Last database update :- 31st March, 2009
18311 items listed
This page presents a comprehensive list of the programs you may find that run when you switch on your PC as typically identified by MSCONFIG or the registry "Run" keys - and whether you need them.
This is NOT a database of tasks/processes taken from Task Manager or the Close Program window (CTRL+ALT+DEL) but a database of startup applications, although you will find some of them listed via this method. Pressing CTRL+ALT+DEL identifies programs that are currently running - not necessarily at startup. For a list of tasks/processes you should try the Process Library from Uniblue, the list at PC Pitstop or one of the many others now available. Therefore, before ending a task/process via CTRL+ALT+DEL just because it has an "X" recommendation, please check whether it's in MSConfig or the registry first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+ALT+DEL. If in doubt, don't do anything.
A number of entries are repeated due to the way that different operating systems display startup items. For example, WinMe lists "POPROXY.EXE" as "Norton eMail Protect" in both MSCONFIG and the registry whereas WinXP lists it as "Poproxy" in MSCONFIG and "Noeton eMail Protect" in the registry.
To avoid the list becoming too large, all VIRUSES are shown using the registry version which is common to all Windows versions.
There are viruses and other pests that can add any number of different entries to the startups. They make additional entries under the registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Run and RunOnce keys, allowing them to run at startup.
If you want to know more about these types of programs why not start with a search at Wikipedia - the free, community maintained online encyclopedia. Then visit the Safer Networking and BleepingComputer malware forums.
o-----------------------------o
Key:
Variables:
| Status | Name/Startup Item | Command | Comments | Tested |
|---|---|---|---|---|
| X | system32.exe | Added by the AGOBOT-KU WORM! Note - has a blank entry under the Startup Item/Name field | No | |
| X | pathex.exe | Added by the MKMOOSE-A WORM! Note - has a blank entry under the Startup Item/Name field | No | |
| X | svchost.exe | Added by the DELF-UX TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder. Note - has a blank entry under the Startup Item/Name field | No | |
| X | MSPF.EXE | Added by a variant of the SDBOT WORM! This file is located in the Winnt or Windows folder. Note - has a blank entry under the Startup Item/Name field | No | |
| X | dllvirtual.exe | Added by the DADOBRA-IW TROJAN! Note - has a blank entry under the Startup Item/Name field | No | |
| X | dllvirtual.dll | Added by the DADOBRA-IW TROJAN! Note - has a blank entry under the Startup Item/Name field | No | |
| X | dllvirtual.js | Added by the DADOBRA-IW TROJAN! Note - has a blank entry under the Startup Item/Name field | No | |
| X | ajsha5.exe | Added by the SPYBOT-NX WORM! Note - has a blank entry under the Startup Item/Name field | No | |
| X | ne.exe | Added by the IRCBOT-ZL TROJAN! | No | |
| Y | !1_pgaccount | pgaccount.exe | DiamondCS ProcessGuard security software - stops malicious worms and trojans from being executed silently in the background, as well as a variety of other attacks. You will see one instant of pgaccount.exe for every active account on your system, and this is essential for PG to work properly | No |
| Y | !1_ProcessGuard_Startup | procguard.exe | DiamondCS ProcessGuard security software - stops malicious worms and trojans from being executed silently in the background, as well as a variety of other attacks | No |
| Y | !AVG Anti-Spyware | avgas.exe | Main application of AVG Anti-Spyware 7.5 from AVG Technologies (was Grisoft). Now superseeded by AVG Anti-Virus which includes Anti-Spyware | No |
| Y | !ewido | ewido.exe | Part of Ewido Anti-Spyware 4.0. Ewido is now part of AVG Technologies so this has been superseeded by AVG Anti-Virus which includes Anti-Spyware | No |
| N | !NoLoad | winrecon.exe | WinRecon keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| U | $EnterNet | Enternet.exe | Connection manager for the EnterNet ISP. You can also use RASPPOE | No |
| X | $sys$cmp | $sys$xp.exe | Added by the RYKNOS.B TROJAN! Attempts to utilize the Sony Rootkit A.K.A. SecurityRisk.First4DRM security risk to hide itself on the compromised computer | No |
| X | $sys$crash | $sys$sonyTimer.exe | Added by the WELOMOCH TROJAN! | No |
| X | $sys$crash | $sys$sos$sys$.exe | Added by the WELOMOCH TROJAN! | No |
| X | $sys$crash | $sys$WeLoveMcCOL.exe | Added by the WELOMOCH TROJAN! | No |
| X | $sys$drv | $sys$drv.exe | Added by the RYKNOS TROJAN! Attempts to utilize the Sony Rootkit A.K.A. SecurityRisk.First4DRM security risk to hide itself on the compromised computer | No |
| X | $sys$momomomochin | $sys$sonyTimer.exe | Added by the WELOMOCH TROJAN! | No |
| X | $sys$momomomochin | $sys$sos$sys$.exe | Added by the WELOMOCH TROJAN! | No |
| X | $sys$momomomochin | $sys$WeLoveMcCOL.exe | Added by the WELOMOCH TROJAN! | No |
| X | $sys$umaiyo | $sys$sonyTimer.exe | Added by the WELOMOCH TROJAN! | No |
| X | $sys$umaiyo | $sys$sos$sys$.exe | Added by the WELOMOCH TROJAN! | No |
| X | $sys$umaiyo | $sys$WeLoveMcCOL.exe | Added by the WELOMOCH TROJAN! | No |
| U | $Volumouse$ | volumouse.exe | Volumouse from Nirsoft. "Provides you a quick and easy way to control the sound volume on your system - simply by rolling the wheel of your wheel mouse" | No |
| X | $WindowsRegKey%update | IEXPLORE.EXE | Added by the RBOT-EZ WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System% | No |
| ? | %cmpmixtitle% | %cmpmixstr% | Possibly related to C-Media Mixer Control panel? | No |
| N | %FP%012-L2TP fts.exe | fts.exe | 012.Net.il Israeli ISP software front-end | No |
| U | %FP%012-L2TP FWPortal.exe | FWPortal.exe | 012.Net.il Israeli ISP dial-up software | No |
| N | %FP%1776 Internet fts.exe | fts.exe | 1776 Internet US ISP software ISP software front-end | No |
| U | %FP%1776 Internet FWPortal.exe | FWPortal.exe | 1776 Internet US ISP dial-up software | No |
| N | %FP%AIRTEL fts.exe | fts.exe | Bharti Airtel Broadband - Indian ISP software front-end | No |
| N | %FP%Barak013 fts.exe | fts.exe | Barak013 Israeli ISP software front-end | No |
| U | %FP%Barak013 FWPortal.exe | FWPortal.exe | Barak013 Israeli ISP dial-up software | No |
| N | %FP%Friendly fts.exe | fts.exe | Friendly ISP software front-end | No |
| X | \NvCpTDaemon | wuauqmr.exe | Added by the CULT-B WORM! | No |
| U | µTorrent | utorrent.exe | µTorrent - BitTorrent client for Windows sporting a very small footprint. It was designed to use as little cpu, memory and space as possible while offering all the functionality expected from advanced clients | No |
| X | WinCheck | services.exe | Added by the SOBER.V WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\ConnectionStatus\Microsoft and note the space at the beginning of the "Startup Item" field | No |
| X | Windows | services.exe | Added by the SOBER.X WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\WinSecurity and note the space at the beginning of the "Startup Item" field | No |
| X | WinStart | services.exe | Added by the SOBER.O WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\Connection Wizard\Status and note the space at the beginning of the "Startup Item" field | No |
| X | winsystem.sys | smss.exe | Added by the SOBER.K WORM! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\msagent\win32 and note the space at the beginning of the "Startup Item" field | No |
| Y | 'Ashampoo AntiSpyWare 2 Guard' | AntiSpyWare2Guard.exe | Part of Ashampoo® AntiSpyWare 2 from Ashampoo GmbH & Co. KG. This part is the realtime monitor that looks for changes on the users system such as BHO, Winsock LSPs, Windows Hosts file, Autostart entries, etc | Yes |
| X | (*)API Machine | winSOCKS.exe | Homepage hijacker, see here (* = any digit) | No |
| X | (*)Run | win32API.exe | Homepage hijacker, see here (* = any digit) | No |
| X | (Default) | media_driver.exe | Added by the TUPEG VIRUS! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank | No |
| X | (Default) | Shania.vbs | Added by the SHANIA BACKDOOR! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank | No |
| X | (Default) | NOTEPAD.exe | Added by the RUSTY WORM! Note - not to be confused with the valid Windows "NOTEPAD" text editor! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank | No |
| X | (Default) | [random filename].exe | Added by the BLACKMAL WORM! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run and HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blank | No |
| X | (Default) | twunk_32.exe | Added by the BLACKMAL.C WORM! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank | No |
| X | (Default) | winhelp.exe | Added by the BLACKMAL.C WORM! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank | No |
| X | (Default) | spolsvr2.exe | Added by the EVILSOCK.10 TROJAN! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank | No |
| X | (Default) | winbas12.exe | Adware, CoolWebSearch parasite related - detected by Kaspersky as the VB.DU TROJAN! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank | No |
| X | (Default) | Systrsy.exe | Added by the CDTRAY TROJAN! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank | No |
| X | (Default) | llsass.exe | Added by the PROXY-GG TROJAN! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank | No |
| X | (Default) | syspol.exe | Added by the DREMN-B TROJAN! Note - this malware actually changes the value data of the "(Default)" key in HKCU\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank | No |
| X | (Default) | winlog.exe | Unidentified adware. Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run and HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blank | No |
| X | (default) | rundll32.exe [path to DLL file],Do98Work | Added by the HESIVE.B TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. Note - this malware actually changes the value data of the "(Default)" key in HKCU\Run, HKLM\Run and HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blank | No |
| X | (Default) | winligom.exe | Added by the RBOT-GAI WORM! Note - this malware actually changes the value data of the "(Default)" key in HKCU\Run, HKLM\Run and HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blank | No |
| X | (Default) | 5640.exe | Added by the DOWNLD-ABF TROJAN! Note - this malware actually changes the value data of the "(Default)" key in HKCU\Run, HKLM\Run and HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blank | No |
| X | (Default) | QQUpdate.exe | Added by the QUADRULE.A WORM! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank | No |
| X | (Default) | Mcafee.exe | Detected by Kaspersky as the AGENT.AY TROJAN! See here. Note - this is not a valid McAfee program and is located in %System%. This malware actually changes the value data of the "(Default)" key in HKLM\Run and HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blank | No |
| X | (Default) | fada.exe | Detected by Trend Micro as the VB.HEI TROJAN! See here. Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run and HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blank | No |
| X | (L4r1$$4) (4nt1) (V1ruz) | SP00Lsv32.pif | Added by the ASSIRAL.B WORM! | No |
| X | *Bandook | msdll.exe | Added by an unidentified TROJAN - see here | No |
| X | *JanisRuckenbrodII | janis.com | Added by the POPS WORM! | No |
| X | *Microsoft Update | ctxma.exe | Added by the STMU TROJAN! | No |
| X | *Microsoft Update | cxma.exe | Added by the STMU TROJAN! | No |
| X | *Microsoft Update | wstcl.exe | Added by the STMU TROJAN! | No |
| X | *Microsoft Update | wucxt.exe | Added by the STMU TROJAN! | No |
| X | *Microsoft Update | wuytc.exe | Added by the STMU TROJAN! | No |
| X | *MS Setup | [random filename] | Virtumondo adware, also known as the VUNDO TROJAN! | No |
| X | *MSConfig32 | aecache.exe | Detected by F-Secure as the OBFUSCATED.GP TROJAN! | No |
| Y | *Restore | rstrui.exe | Part of Windows System Restore and added as a RunOnce registry entry. Leave alone | No |
| X | *Security Center | secctr.exe | Added by the SDBOT.BRO WORM! | No |
| Y | *StateMgr | statemgr.exe | Windows ME default for System Restore. Do NOT disable! | No |
| N | *WerKernelReporting | WerFault.exe | Part of Windows Error Reporting technology (WER) for Vista. WER captures software crash and hang data from end-users who agree to report it - see here | No |
| X | *windows update | wrauclt.exe | Added by the RBOT-QU WORM! | No |
| X | *windows update | wuanclt.exe | Added by the RBOT-PG WORM! | No |
| X | *windows update | wuaucrlt.exe | Added by the SPYBOT.HUR WORM! | No |
| X | *windows update | wuraclt.exe | Added by the RBOT-PO WORM! | No |
| X | *windows update | wurauclt.exe | Added by the RBOT-SY WORM! | No |
| X | *windows update | wsctl.exe | Added by the SPYBOT.PR WORM! | No |
| X | *windows update | wkmst.exe | Added by the SDBOT.AVD WORM! | No |
| X | *windows update | wscxt.exe | Added by the RBOT.AOS WORM! | No |
| X | *windows update | waurclt.exe | Added by a variant of the RBOT WORM! | No |
| X | *Windows [filename] Checker | [filename] | Added by the KEDEBE-B WORM! | No |
| X | *WindowsAudio | systemupd.exe | Added by the AGENT-TH WORM! | No |
| X | *WinLogon | [trojan path] ren time:[random number] | Added by the VUNDO TROJAN! | No |
| X | *winstats | winstats.exe | Added by the GARGAFX TROJAN! | No |
| X | *wuauclt.exe | w****.exe [* = random char] | Added by a variant of the RBOT-UG WORM! Note - * in the filename represents a random char; variants spotted: wxmct.exe, wtmsv.exe, wxmst.exe, wmsvc.exe and so on... | No |
| X | ,main drive Loader | wininfo.exe | Suspected malware as it appears in 3 different registry locations - see here | No |
| X | -=+(L4r1$$4)+=-(4nt1)-=+(V1ru$)=-+ | ISASS.exe | Added by the ASSIRAL.B WORM! | No |
| Y | -FreedomNeedsReboot | ZkRunOnceR.exe | Internet Security Suite used by ISPs to protect customers against many attacks | No |
| X | .. | ABC2007.exe | Added by the DLOADR-ASH TROJAN! | No |
| X | .mscdr | lassa.exe | Added by the WEBUS.C TROJAN! | No |
| X | .mscdr | lsvchost.exe | Added by the WEBUS.D TROJAN! | No |
| X | .mscdsr | lsvchost.exe | Added by the BDOOR-CR BACKDOOR! | No |
| X | .mscsbl | svhost.exe | Added by the CMQ TROJAN! | No |
| X | .msfupdate | msveup.exe | Added by the ALLOCUP.A WORM! | No |
| X | .mssecure | mssecure.exe | Added by the DDOS_BOXED.X TROJAN! | No |
| ? | .NET config | sysmon32.exe | ?? | No |
| X | .NET. | msnmgnr.exe | Added by the DELF.AYF WORM! | No |
| X | .norton | rchost.exe | Added by the BOXED-H TROJAN! | No |
| X | .nvsvc | smss.exe | Added by the IRCBOT-FP TROJAN! Note - this is not the legitimate smss.exe process which should not normally figure in Msconfig/Startup! | No |
| X | .nvsvcb | smssb.exe | Added by the BOXED.CG TROJAN! | No |
| X | .Prog | services.exe | Added by the NEVEG.B or NEVEG.C WORMS! Note - this is not the legitimate services.exe process, which should not appear in Msconfig/Startup! | No |
| X | .Prog | winlogon.exe | Added by the NEVEG.A WORM! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup! | No |
| X | .protected | N/A | Smitfraud variant | No |
| X | .svchost | CSRSS.EXE | Added by the WEBUS.F TROJAN! Note - this worm replaces the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! | No |
| X | .TEXTCONV | csrss.exe | Added by the WEBUS TROJAN! Note - this worm replaces the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! | No |
| X | .TEXTCONV | lsass.exe | Added by the WEBUS.B TROJAN! Note - this is not the legitimate lsass.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the System folder | No |
| X | .WMAudio | csrss.exe | Added by the WEBUS TROJAN! Note - this worm replaces the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! | No |
| X | .WMAudio | lsass.exe | Added by the WEBUS.B TROJAN! Note - this is not the legitimate lsass.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the System folder | No |
| N | /l:eng | N/A | Related to the Dell OEM version of the Sound Blaster Audigy 2 sound card. If this item is listed and checked in startup, the System32 Folder will appear on every startup. A patch is available - filename R75304.EXE - that fixes the issue. You can find that file at support.dell.com by typing that name in the 'Search' box available there. It addresses the root of the problem in Creative's software and corrects it. Unfortunately there is no direct link to the file, but it's easily available using the search function | No |
| U | 000 | pit.exe | PrivateEye surveillance software. Uninstall this software unless you put it there yourself | No |
| X | 000hpdllhos | hpdllhost.exe | LZIO.com adware downloader | No |
| U | 000StTHK | 000StTHK.exe | Toshiba Hot key functionality for the function keys (Fn-Esc, Fn-F1 (lock), Fn-F2, Fn-F3, Fn-F4, Fn-F5 (switching between laptop and CRT display output), etc...) | No |
| X | 0050726-007-i32-1 | 0050726-007-i32-1.exe | Added by the BANCBAN-EC TROJAN! | No |
| ? | 00DSKSVR00 | desksaver.exe | Related to Advanced Desktop Shield | No |
| ? | 00DSKSVR01 | desksaver.exe | Related to Advanced Desktop Shield | No |
| Y | 00PCTFW | FirewallGUI.exe | System Tray access to PC Tools Firewall Plus from PC Tools - which "is a powerful personal firewall for Windows that protects your computer from intruders and controls the network traffic in and out of your PC" | Yes |
| Y | 00TCrdMain | TCrdMain.exe | Related to the flash card slot on a Toshiba laptop. Ending this process will disable access to the flash cards | No |
| U | 00THotkey | 00THotKey.exe | For Toshiba Satellite notebook series to use the front buttons, play, stop, next, prev. | No |
| U | 00THotkey | system32THotkey.exe | For Toshiba Satellite notebook series to use the front buttons, play, stop, next, prev | No |
| U | 0190 Warner | WARN0190.EXE | Anti-dialer program (Germany) | No |
| U | 0900 Warner | WARN0900.EXE | Anti-dialer program (Germany) | No |
| X | 0mcamcap | 0mcamcap.exe | Added by the COSIAM-H TROJAN! | No |
| X | 0utlook Express | *****.exe [* = random char] | Added by the RBOT-CC WORM! Note the first letter is actually the digit "0" and not a capital "o" | No |
| X | 1 | 1.exe | Added by the ESTEEMS TROJAN! | No |
| X | 1 | lsass.scr | Added by the BANCOS.V TROJAN! | No |
| X | 1 | svchost.scr | Added by the BANCOS.X TROJAN! | No |
| X | 1 | mrcmgr.exe | Detected by Kaspersky as the BANKER.RQK TROJAN! See here | No |
| N | 1&1 EasyLogin | EasyLogin.exe | 1&1 EasyLogin - quick access to webhost 1&1's Control Panel, Web-Mail and other applications via the System Tray | No |
| X | 1-sukarno | sukarno.exe | Added by the BRONTOK-CR WORM! | No |
| U | 101Clips | 101Clips.exe | 101Clips - "the simplest of all multi-clipboard programs. Just have it running minimized and it captures everything you cut or copy from other programs. It keeps the last 25" | No |
| X | 1029BB4B-16A9-4E77-AA3D-96930BD68EEC | sysockeu.exe | Added by the FAKEALERT-AH TROJAN! | No |
| X | 1111swapmgr.exe | 1111swapmgr.exe | Added by the BDOOR-IC BACKDOOR! | No |
| X | 123456 | rundll32.exe shell32.dll, Control_RunDLL ...123456.cpl | Added by the KITRO.C (or DANDI.A) WORM! 123456 can be any random 3 to 6 digit number | No |
| X | 1234klsjdc uiar924c af | sxgnsvuxct.exe | Detected by McAfee as the FAKEALERT-AM TROJAN! See here | No |
| X | 1234klsjdc uiar924c af | sysvtypkbjx.exe | Detected by McAfee as the FAKEALERT-AM TROJAN! See here | No |
| X | 123Monitor | SpywareFreeMonitor.exe | 1-2-3 Spyware Free rogue spyware remover - not recommended, see here | No |
| U | 12Ghosts Backup | 12backup.exe | 12Ghosts Backup - "Automatic Backups, HyperBackup for Multiple Versions, Registry Backup" | No |
| U | 12Ghosts Clip | 12clip.exe | 12Ghosts Clip - "Screen shots made easy" | No |
| U | 12Ghosts JustAWindow | 12window.exe | 12Ghosts JustAWindow - "Cover annoying ads, animated gifs, things you don't want to see" | No |
| U | 12Ghosts Popup-Killer | 12popup.exe | 12Ghosts Popup-Killer | No |
| U | 12Ghosts SaveLayout | 12autosl.exe | 12Ghosts SaveLayout - "Always (always!) keep the layout of your desktop icons" | No |
| U | 12Ghosts SetColor | 12color.exe | 12Ghosts SetColor - "Change your desktop icon text colors, also to transparent" | No |
| U | 12Ghosts ShowTime | 12showtime.exe | 12Ghosts Showtime - "Enhance the clock in your tray with font formatting, colors, date, time zones" | No |
| U | 12Ghosts Synchronize | 12sync.exe | 12Ghosts Synchronize - "Sync PC clock with an atomic clock over the Internet" | No |
| U | 12Ghosts Tower | 12tower.exe | 12Ghosts Tower - "Quickly access and manage all Ghosts (included in all packages)" | No |
| U | 12Ghosts TrayProtect | 12srvc.exe | 12Ghosts TrayProtect - "Hide tray icons, restore after a crash" | No |
| U | 12Ghosts Wash | 12wash.exe | 12Ghosts Wash - "Protect your privacy, clear browser history, delete and overwrite cache files" | No |
| N | 12Voip | 12Voip.exe | 12Voip - free internet telephony utility using the VoIP (Voice over Internet Protocol). Call online friends for free and regular phones either for free (limited use) or low rates. One of a number provided by Betamax - the others generally have different rate plans. Similar to the more popular Skype | No |
| ? | 17779Proj2002 | N/A | ?? | No |
| X | 180adsolution | 180adsolution.exe | NCase adware | No |
| X | 180ax | 180ax.exe | NCase adware | No |
| X | 180ClientStubInstall | stubinstaller****.exe [* = digit] | 180Solutions adware related | No |
| X | 180ClientStubInstall | [path to trojan] | 180Solutions adware related | No |
| X | 180ClientStubInstall | ******.tmp [* = random digit/char] | 180Solutions adware related | No |
| X | 1916435341.exe | 1916435341.exe | Added by the DLOADR-AXU TROJAN! | No |
| X | 196_150_ni | 196_150_ni.exe | WinFixer web installer. Winfixer is "Foistware", pretending to be system optimization, protection and recovery software - stealth installed, see here | No |
| X | 197_150_ni_3 | 197_150_ni_3.exe | WinFixer web installer. Winfixer is "Foistware", pretending to be system optimization, protection and recovery software - stealth installed, see here | No |
| N | 1: | hpdrv.exe | HP utility for monitoring when and how many recoveries have been done | No |
| N | 1A:MacVisionTrayMonitor | TrayMonitor.exe | Comes with the MacVision program for monitoring tray icons (Note : program is by Stardock) | No |
| Y | 1A:Stardock MCP | mcpserver.exe | Master Control Program for Stardock apps, in development. People should leave it running if they're using any of the Stardock applications | No |
| Y | 1A:Stardock TrayMonitor | TrayServer.exe | For monitoring tray icons - if disabled icons will not be displayed in ObjectBar or DesktopX | No |
| ? | 1CmailS | NETMAIL.EXE | ?? | No |
| X | 1on1 | 1on1.exe | Adult content dialler | No |
| U | 1Srv32 | SpyAgent4.exe | SpyTech SpyAgent monitoring software. "Spy software that allows you to monitor EVERYTHING users do on your PC." | No |
| X | 1u7 | 1u7.exe | Added by the MURBAC-A TROJAN! | No |
| U | 1Win32Cfg | SpyBuddy.exe | SpyBuddy keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| U | 1Win32Cfg | Keyloggerpro.exe | Keyloggerpro keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| X | 1WinCfg32 | WebMailSpy.exe | WebMailSpy spyware | No |
| X | 2-suharto | suharto.exe | Added by the BRONTOK-CR WORM! | No |
| X | 2020Downloader | mssvr.exe | 2020Search Toolbar | No |
| X | 2177F056-0AA6-4D6C-A944-13F71F341C29 | sysokuaw.exe | Added by the FAKEALERT-AH TROJAN! | No |
| U | 24Online Client | CyberoamClient.exe | Related to Cyberroam from Elitecore Technologies Ltd | No |
| X | 252 | winmgr.exe | Added by the LEGMIR-AT TROJAN! | No |
| X | 27 | slsorve.exe | Added by the SLSORVE-A TROJAN! | No |
| X | 27 | csrss32.exe | Added by the SLSORVE-D TROJAN! | No |
| X | 27 | msm32.exe | Added by the SLSORVE-E TROJAN! | No |
| X | 2Search | main.exe | 2Search adware | No |
| X | 2thousandbuck | [path to file] | Added by the RANKY.L TROJAN! | No |
| U | 2wSysTray | 2portalmon.exe | 2Wire Homeportal user interface | No |
| X | 3-habibie | habibie.exe | Added by the BRONTOK-CR WORM! | No |
| X | 32-bit Thunking service | thunk32.exe | Added by the DERDERO.A WORM! | No |
| X | 333 | svchost.exe | Added by the JD-A TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This one is located in a "Syswm1i" directory | No |
| Y | 36X Raid Configurer | JMRaidSetup.exe | JMB36x series RAID configuration utility from JMicron Technology for their PCI Express to SATA II and PATA Host Controllers | No |
| X | 388529725448 | AutomaticUpdates.exe | Added by the SDBOT-DEN WORM! | No |
| ? | 39ELTFH25Z8SKF | Ezg1q5.exe | Seems to be associated with software by Resplendence SP ? | No |
| Y | 3c1807pd | 3cmlink.exe 3cpipe-3c1807pd | 3Com WinModem driver. See here for more WinModem information | No |
| Y | 3capplnk | 3capplnk.exe | US Robotics Modem driver | No |
| N | 3cdminic | 3CDMINIC.EXE | 3Com DMI (DynamicAccess Desktop Management Interface) Agent associated with 3Com network cards | No |
| Y | 3CM Link | 3cmcnkw.exe | Required for a US Robotics WinModem as it provides the link to Windows - won't work without it | No |
| Y | 3Cmlink | 3CmlinkW.exe | For a US Robotics WinModem. Provides the link to Windows as the CPU does the processing on WinModems - won't work without it. See here for more WinModem information | No |
| N | 3ComDMIAgent | 3CDMINIC.EXE | 3Com DMI (DynamicAccess Desktop Management Interface) Agent associated with 3Com network cards | No |
| Y | 3cpipe-USRpdA | USRmlnkA.exe | Modem driver files from US Robotics | No |
| X | 3D Text | 3D Text.scr | Added by the JERMY.A WORM! | No |
| U | 3Deep Control Panel | 3DeepCTL.EXE | 3Deep® from E-Color corrects lighting, shading and color for all your 2D and 3D games. Now superseded by 3DxWizzard™ | No |
| X | 3Dfx Acc | GFXACC.EXE | Added by the GIBE WORM! | No |
| N | 3dfx Task Manager | 3dfxMan.exe | System Tray application for 3dfx Voodoo 3/4/5 functions. Available via Start -> Programs | No |
| Y | 3dfx Tools | 3dfxCmn.dll | Updates the registry with information that can't be held for Voodoo 3/4/5 series graphics cards. Important for owners of these cards | No |
| Y | 3dfxv2ps.dll | 3dfxv2ps.dll | Updates the registry with info that can't be held for 3dfx Voodoo 2 video cards. Important for owners of these cards | No |
| ? | 3Dlabs Taskbar Display Manager | 3DLman.exe | 3DLabs graphics driver related. System Tray access to display settings? | No |
| U | 3DLabsHelperDemon | 3dldemon.exe | Directly from the programs author "It is a tiny program that is installed by the Permedia2/3 and probably other Oxygen-series cards. Normally it sits in the background doing nothing at all (sleeping on a semaphore), so it should take zero CPU time and virtually zero memory, since it will all be paged out to the hard drive." In most cases it can be safely disabled | No |
| Y | 3DMouse.EXE | 3DMouse.EXE | Dritek System Inc. 3D Mouse driver | No |
| X | 3d_sound | 3d_sound.exe | Added by the RIADOS-A TROJAN! | No |
| U | 3qdctl.exe | 3qdctl.exe | Provided with Terratec 128i PCI and similar sound cards. Loads a sound profile at bootup, restoring volume and other audio settings to a pre-determined default. Similar to Creative Lab's AudioHQ | No |
| Y | 3ware 3DM | 3dm.exe | Monitors status of the disk array on 3ware IDE RAID controllers | No |
| X | 4-gusdur | gusdur.exe | Added by the BRONTOK-CR WORM! | No |
| X | 456655 | explorer.exe | Added by the BIFROSE-DE TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System% | No |
| X | 4684735485910 | netdll32.exe | Added by the SDBOT-DEV WORM! | No |
| X | 4da92ad5.exe | 4da92ad5.exe | Added by the DLOADR-WZ TROJAN! | No |
| X | 4k51k4 | 4k51k4.exe | Added by the BRONTOK-BH WORM! | No |
| U | 4oD | KHost.exe | Verisign Kontiki Delivery Management System - Windows-based client software that enables secure delivery of content to users' desktops | No |
| X | 4wd!!! | Natal!.pif | Added by the OPASERV.AI WORM! | No |
| X | 5-1-61-96 | members-area.exe | Adult content dialler | No |
| X | 5-2-46-112 | 5-2-46-112.exe | Adult content pop-up dialler. Removal instructions here | No |
| X | 5-megawati | megawati.exe | Added by the BRONTOK-CR WORM! | No |
| X | 55278 | grepclient1.exe | Added by the LINEAGE-S TROJAN! | No |
| X | 5p4m | [path to trojan] | Added by the LITEBOT-C TROJAN! | No |
| X | 5whgue21 | 5whgue21.exe | ClearSearch adware | No |
| X | 6-susilo b | sby.exe | Added by the BRONTOK-CR WORM! | No |
| X | 65438761234587528 | rkgnd.exe | ANG AntiVirus 09 rogue security software - not recommended, removal instructions here | No |
| X | 666 | Ska.exe | Added by the PIPES TROJAN! | No |
| X | 678 | lsas32.exe | Added by the SLSORVE-B TROJAN! | No |
| X | 756349DC-6D9E-4F2A-9B24-269661F073C3 | sysoghcx.exe | Added by the FAKEALERT-AH TROJAN! | No |
| X | 76112549345328287 | angpd.exe | ANG AntiVirus 09 rogue security software - not recommended, removal instructions here | No |
| X | 7f8e | z****.exe 9idf | Detected by NOD32 as the SMALL.ALI TROJAN! Note - it creates a number of extra z****.dll files in the %System% folder | No |
| U | 802.11b+g USB Wireless LAN Utility | ZDWlan.exe | 802.11b+g USB Wireless LAN Utility | No |
| U | 802.11g Wireless Adatper | Monitor.exe | Related to wireless card (802.11) adapter/standard. System Tray icon that provides a shortcut to "Wireless Connection Status" and allows to turn WL on and off. Supplier unknown. Adapter is miss-spelled | No |
| X | 852EBF20-A95D-4F1F-B9C2-B2CD24350F3E | sysodkcs.exe | Added by the FAKEALERT-AH TROJAN! | No |
| X | 98D0CE0C16B1 | rundll32.exe D0CE0C16B1, D0CE0C16B1 | BrowserAid/BrowserPal foistware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| X | 9m | winlog0n.exe | Added by the LEGMIR-AQK TROJAN! | No |
| Y | 9xadiras | 9xadiras.exe | Allied Telesyn AT series router/modem related - apparently required | No |
| X | 9xHtProtect | AVprotect9x.exe | Added by the NETSKY.M WORM! | No |
| X | ;Rundll | [filename] | Added by the PWSLEGMIR.E TROJAN! | No |
| X | ?ekio Startups | ?nksvc32.exe | Added by the AGOBOT-OV WORM where ? is a random character | No |
| X | @ | regedit -s ..win.dll | Added by the SEEKER.K TROJAN! | No |
| X | @ | iexpl0res.exe | Added by the RBOT.AEX WORM! | No |
| X | @ | wincms.exe | Added by the RBOT.CBR WORM! | No |
| N | @Hoc Toolbar | AtHoc.exe | One-click activated browsing toolbar used by various web-sites. See here for more info | No |
| N | @loha | reminder.exe | Registration reminder for @loha@home E-mail utility | No |
| X | @tour_ww | @tour_ww[1].exe | Adult content dialler | No |
| X | a | a.exe | Commercials file that registers itself in the system registry and redirects IE to a certain commercial website | No |
| X | a | jesse.exe | Added by the MELO-A WORM! | No |
| X | A New Windows Updater | w32NTupdt.exe | Added by the MYTOB.BM WORM! | No |
| N | A Note | A Note.exe | "A Note is a program that lets you create post-it like notes on your Microsoft Windows desktop" | No |
| U | A Verizon App | VERIZO~1.EXE | Part of Verizon Online Support Manager | No |
| U | a-squared | a2guard.exe | a-Squared antitrojan - can be run on demand but necessary in Startup if you prefer the a? 'Background Guard' real time protection feature | No |
| Y | a-squared Anti-Dialer | a2adguard.exe | a-sqaured Anti-Dialer | No |
| Y | a-winpoet-service | winpppoverethernet.exe | WinPoET is the industry's first Windows-based PPP over Ethernet client. Developed by iVasion, WinPoET is attractive to equipment providers, modem suppliers, RBOCs and ISPs. For more info read here. It uses dial-up networking for new high-speed internet customers who are more familiar with analogue modems. If unchecked in MSCONFIG it reports Error 360 - Hardware Error in dial-up networking | No |
| U | A1000 Settings Utility | cpqa1000.exe | Compaq A1000 Print Fax All-in-One copy scan printer software. Required in the Startup in order to scan, print, copy and fax. Only required if you use these features | No |
| U | A4Proxy | A4Proxy.exe | Anonymity 4 Proxy - local proxy server that makes you anonymous when visiting web sites | No |
| X | A5118r | _default32142.pif | Added by the BRONTOK-AK WORM and variants! | No |
| X | A5118r | j6321422.exe | Added by the BRONTOK-AK WORM and variants! | No |
| X | A70F6A1D-0195-42a2-934C-D8AC0F7C08EB | rundll32.exe E6F1873B.DLL, D9EBC318C | BrowserAid/BrowserPal foistware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| U | a? | a2guard.exe | a-Squared antitrojan - can be run on demand but necessary in Startup if you prefer the a? 'Background Guard' real time protection feature | No |
| X | aa bbcc dde effgghh jj | update.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| ? | AAACLEAN | AAACLEAN.INF | ?? | No |
| ? | AAAKeyboard | ?? | ?? | No |
| N | AAATraySaver | TraySaver.exe | System Tray management utility from Mike Lin which allows you to hide, show, restore icons that are lost in an Explorer crash, remove dead tray icons, minimize any window to the System Tray | No |
| U | AAK | aak.exe | Advanced Anti-Keylogger - "Anti-spy software to prohibit operation of any keyloggers currently in use or presently being developed anywhere" | No |
| U | aaLDISCN32 | LDISCN32.EXE | LANDesk® Management Suite software component | No |
| U | aaLDTaskCompletion | amclient.EXE | LANDesk® Management Suite software component | No |
| X | AAMSFree702 | Avengine.com | Added by the DELF.LJ TROJAN! | No |
| X | AAMSFree702 | sys.exe | Added by the BACKDOOR-CPC TROJAN! | No |
| X | Aaou | amee.exe | PurityScan/Clickspring adware | No |
| X | Aapp | adprot.exe | AdBlaster adware | No |
| ? | aauclient | ACNUpdater.exe | Appears to be related to software from Accenture.com | No |
| U | AAW | Ad-Aware.exe | Ad-Aware SE Personal from Lavasoft - popular spyware/adware removal tool. Now superseded by Ad-Aware 2008 Free | No |
| U | AAWTray | AAWTray.exe | System Tray access to Ad-aware from Lavasoft - popular spyware/adware removal tool | No |
| ? | ab EazyScheduler | ezsched.exe | ?? | No |
| X | abass | abass.exe | Added by a variant of the Storm/Nuwar/Zhelatin WORM! See here for an example | No |
| N | ABBYY Community Agent | CAGENT.EXE | Installed with the Optical Character Recognition (OCR) software that comes bundled with a Compaq A3000 all-in-one printer/scanner. Its function appears to be to link you to the internet in an attempt to buy the 5.0 version of the software | No |
| U | ABC | keylogger.exe | Keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| X | abcdefgh | abcdefgh.exe | EPJ TROJAN! | No |
| U | ABIT uGuru | uGuru.exe | ABIT ?Guru - on motherboards incorporating the ?Guru processor this provides quick access to "hardware monitoring, overclocking, BIOS flashing and audio tweakin | No |
| N | ABITEQ | abiteq.exe | Monitoring utility for ABIT Motherboards. Displays system voltages, temperatures and fan speeds | No |
| X | Abrada WIN32 | abrada.exe | Added by the DERMON-G TROJAN! | No |
| Y | ABRegmon | ABregmon.exe | Part of the ArcaVir antivirus suite from Polish company Arcabit. What does this part do? | No |
| U | Absolute Shield | dseraser.exe | Absolute Shield Evidence Eliminator - internet history eraser | No |
| U | Absolute StartUp monitor | ASMon.exe | Absolute Startup - startup monitor from F-Group Software | No |
| U | AbsoluteShield Internet Eraser | cseraser.exe | AbsoluteShield Internet Eraser - "protects your privacy by cleaning up all the tracks of your Internet and computer activities" | No |
| X | ABsr | absr.exe | Added by the AUTOUPDER TROJAN! | No |
| X | absr | mwsvm.exe | SeekSeek search hijacker related - see here | No |
| X | abtu | mp3serch.exe | Loads the executable for Lop.com - final version | No |
| X | abtu | lopsearch.exe | Loads the executable for Lop.com - beta version | No |
| U | AbyssWebServer | abyssws.exe | Abyss web server | No |
| X | Ac97Sound | snddrv.exe | Detected by Kaspersky as the VB.AXG TROJAN! See here | No |
| U | AcBtnMgr_X63 | AcBtnMgr_X63.exe | "Lexmark Scan & Copy Control Program" for the Lexmark X63 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc | No |
| U | AcBtnMgr_X63.exe | AcBtnMgr_X63.exe | "Lexmark Scan & Copy Control Program" for the Lexmark X63 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc | No |
| U | AcBtnMgr_X73 | AcBtnMgr_X73.exe | "Lexmark Scan & Copy Control Program" for the Lexmark X73 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc | No |
| U | AcBtnMgr_X83 | AcBtnMgr_X83.exe | "Lexmark Scan & Copy Control Program" for the Lexmark X83 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc | No |
| U | AcBtnMgr_X84-X85 | AcBtnMgr_X84-X85.exe | "Lexmark Scan & Copy Control Program" for the Lexmark X84-X85 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc | No |
| U | acc | acc.exe | Advanced Call Center - "full-featured yet easy-to-use answering machine software for your voice modem" | No |
| X | ACCDEFRAGINFO | [path to worm] | Added by the DARBY-O WORM! | No |
| U | Accelerate | accelerate.exe | Webroot Accelerate - allows you to optimize Windows network registry settings in order to boost surfing speeds. Leave this enabled if you find it improves your connection | No |
| X | Access Control App | winsto.exe | Detected by Kaspersky as the AGENT.DGO TROJAN! See here | No |
| N | Access Ramp Monitor | armon32.exe | Monitors your progress on the internet; hang-ups, connection speeds, internet congestion and traffic flow. It prevents some games from running also. To disable the Access Ramp Monitor (1) Open Windows Explorer (2) Open the Program Files folder (3) Open the MindSpring folder (4) Open the AccessRamp folder (5) Double-click on the ARMCfg32.exe file (6) Uncheck Enable Dialup Monitor and click OK (7) Restart the computer and try again | No |
| X | Access WebControl | [path to file] | Added by the PPDOOR-M TROJAN! | No |
| U | AccessManager | AccessMgr.exe | Part of SmartPipes SecureSite software. "SecureSite enables rapid turnup and enhanced administration of VPNs. It automates and simplifies tasks for VPN design and policy management, access control management, and key management" | No |
| X | AccessMedia P2P Loader | amp2pl.exe | My AccessMedia toolbar related, stealth installed! | No |
| U | AccessoriesPlus | clockplus.exe | Clock Plus, part of Accessories Plus allows you to select from dozens of alternatives for the Windows clock | No |
| N | AccessRamp Monitor01 | ARMon32a.exe | From a visitor "Just wanted to provide you with some info on Access Ramp software installed with Verizon DSL accounts in those areas that use the Winpoet PPPoE software. The Access Ramp TSRs are installed as part of IP Insight software (can't remember the software maker). You can decline to install IP Insight during Winpoet setup, or go into Add/Remove programs uninstall IP Insight by hand if it's already installed. It really doesn't do a darn thing for you. It was intended to help DSL techs monitor QoS, but the backend part was never implemented (at least as of earlier this year). This will not affect the user's ability or inability to access their DSL service." | No |
| N | AccessRampLAN01 | ARUpld32.exe | Version of the AccessRamp Monitor01 entry for LAN connections - a history uploader. The key in turning it off is a file named ARUCfg32.exe. This file (ARUCfg32.exe) does not show up in the startup process. If you have this file, you can execute it and remove all the monitoring activities it does. Removing all the checks in all the boxes (both tabs) still calls ARUpld32.exe to start when you start the dial up. You can block it from sending info if you have Zone Alarm installed. Renaming the extension of ARUCfg32.exe to ARUCfg32.exe1 works. The ARUpld32.exe is not loaded when launching the dial up client. Written by IP Insight and also included with Earthlink Total Access 2003 | No |
| U | AcctMgr | AcctMgr.exe | Norton? Password Manager - part of Norton SystemWorks 2004 - stores passwords and other personal information, and retrieves the data needed for email logins, shopping orders, banking, and other online activities - all from the safety of your own PC | No |
| N | AccuWeather.com® Desktop | AccuWeatherDesktop.exe | Desktop weather from AccuWeather | No |
| N | AccuWeatherDesktopAlerts | AccuWeatherDesktopAlerts.exe | Weather alerts for AccuWeather.com Desktop which "provides you with the most accurate, late-breaking weather conditions for the United States" | No |
| X | accwizz.exe | accwizz.exe | Added by the RULAND.A WORM! | No |
| X | accwizzz.exe | accwizzz.exe | Added by the RULAND.A WORM! | No |
| X | acdllib3 | bcdlmem.exe | Added by the MAILBOT-BA TROJAN! | No |
| N | ACDSee | ACDSee8Pro.exe | ACDSee 8 photo software. Organize, manage, enhance, and share all your valued photo memories | No |
| ? | Ace bows | Ace bows.exe | ?? | No |
| N | AceGain LiveUpdate | LiveUpdate.exe | "AceGain LiveUpdate can help to automate and optimize product updates. AceGain LiveUpdate will automatically detect new patch updates, driver updates or full product updates and automatically download and install them according to user configuration" | No |
| U | Acer ePower Management | Acer ePower Management.exe | Part of Acer Empowering Technology. "Acer ePower Management is a straightforward interface that allows users to select from pre-configured power usage profiles, or to create their own customized profiles" | No |
| N | Acer ePresentation HPD | ePresentation.exe | Allows you to connect your Acer laptop to a projector | No |
| N | Acer Product Registration | ACE1.exe | Acer Product Registration - remove when registration is completed | No |
| N | Acer Tour Reminder | Reminder.exe | Popup reminder to take the tour of your new Acer laptop | No |
| U | AcerGoto | AcerGoto.exe | Acer Computer "Goto Drive" Cold Swap Driver - a swappable second disk drive provides convenient backup of large files, or easy importation of data from user's previous computer | No |
| U | AcerNotebookManager | almxptray.exe | System Tray access on some Acer Notebooks to give faster access to system settings | No |
| U | AcerPowerkey | Powerkey.exe | PowerKey utility for Acer TravelMate notebook PCs. Allows the user to quickly switch between different power schemes by pressing Fn+F3 | No |
| X | Acess2007a | access2007a.exe | Added by the GAOBOT.PQA WORM! | No |
| X | Aceu | [random filename] | PurityScan/Clickspring adware | No |
| Y | acEventServ | acevtsrv.exe | ActivCard Gold from ActivIdentity, Inc. Smart card-based strong authentication software - for photo IDs, proximity badges for facility access and as digital identification and authentication | No |
| U | AClntUsr | AClntUsr.exe | Altiris AClient Service Windows Tray Icon | No |
| N | Acme.PCHButton | pchbutton.exe | Used by HP Instant Support | No |
| U | ACMonitor_X63 | ACMonitor_X63.exe | Button monitor for the Lexmark X63 all-in-one multifunction printer/copier/scanner. Works in conjunction with the "Lexmark Scan & Copy Control Program" button manager whose filename is "AcBtnMgr_X63.exe" | No |
| U | ACMonitor_X63.exe | ACMonitor_X63.exe | Button monitor for the Lexmark X63 all-in-one multifunction printer/copier/scanner. Works in conjunction with the "Lexmark Scan & Copy Control Program" button manager whose filename is "AcBtnMgr_X63.exe" | No |
| U | ACMonitor_X73 | ACMonitor_X73.exe | Button monitor for the Lexmark X73 all-in-one multifunction printer/copier/scanner. Works in conjunction with the "Lexmark Scan & Copy Control Program" button manager whose filename is "AcBtnMgr_X73.exe" | No |
| U | ACMonitor_X83 | ACMonitor_X83.exe | Button monitor for the Lexmark X83 all-in-one multifunction printer/copier/scanner. Works in conjunction with the "Lexmark Scan & Copy Control Program" button manager whose filename is "AcBtnMgr_X83.exe" | No |
| U | ACMonitor_X84-X85 | ACMonitor_X84-X85.exe | Button monitor for the Lexmark X84-X85 all-in-one multifunction printer/copier/scanner. Works in conjunction with the "Lexmark Scan & Copy Control Program" button manager whose filename is "AcBtnMgr_X84-X85.exe" | No |
| X | acocash | fastdown.exe | Adult content dialler | No |
| X | acocash | FASTFOWN.EXE | Adult content dialler | No |
| U | Acombo3dmouse | Acombo3d.exe | Mouse driver - required if you use non-standard Windows driver features | No |
| X | Aconti | aconti.exe | Adult content dialler | No |
| U | acoustic | acoustic.exe | Control panel program for Philips Acoustic Edge soundcard. Not required unless changed settings aren't retained | No |
| N | acpart | agpart11.exe | Program for finding trucks on-line | No |
| X | Acrobat | acrmon32.exe | Added by the SMALL-ECT TROJAN! | No |
| U | Acrobat Assistant *.* | ACROTRAY.EXE | Essential for creating PDF files with Adobe Acrobat and Acrobat Distiller. For Win9x/Me systems you can run this file manually beforehand. For WinXP systems this file must run at startup. Hence the "U" recommendation. *.* represents the version | No |
| X | Acrobat Read | acroup32.exe | Added by the VANBOT-BQ TROJAN! | No |
| N | Acrobat Speed Launch | acrobat_sl.exe | Speeds up the time it takes to load Adobe's Acrobat PDF creation and management tool. From version 7.0 onwards | No |
| U | ACROMOUSE | ACROMAPP.exe | Related to ACROMOUSE Laser mouse control | No |
| U | Acronis Popup Blocker | RunDll32.exe [path] Blocker.dll, Run | Part of Acronis Privacy Expert - anti-spyware and security suite | No |
| U | Acronis Scheduler Helper | schedhlp.exe | Part of Acronis True Image backup software. Co-operates with the "schedul2.exe" service to perform backup/restore tasks correctly. Required if you want to use True Image to do some real backup/restore tasks - not if you only want to explore/mount images | No |
| U | Acronis Scheduler2 Service | schedhlp.exe | Part of Acronis True Image - backup software. Co-operates with the "schedul2.exe" service to perform backup/restore tasks correctly. Required if you want to use True Image to do some real backup/restore tasks - not if you only want to explore/mount images | No |
| U | Acronis True Image | TimounterMonitor.exe | Part of Acronis True Image backup software. Monitor for the backup archive explorer for moving and viewing files within an archive | No |
| N | Acronis True Image Monitor | TrueImageMonitor.exe | Part of Acronis True Image - backup software. Can be disabled without affecting TrueImage | No |
| N | Acronis TrueImage Monitor | TrueImageMonitor.exe | Part of Acronis True Image - backup software. Can be disabled without affecting TrueImage | No |
| N | Acronis*True*Image Monitor | TrueImageMonitor.exe | Part of Acronis True Image - backup software. Can be disabled without affecting TrueImage | No |
| U | AcronisTimounterMonitor | TimounterMonitor.exe | Part of Acronis True Image backup software. Monitor for the backup archive explorer for moving and viewing files within an archive | No |
| N | AcronisTrueImage Monitor | TrueImageMonitor.exe | Part of Acronis True Image - backup software. Can be disabled without affecting TrueImage | No |
| U | Act! Preloader | Act8.exe | Sage Software's ACT! "enables individuals and small business customers to instantly access key contact and customer information, manage and prioritize activities, and track all contact-related communications so you can grow productive business relationships" | No |
| N | Action Manager 32 | am32.exe | Associated with a Plustech scanner. Small utility that runs in the background for doing fax/copy/etc. Available via Start -> Programs | No |
| ? | ActionAgent | actionagent.exe | "A COM server that runs on the client as part of the Dell OpenManage Client Instrumentation 6.x package; provides a simple method for a remote administrator to perform actions on the instrumented client". Is it required? | No |
| N | Activation | Activation.exe | Part of Microsoft Money | No |
| U | Activboard | MMKeybd.exe | Packard Bell ActiveBoard keyboard - multimedia keyboard manager. Required if you use the additional keys and want to see the status of the Num Lock, Caps Lock, Scroll Lock keys | No |
| X | Active Bit Station | abs.exe | Added by the MYTOB.BZ WORM! | No |
| N | Active CPU | acpu.exe | Active CPU - "easy to use tool for Windows 95/98/ME/NT/2000 that enables you to watch a graphical representation of your CPU's activity" | No |
| U | Active Desktop Calendar | ADC.EXE | XemiComputers Active Desktop Calendar | No |
| U | Active Email Monitor | aem25.exe | Active Email Monitor checks multiple accounts for email, serves as a SPAM filter and can also protect you from harmful items that can be sent via email | No |
| U | Active shield | Activeshield.exe | Active Shield is "an heuristic screen that actively protects your computer from trojans, spyware, adware, trackware, dialers, keyloggers, and even some special kinds of viruses" | No |
| X | ActiveDesktop | systray32.exe | Added by the DABOOM WORM! | No |
| X | ACTIVEDS | ACTIVEDS.EXE | Added by the OPASERV.T WORM! | No |
| N | ActiveEyes | ActiveEyes.exe | ActiveEyes from TFI Technology is a small utility that you can use to liven up your desktop. It follows your mouse around and can tell you how far your cursor has travelled or point out where the cursor is. It's small, it's free and comes with a range of options and animations. Not needed - if unavailable via Start -> Programs, create your own shortcut | No |
| U | ActiveKeys.AAB635BD7D054a37A576 | akeys.exe | "Active Keys is a powerful yet easy-to-use tool for creating and managing keyboard shortcuts for any system action" | No |
| U | ActiveMenu | ActiveMenu.exe | Wild Tangent demo games that come with some HP computers. Unchecking it can prevent the games from running occasionally. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case | No |
| U | ActivePlus | activeplus.exe | Interactive Agents Plugin for Messenger Plus! (MSN Messenger add-on) | No |
| X | ActiveScan Antivirus | ActiveScan.exe | Added by the RBOT-FKQ WORM! | No |
| X | ActiveScript32 | nod.exe | Added by the SOHANA-AJ WORM! | No |
| Y | ActiveShield | MCVSSHLD.EXE | McAfee VirusScan On-line. See also the McAgentExe entry | No |
| N | ActiveSpeed | AS.exe | Ascentive ActiveSpeed internet optimizer - not recommended, see here and here | No |
| X | ActiveSync | wcescom32.exe | Added by the MANCSYN-E TROJAN! | No |
| N | ActiveWords | AWMonitor.exe | ActiveWords from ActiveWord Systems, Inc. Like macro programs, ActiveWords sits in the background and watches as you type. When it recognizes that you?ve typed an ActiveWord, it takes the associated action, such as replacing your keystrokes with the text you?ve defined | No |
| X | ActiveX File Registration Service | filereg.exe | Added by the RBOT-DVD WORM! | No |
| X | ActiveX Streamer | msgfix.exe | Added by the SDBOT.NQ WORM! | No |
| X | ActiveXUpdate | svcss.exe | Added by a variant of the DEDLER.C TROJAN! | No |
| U | Activity | actik.exe | ActivityKey keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| N | ActivSurf | backweb*****.exe | Packard Bell ActivSurf - automatically detects an internet connection and downloads any available updates | No |
| U | ActMaker | ActMak25.exe | "ActMaker mouse and keyboard toolkit can record the daily operation of your computer and reduce your workload. You don't need to do any coding, nor are you required to know a lot about the computer" | No |
| U | ActMaker | ActMaker25.exe | ActMaker mouse and keyboard toolkit can record the daily operation of your computer and reduce your workload | No |
| U | ACTray | ACTray.exe | System Tray icon for ThinkVantage Access Connections - "allowing users to seamlessly switch between wired and wireless environments, managing security settings, printers, home page and other location-specific settings automatically" | No |
| U | Actual Window Manager | ActualWindowManagerCenter.exe | Actual Window Manager from Actual Tools - "an innovative desktop organization application which introduces unconventional window controls and also automatic general window operations making your work more productive, convenient and enjoyable" | No |
| U | Actual Window Minimizer | ActualWindowMinimizerCenter.exe | Actual Window Minimizer - "allows minimizing any window to task tray notification area or to the edge of the screen" | No |
| X | ACTX1 | v1201.exe | Added by the VB.IS TROJAN! | No |
| U | ACU | ACU.exe | Atheros wireless Client Utility | No |
| U | ACU_QSB | ACU.exe | Atheros wireless Client Utility | No |
| U | ACWLIcon | ACWLIcon.exe | Related to IBM ThinkVantage Connectivity Solution | No |
| U | Ad Arrest | adarrest.exe | Ad Arrest IE popup killer from GameFools | No |
| U | Ad Blocker | blocker.exe | Ad Blocker - blocks popups, and also removes banners, image ads and flash ads | No |
| U | Ad Blocker Pro | Ad Blocker Pro.exe | Ad Away popup and banner remover | No |
| U | Ad Muncher | AdMunch.exe | Ad Muncher removes adverts, pop-ups and general annoyances in your browser, file-sharing and messenger programs. Causes conflicts with Outlook, game sites and web-building applications | No |
| ? | Ad Online Guide | adonlineguide.exe | ?? | No |
| U | Ad-Aware | Ad-Aware.exe | Ad-Aware from Lavasoft - popular spyware/adware removal tool | No |
| X | Ad-Aware | Ad-Aware.exe | Added by the RBOT-ADJ WORM! Note - this is not the popular Ad-Aware spware/adware removal tool and is located in %System% | No |
| X | Ad-Eliminator | ad-eliminator.exe | Ad-Eliminator spyware remover - not recommended, see here | No |
| U | Ad-Muncher | ADMUNCH.EXE | Ad Muncher removes adverts, pop-ups and general annoyances in your browser, file-sharing and messenger programs. Causes conflicts with Outlook, game sites and web-building applications | No |
| U | Ad-Protect | ad-protect.exe | Ad-Protect spyware and spam monitoring tool | No |
| U | Ad-watch | Ad-watch.exe | Part of Lavasoft Ad-aware Plus - realtime spyware-monitor watching your memory and registry for spyware that tries to install or change your system | No |
| U | AD2KClient | AD2KClient.exe | Executable for Active Disk from Iomega - allows software applications to be run directly from an Iomega Zip® disk. Required if you wish the applications to launch on insertion of a disk | No |
| N | Adaptec DirectCD | Directcd.exe | DirectCD primarily allows you to drag and drop files onto a suitably formatted CD-RW disc. Unless you use this on a frequent basis it isn't required and is available via Start -> Programs. Start the program before inserting a DirectCD formatted CD-RW in the drive. A re-boot is recommended if you close Adaptec DirectCD before re-opening it again later | No |
| N | AdaptecDirectCD | Directcd.exe | DirectCD primarily allows you to drag and drop files onto a suitably formatted CD-RW disc. Unless you use this on a frequent basis it isn't required and is available via Start -> Programs. Start the program before inserting a DirectCD formatted CD-RW in the drive. A re-boot is recommended if you close Adaptec DirectCD before re-opening it again later | No |
| X | AdAware | wini.exe | Added by the RBOT-XN WORM! | No |
| U | Adaware Bootup | Ad-aware.exe | Ad-Aware from Lavasoft - popular spyware/adware removal tool | No |
| X | Adaware lptt01 | adaware.exe | RapidBlaster variant (in a "Adaware" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here. Note - this is not the valid Lavasoft Adaware | No |
| X | Adaware ml097e | adaware.exe | RapidBlaster variant (in a "Adaware" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here. Note - this is not the valid Lavasoft Adaware | No |
| U | AdBin | AdBin.exe | AdBin - "Free and easy solution to managing your Window's hosts file. A fun way to block ads" | No |
| X | Add**.exe [* = random char] | Add**.exe [* = random char] | CoolWebSearch/HomeSearch adware - for examples, see this log | No |
| X | Add**32.exe [* = random char] | Add**32.exe [* = random char] | CoolWebSearch/HomeSearch adware - for examples, see this log | No |
| X | AddClass | AddClass.exe | CoolWebSearch Addclass parasite variant | No |
| X | AddClass | [Installation_Path] | Added by the STARTPAGE.F hijacker | No |
