.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Windows GUI | Windowz.exe | Added by the RANDEX.AEV WORM! | No |
| X | Microsoft Windows GUI | msmonk32.exe | Added by the SDBOT-PE WORM! | No |
| X | Microsoft Windows Kernel Services | winkrnl386.exe | Added by the ZEBROXY TROJAN! | No |
| X | Microsoft Windows Loader | wloader.exe | Added by a variant of the AGOBOT/GAOBOT WORM! | No |
| X | Microsoft Windows Logon Process | winlogon.exe | Added by the PROXYSER-R TROJAN! Note - this is not the legitimate winlogon.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | Microsoft Windows Media Player | mediaplayer.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Windows Media Player | wimp.exe | Added by the RBOT-FN WORM! | No |
| U | Microsoft Windows Media Player Network Sharing Service Configuration Application | WMPNSCFG.exe | Network sharing tool for Windows Media Player 11 for XP & Vista. When using WMP 11 on home network you can choose to share your favorite music, videos, and pictures to others on the network. This entry is used to notify users when new media rendering devices are found on the network (including media players and other PCs running Windows Media Player 11) - see here for a more detailed explanation | Yes |
| X | Microsoft Windows Registry Service | wregistry.exe | Added by the AGOBOT.AKG WORM! | No |
| N | Microsoft Windows Search System Tray | WindowsSearch.exe | System Tray access to Windows Search 4.0 for XP from Microsoft - which adds additional search options including a search box on the Taskbar. This version also includes the Windows Search (WSearch) service which indexes files and e-mails items so you can quickly find words and phrases. Disabling this entry does not affect the normal operation | Yes |
| X | Microsoft Windows Secure | windocs.exe | Added by a variant of the SDBOT WORM! | No |
| X | Microsoft Windows Secure | windocs.exe | Added by a variant of the SDBOT WORM! | No |
| X | Microsoft Windows Secure Server | rpcxWindows.exe | Added by the RBOT-LL WORM! | No |
| X | Microsoft Windows Secure Update | rpcxwinupdt.exe | Added by an unidentified WORM or TROJAN! | No |
| X | Microsoft Windows Securety | wurguar.exe | Added by the RBOT-KY WORM! | No |
| X | Microsoft Windows Security | spvsper.exe | Added by a variant of the SDBOT WORM! | No |
| X | Microsoft Windows Security | wscndrives.exe | Added by the RBOT-AJK WORM! | No |
| X | Microsoft Windows Service | winsys.exe | Added by the RBOT-ADP WORM! | No |
| X | Microsoft Windows Service Pack | winspkn.exe | Added by the RBOT-AYD WORM! | No |
| X | Microsoft Windows Services | msw32.exe | Added by the RBOT-FWQ WORM! | No |
| X | Microsoft Windows Services | Sersices.exe | Added by the SDBOT-NO WORM! | No |
| X | Microsoft Windows Services Edt | ssvvcchhoosst.exe | Added by the RBOT-FYF TROJAN! | No |
| X | Microsoft Windows Services Edt | dllrun32.exe | Added by the RBOT-GAF WORM! | No |
| X | Microsoft Windows Session Manager Subsystem | smss.exe | Added by the PROXYSER-R TROJAN! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| U | Microsoft Windows Sidebar | Sidebar.exe | Windows Sidebar is a pane on the side of the Microsoft Windows Vista desktop where you can keep your gadgets organized and always available. In Windows 7 this feature is known as Desktop Gadgets and each gadget can be placed anywhere on the desktop. If the file isn't located in %ProgramFiles%\Windows Sidebar or you're using other versions of Windows it could be part of the Searchcentrix hijacker | Yes |
| X | Microsoft Windows Socketx32 Services | winsockx32.exe | Added by the RBOT-FWT WORM! | No |
| X | Microsoft Windows Sound | svghost.exe | Added by a variant of the SPYBOT WORM! See here | No |
| X | Microsoft Windows Sound | svshost.exe | Added by the RBOT.RNE BACKDOOR! | No |
| X | Microsoft Windows Sound | svuhost.exe | Added by the KOLAB.XC WORM! | No |
| X | Microsoft Windows Storage Machine Service | winms.exe | Added by the RBOT-AHK WORM! | No |
| X | Microsoft Windows SVCHOST | SVCHOST.exe | Added by the VB.KV WORM! Note - this is not the legitimate svchost.exe process which should not normally figure in Msconfig/Startup! | No |
| X | Microsoft Windows System | srwhost.exe | Added by a variant of the RBOT-ASW WORM! | No |
| X | Microsoft Windows System | syshost.exe | Added by the RBOT-ASW WORM! | No |
| X | Microsoft Windows System | System.exe | Added by the VB.KV WORM! | No |
| X | Microsoft Windows System Kernel | kernel32.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | Microsoft Windows System Service Manager | winsvc.exe | Added by the SPYBOT.LR WORM! | No |
| X | Microsoft Windows Task Management | mstasks.exe | Added by a variant of the SDBOT WORM! | No |
| X | Microsoft Windows Task Manger | Mstosk.exe | Added by the SDBOT-WW WORM! | No |
| X | Microsoft Windows Tasks Management | taskmng.exe | Added by the RBOT-FXK WORM! | No |
| X | Microsoft Windows Updata | scvhost.exe | Added by the RBOT.CEM BACKDOOR! | No |
| X | Microsoft Windows Updata | windows.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Windows Updata | [5 random letters].exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Windows Update | rundlls.exe | Added by the HABRACK WORM! | No |
| X | Microsoft Windows Update | msoffice2.exe | Added by the RBOT-GB WORM! | No |
| X | Microsoft Windows Update | spools.exe | Added by the SDBOT.TD WORM! | No |
| X | Microsoft Windows Update | svchos.exe | Added by the SDBOT.AC WORM! | No |
| X | Microsoft Windows Update | svcshost.exe | Added by the FORBOT-CF WORM! | No |
| X | Microsoft Windows Update | svmhost.exe | Added by the FORBOT-CH WORM! | No |
| X | Microsoft Windows Update | svshost.exe | Added by the WOOTBOT.CJ WORM! | No |
| X | Microsoft Windows Update | msnmessenger.exe | Added by the SDBOT.AJ WORM! | No |
| X | Microsoft Windows Update | msnwun.exe | Added by the SDBOT-RM WORM! | No |
| X | Microsoft Windows Update | scvvhost.exe | Added by the FORBOT-DH WORM! | No |
| X | Microsoft Windows Update | swwhost.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Windows Update | MSNMSGR.EXE | Added by the SDBOT-WM WORM! Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %System% | No |
| X | Microsoft Windows Update | svzhost.exe | Added by the FORBOT-EV WORM! | No |
| X | Microsoft Windows Update | sccvhost.exe | Added by a variant of the SDBOT WORM! | No |
| X | Microsoft Windows Update | scrhost.exe | Added by the RBOT-AOW WORM! | No |
| X | Microsoft Windows Update | mnswinsx.exe | Added by the RBOT-AWH WORM! | No |
| X | MICROSOFT Windows update | pdate.exe | Added by the RBOT.BZT WORM! | No |
| X | Microsoft Windows Update | srshost.exe | Added by a variant of the SDBOT WORM! | No |
| X | Microsoft Windows Update | rhost32.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | Microsoft Windows Update | windowsupdate.exe | Added by the AGOBOT.ON WORM! | No |
| X | Microsoft Windows Update | servcs.exe | Added by the SDBOT.AL BACKDOOR! | No |
| X | Microsoft Windows Update Application | wuap.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Windows Update Client | csrss.exe | Added by the KEBEDE-G WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\Systems32 | No |
| X | Microsoft Windows Update Client | services.exe | Added by the AUTORUN.DVE WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | Microsoft Windows Update Logon | win-logon.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Windows Update Service | wupdmgr32.exe | Added by the DOS.AUTOCAT TROJAN! | No |
| X | Microsoft Windows Update Service | msnmsg.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| X | Microsoft Windows Update x86 | [various filenames] | Added by a variant of the RBOT WORM! Filenames seen include (but are not limited to firefox.exe, opera.exe, taskmrg.exe, aim.exe, Winxdiag.exe and usnesvc.exe | No |
| X | Microsoft Windows Update XP64 | ********.exe [* = random char] | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Windows Update XP64 | updatexp64.exe | Added by the SDBOT-AIM WORM! | No |
| X | Microsoft Windows Update XP64 | Lcuninst.exe | Added by a variant of the SDBOT WORM! | No |
| X | Microsoft Windows Update XP64 | mzhxlixm.exe | Added by a variant of the SDBOT WORM! | No |
| X | Microsoft Windows Updater | winupdgm.exe | Added by the GAOBOT.BI WORM! | No |
| X | Microsoft Windows Updater | WINIUPDATES.EXE | Added by the RBOT-KK WORM! | No |
| X | Microsoft Windows Updater | WINUPDATE.EXE | Added by the RBOT-LI WORM! | No |
| X | Microsoft Windows Updater | TMNTSrv.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Windows Updater | win32upd.exe | Added by the RBOT-EC WORM! | No |
| X | Microsoft Windows Updater | msnupdateit.exe | Added by the AGOBOT-RL WORM! | No |
| X | Microsoft Windows Updater | windates.exe | Added by the SDBOT.TE WORM! | No |
| X | Microsoft Windows Updater | spoolvs.exe | Added by the RBOT.ACQ WORM! | No |
| X | Microsoft Windows Updater | suvhost.exe | Added by a variant of the SDBOT WORM! | No |
| X | Microsoft Windows updaterD | log32zx.exe | Added by the MYDOOM.W WORM! | No |
| X | Microsoft Windows Updates | explorer32.exe | Added by the SDBOT.VQ WORM! | No |
| X | Microsoft Windows Updates | wsap32.exe | Added by a variant of the SDBOT WORM! | No |
| X | Microsoft Windows Updating System | msresource.exe | Added by the RBOT-EAM WORM! | No |
| X | Microsoft Windows Visual V2.0 | msiutil.exe | Added by the DELF.JPH TROJAN! | No |
| X | Microsoft Windows W32 Services | mssw32.exe | Added by a variant of the SPYBOT WORM! | No |
| X | Microsoft Windows WinSaSS Management | winsass.exe | Added by the RBOT-APW WORM! | No |
| X | Microsoft Windows WKS Service | gt.exe | Added by the SDBOT.IR BACKDOOR! | No |
| X | Microsoft Windows WKS Service | mstask0.exe | Added by the SDBOT.FV WORM! | No |
| X | Microsoft Windows Workstation | devcode.exe | Added by the RBOT-AWL WORM! | No |
| X | Microsoft Windows XP Configuration Loader | m32svco.exe | Added by the SDBOT.WORM!.48548 WORM! | No |
| X | Microsoft Windows XP/2K Explorer | winexplorer.exe | Added by a variant of the IRCBOT TROJAN! See here | No |
| X | Microsoft Winedows startup | WinKey.exe | Added by a variant of the SDBOT WORM! See here | No |
| X | Microsoft Winedows Updateing | NinKey.exe | Added by a variant of the SPYBOT WORM! See here | No |
| X | Microsoft Winedows WinServ | iPodFix.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft WINGS32 Protocol | WinSGR32.exe | Added by the RBOT-APU WORM! | No |
| X | Microsoft WinRaR | winrar.exe | Added by the RBOT-AEC WORM! | No |
| X | Microsoft Winsock | mswinsck.exe | Added by the RBOT-ANK WORM! | No |
| X | Microsoft Winsock Service | msusvc.exe | Added by the RBOT-ANS WORM! | No |
| X | Microsoft Winsock Wrapper | ws2_32s.exe | Added by a variant of the SPYBOT WORM! | No |
| X | Microsoft Winsock32 System | winsock32.exe | Added by the SPYBOT.AKKC WORM! | No |
| X | Microsoft WinSound | [random filename] | Added by a variant of the RBOT WORM! | No |
| X | Microsoft winsupdater | WINSUPDATER.EXE | Added by the SPYBOTER.FB BACKDOOR! | No |
| X | Microsoft WinUpdate | mntcgf032.exe | Added by the RBOT-PF WORM! | No |
| X | Microsoft WinUpdate | svh0st.exe | Added by the SPYBOT.DL WORM! | No |
| X | Microsoft WinUpdate | syslx32.exe | Added by an unidentified VIRUS, WORM or TROJAN! | No |
| X | Microsoft WinUpdate | syswin32.exe | Added by the RBOT-HO WORM! | No |
| X | Microsoft WinUpdate | spfix.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft WinUpdate | Winamp61.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft WinUpdate | Winupd32.exe | Added by the RBOT.MQ WORM! | No |
| X | Microsoft WinUpdate | WinNTinit32.exe | Added by the RBOT.VS WORM! | No |
| X | Microsoft WinUpdate | msupdte.exe | Added by an unidentified TROJAN! See examples here & here | No |
| X | Microsoft WinUpdates | serm32.exe | Added by the RBOT.GE WORM! | No |
| X | Microsoft WM | mswm32.exe | Added by the BCKDR-AM BACKDOOR! | No |
| X | Microsoft Word | BootSector.exe | Added by a variant of the AGOBOT/GAOBOT WORM! | No |
| X | Microsoft Word Profissional | csrss.exe | Added by the BANCBAN-DB TROJAN! Note - this is not the legitimate csrss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "s1613" subfolder | No |
| X | Microsoft Word Profissional | Java Plug In close.exe | Added by the BANKER-EL TROJAN! | No |
| X | Microsoft Word Profissional | csrss.exe | Added by the BANKER-DJ TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "protect" subfolder | No |
| X | Microsoft Word Profissional | csrss.exe | Added by the BANKER-DP TROJAN! ! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "JavaVM" subfolder | No |
| N | Microsoft Works Calendar Reminders | wkcalrem.exe | If you schedule an event at any time in Microsoft Works Calendar and set a reminder then a shortcut will be added to Start → All Programs → Startup so this reminder service loads every time Windows starts | No |
| N | Microsoft Works Portfolio | WksSb.exe | The Works Portfolio tool lets you collect and organize text and pictures from the Web or your favorite program. The Works Portfolio provides a location where you can store items you want to later put into a document or other file. Can be prevented from starting from a setting within Portfolio | No |
| N | Microsoft Works Update Detection | wkdetect.exe | Checks for updates to MS Works | No |
| X | Microsoft World Service | winworld.exe | Added by an unidentified IRC worm with backdoor capability! | No |
| X | Microsoft WPCEmail | svchost.exe | Added by the SNIFFER-N TROJAN! | No |
| X | Microsoft WWW | [path to trojan] | Added by the AGENT-DRI TROJAN! | No |
| X | Microsoft Wxdate | Syswu32.exe | Added by the SPYBOT.HZ WORM! | No |
| X | Microsoft X Update | wuamkoppnp.exe | Added by the RBOT-ANI WORM! | No |
| X | microsoft xdaemon 2.0 | xdaemon.exe | Added by the DELF.D TROJAN! | No |
| X | Microsoft XML Service | msxmlx.exe | Added by the RBOT.KS WORM! | No |
| X | Microsoft Xp Systems loader | winsystem32xp.exe | Added by the KELVIR.W WORM! | No |
| X | Microsoft Xp Systems loaders | win32xpsys.exe | Added by the SPYBOT.NYT WORM! | No |
| X | Microsoft XPSP Protocol | xp386.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft xpsp2 | Networksystem.exe | Added by a variant of the SDBOT WORM! | No |
| X | Microsoft xpsp2 | xpsp2.exe | Added by the SDBOT-YQ WORM! | No |
| X | Microsoft« ActiveX Debugger NT | setdebugnt.exe | Added by the BANCOS-CZ TROJAN! | No |
| U | Microsoft® Windows Mobile® Device Center | wmdc.exe | Windows Mobile Device Center - mobile device management/synchronization software for Windows7/Vista, supporting mobile devices based upon Windows Mobile 2003 or later | Yes |
| N | Microsoft® Works 7.0 | wkcalrem.exe | If you schedule an event at any time in Microsoft Works Calendar and set a reminder then a shortcut will be added to Start → All Programs → Startup so this reminder service loads every time Windows starts | Yes |
| N | Microsoft® Works 8 | wkcalrem.exe | If you schedule an event at any time in Microsoft Works Calendar and set a reminder then a shortcut will be added to Start → All Programs → Startup so this reminder service loads every time Windows starts | Yes |
| X | Microsoft© | iexplore.exe | Added by the IRCBOT-ACO TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System%\dllcache | No |
| X | Microsoft© PID Lex | PIDLex.exe | Added by the NIOVADOOR TROJAN! | No |
| X | Microsoft© System Mapper | SysMap.exe | Added by the MAPSY TROJAN! | No |
| X | Microsoft's System Module | Sysmodule.exe | Added by the BDOOR-FJ BACKDOOR! | No |
| X | Microsoft(R) System Manager | sysmgr.exe | Added by the AGENT.QTR TROJAN! | No |
| X | Microsoft--Updates | sxvhost.exe | Added by the RBOT-FH WORM! | No |
| X | Microsoft-software | ****.exe [* = random char] | Added by a variant of the RBOT WORM! | No |
| X | Microsoft-Update | wngard.exe | Added by the RBOT-JV WORM! | No |
| X | Microsoft-Updates | svxhost.exe | Added by the RBOT-CT WORM! | No |
| X | Microsoft.exe | [random].exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | Microsoft32 | win32sys.exe | Added by an unidentified WORM or TROJAN! | No |
| X | microsoft420 | microsoft420.exe | Added by the MENACE.B WORM! | No |
| X | Microsoft64 | antiv.exe | Added by the SOBER WORM! | No |
| Y | MicrosoftAntiSpywareCleaner | gcASCleaner.exe | Microsoft Antipsyware - now superseded by Microsoft's Windows Defender | No |
| X | MicrosoftCorp | flashsplayer.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | MicrosoftCorp | javaw.exe | Added by the BUZUS.BULO TROJAN! | No |
| X | MicrosoftCorp | msnrmgs.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | MicrosoftCorp | regtray.exe | Added by the POISON.AHNW BACKDOOR! | No |
| X | MicrosoftCorp | securebind.exe | Added by the INJECT TROJAN! | No |
| X | MicrosoftCorp | sysdiag64.exe | Added by a the AUTOINF-AB WORM! | No |
| X | MicrosoftCorp | traymgr.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| X | MicrosoftCorp | update.exe | Added by the AUTORUN-ASG WORM! | No |
| X | MicrosoftCorp | wupdate.exe | Added by the AGENT-LAY TROJAN! | No |
| X | MicrosoftDriverService32 | drsys32.exe | Added by the IRCBOT.AKX BACKDOOR! | No |
| X | Microsoftf DDEs ContDLL | rune.pif | Added by the RBOT-AGF WORM! | No |
| X | Microsoftf DDEs ContrDL | runm.pif | Added by the RBOT-AFQ WORM! | No |
| X | Microsoftf DDEs Control | lxes.exe | Added by the RBOT.BOF WORM! | No |
| X | Microsoftf DDEs Control | wees.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoftf DDEs Control | soff.pif | Added by the RBOT-AKH WORM! | No |
| X | Microsoftf DDEs Control | why-.exe | Added by the RBOT-AMV WORM! | No |
| X | Microsoftf DDEs Control | msnn.exe | Added by the RBOT-AXT WORM! | No |
| X | Microsoftf DDEs Control | FEnR.exe | Added by the RBOT-AIM WORM! | No |
| X | Microsoftf DDEs Control | w33s.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoftf DDEs Control | waes.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoftkeysd | systemproc.exe | Added by the FORBOT-BI WORM! | No |
| X | Microsoftkeysd | systemwin32s.exe | Added by the WOOTBOT.CO WORM! | No |
| X | Microsoftkeysds | lass32.exe | Added by a variant of the RBOT WORM! | No |
| X | MicrosoftKs | Drivers.bat | Added by the SHUTDOWN-F TROJAN! | No |
| X | microsoftm eegs cuntrol | loor.pif | Added by a variant of the RBOT WORM! | No |
| X | MicrosoftMessenger | msnserv.exe | Added by the DARKER.M WORM! | No |
| X | Microsoftmsn32.exe | microsoftmsn32.exe | Added by the CERTIF-C TROJAN! | No |
| X | MicrosoftMultimediaTask | Mmtask.exe | Adware downloader - not the valid MusicMatch Jukebox which shares the same filename | No |
| X | MicrosoftNAPC | flashsplayer.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | MicrosoftNAPC | javaw.exe | Added by the BUZUS.BULO TROJAN! | No |
| X | MicrosoftNAPC | msnrmgs.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | MicrosoftNAPC | regtray.exe | Added by the POISON.AHNW BACKDOOR! | No |
| X | MicrosoftNAPC | securebind.exe | Added by the INJECT TROJAN! | No |
| X | MicrosoftNAPC | sysdiag64.exe | Added by a the AUTOINF-AB WORM! | No |
| X | MicrosoftNAPC | traymgr.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| X | MicrosoftNAPC | update.exe | Added by the AUTORUN-ASG WORM! | No |
| X | MicrosoftNAPC | wupdate.exe | Added by the AGENT-LAY TROJAN! | No |
| X | MicrosoftNetwork Daemon for Win32 | NETD32.EXE | Added by the RANDEX.F WORM! | No |
| X | MicrosoftOEM | smvss.exe | Added by the DEDLER-G TROJAN! | No |
| X | MicrosoftPersonalFirewall | spoolsrv.exe | Added by the WOOTBOT.DO BACKDOOR! | No |
| X | MicrosoftROMDriverService | cdrss.exe | Added by the IRCBOT.BLF BACKDOOR! | No |
| X | MicroSoftRun | MSCOMM.dll | Added by the AGENT-DJG TROJAN! | No |
| X | Microsofts media | winmplayd.exe | Added by an undidentified WORM or TROJAN! | No |
| X | Microsofts media | wingtp.exe | Added by the RBOT-VO WORM! | No |
| X | Microsofts MediaScope | winmep.exe | Added by the RBOT-WB WORM! | No |
| X | Microsofts MediaScope | winmedplay.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsofts Security Manager | ****.exe [**** = random char] | Added by the RBOT-WH TROJAN! | No |
| X | Microsofts Service | lcsrv16.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsofts Updates | lsasss.exe | Added by the RBOT-AEX WORM! | No |
| X | Microsofts Updatez | cmsssr.exe | Added by an unidentified VIRUS, WORM or TROJAN! | No |
| X | Microsofts Updatez | exploirez.exe | Added by a variant of the RBOT WORM! | No |
| X | MicrosoftServiceManager | mstask32.exe | Added by the YAHA.P WORM! | No |
| X | MicrosoftServiceManager | Wintsk32.exe | Added by the YAHA.U WORM! | No |
| X | MicrosoftServiceManager | EXPLORERE.EXE | Added by the YAHA.AB WORM! | No |
| X | MicrosoftServiceManager | msupdat.exe | Added by the YAHA.AA WORM! | No |
| X | MicrosoftShell | Shellcomm.exe | Added by the BANCBAN-QG TROJAN! | No |
| X | MicrosoftSourceSafe | csrss.exe | Added by the WEBUS TROJAN! Note - this is not the legitimate csrss.exe process which should not normally figure in Msconfig/Startup! | No |
| X | MicrosoftSourceSafe | lsass.exe | Added by the WEBUS.B TROJAN! Note - this is not the legitimate lsass.exe process which should not normally figure in Msconfig/Startup! | No |
| X | MicrosoftSys | SPOOLSYS.exe | Added by the TARNO.N TROJAN! | No |
| X | MicrosoftUpdate | syshelper.exe | Added by the WOOTBOT.AC WORM! | No |
| X | MicrosoftUpdate | WinUp32.exe | Added by an unidentified VIRUS, WORM or TROJAN! | No |
| X | MicrosoftUpdate | MicrosoftUpdate.exe | Added by the BANKER-EHC TROJAN! | No |
| X | MicrosoftUpdate | windll.exe | Added by the RBOT-IH WORM! | No |
| X | MicrosoftUpdate | RBuilder.exe | Added by the DLOADR-BMV TROJAN! | No |
| X | MicrosoftUpdate | svhest.exe | Added by the RBOT-ES WORM! | No |
| X | MicrosoftUpdates | [path to trojan] | Added by the DELF-LO TROJAN! | No |
| X | MicrosoftUpdates | syshelped.exe | Added by the FORBOT-AZ WORM! | No |
| X | MicrosoftValue | syscnfg.exe | Added by an unidentified VIRUS, WORM or TROJAN! "syscnfg.exe" is found in %Windir%\fonts\font2 where no *.exe files should reside | No |
| X | Microsoftvirus | sysoverload.exe | Added by the FORBOT-AL WORM! | No |
| X | MicrosoftWindows | [various filenames] | MagicSearch - a CoolWebSearch parasite variant | No |
| X | MicrosoftWindows | a@26m.exe | Added by the KILLPAR-B TROJAN! | No |
| X | MicrosoftXP Service Pack 2 | servicepack2.exe | Added by the RBOT.EMC WORM! | No |
| X | Microsoftz turn Control | aexl.exe | Added by the SDBOT.BCO WORM! | No |
| X | Microsoftz turn Control | read.pif | Added by the RBOT-AFS WORM! | No |
| U | Microsoft® Windows® Operating System | Sidebar.exe | Windows Sidebar is a pane on the side of the Microsoft Windows Vista desktop where you can keep your gadgets organized and always available. In Windows 7 this feature is known as Desktop Gadgets and each gadget can be placed anywhere on the desktop. If the file isn't located in %ProgramFiles%\Windows Sidebar or you're using other versions of Windows it could be part of the Searchcentrix hijacker | Yes |
| U | Microsoft® Windows® Operating System | ehTray.exe | Media Center Tray Applet - part of Windows Media Center on XP MCE, Vista and Windows 7 (where it doesn't run as a startup). Allows Windows Media Center to be started by pressing the green button on a remote control and also displays System Tray notifications, such as recording status (successful or non-successful), EPG download notification, etc | Yes |
| N | Microsoft® Windows® Operating System | RunDLL32.exe ehuihlp.dll,BootMediaCenter | Starts Windows Media Center every time Vista (Home Premium or Ultimate) or Windows 7 (Home Premium, Professional or Ultimate) boots. Disable by unchecking the "Start Windows Media Center when Windows Starts" option via Windows Media Center → Tasks → Settings → General → Startup and Window Behaviour | Yes |
| N | Microsoft® Windows® Operating System | rundll32.exe oobefldr.dll,ShowWelcomeCenter | Shows the Welcome Center every time you boot into Windows Vista - which "pulls all the tasks you'll most likely want to complete when you set up your computer into a single location" | Yes |
| N | Microsoft® Windows® Operating System | p2phost.exe | Signs a user into the People Near Me feature at login in Windows 7 and Vista. People Near Me enables you to use certain peer-to-peer (P2P) programs on a network - that "identifies people nearby who are using computers and allows those people to send you invitations for programs such as Windows Meeting Space. They can only invite you to participate in programs that are installed on your computer." Available via Start → Control Panel | Yes |
| N | Microsoft® Windows® Operating System | stikynot.exe | Microsoft Sticky Notes - virtual sticky notes tool from Windows Vista. This implementation of the popular yellow "Post-It" tool is part of the Tablet PC features and allows you to enter either handwriting (via a pen or mouse) or record a voice note. AVailable via Start → All Programs | Yes |
| U | Microsoft® Windows® Operating System | WMPNSCFG.exe | Network sharing tool for Windows Media Player 11 for XP & Vista. When using WMP 11 on home network you can choose to share your favorite music, videos, and pictures to others on the network. This entry is used to notify users when new media rendering devices are found on the network (including media players and other PCs running Windows Media Player 11) - see here for a more detailed explanation | Yes |
| X | Microsong | svchosts11.exe | Added by the SDBOT-EV WORM! | No |
| X | Microsot NT Support | [random filename].exe | Added by the RBOT-CTI WORM! | No |
| X | Microsotufed Update 32 | windinit.exe | Added by the RBOT-CTJ WORM! | No |
| X | Microst dds service | wsrss.exe | Added by an unidentified WORM or TROJAN! | No |
| X | microsystem | snddrv.exe | Added by the VB.AXG TROJAN! | No |
| X | Microszoft Update Mach1nezs | svchst.exe | Added by the RBOT-ED WORM! | No |
| U | Microtek Scanner Finder | ScannerFinder.exe | Monitors whether a scanner is present. Provided with Microtek scanners | No |
| X | Microzoft_Ofiz | KdzEregli.exe | Added by the AMUS.A WORM! | No |
| X | Micrsft Updese | xagwxz.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| X | Micrsoft CFG 32 | lrbzus32.exe | Added by a variant of the AGOBOT/GAOBOT WORM! | No |
| X | Micrsoft DerSystem | uqieelpb.exe | Added by the RBOT-GRI WORM! | No |
| X | Micrsoft Driver | windrive.exe | Added by the SDBOT.AF TROJAN! | No |
| X | Micrsoft Driver | msdriver.exe | Added by the SDBOT-XD WORM! | No |
| X | Micrsoft Driver | windrive32.exe | Added by the SLINBOT.TT BACKDOOR! | No |
| X | Micrsoft Internet Explorer | IEXPL0RE.EXE | Added by the RBOT-AQV WORM! Note the number "0" in the filename | No |
| X | Micsoft-Published-Software | explrer.exe | Added by the RBOT-GFL WORM! | No |
| X | Micsorosft Security Center | wcnsfty.exe | Added by the RBOT-AHU WORM! | No |
| X | mig2 | mig2.exe | Added by the BRONTOK-BW WORM! | No |
| N | MightyFAX Controller | MFNTCTL.EXE | Mighty FAX from RKS Software - "installs a printer driver so that you can fax directly from Windows software" | No |
| ? | MigrationVendorSetupCaller | rundll32.exe migrate.dll, CallVendorSetupDlls | ?? | No |
| X | Military Net Killer | MNK.exe | Added by the MILLNET-A WORM! | No |
| U | MilShieldSlave | ShieldWorker.exe | Mil Shield from Mil Incorporated. It protects your privacy by removing all tracks from your online or offline computer activities | No |
| N | MimBoot | mimboot.exe | Starts Musicmatch Jukebox at bootup - can be started manually | No |
| X | Mincer | Mincer.exe | Added by the MINCEME-A VIRUS! | No |
| U | Mindful | Mindful.exe | Mindful from Felitec inc. "Event reminder software with date and time tools in a simple to use system tray application" | No |
| U | Mini-XP | Mini-XP.exe | Minimizer-XP from Totalidea Software - adds an additional button in the top right-corner of any application window to allow you to quickly minimize it to the System Tray. No longer available from the author but still available from download sites such as Download.com | Yes |
| X | MINIBUG | MINIBUG.EXE | Displays ads inside Weatherbug - see here | No |
| N | MiniEYE-MiniREAD Launch | ARLaunch.exe | eyeQ - improve your reading speed | No |
| N | MINIFERT.EXE | MINIFERT.EXE | Part of Backweb | No |
| U | minilog | MINILOG.EXE | If you don't have ZoneAlarm or ZoneAlarm Pro running you don't need this. This must be enabled if programs such as VisualZone Report utility or ZoneLog Analyzer are in use | No |
| N | MiniMavis | MiniMavis.exe | Mavis Beacon typing tutor | No |
| X | minimo | [path to file] | Added by the MOSUCK-X TROJAN! | No |
| N | MiniNote | MININOTE.EXE | Mini NoteTab was the first in the family of "NoteTab" text and HTML editors from Fookes Software | No |
| N | Miniphone | glophone.exe | VoiceGlo Glophone - "an affordable and convenient way to call friends and family throughout the world using a dial-up or broadband Internet connection on your computer" using the VoIP (Voice over Internet Protocol). No longer available | No |
| X | miniport | usb2chk.exe | Added by the LAZAR-A TROJAN! | No |
| X | MiniPortRt | miniport_mp.exe | Malware - see here | No |
| U | MiniReminder | MiniReminder.exe | "MiniReminder is a small, fast, and simple program for Microsoft Windows to remind yourself of important yearly events, like birthdays, anniversaries, renewals, etc" | No |
| X | MiniServer.exe | MiniServer.exe | Added by the LITTLEW-E TROJAN! | No |
| X | minix32 | minix32.exe | Added by the AGENT.CKQX TROJAN! | No |
| U | MinMaxExtender | Mmext.exe | MinMaxExtender - window handling tool | No |
| X | Mioft Wiws Seice ent | [worm filename].exe | Added by the RBOT-GIJ WORM! | No |
| X | Miosf Update | wimsqaad.exe | Added by the SDBOT.AG TROJAN! | No |
| U | MioSync | mioSync.exe | Related to Mio GPS navigation devices | No |
| N | Mirabilis ICQ | NDetect.exe | If connected to the internet, automatically runs up ICQ. Convenience more than anything. ICQ can be started from Start -> Programs | No |
| N | Mirabilis ICQ | icq.exe | If connected to the internet, automatically runs up ICQ. Convenience more than anything. ICQ can be started from Start -> Programs | No |
| N | Mirabilis ICQ | ICQNet.exe | If connected to the internet, automatically runs up ICQ. Convenience more than anything. ICQ can be started from Start -> Programs | No |
| U | Miramar Systems, Inc. | atmsg.exe | Miramar PC/Mac networking software | No |
| N | Miranda IM | miranda32.exe | Miranda instant messaging client | No |
| X | Mirate Sp 2 Information | miratesp2.exe | Added by the RBOT.QH WORM! | No |
| X | Mircosoft DNS Service | svchost.exe | Added by the IRCBOT-AK TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "drivers" subfolder | No |
| X | Mircosoft Sockets SP2 | mssck.exe | Added by the MYTOB.ET WORM! | No |
| X | Mircosoft Update | wuampkd.exe | Added by a variant of the SDBOT WORM! | No |
| X | Mircosoft Windows Developer Enviroment | devenv.exe | Added by an unidentified WORM or TROJAN! | No |
| X | Mircosoft Windows Developer Enviroment | devenv.exe | Added by the RBOT.AUJ BACKDOOR! | No |
| X | Mircrosoft Svchost32 | svchost32.exe | Added by the RBOT-AZW WORM! | No |
| X | Mircrosoft Windows Config DLL | rundllc32b.exe | Added by the RBOT-ZY WORM! | No |
| N | miroVIDEO Tray Tool | misitray.exe | Tool for quickly changing options for miro/Pinnacle capture cards during capture/playback/output. When this program is closed, another program (mv-ctrl) is also closed, but mv-ctrl does not have its own EXE file. Only needed when using the capture card, e.g. for the above actions | No |
| U | Mirra | Mirra.Client.exe | Mirra Personal Server from Seagate Tech - "a powerful hardware/software solution that integrates high-capacity storage with content protection, remote access, sharing and multi-computer synchronization" | No |
| U | MirrorFolderShell | mrfshl.exe | MirrorFolder backup software | No |
| X | Mirsoft sdcE | taskmegr.exe | Added by the RBOT-AWY WORM! | No |
| X | Miscrosoft Windows Explorer | IEEXPLORER.exe | Reported as the SDBOT.YX WORM! | No |
| ? | misiCTRL | misiCTRL.exe | Miro video driver related. Is it required? | No |
| ? | misiTRAY | misiTRAY.exe | Miro video driver related. Is it required? | No |
| X | Mismo | win32x.exe | Added by the RBOT-JP WORM! | No |
| X | MistikotitaTuIpologisti | GDC.exe | MistikotitaTuIpologisti Greek rogue privacy tool - not recommended. A member of the PCPrivacyTool family | No |
| N | Mixer | Mixer.exe | C-Media Mixer - C-Media produce audio chipsets that are often found on popular motherboards with on-board audio. Provides System Tray access to change audio settings. Available via Start -> Settings -> Control Panel or Start -> Programs | No |
| N | Mixersel | mixersel.exe | Configuration for Realtek audio devices | No |
| N | Mixghost | mixghost.exe | Management software for Altec Lansing speakers. If a change is needed, the user can launch it from the Start menu | No |
| X | MJ | te32.exe | Added by the AGENT.HAA TROJAN | No |
| X | mjc | mjc.exe | Added by the AGENT.AKCI TROJAN! | No |
| U | mkb.exe | mkb.exe | MomKnowsBest surveillance software. Uninstall this software unless you put it there yourself | No |
| X | ml00!.exe | ml00!.exe | Malware, detected by Panda as the BWD TROJAN! | No |
| U | ML1HelperStartUp | ML1HEL~1.EXE | ScreenScenes "Midnight Lake" screensaver. The freeware version comes with GAIN branded ads (pop-ups and others). ScreenScenes do however offer you the option of doing away with the ads by purchasing the screensaver for a whopping $30. Please note that Claria Corporation no longer support GAIN-Supported software - see here | No |
| U | ML1HelperStartUp | ML1Helper.exe | ScreenScenes "Midnight Lake" screensaver. The freeware version comes with GAIN branded ads (pop-ups and others). ScreenScenes do however offer you the option of doing away with the ads by purchasing the screensaver for a whopping $30. Please note that Claria Corporation no longer support GAIN-Supported software - see here | No |
| X | ml34 | [path to trojan] | Added by the MAILBOT-BH TROJAN! | No |
| X | Mlcr0s0ftf DDEs C0ntr0i | WAed.pif | Added by the RBOT-BJW WORM! | No |
| X | MlCROSOFT FEnR | MlCROSOFT.EXE | Added by the GAOBOT.CII WORM! Note that both the name and command have a lower case "L" | No |
| X | mlibsysmc | comzcinc.exe | Added by the SDBOT-CXS WORM! | No |
| X | mload | lxmstart.exe | Added by an unidentified VIRUS, WORM or TROJAN! | No |
| ? | MM Install | setup.exe | Possibly Money Manager from Moneysoft? | No |
| X | MMB2 | explorer.exe | Added by an unidentified WORM or TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System% | No |
| X | MMC | inisys.exe | Added by the OSCABOT-I WORM! | No |
| X | mmcndmgr | mmcndmgr.exe | Added by an unidentified VIRUS, WORM or TROJAN! | No |
| N | MMCWINMGMT | winmgmt.exe | Used for Enterprise Management. If you are not an IT Administrator you don't need it to be running. Also runs from the PCHealth "scheduler" - refer here | No |
| X | mmemdrv | mmemdrv.exe | SecondSight spyware. Note - SecondSight is spyware that captures keystrokes and screen shots, and logs user activity on the compromised computer. The risk can then send the logged information to a remote attacker via email, must be manually installed | No |
| U | MMERefresh | MMERefresh.exe | Part of Digidesgin Protools. Refreshes your midi ports on the 002(R) (the 002R is a hardware audio/midi converter connected to your computer via firewire). Must be running in order to use the MIDI functionality of the Digi002R | No |
| X | Mmessenger | messenger.exe | Added by the AGOBOT.GM WORM! | No |
| X | Mmgsvc | mmgsvc.exe | Mmgsvc spyware | No |
| U | MMhid | mmhid.dll | This is the Human Interface Device Server for Win98, it is required only if you are using USB Audio Devices you can disable via Msconfig. See here. Typical examples are USB multimedia keyboards with volume control and web-ready keyboards. For example - loaded by default with MS DSS80 Speakers because they have Volume, Mute and Bass controls on the speaker. Some users may experience problems disabling this - if this is the case then re-enable it. Equivalent to Hidserv in Win98SE/2000/Me/XP | No |
| ? | MMHK | mmhk.exe | A driver found on a Compaq Presario 800T notebook. Possibly something to do with multimedia hot keys? | No |
| N | MMHotKey | MMHotKey.exe | Multimedia key handling for the relevant type of Turbo-Media keyboard. Shortcut available. Note that with this running it can crash DirectX8/9 under WinXP when a game switches to full-screen | No |
| X | MMicrosoft Security Management | inetforn.exe | Added by the RBOT.AFZ WORM! | No |
| U | MMKeybd | MMKeybd.exe | Multimedia keyboard manager. Required if you use the additional keys | No |
| U | Mmm | Mmm.exe | Hace Mmm - free utility to configure your Windows menus and move and remove menu-items you never use | No |
| X | mmnext06 | trjdwnl.dll | Malware installed by different rogue security software including SpyKillerPro and the XP AntiVirus series | No |
| X | mmod | mmod.exe | eZula TopText adware | No |
| N | mmpti | m1mmpti.exe | Mpact Mediaware Properties Taskbar Icon - multimedia software icon for Chromatic Research Mpact video cards | No |
| N | MMReminderService | MMReminderService.exe | Mind Manager from Mindjet - "easy way to organize ideas and information". Registration reminder | No |
| ? | MMRun | mmrun.exe | ?? | No |
| X | mmsass | mmdmm.exe | Added by the SDBOT.SO WORM! | No |
| X | mmsddlx | [random filename] | Added by a variant of the SLAPER TROJAN! | No |
| ? | mmsys | recover.exe | ?? | No |
| X | MMSystem | rundll32.exe mmsystem.dll, RunDll32 | Added by the FUNNER-A WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "mmsystem.dll" file is found in %System% | No |
| Y | MMTASK | mmtask.tsk | A check on the file's properties reveals "Multimedia background task support module". MMTASK is a very simple 16-bit program used by certain multimedia drivers (which are still 16-bit on Win9x) to perform background processing. Some soundcards need this to support MIDI, etc | No |
| N | mmtask | mmtask.exe | Part of MusicMatch Jukebox - digital music player / CD burner and ripper / music organizer / playlist creator | No |
| X | MMtask Service | mmtask.exe | Added by the BACKGAT.A TROJAN! Not the valid MusicMatch Jukebox which has the same filename | No |
| N | MMTray | mm_tray.exe | MusicMatch Jukebox icon in the task tray - digital music player / CD burner and ripper / music organizer / playlist creator | No |
| N | MMTray | MMTray.exe | Part of Morgan Multimedia Codecs. Only required when the codecs are used | No |
| N | MMTray2K | MMTray2K.exe | Part of Morgan Multimedia Codecs. Only required when the codecs are used | No |
| N | MMTrayLSI | MMTrayLSI.exe | Part of Morgan Multimedia Codecs. Only required when the codecs are used | No |
| ? | mmusrstp | procrun.exe | ?? | No |
| X | mmxp2passion.exe | mmxp2passion.exe | MediaMotor adware | No |
| X | mmxrun | msosa.exe | Added by an unidentified TROJAN or WORM! | No |
| X | mmxrun | mswinindex.exe | TwoSeven spyware | No |
| U | mm_server | mm_server.exe | Part of MusicMatch Jukebox - digital music player / CD burner and ripper / music organizer / playlist creator | No |
| X | mnklins | mnklins.exe | VX2.Transponder parasite updater/installer related | No |
| X | MNPol | mnpol.exe | Added by the DLUCA.B TROJAN! | No |
| U | MNS | MNS.exe | Mobile Net Switch enables you to use your computer on more then one network with the click of a button. It allows you to automatically select the correct drive mappings, printer settings, IP settings and much more | No |
| X | mnsa | mnso.exe | Added by the LINEAG-AI TROJAN! | No |
| X | mnsvc | mnsvc.exe | Added by the AUTOUPDER TROJAN! | No |
| X | mnsvcsp | mnsvcsp.exe | Added by an unidentified VIRUS, WORM or TROJAN! | No |
| ? | mnu | igomnu.exe | Wanadoo broadband ISP (now rebranded as Orange) related. What does it do and is it required? | No |
| U | Mobile Phone Suite | MobilePhoneSuite.exe | Logitech Mobile Phone Suite | No |
| U | mobile PhoneTools | mPhonetools.exe | Motorola Phone Tools | No |
| U | Mobipocket Reader Notifications | readernotify.exe | Part of Mobipocket Reader - "Store all your eBooks, eNews & self-published eDocs on your PC. Download eBooks in Mobi format from your favorite ebookstores to read on your smartphone, PDA, laptop or on your desktop PC" | No |
| U | Mobipocket Web Companion | webcomp.exe | Related to Mobipocket eBook Reader | No |
| U | mobsync | mobsync.exe | Microsoft Synchronization Manager for 2K/XP - used to update network copies of materials that were edited offline, such as documents, calendars, and e-mail messages. Available via Start → All Programs → Synchronize, this entry appears if you select Setup → "When I log on to my computer" | Yes |
| X | MOBSYNC32.EXE | mobsync32.exe | Added by the FINERO TROJAN! | No |
| N | MOD | muamgr.exe | Using MicroAngelo On Display, you can easily select the icon images that you prefer rather than the default icons displayed by Windows. On Display provides a consistent and elegant method to customize the icon display for almost every icon on your system | No |
| X | Modem | locatesvc.exe | Added by a variant of the SPYBOT WORM! | No |
| X | Modem Driverz Updates | mdmdrv.exe | Added by a variant of the SDBOT WORM! | No |
| U | MODEMBTR | MODEMBTR.EXE | Modem Booster from inKline Global to improve ISP connections | No |
| X | Modeminf | Modeminf.exe | Added by a variant of the CRYPTER.C TROJAN! | No |
| U | ModemOnHold | MOH.EXE | NetWaiting/Modem-on-Hold - allows you to place your Internet connection on hold while you take a voice call (if Call Waiting is supported by your phone company). See here for more information | No |
| U | ModemOnHold | netWaiting.exe | NetWaiting/Modem-on-Hold - allows you to place your Internet connection on hold while you take a voice call (if Call Waiting is supported by your phone company). See here for more information | No |
| N | ModemUtility | mdmsetpe.exe | System Tray configuration icon for Aztech modems | No |
| X | Modifiet Amateur HTPB | wuaclt.exe | Added by the IRCBOT.AYS WORM! | No |
| U | ModPS2 | ModPS2Key.exe | Hotkey drivers for Chicony keyboard. Required if you use the hotkeys | No |
| X | ModularConfig | syscnfg.exe | Added by an unidentified VIRUS, WORM or TROJAN! "syscnfg.exe" is found in %Windir%\fonts\font2 where no *.exe files should reside | No |
| X | Module Call initialize | RUNDLL32.EXE reg.dll, ondll_reg | Added by the LOVGATE.C WORM! | No |
| X | Modulo 00FE0F01 Host Internet | syschost.exe | Added by the DELF-KW TROJAN! | No |
| X | MonAppli | [random filename] | Added by the DELF.IF TROJAN! The most common filenames are isys32.exe & msnmsg.exe | No |
| X | MonContenuassistant | GDC.exe | MonContenuassistant French rogue privacy tool - not recommended. A member of the PCPrivacyTool family | No |
| N | Money Express | moneyexpress.exe | Part of MS Money. Available via Start -> Programs | No |
| N | MoneyAgent | money express.exe | Part of MS Money. Available via Start -> Programs | No |
| N | MoneyAgent | mnyexpr.exe | Microsoft Money | No |
| N | MoneyStartUp | Money Startup.exe | Microsoft Money | No |
| N | MoneyStartUp10.0 | Activation.exe | Part of MS Money 2002. Available via Start -> Programs | No |
| X | monitor | monitor.exe | Browser hijacker, redirecting to NCM Search | No |
| U | Monitor | SD Monitor.exe | "Transfer data quickly between your memory card and your computer with SanDisk's Readers, Writers and Adapters" | No |
| X | Monitor | explor.exe | Added by the AGOBOT-EF BACKDOOR! | No |
| ? | Monitor | Monitor.exe | Related to the Philips SPC610NC & PixArt PAC207 webcams (and possibly others) and Leapfrog Connect Application. What does it do and is it required? | No |
| U | Monitor Apache Servers | ApacheMonitor.exe | Part of the Apache Web Server package. Useful only if you're running such a server on your PC. Available via Start -> Programs | No |
| X | Monitor calibration | AV1i.exe | Anti-Virus-1 rogue security software - not recommended, removal instructions here | No |
| U | Monitor Helper | monitor.exe | MyLittleSpy keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| X | Monitor Test | [random filename] | Added by the SDBOT-NC WORM! | No |
| X | monitor1a | monitor1a.exe | Added by the MSNAGEN-A TROJAN! | No |
| X | Monitoring Service | svchost.exe | Added by the CONE.C WORM! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "tasks" subfolder of the Winnt or Windows folder | No |
| X | Monitormgt | Monitormgt.exe | Added by the GEMA TROJAN! | No |
| U | MonitorSD | SDMonitor.exe | Spyware Detector - spyware remover. Initially not recommended due to false positives but the later versions have since improved - see here | No |
| X | MONPluginSrIvcs | n3monap23.exe | Added by a variant of the RBOT WORM! | No |
| N | Monstersoundtray | Freectrl.exe | Diamond Multimedia sound card control panel | No |
| X | MonTest | vccxzq.exe | Added by the SDBOT-EA WORM! | No |
| U | MoodBook | mb.exe | MoodBook is a free Windows utility that brings art to your desktop | No |
| N | moon phase | moon.exe | Moon Phase - tray icon that indicates the phases of the moon | No |
| X | MooNlight | MySqld-nt.cmd | Added by the BOBANDY-A WORM! | No |
| X | MoreContent | rundll32.exe MSA64CHK.dll,DllMostrar | MatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System% | No |
| X | MoreResults | MoreResults.exe | MoreResults adware | No |
| N | Morpheus | morpheus.exe | MusicCity Networks' Morpheus - another peer-to-peer client based on Kazaa. Notable in that this one doesn't seem to install the adware that clog the Kazaa download. They claim they are adware free, and a visitor quotes "I have seen no instance of any since using it" | No |
| X | morphstb | morphstb.exe | Adware - detected by Kaspersky as the STUBBY.C TROJAN! | No |
| X | mosearch | mosearch.exe | Fast Search in Office XP - similar to the new revision of the Find Fast feature in Office 2000. Fast Search uses the Indexing Services in Office XP to create a catalog of Office files on your computer's hard disk. As with Find Fast - a waste of resources. If it can't be disabled via MSCONFIG try here | No |
| X | Motherboard Config | Ati2xxx.exe | Added by the RBOT-AIK WORM! | No |
| X | MotherBoard Sounds | Sounds.exe | Added by the RBOT-AAP WORM! | No |
| N | Motive SmartBridge | mpbtn.exe | System tray icon for the Virtual Assistant from AT&T Broadband, used to communicate internet problems via the network rather than telephone. Available via desktop shortcut or Start -> Programs - not required | No |
| N | Motive SmartBridge | MotiveSB.exe | System tray icon for the Virtual Assistant from AT&T Broadband, used to communicate internet problems via the network rather than telephone. Available via desktop shortcut or Start -> Programs - not required | No |
| N | Motive SmartBridge | BTHelpNotifier.exe | System tray icon for help from BT Broadband, used to communicate internet problems via the network rather than telephone. Available via desktop shortcut or Start -> Programs - not required | No |
| U | MotiveMonitor | motmon.exe | Found on HP/Dell and Compaq systems (and maybe others). MotiveMonitor is used by the suppliers on-line support and allows the agent at the far end to do harddrive/ram/video/etc tests on the computer. Can cause some users problems with IE and Netscape by disabling this - in this case leave it to run. You may also wish to leave it alone if the PC is still within the support period from the manufacturer. For most users it's not required | No |
| N | MotiveSB | MotiveSB.exe | System tray icon for the Virtual Assistant from AT&T Broadband, used to communicate internet problems via the network rather than telephone. Available via desktop shortcut or Start -> Programs - not required | No |
| U | MotMon | motmon.exe | Found on HP/Dell and Compaq systems (and maybe others). MotiveMonitor is used by the suppliers on-line support and allows the agent at the far end to do harddrive/ram/video/etc tests on the computer. Can cause some users problems with IE and Netscape by disabling this - in this case leave it to run. You may also wish to leave it alone if the PC is still within the support period from the manufacturer. For most users it's not required | No |
| X | motoin | mm15201518.Stub.exe | Delfin Promulgate adware variant | No |
| U | Motorola Desktop Suite | DesktopSuite.exe | Related to Motorola Desktop Suite - PC software managing Motorola mobiles such as the A1000 | No |
| U | Motorola Desktop Suite mRouter Config | mRouterConfig.exe | Configuration for Motorola's version of Intuwave's m-Router - "that enables easy connectivity between mobile devices and PCs across Bluetooth, Infrared, USB and serial cable connections". It was licensed and used by the Symbian OS but m-Router is no longer readily available since Intuwave went into administration in 2006 | No |
| U | Motor_Tracking_Tool | MTTool.exe | Sweex Motion Tracking Webcam utility. "The motion tracking function ensures that the camera can follow all your movements. So you can move and chat, without disappearing from view" | No |
| U | Mount Safe & Sound | Fbmount.exe | From McAfee VirusScan version 5.x. Creates back-up sets of critical files in a separate area of a hard drive. If you make regular back-ups it's not needed and can be painful during system start | No |
| U | mount.exe | mount.exe | Part of "GiPo@FileUtilities - GiPo@Mount "Provides advanced substitutional and mounting services. It allows to attach a local drive to an empty folder on an NTFS volume (only for Windows 2000/XP) and to substitute a local folder for a drive letter" | No |
| X | mouse | mouse.exe | Added by the RBOT-AHJ WORM! | No |
| U | Mouse 32A | Mouse32A.exe | Mouse utility. If you disable this entry you will not be able to use any of the non-standard functions of the mouse | No |
| N | Mouse Suite 98 Daemon | pelmiced.exe | Mouse driver. Appears to cause a behaviour where the desktop suddenly flips back up when playing DirectX associated games | No |
| U | Mouse Suite 98 Daemon | ICO.EXE | Found on some Sony Vaio, IBM Thinkpad and Dell (and possibly other) laptops and seems to be related to Mouse Suite 98 Daemon according to the properties. Required on the Dell Inspirion 530 as without it the Dell mouse suite does not load and mouse settings are not retained on a reboot. Appears to cause a behaviour where the desktop suddenly flips back up when playing DirectX associated games | No |
| X | mousebut | mousebut.exe | Added by the CRYPTER.A TROJAN! | No |
| X | Mousecntl | mousecntl.exe | Added by a variant of the CRYPTER.C TROJAN! | No |
| N | MouseCount | MC.exe | MouseCount by Kittyfeet Software. "Utility for counting how many times us computer junkies click our mouse in a given session/day/week/month/year." Not required | No |
| X | mousedrive.exe | instantmsgrs.exe | Added by the FORBOT-ER WORM! | No |
| X | MouseDrv | [path to worm] | Added by the ZOLOAD-B WORM! | No |
| X | MouseDrv | update.exe | Added by the ZOTOB.N WORM! | No |
| U | mouseElf | MC.exe | Genius NetScroll mouse driver - required if you use non-standard Windows driver features | No |
| U | mouseElf | mouseElf.exe | System Tray access to the mouse control panel for Genius Netscroll mice. Required if you use non-standard Windows driver features | No |
| U | MouseImp | MImpHost.exe | MouseImp Pro - "A reliable assistant that turns your mouse into a simple, native but powerful controlling device" | No |
| X | mousepad | mousepad.exe | Added by the CLICKER TROJAN! | No |
| U | Mousinfo | mousinfo.exe | MS mouse information tool - for troubleshooting mouse problems | No |
| X | MoussaEvil | [path to file] | Added by the MUSANUB-A WORM! | No |
| X | MoveSearch | Search.exe | PigSearch adware | No |
| N | Movielink Manager Uninstall | msvcmm32.exe | Auto-update for Movielink - internet movie rental System Tray access | No |
| X | MovieM | lmovie.exe | Added by the BEAGLE.DS WORM! | No |
| X | moviemk | moviemk.exe | Added by the DWNLDR-GTB TROJAN! | No |
| X | MovieNetworks | MovieNetworks.exe | MovieNetworks will connect you by a domestic premium rate telephone number 900-xxx-xxxx - so you get xxx rated pictures and junk and high internet costs. Remove the %ProgramFiles%\MovieNetworks directory | No |
| X | Movieplace | Movieplace.exe | MoviePlace malware | No |
| X | Mozila | mozila.exe | Added by the DELBOT-AJ WORM! | No |
| X | Mozila Firefox | firebox.exe | Added by the RBOT-AIP WORM! | No |
| X | Mozilla Firebird v0.8 Internet Browser | netstats.exe | Added by the IRCBOT.MC TROJAN! | No |
| X | Mozilla Firefox | F1REF0X.EXE | Added by the SDBOT-UP BACKDOOR! Note that the filename has the numbers "1" and "0" in place of upper case "i" and "o" respectively | No |
| N | Mozilla Quick Launch | Netscp6.exe | Netscape 6 and Mozilla browsers | No |
| N | Mozilla Quick Launch | Mozilla.exe | Netscape 6 and Mozilla browsers | No |
| X | Mozillacorp | system.exe | Added by the SILLYFDC WORM! | No |
| N | mozilla_cleanup | xpicleanup.exe | Firefox Mozilla cleans up after installation. It is invoked on a restart after installation, to remove the bits and pieces resulting from the installation | No |
| U | Mozy Status | mozystat.exe | Mozy - free backup at a secure, remote location | No |
| X | MP Services | mpsvc.exe | Added by the WOOTBOT.EQ WORM! | No |
| X | MP Tcloakss | mptclock.exe | Added by the NACKBOT-B WORM! | No |
| X | MP Tcloaxs | mptcloaxs.exe | Added by the RANDEX.CT WORM! | No |
| X | MP Tclockvv | mptclock.exe | Added by the NACKBOT-A WORM! | No |
| X | MP Tclockvv | mptclock.exe | Added by the NACKBOT-A WORM! | No |
| X | MP Tclockvv | mptclockvv.exe | Added by the RANDEX.CJ WORM! | No |
| N | MP3 CD Extractor | CD-Extractor.exe | "MP3 CD Extractor is an audio CD to MP3 ripper which can extract Digital Audio tracks from Audio CDs into files on the hard disk" | No |
| X | Mp3 Loader | Sysdata.EXE | Added by the AVETTE-A VIRUS! | No |
| X | MP3Collection | rundll32.exe MSA64CHK.dll,DllMostrar | MatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System% | No |
| X | MP3download | rundll32.exe MSA64CHK.dll,DllMostrar | MatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System% | No |
| X | MP3files | rundll32.exe MSA64CHK.dll,DllMostrar | MatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System% | No |
| X | MP3freeDownload | rundll32.exe MSA64CHK.dll,DllMostrar | MatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System% | No |
| X | MP3freeDownloads | rundll32.exe MSA64CHK.dll,DllMostrar | MatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System% | No |
| X | MP3nice | rundll32.exe MSA64CHK.dll,DllMostrar | MatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System% | No |
| X | MP3Themes | rundll32.exe MSA64CHK.dll,DllMostrar | MatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System% | No |
| X | MP3ToTheMax | rundll32.exe MSA64CHK.dll,DllMostrar | MatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System% | No |
| X | MP4 Player | mp4Player.exe | MP4 Player allows you to view MP4 videos. Marked as undesirable due to the fact that it changes your homepage to a custom Google search engine, changes your browser's default search provider, and runs hidden in the background. Terms of use also state that it collects and tracks urls you visit in order to display relevant ads | No |
| X | MPatrolPRO | MPatrolPRO.exe | MalwarePatrol Pro rogue security software - not recommended, removal instructions here | No |
| U | MPEO | Csinsm32.exe | Automatic logging of installs from Norton CleanSweep - available via Start -> Programs | No |
| Y | MPFExe | mpf.exe | McAfee Personal Firewall | No |
| Y | MPFExe | MpfTray.exe | McAfee Personal Firewall | No |
| Y | MPFTray | MpfTray.exe | McAfee Personal Firewall | No |
| X | MPL32 driver | MPL32.exe | Added by the LOONY-M TROJAN! | No |
| X | MPlay64 | mplay64.exe | Added by the MPLAY64 TROJAN! | No |
| U | MplSetup | MplSetup.exe | Used by Ricoh network printers to enable network printing from the client | No |
| X | MPM Manager | MPM.exe | Added by the DONBOMB.A TROJAN! | No |
| X | MPNet | mpn.exe | Added by the DELBOT-W WORM! | No |
| U | MPower | MPower.exe | MPower from MindBeat. "Defragments and frees your RAM giving more stability to your system and avoiding needless use of swap file. Willl also benchmark (speed test) your hard disk drives and your CPU load". MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mind | No |
| X | mppdds | mppdds.exe | Added by the PWS-AKZ TROJAN! | No |
| X | mppds | mppds.exe | LEGMIR.AQZ spyware | No |
| X | MPR MSG | mprmsg32.exe | Added by the MYTOB.CF WORM! | No |
| X | MPREXE | MPREXE.EXE | Added by the OPASERV.T WORM! Note - this is not the legitimate Mprexe.exe system file | No |
| Y | MPREXE.exe | mprexe.exe | WIN32 Network Service Interface Process. MPREXE.exe enables the computer to have multiple clients/protocols for networks. There are some problems with it sometimes though - see here. Note - why some people have it listed in start-up programs I don't know but I was asked to include it here. It automatically runs in the background. NOTE : sometimes it will appear in start-ups if you have a virus | No |
| X | MprHTML | MprHTML.exe | Added by a variant of the VAGRNOCKER TROJAN! | No |
| X | mprocessor | mprocessor.exe | InstallDollars.com foistware | No |
| U | MPSExe | mscifapp.exe | McAfee.com Privacy Service - "combines personal identifiable information (PII) protection with online advertisement blocking and content filtering" | No |
| Y | MpsOnn | MpsOnn.exe | Canon printer driver | No |
| ? | MPT | MPT.exe | ?? | No |
| X | MPtask Services | mptask.exe | Added by the LALA or AOT TROJANS! | No |
| N | MPTBox | MPTBOX.EXE | Cannon Multi-Pass toolbox - a button bar | No |
| X | mptsgsvc.exe | mptsgsvc.exe | Hacker Tool - detected by DiamondCS TDS-3 anti-trojan as "HackTool.Win32.Hidd.j" | No |
| N | MPXTray | mpxptray.exe | Windows Media Player PowerToy which is run from the taskbar. It can be used to hide Windows Media Player (when in use) and choose various standard buttons (play/pause, next,previous) etc | No |
| U | MP_STATUS_MONITOR | monitr32.exe | Cannon Multi-Pass status monitor - your choice | No |
| X | mqadscp3 | mqadscp3.exe | Added by the STRATION.CX WORM! | No |
| X | mqbkup | mqbkup.exe | Added by the OPASERV.K WORM! | No |
| X | MQT Svc | mqtsvc.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| U | mRouterConfig | mRouterConfig.exe | Configuration for Intuwave's m-Router - "that enables easy connectivity between mobile devices and PCs across Bluetooth, Infrared, USB and serial cable connections". It was licensed and used by the Symbian OS but m-Router is no longer readily available since Intuwave went into administration in 2006 | No |
| X | mrsvctr | mrsvctr.exe | Added by a variant of the SDBOT WORM! | No |
| Y | MRT | MRT.exe | Microsoft's Malicious Software Removal Tool | No |
| N | mrtMngr | mrtMngr.exe | Maintenance Release Task Manager for Intuit's QuickBooks or Quicken | No |
| U | MRU-Blaster Scheduler | scheduler.exe | Scheduler for MRU-Blaster - "a program made to do one large task - detect and clean MRU (most recently used) lists on your computer" | No |
| N | MRU-Blaster Silent Clean | mrublaster.exe | MRU-Blaster - performs silent cleaning of MRU lists at boot | No |
| U | MRUBlaster | indexcleaner.exe | MRU-Blaster related - runs once in order to delete the index.dat file in the Temporary Internet Files and/or Cookies folder | No |
| X | Mr_CoolFace_Game | Emma.exe | Added by the ROMARIO-A WORM! | No |
| X | ms | svhost32.exe | Added by the LEGMIR-AQO TROJAN! | No |
| X | MS Agent Protection | ag1.exe | Added by the IRCBOT.AZ BACKDOOR! | No |
| X | MS AntiSpyware 2009 | msas2009.exe | MS AntiSpyware 2009 rogue spyware remover - not recommended, removal instructions here | No |
| X | MS Auto-IPSec Protection | MSASP32.exe | Added by the RBOT-AER WORM! | No |
| X | MS Autoloader 32 | MSAuto32.exe | Added by the SPYBOT.BD WORM! | No |
| X | Ms Builders | Wupated.exe | Added by the AGOBOT-SS WORM! | No |
| X | MS Config | msdconfig.exe | Added by the RBOT-CZH WORM! | No |
| X | MS Config Loader | svchos1.exe | Added by the AGOBOT.R WORM! | No |
| X | MS Config Loader | MSWin32bck.exe | Added by the GAOBOT.AA WORM! | No |
| X | MS Config Loader | svcrhost.exe | Added by a variant of the RBOT WORM! | No |
| X | MS Config Service | Msloader32.exe | Added by the RBOT-KJ WORM! | No |
| X | MS Config Stream | msasm.exe | Added by the AGOBOT-BA WORM! | No |
| X | MS Config v12 | mscfg12.exe | Added by the AGOBOT.YP WORM! | No |
| X | MS Config v13 | lrbz32.exe | Added by the GAOBOT.AOL WORM! | No |
| X | MS Config v13 | mscfg13.exe | Added by the AGOBOT.YQ WORM! | No |
| X | Ms configsu | msconfigsu.exe | Added by a variant of the SDBOT WORM! | No |
| X | MS Configuration | MSFramer.exe | Added by the RANDEX.OL WORM! | No |
| X | Ms Configuration | microsoftsa32.exe | Added by the KELVIR.X WORM! | No |
| X | MS Configuration Utility | msconfig32.exe | Added by the WOOTBOT.DY WORM! | No |
| X | MS DATABASE | MSDATA32.EXE | Added by a variant of the SDBOT WORM! | No |
| X | MS Decryption Software | active.exe | MediaTickets adware variant | No |
| X | MS DirectX Sound Drivers | msdrvdx.exe | Added by the RBOT.BCX WORM! | No |
| X | MS DLL Library Manager | dllsys64.exe | Added by the RANKY TROJAN! | No |
| X | MS Domain Name Server Deamon | MSDNSD32.exe | Added by the RBOT-CMZ WORM! | No |
| X | MS Domain Name System | MSWDNS32.exe | Added by the RBOT-GKY WORM! | No |
| X | MS DVD DirectX Dll Drivers | mdxdl.exe | Added by the SDBOT-XI WORM! | No |
| X | MS DVD DirectX Sound Drivers | msdrvdx.exe | Added by the SDBOT-XJ WORM! | No |
| X | MS Explorer | mexplore.exe | Added by the YAHA.AE WORM! | No |
| X | MS FIREWALL | msfrewall.exe | Added by the SDBOT-PU WORM! | No |
| X | MS FIREWALL | msfirewall.exe | Added by the SDBOT-QH WORM! | No |
| X | MS Host | msthost.exe | Added by the SLENFBOT.AH WORM! | No |
| X | MS Host Manager | ivhost.exe | Added by the RBOT-BJN WORM! | No |
| X | MS Hosts | msthosts.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | MS HTML | msHtml.exe | Added by the PESTDOOR.31 TROJAN! | No |
| X | MS HTML | mslat.exe | Added by the LATINUS.SVR TROJAN! | No |
| X | MS HTML Location Class | MSHTML32.exe | Added by the RBOT-YD WORM! | No |
| X | MS Initial | mstinitial.exe | Added by the IRCBOT.ASP BACKDOOR! | No |
| X | MS Internet Executor 32 | MSIXEC32.exe | Added by the RBOT-AEQ WORM! | No |
| X | MS Internet Explore | MSIEx.exe | Added by a variant of the RBOT WORM! | No |
| X | MS Java Applets for Windows NT & XP | javaapplet.exe | Added by the RBOT.BHG WORM! | No |
| X | MS Java Applets for Windows NT, ME | javaapplets.exe | Added by the VANEBOT-B WORM! | No |
| X | Ms Java for Windows 98, NT, ME & XP | msjavames.exe | Added by the RBOT.BHJ WORM! | No |
| X | Ms Java for Windows 98, NT, XP & ME | msjavaxps.exe | Added by the BACKDOOR.GEN TROJAN! | No |
| X | Ms Java for Windows NT | MS32.exe | Added by the VANEBOT-H WORM! | No |
| X | Ms Java for Windows NT | msi32java.exe | Added by the VANEBOT-I WORM! | No |
| X | Ms Java for Windows NT | msjava.exe | Added by the VANEBOT-E WORM! | No |
| X | Ms Java for Windows NT | msi32info.exe | Added by the RBOT.AFX WORM! | No |
| X | MS Java for Windows NT, XP & ME | xpjavams.exe | Added by the KASSBOT-V WORM! | No |
| X | MS Java for Windows XP & NT | javanet.exe | Added by the VANEBOT-A WORM! | No |
| X | MS Java Service Wrapper Windows NT | wrapper.exe | Added by the VANEBOT-D WORM! | No |
| X | Ms Java Update For Windows NT/XP | msijavaupdt32.exe | Added by the RANDEX.AF WORM! | No |
| X | MS Java virtual machine | javavm.exe | Added by the RBOT.ABG WORM! | No |
| X | MS LARISSA | MS_LARISSA.exe | Added by the ASSIRAL.B WORM! | No |
| X | MS lsass Startup | lsass135.exe | Added by the RBOT.WM WORM! | No |
| ? | MS management console | mms.exe | Suspicious as the legitimate "Microsoft Management Console" is "mmc.exe" and not "mms.exe" and doesn't normally run at startup | No |
| X | MS Microsoft Socket Deamon | MSSCKD32.exe | Added by a variant of the RBOT WORM! | No |
| X | MS MSN Menssenger 7.0 | MSMSN7.exe | Added by the RBOT-ACA WORM! | No |
| X | MS MSN Menssenger 7.0 | MSEXPORT.exe | Added by a variant of the SDBOT WORM! | No |
| X | MS Network Control | mswin.exe | Added by the DUMBA TROJAN! | No |
| X | MS Office | Office10.exe | Added by the VB.DT TROJAN! | No |
| X | ms ownage | winPE.exe | Added by the RBOT-AJL WORM! | No |
| X | MS Paint | mspainter.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | MS PLUS INC | wpad.exe | Added by the MYTOB-AN WORM! | No |
| X | Ms Processe Manager | msproc.exe | Added by the RBOT.ATO WORM! | No |
| X | MS Real Player | RealPlyr.exe | Added by the RBOT.MR WORM! | No |
| X | MS Registry Service | MSRMS32.exe | Added by the RBOT-AKP WORM! | No |
| X | MS Remote Procedure Call | msrpc32.exe | Added by the RBOT-QL WORM! | No |
| X | MS Screen Saver | scrsave.scr | Added by the RBOT-AGT WORM! | No |
| X | MS Security | systm.pif | Added by the RBOT-AQN WORM! | No |
| X | MS Security Authority Service | lsass.exe | Added by the KALEL-B WORM! Note - this is not the legitimate lsass.exe process, which should not appear in Msconfig/Startup! | No |
| X | MS Security Hotfix | service5.exe | Added by the GAOBOT.AG WORM! | No |
| X | MS Security Update 993 | msident.exe | Added by a variant of the SDBOT WORM! | No |
| X | MS service | msservice.exe | Added by the RBOT-ZG WORM! | No |
| X | MS Service Drivers | winscv.exe | Added by the SDBOT-COG WORM! | No |
| X | Ms sock for Windows NT | winser.exe | Added by a variant of the SDBOT WORM! | No |
| X | MS Sound Config 16bit | sndcfg16.exe | Added by the SDBOT.MB TROJAN! | No |
| X | Ms Sound Drivers | msdrv.exe | Added by the SDBOT-WR WORM! | No |
| X | ms spool service | msspooler.exe | Added by a variant of the RBOT WORM! | No |
| X | Ms Spool32 | MS SPOOL32.EXE | Added by the ASASSIN TROJAN! | No |
| X | MS SyS Restore | sysrestore.exe | Added by the RBOT.XM WORM! | No |
| X | MS Sys Security | mswin.pif | Added by the RBOT-APJ WORM! | No |
| X | MS System Call Function | msscf32.exe | Added by the RBOT-GBZ WORM! | No |
| X | Ms System Config | Mscfg.exe | Added by the SDBOT-CCR WORM! | No |
| X | Ms System Config | pcedit.exe | Added by a variant of the SDBOT WORM! | No |
| X | MS System Security | mswin32.pif | Added by the RBOT-AOX WORM! | No |
| X | Ms task manager | tskmgr.exe | Added by the SDBOT.CCD WORM! | No |
| X | MS Task Manager 32 | mstskmgr.exe | Added by the RANKY.DE TROJAN! | No |
| X | MS taskbar | crssr.exe | Added by the RBOT-AGO WORM! | No |
| X | MS taskbar | nts.exe | Added by the RBOT-AGB WORM! | No |
| X | MS taskbar | taskbars.exe | Added by the RBOT.BRW WORM! | No |
| X | MS Taskbars | taskbars.exe | Added by the SDBOT-ACV WORM! | No |
| X | MS taskmanager | tskmgr.exe | Added by the RBOT-AKA WORM! | No |
| X | MS Time | timezone.exe | Added by the AGOBOT.ADY WORM! | No |
| X | MS UniX | navupdate64.exe | Added by the RBOT.CRZ BACKDOOR! | No |
| X | MS Unix Binary | win32ttb.exe | Added by the SPYBOT.OQ WORM! | No |
| X | MS Unix Binary | msmq2inst.exe | Added by the RBOT-YF WORM! | No |
| X | MS Unix Binary | msnupdate.exe | Added by the RBOT-AAM WORM! | No |
| X | MS Unix Binary | outlookexpressupdate.exe | Added by the RBOT-YU WORM! | No |
| X | MS Unix Binary | Win32Update.exe | Added by the RBOT-BAS WORM! | No |
| X | MS Unix Binary | Norton2005Update.exe | Added by a variant of the RBOT WORM! | No |
| X | MS Unix Binary | trmupdate.exe | Added by the RBOT-ACC WORM! | No |
| X | MS Unix Binary | WinGuard.exe | Added by the RBOT-ACL WORM! | No |
| X | MS Unix Binary | msnq3insller.exe | Added by the RBOT.GXH BACKDOOR! | No |
| X | MS Update | syshost.exe | Added by the EVAMAN-F WORM! | No |
| X | Ms Update WinServices NT/XP | winservnt32.exe | Added by the VANEBOT-G WORM! | No |
| X | MS UPDATER | update.exe | Added by the RBOT-VC WORM! | No |
| X | MS Updates | mscache.exe | Spyware web downloader | No |
| X | MS Updates | syshosts.exe | Added by the MYDOOM.Y WORM! | No |
| X | MS Updates | aupd.exe | Spyware web downloader | No |
| X | MS Updating Utility | msupdater.exe | Added by the RBOT-XR WORM! | No |
| X | MS USB 2.0 Windows Support | msusb32.exe | Added by a variant of the RBOT WORM! | No |
| X | Ms Valud Loader | Svhots.exe | Added by the AGOBOT-SP WORM! | No |
| X | MS Win32 Network Services | windriver.exe | Added by the AGOBOT.ADH WORM! | No |
| X | ms window update | ******.exe [* = random character] | Added by a variant of the RBOT WORM! | No |
| X | MS Windows AOL Driver | MSAOLdrv.exe | Added by the RBOT-ASP WORM! | No |
| X | MS windows Data list process | MSDATLST.exe | Added by an unidentified WORM or TROJAN! | No |
| X | MS Windows Executor Process | MSEXECP32.exe | Added by a variant of the RBOT WORM! | No |
| X | MS Windows Local Directory | MSWLD32.exe | Added by a variant of the RBOT WORM! | No |
| X | MS Windows procces 32 | msprocces.exe | Added by the RBOT-AEZ WORM! | No |
| X | MS Windows Process Class | MSPRCSS32.exe | Added by the RBOT-YQ WORM! | No |
| X | MS Windows Process Init | MSWPI32.exe | Added by the RBOT-ASQ WORM! | No |
| X | MS Windows Security Updater | updater.pif | Added by the RBOT-AKY WORM! | No |
| X | MS Windows System Alert | MSWSA32.exe | Added by the RBOT-BFN WORM! | No |
| X | MS Windows TASK Service | MSWTASK32.exe | Added by a variant of the RBOT WORM! | No |
| X | MS Windows Update | scguard.exe | Added by the RBOT-YZ WORM! | No |
| X | MS WINS Binary | ign32.pif | Added by the RBOT-ASB WORM! | No |
| X | MS Winsock | msws2_32.exe | Added by the AKBOT-A TROJAN! | No |
| X | ms************* [* = random digit] | ms*************.exe [* = random digit] | WINBO adware | No |
| X | Ms**.exe [* = random char] | Ms**.exe [* = random char] | CoolWebSearch/HomeSearch adware - for examples, see this log | No |
| X | Ms**32.exe [* = random char] | Ms**32.exe [* = random char] | CoolWebSearch/HomeSearch adware - for examples, see this log | No |
| X | MS-Connect | arr.exe | Adult content dialler - see here | No |
| X | MS-Connect | cdm.exe | Adult content dialler - see here | No |
| X | MS-Connect | game.exe | Adult content dialler - see here | No |
| X | MS-Connect | msite18.exe | Adult content dialler - see here | No |
| X | MS-Connect | web.exe | Adult content dialler - see here | No |
| X | MS-DOS Boot Service | Boot32.pif | Added by the RBOT-AMF WORM! | No |
| X | MS-DOS Security Service | ms-dos.pif | Added by the RBOT-AMR WORM! | No |
| X | MS-DOS Service | MS-DOS.pif | Added by the RBOT-AII WORM! | No |
| X | MS-DOS Windows Service | MS-DOS.PIF | Added by the RBOT-AJW WORM! | No |
| X | MS-HTML | [random filename] | Added by the LATINUS.15 TROJAN! | No |
| X | MS-patch | msconfig32.exe | Added by the RBOT-AUF WORM! | No |
| X | MS-patch | mspatch32.exe | Added by the RBOT-AWF TROJAN! | No |
| X | MS-RunKey | arr.exe | MS-Connect dialler/hijacker | No |
| X | ms2src | ms2src.exe | Added by a TROJAN - see here | No |
| X | MS32DLL | achi.dll.vbs | Added by the ACHI-A TROJAN! | No |
| X | MS32DLL | Bha.dll.vbs | Added by the BUTSUR-A WORM! | No |
| X | MS32DLL | MS32DLL.dll.vbs | Added by the ZODGILA WORM! | No |
| X | MS32DLL | ffqca.exe | Added by the SDBOT-YD WORM! | No |
| X | MS7531 | ms7531.exe | Homepage hijacker | No |
| X | MSACM | msacm.exe | Added by the OPASERV-O WORM! | No |
| X | msadcheck | msadcheck32.exe | Browser hijacker, redirecting to search-system.com | No |
| X | MSAdmin | jdbgmrg.exe | Added by the DASMIN.A TROJAN! Note - this is not the valid JDBGMGR.EXE file - see here | No |
| X | MSAgent | mshtm.exe | Browser hijacker - redirecting to buldog-search.com | No |
| X | MSAgent | hhnt.exe | AGENT.JI spyware | No |
| X | MSAgentXP | MSAgentXP.exe | Identified by Ewido Security Suite (Ewido is now part of AVG Technologies) as the REQLOOK.C TROJAN! | No |
| U | msaim | msaolim.exe | MessageSpy keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| X | msappts32 | msappts32.exe | Added by the ELBURRO-A TROJAN! | No |
| Y | MSASCui | MSASCui.exe | Main user interface for Microsoft's Windows Defender on XP/Vista - which "helps protect your computer against pop-ups, slow performance, and security threats caused by spyware and other unwanted software by detecting and removing known spyware from your computer". Used in conjunction with the associated service, this entry is always running and the user also has the option to always display the System Tray icon and monitor/control new startup programs | Yes |
| X | MsAudio | explorer.exe | Added by the LEGMIR-BY TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System% | No |
| X | MsAudio | MsVM_STI.EXE RunDll32 cmicnfg.cpl, CMICtrlWnd | Added by the LEGMIR-BY TROJAN! Note - this is not associated with C-Media based audio which uses a similar command entry (see here) | No |
| X | msavsc.exe | msavsc.exe | Added by the AGENT.ANQ TROJAN! | No |
| X | MSbackups | backups.exe | Added by the BANLOAD-TL TROJAN! | No |
| X | msbb | msbb.exe | 180Search adware | No |
| X | Msbb.exe | Msbb.exe | Added by the SDBOT.QJ WORM! | No |
| X | msbcs | msbcs.exe | Added by the DADOBRA-G TROJAN! | No |
| X | MsBootMgr.exe | MsBootMgr.exe | Added by the VERIFY TROJAN! | No |
| X | msbsc | [path to trojan] | Added by the BANKER-DF TROJAN! | No |
| X | msc | msc.exe | MaCatte Antivirus 2009 rogue security software - not recommended, removal instructions here | No |
| X | msccrt | msccrt.exe | Added by the PWS-ALA TROJAN! | No |
| X | mscheck | rundll32.exe wincheck071008.dll mymain | Added by the AGENT.ADXI TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "wincheck071008.dll" file is located in %System% | No |
| X | mschkdf.exe | mschkdf.exe | Added by a variant of the SDBOT WORM! | No |
| X | MSChoExE | suge.exe | Added by a variant of the RBOT WORM! | No |
| ? | msci | mcinfo.exe | McAfee Internet Security related. What does it do and is it required? | No |
| X | msclac | msclac.exe | Added by the SDBOT-JM WORM! | No |
| X | msclean | msvchost.exe | Added by the OPANKI-Q WORM! | No |
| X | mscman | mscman.exe | ClientMan parasite variant | No |
| X | mscms | mscms.exe | Added by the AGENT-MS TROJAN! | No |
| U | mscn | mscn.exe | Part of the SafeChildNet internet filtering program - required if you use it | No |
| X | Mscnt | mscnt.exe | Added by the DLUCA-C TROJAN! | No |
| X | Mscolour | mscolour.exe | Added by the GEMA TROJAN! | No |
| X | MSCommX | mscommx.exe | Added by a variant of the RBOT WORM! | No |
| X | Msconf32 | Msconf32.exe | Added by the AGOBOT-NR WORM! | No |
| X | MSCONFG32.EXE | MSCONFG32.EXE | Added by the OPTIX.04.C TROJAN! | No |
| N | MSConfig | msconfig.exe | Entry that appears when you uncheck an item in the MSConfig Startup group and will disappear if on the next reboot you select the option to not be reminded that you are running in Selective Startup mode. Located in %System% (98/Me/Vista) or %Windir%\PCHealth\HelpCtr\Binaries (XP) | Yes |
| X | MSConfig | MSCONFIG32.EXE | Added by the SPYBOT.B WORM! | No |
| X | msconfig | msconfig.exe | CoolWebSearch MSConfig parasite variant. Note - this overwrites the legitimate msconfig.exe which should only appear in Msconfig/Startup if you leave the warning box unchecked after changing an Msconfig entry and rebooting | No |
| X | msconfig | msconfig.exe | Added by the WINUR WORM! Note - this is not the legitimate msconfig.exe which should only appear in Msconfig/Startup if you leave the warning box unchecked after changing an Msconfig entry and rebooting. This one is located in c:\winrun | No |
| X | msconfig | wins.exe | Added by the RBOT.PF WORM! | No |
| X | MSConfig | MSCONFIG35.EXE | Added by a variant of the SPYBOT WORM! | No |
| X | msconfig | scvhost.exe | Added by the AGENT-DSF TROJAN! | No |
| X | msconfig | winlog.exe | Added by the IRCBOT-TJ TROJAN! | No |
| X | Msconfig | icpldrvx.exe | Added by the BANLOAD.BFT TROJAN! | No |
| X | msconfig | msconfig.com | Added by the IRCBOT-SM WORM! | No |
| X | msconfig | msconfig.bat | Added by the PAHATIA.B WORM! | No |
| X | MSConfig | lssas.exe | Added by the AUTORUN.CEY WORM! | No |
| X | Msconfig lptt01 | msconfig.exe | RapidBlaster variant (in a "msconfig" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here. Note - this is not the valid Windows Msconfig which has the same executable name | No |
| X | MSConfig Manager | msupdate.exe | CoolWebSearch parasite variant | No |
| X | Msconfig ml097e | msconfig.exe | RapidBlaster variant (in a "msconfig" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here. Note - this is not the valid Windows Msconfig which has the same executable name | No |
| X | msconfig service | MSupdate32.exe | Added by a variant of the SPYBOT WORM! | No |
| X | msconfig. | msconf.exe | Added by the BUZUS-AY WORM! | No |
| X | msconfig.exe | proxy.exe | Added by a variant of the AGENT.AH downloader TROJAN! | No |
| X | msconfig.exe | uline.exe | Added by a variant of the AGENT.AH downloader TROJAN! | No |
| X | msconfig38 | mssvcc.exe | Added by the RBOT-BJV WORM! | No |
| X | MSConfig45 | MSConfig45.exe | Added by the SDBOT.OJ TROJAN! | No |
| X | MSConfigr | jdbgmrg.exe | Added by the DASMIN.C TROJAN! Note - this is not the valid JDBGMGR.EXE file - see here | No |
| N | MSConfigReminder | msconfig.exe | Entry that appears when you uncheck an item in the MSConfig Startup group and will disappear if on the next reboot you select the option to not be reminded that you are running in Selective Startup mode. This particular entry is specific only to 98/Me and is located in %System% | Yes |
| X | MsConfigs | MsConfigs.exe | Added by the ALCAN.A WORM! | No |
| X | MSConfigs | RUNDLL64.dll.vbs | Added by the WEKODE-B WORM! | No |
| X | MSControl28 | crsss.exe | Added by the SPYBOT.AJX WORM! | No |
| X | MSControl31 | winnsyst.exe | Added by the RBOT.CFY WORM! | No |
| X | MSControl3d1 | isasse.exe | Added by the RBOT.CGU WORM! | No |
| X | MSCORE | syscnfg.exe | Added by an unidentified VIRUS, WORM or TROJAN! "syscnfg.exe" is found in %Windir%\fonts\font2 where no *.exe files should reside | No |
| ? | MSCRMStartup | Microsoft.Crm.Application.Hoster.exe | Related to Microsoft Dynamics CRM integrated solutions for Financial, Supply Chain and Customer Relationship Management. What does it do and is it required? | No |
| X | Mscsgs | MSCSGS.EXE | Added by the ZEZER WORM! | No |
| X | Mscsgs32 | MSCSGS32.EXE | Added by the ZEZER WORM! | No |
| X | mscsvc.exe | mscsvc.exe | Added by the BANCOS.T TROJAN! | No |
| X | msctfg32 | msctfg32.exe | Added by the RBOT-TJ WORM! | No |
| X | msctrl.exe | msctrl.exe | Microsoft Security Adviser rogue security software - not recommended | No |
| X | Msctrl32 | Msctrl32.scr | Added by the REDIST WORM! | No |
| X | MSCVT | MSCVT.exe | Added by the SLIDESHOW WORM! | No |
| X | MSDatabla | vadasq.exe | Added by the LIOTEN.IK WORM! | No |
| X | msdbgm.exe | msdbgm.exe | Added by the CIMUZ-CQ TROJAN! | No |
| X | MSDcom | MSDcom.exe | Added by a variant of the SDBOT WORM! | No |
| X | msdefender | msdefender.exe | Identified as a variant of the PAKES.CMD TROJAN! See here for an example | No |
| X | msdefender.exe | msdefender.exe | Added by the PAKES.ZL TROJAN! | No |
| X | msdev | msdev.exe | Added by the FORBOT-CR WORM! | No |
| X | msdev | msconfig.exe | Added by the AGOBOT.AAU WORM! Note - this is not the legitimate msconfig.exe which should only appear in Msconfig/Startup if you leave the warning box unchecked after changing an Msconfig entry and rebooting | No |
| X | msdev control | msdevctrl.exe | Added by the SPYBOT.N BACKDOOR! | No |
| X | msdir32 | msdir32.bat | Added by the ROOKIE-A TROJAN! | No |
| X | msdirect.exe | msdirect.exe | Added by the CERTIF-L TROJAN! | No |
| X | MSDLL | syscnfg.exe | Added by an unidentified VIRUS, WORM or TROJAN! "syscnfg.exe" is found in %Windir%\fonts\font2 where no *.exe files should reside | No |
| X | Msdmxm | msdmxm.exe | Added by the DLUCA-DC TROJAN! | No |
| X | MSDN | nese.exe | Added by the SDBOT.AHY WORM! | No |
| X | MSDN for Windows NT | msdn.exe | Added by a variant of the RBOT WORM! | No |
| X | MSDN for Windows NT & WinXP | msdnxp.exe | Added by the IRCBOT-PE WORM! | No |
| X | MSDN for Windows with NT's | msdn-nt.exe | Added by the RBOT-EWD WORM! | No |
| X | MSDN HELP | msdn.exe | Added by the AGOBOT.AIB WORM! | No |
| X | MSDNMess | [path to trojan] | Added by the RANKY.BA TROJAN! | No |
| X | MSDNN | help.exe | Added by the AGENT-GBK TROJAN! | No |
| X | MSDOS Security Service | msdos.pif | Added by the RBOT-AMP WORM! | No |
| X | MSDOS Service | MSDOS.PIF | Added by the RBOT-AIY WORM! | No |
| X | MSDOS Windows Service | MSDOS.PIF | Added by the RBOT-AKF WORM! | No |
| X | Msdos32 | Msdos32.pif | Added by the RECORY WORM! | No |
| X | msdos423 | msdos423.exe | Added by the MENACE.A WORM! | No |
| X | MSDosdrv | msdosdrv.exe | Added by the BACROS WORM! | No |
| X | MSDrive | rundll32.exe drvkoc.dll | Added by a variant of the OP DIALER! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "drvkoc.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| X | MSDrive | rundll32.exe drvmod.dll | Added by a variant of the OP DIALER! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "drvmod.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| X | MSDrive | rundll32.exe drvsoh.dll | Added by a variant of the OP DIALER! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "drvsoh.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| X | MSDRV | NetFilter.exe | Added by the INTERRUPDATE TROJAN! | No |
| X | msdrvctrl | msdrvctrl.exe | Added by the VIDCACH-A TROJAN! | No |
| N | MSDTC | msdtc.exe | MS Distributed Transaction Coordinator - handles transactions across multiple servers and is installed by MS Personal Web Server and MS SQL Server | No |
| X | Msemu32 | Msemu32.exe | Unidentified spyware/adware/hijacker | No |
| X | msennger | l4m3r.exe | Added by the PROGENT-AF TROJAN! | No |
| X | msennger | ournik.com | Added by the IRCFLOOD.AL BACKDOOR! | No |
| X | mserv | seres.exe | Added by the AGENT-LIL WORM! | No |
| X | mservices.exe | mservices.exe | Added by the SDBOT.WJ WORM! | No |
| X | mset | svchost.exe | Added by the BIZEX-F TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "mset" sub-directory | No |
| X | Msfind | Msfind.exe | CoolWebSearch parasite variant | No |
| X | MSFind32 | msfind32.exe | Added by the CAYAM WORM! | No |
| X | msfindosa.exe | msfindosa.exe | Added by the DOWNLOADER-BS TROJAN! | No |
| X | MSFTP Service Config | r3grun.exe | Added by a variant of the SDBOT WORM! | No |
| X | msfw.exe | msfw.exe | Microsoft Security Adviser rogue security software - not recommended | No |
| X | MSFWAVTSM | FTPDev.exe | Added by the RBOT-ACF WORM! | No |
| X | Msg Fixage | msgfixed.exe | Added by the SDBOT.ZD WORM! | No |
| X | MsgApi | [path to file] | Added by the DEDLER-D TROJAN! The most common filenames seen are "csmss.exe" and "csmrs.exe", located in %System% | No |
| X | msgb1 | msgb1.exe | Added by the DLUCA.GEN TROJAN! | No |
| N | MsgCenterExe | RealOneMessageCenter.exe | RealNetworks RealPlayer related - disabling this application will not affect Real Player in any way | No |
| X | msgex32 | msgex32.exe | Added by the APPFLET-A WORM! | No |
| X | msgina | wuauclt2.exe | Added by the IYUS-H TROJAN! | No |
| X | Msgmgr | [path to worm] | Added by the BABYBEAR WORM! | No |
| X | msgmsgs | peremption.exe | Added by the SDBOT-KU WORM! | No |
| X | msgserv_ | Syss.exe | Added by the FANTA TROJAN! | No |
| X | msgsm32 | msgsm32.exe | Added by the RBOT-ASG WORM! | No |
| X | Msgsrv16 | Msgsrv16.exe | Added by the DELF family of TROJANS! | No |
| Y | MSGSRV32.exe | msgsrv32.exe | Windows 32-bit VxD Message Server. For more information on its function and why it's needed, see here. Note - why some people have it listed in start-up programs I don't know but I was asked to include it here. It automatically runs in the background | No |
| X | Msgsvc32 | [worm filename] | Added by the NAUTICAL-A WORM! | No |
| X | MsgSvcMgr32 | cmdzxdll.exe | Added by the RBOT-AEK WORM! | No |
| X | msgsvr32 | msgsvr32.exe | Added by the DEADHAT.B WORM! Note - this is not the legitimate msgsvr32.exe process on a Win9x/Me system which should not appear in MSConfig/startup! | No |
| U | MSGTAG | MSGTAG.exe | MSGTAG is an application that tells you when your emails have been received and opened | No |
| X | Msgtray | sys16.exe | Added by an unknown VIRUS! | No |
| X | Mshelp32 | mshelp32.exe | CoolWebSearch parasite variant | No |
| X | Mshosts | Mshosts.exe | Added by the STARTPAG.CF TROJAN! | No |
| X | MSHT@ | MSHT@.EXE | Added by the MAGISTR.A VIRUS! | No |
| X | mshtmll | mshtmll.dll | Added by the DELF.BAS TROJAN! | No |
| X | MSI Configuration | msiconf.exe | Added by the AGENT.AKSZ TROJAN! | No |
| X | msiconf.exe | msiconf.exe | Added by a variant of the FAKEALERT TROJAN! | No |
| X | msidle | msidle.exe | Added by the OPASERV-O WORM! | No |
| X | MsIdle32.exe | MsIdle32.exe | Added by the VERIFY TROJAN! | No |
| X | MSIdll | winmp.exe | Added by a variant of the RBOT WORM! | No |
| X | MSIE Parsers | MSIE32ab.exe | Added by the SDBOT.MV WORM! | No |
| X | msiemon.exe | msiemon.exe | Microsoft Security Adviser rogue security software - not recommended | No |
| X | msiew | mseiw.exe | Added by the LITTLOG TROJAN! | No |
| X | MSIEXEC | MSIEXEC32.exe | Added by the AINESEY.A WORM! | No |
| X | MSIEXEC | MSIEXEC.EXE | Added by the YOSENIO-A VIRUS! | No |
| X | msiexecs | msiexecs.exe | Added by the SILLYFDC.BBB WORM! | No |
| X | msiexecs.exe | msiexecs.exe | Added by a variant of the SDBOT WORM! | No |
| X | msig | disk10.exe | Added by the BANBRA-KF TROJAN! | No |
| X | MsIMMs32 | MsIMMs32.exe | ONLINEG.GDJ spyware | No |
| X | msimn | msimn.exe | Added by the AGOBOT.JL WORM! | No |
| X | MSIMN32 | MSIMN32.EXE | Added by the CWS-M TROJAN! | No |
| ? | MSIN | MSin.exe | ?? | No |
| X | Msinet | Msinet.exe | Added by the RBOT-AOA WORM! | No |
| X | MSInfo | msinfo.exe | Added by the ALADINZ.M TROJAN! | No |
| X | MSInfo | AVBgle.exe | Added by the NETSKY.O WORM! | No |
| X | MSInstall | smvss.exe | Added by the DEDLER-G TROJAN! | No |
| X | msjava service | xpcd.exe | Added by the SDBOT.VM WORM! | No |
| X | msjdqs | fddwqt.exe | Added by the SDBOT-PO WORM! | No |
| U | MskAgent | MskAgent.exe | McAfee SpamKiller - rule-based and list-based spam filter. Available as a stand-alone product or included in older versions of Internet Security and Total Protection | Yes |
| U | MskAgentexe | MskAgent.exe | McAfee SpamKiller - rule-based and list-based spam filter. Available as a stand-alone product or included in older versions of Internet Security and Total Protection | Yes |
| X | MSKCES32 | [random filename] | Added by the CLONER TROJAN! | No |
| U | MSKDetectorExe | MSKDetct.exe | Part of McAfee Spamkiller | No |
| X | MSKernel32 | MSKernel32.vbs | Added by the LOVELETTER (I LOVE YOU) VIRUS! | No |
| X | MSkernel32 | System.exe 4820 | Added by the TUXDER BACKDOOR! | No |
| U | MSKExe | spamkiller.exe | McAfee Spamkiller | No |
| X | mskj | mskj.exe | Added by the KAEMON TROJAN! | No |
| X | mskrider | maskrider.dll.vbs | Added by the SOLOW-F WORM! | No |
| U | MSKServerExe | MSKSrvr.exe | Part of McAfee Spamkiller | No |
| X | mslagent | mslagent.exe | Added by the WINTRIM-F TROJAN! | No |
| X | MSLARISSA | MSLARISSA.pif | Added by the ASSIRAL.B WORM! | No |
| ? | MSLIB32 | mswatch32.exe | ?? | No |
| X | msliveupdate | msliveupdate.exe | Added by the AGOBOT.ALT WORM! | No |
| X | MSLog | MicrosoftLog.exe | Added by a variant of the SDBOT WORM! | No |
| X | Mslogon lptt01 | mslogon.exe | RapidBlaster variant (in a "Mslogon" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here | No |
| X | Mslogon ml097e | mslogon.exe | RapidBlaster variant (in a "Mslogon" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here | No |
| X | msm | msm.scr | Added by the BANKER-EHJ TROJAN! | No |
| X | msmacro32 | msmacro32.exe | Identified as a variant of the AGENT.QB TROJAN! | No |
| X | msmacro32 | msmacro64.exe | Added by a variant of the BACKDOOR-DOQ TROJAN! | No |
| X | MsManager | msmgr32.exe | Added by the YAHA.AF WORM! | No |
| X | msmanager32 | msmngr32.exe | Added by the RANDON-R (or WOMANIZ.A) WORM! | No |
| X | msmautoprotect | msmssgs.exe | Added by the BIFROSE-AJ TROJAN! | No |
| X | msmc | mscpbo.exe | ClientMan parasite variant | No |
| X | msmc | msgdmf.exe | ClientMan parasite variant | No |
| X | msmc | msongn.exe | ClientMan parasite variant | No |
| X | msmc | msmc.exe | ClientMan parasite variant | No |
| X | msmc | ms****.exe [* = random char] | ClientMan parasite variant | No |
| X | MSMcAfeee | Avsynmgr32e.exe | Added by the FRAMAR TROJAN! | No |
| X | MSMcAfeeh | Avsynmgr32h.exe | Added by the FRANGO TROJAN! | No |
| X | MSMcAfeeS | Avsynmgr32S.exe | Added by the VOLAC or VOLAC.DR TROJANS! | No |
| X | MSMessnger | msnupd.exe | Added by the RBOT-ADY WORM! | No |
| ? | msmgr | msmgr.exe | ?? | No |
| X | msMGR | rtkmsg.exe | Added by the SDBOT-BPY WORM! | No |
| X | Msmgt | msmgt.exe | Total Velocity adware/hijacker | No |
| X | msmmi | msmmi.exe | Added by the AGENT.RFR TROJAN! | No |
| X | MSMNTGNT | MSMNTGNT.EXE | Added by the BANKER-IE TROJAN! | No |
| X | MSMNTJBE | MSMNTJBE.EXE | Added by the BANCOS-EF TROJAN! | No |
| X | MSMNTJNG | MSMNTJNG.EXE | Added by the GRABER-G TROJAN! | No |
| X | MSMNTMTS | MSMNTMTS.EXE | Added by the BANKER-GZ TROJAN! | No |
| X | msmon | msmon.exe | Added by a variant of the GEMA.D TROJAN! | No |
| X | MsMon32 | MsMon32b.exe | Added by the SDBOT.O BACKDOOR! | No |
| X | MsMovies | MsMovies.exe | Malware - detected by Kaspersky as the WINAD.H TROJAN! | No |
| ? | MsmqIntCert | regsvr32 /s mqrt.dll | Microsoft Message Queue Server - Internal Certificate - see here for more info and here for a potential problem. Is it required? | No |
| X | MSMSGNER | [4-8 random letters].exe | Added by the FOWLDO-GEN TROJAN! | No |
| X | MSMSGNER | zzgf.exe | Added by the PWS-CCB TROJAN! | No |
| X | MSMSGNER | fgozmox.exe | Added by the AGENT-EBJ BACKDOOR! | No |
| X | msmsgr | msmsgss.exe | Detected by Kaspersky as the RBOT.AJJ WORM! | No |
| N | MSMSGS | msmsgs.exe | Windows Messenger instant messenger utility included with Windows 2K/XP. Available via the Start menu. Go to Windows Messenger → Tools → Options → Preferences and uncheck "Run this program when Windows starts" | Yes |
| X | Msmsgs | Msmsgs.exe | Added by the SILLYFDC-AP WORM! Note - this particular msmsgs.exe file is located in %System% and should not be mistaken for the MSN Messenger file of the same name which is located in %Program Files%\Messenger | No |
| X | MSMsgs | msmessgs.exe | Added by the SMALL-EW TROJAN! | No |
| X | msmsgs | msmsgs.exe | Added by the SCLOG-AL TROJAN! Note - this particular msmsgs.exe file is located in %System% and should not be mistaken for the MSN Messenger file of the same name which is located in %Program Files%\Messenger | No |
| X | MSMSGS | winlogon.exe | Added by the BRONTOK-BS WORM! Note - this is not the legitimate winlogon.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in Documents and Settings\<User>\Local Settings\Application Data\WINDOWS | No |
| X | msmsgs.exe | IEXPLORE.EXE | Added by the VB.FQX TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System% | No |
| X | MsMsgSrv | msmsgsrv.exe | Added by the CQO TROJAN! | No |
| X | msmsgss | [path to trojan] | Added by the RANKY.G BACKDOOR! | No |
| X | MSMsgSvc | MSMSGSVC.exe | Browser hijacker, identified by some antiviruses as a variant of the StartPage.QC TROJAN! | No |
| X | msmsngr | msmsngr.exe | Added by the DOPBOT-B WORM! | No |
| X | msn | system32.exe | Added by the KITRO.A WORM! | No |
| X | msn | msnmsg.exe | Added by the RBOT-GO WORM! | No |
| X | MSN | msnmsgs.exe | Added by the RBOT-KL WORM! Note - not to be confused with msmsgs.exe, the well known MSN Instant Messaging application! | No |
| X | MSN | ctfmoons.exe | Added by the SPYBOT.HI WORM! | No |
| X | MSN | msnmesengers.exe | Added by the RBOT-ME WORM! | No |
| X | MSN | MSN.exe | Added by the MINIT WORM! | No |
| X | MSN | msnmsgr.exe | Added by the MYTOB or MYTOB.B WORMS! Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %System% | No |
| X | msn | msnsvc.exe | Added by a variant of the SDBOT WORM! | No |
| X | MSN | msn16.exe | Added by the SDBOT-VN WORM! | No |
| X | MSN | msnsgr.exe | Added by an unidentified WORM or TROJAN! | No |
| X | MSN | install.exe | Added by the AGENT-GDO TROJAN! | No |
| X | MSN | netstats.exe | Added by the IRCBOT.UXP WORM! | No |
| X | MSN | scvhost.exe | Added by the IRCBOT-ZW WORM! | No |
| X | MSN | wdlrss.exe | Added by a variant of the SDBOT TROJAN! | No |
| X | MSN | wkssvr.exe | Added by the PUSHBOT.S WORM! | No |
| X | MSN | Fixdriver.exe | Added by the SILLYFDC.BBY WORM! | No |
| X | MSN | iTuneshelp.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | MSN | lsass32.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | MSN | msscomd.exe | Added by a variant of the SPYBOT WORM! See here | No |
| X | MSN | systems.exe | Identified as a variant of the Backdoor.PosionIvy keylogging malware | No |
| X | MSN | taskngr.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | MSN | wkssvrs.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | MSN | wksvr.exe | Added by the IRCBOT-XU WORM! | No |
| X | MSN | wmev.exe | Added by a variant of the SPYBOT WORM! See here | No |
| X | MSN | kys7r.exe | Added by the AUTORUN-AR WORM! | No |
| X | MSN | services51651.exe | Added by the IRCBOT-AAL TROJAN! | No |
| X | Msn | rundll32.exe ilss32.dll,network | Added by the BANLO-E TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| X | msn | winlogon.exe | Added by the PROSTI.AA BACKDOOR! Note - this is not the legitimate winlogon.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\Media | No |
| X | MSN | msnmsgx.exe | Added by the RBOT-PZ WORM! | No |
| X | MSN | msservice.exe | Added by the IRCBOT-ABZ TROJAN! | No |
| X | MSN | smsss.exe | Added by the BUZUS-D WORM! | No |
| X | Msn 8.0 Live | msn.exe | Added by the BANKER.EIE TROJAN! | No |
| X | MSN 9.0 Plus | [random letters].exe | Added by the RBOT-ALY WORM! | No |
| X | MSN Administration For Windows | msnadp32.exe | Added by the BROPIA.W WORM! | No |
| X | MSN ang | cssrss.exe | Added by the FORBOT-CE WORM! | No |
| X | MSN Auto-Updater | msnaupdater.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| X | MSN Auto-Updater | msnupdates.exe | Added by the AUTORUN.WORM.GEN WORM! | No |
| X | MSN BETA | service.exe | Added by the RBOT.AUU WORM! | No |
| X | MSN Booster | msnbooster.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Msn Boot | msnbootcfg.exe | Added by the IRCBOT.BFU BACKDOOR! | No |
| X | MSN Checker | msnchecker.exe | Added by the SDBOT-AGB WORM! | No |
| X | MSN Client Manager | msnclimgr.exe | Added by the AUTORUN-FV WORM! | No |
| X | MSN CNF Manager | msncnfmgr.exe | Added by the VUNDO TROJAN! | No |
| X | MSN Communication Manager | msncommgr.exe | Added by an unidentified WORM or TROJAN! See here | No |
| X | Msn Config | msngf.exe | Added by the RBOT-QG WORM! | No |
| X | MSN Configuration | msnconfig.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | Msn Configuration Loader | msngms.exe | Added by the KELVIR.T WORM! | No |
| X | MSN CST Manager | mancstmgr.exe | Added by an unidentified WORM or TROJAN! See here | No |
| X | MSN Database Client | msndbcli.exe | Added by an unidentified WORM or TROJAN! See here | No |
| X | MSN Debug Mgr | msndebugs.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | MSN Explorer | msnexplorer.exe | Added by the AGENT-CAX TROJAN! | No |
| X | MSN Explorer | explorer..exe | Dropper for the Ciadoor.cb TROJAN! | No |
| X | MSN File & Folder Sharing App | msnfileshare.exe | Added by an unidentified WORM or TROJAN! See here | No |
| X | MSN File Configuration | msnfilecfg.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| X | MSN File Sharing | msnusr.exe | Added by the SLENFBOT.AM WORM! | No |
| X | MSN File Sharing Wizard | msnsharewiz.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| X | MSN File Sharing! | msnuser.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | MSN Funny Images | imsngsr.exe | Added by the AGOBOT-TT WORM! | No |
| X | MSN Gaming Zone | Twain.exe | Added by the AGENT.BEA TROJAN! | No |
| X | MSN Hostn | msnhostn.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| N | MSN Internet Access | trayclnt.exe | Quick way to connect to MSN internet service - replaces "MSN Quick View" from V5.6 onwards | No |
| X | MSN Live Client | msnlvclient.exe | Added by the IRCBOT.AWF BACKDOOR! | No |
| X | MSN Live Messanger | msnlivegs.exe | Added by the RBOT-FSG WORM! | No |
| X | MSN Manager | cvss.exe | Added by a variant of the SPYBOT WORM! | No |
| X | MSN Manager | mscmgr.exe | Unidentified malware - causes multiple browser windows to open | No |
| X | MSN Manager | msnmgrsv.exe | Added by the IRCBOT.BAZ BACKDOOR! | No |
| X | MSN Manager | usnmsn.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | Msn Message Acount Helper 7.7 | msnmessage7.7.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | MSN Message Background loader | msnmesg.exe | Added by a variant of the RBOT WORM! | No |
| X | MSN Message Service | msnmsg.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Msn Messager | msnmsgr.exe | Added by the DOWNLOADER.19456.C TROJAN! Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %System% | No |
| X | MSN Messager | msnmgr.exe | Added by the IRCBOT-ACD WORM! | No |
| X | MSN Messages | msnmesg.exe | Added by the RBOT-ACN WORM! | No |
| X | MSN Messages | msnmessgs.exe | Added by the SLENFBOT.UC WORM! | No |
| X | MSN Messanger | msnmsng.exe | Added by the SDBOT.XN WORM! | No |
| X | MSN messanger | msnmsgsm.exe | Added by the RBOT-FMP WORM! | No |
| X | MSN Messanger | msnmsgsmn.exe | Added by the RBOT-FOQ WORM! | No |
| X | Msn Messanger | crsss.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| X | Msn Messanger | msnmsgem.exe | Added by the RBOT.BLL BACKDOOR! | No |
| X | MSN Messanger | System.exe | Added by the IRCBOT-AFX TROJAN! | No |
| X | MSN Messanger Live | winntmsn.exe | Added by the RBOT-FSO WORM! | No |
| X | Msn Messeng | windns.exe | Added by a variant of the RBOT WORM! | No |
| X | Msn Messenge | IExplorer.exe | Added by the DELF-LL TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe) | No |
| X | MSN messenger | messenger.exe | Added by an unidentified TROJAN! Note - this is not the real MSN Messenger | No |
| X | Msn Messenger | msnmsgs.exe | Added by the LOONY-P TROJAN! Note - not to be confused with msmsgs.exe, the well known MSN Instant Messaging application! | No |
| X | MSN Messenger | Reosmsngr.exe | Added by a variant of the SPYBOT WORM! | No |
| X | MSN MESSENGER | msmmsgr.exe | Added by the KELVIR.Q WORM! | No |
| X | MSN Messenger | msnmsgr.exe | Added by the AGOBOT.AOQ WORM! Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %System% | No |
| X | MSN Messenger | msmsgs.exe | Added by the ZLOB TROJAN! Note - this particular msmsgs.exe file is located in %System% and should not be mistaken for the MSN Messenger file of the same name which is located in %Program Files%\Messenger | No |
| X | MSN Messenger | msnmsngr.exe | Added by a variant of the RBOT WORM! | No |
| X | MSN Messenger | IExplorer.exe | Added by the BANKER-EU TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe) | No |
| X | Msn Messenger | msnmsnr.exe | Added by the BANKER-GG TROJAN! | No |
| X | MSN Messenger | PIC1324.exe | Added by the CHOKE.C WORM! | No |
| X | MSN Messenger | explorer..exe | Dropper for the Ciadoor.cb TROJAN! | No |
| X | Msn Messenger | nkbf.exe | Added by the RBOT-GMQ WORM! | No |
| X | MSN Messenger | live.messenger.com | Added by the DELF.AOI BACKDOOR! | No |
| X | Msn Messenger | msnmgr.exe | Added by the AGOBOT.HA WORM! | No |
| X | MSN Messenger | msnmsxp.exe | Added by the AGOBOT-O WORM! | No |
| N | MSN Messenger | MsnMsgr.exe | MSN Messenger utility (now replaced by Windows Live Messenger) - available via the Start menu. Disable by clicking on Tools → Options → General → deselect "Automatically run Messenger when I log on to Windows" | Yes |
| X | MSN Messenger 32 | msniu.exe | Added by the RBOT-AWB WORM! | No |
| X | MSN Messenger 323 | msniu3.exe | Added by the RBOT-AXB WORM! | No |
| X | MSN Messenger 6.2 | tyd.exe | Added by a variant of the RBOT WORM! | No |
| X | MSN MESSENGER 9.0 | messengerr.exe | Added by a variant of the RBOT WORM! | No |
| X | MSN Messenger BETA 7 | bbsdf.exe | Added by the RANKY.AA TROJAN! Note - this is not a valid MSN Messenger variant | No |
| X | MSN Messenger Inbox Loader | msninbox.exe | Added by the SLENFBOT.YG WORM! | No |
| X | MSN Messenger Live Login | msnmessengerlive.exe | Added by an unidentified WORM or TROJAN! See here | No |
| X | MSN Messenger Live Windows | messengerlive.exe | Added by an unidentified WORM or TROJAN! See here | No |
| X | MSN messenger service | mssgs.exe | Added by an unidentified TROJAN! | No |
| X | Msn Messenger Service | msnmsg.exe | Added by the SDBOT.BMU WORM! | No |
| X | MSN Messenger Service Starter | msnmgsr.exe | Added by the RBOT-AOS WORM! | No |
| X | MSN Messenger Service Startup | msnservice.exe | Added by a variant of the RBOT WORM! See here | No |
| X | MSN Messenger Services | msnmgr.exe | Added by the RBOT.ADF TROJAN! | No |
| X | MSN Messenger Services | msnmgr.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Msn Messenger Update | msnupdate.exe | Added by a variant of the RBOT WORM! | No |
| X | Msn Messenger update | msnservice.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| X | MSN Messenger User Controls | msmsgr.exe | Added by the KELVIR.HI WORM! | No |
| X | Msn Messengers | MSNMSGR.EXE | Added by the RBOT.KX WORM! Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %System% | No |
| X | MSN Messengger | MsRun32.exe | Added by the IMAUT.CO WORM! | No |
| X | Msn Messsenger | regsvr.exe | Added by the AGENT-GXM TROJAN! | No |
| X | MSN MMISSENGER | mssmmspgr.exe | Added by the KELVIR.AJ WORM! | No |
| X | MSN P2P Manager | msnp2pmgr.exe | Added by the SLENFBOT.YH WORM! | No |
| X | Msn Patch | msndp.exe | Added by the RBOT.AAI WORM! | No |
| X | Msn Patches | msndr.exe | Added by a variant of the SDBOT WORM! | No |
| X | Msn Plus Updater | msnplus.exe | Added by the RBOT-MU WORM! | No |
| X | MSN Popup Blocker | msnpopblck.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Msn Processe Manager | msni32.exe | Added by the RBOT-ADX WORM! | No |
| N | MSN Quick View | Msndc.exe | Quick way to connect to MSN internet service | No |
| X | MSN Registry loader | msmnwin.exe | Added by the KELVIR.FK WORM! | No |
| X | MSN Router | msnrouter.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | MSN RPC Manager | msnrpcmgr.exe | Added by an unidentified WORM or TROJAN! See here | No |
| X | MSN Rx Manager | msnrxmgr.exe | Added by an unidentified WORM or TROJAN! See here | No |
| N | MSN Search Toolbar | WindowsSearch.exe | System Tray access to Windows Desktop Search for XP from Microsoft - which adds additional search options including a search box on the Taskbar. For this version, this entry also runs the indexing function at startup - which indexes files and e-mails items so you can quickly find words and phrases. Disabling this entry does not affect the normal operation and indexing will occur when you next perform a search. This is the Windows Defender entry when installed with versions of the MSN Search Toolbar which included Windows Desktop Search | Yes |
| X | MSN Security Agent | msnsecure.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| X | MSN Serv | msmsnserv.exe | Added by the IRCBOT.AVF BACKDOOR! | No |
| X | Msn Serv | msnserv.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | MSN Server | msmsnserver.exe | Added by the IRCBOT.AUS BACKDOOR! | No |
| X | MSN service | msnmgr16.exe | Added by a variant of the RBOT WORM! | No |
| X | MSN Service | amsnmsgrs.exe | Added by a variant of the SDBOT WORM! | No |
| X | Msn Service | matrixcam.exe | Added by the MYTOB.JH WORM! | No |
| X | Msn Service | raloded.exe | Added by the MYTOB-DY WORM! | No |
| X | MSN service | msnmsgr16.exe | Added by the RBOT-RZ WORM! | No |
| X | MSN service | NTDKRN.EXE | Added by the RBOT.UJ WORM! | No |
| X | MSN Service | msnsvc.exe | Added by the SLENFBOT.EG WORM! | No |
| X | MSN Service Updates | winproc.exe | Added by the KELVIR-BB WORM! | No |
| X | MSN Service Utilities | nkn.exe | Added by the KELVIR-BC WORM! | No |
| X | MSN Service! | msnservice.exe | Added by a variant of the RBOT WORM! See here | No |
| X | MSN Servicer | msnsrv.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | MSN Servicer | msnservicer.exe | Added by the SLENFBOT.PQ WORM! | No |
| X | MSN Services | msnserv.exe | Added by a variant of the IRCBOT TROJAN! See here | No |
| X | MSN Services | msnservice.exe | Added by the IMPARD-A TROJAN! | No |
| X | MSN Settings | msnsettings.exe | Added by the IRCBOT.AWH BACKDOOR! | No |
| X | MSN Settings Manager | msnsetmg.exe | Added by an unidentified WORM or TROJAN! See here | No |
| X | MSN Setup | MSN.msn | Added by the JAMBU WORM! | No |
| X | MSN Software | msnsoftware.exe | Added by the IRCBOT.AWD BACKDOOR! | No |
| X | MSN Start | msnmsgr7.exe | Added by the RBOT-PH WORM! | No |
| X | Msn Startup | msnstartup.exe | Added by the ARBOT.AA WORM! | No |
| N | MSN Toolbar | mswinext.exe | MSN Toolbar from version 4.0 onwards. This entry loads the toolbar into memory at start-up before you open your internet browser. Not required - it will load with the browser and remains in memory after the browser is closed | Yes |
| X | MSN Tray Monitor | msnmsgr.exe | Added by the SDBOT.FKX WORM! Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %System%\inetsrv | No |
| X | MSN Update | mscon.exe | Added by the RBOT-QA WORM! | No |
| X | MSN Update | msn32.exe | Added by the RBOT.AHN WORM! | No |
| X | MSN Update | DLLCON.EXE | Added by the RBOT-EA WORM! | No |
| X | MSN Update Cfg | msnupdbt.exe | Added by an unidentified WORM or TROJAN! See here | No |
| X | MSN Update Client | msnupdater.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| X | MSN Update Client | msnupdcli.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| X | Msn Update Manager (Sp2) | MSMSGS.EXE | Added by the AGOBOT-NL WORM! Note - this particular msmsgs.exe file is located in %System% and should not be mistaken for the MSN Messenger file of the same name which is located in %Program Files%\Messenger | No |
| X | Msn Update Service | userx.exe | Added by the MYTOB.JF WORM! | No |
| X | MSN Update Service | msnupdsv.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Msn Update SUPPORT | [random filename] | Added by the RBOT-BPS WORM! | No |
| X | MSN Updater | msnms.exe | Added by the FORBOT-CG WORM! | No |
| X | Msn Updater | msnplugins.exe | Added by the RBOT-HS WORM! | No |
| X | Msn Updater | windatemanager.exe | Added by the SDBOT.TS WORM! | No |
| X | MSN UPDATERS | virtualmemory.exe | Added by the RBOT-JK WORM! | No |
| X | MSN Updating | msnupdate.exe | Added by the QHOST.AEI TROJAN! | No |
| X | msn upddate | mesenger.exe | Added by the RBOT-AVZ WORM! | No |
| X | MSN User | mymsnusr.exe | Added by the IRCBOT.AVD BACKDOOR! | No |
| X | MSN User Server | msnserver.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | MSN User Server! | msnservices.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | MSN User Service | msnsvc.exe | Added by the SLENFBOT.NS WORM! | No |
| X | MSN User Service! | msnserv.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | MSN User Services | msnuserv.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | MSN User Svc | msnusnsvc.exe | Added by the IRCBOT.AVV BACKDOOR! | No |
| U | MSN Video Enhanced | MSNVE.exe | "MSN Video Enhanced can play videos that have dramatically improved video quality and sound. It can play the latest high-quality videos at the best possible quality." No longer appears to exist | No |
| N | MSN Webcam Recorder | ml20gui.exe | "MSN Webcam Recorder is a tool that allows you to record video streamed to and from your computer by MSN Messenger's Webcam Feature" | No |
| N | MSN® Toolbar | mswinext.exe | MSN Toolbar from version 4.0 onwards. This entry loads the toolbar into memory at start-up before you open your internet browser. Not required - it will load with the browser and remains in memory after the browser is closed | Yes |
| X | msn.exe | son.exe | Added by the STARTPA-GS TROJAN! | No |
| X | MSN32 X Service | MSN32x.EXE | Added by an unidentified WORM! | No |
| X | MSN6.1 Auto-Updater | v6msn.exe | Added by the AUTORUN-MM WORM! | No |
| X | MSN8m Startup | msn8m.exe | Added by a variant of the RBOT WORM! | No |
| X | msnager32 | svchostt.exe | Added by the WOMANIZ.E TROJAN! | No |
| N | msnappau | msnappau.exe | Updater for the MSN toolbar that can be downloaded onto IE. Calls home every day or so to "update" the toolbar | No |
| X | Msnarrator | msnarrator.exe | Added by the NARAT.A TROJAN! - also identified as MPGCOM Toolbar adware | No |
| X | MSNavWH | MSWkwrH.exe | Added by the ANAV-A WORM! | No |
| X | msndrvsys | msndrvsys.exe | Added by the BROGGER-D TROJAN! | No |
| X | MSNET | msnet.exe | Added by the BOA WORM! | No |
| X | MsnExplorer | winagent.exe | Added by the BDOOR-EQ BACKDOOR! | No |
| X | MsnExplorer | MSEXPLOREN.EXE | Added by the BDOOR-EB BACKDOOR! | No |
| X | MsnExplorer | SHCH.EXE | Added by the BDOOR-EB BACKDOOR! | No |
| X | MsnExplorer | SVCHST.EXE | Added by the BDOOR-EB BACKDOOR! | No |
| X | MsnExplorer | msnexploren.exe | Added by the TACTSLAY.B TROJAN! | No |
| X | MsnExplorer | sdhch.exe | Added by the TACTSLAY.B TROJAN! | No |
| ? | MsnFixer | msnfixjs.js | Located in the HPbinmsnfix directory of a HP PC | No |
| X | MSNGrabber | MSNgrabber.exe | Added by the ENVID.A WORM! | No |
| X | msngta32 | msngta32.exe | Added by a variant of the RBOT WORM! | No |
| N | MSNIA | MSNIASVC.EXE | Added with MSN version 9. Resets certain internet settings upon bootup and can't be disabled via MSCONFIG | No |
| X | msnload32.exe | msnload32.exe | Added by the BANCOS.M TROJAN! | No |
| X | MSNMESENGER | Main.exe | Added by the PRORAT TROJAN! | No |
| X | msnmessenger | msnmessenger.exe | Added by the BANCBAN-KJ TROJAN! | No |
| X | MsnMessengerSvc | msnmsgr.exe | Added by a variant of the RBOT WORM! Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %System% | No |
| X | msnmgnr | msnmgnr.exe | Added by the KOLAB.TC WORM! | No |
| X | msnmgr | msnmgr.exe | Added by the BIFROSE-K WORM! | No |
| U | MsnMonitor | MsnMonitor.exe | MSN Messenger Monitor Sniffer surveillance software for the MSN instant messenger. Uninstall this software unless you put it there yourself | No |
| X | msnmsg | asgag.exe | CoolWebSearch parasite variant | No |
| X | msnmsg | TBC.exe | Added by an unidentified TROJAN! | No |
| X | msnmsg | msnmsg.exe | Added by the BANKER-CLX TROJAN! | No |
| X | msnmsg.exe | mscmd32.exe | Added by a variant of the AGENT.AH TROJAN! | No |
| X | msnmsg.exe | msnmsg.exe | Added by the BANCBAN-KN TROJAN! | No |
| X | msnmsgq32 | msnmsgq.exe | Added by the TACTSLAY.H TROJAN! | No |
| X | msnmsgq32 | msnmsgq32.exe | Added by the TACTSLAY.F TROJAN! | No |
| X | msnmsgq32 | sssasasb32.exe | Added by the TACTSLAY.F TROJAN! | No |
| N | msnmsgr | msnmsgr.exe | Windows Live Messenger or the older MSN Messenger utility - available via the Start menu. For Windows Live Messenger, disable by clicking on the "Show menu" icon and select Tools → Options → Sign In → deselect "Automatically run Windows Live Messenger when I log on to Windows". For MSN Messenger, disable by clicking on Tools → Options → General → deselect "Automatically run Messenger when I log on to Windows" | Yes |
| X | MsnMsgr | MsnMsgrs.exe | Added by the NETSKY.AD WORM! | No |
| X | MsnMsgr | msnmsgr.exe | Added by the ANNEW-FAM WORM! Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %System% | No |
| X | Msnmsgr.exe | lsass.exe | Added by the DWNLDR-GWE TROJAN! Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in the root directory (i.e. C:\ or D:\) | No |
| X | msnmsgr32-.exe | msnmsgr-.exe | Added by a variant of the SPYBOT WORM! | No |
| X | MSNMSGR5 | MSNMSGR5.exe | Added by the RBOT.PQ WORM! | No |
| X | MSNMSGRE | swef.bat | IRC backdoor TROJAN or WORM! | No |
| X | MSNMSGRR | swin.bat | IRC backdoor TROJAN or WORM! | No |
| X | MSNMSGRS | swe.bat | IRC worm or backdoor trojan! | No |
| X | MSNMSGRS | swiss.bat | IRC worm or backdoor trojan! | No |
| X | MSNMSGRS1 | swed.bat | IRC backdoor TROJAN or WORM! | No |
| X | msnmsgs.exe | msnmsgs.exe | Added by the BANKER-HK TROJAN! Note - not to be confused with msmsgs.exe, the well known MSN Instant Messaging application! | No |
| X | msnmsgsgs | msnmsgsgs.exe | Added by the "Catal" alias Spy.Delitall.B backdoor TROJAN! | No |
| X | msnmsgy | [path to file] | Added by the BANKER-EQ TROJAN! | No |
| X | msnnt | winampb.exe | Chinese originated adware - detected by Kaspersky as the AGENT.TL TROJAN! | No |
| X | msnnt | winampf.exe | Added by the SMALL.DTS TROJAN! | No |
| X | MSNPluginSrIvcs | n3vasap23.exe | Added by a variant of the RBOT WORM! | No |
| X | MSNPluginSrvcs | p6.exe | Added by the SDBOT.AKJ or RBOT-VJ WORMS! | No |
| X | MSNPluginSrvcs | sagate.exe | Added by the SDBOT.AKJ WORM! | No |
| X | MSNPlus | msnplus.exe | Added by the BANKER-DAN TROJAN! | No |
| X | MSNS PLUS XP2 | msdupd.exe | Added by the RBOT-BCE WORM! | No |
| X | msnsched2 | msnsched2.exe | Added by the SPYBOT.NNT WORM! | No |
| X | msnscr.exe | msnscr.exe | Added by the CERTIF-P TROJAN! | No |
| X | MSNService | MSNService.exe | Added by the CARPET.C WORM! | No |
| X | msnsgs | msnsgs.exe | Added by the CHEUKO-B TROJAN! | No |
| X | msnshed | msnshed.exe | Added by the RBOT-YN WORM! | No |
| X | msnsmgr | MsnMsr.exe | Added by the LOONY-N TROJAN! | No |
| N | msnsyslog | msnappm.exe | Related to Messenger Applications. When you uninstall the trial version the msnappm keeps saying (You have xx days left) this is adware and it very annoying | No |
| X | MSNSysRestore | pc32.exe | Added by a variant of the MASTAK VIRUS! | No |
| X | msnToolbaar | msnmsgesc.exe | Added by the RBOT.BMF WORM! | No |
| X | msnupdt | kolie.exe | Added by a variant of the RBOT WORM! | No |
| X | MsnWin | messagewin.exe | Added by the BANCBAN-D TROJAN! | No |
| X | MSObject32 | MSObject32.js | Added by the PUN TROJAN! | No |
| X | Msoffice | msoffice.hta | Hijacker - redirecting to Searchdot.net | No |
| X | MSOffice | services.exe | Added by the DLOADER-EU TROJAN! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in an "MSOffice" subfolder | No |
| X | msoffice | msoffice.exe | Added by the LIKASIMAL WORM! | No |
| X | MSOffice32 | msjcf.exe | Added by the RAKER-A TROJAN! | No |
| X | MSOfficeCfg | msocfg.exe | Premium rate adult content dialer | No |
| X | MSOfficeCfg | navchk.exe | Premium rate adult content dialer | No |
| X | MSOfficeCfg | qservice.exe | Premium rate adult content dialer | No |
| X | MSOfficeCfg | shman.exe | Premium rate adult content dialer | No |
| X | MSOfficeCfg | ssvr.exe | Premium rate adult content dialer | No |
| X | msoffwz | msoffwz.EXE | Added by the BANCBAN-HQ TROJAN! | No |
| X | msoft-updater23 | mssysstems.exe | Added by the RBOT-ATU WORM! | No |
| X | msoft-updater23 | slssystem.exe | Added by the RBOT-ASR WORM! | No |
| X | MSOleath32 | winss.exe | Added by the KATHER TROJAN! | No |
| X | MSOOBD | MSOOBD.EXE | Added by the MAGISTR.A VIRUS! | No |
| X | msoupdater | msoupdater.exe | Added by the DLOADER.GBD TROJAN! | No |
| X | mspaint.exe | check32.exe | Added by the AGENT.AH TROJAN! | No |
| X | Mspatch69 | [path to trojan] | Added by the MPROX TROJAN! | No |
| X | Mspatch89 | cnqmax.exe | Added by the RANDEX.P WORM! | No |
| X | MSPetServ | PET32.EXE | Added by the IRCBOT-VE WORM! | No |
| X | msping | msping.exe | Added by the FLOODBLACK TROJAN! | No |
| X | msping.exe | msping.exe | Added by the BDOOR-MZ BACKDOOR! | No |
| X | MSPluginSrvc | p3.exe | Added by the RBOT-WV WORM! | No |
| X | MSPLUS | msplus32.exe | Added by the MYTOB-AM or MYTOB-CL WORMS! | No |
| X | MSPP System Update 64 | wiaadmgr.exe | Detected by Kaspersky as the RANKY.GEN TROJAN! | No |
| X | MSPQFile | MSA****.TMP [* = random char] | Homepage hijacker | No |
| X | MsPrint32D | MsPrint32D.exe | Added by the WINKO.AO WORM! | No |
| X | MSPRO32 | [path to worm] | Added by the IBERIO WORM! | No |
| X | MSPRO32 | pnp.exe | Added by the ZOTOB.O WORM! | No |
| X | MSprotect.exe | MSprotect.exe | Added by the DABYREV.A VIRUS! | No |
| U | mspwr | pupstman.exe | "Transparent icon background" feature of Ashampoo'sPowerUp XP (WinNT/2K/XP) and PowerUp Deluxe (Win98/Me) | No |
| U | mspwr | pupxpman.exe | Related to Ashampoo's PowerUp XP | No |
| U | mspwr | pwrupst.exe | Ashampoo's PowerUp XP is a "tool for fine-tuning your Windows NT4, 2000, 2003 Server and XP configuration" | No |
| U | mspwr | PuXpMan2.exe | System Tray access to the Ashampoo® PowerUp XP Platinum 2 tweaking utility from Ashampoo GmbH & Co. KG - which includes (amongst others) one-click tuning, multiple desktops, taskbar control center and an autostart manager | Yes |
| U | MSPY2002 | ImScInst.exe | Microsoft's Input Method Editor which is used to both display and enable the input of characters from East Asian and Right-to-left (e.g. Arabic) languages in e-mails, documents and other files - should you need to. Found on PCs where these languages have been installed through the Regional and Language options icon in the Control Panel | Yes |
| X | msqssr | msqssr.exe | Detected by Kaspersky as the DLUCA.GEN TROJAN! | No |
| X | MSR | msr.exe | Added by the AGOBOT.RT WORM! | No |
| X | Msrc | Msrc.exe | Added by the KRYPTONIC GHOST TROJAN! | No |
| X | msrdc | msrdc.exe | Added by the SDBOT-CXO WORM! | No |
| X | msreg.exe | msrege.exe | Added by the ZINX TROJAN! | No |
| X | msReg32 Loader | msreg32.exe | Added by the AGOBOT.IU WORM! | No |
| X | MSREGIT | Msgp.exe | Added by the KRYPGHOS.13 TROJAN! | No |
| U | MSRegScan | SGP.exe | SpyGator surveillance software. Uninstall this software unless you put it there yourself | No |
| U | MSRegScan | SSDemo.exe | SupremeSpy surveillance software. Uninstall this software unless you put it there yourself | No |
| U | MSRegScan | ETNKL.exe | ComKeylogger surveillance software. Uninstall this software unless you put it there yourself | No |
| U | MSRegScan | KSPDemo.exe | KeyStalker PRO surveillance software. Uninstall this software unless you put it there yourself | No |
| U | MSRegScan | DDSSDemo.exe | SystemSleuth surveillance software. Uninstall this software unless you put it there yourself | No |
| U | MSRegScan | ESP+.exe | ESP surveillance software. Uninstall this software unless you put it there yourself | No |
| U | MSRegScan | ESPDemo.exe | Eye Spy Pro surveillance software. Uninstall this software unless you put it there yourself | No |
| U | MSRegScan | SBPDemo.exe | SpyBoss Pro surveillance software. Uninstall this software unless you put it there yourself | No |
| U | MSRegScan | YEKPND.exe | EyeCandy Computer Monitor surveillance software. Uninstall this software unless you put it there yourself | No |
| U | MSRegScan | YKPND.exe | YKPMD surveillance software. Uninstall this software unless you put it there yourself | No |
| X | MSRegSvc | regsvc32.exe | Homepage hijacker that changes your homepage to an adult content site | No |
| X | msresear | [path to trojan] | Added by the WEASYW-B TROJAN! | No |
| X | msresearch | msresearch.exe | TROJAN! - 180SearchAssistant adware related | No |
| X | msresearch | tool3.exe | Spy Sheriff/SpywareNO malware, also detected as the SPYHOAX-A TROJAN, pretends to be a spyware remover! - file names spotted sofar include VXH8JKDQ2.EXE, NS6281400.so, CVXH8JKDQ2.EXE, down3.exe, sefe.exe, winstall.exe, and tool2.exe | No |
| X | msrundll | msrund1l32.exe | Added by the BINGHE TROJAN! | No |
| X | msrunocx32 | msrunocx32.exe | Added by the SKUS WORM! | No |
| X | Mss Serv | msssrv.exe | Added by the SLENFBOT.AA WORM! | No |
| X | Mss VC | mssvc.exe | Added by the OPANKI.AB WORM! | No |
| X | mssaru | mssaru.exe | Added by the AGENT.AM TROJAN! Note - example names include "XviD", "Winamp Remote", "Windows Media Player" and "Futuremark" | No |
| X | msscan.exe | msscan.exe | Microsoft Security Adviser rogue security software - not recommended | No |
| U | MSSCDL | MSSCDLL.exe | SpyCapture keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| X | mssdbsrv | msupdtck.exe | Added by a variant of a password stealing TROJAN! | No |
| Y | MSSE | msseces.exe | System Tray access to a notifications from Microsoft Security Essentials which "provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software" | Yes |
| Y | msseces | msseces.exe | System Tray access to a notifications from Microsoft Security Essentials which "provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software" | Yes |
| X | msserrv32 | msserrv32.exe | Added by the STRATION.DW WORM! | No |
| X | msserv | msserv.exe | Added by the BLACKLOG-A TROJAN! | No |
| X | msserv | lvsrev.exe | Added by the BROWMON-B TROJAN! | No |
| X | msserv32 | msserv32.exe | Added by the RBOT-ACK WORM! | No |
| X | MsServer | msfun80.exe | Added by the VB-CYG WORM! | No |
| X | MSServer | Rundll32.exe [random].dll,#1 | Unidentified malware! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The file is typically found in either %System% or the Windows "Temp" folder | No |
| X | msservice | msserv.exe | Added by the HYD WORM! | No |
| X | MSService_v1.0 | realsched.exe | EHU adware. Note - this is not the legitimate RealOne Player (realsched.exe) application of the same name | No |
| X | MSService_v1.0 | vfp02.exe | NewWeb adware | No |
| X | mssfos | sfool.exe | Added by the RANDEX.EUS WORM! | No |
| X | MSSGisg | [path to file] | Added by the RANKY.N TROJAN! | No |
| X | Msshield.exe | Msshield.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | MSShow | MSShow.exe | Added by the QQROB-M TROJAN! | No |
| X | MSSHVC | MSSHVC.exe | Added by the NUFFY.A WORM! | No |
| X | mssonfig | winupdate.exe | Added by a variant of the SDBOT WORM! | No |
| X | mssoul | msmscc2.exe | Added by the DAPIZL.A banker WORM! (A "banker worm" is designed to pillage banking information and send it back to the perpetrators!) | No |
| X | mssoul | msmscc.exe | Added by the BANCOS.HKT TROJAN! | No |
| X | mssp3 | mssp22.exe | Added by the IBANK-D TROJAN! | No |
| X | MSSQL | Mssql.exe | Added by the SDBOT TROJAN! | No |
| X | MSSQL for Windows NT & XP | mssqlsnt.exe | Added by a variant of the SDBOT WORM! | No |
| X | MSSQL Manager | mssqlmgr.exe | Added by the RBOT-BWU WORM! | No |
| N | mssSort | msssort.exe | Maxtor (now Seagate) "Drag and Sort" for their external storage - "Just drag documents onto the Shared Storage II icon and Maxtor's Drag and Sort organizes your files, placing them in appropriate shared folders" | No |
| X | Msstart | msstart.exe | Added by the LIVUP.C TROJAN! | No |
| X | MSStartOptimizer | Iexpres.exe | Added by the DASMIN-E TROJAN! | No |
| X | MSStartOptimizer | WINUPD.EXE | Added by the DASMIN-E TROJAN! | No |
| X | MSStartOptimizer | SCVHOST.EXE | Added by the DASMIN-E TROJAN! | No |
| X | msstask | msstask.exe | Added by the MYPARTY WORM! | No |
| X | mssurfer lptt01 | mssurfer.exe | RapidBlaster variant (in a "surfer" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here | No |
| X | mssurfer ml097e | mssurfer.exe | RapidBlaster variant (in a "surfer" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here | No |
| X | mssvc | [path to trojan] | Added by the PSK TROJAN! | No |
| X | MSSVC | svcsys.exe | Added by the FATOOS-C TROJAN! | No |
| Y | MSSVC.EXE | MSSVC.EXE | StealthDisk - hides folders, files and applications. Will also encrypt them for better protection | No |
| X | mssvc32 | mssvc32.exe | Added by the AGOBOT-ME WORM! | No |
| X | mssync20 | mssync20.exe | Added by the LDPINC-QC TROJAN! | No |
| X | mssys | mssys.exe | Added by the MYSS.B TROJAN! | No |
| X | mssysint | Iexplore .exe | Added by the PWSTEAL.ABCHLP and PSPIDER.310.B TROJANS! Note - this is not the legitimate Internet Explorer (iexplore.exe) process as there is a space before the ".exe" | No |
| X | mssysint | comime.exe | Added by the NETSNAKE-I TROJAN! | No |
| X | mssyslanhelper | msmsgri32.exe | Added by the RANDEX.D WORM! | No |
| X | MsSystem | msdos.exe | Adult content downloader - see here | No |
| X | MsSystem | mssys.exe | Added by the VANTA.A TROJAN! | No |
| X | MSSYSTEM | svcsys.exe | Added by the FATOOS-C TROJAN! | No |
| U | Mstapi | Mstapi.exe | Keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| X | Mstask | mstask.exe | Added by the OPASERV.N WORM! Note - this is not the legitimate mstask.exe system file and the executable resides in %Windir% | No |
| X | mstask | mstask.exe | Browser hijacker - redirecting to find-more.net. Note - this is not the legitimate mstask.exe system file | No |
| X | MSTask | run dll.exe | Yuupsearch adware | No |
| X | MStask | svchost.exe | Added by the LDPINCH-BV TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | MsTask | wstask32.exe | Added by the MYTOB-FE WORM! | No |
| X | Mstask | kernel32.exe | Added by the STAP-C WORM! | No |
| X | Mstask | MSDTC.exe | Added by the STAP-D WORM! | No |
| X | MSTask Monitor | mstaskmon.exe | Added by the SDBOT-LU WORM! | No |
| X | Mstask32driver | Mstask32.exe | Added by the LOONY-D TROJAN! | No |
| X | MSTaskbar 32 | tbsvc32.exe | Added by the RBOT.BQZ WORM! | No |
| X | mstasks | mstasks.exe | Added by the MULTIDR-AY TROJAN! | No |
| ? | Mstcgww | MSTCGWW.EXE | ?? | No |
| X | mstds.exe | mstds.exe | Added by the IPTABLES TROJAN! | No |
| X | mstg32.exe | mstg32.exe | Added by the AGENT.BI TROJAN! | No |
| N | MSTMON_N | MSTMON_N.EXE | Generates an error message on startup if a Konica Minolta printer is not turned on and ready | No |