| X | AddClass | [path to trojan] | Added by the SECDL-A TROJAN! | No |
| U | AdDelete | AdDelete.exe | Banner advertisment blocker | No |
| X | AdDestroyer | AdDestroyer.exe | Virtual Bouncer - malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove, so definitely qualifies as unsolicited commercial software in itself. It also has an update feature that can download and execute arbitrary code. Warning - choose "custom" uninstall as "automatic" may remove other programs - see here | No |
| X | ADDITIONAL Services | pkgadd.exe | Added by a variant of the IRCBOT TROJAN! | No |
| ? | addproxy | addproxy.exe | Related to Adobe Photoshop | No |
| ? | ADG | ADG.exe | SoundBlaster Audigy related? | No |
| N | ADGJdet | ADGJDet.exe | Added with SoundBlaster Live! or Audigy soundcards for headphone autodetection | No |
| X | aDir | adirss.exe | Added by the SPAMSRV-E TROJAN! | No |
| Y | Adiras | Adiras.exe | ADSL USB modem related | No |
| X | adirka | adirka.exe | Added by the TIBS-QT TROJAN! | No |
| U | AdKiller | AD Defender.exe | Part of Advanced Spyware Remover anti-spyware tool | No |
| X | adlhidp | psncc32.exe | Detected by Kaspersky as the SLAPER.AI TROJAN! See here | No |
| X | ADM Library Loader | admlib32.exe | Added by a variant of the SDBOT TROJAN! | No |
| X | Admanager Controller | AdManCtl.exe | Adware, probably a Windupdates variant | No |
| X | Admilli Service | AdmilliServ.exe | Windupdates adware variant | No |
| X | Administrator | svchost.scr | Added by the NOVACAL TROJAN! | No |
| X | Administrator | winlogon.exe | Added by the RUBBLE-C WORM! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup! | No |
| X | Administrator di Dago | Dago.exe | Added by the PUNYA-B WORM! | No |
| X | AdminSoft | sysfile.vbs | Added by the STARGRUB-A WORM! | No |
| U | admtray.exe | admtray.exe | Related to Acer Inc. destop tray | No |
| X | Adobe | Adobe.exe | Added by an unidentified VIRUS, WORM or TROJAN! | No |
| X | Adobe | sysconfig.exe | Added by an unidentified WORM or TROJAN! | No |
| X | adobe | gam.exe | Added by an unidentified WORM or TROJAN! | No |
| X | Adobe | sysbat32.exe | Added by the LOWZONES.T TROJAN! | No |
| X | Adobe | zteam.exe | Added by an unidentified TROJAN! | No |
| N | Adobe Acrobat | READER~1.EXE | Speeds up the time it takes to load the Adobe Reader application. Your choice, but not required for Adobe Reader to function properly | No |
| X | Adobe Acrobat Distiller Application | acrotray.exe | Added by the RANDEX.DFJ WORM! | No |
| X | Adobe Acrobat Reader CFG | [random filename] | Added by a variant of the RBOT WORM! | No |
| N | Adobe Acrobat Speed Launcher | acrobat_sl.exe | Speeds up the time it takes to load Adobe's Acrobat PDF creation and management tool. From version 7.0 onwards | No |
| X | Adobe Filter Platform | afilterplatform.exe | Added by the RBOT-OP WORM! | No |
| U | Adobe Gamma Loader | Adobe Gamma Loader.exe | Adjusts monitor colours across all programs, including Photoshop. It is needed by some graphics professionals who want their monitor calibrated. Most home users will not need it. In my case I can verify this as Photoshop loads fine | No |
| N | Adobe Photo Downloader | apdproxy.exe | Part of Adobe's Photoshop Album or Photoshop Elements packages - starts each time you connect an external image device to your PC (see here) | No |
| N | Adobe Reader Speed Launch | Reader_sl.exe | Speeds up the time it takes to load the Adobe Reader application. Your choice, but not required for Adobe Reader to function properly | No |
| N | Adobe Reader Speed Launch | READER~1.EXE | Speeds up the time it takes to load the Adobe Reader application. Your choice, but not required for Adobe Reader to function properly | No |
| N | Adobe Reader Speed Launcher | Reader_sl.exe | Speeds up the time it takes to load the Adobe Reader application. Your choice, but not required for Adobe Reader to function properly | No |
| U | Adobe Reader Synchronizer | AdobeCollabSync.exe | Adobe Synchronizer - installed along with Adobe Reader 8.x. "Synchronizer is a small application that runs in the background, providing synchronization of document reviews and Tracker subscriptions so that your data is available when you need it." See the link for more information | No |
| U | Adobe Version Cue CS2 | VersionCueCS2Tray.exe | File manager that's part of Adobe Creative Suite 2 - "find files fast, track versions across applications, link files together, and share them in creative collaboration without fear of overwriting someone else's work" | No |
| X | AdobeA | adobes.exe | Added by the FLOOD.BA TROJAN! | No |
| X | AdobeFonts | fonts.hta | Browser hijacker - redirecting to Hugesearch.net | No |
| X | AdobeManager | rundtl.exe | Detected by Trend Micro as the INJECT.IB TROJAN! See here | No |
| X | adobemgr | adobemgr.exe | Added by the ADCLICKER TROJAN! | No |
| X | AdobeReader | msni.exe | Added by the RBOT.DAO TROJAN! | No |
| X | AdobeReaderPro | msnxpsp.exe | Added by the RBOT-ASK or RBOT-AUS WORMS! | No |
| X | AdobeReaderPro | ntkernell32.exe | Added by the RBOT-ATY WORM! | No |
| X | AdobeReaderPro | msnserve.exe | Added by the SDBOT-AKH WORM! | No |
| X | AdobeReaderPro | updt.exe | Added by the IRCBOT-VQ WORM! | No |
| X | AdobeReaderProfessional | msx64.exe | Added by the RBOT-GAT WORM! | No |
| X | AdobeReaderPros | sysmsn.exe | Added by the RBOT-BGH WORM! | No |
| N | AdobeUpdater | AdobeUpdater.exe | Automatic updater for Adobe software - run manually | No |
| N | AdobeVersionCue | VersionCueTray.exe | "An exclusive feature of the Adobe? Creative Suite, Version Cue? helps you find files fast, track multiple versions of your files, and share your files for creative collaboration" | No |
| ? | Adobe_ID0EYTHM | VERSIO~2.EXE | Part of an Adobe product. What does it do and is it required? | No |
| X | adodemaster | adodemaster.exe | Downloader of Korean origin, detected as ADOD.28672 | No |
| X | Adope File Manager | lsasv.exe | Added by an unidentified WORM or TROJAN! | No |
| X | adp | adp.exe | Spyware installed by Net2Phone, Limewire, Cydoor, Grokster, KaZaa, etc | No |
| X | AdPopup | dcf5678.exe | Added by the AGENT-FZ TROJAN! | No |
| X | adprot | adprot.exe | AdBlaster adware | No |
| N | ADQuickAccess | Adtray.exe | After Dark for Windows. Screen saver creation program produced before screen savers became integrated into Win95 | No |
| X | ADriver | windrv.exe | Added by the DELF.WG TROJAN! | No |
| X | AdRoarUpdate | ARUpdate.exe | AdRoar adware updater | No |
| X | AdRotator.Application | [path to csrss.exe] | Added by the SMALL-AQ TROJAN! Note - this worm replaces the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! | No |
| X | AdRotator.Application | services.exe | FakeMessage/AdRotator adware. Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in an "Inetsrv" subfolder | No |
| X | ADS Adware Remover | ADS Adware Remover.exe | ADS Adware Remover - not recommended, see here | No |
| X | AdsBlocker | stopAds.exe | AdsBlocker - detected by NOD32 as DIALER.DW! | No |
| U | AdsCleaner | AdsCleaner.exe | "AdsCleaner is a powerful ad blocking software designed to stop ads (block banners ad, kill popup), guard your online privacy" | No |
| U | ADService | ADService.exe | Part of Active Disk from Iomega - allows software applications to be run directly from an Iomega Zip® disk. Required if you wish the applications to launch on insertion of a disk. Appears as a service in XP/Vista and under the "RunServices" registry key in Win98/ME | No |
| U | AdsGone | Adsgone.exe | AdsGone - pop-up stopper | No |
| N | ADSL Diagnostic Tools | mapiicon.exe | System tray access to ADSL modem diagnostic tools. Available via Start -> Programs | No |
| ? | ADSLSYSTEMTRAY | SystemtrayV100B.exe | Apparently Annex A ADSL modem related. What does it do and is it required? | No |
| Y | AdslTaskBar | rundll32.exe stmctrl.dll, TaskBar | ISP software, initializes DSL modem | No |
| X | AdslTaskBars | taskmng.exe | Added by the RBOT-AXZ WORM! | No |
| ? | ADSL_A2 | A2Installed | Associated with an Integrated Telecom Express (ITeX) ADSL driver installation. What does it do and is it required? | No |
| U | aDSProcMngr | aDSProcMngr.exe | Part of PC Tools Disk Suite from PC Tools - which "is an all-in-one hard-disk management utility that integrates disk optimization, defragmentation and backup tools in one easy to use package". Proxy (or agent) for the Disk Suite Service. Based upon my experience, if this is disabled it does not appear to adversely affect on-demand or scheduled tasks but has a "U" recommendation as it's function isn't fully known | Yes |
| Y | ADSS | ADSS.exe | ADSS is part of Access Denied security and privacy software (Access Denied Security Server) that monitors power status and provides some other services for Screen Guard. Important to keep its running while using Access Denied | No |
| X | adstartup | automove.exe | Adlogix adware variant | No |
| X | Adstartup | Adstartup.exe | Adlogix adware | No |
| X | AdStatus Service | AdStatServ.exe | WindUpdates AdStatus Service adware | No |
| U | AdSubtract | adsub.exe | AdSubtract blocks ads, cookies, pop-up windows, animations, music, and more. Can be disabled from within AdSubtract. Available via the Start menu. Superseded by Trend Micro AntiSpyware which was subsequently discontinued | No |
| X | adtech2005 | adtech2005.exe | Detected by Kaspersky as the STARTPAGE.AW TROJAN! | No |
| X | adtech2006 | adtech2006.exe | Detected by Kaspersky as the VB.KC WORM! | No |
| X | Adtools Service | AdTools.exe | Windupdates Adware | No |
| ? | ADU | adu.exe | Related to Cisco Aironet wireless products. What does it do and is it required? | No |
| X | AdultX | AdultX.exe | Adult content dialler and hijacker | No |
| X | Adult_Chat | Adult_Chat.exe | Adult content dialler | No |
| X | Adult_Chat1 | Adult_Chat1.exe | Adult content dialler | No |
| X | AdUpdater | sysupudt.exe | Unidentified adware downloader/updater | No |
| U | ADUserMon | ADUserMon.exe | Part of Active Disk from Iomega - allows software applications to be run directly from an Iomega Zip® disk. Required if you wish the applications to launch on insertion of a disk | No |
| X | Advanced DHTML Enable | exo32.exe | Added by the RANCK-FI TROJAN! | No |
| X | Advanced DHTML Enable | [path to trojan] | Added by the AGENT.GLQ TROJAN! | No |
| X | Advanced Internet Protocol | cerf.exe | Added by a variant of the SPYBOT WORM! | No |
| X | Advanced Protection System | advpsys.exe | Added by a variant of the RBOT WORM! | No |
| X | Advanced Spyware Remover | Asr.exe | Advanced Spyware Remover rogue spyware remover - not recommended, see here | No |
| X | Advanced Spyware Remover Pro | Asr.exe | Advanced Spyware Remover rogue spyware remover - not recommended, see here | No |
| U | Advanced SystemCare 3 | AWC.exe | Advanced SystemCare from IObit - "helps protect, optimize, clean, and repair your computer and Registry." The PRO version adds automation, anti-spyware, privacy protection and performance tune-ups | No |
| X | Advanced Tool Checks | advchks.exe | Added by a variant of the RBOT WORM! | No |
| N | Advanced Tools Check | ADVCHK.EXE | Checks when you install a new version of a Norton product that you have uninstalled all previous versions. Serves as a reminder if you forget | No |
| U | Advanced Uninstaller PRO Installation Monitor | monitor.exe | Innovative Solutions Advanced Uninstaller PRO - "easy-to-use suite for uninstalling applications and keeping your computer fast, clean, and in its best shape" | No |
| X | AdvancedCleaner Free | UADC.exe | AdvancedCleaner misleading security software - not recommended, see here | No |
| X | AdVantage | AdVantage.exe | MediaAdVantage adware | No |
| X | advap32 | [path to trojan] | Added by the MUTANT.AT TROJAN! | No |
| X | Advapi | Advapi.exe | Added by the NETDEVIL.12 WORM! | No |
| N | ADVCHK | ADVCHK.EXE | Checks when you install a new version of a Norton product that you have uninstalled all previous versions. Serves as a reminder if you forget | No |
| U | Advertising Killer | Akiller.exe | Advertising Killer - popup stopper | No |
| X | advmon32 | advmon32.exe | Added by a variant of the CRYPTER.C TROJAN! | No |
| U | Adware Agent | adware agent.exe | Adware Agent popup blocker | No |
| X | Adware Spy | AdwareSpy.exe | Adware Spy adware remover - not recommended, see here | No |
| U | AdwareAlert | AdwareAlert.Exe | Adware program, previously not recommended (see here). It has now been delisted, so make sure you have the latest version | No |
| X | AdwareDelete | adwaredelete.exe | AdwareDelete adware remover - not recommended, see here | No |
| X | AdwareKiller_schedules | schedules.exe | EAdwareKiller spyware remover - not recommended, see here | No |
| X | AdwareKiller_tray | tray.exe | EAdwareKiller spyware remover - not recommended, see here | No |
| X | AdwareProMFC | Ad-Ware Pro.exe | Ad-Ware Pro rogue security software - not recommended, see here | No |
| X | AdwareProMFC | AntiTrojan Pro.exe | AntiTrojan Pro rogue security software - not recommended. Variant of Ad-Ware Pro | No |
| X | AdwareRemover2007 | AdwareRemover2007.exe | AdwareRemover2007 spyware remover - not recommended, see here | No |
| ? | Aeiwlsta.exe | Aeiwlsta.exe | IBM High Rate Wireless LAN Adapter driver. Is it required? | No |
| N | AELaunch | AELaunch.exe | Audio Applications Launcher for the Philips Acoustic Edge soundcard | No |
| X | AERVICESN | AERVICESN.exe | Added by the RANDON-AO WORM! | No |
| N | AeXAgentLogon | AeXAgentActivate.exe | Altiris Agent transmits information about your machine for the purpose of asset management and deployment | No |
| ? | AeXSWDUsr | AeXSWDUsr.exe | Altiris Express NS Client Manager software. Is it required? | No |
| U | AEZBProc | aptezbp.exe | IBM Aptiva keyboard customizer - enables certain special buttons on keyboard for CD operation, volume control, and few quickstart buttons. Keyboard will work without it but you lose the special functions | No |
| U | AFAFilter | windefault.exe | AFAFilter - internet filter software | No |
| X | afskfask8 | fsfjasj8.exe | Added by the ONLINEG-L TROJAN! | No |
| N | AGEIA PhysX SysTray | TrayIcon.exe | System Tray access to display properties for AGEIA PhysX graphics cards. Unless you change your desktop resolution, etc, regularily use Control Panel -> Display Properties or right-click on the desktop | No |
| N | Agent | Agent.exe | Cyberlink's Power VCR II 3.0 is a TV tuner recording utility. If you want to schedule recordings you'll need this, otherwise can be disabled. Available via Start -> Programs | No |
| X | Agent | alsys.exe | Added by the DREF-V VIRUS! | No |
| X | agent | ppl.exe | Added by the DREF-U VIRUS! | No |
| X | Agent Browser | [random filename] | Added by the PPdoor.M-bdr backdoor TROJAN! | No |
| X | Agent Explorer | [random filename] | Unidentified adware | No |
| X | agent.exe | agent.exe | Privacy Components rogue security suite - not recommended, removal instructions here | No |
| ? | Agente | Remupd.exe | Part of an older version of Panda Antivirus. Is this an update reminder (guess because of the name), virus definition update reminder or something similar? | No |
| X | agentsvr | agentsvr.exe | Detected by Kaspersky as Monker.A adware. Note - do not confuse with the Microsoft Agent Server application of the same name as described here - the legitimate file will always be located in the Windows\Msagent folder | No |
| U | AgfaCLnk | AgfaCLnk.exe | For Agfa digital cameras connected via USB. Enables Windows to access the contents of the memory stick (while the stick's still on the camera) via a virtual drive | No |
| X | agp | agp32.exe | Added by the GAOBOT.SY WORM! | No |
| Y | AGRSMMSG | AGRSMMSG.exe | IBM AMR modem driver | No |
| N | AGSatellite | AGSatellite.exe | Program from AudioGalaxy that lets you download some MP3s from their server. Available via Start -> Programs | No |
| U | ahfp | ahfp.exe | Advanced Hide Folders - "is powerful file security program. It allows to hide folders or hide files. Advanced Hide Folders is very useful to keep your personal data away from others. Others will not know where your personal files exist and they will not be able to accidentally view, delete or modify them either" | No |
| U | ahfprog | ahfp.exe | Advanced Hide Folders - "is powerful file security program. It allows to hide folders or hide files. Advanced Hide Folders is very useful to keep your personal data away from others. Others will not know where your personal files exist and they will not be able to accidentally view, delete or modify them either" | No |
| Y | AHNSD | AhnSD.exe | AhnLab V3 antivirus updater - leave enabled unless you manually update on a regular basis | No |
| ? | AHNUE | AHNUE.exe | ?? | No |
| X | ahost | ahost.exe | Added by a variant of the SDBOT WORM! | No |
| N | AHQInit | ahqinit.exe | Part of AudioHQ for the Soundblaster Live!. Appears as though it makes the AudioHW toolbar drop down from the top of the desktop and isn't required | No |
| X | Ahst | iebs.exe | PurityScan/Clickspring adware | No |
| X | AHU | [path to worm] | Added by the ANACON-B WORM! | No |
| X | AHU | ANACON.EXE | Added by the NACO.A WORM! | No |
| X | ahui32.exe | ahui32.exe | Added by the CERTIF-M TROJAN! | No |
| U | Ai Nap | AiNap.exe | Part of the "Ai Suite" utility supplied with some Asus motherboards. "With AI Nap, users can instantly snooze your PC without terminating the tasks. System will continue operating at minimum power and noise when user is temporarily away" | No |
| U | Ai Quicker Help | AsRc.exe | ASUS DH Remote media portal launcher for their Digital Home range of motherboards that are designed for users to control the computer at a distance away, such as the M2N DH. "ASUS DH Remote is a convenient PC remote controller that gives users unprecedented control over their PCs from the comfort of their couches" | No |
| X | Aica | tuaa.exe | PurityScan/Clickspring adware | No |
| X | Aida | ttuh.exe | PurityScan/Clickspring adware | No |
| X | Aida | eetu.exe | PurityScan/Clickspring adware | No |
| ? | AidemHotKey | DVMAIN.EXE | Keyboard related | No |
| ? | AidemHotKey | KEYAPP.EXE | Keyboard related | No |
| U | aiepk | aiepk2.exe | Another IE Popup Killer - pop-up stopper | No |
| N | AIM | aim.exe | AOL Instant Messenger. If connected to the internet, automatically runs up AIM. Convenience more than anything. Available via Start -> Programs | No |
| U | AIM | AIM+.exe | AIM plus - a free add-on to AOL's Instant Messenger for Windows from Big-O Software | No |
| X | AIM Instant Message Cookies | [random filename] | Added by the RBOT-AFV WORM! | No |
| N | AIM Logger | AIMLogger.exe | AIM Logger - saves AIM (AOL Instant Messenger) conversations to log files. Can be started when you are using AIM | No |
| X | Aim Plugin | aimplugin.exe | Added by the GUAP-F WORM! | No |
| X | AIM reminder | AIM reminder.exe | Added by the BUDDY.E TROJAN! | No |
| N | Aim6 | AOLLaunch.exe | AOL Instant Messenger - start it when you want to use it | No |
| N | Aim6 | aim6.exe | AOL Instant Messenger - start it when you want to use it | No |
| X | AIM95 Startup | aim95.exe | Added by the AGOBOT.AEE WORM! | No |
| X | aimaol lptt01 | aimaol.exe | RapidBlaster variant (in a "Aimaol" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here | No |
| X | aimaol ml097e | aimaol.exe | RapidBlaster variant (in a "Aimaol" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here | No |
| U | aimb.exe" -h | aimb.exe | IMSufSentinel is a spy program which can record IM conversations, log keystrokes, record URLs visited, and take screenshots. If you didn't install this yourself remove it | No |
| N | AimingClick | AimingClick.exe | AimingClick from AimingTech. Web searching tool. Available via Start -> Programs | No |
| U | AIMPro | aimpro.exe | AIM Pro - secure instant messaging, video conferencing, on-line meetings and desktop and file sharing | No |
| N | AIMster | ?? | Peer to Peer (P2P) file sharing client that runs over the AOL Instant Messenger network. Available via Start -> Programs | No |
| N | AIMWDInstall | AIMWDInstall.exe | Version of the WildTangent on-line games installer that came with versions of AOL Instant Messenger. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case | No |
| Y | Aiptek Graphics Tablet (USB) | atwtusb.exe | USB interface for Aiptek Graphics Tablet (USB) | No |
| X | aircity | aircity.exe | Related to "Prutect" malware from e2Give | No |
| U | AirPort Base Station Agent | APAgent.exe | Airport Base Station Agent utility for Apple's AirPort wi-fi basestations. "Wireless solution for home, school, and business. As it blankets your space with a blazing-fast, secure wireless network, it opens up a world of possibilities for home entertainment, backups, printing, and more" | No |
| U | AJC Active Backup | AJCActBk.exe | AJC Active Backup from AJC Software - "Instantly backup files you change on your PC and keep multiple versions to undo" | No |
| X | AKEYNAME | WinServ.exe | Added by the EVILBOT.C TROJAN! | No |
| U | akeys | akeys.exe | "Active Keys is a powerful yet easy-to-use tool for creating and managing keyboard shortcuts for any system action" | No |
| X | akgkagaksad9 | fsakfask9.exe | Added by the ONLINEG-M TROJAN! | No |
| U | AKiller | akiller.exe | Advertising Killer - popup stopper | No |
| U | ala.exe | ala.exe | Access Lock is a system-tray security utility you can use to secure your desktop when you are away from your computer | No |
| U | Alarm Manager | Alarmapp.exe | Palm alarm event reminder that coordinates what is on your Palm with settings on your desktop | No |
| ? | AlarmWatcher | AlarmWatcher.exe | Associated with SynTPEnh and SynTPLpr which are from Synaptics for touchpads on laptops. What does it do and is it required? | No |
| N | Album Fast Start | ABMTSR.EXE | Scanner software, not required for scanner to work | No |
| ? | AlcFDMonitor | ALCFDRTM.EXE | RealTek related - Real-Time SPDIF-in Monitor for nVidia chipset - is it required in startup? | No |
| ? | ALCFDRTM16 | ALCFDRTM16.com | RealTek related - Real-Time SPDIF-in Monitor for nVidia chipset - is it required in startup? | No |
| X | Alchem | Alchem.exe | ClickAlchemy adware | No |
| U | Alcmtr | Alcmtr.exe | Installed with hardware drivers for a Realtek AC97 audio device. It's believed that Realtek uses this file in order to data about the customer. Some users report problems with their on-board sound if this is disabled - hence the "U" recommendation | No |
| X | Alcmtr | Malware Doctor.exe | MalwareDoc rogue security software - not recommended, removal instructions here | No |
| U | Alcohol | Alcohol.exe | Alcohol 120% - CD/DVD emulation/writing/copying software | No |
| U | Alcohol Autorun | Alcohol.exe | Alcohol 120% - CD/DVD emulation/writing/copying software | No |
| U | AlcoholAutomount | axcmd.exe | Alcohol 120% is a powerful Windows application that makes it easy to create backups of DVDs* and CDs. In addition, the program lets you store your most used CDs as images on your computer, so you can call them up at the click of a button. This part automounts images disc images | No |
| ? | Alcom PCL Capture | FMW_PCAP.EXE | ?? | No |
| N | AlcWzrd | ALCWZRD.EXE | RealTek High Definition audio driver related - detects new devices when plugged in, then pops up a dialog box. If everything works as expected you should be able to disable this one | No |
| U | AlcxMonitor | Alcxmntr.exe | Installed with hardware drivers for a Realtek AC97 audio device. It's believed that Realtek uses this file in order to gather data about the customer. Some users report problems with their on-board sound if this is disabled - hence the "U" recommendation | No |
| X | aldefr ere service | tay0x.exe | Added by the RBOT-XS WORM! | No |
| X | alerter | alerter.exe | MAHA.F spyware | No |
| X | Alevir | Alevir.exe | Added by the OPASERV-A WORM! | No |
| X | AlevirOld | [worm filename] | Added by the OPASERV WORM! | No |
| N | Alexa | alexa.exe | Related to Alexa. Note - collects and stores information about the web pages you view, the data you enter in online forms and search programs and, with versions 5.0 and higher, the products you purchase online whilst using the toolbar. Although Alexa state's they do not attempt to analyze the data it may collect about you to determine who you are, some of your information collected by the software is personally identifiable. Please read the Privacy Policy. Not Recommended | No |
| X | AlexaToolbar | alt.exe | Detected by Ewido Security Suite as the DELF.EB hijacker! | No |
| X | AlfaCleaner | AlfaCleaner.exe | AlphaCleaner is now a stealth install using exploits on unpatched systems. Seen alongside RazeSpyware | No |
| U | AlfaClock Classic | AlfaClock.exe | AlfaClock Free Edition from AlfaSoft Research Labs - "enhances your taskbar clock (tray clock) with fully customizable clock display, alarms, time synchronization and more" | No |
| U | AlfaClock2 | AlfaClock2.exe | AlfaClock2 from AlfaSoft Research Labs -"enhances your tray clock functionality. Of course, you can customize the look, adjusting fonts, colors, backgrounds and more. But, the main goal of this program is to extend your tray clock functionality" | No |
| ? | ALFY Accellerator | AlfyAC~1.exe | ?? | No |
| X | ALG.EXE | iexplorer .exe | Added by the DEMOTRY-B WORM! | No |
| X | ALG32 | ALG32.EXE | Added by the STARTPAGE.K hijacker | No |
| X | algchk.exe | algchk.exe | Detected by Kaspersky as the VB.ATE TROJAN! | No |
| X | ALGU | ALGU.EXE | Added by the CWS-I TROJAN! | No |
| X | ALGU.exe | ALGU.exe | Added by the STARTPAGE.O TROJAN! | No |
| U | ALi5289 | ALi5289.exe | Related to Uli Integrated Drivers from Uli Electronics Inc | No |
| N | Alias SketchBook Snapshot | ALIASS~2.EXE | Screen-capture utility for Alias Sketchbook | No |
| N | AlienAutopsy | Test_BS.exe | Alienware computer technical support software | No |
| Y | ALiSndMgr | ALiSndMg.exe | ALi AC97 Sound driver | No |
| ? | AliUSBfix | GREENMK.exe | May be realted to a USB 2.0 PCI card - the IOgear GIC220OU? | No |
| X | Alive SYstem | scchost.exe | Added by the TOFDROP-B TROJAN! | No |
| X | Alive SYstem | scchostc.exe | Added by the TOFDROP-B TROJAN! | No |
| X | alkasr | ?????.exe | Added by the BALKART TROJAN! | No |
| U | All Aboard Status | stswin.exe | All Aboard! Internet Connection Sharing status icon | No |
| X | All Sea screen saver | TaskTray.exe | Free screensaver, installs lots of foistware - remove it | No |
| X | All Sea web link | FWLink.exe | Free screensaver, installs lots of foistware - remove it | No |
| N | AllerCalc | AllerCalc.exe | AllerCalc is an expression calculator which allows you to directly enter an expression to be evaluated. Can be started manually | No |
| X | Allopassw | [path to trojan] | Added by the RANKY.CU TROJAN! | No |
| U | AllSeeingEye | ase.exe | All-Seeing_Eye security software - "monitors everything that takes place on your computer, and alerts the user as soon as anything suspicious or out-of-the-ordinary is happening, providing the user with alternatives for possible actions" | No |
| U | allSnap | allSnap.exe | "allSnap is a small system tray app that makes all top level windows automatically align like they do in programs such as Winamp or Photoshop" | No |
| U | AllToTray | ALLTOTRAY.EXE | AlltoTray from DNTSoft - minimize any program to your System Tray | No |
| X | Alogrithm Link Queue | alq.exe | Added by a variant of the SDBOT WORM! | No |
| U | Alogserv | Alogserv.exe | From McAfee VirusScan for logging scanning activities. In some cases, if left running it can cause CPU % usage to go between 5-95% or go to and stay at 100%. Disabling it impacts on the reported last scan date. It is reported to cause jerky graphics response in many games. As of version 6, this is a critical component of McAfee and disabling it can cause a PC to lock up | No |
| U | ALPass | ALPass.exe | ALPass password manager | No |
| X | alpha | svchost.exe | Added by a variant of the DELF.IT TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! | No |
| Y | Alps Electric USB Server | Monserv.exe | Alps Electric USB Server - required according to this article | No |
| U | AlpsPoint | Apoint.exe | Touchpad software for laptop PC's. For instance it is found on the Panasonic and Sony Vaio machines and allows part of the touchpad to be used for document or Web-page scrolling. Required for proper functioning of the pointing software but not required for the laptop to work | No |
| ? | ALServ | ALServ.exe | Altec Lansing AMS speaker related. What does it do and is it required? | No |
| X | Altnet | points manager.exe | Altnet TopSearch adware | No |
| X | AltnetPointsManager | points manager.exe | Altnet TopSearch adware | No |
| U | AltoMB_service | AltoMBsrv.exe | Alto Memory Booster from Alto Software - boost the computers performance via more intelligent and efficient memory management. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mind | No |
| U | ALTOOLS | AccessL.exe | ALTools family of PC utilities | No |
| X | AltPayments | AltPayments.exe | WeirdOnTheWeb adware | No |
| N | ALU Scheduler Service | ALUSchedulerSvc.exe | Symantec LiveUpdate scheduler for programs such as Norton AV or Internet Security | No |
| U | ALUAlert | ALUNotify.exe | Notification reminder for Symantec's LiveUpdate. Leave enabled unless you manually run LiveUpdate on a regular basis | No |
| N | Aluria Security Center | SecurityCenter.exe | Aluria Software's spyware removal tool - we can't really recommend this product as Aluria have recently partnered with WhenU, the well known adware company, see here | No |
| U | Aluria's Pop-Up Stopper | eps.exe | Aluria Pop-Stopper | No |
| N | Aluria's Spyware Eliminator | ASE.exe | Aluria Software's spyware removal tool - we can't really recommend this product as Aluria have recently partnered with WhenU, the well known adware company, see here | No |
| U | AlwaysOnTopMaker | AlwaysOnTopMaker.exe | Always On Top Maker - utilty to enable an application to always be displayed "on top" of others on the desktop | No |
| N | AlwaysReady Power Message APP | ARPWRMSG.EXE | Related to HP and Compaq Desktop PCs. Read this article | No |
| X | AmazingTens | AmazingTens.exe | Premium rate adult content dialler | No |
| U | AMD PowerNow! | GemBack.exe | AMD PowerNow! - "an innovative solution available on all AMD mobile processor-based notebooks that can effectively increase notebook battery life, while delivering performance on demand" | No |
| Y | amd_dc_opt | amd_dc_opt.exe | AMD Dual-Core Optimizer - "can help improve some PC gaming video performance by compensating for those applications that bypass the Windows API for timing by directly using the RDTSC (Read Time Stamp Counter) instruction" | No |
| N | America Online *.* Tray Icon | aoltray.exe | Puts AOL icon in System Tray (*.* denotes version if present). Connect to AOL via the desktop shortcut or Start -> Programs | No |
| N | AME_CSA | rundll32 amecsa.cpl, RUN_DLL | Loads ADSL modem Control Panel applet | No |
| U | AModemLockDown | ModemLockDown.exe | ModemLockDown - allows you to supervise internet access by disabling the modem, protects againt dialers accessing dial-up connections, etc | No |
| Y | Amon | AMON.EXE | Monitoring part of Eset's NOD32 virus-scanner | No |
| Y | Amonitor | amon.exe | Tiny Personal Firewall | No |
| U | AMP WinOFF | winoff.exe | WinOFF is " a utility designed to shut down Windows computers automatically, in a fully configurable way" | No |
| U | AMSG | Amsg.exe | Part of the IBM ThinkVantage Productivity Center. "The Message Center sends automatic notification on ThinkVantage Technologies integrated with your system. Once you're online" | No |
| X | amsgupdate | ams.exe | Added by a variant of the MAILBOT TROJAN! | No |
| N | AMSN | amsn.exe | aMSN Messenger is a multiplatform MSN messenger clone | No |
| X | amsn | amsn.exe | Added by the BANKER-BNZ TROJAN! | No |
| X | amva | amvo.exe | Added by the SILLYFDC-BR WORM! | No |
| N | Anapod Manager | anamgr.exe | Anapod Explorer from Red Chair Software "is the most advanced Windows iPod® software available, offering iPod® management through full Windows Explorer integration under My Computer" | No |
| X | anbv32 | nabv32.exe | Added by the TITOG.C WORM! | No |
| X | angeleyes | msdll.exe | Detected by Kaspersky as the VB.PI TROJAN! See here | No |
| Y | ANIWZCS2Service | WZCSLDR2.exe | ALPHA Networks wireless driver | No |
| ? | ANIWZCSService | WZCSLDR.exe | D-Link wireless PCI adapter related. In some cases reported to cause excessive CPU activity | No |
| ? | AnnotateCheck | AnnCheck.exe | Genius Wizard Pen Tablet driver related. Is it required? | No |
| N | Announcements | Annclist.exe | MS WebTV for Windows. Used to display TV on your PC via a compatible video card with in-built tuner (such as ATI All-In-Wonder). If you don't use it - uninstall it | No |
| N | Anntext | Anntext.exe | Caere Pagekeeper text annotation server | No |
| U | AnonymityGateway | Anonymity Gateway.exe | Anonymity Gateway - privacy protection tool that conceals IP address preventing your surfing habits and your internet activity form being tracked by websites or Internet Service Providers | No |
| U | Anonymizer Total Net Shield | AnonTns.exe | Anonymizer Total Net Shield - ID protection and privacy software | No |
| Y | ANONYMIZER_SPYWAREKILLER | SpyWareKiller.exe | Anonymizer Spyware Killer, which was superseeded by Anti-Spyware but is now discontinued | No |
| Y | ANONYMIZER_SPYWAREKILLER | AnonAntiSpyware.exe | Anonymizer Anti-Spyware - now discontinued | No |
| U | Another Internet Explorer Popup Killer | aiepk2.exe | Another IE Popup Killer - pop-up stopper | No |
| X | ansjava | [path to worm] | Added by the RANDON-AN WORM! | No |
| X | Anskya | PYSKY.NET.exe | Added by the DLOADER-MW TROJAN! | No |
| X | Answer Problem | dSAFsqs.exe | Added by the SDBOT-SC WORM! | No |
| U | AnswerTool | AnswerTool.exe | AnswerTool - save your E-mail replies in AnswerTool, then reuse them again and again | No |
| X | Anti | Isass.exe | Added by the BROPIA.K WORM! | No |
| X | Anti Spam Service | spamsvc.exe | Added by the MYTOB-BK WORM! | No |
| N | Anti-Blaxx Manager | Anti-Blaxx.exe | Anti-Blaxx - bypass blacklistings from different copy protections bypassing methods like virtual CD or DVD drives | No |
| U | Anti-keylogger check | antikey.exe | Anti-keylogger - protects against keylogger programs monitoring your keystrokes | No |
| U | Anti-Trojan-Watch | ATWatch.exe | Anti-Trojan Watch - trojan detector | No |
| X | Anti-Virus | vpms.exe | Added by a variant of the SLAPER TROJAN! | No |
| X | Anti-Virus | [random filename].exe | Added by the CAPROBAD-A TROJAN! | No |
| X | Anti-Virus Product Sync | [unprintable character][3 characters]log.exe | Added by the KEDEBE.D WORM! | No |
| X | Anti-Virus Update Scheduler | [path to trojan] | Added by the SPAMMIT-A TROJAN! | No |
| X | Anti-Virus Update Scheduler | winsp3.exe | Malware - detected by Kaspersky as the AGENT.FP TROJAN! | No |
| X | Anti-Virus Update Scheduler V1.39.12R | [path to trojan] | Added by the HEPLANE or STAPREW.B TROJANS! - different filenames have been spotted; examples: msvc.exe, kaspersky.exe, nrton.exe, wins.exe, gah32.exe, 1.tmp, syste.exe, alg.exe, socks.exe, winxpsp2.exe, tek9.exe, sks.exe, hihi.exe, s.exe, xps2.exe, dns2.exe, ikav32.exe and more... | No |
| X | AntiClicker | SVCHST32.EXE | Added by the CBH TROJAN! | No |
| U | antidialer.co.uk | Dialer_Watcher.exe | Dialer_Watcher is an application that allows you to detect dialers on your computer | No |
| Y | AntiFreeze | AntiFreeze.exe | AntiFreeze from Resplendence Software Projects - "offers a last recourse when you find your computer in a hung state". If your system has hung and AntiFreeze is running, a hotkey combination will suspend all but critical processes and allow you to save or recover your work | Yes |
| X | antihost | ahr.exe | Added by the BANCBAN-QJ TROJAN! | No |
| X | AntiMalwareGuard | amg.exe | AntiMalwareGuard rogue spyware remover - not recommended, see here | No |
| X | AntiMalwareSuite | AMS.exe | AntiMalwareSuite rogue security software - not recommended, removal instructions here | No |
| U | AntiPopUp | AntiPopUp.exe | AntiPopUp for IE - pop-up stopper | No |
| X | antispy | ANTIVIR.exe | IE AntiVirus rogue security software - not recommended, see here | No |
| X | antispy | ANTIVIRUS.exe | IE AntiVirus rogue security software - not recommended, see here | No |
| X | antispy | ieav.exe | IE AntiVirus rogue security software - not recommended, see here | No |
| X | antispy | scan.exe | IE AntiVirus rogue security software - not recommended, see here | No |
| X | AntiSpy2008 | AntiSpy2008.exe | Antispy 2008 rogue spyware remover - not recommended, removal instructions here | No |
| X | AntiSpyCheck | AntiSpyCheck.exe | AntiSpyCheck rogue spyware remover - not recommended, removal instructions here | No |
| X | AntiSpyCheck 2.1 | AntiSpyCheck 2.1.exe | AntiSpyCheck rogue spyware remover - not recommended, removal instructions here | No |
| X | AntiSpyCheck 2.1.0 | AntiSpyCheck.exe | AntiSpyCheck rogue spyware remover - not recommended, removal instructions here | No |
| X | AntiSpyKit *.* | AntiSpyKit *.*.exe | EAdwareKiller spyware remover, where *.* represents the version number - not recommended, see here | No |
| X | AntispyStorm | AntispyStorm.exe | AntiSpyStorm misleading security software - not recommended, see here | No |
| X | AntiSpyware | Antispyware.exe | AntiSpywareApp spyware remover - not recommended, see here | No |
| X | AntiSpyware Pro | AntiSpyware Pro.exe | AntiSpyware Pro 2009 rogue spyware remover - not recommended, removal instructions here | No |
| X | Antispyware PRO XP | asproxp.exe | AntiSpyware Pro XP rogue spyware remover - not recommended, removal instructions here | No |
| Y | AntiSpyWare2Guard | AntiSpyWare2Guard.exe | Part of Ashampoo® AntiSpyWare 2 from Ashampoo GmbH & Co. KG. This part is the realtime monitor that looks for changes on the users system such as BHO, Winsock LSPs, Windows Hosts file, Autostart entries, etc | Yes |
| X | AntiSpyware3000.exe | antispyware.exe | AntiSpyware 3000 rogue spyware remover - not recommended, removal instructions here | No |
| X | AntiSpywareBot | AntiSpywareBot.exe | AntiSpywareBot spyware remover - not recommended, see here | No |
| X | AntiSpywareExpert | ase.exe | AntiSpywareExpert rogue spyware remover - not recommended, see here | No |
| X | AntiSpywareGuard | asg.exe | AntiSpywareGuard rogue spyware remover - not recommended, removal instructions here | No |
| X | AntiSpywareMaster | asm.exe | AntiSpywareMaster spyware remover - not recommended, see here | No |
| X | AntiSpywareShield | AntiSpywareShield.exe | AntiSpywareShield spyware remover - not recommended, see here | No |
| X | AntiSpywareXP 2009 | AntiSpywareXP2009.exe | AntiSpywareXP 2009 rogue spyware remover - not recommended, removal instructions here | No |
| X | AntiVerminser | AntiVerminser.exe | AntiVerminser spyware remover - not recommended, see here | No |
| X | antiviirus | antiviirus.exe | Added by a variant of the AGENT.KEU TROJAN! | No |
| X | Antivir | svchst.exe | Added by the RAGRUK-A TROJAN! | No |
| X | AntiVir | scvhost.exe | Added by the AGENT-DSF TROJAN! | No |
| X | AntiVir | winlog.exe | Added by the IRCBOT-TJ TROJAN! | No |
| X | AntiVir | smss.exe | Added by the DWNLDR-GWE TROJAN! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %ProgramFiles% | No |
| Y | AntiVir XP | AVwin.exe | AntiVir® PersonalEdition Classic - antivirus | No |
| X | Antivir64 | Antivir64.exe | Antivir64 rogue security software - not recommended, see here | No |
| X | AntiVirGear *.* | AntiVirGear *.*.exe | AntiVirGear misleading security software, where *.* represents the version number - not recommended, see here | No |
| X | Antivirus | av.exe | Added by the SINKIN TROJAN! Resets IE start page to realphx.com | No |
| X | Antivirus | maja.exe | Added by the NETSKY.H WORM! | No |
| X | Antivirus | iexpl0res.exe | Added by an unidentified WORM or TROJAN! | No |
| X | AntiVirus | kaspery.exe | Added by a variant of the RBOT WORM! | No |
| X | AntiVirus | AntiVirus.exe | Added by the BANKER-EHB TROJAN! | No |
| X | Antivirus | antvrs.exe | Antivirus 2008 rogue security software - not recommended, see here | No |
| X | Antivirus | avm.exe | Antivirus Master rogue security software - not recommended, see | No |
| X | Antivirus | vav.exe | Vista Antivirus 2008 rogue security software - not recommended, see here | No |
| X | Antivirus | aav.exe | Advanced Antivirus rogue security software - not recommended, removal instructions here | No |
| X | ANTIVIRUS | AVS.exe | Antivirus Sentry rogue security software - not recommended, removal instructions here | No |
| X | ANTIVIRUS | microAV.exe | Micro Antivirus 2009 rogue security software - not recommended, removal instructions here | No |
| X | Antivirus | MSA.exe | MS Antivirus rogue security software - not recommended, removal instructions here | No |
| X | ANTIVIRUS | UltraAV.exe | Ultra Antivirus 2009 rogue security software - not recommended, removal instructions here | No |
| X | Antivirus | xpa.exe | Xpert Antivirus Enterprise rogue security software - not recommended, removal instructions here | No |
| X | Antivirus 2009 plus | Antivirus 2009 plus.exe | AntiVirus Plus rogue security software - not recommended, removal instructions here | No |
| X | Antivirus Installer | [path to trojan] | Added by the BADGENT-A TROJAN! | No |
| X | Antivirus Pro 2009 | AntivirusPro2009.exe | AntiVirus Plus rogue security software - not recommended, removal instructions here | No |
| X | AntiVirus Process | virprot.exe | Added by a variant of the SDBOT WORM! | No |
| X | Antivirus Protection Services | ccapp2.exe | Added by the RBOT.EXI WORM! | No |
| X | AntiVirus Update | updates.exe | Added by the RBOT-JF WORM! | No |
| X | AntiVirus Update | antivirus.exe | Added by the RBOT-IF WORM! | No |
| X | Antivirus-2008.exe | Antivirus-2008.exe | Antivirus 2008 rogue security software - not recommended. Detected by Sophos as the FAKEAV-BK TROJAN! | No |
| X | antivirus-2008pro.exe | antivirus-2008pro.exe | Antivirus 2008 PRO rogue security software - not recommended. Detected by Sophos as the FAKEAV-AW TROJAN! | No |
| X | Antivirus-Golden | Antivirus-Golden.exe | Antivirus-Golden misleading security software - not recommended, see here | No |
| X | Antivirus2008y | antvrs.exe | Antivirus 2008 rogue security software - not recommended, see here | No |
| X | antivirus32 | antivirus.exe | Added by the SPYBOT.KAI WORM! | No |
| X | AntivirusGold | AntivirusGold.exe | AntivirusGold malware | No |
| X | AntiVirusLab2009 | AntiVirusLab2009.exe | WinDefender 2009 rogue security software - not recommended, removal instructions here | No |
| X | AntiVirusPro | AntiVirusPro.exe | AntiVirusPro misleading security software - not recommended, see here | No |
| X | AntiVirusProMFC | Antivirus Pro.exe | AntiVirusPro misleading security software - not recommended, see here | No |
| ? | AntiVirusProtection | qumk.exe | ?? | No |
| X | AntivirusXP.exe | AntivirusXP.exe | Antivirus XP Pro rogue security software - not recommended, removal instructions here | No |
| X | AntiVituS | Base.exe | Added by the BAS.A WORM! | No |
| X | antiware | elite***32.exe [*** = random char] | Added by the DLOADER-HW TROJAN! | No |
| U | AntiWindowsMessenger | AntiMsMsg.exe | Anti-Windows_Messenger is a small application that prevents Windows Messenger from remaining resident in memory | No |
| X | anti_troj | anti_troj.exe | Added by the LODEAR.D TROJAN! | No |
| Y | AnVir | AnVir.exe | AnVir Task Manager - protects computer against viruses and manages running processes and startup files | No |
| Y | AnVir Task Manager | AnVir.exe | AnVir Task Manager - protects computer against viruses and manages running processes and startup files | No |
| U | anvshell | anvshell.exe | System Tray tool for ASUS video cards. If disabled you lose all the ASUS specific video card options in Control Panel -> Display Properties -> Advanced as well as the System Tray shortcuts toolbar | No |
| X | AnvTrgr | AnvTrgr.exe | AntivirusTrigger rogue security software - not recommended, removal instructions here | No |
| U | Any To-Do List | anytodo.exe | Any To-Do List "the ultimate software solution to keep yourself organized and reminded" | No |
| ? | anycom bluetooth | ftflauncher.exe | Associated with an Anycom bluetooth wireless card. What does it do and is it required? | No |
| U | AnyDVD | AnyDVD.exe | AnyDVD - descrambles DVD-Movies automatically in the background and the DVD appears unprotected and region code free. Also removes prohibited operations from the DVD such as skipping adverts - hence the "U" recommendation | No |
| U | AnyDVD | AnyDVDtray.exe | System Tray access to AnyDVD from SlySoft - which descrambles DVD-Movies automatically in the background and the DVD appears unprotected and region code free. Also removes prohibited operations from the DVD such as skipping adverts | No |
| U | AnyTime | Atw.exe | AnyTime Organizer Deluxe from Individual Software Inc - "all the tools you need to organize your calendar, to-do list, and address book are combined in a familiar interface with hundreds of printable calendars, detailed expense reports, and a full range of programmable alarms" | No |
| U | AnyTime Organizer | AtDem.exe | AnyTime Organizer Deluxe from Individual Software Inc - "all the tools you need to organize your calendar, to-do list, and address book are combined in a familiar interface with hundreds of printable calendars, detailed expense reports, and a full range of programmable alarms" | No |
| U | AnyTime Organizer | Atw.exe | AnyTime Organizer Deluxe from Individual Software Inc - "all the tools you need to organize your calendar, to-do list, and address book are combined in a familiar interface with hundreds of printable calendars, detailed expense reports, and a full range of programmable alarms" | No |
| N | AO Tray | AOTray.Exe | System Tray application for AOpen soundcards. Can be run manually via Start -> Settings -> Control Panel | No |
| Y | aol | avp.exe | AOL's Active Virus Shield (by Kaspersky) - found in an AOLActive Virus Shield sub-directory | No |
| X | AOL 9.0 Optimized | AOLClient.exe | Added by the SPYBOTER.A TROJAN! | No |
| U | AOL Broadband Check-Up | matcli.exe | "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". The AOL Self Support Tool is required to run with the Help and Support program. If you uncheck AOL and and then run Help and Support it will add another AOL entry in the startup menu. If you remove this software in "add/remove programs" some help menus in help and support will not be available. You decide | No |
| N | AOL Companion | companion.exe | Part of the AOL Connection Suite and installs an icon on the system tray offering easy access to AOL's additional utilities and functions. This program is a non-essential process, and is installed for ease of use | No |
| X | Aol Configuration Loader | aimsng.exe | Added by the SDBOT-XE WORM! | No |
| ? | AOL Fast Start | AOL.exe | AOL ISP software related. What does it do and is it required? | No |
| X | AOL Instant Messanger | aim.exe | Added by the SDBOT-YT WORM! Note - this is not the popular AOL Instant Messenger utility | No |
| X | AOL Instant Messengar | aol.exe | Added by the AGOBOT-FN WORM! | No |
| X | AOL Instant Messenger | AlM.EXE | Added by unidentified malware. Note - there ia a lower case "L" between the A and M in the filename | No |
| X | Aol Instant Messenger | aolmsg.exe | Added by the KELVIR.AL WORM! | No |
| X | AOL Instant Messenger | aimsgr.exe | Added by the IRCBOT.N TROJAN! | No |
| X | AOL Instant Messenger 7.213 | aim9283.exe | Added by the SDBOT-ZF WORM! | No |
| X | Aol Instant Messenger Fix | aolfix.exe | Added by the SDBOT-ABJ WORM! | No |
| X | AOL Messenger | [random filename] | Added by an unidentified VIRUS, WORM or TROJAN! | No |
| X | AOL Messenger | aolmsngr.exe | Added by the SDBOT-JF WORM! | No |
| X | AOL Messenger Optimized | AOLOpt.exe | Added by the AOLOPT TROJAN! | No |
| X | AOL Services Hosts | aolserviceshosts.exe | Added by an unidentified WORM or TROJAN! | No |
| U | AOL Spyware Protection | AOLSP Scheduler.exe | AOL's spyware protection program | No |
| U | AOL TopSpeedMonitor | aoltsmon.exe | AOL's TopSpeed web acceleration technology supposedly helps to make web browsing faster. Most important for those users who still access AOL via dial-up | No |
| Y | AolAcsDaemon1 | Acsd.exe | AOL Connectivity Service - starts an automatic function that restores the connection should you lose it while online. Negates having to go through the procedure of signing back on manually | No |
| Y | AolAcsDaemon1 | AOLACSD.EXE | AOL Connectivity Service - starts an automatic function that restores the connection should you lose it while online. Negates having to go through the procedure of signing back on manually | No |
| ? | AOLCC | ACCAgnt.exe | AOL ISP software related, file located in a "AOL Computer Check-Up" folder. What does it do and is it required? | No |
| X | AolCon | config.com | Added by the TAPLAK WORM! | No |
| N | AOLDialer | AOLDial.exe | AOL ISP software dialer - can be activated through a desktop shortcut | No |
| N | AolFix | AolFix.exe | Run on Gateway Astra computers, and maybe a few others. Designed to repair a bad registry key in Gateway computers that would not allow AOL to run correctly. Not seen much any more and should only run once | No |
| X | AOLRegKey32 | AOREGSVR512.EXE | Unidentified malware - see here | No |
| ? | AOLSAV | AOLAgent.exe | AOL ISP related. What does it do and is it required? | No |
| X | AOLStart | AOLStart.exe | Added by the KRAIMER.12 TROJAN! | No |
| X | aolupdater.exe | aolupdater.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | Aornum | aornum.exe | Installed along with iWon Prize Machine. Based upon their privacy statement this can be regarded as spyware | No |
| N | AOTray | AOTray.Exe | System Tray application for AOpen soundcards. Can be run manually via Start -> Settings -> Control Panel | No |
| X | aouei | sysrtmvs.exe | Chivio dialer | No |
| Y | APC UPS Status | Display.exe | APC PowerChute® Personal Edition status icon | No |
| U | APC_SERVICE | mainserv.exe | APC PowerChute® Personal Edition - "safe system shutdown software with sophisticated power management functions." Appears as a service in XP/Vista and under the "RunServices" registry key in Win98 | No |
| Y | apc_tray | apc_tray.exe | Part of the APC UPS software loaded with the BACK-UPS CS 350 unit. Required to monitor the APC unit in case of power failure | No |
| X | APD123 | APD123.exe | PacerD Media/Pacimedia.com adware | No |
| X | Api**.exe [* = random char] | Api**.exe [* = random char] | CoolWebSearch/HomeSearch adware - for examples, see this log | No |
| X | Api**32.exe [* = random char] | Api**32.exe [* = random char] | CoolWebSearch/HomeSearch adware - for examples, see this log | No |
| X | API32 | api32.exe | Added by the IRCBOT-B TROJAN! | No |
| X | APIClass | lexplore_.exe | Added by the MSNOPT-A TROJAN! | No |
| X | APIMon | apimonx.exe | Added by the TIBSER.A downloader TROJAN! | No |
| X | APIMon | winapix.exe | Added by a variant of the TIBSER.A downloader TROJAN! | No |
| X | APIMon | msreg.exe | Added by the DROPPER.Z TROJAN! | No |
| X | apisvc.exe | apisvc.exe | Added by a variant of the LAMEBOT TROJAN! | No |
| U | APL | APL.exe | Sage Software's ACT! The application pre-loader (apl.exe) is a self contained executable that pre-loads the necessary .NET framework and ACT! 2005 assemblies. This pre-loading of assemblies enhances ACT! startup, view load and dialog load times in some areas of the application | No |
| ? | Apmsrv9x | APMSRV9X.EXE | Intel AnyPoint Wireless II Home Network related. Now discontinued. What does it do and is it required? | No |
| U | Apoint | Apoint.exe | Touchpad software for laptop PC's. For instance it is found on the Panasonic and Sony Vaio machines and allows part of the touchpad to be used for document or Web-page scrolling. Required for proper functioning of the pointing software but not required for the laptop to work | No |
| X | App**32.exe [* = random char] | App**32.exe [* = random char] | CoolWebSearch/HomeSearch adware - for examples, see this log | No |
| X | App.EXEName | [path to worm].exe | Added by the BODIRU WORM! | No |
| U | Appcon | vAppCon.exe | Vital Application Console - part of POS-partner 2000 point-of-sale software from Vital. This is the taskbar icon and is enabled at startup by the "Auto-start when OS starts" option. Required for a connection to be established | No |
| X | appconn | appconn.exe | Added by the CARGAO WORM! | No |
| U | AppExtender | AppExtCB.exe | Loads the Confimax add-in for popular E-mail programs to confirm E-mails have been sent and received | No |
| X | appis.exe | appis.exe | Added by the AGENT-BC TROJAN! | No |
| N | AppleSyncNotifier | AppleSyncNotifier.exe | From WinPatrol PLUS by BillP Studios - "This file installs with iTunes and is used when syncing your iPhone, iTouch, iPod, etc." See here for more information | No |
| X | AppletINIT | INITIATE.EXE | Added by the AGOBOT.XV TROJAN! | No |
| Y | Application | mdmsetsp.exe | Aztech Labs modem driver | No |
| X | Application Adapter | abvsvc.exe | Added by the CHECKOUT WORM! See here | No |
| U | Application Explorer | Naldesk.exe | Novell Zenworks Application Explorer Executable. "For almost all users the Novell ZENworks agent (either Application Launcher or Application Explorer) will be run via the user's login script on each successful login. ZENworks is used to periodically deliver software updates and is also used to install the remote management components." | No |
| U | Application Explorer | NalView.exe | Application Explorer - file manager type access to Novell Application Launcher for installing and updating network residing applications | No |
| N | Application Launcher | Application Launcher.exe | System Tray accesss to Sony Ericsson PC Suite which "connects your phone to your computer and expands the capabilities of your phone". Start manually via the Start Menu (or optional desktop shortcut) before connecting the phone | Yes |
| X | Application Layer Browser | abgsvc.exe | Added by the ULPM.FX TROJAN! | No |
| X | Application Layer Browser | apnsvc.exe | Added by the CHECKOUT WORM! See here | No |
| X | Application Layer Gateway Service | algs.exe | Added by the LINKBOT.M WORM! | No |
| X | Application Layer Scheduler | agtsvc.exe | Detected by PCTools as the IRCBOT.BJJ TROJAN! See here | No |
| X | Application Layer Services | avrsvc.exe | Detected by PCTools as the IRCBOT.BJM TROJAN! See here | No |
| X | Application Manager | acnsvc.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | ApplicationProtocolRun | smsbvl32.exe | Added by the IRCBOT-CX TROJAN! | No |
| U | AppPlus | AppPlus.exe | AppPlus - "menu bar or tray launcher that docks to your desktop, floats or sits in your System Tray. Create graphic/text-based buttons that launch any number of programs, Websites, e-mail addresses or folders (which open in the AppPlus Menu System)" | No |
| Y | Apvxd | APVXDWIN.EXE | Part of Panda Antivirus and Internet Security. Required to enable permanent virus protection | No |
| Y | Apvxdwin | APVXDWIN.EXE | Part of Panda Antivirus and Internet Security. Required to enable permanent virus protection | No |
| Y | APVXDWIN | ClShield.exe | "Panda ClientShield with TruPrevent is designed for companies that want the best protection for their workstations. It protects against viruses and other known and unknown threats including spam, spyware, dangerous or time-wasting content, phishing scams, hackers and intruders" | No |
| Y | Apwheel | Apwheel.exe | Wheel support for an Alps mouse | No |
| X | apyginapygin | simenu.exe | Added by the SDBOT.BTR WORM! | No |
| U | AQ3HelperStartUp | AQ3HEL~1.EXE | ScreenScenes "Aquatica Water Worlds" screensaver. The freeware version comes with GAIN branded ads (pop-ups and others). ScreenScenes do however offer you the option of doing away with the ads by purchasing the screensaver for a whopping $30. Please note that Claria Corporation no longer support GAIN-Supported software - see here | No |
| X | aqadcup.exe | aqadcup.exe | Added by the AGENT.BG WORM! | No |
| Y | Aqua Dock | Aqua Dock.exe | Aqua Dock - 'free program that allows you to have an "OS X" style, nice animated launchbar/taskbar on your screen that reacts to your mouse when you mouse over it. Users can customize the look of each item on the dock and set various animation options for when the mouse is over an item on the dock. It is very easy to configure' | No |
| X | Aqujyjax | [path to file] | Added by the RANCK-CQ TROJAN! | No |
| X | Aqujyjax | aqujyjax.exe | Added by the SDBOT-YC WORM! | No |
| X | ara-key | [random filename] | Added by the ANTINNY WORM! | No |
| ? | ArabLionZ Drive | ArabLionZ.Drive.exe | ArabLionZ Drive - part of ArabLionZ XP Tools. What does it do and is it required? | No |
| Y | ArcaCheck | ArcaCheck.exe | Part of the ArcaVir antivirus suite from Polish company Arcabit. What does this part do? | No |
| X | arcaderockstar | arcaderockstar32.exe | Arcade Rockstar (now Gamevance) - free arcade games and prize tournaments. The program itself is clean, but the TOS and privacy statement say that you agree to allow the program to track/report your surfing and put popup advertising on your computer | No |
| X | Archive | archive.exe | Adware - detected by Kaspersky as the CENTIM.A TROJAN! | No |
| X | ARCHIVE CONTROL | fixupdattr.exe | Added by the MYTOB.GU WORM! | No |
| N | ARCSolo Recovery | N/A | Backup software by Computer Associates - no longer supported | No |
| U | Ardamax Keylogger | akl.exe | Ardakey keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| N | ares | ares.exe | "Ares is a free open source file sharing program that enables users to share any digital file including images, audio, video, software, documents, etc" | No |
| N | areslite | AresLite.exe | "Ares is a free open source file sharing program that enables users to share any digital file including images, audio, video, software, documents, etc" | No |
| U | Argentum Backup | ab.exe | Argentum Backup - a small backup program that lets you easily back up your documents and folders | No |
| X | Aritima | aritima.exe | Added by the ARITIM WORM! | No |
| U | ARMOR2NET | Armor2net.exe | Related to Armor2net personal firewall (possibly contains or is related to a product known as ArmorWall - which is a known rogue, see here - hence the "U" recommendation) | No |
| X | aromis | aromis.exe | Added by the NUWAR.JQ WORM! | No |
| N | AROReminder | aro.exe | Advanced Registry Optimizer - "scan, identify, clean and repair errors in your Windows registry with a single click". Reminder that states that you are in trial mode | No |
| U | Arovax AntiSpyware | arovaxantispyware.exe | Part of Arovax AntiSpyware from Arovax, LLC - that offers an "innovating, powerful, speedy and extremely easy to use Spyware protection program". Runs a system scan when Windows starts and adds a System Tray icon | Yes |
| Y | Arovax Shield | ArovaxShield.exe | Part of Arovax Shield from Arovax, LLC - that "detects and notifies you about all major online threats trying to penetrate your system, isolates & blocks them". Runs the main program in the background and adds a System Tray icon | Yes |
| U | arovaxantispyware | arovaxantispyware.exe | Part of Arovax AntiSpyware from Arovax, LLC - that offers an "innovating, powerful, speedy and extremely easy to use Spyware protection program". Runs a system scan when Windows starts and adds a System Tray icon | Yes |
| Y | ArovaxShield | ArovaxShield.exe | Part of Arovax Shield from Arovax, LLC - that "detects and notifies you about all major online threats trying to penetrate your system, isolates & blocks them". Runs the main program in the background and adds a System Tray icon | Yes |
| N | ARPWRMSG | ARPWRMSG.EXE | Related to HP and Compaq Desktop PCs. Read this article | No |
| U | Artera | arteraui.exe | Artera Turbo Internet Accelerator - "surf faster, boost download speed". Only required if you find it helps improve your performance | No |
| ? | AS00 Gear511 | Gear511.exe | Software for Netgear wireless network cards. Unknown whether it is required for the wireless card to run but does not seem to be a resource hog. Not required for laptop to run if the wireless network card will not be used. Is it at all required? | No |
| N | AS00_Gear511 | Gear511.exe | Netgear wireless LAN configuration utility | No |
| U | AS00_WN511B | WN511B.exe | Netgear RangeMax NEXT wireless adapter configuration utility | No |
| ? | AS00_WPN511 | WPN511.exe | NetgearRev MFC Application - software for Netgear wireless network cards - what does it do and is it required in startup? | No |
| X | ASC-AntiSpyware | WinCleaner.exe | WinCleaner 2009 rogue spyware remover - not recommended, removal instructions here | No |
| X | ASC-AntiSpyware | WinCleaner.exe | WinCleaner 2009 rogue security software - not recommended, removal instructions here | No |
| X | ASC-AntiSpyware | WinAntivirus.exe | Win Antivirus Vista/XP rogue security software - not recommended, removal instructions here | No |
| X | asc32 | asc 2.1.exe | AntiSpyCheck rogue spyware remover - not recommended, removal instructions here | No |
| X | ASDPLUGIN | dsldbaccess.exe | AsdPlug premium rate adult content dialer | No |
| X | ASDPLUGIN | canada.exe | AsdPlug premium rate adult content dialer | No |
| X | ASDPLUGIN | france.exe | AsdPlug premium rate adult content dialer | No |
| X | ASDPLUGIN | fullgames.exe | AsdPlug premium rate adult content dialer | No |
| X | ASDPLUGIN | 100171be.exe | AsdPlug premium rate adult content dialer | No |
| X | ASDPLUGIN | 100176br.exe | AsdPlug premium rate adult content dialer | No |
| X | ASDPLUGIN | adult1.exe | AsdPlug premium rate adult content dialer | No |
| X | ASDPLUGIN | Austria.exe | AsdPlug premium rate adult content dialer | No |
| X | ASDPLUGIN | belgium_nm.exe | AsdPlug premium rate adult content dialer | No |
| X | ASDPLUGIN | czech.exe | AsdPlug premium rate adult content dialer | No |
| X | ASDPLUGIN | dbaccess.exe | AsdPlug premium rate adult content dialer | No |
| X | ASDPLUGIN | dslgeaccess.exe | AsdPlug premium rate adult content dialer | No |
| X | ASDPLUGIN | Finland.exe | AsdPlug premium rate adult content dialer | No |
| X | ASDPLUGIN | geaccess.exe | AsdPlug premium rate adult content dialer | No |
| X | ASDPLUGIN | mexico.exe | AsdPlug premium rate adult content dialer | No |
| X | ASDPLUGIN | netherlands.exe | AsdPlug premium rate adult content dialer | No |
| X | ASDPLUGIN | turkey.exe | AsdPlug premium rate adult content dialer | No |
| X | ASDPLUGIN | uk_nm.exe | AsdPlug premium rate adult content dialer | No |
| X | ASDPLUGIN | Xadult1.exe | AsdPlug premium rate adult content dialer | No |
| X | ASDPLUGIN | temp532.exe | AsdPlug premium rate adult content dialer | No |
| X | asdsaxcxz13 | dasxcsx13.exe | Added by the LEGMIR-ARF TROJAN! | No |
| X | asdx | xwinrpc32.exe | Added by the AGOBOT.VO WORM! | No |
| N | ASE Scheduler | ASE Scheduler.exe | Aluria Software's spyware removal tool - we can't really recommend this product as Aluria have recently partnered with WhenU, the well known adware company, see here and here | No |
| Y | Ashampoo AntiSpyWare 2 | AntiSpyWare2Guard.exe | Part of Ashampoo® AntiSpyWare 2 from Ashampoo GmbH & Co. KG. This part is the realtime monitor that looks for changes on the users system such as BHO, Winsock LSPs, Windows Hosts file, Autostart entries, etc | Yes |
| Y | Ashampoo AntiSpyWare 2 Guard | AntiSpyWare2Guard.exe | Part of Ashampoo® AntiSpyWare 2 from Ashampoo GmbH & Co. KG. This part is the realtime monitor that looks for changes on the users system such as BHO, Winsock LSPs, Windows Hosts file, Autostart entries, etc | Yes |
| Y | Ashampoo FireWall | FireWall.exe | Ashampoo FireWall Free version | No |
| Y | Ashampoo FireWall PRO | FireWall.exe | Ashampoo FireWall PRO version | No |
| U | Ashampoo PopUpBlocker | PopUpKiller.exe | Ashampoo popup blocker, part of Magical Security (was Privacy Protector Plus) | No |
| Y | ashAvast | ashAvast.exe | Part of Avast antivirus | No |
| Y | ashDisp | ashDisp.exe | System Tray access to and notifications for avast! Antivirus - giving left-click access to the On-Access Scanner, right-click access to other options and event notifications | No |
| X | ashDsp.exe | ashDsp.exe | Added by a variant of the SDBOT WORM! | No |
| X | ASHLT | Ashlt.exe | Ashlt adware | No |
| Y | ashMaiSv | ashmaisv.exe | Part of Avast! anti-virus software - E-mail scanner | No |
| X | Asicfc | icfca.exe | Added by the AGENT.AAJE WORM! | No |
| U | AsioReg | regsvr32.exe ctasio.dll | ASIO (Audio Stream In/Out) drivers for the SoundBlaster Audigy 2 series soundcards - for recording and home project studios. Required if you use this functionality | No |
| U | AsioThk32Reg | rregsvr32.exe ctasio.dll | ASIO (Audio Stream In/Out) drivers for the SoundBlaster Audigy 2 series soundcards - for recording and home project studios. Required if you use this functionality | No |
| U | ASK | rundll32.exe [path] ASK.dll rdl | Stealth Keylogger keystroke logger/monitoring program - remove unless you installed it yourself! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| X | asl | Aslru.exe | Added by the BANCOS-CU TROJAN! | No |
| U | ASM | ASMonitor.exe | Active Security Monitor from AOL - helps you determine how vulnerable your PC is to computer viruses, spyware and other dangers and learn what steps you can take to improve your protection | No |
| U | Asmw Soft Popups Burner | popups burner.exe | Popup blocker, part of Asmw Soft PC Optimizer | No |
| X | asnconsole | msasn.exe | Added by the RBOT.EVU TROJAN! | No |
| X | ASocksrv | SocksA.exe | Added by the VB.CBW WORM! | No |
| X | asp-srvc | asp-srvc.exe | Added by the AGOBOT-KG WORM! | No |
| X | ASP.NET State Service | csrss.exe | Added by the DLOADER-QI TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | ASP.NET State Service | crsass.exe | Added by the BANLOAD-M TROJAN! | No |
| X | ASP.NET State Service | servicos..exe | Added by the DADOBRA-I TROJAN! | No |
| N | asp4tray | asp4tray.exe | System Tray application for Aureal Vortex based soundcards. Can be run manually via Start -> Settings -> Control Panel | No |
| Y | AspireTimeMachine | acertmb.exe | System recovery software supplied with some Acer notebook PCs. Similar to GoBack and the restore program in WinXP, allowing you to restore a PC back to a working state with minimal re-entry | No |
| X | ASpyC | ASpyC.exe | AntiSpyCheck rogue spyware remover - not recommended, removal instructions here | No |
| X | asrupdate.exe | asrupdate.exe | Added by the VB.ATZ TROJAN! | No |
| X | assistse | ASSISTSE.EXE | CnsMin (Chinese Keywords) hijacker related | No |
| X | AST | AST | Added by the VB.AH TROJAN! | No |
| X | AST | AST.exe | AutoStarter parasite | No |
| U | ASTART | astart.exe | ASUS TweakEnable - restores manually changed settings for ASUS based video cards such as overclocking. Only required if you use non-standard settings | No |
| X | AStart | AStart | Added by the VB.AH TROJAN! | No |
| N | asTray | Astray.exe | Voyetra Audio Station - part of Voyetra's Ultimate MP3 & CD Manager. MP3 and digital music jukebox/organizer | No |
| N | Astro | Astro.exe | Checks for updates to Quicken on a system reboot | No |
| X | Astrum | Astrum.exe | Astrum Antivirus Pro rogue security software - not recommended, removal instructions here | No |
| ? | ASUS Camera ScreenSaver | ASScrProlog.exe | Either a valid program on some ASUS laptops - such as the F3 and F5 series or unsafe, according to PREVX and InCode Solutions. Can any ASUS owners with this file confirm? File is located in %Windir% | No |
| N | ASUS Live Update | ALU.exe | ASUS Live Update utility for their motherboards | No |
| N | ASUS Probe | AsusProb.exe | ASUS video card fan/thermal monitor - only required if you overclock your card or live in a hot area | No |
| ? | ASUS Screen Saver Protector | ASScrPro.exe | Either a valid program on some ASUS laptops - such as the F3 and F5 series or unsafe, according to PREVX and InCode Solutions. Can any ASUS owners with this file confirm? File is located in %Windir% | No |
| U | ASUS SmartDoctor | VGAProbe.exe | ASUS video card fan/thermal monitor | No |
| U | ASUS TweakEnable | astart.exe | ASUS TweakEnable - restores manually changed settings for ASUS based video cards such as overclocking. Only required if you use non-standard settings | No |
| N | ASUSGamerOSD | GamerOSD.exe | GamerOSD by ASUSTek - for "real-time overclocking, benchmarking and video capturing in any PC game." Free for ASUS graphics cards, 30-day trial for non-ASUS graphics cards | No |
| N | ASUSKey | V38SHELL.EXE | System tray Icon for quickly changing video modes | No |
| U | asustweakenable | ATweak.exe | ASUS TweakEnable - restores manually changed settings for ASUS based video cards such as overclocking. Only required if you use non-standard settings | No |
| N | ASWDP | ASWDP.exe | MLS Pulse - real estate software. Keeps the home buyer/seller continually informed on the status of his/her local/regional real estate market | No |
| X | ASWnk | aswnk.exe | Adult content dialler | No |
| U | AT&T Self Support Tool | matcli.exe | AT&T Resolution Assistant. "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, state, etc and gets written to a log file". Resolution Assistant is required to run with the Help and Support program. If you uncheck Resolution Assistant and and then run Help and Support it will add another Resolution Assistant in the startup menu. If you remove the Resolution Assistant in the add/remove program some help menus in help and support will not be available. You decide | No |
| U | AT-Watch | ATWatch.exe | Anti-Trojan Watch - trojan detector | No |
| X | atapidrv | atapidrv.exe | Added by the AGOBOT-SL WORM! | No |
| U | atchk | atchk.exe | AMT Status Message from Intel. Users can manage this, read the article. See here for more information on Intel AMT | No |
| U | Athan | Athan.exe | Athan - an application that calculates and reminds the five daily Islamic prayer times for anywhere in the world | No |
| X | ATI Active Graphics Card Monitor | atievx.exe | Added by the IRCBOT-TL WORM! | No |
| X | ATI AS Filter | msnse.exe | Added by the RBOT-CCY WORM! Note - modifies the HOSTS file by appending numerous lines, preventing access to the virus cleaning websites | No |
| N | ATI Catalyst™ System Tray | CLI.exe SystemTray | System Tray access to ATI's Catalyst™ CONTROL CENTER. Note that this has "SystemTray" appended to CLI.exe in the "Command" column of MSCONFIG. Not required to run the control center - which is available via a right-click on the desktop | No |
| N | ATI DeviceDetect | ATIDtct.EXE | Utility meant for future use of the ATI TV WONDER USB 2.0 video driver and can be disabled | No |
| X | ATI Display | ATIDisplay.exe | Added by the BDOOR-AFH BACKDOOR! | No |
| X | ATI Display Driver | atixd.exe | Added by the RBOT-FOV WORM! | No |
| X | Ati Display Settings | atividx.exe | Added by the RBOT-GAS WORM! | No |
| N | ATI GART Set-up Utility | Atigart.exe | Program that checks the motherboard chipset and determines which GART driver bundle to install on ATI video cards. If you have one, once installed it shouldn't be needed | No |
| U | ATI Launchpad | launchpd.exe | Convenient way to start all your Multimedia Center applications (DVD, Video CD, CD Audio, File Player). You can right-click LaunchPad, and uncheck Load on Startup in the menu | No |
| X | ATI Rage3d Pro | AtiRage4dPro.exe | Added by the AGOBOT-OG WORM! | No |
| Y | ATI Remote Control | ATIRW.exe | Driver for the ATI REMOTE WONDER? RF remote control for ATI's All-In-Wonder graphic cards and other products. Required if you use it | No |
| Y | ATI Remote Control | ATIX10.exe | ATI Remote Wonder? - PC wireless remote control driver. Required if you use it | No |
| N | ATI Scheduler | Atisched.exe | Component that remains resident in memory and automatically launches the ATI VIDEO PLAYER at a user selected time and date. Delete the shortcut in the Start -> Programs -> Startup folder as well. Functions could re-enable the program to load at start-up and re-introduce the shortcut. Try it and see | No |
| N | ATI Task Application | Atitkad.exe | System Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Start -> Settings -> Control Panel -> Display | No |
| N | ATI Task Application (Atikey) | Atitask.exe | System Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Start -> Settings -> Control Panel -> Display | No |
| X | ATI Technology Startup | techstart.exe | Added by the RBOT-AEU WORM! | No |
| X | ATI Video Driver Control | atigfx.exe | Added by the RBOT-FWL WORM! | No |
| X | ATI Video Driver Control | btorrent.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | ATI Video Driver Controls | [path to worm] | Added by the SDBOT-DDS WORM! | No |
| X | ATI VIDEO REGKEY | ati2vid.exe | Added by the SDBOT.UR WORM! | No |
| ? | Ati2cwxx | Ati2cwxx.exe | For some ATI video cards. Probably used to access features and may not be required - for example the ATI Radeon works fine without it | No |
| X | Ati2evxx | Ati2evxx.com | Added by the BACKDOOR-CPC TROJAN! | No |
| X | ati2f104 | ati2f104.exe | Added by the DLOADR-BBW TROJAN! | No |
| U | Ati2mdxx | Ati2mdxx.exe | System Tray icon to access ATI graphics card settings and the Hydravision Desktop Manager | No |
| N | ATICCC | cli.exe runtime | ATI's Catalyst™ CONTROL CENTER. Required if you want to change graphics settings on a regular basis but you must have internet access and Microsoft's .NET framework installed. Note that this has "runtime" appended to cli.exe in the "Command" column of MSCONFIG. Recommend that start the program manually via Start → Programs → ATI Catalyst Control Center → Advanced → Restart Runtime as it can cause problems when starting Windows | No |
| N | ATICCC | CLIStart.exe | Puts the ATI Catalyst™ Control Center Icon/Shortcut on the System Tray - available via Start → Programs | No |
| X | aticpaxx.exe | aticpaxx.exe | Added by the RBOT-XP WORM! | No |
| U | AtiCwd | AtiCwd.exe | This utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video card | No |
| U | AtiCwd | AtiCwd32.exe | This utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video card | No |
| U | AtiCwd | Ati2cwad.exe | This utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video card | No |
| U | AtiCwd32 | AtiCwd.exe | This utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video card | No |
| U | AtiCwd32 | AtiCwd32.exe | This utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video card | No |
| U | AtiCwd32 | Ati2cwad.exe | This utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video card | No |
| X | AtiDisplayDrv | atidrvxx.exe | Added by the RBOT-VZ WORM! | No |
| X | atidriver | reaIplayer.exe | Added by the WARPIGS-E WORM! Note the uppercase "I" in the filename, rather than a lower case "L" | No |
| N | AtiGart | Atigart.exe | Program that checks the motherboard chipset and determines which GART driver bundle to install on ATI video cards. If you have one, once installed it shouldn't be needed | No |
| N | AtiKey | AtiKey32.exe | System Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Start -> Settings -> Control Panel -> Display | No |
| N | AtiKey | atiptkad.exe | System Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Control Panel → Display | No |
| N | Atikey | Atitask.exe | System Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Start -> Settings -> Control Panel -> Display | No |
| U | ATIMACE | MACE.exe | ATI Technologies Control Centre - installed alongside ATI graphics hardware and provides additional configuration options for these devices in the Managed Access to Catalyst™ Environment (MACE) component | No |
| U | ATIModeChange | Ati2mdxx.exe | System Tray icon to access ATI graphics card settings and the Hydravision Desktop Manager | No |
| X | AtiPanel | atip.exe | Added by the TACTSLAY.U TROJAN! | No |
| X | atipatxx | atipatxx.exe | Added by the SMALL-ED TROJAN! | No |
| U | ATIPOLAB | ati2evxx.exe | ATI External Event Utility EXE Module. This task can comsume lots of CPU resources on some computers, but it can help with graphics card problems. Leave enabled unless it consumes too many CPU resources | No |
| U | ATIPOLAB | ati2evae.exe | ATI Polling Program - part of the ATI graphics driver e.g. on some Fujitsu-Siemens Notebooks | No |
| U | ATIPOLL | ati2evxx.exe | ATI External Event Utility EXE Module. This task can comsume lots of CPU resources on some computers, but it can help with graphics card problems. Leave enabled unless it consumes too many CPU resources | No |
| U | AtiPTA | Ati2ptxx.exe | Control panel for the ATI series of video cards allowing access to such features as display resolution, colour depth, etc. Available via Start -> Settings -> Control Panel -> Display. Some users may need it if they have optimised their settings | No |
| U | AtiPTA | Atiptaxx.exe | Control panel for the ATI series of video cards allowing access to such features as display resolution, colour depth, etc. Available via Start -> Settings -> Control Panel -> Display. Some users may need it if they have optimised their settings | No |
| U | AtiPTA | Atiptaab.exe | Control panel for the ATI series of video cards allowing access to such features as display resolution, colour depth, etc. Available via Start → Settings → Control Panel → Display. Some users may need it if they have optimised their settings | No |
| U | AtiPTAAA | Ati2ptxx.exe | Control panel for the ATI series of video cards allowing access to such features as display resolution, colour depth, etc. Available via Start -> Settings -> Control Panel -> Display. Some users may need it if they have optimised their settings | No |
| U | AtiPTAAA | Atiptaxx.exe | Control panel for the ATI series of video cards allowing access to such features as display resolution, colour depth, etc. Available via Start -> Settings -> Control Panel -> Display. Some users may need it if they have optimised their settings | No |
| U | atiptaxx | Ati2ptxx.exe | Control panel for the ATI series of video cards allowing access to such features as display resolution, colour depth, etc. Available via Start -> Settings -> Control Panel -> Display. Some users may need it if they have optimised their settings | No |
| U | atiptaxx | Atiptaxx.exe | Control panel for the ATI series of video cards allowing access to such features as display resolution, colour depth, etc. Available via Start -> Settings -> Control Panel -> Display. Some users may need it if they have optimised their settings | No |
| X | atiptext | atiptext.exe | Added by the COSIAM-A TROJAN! | No |
| U | AtiQiPcl | AtiQiPcl.exe | Used for hardware DVD decoding on ATI video cards supporting this feature. Not required unless you regularly play DVD's | No |
| U | ATISmart | ati2s9ag.exe | ATI's "SMARTGART", which is included with the Catalyst™ drivers. When the system boots, it runs a couple of bus tests & tries to apply the most stable settings | No |
| U | AtiSound | csrss.exe | WinSpy surveillance software. Uninstall this software unless you put it there yourself. Note - this is not the same file as the csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "ComRoot" subfolder | No |
| X | atisrc2 | windfind.exe | Added by the WINDFIND-A TROJAN! | No |
| X | ATITech | Active.exe | Added by the ROAMER-A TROJAN! | No |
| U | atitray | atitray.exe | ATI Tray Tools - allows quick access to ATI graphics card settings | No |
| U | AtiTrayTools | atitray.exe | ATI Tray Tools - allows quick access to ATI graphics card settings | No |
| X | atiupdate | ATIUPDATE5.EXE | Added by the DEBESKI.A TROJAN! | No |
| X | atiupdate | msshed32.exe | Added by the DELF.EP downloader TROJAN! | No |
| X | ATIUpdater | atiupdxx.exe | Added by the RBOT-ABX WORM! | No |
| X | Atiupdpl | atiupdpl.exe | Added by the SMALL.AOS TROJAN! | No |
| X | ativopen | ativopen.exe | Premium rate adult content dialler | No |
| Y | ATIX10 | atix10.exe | ATI Remote Wonder? - PC wireless remote control driver. Required if you use it | No |
| ? | ATKMEDIA | DMEDIA.EXE | ATK Media utility for ASUS laptops - what does it do and is it required? | No |
| X | Atl**.exe [* = random char] | Atl**.exe [* = random char] | CoolWebSearch/HomeSearch adware - for examples, see this log | No |
| X | Atl**32.exe [* = random char] | Atl**32.exe [* = random char] | CoolWebSearch/HomeSearch adware - for examples, see this log | No |
| X | ATM Control | adpn.exe | Added by the MMS.A WORM! | No |
| N | ATnotes | atnotes.exe | Loads the ATnotes program for virtual sticky notes for your desktop. Available via Start -> Programs | No |
| U | Atomic Time Synchronizer | TimeSync.exe | TimeSync - lets you synchronize your computer's clock with any internet atomic clock | No |
| X | Atomic-x27 | Atomic-x27.exe | Added by the KATOMIK-A WORM! | No |
| X | Atomic-x27C | AtomicpartC.exe | Added by the KATOMIK-A WORM! | No |
| U | Atomic.exe | Atomic.exe | Atomic Clock Sync - synchronizes your computer's time with the NIST time server | No |
| N | Atomica | atomica.exe | Atomica runs from the System Tray and allows the user to find out more about a word or phrase on any screen by pointing at it with the mouse and clicking button one while holding down the Alt key | No |
| U | AtomicTime | ATOMICTIME.EXE | AtomicTime - utility that synchronizes your PC clock to an atomic clock | No |
| U | Atrack | atrack.exe | New feature of Norton Internet Security (NIS) and Norton Personal Firewall (NPF) 3.0 is the Alert Tracker, an instant notification feature. The Alert Tracker displays information about events as they happen. This way, when a rule has been triggered or an access to the Internet made, you know about it immediately rather than finding out about it when you check your logs or notice that the NIS icon indicates a security alert | No |
| U | Atray | Atray.exe | Active Tray is a utility which lets you configure the system tray. You can also create your own tray icons | No |
| U | ATSpooler | AppsTraka.exe | DeskTopScout keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| U | ATTBroadbandUpdate | SAUpdate.exe | Big Brother from Quest Software. System and network monitor | No |
| U | ATTRedUpdate | AutoUpdate.exe | Additional item added to start-ups after AT&T took over the now bankrupt Excite@home high-speed internet service. Included for automatically downloading and installing updates. Leave it unless you plan to regularly run it to check for updates | No |
| X | AttuneClientEngine | attune_ce.exe | Aveo Attune automated helpdesk software - adware/spyware | No |
| X | AttuneContentUpdater | attune_cu.exe | Aveo Attune automated helpdesk software - adware/spyware | No |
| X | AttuneDiscovery | attune_di.exe | Aveo Attune automated helpdesk software - adware/spyware | No |
| X | Attunel | Attunel.exe | Aveo Attune automated helpdesk software - adware/spyware | No |
| X | AttuneSystray | attune_st.exe | Aveo Attune automated helpdesk software - adware/spyware | No |
| N | aTuner | atuner.exe | aTuner - tweak tool for GeForce based graphics cards | No |
| Y | atwtusb | atwtusb.exe | USB interface for Aiptek Graphics Tablet (USB) | No |
| X | AtxBrw | Iexplor.exe | "Pop Marketing" adware | No |
| U | au | DealioAu.exe | Dealio Toolbar is a free shopping comparison toolbar that allows users to search for a wide range of consumer products | No |
| U | AU Agent | AUagent.exe | Au Agent from Zilab Software. Win2K/NT enhancement tool. Allows you to run applications under any security context without closing the whole logon session to process a new logon | No |
| X | au.exe | au.exe | Added by the BEAGLE.B WORM! | No |
| Y | AUCBPNP | aucbnpn.exe | Adaptec USB CardBus Safe-Eject - driver for the Adaptec USB 2.0 CardBus which provides USB 2.0 ports for laptop users via a PCMCIA card slot | No |
| X | Aucompat | Aucompat.exe | Added by the GEMA TROJAN! | No |
| X | Audcntr | audcntr.exe | Added by the GEMA TROJAN! | No |
| ? | AudCtrl | RunDll32 AudCtrl.dll, RCMonitor | Audio control panel? | No |
| X | audi32 | audi32.exe | Added by the RANCK-FL TROJAN! | No |
| X | AUDIO | SOUND.exe | Added by the PLOYB-A TROJAN! | No |
| X | Audio Device Manager | winfp.exe | Detected by PCTools as the IRCBOT.BIV TROJAN! See here | No |
| X | Audio Device Manager | WinNT.exe | Added by the IRCBOT.USP BACKDOOR! | No |
| X | Audio Device Manager | WNDXP.exe | Detected by Kaspersky as the IRCBOT.AJL TROJAN! See here | No |
| X | audiocfg.exe | audiocfg.exe | Added by the VB.ATE WORM! | No |
| X | Audiocntl | audiocntl.exe | Added by a variant of the CRYPTER.C TROJAN! | No |
| N | AudioDeck | ADeck.exe | ADeck.exe is a system tray application for VIA's sound cards which offers quick access to a number of sound card related items | No |
| X | Audiodrv | audiodrv.exe | Added by the CRYPTER-C TROJAN! | No |
| U | AudioDrvEmulator | DLLML.exe AudDrvEm.dll | Related to Creative DLL Module Loader for the Sound Blaster X-Fi (and maybe others). This program is non-essential process to the running of the system, but should not be terminated unless suspected to be causing problems | No |
| N | AudioHQ | Ahqtb.exe | For Creative Soundblaster Live! series soundcards. System tray application for SB Live! functions. Available via Start -> Programs | No |
| X | AudioHQ | audiohq.exe | Added by the BANKER-EHK TROJAN! | No |
| N | AudioHQU | AHQTBU.EXE | System Tray application installed with the drivers for Creative Labs SoundBlaster Live! Can be run from Start -> Programs | No |
| X | audioinf | audioinf.exe | Added by a variant of the CRYPTER.C TROJAN! | No |
| X | AudioMan | Explorer.sm1 | Added by the HUPIGON.IFZ BACKDOOR! | No |
| X | audlmne32 | dcmsxe.exe | Added by the MAILBOT-CF TROJAN! | No |
| X | auloadplx | mplprogsm.exe | Added by the SLAPER.K TROJAN! | No |
| X | AUNPS2 | RUNDLL32 AUNPS2.DLL, _Run@16 | AUNPS adware | No |
| X | aupd | symcsvc.exe | Added by the ABWIZ.D TROJAN! | No |
| X | aupd | sysvcs.exe | Added by the ABWIZ.C TROJAN! | No |
| X | aupd | sywsvcs.exe | Added by the ORSE-M TROJAN! | No |
| Y | Aureal A3D Interactive Audio | sa3dsrv.exe | For Aureal based 3D soundcards. A3D sound features won't work with this disabled | No |
| Y | Aureal A3D Interactive Audio Init | A3dInit.exe | For Aureal based 3D soundcards. A3D sound features won't work with this disabled | No |
| U | Auslogics BoostSpeed 4 | boostspeed.exe | System Tray accesss to Auslogics BoostSpeed 4 system optimization utility - which "Start programs faster. Speed up computer start time. Increase Internet speed, optimize your Internet Explorer, Firefox and E-mail programs" | Yes |
| X | ausvc | ausvc.exe | Added by the AUTOUPDER TROJAN! | No |
| X | Auth Starter Ident | startauth.exe | Added by the RBOT-WP WORM! | No |
| Y | Authentic-ID Toolbar | wintmr.exe | System Tray access to Child Control parental control software by Salfield | No |
| Y | Authentic-ID Toolbar | rundll32.exe [path] ToolbarATL.dll, LoadTrayIcon | Authentic-ID Toolbar - website authentication utility. Warns you when a site is recognized for phishing or isn't authentic, for example | No |
| X | authz | authz.exe | Added by an unidentified VIRUS, WORM or TROJAN! | No |
| X | auto | win32.exe | Added by the SMALL!SD5 TROJAN! | No |
| X | Auto CD-ROM Startup | cdaccess.exe | Added by the SPYBOT.BLA WORM! | No |
| U | Auto EPSON Stylus C45 Series on X | E_S4I3T1.EXE | Epson Status Monitor 3 for the Stylus C45 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus C48 Series on X | E_S10IC2.EXE | Epson Status Monitor 3 for the Stylus C48 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus C48 Series on X | E_S4I091.EXE | Epson Status Monitor 3 for the Stylus C48 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus C60 Series on X | E_S10IC2.EXE | Epson Status Monitor 3 for the Stylus C60 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus C62 Series on X | E_S10IC2.EXE | Epson Status Monitor 3 for the Stylus C62 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus C64 Series on X | E_S4I2C1.EXE | Epson Status Monitor 3 for the Stylus C64 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus C82 Series on X | E_S0HIC1.EXE | Epson Status Monitor 3 for the Stylus C82 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus C84 Series on X | E_S4I2D1.EXE | Epson Status Monitor 3 for the Stylus C84 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus C87 Series on X | E_FATIABL.EXE | Epson Status Monitor 3 for the Stylus C87 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus CX3200 on X | E_S10IC2.EXE | Epson Status Monitor 3 for the Stylus CX3200 printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus CX3600 Series on X | E_FATI9BE.EXE | Epson Status Monitor 3 for the Stylus CX3600 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus CX3800 Series on X | E_FATIACA.EXE | Epson Status Monitor 3 for the Stylus CX3800 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus CX4200 Series on X | E_FATIAEA.EXE | Epson Status Monitor 3 for the Stylus CX4200 Series printer - for monitoring printer status, checking ink levels, etc, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus CX4500 Series on X | E_FATI9AP.EXE | Epson Status Monitor 3 for the Stylus CX4500 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus CX5000 Series on X | E_FATIBVA.EXE | Epson Status Monitor 3 for the Stylus CX5000 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus CX5400 on X | E_S4I2G1.EXE | Epson Status Monitor 3 for the Stylus CX5400 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus CX6000 Series on X | E_FATIBIA.EXE | Epson Status Monitor 3 for the Stylus CX6000 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus CX6400 on X | E_S4I2L1.EXE | Epson Status Monitor 3 for the Stylus CX6400 printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus CX6600 Series on X | E_FATI9EE.EXE | Epson Status Monitor 3 for the Stylus CX6600 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus CX6600 Series on X | E_FATI9EA.EXE | Epson Status Monitor 3 for the Stylus CX6600 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus CX7400 Series on X | E_FATICDA.EXE | Epson Status Monitor 3 for the Stylus CX7400 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus CX7800 Series on X | E_FATIACA.EXE | Epson Status Monitor 3 for the Stylus CX7800 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus CX9400Fax Series on X | E_FATICFA.EXE | Epson Status Monitor 3 for the Stylus CX9400Fax Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus D78 Series on X | E_FATIBGE.EXE | Epson Status Monitor 3 for the Stylus D78 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus D88 Series on X | E_FATIABE.EXE | Epson Status Monitor 3 for the Stylus D88 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus DX3800 Series on X | E_FATIACE.EXE | Epson Status Monitor 3 for the Stylus DX3800 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus DX4800 Series on X | E_FATIADE.EXE | Epson Status Monitor 3 for the Stylus DX4800 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus DX6000 Series on X | E_FATIBIE.EXE | Epson Status Monitor 3 for the Stylus DX6000 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus Photo 820 Series on X | E_S10IC2.EXE | Epson Status Monitor 3 for the Stylus Photo 820 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus Photo R1800 on X | E_FATI9LA.EXE | Epson Status Monitor 3 for the Stylus Photo R1800 printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus Photo R200 Series on X | E_S4I2H1.EXE | Epson Status Monitor 3 for the Stylus Photo R200 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus Photo R200 Series on X | E_S4I0H2.EXE | Epson Status Monitor 3 for the Stylus Photo R200 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus Photo R220 Series on X | E_FATIAIE.EXE | Epson Status Monitor 3 for the Stylus Photo R220 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus Photo R2400 on X | E_FATI9SA.EXE | Epson Status Monitor 3 for the Stylus Photo R2400 printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus Photo R260 Series on X | E_FATIBNA.EXE | Epson Status Monitor 3 for the Stylus Photo R260 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus Photo R300 Series on X | E_S4I2F1.EXE | Epson Status Monitor 3 for the Stylus Photo R300 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus Photo R300 Series on X | E_S4I0F2.EXE | Epson Status Monitor 3 for the Stylus Photo R300 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus Photo R320 Series on X | E_FATI9FA.EXE | Epson Status Monitor 3 for the Stylus Photo R320 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus Photo R800 on X | E_FATI9YE.EXE | Epson Status Monitor 3 for the Stylus Photo R800 printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus Photo RX420 Series on X | E_FATI9CE.EXE | Epson Status Monitor 3 for the Stylus Photo RX420 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus Photo RX500 on X | E_S4I2K1.EXE | Epson Status Monitor 3 for the Stylus Photo RX500 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus Photo RX600 on X | E_S4I2M1.EXE | Epson Status Monitor 3 for the Stylus Photo RX600 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus Pro 7600 on X | E_S10IC2.EXE | Epson Status Monitor 3 for the Stylus Pro 7600 printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| X | Auto File System Conversion Utility | scricon.exe | Added by the SDBOT.EYB WORM! | No |
| X | auto repair system | qualityx.exe | Added by an unidentified WORM or TROJAN - probably a SPYBOT variant | No |
| U | Auto Run Software for Photo Frame | PhotoManager.exe | Management software for Philips digital PhotoFrame range. Used to edit photos and transfer them directly from a PC via a USB cable. Start manually when you connect the device | Yes |
| U | Auto Switch | TASKBAR.exe | Related to 2-port Bitronics AutoSwitch kit from Belkin | No |
| N | Auto T Bar | autotbar.exe | If you disable the HP VIEW toolbar in IE and rearrange the toolbars on a reboot they will be back as they were before if this is left enabled | No |
| X | Auto Updat | WindowsSys32.exe | Added by a variant of the FORBOT WORM! | No |
| X | Auto updat | crcss.exe | Added by the SDBOT.AAG WORM! | No |
| X | Auto Update | AUP.exe | Added by an unididentified WORM or TROJAN! | No |
| X | Auto Update | dma.exe | Added by the RBOT-AVO WORM! | No |
| X | Auto Update | svchost.exe | Added by the DUMARDI-A TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder | No |
| X | Auto Updates | svchost.exe | Added by the CHEUKO-A TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder | No |
| X | Auto WinUpdate | taskmrg.exe | Added by the RBOT-AFA WORM! | No |
| X | AutoAdministrator | SERVICES.EXE | Added by the PUNYA-A WORM! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! | No |
| U | Autobar | autobar.exe | Connect buttons on the keyboard for internet direct access, etc. on HP computers | No |
| U | AutoCAD Startup Accelerator | acstart16.exe | Preloads some libraries that are used by AutoCAD in order to make the software load faster | No |
| U | autoclk | autoclk.exe | Autoclik is a Windows utility "that allows you to perform all mouse activity with absolutely no clicking" | No |
| X | AutoDiscovery/AutoPurge (ADAP) Service | wmiadapi.exe | Added by the RBOT.FLT WORM! | No |
| N | AutoEA | Ahqrun.exe | For Creative Soundblaster Live! series soundcards. Specify for any audio application what audio preset to automatically associate with currently active speaker output. Available via AudioHQ | No |
| X | AUTOEXE | AUTOEXE.exe | Added by the SEMAPI-A WORM! | No |
| X | autoload | cftmon.exe | Detected by Symantec as the SILLYFDC WORM! See here | No |
| X | autoload | spooll.exe | Detected by Symantec as the SILLYFDC WORM! See here | No |
| X | autoload | windowsupdate.exe | Added by the POLYCRYP.DY TROJAN! | No |
| X | Autoloaderaproposclient | Apropos_Client_Loader.exe | AproposMedia adware | No |
| X | Autoloaderaproposclient | cxtpls_loader.exe | AproposMedia adware | No |
| X | AutoLoaderEnvoloAutoUpdater | auto_update_loader.exe | Envolo/AproposMedia adware updater | No |
| N | AutoMate Task Service | automate.exe | Task scheduler for Unisyn Automate 4 task automation/macro running software. Available via a desktop shortcut or Start -> Programs | No |
| U | AutoMate5 | Am5HkWnd.exe | "Automate is the Leading Software for Automation of front and back-office business processes.It provides all the tools necessary to completely automate business processes, regardless of their complexity" | No |
| U | AutoMate6 | AMEM.exe | AutoMate 6 for automating repetitive tasks | No |
| X | Automated Windows Updates | wauclt.exe | Added by the GAOBOT.AJD WORM! | No |
| X | Automatic Defrag Manager | defrag.exe | Added by the RBOT-AKE WORM! | No |
| X | Automatic Media Update | CACHE.RVD | Added by an unidentified WORM/TROJAN! | No |
| X | Automatic Media Update | HPLNT32.RVD | Added by an unidentified WORM/TROJAN! | No |
| X | Automatic Microsoft Windows Updater | suchost.exe | Added by the RBOT-EQ WORM! | No |
| X | Automatic Updates | algs.exe | Added by the IRCBOT-AAM TROJAN! | No |
| X | Automatic Windows Updater | Update.exe | Added by the GAOBOT.AO WORM! | No |
| N | Automatically launches the United Devices Agent when you start your computer | UD.EXE | The United Devices Agent can recycle your PC's unused resources and use them to perform valuable scientific and medical research without disturbing your usual computer use - similar to SETI@home but for medical research. Available via Start > Programs | No |
| X | Autopdate | Autopdate.exe | Added by the RBOT-AGL WORM! | No |
| N | AUTOPROP | REGPROP.EXE WMPADDIN.DLL | Both the files are in the MS Office/Bots/FP_WMP directory. Apparently, it registers the FrontPage WiMP extension | No |
| X | AUTOPROTECTU | navapq32.exe | Added by an unidentified WORM or TROJAN! | No |
| X | autorepair | dexs.exe | Added by a variant of the SDBOT WORM! | No |
| U | Autoroute SMTP | AutoSmtp.exe | Autoroute SMTP - "automatic switching between SMTP servers depending on what network you are currently working in." You need to have two Internet service providers | No |
| X | autorun | autorun.exe | Added by the AUTOM-B WORM! | No |
| X | autorun | sxs.exe | Added by the SMALLVBS-A WORM! | No |
| X | autorun | winmain.exe | Added by a variant of the DELF.CNS TROJAN! | No |
| X | autorundemo | [path to trojan] | Added by the AGENT-FPX TROJAN! | No |
| X | AUTORUN_VAL | AntiSpyCheck 2.1.exe | AntiSpyCheck rogue spyware remover - not recommended, removal instructions here | No |
| X | AUTORUN_VAL | asc 2.1.exe | AntiSpyCheck rogue spyware remover - not recommended, removal instructions here | No |
| ? | AutoShutdown | pssvc.exe | Utility to fix vCard Export in MS Outlook 2000 - although why are these together? | No |
| U | AutoSizer | AUTOSIZER.EXE | AutoSizer - utility that automatically maximizes windows when they're opened | No |
| N | AutoSpell | autospel.exe | AutoSpell - spell checker (version 6.*) | No |
| N | AutoSpell 5 | ASWATC32.EXE | AutoSpell - spell checker | No |
| U | AutoSys | autosys.exe | Winguardian surveillance software. Uninstall this software unless you put it there yourself | No |
| N | autotbar | autotbar.exe | If you disable the HP VIEW toolbar in IE and rearrange the toolbars on a reboot they will be back as they were before if this is left enabled | No |
| N | AutoTKit | AUTOTKIT.EXE | On HP PC's. Unclear what purpose it serves - but there's a known issue with Internet Explorer Toolbar settings not being saved with it enabled | No |
| N | autoupd | autoupd.exe | Raxco Software Auto Update utility."Used to keep your software up-to-date" | No |
| X | autoupd | autoupd.exe | Added by an unidentified VIRUS, WORM or TROJAN! - found in a folder of the same name | No |
| X | autoupdate | rundll32 DATADX.DLL,SHStart | Added by a variant of the QOOLOGIC TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "DATADX.DLL" file is found in %System% | No |
| X | autoupdate | rundll32 SUPDATE.DLL,SHStart | Added by a variant of the QOOLOGIC TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "SUPDATE.DLL" file is found in %System% | No |
| X | AutoUpdate | smss.exe | Added by a variant of the WINSPY.AA TROJAN! Note - this is not the legitimate smss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "debug64" subfolder of the Winnt or Windows folder | No |
| X | Autoupdate Service | kaka.exe | Added by the SYMPE-B TROJAN! | No |
| X | AutoUpdater | aupdate.exe | Tinybar variant | No |
| X | AutoUpdater | AutoUpdate.exe | PeopleonPage foistware | No |
| X | autoupdatev2 | [path to file] | Added by the DROPPER-BM TROJAN! | No |
| X | autoupdatev2 | autoupdatev2.exe | Detected by Kaspersky as the AGENT.FQ TROJAN! | No |
| X | AutoVirusProtection | ciscv.exe | Added by a variant of the RBOT WORM! | No |
| X | auto__antiav__key | antiav_exe.exe | Added by the BAGLEDI-AA TROJAN! | No |
| X | auto__hloader__key | hloader_exe.exe | Added by the BAGLE.AB TROJAN! | No |
| X | aux.exe | aux.exe | Added by the ZINS TROJAN! | No |
| X | auxAudioDevice | aux32.exe | Added by the AIZU WORM! | No |
| N | AUXXTRAY | au30setp.exe | System Tray application for Aureal Vortex based soundcards. Can be run manually via Start -> Settings -> Control Panel | No |
| X | AV | UPDATE-28062004.exe[25 blank spaces].vbs | Added by the MIDFIN WORM! | No |
| X | av | expressav.exe | Express Antivirus 2009 rogue security software - not recommended, removal instructions here | No |
| X | AV Client | patch31345.exe | Added by the MYDOOM.AD WORM! | No |
| X | AV Industry | patch31345.exe | Added by the MYDOOM.AD WORM! | No |
| X | AV UpDate | Update.exe | Added by the FUROOT-A TROJAN! | No |
| N | AvaFind | AvaFind.exe | AvaFind file search utility | No |
| X | AVantivirus | Avconsol.exe | Added by the MSNVB-D WORM! | No |
| X | avast | troyan.exe | Added by the SMALL.CZ TROJAN! | No |
| Y | Avast! | ashserv.exe | Part of Avast! anti-virus software | No |
| Y | avast! | ashDisp.exe | System Tray access to and notifications for avast! Antivirus - giving left-click access to the On-Access Scanner, right-click access to other options and event notifications | No |
| Y | avast! Antivirus | ashDisp.exe | System Tray access to and notifications for avast! Antivirus - giving left-click access to the On-Access Scanner, right-click access to other options and event notifications | No |
| Y | avast! Web Scanner | Ashwebsv.exe | Part of Avast! anti-virus software | No |
| Y | Avast32 | Astart32.exe | Part of Avast! anti-virus software | No |
| X | avc | avmon.exe | Added by an unidentified TROJAN! | No |
| U | AvconsoleEXE | Avconsol.exe | From McAfee VirusScan up to version 4.x and Dr Solomon's VirusScan. Used to schedule regular scans. If you don't have scans scheduled you don't need it | No |
| X | Avengine | Avengine.com | Added by the DELF.LJ TROJAN! | No |
| X | AveoAttune | atmdlusr.exe | Aveo Attune automated helpdesk software - adware/spyware | No |
| U | AVFX Engine | StartFX.exe | Advanced Video FX - supported by a number of Creative Web Cameras. "Have more fun by adding a wide range of special effects and backgrounds to your video chat with Advanced Video FX" | No |
| X | AvG | svchost323.exe | Added by the RBOT-ZA WORM! | No |
| Y | AVG Anti-Virus system | avgcc.exe | AVG Anti-Virus 7.0 Control Center. Allows you to manage and control all AVG Anti-Virus components, settings and updates | No |
| X | Avg Antivirus | icpldrvx.exe | Added by the BANKER.BYU TROJAN! | No |
| X | AVG Grisoft Updater | updater.exe | Added by the AGOBOT-OT WORM! | No |
| Y | AVG7_AMSVR | Avgamsvr.exe | AVG antivirus related | No |
| Y | AVG7_CC | avgcc.exe | AVG Anti-Virus 7.0 Control Center. Allows you to manage and control all AVG Anti-Virus components, settings and updates | No |
| Y | AVG7_EMC | AVGEMC.exe | AVG Anti-Virus 7.0 Email Cleaner. Scans incoming and outgoing email for viruses | No |
| Y | AVG7_Run | avgw.exe | AVG Anti-Virus 7.0 related | No |
| U | AVG8_TRAY | avgtray.exe | System Tray access to AVG internet security software | No |
| Y | avgamsvr.exe | Avgamsvr.exe | AVG antivirus related | No |
| Y | avgcc32 | avgcc32.exe | AVG anti-virus control center. Also enables scheduled tests, Outlook E-mail plug-in and automatic updates | No |
| Y | AVGCtrl | AVGCtrl.exe | Part of AntiVir? PersonalEdition Classic antivirus | No |
| Y | avgfwsrv | AVGFWSRV.EXE | Firewall part of the AVG Plus Firewall Edition | No |
| Y | avgmsvr.exe | avgmsvr.exe | AVG Anti-Virus 7.0 related | No |
| Y | AVGnt | AVGnt.exe | AntiVir® PersonalEdition Classic antivirus. System Tray icon and control program | No |
| Y | Avgserv9.exe | Avgserv9.exe | AVG antivirus background monitoring | No |
| Y | AVGuard | AVGuard.exe | AntiVir® PersonalEdition Classic antivirus. Background task which scans files transparently | No |
| Y | AVG_CC | avgcc32.exe | AVG anti-virus control center. Also enables scheduled tests, Outlook E-mail plug-in and automatic updates | No |
| Y | AVG_EMC | AVGEMC.exe | AVG Anti-Virus 7.0 Email Cleaner. Scans incoming and outgoing email for viruses | No |
| Y | AVG_RegCleaner | AVGREGCL.exe | AVG Anti-Virus 7.0 Registry Cleaner - for checking the registry for virus additions and other security problems | No |
| X | avidrv | drvsc.exe | Detected by Kaspersky as the AGENT.PH TROJAN! | No |
| X | Avimgt | Avimgt.exe | Added by the GEMA TROJAN! | No |
| X | Avimgt32 | Avimgt32.exe | Added by the GEMA TROJAN! | No |
| Y | avinit | AVINIT9X.EXE | Command Antivirus related | No |
| X | Avira Anti-Virus Pro 2008 | explorear.exe | Added by an unidentified WORM or TROJAN! | No |
| X | AvirTr | AvirTr.exe | AntivirusTrigger rogue security software - not recommended, removal instructions here | No |
| Y | AVK Mail Checker | AVKPop.exe | eXtendia AVK AntiVirus email checker | No |
| Y | AVKBar | AVKBar.exe | GData AntiVirusKit Anti-virus | No |
| U | AVKTray | AVKTray.exe | System Tray access to AntiVirenKit InternetSecurity from G DATA Software AG | No |
| Y | AvMaiSrv | Avmaisrv.exe | Part of Avast! anti-virus software - E-mail scanner | No |
| X | AVManager | csrss.exe | Added by the AUTORUN-DV WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ~A~m~B~u~R~a~D~u~L~ subfolder | No |
| ? | AvMenu | AVMenu.exe | Part of the ArcaVir antivirus suite from Polish company Arcabit. What does this part do and is it required? | No |
| Y | AVMWlanClient | wlangui.exe | Related to broadband products from avm.de | No |
| X | avnort | formatsys.exe | Added by the SERFLOG.A WORM! | No |
| X | avnort | msmbw.exe | Added by the SERFLOG.A WORM! | No |
| X | avnort | serbw.exe | Added by the SERFLOG.A WORM! | No |
| Y | avp | avp.exe | Kaspersky anti-virus and AOL's Active Virus Shield (by Kaspersky) - found in either a Kaspersky or AOL sub-directory | No |
| X | AVP | [path to trojan] | Added by the MUTBO-A TROJAN! | No |
| X | avp | avp.exe | Detected by Kaspersky as the ALPHABET.B TROJAN! | No |
| X | avp | win*.tmp.exe [* is a number] | Added by a variant of the ALPHABET TROJAN! | No |
| X | avp | xar6000v7.exe | Detected by Kaspersky as the ALPHABET.B TROJAN! | No |
| X | AVP-SE | avp-32.exe | Added by the AGOBOT.FS WORM! | No |
| X | avpa | avpo.exe | Added by the LEGMIR-ARK TROJAN! | No |
| Y | avpcc | avpcc.exe | Kaspersky Labs anti-virus | No |
| X | avpl | Antivirus.exe | AntiVirus Plasma rogue security software - not recommended, removal instructions here | No |
| Y | avpm | avpm.exe | Kaspersky anti-virus | No |
| X | AvpM | AvpM.exe | Added by the STARTPAGE-ID TROJAN! Note - this is not the popular Kaspersky antivirus and this file is located in the WINDOWSpchealthUploadLBConfig directory | No |
| X | avpms | avpms.exe | Detected by Kaspersky as the ONLINEGAMES.CPV TROJAN! See here | No |
| X | Avpr | avpr.exe | Added by the MYDOOM.AF WORM! | No |
| X | AVPSrv | AVPSrv.exe | Added by the ONLINE-GEN TROJAN! | No |
| X | avptask | [path to trojan] | Added by the NOFERE-G TROJAN! | No |
| X | avptask | expl0rer.exe | Added by the AGENT.JJO TROJAN! | No |
| X | Avptask | rund1132.exe | Added by the AGENT.PKZ TROJAN! | No |
| X | AvpWx | WErcx.exe | Detected by Kaspersky as a variant of the AGENT.A TROJAN! | No |
| X | Avril Lavigne - Muse | [random filename] | Added by the AVRIL-A WORM! | No |
| Y | AVSCHED32 | AVSched32.exe | AntiVir® PersonalEdition Classic - antivirus | No |
| Y | AVSchedScan | SCHSC9X.EXE | Command Antivirus related | No |
| X | AvSer | dsm.exe | Added by the SERFLOG.B WORM! | No |
| X | AvSer | msmpatch.exe | Added by the SERFLOG.B WORM! | No |
| X | AvSer | svosm.exe | Added by the SERFLOG.B WORM! | No |
| X | AvSer | sysup.exe | Added by the SERFLOG.B WORM! | No |
| X | avserve.exe | avserve.exe | Added by the SASSER WORM! | No |
| X | avserve2.exe | avserve2.exe | Added by the SASSER.B or SASSER.C WORMS! | No |
| X | avserve3.exe | avserve3.exe | Added by the SASSER.G WORM! | No |
| U | AVStation premium | AVStation agent.exe | Related to Samsung AV Station - instant playback of music, photos, videos | No |
| X | avtapi | avtapi.exe | Added by the AGENT.AM TROJAN! Note - example names include "XviD", "Winamp Remote", "Windows Media Player" and "Futuremark" | No |
| N | Avtray | Avtray.exe | Command Antivirus tray icon | No |
| X | AVupdate32 Update | AVupdate32.exe | Added by the RBOT.CNI TROJAN! | No |
| ? | AVWLPSTA | AVWLPSTA.exe | PRISM Status Tray Applet - but what is it for and is it required? | No |
| Y | AVWUpd32 | AVWUPD32.EXE | AntiVir® PersonalEdition Classic - updater | No |
| Y | avx communicator | xcommsur.exe | Anti-virus part of BitDefender virus scanner/firewall | No |
| Y | Avxlive | avxlive.exe | Bullguard or BitDefender antivirus | No |
| Y | avxlni | avxinit.exe | Anti-virus part of BitDefender virus scanner/firewall | No |
| ? | Avxnews | ?? | ?? | No |
| U | Awatch | Awatch.exe | Diagnosis tool that monitors DSL connections, installed alongside DSL drivers from AVM Fritz's range of modem products | No |
| U | AwaySch | AwaySch.EXE | Part of the IBM ThinkVantage Productivity Center. "The Away Manager application allows you preselect and run routine tasks to maintain your system's performance" | No |
| U | AWC | AWC.exe | Advanced SystemCare from IObit - "helps protect, optimize, clean, and repair your computer and Registry." The PRO version adds automation, anti-spyware, privacy protection and performance tune-ups | No |
| N | awhost32 | awhost32.exe | Part of Symantec's pcAnywhere remote PC management software. Provides an automatic startup of the client PC in host mode in conjuction with a host-definition file, so system administrators can access the machine. Can cause a 10% reduction in speed and not recommended | No |
| U | AWMON | Ad-Watch.exe | Part of Lavasoft Ad-aware Plus - realtime spyware-monitor watching your memory and registry for spyware that tries to install or change your system | No |
| U | AWMON | Ad-Monitor.exe | F-Secure Anti-Spyware | No |
| U | awplite | awplite.exe | AllWallpapers Lite desktop wallpaper changer | No |
| ? | AWUSGSTA | AWUSGSTA.exe | Reportedly related to a USB Wifi Adapter - is it required at startup? | No |
| U | awxDTools | awxDTools.dll, awxRegisterDll | AwxDTools related - a Windows Shell-Extension for the Daemon-Tools. It extends the context-menu of ImageFiles supported by Daemon-Tools (i.e.: *.cue, *.iso, *.ccd ...) | No |
| ? | AxFilter | Rundll32 AXFILTER.DLL, Rundll32 | ?? | No |
| U | AXIS Print System DriverScanner | DriverScanner.exe | Part of AXIS Print System from AXIS Communications - "adds printer discovery, printer driver installation printing on Windows platforms. Printing is enabled by AXIS Print Monitor, which is one of the components. Another component in AXIS Print System is AXIS IP Installer." Now discontinued | No |