| N | MSTMON_Q | MSTMON_Q.exe | Generates an error message on startup if the Konica Minolta PagePro 1350W printer is not turned on and ready | No |
| X | Mstng32 | MSTng32.exe | Added by the TANG WORM! | No |
| X | MSTray | rundll.exe | Added by the BAMER-B TROJAN! Note - this is NOT the Win9x/Me system file of the same name as described here | No |
| X | mstsdsc.exe | mstsdsc.exe | Added by the CIMUZ-CD TROJAN! | No |
| X | msupd | msupd.exe | Added by the IEACCESS DIALER! | No |
| X | MSUpdate | wupd.exe | Added by the ALADINZ.M TROJAN! | No |
| X | MSUpdate | svchosthlp.exe | Added by the BLASTER.T WORM! | No |
| X | msupdate | msupdate.exe | Added by the RBOT-MZ WORM! | No |
| X | MSUpdate | criticalUpdate.exe | Affilred adware | No |
| X | msupdate | update.exe | Added by a variant of the SDBOT WORM! | No |
| X | Msupdate | expIorer.exe | Added by the TACTSLAY.A TROJAN! | No |
| X | Msupdate | outIook.exe | Added by the TACTSLAY.A TROJAN! | No |
| X | Msupdate | svchosts.exe | Added by a variant of the TACTSLAY TROJAN! | No |
| X | Msupdate | svcrhost.exe | Added by the TACTSLAY.A TROJAN! | No |
| X | Msupdate | svcshost.exe | Added by the TACTSLAY.A TROJAN! | No |
| X | MSupdate.exe | N/A | CoolWebSearch parasite variant - resets home page to an adult content site | No |
| X | MSUpdateDevKit | axfd.exe | Added by the SDBOT-ZD WORM! | No |
| X | msupdater | msupdater.exe | Added by a variant of the Storm/Nuwar/Zhelatin WORM! See here for an example | No |
| X | MsUpdater System | udpsys32.exe | Added by the RBOT.AAA WORM! | No |
| X | MSupdater.exe | N/A | CoolWebSearch parasite variant. Installs the Winshow.dll browser plugin | No |
| X | msupdater25 | lsasser.exe | Added by the RBOT-ATS WORM! | No |
| X | msupdates | msupdt.exe | Added by the RBOT-JO WORM! | No |
| X | MSUpdSrv | msupdsrv.exe | Browser hijacker, redirecting to a adult content site | No |
| X | msupdtwiz | msupdtwiz.exe | Added by the STRATION.DD WORM! | No |
| X | msurl | msurl32.exe | Added by the CRYPTER.A TROJAN! | No |
| X | msuser32.exe | msuser32.exe | Added by the ANDROV TROJAN! | No |
| X | MsVBdll | sys32dll.exe | Added by the AIMDES.B or AIMDES.C WORMS! | No |
| X | MsVBdll | MsVBdll.pif | Added by the AIMDES.A WORM! | No |
| X | MSVBVM60 | MSVBVBM60.pif | Added by the SCOLD-B WORM! | No |
| X | msvc32 | msvc32.exe | ClientMan parasite variant | No |
| X | msvc32 | msvc32.exe | Added by the AGOBOT-NT WORM! | No |
| X | msvcav | msvcav.exe | Added by the AGENT-ACR TROJAN! | No |
| X | msvcc | msvchost.exe | Added by the XOMBE TROJAN! | No |
| X | msvcc25 | svcchost.exe | Added by a variant of the SDBOT WORM! | No |
| X | msvcc25 | salvage.exe | Added by a variant of the SDBOT WORM! | No |
| X | msvcc25 | svcchost.exe | Added by the SDBOT-CSE WORM! | No |
| X | msvccc66 | svcchosst.exe | Added by the RBOT-GLS WORM! | No |
| X | msvccc66 | dload.exe | Added by a variant of the RBOT WORM! | No |
| X | msvchost | msvchost.exe | Added by the IRCBOT-AV WORM! | No |
| X | MsvcService | msvcs.exe | Added by the RBOT-RK WORM! | No |
| X | msvecurity | msvecurity.exe | Added by the DORF-BO WORM! | No |
| X | MSVersion | INTERNETFEATURES.exe | Added by the POPMON.A TROJAN! - also known as PopMonster adware | No |
| X | MSVersion | clrschp038.exe | Added by the POPMON.A TROJAN! - also known as PopMonster adware | No |
| X | msvhost | aig.exe | Added by the AIMBOT-BC TROJAN! | No |
| X | msvload32 | msvload32.exe | Added by the RBOT-ACI WORM! | No |
| X | msvps | msvps.exe | Added by the AGOBOT.ALI WORM! | No |
| X | msvsc32 | msdev.exe | Added by the RBOT-GJ WORM! | No |
| X | MSVsmt | rpcxctx.exe | Added by an unidentified WORM or TROJAN! | No |
| X | msvsrv32 | msvsrv32.exe | Added by the AGOBOT-KM WORM! | No |
| X | msvss | msvss.exe | Added by a variant of the RBOT WORM! | No |
| X | MSVSync | videosync.exe | Added by a variant of the SPYBOT WORM! | No |
| X | msvupdater | msvupdater.exe | Added by a variant of the Storm/Nuwar/Zhelatin WORM! See here for an example | No |
| X | MSVXD | MSVXD.EXE | Added by the DATOM.A WORM! | No |
| X | mswave | mswave.exe | Added by the CRYPTER.A TROJAN! | No |
| X | Mswavedll | mswavedll.exe | Added by the CRYPTER-C TROJAN! | No |
| U | MSwheel | mswheel.exe | Microsoft Intellipoint software for their Intellimouse series of mice - required if you use non-standard Windows driver features | No |
| X | mswiiz32 | mswiiz32.exe | Added by the STRATION.DH WORM! | No |
| X | mswiizz32 | mswiizz32.exe | Added by the STRATION.DL WORM! | No |
| X | MSWin | mswin.exe | Added by the BANKER-CU TROJAN! | No |
| X | Mswincfg | Mswincfg32.exe | Added by the CYBRSPY.D TROJAN! | No |
| X | MsWindows DRT Drivers | wsdrt32.exe | Added by the RBOT.ALT WORM! | No |
| X | MsWindows SSL Drivers | mssl32.exe | Added by the SPYBOT.API WORM! | No |
| X | MSWindows SysCl | mscl32.exe | Added by the RBOT.AHI WORM! | No |
| X | MsWindows SysDate | sysmsvc.exe | Added by the SPYBOT.FCD WORM! | No |
| X | MSWindows Syspg | mspg32.exe | Added by the RBOT-TB WORM! | No |
| X | MSWindowsUpdate | Systern.exe | Added by the RBOT-AFD WORM! | No |
| X | MSWindowsUpdate | mswinup.exe | Added by a variant of the SDBOT WORM! | No |
| N | mswinext | mswinext.exe | MSN Toolbar from version 4.0 onwards. This entry loads the toolbar into memory at start-up before you open your internet browser. Not required - it will load with the browser and remains in memory after the browser is closed | Yes |
| X | MSWinlogon | SynCor.exe | Added by the AGENT-FZL TROJAN! | No |
| X | MSWinlogon | winlogon.exe | Added by the AGENT-FZM TROJAN! Note - this is not the legitimate winlogon.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! | No |
| X | Mswinpid32 | mswinpid32.exe | Added by the LAPOS.A TROJAN! This is a keylogger which emails back to China PayPal passwords and account information - thus allowing the perpetrators to steal PayPal funds in the name of the victim! | No |
| X | MSWinSrv | MSWinSrv.exe | Added by the MTRON TROJAN! | No |
| X | MSWinSrv32 | MSWinSrv32.exe | Added by the MTRON-B TROJAN! | No |
| X | MSWinupd | winupd.exe | Added by the DLOADER-YE or DLOADR-AAA or DLOADER-ZF TROJANS - and others | No |
| X | MSWinupdate | winupdate.exe | Added by the DLOADR-AAW TROJAN! | No |
| X | MsWinVgr | msvgr.exe | Added by the MYTOB.LE WORM! | No |
| X | mswiz32 | mswiz32.exe | Added by the STRATIO-BG WORM! | No |
| X | mswkork Service | msework.exe | Added by a variant of the RBOT WORM! | No |
| X | msword | msword.exe | Added by the RBOT-ADR WORM! | No |
| X | msword98 | msword98.exe | Added by the AGENT-KUO TROJAN! | No |
| X | mswspl | [random filename] | Added by the SMALL.IQ TROJAN! | No |
| X | mswspl | searchbarcash.exe | SearchBarCash adware | No |
| X | mswspl | vnmispoisn downloader.exe | SearchBarCash adware variant | No |
| X | mswspl | plugin1.exe | Added by the SMALL.IQ TROJAN! | No |
| X | MSWTL32 | MSATL32.exe | Added by an unidentified WORM or TROJAN! See here | No |
| X | msxct | msxct.exe | eXact Advertising (NaviSearch, BargainBuddy, CashBack) adware | No |
| X | MSxmlHpr | RUNDLL32.EXE [path] msxm192z.dll,w | Added by the Infostealer.Wowcraft keylogger! | No |
| X | MsXSLT | msxslt3.exe | Added by the AGENT.AZMU TROJAN! | No |
| X | Msy Startups | msyh32.exe | Added by the AGOBOT-QC WORM! | No |
| X | Msy1 Startups | msyj32.exe | Added by the AGOBOT-QQ WORM! | No |
| X | msys lptt01 | msys.exe | RapidBlaster variant (in a "Msyss" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here | No |
| X | Msys32 | morfitwebentrance.exe | Morfit ADjectPager - "uses home page rental technology for generating revenues". Homepage hi-jacker that re-defines your IE or Netscape start page as http://www.web-entrance.com/. Any installed application including this must be un-installed before you can reset your homepage | No |
| X | MSysDrv | msdrv.exe | Added by the VB.WF TROJAN! | No |
| X | ms_anti_spyware | mwfirewall.exe | Added by the GAMQOWI TROJAN! | No |
| X | ms_anti_spywarebxp | mwfirebpx.exe | Added by the SURILA-D TROJAN! | No |
| X | ms_anti_spywarebxp | mwfibpx.exe | Added by the SURILA-J TROJAN! | No |
| X | MS_LARISSA | MS_LARISSA.exe | Added by the ASSIRAL WORM! | No |
| X | MS_NETD_WIN32 | netd32.EXE | Added by the RANDEX.F WORM! | No |
| X | MS_SETUP.EXE | MS_SETUP.EXE | Added by the CHARGE TROJAN! | No |
| X | MS_Update Check | wdfmgr.exe | Added by the AGOBOT-TB WORM! | No |
| X | MS_update_0704_KB74073.exe | MS_update_0704_KB74073.exe | Added by a variant of the UPDATEKB TROJAN! | No |
| N | MtdAcq | MtdAcq.exe | Creative MediaSource "Media Sniffer" - monitors the drive for new media files then automatically adds them to the media library | No |
| ? | MtdAcqu | MtdAcqu.exe | Metadata monitor part of Creative MediaSource™ player/organizer - which "enables you to manage your entire digital music collection on both your computer and your Creative portable music player effortlessly." Collects information on the songs. Is it required? | No |
| X | Mtr2 | mtr2.exe | Added by the KRYPTONIC GHOST TROJAN! | No |
| U | MUAL | mual.exe | Millesky video mail updater and launcher | No |
| N | muamgr | muamgr.exe | Using MicroAngelo On Display, you can easily select the icon images that you prefer rather than the default icons displayed by Windows. On Display provides a consistent and elegant method to customize the icon display for almost every icon on your system | No |
| X | muBlinder | muBlinder.exe | Program that bypasses Microsoft Update's Genuine Windows Validation | No |
| ? | Mufix | mufix.exe | Part of INFOConnect, web-based, enterprise client configuration, management, and deployment software, as used by ABSS (a financial management system used by the US military which will allow purchase request packages to be electronically submitted to contracting, and which also facilitates electronic receipt of items and EFT) - what does it do and is it required | No |
| X | mule_st_key | flec006.exe | Added by the BAGLE.AV TROJAN! | No |
| U | Multi-function keyboard | GWHotkey.exe | Software that sets up the Gateway AnyKey keyboard shortcuts (a series of buttons that allow one-click access to e-mail, browser, volume and CD/DVD controls, etc) | No |
| U | MultiCAM Initializer | MCamBoot.exe | The MultiCAM Initializer is part of the MultiCAM software package provided by Vista Imaging in order to run up to 10 USB ViCAM or 3Com Home Connect PC Digital cameras on a single computer. Clears itself from memory once initialized but can also be safely disabled | No |
| X | Multimedia Codecs | mcc.exe | Added by the DLOADER-MB TROJAN! | No |
| X | Multimedia extensions | mservice.exe | EasySearch adware | No |
| X | Multimedia extensions | [path to trojan] | Added by the SMUTSRCH-A TROJAN! | No |
| X | Multimedia extensions | mservice1.exe | Added by the DLOADR-AWD TROJAN! | No |
| U | Multimedia KBD | MMKeybd.exe | Multimedia keyboard manager. Required if you use the additional keys | No |
| U | MULTIMEDIA KEYBOARD | MMKeybd.exe | Multimedia keyboard manager. Required if you use the additional keys | No |
| X | MULTIMEDIA KEYBOARD88 | smss.exe | Added by the SILLYFDC WORM! Note - this is not the legitimate smss.exe process which should not normally figure in Msconfig/Startup! | No |
| X | multiran | multiran.exe | Added by the COSIAM-E TROJAN! | No |
| U | MultiRes | MultiRes.exe | MultiRes - system tray utility allowing quick access to changing desktop resolutions and has the ability to lock the screen refresh rate in WinNT/2K/XP | No |
| N | mumservice | mumservice.exe | Software updater for Motorola products | No |
| U | MUPS | MUPS.exe | Launches the Belkin Bulldog Plus Service - required if you want to access the UPS advanced functions | No |
| Y | murphy shield | lmgui.exe | Firewall part of BitDefender virus scanner/firewall | No |
| N | Music01 Server | Music01 Server.exe | J River Media Jukebox | No |
| X | MusIRC (irc.music.com) client | musirc4.71.exe | Added by the RANDEX.Q WORM! | No |
| X | Mustafx | mustafx.exe | Added by a variant of the VIRANTIX.B TROJAN! | No |
| ? | Mustek MDC 3000 | Mounter.exe | Related to software for the Mustek MDC 3000 digital camera - what does it do and is it required? | No |
| N | MutexServiceEx | Sys32Smm.exe | Webroot Sofware's discontinued "Privacy Master" | No |
| X | mv2 | crasos.exe | Added by the DROPPS-A TROJAN! | No |
| U | MVRescue | mvrescue | Related to Multivision Computers back up/restore program. Multivision Computers ceased operating in 2004 | No |
| N | MVS Splash | Splash.exe | Splash screen for the now obsolete McAfee Managed VirusScan anti-virus and anti-spyware security tool for small businesses | No |
| X | mvsyswina | acsysiom.exe | Added by a variant of the SDBOT WORM! | No |
| U | MW1HelperStartUp | Mw1helper.exe | ScreenScenes "Magic Waterfall" screensaver. The freeware version comes with GAIN branded ads (pop-ups and others). ScreenScenes do however offer you the option of doing away with the ads by purchasing the screensaver for a whopping $30. Please note that Claria Corporation no longer support GAIN-Supported software - see here | No |
| U | MW1HelperStartUp | MW1HEL~1.EXE | ScreenScenes "Magic Waterfall" screensaver. The freeware version comes with GAIN branded ads (pop-ups and others). ScreenScenes do however offer you the option of doing away with the ads by purchasing the screensaver for a whopping $30. Please note that Claria Corporation no longer support GAIN-Supported software - see here | No |
| U | mwavscan | mwavscan.com | MicroWorld Anti Virus Toolkit is a free anti-virus scanner that runs on-demand. You can choose to scan your entire system, including memory, services, starup items and registry, or only scan files in a specified folder or drive | No |
| U | MWLExe | MwlGui.exe | Part of McAfee Wireless Protection for Wi-Fi users | No |
| N | MWProEng | MWProEng.exe | Logitech Mouseware Pro software - only required when using special functions | No |
| N | MWSnap | MWSnap.exe | MWSnap - screen capture utility. Start manually when required | No |
| X | mwsoemon | mwsoemon.exe | MyWebSearch parasite | No |
| X | Mwsvm | mwsvm.exe | SeekSeek search hijacker related - see here | No |
| X | mxb2 | [path to worm] | Added by the IXBOT-G WORM! | No |
| X | mxcll | vec.exe | Eco Antivirus rogue security software - not recommended, removal instructions here | No |
| X | MxHLp32 | MxHLp32.exe | Added by a variant of the VAGRNOCKER TROJAN! | No |
| X | mxjxde.exe | mxjxde.exe | Added by the ORCU.B TROJAN! | No |
| U | MXO Auto Loader | MXOaldr.exe | Maxtor includes a driver to bypass the Windows certified drivers check just when it detects an external drive. MXOaldr.exe is installed with the new driver and if disabled the button on a Maxtor OneTouch External Store no longer functions | No |
| U | MXOBG | MXOALDR.EXE | Maxtor includes a driver to bypass the Windows certified drivers check just when it detects an external drive. MXOaldr.exe is installed with the new driver and if disabled the button on a Maxtor OneTouch External Store no longer functions | No |
| ? | mxomssmenu | maxmenumgr.exe | Related to Maxtor's One Touch series of external hard drives. What does it do and is it required? | No |
| U | MxRunner | MxRunner.exe | EasyUninstall from Aladdin Systems (formerly by Ontrack) | No |
| U | Mxvgautil | Mxvgautil.EXE | Utility for a USB to VGA converter from MCT Corp | No |
| X | My Agent | msagent.exe | Added by the NEGASMS.A TROJAN! | No |
| X | My App | SMSSvc.exe | Added by the NEGASMS.A TROJAN! | No |
| U | My Essentials Wireless USB Utility | O-Maxwcui.exe | Belkin My Essentials Wireless USB Utility | No |
| X | My Kazaa Gold | MyGoldKazaa.exe | My Kazaa Gold - regarded as a scam by McAfee SiteAdvisor as you're paying for something which available for free elsewhere | No |
| X | My Search Bar Eq | S4BAREQ.EXE | MySearch parasite | No |
| X | My Supervisor | MSup1bf7.exe | My Supervisor rogue system suite - not recommended, removal instructions here | No |
| X | My Web Search Bar | MWSBAR.DLL | MyWay - an IE Browser Helper Object used by adware WebSearch to add an IE toolbar to provide search features, and hijack browser search requests to its controlling servers run by MyWay | No |
| X | My Web Search Bar Search Scope Monitor | m3SrchMn.exe | MyWebSearch parasite | No |
| X | My Web Search Community Tools | m3IMPipe.exe | MyWebSearch parasite | No |
| U | My-disgo | MyKey disgo.exe | Related to disgo pro. Program will synchronize data | No |
| X | MyAccessMedia | tmp**.exe [* = random char/digit] | My AccessMedia toolbar related, stealth installed! | No |
| U | myagttry | myagttry.exe | System tray notification for the now obsolete McAfee VirusScan ASaP online anti-virus and anti-spyware security tool for small businesses. Not required to be protected but you lose notifications | No |
| X | Myapp | [filename] | Added by the FATEE.B WORM! | No |
| X | Myapp | service.exe | Homepage hijacker | No |
| X | MyAV | avpguard.exe | Added by the NETSKY.J WORM! | No |
| Y | MyCIO Agent Service | myagtsvc.exe | Part of the now obsolete McAfee VirusScan ASaP online anti-virus and anti-spyware security tool for small businesses. Starts via a registry "RunServices" key on Windows 98/Me and as a service on Windows NT/2K/XP | No |
| U | myCIO.com ASaP | myagttry.exe | System tray notification for the now obsolete McAfee VirusScan ASaP online anti-virus and anti-spyware security tool for small businesses. Not required to be protected but you lose notifications | No |
| N | myCIO.com Splash | Splash.exe | Splash screen for the now obsolete McAfee VirusScan ASaP online anti-virus and anti-spyware security tool for small businesses | No |
| X | myCleanerPC | myCleanerPC.exe | MyCleanerPC rogue spyware remover - not recommended | No |
| X | MyCometCursor | MYCOME~1.EXE | Comet Cursor adware | No |
| X | MyContentAssistant | GDC.exe | MyContentAssistant rogue privacy tool - not recommended. A member of the PCPrivacyTool family | No |
| X | MyDailyHoroscope | MYDAIL~1.EXE | MyDailyHoroscope foistware | No |
| X | MyDailyHoroscope | MyDailyHoroscope.exe | MyDailyHoroscope foistware | No |
| U | MyEmoticons | MYEMOTICONS.EXE | MyEmoticons from Persona Ltd - add icons (emoticons) to your E-mail | No |
| X | MyFastAccess | myfastupdate.exe | My-Fast-Access toolbar updater | No |
| X | myhuy | huy.exe | Added by the BLASTER-C WORM! | No |
| X | myhuy | huy2.exe | Added by the BLASTER-L WORM! | No |
| U | MyIE.exe | MyIE.exe | MyIE2/Maxthon browser related | No |
| X | MyLife | CmdServ.exe | Added by the HOLAR.A WORM! | No |
| X | myMh2 | iexpl0re.exe | Added by the AGENT.HWE TROJAN! Note the number "0" in the filename | No |
| U | myNetWatchman | nwclient.exe | Sends your firewall alerts to a website, which then filters them and forwards details of suspicious activities to the host ISP they originated from. Only needs to be running when your firewall is running | No |
| U | mynsw | wntsrv.exe | Net Screen Watcher surveillance software. Uninstall this software unless you put it there yourself | No |
| X | MyPointsPointAlert | wjview ...MyPointsPointAlertrun.exe | "With MyPoints you can earn rewards from name-brand merchants. You can even earn vacations and frequent flyer miles". Dubious privacy policy | No |
| U | MyPopupKiller | mpk.exe | MyPopupKiller - popup killer | No |
| U | myprint mileage | mpm.exe | Reports battery status on a portable printer | No |
| U | MyRegistryCleaner | MyRegistryCleaner.exe | MyRegistryCleaner from PCSecurityShield - who's reputation is poor | No |
| X | Mysee Alert | Mysee Alert.exe | MySee Alert adware | No |
| X | MyShares | MyShares.exe | EHU adware | No |
| X | MySLScan | msvc32.exe | Added by the FORBOT-EH WORM! | No |
| X | mysoft | winexplor.exe | Browser hijacker, also detected as the STARTPA-JR TROJAN! | No |
| N | MySoftware NewsFlash | Newsflsh.exe | Runs in your task bar and receives alerts and release information on MySoftware products from Avenquest | No |
| N | MySpaceIM | MySpaceIM.exe | MySpaceIM internet messenger | No |
| X | mysvcig38 | mysvcc.exe | Added by the RBOT-FOU WORM! | No |
| X | mysvcig38 | recsl.exe | Added by a variant of the RBOT-FOU WORM! | No |
| X | MyTam | MyTam.exe | Covert Sys Exec malware variant | No |
| U | MytekSystrayExePath | MyTekSystray.exe | MyTek system tray - web site providing computer tech support in Australia | No |
| X | MyTotalSearch Email Plugin | mtsoemon.exe | MyTotalSearchBar adware | No |
| X | MyVBApp | SysNT.exe | ReferAd adware | No |
| X | MyVBApp | install.exe | Detected as Generic Downloader.s by McAfee, probable variant of ReferAd adware! | No |
| X | MyVBApp | setup.exe | Detected by Kaspersky as the VB.KB TROJAN! File location is in the root folder (i.e., C:\) | No |
| X | MyVirt.exe | MyVirt.exe | Added by the REMADM-C TROJAN! | No |
| U | MyVitalAgent | VtlAgent.exe | MyVitalAgent from Lucent Technologies. Replacement for Net.Medic, monitoring all popular internet transactions and alerting the user of the location of connection problems. Available via Start -> Programs | No |
| X | MyWebSearch Email Plugin | mwsoemon.exe | MyWebSearch parasite | No |
| X | MyWebSearch Plugin | rundll32 [path] M3PLUGIN.DLL,UPF | MyWebSearch parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| X | My_Heart | My_Heart.exe | Added by the SILLYFDC-AD WORM! | No |
| Y | n/a TpShocks | TpShocks.exe | Part of the Active Protection System found on some IBM/Lenovo Thinkpad models - including the T, W, X and Z series. This provides airbag-like protection for your hard drive as the system has "an integrated motion sensor that continuously monitors the movement of the notebook, and, if a sudden change in motion is detected, it temporarily stops the hard drive to protect it from a potential crash". The user can also temporarily suspend APS via the Start Menu or (optional) System Tray icon and view the real-time status | Yes |
| U | N2PTray | Net2fone.exe | An Internet telephony application. Needed only if you have an account at Net2Phone, Inc | No |
| N | NADaemon | NADAEMON.EXE | Program by NetActive which appears to be piggybacked onto some Nvidia graphics cards software. They seem to look after "digital rights management". One user reports disabling it has no detrimental affect - not required | No |
| N | Naggerrunkey | nagger.exe | Packard Bell Free Internet Signup screen | No |
| X | nah_Shell | nah_cord.exe | Added by the HANAMBOT TROJAN! | No |
| Y | Naimagent_service | EPOAgentnaimas32.exe | Networked version of McAfee VirusScan. Installs, configures and updates the software and DAT (virus definition) files on local computers from a network server. A resource hog but required for DAT updates and if disabled can also cause random freezes and error messages | No |
| Y | Naimagent_UI | EPOAgentnaimag32.exe | Workstation background program for Network Associates McAfee ePolicy Orchestrator - a network management tool for enforcing antivirus protection of the workstations using system policies. Works with both McAfee and Norton AntiVirus. NAIMAG32 and NAIMAS32 communicate with the ePolicy Orchestrator processes on the network fileserver to check for virus updates or for the need to perform a virus scan | No |
| Y | Naimagent_UI | naimag32.exe | Workstation background program for Network Associates McAfee ePolicy Orchestrator - a network management tool for enforcing antivirus protection of the workstations using system policies. Works with both McAfee and Norton AntiVirus. NAIMAG32 and NAIMAS32 communicate with the ePolicy Orchestrator processes on the network fileserver to check for virus updates or for the need to perform a virus scan | No |
| X | Name | Iexplorer0.exe | Added by the THREADSYS TROJAN! | No |
| X | Name Server | mswins.exe | Added by a variant of the SDBOT WORM! | No |
| X | NAMEDPIPE SYSTEM | namedpipe.exe | Added by the MYTOB-FH TROJAN! | No |
| X | nana2009 | nana2009.exe | Added by the POISON.PG BACKDOOR! | No |
| X | nano | svchost.exe | Added by the NANO-A TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | Nano Antivirus | nanoav.exe | Nano Antivirus rogue security software - not recommended, removal instructions here | No |
| X | NAP32 | NAP32.exe | Premium rate adult content dialler | No |
| X | NarmonVirusAnti | smss.exe | Added by the AUTORUN-DV WORM! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ~A~m~B~u~R~a~D~u~L~ subfolder | No |
| X | Narrator | ******.exe [* = random char] | Added by the QOOLOGIC TROJAN! | No |
| U | Narrator | Narrator.exe | Associated with the Narrator accessibility feature on Windows XP. It is used to convert text to speech | No |
| X | Natal | Natal.scr | Added by the OPASERV.AE WORM! | No |
| X | NAV | RuxDLL32.exe | Added by the MAPSON.D WORM! | No |
| Y | NAV Agent | navapw32.exe | Norton Anti-Virus's background scanning process | No |
| X | nAv AGENT | N/A | Added by the RIOSYS MACRO! Note the lower-case "n" and "v" in the name as this is not the valid Norton AntiVirus entry of the same name - indeed it closes Norton AV processes | No |
| X | NAV Agent | systems.exe | Added by the TARNO.C TROJAN! Note - this is not the valid Norton Antivirus entry of the same name | No |
| X | NAV Agent | winsnav.vbs | Added by the ANPES WORM! | No |
| X | NAV Agent | wmilib32.exe | Added by the VB-XU TROJAN! | No |
| X | NAV Auto Prot | navprot1.exe | Added by the RBOT.ZAC WORM! | No |
| X | NAV Auto Protect | msfwe1.exe | Added by a variant of the RBOT WORM! | No |
| X | NAV Auto Protect | navprotect.exe | Added by the RBOT.BKW WORM! Note - this is not a valid Norton AntiVirus product from Symantec | No |
| X | NAV Auto Protect | dnsserv.exe | Added by a variant of the SDBOT WORM! | No |
| X | NAV Auto Protect | mcafee32.exe | Added by a variant of the SPYBOT WORM! | No |
| X | NAV Auto Update | Navautoupdate.exe | Added by a variant of the SPYBOT WORM! | No |
| X | NAV Auto Updates | csrssp.exe | Added by a variant of the SDBOT WORM! | No |
| X | NAV Auto Updates | navwindows.exe | Added by a variant of the SDBOT WORM! | No |
| X | NAV Auto Updates | slserves.exe | Added by a variant of the SDBOT WORM! | No |
| X | NAV Auto Updates | navupdaterx.exe | Added by a variant of the RBOT WORM! | No |
| N | NAV CfgWiz | cfgwiz.exe | Introduced with Norton Anti-Virus 2002, this is a real resource hog. Many NAV users will find they can live without loading it | No |
| N | NAV Configuration Wizard | cfgwiz.exe | Introduced with Norton Anti-Virus 2002, this is a real resource hog. Many NAV users will find they can live without loading it | No |
| U | NAV DefAlert | DefAlert.exe | Norton Anti-Virus Definitions Alert. Warns you if virus definitions are out of date. Leave enabled unless you manually update virus definitions on a regular basis | No |
| X | NAV Live Update | [path to worm] | Added by the DEBORMS.C WORM! Note - this is not a valid Norton Anti-Virus (NAV) function from Symantec | No |
| X | NAV Scan Service | NAVSCAN32.EXE | Added by the SDBOT.VG WORM! | No |
| X | NavAgent32 | lasvr32.exe | Added by the FEMOT.D WORM! | No |
| X | NavAgent32 | SCardSvr32.Exe | Added by the MOFEI.B WORM! | No |
| X | navapp | navapp.exe | NavExcel adware variant | No |
| Y | navapw32 | navapw32.exe | Norton Anti-Virus's background scanning process | No |
| X | NAVCheck | navchk.exe | Premium rate adult content dialer | No |
| X | NAVCheck | shman.exe | Premium rate adult content dialer | No |
| X | Navegate | iiexplorer.exe | Added by the BANCBAN-OP TROJAN! | No |
| X | Navegate | wisterd.exe | Added by the BANKER-BOS TROJAN! | No |
| U | NaverPCGreen | NPCGreenUpgrader.exe | Related to Naver_Anti-virus Realtime Monitor From NHNCorp | No |
| U | Naviscope | naviscope.exe | Naviscope is a multipurpose browser enhancement that can speed up Web searches, lock out cookies, examine HTML send/receive headers, provide single-click network diagnostics, and much more | No |
| X | NaviSearch | nls.exe | NaviSearch, eXact Advertising variant | No |
| N | NavLoad | NAVBrowser.exe | Registration reminder for CorelDRAW 10 | No |
| X | navman_20 | sysnav32.exe | Hijacker, possibly a CoolWebSearch parasite variant | No |
| ? | NAVMD25 | UpdtNv28.exe | Added by Symantec for updating the MicroDefs for their AV products - is it required? | No |
| X | NAVMon32 | NAVMon32.exE | Added by the WINKO.AO WORM! | No |
| X | NAVNet | ***.tmp [* = random digit] | Unidentified adware | No |
| X | navp.exe | navp.exe | Added by the AGOBOT-OE WORM! | No |
| X | NavPass | NavPass.exe | Free system for gaining access to and downloading from adult content web-sites | No |
| X | NavScan | [filename] | Added by the OBSORB TROJAN! | No |
| X | NAVSCAN32.EXE | NAVSCAN32.exe | Added by the SDBOT-DO WORM! | No |
| X | NAVSCANNER32 | NAVSCANNER32.EXE | Added by the RBOT.QC WORM! | No |
| X | NAVUpd | rundll32.exe navupd.dll, Startup | Added by the NAVU TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| X | NAVWatch | NAVWatcher.exe | VX2.Transponder parasite updater/installer related | No |
| X | NAV_Update | NAV_Update.exe | Unidentified WORM or TROJAN! | No |
| X | nawadll32 | nawadll32.exe | Added by the SDBOT-ZI WORM! | No |
| X | nawdll32 | nawdll32.exe | Added by the SDBOT-ZM WORM! | No |
| N | NB Common Dialog Enhancements | COMDLGEX.EXE | Part of McAfee Nuts & Bolts. With Common Dialog Enhancements, you can add MRU list box to open dialogs | No |
| U | NB Probe | NBProbe.exe | Monitors the status of notebooks from ASUS - including CPU (speed, temperature and fan), disk and system information | No |
| N | NB Start Menu | STARTM.EXE | Part of McAfee Nuts & Bolts. Provides the same control as MSCONFIG and can be used instead if you have N&B | No |
| N | NB Windows Patterns | WINDBKGND.EXE | Part of McAfee Nuts & Bolts. With Background Patterns, you can change background patterns of wizard and dialog windows | No |
| X | NBInstall | MBDownloader_876919.exe | Added by the MIRAR_D TROJAN! | No |
| U | NBJ | NBJ.exe | Ahead Nero BackItUp - backup program. Only required for if you have scheduled back-ups | No |
| U | NbkCtrl | NbkCtrl.exe | Scheduling engine of NovaSTOR Backup Service. Only required if scheduling is enabled and wanted - see here | No |
| U | NBKeyScan | NBKeyScan.exe | This tool comes with a special version of Nero BackItUp for some external harddisks. Controls two buttons on the drive - one button power off the drive and the other directly calls Nero BackItUp to make a quick backup | No |
| X | NBT System alias | [path] repcale.exe [path] beird.exe | Added by a variant of the RANDON.AN WORM! | No |
| ? | nbustrce1D | nbustrce1D.exe | Device driver, possibly CD/DVD - what exactly is it and is it required in startup? | No |
| X | NC1565 | winntsrv -l -p10001 -d -e cmd.exe -L | Added by the NEWLEY-A WORM! | No |
| X | Ncao | osoa.exe | PurityScan adware | No |
| X | Ncao | urpo.exe | PurityScan adware | No |
| ? | NCClient | N/A | ?? | No |
| N | NCD | ncd.exe | Norton Change Directory - from the DOS days that allows the user to change directories on their machine without typing the complete path | No |
| N | NCLAUNCH | NCLAUNCH.exe | Part of SWF Studio from Northcode Inc. - an extension to Flash. Bundled when you create a self-installing screen-saver on Win2K/XP | No |
| X | nClient | cnen.exe | Added by the DELBOT-AL WORM! | No |
| N | NclTray | NclTray.exe | Part of Nokia PC Suite version 5 - which "is a free PC software product that allows you to connect your Nokia device to a PC and access mobile content as if the device and the PC were one." Monitors ports to see if a phone has been connected and provides System Tray access to the Connection Manager (and other PC Suite components if a phone is connected). Available via the Control Panel as "Nokia Connection Manager" | Yes |
| U | Ncr3 | ncrcore3.exe | Network camera recording software for home/office security systems using wired or wireless Panasonic cameras that enables you to locally view, record and adjust the settings for the cameras - see here | No |
| Y | NCSW Server | NcsW.exe | LockLink access control management software. LockLink 7.0 lets users seamlessly manage both offline and online access control solutions available from IR Security & Safety | No |
| N | NCS_SS | Csinsm32.exe | Same as CleanSweep Smart Sweep-Internet Sweep | No |
| X | Ncua | ihoo.exe | PurityScan adware | No |
| X | NDAv | csnss.exe | Added by the SERFLOG.C WORM! | No |
| X | NDAv | svhost.exe | Added by the SERFLOG.C WORM! | No |
| ? | NDDEAGNT | NDDEAGNT.EXE | WinNT default process. Network Dynamic Data Exchange (DDE) Agent, handles requests for network DDE services | No |
| X | NDIS Adapter | ndis.exe | Added by the SDBOT.VF WORM! | No |
| X | NDIS Adapter | windows.exe | Added by the FORBOT-BR WORM! | No |
| X | NDIS Adapter | lsass2.exe | Added by the WOOTBOT.CW WORM! | No |
| X | NDIS Adapter | servenxpp.exe | Added by the FORBOT-GP WORM! | No |
| X | NDIS Adapter | Servenxp.exe | Added by the SPYBOT.LY WORM! | No |
| X | NDIS Adapter | svchosttt.exe | Added by the WOOTBOT.AN WORM! | No |
| X | NDIS Adapter | Winman.exe | Added by the WOOTBOT.AG WORM! | No |
| X | ndlhosta | uiremsyl.exe | Added by a variant of the SDBOT WORM! | No |
| X | Ndpldaemon | [path to trojan] | Added by the RPCSDBOT-A TROJAN! | No |
| X | NDplDeamon | nstask32.exe | Added by the RANDEX.E WORM! | No |
| X | NDplDeamon | winlogin.exe | Added by the RANDEX.E WORM! | No |
| U | NDPS | DPMW32.EXE | Novell Distributed Printer Services - part of Novell's Netware Client and Groupwise products. Not required if you don't use this feature | No |
| X | NDrv | NDrv.exe | PurityScan adware | No |
| U | NDSTray | NDSTray.exe | ConfigFree Tray on a Toshiba laptop. Tray utility for their network switching application which permits switching network devices and settings with a click on the tray icon. While it is not required, for people who span multiple networks and want an easy way to go from wired to wireless and change addresses and other network settings, it's a must have | No |
| U | NDSTray.exe | NDSTray.exe | ConfigFree Tray on a Toshiba laptop. Tray utility for their network switching application which permits switching network devices and settings with a click on the tray icon. While it is not required, for people who span multiple networks and want an easy way to go from wired to wireless and change addresses and other network settings, it's a must have | No |
| X | Ndtstat | Ndtstat.exe | Added by a variant of the BANLOAD family of TROJANS! | No |
| N | Necbar | Necbar.exe | Nec Assistant; Ark's Navigator, a graphical interface for NEC computers | No |
| Y | NECMFK | necmfk.exe | NEC wireless keyboard driver | No |
| U | Necutray | Necutray.exe | Driver for external USB storage devices (hard drives, flsh disks, etc) | No |
| X | neos | neos.exe | Added by the BDOORB-FAM TROJAN! | No |
| ? | neqprvfy.exe | neqprvfy.exe | Appears to be related to the downloading of some application - possibly verifying updates? | No |
| X | Nero | shch.exe | Added by a variant of the BDOOR-EB BACKDOOR! | No |
| X | Nero Checker | nerocheck.exe | Added by the PROXY-X TROJAN! Note - this is not related to "Nero Burning Rom" CD writing software | No |
| N | Nero DriveSpeed | DRIVESPEED.EXE | Ahead Nero DriveSpeed - set the CD reading speed of a CD/DVD drive on-the-fly to reduce the noise on high-speed drives | No |
| N | Nero PhotoShow Media Manager | mssysmgr.exe | Nero rebranded version of Simple Star's PhotoShow photo editing and organizing software, makes it easy to send and share digital photos | No |
| X | Nero Updater.6.12 | wmp9.exe | Added by the AGOBOT-AAG WORM! | No |
| X | Nero.ma | ***.exe [*** = 2 to 3 digits] | Added by the JONBARR.D WORM! | No |
| X | NeroAutoStartClient | NeroASM.exe | Added by the AGOBOT.VG WORM! | No |
| U | NeroCheck | nerocheck.exe | Associated with "Nero Burning Rom" CD writing software. Checks for driver issues | No |
| X | NeroCheck | regedit.exe | Added by the DOOMJUICE.B WORM! Note - this is not the valid Ahead Nero CD/DVD burning program. Also, it is not the valid Windows registry editor which resides in %Windir% and will not normally figure in Msconfig/Startup! This version resides in the %System% | No |
| X | NeroFil | NeroFil.EXE | Added by the RBOT.EAM TROJAN! | No |
| X | NeroFileCheck | msjavam32.exe | Added by the AGOBOT.AKM WORM! | No |
| U | NeroFilterCheck | NeroCheck.exe | Associated with "Nero Burning Rom" CD writing software. Checks for driver issues | No |
| U | NeroHomeFirstStart | NMFirstStart.exe | Associated with Nero Scout, added by version 7 of the Nero digital media suite (CD & DVD burning, authoring, etc). Thanks to Help2Go.com, if you feel this is draining more resources that necessary you can disable it by clicking here | No |
| X | NeroLoader | NeroLoader.exe | Added by the BANCBAN-EJ TROJAN! | No |
| N | NeroNETTrayIcon | NNServiceCtrl.exe | System tray access to NeroNET - Ahead Software's network-capable extension of their CD/DVD burning program. NeroNET allows a burner to be shared across a network | No |
| X | NeroUpdate Check | msjava.exe | Added by the AGOBOT.AMH WORM! | No |
| X | NeroUpdater6.8 | winjava.exe | Added by the AGOBOT.AMK WORM! | No |
| X | Net | WINREG.EXE | Added by the ASSASIN.D TROJAN! | No |
| X | net | net.net | Added by the MDROP-CIF TROJAN! | No |
| U | Net Accelerator | NetAccelerator.exe | Rizal NetAccelerator - "Optimizing Dial-Up, Lan, Cable, DSL, and Satellite connections do you want to speed up your Internet access up to 200% - 300% ???". Only required if you find it helps improve your performance | No |
| U | Net Activity Diagram | nad.exe | Net Activity Diagram from MetaProducts. Monitors your computer internet activity. Available via Start -> Programs | No |
| X | NET Bios Stats | ntbstats.exe | Added by the SDBOT-ZX WORM! | No |
| X | Net Command Senter | nvscvse.exe | Added by the IRCBOT!DF6280E5 VIRUS! | No |
| X | Net CoNN | Antispy.exe | Added by the AGOBOT.ALK WORM! | No |
| X | NET DEMON | ndemon.exe | Added by the AGOBOT-LA WORM! | No |
| U | Net iD | iid.exe | "With the Net_iD program, you can easily and securely logon with a smart card into a domain, a virtual private network (VPN) or in Citrix and Terminal Server environments" | No |
| X | NET protection system | netst.exe | Added by the RIZO.A TROJAN! | No |
| X | Net**.exe [* = random char] | Net**.exe [* = random char] | CoolWebSearch/HomeSearch adware - for examples, see this log | No |
| X | Net**32.exe [* = random char] | Net**32.exe [* = random char] | CoolWebSearch/HomeSearch adware - for examples, see this log | No |
| N | Net-It Launcher | NILaunch.exe | Net-It - web publishing software | No |
| X | net32 | svhost.exe | Added by a variant of the Trojan.Clicker family | No |
| U | Net4Switch | Net4Switch.exe | ASUS Net4Switch utility as provided on their range of notebooks - which "helps users to quickly configure the notebook PC's network settings and easily switch between different network environments. A wizard guides users to create and edit configuration settings as well as diagnose problems in the settings for timely connection" | No |
| X | net64 | svhoster.exe | Added by the AGENT.JVF TROJAN! | No |
| U | NetAccelerator | NetAccel.exe | NetAccelerator is a "software utility that optimizes your internet access up to 1200% faster!. NetAccelerator speeds all modems allowing you to download faster, browse faster, surf faster!. Only required if you find it helps improve your performance | No |
| X | NetAdm7 | NETADM7.EXE | Added by the BANCOS.F TROJAN! | No |
| X | Netapi | Netapi.exe | Added by the NETDEVIL.14 TROJAN! | No |
| X | netapi32 | netapi32.exe | Added by an unidentified TROJAN! | No |
| X | NetApp | winserv.exe | Added by the SHADOWTHIEF TROJAN! | No |
| N | NetAppel | NetAppel.exe | NetAppel - free internet telephony utility using the VoIP (Voice over Internet Protocol). Call online friends for free and regular phones either for free (limited use) or low rates. One of a number provided by Betamax - the others generally have different rate plans. Similar to the more popular Skype | Yes |
| U | NetAssistant | matcli.exe | "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". NetAssistant Help is required to run with the Help and Support program. If you uncheck NetAssistant Help and and then run Help and Support it will add another NetAssistant Help in the startup menu. If you remove the NetAssistant Help in the add/remove program some help menus in help and support will not be available. You decide | No |
| X | Netbeans | netbeans.exe | Added by the DELBOT-R WORM! | No |
| X | Netbios Helper | nbthlp.exe | Added by the BANKER.Y TROJAN! | No |
| X | NetBiosSrvc | HPSrvPrt.exe | Added by the SDBOT-COL WORM! | No |
| X | NetBioy Client | netbioy.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| ? | NetBrowser | NetBrowser.exe | Part of Best Network Security, 1st Network Admin and Corporate Network Security (and maybe others) - network-based password-protected security software that lets you impose access restrictions to all your PC workstations you have in your corporate network to stop users from tampering with them. The exact purpose of this startup entry is unknown at present | Yes |
| ? | NetBrowser.exe | NetBrowser.exe | Part of Best Network Security, 1st Network Admin and Corporate Network Security (and maybe others) - network-based password-protected security software that lets you impose access restrictions to all your PC workstations you have in your corporate network to stop users from tampering with them. The exact purpose of this startup entry is unknown at present | Yes |
| X | netc | svc.exe | Detected by Bitdefender as DROPPER.LDPINCH.Q malware | No |
| X | netconfig | netconfig.exe | Added by the NETWARE TROJAN! | No |
| U | NetCruiser Dialer | NCDialer.exe | NetCruiser Dialer from NetCruiser Software. "An Internet dialer and connection monitor with features to launch applications when a connection is detected, dial and hangup at predefined times and automatic redialing of dropped connections" | No |
| X | netdaemon | netdaemon /v | Malware designed to "kill" a number of antispyware applications (SpyBot, Giant, SpyDoctor, SpySweeper, SpyHunter, Anvir, WinPatrol, and more) | No |
| X | netdll32 | netdll32.exe | Added by the CRYPTER.A TROJAN! | No |
| X | netdllex | netdllex.Exe | Added by the CRYPTER.A TROJAN! | No |
| X | NetDy | VisualGuard.exe | Added by the NETSKY.N or NETSKY.W WORMS! | No |
| X | NETFP32.EXE | NETFP32.EXE | Added by the AGENT.CD TROJAN! | No |
| ? | netfxupdate | netfxupdate.exe | Would appear to be a valid Microsoft .NET file (see here) but other sources suggest it could be a trojan | No |
| ? | NetFxUpdate_v1.0.3705 | netfxupdate.exe | Would appear to be a valid Microsoft .NET file (see here) but other sources suggest it could be a trojan | No |
| U | NETGEAR WG111T Smart Wizard | wlan111t.exe | Configuration utility for the Netgear WG111T multi-rate Wireless USB 2.0 Adapter that "provides wireless access to your desktop or notebook PC through the computer's USB port" | No |
| U | NetGuard | NetGuard.exe | FBM Software ZeroSpyware 2004 spyware detector and remover - real time monitor | No |
| X | nethost.exe | [path to file] | Added by the PERDA-J TROJAN! | No |
| U | Netlimiter | Netlimiter.exe | Netlimiter - "An internet traffic control tool to monitor applications which access the internet and actively control their internet traffic. Use it o set (download/upload) speed limits for applications or even single connection. NetLimiter also allows you to share your internet connection bandwidth among all applications running on your PC." | No |
| N | Netline User | netchk.exe | Netline supplies internet related products and services and this program identifies user ID and IP information. Found installed along with the Falcon 4 game, for example | No |
| X | NetLink | netlink32.exe | Added by the GAOBOT.WO WORM! | No |
| X | NetLogon | userint.exe | Added by the SDBOT-BC WORM! | No |
| U | NetManageImport | nmcpdata.exe | NetManage business software related | No |
| X | NetManagerService | ntss.exe | Added by the BESTPICS.A TROJAN! | No |
| U | NetMeter | NetMeter.exe | "Net Meter is a small, customizable network bandwidth monitoring program for Win9x/Me/NT4/2K/XP. NetMeter is and will always stay freeware. The program has been tested extensively on Win2K/XP, but it should work just as well on all other Win32 operating systems" | No |
| X | NetMeter | NielsenOnline.exe | NetRatings software by Opistat. "OpiStat measures Internet usage anonymously and surveys participants according to their profiles and online habits". This software has been reported to get downloaded and installed automatically after a Grokster install. It anonymously collects your use of the Internet protocols (sites visited, Web pages, advertisements seen, electronic commerce, streaming). To be avoided! | No |
| U | NetMeter | HooNetMeter.exe | "Net Meter is a powerful and easy-to-use bandwidth meter. It monitors traffic of all network connections and displays real-time graphical and numerical data transfer rates. Net Meter can display details of multiple network connections at the same time. It records all network traffic and includes extensive logging (daily, weekly and monthly) and traffic events. Net Meter works with virtually all types of network connections including phone modems, DSL, cable modem, LAN, satellite and more." | No |
| X | NetMon | netmon.exe | Added by the MIMAIL.M WORM! | No |
| X | netmon | dllcache.exe | Added by the BCKDR-RAA TROJAN! | No |
| X | Netmonw | Netmonw.exe | Added by the BDOOR-FX BACKDOOR! | No |
| U | netmsg | netmsg.exe | Net_Message is a small tool to send messages across the network, using the Windows Messenger Service, so there is no client install required to receive the messages. It has a number of other features as well | No |
| U | NetOnHold | FTNOHMgr.EXE | "FaxTalk NetOnHold 1.5 works with the Modem-On-Hold capabilities found in V.92 modems to provide the ability to place an Internet connection "on hold" and receive incoming calls or place outgoing calls" | No |
| U | NetPanel | Starter.exe | Gemius surveillance software. Uninstall this software unless you put it there yourself | No |
| U | NetPatrol | winclient.exe | NetPatrol network monitoring software | No |
| X | netpc32.exe | netpc32.exe | Malware, probably a CoolWebSearch parasite variant | No |
| N | NetPerSec | NetPerSec.exe | NetPerSec - measures the real-time speed of your Internet connection | No |
| N | NetPumper | NetPumperIEProxy.exe | NetPumper download manager - bundles Cydoor and SaveNow adware, see here | No |
| X | NetReach | nrcheck.exe | Added by an unidentified VIRUS, WORM or TROJAN! | No |
| X | Netropa Internet Receiver | Netropa.exe | Netropa Internet Receiver. Shows a scrolling bar with the news. Major resource hog and flagged as spyware | No |
| U | NetRun | NetRun.exe | NetRun - will 'RUN' a 'List' of programs only when a internet connection is detected, and close/kill the same 'List' when the connection is lost | No |
| U | Netscape | InstallService.exe | Related to Netscape installation | No |
| N | Netscape Messenger | NETSCAPE.EXE | In Netscape 6 (I know for sure with 6.2.1, maybe with 6.0) Netscape.exe is the main executable file for Netscape Navigator, Netscape Mail and News, and Netscape Messenger (the new name for the embedded AIM, no doubt to make it sound like Windows Messenger, the XP version of MSN Messenger). Basically, netscape.exe can be more than just Netscape Messenger, and Messenger can be more then just AIM in disguise, depending on the version of Netscape installed | No |
| N | Netscp6 | Netscp6.exe | Netscape 6 | No |
| U | NetScreen-Remote | SafeCfg.exe | NetScreen Remote VPN client software | No |
| X | NetService | ntsvc.exe | Added by the QQPASS-DU TROJAN! | No |
| X | netservices | recall.exe | Added by the WOOTBOT.D WORM! | No |
| X | netservices | svchostn.exe | Added by the SDBOT.GI WORM! | No |
| X | NETServices | csxrs.exe | Added by a variant of the SDBOT WORM! | No |
| U | NetShow Powerpoint Helper | NSPPTHLP.EXE | If disabled, user created fonts can no longer be seen by other programs | No |
| X | NetStart | svchost.exe | Added by the MKAR-A VIRUS! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "NETSTART" subfolder | No |
| N | NetStat Live | Nsl.exe | AnalogX NetStat Live - TCP/IP protocol monitor which can be used to see your exact throughput on both incoming and outgoing data | No |
| X | NetSurfageAssure | GDC.exe | NetSurfageAssure French rogue privacy tool - not recommended. A member of the PCPrivacyTool family | No |
| X | netsv32 | netsv32.exe | Added by the SDBOT-PX WORM! | No |
| X | netsv32 | sv.exe | Added by the DELF.CCD TROJAN! | No |
| Y | NettGain2000 | WgwMngr.exe | Part of Flash-Networks NettGain2000 product. NettGain 2000 is a combined hardware/software networking solution, which is designed to improve performance of satellite networks by increasing data transmission speeds and maximizing the existing bandwidth for complete utilization when sending TCP/IP applications over a satellite. It is needed when connecting to the internet via satellite to provide speed faster than 60k or so | No |
| Y | NettGain2000 Verifier | NettGain2000 Verifier.exe | Part of the Starband satellite client that attempts to optimize your satellite connection to increase speed | No |
| U | NetTime | NETTIME.EXE | From a visitor - "This is the executable for NetTime. It is started from the registry when you check the box to start at startup. NetTime allows you to synchronize your computers' clock with a server on your local net or the internet using any of several protocols, e.g. NTP." | No |
| X | NettoyeurDePC | GDC.exe | NettoyeurDePC French rogue privacy tool - not recommended. A member of the PCPrivacyTool family | No |
| U | NetTurbo | netturbo.exe | NetTurbo from SharewareOnline.com. "Accelerate Your Internet Connections by up to 600%". If you find it helps your connectivity leave it enabled | No |
| X | Netunit32 | wunit32.exe | Added by an unidentified WORM or TROJAN! | No |
| X | netupdate32 | netupdate32.exe | Added by the RBOT-GQZ WORM! | No |
| X | netview | netview.exe | Added by the BIFROSE.L BACKDOOR! | No |
| X | NETVISIONAdulti | [random filename] | Trafficadvance dialer | No |
| X | NETVISIONPasse-partout | Passe-partout.exe | Added by the DIALCAR-M DIALER! | No |
| X | netw | svw.exe | Detected by Bitdefender as a variant of DROPPER.LDPINCH.Q malware | No |
| X | NetWatch32 | netwatch.exe | Added by the MIMAIL.C WORM! | No |
| N | Netword Agent | nwant33.exe | An interesting browser utility that allows you to navigate by typing a single word or phrase (a "NetWord") related to what you're looking for into your browser's location field. It also puts an icon in the system tray icon that is a circle with the letter N in the center to access the menu faster. Available via Start -> Programs | No |
| X | NetWork | csrs.exe | Added by the AGOBOT.JJ WORM! | No |
| X | Network | netwin.exe | Added by the SILLYFDC-CG WORM! | No |
| X | Network Access | winssh.exe | Added by a variant of the SDBOT WORM! | No |
| X | Network Administration | NAS.exe | Added by the ANTILAM.20.Q TROJAN! | No |
| X | Network Administration Service | rsvc32.exe | Added by the RBOT.ABH WORM! | No |
| U | Network Associates Error Reporting Service | TBMon.exe | Network Associates Error Reporting Tool - tool traps errors and requests submission to NAI for the purpose of betatesting new software | No |
| X | Network Connections | internat.exe | Added by the VB-ZD TROJAN! | No |
| X | network device driver | msfirewall.exe | Added by the DELF-LB TROJAN! | No |
| U | NetWork Device Switch | NetDevSW.exe | Toshiba laptops with built-in Wi-Fi. Allows switching between Wi-Fi and internal ethernet. Only necessary if you have regular need to switch back and forward between these network interfaces. Located in Startup folder so make own shortcut to it and disable if not really necessary | No |
| X | Network Host Controller | [path to trojan] | Added by the WHISPER TROJAN! | No |
| X | Network Host Service | msmnart32.exe | Added by the RBOT-CJV WORM! | No |
| X | Network Host Service | [random]32.exe | Added by the RBOT-BAB WORM! | No |
| X | Network maneger | svchost.exe | Added by the AGENT.BX BACKDOOR! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! | No |
| X | Network Protocol Service | wuamgrd.exe | Added by the RBOT.EA WORM! | No |
| X | Network protocol service | wintcp.exe | Added by a variant of the AGOBOT/GAOBOT WORM! | No |
| X | Network Provisioning Service | WinNPS.exe | Added by an unidentified WORM/TROJAN! | No |
| X | Network Security | secsvc.exe | Added by the RBOT-ALX WORM! | No |
| X | Network Security | NSecurity.exe | Added by the IRCBOT.AAV WORM! | No |
| X | Network Security Guard | **********.exe [* = random char] | CoolWebSearch parasite variant | No |
| X | Network Security Guard | [path to trojan] | Added by the COLEM-A TROJAN! | No |
| X | Network Security XP | nvsvc86.exe | Added by the RBOT-GUI WORM! | No |
| X | Network Service | svchost.exe | Added by the STARTPA-CC TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | Network Service | svhost.exe | Added by the HACDEF-K TROJAN! | No |
| X | Network Service | MccTrayApp.exe | Added by an unidentified WORM or TROJAN! | No |
| X | Network Service Manager | netsvc.exe | Added by a variant of the AGOBOT/GAOBOT WORM! | No |
| X | Network Services | netsvacs.exe | Added by the GAOBOT.AIS WORM! | No |
| X | Network Translation System Service | ntss.exe | Added by the UNPDOOR TROJAN! | No |
| X | NetworkAssociates Inc | internet.exe | Added by the LOVGATE.AB WORM! | No |
| X | NetworkClient | NetworkClient.exe | Added by the LEMUR WORM! | No |
| X | NetworkKey | netkey.exe | Added by the IRCBOT-AJ TROJAN! | No |
| X | Networks Configurator | NetConfs.exe | Added by the RBOT-OX WORM! | No |
| X | Networks Controler | Netsis.exe | Added by the RBOT-NG WORM! | No |
| N | NetworkSetup | dlink.exe | D-Link System Tray icon | No |
| X | netx | svx.exe | Detected by Bitdefender as a variant of DROPPER.LDPINCH.Q malware | No |
| X | netzip | svzip.exe | Added by the DELF.ZWL TROJAN! | No |
| X | Netzip Smart Downloader | npnzdad.exe | Advertising spyware | No |
| N | NetZIPFolders | nzfprop.exe | Netzip Classic zip file manager | No |
| X | NeuerSchild | pgs.exe | NeuerSchild, German rogue security software - not recommended. A member of the AVSystemCare family | No |
| X | NeuroMedia(IESpeaker) | NeuroMedia.exe | Part of an older freeware version of IESpeaker - a program that allows you to listen to web pages. NeuroMedia.exe only downloads advertisments. Not included in the paid-for version currently available | No |
| N | NeuroSpeech OESpeaker | OEMonitor.exe | Part of OESpeaker - a program that allows you to listen to long E-mails instead of reading them in Outlook Express. OEMonitor.exe checks whether OE is open or not | No |
| X | New Anti Virus | System.exe | Added by the BRONTOK-CH WORM! | No |
| X | New Csnm Manager | csmn.exe | Added by the SDBOT.BZS WORM! | No |
| X | New.net Startup | rundll32 [path] NEWDOT~1.DLL, ClientStartup | NewDotNet foistware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| X | New.net Startup | rundll32 [path] NEWDOT~1.DLL, NewDotNetStartup | NewDotNet foistware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| X | New.net Startup | rundll32 [path] NEWDOT~2.DLL, ClientStartup | NewDotNet foistware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| X | New.net Startup | rundll32 [path] NEWDOT~2.DLL, NewDotNetStartup | NewDotNet foistware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| X | NewDownloads | rundll32.exe MSA64CHK.dll,DllMostrar | MatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System% | No |
| U | newlock | newlock.exe | Part of Access Manager, 1st Security Agent, Security Administrator and PC Security Tweaker (and maybe others) - which which let you control which users are allowed to access your PC and the level of access each user may have. You can choose to tweak access to lots of Control Panel applet functions, including Display, Network, Passwords, Printers, System, Add/Remove Programs, etc. For more details please see the 00saskda or zzsecagent entries | Yes |
| U | newlock.exe | newlock.exe | Part of Access Manager, 1st Security Agent, Security Administrator and PC Security Tweaker (and maybe others) - which which let you control which users are allowed to access your PC and the level of access each user may have. You can choose to tweak access to lots of Control Panel applet functions, including Display, Network, Passwords, Printers, System, Add/Remove Programs, etc. For more details please see the 00saskda or zzsecagent entries | Yes |
| X | Newman | playavi.exe | Added by the LINEAGE-AT TROJAN! | No |
| X | NewMP3 | rundll32.exe MSA64CHK.dll,DllMostrar | MatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System% | No |
| X | newname | [path to trojan] | Added by the DRSMARTL-S TROJAN! | No |
| ? | News Service | ispnews.exe | F-Secure antivirus related. However, is this particular item required? | No |
| N | Newsalrt | NEWSALRT.EXE | MSNBC News system tray utility to alert you to new news | No |
| X | Newsgroup lptt01 | newsgroup.exe | RapidBlaster variant (in a "newsgroup" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here | No |
| X | Newsgroup ml097e | newsgroup.exe | RapidBlaster variant (in a "newsgroup" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here | No |
| N | NewsUpd | newsupd.exe | For Creative Soundblaster Live! series soundcards. System tray application for News updates. Available via Start -> Programs. Also spyware - see here. | No |
| X | NewtonKnowsUpd | NewtKnow.exe ...NewtnUpd.dll, runkey | NewtonKnows hijacker | No |
| X | Nex | nex.exe | Added by the AGENT-FPQ TROJAN! | No |
| U | NexusServer | PNXSERVR.exe | Related to ProCoder 2.0 from Canopus. "ProCoder 2.0 software combines speed and flexibility into a streamlined video conversion tool for professionals. Featuring, extensive input/output options, advanced filtering, batch processing and an easy-to-use interface, ProCoder 2.0 is the ideal solution for high-quality multi-format video creation" | No |
| U | NFM Service | NPDOR9x.exe | Appears in startup if you have chosen to participate in on survey by NPD Online Research. Required for the survey to work correctly. Otherwise not required | No |
| X | Nfo | nfomon.exe | Delfin Media Viewer adware related | No |
| N | nForce Tray Options | sstray.exe | nVidia nForce Taskbar Utility - quick access to the nForce2 "Sound Storm" control panel and related utilitys | No |
| U | NGClient | ngctw32.exe | Symantec Ghost Server software - needed for a "a Ghost multicast" (transfer images to multiple machines). Can be launched manually | No |
| X | ngpw36 | ngpw36.exe | AdBlaster adware variant | No |
| N | NGServer | ngserver.exe | Symantec/Norton Ghost Console service | No |
| U | nHancer | nHancer.exe | System Tray accesss to nHancer which is an advanced control panel and profile editor for NVIDIA graphic cards - offering enhanced features above those available via the standard NVIDIA control panel such as additional Anti-Aliasing and Anisotropic Filtering modes | Yes |
| X | NI.ERS_9999_N91S3108 | [path to file] | Installer for the ErrorSafe rogue system error and cleaning utility - see here | No |
| X | NI.GA6PU_0001_N108E1308 | [path to file] | Installer for the VirusSchlacht German rogue security software - see here | No |
| X | NI.GA6PU_0001_N120C2910 | [path to file] | Installer for the VirusSchlacht German rogue security software - see here | No |
| X | NI.GA6P_0001_N105E2704 | [path to file] | Installer for the AVSystemCare rogue security software - see here | No |
| X | NI.GA6P_0001_N108E1606 | [path to file] | Installer for the BestsellerAntivirus rogue security software - see here | No |
| X | NI.GA6P_0001_N111C1707 | [path to file] | Installer for the AVSystemCare rogue security software - see here | No |
| X | NI.GA6P_0001_N115C0110 | [path to file] | Installer for the AVSystemCare rogue security software - see here | No |
| X | NI.GA6P_0001_N115E0110 | [path to file] | Installer for the AVSystemCare rogue security software - see here | No |
| X | NI.GA6P_0001_N122C0611 | [path to file] | Installer for the AVSystemCare rogue security software - see here | No |
| X | NI.GA6P_0001_N122C2210 | [path to file] | Installer for the AVSystemCare rogue security software - see here | No |
| X | NI.GA6P_0001_N122C2802 | [path to file] | Installer for the AVSystemCare rogue security software - see here | No |
| X | NI.GA6P_0001_N122E0611 | [path to file] | Installer for the AVSystemCare rogue security software - see here | No |
| X | NI.GA6P_2001_N108E1606 | [path to file] | Installer for the BestsellerAntivirus rogue security software - see here | No |
| X | NI.GDCDE_0001_N122C1912 | [path to file] | Installer for the FestplattenReiniger German rogue privacy tool - see here | No |
| X | NI.GDC_0001_N111C1909 | [path to file] | Installer for the PCPrivacyTool rogue privacy tool - see here | No |
| X | NI.GDC_0001_N122C1912 | [path to file] | Installer for the PCPrivacyTool rogue privacy tool - see here | No |
| X | NI.GES_0001_N122C2610 | [path to file] | Installer for the ErrClean rogue system error and cleaning utility - see here | No |
| X | NI.UAVIFR_0001_N105M2404 | [path to file] | Installer for the VirusGarde French rogue security software - see here | No |
| X | NI.UERSM_0001_N68M1602 | [path to file] | Installer for the ErrorSafe rogue system error and cleaning utility - see here | No |
| X | NI.UGA6P | [path to file] | Installer for the BestsellerAntivirus rogue security software - see here | No |
| X | NI.UGA6PH_0001_N122M2910 | [path to file] | Installer for the AntiVirusAskeladd rogue security software - see here | No |
| X | NI.UGA6PK_0001_N122M1302 | [path to file] | Installer for the VirusForsvar Danish rogue security software - see here | No |
| X | NI.UGA6PL_0001_N108M2808 | [path to file] | Installer for the VirusSchlacht Swedish rogue security software - see here | No |
| X | NI.UGA6PL_0001_N120M1302 | [path to file] | Installer for the VirusSchlacht Swedish rogue security software - see here | No |
| X | NI.UGA6PM_0001_N108M2108 | [path to file] | Installer for the AntivirusScherm Dutch rogue security software - see here | No |
| X | NI.UGA6PM_0001_N122M1202 | [path to file] | Installer for the AntivirusScherm Dutch rogue security software - see here | No |
| X | NI.UGA6PM_0001_N122M3010 | [path to file] | Installer for the AntivirusScherm Dutch rogue security software - see here | No |
| X | NI.UGA6PT_0001_N108M2208 | [path to file] | Installer for the VirusDifesa Italian rogue security software - see here | No |
| X | NI.UGA6PT_0001_N122M1202 | [path to file] | Installer for the VirusDifesa Italian rogue security software - see here | No |
| X | NI.UGA6PT_0001_N122M2910 | [path to file] | Installer for the VirusDifesa Italian rogue security software - see here | No |
| X | NI.UGA6PU_0001_N108M1308 | [path to file] | Installer for the VirusSchlacht German rogue security software - see here | No |
| X | NI.UGA6PU_0001_N120M1202 | [path to file] | Installer for the VirusSchlacht German rogue security software - see here | No |
| X | NI.UGA6PU_0001_N120M2910 | [path to file] | Installer for the VirusSchlacht German rogue security software - see here | No |
| X | NI.UGA6PV_0001_N108M0207 | [path to file] | Installer for the VirusGarde French rogue security software - see here | No |
| X | NI.UGA6PV_0001_N122M1202 | [path to file] | Installer for the VirusGarde French rogue security software - see here | No |
| X | NI.UGA6PV_0001_N122M2910 | [path to file] | Installer for the VirusGarde French rogue security software - see here | No |
| X | NI.UGA6P_0001_N105M2704 | [path to file] | Installer for the AVSystemCare rogue security software - see here | No |
| X | NI.UGA6P_0001_N111M1707 | [path to file] | Installer for the AVSystemCare rogue security software - see here | No |
| X | NI.UGA6P_0001_N115M0110 | [path to file] | Installer for the AVSystemCare rogue security software - see here | No |
| X | NI.UGA6P_0001_N119M1510 | [path to file] | Installer for the AVSystemCare rogue security software - see here | No |
| X | NI.UGA6P_0001_N120M1710 | [path to file] | Installer for the AVSystemCare rogue security software - see here | No |
| X | NI.UGA6P_0001_N122M0611 | [path to file] | Installer for the AVSystemCare rogue security software - see here | No |
| X | NI.UGA6P_0001_N122M2210 | [path to file] | Installer for the AVSystemCare rogue security software - see here | No |
| X | NI.UGA6P_0001_N122M2802 | [path to file] | Installer for the AVSystemCare rogue security software - see here | No |
| X | NI.UGA6P_0007_N125M2002 | [path to file] | Installer for the BestsellerAntivirus rogue security software - see here | No |
| X | NI.UGA6P_1001_N122M0402 | [path to file] | Installer for the AVSystemCare rogue security software - see here | No |
| X | NI.UGA6P_1002_N122M1402 | [path to file] | Installer for the AVSystemCare rogue security software - see here | No |
| X | NI.UGA6P_4001_N122M2111 | [path to file] | Installer for the AVSystemCare rogue security software - see here | No |
| X | NI.UGA6P_4444_N122M2811 | [path to file] | Installer for the AVSystemCare rogue security software - see here | No |
| X | NI.UGA6P_5001_N122M1902 | [path to file] | Installer for the AVSystemCare rogue security software - see here | No |
| X | NI.UGA6P_5555_N122M0312 | [path to file] | Installer for the AVSystemCare rogue security software - see here | No |
| X | NI.UGDC1_0001_N119M0911 | [path to file] | Installer for the FilterProgram rogue privacy tool - see here | No |
| X | NI.UGDCCZ_0001_N122M0307 | [path to file] | Installer for the SuspenzorPC Czech rogue privacy tool - see here | No |
| X | NI.UGDCCZ_0001_N122M0511 | [path to file] | Installer for the SuspenzorPC Czech rogue privacy tool - see here | No |
| X | NI.UGDCCZ_0001_N122M1712 | [path to file] | Installer for the SuspenzorPC Czech rogue privacy tool - see here | No |
| X | NI.UGDCDE_0001_N111M3007 | [path to file] | Installer for the FestplattenReiniger German rogue privacy tool - see here | No |
| X | NI.UGDCDE_0001_N122M1912 | [path to file] | Installer for the FestplattenReiniger German rogue privacy tool - see here | No |
| X | NI.UGDCGR_0001_N122M0307 | [path to file] | Installer for the FestplattenReiniger Greek rogue privacy tool - see here | No |
| X | NI.UGDCGR_0001_N122M1812 | [path to file] | Installer for the FestplattenReiniger Greek rogue privacy tool - see here | No |
| X | NI.UGDCNL_0001_N111M3007 | [path to file] | Installer for the NoCompromaat Dutch rogue privacy tool - see here | No |
| X | NI.UGDCNL_0001_N122M1912 | [path to file] | Installer for the NoCompromaat Dutch rogue privacy tool - see here | No |
| X | NI.UGDCNL_0001_N122M3011 | [path to file] | Installer for the NoCompromaat Dutch rogue privacy tool - see here | No |
| X | NI.UGDCPL_0001_N108M0207 | [path to file] | Installer for the OczyszczaczKomputerza Polish rogue privacy tool - see here | No |
| X | NI.UGDCPL_0001_N122M2012 | [path to file] | Installer for the OczyszczaczKomputerza Polish rogue privacy tool - see here | No |
| X | NI.UGDCRU_0001_N111M0208 | [path to file] | Installer for the SanitarDiska Romanian rogue privacy tool - see here | No |
| X | NI.UGDCRU_0001_N122M2012 | [path to file] | Installer for the SanitarDiska Romanian rogue privacy tool - see here | No |
| X | NI.UGDCTH_0001_N122M1712 | [path to file] | Installer for the PC Drive Tool rogue privacy tool - see here | No |
| X | NI.UGDCTR_0001_N108M0407 | [path to file] | Installer for the PC Drive Tool rogue privacy tool - see here | No |
| X | NI.UGDC_0001_N108M0407 | [path to file] | Installer for the PC Drive Tool rogue privacy tool - see here | No |
| X | NI.UGDC_0001_N111M1909 | [path to file] | Installer for the PCPrivacyTool rogue privacy tool - see here | No |
| X | NI.UGDC_0001_N122M0502 | [path to file] | Installer for the PCPrivacyTool rogue privacy tool - see here | No |
| X | NI.UGDC_0001_N122M1912 | [path to file] | Installer for the PCPrivacyTool rogue privacy tool - see here | No |
| X | NI.UGDC_0001_N122M2603 | [path to file] | Installer for the PCPrivacyTool rogue privacy tool - see here | No |
| X | NI.UGDC_0001_N122M2610 | [path to file] | Installer for the PCPrivacyTool rogue privacy tool - see here | No |
| X | NI.UGDC_0001_N122M2802 | [path to file] | Installer for the PCPrivacyTool rogue privacy tool - see here | No |
| X | NI.UGDC_0001_N122M2811 | [path to file] | Installer for the PCPrivacyTool rogue privacy tool - see here | No |
| X | NI.UGDC_0002_N108M1007 | [path to file] | Installer for the PC Drive Tool rogue privacy tool - see here | No |
| X | NI.UGDC_0003_N108M2407 | [path to file] | Installer for the PCPrivacyTool rogue privacy tool - see here | No |
| X | NI.UGESF_0001_N122M0201 | [path to file] | Installer for the HataDuzelticisi Turkish rogue system error and cleaning utility - see here | No |
| X | NI.UGESL_0001_N105M0405 | [path to file] | Installer for the SystemOrdnare Swedish rogue system error and cleaning utility - see here | No |
| X | NI.UGESL_0001_N122M0303 | [path to file] | Installer for the SystemOrdnare Swedish rogue system error and cleaning utility - see here | No |
| X | NI.UGESL_0001_N122M2911 | [path to file] | Installer for the SystemOrdnare Swedish rogue system error and cleaning utility - see here | No |
| X | NI.UGESM_0001_N122M0303 | [path to file] | Installer for the DokterFix Dutch rogue system error and cleaning utility - see here | No |
| X | NI.UGESV_0001_N108M2006 | [path to file] | Installer for the SysDepannage French rogue system error and cleaning utility - see here | No |
| X | NI.UGESV_0001_N122M0303 | [path to file] | Installer for the SysDepannage French rogue system error and cleaning utility - see here | No |
| X | NI.UGESV_0001_N122M2811 | [path to file] | Installer for the SysDepannage French rogue system error and cleaning utility - see here | No |
| X | NI.UGESV_0001_N122M3010 | [path to file] | Installer for the SysDepannage French rogue system error and cleaning utility - see here | No |
| X | NI.UGES_0001_N108M2006 | setup_en.exe | Installer for the MyContentAssistant rogue privacy tool | No |
| X | NI.UGES_0001_N122M0502 | [path to file] | Installer for the ErrClean rogue system error and cleaning utility - see here | No |
| X | NI.UGES_0001_N122M2111 | [path to file] | Installer for the ErrClean rogue system error and cleaning utility - see here | No |
| X | NI.UGES_0001_N122M2602 | [path to file] | Installer for the ErrClean rogue system error and cleaning utility - see here | No |
| X | NI.UGES_0001_N122M2603 | [path to file] | Installer for the ErrClean rogue system error and cleaning utility - see here | No |
| X | NI.UGES_0001_N122M2610 | [path to file] | Installer for the ErrClean rogue system error and cleaning utility - see here | No |
| X | NI.UGES_0002_N108M1607 | [path to file] | Installer for the ErrClean rogue system error and cleaning utility - see here | No |
| X | NI.UWA6P_0001_N56M1001 | WinAntiVirusPro2006Installer.exe | Installer for the WinAntiVirus Pro 2006 rogue security software | No |
| X | NI.UWA6P_0001_N69M0303 | WinAntiVirusPro2006Installer[1].exe | Installer for the WinAntiVirus Pro 2006 rogue security software | No |
| X | NI.UWA6P_0001_N73M1004 | WinAntiVirusPro2006FreeInstall.exe | Installer for the WinAntiVirus Pro 2006 rogue security software | No |
| X | NI.UWA6P_0001_N91M1807 | WinAntiVirusPro2006FreeInstall[1].exe | Installer for the WinAntiVirus Pro 2006 rogue security software | No |
| X | NI.UWA7P_0001_N91M0809 | WinAntiVirusPro2007FreeInstall.exe | Installer for the WinAntiVirus Pro 2007 rogue security software - see here | No |
| X | NI.UWAS5LP_0001_0811 | UWAS5LP_0001_0811NetInstaller.exe | WinFixer web installer. Winfixer is "Foistware", pretending to be system optimization, protection and recovery software - stealth installed, see here | No |
| X | NI.UWAS6_0001_N57M1312 | WinAntiSpyware2006FreeInstall.exe | Installer for the WinAntiSpyware 2006 rogue spyware remover - not recommended | No |
| X | NI.UWAS6_0001_N68M2301 | UWAS6_0001_N68M2301NetInstaller.exe | WinFixer web installer. Winfixer is "Foistware", pretending to be system optimization, protection and recovery software - stealth installed, see here | No |
| X | NI.UWFX5 | UWFX5NetInstaller.exe | WinFixer web installer. Winfixer is "Foistware", pretending to be system optimization, protection and recovery software - stealth installed, see here | No |
| X | NI.UWFX5T | UWFX5TNetInstaller.exe | Added by the DOWNLDR-BO TROJAN! | No |
| X | NI.UWFX5[various] | [various filenames] | WinFixer web installer. Winfixer is "Foistware", pretending to be system optimization, protection and recovery software - stealth installed, see here. Example filenames are UWFX5LP_0001_0802NetInstaller.exe, UWFX5V_0001_0802NetInstaller.exe, UWFX5_0001_N66M1101NETINSTALLER.EXE, 1D7C.tmp, WinFixerScannerInstall[1].exe | No |
| X | NI.UWFX6_0001_N68M2301 | UWFX6_0001_N68M2301NetInstaller.exe | WinFixer web installer. Winfixer is "Foistware", pretending to be system optimization, protection and recovery software - stealth installed, see here | No |
| X | NiceDownloads | rundll32.exe MSA64CHK.dll,DllMostrar | MatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System% | No |
| X | NiceMP3 | rundll32.exe MSA64CHK.dll,DllMostrar | MatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System% | No |
| X | Nielsen NetRatings | insight.exe | NetRatings Premeter spyware | No |
| X | NIEUW | [path to dialler] | "Switch-F" premium rate adult content dialler | No |
| U | NIHomeAM | LiteClientAM.exe | A managed web based internet security service that provides comprehensive & total protection for laptops/desktops - regardless of how, when or where they connect to the Internet. Made by Netintelligence Ltd | No |
| X | nikLaus | nikLaus.exe | Added by the NIKLAS WORM! | No |
| N | Nikon Monitor | nkmonitor.exe | Monitors for a Nikon CoolPix camera being connected via USB port. As soon as it detects a CoolPix camera it executes the Nikon View software to enable the user to transfer images from the camera to the PC | No |
| N | NInit | NInit.exe | Norton Uninstall Deluxe. Monitors programs being installed and logs them for removing later. Available via Start -> Programs for manual logging - not required | No |
| X | NiroFile Updated | NiroFile.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | nisdisa | nisdisa.exe | Added by a variant of the Storm/Nuwar/Zhelatin WORM! See here for an example | No |
| Y | nisserv | NISSERV.EXE | Norton Personal Firewall | No |
| Y | Nisum | NISUM.EXE | Norton Personal Firewall | No |
| U | niSvcLoc | niSvcLoc.exe | Related to National Instruments Corp. LabView | No |
| U | Nitro PDF Printer Monitor | NitroPDFPrinterMonitor.exe | Printer monitor for Nitro PDF Professional from Nitro PDF, Inc. - "complete, affordable and easy-to-use set of tools to work with PDF documents" | No |
| X | niu | niu.exe | Added by the SILLYFDC.BCS WORM! | No |
| X | NJG40 | NJG40.EXE | Added by the BANCOS.D TROJAN! | No |
| N | NkbMonitor.exe | NkbMonitor.exe | Part of Nikon PictureProject - image management for Nikon digital cameras | No |
| N | NkvMon.exe | NkvMon.exe | Nikon View 5 - for transferring pictures from Nikon digital cameras | No |
| N | NkVwMon.exe | NkVwMon.exe | Nikon View - for transferring pictures from Nikon digital cameras | No |
| U | NliaClient | Netpia.exe | Netpia NLIA System - "In the existing Internet address system, the Domain Name System (DNS) layer runs on the IP address layer. In the NLIA system, however, the upper layer is implemented on DNS" | No |
| X | NLS Keyboard | keyboard.exe | Added by a variant of the SPYBOT WORM! | No |
| X | NLS MonBoard | NSBARD.EXE | Added by the SPYBOT.T TROJAN! | No |
| X | NLS Monitor | nlsmon.exe | Added by the RBOT-AXJ WORM! | No |
| U | nmapp | nmapp.exe | Pure Networks "Network Magic eliminates common frustrations and saves time by simplifying and automating set up, management and repair of home networks, and makes printer and file sharing effortless" | No |
| U | NMBgMonitor | NMBgMonitor.exe | Associated with Nero Scout, added by version 7 of the Nero digital media suite (CD & DVD burning, authoring, etc). Thanks to Help2Go.com, if you feel this is draining more resources that necessary you can disable it by clicking here | No |
| U | nmctxth | nmctxth.exe | Related to Pure Networks comprehensive home and small business networking software that simplifies network configuration | No |
| U | NMFirstStart | NMFirstStart.exe | Associated with Nero Scout, added by version 7 of the Nero digital media suite (CD & DVD burning, authoring, etc). Thanks to Help2Go.com, if you feel this is draining more resources that necessary you can disable it by clicking here | No |
| X | nmgr | nnmgr.exe | FFToolBar adware toolbar | No |
| U | NMPSystray | NMPSystray.exe | System Tray access to NotesMedic from Cassetica Software Inc. - which "contains a suite of Tools that make life easier when using Lotus Notes" | No |
| Y | NMSSupport | IntelHCTAgent.exe | Network monitor for Intel® Hub Connect Technology | No |
| ? | NMSSvc | NMSSVC.EXE | NIC Management Service - diagnostics program for Intel Pro family network cards | No |
| Y | NMSVC | nmSvc.exe | Covenant Eyes - surveillance software that creates records of everything people do on a computer, ie, spying or monitoring depending upon how you call it. Disabling it means loss of internet connection until renabled - therefore required if you use it | No |
| ? | nMTaskBarService | nMtsk.exe | Taskbar control for ISDN NetMod modem. What does it do and is it required? | No |
| U | NNLL | nnll.exe | Net Nanny internet filter | No |
| X | nnqcouu | nnqcouu.exe | The Abi Network adware | No |
| U | NNSvc | nnsvc.exe | Net Nanny internet filter | No |
| X | No Credit Card | plugin-[random].exe | Adult content pop-up dialler | No |
| U | No-IP DUC | DUC20.exe | Part of http://www.no-ip.com provided service. Keeps No-IP's dynamic nameserver (DNS) updated if and when your computer's (network's) dynamic IP-address changes so that you can run servers on computers with dynamic IP. Shortcut available | No |
| U | NoAds | NoAds.exe | Blocks advertisement banners in Internet Explorer | No |
| X | NoAdware | NoAdware.exe | NoAdware - spyware remover. This version is not recommended - see here | No |
| U | NoAdware3 | NoAdware3.exe | NoAdware - spyware remover. Initially not recommended due to false positives and aggressive advertising but the later versions have since improved - see here | No |
| U | NoAdware4 | NoAdware4.exe | NoAdware - spyware remover. Initially not recommended due to false positives and aggressive advertising but the later versions have since improved - see here | No |
| X | Nocana | [path to worm] | Added by the ANACON-B WORM! | No |
| X | NoCompromaat | GDC.exe | NoCompromaat Dutch rogue privacy tool - not recommended. A member of the PCPrivacyTool family | No |
| X | Nod23 Service | nod23.exe | Added by the RBOT-GMK WORM! | No |
| X | Nod29 Service | nodwr.exe | Added by a variant of the RBOT WORM! | No |
| X | NOD32 FiX | regedt32.exe | NodFix is a is a potentially unwanted application. This application is given an (X) status because we does not and will not support Cracks or Warez. Do not delete the regedt32.exe as it is the legitimate Windows application. NodFix interferes with the default settings of the NOD32 AV application allowing to bypass its free using period as well as changes the default update server to that eval signatures thus allowing to update NOD32 without password. Note - to avoid interfering with the NOD32 application original settings no full cleanup can be provided | No |
| X | Nod32 Free antivirus | nod32krn.exe | Added by the RBOT-AAO WORM! Note - not the popular free NOD32 antivirus software, which shares the same filename | No |
| X | Nod32 Runtime | sysregi.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Nod32 Service | nod64.exe | Added by the RBOT.ESJ WORM! | No |
| X | Nod32 Service | alserv32.exe | Added by the RBOT.DHN WORM! | No |
| X | Nod32 Service | AutoUpdateWin32.exe | Added by the SDBOT-DJG WORM! | No |
| X | Nod32 Service | nod6.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| U | Nod32CC | nod32cc.exe | Control Center part of Eset's NOD32 virus-scanner. Leave this enabled if you want to update your virus data files via the click of a button | No |
| Y | NOD32kernel | Nod32krn.exe | NOD32 antivirus | No |
| Y | nod32kui | nod32kui.exe | NOD32 antivirus | No |
| Y | NOD32POP3 | Pop3scan.exe | POP3 E-mail part of Eset's NOD32 virus-scanner | No |
| X | Nod3d2 Free antivirus | N0D32KRN.EXE | Added by the RBOT-ABQ WORM! | No |
| ? | NodeMnger | Nodemngr.exe | Part of the Dell OpenManage Client installation - to allow Dell representatives to remote logon? | No |
| X | NoDNS | NoDNS.exe | Added by the CLICKER.WI TROJAN! | No |
| X | nodriver | AUEKXRZ.EXE | Added by a variant of the SPYBOT WORM! | No |
| X | NOFIIN.EXE | NOFIIN.EXE | Added by the HAXDOOR-DP TROJAN! | No |
| X | Noha | aasd.exe | PurityScan adware | No |
| X | Nokia Check | nokiacheck.exe | Added by the RBOT.CDC WORM! | No |
| N | Nokia Connection Monitor | NclConf.exe | Monitors the infrared port, the serial ports and the Bluetooth for a Nokia phone connection. It is installed by the Nokia PC Suite (and Nokia PC Connectivity SDK), and the tray icon shows if a phone has been connected. If you have a conflict with another program, such as TV tuner card remote control monitor, you can disable it, and run only when needed. Available via a desktop shortcut or Start -> Programs - not required | No |
| N | Nokia FastStart | NokiaMusic.exe | Part of the Nokia Music music manager. "With Nokia Music, you can play music, discover and buy new music, transfer music between your compatible PC and your compatible Nokia mobile devices, and rip and burn audio CDs". If enabled, this entry will reduce the time taken for Nokia Music to run by a few seconds for the first time after Windows has loaded | Yes |
| U | Nokia M Platform | NokiaMServer.exe | Part of the Nokia Music music manager, Nokia Photos photo and video manager or Nokia Ovi Suite mobile device manager. It's exact purpose isn't currently known but based upon the command it may be used to watch for any new file types that have been associated with Nokia Music, Nokia Photos or Nokia Ovi Suite | Yes |
| N | Nokia Music | NokiaMusic.exe | Part of the Nokia Music music manager. "With Nokia Music, you can play music, discover and buy new music, transfer music between your compatible PC and your compatible Nokia mobile devices, and rip and burn audio CDs". If enabled, this entry will reduce the time taken for Nokia Music to run by a few seconds for the first time after Windows has loaded | Yes |
| N | Nokia Ovi Suite | NokiaOviSuite.exe | Nokia Ovi Suite for managing Nokia mobile devices - "gives you an easy access to the contents of your Nokia device. Transfer files and information effortlessly between your device and your computer, and experience a new way of browsing your photos, videos and music. Furthermore, you can share photos quickly and safely through the Share on Ovi service" | Yes |
| Y | Nokia PC Suite | DataLayer.exe | Part of Nokia PC Suite version 5 - which "is a free PC software product that allows you to connect your Nokia device to a PC and access mobile content as if the device and the PC were one." Required by the Nokia status/connection monitor (NclTray.exe) | Yes |
| N | Nokia PC Sync | PCSync2.exe | System Tray access to Nokia PC Sync - which "allows you to synchronise contacts, calendar/to-do items, notes, and e-mails between a Nokia mobile phone and your PC Personal Information Manager (PIM)." Available via the main Nokia PC Suite interface | Yes |
| Y | Nokia Software Updater | nsu_ui_client.exe | Utility that only runs once after installing the Nokia Software Updater which is used to update the operating system (or firmware) for selected Nokia mobile devices | Yes |
| N | Nokia Status Monitor | NclTray.exe | Part of Nokia PC Suite version 5 - which "is a free PC software product that allows you to connect your Nokia device to a PC and access mobile content as if the device and the PC were one." Monitors ports to see if a phone has been connected and provides System Tray access to the Connection Manager (and other PC Suite components if a phone is connected). Available via the Control Panel as "Nokia Connection Manager" | Yes |
| N | Nokia Tray Application | NclTray.exe | Part of Nokia PC Suite version 5 - which "is a free PC software product that allows you to connect your Nokia device to a PC and access mobile content as if the device and the PC were one." Monitors ports to see if a phone has been connected and provides System Tray access to the Connection Manager (and other PC Suite components if a phone is connected). Available via the Control Panel as "Nokia Connection Manager" | Yes |
| N | Nokia.PCSync | PCSync2.exe | System Tray access to Nokia PC Sync - which "allows you to synchronise contacts, calendar/to-do items, notes, and e-mails between a Nokia mobile phone and your PC Personal Information Manager (PIM)." Available via the main Nokia PC Suite interface | Yes |
| U | NokiaMServer | NokiaMServer.exe | Part of the Nokia Music music manager, Nokia Photos photo and video manager or Nokia Ovi Suite mobile device manager. It's exact purpose isn't currently known but based upon the command it may be used to watch for any new file types that have been associated with Nokia Music, Nokia Photos or Nokia Ovi Suite | Yes |
| N | NokiaMusic | NokiaMusic.exe | Part of the Nokia Music music manager. "With Nokia Music, you can play music, discover and buy new music, transfer music between your compatible PC and your compatible Nokia mobile devices, and rip and burn audio CDs". If enabled, this entry will reduce the time taken for Nokia Music to run by a few seconds for the first time after Windows has loaded | Yes |
| N | NokiaOviSuite | NokiaOviSuite.exe | Nokia Ovi Suite for managing Nokia mobile devices - "gives you an easy access to the contents of your Nokia device. Transfer files and information effortlessly between your device and your computer, and experience a new way of browsing your photos, videos and music. Furthermore, you can share photos quickly and safely through the Share on Ovi service" | Yes |
| N | NokiaOviSuite.exe | NokiaOviSuite.exe | Nokia Ovi Suite for managing Nokia mobile devices - "gives you an easy access to the contents of your Nokia device. Transfer files and information effortlessly between your device and your computer, and experience a new way of browsing your photos, videos and music. Furthermore, you can share photos quickly and safely through the Share on Ovi service" | Yes |
| N | NokiaPCSuiteTray | LaunchApplication.exe | System Tray access to Nokia PC Suite - which "is a free PC software product that allows you to connect your Nokia device to a PC and access mobile content as if the device and the PC were one." This allows you (amongst other options) to backup your devices contents to your PC, use it to connect to the internet, transfer files and synchronize contacts, etc. Available from the start menu | Yes |
| N | NokiaPCSyncTray | PCSync.exe | System Tray access to Nokia PC Sync - which "allows you to synchronise contacts, calendar/to-do items, notes, and e-mails between a Nokia mobile phone and your PC Personal Information Manager (PIM)." Available via the main Nokia PC Suite interface | Yes |
| U | NokKernel install | Nok_install.exe | Installer for the NokNet Workstation Monitor surveillance software. Uninstall this software unless you put it there yourself | No |
| U | NOMAD Detector | ctnmrun.exe | Detects the Creative NOMAD jukebox/MP3 player at the time it is attached to USB and starts the needed application (Creative PlayCentre 2) that you use to copy MP3 files to and from it. This is required if you want PlayCentre 2 to take control of the NOMAD once connected | No |
| N | NomdCheck | nomdchek.exe | Part of Intel's Native Audio | No |
| U | nomtray | nomtray.exe | System Tray access to NetMotion Wireless options - including connectivity status (see here) | No |
| X | none | pmsngr.exe | Added by the ZLOB.MEDIA-CODEC TROJAN! This purports to be a Windows Media Player upgrade (with names such as "iCodecPack", "X Password Manager" and "Media-Codec") to allow the user to view adult oriented videos on certain websites - but actually downloads and installs additional malware on the user's machine. Various directories and filenames are used - see the link for details. The most popular for this example appears to be "Video ActiveX Object" | No |
| N | Nonoh | Nonoh.exe | Nonoh - free internet telephony utility using the VoIP (Voice over Internet Protocol). Call online friends for free and regular phones either for free (limited use) or low rates. One of a number provided by Betamax - the others generally have different rate plans. Similar to the more popular Skype | Yes |
| X | NoooH | sys.exe | Added by the ALNUH WORM! | No |
| X | NOPDBS | NOPDBS.exe | Added by the BANCBAN-AS TROJAN! | No |
| X | Nord | nordsys.exe | Added by the DREF-S WORM! | No |
| X | NordBull | msa.exe | Added by the DLOADR-CSV TROJAN! | No |
| X | Norman Worl System Ability | nwcss32.exe | Added by the DELF.IO TROJAN! | No |
| U | Norman ZANDA | ZLH.EXE | System Tray icon for Norman Antivirus | No |
| X | NortE Antivirus | norte.exe | Added by the RBOT.BQQ WORM! | No |
| X | NortE Antivirus | norten.exe | Added by the RBOT-AFF WORM! | No |
| X | norten Software Intrenet | norten.pif | Added by the RBOT-AWA WORM! | No |
| X | Norton Antiviral Scanner | navscnr.exe | Added by the DELBOT-K WORM! | No |
| X | Norton Antivirus | nortonav.exe | Added by the RBOT-AYE TROJAN! Note - this is not the real Norton AV! | No |
| X | Norton Antivirus 2004 | SYMANTECAV2.EXE | Added by the SPYBOT-DY WORM! Note - this is not the real Norton AV! | No |
| X | Norton Antivirus 7.0a | [path to file] | Added by the PERDA-B or RANCK-CT TROJANS! | No |
| X | Norton Antivirus AV | FVProtect.exe | Added by the NETSKY.P WORM! Note - this is not the popular AV software! | No |
| X | Norton AntiVirus Sys | NAVsys32.exe | Added by a variant of the WOOTBOT WORM! | No |
| X | Norton Antivirus Updater | nortonav.exe | Added by the DELBOT-T WORM! Note - this is not the real Norton AV! | No |
| X | Norton Auto Protect | nava.exe | Added by an unidentified WORM or TROJAN! | No |
| X | Norton Auto Protect | crss32.exe | Added by the SDBOT.ATF WORM! | No |
| Y | Norton Auto-Protect | navapw32.exe | Norton Anti-Virus's background scanning process | No |
| X | Norton Auto-Protect | ccApp.exe | Added by the AKHER.D WORM! Note - for the valid Norton AV entry the filename is "navapexe". This is also not the valid Norton AV file with the same filename | No |
| X | Norton Auto-Protect | SERVICES.exe | Added by the AHKER.B WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%. Also, this is not part of Norton AV | No |
| X | Norton Auto-Protect | ffbaqe.exe | Added by the SLINBOT.RF BACKDOOR! Note - this is not a valid Norton product | No |
| ? | Norton AV Preload | Premend.exe | Norton Antivirus related. What does it do and is it required | No |
| X | Norton AV Protection Startup | Ati2xxx.exe | Added by a variant of the RBOT WORM! | No |
| N | Norton Crashguard Monitor | cgmenu.exe | Troublesome program that doesn't actually work with WinME so Norton removed it from SystemWorks 2001 | No |
| N | Norton Disk Doctor | Ndd32.exe | Norton Disk Doctor from Norton Utilities. Automatically runs at start-up, checking for disk errors. Better than ScanDisk but can be started manually via Start -> Programs. Delete the shortcut in the Start -> Programs -> Startup folder as well | No |
| X | Norton Drive Protection | msdt32.exe | Added by the FORBOT-GB WORM! Note - this not a valid Norton program! | No |
| Y | Norton eMail Protect | POPROXY.EXE | Proxy E-mail protection from Norton Anti-Virus (prior to 2002). If you have it installed, leave it enabled to automatically check for suspect attachments in E-mails that may contain viruses. It downloads the E-mail into poproxy, which serves as a proxy server on the local machine, before scanning it | No |
| X | Norton Firewall | [path to trojan] | Added by the BANKER-ET TROJAN! | No |
| N | Norton Ghost 10.0 | GhostTray.exe | Norton Ghost tray icon - the application can be launched manually | No |
| N | Norton Ghost 9.0 | GhostTray.exe | Norton Ghost tray icon - the application can be launched manually | No |
| X | Norton GProtect | ngrfn.exe | Added by a variant of the RBOT WORM! | No |
| X | Norton Guard 32 | ntguard32.exe | Added by a variant of the RBOT WORM! | No |
| X | Norton Live Update Server | cpsdv.exe | Added by the AGOBOT.EW TROJAN! | No |
| X | Norton Live Updater | Cavapsvc.exe | Added by the GAOBOT.AO WORM! | No |
| X | Norton Live Updater | Sochost.exe | Added by the GAOBOT.AO WORM! | No |
| X | Norton Live Updater | Avapsvc.exe | Added by the AGOBOT-BG BACKDOOR! | No |
| N | Norton Navigator Loader | nnloader.exe | An older Norton utility for file management under Windows 95. More information here | No |
| X | Norton Personal Firewall | jah.exe | Added by a variant of the SDBOT WORM! | No |
| X | Norton Personal Firewall | npfw.exe | Added by the RBOT-UI WORM! | No |
| X | Norton Personal Firewall | lah.exe | Added by a variant of the RBOT WORM! | No |
| X | Norton Personal Firewall | npfw32.exe | Added by the RBOT-UQ WORM! | No |
| Y | Norton Personal Firewall | IntroWiz.exe | Part of Norton Personal Firewall or Norton Internet Security | No |
| X | Norton Personal Firewall | winmpts.exe | Added by the RBOT.ANT WORM! | No |
| U | Norton Program Scheduler | nsched32.exe | Installed on a Windows system where the Windows Task Scheduler isn't used as part of the OS (Win95, WinNT(?), Win2K(?)) to schedule automatic tasks such as Norton Anti-Virus scans | No |
| U | Norton Program Scheduler | NPSsvc.exe | Installed on a Windows system where the Windows Task Scheduler isn't used as part of the OS (Win95, WinNT(?), Win2K(?)) to schedule automatic tasks such as Norton Anti-Virus scans | No |
| ? | Norton Program Scheduler Event Checker | npscheck.exe | Part of Norton Anti-Virus. What does it do? Apparently it can safely be disabled without causing problems. Can also be listed as NPS Event Checker | No |
| X | Norton Protect | npprotect.exe | Added by the RBOT-WW WORM! | No |
| X | Norton protect | nvsvc.exe | Added by a variant of the RBOT WORM! | No |
| X | Norton Protect Activies | csrss.exe | Added by the BANKER-CZ TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "D5133" subfolder | No |
| X | Norton Service Driver | wsul.exe | Added by the RBOT-ABI WORM! | No |
| X | Norton Service Process | navapvc.exe | Added by a variant of the AGOBOT/GAOBOT WORM! | No |
| X | Norton SpySweeper AutoUpdate | navsw.exe | Added by the FORBOT-AS WORM! | No |
| X | Norton Start | ccStart.exe | Added by the SDBOT-OX WORM! | No |
| X | Norton System | csrs.scr | Added by the BANLOA-AFM TROJAN! | No |
| N | Norton System Doctor | Sysdoc32.exe | Norton Disk Doctor from Norton Utilities. Automatically runs at start-up, major resource hog and best started manually form Start -> Programs. Delete the shortcut in the Start -> Programs -> Startup folder as well | No |
| N | Norton SystemWorks | cfgwiz.exe | Norton System Works configuration wizard. Reportedly a resource hog. Many users find they can live without loading it | No |
| X | Norton Update | ccUpdate.exe | Added by a variant of the AGOBOT/GAOBOT WORM! | No |
| X | Norton Update | winsvc.exe | Added by the AGOBOT.ALP WORM! | No |
| X | Norton Update | cUpdate.exe | Added by the AGOBOT.APP WORM! | No |
| X | Norton updated | NVSV32.EXE | Added by the SDBOT.ABH WORM! | No |
| X | Norton Updater | winset.exe | Added by a variant of the SPYBOT WORM! | No |
| X | Norton Updater | lsa.exe | Added by a variant of the RBOT WORM! | No |
| X | Norton Updater | NortonUpdate.exe | Added by an unidentified WORM or TROJAN! | No |
| X | Norton Updater | ccUpdate.exe | Added by a variant of the AGOBOT/GAOBOT WORM! | No |
| X | Norton Updater | navupdtr.exe | Added by the SDBOT.AXV WORM! | No |
| X | Norton Wizzard | nwiz.exe | Added by the GAOBOT.ADV WORM! Note - this is not the valid nVidia application that shares the same name | No |
| X | norton32 | norton32.exe | Added by an unidentified VIRUS, WORM or TROJAN! | No |
| X | NortonAntivirus | LSASS.exe | Added by the PEXMOR WORM! Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\Temp | No |
| X | NortonAV | norton_antivirus.exe | Added by the NETJOE TROJAN! Note - this is not the legitimate Symantec AV program | No |
| X | nortonav | CCUPD32.EXE | Added by an unidentified WORM or TROJAN! | No |
| X | nortonp | nortonp.exe | Added by the JD-A TROJAN! | No |
| X | Nortons AV SYSTEM | scvchost.exe | Added by a variant of the RBOT WORM! | No |
| X | Nortons AVS Systems | arse.exe | Added by the RBOT.AWY WORM! | No |
| X | nortonsantivirus | ccEvtMngr.exe | Added by the HZDOOR-A TROJAN! | No |
| X | NortonVPlus | svchost.exe | Added by the ROAMER-A TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! | No |
| X | noskrnl | noskrnl.exe | Added by the PEACOMM.D TROJAN! | No |
| U | Notebook Maximizer | maximizer_startup.exe | Toshiba Notebook Maximizer software - adjust settings to save battery power and increase efficiency | No |
| U | NotebookHardwareControl | nhc.exe | "With Notebook Hardware Control you can easily control the hardware components of your Notebook" | No |
| ? | NotebookManager | nbm.exe | Associated with Acer notebook PCs. What does it do and is it required? | No |
| N | NoteBurner | VTBurnerGUI.exe | NoteBurner from NoteBurner Inc. - "a versatile music converter that can be used as MP3 music converter, AAC audio converter, WAV to MP3 converter, M4A to MP3 converter, and RM to MP3 converter" | No |
| X | NotePad | [worm filename] | Added by the SILLYFDC-G WORM! | No |
| X | Notepad | ntoepad.exe | Added by the DELBOT-AK WORM! | No |
| X | Notepad lptt01 | notepad.exe | RapidBlaster variant (in a "Notepad" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here. Note - this is not Windows Notepad which has the same executable name | No |
| X | Notepad ml097e | notepad.exe | RapidBlaster variant (in a "Notepad" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here. Note - this is not Windows Notepad which has the same executable name | No |
| X | notepad.exe | upx.exe | Added by a variant of the AGENT.AH TROJAN! | No |
| X | notepad.exe | msmsgs.exe | Added by the ZLOB TROJAN and variants! Note - this particular msmsgs.exe file is located in %System% and should not be mistaken for the MSN Messenger file of the same name which is located in %Program Files%\Messenger | No |
| X | notepad2.exe | popuper.exe | Added by the PUPER-E TROJAN! | No |
| X | notes | notepaad.exe | Added by the RBOT.BME WORM! | No |
| U | NoticeP.exe | NoticeP.exe | Part of iSync which allows "you to transfer songs from any music downloading software to your iTunes® library". The trial version displays advertisements which disappear if you purchase the software | No |
| X | Notification Utility | altpayV2.exe | AltPay adware | No |
| X | Notn | Eber.exe | PurityScan adware | No |
| X | Notn | wtta.exe | PurityScan adware | No |
| U | NovaBackup * Tray Control | NbkCtrl.exe | Scheduling engine of NovaSTOR Backup Service. Only required if scheduling is enabled and wanted - see here. * represents the version number | No |
| ? | NovaPortal Single User Service | NPSU.exe | ?? | No |
| U | NovastorSchedulerd | SCHENGD.EXE | NovaStor NovaBACKUP Scheduler - back-up utility. If you don't have regularly scheduled back-ups you don't need it | No |
| X | novsvida.exe | novsvida.exe | GlobalAccess dialer | No |
| X | NoWayVirus | pgs.exe | NoWayVirus rogue security software - not recommended. A member of the AVSystemCare family | No |
| N | Nowe Gadu-Gadu | gg.exe | Polish language Instant Messaging client | No |
| X | NOYPI_KANG_ASTIG | Exit to DosPrompt.pif | Added by the FILUKIN.A WORM! | No |
| X | np | upnp.exe | Added by the YABE.AE TROJAN! | No |
| U | NPDTray | NPDTray.exe | System Tray access to Presentation Director for IBM/Lenovo Thinkpad notebooks - which allows you to create and quickly select between various single and mulitple display options. Scheme selection and settings are also available via Fn+F7 key combination on some models | Yes |
| X | NPF Value | NPFMONTR.exe | Added by the RBOT-AWD WORM! | No |
| ? | NPFMonitor | NPFMntor.exe | Norton AntiVirus Firewall Install Monitor. What does it do and is it required? | No |
| X | npkmnc | npkmnc.exe | WebVia adware | No |
| U | NPROTECT | nprotect.exe | Norton Protected Recycle Bin from Norton Utilities. Adds an extra layer of safety before you remove deleted files from the Recycled Bin. Can be listed twice which is valid | No |
| ? | NPS Event Checker | npscheck.exe | Part of Norton Anti-Virus. What does it do? Apparently it can safely be disabled without causing problems. Can also be listed as Norton Program Scheduler Event Checker | No |
| X | NS | ns.exe | Added by the AGOBOT-HS WORM! | No |
| X | NSCheck | NSCHECK.EXE | MarketScore parasite - ActiveX control used to download premium-rate dialers | No |
| X | nscntrl | nscntrl.exe | Added by the DLOAD-DC TROJAN! | No |
| X | nsdcmd services | nsdcmdav.exe | Added by a variant of the AGOBOT/GAOBOT WORM! | No |
| X | nsdcmd vid process | nsdcmdwin.exe | Added by a variant of the AGOBOT/GAOBOT WORM! | No |
| X | nsdlua | nsdlua.exe | All-In-One Telcom - adult content dialler | No |
| X | nsdriver | nssys32.exe | NetShagg adware | No |
| X | nse | nse.exe | Added by the AGOBOT-ML WORM! | No |
| U | Nsengine | Nsengine.exe | Scheduling engine of NovaSTOR Backup Service. Only required if scheduling is enabled and wanted - see here | No |
| U | NSHelper | aexnsinstallhelper.exe | Altiris Express Notification Server Install helper - monitors integrity of the installation | No |
| U | NSK | NSK.exe | Ardakey keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| U | NSRKey | NSRTray.exe | System Tray access to Norton Save & Restore backup utility | No |
| X | nssysconf | [random filename] | Added by the VIVIA.A TROJAN! | No |
| X | nstat | netstat.exe | Adult content dialler | No |
| X | NSupdate | NSupdate.exe | Added by the Dial/Laet-B premium rate dialer! | No |
| Y | nsu_ui_client | nsu_ui_client.exe | Utility that only runs once after installing the Nokia Software Updater which is used to update the operating system (or firmware) for selected Nokia mobile devices | Yes |
| Y | nsu_ui_client.exe | nsu_ui_client.exe | Utility that only runs once after installing the Nokia Software Updater which is used to update the operating system (or firmware) for selected Nokia mobile devices | Yes |
| X | Nsv | nsvsvc.exe | Delfin Promulgate adware | No |
| X | nsvcin | n20050308.exe | Delfin Media Viewer adware related | No |
| X | Nsvdr | nsvdr.exe | Adult content dialler | No |
| U | nsys | nsys.exe | NetSpy keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| X | nsys32 | nsys32.exe | Added by the AGOBOT-SU WORM! | No |
| N | NSystemMonitor | Symmon.exe | Norton Uninstall Deluxe - monitors programs being installed and logs them for removing later. Available via Start -> Programs for manual logging | No |
| N | NT Kernel Patch | ntkrnlpt.exe | FaxServe network fax software | No |
| X | NT LM Security Support Provider | WinNTLM.exe | Added by a variant of the SDBOT WORM! | No |
| X | NT Logging Service | Syslog32.exe | Added by the DONK.B WORM and variants! | No |
| X | NT MICROSOFT SVCD | ntvsvcd.exe | Added by a variant of the RBOT WORM! | No |
| X | NT Printing Service | spoolsc.exe | Added by the BUZUS-K WORM! | No |
| X | NT Printing Service | chkdsks.exe | Added by the ARCHIVARIUS series of WORMS! | No |
| X | NT Printing Service | chkdskss.exe | Added by the ARCHIVARIUS series of WORMS! | No |
| X | NT Printing Services | chkdsks.exe | Added by the BUZUS-M TROJAN! | No |
| X | NT security | rundll32.com | Added by the RBOT-AJC WORM! | No |
| X | NT Service | NTOKSRNL.EXE | Added by the RBOT-AAG WORM! | No |
| X | NT Services | ntsvc.exe | Added by the AGOBOT.VJ WORM! | No |
| X | Nt System Protocol | ntsystem.exe | Added by the RBOT.DSB TROJAN! | No |
| X | NT Virtual Machine | [path to file] | Added by the SCAERBOT-A WORM! | No |
| X | NT Windows System Manager Loader | csrlss.exe | Added by the AGOBOT.OX WORM! | No |
| X | Nt**.exe [* = random char] | Nt**.exe [* = random char] | CoolWebSearch/HomeSearch adware - for examples, see this log | No |
| X | Nt**32.exe [* = random char] | Nt**32.exe [* = random char] | CoolWebSearch/HomeSearch adware - for examples, see this log | No |
| X | NT-Virtual Device Manager | ntvdmn.exe | Added by the SDBOT-AAA WORM! | No |
| X | Ntcheck | mapserver.exe | Added by the TOMPAI-B WORM! | No |
| X | NTCommLib3 | [path to trojan] | Added by the AGENT-AXB TROJAN! | No |
| X | ntddetect | ntddetect.exe | Added by the AGENT-CU TROJAN! | No |
| X | NTdhcp | NTdhcp.exe | Added by the QQROB-C TROJAN! | No |
| X | NTdhcp | CiKewl.exe | Added by the QQROB-N TROJAN! | No |
| X | ntdll | ntdll.exe | Added by the BIONET.404 TROJAN! | No |
| X | ntdll.dll | TrustCleaner.exe | Smitfraud variant | No |
| X | NTDLM | csrss.exe | Added by the HALE TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "Qossrv" subfolder | No |
| X | Ntech.patchs | [trojan filename] | Added by the LEMIR.G TROJAN! | No |
| X | ntechin | n20050308.exe | Delfin Media Viewer adware related | No |
| X | nternet Explorer | iexplore.exe | Added by the FORBOT-CT WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System% | No |
| X | NTFS16 | ntfs16.exe | Added by the RBOT-LY WORM! | No |
| Y | NTFSCLUP | NTFSCLUP.EXE | Part of ConfigSafe- "checks if an ntfssos restore has been performed since it was last run. It exits immediately after running. 99+% of the time it will only execute about a dozen instructions before exiting" | No |
| X | ntfsmonitorpro | ntfs64.exe | Added by the FORBOT-EB WORM! | No |
| X | NTFSS Microsoft System | filees.exe | Added by the RBOT.GAB WORM! | No |
| X | NTFSS MICROSOFT SYSTEM | filess.exe | Added by the RBOT.AXZ WORM! | No |
| X | ntfyapp | ntfyapp.exe | Added by the ZHELATIN WORM! | No |
| U | NTI Backup NOW! Scheduler | Schdlr32.exe | Scheduled backups for the NTI Backup Now archiving utility. If a backup job has been scheduled, this entry places an icon in the System Tray and will automatically load the main program and execute the backup at the set time - as long as the backup media is present | Yes |
| Y | ntl Netguard | RPS.exe | ntl Netguard - anti-virus a package of services, specifically designed to keep you safe and secure with their ntlworld online services | No |
| X | ntldr | ntldr.exe | Browser hijacker re-directing to search-control.com. In addition to the registry changes found by HijackThis it also creates the following system files: %System%\ntldr.exe, C:\m.exe, %Windir%\Search-For-You.url, C:\n.bat, C:\q.exe and C:\r.bat | No |
| N | ntlfreedom | rundll32 [path] RyDial.dll, QuickStart | NTL Freedom dial-up ISP software - not required | No |
| X | NTmessageSystem | loadnewmessage.exe | Added by the HIDAGENT-B WORM! | No |
| X | ntmsevt | ntmsevt.exe | Added by the STOPED-B TROJAN | No |
| X | NTP Server | [path to trojan] | Added by the RANKY.F TROJAN! | No |
| Y | nTrayFw | ntrayfw.exe | System Tray access to the the NVIDIA ActiveArmor hardware-optimized firewall built into some older nForce 3 and 4 series motherboard chipsets | No |
| N | NTrtc | ntrtc.exe | Dell year 2000 tool to deal with non-standard applications. Only required on older Dell PCs that may need this support | No |
| X | NTSet32 | services.exe | Added by the WINSPY-C TROJAN! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\dll32 | No |
| X | NTSF Microsoft System | fylez.exe | Added by a variant of the RBOT WORM! | No |
| X | NTSF MICROSOFT SYSTEM | wntsf.exe | Added by the RBOT.ATC WORM! | No |
| X | NTSF MICROSOFT SYSTEM | fufffy.exe | Added by the RBOT-AEL WORM! | No |
| X | NTSF MICROSOFT SYSTEM | ntssf.exe | Added by a variant of the RBOT WORM! | No |
| X | NTSF MICROSOFT SYSTEM | scvhost.exe | Added by a variant of the RBOT WORM! | No |
| X | NTSF MICROSOFT SYSTEM | winsis32.exe | Added by a variant of the RBOT WORM! | No |
| X | NTSF MICROSOFT SYSTEM | marya.exe | Added by the RBOT-AXY WORM! | No |
| X | NTSF MICROSOFT SYSTEM | sysman.exe | Added by the RBOT.EDP WORM! | No |
| X | ntsmod | ntsmod.exe | Adware downloader/installer, probably VX2/Look2Me related - also detected as the WIN32.VB.RL TROJAN! | No |
| X | NTsocket | NoeWinnt.exe | Added by the ATAKA-E TROJAN! | No |
| X | NTSpool | NTSpool.exe | Added by the AGENT-GPY TROJAN! | No |
| X | NTsrv.exe | NTsrv.exe | Added by a variant of the SERVU-O TROJAN! | No |
| X | Ntsysv | ntsysv.exe | Added by the MIFENG-E TROJAN! | No |
| U | nTune | nTune.exe | Older version of the NVIDIA nTune utilty for monitoring and modifying the settings (such as temperatures, voltages, clocks and fan speeds) of NVIDIA based motherboards and graphics cards from within Windows. Now part of NVIDIA System Tools | No |
| U | nTuneCmd | nTuneCmd.exe | Now part of NVIDIA System Tools under the "Peformance" tag. NVIDIA nTune is utilty for monitoring and modifying the settings (such as temperatures, voltages, clocks and fan speeds) of NVIDIA based motherboards and graphics cards from within Windows. Until version 6.01 (when System Tools was released) graphics settings weren't retained in a profile but now they are. From version 6.05, nTuneCmd is no longer loaded via the registry "Run" keys but instead runs via the Performance Service (nTuneService.exe) | Yes |
| X | ntupd32 | ntupd32.exe | Unidentified malware - see here | No |
| X | ntupdate | dnsvc.exe | Added by the SDBOT-TC WORM! | No |
| X | NTupdater | [path to trojan] | Added by the DIGARIX-D TROJAN! | No |
| X | ntuser | ctfmun.exe | Added by the SILLYFDC WORM! | No |
| X | ntuser | ntuser.exe | Added by the SMALL!SD5 TROJAN! | No |
| X | ntuser | spool.exe | Added by the DLOADER.DYA TROJAN! | No |
| X | ntuser | spools.exe | Added by the AGENT-GRO TROJAN! | No |
| X | ntuser | svchost.exe | Added by the POLYCRYP.DY TROJAN! | No |
| X | ntuser | ctfmon.exe | Added by the AGENT-GSG TROJAN! Note - this is not the legitimate ctfmon.exe process associated with alternate text inputs which is always located in %System%. This one is located in %UserProfile% | No |
| U | NTVDM | NTVDM.EXE | Windows NT Virtual DOS Machine (NTVDM) for running 16-bit tasks on the 32-bit OS's (Windows NT, 2K and XP). Required if hardware on a machine with these OS's needs 16-bit DOS drivers. You can find a bit more about NTVDM here | No |
| X | ntvdmd | ntvdmd.exe | Adware downloader - also detected as the DLOADER-YP TROJAN! | No |
| X | ntvdscm | ntvdscm.exe | Added by the SCKEYLOG-I TROJAN! | No |
| X | ntx32 | ntx32.exe | Added by an unidentified WORM or TROJAN! | No |
| U | NUAgentInstallPath | NU_Install.exe | Installer associated with Chily Employee Activity Monitoring surveillance software. Uninstall this software unless you put it there yourself | No |
| X | NumberOneMP3 | rundll32.exe MSA64CHK.dll,DllMostrar | MatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System% | No |
| X | Numerical Xterm Agent | 0x32.exe | Added by the RBOT-FWP WORM! | No |
| X | Numerical Xterm Agents | 2x32.exe | Added by the RBOT-FWY WORM! | No |
| X | Numerical Xtermz Agent | 1x32.exe | Added by the RBOT-FWX WORM! | No |
| U | NUSB3MON | nusb3mon.exe | Included with external USB 3.0 hard drives based upon NEC's µPD720200 controller (and maybe others in the future) such as the Western Digital My Book 3.0 range. Disabling it does not appear to cause a problem - but it may be required to achieve full USB 3.0 transfer speeds | No |
| Y | NuTCSetupEnviron | ncoeenv.exe | Used by the MKS Toolkit for Enterprise Developers product. NuTCracker is a Unix runtime environment for Windows, so disabling this would be unwise if you are using NuTCracker or any 3rd party package that is using it. Since you might not know what is actually using it it's probably best left alone | No |
| U | NuvaTime | NuvaTime.exe | NuvaTime - reminder for women using NuvaRing | No |
| X | NvagNT | nvagNT.exe | Added by the AGOBOT-RV WORM! | No |
| X | nvc Win32 | nvcvc.exe | Added by the RBOT-ADD WORM! | No |
| X | NvCCCpl | NvCCCpl.exe | Added by the NOGATA-A TROJAN! | No |
| X | nvchost | winlogon.exe | Added by the KLONE-J TROJAN! Note - this is not the legitimate winlogon.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | NvClipRsv | svchost.exe | Added by the DUMARU-K WORM! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | NvClipRsv | swchost.exe | Added by the DUMARU-AK WORM! | No |
| ? | NVCLOCK | rundll32 nvclock.dll, fnNvclock | Overclocking utility for nVidia based graphics cards? | No |
| X | nvcoi | nvcoi.exe | Added by the DLOADER.TYO TROJAN! | No |
| ? | NvColorInit | rundll32.exe NvQtwk.dll, NvColorInit | Associated with Nvidia based graphics cards | No |
| X | NVCOM | NVCOM.exe | Added by the AGOBOT-SB WORM! | No |
| X | NvCp1Do | [path to trojan] | Added by the DWNLDR-GWE TROJAN! The most common filename seen is "smss.exe" - which is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! | No |
| U | NvCpl | RUNDLL32.EXE NvCpl.dll,NvStartup | If you use a utility (such as RivaTuner) to overclock any of the default display settings (system clock, memory clock, etc) for NVIDIA based graphics chipsets and want to apply these new settings at startup then this entry will maintain these. Leaving this entry enabled doesn't appear to have an impact on startup time. Not required if you use default settings and if you disable this entry you may also have to disable the associated "NVIDIA Display Driver Service" or "NVIDIA Driver Helper Service". Included with drivers since late 2002 | Yes |
| X | NvCpl | NvCpl.EXE | Added by the YANZ.B WORM! | No |
| X | NvCpl | [random filename] | Added by the AGOBOT-APJ WORM! | No |
| X | NvCpl | windowsp.exe | Added by a variant of the SDBOT WORM! | No |
| X | NvCpl | rundl32.exe | Added by the AGOBOT-TO WORM! Note - the valid version of this entry has the command line as "rundll32.exe NvCpl.dll,NvStartup" | No |
| X | NvCPL32 | nvcpl32.exe | Added by the AGOBOT.DAA WORM! | No |
| X | NvCpl32Deamon | nvcpl.exe | Added by the SPYBOT.S WORM! | No |
| X | NvCplD | m2gr32.exe | "Switch" premium rate adult content dialler variant | No |
| X | NvCplD | ntcpl.exe | "Switch" premium rate adult content dialler variant | No |
| U | NvCplDaemon | RUNDLL32.EXE NvQTwk,NvCplDaemon | Installed with display drivers for NVIDIA based graphics cards prior to late 2002, this entry allows the System Tray icon to be displayed - which gives access to (amongst others) the display settings (such as Antialiasing, OpenGL, Direct3D and colour) and Desktop Manager (nView). If you don't change display settings very often then this is not required and settings can be changed manually via display properties | Yes |
| U | NvCplDaemon | RUNDLL32.EXE NvCpl.dll,NvStartup | If you use a utility (such as RivaTuner) to overclock any of the default display settings (system clock, memory clock, etc) for NVIDIA based graphics chipsets and want to apply these new settings at startup then this entry will maintain these. Leaving this entry enabled doesn't appear to have an impact on startup time. Not required if you use default settings and if you disable this entry you may also have to disable the associated "NVIDIA Display Driver Service" or "NVIDIA Driver Helper Service". Included with drivers since late 2002 | Yes |
| X | NvCplDaemon | msmsgrs.exe | Added by the DLOADER-YI TROJAN! | No |
| X | NvCplDaemon | Xplorer.exe | Added by the ORBINA-A WORM! | No |
| X | NvCplDaemon32 | anvshell32.exe | Added by the VB-XU TROJAN! | No |
| X | NvCplDeamon | nvdisp.exe | Added by the PEEPVIE-I TROJAN! | No |
| X | NvCplDmn | NAVSVC.EXE | Added by an unidentified VIRUS, WORM or TROJAN! | No |
| X | nvcpll | nvcpll.exe | Added by the BANCBAN-PF TROJAN! | No |
| X | NvCplScan | msc32.exe | Added by the FORBOT-DD WORM! | No |
| X | NvCplScan | winasp.exe | Added by the FORBOT.BZ WORM! | No |
| X | NvCplScan | nvsc32.exe | Added by the BROPIA.N WORM! | No |
| X | NvCplScan | kav32.exe | Added by the FORBOT-EW WORM! | No |
| X | NvCplScan | netstat32.exe | Added by the SDBOT.BRL WORM! | No |
| X | NvCplScan | dllmanager.exe | Added by the FORBOT.R WORM! | No |
| X | NvCpTDaemon | wuauqmr.exe | Added by the CULT-B WORM! | No |
| X | nvctrl.exe | nvctrl.exe | Added by the ZLOB.G TROJAN! | No |
| X | nvd32 lptt01 | nvd32.exe | RapidBlaster variant (in a "nvd32" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here | No |
| X | nvd32 ml097e | nvd32.exe | RapidBlaster variant (in a "nvd32" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here | No |
| X | NVDispDrv | NVDispDRV.EXE | Added by the WINKO.AO WORM! | No |
| X | NvGraphicsInterface | [path to trojan] | Added by the BCKDR-QKI BACKDOOR! | No |
| U | NVHotkey | rundll32.exe nvHotkey.dll | Enables the use of "hot keys" for changing setting on Nvidia graphics | No |
| X | Nvid | [8 random charachters] | Unidentified adware | No |
| X | Nvid32 | Nvid32.exe | Added by the GEMA TROJAN! | No |
| X | Nvidex32 | Nvidex32.exe | Added by the GEMA TROJAN! | No |
| Y | NVIDIA ActiveArmor | ntrayfw.exe | System Tray access to the the NVIDIA ActiveArmor hardware-optimized firewall built into some older nForce 3 and 4 series motherboard chipsets | No |
| X | nVidia Application Drivers | nvidiav32.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| U | NVIDIA Compatible Windows Vista Display driver, Version * | RUNDLL32.EXE NvCpl.dll,NvStartup | If you use a utility (such as RivaTuner) to overclock any of the default display settings (system clock, memory clock, etc) for NVIDIA based graphics chipsets and want to apply these new settings at startup then this entry will maintain these. Leaving this entry enabled doesn't appear to have an impact on startup time. Not required if you use default settings and if you disable this entry you may also have to disable the associated "NVIDIA Display Driver Service" or "NVIDIA Driver Helper Service". Included with drivers since late 2002 | Yes |
| U | NVIDIA Compatible Windows7 Display driver, Version * | RUNDLL32.EXE NvCpl.dll,NvStartup | If you use a utility (such as RivaTuner) to overclock any of the default display settings (system clock, memory clock, etc) for NVIDIA based graphics chipsets and want to apply these new settings at startup then this entry will maintain these. Leaving this entry enabled doesn't appear to have an impact on startup time. Not required if you use default settings and if you disable this entry you may also have to disable the associated "NVIDIA Display Driver Service" or "NVIDIA Driver Helper Service". Included with drivers since late 2002 | Yes |
| X | Nvidia Control Daemon | nksvc32.exe | Added by an unidentified WORM or TROJAN! | No |
| X | Nvidia Control Panel | ncsvc32.exe | Added by an unidentified VIRUS, WORM or TROJAN! | No |
| X | NVIDIA Display | DisplayMonitor.exe | Added by the ABI.C WORM! Note - this is not a legitimate nVidia entry | No |
| X | nVidia Display Driver | nvsvc64.exe | Added by the IRCBOT-YK WORM! Note - this is not related to any nVidia based graphics card | No |
| X | nVidia Display Drivers (x86) | nvsys86.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | NVIDIA Driver | MSPMSPSU.EXE | Added by the WOOTBOT.Y WORM! | No |
| U | NVIDIA Driver Helper Service, Version * | RUNDLL32.EXE nvsvc.dll,nvsvcStart | Initially installed with Vista display drivers for NVIDIA based graphics cards. This entry replaced the "NVIDIA Display Driver Service" or "NVIDIA Driver Helper Service" in XP - which was used in part to maintain overclocked display settings. In a GeForce 8800GT test system this isn't the case. Disabling it caused no ill effects but it's exact purpose isn't known - hence the "U" recommendation | Yes |
| X | nVidia Drivers | nVidiaDrvers.exe | Added by the SDBOT-AFX WORM! Note - this is not related to any nVidia based motherboard or graphics card | No |
| X | NVidia Drivers | [path to trojan] | Added by the RANCK-R TROJAN! Note - this is not related to any nVidia based motherboard or graphics card | No |
| U | NVIDIA Media Center Library | RunDLL32.exe NvMCTray.dll,NvTaskbarInit | Installed with display drivers for NVIDIA based graphics cards since late 2002, this entry allows the System Tray icon to be displayed - which gives access to (amongst others) the display settings (such as Antialiasing, Rotation and Colour) and the Desktop Manager (nView). If you don't change display settings very often then this is not required and settings can be changed manually via display properties. No tray icon option is available in Vista. May be required for some 3D applications to recognize your card correctly - such as the game "Everquest" | Yes |
| N | NVIDIA nForce APU1 Utilities | NVATray.exe | nVidia's nForce Audio Processing Unit (APU)- "provides 3D positional audio and DirectX 8.0 compatibility, and encodes and decodes Dolby Digital 5.1 audio in real time" | No |
| U | NVIDIA nTune | nTune.exe | Older version of the NVIDIA nTune utilty for monitoring and modifying the settings (such as temperatures, voltages, clocks and fan speeds) of NVIDIA based motherboards and graphics cards from within Windows. Now part of NVIDIA System Tools | No |
| U | NVIDIA nTune | nTuneCmd.exe | Now part of NVIDIA System Tools under the "Peformance" tag. NVIDIA nTune is utilty for monitoring and modifying the settings (such as temperatures, voltages, clocks and fan speeds) of NVIDIA based motherboards and graphics cards from within Windows. Until version 6.01 (when System Tools was released) graphics settings weren't retained in a profile but now they are. From version 6.05, nTuneCmd is no longer loaded via the registry "Run" keys but instead runs via the Performance Service (nTuneService.exe) | Yes |
| N | NVIDIA nView Control Panel, Version * | nwiz.exe | Part of NVIDIA's NVIEW Display Management Software - included in drivers for consumer and professional graphics products. This entry runs the "NVIDIA Display Setup Wizard" if you connect (or already have connected) an additional display once the drivers have been installed. In later drivers it also loads the "nView Desktop Manager" (if you enable it via Control Panel → NVIDIA nView Desktop Manager) if you want to use features such as Hot Keys and Zoom. In both cases nwiz.exe doesn't remain in memory | No |
| X | Nvidia Startup Manager | ksvc32.exe | Added by the AGENT-IWD TROJAN! | No |
| X | nVidia System Drivers | nvsys32.exe | Added by an unidentified WORM or TROJAN! See here | No |
| U | NVIDIA System Monitor | NVMonitor.exe | NVIDIA System Monitor - part of NVIDIA System Tools. Utility for monitoring and logging system statistics (such as temperatures, voltages, clocks and fan speeds) of NVIDIA based motherboards and graphics cards | Yes |
| U | NVidia System Utility | NVSystemUtility.exe | NVidia System Utility - older version of the NVIDIA nTune utilty for monitoring and modifying the settings (such as temperatures, voltages, clocks and fan speeds) of NVIDIA based motherboards and graphics cards from within Windows. Now part of NVIDIA System Tools | No |
| X | NVIDIA Video drivers | video_32D.exe | Added by the AGOBOT.KV WORM! | No |
| X | NVIDIA Video drivers | video_32sD.exe | Added by the RBOT-BB WORM! | No |
| U | NVIDIA® NVRAID | nvraidservice.exe | Part of NVIDIA® MediaShield™ Storage - NVIDIA's management utility for creating and monitoring hard disk RAID arrays for the controllers integrated on their motherboards. Includes a Disk Alert System for troubleshooting with notifications via the System Tray. Not required if you don't have a RAID array or if you created the array at the BIOS level. Some users complain that it can report false errors | Yes |
| X | Nvidia32 | nvidia32.exe | CoolWebSearch parasite variant - also detected as the HOSTS-B TROJAN! | No |
| X | NviDiaGT | lsass.exe | Added by the AUTORUN-DV WORM! Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ~A~m~B~u~R~a~D~u~L~ subfolder | No |
| N | NvidiaQuickTweak | rundll32.exe NvQtwk.dll, NvTaskbarInit | System Tray icon used to manage settings for nVidia based graphics cards. May be required for some 3D applications to recognize your card correctly - such as the game "Everquest". Otherwise, settings can be changed manually via Display Properties | No |
| X | nvidll32 | nvidll32.exe | Added by the RBOT-XK WORM! | No |
| U | NVIEW | rundll32.exe nview.dll,nViewLoadHook | Part of NVIDIA's NVIEW Display Management Software - included in drivers for consumer and professional graphics products. In earlier drivers this entry enables the Desktop Manager and makes it's features such as multiple desktops and hot keys available to the user. Available via Control Panel → NVIDIA nView Desktop Manager | Yes |
| X | nviload32 | nviload32.exe | Added by the SDBOT-VT WORM! | No |
| N | NvInitialize | rundll32.exe NvQtwk.dll, NvXTInit | Thought to enable the clock frequency option on nVidia control panels. You can overclock without leaving this enabled | No |
| X | nvirundll | nvirundll.exe | Added by the SPYBOT.NPS WORM! | No |
| X | nvjxue | nvjxue.exe | Added by the EYEVEG-J WORM! | No |
| Y | NVmax | NVmax.exe | NVmax is a old tweaking utility for NVidia graphics cards. In the startup list if the user chooses to overclock their card | No |
| U | NVMCTRAY | RunDLL32.exe NvMCTray.dll,NvTaskbarInit | Installed with display drivers for NVIDIA based graphics cards since late 2002, this entry allows the System Tray icon to be displayed - which gives access to (amongst others) the display settings (such as Antialiasing, Rotation and Colour) and the Desktop Manager (nView). If you don't change display settings very often then this is not required and settings can be changed manually via display properties. No tray icon option is available in Vista. May be required for some 3D applications to recognize your card correctly - such as the game "Everquest" | Yes |