| U | AXIS Print System DriverServer | DriverServer.exe | Part of AXIS Print System from AXIS Communications - "adds printer discovery, printer driver installation printing on Windows platforms. Printing is enabled by AXIS Print Monitor, which is one of the components. Another component in AXIS Print System is AXIS IP Installer." Now discontinued | No |
| U | AXIS Print System TrayIcon | TrayIcon.exe | System Tray access to AXIS Print System from AXIS Communications - "adds printer discovery, printer driver installation printing on Windows platforms. Printing is enabled by AXIS Print Monitor, which is one of the components. Another component in AXIS Print System is AXIS IP Installer." Now discontinued | No |
| X | AXPFixer | AXPFixer.exe | AdvancedXPFixer rogue security software - not recommended, see here | No |
| X | AXVenore | AXVenore.exe | Added by an unidentified TROJAN - see here | No |
| U | AzMixerSel | AzMixerSel.exe | Related to Realtek_Azalia Mixer Selector | No |
| Y | azmodem | azexe.exe | Aztech Labs modem driver | No |
| ? | a_vpd | vpd.exe | Located in the IBMTOOLSVPD sub-directory. What does it do and is it required? | No |
| N | B'sCLiP | BSCLIP.exe | CD recording utility that comes with a lot of CDR/CDRW drives and isn't required | No |
| X | b.exe | b.exe | Added by the SDBOT.BND WORM! | No |
| N | B.Reader | remin.exe | Birthday Reminder 5.0 - as the name implies | No |
| X | b3d | BDEsecureinstall.exe | B3d Projector foistware - periodically trys to access the internet. (1) Uninstall it via Start -> Settings -> Control Panel -> Add/Remove Programs. (2) Remove the BDEsecureinstall.exe if still present in the "System" directory. (3) Disable and ideally delete it from the registry. (4) Remove the "BDE" directory and all its contents | No |
| X | b3dUpdate | Zupdate.exe | Associated with B3d Projector foistware - see here | No |
| U | b9 | B9.exe | FireTrust Benign - allows you to receive e-mail which is safe from viruses, worms, scripts, web bugs, privacy threats and other security risks, without affecting your e-mail. "Benign neutralizes or strips out the code that makes viruses, worms, scripts and other potentially harmful things run" | No |
| X | b99 | msmm.exe | ClientMan parasite variant | No |
| X | bab | svchst32.exe | Added by the AGENT.Q TROJAN! | No |
| X | babeie | rundll32 cnbabe.dll, dllstartup | CommonName Toolbar spyware. To uninstall see here | No |
| N | Babylon Client | Babylon.exe | Babylon-Pro is a powerful information tool that instantly provides relevant information, translations & conversions for any word or value you click on" | No |
| N | Babylon Translator | Babylon.exe | "Babylon-Pro is a powerful information tool that instantly provides relevant information, translations & conversions for any word or value you click on" | No |
| X | Back Updates | Uninstall.log.vbs | Added by the YPSAN.D WORM! | No |
| U | Back2zip | Back2zip.exe | Back2zip is a simple and elegant backup solution which uses the industry's most powerful ZIP and ZIP-64 technologies to constantly monitor your documents and make sure that they are always properly backed up | No |
| X | Backdoor.NuAgent | agent.exe | Added by the AGENT-DP TROJAN! | No |
| X | Background Intelligent Transfer Service | rundll32.exe | Added by the VB-ZD TROJAN! Note - this file is located in the C:Windowshelp folder, and is not to be confused with the legitimate rundll32.exe file! | No |
| U | BackgroundSwitcher | bgswitch.exe | Originally included with Microsoft's XP PowerToys (but now withdrawn - see here, Background Switcher allows your desktop background to periodically change | No |
| U | BackgroundSwitcher | BackgroundSwitcher.exe | John?s Background Switcher (or JBS for short) periodically changes the background image on your computer (like every hour or every day) to something interesting | No |
| N | Backpack UDF | bpudfmon.exe | Backpack UDF packet writing software for Microssolutions' Back Pack external CD-RW drive. Similar to DirectCD. Run manually before insert an appropriately formatted CD-RW disk | No |
| X | backup | [path to worm] | Added by the AGOBOT-H WORM! | No |
| X | Backup Service | backup.svc | Unidentified adware | No |
| U | Backup4all OTB Agent | B4AOTB.exe | "Backup4all is an award-winning data backup software for Windows. This backup utility was designed to protect your valuable data from partial or total loss by automating backup tasks, password protecting and compressing it to save storage space" | No |
| U | BackupExecScheduler | besch.exe | Veritas "Back Up My PC" software | No |
| ? | BackupNotify | backupnotify.exe | HP Digital Imaging related. What does it do and is it required? | No |
| N | BackWeb | backweb.exe | Automatically detects an internet connection and downloads any available updates. Typical on Compaq and HP PC's but not restricted to those OEM's. Resource hog and often causes malfunctions. Available via Start -> Programs | No |
| N | Backwork | Backwork.exe | Backwork trojan detector | No |
| U | BACPI10 | bacpi10a.exe | Known as "PowerKey" - a minimalistic keyboard driver that allows power management keys on BTC keyboards to function properly in older OS's (i.e. Win95/98/NT4). Also adds an icon to the system tray | No |
| N | BacsTray | BacsTray.exe | Broadcom Advanced Control Suite - for modems and set top boxes based upon Broadcom chipsets. Not required unless you have networking problems | No |
| X | BADDATE | BADDATE.EXE | Added by an unidentified VIRUS, WORM or TROJAN! | No |
| X | BagleAV | csrss.exe | Added by the NETSKY.AB WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | Bakra | IEHost.EXE | Added by the MULTIDR-AH TROJAN! | No |
| X | bal | SYSMONMS.EXE | Added by the FAKEALERT TROJAN! | No |
| X | Band-Aid | [path to file] | Added by the RANKY.O TROJAN! | No |
| U | bandmon | bandmon.exe | Rokario Bandwidth Monitor | No |
| X | Bandook | ali.exe | Added by the EXEMAS-B TROJAN! | No |
| U | Bandwidth Monitor Pro | Bandwidth Monitor Pro.exe | Bandwidth Monitor Pro - utililty to track your current download/upload limit that may be set by your ISP | No |
| U | Banpopup by Pratik | Banpopup.exe | Banpopup - popup killer | No |
| X | bantool | ie_ban.exe | Detected as the VB.PO TROJAN! | No |
| X | Bar Ding lolt | Analiz.exe | Added by the RBOT-RP WORM! | No |
| X | bargains | bargains.exe | BargainBuddy adware | No |
| X | bargains | bargainbuddy.exe | BargainBuddy adware | No |
| X | BaRloNdDiLhep | services.exe | Detected by Kaspersky as the AUTORUN.DIB WORM! See here. Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ~A~m~B~u~R~a~D~u~L~ subfolder | No |
| ? | Bart Station | station.sbrt | Related to PeoplePC ISP. May be a dialler for dial-up accounts? | No |
| U | Bart Station | PPCOLink.exe | Dialer for PeoplePC ISP | No |
| X | BarTheme | bartent32.exe | Added by the AGOBOT-UG WORM! | No |
| N | bascstray | BascsTray.exe | Broadcom Advanced Control Suite - for modems and set top boxes based upon Broadcom chipsets. Not required unless you have networking problems | No |
| X | Bat | secure2.bat | Added by the ZCREW.C TROJAN! | No |
| N | Batchreg1 | N/A | Part of the Windows System Recovery process. Added to the registry via Msbatch.inf. The existence of this key or process after the last reboot during installation indicates an unsuccessful installation, as that key should be deleted automatically. See here | No |
| U | BatInfEx | rundll32.exe | Displays battery status information on an IBM Thinkpad | No |
| X | BatSrv | batserv2.exe | Detected by Kaspersky as the LOCKSY.M WORM! | No |
| U | Battery Scope | batmgr.exe | Monitors battery levels on a notebook/laptop PC | No |
| U | BatteryBar | batterybar.exe | BatteryBar - displays battery usage, and the current percentage of battery power left | No |
| Y | batterymiser | batterymiser.exe | Battery Miser power management utility for LG Notebooks | No |
| Y | BatteryMiser 5 | BatteryMiser5.exe | Battery Miser 5 power management utility for LG Notebooks | No |
| X | BatzBack | BatzBack.scr | Added by the BACKZAT WORM! | No |
| U | BAUSB | BAUSB.exe | Boston Acoustics Audio, USB driver | No |
| X | bawindo | bawindo.exe | Added by the BEAGLE.AR or BEAGLE.AU WORMS! | No |
| U | BayMgr | DockApp.exe | Hot-swappable drive management on laptops allowing you to change drives without closing down Windows. Only required if you frequently swap bay devices | No |
| U | Bayswap | bayswap.exe | Hot-swappable drive management on Compaq Notebooks which allows you to swap drives without closing down Windows. Only required if you frequently swap bay devices | No |
| U | Bayswap2 | TbUpdate.exe | Hot-swappable drive management on Compaq Notebooks which allows you to swap drives without closing down Windows. Only required if you frequently swap bay devices | No |
| N | BBC Alerts | BBC_Alerts.exe | BBC Alerts - "You can now have all the latest news and sports headlines delivered straight to your desktop with the new BBC Alerts service" | No |
| U | BBC News alerts | skinkers.exe | BBC News Desktop Alerts service - see here. Desktop alert and breaking news e-mail services let you find out about all the latest news as it happens | No |
| ? | BBDial | BT Broadband.exe | Part of BT Broandband - is it required? | No |
| N | BBLauncher.exe | BBLauncher.exe | BounceBack Professional - back-up software | No |
| N | bbSysTray | bbSysTray.exe | Philips CD-RW related - "the 'Blue Button' feature gives users the chance to receive convenient online support for their possible device problems or questions" | No |
| U | bbui | bbui.exe | AOL DSL status monitor displaying a red/green icon indicating if you have a connection | No |
| U | bca | bca.exe | BeClean Agent - registry, history, temp files, etc cleaner | No |
| U | BCDetect | bcdetect.exe | Bcdetect.exe searches the system to make sure Creative drivers are installed for the video card. It loads the BlasterControl when the drivers are detected. Your choice - try it and see | No |
| Y | BCMDMMSG | bcmdmmsg.exe | BCM voicemodem driver. Required for dial-up if you have one of these modems | No |
| U | BCMHal | rundll32.exe bcmhal9x.dll, bcinit | BlasterControl for Creative video cards - controls for desktop settings, monitor configuration, colour adjustments and performance tuning. May be needed to retain settings | No |
| Y | BCMSMMSG | BCMSMMSG.exe | BCM voicemodem driver. Required for dial-up if you have one of these modems | No |
| ? | bcmwltry | bcmwltry.exe | Broadcom Corporation Wireless Network Tray Applet. Is it required? | No |
| N | BCNT | bcnt.exe | AWS Weatherbug related. What does it do? | No |
| X | BCPC | bcpc.exe | BroadcastPC adware variant | No |
| X | bcpc_c | bcpc_c.exe | BroadcastPC adware variant | No |
| U | BCTweak | bctweak.exe | BlasterControl for Creative video cards - controls for desktop settings, monitor configuration, colour adjustments and performance tuning. May be needed to retain settings | No |
| X | Bcvsrv32 | bcvsrv32.exe | Added by the GAOBOT.BQJ WORM! | No |
| X | Bcvsrv32 | he3.exe | Added by the AGOBOT.AKB WORM! | No |
| X | Bcvsrv32 | msxml22.exe | Added by the AGOBOT.AKH WORM! | No |
| X | Bcvsrv32 | msc32.exe | Added by the AGOBOT.AKD WORM! | No |
| N | BCWipeTM | bcwipetm.exe | BCWipe Task Manager - scheduler for BCWipe so that it runs at convenient times. You can set a time for running the task, as well as special options for the task. Run manually when needed | No |
| X | BD | dc.exe | Added by the RASDOOR-A TROJAN! | No |
| Y | BDAgent | bdagent.exe | BitDefender Agent - for BitDefender internet security products. Maintains settings (for all users) and provides alerts and System Tray access to the main program. Note - for the System Tray icon to be displayed the Terminal Services service must be set to either "Manual" or "Automatic" | No |
| Y | BDMCon | Bdmcon.exe | BitDefender antivirus | No |
| Y | BDNewsAgent | bdnagent.exe | BitDefender antivirus - updater | No |
| Y | BDOESRV | bdoesrv.exe | Bitdefender 8 antivirus and firewall | No |
| U | BDRegion | brs.exe | Part of Cyberlink's PowerDVD version 8 - removes the Blu-ray region on a DVD | No |
| Y | BDSwitchAgent | bdswitch.exe | Bitdefender 8 antivirus and firewall | No |
| Y | BDWizReg | bdwizreg.exe | Configuration wizard for BitDefender internet security products. Only runs once the product has been installed. Guides you through the steps necessary to configure the BitDefender modules, applies settings to cover your requirements and security needs and takes the first actions to making your computer virus-free | No |
| U | BearFlix | BearFlix.exe | BearFlix is optimized for the fast download of video files | No |
| N | BearShare | bearshare.exe | BearShare file sharing client. Versions known to include spyware - see here | No |
| U | BeatNik Internet Clock | BeatNik.exe | BeatNik Internet Clock is a Windows clock add-on that supports 'skins'. It can also synchronize your computer's clock with an atomic clock | No |
| X | Beawver | saqevre.exe | Added by a variant of the RANKY TROJAN! | No |
| X | Beegees Update | beegees.exe | Added by the SDBOT-ADK WORM! | No |
| ? | BEEI | beei.exe | ?? | No |
| U | BeFaster | befaster3.exe | BeFaster internet connection optimization tool | No |
| ? | BEHL | BEHL.exe | ?? | No |
| ? | BEHLO | BEHLO.exe | ?? | No |
| U | beidsystemtray | beidsystemtray.exe | Related to Belgium Identity Card card reader | No |
| N | Belkin PCMCIA WLAN Monitor | monitorbk.exe | Belkin USB Network Adapter Management utility - can be started manually | No |
| N | Belkin Wireless Utility | Belkinwcui.exe | Wireles configuration utility for some Belkin cards such as the Wireless G Desktop Card | No |
| U | BellSouthAlertManager.exe | BellSouthAlertManager.exe | Related to BellSouth Alert Manager | No |
| U | BelNotify | rundll32.exe [path] NPBelv32.dll, RunDll32_BelNotify | "BelTech from Belarc enables licensees to offer automated, Web-based problem resolution to their end-users. BelTech allows the end-user to simply go to a web page and automatically resolve their problem or point them to the right solution. BelTech Manager allows non-programmers to rapidly and easily deploy and maintain this service" | No |
| ? | BELORVBI | BELORVBI.exe | ?? | No |
| ? | Belsta.exe | Belsta.exe | Configuration tool for Belkin wireless network cards. Required to change the card's configuration. Is it required for correct operation once the confuiguration is changed? | No |
| X | Belt | Belt.exe | VX2.Transponder parasite updater/installer related | No |
| X | Benadril Alert Tool | benadrilalert.exe | Plug-in for WeatherBug advising when pollen count in your area is high - prompting you to buy Benadril | No |
| U | BestCrypt Auto Open | BestCrypt.exe | BestCrypt from Jetico, Inc. "Keeps your confidential data in a strongly encrypted form on your disk and provides you with transparent access" | No |
| X | BestPopUpKiller | BestPopupKiller.exe | Popup killer by Swanksoft - not recommended, see here | No |
| U | BestSync 2008 | BestSyncApp.exe | System Tray access to BestSync® 2008 from Risefly Software - "a professional utility for synchronizing files between your local folders and Network Drives, FTP servers, Removable Media (such as an USB disk)" | No |
| X | BeSys | [path to file] | BeSys adware | No |
| X | beta | svchost.exe | Added by a variant of the DELF.IT TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! | No |
| X | BF4P | bf4p.exe | Added by the IRCBOT.GEN WORM! | No |
| Y | bg | bullguard.exe | Bullguard antivirus and firewall. The P2P version is free with KaZaA Media Desktop and Grokster | No |
| U | BGInfo | Bginfo.exe | BGinfo automatically displays relevant information about a Windows computer on the desktop's background, such as the computer name, IP address, service pack version, and more | No |
| U | BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} | NMBgMonitor.exe | Associated with Nero Scout, added by version 7 of the Nero digital media suite (CD & DVD burning, authoring, etc). Thanks to Help2Go.com, if you feel this is draining more resources that necessary you can disable it by clicking here | No |
| Y | BGNewsAgent | bgnewsag.exe | BullGuard antivirus updater | No |
| N | bgsmsnd | bgsmsnd.exe | Printer driver to generate PDF files from any program | No |
| X | Bharatayuda | GNB.exe | Added by the BHARAT.A WORM! | No |
| N | BHOCop | BHOCop.exe | PC Magazine's BHO Cop that lets you see what browser helper objects are installed. Useful for detecting spyware | No |
| U | BHODemon 2.0 | BHODemon.exe | BHODemon "protects you from unknown Browser Helper Objects (BHOs), by letting you enable/disable them individually. When running, it also monitors your Registry and alerts you when a BHO is installed. Best of all, BHODemon knows about the most common BHOs - the good ones, and the not-so-good ones!". If you prefer forgoing resident protection, the application can also be run on demand | No |
| U | BHR | BHR.exe | Browser Hijack Retaliator - recovers your browser after it has been hijacked by spyware, adware, etc | No |
| U | BI1HelperStartUp | BI1HEL~1.EXE | ScreenScenes "Beach Islands" screensaver. The freeware version comes with GAIN branded ads (pop-ups and others). ScreenScenes do however offer you the option of doing away with the ads by purchasing the screensaver for a whopping $30. Please note that Claria Corporation no longer support GAIN-Supported software - see here | No |
| X | BIE | Rundll32.exe [path] BDSrHook.dll, Rundll32 | BDplugin parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| X | BIG | biggy.exe | Added by the DELBOT-AG WORM! | No |
| N | BigDog303 | VM303_STI.EXE | Vmicro webcam USB utility - allows the webcam to initiate data transfer to a program. Create a shortcut and start it manually when needed | No |
| N | BigDog305 | VM305_STI.EXE | Vmicro webcam USB utility - allows the webcam to initiate data transfer to a program. Create a shortcut and start it manually when needed | No |
| ? | BigDogPath | VM_STI.EXE | Bundled with some software for digital cameras that use a USB connection - what does it do and is it required? | No |
| N | bigfix | BIGFIX.EXE | BigFix can automatically download and read technical support information provided by computer and software manufacturers and other technical support experts (published in the form of Fixlet® Messages) and can automatically check your computer for bugs, configuration conflicts, and security holes. Should only be started manually as it's a resource hog | No |
| X | biglow | biglow.exe | Added by a variant of the Storm/Nuwar/Zhelatin WORM! See here for an example | No |
| X | bigoris | bigoris.exe | Added by the DORF-AZ TROJAN! | No |
| U | BigPond Toolbar | bpumTray.exe | Telstra BigPond Toolbar - "Introducing the free and easy to use BigPond Toolbar that is designed to make your internet experience and managing your Telstra internet account a whole lot easier" | No |
| N | BigPondCable | bpcable.exe | Telstra Bigpond Cable login software - can be started manually | No |
| Y | BigPondWirelessBroadbandCM | BigPond_CM.exe | Related to BigPond_Wireless_Broadband Service by Telstra | No |
| X | bikini | bikini.exe | Added by the LOWZONE-CX TROJAN! | No |
| X | BillGatesLoh.exe | BillGatesLoh.exe | Added by the AGENT-FZO TROJAN! | No |
| N | Billminder | Billmind.exe | Can be setup in Quicken to remind user of due payments. Available via Start -> Programs | No |
| X | bin32hpu | ppstub.exe | PrecisionPop adware | No |
| X | bingdian | Bingdian.vbs | Added by the BINGD WORM! | No |
| ? | Bingo Charm | charms.exe | Some kind of screen icon kind of like desk flag, but it gives you a choice of icons? | No |
| U | Biomenu | menusw.exe | Related to Sony VAIO - passwords, encryption, and a biometric fingerprint sensor | No |
| U | Bionix Wallpaper 5 | Bionix Wallpaper 5.exe | BioniX Wallpaper Changer - "the most advanced wallpaper changer/wallpaper manager software in the world" | No |
| U | BioniXWallpaper | Bionix Wallpaper 5beta.exe | BioniX Wallpaper Changer - "the most advanced wallpaper changer/wallpaper manager software in the world" | No |
| U | BioniXWallpaper | BioniX Wallper.exe | BioniX Wallpaper Changer - "the most advanced wallpaper changer/wallpaper manager software in the world" | No |
| U | BioniXWallpaper | BionixWallpaper5.exe | BioniX Wallpaper Changer - "the most advanced wallpaper changer/wallpaper manager software in the world" | No |
| X | Bios | Bios32.exe | Added by an unidentified VIRUS, WORM or TROJAN! | No |
| X | bios | bios.exe | Added by the BANCBAN-PW TROJAN! | No |
| X | BIOS XP Loader | [random filename] | Added by the RBOT-IC WORM! | No |
| X | BIOS1 | BIOS1.EXE | Added by the OPASERV.T WORM! | No |
| ? | BIOVCIP | BIOVCIP.exe | ?? | No |
| N | BitComet | BitComet.exe | BitComet P2P client - can be launched from Start -> Programs | No |
| Y | BitDefender 12 | bdwizreg.exe | Configuration wizard for BitDefender internet security products. Only runs once the product has been installed. Guides you through the steps necessary to configure the BitDefender modules, applies settings to cover your requirements and security needs and takes the first actions to making your computer virus-free | No |
| Y | BitDefender 2009 | IEShow.exe | Anti-phishing component of BitDefender internet security products. Anti-phishing prevents sensitive data such as usernames, passwords and credit card details being acquired by web-sites and E-mails masquerading as a trustworthy sources | No |
| Y | BitDefender 2009 | bdagent.exe | BitDefender Agent - for BitDefender internet security products. Maintains settings (for all users) and provides alerts and System Tray access to the main program. Note - for the System Tray icon to be displayed the Terminal Services service must be set to either "Manual" or "Automatic" | No |
| Y | BitDefender Antiphishing Helper | IEShow.exe | Anti-phishing component of BitDefender internet security products. Anti-phishing prevents sensitive data such as usernames, passwords and credit card details being acquired by web-sites and E-mails masquerading as a trustworthy sources | No |
| X | BitDefender Antivirus | BITDEFENDERX.EXE | Added by a variant of the SPYBOT WORM! | No |
| Y | BitDefender Communicator | xcommsvr.exe | BitDefender antivirus | No |
| U | BitDefender for MSN Messenger | msnmon.exe | Bitdefender anti-virus for MSN Messenger - no longer supported at the BitDefender website | No |
| U | BitDefender for Yahoo! Messenger | yahmon.exe | Bitdefender anti-virus for Yahoo! Messenger - no longer supported at the BitDefender website | No |
| Y | BitDefender Live! Init | bdinit.exe | BitDefender antivirus | No |
| Y | BitDefender Scan Server | bdss.exe | BitDefender antivirus | No |
| Y | BitDefender Virus Shield | vsserv.exe | BitDefender antivirus | No |
| Y | bitdefenderlive | avxlive.exe | Main program of BitDefender virus scanner/firewall | No |
| U | BitDefender_P2P_Startup | BitDefender_P2P_Startup.exe | Bitdefender anti-virus for P2P clients - no longer supported at the BitDefender website | No |
| U | BitTorrent DNA | btdna.exe | "BitTorrent DNA is a content delivery service that uses a secure, private, managed peer network to power faster, more reliable, more efficient delivery of richer content" | No |
| N | BitWare Print Monitor | bwprnmon.exe | FaxServe network fax software | No |
| N | BJ Printer Status Monitor | Cjstsr.exe | Canon BJ printer status monitor | No |
| N | BJ Status Monitor 5xx | CJSTRxx.EXE | Canon printer status monitor - where "xx" is different depending upon the version. Not required as you can check the printer status via My Computer -> Printers | No |
| N | bjcfd | cdf.exe | BroadJump Client Foundation. Broadband troubleshooting software installed by various companies. Not required and you can remove it via Add/Remove programs | No |
| U | BJPD HID Control | TVMon.exe | Related to Canon Photo viewer | No |
| N | BlackICE PC Protection | blackice.exe | Loads the user interface for the BlackICE PC Protection (was Defender) firewall program. From the parent site - '(the user interface) starts in the "Startup" menu and adds itself to the taskbar. The user interface is independent from the rest of the system and only displays the output or reconfigures the system. It does not need to be running for the rest of the system to run.' See also LoadBlackD | No |
| N | BlackIce Utility | blackice.exe | Loads the user interface for the BlackICE PC Protection (was Defender) firewall program. From the parent site - '(the user interface) starts in the "Startup" menu and adds itself to the taskbar. The user interface is independent from the rest of the system and only displays the output or reconfigures the system. It does not need to be running for the rest of the system to run.' See also LoadBlackD | No |
| U | blads | blads.exe | A Tweak-XP component, blocks advertisement banners in Internet Explorer. Can be enabled/disabled via Tweak-XP / Internet Tweaks | No |
| X | blah service | winupdate.exe | Added by the GAOBOT.BIA WORM! | No |
| X | blah service | winsysengine.exe | Added by the RBOT-KI WORM! | No |
| X | blah service | internet.exe | Added by a variant of the RBOT WORM! | No |
| X | blah service | smnp.exe | Added by the RBOT.IZ WORM! | No |
| X | blah service | msnmsgrr.exe | Added by the RBOT.PZ WORM! | No |
| X | blah service | tazkmgr.exe | Added by the RBOT.UA WORM! | No |
| X | blah service | FaLeH.exe | Added by the RBOT-AES WORM! | No |
| X | blah service | microsoft.exe | Added by a variant of the RBOT WORM! | No |
| X | blah service | evosys.exe | Added by a variant of the RBOT WORM! | No |
| X | blah service | win32.exe | Added by the RBOT-AXO WORM! | No |
| X | Blah service | CCAPPS32.EXE | Added by the RBOT.TV WORM! | No |
| X | blah services | iczw.exe | Added by the RBOT-GMP WORM! | No |
| X | blahh service | msengine.exe | Added by a variant of the RBOT WORM! | No |
| X | blahx service | msnjompa.exe | Added by the SDBOT.AML WORM! | No |
| X | Blank AntiViri | AUT0EXEC.BAT StartUp | Added by the BRONTOK-CJ WORM! | No |
| N | BlazeChanger | FBZPaper.exe | Ember graphic file viewer, manager, and touch-up system | No |
| ? | BlazeServoTool | MediaDetector.exe | Related to BlazeDVD from BlazeVideo - which "is leading powerful and easy-to-use DVD player software." What does it do and is it required? | No |
| N | bldbubg | bldbubg.exe | Part of Dell Alerts which provides customers with an update on latest updates for his/her system | No |
| X | BLF | blf.exe | Added by the DELBOT-M WORM! | No |
| U | blinkx | blinkx.exe | Blinkx Desktop "Smart Folders" software | No |
| N | Blitzz BWI715 | WLANmon.exe | Blitzz Technology BWI715 Wireless PC modem connection monitor | No |
| X | BLMessagingIntegration | blengine.exe | BuddyLinks adware | No |
| U | BlockAds | blads.exe | A Tweak-XP component, blocks advertisement banners in Internet Explorer. Can be enabled/disabled via Tweak-XP / Internet Tweaks | No |
| X | BlockChecker | Block-checker.exe | BlockChecker adware | No |
| X | Blocker System611 Monitoring | PopUpBlocker611.exe | Added by the RBOT.BLJ WORM! | No |
| N | BlockTracker | BlockTracker.exe | If present on a HP machine it tracks all the processes and logs them to a blocklog.txt file | No |
| U | BLOG | rundll32.exe [path] BatLogEx.DLL, StartBattLog | IBM Thinkpad battery management utility that logs changes in battery conditions such as charging, discharging, etc | No |
| U | blsloader | blsloader.exe | BellSouth ISP Internet Tools | No |
| X | blss | blss.exe | Added by the BLARUL TROJAN! | No |
| N | BLSTAPP | blstapp.exe | Puts access to Creative's BlasterControl in the System Tray | No |
| N | Blubster | Blubster.exe | Related to Blubster Music sharing service | No |
| U | Blue Frog | bluefrog.exe | Blue Frog by Blue Security Inc. - actively fights spam by posting complaints on the sites advertised by the spam you receive | No |
| X | Blue Service | [path to trojan] | Added by the BANCOS-BCW TROJAN! | No |
| ? | BlueLight_uoltray | exec.exe | Related to BlueLight Internet. What does it do and is it required? | No |
| U | BlueSoleil | BLUESO~1.EXE | BlueSoleil Bluetooth wireless manager from IVT Corporation | No |
| U | BlueSpace NE | BlueSpaceNE.exe | "BlueSpace NE is a utility program used to run the Bluetooth function on VAIO computers that support the Bluetooth function or on VAIO computers connected to the Bluetooth USB adapter". Shortcut available via Start -> Programs | No |
| X | Bluetooth Config | btwindin32.exe | Added by the SDBOT-DFN WORM! | No |
| U | Bluetooth Connection Assistant | LBTWiz.exe | Bluetooth connection manager for Logitech based bluetooth wireless products | No |
| ? | Bluetooth HCI Monitor | RunDll32 HCIMNTR.DLL,RunCheckHCIMode | Related to the Bluetooth short-range wireless communications technology. For more information on Bluetooth see here. What does it do and is it required? | No |
| U | BlueToothAuthentication Agent | RunDLL32.exe irprops.cpl, BluetoothAuthenticationAgent | Associated with BlueTooth software, designed to allow bluetooth mobile devices to authenticate to the computer, when connecting a PDA to your computer - necessary for the computer and the PDA to communicate. Should you get the error message, "Rundll irprops.cpl missing entry Bluetooth authentication agent", click here for more information. In case you no longer have BlueTooth support installed, and don't need it, simply uncheck the entry in Msconfig > Startup | No |
| U | Blueyonder Instant Support Tool | matcli.exe | "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, state, etc and gets written to a log file". Blueyonder Instant Support is required to run with the Help and Support program. If you uncheck it and and then run Help and Support it will add another Blueyonder Instant Support in the startup menu. If you remove Blueyonder Instant Support in add/remove programs some help menus in help and support will not be available. You decide | No |
| N | BMail Installation | FTP_back.exe | Part of iMesh - a file sharing system. Reported by Norton AntiVirus as a trojan. Once deleted does not prevent file sharing working. Older versions of iMesh re-instate this but the newer versions do not | No |
| X | Bman | BMan1.exe | Abcsearch.com/DealHelper adware variant | No |
| U | BMMGAG | Rundll32 PWRMONIT.DLL, StartPwrMonitor | Displays a battery gauge icon in the Taskbar (not the System Tray). Provides shortcuts to IBM's proprietary power saving settings and to a battery information window | No |
| U | BMMLREF | BMMLREF.EXE | Battery Manager for IBM ThinkPad laptops | No |
| U | BMMMONWND | rundll32.exe [path] BatInfEx.dll, BMMAutonomicMonitor | Battery power management utility for Lenovo (IBM) ThinkPad laptops | No |
| U | BMO MasterCard Wallet | EWALLET.EXE | The wallet conveniently stores billing, shipping and payment information on your PC | No |
| X | BMonq | bmonq.exe | Detected by Trend Micro as the CLICKER.HZ TROJAN! See here | No |
| N | BMupdate | BMupdate.exe | Related to the BookmarkCentral entry. Typically added after downloading drivers for Visioneer scanners for example, and you install the driver self-install | No |
| X | bmw | bmw.exe | Added by the AGOBOT.BBV BACKDOOR! | No |
| X | BMZ | bmz.exe | NCase adware | No |
| X | Bndt32 | Bndt32.exe | Added by the LACON WORM! | No |
| X | Bnexe | [random filename] | Added by the KITRO.D (or ARGEN.A) WORM! | No |
| U | BO1HelperStartUp | BO1HEL~1.EXE | ScreenScenes "Butterfly Oasis" screensaver. The freeware version comes with GAIN branded ads (pop-ups and others). ScreenScenes do however offer you the option of doing away with the ads by purchasing the screensaver for a whopping $30. Please note that Claria Corporation no longer support GAIN-Supported software - see here | No |
| U | BO1HelperStartUp | Bo1helper.exe | ScreenScenes "Butterfly Oasis" screensaver. The freeware version comes with GAIN branded ads (pop-ups and others). ScreenScenes do however offer you the option of doing away with the ads by purchasing the screensaver for a whopping $30. Please note that Claria Corporation no longer support GAIN-Supported software - see here | No |
| X | Boarddata | [path] repcale.exe [path] palsp.exe | Added by a variant of the RANDON.AN WORM! | No |
| X | boat32 | boat32.exe | Added by a variant of the RBOT WORM! | No |
| X | boby | csrs.scr | Added by the BANCBAN-PC TROJAN! | No |
| Y | BOC-412 | BOC412.exe | NSClean (now Comodo) BOClean anti-malware software - "Protect yourself from online identity theft. The greatest threat on the Internet today is having your personal information hijacked remotely". Version 4.12 | No |
| Y | BOC-420 | BOC420.exe | NSClean (now Comodo) BOClean anti-malware software - "Protect yourself from online identity theft. The greatest threat on the Internet today is having your personal information hijacked remotely". Version 4.20 | No |
| Y | BOC-421 | BOC421.exe | NSClean (now Comodo) BOClean anti-malware software - "Protect yourself from online identity theft. The greatest threat on the Internet today is having your personal information hijacked remotely". Version 4.21 | No |
| Y | BOC-422 | BOC422.exe | NSClean (now Comodo) BOClean anti-malware software - "Protect yourself from online identity theft. The greatest threat on the Internet today is having your personal information hijacked remotely". Version 4.22 | No |
| Y | BOC-423 | BOC423.exe | Comodo BOClean anti-malware software - "Protect yourself from online identity theft. The greatest threat on the Internet today is having your personal information hijacked remotely". Version 4.23 | No |
| Y | BOC-424 | BOC424.exe | Comodo BOClean anti-malware software - "Protect yourself from online identity theft. The greatest threat on the Internet today is having your personal information hijacked remotely". Version 4.24 | No |
| Y | BOC-425 | BOC425.exe | Comodo BOClean anti-malware software - "Protect yourself from online identity theft. The greatest threat on the Internet today is having your personal information hijacked remotely". Version 4.25 | No |
| Y | BOC-426 | BOC426.exe | Comodo BOClean anti-malware software - "Protect yourself from online identity theft. The greatest threat on the Internet today is having your personal information hijacked remotely". Version 4.26 | No |
| Y | BOC-427 | BOC427.exe | Comodo BOClean anti-malware software - "Protect yourself from online identity theft. The greatest threat on the Internet today is having your personal information hijacked remotely". Version 4.27 | No |
| Y | BOCleanautostart | Boclean.exe | NSClean's BOClean anti-trojan software | No |
| U | BOINC Manager | boincmgr.exe | BOINC manager - "controls the use of your computer's disk, network, and processor resources" | No |
| U | Boingo Wireless Utility | Icon###XXX#X#.exe | Starts the Boingo Wireless utility, used to detect and login into Boingo wireless hotspots. The filename may be autogenerated when installing, two different variations along the lines listed here, where # is a number and X is a letter. Shortcut available via Start -> Programs | No |
| X | bolenja | bolenja.exe | Added by the WANTVI.BF TROJAN! | No |
| X | bolenjx | bolenjx.exe | Added by the ELDYCOW.O TROJAN! | No |
| X | boler.exe | syser.exe | Added by the RBOT-AYS WORM! | No |
| U | bombshel | BOMB32.EXE | Part of McAfee Nuts & Bolts. Protects your Windows system from application failure and crashes - similar to Norton Crashguard. Your choice - may cause problems | No |
| X | Bonzi Buddy | ?? | Bonzi Buddy adware - see here for removal instructions | No |
| X | boo | boo.exe | Adware downloader - detected by Kaspersky as the FAVADD.O TROJAN! | No |
| X | BookedSpace | RunDLL32.EXE bs2.dll, DllRun | BookedSpace parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "bs2.dll" file is located in the Winnt or Windows folder | No |
| N | BookmarkCentral | BMLauncher.exe | Bookmark Express - "offers a more flexible way to manage Web site bookmarks, regardless of which browser you use" | No |
| N | BookMarkSink | syncit.exe | Bookmark synchronization utility | No |
| N | BookMarkSync | syncit.exe | Sync2IT BookMarkSync - "real-time automatic synchronization service that allows you to access your bookmarks, favorites and favorite files from any computer or any browser". Only installed with the users explicit permission and generally only remains running if the user decides to subscribe to the service. If it is no longer required it should be uninstalled to prevent a large number of clients 'checking in' to the server that have no chance of synchronizing | No |
| N | BookMarkSync2It | sync2it.exe | Sync2IT BookMarkSync - "real-time automatic synchronization service that allows you to access your bookmarks, favorites and favorite files from any computer or any browser". Only installed with the users explicit permission and generally only remains running if the user decides to subscribe to the service. If it is no longer required it should be uninstalled to prevent a large number of clients 'checking in' to the server that have no chance of synchronizing | No |
| U | Boost XP Service | bxservice.exe | Boost XP from Systweak - WinXP tweaking utility | No |
| U | BoostSpeed | boostspeed.exe | System Tray accesss to Auslogics BoostSpeed 4 system optimization utility - which "Start programs faster. Speed up computer start time. Increase Internet speed, optimize your Internet Explorer, Firefox and E-mail programs" | Yes |
| X | boot | boot.exe | Added by the PUPPET-A TROJAN! Located in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| U | Boot | Boot.exe | Part of Acer Empowering Technology. "Acer ePower Management is a straightforward interface that allows users to select from pre-configured power usage profiles, or to create their own customized profiles". Located in the "AcerEmpowering TechnologyePower" directory | No |
| X | Boot Check | bootchk.exe | Added by the DELBOT-AB WORM! | No |
| X | Boot Config | bootconfig.exe | Added by the FLOOD-EV TROJAN! | No |
| X | Boot K | bootk.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Boot Manager | Njgal.exe | Added by the KILO TROJAN! | No |
| X | Boot Manager | bootmng.exe | Added by a variant of the SPYBOT WORM! | No |
| X | Boot Server | bootserver.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Boot Service | bootservice.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Boot Service | bootsv.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Boot Verify | bootvfy.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | BootCfg | Install.log.vbs | Added by the YPSAN.D WORM! | No |
| X | BootCTRL | bootctrl.exe | Added by an unidentified WORM or TROJAN! | No |
| X | BootLoader | BootLoader.exe.vbs | Added by the WATERWORKS WORM! | No |
| X | bootpd.exe | bootpd.exe | Added by the AGENT-DT TROJAN! | No |
| X | BootsCfg | wscript.exe [path] Date.POP.vbs | Added by the KUULLIO WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted | No |
| X | BootsCfg | wscript.exe [path] All Users.vbs | Added by the SPILTRON WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted | No |
| X | BootsCfg | wscript.exe [path] All Users.vbe | Added by the SPILTRON WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted | No |
| X | BootsCfg | wscript.exe Install.log.vbs | Added by the YPSAN.E WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted. The "Install.log.vbs" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| Y | BootSkin Startup Jobs | BootSkin.exe | Stardock BootSkin is a program that allows users to change their Windows 2000 and Windows XP boot screens | No |
| U | BootStatus | BOOTST~1.EXE | Visual Basic program that pops up a small window on startup telling you how many times the machine has been booted that day. Once you exit it, it has no more effect on resources | No |
| U | BootWarn | BootWarn.exe | From here: "Norton AntiVirus Boot Warning. This program is installed as a startup item when you install Norton AntiVirus, and also sometimes when you do a LiveUpdate which updates Norton AntiVirus significantly enough that a reboot is needed to complete the installation. We believe its purpose to be to warn the end-user that he must reboot his PC before using Norton AntiVirus in those cases when a reboot did not happen with the result that Norton AntiVirus did not fully complete its installation or software updating. Recommendation : Start Norton AntiVirus from "Start Programs Norton AntiVirus". If Norton AntiVirus comes up without problems, then fix this entry from the Msconfig Startup tab - it was left behind by mistake and is no longer needed now that Norton AntiVirus is fully installed and opens without error messages" | No |
| X | boot_reg | [path to file] | Added by the BANCBAN-CA TROJAN! | No |
| N | Bose Wave/PC Monitor | wavepcmonitor.exe | System Tray access for this system (more info on the system here). Available via Start -> Programs | No |
| X | BossIdea | winlogin.exe | Added by the LINEAGE-I TROJAN! | No |
| ? | Boston | Boston.exe | Part of the Boston Acoustics USB speaker systems. What does it do and is it required? | No |
| X | Bot Loader | svchostt.exe | Added by the GAOBOT.ALV WORM! | No |
| X | Bouncer RunStartup | bouncer.exe | Virtual Bouncer - malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove, so definitely qualifies as unsolicited commercial software in itself. It also has an update feature that can download and execute arbitrary code. Warning - choose "custom" uninstall as "automatic" may remove other programs - see here | No |
| X | Bouncer RunStartup | LiveUpdate.exe | Virtual Bouncer - malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove, so definitely qualifies as unsolicited commercial software in itself. It also has an update feature that can download and execute arbitrary code. Warning - choose "custom" uninstall as "automatic" may remove other programs - see here | No |
| X | boy lovers of bsd | ilikeboys.exe | Added by the MYTOB.LY WORM! | No |
| U | bpcpost.exe | bpcpost.exe | MS TV Viewer Post Setup Program. Part of MS WebTV for Windows. Used to display TV on your PC via a compatible video card with in-built tuner (such as ATI All-In-Wonder). If you don't use it - uninstall it | No |
| X | BPCV2 | BPCV2.exe | BroadcastPC adware | No |
| X | BPCv2 re | bpc2 re inst.exe | BroadcastPC adware variant | No |
| U | BPK | bpk.exe | Blazing Tools Perfect Keylogger keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| N | BPServer | G6FTPSrv.exe | BulletProof FTP Server | No |
| U | BQTray.exe | BQTray.exe | System Tray access to BurnQuick CD burning software. Only required if you use the queueing facility, hence the U recommendation. Create your own desktop shortcut to start manually | No |
| X | Brasil | Brasil.exe | Added by the OPASERV.E WORM! | No |
| X | Brasil | BRASIL.PIF | Added by the OPASERV.E WORM! | No |
| X | BrasilOld | [worm filename] | Added by the OPASERV.P WORM! | No |
| X | BraveSentry | BraveSentry.exe | BraveSentry spyware remover - not recommended, see here | No |
| X | braviax | braviax.exe | Added by the FAKEALER.LE TROJAN! | No |
| X | Brct | trdb.exe | Detected by Kaspersky as the PURITYSCAN.Y TROJAN! | No |
| U | Break_Reminder | BREAK REMINDER.exe | Break Reminder - Remind yourself to take breaks to prevent computer related injuries. See here | No |
| Y | Bredbandsbolaget | servicecenter.exe | Related to the Brebband Swedish Broadband provider | No |
| X | Breg | bcre.exe | BroadcastPC adware variant | No |
| X | Breg | bptre.exe | BroadcastPC adware variant | No |
| X | Breg | breg.exe | BroadcastPC adware | No |
| X | Bridge | rundll32.exe [path] Bridge.dll,Load | Flingstone.com browser hijacker. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| Y | Brindys BriTray | BRITRAY.EXE | Main process for the following applications: GEDEX, SICARIO, BRINOTES, BRIRESPA, SICURE, TRASGO, UNDOCS, FRESH & BRIFAME (all of them from Brindys Software). Performs the following tasks [un]installation, web software autoupdate, notification windows, interprocess communication, tray bar icons & menus, alarms (brinotes), and common web launching from the mentioned applications. Can be stopped safely once run if so desired | No |
| U | BrmfRmPA | BrmfRmPA.exe | Brother resource manager - needed for a Brother MFC printer/copiert/scanner and PC to properly communicate | No |
| U | broadband medic | matcli.exe | "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". ntlbroadband Help is required to run with the Help and Support program. If you uncheck ntlbroadband Help and and then run Help and Support it will add another ntlbroadband Help in the startup menu. If you remove the ntlbroadband Help in the add/remove program some help menus in help and support will not be available. You decide | No |
| N | Broadband Wizard | bbwiz.exe | Starts Broadband Wizard so it runs in the System Tray. This application tests and optimizes your Cable or DSL connection. Available via Start -> Programs | No |
| N | BroadCamRun | broadCam.exe | BroadCam is an easy to use video streamer designed to broadcast live video using a webcam (or other camera) and microphone | No |
| U | Broadcom Wireless Manager UI | bcmntray.exe | Related to Broadcom Network Adapters for additional configuration options for these devices. Should not be terminated unless suspected to be causing problems | No |
| N | Broadcom Wireless Manager UI | wltray.exe | System tray access to wireless LAN card configuration options | No |
| X | Bron-Spizaetus | CVT.exe | Added by the RONTOKBRO WORM! | No |
| X | Bron-Spizaetus | norBtok.exe | Added by the RONTOKBRO.B WORM! | No |
| X | Bron-Spizaetus | [path to file] | Added by the BRONTOK-F WORM! | No |
| X | Bron-Spizaetus | bronstab.exe | Added by the RONTOKBRO.C WORM! | No |
| X | Bron-Spizaetus | eksplorasi.exe | Added by the RONTOKBRO.J WORM! | No |
| X | Bron-Spizaetus | ElnorB.exe | Added by the RONTOKBRO.D WORM! | No |
| X | Bron-Spizaetus | sempalong.exe | Added by the BRONTOK-E WORM! | No |
| X | Bron-Spizaetus | RakyatKelaparan.exe | Added by the BRONTOK-J or BRONTOK-L WORMS! | No |
| X | Bron-Spizaetus-5118REPM | komodo-6321422.exe | Added by the BRONTOK-R WORM! | No |
| X | Bron-Spizaetus-cfgmktoq | bbm-qotkmgfc.exe | Added by the BRONTOK-M WORM! | No |
| X | Bron-Spizaetus-cfgmmnru | bbm-urnmmgfc.exe | Added by the BRONTOK-N WORM! | No |
| X | BRoNToK | BRoNToK.exe | Added by the BRONTOK-CG WORM! | No |
| X | BrowseProxy | FindService.exe | Actual Names (AdvSearch) Internet Keywords parasite | No |
| X | browser | msgaol.exe | Added by the TACTSLAY.C TROJAN! | No |
| X | browser | s_menu.exe | Added by the TACTSLAY.C TROJAN! | No |
| X | browser | browse.exe | Added by the TACTSLAY.C TROJAN! | No |
| X | browser | deamon.exe | Added by the TACTSLAY.C TROJAN! | No |
| X | browser aid | browseraid.exe | BrowserAid/BrowserPal foistware | No |
| X | Browser Help Svc | BHSV.EXE | Added by the RBOT-AVQ WORM! | No |
| Y | Browser Hijack Blaster | bhblaster.exe | Browser Hijack Blaster - protects your system from browser hijackers and spyware that alters your IE settings. Now replaced by SpywareGuard | No |
| U | Browser Launcher | Commandr.exe | Logitech internet keyboard "Commander" software - loads the software for the shortcut keys on the keyboard. Not required unless you want to use the short cut keys | No |
| X | Browser Pal | adblck.exe | BrowserAid/BrowserPal foistware | No |
| U | Browser Sentinel | BrowserSentinel.exe | Browser Sentinel - notifies you if a program wants to penetrate into Internet explorer, add itself to the Windows auto-run list or change your home page | No |
| X | BrowserUpdateSched | [random filename] | ZenoSearch adware | No |
| N | BrowserWebCheck | loadwc.exe | Checks to make sure that IE is still your default browser | No |
| X | BrO_AcT | BrO-AcT.exe | Added by the SILLYFDC-D WORM! | No |
| X | brwdiag | [path to worm] | Added by the STRATIO-BN WORM! | No |
| N | BS Player | bsplayer.exe | BSplayer - A video player used to play avi, mpg, wmv and other multimedia files | No |
| N | BsCLiP | BSCLIP.exe | CD recording utility that comes with a lot of CDR/CDRW drives and isn't required | No |
| X | Bsoft lppt01 | Bsoft.exe | RapidBlaster variant (in a "BelmontSoft" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here | No |
| N | bsplayer | bsplayer.exe | BSplayer - a video player used to play avi, mpg, wmv and other multimedia files | No |
| X | BSserver | FileKan.exe | Added by the VB.CBW WORM! | No |
| X | BSVCHOST | SVCH0ST.EXE | Added by the VOXOM TROJAN! Notice the digit "0" in the filename rather than the upper case "o" | No |
| X | Bsx3 | RunDLL32.EXE bs3.dll, DllRun | BookedSpace parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "bs3.dll" file is located in the Winnt or Windows folder | No |
| X | BT | [path to trojan] | Added by the LITEBOT-B TROJAN! | No |
| U | BT Broadband Desktop Help | matcli.exe | "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". BT Broadband Help is required to run with the Help and Support program. If you uncheck BT Broadband Help and and then run Help and Support it will add another BT Broadband Help in the startup menu. If you remove the BT Broadband Help in the add/remove program some help menus in help and support will not be available. You decide | No |
| U | BT Broadband Help | matcli.exe | "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". BT Broadband Help is required to run with the Help and Support program. If you uncheck BT Broadband Help and and then run Help and Support it will add another BT Broadband Help in the startup menu. If you remove the BT Broadband Help in the add/remove program some help menus in help and support will not be available. You decide | No |
| X | BT00003* | abcdefg23.exe | Added by the VB-VT TROJAN where * = 5,6 or 7! | No |
| X | BT00003* | hiklmnop27.exe | Added by the VB-VT TROJAN where * = 2,3 or 4! | No |
| U | btbb_wcm_McciTrayApp | McciTrayApp.exe | System tray access to Motive's Broadband 2.0 configuration and repair utility | No |
| ? | btinst | btinst.exe | Associated with an Anycom bluetooth wireless card. What does it do and is it required? | No |
| U | BTModemProtection | BTModemProtection.exe | BT Privacy Online modem protection software, see here | No |
| X | btmsre.exe | btmsre.exe | Detected by PCTools as the SDBOT.ACIK BACKDOOR! See here | No |
| U | BTopenworld | DialBTYahoo.exe | BT Yahoo! internet connection manager | No |
| ? | BTSETBOOTKEY | BTSetBootKey.exe | Related to a USB Bluetooth adaptor. What does it do and is it required? | No |
| U | BtStart | btstart.exe | Broadcom (formerly WIDCOMM) Bluetooth Connectivity Software | No |
| U | bttray | bttray.exe | System tray icon which shows the status of a BlueTooth wireless module. Most systems with such a module installed can enable/disable the module. The system tray icon changes from blue/white to blue/red when the module is turned off. Allows access to explore bluetooth places, setup wizard, advanced configuration, quick connect and shutdown device | No |
| Y | BTUSRBDG | BtUsrBdg.exe | Used with a Mitsumi USB Bluetooth adaptor (and maybe others) | No |
| Y | BTUSRBDGF | BtUsrBdg.exe | Used with a Mitsumi USB Bluetooth adaptor (and maybe others) | No |
| X | BTV | btv.exe | BroadcastPC adware | No |
| X | BtvC | btvclean.exe | BroadcastPC adware | No |
| Y | Bubble | Bubble.exe | Added by Windows SteadyState which "helps make it easy for you to keep your computers running the way you want them to, no matter who uses them." Bubble allows notification messages to appear on a computer managed by Windows SteadyState | No |
| N | Buddyizer | Buddyizer.exe | Part of the AIMster Peer to Peer (P2P) file sharing application that runs over the AOL Instant Messenger network | No |
| N | BudgetSip | BudgetSip.exe | BudgetSip - internet telephony utility using the VoIP (Voice over Internet Protocol). Call online friends for free and regular phones either for free (limited use) or low rates. One of a number provided by Betamax - the others generally have different rate plans. Similar to the more popular Skype | No |
| U | BUFFALO Power Save Utility for HD | HDManage.exe | Power Save utility for Buffalo backup hard discs | No |
| N | Bug Eliminator | Bug_Elim.exe | Bug Eliminator - "performs a complete health check on your computer safely, securely, and silently!" | No |
| U | bugwatcher service | bugwatcher.exe | Bugtoaster is a service that sends reports on system/program crashes (certain types) back to Bugtoaster. They relay information to program authors and provide, if available, any known solutions to the crashes. It doesn't take up any room in memory, just activates in the event of certain program failures | No |
| N | BuildBU | bldbubg.exe | Part of Dell Alerts which provides customers with an update on latest updates for his/her system | No |
| X | BuildLab | services.exe | Added by the NEVEG.B or NEVEG.C WORMS! Note - this is not the legitimate services.exe process, which should not appear in Msconfig/Startup! | No |
| X | BuildLab | winlogon.exe | Added by the NEVEG.A WORM! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup! | No |
| X | BuildLabs | csrss.exe | Added by the WEBUS TROJAN! Note - this worm replaces the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! | No |
| X | BuildLabs | lsass.exe | Added by the WEBUS.B TROJAN! Note - this is not the legitimate lsass.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the System folder | No |
| U | Bulldog Service | upsd.exe | Belkin's Bulldog Plus control software which runs under Windows 95 or later and monitors the UPS (Uninterrupted Power Supply) via a serial or USB link | No |
| N | BulletProof FTP Server | bpftpserver.exe | BulletProof FTP Server | No |
| Y | BullGuard | mgui.exe | Part of Bullguard antivirus | No |
| Y | BullGuard | BullGuard.exe | Part of BullGuard antivirus | No |
| U | BullGuard Update | avxlive.exe | Part of Bullguard antivirus. Leave enabled unless you manually update virus definitions | No |
| Y | BullGuard XComm | XCOMMSVR.EXE | Part of Bullguard antivirus | No |
| Y | BullGuardInit | AVXINIT.EXE | Part of Bullguard antivirus | No |
| Y | BullguardoptIn | bulldownload.exe | Part of Bullguard antivirus | No |
| X | BullsEye | bargains.exe | BargainBuddy adware | No |
| X | BullsEye Network | bargains.exe | BargainBuddy adware | No |
| ? | BullsEye Tracker | BeTrack.exe | Bullseye - intelligent research assistant | No |
| X | Bunx | beagle.exe | Added by the LEBREAT-E WORM! | No |
| X | buritos | buritos.exe | Identified as a variant of the Downloader.FraudLoad.C malware | No |
| N | BurnQuick Queue | BQTray.exe | System Tray access to BurnQuick CD burning software. Only required if you use the queueing facility, hence the U recommendation. Create your own desktop shortcut to start manually | No |
| U | Button Server | bttnserv.exe | Found on a Compaq PC, for the extra buttons on the keyboard for the speaker volume, media player, sleep and internet buttons. If the buttons aren't used on the keyboard or your's doesn't have them, then it isn't required | No |
| N | ButtonKey | ButtonKey.exe | CyberView TWAIN driver for the Pacific Image range of 35mm film scanners. Enables the one touch scanning button and places an icon an the System Tray. Use your scanners software or run it manually by creating a shortcut | No |
| N | Buzme | Bmui.exe | Buzme by RingCentral, Inc - internet call waiting. Intercepts telephone calls like an answering machine and plays the voice message on your PC. Only required when you're on-line and via dial-up modem | No |
| U | BuzMe | RCUI.exe | Display Client for the BuzMe Internet Call Waiting Service | No |
| U | Buzof.exe | buzof.exe | Buzof from Basta Computing "enables you to automatically answer, close or minimize virtually any recurring window including messages, prompts, and dialog boxes" | No |
| X | BVWORSFM | bvworsfm.exe | Added by the DLUCA-AD TROJAN! | No |
| N | bwprnmon.exe | bwprnmon.exe | FaxServe network fax software | No |
| X | bxproxy | bxproxy.exe | Added by the BXPROXY TROJAN! | No |
| X | bxproxy | [random].dll | Spyware Soft Stop misleading security software - not recommended, see here and here | No |
| X | bxsx5 | RunDLL32.EXE bsx5.dll, DllRun | BookedSpace parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "bsx5.dll" file is located in the Winnt or Windows folder | No |
| X | bxxs5 | RunDLL32.EXE bxxs5.dll, dllrun | BookedSpace parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "bxxs5.dll" file is located in the Winnt or Windows folder | No |
| X | Bymer.Scanner | Wininit.exe | Added by the BYMER WORM! | No |
| X | Bymer.Scanner | Msinit.exe | Added by the BYMER WORM! | No |
| U | BySoft FreeRAM | FreeRAM.exe | "Bysoft FreeRAM is a program that frees up ram manually or automatically. It shows current memory status , memory load and CPU usage graphically". MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mind | No |
| X | c | c:archiv~1win.com | Added by the CUYDOC TROJAN! | No |
| U | C-Media Echo Control | EchoCtrl.exe | C-Media produce audio chipsets that are often found on popular motherboards with on-board audio. You may need it if you use the echo control feature of C-Media Mixer | No |
| N | C-Media Mixer | Mixer.exe | C-Media produce audio chipsets that are often found on popular motherboards with on-board audio. Provides System Tray access to change audio settings. Available via Start -> Settings -> Control Panel or Start -> Programs | No |
| U | C2K | CYB2K.EXE | CYBERsitter 2000 or 2001 - anti-adult content filter primarily. Required if you want the sites you visit filtered without having to load the software every time you launch your browser | No |
| U | c32cs2 | c32cs2.exe | Cyber Sentinel - internet filtering software | No |
| X | C7 | [path to worm] | Added by the MEDIAKILL.A WORM! | No |
| U | C:\Program Files\NetMeter\NetMeter.exe | NetMeter.exe | "Net Meter is a small, customizable network bandwidth monitoring program for Win9x/Me/NT4/2K/XP. NetMeter is and will always stay freeware. The program has been tested extensively on Win2K/XP, but it should work just as well on all other Win32 operating systems" | No |
| X | C:\WINDOWS\IEXPLOR.EXE | IEXPLOR.EXE | "Pop Marketing" adware | No |
| X | C:\WINDOWS\system32\SetupCmd.exe | SetupCmd.exe | Detected by Kaspersky as the AGENT.AAW TROJAN! | No |
| X | C:\WINDOWS\WinTask.exe | WinTask.exe | "Pop Marketing" adware | No |
| U | CA-AMAgent | amagent.exe | Unicenter Asset Management is a solution for proactively managing IT assets in a business environment. It provides full-featured asset tracking capabilities through automated discovery, hardware inventory, network inventory, software inventory, configuration management, software usage monitoring, license management and extensive cross-platform reporting | No |
| Y | CaAvTray | CAVTray.exe | eTrust? EZ Antivirus system tray application from Computer Associates | No |
| X | Cabchk | Cabchk.exe | Added by the GEMA TROJAN! | No |
| X | Cabchk32 | Cabchk32.exe | Added by the GEMA TROJAN! | No |
| X | CABCInstall | CABCInstall.exe | Ignite Technologies (was CABC) content delivery software | No |
| X | Cable Modem Adapter | WindowsSec.exe | Added by the WOOTBOT.A WORM! | No |
| U | CacheBoost | trayicon.exe | CacheBoost "optimizes the System Cache-Management of Windows XP/2000/NT and Windows .Net Servers, resulting in a performance boost" | No |
| X | CacheLoader | [path to trojan] | Added by the DLOADER-NZ TROJAN! | No |
| N | Cacheman | Cacheman.exe | Freeware disk cache tweaker from Outer Technologies. Should only be run once and not loaded at start-up | No |
| Y | CacheMgr | CacheMgr.exe | Sophos Antivirus Remote Update | No |
| U | CacheSentry Pro | CacheSentry Pro.exe | "CacheSentry Pro is a program that takes over the management of the Internet Explorer (and AOL) web browser cache" | No |
| N | CACStarter | cacstart.exe | Cash A Check - check writing software | No |
| U | Caddais BackupOnDemand | BODMon.exe | Caddais BackupOnDemand - "runs in the background and monitors your important files for changes. Within seconds of changing, modified files are automatically backed up to an archive location" | No |
| U | Cadenza | CdzSvc.exe | Cadenza mNotes for Palm and Pocket PC enables users to access Lotus Notes on their mobile devices | No |
| U | CADS | cads.exe | Cyber Sentinel - internet filtering software | No |
| U | CafeStation | CafeStation.exe | "CafeSuite is the solution for your internet cafe. Our software provides you with ameans to control the workstations, manage customer database, sell products and generate detailed reports and statistics" | No |
| Y | cafwc | cafw.exe | CA Personal Firewall - part of the CA Internet Security Suite | No |
| N | CAgent | CAgent.exe | Abbyy Fine Reader OCR (Optical Character Recognition) software for scanning and converting documents | No |
| X | cAgOu | [filename].hta | Added by the KAKWORM WORM! | No |
| N | CahootWebcard | CahootWebcard.exe | "The Cahoot Webcard is a virtual card that allows you to use your Cahoot credit card online without ever having to expose your real card numbers over the web. It works by generating one-off transaction numbers as a substitute for your real cahoot credit card details". Run manually when needed | No |
| X | caidiysetup | diynetsetupuni.exe | DIYNet adware | No |
| Y | CAISafe | isafe.exe | Part of Computer Associates eTrust EZ Antivirus | No |
| U | CaISSDT | caissdt.exe | Computer Associates Dashboard Tray applet | No |
| N | Cal Reminder Shortcut | calrem.exe | Produces a pop-up reminder of events scheduled using the MS Office Calendar | No |
| X | Calc Microsoft Windows | wincalc.exe | Added by an unidentied WORM or TROJAN! | No |
| X | CALC32 | CALC32.EXE | Added by the SPYBOT-EC WORM! | No |
| N | Calendar 200X Reminder | calendar.exe | Calendar 200X - shows holidays, reminders of various anniversaries,tasks etc | No |
| U | Calendarscope | cs.exe | Calendarscope calendar software | No |
| X | calk | calk.exe | Added by the STARTPA-FH TROJAN! | No |
| X | Call Function System32 | sddriver.exe | Added by a variant of the SDBOT TROJAN! | No |
| X | Call32 | Call32.exe | Added by the SPAMMIT-H TROJAN! | No |
| Y | CallBumping | cbpopw.exe | Related to the Gazel 128 PCI ISDN adapter. Required if you use it | No |
| U | CallCenter Main Application | V3calmcp.exe | "V3 Inc. CallCenter is a free 32-bit, integrated fax, voicemail and data communications application with a simple to use interface providing fax send and receive functionality, basic (single mailbox) answering machine capability, and sophistcated data communications." Main application | No |
| U | CallCenter Printer Interface | V3faxecp.exe | "V3 Inc. CallCenter is a free 32-bit, integrated fax, voicemail and data communications application with a simple to use interface providing fax send and receive functionality, basic (single mailbox) answering machine capability, and sophistcated data communications." Fax printer | No |
| N | CallControl | ftctrl32.exe | FaxTalk Messenger Pro is a Windows TAPI based 32-bit application. When installed, the software automatically loads FaxTalk CallControl when you start Windows. When FaxTalk CallControl is running, any TAPI compliant application can request to use the modem from Windows | No |
| N | CamCheck | CamCheck.exe | NuCam camera software related | No |
| U | Cameno | Cameno.exe | Cameno is a program which brings tabbed windows to MSN Messenger 6.0 and above | No |
| U | Camera Assistant Software | traybar.exe | Camera Assistant Software utility for Toshiba laptops - allows you to take pictures with and control the integrated WebCam | No |
| U | Camera Detector | CAMDET~*.EXE | ACDSee Auto Device Detector detects when a device is connected to your PC and gives you the option to acquire images from it automatically | No |
| U | Camera Detector | Camdetect.exe | ACDSee Auto Device Detector detects when a device is connected to your PC and gives you the option to acquire images from it automatically | No |
| U | Camera Detector | DEVDET~*.EXE | ACDSee Auto Device Detector detects when a device is connected to your PC and gives you the option to acquire images from it automatically | No |
| N | Camio Viewer x | IXApplet.exe | Image viewing program that comes with digital cameras. Shows pictures that are in the camera before downloading them. "x" in the name is the version | No |
| ? | CamMonitor | hpqcmon.exe | From HP and related to digital imaging | No |
| N | Canada | Canada.exe | Known to be a dialler - but is it maliscous or clean? | No |
| U | Canary | canary-std.exe | Canary keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| X | candy | command32.exe | Added by the RBOT-LV WORM! | No |
| X | candynet | Taskmsg.exe | Added by the RBOT-NA WORM! | No |
| U | Canon MultiPASS Status Monitor | monitr32.exe | Cannon Multi-Pass status monitor - your choice | No |
| ? | Canon PC1200 iC D600 iR1200G Status Window | CAPM1LAK.EXE | Cannon printer related - is it required in startup? | No |
| N | Canon Printer Monitor BJCxxx | Cjstlst.exe | Trayicon for Canon printer. xxx denotes model. Available via Start -> Programs | No |
| U | CanonMyPrinter | BJMyPrt.exe | Printer software for Canon Bubblejet printers | No |
| U | CanonSolutionMenu | CNSLMAIN.exe | Canon's Solution Menu dialog box leads you quickly toward documentation, utilities, and help files | No |
| ? | CAP3ON | CAP3ONN.EXE | Canon driver, purpose unknown. Is it required in startup? | No |
| Y | capfasem | capfasem.exe | CA Personal Firewall - part of the CA Internet Security Suite | No |
| N | Capfax | capfax.exe | PhoneTools fax software | No |
| U | capfupgrade | capfupgrade.exe | CA Personal Firewall - part of the CA Internet Security Suite | No |
| U | CAPing | CAPing.exe | Citibank Citianywhere software | No |
| Y | Capon | Capon.exe | Canon printer driver | No |
| Y | Capon | Caponn.exe | Canon printer driver | No |
| X | CaptionMgr32 | crssr.exe | Added by the ZAR.A WORM! | No |
| X | capture | capture.exe | Added by the THEEF-B TROJAN! | No |
| N | Capture Express 2000 | capexp.exe | Capture Express - screen capture utility | No |
| N | CaptureBat | Capture.exe | !Quick Screen Capture from EtruSoft Inc. - "allows you to take screenshots from any part of your screen in more than 10 ways, and save images in BMP/JPG/GIF formats" | No |
| N | Carbonite Backup | CarboniteUI.exe | "Carbonite?s online backup service starts automatically and works quietly and continuously in the background protecting your data" | No |
| N | Card Monitor | REGCNT09.exe | For the USB connection on a Panasonic PV-DV701 Digital Camcorder. Available via Start -> Programs | No |
| ? | CardScan AutoSync | CSyncCfg.exe | Related to the CardScan business card reader range of products. May be related to synchronization with E-mail software and mobile devices (see here? | No |
| X | Care20 | Care20.exe | TopMoxie adware | No |
| U | Care2GTU | Care2GTU.exe | Care2 Green Thumbs-Up (from the Care2 site). Every online purchase helps environmental causes; tells you how eco-friendly a company really is, thanks to over 200 company profiles from Coop America. Saves 1 square foot of rainforest every day you use it. If it works and you like it, keep it | No |
| U | carpserv | carpserv.exe | Associated with Zoltrix and Conexant modems - enables the internal modem speaker, allowing you to listen to the dial-up sounds for example | No |
| X | CARPserver | CARPserver.exe | Added by the BANKER-AN TROJAN! | No |
| U | CARPservice | carpserv.exe | Associated with Zoltrix and Conexant modems - enables the internal modem speaker, allowing you to listen to the dial-up sounds for example | No |
| X | cartao | [path to file] | Added by the DLOADER-QD TROJAN! | No |
| X | cartao | conflicted.exe | Added by the DADOBRA-DV TROJAN! | No |
| X | cartao | killing.exe | Added by the DLOADER-QN TROJAN! | No |
| X | CAS Client | casclient.exe | CasinoClient adware | No |
| X | Cas2Stub | cas2stub.exe | CasinoClient adware | No |
| U | CasAgnt | CasAgnt.exe | Program by Extended Systems which allows you to sync your Casio PDA with your PC | No |
| X | Casdvqwa | bmqnzkg.exe | Added by the RANDEX.BE WORM! | No |
| X | caseyvideo | caseyvideo.exe | Malware causing adult content popups | No |
| X | caseyvideo[*] [* = digit] | caseyvideo[*].exe [* = digit] | Malware causing adult content popups | No |
| X | CashBack | cashback.exe | Part of eXact Advertising Software, consisting of "CashBack by BargainBuddy", BullsEye Network and NaviSearch | No |
| X | CashFiesta | Cashfiesta.exe | CASHFIESTA.A pay-per-surf adware | No |
| N | Cashsurfers Cashbar Navigator | Cashbar.Exe | Cashsurfers CashBar Navigator - "The CashBar rotates banner advertisements once per minute and provides you with access to up to date special offers and deals" | No |
| X | CashToolbar | MSCStat.exe | Added by the DOWNLOADER-MY TROJAN! | No |
| X | CashToolbar | svchost.exe | BrowserAid/CashToolbar adware! Note - this is not the legitimate svchost.exe process which should not normally figure in Msconfig/Startup! | No |
| X | Casino Royale | jamesbond.exe | Added by the RBOT-FZO WORM! | No |
| X | Cassandra | [10 to 14 random char]THD.EXE | Added by the KREPPER-AI TROJAN! | No |
| X | Cassandra | cassandra.exe | SuperSpider hijacker - a CoolWebSearch parasite variant. Also detected as a variant of the KREPPER TROJAN! | No |
| X | CasStub | casstub.exe | Added by the CASS-A TROJAN! | No |
| X | Catalyst Control Centre | atixvdm.exe | Added by the RBOT.DMW TROJAN! | No |
| X | catsrv | catsrv.exe | Added by the PAPLOK TROJAN! | No |
| Y | CAVRID | CAVRID.exe | eTrust? EZ Antivirus Real Time Infection Report from Computer Associates | No |
| Y | CAVS | CAVS.exe | Cheyenne (now eTrust) antivirus | No |
| X | CAZNOVAS | CAZNOVAS.exe | Added by the CAZNO TROJAN! | No |
| X | CBACK.EXE | CBACK.EXE | Added by the PENTA-A TROJAN! | No |
| U | CBWAttn | CBWAttn.exe | Required for Bitware to answer incoming faxes, can cause sleep mode problems | No |
| U | CBWHost | CBWHost.exe | Required for Bitware to answer incoming faxes, can cause sleep mode problems | No |
| ? | CBWUser | CBWDial.exe | Associated with Bitware that integrates fax, voice, pager, and data communications on your desktop | No |
| X | CC2KUI | comet.exe | Comet Cursor adware | No |
| X | Ccao | regedit.exe | Probably a variant of MediaTickets adware. Note - this is not the valid Windows registry editor which resides in Windows or Winnt and will not figure in Msconfig/Startup! This version resides in a "mduu" subfolder, which may change | No |
| Y | ccApp | ccApp.exe | Part of Norton AntiVirus. Auto-protect and E-mail check will not function without this | No |
| X | ccApp | [random filename] | Added by the OBSORB TROJAN! Note the random filename compared to the valid Norton AntiVirus | No |
| X | ccApp | WMADZ.EXE | Added by the RBOT-LJ WORM! | No |
| X | ccApp | .EXE | Added by the RBOT-LJ WORM! | No |
| X | ccApp | gcasServ.exe | Added by a variant of the RBOT WORM! Do not confuse with the Microsoft AntiSpyware executable of the same name | No |
| X | ccApp | example.exe | TwoSeven spyware | No |
| X | ccAppr | svcrhost.exe | Added by the TACTSLAY.A TROJAN! | No |
| X | ccAppr | expIorer.exe | Added by the TACTSLAY.A TROJAN! | No |
| X | ccAppr | outIook.exe | Added by the TACTSLAY.A TROJAN! | No |
| X | ccAppr | svcshost.exe | Added by the TACTSLAY.A TROJAN! | No |
| X | ccApps | services.exe | Added by the NEVEG.B or NEVEG.C WORMS! Note - this is not the legitimate services.exe process, which should not appear in Msconfig/Startup! | No |
| X | ccApps | winlogon.exe | Added by the NEVEG.A WORM! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup! | No |
| X | ccApps | N/A | Added by the KANGAROO-A TROJAN! | No |
| X | ccApps | ccApps.exe | Added by the KANGAROO-B WORM! | No |
| X | ccctp | HistoryJMTi.exe | Added by the GANBATE.A WORM! | No |
| U | CCD Manager | DDS.EXE | Project Labs Century CD manager for their CD/DVD storage device | No |
| N | Ccdecode | rundll32.exe streamci, StreamingDeviceSetup | Part of the closed caption decdoder/MS VBI codec. Should only run once | No |
| Y | CCDoctorLogonTesting | ccdoctor.exe | Checks your system to make sure it's configured properly for running IBM Rational ClearCase, a source code management tool. ClearCase is fairly sophisticated so there are a lot of system-related things that can cause it grief. If you run ClearCase you should not disable this as it provides a valuable service, but technically it isn't required to use the ClearCase product | No |
| Y | ccenter | CCenter.exe | RAV AntiVirus | No |
| Y | CcEvtMgr | ccEvtMgr.exe | Part of Norton AntiVirus 2003. Event manager for scheduling weekly scans and or automatic virus updates. Used to start automatically via "ccApp" and was not required as a seperate entry but a recent update changed this | No |
| X | ccEvtMrg.exe | ccEvtMrg.exe | Added by the RBOT.GZ WORM! | No |
| X | ccExecute | bootcfg1.exe | Added by the NEMSI-B VIRUS! | No |
| X | ccHelp | ccHelp.hta | Searchq adware | No |
| U | CCleaner | CCleaner.exe | CCleaner from Piriform Ltd. - "is a freeware system optimization, privacy and cleaning tool." Features include removing unused files, cleaning internet history cleaning, managing startup programs and a fully featured registry cleaner | No |
| X | ccpApps | csrss.exe | Added by the WEBUS TROJAN! Note - this worm replaces the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! | No |
| X | ccpApps | lsass.exe | Added by the WEBUS.B TROJAN! Note - this is not the legitimate lsass.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the System folder | No |
| U | ccProxy | CCPROXY.EXE | Part of Norton Internet Security, proxy server that is used to support the parental controls. If you turn parental controls off at user level the process is not loaded. Reported to cause excessive CPU usage | No |
| X | ccPrxy.exe | ccPrxy.exe | Added by the SHIPUP-H WORM! | No |
| Y | CcPxySvc | CCPXYSVC.exe | Part of Norton's AntiVirus 2003, Internet Security and Firewall products. E-mail proxy service - required for E-mail scanning and the firewall | No |
| X | ccreg | explorer.exe | Added by the ZCREW BACKDOOR! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System% | No |
| Y | CcRegVfy | ccRegVfy.exe | Part of Norton AntiVirus 2003. "ccRegVfy.exe is responsible for checking the integrity of the NAV registry entries to make sure that the information has not been changed by a malicious threat or a hack" | No |
| X | ccRegVfY | expIorer.exe | Added by the TACTSLAY.A TROJAN! | No |
| X | ccRegVfY | svcrhost.exe | Added by the TACTSLAY.A TROJAN! | No |
| X | ccRegVfY | svcshost.exe | Added by the TACTSLAY.A TROJAN! | No |
| X | ccRegVfY | outIook.exe | Added by the TACTSLAY.A TROJAN! | No |
| X | ccrss | msdtc.exe | Added by the STAP-C WORM! | No |
| Y | ccSetMgr | ccSetMgr.exe | Part of Norton AntiVirus 2004. What does it do? | No |
| X | ccSvcHst.exe | ccSvcHst.exe | Added by the SDBOT-DIW WORM! | No |
| X | ccsvit.exe | ccsvit.exe | Added by the STARTPA-HP TROJAN! | No |
| U | cctray | cctray.exe | Part of CA Internet Security Suite | No |
| X | ccUpdate | ccUpdate.exe | Added by the AGOBOT.YS WORM! | No |
| U | ccUpdMgr | ccUpdMgr.exe | In Loco Parentis remote surveillance software. Uninstall this software unless you put it there yourself! | No |
| U | CCUTRAYICON | CCU_TrayIcon.exe | Related to Traybar Launcher from Intel Corporation belonging to Intel® Viiv® | No |
| U | ccWasher | aolwasher.exe | Webroot Cache & Cookie Washer - cleaning browser tracks, including cache, cookies, history, mail trash, drop-down address bar, auto-complete forms and downloaded program files for IE, Netscape and AOL | No |
| U | CCWC7a | ac.exe | Moleculesoft Cache, Cookie & Windows Cleaner. No longer supported but available for free | No |
| U | CCWC7I | idxl.exe | Moleculesoft Cache, Cookie & Windows Cleaner. No longer supported but available for free | No |
| U | CCWC7s | stealth.exe | Moleculesoft Cache, Cookie & Windows Cleaner. No longer supported but available for free | No |
| Y | CCWinTray | wintmr.exe | System Tray access to Child Control parental control software by Salfield | No |
| N | CD Storage Master | cdstorager.exe | CD Storage Master - a program designed to catalog CD information, boasts a number of handy features for organizing your collection | No |
| X | cd1 | cd1.exe | Premium rate adult content dialler | No |
| N | CDANTSRV | CDANTSRV.exe | C-Dilla License Management software. Used for any program that uses C-dilla Protection, example: 3D Studio Max 4.x. It loads as a service automatically but is not needed unless you run said program. Can be started and stopped manually | No |
| X | Cdcompat | Cdcompat.exe | Added by the GEMA TROJAN! | No |
| X | cddrv32 | cddrv32.exe | Added by a variant of the CRYPTER.C TROJAN! | No |
| N | CDInterceptor | cdi.exe | CD indexer for measuring the speed of CD players | No |
| Y | cdloader | cdloader2.exe | From MagicJack - "A softphone device that allows you to attach an analog phone into the PC so you can have a traditional-style phone system in your house without any monthly charge" | No |
| X | CdnCtr | cdnup.exe | CNNIC Update pest | No |
| X | CDriver | windrv.exe | Added by the DELF.WG TROJAN! | No |
| X | CDriver | svchost.exe | Added by a variant of the DELF.IT TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! | No |
| X | Cdrom Controller | cdromcntrl.exe | Added by the BATTRY-A TROJAN! | No |
| X | cds | cds.exe | Added by the SPYMON TROJAN! | No |
| X | CDSpeed.exe | CDSpeed.exe | Detected by Kaspersky as the IRCBOT.AEX BACKDOOR! See here | No |
| N | CDTray | CDTray.exe | On HP PCs, this is the small CD icon next to the time | No |
| U | CeEKEY | CeEKey.exe | Hot Key utility included on Toshiba Satellite laptops | No |
| U | CeEPOWER | cepmtray.exe | Toshiba's Power Management Utility - allows the user to setup different profiles for both AC power and Battery Power on laptops. Contols CPU speed, Monitor Shut Off, Hard Drive Shut-Off, Monitor Brightness, System Stand-by and System Hibernate times | No |
| ? | Ceic | Ceic.exe | ?? | No |
| X | Cekirge | [path to worm] | Added by the KERGEZ.A WORM! | No |
| X | center | [random name]32.exe | Added by the BOFRA.A WORM! | No |
| X | CentralProcessor | taskimgr.exe | Added by the BANCOS.J TROJAN! | No |
| ? | CEPA | wsot.exe | ?? | No |
| U | CertificateRegistration | SafeSignCertReg.exe | SafeSign Certificate Registration Utility for Microsoft Crypto applications | No |
| U | CertReg | certreg.exe | Related to Gemplus Card Reader | No |
| Y | CertStoreInit | CertStoreInit | Aladdin eToken authentication and password management | No |
| N | CesarFTP FTP Server | server.exe | CesarFTPd - FTP server | No |
| X | cesmain.dll | Rundll32.exe [path] cmail.dll, Rundll32 | CnsMin (Chinese Keywords) hijacker related. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| X | CEventMgr | Cell.exe | Added by the BIFROSE-AK TROJAN! | No |
| N | CFD | CFD.exe | BroadJump Client Foundation. Broadband troubleshooting software installed by various companies. Not required and you can remove it via Add/Remove programs | No |
| X | CFDStart | WinMuschi.exe | WINMUSCHI dialler | No |
| X | cfgboost | cfgboot.exe | Added by an unidentified WORM or TROJAN! | No |
| Y | cfgintpr | cfgintpr.exe | Configuration Interpreter - part of Tiny Personal Firewall V4 | No |
| X | cfgmgr51 | RunDLL32.EXE cfgmgr51.dll, DllRun | BookedSpace parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "cfgmgr51.dll" file is located in the Winnt or Windows folder | No |
| X | cfgmgr52 | RunDLL32.EXE cfgmgr52.dll, DllRun | BookedSpace parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "cfgmgr52.dll" file is located in the Winnt or Windows folder | No |
| N | cfgwiz | cfgwiz.exe | Introduced with Norton Anti-Virus 2002, this is a real resource hog. Many NAV users will find they can live without loading it | No |
| U | CFi ShellToys Utility Manager | CFiShlMan.exe | Manager for CFi ShellToys from Cool Focus International Ltd - which "puts all the tools you need right where you need them - just a click away on your context menu. Right-click one or more files or folders, the desktop or the window background for instant access to 50 context-sensitive shell extensions" | No |
| ? | cFosDNT | cFosDNT.exe | cFos DSL Modem driver related. What does it do and is it required? | No |
| ? | cFosInst_Check | cfosinst.exe | cFos DSL Modem driver related. What does it do and is it required? | No |
| U | cFosSpeed | cFosSpeed.exe | cFos Software Internet acceleration program related. Note - may be necessary for the software to work properly | No |
| U | CFSServ.exe | CFSServ.exe | Belongs to Toshiba's configfree utility and searches for Wireless Devices | No |
| X | cftmon | sfcmonit.exe | Added by a variant of the AGENT.ERG TROJAN! | No |
| X | cftmon | WindowsUpdate.exe | Detected by Kaspersky as the AGENT.AQK BACKDOOR! See here | No |
| X | cftmon32 | taskmgr*.exe [* = number] | Added by the SOWSAT.C and SOWSAT.J WORMS! | No |
| X | cfy | cfy.exe | Surfenhance.com SearchForIt adware variant | No |
| X | CGI Firewall Script | CGIAGENT.EXE | Added by the BROPIA-U WORM! | No |
| U | CGServer | cgserver.exe | Associated with an Eicon Networks ISDN or ADSL modem. Call Guard Server (CGserver) watches your modem and blocks incoming or outgoing calls. You need cgard.exe (from Startmenu) to configure cgserver with rules and telephone numbers. Good against unwanted dialer programs | No |
| X | Cgtask Services | cgtask.exe | Added by the LALA.B TROJAN! | No |
| X | Cgywin | cgywin32.exe | Added by the RBOT-AEI WORM! | No |
| U | ChamClock | ChamClock.exe | Chameleon Clock - system tray clock replacement | No |
| X | change-me-now | msgfix1.exe | Added by the SDBOT.ZD WORM! | No |
| U | ChangeICON | SPMSMON.EXE | Card reader related program. Note - may cause problems with My Computer loading at startup. Disabling through MsConfig seems to solve the problem | No |
| ? | ChangeLines | chngline.exe | ?? | No |
| Y | Charter High-Speed Security Suite | fspex.exe | Charter High-Speed Security Suite - security software in collaboration with F-Secure | No |
| X | Chat login | chatlogin.exe | Added by the ANTINNY.F WORM! | No |
| N | Chatango | Chatango.exe | Chatango - "allows people to be connected in real time through their Web browsers. Include your Chatango contact link or button when you create eBay auctions, blogs, personal websites, Friendster profiles, and your visitors will be able to contact you instantly, without downloading anything, or registering. Alo use it to send email to your friends, allowing them to respond to you in real time!." The 'MessageCatcher' icon in the System Tray notifies you when you get a message. When you get a message, a little alert pops up, which you can click on and start chatting immediately | No |
| U | ChatStat | ChatStat.exe | ChatStat from ChatStat Technologies, Inc. Provides live chat assistance in up to 16 languages allows your operators to be more productive | No |
| N | Chcenter | chcenter.exe | IMSI HiJaak - "the easiest way to convert, capture, and manage all your graphic files" | No |
| X | Chckup | Netverchk.exe | Covert Sys Exec malware variant | No |
| X | chcp.exe | chcp.exe | Detected by Kaspersky as the SDBOT.BMH WORM! See here | No |
| X | che32 | che.ocx.vbs | Added by the ADENU-B VIRUS! | No |
| X | Cheatle | GigaByte.exe | Added by the SHODI.B VIRUS! | No |
| X | Check | Check.exe | Added by the VB-DRN WORM! | No |
| N | Check for One Touch Update | wiseupdt.exe | Checks for updates for Visioneer OneTouch scanners | No |
| N | Check for TWS Updates | WiseUpdt.exe | Interactive Brokers - check for update to their standalone Java-based trading platform | No |
| U | Check Messenger | cmesseng.exe | Check Messenger from Qchex.com - program that helps you manage the activity of your Qchex account. Qchex appear to be no longer in buisness | No |
| U | Check&Get | Check&Get.exe | Check&Get from ActiveURLs. Manages your browser bookmarks and favorites. Monitors Web sites for changes and updates, captures and highlights the changed contents | No |
| N | CheckCustomWorksUpdate | CheckCWupdate.exe | Update checker, part of CustomWorks - "customize any embroidery designs to design your own unique creations" | No |
| U | CheckDialer | ChkDial.exe | Added by the CheckDialer modem connection monitoring tool | No |
| X | Checkdisk | mscas.exe | Added by the VAGON-A TROJAN! | No |
| X | CheckFaultKernel | mswdm.exe | Added by the SMALL-CSK TROJAN! | No |
| U | CheckIt | ToolBox.exe | CheckIt Toolbox from WinCheckIt Diagnostic Software. Toolbox automatically backs up critical system files (such as .ini files and the Windows Registry), and performs a check on various system parameters at intervals you specify | No |
| U | CheckIt 86 | CheckIt86.exe | CheckIt 86 popup blocker | No |
| Y | CheckMsgPlus | MsgPlusH.dll, VerifyInstallation | Added by MSN Messenger Plus, a third party extension to MSN Messenger. This is the auto-update feature - see here for more info. | No |
| X | checkrun | elite***32.exe [* = random char] | EliteBar adware | No |
| X | checkrun | elitelsj32.exe | Added by the MULTIDR-ER TROJAN! | No |
| X | CheckScan32 | regload16.exe | Added by the AEBOT.K WORM! | No |
| ? | checktime | ct.exe | Found in the HPSelectFrontend directory on a HP machine. What is it's purpose and is it required? | No |
| Y | CheckVCR | IOMagic.exe | Driver for the I/OMagic Personal Video Recorder (DR-PCTV100) | No |
| X | CheckWinPerf | perfinfo.exe | Added by a variant of the IRCBOT TROJAN! | No |
| U | CherryKeyMan | KeyMan.exe | Multimedia keyboard manager for the Cherry keyboard series. Only required if you use any of the special keys | No |
| X | chiCkie | chiCkie.exe | Added by the CHIKO WORM! | No |
| U | ChicoSys | webtmr.exe | Child Control parental control software | No |
| U | ChikkaDefault | ChikkaLauncher.exe | Chikka PC text messanger and IM client | No |
| X | china11msn | CHINA11MSN.EXE | Added by the ENVID.O WORM! | No |
| U | ChineseStar | cstar.exe | Chinese language support software | No |
| U | CHIPDRIVEPinManager | sokscmpn.exe | ChipDrive Smartcard software | No |
| U | CHIPDRIVESmartcardManager | SCMgr.exe | ChipDrive Smartcard software | No |
| X | CHK Disker | chkdsker.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | CHK NT | chkntf.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| N | CHKADMIN | CHKADMIN.EXE | Compaq Network Management System. When running, it places an icon in the system tray titled "Intelligent Manageability" | No |
| X | ChkDisk | chk_disk.exe | Added by an unidentified WORM or TROJAN! | No |
| X | chkdrv | iemon.exe | Detected by Symantec as the ADCLICKER TROJAN! | No |
| X | chkdsk | autoexec.bat | Added by the ANPES WORM! | No |
| U | ChkMail | ChkMail.exe | Mail-checking program supplied with Acer notebooks | No |
| U | ChoiceMail | CHOICEMAIL.EXE | ChoiceMail from DigiPortal Software. Block spam with an Email firewall | No |
| X | Choke | Choke.exe -blahhh | Added by the CHOKE WORM! | No |
| X | chope | runlli32.exe | Added by the QQPASS-U TROJAN! | No |
| X | chostsv | chostsv.exe | Added by the BANPAES.C TROJAN! | No |
| U | CHotKey | mhotkey.exe | Enables special keys on Chicony keyboards. Special combinations include Internet, E-mail, vol+, vol-, mute, etc. Only required for extended features | No |
| U | CHotKey | MK9805.EXE | Enables special keys on Chicony keyboards. Special combinations include Internet, E-mail, vol+, vol-, mute, etc. Only required for extended features | No |
| U | CHotKey | zHotkey.exe | Enables special keys on Chicony keyboards. Special combinations include Internet, E-mail, vol , vol-, mute, etc. Only required for extended features | No |
| N | Christmas Music Player | TTEST6.EXE | "Christmas Music Player brings the music of the Christmas Holiday to your desktop" | No |
| ? | ChromeMark | keysh.exe | Related to this. Don't know what keysh.exe does though and if it's required | No |
| ? | ChronitelInitTV | CHTVINIT.EXE | ?? | No |
| U | chrono | chrono.exe | Chronograph is a simple utility that synchronizes internal computer clock to the atomic time. Chronograph automatically maintains correct time using atomic clock servers of the National Institute of Standards and Technology (NIST)." Shows seconds and shows the date without having to hover the mouse. Shows a calendar when hovered over | No |
| X | Ci Svr | cisvr.exe | Detected by Trend Micro as the IRCBOT.AWN BACKDOOR! See here | No |
| X | ci1gnt | ci1gnt.exe | Detected by Kaspersky as the AGENT.DHU TROJAN! | No |
| X | CiaBackdoor | msldr.com | Added by a VIRUS! | No |
| X | cihost.exe | cihost.exe | Added by the LINST TROJAN! | No |
| N | CIJxP2PSERVER | CIJxP2PS.EXE | Compaq printer utility which is required in order to make the printer work correctly - "x" depends upon the model, ie, for IJ300 x=3, for IJ700 x=7 | No |
| Y | Cingular Communication Manager | CingularCCM.exe | Cingular Communication Manager - now taken over by AT&T. "provides a robust set of wireless communication tools for businesses and individuals. With wireless access to email, the Internet, business applications and corporate intranets, mobile users can be more productive while they're out of the office" | No |
| X | Cinnabd Prompt32 | CmdPrompt32.pif | Added by the ASSIRAL-B WORM! | No |
| N | CIO | che7e1~1.exe | ChatItOut webcam chat program | No |
| X | Ciodiag | DECCONF.EXE | Added by the STRAT.EL TROJAN! | No |
| X | CirebonPunya | XXrocks.exe | Added by the BHARAT.A WORM! | No |
| U | Cisco Systems VPN Client | ipsecdialer.exe | Cisco VPN Client - lets local users gain Administrator privileges on the operating system | No |
| U | Cisco Systems VPN Client | vpngui.exe | Sets up IPSec communications for Cisco's VPN Client | No |
| N | CISrvr Program | CISRVR.EXE | Related to internet setup on Compaq PC's | No |
| X | Cissi | Cissi.exe | Added by the CISSI.A WORM! | No |
| U | CitiUCS | CitiUCS.exe | Citibank Virtual Account Numbers - "With this free service for Citi cardmembers, you never have to give out your real credit card number online" | No |
| N | CitiVAN | CitiVAN.exe | Option from Citibank to change a credit card number in a random fashion for each purchase. The number will only be used once and never again | No |
| X | cjb | cjb.exe | Added by the AGENT.ALZE TROJAN! | No |
| X | cjb | cjb*.exe | Added by a variant of the AGENT.ALZE TROJAN - where * is a random digit and the file is located in %ProgramFiles%\cjb | No |
| X | CJET | CJet.exe | FFToolBar adware toolbar | No |
| Y | Cjstcom | Cjstcom.exe | Canon printer BJ status language monitor | No |
| Y | ClamWin | ClamTray.exe | ClamWin antivirus | No |
| X | Classes | int1.exe | "Switch" premium rate adult content dialler variant | No |
| X | Classes | intl.exe | "Switch" premium rate adult content dialler variant | No |
| X | Classes | run_21.exe | "Switch" premium rate adult content dialler variant | No |
| X | Classes | srv.exe | "Switch" premium rate adult content dialler variant | No |
| X | Classes | srv2.exe | "Switch" premium rate adult content dialler variant | No |
| X | Classes | MSTAR2.EXE | "Switch" premium rate adult content dialler variant | No |
| X | Classes | mstart.exe | "Switch" premium rate adult content dialler variant | No |
| X | clcbt.exe | clcbt.exe | Added by the AGENT.CBA TROJAN! | No |
| X | clcl3 | clcl3.exe | Added by the AGENT.ES TROJAN! | No |
| X | clcl7 | clcl7.exe | Added by a variant of the Covert Sys Exec TROJAN! | No |
| U | CLCLSet | CLCL.exe | CLCL clipboard caching utility | No |
| N | Clean Access Agent | CCAAgent.exe | Cisco Clean Access Agent from Cisco Systems, Inc | No |
| X | Clean Mgr | cleanmg.exe | Detected by Trend Micro as the IRCBOT.BBO BACKDOOR! See here | No |
| X | Clean up | service.exe | Added by the AGENT-FPY TROJAN! | No |
| ? | CleanEasyImg | cleanall.exe | ?? | No |
| X | Cleaner2009 Freeware | UCLN.exe | Cleaner2009 rogue privacy program - not recommended, removal instructions here | No |
| ? | CleanRegPath | CleanReg.exe | Apparently Annex A ADSL modem related. What does it do and is it required? | No |
| U | CleanSweep Smart Sweep- Internet Sweep | Csinsm32.exe | Automatic logging of installs from Norton CleanSweep - available via Start -> Programs | No |
| N | CleanSweep Useage Watch | CSUSEM32.EXE | Quarterdeck/Norton CleanSweep component - tracks how often you use files and alerts you to files that have not been used for a specified period of time | No |
| U | CleanTemp | CLEANT~1.EXE | CleanTemp - deletes the contents of the TEMP directory when Windows starts and then closes - using no memory | No |
| U | CleanTemp | CleanTemp.exe | CleanTemp - deletes the contents of the TEMP directory when Windows starts and then closes - using no memory | No |
| N | Cleanup | ONICTASK.EXE | Internet Cleanup from Allume Systems (used to be by OnTrack) - cleans up tracks left by browsing the internet | No |
| Y | CleanUp | mcappins.exe | Used by McAfee Virusscan to perform product updates. When updates are available the program will download and install them automatically. Recommended to leave enabled | No |
| ? | CleanupProgram | cleanup.exe | In a C:Sonysys folder - Sony Vaio related? | No |
| X | clean_service | clean_service.cmd | Added by the REFAZ WORM! | No |
| U | CleverKeys | CK.exe | CleverKeys - "is free software that provides instant access to definitions at Dictionary.com, synonyms at Thesaurus.com, facts at Reference.com and more ? from almost all Windows programs, including word processors, Web browsers and most e-mail programs" | No |
| X | clfmon | clfmon.exe | Added by the TACTSLAY.E TROJAN! | No |
| X | clfmon | nvsvca32.exe | Added by the TACTSLAY.E TROJAN! | No |
| X | clfmon.exe | clfmon.exe | Added by the AGENT-BJ TROJAN! | No |
| X | Cli Confg | cliconfig.exe | Added by a variant of the SPYBOT WORM! See here | No |
| X | CLI Services | clisrv.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| N | Click Radio Tuner | clickr~1.exe | ClickRadio - subscription service playing radio music via the internet | No |
| N | Click Tray Calendar | ClickT~1.EXE | ClickTray Calendar - shows holidays, reminders of various anniversaries,tasks etc | No |
| N | ClickMe | ClickMe.exe | ClickM "JOKE" program | No |
| U | Clickoff | Clickoff.exe | Clickoff automatically dismisses annoying dialog boxes | No |
| X | ClickTheButton | CTB.EXE | ClickTheButton adware | No |
| X | ClickTheButton | csrss.exe | ClickTheButton adware. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "drivers" subfolder | No |
| X | ClickTheButton | cd_load.exe | Added by the DOWNLOADER-MY TROJAN! | No |
| X | CLICONFG | CLICONFG.EXE | Added by the OPASERV.T WORM! | No |
| U | Client Access API Daemon | cwbappcd.exe | IBM iSeries Client Access, see here | No |
| N | Client Access Check Version | cwbckver.exe | Part of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. Checks the software version on your PC to that of the iSeries it is connected to. Not required - and can be turned off in the Client Access properties. It's a waste of resources | No |
| ? | Client Access Express Welcome | cwbwlwiz.exe | Welcome wizard launcher - Part of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. What does it do and is it required? | No |
| N | Client Access Help Update | cwbinhlp.exe | Client Access Help Registry Update Function - part of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. It only updates the help files on your PC to match the level of the attached iSeries | No |
| N | Client Access Service | CwbSvStr.Exe | Part of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. Useful if you are going to access the iSeries through Windows Explorer to move files back and forth between Windows folders and iSeries folders. This is a tool that is only used by Client Access administrators (usually) so it is not required - a waste of resources | No |
| U | Client Access Taskbar | cwbuitsk.exe | IBM iSeries Client Access taskbar, see here | No |
| X | Client Agent | ipxwping.exe | Added by the PPDOOR-N TROJAN! | No |
| X | Client Agent | photes.exe | Added by the PPDOOR-P TROJAN! | No |
| X | Client Agent | [path to file] | Added by the PPDOOR-J TROJAN! | No |
| ? | Client agent for ARCserve | W95AGENT.EXE | Part of Brightstor ARCserve Backup from Computer Associates. What does it do and is it required? | No |
| X | Client for Microsoft Networks | msclient32.exe | Added by the SDBOT-BXQ WORM! | No |
| X | Client Server Control Process | [path to trojan] | Added by the AGENT-HR TROJAN! | No |
| X | Client Server Run Time Proccess | csrsrv.exe | Added by a variant of the SDBOT WORM! | No |
| X | Client Server Runtime | [path to worm] | Added by the POEBOT-KR WORM! | No |
| X | Client Server Runtime Process | csrsss.exe | Added by the SDBOT-LD WORM! | No |
| X | Client Server Runtime Process | csrs.exe | Added by the LINKBOT.M WORM! | No |
| X | Client Server Runtime Process | smmss.exe | Backdoor TROJAN! Possible SDBOT-GEN variant | No |
| X | Client Update | wup.exe | Added by the OPANKI.O WORM! | No |
| X | ClientMan1 | mscman.exe | ClientMan parasite variant | No |
| N | Clik Status Monitor | toolsclickstat.exe | Part of Iomega Tools to let you know whether an Iomega PocketZip (nee Clik) removable drive cartridge is installed | No |
| X | Clip Service Manager | clipmg.exe | Detected by Kaspersky as the DELF.DXJ TROJAN! See here | No |
| X | Clip Servicer | clipsrvc.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Clip Srv | clipsv.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | clipboard.exe | clipboard.exe | Added by an unidentified WORM or TROJAN! | No |
| N | Clipbook Service | Clipsrv.exe | Supports Windows XP ClipBook Viewer, which allows pages to be seen by remote ClipBooks | No |
| U | clipdiary | clipdiary.exe | Clipdiary from Softvoile - "Free Clipboard Manager for keeping the clipboard history" | No |
| N | ClipMate5x | ClipMt5x.exe | Clip Mate 5.x by Thornsoft. Utility that allows you to store more than one item in the clipboard. Available via Start -> Programs | No |
| N | Clipmate6 | CLIPMT60.EXE | Clip Mate 6 by Thornsoft. Utility that allows you to store more than one item in the clipboard. Available via Start -> Programs | No |
| N | ClipMate7 | ClipMate.exe | Clip Mate 7 by Thornsoft - utility that allows you to store more than one item in the clipboard | No |
| N | Clipomatic | Clipomatic.exe | Mike Lin's Clipomatic is a clipboard cache program - it remembers what was copied to the clipboard even after new data is copied, and allows you to retrieve the old data | No |
| N | Clipsrv | Clipsrv.exe | Supports Windows XP ClipBook Viewer, which allows pages to be seen by remote ClipBooks | No |
| X | ClipSrv | clipserv.exe | Added by the SDBOT-AAV and SDBOT-AFE WORMS! | No |
| X | ClipSrv | CLIPBRD3D.EXE | Added by the MOFEI-D WORM! | No |
| X | Clipsvc | clipsv.exe | Added by the BLACKHOLE.F BACKDOOR! | No |
| N | ClipTrak | ClipTrak.exe | ClipTrak - clipboard extender | No |
| N | ClipTrakker | ClipTrakker.exe | Cliptrakker - clipboard extender | No |
| N | CLISTART | CLIStart.exe | Puts the ATI Catalyst™ Control Center Icon/Shortcut on the System Tray - available via Start → Programs | No |
| X | clkhost | [path to trojan] | Added by the WIXUD-B TROJAN! | No |
| U | CLMFrontPanel | clmpanel.exe | System tray status/display/configuration utility for a number of modems. Can be disabled by right-clicking on the tray icon. If disabled, connection status is lost | No |
| ? | clnwall | rundll.exe setupx.dll, InstallHinfSection ..delwall.inf | ?? | No |
| X | clock | [various filenames] | LiveChat Adware - known file names include: mssetup.exe, kstatus.exe, spoolsv.exe, sptsupd.exe, osk.exe, msswchx.exe, netdde.exe, msbkup.exe | No |
| X | Clock Manager | amsngr.exe | Added by the SDBOT-XM TROJAN! | No |
| X | ClockSync | Sync.exe | ClockSync - synchronizes your system clock with an internet time server. It's by WhenU, the makers of the Save Now spyware, and they're usually seen in tandem, so it's advised to replace it with one of may spyware free alternatives available | No |
| U | ClockWise | CLOCKWISE.EXE | ClockWise - produced by R J Software - a time utility. It is a schedueler not only for dates, but you can choose it to run programs at any time. It also updates the time by connecting to an atomic clock server. This is a spyware-free alternative to ClockSync | No |
| U | ClocX | ClocX.exe | ClocX - places a clock on the desktop that can be moved and then changed into a calendar plus you can set alarms etc? | No |
| U | CloneCD | CloneCDTray.exe | System tray for the now discontinued CloneCD. The only useful option is "Hide CDR Media" only available via this tray. Has additional unknown functions in later versions | No |
| U | CloneCDElbyCDFL | ElbyCheck.exe | From Elaborate Bytes who make CloneCD - monitors the installed filters of CD-ROMs/DVD-ROMs. Note - under Win2K removing this from startup causes the CD drive in the computer to not be recognized in the OS and after rechecking it prompts that the driver has been corrupted and asks you to restart the computer to fix it | No |
| U | CloneCDTray | CloneCDTray.exe | System tray for the now discontinued CloneCD. The only useful option is "Hide CDR Media" only available via this tray. Has additional unknown functions in later versions | No |
| ? | Clotusorgreg0 | prtStart.exe [path] Orgprt.exe | IBM Lotus SmartSuite related. In a LotusOrgReg folder. Unclear what exactly it does? | No |
| X | Clre | mmdc.exe | Added by the PURSCAN-AI TROJAN! | No |
| X | ClrSchLoader | [path to file] | ClearSearch adware | No |
| X | CLSID | com.exe | Adult content dialler | No |
| X | CLSID | dll.exe | Adult content dialler | No |
| X | CLSID | msgplus.exe | Adult content dialler | No |
| X | CLSID | plugin.exe | Adult content dialler | No |
| X | CLSID | sed.exe | Adult content dialler | No |
| X | CLSID | msgplus.exe | Premium rate adult content dialer. Note - this is NOT the MSN Messenger 'MessengerPlus' extension | No |
| X | CLSRSS | LSACS.EXE | Added by the SILLYFDC-X WORM! | No |
| ? | CM-SmWizard | SmWizard.exe | SmartWizard MFC Application - associated with C-Media who produce audio chipsets commonly used for on-board sound on motherboards. What does it do and is it required? | No |
| U | cma | cma.exe | DeskSite CMA siftware - "retrieves new content from the DeskSite Data Center" | No |
| X | CMAPP | cmappclient.exe | CasClient adware - also detected as the CMAPP TROJAN! | No |
| N | Cmaudio | Rundll32 cmicnfg.cpl, CMICtrlWnd | System tray control panel for C-Media based soundcards - often included on popular motherboards with in-built audio. Available via Start -> Settings -> Control Panel | No |
| X | Cmd | cmd32.exe | Added by the TANKED WORM! | No |
| X | cmd32 | configs.exe | Hijacker, also detected as the QURL-2 TROJAN! | No |
| X | cmd64 | cmd64.exe | CoolWebSearch Msconfd parasite variant | No |
| X | cmdbcs | cmdbcs.exe | Added by the LINEAG-GKW TROJAN! | No |
| X | cmdcon | cmdcon.exe | Added by the CRYPTER.A TROJAN! | No |
| X | cmds | vtsqn.dll | Added by a variant of the VUNDO TROJAN! | No |
| X | CmdShell.exe | CmdShell.exe | Added by the BCKDR-QHY BACKDOOR! | No |
| X | CME | cme.exe | Part of Gator advertising spyware - see here for removal instructions. Please note that Claria Corporation no longer support GAIN-Supported software - see here | No |
| X | CmeSYS | CMEsys.exe | Part of Gator advertising spyware - see here for removal instructions. Please note that Claria Corporation no longer support GAIN-Supported software - see here | No |
| X | CmeUPD | CMEupd.exe | Part of Gator advertising spyware - see here for removal instructions. Please note that Claria Corporation no longer support GAIN-Supported software - see here | No |
| X | CMFibula | CMFibula.exe | CASClient adware | No |
| N | CmFlywaveName | CmFlywav.exe | Driver for Linksys Wireless-G Music Bridge | No |
| N | CMGrdian | CMGrdian.exe | McAfee's QuickClean, an offline version of the one in their online Clinic. Normally run offline and not needed. Incidentally, incorporates more cleanup programs than the likes of WinOptimizer and System Mechanic | No |
| U | CMGShieldUI | CMGShieldUI.exe | UI for CMG (CREDANT Mobile Guardian) Shield from Credant Technologies. "The CMG Shield resides on devices and external media to enforce security policies even if the device is disconnected from the network." Used to protect sensitive corporate on laptops, handhelds, smartphones, USB drives and CD-DVDs | No |
| X | CMMan | CMMan.exe | Added by the CMAPP TROJAN! | No |
| X | Cmmon32Sys | cmmon32.exe | Added by the SMALL.CL TROJAN! | No |
| X | cmonitor | startupmon.exe | SystemDoctor misleading security software - not recommended, see here | No |
| U | CmPCIaudio | RunDll32 CMICNFG3.CPL, CMICtrlWnd | Registers the Control Panel applet for a C-Media PCI sound card | No |
| U | CMPDPSRV | CMPDPSRV.EXE | Printer Driver Plus from ViewAhead Technology (formerly DeviceGuys, Inc.). "Printer Driver Plus seamlessly integrates all the necessary components of a printer driver, plus more". Installed with some Compaq and Lexmark printers | No |
| X | Cmpnt | Devices2.exe | Added by the TOMPAI-D TROJAN! | No |
| X | Cmpnt | mainsv.exe | Added by the TOMPAI-C TROJAN! | No |
| X | cmrss | cmrss.exe | Added by the DELF.DU TROJAN! | No |
| X | cmrss | crmss.exe | Added by the DLOADER-EK TROJAN! | No |
| X | cmrss | [path to trojan] | Added by the DLOADER-QQ TROJAN! | No |
| X | cmrst | cmrst.exe | Added by the BANCOS.S TROJAN! | No |
| X | cmrst | cmrst.scr | Added by the DLOADER-FP TROJAN! | No |
| X | cms | iserver.exe | Added by the DLOADER-WK TROJAN! | No |
| U | CMSETTINGS | ctmn.exe | Part of NetNanny Chat Monitor | No |
| X | cmsound | vcpdll.exe | Added by the TCXMEDI-D downloader TROJAN! | No |
| X | cmsound | vcsystem.exe | Added by the TCXMEDI-D downloader TROJAN! | No |
| X | cmss | system.exe | Added by a variant of the RBOT WORM! | No |
| X | cmssapp | iexplore_.exe | Added by the BANCBAN-CQ TROJAN! | No |
| X | cmssapp | iexplore.exe | Added by the BANCBAN-GF TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | cmssSystemProcess | csmss.exe | Added by the AGENT-CO TROJAN! | No |
| X | cmssSystemProcess | mcsmss.exe | Added by a variant of the AGENT.EI TROJAN! | No |
| X | cmssSystemProcess | csms.exe | Added by the AGENT-Y TROJAN! | No |
| X | CMSystem | CMSystem.exe | CASClient adware | No |
| X | cmt101 | cmt101.exe | Added by a variant of the CRYPTER.C TROJAN! | No |
| ? | CmUCRRun | CmUCReye.exe | Related to Medion Display Information. What does it do and is it required? | No |
| X | cmx32 | cmx32.exe | Added by the GEMA.D TROJAN! | No |
| X | Cn323 | cnfrm33.exe | Added by the MIMAIL.G WORM! | No |
| X | Cn911 | ODBCJET.exe | Added by the BIFROSE-PR TROJAN! | No |
| X | CNBABE | CNBABE.EXE | Appears to be spyware added by KAZAA (and maybe others) that displays pop-up ads whilst you're browsing | No |
| N | cnet | kontiki.exe | Kontiki Delivery Manager - Windows-based client software that enables secure delivery of content to users' desktops | No |
| Y | cnfgCav | CMain.exe | Part of Comodo Antivirus | No |
| X | Cnfrm32 | cnfrm.exe | Added by the MIMAIL.D WORM! | No |
| X | CnsMax | Internat.exe | Added by the POINTEX TROJAN! Note - the real internat.exe resides in %windir%\system (where %windir% is the Windows directory - C:\Windows or C:\Winnt) whereas this version resides in %windir% | No |
| X | CnsMin | Rundll32.exe [path] CNSMIN.DLL, Rundll32 | CnsMin (Chinese Keywords) hijacker related. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| Y | CnwiDeviceAgent | cnwida.exe | Part of the Canon imagePROGRAF W8400 printer management software | No |
| Y | CnxAdslL | CnxAdslL.exe | DLink, Zoom, or Conexant modem driver | No |
| N | CnxDslTaskBar | CnxDslTb.exe | Connexant DSL Taskbar as used on Acess Runner and Samsung AHT-E310 ADSL modems | No |
| U | Cobian Backup 8 interface | cbInterface.exe | "Cobian Backup is a backup program that can be executed in 2 ways: as a normal application or as a Windows Service. The program can schedule automatic backups for files and directories locally or to FTP servers and can use compression and encryption" | No |
| X | CodeClean | CCIntro.exe | CodeClean spyware remover - not recommended, see here | No |
| U | Codename Dashboard | dashboard.exe | Codename: Dashboard - "an application that resides at the side of your screen. Built on the Microsoft .NET Framework, it is a host for interchangeable components through which C.D. allows you to have any information you want, on your desktop, all the time" | No |
| X | cof.updit | [random filename] | Added by a variant of the SDBOT WORM! | No |
| U | CognizanceTS | rundll32.exe [path] AsTsVcc.dll, RegisterModule | Cognizance Corp Identity And Access Management suite | No |
| X | Coldlife -icmp | Systray.exe | Added by the FLOOD.AV TROJAN! Note - this is not the legitimate systray.exe process | No |
| N | CollaborationHost | p2phost.exe | People Near Me Microsoft? Windows? Peer-to-Peer Networking platform for Windows Vista | No |
| U | coloreal | coloreal.exe | Makes colours sharper and brighter, but will only work with coloreal capable monitors | No |
| N | Colorific | Hgcctl95.exe | Colorific® from E-Color - "delivers accurate gamma and color temperature across your entire system - monitor to printer and digital camera to monitor." Now superseded by ColorWizzard™ | No |
| N | Colorific Control Panel | Hgcctl95.exe | Colorific® from E-Color - "delivers accurate gamma and color temperature across your entire system - monitor to printer and digital camera to monitor." Now superseded by ColorWizzard™ | No |
| X | COM Service | mscom32.com | Added by the BEASTY.H TROJAN! | No |
| X | COM Service | msynvr.com | Added by the BEASTY.G TROJAN! | No |
| X | COM Service | msjclh.com | Added by the BEASTY.E TROJAN! | No |
| X | COM Service | msdrce.com | Added by the BEASTY.I TROJAN! | No |
| X | COM Service | msflyx.com | Added by the BEASTDO-O TROJAN! | No |
| X | COM+ Event System | DRWTSN16.EXE | Added by the LOVGATE.AB WORM! | No |
| X | COM+ EventSystem Services | ECSERVER.EXE | Added by a variant of the SDBOT WORM! | No |
| X | Com+ Sys | csrs.exe | Added by the FORBOT-BT WORM! | No |
| X | COM+ System Applications | lsas.exe | Added by the AGOBOT.SE WORM! | No |
| X | COM++ System | exploier.exe | Added by the LOVGATE.Z WORM! | No |
| X | COM++ System | suchost.exe | Added by the LOVGATE-F WORM! | No |
| X | COM++ System | svchost.exe... | Added by a variant of the LOVGATE WORM! | No |
| N | COM-IP | COMIP.EXE | COM-IP Virtual Modem Driver (COM-IP Creates a Fake Serial Port that allows you to use older DOS Based Communications Programs over Telnet. Type atdt host.domain.com instead of atdt 5551212) | No |
| U | com.codeode.cactusspamfilter | cactusspamfilter.exe | Cactus Spam - free easy-to-use spam blocker | No |
| U | com.codeode.privacymantra | privacymantra.exe | "Privacy Mantra keeps your computer clean from online and offline tracks" | No |
| U | ComAgent | ComAgent.exe | ComAgent - MDaemon's instant messaging client | No |
| X | combo.exe | combo.exe | Added by the CHIMO-C TROJAN! | No |
| X | combop.exe | combop.exe | Added by the BOWFEED-A TROJAN! | No |
| X | Comcast Network | ribiva.exe | Added by a variant of the IRC TROJAN! | No |
| X | ComcastSUPPORT | tgkill.exe | Comcast (the cable folks who are replacing @home in some parts of the USA) have struck a deal with Tioga to provide an "enhanced" support and self-repairing tool. This is "beta" at present and was made available to download by mistake at present. Remove via Start -> Settings -> Add/Remove Programs | No |
| X | COMCFG | comcfg.exe | Added by the TOADCOM.A TROJAN! | No |
| X | comctl32 | comctl32.exe | Adware - detected by Kaspersky as the AGENT.AM TROJAN! | No |
| U | COMDRV32 | svdhost.exe | Orvell Monitoring 2003 surveillance software. Uninstall this software unless you put it there yourself. Note - asks for permission to contact the IP address of http://www.protectcom.com/ | No |
| U | Comm Driver | commh32.exe | G Data "PC Spion". PC monitoring and surveilling software, captures all users activity on the PC, see here. Disable/remove if you didn't install it yourself! | No |