| U | NvMediaCenter | RunDLL32.exe NvMCTray.dll,NvTaskbarInit | Installed with display drivers for NVIDIA based graphics cards since late 2002, this entry allows the System Tray icon to be displayed - which gives access to (amongst others) the display settings (such as Antialiasing, Rotation and Colour) and the Desktop Manager (nView). If you don't change display settings very often then this is not required and settings can be changed manually via display properties. No tray icon option is available in Vista. May be required for some 3D applications to recognize your card correctly - such as the game "Everquest" | Yes |
| N | NVMixerTray | NVMixerTray.exe | System Tray access to audio controls from nVidia's motherboard ForceWare software | No |
| U | NVMonitor | NVMonitor.exe | NVIDIA System Monitor - part of NVIDIA System Tools. Utility for monitoring and logging system statistics (such as temperatures, voltages, clocks and fan speeds) of NVIDIA based motherboards and graphics cards | Yes |
| X | nvmsgdwn | NVMSGDWN.EXE | Added by the GRABER-D TROJAN! | No |
| X | NvMsnW | Isass.exe | Added by the BROPIA.K WORM! | No |
| X | nvpatch | napatch.exe | Added by the SASSER-F WORM! | No |
| U | NvPvrNetMon | NvPvrNetMon.exe | Network monitor for the Personal Video Recorder function of the NVIDIA ForceWare Multimedia application - "makes sure you don't miss your favorite show. If you won't be home to watch the show, just use the PVR to set future recordings" | No |
| N | NVQuickTweak | rundll32.exe NvQtwk.dll, NvTaskbarInit | System Tray icon used to manage settings for nVidia based graphics cards. May be required for some 3D applications to recognize your card correctly - such as the game "Everquest". Otherwise, settings can be changed manually via Display Properties | No |
| U | NVRaidService | nvraidservice.exe | Part of NVIDIA® MediaShield™ Storage - NVIDIA's management utility for creating and monitoring hard disk RAID arrays for the controllers integrated on their motherboards. Includes a Disk Alert System for troubleshooting with notifications via the System Tray. Not required if you don't have a RAID array or if you created the array at the BIOS level. Some users complain that it can report false errors | Yes |
| Y | NvRegisterMCTray | RUNDLL32.EXE NVMCTRAY.DLL,NvMCRegisterApp NvCpl.dll | Registers the NVIDIA Control Panel (NvCpl.dll) via the NVIDIA Media Center Library (NVMCTRAY.DLL) on the first reboot only after the installation of NVIDIA graphics drivers on Win Me/XP. Added with nVidia graphics drivers since GeForce/ION Driver - Release 186. Both files are located in %System% | Yes |
| Y | NvRegisterMCTrayNview | RUNDLL32.EXE NVMCTRAY.DLL,NvMCRegisterApp nView.dll | Registers the NVIDIA Nview Desktop Manager (nView.dll) via the NVIDIA Media Center Library (NVMCTRAY.DLL) on the first reboot only after the installation of NVIDIA graphics drivers on Win Me/XP. Added with nVidia graphics drivers since GeForce/ION Driver - Release 186. Both files are located in %System% | Yes |
| ? | NVRotateSysTray | nvsysrot.dll | Related to NVIDIA nView Control Panel. What does it do and is it required? | No |
| N | NVRT | nvrt.exe | NVRefreshTool is a utility that will automatically detect the maximum refresh rate at each resolution that your monitor supports | No |
| ? | NVRTClk | NVRTClk.exe | Related to a Gigabyte video card. What does it do, and is it required? | No |
| X | nvsv32.exe | nvsv32.exe | Added by the FORBOT-DI WORM! | No |
| X | nvsv32.exe | cstr.exe | Added by a variant of the SDBOT WORM! | No |
| X | nvsv32.exe | asr_fnt.exe | Added by the WOOTBOT.GE WORM! | No |
| X | nvsv32.exe | nvsv33.exe | Added by the WOOTBOT.FP WORM! | No |
| N | NvSvc | nvsvc.exe | NVIDIA Driver Helper Service - installed when you change from the WDM drivers to nVidia's latest versions but not requied. Extreme shutdown delays can be encountered with this service active, but no adverse side effects with it disabled. NOTE: If using drivers other than nVidia's, such as Asus, this service may have been renamed to reflect that | No |
| X | nvsvc | nvsvc.exe | Added by the BANKER-HQ TROJAN! Note - this is not the valid NVIDIA Driver Helper Service and is located in %System% | No |
| X | NVSVC | nvsvc.exe | Added by the AGOBOT.ALX WORM! Note - this is not the valid NVIDIA Driver Helper Service and is located in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| U | NvSvc | RUNDLL32.EXE nvsvc.dll,nvsvcStart | Initially installed with Vista display drivers for NVIDIA based graphics cards. This entry replaced the "NVIDIA Display Driver Service" or "NVIDIA Driver Helper Service" in XP - which was used in part to maintain overclocked display settings. In a GeForce 8800GT test system this isn't the case. Disabling it caused no ill effects but it's exact purpose isn't known - hence the "U" recommendation | Yes |
| U | nvsvc16 | nvsvc16.exe | MySuperSPy surveillance software. Uninstall this software unless you put it there yourself | No |
| X | nvsvca32 | nvsvca32.exe | Added by the TACTSLAY.E TROJAN! | No |
| X | nvsvca32 | clfmon.exe | Added by the TACTSLAY.E TROJAN! | No |
| X | NVSystem32 | nvscv32.exe | Added by the AGOBOT-NO WORM! | No |
| X | Nvt32 | complaint_7251.exe | Added by the ARTIEF.B TROJAN! | No |
| X | NvUpdater | nwiz32.exe | Added by a variant of the RBOT WORM! | No |
| X | NvVideoCenter | NvVid.exe | Added by the HAXDOOR-DO TROJAN! | No |
| X | NvXplDeamon | xstyles.exe | Added by the SMALL.AJ VIRUS! | No |
| ? | NWEReboot | dummy.exe | ?? | No |
| N | nwiz | nwiz.exe | Part of NVIDIA's NVIEW Display Management Software - included in drivers for consumer and professional graphics products. This entry runs the "NVIDIA Display Setup Wizard" if you connect (or already have connected) an additional display once the drivers have been installed. In later drivers it also loads the "nView Desktop Manager" (if you enable it via Control Panel → NVIDIA nView Desktop Manager) if you want to use features such as Hot Keys and Zoom. In both cases nwiz.exe doesn't remain in memory | No |
| X | nwiz | KHATRA.exe | Added by the ORBINA-A WORM! | No |
| X | nwiz32 | nwiz32.exe | Added by the SINBANK-A TROJAN! | No |
| Y | Nwpopup | Nwpopup.exe | Broadcast message handler part of Novell Netware that displays server, printer and other messages | No |
| U | nwrecmsg | nwrecmsg.exe | Broadcast message handler part of Novell Netware that displays server, printer and other messages - can cause crashes | No |
| U | nwss | Sp0.exe | SpyOutside surveillance software. Uninstall this software unless you put it there yourself | No |
| Y | NWTRAY | nwtray.exe | Novell Netware. Displays the red "N" tray icon which can be disabled (by right-click on the icon) but is also needed by the client | No |
| X | nxgsvc | rundll32.exe nxgsvc.dll,start | Added by the AKBOT.BA WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "nxgsvc.dll" file is found in %System% | No |
| X | nxosys | rundll32.exe nxosys.dll,start | Added by the AKBOT.BD WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "nxosys.dll" file is found in %System% | No |
| U | nxpclient | sprtcmd.exe /P nxpclient | NetExpert - "India's first ever automated Broadband care technology." Identifies and automatically fixes typical problems that may occur with your high-speed internet service | No |
| ? | oadaemon | oadaemon.exe | Background process that establishes connection with a C3-1000 scanner and watch general status of the device and for scanner button presses. Can it be started manually? | No |
| U | OADP Utility | OadpUtil.exe | Part of the Sabre computer reservations system/global distribution system (GDS) - used by airlines, railways, hotels, travel agents and other travel companies for reservations and ticketing. OADP is the Open Auxiliary Device Platform | No |
| Y | oahstifr | oahstifr.exe | Comes with HyperTextStudio. From the supplier - "The Osserver maintains the database for HyperText Studio projects - absolutely vital, it verifies all the links etc in a site. It runs as a service in NT, 2K and XP but needs to start up in Win 9.x so you'll see a DOS box for a short while during boot up." | No |
| U | OAKSTART | OAKSTART.EXE | Sets the spindown timeout and access speeds at startup and displays a splash screen for CD-RW. | No |
| N | OAKTASK | OAKTASK.EXE | Taskbar utility for a "control panel" for a CD-RW | No |
| Y | OASClnt | oasclnt.exe | On-access real-time scanner for older versions of McAfee VirusScan and the now obsolete McAfee VirusScan Online which scans files for malware as you access, create, copy or download them | Yes |
| X | OB Updater | ob.exe | Added by the AGOBOT-IH WORM! | No |
| Y | Object Store Server | osserver.exe | Comes with HyperTextStudio. From the supplier - "The Osserver maintains the database for HyperText Studio projects - absolutely vital, it verifies all the links etc in a site. It runs as a service in NT, 2K and XP but needs to start up in Win 9.x so you'll see a DOS box for a short while during boot up." | No |
| X | ObjectDock | Brico.cmd | Added by the BOBANDY-A WORM! | No |
| ? | objtjprx | objtjprx.exe | ?? | No |
| Y | OBRCheck | check.exe | Now part of Acer Empowering Technology. "Acer eRecovery Management is a powerful utility that does away with the need for recovery disks provided by the manufacturer, and also acts as a versatile standalone backup and recovery manager". Whilst the exact purpose of this entry isn't known it runs and closes so leave it enabled in case it's required | Yes |
| ? | obsver | obsver.exe | Part of LingoWare translating software - what does it do and is it required? | No |
| N | OCAudioIni | OCAudioIni.exe | One-click Audio Converter - allows you to convert files of multiple audio formats right from Windows Explorer | No |
| N | ocraware | ocraware.exe | Optical Character Recognition software as part of OmniPage Limited Edition - supplied with some scanners. Scan directly into most word processor applications, such as Word, WordPerfect, etc. Available via Start -> Programs | No |
| U | Octoshape Streaming Services | OctoshapeClient.exe | Octoshape Live Streaming - "is a revolutionary technology that will reduce your bandwidth cost and improve the quality in sound and picture" | No |
| X | ocx32 | ocx32.exe | Added by the ASTEF or RESPAN WORMS! | No |
| X | OCXUPDT32 | ocxupdt32.exe | Added by the AGOBOT-IF WORM! | No |
| X | OczyszczaczKomputerza | GDC.exe | OczyszczaczKomputerza Polish rogue privacy tool - not recommended. A member of the PCPrivacyTool family | No |
| X | OD | SYSCNTR.EXE | HotVideo dialler | No |
| X | od-matrxx | od-matrxx.exe | Adult dialler - xx can be any number | No |
| X | od-stndxx | od-stndxx.exe | Adult dialler - xx can be any number | No |
| X | od-teenxx | od-teenxx.exe | Adult dialler - xx can be any number | No |
| U | ODBC BackUp | fdxxl.exe | G Data "PC Spion". PC monitoring and surveilling software, captures all users activity on the PC, see here. Disable/remove if you didn't install it yourself! | No |
| X | oddworldz.exe | oddworldz.exe | Added by the MULTIDR-EG TROJAN! | No |
| N | Odebit Multimedia V2 | Odebit.exe | Odébit Multimedia - free French multimedia player giving access to the best of television, videos, radio, games and chat | No |
| N | Odebit Multimedia V3 | Odebit.exe | Odébit Multimedia - free French multimedia player giving access to the best of television, videos, radio, games and chat | No |
| N | Odebit Multimedia V3 - Services | Odebit.exe | Odébit Multimedia - free French multimedia player giving access to the best of television, videos, radio, games and chat | No |
| N | Odometer | Odometer.EXE | Mouse odometer - tracks how far your pointer/arrow has traveled on the screen. Shortcut available | No |
| U | ODSPConfig | ODSPConfig.exe | DsktopSurveil surveillance software. Uninstall this software if you did not install it yourself | No |
| X | Oeloader | Oeloader.exe | Xupiter OrbitExplorer toolbar related. Drive-by foistware. Use Spybot S&D, Adware or similar to detect and remove and to prevent it re-installing in the future see here | No |
| X | OEM Tools 32 | tres32.exe | Added by the RBOT.QB WORM! | No |
| U | OEM02Mon.exe | OEM02Mon.exe | Creative Live! Cam Console Auto Launcher | No |
| ? | OEM07Mon.exe | OEM07Mon.exe | Related to Live Camera Console Auto Launcher by Creative Technology LTD. What does it do and is it required? | No |
| X | OEM32 Tools | sres32.exe | Added by the RBOT.AML BACKDOOR! | No |
| N | OEMCLEANUP | oemreset.exe | Resets OEM installation settings at bootup. Not required unless you're new to PC's | No |
| U | OEMRESET | oemreset.exe | Resets OEM installation settings at bootup. Not required unless you're new to PC's | No |
| U | OEMRUNONCE | oemrun.exe | Windows Millennium file - used by setup when installing the OEM 'express' version of the operating system. Uncheck after setup has finished | No |
| U | oeplugin | bxOEPlugin.exe | noHTML for Outlook Express is an add-on that protects Outlook Express from email viruses and email scripts by converting incoming email messages from HTML format to simple text | No |
| ? | OEPowerPlugs | winoeinit.exe | ?? | No |
| Y | oeprsrv | oeprsrv.exe | Outlook Express Privacy - which "lets you control access to Outlook Express and its email message database. When you enable protection, the program disables access to the message database and address book files. As a result, when you open Outlook Express or Windows Address Book, a password will be asked for authentication." If protection within the program is enabled and this entry is disabled Outlook Express will fail to run | Yes |
| Y | oeprsrv.exe | oeprsrv.exe | Outlook Express Privacy - which "lets you control access to Outlook Express and its email message database. When you enable protection, the program disables access to the message database and address book files. As a result, when you open Outlook Express or Windows Address Book, a password will be asked for authentication." If protection within the program is enabled and this entry is disabled Outlook Express will fail to run | Yes |
| Y | oepsrv | oepsrv.exe | Outlook Express Protector from Ixis Research, Ltd - which is "designed for controlling access to Outlook Express and its e-mail and address data bases. Outlook Express Protector does not encrypt protected files and folders, however no programs can get access to them when the program is active." If protection within the program is enabled and this entry is disabled Outlook Express will fail to run | Yes |
| Y | oepsrv.exe | oepsrv.exe | Outlook Express Protector from Ixis Research, Ltd - which is "designed for controlling access to Outlook Express and its e-mail and address data bases. Outlook Express Protector does not encrypt protected files and folders, however no programs can get access to them when the program is active." If protection within the program is enabled and this entry is disabled Outlook Express will fail to run | Yes |
| X | OESET | setup60.exe | Added by the WAREZDL.28672 TROJAN! | No |
| X | Oesi | srts.exe | PurityScan adware | No |
| U | OESpamTest | OESpamTest.ExE | Kaspersky Anti-Spam | No |
| Y | oessrv | oessrv.exe | Outlook Express Security - which is used "to control access to Outlook Express and its databases. When it is active, Outlook Express becomes locked and no third-party programs can access its message base files and the address book. As a result, when you try to start Outlook Express, open the address book or access the files, a password will be asked to allow access." If protection within the program is enabled and this entry is disabled Outlook Express will fail to run | Yes |
| Y | oessrv.exe | oessrv.exe | Outlook Express Security - which is used "to control access to Outlook Express and its databases. When it is active, Outlook Express becomes locked and no third-party programs can access its message base files and the address book. As a result, when you try to start Outlook Express, open the address book or access the files, a password will be asked to allow access." If protection within the program is enabled and this entry is disabled Outlook Express will fail to run | Yes |
| N | OEXCheck | EA2Check.exe | Express Assist from AJSystems.com. Utility for use with Outlook Express to backup, restore, synchronize amongst others | No |
| X | oe_drop_spam | oesrv.exe | Dropspam adware | No |
| Y | OE_OEM | TMAS_OEMon.exe | Related to Trend Micro PC-cillin - Internet Security 12 | No |
| X | Offer Companion | offers.exe | Adware | No |
| X | Offers | offers.exe | Adware | No |
| X | Offica Monitor Secura Systeme | winxp_sp3.exe | Added by a variant of the RBOT WORM! | No |
| X | Office | Office.exe | Added by the KRAIMER.12 TROJAN! | No |
| X | Office Desktops | imag.exe | Added by the SPYBOT.AQR WORM! | No |
| U | Office Mail | off_mail.exe | Office Mail from Burrotech Ltd - "complete email solution for small/medium businesses, homes, schools and colleges. It is a small email server which forms the perfect gateway between your internal and external email" | No |
| U | Office Mail Alerter | om_Alerter.exe | Office Mail Alerter - "alert Office Mail users when they receive new emails" via a System Tray icon | No |
| X | Office Monitor | adv32.exe | Added by the SDBOT-CWO WORM! | No |
| X | Office Monitor | alg32.exe | Added by the RBOT-GMM WORM! | No |
| X | Office Monitor | nvsvc86.exe | Added by the IRCBOT.BVO BACKDOOR! | No |
| X | Office Monitor Secure Systema | absecure32.exe | Added by the RBOT.FPW WORM! | No |
| X | Office Monitor Word Exel R | svch.exe | Added by the DWNLDR-GWW TROJAN! | No |
| X | Office Monitor Word Exel R | u.exe | Added by the SDBOT-DEE WORM! | No |
| X | Office Monitor Word Exel R | [trojan filename] | Added by the IRCBOT-VX TROJAN! | No |
| X | Office Monitors | GoogleUpdater.exe | Added by the RBOT-GKZ WORM! Note - this is not the updater for the popular Google tools | No |
| X | Office Monitorse | [path to worm] | Added by the SDBOT-CZX WORM! | No |
| N | Office Startup | osa.exe | On older versions of MS Office this launches common Office components to help speed up the launch of Office programs. On slower machines it can be a resource hog and some users claim there's no difference with or without it - but it usually isn't required. This must be left enabled if you use the Microsoft Office Shortcut Bar (MSOFFICE.EXE) and have set it to load at startup. Available via Start → All Programs | Yes |
| X | Office Startup | Exploer.exe | Added by the GAOBOT.BV WORM! Note the different filename to the valid MS Office entries | No |
| N | Office Startup | Osa9.exe | On older versions of MS Office this launches common Office components to help speed up the launch of Office programs. On slower machines it can be a resource hog and some users claim there's no difference with or without it - but it usually isn't required. This must be left enabled if you use the Microsoft Office Shortcut Bar (MSOFFICE.EXE) and have set it to load at startup. Available via Start → All Programs | No |
| X | Office SturtUp | osa9.exe | Added by the CLICKER-EC TROJAN! Note - this trojan is located in %Windir% and should not be confused with the Microsoft office program, located in %Program Files%\Microsoft Office\Office | No |
| X | OfficeAgent | expIorer.exe | Added by the TACTSLAY.A TROJAN! | No |
| X | OfficeAgent | outIook.exe | Added by the TACTSLAY.A TROJAN! | No |
| X | OfficeAgent | svcrhost.exe | Added by the TACTSLAY.A TROJAN! | No |
| X | OfficeAgent | svcshost.exe | Added by the TACTSLAY.A TROJAN! | No |
| X | OfficeDeamon | msorunner.exe | Added by a variant of the TACTSLAY TROJAN! | No |
| Y | OfficeGuard RegChecker | ogrc.exe | Kaspersky Labs anti-virus | No |
| X | OfficeGuardUI | svcss.exe | Added by the DEDLER-C TROJAN! | No |
| ? | officejet 6100 | hposol08.exe | Associated with a HP PSC2110 (and maybe others) all-in-one machine | No |
| U | OFFICEKB | kbdap32a.EXE | Keyboard utility for a Micro Innovations brand keyboard. If you disable this entry you will not be able to use any of the keyboard hotkeys or other non-standard functions on the keyboard | No |
| X | OfficeQuickAccess | OfficeHost.vbs | Added by the PEXMOR WORM! | No |
| X | Offices | msnmgd32.exe | Added by the FORBOT-DV WORM! | No |
| X | Offices Monitors | [path to worm] | Added by the RBOT-GKO WORM! | No |
| X | Offices Monitorse | [path to worm] | Added by the RBOT-GKO WORM! | No |
| X | Offices Monitorse | algose32.exe | Added by the RBOT-GDD WORM! | No |
| Y | OfficeScan95 | pccwin97.exe | Trend Micro antivirus OfficeScan | No |
| Y | OfficeScanNT Monitor | pccntmon.exe | Trend Micro OfficeScan Antivirus real-time scan monitor | No |
| X | OfficeWord Monitor | msn32.exe | Added by the RBOT-GUE WORM! | No |
| X | OfficeWord Monitors | Offlce.exe | Added by the IRCBOT.JZ TROJAN! | No |
| X | OFFICEXP | OFFICEXP.exe | Added by the WOOTBOT.HE WORM! | No |
| X | Office_app | msnmrgs.exe | Added by a variant of the VBBANC-A TROJAN! | No |
| X | office_update | [path to trojan] | Added by the DLOADER-ZB TROJAN! | No |
| U | OfflineFileSync | OfflineFileSyn.exe | Offline synchronization part of ZANTAZ EAS (Enterprise Archive Solution) - which "is a secure, scalable set of tools for managing the the enormous amounts of 'unstructured information' held in corporate e-mails, files and SharePoint content" | No |
| N | OfotoNow USB Detection | Rundll32.exe OFUSBS.DLL, WatchForConnection OfotoNow | Autodetects when a digital camera is attached to a USB port and launches OfotoNow image software. Available via Start -> Programs | No |
| Y | ogrc | ogrc.exe | Kaspersky Labs anti-virus | No |
| N | Oil Change | OCTray32.exe | From CyberMedia/Network Associates. Checks for updates to software installed on your PC. Available via Start -> Programs | No |
| ? | OIM | oim.exe | Related to the O2 (was "genie") mobile phone service. What does it do and is it required? | No |
| X | OKGO | winutade.exe | Added by the BANKER-EHZ TROJAN! | No |
| U | OKI LPR Utility | okilpr.exe | OKI printer utility | No |
| X | OKMaster | OKMaster.exe | OKToolbar adware | No |
| X | OLE | [filename] | Added by the STAWIN or TARNO.D TROJANS! | No |
| X | OLE Automation Server | ole32aut.vbe | CoolWebSearch parasite variant | No |
| X | oleaccrc | oleaccrc.exe | Adware - detected by Kaspersky as the AGENT.AM TROJAN! | No |
| X | OLEDb Service | runoledb32.exe | Added by a variant of the SPYRE.B TROJAN! | No |
| X | olehelp | olehelp.exe | Added by the BOOKMARKER.D or BOOKMARKER.G TROJANS! | No |
| X | OleLoader | ole32.exe | Added by the DELF.BR TROJAN! | No |
| U | olesvr | olesvr.exe | Salfeld Child Control - parental control software | No |
| X | Olive System | Szchost.exe | Added by the MERCURYCAS.A TROJAN! | No |
| X | olpr | olpr.exe | Added by the DWNLDR-GWQ TROJAN! | No |
| N | OLPSYNCH | OlpSynch.exe | Related to Offline Course Player from Element K Corp. Provider of the Technology, Compliance, Management and Business training content for effective programs | No |
| X | Olympic | IE4321.exe | Adult content premium rate dialer - also detected as SMALL.CZ | No |
| N | OM2_Monitor | FirstStart.exe | Olympus Master 2 - digital camera management tools | No |
| N | OM2_Monitor | MMonitor.exe | Olympus Master 2 - digital camera management tools | No |
| X | Omega AntiVir | OM83b.exe | Omega AntiVir rogue security software - not recommended, removal instructions here | No |
| X | Omf4 | OMF4.EXE | Added by the FREEMEGA TROJAN! | No |
| N | OmgStartup | omgstartup.exe | Sony program called OpenMG Jukebox - player and music organizer | No |
| U | OmniHTTPd | ohttpd.exe | OmniHTTPd web server from Omnicron | No |
| N | OmniPage | Opware32.exe | Part of OmniPage from Nuance (was Scansoft) - "the fastest, easiest way to turn paper documents into digital files you can edit". Links Word, via OLE, with OmniPage. If running, a user can call up OmniPage from inside of Word and ask it to scan something, via "File, Acquire Page". Also some of OmniPage's Options dialog boxes are accessible from within Word. Only required by novices and is Available via Start -> Programs | No |
| U | OmniPass | scureapp.exe | OmniPass from Softex Inc. - secure password management software | No |
| N | OM_Monitor | FirstStart.exe | Olympus Master 1 - digital camera management tools | No |
| N | OM_Monitor | Monitor.exe | Olympus Master 1 - digital camera management tools | No |
| U | On Screen Display | OSD.EXE | By Netropa for HP and other brands. Same group as KBD MediaCenter & Touch Manager. Pressing a "hot key" on such a keyboard brings a corresponding panel on the screen for volume, etc. Nice but not required if you don't adjust things regularly - can also freeze | No |
| U | On screen display | TPOSDSVC.exe | Supports the hotkeys on IBM/Lenovo ThinkPad notebooks - displays the result of the using of function keys on the desktop screen. For example, whenever a user changes system speaker volume, this program displays a volume indicator on the desktop screen | Yes |
| X | once | help.exe | IESearchToolbar parasite. Identified by Ewido Security Suite (Ewido is now part of AVG Technologies) as the DELF.LF TROJAN! | No |
| N | One Touch Monitor | OneTouchMonitor.exe | For Visioneer OneTouch scanners. System tray access to the control panel for the scanner | No |
| N | One Touch Monitor | 1tou~2.exe | For Visioneer OneTouch scanners. System tray access to the control panel for the scanner | No |
| N | One Touch Monitor | ONETOU~2.EXE | For Visioneer OneTouch scanners. System tray access to the control panel for the scanner | No |
| Y | OneCareUI | winssnotify.exe | System Tray access to a notifications from Windows Live OneCare - now superseded by Microsoft Security Essentials. "OneCare helps keep your PC safe and secure while making your life easier. From virus scanning and file backups, to automatic printer sharing of all the PCs in your household, OneCare helps manage all of this. Delivered to you in a smooth, hassle-free package" | Yes |
| X | OneMoreKey | xpa.exe | XP Antivirus rogue security software - not recommended | No |
| N | OneNote 2007 Screen Clipper and Launcher | ONENOTEM.EXE | System Tray access to MS Office OneNote 2007 - an electronic notebook that allows you to create free-form notes, including text, graphics and audio/video. When running, ONENOTEM.EXE also enables the WINDOWS KEY combinations - such as WINDOWS KEY+N (new Side Note) and WINDOWS KEY+S (insert screen grab into a note). Leave the icon enabled in OneNote but move the shortcut from Start → All Programs → Startup to the desktop or elsewhere on the Start menu and run when needed | Yes |
| N | OneTouch Monitor | OneTouchMon.exe | For Visioneer OneTouch scanners. System tray access to the control panel for the scanner | No |
| N | OneTouchMonitor | OneTouchMonitor.exe | For Visioneer OneTouch scanners. System tray access to the control panel for the scanner | No |
| N | OneTouchMonitor | 1tou~2.exe | For Visioneer OneTouch scanners. System tray access to the control panel for the scanner | No |
| N | OneTouchMonitor | ONETOU~2.EXE | For Visioneer OneTouch scanners. System tray access to the control panel for the scanner | No |
| N | ONETOU~2 | OneTouchMonitor.exe | For Visioneer OneTouch scanners. System tray access to the control panel for the scanner | No |
| N | ONETOU~2 | 1tou~2.exe | For Visioneer OneTouch scanners. System tray access to the control panel for the scanner | No |
| N | ONETOU~2 | ONETOU~2.EXE | For Visioneer OneTouch scanners. System tray access to the control panel for the scanner | No |
| X | Onflow | onflow.exe | Onflow is a internet company that offers an online advertising program. Not required - uninstall | No |
| U | OnfolioStorage | onfserv.exe | "Onfolio is the complete solution for collecting, organizing and sharing online content" | No |
| ? | online cdrom | Active acid.exe | ?? | No |
| X | Online Service | svchost.exe | Added by the HOSTIDEL.B or HOSTIDEL.C or TARNO.B TROJANS! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup! | No |
| X | Online Services | twain.exe | Added by the AGENT.BEA TROJAN! | No |
| Y | OnlineArmor GUI | oaui.exe | Online_Armor personal firewall | No |
| X | OnlineGuard | OnlineGuard.exe | OnlineGuard rogue security software - not recommended, removal instructions here | No |
| X | OnlineHelpmate | GDC.exe | OnlineHelpmate rogue privacy tool - not recommended. A member of the PCPrivacyTool family | No |
| U | OnlinePCfix SmoothSurfer | SS.exe | Smooth-Surfer - blocks banners, ads, popups, and cleans MRU and Recent file lists | No |
| N | OnlineTime | onlinetime.exe | OnlineTimer - monitors your Windows dial-up network and logs the time you spend online as well as the resulting costs | No |
| X | online_party | online_party.exe | Adult content dialler | No |
| X | Onluna Sarvice | sachost.exe | Added by the TOFGER-AA TROJAN! | No |
| X | Onlune Sarvice | sachost.exe | Added by the DAEMONI-J TROJAN! | No |
| X | only23 | SCVHOST.exe | Added by the BCKDR-PUQ BACKDOOR! | No |
| X | OnSrvr | OnSrvr.exe | OnWebMedia adware | No |
| X | oo4 | RunDLL32.EXE oo4.dll,DllRun | BookedSpace parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "oo4.dll" file is located in %Windir% | No |
| U | OODefragTray | oodtray.exe | System Tray access to O&O Defrag disk defragmentation software | No |
| ? | OOLHELPT | OOLHELPT.exe | ?? | No |
| N | OP12 Reminder | Ereg.exe | Registration reminder for OmniPage from Nuance (was Scansoft) | No |
| U | OpAgent | OpAgent.exe | Part of Nuance (was Scansoft) OmniPage Pro document conversion software | No |
| X | Open Service Drivers | opiater.exe | Added by a variant of the RBOT WORM! | No |
| X | Open Site | opnste.exe | OpenSite adware | No |
| X | Open Site | opensite.exe | OpenSite adware | No |
| X | Open2Enter | runme.exe | Adult content dialler | No |
| X | Open2Enter | runme2.exe | Adult content dialler | No |
| X | OpenApizs | zrscbm.exe | Added by the AGENT.RLH TROJAN! | No |
| U | OpenDNS Update | OpenDNS Updater.exe | Updater for OpenDNS which "is a free service that works for networks of all sizes, from home networks to K-12 schools, SMBs and large enterprises". Automatically updates your OpenDNS account when your IP address changes and should be allowed to run if you use their Dashboard features | No |
| X | OpenGL Drivers | 0penGLD.exe | Added by the YIMP-A WORM! | No |
| X | OpenMstart | [path to dialler] | "Switch-E" premium rate adult content dialer | No |
| N | OpenOffice.org *.*.* | quickstart.exe | OpenOffice.org office suite quick start (where "*.*.*" is the version number) | No |
| N | OpenOffice.org x | QUICKS~1.EXE | Displays OpenOffice quick start applet in System tray. Right clicking on the icon allows rapid starting up of components of the OpenOffice suite. Available via Start -> Programs. Will automatically be started when any OpenOffice component is started from Start -> Programs. A resource hog (takes > 16 MB of memory). "x" represents the version number | No |
| N | OpenTalk | OpenTalk.exe | OpenTalk - free video and voice conferencing software application that allows you to talk to up to 100 friends in a chat room, using your headset microphone and a Webcam | No |
| U | openvpn-gui | openvpn-gui.exe | "OpenVPN is a full-featured SSL VPN solution which can accomodate a wide range of configurations, including remote access, site-to-site VPNs, WiFi security, and enterprise-scale remote access solutions with load balancing, failover, and fine-grained access-controls" | No |
| U | Openwares LiveUpdate | LiveUpdate.exe | Web-update utility as used by various types of software - see here | No |
| X | Opera addon | svhost.exe | Added by the AGENT-IBD WORM! | No |
| X | Operalaunch | vmm.exe | Added by the AGENT-IBD WORM! | No |
| N | Operations Typhoon Rising Registration | NOVG.EXE | Joint Operations registration reminder | No |
| N | Operator | ?? | Media Pilot operator, in Win.ini. Locks port open | No |
| U | Operator | xtmop.exe | Fax/Phone answering facility for Extreem Machine - as supplied with the old Diamond SupraExpress modems. No longer supported | No |
| X | OpiStat | OpiStat.exe | NetRatings Premeter spyware | No |
| X | OPQFile | regedit.exe /s ...rad03FA6.tmp | Unsavoury program that resets your homepage every time you restart - uncheck in MSCONFIG and delete it via a registry edit | No |
| X | opr | opr.exe | MediaMotor adware | No |
| U | OpScheduler | OpScheduler.exe | Part of Nuance (was Scansoft) OmniPage Pro document conversion software | No |
| N | OPSE reminder | Ereg.exe | Registration reminder for OmniPage from Nuance (was Scansoft) | No |
| X | opsql update check | opsql.exe | Added by the RBOT-ACJ WORM! | No |
| X | Optim1 | regdtopt.exe | Added by the RAMVICRYPE TROJAN! | No |
| X | Optim2 | regdtopt.exe | Added by the RAMVICRYPE TROJAN! | No |
| X | Optim3 | regdtopt.exe | Added by the RAMVICRYPE TROJAN! | No |
| X | Optim4 | regdtopt.exe | Added by the RAMVICRYPE TROJAN! | No |
| X | Optimize Windows | Kuntilanak.exe | Added by the SILLYFDC WORM! | No |
| X | OPTIMIZER | iexplore.exe | Added by the EVEVINC BACKDOORNote - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System% | No |
| X | OPTIMIZER | iexplore.exe | Added by the EVIVINC BACKDOOR! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System% | No |
| X | Optimum Online | Netsurf.exe | OptimumOnline ISP software related spyware - displays advertising popups and collects information about user activity | No |
| X | Optim[NUMBER] | [path]\regdtopt.exe | Added by the RAMVICRYPE TROJAN! | No |
| X | Optional Web Drivers For WIN32 | phqghume.exe | Added by a variant of the RBOT WORM! | No |
| U | OPTMOUSEMOUSE | optmouse.exe | Related to a Samsung optical mouse | No |
| U | Optus Cable Data Monitor | datamonitor.exe | Allows Optus customers to monitor their actual data usage against Optus' "data allowance limits" | No |
| N | OptusNet Desktop Service Centre | DSC.exe | OptusNet DSL or Dial-Up connection software | No |
| U | OptusNetUsage | OptusNet Usage Meter.exe | Designed specifically for OptusNet users who wish to have their connection monitored on a frequent basis. It can also estimate when you are going to hit your usage limit, and how far over your suggested limit you should be | No |
| N | Opware12 | Opware12.exe | OmniPage from Nuance (was Scansoft) - version 12. If running, a user can call up OmniPage from inside of Word and ask it to scan something, via "File, Acquire Page." Also some of OmniPage's Options dialog boxes are accessible from within Word. Only required by novices and is available via Start -> Programs | No |
| N | Opware14 | Opware14.exe | OmniPage from Nuance (was Scansoft) - version 14. If running, a user can call up OmniPage from inside of Word and ask it to scan something, via "File, Acquire Page." Also some of OmniPage's Options dialog boxes are accessible from within Word. Only required by novices and is available via Start -> Programs | No |
| N | Opware15 | Opware15.exe | OmniPage from Nuance (was Scansoft) - version 15. If running, a user can call up OmniPage from inside of Word and ask it to scan something, via "File, Acquire Page." Also some of OmniPage's Options dialog boxes are accessible from within Word. Only required by novices and is available via Start -> Programs | No |
| N | OpwareSE2 | OpwareSE2.exe | Hardware bundled version of OmniPage from Nuance (was Scansoft). If running, a user can call up OmniPage from inside of Word and ask it to scan something, via "File, Acquire Page." Also some of OmniPage's Options dialog boxes are accessible from within Word. Only required by novices and is available via Start -> Programs | No |
| N | OpwareSE4 | OpwareSE4.exe | Hardware bundled version of OmniPage from Nuance (was Scansoft). If running, a user can call up OmniPage from inside of Word and ask it to scan something, via "File, Acquire Page." Also some of OmniPage's Options dialog boxes are accessible from within Word. Only required by novices and is available via Start -> Programs | No |
| U | Oracle Web-to-Go | webtogo.exe | "Oracle Web-to-go, a component of Oracle9i Lite, consists of a collection of modules and services that facilitate development, deployment, and management of mobile Web applications" | No |
| Y | Orange Connection Kit | atdialler1.exe | Part of the Orange Connection Kit - changes the dial-up for Orange Any Time if access problems are encountered | No |
| N | OrangeShark | OSharkUpdater.exe | Orange Shark updater - online games for all ages | No |
| U | Orb | OrbTray.exe | Related to Orb Tray from InstallShield Software Corporation now owned by Macrovision | No |
| X | OrbitUpdate | update.exe | Xupiter OrbitExplorer toolbar related. Drive-by foistware. Use Spybot S&D, Adware or similar to detect and remove and to prevent it re-installing in the future see here | No |
| X | OrbitView | view.exe | Xupiter OrbitExplorer toolbar related. Drive-by foistware. Use Spybot S&D, Adware or similar to detect and remove and to prevent it re-installing in the future see here | No |
| N | OrderReminder | OrderReminder.exe | The HP Order Reminder utility is installed with the HP LaserJet printer software and allows you to set specific times for reminders to check the current level of toner in the print cartridge - it also contains an Order Now link to a Web page that helps you order supplies online from a reseller of your choice | No |
| X | orderShell | order****.exe [* = random char] | Added by the DLOADR-UN TROJAN! | No |
| X | order_Shell | order_smey.exe | Added by the BANKSNIF-H TROJAN! | No |
| X | order_Shell | order_****.exe [* = random letter] | Added by the AGENT.ARO TROJAN! | No |
| X | order_Shell | order_glsw.exe | Added by the DLOADR-KO TROJAN! | No |
| X | order_Shell | order_pgum.exe | Added by the AGENT-BSQ TROJAN! | No |
| ? | org5.exe | org5.exe | Lotus Organizer 5 application file, Lotus Organizer software. What does it do and is it required? | No |
| X | OrgyCam | OrgyCam.exe | Adult content dialler | No |
| U | OrigRage128Tweaker | RAGE128TWEAK.EXE | Third party tweaker for ATI Rage 128 Video cards from http://www.rageunderground.com | No |
| U | ORiNOCO | Cmluc.exe | Client Manager software for a Proxim ORiNOCO 11a/b/g wireless LAN PCI card | No |
| X | OS Boot Configuration | bootconfig.exe | Added by the IRCBOT.HJ WORM! | No |
| X | OS Boot Configuration! | bootconf.exe | CoolWebSearch BootConf adware | No |
| X | OS Boot Load | bootload.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | OS Security | mswind32.pif | Added by the RBOT-ASU WORM! | No |
| X | OSA | winword.exe | Added by the KANGAROO-A TROJAN! | No |
| X | Osa32 | NTOSA32.exe | Added by the ANIG WORM! | No |
| U | osCheck | osCheck.exe | Part of Norton Antivirus. Initiates a quick scan (at startup) of the portions of the OS Symantec currently (as defined by the most recent updates downloaded onto the host computer) thinks are most susceptible to infection. This scan is not necessary for proper operation of Norton Antivirus | No |
| U | OSD | OSD.exe | By Netropa for HP and other brands. Same group as KBD MediaCenter & Touch Manager. Pressing a "hot key" on such a keyboard brings a corresponding panel on the screen for volume, etc. Nice but not required if you don't adjust things regularly - can also freeze | No |
| X | OSD | ALG.exe | Added by the STARTPAGE-ID TROJAN! | No |
| U | OsdMaestro | OSD.exe | By Netropa for HP and other brands. Same group as KBD MediaCenter & Touch Manager. Pressing a "hot key" on such a keyboard brings a corresponding panel on the screen for volume, etc. Nice but not required if you don't adjust things regularly - can also freeze | No |
| U | OsdMaestroOSD.exe | OSD.EXE | By Netropa for HP and other brands. Same group as KBD MediaCenter & Touch Manager. Pressing a "hot key" on such a keyboard brings a corresponding panel on the screen for volume, etc. Nice but not required if you don't adjust things regularly - can also freeze | No |
| X | OSS | ossproxy.exe | MarketScore parasite - ActiveX control used to download premium-rate dialers | No |
| X | OSS | rk.exe | MarketScore parasite - ActiveX control used to download premium-rate dialers | No |
| X | OSS | rlvknlg.exe | Marketscore.RelevantKnowledge adware | No |
| U | OSSelectorReinstall | oss_reinstall.exe | Related to Acronis Disk Director Suite | No |
| X | OSSProxy | OSSPROXY.EXE | MarketScore parasite - ActiveX control used to download premium-rate dialers | No |
| U | OStivityInvAgt | ostivity.exe | OStivity - "a desktop and server hardware and software asset/inventory solution for small to enterprise sized organizations that need to quickly gain knowledge of 'what's installed' without having to manually touch every computer in the company. The next time the computer logs into the network, a complete inventory (software and hardware) is taken of the system" | No |
| X | Osus | acao.exe | PurityScan adware | No |
| X | Osus | rrup.exe | PurityScan adware | No |
| X | otcx | otcxxh.exe | Added by the CAROOL TROJAN! | No |
| N | OurPictures | OurPictures.exe | Related to RitzPix Online Photo Print services | No |
| X | Outerinfo | Outerinfo.exe | Clickspring.Outerinfo adware | No |
| X | OuterinfoUpdate | OuterinfoUpdate.exe | Clickspring.Outerinfo adware | No |
| X | outlook | outlook.exe | Added by the SDBOT-RU WORM! Note that the valid Microsoft Outlook executeable is located in %ProgramFiles%\Microsoft Office\Office whereas this one is located in %System% | No |
| X | outlook | outlook.exe | Added by the ALCRA.F WORM! Note that the valid Microsoft Outlook executeable is located in %ProgramFiles%\Microsoft Office\Office whereas this one is located in %ProgramFiles%\Outlook | No |
| X | Outlook Express | msinm.exe | Added by a variant of the RBOT WORM! | No |
| X | Outlook Express Config | *****.exe [* = random char] | Added by a variant of the RBOT WORM! | No |
| X | Outlook Express Protocol | look.exe | Added by the RBOT-ACS WORM! | No |
| X | Outlook Mail Services | express.exe | Added by the RBOT.CJN WORM! | No |
| X | Outlook Mail Services | outlook.exe | Added by the RBOT-BKA TROJAN! Note that the valid Microsoft Outlook executeable is located in %ProgramFiles%\Microsoft Office\Office whereas this one is located in %System% | No |
| U | OutlookOnDesktop | OutlookDesktop.exe | "Outlook On the Desktop is a program that displays Outlook as a transparent, interactive object embedded in your desktop" | No |
| X | OutLooks | InSane.exe | Added by the SWOOP TROJAN! | No |
| Y | Outpost Firewall | outpost.exe | Outpost personal firewall | No |
| Y | OutpostFeedBack | feedback.exe | Part of Outpost firewall by Agnitum. The feedback service is for reporting issues directly to Agnitum from within OP | No |
| Y | OutpostMonitor | op_mon.exe | Monitor for Outpost Firewall PRO (and Free) from Agnitum | No |
| X | outpostupdate | outpostupdate.exe | Added by the COSIAM-C TROJAN! | No |
| X | Outwar | syslaunch.exe | Outwar adware downloader | No |
| ? | OVCJ | ovcj.exe | ?? | No |
| X | overinstall | pgs.exe | Part of VirtualPCGuard, VirusGuardPlus and other members of the AVSystemCare family of rogue security software suites. See here for more examples | No |
| N | Overnet | Overnet.exe | Overnet peer-to-peer (P2P) file sharing program | No |
| X | ovyriwi | telace.exe | Added by the SDBOT.BVS WORM! | No |
| U | OWCCardbusTray | ocbtray.exe | Icon in the system tray for safely removing PCMCIA cards. Only required if you have a laptop or desktop which includes a PCMCIA card interface | No |
| U | OWCWebCamDV | wcdvtray.exe | WebCamDV from Orange Micro, Inc - enables the user to use a DV camera connected via Firewire as a Webcam | No |
| X | OWMngr | OWMngr.exe | OnWebMedia/SearchSeekFind advertising foistware | No |
| X | oxbvpen | gwthtis.exe | Added by the SILLYFDC-AH WORM! | No |
| U | OxigenClientAdmin | Oxigen.exe | Open University Oxigen screensaver admin client. Downloads the latest information from the net to display in the screen saver | No |
| X | oz2 | oz2.exe | Added by the MYDOOM.W WORM! | No |
| X | p | p.exe | Added by the AGENT-U TROJAN! | No |
| X | P Antispyware 09 | pas.exe | P Antispyware 09 rogue security software - not recommended, removal instructions here | No |
| X | P0w3rF1Y | svchost.exe | Added by the BDOOR-MM BACKDOOR! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| U | P17Helper | Rundll32 P17.dll, P17Helper | ASIO (Audio Stream In/Out) drivers for the SoundBlaster Audigy 2 series soundcards - for recording and home project studios. Required if you use this functionality | No |
| ? | P17Helper | Rundll32 SPIRun.dll, RunDLLEntry | Related to Creative audio products. What does it do and is it required? | No |
| ? | P17RunE | RunDll32 P17RunE.dll,RunDLLEntry | Related to drivers for the Creative Sound Blaster Audigy & Audigy 2 soundcards. What does it do and is it required? | No |
| U | P2kAutostart | P2kAutostart.exe | P2kCommander a filemanager application for Motorola p2k mobile phones | No |
| N | P2P NETWORKING | P2P Networking.exe | Peer to Peer (P2P) sharing of files on the internet | No |
| N | P2P Networking | P2P | Peer to Peer (P2P) sharing of files on the internet | No |
| X | p2p networking | p2pnetworking.exe | Added by the RBOT-ECP WORM! | No |
| X | P2P Networking2 | P2P Networking2.exe | P2P Networking2.exe is an advertising program by Joltid. This process monitors your browsing habits and distributes the data back to the author's servers for analysis. This also prompts advertising popups. This program is a registered security risk and should be removed immediately | No |
| N | P2P Networking3 | P2P Networking3.exe | P2P Networking, a component bundled with Kazaa that enables other applications to use Peer-to-Peer functionality. Not required - see here | No |
| X | p2pnetwork | p2pnetwork.exe | Added by the ALCAN.A WORM! | No |
| X | p2pnetworking | p2pnetworking.exe | Added by the RBOT-AFL WORM! | No |
| X | p2snetis | comippwa.exe | Added by the SPAMTOO-AL TROJAN! | No |
| U | P3000x_S2P | ScanToPc.exe | Dell Laser MFP 1600N network application for scanning files to the PC | No |
| X | P3p4chk | P3p4chk.exe | Added by the GEMA TROJAN! | No |
| X | p4mx4 | p4mx4.exe | Added by the CRYPTER.A TROJAN! | No |
| U | PAC7302_Monitor | Monitor.exe | Related to PixArt CMOS image sensors from PixArt Imaging Inc | No |
| X | PaciSoft | pacis.exe | PacerD Media/Pacimedia.com adware installer | No |
| ? | Packard Bell EverSafe Tray Control | TrayControl.exe | Packard Bell EverSafe software. What does it do, and is it required? | No |
| N | PadTouch | PadExe.exe | Toshiba Touch and Launch - offers easy movement and freedom of programs navigation with TouchPad | No |
| X | Pag Windows Monitor | pag.exe | Added by the AGENT-EOT TROJAN! | No |
| U | Pagekeeper Jobs | pkjobs.exe | PageKeeper Jobs is a separate PageKeeper program that handles the analysis of new documents and keeps track of the location and content of current documents in PageKeeper. Pagekeeper comes bundled with scanners such has HP, Microtek, etc | No |
| U | Pagekeeper Lite | pkjobs.exe | PageKeeper Jobs is a separate PageKeeper program that handles the analysis of new documents and keeps track of the location and content of current documents in PageKeeper. Pagekeeper comes bundled with scanners such has HP, Microtek, etc | No |
| X | PAgent | PAgent.exe | Scans your hard drive for the popular P2P file-sharing applications BearShare, Grokster, Kazaa, Limewire and Morpheus. After searching the entire local filesystem for any files with those names it connects to the DownloadWare servers and tells it what, if anything, is found | No |
| U | Pagis Schedule Monitor | Monitor.exe | Scheduler for the Pagis scanning suite from Scansoft (now Nuance) | No |
| N | Pagis Scheduler | Monitor.exe | Scheduler for the Pagis scanning suite from Scansoft (now Nuance) | No |
| ? | pagmstart | client.exe | ?? | No |
| N | Pagoo | PAGOO.EXE | Pagoo - internet call waiting. Intercepts telephone calls like an answering machine and plays the voice message on your PC. Only required when you're on-line and via dial-up modem | No |
| X | paint.exe | shnlog.exe | Added by the PUPER-A TROJAN! | No |
| X | PaintingRoom evidence monitor | paintingroom.exe | Paintingroom.com smiley software - not recommended as the site tries to drop a trojan on you... | No |
| X | PaintingRoom smile monitor | paintingroom.exe | Paintingroom.com smiley software - not recommended as the site tries to drop a trojan on you... | No |
| N | PAL Evidence Eliminator | Cleaner.exe | PAL Evidence Eliminator - cover the tracks of your browsing habits and E-mails if you think you need to. Run manually on a regular basis | No |
| N | Palm Desktop | Palm.exe | Palm Desktop Software for use with Palm handheld devices. Available via Start -> Programs | No |
| ? | Palm MultiUser Config | Configtool.exe | MultiUser configuration for a Palm PDA device?. Is it required? | No |
| N | palmOne Registration | register.exe | Registration reminder for Palm products | No |
| X | PalNetaware | pnetaware.exe | PalTalk adware - as included in Morpheus | No |
| N | Palo Alto Software Update Manager 8.0 | PAS8_UD.exe | Update manager for small business planning software from Palo Alto Software - such as Business Plan Pro, Marketing Plan Pro and Email Center Pro | No |
| N | PaltalkNetaware.exe | PALNETAW~1.EXE | Voice chat program. This program stores all buddy list info apparently on the server itself so you never lose your buddy list should you need to reinstall the program due for whatever reason or even reformat. Available via Start → Programs. Delete the shortcut in Start → Programs → StartUp as well otherwise it will be reinstated | No |
| U | pamela.exe | pamela.exe | Pamela is a plug-in or add-on that adds features to Skype peer to peer voice service | No |
| U | Panasonic Communications Utility | Mfpscdl.exe | Port manager for Panasonic Panafax fax_machines | No |
| U | Panasonic HotKey Manager | HKEYAPP.EXE | HotKey management for Panasonic rugged mobile PCs | No |
| U | Panda Antispam Server Service | PasSrv.exe | AntiSpam part of an older version of Panda Internet Security | No |
| Y | Panda Cleaner | pavdr.exe | Panda internet security software related. Possibly the ActiveScan on-line scanner? | No |
| Y | Panda Preventium+ Service | PREVSRV.EXE | Part of the 2004 & 2005 versions of Panda Antivirus and Internet Security | No |
| U | Panda Scheduler | pavsched.exe | Scheduler for older versions of Panda Antivirus. Required if you have scans scheduled on a regular basis | No |
| X | Panda Software Intrenet | panda.pif | Added by the RBOT-ATZ WORM! | No |
| X | PandaAVEngine | PandaAVEngine.exe | Added by the NETSKY.R WORM! | No |
| U | PandaScheduler | pavsched.exe | Scheduler for older versions of Panda Antivirus. Required if you have scans scheduled on a regular basis | No |
| U | Pando | Pando.exe | "Pando is free software that lets you send and receive files and folders of any size* with your existing email address" | No |
| X | Pantera | pantera.exe | Added by the SDBOT.AYN WORM! | No |
| N | Paperport | runppdrv.exe | Loads the drivers associated with monitoring scanner status associated with PaperPort software. Can be a resource hog - see here | No |
| N | PaperPort PTD | pptd40nt.exe | "PaperPort" software associated with scanners | No |
| N | PaperQuote System Tray Icon | PQTRAY.EXE | PaperQuote is a "wallpaper" changer with daily quotes that are either for inspiration or motivation | No |
| X | Parallel Tasking | ptask.exe | Added by the SMALL-CJ TROJAN! | No |
| X | PaRaY_VM | winlogon.exe | Added by the AUTORUN-DV WORM! Note - this is not the legitimate winlogon.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ~A~m~B~u~R~a~D~u~L~ subfolder | No |
| U | ParentalControl | ParentalControl.Exe | Crawler Parental Control - "Get perfect control of websites your children browse, software they use, and folders they access. Regulate the time when they can use your computer and connect to the Internet. Hide content on your computer that you don't want them to see" | No |
| Y | ParetoLogic Anti-Spyware | Pareto_AS.exe | "ParetoLogic Anti-Spyware delivers Active Protection in the form of real-time blocking" | No |
| U | PartSeal | PartSeal.exe | System backup for Sony Vaio PCs. Adds a recovery mechanism for users over and above any System Restore features - allowing users to revert a drive back to the state it was when bought form the factory by hitting F10. The user obviously loses any data stored if not backed-up elsewhere | No |
| X | PASMonitor | pbm.exe | PersonalAntiSpy rogue spyware remover - not recommended, removal instructions here | No |
| X | passcxd | [random filename] | Added by a variant of the SLAPER TROJAN! | No |
| Y | PassLocker | PassLocker.exe | "PassLocker is a complete password manager helping you to manage and safely store your passwords" | No |
| U | Password Door Loader | PDMonitor.exe | Password Door - password protection software | No |
| U | Password Tracker Deluxe | PwTrkr.exe | "Password Tracker Deluxe stores passwords and usernames neatly and securely (encrypted) on your computer" | No |
| N | PasteLister | plister.exe | PasteLister - clipboard extender. Start manually when required | No |
| X | PaSystem | pasystem.exe | Targetsaver adware variant | No |
| Y | PASystemTray | PASystemTray.exe | Related to Panda Security Software - part of Panda Administrator 3 | No |
| X | PAS_Check | udcpas.exe | Part of the DriveCleaner rogue security software - not recommended, removal instructions here | No |
| X | pas_check | pasmon.exe | SystemDoctor rogue security software - not recommended, removal instructions here | No |
| X | Patah Hati | [path to worm] | Added by the PAHATIA-A WORM! | No |
| X | Patah Hati | ISASS.exe | Added by the PAHATIA.A WORM! | No |
| X | Patch | patch.exe | Added by the NETBUS WORM! | No |
| X | Patches Value | WinGamed.exe | Added by the SDBOT.BR WORM! | No |
| ? | Path | lide.exe | ?? | No |
| X | pathname | pathname.exe | Added by the IRCCONTACT TROJAN! | No |
| ? | PathNvidiaTV | patchnvidiaTVout.exe | Related to a Gigabyte Nvidia based video card - typical file location is %ProgramFiles%\Gigabyte\Nvidia | No |
| X | Pausedell | weyer.exe | Added by the SDBOT.BEX WORM! | No |
| X | PAV | pav.exe | Personal Antivirus rogue security software - not recommended. Located in %ProgramFiles%\PAV | No |
| X | PAV.EXE | %Number% | Added by the KITRO.D (or ARGEN.A) WORM! %Number% can be any number | No |
| Y | PAV.EXE | PAV.EXE | PER Antivirus | No |
| Y | PAVFIRES | PavFires.exe | Firewall included with older versions of Panda Antivirus and Internet Security | No |
| Y | PAVFNSVR | PavFnSvr.exe | Part of Panda Antivirus and Internet Security | No |
| Y | Pavkre9x | pavkre9x.exe | Part of the 2005 & 2006 versions of Panda Antivirus and Internet Security | No |
| Y | PavProc | PavPrS9x.exe | Part of Panda Antivirus and Internet Security | No |
| Y | PavProt | PavProt.exe | Part of the 2004 & 2005 versions of Panda Antivirus and Internet Security | No |
| Y | Pavprot9 | Pavprot9.exe | Part of the 2005 versions of Panda Antivirus and Internet Security | No |
| X | PayTime | paytime.exe | Added by the STARTPA-YR TROJAN! | No |
| U | PbAdminACAD | PbMngr5.exe | Bluebeam PDF software printer support. Prints AutoCAD ".dwg" to PDF | No |
| U | pbagent | pbagent.exe | Probot keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| U | PBKScheduler | PBKScheduler.exe | Scheduler for CyberLink PowerBackup - archiving/backup utility | No |
| U | PC Alert III | alert.exe | MSI PC Alert III - allows you to view your system and cpu temperature, fan rpm and more. Only required if you overclock | No |
| X | PC Antispyware 2010 | PC_Antispyware2010.exe | PC Antispyware 2010 rogue security software - not recommended, removal instructions here | No |
| U | PC Booster | pcbooster.exe | PC Booster from inKline Global - "easy-to-use computer system optimizer that gives your system the extra speed and stability you want while ensuring that your computer is kept clean and in tip-top condition" | No |
| U | PC Doc Pro - 3.1 | pcdocpro.exe | PC Doc Pro (now Win Doc Pro) - system health check and fix utility | No |
| X | PC Drive Tool | GDC.exe | PC Drive Tool rogue privacy tool - not recommended. A member of the PCPrivacyTool family | No |
| U | PC Dynamics SdwMon32 | sdwmon32.exe | SafeHouse "Personal Privacy" protects and hides your private and personal photos, videos, files and folders by making them "invisible" and encrypted | No |
| X | PC Live Guard | PC[random characters].exe | PC Live Guard rogue security software - not recommended, removal instructions here | No |
| N | PC Pitstop Optimize Reminder | Reminder.exe | Registration reminder for the PC Pitstop Optimize 2.0 system optimizatoon utility by CA. Located in %ProgramFiles%\PCPitstop\Optimize2 | No |
| U | PC Pitstop Optimize Scheduler | PCPOptimize.exe | Scheduler for the Optimize system optimization utility from PC Pitstop | No |
| X | PC Scout | pcscout.exe | PC Scout rogue security software - not recommended, removal instructions here | No |
| X | PC Security 2009 | PC_Security2009.exe | PC Security 2009 rogue security software - not recommended, removal instructions here | No |
| N | PC SpeedScan Pro | PCSpeedScan.exe | Ascentive PC SpeedScan Pro registry optimizer - not recommended, see here and here | No |
| U | PC Spy Keylogger | ToolKeylogger.exe | PCSpyKeyLogger keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| N | PC Suite | PCSuite.exe | System Tray access to Nokia PC Suite - which "is a free PC software product that allows you to connect your Nokia device to a PC and access mobile content as if the device and the PC were one." This allows you (amongst other options) to backup your devices contents to your PC, use it to connect to the internet, transfer files and synchronize contacts, etc. Available from the start menu | Yes |
| N | PC Suite | LaunchApplication.exe | System Tray access to Nokia PC Suite - which "is a free PC software product that allows you to connect your Nokia device to a PC and access mobile content as if the device and the PC were one." This allows you (amongst other options) to backup your devices contents to your PC, use it to connect to the internet, transfer files and synchronize contacts, etc. Available from the start menu | Yes |
| N | PC Suite for Smartphones | Application Launcher.exe | System Tray accesss to Sony Ericsson PC Suite which "connects your phone to your computer and expands the capabilities of your phone". Start manually via the Start Menu (or optional desktop shortcut) before connecting the phone | No |
| N | PC Suite Tray | PCSuite.exe | System Tray access to Nokia PC Suite - which "is a free PC software product that allows you to connect your Nokia device to a PC and access mobile content as if the device and the PC were one." This allows you (amongst other options) to backup your devices contents to your PC, use it to connect to the internet, transfer files and synchronize contacts, etc. Available from the start menu | Yes |
| N | PC Sync | PCSync2.exe | System Tray access to Nokia PC Sync - which "allows you to synchronise contacts, calendar/to-do items, notes, and e-mails between a Nokia mobile phone and your PC Personal Information Manager (PIM)." Available via the main Nokia PC Suite interface | Yes |
| Y | PC Tools AntiVirus Client | PCTAV.exe | System Tray access to PC Tools AntiVirus from PC Tools - which "provides world-leading protection against viruses, worms and Trojans with rapid updates and IntelliGuard™ technology" | Yes |
| U | PC Tools Disk Suite | aDSProcMngr.exe | Part of PC Tools Disk Suite from PC Tools - which "is an all-in-one hard-disk management utility that integrates disk optimization, defragmentation and backup tools in one easy to use package". Proxy (or agent) for the Disk Suite Service. Based upon my experience, if this is disabled it does not appear to adversely affect on-demand or scheduled tasks but has a "U" recommendation as it's function isn't fully known | Yes |
| Y | PC Tools Firewall Plus | FirewallGUI.exe | System Tray access to PC Tools Firewall Plus from PC Tools - which "is a powerful personal firewall for Windows that protects your computer from intruders and controls the network traffic in and out of your PC" | Yes |
| U | PC Tools Privacy Guardian | pg.exe | Part of Privacy Guardian from PC Tools - which "is a safe and easy-to-use privacy protection tool that securely deletes online Internet tracks and program activity records that are stored in your browser and other hidden files on your computer". This startup entry runs only on the next reboot if the "Cache, History and Address Bar" option is selected under "Browsers" when the users selects "Clean Your Computer". This startup entry is only created when Privacy Guardian is installed on XP. Also included in PC Tools Desktop Maestro (which incorporates Privacy Guardian) | Yes |
| X | PC-Antispy | PC-Antispy.exe | PC-Antispy rogue spyware remover - not recommended, removal instructions here | No |
| X | PC-Antispyware | PC-Antispyware.exe | PC-AntiSpyware rogue spyware remover - not recommended | No |
| X | PC-Checkup | PCCheckUp.exe | Installed by SpeedItUp without permission, along with Search Defender - which is detected by DrWeb as the STARTPAGE.ORIGIN TROJAN! | No |
| X | PC-Cleaner | PC-Cleaner.exe | PC-Cleaner rogue security software - not recommended | No |
| X | PC-Config32 | corona.exe | Added by the CORONEX.A WORM! | No |
| X | PC2X | initial.bat | Added by the DWNLDR-FZZ TROJAN! | No |
| X | PCAntiVirusPro | pgs.exe | PCAntiVirusPro rogue security software - not recommended. A member of the AVSystemCare family | No |
| U | pcAnywhere Agent | pcamgt.exe | Part of pcAnywhere 9.0 or later. This process listens for incoming PC Anywhere connections if your PC is configured as a PC Anywhere host | No |
| Y | PCBG | PCBODYGUARD.EXE | PC Bodyguard from Calluna - protects system files and settings from being deleted, modified, etc | No |
| Y | PCBODYGUARD | PCBODYGUARD.EXE | PC Bodyguard from Calluna - protects system files and settings from being deleted, modified, etc | No |
| U | PcBoost | PcBoost.exe | PCBoost from PGWARE, LLC increases computer performance by allocating higher portions of CPU power to active applications and games | No |
| X | pcc | explcrer.exe | Added by the AGENT-FW BACKDOOR! | No |
| Y | PCCClient.exe | PCCClient.exe | Part of Trend Micro web-security products - PC-cillin 2002-2003 and Virus Buster 2001-2003 | No |
| Y | pccguide.exe | pccguide.exe | Part of Trend Micro web-security products - Internet Security 2005-2007, PC-cillin 2002-2004 and Virus Buster 2001-2007 | No |
| Y | PCCIOMON.exe | PCCIOMON.exe | Part of Trend Micro web-security products - PC-cillin 2000, 2002-2003 and Virus Buster 2001-2004. This is the virus scanner | No |
| X | PCCleaner | SysCleaner.exe | PCCleaner rogue cleaning utility - not recommended, removal instructions here | No |
| Y | PCClient.exe | PCClient.exe | Part of Trend Micro web-security products - PC-cillin 2004 and Virus Buster 2004 | No |
| Y | PccPfw | PccPfw.exe | Part of Trend Micro web-security products - PC-cillin 2002-2003 and Virus Buster 2002-2004. This is the firewall | No |
| Y | PcCtlCom | PCCTLCOM.EXE | Part of Trend Micro web-security products - Internet Security 2005-2006 and Virus Buster 2005-2006 | No |
| N | PCDRealtime | realtime.exe | Apparently the monitoring device for PC Doctor Online. It provides a "free" examination on system files (i.e. registry), reports the number of errors it finds, and invites you to "order" the fee-based fixes from its web site | No |
| U | PCDrProfiler | RunProfiler.exe | Part of PC Doctor software installed for some machines. Disabling or enabling it is down to your preference | No |
| X | PcEXPLODE | specialfile.exe | Added by the RBOT.RH WORM! | No |
| U | PcEye | pceye.exe | PCEye 2000 - parental control utility | No |
| N | PCHbutton | PCHbutton.exe | Used by HP Instant Support | No |
| N | PCHealth | pchschd.exe | This is a "scheduler" and does not turn off PC Health. For more information refer here | No |
| X | PCHEasySearch | STUpdate.exe | PCH EasySearch bar | No |
| ? | PCIMODEM | pcimodem.exe | Associated with Lucent based Aztech MDP7800-U PCI modems. Is it required? | No |
| U | PCLEPCI | ppe.exe | Pinnacle Systems PCI Performance Enhancer. "This tool helps to increase the PCI Busmaster performance of all Pinnacle PCI boards." | No |
| X | PClK | PClK.exe | Added by the LEGMIR-BL TROJAN! | No |
| U | PCMagInstaback2 | InstaBack.exe | InstaBack 2 from PC Magazine - instant and automated backup utility | No |
| ? | PCMCIA Resource Monitor | nvp2pmon.exe | NVIDIA nForce P2P Driver. What does it do and is it required? | No |
| X | PCMM2007RT | pcmm2007.exe | PC MightyMax 2007 rogue security software - not recommended, see here | No |
| ? | PCMMediaSharing | PCMMediaSharing.exe | Part of Acer HomeMedia Connect, which is part of Acer Arcade Live. What does it do and is it required? | No |
| X | PCMMRealtime | pcmm.exe | PC MightyMax rogue security software - not recommended, see here | No |
| N | PCMService | PCMService.exe | Part of Cyberlink's PowerCinema - which can be used to watch movies, play music and even watch TV in a central location. Commonly, PC manufacturers will base their own multimedia player/organizer on PowerCinema (such as Dell's Media Experience and Acer's Arcade Deluxe). Disabling this entry will not prevent PowerCinema working and doing so can prevent problems such as the screensaver not starting or a laptop not entering standby/hibernation/sleep-mode | Yes |
| U | PCPerf | pcperf.exe | PC Accelerator 2007 from DefendGate Inc. "Powerful all-in-one PC performance and Internet acceleration solution designed to help increase your system and online performance and security" | No |
| N | PCPitstop Registration Reminder | Reminder.exe | Registration reminder for the Exterminate antimalware package from PC Pitstop | No |
| U | PCPitStopEraser | PCPitStopErase.exe | "PC PitStop Erase is both a free privacy scanner and paid tracks cleaner" | No |
| U | PCPOptimize | PCPOptimize.exe | Scheduler for the Optimize system optimization utility from PC Pitstop | No |
| X | PCPrivacyCleaner | pcpc.exe | PCPrivacyCleaner rogue privacy tool - not recommended | No |
| X | PCPrivacyTool | GDC.exe | PCPrivacyTool rogue privacy tool - not recommended. There are number of variants in this family sharing the same filename and user interface - see here | No |
| X | PCprot | crcss.exe | Added by an unidentified WORM! | No |
| ? | pcqmqgn.exe | pcqmqgn.exe | ?? | No |
| U | PCRecSA | PCRecSA.exe | Part of the IBM/XPoint Rapid Restore backup utility. If you choose, you can use it to create a "clean" backup of your hard drive. The process involves the software partitioning your hard drive, making a compressed image of the working drive which will then allow you to revert to that should you need to | No |
| X | PCSecureSystem | pgs.exe | PCSecureSystem rogue security software - not recommended. A member of the AVSystemCare family | No |
| X | pcServer | server.exe | Ssppyy spyware | No |
| X | PCShield | regsvr32 sfg_****.dll [* = random char] | SafeguardProtect/Veevo hijacker. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The random DLL file is found in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| X | PcsProtector | PcsProtector.exe | PcsProtector rogue security software - not recommended, removal instructions here. A member of the AntiAID family | No |
| N | PCStart | Pcm25.exe | Runs as part of PCMonitor which is a program for monitoring your activity on your system. It makes screen dumps and key logging. It can hang-up your system because the screen dump page gets VERY big | No |
| N | PCSuite | PCSuite.exe | System Tray access to Nokia PC Suite - which "is a free PC software product that allows you to connect your Nokia device to a PC and access mobile content as if the device and the PC were one." This allows you (amongst other options) to backup your devices contents to your PC, use it to connect to the internet, transfer files and synchronize contacts, etc. Available from the start menu | Yes |
| N | PCSuiteTrayApplication | TrayApplication.exe | System Tray access to Nokia PC Suite - which "is a free PC software product that allows you to connect your Nokia device to a PC and access mobile content as if the device and the PC were one." This allows you (amongst other options) to backup your devices contents to your PC, use it to connect to the internet, transfer files and synchronize contacts, etc. Available from the start menu | No |
| N | PCSuiteTrayApplication | LaunchApplication.exe | System Tray access to Nokia PC Suite - which "is a free PC software product that allows you to connect your Nokia device to a PC and access mobile content as if the device and the PC were one." This allows you (amongst other options) to backup your devices contents to your PC, use it to connect to the internet, transfer files and synchronize contacts, etc. Available from the start menu | Yes |
| N | PCSuiteTrayApplication | TRAYAP~1.EXE | System Tray access to Nokia PC Suite - which "is a free PC software product that allows you to connect your Nokia device to a PC and access mobile content as if the device and the PC were one." This allows you (amongst other options) to backup your devices contents to your PC, use it to connect to the internet, transfer files and synchronize contacts, etc. Available from the start menu | No |
| N | PCSuiteTrayApplication | LAUNCH~1.EXE | System Tray access to Nokia PC Suite - which "is a free PC software product that allows you to connect your Nokia device to a PC and access mobile content as if the device and the PC were one." This allows you (amongst other options) to backup your devices contents to your PC, use it to connect to the internet, transfer files and synchronize contacts, etc. Available from the start menu | No |
| X | Pcsv | pcsvc.exe | Delfin Media Viewer or "Promulgate" adware | No |
| N | PCSync | PCSync.exe | System Tray access to Nokia PC Sync - which "allows you to synchronise contacts, calendar/to-do items, notes, and e-mails between a Nokia mobile phone and your PC Personal Information Manager (PIM)." Available via the main Nokia PC Suite interface | Yes |
| X | PcSync | PcSync.exe | Added by the RBOT-XJ WORM! Note - do not confuse with the Nokia application described here | No |
| N | PcSync | PcSync2.exe | System Tray access to Nokia PC Sync - which "allows you to synchronise contacts, calendar/to-do items, notes, and e-mails between a Nokia mobile phone and your PC Personal Information Manager (PIM)." Available via the main Nokia PC Suite interface | Yes |
| N | PCSync.exe | PCSync.exe | System Tray access to Nokia PC Sync - which "allows you to synchronise contacts, calendar/to-do items, notes, and e-mails between a Nokia mobile phone and your PC Personal Information Manager (PIM)." Available via the main Nokia PC Suite interface | Yes |
| N | PCSync2 | PCSync2.exe | System Tray access to Nokia PC Sync - which "allows you to synchronise contacts, calendar/to-do items, notes, and e-mails between a Nokia mobile phone and your PC Personal Information Manager (PIM)." Available via the main Nokia PC Suite interface | Yes |
| Y | PCTAV | PCTAV.exe | System Tray access to PC Tools AntiVirus from PC Tools - which "provides world-leading protection against viruses, worms and Trojans with rapid updates and IntelliGuard™ technology" | Yes |
| Y | PCTAVApp | PCTAV.exe | System Tray access to PC Tools AntiVirus from PC Tools - which "provides world-leading protection against viruses, worms and Trojans with rapid updates and IntelliGuard™ technology" | Yes |
| X | pctdf.exe | pctdf.exe | PCTotalDefender rogue spyware remover variant | No |
| U | PcThrust | PcThrust.exe | PCThrust from SwiftDog - "increases computer performance by allocating higher portions of CPU power to active applications and games" | No |
| X | PCToolPro | SysRep.exe | PCToolPro rogue system error and cleaning utility - not recommended. A member of the ErrClean family | No |
| X | PCTotalDefender | pgs.exe | PCTotalDefender rogue security software - not recommended. A member of the AVSystemCare family | No |
| X | pctp_check | startmon.exe | Part of the PcTurboPro rogue system optimization tool - not recommended, removal instructions here | No |
| U | pctspk | pctspk.exe | Used for modems based upon PC-TEL chipsets. Normally used for some Voice and Speakerphone functions and also for some Power management options. If you remove it you may not be able to use any of those functions | No |
| Y | pctsTray | pctsTray.exe | System Tray access to both PC Tools Internet Security suite and Spyware Doctor antispyware from PC Tools | Yes |
| Y | pctsTray.exe | pctsTray.exe | System Tray access to both PC Tools Internet Security suite and Spyware Doctor antispyware from PC Tools | Yes |
| X | PCTurboPro | pctp.exe | PcTurboPro rogue system optimization tool - not recommended, removal instructions here | No |
| U | PCTVOICE | pctvoice.exe | The program PCTVoice is used by the modem to interface with your computer and also used for some V.80 functions for Video Conferencing. if you uncheck it, it comes back. It's better to leave it | No |
| U | PCTVRemote | remoterm.exe | Controls the remote control on some Pinnacle TV tuners | No |
| X | PCVirusless | pgs.exe | PCVirusless, French rogue security software - not recommended. A member of the AVSystemCare family | No |
| U | PCWatch | pcwatch.exe | PCWatch surveillance software. Uninstall this software if you did not install it yourself | No |
| U | PD0620 STISvc | P0620Pin.dll | Creative Technology Ltd installation plug-in related | No |
| U | Pd71Pan | Pd71Pan.Exe | Audiotrak Prodigy 7.1 sound card control panel | No |
| X | PDA Commander | stisvc32.exe | Added by the AGOBOT-TX WORM! | No |
| U | PdaNet Desktop | PdaNetPC.exe | PdaNet from June Fabrics Technology Inc. Use Windows Mobile Smartphone or PocketPC Phone as wireless modem for your PC | No |
| X | PDASCAN | pdascan.exe | Added by the AGOBOT-QY WORM! | No |
| U | PDAsync | SyncLauncher.exe | Laplink PDASync - PDA synchronisation utility | No |
| U | PDDM | pddm.exe | Patchlink Update - "core product of the leading patch and vulnerability management software solution for medium and large enterprise network security" | No |
| U | PDEngine | PDEngine.exe | PerfectDisk from Raxco - disk defragmenter. Only required if you schedule disk defragmenting at re-boot | No |
| N | pdexplo | PDEXPLO.EXE | PowerDesk Pro by PowerDesk Pro by Ontrack. Enhanced desktop and file manager. Available via Start -> Programs | No |
| U | PDF Complete | pdfsty.exe | "PDF Complete is a high-quality PDF document creation tool that operates much like the Acrobat® PDF Writer solution. Almost any document can be converted to a pdf file by simply printing the document to the PDF Complete printer" | No |
| ? | PDF Converter Registry Controller | RegistryController.exe | Nuance (was Scansoft) PDF Converter Registry Controller related - what does it do and is it required? | No |
| U | pdfFactory Dispatcher v1 | fppdis1a.exe | FinePrint pdfFactory Dispatcher - background task which handles the creation of PDF files when you print to the FinePrint pdfFactory printer. Version 1.x of the software. "pdfFactory products offer a unique approach to PDF creation that is simpler, more effective and less expensive than that offered by other programs" | No |
| U | pdfFactory Dispatcher v2 | fppdis2a.exe | FinePrint pdfFactory Dispatcher - background task which handles the creation of PDF files when you print to the FinePrint pdfFactory printer. Version 2.x of the software. "pdfFactory products offer a unique approach to PDF creation that is simpler, more effective and less expensive than that offered by other programs" | No |
| U | pdfFactory Pro Dispatcher v1 | fppdis1.exe | FinePrint pdfFactory Pro Dispatcher - background task which handles the creation of PDF files when you print to the FinePrint pdfFactory PRO printer. Version 1.x of the software. "pdfFactory products offer a unique approach to PDF creation that is simpler, more effective and less expensive than that offered by other programs" | No |
| U | pdfFactory Pro Dispatcher v3 | fppdis3a.exe | FinePrint pdfFactory Pro Dispatcher - background task which handles the creation of PDF files when you print to the FinePrint pdfFactory Pro printer. Version 3.x of the software. "pdfFactory products offer a unique approach to PDF creation that is simpler, more effective and less expensive than that offered by other programs" | No |
| U | pdfMachine dispatcher | mapisnd.exe | pdfMachine Windows print driver | No |
| N | pdfSaver3 | pdfSaver3.exe | PDF-XChange - create Adobe compatible PDF files from virtually any Windows software such as MS Word, Excel, AutoCAD, MS Publisher etc | No |
| N | pdibm | pdibm.exe | Part of the IBM customized version of SafeGuard PrivateDisk from Utimaco - which provides secure area of hard disk where files and folders are encrypted. This entry loads the associated IBM wizard to create the initial secure area once the program has been installed and will no longer be loaded (but remains as a startup entry) once it is completed | Yes |
| N | PDIBM Application | pdibm.exe | Part of the IBM customized version of SafeGuard PrivateDisk from Utimaco - which provides secure area of hard disk where files and folders are encrypted. This entry loads the associated IBM wizard to create the initial secure area once the program has been installed and will no longer be loaded (but remains as a startup entry) once it is completed | Yes |
| N | PDIBM.exe | pdibm.exe | Part of the IBM customized version of SafeGuard PrivateDisk from Utimaco - which provides secure area of hard disk where files and folders are encrypted. This entry loads the associated IBM wizard to create the initial secure area once the program has been installed and will no longer be loaded (but remains as a startup entry) once it is completed | Yes |
| N | PDirect | PDirect.exe | IBM Presentation Director software | No |
| U | pdp Server | ctpdpsrvr.exe | Included and setup with the drivers for my Compaq A3000 all-in-one printer/scanner - maybe for networking. Works fine without it - but may be needed when used over a network | No |
| N | pdservice | pdservice.exe | Part of SafeGuard PrivateDisk from Utimaco - which "securely and transparently protects sensitive files on notebooks and desktop computers, regardless of their location (local hard disk, removable media, network file servers), all the time without forcing the user to think about security." As well as providing System Tray access to the main program GUI, this entry also mounts the secured virtual drive(s) when the system boots if you have configured them this way and set the "Automatic Login at Startup" option. This entry isn't required if you mount them manually | Yes |
| N | PDService.exe | pdservice.exe | Part of SafeGuard PrivateDisk from Utimaco - which "securely and transparently protects sensitive files on notebooks and desktop computers, regardless of their location (local hard disk, removable media, network file servers), all the time without forcing the user to think about security." As well as providing System Tray access to the main program GUI, this entry also mounts the secured virtual drive(s) when the system boots if you have configured them this way and set the "Automatic Login at Startup" option. This entry isn't required if you mount them manually | Yes |
| U | PDTray | PDTRAY.EXE | System Tray access to Presentation Director for IBM/Lenovo Thinkpad notebooks - which allows you to create and quickly select between various single and mulitple display options. Scheme selection and settings are also available via Fn+F7 key combination on some models | Yes |
| U | PDTRAY.EXE | PDTRAY.EXE | System Tray access to Presentation Director for IBM/Lenovo Thinkpad notebooks - which allows you to create and quickly select between various single and mulitple display options. Scheme selection and settings are also available via Fn+F7 key combination on some models | Yes |
| U | PDUiP6000DMon | PDUiP6000DMon.exe | Memory Card Utility for the Canon PIXMA iP6000D photo printer - which allows "your computer to access the memory card reader feature of your printer" | No |
| U | PDUiP6000DTskbr | PDUiP6000DTskbr.exe | Memory Card Utility for the Canon PIXMA iP6000D photo printer - which allows "your computer to access the memory card reader feature of your printer" | No |
| U | PDUiP6210DMon | PDUiP6210DMon.exe | Memory Card Utility for the Canon PIXMA iP6210D photo printer - which allows "your computer to access the memory card reader feature of your printer" | No |
| U | PDUiP6220DMon | PDUiP6220DMon.exe | Memory Card Utility for the Canon PIXMA iP6220D photo printer - which allows "your computer to access the memory card reader feature of your printer" | No |
| U | PDUiP6600DMon | PDUiP6600DMon.exe | Memory Card Utility for the Canon PIXMA iP6600D photo printer - which allows "your computer to access the memory card reader feature of your printer" | No |
| U | PDUiP6700DMon | PDUiP6700DMon.exe | Memory Card Utility for the Canon PIXMA iP6600D photo printer - which allows "your computer to access the memory card reader feature of your printer" | No |
| ? | PDVD8LanguageShortcut | Language.exe | Part of Cyberlink's PowerDVD version 8. Language settings? | No |
| U | PDVDDXSrv | PDVDDXSrv.exe | Remote Control background application for Cyberlink's PowerDVD DX - a Dell specific version of their standard PowerDVD product. Enables you to use a remote control with your DVD drive if your drive came with one. Not required if you don't have a remote control, or don't wish to use one | No |
| U | PDVDServ | PDVDServ.exe | Remote Control background application for Cyberlink's PowerDVD version 5 and above. Enables you to use a remote control with your DVD drive if your drive came with one. Not required if you don't have a remote control, or don't wish to use one | No |
| N | Pe2ckfnt SE | chkfont.exe | Used to check whether the fonts are installed properly on your computer or not for a scanner. If you don't want to execute it, you can uncheck it in the startup menu | No |
| ? | PeachtreePrefetcher | PeachtreePrefetcher.exe | Related to Peachtree accounting software by Sage Software. What does it do and is it required? | No |
| ? | PeachtreePrefetcher.exe | PeachtreePrefetcher.exe | Related to Peachtree accounting software by Sage Software. What does it do and is it required? | No |
| X | PECarlin | PECarlin.exe | Adware - see here | No |
| ? | Peeramid | PService.exe | In a "Koptimizer" folder in Program Files. What does it do and is it required? | No |
| U | PeerGuardian | PeerGuardian_1.99b_pr14.exe | PeerGuardian - IP blocker for Windows. Used to protect privacy on P2P networks by blocking IP addresses specified in blocklists. Features support for multiple lists, a list editor, automatic blocklist updates, and blocking all of IPv4 (TCP, UDP, ICMP, etc) | No |
| U | PeerGuardian | pg2.exe | PeerGuardian - IP blocker for Windows. Used to protect privacy on P2P networks by blocking IP addresses specified in blocklists. Features support for multiple lists, a list editor, automatic blocklist updates, and blocking all of IPv4 (TCP, UDP, ICMP, etc) | No |
| U | Pent@VALUE 3.2 | Pent@VALUE.exe | Pent@VALUE Digital Satellite Internet PC Receiver | No |
| X | PeqBL100 | PEQBL100.exe | Added by the ENVID.D WORM! | No |
| Y | PER Email Protection | pavmail.exe | PER Antivirus | No |
| X | Perfect Defender 2009 | pdfndr.exe | Perfect Defender 2009 rogue security software - not recommended, removal instructions here | No |
| N | PerfectPrint | pfppop70.exe | Print engine used by Corel WordPerfect 7 and Presentations 7 | No |
| U | PerfectSuite | dthtml.exe | PerfectSuite™ from ViewSonic. Rebranded version of Display Tune from Portrait Displays, Inc. - which "is the perfect software utility to initially set-up and adjust your display to achieve its optimum performance. All adjustments are made through a simple graphical user interface" | No |
| X | PerfFont (Performance True Type Font) | perfont.exe | Added by the MUTECH-E TROJAN! | No |
| U | perfmon | perfmon.vbs | MindStorm AnalyzerPro from Secure Associates. "A security management tool for customers easy to manage report and analyze security events across heterogeneous security devices" | No |
| X | Perfomance Monitor | davcsync.exe | Added by the LAMUD-A WORM! | No |
| X | Perfomance Settings | svchost.exe | Added by the TOFGER-AP TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in the Winnt or Windows folder | No |
| X | Performance | MyHeart.exe | Added by the PESIN-D WORM! | No |
| N | Performance Center | ApcMain.exe | Ascentive Performance Center - not recommended, see here and here | No |
| X | Performs peer to peer connection | WinPTTP.exe | Added by the RBOT-GMI WORM! | No |
| X | PermissionResearch | prmrsr.exe | Marketscore/RelevantKnowledge adware | No |
| Y | PersFw | PersFw.exe | Kerio or Tiny Personal Firewall | No |
| U | Persistence | igfxpers.exe | Installed with the graphics drivers for Intel desktop and mobile motherboard chipsets with integrated graphics. It's purpose or function isn't known at present but testing with it disabled would appear to indicate it isn't required - hence the recommended "U" status | Yes |
| X | Personal Antivirus | PerAvir.exe | Personal Antivirus rogue security software - not recommended, removal instructions here | No |
| X | Personal Computer | scvhost.exe | Added by the RBOT-AJE WORM! | No |
| X | Personal Defender 2009 | pdefendr.exe | Personal Defender 2009 rogue security software - not recommended, removal instructions here | No |
| X | Personal Firewall V9 | Firewall-UpdateV9.exe | Added by the RBOT-BJR WORM! | No |
| X | Personal Firwall | ptmedsrv.exe | Added by the SDBOT.XY WORM! | No |
| X | Personal Security Center Monitor | isc_ui.exe | Added by the FAKEALERT TROJAN! | No |
| X | PersonalAntiSpy Free | pas.exe | PersonalAntiSpy rogue spyware remover - not recommended, removal instructions here | No |
| X | PersonalAV | pav.exe | PersonalAV rogue security software - not recommended. Detected as the FAKEAV.FT TROJAN by Trend. Located in %ProgramFiles%\PersonalAV | No |
| X | personalguard | personalguard.exe | Personal Guard 2009 rogue security software - not recommended, removal instructions here | No |
| X | personalprotector | personalprotector.exe | Personal Protector rogue security software - not recommended, removal instructions here | No |
| X | PersonalSec | psecurity.exe | Personal Security rogue security software - not recommended, removal instructions here | No |
| U | Pervasive.SQL Workgroup Engine | W3dbsmgr.exe | Database Service Manager for Pervasive SQL 2000 Workgroup edition. Required if you use Pervasive SQL but it's recommended you start it manually before using it as it has a tendancy to crash/freeze if loaded with other applications at startup | No |
| X | Pest-Capture | PestCapture.exe | PestCapture rogue security software - not recommended, removal instructions here | No |
| X | PestCapture | PestCapture.exe | PestCapture rogue security software - not recommended, removal instructions here | No |
| U | PestPatrol Control Center | PPControl.exe | PestPatrol Control Terminal - utility that launched PestPatrol features such as PPMemCheck and CookiePatrol before CA's acquisition | No |
| ? | PestPatrolCL | PestPatrolCL.exe | PestPatrol's command line scanner, combines with the Windows Task scheduler and is required in cases where schedules for regular scanning are set | No |
| X | pestsweeper | pestsweeper.exe | PestSweeper rogue security software - not recommended, removal instructions here | No |
| X | PestTrap | PestTrap.exe | PestTrap rogue spyware remover - not recommended, removal instructions here | No |
| U | Petit Larousse 2001 | HIPL2000Popup.exe | Popup dictionary tool | No |
| X | Pex Sound Driver | Today's Results.vbs | Added by the TRODE-A WORM! | No |
| X | pex Sound driver 2 | Today's Results.vbs | Added by the TRODE-A WORM! | No |
| U | PFM3.0 | PFM30.exe | Management software for the Philips 8FF3WMI/27 digital PhotoFrame. Used to configure the device, transfer photos from a PC by drag and drop and on this wireless model, you can also use it to download RSS feeds to and display Internet photos on the device. Only required if you use the wireless features - otherwise it can be started when you manually connect the device. May also be included with other models but currently only available for this one | Yes |
| U | PFM30 | PFM30.exe | Management software for the Philips 8FF3WMI/27 digital PhotoFrame. Used to configure the device, transfer photos from a PC by drag and drop and on this wireless model, you can also use it to download RSS feeds to and display Internet photos on the device. Only required if you use the wireless features - otherwise it can be started when you manually connect the device. May also be included with other models but currently only available for this one | Yes |
| ? | PFW_CfgEngine | PFWCFG~1.EXE | Personal Firewall related? | No |
| ? | PFW_PullSrv | PULL.EXE | Personal Firewall related? | No |
| U | pg | pg.exe | Part of Privacy Guardian from PC Tools - which "is a safe and easy-to-use privacy protection tool that securely deletes online Internet tracks and program activity records that are stored in your browser and other hidden files on your computer". This startup entry runs only on the next reboot if the "Cache, History and Address Bar" option is selected under "Browsers" when the users selects "Clean Your Computer". This startup entry is only created when Privacy Guardian is installed on XP. Also included in PC Tools Desktop Maestro (which incorporates Privacy Guardian) | Yes |
| Y | Pghist | PgHist.exe | Part of Privacy Guardian from PC Tools - which "is a safe and easy-to-use privacy protection tool that securely deletes online Internet tracks and program activity records that are stored in your browser and other hidden files on your computer". This startup entry runs only on the next reboot if the "Cache, History and Address Bar" option is selected under "Browsers" when the users selects "Clean Your Computer" and is only created when Privacy Guardian is installed on XP. Also included in PC Tools Desktop Maestro (which incorporates Privacy Guardian) | Yes |
| Y | PgHist.exe | PgHist.exe | Part of Privacy Guardian from PC Tools - which "is a safe and easy-to-use privacy protection tool that securely deletes online Internet tracks and program activity records that are stored in your browser and other hidden files on your computer". This startup entry runs only on the next reboot if the "Cache, History and Address Bar" option is selected under "Browsers" when the users selects "Clean Your Computer" and is only created when Privacy Guardian is installed on XP. Also included in PC Tools Desktop Maestro (which incorporates Privacy Guardian) | Yes |
| Y | PgIndex | PgIndex.exe | Part of Privacy Guardian from PC Tools - which "is a safe and easy-to-use privacy protection tool that securely deletes online Internet tracks and program activity records that are stored in your browser and other hidden files on your computer". This startup entry runs only on the next reboot if the "Index.dat" option is selected for IE under "Browsers" when the users selects "Clean Your Computer". Index.dat files keep a track of pages, images, cookies or sounds from web sites you have visited, even if these files are deleted from your system. Also included in PC Tools Desktop Maestro (which incorporates Privacy Guardian) | Yes |
| X | PgMonitr | PgMonitr.exe | Delfin Promulgate adware variant | No |
| Y | PGPSDKSVC | pgpsdkserv.exe | PGPsdkServ.exe is the new SDK service which is responsible for performing all PGP key management and cryptographic functions. This functionality was moved into a service to allow multiple modules simultaneous read/write access to the keyrings, among other things. As you can imagine, it is necessary for PGPsdkServ to be running in order to perform practically any PGP functionality | No |
| U | PGPSERVICE | pgpservice.exe | PGPservice.exe has two main purposes: (1) it handles a large part of the PGPnet functionality (along with the PGPnet driver) and (2) it allows efficient access to the PGP preferences database. The individual PGP modules normally access the preferences through PGPservice, but they are capable of a "fall-back" mode where they can handle such access on their own. Thus, if you are not running PGPnet, you may not immediately notice much of a difference if you disable PGPservice. If you are running PGPnet, you will notice a big difference | No |
| N | PGPtray | pgptray.exe | PGP 7.x. Provides icon tray shortcuts to PGP programs from Network Associates. Available via Start -> Programs | No |
| X | PGQL | pgql.exe | Added by the BCKDR-PQN BACKDOOR! | No |
| X | PGStub.exe | [various filenames] | Unidentified adware | No |
| X | pgtaff | pgtaff.exe | AdRotator adware variant | No |
| U | Phase One Media Reader | DCIMImp.exe | Phase One Media Reader Capture images | No |
| U | phc700 | vphc700.exe | Related to the Philips SPC700NC web camera | No |
| Y | PhiBtn | PhiBtn.exe | Snapshot and Launch button application from Philips belonging to Philips SPC 900NC Camera | No |
| U | Philips Intelligent Agent | Philips Intelligent Agent.exe | Philips Intelligent Agent searches automatically the correct update for your recordable drive in only three simple steps | No |
| U | Philips PhotoFrame Manager | PFM30.exe | Management software for the Philips 8FF3WMI/27 digital PhotoFrame. Used to configure the device, transfer photos from a PC by drag and drop and on this wireless model, you can also use it to download RSS feeds to and display Internet photos on the device. Only required if you use the wireless features - otherwise it can be started when you manually connect the device. May also be included with other models but currently only available for this one | Yes |
| N | PhilipsDM | DeviceManager.exe | Device manager for Philips portable media players such as the GoGear | No |
| ? | PhilipsLime | LimeAlive.exe | Associated with some Philips portable media players such as the GoGear. What does it do and is it required? | No |
| U | PhilipsRemote | PhilipsRemote.exe | Remote control support for MusicMatch Jukebox on Philips audio players such as the AZ2555 Sound Machine - see here | No |
| U | PHIME2002A | TINTSETP.EXE | Microsoft's Input Method Editor for Asian languages which is used to both display and enable the input of characters in e-mails, documents and other files - should you need to. Found on PCs where Asian languages (e.g. Chinese, Hindi, Japanese, etc) have been installed through the Regional and Language options icon in the Control Panel | Yes |
| U | PHIME2002ASync | TINTSETP.EXE | Microsoft's Input Method Editor for Asian languages which is used to both display and enable the input of characters in e-mails, documents and other files - should you need to. Found on PCs where Asian languages (e.g. Chinese, Hindi, Japanese, etc) have been installed through the Regional and Language options icon in the Control Panel | Yes |
| X | PHIME2004C | CTFMDN.exe | Added by the DLOADR-AMV TROJAN! | No |
| X | PHIME2OO2ASyst | [path to trojan] | Added by the DBDOOR-B TROJAN! | No |
| U | PhoneFree version 6.2 | PHONEF??.EXE | An Internet telephony application. Complicated registration and ad banners tailored to your profile - see here | No |
| N | Photo Express Calendar Checker SE | CALCHECK.EXE | If you create multiple Weekly/Monthly/Yearly calendars to use as your wallpaper, Photo Express will replace the wallpaper automatically. Photo Express 2.0 has a calendar checker which checks the date on your system and updates your wallpaper accordingly | No |
| N | Photo Loader supervisory | Plauto.exe | Casio's Photo Loader software. Hook up your camera to the USB port, and it pops up and asks you if you want to load your pictures | No |
| U | PhotoExplosionCalCheck | calcheck.exe | Calendar management feature of Nova Development's Photo Explosion | No |
| U | PhotoManager | PhotoManager.exe | Management software for Philips digital PhotoFrame range. Used to edit photos and transfer them directly from a PC via a USB cable. Start manually when you connect the device | Yes |
| X | Photoshop | svchost.exe | Added by the CDOPEN-E TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the "Program Files" folder | No |
| N | PhotoShow Deluxe Media Manager | mssysmgr.exe | Simple Star PhotoShow Deluxe photo editing and organizing software, makes it easy to send and share digital photos. Bundled with software from Nero, ComCast, SnapFish, MacroMedia and others | No |
| N | PhotoWise QuickLink | quicklnk.exe | Agfa PhotoWise - "PhotoWise QuickLinkTM lets you drag and drop photos right from the camera into your document (applications must be OLE-compliant). Use PhotoWise to print contact sheets and photographic prints. Create slide shows, screen savers, wallpaper and more." | No |
| X | photo_id | photo_id.exe | Added by the AGENT-LTF TROJAN! The file is located in %System% | No |
| U | PhraseExpress | phrase.exe | "PhraseExpress organizes your frequently used text phrases and allows pasting them into any application" | No |
| N | PI Notify | PINotify.exe | Property Intellect from Wild Rabbit Software Ltd - "is widely used in the residential lettings markets to help landlords, investors and managing agents deal with the day-to-day aspects of looking after property" | No |
| X | PIC SYSTEM | picx.exe | Added by the MYTOB.LL WORM! | No |
| N | Picaboo | PicabooMain.exe | Picaboo - "Easily create stunning photo books and cards with your digital photos" | No |
| N | Picasa Media Detector | PicasaMediaDetector.exe | Media detector for Picasa's automatic photo organizer | No |
| N | PicasaNet | Hello.exe | Hello is an application that allows Blogger users to post digital photos and captions directly to their personal weblogs, or blogs | No |
| N | Pickatag | pickatag.exe | Pick-a-tag - "freeware utility for random selection of your taglines. This utility randomly picks a tagline out of a list of taglines. It will create a signature file which your mailer can use to place under your messages" | No |
| U | PicoZip | PicoZipTray.exe | System tray access to PicoZip - "an easy to use Zip and UnZip utility that runs on all 32-bit Windows platforms such as Windows 95, 98, ME, NT4, 2000 and XP" | No |
| N | PICPRTR | PICPRTR.EXE | Program for viewing and measuring a variety of 3D CAD data formats | No |
| X | picsvr | picsvr.exe | Delfin Promulgate adware | No |
| N | Picture Motion Browser Media Check Tool | SPUVolumeWatcher.exe | Part of the Sony Picture Uility software supplied with Sony camera/camcorder products. Automatically invokes an import process if the camera/camcorder is connected and has media on it | No |
| U | Picture Package VCD Maker | Residence.exe | Sony Picture Package software for their range of Digital Handycam video cameras. Used to connect the camcorder via USB and allows the user to burn the content directly to a CD | No |
| N | pictureBUZZTray | swtray.exe | System Tray access to PictureBUZZ on-line printing software from Streetwise Software. If you use the software set the page you use as a favourite in your browser and run it manually | No |
| X | picview | picview.exe | Added by the DWNLDR-FPH TROJAN! | No |
| X | picview | msnmsgr.exe | Added by the BANLOA-AF TROJAN! Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %Windir% | No |
| U | Pidgin | pidgin.exe | Pidgin IM client - "a multi-protocol Instant Messaging client that allows you to use all of your IM accounts at once" | No |
| U | PiDunHK | PIDUNHK.EXE | Part of the Prodigy Internet software - part of the dialer/DUN. Presumably needed for users of that service otherwise you may not be able to connect, although you may try creating your own shortcut and see what happens | No |
| X | pigglett | pigglett.exe | Added by a variant of the SMALL.EP TROJAN! | No |
| U | piiserviceOE | N/A | Spam Inspector (nee Postal Inspector) from The Giant Company or iHateSpam from Sunbelt Software - spam filter add-ons for OE | No |
| X | pilif | pilif.exe | Added by the FILI WORM! | No |
| N | Pinger | pinger.exe | Pinger is the resident program for Toshiba updates. Periodically checks to see if there are any software/driver upgrades for your particular computer model. If it finds any, it posts a notification | No |
| X | PingTimeout Institution | pingchek.exe | Added by the SDBOT-VY WORM! | No |
| X | PingTimeout Institution | internal.exe | Added by the SDBOT.BMH WORM! | No |
| U | Pink Calendar | PinkCal.exe | Pink Calendar & Day Planner | No |
| Y | PinnacleDriverCheck | PSDrvCheck.exe | Part of Pinnacle Systems InstantCD/DVD and InstantCopy CD/DVD copying software that verifies drive settings. Once loaded it doesn't use any resources so you can leave it enabled | No |
| N | PINotify | PINotify.exe | Property Intellect from Wild Rabbit Software Ltd - "is widely used in the residential lettings markets to help landlords, investors and managing agents deal with the day-to-day aspects of looking after property" | No |
| N | Piolet | piolet.exe | Piolet - peer-to-peer file sharing client | No |
| X | PIPE SYSTEM | pipe.exe | Added by the MYTOB-FF WORM! | No |
| N | Piracy | SysUtil.exe | Software Piracy Alert feature bundled with PGWare software. Cries foul when it detects an 'illegal' version. The alerts are reported to disappear as soon as the software is correctly registered. There are privacy issues though: "The Software includes a feature that assigns a unique order number to GameGain based on purchase information. The Software reports this number to us via the internet either when you run the Software or enter the registration number, or both. The Software may also identify and report to us your IP address, date and time of installation, registration and/or use. We use this information strictly to count the number of installations, detect unauthorized access or piracy of the Software, and develop rough statistical data regarding the geographic location of our users" | No |
| N | PitFrame Module | Reminder.exe | Registration reminder for the PC Pitstop Optimize 2.0 system optimizatoon utility by CA. Located in %ProgramFiles%\PCPitstop\Optimize2 | No |
| N | PivotSoftware | wpctrl.exe | PivotPro from Portrait Studios - allows a screen to be rotated to match rotated LCD screens, for example). Shortcut available via Display Properties | No |
| X | Pixel32 | Pixel32.exe | Added by the GEMA TROJAN! | No |
| X | Pixelpwr32 | Pixelpwr32.exe | Added by the GEMA TROJAN! | No |
| X | Pixelsvr | Pixelsvr.exe | Added by the GEMA TROJAN! | No |
| U | pjWebCam | pjWebCam.exe | Webcam automation software that saves regular photos from webcam and can also act as HTTP server | No |
| X | PK Guard | pkguard32.exe | Added by the GUAPIM WORM! | No |
| X | PK Services | pksvc.exe | Added by the FORBOT-BW WORM! | No |
| N | PKR Pal | pkrpal.exe | PKR Pal utility from PKR - "helps keep your software updated so in future there will be no lengthy waits for new versions to install. Based on your selected options it will also let you know when your favourite tournaments are starting!" | No |
| N | pkrpal | pkrpal.exe | PKR Pal utility from PKR - "helps keep your software updated so in future there will be no lengthy waits for new versions to install. Based on your selected options it will also let you know when your favourite tournaments are starting!" | No |
| N | pkrpal.exe | pkrpal.exe | PKR Pal utility from PKR - "helps keep your software updated so in future there will be no lengthy waits for new versions to install. Based on your selected options it will also let you know when your favourite tournaments are starting!" | No |
| U | PktAnything | PocketCompanion.exe | PocketAnything lets you save anything on your computer to your mobile, with one click | No |
| U | Planlægningsagent | mstask.exe | Windows Task Scheduler (on Danish language versions of Windows) - displayed as a box with a stopwatch in the System Tray. Required if you have regularly scheduled tasks like defragmenting, ScanDisk, weekly virus scans and so on | No |
| X | Plasdll service | [random filename] | Added by a variant of the SDBOT WORM! | No |
| X | play ooze | user grim.exe | Added by and unidentified WORM or TROJAN! | No |
| X | Playboy | playavi.exe | Added by the GAMANLOCK TROJAN! | No |
| N | PlayMovie | PMVService.exe | Part of Acer Arcade Deluxe lets you browse pictures, listen to music from a variety of sources, enjoy DVD movies, and create multimedia through one convenient interface | No |
| U | PLEAPCPUCPL | pleapu.exe | CPU Control Panel for the Powerleap CPU upgrade | No |
| ? | PLFFAP | HotfixQ0306270.exe | Prolific Technology Inc. USB Flash Disk driver - is it required in startup? | No |
| U | Plguni | Plguni.exe | Part of McAfee's QuickClean - which removes internet clutter and unwanted programs. This entry monitor changes made to the registry so that they can be undone later using QuickClean - such as removing programs. QuickClean is now integrated into their Total Protection, Internet Security and AntiVirus Plus products primarily as a file cleaner/shredder and no longer supports program removal | No |
| X | plite731 | plite731.exe | Poplite A adware | No |
| U | plmg.exe | plmg.exe | Paragon Last Minute Bidder - auction assistant software | No |
| N | PLNRNote | PLNRNote.exe | Part of Sierra/Hallmark Card Studio - System Tray notification of events such as birthdays and anniversaries that you've scheduled with the customizable Event Planner | No |
| ? | PLoader | umsd.exe | USB Mass Storage Disk related tray icon. Is it required? | No |
| X | Plob | kernel.com | Added by the OPTIXPRO.12 TROJAN! | No |
| X | Plook | plook.exe | AffiliateTarget.com alias PLook adware | No |
| U | Pluck Tray | PluckTray.exe | RSS (XML TAGS) reader program | No |
| N | PluckSvr | PluckUpdater.exe | Pluck Toolbar updater | No |
| X | Plug And Play | msnmsg.exe | Added by the RBOT-ID WORM! | No |
| U | Plus! Alarm Clock | AlarmClock.exe | Alarm Clock function of Microsoft Plus! Digital Media Edition (which is no longer available) | No |
| X | Pluto! Pager | srvhandle.exe | Added by the REDPLUT VIRUS! | No |
| U | PLXSTART | PLXSTART.EXE | Sets the spindown timeout and access speeds at startup and displays the "Plextor Manager 2000" splash screen for Plextor CD-RW. | No |
| N | PLXTASK | PLXTASK.EXE | Taskbar utility for a "control panel" for a Plextor CD-RW. Has MVP 2000 (audio CD player), DiscDupe 2000 (self explanatory CD copying program) and AudioCapture 2000 (rips audio CDs into MP3 or WAV files) | No |
| X | pm32ctrl | pwr32crtl.exe | Added by the CRYPTER.A TROJAN! | No |
| X | pm32info | pm32info.exe | Added by the CRYPTER.A TROJAN! | No |
| X | pmc | 764.exe | Adult content dialler | No |
| X | pmcqt | pmcqt.exe | Added by the DLUCA-V TROJAN! | No |
| ? | PMCS | PMC.Service.Main.exe | Related to MediaCenterService from Pinnacle Systems. What does it do and is it required? | No |
| X | Pmedia | winsrvc.exe | Internet marketing sofware from Permissioned Media Inc as used in E-Card FriendGreetings foistware - see here. Treated by Trend as the FRIENDGRT.B WORM! | No |
| ? | PMHandler | PMHandler.exe | Related to IBM/Lenovo Thinkpad notebooks - possibly related to power management features? What does it do and is it required? | No |
| ? | PmProxy | PmProxy.exe | Associated with Analog Devices "SoundMAX" audio chipset - often built-in to motherboards. What does it do and is it required? | No |
| X | pmr | pmr.exe | PowerStrip foistware. Note - this is not the same as the video tweaking utility of the same name here | No |
| X | pmsngr.exe | pmsngr.exe | Added by the ZLOB.MEDIA-CODEC TROJAN! This purports to be a Windows Media Player upgrade (with names such as "iCodecPack", "X Password Manager" and "Media-Codec") to allow the user to view adult oriented videos on certain websites - but actually downloads and installs additional malware on the user's machine. Various directories and filenames are used - see the link for details | No |
| U | PMT | personalmoneytree.exe | According to the web site Personal Money Tree is an automatic cash rebate program. Note: Not recommended | No |
| N | PMTSHOOT | pmtshoot.exe | MS tool for troubleshooting power management problems | No |
| U | PMXInit | pmxinit.exe | Restores user display preferences Kyro2 based graphics cards. Not required unless you change the default settings - such as gamma | No |
| N | PNAgent | PNAgent.exe | PhatNoise Music Manager - manages WMA, MP3, WAV, etc music files | No |
| X | PNP | wuaaclt.exe | Added by the LILBRE-A WORM! | No |
| X | PnP Driver | playboy.exe | Added by the FORBOT-FR WORM! | No |
| X | PNP FIX | [worm filename] | Added by the RBOT-AKQ WORM! | No |
| U | Pnpchk | Pnpchk.exe | Aztech Labs Sound 3 PnP driver | No |
| X | pnpsvc_lock | ******.exe [* = random digit] | Browser hijacker | No |
| X | pnpsvc_lock | startsvs.exe | Browser hijacker | No |
| U | PNSetup | PNSetup.exe | PopNot - pop-up killer | No |
| X | PNtask Services | pntask.exe | Added by the LALA.C TROJAN! | No |
| X | pnvifj | jusodl.exe | Added by the QQPASS.48436 TROJAN! | No |
| U | Pocket Sheet Sync | PSXLTRAY.EXE | Casio Pocket Sheet synchronization software | No |
| X | Poet | Poet.exe | Added by the DOEP.A WORM! | No |
| X | Pofatch | nstrue.exe | Added by the RANDEX.Z WORM! | No |
| U | point32 | point32.exe | Microsoft IntelliPoint utility (up to version 5.4) - required to support the programmable buttons and additional features and on Microsoft's range of mice, If this entry is disabled, any programmed buttons or program-specific settings will not be supported | Yes |
| U | POINTER | point32.exe | Microsoft IntelliPoint utility (up to version 5.4) - required to support the programmable buttons and additional features and on Microsoft's range of mice, If this entry is disabled, any programmed buttons or program-specific settings will not be supported | No |
| X | Pointmaru | Pointmaru.exe | Added by the AGENT.BLDK TROJAN! | No |
| X | Points Manager | points manager.exe | Altnet TopSearch adware | No |
| N | PoivY | PoivY.exe | PoivY - free internet telephony utility using the VoIP (Voice over Internet Protocol). Call online friends for free and regular phones either for free (limited use) or low rates. One of a number provided by Betamax - the others generally have different rate plans. Similar to the more popular Skype | Yes |
| X | PoliceAV | xppolice.exe | XP Police Antivirus rogue security software - not recommended, removal instructions here | No |
| X | Pollon | pollone.exe | Added by the SPYBOT.FW WORM! | No |
| X | polo.exe | polo.exe | Added by the AGENT-PE TROJAN! | No |
| X | pool manager | popsvr.exe | Added by the AGENT-S BACKDOOR! | No |
| X | poolsv | poolsv.exe | Added by an unidentified WORM or TROJAN! | No |
| X | POP | PopSrv***.exe | PeopleonPage foistware, bundled with Grokster where *** are random digits | No |
| X | POP Manager | popmgr.exe | Added by the BCKDR-PYV BACKDOOR! | No |
| U | POP Peeper | POPPeeper.exe | POP_Peeper from Mortal Universe Software Entertainment "is an email notifier that runs in your Windows task bar and alerts you when you have new email on your POP3, IMAP, etc" | No |
| U | Pop-Up Smasher | PopupSmasher.exe | Pop-Up Smasher - pop-up killer | No |
| U | Pop-Up Stopper | dpps2.exe | Pop-Up Stopper Companion from Panicware. Pop-up blocker integrated into the IE toolbar. Note that the Pro version doesn't load in startup as it is installed as an Internet Explorer toolbar. Can cause problems with IE if you use WinXP and uninstall Service Pack 1. Uninstalling the software leaves it in the startup group | No |
| U | Pop-Up_Blocker | Popup.exe | A Tweak-XP component, blocks advertisement pop-up windows in Internet Explorer. Can be enabled/disabled via Tweak-XP -> Internet Tweaks | No |
| U | Pop-Up_Scanner | Popupscn.exe | Panicware popup blocker | No |
| X | pop06ap | pop06ap2.exe | MediaMotor adware | No |
| X | pop06apelt | thiselt.exe | ZenoSearch adware | No |
| U | pop3 Server | config.cfg | Part of HTML2POP3 - "Convert Webmail to POP3.Is also included a SMTP/POP3 tunneling system that allow send and receive email in a private network HTTP PROXY based. All connection are plugin based. Over 250 email server supported and tested" | No |
| Y | Pop3trap.exe | Pop3trap.exe | Part of Trend Micro web-security products - PC-cillin 2000, 2002-2003 and Virus Buster 2001-2003. This is the E-mail scanner | No |
| X | PopeSvr | PopeSvr.exe | Added by the LEGMIR-AJ TROJAN! | No |
| X | PopMark | WinTask.exe | "Pop Marketing" adware | No |
| U | PopNot | PopNot.exe | PopNot - pop-up killer | No |
| U | PopOops | PopOops.exe | PopOops - pop-up killer | No |
| U | Popopen | popopen.exe | PopOpen makes your windows spring open with animation effects | No |
| X | PopRock | [path to trojan] | Added by the AGENT-LNU TROJAN! | No |
| Y | Poproxy | POPROXY.EXE | Proxy E-mail protection from Norton Anti-Virus (prior to 2002). If you have it installed, leave it enabled to automatically check for suspect attachments in E-mails that may contain viruses. It downloads the E-mail into poproxy, which serves as a proxy server on the local machine, before scanning it | No |
| X | popsrv146 | popsrv146.exe | AproposMedia adware | No |
| U | PopSubtract | PopSub.exe | PopSubtract - pop-up killer | No |
| X | PopularScreensaversWallpaper | rundll32 [path] F3SCRCTR.DLL,LES | MyWebSearch parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "F3SCRCTR.DLL" is located in %ProgramFiles%\MyWebSearch\bar\1.bin | No |
| U | Popup Ad Filter | PopFilter.exe | Popup Ad Filter - pop-up killer | No |
| X | Popup and Advertisement Killers | adkillers.exe | Added by the RBOT-DDH WORM! | No |
| X | Popup Blocker System | PopUpBlocker.exe | Added by a variant of the RBOT WORM! | No |
| X | Popup Blocker System326a Monitoring | PopUpBlocker6a.exe | Added by the RBOT.AUH WORM! | No |
| X | Popup Blocker System8 Monitoring | PopUpBlocker8.exe | Added by a variant of the RBOT WORM! | No |
| X | Popup Blocker Updater | regsvr32 veev****.dll [* = random char] | SafeguardProtect/Veevo hijacker. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The random DLL file is found in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| U | PopUp Buster+ | popupbuster.exe | PopUp Buster - free Pop-up blocker | No |
| X | Popup Defence Updater | regsvr32 pdfupd.dll | SafeguardProtect/Veevo hijacker. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The "pdfupd.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| U | Popup Defender | PD.exe | Popup Defender - pop-up killer | No |
| U | PopUp Destroy | Popup-Destroy.exe | French pop-up killer from VSoft | No |
| X | PopUp Stopper | NO POPUP.EXE | Added by the SPYBOT-DC WORM! | No |
| U | Popup Terminator | GLADManager.exe | Popup Terminator - pop-up killer | No |
| U | PopupEliminator | Popup Eliminator.exe | Popup Eliminator - pop-up killer | No |
| U | PopUpKiller | PopUpKiller.exe | PopUpKiller - pop-up killer | No |
| X | popuppers | newpop63.exe | Medload adware | No |
| X | popuppers64 | a64sddd.exe | Popuppers adware, also detected as the LOWZONE-AA TROJAN! | No |
| X | popuppers65 | [path to file] | Medload adware | No |
| U | PopUpStopperCompanion | PSComp.exe | PopupStopper Companion popup blocker | No |
| U | PopUpStopperFreeEdition | PSFREE.EXE | Panicware's Pop-Up Stopper - free limited features version | No |
| U | PopUpStopperProfessional | PopUpStopperProfessional.exe | Panicware's Pop-Up Stopper - paid for version | No |
| U | PopupVanish | PopupVanish.exe | Pop-up blocker | No |
| U | PopUpWasher | PopUpWasher.exe | PopUpWasher pop-up killer | No |
| X | PopUpWatch | PopUpWatch.exe | BPS spyware remover - not recommended, see here | No |
| X | Pornfolio | ioande.exe | Added by the SDBOT.ATW WORM! | No |
| ? | POS-Partnerbatchprocessor | BATCH.EXE | VISA credit card batch processing related to Appcon. Is it needed or can it be started manually via Start -> Programs or a manually created shortcut? | No |
| N | Post-it® Digital Notes | PDNotes.exe | Post-it® Digital Notes from 3M - "simple to use software that lets you make and organize lists, plan projects step by step, sort your notes by category, personalize messages with photos, even set alarms to remind you of appointments or key dates". Not required unless you use the alarm feature | No |
| N | Post-it® Software Notes | psn.exe | Post-it® Software Notes - Lite from 3M - now replaced by the more advanced Post-it® Digital Notes | No |
| N | Post-it(R) Digital Notes | PDNotes.exe | Post-it® Digital Notes from 3M - "simple to use software that lets you make and organize lists, plan projects step by step, sort your notes by category, personalize messages with photos, even set alarms to remind you of appointments or key dates". Not required unless you use the alarm feature | No |
| N | Post-It(r) Software | Psnotes.exe | Pop-up "yellow" notes on screen. Available via Start -> Programs | No |
| X | PostBootReminder | [random filename] | Added by and unidentified WORM or TROJAN! | No |
| X | Postdavatch | nvdas.exe | Added by the RANDEX.T WORM! | No |
| X | Postpatch | nvdes.exe | Added by the RANDEX.T WORM! | No |
| X | PostSetupCheck | Rundll32.exe atgban.dll | TrafficSol adware variant. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "atgban.dll" file is found in %System% | No |
| X | postSetupCheck | Rundll32.exe gzmrt.dll | TrafficSol adware variant. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "gzmrt.dll" file is found in %System% | No |
| X | PostSetupCheck | Rundll32.exe cpmsky.dll | TrafficSol adware variant. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "cpmsky.dll" file is found in %System% | No |
| U | POW! | pow.exe | Pop-up killer | No |
| X | Power Scan | powerscan.exe | Foistware by Integrated Search Technologies - the people behind ISTBar adware | No |
| X | Power-Antivirus-2009 | Power-Antivirus-2009.exe | Power Antivirus 2009 rogue security software - not recommended, removal instructions here | No |
| U | Power2GoExpress | Power2GoExpress.exe | Power2GoExpress - all media disc burning software | No |
| N | PowerArchiver Tray | PASTARTER.EXE | System Tray access to PowerArchiver from ConeXware, Inc - file compression support tool | No |
| N | PowerBar | Powerbar.exe | Part of Cyberlink's PowerDVD software. Not sure what exactly it does, but not required in startup | No |
| Y | PowerChute | Pwrchute.exe | "During a power outage, if you're not available to save your files & close down Windows....PowerChute will do that for you. PowerChute will save your application files, close your applications and shut down your computer just like you would...otherwise, the APC UPS (Uninterruptible Power Supply) unit would go to battery until it wore down, then your computer would shutoff" | No |
| X | PowerChute | Pwrchute.exe | Added by the LAZAR-A TROJAN! Note - this is located in %ProgramFiles%\APC_Power | No |
| U | PowerDOCSAPIHost | papihost.exe | Hummingbird PowerDOCS - "delivers powerful enterprise document management functionality via a tightly integrated Microsoft WinNT/98/2K environment" | No |
| N | PowerDVD | PowerDVD.exe | Launches Cyberlink's PowerDVD software and creates a system tray icon. If enabled, PowerDVD will open automatically when a DVD movie is inserted. Launch manually | No |
| U | PowerForPhone | PowerForPhone.exe | "ASUS Power 4 Phone is a telephone terminal emulation utility which can use hotkeys to handle a phone call from Skype or Modem in your notebook system." For more information you can find a user's manual here | No |
| N | PowerGramo | PowerGramo.exe | "PowerGramo Skype recorder is a perfect Skype recording solution. With it you can easily record skype calls of any kind" | No |
| U | PowerKey | PowerKey.exe | Part of Acer Launch Manager - programmable keys on such laptops as the TravelMate 610 | No |
| X | PowerManagement | Rundlll.exe | Added by the SURDUX TROJAN! | No |
| X | PowerManager | Svchost.exe | Added by the JEEFO VIRUS! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in the Winnt or Windows folder | No |
| U | Powermarks | pm.exe | Powermarks from Kaylon Technologies - bookmark manager and personal search engine | No |
| Y | PowerPanel | POWPANEL.EXE | Power management utility on notebooks/laptops - automatically switches modes when running on battery | No |
| U | PowerPanel Personal Edition User Interaction | pppeuser.exe | CyberPower PowerPanel Personal Edition UPS Monitoring & Control Software - "is included with CyberPower's products. This exclusive software allows control and monitoring of your UPS to provide protection for your computer system, components, peripherals, and most importantly, your data" | No |
| X | PowerPrifile | rundl132 kenel.dll, PowerProfileEnable | Added by the INMOTA WORM! | No |
| U | PowerPro | powerpro.exe | Part of the power professional program that loads the floating menu bar. Can be accessed from Start -> Programs, but I'd leave it alone if you use this program | No |
| X | PowerProf | PowerProf.exe | Added by the LOREX.B TROJAN! | No |
| X | PowerProfile | mfcp30.exe | Added by the RINDAS-A TROJAN! | No |
| N | PowerQuest Startup Utility | PQINIT.EXE | From a visitor - "This seems to be installed when you install Power Quest Partition Magic. I think that it implements the changes when you use the magic mover app. If you don't have any mappings set up, it does nothing (except waste bytes and cycles). I disabled it using msconfig.exe with no problems" | No |
| N | PowerReg Scheduler | PowerReg Scheduler.exe | PowerREGISTER from Leadertech. Registration reminder as used by Iomega, Hasbro & Microprose - amongst others | No |
| N | PowerReg Scheduler | PowerReg Scheduler V3.exe | PowerREGISTER from Leadertech. Registration reminder as used by Iomega, Hasbro & Microprose - amongst others | Yes |
| N | PowerReg Scheduler V3 | PowerReg Scheduler V3.exe | PowerREGISTER from Leadertech. Registration reminder as used by Iomega, Hasbro & Microprose - amongst others | Yes |
| N | PowerReg SchedulerV2 | PowerReg SchedulerV2.exe | PowerREGISTER from Leadertech. Registration reminder as used by Iomega, Hasbro & Microprose - amongst others | No |
| N | PowerReg SchedulerV3 | PowerReg SchedulerV3.exe | PowerREGISTER from Leadertech. Registration reminder as used by Iomega, Hasbro & Microprose - amongst others | No |
| ? | POWERR~1 | POWERR~1.exe | Power monitoring? | No |
| ? | PowerS | PowerS.exe | ProlinkTest for either their AGP graphics card or TV/FM capture card. Is it required? | No |
| ? | PowerSet | Regedit.exe /s ...PowerSet_8100_CU.REG | Appears to be Toshiba power management related | No |
| N | PowerStrip | powerstrip.exe | PowerStrip is a Video Mode Editor to allow special Refresh Rates and Tweaking of Video Settings | No |
| N | PowerStrip | PSTRIP.EXE | PowerStrip is a Video Mode Editor to allow special Refresh Rates and Tweaking of Video Settings | No |
| U | PowerTools Tray Icon | pttray.exe | PowerTools - add-on for AOL | No |
| U | Powertweak | PT2.EXE | "Powertweak is designed to configure your system in the best way. A processor, the core of the system, or a chipset (a set of components that manage the data flows between the different parts of the system) can be configured." This item is added to startup if 'Use predefined settings' is enabled in the programs options | No |
| U | Powertweak | PTCTRL.EXE | "Powertweak is designed to configure your system in the best way. A processor, the core of the system, or a chipset (a set of components that manage the data flows between the different parts of the system) can be configured." This item is added to startup if 'Configure system at logon' is enabled in the programs options | No |
| U | PowerUp SwitchDesk | SwitchDesk.exe | PowerUp SwitchDesk - virtual desktop manager which allows "you have the possibility to launch games, working and development applications, office and entertainment software on multiple desktops to bring order to your system". Part of Ashampoo® PowerUp XP Platinum 2 from Ashampoo GmbH & Co. KG | Yes |
| U | Power_Gear | BatteryLife.exe | Power management for all Asus notebook. Useful but not critical | No |
| X | pp | pp12.exe | Added by the DWNLDR-HXV TROJAN! | No |
| X | pp | pp2.exe | Added by a variant of the KOOBFACE WORM! | No |
| U | PP Gamma | ppgamma.exe | Profile Prism software that allows monitor calibration and can generate ICC profiles for digital cameras | No |
| N | PP****usb | FBDirect.exe | Software that monitors the status of a Visioneer OneTouch scanner button and allows you to scan, fax, copy, print, and easily communicate by simply dragging and dropping scans on your PaperPort Desktop!. The **** represents the model, 5300, 7600, etc. Available via Start -> Programs | No |
| U | PP2000 Instaupdate | PPInupdt.exe | Protector Plus anti-virus software - instant update program for virus data updates. Not required if you regularly update virus data manually | No |
| Y | PP2000 Real Time Scan | PPVstop.exe | Protector Plus anti-virus software - real time scanner | No |
| Y | PP2000 Taskbar Control | PPTbc.exe | Protector Plus anti-virus software - system tray access | No |
| N | PP3100b | flatbed.exe | Twain driver for the Visioneer PaperPort 3100b scanner that allows you to scan, fax, copy, print, and easily communicate by simply dragging and dropping scans on your PaperPort Desktop | No |
| U | ppass | Antispy.exe | AntiSpy firewall - "program designed to combat against various types of intrusion and monitoring programs currently in use or presently being developed worldwide" | No |