| X | Command | system.exe | Added by the GATECRASH.A or GATECRASH.B TROJANS! | No |
| X | Command | Gotit.exe | Added by the TITOG WORM! | No |
| X | COMMAND | command.exe | Added by the QQPASS.E TROJAN! | No |
| X | command | javaw.exe | Added by the AGOBOT-LG WORM! | No |
| X | Command Prompt32 | CmdPrompt32.pif | Added by the ASSIRAL.B WORM! | No |
| U | Command WorkStation 4 | cws 4.exe | EFI's Command WorkStation makes "managing demanding workflows easier by centralizing job management. The software automatically identifies the Fiery servers on the network and offers customization options for displaying information" - for high-end print environments | No |
| X | command32 | command32.exe | Added by the LINEADI-A TROJAN! | No |
| N | CommCtr | commctr.exe | "Net2Phone CommCenter is the latest in Internet voice technology allowing you to place calls easily all over the world right from your PC!". Available via Start -> Programs | No |
| Y | COMMUNICATOR | Communicator.exe | Part of Microsoft Office Communicator, which is an integrated communications client that allows information workers to communicate in real time using a range of different communication options, including instant messaging (IM), voice, and video | No |
| U | Comodo Firewall | CPF.exe | Comodo Firewall | No |
| Y | COMODO Firewall Pro | cfp.exe | Comodo Firewall Pro | No |
| U | Comodo Launch Pad Tray | CLPTray.exe | System Tray access to LaunchPad as bundled with Comodo's freebie offerings such as Comodo Anti-Virus. Some allege that LaunchPad is impossible-to-uninstall adware, or worse - see here | No |
| Y | COMODO Memory Firewall | cmf.exe | "Comodo Memory Firewall is a buffer overflow detection and prevention tool which provides the ultimate defence against one of the most serious and common attack types on the Internet - the buffer overflow attack" | No |
| X | CompanionWizard | compwiz.exe | WinAntiVirus 2006 misleading virus software - not recommended, see here | No |
| U | Compaq Alerter | CPQAlert.exe | Compaq's Insight Manager Agent - a tool that allows for "fault, performance, and configuration management". Recommended for corporate users only. It's best removed if installed but not wanted, rather than disabled at startup. See here for more information | No |
| N | Compaq Computer Corp SCCenter Module | SCCENTER.EXE | For Compaq PC's. Part of Backweb | No |
| ? | Compaq Computer Security | Rundll32.exe SECURE32.CPL, Service | ?? | No |
| N | Compaq Connections | COMPAQ~1.EXE | See here - "messaging service that automatically sends you support information, tips, ideas, and special offers from HP and our partners, especially designed for HP and Compaq desktop computer owners" | No |
| N | Compaq Connections | BackWeb-1940576.exe | See here - "messaging service that automatically sends you support information, tips, ideas, and special offers from HP and our partners, especially designed for HP and Compaq desktop computer owners". * can be any digit | No |
| N | Compaq Connections | Compaq Connections.exe | See here - "messaging service that automatically sends you support information, tips, ideas, and special offers from HP and our partners, especially designed for HP and Compaq desktop computer owners" | No |
| N | Compaq DMI | cpqdmi.exe | Compaq version of the Desktop Management Interface | No |
| X | Compaq Drivers | F1rewalls.exe | Added by the SDBOT-WD WORM! | No |
| N | Compaq Internet Setup | inetwizard.exe | For Compaq PC's. Runs Compaq internet setup wizard and offers you to signup from ISP list | No |
| X | Compaq Jes Drivers | winjes.exe | Added by the SDBOT-XR WORM! | No |
| U | Compaq Knowledge Center | silent.exe & matcli.exe | "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, state, etc and gets written to a log file while silent.exe executes matcli.exe quietly in the background. Compaq Knowledge Center is required to run with the Help and Support program. If you uncheck Compaq Knowledge Center and and then run help and Support it will add another Compaq Knowledge Center in the startup menu. If you remove the Compaq Knowledge Center in the add/remove program some help menus in help and support will not be available like Fix my Presario, Preference, and Contact Technical Support". You decide | No |
| N | Compaq Message Server | COMPAQ-RBA.EXE | Applies to the CPQBootPerfDB entry as well. These files generate some kind of server or servlet that attempts to connect with Compaq online. They are like Trojans, but fairly harmless. They send information on the "Compaq Advisor/Compaq Message Screener" application that comes with every Compaq computer and provide feedback on how computer users use the Message Advisor. These messages appear occasionally and instruct and advise users on their computer and its use. They generally attempt to get you (these messages) to connect to Compaq's website. They may be safely disabled via (1) MSCONFIG or (2) Start -> Programs -> Compaq Advisor -> Advisor Settings under the "advanced" tab. Not required and can cause problems | No |
| U | Compaq PK Daemon | cpqkl.exe | For Compaq laptops for programming user configurable keys. Not required unless you use them | No |
| X | Compaq Print Fax | cpqa1000.exe | Added by the SDBOT.BCV WORM! Please take note of the difference between the legitimate Compaq Fax Utility Name (A1000 Settings Utility) and the name (Compaq Print Fax) used by this worm | No |
| X | Compaq Service Drivers | systeminfos.exe | Added by the SDBOT-XC WORM! | No |
| X | Compaq Service Drivers | compq.exe | Added by a variant of the SDBOT WORM! | No |
| X | Compaq Service Drivers | navapqwa.exe | Added by the SDBOT.BBQ WORM! | No |
| X | Compaq Service Drivers | amsn.exe | Added by a variant of the SDBOT WORM! | No |
| X | Compaq Service Drivers | compqs.exe | Added by a variant of the SDBOT WORM! | No |
| X | Compaq Service Drivers | msnt.exe | Added by the SDBOT.CQL WORM! | No |
| X | Compaq Service Drivers | NtKernelSystem.exe | Added by a variant of the SDBOT WORM! | No |
| X | Compaq Service Drivers | wincmd.exe | Added by the RBOT.ATV WORM! | No |
| X | Compaq Service Drivers | wind32.exe | Added by a variant of the SDBOT WORM! | No |
| X | Compaq Service Drivers | winmsn.exe | Added by a variant of the SDBOT WORM! | No |
| X | Compaq Service Drivers | compaq.exe | Added by the SDBOT-AFU WORM! | No |
| X | Compaq Service Drivers | msnsvc.exe | Added by the RBOT.BKT WORM! | No |
| X | Compaq Service Drivers | ntsys32.exe | Added by the RBOT.CIW WORM! | No |
| X | Compaq Service Drivers | winsvc.exe | Added by the SDBOT-AGD WORM! | No |
| X | Compaq Service Drivers 32 | compq32.exe | Added by a variant of the SDBOT WORM! | No |
| X | Compaq Service Drivrs | copq.exe | Added by a variant of the RBOT WORM! | No |
| X | Compaq Services Drivers | ndt32.exe | Added by the RBOT.CQZ WORM! | No |
| X | Compaq Sound Drivers For WINDOWS | sounddr.exe | Added by the SDBOT-XG WORM! | No |
| N | Compaq Video CD Watcher | ?? | For Compaq PC's. MPEG viewer | No |
| X | Compaq32 Service Drivers | ms32.exe | Added by the SDBOT.BWH WORM! | No |
| X | Compaq32 Service Drivers | msconfig32.exe | Added by the SDBOT-ADC WORM! | No |
| X | Compaq32 Service Drivers | msnt32.exe | Added by the RBOT.BVF WORM! | No |
| ? | CompaqHW Comp Manager | cpqhcm.exe | Running on a Compaq laptop - any ideas? | No |
| N | CompaqPrinTray | printray.exe | Puts printer icon in the System Tray. When this option is disabled you will no longer be able to access the Control Program or Printer Driver directly from your desktop | No |
| X | Compaqs Service Driver | copypad32.exe | Added by the SDBOT.CSO WORM! | No |
| X | Compaqs Service Drivers | compqs.exe | Added by a variant of the SDBOT WORM! | No |
| N | CompaqSystray | cpqpscp.exe | Compaq System Tray icon | No |
| X | Compatibility Service Process | regsvs.exe | Added by the GAOBOT.YN WORM! | No |
| X | Compd Service Drivrs | codq.exe | Added by a variant of the SDBOT WORM! | No |
| U | ComproRemote | ComproRemote.exe | VideoMate TV tuner and capture card - remote control driver | No |
| U | ComproSchedulerDTV | ComproSchedulerDTV.exe | VideoMate TV tuner and capture card - scheduler | No |
| X | Computing Technologie Firewall | lsauth.exe | Added by the SDBOT-WX WORM! | No |
| N | COMSMDEXE | comsmd.exe | 3Com tray icon | No |
| X | ComStart | Trojan Guarder.exe | TrojanGuarder misleading security software - not recommended, see here | No |
| X | ComTry Web Searcher | wstray.exe | Comtry MP3 Downloader related - spyware | No |
| X | comxt | comxt.exe | Added by the COMXT TROJAN! | No |
| X | con | [path to trojan] | Added by the BRAVE-A TROJAN! | No |
| ? | Concurre | concurre.exe | ?? | No |
| X | ConfidentUser | SRP.exe | ConfidentUser rogue security software - the site's "online scanner" is detected by Kaspersky as WinFixer.ba | No |
| X | Config | service.exe | Added by the ISRAZ.B WORM! | No |
| X | Config | WinService32.exe | Added by the CRUTCHA-A TROJAN! | No |
| X | Config | winconfig.exe | Added by the GIP.113.B1 TROJAN! | No |
| X | Config | CONFIG.EXE | Added by the PSWGIP.B TROJAN! | No |
| X | Config Loadation | iEEexplore.exe | Added by the SDBOT.H TROJAN! | No |
| X | Config Loadatiorin | I3Explorer.exe | Added by the SDBOT.H TROJAN! | No |
| X | Config Loader | svchosl.exe | Added by the GAOBOT.P WORM! | No |
| X | Config Loader | sysldr32.exe | Added by the GAOBOT WORM! | No |
| X | Config Loader | scvhost.exe | Added by the GAOBOT.AE or GAOBOT.AO WORMS! | No |
| X | Config Loader | svhost.exe | Added by a variant of the AGOBOT/GAOBOT WORM! | No |
| X | Config Loader | SYSMGR.EXE | Added by the AGOBOT.C WORM! | No |
| X | Config Loader for Microsoft Windows | mwincfg32.exe | Added by the AGOBOT.BD WORM! | No |
| X | Config Loader2 | explores.exe | Added by the GAOBOT.BT WORM! | No |
| X | Config Loadr | winsys32.exe | Added by the AGOBOT-HN WORM! | No |
| X | Config33.exe | Config33.exe | Added by the SDBOT.T TROJAN! | No |
| X | ConfiggLoader | cart322.exe | Added by the GAOBOT.DJ WORM! | No |
| U | ConfigSafe | CFGSAFE.EXE | ConfigSafe - lets you identify changes to the registry, INI files, System asset files, system hardware, network connections, and operating system versions -- provides a restore function. Your choice | No |
| U | ConfigSafe | AUTOCHK.EXE | ConfigSafe - lets you identify changes to the registry, INI files, System asset files, system hardware, network connections, and operating system versions -- provides a restore function. Your choice | No |
| N | ConfigServices | Config.exe | Part of initial setup on a Compaq PC | No |
| X | configsetup | configsetup32.exe | Added by the AGOBOT-AFP WORM! | No |
| X | Configuration | explorer32.exe | Added by the SDBOT-ML WORM! | No |
| X | configuration | apphost.exe | Added by the SDBOT-VP WORM! | No |
| X | Configuration | ntsys32.exe | Added by the SDBOT-LN WORM! | No |
| X | Configuration Default | Wuxat.exe | Added by the SPYBOT-CA WORM! | No |
| X | Configuration File | Winset32.exe | Added by the FLUX.101 TROJAN! | No |
| X | Configuration Loaded | wupdated.exe | Added by the MOEGA or MOEGA.AG or MOEGA.AP WORMS! | No |
| X | Configuration Loaded | lssas.exe | Added by a variant of the SDBOT WORM! | No |
| X | Configuration Loaded | iexploree.exe | Added by the SDBOT-KC WORM! | No |
| X | Configuration Loader | aim95.exe | Added by the LOADCFG or SDBOT TROJANS! | No |
| X | Configuration Loader | cmd32.exe | Added by the LOADCFG or SDBOT TROJANS! | No |
| X | Configuration Loader | syscfg32.exe | Added by the SDBOT.B TROJAN! | No |
| X | Configuration Loader | service5.exe | Added by the GAOBOT.AF WORM! | No |
| ? | Configuration Loader | lfass.exe | ?? | No |
| X | Configuration Loader | sycfg34.exe | Added by the GAOBOT.AN WORM! | No |
| X | Configuration Loader | wincrt32.exe | Added by the GAOBOT.BF WORM! | No |
| X | Configuration Loader | windex.exe | Added by the GAOBOT.BZ WORM! | No |
| X | Configuration Loader | dosrun32.exe | Added by the GAOBOT.AO WORM! | No |
| X | Configuration Loader | Service.exe | Added by the GAOBOT.AO WORM! | No |
| X | Configuration Loader | Servicess.exe | Added by the GAOBOT.AO WORM! | No |
| X | Configuration Loader | sw32.exe | Added by the AGOBOT.BQ WORM! | No |
| X | Configuration Loader | System.exe | Added by the GAOBOT.AO WORM! | No |
| X | Configuration Loader | Winreg.exe | Added by the GAOBOT.AO WORM! | No |
| X | Configuration Loader | sysinfo.exe | Added by the GAOBOT.FQ WORM! | No |
| X | Configuration Loader | microsoft.exe | Added by the GAOBOT.JB WORM! | No |
| X | Configuration Loader | confgldr.exe | Added by the GAOBOT.GEN!POLY WORM! | No |
| X | configuration loader | winicfg32.exe | Added by the GAOBOT.RQ WORM! | No |
| X | Configuration Loader | svhst.exe | Added by the GAOBOT.YC WORM! | No |
| X | Configuration Loader | msgfix.exe | Added by the GAOBOT.AUS or SDBOT.J or SDBOT-QG WORMS! | No |
| X | Configuration Loader | msnss.exe | Added by the GAOBOT.AUS WORM! | No |
| X | Configuration Loader | IEXPL0RE.EXE | Added by the LOADCFG or SDBOT TROJANS! | No |
| X | Configuration Loader | loadcfg32.exe | Added by the LOADCFG or SDBOT TROJANS! | No |
| X | Configuration Loader | MSTasks.exe | Added by the LOADCFG or SDBOT TROJANS! | No |
| X | Configuration Loader | systemry.exe | Added by a variant of the AGOBOT/GAOBOT WORM! | No |
| X | Configuration Loader | ccSort.exe | Added by the AGOBOT.SR WORM! | No |
| X | Configuration Loader | smss32.exe | Added by the AGOBOT.MB WORM! | No |
| X | Configuration Loader | wincffg.exe | Added by the AGOBOT.A3 WORM! | No |
| X | Configuration Loader | seru32.exe | Added by the SDBOT-VR WORM! | No |
| X | Configuration Loader | botss.exe | Added by the SDBOT-XS WORM! | No |
| X | Configuration Loader | ldasp.exe | Added by the AGOBOT.BH WORM! | No |
| X | Configuration Loader | msgcfgsrv.exe | Added by a variant of the AGOBOT/GAOBOT WORM! | No |
| X | Configuration Loader | smsai.exe | Added by the SDBOT-YE WORM! | No |
| X | Configuration Loader | svupdate.exe | Added by the RANDEX.DXP WORM! | No |
| X | Configuration Loader | crcss.exe | Added by the AGOBOT.ADG WORM! | No |
| X | Configuration Loader | lexplore.exe | Added by the RBOT-AGX WORM! Note - the executable is spelt with a lower case "L" rather than an lower or upper case "i" which is the case with Internet Explorer | No |
| X | Configuration Loader | scvhost.exe | Added by the AGOBOT-AAE and SDBOT.AR WORMS! | No |
| X | Configuration Loader | svchost.exe | Added by the PARADROP-A WORM! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup! | No |
| X | Configuration Loader | svchost2.exe | Added by the AGOBOT.JR WORM! | No |
| X | Configuration Loader | dezi.exe | Added by the SDBOT-OB WORM! | No |
| X | Configuration Loader | mouse.exe | Added by a variant of the AGOBOT/GAOBOT WORM! | No |
| X | Configuration Loader | msg.exe | Added by the SDBOT.BT WORM! | No |
| X | Configuration Loader | WinHelper.exe | Added by a variant of the AGOBOT/GAOBOT WORM! | No |
| X | Configuration Loader | extrac.exe | Added by the SDBOT-AFP WORM! | No |
| X | Configuration Loader | DVD-Player.exe | Added by a variant of the SDBOT WORM! | No |
| X | Configuration Loader | IEXPLORE.EXE | Added by the SDBOT-KW WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System% | No |
| X | Configuration Loader | svchost.exe | Added by the PARADROP-AI WORM! Note - this is not the legitimate svchost.exe process which should not normally figure in Msconfig/Startup! | No |
| X | Configuration Loader | wincore.exe | Added by the SDBOT.BHE WORM! | No |
| X | Configuration Loader | configldr.exe | Added by the AGOBOT-PP TROJAN! | No |
| X | Configuration Loader | ahnhst.exe | Added by the AGOBOT.MX WORM! | No |
| X | Configuration Loader | ntdm.exe | Added by the AGOBOT.RV WORM! | No |
| X | Configuration Loader | msnmsgr.exe | Added by the SDBOT-SO WORM! Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %System% | No |
| X | Configuration Loader | svschost.exe | Added by the SDBOT-NS WORM! | No |
| X | Configuration Loader Service | Winsys32.exe | Added by the RBOT-YV WORM! | No |
| X | Configuration Loader Service | devl32.exe | Added by the SDBOT-XY WORM! | No |
| X | Configuration Loader10 | ip7.exe | Added by the AGOBOT-ANZ WORM! | No |
| X | Configuration Loading | svchos1.exe | Added by the GAOBOT.DK WORM! | No |
| X | Configuration Loading | configldr.exe | Added by the AGOBOT-EC WORM! | No |
| X | Configuration Loading Service | wscel.exe | Added by the SDBOT-WJ WORM! | No |
| X | Configuration Loadr | iexplore.exee | Added by an unidentified WORM or TROJAN! | No |
| X | Configuration Manager | CNFGLD32.EXE | Added by the SDBOT TROJAN! | No |
| X | Configuration Manager | Cnfgldr.exe | Added by the SDBOT TROJAN! | No |
| X | Configuration Manager | cfg32.exe | BookedSpace parasite. Note - the "cfg32.exe" file is located in the Winnt or Windows folder | No |
| X | Configuration Servecie | sewins.exe | Added by the SDBOT-COH WORM! | No |
| X | Configuration Service | suchost.exe | Added by the TREB TROJAN! | No |
| X | Configuration Services | mswords.exe | Added by the SDBOT-YM WORM! | No |
| N | Configuration Utility | CONFIG.EXE | Controls linksys wireless connection. Available from the Desktop | No |
| U | Configuration Utility | wlanutil.exe | NetGear Wireless LAN configuration utility for the MA311 802.11b (and maybe other cards) | No |
| X | Configuration Wizard | Cfgwiz32.exe | Added by a variant of the HACKTACK TROJAN! Not to be confused with the legitimate MS "ISDN Configuration Wizard" (Cfgwiz32.exe) | No |
| X | Configuration32 Loader32 | winamp32.exe | Added by the SDBOT-BIC WORM! | No |
| U | ConfigUtility | ConfigUtility.exe | Wireless management utility for the HWC54G Hi-Speed Wireless-G CardBus Card from Hawking Technologies, Inc | No |
| X | ConfigVir | services.exe | Added by the AUTORUN-DV WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ~A~m~B~u~R~a~D~u~L~ subfolder | No |
| X | ConfLoader | sysconf16.exe | Added by the SDBOT-FB TROJAN! | No |
| N | Conmgr | conmgr.exe | Starts Winfax pro at startup | No |
| U | ConMgr.exe | conmgr.exe | Connection Manager as used by Earthlink and others. If you need this to ensure a proper connection but don't want to connect at startup try creating your own shortcut | No |
| X | conmswf | conrnbne.exe | Added by the SDBOT-DEX WORM! | No |
| U | Connect Kasamba | Kasamba.exe | "Finding the expert help that you need is easy on Kasamba. With more than 30,000 registered experts in over 600 categories to choose from, chances are, we`ll have just the right professional in the exact area of expertise that you need" | No |
| X | Connect2Party | connect2party.exe | Adult content dialler | No |
| U | Connection Keeper | ConKeepM.exe | "Connection Keeper is an invaluable time-saving tool for dial-up users. This free program simulates Internet browsing (at a random interval) to prevent your connection from appearing idle, thus preventing your ISP from dropping your connection due to inactivity" | No |
| N | Connection Manager | CManager.exe | SBC Yahoo DSL service connection manager. You can connect from the network connections. Users having problems with this have been advised to uninstall the connection manager via Add/Remove Programs and it won't affect the service | No |
| X | Connectivity Tool | [path to trojan] | Added by the LITEBOT-E TROJAN! | No |
| X | Connector | SYS.EXE | Nunci premium rate dialer | No |
| X | Connector | sms.EXE | Added by the ExDial-B premium rate adult content dialer | No |
| N | CONNECTScheduler | CONNECTScheduler.exe | Scheduler for updating Sony's CONNECT music download service | No |
| X | Cons | consol32.exe | Hijacker - redirects to an adult content portal, where foistware like ISTBar gets stealth installed | No |
| X | conscorr | conscorr.exe | VX2.Transponder parasite updater/installer related | No |
| X | Console de Gerenciamento Microsoft | csrss.exe | Unidentified malware! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "Level4" subfolder | No |
| X | Console de Gerenciamento Microsoft | csrss.exe | Added by the BANCBAN-ET TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "Central de Segurança" subfolder | No |
| U | Consumer Input | ConsumerInput.exe | Consumer Input Toolbar. Opt-in market research monitoring you browsing habits - see the FAQ | No |
| U | Consumer Input Rewarded with MyPoints, Consumer Input | ConsumerInputRewardedwithMyPoints, ConsumerInput.exe | Consumer Input Toolbar. Opt-in market research monitoring you browsing habits - see the FAQ | No |
| U | Consumer Input Rewarded with MyPoints, Consumer Input Update | ConsumerInputRewardedwithMyPoints, ConsumerInputUa.exe | Consumer Input Toolbar. Opt-in market research monitoring you browsing habits - see the FAQ | No |
| ? | Contacte | contacte.exe | Some kind of driver? | No |
| X | Content connector | [random filename].exe | Added by the DIALER-Y TROJAN! Note - uses a random filename and random folders. Usually the folder containing the file is a Temp folder | No |
| X | ContentDownload | rundll32.exe MSA64CHK.dll, DllMostrar | MatrixDialer related. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in the Winnt or Windows folder | No |
| X | ContentService | winservn.exe | Homepage hijacker | No |
| X | ContinueInstall | bpsinstall.exe | BrowserAid/BrowserPal foistware | No |
| X | ContraVirus | ContraVirusPro.exe | ContraVirus misleading security software - not recommended, see here | No |
| X | Control | rundll32.exe ctrlpan.dll, Restore ControlPanel | CoolWebSearch Msconfd parasite variant | No |
| U | Control Center | Center.exe | Associated with Hawking Technologies, Inc wireless products. Located in %Program Files%\Hawking\WLAN Card Utilities | No |
| X | Control handler | ***********.exe [* = random char] | CoolWebSearch parasite variant | No |
| X | Control handler | ahjinst.exe | CoolWebSearch parasite variant | No |
| X | Control handler | [10 to 14 random char]THD.EXE | Added by the KREPPER-AI TROJAN! | No |
| N | control panel | smctrlw.exe | System Tray icon for a Silicon Motion LynxEM based PCI Graphics Card | No |
| X | Control Panel | System.exe | Added by the DANI TROJAN! | No |
| X | control panel software service | cprs.exe | Added by the RBOT-FPI WORM! | No |
| X | Controladores | [path to trojan] | Added by the TELEFO-A TROJAN! | No |
| Y | ControlCenter | ctlcntr.exe | Part of Lenovo's (IBM) ThinkVantage Fingerprint Software - used on laptops and keyboards with integrated fingerprint readers | No |
| N | ControlCenter2.0 | brctrcen.exe | Brother scanner 'Control Center' application - can be started manually | No |
| N | ControlCentreTray | XWCTray.exe | System Tray access for the Xerox ControlCentre 2.0 software for their range of printers, copiers, faxes, etc | No |
| X | Controlled Resource System Service | crss.exe | Added by the AGOBOT.GH WORM! | No |
| N | Controller | WFXCTL32.EXE | From Symantec's TalkWorks Pro and WinFax. Appears if you chose to have the program appear in the taskbar (System Tray) during installation and displays a yellow fax/telephone icon. Available via Start -> Programs | No |
| X | ControlPanel | rundll32 internat.dll, LoadKeyboardProfile | CoolWebSearch parasite variant | No |
| X | ControlPanel | host32.exe internat.dll, LoadKeyboardProfile | Added by a vairant of the DELF.DW TROJAN! | No |
| X | ControlPanel | cmd32.exe internat.dll,LoadKeyboardProfile | Added by the DLOADER-HF TROJAN. Note - the "cmd32.exe" file is found in %System% | No |
| X | ControlPanel | systemctrl.exe internet.dll, LoadNetworkProfile | Browser hijacker, also detected as STARTPA-FX | No |
| X | ControlPanel | internat.dll, LoadKeyboardProfile | Added by the BIZVES-A TROJAN! | No |
| X | ControlPanel | popcorn.exe internat.dll, LoadKeyboardProfile | Added by the BIZVES-B TROJAN! | No |
| X | ControlPanel | popcorn64.exe | Browser hijacker, redirecting to loadcash.biz | No |
| X | ControlPanel | popcorn64.exe rundll.dll, LoadMouseProfile | Added by the DLOADER-OI TROJAN! | No |
| X | ControlPanel | popcorn72.exe rundll.dll, LoadMouseProfile | Added by the DLOADER-RA TROJAN! | No |
| X | ControlPanel | svcc.exe | WorldSearch adware - re-directing searches to "world-search.biz" | No |
| X | ControlPanel | popcorn320.exe rundll.dll, LoadMouseProfile | Added by a variant of the DLOADER-RA TROJAN! | No |
| X | ControlPanel | private.exe internat.dll,LoadMouseCarpetProfile | Detected by Norman Virus Control as W32/Downloader. Creates the files sdfff, fdsf and zxczxc. In the C:\WINDOWS\SYSTEM32 directory creates the files d.exe, s.exe and r.exe. Note - the "private.exe" file is found in %System% | No |
| X | ControlPanel | twink64.exe internat.dll,LoadKeyboardProfile | Added by the DLOADER-BW TROJAN. Note - the "twink64.exe" file is found in %System% | No |
| X | ControlServiceMgr | csmsv.exe | Added by the AGENT-XC TROJAN! | No |
| U | Cookie Cop 2 | CookieCop.exe | Cookie Cop 2 from PC Magazine - cookie manager. Allows you to decide which internet sites can add "cookies" related to their sites for the next time you return | No |
| U | Cookie Pal | CPBRWTCH.EXE | Kookaburra Software's Cookie Pal cookie manager. Allows you to decide which internet sites can add "cookies" related to their sites for the next time you return | No |
| U | CookieJar | Cookiejar.exe | Cookie Jar cookie manager from Jason's Toolbox. Allows you to decide which internet sites can add "cookies" related to their sites for the next time you return. No longer being actively supported | No |
| U | CookiePatrol | CookiePatrol.exe | CookiePatrol - cookie interceptor stopping spyware cookies that used to be part of PestPatrol before CA's aquisition | No |
| U | CookieWall | cookie.exe | CookieWall from Analog X. Allows you to decide which internet sites can add "cookies" related to their sites for the next time you return | No |
| U | Cool Desk | cdesk.exe | Cool Desk is a virtual desktops manager. "Ever you wished to have several screens on your computer? Cool Desk creates up to 9 virtual desktops and offers you to have different windows on each of them". Not required but may be of use to you | No |
| X | CoolDownloads | rundll32.exe MSA64CHK.dll, DllMostrar | MatrixDialer related. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in the Winnt or Windows folder | No |
| U | CoolMon | CoolMon.exe | "CoolMon monitors vital system stats and almost anything else you wish to display on the desktop" | No |
| X | CoolMP3 | rundll32.exe MSA64CHK.dll, DllMostrar | MatrixDialer related. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in the Winnt or Windows folder | No |
| U | CoolSwitch | taskswitch.exe | ALT+TAB replacement Powertoy for Windows XP - enhances the graphics displayed when you want to switch between programs running full-screen | No |
| N | Coolwallpaper | cwm_tray.exe | Cool Wallpaper software allows you to manage high quality photos as desktop wallpaper and screen savers | No |
| X | coolwebprogram | clrssn.exe | CoolWebSearch Smartsearch parasite variant | No |
| N | Copernic Desktop Search | DesktopSearch.exe | Copernic Desktop Search - "Easily search your entire hard drive in less than a second to pinpoint the right file, e-mail, music or pictures" | No |
| U | Copernic Desktop Search 2 | DesktopSearchService.exe | Copernic Desktop Search - search agent | No |
| U | CopernicPerUserTaskMgr | CopernicPerUserTaskMgr.exe | Automatic tasking feature of Copernic Pro multi-search engine tool | No |
| Y | Copperhead | razerhid.exe | Razer Copperhead mouse driver | No |
| U | Copy handler | Copy Handler.exe | Copy Handler lets you copy between hard disks, floppies, local networks, CDs, and many other storage media. Copy Handler gives you the power to pause, resume, restart, and cancel during the copying and moving processes | No |
| N | Copyright | mwcpyrt.exe | Displays copyright information on IBM ThinkPads | No |
| X | Core Process Aplication | ccapl.exe | Detected by Kaspersky as a variant of the RBOT WORM! See here | No |
| X | Core Process Aplication x16 | ccapl16.exe | Added by a variant of the SLAPER TROJAN! | No |
| X | Core Process Aplication x32 | ccapl32.exe | Detected by Kaspersky as the SRAMLER.E TROJAN! See here | No |
| X | Core System Hardware | syscorehd.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| U | CoreCenter | CoreCenter.exe | MSI Core Center - motherboard utility for monitoring CPU speed, voltages, temperatures and fans speeds as well as overclocking | No |
| U | CoreCenter | CORECE~1.EXE | MSI Core Center - motherboard utility for monitoring CPU speed, voltages, temperatures and fans speeds as well as overclocking | No |
| N | Corel Colleagues & Contacts Reminders | cffrem.exe | Corel Colleagues & Contracts - all-in-one organizer for scheduling meetings, maintaining addresses, etc. Part of the now defunct Corel Print Office | No |
| N | Corel Desktop Application Director | dadx.exe | The Desktop Application Director (DAD) gives you easy access to all Corel applications - x represents ther version number. Available via Start -> Programs | No |
| N | Corel Family & Friends reminders | CFFREM.EXE | Corel Family & Friends - all-in-one calender, address book and list manager. Part of the now defunct Corel Print House Magic | No |
| N | Corel Photo Downloader | MediaDetect.exe | Related to Corel Photo Album | No |
| N | Corel Registration | Remind32.exe | If you don't want to register Corel products and be reminded about it every 2 weeks disable it | No |
| N | Corel Registration Reminder | Remind32.exe | If you don't want to register Corel products and be reminded about it every 2 weeks disable it | No |
| N | Corel Reminder | NAVBROWSER.EXE | If you don't want to register Corel products and be reminded about it every 2 weeks disable it | No |
| N | Corel Reminder | NAVBrowser.exe | Registration reminder for CorelDRAW 10 | No |
| N | CorelCENTRAL 10 | I_26dadCC.exe | CorelCENTRAL 10 - personal information manager (PIM). Supplied as part of Corel WordPerfect Office 2002. Available via Start -> Programs | No |
| X | CorelDraw Toolbox | CorelDraw.exe | Added by the SDBOT-VZ WORM! | No |
| N | CorelMedia FoldersIndexer8 | MFindexer.exe | Part of CorelDraw bundles for indexing media files - similar to "fast find" in MS Office | No |
| N | CorelMedia FoldersIndexer8 | MFINDE~1.EXE | Part of CorelDraw bundles for indexing media files - similar to "fast find" in MS Office | No |
| X | CoreSrv | coresrv.exe | Some IRC trojans/worms use this - see here for more information | No |
| ? | CORESYS | coresys.exe | ?? | No |
| X | Corporate Microsoft Update | uptask.exe | Added by the RBOT-GVB WORM! | No |
| N | CorrectConnect | CConnect.exe | Broadband ISP diagnostic tool - as used by NTL and Cox Communications. Shortcut available | No |
| X | cosine | cosine.exe | Added by the RBOT-SW WORM! | No |
| U | CostAware | niIPCApp.exe | NetInternals CostAware - download quota measuring tool | No |
| X | Counterstrike Service Agent | czrzns.exe | Added by the MEDBOT.AR WORM! | No |
| N | Country Select | pctptt.exe | Country selection for a PCtel HSP56 based modem. Often found in OEM (Dell,Compaq, HP, etc) systems for their modems included on the motherboard or as a separate card. Once you've set the modem up to the chosen country it's not required | No |
| N | CountrySelection | pctptt.exe | Country selection for a PCtel HSP56 based modem. Often found in OEM (Dell,Compaq, HP, etc) systems for their modems included on the motherboard or as a separate card. Once you've set the modem up to the chosen country it's not required | No |
| ? | Coupon Offers | ?? | ?? | No |
| X | couponica | couponica.exe | Adware - see here | No |
| ? | CP | CopyProtectionNotifier.exe | Related to Emuzed Systems and Middleware. Comes included with Windows XP Media Edition | No |
| U | CP32NOT | CP32BTN.EXE | For the programmable "one-touch" buttons on HP laptops (and others?). Safe to disable if you don't use these buttons | No |
| U | CP4HPOT | OneTouch.EXE | One Touch keyboard driver. Required if you use the additional keys | No |
| N | CP888M1 | CP888M1.EXE | Related to EZbutton quick launcher for the Media player app that comes with certain laptops | No |
| ? | CPA9P2PSERVER | CPA9P2PS.exe | Found on a Compaq Presario but what is it? | No |
| X | cpanel | winlogin32.exe | Added by the RBOT-FOY WORM! | No |
| U | CPATR10 | CPATR10.EXE | Dritek/Compal ATR10 Easy Button driver. Used on certain laptops (e.g. Toshiba, Compaq) to translate special hotkeys such as Play/Pause and Constrast | No |
| U | CPBrWtch | CPBrWtch.exe | Kookaburra Software's Cookie Pal cookie manager. Allows you to decide which internet sites can add "cookies" related to their sites for the next time you return | No |
| Y | CPD_EXE | CPD.EXE | Firewall bundled with McAfee VirusScan 6.* | No |
| X | cpl | deamon.exe | Added by the TACTSLAY.C TROJAN! | No |
| X | cpl | msgaol.exe | Added by the TACTSLAY.C TROJAN! | No |
| X | cpl | s_menu.exe | Added by the TACTSLAY.C TROJAN! | No |
| X | cpl | browse.exe | Added by the TACTSLAY.C TROJAN! | No |
| N | CplBTQ00 | CplBTQ00.EXE | Related to EZbutton quick launcher for the Media player app that comes with certain laptops | No |
| N | CPLDBL10 | CPLDBL10.exe | Related to EZbutton quick launcher for the Media player app that comes with certain laptops | No |
| X | cpntmgc | wincomp.exe | Added by the WINTRIM.A TROJAN! | No |
| X | cpntmgc | simcss.exe | Added by the MAGICON.A TROJAN! | No |
| X | cpntmgc | navpmc.exe | Added by the SIMCSS TROJAN! | No |
| X | cpntmgc | winmgts.exe | Added by the WINTRIM-B TROJAN! | No |
| ? | CPortPatch | cppatch.exe | CPortPatch is a utility is required for Dell laptops that are using a docking station. Is it needed though? | No |
| Y | CPQAcDc | CPQAcDc.exe | Compaq PowerCon power management software for laptops | No |
| U | CPQAlert | CPQAlert.exe | Compaq's Insight Manager Agent - a tool that allows for "fault, performance, and configuration management". Recommended for corporate users only. It's best removed if installed but not wanted, rather than disabled at startup. See here for more information | No |
| N | CPQBootPerfDB | CPQBootPerfDB.EXE | See the entry for Compaq Message Server | No |
| Y | CPQCalib | CPQCalib.exe | Compaq PowerCon power management software for laptops | No |
| N | CPQDFWAG | CpqDfwAg.exe | For Compaq PC's. Runs Compaq diagnostics on every boot | No |
| U | CPQEASYACC | cpqeadm.exe | For Compaq PC's. Allows the use of programmable keys on mulimedia keyboards. Required if you use the additional keys | No |
| U | CPQEASYACC | StartEAK.exe | Easy Access Button Support for Compaq PCs. Allows the use of programmable keys on multimedia keyboards. Required if you use the additional keys | No |
| U | CPQEASYACC | STARTDRV.exe | For Compaq PC's. Allows the use of programmable keys on mulimedia keyboards. Required if you use the additional keys | No |
| U | cpqeaui | cpqeaui.exe | For Compaq PC's. Allows the use of programmable keys on mulimedia keyboards. Required if you use the additional keys | No |
| U | cpqek | kcpqek.exe | For Compaq PC's. Easy Access button support for the keyboard | No |
| U | CPQInet Runtime Service | CpqInet.exe | For Compaq PC's. Allows AOL and Compuserve to use the Easy Access buttons for the internet. Is not required if you don't use the ISP providers | No |
| N | CPQINKAGENT | cpqinkag.exe | That is the Compaq Ink Agent for some inkjet printers, it lets users know when their ink cartridges are getting close to empty (by how many pages they have printed) | No |
| U | cpqns | cpqnpcss.exe | Related to Compaq.Net - not required if you don't use that | No |
| N | Cpqset | Cpqset.exe | Default settings software in Hewlett Packard notebook | No |
| Y | CPQSTUTFIX | stutfix.exe | For Compaq PC's. Fixes audio stutter problems for ESS Maestro soundcards. You can download it here. This is a Compaq originated file and has been verified as free from viruses by McAfree/Norton | No |
| U | CPQTEAM | cpqteam.exe | This program is bundled with HP servers. When loaded a system tray icon will be available that launches the HP Network Configuration Tool | No |
| X | cpr | cpr | Adroar.com adware downloader | No |
| X | cprocsvc | cproc.exe | Added by MSIL.AGENT.C TROJAN! | No |
| X | CPU Manager | cpumgr.exe | Added by the PANDEM.B WORM! | No |
| X | CPU Temp Control | wuitgurd.exe | Added by the RBOT-AHV WORM! | No |
| X | CPU Watcher | rundll32.exe cpu.dll,load | Added by the DLOADER-LO TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "cpu.dll" file is located in %Windir% | No |
| X | CPU Windows Status | cpustats.exe | Added by a variant of the RBOT WORM! | No |
| U | CPUcool | Cpucool.exe | Program to keep the processor cool when idle in "overclocked" systems. Also available via Start -> Settings -> Control Panel | No |
| N | CPUMon | CPUMon.exe | "CPUMon continuously displays the updated system statistics in a floating window as well as in system tray area" | No |
| X | Cpusave | Cpusave.exe | Added by the GEMA TROJAN! | No |
| X | Cpusave32 | Cpusave32.exe | Added by the GEMA TROJAN! | No |
| X | CPVHOST Settings | cpvhost.exe | Added by a variant of the SDBOT TROJAN! | No |
| X | cpyt | hidep.exe | Added by the MIRJACK-A TROJAN! | No |
| X | cqlyg | world_cup_.bat | Added by the WCUP.A WORM! | No |
| ? | CQSCP2P SERVER | ?? | "Compaq printer utility which is required in the startup menu in order to make the printer work correctly". Personally I doubt whether it is actually needed | No |
| ? | CQSCP2PS | ?? | "Compaq printer utility which is required in the startup menu in order to make the printer work correctly". Personally I doubt whether it is actually needed | No |
| X | Cr**.exe [* = random char] | Cr**.exe [* = random char] | CoolWebSearch/HomeSearch adware - for examples, see this log | No |
| X | Cr**32.exe [* = random char] | Cr**32.exe [* = random char] | CoolWebSearch/HomeSearch adware - for examples, see this log | No |
| U | cracked_windows1 | cracked_windows1.exe | Cracked Windows popup killer | No |
| X | CrashDump | [path to trojan] | Added by the DROPPER.EAT TROJAN! | No |
| N | CrazyTalk Serve | rundll32.exe CrazyTalk.dll, DIIServeMediaFile | CrazyTalk from Reallusion - "the worlds only facial animation tool that gives you the power to create talking animated images from a single photograph, complete with emotions." Can apparently be installed without your knowledge as well as being a legitimate download in it's own right from sites such as TUCOWS | No |
| U | CRBroadCasting | CRBroadCasting.exe | CardReader2 from On Track Inovations Ltd. USB Card Reader | No |
| X | CRC Value Verifier | crsss32.exe | Added by a variant of the RBOT WORM! | No |
| X | CRC Value Verifier | Crsss64.exe | Added by the RBOT-NY WORM! | No |
| X | CRC Value Verifier | svchost32.exe | Added by the RBOT-OA WORM! | No |
| X | CRC Value Verifier | crsss.exe | Added by the SPYBOT.UK WORM! | No |
| X | Crc32stats Dependencies | Crc32stats.exe | Added by the MYTOB.GT WORM! | No |
| X | CRCSS | crcss.exe | Added by the IRCBOT-TH WORM! | No |
| U | Creata Mail | JMSrvr.exe | Creata_Mail. Smileys, stationary and more for you email. Required if you want to access the program from Outlook or Outlook Express | No |
| X | Create A Monster | createAMonster.exe | Kudd.com CreateAMonster. Reportedly stealth installed and Look2Me adware related | No |
| N | CreateCD | Createcd.exe | Adaptec Easy CD Creator system tray application (pre version 5). Available via Start -> Programs | No |
| N | CreateCD50 | Createcd50.exe | Adaptec Easy CD Creator version 5 system tray application. Available via Start -> Programs | No |
| X | Creates stractures for system management | stacture.exe | Added by the SDBOT-DHS WORM! | No |
| N | Creative AGP Wizard | agpwiz.exe | Part of Creative's BlasterControl | No |
| X | Creative Audio Drivers | creative.exe | Added by the RBOT-FKR WORM! | No |
| N | Creative Detector | CTDetect.exe | Auto-detect and play a DVD when using a Creative Soundblaster Audigy2 soundcard. Uses about 2.2 MB of memory. Disable it by heading to the MediaSource DVD Audio Player, selecting Tools, then uncheck the Auto Start box. It should not start up automatically again | No |
| N | Creative Launcher | CTLauncher.exe | For Creative Soundblaster Live! series soundcards. Adds a quick-launch bar to the top of the display and a System Tray icon. Available via Start -> Programs | No |
| U | Creative Live! Cam Manager | CTLCMgr.exe | Creative Live! Cam Manager | No |
| U | Creative MediaSource Go | CTCMSGo.exe | Creative MediaSource Go! is a combination of a short-cut bar and launcher for the Creative MediaSource™ player/organizer - which "enables you to manage your entire digital music collection on both your computer and your Creative portable music player effortlessly" | No |
| U | Creative MediaSource Go | CTCMSGoU.exe | Creative MediaSource Go! is a combination of a short-cut bar and launcher for the Creative MediaSource™ player/organizer - which "enables you to manage your entire digital music collection on both your computer and your Creative portable music player effortlessly" | No |
| N | Creative PCI Audio Configuration Utility | starter.exe | System Tray icon to configure a Creative Soundblaster PCI soundcard. Not required and re-instates itself when un-checked. Try one of the solutions on this special page. Similar to EnsoniqMixer | No |
| N | Creative Service for CDROM Access | Ctsvccda.exe | Resident program for Creative's PlayCenter included with Soundblaster Audigy sound cards - speeds up detection of some media CDs if the system doesn't natively support them. Available via Start -> Programs | No |
| N | Creative Software Update | AutoUpdate.exe | Auto-updater for Creative Labs software | No |
| N | Creative WebCam Tray | Camtray.exe | Creative WebCam tray control - can be started manually | No |
| X | Creative.exe | Creative.exe | Added by the PROLIN WORM! | No |
| N | CreativeDiscNotifier | CTNOTIFY.EXE | For Creative Soundblaster Live! series soundcards. Detects when you insert a CD-ROM, DVD-ROM, etc. Available via Start -> Settings -> Control Panel | No |
| U | CreativeMixer | CTMIX32.EXE | Creative soundcard System Tray access to, for example, volume slider controls as normally provided by the "speaker" icon. Not required unless you adjust any settings otherwise available via the standard icon | No |
| ? | CreativeTaskScheduler | CTSched.exe | Creative Task Scheduler. What does it do and is it required? | No |
| X | Critical Error Safe32 | GetWaylayer32.exe | Added by the RBOT.IAL WORM! | No |
| X | Critical Update Check | battlenet.exe | Added by the DELF-LB TROJAN! | No |
| N | CriticalUpdate | Wucrtupd.exe | MS Windows Critical Update Notification. If you want to keep Windows up-to-date, check the Windows Update site | No |
| X | CriticalUpdate | wucrtupd.exe | Added by the NOALA.B WORM! Note - this file is located in the Windows or Winnt folder, and must not be confused with the legitimate Windows process of the same name as described here | No |
| X | crmssrlt | [random filename] | Added by a variant of the SLAPER TROJAN! | No |
| X | Crnsava | scrnsave.pif | Added by the SDBOT-ZV WORM! | No |
| X | cronos | MARCO!.SCR | Added by the OPASERV.G WORM! | No |
| X | CrossMenu | CrossMenu | Toshiba CrossMenu Utility - allows the user to create their own menus | No |
| X | CRP386 Networking | crp386.exe | Added by the IRCBOT.N TROJAN! | No |
| X | crs | crs.exe | Added by the AGOBOT-TJ WORM! | No |
| X | crsss | crsss.exe | Added by the AUTORUN.FM WORM! | No |
| X | CRSSXP SysInfo | crssxp.exe | Added by a variant of the SDBOT TROJAN! | No |
| X | Crusty | dmcpl.exe | Added by the RUSTY WORM! | No |
| X | cryptdlg | cryptdlg.exe | Added by an unidentified TROJAN! | No |
| U | cryptoexpert | cexpert.exe | CryptoExpert from SecureAction Research. Advanced on the fly encryption system | No |
| X | Cryptographic Service | ******.exe [* = random char] | Added by the KORGO.W or KORGO.X or KORGO.AB WORMS! | No |
| ? | Crystal 3D Audio Control | CWD3DSND.EXE | Crystal 3D Audio sound driver. Is it required? | No |
| X | CS Update | copy /Y [path] ActivationManager.dll.upd [path] ActivationManager.dll | Added by an unidentified malware | No |
| N | csaRem | spqmdmui.exe | Compaq modem country selection | No |
| Y | CSAV_CheckViruses | vchk.exe | Command Antivirus related | No |
| U | csc | csc.exe | Command line compiler for Microsoft C# it gets installed with the .NET SDK | No |
| X | cscripts | cscripts.exe | Added by the BDOOR-AAP BACKDOOR! | No |
| X | CSCRS Value | cscrs.exe | Added by the RBOT-AAA WORM! | No |
| X | CSCRS Value Check | MsPMSPSd.exe | Added by a variant of the SDBOT WORM! | No |
| U | CSINJECT.EXE | CSINJECT.EXE | Part of Quarterdeck/Norton CleanSweep. "Csinject must be loaded in order for Smart Sweep to automatically monitor installations and properly track registry changes" | No |
| X | csm Win Updates | csm.exe | Added by the ZOTOB.B WORM! | No |
| X | CSNetManagerXp | isass.exe | Added by the HIDER-O TROJAN! | No |
| X | csoftok | softok.exe | Added by the QQPASS.G TROJAN! | No |
| X | csos | csos.exe | Added by the SDBOT-DFE WORM! | No |
| X | csrcs | csrcs.exe | Added by the AGENT-HUA TROJAN! | No |
| X | csrs | csrs.exe | Added by the GAOBOT.GEN!POLY WORM! | No |
| X | csrsc | csrsc.exe | Added by an unidentified VIRUS, WORM or TROJAN! | No |
| X | CSRSS | CSRSS.EXE | Search page hijacker, redirecting to h**p://www.search-aide.com/. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! | No |
| X | Csrss | csrss.exe | Added by the CHOD WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a random subfolder | No |
| X | csrss | csrss.exe | Added by the KEYLOG-AQ KEYLOGGER! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | csrss | csrss.exe | Added by the CHODE-J WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a random subfolder | No |
| X | csrss | msmsgs.exe | Added by the CHODE-J WORM! | No |
| X | csrss | nwiz.exe | Added by the CHODE-J WORM! | No |
| U | csrss | csrss.exe | BeyondKeylog surveillance software. Uninstall this software unless you put it there yourself. Note - this is not the same file as the csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %ProgramFiles%\Supremtec | No |
| X | Csrss | CSRSS.EXE | Added by the PUNYA-B WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in C:\Documents and Settings\Administrator\Local Settings\Application Data\WINDOWS | No |
| X | csrss | ssms.exe | Added by an unidentified malware | No |
| X | Csrss Host | csrhost.exe | Detected by Trend Micro as the IRCBOT.BIZ WORM! See here | No |
| X | CSRSS Loader | csrsss.exe | Added by the AGOBOT.TX WORM! | No |
| X | csrss.exe | csrss.exe | Added by the DALBUG WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | csrssLevel4 | csrss.exe | Unidentified malware! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "Level4" subfolder | No |
| X | CSRSSU | CSRSSU.exe | CoolWebSearch parasite variant - hijacking to Slawsearch.com. Also detected as the CWS-E TROJAN! | No |
| X | CSRSSW | CSRSSW.EXE | Added by the CWS-F TROJAN! | No |
| X | CSRSWIN | [trojan filename] | Added by the WINSHELL.50 TROJAN! | No |
| X | CSRSX | [trojan filename] | Added by the WINSHELL.50.B TROJAN! | No |
| X | csrvss | csrvss.exe | Added by a variant of the SDBOT TROJAN! | No |
| U | CSS Server | CSSServer.exe | ComSpySysSvr surveillance software. Uninstall this software unless you put it there yourself | No |
| U | cssauth | cssauth.exe | Related to IBM ThinkVantage Client Security Solution | No |
| ? | cssauthe | cssauthe.exe | Part of the Client Security Solution on an IBM ThinkVantage (now Lenovo) PC - "a suite of ThinkVantage Technology tools designed to help protect access to your computer operating system and your sensitive data. The Client Security Solution integrates the hardware protection of its embedded chip with the protection afforded by its secure software." What does this do and is it required?" | No |
| Y | CSScheduleCheck | SCHWIZEX.EXE | Part of ConfigSafe - lets you identify changes to the registry, INI files, System asset files, system hardware, network connections, and operating system versions - provides a restore function. This part takes a snapshot of your system following a healthy re-boot | No |
| X | cssrs | cssrs.exe | Added by the BANCBAN-DW TROJAN! | No |
| X | csss | Csss.exe | Added by the BALICK TROJAN! | No |
| U | CSS_Central | CSS_1631.EXE | CSS Communication Agent (95 Host) from Command Software Systems (now Authentium). "CSS Central? provides administrators with a powerfully proactive tool to effectively manage and maintain the anti-virus strategy from a centralized console" | No |
| X | CSV10P1 | CSP001.exe | ClearSearch adware | No |
| X | CSV10P70 | CSv10P070.exe | ClearSearch adware | No |
| X | CSV7P26 | CSV7P26.exe | ClearSearch adware | No |
| X | CSV7P70 | CSV7P070.exe | ClearSearch adware | No |
| X | CSV7P91 | CSV7P91.exe | ClearSearch adware | No |
| U | csvdea | csvdea.exe | SpyArsenalLog surveillance software. Uninstall this software unless you put it there yourself | No |
| X | csvhost.exe | csvhost.exe | Added by the CIMUZ-BD TROJAN! | No |
| Y | ct | ct.exe | ct.exe is a file is for the HP Learning Adventure software and if you use this software it is required to run it | No |
| X | CT Control Settings | CTSVCCD.EXE | Added by the RBOT-YS WORM! | No |
| U | CTAPR2 | CTAPR2.exe | Console Launcher for the Creative Sound Blaster X-Fi series | No |
| N | CTAVTray | CTAvTray.exe | For Creative Soundblaster Live! series soundcards. Plays the EAX animation on start-up and adds a System Tray icon for it. Available via AudioHQ | No |
| U | CTCMonitor | CTCMonitor.exe | Click-to-Convert - document-to-HTML or doc-to-PDF converter. Only required if you are going to use the File -> Print method of using Click-to-Convert. If converting directly from MS Office, it is not required | No |
| X | CTDrive | rundll32.exe drvmod.dll | Added by a variant of the OP DIALER! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "drvmod.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| N | CTDVDDet | CTDVDDet.exe | Auto-detect and play a DVD when using a Creative Soundblaster Audigy2 soundcard. Uses about 2.2 MB of memory. Disable it by heading to the MediaSource DVD Audio Player, selecting Tools, then uncheck the Auto Start box. It should not start up automatically again | No |
| X | ctf.exe | ctf.exe | Added by a variant of the BIFROSE TROJAN! | No |
| X | ctflog manager | ctflog.exe | Added by the DONBOMB.A TROJAN! | No |
| X | CTFM0N.exe | CTFM0N.exe | Added by the STARTPAGE.P TROJAN! Notice the digit "0" in both columns rather than the upper case "o" | No |
| U | ctfmon | ctfmon.exe | Supports multiple languages and alternative method inputs in Windows and MS Office. The language bar is displayed alongside the System Tray if more than one keyboard layout is enabled (for switching input languages) or, for example, if speech is selected as an alternative input for MS Office or Notepad. Required to support advanced text services (such as right to left text) for East Asian users. Can be disabled via Start → Control Panel → Regional and Language Options → Languages → Text Services and Input Languages → Advanced → System Configuration → Turn off advanced text services (which also turns off the language bar). See also here and here. Can also cause problems with some other programs if left enabled - see here for such an example | No |
| X | ctfmon | taskmgr32*.exe [* = number] | Added by the SOWSAT.B WORM! | No |
| X | ctfmon | cftmon.exe | Added by the DELIVE-A TROJAN! Note - this file is found in C:Windows or C:Winnt and is not the valid MS Office file of the same name (see here) | No |
| X | ctfmon | mIRC.dll | Added by the DELBOT-E TROJAN! | No |
| X | ctfmon | WinConst.exe | Added by the ASSASIN-G TROJAN! | No |
| U | CTFMon | ctfmon.exe | Family KeyLogger keystroke logger/monitoring program - remove unless you installed it yourself! Note - this is not the legitimate ctfmon.exe process associated with alternate text inputs which is always located in %System%. This one is located in a "CTF" sub-folder | No |
| X | ctfmon | msnmsgr.exe | Added by the BDOOR-JV BACKDOOR! Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %System% | No |
| X | Ctfmon.exe | ctfmon32.exe | CoolWebSearch Ctfmon32 parasite variant | No |
| X | ctfmon.exe | ctfmon.exe | Added by the RAIDYS TROJAN! Note - this should not be confused with the valid Office XP file, see here | No |
| X | ctfmon.exe | msupdate32.exe | Spy Sheriff/SpywareNO malware, also detected as the SPYHOAX-A TROJAN, pretends to be a spyware remover! - file names spotted sofar include VXH8JKDQ2.EXE, NS6281400.so, CVXH8JKDQ2.EXE, down3.exe, sefe.exe, winstall.exe, and tool2.exe | No |
| U | ctfmon.exe | ctfmon.exe | Supports multiple languages and alternative method inputs in Windows and MS Office. The language bar is displayed alongside the System Tray if more than one keyboard layout is enabled (for switching input languages) or, for example, if speech is selected as an alternative input for MS Office or Notepad. Required to support advanced text services (such as right to left text) for East Asian users. Can be disabled via Start → Control Panel → Regional and Language Options → Languages → Text Services and Input Languages → Advanced → System Configuration → Turn off advanced text services (which also turns off the language bar). See also here and here. Can also cause problems with some other programs if left enabled - see here for such an example | No |
| X | ctfmon.exe | ctfmon.exe eminem.exe | Added by the BHARAT.A WORM! | No |
| X | CTFMON.EXE | svchost.exe | Added by the JUEGO-B WORM! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | CTFMON32 | CTFMON32.EXE | CoolWebSearch Ctfmon32 parasite variant - also detected as the CWS-E TROJAN! | No |
| X | ctfmon32 | [random filename].exe | Added by the RBOT-GSN WORM! | No |
| X | ctfmona | ctfmona.exe | AntiVirusPro misleading security software - not recommended, see here | No |
| X | CTFMONSS | CTFMONSS.EXE | Added by the CWS-F TROJAN! | No |
| X | ctfmun | ctfmun.exe | Detected by Trend Micro as AGENT.ACEZ spyware - see here | No |
| X | ctfnnon | ctfmon.exe | Detected by Kaspersky as the TURKOJAN.IL BACKDOOR! See here. Note - this is not the legitimate ctfmon.exe process associated with alternate text inputs which is always located in %System%. This one is located in %Windir% | No |
| X | ctfnom | rundIl32.exe | Added by the LEGMIR-AW TROJAN! | No |
| X | ctfnom.exe | SVOHOST.exe | Added by the DIGIDOR-A TROJAN! | No |
| X | ctfnom.exe | OSRSS.exe | Added by the DLOADER-UQ TROJAN! | No |
| X | cthelp | cthelp.exe | Added by the SDBOT TROJAN! | No |
| U | CTHELPER | CTHELPER.EXE | CTHELPER is a background task that is a plug-in manager for Creative drivers. The theory is that 3rd party manufacturers can use the CTHELPER plug-in interface to produce drivers, add-on features, and fixes that will integrate with a tighter fit with Creative's sound drivers and utilities. Given its purpose CTHELPER would normally be classified as a "leave alone" background task. It also allows Creative speaker setup to be synchronized with Windows Control Panel speaker setting. Without it running that check box in Creative speaker setting is not functional (settings are not in sync). Unfortunately there are often problems with CTHELPER, most notably that it can use 100% of CPU time so it's best left disabled unless you need it | No |
| X | CTHelper | cthelper.exe | Added by the RBOT-XB WORM! Note - do not confuse with the Creative application of the same name described here | No |
| X | CTime | [path to trojan] | Added by the HTTPDOS TROJAN! | No |
| X | CTin10 | CTin10.exe | Added by the BANCOS.E TROJAN! | No |
| X | CtModule | CtModule.exe | Added by the CLICKER-EG TROJAN! | No |
| X | CTMON.EXE | cfmon.exe | Added by the CLCKR-AN TROJAN! | No |
| U | CTNMRUN | ctnmrun.exe | Detects the Creative NOMAD jukebox/MP3 player at the time it is attached to USB and starts the needed application (Creative PlayCentre 2) that you use to copy MP3 files to and from it. This is required if you want PlayCentre 2 to take control of the NOMAD once connected | No |