| U | PPControl | PPControl.exe | PestPatrol Control Terminal - utility that launched PestPatrol features such as PPMemCheck and CookiePatrol before CA's acquisition | No |
| U | PPCRunonce | PPCRunOnce.exe | Related to PeoplePC ISP software - may display advertising, see here | No |
| U | PPHIDPAD | pphidpad.exe | PenPower Chinese handwriting recognition software | No |
| U | PPK Setup(Server) | SEServe.exe | Programmable Power Key on Sony Vaio laptops. "Using the Programmable Power Key (PPK) button, collect your e-mail automatically with one key stroke. You can also program your PPK to turn on your SuperSlim Notebook at a predetermined time and perform simple tasks - completely unattended" | No |
| N | ppmate | ppmate.exe | PPMate - free tool for streaming online TV via P2P (peer-to-peer) | No |
| U | PPMemCheck | ppmemcheck.exe | PPMemCheck - used to be part of PestPatrol before CA's acquisition | No |
| X | PPPOEO | pingppac.exe | Added by the SPYBOT.KHC WORM! | No |
| X | PPPOEOE | winlite.exe | Added by the RBOT-AAN WORM! | No |
| N | PProTray | pprotray.exe | Part of the power professional program. Loads the System Tray control | No |
| ? | PPScheduler | PPScheduler.exe | Nuance (was ScanSoft) PaperPort Scheduler - what does it do and is it required? | No |
| U | PPSVC | [path to file] | PC Police surveillance software that logs keystrokes, files looked at, applications used, and chats on either MSN, Yahoo, ICQ or AOL. This information can then be transmitted to a remote user. Uninstall this software if you did not install it yourself | No |
| U | PPSYS | ppsys.exe | PC Police commercial keystroke logger. Uninstall this software if you did not install it yourself | No |
| N | pptd40nt | pptd40nt.exe | "PaperPort" software associated with scanners | No |
| U | PPUpdate | ppupdater.exe | PPUpdater - updater that used to be part of PestPatrol before CA's acquisition | No |
| N | PPWWebCap | PPWebCap.exe | "PaperPort" software associated with scanners | No |
| X | pqhelper | pqhelper.exe | Searchcentrix hijacker | No |
| U | PractiSearch | PSearch.exe | PractiSearch web search software | No |
| U | Praize Messenger | itLoad.exe | Praize IM Christian chat instant messenger | No |
| U | Prayer | PTW.EXE | Islamic Adhan program (call fpr daily prayers) | No |
| X | PrdMgr.exe | PrdMgr.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| X | prdtect | prdtect.exe | Prutect malware from e2Give - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth! | No |
| ? | PreAnnotate | PreAnntt.exe | Genius Wizard Pen Tablet driver related. Is it required? | No |
| N | Precision Time Clock Checker | PrecisionTime.exe | Precision Time 2.0. Checks your computer clock time against the Naval Observatory or some other source to assure accurate time | No |
| X | PrecisionTime | PrecisionTime.exe | PrecisionTime - clock synchronizing software containg spyware by Claria/GAIN. Please note that Claria Corporation no longer support GAIN-Supported software - see here | No |
| X | precpop2 | starter.exe | PrecisionPop adware | No |
| X | Prein | APP****.tmp [* = random char or digit] | Unidentified adware | No |
| X | PreInstall Windows | [path] repcale.exe [path] beird.exe | Added by a variant of the RANDON.AN WORM! Both files are located in %System%\detr | No |
| Y | Preload | Preload.exe | Millenium Multi-Function Keyboard driver | No |
| N | preload | RUNXMLPL.exe | Software found on Acer computers from Wistron. Information suggests it maps keyboard buttons to operating system functions | No |
| ? | PreloadApp | hphprld.exe | HP PhotoSmart printers related. What does it do and is it required? | No |
| X | Premeter | nrpr.exe | NetRatings Premeter spyware | No |
| X | Premeter | prmt.exe | NetRatings Premeter spyware | No |
| X | PremierOpinion | pmropn.exe | PremierOpinion adware | No |
| X | present | .exe | Added by the RUBBLE-C WORM! | No |
| X | Presto TuneUp | PrestoTuneUp.exe | Presto TuneUp rogue optimization utility - not recommended, removal instructions here | No |
| N | PrestoNotes | PrestoNotes.exe | PrestoNotes lets you create virtual notes on your desktop, that can be hidden or shown as needed | No |
| X | Preview AdService | PrevAdServ.exe | Windupdates adware variant | No |
| X | PrevX | prevx.exe | Added by the IRCBOT-TF WORM! Note - this worm is located in the System (Win9x/Me) or System32 (XP/WinNT/2K) directory and is not the PrevX Home intrusion prevention software | No |
| Y | PrevxHome | SAGUI.exe | PrevX Home intrusion prevention software | No |
| Y | PrevxOne | PXConsole.exe | Prevx intrusion prevention software | No |
| Y | PrevxPro | SAGUI.exe | PrevX Home intrusion prevention software | No |
| X | prgtect | prgtect.exe | Prutect malware from e2Give - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth! | No |
| X | Pribi.exe | Pribi.exe | FastFind.B adware | No |
| N | Price Patrol | neo.exe | Price Patrol by Half.com - internet shopping companion for finding the best on-line prices | No |
| ? | PrimaLauncher | Launcher.exe | Associated with PrimaScan scanners. Is it required? | No |
| U | Primax 3D Mouse | 3dmoused.exe | Enables the scroll button on the Primax 3-D Scroll mouse | No |
| ? | Primsta | Primsta.exe | Linksys Wireless CompactFlash Card driver related. Is it required? | No |
| X | Print Driver Helper Service | crsrr.exe | Added by the AGENT-BC TROJAN! | No |
| X | Print Hp Tray | hpprint.exe | Added by the RBOT-GWE WORM! | No |
| N | Print Master Event Reminder | PMremind.exe | Event reminder for calendar dates, etc from Broderbund PrintMaster. Disable using the program's own option (if available) or a startup manager as it will re-instate if disabled via MSConfig | No |
| X | Print Scheduler | usnsvc.exe | Added by a variant of the KOBOT-C WORM! | No |
| N | Print Screen Deluxe | psdeluxe.exe | Utility allows "Print Scrn" or "Print Screen" key to capture, print or save the current window | No |
| X | Print Services | spolserv32.exe | Added by the RBOT.ZP WORM! | No |
| X | print sharing | start.bat | Added by the ZCREW TROJAN! | No |
| X | print sharing | [path] hidden32.exe [path] explorer.exe | Added by the ZCREW.B BACKDOOR! Note - the legitimate Windows Explorer (explorer.exe) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! | No |
| X | Print Spooler | Spoolsv.exe | Added by the CIADOOR.B TROJAN! Note - this is not the legitimate spoolsv.exe which is always located in %System%. This one is located in %Windir% | No |
| X | Print Spooler | spoolsvc32.exe | Added by the SDBOT.BB TROJAN! | No |
| X | Print Spooler | spools.exe | Added by the RBOT-LD WORM! | No |
| X | Print Spooler | spool.exe | Added by the BDOOR-IS BACKDOOR! | No |
| X | Print Spooler | spoolsv32.exe | Added by the RBOT.SW WORM! | No |
| X | Printer | Spyassault.exe | SpyAssault spyware remover - not recommended, see here | No |
| X | Printer | [path to file] | Added by the LOWTAPER TROJAN! | No |
| X | Printer | dipset.exe | Added by a variant of the FBSR TROJAN! | No |
| X | printer | SpyAssaultScanner.exe | SpyAssault spyware remover - not recommended, see here | No |
| X | Printer | vmmon32.exe | Added by the RBOT-CSB WORM! | No |
| X | printer | printer.exe | WinIFixer rogue security software - not recommended, removal instructions here | No |
| X | printer | sysprinter.exe | Added by the SMALL.ZY TROJAN! | No |
| X | Printer Monitor | webprinter.exe | Added by the IRCBOT-Z TROJAN! | No |
| X | Printer Spool | updater.exe | Added by a variant of the RBOT WORM! | No |
| X | Printer spool Service | spool.exe | Added by the RBOT-ACP WORM! | No |
| X | printer spooler | commonaccess.exe | Added by the DELF-LB TROJAN! | No |
| X | Printer Spooler | spooler.exe | Added by the DELF-JJ TROJAN! | No |
| X | Printer Spooler Subsystem | spoolss.exe | Added by a variant of the RBOT WORM! Note - this is not the legitimate Windows spoolss.exe process which is always located in %System% and should not figure in Msconfig/Startup! | No |
| ? | Printer Update | CFGREG.EXE | Maybe a registration reminder or automatically updates drivers or application software for a printer? | No |
| X | printerdrv | vdms.exe | Added by the OPTIXKIL.30 TROJAN! | No |
| X | PrinterSpool | [path] RESTORE.EXE [path] SPOOL.EXE | Added by the ALADINZ.K TROJAN! | No |
| X | Printing Driver | msprint.exe | Added by the RBOT.JH WORM! | No |
| N | Printkey2000 | printkey2000.exe | Screen grabber that intercepts the pressing of the Print Screen (Prn Scrn) key. Start manually when required | No |
| X | PrintMngr | system.exe | Added by an unidentified TROJAN! | No |
| N | printnow | printnow.exe | PrintNow - a utility that primarily allows "Print Srceen" or "Alt+Print Screen" screenshots to be sent directly to a printer | No |
| N | PrinTray | Printray.exe | Lexmark/Compaq printer icon in the System Tray for quick access. Not required - uncheck via Printer configuration rather than MSCONFIG. See also LexmarkPrintray and CompaqPrinTray | No |
| N | PrintScreen | UNWISE.EXE | Gadwin PrintScreen - utility to capture, print or save the current window | No |
| N | Printscreen 95 | PRT95MIN.EXE | Printscreen 95 - utility to capture, print or save the current window | No |
| U | PrintSpooler | lass.exe | Win-Spy keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| X | PrintSpoolSv | System.exe | Added by the BDOOR-S BACKDOOR! | No |
| N | PrintUtil | PrintUtil.exe | HP Print Utility - a troubleshooting utility for HP printers and all-in-ones | No |
| U | PRISMSTA.EXE | PRISMSTA.EXE | Creates a system tray icon for accessing information about Intersil Prism Wireless Settings. Intersil silicon is used by Trendware/Trendnet for example | No |
| U | PRISMSVR | PRISMSVR.EXE | Configuration and settings utility for PRISM chipset based wireless modems such as the 2Wire Wireless Gateway (2701HG) and Siemens Gigaset USB Adapter | No |
| U | PRISMSVR.EXE | PRISMSVR.EXE | Configuration and settings utility for PRISM chipset based wireless modems such as the 2Wire Wireless Gateway (2701HG) and Siemens Gigaset USB Adapter | No |
| N | Privacy Eraser Pro | PrivacyEraser.exe | Privacy Eraser Pro - protects your Internet privacy by cleaning up all Internet history tracks and past computer activities | No |
| Y | Privacy Guardian | PgIndex.exe | Part of Privacy Guardian from PC Tools - which "is a safe and easy-to-use privacy protection tool that securely deletes online Internet tracks and program activity records that are stored in your browser and other hidden files on your computer". This startup entry runs only on the next reboot if the "Index.dat" option is selected for IE under "Browsers" when the users selects "Clean Your Computer". Index.dat files keep a track of pages, images, cookies or sounds from web sites you have visited, even if these files are deleted from your system. Also included in PC Tools Desktop Maestro (which incorporates Privacy Guardian) | Yes |
| U | Privacy Guardian | pg.exe | Part of Privacy Guardian from PC Tools - which "is a safe and easy-to-use privacy protection tool that securely deletes online Internet tracks and program activity records that are stored in your browser and other hidden files on your computer". This startup entry runs only on the next reboot if the "Cache, History and Address Bar" option is selected under "Browsers" when the users selects "Clean Your Computer". This startup entry is only created when Privacy Guardian is installed on XP. Also included in PC Tools Desktop Maestro (which incorporates Privacy Guardian) | Yes |
| X | Privacy Protector | Privacy Protector.exe | PrivacyProtector rogue privacy tool - not recommended, removal instructions here | No |
| X | Privacy Watcher | Privacy Watcher.exe | Privacy Watcher rogue privacy program - not recommended, removal instructions here | No |
| X | PrivacyConductor | GDC.exe | PrivacyConductor rogue privacy tool - not recommended. A member of the PCPrivacyTool family | No |
| Y | PrivacyGuardianIndex | PgIndex.exe | Part of Privacy Guardian from PC Tools - which "is a safe and easy-to-use privacy protection tool that securely deletes online Internet tracks and program activity records that are stored in your browser and other hidden files on your computer". This startup entry runs only on the next reboot if the "Index.dat" option is selected for IE under "Browsers" when the users selects "Clean Your Computer". Index.dat files keep a track of pages, images, cookies or sounds from web sites you have visited, even if these files are deleted from your system. Also included in PC Tools Desktop Maestro (which incorporates Privacy Guardian) | Yes |
| U | PrivacyKeyboard | PrivacyKeyboard.exe | PrivacyKeyboard is a product "that can provide every computer with strong protection against ALL types of keylogging programs and keylogging hardware devices, both known and unknown, currently in use or presently being developed worldwide" | No |
| X | PrivacyProtector Free | UPRP.exe | PrivacyProtector rogue privacy tool - not recommended, removal instructions here | No |
| X | PrivacyScanner | pscan.exe | Privacy Champion, a stealth installed 'Privacy Scanner'. It purportedly scans your PC for links to adult content websites, and then offers to "clean" them. Produces loads of False Positives as goad to purchase | No |
| X | PrivacyWarrior | GDC.exe | PrivacyWarrior rogue privacy tool - not recommended. A member of the PCPrivacyTool family | No |
| N | PrivateDisk | pdservice.exe | Part of SafeGuard PrivateDisk from Utimaco - which "securely and transparently protects sensitive files on notebooks and desktop computers, regardless of their location (local hard disk, removable media, network file servers), all the time without forcing the user to think about security." As well as providing System Tray access to the main program GUI, this entry also mounts the secured virtual drive(s) when the system boots if you have configured them this way and set the "Automatic Login at Startup" option. This entry isn't required if you mount them manually | Yes |
| X | PrivateNet | [various filenames] | Premium rate adult content dialler | No |
| U | Privoxy | privoxy.exe | Privoxy - web proxy with advanced filtering capabilities for protecting privacy, filtering web page content, managing cookies, controlling access, and removing ads, banners, pop-ups and other obnoxious Internet junk | No |
| X | PrizeSurfer | prizesurfer.exe | "PrizeSurfer is the free software that automatically enters you to win cash and prizes just for surfing the web and shopping online!" Stealth installed malware | No |
| X | prjtect | prjtect.exe | Prutect malware from e2Give - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth! | No |
| X | prktect | prktect.exe | Prutect malware from e2Give - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth! | No |
| X | prltect | prltect.exe | Prutect malware from e2Give - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth! | No |
| X | prmt | prmt.exe | NetRatings Premeter spyware | No |
| X | prmtect | prmtect.exe | Prutect malware from e2Give - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth! | No |
| X | PrnShare | Wscript.exe prn_share.vbs | Added by the AUTORUN-AWI WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted. The "prn_share.vbs" file is located in %System% | No |
| U | PrnSys Executable | PrnSys.exe | Print screen utility bundled with some HP printer software - not required, but your choice if you like that feature | No |
| X | pro | [path to file] | Added by the SPYWAD-F TROJAN! | No |
| X | pro | SpySheriff.exe | Added by the SPYWAD-I TROJAN! | No |
| X | Pro Antispyware 2009 | proas2009.exe | Pro AntiSpyware 2009 rogue spyware remover - not recommended, removal instructions here | No |
| U | Pro PCL Status Monitor | PENGSS.EXE | Xerox printer/fax/copier status monitor (PCL = printer control language) | No |
| X | ProAntiVirus | ProAntiVirus.exe | Added by the RBOT-FTP WORM! | No |
| ? | ProArt | ProArt.exe | ?? | No |
| X | Proc | aprocess.exe | Added by the MOVINGMOUSE.475811 TROJAN! | No |
| X | Proc992 | [path to file] | Added by the IXBOT-C WORM! | No |
| X | Proc993 | wqxfne.exe | Added by the IXBOT-D WORM! | No |
| X | process.exe | process.exe | Added by the BANCOS.P TROJAN! | No |
| U | ProcessGovernor | processgovernor.exe | Core engine for Process Lasso from Bitsum Technologies - "a state-of-the-art, highly optimized, automated Windows process (program) management tool. Through managing the programs running on your computer, Process Lasso increases system responsiveness" | No |
| X | Processor | svchost.exe | Added by the AGENT-KIR TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in the root directory (i.e. C:\ or D:\) | No |
| N | ProcessQuickLink2 | ProcessQuickLink2.exe | ProcessQuickLink by Uniblue Systems Ltd - gives you quick access to their Process Library entry for a currently running process via the standard Windows Task Manager (CTRL+ALT+DEL). A System Tray icon also allows you to search the library and launch the Task Manager. Run on demand | Yes |
| U | ProcessSupervisorGUI | ProcessSupervisor.exe | Graphical user interface (GUI) for Process Lasso from Bitsum Technologies - "a state-of-the-art, highly optimized, automated Windows process (program) management tool. Through managing the programs running on your computer, Process Lasso increases system responsiveness" | No |
| U | ProcessTamer | ProcessTamerTray.exe | Mouser's Software Process Tamer "is a tiny (140k) and super efficient utility for Microsoft Windows XP/2K/NT that runs in your system tray and constantly monitors the cpu usage of other processes" | No |
| X | procmon | procmon.exe | Added by the BIONET.40A TROJAN! | No |
| ? | Prodigy DSL | EnterNetDUN.Exe | Prodigy EnterNet DUN PPPoE Client - is it required? | No |
| N | ProdikeysAutorun | Prodload.exe | Creative Prodikeys software - 'an interactive music entertainment device which not only functions as a full-featured, ergonomic "QWERTY" keyboard but also comes equipped with 37 touch-sensitive music keys and accessible music controls for endless entertainment at your desktop. Coupled with the Sound Blaster audio card, you can explore a wide array of realistic instrument sounds and have non-stop fun making music right at your desktop' | No |
| N | ProDsl | ProDsl.exe | Intel Pro/DSL 2100 modem connection manager. Available via Start -> Programs | No |
| X | Profile | Profile.vbs | Added by the WHITEHO VIRUS or TRAPPY WORM! | No |
| N | Profiler | Profiler.exe | Enables the "Profiler" to be launched from a System Tray icon for Saitek's game controllers. Available via Start -> Programs | No |
| X | profiler | liteout.exe | Added by the ZAPCHAS-G WORM! | No |
| X | profiler | prof.exe | Added by the ZAPCHAS-G WORM! | No |
| N | Profiler | ProfilerU.exe | Enables the "Profiler" to be launched from a System Tray icon for Saitek's game controllers. Available via Start -> Programs | No |
| N | ProfilerU | ProfilerU.exe | Saitek SST (Saitek Smart Technolgy) Profile Launcher - allows System Tray access to the "Profiler" and "Control Panel" for Saitek's game controllers. Start manually via Start -> Programs -> Saitek SD6 Programming Software -> Profiler | No |
| X | Prog | csrss.exe | Added by the WEBUS TROJAN! Note - this is not the legitimate csrss.exe process which should not normally figure in Msconfig/Startup! | No |
| X | Prog | lsass.exe | Added by the WEBUS.B TROJAN! Note - this is not the legitimate lsass.exe process which should not normally figure in Msconfig/Startup! | No |
| X | Program Access Service | [10 random letters].exe | Added by the RBOT.GJJ WORM! | No |
| X | Program File | Progmon.exe | Added by the PEEPER TROJAN! | No |
| X | Program in Windows | IEXPLORE.exe | Added by the LOVGATE.AB WORM! | No |
| U | Program Neighborhood Agent | pnagent.exe | Citrix Program Neighborhood Agent | No |
| X | ProgramControl | ProgramControl.exe | Added by the DLOADR-BAG TROJAN! | No |
| ? | ProgramWindow | more comp.exe | ?? | No |
| U | Progressive Touch | SynTPEnh.exe | Synaptics TouchPad Enhancements - included with drivers for Synaptics based TouchPads, which are common on many laptops. Required to display the System Tray icon and support enhanced features such as Tap Zones, Virtual Scrolling and EdgeMotion. If you don't use these features this can safely be disabled. Required on IBM Thinkpads with UnltraNav (pointstick and touchpad combo) if you don't want to loose the advanced pointstick features such as scroll | Yes |
| U | Progressive Touch | SynTPLpr.exe | Synaptics TouchPad driver helper - included with drivers for Synaptics based TouchPads, which are common on many laptops. Works in conjucntion with SynTPEnh and is required if you use any of the enhanced features such as Tap Zones, Virtual Scrolling and EdgeMotion | Yes |
| U | ProjectWhois | ProjectWhois.exe | "Project Whois loads the domain names from all open Firefox and Internet Explorer windows into the one-click menu and gives easy access to the whois records from the System Tray" | No |
| N | projselector | projselector.exe | Roxio Project Selector - can be started manually | No |
| N | Promon.exe | promon.exe | System Tray icon for Intel PRO series ethernet adapters giving access to the diagnostic features | No |
| X | PromoReg | [path to worm] | Added by the WALEDAC.C WORM! | No |
| X | PromoReg | alt.exe.exe | Added by a variant of the AGENT.DOM TROJAN! | No |
| X | prompt drive | [random filename] | Added by the SDBOT.AMF WORM! | No |
| X | PromulGate | PgMonitr.exe | Delfin Promulgate adware variant | No |
| N | PRONoMgr.exe | PRONoMgr.exe | System Tray icon for Intel PRO series ethernet adapters giving access to the diagnostic features | No |
| U | PRONoMgrWired | PRONoMgr.exe | Intel's Pro 100 Ethernet card manager | No |
| X | Proof Defender 2009 | pdfndr.exe | Proof Defender 2009 rogue security software - not recommended, removal instructions here | No |
| U | Propel Accelerator | PropelAC.exe | Propel Internet Accelerator | No |
| U | ProPort Startup | ProPort.exe | Proport is a port monitor/protector. Monitors an infinite amount of ports for trojans and nukes. Some additional features are auto connection-kill, and IP resolving | No |
| X | proses | [5 random letters].exe | Added by a variant of the RBOT WORM! | No |
| X | ProSiteFinder | prositefinder.exe | ProSiteFinder adware | No |
| X | Proteção de tela | ssmaze.scr | Added by the BANCBAN-FB TROJAN! | No |
| U | Protect | SHVRTF.EXE | PC Angel takes a 5-second snapshot of the current system registry each time the PC boots up. In the event of a crash, PC ANGEL will retrieve everything up to the minute before the crash or the last known stable registry | No |
| X | protect | protect.scr | Added by the DLOADER-TQ TROJAN! | No |
| X | Protected Storage | RUNDLL32.EXE MSSIGN30.DLL ondll_reg | Added by the LOVGATE-W WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| X | ProtectingTool | SysRep.exe | ProtectingTool rogue system error and cleaning utility - not recommended. A member of the ErrClean family | No |
| X | Protection | [path] runtask.exe [path] protection.exe | Added by a variant of the AGENT.3.AU TROJAN! | No |
| X | Protection | Protection.exe | Added by the FEBELNECK-A WORM! | No |
| X | Protection | Firewall.exe | Added by the ELIPTER.A or ELIPTER.B WORMS! Located in %ProgramFiles%\Internet Explorer | No |
| X | Protection | IExplore .exe | Added by the ELIPTER.D WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) process as there is a space before the ".exe" | No |
| X | Protection | Norton Internet Security.exe | Added by the ELITPER.E WORM! | No |
| X | Protection System | psystem.exe | Protection System rogue security software - not recommended, removal instructions here | No |
| X | ProtectionComplete | pgs.exe | ProtectionComplete rogue security software - not recommended. A member of the AVSystemCare family | No |
| X | ProtectionConue | pgs.exe | ProtectionConue rogue security software - not recommended. A member of the AVSystemCare family | No |
| X | ProtectionDeDriver | GDC.exe | ProtectionDeDriver rogue privacy tool - not recommended. A member of the PCPrivacyTool family | No |
| X | Protections | ProtEX32.exe | Ultimate SecuritySuite rogue malware remover - not recommended, see here | No |
| X | Protector GB | protectgb.exe | Added by the BANKER.EIE TROJAN! | No |
| X | ProtectPcs.exe | ProtectPcs.exe | ProtectPcs rogue security software - not recommended, removal instructions here. A member of the AntiAID family | No |
| X | ProtejaseuDrive | SysRep.exe | ProtejaseuDrive rogue system error and cleaning utility - not recommended. A member of the ErrClean family | No |
| X | ProtezionefiData | pgs.exe | ProtezionefiData rogue security software - not recommended. A member of the AVSystemCare family | No |
| X | ProtezioneSoft | SysRep.exe | ProtezioneSoft, Italian rogue system error and cleaning utility - not recommended. A member of the ErrClean family | No |
| X | Protocol Settings | kav.exe | Added by a variant of the RBOT WORM! | No |
| X | ProtocolDiskChk | ssrms.exe | Added by the BDOOR-ML BACKDOOR! | No |
| X | ProtocolDiskChk | svcvlw32.exe | Added by the STINX-Y TROJAN! | No |
| X | ProtocolEventTsk | csrwjd.exe | Added by the STINX-N TROJAN! | No |
| X | prov | prov.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | Provan Security | psecure.exe | Added by the RBOT.BRV WORM! | No |
| Y | proxim_orinoco_11abg | orinoco.exe | Proxim ORiNOCO 11a/b/g PCI Card wireless configuration utility | No |
| N | PROXOMITRON | PROXOMITRON.EXE | A free, highly flexible, user-configurable, small but very powerful, local HTTP web-filtering proxy - see here | No |
| N | PROXOMITRON | PROXOM~1.EXE | A free, highly flexible, user-configurable, small but very powerful, local HTTP web-filtering proxy - see here | No |
| Y | ProxyCap | ProxyCap.exe | "ProxyCap enables you to tunnel Internet applications through HTTP, SOCKS v4, and SOCKS v5 Proxy Servers" | No |
| U | ProxyWay | proxyway.exe | ProxyWay anonymous proxy surfing software | No |
| U | PRPCMonitor | PRPCUI.exe | Intel® SpeedStep™ interface. This automatically detects whether a mobile PC is using battery or AC power. When using battery power, SpeedStep scales the processor clock frequency and voltage to reduce the power it needs by 40% | No |
| X | prqtect | prqtect.exe | Prutect malware from e2Give - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth! | No |
| X | prrtect | prrtect.exe | Prutect malware from e2Give - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth! | No |
| X | prstect | prstect.exe | Prutect malware from e2Give - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth! | No |
| X | prtcct | prtcct.exe | Prutect malware from e2Give - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth! | No |
| X | prttect | prttect.exe | Prutect malware from e2Give - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth! | No |
| X | PrU Async Service | [path to worm] | Added by the IRCBOT-UG WORM! | No |
| X | Pruo | taee.exe | PurityScan adware | No |
| X | prutcct | prutcct.exe | Prutect malware from e2Give - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth! | No |
| X | prutdct | prutdct.exe | Prutect malware from e2Give - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth! | No |
| X | prutgct | prutgct.exe | Prutect malware from e2Give - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth! | No |
| X | pruthct | pruthct.exe | Prutect malware from e2Give - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth! | No |
| X | prutict | prutict.exe | Prutect malware from e2Give - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth! | No |
| X | prutlct | prutlct.exe | Prutect malware from e2Give - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth! | No |
| X | prutpct | prutpct.exe | Prutect malware from e2Give - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth! | No |
| X | prutsct | prutsct.exe | Prutect malware from e2Give - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth! | No |
| X | prvtect | prvtect.exe | Prutect malware from e2Give - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth! | No |
| X | prxtect | prxtect.exe | Prutect malware from e2Give - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth! | No |
| X | ps1 | ps1.exe | PacerD Media/Pacimedia.com adware | No |
| U | PS2 | ps2.exe | Multimedia Keyboard companion on HP computers. If this is prevented from starting, then some keyboard functionality will be lost. | No |
| X | psaload32 | psaload32.exe | Added by the RBOT-ADL WORM! | No |
| X | PSC main | sttool32.exe | Added by the OBFUSCATED.EV TROJAN! | No |
| X | PSCastor | PSCastor.exe | Added by the PSCASTOR TROJAN! | No |
| X | PSCMain | pscmain2.exe | Added by the OBFUSCATED.EV TROJAN! | No |
| X | PSD Tools Channel | ChannelUp.exe | BuddyLinks adware | No |
| U | PSDiagnosticM | PSDiagnosticM.exe | Diagnostic utility for the Linksys Wireless-G PrintServer | No |
| Y | PSDrvCheck | PSDrvCheck.exe | Part of Pinnacle Systems InstantCD/DVD and InstantCopy CD/DVD copying software that verifies drive settings. Once loaded it doesn't use any resources so you can leave it enabled | No |
| X | Psecurity | psecurity.exe | Personal Security rogue security software - not recommended, removal instructions here | No |
| X | PService | svcnow32.exe | Added by the SPYBOT-DJ TROJAN! | No |
| U | PSFree | PSFree.exe | Pop-Up Stopper Free from Panicware. Pop-up blocker integrated into the IE toolbar. Note that the Pro version doesn't load in startup as it is installed as an Internet Explorer toolbar. Can cause problems with IE if you use WinXP and uninstall Service Pack 1. Uninstalling the software leaves it in the startup group | No |
| X | PSGuard | PSGuard.exe | Variant of the SmitFraud alias FAKEALE-C TROJAN! | No |
| X | PSGuard spyware remover | PSGuard.exe | Variant of the SmitFraud alias FAKEALE-C TROJAN! | No |
| X | pshower | pshwr.exe | SafeSurfing adware variant | No |
| Y | PSIMSVC | PSIMSVC.exe | Part of Panda Antivirus and Internet Security | No |
| N | PSIWin2.3 Connection Server | Psconsv.exe | Allows connectivity between a PC and a Psion device. Access can be gained from the Desktop or Start -> Programs | No |
| U | pskl | keyspy.exe | KeyboardLogger keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| X | PSLister | PSLister.exe | PurityScan C adware | No |
| U | PsMFCard | PsMFCard.exe | Component of the Toshiba Controls. Provides power-saving functions for the PCMCIA slots. Through the Power Save Mode Properties dialogue, the user can select from 3 PCMCIA power options - On, Auto1 and Auto2. Disabling this item has no adverse effects, except disabling the ability to reduce power consumption by powering-down the PCMCIA slots when not in use | No |
| N | psn.exe | psn.exe | Post-it® Software Notes - Lite. "You can use this digital version of the famous canary yellow note to remind you to do something, to capture an idea or to organize all those important phone numbers - all from your computer desktop" | No |
| N | PsnLite | PsnLite.exe | Post-it® Software Notes - Lite. "You can use this digital version of the famous canary yellow note to remind you to do something, to capture an idea or to organize all those important phone numbers - all from your computer desktop" | No |
| Y | PSNotify | psnotify.exe | Pharos SignUp Vx - "PC reservation and management application that addresses the PC scheduling needs of public libraries and higher education labs and libraries" | No |
| X | PSof1 | PSof1.exe | PacerD Media/Pacimedia.com adware installer | No |
| X | PSoft1 | psoft1.exe | PacerD Media/Pacimedia.com adware installer | No |
| Y | PsPCCard | PsPCCard.EXE | Background Power Saving task found on Toshiba laptops and which handles turning Power Saving ON and OFF on any inserted PC Card (PCMCIA card). Only ever disable if you do not use any power saving or hibernation settings (ie: they are all OFF) | No |
| U | PspContr | pspcontr.exe | Driver/controller for the Philips SpeechMike 6174. As the Philips FreeSpeech application is no longer supported it can be disabled but the Mike can still be used for certain functions using this driver | No |
| ? | PspUsbCf | PspUsbCf.exe | ?? | No |
| Y | PSQLLauncher | launcher.exe | IBM ThinkVantage Fingerprint Software | No |
| U | PsSound | PsSound.exe | On a Toshiba laptop. Operates your sound in one of 4 modes, off, on , on only with powerr, same as #3 but longer delay | No |
| U | pst | memaker2.exe | SpymodePCSpy surveillance software. Uninstall this software unless you put it there yourself | No |
| ? | PSTORES | PSTORES.EXE | Part of Windows Services Protected Storage? | No |
| U | PSwitch | ProxySwitcher.exe | "Proxy Switcher offers full featured connection management solution" as different internet connections often require completely different proxy server settings and it's a real pain to change them manually | No |
| X | psybnc server 3.1 | psybnc321.exe | Added by the RBOT.ENI BACKDOOR! | No |
| X | psyBNC-2.1.4 Client Server | psyBNC215.exe | Added by a variant of the RBOT WORM! | No |
| X | ptask | ptask.exe | Part of VirtualPCGuard, VirusGuardPlus and other members of the AVSystemCare family of rogue security software suites. See here for more examples | No |
| U | PTBSync | PTBSync.exe | PTBSync from ElmüSoft - a tool to synchronize your PC time with an an atomic clock via the internet | No |
| N | ptfb | ptfb.exe | Push the Freakin' Button - "When a dialog causes irritation, you simply tell PTFB which button should be pressed, and it will handle the dialog in future" | No |
| U | PTHOSTTR | PTHOSTTR.EXE | System Tray access to HP ProtectTools Security Manager - "can be configured to prevent unauthorized access using Smart Cards, TPM Embedded security chips, USB tokens and other security technologies" | No |
| ? | Ptipbmf | rundll32.exe ptipbmf.dll, SetWriteCacheMode | Installed with the miniport drivers for Promise hard drive controllers in both RAID and non-RAID installations. May be necessary in order to maintain preferences applied to the RAID array connected to the Promise controller | No |
| U | PtiuPbmd | Rundll32.exe ptipbm.dll, SetWriteBack | Installed with the miniport drivers for Promise hard drive controllers in both RAID and non-RAID installations. Tells the drivers that the connected Drives should use the "Write Back" Caching. You can disable this if you don't want to use "Write Back" Caching or if you have not connected any driver to your Promise Controller | No |
| X | PTRGMYGK | rundll32.exe ptmg1v.dll, DllRunMain | Added by an unidentified TROJAN, WORM or other malware! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| U | ptrun32 | ptrun32.exe | ParentTools surveillance software. Uninstall this software unless you put it there yourself | No |
| U | PTRUN32 | ptr32w.exe | ParentTools surveillance software. Uninstall this software unless you put it there yourself | No |
| N | Ptsnoop | Ptsnoop.exe | These descriptions I've come across - all valid as far as I can see :- (1) Program installed with some modems that monitors the COM ports for the modem driver. Not required from what I've read - may need a registry edit to get rid of it (2) Backdoor trojan virus that copies itself as PTSNOOP.EXE -see here for more info(3) Apparently the people who put it out claim it's a driver for a Voice modems (don't know who they are though - Ed) Note: If using AOL and you disable this you may lose your connection or lock up (4) Can also be an older Logitech scanner program. Remove from the Win.ini tab under Load='path'PTSNOOP and the System.ini tab under drivers='path'ptrtkr.drb. Can cause parallel port conflicts big time dragging system resources way down when a conflict exists (5) Allows audio monitoring of modem phone dialling tones and can be useful if you have connection problems (6) Karen Kenworthy's Snooper - "logs the start and stop time of all programs run under Windows" | No |
| X | PTSShell | PTSShell.exe | Added by the WINKO.AO WORM! | No |
| U | pttrun | pttrun.exe | Transmeta Crusoe processor related. Reduces application launch times and makes the computer "more responsive" | No |
| N | PtUDFApp | PtUDFApp.exe | Sony abCD program, included on the CD Xtreme install CD, used to format CD-RWs for packet writing (similar to DirectCD). Available via Start -> Programs. Note that you must add a /T switch to the command line to get it to load to the taskbar | No |
| U | PUAC v2.0.7 | Puac.exe | "Peter's Ultimate Alarm Clock" | No |
| U | Pubelle | Pubelle.exe | Pubelle - French popup blocker by Guillaume Ryder | Yes |
| X | Public Microsoft ODBC | ODBC32*.exe [* = random char] | Added by the MASLAN.D WORM! | No |
| X | Pujangga | KOMPTI.exe | Added by the PITKOM-A TROJAN! | No |
| U | pumcfgp | proxycfg.exe | "GuardWare iShield blocks pornographic images when you surf the Internet on your computer using a web browser" | No |
| N | Pure Networks Port Magic | PortAOL.exe | Pure Networks Port Magic, as available in the latest version of the AOL® 9.0 Optimized SE software; automatically configures most in-home Internet gateways, improving access and performance for applications such as instant messaging, online gaming, and streaming music and video. See here | No |
| U | PureText.exe | PureText.exe | PureText by Steve Miller. "Have you ever copied some text from a web page or a document and then wanted to paste it as simple text into another application without getting all the formatting from the original source? PureText makes this simple by adding a new Windows hot-key (default is WINDOWS+V) that allows you to paste text to any application without formatting" | No |
| U | Purgative | PURGATIVE100.EXE | AIM (AOL Instant Messenger) Ad Remover Using Active Memory Edits instead of a patch/crack | No |
| X | Purgatory | Purga.exe | Added by the PURGORY-B WORM! | No |
| U | Purge with Current Options | PURGEIE.EXE | PurgeIE from Assistance & Resources for Computing, Inc. - Internet Explorer browsing history cleaner | No |
| N | Push Client | pull.exe | Client software from Interwise that MS use for their webcasts | No |
| N | Push The Freakin' Button | ptfb.exe | Push the Freakin' Button - "When a dialog causes irritation, you simply tell PTFB which button should be pressed, and it will handle the dialog in future" | No |
| N | PUSH6599 | PUSH6599.EXE | Scan button monitor for Relysis Episode MF6599 USB scanner as you can start scanning manually via the scanning software | No |
| X | pushbot | service52.exe | Added by a variant of the PUSHBOT WORM! A family of worms that spread using MSN Messenger | No |
| X | PutA!! | PutA!!.exe | Added by the OPASERV.L WORM! | No |
| X | PutAS! | PutA!!.com | Added by the OPASERV.Z WORM! | No |
| X | putil | [filename] | Added by the LDPINCH TROJAN! | No |
| U | PuXpMan2 | PuXpMan2.exe | System Tray access to the Ashampoo® PowerUp XP Platinum 2 tweaking utility from Ashampoo GmbH & Co. KG - which includes (amongst others) one-click tuning, multiple desktops, taskbar control center and an autostart manager | Yes |
| U | PV92TRAY | PV92Tray.exe | PCtel HSP V.92 modem configuration utility | No |
| X | PVModule | pvmodule.exe | Adperform.com/Adoptim.com adware - located in %ProgramFiles%\PrintView and detected by Avira AntiVir antivirus as the AGENT.ALB TROJAN! NOTE - the 'real' PrintView installs in C:\CBR folder | No |
| N | PVR | PVR.exe | Pocket Voice Recorder - freeware sound recorder that records from microphone and any other input line available with your sound card | No |
| U | PVUnInst1 | PVUnInst1.exe | Privacy View - privacy software that ensures that all your private computer files, photos, documents, and websites remain secure from prying eyes | No |
| Y | pwmgr | pwmgr.exe | Part of Client Security Software for IBM\Lenovo notebooks - IBM® Client Security Password Manager "enables you to manage your sensitive and easy-to-forget login information, such as user IDs, passwords, and other personal information, with IBM Client Security. The IBM Client Security Password Manager stores all information through the IBM Security Chip so that your UVM user authentication policy controls access to your secure applications and Web sites." Can also be used with or without the Fingerprint Reader on select models | No |
| X | Pwr32ctr | Pwr32ctr.exe | Added by the GEMA TROJAN! | No |
| X | Pwr32ctrl | Pwr32ctrl.exe | Added by the GEMA TROJAN! | No |
| X | Pwr32mgt | Pwr32mgt.exe | Added by the GEMA TROJAN! | No |
| U | PWRESET | pwreset.exe | Related to the Avaya IP Softphone | No |
| N | PWRISOVM.EXE | PWRISOVM.EXE | PowerISO - a powerful CD/DVD image file processing tool | No |
| Y | PWRMGRTR | PWRMGRTR.DLL | Power Manager - background monitor module for IBM ThinkPad laptops. Leave it alone to ensure proper power management functions | No |
| U | pwrmonit | RunDll32 [path] pwrmonit.dll,StartPwrMonitor | Part of the Battery MaxiMiser and Power Management Features set for some IBM/Lenovo Thinkpad notebooks. This entry displays the battery gauge icon in the Taskbar (not the System Tray). Provides shortcuts to the proprietary power saving settings and to a battery information window | Yes |
| X | Pwroff | Pwroff.exe | Added by the GEMA TROJAN! | No |
| U | Pwrsave | Pwrsave.exe | Toshiba Power Saver utilities. Required on a laptop if you run of a battery and want to conserve power | No |
| ? | Pwruplogin | pulogin.exe | ?? | No |
| U | PwrUpManager | PuXpMan2.exe | System Tray access to the Ashampoo® PowerUp XP Platinum 2 tweaking utility from Ashampoo GmbH & Co. KG - which includes (amongst others) one-click tuning, multiple desktops, taskbar control center and an autostart manager | Yes |
| U | PwrUpSwDesk | SwitchDesk.exe | PowerUp SwitchDesk - virtual desktop manager which allows "you have the possibility to launch games, working and development applications, office and entertainment software on multiple desktops to bring order to your system". Part of Ashampoo® PowerUp XP Platinum 2 from Ashampoo GmbH & Co. KG | Yes |
| U | PwrupTweakMe | PUPXPTWK.EXE | Ashampoo's PowerUp XP is a "tool for fine-tuning your Windows NT4, 2000, 2003 Server and XP configuration". Boot-up options won't work if disabled | No |
| U | PWS Tray | PwsTray.exe | Microsoft's Personal Web Server, an application which allows PCs to behave as web servers (allows you to test your .asp pages on your own PC without having to load them onto the internet). Available via Start -> Programs | No |
| U | PWSActivePrint_5 | ActivePrintSystem.exe | ActivePrint from Pocket Watch LLC - "Windows Mobile users are given the invaluable capability of printing from their mobile devices to any Windows 2000/XP/2003/Vista compatible printer without the necessity of wireless hardware" | No |
| X | PYJJIME | PYJJIME.exe | Added by the AGENT-BXQ TROJAN! | No |
| X | PyroAntiSpy | PyroAntiSpy.exe | PyroAntiSpy Russian rogue spyware remover - not recommended, removal instructions here | No |
| N | p_981116 | p_981116.exe | Win32 cabinet self extractor. More info here | No |
| N | Q152404 | wsript.exe Q152404.VBS | Appears to run Scandisk at bootup on NEC PCs | No |
| X | q36i36O | lms2cenu.exe | Added by the SECONDTHOUGHT VIRUS! | No |
| N | QAGENT | qagent.exe | Quicken program is controlled by a separate utility program called the Quicken Download Manager (also known as Qagent). When Quicken Download Manager option is enabled, background downloading takes advantage of unused bandwidth to download current financial information anytime your computer is connected to the Internet | No |
| X | qappsrvc32.exe | qappsrvc32.exe | Detected by Kaspersky as the WEBBER.M TROJAN! | No |
| X | qaswww | jdsuml.exe | Added by the BUZUS.CQMU TROJAN! | No |
| N | QBCD autorun | autorun.exe | Quick Books CD | No |
| X | qbkupdbs | mqbkup.exe | Added by the OPASERV.K WORM! | No |
| X | qbotd | [random filename] | Added by the BOTTEN TROJAN! | No |
| N | QBReminderFlash | QBReminder.exe | Upgrade reminder for Intuit's QuickBooks | No |
| ? | qBrowse | qbrowse.exe | ?? | No |
| X | QBRSR | QuickBrowser.exe | top-banners.com adware | No |
| U | Qchex Tray Icon | Qchex.exe | Related to G7 Productivity Systems Check Software | No |
| U | QCTray | QCTray.exe | System Tray access to IBM Access Connections - forerunner to the current ThinkVantage version. Connectivity-assistant program for IBM/Lenovo ThinkPad or 3000 Family notebook computers - "allowing users to seamlessly switch between wired and wireless environments, managing security settings, printers, home page and other location-specific settings automatically" | Yes |
| U | QCWLICON | QCWLICON.EXE | Part of IBM Access Connections - forerunner to the current ThinkVantage verison. Connectivity-assistant program for IBM/Lenovo ThinkPad or 3000 Family notebook computers - "allowing users to seamlessly switch between wired and wireless environments, managing security settings, printers, home page and other location-specific settings automatically." This is the System Tray icon giving notifications of and access to the Wireless Connection Status | Yes |
| N | QD FastAndSafe | QDCSFS.exe | Automatically runs Fast & Safe clean-up from Norton/Quarterdeck Cleansweep. Deletes safe to remove files such as Temporary Internet Files (cache). Recommended you run it manually | No |
| U | QDM | QdmStart.exe | QDM (QDI Desktop Manager) - part of QDI ManageEasy for QDI's series of motherboards for monitoring PSU, temperatures, BIOS information, etc. Only required if you overclock system components and need to monitor temperatures, etc | No |
| U | QDMStart | QdmStart.exe | QDM (QDI Desktop Manager) - part of QDI ManageEasy for QDI's series of motherboards for monitoring PSU, temperatures, BIOS information, etc. Only required if you overclock system components and need to monitor temperatures, etc | No |
| X | QdrModule10 | QdrModule10.exe | Internet Speed Monitor adware | No |
| X | QdrModule11 | QdrModule11.exe | Internet Speed Monitor adware related - see example here | No |
| X | QdrModule12 | QdrModule12.exe | Internet Speed Monitor adware related - see example here | No |
| X | QdrModule13 | QdrModule13.exe | Internet Speed Monitor adware related - see example here | No |
| X | QdrModule15 | QdrModule15.exe | Internet Speed Monitor I adware | No |
| X | QdrModule16 | QdrModule16.exe | Internet Speed Monitor adware related - see example here | No |
| X | QdrModule17 | QdrModule17.exe | Internet Speed Monitor I adware | No |
| X | QdrModule9 | QdrModule9.exe | Internet Speed Monitor H adware | No |
| X | QdrPack10 | QdrPack10.exe | Internet Speed Monitor H adware | No |
| X | QdrPack11 | QdrPack11.exe | Internet Speed Monitor adware related - see example here | No |
| X | QdrPack12 | QdrPack12.exe | Internet Speed Monitor adware related - see example here | No |
| X | QdrPack13 | QdrPack13.exe | Internet Speed Monitor adware related - see example here | No |
| X | QdrPack14 | QdrPack14.exe | Internet Speed Monitor adware related - see example here | No |
| X | QdrPack15 | QdrPack15.exe | Internet Speed Monitor adware related - see example here | No |
| X | QdrPack16 | QdrPack16.exe | Internet Speed Monitor adware related - see example here | No |
| X | QdrPack17 | QdrPack17.exe | Internet Speed Monitor adware related - see example here | No |
| X | QdrPack9 | QdrPack9.exe | Internet Speed Monitor adware | No |
| ? | Qdsafe | ?? | ?? | No |
| ? | Qexplo | Qexplo.exe | ?? | No |
| X | Qffecdas | vvzxx.exe | Added by the MULTIDRP.AA TROJAN! | No |
| X | qgqqft | [path to Trojan] | Added by the RANKY.T TROJAN! | No |
| Y | QH Live Update Scheduler | UPSCHD.EXE | Quick Heal Anti-Virus | No |
| Y | QH Office 2K Check | O2KCHECK.EXE | Quick Heal Anti-Virus MS Office documents virus checker | No |
| X | qkoszvd.dll | rundll32.exe qkoszvd.dll,jwezubg | Added by the DLOADR-AVD TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "qkoszvd.dll" file is located in %System% | No |
| X | qktier | qktier.exe | Added by the VBNA.ISU WORM! | No |
| U | QlbCtrl | QlbCtrl.exe | HP Quick Launch Buttons control center on their laptops | No |
| ? | QMusic | QMAgent.exe | ?? | No |
| U | Qnext | qnext.exe | "Qnext is the world's most advanced communication and sharing suite" | No |
| N | QNPlus | QNPlus.exe | Quick Notes Plus by Conceptworld - sticky notes tool | No |
| X | QnX | qnx.exe | Added by the ACKANTTA WORM! | No |
| U | Qoeloader | Qoeloader.exe | Qurb 2.0 anti-spam tool for Outlook/Outlook Express. Required when supporting OE but not for Outlook. Shortcut available via Start -> Programs | No |
| U | QPService | QPService.exe | HP QuickPlay - "brings your favorite music and movies to life with the touch of a button" | No |
| X | sendmess.exe | Added by the SEMES TROJAN! | No | |
| X | QQ.exe | QQ.exe | Added by a variant of the SDBOT WORM! Note - this is not the Tencent QQ Asian instant messanger program and resides in the Windows folder | No |
| X | QQKAV | scvhsot.exe | Added by the QQROB.ARQ WORM! | No |
| X | QQServer | QQ.exe | Added by the DOWNLDR-AN TROJAN! | No |
| X | qservices | qservice.exe | Added by the PROGENT-A TROJAN! | No |
| N | QSort2000 | QSORT.EXE | Utility that sorts your Start menu and Favourites in alphanumerical order. Not required - at any time you can right-click on these lists and choose "Sort by Name" | No |
| U | QT4HPOT | OneTouch.exe | Hewlett Packard One Touch keyboard driver. Required if you use the additional keys | No |
| U | QT4StBtn | SwiftBtn.EXE | SwiftBtn - installed alongside the system drivers on Fujitsu Siemens notebooks and allows extra keyboard support | No |
| U | QTaskStartup | qtask.exe | Feature of Quicken.com Brokerage to customize and display Desktop Alerts and icon. It is not required for the Quicken Program to run correctly, it is only required for the Desktop Alerts feature | No |
| X | QTime | nrchk.exe | Premium rate adult content dialler | No |
| N | QTSTUB.EXE | Qtstub.exe | Part of an old version of the Quick Tax application. It enables Quick Tax Calendar Popup to show tax calendar reminders | No |
| X | QTSvc | msocfg.exe | Premium rate adult content dialler | No |
| X | QTSvc | navchk.exe | Premium rate adult content dialler | No |
| X | QTSvc | shman.exe | Premium rate adult content dialler | No |
| X | QTSvc | ssvr.exe | Premium rate adult content dialler | No |
| N | qttask | Qttask.exe | System Tray access to Apple's "Quick Time" viewer from version 5 onwards | No |
| U | QtVprMtx | QTVPRMTX.EXE | Multimedia keyboard driver from Dritek System Inc | No |
| X | Quantifier Security | qsecue.exe | Added by the SPYBOT.UOL WORM! | No |
| X | quartz | quartz.exe | Malware installed by different rogue security software including SpyKillerPro | No |
| ? | QUBCity | qtp.exe | ?? | No |
| ? | Queensla | Queensla.exe | ?? | No |
| U | Quick Controls | Astrotoolbar.exe | Gateway Astro Screen and Sound Controls tray icon | No |
| U | Quick Heal Firewall Pro | qhfw.exe | Quick Heal Firewall Pro | No |
| U | Quick Heal Messenger | QHM32.EXE | Quick Heal Anti-Virus Messenger - keeps you informed about the latest threats, hoaxes etc | No |
| Y | Quick Heal On-Line Protection | Cateye.exe | Quick Heal - virus scanner | No |
| Y | Quick Heal Startup Scan | QHSTRT32.EXE | Quick Heal - virus scanner | No |
| U | Quick Hide Windows | qhw.exe | Quick Hide Windows from CronoSoft - "provides a quick and easy way for home and office PC users to quickly get sensitive materials off the screen without closing programs or losing documents" | No |
| X | Quick Office | activate.exe | Added by the RANSOMLOCK.D TROJAN! Note - this infection hooks the keyboard to prevent anything except numbers from being typed and displays a Russian message requesting a valid license key | No |
| N | Quick Shelf xx | qushelfxx.exe | Places an icon in the system tray for launching MS Bookshelf. Available via Start -> Programs"xx" represents the version number - ie, 98, 99 | No |
| Y | Quick Startup | Fquick32.exe | For a Nisis G6 USB Graphics Tablet. Re-enables itself if disabled therefore best left alone | No |
| X | Quick Time file manager | quicktimeprom.exe | Added by the SDBOT TROJAN! | No |
| N | Quick Time Task | qttask.exe | System Tray access to Apple's "Quick Time" viewer from version 5 onwards | No |
| N | Quick View Plus | QVP32.EXE | Quick View Plus from Inso Corporation. Multiple file type viewer. Available via Start -> Programs | No |
| U | QuickBooks Database Server Manager | QBServerUtilityMgr.exe | Part of QuickBooks Pro/Premier from Intuit - "QuickBooks Database Server Manager is a utility that allows you to configure the QuickBooks Server for multi-user access." See here for further information | No |
| N | QuickBooks Delivery Agent | QBDAGENT.EXE | As far QAGENT but for QuickBooks. Can also have the version number in the name | No |
| N | Quickbooks Update Agent | qbupdate.exe | Associated with Intuit's Quickbooks but not required. Possibly to do with the payroll update service but you're prompted to check for updates when appropriate whether this is running or not | No |
| U | QuickCamPro | QuickCamPro.exe | System Tray for Picture Capture utility that can run unattended. Pictures every 30 seconds for example, auto FTP Upload, etc | No |
| U | QUICKCARE | sprtcmd.exe /P QUICKCARE | Qwest Broadband QuickCare (provided by SupportSoft, Inc) is a free self-help tool for Qwest DSL users. Identifies and automatically fixes typical problems that may occur with your high-speed internet service | No |
| U | QuickCare2.2 | sprtcmd.exe /P QuickCare2.2 | Qwest Broadband QuickCare (provided by SupportSoft, Inc) is a free self-help tool for Qwest DSL users. Identifies and automatically fixes typical problems that may occur with your high-speed internet service | No |
| U | QuickDVBT | QuickDVB-T.exe | AVerTV_DVB-T connects Digital TV with your PC or Notebook and allows you to watch free-to-air digital terrestrial television channels with no subscription to pay | No |
| X | quicken | quicken.exe | CoolWebSearch Therealsearch parasite variant | No |
| X | quicken | Winrar.exe | CoolWebSearch Therealsearch parasite variant. Note - this is not the file zipping utility also known as WinRAR! | No |
| X | quicken | Waol.exe | CoolWebSearch Therealsearch parasite variant | No |
| N | Quicken Scheduled Updates | bagent.exe | Quicken background downloading module | No |
| N | Quicken Startup | QWDLLS.EXE | Quicken option to load DLLs at startup | No |
| N | QuickenSEMessage | Qsemsg.exe | Quicken option | No |
| N | QuickFinder Scheduler | QFSCHD100.exe | Used in Corel 2002 & Corel Suite 7 - finds files faster by indexing your files (similar to Microsoft's Find Fast or Fast Search for its Office products) | No |
| N | QuickFinder Scheduler | QFSched.exe | Used in Corel 2002 & Corel Suite 7 - finds files faster by indexing your files (similar to Microsoft's Find Fast or Fast Search for its Office products) | No |
| N | QuickFinder Scheduler | QFSCHD110.EXE | Used in Corel WordPerfect Office 11 - finds files faster by indexing your files (similar to Microsoft's Find Fast or Fast Search for its Office products). See here | No |
| N | QuickFinder Scheduler | QFSCHD130.EXE | Used in Corel WordPerfect Office X3 - finds files faster by indexing your files (similar to Microsoft's Find Fast or Fast Search for its Office products). See here | No |
| X | QuickHealCleaner | QuickHealCleaner.exe | QuickHealCleaner rogue spyware remover - not recommended, removal instructions here. A member of the WiniGuard family | No |
| X | QuickInstallPack | QuickInstallPack.exe | Installed and used by rogue security products such as Cleaner2009, AntiMalwareSuite, SecureExpertCleaner and System Guard Center | No |
| X | QuickInstallPack | CLN_2009FreeInstall.exe | Installed and used by rogue security products such as Cleaner2009, AntiMalwareSuite, SecureExpertCleaner and System Guard Center | No |
| Y | QuickLaunchEr | QuickLaunchEr.Exe | QuickLaunchEr - allows you to quickly launch programs from an icon in the system tray | No |
| N | Quicklink III | QL.EXE | HP fax program and only needs to be in the start-up group if you allow your phone to automatically answer your phone in fax mode, that is, to receive faxes after a certain number of rings. Available via Start -> Programs | No |
| N | Quicknote | quicknote.exe | JC&MB Quicknote Virtual Scrapbook | No |
| U | QuickPassword | agquickp.exe | Smart card-based authentication and digital signature client software | No |
| N | QuickRes | QUICKRES.EXE | Utility to quickly change desktop resolution - left over from Win95 Power Toys. In Win98 and above incorporated via Control Panel -> Display. Not required unless you have to change resolutions on a regular basis | No |
| N | quickset | quickset.exe | Dell taskbar icon allowing you to quickly change settings | No |
| X | QuickSet | mmspng.exe | Added by a variant of the IROFFER.Z TROJAN! | No |
| X | Quicktime | qttasks.exe | Added by the ADCLICK-AK TROJAN! | No |
| X | Quicktime | shch.exe | Added by a variant of the BDOOR-EB BACKDOOR! | No |
| X | QuickTime | qttask.exe | Added by the AGENT-ENG TROJAN! Note - this is not the legitimate Apple "Quick Time" viewer that has the same startup name and filename and is normally located in %ProgramFiles%\QuickTime. This one is located in %System% | No |
| X | Quicktime Mediaplayer | winmplyer32.exe | Added by the RBOT-PM WORM! | No |
| X | Quicktime Mediaplayr | wnmplyr.exe | Added by a variant of the RBOT WORM! | No |
| X | Quicktime Pro 3.0 | winuodps.exe | Added by the GAOBOT.BH WORM! | No |
| N | QuickTime Task | Qttask.exe | System Tray access to Apple's "Quick Time" viewer from version 5 onwards | No |
| X | QuickTime Task | qttasks.exe | CoolWebSearch parasite variant | No |
| X | Quicktime Task | [random filename] | Trafficadvance dialer | No |
| X | QuickTime Task | qttask.exe | Trojan that is typically bundled with rogue security programs (such as Virus Trigger and AntivirusTrigger) and fake codecs. Note - this is not the legitimate Apple "Quick Time" viewer that has the same startup name and filename and is normally located in %ProgramFiles%\QuickTime. This one is located in %ProgramFiles%\WebMediaViewer | No |
| N | QuickTime Update Completion x | quicktimeupdatehelper.exe | Different numbers caused by number of launches. So if 3 updates are made separately, 3 would appear (in theory) | No |
| X | QuicktimeMngr | QUICKTIMEMNGR.EXE | Added by the WOOTBOT.AW WORM! | No |
| X | QuickTimeUpdate | QuickUpdate.exe | Added by the BIFROSE-CW TROJAN! | No |
| X | Quicktlme | ru.exe | Adult content dialler | No |
| U | QuickTV | QuickTV.exe | Infra-red remote control driver for the AVerTV Studio TV tuner/personal video recoder from AVerMedia. Required if you use the remote control | No |
| X | Quickzip | Ls.exe | MsConnect browser hijacker and dialler | No |
| X | QuickZip | lu.exe | MsConnect browser hijacker and dialler | No |
| N | QuikShield | qkshield.exe | QuikShield popup blocker - reportedly stealth installed, see here | No |
| N | QuikSync | QUIKSYNC.EXE | Used by Iomega drives. Available via Start -> Programs | No |
| U | Quote on Table 3 | Quote3.exe | Quote on Table from Badevlad Company - displays automatically changing quotes and citations on your desktop. Start manually when required | No |
| U | Quote3 | Quote3.exe | Quote on Table from Badevlad Company - displays automatically changing quotes and citations on your desktop. Start manually when required | No |
| X | qvqe | qgebv.exe | Added by the AGOBOT-OJ WORM! | No |
| X | qwe | qwe.exe | Added by the LINEAGE-F TROJAN! | No |
| ? | QWERTY | qwerty.exe | Possibly adult content related adware | No |
| X | qwertybot.exe | qwertybot.exe | Added by the AGENT.ALF TROJAN! | No |
| U | QWS3270 Sessions | sessions.exe | QWS3270 Secure terminal emulation software | No |
| X | R | rundll32.exe msprt.dll | Chinese originated browser hijacker - redirecting to 4199.com Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| X | RA Server | Slave.exe | Added by the RA TROJAN! | No |
| X | RabbitWannaHome | rabbit.exe | Added by the MIMAIL.S WORM! | No |
| Y | Rabo Session Monitor | RaboSessionMon.exe | Related to RaboBank electronic banking software | No |
| N | RaConfig2500 | RaConfig2500.exe | RaLink wireless LAN configuration utility | No |
| N | RadarSync | RadarSync.exe | Radarsync utility comes from DFI with their latest motherboards, e.g., DFI LanParty Ultra - checks for BIOS and driver updates periodically | No |
| U | RadBoot | RadBoot.exe | RadLinker - tweaker/linker for ATI Radeon based graphics cards. It allows you easy access to per game settings | No |
| U | Radio365Agent | Radio365TrayAgent.exe | Radio365 - create playlists and broadcast live straight from your PC! | No |
| U | RadioSvr | RadioSvr.EXE | Used to configure wire less networks. Windows automatically detects the Wireless network and it configures the network | No |
| X | RagesCamera | Ragesn.exe | Added by the SDBOT.AHJ WORM! | No |
| U | RAID Event Monitor | Iaanotif.exe | Part of Intel® Matrix Storage Manager (formally known as Intel® Application Accelerator and Intel® Application Accelerator RAID Edition). Used in conjunction with the event monitor service (IAANTMON - Iaantmon.exe) to display event notifications (such as RAID volume status changes, HDD I/O errors or HDD SMART event) via a System Tray icon when an event occurs. Via this icon you can then choose to launch the Intel Matrix Storage Console or ignore the current alert | Yes |
| X | raidhost | raidhost.exe | Added by the AGENT-LID TROJAN! | No |
| U | RaidTool | raid_tool.exe | VIA V-RAID Tool - hard disk striping/mirroring utility for increased performance and reliability | No |
| U | Rainlendar | Rainlendar.exe | Rainlendar is a customizable calendar that displays the current month | No |
| U | Rainlendar2 | Rainlendar2.exe | Rainlendar is a customizable calendar that displays the current month | No |
| N | Rainmeter | Rainmeter.exe | Rainmeter is a customizable performance meter, which can display the CPU load, memory utilization, etc | No |
| U | Ralink Wireless Utility | RaUI.exe | Wireless configuration utility for Railink based products | No |
| U | RAM Idle Professional | RAM_XP.exe | RAM Idle LE - "A smart memory management program that will keep your computer running better, faster, and longer. RAM Idle works by freeing up physical RAM wasted by Windows and other applications. In addition, RAM Idle also includes Cache and startup manager program that will give you more power to optimize your Windows." MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mind | No |
| U | RAMASST | RAMASST.exe | Optionally installed with some DVD drives (LG, Panasonic, etc). Disables Windows XP's CD-burning abilities because they cause some incompatibilities. It does not affect your ability to burn CDs. If you do not have this program running, you may have some compatibility issues with burnt DVDs | No |
| X | RamBooster2 | rb.exe | Added by the AKAK TROJAN! | No |
| ? | RAMConnectionChecker | RAMConnChecker.exe | Part of Remote Access Manager (RAM) for Nortel Networks - which "combines an intuitive, user-friendly remote access interface for dialup, cable, LAN, wireless, and DSL users with state-of-the-art phonebook, dialing, and seamless software distribution and update capabilities". Is it required? | No |
| U | RAMDef | ramdef.exe | Ram Def Xtreme - monitors and defragments your system RAM to improve reliability and speed. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mind | No |
| U | RAMDrive | RDTask.exe | Virtual Hard Drive Pro from Farstone - "takes a portion of your system memory and creates a RAM disk drive, which functions like a physical hard drive, only with much better access rates" | No |
| ? | RAMGINAConnWatch | RAMConnWatcher.exe | Part of Remote Access Manager (RAM) for Nortel Networks - which "combines an intuitive, user-friendly remote access interface for dialup, cable, LAN, wireless, and DSL users with state-of-the-art phonebook, dialing, and seamless software distribution and update capabilities". Is it required? | No |
| U | RamIdle | ramidle.exe | RAM Idle LE - "A smart memory management program that will keep your computer running better, faster, and longer. RAM Idle works by freeing up physical RAM wasted by Windows and other applications. In addition, RAM Idle also includes Cache and startup manager program that will give you more power to optimize your Windows." MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mind | No |
| U | RAMpage | RAMpage.exe | Small Windows utility that displays the amount of available memory in an icon in the System Tray. It can also free memory by double clicking the tray icon, or by setting a threshold that activates the program automatically, or by having it run automatically when an application exits. RAMpage is free, and open source | No |
| X | Randex virus built for IRBMe | irbme.exe | Added by the RANDEX.RH WORM! | No |
| X | random | random.exe | Added by the DLOADER-KM TROJAN! | No |
| X | Random Interface Network | rst.exe | Added by the DELBOT-P WORM! | No |
| X | Random Interface Network Manager | rinsv.exe | Added by the DELBOT-L WORM! | No |
| X | Random Unique ID | [worm filename] | Added by the XROVE-A WORM! | No |
| X | RandomWin32 | mgnwin32.exe | Added by the SDBOT-DV WORM! | No |
| U | Randsoft Harmony '98 | rsMenu.exe | Randsoft Harmony '98 (superseded by Enterprise Harmony 99) for CASIO - synchronization software for use with Microsoft® Outlook 97/98/2000 | No |
| X | rant | rant.exe | Added by the RBOT-ZB WORM! | No |
| Y | RapApp | RAPAPP.EXE | Application protection component of BlackICE PC Protection (was Defender) firewall, informing you of any modifications to programs, files or folders and detecting unknown programs trying to launch | No |
| X | Rapdata | ravsecs.exe | Added by the QQPASS-V TROJAN! | No |
| X | Rapdatae | rabseuser.exe | Added by the QQPASS-S TROJAN! | No |
| X | Rapdatybs | ravseteyns.exe | Added by the PWS-ACP TROJAN! | No |
| X | Rapid Antivirus | Rapid Antivirus.exe | Rapid Antivirus rogue security software - not recommended, removal instructions here | No |
| U | Rapid Restore | rrpcsb.exe | XPoint "Rapid Restore PC" - "a Managed Recovery solution that enables IT Administrators to protect the corporate image, while offloading personal data backup and recovery chores to the end user" | No |
| X | RapidBlaster | rb32.exe | RapidBlaster parasite. Recommended you use RapidBlaster Killer to uninstall - see here | No |
| X | Raptelnet | ravspeger.exe | Added by the QQPASS-AA TROJAN! | No |
| X | Raptelt | ravspegtl.exe | Added by the QQPASS-AB TROJAN! | No |
| Y | Raptor Mobile | vpnservices.exe | Symantec VPN Client used to connect to corporate networks. If unchecked, must be uninstalled using Add/Remove Programs as it tightly integrates into networking | No |
| X | RaptorDefence | RaptorDefence.exe | RaptorDefence rogue security software - not recommended, removal instructions here | No |
| X | RasCon Remote Access Service Manager | rasmngr.exe | Added by the SPYBOT.EM WORM! | No |
| X | rasctrs | rasctrs.exe | Hijacker, also detected as the ADWAHECK TROJAN! | No |
| X | Rase | boln.exe | PurityScan adware | No |
| X | rasman | rasman32.exe | Added by the BCKDR-QGN BACKDOOR! | No |
| X | RasMan.exe | RasMan.exe | Added by the FEUTEL-H TROJAN! | No |
| X | rate.exe | i11r54n4.exe | Added by the BEAGLE-I WORM! | No |
| X | rate.exe | i1ru74n4.exe | Added by the BEAGLE.E WORM and variants! | No |
| Y | RAV8Tray | ravtray8.exe | RAV anti-virus related | No |
| X | RavAv | RavMonE.exe | Added by the RJUMPF-F WORM! | No |
| X | RavAv | AdobeR.exe | Added by the RJUMP.D WORM! | No |
| X | RAVEN_VLZS.EXE | RAVEN_VLZS.EXE | DownloadReceiver parasite - no longer in existence | No |
| Y | RavMon | RavMon.exe | RAV AntiVirus | No |
| X | ravshell | expl0rer.exe | Added by the DLOADER.MAR TROJAN! | No |
| X | Ravshell | explore3.exe | Added by the PAKES.HZ TROJAN! | No |
| X | Ravshell | IEXPLORER.EXE | Added by the AGENT.URZ TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe) | No |
| X | Ravshell | rund1132.exe | Added by the AGENT.OKZ TROJAN! | No |
| X | Ravshell | svch0st.exe | Added by the NSPM.PU TROJAN! Notice the digit "0" in the filename rather than the lower case "O" | No |
| X | ravshell | 1explore.exe | Added by the DLOADER.MJF TROJAN! | No |
| X | ravshell | iexpl0re.exe | Added by the NOFERE-A TROJAN! Note the number "0" in the filename | No |
| Y | RavStub | ravstub.exe | Rising antivirus | No |
| X | ravtask | rund1132.exe | Added by the DLOADER.IYT TROJAN! | No |
| X | ravtask | svch0st.exe | Added by the LINEAG-AIN TROJAN! | No |
| Y | RavTask | RavTask.exe | Rising antivirus | No |
| X | ravtask | iexpl0re.exe | Added by the AGENT.AIR BACKDOOR! Note the number "0" in the filename | No |
| X | RavTime | Mstray.exe | Added by the WUKILL.A WORM! | No |
| Y | RavTimer | RavTimer.exe | RAV AntiVirus | No |
| X | RavTimer | explores.exe | Added by the HOMEY-A TROJAN! | No |
| X | RavTimeXP | [worm filename] | Added by the WULLIK.B WORM! | No |
| X | RavTimeXP | Virus | Added by the CAGER.A WORM! | No |
| X | RavTimXP | [worm filename] | Added by the WULLIK.B WORM! | No |
| X | RavUptets | agetlke.exe | Added by the QQPASS-AK TROJAN! | No |
| X | RavUptkt | agetlktz.exe | Added by the QQPASS-AJ TROJAN! | No |
| X | RavUptpe | ravsesur.exe | Added by the QQPASS-T TROJAN! | No |
| ? | rav_temp.exe | rav_temp.exe | ?? | No |
| X | rawload | [path to trojan] | Added by the DARKIRC.QZ TROJAN! | No |
| X | RAX SYSTEM | scrigz.exe | Added by the MYTOB.KR WORM! | No |
| N | Ray Process Killer | Prkill.exe | Ray Process Killer - clicking right mouse button produces popup menu with current active tasks. You can choose any task and click "Ok" to terminate it. Use CTRL+ALT+DEL instead | No |
| X | Raymond present | friska_w32.exe | Added by the RUBBLE-C WORM! | No |
| U | razer | razerhid.exe | Razer mouse driver | No |
| X | rb32 lptt01 | rb32.exe | RapidBlaster variant (in a "RapidBlaster" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here | No |
| X | rb32 ml097e | rb32.exe | RapidBlaster variant (in a "RapidBlaster" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here | No |
| X | rbenh ml***e | rbenh.exe | RapidBlaster variant (in a "RBEnhance" folder in Program Files) where *** represents random digits. Recommended you use RapidBlaster Killer to uninstall - see here | No |
| X | rbnynkctv | rbnynkctv.exe | Added by the AGENT-GPA BACKDOOR! | No |
| X | RBOT v2 with NetAPI exploit traded with billgates I gave my mother Greetz - OG - Bluehell Irc Server | glossary.exe | Added by the VANEBOT-J WORM! | No |
| X | Rcf Driver | rcf.exe | Added by the RANDEX.BLD WORM! | No |
| U | RCHotKey | RCHotKey.exe | Part of RingCentral Call Controller™ which "turns your PC into your personal business command center. It brings you real time control of your calls, and immediate access to faxing, your account, Microsoft Outlook® contacts, and many powerful business efficiency tools" | No |
| X | rcimlby.exe | rcimlby.exe | Added by the SDBOT-DHK WORM! | No |
| X | rCron | rcron.exe | "Switch" premium rate adult content dialler variant | No |
| X | rCron | dservice.exe | "Switch" premium rate adult content dialler variant | No |
| U | RCScheduleCheck | RCSCHED.EXE | Scheduler for VCOM's Recovery Commander - which "can restore your non-booting system back to normal. It only takes a few minutes to get your system back up and running" | No |
| X | Rcsh | weaa.exe | PurityScan adware | No |
| X | RCSync | RCSync.exe | PrizeSurfer related. "PrizeSurfer is the free software that automatically enters you to win cash and prizes just for surfing the web and shopping online!" Stealth installed malware | No |
| U | RCSystem | DLLML.exe RCSystem | Related to Creative DLL Module Loader for the Sound Blaster X-Fi (and maybe others). This program is non-essential process to the running of the system, but should not be terminated unless suspected to be causing problems | No |
| X | RDAgent | RDAgent.exe | RegDefense rogue registry cleaner - not recommended | No |
| U | RDClient | RDCLIENT.EXE | Remote Disconnection Utility from Twiga. Used for connecting and disconnecting dial up connections on a network - only needed if there is a shared internet connection | No |
| X | RDListener | RDListener.exe | RegDefense rogue registry cleaner - not recommended | No |
| X | RDLL | RunDll16.exe | Added by the SDBOT.F TROJAN! | No |
| X | rdvs | [worm filename] | Added by the ULTIMAX.B WORM! | No |
| U | RE.exe | RE.exe | RegistryEasy registry cleaner - regarded by Symantec as a potentially unwanted application, see here | No |
| X | Reactor3 | [random name]32.exe | Added by the BOFRA.A WORM! | No |
| X | Reactor5 | [random name]32.exe | Added by the BOFRA.D WORM! | No |
| X | Reactor6 | [random name]32.exe | Added by the BOFRA.C WORM! | No |
| X | Reactor7 | [random name]32.exe | Added by the BOFRA.B WORM! | No |
| X | Reactor8 | [random name]32.exe | Added by the BOFRA.E WORM! | No |
| X | Reactor9 | [random name]32.exe | Added by the BOFRA.E WORM! | No |
| X | readdb40 | rundll32.exe readdb40.dll, EnableRunDLL32 | LZIO.com adware downloader. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "readdb40.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| U | readericon | readericon45G.exe | Tray icon to set various configuration settings for Sunkist (and maybe other) media card readers | No |
| ? | readericon10 | readericon10.exe | Related to a multimedia card reader - possibly based upon an Alcor Micro chipset. What does it do and is it required? | No |
| X | reader_s | reader_s.exe | Added by the AGENT-IUT TROJAN! | No |
| N | Reader_sl | Reader_sl.exe | Speeds up the time it takes to load the Adobe Reader PDF document reader. "The Speed Launcher quickly opens and closes all of the files that Acrobat or Adobe Reader will use when the application starts. Opening and closing the files allows your virus protection software to check these programs and add them to its list of safe files" - see here. Not required for Adobe Reader to function properly | Yes |
| N | REAL | realjbox.exe | Real Jukebox - MP3 and music files player | No |
| X | Real Internet Player | Reaiplay.exe | Added by a variant of the SPYBOT WORM! | No |
| X | Real Media Player | realplayer2.exe | Added by a variant of the RBOT WORM! | No |
| X | Real player updater | realupd.exe | Added by the PARLAY TROJAN! | No |
| X | real scheduler.hta | RealAudio.exe | Added by the CEEGAR TROJAN! Note - this is not associated with the popular RealPlayer media player | No |
| U | Real Spy Monitor | Winrsm.exe | Realspy keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| X | Real Statics Agent | ccreal.exe | Added by a variant of the RBOT WORM! | No |
| X | Real-Tens | Real-Tens.exe | DownloadWare adware | No |
| X | RealAudio | RealAudio.exe | Added by the CEEGAR TROJAN! Note - this is not associated with the popular RealPlayer media player | No |
| X | Realaudio Player | realaudio32.exe | Added by the AGOBOT.AFR WORM! | No |
| X | RealAV.exe | RealAV.exe | Real Antivirus rogue security suite - not recommended, removal instructions here | No |
| N | RealDownload | RealPlay.exe | Download manager. Available via Start -> Programs | No |
| X | RealDownload Express | npnzdad.exe | Advertising spyware | No |
| N | Reality Fusion GameCam SE | RFTRay.exe | Reality Fusion GameCam Video Interaction Technology Software that comes with the Logitech QuickCam PC video camera and other USB cameras. It's only an icon that appears on your System Tray. Available via Start -> Programs | No |
| N | RealJukeboxSystray | tsystray.exe | System Tray icon for RealJukebox | No |
| X | realone_nt2003 | moniker.exe | Added by the SNONE.A WORM! | No |
| X | RealP1ayer | [path to file] | Added by the RPLAY.A TROJAN! Note that the name has a number "1" in place of the second lower case "L" | No |
| N | realplay | realplay.exe | System Tray icon for RealPlayer. If you subsequently start RealPlayer manually it adds itself back to the start-up list. You can stop this from happening by right-clicking on the tray icon and disabling StartCenter via Preferences | No |
| X | realplay lptt01 | realplay.exe | RapidBlaster variant (in a "RealPlay" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here. Note - this is not RealPlayer which can have the same executable name | No |
| X | realplay ml097e | realplay.exe | RapidBlaster variant (in a "RealPlay" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here. Note - this is not RealPlayer which can have the same executable name | No |
| N | RealPlayer | realplay.exe | System Tray icon for RealPlayer. If you subsequently start RealPlayer manually it adds itself back to the start-up list. You can stop this from happening by right-clicking on the tray icon and disabling StartCenter via Preferences | No |
| X | RealPlayer Ath Check | rnathchk.exe | Added by the MYTOB.AG WORM! | No |
| X | RealPlayer Ath Check | mathchk.exe | Added by the MYDOOM-AJ WORM! | No |
| X | Realplayer Codec Support | realsched.exe | Added by the AGOBOT-AAD WORM! Note - this is not the legitimate RealOne Player (realsched.exe) application of the same name | No |
| X | Realplayer One | realplay.exe | Added by the RBOT-NK WORM! | No |
| X | Realplayer Video | RealPlay.exe | Added by a variant of the RBOT WORM! | No |
| X | Realplayer.exe | Realplayer.exe | Added by the DELF.CNV TROJAN! | No |
| N | RealPlayer2 | MsgCenterExe | RealNetworks RealPlayer related - disabling this application will not affect Real Player in any way | No |
| X | RealPlayerUpdater | realupd32.exe | Added by the LOHAV-T TROJAN! | No |
| ? | Realpopup | Realpopup.exe | RealPopup - "Replaces old winpopup with a full featured freeware tool which remains stable and simple as its predecessor" | No |
| N | Realsched | realsched.exe | Application Scheduler installed along with RealOne Player. Runs independently of RealOne Player, to remind AutoUpdate and Message Center to perform their tasks at pre-scheduled intervals. If it can't be disabled try deleting or renaming realsched.exe and then delete the entry in the registry | No |
| U | RealSPEED | RealSPEED.Exe | RealSPEED - tweaking utility to speed-up your internet connection | No |
| U | Realtek AC97 Audio - Event Monitor | ALCMTR.EXE | Realtek Azalia Audio - Event Monitor, installed with the XP/2K drivers for on-board Realtek HD audio codecs. Some users believe that Realtek uses this file in order to gather data about the customer but it's exact purpose is unknown and it doesn't run on an ALC885 based test system or try to access the internet. Some users report problems with their on-board sound if this is disabled - hence the "U" recommendation | Yes |
| N | Realtek HD Audio Sound Effect Manager | RTHDCPL.EXE | Realtek HD Audio Control Panel, installed with the XP/2K drivers for on-board Realtek HD audio codecs. Unless you have the default (but optional) System Tray icon enabled, the only purpose this entry serves is to detect and allow you to configure any devices plugged into the jacks - such as headphones and a microphone. With the System Tray icon enabled it will also inform you when devices are removed and give you access to the Sound Manager and other multimedia functions. The Sound Manager is also available via the Control Panel and this entry is therefore only required if you regularly change sound schemes | Yes |
| U | Realtek HD Sound Manager | SOUNDMAN.EXE | Realtek Sound Manager, installed with the drivers for on-board Realtek HD audio codecs. On an ALC885 based test system it doesn't run after the drivers have been installed and the startup entry is then removed. Disabling it appears to have no ill effects but it's exact purpose is unknown - hence the "U" recommendation | Yes |
| X | Realtek Sound Manager | Tecompntwx.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| U | Realtek Voice Manager | Skytel.exe | Realtek Voice Manager, installed with the drivers for on-board Realtek HD audio codecs. On an ALC885 based test system it doesn't run after the drivers have been installed and the startup entry is then removed. Disabling it appears to have no ill effects but it's exact purpose is unknown - hence the "U" recommendation | Yes |
| U | Realtime Audio Engine | mmrtkrnl.exe | Associated with ALCATech BPM Studio | No |
| Y | Realtime Monitor | realmon.exe | Realtime scanner part of eTrust Antivirus/InoculateIT version 6 virus scanners from Computer Associates | No |
| X | RealTimeProtector | winlogon.exe | Added by the AUTORUN.DIB WORM! Note - this is not the legitimate winlogon.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ~A~m~B~u~R~a~D~u~L~� subfolder | No |
| ? | RealTimeUpdate | RealTimeUpdate.exe | Product description in properties is "InternetExplorerCommunicationAgent Module" ? | No |
| X | realtpsk | realsched.exe | Chinese originated adware - detected by Panda as NewWeb. Note - this is not the legitimate RealOne Player (realsched.exe) application of the same name and this file is located in %System% | No |
| N | RealTray | RealPlay.exe | System Tray icon for RealPlayer. If you subsequently start RealPlayer manually it adds itself back to the start-up list. You can stop this from happening by right-clicking on the tray icon and disabling StartCenter via Preferences | No |
| X | RealUpdater | realupd.exe | Added by the PARLAY or MITGLIEDER.I TROJANS! | No |
| X | REAnti.exe | REAnti.exe | REAnti rogue security software - not recommended, removal instructions here. A member of the AntiAID family | No |
| X | RebateNation0 | RebateNation0.exe | RebateNation adware | No |
| N | Reboot | Reboot.exe | MS-DOS/Win3.1 utility use to clean boot a system. Sometimes installed by default from some driver CDs for motherboards | No |
| U | Receiver | PcfaxRcv.exe | Incorporated on multifunction digital copiers (such as the MX-3500NM), Sharp's innovative PC fax driver enables users to send fax documents right from their desktop | No |
| Y | Recguard | recguard.exe | On HP computers, Recguard prevents the deletion or corruption of the WinXP Recovery Partition. Without it enabled, it is possible to knock that completely out and force the customer to send the PC back to HP for a re-image, possibly at the customer's expense | No |
| N | Reclip | reclip.exe | Reclip Popup Clipboard manager | No |
| X | Recommended Hotfix - {0421701D-CF13-4E70-ADF0-45A953E7CB8B} | RH.DLL | SmartPops search hijacker | No |
| N | RecordNow | RecordNow.exe | RecordNow! CD-writing utility from Sonic Solutions | Yes |
| N | Recover | N/A | Added during the installation of Comcast High Speed Internet software. During installation the system reboots and if the disk is removed a screen appears asking for the disk to be re-inserted to complete installation. Not required once installion is complete | No |
| X | recover.bmp.exe | Rundll.exe | Added by the ANAFTP-01 TROJAN! Note - this is NOT the Win9x/Me system file of the same name as described here | No |
| N | RecoverFromReboo | RECOVE~1.EXE | Part of a DSL installer package from SBC (probably SBC/Yahoo DSL). If the installation is botched, this entry may be left in the registry | No |
| N | RecoverFromReboo | RecoverFromReboot.exe | Part of a DSL installer package from SBC (probably SBC/Yahoo DSL). If the installation is botched, this entry may be left in the registry | No |
| N | RecoverFromReboot | RECOVE~1.EXE | Part of a DSL installer package from SBC (probably SBC/Yahoo DSL). If the installation is botched, this entry may be left in the registry | No |
| N | RecoverFromReboot | RecoverFromReboot.exe | Part of a DSL installer package from SBC (probably SBC/Yahoo DSL). If the installation is botched, this entry may be left in the registry | No |
| X | Recoveru system | svchast.exe | Added by a variant of the LINEAGE-AV TROJAN! | No |
| X | Recoveru systems | svchost.exe | Added by a variant of the SDBOT WORM! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! ! This file is located in the "temp" folder | No |
| N | RecShe | RecSche.exe | Recording scheduler for WatchTV Capture Card (TV Tuner card) | No |
| X | Recycle Bin Handler | recycler.exe | Added by the SHUCKBOT-A TROJAN! | No |
| X | Recycle Bin Handler 2005 | system.exe | Added by the BDOOR-HO BACKDOOR! | No |
| X | Recycler DO NOT MODIFY | recyclecl.exe | Added by the RBOT.DDA WORM! | No |
| X | RecycleSTR | msreg32.exe | Added by the RBOT-TC WORM! | No |
| N | Red Flag | redflag.exe | PMS prediction program with modes for guys and girls - no longer available | No |
| U | Red Swoosh EDN Client | RSEDNClient.exe | Red_Swoosh distributed networking software - a desktop client that enables users to download and stream files from each other, rather than from webservers | No |
| X | redirect | redirect*.exe | Dotcomtoolbar/Linksummary hijacker installer - where * is a random digit | No |
| N | Redline Taskbar | taskbar.exe | Taskbar icon for the Redline RegTweak overclocking program as supplied with Sapphire ATI graphics cards | No |
| X | REEGRUN | [path to file] | Added by the SECDROP.AI TROJAN | No |
| X | Reeg_ | [path to trojan] | Added by the BANCBAN-AW TROJAN! | No |
| X | Reek 32 Server | reek32.exe | Added by the RANDEX.AL WORM! | No |
| U | Referee | referee.exe | MediaComm's monitor for file association changes. Stop rogue programs from screwing your settings either on installation or whenever they run | No |
| U | Reflex Vision | ReflexVision.exe | Reflex Vision from Increment Software. "A background application for Windows XP that makes switching windows faster and easier" | No |
| N | Refresh | Refresh.exe | (Iomega) Refresh - loads the Iomega desktop icons at startup | No |
| X | Reg | Reg.hta | Passon homepage hi-jacker | No |
| ? | Reg Check | lpt.exe | Related to Supanet ISP software - what does it do and is it required? | No |
| X | reg run | Systen.exe | Added by the BANCOS-BS TROJAN! | No |
| X | Reg Service | winsy.exe | Added by a variant of the SPYBOT WORM! | No |
| X | Reg Service | winslogon.exe | Added by the AGOBOT-SC WORM! | No |
| X | Reg Service | ipcfg.exe | Added by the AGOBOT-SO WORM! | No |
| X | Reg Service | REGSRV32.EXE | Added by the RBOT.ZW WORM! | No |
| X | Reg Service | WinnConfig.exe | Added by the AGOBOT-PF WORM! | No |
| X | Reg Service | NT32.exe | Added by the AGOBOT.G TROJAN! | No |
| X | Reg Services | Winboot32.exe | Added by the RBOT.PB WORM! | No |
| X | reg1.reg | vuamgard.exe | Added by a variant of the IRCBOT TROJAN! | No |
| U | reg2.0 | SVCH0ST.EXE | eSpyNow surveillance software. Uninstall this software unless you put it there yourself. Note - the filename has the digit 0 rather then the uppercase "o" | No |
| X | Reg32 | Reg32.exe | Hijacker - redirecting to only-virgins.com | No |
| X | reg32 | reg32.exe | Added by the NOUPDATE.B TROJAN! | No |
| X | Reg32 | reg33.exe | CoolWebSearch parasite variant - also detected as the STARTPA-M TROJAN! | No |
| X | Regcheck | ~CAB001.EXE | Added by the CYBRSPY.13A or CYBRSPY.13B TROJANS! | No |
| X | regcheck | [path to file] | Added by the SERVPAM TROJAN! | No |
| U | RegClean Expert Scheduler | RCHelper.exe | "Registry Clean Expert scans the Windows registry and finds incorrect or obsolete information in the registry. By fixing these obsolete information in Windows registry, your system will run faster and error free" | No |
| U | RegClean Expert Scheduler | RCScheduler.exe | "Registry Clean Expert scans the Windows registry and finds incorrect or obsolete information in the registry. By fixing these obsolete information in Windows registry, your system will run faster and error free" | No |
| X | RegCleaner | SYSio32.exe | Added by an unidentified VIRUS, WORM or TROJAN! Note - do not confuse this with the popular RegCleaner registry cleaner freeware | No |
| X | RegCompres | Regcpm32.exe | Added by the POLDO.B TROJAN! | No |
| X | RegCompres | REGCPM32.EXE | Added by the DASMIN-E TROJAN! | No |
| X | Regcxdinaf | REGCXDINAF.EXE | Added by the BANCOS-BW TROJAN! | No |
| X | Regcxmarq | REGCXMARQ.EXE | Added by the BANCOS.DK TROJAN! Note that the filename has a leading space, ie, " REGCXMARQ.EXE" | No |
| X | Regcxn | Regcxn.exe | Added by the COIBOA-D TROJAN! | No |
| U | regdefend | regdefend.exe | "RegDefend is a configurable, kernel based registry protection system, designed to intercept selected changes before they occur, thus also preventing malicious software like viruses, trojans and worms from using the registry to their advantage" | No |
| X | regdiit | winxp.exe | Added by the RUNAUTO.F WORM! | No |
| X | regdiit | win.exe | Added by the VBSAUTO-A WORM! | No |
| X | RegDone | services.exe | Added by the NEVEG.B or NEVEG.C WORMS! Note - this is not the legitimate services.exe process, which should not appear in Msconfig/Startup! | No |
| X | RegDone | winlogon.exe | Added by the NEVEG.A WORM! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup! | No |
| X | RegDone Ex | csrss.exe | Added by the WEBUS TROJAN! Note - this is not the legitimate csrss.exe process which should not normally figure in Msconfig/Startup! | No |
| X | RegDoneEx | lsass.exe | Added by the WEBUS.B TROJAN! Note - this is not the legitimate lsass.exe process which should not normally figure in Msconfig/Startup! | No |
| X | regedit | regedit.exe | Added by the BRID.A WORM! Note - this is not the valid Windows registry editor which resides in %Windir$ and will not figure in Msconfig/Startup! This version resides in %System% | No |
| X | REGEDIT | Regsrv32.com | Added by the SOUTHGHOST WORM! | No |
| X | regedit | autoexe.exe | Added by a variant of the RBOT WORM! | No |
| X | regedit | svchost.exe ccRegVfy | Added by the HOTWORD.B TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is also located in %System% but has a space at the beginning of the filename | No |
| X | regedit | regedit.exe | Added by the GANBATE.A WORM! Note that the legitimate Windows registry editor (regedit.exe) is located %Windir% and will not figure in Msconfig/Startup! This one is located in %Windir%\security\Database | No |
| X | Regedit | regedits.exe | Added by the BANCBAN-QV TROJAN! | No |
| X | RegEdit32 | RegEdit32.exe | Added by the VOUMIT-A WORM! Note - this is not the legitimate regedit32.exe application which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "mirc32" folder | No |
| X | Regexit | runlli32.exe | Added by the QQPASS-U TROJAN! | No |
| X | Regexit | Updadv.exe | Added by the QQPASS-N TROJAN! | No |
| X | RegFreeze | regfreeze.exe | RegFreeze rogue spyware remover - not recommended, removal instructions here | No |
| X | reggsdg | spoolserv.exe | Added by the SDBOT-MS WORM! | No |
| X | reggsdg | spoolsrv.exe | Added by the SDBOT-DI WORM! | No |
| U | RegHelp | svchosts.exe | SpyGraphica spy software - "Stealth monitoring of ALL PC or Network Activity with DVD-like playback. EVERY keystroke can be e-mailed in a detailed activity report every 15 minutes...anywhere in the world." | No |
| ? | reginfo32 | reginfo32.exe | ?? | No |
| X | Register Manager | RegistryManage.exe | Added by the SDBOT.AYH WORM! | No |
| N | Register MediaRing Talk | register.exe | If you don't want to register MediaRing and be reminded about it every bootup disable it | No |
| ? | Register SeqChk | regsvr32.exe ..csseqchk.dll | ?? | No |
| U | RegisterDropHandler | REGIST~1.EXE | Part of the OCR software TextBridge Pro 9.0 (and possibly earlier versions). Typically used with imaging devices such as scanners and digital cameras for creating text documents from images. This item will probably be displayed twice and will re-instate itself whenever you start the main program so leave it - once started it frees the memory it used. Its purpose and an explanation of how to correct a problem it creates for "Send To" can be found here. Note that you don't have to uninstall TextBridge for this fix to work and the program works fine afterwards. Not used on later versions of the software - hence the 'U' recommendation | No |
| X | Registration Service | toker.exe | Added by the SDBOT-BB WORM! | No |
| X | Registration Service | msvdm6.exe | Added by the SDBOT-HE TROJAN! | No |
| N | Registration-Studio 8 | RegTool.exe | Registration for Pinnacle Studio Version 8 home video software from Pinnacle Systems | No |
| X | Registry | wscript.exe ShakiraPics.jpg.vbs | Added by the VBSWG.AQ WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted. The "ShakiraPics.jpg.vbs" file is located in %Windir% | No |
| U | Registry | class0117[random].exe | Blackbox captures emails and chat logs, and monitors Internet activity - remove if you didn't intentionally install it | No |
| X | Registry Checker | Regrun.exe | Added by the SDBOT TROJAN! | No |
| X | Registry Checkup | winreg.exe | Added by an unidentified WORM or TROJAN! | No |
| X | Registry Checkup System326a Monitor | Winregs326a.exe | Added by a variant of the SDBOT WORM! | No |
| X | Registry Cleaner | Regclean.exe | Registry Cleaner misleading security software - not recommended, see here | No |
| X | Registry Integrity Checker | regintmon.exe | Added by a variant of the AGOBOT/GAOBOT WORM! | No |
| X | Registry Integritycheck | WCPDT.EXE | Added by the AGOBOT-RF WORM! | No |
| X | Registry Loader | regloadr.exe | Added by the GAOBOT.AO WORM! | No |
| X | Registry Loader | winhlpp32.exe | Added by the GAOBOT.AO WORM! | No |
| U | Registry Mechanic | RegMech.exe | Part of Registry Mechanic from PC Tools - which "is an advanced registry cleaner for Windows that can safely clean, repair and optimize your registry in a few simple mouse clicks!". This entry is created when Registry Mechanic is installed on XP and loads the System Tray icon and runs a registry scan at startup - if either are enabled | Yes |
| U | Registry Mechanic Vista Tray | RMTray.exe | Part of Registry Mechanic from PC Tools - which "is an advanced registry cleaner for Windows that can safely clean, repair and optimize your registry in a few simple mouse clicks!" This entry is created when Registry Mechanic is installed on Vista and loads the System Tray icon (RegMech.exe) and runs a registry scan at startup - if either are enabled | Yes |
| X | Registry Monitor | regmon.exe | Added by the BCKDR-QKH BACKDOOR! | No |
| X | Registry oidet | win32.exe | Added by the RBOT.BMT WORM! | No |
| X | Registry Protector | regprotect.exe | Added by the ARIVER.A WORM! | No |
| X | Registry Scanner | regscanr.exe | Added by a variant of the OPTIX TROJAN! | No |
| X | Registry Serv | regsvr.exe | Added by the WEBMONEY-G TROJAN! | No |
| X | Registry Server | regsrv32.exe | Added by the RBOT-GM WORM! | No |
| X | Registry Server | regserv.exe | Added by a variant of the IRCBOT TROJAN! See here | No |
| X | Registry Service | REGSRV32.EXE | Added by a variant of the RBOT WORM! | No |
| X | Registry Service | resvs.exe | Added by the DELBOT-I WORM! | No |
| X | Registry Service | regsvc.exe | Added by the IRCBOT-ZM BACKDOOR! | No |
| X | Registry Services | Registry.exe | Added by the CILE TROJAN! | No |
| X | Registry Startup Check | checkreg.exe | Added by the REMLOAD-A or DANMEC-B TROJANS! | No |
| X | Registry System | Regsys.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Registry System16 Checkup Monitor | SystemReg16.exe | Added by a variant of the RBOT WORM! | No |
| X | Registry System166 Checkup Monitor | SystemReg166.exe | Added by a variant of the RBOT WORM! | No |
| X | Registry Value Name | roses.exe | Added by the RBOT-AFT WORM! | No |
| X | Registry Value Name | service.exe | Added by the RBOT-AHT WORM! | No |
| X | Registry Value Name | winapi32.exe | Added by a variant of the RBOT WORM! | No |
| X | Registry Value Name | syswinxp.exe | Added by the RBOT.BTZWORM! | No |
| X | Registry Value Name | enzxp.exe | Added by the RBOT-BAJ WORM! | No |
| X | Registry Value Name Start | MsPMSPSa.exe | Added by a variant of the SDBOT WORM! | No |
| N | RegistryBooster | RegistryBooster.exe | RegistryBooster registry optimizer utility from Uniblue Systems Limited - which will "clean, repair and optimize your system." Run manually at regular intervals | Yes |
| X | RegistryCheck | rundll32.exe chkreg.dll, CheckRegistry | Ulubione adult content dialer. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| X | RegistryChk | winbackup.exe | Added by the MERTIAN WORM! | No |
| X | RegistryCleanFixMFC | registrycleanfix.exe | RegistryCleanFix rogue registry cleaner - not recommended | No |
| X | RegistryConfig | rundll.exe | Added by the AGOBOT-KN WORM! Note - this is NOT the Win9x/Me system file of the same name as described here | No |
| X | RegistryDoctor2008 | registrydoctor.exe | RegistryDoctor2008 rogue registry cleaner - not recommended, removal instructions here | No |
| X | RegistryFix.exe | registryfix.exe | RegistryFix rogue registry cleaner - not recommended, removal instructions here. The homepage for the tool has a poor reputation | No |
| X | RegistryGreat.exe | RegistryGreat.exe | Registry Great rogue registry cleaner - not recommended | No |
| U | RegistryMechanic | RegMech.exe | Part of Registry Mechanic from PC Tools - which "is an advanced registry cleaner for Windows that can safely clean, repair and optimize your registry in a few simple mouse clicks!". This entry is created when Registry Mechanic is installed on XP and loads the System Tray icon and runs a registry scan at startup - if either are enabled | Yes |
| U | RegistryMechanic | RMTray.exe | Part of Registry Mechanic from PC Tools - which "is an advanced registry cleaner for Windows that can safely clean, repair and optimize your registry in a few simple mouse clicks!" This entry is created when Registry Mechanic is installed on Vista and loads the System Tray icon (RegMech.exe) and runs a registry scan at startup - if either are enabled | Yes |
| X | RegistryMonitor | registry.pif | Affilred adware | No |
| X | RegistryMonitor | sysfade.exe | Added by the SYSFADE TROJAN! | No |
| X | RegistryMonitor1 | mljul1.exe | Added by the SPAMBOT TROJAN! | No |
| X | RegistryMonitor1 | qtplugin.exe | Added by the DELF-EZY TROJAN! | No |
| X | RegistryMonitor1 | igfxpers.exe | Added by the DELF-EZZ TROJAN! Note - this is not the legitimate Intel graphics driver which has the same filename | No |
| U | REGIST~1 | REGIST~1.EXE | Part of the OCR software TextBridge Pro 9.0 (and possibly earlier versions). Typically used with imaging devices such as scanners and digital cameras for creating text documents from images. This item will probably be displayed twice and will re-instate itself whenever you start the main program so leave it - once started it frees the memory it used. Its purpose and an explanation of how to correct a problem it creates for "Send To" can be found here. Note that you don't have to uninstall TextBridge for this fix to work and the program works fine afterwards. Not used on later versions of the software - hence the 'U' recommendation | No |
| X | Regkey for autostart | winservice.exe | Added by the RBOT-NU WORM! | No |
| U | RegKillTray | RegKillTray.exe | DVD region killer part of CloneDVD from Elaborate Bytes AG. Copies the main movie, Special Features and/or the original menu onto a DVD Recordable or onto your harddisk | No |
| U | RegMech | RegMech.exe | Part of Registry Mechanic from PC Tools - which "is an advanced registry cleaner for Windows that can safely clean, repair and optimize your registry in a few simple mouse clicks!". This entry is created when Registry Mechanic is installed on XP and loads the System Tray icon and runs a registry scan at startup - if either are enabled | Yes |
| X | Regmonitor | regmaping.exe | Added by the BEAGLE.DO WORM! | No |
| X | REGMSYS | [path to file] | Added by the LOWZONE-AX TROJAN! | No |
| X | RegMutex | lexplore_.exe | Added by the MSNOPT-A TROJAN! | No |
| X | RegPowerClean | RegPowerClean.exe | Registry Power Cleaner rogue registry cleaner - not recommended | No |
| Y | RegProt | Regprot.exe | RegistryProt from Diamond Computer Systems - protects the system registry against changes | No |
| X | Regptmens | REGPTMENS.EXE | Added by the BANCOS-ED TROJAN! | No |
| X | Regro | rundll132.exe | Added by the OKARAG TROJAN! | No |
| X | RegRun | mActiveX.exe | Adware downloader - also detected as a variant of the LOWZONES.BW or AGENT.RD TROJANS! | No |
| X | REGRUN | winfix22490.exe | Adware downloader - also detected as a variant of the LOWZONES.BW or AGENT.RD TROJANS! | No |
| X | REGRUN | [path to trojan] | Added by the LOWZONE-AH TROJAN! | No |
| X | REGRUN | regeditt.exe | Adware downloader - also detected as a variant of the LOWZONES.BW or AGENT.RD TROJANS! | No |
| X | REGRUN | sory.exe | Adware downloader - also detected as a variant of the LOWZONES.BW or AGENT.RD TROJANS! | No |
| X | REGRUN | dialer.exe | Adware downloader - also detected as a variant of the LOWZONES.BW or AGENT.RD TROJANS! | No |
| U | RegRun WinBait | winbait.exe | Part of RegRun - used to detect unknown viruses. RegRun compares winbait.exe with the original copy called winbait.org and warns if the files are different.. | No |
| Y | Regrun2 | WatchDog.exe | Greatis Software's RegRun security suite which amongst other things replaces MSCONFIG. The WatchDog check for registry changes caused by trojan's, viruses, etc | No |
| X | REGRUNM | autoprotect.exe | Added by an unidentified WORM or TROJAN! | No |
| X | Regrx | rundll32.exe | Added by the WAYIC-A TROJAN! Note - this is not the legitimate rundll32.exe process, which is found in %Windir% (98/ME) or %System% (NT/2K/XP). This one is located in %Windir% | No |
| X | Regscan | regscanr.exe | Added by the OPTIX-SE TROJAN! | No |
| X | RegScan | DLLSRV32.EXE | Added by the AGOBOT.AEW WORM! | No |
| X | RegScan | Regscan.exe | Added by the TALEX TROJAN! | No |
| ? | RegServer | regserve.exe | Related to XGI Technology's Volari graphics cards - what does it do and is it required? | No |
| X | regservices.exe | regservices.exe | Added by an unidentified VIRUS, WORM or TROJAN! | No |
| N | RegShave | regshave.exe | Part of the USB driver for your Fuji digital cameras - used when uninstalling the USB drivers, erasing all entries from the registry. Only required BEFORE attempting to uninstall the Fuji software or the uninstall may not work correctly | No |
| X | regsrv | regsrv.exe | Added by the OPTIXPRO.11 TROJAN! | No |
| X | regsrv | scvhost.exe | Added by the AGOBOT.E WORM! | No |
| X | RegSrv64D | RegSrv64D.exE | Added by the WINKO.AO WORM! | No |
| X | regsrvc | regsrvc.exe | Added by the STOPED-A TROJAN! | No |
| X | Regsv | regsv.exe | Search hijacker - redirecting to scheo.com | No |
| X | Regsvc | regsv.exe | Added by an unidentified TROJAN! | No |
| X | regsvc | sysd | Sys Detective+ spyware | No |
| X | regsvc32 | regsvc32.exe | Homepage hijacker that changes your homepage to an adult content site | No |
| X | regsvr | regsvr.exe | Added by the WEBMONEY-G TROJAN! | No |
| U | REGSVR32 | regsvr32.exe ctasio.dll | ASIO (Audio Stream In/Out) drivers for the SoundBlaster Audigy 2 series soundcards - for recording and home project studios. Required if you use this functionality | No |
| X | RegSvr32 | msmsgs.exe | Added by the ZLOB.B TROJAN! Note - this particular msmsgs.exe file is located in %System% and should not be mistaken for the MSN Messenger file of the same name which is located in %Program Files%\Messenger | No |
| X | regsync | regsync.exe | SafeSurfing adware | No |
| ? | regtmlp | N/A | ?? | No |
| U | RegTweak | RegTwk.exe | Rage3d Tweak - ATI Radeon tweaker which allows access to registry tweak options, custom display modes, refresh rates and overclocking all through an easy to use interface | No |
| U | RegUpdate | sb32mon.exe | Part of the SpyBuddy keystroke logger/monitoring program - see here. Remove unless you installed it yourself! | No |
| X | RegVer | REGVER.EXE | Added by the LATINUS.16 TROJAN! | No |
| X | RegVfy32 | Regverif32.exe | Added by the SYGYP.A WORM! | No |
| X | RegWrite | csrss.exe | Added by the SOKACAPS TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\Media | No |
| Y | Regx10EXE | ATIX10.exe | ATI Remote Wonder™ - PC wireless remote control driver. Required if you use it | No |
| X | reg_key | FUKULAMER.exe | Added by the BEAGLE.AH WORM! | No |
| X | reg_key | loader_name.exe | Added by the BEAGLE.Y or BEAGLE.Z or BEAGLE.AA WORMS! | No |
| X | Reg_WFT | Regsysw.com | Added by the WILSEF VIRUS! | No |
| X | Reg_WFT | scanreg32.com | Added by the SENNASPY-F TROJAN! | No |
| X | Reg_WFT | Regsysw.exe | Added by the WILSEF.A WORM! | No |
| U | ReleaseRAM | RRAM.exe | "Release RAM allows your computer to run faster and uses your computer's RAM more efficiently". MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mind | No |
| X | RelevantKnowledge | rlvknlg.exe | Marketscore.RelevantKnowledge adware | No |
| X | relinson | cmdno.exe | Added by the DROPPER-PS TROJAN! | No |
| X | reload | reload.vbs | Added by the LOVELETTER.AS VIRUS! | No |
| X | Reload | reload.exe | Added by the LAZAR TROJAN! | No |
| X | reluvage | ilulupac.exe | Added by the SDBOT-UJ WORM! | No |
| N | RemHelp | Remhelp.exe | BT Voyager ADSL Modem Help related | No |
| N | Reminder | reminder.exe | From MS Money. Reminds you of your bills | No |
| N | Reminder | Remind_XP.exe | HP-specific program that reminds users to create System Recovery CDs. Once they use the Recovery CD Creator (Start -> PC Help & Tools -> Recovery CD Creator) to make the recovery CDs the entry will remove itself from the startup list | No |
| N | Reminder | Reminder.exe | Registration reminder for the PC Pitstop Optimize 2.0 system optimizatoon utility by CA. Located in %ProgramFiles%\PCPitstop\Optimize2 | No |
| X | Reminder | Reminder.exe | Registration reminder for the Secure Expert Cleaner rogue privacy program - see here. Located in %ProgramFiles%\SecureExpertCleaner | No |
| N | Reminder-cpqXXXXX | remind32.exe | Compaq printer Registration | No |
| N | Reminder-hpcXXXXX | remind32.exe | HP CD-Writer Registration | No |
| N | Reminder-ranXXXXX | remind32.exe | Registration reminder widget for Rand Mcnally maps | No |
| N | reminder-ScanSoft Product Registration | remind32.exe | Registration reminder for ScanSoft products such as PaperPort | No |
| U | RemindMe | RemindMe.exe | Remind-Me - calendar software | No |
| N | Remind_XP | Remind_XP.exe | HP-specific program that reminds users to create System Recovery CDs. Once they use the Recovery CD Creator (Start -> PC Help & Tools -> Recovery CD Creator) to make the recovery CDs the entry will remove itself from the startup list | No |
| X | Remndr | CsRemnd.exe | CasinoOnline foistware | No |
| U | Remote | Remote.exe | Remote Control driver for LifeView internal and external TV products | No |
| U | Remote Access | rnaapp.exe | Dial-up networking application - not normally found in the startup locations. It runs when you connect to the net via this method (ie, analogue 56K modem) and terminates after the connection is closed | No |
| X | Remote Access Adapter | rvasvc.exe | Added by the IRCBOT.BIF BACKDOOR! | No |
| X | Remote Access Domain | rswsvc.exe | Added by the IRCBOT.BFA TROJAN! | No |
| X | Remote Access Monitor | rpgsvc.exe | Added by a variant of the IRCBOT TROJAN! See here | No |
| X | Remote Access Service Manager | rasmngr.exe | Added by the AGOBOT.KU WORM! | No |
| X | Remote Access Slave | Synchost.exe | Added by the RIPJAC TROJAN! | No |
| X | Remote Access Tool | rwosvc.exe | Added by a variant of the IRCBOT TROJAN! See here | No |
| N | Remote Control | Rc.exe | Hinet Hi-Five ISP software | No |
| N | Remote Controller | TVRMVCR.EXE | ProLink PlayTVpro TV tuner software | No |
| U | Remote Data Backups | CBSysTray.exe | System Tray access to Remote Data Backups online system/data backup utility | No |
| U | Remote Data Backups | COBackup.exe | Remote Data Backups online system/data backup utility | No |
| U | Remote Data Backups TaskBar Icon | CBSysTray.exe | System Tray access to Remote Data Backups online system/data backup utility | No |
| U | Remote Desktop Computing | marspc.exe | Marspc Remote Desktop Computing | No |
| X | Remote Desktop Help Session Manager | WinRDH.exe | Added by a variant of the SDBOT WORM! | No |
| X | Remote Event System | resmsvc.exe | Added by the IRCBOT.YF BACKDOOR! | No |
| U | Remote Management Agent | zenrc32.exe | Part of Novell's ZENworks - "Complete End-to-End Directory-enabled Network Management". Installed on a managed workstation fo an administrator to remotely manage the workstation. Required if the PC is a managed workstation | No |
| U | remote master | remote master.exe | Required if you want your ASUS Remote control to work at all. Available via Start -> Programs | No |
| X | Remote Procedure Call | winrpc.exe | Added by the RBOT-KM WORM! | No |
| X | Remote Procedure Call | winsysrpc.exe | Added by the SDBOT-PS WORM! | No |
| X | Remote Procedure Call For Windows 32bit | rpc.exe | Added by the RBOT-MD WORM! | No |
| X | Remote Procedure Call Locator | RUNDLL32.EXE reg678.dll ondll_reg | Added by the LOVGATE.F WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| X | Remote Procedure Calls | mswinrpc.exe | Added by the RBOT.KJ WORM! | No |
| X | Remote Procedure Calls | mswinc.exe | Added by the RBOT-IT WORM! | No |
| X | Remote Procedure Calls | win.exe | Added by the SDBOT-QI WORM! | No |
| X | Remote Services Manager | msrmsvc.exe | Added by a variant of the IRCBOT TROJAN! See here | No |
| X | Remote Storage Access | rmasvc.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Remote Terminal Task | rtsbsvc.exe | Added by the IRCBOT.AUZ BACKDOOR! | No |
| Y | Remote Update Monitor | imonitor.exe | Sophos Antivirus Remote Update utility - provides an easy way for remote workers to keep up to date with their virus protection via a website or network connection provided by their employer | No |
| Y | RemoteAgent | RAUAgent.exe | Trend Micro's Office Scan Client, see here - "Its Web-based management console gives administrators transparent access to desktop and mobile clients to coordinate automatic deployment of security policies and software updates" | No |
| U | RemoteCenter | RcMan.exe | Remote control for Creative MediaSource - plays back music in DVD-Audio, MP3, WMA, WAV and other media formats | No |
| U | RemoteControl | rmctrl.exe | Remote Control background application for Cyberlink's PowerDVD version 4 and above. Enables you to use a remote control with your DVD drive if your drive came with one. Not required if you don't have a remote control, or don't wish to use one | No |
| U | RemoteControl | PDVDServ.exe | Remote Control background application for Cyberlink's PowerDVD version 5 and above. Enables you to use a remote control with your DVD drive if your drive came with one. Not required if you don't have a remote control, or don't wish to use one | No |
| U | RemoteControl8 | PDVD8Serv.exe | Remote Control background application for Cyberlink's PowerDVD version 8. Enables you to use a remote control with your DVD drive if your drive came with one. Not required if you don't have a remote control, or don't wish to use one | No |
| N | Remote_Agent | RemoteAgent.exe | Cyberlink's Power VCR II 3.0 is a TV tuner recording utility. If you want to schedule recordings you'll need this, otherwise can be disabled. Available via Start -> Programs | No |
| X | Remove 54tr10 | smss.exe | Added by the BRONTOK-CH WORM! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in Documents and Settings\<User>\Local Settings\Application Data | No |
| X | REMOVE ME | windos.exe | Added by the SDBOT.EE WORM! | No |
| X | REMOVE ME | tbbzxzxcxxcx.exe | Added by the SDBOT-TA WORM! | No |
| X | REMOVE ME | asclt.exe | Added by the RANDEX-FC WORM! | No |
| N | Removecpl | Removecpl.exe | Related to a Belkin 54Mbps Wireless Utility Control Panel applet | No |
| X | Removed.exe | Removed.exe | GatorCheat - adware downloader | No |
| U | RemoveIT Pro XT | removeit.exe | RemoveIT Pro from InCode Solutions - spyware, virus and malware removal tool | No |
| ? | RemStart | remstart.exe | Part of McAfee's Remote Desktop 32 Agent application. What does it do and is it required? | No |
| X | renascimento | svchost.exe | Added by the BANKER.GAX TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\Help | No |
| ? | RenolB | ib.exe | ?? | No |
| X | repl | repl.exe | Added by the YABE.CD TROJAN! | No |
| U | Replay Center | ReplayRadio.exe | Replay Radio - "makes it easy to automatically record your favorite radio shows, so you can listen wherever and whenever you like" | No |
| U | Replicator | PTReplicator.exe | Replicator from Karen's powertools. "Automatically backup files, directories, even entire drives!" | No |
| U | RepliGo Assistant | RepliGoMon.exe | Cerience RepliGo software - "any document you have on your PC can be transferred to your mobile device" | No |
| U | ReproPRD | PrdUsb.exe | Thrustmaster Corporation Presets application - a game controller driver, presumably necessary for certain functions to work | No |
| X | requester | requester.*.exe | Added by a variant of the MUQUEST.A trojan - NOTE: the * stands for a digit, examples: requester.5.exe, requester.10.exe | No |
| X | Requester | requester.11.exe | Added by the MUQUEST TROJAN! | No |
| X | Required Service Drivers | micront.exe | Added by the RBOT-ABD WORM! | No |
| X | resagnt | restun.exe | Detected by Panda as the DOWNLOADER.ALQ TROJAN! Adware downloader | No |
| U | ResChanger2004 | ResChanger2004.exe | EVGA graphic card utility providing easy access to display settings | No |
| X | reseurce | [path to trojan] | Added by the LINEAGE-AI TROJAN! | No |
| X | reseurce | svchost.exe | Added by the LINEAGE-FV TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder | No |
| U | Resolution Assistant | matcli.exe | Dell Resolution Assistant. "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, state, etc and gets written to a log file". Resolution Assistant is required to run with the Help and Support program. If you uncheck Resolution Assistant and and then run Help and Support it will add another Resolution Assistant in the startup menu. If you remove the Resolution Assistant in the add/remove program some help menus in help and support will not be available. You decide | No |
| N | Resource Meter | rsrcmtr.exe | Windows Resource Meter. Available via Start -> Programs. You may want this enabled if your PC is suffering from crashes and want to know potential causes | No |
| X | RESpyWare.exe | RESpyWare.exe | RESpyWare rogue security software - not recommended, removal instructions here. A member of the AntiAID family | No |
| ? | Restart Watch | Watch.exe | Associated with an Eicon Networks Diva ISDN or ADSL modem. What does it do and is it required? | No |
| U | Restart WSC Setting | wscrestp.exe | WinStart Commander - part of Ultra WinCleaner Utility Suite. Starts Windows faster and controls hidden programs to boost performance and prevent system slow downs and crashes | No |
| ? | Restart_VS | Viewsonic.exe | Could be a left-over from the installation of a Viewsonic flat panel display | No |
| X | Restore | restore.exe | Antispyware Shield Pro rogue security software - not recommended, removal instructions here | No |
| X | Restore Operation | svchots.exe | Added by a variant of the RBOT WORM! | No |
| U | RestoreDesktop | RestoreDesktop.exe | Softwarium Restore Desktop "is a Windows Context Menu addition that automatically saves and restores the icons' positions on the Windows desktop after a resolution change" | No |
| Y | RestoreIT! | VBPTASK.EXE | RestoreIT! from FarStone - "automatically backs up all files on your computer to a protected partition on your hard drive" | No |
| X | restorer32_a | restorer32_a.exe | Added by the AGENT.CQQB TROJAN! | No |
| X | restorer64_a | restorer64_a.exe | Added by the DLDR-BY TROJAN! | No |
| X | restory | restory.exe | Added by the RETSAM TROJAN! | No |
| U | Resume Copy | copyfstq.exe | Part of Total Copy - an improved version of the Windows copy function. Allows for resumption file copies or moves in progress when computer was shut down. Not required if your not using the program or don't care about that function | No |
| U | ResumeFixClocks | resumefix.exe | Part of the RadeonTweaker utility for overclocking ATI Radeon graphics cards | No |
| X | reszrv | [8 random letters].exe | Added by a variant of the SDBOT WORM! See here | No |
| X | retime | retime.exe | Added by the GIPMA TROJAN! | No |
| U | RetrieverScheduler | retrieverscheduler.exe | 80-20 Retriever from 80-20 - "80-20 Retriever is a powerful personal search tool that encompasses email folders, archived email, and local or network file systems, giving users one point of fast, accurate search for all personal information". Real-time scheduler - shortcut available | No |
| U | RetroExpress | RetroExpress.exe | EMC (was Dantz) Retrospect Express - backup software for external hardware storage devices | No |
| U | RevoTaskbarApp | RevoTask.exe | Control Application for M-Audio Revolution 7.1 sound card. The sound card will function without it - but changes to speaker setup and sound modification (Bass/Treble etc) will not be available | No |
| N | RexSyMon | rexsymon.exe | Intellisync for REX sychronization software for Xircom REX MicroPDAs for sharing information between the PDA and PC | No |
| X | RF | EC.exe | Added by the LINEAGE-U TROJAN! | No |
| U | rfagent | rfagent.exe | Registry First Aid - scans the Windows registry for orphan file/folder references, finds these files or folders on your drives that may have been moved from their initial locations, and then corrects your registry entries to match the located files or folders | No |
| X | rforce | EXP1ORER.EXE | Added by the DROPPER.KN TROJAN! Note the number "1" in the filename rather than letter "L". It also drops another file named DEVICEMAP.SYS which is the ROOTKIT.O TROJAN! | No |
| N | RFTray | RFTRay.exe | Reality Fusion GameCam Video Interaction Technology Software that comes with the Logitech QuickCam PC video camera and other USB cameras. It's only an icon that appears on your System Tray. Available via Start -> Programs | No |
| Y | rfw | Rfw.exe | RAV AntiVirus | No |
| Y | RfwMain | rfwmain.exe | Rising antivirus | No |
| ? | rfwydg | rfwydg.exe | ?? | No |
| N | RFX_auto_upgrade | rundll32.exe npvpg005.dll | A browser plugin called the RichFX player. Here is a link to download RichFX's solution to removing the auto upgrade | No |
| X | Rg2catbd | Rg2catbd.exe | Added by a variant of the BANLOAD family of TROJANS! | No |
| U | RH | rh32.exe | EuroFonts - adds Euro symbols to pre-Euro computers | No |
| X | Rhg | rundll32.exe | Added by the LINEAG-BIT TROJAN! Note - this is not the legitimate rundll32.exe process, which is found in %Windir% (98/ME) or %System% (NT/2K/XP). This one is located in %Windir%\inf | No |
| X | Rhino | [random name]32.exe | Added by the BOFRA.A WORM! | No |
| U | RhinoBlocker | RhinoBlocker.exe | RhinoBlocker - pop-up stopper | No |
| N | RHPTray | RHPTray.exe | System tray access to Red Hot Pawn - online chess | No |
| N | RHSI SHS | SHS.exe | Rogers Hi-Speed Internet software. "Should you ever lose access to your Rogers Hi-Speed Internet connection or e-mail, the Self-Healing Software (SHS.exe) will automatically repair your settings to get you up and running in a flash" | No |
| X | Riau | nmrc.exe | PurityScan adware | No |
| X | RichMedia | HBHelper.dll | HenBang adware | No |
| X | RichMedia | rundll32.exe [path] hbcast.dll, WaitWindows | Henbang adware variant. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| X | richup | richup.exe | SafeSurfing adware | No |
| U | RightFAX Print-to-Fax Driver | FaxCtrl.exe | Part of RightFAX from Captaris - "the proven market leader in fax server and document delivery software" | No |
| U | Ring Central Fax | rcenterrll.exe | Only needed if you want a PC to answer faxes automatically | No |
| X | rIOphosIs | rIOPHosIs.vBS | Added by the RIOSYS MACRO! | No |
| N | Riorad Manager | riomgr.exe | "Riorad Explorer is hands-down the most advanced Windows software companion for your Rio MP3 player" | No |
| ? | RIS2PostReboot | LaunchRIS2.exe | Part of the programming software for LEGO® Mindstorms robotic building system. What does it do and is it required? | No |
| U | RivaTuner | RivaTuner.exe | RivaTuner is a tweaking utility for NVIDIA (and to a lesser extent AMD/ATI) chipset based graphics cards. This startup entry is for XP and can appear twice - with registry key names of "RivaTuner" and "RivaTunerStartupDaemon" respectively. The former minimizes it to the System Tray and is primarily required only if you want to use the "Launcher" or monitoring options. The latter applies overclocking changes to clocks and memory (for example) at startup and then exits. See the FAQ for more information | Yes |
| U | RivaTuner | RivaTunerWrapper.exe | RivaTuner is a tweaking utility for NVIDIA (and to a lesser extent AMD/ATI) chipset based graphics cards. This startup entry is for Vista and can appear twice - with registry key names of "RivaTuner" and "RivaTunerStartupDaemon" respectively. Both load the main application (RivaTuner.exe). The former minimizes it to the System Tray and is primarily required only if you want to use the "Launcher" or monitoring options. The latter applies overclocking changes to clocks and memory (for example) at startup and then exits. See the FAQ for more information | Yes |
| U | RivaTuner Application | RivaTuner.exe | RivaTuner is a tweaking utility for NVIDIA (and to a lesser extent AMD/ATI) chipset based graphics cards. This startup entry is for XP and can appear twice - with registry key names of "RivaTuner" and "RivaTunerStartupDaemon" respectively. The former minimizes it to the System Tray and is primarily required only if you want to use the "Launcher" or monitoring options. The latter applies overclocking changes to clocks and memory (for example) at startup and then exits. See the FAQ for more information | Yes |
| U | RivaTunerStartupDaemon | RivaTuner.exe | Part of RivaTuner - a tweaking utility for NVIDIA (and to a lesser extent AMD/ATI) chipset based graphics cards. This entry is for XP and applies overclocking changes to clocks and memory (for example) at startup and then exits. See the FAQ for more information | Yes |
| U | RivaTunerStartupDaemon | RivaTunerWrapper.exe | Part of RivaTuner - a tweaking utility for NVIDIA (and to a lesser extent AMD/ATI) chipset based graphics cards. This entry is for Vista and loads the main application (RivaTuner.exe) to apply overclocking changes to clocks and memory (for example) at startup and then exits. See the FAQ for more information | Yes |
| U | RivaTunerWrapper Application | RivaTunerWrapper.exe | RivaTuner is a tweaking utility for NVIDIA (and to a lesser extent AMD/ATI) chipset based graphics cards. This startup entry is for Vista and can appear twice - with registry key names of "RivaTuner" and "RivaTunerStartupDaemon" respectively. Both load the main application (RivaTuner.exe). The former minimizes it to the System Tray and is primarily required only if you want to use the "Launcher" or monitoring options. The latter applies overclocking changes to clocks and memory (for example) at startup and then exits. See the FAQ for more information | No |
| ? | RjLyraInstaller | setup.exe | ?? | No |
| U | RK Launcher | RKLauncher.exe | RK Launcher by RaduKing - "is a free application that will allow the user to have a visually pleasing bar at the side of the screen that is used to quickly launch shortcuts" | No |
| X | RKLG Startup | klg.exe | Local Keylogger Pro spyware | No |
| X | RKrx | rundll32.exe | Added by the LINEAG-ADA TROJAN! Note - this is not the legitimate rundll32.exe process, which is found in %Windir% (98/ME) or %System% (NT/2K/XP). This one is located in %Windir%\down | No |
| X | RKrx | rundll32.exe | Added by a variant of the LINEAG-ADA TROJAN! Note - this is not the legitimate rundll32.exe process, which is found in %Windir% (98/ME) or %System% (NT/2K/XP). This one is located in %Windir%\inf | No |
| X | rmalt | [random filename] | Added by the CLICKER-CS TROJAN! Filenames spotted inlcude Setup.exe, Keygen.exe, Keygen-Serial.exe, Photoshop.CS2.KeyGen.exe and more | No |
| U | rmctrl | rmctrl.exe | Remote Control background application for Cyberlink's PowerDVD version 4 and above. Enables you to use a remote control with your DVD drive if your drive came with one. Not required if you don't have a remote control, or don't wish to use one | No |
| X | rmdrfje.dll | rundll32.exe rmdrfje.dll,[random characters] | Added by the DLOADR-ANM TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "rmdrfje.dll" file is located in %Windir% | No |
| N | rmmon | mprmmon.exe | Resource Monitor for the now defunct Chromatic Research MPact2 3DVD graphics card | No |
| U | rmoc3260.dll OCX | regsvr32.exe rmoc3260.dll | A module that contains COM components for media playback used by both RealPlayer and Windows Media Player - see here. The "rmoc3260.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| ? | RMremote | RmRemote.exe | Remote control driver for REALmagic Xcard. Is it required? | No |
| X | rn4d | dirote.exe | Added by the MAROON.A TROJAN! | No |
| U | Rnaomflt | naomf.exe | Naomi internet filtering software | No |
| X | RNBc Test | wf32vbs.exe | Added by the RBOT-AGR WORM! | No |
| X | RNBc Test | bvldv32.exe | Added by the RBOT-AJF WORM! | No |
| U | RNBOStart | sentstrt.exe | Program used to initialise the VxD virtual driver for Sentinel drivers associated with Rainbow H/W keys that plug-in to the parallel port. These are usually supplied with workplace design tools and restrict the use of the software only to the machine to which the H/W key is connected. Required if you have such tools | No |
| X | RNBz Test | wf32vbc.exe | Added by the RBOT-AEY WORM! | No |
| X | RNDc Test | wf32b.exe | Added by a variant of the SDBOT WORM! | No |
| ? | rndll2 | rndll2.exe | May be related to the DivX program as a *.dat file in the same directory had "DivXPro505Bundle.exe" mentioned within? | No |
| X | rngmf | [path to trojan] | Added by the RANKY.C TROJAN! | No |
| X | Rnudll32 | tadxtr.exe | Added by the QQPASS-O TROJAN! | No |
| X | rnwabmig | rnwabmig.exe | Added by the AGENT-LMI TROJAN! | No |
| ? | rnxqh | rnxqh.exe | ?? | No |
| X | Roam04 | ActiveX.exe | Added by the ROAMER-A TROJAN! | No |