| ? | CTPDPSRV | CTPDPSRV.EXE | Printer driver (in the WINDOWSSystem32spoolDRIVERSW32X86 folder). Is it required? | No |
| N | CTPerformanceUtility | CTPowUti.exe | Related to Creative PowerSysTrayApp. This program is a non-essential process, but should not be terminated unless suspected to be causing problems | No |
| X | ctpmon | ctpmon.exe | System Registry Cleaner - stealth installed foistware from sysregistry.com | No |
| N | CTRegRun | CTRegRun.exe | For Creative Soundblaster Live! series soundcards. Reminds you to register your card with Creative | No |
| U | CtrlVol | CtrlVol.exe | Volume control key on Acer, Fujitsu and other laptops | No |
| ? | CTSched | CTSched.exe | Creative Task Scheduler. What does it do and is it required? | No |
| N | CTStartup | CTEaxSpl.exe | Splash screen with sound on every boot up. Installed with a Sound Blaster Audigy soundcard | No |
| U | CTSVolFE | CTSVolFE.exe | Creative Labs Mixer applet for the Sound Blaster Audigy | No |
| U | CTSVolFE.exe | CTSVolFE.exe | Creative Labs Mixer applet for the Sound Blaster Audigy | No |
| N | CTSyncU.exe | CTSyncU.exe | Creative Sync Manager - synchronizes music tracks on your computer with your player | No |
| U | CTsysVol | CTSYSVOL.exe | Creative sound card volume controls | No |
| ? | cttdpsrv | cttdpsrv.exe | ?? | No |
| X | CTUpdate | ctupdclt.exe | Added by the RBOT-ABG WORM! | No |
| N | CTxfiHlp | CTXFIHLP.EXE | Added by the installation of a Creative Labs X-Fi sound card. This particular process provides the help functionality for your card | No |
| N | CTXFIREG | CTxfiReg.exe | Creative Labs sound card driver related. It appears that it isn't required and maybe registration related | No |
| X | Ctykd | [path to file] | SMALL.SN spyware | No |
| N | CTZDetec.exe | CTZDetec.exe | Auto-detect feature of Creative Media Lite which assists you in managing your music, ripping CDs and transferring other stored music to your Zen Stone MP3 player | No |
| X | CU1 | VCClient.exe | Associated with the Surf Sidekick adware and should be removed | No |
| X | CU2 | VCMain.exe | Associated with the Surf Sidekick adware and should be removed | No |
| Y | cuagentExe | Cuagent.exe | Command Antivirus related | No |
| X | CueX44 | Dago.exe | Added by the PUNYA-B WORM! | No |
| X | CueX44_stil_here | WINLOGON.EXE | Added by the PUNYA-A WORM! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup! | No |
| X | cuo | cuo.exe | Added by the BUGBEAR.A WORM! | No |
| X | Current Security Config | csecure.exe | Added by the RBOT-AMO WORM! | No |
| N | CurseClient | CurseClient.exe | CurseClient add-on manager for World of Warcraft and Warhammer Online games | No |
| N | cursor | Screendragon_VS_Taskbar.exe | ScreenDragon video player | No |
| N | CursorXP | CursorXP.exe | CursorXP from Stardock - tool for creating mouse cursors | No |
| U | Curtain | Curtain.exe | Curtain (from Chaotic Visions) - "is a Windows utility which gives you the power to hide any window or group of windows to your system tray" | No |
| U | Customizer2000 | logon.exe | Automatic logon feature of Customizer 2000 - "a special utility which is designed to optimize Win9x/ME performance. The program lets you explore the many hidden settings in Windows, and make changes" | No |
| N | CuteMX | CuteMX.EXE | File sharing utility | No |
| X | Cvfjx | ANACON.EXE | Added by the NACO.A WORM! | No |
| X | cvhnykzx | keepSafe.exe | Added by the KILLAV.KAX TROJAN! | No |
| X | cvmonitor.exe | cvmonitor.exe | Added by the SDBOT.BV WORM! | No |
| X | cvmsyslpd | sdservss.exe | Added by the MAILBOT-BY TROJAN! | No |
| Y | CVPND | cvpnd.exe | Sub-system used by Cisco VPN client for making a connection to a remote IPSec server | No |
| U | CW | cw4.exe | Chat Watch "is a monitoring and logging software for online chat and instant messaging programs" | No |
| U | CWatch | cw.exe | ChatWatch - chat monitoring tool | No |
| N | cwbckver | cwbckver.exe | Part of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. Checks the software version on your PC to that of the iSeries it is connected to. Not required - and can be turned off in the Client Access properties. It's a waste of resources | No |
| N | cwbinhlp | cwbinhlp.exe | Client Access Help Registry Update Function - part of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. It only updates the help files on your PC to match the level of the attached iSeries | No |
| N | cwbsvstr | cwbsvstr.exe | Part of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. Useful if you are going to access the iSeries through Windows Explorer to move files back and forth between Windows folders and iSeries folders. This is a tool that is only used by Client Access administrators (usually) so it is not required - a waste of resources | No |
| ? | cwbwlwiz | cwbwlwiz.exe | Welcome wizard launcher - Part of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. What does it do and is it required? | No |
| ? | Cwcdschk.exe | Cwcdschk.exe | IBM Thinkpad related? | No |
| U | cwcptray | cwcptray.exe | Related to ContentWatch Parental Control internet filter | No |
| X | cwingllib | atllsimm.exe | Added by a variant of the SDBOT WORM! | No |
| U | cwupdate | cwupdate.exe | ContentProtect from ContentWatch - internet filter | No |
| N | CXMon | Hpi_Monitor.exe | Autodetects when a HP camera is attached to the computer and launches the "HP Photoimaging Software". Available via Start -> Programs | No |
| N | Cyber | cyberchk.exe | Part of Belkins "Multimedia Cleaning Kit" and is automatically installed when you run their optical disk drive cleaning utility - to remind you to clean your drive after "x" amount of time has passed | No |
| U | Cyber Trio | showmode.exe | From G-Tek Technologies. Allows you to set the PC in one of three modes, Standard, Enhanced and Kiddo. Standard is full function, Enhanced prevents accidental damage and Kiddo is a play environment for kids. Pre-installed on some Packard Bell PCs | No |
| U | Cyber-Defender 2003 | uwcdsvr.exe | Cyber Defender 2003 | No |
| N | Cyber-shot Viewer Media Check Tool | SPUVolumeWatcher.exe | Part of the Sony Picture Uility software supplied with Sony Cyber-shot digital cameras. Automatically invokes an import process if the camera is connected and has media on it | No |
| X | cyberfree.exe | ****.dat [* = random char] | Unidentified adware | No |
| U | Cyberhawk | CHTray.exe | Cyberhawk from Novatix. Protects against viruses, spyware, identity theft | No |
| U | CyberLat Ram Cleaner | CLRamCleaner.exe | CyberLat RAM Cleaner - memory optimizer. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mind | No |
| U | CyberLat Ram Cleaner | CyberLat Ram Cleaner 1.1.exe | CyberLat RAM Cleaner - memory optimizer. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mind | No |
| N | CyberMedia Agent | CMAGENT.EXE | Part of CyberMedia's Oil Change program. Not normally required. Note - if you have TextBridge, CyberMedia Agent may attach itself to TextBridge and cause TextBridge to crash everything if this is disabled | No |
| U | CyberPatrolNew | cphq.exe | "CyberPatrol is one of the most powerful and popular client-based, browser independent, Internet safety software solutions for Windows-based standalone PCs available today" | No |
| X | CyberWolf | CyberWolf.exe | Added by the KICKIN.A (or CYDOG.C) WORM! | No |
| X | CyDoor | CD_Load.exe | Adware. Check here for information about Cy-Door and here for a program that can remove it | No |
| X | CydoorUpdate | CD_Load.exe | Adware. Check here for information about Cy-Door and here for a program that can remove it | No |
| ? | CYNHKey | CYNHKey.exe | ?? | No |
| N | CyphTray | CyphTray.exe | Cypherus - encryption software | No |
| U | CypressLinkMon | CypressLinkMon.exe | Related to CypressViewer from Siemens that "allows ACUSON Cypress cardiovascular system PLUS users to store, view, and analyze Cypress system PLUS studies on a standard Windows PC" | No |
| X | D SYSTEM | dd.exe | Added by the MYTOB-FN WORM! | No |
| Y | D-Link Air USB Utility | AirCFG.exe | D-Link wireless PCI adapter related | No |
| Y | D-Link Air Utility | AirCFG.exe | D-Link wireless PCI adapter related | No |
| N | D-Link AirPlus DWL-650+ Utility | WLANMON.exe | D-Link Air Plus Wireless PC modem connection monitor | No |
| Y | D-Link AirPlus G | AirGCFG.exe | D-Link Airplus Wireless Router driver | No |
| Y | D-Link AirPlus G Wireless Utility | AirPlus.exe | D-Link AirPlus G wireless configuration and monitoring utility | No |
| U | D-Link AirPlus XtremeG | AirPlusCFG.exe | D-Link AirPlus XtremeG wireless configuration utility | No |
| N | D066UUtility | D066UUTY.EXE | TWAIN driver for the CanoScan D660U flatbed scanner. Start scanning via your scanner management software | No |
| X | D3**.exe [* = random char] | D3**.exe [* = random char] | CoolWebSearch/HomeSearch adware - for examples, see this log | No |
| X | D3**32.exe [* = random char] | D3**32.exe [* = random char] | CoolWebSearch/HomeSearch adware - for examples, see this log | No |
| X | d3dupdate.exe | bbeagle.exe | Added by the BEAGLE.A WORM! | No |
| U | D4 | D4.exe | Dimension 4 - network time synchronization freeware - starts-up, adjusts the system clock, then shuts down | No |
| X | dabrun | rundll32.exe dabapi.dll, Rundll32 | SinaUpdateCenter adware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "dabapi.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| N | DACONFIGEXE | daconfig.exe | 3Com NIC Diagnostics. Available via Start -> Programs | No |
| Y | DadApp | dadapp.exe | "DadApp is the SW utility that controls the programmable buttons on Dell Laptops. Not required, but should be left in because it can create a hassle and doesn't always restore functionality to those buttons once unchecked and rechecked" - direct from Dell | No |
| N | Daemon | DAEMON32.EXE | Pre-loads game profiles for MS Sidewinder game controllers prior to release 2.0 of the software. Recommend upgrade. Available via Start -> Programs | No |
| U | Daemon | Daemon.exe | Daemon Tools - used to map an image-file (.iso, .bin etc) to a virtual CD/DVD-drive | No |
| X | Daemon | daemon.exe c daemon2.exe | Added by the SELOTIMA.A WORM! | No |
| U | DAEMON Tools | daemon.exe | Daemon Tools - used to map an image-file (.iso, .bin etc) to a virtual CD/DVD-drive | No |
| U | DAEMON Tools Pro Agent | DTProAgent.exe | DAEMON Tools Pro converts your computer games CD/DVD discs into "virtual discs" or so called "disc image" files, which run directly on your hard drive' | No |
| U | DAEMON Tools-1033 | Daemon.exe | Daemon Tools - used to map an image-file (.iso, .bin etc) to a virtual CD/DVD-drive | No |
| X | dago | fault.exe | Added by the PUNYA-A WORM! | No |
| N | Daily Planner | dayplan.exe | Daily Planner - discontinued, and now part of KMCS Deluxe System Suite. Tool to plan your days, and check activities off as you complete them | No |
| X | Daily Weather Forecast | weather.exe | Added by the DLOADER-IP TROJAN! | No |
| X | DamedWare Services | dwdrce.exe | Added by the RBOT-AOJ WORM! | No |
| X | DanBtR270414 | DanBtR270414.exe | Added by the VB-NIB WORM! | No |
| U | Dancer | DncLE.exe | Part of Microsoft Plus! Digital Media Edition - see here | No |
| X | Danton* | [random filename] | Added by the DANTON TROJAN! where * = random number | No |
| N | Dap | DAP.exe | Download Accelerator Plus from Speedbit. Download manager for resuming downloads, amongst other features. Available via Start -> Programs. Note that the free version is adware based | No |
| X | dark | imgst.scr | Added by the BANCOS.U TROJAN! | No |
| X | dark | imgrt.scr | Added by the BANCBAN-FH TROJAN! | No |
| X | dark | csrs.scr | Added by the BANCBAN-GT or BANCBAN-GU TROJANS! | No |
| X | DarkDevil.Grasiele.BR | Grasiele.VBS | Added by the LEMBRA WORM! | No |
| X | DarKNesS LsasS | LsasS23.exe | Added by an unidentified WORM or TROJAN! | No |
| ? | DashIE | N/A | Could be related to "Dash Power Shopping" tool bar in IE? | No |
| X | daskaskfsak6 | dsfids6.exe | Added by the ONLINEG-J TROJAN! | No |
| X | daskgfkkcx15 | dasdsaads15.exe | Added by the ONLINEG-Q TROJAN! | No |
| X | dasxdads | fsdqd.exe | Added by the GAOBOT.BIQ WORM! | No |
| X | Data | System.dat.vbs | Added by the BISCUIT.A WORM! | No |
| X | data | msngs.exe | Added by the RBOT-ADQ WORM! | No |
| N | Data LifeGuard | BACKWE~1.EXE | Data LifeGuard diagnostic tools for Western Digital's series of hard drives | No |
| N | Data LifeGuard LifeLine Lite installer | DLGLI.EXE | Backweb installer - see here | No |
| X | Data Restore Service | prq8.exe | Added by the KELVIR.AI WORM! | No |
| X | Data789 | Regedit.exe ....data789.tmp | Homepage hijacker | No |
| X | DATABASE MySql | [path] repcale.exe [path] beird.exe | Added by a variant of the RANDON.AN WORM! | No |
| N | DataCaching | FlashKsk.exe | SmartMedia Card management from the installation of a SanDisk reader for a camera's SmartMedia card and also adds the "Unplug and Eject Hardware" System Tray icon | No |
| U | DataKeeper | DataKeeper.exe | PowerQuest DataKeeper (now owned by Symantec) backup software | No |
| U | DataLayer | DataLayer.exe | Nokia PC Suite 5 - "A collection of powerful tools that you can use to manage your phone features and data." Synchronize the phone with, for example Outlook. You can also use it to browse your phone, edit the phone list and so on | No |
| N | DataViz Inc Messenger | DvzIncMsgr.exe | Installed with DataViz "Documents to Go" software | No |
| N | DataViz Messenger | DvzMsgr.exe | DataViz Documents to Go - "allows you to use your Word, Excel and PowerPoint files on your handheld anywhere, anytime. In addition, it now synchronizes e-mail with attachments, PDF files, pictures and Excel-like charts" | No |
| X | Datcheck | datcheck.exe | Added by the KEYPANIC TROJAN! | No |
| X | Date Manager | datemanager.exe | Date Manager - calender program. Spyware/adware based provided by The Gator Corporation. Please note that Claria Corporation no longer support GAIN-Supported software - see here | No |
| ? | Datechecker | N/A | Could be related to this? | No |
| X | DateMakerIntl | DateMakerIntl.exe | Premium rate adult content dialler | No |
| X | DAupdate | DAupdate.exe | NavEnhance adware | No |
| ? | DAW9532.exe | DAW9532.EXE | Loaded during installation of some 3Com network cards. Enables their DynamicAccess desktop management software. Is it required? | No |
| U | DayToday | DAYTODAY.EXE | DayToday from RoboMagic Software Corp. Displays the date on the taskbar | No |
| U | DAZEL Delivery Agent | DcDaemon.exe | Control and send documents, etc, to any destination. The Dazel Corporation has now been taken over by HP | No |
| X | dbar_starter | starter.exe | Deskbar adware - adds a search bar to your Windows taskbar which performs searches on www.w-w-w-dot-com.com | No |
| X | DbgHlp32 | DbgHlp32.exe | Added by the WINKO.AO WORM! | No |
| U | DBISQL9 | dbisqlg.exe | Related to SQL Anywhere from Sybase. A comprehensive package providing data management and data exchange technologies | No |
| N | dbserv | dbserv.exe | Database Server for Norton Ghost on Win2k Pro. Ghost works fine when it is disabled | No |
| X | dc | dc.exe | Added by the COIDUNG-A WORM! | No |
| X | dc2k5 | SVIQ.EXE | Added by the COIDUNG-A WORM! | No |
| U | DC300 Monitor | cmonitor.exe | Monitor for a Acer DC300 digital camera | No |
| X | DC6CW | DC6CW.EXE | DriveCleaner misleading security program - not recommended, see here | No |
| X | DC6_Check | uwasdc.exe | WinAntiSpyware 2006 spyware remover - not recommended, see here | No |
| X | DC6_check | dc6_startupmon.exe | WinAntiVirus 2006 misleading virus software - not recommended, see here | No |
| X | dc6_check | dcmon.exe | SystemDoctor misleading security software - not recommended, see here | No |
| X | DCE Manager | dcemgr.exe | Added by the TUMAG TROJAN! | No |
| U | DCfssvc | dcfssvc.exe | Associated with digital cameras and can cause problems which disappear if disabled. If this program is unchecked in startup, your camera will not cause your computer to open a pop-up window when you connect it. Leave enabled if you can't load pictures from your camera/dock - Kodak's dock is an example | No |
| U | dcfssve | dcfssvc.exe | Associated with digital cameras and can cause problems which disappear if disabled. If this program is unchecked in startup, your camera will not cause your computer to open a pop-up window when you connect it. Leave enabled if you can't load pictures from your camera/dock - Kodak's dock is an example | No |
| X | Dcom System Patch | Microsoft.exe | Added by the RANDEX.MS WORM! | No |
| X | dcsm | dcsm.exe | DriveCleaner rogue security software - not recommended, see here | No |
| N | DDCActiveMenu | DDCActiveMenu.exe | Digital Distribution Channel - formally part of the WildTangent on-line games delivery service. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case | No |
| N | DDCM | DDCMan.exe | Digital Distribution Channel - formally part of the WildTangent on-line games delivery service. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case | No |
| N | DDCMan | DDCMan.exe | Digital Distribution Channel - formally part of the WildTangent on-line games delivery service. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case | No |
| X | ddeproc | ddeproc.exe | Webcelerator from eAcceleration speeds your Web browsing by both remembering where you have been and anticipating where you will go. Only needed if you find it improves web browsing. Now no longer available and supported and when available was classed as spyware - see here | No |
| U | ddhelper | W815DM.EXE | Enuff Parental Control Software by Akrontech | No |
| X | DDialler | DDialler.exe | Adult content dialler | No |
| X | ddivmwa | [random filename] | Added by a variant of the SLAPER TROJAN! | No |
| U | ddoctorv2 | sprtcmd.exe /P ddoctorv2 | Comcast Desktop Doctor (provided by SupportSoft, Inc) is a free self-help tool for Comcast broadband users. Identifies and automatically fixes typical problems that may occur with your high-speed internet service | No |
| X | DDriver | windrv.exe | Added by the DELF.WG TROJAN! | No |
| X | DDriver | svchost.exe | Added by a variant of the DELF.IT TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! | No |
| ? | DDT | N/A | ?? | No |
| U | DDWMon | ddwmon.exe | Direct Disc Writer Event Monitor from TOSHIBA | No |
| X | de32gen | de32gen.exe | Added by a variant of the CRYPTER.C TROJAN! | No |
| N | DeadAIM | rundll32.exe DeadAIM.ocm, ExportedCheckODLs | DeadAIM - feature enhancing product for AOL's Instant Messenger program | No |
| X | DeadKitty | DeadKitty.exe | Added by the DEADCAT-A WORM! | No |
| X | DealHelperBrwsr | dhbrwsr.exe | DealHelper adware | No |
| X | DealHelperDown | download.exe | DealHelper adware | No |
| X | DealHelperUpdate | DHUpdt.exe | DealHelper adware | No |
| X | Death.exe | Death.exe | Added by the DELF-ERW TROJAN! | No |
| X | Debug | DebugW32.exe | Added by the GUBED TROJAN! | No |
| X | Debugger | dbg32.exe | Added by the MYTOB-FW WORM! | No |
| X | Debugger | explorer32dbg.exe | Added by the CWS-M TROJAN! | No |
| X | Debugger | iexplore_dbg.exe | Added by the CWS-M TROJAN! | No |
| X | debugger | help.pif | Added by the DELF-DRA WORM! | No |
| X | DebugMonitor | debugmonitor.exe | Added by the MYDOOM.BG WORM! | No |
| U | DeeEnEs | DeeEnEs.exe | DeeEnEs - automatically updates a dynamic IP address when it changes | No |
| X | deejay | forboo.exe | Added by the FORBOT-AY WORM! | No |
| X | Deewoo | ncntnkwd.exe | Identified as a variant of the AdWare.Win32.ZenoSearch.am malware | No |
| X | Default | explore.vbs | Added by the ALLEM WORM! | No |
| X | Default | mtask.vbe | Added by the ALLEM WORM! | No |
| X | default | shell32.exe | Added by the BINGHE TROJAN! | No |
| X | Default | _default.pif | Added by the RUBBLE-C WORM! | No |
| X | Default System Research | vhchost.exe | Added by the TARNO.I TROJAN! | No |
| X | Default web browser | IexpIore.exe | Added by the OBLIVION.B TROJAN! Note - do not confuse "IexpIore.exe" with "iexplore.exe" (Internet Explorer), the first has a captial "i" in place of lower case "L" | No |
| X | DefaultConfiguration | defaultconfh.exe | Added by the AOGBOT-KN WORM! | No |
| X | Default_Page_URL | http://find.naupoint.com | Naupoint browser hijacker | No |
| X | Default_Search_URL | http://find.naupoint.com | Naupoint browser hijacker | No |
| X | defender | defender25.exe | DollarRevenue adware | No |
| X | defender | dfndref_7.exe | DollarRevenue adware | No |
| ? | defergui | defergui.exe | Related to IBM Standard Software Installer. What does it do and is it required? | No |
| X | defragm_check | defragment.exe | CoolWebSearch parasite variant | No |
| X | defragsys | svchost.exe | Added by the BIFROSE-TH TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder | No |
| U | defwatch | defwatch.exe | Detects out-of-date virus definitions for Norton Anti-Virus Corporate Edition and runs the Defwatch Wizard. Only required if you don't update the virus definitions manually on a regular basis | No |
| U | Deko550 | Deko550.exe | Associated with the Deko550 entry-level SD real-time graphics system from Avid Technology | No |
| U | Delay | delayrun.exe | On HP PCs this program is used to help prevent conflicts or timing issues on fast computers | No |
| X | DelayLoad | msprint.exe | Added by a variant of the Win32.Agent.ryo malware - see here | No |
| U | Delayrun | delayrun.exe | On HP PCs this program is used to help prevent conflicts or timing issues on fast computers | No |
| N | DelayShred | ShrCL.EXE | McAfee Delay Shreder - not required at startup. You can use QuickClean manually via McAfee Security Center and run it from there | No |
| ? | delcab | deltreew.exe C:cabs | ?? | No |
| X | Delete Me | worm.exe | Added by the DOOMHUNTER WORM! | No |
| U | DeleteHistoryFree | dhf.exe | Delete History Free - "Privacy protection software for deleting Internet surfing and other computer activity tracks from your PC" | No |
| U | Dell AIO Printer A920 | dlbkbmgr.exe | System Tray application for the Dell Photo AIO Printer 920 that enables scan or fax functions to run directly from the printer via the buttons | No |
| U | Dell AIO Printer A940 | dlbabmgr.exe | System Tray application for the Dell Photo AIO Printer 940 that enables scan or fax functions to run directly from the printer via the buttons | No |
| U | Dell AIO Printer A960 | dlbfbmgr.exe | System Tray application for the Dell Photo AIO Printer 960 that enables scan or fax functions to run directly from the printer via the buttons | No |
| N | Dell Alert | DAMon.exe | "Dell Alert" utility, that's supposed to make interaction with Support easier | No |
| U | Dell DataSafe Scheduler | DataSafeOnlineScheduler.exe | Scheduler for Dell DataSafe™ Online which "helps protect your music, photos and other important files by placing backup copies on a secure storage site using your internet connection" | No |
| U | Dell Photo AIO Printer 922 | dlbtbmgr.exe | System Tray application for the Dell Photo AIO Printer 922 that enables scan or fax functions to run directly from the printer via the buttons | No |
| U | Dell Photo AIO Printer 942 | dlbubmgr.exe | System Tray application for the Dell Photo AIO Printer 942 that enables scan or fax functions to run directly from the printer via the buttons | No |
| U | Dell Photo AIO Printer 962 | dlbxmon.exe | DellPhoto AIO Printer 962 Device Monitor | No |
| N | Dell QuickSet | quickset.exe | Dell taskbar icon allowing you to quickly change settings | No |
| N | DELL Webcam Manager | DellWMgr.exe | Dell Webcam Manager - Webcam management software provided on Dell PCs | No |
| N | Dell Wireless Manager UI | wltray.exe | System tray access to wireless LAN card configuration options | No |
| Y | DellAutomatedPCTuneUp | PTAgnt.exe | PC TuneUp from Dell - "silently monitors your system, automatically running needed maintenance during idle time to keep you at peak performance" | No |
| ? | DellDMI | delldmi.exe | Possibly part of Dell OpenManage Client Instrumentation - software that allows remote management application programs to access information about, monitor the status of or change the state of the client computer, such as shutting it down remotely. Uses the DMI and/or common information model (CIM) protocols, which are systems management protocols defined by industry standards? | No |
| U | DELLMMKB | DELLMMKB.EXE | Multimedia keyboard control for Dell based PCs - only required if you use the multimedia keys | No |
| N | DellSC | dellsc.exe | Dell Solution Center - web-based troubleshooting tools and educational offerings | No |
| U | DellSupport | DSAgnt.exe | Dell Support Agent offers additional support and update features for your Dell computer or laptop | No |
| U | DellSupportCenter | sprtcmd.exe /P DellSupportCenter | Dell Support Center (provided by SupportSoft, Inc) is a free self-help tool for Dell users. Identifies and automatically fixes typical problems that may occur with your high-speed internet service | No |
| U | DellTouch | MMKeybd.exe | Dell multimedia keyboard manager. Required if you use the additional keys | No |
| U | DellTouch | DELLMMKB.EXE | Multimedia keyboard control for Dell based PCs - only required if you use the multimedia keys | No |
| ? | DellTransferAgent | TransferAgent.exe | Found on Dell computers. What does it do and is it required? | No |
| X | delmsbb | delmsbb.exe | NCase adware | No |
| X | delsaap | delsaap.exe | NCase adware | No |
| ? | delstart | delstart.exe | Reportedly part of BT ISP software - what does it do and is it required in startup? | No |
| X | delsubmit | rundll32.exe advpack.dll, DelNodeRunDLL32 submit.exe | CoolWebSearch parasite variant | No |
| U | DeltaIITaskbarApp | DeltaIITray.exe | System Tray access to the Delta Control Panel for the M-Audio Delta series of PCI audio cards | No |
| ? | DelTmp | DelTemp.exe | Added to the startup list after installing a Creative SoundBlaster Audigy soundcard. Deletes temporary files once an installation is complete? | No |
| N | DeltTray | deltray.exe | System Tray access to the control panel for the M-Audio Delta 44 PCI Analog Recording Interface. Available via a desktop shortcut, Start -> Programs or Start -> Settings -> Control Panel | No |
| X | DeluxeCommunications | Dxc.exe | Deluxe Communications adware - successor to SurfSideKick | No |
| X | DELXP Protocol | delxp.exe | Added by a variant of the SDBOT WORM! | No |
| ? | demon | demon.exe | Part of the French Wanadoo ADSL extense pack. What does it do and is it required? | No |
| X | Deneca | Virus salvado | Added by the DELUZ VIRUS! | No |
| U | DepFrez | frzstate.exe | Deep Freeze from Faronics Coporation. "Freezes" the current software configuration so that an a re-boot all changes made refer back to their original settings. Not required for most users - more likely to be used by system administrators, for example | No |
| X | deryheruxc | keepSafe.exe | Added by the KILLAV.KAX TROJAN! | No |
| ? | Description of Shortcuts | *.exe | * seems to be a sequence of alphanumerics that can be different, i.e., 1960F8A9, 4EBD23F5, etc. Each of these files would appear to be a shortcut, i.e., 4EBD23F5 is actually Works Calender Reminder (found via a registry search) | No |
| X | Desire | desires.exe | Adult content dialler | No |
| ? | desk-top-service | desk-top-service.exe | ?? | No |
| X | DeskAd Service | DeskAdServ.exe | DeskAd.Service adware | No |
| N | DeskColor | DESKCOLOR.EXE | Provides transparent icon text backgrounds and coloured icon text | No |
| N | Deskflag | Deskflag.exe | DeskFlag - animated USA flag on the desktop | No |
| X | DeskMateAutoUpdate | DeskMateAutoUpdate.exe | DeskMates: Virtual scantily clad girls enhance your desktop. BargainBuddy adware related | No |
| U | deskmech | deskmech.exe | Part of Desktop Maestro from PC Tools - which "combines the features of our award winning products, Registry Mechanic and Privacy Guardian to ensure that you have the range of tools at your fingertips to ensure optimal system performance, stability and user privacy". This entry is created when Desktop Maestro is installed on XP and loads the System Tray icon and runs a registry scan at startup - if either are enabled | Yes |
| U | Desksite CMA | cma.exe | DeskSite CMA siftware - "retrieves new content from the DeskSite Data Center" | No |
| U | DeskSlide | DeskSlide.exe | "DeskSlide is utility for automating wallpaper changes on your desktop" | No |
| X | Desktop | rundll32.exe msconfd.dll, Restore ControlPanel | Added by the BOOKMARKER TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "msconfd.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| X | desktop | desktop.exe | Added by the SDBOT.MD WORM! | No |
| X | Desktop | Desktop.com | Added by the VB-DRN WORM! | No |
| X | desktop | desktop.ini.vbs | IE-Title malware | No |
| N | Desktop Architect | DATRAY.EXE | Desktop theme manager available here - for managing the desktop appearance, fonts, sounds, etc | No |
| U | Desktop Calendar | Desktop Calendar.exe | Desktop Calendar - "Desktop Calendar is a highly customizable calendar program that turns your desktop into a traditional wall calendar, by rotating the background image on a monthly basis" | No |
| U | Desktop Maestro | deskmech.exe | Part of Desktop Maestro from PC Tools - which "combines the features of our award winning products, Registry Mechanic and Privacy Guardian to ensure that you have the range of tools at your fingertips to ensure optimal system performance, stability and user privacy". This entry is created when Desktop Maestro is installed on XP and loads the System Tray icon and runs a registry scan at startup - if either are enabled | Yes |
| U | Desktop Maestro Vista Tray | RMTray.exe | Part of Desktop Maestro from PC Tools - which "combines the features of our award winning products, Registry Mechanic and Privacy Guardian to ensure that you have the range of tools at your fingertips to ensure optimal system performance, stability and user privacy". This entry is created when Desktop Maestro is installed on Vista and loads the System Tray icon (deskmech.exe) on runs a registry scan at startup - if either are enabled | Yes |
| N | Desktop Plant | AZARE10S.PLT | Vritual plant from here - this version is an Azalea, there are others so the filename may be different | No |
| X | Desktop Search | desktop.exe | iSearch adware | No |
| N | Desktop Service Centre | DSC.exe | OptusNet DSL or Dial-Up connection software | No |
| N | Desktop Weather | THE WEATHER CHANNEL.exe | Desktop Weather by The Weather Channel - provides current temperature, conditions, alerts, etc | No |
| N | Desktop Weather 3 | THE WEATHER CHANNEL.exe | Desktop Weather 3 by The Weather Channel - provides current temperature, conditions, alerts, etc | No |
| N | Desktop Weather 3 | THEWEA~1.EXE | Desktop Weather 3 by The Weather Channel - provides current temperature, conditions, alerts, etc | No |
| U | DesktopIconToy | DesktopIconToy.exe | "Desktop Icon Toy is an easy to use desktop icon enhancement tool, which allows you to make many funny but useful patterns out of your windows desktop icons" | No |
| U | DesktopMaestro | deskmech.exe | Part of Desktop Maestro from PC Tools - which "combines the features of our award winning products, Registry Mechanic and Privacy Guardian to ensure that you have the range of tools at your fingertips to ensure optimal system performance, stability and user privacy". This entry is created when Desktop Maestro is installed on XP and loads the System Tray icon and runs a registry scan at startup - if either are enabled | Yes |
| U | DesktopMaestro | RMTray.exe | Part of Desktop Maestro from PC Tools - which "combines the features of our award winning products, Registry Mechanic and Privacy Guardian to ensure that you have the range of tools at your fingertips to ensure optimal system performance, stability and user privacy". This entry is created when Desktop Maestro is installed on Vista and loads the System Tray icon (deskmech.exe) on runs a registry scan at startup - if either are enabled | Yes |
| N | desktopmgr | desktopmgr.exe | Synchronisation manager for the cradles for the Research In Motion range of wireless handhelds, including the "Blackberry" | No |
| X | DesktopUpdate | rundll32.exe MSA64CHK.dll, DllMostrar | MatrixDialer related. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in the Winnt or Windows folder | No |
| U | DesktopX | DESKTOPX.EXE | A program that replaces the regular Desktop and Taskbar, and can be changed to the user's liking | No |
| N | deskup | deskup.exe | Adds Iomega Zip drive icons to the desktop | No |
| X | destroyb11 | destroyb11.exe | Added by the DELF-KO TROJAN! | No |
| U | detect | idetect.exe | iNTERNET Turbo from Clasys Ltd. "It accelerates any Windows 95/98/Me/NT/2000/XP internet connection in seconds". If you find it helps your connectivity leave it enabled | No |
| ? | detect | turbodetect.exe | ?? | No |
| N | Detector | detector.exe | USB port detector for LG scanners. Sits in the System Tray, and when it detects the scanner through the USB port, you can run the scanner software from the tray. It is not required at all, since you can use the scan software from almost any photo editing software | No |
| U | DetectorApp | DetectorApp.exe | Related to Roxio MyDVD (was Sonic) DVD authoring software | No |
| ? | DevconDefaultDB | READREG | Appears to be related to older Creative Soundblaster soundcards | No |
| X | Development Environment | devenv.exe | Added by the DELBOT-AH WORM! | No |
| U | DEventAgent | eventagt.exe | DEvent Agent Module client - part of Dell OpenManage and used for server management. Only required if you use this | No |
| X | devenv | smvss.exe | Added by the DEDLER-G TROJAN! | No |
| X | Device Configuration Loader | msdvc32.exe | Added by a variant of the AGOBOT/GAOBOT WORM! | No |
| U | Device Detector | DevDetect.exe | ACDSee Auto Device Detector detects when a device is connected to your PC and gives you the option to acquire images from it automatically | No |
| N | Device Detector 2 | DevDtct2.exe | Installed by various Olympus products, this program detects the active connection of a speech device (voice recorder, etc) to a USB port then runs specific client software used to access that device. The DevDtct2 process has a "high" priority level which can negatively impact system resources | No |
| X | Device Hardware | devicehnd.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Device IO System | deviceio.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Device Management | wnsystem.exe | Added by the AOGBOT-LH WORM! | No |
| X | Device Manager | wfxmgr.exe | Added by the RBOT.AJU WORM! | No |
| X | Device Security | dvcsecure.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Device Security Driver | devicesec.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Device Security Manager | dvcsecure.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| U | DeviceDiscovery | hpotdd01.exe | Detection of new imaging, printing and other peripherals on HP machines such as USB printers, cameras and Bluetooth products | No |
| X | DevicePath | Proyecto1.exe | Added by the GRUEL WORM! | No |
| X | DevicePath | Root.exe | Added by the GRUEL WORM! | No |
| U | Devices | olesvr.exe | Salfeld Child Control - parental control software | No |
| X | Devicewin | [path to trojan] | Added by the BANKER-AEV TROJAN! | No |
| U | devldr16 | devldr16.exe | Associated with some Creative Labs sound cards. Provides audio support for DOS applications. Not needed if you don't have those. Required if you use "Sound Play Control" and "Sound Recorder". To disable: (1) Disable via MSCONFIG (2) Start → Settings → Control Panel → System → Device Manager then disable "Creative SB16 Emulation" under Creative Miscellaneous Devices | No |
| U | devldr16.exe | devldr16.exe | Associated with some Creative Labs sound cards. Provides audio support for DOS applications. Not needed if you don't have those. Required if you use "Sound Play Control" and "Sound Recorder". To disable: (1) Disable via MSCONFIG (2) Start -> Settings -> Control Panel -> System -> Device Manager then disable "Creative SB16 Emulation" under Creative Miscellaneous Devices | No |
| ? | Devlog | devlog.exe | Apparently mainboard/chipset related, by a French company called AS Media - what exactly is it, and is it required | No |
| X | dfgfdgrergd | [path to trojan] | Added by the RANKY.CK TROJAN! | No |
| ? | DGJM | DGJM.exe | ?? | No |
| X | dgtstart | dgtstart.exe | DigitalNames.g adware | No |
| U | dguard | dguard.exe | eAcceleration Stop-Sign security software related. Previously not recommended, see here | No |
| X | DHCP | smss.exe | Added by the WINSPY.AG TROJAN! Note - this is not the legitimate smss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! | No |
| X | DHCP Server | regsvr.exe | Added by the RBOT-PR WORM! | No |
| X | DHCP32 | services.exe | Added by the WINSPY.AG TROJAN! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! | No |
| Y | dhcpagnt | dhcpagnt.exe | Intel DSL modem driver - leave enabled or you'll have to re-install the drivers | No |
| ? | DHNUXB | DHNUXB.exe | ?? | No |
| X | DI2 | [path to file] | BroadcastPC adware | No |
| N | diagent | diagent.exe | System Tray access for Creative Diagnostics for the Creative SoundBlaster series soundcards. Available via Start -> Programs | No |
| X | Diagnostic | diagnostic.exe | Added by the ALPHA-C TROJAN! | No |
| X | Dial22 | dlm.exe | Adult content dialler | No |
| X | Dial33 | dlm.exe | Adult content dialler | No |
| X | Dialer | rundll32.exe msa32chk.dll | Unidentfied malware | No |
| U | Dialer Control | dc.exe | Dialer-Control. Detects and protects from premium rate adult content diallers | No |
| U | Dialer Detect | dd.exe | DialerDetect detects stealth installed premium rate diallers, and sounds the alarm when such a connection is being installed without you knowing it | No |
| U | Dialgo SDK | PhoneAnswer.exe | Dialgo Wave Modem ActiveX - "Telephone Answering Machine for scripting your own professional call center business scripts using a voice modem. Features Caller-ID, Wave Playback, Wave Recording, Digit Monitoring, POP3 e-mail Manipulation, Speech Recognition and Synthesis" | No |
| X | DialNet | mxt32.exe | Adult content dialler | No |
| N | Dialog Box Assistant | OSDEx.exe | Dialog Box Assistant from Duality Software. Helps with the standard Open and Save As dialog boxes by showing recently used files and folders | No |
| N | Dialog Helper | PDDLGHLP.EXE | Dialog Helper from PowerDesk Pro by Ontrack. Helps with the standard Open and Save As dialog boxes by showing recently used files and folders. Available via Start -> Programs | No |
| X | DialUp Network Application | Rnaap.exe | Added by a variant of the SDBOT WORM! | No |
| X | Diam prlaer | oqedrhg.exe | Added by the SDBOT-DEU WORM! | No |
| ? | Diamondview | Diamondview.exe | Manulife Financial Insurance program. Is it required at startup? | No |
| X | DIECOX | csrss.exe | Added by a variant of the ATM.GEN TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! | No |
| X | Diesel | Recalculate.exe | Added by the LAZAR TROJAN! | No |
| U | DietK | DietK.exe | Diet Kazaa add-on for Kazaa Media Desktop - "removes all adware and popups, built in Download Accelerator, makes searches faster and helps produce more results" | No |
| U | DigiCell | DigiCell.exe | MSI DigiCell - "the most useful and powerful utility that MSI has spent much research and efforts to develop, helps users to monitor and configure all the integrated peripherals of the system, such as audio program, power management, MP3 files management and communication / 802.11g WLAN settings. Moreover, with this unique utility, you will be able to activate the MSI well-known features, Live Update and Core Center" | No |
| X | DigiD | DigitalSound.exe | Adware downloader | No |
| N | DigiGuide | CLIENT.EXE | TV guide and reminder | No |
| N | DigiGuide | client01.exe | TV guide and reminder | No |
| U | Digisoft AntiDialer | AntiDialer.exe | Digisoft AntiDialer | No |
| U | DigiSrv | DigiSrv.exe | Related to camera software from DigitalDreams | No |
| N | Digital Dashboard | devgulp.exe | For Compaq PC's. Loads Digital Dashboard options | No |
| N | Digital Line Detect | DLG.exe | Detects whether your are plugged into a digital telephone line and displays the information graphically. Installed by Dell (and maybe others) and is included with all Connexant V.92 and Broadcom modems | No |
| Y | Digital Patrol Update 5 | update.exe | Digital Patrol - "a powerful anti trojan scanner, which detects and eliminates more than 180'000 Trojan Horses and Spywares. Digital Patrol detects viruses, trojans, worms, spyware, malicious ActiveX controls and Java applets" | No |
| N | Digital River eBot | downlo~1.exe | Digital River Systems EBOT for downloading software from their site. In some cases, if you purchase software online for a download from a software manufacturer, you will be sent to this online company's site for the download after the purchase is complete. Read more here | No |
| X | DigitalNames | DigitalNamesStart.exe | DigitalNames spyware variant | No |
| N | DigitalWizard | ISWizard.exe | InstallShield's DigitalWizard - free, complete Digital Content Management Solution that makes it easy to experience digital content | No |
| N | DigitalWizard Monitor | dwMon.exe | InstallShield's DigitalWizard - free, complete Digital Content Management Solution that makes it easy to experience digital content | No |
| U | DIGServices | DIGServices | Created by Disney but licensed to ESPN for watching videos | No |
| N | DIGServices | DIGServices.exe | Created by Disney but licensed to ESPN for watching videos | No |
| N | DIGStream | digstream.exe | DIGStream Cache Manager - part of ESPN Motion and Disney Motion that periodically check for new videos and indication they're available in the System Tray. Starting ESPN Motion/Disney Motion starts digstream automatically | No |
| U | Dimension | Dimension.exe | Dimension - a program which lets you customize MSN messenger such as adding animated and coloured nicknames, personal toast creator, war tools (login flooder), and allows viewing and interacting with the raw MSN protocol | No |
| U | Dimension4 | d4.exe | Dimension 4 - network time synchronization freeware - starts-up, adjusts the system clock, then shuts down | No |
| X | Dino3 | dino3.exe | Related to Jurassic Park III and enables a dinosaur to walk across the screen. Also generates adverts and classified as adware as a result | No |
| X | Dinst | dinst.exe | IMIServer/IEPlugin adware | No |
| X | Dir1 | caKe | Added by the CAKE WORM! | No |
| X | Direct settings | sdchost.exe | Added by the DAEMONI-I TROJAN! | No |
| U | Direct Update | DUControl.exe | DirectUpdate dynamic DNS updater | No |
| X | Direct X Direct3D | dxd3d.exe | Added by a variant of the SDBOT WORM! | No |
| X | Direct X Opengl | dxopengl.exe | Added by a variant of the RBOT-CJ WORM! | No |
| X | direct3d.exe | direct3d.exe | Added by the CERTIF-F TROJAN! | No |
| N | DirectCD | DirectCD.exe | DirectCD primarily allows you to drag and drop files onto a suitably formatted CD-RW disc. Unless you use this on a frequent basis it isn't required and is available via Start -> Programs. Start the program before inserting a DirectCD formatted CD-RW in the drive. A re-boot is recommended if you close Adaptec DirectCD before re-opening it again later | No |
| Y | Directory Opus Desktop Dblclk | dopusrt.exe | Directory Opus - an advanced file manager. "Directory Opus goes beyond the simple file manager metaphor, and offers you a complete replacement for Windows Explorer and many other utility programs for handling FTP, ZIP, viewing files and images, running slideshows and more" | No |
| X | directs.exe | directs.exe | Added by the BEAGLE.O or BEAGLE.R or BEAGLE.S or BEAGLE.T WORMS! | No |
| U | DIRECTVDSL | Directvdsl.exe | Starts DirectTV DSL modem at boot up. Can also be started manually | No |
| X | DirectX | ddhelp32.exe | Added by the BIONET.318 TROJAN! Note - not the DirectX helper which is ddhelp.exe | No |
| X | directx | Directx.exe | Added by the SDBOT.D TROJAN! | No |
| X | directx | Sqlexploit.exe | Added by the SDBOT.D TROJAN! | No |
| X | DirectX | DirectX.exe | Added by the BLAXE or LOGPOLE WORMS! | No |
| X | directx | NTCmd.exe | Added by the SDBOT.D TROJAN! | No |
| X | directx | PipeCmd.exe | Added by the SDBOT.D TROJAN! | No |
| X | DirectX 32 | directx32.exe | Added by a variant of the AGOBOT/GAOBOT WORM! | No |
| X | DirectX Driver | stdhost.exe | Added by a variant of the RBOT WORM! See here | No |
| X | DirectX Driver | stdhost.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | DirectX For Microsoft Windows | dtxservice.exe | Added by the PROGENT TROJAN! | No |
| X | DirectX for Microsoft Windows | Fservice.exe | Added by the PRORAT TROJAN! | No |
| X | DirectX for Microsoft Windows | Sservice.exe | Added by the PRORAT TROJAN! | No |
| X | DirectX For Microsoft® Windows | fservice.exe | Added by the PRORAT-P TROJAN! | No |
| X | DirectX For Microsoft® Windows | fservice.exe | Added by the PRORAT-L TROJAN! | No |
| X | DirectX shell driver | [path to trojan] | Added by the MARKTMAN-B TROJAN! | No |
| X | Directx Startup Drivers | direct.exe | Detected by PCTools as the RBOT.UXL WORM! See here | No |
| X | DirectX Video Driver | dxterm5.exe | Added by the WILAB-A TROJAN! | No |
| X | DirectX64 | DirectXset.exe | Added by the BROWNEY.A WORM! | No |
| X | DirectX9 | direct3d.exe | Detected by Kaspersky as the AGENT.EDW TROJAN! See here | No |
| X | DirectX9 Diag | dx9diag.exe | Added by the RBOT-ALT WORM! | No |
| U | Dirkey | Dirkey.exe | Dirkey - small utility that allows you to bookmark up to 9 folders by using the Ctrl+Alt+1..9 shortcut keys in an Open/Save File dialog or in Windows Explorer. After this the Ctrl+1..9 shortcut keys can be used in the same or another window to go to any of the 9 bookmarked folders | No |
| ? | Disable EHCI | nousb20.exe | ?? | No |
| N | Disc Detector | CtNotify.exe | For Creative sound cards. Detects when you insert a CD, DVD, etc | No |
| ? | disc detector | qnetquestnotifty.exe | ?? | No |
| ? | discoveg | discoveg.exe | ?? | No |
| ? | DISCover | DISCover.exe | Related to DISCover Drop from Digital Interactive Systems Corporation. What does it do and is it required? | No |
| N | DiscoverDeskshop | Deskshop.exe | Discover Deskshop - single use "virtual" credit card | No |
| U | DiscUpdateManager | DiscUpdMgr.exe | Disc Update Manager for Digital interactive's DISCover Console. Provider of on-demand video games | No |
| N | DiscUpdateManager | DiscUpdateMgr.exe | DISCover from Digital Interactive Systems Corporation Inc. "The company?s patented Drop ?n? Play technology provides a simple, console-like experience when playing PC titles allowing for seamless play of CD/DVD-based games while its unique Parental Control system incorporates ESRB ratings to help users limit access to younger players" | No |
| U | DiscWizardMonitor.exe | DiscWizardMonitor.exe | Seagate DiscWizard - hard disk utility for Seagate's SATA and PATA (IDE) drives | No |
| X | Disk Check | chkdsk32.exe | Added by the IM TROJAN! | No |
| U | Disk Cleaner | DiskCleaner.Exe | Hard disk management part of TuneUp Utilities from TuneUp Distribution GmbH | No |
| X | Disk Defragmentation Loader | pmsvcr.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | Disk Essensial Tools | detsvc.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | Disk Keeper | [path to trojan] | Added by the SMALL-VE TROJAN! | No |
| X | Disk Keeper | SECURITY.EXE | Daosearch adware | No |
| X | Disk Manager | diskver.exe | Added by the RBOT.AQT WORM! | No |
| X | Disk Master | [trojan name] | Added by the DISTER TROJAN! - a spam relayer | No |
| X | Disk Panel Configuration | dpcsvc.exe | Added by the IRCBOT.BSQ BACKDOOR! | No |
| X | Disk Panel Setup | npcsvc.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | DiskCheck | msdarkend.exe | Added by an unidentified WORM or TROJAN! | No |
| N | DiskeeperSystray | DkIcon.exe | DisKeeper defragmentation software - can be started manually | No |
| X | diskinf | diskinf.exe | Added by the CRYPTER.A TROJAN! | No |
| ? | DISKMON.EXE | DISKMON.EXE | ?? | No |
| N | Disknag | disknag.exe | Dell program that reminds you to make your backup diskettes | No |
| X | Diskstart | Code.exe | Adult content dialler | No |
| X | Diskstart | cat.exe | MS-Connect dialler | No |
| X | Diskstart | hit.exe | Adult content dialler | No |
| X | Diskstart | Snt.exe | Adult content dialler | No |
| U | DiskSuite | aDSProcMngr.exe | Part of PC Tools Disk Suite from PC Tools - which "is an all-in-one hard-disk management utility that integrates disk optimization, defragmentation and backup tools in one easy to use package". Proxy (or agent) for the Disk Suite Service. Based upon my experience, if this is disabled it does not appear to adversely affect on-demand or scheduled tasks but has a "U" recommendation as it's function isn't fully known | Yes |
| U | Disk_Monitor | Disk_Monitor.exe | Multi-media, Smartmedia, Compact Flash card reader for reading digital camera cards. Device is recognised as internal USB disk drive. Necessary if camera cards are to be recognised as soon as they are inserted into the reader | No |
| X | disnisa | disnisa.exe | Added by the DORF-AE WORM! | No |
| X | Dispatcher | dispatcher.exe | Added by the DLOADR-AS TROJAN! | No |
| U | display | The_Eye.exe | ComSpySysSvr surveillance software. Uninstall this software unless you put it there yourself | No |
| X | Display | backup.exe | Added by the BRONTOK-CR WORM! | No |
| X | Display Drivers | cssrs.exe | Added by the AGOBOT.FX WORM! | No |
| N | Display Settings | hptasks.exe | Allows for the adjustment of the display for LCD screen, CRT Monitor and TV output on HP computers | No |
| U | DisplayFusion | DisplayFusion.exe | DisplayFusion from Binary Fortress Software - "is a fantastic application that can make your dual monitor (or triple monitor or more) life much, much easier! From allowing you to use a different wallpaper on each monitor, to integrating with Flickr for image searching, to providing hotkeys for managing your application windows" | No |
| N | DisplayTrayIcon | TrayIcon.exe | System Tray access to display properties for ABIT graphics cards. Unless you change your desktop resolution, etc regularily use Control Panel -> Display | No |
| U | Disspy | disspy.exe | Disspy spyware detection and removal software | No |
| N | Distiller Assistant 3.01 | DISTASST.EXE | From Adobe. Creates PDF universal files for Acrobat Reader. Available via Start -> Programs | No |
| X | Distributed File System | Dfsvc.exe | Added by the MYFIP.A or MYFIP.K WORMS! | No |
| X | Distributed File System | kernel32dll.exe | Added by the MYFIP-C or MYFIP.K WORMS! | No |
| X | Distributed File System | blade.exe | Added by the MYFIP.AC WORM! | No |
| X | Distributed File System | win.exe | Added by the MYFIP.AB WORM! | No |
| U | distributed.net client | DNETC.EXE | Dsitributed computing projects client from Distributed.net where numerous computers are used to share a projects workload - similar to SETI@Home and Folding@Home. Also prone to being distributed by viruses | No |
| Y | Dit | dit.exe | "Drive Icon and Label Utility" - assigns drive icons and names to flash memory cards. Required, otherwise the drives aren't found | No |
| X | Dit | dit.exe | Added by the LAZAR-A TROJAN! Note - this is located in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| N | DiTask.exe | DiTask.exe | Associated with an Eicon Networks ISDN or ADSL modem. System Tray icon which shows you the status of your lines (free, occupied with incoming or outgoing call). Available via Start -> Programs | No |
| ? | Divamon.exe | Divamon.exe | Associated with an Eicon Networks Diva ISDN or ADSL modem - what does it do and is it required? | No |
| X | divx | divxenc.exe | Added by the SPBOT.B TROJAN! | No |
| X | Divx | codll.exe | Added by the GRAVEBOT-A TROJAN! | No |
| X | DivX MediaPlayer 7.0 | Dr.DivX.exe | Added by the ALADINZ.G TROJAN! | No |
| X | DivX Player | DivXPlayer.exe | Added by a variant of the RBOT WORM! | No |
| X | DivX Updater | DivX.Exe | Added by the NALDEM TROJAN or MASTAK VIRUS! | No |
| X | DIVX Video Player | DIVXPloyer.exe | Added by an unidentified WORM or TROJAN! | No |
| X | Divx4 codec | devldr32.exe | Added by an unidentfied VIRUS! Note - this is not the legitimate Creative Labs devldr32.exe file | No |
| N | DJRegFix | regedit /s c:\hp\djregfix.reg | DJRegFix showed up first in WinME as a "clever" way to ensure that all Hewlett-Packard DeskJet printers actually worked with WinME - since most were having major problems. This "utility" adds the functionality and compatibility HP forgot to add in its WinME drivers | No |
| ? | DJSNetCN | DJSNetCN.exe | "Symantec Licensing Detect Internet Connection", part of Norton Antivirus. What does it do and is it required? | No |
| X | djtopr1150.exe | djtopr1150.exe | WebRebates adware | No |
| X | dKernel | dKernel.exe | Added by the DECOY-A WORM! | No |
| Y | DkService | DkService.exe | From Executive Software's Diskeeper defragmenting utility - a replacement for Windows Disk Defragmenter. It's recommended to leave this enabled, otherwise you could have problems starting it manually. | No |
| X | DKTime | dktime.exe | Added by the LUNII TROJAN! | No |
| X | Dkware lptt01 | dkware.exe | RapidBlaster variant (in a "DonkeySoft" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here | No |
| X | Dkware ml097e | dkware.exe | RapidBlaster variant (in a "DonkeySoft" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here | No |
| ? | dkzzixm | dkzzixm.exe | ?? | No |
| Y | dla | tfswctrl.exe | Drive letter access to a UDF packet writer for CD-RW - from HP, Veritas an others. Similar to Roxio's DirectCD and does the same thing. From HP - "This is a needed file as it controles the readability of the Combo drives. Without this file loading the end user will be able to burn CD's but wont be able to read them. The drive itself will be able to read store bought master Cd's without the file but not burnt ones" | No |
| U | DLA | DLACTRLW.EXE | Sonic CD/DVD burning applications | No |
| N | DlaTray | Dlatray.exe | System Tray access to DLA - Drive letter access to HP's and Veritas' version of DirectCD. Does the same thing as DirectCD. From HP - "This is a needed file as it controles the readability of the Combo drives. Without this file loading the end user will be able to burn CD's but wont be able to read them. The drive itself will be able to read store bought master Cd's without the file but not burnt ones" | No |
| N | dlbcserv | dlbcserv.exe | Related to Dell Photo Printers and provides additional configuration options for these devices | No |
| Y | DLBTCATS | rundll32 [path] DLBTtime.dll, _RunDLLEntry@16 | Resolves a timing problem where a Dell service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll) | No |
| Y | DLBUCATS | rundll32 [path] DLBUtime.dll, _RunDLLEntry@16 | Resolves a timing problem where a Dell service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll) | No |
| Y | DLBXCATS | rundll32 [path] DLBXtime.dll, _RunDLLEntry@16 | Resolves a timing problem where a Dell service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll) | No |
| Y | DLCCCATS | rundll32 [path] DLCCtime.dll, _RunDLLEntry@16 | Resolves a timing problem where a Dell service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll). If you use the 964 printer, Dell recommends leaving dlcctime.dll in place as it fixes compatibility issues on some Dell systems. If you receive an error message on system startup that reads: "Error in C:WINDOWSSystem32spooldriversW32x863DLCCtime.dll Missing entry: RunDLLEntry" Dell offers help here | No |
| U | dlccmon.exe | dlccmon.exe | Dell Photo AIO Printer 924 device monitor | No |