| N | RoboForm | RoboTaskBarIcon.exe | Roboform - password manager and web form filler. Will work without this startup entry, as the "active" component is an integrated Internet Explorer browser plugin | No |
| N | RoboFormWatcher | RoboFormWatcher.exe | Roboform from Siber Systems. Automatically completes web forms. Available via Start -> Programs | No |
| U | Rocket.Time | RocketTime.exe | Rocket.Time - time synchronization software from Rocket Software | No |
| N | RocketDock | RocketDock.exe | "RocketDock is a smoothly animated, alpha blended application launcher. It provides a nice clean interface to drop shortcuts on for easy access and organization" | No |
| X | Roflcopteur | seman.exe | Added by an unidentified WORM or TROJAN! | No |
| Y | RogueMonitor | RogueRemoverPRO.exe | Part of Malwarebytes' RogueRemover PRO - the realtime "RogueMonitor will alert you before you download a rogue application keeping you safe and secure before trouble occurs." Now discontinued and the funtionality is included in Malwarebytes' Anti-Malware | Yes |
| Y | RogueRemoverPRO | RogueRemoverPRO.exe | Part of Malwarebytes' RogueRemover PRO - the realtime "RogueMonitor will alert you before you download a rogue application keeping you safe and secure before trouble occurs." Now discontinued and the funtionality is included in Malwarebytes' Anti-Malware | Yes |
| ? | roketpipe | rpclient.exe | ?? | No |
| U | Rollback | RollbackTray.exe | Added by the RollBack Rx system restore program | No |
| X | rollbk | dsm.exe | Added by the SERFLOG.B WORM! | No |
| X | rollbk | msmpatch.exe | Added by the SERFLOG.B WORM! | No |
| X | rollbk | svosm.exe | Added by the SERFLOG.B WORM! | No |
| X | rollbk | sysup.exe | Added by the SERFLOG.B WORM! | No |
| X | romahere | matrixhere.exe | SuperSpider hijacker - a CoolWebSearch parasite variant | No |
| X | romahere2 | ************.exe [* = random char] | SuperSpider hijacker - a CoolWebSearch parasite variant. Also detected as the KREPPER-AE TROJAN! | No |
| X | romahere3 | ************.exe [* = random char] | SuperSpider hijacker - a CoolWebSearch parasite variant. Also detected as the KREPPER-AE TROJAN! | No |
| X | Root_Machine | [path to trojan] | Added by the BANCBAN-DI TROJAN! | No |
| X | ROOT_Machine | winlogon.exe | Added by the BANKER-FI TROJAN! Note - this is not the legitimate winlogon.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\inf | No |
| X | RosTika | RosTika.exe | Added by the BRONTOK-BU WORM! | No |
| ? | ROUTD | ROUTD.exe | ?? | No |
| X | Router | Router.exe | Added by the AGENT.FJN TROJAN! | No |
| N | RoxAssist | RoxAssist.exe | Roxio Assistant is designed to correct Engine Initialization errors. If Easy CD & DVD Creator's Engine does not initialize, the applications in Easy CD & DVD Creator will not recognize your recorder. After running this program you should receive the message "Engine initialized successfully with full recorder support". If you do not receive the message, update your Virus software and then check and clean your system for viruses. After the removal of any viruses, uninstall and then reinstall Easy CD & DVD Creator (use "Add Remove Programs" in "Control Panel"). Can be run manually | No |
| ? | Roxio Engine | MSMNGR32.EXE | Not believed to be a valid Roxio program - more likely a variant on the WOMANIZ.A TROJAN! | No |
| N | RoxioAudioCentral | RxMon.exe | Part of Roxio EasyCD Creator 6.0 - places the Roxio AudioCentral icon in you system tray. "Includes a player, media manager, ripper, tag and sound editor - integrated in a single application". Not required for Roxio to work properly. | No |
| N | RoxioDragToDisc | DrgToDsc.exe | Part of Roxio EasyCD Creator 6.0 - places the Roxio Drag-to-Disc icon in you system tray. "Easily drag and drop files for burning to CD or DVD. Disc formatting and burning will happen automatically". Not required for Roxio to work properly | No |
| Y | RoxioEngineUtility | EngUtil.exe | Part of Roxio EasyCD Creator 6.0 - corrects any modification made to the Roxio Engine, it exits after checking | No |
| N | RoxWatchTray | RoxWatchTray.exe | System Tray icon installed by Roxio Easy Media Creator 8 and which allows you to configure your watched folders or to turn the "Watched Folders" feature of Roxio ON or OFF | No |
| U | RP32 | rp32.exe | Unicenter Remote Control (was Remotely Possible) from Enterprise International for remote control and access to Win9x/NT systems | No |
| X | RPC | MSschost.exe | Added by a variant of the AGOBOT/GAOBOT WORM! | No |
| X | RPC DCOM Vulnerability Patch | msgfix.exe | Added by the RBOT.S WORM! | No |
| X | RPC Drivers | rpcall.exe | Added by the SDBOT.FLY WORM! | No |
| X | RPC Patcher | [path to worm] | Added by the BOLGI WORM! | No |
| X | RPC Service | [random filename] | Added by the BDOOR-AAD BACKDOOR! | No |
| X | rpc Win32 | shost32.exe | Added by the RBOT-ABL WORM! | No |
| X | rpc Win32 | spoolscv.exe | Added by a variant of the RBOT WORM! | No |
| X | RPCall_WIN2K | Kurawas.exe | Added by the BHARAT.A WORM! | No |
| X | RPCall_[ComputerName] | smhost.exe | Added by the REDPLUT-B TROJAN! | No |
| X | rpcc | rpcc.exe | Added by the SPAMMIT-E TROJAN! | No |
| X | rpcda Win32 | rpcda.exe | Added by the RBOT-AEE WORM! | No |
| X | RPCser32g | services.exe | Added by the RITDOOR-C WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | RPCser32g1 | services.exe | Added by the PREX.D WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | RPCser32g3 | services.exe | Added by the PREXOT.D BACKDOOR! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | RPCser32g4 | services.exe | Added by the PREXOT.E BACKDOOR! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | RPCserr32g | winlogon.exe | Added by the RITDOOR-B WORM! Note - this is not the legitimate winlogon.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | RPCserv32 | services.exe | Added by the MYDOOM.AL WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | RPCserv32g | services.exe | Added by the BOBAX.AA WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | RPCserv32g | CSRSS.EXE | Added by the BOBAX.AD WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | RPCserv32g | MSDEFR.EXE | Added by the BOBAX.AD WORM! | No |
| X | RPCserv32g | NB32EXT2.EXE | Added by the BOBAX.AD WORM! | No |
| X | RPCserv32g | WINLOGON.EXE | Added by the BOBAX.AD WORM! Note - this is not the legitimate winlogon.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| Y | RPCSS.exe | rpcss.exe | Remote Procedure Call. Required by windows for programs to communicate with each other on networks/different machines. Originally for NT only but now installed with Win98/98se. Under Win98/98se, a program may need it to communicate with other components of itself. You could delete the program but if any abnormalities occur soon after then reinstall. Under NT, deleting this critical system component will disable the OS. For a more detailed explanation see here | No |
| X | RpcxWindows Extensions | rpcxwinex.exe | Added by the RBOT.ACP WORM! | No |
| U | RPSP | Rpsserv32.exe | Red Pill Spy surveillance software. Uninstall this software unless you put it there yourself | No |
| X | Rr2 | rundll32.exe | Added by the LINEAG-ADI TROJAN! Note - this is not the legitimate rundll32.exe process, which is found in %Windir% (98/ME) or %System% (NT/2K/XP). This one is located in %Windir%\addins | No |
| X | RRMedic | rrmedic.exe | Troubleshooting utility for the RoadRunner cable internet service. Not required and you are advised to completely uninstall it. Provides a lot of false alarms and gets a lot of people panicking about there internet connection | No |
| X | rrmso | bqhrmug.exe | Added by the AGENT-GYY TROJAN! | No |
| X | rro | rundll32.exe | Added by the LINEAG-AAE TROJAN! Note - this is not the legitimate rundll32.exe process, which is found in %Windir% (98/ME) or %System% (NT/2K/XP). This one is located in %ProgramFiles%\Microsoft | No |
| X | rs32net | rs32net.exe | Added by the AGENT-IFH TROJAN! | No |
| U | rscmpt | rscmpt.exe | Required on the GeFroce 64 meg MX card to show the full 64 meg memory and appears to be a software memory emulator running under the Win2K - see here. High CPU useage results - hence the U status | No |
| X | rsmb | rsmb.exe | Added by the WAREZOV.C WORM! | No |
| X | rsmb32 | rsmb32.exe | Added by the STRATION.AV WORM! | No |
| U | rsMenu | rsMenu.exe | Enterprise Harmony 99 for CASIO - synchronization software for use with Microsoft® Outlook 97/98/2000. Formally Randsoft Harmony '98 | No |
| X | RSPC Driver | [random filename].exe | Added by the RBOT-SN WORM! | No |
| X | RSPC Driver D | [random filename] | Added by a variant of the RBOT WORM! | No |
| ? | RSRCMTZ | RSRCMTZ.exe | ?? | No |
| X | rsrvmon.exe | rsrvmon.exe | Added by the AGENT.NY TROJAN! | No |
| X | RSS | rundll32 RSSToolbar.dll, DllRunMain | "Related Sites" toolbar - SearchAndClick hijacker variant | No |
| U | RssReader | RssReader.exe | RssReader - a free RSS reader able to display any RSS and Atom news feed (XML) | No |
| X | RsWin | lsass.exe | Added by the DELCANTI-B TROJAN! Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "12053" subfolder | No |
| X | RSync | netsync.exe | SafeSurfing adware | No |
| X | rtasks | rtasks.exe | Part of the AVSystemCare rogue security software and other members of this family. See here for more examples | No |
| U | rtcdll | rtcdll.exe | RTCDLL is "Real Time Communication" and is associated with Windows Messenger (the IM application, not messenger service). It is only necessary if you use Windows Messenger. Most people use MSN Messenger instead, so it is not required in those cases | No |
| N | RTHDCPL | RTHDCPL.EXE | Realtek HD Audio Control Panel, installed with the XP/2K drivers for on-board Realtek HD audio codecs. Unless you have the default (but optional) System Tray icon enabled, the only purpose this entry serves is to detect and allow you to configure any devices plugged into the jacks - such as headphones and a microphone. With the System Tray icon enabled it will also inform you when devices are removed and give you access to the Sound Manager and other multimedia functions. The Sound Manager is also available via the Control Panel and this entry is therefore only required if you regularly change sound schemes | Yes |
| N | RtHDVCpl | RtHDVCpl.exe | Realtek HD Audio Manager, installed with the Vista drivers for on-board Realtek HD audio codecs. Unless you have the default (but optional) System Tray icon enabled, the only purpose this entry serves is to detect and allow you to configure any devices plugged into the jacks - such as headphones and a microphone. With the System Tray icon enabled it will also inform you when devices are removed and give you access to the Sound Manager and other multimedia functions. The Sound Manager is also available via the Control Panel and this entry is therefore only required if you regularly change sound schemes | Yes |
| X | rtkernsw | [random filename] | Added by a variant of the SLAPER TROJAN! | No |
| X | rtl.exe | rtl.exe | Added by the TIOTUA-J TROJAN! | No |
| N | RtlMon.exe | RtlMon.exe | Monitor for RealTek network card | No |
| Y | RTMonitor | RTMonitor.exe | Cheyenne (now eTrust) antivirus | No |
| X | rtos | rtos.exe | IRC trojan | No |
| ? | RTStartMute | N/A | ?? | No |
| Y | rtvscn95 | RTVSCN95.EXE | Real-time virus scanner component of Norton Anti-Virus Corporate Edition | No |
| U | RtWLan | RtWLan.exe | Configuration utility for the Netgear WG111 54 Mbps Wireless USB 2.0 Adapter that "provides wireless access to your desktop or notebook PC through the computer's USB port" | No |
| X | RubeL | RubeL.exe | Added by the RUBY-B TROJAN! | No |
| X | Ruby13 | Ruby13.exe | Added by the MEXER.E WORM! | No |
| X | Ruby14 | Ruby14.exe | Added by the FIGHTRUB-A WORM! | No |
| X | ruin | system32.exe | Added by the DELF-JM TROJAN! | No |
| U | RuLaunch | RuLaunch.exe | Instant Updater for McAfee's VirusScan, Internet Security, Quick Clean, Uninstaller and Firewall products. In the case of VirusScan leave it enabled unless you update manually on a regular basis | No |
| X | Run | real.exe | Added by the LOVGATE.E WORM! | No |
| X | run | Autoexec.com | Added by the HOLCAS.A WORM! | No |
| X | run | inetinfo.exe | Added by the BINGHE TROJAN! | No |
| X | Run | help.exe | IESearchToolbar parasite. Identified by Ewido Security Suite (Ewido is now part of AVG Technologies) as the DELF.LF TROJAN! | No |
| X | run | services.exe | Added by the KREPPER-N TROJAN! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\inet10066 | No |
| X | run | rundll32.exe rsrc.dll | Chinese originated browser hijacker - redirecting to 4199.com Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| X | run | cchost.exe | Added by the SQUATBOT-C TROJAN! | No |
| X | run | e.exe | Added by the IMONI-E TROJAN! | No |
| X | run | winsys32.exe | Added by the DELF.CP BACKDOOR! | No |
| X | run | mexica.exe | Added by the AUTORUN.AEV WORM! | No |
| X | Run | Manager.exe | Added by the DELF.EUN TROJAN! The file is found in %AppData%\Roaming\Adobe - see the link for more information | No |
| U | Run Google Web Accelerator | GoogleWebAccWarden.exe | Google Web Accelerator | No |
| X | Run Msn Messenger | msnmgr.exe | Added by the AGOBOT.HA WORM! | No |
| X | Run MSupdt32 | wscript MSupdt32.vbs | Added by the CASER WORM! | No |
| U | Run Nintendo Wi-Fi USB Connector Registration Tool | NintendoWFCReg.exe | Related to Wi-Fi USB Connector from Nintendo | No |
| U | Run POPFile in background | perl.exe | POPFile - E-mail spam blocker | No |
| U | Run POPFile in background | wperl.exe | POPFile - E-mail spam blocker | No |
| X | Run Services as Application | localsvc.exe | Added by the DLOADER-NY TROJAN! | No |
| X | Run Services as Application | netsvc.exe | Added by the DLOADER-NY TROJAN! | No |
| X | Run Services as Application | spoolsvc.exe | Added by the DLOADER-NY TROJAN! | No |
| X | Run Services as Application | svcadmin.exe | Added by the DLOADER-NY TROJAN! | No |
| X | Run Services as Application | svcman.exe | Added by the DLOADER-NY TROJAN! | No |
| X | Run Services as Application | svcrun.exe | Added by the DLOADER-NY TROJAN! | No |
| X | Run Services as Application | tcpsvc.exe | Added by the DLOADER-NY TROJAN! | No |
| X | Run Services as Application | websvc.exe | Added by the DLOADER-NY TROJAN! | No |
| U | Run StartupMonitor | StartupMonitor.exe | Mike Lin's StartupMonitor, throws up an alert and asks your permission every time any change is made to your start-up configuration, either in the registry or start menu | No |
| X | run windows | servic.bat | Added by the REBOOT-AP TROJAN! | No |
| X | Run05 | rundll_32.exe | Added by the BANCOS-DT TROJAN! | No |
| X | run32 | run32dll.exe | Added by the SDBOT-CWB WORM! | No |
| X | run32dll | WINClock.exe | Added by an unidentified VIRUS, WORM or TROJAN! | No |
| X | run32dll | task32.exe | Added by an unidentified VIRUS, WORM or TROJAN! | No |
| X | Run32dll | ocxdll.exe | Added by an unidentified VIRUS, WORM or TROJAN! | No |
| N | run= | cmmpu.exe | MIDI emulator driver for the integrated sound chip by C-Media based on the CMI-8330 chip set normally found in cheap motherboards. Also installed as part of the software for a Guillemot Maxi Muse sound card (PCI) | No |
| N | run= | hpfsched | HPFSCHED is a small TSR that will remind you to clean the cartridges in your DeskJet from time to time in order to keep print quality high. It can be removed from the run line in win.ini if you do not want that feature | No |
| N | run= | lxdboxcp.exe | Lexmark DOS-Printing Control Program for the Lexmark 2050. Only required if you need to print from DOS | No |
| N | run= | pcfix2k.exe | pcfix2k splash screen | No |
| X | run= | ptlseq.cpl | PhoenixNet BIOS adware. See here | No |
| U | run= | ramsys.exe | Advanced Startup Manager from Rays Lab | No |
| ? | run= | wallflip.exe | Desktop wallpaper changer? | No |
| X | run= | svcinit.exe | CoolWebSearch parasite variant | No |
| X | run= | fntldr.exe | CoolWebSearch Tapicfg parasite variant | No |
| Y | run= | smsrun16.exe | Microsoft Systems Management Server (SMS) related - program that reads SMSRUN16.INI on clients running Win 3.1, Windows for Workgroups, Win95, or OS/2 to create program groups on the client and then launch SMS client programs | No |
| ? | run= | win.ini | ?? | No |
| X | run= | RAVMOND.exe | Added by the LOVGATE-F WORM! | No |
| X | run= | dec25.exe | Added by the ATAK.F WORM! | No |
| ? | run= | LXBTppls.exe | Reportedly part of Lexmark printer software - what does it do and is it required? | No |
| N | run= | fmedia.exe | FMedia FaxWorks related - can be run manually | No |
| Y | run= | wswpd.exe | Used with some models of Panasonic, Epson and NEC printers - required for printer to work | No |
| X | run= | cyxid98.exe | Unidentified malware | No |
| X | run= | info32.exe | CoolWebSearch Tapicfg parasite variant | No |
| X | run= | mouse_configurator.win | Added by the GAGGLE.E WORM! | No |
| X | run= | RegistryReminder.exe | Added by the APSTROJAN.OB TROJAN! | No |
| X | run= | sec5dec.exe | Added by the ATAK.G WORM! | No |
| X | run= | wmplayer.exe | CoolWebSearch Smartsearch parasite variant | No |
| X | run= | Autoexec.com | Added by the HOLCAS.A WORM! | No |
| X | run= | htmlsync.exe | Searchforfree.info browser hijacker | No |
| X | run= | msoffice.exe | Added by the ADWARELOADER TROJAN! Note - do not confuse with the legitimate Microsoft Office file, which would typically be located in %Program Files%\Microsoft Office\Office | No |
| X | run= | DRDOOM.EXE | Added by the SEMAPI-A WORM! | No |
| X | run= | svhost.exe | Added by the ADMINCASH.B TROJAN! | No |
| X | run= | dllreg.exe | Added by the DUMARU-L TROJAN! | No |
| X | run= | Celine.scr | Added by the CELINE-A TROJAN! | No |
| U | RunAlert | AService.exe | PC Alert III - MSI motherboard monitoring software. Only required if you "overclock" your system. Appears as a service in XP/Vista and under the "RunServices" registry key in Win98/2K | No |
| N | runAP | runAP.exe | Not required but what is it? | No |
| X | runapp | icqchk.exe | Added by the BOMKA TROJAN! | No |
| X | Runapp32 | Runapp32.exe | Added by the NEODURK TROJAN! | No |
| Y | RunCA | InvokeSvc3.exe | Wireless-G USB Wireless Network Adapter related - would appear to be required | No |
| X | Rund11 | Rund11.EXE | Added by the MARIO-C WORM! | No |
| X | rund1132 | rund1132.exe | Added by the DOPBOT-A WORM! | No |
| X | Rund1132.exe | Rund1132.exe | Added by the STARTPA-HS TROJAN! | No |
| X | Rund1l32 | Winfi1e32.exe | Added by the MERTIAN WORM! | No |
| X | runddlfile | runddl.exe | Added by the DELF.D TROJAN! | No |
| X | Rundil32 | runlli32.exe | Added by the QQPASS-U TROJAN! | No |
| X | Rundil32 | Updadv.exe | Added by the QQPASS-N TROJAN! | No |
| X | rundl332 | math.exe ...pluged.exe | Added by the DOOMJUICE WORM! | No |
| X | rundli32 | rundli32.exe | Added by the LADE WORM! | No |
| X | RunDLL | rundll32.exe [path] Bridge.dll,Load | Flingstone.com browser hijacker. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| X | Rundll | Rundll~.exe | Added by the DELF-KT TROJAN! | No |
| X | Rundll | rundll32.exe [random filename].dll | Added by the MYTOB.IG WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The random DLL file is found in %System% | No |
| X | RunDll | RunDll.exe | Added by the QQPASS-AH TROJAN! Note - this is NOT the Win9x/Me system file of the same name as described here | No |
| X | RunDll | [path to trojan] | Added by the DROPPER.EAT TROJAN! | No |
| X | RunDLL Kernel File Core | rundll.exe | Added by a variant of the RBOT WORM! Note - this is NOT the Win9x/Me system file of the same name as described here | No |
| X | rundll*** | die.exe [path] mdll.exe | Added by the SUMTAX TROJAN! where *** is 134, 569, 777 or 946 | No |
| X | rundll*** | die.exe [path] secure.bat | Added by the SUMTAX TROJAN! where *** is 134, 569, 777 or 946 | No |
| X | rundll*** | die.exe [path] secure.exe | Added by the SUMTAX TROJAN! where *** is 134, 569, 777 or 946 | No |
| X | rundll*** | die.exe [path] ttg.exe | Added by the SUMTAX TROJAN! where *** is 134, 569, 777 or 946 | No |
| X | Rundll16 | Rundll16.exe | Added by a number of VIRUSES, WORMS and TROJANS! | No |
| X | Rundll32 | Rundll32.exe | Added by a variant of the DVLDR TROJAN! Note - this is not the legitimate rundll32.exe process, which is found in %Windir% (98/ME) or %System% (NT/2K/XP). This one is located in %Windir%\Fonts | No |
| U | RUNDLL32 | RUNDLL32.EXE NvQTwk,NvCplDaemon | Installed with display drivers for NVIDIA based graphics cards prior to late 2002, this entry allows the System Tray icon to be displayed - which gives access to (amongst others) the display settings (such as Antialiasing, OpenGL, Direct3D and colour) and Desktop Manager (nView). If you don't change display settings very often then this is not required and settings can be changed manually via display properties | Yes |
| U | RunDLL32 | RunDLL32.exe NvMCTray.dll,NvTaskbarInit | Installed with display drivers for NVIDIA based graphics cards since late 2002, this entry allows the System Tray icon to be displayed - which gives access to (amongst others) the display settings (such as Antialiasing, Rotation and Colour) and the Desktop Manager (nView). If you don't change display settings very often then this is not required and settings can be changed manually via display properties. No tray icon option is available in Vista. May be required for some 3D applications to recognize your card correctly - such as the game "Everquest" | Yes |
| X | RunDLL32 | winupdate.exe | Added by an unidentified TROJAN! - possibly a BMBOT variant | No |
| X | Rundll32 | Windows.exe | Added by the QQPASS.E TROJAN! | No |
| U | Rundll32 | Rundll32.exe ptipbm.dll, SetWriteBack | Installed with the miniport drivers for Promise hard drive controllers in both RAID and non-RAID installations. Tells the drivers that the connected Drives should use the "Write Back" Caching. You can disable this if you don't want to use "Write Back" Caching or if you have not connected any driver to your Promise Controller | No |
| X | rundll32 | [path to worm] | Added by the AUTEX WORM! | No |
| ? | rundll32 | rundll32.exe ptipbmf.dll, SetWriteCacheMode | Installed with the miniport drivers for Promise hard drive controllers in both RAID and non-RAID installations. May be necessary in order to maintain preferences applied to the RAID array connected to the Promise controller | No |
| X | rundll32 | rundll32.exe | Added by the SANKER WORM! Note - this is not the legitimate rundll32.exe process, which is found in %Windir% (98/ME) or %System% (NT/2K/XP). This one is located in %Windir% | No |
| X | rundll32 | csrss.exe | Added by the GUTTA TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| U | rundll32 | rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent | If your system has Bluetooth (either integrated or via an adapter) and use's Microsoft's support software/drivers, this entry is required in order to successfully "pair" your system with a Bluetooth device (such as a mobile phone, PDA, headset) using this wireless protocol (via a PIN). Should you get the error message, "Rundll irprops.cpl missing entry Bluetooth authentication agent", click here for more information | Yes |
| X | RUNDLL32 | rundl32.exe | Added by the DEMOTRY-A WORM! | No |
| X | rundll32 | rundll32.exe | Added by the AGENT-EZ TROJAN! Note - this is not the legitimate rundll32.exe process, which is found in %Windir% (98/ME) or %System% (NT/2K/XP). This one is located in %System%\SHELLEXT | No |
| X | Rundll32 | RUNDDLL32.EXE | Added by the STARTPAGE.AXH TROJAN! | No |
| X | rundll32 | kernel32.exe | Added by the STAP-C WORM! | No |
| X | rundll32 | kernel33.exe | Added by the STAP-D WORM! | No |
| X | rundll32 | MSDTC.exe | Added by the STAP-E WORM! | No |
| X | rundll32 | rookie.vbs | Added by the ROOKIE-A TROJAN! | No |
| X | rundll32 | rundll64.exe | Added by the DELF.BKC TROJAN! | No |
| U | rundll32 | rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent | If your system has Bluetooth (either integrated or via an adapter) and use's Microsoft's support software/drivers, this entry is required in order to successfully "pair" your system with a Bluetooth device (such as a mobile phone, PDA, headset) using this wireless protocol (via a PIN) | Yes |
| U | rundll32 | rundll32.exe nview.dll,nViewLoadHook | Part of NVIDIA's NVIEW Display Management Software - included in drivers for consumer and professional graphics products. In earlier drivers this entry enables the Desktop Manager and makes it's features such as multiple desktops and hot keys available to the user. Available via Control Panel → NVIDIA nView Desktop Manager | Yes |
| N | Rundll32 cmicnfg | Rundll32 cmicnfg.cpl, CMICtrlWnd | System tray control panel for C-Media based soundcards - often included on popular motherboards with in-built audio. Available via Start -> Settings -> Control Panel | No |
| Y | RunDll32 essprops | RunDll32 essprops.cpl, TaskbarIconWnd | Associated with a Logitech mouse - required for proper operation | No |
| U | Rundll32 P17 | Rundll32 P17.dll, P17Helper | ASIO (Audio Stream In/Out) drivers for the SoundBlaster Audigy 2 series soundcards - for recording and home project studios. Required if you use this functionality | No |
| X | Rundll32.exe | Proyecto1.exe | Added by the GRUEL WORM! | No |
| X | Rundll32.exe | Root.exe | Added by the GRUEL WORM! | No |
| X | Rundll32_7 | rundll32.exe MSIEFR40.DLL, DllRunServer | BrowserAid/BrowserPal foistware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| X | Rundll32_8 | rundll32.exe inetp60.dll, DllRunServer | BrowserAid/BrowserPal foistware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| X | Rundll32_8 | rundll32.exe 1.dll, DllRunServer | BrowserAid/BrowserPal foistware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| X | RunDLL34 | syscnfg.exe | Added by an unidentified VIRUS, WORM or TROJAN! "syscnfg.exe" is found in %Windir%\fonts\font2 where no *.exe files should reside | No |
| X | rundll64 | [path to worm] | Added by the AUTEX WORM! | No |
| X | RundllSvr | Rundll.exe | Added by the HUAYU WORM! Note - this is NOT the Win9x/Me system file of the same name as described here | No |
| X | Rundllsystem32 | Rundllsystem32.exe | Added by the NETDEVIL.B TROJAN! | No |
| X | Rundnm | Rundnm.exe | Added by the DELF-HA TROJAN! | No |
| X | RUNGogoTools | LaunchAdware.exe | GoGoTools adware | No |
| X | RUNGogoTools | GoGoLaunch.exe | GoGoTools adware | No |
| X | RUNHYPER | hyperx.exe | PurityScan/Clickspring adware | No |
| X | runing | win.exe | Added by the DELF-LC TROJAN! | No |
| X | RUNLOAD | l0ad.exe | PurityScan/Clickspring adware | No |
| X | RUNLOUD | loud.exe | PurityScan/Clickspring adware | No |
| U | Runmarc8mManager | marc8m95.exe | MARC Sound System Manager for the Marc 8 MIDI sound card - allows for easy adjustment of the settings | No |
| U | RunNarrator | Narrator.exe | Associated with the Narrator accessibility feature on Windows XP. It is used to convert text to speech | No |
| X | Runner | lsass.exe [trojan filename] | Added by the DROWSY-B TROJAN! Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | Runner | csrss.exe | Added by the ADCLICK-AG TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | Runner | lsass.exe | Added by the ADCLICK-AG TROJAN! Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | Runner | svchost.exe | Added by the ADCLICK-AG TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder | No |
| X | runner1 | updater.exe | Added by the CRYPT.ULPM.GEN TROJAN! | No |
| X | runner1 | retadpu.exe | Added by the AGENT.SLZ TROJAN! | No |
| X | runner1 | mrofinu.exe | Added by the AGENT.CZC TROJAN! | No |
| X | runner1 | retadpu[random digits].exe | Added by the SMALL.CTV TROJAN! | No |
| X | runner1 | tsitra.exe | Added by the AGENT.ABFQ TROJAN! | No |
| X | runner1 | faceback.exe | Added by the DLOADR-BSX TROJAN! | No |
| U | RunOnce | RUNONCE.EXE | Part of MS Data Access Components - only required if you use these | No |
| X | Runonce | runouce.exe | Added by the CHIR-B WORM! | No |
| X | RunOnce | [path to trojan] | Added by the BANCBAN-P TROJAN! | No |
| X | RunOnceEx | sms.exe | IESearchToolbar parasite. Identified by Ewido Security Suite (Ewido is now part of AVG Technologies) as the DELF.LF TROJAN! | No |
| X | RunProg | Server.exe | Added by the OPTIX.04.A TROJAN! | No |
| X | RunProg | wini.exe | Added by the OPTIX.04.D TROJAN! | No |
| X | runreper | viewer.exe | Added by the REPER.A VIRUS! | No |
| X | runs | run.exe | Added by the RBOT-BWF WORM! | No |
| X | RunSearvices | tread.exe | IESearchToolbar parasite. Identified by Ewido Security Suite (Ewido is now part of AVG Technologies) as the DELF.LF TROJAN! | No |
| X | RunServices | runsvc32.exe | Added by the AGOBOT.QJ WORM! | No |
| X | runservices | services.exe | Identified as a variant of the SMALL.QO TROJAN! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | runsql | runsql.exe | Added by the DELF.ZWK TROJAN! | No |
| X | runSubvalues | [path to file] | Added by the DLOADER-QY TROJAN! | No |
| X | runsvc | runsvc.exe | Added by the SMALL-CF TROJAN! | No |
| U | RunSysd32 | RunSysd32.exe | DesktopShield2000 by Stéphane Groleau. Locks the desktop at bootup so that users cannot bypass the Windows screensaver password. Only essential if using the program and is an optional setting. It can be disabled from within | No |
| X | Runtime Process | Csrss.exe | Added by the CIADOOR-J BACKDOOR! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | Runtime Server Subsystem | csrss.exe | Added by the IRCBOT-XV WORM! | No |
| X | runtime.exe | runtime.exe | Added by a variant of the Tibs malware | No |
| X | Runtt1 | Internat.exe | Added by the LINEAGE-R TROJAN! | No |
| X | Runtt1 | Internet.exe | Added by the LINEAGE-Q TROJAN! | No |
| X | RunWin | [path to file] | Added by the BANKER-ES TROJAN! | No |
| X | runwin32 | runwin32.exe | Added by the ESEARCH-A TROJAN! | No |
| X | RUNWIN32 | runwin32.exe | Added by the VB-AET TROJAN! | No |
| X | RunWindowsUpdate | uptodate.exe | BrowserAid/BrowserPal foistware | No |
| X | runwinlogon | winlogon.exe | Added by the AGENT.TQY TROJAN! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup! | No |
| X | Run_cd | Run_cd.exe | Added by the GHOST.23 TROJAN! | No |
| Y | run_pbnext | PBNext.exe | PBNext is virtual phone system which offers the same functionality as expensive PBX hardware | No |
| U | Rupsw32 | Rupsw32.exe | MegaTec Rups, UPS monitoring software - monitor and control DB9 UPS running on either Windows & Novell NetWare (with RUPS 2000) or Unix (with RUPS for Unix / Plus) operating systems | No |
| ? | RUSBHOLoader | rundll32.exe RUSBHOLoader.dll, AutoRegister | ?? | No |
| X | RVC6Player | tskdbg.exe | Added by the ZAPCHAS-M TROJAN! | No |
| X | rvde | N/A | Related to li-speed**** | No |
| X | RVP | bpc.exe | BroadcastPC adware | No |
| X | rw service | alg32.exe | LOOPAD.A adware | No |
| X | rx | rundll32.exe | Added by the LINEAGE-BP TROJAN! Note - this is not the legitimate rundll32.exe process, which is found in %Windir% (98/ME) or %System% (NT/2K/XP). This one is located in %Windir% | No |
| X | rx | explore.exe | Added by the ZHENGTU-A TROJAN! | No |
| N | RxMon | rxmon9x.exe | Part of Dell Resolution Assistant - "a diagnostic program that allows you to contact Dell. When factory-installed by Dell, it allowed you to perform hardware and software diagnostics that provided alerts to potential problems and enabled real-time communication with Dell RA techs. You can now use RA only to contact Dell by e-mail" | No |
| X | rxres32 | ati2vid.exe | Added by the RBOT-FL WORM! | No |
| N | RxUser | RxUser.exe | Part of Dell Resolution Assistant - "a diagnostic program that allows you to contact Dell. When factory-installed by Dell, it allowed you to perform hardware and software diagnostics that provided alerts to potential problems and enabled real-time communication with Dell RA techs. You can now use RA only to contact Dell by e-mail" | No |
| X | ryan1918 | servidevice.exe | Added by the RBOT-GVR WORM! | No |
| X | rydanmxe.exe | rydanmxe.exe | Added by the DLOADR-AZZ TROJAN! | No |
| X | ryiixhp | ryiixhp.exe | Added by the IRCBOT-ABR BACKDOOR! | No |
| X | ryy | rundl132.exe | Added by the PWS-ANA TROJAN! | No |
| X | rzt | rundll32.exe | Added by the LINEAGE.BDP TROJAN! Note - this is not the legitimate rundll32.exe process, which is found in %Windir% (98/ME) or %System% (NT/2K/XP). This one is located in %Windir%\Intel | No |
| Y | R_server | r_server.exe | Radmin - remote admistrator server. Note - the file is located in %ProgramFiles%\Radmin | No |
| X | r_server | service.exe | Added by the MULTIDR-CP TROJAN! | No |
| X | r_server | r_server.exe | Added by the HACDEF-DR TROJAN! Note - do not confuse with the valid Radmin file with the same name which is located in %ProgramFiles%\Radmin. This one is located in %System% | No |
| X | S | svhost.exe | Added by the AGOBOT-LN WORM! | No |
| X | S0undMan | svch0st.exe | Added by the LOVGATE.AB WORM! Note - the filename has the digit 0 rather then the uppercase "o" | No |
| ? | S24EvMon | S24EvMon.exe | Event Monitor - supports driver extensions to NIC Driver for wireless adapters. Is it required? | No |
| X | S3 Internal Chip | s3serv.exe | Added by the AGOBOT-DD WORM! | No |
| X | S3 Internal Chip | s3chip3.exe | Added by the AGOBOT-FW WORM! | No |
| N | S3apphk | S3apphk.exe | A tool installed alongside the drivers for your S3 video output device. It is not necessary but should be allowed to run unless it is causing problems | No |
| U | S3Hotkey | s3hotkey.exe | Hotkey system tray icon to enable switching between monitors. Found on laptops with an S3 Twister integrated graphics card | No |
| ? | S3Mon | S3Mon.exe | S3DuoVue multi-monitor taskbar helper by S3 Graphics. What does it do and is it required? | No |
| U | S3TRAY | S3Tray.exe | S3 display configuration taskbar utility for S3 chipset based graphics cards. Can be run from Start-> Settings -> Control Panel -> Display | No |
| ? | s3tray2 | s3tray2.exe | S3 display configuration taskbar utility for S3 chipset based graphics cards? | No |
| ? | S3TRAYHP | S3trayhp.exe | S3 Video driver related. What does it do and is it required? | No |
| U | S3Trayp | S3trayp.exe | S3 display configuration taskbar utility for S3 chipset based graphics cards. Can be run from Start-> Settings -> Control Panel -> Display | No |
| U | S4F | S4F.exe | FilterPak from S4F, Inc - internet filtering software | No |
| X | s4helper | s4helper.exe | Searchcentrix hijacker | No |
| X | s9201 | av2008xp.exe | Antivirus 2008 XP rogue security software - not recommended, removal instructions here | No |
| X | s9201 | as2008xp.exe | AntiSpyware XP 2008 rogue spyware remover - not recommended, removal instructions here | No |
| X | s9201 | asproxp.exe | AntiSpyware Pro XP rogue spyware remover - not recommended, removal instructions here | No |
| ? | SA | Sa3.exe | Logitech QuickCam driver. Is it required? | No |
| ? | SA Service | SAservice.exe | Associated with Cyber Trio and Warner troubleshooting software from G-Tek Technologies and pre-installed on some Packard Bell and NEC PCs. What function does this perform and is it required? | No |
| N | Sa3dsrv | Sa3dsrv.exe | For Aureal based 3D soundcards. A3D sound features won't work with this disabled | No |
| X | saap | saap.exe | 180solutions adware | No |
| U | Sabre Printing Start | Sabstart.exe | Part of the Sabre computer reservations system/global distribution system (GDS) - used by airlines, railways, hotels, travel agents and other travel companies for reservations and ticketing | No |
| U | Sabre Server | sabserv.exe | Part of the Sabre computer reservations system/global distribution system (GDS) - used by airlines, railways, hotels, travel agents and other travel companies for reservations and ticketing | No |
| U | Sabre Task Tray Icon | Sabstart.exe | Part of the Sabre computer reservations system/global distribution system (GDS) - used by airlines, railways, hotels, travel agents and other travel companies for reservations and ticketing | No |
| U | Sabreserver | SABSERV.EXE | Part of the Sabre computer reservations system/global distribution system (GDS) - used by airlines, railways, hotels, travel agents and other travel companies for reservations and ticketing | No |
| X | sac | sac.exe | 180Search adware | No |
| X | SACC | sacc.exe | SurfAccuracy adware | No |
| N | SAClient | RegCon.exe | AT&T or ComCast BBClient - monitors system and network-delivered services for availability. Your current network status is displayed on a color-coded web page in near-real time. When problems are detected, you're immediately notified by e-mail, pager, or text messaging | No |
| X | sacmemds | smcntlwio.exe | Added by the MAILBOT-BZ TROJAN! | No |
| X | Safe | SafeWin.exe | Added by the FOCOSENHA TROJAN! | No |
| X | Safe | [path to trojan] | Added by the BANKER-DT TROJAN! | No |
| X | SafeFighter | SafeFighter.exe | SafeFighter rogue security software - not recommended, removal instructions here. A member of the WiniGuard family | No |
| X | Safeguard 2009 | sf2009.exe | Safeguard 2009 rogue spyware remover - not recommended, removal instructions here | No |
| X | SafeGuard Popup Blocker Updater | regsvr32 sfgupd.dll | SafeguardProtect/Veevo hijacker. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The "sfgupd.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| X | SafeGuard Popup Blocker Updater (required) | regsvr32 sfg****.dll [* = ramdom char] | SafeguardProtect/Veevo hijacker. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The random DLL file is found in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| X | SafeGuard Popup Updater (required) | regsvr32 sfg****.dll [* = random char] | SafeguardProtect/Veevo hijacker. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The random DLL file is found in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| X | SafeGuard Popup Updater (required) | regsvr32 PDF****.dll [* = random char] | SafeguardProtect/Veevo hijacker. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The random DLL file is found in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| X | SafeHardDrive | SysRep.exe | SafeHardDrive rogue system error and cleaning utility - not recommended. A member of the ErrClean family | No |
| U | SafeHouseSystemTray | SDWTRAY.EXE | SafeHouse "Personal Privacy" system tray icon - PP protects and hides your private and personal photos, videos, files and folders by making them "invisible" and encrypted | No |
| N | SafeInstall.exe | SAFEIN~1.EXE | Monitors a download and ensures an newer version of a file isn't replaced by an older one | No |
| N | SafeOFF | SafeOff.exe | Provides protection that if user accidentally presses the power switch a dialog will pop up for confirmation | No |
| X | SafePCTool | SysRep.exe | SafePCTool rogue system error and cleaning utility - not recommended. A member of the ErrClean family | No |
| X | SafeSearch | safesearch.exe | SafeSearch.A adware | No |
| Y | SafeSpace | SafeSpaceSysTray.exe | Part of SafeSpace (from Artificial Dynamics) which "protects computers from Internet malware infection without the need for signature updates or regular maintenance" | No |
| X | SafeStrip | SafeStrip.exe | SafeStrip rogue security software - not recommended, removal instructions here | No |
| X | SafeStripReminder | SafeStripReminder.exe | SafeStrip rogue security software - not recommended, removal instructions here | No |
| X | SafeSurfingUpdate | SSUpdate.exe | MoneyTree parasite - ActiveX control used to download premium-rate dialers | No |
| X | SafeSys | SafeSys.exe | Added by the AUTORUN.DMI WORM! | No |
| X | Safety Anti-Spyware 3 | Safety Anti-Spyware 3.exe | Safety Anti-Spyware rogue security software - not recommended, removal instructions here | No |
| X | SafetyCenter | protector.exe | Safety Center rogue security software - not recommended, removal instructions here | No |
| X | SafetyKeeper | SafetyKeeper.exe | SafetyKeeper rogue security software - not recommended, removal instructions here. A member of the WiniGuard family | No |
| U | SafetyNet | ipcTray.exe | Safety.Net from Netveda - "offers Internet security, content security and advanced Internet firewall protection for all your LAN computers, and trust controls to block unwanted or harmful applications from accessing the network" | No |
| U | SafetyNet_Notifier | ipcLn.exe | Safety.Net from Netveda - "offers Internet security, content security and advanced Internet firewall protection for all your LAN computers, and trust controls to block unwanted or harmful applications from accessing the network" | No |
| U | Safeworld | Freedom.exe | SafeWorld Internet Security - now no longer available | No |
| X | Sagate Security Firewall | sagate.exe | Added by the GAOBOT.BOW WORM! | No |
| N | SAgent2ExePath | SAgent2.exe | Seiko Epson printer status agent. Disable if printer is not used often | No |
| U | SAGENTSERVICE | Sagent.exe | TinySpyAgent commercial keystroke logger. Uninstall this software if you did not install it yourself | No |
| X | Saggwwgg | CVAvwwd.exe | Added by the LIOTEN.HT WORM! | No |
| X | sagnt | sagnt.exe | Adware web downloader | No |
| X | SAHagent | Sahagent.exe | ShopAtHomeSelect parasite | No |
| X | SAHBundle | bundle.exe | ShopAtHomeSelect parasite | No |
| X | SAHBundle | shop1003.exe | ShopAtHomeSelect parasite | No |
| X | saie | saie.exe | 180solutions adware | No |
| U | SaiMfd | SaiMfd.exe | Saitek MFD File System Driver - associated with the Saitek SST (Saitek Smart Technolgy) configuration software for their game controllers. Create a shortcut and run manually when required | No |
| U | SAIMON | SaiMon.exe | Saitek joystick driver | No |
| X | sain | sain.exe | 180Search adware | No |
| X | sais | sais.exe | 180solutions adware | No |
| U | SaiSmart | SaiSmart.exe | "Smart Button Special Sauce" - included with the latest software for Saitek game controllers. Related to the "S", "Shift" or "Smart" button and gives gamers extra features on the buttons. Only required if you use this feature | No |
| U | SaitekAutoConfigure | saicnfig.exe | Configuration for Saitek game controllers | No |
| X | Sakemsneql | simenu.exe | Added by the SDBOT.BTO WORM! | No |
| X | Sakora | Sakora.exe | Added by the GOWELES.A TROJAN! | No |
| N | SalaatTime | SalaatTime.exe | "Salaat Time is a FREE multi-function Islamic application that calculates the prescribed five daily Muslim prayer times as well as Qiblah direction for anywhere in the world" | No |
| X | Salestart | WAS7Mon.exe | Part of the WinAntiSpyware 2007 rogue spyware remover - not recommended | No |
| X | Salestart | bm.exe | Part of the AVSystemCare rogue security software and other members of this family. See here for more examples | No |
| X | Salestart | dcpasmon.exe | SystemDoctor rogue security software - not recommended, removal instructions here | No |
| X | Salestart | dcsm.exe | Part of the PrivacyProtector and DriveCleaner rogue security tools | No |
| X | Salestart | mc.exe | Part of the PCPrivacyTool rogue privacy tool - not recommended. See here | No |
| X | Salestart | stm.exe | Part of SecurePCCleaner, WinAnonymous and other members of the PCPrivacyTool rogue privacy tool and other members of this family. See here for more examples | No |
| X | Salestart | strpmon.exe | Part of the ErrClean rogue system error and cleaning utility and other members of this family. See here for more examples | No |
| X | Salestart | stmon.exe | Part of MenaceSecure, VirusSchlacht and other members of the AVSystemCare family of rogue security software suites. See here for more examples | No |
| X | Salestart | mav_startupmon.exe | Part of the WinAntiVirus Pro 2007 rogue security software - not recommended | No |
| X | Salestart | PASmon.exe | Part of rogue security tools, including ErrorSafe and PcTurboPro | No |
| X | Salestart | dcmon.exe | SystemDoctor rogue security software - not recommended, removal instructions here | No |
| X | salm | salm.exe | 180Search adware | No |
| X | saly | saly*****.exe | Added by a variant of the AW.AWK TROJAN! | No |
| X | Sam-sung | Sam-sung.exe | Added by a variant of the SDBOT WORM! | No |
| X | SaMail | [WORM FILE NAME].vbs | Added by the VBS.LIDO WORM! | No |
| U | SAMcal | SAMcal.exe | SamCal - calendar/reminder program | No |
| U | Sametime Connect | Connect.exe | IBM Lotus Sametime - instant messaging and Web conferencing software | No |
| X | Samsong | Samsong.exe | Added by the SDBOT.BNE WORM! | No |
| X | Samsung | Samsungs.exe | Added by an IRC TROJAN variant! | No |
| U | Samsung PanelMgr | ssmmgr.exe | Samsung printer monitor - for checking ink levels, etc. | No |
| U | SandboxieControl | Control.exe | SandBoxie - allows data to be read from the hard drive by an application but never written back unless you allow it | No |
| U | SandboxieControl | SbieCtrl.exe | "SandBoxie runs your programs in an isolated space which prevents them from making permanent changes to other programs and data in your computer" | No |
| N | SandIcon | SandIcon.exe | SanDisk ImageMate CompactFlash card reader SDDR-31 (USB). Very little use except to place the Sandisk icon beside its drive designation in Windows Explorer. The reader itself will work fine without it. The simplest thing is to just unplug the reader when you're not using it. It may slow the startup by a few nanoseconds, but once the software sees there's no reader, you get back the resources | No |
| X | SanitarDiska | GDC.exe | SanitarDiska Romanian rogue privacy tool - not recommended. A member of the PCPrivacyTool family | No |
| X | SANS Service | sansv.exe | Added by the VANEBOT-AH WORM! | No |
| U | SansaDispatch | SansaDispatch.exe | Sansa Updater - "The Sansa Updater is an application that checks for the latest firmware updates then downloads and installs the firmware to your Sansa device" | No |
| X | Santa Bastards Bitch | SANTAS.BITCH.txt | Added by the ATNAS.A WORM! | No |
| X | sapp | sapp.exe | NCase adware | No |
| U | SaskTel Accelerated Dial-up | sasktelgui.exe | "Experience faster surfing, downloading and e-mail by adding SaskTel Accelerated Dial-up Internet" | No |
| X | sasserfix | package.exe | Added by the DABBER.B WORM! | No |
| X | saSyncMgr | rundll32.exe sasync.dll, SyncWait | Browser hijacker - redirecting to Searchant.com. Note - the real Tweak UI entry for this is "rundll32.exe tweakui.cpl, tweakmeup". Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| U | SATARaid | SATARaid.exe | RAID driver for serial ATA disks on some motherboards such as the DFI Lanparty range. Only loaded if one is using RAID support on SATA drives | No |
| X | satmat | satmat.exe | VX2.Transponder parasite updater/installer related | No |
| X | sau | sau.exe | 180Search adware | No |
| U | SAUpdate | SAUpdate.exe | Big Brother from Quest Software. System and network monitor | No |
| U | SAutoLaunchExe | SAutoLaunchExe.exe | Sharp Zaurus PDA related, needed to synchronize information with a Desktop or Notebook | No |
| Y | SAVAgent | SAVAgent.exe | Part of Sophos anti-virus software. Required for centrally administered Sophos updates to work correctly, e.g. automatically updating PCs used by dial-in home or out-of-office users | No |
| X | Savasddwq | ffasd.exe | Added by the SDBOT-SI WORM! | No |
| X | Save | Save.exe | WhenU.Save adware | No |
| X | Save | lssas.exe | Added by an unidentified TROJAN! See here | No |
| X | SaveArmor | SaveArmor.exe | SaveArmor rogue security software - not recommended, removal instructions here. A member of the WiniGuard family | No |
| X | SaveDate | SaveStartDate.Exe | Unidentified adware | No |
| X | SaveDefender | SaveDefender.exe | SaveDefender rogue security software - not recommended, removal instructions here. A member of the WiniGuard family | No |
| X | SaveDefense | SaveDefense.exe | SaveDefense rogue security software - not recommended, removal instructions here. A member of the WiniGuard family | No |
| X | SaveKeep | SaveKeep.exe | SaveKeep rogue security software - not recommended, removal instructions here. A member of the WiniGuard family | No |
| X | SaveKeeper | SaveKeeper.exe | SaveKeeper rogue security software - not recommended, removal instructions here. A member of the WiniGuard family | No |
| X | Savenow | SaveNow.exe | WhenU.Save adware | No |
| X | SaveSoldier | SaveSoldier.exe | SaveSoldier rogue security software - not recommended, removal instructions here. A member of the WiniGuard family | No |
| X | Savsvc | rundll32.exe savsvc.dll,start | Added by the AKBOT.BE WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "savsvc.dll" file is found in %System% | No |
| X | SAW | saw.exe | SmartAdware adware | No |
| U | Say The Time 5.0 | SAYTIME.EXE | This program has audio cues for the system clock in male and female voices, customizes the appearance of the system clock, and can synchronize it to a time server regularly | No |
| U | SB | SB.exe | Acer Soft Button on Acer Tablet PCs | No |
| X | SB | SpywareBomber.exe | SpywareBomber rogue spyware remover - not recommended, removal instructions here | No |
| N | SB Audigy 2 Startup Menu | /l:eng | Related to the Dell OEM version of the Sound Blaster Audigy 2 sound card. If this item is listed and checked in startup, the System32 Folder will appear on every startup. A patch is available - filename R75304.EXE - that fixes the issue. You can find that file at support.dell.com by typing that name in the 'Search' box available there. It addresses the root of the problem in Creative's software and corrects it. Unfortunately there is no direct link to the file, but it's easily available using the search function | No |
| X | SB Watchdog | SBWatchdog.exe | Spyware utility installed by the manufacturers of some laptops (Sony) used to monitor browsing habits and send them back to whoever installed it - released by SoftBank | No |
| X | SB13mini | RYZO32.EXE | Added by the SPYBOT-EJ WORM! | No |
| U | SBAutoUpdate | sbautoupdate.exe | SpywareBlaster auto-updater | No |
| U | SBC RoamingClient | SBCFL.exe | Part of AT&T FreedomLink Wi-Fi connection software | No |
| U | SBC Self Support Tool | matcli.exe | matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file. The SBC Self Support Tool is required to run with the Help and Support program. If you uncheck SBC and and then run Help and Support it will add another SBC entry in the startup menu. If you remove this software in "add/remove programs" some help menus in help and support will not be available. You decide | No |
| N | SBC Yahoo! Connection Manager | ConnectionManager.exe | Used to create and connect your SBC Yahoo DSL connection. This program has been reported to cause problems for some users. If you find that it causes you pc to become slow or unstable you should uninstall it (using Add/Remove programs) and manually connect your DSL connection | No |
| Y | SBCSTray | SBCSTray.exe | System Tray access to CounterSpy antispyware software | No |
| U | SBDrvDet | SBDrv.exe | Detects the "Easy Front-Panel Audio Connectivity Drive Internal Drive Bay" on the Sound Blaster Audigy 2 Platinium eX. Can be disabled if you don't have one | No |
| N | sbdrvdet | sbdrvdet.exe | Checks to see if Creative sound card driver should be updated | No |
| X | SBHC | sbhc.exe | SuperBar parasite - uninstall available here | No |
| X | SBI | install_sbd_**.exe | Installer for a number of rogue security products and error fixing tools - where ** represents a 2 letter language code, i.e., "en" for English, "de" for German, etc | No |
| X | SBMPOP | SBMPop.exe | SearchByMedia adware | No |
| N | SBMX | sbmx.exe | SoundMAX MPU401 MIDI device emulator for x86 VM DOS games/apps (for Win9x only) | No |
| X | SBR2009F | SystemBooster2009.exe | SystemBooster2009 rogue system suite - not recommended, removal instructions here | No |
| X | sbss Launcher | sbss.exe | SideBySide adware | No |
| U | SbUsb AudCtrl | RunDll32 sbusbdll.dll, RCMonitor | Control for Soundblaster MP3 external (USB) sound card | No |
| N | sc | scrubxp.exe | ScrubXP - utility that deletes safe to remove files, cookies, browsing history, etc | No |
| U | sc | sc.exe | Watchdog 2.0 Software - monitoring program | No |
| U | sc | run.exe | All-In-One_SPY stealth monitoring software - allows monitoring and recording of all actions performed on a computer. It records all keystrokes, remembers addresses of Internet pages visited, and maintains a log file listing all applicationsrun on the computer. It can create screenshots and record sounds from the computer's microphone to a sound file | No |
| X | SC2 | scprot4.exe | Added by the AGENT.APP TROJAN! | No |
| ? | sc23exec | sc23exec.exe | Possibly related to a digital camera | No |
| Y | SC3300CC | SC3300CC.exe | SiPix digital camera Twain device driver | No |
| X | scain | s030109.Stub.exe | Delfin Media Viewer adware related | No |
| X | ScamDisk | SVOHOST.exe | Added by the LEWOR.D WORM! | No |
| X | scan | mscman.exe | ClientMan parasite variant | No |
| ? | Scan Detector | Pmxdetect.exe | Associated with PrimaScan scanners. Is it required? | No |
| X | Scan Register | ssms.exe | Added by the RBOT-AT WORM! | No |
| ? | Scan Wizard | button.exe | Associated with Scan Wizard as supplied with Microtek scanners - see also the Scanner Detector and Sdetect entries. What does it do and is it required? | No |
| X | ScanDisc | satan.exe | Added by the GREGSTAR TROJAN! | No |
| X | ScanDisk | ScanDisk.exe | Added by the GANDA.A WORM! Note - this is not the valid "ScanDisk" Win9x/Me standard disk error checker | No |
| X | scands32.exe | scands32.exe | Added by a variant of the ADCLICKER TROJAN! | No |
| X | Scandsk2 | scandsk2.exe | Added by the AGOBOT-PK WORM! | No |
| X | scandskx.exe | scandskx.exe | Added by the DLOADR-ARM TROJAN! | No |
| ? | ScanFile | ?? | ?? | No |
| Y | ScanInicio | Inicio.exe | Part of Panda Antivirus. Responsible for scanning the boot sector of your disk and your memory at startup to check for viruses that try and load and act before your anti-virus is fully operational. It only adds a fraction of a second to start-up time and is worth leaving active | No |
| N | Scanner Detector | SDetect.exe | ScanSuite Scanner Detector - part of ScanWizard, supplied with Microtek scanners. Waits until you press the "GO" button and seems to serve no other purpose. Automatically installed without prompting. Not required if you can start your scanning application before pressing the "GO" button | No |
| Y | Scanner File Utility | NsCatCom.exe | Kycocera Mita network copier/printer/scanner process to dump scanned documents onto a workstation | No |
| ? | ScanPanel | ScanPanel.exe | Trust Easy Webscan scanner related - what does it do and is it required? | No |
| X | Scanreg | [filename] | Added by the QQPASS.E TROJAN! | No |
| X | ScanRegistry | nsrvnt.exe | Added by the NERTE TROJAN! Not to be confused with the real ScanRegistry - which is a vital Windows file. This version has the executable as nsrvnt.exe not scanregw.exe | No |
| X | ScanRegistry | scanregv.exe | Added by the MASTERLOCK TROJAN!. Not to be confused with the real ScanRegistry - which is a vital Windows file. This version has the executable as scanregv.exe not scanregw.exe | No |
| Y | ScanRegistry | Scanregw.exe | Scans the Win98/Me system registry and makes back-ups at start-up - important should the registry become corrupt. Located in %windir% | No |
| X | ScanRegistry | Scanregw.exe | Added by the STATOR WORM! Note - this is not legitimate ScanRegistry entry - which is a vital Windows file. The executable "Scanregw.exe" is located in %System%. Runs from the registry RunServices key as opposed to the Run key | No |
| X | ScanRegistry | N/A | Added by the DINOXI or DINOXI.B WORMS! | No |
| X | ScanRegistry | scanregw.exe | Added by the NYXEM-D WORM! Note - do not confuse this with the legitimate Windows process scanregw.exe which is always found in the Windows folder on Win9x/ME machines. This worm file is found in the System (9x/ME) or System32 (NT/2K/XP) folder | No |
| X | ScanRegistry | update.exe | Added by the DWNLDR-FZY TROJAN! | No |
| N | ScanSoft PaperPort 7 Registration Reminder | NAVBrowser.EXE | Registration reminder for PaperPort 7 from Scansoft (now Nuance) | No |
| X | ScanSpyware | Scanner.exe | ScanSpyware rogue security software - not recommended, removal instructions here. Also see here, here and here | No |
| X | ScanSpyware v3.2 | Scanner.exe | ScanSpyware rogue security software - not recommended, removal instructions here. Also see here, here and here | No |
| X | ScanSpyware v3.5 | Scanner.exe | ScanSpyware rogue security software - not recommended, removal instructions here. Also see here, here and here | No |
| U | ScanSys32 | sb32mon.exe | Part of the SpyBuddy keystroke logger/monitoring program - see here. Remove unless you installed it yourself! | No |
| X | scApp | scApp.exe | Added by the STANDO-E WORM! | No |
| X | scApp | suchost.exe | Added by the ACNATT.A WORM! | No |
| N | SCardSvr | scardsvr.exe | Related to SmartCard readers and sometimes uses lots of system resources | No |
| X | SCardSvr | SCardSvr32.Exe | Added by the MOFEI.B WORM! | No |
| U | SCDEmuApp.exe | SCDEmuApp.exe | Related to PowerISO - CD/DVD image file processing tool | No |
| U | Schdlr32 | Schdlr32.exe | Scheduled backups for the NTI Backup Now archiving utility. If a backup job has been scheduled, this entry places an icon in the System Tray and will automatically load the main program and execute the backup at the set time - as long as the backup media is present | Yes |
| X | scheck45 | scheck45.exe | Related to unknown malware - hidden installer associated with it | No |
| X | schedl | schedl.exe | Added by the VB-DVW WORM! | No |
| U | schedm | schedm.exe | Part of Antivir PersonalEdition Classic anti-virus | No |
| X | ScheduIe | nrchk.exe | Premium rate adult content dialler | No |
| X | ScheduIr | msexploren.exe | Added by a variant of the SDBOT WORM! | No |
| X | ScheduIr | shch.exe | Added by a variant of the SDBOT WORM! | No |
| X | ScheduIr | svchst.exe | Added by a variant of the SDBOT WORM! | No |
| X | ScheduIr | winagent.exe | Added by a variant of the SDBOT WORM! | No |
| U | Schedule | Schedule.exe | Scheduler for Mercury Ez View TV Tuner Card | No |
| N | Scheduled Maintenance | Scheduled_Maintenance.exe | Scheduler for Iolo System Mechanic tweaking utility. It can cleans your registry and deletes temporary files at defined intervals. Available via Start -> Programs | No |
| X | Scheduler | expIorer.exe | Added by the TACTSLAY.A TROJAN! | No |
| X | Scheduler | MSMSGS.EXE | Added by the HOSTBANK-A TROJAN! Note - this particular msmsgs.exe file is located in %System%\Config and should not be mistaken for the MSN Messenger file of the same name which is located in %Program Files%\Messenger | No |
| X | Scheduler | outIook.exe | Added by the TACTSLAY.A TROJAN! | No |
| X | Scheduler | svcrhost.exe | Added by the TACTSLAY.A TROJAN! | No |
| X | Scheduler | svcshost.exe | Added by the TACTSLAY.A TROJAN! | No |
| X | Scheduler | winagent.exe | Added by the TACTSLAY.B TROJAN! | No |
| U | Scheduler | Scheduler daemon.exe | Tenebril GhostSurf or SpyCatcher related scheduler - you can schedule daily, weekly, monthly or one-time only cleanings | No |
| X | Scheduler | msnexploren.exe | Added by the TACTSLAY.B TROJAN! | No |
| X | Scheduler | sdhch.exe | Added by the TACTSLAY.B TROJAN! | No |
| X | Scheduler | svchst.exe | Added by the TACTSLAY.B TROJAN! | No |
| X | Scheduler Service | wsass.exe | Added by the LIOTEN.KX WORM! | No |
| X | SchedulerMgr | navchk.exe | Premium rate adult content dialer | No |
| U | scheduler_monitor | init_scheduler.exe | Scheduler for ReaConverter advanced image converter | No |
| U | scheduler_proxy Application | scheduler_proxy.exe | Found on IBM/Lenovo ThinkCentre/ThinkStation desktops and Thinkpad notebooks. Included with versions of ThinkVantage System Update (for software updates), Rescue and Recovery (backup and system recovery), Message Center Plus and maybe others. It's exact function isn't known but if disabled, the "plan updates" button in the IBM System Update software will no longer be available, though the software will continue run properly | Yes |
| X | Scheduling Agent | Scheduler.exe | Added by the SUBWOOFER TROJAN! Note - this is not the real MS Scheduling agent as the executable is incorrect | No |
| X | SchedulingAgant | MMTASK.EXE | Added by the YAB.A TROJAN! Not the valid MusicMatch Jukebox which has the same filename | No |
| U | SchedulingAgent | mstask.exe | MS Scheduling Agent in Win98/Me/2K - displayed as a box with a stopwatch in the System Tray that is only needed if you have regular scheduled disk defragmenting, ScanDisk, etc. Required if you have regularily scheduled events such as weekly virus scans. Located in %System% and loads via the HKLM\RunServices registry key | No |
| U | SchedulingAgent | mstinit.exe | MS Scheduling Agent in WinNT - displayed as a box with a stopwatch in the System Tray that is only needed if you have regular scheduled disk defragmenting, ScanDisk, etc. Required if you have regularily scheduled events such as weekly virus scans. Located in %System% and loads via the HKLM\Run registry key with "/firstlogon" appended. Can also appear in WinXP (based upon the number of examples in a Google search) and rarely in Win98/Me/2K but we haven't seen it | No |
| X | SchedulingAgent | N/A | Added by the DINOXI or DINOXI.B WORMS! | No |
| X | SchedulingAgent | mstask.exe | Added by unidentified MALWARE! Note - this is not the MS Scheduling Agent in Win98/Me/2K. This one also loads via the HKLM\RunServices registry key but is located in %System% on a WinXP machine - where a file of that name does not normally exist | No |
| X | SchedulingAgent | mstasks.exe | Added by the MSIC BACKDOOR! | No |
| X | SchijfBewaker | SysRep.exe | SchijfBewaker, Dutch rogue system error and cleaning utility - not recommended. A member of the ErrClean family | No |
| X | SchijfControleur | GDC.exe | SchijfControleur Dutch rogue privacy tool - not recommended. A member of the PCPrivacyTool family | No |
| U | Schmaili | Schmaili.exe | Schmaili - insert animated smilies into your e-mail | No |
| X | schost | [path to trojan] | Added by the TJSERV.D TROJAN! | No |
| N | SchSvr | SchSvr.exe | WinScheduler is installed with Home Theater or WinDVD Remote Control for WinDVD from Intervideo. If you want to schedule recordings from your TV tuner card, you will need it. Available via Start -> Programs | No |
| Y | SCHWIZEX | SCHWIZEX.EXE | Part of ConfigSafe - lets you identify changes to the registry, INI files, System asset files, system hardware, network connections, and operating system versions - provides a restore function. This part takes a snapshot of your system following a healthy re-boot | No |
| X | sck121 | helpsyss.exe | Added by a variant of the MAILBOT TROJAN! | No |
| X | sclick | sclick.exe | Added by the FAKEALERT TROJAN! | No |
| X | ScManager | scman.exe | Added by the FORBOT-CW WORM! | No |
| X | scopedll | scopedll.exe | Added by a variant of the CRYPTER.C TROJAN! | No |
| N | Scotia OnLine Recovery | etdirrcv.exe | Scotia OnLine Security Software provided by Entrust for Scotiabank. Provides trusted secure access to Scotia OnLine Secure Web sites. *.* represents the version number. Now obsolete after Scotiabank modernised their login process | No |
| N | Scotia OnLine Security v*.* Recovery | etdirrcv.exe | Scotia OnLine Security Software provided by Entrust for Scotiabank. Provides trusted secure access to Scotia OnLine Secure Web sites. *.* represents the version number. Now obsolete after Scotiabank modernised their login process | No |
| X | Scr | scr.scr | Added by the OPASERV.T WORM! | No |
| N | ScrapPad | Scrappad.exe | ScrapPad allows you to quickly and easily record notes, thoughts, messages, and just about anything you want. Use it like you use scrap paper | No |
| X | scrbmk | [path to trojan] | Added by the DLOADER-VP TROJAN! | No |
| U | Screen Calendar | scrcal.exe | Screen Calendar allows you to create custom desktop wallpapers with built in active calendar and scheduler | No |
| U | Screen Guard | launch.exe | Part of Access Denied security and privacy software | No |
| U | Screen Guard Message Scan | sgms.exe | Part of Access Denied security and privacy software | No |
| X | Screen Saver | scrnsaver.scr | Added by the RBOT-AGP WORM! | No |
| N | Screen Saver Control | FSScrCtl.exe | Installs as part of the Hubble Space Telescope screen saver (and possibly others). Lets you control your installed screensavers from a System Tray icon | No |
| N | ScreenHunter 4.0 Free | ScreenHunter.exe | "ScreenHunter 4.0 Free is a completely free screen capture software for you to easily take screenshots" | No |
| N | ScreenPrint32 | ScreenPrint32.exe | ScreenPrint32 screen capture software - can be launched manually | No |
| X | ScreenSaverPlus | rundll32.exe MSA64CHK.dll,DllMostrar | MatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System% | No |
| ? | screxe | scruser2k.exe | ?? | No |
| ? | script | script.bat | Maybe associated with DOS on a Win9x machine | No |
| Y | ScriptBlocking | SBServ.exe | Update to Norton AntiVirus 2001. Detects certain types of script-based viruses without the need for specific virus definitions - such as JavaScript and VBScript. This will help protect you from these viruses even before virus definitions are available. Note - some users complain of problems once the update is installed - refer here for more information | No |
| Y | ScriptSentry | Scriptsentry.exe | Script Sentry from Jason's Toolbox. Blocks malicious scripts and allows safe scripts to run. Only required if you want it to check the file associations it guards at startup. It will function regardlessly | No |
| U | Scroll-In-Mouse V2.0 | SCROLL.EXE | Toolkit for the Lynx-3D Net scroll mouse from QTronix. Required if you use the special features | No |
| X | scroller | fpapli.exe | CoolWebSearch parasite variant | No |
| X | scrss | scrss.exe | Added by the HACDEF-R TROJAN! | No |
| X | scrsvc | scrsvc.exe | Added by the AGENT-DS TROJAN! | No |
| X | ScrSvr | ScrSvr.exe | Added by the OPASERV WORM! | No |
| X | ScrSvrOld | [worm filename] | Added by the OPASERV WORM! | No |
| Y | Scsi | Scsi.exe | SCSI Miniport driver | No |
| X | sctrlmgr | sescmgr.exe | Added by a variant of the DWNLDR-GAH TROJAN! | No |
| Y | SCTUINotify | SCTUINotify.exe | Part of Windows SteadyState, which is designed to make life easier for people who set up and maintain shared computers - enabling the system administrator to prevent users from making changes to the system configuration, windows desktop, restricting program access, etc. It's intended for shared user environments such as internet cafés, libraries and schools but can be used in any environment. This entry displays the timeout messages on the restricted computer/account - which warns users how long they have until automatic log-off when they log-in and when there are only 2 minutes left | Yes |
| X | scvhost | svzhost.exe | Added by a variant of the SPYBOT WORM! | No |
| U | scvhost | scvhost.exe | Wiretap surveillance software. Uninstall this software unless you put it there yourself | No |
| X | scvhost | scvhost.exe | Added by the AGOBOT-LI WORM! | No |
| X | scvhost loader | ixplore.exe | Added by the SDBOT-CY TROJAN! | No |
| X | scvhost.exe | scvhost.exe | Added by the LOHAV-N TROJAN! | No |
| X | sd32info | sd32info.exe | Added by the CRYPTER.A TROJAN! | No |
| U | SDaemon | sdaemon.exe | PC Security™ from Tropical Software - "is the ultimate in computer security, offering multiple locking systems for the windows environment and internet. Lock files, monitor programs activities, even detect intruders!" | No |
| U | SDAutoLiveupdate | LiveUpdateSD.exe | Spyware Detector - spyware remover. Initially not recommended due to false positives but the later versions have since improved - see here | No |
| X | SDAv | csnss.exe | Added by the SERFLOG.C WORM! | No |
| X | SDAv | svhost.exe | Added by the SERFLOG.C WORM! | No |
| X | sdchosts32 | vbdd.exe | Added by the RANKY.AG TROJAN! | No |
| ? | SDClientMonitor | sdclientmonitor.exe | Related to LANDesk Management Suite from LANDesk Software Ltd. What does it do and is it required? | No |
| N | SDetect | SDetect.exe | ScanSuite Scanner Detector - part of ScanWizard, supplied with Microtek scanners. Waits until you press the "GO" button and seems to serve no other purpose. Automatically installed without prompting. Not required if you can start your scanning application before pressing the "GO" button | No |
| X | sdfsdfsdf | sp2update.exe | Added by a variant of the SPYBOT WORM! | No |
| X | SDIN Adapter | sdin.exe | Added by the FORBOT-AP WORM! | No |
| ? | SDJobCheck | triggusr.exe | Part of CA Unicenter Software Delivery - manage software across various systems, from desktops and servers to PDAs and mobile phones, in a controlled and standardized way - is it required at startup? | No |
| X | SDK Codre Function22 | sdkimddprovment2.exe | Added by the SDBOT-YJ WORM! | No |
| X | SDK Core Component | sdkcore.exe | Added by the SDBOT-WC WORM! | No |
| X | SDK Core Function | sdkimprovment.exe | Added by the RBOT.BHL WORM! | No |
| X | SDK Core Function2 | sdkimprovment2.exe | Added by the SPYBOT.OGX WORM! | No |
| X | Sdk**.exe [* = random char] | Sdk**.exe [* = random char] | CoolWebSearch/HomeSearch adware - for examples, see this log | No |
| X | Sdk**32.exe [* = random char] | Sdk**32.exe [* = random char] | CoolWebSearch/HomeSearch adware - for examples, see this log | No |
| X | SDKcore Update Components2 | SDKC0R3.exe | Added by the RBOT-ABA WORM! | No |
| X | SDKCprords | SDKc55rezzz.exe | Added by the RBOT.VD WORM! | No |
| X | sdkupdate22 | SDK0mCORE.exe | Added by the FORBOT-DT WORM! | No |
| X | SDKz0r | SDKc55rezzz2.exe | Added by the SDBOT-UN WORM! | No |
| ? | SDMSSplash | launcher.exe | Part of HP's Smart Desktop Management System - "Preloaded on select business desktops, SDMS features automatic remote backup and disaster recovery via secure offsite storage and helps detect and remove PC security threats." Is this just the "splash" screen shown when the program lauches and is it therefore required? | No |
| N | SDPhotoBar.exe | SDPhotoBar.exe | SmartDraw Photo (now FotoFinsh) - "organize, enhance, print, and share your photos. It's also a powerful graphic editor for creating images and web graphics" | No |
| X | SDR6_Check | udcsdr.exe | Part of the DriveCleaner rogue security software - not recommended, removal instructions here | No |
| X | sdrss | sdrss.exe | Added by the SDBOT-SQ WORM! | No |
| U | sds20 | svchost.exe | InlookExpress logs keystrokes and captures screenshots. If you didn't install this yourself remove it. Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in C:\sds20 | No |
| X | SdScans** | stup_tmp.#32 | Added by the SDSCAN.A TROJAN - where ** are random upper case letters | No |
| U | SDTray | sdtray.exe | RSA Keon Web PassPort - software that allows organizations to use digital certificates in a Web-based environment to help ensure that their transactions are authentic, confidential and digitally signed | No |
| Y | SDTray | SDTrayApp.exe | System Tray access to an older version of Spyware Doctor antispyware from PC Tools | No |
| X | sdxsys32 | sdxsys32.exe | Added by the BROGGER-A TROJAN! | No |
| U | sealmon | sealmon.exe | SealedMedia enables you to combine document protection and control with your existing applications - such as Microsoft Word, Microsoft Excel, Microsoft PowerPoint and Email | No |
| X | Search Bar | taskbar.exe | Added by the OPANKI-F WORM! | No |
| X | Search Defender | SearchDefender.exe | Installed by SpeedItUp without permission, along with PC-Checker. Detected by DrWeb as the STARTPAGE.ORIGIN TROJAN! | No |
| ? | Search Hook | srchhook.exe | ?? | No |
| X | Search Page | http://find.naupoint.com | Naupoint browser hijacker | No |
| U | Search Protection | SearchProtection.exe | "Yahoo! Search Protection will alert you if an attempt is made to change your default browser search engine from Yahoo!" | No |
| X | Search-Exe | SE.exe | Search-Exe hijacker | No |
| X | Search.vbs | Hijacker | No | |
| X | SearchAndDestroyMFC | Search And Destroy.exe | Search And Destroy rogue security software - not recommended, removal instructions here | No |
| X | SearchAndDestroyScheduler | SearchAndDestroy.exe | Search And Destroy rogue security software - see here and here | No |
| X | SearchAndDestroyT | SearchAndDestroy.exe | Search And Destroy rogue security software - see here and here | No |
| X | searchbar | vnmispoisn downloader.exe | SearchBarCash adware variant | No |
| X | SearchClick | [trojan filename] | Added by the AGENT-DWR TROJAN! | No |
| X | SearchEnhancement | scbar.exe | SCBar foistware | No |
| X | SearchMP3 | rundll32.exe MSA64CHK.dll,DllMostrar | MatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System% | No |
| X | searchnav | searchnav.exe | SearchNav adware - IEFeatures/Popnav variant | No |
| X | SearchNavVersion | searchnavversion.exe | SearchNav adware - IEFeatures/Popnav variant | No |
| X | SearchNet_Up | ServeUp.exe | SearchNet adware | No |
| U | SearchProtection | SearchProtection.exe | "Yahoo! Search Protection will alert you if an attempt is made to change your default browser search engine from Yahoo!" | No |
| X | SearchSetter | searchsetter[1].exe | Browser hijacker - redirecting to FindWhateverNow.com | No |
| X | SearchSettings | SearchSettings.exe | Vendio "Search Settings" foistware - reportedly installed without notice, see here and here | No |
| X | SearchSpy | SearchSpyMenu.exe | SearchSpy rogue spyware remover - not recommended | No |
| X | SearchSquire[number] | SearchSquire[number].exe | SearchSquire adware | No |
| X | SearchUpgrader | SearchUpgrader.exe | Hijacker | No |
| X | Secboot | w32tm.exe | Added by the HAXDOOR.D TROJAN! | No |
| X | secboot | mszx23.exe | Added by a variant of the HAXDOOR.BC TROJAN! | No |
| X | secboot | vtd 16.exe | Added by the HAXDOOR-AE TROJAN! | No |
| X | secdrive.exe | secdrive.exe | Added by a variant of the SPYBOT WORM! See here | No |
| U | Second Copy 2000 | SecCopy.exe | Related to Second Copy? - a files/folders backup utility | No |
| U | SecondChance | sctray.exe | Power Quest Second Chance. Sets checkpoints for saving a backup copy of the registry to a disk so you can restore it if you have a crash | No |
| X | Secret | Secret.exe | Added by the DELF-LW TROJAN! | No |
| X | Secret-Crush | start.exe | Hijacker that may reset your browser's home page and/or search settings to point to undesired sites | No |
| U | SECRETMAKER | secretmaker.exe | Secretmaker is a combination of eight privacy-defending programs, including Spam Fighter Pro, Worm Hunter, Pop-Up Killer, Banner Blocker, Cookie Eraser, Privacy Protector, History Cleaner, and Garbage Cleaner | No |
| U | SecretSmileys | ss.exe | "Secret Smileys is an add-on for AIM that provides users access to 1000's of new Smileys that can be viewed by anyone using a current version of AIM. Secret Smileys also adds other features such as logging of IM conversations, and it gets rid of that annoying advertisement on your buddy list window" | No |
| X | secserv.exe | secserv.exe | Detected by Panda as an EasySearch adware variant. Note - EasySearch modifies the Internet Explorer settings and may download programs onto the infected computer | No |
| X | secsvc32 | secsvcnt.exe | Added by the GLOBAL PATROL TROJAN! | No |
| U | Secsys | Secsys.exe | UltraSoft Key Interceptor surveillance software - uninstall this unless you put it there yourself! | No |
| U | SecurDisc | NBHGui.exe | Part of the Nero multimedia suite backup function - "Recover your data quickly and easily and create discs that are password protected. SecurDisc technology gives you peace of mind" | No |
| X | secure | [random].exe | DealHelper adware | No |
| X | secure | svshost.exe | Added by the RBOT-AFO WORM! | No |
| X | secure socket layer | wins32a.exe | Added by an IRCBOT TROJAN! | No |
| X | Secure Socket Layer Certification | sslcert.exe | Added by the VANEBOT-AN WORM! | No |
| X | Secure System | integitor.exe | Added by the AGOBOT.ACI WORM! | No |
| X | Secure32 | Shell32.com StartUp | Added by the BRONTOK-CJ WORM! | No |
| X | Secure64 | Regedit32.com StartUp | Added by the BRONTOK-CJ WORM! | No |
| N | SecureClean4RegManager | scregmanager4.exe | WhiteCanyon SecureClean 4 disk cleaner - clean hard drive data, MRUs, temp files and more. Can be started manually | No |
| N | SecureClean4Tray | sctray4.exe | WhiteCanyon SecureClean 4 disk cleaner - clean hard drive data, MRUs, temp files and more. Can be started manually | No |
| X | SecureCleaner | SecureCleaner.exe | SecureCleaner spyware remover - not recommended, see here | No |
| N | SecureCleanIEClean | SCIEClean.exe | SecureClean - scans your system for hidden temporary files, deleted email messages, Internet histories and caches | No |
| X | SecureExpertCleaner | sec.exe | Secure Expert Cleaner rogue privacy program - not recommended, removal instructions here | No |
| X | SecureFighter | SecureFighter.exe | SecureFighter rogue security software - not recommended, removal instructions here. A member of the WiniGuard family | No |
| U | SecureItPro | Secureitpro470p.exe | SecureIt Pro - lock your computer when you're not there, to stop malicious users from accessing your desktop | No |
| X | SecureKeeper | SecureKeeper.exe | SecureKeeper rogue security software - not recommended, removal instructions here. A member of the AntiAID family | No |
| X | SecureLogin | Mslg32.exe | Added by the REDZED WORM! | No |
| U | SecureOnlineAccountNumbers | SOAN.exe | Related to Secure Online Account Numbers by Discover(R) Card from Orbiscom Ltd. Secure and innovative payment solutions | No |
| X | SecurePCCleaner | GDC.exe | SecurePCCleaner rogue privacy tool - not recommended. A member of the PCPrivacyTool family | No |
| U | SecurePCSolutionsBootCheck | BootCheck.exe | 1 Click Fixer PLUS from Secure PC Solutions "takes the guesswork out of locating and solving problems in the Windows registry" | No |
| X | secures23 | mssecure.exe | Added by the AGOBOT-ABY WORM! | No |
| X | SecureVeteran | SecureVeteran.exe | SecureVeteran rogue security software - not recommended, removal instructions here. A member of the WiniGuard family | No |
| X | SecureWarrior | SecureWarrior.exe | SecureWarrior rogue security software - not recommended, removal instructions here. A member of the WiniGuard family | No |
| X | Security | WindowsSecurityUpdate.exe | Added by a variant of the SDBOT WORM! | No |
| X | Security 2009 | Security2009.exe | Security 2009 rogue security suite - not recommended, removal instructions here | No |
| X | Security Accounts Manager SM | samsm.exe | Added by the SPYBOT.JE WORM! | No |
| X | Security Agent | securag.exe | Added by the BANCBAN-F TROJAN! | No |
| X | Security Agent Manager | mssams.exe | Added by the RBOT-SV WORM! | No |
| X | Security Antivirus Xp 1 | inetfor.exe | Added by the SDBOT.BAV WORM! | No |
| X | Security Center | AppControl.exe | Added by the SDBOT.CFT WORM! | No |
| X | Security Center Distribution | securesec.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Security iGuard | Security iGuard.exe | Security iGuard spyware remover - not recommended, see here | No |
| U | Security Manager | SecurityManager.exe | A ComCast Internet software suite that provides a variety of features (firewall, popup blocker, parental controls etcetera) to help ensure your computer is secure, and your information is kept private | No |
| X | Security Mechanic | lsascs.exe | Security Mechanic rogue security software - not recommended, removal instructions here | No |
| X | Security Monitor | securemon.exe | Added by the SLENFBOT.ABH WORM! | No |
| X | Security Patch | scmss.exe | Added by the RBOT-ZW WORM! | No |
| X | Security Patch | WinUpdate32.exe | Added by the SDBOT-BM WORM! | No |
| X | Security Patches | msnkn.exe | Added by the RBOT.WW WORM! | No |
| X | Security Patches | WinLab32.exe | Added by the SDBOT-KB WORM! | No |
| X | Security Server DB | secserver.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | security service | syss.exe | Added by an unidentified WORM or TROJAN! | No |
| X | Security Service | secsvc.exe | Added by the RBOT-GGF WORM! | No |
| X | Security Service DB | secservice.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Security Service Process | svhost.exe | Added by the AGOBOT-LC WORM! | No |
| X | Security System | securesys.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Security Update Service | wmiprvce.exe | Added by the AGOBOT.ZW WORM! | No |
| X | SecurityFighter | SecurityFighter.exe | SecurityFighter rogue security software - not recommended, removal instructions here. A member of the WiniGuard family | No |
| X | SecurityScanner | ss2008.exe | Security Scanner 2008 rogue security software - not recommended, removal instructions here | No |
| X | SecuritySoldier | SecuritySoldier.exe | SecuritySoldier rogue security software - not recommended, removal instructions here. A member of the WiniGuard family | No |
| X | securw | Nctrup.exe | Added by the NOPIR.A WORM! | No |
| Y | SECWIZ98 | SECWIZ98.EXE | Security Wizard 98 by Chris Farmer. Offers you a variety of ways to restrict access to many of the programs and settings on your PC. Available here | No |
| X | seekmo | seekmo.exe | 180Solutions.Seekmo adware - also see here | No |
| X | SeekmoOE | OEAddOn.exe | 180Solutions.Seekmo adware variant - also see here | No |
| X | SeekmoSA | SeekmoSA.exe | 180Solutions.Seekmo adware variant - also see here | No |
| X | SeekmoToolbar | ${HOOKOE_FILE} | 180Solutions.Seekmo adware - also see here | No |
| X | seeve | seeve.exe | Medload adware | No |
| X | Select server | slcsvr.exe | Added by the DLOADER-WD TROJAN! | No |
| ? | SelfHostUtil | slefhost.exe | ?? | No |
| X | seli | [path to file] | Added by the LOWZONE-AS TROJAN! | No |
| X | SemanticInsight | SemanticInsight.exe | RXToolbar adware. Software that displays pop-up/pop-under advertisements when the primary user interface is not visible | No |
| U | SeMS | SeMS.exe | PCsms - tool that enables you to send sms text messages from your PC to any UK mobile phone | No |
| X | Sen | tlii.exe | Detected by Kaspersky as PurityScan.ah | No |
| U | SendMail | SendMail.exe | Part of the MySuperSPy surveillance software. Uninstall this software unless you put it there yourself. Located in %ProgramFiles%\Myss | No |
| U | Sensiva | Sensiva.exe | Symbol Commander makes the use of your PC, laptop, Tablet PC, and Pocket PC much easier and much faster. It recognizes your handwriting with unparalled performance and executes commands in a snap. Just by using your mouse, pen, or touchpad, simply draw symbols to execute actions instantly | No |
| X | SENTRY | SENTRY.exe | From IP Insight. Allows website owners "to instantly determine the precise geographic location, connection speed and detailed demographics of every visitor to your website". Will be detected by most firewalls and the majority of home users should disable it | No |
| X | Sepate Security Firewall | sepate.exe | Added by the RBOT.BLC BACKDOOR! | No |
| N | SEPCSuite | SEPCSuite.exe | System Tray accesss to Sony Ericsson PC Suite which "connects your phone to your computer and expands the capabilities of your phone". Start manually via the Start Menu (or optional desktop shortcut) before connecting the phone | Yes |
| X | septpop06apsept | septpop06apsept.exe | MediaMotor.Popupwithcast adware | No |
| X | Serials | serials.exe | Any one of a variety of worms and trojans | No |
| X | Serices Hostin | servicez.exe | Added by the SLENFBOT.MF WORM! | No |
| X | SernellApp.pcx | csrss.exe | Added by the BANCBAN-BJ TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "D5133" subfolder | No |
| X | serpe | formatsys.exe | Added by the SERFLOG.A WORM! | No |
| X | serpe | msmbw.exe | Added by the SERFLOG.A WORM! | No |
| X | serpe | serbw.exe | Added by the SERFLOG.A WORM! | No |
| Y | serrdctl.exe | serrdctl.exe | "Shared Modem Service Client Event Viewer" - used when a number of PCs have access to a number of modems. Required to be running on each PC for access to the modems | No |
| X | serrv | serrv.exe | Added by the WAREZOV.DC WORM! | No |
| X | SERV PacK2 | nerx.exe | Added by the SDBOT-ACP WORM! | No |
| N | Serv-U | serv-u32.exe | FTP server | No |
| X | Serv-U | wssdsu.exe | Added by the MANIFEST TROJAN! | No |
| X | server | server.exe | Added by the DELTAD.A WORM! | No |
| X | server | system.exe | Added by the METHS-A TROJAN! | No |
| X | server | server.exe | Added by the SINGU-Q TROJAN! | No |
| Y | Server Application for MFP Server | ServoApp.exe | Multi Function Printer (MFP) Server Agent for Belkin's Wirless G All-in-One Print Server and ZyXEL's NPS-520 | No |
| X | Server Backbone | server05.exe | Added by the RBOT-ZM WORM! | No |
| X | Server Daemon Host Manager | sdhost.exe | Added by the RBOT-GWC WORM! | No |
| X | Server Registry | regscr32.exe | Added by the BIFROSE-ZB TROJAN! | No |
| X | Server Runtime Error | unsec.exe | Added by the SDBOT-DFA WORM! | No |
| X | Server Runtime Process | wbemstest.exe | Added by the SDBOT-DDB WORM! | No |
| X | SERVER.EXE | SERVER.EXE | Added by the BUSHTRO122 or SMOKODOOR TROJANS! | No |
| X | serverex | Server.txt.vbs | Added by the DELTAD.A WORM! | No |
| X | Serverx | Serverx.exe | Added by the MADANGEL VIRUS! | No |
| X | Service | service.exe | Added by the ALADINZ.H TROJAN! | No |
| X | Service | [trojan filename] | Added by the KAITEX.E TROJAN! | No |
| X | Service | services.exe -serv | Added by the NETSKY or NETSKY.B WORMS! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | Service | SYSNT.exe | Added by the CHA TROJAN! | No |
| X | Service | Service.pif | Added by the ASSIRAL-C WORM! | No |
| X | service | wN2S.exe | Added by a variant of the RBOT WORM! | No |
| U | Service Centre | launcher.exe | Management tool for the Open Networks iConnect series of products - as used by Australian ISP's such as iiNet and Hotkey | No |
| X | Service Cleaner | filen.exe | Added by the RBOT.BRH WORM! | No |
| X | Service Client | winsvcli.exe | Added by an unidentified WORM or TROJAN! See here | No |
| N | Service Connection | sccenter.exe | For Compaq PC's. Part of Backweb | No |
| N | Service Connection | bwtray.exe | For Compaq PC's. Part of Backweb | No |
| X | Service Control Manager | scm.exe | Added by the AGOBOT-GD BACKDOOR! | No |
| X | Service Controller | Csrrs.exe | Added by the GAOBOT.AO WORM! | No |
| X | Service Controller | service.exe | Added by the PREVERT TROJAN! | No |
| X | Service Defender | [random filename] | Added by a variant of the ZLOB TROJAN! See here | No |
| X | Service Drivers | msnpg.exe | Added by the RBOT.BMD WORM! | No |
| X | Service Drivers | PC.EXE | Added by the SDBOT-WK WORM! | No |
| X | Service Drivers | Compt.exe | Added by the RBOT-ZJ WORM! | No |
| X | Service Drivers | abl.exe | Added by the SDBOT-YX WORM! | No |
| X | Service Drivers | MSNMEssenger.exe | Added by a variant of the RBOT WORM! | No |
| X | Service Host | svchost.exe | Added by the TORVEL WORM! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | Service Host | [filename].exe | Added by the TORVEL.B WORM! | No |
| X | Service Host | spoolxx.exe | Added by the TORVEL WORM! | No |
| X | Service Host | svchost.exe | Added by the DAOSER-A TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %System%\Services\{C922CCC4-CF61-4589-A0D1-828160704853} | No |
| X | Service Host | svchost.exe | Added by the DAOSER-C TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %System%\Services\[random] | No |
| X | Service Host | svchosts.exe | PornCleanser spyware | No |
| X | Service Host Driver | svchost.exe | Added by the HITON TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in the Winnt or Windows folder | No |
| X | Service Host Process | spoolsvc.exe | Added by the GAOBOT.GEN!POLY WORM! | No |
| N | Service Manager | sqlmangr.exe | SQL Server Service Manager - provides tray access to SQL server, the server agent and MSDTC. Available via Start → Programs | No |
| X | Service Manager | SERVICEMGR.EXE | Added by the PASSMAIL-D VIRUS! | No |
| X | Service Manager | dxsound.exe | Added by the PROXY-GRIC TROJAN! | No |
| X | service manager | service.exe | Added by the DONBOMB.A TROJAN! | No |
| X | Service Manager | serv3manager.exe | Added by the SDBOT-AGO WORM! | No |
| X | Service Monitor | msnfilen.exe | Added by the RBOT-ALE WORM! | No |
| X | Service Monitor | javams32.exe | Added by the DELF-NK TROJAN! | No |
| X | Service Monitor | javams64.exe | Added by the SDBOT-AFO WORM! | No |
| X | Service Monitor | msnserve.exe | Added by the SPYBOT.YQW WORM! | No |
| X | Service Monitor | WinOcx.exe | Added by the RBOT-AQJ WORM! | No |
| X | Service Monitor | csnss.exe | Added by the RBOT.EEH WORM! | No |
| X | Service Monitor | filen.exe | Added by a variant of the RBOT WORM! | No |
| X | Service Monitor | winxpser.exe | Added by the RBOT-BDF WORM! | No |
| X | Service Pack | [various filenames] | Added by the LERPA-A WORM! Note - the file name will be one of the following common.exe, common.pif, common.scr, Sexo.exe, Sexo.jpg.pif, ini_file__.pif, load_me__.tmp, msfile.pif, system_load_.pif or zipped.rar.pif | No |
| X | Service Pack 1 | [random filename] | Added by the VXGAME.Z TROJAN! Note - the filename is random - see the link. Typical examples are vexg6ame4.exe, vexga3me2.exe, vexga4m1et4.exe, etc | No |
| X | Service Pack DLL Runtime | spdll32.exe | Added by a variant of the RBOT WORM! | No |
| X | Service PAck SFVP | [worm filename].exe | Added by a variant of the RBOT WORM! The filename is 4 random characters | No |
| X | Service Process | SVCHOST.EXE | Added by the DARKER WORM! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in the Winnt or Windows folder | No |
| X | Service Process | winset.exe | Added by a variant of the SPYBOT WORM! | No |
| X | Service Process | service.exe | Added by the DCMBOT-C TROJAN! | No |
| X | Service Process | smss.exe | Added by the DCMBOT-E TROJAN! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "config" subfolder | No |
| X | Service Process | svchost.exe | Added by the DCMBOT-A TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "config" subfolder | No |
| X | Service Registry NT Save | jdbgmgrnt.exe | Added by the BANCOS-CG TROJAN! | No |
| X | Service Registry NT Save | taskmgrnt.exe | Added by the BANCOS-BY TROJAN! | No |
| X | Service Registry NT Save | regeditnt.exe | Added by the BANCOS-BM TROJAN! | No |
| X | Service Scheduler | scheduler.exe | Added by the AGOBOT-PH WORM! | No |
| X | Service System | kernels32.exe | Added by the BANCOS-DA TROJAN! | No |
| X | Service System | windowsXP.exe | Added by the BANCOS-EL TROJAN! | No |
| X | Service System | kgbfsm344.exe | Added by the BANCOS-FS TROJAN! | No |
| X | Service System | wernell87.exe | Added by the BANCOS-FJ TROJAN! | No |
| X | service updaer | qualityz.exe | Added by an unidentified VIRUS, WORM or TROJAN! - probably a SPYBOT variant | No |
| X | Service Update Client | svcupdcli.exe | Added by an unidentified WORM or TROJAN! See here | No |
| X | Service<user> | SERVICES.EXE | Added by the BRONTOK-BH WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in Documents and Settings\<User>\Local Settings\Application Data\WINDOWS | No |
| X | Service.exe | Service.exe | "servedby.advertising" popup generator | No |
| X | Service2 | Service2.exe | Identified as a variant of the Win32.Iroffer malware. Located in %Windir%\Drivers\Intel | No |
| X | service32 | service32.exe | Added by the AGOBOT-ST WORM! | No |
| X | service32.exe | [path to trojan] | Added by the DLOADR-AYX TROJAN! | No |
| X | ServiceAdministrator | SERVICES.EXE | Added by the KORRON.B WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in Documents and Settings\<User>\Local Settings\Application Data\WINDOWS | No |
| U | ServiceConfig | ispbeg.exe | Comcast Transition Wizard. On June 30th, 2003 it will migrate E-mail and web pages from AT&T Broadband Internet to Comcast High-Speed Internet. Until then it will run at startup and then terminate - hence the U recommendation | No |
| X | serviceconnect | serviceconnect.exe | Added by the AGOBOT.AIR WORM! | No |
| X | Servicee | services.exe | Added by the AGENT.DEI TROJAN! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | ServiceHost | svch0st.exe | Added by the VB.HE VIRUS! | No |
| X | servicelayer | servicelayer.exe | Added by the RENOS.FJ TROJAN! Note - do not confuse this with the Nokia service of the same name which resides in %ProgramFiles%\Common Files\PCSuite\Services or %Program Files%\PC Connectivity Solution. This one is located in %Windir% | No |
| X | servicemng | service.exe | Added by the TAME-C WORM! | No |
| X | ServiceOptionMP3 | winamp.dll.exe | Added by the SAMSON-A TROJAN! | No |
| X | Servicer | servcr.exe | Added by the SDBOT.BAH TROJAN! | No |
| X | Servicerepclient1 | SERVICES.EXE | Added by the BRONTOK-BT WORM and variants! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in Documents and Settings\<User>\Local Settings\Application Data\WINDOWS | No |
| X | services | start.bat | Added by the ZCREW TROJAN! | No |
| X | Services | [path to trojan] | Added by the METEORSHELL TROJAN! | No |
| X | Services | back32.exe ...service.exe | Added by an unidentified VIRUS, WORM or TROJAN! Back32.exe is the baddie whose purpose is to HIDE the MIRC32 server in service.exe | No |
| X | Services | services.exe | Added by a number of VIRUSES, WORMS and TROJANS! Note - this is not the legitimate services.exe process which should NOT appear in Msconfig/Startup! | No |
| X | Services | winread.exe | Added by an unidentified VIRUS, WORM or TROJAN! | No |
| X | Services | windns.exe | Added by a variant of the RBOT WORM! | No |
| X | Services | mshost.exe | Added by the LANFILT-J TROJAN! | No |
| X | services | Svchosts.exe | Added by the SDBOT-N TROJAN! | No |
| X | Services | csrss.exe | Added by a variant of the RANKY.U TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! | No |
| X | Services | scks32.exe | Added by a Proxy Trojan variant | No |
| X | Services | sockys32.exe | Added by the RANKY.L TROJAN! | No |
| X | Services | sys.exe | Added by a Proxy Trojan variant | No |
| X | services | windows32.exe | Added by the FLYVB-C WORM! | No |
| X | services | socks.exe | Added by the WIN32.SMALL.N TROJAN! | No |
| X | Services | services.exe | Added by the ZINCITE.A TROJAN! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | Services | [path to trojan] | Added by the RANCK-DB TROJAN! | No |
| X | Services | iexplore.exe | Added by the MOGI WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System% | No |
| X | Services | svchost.exe | Added by the REPER-B WORM! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder | No |
| X | Services | sysamp.exe | Added by a variant of the SDBOT WORM! | No |
| X | Services | prosys32.exe | Added by an unidentified WORM or TROJAN! | No |
| X | Services | iexplorer.exe | Added by an unidentified WORM or TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe) | No |
| X | Services | iexploler.exe | Added by the RANCK-LT TROJAN! | No |
| X | Services | iexpolere.exe | Added by the RANCK.LU TROJAN! | No |
| X | services | sample.exe | Added by a variant of the RANKY TROJAN! | No |
| X | Services | csrss32.exe | Added by the ANACON-D VIRUS! | No |
| X | Services Administrator | localsvc.exe | Added by the DLOADER-NY TROJAN! | No |
| X | Services Administrator | netsvc.exe | Added by the DLOADER-NY TROJAN! | No |
| X | Services Administrator | spoolsvc.exe | Added by the DLOADER-NY TROJAN! | No |
| X | Services Administrator | svcadmin.exe | Added by the DLOADER-NY TROJAN! | No |
| X | Services Administrator | svcman.exe | Added by the DLOADER-NY TROJAN! | No |
| X | Services Administrator | svcrun.exe | Added by the DLOADER-NY TROJAN! | No |
| X | Services Administrator | tcpsvc.exe | Added by the DLOADER-NY TROJAN! | No |
| X | Services Administrator | websvc.exe | Added by the DLOADER-NY TROJAN! | No |
| X | Services Controller | lsassa.exe | Added by the CIADOOR.122 VIRUS! | No |
| X | Services Controller | services.exe | Added by the CIADOOR-F TROJAN! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | Services DLL Loader | srvdll.exe | Added by the SLENFBOT.ZS WORM! | No |
| X | Services Host | Scchost.exe | Added by the DONK WORM! | No |
| X | Services Host | svchost32.exe | Added by the AGOBOT-TG WORM! | No |
| X | Services host | svchost.com | Added by the RBOT-EU WORM! | No |
| X | Services Logon | services.exe | Added by the CROWT.A WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in Documents and Settings\<User>\Templates | No |
| X | Services Management Clients | servc.exe | Added by the RIZO.A TROJAN! | No |
| X | Services Managements | servcs.exe | Added by the RBOT-GUC WORM! | No |
| X | Services Manager | svsmanager.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Services Manager! | svmanager.exe | Added by the IRCBOT.ATZ BACKDOOR! | No |
| X | Services Managers | svcmanager.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Services Process | services.exe | Spyware - detected by Kaspersky as the SMALL.X TROJAN! Note - this is not the legitimate services.exe process, which should not appear in Msconfig/Startup! | No |
| X | Services Process | smss.exe | Added by the SMALL-EK TROJAN! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "config" subfolder | No |
| X | Services Start2 | odcwinst.exe | Added by the PYSKE-D WORM! | No |
| X | Services Startup | services.exe | Added by the CROWT.A WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %ProgramFiles%\Common Files | No |
| X | Services Startup | svhost33.exe | Added by a variant of the RBOT WORM! | No |
| X | Services.EXE | services.exe | Added by the KAZPING WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | services.exe | servicess.exe | Added by the MSNSPY-B TROJAN! | No |
| X | Services004 | [worm filename] | Added by the BUGBROS WORM! | No |
| X | services32 | mc-110-12-0000079.exe | Added by the TrojanDownloader.Agent.rv TROJAN! | No |
| X | services32 | mc-58-12-0000120.exe | "Shorty" adware - also detected as the AGENT.FD TROJAN! | No |
| X | services32 | mc-58-12-0000140.exe | "Shorty" adware - also detected as the AGENT.FD TROJAN! | No |
| X | Services32 Startup | win32dll.exe | Added by the SDBOT-XO WORM! | No |
| X | ServicesActive | cssrs.exe | Added by the AGOBOT-GB BACKDOOR! | No |
| X | ServicesAdministrator | SERVICES.EXE | Added by the PUNYA-B WORM! Note - this is not the legitimate services.exe process, which should not appear in Msconfig/Startup! | No |
| X | Servicesara | services.exe | Added by the BRONTOK-BS WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in Documents and Settings\<User>\Local Settings\Application Data\WINDOWS | No |
| X | ServicesLoad | lsass.exe | Added by the DEARIS-A TROJAN! Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | ServicesLog | ccapp32.exe | Added by the RBOT-AMX WORM! | No |
| U | ServicesNotify | ServicesNotify.exe | Defender Pro Antispy | No |
| X | servicestub.exe | servicestub.exe | Added by the RBOT.CN BACKDOOR! | No |
| X | Servicewin | Hide32.exe | Added by the MSNVB-D WORM! | No |
| X | Servicing | hostd.exe | Added by the SDBOT.BUI WORM! | No |
| X | Servicio Local | svhost.exe | Added by the SPYBOT.BGX WORM! | No |
| X | servico | servico.exe | Added by the BANKER-DKE TROJAN! | No |
| X | Servicos | AdobeLanc.exe | Added by the BANKER-EHR TROJAN! | No |
| X | Servicos | System.exe | Added by the BANCOS-BCM TROJAN! | No |
| X | servics | servics.exe | Added by the SINGU-J TROJAN! | No |
| X | servises | servises.exe | Added by the AGENT-JUJ WORM! | No |
| X | SERVlCE | SERVlCE.EXE | Added by the AGOBOT-UB WORM! | No |
| X | ServRun | srss32.exe | Added by the AGOBOT.ABS WORM! | No |
| ? | ServUTrayIcon | ServUTray.exe | System Tray icon for Serv-U FTP server. Is it required? | No |
| X | SES Service | sesvc.exe | Added by the SDBOT-CZU WORM! | No |
| U | Session Client | sescli.exe | SurfSpy keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| X | Session Manager Subsystem | smssa.exe | Added by the RBOT-AGS WORM! | No |
| X | SessionMngr | dirlock.exe | Added by the DAPROSY WORM! | No |
| X | SESync | sed.exe | DownloadWare adware | No |
| ? | SetCacheMode | rundll32.exe ptipbmf.dll, SetWriteCacheMode | Installed with the miniport drivers for Promise hard drive controllers in both RAID and non-RAID installations. May be necessary in order to maintain preferences applied to the RAID array connected to the Promise controller | No |
| ? | SetDefaultMIDI | MIDIDef.exe | Related to a Soundblaster Audigy soundcards. What does it do and is it required? | No |
| Y | SetDefaultPrinter | cloaker.exe | Used by HP and Compaq computers to hide the windows of programs passed as arguments to it | No |
| N | setdefprt | setdefprt.exe | Used to set a Brother MFC printer/copier/scanner as the default printer after installation | No |
| N | SetDefPrt | BrStDvPt.exe | Used to set a Brother MFC printer/copier/scanner as the default printer after installation | No |
| U | SetecCertUtil | Certutil.exe | Setec Web and Email Security. Setec PKI smart card software. The PKI technology enables secure and reliable user identification in services offered through Internet, mobile handsets and digital TV | No |
| X | setFTPBack | createsw.exe | Added by the FTP_BMAIL TROJAN! | No |
| N | SetHook | Sethook.exe | Fellowes Neato® cd label design software. "Launch NEATO's MediaFACE II label making software directly from the productname toolbar" | No |
| N | SETI@home | SETI@home.exe | SETI@home is a scientific experiment that uses Internet-connected computers in the Search for Extraterrestrial Intelligence (SETI). You can participate by running a free program that downloads and analyzes radio telescope data | No |
| N | seticlient | SETI@home.exe | SETI@home is a scientific experiment that uses Internet-connected computers in the Search for Extraterrestrial Intelligence (SETI). You can participate by running a free program that downloads and analyzes radio telescope data | No |
| N | SetIcon | SetIcon.exe | Installed by a 6-in-1 (4 Media Card slots, a floppy drive and a USB connection) device. Constantly updates the icons for the four Media Card slots that it has and is a resource hog | No |
| N | SetiQueue | Setiqu~1.exe | Provides work unit buffering for Seti@Home clients - see here for more details | No |
| N | SetiSpy | SetiSpy.exe | SETI Spy is a little program to "spy" on the progress and performance of the SETI@home client. Called a "spy" because it is unobtrusive as possible | No |
| X | SetPoint | SetPoint.exe | Added by the RBOT-BWI WORM! Note - this is not the valid Logitech Setpoint mouse and keyboard entry that uses the same filename and is located in %ProgramFiles%\Logitech\Setpoint. This one is located in %System% | No |
| U | SetPoint | Setpoint.exe | Logitech SetPoint Event Manager for their range of mice and keyboards. Required if you want to use the advanced features of these devices and is located in the LogitechSetpoint sub-folder of Program Files | No |
| X | SETPOINT Logitech Inc | KHALMNP.exe | Added by the RBOT-AAX WORM! | No |
| U | SetRefresh | SetRefresh.exe | Found on some Compaq & HP PCs. SetRefresh is a utility which attempts to optimize the monitor's refresh rate, and in some cases the resolution, for the best user experience. See "here for more info | No |
| X | Setting | sysweb.exe | Added by the SDBOT.GEN TROJAN! | No |
| N | setup | hphprld.exe ....setup.exe | HP DeskJet Setup - printers function normally without it | No |
| X | Setup | [path to trojan] | Added by the DROPPER.EAT TROJAN! | No |
| X | Setup experation | svchost.exe | Added by the TOFGER-AW TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in the Winnt or Windows folder | No |
| X | setupa | runt32.exe | Added by the QQPASS-K TROJAN! | No |
| X | setupdata | rnll32.exe | Added by the QQPASS-AC TROJAN! | No |
| N | SetupICWDesktop | icwconn1.exe | Appears to be the "Internet Connection Wizard" from Internet Explorer being set-up as a desktop shortcut. Appears under the RunOnce registry key but is available under Start -> Programs -> Accessories -> Communication (or similar) anyway | No |
| X | setupuser | regedit.exe setupuser.log | Regfile in disguise - another CoolWebSearch parasite variant | No |
| ? | setuzp | setuzp.exe | ?? | No |
| X | SetVrc | setvrc.exe | Added by the HUNTOCX WORM! | No |
| X | Sevice | winconfig.exe | Added by the GIP.113.B1 TROJAN! | No |
| X | Sex Teris | st01b.exe | Added by the REPAD WORM! | No |
| X | Sexnow | Sexnow.exe | Added by the SENOW-B premium rate adult content dialler | No |
| X | Sexy_Blondes | Sexy_Blondes.exe | Added by the Sexy DIALER! Related also to Hot Tarts DIALER! | No |
| X | Sexy_sg | Sexy_sg.exe | Premium rate adult content dialler | No |
| X | sf | sf.exe | SurfEnhance adware component | No |
| N | SFIGUI | SFIGUI.EXE | Sonic Focus - "enhances music, movie and game sound by analyzing compressed audio streams in realtime, then restoring and enriching audio back to its original performance qualities" | No |
| X | sfita | sfita.exe | Added by the FAVADD-H TROJAN! Also known as SurfEnhance adware | No |
| X | SfKg6w | rayiou.exe | Added by the AGENT.BUO WORM! | No |
| X | SfKg6wIP | [random filename] | Identified as a variant of the TrojanDownloader.Matcash malware | No |
| X | SfKg6wIPu | [random filename] | Identified as a variant of the TrojanDownloader.Matcash malware | No |
| N | SFP | vzSFPWin.EXE | Verizon Online Support Center - prompts for online updates | No |
| U | sfpc | sfpc.exe | Spy4PC surveillance software. Uninstall this software unless you put it there yourself | No |
| X | SFtrb Service | cftrb32.exe | Added by the SOBIG.D WORM! | No |
| U | SfWinStartInfo | sfWinStartupInfo.exe | SFIRM32 Online Banking software | No |
| U | Sgecrypt | Sgecrypt.exe | SafeGuard Easy - "provides total company-wide protection for sensitive information on laptops and workstations. Boot protection, pre-boot user authentication and hard disk encryption using powerful algorithms guarantee against unauthorized access and hacker attacks" | No |
| U | Sgeecview | Ecview.exe | SafeGuard Easy - "provides total company-wide protection for sensitive information on laptops and workstations. Boot protection, pre-boot user authentication and hard disk encryption using powerful algorithms guarantee against unauthorized access and hacker attacks" | No |
| U | sginst | sginst.exe | eAcceleration Stop-Sign security software related. Previously not recommended, see here | No |
| X | SGPUpdater | sgpUpdaters.exe | Fast Browser Search/Search Guard Plus parasite - installed with "Make the Web Better" applications such as My Web Tattoo, My Face LOL and Google Easy Money Kit. See here and here for more information | No |
| ? | SGTBox | SGTBox.exe | Canon scanner driver. Is it required? | No |
| U | sgtray | sgtray.exe | StorageGuard from Veritas. Free utility that integrates with Backup MyPC (formerly Backup Exec Desktop), Simple Backup and MS Backup. Provides system tray access and background monitoring - warning you of files that haven't recently been backed up. Required unless you backup manually on a regular basis or have scheduled backups | No |
| Y | Shadow | Shadow.exe | "NTI Shadow 3 is an award-winning easy-to-use backup application that automatically protects your photo, music, video, and various data files. It makes data restoration as easy as dragging and dropping files from one place to another" | No |
| U | ShadowUser Pro Edition | ShadowUser.exe | "StorageCraft™ ShadowUser™ provides easy to use desktop security and protection for Windows operating systems. ShadowUser is the best way to prevent unwanted changes to PCs and laptops" | No |
| X | shambl3r | cnf.bat | Added by the REMABL WORM! | No |
| X | shambl3r* | shambl3r.exe | Added by the REMABL WORM! where * is 2 to 11 | No |
| X | SHAProc | SHAProc.exe | Added by the WINKO.AO WORM! | No |
| N | Share-to-Web Namespace Daemon | hpgs2wnd.exe | Share-to-Web - HP-created software and Internet-based application that enables easy uploading and sharing of photos via affiliated photo-sharing Web sites. Available via Start → Programs | No |
| N | Shareaza | Shareaza.exe | Shareaza P2P client | No |
| U | Shareaza | bindata.exe | Shareaza P2P client related | No |
| X | sharedprem | sharedprem.exe | Added by the MAKECALL TROJAN! | No |
| X | ShareSearcher | [path to trojan] | Added by the AGENT-FPE TROJAN! | No |
| X | ShareSearcher | wsusupd.exe | Added by the ENCLAG-A TROJAN! | No |
| Y | Sharing and Mapping Software | DShmap.exe | Intel AnyPoint internet sharing software. Now discontinued | No |
| N | SharkEject | AEJCT32.exe | Allows you to eject a disk from the Avatar Shark drive from the system tray. When loaded, there is a desktop icon so this isn't required | No |
| U | SharpTray | SharpTray.exe | Part of the Sharpdesk from Sharp Electronics. "A desktop-based, personal document management application that lets users browse, edit, search, compose, process, and forward both scanned and native electronic documents" | No |
| X | shccde | winssled.exe | Added by the BUZUS.CQMU TROJAN! | No |
| N | Shcenter | chcenter.exe | IMSI HiJaak - "the easiest way to convert, capture, and manage all your graphic files" | No |
| X | shdef | shdef.exe | Added by the VB-DVS TROJAN! | No |
| X | SheduIer | svchst.exe | Premium rate adult content dialler | No |
| X | SheduIer | shch.exe | Added by the BDOOR-EB BACKDOOR! | No |
| X | SheduIer | winagent.exe | Added by the BDOOR-EB BACKDOOR! | No |
| X | Shedule Connection | arpo412.exe | Added by the PPDOOR-R WORM! | No |
| X | Sheduler | nerocheck.exe | Added by the TACTSLAY.B TROJAN! | No |
| X | Shell | Shell32.exe | Added by the BADSECTOR TROJAN! | No |
| X | Shell | ray.exe | Homepage hijacker re-directing browsers to adult content websites | No |
| X | Shell | Tray.exe | Homepage hijacker re-directing browsers to adult content websites | No |
| X | Shell | wmedia16.exe | Added by the GOLDUN TROJAN! | No |
| X | Shell | Open32.exe | Added by the SMALL-DL TROJAN! | No |
| X | Shell | Explorer.exe sound_drive16.exe | Added by the GP BACKDOOR! Note - do not delete the legitimate Windows Explorer (explorer.exe) which is located in %Windir% and can be used to launch other files. The "sound_drive16.exe" file is located in %System% | No |
| X | Shell | Explorer.exe, msmsgs.exe | Added by the ZLOB TROJAN! Note - do not delete the legitimate Windows Explorer (explorer.exe) which is located in %Windir% and can be used to launch other files. This particular msmsgs.exe file is located in %System% and should not be mistaken for the MSN Messenger file of the same name which is located in %Program Files%\Messenger | No |
| X | Shell | Explorer.exe svchost.exe | Added by the DOYORG BACKDOOR! Note - do not delete the legitimate Windows Explorer (explorer.exe) which is located in %Windir% and can be used to launch other files. The legitimate svchost.exe process is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | shell | explorer.exe | Added by the KAKKEYS TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System% | No |
| X | Shell | Explorer.exe iexplore.exe | Added by the KIPIS-U WORM! Note - do not delete the legitimate Windows Explorer (explorer.exe) which is located in %Windir% and can be used to launch other files. The legitimate Internet Explorer (iexplore.exe) is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System%\Microsoft | No |
| X | Shell | ibm0000*.exe [* = digit] | Added by the TORPIG-C and TORPIG-J TROJANS! Filenames spotted include ibm00001.exe, ibm00002.exe, ibm00005.exe and so on | No |
| X | Shell | taskmrg.exe | Added by the BANCBAN-FT TROJAN! | No |
| X | Shell | Explorer.exe winupdate.exe | Added by the AGENT-FD TROJAN! Note - do not delete the legitimate Windows Explorer (explorer.exe) which is located in %Windir% and can be used to launch other files. The "winupdate.exe" file is located in %System% | No |
| X | Shell | Explorer.exe [path] ibm[RANDOM 5 DIGIT NUMBER].exe | Added by the ANSERIN TROJAN! Note - do not delete the legitimate Windows Explorer (explorer.exe) which is located in %Windir% and can be used to launch other files | No |
| X | Shell | svchost.exe | Added by the GOLDSPY-B TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | Shell | ibm00001.dll | Added by the TORPIG-Q TROJAN! | No |
| X | Shell | wmedia32.exe | Added by the AGENT-BR TROJAN! | No |
| X | Shell | Explorer.exe winsys32.exe | Added by the DELF.CP BACKDOOR! Note - do not delete the legitimate Windows Explorer (explorer.exe) which is located in %Windir% and can be used to launch other files. The "winsys32.exe" file is located in %Windir% | No |
| X | Shell | Win32.dll.exe | Added by the VB.BTX TROJAN! | No |
| X | Shell | taskmam.exe | Added by the BANCBAN-OL TROJAN! | No |
| X | Shell | explorer.exe msbnc.exe | Added by the AGENT-PL BACKDOOR! Note - do not delete the legitimate Windows Explorer (explorer.exe) which is located in %Windir% and can be used to launch other files. The "msbnc.exe" file is located in %System% | No |
| X | Shell | Explorer.exe kbdsys.exe | Added by the DAPROSY WORM! Note - do not delete the legitimate Windows Explorer (explorer.exe) which is located in %Windir% and can be used to launch other files. The "kbdsys.exe" file is located in %AppData%\Microsoft\Keyboard | No |
| X | Shell | smsc.exe | Added by the BANCBAN-OY TROJAN! | No |
| X | Shell | Explorer.exe init32m.exe | Added by the DLSW-B TROJAN! Note - do not delete the legitimate Windows Explorer (explorer.exe) which is located in %Windir% and can be used to launch other files. The "init32m.exe" file is located in %System% | No |
| X | Shell | Explorer.exe smssnt.exe | Added by the AGOBOT.EE TROJAN! Note - do not delete the legitimate Windows Explorer (explorer.exe) which is located in %Windir% and can be used to launch other files. The "smssnt.exe" file is located in %System% | No |
| X | Shell API32 | svcnet.exe | Added by the TIBICK.C WORM! | No |
| X | Shell Extension | spollsv.exe | Added by the LOVGATE.Z WORM! | No |
| X | Shell Tray Window | ShellTraywnd.exe | Added by the STULTDOR-A TROJAN! | No |
| X | shell update | shellexec.exe | Added by the RBOT-ANC WORM! | No |
| X | Shell.exe | Shell.exe | Added by the EMERLEOX.S WORM! | No |
| X | Shell32 | Shell32.vbs | Added by the SCAFENE WORM! | No |
| X | shell32 | ntldrt.exe | Added by the JLOK-A WORM! | No |
| X | Shell32 | iexplore.exe | Added by the IRCBOT-AY BACKDOOR! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System% | No |
| X | Shell32 | explorer.exe | Added by the SDBOT-NF WORM! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System% | No |
| X | ShellApi | SHELLMSN.EXE | Added by the NETDEV.B TROJAN! | No |
| X | Shellapi32 | Shellapi32.exe | Added by the NETDEVIL (or NERTE) TROJAN! | No |
| X | Shellapi32 | mcvsrte.exe | Added by an unidentified WORM! Note - do not confuse with the McAfee SecurityCenter file of the same name | No |
| X | shellbn | [random].dll | SoftStop rogue security software - not recommended | No |
| X | shellbn | shlext32.exe | Malware installed by different rogue security software including SpyKillerPro and the XP AntiVirus series | No |
| X | ShellCommand | [path to file] | Added by the REMCON-A TROJAN! | No |
| X | Shelldaemon | Shelldaemon.exe | Added by a variant of the AGENT.ALN TROJAN! | No |
| X | ShellEx | ShellEx.exe | Added by the ANAKHA TROJAN! | No |
| X | ShellN | isca.exe | Added by the IBILL.Z TROJAN! | No |
| X | ShellOS | A+++.exe | Added by the AV TROJAN! | No |
| X | ShellRun | lexplore_.exe | Added by the MSNOPT-A TROJAN! | No |
| X | ShellRun32 | iexplore.exe | Added by the IRCBOT-AY BACKDOOR! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System% | No |
| X | Shellspl | lsas.exe | Added by the YALER-A TROJAN! | No |
| X | Shellspl | spools.exe | Added by the PROXAGE-A TROJAN! | No |
| X | shellsystem | shellsystem.exe | Added by the UPCHAN TROJAN! | No |
| X | shhost | shhost.exe | Added by the AGENT.CE TROJAN! | No |
| N | shicoxp | shicoxp.exe | Installed with the drivers for multi card readers of various brands. To differentiate between the various card slots on multi slot readers the shicoxp.exe file assigns and loads unique drive icons for the various card slots that are displayed in Windows Explorer | No |
| X | Shield Security | shield.exe | Added by the RIZO.A TROJAN! | No |
| X | Shield32 Security | shield32.exe | Added by the RIZO.A TROJAN! | No |
| X | ShieldSafeness | ShieldSafeness.exe | ShieldSafeness rogue security software - not recommended, removal instructions here. A member of the WiniGuard family | No |
| X | Shine | Shine.exe | Added by the HAPPYLOW (or NISHE-A) VIRUS! | No |
| ? | SHINITV | shinitv.exe | ?? | No |
| X | Shmgrate.exe | ibot4.exe | Added by the GASTER TROJAN! | No |
| N | ShockmachineReminder | SmReminder.exe | "Shockmachine is a stand-alone application that lets users collect Macromedia Shockwave and Flash titles and play them offline". Could be a registration reminder for the trial version | No |
| X | Shockwave | csrss.exe | Added by the SNDOG WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| N | Shockwave Init | SWINIT.EXE | Part of Macromedia Shockwave. Controls the Shockwave Remote Control Panel. The Remote Control can be activated manually from the Start Menu by locating and selecting Shockwave and then Shockwave Remote under Programs | No |
| X | Shockwave Support | FlashPlayer.exe | Added by the DELF-DRA WORM! | No |
| N | ShopSafe | ShopSafe.exe | Created by Orbiscom for MNBA (now Bank of America) - ShopSafe creates a temporary card number each time you make an online purchase | No |
| N | ShortKeys 99 | SHORTKEY.EXE | ShortKeys from Insight Software Solutions - allows you to program keys with text strings | No |
| U | ShortKeys Lite | shklite.exe | ShortKeys Lite from Insight Software Solutions, Inc. A macro utility to automate a task that you perform repeatedly or on a regular basis | No |
| Y | sHotKey | sHotKey.exe | Special function key manager for Chicony keyboards - see here | No |
| X | Showbehind | SHOWBEHIND.EXE | Advertisement display which can be stopped here | No |
| X | ShowFF | ShowFF.exe | FFToolBar adware toolbar | No |
| ? | ShowIcon_Justrams_USB Product Driver v2.12r012 | shwicon.exe | Related to Just Rams USB product driver. Is it required? | No |
| U | ShowIcon_PNY_PNY Attaché | shwicon.exe | PNY Attaché USB flash memory stick System Tray icon - shows when the device is plugged in | No |
| ? | ShowIcon_SmartDisk Corporation_USB Card Reader v1.14e051 | shwicon.exe | Card reader for memory cards from digital cameras. Is it required? | No |
| U | ShowLOMControl | [strange symbol] | Note that there is a strange symbol in the command field and in logs it's shown as "O4 - HKLM\..\Run: [ShowLOMControl] [strange symbol]". Additional registry information for the entry is "Reg_DWORD 0x00000001 (1)". It means Show "LAN on Motherboard" Control. On systems where you can install an external LAN interface, it will warn you that you already have a built-in LAN interface. Appears to be a feature on certain Dell systems | No |
| X | Showme | Ruden.vbs | Added by the HANDLE-A VIRUS! | No |
| U | ShowWnd | ShowWnd.exe | Found on Gateway computers (and maybe others) - see here. "Showwnd is included with the Chicony keyboard software and is used by the software to stop the keyboard driver's taskbar entry from reappearing. It is not necessary to remove the keyboard software, however if you wish it can be removed through Add or Remove Programs" | No |
| U | SHPC32 | SHPC32.exe | Port monitor for Lexmark printers on a USB connection. Ties in with the Printer Control Program. Features like cancelling a print are unavailable if disabled | No |
| Y | ShStatEXE | SHSTAT.EXE | Part of McAfee's VirusScan Enterprise corporate anti-virus and anti-spyware security tool | No |
| U | Shutdownaware | shutdownaware.exe | Loaded by the SWEEX 6-in-1 Media Card Reader to properly manage the reader while it is connected to your system | No |
| U | ShutDownPro | ShutDownPro.exe | ShutDownPro - shutdown, reboot, logoff your System with one mouse click | No |
| X | ShutdownWithoutLjiasvt.exe | [path to trojan] | Added by the BIFROSE.F BACKDOOR! | No |
| X | shv | antit.exe | Added by the AGENT-JKU TROJAN! | No |
| N | Si Meter | SIMETER.EXE | Si Meter - keep track of things like CPU activity, network activity and speed, hard-drive activity, hard-drive space, system memory, running processes, or just date and time | No |
| X | si91e44b | rundll32.exe si91e44b.dll, EnableRunDLL32 | LZIO.com adware downloader. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "si91e44b.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| U | SIA2006 | SIA2006.exe | Part of Steganos Internet Anonym privacy software | No |
| U | SIAPRO6 | sia.exe | Steganos Internet Anonym privacy software | No |
| X | SichererAntivirus | pgs.exe | SichererAntivirus, German rogue security software - not recommended. A member of the AVSystemCare family | No |
| X | SichererSchutz | pgs.exe | SichererSchutz, German rogue security software - not recommended. A member of the AVSystemCare family | No |
| X | SicherheitsTool | SysRep.exe | SicherheitsTool, Dutch rogue system error and cleaning utility - not recommended. A member of the ErrClean family | No |
| X | Sicom | Sicom.exe | Added by the NETLIP WORM! | No |
| U | SideACT | SideACT.exe | SideACT organizer software | No |
| U | Sidebar | Sidebar.exe | Windows Sidebar is a pane on the side of the Microsoft Windows Vista desktop where you can keep your gadgets organized and always available. In Windows 7 this feature is known as Desktop Gadgets and each gadget can be placed anywhere on the desktop. If the file isn't located in %ProgramFiles%\Windows Sidebar or you're using other versions of Windows it could be part of the Searchcentrix hijacker | Yes |
| N | SIDEBAR | dsidebar.exe | "Desktop Sidebar provides you with instant access to the information you most desire by grabbing data from your PC and the internet. The result is a dynamic visual display you configure and control" | No |
| N | SideWinderTrayV4 | SWTrayV4.exe | MS SideWinder game controller system tray icon. This is specific to version 4 of the software. Available via Start -> Programs | No |
| U | SightSpeed | SightSpeed.exe | SightSpeed Video Chat - "lets you connect with all your friends and family easily. Make video calls, phone calls, and send video mails and text messages to everyone in your network, anywhere in the world" | No |
| N | SigmaTel Audio | setup.exe | Sigmatel audio driver | No |
| N | SigmaTel StacMon | stacmon.exe | Installed with the drivers for a SigmaTel C-Major Audio card (on a Dell Inspiron 600m PC for example). Appears as though it can be disabled with no ill effects | No |
| N | SigmatelSysTrayApp | stsystra.exe | System tray program for the Sigmatel Audio sound card. Often found on Dell computers | No |
| N | SigmatelSysTrayApp | sttray.exe | System tray program for the Sigmatel Audio sound card. Often found on Dell computers | No |
| U | SigX | sigx.exe | SigX is a "dynamic signature image generated based on whatever data your computer sends it though our SigX program. It can display your current Mp3, current OS, Free Ram, your current time and more" | No |
| U | SigXC | SigX.exe | SigX is a "dynamic signature image generated based on whatever data your computer sends it though our SigX program. It can display your current Mp3, current OS, Free Ram, your current time and more" | No |
| X | SilentSoftech | [worm filename] | Added by the SILLYFDC-BL WORM! | No |
| X | SilentSoftech | SilentSo.exe | Added by the AUTORUN-ANU WORM! | No |
| N | Simcast | SimcastAlerts.exe | Simcast is a free service that allows you to subscribe to information on a large variety of topics. Alerts will appear on your desktop when a channel that you have subscribed to has something to say | No |
| N | Simple Star PhotoShow Media Manager | mssysmgr.exe | Simple Star PhotoShow photo editing and organizing software, makes it easy to send and share digital photos. Bundled with software from Nero, ComCast, SnapFish, MacroMedia and others | No |
| N | Simplify Media | SimplifyMedia.exe | Simplify Media media manager - "enjoy songs from home while at work or from any WiFi location. Explore friends' music while they are online" | No |
| U | SimpLite-MSN | SimpLite-MSN.exe | Required if you use the SimpLite add-on to MSN Messenger (SimpLite adds encryption to the instant messaging service) | No |
| X | sInErA | .exe | Added by the SILLYFDC-AB WORM! | No |
| X | Singapore | singapore.exe | Adds a blue crescent to the taskbar and when double-clicked displays an adult-content web-site. Also known to drop your internet connection and dial an international telephone number. See here for more information. Must be disabled in MSCONFIG before un-installing or it re-instates itself | No |
| U | Sinus 1054 data WLAN Manager | Wifiusb.exe | Wireless management utility for the T-Com Sinus 1054 Data WLAN adapter | No |
| N | SipDiscount | SipDiscount.exe | SipDiscount - internet telephony utility using the VoIP (Voice over Internet Protocol). Call online friends for free and regular phones either for free (limited use) or low rates. One of a number provided by Betamax - the others generally have different rate plans. Similar to the more popular Skype | Yes |
| U | SIPPS | SIPPS.exe | Web.de Internet phone utility | No |
| U | SiS (R) Compatible Super VGA SiSTray application | sistray.exe | System Tray access to display settings for Silicon Integrated Systems (SiS) based graphics chipsets. Located in %System% | Yes |
| X | SiS 6326 Accelerator | sis6326m.exe | Added by the MSIC BACKDOOR! | No |
| U | SiS Compatible Super VGA Keyboard Daemon | keyhook.exe | Hotkey manager for Silicon Integrated Systems (SiS) based graphics chipsets - disable unless you use hotkeys | Yes |
| X | SiS Dns | dnssvc.exe | Added by the DLOADER-UE TROJAN! | No |
| N | SiS KHooker | khooker.exe | SiS Keyboard Daemon. System Tray utility which gets installed by the drivers of the latter day SiS VGA cards. Can cause errors at startup and isn't required | No |
| X | SiS Mpc Service | mpcsvc.exe | Added by the CIADOOR-CJ TROJAN! | No |
| U | SiS Tray | sistray.exe | System Tray icon for SiS based graphics. Located in %System% | No |
| U | SiS Windows KeyHook | keyhook.exe | Hotkey manager for Silicon Integrated Systems (SiS) based graphics chipsets - disable unless you use hotkeys | Yes |
| X | sis32 | winsos.exe | Added by the QQPASS.IA WORM! | No |
| Y | SiS7012Utility | SiSAudUt.exe | SiS Corporation sound card driver | No |
| ? | SISAM10M | SISAM10M.exe | ?? | No |
| N | SiSAudio | MP_S3.exe | WinME patch for an older SiS 961 chipset FERR bug. Enable if you have audio problems | No |
| U | siscolor | color.exe | Probably on-board graphics related based upon the SiS chipsets. Has been seen on ASUS motherboards with SiS chipsets and known to cause conflicts if you choose another graphics card and disable the on-board | No |
| U | siService.exe | siService.exe | Spam Inspector - anti email spam software | No |
| Y | SiSPower | Rundll32.exe SiSPower.dll,ModeAgent | Power scheme manager for Silicon Integrated Systems (SiS) based mobile chipsets | Yes |
| U | SiSRaid | SRaid.exe | Related to the SIS Raid system from Silicon Integrated Systems | No |
| ? | SiSSetCDfmt | SiSSetCDfmt.exe | Related to a Silicon Integrated Systems Corp (SiS) product? | No |
| ? | SISSoundman | Soundman.exe | Related to a Silicon Integrated Systems Corp (SiS) product? | No |
| U | SiSSWLED | sisswled.exe | System Tray utility for SiS 900 network cards | No |
| X | Sistem Services | syspool.exe | Added by the AGOBOT-GF WORM! | No |
| X | Sistema | wab32.exe | Added by an unidentified VIRUS, WORM or TROJAN! See here | No |
| X | Sistema de Comm | conmsyrtl.exe | Added by the AGENT-LMV TROJAN! | No |
| X | sistrai.exe | sistrai.exe | Added by the PROVA TROJAN! | No |
| X | sistray | sistray.exe | Added by the PROVA TROJAN! Located in %Windir%\command | No |
| U | sistray | sistray.exe | System Tray icon for SiS based graphics. Located in %System% | No |
| U | SiSTray | SiSTray.exe | System Tray icon for SiS based graphics. Located in %ProgramFiles%\SiS VGA Utilities | No |
| X | Sistray32 | remotehost.pif | Added by the HOLCAS.A WORM! | No |
| X | Sistray32 | win.bat | Added by the JUMPRED.A WORM! | No |
| X | Sistray32 | virus.exe | Added by the TOMETA-C TROJAN! | No |
| X | sistry | sistry.exe | Added by the CEBE WORM! | No |
| N | SiSUSBRG | SiSUSBrg.exe | SiS USB Registry Patch File - fixes the undetectable problem with SiS USB controller on Windows XP | No |
| U | SiteAdv | SiteAdv.exe | Preloads the McAfee SiteAdvisor browser plug-in for Internet Explorer and Firefox. "With SiteAdvisor software installed, your browser will look a little different than before. We add small site rating icons to your search results as well as a browser button and optional search box. Together, these alert you to potentially risky sites and help you find safer alternatives". Not required as it will load with your browser | Yes |
| U | SiteAdvisor | SiteAdv.exe | Preloads the McAfee SiteAdvisor browser plug-in for Internet Explorer and Firefox. "With SiteAdvisor software installed, your browser will look a little different than before. We add small site rating icons to your search results as well as a browser button and optional search box. Together, these alert you to potentially risky sites and help you find safer alternatives". Not required as it will load with your browser | Yes |
| U | SiteAdvisor | SiteAv.exe | Refer to the SiteAdv.exe entry. This entry only appears to originate from version 2.0.0.75 (Build 4295) of SiteAdvisor and the registry entry incorrectly points to the invalid filename "SiteAv.exe" - when it should be "SiteAdv.exe" | Yes |
| X | SiteAdware.exe | SiteAdware.exe | SiteAdware rogue security software - not recommended, removal instructions here. A member of the AntiAID family | No |
| U | SiteAv | SiteAv.exe | Refer to the SiteAdv.exe entry. This entry only appears to originate from version 2.0.0.75 (Build 4295) of SiteAdvisor and the registry entry incorrectly points to the invalid filename "SiteAv.exe" - when it should be "SiteAdv.exe" | Yes |
| X | SiteVillain | SiteVillain.exe | SiteVillain rogue security software - not recommended. A member of the AntiAID family | No |
| X | sittachasnahalbasya | ntoskernel.exe | Added by the HANSAH-A WORM! | No |
| X | sixer566 | sscc.exe | Added by an unidentified WORM or TROJAN! | No |
| X | sixtysix | sixtypopsix.exe | Medload adware | No |
| X | sjduwiwx | rnxntup.exe | Added by a variant of the ORCU.B TROJAN! | No |
| U | SK51 | SK51.EXE | SaveKeys keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| U | SK60 | SK60.EXE | SaveKeys keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| U | SK9910DM | SK9910DM.EXE | Multi-function keyboard driver. Allows the use of programmable keys on mulimedia keyboards. Required if you use the additional keys | No |
| U | SKDAEMON | SKDAEMON.EXE | Multi-function keyboard driver. Allows the use of programmable keys on mulimedia keyboards. Required if you use the additional keys | No |
| U | SkinClock | AtomicAlarmClock.exe | Atomic Alarm Clock - "Alert yourself about important events with different alarms and replace your computer tray clock using different skins. Computer Alarm clock that will play any MP3 file. It can also run a program, log off, wake up, reboot, shut down, turn off etc..." | No |
| U | skinkers | skinkers.exe | Selection of desktop messaging/marketing tools with celebrity tie-ins including MTV's "Desktop Ozzy" and Arsenal's "Desktop Wenger" - see here. Leave enabled if you want to receive messages | No |
| X | Skra | Skra.exe | Identified as a variant of the TrojanDownloader.Matcash malware | No |
| U | SKRSpyWarn | Warn.exe | SmartKeylogger keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| U | sks-32 | SKS32P~1.EXE | SpyKeySpy surveillance software. Uninstall this software unless you put it there yourself | No |
| U | sks-32 | sks32proc.exe | SpyKeySpy surveillance software. Uninstall this software unless you put it there yourself | No |
| X | Skunk | Skunk.exe | Added by the SUNK-A WORM! Note - this file is found in the root folder (i.e., C:\) | No |
| Y | SkyBlaster Scheduler | SSFSch.exe | For Gilat Communications internet satellite systems - associated with SkyBlaster modem. Required if you have this system | No |
| X | skynetave.exe | skynetave.exe | Added by the SASSER.D WORM! | No |
| X | SkynetRevenge | winlogon.scr | Added by the NETSKY.AA WORM! | No |
| N | Skype | Skype.exe | Skype is "free calls, video calls and instant messaging over the internet. Plus great value calls to phones anywhere in the world" | Yes |
| X | Skype Startup | skyp.exe | Added by the VANBOT-C WORM! | No |
| N | SkypeMate | SkypeMate.exe | SkypeMate acts as a bridge between networks of VoIP and PSTN | No |
| X | SkypeStartup | Skype.exe | Added by the PYKSE-A WORM! | No |
| Y | SkySurfer Management Service | SmaServ.exe | For Gilat Communications internet satellite systems - associated with SkyBlaster modem. Required if you have this system | No |
| U | Skytel | Skytel.exe | Realtek Voice Manager, installed with the drivers for on-board Realtek HD audio codecs. On an ALC885 based test system it doesn't run after the drivers have been installed and the startup entry is then removed. Disabling it appears to have no ill effects but it's exact purpose is unknown - hence the "U" recommendation | Yes |
| X | sl4 rules | rbot32.exe | Added by the SDBOT-QC WORM! | No |
| X | slack12 | mfcee.exe | Added by a variant of the SDBOT WORM! | No |
| X | Slayhacker734 | slay7383.exe | Added by the SIKBOT-A TROJAN! | No |
| N | SleepManager | SleepMgr.exe | This program locates free contiguous disk spaces and allocates them for storing BASE MEMORY, EXTENDED MEMORY, VIDEO MEMORY, and SM RAM. It helps the computer come out of hibernate mode | No |
| U | Slibe.com | Sliber.EXE | Sliber - freeware screen capturing & online sharing tool | No |
| U | SlickRun | sr.exe | "SlickRun is a floating command line utility for Windows. It gives you almost instant access to any program or website. SlickRun allows you to create command aliases (known as MagicWords), so C:\Program Files\Outlook Express\msimn.exe becomes MAIL" | No |
| X | slide | Iexplore.exe | Added by the GASLIDE TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! | No |
| N | slimp3 | SliMP3 Server.exe | Slimp3 Server - "presents an entirely new way of accessing and enjoying your music collection. Instead of storing your music on CDs or memory cards, the SliMP3 uses your home network to access the music stored on your PC" | No |
| N | Slingshot | SLINGS~1.EXE | Atomica Slingshot - "reference tool with access to dictionary and encyclopedia terms, bios, technical terms, history, geography, and much more". Now superseed by 1-Click Answers | No |
| Y | slipcore | slipcore.exe | Core module for Slipstream - internet acceleration through compression/decompression techniques, intelligent cacheing on the server side, and real-time conversion of large/high-bandwidth images to less bulky pix. Used by popular ISPs such as IceNet, Wanadoo, Terra, OnSpeed, United Online and AOL Canada. Required if the user's account is locked in to that proxy server | No |
| Y | slipgui | slipgui.exe | User interface for Slipstream - internet acceleration through compression/decompression techniques, intelligent cacheing on the server side, and real-time conversion of large/high-bandwidth images to less bulky pix. Used by popular ISPs such as IceNet, Wanadoo, Terra, OnSpeed, United Online and AOL Canada. Required if the user's account is locked in to that proxy server | No |
| Y | SlipStream | slipcore.exe | Core module for Slipstream - internet acceleration through compression/decompression techniques, intelligent cacheing on the server side, and real-time conversion of large/high-bandwidth images to less bulky pix. Used by popular ISPs such as IceNet, Wanadoo, Terra, OnSpeed, United Online and AOL Canada. Required if the user's account is locked in to that proxy server | No |
| X | slmss | slmss.exe | SeekSeek search hijacker related - see here | No |
| X | sload | sload.exe | Win SynchroAd adware, also detected as DLOADER-QG TROJAN! | No |
| X | sload | sload32.exe | Added by the SDBOT-OY WORM! | No |
| X | slvchost32 | slvchost32.exe | Added by an unidentified VIRUS, WORM or TROJAN! | No |
| X | sm | sa_exe.exe | Added by the OLFEB.A TROJAN! | No |
| X | sm | sf_exe.exe | Added by the OLFEB.A TROJAN! | No |
| X | sm | sm_exe.exe | Added by the OLFEB.A TROJAN! | No |
| X | sm | sr_exe.exe | Added by the LUKUSPAM TROJAN! | No |
| X | SM | iro.bat | Added by the IROFFER.CT TROJAN! | No |
| N | SM1BG | SM1BG.EXE | USB driver for downloading from within Napster and iTunes to portable MP3 players. Only required at startup if you use it all the time - otherwise start it manually when required | No |
| N | SM1NINT | SM1NINT.exe | Cypress USB Mass Storage Driver Notification Icon Application - tray notification for Cypress base memory sticks and external storage devices for Win98 | No |
| N | SM56 Helper Win32 Utility | sm56hlpr.exe | Helper utility for Motorola based SM56 software modems - resides in the System Tray | No |
| N | Sm56acl | sm56hlpr.exe | Helper utility for Motorola based SM56 software modems - resides in the System Tray | No |
| U | sma | sma.exe | SmartKeylogger keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| X | SmallAndSecure | mssecure.exe | Added by the RBOT.CU WORM! | No |
| X | sman | app***.tmp [* = digit] | Unidentified adware | No |
| X | SManager | smanager.*.exe [* = digit] | Added by the AGENT.BJO TROJAN! | No |
| X | SManager | smanager.7.exe | Added by the DWNLDR-GVG TROJAN! | No |
| X | SmansaApp | winlogon.exe | Added by the ROMARIO-A WORM! Note - this is not the legitimate winlogon.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| N | Smapp | Smtray.exe | System Tray icon for Analog Devices SoundMax integrated soundcards. Sound properties can be accessed through the Start Menu or Control Panel | Yes |
| X | Smart Antivirus-2009.exe | Smart Antivirus-2009.exe | Smart Antivirus 2009 rogue security software - not recommended, removal instructions here | No |
| N | Smart Card Service | ScardSvr.exe | For Smart Card readers. Known to cause problems, especially for Windows 2000 users - see here. Probably not required unless you use such a device regularly | No |
| U | Smart Connect Monitor | SCMon.exe | Appears on a Sony Vaio. Smart Connect Version 2.1 enables data transfer between Vaios via i.LINK cable. Smart Connect supports File and Printer Sharing for MS networks. You can copy files from your Vaio to another Vaio or print using a printer connected to a remote Vaio | No |
| U | Smart Connect Setup | SCSetup.exe | Appears on a Sony Vaio. Smart Connect Version 2.1 enables data transfer between Vaios via i.LINK cable. Smart Connect supports File and Printer Sharing for MS networks. You can copy files from your Vaio to another Vaio or print using a printer connected to a remote Vaio | No |
| X | Smart Defender PRO | smrtdefp.exe | Smart Defender PRO rogue security software - not recommended, removal instructions here | No |
| U | Smart Keyboard | Smartkbd.exe | Netropa Smart Keyboard driver | No |
| N | Smart Label O Server | ssloserv.exe | Part of the printer software for the smart-label printer made by Seiko. Can be disabled safely | No |
| N | Smart Label RFViewer | SSLFVIEW.EXE | Part of the printer software for the smart-label printer made by Seiko. Can be disabled safely | No |
| U | Smart Protector Pro | SmartProtector-Pro.exe | Smart Protector Pro internet eraser from SmartSoft - "keeps out prying eyes and protects your private data on all Windows systems" | Yes |
| N | Smart Start UP | PnPDetect.exe | Part of Presto! Mr.Photo - "an ideal program for creating, sharing, and manag-ing digital images and videos" | No |
| U | Smart Touch | STouch.exe | Related to Plustek OpticSlim scanner | No |
| N | Smart Type Assistant | sta.exe | Smart Type Assistant - a complex typing automation tool, intended to make your work faster and safer | No |
| X | Smart Virus Eliminator | SM[random characters].exe | Smart Virus Eliminator rogue security software - not recommended, removal instructions here | No |
| U | Smartalec | pcaccel.exe | Smartalec PC Accelerator - system optimization utility | No |
| U | SmartAudio | SmartAudio.exe | Conexant SmartAudio PC audio chipset software - typically available on HP notebooks with built-in microphones | No |
| N | SmartBarXP | SmartBarXP.exe | SmartBarXP is a bar that runs down the side of your screen, and can be configured to display interactive panels known as 'panes'. These panes include media players, slideshow and image viewing panes, a virtual desktop manager, and live news, weather and stock feeds to mention but a few | No |
| N | sMaRTcaPs | SMARTC~1.EXE | sMaRTcaPs from Phoebus LLC - enables you to configure the time needed to depress Caps Lock, Num Lock & Insert keys | No |
| N | SmartDefrag | IObit SmartDefrag.exe | "IObit SmartDefrag helps defragment your hard drive more efficiently than any other product on the market - free or not" | No |
| U | Smarthruengine | QS.exe | Samsung smarthru software, used with Lexmark Z82 or Samsung multifunction printers | No |
| U | SmartPCXL | pcaccel.exe | Smartalec PC Accelerator - system optimization utility | No |
| X | smartprotector | smartprotector.exe | Smart Protector rogue security software - not recommended, removal instructions here | No |
| U | SmartProtector-Pro | SmartProtector-Pro.exe | Smart Protector Pro internet eraser from SmartSoft - "keeps out prying eyes and protects your private data on all Windows systems" | Yes |
| U | SmartRAM | MemCleaner.exe | Memory Cleaner - monitors your system in the background and frees up memory when ever need to increase the performance of your computer. Part of IOBit Advanced Windows Care Personal/Professional | No |
| U | SmartRAM | Sup_SmartRAM.exe | Memory management part of the Advanced SystemCare system utility from IObit | No |
| U | SmartSync Pro | SmartSync.exe | Related to CompanionLink Software Inc. Synchronization solutions for ACT!, GoldMine, Lotus Notes and Microsoft Outlook | No |
| ? | SmAudio | SmAudio.exe | Audio driver for Conexant SmartAudio HD integrated soundcards. System Tray access to the control panel? | No |
| N | Smax4 | Smax4.exe | System Tray icon for Analog Devices SoundMax integrated soundcards. Sound properties can be accessed through the Start Menu or Control Panel | Yes |
| U | SMax4PNP | SMax4PNP.exe | Analog Devices SoundMax integrated soundcard utility. Brings up the SoundMAX Control Panel when it detects if new audio devices (such as microphones, headphones, speakers, etc.) are plugged in - giving the user the option to configure them. Also required if you have custom settings for your sound, such as effects and environments | Yes |
| U | SMax4PNP Application | SMax4PNP.exe | Analog Devices SoundMax integrated soundcard utility. Brings up the SoundMAX Control Panel when it detects if new audio devices (such as microphones, headphones, speakers, etc.) are plugged in - giving the user the option to configure them. Also required if you have custom settings for your sound, such as effects and environments | Yes |
| ? | smbdpmi | smbdpmi.exe | IBM Netfinity Director and Universal Management Services related. What does it do and is it required? | No |
| Y | smc | smc.exe | Sygate Firewall | No |
| Y | smc | spfsmc.exe | Sygate Firewall | No |
| X | smc | smc.exe | Added by the EBOD TROJAN! Note that this should not be confused with the now discontinued Sygate Firewall which shares the same filename. This file is located in %System% | No |
| Y | SMC Service | smc.exe | Sygate Firewall | No |
| Y | SMC Service | spfsmc.exe | Sygate Firewall | No |
| X | smcserv | winsrv.exe | Added by the AGOBOT-OU WORM! | No |
| Y | SmcService | smc.exe | Sygate Firewall | No |
| Y | SmcServices | smc.exe | Sygate Firewall | No |
| Y | SmcServices | spfsmc.exe | Sygate Firewall | No |
| X | smcss | smcss.exe | Added by the SCLOG-AJ TROJAN! | No |
| ? | Smcsta.exe | Smcsta.exe | SMC Networks wireless PCI card driver. Is it required? | No |
| X | SmcSVR | SmcSVR.exe | Added by the LEGMIR.JU TROJAN! | No |
| X | smgr | mgrs.exe | Covert Sys Exec malware variant | No |
| X | smgr | smgr.exe | Added by an unidentified WORM or TROJAN! | No |
| X | smile | wcs.exe | Added by the ZLOB.MEDIA-CODEC TROJAN! This purports to be a Windows Media Player upgrade (with names such as "iCodecPack", "X Password Manager" and "Media-Codec") to allow the user to view adult oriented videos on certain websites - but actually downloads and installs additional malware on the user's machine. Various directories and filenames are used - see the link for details | No |
| N | SmileboxTray | SmileboxTray.exe | System Tray access to Smilebox photo sharing/printing service | No |
| X | Smiley District | plugin.exe | Smiley District adware | No |
| X | SmileyApp | stbapp.exe | DoubleD adware | No |
| N | Smileycons | smileycons.exe | Smileycons - free smileys, emoticons and animations package | No |
| N | Smith Micro try | smiptray.exe | Smith Micro shared files. Comes with D-Link web cam | No |
| U | smodul | smodule.exe | UserMonitor from Neuber. Teachers can broadcast screen to other screens, see students screens in a network and detect unauthorized software | No |
| N | SmoothView | SmoothView.exe | TOSHIBA Zooming Utility - allows "automatic" zoom feature in some appications, like IE, MS-Office, WMPlayer, Adobe Reader and also desktop icons | No |
| U | SMPAutoStart | smpdemo.exe | Smart Phone Recorder demo from KenGolf.com. Answering Machine, Caller ID, Call Recording | No |
| U | SmpcSys | SmpSys.exe | "Set Up My PC" utility supplied with some Packard Bell computers | No |
| U | smr | cvshost.exe | Silent Monitoring surveillance software. Uninstall this software unless you put it there yourself | No |
| X | smres | smres.exe | Added by the AGOBOT-UA WORM! | No |
| X | smrss | smrss.exe | Added by the BANPAES-B TROJAN! | No |
| X | smrtdrv | runtime.exe | Added by the AGOBOT.MT WORM! | No |
| X | smrtprt | smrtprt.exe | Smart Protector rogue security software - not recommended, removal instructions here | No |
| X | SMS | iro.bat | Added by the IROFFER.CT TROJAN! | No |
| U | SMS Application Launcher | LAUNCH32.EXE | Microsoft Systems Management Server - used to manage computers on a network remotely | No |
| U | SMS Client Service | clisvc95.exe | When the SMS Client service starts on a domain controller, the Client service modifies the SMSCliToknAcct & user account group membership, user rights, and account comment. The Client service then waits for the synchronization of the comment to verify that the account and user rights are properly set for this account. This account is used to obtain a token to start the SMS Client processes, such as the Software Inventory and Software Distribution agents (MS Systems Management Server) | No |
| X | Sms System32 | SmsSystem32.exe | Unidentified malware | No |
| U | SMS Win9x Message Agent | SMSMsg.exe | This program assigns a user to a Systems Management Server site | No |
| N | SmsDiscount | SmsDiscount.exe | SmsDiscount - free internet telephony utility using the VoIP (Voice over Internet Protocol). Call online friends for free and regular phones either for free (limited use) or low rates. One of a number provided by Betamax - the others generally have different rate plans. Similar to the more popular Skype | Yes |
| N | Smserial | sm56hlpr.exe | Helper utility for Motorola based SM56 software modems - resides in the System Tray | No |
| X | SMSERIALSTARTER | win32st.exe | Added by the FAKEALERT-AH TROJAN! Installed with the SpyBurner spyware remover - which is not recommended, see here | No |
| X | SMSERIALWORKERSTART | shellexcon.exe | Added by the FAKEALERT-AH TROJAN! Installed with the SpyBurner spyware remover - which is not recommended, see here | No |
| X | SMSERIALWORKERSTARTER | winstrse.exe | Added by the RENOS.IC TROJAN! Installed with the SpyBurner spyware remover - which is not recommended, see here | No |
| X | SMSERIALWORKSTARTER | comsysobj.exe | Added by the FAKEALERT-AH TROJAN! Installed with the SpyBurner spyware remover - which is not recommended, see here | No |
| X | smsger | Win.exe | Added by a variant of the SDBOT WORM! | No |
| N | SMSI Loader | SMLoader.exe | Smith Micro HotFax - fax software | No |
| X | smsm | smsm.exe | Added by the BANKER-CO TROJAN! | No |
| X | smsrv | smsrv.exe | Added by the AGOBOT-SX WORM! | No |
| X | SMSS | smss.exe | Added by the FLOOD.F BACKDOOR! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "Catroot" subfolder | No |
| X | smss | [path to smss.exe] | Added by the ALADINZ.F TROJAN! Note - this is not the legitimate smss.exe process which should NOT appear in Msconfig/Startup! | No |
| X | smss | smss.exe | Added by the AGENT-TR TROJAN! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | smss | smss.exe | Added by the BOROBOT-J TROJAN and variants! Note - this is not the legitimate smss.exe process which should not normally figure in Msconfig/Startup! | No |
| X | Smss | ssms.exe | Added by the RBOT.OP WORM! | No |
| X | Smss Host | smhost.exe | Added by the IRCBOT-ACC TROJAN! | No |
| X | smss.exe | csrss.exe | Added by the DALBUG WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | Smss.exe driver | winupd32.exe | Added by the SDBOT.MI BACKDOOR! | No |
| X | smssLevel4 | smss.exe | Unidentified malware! ! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %ProgramFiles%\Windows Media Player\Skins\WindowsMediaSkin\Data\Level4 | No |
| X | SMSSS | smsss.exe | Added by the SDBOT.ZD WORM! | No |
| X | SMSSS Loader | smsss.exe | Added by the AGOBOT.MQ WORM! | No |
| X | SMSSU | SMSSU.EXE | Added by the STARTPAGE.O TROJAN! | No |
| U | SMSTray | SMSTray.exe | System tray access to Samsung Media Studio | No |
| X | SMSvc32 | smsvc32.exe | Added by the AGOBOT-OL WORM! | No |
| X | smsys | Explorer.exe | Added by the CLICKER-C BACKDOOR! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in a "Template" subfolder | No |
| X | smsys | vi.exe | Adult content dialler | No |
| U | SMSystemAnalyzer | SMSystemAnalyzer.exe | Part of the Iolo System Mechanic optimization tool | No |
| X | sms_msn | sms_msn.exe | Added by an unknown WORM or TROJAN! | No |
| X | sms_msn40 | sms_msn40.exe | Added by an unknown WORM or TROJAN infection | No |
| U | Smt | SMT.exe | Win-Spy keyboard logger/monitoring software - remove unless you installed it yourself | No |
| N | SMToolbar | SMToolbar.exe | StartMake.com toolbar | No |
| X | SMTP32 Mailing Protocol | smtp32.exe | Added by a variant of the RBOT WORM! | No |
| N | SMTray | Smtray.exe | System Tray icon for Analog Devices SoundMax integrated soundcards. Sound properties can be accessed through the Start Menu or Control Panel | Yes |
| ? | SmWizard | SmWizard.exe | SmartWizard MFC Application - associated with C-Media who produce audio chipsets commonly used for on-board sound on motherboards. What does it do and is it required? | No |
| X | SM[random] | [random].exe | Malware Protector 2008 rogue security software - not recommended, removal instructions here | No |
| X | SM_IAN | ian_monitor.exe | AdvancedCleaner rogue security software - not recommended | No |
| X | SN Messenger | msnmsgr.exe | Added by the RBOT-AVP WORM! Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %System% | No |
| U | SnagIt 8 | SnagIt32.exe | "SnagIt lets you capture, edit, and share exactly what you see on your screen - fast" | No |
| U | Snapfish Media Detector | SnapfishMediaDetector.exe | Snapfish Media Detector - "Upload your photos to Snapfish, where you can store and share your photos for free on line" | No |
| U | SnapfishMediaDetector | SnapfishMediaDetector.exe | Snapfish Media Detector - "Upload your photos to Snapfish, where you can store and share your photos for free on line" | No |
| X | snapple | snapple.exe | Added by the FORBOT-EG WORM! | No |
| N | Snappy Fax | sf4.exe | Snappy Fax desktop fax program with an extensive set of features - version 4 | No |
| ? | Snappy Fax Printer Agent | sfpagent.exe | Related to the Snappy Fax desktop fax program. What does it do and is it required? | No |
| ? | Snappy Fax Printer virtual printer agent | sfpagent.exe | Related to the Snappy Fax desktop fax program. What does it do and is it required? | No |
| ? | snbr | snbr.exe | ?? | No |
| X | snbupt | snbupt.exe | UpSpiralBar adware | No |
| X | sncntr | sncntr.exe | Added by the DLUCA-I TROJAN! | No |
| ? | SNCT511 | vsnct511.exe | Unidentified "Snapshot Viewer"- what does it do and is it required? | No |
| X | SND Volumes | sndvolumes.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | snd332 | snd332.exe | Added by the B1LD0 AIM WORM! | No |
| X | Sndcompat | Sndcompat.exe | Added by the GEMA TROJAN! | No |
| U | sndmi13 | vsndmi13.exe | Driver for DualCam cameras - that combine the best features of a digital still camera and a webcam | No |
| U | SNDMon | SNDMon.exe | Part of Symantec's LiveUpate (eg, Norton). Not required if you run manual updates but probably required if you leave them to run automatically. Also, if one runs a small office network and SNDMon is disabled on one of the computers then other computers disappear from the network for this computer, including shared devices like printers and scanners. Hence the "U" recommendation | No |
| X | Sndsaver | Sndsaver.exe | Added by the GEMA TROJAN! | No |
| ? | sndsrvc | SNDSRVC.EXE | Part of Norton Personal Firewall and Norton Internet Security - what does it do and is it required? | No |
| X | SNInstall | [various filenames] | Spy Sheriff/SpywareNO malware, also detected as the SPYHOAX-A TROJAN, pretends to be a spyware remover! - file names spotted sofar include VXH8JKDQ2.EXE, NS6281400.so, CVXH8JKDQ2.EXE, down3.exe, sefe.exe, winstall.exe, and tool2.exe | No |
| U | Snippet | SnippingTool.exe | The Snipping Tool (part of the Experience Pack for Tablet PC) allows you to easily "cut out" anything on screen and share it with other people. The whole screen becomes an "inkable" surface that you can add comments to and mark up however you like. You can then save that annotated image to use later, or send it to someone else in an E-mail message | No |
| U | SNM | SNM.exe | SpyNoMore spyware remover - previously not recommended, see here | No |
| U | SnoopFreeUI | SnoopFreeUI.exe | Anti-keylogging software made by SnoopFree Software | No |
| X | SNP Generic Host Process | svchost.exe | Added by the ZAPCHAS-O TROJAN! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup! | No |
| N | snp2std | vsnp2std.exe | Digital camera related | No |
| ? | snp2uvc | vsnp2uvc.exe | Related to a CameraMonitor Application from Sonix. What does it do and is it required? | No |
| ? | snpstd | vsnpstd.exe | Sonix PC Camera Monitor MFC Application. What does it do and is it required? | No |
| ? | SNPSTD2 | vsnpstd2.exe | CameraMonitor MFC Application. Appears to be related to a USB connection to a digital camera -is it required? | No |
| Y | snpstd3 | vsnpstd3.exe | Sonix Inc. Camera Monitor MFC Application | No |
| N | Snsicon | Snsicon.exe | Launches a screensaver program from Second Nature | No |
| X | SNSS.EXE | SNSS.EXE | Nunci premium rate dialer | No |
| X | snvc | snvc.exe | Added by an unidentified WORM or TROJAN! | No |
| ? | SO5 Integrator Pass One | sointgr.exe | StarOffice 5. See here for more details | No |
| ? | SO5 Integrator Pass Two | sointgr.exe | StarOffice 5. See here for more details | No |
| X | Soar | Rwon.exe | PurityScan adware | No |
| X | Social Security Agency | rpcxsocsa.exe | Added by a variant of the RBOT WORM! | No |
| X | Sock32 | sock32.exe | Added by the SDBOT TROJAN! | No |
| X | Socket Utility | svchostz.exe | Added by the DAEMONI-E TROJAN! | No |
| X | Socket Utility | socket.exe | Added by the DAEMONI-E TROJAN! | No |
| Y | SoDA Startup | SodaStartup.exe | Used by the IBM Rational SoDA project management tool. Unsure of it's actual purpose but it's recommended you leave it enabled if you use the software | No |
| N | soffice | SOFFICE.EXE | Displays StarOffice quick start applet in System tray. Right clicking on the icon allows rapid starting up of components of the StarOffice 6.0 suite. Available via Start -> Programs. Automatically started when any StarOffice 6.0 component is started from the Start -> Programs. A resource hog (it eats > 16 MB of memory). | No |
| X | Soft Profile Inc | hxdef.exe... | Added by the LOVGATE.AO WORM! | No |
| X | Soft Profile Inc | hxdef.exe | Added by the LOVGATE.E WORM! | No |
| X | soft2 | ********.exe [* = random digit] | Added by the KARDPHISHER TROJAN! | No |
| U | Softany Monitor Control | MonitorControl.exe | Softany Monitor Control - "control your computer's monitor and screensaver" | No |
| X | SoftBarrier | SoftBarrier.exe | SoftBarrier rogue security software - not recommended, removal instructions here. A member of the WiniGuard family | No |
| X | SoftCop | SoftCop.exe | SoftCop rogue security software - not recommended, removal instructions here. A member of the WiniGuard family | No |
| U | SoftGridTray | SFTTray.exe | System Tray access to SoftGrid from Microsoft - "the only virtualization solution that delivers applications that are never installed and dynamically delivered, on demand" | No |
| X | softIce Update 32 | wininits.exe | Added by the RBOT-ANB WORM! | No |
| U | SoftickPPP | PPPGate.exe | Softick PPP is a Microsoft Windows driver that allows to establish PPP session between Palm powered devices and Microsoft Windows desktop computer | No |
| Y | SOFTinst | N/A | For Gilat Communications internet satellite systems. Gilat rescue (Satellite system restore). Required if you have this system. Can cause a BSOD (blue screen of death) if left out | No |
| X | SoftSafeness | SoftSafeness.exe | SoftSafeness rogue security software - not recommended, removal instructions here. A member of the WiniGuard family | No |
| X | SoftSoldier | SoftSoldier.exe | SoftSoldier rogue security software - not recommended, removal instructions here. A member of the WiniGuard family | No |
| X | SoftStronghold | SoftStronghold.exe | SoftStronghold rogue security software - not recommended, removal instructions here. A member of the WiniGuard family | No |
| U | SoftStuff Wallpaper Changer | softstrt.exe | AzureBay wallpaper changer | No |
| X | SoftVeteran | SoftVeteran.exe | SoftVeteran rogue security software - not recommended, removal instructions here. A member of the WiniGuard family | No |
| X | Software | software.exe | Added by the CRABTON-B TROJAN! | No |
| X | software | spools.exe | Added by the AUTORUN-CS WORM! | No |
| X | Software | cipsn.exe | Added by the FORBOT-DM WORM! | No |
| N | Software Manager | ISUSPM.exe | InstallShield Update Service Scheduler. Automatically searches for and performs any updates to the software so you're always working with the most current version | No |
| N | Software Manager | issch.exe | InstallShield Update Service Scheduler. Automatically searches for and performs any updates to the software so you're always working with the most current version | No |
| X | Software Soft Stop | Spyware Soft Stop.exe | SoftStop rogue security software - not recommended | No |
| U | SoftwareStation | station.exe | eAcceleration Stop-Sign security software related. Previously not recommended, see here | No |
| N | SolidCapture | solidcapture.exe | SolidCapture - screen capture and image sharing toolkit | No |
| U | SolidWorks Task Scheduler Engine | swBOEngine.exe | Task scheduler for SolidWorks 3D CAD software | No |
| Y | Solo Sentry | Solosent.exe | Solo Antivirus | No |
| U | SoloSchedule | Solocfg.exe | Scheduler for Solo Antivirus. Leave enabled unless you scan manually on a regular basis | No |
| U | SoloSysCheck | Syscheck.exe | Solo antivirus System Integrity Check - Monitors system registry, system.ini, win.ini and startup to protect you from new Internet Worms and Backdoors | No |
| X | SolutionReg | SysRep.exe | SolutionReg rogue system error and cleaning utility - not recommended. A member of the ErrClean family | No |
| X | somatic | somatic.exe | Searchcentrix hijacker | No |
| X | some | icthis.exe | Added by the ZLOB.MEDIA-CODEC TROJAN! This purports to be a Windows Media Player upgrade (with names such as "iCodecPack", "X Password Manager" and "Media-Codec") to allow the user to view adult oriented videos on certain websites - but actually downloads and installs additional malware on the user's machine. Various directories and filenames are used - see the link for details | No |
| X | some | scit.exe | Added by the ZLOB.MEDIA-CODEC TROJAN! This purports to be a Windows Media Player upgrade (with names such as "iCodecPack", "X Password Manager" and "Media-Codec") to allow the user to view adult oriented videos on certain websites - but actually downloads and installs additional malware on the user's machine. Various directories and filenames are used - see the link for details. This particular one is "NetProject" | No |
| X | some | wcs.exe | Added by the ZLOB.MEDIA-CODEC TROJAN! This purports to be a Windows Media Player upgrade (with names such as "iCodecPack", "X Password Manager" and "Media-Codec") to allow the user to view adult oriented videos on certain websites - but actually downloads and installs additional malware on the user's machine. Various directories and filenames are used - see the link for details | No |
| X | SondBlaster | lsass.exe | Added by the PROSTI.AA BACKDOOR! Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\Media | No |
| N | Sonic A3D Control | vrtxctrl.exe | Sound related options | No |
| X | Sonic RecordNow! | smsc.exe | Added by a variant of the SDBOT WORM! | No |
| N | SonicFocus | SFIGUI.EXE | Sonic Focus - "enhances music, movie and game sound by analyzing compressed audio streams in realtime, then restoring and enriching audio back to its original performance qualities" | No |
| N | SoniqueQuickStart | sqstart.exe | Quickstart for the discontinued Sonique audio player. Available via Start -> Programs | No |
| N | SonnReg | SonnReg.exe | Registration for Colorific® and 3Deep® monitor calibration sofware from E-Color. Now superseded by ColorWizzard™ and 3DxWizzard™ | No |
| X | SonudMan | SonudMan.exe | Added by the STARTPAGE.Q TROJAN! | No |
| X | SonudMan | WNILOGON.exe | Added by the QQROB-DC TROJAN! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup! | No |
| X | SonudMon | SonudMon.exe | Added by the LEWOR-J TROJAN! | No |
| N | Sony Ericsson PC Suite | Application Launcher.exe | System Tray accesss to Sony Ericsson PC Suite which "connects your phone to your computer and expands the capabilities of your phone". Start manually via the Start Menu (or optional desktop shortcut) before connecting the phone | Yes |
| N | Sony Ericsson PC Suite | SEPCSuite.exe | System Tray accesss to Sony Ericsson PC Suite which "connects your phone to your computer and expands the capabilities of your phone". Start manually via the Start Menu (or optional desktop shortcut) before connecting the phone | Yes |
| U | SonyPowerCfg | SPMgr.exe | Related to Sony VAIO Power Management Module installed on laptops and provides additional configuration options for these devices | No |
| ? | Soot | rcea.exe | ?? | No |
| ? | sophagnt | sophagnt.exe | Possibly related to Sophocles Screenwriting Software? | No |
| X | SOProc_RegSoAlertWxLiteNnAj | rundll32 shell32.dll, ShellExec_RunDLL [path] soproc.exe | SoftwareOnline Intelligent Downloader - "Bundle engine to enable download of end user approved third party applications and reporting of installs for billing purposes only". Said to monitor user's browsing habits and display pop-up ads | No |
| X | SOS | SOS.exe | Added by the PHILIS VIRUS! | No |
| ? | SoSyncMonitor | SoSyncMonitor.exe | SuperOffice related. What does it do and is it required? | No |
| X | Sound | [path to trojan] | Added by the DROPPER.EAT TROJAN! | No |
| X | Sound Loader | sndloader.exe | Added by the AGOBOT-BV WORM! | No |
| X | Sound services | SOUND32.EXE | Added by the AGOBOT.GG WORM! | No |
| X | Sound System | WinSound1.exe | Added by an unidentified VIRUS, WORM or TROJAN! | No |
| X | Sound Volume | svchosI.exe | Added by a variant of the IRCBOT TROJAN! See here | No |
| X | soundcontrl | soundcontrl.exe | Added by the GAOBOT.AFJ WORM! | No |
| X | sounddrv | sndbdrv3104.exe | CoolWebSearch parasite variant | No |
| ? | SoundFusion | rundll32 cwcprops.cpl | Control panel item for the Terratec DMX Xfire 1024 soundcard (Start -> Settings -> Control Panel) based upon a Cirrus Logic "SoundFusion" DSP. Does it need to run at start-up every time? | No |
| ? | SoundFusion | rundll32 hercplgs.cpl, BootEntryPoint | Control panel item for Hercules Fortissimo soundcards (Start -> Settings -> Control Panel) based upon a Cirrus Logic "SoundFusion" DSP. Does it need to run at start-up every time? | No |
| ? | SoundFusion | RunDll32 cwaprops.cpl, C25CrystalControlWnd | Control panel item for a Terratec soundcard (Start -> Settings -> Control Panel) based upon a Cirrus Logic "SoundFusion" DSP. Does it need to run at start-up every time? | No |
| X | SoundMam | SVOHOST.exe | Added by the QQROB-AAL TROJAN! | No |
| U | SoundMan | SOUNDMAN.EXE | Realtek Sound Manager, installed with the drivers for on-board Realtek HD and AC97 audio codecs. On an AC97 based system it gives System Tray access to the audio control panel (which is also available via the system Control Panel). On an ALC885 HD based test system it doesn't run after the drivers have been installed and the startup entry is then removed - disabling it appears to have no ill effects but it's exact purpose is unknown | Yes |
| X | SoundMan | soundman.exe | Added by the AGOBOT.HM WORM! Note - this is not the legitimate SiS or Realtek file of the same name that is located in the Windows or WINNT directory | No |
| X | SOUNDMAN Microsoft Help | soun.pif | Added by the RBOT-AIU WORM! | No |
| N | SoundMAX | Smax4.exe | System Tray icon for Analog Devices SoundMax integrated soundcards. Sound properties can be accessed through the Start Menu or Control Panel | Yes |
| X | SoundMAX | SoundMAX.exe | Added by the RIZON-A WORM! Note - this file is placed in the Startup folder itself, and has NO relation to SoundMax sound cards! | No |
| N | SoundMAX | soundmax.exe | System Tray icon for Analog Devices SoundMax integrated soundcards. Sound properties can be accessed through the Start Menu or Control Panel | No |
| X | SoundMax Audio Drivers | SndMAX.exe | Added by a variant of the SDBOT WORM! | No |
| N | SoundMAX Control Panel | Smax4.exe | System Tray icon for Analog Devices SoundMax integrated soundcards. Sound properties can be accessed through the Start Menu or Control Panel | Yes |
| N | SoundMAX Integrated Digital Audio | Smtray.exe | System Tray icon for Analog Devices SoundMax integrated soundcards. Sound properties can be accessed through the Start Menu or Control Panel | Yes |
| U | SoundMAXPnP | SMax4PNP.exe | Analog Devices SoundMax integrated soundcard utility. Brings up the SoundMAX Control Panel when it detects if new audio devices (such as microphones, headphones, speakers, etc.) are plugged in - giving the user the option to configure them. Also required if you have custom settings for your sound, such as effects and environments | Yes |
| X | soundmix | soundmix.exe | Added by the AGENT.PGV WORM! | No |
| X | SoundMixer | smvss.exe | Added by the DEDLER-G TROJAN! | No |
| X | SoundMnEx32 | [path to worm] | Added by the STRATION-FW WORM! | No |
| X | Soundmx | Soundmx.exe | CoolWebSearch Tapicfg parasite variant | No |
| X | soundtask | soundtask.exe | Added by the AGOBOT-MD WORM! | No |
| X | soundtasks | soundtasks.exe | Added by a variant of the CRYPTER.C TROJAN! | No |
| X | soundtctrls | soundtctrls.exe | Added by the AGOBOT-ZV WORM! | No |
| X | SoundView | msdview32.exe | Trojan downloader | No |
| X | sounofts | sounofts.exe | Added by the AGOBOT-ND WORM! | No |
| X | sountskmanager | sountaskmgr | Added by an unidentified WORM or TROJAN! | No |
| N | SourcePath | gwreg.exe | Used to update Gateway registry settings for System Restoration Kit and Web update programs | No |
| X | sp | sp.reg | IE search hijacker - changes the default search to http://www.gocybersearch.com/ | No |
| X | sp | regedit-s .... sp.dll | Malicious javascript annoyance that changes the default search engine in IE to one of many including "topsearcher". See here for more and a fix | No |
| X | sp | se.dll,DllInstall | STARTPAGE.M hijacker | No |
| X | sp | rundll32 (Path to Trojan DLL), DllInstall | Added by the ABLANK-W and ABLANK-Z TROJANS! | No |
| U | SP TimeSync | SP TimeSync.exe | SP TimeSync lets you synchronize your computer's clock with any Internet atomic clock (time server) | No |
| X | SP00LSV | Sp00lsv.exe | Added by the GRAYBIRD.E TROJAN! | No |
| U | SP2 Connection Patcher | SP2ConnPatcher.exe | Changes limit of concurrent TCP connections of Windows Service Pack 2 | No |
| X | SP2 data | [path] repcale.exe [path] apc.exe | Added by a variant of the RANDON.AN WORM! Both files are often located in %System%\winstat | No |
| X | SP2 Firewall/Internet Updater | crssrs.exe | Added by the RBOT.BJO WORM! | No |
| X | sp2chk.exe | sp2chk.exe | Added by the ALUROOT.A TROJAN! | No |
| X | sp2ctr | sp2ctr.exe | Added by the DLUCA-M TROJAN! | No |
| X | sp2fwxp | sp2fwxp.exe | Added by the SMALL.ABW TROJAN! | No |
| X | sp2svc | sp2svc.exe | Added by a variant of the RBOT WORM! | No |
| X | sp2update | sp2update.exe | SP2Update adware! Tracks URLs visited and search terms entered into Internet Explorer | No |
| X | sp2update | updatesp2.exe | Added by the SDBOT.CAS WORM! | No |
| X | Spam Blocker for Outlook Express | SBInst.exe | Hotbar adware | No |
| X | SPAM FIREWALL | mfirewall.exe | Added by the SDBOT.AOU WORM! | No |
| U | Spam Monitor | SpamMonitor.Exe | System Tray access to Spam Monitor from PC Tools - which "is an easy-to-use spam filter that detects and isolates unsolicited junk mail sent to your mailbox. Designed for computer users, not experts, Spam Monitor's step-by-step wizard configures your PC with the safest anti-spam settings automatically" | Yes |
| U | Spam Sleuth | SpamSleuth.exe | Spam Sleuth E-mail spam detection program | No |
| X | SpamBlocker | SbOEAddOn.exe | Hotbar adware | No |
| U | SPAMfighter Agent | SFAgent.exe | SPAMfighter anti email spam filter | No |
| U | spamihilator | spamihilator.exe | Spamihilator - spam filter | No |
| U | SpamMonitor | SpamMonitor.Exe | System Tray access to Spam Monitor from PC Tools - which "is an easy-to-use spam filter that detects and isolates unsolicited junk mail sent to your mailbox. Designed for computer users, not experts, Spam Monitor's step-by-step wizard configures your PC with the safest anti-spam settings automatically" | Yes |
| U | SpamMonitor Application | SpamMonitor.Exe | System Tray access to Spam Monitor from PC Tools - which "is an easy-to-use spam filter that detects and isolates unsolicited junk mail sent to your mailbox. Designed for computer users, not experts, Spam Monitor's step-by-step wizard configures your PC with the safest anti-spam settings automatically" | Yes |
| U | SpamPal | spampal.exe | SpamPal - anti-spam tool | No |
| U | SpamSubtract | SpamSubtract.exe | Intermute SpamSubtract - junk email detection and removal program | No |
| U | spamsubtract | SpamSub.exe | InterMute™ SpamSubtract - junk email detection and removal program. InterMute™ is now part of Trend Micro and their products are no longer supported | No |
| U | Spare Backup | SpareBackup.exe | Spare Backup - "Once Spare Backup is installed, backups are automatic. With Spare Backup it's easy, you don't even have to select files for backup, Spare Backup does it for you" | No |
| U | Spark | Spark.exe | Spark instant messaging client | No |
| N | SparVoip | SparVoip.exe | SparVoip - free internet telephony utility using the VoIP (Voice over Internet Protocol). Call online friends for free and regular phones either for free (limited use) or low rates. One of a number provided by Betamax - the others generally have different rate plans. Similar to the more popular Skype | Yes |
| X | spa_start | Rundll32.exe spads.dll | IconAds adware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "spads.dll" file is located in the Winnt or Windows folder | No |
| X | spa_start | Rundll32.exe sprt_ads.dll | Superiorads adware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "sprt_ads.dll" file is located in %System% | No |
| ? | SPC610NC_Monitor | Monitor.exe | Related to the Philips SPC610NC webcam. What does it do and is it required? | No |
| N | spc_w | hcm.exe | NetZero Search Enhancement related | No |
| N | spc_w | blspc.exe | NetZero Search Enhancement related | No |
| N | spc_w | nzspc.exe | NetZero Search Enhancement related | No |
| N | Spdstart | Spdstart.exe | Norton Utilities Speed Start. "This feature optimizes the start up speed of launching applications, such as Word and Excel." | No |
| U | Speaking Clock Deluxe | SpClDlx.exe | Speaking Clock Deluxe - turns your computer into a speaking clock with several languages. It can also keep track of up to 50 alarms that can be set to a time and a date, and be repeated daily, weekly, monthly and yearly | No |
| X | Special Firewall Service | avguard.exe | Added by the NETSKY.G WORM! Note - do not confuse with AntiVir® antivirus which uses the same filename. This one is located in %Windir% | No |
| X | SpecialOffers | SpecialOffers*.exe [* = digit] | SpecialOffers adware | No |
| X | SpecialOffers | SpecialOffers.exe | SpecialOffers adware | No |
| X | specific | specixic.exe | Added by a variant of the SDBOT WORM! | No |
| N | Speed racer | CTSRReg.exe | Software for a Creative sound card | No |
| U | Speed Tec | speedtec.exe | Accel SpeedTec from Montana Software speeds up your modem. SpeedTec modifies the Internet Protocol settings in the Windows registry to speed downloads on all modems. If you find this improves your connectivity and download speeds leave this enabled | No |
| N | SpeedBitVideoAccelerator | VideoAccelerator.exe | "SpeedBit Video Accelerator makes videos from YouTube and over 150 sites stream faster and play smoother by reducing buffering problems and video interruptions or hiccups" | No |
| X | SpeedBoss | [worm filename] | Added by the OPASERV.AD WORM! | No |
| U | SpeedItUp | SPEEDITUP.EXE | Speed It Up - "all in one Speed Booster designed to significantly increase the speed of your computer and boost your PC available memory". Installs PC-Checkup and Search Defender (which is detected by DrWeb as the STARTPAGE.ORIGIN TROJAN) without permission | No |
| U | SpeedItUpEX | SpeedItUpEx.exe | "Speed-It-Up Extreme is designed to speed of your computer up to 3 times faster and boost your PC available memory" | No |
| U | Speedkey | SPEEDKEY.EXE | Additional keyboard shortcuts on MS programmable keyboard | No |
| U | SpeedMeter | SpeedMeter.exe | Application measuring upload and download speed | No |
| U | SpeedOptimizer | spo.exe | SpeedOptimizer is designed to optimize and speed-up your Internet data transmission including browsing, streaming, downloading, uploading and e-mail communication | No |
| U | Speedport W 100 Stick WLAN Manager | Wifiusb.exe | Wireless management utility for the Speedport W 100 Stick WLAN USB stick | No |
| X | SpeedRunner | SpeedRunner.exe | Identified as a variant of the TrojanDownloader.Matcash malware | No |
| U | SpeedswitchXP | SpeedswitchXP.exe | SpeedswitchXP is a CPU frequency control for notebooks running Windows XP | No |
| U | Speedtouch USB Diagnostics | Dragdiag.exe | For an external Alcatel ADSL high-speed modem. A diagnostic tool and can be run from the Start menu when required. The only reason it might be useful on startup is if you like seeing an 'at-a-glance' status indicator on the taskbar (the icon is a different colour depending on the status of the device/line) | No |
| U | SpeedUpMyPC | speedupmypc.exe | Older version of SpeedUpMyPC from Uniblue - which "lets you monitor and control all your PC resources with easy, one click instructions. System settings, internet usage, disk clutter, RAM and CPU are all automatically scanned, cleaned and optimized for peak performance" | No |
| X | Spees1 | speedy.scr | Added by the OPASERV.Y WORM! | No |
| X | Spees2 | Speedy.bat | Added by the OPASERV.AD WORM! | No |
| X | Spees3 | SPEEDY.PIF | Added by the OPASERV.AD WORM! | No |
| N | Spellex Anywhere | sa.exe | Spellex-Anywhere - adds spell checking functionality to almost any Window program. Create a shortcut and run manually before it's to be used | No |
| U | Spiceworks | spicetray_silent.exe | System Tray access to Spiceworks - which "combines everything you need to manage IT in one easy-to-use application" | No |
| Y | SpIDerMail | spiderml.exe | DrWeb antivirus Spider Mail e-mail scanner | No |
| N | Spinner Plus | spinner.exe | "Spinner Plus lets you listen to over 100 channels of music broadcast from Spinner.com. Spinner Plus uses RealNetwork's G2 technology to provide high-quality online audio. The technology adjusts the audio streaming to match your Internet connection speed, which helps eliminate sound distortion or choppiness". Available via Start -> Programs | No |
| X | SPINX | Wscript.exe OXNEY.B.VBS | Added by the YENO.B and YENO.C WORMS! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted. The "OXNEY.B.VBS" file is located in %System% | No |
| ? | SPIRun | Rundll32 SPIRun.dll, RunDLLEntry | Related to Creative audio products. What does it do and is it required? | No |
| Y | SpkrCnfg | DSndUp.exe | Utility that only runs once after installing the drivers for Analog Devices SoundMax integrated soundcards. It's exact purpose is unknown at the present time but from the filename it's probably used to configure the default or generic speaker arrangement for the system it's used on | Yes |
| X | SPnt | SPnt.exe | Premium rate adult content dialler | No |
| U | SpokeSysTray | SpokeSysTray.exe | Spoke Software client application. Spoke "uses data in your e-mail and other enterprise information systems to discover the existing relationships of people in your enterprise. It then builds a private, secure relationship network for each user without any additional manual data entry" | No |
| X | spoo1sv | spoo1sv.exe | Added by the SOULJET TROJAN! | No |
| X | Spool | [path to trojan] | Added by the RANKY.R TROJAN! | No |
| X | Spool | wys.exe | WhileUSurf adware | No |
| X | Spool | static.exe | Added by an unidentified WORM or TROJAN! Located in the Root folder (C:\), (D:\), etc | No |
| X | SPOOL Configuration | spoolsvc.exe | Added by the SDBOT-KD WORM! | No |
| X | Spool Loader | spool.exe | Added by a variant of the RBOT WORM! | No |
| X | Spool LoadKIt | spoolv.exe | Added by a variant of the RBOT WORM! | No |
| X | Spool lptt01 | spool.exe | RapidBlaster variant (in a "spool" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here | No |
| X | Spool Manager | spoolsrv.exe | Added by the BANKER-FR TROJAN! | No |
| X | Spool ml097e | spool.exe | RapidBlaster variant (in a "spool" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here | No |
| X | Spool32 | pool32.exe | Added by the ASSASIN-F TROJAN! | No |
| X | spoolax | [path to trojan] | Added by the PERDA-D TROJAN! | No |
| X | Spooler Host | smhost.exe | Added by the IRCBOT.BSQ BACKDOOR! | No |
| X | Spooler Service | Spoolsrv.exe | Added by the JOINER.C1 TROJAN! | No |
| X | Spooler Subsystem | spoolsub.exe | Added by the SDBOT-ABG TROJAN! | No |
| X | Spooler SubSystem App | spoolsvc.exe | Added by the POEBOT-J WORM! | No |
| X | Spooler SubSystem App | spooIsv.exe | Added by the LINKBOT.M WORM! | No |
| X | Spooler SubSystem App | spoolv.exe | Added by the SDBOT-BN WORM! | No |
| X | Spooler SubSystem Application | localsvc.exe | Added by the DLOADER-NY TROJAN! | No |
| X | Spooler SubSystem Application | netsvc.exe | Added by the DLOADER-NY TROJAN! | No |
| X | Spooler SubSystem Application | spoolsvc.exe | Added by the DLOADER-NY TROJAN! | No |
| X | Spooler SubSystem Application | svcadmin.exe | Added by the DLOADER-NY TROJAN! | No |
| X | Spooler SubSystem Application | svcman.exe | Added by the DLOADER-NY TROJAN! | No |
| X | Spooler SubSystem Application | svcrun.exe | Added by the DLOADER-NY TROJAN! | No |
| X | Spooler SubSystem Application | tcpsvc.exe | Added by the DLOADER-NY TROJAN! | No |
| X | Spooler SubSystem Application | websvc.exe | Added by the DLOADER-NY TROJAN! | No |
| X | Spooler Subsystem Application | smss.exe | Added by the IRCBOT-ZO TROJAN! Note - the legitimate smss.exe process should not normally figure in Msconfig/Startup! | No |
| X | Spooler Subsytem App | spoolsvc.exe | Added by the SDBOT-MM WORM! | No |
| X | SpoolerSubSystemProcess | SpooI32.exe | Added by the EHKS.21 keylogger! Note - the "I" between "o" and "3" is a capital "i" not a lower case "L" | No |
| X | spoolms | spoolms.exe | Added by the LEGMIR-ARO TROJAN! | No |
| X | Spools Service Controller | spools.exe | Added by the KASSBOT-C WORM! | No |
| X | spoolserv | spoolserv.exe | Added by the SDBOT-PN WORM! | No |
| X | SpoolService | spolsv.exe | Added by the AGOBOT-CS WORM! | No |
| X | spoolsrv.exe | spoolsrv.exe | Added by an unidentified WORM or TROJAN! Located in %System% | No |
| X | Spoolsv | Spoolsv.exe | Added by the CIADOOR.121 VIRUS! Note - this is not the legitimate spoolsv.exe which is always located in %System%. This one is located in %Windir% | No |
| X | spoolsv | scvhosts.exe | Added by the SMALL-AW TROJAN! | No |
| X | spoolsv | svchost.exe | Added by the DLOADER-FI TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\HELP | No |
| X | spoolsv | spoclsv.exe | Added by the FUJACKS-M WORM! | No |
| X | spoolsv | spoolsv.exe | Added by the ZAPCHAS-EE TROJAN! Note - this is not the legitimate spoolsv.exe which is always located in %System%. This one is located in %Windir%\Temp\spoolsv | No |
| X | spoolsv | spoolvs.exe | Identified by Kaspersky antivirus as a variant of the QHOST.AES TROJAN! | No |
| X | spoolsv | spoolsv.exe | Added by the ANTINNY-BH WORM! Note - this is not the legitimate spoolsv.exe which is always located in %System%. This one is located in %ProgramFiles%\Messenger | No |
| X | spoolsv | spoolsv.exe | Added by the OURXIN.C TROJAN! Note - this is not the legitimate spoolsv.exe which is always located in %System%. This one is located in a "spoolsv" subfolder | No |
| X | Spoolsv | spoolsv.exe | Added by the ANTINNY.F WORM! Note - this is not the legitimate spoolsv.exe which is always located in %System%. This one is located in %Program Files%\Lotus | No |
| X | spoolsv manager | SpoolMgr.exe | Added by the ASSIRAL WORM! | No |
| X | spoolsv service | spoolsv32.exe | Added by the RBOT-AHP WORM! | No |
| X | spoolsv.exe | [random filename] | Added by the RBOT-JB WORM! | No |
| X | SPOOLSV32 | SPOOLSV32.EXE | Added by the CWS-I or HAZIF-B TROJANS! | No |
| X | SPOOLSV32.exe | SPOOLSV32.exe | Added by the STARTPAGE.O TROJAN! | No |
| X | spoolsvc | spoolsvc.exe | Added by the DROPPER-AT TROJAN! | No |
| X | spoolsvr | SPOOLSVR.EXE | Added by the RAYROB.A TROJAN! | No |
| X | spoolsvr32 | csmss.exe | Added by the AGENT-AU TROJAN! | No |
| X | spoolsvr32 | csmss32.exe | Added by a variant of the AGENT-AU TROJAN! | No |
| X | spoolsvs | wintre.exe | Added by the SDBOT.EGQ WORM! | No |
| X | spoolsvs | wincfy.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| X | spoolsvs.exe | spoolsvs.exe | Added by the DLOADER-RK TROJAN! | No |
| X | SPOOLSVU | SPOOLSVU.EXE | Added by the STARTPAGE.K hijacker | No |
| X | spoolsvv | spoolsvv.exe | Searchcentrix hijacker | No |
| X | Spoolvs | spoolvs.exe | Added by the SDBOT.AUS WORM! | No |
| X | Spore | MsNews.vbs | Added by the SORPE.A WORM! | No |
| X | Spore.b | Scmhlpr.vbs | Added by the SORPE.B WORM! | No |
| ? | SPP | run.exe | ?? | No |
| X | spp | regedit -s spp.reg | IE search hijacker - changes the default search to h**p://www.hotsearchbox.com/ie/. Note that the Windows registry editor (regedit.exe) is a legitimate Microsoft file located in %Windir% and shouldn't be deleted. The file "spp.reg" is located in the root folder (ie, C:\) | No |
| ? | sppbridge | sppbridge.exe | Associated with an Anycom bluetooth wireless card on laptops - used for printing to portable printers for example. Is it required or can it be started manually? | No |
| U | Sprint DSL virtual assistant | matcli.exe | "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". Sprint DSL Virtual Assistant is required to run with the Help and Support program. If you uncheck Sprint DSL Airtual Assistant and then run Help and Support it will add another Sprint DSL Virtual Assistant in the startup menu. If you remove this software in "add/remove programs" some help menus in help and support will not be available. You decide | No |
| ? | SprintPort | SprintPortA.exe | Novatel wireless modem related. What does it do and is it required? | No |
| U | SpriteService | SpriteService.exe | Sprite Backup is a backup application for Windows Mobile Pocket PC or Smartphone | No |
| X | Sproc32 | sproc32.exe | Added by the SPROCIT TROJAN! | No |
| X | sprof | sprof.exe | Added by the RENOS.G TROJAN! | No |
| U | sprtcmd | sprtcmd.exe | Self-help support tool for a number of high-speed internet providers and computer suppliers such as Comcast, Qwest and Dell. Identifies and automatically fixes typical problems that may occur with your high-speed internet service. Provided by SupportSoft, Inc | No |
| X | Spruce - Auto Update | Spruce.exe | Rabio "Search Enhancer" adware variant | No |
| U | SPSTEALT | SmartProtectorPro.exe | Smart Protector Pro - internet privacy tool that erases tracks, MRU lists, etc | No |
| U | SPSTEALT | SmartProtector-Pro.exe | Smart Protector Pro internet eraser from SmartSoft - "keeps out prying eyes and protects your private data on all Windows systems" | Yes |
| ? | spstore | storesp.exe | Softprobe - program designed to provide managers with an analysis of an individuals computer use who are under their supervision. This program is NOT related to Winpup | No |
| U | Spy Blocker | spyblocker.exe | SpyBlocker blocks the communications of spyware installed on a PC so spyware runs but can't exchange data with the server to which it should report. Ensuring spyware can't communicate is important, as you may find after using Ad-Aware that some applications containing spyware subsystems may not run correctly or at all | No |
| U | Spy Protector | SpyProtector.exe | Included in the full version of Security Task Manager, Spy Protector prevents keyboard and mouse monitoring, warns when the registry is changed and eliminates internet activity and work traces | No |
| X | Spy Protector | srcss.exe | SpyProtector rogue security suite - not recommended, removal instructions here | No |
| X | Spy Protector | lsascs.exe | Spy Protector rogue security software - not recommended, removal instructions here | No |
| X | Spy-Control | Spy-Control.exe | Spy-Control spyware remover - not recommended, see here | No |
| U | Spy-Keylogger | skl.exe | SpyKeylogger keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| X | SpyAway | spyaway.exe | SpyAway spyware remover - not recommended, see here | No |
| X | SpyAxe | spyaxe.exe | SpyAxe rogue spyware remover - not recommended | No |
| X | SpyBan | SpyBan.exe | SpyBan spyware remover - not recommended, see here | No |
| X | SpyBlast | SpyBlast.exe | Spyware killer that is in effect autoinstalled foistware, targeted by SpyBot, among others | No |
| U | SpyBlocker | spyblocker.exe | SpyBlocker blocks the communications of spyware installed on a PC so spyware runs but can't exchange data with the server to which it should report. Ensuring spyware can't communicate is important, as you may find after using Ad-Aware that some applications containing spyware subsystems may not run correctly or at all | No |
| X | SpyBlocs | SpyBlocs.exe | SpyBlocs spyware remover - not recommended, see here | No |
| X | SpyBlocs3.0 | SpyBlocs3.0.exe | SpyBlocs spyware remover - not recommended, see herea> | No |
| Y | Spybot - Search & Destroy | TeaTimer.exe | Part of the popular Spybot - Search & Destroy spyware removal tool from Safer Networking Limited. "Resident TeaTimer is a tool of Spybot-S&D which perpetually monitors the processes called/initiated. It immediately detects known malicious processes wanting to start and terminates them giving you some options, how to deal with this process in the future". Also provides System Tray access to Spybot S&D and detects when processes want to change critical registry settings such as the startup entries - giving the user the option to allow/deny the change | Yes |
| U | Spybot-S&D | SpybotSD.exe | Main program part of the popular Spybot - Search & Destroy spyware removal tool from Safer Networking Limited. A number of other options are available if this runs at start up (enabled under Mode → Advanced : Settings → Settings → Automation → System Start) - including autocheck, autofix and autoclose | Yes |
| Y | SpybotDeleting***** | [cmd or command] /c del [path] [filename] | Generated by Spybot Search & Destroy if it encounters files that cannot be deleted during runtime because they are locked by other processes. For example, C:\WINDOWS\SchedLgU.Txt is the scheduler log file and is locked by Windows as long as it runs. For operating system compatibility reasons the autorun entries are generated with cmd and command. These entries should be left alone and will be removed on the next reboot/login. **** represents a combination of a single letter and up to 4 numbers | No |
| U | SpybotSD | SpybotSD.exe | Main program part of the popular Spybot - Search & Destroy spyware removal tool from Safer Networking Limited. A number of other options are available if this runs at start up (enabled under Mode → Advanced : Settings → Settings → Automation → System Start) - including autocheck, autofix and autoclose | Yes |
| Y | SpybotSD TeaTimer | TeaTimer.exe | Part of the popular Spybot - Search & Destroy spyware removal tool from Safer Networking Limited. "Resident TeaTimer is a tool of Spybot-S&D which perpetually monitors the processes called/initiated. It immediately detects known malicious processes wanting to start and terminates them giving you some options, how to deal with this process in the future". Also provides System Tray access to Spybot S&D and detects when processes want to change critical registry settings such as the startup entries - giving the user the option to allow/deny the change | Yes |
| U | SpybotSnD | SpybotSD.exe | Main program part of the popular Spybot - Search & Destroy spyware removal tool from Safer Networking Limited. A number of other options are available if this runs at start up (enabled under Mode → Advanced : Settings → Settings → Automation → System Start) - including autocheck, autofix and autoclose | Yes |
| X | Spybott lptt01 | spybott.exe | RapidBlaster variant (in a "Spybott" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here | No |
| X | Spybott ml097e | spybott.exe | RapidBlaster variant (in a "Spybott" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here | No |
| X | SpyBurner | SpyBurner.exe | SpyBurner rogue spyware remover - not recommended, removal instructions here | No |
| X | SpyClean | 1ClickSpyClean.exe | 1 Click Spy Clean uses a database that was stolen from SpybotS&D. Not recommended, see here | No |
| X | SpyClean | SpyClean.exe | SpyClean spyware remover - not recommended, see here | No |
| U | SpyCop ScanCheck | MAIN.EXE | SpyCop surveillance software detection - checks to see when your machine was last scanned and if it was more than a week asks if you want to scan | No |
| X | SpyCrush | SpyCrush.exe | SpyCrush rogue spyware remover - not recommended, removal instructions here | No |
| X | SpyCrush 3.1 | SpyCrush 3.1.exe | SpyCrush rogue spyware remover - not recommended, removal instructions here | No |
| X | SpyCrush 3.2 | SpyCrush 3.2.exe | SpyCrush rogue spyware remover - not recommended, removal instructions here | No |
| X | SpyCrush 3.3 | SpyCrush 3.3.exe | SpyCrush rogue spyware remover - not recommended, removal instructions here | No |
| X | SpyDawn | SpyDawn.exe | SpyDawn rogue spyware remover - not recommended, removal instructions here | No |
| X | SpyDevastator | SpyDevastator.exe | SpyDevastator rogue security software - not recommended, removal instructions here | No |
| U | SpyEmergency | SpyEmergency.exe | SpyEmergency security software from Netgate | No |
| X | SpyEx | Winllogo.exe | Added by the PRSKEY-A WORM! | No |
| X | SpyFighterMonitor | SpyFighter.exe | SpyFighter spyware remover - not recommended, see here | No |
| X | SpyFighterUpdate | AutoUpdate.exe | SpyFighter spyware remover - not recommended, see here | No |
| X | SpyGuarder | spyguarder.exe | SpyGuarder rogue security software - not recommended, removal instructions here | No |
| X | SpyGuardPro | pgs.exe | SpyGuardPro rogue security software - not recommended. A member of the AVSystemCare family | No |
| X | SpyHazard | SpyHazard.exe | SpyHazard rogue spyware remover - not recommended, removal instructions here | No |
| X | SpyHealer | SpyHealer.exe | SpyHeal rogue spyware remover - not recommended | No |
| X | SpyHeals | SpyHeals.exe | Smitfraud variant | No |
| X | SpyHunter | SpyHunter.exe | Enigma SpyHunter - not recommended, see note | No |
| U | SpykEy | Spyky.exe | SpyKy keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| U | Spykiller | Spykiller.exe | Spyware remover - older versions are not recommended, see here | No |
| X | SpyKillerPro | SpyKillerPro.exe | SpyKillerPro rogue security software - not recommended, removal instructions here | No |
| X | SpyLax | SpyLax.exe | SpyLax spyware remover - not recommended, see here | No |
| X | SpyLocked | SpyLocked.exe | Spylocked rogue spyware remover - not recommended, removal instructions here | No |
| X | SpyLocked 3.6 | SpyLocked 3.6.exe | Spylocked rogue spyware remover - not recommended, removal instructions here | No |
| X | SpyLocked 3.7 | SpyLocked 3.7.exe | Spylocked rogue spyware remover - not recommended, removal instructions here | No |
| X | SpyLocked 3.9 | SpyLocked 3.9.exe | Spylocked rogue spyware remover - not recommended, removal instructions here | No |
| X | SpyLocked 4.0 | SpyLocked 4.0.exe | Spylocked rogue spyware remover - not recommended, removal instructions here | No |
| X | SpyLocked 4.1 | SpyLocked 4.1.exe | Spylocked rogue spyware remover - not recommended, removal instructions here | No |
| X | SpyLocked 4.3 | SpyLocked 4.3.exe | Spylocked rogue spyware remover - not recommended, removal instructions here | No |
| X | SpyMarshal | SpyMarshal.exe | SpyMarshal rogue spyware remover - not recommended, removal instructions here | No |
| X | SpyMaxx | SpyMaxx.exe | SpyMaxx spyware remover - not recommended, see here | No |
| X | SpyMedic | SpyMedic.exe | SpyMedic spyware remover - not recommended, see here | No |
| X | SpyNuker | Spynuker.exe | A "spyware removal program" by TrekBlue, which is being heavily advertised through junk e-mail from its affiliates and misleading fake-dialogue-box web advertising. This is the same company as E-mail marketers 'TrekData' and 'Blue Haven Media', who distribute spyware through ActiveX drive-by-download on web pages | No |
| X | SpyOnThis Monitor | SpyOnThisMonitor.exe | SpyOnThis Monitor spyware remover - not recommended, see here | No |
| U | spyprodetector | spydetector.exe | Spyware Process Detector spyware remover | No |
| X | SpyPry | SpyPry.exe | SpyPry spyware remover - not recommended, see here | No |
| X | SpyQuake2.com | Spy-Quake2.exe | SpyQuake2 spyware remover - not recommended, see here | No |
| X | SpyRid | Spy-Rid.exe | Spy-Rid rogue spyware remover - not recommended | No |
| U | spyshelter | antikeylogger.exe | SpyShelter - anti-keylogger protects against keylogger programs monitoring your keystrokes | No |
| X | SpySheriff | SpySheriff.exe | SpySheriff malware | No |
| X | SpyShredder | SpyShredder.exe | SpyShredder rogue spyware remover, removal instructions here | No |
| X | spysoldier | spysoldier.exe | SpySoldier rogue spyware remover - not recommended, removal instructions here | No |
| X | SpySpotter | SpySpotter.exe | SpySpotter rogue spyware remover - not recommended, see here | No |
| X | SpySpotter System Defender | Defender.exe | SpySpotter rogue spyware remover - not recommended, see here | No |
| U | SpyStopper | spystopper.exe | SpyStopper - blocks intrusive spyware, Web bugs, worms, scripts, advertisements, and cookies. Protects you from being profiled and tracked | No |
| U | SpySubtract | SpySub.exe | SpySubtract - multi spyware removal tool | No |
| U | SpySweeper | SpySweeper.exe | Spy Sweeper - detects and removes spyware | No |
| U | SpySweeper | SpySweeperUI.exe | Spy Sweeper - detects and removes spyware | No |
| U | SpySweeperEnterprise | SpySweeperUI.exe | User interface for Spy Sweeper Enterprise edition - "a centrally managed, scalable enterprise solution that provides best of breed protection against all types of malicious spyware, adware, and other harmful intruders" | No |
| X | SpyTrooper | SpyTrooper.exe | SpyTrooper rogue spyware remover - not recommended, see here | No |
| X | Spyware | Spyware.exe | BPS spyware remover - not recommended, see here | No |
| U | Spyware Begone | SpywareBeGone.exe | Spyware BeGone - spyware remover. Previously not recommended, see here | No |
| U | Spyware Begone | freescan.exe | Spyware BeGone - spyware remover. Previously not recommended, see here | No |
| Y | Spyware Doctor | spydoctor.exe | Older version of Spyware Doctor antispyware from PC Tools | No |
| Y | Spyware Doctor | swdoctor.exe | Older version of Spyware Doctor antispyware from PC Tools | No |
| U | Spyware Guard Control Panel | spywareguardcp.exe | "SpywareGuard provides a real-time protection solution against spyware" | No |
| U | Spyware Nuker | swn2.exe | Spyware remover by TrekBlue. Previously not recommended but the latest version was delisted here | No |
| U | Spyware Nuker Installer | SpywareNukerInstaller.exe | Spyware remover by TrekBlue. Previously not recommended but the latest version was delisted here | No |
| X | Spyware remover | Remove_spyware.exe | Unidentified, but not known to belong to any known spyware remover, and strongly suspected to be adware related! | No |
| N | Spyware Scanner | AseScanner.exe | Aluria Software's spyware removal tool - we can't really recommend this product as Aluria have recently partnered with WhenU, the well known adware company, see here and here | No |
| U | SpyWare Shield | Shield.exe | Acronis Privacy Expert Spyware Shield prevents spyware and other suspicious programs from being installed on PCs | No |
| X | Spyware Slayer | SpywareSlayer.Exe | Spyware Slayer spyware remover - not recommended, see here | No |
| X | Spyware Soft Stop | Spyware Soft Stop.exe | SoftStop rogue security software - not recommended | No |
| X | Spyware Stormer | SpywareStormer.Exe | Spyware Stormer spyware remover - not recommended, see here | No |
| X | Spyware Striker Pro | SpywareStriker.exe | Ascentive Spyware Striker Pro rogue spyware remover - not recommended, see here | No |
| X | Spyware Sweeper | SpywareSweeper.exe | SpywareSweeper spyware remover - not recommended, see here | No |
| U | Spyware Vanisher | FreeScanner.exe | Spyware Vanisher - spyware remover. Previously not recommended, see here | No |
| U | Spyware Vanisher | SpywareVanisher.exe | Spyware Vanisher - spyware remover. Previously not recommended, see here | No |
| Y | Spyware X-terminator | SpywareX.exe | Spyware X-terminator antispyware from StompSoft, Inc - no longer available since StompSoft were acquired by Migo Software Inc | No |
| X | Spyware-Cop | Spyware-Cop.exe | Spyware-Cop spyware remover - not recommended, see here | No |
| X | Spyware-Secure | Spyware-Secure_trial.exe | Spyware-Secure rogue spyware remover - not recommended | No |
| X | SpywareBomb | SpywareBomb.exe | SpywareBomb spyware remover - not recommended, see here | No |
| X | SpywareBot | SpywareBot.exe | SpywareBot spyware remover - not recommended, see here | No |
| X | SpywareCease.exe | SpywareCease.exe | Spyware Cease rogue security software - not recommended | No |
| U | spywarefighterguard | spfprc.exe | Spyware Fighter - anti spyware program | No |
| Y | SpywareGuard | sgmain.exe | "SpywareGuard provides a real-time protection solution against spyware" | No |
| X | SpywareGuard | winproc32.exe | Startpage adware Trojan | No |
| X | SpywareGuard | deinst_qfe001.exe | Added by a variant of the Win32.Small TROJAN! - Do NOT confuse with the legitimate SpywareGuard application | No |
| X | spywareguard | spywareguard.exe | Spyware Guard 2008 rogue spyware remover - not recommended, removal instructions here. Note - do not confuse with the legitimate SpywareGuard application | No |
| X | Spywareguard lptt01 | Spywareguard.exe | RapidBlaster variant (in a "Spyguard" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here | No |
| X | Spywareguard ml097e | Spywareguard.exe | RapidBlaster variant (in a "Spyguard" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here | No |
| X | SpywareGuardPlus | winmm64.exe | StartPage.ht homepage hijacker | No |
| X | SpywareHeal | SpywareHeal.exe | SpyHeal rogue spyware remover - not recommended | No |
| X | spywareisolator | spywareisolator.exe | SpywareIsolator rogue spyware remover - not recommended, removal instructions here | No |
| X | SpywareKilla | SpywareKilla.exe | SpywareKilla spyware remover - not recommended, see here | No |
| X | spywareknight | spywareknight.exe | SpywareKnight rogue spyware remover - not recommended, removal instructions here | No |
| X | SpywareLocked | SpywareLocked.exe | Spylocked rogue spyware remover - not recommended, removal instructions here | No |
| X | SpywareLocked 3.3 | SpywareLocked 3.3.exe | Spylocked rogue spyware remover - not recommended, removal instructions here | No |
| X | SpywareLocked 3.4 | SpywareLocked 3.4.exe | Spylocked rogue spyware remover - not recommended, removal instructions here | No |
| X | SpywareLocked 3.5 | SpywareLocked 3.5.exe | Spylocked rogue spyware remover - not recommended, removal instructions here | No |
| X | SpywareNo | SpywareNo.exe | SpywareNo spyware remover - not recommended, see here | No |
| X | SpywareProMFC | SpywarePro.exe | SpywarePro rogue security software - not recommended, removal instructions here | No |
| X | SpywareQuake | SpywareQuake.exe | SpywareQuake spyware remover - not recommended, see here | No |
| X | SpywareRemover | SpywareRemover.exe | SpywareRemover spyware remover - not recommended, see here | No |
| X | SpywareRemover2009 | SR.exe | SpywareRemover 2009 rogue spyware remover - not recommended, removal instructions here | No |
| X | spywarescanner | spywarescanner.exe | Spyware Scanner 2008 rogue security software - not recommended, removal instructions here | No |
| X | SpywareSoftStop | SpywareSoftStop.exe | SoftStop rogue security software - not recommended | No |
| X | SpywareStop | SpywareStop.exe | SpywareStop rogue spyware remover - not recommended, see here | No |
| X | SpywareStrike | SpywareStrike.exe | SpywareStrike spyware remover - not recommended, see here | No |
| X | SpywareSweeper | SpywareSweeper.exe | SpywareSweeper spyware remover - not recommended, see here | No |
| X | SpywareSweeperProMFC | Spyware Sweeper Pro.exe | Spyware Sweeper Pro rogue security software - not recommended, removal instructions here | No |
| U | SpywareTerminator | SpywareTerminatorShield.exe | Spyware Terminator - spyware remover. Initially not recommended due to false positives but the later versions have since improved - see here | No |
| X | SPYWATCH | SpyWatch.exe | BPS spyware remover - not recommended, see here | No |
| X | SpyWatchE | SpyWatchE.exe | SpyWatchE rogue security software - not recommended, removal instructions here | No |
| X | SQConfigChecker | cc.exe | Xupiter SQWire toolbar related. Use Spybot S&D, Adware or similar to detect and remove and to prevent it re-installing in the future see here | No |
| X | SQInstaller | SQInstaller.exe | Xupiter SQWire toolbar related. Use Spybot S&D, Adware or similar to detect and remove and to prevent it re-installing in the future see here | No |
| X | SQL | server.exe | Added by the PUNYA-B WORM! | No |
| N | SQL Server | scm.exe | SQL Server Service Control Manager. Available via Start -> Programs | No |
| X | SQL Server Service | sql.exe | Added by the RBOT-ADF | No |
| X | sqlpdro | providd.exe | Added by the AGENT-LXF TROJAN! | No |
| X | sqservices | wins32.exe | Added by the PROGENT-B TROJAN! | No |
| X | SQUpdatesChecker | uc.exe | Xupiter SQWire toolbar related. Use Spybot S&D, Adware or similar to detect and remove and to prevent it re-installing in the future see here | No |
| X | sqvynikp | sqvynikp.exe | Free_Scratch_Cards foistware | No |
| Y | SR Agent | AGENTSVC.EXE | Related to Secure Resolutions - desktop virus protection | No |
| Y | Sr Agent | SrLogon.exe | Related to Secure Resolutions - desktop virus protection | No |
| ? | sr1exe | updtSup3.exe | Found on a Dell computer in Documents and Settings\All Users\Application Data\DellAlert2 | No |
| X | sr64 | [path to trojan] | Added by the AGENT.X TROJAN! | No |
| X | SrchfstUpdate | srchupdt.exe | SearchFast adware downloader | No |
| X | sre | rundll32.exe sre.dll, Register | CoolWebSearch parasite variant - also detected by Kaspersky as the AGENT.FC TROJAN! | No |
| ? | srePostpone | rundll32.exe [path] srescan.dll, DoSpecialAction | Related to ZoneAlarm. What does it do and is it required? | No |
| ? | SRFirstRun | rundll32 srclient.dll, CreateFirstRunRp | Created by execution of the Windows XP sr.inf file, which installs the Windows XP System Restore feature, needed for example when installing System Restore into Windows Server 2003. Does this indeed need to run at every bootup? | No |
| U | Srmclean | srmclean.exe | Srmclean helps in the installation and execution of the SoundMax SoftPaq for Compaq/ADI SoundMax Integrated Digital Audio. According to Compaq - "If you disable the entry from loading into startup, then you will not be able to use the features of the sound card" | No |
| X | SRNG | srng.exe | ShopNavSearch.Srng search hijacker | No |
| U | SRP Startup | srrpro.exe | System Restore Remover Pro allows you to safely and easily remove System Restore and various other Windows Millennium "features". This is enabled if you tick the "Remove unnecessary System Restore information on startup" box. Available via Start -> Settings -> Control Panel | No |
| Y | SRS Applet | SrsTray.Exe | S3 Sonic Vibes sound card drivers - if disabled you loose sound | No |
| U | SRS Audio Sandbox | SRSSSC.exe | SRS Audio Sandbox "provide amazing audio immersion and maximum thump for a personalized audio experience!" | No |
| X | srshost.exe | srshost.exe | Added by a variant of the RBOT-ASW WORM! | No |
| U | SRUUninstall | msiexec.exe | Symantec Network Driver Update - part of LiveUpdate | No |
| X | srv | winlogon.exe | Added by the SILLYFDC.BCA WORM! Note - this is not the legitimate winlogon.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %UserProfile%\Local Settings\Application Data | No |
| X | Srv Host | srvhost.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Srv RPCrom | NClienti386.exe | Added by the WATSOON.A TROJAN! | No |
| X | Srv32 | Srv32.exe | Added by the OPASERV.J WORM! | No |
| X | Srv32 spool service | runsrv32.exe | Topantispyware.com malware - detected by Kaspersky as the SPYRE.B TROJAN! | No |
| X | Srv32 spool service | spoolsrv32.exe | Added by the SPYRE-B TROJAN! | No |
| X | Srv32 spool service | [path to trojan] | Added by the DLOADER-LB TROJAN! | No |
| X | Srv325 | Srv325.exe | Added by the AGOBOT-PR WORM! | No |
| X | Srv32Old | [worm filename].PIF | Added by the OPASERV.J WORM! | No |
| U | Srv32Win | SpyAgent4.exe | SpyAgent - monitoring software that creates records of everything people do on a computer, ie, spying or monitoring depending upon how you call it | No |
| U | Srv32Win | Svchost.exe | Realtime-Spy keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| U | Srv32Win | sysdiag.exe | SpyAgent surveillance software. Uninstall this software unless you put it there yourself | No |
| U | srv32win | win16dll.exe | Screenspy captures screenshots silently. If you didn't install this yourself remove it | No |
| X | Srvce Pack Updte | svcpack.exe | Added by a variant of the RBOT WORM! | No |
| X | srvexc.exe | srvexc.exe | Added by the SERVSAX TROJAN! | No |
| X | srvhost | srvhost.exe | Added by the LIVUP.A BACKDOOR! | No |
| U | srvprc | srvprc.exe | ActMon surveillance software. Uninstall this software unless you put it there yourself | No |
| N | srxTray | srxTray.exe | Titan FTP Server - FTP server | No |
| N | SsAAD.exe | SsAAD.exe | Sony's SonicStage digital music manager for their range of MP3 players. It monitors your HDD for newly added music tracks and automatically offers to add them to your playlist when you connect your player | No |
| X | ssate.exe | irun4.exe | Added by the BEAGLE.J WORM! | No |
| X | ssate.exe | winsys.exe | Added by the BEAGLE.K WORM! | No |
| N | SSBkgdUpdate | SSBkgdupdate.exe | ScanSoft OmniPage auto updater. Can be disabled using the main program's options. Note - if you have a Soundblaster Audigy2 ZS soundcard installed on your computer and the volume of your soundsystem is turned on extremely high disabling this will solve the problem | No |
| U | SSC Service Utility | ssc_serv.exe | SSC Service Utility is a printer utility for refilled Epson cartridges | No |
| U | SSCFBTN.EXE | SSCFBTN.EXE | Samsung smarthru software,used with Lexmark Z82 or Samsung multifunction printers | No |
| Y | sscRun | SSCRun.exe | AOL's firewall | No |
| Y | SSC_UserPrompt | UsrPrmpt.exe | Part of Symantec's AntiVirus suite and comes usually with a product update, if not on the system already. Required for essential applications to work properly | No |
| Y | Ssd | Std.exe | Stealthdisk - file and folder hiding/locking utility | No |
| ? | ssdiag | ssdiag.exe | Equinox (now Avocent) "Configuration and DOS Diagnostic for DOS and Windows platforms" | No |
| N | SSDPSRV | ssdpsrv.exe | Simple Service Discovery Protocol (SSDP) and General Event Notification Architecture (GENA) services for network plug and play functionality. Starts up a web server on port 5000. Used by Universal Plug and Play (for network device discovery). To remove this program, open Add/Remove Programs, select either Communications (Me) or Networking Services (XP), and remove the checkmark next to Universal Plug and Play | No |
| X | sserrvv | sserrvv.exe | Added by the STRATION.DB WORM! | No |
| X | ssgrate.exe | system.exe | Added by the MITGLIEDER.C TROJAN! | No |
| X | ssgrate.exe | irun.exe | Added by the MITGLIEDER.D TROJAN! | No |
| X | ssgrate.exe | irun4.exe | Added by the MITGLIEDER.F TROJAN! | No |
| X | ssgrate.exe | sysdoor.exe | Added by the MITGLIEDER.N TROJAN! | No |
| X | ssgrate.exe | winerdir.exe | Added by the MITGLIEDER.O TROJAN! | No |
| X | ssgrate.exe | winsystems.exe | Added by the BAGLEDL-J TROJAN! | No |
| X | ssgrate.exe | wintems.exe | Added by the MITGLIEDER.Q TROJAN! | No |
| U | SSh32 | SSh32.exe | 2Spy keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| X | SSK Service | winssk32.exe | Added by the SOBIG.E WORM! | No |
| X | SSL | svchost.exe | Added by an unidentified VIRUS, WORM or TROJAN! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup! | No |
| X | SSL Manager | amsnmsgs.exe | Added by a variant of the SDBOT WORM! | No |
| X | SSLDyn | SSLDyn.exE | FRETHOG.MM spyware | No |
| U | ssmmgr | ssmmgr.exe | Samsung printer monitor - for checking ink levels, etc. | No |
| X | ssms.exe | SSMS.EXE | Added by the GISMOR WORM! | No |
| U | SSPY | SSYTEM.EXE | SurfingSpy keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| U | SSS7 | SSS7.exe | Steganos Security Suite 7 - "A comprehensive collection of methods to prevent your data falling into the wrong hands, and highly recommended if you have anything you feel you need to hide" | No |
| X | sssasasb32 | sssasasb32.exe | Added by the TACTSLAY.F TROJAN! | No |
| X | sssasasb32 | msnmsgq32.exe | Added by the TACTSLAY.F TROJAN! | No |
| X | sstata | dwdas.exe | Added by the DASDA TROJAN! | No |
| X | sstata | [path to trojan] | Added by the RANCK-DF TROJAN! | No |
| X | SStb.exe | SStb.exe | Adpowerzone.com "ServerSide" keyword hijacker | No |
| N | sstray | sstray.exe | nVidia nForce Taskbar Utility - quick access to the nForce2 "Sound Storm" control panel and related utilitys | No |
| X | SSUpdate | SSUpdate.exe | MoneyTree parasite - ActiveX control used to download premium-rate dialers | No |
| X | ssvchost | ssvchost.exe | Added by the HELIOS.B TROJAN! | No |
| X | SSWPlauncher | comet.exe | Comet Cursor adware | No |
| N | Stacmon | Stacmon.exe | Installed with the drivers for a SigmaTel C-Major Audio card (on a Dell Inspiron 600m PC for example). Appears as though it can be disabled with no ill effects | No |
| N | StacSysTray | StacSysTray.exe | System Tray control panel for SigmaTel C-Major on-board audio - as used on some Dell and Packard Bell PCs | No |
| X | staeck12 | mfcee.exe | Added by an unidentified WORM or TROJAN! | No |
| X | staeck122 | mfceee.exe | Added by an unidentified WORM or TROJAN! | No |
| X | standalone.exe | standalone.exe | Added by the AGOBOT-ADS WORM! | No |
| U | Stardock ObjectDock | ObjectDock.exe | Stardock ObjectDock is a program that enables users to organize their shortcuts, programs and running tasks into an attractive and fun animated Dock | No |
| U | StarSkin | starskin.exe | StarSkin allows you to change the view and appearance of your Windows XP box with the use of publically available themes | No |
| Y | Start | Quick95.exe | For a Nisis G6 USB Graphics Tablet. Re-enables itself if disabled therefore best left alone | No |
| X | Start | windows.vbs | Homepage hijacker | No |
| ? | start | start.exe | ?? | No |
| X | start | sdcc.exe | Added by the AGENT.CSX TROJAN! | No |
| X | start | isfmntr.exe | Added by the ZLOB.MEDIA-CODEC TROJAN! This purports to be a Windows Media Player upgrade (with names such as "iCodecPack", "X Password Manager" and "Media-Codec") to allow the user to view adult oriented videos on certain websites - but actually downloads and installs additional malware on the user's machine. Various directories and filenames are used - see the link for details | No |
| X | start | sbmntr.exe | Added by the ZLOB.MEDIA-CODEC TROJAN! This purports to be a Windows Media Player upgrade (with names such as "iCodecPack", "X Password Manager" and "Media-Codec") to allow the user to view adult oriented videos on certain websites - but actually downloads and installs additional malware on the user's machine. Various directories and filenames are used - see the link for details. This particular one is "NetProject" | No |
| X | start | iebtm.exe | Added by the ZLOB.MEDIA-CODEC TROJAN! This purports to be a Windows Media Player upgrade (with names such as "iCodecPack", "X Password Manager" and "Media-Codec") to allow the user to view adult oriented videos on certain websites - but actually downloads and installs additional malware on the user's machine. Various directories and filenames are used - see the link for details | No |
| X | Start aThe Roll | enotxa2.exe | Added by the RBOT-PV BACKDOOR! | No |
| X | Start aThx Roll | f0mered.exe | Added by the RBOT.AAV WORM! | No |
| X | Start CurePCSolution | CurePCSolution.exe | CurePCSolution spyware remover - not recommended, see here | No |
| X | start extracting | spoolvse.exe | Added by the RBOT-XF WORM! | No |
| X | start extracting | spoolvs.exe | Added by the RBOT.BAN WORM! | No |
| X | start extracting | mcafee.exe | Added by the RBOT.FO BACKDOOR! Note - this is not a valid McAfee program and is located in %System% | No |
| N | Start Getright | getright.exe | See Getright Tray Icon | No |
| X | Start It Upping | svchosets.exe | Added by a variant of the RBOT WORM! | No |
| U | Start Network Scanner Tool | sdFTP.exe | Part of Sharpdesk from Sharp Electronics. "A desktop-based, personal document management application that lets users browse, edit, search, compose, process, and forward both scanned and native electronic documents" | No |
| X | Start Page | http://find.naupoint.com | Naupoint browser hijacker | No |
| X | Start Page | svcnt32.exe | Homepage hijacker, also detected as Trojan-Downloader.Win32.Delf.ks | No |
| Y | Start RF Wireless Keyboard | ktrexe.exe | Yuanxun Electronics RF wireless keyboard driver | No |
| Y | Start RF Wireless Mouse | cm20.exe | Yuanxun Electronics RF wireless mouse driver | No |
| U | Start Service | upssrv.exe | Cyber Power PowerPanelPlus software. "During a power failure the system automatically saves and closes open files within the battery backup time and safely powers down your computer" | No |
| X | Start The Roll | enotax2.exe | Added by the RBOT.XO WORM! | No |
| U | Start Up Cop | startcop.exe | StartUp Cop - startup manager | No |
| X | start uploading | smsss.exe | Added by a variant of the SDBOT WORM! | No |
| X | start uploading | crsss.exe | Added by the RBOT-SZ WORM! | No |
| X | Start Upping | taskmrg.exe | Added by the RBOT-MA WORM! | No |
| X | Start Upping | SVCHOSTES.EXE | Added by the RBOT-NB WORM! | No |
| X | Start Upping | taksmgr.exe | Added by the RBOT-QK WORM! | No |
| X | Start Upping | mcrt32.exe | Added by a variant of the SPYBOT WORM! | No |
| X | Start Upping | windupds.exe | Added by the SDBOT.AFH WORM! | No |
| X | Start Upping | windupdts.exe | Added by a variant of the RBOT WORM! | No |
| X | Start Upping | xdcc.exe | Added by the SPYBOT.OY WORM! | No |
| X | Start Upping | spoolnt.exe | Added by the RBOT-TM WORM! | No |
| X | Start Upping | iexplorerupdt.exe | Added by the RBOT-RR WORM! | No |
| X | Start Uppings | svcchosts.exe | Added by the SDBOT.VY WORM! | No |
| X | Start Uppings | mssupdate.exe | Added by a variant of the RBOT WORM! | No |
| N | Start Wingman Profiler | lwtest.exe | Logitech Wingman software required to operate Logitech joysticks and gamepads. Unless you're a hard-core gamer, it's best to leave it unchecked | No |
| N | Start Wingman Profiler | lwemon.exe | Logitech Wingman software required to operate Logitech joysticks and gamepads. Unless you're a hard-core gamer, it's best to leave it unchecked | No |
| X | Start Xp Setup | msxp.exe | Added by the RBOT.AKK WORM! | No |
| U | Startacc | startacc.exe | Launches Webroot's Accelerate 2000 software that "speeds up your Internet connection by up to 300%". Leave enabled if you find it improves internet connection | No |
| N | StartCCC | CLIStart.exe | Puts the ATI Catalyst™ Control Center Icon/Shortcut on the System Tray - available via Start → Programs | No |
| X | startdrv | startdrv.exe | Added by the DROPRK-A TROJAN! | No |
| U | StartEAK | StartEAK.exe | Easy Access Button Support for Compaq PCs. Allows the use of programmable keys on multimedia keyboards. Required if you use the additional keys | No |
| U | StartEase | StartEase.exe | StartEase from PC Magazine - application launcher that managed programs in the Windows Start menu into an A-to-Z menu structure | No |
| X | startemdoit | [path to trojan] | Added by the DLOADR-AVP TROJAN! | No |
| X | Starter | scvhosting.exe | Added by the SDBOT.RU WORM! | No |
| X | starter | scvhostingg.exe | Added by the FORBOT-FB WORM! | No |
| X | starter | iexplore.exe | Added by the FORBOT-DU WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System% | No |
| U | StartFoxie | StartFoxie.exe | Foxie Suite from Softonic International. "This suite of free tools comes in the form of an Internet Explorer add-on and includes a mix of powerful security enhancements" | No |
| X | Starting up | wvsvc.exe | Added by the RBOT-NF WORM! | No |
| X | startkey | svcmgr.exe | Added by the HIPPER-B TROJAN! | No |
| X | startkey | update.exe | Added by the BIFROSE-DG TROJAN! | No |
| X | startkey | XMCHAI.EXE | Added by the BIFROSE-AO TROJAN! | No |
| X | startkey | explore32.exe | Added by the BDOOR-MT BACKDOOR! | No |
| X | startkey | CKOTS.exe | Added by the BIFROSE-HM TROJAN! | No |
| X | StartKey | pligde.exe | Added by the BIFROSE.E TROJAN! | No |
| X | startkey | RunWinRaR.exe | Added by a variant of the BIFROSE-LV TROJAN! | No |
| X | startkey | Mysia.exe | Added by the CEP TROJAN! | No |
| X | startkey | explorer.exe | Added by the BCKDR-MLD BACKDOOR! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System% | No |
| X | startkey | furzi.exe | Added by the BIFROSE-OK TROJAN! | No |
| X | startkey | krnl.exe | Added by the BIFROSE-S TROJAN! | No |
| X | startkey | royale.exe | Added by a variant of the SDBOT WORM! | No |
| X | startkey | rtfmsv.exe | Added by the EDEPOL-C TROJAN! | No |
| X | startkey | scvhost.exe | Added by the BIFROSE-PM TROJAN! | No |
| X | startkey | server.exe | Added by the BIFROSE-DB TROJAN! | No |
| X | startkey | win32i.exe | Added by the BIFROSE-R TROJAN! | No |
| X | startkey | winampXP.exe | Added by the BIFROSE-OY TROJAN! | No |
| X | startkey | svchost32.exe | Added by a variant of the SDBOT WORM! | No |
| X | startkey | winlogin.exe | Added by the BIFROSE-PM TROJAN! | No |
| X | startkey | antivir.exe | Added by the BIFROSE-TO TROJAN! | No |
| X | startkey | svchost.exe | Added by the AGENT-FPL TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder | No |
| X | StartKey | msnmsie.exe | Added by the BIFROSE.M BACKDOOR! | No |
| N | startl.exe | startl.exe | Lingocom LingoWare - translates any application into your language | No |
| X | StartMenu | deamon.exe | Added by the TACTSLAY.C TROJAN! | No |
| X | StartMenu | msgaol.exe | Added by the TACTSLAY.C TROJAN! | No |
| X | StartMenu | s_menu.exe | Added by the TACTSLAY.C TROJAN! | No |
| X | StartMenu | browse.exe | Added by the DROWSY-C TROJAN! | No |
| X | startpage | startpage.exe | Browser hijacker - redirecting to pages2start.com | No |
| U | STARTPAGE | start1.exe | NoSpy.org - prevents spyware from changing your startpage and other browser properties. The start1.exe file is located in a NOSPY.ORG folder | No |
| X | StartReplySystem | loadnewmessage.exe | Added by the HIDAGENT-B WORM! | No |
| U | StartSecurDoc | SDPin.exe | SecurDoc from WinMagic Inc - "Provides full disk encryption to protect sensitive information stored on laptops, desktops and PDAs" | No |
| U | StartStop | STARTSTOP.EXE | StartStop from TFI Technology - startup manager | No |
| U | StartSurfing | STARTS.exe | Start Surfing allows you to protect your privacy while surfing and searching the Internet by acting as a "filter" between you and the website you are visiting. Startsurfing acts as your shield from Pop Up Windows, Mouse Traps, Window Resizing, and scripts that attempt to record your personal information. Available via Start -> Programs | No |
| N | Startup | ?? | Related to an Iomega drive | No |
| X | Startup | WinlogonStartup | Unidentified malware | No |
| X | Startup | mirc.exe | Added by the FLOOD-EU TROJAN! An uninstall option for mirc.exe can be accessed via the Add or Remove Programs dialog in the Windows Control Panel. The software is listed as mIRC. This one puts 10 files in the Windows or Winnt folder | No |
| X | Startup Configuration | [six character filename] | Added by the RBOT-ARV WORM! | No |
| X | Startup Configuration | wztoid.exe | Added by the RBOT-ASD WORM! | No |
| ? | Startup Launcher GUI | GUI.exe | Startup manager? | No |
| U | Startup Manager Scanner | StartupMonitor.exe | Startup-Mechanic Startup monitor - offers boot protection of your PC from harmful trojans, adult-dialers, and other scumware | No |
| Y | Startup Scan | Sensor.EXE | AntiVirus Quick Heal - scheduling agent | No |
| X | Startup Update | Cvshost.exe | Added by the GAOBOT.AO WORM! | No |
| X | StartupBin | iwnujdss.exe | Added by the SDBOT-XZ WORM! | No |
| X | StartUpDate | [path to trojan] | Added by the BIFROSE.F BACKDOOR! | No |
| U | StartupMonitor | StartupMonitor.exe | Mike Lin's StartupMonitor, throws up an alert and asks your permission every time any change is made to your start-up configuration, either in the registry or start menu | No |
| X | StartupOption | loadsysdisk.exe | Added by the HIDAGENT-B WORM! | No |
| X | Startwd | rundll32.exe wd081025.dll,Hook | Added by the AGENT.DE TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "wd081025.dll" file is found in %System% | No |
| X | startwin | startwin.exe | Added by the ANTIMAN.A WORM! | No |
| X | startwindowskeyuser | rundle2.exe | Added by the JAVAKILLER TROJAN! | No |
| N | Stat 'n' Perf | StatnPerf.exe | Stat 'n' Perf monitors your internet connection and displays information about sent and received bytes | No |
| X | StatBar | STATBAR.exe | StatBar (system status bar) allows you to quickly get an overview of your system's condition (memory, CPU, uptime, and much more). Due to the sheer number of resources (over 60%) consumed by this program, it is unsuitable for Windows 9x/Me | No |
| X | State Service | csrss.exe | Added by the DADOBRA-CP TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| U | StationPlaylistStudio | SPLStudio.exe | StationPlaylist Studio - "simple to use on-air broadcast playback software for the studio and/or DJ" for small to medium sized radio broadcasters, and internet webcasters | No |
| X | Statistics | statslist.exe | Added by the OPANKI-S WORM! | No |
| X | statloads | pgjd83sa.exe | Added by the SDBOT-UM WORM! | No |
| N | Status Monitor | BrMfcWnd.exe | Brother scanner status monitor - can be started manually | No |
| U | Status Monitor CLJ1500 | HPPOUMUI.exe | Status monitor for the HP Color LaserJet 1500 printer from Hewlett-Packard - for monitoring printer status, checking ink levels, etc | No |
| N | Status Monitor XE | ENGSS.EXE | The Xerox Document WorkCentre XE Series Status Monitor displays information about your printer and currently active or waiting print jobs. You can use it to control your printing environment and manage your printing operations. Available via Start -> Programs | No |
| ? | StatusClient | StatusClient.exe | Part of Hewlett Packard network printer drivers | No |
| ? | StatusClient 2.6 | StatusClient.exe | Part of Hewlett Packard network printer drivers | No |
| N | StatusView | StatusView.exe | Status View intra-office messaging | No |
| N | Stay Connected! | StayCon.exe | More than just a pinger, actually simulates online activity. Supports AOL, NetZero, MSN, ATT WorldNet, CompuServe and many other ISPs as well. Available via Start -> Programs | No |
| U | StayAlive | StayAlive.Exe | Part of RealSPEED - tweaking utility to speed-up your internet connection. Stay connected even after a period of inactivity on the net | No |
| U | StayAlive | sa.exe | StayAlive from TFI Technology. "This top-notch tool intercepts crashes when they happen, keeping your programs running so you can save your work." | No |
| ? | STBVision | STBVisn.exe | Related to the STB Velocity graphics card. What does it do and is it required? | No |
| N | STBWEBTV | STBWEBTV.EXE | Used to display TV on your PC | No |
| X | stcinstaller | id53.exe | Added by the SCTHOUGHT.L TROJAN! | No |
| X | stcloader | stcloader.exe | SecondThought adware | No |
| X | STCLOA~1 | STCLOA~1.EXE | SecondThought adware | No |
| Y | STCPO | STCPO.exe | Sophos Sweep antivirus software | No |
| X | StdAFX | stdafx.exe | Added by the DELBOT-AF WORM! | No |
| X | stdlib | [filename] | Added by the PERDA-E TROJAN! | No |
| Y | STDSB | STDSB.exe | Scrollbar driver for notebooks. If taken out of the Startup, it will not provide scrolling | No |
| U | Stealth Anonymizer 2.5 | stealth25.exe | Now named Stealther - proxy server agent that lets you travel the Internet with maximum possible privacy | No |
| X | stealth.dcom.exe | stealth.dcom.exe | Added by the THEALS.A WORM! | No |
| X | stealth.ddos.exe | stealth.ddos.exe | Added by the THEALS.A WORM! | No |
| X | stealth.exe | stealth.exe | Added by the THEALS.A WORM! | No |
| X | stealth.injector.exe | stealth.injector.exe | Added by the THEALS.A WORM! | No |
| X | stealth.stat.exe | stealth.stat.exe | Added by the THEALS.A WORM! | No |
| X | stealth.wm.exe | stealth.wm.exe | Added by the THEALS.A WORM! | No |
| X | stealth.worm.exe | stealth.worm.exe | Added by the THEALS.A WORM! | No |
| N | Steam | steam.exe | Valve Corporation's STEAM broadband game client. Steam is Valve's new way of getting games into your hands ASAP. Games like Half-Life, Counter-Strike, and Counter-Strike: Condition Zero are all being made available through Steam. Steam games are automatically kept up-to-date with the latest content and revisions. Steam also includes an instant-message client which even works while you're in-game | No |
| X | steam | steam.exe | Added by the RBOT-AJT WORM! Note - the file steam.exe will be found in %System% and is not associated with Valve Software's game client | No |
| X | SteFanie | SteFanie.vbs | Added by the STEFAN WORM! Note - make sure you check the hyperlink as this one copies it's self to numerous dirves and folders | No |
| ? | stgclean | w32main2.exe | Related to IBM Standard Software Installer. What does it do and is it required? | No |
| N | Stickies | Stickies.exe | Stickies - "lets you put yellow sticky notes on your Windows desktop, much like the popular Mac OS application. It is very simple, very customizable, and completely free!". Available via Start → Programs | No |
| N | Sticky Notes | stikynot.exe | Microsoft Sticky Notes - virtual sticky notes tool from Windows Vista. This implementation of the popular yellow "Post-It" tool is part of the Tablet PC features and allows you to enter either handwriting (via a pen or mouse) or record a voice note. AVailable via Start → All Programs | Yes |
| U | Sticky Pad | StickyPad.exe | Sticky Pad from Green Eclipse. Place sticky notes on your desktop | No |
| N | StickyNote | StickyNote.exe | Utility that allows you to put yellow "Post-It" type messages on your desktop. Available via Start -> Programs | No |
| U | StillImageMonitor | Stimon.exe | Stimon.exe enables a USB still-image device (such as a scanner) to initiate data transfer to a program. For example, if your scanning device has a scan button, it may start a program and begin scanning when you press it. Create a shortcut and start it manually when needed if your scanner otherwise fails to scan. May be required for your USB scanner to work - including all HP scanners and some of their SCSI scanners | No |
| X | stisrv | stisrv.exe | Added by the RBOT.BQF WORM! | No |
| X | stlbdist | rundll32exe stlbdist.DLL, DllRunMain | Hijacker pointing to www.searchandclick.com | No |
| X | stlbupdt | rundll32.exe stlbupdt.DLL, DllRunMain | BrowserAid/BrowserPal foistware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| N | STManager | drst.exe | Dr. SpeedTouch is some sort of diagnostics software which sends out information to a server which then relays the information back to the program to test the network to see if the SpeedTouch ADSL modem connection is working properly. Not required if connected via Ethernet (and probably USB). Can cause a slow down in Win2K - see here | No |
| X | stmha | wkfxi.js | Added by the SPETH WORM! | No |
| X | stonedrv | stonedrv.exe | Added by the COSIMA-K TROJAN! | No |
| U | StopSignSsTsMon | sstsmon.dll, VerifyStatus | eAcceleration Stop-Sign security software related. Previously not recommended, see here | No |
| U | StopSignStatus | stopsinfo.dll | eAcceleration Stop-Sign security software related. Previously not recommended, see here | No |
| U | STOPzilla | Stopzilla.exe | StopZilla! - pop-up killer | No |
| U | STOPzilla Service | SZNTSVC.EXE | StopZilla! - pop-up killer | No |
| U | StorageGuard | sgtray.exe | StorageGuard from Veritas. Free utility that integrates with Backup MyPC (formerly Backup Exec Desktop), Simple Backup and MS Backup. Provides system tray access and background monitoring - warning you of files that haven't recently been backed up. Required unless you backup manually on a regular basis or have scheduled backups | No |
| X | StorageProtector | SysRep.exe | StorageProtector rogue system error and cleaning utility - not recommended. A member of the ErrClean family | No |
| U | StormCodec_Helper | StormSet.exe | Storm Codec is a codec pack for Windows | No |
| ? | STPMGR | STPMGR.EXE | Part of SafeTP which is transparent FTP security software. Does it need to be running permanently or can it be started manually via Start -> Programs | No |
| X | stratas | xmconfig.exe | Added by the RBOT-AHR WORM! | No |
| X | stratas | lockx.exe | Added by the SDBOT-ADD WORM! | No |
| X | Stratas | ggfig.exe | Added by the OPANKI.W WORM! | No |
| X | StreamAppliance | wuauclt14.exe | Added by the RBOT-GMB WORM! | No |
| X | StreamAppliance | wuauclt16.exe | Added by the RBOT-GME WORM! | No |
| N | Streamload Downloader | SlDB.exe | Downloader for MediaMax (was Streamload) - "gives you a private and secure place to upload, store, access, and share your personal videos, photos, movies, music, and files" | No |
| N | Streamload Uploader | StreamMgr.exe | Uploader for MediaMax (was Streamload) - "gives you a private and secure place to upload, store, access, and share your personal videos, photos, movies, music, and files" | No |
| X | Streams Drivers | [trojan filename] | Added by the RESTARTER.E TROJAN! | No |
| U | StreamZap Remote | zremote.exe | StreamZap PC Remote - control Windows Media Player, iTunes, RealPlayer, Winamp, PowerPoint, MusicMatch Jukebox, and many other multimedia applications | No |
| U | StrgSync.exe | StrgSync.exe | SimpleTech Inc's StorageSync backup software - backs up an entire PC, or selected files and folders | No |
| X | strkjhk | sdflkj3.exe | Added by an unidentified WORM or TROJAN - see here | No |
| X | strmsnmgrs | msnxmsgrsc.exe | Added by the SDBOT.JDR WORM! | No |
| X | strmsnmsgr | msnmsgrs.exe | Added by the RBOT-ACQ WORM! | No |
| X | strmsnmsgrs | msnmsgrsc.exe | Added by a variant of the RBOT WORM! | No |
| X | strmsnnms | msnmegrs.exe | Added by the SDBOT-YU TROJAN! | No |
| X | strmsnnrs | msnmcgrs.exe | Added by the RBOT-ACT TROJAN! | No |
| X | strmsoums | msnmegrse.exe | Added by the SDBOT-ZK TROJAN! | No |
| X | Strng32 | strngbox.exe | Added by the STRANO WORM! | No |
| U | StrokeIt | strokeit.exe | StrokeIt is an "advanced mouse gesture recognition engine and command processor" | No |
| X | strpmon | strpmon.exe | Part of BugsDestroyer, ProtectingTool and other members of the ErrClean rogue system error and cleaning utility and other members of this family. See here for more examples | No |
| X | strtas | lock1.exe | Added by the SDBOT-ADQ WORM! | No |
| X | strtas | lockx.exe | Added by the SDBOT-AEB WORM! | No |
| X | strtas | l074.exe | Added by the AGENT-II TROJAN! | No |
| X | strtas | loc1.exe | Added by the RBOT-AZU TROJAN! | No |
| X | strto | strto.exe | Added by the KILLPROC-F TROJAN! | No |
| X | strto | [path to trojan] | Added by the KILLAV-AP TROJAN! | No |
| X | Sts | iwnujdss2.exe | Added by the SDBOT-YI WORM! | No |
| X | Stubbish | Stubbish.exe | Added by the STUBBOT-A WORM! | No |
| X | StubPath | Sservice.exe | Added by the PRORAT TROJAN! | No |
| X | stup | 138762763.exe | Added by the FIRESPY-A TROJAN! It will attempt to register the dropped component as a Firefox plugin and begin monitoring the user's browsing habits, stealing information including monitoring and logging information from Web forms | No |
| X | stup | [path to trojan] | Added by the AGENT-CIL TROJAN! | No |
| X | stup1db0t | _win.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| N | StupAssist | StupAssist.exe | Associated with Nikon digital cameras | No |
| X | STV | winscrne.exe | Added by a variant of the SDBOT WORM! | No |
| X | stxrmsgms | mstats.exe | Added by the IRCBOT-AE TROJAN! | No |
| U | StyleXP | StyleXP.exe | StyleXP allows you customize the way WinXP looks. If disabled via msconfig it re-instates itself at reboot, therefore uninstall it if you don't want it | No |
| X | SubAH | SubAH.exe | Added by the SUBAH TROJAN! | No |
| U | Subliminal Power | Subliminal.exe | Subliminal Power - displays subliminal messages of your choice on your computer screen | No |
| N | Subtract the Ads | AdSub.exe | Removes adverts from web pages. Although useful - not required | No |
| X | suck | l0ad.exe | PurityScan adware | No |
| X | suicide | tempfile2.bat | Personal Protector rogue security software - not recommended, removal instructions here | No |
| U | Suitcase Startup | Suitcase.exe | Suitcase - system font manager start up utility. Used for dynamic managment of fonts on your system | No |
| X | Suite | SuiteOffices.exe | Added by the LAZAR TROJAN! | No |
| X | SULFNBJ.EXE | SULFNBJ.EXE | Added by the PE_MAGISTR.DAM VIRUS! | No |
| X | Sun Java Console for Windows NT & XP | jconsole.exe | Added by the VANEBOT-C WORM! | No |
| X | Sun Java Updater v5 | javajre.exe | Added by the AUTORUN-XI WORM! | No |
| X | Sun Java Updater v7.4 | javawx.exe | Added by the ACKANTTA.B WORM! | No |
| U | Sunasdtserv | Sunasdtserv.exe | CounterSpy by Sunbelt Software - adware/spyware protection | No |
| U | sunasServ | sunasServ.exe | CounterSpy by Sunbelt Software - adware/spyware protection | No |
| X | Sunjava | javasmart.exe | Added by the AGENT.AHV TROJAN! | No |
| X | SunJava Updater v7 | javale.exe | Added by the ACKANTTA.B WORM! | No |
| X | SunJavaSched | ccEvtMngr.exe | Added by the SDBOT-YP WORM! | No |
| X | SunJavaSched Updater | avamx.exe | Added by the RBOT-ABJ WORM! | No |
| X | SunJavaUpdate | smvss.exe | Added by the DEDLER-G TROJAN! | No |
| X | SunJavaUpdater | javaw.exe | Added by the MYTOB.QR WORM! | No |
| N | SunJavaUpdateSched | jusched.exe | Checks with Sun's Java updates site to see if newer Java versions are available. Either visit the Java download page or click on Start → Control Panel → Java → Update → Update Now | Yes |
| X | SunJavaUpdateSched | scvhost.exe | Added by the SDBOT-AVX WORM! | No |
| X | SunJavaUpdateSched | javamx.exe | Added by the SDBOT-WI WORM! | No |
| X | SunJavaUpdateSched10 | jushed.exe | Added by the ACKANTTA.F WORM! | No |
| X | SunJavaUpdateSched132 | jschd.exe | Added by the AUTORUN-AQY WORM! | No |
| X | SunJavaUpdateSched16 | jvshed.exe | Added by the ACKANTTA.G WORM! | No |
| X | SunJavaUpdatSched | spoolsv.exe | Added by the BANCBAN-NP TROJAN! Note - this is not the legitimate spoolsv.exe which is always located in %System%. This one is located in %ProgramFiles%\MSN Messenger | No |
| U | Sunkist | shwicon98.exe | Card reader for memory cards from digital cameras, etc | No |
| U | Sunkist2k | shwicon2k.exe | Card reader for memory cards from digital cameras, etc | No |
| U | SunKistEM | shwiconem.exe | Used by your computer to communicate with your Alcor Micro Multimedia Card Reader - necessary if you're using this software | No |
| U | SuNotification | suatshut.exe | ShadowSurfer - "provides a safe computing environment by creating a virtual twin of your PC. Restore the pre-ShadowMode system state no matter what changes have occurred to your PC" | No |
| Y | SunProtectionServer | SunProtectionServer.exe | CounterSpy antispyware software | No |
| Y | SunServer | SunServer.exe | CounterSpy antispyware software | No |
| ? | SupaDial | SupaDial.exe | SupaNet.com modem driver related - is it required? | No |
| N | Supastatus | status.exe | Supanet ISP software | No |
| X | supdate | supdate.exe | Added by the MALWARE.D TROJAN! | No |
| X | supdate2.dll | rundll32.exe supdate2.dll | Added by the ZLOB-VL TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "supdate2.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| X | super | fuckbx.exe | Added by the LINEAGE-H TROJAN! | No |
| X | super | super.exe | Added by the AGOBOT-QT WORM! | No |
| U | Super Popup Blocker | popkill.exe | Saga Super Popup Blocker - pop-up stopper | No |
| U | Super X Desktop Version 3.4 | SXDesk.exe | Super X Desktop - virtual desktop manager | No |
| U | SuperAdBlocker | SAdBlock.exe | SuperAdBlocker | No |
| Y | SUPERAntiSpyware | SUPERAntiSpyware.exe | SUPERAntiSpyware - spyware, malware and other threat remover | No |
| X | SuperBar.Component | [path to services.exe] | Added by the SMALL-AQ TROJAN! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %System%\Inetsrv | No |
| X | SuperBar.Component | services.exe | FakeMessage/AdRotator adware. Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in an "Inetsrv" subfolder | No |
| U | Supercleaner | Supercleaner.exe | Supercleaner - all in one disk cleaner for your computer | No |
| U | SuperCool Compress Backup | Main.exe | "SuperCool Zip Backup software is a data backup,restore and file synchronization program" | No |
| U | SuperCopier2.exe | SuperCopier2.exe | "SuperCopier replaces windows explorer file copy and adds many features" | No |
| X | SuperHeissSex | SuperHeissSex.exe | HeissSex premium rate adult content dialer! | No |
| X | supernews12 | newsd32.exe | Adware, also detected as the DLOADER-JN TROJAN! | No |
| X | Supernova | [worm filename] | Added by the SURNOVA.A (or SUPOVA) WORM! | No |
| X | superproxy | superproxy.exe | Added by the DELBACK-B TROJAN! | No |
| U | SuperRam | SuperRam.exe | SuperRam memory manager. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See SuperRam article and make up your own mind | No |
| X | superslut | msslut32.exe | Added by the SLUTER-A WORM! | No |
| U | SuperSpamKiller Pro | Ssk.exe | SuperSpamKiller Pro email spam blocker | No |
| X | Supervisor.exe | Supervisor.exe | Has been reported to be associated with various antitrojan software like ATS and PC Doorguard. If so it's required in Startup - any further information is welcome | No |
| X | support-reverse-smileys | [trojan filename] | Added by the LITEBOT TROJAN! | No |
| U | Support.com Scheduler and Command Dispatcher | tgcmd.exe | Part of software from SupportSoft (aka Support.com) provided to manufacturers and ISPs that allows them to offer on-line support - to update drivers, fix faults, etc. Also see the TgAddServer entry. This part ensures the software is installed correctly (similar to an installation wizard) as reported by Cox. Regarded as spyware by some as it has the ability to retrieve user information. Whether it does so depends upon the provider. One Toshiba user reports problems with hibernate on his laptop if disabled - hence the "U" recommendation" | Yes |
| X | supporter5 | supporter5.exe | Part of eScorcher anti-virus software- responsible for updates of new virus bases each time you logon to the web. Used to collect information about the user and therefore treated as spyware - now the web-site is dead | No |
| U | Sup_SmartRAM | Sup_SmartRAM.exe | Memory management part of the Advanced SystemCare system utility from IObit | No |
| U | Sup_SmartRAM.exe | Sup_SmartRAM.exe | Memory management part of the Advanced SystemCare system utility from IObit | No |
| U | SureCleanProfessional | SRClean.exe | SureClean PC and Internet tracks cleaner | No |
| U | Sureshotpopupkiller | Stopthepop.exe | Stop-the-Pop-Up popup blocker | No |
| U | Sureshotpopupkiller | pusak.exe | Stop-the-Pop-Up popup blocker | No |
| X | SurfAccuracy | sacc.exe | SurfAccuracy adware | No |
| X | SurfBuddy | rundll32 [path] sbuddy.dll | SurfBuddy adware - not to be confused with the legitimate SurfBuddy application by SurfApps!. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| U | SurfChoice | SCMan.exe | SCMan is a utility that can control services on WinNT from the command line. This utility can create, start, pause, stop, delete services. Furthermore it can retrieve a service's current state, get the displayname for a service and vice versa | No |
| X | Surfer lptt01 | surfer.exe | RapidBlaster variant (in a "mssurfer" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here | No |
| X | Surfer ml097e | surfer.exe | RapidBlaster variant (in a "mssurfer" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here | No |
| U | SurfHelper | SurfHelp.exe | Related to SurfHelper - a free tool to remove popup windows, clear history, control window properties of IE, and more | No |
| U | SurfinGuard Pro | winsfcm.exe | SurfinGuard Pro from Finjan - internet protection software, protects against all malicious code delivered through executables, scripting files, ActiveX and Java | No |
| U | SurfSecret | ss2-full.exe | "House-cleaning utility that enables you to keep your computer usage to yourself. Runs quietly from the system tray, eliminating tell-tale files at a regular interval of your choosing. You can set it to clear your Internet cache files, cookies, history, temp folder, etc. It can also clear the history of your Run and Find menus, in addition to the AOL cache" | No |
| X | SurfSideKick | Ssk.exe | SurfSideKick adware | No |
| X | SurfSideKick 2 | Ssk.exe | SurfSideKick adware | No |
| X | SurfSideKick 3 | Ssk.exe | SurfSideKick adware | No |
| U | SurfStream | SurfStream.exe | Conceiva "SurfStream lets you surf the Web faster. It contains a fully featured proxy server that lets you surf the Web significantly faster. It also blocks all pop-up windows and banner ads from Web pages. An intelligent tune-up tool automatically analyzes and optimizes your computer's Internet connection and TCP/IP settings" | No |
| X | Surs | awab.exe | PurityScan adware | No |
| N | Surveysa | surveysa.exe | Found on Sony laptops, it brings up a prompt to take a survey. It goes away if you fill out the survey or you choose "never prompt me again" but keeps popping if you either exit out of it or select "take survey later" | No |
| U | suScheduler | UCLauncher.exe | Related to Lenovo ThinkVantage Technologies. ThinkVantage Technologies help make ThinkPad/ThinkCentre PCs less dependent on IT staff | No |
| X | Susp | Susp.exe | VX2.Transponder parasite updater/installer related | No |
| X | SuspenzorPC | GDC.exe | SuspenzorPC Czech rogue privacy tool - not recommended. A member of the PCPrivacyTool family | No |
| X | susse | hpsw.exe | LinkMaker adware | No |
| X | Sustem | explorer.exe | Added by an unidentified VIRUS, WORM or TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! | No |
| X | SustemUpdate | explorer.exe | Added by an unidentified VIRUS, WORM or TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! | No |
| X | SV00LSV | SV00LSV.EXE | Added by the GRAYBIRD-C TROJAN! | No |
| X | SVA Player | SVAplayer.exe | SVAPlayer parasite | No |
| X | Svc | svc.exe | ClientMan parasite variant | No |
| U | SVC | svchost.exe | ElfSpy keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| X | svc | expseny.exe | Added by the PWS-ANG TROJAN! | No |
| X | SVC Service | svcinit.exe | Added by the SINIT TROJAN! | No |
| X | SVC Service | svcinit.exe | CoolWebSearch parasite variant | No |
| X | SVC Service | svcpack.exe | CoolWebSearch Svcinit parasite variant | No |
| X | SVC Service | svc32.pif | Added by the RBOT-ASC WORM! | No |
| X | SVC Socks | mstaskm.exe | CoolWebSearch parasite variant | No |
| X | svc32 | svc32.exe | Identified as a variant of the Banker-EQC/DLoader.GPJI malware | No |
| X | svcdata.exe | svcdata.exe | Added by the SPYBOT.ZIF WORM! | No |
| X | Svced | Svced.exe | Added by the DELF.F TROJAN! | No |
| X | SvcH0st | msexploren.exe | Added by the BACKDOOR-CGZ TROJAN! | No |
| X | SvcH0st | SHCH.EXE | Added by the BDOOR-EB BACKDOOR! | No |
| X | SvcH0st | SVCHST.EXE | Added by the BDOOR-EB BACKDOOR! | No |
| X | SvcH0st | WINAGENT.EXE | Added by the BDOOR-EB BACKDOOR! | No |
| X | SVCH0ST | spoo1sv.exe | Added by the VB-HF TROJAN! | No |
| X | SVCH0ST | SVCH0ST.EXE | Added by the VB-IK TROJAN! Note - the filename has the digit 0 rather then the uppercase "o" | No |
| X | SvcH0st | msnexploren.exe | Added by the TACTSLAY.B TROJAN! | No |
| X | SvcH0st | sdhch.exe | Added by the TACTSLAY.B TROJAN! | No |
| X | SVCH0ST.EXE | SVCH0ST.EXE | Added by the BANCBAN-HT TROJAN! | No |
| X | SVCH0TS | sp00lvs.exe | Added by the LINEAGE-AZ TROJAN! | No |
| X | svchast | svchast.exe | Added by the LINEAGE-AV TROJAN! | No |
| X | svchctrl | svchctrl.exe | Added by the COBFINN TROJAN! | No |
| X | svchos | svchos.exe | Added by the EZIBOT-B TROJAN! | No |
| X | svchosd | [path to trojan] | Added by the BANCOS-BCX TROJAN! | No |
| X | SVCHOSI | SVCHOSI.EXE | Added by the VBBOT-AA WORM! | No |
| X | SVCHOST | svchost.exe | System1060 homepage hi-jacker. Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\System1060 | No |
| X | svchost | svchost.exe | Added by many TROJANS amd WORMS, such as MORB or TARNO. Note - this is not the legitimate svchost.exe process which should not normally figure in Msconfig/Startup! | No |
| X | SVCHOST | mrowyekdc.exe | Added by the GOTORM WORM! | No |
| X | svchost | Svch0st.exe | Added by the GRAYBIRD and GRAYBIRD.B TROJANS! Note - the filename has the digit 0 rather then the uppercase "o" | No |
| X | svchost | [path to trojan] | Added by the HAZZER TROJAN! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup! | No |
| X | svchost | ADMAGIC.EXE | Added by the SMIBAG WORM! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup! | No |
| X | Svchost | winhost.exe | Added by the LOLAWEB.A TROJAN! | No |
| X | Svchost | svchost.exe | Added by the MOZE-A WORM! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in the Winnt or Windows folder | No |
| X | SVCHOST | var.txt.exe | Added by the LDPINCH.C TROJAN! | No |
| X | Svchost | svchosl.pif | Added by the INZAE.A or INZAE.B WORMS! | No |
| X | svchost | [path] SETUP.EXE | Added by the SETCLO WORM! | No |
| X | SVCHOST | scvhost.exe | Added by the MYTOB.E or MYTOB.G WORMS! | No |
| X | SVCHOST | taskgmr.exe | Added by the MYTOB.F or MYTOB.H WORMS! | No |
| X | svchost | olehelp.exe | Added by the BOOKMARKER.G TROJAN! | No |
| X | SVCHOST | updater32.exe | Added by the RANTS.A WORM! | No |
| X | SVCHOST | SPOOLSV.EXE | Added by the BAITAP-A WORM! Note - this is not the legitimate spoolsv.exe which is always located in %System%. This one is located in %Windir% | No |
| X | SvcHost | svchost32.exe | Added by the AGOBOT-TM WORM! | No |
| X | svchost | svchost.exe | Added by the BANCBAN-HL TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "config" subfolder of the Winnt or Windows folder | No |
| X | SVCHOST | MDM.EXE | Added by the LCJUMP-A WORM! Note - this is not the legitimate Machine Debug Manager (mdm.exe) process which is located in %ProgramFiles%\Common Files\Microsoft Shared\VS7Debug (98/Me/XP/Vista) or %System% (Me only). This one is located in %Windir% | No |
| X | svchost | [path to explorer.exe] | Added by the UNREAL-A TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! | No |
| X | svchost | rundll16.exe | Added by the STARTPA-PB TROJAN! | No |
| X | Svchost | svchost.exe | Added by the ADCLICK-AM TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %ProgramFiles%\Internet Explorer | No |
| X | svchost | svchost.exe | Added by the BDOOR-ES BACKDOOR! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "Microsoft" subfolder | No |
| X | svchost | svchost.exe | Added by the DLOADER-EV TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %ProgramFiles% | No |
| X | svchost | winhelp.exe | Added by the GAOBOT.GEN!POLY WORM! | No |
| X | Svchost | svchots.exe | Added by the RBOT.ADK WORM! | No |
| X | svchost | ying.exe | Constructor VC2000 malware | No |
| X | svchost | inetinfo.scr | Added by the ODELUD WORM! | No |
| X | SVCHOST | svchost64.exe | Added by the STARTP-G TROJAN! | No |
| X | svchost | svchost.com | Added by the BANLOA-ABL TROJAN! | No |
| X | svchost | win.exe | Added by the VBSAUTO-A WORM! | No |
| U | svchost | svchost.exe | Infine Keylogger surveillance software. Uninstall this software unless you put it there yourself. Note - this is not the svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup. This one is located in an "svc" subfolder | No |
| X | svchost | logon.exe | Added by the SLEGON WORM! | No |
| X | svchost | svcst.exe | Added by the AGENT-LIL WORM! | No |
| X | svchost Agent | svchost.exe | Added by the AUTORUN-DB WORM! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "28463" sub-folder | No |
| X | svchost connection monitor | svchost32.exe | Added by a variant of the SDBOT WORM! | No |
| X | SVCHOST Generic application | svchost.exe | Added by the DAEMONI-K TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in the Winnt or Windows folder | No |
| X | svchost Netware Manager | svchost.exe | Added by the EXVID.A WORM! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder | No |
| X | SVCHost Protocol32 | scvhost32.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | Svchost Service | svchost.exe | Added by the VB-DVQ WORM! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Help subfolder of the Winnt or Windows folder | No |
| X | Svchost Windows Remote Services | svhost.exe | Added by the IRCBOT-IV WORM! | No |
| X | svchost.exe | svchost32.exe | CoolWebSearch Svchost32 parasite variant | No |
| X | SVCHOST.EXE | SVCHOST.EXE | Added by the WRMSCAN-A TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in the Winnt or Windows folder | No |
| X | svchost.exe | [path to executeable] | Added by the BANKER-MO TROJAN! | No |
| X | svchost.exe | svchost.exe | Added by the ZAPCHAS-V TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "drivers" subfolder | No |
| X | svchost.exe | swchost.exe | Added by the SADELPHI-A TROJAN! | No |
| X | svchost.exe | svchost.exe | Added by the VIRUT.CF WORM! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "3361" subfolder | No |
| X | SVCHOST.EXE | svchost.exe | Added by the SILLYFDC.BBI WORM! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "Conf" sub-directory | No |
| X | svchost1 | svchost1.exe | Added by the AGOBOT.ZZ WORM! | No |
| X | SVCHost2 | svchost2.exe | Added by the RBOT.BLC WORM! | No |
| X | SvcHost32 | svchost32.exe | Added by the MIMAIL.I or MIMAIL.J WORMS! | No |
| X | svchost32.exe | svchost32.exe | Added by the ASSASIN.20B BACKDOOR! | No |
| X | svchost64 | svchost64.exe | Added by the SDBOTER.G VIRUS! | No |
| X | svchosta | svchosta.exe | Added by the SNIFFER-I TROJAN! | No |
| X | svchostb | svchostb.exe | Added by the SNIFFER-J TROJAN! | No |
| X | SvcHostDHCP | svchost32.exe | Added by the ASSASIN.20B BACKDOOR! | No |
| X | svchostdll.scr | svchostdll.scr | Added by the BANCBAN-FM TROJAN! | No |
| X | SvcHosto | v1rg1n.exe | Added by the AGOBOT-TK WORM! | No |
| X | svchostr | svchostr.exe | Added by an unidentified WORM or TROJAN! | No |
| X | svchosts | svchosts.exe | Added by the BANCBAN-DC or BANKER-ED TROJANS! | No |
| X | svchosts.exe | svchosts.exe | Added by the AGOBOT-JN WORM! | No |
| X | svchosts.scr | svchosts.scr | Added by the BANCBAN-DQ TROJAN and variants! | No |
| X | SVCHOT | SVCHOT.exe | Added by the QQROB-U TROJAN! | No |
| X | svchst | svchst.exe | Added by the KBROY-C TROJAN! | No |
| X | svcinfo | svcinfo.exe | Added by the CRYPTER.A TROJAN! | No |
| X | Svclhost | svcchost.exe | Added by an unidentified WORM or TROJAN! | No |
| X | SvcManager | restore3.exe | Added by the AGENT-DSS TROJAN! | No |
| X | SvcManager | [path to trojan] | Added by the ZALON-A BACKDOOR! | No |
| X | SvcManager | mdmex2.exe | Added by the ZALON-B BACKDOOR! | No |
| U | svcmon | svcmon.exe | PersonInspect surveillance software. Uninstall this software unless you put it there yourself | No |
| X | Svconr | Svconr.exe | WaveRevenue-lBann adware | No |
| X | Svcphpwin | sslphp32.exe | Added by the AGOBOT-ABR WORM! | No |
| X | svcroot | svcroot.exe | Added by the KEYLOG-AC TROJAN! | No |
| X | svcroot | xffanl.exe | Added by the AGENT-BMF TROJAN! | No |
| X | svcshare | winampXP.exe | Added by the FUJACKS-J VIRUS! | No |
| X | svcshare | spoclsv.exe | Added by the FUJACKS-A VIRUS! | No |
| X | svcshare | CTMONTv.exe | Added by the FUJACKS-AJ WORM! | No |
| X | svcshare | nvscv32.exe | Added by the FUJACKS-Z WORM! | No |
| X | SvcSys | [path to file] | Added by the BANCOS.Z TROJAN! | No |
| X | Svcsys Registry Manager | svcsysreg.exe | Detected by Kaspersky as the AGENT.CV TROJAN! | No |
| X | svcsys32 | svcsys32.exe | Added by the AGOBOT-LL WORM! | No |
| X | svctask | svctask.exe | Added by the CHUCKYB-A TROJAN! | No |
| X | svcwinprocess32 | [path to worm] | Added by the UPERING WORM! | No |
| X | SVGA Adapter | svghost.exe | Added by a variant of the SPYBOT WORM! See here | No |
| X | svhcost | svhcost.exe | OpenSearch adware | No |
| X | svhoost | checksys.exe | Added by a downloader TROJAN of Chinese origin! | No |
| X | SVHOST | svhost.exe | Added by the MYDOOM.I WORM! The file is located in %System% | No |
| X | SVHOST | SVHOST.EXE | Added by the ZORI.A VIRUS! The file is located in %System%\SVCHOSTV | No |
| X | Svhost | Svhost.exe | Added by the VB-ASG WORM! This file is located in a "Hwnd" sub-directory of the Root folder (C:\), (D:\), etc | No |
| X | Svhost Loader | svshost.exe | Added by the AGOBOT.G WORM! | No |
| X | Svhost Service Server | svhostser.exe | Added by a variant of the RBOT WORM! See here | No |
| X | svhost updates | Svhost.exe | Added by a variant of the RBOT WORM! | No |
| X | svhost windows services | svhost8.exe | Added by the RBOT-WQ WORM! | No |
| X | svhost32 | svhost32.exe | Added by the AUTORUN-AWY WORM! | No |
| ? | SVIDC32M | SVIDC32M.exe | ?? | No |
| X | sVideo2 | [path to dialler] | "Switch-D" premium rate adult content dialler | No |
| X | sviload32 | sviload32.exe | Added by the RBOT-AAS WORM! | No |
| ? | SVM Pop | svmpop.exe | ?? | No |
| X | svnlitup32 | svnlitup32.exe | Added by the RBOT.CBJ WORM! | No |
| X | svnloader | svnload32.exe | Added by the RBOT-ACU WORM! | No |
| X | SVOHST | svohst.exe | Added by the IRCBOT-AEI WORM! | No |
| X | Svost Loader | svost.exe | Added by the SDBOT.G BACKDOOR! | No |
| X | svphost.exe | svphost.exe | Added by the AGENT.CS TROJAN! | No |
| U | SVPWUTIL | SVPWUTIL.exe SVPwUTIL | Part of Toshiba Hardware Setup | No |
| X | svrrun | svrrun.exe | Adware hailing from Deskwizz.com | No |
| X | svsekin | svsekt.exe | Added by the QQPASS.G TROJAN! | No |
| X | svshost | svshost.exe | Added by the CHODE-H WORM! | No |
| X | svshost | messenger.exe | Added by the LOONY-G TROJAN! | No |
| X | Svshost Update Service | svcbind.exe | Added by the MYTOB.LH WORM! | No |
| X | svshost32 | msgrsv32.exe | Added by the RANKY.AJ TROJAN! | No |
| X | svshost32 | svshost32.exe | Added by a variant of the SDBOT WORM! | No |
| X | svshostdriver | svshost.exe | Added by the SDBOT-HN TROJAN! | No |
| X | svtcin | n20050308.a.Stub.EXE | Added by the N20050308 TROJAN! | No |
| X | svwin32 | unninst32.exe | Added by the AGOBOT-NF WORM! | No |
| X | SVX Control Service | svxhost.exe | Added by the FORBOT-K WORM! | No |
| U | SW20 | sw20.exe | Related to MSI's Dynamic Overclocking Technology | No |
| U | SW24 | sw24.exe | Related to MSI's Dynamic Overclocking Technology | No |
| Y | swAgentexe | SWAGENT.EXE | Part of the now obsolete McAfee Managed VirusScan anti-virus and anti-spyware security tool for small businesses | No |
| N | Swap Nut | javaw.exe | javaw.exe can be loaded by other programs at startup but in this instance it's SwapNut, a peer-to-peer file sharing and searching utility developed and marketed by File Metrics, Inc. Users can search for and find almost any type of digital file (audio, video, photos etc.) through a secure peer-to-peer network | No |
| X | SWCaller | SWcaller.exe | Swporta homepage hijacker | No |
| X | SWCaller | Swcaller2.exe | Swporta homepage hijacker | No |
| X | Swchost | Swhost.exe | Added by the BDOOR-MP BACKDOOR! | No |
| U | SWClient | swsys.exe | ActivMonAgent keyboard logger/monitoring program - remove unless you installed it yourself | No |
| U | SWClient | swclient.exe | Stealth Watcher surveillance software. Uninstall this software unless you put it there yourself | No |
| X | swcroot | swcroot.exe | Added by the SOLENO-A TROJAN! | No |
| U | SWd | winwd.exe | PC Security™ from Tropical Software - "is the ultimate in computer security, offering multiple locking systems for the windows environment and internet. Lock files, monitor programs activities, even detect intruders!" | No |
| Y | Sweep95 | ICLOAD95.EXE | Part of Sophos ant-virus sofware | No |
| N | SweetIM | SweetIM.exe | vSweetIM - send fancier smiley-faces and IM graphics to friends who are using MSN Messenger. They are only able to see these advanced smiley-faces if they also have SweetIM installed | No |
| X | Swf32 | AVupdate.exe | Added by the MERKUR.E WORM! | No |
| X | Swf32 | _backup.exe | Added by the SYMTEN WORM! | No |
| U | swg | GoogleToolbarNotifier.exe | Part of Google Toolbar (from version 4 onwards) for IE. "Google Toolbar Notifier allows you to set Google as your default search engine and prevents your search settings from being changed without your consent. An icon in your system tray blinks if the Notifier identifies an attempt to change your default search engine. You can click the icon to get more details and allow the change". There was a bug in earlier versions where disabling the option resulted in the entry still running at startup but this has now been resolved | Yes |
| X | SwiftCleaner | SwiftCleanerScanner.exe | SwiftCleaner rogue cleaning utility - not recommended, removal instructions here | No |
| X | SwimSuitNetwork | SwimSuitNetwork.exe | Advertising spyware | No |
| X | swingsys | SWINGSYS.EXE | Added by the BANCOS-CX TROJAN! | No |
| U | Switch Off | swoff.exe | Switch Off - tray-based system utility that can automatically perform various frequently used operations like shutdown or restart your computer, disconnect your current dialup connection, lock workstation, etc | No |
| N | Switchboard.com Toolbar | AtHoc.exe | Toolbar for the on-line version of Yellow Pages in the US - Switchboard.com | No |
| U | SwitchDesk | SwitchDesk.exe | PowerUp SwitchDesk - virtual desktop manager which allows "you have the possibility to launch games, working and development applications, office and entertainment software on multiple desktops to bring order to your system". Part of Ashampoo® PowerUp XP Platinum 2 from Ashampoo GmbH & Co. KG | Yes |
| U | Switcher | Switcher.exe | "On a Sony laptop with built in wireless it allows the user to select which wireless services they want to run (i.e. Wireless LAN, Bluetooth, both) when turning the wireless switch on if disabled)" | No |
| X | switp | switpa.exe | OfferAgent adware | No |
| U | SWL | rundll32.exe [path] SWL.dll rdl | StealthWeblog surveillance software. Uninstall this software unless you put it there yourself! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| U | SWN2 | swnxt.exe | Spyware remover by TrekBlue. Previously not recommended but the latest version was delisted here | No |
| X | sws.exe | [random filename] | Haldex type adult content dialler | No |
| X | sws.exe | gd-dial.exe | Globaldialer adult content premium rate dialer | No |
| N | SwTray | SWTRAY.EXE | MS SideWinder game controller system tray icon. Available via Start -> Programs. May have the version number after it | No |
| N | SWTrayV4 | SWTrayV4.exe | MS SideWinder game controller system tray icon. This is specific to version 4 of the software. Available via Start -> Programs | No |
| U | SwyxIt! | SwyxIt!.exe | PC Based soft phone from Swyx - see here for more details | No |
| U | SX Virtual Link | Connect.exe | SX Virtual Link from Silex Technology America, Inc. Utility to connect USB devices | No |
| ? | SXGDSENU | sxgdsenu.exe | Yamaha SXG soundcard driver | No |
| N | SxgTkBar | sxgtkbar.exe | Yamaha SXG soundcard utility - gives quick and easy access via the system tray bar to diagnostics and configuration | No |
| ? | Sxplog | sxpstub.exe | Part of CA Unicenter Software Delivery - manage software across various systems, from desktops and servers to PDAs and mobile phones, in a controlled and standardized way - is it required at startup? | No |
| X | sxrrv | sxrrv.pif | Added by the VAX-A TROJAN! | No |
| X | sy | s2.exe | Added by a variant of the RBOT WORM! | No |
| U | SybaseCentral43 | scjview.exe | Related to SQL Anywhere from Sybase. A comprehensive package providing data management and data exchange technologies | No |
| X | SyBot v2.1 By Sky-Dancer | HPSV.exe | Added by the ZOTOB.I WORM! | No |
| X | SYDNEY | [file path] | Added by the SYNEY WORM! | No |
| X | syelimS-esreveR-troppuS | [filename] | Added by the LITBOT.C TROJAN! | No |
| X | Syesm | Syesm.exe | Added by the BUZUS WORM! | No |
| X | Syga432te Pe432rsonal Firewall | MrNo4236.exe | Added by the RBOT-AQY WORM! | No |
| X | Sygaete Personal Firewall | SyGate.exe | Added by the RBOT-GLX WORM! | No |
| X | Sygate Peral Firewall | Syga.exe | Added by the RBOT-AQK WORM! | No |
| X | Sygate Personal 3 | svrv.exe | Added by the RBOT-XD WORM! | No |
| X | Sygate Personal Block | Studio.exe | Added by the RBOT-TW WORM! | No |
| X | Sygate Personal Firewall | Win32x.exe | Added by the RBOT-KZ WORM! | No |
| X | Sygate Personal Firewall | system32.exe | Added by the RBOT.VI WORM! | No |
| X | Sygate Personal Firewall | sysgut.exe | Added by the SDBOT.WM WORM! | No |
| X | Sygate Personal Firewall | Sygate.exe | Added by the RBOT-PN WORM! | No |
| X | Sygate Personal Firewall | Mcafeeupdate.exe | Added by the RBOT.YN WORM! | No |
| X | Sygate Personal Firewall | Sygate32.exe | Added by the RBOT.ATW WORM! | No |
| X | Sygate Personal Firewall | MSNSRV32.exe | Added by a variant of the RBOT WORM! | No |
| X | Sygate Personal Firewall | service.exe | Added by a variant of the RBOT WORM! | No |
| X | Sygate Personal Firewall | t1ktik.exe | Added by the RBOT-VP WORM! | No |
| X | Sygate Personal Firewall | host32.exe | Added by the RBOT.ALD WORM! | No |
| X | Sygate Personal Firewall | sexy.exe | Added by the RBOT-XY WORM! | No |
| X | Sygate Personal Firewall | sys.exe | Added by the RBOT-ZC WORM! | No |
| X | Sygate Personal Firewall | syserror.exe | Added by the RBOT.UC WORM! | No |
| X | Sygate Personal Firewall | hostserv.exe | Added by the RBOT.BKO WORM! | No |
| X | Sygate Personal Firewall | msnmsgrs.exe | Added by the RBOT.XN WORM! | No |
| X | Sygate Personal Firewall | Sygat.exe | Added by a variant of the RBOT WORM! | No |
| X | Sygate Personal Firewall | wins.exe | Added by the RBOT.AOB WORM! | No |
| X | Sygate Personal Firewall | winxpstat.exe | Added by a variant of the RBOT WORM! | No |
| X | Sygate Personal Firewall | Syga.exe | Added by the RBOT-AQD WORM! | No |
| X | Sygate Personal Firewall | svchots.exe | Added by the RBOT.ABT WORM! | No |
| X | Sygate Personal Firewall | win31243.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | Sygate Personal Firewall Start | services32.exe | Added by the RBOT-MB WORM! | No |
| X | Sygate Personal Firewall Start | servic.exe | Added by the RBOT-RY WORM! | No |
| X | Sygate Personal Port | crss.exe | Added by the RBOT-PX WORM! | No |
| X | Sygate Personal Port Blocker | volume.exe | Added by a variant of the RBOT WORM! | No |
| X | Sygate Personal Port Blocker | winupdate.exe | Added by a variant of the RBOT WORM! | No |
| X | Sygate Personals Firewalls | ccsrn.exe | Added by a variant of the RBOT WORM! | No |
| X | Sygates Personal Firewall | sygs.exe | Added by the RBOT.XB WORM! | No |
| U | SyGateService | sgserv95.exe | SyGate is a useful little program that lets you share an internet connection over an intranet. Is it needed - it saves a lot of headache to just let SyGate load at startup. Available via Start -> Programs | No |
| X | Symantec | ccapp.exe | Added by the REATLE WORM! Note - this is not a Symantec file | No |
| X | Symantec Anti Virus | symantec32.exe | Added by a variant of the WOOTBOT WORM! | No |
| X | Symantec Antivirus professional | dfrgfrat.exe | Added by a variant of the FORBOT WORM! | No |
| X | Symantec Antivirus professional | autoformat.exe | Added by a variant of the FORBOT WORM! | No |
| X | Symantec Antivirus professional | dyndns.exe | Added by a variant of the FORBOT WORM! | No |
| X | Symantec Antivirus professional | f0dns.exe | Added by the FORBOT-GT WORM! | No |
| X | Symantec Antivirus professional | flushdns.exe | Added by a variant of the FORBOT WORM! | No |
| X | Symantec Antivirus professional | for.exe | Added by a variant of the FORBOT WORM! | No |
| X | Symantec Antivirus professional | regedit.exe | Added by a variant of the FORBOT WORM! Note - this is not the valid Windows registry editor which resides in %Windir% and will not normally figure in Msconfig/Startup! This version resides in %System% | No |
| X | Symantec Antivirus professional | Symantex.exe | Added by a variant of the FORBOT WORM! | No |
| X | Symantec Antivirus professional | windows .exe | Added by a variant of the FORBOT WORM! | No |
| X | Symantec Antivirus professional | Winhp32.exe | Added by a variant of the FORBOT WORM! | No |
| X | Symantec Antivirus professional | winudp.exe | Added by a variant of the WOOTBOT WORM! See here | No |
| X | Symantec Antivirus professional | xplrer.exe | Added by a variant of the FORBOT WORM! | No |
| X | Symantec Autoscan | [random filename] | Added by the RBOT-AJO WORM! | No |
| Y | Symantec Backup Exec Desktop Agent | DLOClientu.exe | Part of Symantec's Backup Exec backup software | No |
| X | Symantec Client Security | symclient.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Symantec Configuration Loader | ccApp32.exe | Added by the AGOBOT-EE WORM! | No |
| Y | Symantec Core LC | symlcsvc.exe | Part of Norton AntiVirus 2004. What does it do? | No |
| X | Symantec Debug Client | symdebugs.exe | Added by the IRCBOT-ACM TROJAN! | No |
| N | Symantec Fax Starter Edition Port | OLFSNT40.EXE | Offers a virtual printer as a fax machine. Can be run via a desktop shortcut | No |
| Y | Symantec NetBackup Desktop Agent | DLOClientu.exe | Part of Symantec's NetBackup backup software | No |
| U | Symantec NetDriver Monitor | SNDMon.exe | Part of Symantec's LiveUpate (eg, Norton). Not required if you run manual updates but probably required if you leave them to run automatically. Also, if one runs a small office network and SNDMon is disabled on one of the computers then other computers disappear from the network for this computer, including shared devices like printers and scanners. Hence the "U" recommendation | No |
| U | Symantec NetDriver Warning | SNDWarn.exe | Part of Symantec Live Update - displays the warning when you need to update the firewall database | No |
| U | Symantec PIF AlertEng | PIFSvc.exe | Symantec LiveUpdate Notice Service | No |
| X | Symantec Secure Server | svrhost.exe | Added by the IRCBOT-UB TROJAN! | No |
| X | Symantec Security | symantec32.exe | Added by the RANDEX.PR or RANDEX.YR WORMS! | No |
| X | Symantec Security Addon | nvsvc.exe | Added by a variant of the AGOBOT/GAOBOT WORM! Note - do NOT confuse with the legitimate NVIDIA Driver Helper Service file of the same name as described here | No |
| X | Symantec Security Routine Addon | navpaw.exe | Added by the AGOBOT-ES BACKDOOR! | No |
| X | Symantec Security Routine Addon for Microsoft Windows | navpxaw32.exe | Added by the AGOBOT-GJ TROJAN! | No |
| X | Symantec Service | ccApp.exe | Added by the AKHER.D WORM! Note - this is also not the valid Norton AV file with the same filename | No |
| X | SymantecFilterCheck | svhost.exe | Added by the BANKER-EEO TROJAN! | No |
| X | SymantecFilterCheck | gmilogof.exe | Added by the BANKER-EKC TROJAN! | No |
| X | SymantecFilterCheck | [path to trojan] | Added by the BANKER-EIN TROJAN! | No |
| X | SymantecFilterCheck | bsyys.scr | Added by the BANLOAD.DZC TROJAN! | No |
| X | SymAV | SymAV.exe | Added by the NETSKY.U WORM! | No |
| U | SymKeepAlive | CKA.exe | Part of Norton SystemWorks 2003 - keeps a dial-up modem connection alive | No |
| X | Symlcs | [path to file] | Added by the YASPY-A TROJAN! | No |
| X | Symmetrical Network | symmec.exe | Added by the DELBOT-N WORM! | No |
| X | SymRun | N/A | Added by the KANGAROO-A TROJAN! | No |
| X | SymRun | ccApps.exe | Added by the KAGEN-A TROJAN! | No |
| N | SymTray - Norton SystemWorks | SYMTRAY.EXE | Keeps all System Tray icons for Norton SystemWorks together to reduce clutter. SystemWorks includes Norton Anti-Virus, Norton Utilities and Norton CleanSweep - mentioned elsewhere here. Personally I only have Norton eMail Protect running which doesn't need SymTray | No |
| U | Synaptics Pointing Device Driver | SynTPEnh.exe | Synaptics TouchPad Enhancements - included with drivers for Synaptics based TouchPads, which are common on many laptops. Required to display the System Tray icon and support enhanced features such as Tap Zones, Virtual Scrolling and EdgeMotion. If you don't use these features this can safely be disabled. Required on IBM Thinkpads with UnltraNav (pointstick and touchpad combo) if you don't want to loose the advanced pointstick features such as scroll | Yes |
| U | Sync Data | Hndsync.exe | Pocket Real Estate - mobile synchronization manager | No |
| X | Sync Server | drwatsoon.exe | Added by the WATSOON.A TROJAN! | No |
| U | Sync-It | Syncit.exe | Sync-It - synchronizes the system clock with time servers on the internet | No |
| U | SyncAgent | syncagent.exe | Ghost Keylogger keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| X | Synchronization Agent | mobsynca.exe | Added by the RANDEX-E WORM! | No |
| U | Synchronization Manager | mobsync.exe | Microsoft Synchronization Manager for 2K/XP - used to update network copies of materials that were edited offline, such as documents, calendars, and e-mail messages. Available via Start → All Programs → Synchronize, this entry appears if you select Setup → "When I log on to my computer" | Yes |
| X | Synchronization Manager | rservers.exe | Added by the FORBOT-FM WORM! | No |
| X | syncman | winsync.exe | Added by the MANCSYN-A TROJAN! | No |
| X | SyncManager | msorunner.exe | Added by a variant of the TACTSLAY TROJAN! | No |
| X | SyncMon | adslcomdos.exe | Added by the CLUNKY-A TROJAN! | No |
| X | SyncMon | fixcomdos.exe | Added by the CLUNKY-B TROJAN! | No |
| ? | SynSetup | SynTP.tmp RunOnce.exe | Probably associated Synaptics touchpads on laptops as for the SynTPEnh and SynTPLpr entries but what does it do and is it required? | No |
| X | Syntax | windows32.exe | Added by the SDBOT.CQ WORM! | No |
| X | Syntax Script | systacq.exe | Added by the SDBOT.AI WORM! | No |
| X | Syntax Script | saskatcw.exe | Added by the SDBOT-TE WORM! | No |
| U | SynTPEnh | SynTPEnh.exe | Synaptics TouchPad Enhancements - included with drivers for Synaptics based TouchPads, which are common on many laptops. Required to display the System Tray icon and support enhanced features such as Tap Zones, Virtual Scrolling and EdgeMotion. If you don't use these features this can safely be disabled. Required on IBM Thinkpads with UnltraNav (pointstick and touchpad combo) if you don't want to loose the advanced pointstick features such as scroll | Yes |
| U | SynTPLpr | SynTPLpr.exe | Synaptics TouchPad driver helper - included with drivers for Synaptics based TouchPads, which are common on many laptops. Works in conjucntion with SynTPEnh and is required if you use any of the enhanced features such as Tap Zones, Virtual Scrolling and EdgeMotion | Yes |
| U | SynTPStart | SynTPStart.exe | Synaptics Pointing Device starter belonging to Synaptics Pointing Device Driver | No |
| X | sys | regedit /s sys.reg | Raxmus adware. Note that the Windows registry editor (regedit.exe) is a legitimate Microsoft file located in %Windir% and shouldn't be deleted. The file "sys.reg" is located in %Windir% | No |
| X | sys | regedit sysdllwm.reg | CoolWebSearch parasite variant - also detected as the FEMAD-L TROJAN! | No |
| X | sys | Fonts.exe | Added by the AUTORUN.BUK WORM! | No |
| X | sys | rundll32.exe | Added by the LINEAG-G TROJAN! Note - this is not the legitimate rundll32.exe process, which is found in %Windir% (98/ME) or %System% (NT/2K/XP). This one is located in %Windir%\Intel | No |
| X | Sys Ren | SysRen.exe | Part of FlashEnhancer adware | No |
| X | sys************* [* = random digit] | sys*************.exe [* = random digit] | WINBO adware | No |
| X | Sys**.exe [* = random char] | Sys**.exe [* = random char] | CoolWebSearch/HomeSearch adware - for examples, see this log | No |
| X | Sys**32.exe [* = random char] | Sys**32.exe [* = random char] | CoolWebSearch/HomeSearch adware - for examples, see this log | No |
| X | Sys-Stat | wuapdxe.exe | Added by the SDBOT.HK WORM! | No |
| X | sys008 | sys008.exe | Hijacker, also detected as the STARTPA-GK TROJAN! | No |
| X | sys009 | sys009.exe | Added by the STARTPA-ZB TROJAN! | No |
| X | SYS1 | system.exe | Added by the SILLYFDC-AP WORM! | No |
| X | SYS2 | bad1.exe | Added by the SILLYFDC-AP WORM! | No |
| X | sys201 | sys209.exe | Added by the STARTPA-ZY TROJAN! | No |
| X | Sys29 | win***32.exe [* = random char] | EliteBar adware | No |
| X | SYS3 | bad2.exe | Added by the SILLYFDC-AP WORM! | No |
| X | sys32 | SYS32.EXE | Added by the FLUX.E BACKDOOR! The file is located in %System% | No |
| X | sys32 | sysx32.exe | Added by the KVEX-A VIRUS! | No |
| X | Sys32 | Sys32.exe | Added by the AUTORUN-KL WORM! The file is located in %Windir% | No |
| U | sys32cmd | sys32win.exe | Active Keylogger keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| X | sys32dll | sys32dll.exe | Added by the AIMDES.B WORM! | No |
| U | sys32sql | sys32win.exe | Active Keylogger keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| X | sys32_nov | sys32_nov.exe | Added by the AGENT-LAX TROJAN! | No |
| X | sys33 | sys33.exe | Added by the AGOBOT-WJ WORM! | No |
| X | SYS4 | bad3.exe | Added by the SILLYFDC-AP WORM! | No |
| X | sys64_nov | sys64_nov.exe | Added by the MUTANT.FKA TROJAN! | No |
| X | SysA | win***32.exe [* = random char] | EliteBar adware | No |
| U | SysAgent | SysAgent.exe | SYSagent - small utility for retrieving all the hardware and software information required by anyone administering a machine and/or the network it's a part of | No |
| X | SysAI | SysAI.exe | AproposMedia adware | No |
| X | sysalgg | sysalgg.exe | Added by the TIBS.BF WORM! | No |
| X | Sysanalysing | myrvc.exe | Added by the AUTORUN-RD WORM! | No |
| X | SysAntivirus 2009 | sysav.exe | SysAntivirus 2009 rogue security software - not recommended, removal instructions here | No |
| X | SysATW | sysatw.exe | Added by the VANEBOT-AM WORM! | No |
| X | sysav | winav.exe | WinPC Antivirus rogue security software - not recommended, removal instructions here | No |
| U | SysBkup | [path to file] | Keyspy keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| X | SysBoot | syskernel.exe | Added by the AUTORUN-EY WORM! | No |
| U | Sysbot | sysbot.exe | Spector - spying (or monitoring) software to record internet activity | No |
| X | syscfg | syscfg32.exe | Added by the KWBOT.S WORM! | No |
| X | syscfg34.exe | syscfg34.exe | Added by the ELECTRON WORM! | No |
| X | Syscheck | win.hta | Browser hijacker | No |
| X | syscheck | iexplorer.exe | Added by the AGENT.DM TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe) | No |
| U | SysCheck32 | sb32mon.exe | Part of the SpyBuddy keystroke logger/monitoring program - see here. Remove unless you installed it yourself! | No |
| X | SysCleaner | SysCleaner.exe | SysCleaner rogue cleaning utility - not recommended, removal instructions here | No |
| X | sysclx | ntldrt.exe | Added by the JLOK-A WORM! | No |
| X | syscm | Syscm.exe | Vanish adware | No |
| ? | SysComp | mssdnl.com | Unknown but suspect as *.com are not usually run at start up and the name isn't recognized | No |
| X | syscon | syscon.exe | Added by the APRILCONE.A WORM! | No |
| X | syscon lptt01 | syscon.exe | RapidBlaster variant (in a "Syscon" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here | No |
| X | syscon ml097e | syscon.exe | RapidBlaster variant (in a "Syscon" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here | No |
| X | sysconfig | iexplorer.exe | Added by the CULT.C WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) | No |
| X | SysConfig | syscfg35.exe | Added by the KAZMOR.C WORM! | No |
| X | SysConfig | wincfg32.exe | Added by the SDBOT.ZD WORM! | No |
| U | Sysconfig | Stealth KeySpy.exe | StealthKeySpy - keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| X | Syscpy | Syscpy.exe | Firewall-bypassing, proxied spam relayer. Detected by Symantec as the HOGLE TROJAN! | No |
| X | SysCtl | sysctl.exe | Added by the AOK TROJAN! | No |
| X | Sysctrls | procdll.exe | Added by the WEEDBOTZ.14 TROJAN! | No |
| X | Sysctrls | winupdate.exe | Added by an unidentified WORM or TROJAN! | No |
| X | Sysctrls | mscntrl.exe | Added by the KOLABC.BB WORM! | No |
| X | Sysctrls | Sysctrls.exe | Added by the AGENT.AWZ TROJAN! | No |
| X | Sysctrls | win32dll.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Sysctrls32 | sevchost.exe | Added by the RBOT.ADF BACKDOOR! | No |
| X | SysCVMS.exe | SysCVMS.exe | Added by the SMALL.CBA TROJAN! | No |
| X | sysdat.dll | sysdat.dll.exe | Added by the NISHICA 1.1 TROJAN! | No |
| X | SysData | [path to file] | Added by the RANCK-BA TROJAN! | No |
| X | SysDefence.exe | SysDefence.exe | SysDefence rogue security software - not recommended, removal instructions here. A member of the AntiAID family | No |
| X | SysDepannage | SysRep.exe | SysDepannage, French rogue system error and cleaning utility - not recommended. A member of the ErrClean family | No |
| X | SysDeskqqfx | qqfx.exe | Added by the QQPASS.H TROJAN! | No |
| X | SysDeskqqfx | Runddll32.exe | Added by the CHANGGAME TROJAN! | No |
| X | SysDesktop | fswanQQ.exe | Added by the QQSEND-A TROJAN! | No |
| X | sysdiag64.exe | sysdiag64.exe | Added by a the AUTOINF-AB WORM! | No |
| X | sysdir | winrun.exe | Added by the WINBUR.B WORM! | No |
| X | sysdll | windll.exe | Added by the AUTORUN.ECT WORM! | No |
| X | sysdll | [trojan filename] | Added by the HUGESOT TROJAN! | No |
| X | Sysdpt | sysdpt.exe | CRYPT trojan downloader | No |
| X | sysdxvid | sysdxvid.exe | Added by the DLUCA-S TROJAN! | No |
| X | sysemls | sysem.exe | Added by a variant of the SDBOT WORM! | No |
| X | SysEQ | svclgx32.exe | Added by the IRCBOT-AC TROJAN! | No |
| X | sysfiler | sysfiler.exe | Added by the RETSAM TROJAN! | No |
| X | SYSfit | SYSfit.exe | AdShooter adware variant | No |
| X | sysflg32 | sysflg32.exe | Added by a variant of the CRYPTER.C TROJAN! | No |
| X | sysformat | sysformat.exe | Added by the BAGLE-BK WORM! | No |
| X | sysfrcx | sysfrcx.exe | Added by the KEYLOG-SCLOG TROJAN! | No |
| X | sysftray2 | bolivar19.exe | Added by the KOOBFACE.I WORM! | No |
| X | Sysgate Personal Firewall | syst3ms.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | sysguard | sysguard.exe | Added by the FAKEAV-KI TROJAN! | No |
| X | sysguardn | s | Spyware Protect 2009 rogue spyware remover - not recommended, removal instructions here | No |
| X | syshelp | syshelp.exe | Added by the LOVGATE.C WORM! | No |
| X | syshost | syshost.exe | Added by the VB-DVZ TROJAN! | No |
| X | sysin | [path to file] | Added by the DSRC-A TROJAN! | No |
| X | sysinfo | sysinfo.exe | Added by the BEDRILL TROJAN! | No |
| X | sysinfo.exe | sysinfo.exe | Added by the BEAGLE.V WORM! | No |
| X | SysInit | wininit32.exe | Added by the XABOT WORM! | No |
| X | sysinit | services.exe | Added by the NEWLFRM-A TROJAN! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %System%\golumm | No |
| X | Sysino | lsess.exe | Added by the FORBOT-BF WORM! | No |
| X | sysint16 | sysint16.exe | Added by the CRYPTER.A TROJAN! | No |
| X | sysinter | ADIRSS.EXE | Added by the AGENT.JVJ TROJAN! | No |
| X | Syskey | sysinit.exe | Added by the BEAGLE.AX WORM! | No |
| X | sysldtray | ld02.exe | Added by the KOOBFACE.BG WORM! | No |
| X | sysldtray | ld03.exe | Added by the KOOBFACE.CA WORM! | No |
| X | sysldtray | ld11.exe | Added by the KOOBFACE.JG WORM! | No |
| X | sysLDtray | ld08.exe | Added by the AGENT-JSV TROJAN! | No |
| X | sysldtray | ld09.exe | Added by the AGENT-KFI TROJAN! | No |
| X | sysldtray | ld10.exe | Added by the FAKEAV-UD TROJAN! | No |
| X | sysldtray | ld12.exe | Added by the KOOBFACE.V WORM! | No |
| X | sysldtray | ld01.exe | Added by the KOOBFACE.I WORM! | No |
| X | sysldtray | ld15.exe | Added by the AGENT-LNH TROJAN! | No |
| X | Syslib | Syslib.exe | Adult content related downloader trojan | No |
| X | Syslog lptt01 | Syslog.exe | RapidBlaster variant (in a "Syslog" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here | No |
| X | Syslog ml097e | Syslog.exe | RapidBlaster variant (in a "Syslog" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here | No |
| X | syslogin.exe | syslogin.exe | Added by the BAGZ-B WORM! | No |
| X | SysMain | buff.exe | Added by the AGENT-ECW TROJAN! | No |
| U | Sysman | Sysman.exe | KeyTrap is a surveillance software program that records all keyboard activities. Uninstall this software unless you put it there yourself | No |
| X | SysManager | Manager.EXE | Added by the DAGGER.140 TROJAN! | No |
| X | sysme | sysme.exe | Added by the PSW_STEALER_C TROJAN! | No |
| X | sysmem | mmsete.exe | Added by the NOPIR.C WORM! | No |
| X | sysmem | outlookrem.exe | Added by the NOPIR-C WORM! | No |
| X | SysMemory manager | mdms.exe | Added by the CIMUZ-D TROJAN! | No |
| U | SysMetrix | SysMetrix.exe | SysMetrix - skinnable clock and metering application. It monitors and reports on a great number of statistics | No |
| X | sysMett1 | explorer.exe | Added by the LEGMIR-Y TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %ProgramFiles% | No |
| X | sysmini | sysmini.exe | Added by the ADLOAD.DD TROJAN! | No |
| X | sysmngr32 | sys64mnger.exe | Added by a variant of the RBOT WORM! | No |
| X | sysmntrc | sysmntrc.exe | Added by the BANCOS-FX TROJAN! | No |
| X | sysmod | sysmod.exe | Added by the SPYBOT-DU WORM! | No |
| X | sysmon | sysmon.exe | Added by the BIZEX WORM! | No |
| X | Sysmon | rpcmon.exe | Added by the RANDEX.ATX WORM! | No |
| X | sysmon | sysmon44.exe | Added by a variant of the BACKDOOR-CBA TROJAN! | No |
| X | SysMon | wowexece.exe | Added by the MULAN-A TROJAN! | No |
| X | Sysmon | SystemMonitor.exe | Added by the NUJAMA-A WORM! | No |
| X | Sysmon | msnmssgs.exe | Added by the SDBOT.FK WORM! | No |
| X | sysmon12 | [various filenames] | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | SysmonLog | mslog.exe | Added by the AGENT.AOV TROJAN! | No |
| X | sysmonnt | sysmonnt.exe | SearchPounder sends keywords typed into HTML forms and popular Internet search engines to a remote server | No |
| X | SysMonXP | SysMonXP.exe | Added by the NETSKY.Q WORM! | No |
| X | Sysmppcvppp | SysTdSvr.dll | Generic2.PQG adware | No |
| X | sysmss | sysems.exe | Added by a variant of the SLAPER TROJAN! | No |
| X | sysnate | sysnate.exe | Added by the MEDIAS TROJAN! | No |
| X | Sysnet | snuninst.exe | Unidentified adware | No |
| X | sysnet | sysnet.exe | CasClient adware - also detected as the CMAPP TROJAN! | No |
| X | sysobj.exe | sysobj.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | SysOps | SysOps | Added by the MSNCORRUPT TROJAN! | No |
| X | syspare | syspare.exe | Added by the BIFROSE-AN TROJAN! | No |
| X | syspath | drv.exe | Added by the SOBER WORM! | No |
| X | sysPersonalFirewall | msnmssgr.exe | Added by a variant of the RBOT WORM! | No |
| X | sysPersonalFirewall | system.exe | Added by the WOOTBOT.FH WORM! | No |
| X | sysPersonalFirewall | tskm0nitor.exe | Added by the SDBOT.APC WORM! | No |
| U | SysPilot | fdxxl.exe | G Data "PC Spion". PC monitoring and surveilling software, captures all users activity on the PC, see here. Disable/remove if you didn't install it yourself! | No |
| X | sysPnP | bootconf.exe | Homepage hijacker, redirecting to coolwwwsearch.com; see for example here | No |
| X | SysPnP | rundll32 setupapi, InstallHinfSection [varies] oemsyspnp.inf | CoolWebSearch PnP parasite variant | No |
| Y | SysPool | Mssvc.exe | StealthDisk - hides folders, files and applications. Will also encrypt them for better protection | No |
| X | SysPool | MSSVC32.EXE | Added by the BANCBAN-IO TROJAN! | No |
| X | SySPower | [path to trojan] | Added by the BANCBAN-OC TROJAN! | No |
| X | SysProtect | System.exe | Added by the NETSPY TROJAN! | No |
| X | SysProtect | syp.exe | SysProtect rogue security software, associated with WinFixer - not recommended, see here | No |
| X | SysProtect | USYP.exe | SysProtect rogue security software, associated with WinFixer - not recommended | No |
| X | SysProtect Free | USYP.exe | SysProtect rogue security software, associated with WinFixer - not recommended | No |
| X | syspw32.exe | syspw32.exe | Added by the APPFLET.A WORM! | No |
| X | Sysqq | LSESS.exe | Added by the FORBOT-BF WORM! | No |
| X | SysR | sysmd.exe | Ulubione adult content dialer | No |
| X | SysReg | SysReg.exe | Added by the CHEKIN TROJAN! | No |
| X | SysReg | SysReg.exe | SearchSeekFind textual marketing foistware | No |
| X | Sysres | Sysres.exe | Added by the LOGMOD.A TROJAN! | No |
| X | SysRes | TASKMANAGER.exe | Added by the ELIPTER.A or ELIPTER.B WORMS! | No |
| X | SysRes | WWE DIVAS.exe | Added by the ELIPTER.D WORM! | No |
| X | SysRes | IExpIore .exe | Added by the ELITPER.E WORM! | No |
| X | sysrest32.exe | sysrest32.exe | Added by the AGENT-GIN TROJAN! | No |
| X | sysrestore32.exe | sysrestore32.exe | Unknown malware detected by McAfee - see here | No |
| X | Syss | ehuupdate.exe | EHU adware | No |
| X | SysScan | bvt.exe | Added by the AUTOUPDER TROJAN! | No |
| X | SysSearch | Regedit.exe -s pcsearch.reg | Added by the STARTPAGE-FN TROJAN! Note that regedit.exe is a legitimate Microsoft file and shouldn't be deleted. The "pcsearch.reg" file is located in %Windir% | No |
| X | SysSearch | Regedit.exe -s sysreg.reg | Added by the STARTPA-ME TROJAN! Note that regedit.exe is a legitimate Microsoft file and shouldn't be deleted. The "sysreg.reg" file is located in %Windir% | No |
| U | SysSense | SysSense.exe | "SysSense is your personal desktop Google AdSense monitor. It keeps your current Google AdSense information in the Windows system tray". Google AdSense account required | No |
| X | sysser | [path to file] | Added by the RAHACK WORM! | No |
| X | SysService | SysService.exe | Added by the BDFORM-A BACKDOOR! | No |
| U | SysService | SERVICES.EXE | NSKeyLogger keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| X | SysService32 | SysService32.exe | Added by the KINDAL VIRUS! | No |
| X | SysService32 | ln32k.dll | Added by the KINDAL VIRUS! | No |
| X | SysService32l | systask32l.exe | Added by the THEUG WORM! | No |
| X | SYSsfitb | SYSsfitb.exe | AdShooter adware | No |
| X | SySSL | sysl.exe | Added by the RBOT-CKH WORM! | No |
| X | SysStart | [random filename] | ZenoSearch adware | No |
| X | SysStart | syswin.exe 1 | Added by the AUTORUN-EY WORM! | No |
| X | SysStrt | systemc.exe | Added by the AGOBOT-QA TROJAN! | No |
| X | syst | syst.exe | Added by the DUMB.A "Joke" virus | No |
| X | Systam13 | f1r5st83.exe | Added by the IRCBOT-YM WORM! | No |
| X | System | run322.exe | Added by the LANFILT TROJAN! | No |
| X | System | system.exe | Added by various WORMS and TROJANS! | No |
| X | system | regedit -s system.dll | Homepage hijacker | No |
| X | system | systemsearch.hta | Jetseeker.com hijacker | No |
| X | System | dcomx.exe | Added by the CIREBOT TROJAN! | No |
| X | system | Explorer.exe | Added by the GRAYBIRD BACKDOOR! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System% | No |
| X | System | YPager.exe | Added by the JUNTADOR.K TROJAN! Note - this is not the older version of Yahoo! Messenger which shares the same filename and is located on %ProgramFiles%\Yahoo!\Messenger | No |
| X | system | outlook.exe | Added by the MIMAIL.Q WORM! Note that the valid Microsoft Outlook executeable is located in %ProgramFiles%\Microsoft Office\Office whereas this one is located in %Windir% | No |
| X | System | Atira.exe | Added by the KOTIRA VIRUS! | No |
| X | SYSTEM | lsas.exe | Added by the SPYBOT.CJ WORM! | No |
| X | System | kernels32.exe | Added by the DLOADER-FC TROJAN! | No |
| U | System | sysctrl.exe | Added by WinGuardian. Note - this commercial keylogger is no longer made or sold by Webroot but older copies may still be in existance, those copies will be identified as spyware | No |
| X | System | csrss.exe | Added by the LDPINCH.E TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | System | svchost.exe | Added by the LDPINCH-AU TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in the Winnt or Windows folder | No |
| X | system | lsasse.exe | Added by the RBOT-YL WORM! | No |
| X | System | systray.exe | Added by the PISABOY-A TROJAN! Note - this is not the legitimate systray.exe process | No |
| X | System | abcdefg.exe | Added by the HARWIG-B WORM! | No |
| X | System | cber.exe | Added by an unidentified TROJAN! | No |
| X | System | serwin.exe | Added by the LDPINCH-BN TROJAN! | No |
| X | System | svchîst.exe | Added by the LDPINCH-BF TROJAN! | No |
| X | System | system.exe (74295303) | Added by the VB-IU WORM! | No |
| X | System | WINL0G0N.EXE | Added by the BANCOS-DB TROJAN! | No |
| X | System | wumgrd32.exe | Added by a variant of the RBOT WORM! | No |
| X | System | SPOOLSU.EXE | Added by the BANKER-FC TROJAN! | No |
| X | System | system23.exe | Added by the LEBREAT-D WORM! | No |
| X | System | windowsps.exe | Added by a variant of the RBOT WORM! | No |
| X | SYSTEM | d.exe | Added by the MYTOB.LP WORM! | No |
| X | System | inetinfo.exe | Added by the PARDROP-A TROJAN! | No |
| X | system | services.exe | Added by the DELF-LQ TROJAN! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\HELP | No |
| X | SYSTEM | VSSMON.exe | Added by the RBOT-AWW TROJAN! | No |
| X | SYSTEM | wiinlogon.exe | Added by the RBOT-AVG WORM! | No |
| X | System | kernels64.exe | Added by the VIXUP-S TROJAN! | No |
| X | system | lsass.exe | Added by the SATILOLER.B TROJAN! Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %ProgramFiles%\Common Files\System | No |
| X | System | smss.exe | Added by the AGENT.EP BACKDOOR! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | System | winupd.exe | Added by a variant of the SDBOT WORM! | No |
| X | system | messenger.exe | Added by an unidentified WORM or TROJAN! | No |
| X | System | kernels1118.exe | Added by a variant of the SDBOT WORM! | No |
| X | System | wsscntfy.exe | Added by a variant of the SDBOT WORM! | No |
| X | SYSTEM | windmupdr.exe | Added by a variant of the RBOT WORM! | No |
| X | system | svcr.exe | Added by the SPYONE TROJAN! | No |
| X | System | kernels88.exe | Added by the TIBS-PP TROJAN! | No |
| X | System | kernels8.exe | Added by the TIBS.AI TROJAN! | No |
| X | System | OeApi.vbs | Added by the AGUI WORM! | No |
| X | System | Updaterun.exe | Added by the QQHELP-DX TROJAN! | No |
| X | System | Zap.exe | Added by the MSNVB-D WORM! | No |
| X | System | BrO_AcT.exe | Added by the SILLYFDC-AL WORM! | No |
| X | System | Juegs.exe | Added by the CULLER-C WORM! | No |
| X | System | kernel8.exe | Added by the DLOADR-AOL TROJAN! | No |
| X | System | kernelwind32.exe | Added by the VXIDL.FT TROJAN! | No |
| X | System | Xsfr.exe | Added by the CULLER-D WORM! | No |
| X | System | kernelwind64.exe | Added by the DLOADER.DJD TROJAN! | No |
| X | SYSTEM | SystemFile.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | system | ssclie.exe | Added by the AGENT.LW BACKDOOR! | No |
| X | system | Winhelp.exe | Added by the IMAUT.CN WORM! | No |
| X | system | kernel32.ini | Added by the SILLYFDC.CJ WORM! | No |
| X | System | testtestt.exe | Added by the DWNLDR-ZLC TROJAN! | No |
| X | system | Microsoft Office.exe | Added by the BANCBAN-LH TROJAN! | No |
| X | System | IEXPL0RE.EXE | Added by the VB.KS WORM! Note the number "0" in the filename | No |
| X | system | sysnet.exe | Added by the VETOR-J WORM! | No |
| X | system | systemdb.exe | Barracuda Antivirus and Security Central rogue security software - not recommended, removal instructions here and here | No |
| X | System | winipck.exe | Added by the RBOT-TK WORM! | No |
| X | System | krln32.exe | Malware installed by different rogue security software including SpyKillerPro | No |
| X | system | system64.exe | Added by the BANCBAN-PP TROJAN! | No |
| X | System 64 Driver for Games | sys64dvr.exe | Added by the SDBOT TROJAN! | No |
| X | System Analyzer | lsass32.exe | Added by the SDBOT.CNI WORM! | No |
| X | System Applications Profile | sap.exe | Added by the RBOT-QF WORM! | No |
| X | System Auth | system52.exe | Identified as a variant of the Win32:Rizo-E malware | No |
| X | System Backup | msystem.exe | Adult content dialler | No |
| X | System backup | [random filename] | Added by the ADMINCASH.B TROJAN! Note - multiple different file names have been spotted, examples: web.exe, soft.exe, msxmidi.exe, wmplayer.exe, as well as completely random ones such as 9a2de006.exe, 36c75e3c.exe and so on | No |
| X | System Backup Services | backups32.exe | Added by a variant of the RBOT WORM! | No |
| X | System Boot Check | sysload3.exe | Added by the FUBALCA WORM! | No |
| X | System Boot Loader | sysboot32.exe | Added by the SDBOT.PG WORM! | No |
| X | System Buffer Application | buffer32.exe | Added by the SDBOT-UD WORM! | No |
| X | System Cache | SysCache.exe | Added by an unidentified VIRUS, WORM or TROJAN! | No |
| X | System CGI Manager | syscgmgr.exe | Added by an unidentified WORM or TROJAN! See here | No |
| U | System Check | Rundll32.exe SysDll32.dll, SystemCheck | XPCSpy Pro keystroke logger/monitoring program - remove unless you installed it yourself! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| X | system check | updater.exe | Unidentified adware downloader | No |
| X | System Check | win_klr32.exe | Added by the DELF-DRA WORM! | No |
| X | System Checking | wasul.exe | Added by the RBOT.BHM WORM! | No |
| X | System Config | BF3.EXE | Added by the SPYBOT-DT WORM! | No |
| X | System Config | sysloadcnf.exe | Added by a variant of the SDBOT WORM! See here | No |
| X | System Config Boot | syscgboot.exe | Added by the AGENT.VWU TROJAN! | No |
| X | System Config Manager | crss.exe | Added by the AGOBOT.GH WORM! | No |
| X | System Config Manager | smssl.exe | Added by the AGOBOT-ZJ WORM! | No |
| X | System Configuration | iexplore.exe | Added by the RANDEX.AD WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System% | No |
| X | System Configuration | syscfg32.exe | Added by the MYTOB.EA WORM! | No |
| X | System Configurator32 | SYSTEMCFG.EXE | Added by the AGOBOT-KS WORM! | No |
| X | system configure | svchost.exe | Added by the LINEAGE-C TROJAN! Note - this is not the legitimate svchost.exe process which should not normally figure in Msconfig/Startup! | No |
| X | System Core Memory | syscoremem.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | System CPL manager | [random filename] | Added by the RBOT-SR WORM! | No |
| X | System CSRSS Patch | scrtkfg.exe | Added by the RBOT-ADA WORM! | No |
| X | System Database administration | systemDA.exe | Added by the DERDERO.B WORM! | No |
| X | System Database Administration Support Process | sysdasp.exe | Added by the DERDERO.C WORM! | No |
| X | System DataBase Root | sysdbroot.exe | Added by the QHOST-W TROJAN! | No |
| X | System DB Manager | sysdbmg.exe | Added by an unidentified WORM or TROJAN! See here | No |
| X | System Defender | WS[random characters].exe | System Defender rogue security software - not recommended, removal instructions here | No |
| X | System Device | devices.exe | Added by the AGENT.AFIF WORM! | No |
| X | System Device Version | systemdv.exe | Added by a variant of the RBOT WORM! | No |
| X | System Diagnostics | sysdiag32.exe | Added by the SDBOT.GEN TROJAN! | No |
| N | System DLF | cpqdiaga.exe | Compaq Diagnostic record system utility which allow you to view information about your computer's hardware and software configuration. Available via Start -> Programs | No |
| U | System DLL Resources | sysdll.exe | SnapKey is a surveillance software program that records all keyboard activities. Uninstall this software unless you put it there yourself | No |
| X | System Doctor Free | systemdoc.exe | SystemDoctor rogue security software - not recommended, removal instructions here | No |
| X | System Document Application | nmod.exe | Added by the SDBOT-ABB WORM! | No |
| X | System Document Application | msdocument.exe | Added by the RANDEX.COX WORM! | No |
| X | System Document Application | wins.exe | Added by the SDBOT.AUB WORM! | No |
| X | System Download Manager | SysMgr.exe | Added by the RBOT.CIG WORM! | No |
| X | System driver | Messenger.exe | Added by the WOOTBOT.GI WORM! | No |
| X | System Drivers | wingmt.exe | Added by the SDBOT-MG WORM! | No |
| X | System Drivers | cpsq32.exe | Added by the SDBOT.AXH WORM! | No |
| X | System Drivers | sysdrv32.exe | Added by the AGOBOT-ZX WORM! | No |
| X | System Efficiency Monitor | mscedit32.exe | Added by the SDBOT.P TROJAN! | No |
| X | System Efficiency Monitor | mscommand.exe | Added by the KWBOT.P WORM! | No |
| X | System Efficiency Monitor | msedit32.exe | Added by the STEPH-B WORM! | No |
| X | System Efficiency Monitor | svchostx.exe | Added by the KWBOT.E WORM! | No |
| X | System Event Manager | secsvc.exe | Added by the RBOT.BMY WORM! | No |
| X | System Executable DLL Library | EXECDLL32.exe | Added by the RANDEX.AZ WORM! | No |
| X | System Failure Statistic | cnstat.exe | Added by the RBOT-LF WORM! | No |
| X | System File Drivers | nvsysvc32.exe | Added by the AGOBOT.WJ WORM! | No |
| X | System File Startup | sys32.exe | Added by the RBOT.OTL WORM! | No |
| U | System Files Updater | System Files Updater.exe | System Files Updater from Flyakiteosx "will transform the look of an ordinary Windows XP system to resemble the look of Mac OS X" | No |
| X | system firewall | makeini32.exe | Added by the AGOBOT-PS WORM! | No |
| X | System Firewall | sysfirewall.exe | Added by the AGOBOT-ACY WORM! | No |
| X | System Firewalls | commandprompt32.exe | Added by the RBOT.BJT WORM! | No |
| X | System Guard | mhguard.exe | Added by the RBOT-AGU WORM! | No |
| X | System Handler | LSASS.EXE | Added by the NIMOS WORM! Note - this is not the legitimate lsass.exe process, which should not appear in Msconfig/Startup! | No |
| X | system handler | srvhandle.exe | Added by the REDPLUT VIRUS! | No |
| X | System handler | Pandawas.exe | Added by the BHARAT.A WORM! | No |
| X | System Host | scvhost.exe | Added by a variant of the RBOT WORM! | No |
| X | System Host Manager | syshost.exe | Added by the BANWORM-C WORM! | No |
| X | System Host Service | svchost.exe | Added by the CONE.F WORM! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\tasks | No |
| X | System Information Manager | Navcpe.exe | Added by the SDBOT-QB WORM! | No |
| X | System Information Manager | Msbb.exe | Added by the SLINBOT.YR BACKDOOR! | No |
| X | System Information Manager | iexplore.exe | Added by a variant of the IRCBOT BACKDOOR! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System% | No |
| X | System Information Manager | mslog.exe | Added by the DELF.AKO TROJAN! | No |
| X | System Information Manager | no.exe | Added by the SPYBOT.NO WORM! | No |
| X | System Information Manager | syspass.exe | Added by the SDBOT-MO WORM! | No |
| X | System Information Manager | win.exe | Added by the SDBOT-MU WORM! | No |
| X | System Information Manager | windowsNt.com | Added by the SDBOT-ND WORM! | No |
| X | System Init | systeminit.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | System Initialization | msmsgri32.exe | Added by the RANDEX.D WORM or ROXY or ROXY.B TROJANS! | No |
| X | System Initialization | payload.dat | Added by the RANDEX.D WORM or ROXY or ROXY.B TROJANS! | No |
| X | System IP | systemip.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | System Kernal Support | system.exe | Added by the SDBOT.BWV WORM! | No |
| X | System Kernel | lsass.exe | Added by the VBBOT-G TROJAN! Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| U | System LifeGuard Scheduler | Slsched.exe | System LifeGuard scheduler | No |
| X | System Loader | systems.exe | Added by the AGOGBOT-FI WORM! | No |
| X | System Loader | syscfg.exe | Added by the AGOBOT-BS BACKDOOR! | No |
| X | System Loaderap | syst19b.exe | Added by the AGOBOT-AT BACKDOOR! | No |
| X | System Log Event | csrss32.exe | Added by the AGOBOT-JI WORM! | No |
| X | System Management Service | smsc.exe | Added by the RBOT-ANN WORM! | No |
| X | System Manager | svchost.exe | Added by the BANKER-AE TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in the Winnt or Windows folder | No |
| X | system manager | System.exe | Added by the FORBOT-BO WORM! | No |
| X | System Manager | winsrv32.exe | Added by an unidentified WORM or TROJAN! | No |
| X | System Manager | sysmng.exe | Added by the TAME-C WORM! | No |
| X | System Manager | sysmgr.exe | Added by the IRCBOT.AGW BACKDOOR! | No |
| X | System Manager | User Documents.exe | Added by the VB.GF VIRUS! | No |
| X | System Manager | sysmngr.exe | Added by the IRCBOT.BAQ BACKDOOR! | No |
| X | System Manager | ncvs32.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| X | System Manager Updates | winsvc.exe | Added by the AGOBOT.AEM WORM! | No |
| U | System Mechanic Popup Blocker | PopupBlocker.exe | Popup blocker part of Iolo System Mechanic utility suite | No |
| U | System Mechanic Popup Stopper | Popupstopper.exe | Popup stopper part of Iolo System Mechanic utility suite | No |
| N | System Mechanic Professional Update [Incinerator.dll] | SysMech4.exe /REREG: [path] Incinerator.dll | Iolo System Mechanic "Incinerator" feature securely deletes files and folders from your PC so they can never be recovered again | No |
| U | System Mechanic Startup Guard | StartupGuard.exe | System Mechanic Startup Guard protects the Window's startup locations from being modified by viruses, spyware, malware and other annoying programs | No |
| X | SYSTEM MESSAGER | wmisg.exe | Added by the MYTOB.ES WORM! | No |
| X | System Messaging Queue | SMCSS.EXE | Added by a variant of the RBOT WORM! | No |
| X | System Messenger | SYSMSG32.EXE | Added by the SPYBOT-DK WORM! | No |
| X | System Messenger32 | systgmgr32.exe | Added by the SDBOT.DF WORM! | No |
| X | System Microsoft Core | smc.exe | Added by the RIZO.A TROJAN! | No |
| U | System Monitor | SYSMON.EXE | Comes with some Aopen motherboards. Monitors CPU temp, voltage and fan speed. Warns if any become abnormal | No |
| X | System Monitor | Sysmon16.exe | Added by the SDBOT TROJAN! | No |
| X | System Monitoring | cute.exe | Added by the RAHIWI.A WORM! | No |
| X | System Monitoring | Mooks.EXE | Added by the BHARAT.A WORM! | No |
| X | System Monitoring | lsass.exe | Added by the BRONTOK-BS WORM! Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in Documents and Settings\<User>\Local Settings\Application Data\WINDOWS | No |
| X | System MScvb | mscvb32.exe | Added by the SOBIG.C WORM! | No |
| X | System Net | sys32.exe | Added by the FORBOT-FX WORM! | No |
| X | System Net Database | sysnd.exe | Added by the RBOT-AAW WORM! | No |
| X | System Networking | sysnet.exe | Added by the RBOT.API WORM! | No |
| X | System Power Managment | svcnost.exe | Added by the DREF-I WORM! | No |
| X | System Presets | [temp name].exe | Added by the HOSTINF-A WORM! | No |
| X | System Process | csrss.exe | Added by the ADCLICK-AG TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | System Process | lsass.exe | Added by the ADCLICK-AG TROJAN! Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | System Process | svchost.exe | Added by the ADCLICK-AG TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in the Winnt or Windows folder | No |
| X | System Process | CSRSR.exe | Added by the AGOBOT-SQ WORM! | No |
| X | System Process Analization | sysproc.exe | Added by a variant of the RBOT WORM! | No |
| X | System Process Analization Thread | system.exe | Added by a variant of the RBOT WORM! | No |
| X | System Profile | Regsrv.exe | Added by a variant of the OPTIX TROJAN! | No |
| X | System Protector | lsascs.exe | System Protector rogue security software - not recommended, removal instructions here | No |
| X | System Reboot | rebootsys.exe | Added by the RBOT-WU WORM! | No |
| X | System Redirect | sysbho.exe | Downloader trojan, "Melkosoft" adware related | No |
| X | System Registry Manager | sysrgmgr.exe | Added by an unidentified WORM or TROJAN! See here | No |
| X | System Restore | svcnet.exe | Added by the TIBICK WORM! | No |
| X | System Restore Data | [path] repcale.exe [path] beird.exe | Added by the RANDON.AN WORM! Both files are located in %System%\frbyjed | No |
| X | System Scanner | system.exe | Added by the AGOBOT-DI BACKDOOR! | No |
| X | System Security Checker | ssc.exe | Added by the IRCBOT-WI TROJAN! | No |
| X | System Security Updaters | vsmons.exe | Added by the RBOT-OW WORM! | No |
| X | System Service | MSREXE.EXE | Added by the AML TROJAN! | No |
| X | system service | spoolcrv.cpl | Added by the INSPIR.11 TROJAN! | No |
| X | System Service | systems.exe | Added by the AGOBOT.VZ WORM! | No |
| X | System Service | coderxt.exe | Added by the RBOT-ALD WORM! | No |
| X | System Service | exp0lrer.exe | Added by a variant of the RBOT WORM! | No |
| X | System Service | servicent.exe | Added by the RBOT-AJI WORM! | No |
| X | System service | system.exe | Added by the BANCOS.AA TROJAN! | No |
| X | System Service | msnwindows.exe | Added by the SPYBOT.YCL WORM! | No |
| X | System Service | servicez.exe | Added by the RBOT-AOY WORM! | No |
| X | System Service | msnxpexe.exe | Added by the RBOT-AUA WORM! | No |
| X | System Service | teskmangr.exe | Added by the RBOT-AUV WORM! | No |
| X | System Service | backup.exe | Added by the PACKBOT.AA WORM! | No |
| X | System Service | serious.exe | Added by the RBOT-FMV WORM! Note - deactivates the Microsoft Internet Connection Firewall (ICF) | No |
| X | System Service | b4db0yz.exe | Added by the RBOT-CLO WORM! | No |
| X | SYSTEM service helper | svchelper.exe | Added by the MONKBD-A WORM! | No |
| X | SYSTEM service helper | syshelp.exe | Added by a variant of the MONKBD-A WORM! | No |
| X | System Service Manager | lsmas.exe | Added by the AGOBOT-IK BACKDOOR! | No |
| X | System Service Manager | norton.exe | Added by the GAOBOT.AJE WORM! | No |
| X | System Service Manager Device | svho.exe | Added by the RBOT.GCG BACKDOOR! | No |
| X | System service** | pokapoka**.exe | EliteBar adware - where ** represents the numbers 61 to 79 | No |
| X | System service78 | [path to file] | Added by the ELITEBAR-T and ELITEBAR-U TROJANS! | No |
| X | System service79 | [path to file] | Added by the ELITEBAR-V TROJAN! | No |
| X | System Services | [random file name] | Added by a variant of the RBOT WORM! | No |
| X | System Services | connection.exe | Added by an unidentified WORM or TROJAN! | No |
| X | System Services | svcsenes.exe | Added by a variant of the RBOT WORM! | No |
| X | System Services | svcsenes32a.exe | Added by the RBOT-AFG WORM! | No |
| X | System Services | ssms.exe | Added by a variant of the RBOT WORM! | No |
| X | System Services Monitor | server.exe | Bifrost malware | No |
| X | System Servlce | live.exe | Added by the IRCBOT-GX WORM! | No |
| X | System Session Manager | smss.exe | Added by the KALEL-E WORM! Note - this is not the legitimate smss.exe process which should NOT appear in Msconfig/Startup! | No |
| X | System settings | burndl32.exe | Added by the SDBOT-ZO WORM! | No |
| X | System Setup | rpcxcmod.exe | Added by an unidentified WORM or TROJAN! | No |
| X | System Soap Pro | soap.exe | System Soap Pro internet cleaning software. Bundles foistware like Httper and Zipclix - best avoided | No |
| X | system spool | syspools.exe | Added by the DREF-T WORM/VIRUS! | No |
| X | System Spooler Subsystem | lssas.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| U | System startup | charmapx.exe | Only required if using an oriental language | No |
| X | System Startup | Voltio.exe | Added by the RBOT.NJ WORM! | No |
| X | System Startup | kimochi.exe | Added by a variant of the RBOT WORM! | No |
| X | System Startup | sys.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | System Startup Manager | smcss.exe | Added by the RBOT.AMD WORM! | No |
| X | System Stats | SystemStats.exe | Added by a variant of the WOOTBOT WORM! | No |
| X | System Support | syscfg.exe | Added by the RBOT-AGQ WORM! | No |
| X | System Support | system32.exe | Added by the RBOT-AHA WORM! | No |
| X | System Support | syssql.exe | Added by the RBOT-AUH WORM! | No |
| X | System Support | torrent.exe | Added by a variant of the RBOT WORM! | No |
| X | System Task Manager | taskmrg.exe | Added by a variant of the SPYBOT WORM! See here | No |
| X | System Terminal | SYSTEM2.EXE | Added by the SPYBOT-BZ TROJAN! | No |
| X | System time updator | CSysTime.exe | Added by the RANDEX.S WORM! | No |
| X | system tool | sysguard.exe | Antivirus System Pro rogue security software - not recommended, removal instructions here | No |
| X | System Toolkit | Systools.exe | Added by the RONOPER-G WORM! | No |
| X | System Tray | msccn32.exe | Added by the SOBIG.B WORM! Warning - spreading via infected E-mail attachments with the sender address faked as support@microsoft.com! Note - this is not the legitimate systray.exe process | No |
| X | System Tray | systray.exe | Added by the FAN-A WORM! | No |
| X | System Tray Monitor | tray.exe | Added by the RBOT.UXR WORM! | No |
| X | System Tray Services | spooles32.exe | Added by the AGOBOT.ZH WORM! | No |
| X | System Tray32 | SysTray32.exe | Added by the REPAD WORM! | No |
| X | System Unix | syscfg32.exe | Added by the RBOT-ZD WORM! | No |
| X | system updata | updata.exe | Added by the LINEAGE-C TROJAN! | No |
| X | System Update | [filename].exe | CoolWebSearch parasite variant | No |
| X | System Update | [random filename] | Added by the KORGO.W or KORGO.X WORMS! | No |
| X | System Update | wupdmgr.exe | Added by the SOROMO-A TROJAN! | No |
| X | System Update | [random filename] | Added by the SOROMO-A TROJAN! | No |
| X | System Update | wauluclt.exe | Added by the SDBOT.EF WORM! | No |
| X | System Update | [path to trojan] | Added by the AUTOTROJ-D TROJAN! | No |
| X | System Update | mssetupconf.exe | Added by the RBOT.DLC WORM! | No |
| X | System Update Application | msbuffer.exe | Added by the SDBOT.AFF WORM! | No |
| X | System Update Service | wmiprvsa.exe | Added by the AGOBOT-RG TROJAN! | No |
| X | System Update Service | winupd32.exe | Added by the ADTODA-A TROJAN! | No |
| X | System Update Service | system.pif | Added by the RBOT-ALL WORM! | No |
| X | System Update Service | update.pif | Added by the SPYBOT.WOE WORM! | No |
| X | System Update Service | wmiprvsv.exe | Added by the AGOBOT.YG WORM! | No |
| X | System Update Service | csrss32.exe | Added by the AGOBOT-HI WORM! | No |
| X | System Update2 | explorer.exe | Added by the AUTOTROJ-C TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System% | No |
| X | System Update2 | services.exe | Added by the AUTOTROJ-C TROJAN! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! | No |
| X | System Update2 | svchost.exe | Added by the AUTOTROJ-C TROJAN! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup! | No |
| X | System Update2 | system.exe | Added by the AUTOTROJ-C TROJAN! | No |
| X | System Update2 | taskman.exe | Added by the AUTOTROJ-C TROJAN! | No |
| X | System Update2 | taskmon.exe | Added by the AUTOTROJ-C TROJAN! Note - this is not the legitimate Win98/Me file of the same name which is located in %Windir% as this version is located in %System%. It is not normally found on a WinXP system | No |
| X | System Update2 | update.exe | Added by the AUTOTROJ-C TROJAN! | No |
| X | System Update2 | webcheck.exe | Added by the AUTOTROJ-C TROJAN! | No |
| X | System Update2 | wininet.exe | Added by the AUTOTROJ-C TROJAN! | No |
| X | System Update2 | winlogon.exe | Added by the AUTOTROJ-C TROJAN! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup! | No |
| X | System Update2 | winspool.exe | Added by the AUTOTROJ-C TROJAN! | No |
| X | System Update2 | wupdmgr.exe | Added by the AUTOTROJ-C TROJAN! | No |
| X | System Updated | svchoes.exe | Added by the RBOT-ASF WORM! | No |
| X | System Updater Machine | crhwss.exe | Added by the CIADOOR-DQ TROJAN! | No |
| X | System Updater Machine | system.exe | Added by the CIADOOR.GN BACKDOOR! | No |
| X | System Updater Service | wmiprvsw.exe | Added by the GAOBOT.AFC WORM! | No |
| X | System Updates | winsci.exe | Added by a variant of the RBOT WORM! | No |
| X | System Updates | szwi.exe | Added by the RBOT-AXE WORM! | No |
| X | System Updates | unve.exe | Added by the RBOT-AWG TROJAN! | No |
| X | System Updates | wmkl.exe | Added by the RBOT-AYJ WORM! | No |
| X | System Updates 4 | mssysfix.exe | Added by the RBOT-ADU WORM! | No |
| X | System Updates Manager | winserv32.exe | Added by the AGOBOT-AGA WORM! | No |
| X | System Updates Service | updates.pif | Added by the RBOT-AMA WORM! | No |
| X | System Uptime Server | SYSENTRY.EXE | Added by the RBOT.LK WORM! | No |
| X | System Uptime Server | SYSENTRY32.EXE | Added by the RBOT.LK WORM! | No |
| X | system xp | acdsee demo.exe | Added by the SALGA.A WORM! | No |
| X | System-Config | msptmf32.com | Added by the LIOTEN.FA WORM! | No |
| X | System-Service | EXPLORER.SCR | Added by the BENJAMIN.A WORM! KaZaA file-sharing users beware! | No |
| X | System-Stat | systats.exe | Added by the SDBOT.RA WORM! | No |
| X | system. | system..exe | Added by the OPTIXPRO.13.C TROJAN! | No |
| X | system... | system...exe | Added by the OPTIXPRO.13.C TROJAN! | No |
| X | System.exe | System.exe | Added by various WORMS and TROJANS! | No |
| X | system.exe | system.exe | Added by the JAMPORK.E WORM! | No |
| X | system.exe | system.exe | Added by a variant of the IRCBOT BACKDOOR! Located in %WINDIR%\pchealth\helpctr\binaries | No |
| X | System132 | Csrtss.exe | Added by the LANFILT-I TROJAN! | No |
| X | system16 | system16.exe | Added by the BANCBAN-OB BACKDOOR! | No |
| X | system23 | notPad.exe | Added by the ESTEEMS.D TROJAN! | No |
| X | System32 | system.exe | Added by the BUSHTRO122 TROJAN! | No |
| X | System32 | System32.exe | Added by any number of WORMS or TROJANS! | No |
| U | System32 | sysdiag.exe | SpyAgent surveillance software. Uninstall this software unless you put it there yourself | No |
| X | System32 | system32,1.exe | Added by an unidentified VIRUS, WORM or TROJAN! | No |
| X | system32 | NeT-BoT.exe | Added by the AGOBOT-LJ WORM! | No |
| X | System32 | lsasss.exe | Added by the RBOT-XW WORM! | No |
| X | System32 | crsvvc.exe | Added by the RBOT.BLY WORM! | No |
| X | system32 | QQGame.exe | Added by the QQPASS-AC TROJAN! | No |
| X | System32 | [worm filename] | Added by the NAUTICAL-A WORM! | No |
| X | System32 | winds32.exe | Added by the DWNLDR-HFY TROJAN! | No |
| X | System32 | csrss.exe | Added by the SILLYFDC WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "drivers" subfolder | No |
| X | system32 | lowinplay.exe | Added by the VB.FVJ TROJAN! | No |
| U | System32 | sb32mon.exe | Part of the SpyBuddy keystroke logger/monitoring program - see here. Remove unless you installed it yourself! | No |
| X | System32 PCI Manager | syspci32.exe | Added by the RBOT-AFR WORM! | No |
| X | System32 Runtime StartUp | sysrs.exe | Added by the AGOBOT.ANW WORM! | No |
| X | System32 Spool | winint.exe | Added by the FORBOT-N WORM! | No |
| X | System32 TCP Manager | systcpm.exe | Added by a variant of the RBOT WORM! | No |
| X | System32 TCP Manager | systerm.exe | Added by the RBOT.AFD WORM! | No |
| X | System32 Temp Service | systmp.exe | Added by the RBOT-AET WORM! | No |
| X | System32-Driver | csrs32.exe | Added by the SDBOT-CP BACKDOOR! | No |
| X | system32.dll | systeminit.exe | CoolWebSearch parasite variant - re-directing to your-search.info | No |
| X | system32.dll | sysdll32.exe | CoolWebSearch parasite variant. Redirecting to wholeworldmarket.com, most likely other domains as well | No |
| X | system32.exe | services32.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | system32.exe | system32.exe | Added by the GRAYBIRD.P TROJAN! | No |
| X | System32BLSJ Agent | System32BLSJ.exe | Added by the MDROP-BPT TROJAN! | No |
| X | System32Check | [random].exe | Added by the CHAST-A TROJAN! | No |
| X | System32Dll | DLL32SYS.EXE | Added by the SPYBOT-CZ WORM! | No |
| X | System32Ex | System32Ex.exe | Added by the IRCCONTACT TROJAN! | No |
| U | System32kfvw | sysdiag.exe | SpyAgent surveillance software. Uninstall this software unless you put it there yourself | No |
| X | System32Root | Gadu-Gadu.exe | Added by a variant of the IRCBOT TROJAN! Note - doe not confuse with the Polish language Instant Messaging client also called Gadu-Gadu | No |
| X | system32WXBP Agent | system32WXBP.exe | ARDAMAX.HR spyware | No |
| X | System33 | FB_PNU.EXE | Added by the NICHELLO-A WORM! | No |
| X | system34.exe | system34.exe | Added by the DWNLDR-FXY TROJAN! | No |
| X | System4224411 | Virus | Added by the CAGER.A WORM! | No |
| X | System4224411 | Systemdll.exe | Added by the YUSUFALI-B WORM! | No |
| X | system43.exe | system43.exe | Added by a variant of the SDBOT WORM! | No |
| X | System51616 | msnmsgesser.exe | Added by a variant of the PUSHBOT WORM! A family of worms that spread using MSN Messenger | No |
| X | System64 | inet.exe | Added by the DENGLE-A TROJAN! | No |
| X | SystemAdministration | Wincmp32.exe | Added by the ASYLUM TROJAN! | No |
| U | SystemAgent | Sage.exe | "Microsoft Plus! System Agent automatically tunes your system, performing tasks such as disk optimization and error correction. It can also run any application at prescheduled times" | No |
| X | SystemB | MessengerStopper.exe | MessStopper adware | No |
| X | systemb | systemb.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | SystemBackup | mtx.exe | Added by the MTX VIRUS/WORM! | No |
| X | SystemBackup | MicroLog.exe | Added by the MICROLOG.A TROJAN! | No |
| X | SystemBooster2009 | sbr_updater.exe | SystemBooster2009 rogue system suite - not recommended, removal instructions here | No |
| ? | SystemBoot | ladies.htm | Unknown but sounds very suspicious?? | No |
| X | SystemBoot | Mshta.exe ...filename.hta | Adult content dialler | No |
| X | SystemBoot | services.exe | Added by the SOBER-Q TROJAN! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\Help\Help | No |
| X | Systemboot | msnsngr.exe | Added by a variant of the RBOT WORM! | No |
| X | SystemCheck | Systemcheck.exe | Added by the LAVITS WORM! | No |
| X | SystemCheck | services.exe | Added by the SOBER-M WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\Config\system | No |
| X | SystemCheck | svchost.exe | Added by the DELF-KR TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "DriverLoad" sub-directory of the Root folder (C:\), (D:\), etc | No |
| X | SystemCheck | SysCheckBop32.exe | WINBO adware | No |
| U | Systemcheck | sb32mon.exe | Part of the SpyBuddy keystroke logger/monitoring program - see here. Remove unless you installed it yourself! | No |
| X | SystemChecker | Syschk.exe | Added by the GALIL.F WORM! | No |
| X | SystemCleanerPRO | sysclpro.exe | SystemCleanerPro rogue security software - not recommended, removal instructions here | No |
| X | SystemCONF98i | SystemCONF98i.exe | Added by the GLITCH TROJAN! | No |
| X | SystemCop | SystemCop.exe | SystemCop rogue security software - not recommended, removal instructions here. A member of the WiniGuard family | No |
| X | SystemDebug | Sysdeb32.exe | Added by the SYSBUG TROJAN! | No |
| X | SystemDefender | SystemDefender.exe | SystemDefender rogue spyware remover - not recommended, removal instructions here | No |
| X | SystemDevic | devic.exe | Added by the MIMBOT.A WORM! | No |
| X | SystemDll | SystemDll.exe | Added by the LOXOSCAM TROJAN! | No |
| X | systemdll.dll | winsys32.exe | Added by the DELF.CP BACKDOOR! | No |
| X | systemdll32.exe | systemdll32.exe | Added by the FEUTEL-F TROJAN! | No |
| X | SystemDoctor 2006 Free | sd2006.exe | SystemDoctor rogue security software - not recommended, removal instructions here | No |
| X | SystemDoctor Free | systemdoc.exe | SystemDoctor rogue security software - not recommended, removal instructions here | No |
| X | SystemDrive | maxpaynow1.exe | Added by the TIBS.BKU TROJAN! | No |
| X | SystemDriver | csrss.exe | Added by the ASCETIC.B TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\addins\explorer | No |
| X | SystemDriverCheck | svchost.exe | Added by the DELF-KR TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "DriverLoad" sub-directory of the Root folder (C:\), (D:\), etc | No |
| X | SystemDriverLoad | svchost.exe | Added by the DELF-KR TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "DriverLoad" sub-directory of the Root folder (C:\), (D:\), etc | No |
| X | systemdrv | ms32sys.exe | Added by an unidentified WORM or TROJAN - most likely GAOBOT variant | No |
| X | SystemEmergency | [various filenames] | CoolWebSearch Smartsearch parasite variant | No |
| X | SystemErrorFixer | SysRep.exe | SystemErrorFixer rogue system error and cleaning utility - not recommended. A member of the ErrClean family | No |
| X | SystemExplorer | explore.exe | Homepage hijacker - file located in the "Services" folder in Common Files | No |
| X | Systemey | systemey.exe | Added by the SLINBOT.JF BACKDOOR! | No |
| X | SystemFighter | SystemFighter.exe | SystemFighter rogue security software - not recommended, removal instructions here. A member of the WiniGuard family | No |
| X | SystemFile | SystemFile.exe | Added by the DULLDOOR-A TROJAN! | No |
| X | SystemFTP | VSENMB.exe | Malware (ie, malicious software). Also changes the system.ini Shell line to read Shell=Explorer.exe VSENMB.exe, and it hacks the Winstart.bat as well | No |
| X | SystemGent | CVT.exe | Added by the BRONTOK-H WORM! | No |
| X | systemguard | systemguard.exe | System Guard 2009 rogue security software - not recommended, removal instructions here | No |
| ? | SystemGuardAlerter | SystemGuardAlerter.exe | Part of the Iolo System Mechanic maintenance software. What does it do? | No |
| X | SystemGuardCenter | SystemGuardCenter.exe | System Guard Center rogue security suite - not recommended, removal instructions here | No |
| X | SystemHelp | RUNDLL32.EXE SystemHper.dll,Install | Added by the WOW.COK TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "SystemHper.dll" file is found in %System% | No |
| X | SystemInit | iservc.exe | Added by the FIZZER WORM! | No |
| X | systeminit | systeminit.exe | Added by the SILLYFDC-AN WORM! | No |
| X | Systemiom Updater | Systemiom.exe | Added by the SPYBOT.TY WORM! | No |
| X | systemkernal.exe | systemkernal.exe | Added by the AGENT-KPQ TROJAN! | No |
| U | SystemKey | rundll32.exe [path] SystemKey.dll rdl | Stealth Keylogger keystroke logger/monitoring program - remove unless you installed it yourself! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| X | SystemLoad32 | sysload32.exe | Added by the MIMAIL.E WORM! | No |
| X | SystemLoader | sysldr32.exe | Added by the DOWNLDR-NS TROJAN! | No |
| X | SystemManager | Sysman32.exe | Added by the DOWNLOADER-BW.B TROJAN! | No |
| X | SystemManager | [random filename] | Added by the SETTEC ROOTKIT! | No |
| X | SystemMap32 | Netisp32.vbs | Added by the REDIST.C WORM! | No |
| X | SystemMD | md.exe | Homepage hijacker | No |
| X | SystemMessenger | rundll32.exe [path] SystemMessenger.dll | Stealth Chat Monitor spyware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| X | SystemMgr | Ir32_a.exe | Added by the MAGANIA-OU TROJAN! | No |
| X | SystemMigration | WinMedia.exe | Added by the KELVIR.EI WORM! | No |
| X | SystemMonitor | Sysmon32.exe | Added by the AIDID.A WORM! | No |
| X | SystemNetwork | NETSERV.EXE | Added by the NETCONTROL VIRUS! | No |
| X | SystemNetwork | sysnet.exe | Added by a variant of the RBOT WORM! | No |
| X | SystemNT | SystemNT.exe | Added by the PWSVB-EG TROJAN! | No |
| X | SystemOPsv | scrtvc32.exe | Added by a variant of the SPYBOT WORM! | No |
| X | SystemOptimizer2008 | main.exe | SystemOptimizer2008 rogue optimization utility - not recommended, removal instructions here | No |
| X | SystemOrdnare | SysRep.exe | SystemOrdnare, Swedish rogue system error and cleaning utility - not recommended. A member of the ErrClean family | No |
| X | SystemProcEvent | [trojan filename] | Added by the IRCBOT.I TROJAN! Filenames used are csrwnd.exe, csrwjd.exe & csrnvrt.exe | No |
| X | systemr | d11host.exe | Added by the VB-GX TROJAN! | No |
| X | systemr | gedit.exe | Added by the ADCLICK-AQ TROJAN! | No |
| ? | SystemReg | PROCES.EXE | ?? | No |
| X | SystemReg | svchost.exe | Added by the DEWIN.E TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in the Winnt or Windows folder | No |
| X | SystemReg | WINREG.EXE | Added by the DEWIN.A TROJAN! | No |
| X | Systems | scchost.exe | Added by the DAEMOZ.A TROJAN! | No |
| X | Systems | svch0st.exe | Added by the MYDOOM.BI WORM! | No |
| X | Systems | Systems.exe | Added by the BANKBOA-A TROJAN! | No |
| X | Systems | itDDD.exe | Added by the DLOADER-PP TROJAN! | No |
| X | Systems | sescmgr.exe | Added by the DWNLDR-GAH TROJAN! | No |
| X | Systems | spoolsvc.exe | Added by the DLOADR-SW TROJAN! | No |
| X | Systems | sysmon.exe | Added by the VIXUP-BI WORM! | No |
| X | Systems Backups | windrives.exe | Added by the AGOBOT-RB WORM! | No |
| X | Systems Restart | slchost.exe | Added by the MULTIDROP.C TROJAN! | No |
| X | Systems Restart | spchost.exe | Added by an unidentified WORM or TROJAN! | No |
| X | Systems Restart | Rundll32.exe beem.dll, DllRegisterServer | Browser hijacker - the file serves to register a dll implemented as a browser plugin. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| X | Systems Restart | Rundll32.exe snim.dll, DllRegisterServer | Added by the STARTPAGE.I TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| X | Systems Restart | Rundll32.exe zolk.dll, DllRegisterServer | Added by a variant of the STARTPAGE TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| X | Systems Restart | Rundll32.exe boln.dll, DllRegisterServer | Added by the STARTPAGE.J TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| X | Systems Service | drivex.exe | Added by a variant of the RBOT WORM! | No |
| X | systems usb driver | Windows2.exe | Added by a variant of the RBOT WORM! | No |
| U | Systems.exe | Systems.exe | Keyboard Spectator - monitoring software that creates records of everything people do on a computer, ie, spying or monitoring depending upon how you call it | No |
| U | systems.exe | systems.exe | KGBSpy is a commercial surveillance software program. It logs keystrokes, Web sites visited, and clipboard activity. It also has a screen capture logger and can be run automatically in a silent, undetectable mode | No |
| U | SystemSafe | Syssafe.exe | System Safety Monitor - system monitoring tool with additional application firewalling | No |
| X | SYSTEMSars32 | csrss.exe | Added by the AHLEM.A WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | SystemSAS | System32.exe | Added by the KWBOT.C WORM! | No |
| X | systemscroot | systembin.exe | Added by a variant of the RBOT WORM! | No |
| X | SystemSearch | regedit.exe -s ie.reg | Installs a Seachxl.com browser page hijack. Note that the Windows registry editor (regedit.exe) is a legitimate Microsoft file located in %Windir% and shouldn't be deleted. The file "ie.reg" is located in the root folder (ie, C:\) | No |
| X | SystemSearch | regedit.exe -s sys.reg | Installs a i--search.com browser page hijack. Note that the Windows registry editor (regedit.exe) is a legitimate Microsoft file located in %Windir% and shouldn't be deleted. The file "sys.reg" is located in %Windir% | No |
| X | SystemSecurity | zprot32.exe | Added by the AGENT-FK TROJAN! | No |
| X | SystemService | msocfg.exe | Premium rate adult content dialler | No |
| X | SystemService | navchk.exe | Premium rate adult content dialler | No |
| X | SystemService | qservice.exe | Premium rate adult content dialler | No |
| X | SystemService | shman.exe | Premium rate adult content dialler | No |
| U | SystemService | nsserver.exe | NiceSpy keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| X | SystemSettingf | TRUG.vbs | Added by the TRUG.B MACRO! | No |
| U | SystemSuite Task Manager | MXTASK.EXE | vcom (nee Ontrack) SystemSuite - PC maintenance and security. Use the program's configuration options to enable only the parts you want running all the time - such as Virusscanner Pro | No |
| X | SystemSv12 | newmaxxsv234.exe | Added by the TIBS-TS TROJAN! | No |
| X | SystemSv121 | n2ewma1xxsv234.exe | Added by the TIBS.TJ TROJAN! | No |
| X | SystemTasks | filez.exe | Adult content dialler | No |
| X | SystemTasks | sexypicz.exe | Adult content dialler | No |
| X | SystemTasks | loaded.exe | Adult content dialler | No |
| X | SystemTools | kernels32.exe | Added by the DLOADER-FC TROJAN! | No |
| X | SystemTools | kernels1118.exe | Added by the SMALL.DGK TROJAN! | No |
| X | SystemTools | kernels8.exe | Added by the FNG TROJAN! | No |
| X | SystemTools | kernels88.exe | Added by the TIBS-PP TROJAN! | No |
| X | SystemTools | testtestt.exe | Added by the DWNLDR-ZLC TROJAN! | No |
| X | Systemtra | Systra.exe | Added by the LOVGATE-W WORM! | No |
| X | SystemTra | CDPlay.EXE | Added by the LOVGATE.Z WORM! | No |
| X | SystemTra | Video.EXE | Added by the LOVGATE.E WORM! | No |
| U | SystemTray | SysTray.Exe | For Win9x/Me - System Tray Services. Provides the Volume Control, PC Card Status, Power Management and other icons that reside in the System Tray (see here). SYSTRAY.EXE may be disabled if none of these services are required. It will launch as and when required if you later enable the icons. If you need these items they're available via Start → Settings → Control Panel | No |
| X | SystemTray | SystemTray.exe | Added by the BIGFOOT TROJAN! Note - this is not the legitimate systray.exe process | No |
| X | SystemTray | SysTray.exe | Added by the ALADINZ.P TROJAN! Note - this is not the legitimate systray.exe process. If you right-click on the real systray.exe the "Properties" reveal it to be a Microsoft file | No |
| X | SystemTray | lsvhostwinlk.exe | Added by a variant of the SPYBOT WORM! | No |
| X | SystemTray | mssgl2.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | SystemTray | wekls4.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | SystemTray | Windowsupd.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | SystemTray Monitor | SysTraymon.exe | Added by a variant of the SPYBOT WORM! See here | No |
| U | SystemTraySD | SDSystemTray.exe | Spyware Detector - spyware remover. Initially not recommended due to false positives but the later versions have since improved - see here | No |
| U | SystemTraySR | SRSystemTray.exe | Spyware Detector - spyware remover. Initially not recommended due to false positives but the later versions have since improved - see here | No |
| X | SystemTuner | SystemTuner.exe | System Tuner rogue system suite - not recommended, removal instructions here | No |
| N | SystemUpd | SystemUpd.exe | Updater for Swapoo.com, a kind of Napster for games | No |
| X | SystemUpdate | Negdo.exe | Added by the CULLER-C WORM! | No |
| X | SystemUpdate | Xeyu.exe | Added by the CULLER-D WORM! | No |
| X | SystemVeteran.exe | SystemVeteran.exe | SystemVeteran rogue security software - not recommended, removal instructions here. A member of the WiniGuard family | No |
| X | systemw32 | systemw32.exe | Added by a variant of the RBOT WORM! | No |
| X | SystemWarrior | SystemWarrior.exe | SystemWarrior rogue security software - not recommended, removal instructions here. A member of the WiniGuard family | No |
| U | SystemWeb | rundll32.exe [path] SystemWeb.dll rdl | StealthWeblog surveillance software. Uninstall this software unless you put it there yourself! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| X | SystemWideHook for Windows NT | %WinHook32.exe | Added by the MYDOOM.AC WORM! | No |
| X | SystemWindows | scvhost.exe | Added by the SILLYFDC-CG WORM! | No |
| U | SystemWizard Sniffer | Sniffer.exe | SystemWizard for Win98/ME from SystemSoft - diagnoses and solves hardware and software problems on a PC | No |
| X | SystemX | nzm.exe | Added by a variant of the RBOT WORM! | No |
| X | systemx32 | systemx32.exe | Added by a variant of the RBOT WORM! | No |
| X | systemyom Updater | systemyom.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | SYSTEMZ Patch | SYSZ.exe | Added by the ALADINZ.P TROJAN! | No |
| U | System_Messages | pprsen.exe | TerminatorX - "offers an easy and effective method of stopping users running predetermined file sharing programs like KaZaA, messenger programs, chat rooms and the like" | No |
| X | systen32.exe | systen32.exe | Added by the DLOADR-AQP TROJAN! | No |
| X | Systes | jrdtifkkxbbsa.exe | Added by the RBOT-ADC WORM! | No |
| X | Systesms.exe | systesms.exe | Added by the RBOT-HI WORM! | No |
| U | Systest | Systest.exe | Clean Space internet evidence eliminator | No |
| X | SysteZ | d1.exe | Added by the MSNDIABLO.A WORM! | No |
| X | systhread | winkernal.exe | Added by the LIAMED WORM! | No |
| X | systhread | HELLO.EXE | Added by the WINKER.F BACKDOOR! | No |
| X | SysTime | systime.exe | CoolWebSearch parasite variant - also detected as the STARTPA-FL TROJAN! | No |
| X | Systmesy | Systmesy.exe | Added by the RBOT-KQ WORM! | No |
| X | Systoan32 | systoan.exe | Added by an unidentified VIRUS, WORM or TROJAN! | No |
| X | systr | SYSERVER.exe | Added by the VB-DQY WORM! | No |
| X | systr2 | SERVICE.exe | Added by the VB-DQY WORM! | No |
| ? | systr32 | systr32.exe | ?? | No |
| X | systrans | [path to trojan] | Added by the STARTPA-GZ TROJAN! | No |
| ? | systrax | systrax.exe | ?? | No |
| X | Systray | Systray_.Exe | Added by the KERGEZ.A WORM! | No |
| X | Systray | [filename.exe] | Winfavorites adware | No |
| X | SYSTRAY | UNMT.EXE | Added by the DLOADER-LQ TROJAN! | No |
| X | SysTray | SysTray.Exe | Added by the BANCBAN-JV TROJAN! Note - this is not the legitimate systray.exe process from Win9x/Me systems which would appear in the Name/Startup Item field as SystemTray in the registry "Run" keys and MSConfig. If you right-click on the real systray.exe the "Properties" reveal it to be a Microsoft file | No |
| X | SysTray | Snnpapi.exe | Added by an unidentified TROJAN! | No |
| X | Systray | w32explorer.exe | Added by the RBOT-AJY WORM! | No |
| X | Systray | SteFanie.vbs | Added by the STEFAN WORM! Note - make sure you check the hyperlink as this one copies it's self to numerous dirves and folders | No |
| X | Systray | KAT.vbs | Added by the SOAD-D WORM! | No |
| X | SysTray | svhost.exe | Added by the RAJILO-A WORM! | No |
| X | SysTray | system.exe | Added by the DELF.E TROJAN! | No |
| X | systray | system234.exe | Added by the AUTORUN.AEV WORM! | No |
| U | systray | winlogin.exe | KidControl surveillance software. Uninstall this software unless you put it there yourself | No |
| U | systray | systray.exe | Dell Mobile Broadband wireless configuration utility - located in %ProgramFiles%\Dell\Dell Mobile Broadband | No |
| X | Systray driver | systray.exe | Added by the MUTEBOT TROJAN! Note - this is not the legitimate systray.exe process | No |
| X | SystrayServices | Msxpw.exe | Added by the CITOR WORM! | No |
| U | SYSTRAYX | SysTrayX.EXE | "SystrayX helps you hide some of the less used icons from the system tray (the hidden icons can still be seen and used in the special SysTrayX menu but will no longer permanently take precious space from your system tray)" | No |
| X | systree | systree.exe | Added by the BANCOS.L TROJAN! | No |
| X | Systry | [path to worm] | Added by the AUTEX WORM! | No |
| X | Systryt | [path to worm] | Added by the AUTEX WORM! | No |
| X | SystUphes | algesetp.exe | Added by the QQPASS-AM TROJAN! | No |
| U | Systweak Ad and Popup Blocker | adblock.exe | Ad and popup blocker part of Advanced System Optimizer from Systweak | No |
| U | Systweak Memory Optimizer | memtuneup.exe | Part of SysTweak Advanced System Optimizer | No |
| X | systwtray | twitty**.exe [** = random digits] | Added by the KOOBFACE.C WORM! | No |
| X | sysu | sysu.exe | Dynamic Desktop Media adware - see here | No |
| X | sysug32.exe | sysug32.exe | Added by an unidentified TROJAN or WORM! | No |
| X | SysUpd | Sysupd.exe | VirtuMonde adware | No |
| X | sysupdate | cmman32.exe | Added by a variant of the SDBOT WORM! | No |
| X | SysUtils | smss.exe | Added by the AUTORUN-AWW WORM! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %UserProfile% | No |
| X | Sysvupex | Sysvupex.exe | Added by the MEDIAS TROJAN! | No |
| X | sysvx | sysvx_.exe | Added by the LOOSKY-BX TROJAN! | No |
| U | SysW8 | csta.exe | Clean Space internet evidence eliminator | No |
| U | SYSWB6 | SYSWB6.exe | Part of We-Blocker - gives parents the opportunity to monitor their children's Internet access and provide them with age-appropriate content, while filtering out sites that contain adult content. Works in conjunction with Winkb6 and both files are needed to run We-Blocker | No |
| X | SysWin | SysWin.exe | Added by the IRCCONTACT TROJAN! | No |
| X | syswin | v6.exe | Added by the AGENT-ECM TROJAN! | No |
| X | syswin.txt | [3 random letters].exe | Added by a variant of the SPYBOT WORM! See here | No |
| X | syswin32 | syswin32.exe | Added by a variant of the SPYBOT WORM! | No |
| X | Syswindow | Syswindow.exe | Added by the COW TROJAN! | No |
| X | SysWy | rundll32.exe | Added by the LINEAGE-JH TROJAN! Note - this is not the legitimate rundll32.exe process, which is found in %Windir% (98/ME) or %System% (NT/2K/XP) | No |
| X | sysX3 | sys22.exe | Added by the RANTS.C WORM! | No |
| X | sysygm32 | syscxd32.exe | Added by the IRCBOT-PC TROJAN! | No |
| X | sysygm64 | winrxd64.exe | Added by the IRCBOT-RK TROJAN! | No |
| X | SYS_CLEAN | Service.exe | Added by the FLOPCOPY WORM! | No |
| X | Sys_Run | ghost.exe | Added by the LINEAGE-N TROJAN! | No |
| X | sys_Runtt1 | explorer.exe | Added by the LINEAGE-M TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %ProgramFiles% | No |
| X | sys_up1 | svchostsys.exe | Added by the MULTIDR-FL TROJAN! | No |
| X | SyZ | f1.exe | Added by the MSNDIABLO.A WORM! | No |
| X | Syzmy3 | exp1orer.exe | Added by the LINEAG-AIO TROJAN! Note the number "1" in the filename | No |
| X | SyztMy | expiorer.exe | Added by the LINEAG-AIN TROJAN! | No |
| U | SZMsgSvc.exe | SZMsgSvc.exe | StopZilla! - pop-up killer | No |
| X | t | xclean.exe | FlashEnhancer adware | No |
| U | T-Com WLAN Manager | TS154USB.exe | Wireless management utility for the T-Com Sinus 154 Data II WLAN adapter | No |
| N | T-DSL SpeedMgr | speedmgr.exe | T-Online ISP SpeedManager - shows upload and download speed. Also checks for updates automatically | No |
| X | T2W | Memoria.exe | Added by the DROPPER.CYG TROJAN! | No |
| U | T3Console | T3Console.exe | Related to T3 Security Suite - prevents unauthorized or inappropriate access to your PC and data | No |
| X | T4skM4n4g3r | Wink3sk9.exe | Added by a variant of the IRCBOT TROJAN! | No |
| U | Taakcontrole | taskmon.exe | Task Monitor (on Dutch language versions of Windows) - checks the disk-access patterns of programs when they are started and stores this information in log files in the Applog folder. Task Monitor also records the number of times you use a program. The Disk Defragmenter tool uses this information to optimize your hard disk so that programs that you use frequently are loaded faster. Not required - but can be useful. Note: for Norton Anti-Virus 2002 users, loading TaskMonitor will typically solve many, if not most, of those annoying IE scripting errors (per Symantec's Knowledgebase) | No |
| X | Taba | stte.exe | PurityScan adware | No |
| N | Tablet | Tablet.exe | Loads the tablet drivers for the Wacom Graphics Tablet. This can be unchecked in msconfig without problems if you don't need the tablet functional all the time. Create your own shortcut if you need to run it ad hoc. If you forget to run it before running Paint Shop Pro & Adobe Photo Shop) you may find the following: (1) Paint Shop Pro (version 7.04) - (a) Browse function will NOT work (program freezes) (b) On program exit, PSP does not terminate (you have to CTRL+ALT+DEL to close it) (2) Photo Shop (version 6.01) - (a) Program functions slowdown (d) On program exit it takes noticeably longer to shut down (like 30-45 seconds) | No |
| Y | tablet s | tablet s | Starts the Wacom Penabled driver on Acer Tablet PCs (tablet icon with a green check appears during startup if successful) | No |
| X | Tablet Task | tabletsk32.exe | Added by the RBOT-AJB WORM! | No |
| U | TabletTip | tabtip.exe | This is the Tablet PC Input Panel for Windows XP Tablet PC Edition. This utility allows you to use a pen (in conjunction with a touchscreen or tablet) to enter text into a document or input field (such as a URL in a browser) using either handwriting or the on-screen keyboard. This utility is also included with Windows 7 and Vista but only appears to run at startup if using the XP Tablet PC version. This cannot be confirmed at present | No |
| U | TabletWizard | SPLSHWRP.EXE | Microsoft Tablet PC Component | No |
| Y | TabUserW | TabUserW.exe | Wacom pen tablet driver | No |
| ? | TAcelMgr | TAcelMgr.exe | TOSHIBA Acceleration Utilities related. What does it do and is it required? | No |
| N | Tad | tad.exe | From Turtle Beach's Santa Cruz on a Dell WinME system. Not required - works fine without it including keyboard hot controls for volume and mute | No |
| X | taengtae | AutoRun.bat | Added by the GATINA-B WORM! | No |
| X | Taesk managers | tase.pif | Added by the RBOT-AYK TROJAN! | No |
| X | taetae | Exit to DosPrompt.pif | Added by the GATINA-B WORM! | No |
| ? | TAG | tag.exe | ?? | No |
| N | Tahni Deskmate | Tahni.exe | Tahni Deskmate - "Interactive cartoon character that lives on your Windows desktop" | No |
| X | TakeMP3 | rundll32.exe MSA64CHK.dll,DllMostrar | MatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System% | No |
| X | TAKSMGN | taskmr.exe | Added by the RBOT-AHS WORM! | No |
| X | talk | talk.bat | Added by the TIOTUA-G WORM! | No |
| N | TalkingReminder | TALKINGREMINDER.EXE | Talking Reminder from Software River Solutions - talking calendar reminder | No |
| ? | talknow | talknow.exe | Could it be related to this or something similar? | No |
| U | TalkTalk | sprtcmd.exe /P TalkTalk | Self-help support tool for TalkTalk Broadband users (provided by SupportSoft, Inc). Identifies and automatically fixes typical problems that may occur with your high-speed internet service | No |
| ? | Tango | Setup.exe | Tango Broadband access software. Is it required? | No |
| ? | TangoManager | TangoManager.exe | Tango Broadband access software. Is it required? | No |
| X | TANG_INA_MO | AutoRun.bat | Added by the FILUKIN.A WORM! | No |
| X | Tapicfg | Tapicfg.exe | CoolWebSearch Tapicfg parasite variant | No |
| X | Tapicfg.exe | tapicfg.exe | Malware installed by different rogue security software including SpyKillerPro | No |
| X | Tapisys | tss.exe | Added by the SMALL TROJAN! | No |
| U | TapiTNA | TapiTNA.exe | Telephony Location Selector allowing mobile users to change dialling locations - part of the Win95 Power Toys | No |
| Y | Tarantula | razerhid.exe | Razer Tarantula gaming keyboard driver | No |
| U | Tardis | Tardis.exe | Tardis - time synchronization software | No |
| X | Task | tasker.exe | Added by the MYDOOM.R WORM! | No |
| X | Task | LSASS.EXE | Added by the PUNYA-A WORM! Note - this is not the legitimate lsass.exe process, which should not appear in Msconfig/Startup! This one is located in %Root%\Application Data\WINDOWS | No |
| X | Task Alert | cmosvc.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | Task Bar | TASKBAR.EXE | Added by the FRETHEM.J WORM! | No |
| ? | Task BarClient | TaskBarClient.exe | Responsible for creating the System Tray icon and associated display system for the Starband satellite always on internet service | No |
| ? | Task BarSvr | TaskBarSvr.exe | Part of the Starband satellite always on internet service. Not included on the current system. What does it do and is it needed? | No |
| U | Task Catcher | tasktrap.exe | Real-time monitor for Task Catcher from BillP Studios - which "allows you to efficiently monitor programs running on your computer without slowing you down or hogging all your memory. Task Catcher will block unwanted programs from running and restart your favorite programs if they are disabled or crash". If the program isn't registered the monitor will initially load and then close at start-up. If registered it will continue to run and optional System Tray access will also be available | No |
| U | Task Catcher Monitor | tasktrap.exe | Real-time monitor for Task Catcher from BillP Studios - which "allows you to efficiently monitor programs running on your computer without slowing you down or hogging all your memory. Task Catcher will block unwanted programs from running and restart your favorite programs if they are disabled or crash". If the program isn't registered the monitor will initially load and then close at start-up. If registered it will continue to run and optional System Tray access will also be available | Yes |
| U | Task Catcher Real-Time Detector | tasktrap.exe | Real-time monitor for Task Catcher from BillP Studios - which "allows you to efficiently monitor programs running on your computer without slowing you down or hogging all your memory. Task Catcher will block unwanted programs from running and restart your favorite programs if they are disabled or crash". If the program isn't registered the monitor will initially load and then close at start-up. If registered it will continue to run and optional System Tray access will also be available | No |
| X | Task Commander | regsvc32.exe | Added by the AGOBOT-RX WORM! | No |
| U | Task Completion | AMCLIENT.EXE | LANDesk® Management Suite software component | No |
| X | Task Debugger | sysdll.exe | Added by the RBOT-CQ WORM! | No |
| X | Task Debugger | tskdbg.exe | Added by the AGOBOT-KK WORM! | No |
| X | Task Help | wualcts.exe | Added by a variant of the RBOT WORM! | No |
| X | Task Loader | {rdprM@Y_VO^ | Added by the AGOBOT.CB WORM! | No |
| X | Task managebrkb | taskmg.exe | Added by a variant of the SPYBOT WORM! See here | No |
| X | Task Manager | taskmngr.exe | Added by the RBOT.Y WORM! | No |
| X | Task Manager | taskman.exe | Added by the FORBOT-T WORM! | No |
| X | Task Manager | prcview.exe | Added by the AGOBOT-RT WORM! | No |
| X | Task manager | taskemngr.exe | Added by the RBOT-AGA WORM! | No |
| X | Task manager | TikTo.exe | Added by the RBOT.LV WORM! | No |
| X | Task manager | taskmngr.exe | Added by the RBOT-AYZ WORM! | No |
| X | Task Manager | svchost.exe | Added by the SOHANA-P WORM! Note - this is not the legitimate svchost.exe process which should not normally figure in Msconfig/Startup! | No |
| X | Task Manager | taskmng.exe | Added by the TIOTUA-E WORM! | No |
| X | Task Manager | svhost32.exe | Added by the TERMX.A WORM! | No |
| X | Task manager | taskmgr2.exe | Added by a variant of the RBOT WORM! | No |
| X | Task Manager | tskmngr.exe | Added by the RBOT-GOU WORM! | No |
| X | Task manager | UPDATEWIN.exe | Added by the RBOT.BBS WORM! | No |
| X | Task manager | taskmangr.exe | Added by the SPYBOT-CH WORM! | No |
| X | Task Manager Win32 | taskmngr32.exe | Added by the RANCK-EX BACKDOOR! | No |
| X | Task Monitoring Service | svchost.exe | Added by the CONE.D WORM! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "tasks" subfolder of the Winnt or Windows folder | No |
| X | Task Scheduler Engine | schedsvc32.exe | Added by the RBOT-ASJ WORM! | No |
| X | task service | taskservices.exe | Added by a variant of the RBOT WORM! | No |
| X | Task service | taskmgs.exe | Added by a variant of the RBOT WORM! | No |
| X | TASK SETUP | tasksetup.exe | Added by the RBOT-YR WORM! | No |
| N | Taskbar | Taskbar.exe | Taskbar icon for the Redline RegTweak overclocking program as supplied with Sapphire ATI graphics cards | No |
| N | TaskBar | CTLTask.exe | Creative SoundBlaster Audigy Taskbar - used to choose between different types of EAX Effects, not required in startup. NOTE: if you get a ctltask.exe error message while installing the Audigy drivers, see this Microsoft Knowledge Base article | No |
| Y | Taskbar Button Manager | tbm.exe | Taskbar Button Manager from Innovative Solutions - "is a simple utility that helps you arrange the buttons on your Windows taskbar in any way you want by using drag and drop" | No |
| N | Taskbar Display Controls | RunDLL deskcp16.dll, QUICKRES_RUNDLLENTRY | Only appears in MSCONFIG if you have a Display Settings icon in the System Tray allowing resolution changes on the fly. Can also be disabled under Control Panel -> Display -> Settings -> Advanced -> General. Also appears if you have Win95 with the QuickRes "Powertoy" installed | No |
| X | Taskbar Service | taskbar.svc | Unidentified adware | No |
| Y | Taskbar Shuffle | taskbarshuffle.exe | "Taskbar Shuffle is a simple, small, free utility that lets you drag and drop your Windows taskbar buttons to rearrange them" | No |
| X | Taskbar System | tasksys.exe | Added by a variant of the SDBOT WORM! | No |
| N | Taskbar++ | TaskbarPP.exe | Taskbar++ is a software that allows you to sort (move) the buttons of the Windows taskbar by Drag & Drop | No |
| Y | taskbarshuffle | taskbarshuffle.exe | "Taskbar Shuffle is a simple, small, free utility that lets you drag and drop your Windows taskbar buttons to rearrange them" | No |
| X | Taskbell.exe | Rund1.exe | Added by the YIPID TROJAN! | No |
| X | taskdir | taskdir.exe | Added by the LAGER.AQ TROJAN! | No |
| X | TaskList | tasklist32.exe | Added by the BANCOS-DX TROJAN! | No |
| X | TaskMan | Rundll32.exe | Added by the DVLDR TROJAN! Note - this is not the legitimate rundll32.exe process, which is found in %Windir% (98/ME) or %System% (NT/2K/XP). This one is located in %Windir%\Fonts | No |
| X | Taskman | KHATRA.exe | Added by the AUTORUN-AKR WORM! | No |
| X | taskman | taskman.exe | Added by the SILLYFDC.BBB WORM! | No |
| X | Taskman | sysdate.exe | Added by the SILLYFDC.BCQ WORM! | No |
| X | Taskman | sysdrv.exe | Added by the AGENT-LRB TROJAN! | No |
| X | taskmanager | taskmgr.com | Added by the BEREB WORM! | No |
| X | taskmanager | taskmanager.exe | Added by the AGOBOT-TF WORM! | No |
| X | TaskManager | [path to trojan] | Added by the LDPINCH-CF TROJAN! | No |
| X | TaskManager Load Module | TSKMNGR32.EXE | Added by the SPYBOT.I WORM! | No |
| X | taskmanger | taskmanger.exe | Added by a variant of the RBOT WORM! | No |
| X | Taskmgo | [path to file] | Added by the BANCBAN-T TROJAN! | No |
| X | Taskmgr | Taskmgr.exe | System1060 homepage hi-jacker. Note - this is not the legitimate taskmgr.exeprocess which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "1060" sub-folder | No |
| X | Taskmgr | tskmgr32.exe | Homepage hi-jacker | No |
| X | taskmgr | taskmgr.exe | Added by the STARTPAGE.G hijacker. Note - this is NOT the Windows Task Manager file! | No |
| X | Taskmgr | system.exe | Added by the PAKES.G TROJAN! | No |
| X | taskmgr | explorer.exe | Added by the ZAPCHAS-AC TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System% | No |
| X | taskmgr | [path to trojan] | Added by the AGENT-ENV TROJAN! | No |
| X | taskmgr | taskmanager.exe | Added by the BCKDR-QHT BACKDOOR! | No |
| X | TaskMgr | keymayker.exe | Added by the LDPINCH-EP TROJAN! | No |
| N | taskmgr.exe | taskmgr.exe | Windows Task Manager in Windows XP. If run from the Startup folder, the tray icon will be put to the system tray after boot. Useful to check if XP has finished running the delayed services after boot. Available via a desktop shortcut | No |
| X | taskmgr.exe | paint.exe | Added by a variant of the AGENT.AH TROJAN! | No |
| X | taskmgr.exe | mirc.exe | Added by a variant of the AGENT.AH TROJAN! | No |
| X | taskmgr.exe | paintms.exe | Added by a variant of the AGENT.AH TROJAN! | No |
| X | TASKMGRU | TASKMGRU.EXE | Added by the CWS-M TROJAN! | No |
| X | taskmngr | [path] msnve.exe [path] task.exe | Added by the FLOOD-EK TROJAN! | No |
| X | taskmngr lptt01 | taskmngr.exe | RapidBlaster variant (in a "Taskmngr" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here | No |
| X | taskmngr ml097e | taskmngr.exe | RapidBlaster variant (in a "Taskmngr" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here | No |
| X | TaskMon | taskmon.exe | Added by the MYDOOM.A or MYDOOM.J WORMS! Note - this is not the legitimate Win98/Me file of the same name which is located in %Windir% as this version is located in %System%. It is not normally found on a WinXP system | No |
| X | TaskMon | [path to trojan] | Added by the DROPPER.EAT TROJAN! | No |
| X | Taskmon driver | winampa.exe | Added by the LOONY-I TROJAN! Note - this is NOT associated with the popular Winamp media player. The valid file for the Winamp Agent resides in a "Winamp" subdirectory of the Program Files directory whereas this file is located in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| X | taskmone | taskmone.exe | Added by the SINGU-S TROJAN! | No |
| U | TaskMonitor | taskmon.exe | The Task Monitor checks the disk-access patterns of programs when they are started and stores this information in log files in the Applog folder. Task Monitor also records the number of times you use a program. The Disk Defragmenter tool uses this information to optimize your hard disk so that programs that you use frequently are loaded faster. Not required - but can be useful. Note: for Norton Anti-Virus 2002 users, loading TaskMonitor will typically solve many, if not most, of those annoying IE scripting errors (per Symantec's Knowledgebase) | No |
| X | TaskMrg | csrss.exe | Added by the LDPINCH-W TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | taskmrg | taskmrg.exe | Added by the BANKER-BZZ TROJAN! | No |
| X | taskmrg.exe | taskimg.exe | Added by the DLOADER-QZ TROJAN! | No |
| X | taskmrg.exe | [path to trojan] | Added by the BANCBAN-BN TROJAN! | No |
| X | taskmsgs | [path to trojan] | Added by the BANCOS-BBW TROJAN! | No |
| X | taskngr | taskngr.exe | Added by the BANCOS-AWX TROJAN! | No |
| X | taskopen.exe | taskopen.exe | Added by the HIDD.C TROJAN! | No |
| N | TaskPlus | TASKPLUS0.EXE | Task and calendar management software available as freeware or as a "Professional" version for sharing over a LAN | No |
| N | TaskPlus | TASKPL~1.EXE | Task and calendar management software available as freeware or as a "Professional" version for sharing over a LAN | No |
| X | TaskReg | [random filename] | Added by the CBLAD WORM! | No |
| X | TaskS manager | taskmgrs.exe | Added by the AGOBOT.QU WORM! | No |
| X | Taskschd | TRAYWND.EXE | Added by the LITMUS.002 TROJAN! | No |
| U | TaskScheduler | TaskSch.exe | ProSeries accounting software related | No |
| U | taskswitch | taskswitch.exe | ALT+TAB replacement Powertoy for Windows XP - enhances the graphics displayed when you want to switch between programs running full-screen | No |
| U | TaskSwitchXP | TaskSwitchXP.exe | "TaskSwitchXP from NTWind Software. Advanced task management utility that picks up where the standard Windows Alt Tab switcher leaves off. It provides the same functionality, and adds visual styles to the dialog and also enhances it by displaying thumbnail preview of the application that will be switched to" | No |
| X | tasksys | tasksys.vbs | Added by the BYRON WORM! | No |
| U | tasktrap | tasktrap.exe | Real-time monitor for Task Catcher from BillP Studios - which "allows you to efficiently monitor programs running on your computer without slowing you down or hogging all your memory. Task Catcher will block unwanted programs from running and restart your favorite programs if they are disabled or crash". If the program isn't registered the monitor will initially load and then close at start-up. If registered it will continue to run and optional System Tray access will also be available | Yes |
| N | Tasktray | CTLTray.exe | Installed with the Sound Blaster Audigy range of soundcards. Allows you to set EAX effects or equalizer settings for the Sound Blaster Audigy from a systray icon. Also allows you to launch the Taskbar via right-click → Show Taskbar. The tasktray can be accessed via Start → Programs → Creative → Sound Blaster Audigy → Taskbar | No |
| X | Tasmgr | Taskmgr.bat | Added by the YPSAN.G WORM! | No |
| X | tat | tatss.exe | Delfin Promulgate adware variant | No |
| Y | Tau monitor | Taumon.exe | "Tauscan is a powerful Trojan Horse detection and removal engine capable of catching every known type of backdoor that can threaten your system" | No |
| ? | TAudEffect | TAudEff.exe | TOSHIBA Notebook related. What does it do and is it required? | No |
| X | tava | tavo.exe | Added by the CRPYT.DE TROJAN! | No |
| X | TA_Start | [random filename] | Zeno Think-Adz adware | No |
| U | TB2PROEXE | tb2start.exe | Timbuktu Pro - remote desktop access software | No |
| U | tbbMeter | tbbmeter.exe | tbbMeter - bandwidth meter developed by thinkbroadband.com "to help you monitor your Internet usage. It allows you to see how much your computer is sending to and receiving from the Internet in real time. It also shows you how your Internet usage varies at different times of the day" | Yes |
| U | TBC Pro | tbcpro.exe | TitleBarClock Pro - displays Day, Time, Date, Month, Year, FreeMem, and FreeDriveSpace on the right side of the title bar in any main window that has the mouse or keyboard focus | No |
| U | TBC.exe | TBC.exe | TitleBarClock Pro - displays Day, Time, Date, Month, Year, FreeMem, and FreeDriveSpace on the right side of the title bar in any main window that has the mouse or keyboard focus | No |
| N | tbctray | tbctray.exe | Provides quick access via a System Tray icon to the control panel for Turtle Beach's Santa Cruz or VideoLogic's SonicFury soundcards. Available via Start -> Settings -> Control Panel | No |
| Y | TBLFUNC | tblmouse.exe | Aiptek HyperPen graphics tablet driver | No |
| Y | tbm | tbm.exe | Taskbar Button Manager from Innovative Solutions - "is a simple utility that helps you arrange the buttons on your Windows taskbar in any way you want by using drag and drop" | No |
| X | tbon | tbon.exe | BestOffers adware | No |
| U | TBPanel | TBPanel.exe | Configuration utility for Gainward graphics cards. Not required unless you use non-default settings. Available via Start -> Settings -> Control Panel | No |
| X | TBPS | TBPS.exe | WebSearch Toolbar - HuntBar hijacker, toolbar installer variant | No |
| N | TBTray | tbtray.exe | VLSI/QSound ThunderBird PCI Control Panel. System Tray access to the settings for this and related soundcards. Available via Start -> Settings -> Control Panel | No |
| ? | TB_setup | TB_ANI~1.EXE | ?? | No |
| X | TB_setup | tb_setup.exe | HuntBar hijacker, toolbar installer | No |
| Y | tcactive | tca.exe | Part of The Cleaner from MooSoft - stops virus trojans before they can do any damage | No |
| N | TCASUTIEXE | tcaudiag.exe | 3Com NIC Installation/Diagnostic MFC application. Diagnostics may be run from the Start -> Programs | No |
| N | TCASUTIEXE | TCASUTI.exe | Associated with the 3COM diagnostic module (3COM NIC Doctor).?No further information is available | No |
| N | TCAUDIAG -off | tcaudiag.exe | 3Com NIC Installation/Diagnostic MFC application. Diagnostics may be run from the Start -> Programs | No |
| ? | TCDPbtn | TCDPbtn.exe | Found on a Toshiba laptop | No |
| ? | TCDPlay | TCDPlay.drv | Found on a Toshiba laptop - sounds like the driver for the CD-ROM but why doesn't it use the standard Windows drivers - any comments? | No |
| U | TClock | TCLOCK.EXE | Kazubon TClock. Utility that amongst other things synchronizes your system clock with Internet time servers. Available via Start -> Programs | No |
| X | TClock.exe | tclock_install.exe | TClock - distributed and installed without user permission by other rogue software or malware. TClock contains no uninstall facility through Windows. As TClock is of dubious origin and usefulness, it should be terminated and removed if detected | No |
| U | TClockEx | TCLOCKEX.EXE | Puts a configurable time/date display in the tray (and other features). Freeware by Dale Nurden and is popular on cover disks | No |
| U | tcmonitor | tcm.exe | Part of The Cleaner from MooSoft - warns of changes to the registry | No |
| U | tcomantidialerrun | T-Com Antidialer.exe | T-Com Antidialer from T-Com internet provider. It's a small antidialer utility which monitors whether you're trying to dial a new connection. It basically asks you do you want to dial the shown number or not. Protects agains dialer malware | No |
| U | TCOYFReminder | tcoyftray.exe | My ParenTime Fertility Planner Reminder. The calendar provides a quick overview of the status of your fertility | No |
| X | Tcp Application Manager | localsvc.exe | Added by the DLOADER-NY TROJAN! | No |
| X | Tcp Application Manager | netsvc.exe | Added by the DLOADER-NY TROJAN! | No |
| X | Tcp Application Manager | spoolsvc.exe | Added by the DLOADER-NY TROJAN! | No |
| X | Tcp Application Manager | svcadmin.exe | Added by the DLOADER-NY TROJAN! | No |
| X | Tcp Application Manager | svcman.exe | Added by the DLOADER-NY TROJAN! | No |
| X | Tcp Application Manager | svcrun.exe | Added by the DLOADER-NY TROJAN! | No |
| X | Tcp Application Manager | tcpsvc.exe | Added by the DLOADER-NY TROJAN! | No |
| X | Tcp Application Manager | websvc.exe | Added by the DLOADER-NY TROJAN! | No |
| X | tcp checker | tcpcheck.exe | Added by the VBBOT-A TROJAN! | No |
| X | TCP Internet Services | TCPSVC32.EXE | Added by the SPYBOT.X TROJAN! | No |
| X | TCP Monitoring | LanNSvc.exe | Added by the RANDEX.AAS WORM! | No |
| X | tcpipmon | tcpipmon.exe | Added by the CLICKER-EF TROJAN! | No |
| X | tcpippui | tcpippui.exe | Added by the RBOT-APS WORM! | No |
| X | tcpippui32 | tcpippui32.exe | Added by the RBOT-ART WORM! | No |
| X | tcpipsvc.exe | tcpipsvc.exe | Added by the AGOBOT-PG WORM! | No |
| X | TCPServer | TCPServer.exe | Added by a variant of the SDBOT WORM! | No |
| X | TCPXP Update | tcpxp.exe | Added by the RBOT-UL WORM! | No |
| ? | TCtlIHook.exe | TCtrlIOHook.exe | TOSHIBA Control Utility Hotkey Hook - hotkey configuration process unique to Toshiba laptops. What does it do and is it required? | No |
| ? | TCtrlIOHook | TCtrlIOHook.exe | TOSHIBA Control Utility Hotkey Hook - hotkey configuration process unique to Toshiba laptops. What does it do and is it required? | No |
| ? | TCtryIOHook | TCtrlIOHook.exe | TOSHIBA Control Utility Hotkey Hook - hotkey configuration process unique to Toshiba laptops. What does it do and is it required? | No |
| X | tcupdater | tcupdater.exe | Topconverting.com/180Search adware updater | No |
| U | TDispVol | TDispVol.exe | Used on Toshiba computers to make the Fn key have control over the volume on/off | No |
| U | TDKSTART | TDKSTART.EXE | Sets the spindown timeout and access speeds at startup and displays a splash screen for CD-RW. | No |
| N | TDKTASK | TDKTASK.EXE | Taskbar utility for a "control panel" for a CD-RW | No |
| ? | TDockNUndock | N/A | Found on a Toshiba laptop - for use with a docking station? | No |
| X | Tdrb | ompa.exe | PurityScan adware | No |
| U | TDS3 | TDS-3.exe | DiamondCS TDS-3 antitrojan. Can be used to scan on demand, but required in startup if you prefer real time protection | No |
| ? | TDspOff | Tdspoff.exe | Found on a Toshiba laptop | No |
| N | Teach In Box | teachbox.exe | Tutoring program that comes with a SystemAX Computer | No |
| Y | TeaTimer | TeaTimer.exe | Part of the popular Spybot - Search & Destroy spyware removal tool from Safer Networking Limited. "Resident TeaTimer is a tool of Spybot-S&D which perpetually monitors the processes called/initiated. It immediately detects known malicious processes wanting to start and terminates them giving you some options, how to deal with this process in the future". Also provides System Tray access to Spybot S&D and detects when processes want to change critical registry settings such as the startup entries - giving the user the option to allow/deny the change | Yes |
| Y | Tech-In-A-Box | techbox.exe | Tech-in-a-Box "provides easy-to-use tools for various system maintenance tasks. From backup and restore to diagnostics and repairs, Tech-in-a-Box is your tool to stay up and running" | No |
| U | Telechips,Mass | patch.exe | Removable disk driver for the Muro MP3 player | No |
| N | Telemeter 3.0 | telemeter3.exe | Internet connection bandwidth meter from a user ISP | No |
| Y | Telepath | telepath.exe | Drivers for the WinModem versions of the US Robotics "Telepath" series - as supplied to Gateway for instance. WinModems use software rather than hardware - hence putting a load on the CPU. Needed if you have it for loading the drivers. See here for more WinModem information | No |
| X | Telnet | Telnet.exe | Added by the VOUMIT-A WORM! Note - this is not the legitimate telnet.exe application which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "mirc32" folder | No |
| X | Telnet24 | [random filename] | Added by the RBOT-ARD WORM! | No |
| U | TelstraClear Broadband Support | matcli.exe | "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". TelstraClear Broadband Support is required to run with the Help and Support program. If you uncheck TelstraClear Broadband Support and then run Help and Support it will add another TelstraClear Broadband Support entry in the startup menu. If you remove this software in "add/remove programs" some help menus in help and support will not be available. You decide | No |
| U | TELUS eCare | matcli.exe | TELUS Resolution Assistant. "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, state, etc and gets written to a log file". TELUS Resolution Assistant is required to run with the Help and Support program. If you uncheck TELUS Resolution Assistant and then run Help and Support it will add another in the startup menu. If you remove TELUS Resolution Assistant via add/remove programs some menus in Help and Support will not be available. You decide | No |
| Y | TELUS Security service | freedom.exe | Freedom Internet Security & Privacy - anti-virus, personal firewall and parental control. It also blocks ads, safeguards your personal information, encrypts your passwords, and much more. No longer available for sale | No |
| X | TemizSurucu | GDC.exe | TemizSurucu Turkish rogue privacy tool - not recommended. A member of the PCPrivacyTool family | No |
| X | TempCom | [randomname].com | Added by the TRAXG WORM! | No |
| X | tempx | tempx.exe | Added by the TEMPEX.A TROJAN! | No |
| X | Tencent QQ | Rund1132.exe qq.dll, Rundll32 | Added by the QQPASS.F TROJAN! | No |
| N | Tencent QQ | QQ.exe | Tencent QQ Asian instant messanger program | No |
| X | Terminal Services | mstscc.exe | Added by the SDBOT-CZW WORM! | No |
| X | Terminal Update | biosefui.exe | Added by the PPDOOR-O TROJAN! | No |
| X | Terminate Popup | ZPU.exe | Free Popup Killer - foistware proven to install the Regsvc32 homepage hijacker. Also see here | No |
| X | Terminate Popup | fpuk.exe | Popup killer - foistware proven to install the Regsvc32 homepage hijacker | No |
| U | TEscKey | TEscKey.exe | Toshiba Escape Key handler. Enables you to program and use the <FN><Esc> key combination to perform a specific function | No |
| ? | Tesco Insert Detect | InsDetect.exe | Part of Tesco Picture Suite. Detects a digital camera is plugged into a USB port or when a memory card with photos is inserted? | No |
| N | Tesco.net | rundll32 [path] RyDial.dll, QuickStart | Tesco.net dial-up ISP software - not required | No |
| ? | Tesla | TESLA.EXE | ?? | No |
| X | test | i love you.exe | Added by the SINGU-T TROJAN! | No |
| X | test | zistro.exe | Added by the KIMAT-C TROJAN! | No |
| X | Testing 123 | msdata.dat | Added by the NITS.A WORM! | No |
| X | testit.exe | testit.exe | ISTBar adware | No |
| X | Teth | drle.exe | PurityScan adware | No |
| ? | TExBUtil Registry | TExBUtil.exe | ?? | No |
| X | Text Tray Service | tstray.exe | Added by the SILLYFDC.BCC WORM! | No |
| N | TextAloud | TextAloudMP3.exe | TextAloud MP3 - convert text into spoken words and MP3s | No |
| N | Textbridge Instant Access OCR | telepath.exe | TextBridge from Nuance (was Scansoft). OCR (optical character recognition) software for scanning documents into popular editing applications. Available via Start -> Programs | No |
| X | TEXTCONV | services.exe | Added by the NEVEG.B or NEVEG.C WORMS! Note - this is not the legitimate services.exe process, which should not appear in Msconfig/Startup! | No |
| X | TEXTCONV | winlogon.exe | Added by the NEVEG.A WORM! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup! | No |
| U | TFncKy | TFncky.exe | Deals with the <Fn> - <Function> key combinations on a Toshiba laptop | No |
| U | TFNF5 | TFNF5.exe | Toshiba Hotkey Utility for Display Devices. By pressing <FN> + <F5>, a window appears showing the displays that can be chosen - LCD, LCD + CRT, CRT, TV | No |
| Y | tfswctrl | tfswctrl.exe | Drive letter access to a UDF packet writer for CD-RW - from HP, Veritas an others. Similar to Roxio's DirectCD and does the same thing. From HP - "This is a needed file as it controles the readability of the Combo drives. Without this file loading the end user will be able to burn CD's but wont be able to read them. The drive itself will be able to read store bought master Cd's without the file but not burnt ones" | Yes |
| Y | tfswctrl.exe | tfswctrl.exe | Drive letter access to a UDF packet writer for CD-RW - from HP, Veritas an others. Similar to Roxio's DirectCD and does the same thing. From HP - "This is a needed file as it controles the readability of the Combo drives. Without this file loading the end user will be able to burn CD's but wont be able to read them. The drive itself will be able to read store bought master Cd's without the file but not burnt ones" | Yes |
| X | TFTP*** | tftp*** | Added by a variant of the SPYBOT WORM! where *** can be any number | No |
| Y | TFTray | TFTray.exe | System Tray access to ThreatFire no-signature anti-malware from PC Tools - which "features innovative real-time behavioral technology that provides powerful protection against both known and unknown viruses, worms, trojans, rootkits, buffer overflows, spyware, adware and other malware" | Yes |
| U | TFunckey | TFuncKey.exe | Deals with the <Fn> - <Function> key combinations on a Toshiba laptop | No |
| N | TgAddServer | tgfix.exe | Software from SupportSoft (aka Support.com) provided to manufacturers (such as Sony (Vaio Support Agent) and Toshiba (Virtual Tech)) and ISPs (such as Comcast, Cox and Charter (Pipeline Support Agent)) that allows them to offer on-line support - to update drivers, fix faults, etc. Can cause a deterioration in a PC's peformance (see here). This part does the protection and "self-healing". Uninstallation is recommended by most people - especially for System Restore users (WinME/XP). If not available via Add/Remove try here | No |
| X | tgbcde | module32.exe | Added by the REIGN.R TROJAN! | No |
| U | tgcmd | tgcmd.exe | Part of software from SupportSoft (aka Support.com) provided to manufacturers and ISPs that allows them to offer on-line support - to update drivers, fix faults, etc. Also see the TgAddServer entry. This part ensures the software is installed correctly (similar to an installation wizard) as reported by Cox. Regarded as spyware by some as it has the ability to retrieve user information. Whether it does so depends upon the provider. One Toshiba user reports problems with hibernate on his laptop if disabled - hence the "U" recommendation" | Yes |
| U | tgcmd | hcenter.exe | Bellsouth help center. Part of software from SupportSoft (aka Support.com) provided to manufacturers and ISPs that allows them to offer on-line support - to update drivers, fix faults, etc. Also see the TgAddServer entry. This part ensures the software is installed correctly (similar to an installation wizard) as reported by Cox. Regarded as spyware by some as it has the ability to retrieve user information. Whether it does so depends upon the provider. One Toshiba user reports problems with hibernate on his laptop if disabled - hence the "U" recommendation" | No |
| U | tgcmdprovidersbc | tgcmd.exe | Part of software from SupportSoft (aka Support.com) provided to manufacturers and ISPs that allows them to offer on-line support - to update drivers, fix faults, etc. Also see the TgAddServer entry. This part ensures the software is installed correctly (similar to an installation wizard) as reported by Cox. Regarded as spyware by some as it has the ability to retrieve user information. Whether it does so depends upon the provider. One Toshiba user reports problems with hibernate on his laptop if disabled - hence the "U" recommendation" | No |
| N | TGCMG | ?? | Related to Rogers@Home, causes errors in WinSock32.dll. Not required for connection to work | No |
| X | TGDC IE Plugin | tgdc.exe | ShopForGood spyware - see here | No |
| X | tgkill | tgkill.exe | Comcast (the cable folks who are replacing @home in some parts of the USA) have struck a deal with Tioga to provide an "enhanced" support and self-repairing tool. This is "beta" at present and was made available to download by mistake at present. Remove via Start -> Settings -> Add/Remove Programs | No |
| N | TGPro Office | IdxOffice.exe | With IdiomaX Office Translator "you can translate documents directly from your favorite text editor (Microsoft Word, WordPerfect or Lotus WordPro)" | No |
| U | Tgsetsite | tgfix.exe | See also TgAddServer. This part ensures the software is installed correctly (similar to an installation wizard) as reported by Cox Regarded as spyware by some as it has the ability to retrieve user information. Whether it does so depends upon the provider. One Toshiba user reports problems with hibernate on his laptop if disabled - hence the "U" recommendation | No |
| U | THCS | svchost.exe | AllMonitor surveillance software. Uninstall this software unless you put it there yourself. Note - this is not the svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup. This one is located in a "drivers\imon" subfolder | No |
| ? | Thdetrf | thdetr32.exe | Appears to be related to Lycos advertising | No |
| X | ThE | wind0s.exe | Added by an unidentified WORM or TROJAN! | No |
| N | The Assistant | eSched.exe | Related to WinTotal from a la mode inc. FormFiller for appraisers | No |
| U | The Easy Bee's Hive | ATCEgSvr.exe | The Easy Bee is a software that allows you to record Internet navigation sequences, which can include form filling and button clicking and to attach a replay schedule to each sequence | No |
| X | The Ethernet | ethernet.exe | Added by a variant of the SDBOT WORM! | No |
| X | The Ethernet | intranet.exe | Added by a variant of the SDBOT WORM! | No |
| X | The Intranet | intranet.exe | Added by a variant of the SDBOT WORM! | No |
| N | The Proxomitron | Proxomitron.exe | A free, highly flexible, user-configurable, small but very powerful, local HTTP web-filtering proxy - see here | No |
| X | The Registry Sentinel | The Registry Sentinel.exe | The Registry Sentinel rogue security software - not recommended, removal instructions here | No |
| X | The Service Pack Loader | spxp.exe | Added by the RBOT-BYM WORM! | No |
| X | The Spy Guard | spyguard.exe | The SpyGuard spyware remover - not recommended, see here | No |
| X | The Spy Guard Monitor | spyguard_monitor.exe | The SpyGuard spyware remover - not recommended, see here | No |
| X | The Web Sentinel | The Web Sentinel.exe | The Web Sentinel rogue security software - not recommended, removal instructions here | No |
| X | TheBestMP3 | rundll32.exe MSA64CHK.dll,DllMostrar | MatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System% | No |
| X | TheDefend.exe | TheDefend.exe | TheDefend rogue security software - not recommended, removal instructions here. A member of the AntiAID family | No |
| X | TheLastDefender | LastDefender.exe | The Last Defender rogue security software - not recommended, removal instructions here | No |
| ? | TheMainStart | N/A | ?? | No |
| X | ThemeMP3 | rundll32.exe MSA64CHK.dll,DllMostrar | MatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System% | No |
| X | TheMonitor | [path to trojan] | Added by the DLOADR-LO TROJAN! | No |
| X | TheMonitor | Duce6.exe | YourEnhancement downloader | No |
| X | TheSpyBot | TheSpyBot.exe | TheSpyBot rogue security software - not recommended, removal instructions here | No |
| U | THGuard | TH_Guard.exe | Resident memory scanning for TrojanHunter | No |
| U | THGuard | THGuard.exe | Resident memory scanning for TrojanHunter | No |
| X | Think-Adz | [random filename] | Zeno Think-Adz adware | No |
| N | ThinkPad Configuration Utility | TP98TRAY.EXE | System Tray access to the ThinkPad Configuration utility for IBM/Lenovo ThinkPad notebooks. "The ThinkPad Configuration utility is a control center to configure your ThinkPad hardware. With this utility, you can setup or change your device configurations for ThinkPad hardware and options" | Yes |
| U | ThinkPad EasyEject Utility | EzEjMnAp.Exe | EasyEject Utility for IBM/Lenovo Thinkpad notebooks. Quote: "The IBM ThinkPad EasyEject Utility makes removing multiple devices from your computer faster and easier by enabling you to stop more than one device at once, rather than stopping each device individually." Configuration and performing of EasyEject actions is available via Fn+F9 key combination on some models | Yes |
| N | ThinkPad EasyEject Utility | EZEJTRAY.EXE | System Tray access to the EasyEject Utility for IBM/Lenovo Thinkpad notebooks. Quote: "The IBM ThinkPad EasyEject Utility makes removing multiple devices from your computer faster and easier by enabling you to stop more than one device at once, rather than stopping each device individually." Configuration and performing of EasyEject actions is available via Fn+F9 key combination on some models | Yes |
| U | ThinkPad Presentation Director | NPDTray.exe | System Tray access to Presentation Director for IBM/Lenovo Thinkpad notebooks - which allows you to create and quickly select between various single and mulitple display options. Scheme selection and settings are also available via Fn+F7 key combination on some models | Yes |
| U | ThinkVantage Access Connections | ACTray.exe | System Tray access to the ThinkVantage Access Connections connectivity-assistant program for IBM/Lenovo ThinkPad or 3000 Family notebook computers - "allowing users to seamlessly switch between wired and wireless environments, managing security settings, printers, home page and other location-specific settings automatically" | Yes |
| U | ThinkVantage Access Connections | ACWLIcon.exe | Part of the ThinkVantage Access Connections connectivity-assistant program for IBM/Lenovo ThinkPad or 3000 Family notebook computers - "allowing users to seamlessly switch between wired and wireless environments, managing security settings, printers, home page and other location-specific settings automatically." This is the System Tray icon giving notifications of and access to the Wireless Connection Status | Yes |
| Y | ThinkVantage Active Protection System | TpShocks.exe | Part of the Active Protection System found on some IBM/Lenovo Thinkpad models - including the T, W, X and Z series. This provides airbag-like protection for your hard drive as the system has "an integrated motion sensor that continuously monitors the movement of the notebook, and, if a sudden change in motion is detected, it temporarily stops the hard drive to protect it from a potential crash". The user can also temporarily suspend APS via the Start Menu or (optional) System Tray icon and view the real-time status | Yes |
| X | This is a virus, please delete it | bigbadvirus.exe | Added by the RANDEX.F WORM! | No |
| U | Thoosje Vista Sidebar | Thoosje Vista Sidebar.exe | Thoosje's Vista Sidebar - sidebar and skins for microsoft Windows XP and Vista | No |
| U | THOTKEY | THotkey.exe | Associated with the Fn+ keys on Toshiba laptops. When disabled some keys still worked, like the one that regulates the volume of the system beep, but others didn't, like the one that immediately blackens your screen | No |
| Y | ThpSrv | thpsrv.exe | Toshiba Hard Drive Protection Utility - moves the Hard Drive head to a safe position in case of shock or vibration to reduce the risk of damage that could be caused by head-to-disk contact | No |
| X | Threaded | intcp32.exe | Added by the RANDEX.UG WORM! | No |
| Y | ThreatFire | TFTray.exe | System Tray access to ThreatFire no-signature anti-malware from PC Tools - which "features innovative real-time behavioral technology that provides powerful protection against both known and unknown viruses, worms, trojans, rootkits, buffer overflows, spyware, adware and other malware" | Yes |
| U | ThrustTSR | TMTMTSR.exe | Thrustmaster Thrustmapper - "t-mapper - icon sits on your taskbar and automatically detects when the joystick is plugged in and configures it accordingly" | No |
| X | Thumbs Plus *.* | thmbplus**.exe | Added by the AGOBOT-AAF WORM! ** is a combination of a random digits and characters | No |
| U | TI WLAN | TIWLANCu.exe | Texas Instruments TI wireless LAN products | No |
| X | tibs3 | tibs3.exe | Premium rate adult content dialler - see here | No |
| X | tibs5 | tibs5.exe | Premium rate adult content dialer - see here | No |
| ? | Ticket API Monitor | tktmon.exe | Syntegra Device Identification Logger. What does it do and is it required? | No |
| X | Tiger | Shine.exe | Added by the HAPPYLOW (or NISHE-A) VIRUS! | No |
| U | TiKL | tikl.exe | TinyKeylogger keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| X | TileFree | Tilecomfree.com | Added by the RBOT.CQE WORM! | No |
| X | Tilerun | Tilecom32.com | Added by a variant of the SDBOT WORM! | No |
| X | Time Manager | TimeManager.exe | Added by the MYTOB-BV WORM! | No |
| X | Time Zone Synchronization | wscript zshell.js | Added by the NETDEX-A TROJAN! | No |
| U | TimeCalendar | tc.exe | TimeCalendar digital planner | No |
| N | Timed Backups Manager Startup | BACKTIME.EXE | Backup Plus - backup software | No |
| U | TimeLeft | TimeLeft.exe | TimeLeft is a countdown, reminder, clock, alarm clock, stopwatch, timer, sticker and time synchronization utility which uses Winamp skins to show digits and text | No |
| U | Timemanager.exe | Timemanager.exe | Time Manager will let you track billable and non-billable time by customer, by category and by associate and then integrate directly to our custom billing package | No |
| N | TimeOnline | TIMEONLINE.EXE | Lightman Groups's TimeOnline monitor. For dial-up users to monitor time spent on the net. Available via Start -> Programs | No |
| X | TIMER | TIMER.EXE | Added by the TIMESE.AG WORM! | No |
| X | Timer | comm.exe | Added by the BDOOR-IP BACKDOOR! | No |
| X | Timer | timed.exe | Added by the BDOOR-LV BACKDOOR! | No |
| X | Timer | msncomm.exe | Added by the WEBDOR.AK TROJAN! | No |
| X | TimeService | trun.exe | TlfLic-A premium rate adult content dialler | No |
| X | TimeSink Add Client | TSADBOT.EXE | Advertising spyware | No |
| X | timessquare | timessquare.exe | Detected by Kaspersky as the STARTPAGE.AW TROJAN! | No |
| X | timestamp | timeapr32.exe | Added by the AGENT-DRU TROJAN! | No |
| X | TimeSyncApp | TimeSynchronize.exe | DealHelper adware | No |
| N | TimeUp | Timeup.exe | TimeUp - internet online timer | No |
| U | Timezone | TimeZone.exe | Microsoft Daylight Saving Time Update Utility - see here | No |
| X | TIMHost | TIMHost.exe | Added by the PWS-ANT TROJAN! | No |
| U | TimounterMonitor | TimounterMonitor.exe | Part of Acronis True Image backup software. Monitor for the backup archive explorer for moving and viewing files within an archive | No |
| U | TINTSETP | TINTSETP.EXE | Microsoft's Input Method Editor for Asian languages which is used to both display and enable the input of characters in e-mails, documents and other files - should you need to. Found on PCs where Asian languages (e.g. Chinese, Hindi, Japanese, etc) have been installed through the Regional and Language options icon in the Control Panel | Yes |
| X | Tinue | Tinue.exe | Added by the SILLYFDC.BCO WORM! | No |
| X | Tiny AV | fooding.exe | Added by the NETSKY.I WORM! | No |
| Y | Tiny Personal Firewall | persfw.exe | Tiny Personal Firewall | No |
| N | Tiny Watcher Logon Time | Watcher.exe | Tiny Watcher detects changes to your system. It will not prevent your system from being modified or corrupted. It will only tell you that something suspicious happened. Think of it as an early CAT scan against system tumors. Better to install a tool that will detect and remove bad items | No |
| U | tinySpell | tinyspell.exe | Tinyspell - "allows you to easily and quickly check the spelling of words in any Windows application. Monitors your typing on the fly, alerts you whenever it detects a misspelled word, and checks the spelling of every word you copy to the clipboard" | No |
| U | TiomanExe | Tioman.Exe | Agate Tioman - warm and hot swap removable bay device manager for IBM laptops | No |
| X | tipguard.exe | tipguard.exe | Privacy Commander rogue privacy program - not recommended, removal instructions here | No |
| N | Tips | mousetips.exe | Suggests tips on using your mouse | No |
| U | Titlebar Date | Titlebar Date.exe | Titlebar Date by Titlebar Software - displays the day of the week and date and time in the active window's tile bar. For example, open Notepad and the day and date will appear at the top of the window. The originator's website is no longer available but you can still download it here | Yes |
| U | Titlebar Time | Titlebar Time.exe | Titlebar Time by Titlebar Software - displays the day of the week, date and time in the active window's tile bar. For example, open Notepad and the day, date and time will appear at the top of the window. The originator's website is no longer available but you can still download it here | Yes |
| U | TiTleBarClock | TiTleBarClock.exe | TitleBarClock - displays Day, Time, Date, Month, Year, FreeMem, and FreeDriveSpace on the right side of the title bar in any main window that has the mouse or keyboard focus | No |
| U | TitleTime | TiTime.exe | "TitleTime adds the current date and/or time to the Caption of the currently active application window. Additional options are a second clock (with a different time), week number, GMT/UTC time, Swatch Internet Time and Sounds at each full, half or quarter hour" | No |
| N | Tivoli | LCFEP.EXE | Tivoli 'TME' System Tray icon - "'lcfep' is the program that displays statistics about the Endpoint. Apparently stopping/removing this process has no impact on the Endpoint itself which will continue to function normally" | No |
| ? | TivoNotify | TiVoNotify.exe | Part of Tivo Desktop. What does it do and is it required? | No |
| U | TivoServer | TiVoServer.exe | Tivo Server - installed with the TiVo Home Media Option. It streams audio files to your television/home theater from your PC | No |
| U | TivoTransfer | TivoTransfer.exe | Tivo Transfer Service. TiVo Desktop is an easy-to-use application that lets you publish and share digital music, photos and TiVo recordings between your networked TiVo Series2 DVR and your computer | No |
| X | tiwi | tiwi | Added by the RAHIWI.A WORM! | No |
| U | TIxDSL | tidslmon.exe | Actiontec DSL modem. Associated with High Speed AOL DSL. Used to get line sync with the Actiontec DSL USB Modem. Available via Start -> Programs | No |
| N | TizzleTalk | TizzleTalk.exe | TizzeTalk is a dialect translator for Yahoo, MSN, AOL Instant Messengers. Bundles adware, hence not recommended. From their EULA : "As a result of installing the Company's Software, you will see occasional banner ads, pop-up or pop-under ads, or other types of ads selected based on your online activities .../... Occasionally, we may automatically or through other remote means, update, upgrade, patch or uninstall the Company's Software, including the Company's advertising-supported software, without further notice to you. These upgrades also may include installation of additional applications from the Company as well as third party applications" | No |
| X | tjstartup | [path to file] | Added by the TJSERV.C TROJAN! | No |
| N | TK8 EasyNote | EasyNote.exe | TK8 EasyNote - desktop post-it notes | No |
| N | TkBell.Exe | evntsvc.exe | Application Scheduler installed along with RealOne Player. Once installed, it runs independently of RealOne Player. See here for more information, including how to disable it. Also see evntsvc and Realsched. Note that eventsvc.exe no longer appears to be in a newer version. To disable "tkbell.exe" in the new version (1) Start RealOne Player (2) Tools -> Preferences (3) Automatic services in the Categories pane (4) Uncheck all options and then OK | No |
| N | TkBell.Exe | realsched.exe | Application Scheduler installed along with RealOne Player. Once installed, it runs independently of RealOne Player. See here for more information, including how to disable it. Also see evntsvc and Realsched. Note that eventsvc.exe no longer appears to be in a newer version. To disable "tkbell.exe" in the new version (1) Start RealOne Player (2) Tools -> Preferences (3) Automatic services in the Categories pane (4) Uncheck all options and then OK | No |
| N | TkBell.Exe | tkbell.exe | Application Scheduler installed along with RealOne Player. Once installed, it runs independently of RealOne Player. See here for more information, including how to disable it. Also see evntsvc and Realsched. Note that eventsvc.exe no longer appears to be in a newer version. To disable "tkbell.exe" in the new version (1) Start RealOne Player (2) Tools -> Preferences (3) Automatic services in the Categories pane (4) Uncheck all options and then OK | No |
| N | TkBellExe | evntsvc.exe | Application Scheduler installed along with RealOne Player. Once installed, it runs independently of RealOne Player. See here for more information, including how to disable it. Also see evntsvc and Realsched. Note that eventsvc.exe no longer appears to be in a newer version. To disable "tkbell.exe" in the new version (1) Start RealOne Player (2) Tools -> Preferences (3) Automatic services in the Categories pane (4) Uncheck all options and then OK | No |
| N | TkBellExe | realsched.exe | Application Scheduler installed along with RealOne Player. Once installed, it runs independently of RealOne Player. See here for more information, including how to disable it. Also see evntsvc and Realsched. Note that eventsvc.exe no longer appears to be in a newer version. To disable "tkbell.exe" in the new version (1) Start RealOne Player (2) Tools -> Preferences (3) Automatic services in the Categories pane (4) Uncheck all options and then OK | No |
| N | TkBellExe | tkbell.exe | Application Scheduler installed along with RealOne Player. Once installed, it runs independently of RealOne Player. See here for more information, including how to disable it. Also see evntsvc and Realsched. Note that eventsvc.exe no longer appears to be in a newer version. To disable "tkbell.exe" in the new version (1) Start RealOne Player (2) Tools -> Preferences (3) Automatic services in the Categories pane (4) Uncheck all options and then OK | No |
| X | TkNetDriver Monitor | lexbce.exe | Added by the SDBOT-ADF WORM! | No |
| N | tkonnect | TKONNECT.EXE | Dialer for the Tiscali internet service provider. Available as a desktop shortcut | No |
| X | tlc | update911.js | Hijacker installer | No |
| ? | TlcR | avp.exe | ?? | No |
| U | tlntsvr | tlntsvr.exe | Microsoft program associated with Telnet | No |
| U | TLogonPath | tb2logon.exe | Timbuktu Pro - remote desktop access software | No |
| X | tlz | 47681727.exe | Added by an unidentified TROJAN! | No |
| U | TM Outbreak Agent | TMOAgent.exe | Part of Trend Micro web-security products - PC-cillin 2004 and Virus Buster 2003-2004. Notifies users of virus outbreaks and offers to update the scanner | No |
| U | TMA distribution | cfinst.exe | Part of Intel's LANDesk Management Suite 6 and the Common Base Agent (CBA) - used for communicating between the core server and managed clients | No |
| X | tmax | pupdate.exe | Adware pop-up generator | No |
| X | tmchook | tmchook.exe | Detected by Kaspersky as the VB.AA TROJAN! | No |
| U | TMEEJME.EXE | TMEEJME.EXE | Toshiba TME (Toshiba Mobile Extension) Control | No |
| U | TMERzCtl.EXE | TMERzCtl.EXE | Toshiba TME (Toshiba Mobile Extension) Control | No |
| U | TMESBS | TMESBS21.EXE | Utility related to inserting and removing the slim bay device (such as a DVD/CD-writer) on Toshiba laptops. You can disable this task if you have no intention of ever taking the device out while the laptop is turned on | No |
| U | TMESBS.EXE | TMESBS21.EXE | Utility related to inserting and removing the slim bay device (such as a DVD/CD-writer) on Toshiba laptops. You can disable this task if you have no intention of ever taking the device out while the laptop is turned on | No |
| U | TMESBS.EXE | TMESBS31.EXE | Utility related to inserting and removing the slim bay device (such as a DVD/CD-writer) on Toshiba laptops. You can disable this task if you have no intention of ever taking the device out while the laptop is turned on | No |
| U | TMESBS.EXE | TMESBS32.EXE | Utility related to inserting and removing the slim bay device (such as a DVD/CD-writer) on Toshiba laptops. You can disable this task if you have no intention of ever taking the device out while the laptop is turned on | No |
| U | TMESBS32 | TMESBS32.EXE | Utility related to inserting and removing the slim bay device (such as a DVD/CD-writer) on Toshiba laptops. You can disable this task if you have no intention of ever taking the device out while the laptop is turned on | No |
| U | TMESRV.EXE | TMESRV11.EXE | Toshiba utility related to inserting and removing a laptop from a docking station. Not required if you don't use a docking station | No |
| U | TMESRV.EXE | TMESRV21.EXE | Toshiba utility related to inserting and removing a laptop from a docking station. Not required if you don't use a docking station | No |
| U | TMESRV.EXE | TMESRV31.EXE | Toshiba utility related to inserting and removing a laptop from a docking station. Not required if you don't use a docking station | No |
| U | TMESRV31 | TMESRV31.EXE | Toshiba utility related to inserting and removing a laptop from a docking station. Not required if you don't use a docking station | No |
| U | TMExLogon | TMESRV.EXE | Toshiba utility related to inserting and removing a laptop from a docking station. Not required if you don't use a docking station | No |
| ? | Tmmkb | Tmmkysvr.exe | Toshiba multi-media keyboard software - possibly including creating keyboard shortcuts? | No |
| N | TMMonitor | tmmonitor.exe | System Tray access and sync monitor for TotalMedia from Arcsoft - "an all-in-one multimedia application that allows you to access and work with digital photos, home videos, recorded TV programs, radio and your digital music library right from your TV or home computer." The sync monitor initiates the sync schedule that you have set and once it's time to sync the scheduled files, the program starts automatically. Exiting the sync monitor prevents scheduled sync from occurring until it is restarted | Yes |
| X | TmNetDriver Monitor | exbce.exe | Added by the SDBOT-ABR WORM! | No |
| X | Tmntsrv32 | Tmntsrv32.exe | Added by the STARTPAGE.O TROJAN! | No |
| U | TMOUSE | tmouse.exe | Component of the Toshiba Mouse Control that allows users with an AccuPoint mouse to scroll MS-scroll-compatible documents by holding CTRL + ALT and moving the AccuPoint up or down. It also allows zooming by holding CTRL + SHIFT and moving the AccuPoint up or down. Disabling this item has no adverse effects, except disabling the scroll/zoom features of the AccuPoint | No |
| Y | tmproxy | tmproxy.exe | Part of Trend Micro web-security products - Internet Security 2005, PC-cillin 2003, and Virus Buster 2003-2004 | No |
| X | tmp_up | sample.exe | QuickBar adware | No |
| U | TMRUBottedTray | TMRUBottedTray.exe | RUBotted (from Trend Micro) monitors your computer for suspicious activities and regularly checks with an online service to identify behavior associated with Bots. Upon discovering a potential infection, RUBotted prompts you to scan and clean your computer | No |
| U | TMTMTSR | TMTMTSR.exe | Thrustmaster Thrustmapper - "t-mapper - icon sits on your taskbar and automatically detects when the joystick is plugged in and configures it accordingly" | No |
| U | TnPopUp | billbrz.exe | Related to Technesis "award-winning solutions for tracking and managing print, copy, fax and scan activities" | No |
| U | TNTClk | TNTCLK.exe | Overclocking program for TNT, TNT2, and other graphics cards. This program can overclock the graphics card manually after startup when needed, especially before starting a gaming session. However, for simplicity, it can be left checked to let it run once at startup to automatically overclock the graphics card. In this case, it doesn't even run in the background after doing its job | No |
| U | ToADiMon.exe | ToADiMon.exe | T-Online ISP software connection assistant | No |
| U | Toggler | toggler.exe | "Toggler allows you to gain control over your Caps Lock, Num Lock, and Insert keys. It prevents you from writing in ALL CAPS when your finger has slipped to accidentally hit the Caps Lock key" | No |
| X | Tok-Cirrhatus | IDTemplate.exe | Added by the RONTOKBRO.A WORM! | No |
| X | Tok-Cirrhatus | smss.exe | Added by the BRONTOK-A WORM and variants! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %AppData% | No |
| X | Tok-Cirrhatus | [path to file] | Added by the BRONTOK-F WORM! | No |
| X | Tok-Cirrhatus-1464 | br3951on.exe | Added by the BRONTOK.AD WORM! | No |
| X | Tok-Cirrhatus-1959 | br4941on.exe | Added by the BRONTOK-J WORM! | No |
| X | Tok-Cirrhatus-1959 | [random].exe | Added by the BRONTOK-CF WORM! | No |
| X | Tok-Cirrhatus-1959sarc | sv711224030r.exe | Added by the BRONTOK-R WORM! | No |
| X | Tok-Cirrhatus-1959sarc | yesbron.com | Added by the BRONTOK-R WORM! | No |
| X | Tok-Cirrhatus-2454 | br5931on.exe | Added by the BRONTOK.AD WORM! | No |
| X | Tok-Cirrhatus-2784 | br6591on.exe | Added by the BRONTOK-L WORM! | No |
| X | Tok-Cirrhatus-2784 | smss.exe | Added by the BRONTOK-S WORM! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %AppData% | No |
| X | Tok-Cirrhatus-[4 random digits] | br[4 random digits]on.exe | Added by the BRONTOK-M WORM! | No |
| ? | TomcatStartup | hpbpsttp.exe | Apache Tomcat web server, part of HP LaserJet "Printer Tools" software. What does it do and is it required? | No |
| ? | TomcatStartup 2.5 | hpbpsttp.exe | Apache Tomcat web server, part of HP LaserJet "Printer Tools" software. What does it do and is it required? | No |
| ? | Tommorrow | tomorrow.exe | ?? | No |
| N | TomTomHOME.exe | TomTomHOME.exe | TomTom HOME - free management program for your PC to look after their GPS navigation products | No |
| X | ToolbarInstall | MirarSetup.exe | Mirar adware | No |
| N | toolbar_eula_launcher | EULALauncher.exe | Related to Google Desktop | No |
| U | ToolBoxFX | HPTLBXFX.exe | HP ToolBoxFX - "provides desktop configuration, status and support for every feature". Supplied with some HP multifunction printers | No |
| X | ToolHelp | hwpv.exe | Added by a variant of the INFOSTEALER TROJAN! | No |
| X | toolsicuro | SysRep.exe | ToolSicuro, Italian rogue system error and cleaning utility - not recommended. A member of the ErrClean family | No |
| X | ToP | LSASS.exe | Added by the WOWCRAFT.C TROJAN! Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | Top Tilecom | Tilecomtop.com | Added by the RBOT.BXD WORM! | No |
| ? | ToPassSrv | Pktopass.exe | Related to Caere Pagekeeper scanning software (now taken over by Scansoft), Disabling is known to cause problems | No |
| X | topat | zlip.exe | Added by the FLOOD-IG TROJAN! | No |
| U | TopDesk | TopDesk.exe | TopDesk - puts an icon in your system tray that when clicked upon, opens a pop-up menu that gives instant access to all of your desktop programs without having to minimize, resize, move or close other programs or files | No |
| ? | topi | topi.exe | Toshiba Online Product Information. What does it do and is it required? | No |
| X | Topic cPanr | cPaner.com | Added by the SDBOT.AJP WORM! | No |
| X | Topic lnternet | lnternet32.exe | Added by the RBOT-GLZ WORM! | No |
| X | Topic MSNGR32 | MSNGR32.com | Added by a variant of the IRCBOT TROJAN! | No |
| X | Topic Soft | Tilesoft.com | Added by the RBOT.GDH WORM! | No |
| X | Topic Tilesys | Tilesys.com | Added by a variant of the RBOT WORM! | No |
| X | ToPicks Starter | Idhost.exe | TOPicks adware | No |
| U | TopmostClock | TopMostClock.exe | TopMost Clock - transparent analog clock which displays on top of your other windows | No |
| X | topmoxie | JavaRun.exe | TopMoxie adware | No |
| X | TopSearch | TopSearch.exe | TopSearch adware variant | No |
| N | Tor | tor.exe | Tor anonymous internet communication system. Shortcut available via Start -> Programs | No |
| X | tor anonymous proxy | tor32.exe | Added by the SDBOT-ADR WORM! | No |
| X | Torjan Program | [path to trojan] | Added by the LEGMIR-BO TROJAN! | No |
| X | Torjan Program | smss.exe | Added by the WOWCRAFT.B TROJAN! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | Torjan Program | WINLOGON.EXE | Added by the WOWCRAFT.D TROJAN! Note - this is not the legitimate winlogon.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | Torrent Management Service | system32.exe | Added by a variant of the IRCBOT TROJAN! See here | No |
| X | Torrent Management Service | TMANAGESVC.EX | Added by a variant of the IRCBOT TROJAN! | No |
| N | TOSCDSPD | toscdspd.exe | Related to Toshiba laptop CD/DVD drivers. This is a non-essential process. Disabling or enabling this is down to user preference | No |
| U | TOSHIBA Accessibility | FnKeyHook.exe | "Allows you to use the Fn key to create a hot key combination with one of the function keys without pressing the two keys simultaneously as is usually required. Using Accessibility lets you make the Fn key a sticky key, meaning you can press it once, release it, and then press a function key to activate the hot key function" | No |
| Y | Toshiba Fan | fan.exe | Toshiba untilty to keep the fan on a laptop running if they fail to detect there is too much heat | No |
| U | Toshiba Key State | KEYSTATE.EXE | Displays an icon in the System Tray indicating the state of the CAPS LOCK key. Can be handy on (e.g., Toshiba) laptops which do not have a Caps Lock indicator light. Available via Start -> Programs | No |
| N | Toshiba Registration | ToshibaRegistration.exe | Toshiba Registration - available via Start -> Programs | No |
| N | Toshiba TEMPO | Toshiba.Tempo.UI.TrayApplication.exe | TEMPO is a software service developed by Toshiba. It will advise you on how to fine-tune the performance of your notebook and keep you informed of the latest Toshiba software and driver updates as soon as they are released. It does this by delivering various types of alerts into a special TEMPO inbox area on your notebook PC | No |
| U | TOSHIBA Volume Indicator | VolControl.exe | On-screen volume indicator for Toshiba notebooks | No |
| N | ToshibaPinger | pinger.exe | Pinger is the resident program for Toshiba Upgrades. Periodically checks to see if there are any software/driver upgrades for your particular computer model. If it finds any, it posts a notification | No |
| U | TOSHIBSU | Toshibsu.exe | Reduces the power consumption when the laptop isn't being used to preserve battery power. Hibernate function doesn't work if this is disabled. Similar programs on other laptops reduce the processor clock rate, etc. Required if you run off battery regularly | No |
| U | TosHKCW | TosHKCW.exe | Toshiba Hot Key Change/Control Wireless. Permits you to use a hot key to activate/deactivate built-in 802.11b wireless transmission on a laptop (if installed) | No |
| U | TosHKCW.exe | TosHKCW.exe | Toshiba Hot Key Change/Control Wireless. Permits you to use a hot key to activate/deactivate built-in 802.11b wireless transmission on a laptop (if installed) | No |
| Y | TosMem | tosmem.exe | Toshiba laptop related. Win98/Me ACPI system can not hibernate or go on standby if all of the physical memory lower than 640KB is locked. This utility allocates and locks three pages on boot and then releases them on standby/hibernation for ACPI.SYS in order to solve the above problem | No |
| U | TosRotation | TRot.exe | TOSHIBA Rotation Utility - allows users to rotate a notebook's screen image 180 degrees in order to share information on the screen with others seated across a table or desk | No |
| X | totacon | totacon.exe | Added by a variant of the Storm/Nuwar/Zhelatin WORM! See here for an example | No |
| X | Total PC Defender | Total PC Defender.exe | Total PC Defender rogue security software - not recommended, removal instructions here | No |
| X | Total Protect 2009 | pcpc_starter.exe | Total Protect 2009 rogue security software - not recommended, removal instructions here | No |
| X | Total Virus Protection | TotalVirusProtection.exe | Total Virus Protection rogue security software - not recommended, removal instructions here | No |
| U | TotalMedia Backup Monitor | uBBMonitor.exe | ArcSoft's TotalMedia Backup - "Backing up your precious photos, videos, and essential documents couldn't be easier!" | No |
| X | TotalSecure2009 | scan.exe | Total Secure 2009 rogue security software - not recommended, removal instructions here | No |
| U | TotRecSched | TotRecSched.exe | Scheduler for Total Recorder - allows automatic recording of a show at a given time for later playback or you can use the scheduler as an alarm | No |
| Y | ToUcamVProperty | VProperty.exe | Philips Web Camera model name pcvc740k, ToUcam driver configuration tray icon | No |
| U | Touch Manager | WinLED.exe | Dell keyboard utility. Disabling can result in loss of screen saver and power saver functionality | No |
| U | TouchED | TouchED.exe | TouchPad On/Off Utility on a Toshiba laptop | No |
| U | TouchFreeze | TouchFreeze.exe | TouchFreeze is simple utility for Windows that automatically disables the touchpad on notebooks while you are typing text - so that you can avoid accidentally changing the position of the cursor in your document or clicking on an option | No |
| N | tour | regedit ..tour.reg | Edits registry values to keep the WinMe tour in Task Scheduler | No |
| N | Tour | wincool.exe | Annoying WinMe component that prompt you to play the %Windir%\Application Data\Microsoft\INTROCONTENT.HTA file - that plays a full screen version of the WinMe product preview and cannot be stopped until it finishes to my knowledge. That prompt will keep popping up after an install/reinstall of WinMe until you give in and watch the thing. It also puts a task scheduler entry to run that annoying thing every 30 minutes - and don't bother deleting that entry as Windows puts it right back. Not only should you disable it from running, you should delete the thing altogether as it somehow can re-enable itself. Apparently you can try setting the file to read only | No |
| N | tourpath | regedit /s [path] tour.reg | Edits registry values to keep the Win 2000 "tour" in Task Scheduler | No |
| U | TP4EX | tp4ex.exe | Supports accessibility features for the TrackPoint stick and associated buttons on IBM/Lenovo ThinkPad notebooks. If features such as "Click Sound", "Button Lock" and "Cross Hair cursor" are enabled this entry will run at startup. If none of the accessibility features are used it remains as a startup entry but doesn't run | Yes |
| U | tp4mon | tp4mon.exe | Supports the "pointer stick" in lieu of a mouse on an IBM ThinkPad laptop. Necessary for the "scroll" button to work | No |
| U | tp4serv | tp4serv.exe | Supports the "pointer stick" in lieu of a mouse on an IBM ThinkPad laptop. Necessary for the "scroll" button to work | No |
| N | TP98TRAY | TP98TRAY.EXE | System Tray access to the ThinkPad Configuration utility for IBM/Lenovo ThinkPad notebooks. "The ThinkPad Configuration utility is a control center to configure your ThinkPad hardware. With this utility, you can setup or change your device configurations for ThinkPad hardware and options" | Yes |
| N | TP98UTIL | TP98.EXE | IBM Thinkpad feature setup & configuration utility | No |
| ? | Tpam.exe | tpam.exe | TP Attach Manager - part if IBM Personal Communications. What does it do and is it required? | No |
| X | tpcupdater | updatetc.exe | Antivirus XP 2008 rogue security software - not recommended | No |
| U | TPFNF7 | TPFNF7SP.exe | Presentation Director for IBM/Lenovo Thinkpad notebooks - which allows you to create and quickly select between various single and multiple display options via the Fn+F7 key combination | No |
| U | TPFNF7SP | TPFNF7SP.exe | Presentation Director for IBM/Lenovo Thinkpad notebooks - which allows you to create and quickly select between various single and multiple display options via the Fn+F7 key combination | No |
| U | TPHKMGR | TPHKMGR.exe | Hotkey manager for IBM/Lenovo Thinkpad notebooks. Supports the blue "ThinkVantage" or "Access IBM" help key, Fn+Fx (where x is a number) key combinations (for access to features such as quickly locking the computer, wireless management, EasyEject and full-screen magnifier) and audio buttons (mute and volume up/down) | Yes |
| U | TPHKMGR.exe | TPHKMGR.exe | Hotkey manager for IBM/Lenovo Thinkpad notebooks. Supports the blue "ThinkVantage" or "Access IBM" help key, Fn+Fx (where x is a number) key combinations (for access to features such as quickly locking the computer, wireless management, EasyEject and full-screen magnifier) and audio buttons (mute and volume up/down) | Yes |
| U | TPHOTKEY | TPHKMGR.exe | Hotkey manager for IBM/Lenovo Thinkpad notebooks. Supports the blue "ThinkVantage" or "Access IBM" help key, Fn+Fx (where x is a number) key combinations (for access to features such as quickly locking the computer, wireless management, EasyEject and full-screen magnifier) and audio buttons (mute and volume up/down) | Yes |
| U | TPHOTKEY | TPOSDSVC.exe | Supports the hotkeys on IBM/Lenovo ThinkPad notebooks - displays the result of the using of function keys on the desktop screen. For example, whenever a user changes system speaker volume, this program displays a volume indicator on the desktop screen | Yes |
| U | TPKBDLED | TpScrLk.exe | IBM Thinkpad utility for displaying the Scroll Lock status on the System Tray - for Thinkpad's that don't have a Scroll Lock LED | Yes |
| N | TpKmapAp | TpKmapAp.exe | Part of the Keyboard Customizer Utility for IBM/Lenovo Thinkpad notebooks. This is the main user interface for the utility but it doesn't normally seem to be running if enabled at startup. Also, it doesn't appear to need to be running for custom key combinations to work (via TpKmapMn.exe) | Yes |
| N | TPKMAPHELPER | TpKmapAp.exe | Part of the Keyboard Customizer Utility for IBM/Lenovo Thinkpad notebooks. This is the main user interface for the utility but it doesn't normally seem to be running if enabled at startup. Also, it doesn't appear to need to be running for custom key combinations to work (via TpKmapMn.exe) | Yes |
| U | TPKMAPMN | TpKmapMn.exe | Keyboard Customizer Utility for IBM/Lenovo Thinkpad notebooks. This startup entry will be enabled if either the default or custom key combinations are selected for use with the built-in keyboard (such as AltGr for the Windows key) or an external keyboard (such as Right Ctrl + Up arrow for volume up) | Yes |
| U | TpKmapMn.exe | TpKmapMn.exe | Keyboard Customizer Utility for IBM/Lenovo Thinkpad notebooks. This startup entry will be enabled if either the default or custom key combinations are selected for use with the built-in keyboard (such as AltGr for the Windows key) or an external keyboard (such as Right Ctrl + Up arrow for volume up) | Yes |
| U | tpopservice | tpopservice.exe | DirecWay two-way satellite internet service enhanced POP proxy server for email | No |
| U | TPOSDSVC | TPOSDSVC.exe | Supports the hotkeys on IBM/Lenovo ThinkPad notebooks - displays the result of the using of function keys on the desktop screen. For example, whenever a user changes system speaker volume, this program displays a volume indicator on the desktop screen | Yes |
| U | TPOSDSVC.exe | TPOSDSVC.exe | Supports the hotkeys on IBM/Lenovo ThinkPad notebooks - displays the result of the using of function keys on the desktop screen. For example, whenever a user changes system speaker volume, this program displays a volume indicator on the desktop screen | Yes |
| U | TPP Auto Loader | Tppaldr.exe | Installed with DataStor's (and some other manufacturers) USB 2.0 based external DVD, CD-ROM and CD-RW drives. System tray icon allowing the user to disconnect the external drive without an error message being displayed | No |
| U | Tprtray | Tprtray.exe | Displays the Power icon in the System Tray on a Toshiba laptop | No |
| U | Tpscrex | Tpscrex.exe | Lenovo (IBM) ThinkPad hotkey related | No |
| U | TpScrLk | TpScrLk.exe | IBM Thinkpad utility for displaying the Scroll Lock status on the System Tray - for Thinkpad's that don't have a Scroll Lock LED | Yes |
| U | TpScrLk.exe | TpScrLk.exe | IBM Thinkpad utility for displaying the Scroll Lock status on the System Tray - for Thinkpad's that don't have a Scroll Lock LED | Yes |
| Y | TpShocks | TpShocks.exe | Part of the Active Protection System found on some IBM/Lenovo Thinkpad models - including the T, W, X and Z series. This provides airbag-like protection for your hard drive as the system has "an integrated motion sensor that continuously monitors the movement of the notebook, and, if a sudden change in motion is detected, it temporarily stops the hard drive to protect it from a potential crash". The user can also temporarily suspend APS via the Start Menu or (optional) System Tray icon and view the real-time status | Yes |
| U | TPSmain | TPSMain.exe | Toshiba Power Saver - associated with Toshiba laptops/desktops. Manages the power save function to make sure that the system goes to a power saver mode when not used | No |
| Y | TPSODDCtl | TPSODDCtl.exe | Power saving software on Toshiba laptops | No |
| N | TPTray | TPTray.exe | Touchpad configuration tray icon for Toshiba laptops. Available via Start -> Settings -> Control Panel | No |
| N | TPTRAY | TP98TRAY.EXE | System Tray access to the ThinkPad Configuration utility for IBM/Lenovo ThinkPad notebooks. "The ThinkPad Configuration utility is a control center to configure your ThinkPad hardware. With this utility, you can setup or change your device configurations for ThinkPad hardware and options" | Yes |
| U | TPWAUDAP | TpWAudAp.exe | Provides support for volume changes via hotkeys on IBM/Lenovo Thinkpad notebooks | No |
| Y | TPwrMain | TPwrMain.EXE | Power management software for Toshiba laptops | No |
| ? | TPwrMgr | TPwrMgr.exe | Found on a Toshiba laptop. Related to power management? | No |
| Y | Tpwrtray | TPWRTRAY.EXE | Toshiba laptop's own Advanced Power Management system which disables Windows APM (greyed-out in Control Panel). You can't choose which of the 2 systems to use | No |
| U | tqrecv | tqrecv.exe | Tellique satellite broadcast reception software | No |
| N | Traceless | launch.exe | Traceless 2003 - clear your cookies, temp directories and browser history with a click of a button. It also clears the recent documents and the IE drop down auto complete box | No |
| X | tracesweeper | tracesweeper.exe | Trace Sweeper rogue privacy tool - not recommended | No |
| U | Track4WinMonitor | STMonitor.exe | Track4Win Monitor surveillance software. Uninstall this software unless you put it there yourself | No |
| ? | Tracker | Tracker.exe | Possibly associated with My Deluxe Invoices program | No |
| X | trackerx90.th.gs | anti_data_exe_by_trackerx90.exe | Added by the BCKDR-QIT BACKDOOR! | No |
| U | TrackPoint Accessibility Features | tp4ex.exe | Supports accessibility features for the TrackPoint stick and associated buttons on IBM/Lenovo ThinkPad notebooks. If features such as "Click Sound", "Button Lock" and "Cross Hair cursor" are enabled this entry will run at startup. If none of the accessibility features are used it remains as a startup entry but doesn't run | Yes |
| U | TrackpointSrv | daemon.exe | Supports the "pointer stick" in lieu of a mouse on an IBM ThinkPad laptop. Necessary for the "scroll" button to work | No |
| U | TrackpointSrv | tp4serv.exe | Supports the "pointer stick" in lieu of a mouse on an IBM ThinkPad laptop. Necessary for the "scroll" button to work | No |
| U | TrackPointSrv | tp4mon.exe | Supports the "pointer stick" in lieu of a mouse on an IBM ThinkPad laptop. Necessary for the "scroll" button to work | No |
| U | Tracks Eraser | te.exe | Tracks Eraser from Acesoft - "Erases all tracks of your internet activity" | No |
| U | Tracks Eraser Pro | te.exe | Tracks Eraser Pro from Acesoft - "Erases all tracks of your internet activity" | No |
| U | tranicon | tranicon.exe | A Tweak-XP component (only in the registered version), makes Desktop icons transparent. Can be enabled/disabled via Tweak-XP -> System + File Tweaks -> Windows Tweaks -> Desktop Tweaks -> Make Desktop Icons Transparent | No |
| X | Transaction Tasker | stdhost.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| N | Transcode360 | Transcode360Tray.exe | Designed for WinXP Media Center Edition 2005 and the Xbox 360, Transcode360 aims to broaden the support for a wide range of video media including DivX and XviD | No |
| U | Transparent | TransparentW.exe | Utility to turn desktop icon text backgrounds transparent. The last letter defines the icon text color: D= as desktop, W=white, B=black. Available from here | No |
| U | Transparent | TransparentD.exe | Utility to turn desktop icon text backgrounds transparent. The last letter defines the icon text color: D= as desktop, W=white, B=black. Available from here | No |
| U | Transparent | TransparentB.exe | Utility to turn desktop icon text backgrounds transparent. The last letter defines the icon text color: D= as desktop, W=white, B=black. Available from here | No |
| U | TransparentIcons | tranicon.exe | A Tweak-XP component (only in the registered version), makes Desktop icons transparent. Can be enabled/disabled via Tweak-XP -> System + File Tweaks -> Windows Tweaks -> Desktop Tweaks -> Make Desktop Icons Transparent | No |
| U | transtask | transtask.exe | A Tweak-XP component, makes the taskbar icons transparent | No |
| X | transys | rundll32.exe transys.dll,start | Added by the AKBOT-AE WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "transys.dll" file is found in %System% | No |
| U | Trashgrd | TRASHGRD.EXE | Part of McAfee Nuts & Bolts. Protects all the files you delete, even files deleted in DOS or in 16-bit Windows applications, by sending them to the Recycle Bin | No |
| X | Tray | rundll32.exe | Added by the LINEAG-ADR TROJAN! Note - this is not the legitimate rundll32.exe process, which is found in %Windir% (98/ME) or %System% (NT/2K/XP). This one is located in %Windir%\command | No |
| Y | Tray control for Malwarebytes' Anti-Malware | mbamtrayctrl.exe | Malwarebytes' Anti-Malware - "monitors every process and actually stops malicious processes before they even start. It uses our impressive technology that is in fact a completely novel way of heuristic scanning and it is our response to the increasingly complex malware threats" | No |
| N | Tray Date | Tray Date.exe | Tray Date by Titlebar Software - displays a simple icon in the System Tray (that can't be configured) which shows the current date. The originator's website is no longer available but you can still download it here. Whilst it only uses around 10MB of memory, you can run it via the Start menu - or you can simply move the cursor over the clock time on the System Tray to show the date | Yes |
| U | Tray Folder | Tray Folder.exe | Tray Folder by Titlebar Software - creates a hidden folder that is only normally accessible by double-clicking on a System Tray icon that shows the current date. You can also hide files and other folders in that hidden folder. The originator's website is no longer available but you can still download it here | Yes |
| X | Tray manager system | traysys.exe | Added by the RIZO.A TROJAN! | No |
| U | Tray Pilot Lite | TrayPlt.exe | Tray Pilot allows you to hide the System Tray window. No longer supported by the authors | No |
| N | Tray Temperature | Weatherbug.exe | Weatherbug provides current outdoor temperature in the System Tray, also weather alerts. Available via Start -> Programs | No |
| X | Traybar | lsass.exe | Added by the MYDOOM.L WORM! Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| U | traydate.exe | TRAYDATE.EXE | TrayDate - displays the date as well as the time in the System Tray | No |
| U | TrayFolder | Tray Folder.exe | Tray Folder by Titlebar Software - creates a hidden folder that is only normally accessible by double-clicking on a System Tray icon that shows the current date. You can also hide files and other folders in that hidden folder. The originator's website is no longer available but you can still download it here | Yes |
| U | TrayIt! | trayit!.exe | TrayIt! minimizes open windows to the System Tray as icons instead of the usual taskbar | No |
| U | TrayManager | Trayman.exe | TrayManager hides system tray icons (FreeCell won't work when TrayMan is loaded) | No |
| U | Traymin900 | Tray900.exe | Related to the Philips SPC webcam - System Tray manager for Personal 900 series camera | No |
| U | Traymon | traymon.exe | Netropa Internet Receiver traymonitor. Will only launch the bar if you are connected to the internet and there's new news | No |
| N | TraySantaCruz | tbctray.exe | Provides quick access via a System Tray icon to the control panel for Turtle Beach's Santa Cruz or VideoLogic's SonicFury soundcards. Available via Start -> Settings -> Control Panel | No |
| N | TrayServer | TrayServer.exe | For monitoring tray icons | No |
| X | TrayX | winppr32.exe | Added by the SOBIG.F WORM! | No |
| N | tray_helper | tray_helper.exe | Tray Helper is an Email checker with additional tools, including a popup window killer, pinger module to monitor hosts and an event reminder | No |
| X | TRE AntiVirus | treav.exe | TRE AntiVirus rogue security software - not recommended, removal instructions here | No |
| X | trend | trend.exe | Added by the BANCOS-AZ TROJAN! | No |
| Y | Trend Micro Anti-Spyware | Tmas.exe | Trend Micro Anti-Spyware - required when using real time monitoring but now discontinued | No |
| Y | Trend Micro AntiVirus 2007 | tavui.exe | Part of Trend Micro AntiVirus 2007 | No |
| X | Trend Micro AV | trendav.exe | Added by the AGOBOT-OH WORM! Note - this is not a valid Trend Micro antivirus entry | No |
| Y | TrendMicro Antivirus | Aveagent.exe | Virus scanner | No |
| Y | TrendMicro OfficeScan NT | TMLISTEN.EXE | Virus scanner | No |
| X | Trickler | [path to file] | GAIN adware. Please note that Claria Corporation no longer support GAIN-Supported software - see here | No |
| Y | TridentTVIcon | tvicon.exe | Trident Microsystems, Inc Display driver | No |
| ? | TridTray | TridTray.exe | System Tray access to Trident 4DWave soundcards? | No |
| U | Trillian | trillian.exe | Part of Trillian IRC client | No |
| Y | trirot | trirot.exe | Trident Microsystems 3D video driver | No |
| U | TRIXX | TRIXX.exe | Sapphire TRIXX overclocking tool for the X800 GTO graphics card (and possiby others) - "push default clock speeds to 560MHz or better" | No |
| X | Trkwks | trkwksvc.exe | Added by the IRCBOT.AW WORM! | No |
| X | Trojan Guarder Gold Version | Trojan Guarder.exe | TrojanGuarder rogue security software - not recommended | No |
| U | Trojancheck 6 Guard | tcguard.exe | TrojanCheck anti-trojan software | No |
| U | TrojanScanner | Trjscan.exe | Trojan Remover from Simply Super Software. Scans for an removes trojan viruses where anti-virus software may have not detected or removed | No |
| X | TrojansFilter | pgs.exe | TrojansFilter rogue security software - not recommended. A member of the AVSystemCare family | No |
| X | TrojansFiltre | pgs.exe | TrojansFiltre, French rogue security software - not recommended. A member of the AVSystemCare family | No |
| U | TrojanShield | Init.exe | TrojanShield | No |
| U | TrojanShield Protector | Port.exe | TrojanShield anti-hacker/anti-trojan software | No |
| U | True Internet Color Icon | internetcolor.exe | Part of 3Deep® from E-Color (now superseded by 3DxWizzard™) - "With True Internet Color PCs can display the best color possible over the web. Enabled web sites will know how connected monitors display color and will send them color corrected images" | No |
| U | TrueAssistant | TrueWizard.exe | "TrueSwitch makes changing your Internet Service Provider easy. We copy all your personal data to the new account, notify everyone with the new email address, forward emails sent to your old email address and help you cancel the old account" | No |
| U | TrueCrypt | TrueCrypt.exe | TrueCrypt is a free open-source disk encryption software for Windows XP/2K/2003 and Linux. This the Truecrypt background task that enables some background function of truetyp: Hot-keys, autodismount, etc | No |
| X | TrueFonts | fonts.hta | Browser hijacker - redirecting to Hugesearch.net | No |
| N | TrueImageMonitor.exe | TrueImageMonitor.exe | Part of Acronis True Image - backup software. Can be disabled without affecting TrueImage | No |
| Y | TrueMobile 1150 Client Manager | cmdel.exe | Client Manager for the Dell TrueMobile 1150 Series PC Card - "a wireless network PC Card that fits into any standard PC Card Type II slot. It has two LED indicators and an integrated antenna" | No |
| N | TrueSync Launcher | tstool.exe | Starfish TrueSync - for synchronization between Windows platforms and popular devices, applications and services. Stafish became Intellisync which was acquired by Nokia and is now no longer supported | No |
| X | truetype | truetype.exe | Added by the COSIAM-I TROJAN! | No |
| Y | TrueVector | VSMON.EXE | Even if you don't have ZoneAlarm or ZoneAlarm Pro run at start-up you do need this | No |
| U | Trunk32 | sb32mon.exe | Part of the SpyBuddy keystroke logger/monitoring program - see here. Remove unless you installed it yourself! | No |
| X | Trust Cleaner | TrustCleaner.exe | Smitfraud variant | No |
| X | TrustCop | TrustCop.exe | TrustCop rogue security software - not recommended, removal instructions here. A member of the WiniGuard family | No |
| X | TrustedAntivirus | pgs.exe | TrustedAntivirus rogue security software - not recommended. A member of the AVSystemCare family | No |
| X | TrustFighter | TrustFighter.exe | TrustFighter rogue security software - not recommended, removal instructions here. A member of the WiniGuard family | No |
| X | TrustIn Popups | TrustInPopups.exe | TrustInPopups adware | No |
| X | TrustNinja | TrustNinja.exe | TrustNinja rogue security software - not recommended, removal instructions here. A member of the WiniGuard family | No |
| ? | trustras.exe | trustras.exe | Trust ADSL modem related. Is it required? | No |
| X | TrustSoldier | TrustSoldier.exe | TrustSoldier rogue security software - not recommended, removal instructions here. A member of the WiniGuard family | No |
| X | TrustWarrior | TrustWarrior.exe | TrustWarrior rogue security software - not recommended, removal instructions here. A member of the WiniGuard family | No |
| X | TrustyHound-TS | TrustyHound-TS.exe | TrustyHound spyware | No |
| X | TS | tsc.exe | Total Security rogue security software - not recommended, removal instructions here | No |
| X | tsa | tsm.exe | TargetSaver adware | No |
| X | Tsa2 | tsm2.exe | TargetSaver adware | No |
| X | TsAdbot | TSADBOT.EXE | TimeSink Add Client - advertising spyware | No |
| ? | TSBxLogon | TMESBS2.EXE | Found on a Toshiba laptop. May be related to TMESBS? | No |
| U | TSClientMSIUninstaller | tscuinst.vbs | Related to Terminal Services Client Remote Desktop Connection Software from Microsoft | No |
| X | tserv | tserv.exe | Added by the STRATION.AD WORM! | No |
| U | TSE_PLUtil | PLBkMon.exe | Prolific USB Flash Disk Log On Application | No |
| X | Tsk Mng Hlp | wins32.exe | Added by the AGOBOT-JB WORM! | No |
| X | tskdbg | tskdbg.exe | Added by the FLOOD.E TROJAN! | No |
| X | Tsklist | tsklist32.exe | Detected by Kaspersky as the BANCOS.SP TROJAN! | No |
| U | TSkrMain | TSkrMain.exe | TOSHIBA Accelerometer Utilities - hardware utilities that work with the motion sensors built into their Tablet PCs. Detect the way you are holding it at any given moment, you can set the machine to perform a specific function when the unit is quickly tilted to the left or right, or to the front or back and you can also take control of the cursor in some applications and make it move by leaning the PC in a certain direction | No |
| X | Tsl | tsl.exe | Uploader-R adware | No |
| X | Tsl2 | tsl2.exe | TargetSaver adware | No |
| ? | TSMAgent | TSMAgent.exe | Found on the HP Touchsmart range of desktops and notebooks. What does it do and is it required? | No |
| N | TSMsger | TSMsger.exe | Epson scannner software - required for "one-touch" operation. Can be launched manually | No |
| N | tsnp2std | tsnp2std.exe | Digital camera related | No |
| Y | tsnpstd3 | tsnpstd3.exe | Related to Sonix Inc. Camera Monitor MFC Application | No |
| ? | TSPower | spower.drv | Found on a Toshiba laptop. Related to power management? | No |
| X | tsrv | t2serv.exe | Added by the WAREZOV.AT WORM! | No |
| X | tsrv | tsrv.exe | Added by the WAREZOV.W WORM! | No |
| ? | TSService | NSSERVICE.EXE | ?? | No |
| X | tsvcin | n20050308.exe | Delfin Media Viewer adware related | No |
| X | tsx | regedlt.exe | Added by the SDBOT-KA BACKDOOR! Note the lower case "L" in place of the lower case "I" in the command | No |
| ? | tsyssmon | tsyssmon.exe | Found in a Toshiba\sysstability directory | No |
| X | TSystem | [trojan filename] | Added by the NSYS-A TROJAN! | No |
| X | ttaa | tata.exe | Added by the LINEAGE-T TROJAN! | No |
| ? | ttasq | ttasq.exe | ?? | No |
| X | ttool | scvc.exe | Added by the BCKDR-OWM BACKDOOR! | No |
| X | ttool | [random numbers].exe | Added by the BCKDR-QII BACKDOOR! The filename seen most often is "9129837.exe" | No |
| X | ttool | sa23sl.exe | Added by the BCKDR-QZZ TROJAN! | No |
| X | ttool | essledv.exe | Added by the ZBOT-KM TROJAN! | No |
| X | TTS Sync | testtts.exe | Added by the SDBOT.BVA WORM! | No |
| X | Ttt | Ttt.exe | Added by a variant of the SDBOT WORM! | No |
| X | ttupt | ttupt.exe | eZula TopText adware | No |
| ? | Tukati | TukatiRedistributor.exe | Tukati Digital Content Distribution. Is it required? | No |
| N | tunebite | tunebite.exe | "Tunebite lets you make unprotected copies of copy-protected music files by recording them while they are being played". Can be launched from it's Start Menu shortcut | No |
| U | TuneUp MemOptimizer | memoptimizer.exe | Part of "TuneUp Utilities", specifically 2003 version. "Monitors and optimizes free memory in the background." Basically, it cleans RAM and also allows you to clear the clipboard | No |
| N | Turbine Download Manager Tray Icon | TurbineDownloadManagerIcon.exe | Turbine Download Manager (TDM) - download manager associated with the game "The Lord of the Rings Online™" | No |
| X | TurBo | System.Trubo.vbs | Added by the AUTOM-C WORM! | No |
| U | TurboExplorer | TE.exe | Web accelerator - "TurboExplorer 2.x is a real-time web surfing accelerator specifically designed for Internet Explorer 4/5 to achieve a faster and more effective approach to the internet". Only needed if you find it improves web browsing | No |
| U | TurboLaunch | Tlaunch.exe | TurboLaunch is a tool-bar style application that can be set up to run many programs and perform certain pre-programmed actions | No |
| U | TurboMemoryCharger | turbomemorycharger.exe | Turbo Memory Charger - memory optimizer. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mind | No |
| X | TurboNet | [path to trojan] | Added by the RENOS-EA TROJAN! | No |
| N | TurboNote | tbnote.exe | Post-It's on your desktop. Available via Start -> Programs | No |
| U | TurboTop | TurboTop.exe | TurboTop - make any window "Always on top" | No |
| X | TurvaPC | GDC.exe | TurvaPC Finnish rogue privacy tool - not recommended. A member of the PCPrivacyTool family | No |
| X | TURXP Protocol | sps32.exe | Added by a variant of the SDBOT WORM! | No |
| X | tutcdchk2 | tutcdchk2.exe | Added by the HAXDOOR ROOTKIT! | No |
| X | TV Media | Tvm.exe | TVMedia adware | No |
| U | TV Now | TvNow.exe | Application supplied with HP notebooks. It activates the S-Video port and is said to improve the quality of the output signal (resolution/timeouts) | No |
| U | TV Scheduler | TVSCHL.EXE | ProLink PlayTVpro TV tuner software scheduler | No |
| U | TV878 Remote Control | C7XRCtl.exe | Related to Kworld TV878 Tuner | No |
| ? | TVAgent | TVAgent.exe | Found on the HP Touchsmart range of desktops and notebooks. What does it do and is it required? | No |
| X | tvctray | tvctray.exe | Added by the VB.QJ TROJAN! | No |
| X | TVMD | tvmd.exe | Total Velocity - "Secure commerce company that enables the 'checkout' process for our customers in order to safely and securely purchase our award winning software". Autointsalling spyware | No |
| U | TvNow | TvNow.exe | Application supplied with HP notebooks. It activates the S-Video port and is said to improve the quality of the output signal (resolution/timeouts) | No |
| U | TvrRemote | Remote.exe | Remote Control driver for LifeView internal and external TV products | No |
| U | TvrSchedule | Schedule.exe | Scheduler for Mercury Ez View TV Tuner Card | No |
| N | Tvs | TvsTray.exe | Toshiba Virtual Sound on a notebook. Allows you to change sound settings on the fly - default setting is "build-in speaker". You can also select external speaker, open type headphone, or closed type headphone. Each setting has presets for Bass, Stereo, and Clarity - which can also be changed by user if desired. Can also be launched from Start -> Programs -> Toshiba -> Utilities | No |
| X | tvs_b | tvs_b.exe | BroadcastPC adware | No |
| X | tvs_b | tvs_ln.exe | BroadcastPC adware variant | No |
| X | tvs_re | tvs_re_inst.exe | BroadcastPC adware | No |
| U | TVT Scheduler Proxy | scheduler_proxy.exe | Found on IBM/Lenovo ThinkCentre/ThinkStation desktops and Thinkpad notebooks. Included with versions of ThinkVantage System Update (for software updates), Rescue and Recovery (backup and system recovery), Message Center Plus and maybe others. It's exact function isn't known but if disabled, the "plan updates" button in the IBM System Update software will no longer be available, though the software will continue run properly | Yes |
| X | TVTMD | TVTMD.EXE | Total Velocity variant - autoinstalling spyware | No |
| U | TVTunerLib | TVTLInstTool.exe | Related to Sony installer tool for Sony TV tuner library | No |
| N | TVWakeup | tvwakeup.exe | MS WebTV for Windows. Used to display TV on your PC via a compatible video card with in-built tuner (such as ATI All-In-Wonder). If you don't use it - uninstall it | No |
| ? | Tvwatch | tvwatch.exe | Associated with the TV-oOut option on Asus AGP or Intel graphics cards. Is it required? | No |
| X | Twain | Twain.exe | Added by the STIRAUT WORM! The file is located in %Windir% | No |
| X | Twain | Twain.exe | Added by the AGENT.QKA TROJAN! The file is located in %ProgramFiles%\Twain | No |
| X | Twain image | mmp32.exe | DailyWinner adware | No |
| ? | TWarmBay | N/A | Found on a Toshiba laptop. Related to hotswap bay management? | No |
| U | TWarnMsg | twarnmsg.exe | Toshiba System Warning Function for Windows 98, Me, 2000 - provides notification dialog when the cooling fan stops | No |
| ? | TWBbtn | N/A | Found on a Toshiba laptop | No |
| ? | TWBrowse | TWBrowse.drv | Found on a Toshiba laptop. Possibly related to TWAIN drivers (ie, scanners, etc) - see this? | No |
| ? | Tweak Manager | WinManager.Exe | WinGuides Tweak Manager. Is this required for the live updates feature and/or if settings are changed? | No |
| X | Tweak System | Genderowo.exe | Added by the SILLYFDC WORM! | No |
| U | Tweak UI | rundll32.exe tweakui.cpl, tweakmeup | Restores settings that can't be retained if you have Microsoft's Tweak UI "powertoy" installed | No |
| U | Tweak UI | rundll32.exe tweakui.cpl, tweaklogon | Automatically logs you on if you have Microsoft's Tweak UI "powertoy" installed | No |
| X | Tweak UI | RunDLL32 tweakUI.DLL, TWEAKUI /tweakmeup | Added by the SUBWOOFER TROJAN! Note - the real Tweak UI entry for this is "rundll32.exe tweakui.cpl, tweakmeup". Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| U | Tweak UI 1.33 deutsch | RUNDLL32.EXE TWEAKUI.CPL, TweakMeUp | Restores settings that can't be retained if you have Microsoft's Tweak UI "powertoy" installed - German version | No |
| U | Tweak-Me | TWEAK-ME.exe | 3rd party version of Miscrosoft'sTweak UI "powertoy" with many more options and controls (plus full support), designed specifically to take advantage of features in WinMe/2K and above, available from here | No |
| U | Tweak-xp | Tweak-xp.exe | Main program for Tweak-XP - a WinXP tweaking utility | No |
| U | TweakDUN | tweakdun.exe | Utility to optimize your Internet Browser Software. TweakDUN promotes faster Internet data transfer rates and faster downloads by eliminating fragmentation of data packets | No |
| U | Tweaki4PU | twksup.exe | "Tweaki puts several Windows utilities into one easy to use program while adding hundreds of additional tweaks not found in other system tweakers" | No |
| ? | tweakico | tweakico.exe | May be a HP program to control their icons? | No |
| U | TweakMASTER | TMTray.exe | TweakMASTER Internet Optimizer | No |
| U | TweakVI | tweakvi.exe | TweakVI from Totalidea Software - "Tweak hundreds of hidden features of Windows Vista, optimize your machine and customize it to your needs" | No |
| ? | TweakYC | TweakYC.exe | VideoMate TV tuner and capture card related - what does it do and is it required? | No |
| X | twhe | wbta.exe | PurityScan adware | No |
| U | twister | twister.exe | Twister "AntiTrojanVirus" | No |
| N | TwkSCardSrv | SCardS32.Exe | Used with Towitoko SmartCard Readers for card recognition | No |
| X | twunk service | twunk16.exe | Added by the RBOT.BAT WORM! | No |
| X | Twunk_64 | twunk_64.exe | System1060 homepage hi-jacker. Note - this is not a Windows file and is found in a WindowsSystem1060 directory | No |
| X | TXMouie | keepSafe.exe | Added by the KILLAV.KAX TROJAN! | No |
| X | tyack drive | tyack.pif | Added by the RBOT-AMT WORM! | No |
| X | tymsetvc | osskhbd.exe | Added by the MAILBOT-BW TROJAN! | No |
| X | type | bat.exe | Added by the ANSKYA-A WORM! | No |
| U | type32 | type32.exe | Microsoft IntelliType Pro utility (up to version 5.4) - required to support the multimedia keys, programmed keys and key macros on Microsoft's range of keyboards. If this entry is disabled, any programmed keys or actions will not be supported and keys will not function as expected in applications with advanced text services enabled | Yes |
| ? | TypeRegChecker | TypeRegChecker.exe | Part of the Sharpdesk from Sharp Electronics. "A desktop-based, personal document management application that lets users browse, edit, search, compose, process, and forward both scanned and native electronic documents". What does it do and is it required? | No |
| U | typeteller | typeteller.exe | TypeTeller keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| N | TypingSatellite | KBOOST.exe | Typing Master 2002 background utility that collects typing errors and builds up customised typing lessons for your needs. Available via Start -> Programs | No |
| X | TZ Spyware Remover | SpyRem.exe | TZ Spyware Remover spyware remover - not recommended, see here | No |
| U | U.S.Robotics WLAN Adapter Configuration Utility | USRWLAN.exe | U.S.Robotics LAN Adapter - wireless LAN (WLAN) configuration utility | No |
| X | UADC_104911963 | UADCcw.exe | AdvancedCleaner rogue security software - not recommended, see here | No |
| X | UADC_3240389055 | UADCcw.exe | AdvancedCleaner rogue security software - not recommended | No |
| X | UADC_3769470239 | UADCcw.exe | AdvancedCleaner rogue security software - not recommended, see here | No |
| X | UADC_4242084050 | UADCcw.exe | AdvancedCleaner rogue security software - not recommended | No |
| X | UADC_599141581 | UADCcw.exe | AdvancedCleaner rogue security software - not recommended | No |
| X | Uate | oocs.exe | PurityScan adware | No |
| U | UberIcon | UberIcon Manager.exe | Uber Icon by Punk Labs. Creates a more customizable atmosphere on your desktop by extending Windows to perform new effects when you launch your icons and folders | No |
| U | UBSShell | UBSShell.exe | UBS (United Bank of Switzerland) banking software | No |
| X | UCmd | fallfour.exe | Added by the SDBOT-AZA WORM! | No |
| U | UCmore XP - The Search Accelerator | rundll32.exe UCMTSAIE.dll, DllShowTB | UCmore toolbar - search accelerator | No |
| X | ucookw | ucookw.exe | Part of the ErrClean rogue system error and cleaning utility and other members of this family. See here for more examples | No |
| N | ucstartup | ucstartup.exe | IBM Update Connector - old auto updater feature for IBM machines that connects to IBM to see if there are any new drivers, patches, etc | Yes |
| N | ucstartup.exe | ucstartup.exe | IBM Update Connector - old auto updater feature for IBM machines that connects to IBM to see if there are any new drivers, patches, etc | Yes |
| N | UC_SMB | ucstart.exe | Part of IBM Update connector on IBM PCs for updating drivers on a new installation. Once you manually run the IBM Update connector program (shortcut) this entry is removed | No |
| N | UC_Start | ucstartup.exe | IBM Update Connector - old auto updater feature for IBM machines that connects to IBM to see if there are any new drivers, patches, etc | Yes |
| U | UD Agent | UD.EXE | The United Devices Agent can recycle your PC's unused resources and use them to perform valuable scientific and medical research without disturbing your usual computer use - similar to SETI@home but for medical research. Available via Start > Programs | No |
| X | UDC6cw | UDC6cw.exe | Part of the DriveCleaner rogue security software - not recommended, removal instructions here | No |
| X | udinajkv.exe | udinajkv.exe | Added by a premium rate adult material dialer! | No |
| X | udjudwq | sybqnub.exe | Added by the SILLYFDC-AH WORM! | No |
| X | udzok | udzou.exe | Added by the SDBOT-CUS WORM! | No |
| U | Ueproc32 | UEPROC32.exe | Part of Norton Utilities - most likely associated with the Unerase Wizard in older versions | No |
| X | UERScw | UERScw.exe | Part of the ErrorSafe rogue system error and cleaning utility - not recommended | No |
| ? | UFD Monitor9382 | ufdlmon.exe | Part of USB Flashdisk software - what does it do and is it required? | No |
| ? | UFD Utility9382 | UFDTool.exe | Part of USB Flashdisk software - what does it do and is it required? | No |
| Y | UfSeAgnt.exe | UfSeAgnt.exe | Part of Trend Micro Internet Security | No |
| X | uga6pcw | uga6pcw.exe | Part of the AVSystemCare rogue security software and other members of this family. See here for more examples | No |
| X | ugac | ugac.exe | Part of the AVSystemCare rogue security software and other members of this family. See here for more examples | No |
| X | ugcw | ugcw.exe | Part of the AVSystemCare rogue security software and other members of this family. See here for more examples | No |
| X | ugdccw | UGDCcw.exe | Part of the PCPrivacyTool rogue privacy tool - not recommended. See here | No |
| X | ugescw | ugescw.exe | Part of the ErrClean rogue system error and cleaning utility and other members of this family. See here for more examples | No |
| ? | ugon | aockstrs.exe | ?? | No |
| X | uhvjsul.dll | rundll32.exe uhvjsul.dll, mrpmvyf | Added by the BUSKY-G TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "uhvjsul.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| N | Uidler | Uidler.exe | Uniloc Titlewave Browser used with some shareware | No |
| ? | UIUCU | UIUCU.EXE | Universal Device Install Application from Conexant Systems, Inc. What does it do and is it required? | No |
| N | UIWatcher | UIWatcher.exe | Part of the Ashampoo® UnInstaller series from Ashampoo GmbH & Co. KG - including UnInstaller Platinum 2, UnInstaller 3 and UnInstaller 4. These monitor and record program installations and allows you to remove them completely, so that no trace is left. This is the installion monitor that sits in the System Tray and detects the launch of installation programs | Yes |
| U | ujm | nm32.exe | Stranget keystroke logger/monitoring program - remove unless you installed it yourself! Found in an "fyt" subfolder of the Windows or Winnt folder | No |
| U | ukl | wmpusrvc.exe | Ultimate Keylogger surveillance software. Uninstall this software unless you put it there yourself | No |
| X | UKVideo2 | ukvideo2.exe | Adult content dialler | No |
| ? | Ulead AutoDetector | Monitor.exe | Related to Ulead Systems Inc. programs. What does it do and is it required? | No |
| ? | Ulead AutoDetector v2 | monitor.exe | Related to Ulead Systems Inc.. What does it do and is it required? | No |
| N | Ulead Calendar Checker | CalCheck.exe | Ulead Calendar Checker - part of Ulead Photo Express - automatically replaces your calendar desktop wallpaper on a weekly/monthly/yearly basis if you've created them. Not required - change them manually | No |
| U | Ulead Memory Card Detector | Monitor.exe | Ulead Memory Card Detector - "Automatically starts datadownload when your card is inserted into a memory card reader" | No |
| N | Ulead Photo Express Calendar Checker | calcheck.exe | If you create multiple Weekly/Monthly/Yearly calendars to use as your wallpaper, Photo Express will replace the wallpaper automatically. Photo Express 2.0 has a calendar checker which checks the date on your system and updates your wallpaper accordingly | No |
| N | Ulead Photo Express x.0 Calendar | calcheck.exe | Ulead Calendar Checker - part of Ulead Photo Express, where "x" represents the version number. Automatically replaces your calendar desktop wallpaper on a weekly/monthly/yearly basis if you've created them. Not required - change them manually | No |
| X | Ultimate Cleaner | App.exe | Ultimate Cleaner spyware remover - not recommended, see here | No |
| X | Ultimate Defender | UltimateDefender.exe | Ultimate Defender spyware remover - not recommended, see here | No |
| X | Ultimate System Guard | MainFAVProj.exe | Ultimate System Guard rogue security software - not recommended, removal instructions here | No |
| X | UltimateBuddy | UltimateBuddy.exe | UltimateBuddy - installs malware, or is bundled with malware | No |
| X | UltimateServices | ultsvcs.exe | Added by the AGENT-LGT TROJAN! | No |
| N | UltimateZip Quick Start | uzqkst.exe | UltimateZip - file compression utility | No |
| X | Ultra Edit v5.1 | ultraedit.exe | Added by the SDBOT-RK WORM! | No |
| N | Ultra Hal Assistant 4.5 Startup | HalAsst.exe | Zabaware Ultra Hal Assistant - artificial intelligence conversation simulator. It is capable of being your digital secretary and companion | No |
| ? | UltraDVDMon | DVDMon.exe | UltraDVD DVD player software - is it required? | No |
| X | UltraEdit | uledit.exe | Added by the SDBOT-TO WORM! | No |
| X | Ulubione | sys****.exe | Ulubione adware | No |
| N | UMAX VistaAccess | vsaccess.exe | VistaAccess gives you quick and easy access to scanning functions right from your desktop | No |
| U | UMonit | umonit.exe | Alerts when USB device is plugged in | No |
| Y | umxagent | umxagent.exe | Tiny Personal Firewall V4 - main engine | No |
| Y | umxldra | umxldra.exe | User mode executive module DLL loader - part of Tiny Personal Firewall V4 | No |
| Y | UMXLDRW | UMXLDRW.exe | Tiny Personal Firewall (pre V4) | No |
| X | un32info | un32info.Exe | Added by the CRYPTER.A TROJAN! | No |
| X | Undefined | winter.exe | Added by the KILLAV.LW TROJAN! | No |
| X | UNERI | yujixit.exe | Added by the SDBOT.BOO WORM! | No |
| U | UnHackMe Monitor | hackmon.exe | UnHackMe allows you to detect and remove a new generation of 'invisible' Trojan programs called "rootkits" | No |
| N | Uniblue ProcessQuickLink 2 | ProcessQuickLink2.exe | ProcessQuickLink by Uniblue Systems Ltd - gives you quick access to their Process Library entry for a currently running process via the standard Windows Task Manager (CTRL+ALT+DEL). A System Tray icon also allows you to search the library and launch the Task Manager. Run on demand | Yes |
| U | Uniblue Quick Access | qaccess.exe | Quick Access application from UniBlue Systems Ltd - "helps you account for all processes on your computer by providing an additional plug-in for the Windows task manager" | No |
| N | Uniblue Registry Booster | RegistryBooster.exe | RegistryBooster registry optimizer utility from Uniblue Systems Limited - which will "clean, repair and optimize your system." Run manually at regular intervals | Yes |
| N | Uniblue RegistryBooster 2 | RegistryBooster.exe | RegistryBooster registry optimizer utility from Uniblue Systems Limited - which will "clean, repair and optimize your system." Run manually at regular intervals | Yes |
| N | Uniblue RegistryBooster 2009 | RegistryBooster.exe | RegistryBooster registry optimizer utility from Uniblue Systems Limited - which will "clean, repair and optimize your system." Run manually at regular intervals | Yes |
| U | Uniblue SpeedUpMyPC | SpeedUpMyPC.exe | Older version of SpeedUpMyPC from Uniblue - which "lets you monitor and control all your PC resources with easy, one click instructions. System settings, internet usage, disk clutter, RAM and CPU are all automatically scanned, cleaned and optimized for peak performance" | No |
| U | Uniblue SpyEraser | spyeraser.exe | SpyEraser from Uniblue. Spyware detection program | No |
| U | UniblueSpeedUpMyPC | Launcher.exe | SpeedUpMyPC 2009 from Uniblue - which "lets you monitor and control all your PC resources with easy, one click instructions. System settings, internet usage, disk clutter, RAM and CPU are all automatically scanned, cleaned and optimized for peak performance." Located in %ProgramFiles%\Uniblue\SpeedUpMyPC | Yes |
| X | Unigray | Unigray Antivirus.exe | Unigray Antivirus rogue security software - not recommended | No |
| ? | UniMessenger | UNI2.exe | Possibly the UNI instant messenger for singles from Voxtel | No |
| X | uninstal | regsvr32 image.dll | CoolWebSearch parasite variant | No |
| X | Uninstall**** | upd.exe | Adult content based screen saver where **** can be any number | No |
| N | UninstallAbility | uability.exe | UninstallAbility free uninstaller | No |
| X | UninstallHL | PreUninstallHL.exe | LinkReplacer/FFinder adware | No |
| X | UninstallQL | PreUninstallQL.exe | LinkReplacer/FFinder adware | No |
| X | Uninstall_TBPS | TBuninst.exe | WebSearch Toolbar - HuntBar hijacker, toolbar installer variant | No |
| U | UniPrint | SetDfltSettings.exe | Drivers for Uniprint, a printing help for Terminal Services and Citrix which recieves downloaded files from a Uniprint enabled server and prints them locally allowing for truly universal printing through Terminal Services or Citrix | No |
| U | UniSc | Unisc.exe | McAfee UnInstaller | No |
| ? | uniucu | uniucu.exe | ?? | No |
| X | Universal Plug & Play devices | WinUPPD.exe | Added by an unidentified WORM/TROJAN! | No |
| X | Universal USB Service | svchost32.exe | Added by the KELVIR.R WORM! | No |
| X | Unix File Support | init3.exe | Added by the RBOT-ZN WORM! | No |
| X | unldr16 | unldr16.exe | Added by a variant of the CRYPTER.C TROJAN! | No |
| X | unldr32 | unldr32.exe | Added by a variant of the CRYPTER.C TROJAN! | No |
| X | UNleaded Syn Manager | Edit.exe | Added by the SLINNBOT.ALD BACKDOOR! | No |
| U | UnlockerAssistant | UnlockerAssistant.exe | Related to Unlocker utility to unlock files when the OS reports the file is being used by an other person or program | No |
| X | UnSpyPC | UnSpyPC.exe | UnSpyPC spyware remover - not recommended, see here | No |
| Y | untray | untray.exe | Command Antivirus related | No |
| X | UnVirex | UnVirex.exe | UniVrex rogue security software - not recommended, removal instructions here | No |
| N | uoltray | exec.exe | Netzero free ISP software - not required | No |
| X | Up Service | up32.pif | Added by the RBOT-ARI WORM! | No |
| X | upascw | upascw.exe | PersonalAntiSpy rogue spyware remover - not recommended, removal instructions here | No |
| N | UpConfgVer | UpgConf.exe | Part of Panda Antivirus and Internet Security. Purpose unclear, but according to Panda Software not required for the AV to function | No |
| X | UPCTPcw | UPCTPcw.exe | Part of the PcTurboPro rogue system optimization tool - not recommended, removal instructions here | No |
| X | Updade Windows | winlogom.exe | Added by the TONAX-A TROJAN! | No |
| X | UpData | wupdata.exe | Added by the IRCBOT-AA TROJAN! | No |
| X | Update | [original file path] | Added by the LYNDEGG WORM! | No |
| X | Update | CDUpdater.exe | "Carpe Diem" adult premium rate dialler related | No |
| X | Update | Sysupd.exe | Added by the SLACKBOT VIRUS! | No |
| X | Update | Zupdate.exe | Associated with B3d Projector foistware - see here | No |
| X | Update | mshtm.exe | Browser hijacker - redirecting to buldog-search.com | No |
| X | Update | UPDATE-28062004.exe[25 blank spaces].vbs | Added by the MIDFIN WORM! | No |
| X | update | winis.exe | Added by the RBOT-VD WORM! | No |
| X | update | r00t.exe | Added by the RBOT-ACO WORM! | No |
| X | UPDATE | WinUpdater5.0.vbs | Added by the GORMLEZ-A WORM! | No |
| X | UpDate | RAuth.exe | Added by the DLOADER-UL TROJAN! | No |
| X | Update | csrss.exe | Added by the ADCLICK-AG TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | Update | csrss.exe | Added by the MEHEERWAR TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "winupdate" subfolder | No |
| X | Update | lsass.exe | Added by the ADCLICK-AG TROJAN! Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | Update | svchost.exe | Added by the ADCLICK-AG TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder | No |
| X | Update | Update.exe | QuickButton adware | No |
| X | Update | hanz.exe | Added by a variant of the RBOT-GLJ WORM! | No |
| X | Update | WinUpdate.exe | Added by the SDBOT-CV BACKDOOR! | No |
| X | Update Checker | winlog.exe | Added by the IRCBOT-TJ TROJAN! | No |
| X | Update Checker | scvhost.exe | Added by the AGENT-DSF TROJAN! | No |
| X | update driver | SNDVOL32.EXE | Added by the SPYBOT-CU BACKDOOR! | No |
| X | Update Explorer | iexploreupd.exe | Added by a variant of the RBOT WORM! | No |
| X | Update for Windows | [various filenames] | Added by the LERPA-A WORM! Note - the file name will be one of the following common.exe, common.pif, common.scr, Sexo.exe, Sexo.jpg.pif, ini_file__.pif, load_me__.tmp, msfile.pif, system_load_.pif or zipped.rar.pif | No |
| ? | Update for Works | MSWkstz.exe | Maybe related to later versions of MS Works? | No |
| N | Update Grokster | WiseUpdt.exe | Automatically updates the Grokster file sharing software. Beware of adware and spyware when using this type of program, for instance, Grokster contains CyDoor | No |
| X | Update Install | Schost.exe | Added by the GAOBOT.AO WORM! | No |
| ? | Update local | SetCPQLC.exe | Running on a Compaq desktop. Any ideas? | No |
| N | Update Manager | UpdateManager.exe | Searches for updates for the Rogers Yahoo! Browser - can be run manually | No |
| X | update mon sys | updaterar.exe | Added by a variant of the RBOT WORM! | No |
| X | update run dos | logon.exe | Added by a variant of the SDBOT WORM! | No |
| X | Update Run MSword | LOGON.EXE | Added by the RBOT.TY WORM! | No |
| Y | Update Service | Update.exe | Loaded by Handybits programs such as EasyCrypto. Re-instates itself every time the program is run so best to leave it enabled. Prevent it dialling out via a firewall | No |
| X | update service | svxhost.exe | Added by the RBOT-MG WORM! | No |
| X | Update Service | winu32.exe | Added by the RBOT-MG WORM! | No |
| X | update service | winx.exe | Added by a variant of the RBOT WORM! | No |
| ? | Update TUT | WiseUpdt.exe | ?? | No |
| X | Update ver 1.0 | Swap.exe | Added by the SWAP-C WORM! | No |
| X | Update Windows | EXPLORE.EXE | Added by a variant of the SDBOT WORM! | No |
| X | Update Windows | EXPLORE.EXE | Added by a variant of the SDBOT WORM! | No |
| X | Update.exe | ravseuper.exe | Added by the QQPASS-P TROJAN! | No |
| X | Update32 | configs.exe | Hijacker, also detected as the QURL-2 TROJAN! | No |
| X | UpdateCheck | winstall.exe | Added by the SPYBOT-CY WORM! | No |
| N | UpdateChecker | UpdateChecker.exe | Checks for new releases available in the popular FileHippo.com repository for any software you may already have installed on your computer. Run manually when required | Yes |
| X | UpdateComponent | CNF UPD.EXE | Added by the SPYBOT.GEN VIRUS! | No |
| ? | UpdateFW | fwdload.exe | Appears to be firmware update software for a Network Associates ATMbook OC-3 SMF Interface Module? | No |
| ? | UPDATEHOOK | Rundll32.exe | ?? | No |
| X | updatelavasoft | updatelavasoft.exe | CoolWebSearch parasite variant - redirecting to lalasearch.com | No |
| U | UpdateManager | sgtray.exe | StorageGuard from Veritas (this version by Sonic). Free utility that integrates with Backup MyPC (formerly Backup Exec Desktop), Simple Backup and MS Backup. Provides system tray access and background monitoring - warning you of files that haven't recently been backed up. Required unless you backup manually on a regular basis or have scheduled backups | No |
| X | UpdateManager | updmanager.exe | Added by the ANYHOMB.F TROJAN! | No |
| X | UpdateMedia | UpdateMedia.exe | MediaUpdate foistware | No |
| X | UpdateMgr | updmgr.exe | SouthBeachTel premium rate adult content dialer | No |
| N | updateMgr | AdobeUpdateManager.exe | Automatic updates for the Adobe Reader file viewer | No |
| N | updatemgr.exe | updatemgr.exe | Once a month, your EarthLink 5.0 Update Manager contacts EarthLink's servers to check for software updates. If an update is available for your EarthLink software, Update Manager will inform you and, with your permission, download and install the update. Can go to http://www.earthlink.net and download the updates manually | No |
| X | UPDATEMSN | svhost.exe | Added by an unidentified WORM or TROJAN! | No |
| X | updater | wupdater.exe | KeenVal adware | No |
| ? | updater | updater.exe | ?? | No |
| X | Updater | adservernow.exe | AdServerNow adware | No |
| X | updater | wisvc.exe | Added by the ORSE-A TROJAN! | No |
| X | UpDaTer | csrss.exe | Added by the AUTORUN.DIB WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ~A~m~B~u~R~a~D~u~L~� subfolder | No |
| X | Updater Service Process | svhost32.exe | Added by the AGOBOT.TY WORM! | No |
| X | Updater Service Process | csrss32.exe | Added by the AGOBOT-GP BACKDOOR! | No |
| X | updater32 | winload32.exe | Added by the CULT.M WORM! | No |
| X | updatereal | realupdate.exe | Chinese originated adware | No |
| X | UpdaterUI | UpdaterUI.exe | Added by the AGENT-TM TROJAN! | No |
| X | Updates | msupdate.exe | CoolWebSearch parasite variant | No |
| N | Updates from HP | backweb*****.exe | See here - "messaging service that automatically sends you support information, tips, ideas, and special offers from HP and our partners, especially designed for HP and Compaq desktop computer owners". * can be any digit | No |
| N | Updates from HP | Updates from HP.exe | Automatically detects an internet connection and downloads any available updates | No |
| X | updatesched | [random filename] | ZenoSearch adware | No |
| X | UpdateService | wservice.exe | Added by the DREF-K WORM! | No |
| X | Updatestats | Updatestats.exe | Statblaster adware | No |
| X | UpdateStats | UpdateStats.exe | SeekSeek search hijacker related - see here | No |
| N | updatev01 | updatev01.exe | Ultra-networks.com software updater/downloader | No |
| X | updatewin | update.exe | Added by a variant of the SDBOT WORM! | No |
| X | UpdateWin | [random filename] | Added by the IRCBOT.AZW BACKDOOR! | No |
| ? | Updatewiz | updatewiz.exe | ?? | No |
| X | UpdateXpSp | MS045-XP2.exe | Added by the IRCBOT.NY TROJAN! | No |
| X | updatexwin | winxrpc.exe | Added by the AGOBOT-KJ WORM! | No |
| N | UPDATE~1 | updatemgr.exe | Once a month, your EarthLink 5.0 Update Manager contacts EarthLink's servers to check for software updates. If an update is available for your EarthLink software, Update Manager will inform you and, with your permission, download and install the update. Can go to http://www.earthlink.net and download the updates manually | No |
| X | upddateit | winit.exe | Added by the RBOT-MS WORM! | No |
| X | Updmgr | updmgr.exe | KeenVal adware | No |
| X | updmgr | rvupdmgr.exe | KeenVal adware | No |
| X | upDpacketo | services.exe | Added by the NAFBOT-A TROJAN! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\TEMPER | No |
| N | UpdReg | Updreg.exe | Reminder to register Creative Labs SoundBlaster Live! cards | No |
| X | UpdSys | [random filename] | Added by the BJ TROJAN! | No |
| X | Updt Service | updt.pif | Added by the RBOT-AYU WORM! | No |
| X | updwebmin | updwebmin.exe | Added by the BACKDOOR.GEN TROJAN! | No |
| ? | UPERVGAS | UPERVGAS.exe | ?? | No |
| X | Upgrade Sarvice | sxchost.exe | Added by a variant of the TOFGER-I TROJAN! | No |
| X | Upgrade Service | sxchost.exe | Added by the TOFGER-I TROJAN! | No |
| X | Upgrade Service | winupd.exe | Added by the TOFGER-U TROJAN! | No |
| X | upme | [filename] | Added by the MUGLY.F WORM! | No |
| X | Upme | DLLMAN.EXE | Added by the MUGLY.I WORM! | No |
| X | upnp | upnp.exe | Added by the DLOADR-YT WORM! | No |
| X | UPNP | [path to trojan] | Added by the DROPPER.EAT TROJAN! | No |
| X | UPNP | upnpsvc.exe | Added by the CLOMP-B TROJAN! | No |
| X | UPnP Manager | upnpman.exe | Added by a variant of the AGOBOT/GAOBOT WORM! | No |
| X | UPNPService | WinSVCservice.exe | Added by the AGOBOT.UN WORM! | No |
| U | Upromise | Upromise.exe | Upromise college savings program | No |
| U | Upromise Tray | UpromiseTray.exe | System Tray access to the Upromise college savings program | No |
| U | Upromise Update | UpromiseUa.exe | Updater for the Upromise college savings program | No |
| U | Upromise0 | Upromise0.exe | Upromise college savings program | No |
| U | UpromiseRemindU | wjview ...Code | Part of the Upromise saving scheme but associated with Ebates MoneyMaker adware so the choice is yours | No |
| X | uprpcw | uprpcw.exe | PrivacyProtector rogue privacy tool - not recommended, removal instructions here | No |
| Y | UPS | ups.exe | PowerChute v5.02 - UPS Monitoring Module (which loads iconclnt - the tray icon) | No |
| X | UPS | UPS32.exe | Added by the FEMOT.O WORM! | No |
| Y | UPSentry 2000 | upsd.exe | Used with Belkin UPS (Uninterruptable Power Supply) for support in the event of a power-loss | No |
| Y | UPSlim | upsd.exe | Used with Belkin UPS (Uninterruptable Power Supply) for support in the event of a power-loss | No |
| U | UPSMON | UPSMON.exe | UPSMON Power Management software | No |
| X | UPSUtl | web.exe | CoolWebSearch parasite variant | No |
| U | Uptimer4 | Uptimer4.exe | Uptimer4 is an appbar which displays time, date, uptime, free ram, free pagefile, cpu usage, disk free space, battery power, IP addresses, TCP throughput, list of running processes, netstat and several more things | No |
| X | UpTimes service | WinUp.exe | Added by the RBOT-AKB WORM! | No |
| X | UpToDate | uptodate.exe | BrowserAid/BrowserPal foistware | No |
| X | uptolate | nucle.exe | Added by a variant of the BIFROSE TROJAN! | No |
| X | upxdn | upxdn.exe | Added by the AGENT.NCC TROJAN! | No |
| X | upxdnd | upxdnd.exe | Added by the JD-A TROJAN! | No |
| X | upyxo | yujixit.exe | Added by the SDBOT.BIX WORM! | No |
| Y | UrlLstCk | UrlLstCk.exe | Part of Norton Internet Security. From Symantec - "UrlLstCk.exe is a necessary file that will be present in %Program Files%\Norton Internet Security. It is a URL Checklist. It should not be disabled" | No |
| Y | URLLSTCK.exe | UrlLstCk.exe | Part of Norton Internet Security. From Symantec - "UrlLstCk.exe is a necessary file that will be present in %Program Files%\Norton Internet Security. It is a URL Checklist. It should not be disabled" | No |
| N | URLMAP | Urlmap.exe | Installed by MS Money, and runs whenever you start IE. All it does is bring up an annoying sidebar (kind of like the search window) with 'financial links' when the web page supports it | No |
| Y | UrtSvcExe | Urt95Svc.exe | "Cisco Secure URT is a virtual LAN (VLAN) assignment service that enhances LAN security by actively identifying and authenticating users and then associating them only to their specific network services and resources" | No |
| X | urudjeffni | winlogon.exe | Added by the ROMARIO-A WORM! Note - this is not the legitimate winlogon.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | USA | usa.exe | USAntiSpy rogue security software - not recommended, removal instructions here | No |
| X | USAR | USAR.exe | Ultimate Spyware Adware Remover - not recommended, see here | No |
| ? | Usb | Usb.exe | HP related - not sure whether it's required | No |
| X | usb | SASS.EXE | Added by the FUNSTA-A TROJAN! | No |
| X | USB 2.0 Driver | updateXPSPC.exe | Added by the AGOBOT-RJ WORM! | No |
| X | USB 2.0 Driver | Winsys32.exe | Added by the AGOBOT-QM WORM! | No |
| X | USB 2.0 Driver | updateXP.exe | Added by the AGOBOT-QP WORM! | No |
| X | USB 2.0 Driver | winsystem.exe | Added by the AGOBOT-QS WORM! | No |
| X | USB 2.0 Driver | UpdateXPSP.exe | Added by the AGOBOT-QD WORM! | No |
| X | USB 2.1 Driver | winupdate1.exe | Added by a variant of the RBOT WORM! | No |
| U | USB 3.0 Monitor | nusb3mon.exe | Included with external USB 3.0 hard drives based upon NEC's µPD720200 controller (and maybe others in the future) such as the Western Digital My Book 3.0 range. Disabling it does not appear to cause a problem - but it may be required to achieve full USB 3.0 transfer speeds | No |
| X | USB controller | Svcmm32.exe | SvcMM backdoor parasite downloader | No |
| X | USB Device | servicelog.exe | Added by the WOOTBOT.CB WORM! | No |
| X | USB Device | win32usb.exe | Added by the FORBOT-BQ WORM! | No |
| X | USB Device Server! | usbserver.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | UsB driver | msjavx86.exe | Added by the AGOBOT-PQ WORM! | No |
| X | USB Driver4 | UpdateXP*.exe [* = random digit] | Added by a variant of the SDBOT WORM! | No |
| X | USB Drivers1 | msupdate.exe | Added by a variant of the RBOT WORM! | No |
| X | USB Driverz2 | msnplus1.exe | Added by the SDBOT-XQ WORM! | No |
| X | USB Fix 1.1 | wuservices.exe | Added by a variant of the SDBOT WORM! | No |
| X | USB Fixes | wuafix.exe | Added by the RBOT-ABV TROJAN! | No |
| X | USB Hardware Monitoring | USBhardware.exe | Added by the RBOT-NN WORM! | No |
| X | USB Hardware326 Monitoring | USBhardware326.exe | Added by a variant of the SPYBOT WORM! | No |
| X | USB Hardware32c Monitoring | USBHARDWARE32C.EXE | Added by the RBOT-UU WORM! | No |
| X | USB Host Service | usbsvc.exe | Added by the RBOT-GG WORM! | No |
| ? | USB Hub Keyboard Patch | SKBPATCH.EXE | USB HUB Update | No |
| X | USB MS Update | USBS.exe | Added by a variant of the RBOT WORM! | No |
| Y | USB SECURITY DEVICE CoInstaller | JupitCo.exe | ButterflyMedia USB Flash drive related - required for the password security feature to work | No |
| X | USB Updates | mservices.exe | Added by a variant of the SDBOT WORM! | No |
| X | USB Updates | msfirewalls.exe | Added by a variant of the RBOT WORM! | No |
| X | USB Updates 2 | wugfixx.exe | Added by a variant of the RBOT WORM! | No |
| X | USB2.0 | usb-hi.exe | Added by the AGENT.US WORM! | No |
| N | USB2Check | PCLECoInst.dll | Related to Pinnacle Systems Inc. CoInstaller - you can execute the USB2.0 interface check program (Usb2Check.exe file) to check if your system is a USB2.0 enabled system | No |
| X | USBcillin | USBcillin.exe | Added by the USBCILL-A TROJAN! | No |
| X | USBConfigration2 | wmmndir.exe | Added by the AGOBOT-SV WORM! | No |
| X | UsbD | smss32.exe | Adware - detected by Kaspersky as the AGENT.CJ TROJAN! | No |
| X | UsbD | svhost32.exe | Added by the AGENT.IB TROJAN! | No |
| X | Usbd | usb_d.exe | Added by the CIDRA-A TROJAN! | No |
| X | UsbD | [path to trojan] | Added by the CIDRA-F TROJAN! | No |
| U | USBDetector | USBDetector.exe | USBDetector sets up an icon in the System Tray for a USB card which is intended to be used to eject or unplug hardware | No |
| U | USBDetector | UDetect.exe | USB tray icon/detection for external Belkin (and maybe other makes) under Win98 | No |
| X | USBDrives | msfirewalI.exe | Added by the RBOT-ABP WORM! | No |
| X | usbdrv | servicetask.exe | Added by a variant of the SDBOT WORM! | No |
| X | USBHWDRV | gam.exe | Added by a variant of the LOWZONE-I TROJAN! | No |
| X | USBHWDRV | msdc.exe | Added by a variant of the LOWZONE-I TROJAN! | No |
| X | USBHWDRV | sst4.exe | Added by a variant of the LOWZONE-I TROJAN! | No |
| X | USBHWINFO | mac.exe | Added by the LOWZONE-I TROJAN! | No |
| X | USBHWINFO | [path to trojan] | Added by the LOWZONE-I TROJAN! | No |
| X | USBHWINFO | sst6.exe | Added by the LOWZONE-I TROJAN! | No |
| U | USBMMKBD | usbmmkbd.exe | USB multimedia keyboard for HP systems. Allows the use of special function keys on USB keyboards. The latest version no longer pings a server when on-line wheras the older version did but did not transmit any user information | No |
| U | USBMonit.exe | USBMonit.exe | Monitors USB ports for insertion of Sandisk USB flashdrives | No |
| X | usbn | usbn.exe | Adult content dialer - detected by Kaspersky as the SMALL.AFA TROJAN! | No |
| X | usbn | [path to trojan] | Added by the HOGIL-C TROJAN! | No |
| U | USBPhoneforSkype | USBPhoneforSkype.exe | USBPhoneForSkype uses Skype to dial out from a generic USB phone | No |
| Y | USBPNP | USBPNP.exe | SiPix digital camera Twain USB driver | No |
| N | USBTA | usbtapnp.exe | System Tray access for the BeWAN Gazel 128 USB ISDN adapter | No |
| ? | USBToolTip | USBTip.exe | Related to Pinnacle Systems Inc. What does it do and is it required? | No |
| X | USD Driver | ccrss.exe | Added by the SDBOT.BFH WORM! | No |
| X | USDR6cw | USDR6cw.exe | SystemDoctor rogue security software - not recommended, removal instructions here | No |
| X | useful-soft | svchst.exe | Added by the STARTPA-HH TROJAN! | No |
| X | user | user32.exe | Added by the BINGHE TROJAN! | No |
| X | User | .exe | Added by the PUNYA-B WORM! | No |
| X | user | users.exe | Added by the AUTORUN-AMK WORM! | No |
| X | User Debug Manager | usndebug.exe | Added by a variant of the SPYBOT WORM! See here | No |
| X | User Host | usnhost.exe | Added by a variant of the IRCBOT TROJAN! See here | No |
| X | User Hosting Service | usnhost.exe | Added by the IRCBOT.SN WORM! | No |
| X | User Input Services | CTFMON32.EXE | Added by the MANCSYN.AK TROJAN! | No |
| U | User Logger | UsrLog.exe | UserLogger commercial surveillance software that logs keystrokes, programs used and computer ID information. It also captures screenshots, can hide its presence on the computer and can be disguised in the Windows Task list. Uninstall this software if you did not install it yourself | No |
| X | user logon | [path to worm] | Added by the PAHATIA-A WORM! | No |
| X | user logon | user logon.exe | Added by the PAHATIA.A WORM! | No |
| X | User Manager | fcllls.exe | Added by the ZAGABAN-B TROJAN! | No |
| X | User Messages | usrmsg.exe | Added by a variant of the IRCBOT TROJAN! See here | No |
| X | User Messages Manager | usnmsgs.exe | Added by a variant of the IRCBOT TROJAN! See here | No |
| X | User Messenger Manager | usnmsgr.exe | Added by a variant of the IRCBOT TROJAN! See here | No |
| X | User Servicer | usnsrvc.exe | Added by a variant of the IRCBOT TROJAN! See here | No |
| X | User Services | usersvc.exe | Added by the REVCUSS.A TROJAN! | No |
| X | User Services | usrsvc.exe | Added by the IRCBOT.SN WORM! | No |
| X | User Sharing | usrshare.exe | Added by a variant of the IRCBOT TROJAN! See here | No |
| X | User Sharing Manager | usnsharen.exe | Added by a variant of the IRCBOT TROJAN! See here | No |
| X | User Sharing Server | usnsrv.exe | Added by a variant of the IRCBOT TROJAN! See here | No |
| X | User Sharing Services | usnsvc.exe | Added by a variant of the KOBOT-C WORM! | No |
| X | User Sharing Wizard | usnshare.exe | Added by the SLENFBOT.DF WORM! | No |
| X | User23.exe | DIAL.exe | This is a trojan trying to disguise itself as User32.dll | No |
| X | User32 | [filename] | Added by the NETTRASH TROJAN! | No |
| X | userd | systems.com | Added by the OUTLAW-A WORM! | No |
| N | UserFaultCheck | dumprep 0 -u | Used in connection with memory dumps - you can disable these by - right clicking on My Computer, selecting Properties and then the Advanced tab. Click on the Settings button in 'Startup and Recovery'. In the bottom pane - under 'Write debugging information' - click on the down arrow and then select 'None' - OK your way out | No |
| X | Userfile Sharing Serv | usnsrv.exe | Added by a variant of the IRCBOT TROJAN! See here | No |
| X | Userfile Sharing Server | usnserv.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | Userinit | lsass.exe | Added by the VIRAN-A TROJAN! Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Program Files%\Common Files%\System | No |
| X | userinit | winlogon.exe | Added by the DLOADER-TP TROJAN! Note - this is not the legitimate winlogon.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | userinit | smss.exe | Added by the DLOADR-B TROJAN! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | userinit | choo_003956f4 | Added by the PEED.16896 TROJAN! | No |
| X | userinit | ntos.exe | Added by the AGENT-ECU TROJAN! | No |
| X | Userinit | cologsver.exe | Added by the DROPPER.DJO TROJAN! | No |
| X | UserInit StartUp | rpcxuisu.exe | Added by a variant of the SDBOT WORM! | No |
| X | userinit.exe | userinit.exe | Added by the HAXDOOR-DP TROJAN! | No |
| X | userint32 | userint32.exe | Added by an unidentified TROJAN via an Instant Message that says, "This was cool, check it out here." Also contains Aurora popups | No |
| X | USERINTERFACE REPORT3R | M0USE.exe | Added by the MYTOB.HS WORM! | No |
| X | Userinterface Reporter | fuuuucktttttt.exe | Added by the MYTOB-DK WORM! | No |
| X | Userinterface Reporter | srv32.exe | ISTBar adware | No |
| X | UserSystem | [filename] | CoolWebSearch Smartsearch parasite variant. Also detected as the SEARCH-A TROJAN! | No |
| X | userun32 | userun32.exe | Added by the LYDRA-B TROJAN! | No |
| X | ushli | sscbltqu.exe | Obtained from an MP3 search list site. Also generates random processes on reboot | No |
| U | USIUDF_Eject_Monitor | USISrv.exe | Added by Ulead DVD Moviefactory. This program monitors your DVD or CD drives and alerts when you eject the media or have no media present | No |
| X | usnsvc.exe | usnsvc.exe | Added by the SPYBOT.AMD WORM! | No |
| X | UsrClassEx | UsrClassEx.exe | Added by the AGENT-KPU TROJAN! | No |
| X | usrgtway.exe | syswrun4x.exe | Added by the MITGLIEDER.E TROJAN! | No |
| X | UsrManagementConf | umcss.exe | Added by the IRCBOT-W TROJAN! | No |
| N | USRobotics 802.11g Wireless Network Utility | USRWLANG.exe | USRobotics Wireless Network Utility - used to configure security settings for connecting to WEP encrypted Access Point through the USR Wireless adapter. You must uncheck "Use Windows to configure my wireless settings" for the program to work properly. Has Site Survey capabilities, and reports link quality and signal strength. Not required for proper operation of the device as the features given are accessible in the network connection properties | No |
| N | Usrobotics Online Registration | ?? | Pop-up reminding customers to register their products online at US Robotics | No |
| Y | USRpdA | USRmlnkA.exe | Modem driver files from US Robotics | No |
| X | Usrr | rncr.exe | PurityScan adware | No |
| X | Usrr | rpen.exe | PurityScan adware | No |
| ? | USRSTA | USRSTA.exe | Wireless Card controller. What does it do and is it required? | No |
| ? | USRSTA.EXE | USRSTA.EXE | Wireless Card controller. What does it do and is it required? | No |
| X | Ussi | rwsa.exe | PurityScan adware | No |
| X | Ussi | wnscpit.exe | PurityScan adware | No |
| N | USSShReg | USSSHREG.EXE | Registration reminder for Ulead SmartSaver Pro - compacts large graphics for web designers | No |
| U | UStorag | ustorage.exe | U-Storage is application software running under Microsoft Windows, it provides functions and utility to manage STF flash drive (USB drive) for security, partition, boot-ability and recovery. See note | No |
| N | Ustorage | Ustorage.exe | Maintenance tool (enable security functions) for a USB drive from Pretec | No |
| X | utasvc | rundll32.exe utasvc.dll,start | Added by the AKBOT-AB WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "utasvc.dll" file is found in %System% | No |
| X | UtilisateurSur | SysRep.exe | UtilisateurSur, French rogue system error and cleaning utility - not recommended. A member of the ErrClean family | No |
| X | UtilitiesAndSoftware | rundll32.exe MSA64CHK.dll,DllMostrar | MatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System% | No |
| ? | Utility Ping | UTILIT~1.EXE | ?? | No |
| U | Utility Tray | sistray.exe | System Tray icon for SiS based graphics. Located in %System% | No |
| N | UtilityPro | UtilityPro.exe | IE search toolbars as supplied by people such as Yellow Internet and SearchBoss and written by Rawhide Search Solutions | No |
| Y | UTILsInst | N/A | For Gilat Communications internet satellite systems. Gilat rescue (Satellite system restore). Required if you have this system. Can cause a BSOD (blue screen of death) if left out | No |
| N | Utopia Angel | Angel.exe | Calculator for the online Utopia game | No |
| N | uTorrent | uTorrent.exe | µTorrent - file sharing client for Windows sporting a very small footprint from BitTorrent, Inc. Designed to use as little cpu, memory and space as possible while offering all the functionality expected from advanced clients. For more information about the protocol see here. As µTorrent is a peer-to-peer (P2P) file-sharing client used to distribute large amounts of data between multiple users make sure you have good, up-to-date virus protection and check any downloads | Yes |
| N | uTorrent.exe | uTorrent.exe | µTorrent - file sharing client for Windows sporting a very small footprint from BitTorrent, Inc. Designed to use as little cpu, memory and space as possible while offering all the functionality expected from advanced clients. For more information about the protocol see here. As µTorrent is a peer-to-peer (P2P) file-sharing client used to distribute large amounts of data between multiple users make sure you have good, up-to-date virus protection and check any downloads | Yes |
| X | uvnx | uvcx.exe | Added by the DLOADR-AWF TROJAN! | No |
| X | uvnx | uvnx.exe | Added by the SMALL.CUL TROJAN! | No |
| N | UVS10 Preload | uvPL.exe | Part of older versions of the Ulead (now Corel) VideoStudio video editing and DVD authoring software. Unless you use VideoStudio daily and find this speeds up the time it takes to open files associated with the program you shouldn't need this | No |
| N | UVS11 Preload | uvPL.exe | Part of older versions of the Ulead (now Corel) VideoStudio video editing and DVD authoring software. Unless you use VideoStudio daily and find this speeds up the time it takes to open files associated with the program you shouldn't need this | No |
| N | UVS12 Preload | uvPL.exe | Part of older versions of the Ulead (now Corel) VideoStudio video editing and DVD authoring software. Unless you use VideoStudio daily and find this speeds up the time it takes to open files associated with the program you shouldn't need this | No |
| X | uwa6pcw | uwa6pcw.exe | Part of the WinAntiVirus Pro 2006 rogue security software - not recommended | No |
| X | uwa7pcw | uwa7pcw.exe | Part of the WinAntiVirus Pro 2007 rogue security software - not recommended | No |
| X | uwas6cw | uwas6cw.exe | Part of the WinAntiSpyware 2006 rogue spyware remover - not recommended | No |
| X | uwas7cw | uwas7cw.exe | Part of the WinAntiSpyware 2007 rogue spyware remover - not recommended | No |
| X | uwyrl | uwyrl.exe | Added by the PHEL.A TROJAN! | No |
| X | uwyw.exe | yujixit.exe | Added by the SDBOT.BGB WORM! | No |
| X | uz | uz.exe | Added by the AGENT-GGH WORM! | No |
| ? | v | WMPVer.EXE | Dritek System Inc. 3D Mouse related. Is it required? | No |
| U | V.92 Modem On Hold | Ltmoh.exe | Modem On Hold utility - manages incoming/outgoing voice calls on a single phone line while being connected to the internet | No |
| U | V0220Mon.exe | V0220Mon.exe | Creative Live! Cam Console Auto Launcher | No |
| U | V0230Mon.exe | V0230Mon.exe | Creative Live! Cam Console Auto Launcher | No |
| Y | V0250Mon.exe | V0250Mon.exe | Part of Creative Webcam Launcher | No |
| Y | V128IID | Rundll32.exe v128iitw.dll, STB_InitTweak | Loads drivers for some STB graphics cards such as the STB nVIDIA TNT 16MB. Required if you don't want to experience lock-ups or error messages | No |
| ? | V128IITV | ?? | Loads drivers for some STB graphics cards. May be related to such a card with a TV out option? | No |
| ? | V66SHELL | V66SHELL.EXE | It looks to be part of the display driver set for ASUS V3800, V6600 and V6800 display adapters. Probably a system tray quick access control? | No |
| U | va10key | va10key.exe | Only required if you use the 10 kay bay unit with a Sony Vaio laptop | No |
| X | VaCtrls | v7 | Downloader, detected as a variant of the ALPHABET TROJAN! | No |
| Y | Vade Retro Outlook Express | Vaderetro_oe.exe | Vade Retro anti-spam software for Outlook Express from GOTO software products | No |
| X | Vaganza-XPloit-[User Name]" | [user name].exe | Added by the GAVGENT.A WORM! | No |
| Y | VAGCtrl | VAGCTRL.EXE | Vexira Antivirus - virus scanner from Central Command | No |
| X | Vagiconline | vadaSq.exe | Added by the SDBOT-TD WORM! | No |
| Y | VAGuard | VAGNT.exe | Vexira Antivirus - virus scanner from Central Command | No |
| U | VAIO Action Setup (Server) | VAServ.exe | Sony Vaio utility that auto-launches selected applications when you plug in a digital video camera, digital still camera, etc. via iLink (FireWire) or USB | No |
| U | VAIO Recovery | PartSeal.exe | System backup for Sony Vaio PCs. Adds a recovery mechanism for users over and above any System Restore features - allowing users to revert a drive back to the state it was when bought form the factory by hitting F10. The user obviously loses any data stored if not backed-up elsewhere | No |
| U | VAIO Update 2 | VAIOUpdt.exe | Related to Sony Vaio Update service | No |
| X | ValidData | [path to trojan] | Added by the RANKY.H TROJAN! | No |
| X | valuename | svchosts.exe | Added by a variant of the SDBOT WORM! | No |
| X | ValueS0ft | [random filename] | Added by a variant of the SPYBOT WORM! See here | No |
| X | ValueX | [random filename] | Added by the IRCBOT.EE TROJAN! | No |
| X | VasddwDg | zxXZwd.exe | Added by the SDBOT-SN WORM! | No |
| X | vb6 | vb6.exe | Added by the MUGLY.D WORM! | No |
| X | vbcdtm | [random filename] | Added by a variant of the SLAPER TROJAN! | No |
| X | vbe | [random name].vbe | Added by the UISGON-A WORM! | No |
| X | VBouncer | VirtualBouncer.exe | Virtual Bouncer - malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove, so definitely qualifies as unsolicited commercial software in itself. It also has an update feature that can download and execute arbitrary code. Warning - choose "custom" uninstall as "automatic" may remove other programs - see here | No |
| X | VbouncerDL | VbouncerInner****.exe [* = random char] | Virtual Bouncer - malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove, so definitely qualifies as unsolicited commercial software in itself. It also has an update feature that can download and execute arbitrary code. Warning - choose "custom" uninstall as "automatic" may remove other programs - see here | No |
| X | VbouncerDL | VBouncerInner.exe | Virtual Bouncer - malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove, so definitely qualifies as unsolicited commercial software in itself. It also has an update feature that can download and execute arbitrary code. Warning - choose "custom" uninstall as "automatic" may remove other programs - see here | No |
| X | VBS.Ipnuker@mm | [worm filename].vbs | Added by the NUKIP WORM! | No |
| X | VBS_AUTO_UPDATE | 0548656X.vbs | Added by the GORMLEZ-A WORM! | No |
| X | VBundleOuterDL | BundleOuter.EXE | Virtual Bouncer - malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove, so definitely qualifies as unsolicited commercial software in itself. It also has an update feature that can download and execute arbitrary code. Warning - choose "custom" uninstall as "automatic" may remove other programs - see here | No |
| X | VB_run | comctl_32.exe | Dubious downloader from densmail.com | No |
| X | VC5MediaPlayer | [path to file] | Added by the DEDLER-D TROJAN! The most common filenames seen are "csmss.exe" and "csmrs.exe", located in %System% | No |
| N | VC5Play | VC5Play.exe | Virtual CD drive emulator - version 5. Available via Start -> Programs | No |
| N | VC6play | VC6Play.exe | Virtual CD drive emulator - version 6. Available via Start -> Programs | No |
| N | VC7Play | VC7Play.exe | Virtual CD drive emulator - version 7. Available via Start -> Programs | No |
| N | VC7Player | VC7Play.exe | Virtual CD drive emulator - version 7. Available via Start -> Programs | No |
| U | VC9Player | VC9Play.exe | Virtual CD from H H Software GmbH. "With Virtual CD, all your favorite CDs and DVDs are immediately accessible without constantly inserting and ejecting media" | No |
| X | VCatch | Vcatch.exe | CommonSearch Vcatch - "antivirus" software which actually bundles spy/adware itself! | No |
| X | VCatch Premium | VCatchpre.exe | VCatch antivirus. Considered spyware itself - see here | No |
| X | vcbbjf | keepSafe.exe | Added by the KILLAV.KAX TROJAN! | No |
| X | vccacA | sdaxzl.exe | Added by the SDBOT-RP WORM! | No |
| N | VCDPlayer | VCDPlayer.exe | Virtual CD drive emulator. Available via Start -> Programs | No |
| N | vcdplayx | vcdplayx.exe | CD emulation part of GameDrive & VirtualDrive from Farstone. Not required as starting these programs load this automatically | No |
| U | VCDTower | VCDTower.exe | Goldensoft CD Ghost related - turns a computer into a 200X-speed CD-ROM tower. Working from the hard drive, users can simultaneously access as many as 23 virtual CD-ROM drives at a speed of 200X for true multitasking | No |
| ? | VCDWATCH | VCDWATCH.EXE | Confirmed as Voyetra CD Watcher as it was found in a Compaq/Voyetra/AS2 directory but what does it do? | No |
| X | vcmicrec | msccsed.exe | Added by the MAILBOT-CE TROJAN! | No |
| X | VCMnet11 | VCMnet11.exe | Windows AFA Internet Enhancement - a browser hijacker, redirecting to adsourcecorp.com. See here | No |
| X | VCS Host | vcshost.exe | Added by the RBOT-FKT WORM! | No |
| N | VCSPlayer | vcsplay.exe | Virtual CD drive emulator. Available via Start -> Programs | No |
| X | VCXD Settings | phqg.EXE | Added by the RBOT.BRF WORM! | No |
| U | VC_Log | keylog.exe | PaqKeylog is a surveillance software program that logs keystrokes and can run in stealth mode. Uninstall this software unless you put it there yourself | No |
| X | Vdat Update | lalaa.exe | Added by a variant of the RBOT WORM! | No |
| ? | VDI Manager (HP) | HPO0VDX05.exe | HP (Hewlett-Packard) related. Now - what does it do? | No |
| U | VDrive2 | WebLifeDisk.exe | EarthLink WebLife Disk - "Consumers can quickly save files from their desktop into WebLife Disk, and then easily access them from any Internet connection without taking a laptop on the road or keeping up with a USB key" | No |
| N | vdtask | vdtask.exe | Program part of GameDrive & VirtualDrive virtual CD/DVD drive emulators from Farstone. Not required as starting these programs load this automatically | No |
| N | Vegas Palms - Launcher | Launcher.exe | Vegas Palms on-line cassino | No |
| X | VeiligheidAgent | pgs.exe | VeiligheidAgent, Dutch rogue security software - not recommended. A member of the AVSystemCare family | No |
| X | veja_fotos.exe | veja_fotos.exe | Added by the MDROP-F TROJAN! | No |
| X | Vekio Startups | Pnksvc32.exe | Added by the AGOBOT.AJG WORM! | No |
| U | VentaDrv | vfdrv32.exe | Related to VentaFax Voice - send and receive black-and-white or color faxes, and turns your PC's fax modem into a versatile answering machine | No |
| U | Venturi Configurator | ventcfg.exe | Venturi Wireless mobile broadband configuration utility | No |
| U | Veo Velocity Connect | stim11.exe | Support software for the Veo Velocity Connect webcam | No |
| U | Veoh | VeohClient.exe | Veoh lets you share your video with other internet users | No |
| U | VERBATIM STORE 'N' G | verbatim store 'n' go.exe | Loads the driver for the Verbatim Store'n'Go PRO USB Flash Drive - reportedly required only on systems running Windows 98 and Millennium | No |
| X | Verif | vxst.exe | Added by the NOPIR.B WORM! | No |
| X | Veritas Patch | veritas.exe | Added by the RBOT-XT WORM! | No |
| N | Verizon Control Pad | cpad.exe | Control Pad - installed with Verizon DSL accounts. Tool designed to streamline the online experience | No |
| ? | Verizon Custom Uninstall Tracking | InstallHelper.exe | Verizon related installation tracker. What does it do and is it required? | No |
| U | Verizon Online Support Center | matcli.exe | "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, state, etc and gets written to a log file". Verizon Online Support Center is required to run with the Help and Support program. If you uncheck Verizon Online Support Center and and then run help and Support it will add another Verizon Online Support Center in the startup menu. If you remove the Verizon Online Support Center in the add/remove program some help menus in help and support will not be available. You decide | No |
| U | VerizonServicepoint.exe | VerizonServicepoint.exe | Part of Verizon Online Support Manager | No |
| X | vern16.dll | regsvr32.exe vernn16.dll | DailyWinner adware. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The "vernn16.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| U | versato | versato.exe | "Hot" button (such as volume and browser control) management and a CD player as supplied with QTronix (as possibly Micro Innovations) keyboards | No |
| X | verse | verse.exe | Added by the STAP-C WORM! | No |
| X | Version | Version.exe | JRAUN adware variant | No |
| X | Version | manage.exe | JRAUN adware variant | No |
| X | version | [random].exe | DealHelper adware | No |
| Y | Vet Alert | vetmsg9x.exe | Computer Associates "InnoculateIT" and Vet Anti-Virus virus software | No |
| Y | Vet Alert | VETMSG.EXE | Computer Associates Vet Anti-Virus software | No |
| Y | Vet Start Up | vet98.exe | Computer Associates "InnoculateIT" and Vet Anti-Virus virus software. This option will slow down your system, if set too aggressively. There is no need to scan every file when opened, closed, etc. Check in InoculateIT PE options | No |
| Y | Vet Start Up | vet32.exe | Computer Associates "InnoculateIT" and Vet Anti-Virus virus software. This option will slow down your system, if set too aggressively. There is no need to scan every file when opened, closed, etc. Check in InoculateIT PE options | No |
| Y | VetAlert | VETMSG.EXE | Computer Associates Vet Anti-Virus software | No |
| U | VetTray | vettray.exe | Computer Associates "InnoculateIT" and Vet Anti-Virus virus software. System Tray quicklaunch access, not really necessary but only occupies 36k resources | No |
| X | VFW Encoder/Decoder Settings | RUNDLL32.exe MSSIGN30.DLL ondll_reg | Added by the LOVGATE-W WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| X | VGA Startup | vgacard.exe | Added by a variant of the RBOT WORM! | No |
| X | VgaDriver | RsrVga32.exe | Added by the KEYLOG-AH TROJAN! | No |
| X | VGATune | VGATune.exe | Added by the RBOT-AWM WORM! | No |
| U | VGAUtil | G-VGA.exe | Gigabyte VGA Utility - access card options (application needs to be run at startup, but is not system critical) | No |
| X | vhost | host.exe | Peppi adware | No |
| X | Vhosts Protection | vhosts.exe | Added by an unidentified WORM or TROJAN! | No |
| X | vid32cntl | vid32cntl.Exe | Added by the CRYPTER.A TROJAN! | No |
| N | Vidalia | Vidalia.exe | Vidalia is a cross-platform GUI controller for the Tor anonymityn package. Using Vidalia, you can start and stop Tor, view the status of Tor at a glance, and monitor Tor's bandwidth usage | No |
| X | vidcntl | vidcntl.Exe | Added by the CRYPTER.A TROJAN! | No |
| X | Vidcompat | Vidcompat.exe | Added by the GEMA TROJAN! | No |
| X | vidctrl | vidctrl.exe | Delfin Promulgate adware variant | No |
| X | Video | explored.exe | Added by the GAOBOT.RF WORM! | No |
| X | Video | winamp32.exe | Added by the AGOBOT-NG WORM! | No |
| X | Video Camera Frog | wcamfrog.exe | Added by a variant of the IRCBOT TROJAN! See here | No |
| X | Video Card Driver (do not remove) | tsasi.exe | Added by the SPYBOT-EF WORM! | No |
| X | Video Display | VDISP.EXE | Added by the AGOBOT-KE WORM! | No |
| X | Video Driver | svchost.exe | Added by an unidentified WORM or TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! | No |
| X | Video Lan Player | VideoLanPlayer.exe | Added by the RBOT-MY WORM! | No |
| X | Video Manager | videomgr.exe | Added by the PANDEM.C WORM! | No |
| X | Video Multimedia Driver | ndrives32.exe | Added by the RBOT-DK WORM! | No |
| X | Video Poes | winii.exe | Added by the AGOBOT-CP WORM! | No |
| X | Video Proces | winaps.exe | Added by the AGOBOT.HD WORM! | No |
| X | Video Process | sysconf.exe | Added by the GAOBOT.GEN!POLY or GAOBOT.UM or GAOBOT.ADX WORMS! | No |
| X | Video Process | MS32x16.exe | Added by the RBOT.RH WORM! | No |
| X | Video Process | netsvcs.exe | Added by the AGOBOT.LH WORM! | No |
| X | Video Process | MSlti64.exe | Added by the AGOBOT.UE WORM! | No |
| X | Video Process | [random filename] | Added by the RBOT-LM WORM! | No |
| X | Video Process | winasp.exe | Added by the AGOBOT-IS WORM! | No |
| X | Video Process | msn5.exe | Added by the AGOBOT-TW WORM! | No |
| X | Video Process | MStli32s.exe | Added by the RBOT-GAD WORM! | No |
| X | Video Process | wincert32.exe | Added by the AGOBOT.JT WORM! | No |
| X | Video Process | ntsystm.exe | Added by the GAOBOT.ZX WORM! | No |
| X | Video Process | Nivopsvc.exe | Added by the AGOBOT-GT WORM! | No |
| X | Video Process | wincrt32.exe | Added by the AGOBOT-GR WORM! | No |
| X | Video Proes | winaii.exe | Added by the AGOBOT-FH WORM! | No |
| X | Video Services | explore.exe | Added by the GAOBOT.GL WORM! | No |
| X | Video Services | videol_32.exe | Added by the AGOBOT-DM WORM! | No |
| X | Video Services | sys32.exe | Added by the AGOBOT.PS WORM! | No |
| X | Videocntl | Videocntl.exe | Added by a variant of the GEMA.D TROJAN! | No |
| X | VideoDriver | [filename] | Added by the GSPOT20.A TROJAN! | No |
| X | VideoDriver | videodrv.exe | Added by the MIMAIL.A WORM! | No |
| X | VideoDriver | gspotbot.exe | Added by the SPIGOT.C TROJAN! | No |
| X | VideoDriverHook | vmdriver.exe | Added by the BCKDR-PSS BACKDOOR! | No |
| X | Videool32 | VIDEOL32.EXE | Added by the AGOBOT.EC WORM! | No |
| X | videopci | videopci.exe | Added by the AGENT-W TROJAN! | No |
| X | videoporno.exe | videoporno.exe | Premium rate adult content dialer | No |
| Y | Videora | Videora.exe | Video Holding personal video downloading program | No |
| X | VidiaDrivers | [path to trojan] | Added by the RANKY.U TROJAN! | No |
| X | vidmon | VIDMON.EXE | Delfin Media Viewer adware related | No |
| X | Vido Pes | vmwa32.exe | Added by the AGOBOT-GU WORM! | No |
| N | VidSvr | vidsvr.exe | MS WebTV for Windows Channel Guide. Used to display TV on your PC via a compatible video card with in-built tuner (such as ATI All-In-Wonder). If you don't use it - uninstall it | No |
| X | vietato.exe | vietato.exe | Adult content dialler | No |
| X | VIEW POINT DRIVERS | phqghum.exe | Added by the RBOT.BRX WORM! | No |
| X | VIEW POINT DRIVERS FOR WIN32 | phqghu.exe | Added by a variant of the RBOT WORM! | No |
| U | Viewbar | Viewbar.exe | Agloco Viewbar is a small toolbar that rests on the bottom of your screen or browser window while you surf the Internet. The Viewbar software is what enables AGLOCO to collect the money you are earning while browsing the Internet". Get paid for browsing but you must consent to them collecting your personal information | No |
| N | ViewMgr | ViewMgr.exe | Viewpoint Manager - automatic updates for ViewPoint products such as ViewPoint Media Player (as bundled with AOL, AOL Instant Messenger, Compuserve, etc). Can be run manually via Start -> Settings -> Control Panel by enabling auto-updates temporarily, re-booting and then disabling again. Not recommended as Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This may change in 2006 - read this article | No |
| U | ViewpointPhotosDeviceConnect | FotomatDeviceConnect.exe | Related to Viewpoint which is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 according to this article. You can remove it via Start -> Settings -> Control Panel -> Add/Remove Programs list... | No |
| U | ViGlance | ViGlance.exe | ViGlance (Windows 7 SuperBar for XP) adds a Windows 7 style SuperBar for Windows XP users and can be loaded at boot time or started manually | Yes |
| U | ViivMonitor | ViivMonitor.exe | Related to Intel Media Share Software. "Stream or download media files from your Intel® Core®2 Processor with Viiv® technology-based PC" | No |
| ? | Vinny | ?? | ?? | No |
| U | ViOrb | ViOrb.exe | ViOrb (Vista Start Button for XP) adds a Vista style Start Button for Windows XP users and can be loaded at boot time or started manually | Yes |
| X | vipantispyware | vipantispyware.exe | VipAntiSpyware rogue spyware remover - not recommended | No |
| X | VirRL2009 | VirRL2009.exe | VirusResponse Lab 2009 rogue security software - not recommended | No |
| X | Virscanner | smss.exe | Added by the DWNLDR-GWE TROJAN! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | ViRsLab | ViRsLab.exe | VirusResponse Lab 2009 rogue security software - not recommended | No |
| X | Virt.exe | Virt.exe | Added by the REMADM-C TROJAN! | No |
| U | VirtuaGirl | Vg.exe | VirtuaGirl is a shareware program featuring scantily dressed girls on your desktop. They say hi in the morning, remind you of your appointments and dance for you on request... | No |
| U | VirtuaGirl2 | VirtuaGirl2 | VirtuaGirl is a shareware program featuring scantily dressed girls on your desktop. They say hi in the morning, remind you of your appointments and dance for you on request... | No |
| X | virtual | winit.exe | Added by the MUGLY.A or MUGLY.B WORMS! | No |
| X | virtual | winprotect.exe | Added by the MUGLY.C WORM! | No |
| X | virtual | wini.exe | Added by the RBOT-YX WORM! | No |
| U | Virtual Access Scheduler | VASCHD32.EXE | The scheduler for mail and usenet tool | No |
| X | Virtual Bouncer | VirtualBouncer.exe | Virtual Bouncer - malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove, so definitely qualifies as unsolicited commercial software in itself. It also has an update feature that can download and execute arbitrary code. Warning - choose "custom" uninstall as "automatic" may remove other programs - see here | No |
| X | Virtual CD v6 | grplscd.exe | Added by the RBOT-AXV WORM! | No |
| X | Virtual CD v6 | [random].exe | Added by the RBOT-AZV WORM! | No |
| X | Virtual CDROM | deamon.exe | Added by the RBOT.VP WORM! | No |