| Y | DLCDCATS | rundll32 [path] DLCDtime.dll, _RunDLLEntry@16 | Resolves a timing problem where a Dell service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll) | No |
| U | dlcdmon.exe | dlcdmon.exe | Dell Photo AIO Printer 944 device monitor | No |
| Y | DLCFCATS | rundll32 [path] DLCFtime.dll, _RunDLLEntry@16 | Resolves a timing problem where a Dell service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll) | No |
| Y | DLCGCATS | rundll32 [path] DLCGtime.dll, _RunDLLEntry@16 | Resolves a timing problem where a Dell service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll) | No |
| U | dlcgmon.exe | dlcgmon.exe | Dell Photo AIO Printer 810 device monitor | No |
| Y | DLCICATS | rundll32 [path] DLCItime.dll, _RunDLLEntry@16 | Resolves a timing problem where a Dell service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll) | No |
| X | dlcipscl | dcpavss.exe | Added by the MAILBOT-CB TROJAN! | No |
| Y | DLCJCATS | rundll32 [path] DLCJtime.dll, _RunDLLEntry@16 | Resolves a timing problem where a Dell service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll) | No |
| U | dlcjmon.exe | dlcjmon.exe | Dell Photo AIO Printer 964 device monitor | No |
| Y | DLCQCATS | rundll32 [path] DLCQtime.dll, _RunDLLEntry@16 | Resolves a timing problem where a Dell service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll) | No |
| U | dlcqmon.exe | dlcqmon.exe | Dell Photo AIO Printer 966 device monitor | No |
| Y | DLCXCATS | rundll32 [path] DLCXtime.dll, _RunDLLEntry@16 | Resolves a timing problem where a Dell service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll) | No |
| U | dlcxmon.exe | dlcxmon.exe | Dell Photo AIO Printer 926 device monitor | No |
| X | dlder | dlder.exe | Dlder spyware. Also creates a fake "explorer.exe" file and can be installed via versions of Grokster, Lime Wire and KaZaA file-sharing utilities | No |
| X | DlDir1 | caKe | Added by the CAKE WORM! | No |
| U | dldtamon | dldtamon.exe | Dell AIO Printer V305 device monitor | No |
| U | dldtmon | dldtmon.exe | Dell AIO Printer V305 device monitor | No |
| U | dldtmon.exe | dldtmon.exe | Dell AIO Printer V305 device monitor | No |
| ? | DLForcerExe | DLForcerEXE.exe | ?? | No |
| N | DLF_00000B00 | Vcdlf.exe | Known to cause problems with "Out of memory" errors (see here). Otherwise, it's purpose is unknown | No |
| N | DLG | DLGCHBW.exe | Backweb part of Data LifeGuard - diagnostic tools for Western Digital's series of hard drives. Automatically detects an internet connection and downloads any available updates | No |
| N | DLHelperEXE | WATCH.exe | Download helper distributed with some software that allows the software installation to redirect download locations. Not required once the installation is finished | No |
| X | DLHelperEXE.exe | N/A | Downloader for Microgaming/Casino software - stealth installed | No |
| X | dlhost | dlhost.exe | Added by the EXPHOOK-A TROJAN! | No |
| X | DLINK dfe drivers for Windows NT | windfe.exe | Added by the RANDEX.AK WORM! | No |
| U | DLink System Tray | dlnetst.exe | Related to D-Link DGE-530T PCI card for servers and workstations | No |
| X | Dlite | dllmanager.exe | Added by the WOOTBOT.DN WORM! | No |
| X | Dll Boot Loader on Startup (do not remove this) | [various filenames] | Added by an unidentified TROJAN! | No |
| X | Dll Link | svchoist.exe | Added by the AUTOSKY WORM! | No |
| X | Dll Link | svchost.exe | Added by the AUTOSKY WORM! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in Documents and Settings\<User>\Favourites folder | No |
| X | DLL Manager | dllmngr32.exe | Added by a variant of the RBOT WORM! | No |
| X | DLL Service Manager | [path to worm] | Added by the RPCBOT.F TROJAN! | No |
| X | dll services | [random filename].exe | Added by a variant of the SDBOT WORM! | No |
| X | DLL32 | dllmem32.exe | Added by the KWBOT.E WORM! | No |
| X | DLL32 | dllhost.dll | Added by the SUCLOVE.A WORM! | No |
| X | DllCacherv2 | dllcachev2.exe | Added by the LATEDA TROJAN! | No |
| X | dllcvss | [random filename] | Added by a variant of the SLAPER TROJAN! | No |
| X | dlldmt | dlldmt.exe | Added by a variant of the CRYPTER.C TROJAN! | No |
| X | DllExecutable | [path to file] | Added by the VB-SP WORM! | No |
| X | dllhelp | dllhelp.exe | Added by the STARTPAGE.DQ hijacker | No |
| X | dllhelp | dllhlp.exe | Added by the Downloader-HI TROJAN! | No |
| X | DLLHost | dllhst.exe | Added by the DELBOT-AC WORM! | No |
| X | dllhostxp.exe | dllhostxp.exe | Browser hijacker and adware downloader | No |
| X | DllLoader | lssas.exe | Added by the BDOOR-JE BACKDOOR! | No |
| X | Dlload | killer.exe | Added by the KILLAV-FK TROJAN! | No |
| X | dllreg | dllreg.exe | Added by the CRYPTER.A TROJAN! | No |
| X | DLLService32 | dllsvc32.exe | Added by the AGOBOT.VX WORM! | No |
| X | DLLUPDATE32 | dllupdate32.exe | Added by the AGOBOT.IA WORM! | No |
| N | DLM.exe | DLM.exe | IGN Download Manager has become a requirement for downloading files through FilePlanet.com. It is based on Internet Explorer and it installs through an ActiveX-plugin, hence Internet Explorer must be installed beforehand and downloads has to be initialized through that browser | No |
| N | dlmMgr | AdobeDownloadManager.exe | Adobe Download Manager - "can prevent you from having to start from the beginning should your download process be interrupted, and it offers a level of service not possible | No |
| U | DLPSP | DLPSP.EXE | Dell laser printer status monitor | No |
| X | dlsp2mx | dlsp2mx.exe | Added by the MPB-B DIALER! An uninstall option can be accessed via the Add or Remove Programs dialog in the Windows Control Panel. The software is listed as "dlsp2mx" | No |
| ? | DLT | dlt.exe | ?? | No |
| X | dluca | dluca.exe | Added by the DLUCA.C TROJAN! | No |
| X | dluxde | dluxde.exe | All-In-One-Telcom (adult content dialler) variant | No |
| X | Dluxjp | Dluxjp.exe | Added by the DLUCA.D TROJAN! | No |
| X | Dm Hr | lpns.exe | Added by the IRCBOT.WORM.61673 WORM! | No |
| X | DM mgr | dm_mgr.exe | Added by the JITTAR TROJAN! | No |
| X | dm***.exe [* = random char] | dm***.exe [* = random char] | Wareout - malware masquerading as a spyware and dialer remover | No |
| N | DMAScheduler | DMAScheduler.exe | Related to DigitalMedia Plus Archiver. This program is non-essential process to the running of the program, but should not be terminated unless suspected to be causing problems | No |
| X | DMC | dmc.exe | Added by Trojan-Downloader.Win32.Dluca.bv TROJAN! | No |
| U | DMHotKey | DMLoader.exe | HotKey access to the Samsung Display Manager on laptops and ultra-mobiles that support it - such as the M55 and Q1 | No |
| N | DMILDR | dmildr.exe | Part of Dell OpenManage Client Instrumentation - software that allows remote management application programs to access information about, monitor the status of or change the state of the client computer, such as shutting it down remotely. Uses the DMI and/or common information model (CIM) protocols, which are systems management protocols defined by industry standards. Available via Start -> Programs | No |
| N | DMISL | DMISL.EXE | DMI (Desktop Management Interface) Service Layer for Intel TokenExpress network card software. DMI support for the Intel network card managed through the Desktop Management Interface. See here for more information | No |
| N | DMISLAPP | DMISLAPP.exe | DMI (Desktop Management Interface) Service Layer for Intel TokenExpress network card software. DMI support for the Intel network card managed through the Desktop Management Interface. See here for more information | No |
| ? | dmjay | dmjay.exe | ?? | No |
| X | dmloader | dmloader.exe | Added by a variant of the RBOT WORM! | No |
| X | Dmsvc32 | Dmsvc32.exe | Added by the AGOBOT.ABU WORM! | No |
| X | dmtdll | dmtdll.exe | Added by a variant of the CRYPTER.C TROJAN! | No |
| U | DmwClient | dmwclient.exe | DMW "anti-cheating" software for online gaming | No |
| U | DMXLauncher | DMXLauncher.exe | Part of Dell's Media Experience, a multimedia suite which offers the user functionality to organise and play music and digital video files | No |
| X | dm[3 random letters].exe | dm[3 random letters].exe | Added by the RUINDEM TROJAN! | No |
| X | DM_server | dmserver.exe | Comet Cursor adware | No |
| X | dm_service | [path to file] | Added by the MITGLIEDER.P TROJAN! | No |
| X | dnam | d140113.a.Stub.EXE | Added by the STUB_A TROJAN! | No |
| N | Dnar | Dnar.exe | Installed on some Dell workstations and DMI related. Tries to access the internet and is known to not be required - but what does it do? | No |
| Y | DNE Binding Watchdog | rundll dnes.dll, DnDneCheckBindings | Deterministic NDIS Extender (DNE). DNE is an NDIS-compliant module which appears to be a network device driver to all protocol stacks and a protocol driver to all network device drivers. Part of Gilat Communications internet satellite systems. Required if you have this system. Also installed by Winproxy - a proxy program for sharing internet connections through one computer. Required if you want it to work | No |
| Y | DNE DUN Watchdog | rundll dnes.dll, DnDneCheckDUN13 | Deterministic NDIS Extender (DNE). DNE is an NDIS-compliant module which appears to be a network device driver to all protocol stacks and a protocol driver to all network device drivers. Part of Gilat Communications internet satellite systems. Required if you have this system. Also installed by Winproxy - a proxy program for sharing internet connections through one computer. Required if you want it to work | No |
| X | DNHelper32 | DNHlp32.exe | Added by an unidentified WORM or TROJAN! | No |
| X | DNS | mc-58-12-0000080.exe | Shorty adware - also detected as the AGENT.FD TROJAN! | No |
| X | DNS | mc-58-12-0000093.exe | Shorty adware - also detected as the AGENT.FD TROJAN! | No |
| X | DNS | mc-110-12-0000079.exe | Shorty adware - also detected as the AGENT.FD TROJAN! | No |
| X | DNS | mc-58-12-0000120.exe | Shorty adware - also detected as the AGENT.FD TROJAN! | No |
| X | DNS | mc-58-12-0000140.exe | Shorty adware - also detected as the AGENT.FD TROJAN! | No |
| X | DNS | [worm filename] | Added by the BCKDR-CQG BACKDOOR! | No |
| X | Dns Resolver | dnsrslve.exe | Added by the RBOT-WS WORM! | No |
| X | DNS Service | dnsresolver.exe | Added by the RBOT-PQ WORM! | No |
| X | DNS Service | dnssvc.exe | Added by the DELBOT-Z WORM! | No |
| ? | DNS2GoClient | dns2goclient.exe | DNS2Go is a Domain Name System that will make your computer accessible anytime, anywhere by associating a domain name of your choice to your currently assigned IP address. Is it required? | No |
| N | DNS7reminder | Ereg.exe Ereg.ini | ScanSoft (Nuance) Dragon NaturallySpeaking registration reminder. Version 7 | No |
| X | DNSCacheBoost | dnsping.exe | Added by the DNSBUST-A TROJAN! | No |
| X | dnscleaner | dnscleaner.exe | CoolWebSearch parasite variant | No |
| X | dnse | dnse.exe | WinAntiVirus Pro 2007 and Privacy Protector misleading security software - not recommended, see here | No |
| ? | DNXVC | dnxvc.exe | ?? | No |
| X | doc | doc.exe | Added by the AGOBOT-BJ WORM! | No |
| X | DocTor | Doctor.exe | Added by the DOTOR.A WORM! | No |
| X | Doctor Antivirus 2008 | antvr.exe | Doctor Antivirus 2008 rogue security software - not recommended, see here | No |
| N | DocuMagix Init | PWATCH.EXE | PaperMaster is an application for the PC designed to automate the process of organizing, archiving, and retrieving digital versions of files. Start manually if needed | No |
| U | Document Manager | docmgr.exe | Wave Systems Corp. Document Manager - "provides secure storage and management capabilities for file and folder level encryption" | No |
| X | Doggy Style | MsPMSPSd.exe | Added by the SDBOT-AAP WORM! | No |
| X | DOGStart | GSDOGST.EXE | Added by an unidentified VIRUS, WORM or TROJAN! A possibility is a trojan known as PENIS | No |
| ? | Doing | doing.exe | ?? | No |
| X | doit.exe | doit.exe | Added by the FORBOT-EK WORM! | No |
| X | Domain Name Resolve Service | dnsresolver.exe | Added by the KIMAN.A WORM! | No |
| X | DomPlayer Service | wakeservice.exe | DomPlayer adware | No |
| U | Don't Panic | dontpanicdemodp.exe | 30-day trial version of Don't Panic privacy software from Panicware. "Clean up Internet tracks and quickly hide personal documents with this privacy suite." | No |
| U | Don't Panic Pop-Up Stopper | dpps2.exe | Pop-Up Stopper Companion from Panicware. Pop-up blocker integrated into the IE toolbar. Note that the Pro version doesn't load in startup as it is installed as an Internet Explorer toolbar. Can cause problems with IE if you use WinXP and uninstall Service Pack 1. Uninstalling the software leaves it in the startup group | No |
| U | Don't Panic! | DP.EXE | Don't Panic! privacy software from Panicware. "Clean up Internet tracks and quickly hide personal documents with this privacy suite" | No |
| U | Dopus | dopus.exe | Directory Opus - a file manager from GPSoft | No |
| N | DoroServer | DoroServer.exe | Doro PDF Writer from The SZ Development. All what you need for creating pdf files | No |
| X | dos | dos64.exe | Adware downloader trojan | No |
| X | Dos Prompt Loader | cygwin.exe | Added by the SDBOT-VV WORM! | No |
| ? | Dosbat | ?? | ?? | No |
| X | Dot1XCfg | Dot1XCfg.exe | Detected by PCTools as Maxfiles adware - see here | No |
| U | DoubleDesktop | dd.exe | "DoubleDesktop is a smart and elegant system tray utility that effectively doubles the width of your Windows desktop" | No |
| N | DoUWantIt | duwi.exe | DoUWantIt - online shopping assistant. Start it manually | No |
| X | Dowmingzu | Dowmingzu.dll.vbs | Added by the SOLOW-E WORM! | No |
| X | down | hlp32.exe | Added by the DLOADER.BG TROJAN! | No |
| X | down | [trojan filename] | Added by the SMALL-QJ TROJAN! | No |
| U | Down2Home | Down2Home.exe | Down2Home - "monitors your ADSL/Cablemodem/Dialup traffic and provides you with usefull statistics about the amount of data your PC has transferred" | No |
| N | Download Accelerator Manager Free Edition | dam.exe | Download Accelerator Manager Free Edition from Tensons Corp | No |
| N | Download Accelerator Plus 5.0 | DAP.exe | Download Accelerator Plus from Speedbit. Download manager for resuming downloads, amongst other features. Available via Start -> Programs. Note that the free version is adware based | No |
| X | Download Plus | DownloadPlus.exe | DownloadPlus adware | No |
| N | Download Wonder | DownloadWonder.exe | Download Wonder from Forty Software. Download manager for resuming downloads, amongst other features | No |
| N | DownloadAccelerator | DAP.EXE | Download Accelerator Plus from Speedbit. Download manager for resuming downloads, amongst other features. Available via Start -> Programs. Note that the free version is adware based | No |
| X | DownloadLegalMusic | rundll32.exe MSA64CHK.dll, DllMostrar | MatrixDialer related. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in the Winnt or Windows folder | No |
| X | DownloadMP3 | rundll32.exe MSA64CHK.dll, DllMostrar | MatrixDialer related. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in the Winnt or Windows folder | No |
| X | DownloadWare | dw.exe | DownloadWare adware | No |
| X | DownloadWare Engine | Dwe.exe | DownloadWare adware | No |
| X | Downxz | Downxz.bat | Added by the MYDOOM.W WORM | No |
| N | DPAgnt | DPAgnt.exe | digitalPersona fingerprint scanner | No |
| Y | DPAS | DPASNT.exe | DefenderPro AntiSpy spyware remover - now incorporated Defender Pro 15-in-1 and 5-in-1 | No |
| Y | DPASUpdate | DPASAutUpdate.exe | Automatic updates for DefenderPro AntiSpy spyware remover - now incorporated Defender Pro 15-in-1 and 5-in-1 | No |
| U | DPASUpdate | DPASAutoUpdate.exe | Defender Pro Antispy | No |
| Y | Dpcnav | dpcnav.exe | DirecWay from DirectTV (now HughesNet) - satellite based high-speed internet access | No |
| N | DPConfig | DPConfig.exe | Compuware DevPartner Studio Configuration Utility, a tool for software developers - System Tray access to configure the utility's analysis. Not required at startup, can be launched from the Start Menu programs group when needed | No |
| X | dpcproxy | dpcproxy.exe | Added by the GOLDENP-A TROJAN! | No |
| Y | DPCProxyLoadOnStartup | dpcstart.exe | DirecWay from DirectTV (now HughesNet) - satellite based high-speed internet access | No |
| Y | Dpcstart | dpcstart.exe | DirecWay from DirectTV (now HughesNet) - satellite based high-speed internet access | No |
| X | dpi | dpi.exe | Delfin Media Viewer or "Promulgate" adware | No |
| X | dpnsvr32 | dpnsvr32.exe | Added by the AOLPASS-B TROJAN! | No |
| U | dpps2 | dpps2.exe | Pop-Up Stopper Companion from Panicware. Pop-up blocker integrated into the IE toolbar. Note that the Pro version doesn't load in startup as it is installed as an Internet Explorer toolbar. Can cause problems with IE if you use WinXP and uninstall Service Pack 1. Uninstalling the software leaves it in the startup group | No |
| X | dps | dps.exe | SmartestSearch parasite - poses as a foistware, bogus adware/spyware remover called "scumware-remover" | No |
| N | dptracker | dptracker.exe | CamTrack webcam software that enhances the way people video chat | No |
| U | DpUtil | TEDTray.exe | Main executable for TOSHIBA DualPoint Utility Main Module. It is a system tray icon program that provides configuration options for dual pointing device | No |
| N | Drag'n'Drop_Autolaunch | Autolaunch.exe | Iomega HotBurn - CD-RW burning software | No |
| ? | DragDrop | DragDrop.exe | ?? | No |
| N | DragnDrop_Autolaunch | Autolaunch.exe | Iomega HotBurn - CD-RW burning software | No |
| X | DRam Monitor 23 | tskman3.exe | Added by a variant of the RBOT WORM! | No |
| X | DRam prmaessor | [random filename] | Added by the RBOT.CSG WORM! | No |
| X | DRam prosesor | [random filename] | Added by the SPYBOT.EE WORM! | No |
| X | DRam prosessor | [random filename] | Added by the RBOT.CSG WORM! | No |
| X | DRam prosessor | plscd.exe | Added by the RBOT.CYA WORM! | No |
| X | DRam prosessor | HWAPI.exe | Added by a variant of the RBOT WORM! Note - this is not the McAfee HackerWatch process which has the same filename | No |
| X | DRam prosessor | WindowsUpdate.exe | Added by the RBOT-BBZ WORM! | No |
| X | DRam prosessor | msupdate.exe | Added by the DELF-FAW TROJAN! | No |
| X | DRam rar proc | winupdaterar.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | DRam rare proc | updaterarwin.exe | Added by the RBOT-GQW WORM! | No |
| X | DRan posessor | DAP.exe | Added by a variant of the SDBOT WORM! | No |
| X | DrCache | MSTDC.EXE | Added by the BDOOR-JM BACKDOOR! | No |
| X | dreams | server.exe | Added by a variant of the SDBOT WORM! | No |
| X | DrefIW | SysDrefIWv2.exe | Added by the DREF-C WORM! | No |
| X | DrefIW | SysDref.exe | Added by the DREF-D WORM! | No |
| ? | dregfix | ph_finder.exe | ?? | No |
| N | DrgToDsc | DrgToDsc.exe | Part of Roxio EasyCD Creator 6.0 - places the Roxio Drag-to-Disc icon in you system tray. "Easily drag and drop files for burning to CD or DVD. Disc formatting and burning will happen automatically". Not required for Roxio to work properly | No |
| ? | dried.exe | dried.exe | ?? | No |
| X | drin | [path to trojan] | Added by the SMALL.DPB TROJAN! | No |
| X | DriveCleaner 2006 Free | UDC2006.exe | DriveCleaner rogue security software - not recommended, see here | No |
| X | DriveCleaner Free | UDC.exe | DriveCleaner misleading security program - not recommended, see here | No |
| U | DriveIcons | DriveIcon.exe | Drive Icons from Realtek - shows a specific icon for each card type for their card reader controllers | No |
| U | DriveLED | OODLed.exe | O&O DriveLED - hard disk monitoring and crash prevention | No |
| X | Driver | gbot.exe | Added by the JUNTADOR.K TROJAN! | No |
| X | Driver32 | Scam32.exe | Added by the SIRCAM WORM! | No |
| X | DriverCheck | svchost.exe | Added by the DELF-KR TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a C:DriverLoad folder | No |
| X | DriverConf | dvrconf.exe | Added by the AOGBOT-KN WORM! | No |
| X | DriverDB | svcmdx32.exe | Added by the BERPI TROJAN! | No |
| X | DriverLoad | svchost.exe | Added by the DELF-KR TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a C:DriverLoad folder | No |
| U | DriverMagicLogon | dmschedule.exe | Part of DriverMagic - "the easiest way to locate device drivers" | No |
| N | DriverMax | devices.exe | DriverMax from Innovative Solutions - "a new tool that allows you to download the latest driver updates for your computer. No more searching for rare drivers on discs or on the web or inserting one installation CD after the other" | No |
| X | DriverModule | csrnvrt.exe | Added by the IRCBOT.I TROJAN! | No |
| X | DriverPath | system32.exe | Added by the PRORAT-S TROJAN! | No |
| X | Drivers for Internet Explorer | accesweb.exe | Added by freewebs.com hijacker! | No |
| X | Drives swap | AV1i.exe | Anti-Virus Number-1 rogue security software - not recommended, removal instructions here | No |
| N | DriveSelect | driveselect.exe | DVD X Copy XPress by 321 Studios. Creates a pop-up at Windows startup that asks for the DVD drive to be selected. Available via Start -> Programs | No |
| U | drkly16j | rundll32.exe drkly16j.dll, ServiceCheck | KidsWatch Time Control parental control software | No |
| X | DRM Upgrade | drmupgd.exe | Detected by Trend Micro as the IRCBOT.AWU BACKDOOR! See here | No |
| U | dRMON SmartAgent | SmartAgt.exe | Part of the network monitoring program group for 3Com NIC cards. See here for more info | No |
| X | drmsrv32 | stmhosts.exe | Added by the AGENT.AGWU TROJAN! | No |
| X | drmu | W95Mm.exe | Homepage hijacker installing a toolbar: http://tdko.com/. Lop.com in disguise | No |
| X | Drmupgds | Drmupgds.exe | Detected by PCTools as Maxfiles adware - see here | No |
| X | drocher | d.exe | Adult content dialler | No |
| X | DropSpam Lifestyle | dslifestyle.exe | Dropspam adware | No |
| X | drvddll.exe | drvddll.exe | Added by the BEAGLE.AP WORM! | No |
| X | Drvddll_exe | drvddll.exe | Added by the BEAGLE.X WORM! | No |
| U | DrvIcon | DrvIcon.exe | "Vista Drive Icon changes the drive icons shown in Windows "My Computer", to a nearly Vista drive icon, showing the drive's free space with a smooth colored horizontal bar" | No |
| ? | DrvListnr | DrvListnr.exe | Analog Devices SoundMAX soundcard related. What does it do and is it required? | No |
| U | drvlsnr | drvlsnr.exe | Compaq/ADI SoundMAX integrated digital audio controller related. May solve a problem if your sound cuts out unexpectedly | No |
| U | DrvMon.exe | DrvMon.exe | Alcor drive monitor software | No |
| X | drvnetw | drvnetw.exe | Added by the BROGGER-B TROJAN! | No |
| X | drvr32h | drvr32h.exe | Added by an unidentified VIRUS, WORM or TROJAN! | No |
| X | drvrmanager | drvrquery32.exe | Added by the BOOHOO WORM! | No |
| X | drvsys.exe | drvsys.exe | Added by the BEAGLE.W WORM! | No |
| X | drvsyskit | hidr.exe | Added by the BAGLE.HR WORM! | No |
| X | drvupd | rundll32 ..drvupd.inf | Hijacker - drvupd.inf file installs a "searchforge.com" hijack | No |
| X | drv_st_key | hidn.exe | Added by the BEAGLE.FF WORM! | No |
| X | DrWatson | drwatson_.exe | Added by the LOHAV-S TROJAN! | No |
| X | DrWatson | drwatson_32.exe | Added by the LOHAV-S TROJAN! | No |
| X | DrWeb Antivirus | DRWEBAV.EXE | Added by an unidentified WORM or TROJAN! | No |
| Y | Drwebscheduler | Drwebscd.exe | DrWeb antivirus related - scheduler that allows you to manage an automatic launch of applications, in particular the antivirus scanner or the update subsystem | No |
| X | DR_S | DR_S.exe | IstBar adware | No |
| X | ds | ds.exe | Added by the SPYMON TROJAN! | No |
| U | DS Clock | dsclock.exe | Digital desktop clock including synchronization with atomic servers - see here | No |
| X | dS35DLL | ffqca.exe | Added by the SDBOT-KV WORM! | No |
| X | dsa | dsa.exe | Homepage hijacker - redirecting to downseek.com | No |
| X | DSAcass | [path to file] | Added by the RANKY.M TROJAN! | No |
| X | dsadlsa14 | dsakfsak14.exe | Added by the ONLINEG-P TROJAN! | No |
| X | DSB | DSB.exe | EnergyPlugin adware | No |
| U | dscactivate | dsca.exe | Dell Support Agent offers additional support and update features for your Dell computer or laptop | No |
| X | dsd | zz.exe | Added by the RBOT-FOX WORM! | No |
| N | DSentry | DSentry.exe | Anti-spyware from Dell. Seems that after Dell found out certain applications being installed from DVD's would report back information about what customers were watching, they decided to implement an anti-spyware service. Run manually before installation starts | No |
| X | dsfghjgj | keepSafe.exe | Added by the KILLAV.KAX TROJAN! | No |
| X | Dsi | dp-******.exe | Added by an unidentified adware where ****** are random characters | No |
| X | Dsi | dp-him.exe | Added by the MULTIDR-AH TROJAN! | No |
| X | Dskcompat | Dskcompat.exe | Added by the GEMA TROJAN! | No |
| U | DSKEY | DsKey.exe | Part of PC PhoneHome - "secretly sends an invisible email message to an email address of your choice containing the physical location of your computer every time you get an Internet connection". Security software from Brigadoon Security Group for tracking down lost/stolen computers | No |
| X | DSKEY | [path to trojan] | Added by the STARTER-G TROJAN! | No |
| N | DSL Monitor | spdstrm.exe | Comes with Efficient Networks DSL Modems. Little red/green/yellow flashing icon in system tray | No |
| Y | DSLagentexe | DSLagent.exe | Used in conjunction with USB connected ADSL modems from Eicon Networks (as used by BT for its Broadband internet service for example). Required for a permanent ADSL connection | No |
| Y | dslmon | dslmon.exe | Sagem DSL modem related. Apparently needed to detect the modem | No |
| U | DSLSTATEXE | dslstat.exe | System tray connection status for ADSL modems from Eicon Networks (as used by BT Broadband for example) | No |
| X | DsmSer | dsm.exe | Added by the SERFLOG.B WORM! | No |
| X | DsmSer | msmpatch.exe | Added by the SERFLOG.B WORM! | No |
| X | DsmSer | svosm.exe | Added by the SERFLOG.B WORM! | No |
| X | DsmSer | sysup.exe | Added by the SERFLOG.B WORM! | No |
| X | DsplObjects | windspl.exe | Added by the BEAGLE.DN WORM! | No |
| X | DSS | dssagent.exe | DSSAgent by Brøderbund - spyware. Sends encrypted emails about the system back to the originators of the program. Also a resource hog. See here for more info | No |
| X | DSS | [path to trojan] | Added by the DSSDOOR-C TROJAN! | No |
| X | DSService | dmrss.exe | Added by the AGOBOT-XX WORM! | No |
| ? | DSSSGENS | dssagens.exe | ?? | No |
| X | dstiosys | plsitctl.exe | Added by the MAILBOT-BX TROJAN! | No |
| X | DSystemDriver | windrv.exe | Added by the DELF.WG TROJAN! | No |
| U | DT HPW | DTHtml.exe | Display Tune from Portrait Displays, Inc. - "is the perfect software utility to initially set-up and adjust your display to achieve its optimum performance. All adjustments are made through a simple graphical user interface and the user is guided, step-by-step, through the entire initial tuning process." Also licensed and renamed by manufacturers such as Gateway and HP | No |
| N | DU Meter | DUMETER.EXE | Hagel Technologies internet bandwidth monitor | No |
| U | DualCoreCenter | StartUpDualCoreCenter.exe | Unified control center for overclocking both the graphics card and the CPU, but for the program to have its full functionality you must have an MSI mainboard with a CoreCell chip | No |
| X | duck | duck.exe | Added by the AGOBOT-AVG WORM! | No |
| N | Dulux WeatherShield WeatherDesk | weather.exe | Dulux WeatherShield WeatherDesk - latest weather information from across Australia | No |
| X | Dumeter Services | dumeter.exe | Added by the SDBOT-AEQ WORM! | No |
| X | dumprep | spoolc.exe | Detected by Kaspersky as a variant of the AGENT.CXF TROJAN! | No |
| N | dumprep 0 -k | dumprep 0 -k | Used in connection with memory dumps - you can disable these by - right clicking on My Computer, selecting Properties and then the Advanced tab. Click on the Settings button in 'Startup and Recovery'. In the bottom pane - under 'Write debugging information' - click on the down arrow and then select 'None' - OK your way out | No |
| N | dumprep 0 -u | dumprep 0 -u | Used in connection with memory dumps - you can disable these by - right clicking on My Computer, selecting Properties and then the Advanced tab. Click on the Settings button in 'Startup and Recovery'. In the bottom pane - under 'Write debugging information' - click on the down arrow and then select 'None' - OK your way out | No |
| X | DUN_SERVICES3 | dun3.exe | Added by the SOKIRON TROJAN! | No |
| X | Duweculey | yujixit.exe | Added by the SDBOT.BRP WORM! | No |
| X | Duwee wong Cerbon | Cirebons.exe | Added by the BHARAT.A WORM! | No |
| X | DVD Upgrade | dvdupgd.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| N | dvd43 | DVD43_Tray.exe | DVD43 is "a small tool that integrates into Windows and overrides CSS copy-protection found on DVD movies" | No |
| U | DVD43 | DVD43.exe | DVD43 is a small tool that overrides CSS copy-protection found on DVD movies | No |
| X | dvd98 | windvd98.exe | Added by the CULT.P WORM! | No |
| N | DVD@ccess | DVDAccess.exe | Part of DVD Studio Pro from Apple Inc. - "The DVD@CCESS feature allows you to add additional interactivity to your DVD title when it is played on a computer" | No |
| U | DVDBitSet | DVDBitSet.exe | DVD+RW Drive/Disc Compatibility Setting. Installed with HP DVD+RW drives to enhance compatibility with existing readers. You can also set a DVD+RW default drive write mode which is always used | No |
| ? | DVDCheck | DVDCheck.exe | Related to an Intervideo program. What does it do and is it required in startup? | No |
| X | Dvdcompat | Dvdcompat.exe | Added by the GEMA TROJAN! | No |
| N | DVDLauncher | DVDLauncher.exe | Part of Cyberlink's Power Cinema - allows you to play DVDs upon insertion | No |
| N | DVDSentry | DSentry.exe | Anti-spyware from Dell. Seems that after Dell found out certain applications being installed from DVD's would report back information about what customers were watching, they decided to implement an anti-spyware service. Run manually before installation starts | No |
| N | DVDTray | DVDTray.exe | HP CD/DVD Tray icon installed with the DVD writer software. Periodically checks for new drive firmware | No |
| N | DVDUpgrade | DVDUpgrd.exe | Microsoft program to upgrade your DVD decoder program - see Q306331. Available via Start -> Programs | No |
| N | DVDXGhost | DVDGhost.EXE | DVD Ghost - "utility to make your software DVD players and DVD copy/backup softwares restriction-free, and copy/backup DVD to hard disk" | No |
| U | dvHighMem | cfgmng32.exe | Related to PureSight PC - designed to offer maximum flexibility and choice as families manage their internet use | No |
| Y | Dvp95 | Dvp95.exe | Scan engine for F-Secure and Command antivirus software based on the F-Prot AntiVirus engine | No |
| Y | dvpapi9x | DVPAPI9X.exe | Command AntiVirus for Windows 95/98/Me | No |
| Y | DvpInitExe | Dvpinit.exe | Command Antivirus related | No |
| Y | dvprpt | Dvprpt.exe | Command Antivirus related | No |
| X | dvraudio | dvraudio.exe | Added by a variant of the CRYPTER.C TROJAN! | No |
| X | dvsfss | fbsfsdrs.exe | Added by the SDBOT-QA WORM! | No |
| U | DVSync | dvsync.exe | DVSync is the program that allows you to synchronize your daVinci's PDA's data with your Personal Information Manager on the PC | No |
| X | DvVideo32 | dvvid32.exe | Added by the TINY.FD TROJAN! | No |
| X | Dvx | wsxsvc.exe | Delfin Media Viewer or "Promulgate" adware variant | No |
| X | dw | dw.exe | DownloadWare adware | No |
| N | DW4 | Weather.exe | Desktop Weather 4 by The Weather Channel - provides current temperature, conditions, alerts, etc | No |
| N | DW4 | DesktopWeather.exe | Desktop Weather 4 by The Weather Channel - provides current temperature, conditions, alerts, etc | No |
| N | DW6 | DesktopWeather.exe | Desktop Weather 6 by The Weather Channel - provides current temperature, conditions, alerts, etc | No |
| U | DWHeartbeatMonitor | DWHeartbeatMonitor.exe | DWHeartbeatMonitor.exe is installed alongside the Weather.com instant messaging utility. This is a non-essential process. Disabling or enabling this is down to user preference | No |
| N | DwlClient | support.exe | Download manager for Dell support alerts | No |
| Y | DWQueuedReporting | dwtrig20.exe | Related to System Event Notification Services from Microsoft. Required for Efficient Mobile Network Computing | No |
| N | dwStart | FireWall.exe | The Shield firewall from pcsecurityshield.com. Not recommended by some (see here) and there are better free alternatives out there such as Zone Alarm | No |
| X | DW_Start | rwwnw64d.exe | Identified as a variant of the AdWare.Win32.ZenoSearch.am malware | No |
| X | Dx | sys*.exe [* = random number] | Added by the DEXTER.A WORM! | No |
| X | Dx8compat | Dx8compat.exe | Added by the GEMA TROJAN! | No |
| X | dxdiag diagnose | msidxdia.exe | Added by a variant of the RBOT WORM! | No |
| X | dxdiags.exe | dxdiags.exe | Added by the CERTIF-G TROJAN! | No |
| X | DxDialog | dxdlg32.exe | Added by the VB-CXT TROJAN! | No |
| X | dxdll32 | ntxdll.exe | Added by the GAOBOT.CPX WORM! | No |
| N | DXDllRegExe | dxdllreg.exe | Created when you select "Yes" to check the "WHQL Digital signatures" in the DirectX9 files at the first time you open it | No |
| X | DxLoad | DX3DRndr.exe | Added by the GIBE.B WORM! | No |
| N | DXM6Patch_981116 | p_981116.exe | Win32 cabinet self extractor. More info here | No |
| X | dxmsrv | dxmsrv.exe | Added by an unidentified WORM or TROJAN! | No |
| X | Dxsty | Dxsty.exe | Added by the GEMA TROJAN! | No |
| X | Dxupdate.exe | Dxupdate.exe | Added by the MAFEG WORM! | No |
| X | dxvid | dxvid.exe | Added by the DLUCA-Y TROJAN! | No |
| X | DyFuCA | optimize.exe | Adult content dialler - see here | No |
| X | DyFuCA Active Alert | actalert.exe | Adult content dialler - see here | No |
| X | Dynamic DHCP | dydhcp.exe | Added by the RINBOT.B TROJAN! | No |
| X | Dynamic Dns Binary | dynitora.exe | Added by the RBOT-WT WORM! | No |
| X | Dynamic Dns Binary | CMD16.EXE | Added by the RBOT-XM WORM! | No |
| X | Dynamic Dns Binary | winxp34.exe | Added by a variant of the RBOT WORM! | No |
| X | Dynamic Dns Binary | WinHelpcfn.exe | Added by a variant of the RBOT WORM! | No |
| X | Dynamic Link Library loader | Loader32.exe | Added by the KOL TROJAN! | No |
| U | DynDNS Updater | DynDNS.exe | Dynamic DNS IP address updater tool, used as a client for Dynamic DNS service providers such as http://www.DynDNS.org | No |
| N | DynDNS-Updater Traytool | ddutray.exe | DynDNS updater tray icon - allows easy configuration of the Dynamic DNSSM service. Can be run manually | No |
| X | DynHttp Dns Binary | dynizari.exe | Added by a variant of the RBOT WORM! | No |
| U | DynSite | DynSite.exe | DynSite - dynamic DNS client, also called an automatic IP updater | No |
| U | Dynu Basic Client | dynubas.exe | Dynu online dynamic IP update client. Useful when using a dial up modem | No |
| ? | DZKillMe | DZSAVEME.EXE | ?? | No |
| U | D_V_T | dvt.exe | DICOM Validation Tool - "DICOM is increasingly being used as the standard communication mechanism when integrating various medical products in a hospital environment" | No |
| ? | D_V_T | dvt.exe | Installation could be a crack/hack to NOD32 here. Seen and removed in many logs. Investigate it further and if this file is present C:d_v_t.reg then it should be fixed. Not to be confused with the DICOM entry here. Both files are located in the Windows/Windir directory | No |
| X | E-Card | ecard.exe | Added by the YODI WORM! | No |
| U | E-color | IconMgr.Exe | Sets the colour of your monitor when running games that recognise E-Color so that you get 'what the game designer intended' when you see the game. Also allows monitor callibration through a program called 3-Deep. If you play a lot of games it can be useful. Can be disabled from starting up from within the program | No |
| N | E-Color Registration | SonnReg.exe | Registration for Colorific® and 3Deep® monitor calibration sofware from E-Color. Now superseded by ColorWizzard™ and 3DxWizzard™ | No |
| X | E-nrgyPlus | E-nrgyPlus.exe | Energyplus - tracks internet activity including websites visited and queries made at popular search engines. This information along with some system information is sent to a remote site | No |
| X | e-Surveiller Station | estation.exe | ESurveiller spyware. Note - ESurveiller is spyware that monitors and records keystrokes and mouse clicks, instant message conversations, Internet activity and applications used, must be manually installed | No |
| U | E06DXLRD_7604703 | EDICT.EXE | Related to Microsoft Encarta dictionary functions | No |
| N | E6TaskPanel | TaskPanl.exe | Earthlink Task Panel - part of Earthlink TotalAccess 2003 internet access software. Quick access to internet, E-mail and web-space | No |
| N | EA Core | Core.exe | Electronic Arts EA Link software - "gives you a secure yet simple way to download EA PC games and patches, as well as other exclusive content" | No |
| U | eabconfg.cpl | EabServr.exe | Easy Access Buttons control panel on Compaq laptops. Only required if you use the extra keys | No |
| X | Eac Download | download.exe | Webcelerator from eAcceleration speeds your Web browsing by both remembering where you have been and anticipating where you will go. Only needed if you find it improves web browsing. Now no longer available and supported and when available was classed as spyware - see here | No |
| U | EACLEAN | eaclean.exe | For Compaq PC's. Easy Access button support for the keyboard | No |
| X | Eac_Cnry | canary.exe | Added by the CANARY TROJAN! | No |
| ? | Eac_rnvdl | ANTIVIRUS_INSTALL.EXE | ?? | No |
| U | EanthologyApp | EANTHO~1.EXE | eAcceleration Stop-Sign security software related. Previously not recommended, see here | No |
| U | EanthologyApp | eanthology.exe | eAcceleration Stop-Sign security software related. Previously not recommended, see here | No |
| U | eanthology_install.exe | eanthology_install.exe | eAcceleration Stop-Sign security software related. Previously not recommended, see here | No |
| U | eanth_critical_update_alert | sys_alert.exe | eAcceleration Stop-Sign security software related. Previously not recommended, see here | No |
| U | eanth_critical_update_alert | EANTHO~1.EXE | eAcceleration Stop-Sign security software related - previously not recommended (see here). It has now been delisted, so make sure you have the latest version | No |
| U | eanth_system_patcher | sys_alert.exe | eAcceleration Stop-Sign security software related. Previously not recommended, see here | No |
| N | Eapcisetup | sbsetup.exe | Rockwell RipTide soundcard application software. Sound works without it | No |
| N | EAPCISETUP | wizard.exe | Part of the Creative Sounblaster PIC Installation Wizard. Probably left as a result of a failed installation | No |
| Y | Earthlink Protection Control Center | elnk_pcc.exe | EarthLink Protection Control Center - "powerful, integrated security program makes it easier than ever to protect yourself against viruses, spyware, and hackers-all from one convenient location" | No |
| N | EarthLink ToolBar 5.0 | etoolbar.exe | EarthLink Toolbar is a tool to help you get to all of the resources of the internet. EarthLink 5.0 Setup adds a few basic buttons to the Toolbar, but you can delete these or add more buttons any time | No |
| U | Easy Key | easykey.exe | For programming of the built-in functions keys on some laptops (and maybe desktops). Required if these are used | No |
| N | Easy Start Button | esb.exe | Provides functionality on certain laptops that have additional keys. Not required unless you use the extra keys | No |
| U | Easy-PrintToolBox | BJPSMAIN.EXE | A utility to launch the applications that are bundled with a Canon bubblejet printer | No |
| X | EasyAV | EasyAV.exe | Added by the NETSKY.S or NETSKY.T WORMS! | No |
| X | EasyDates | EasyDates.exe | Premium rate adult content dialler | No |
| X | EasyDates_gb | EasyDates_gb.exe | "Edate-A" premium rate adult content dialler | No |
| X | EasyDates_nl | EasyDates_nl.exe | Adult content dialler | No |
| U | EasyKey | easykey.exe | For programming of the built-in functions keys on some laptops (and maybe desktops). Required if these are used | No |
| U | EasyKeyboardLogger | EasyKeyboardLogger.exe | EasyKeyLogger keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| U | EasyLinkAdvisor | LinksysAgent.exe | Linksys EasyLink Advisor - "the free application that provides and easy way to setup, view, manage, and repair your network" | No |
| U | EasyMessage | em2.exe | Easy Messenger, instant messenger for MSN, AOL, ICQ, and Yahoo. See here | No |
| X | EasySearchBar | ESBUpdate.exe | EasySearchBar adware downloader | No |
| X | easyServ | Server.exe | Added by the EASYSERV TROJAN! | No |
| X | EasySpywareCleaner | EasySpywareCleaner.exe | EasySpywareCleaner spyware remover - not recommended, see here | No |
| U | EasySync Pro | XCPCMenu.exe | "IBM® Lotus® EasySync® Pro is a personal productivity solution that provides data synchronization between your IBM Lotus Notes® desktop and handheld devices running PalmOS and Windows CE/Pocket PC operating systems" | No |
| U | EasySync Pro - 3CmPlm | AutoDet.exe | 3Com Palm PC specific translator for IBM® Lotus® EasySync® Pro - "a personal productivity solution that provides data synchronization between your IBM Lotus Notes® desktop and handheld devices running PalmOS and Windows CE/Pocket PC operating systems" | No |
| U | EasySync Pro - LtNts4 | NtsAgent.exe | Lotus Notes 4 specific translator for IBM® Lotus® EasySync® Pro - "a personal productivity solution that provides data synchronization between your IBM Lotus Notes® desktop and handheld devices running PalmOS and Windows CE/Pocket PC operating systems" | No |
| U | EasySync Pro - PocketPC | AUTODE~1.EXE | Windows Mobile Pocket PC specific translator for IBM® Lotus® EasySync® Pro - "a personal productivity solution that provides data synchronization between your IBM Lotus Notes® desktop and handheld devices running PalmOS and Windows CE/Pocket PC operating systems" | No |
| U | EasySync Pro - PocketPC | AutoDetect.exe | Windows Mobile Pocket PC specific translator for IBM® Lotus® EasySync® Pro - "a personal productivity solution that provides data synchronization between your IBM Lotus Notes® desktop and handheld devices running PalmOS and Windows CE/Pocket PC operating systems" | No |
| U | EasyTuneIII | EasyTune.exe | Tuning (overclocking) utility for Gigabyte motherboards. Shortcut available | No |
| U | EasyTuneIV | ET4Tray.exe | Tuning (overclocking) utility for Gigabyte motherboards. Shortcut available | No |
| U | EasyTuneV | GUI.exe | Tuning (overclocking) utility for Gigabyte motherboards. Shortcut available | No |
| X | easywww | easywww2.exe | Added by an unidentified VIRUS, WORM or TROJAN! | No |
| U | eAudio | eAudio.exe | Acer eAudio Management provides centralized control over notebook audio, and specialized audio modes for movies, music and games | No |
| X | EbatesMoeMoneyMaker | wjview ...Code | Ebates adware | No |
| X | EbatesMoeMoneyMaker0 | EbatesMoeMoneyMaker0.exe | Ebates adware | No |
| X | eBay Toolbar | EBAYTBAR.EXE | eBay Toolbar - reportes as spyware as it "phones home" | No |
| U | eBayToolbar | eBayTBDaemon.exe | eBay toolabar related - also contains eBay account Guard which monitors for fraudulent eBay sites | No |
| X | ebmmm | ebatesmmmv.exe | Ebates adware | No |
| U | eBoard | Eboard.exe | eMachines multimedia keyboard manager. Required if you use the extra keys | No |
| N | eBot | DownloadWizard.exe | eBot from Digital River - "helps ensure your computer always has the latest technology, fixes, add-ons, upgrades and 'cool stuff'." Can optionally be installed with software such as Net Nanny internet filtering software. Available via Start -> Programs | No |
| U | EC21 | EZQ.EXE | Related to EC21 "the world's largest B2B marketplace to facilitate online trades between exporters and importers from all around the world" | No |
| U | ECenter | gtb.exe | Dell E-Center/Google Toolbar related | No |
| N | ECenter | EULALauncher.exe | End User License Agreement (EULA) launcher - related to Dell E-Center/Google Toolbar | No |
| X | ecko | claro.exe | Added by the DLOADR-AQJ TROJAN! | No |
| ? | ecpe | ECPE.EXE | ?? | No |
| U | eDataSecurity Loader | eDSloader.exe | Part of Acer Empowering Technology. "Acer eDataSecurity Management is a handy file encryption utility that protects files from being accessed by unauthorized persons, using passwords and advanced encryption algorithms" | No |
| N | edexter | edexter.exe | eDexter supplements internet filtering by substituting local images for filtered images in order to prevent browser stalls and other annoyances. Can be activated manually when starting the browser | No |
| X | editpad | editpad.exe | Added by the CONSPER-B TROJAN! | No |
| N | EDLoader | DTLoader.exe | Effective Desktop from MiniStars Software - desktop management software no longer being supported | No |
| U | eDonkey2000 | edonkey2000.exe | File sharing network - not recommended as the free version of this application should be avoided as it installs, without permission, New.Net, Webhancer, WebSearch Toolbar and WinTools | No |
| U | EDRestore | ?? | Set Point from Easy Desk Software - "small utility that automatically sets System Restore points for WinME/XP" | No |
| X | educational writer | [random filename] | Added by the RBOT-LZ WORM! | No |
| U | Edwizard | Edwizard.exe | SafeGuard Easy - "provides total company-wide protection for sensitive information on laptops and workstations. Boot protection, pre-boot user authentication and hard disk encryption using powerful algorithms guarantee against unauthorized access and hacker attacks" | No |
| X | EDxMC110 | Isass.exe | Added by the VB-NIA WORM! | No |
| X | Edzy AntiVirus | dppsfa.exe | Added by a variant of the RBOT WORM! | No |
| N | EEventManager | EEventManager.exe | Part of the Epson Creativity Suite supplied with their multi-function printer/scanners, Event Manager launches File Manager or PageManager for EPSON automatically when you press the B&W Start or Color Start button on the control panel in Scan mode | No |
| X | Efata | [random 5 characters].exe | Added by the FLUKAN-D WORM! | No |
| U | eFax 4.1 | J2GDllCmd.exe | DLL Command Utility for version 4.1 of eFax Messenger from j2 Global Communications, Inc. - which "is powerful Internet fax software that makes it easy to create, annotate, sign, zoom and print faxes from any computer" | No |
| U | eFax 4.1 | J2GTray.exe | System Tray access to version 4.1 of eFax Messenger from j2 Global Communications, Inc. - which "is powerful Internet fax software that makes it easy to create, annotate, sign, zoom and print faxes from any computer" | No |
| U | eFax 4.2 | J2GDllCmd.exe | DLL Command Utility for version 4.2 of eFax Messenger from j2 Global Communications, Inc. - which "is powerful Internet fax software that makes it easy to create, annotate, sign, zoom and print faxes from any computer" | No |
| U | eFax 4.2 | J2GTray.exe | System Tray access to version 4.2 of eFax Messenger from j2 Global Communications, Inc. - which "is powerful Internet fax software that makes it easy to create, annotate, sign, zoom and print faxes from any computer" | No |
| U | eFax 4.3 | J2GDllCmd.exe | DLL Command Utility for version 4.3 of eFax Messenger from j2 Global Communications, Inc. - which "is powerful Internet fax software that makes it easy to create, annotate, sign, zoom and print faxes from any computer" | No |
| U | eFax 4.3 | J2GTray.exe | System Tray access to version 4.3 of eFax Messenger from j2 Global Communications, Inc. - which "is powerful Internet fax software that makes it easy to create, annotate, sign, zoom and print faxes from any computer" | No |
| U | eFax 4.4 | J2GDllCmd.exe | DLL Command Utility for version 4.4 of eFax Messenger from j2 Global Communications, Inc. - which "is powerful Internet fax software that makes it easy to create, annotate, sign, zoom and print faxes from any computer" | No |
| U | eFax 4.4 | J2GTray.exe | System Tray access to version 4.4 of eFax Messenger from j2 Global Communications, Inc. - which "is powerful Internet fax software that makes it easy to create, annotate, sign, zoom and print faxes from any computer" | No |
| U | eFax DllCmd | J2GDllCmd.exe | DLL Command Utility for eFax Messenger from j2 Global Communications, Inc. - which "is powerful Internet fax software that makes it easy to create, annotate, sign, zoom and print faxes from any computer" | No |
| U | eFax DllCmd 3.5 | J2GDllCmd.exe | DLL Command Utility for version 3.5 of eFax Messenger from j2 Global Communications, Inc. - which "is powerful Internet fax software that makes it easy to create, annotate, sign, zoom and print faxes from any computer" | No |
| U | eFax DllCmd 4.0 | J2GDllCmd.exe | DLL Command Utility for version 4.0 of eFax Messenger from j2 Global Communications, Inc. - which "is powerful Internet fax software that makes it easy to create, annotate, sign, zoom and print faxes from any computer" | No |
| U | eFax Live Menu 3.3 | J2GDllCmd.exe | DLL Command Utility for version 3.3 of eFax Messenger from j2 Global Communications, Inc. - which "is powerful Internet fax software that makes it easy to create, annotate, sign, zoom and print faxes from any computer" | No |
| N | eFax Tray Menu | HotTray.exe | eFax Messenger Tray Menu system tray icon for eFax Messenger Plus. Available via Start -> Programs. Disabling instructions available here | No |
| U | eFax Tray Menu | J2GTray.exe | System Tray access to eFax Messenger from j2 Global Communications, Inc. - which "is powerful Internet fax software that makes it easy to create, annotate, sign, zoom and print faxes from any computer" | No |
| U | eFax Tray Menu 3.3 | J2GTray.exe | System Tray access to version 3.3 of eFax Messenger from j2 Global Communications, Inc. - which "is powerful Internet fax software that makes it easy to create, annotate, sign, zoom and print faxes from any computer" | No |
| U | eFax Tray Menu 3.5 | J2GTray.exe | System Tray access to version 3.5 of eFax Messenger from j2 Global Communications, Inc. - which "is powerful Internet fax software that makes it easy to create, annotate, sign, zoom and print faxes from any computer" | No |
| U | eFax Tray Menu 4.0 | J2GTray.exe | System Tray access to version 4.0 of eFax Messenger from j2 Global Communications, Inc. - which "is powerful Internet fax software that makes it easy to create, annotate, sign, zoom and print faxes from any computer" | No |
| N | eFax.com Tray Menu | HotTray.exe | eFax Messenger Tray Menu system tray icon for eFax Messenger Plus. Available via Start -> Programs. Disabling instructions available here | No |
| X | efaxs lptt01 | efaxs.exe | RapidBlaster variant (in a "efaxs" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here | No |
| X | efaxs ml097e | efaxs.exe | RapidBlaster variant (in a "efaxs" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here | No |
| U | EFI Hot Folders | hffw.exe | "EFI Hot Folders improves productivity by simplifying the printing of PostScript and PDF files into a select, drag, and drop process. Once users create Hot Folders with different printing and finishing parameters, files are printed without opening an application or print driver menu." Part of EFI's high-end printing solutions | No |
| U | EFI Job Monitor | [path] efjm.dll,run | Ricoh Imagio Printer/Scanner driver status monitor | No |
| U | Efpap.exe | Efpap.exe | Easy File & Folder Protector. Deny access to certain files and folders, or to hide them securely from viewing and searching | No |
| Y | egui | egui.exe | User interface for ESET NOD32 Antivirus and Smart Security | No |
| X | ehSched | ehSched.exe | Added by the SDBOT-DHF WORM! | No |
| U | ehTray | ehtray.exe | System Tray access to Media Center for Windows Vista Home Premium and XP Media Center Edition | No |
| U | ehTray.exe | ehTray.exe | System Tray access to Media Center for Windows Vista Home Premium and XP Media Center Edition | No |
| X | ei10.exe | ei10.exe | Added by the AGOBOT-NK WORM! | No |
| U | Eicon NetworksLAN_DAEMON | watch.exe | Associated with an Eicon Networks ISDN or ADSL modem. Watch protocols your connection with numbers and duration. You need callvu.exe (from Start Menu) to see your connection statistics. You can manually start watch.exe before you go online. Needs diinfo.exe (started by DiTask) to work correctly which can be started manually | No |
| U | Eicon TechnologyLAN_DAEMON | watch.exe | Associated with an Eicon Networks ISDN or ADSL modem. Watch protocols your connection with numbers and duration. You need callvu.exe (from Start Menu) to see your connection statistics. You can manually start watch.exe before you go online. Needs diinfo.exe (started by DiTask) to work correctly which can be started manually | No |
| X | eixfi | china.bat | Added by the WCUP.A WORM! | No |
| U | Elbycheck | ElbyCheck.exe | From Elaborate Bytes who make CloneCD - monitors the installed filters of CD-ROMs/DVD-ROMs. Note - under Win2K removing this from startup causes the CD drive in the computer to not be recognized in the OS and after rechecking it prompts that the driver has been corrupted and asks you to restart the computer to fix it | No |
| U | Electron Microscope | EMIII.exe | Electron Microscope or EM - is a program used to track Stanford's distributed computing program client called Folding at Home, FAH. It will monitor up to 50 clients and give you the details about each client's progress as the FAH client runs. EM will also show you what each change in the protein looks like as the process continues | No |
| X | Element | Element.txt | Added by the ELEM TROJAN! | No |
| X | element furth | [path] repcale.exe [path] palsp.exe | Added by a variant of the RANDON.AN WORM! | No |
| X | elitemedia | elitemediapop.exe | Added by the LOWZONE-BB TROJAN! Also known as Elitebar/EliteToolbar/EliteSidebar adware | No |
| N | elm | Elmenv.exe | ViaTech eLicense for securing, distributing and selling music online | No |
| X | ELNKProxy | smproxy.exe | Surfmonkey adware | No |
| U | ELSA WINman Suite | Winmsuit.exe | Allows you to totally customize your ELSA graphics card settings, including overclocking the GPU | No |
| Y | ElsaCapiCtl | Rcapi.exe | Assumed to stand for Remote Common Application Programming Interface (RCAPI), this was installed with an Elsa Microlink ISDN modem. If it is not there you can not bring up the dialog box which is sometimes needed to reset the modem | No |
| U | ELSAChipGuard | elsavect.exe | ChipGuard for ELSA graphics cards - monitoring solution which monitors both the GPU temperature and fan speed, and will halt the system if either are at dangerous levels and restore the default clock speeds upon reboot. Leave enabled if overclocking | No |
| U | ELSBLaunch | ELSBLaunch.exe | EarthLink SpamBlocker | No |
| N | EMA.exe | EMA.EXE | Time management system which helps you to manage your time and appointments | No |
| U | eMachines eBoard | Eboard.exe | eMachines multimedia keyboard manager. Required if you use the extra keys | No |
| Y | Email Protection | emlproxy.exe | AntiVirus Quick Heal - E-mail protection | No |
| Y | EmailScan | mcvsescn.exe | Related to McAfee AntiVirus suite - used to automatically scan incoming e-mails | No |
| X | eMakeSV | EMAKESV.EXE | "Switch" adult content dialer | No |
| X | eMakeSV | EMAKE2B.EXE | "Switch" adult content dialer | No |
| U | EMBASSY Trust Suite Secure Update | AutoUpdate.exe | Updates for Wave Systems Corp. Embassy Trust Suite - "delivers advanced levels of security to the client PC using the TPM security chip found on most enterprise PCs today" | No |
| X | eMCryT Sh3ars Panagers | [path to worm] | Added by the RBOT-AWI WORM! | No |
| X | eMessenger | emsn.exe | Detected by Trend Micro as the RBOT.BHO BACKDOOR! See here | No |
| U | EMMeter | EMMeter.exe | "Express Meter provides detailed information about how your software assets are being used. With Express Meter you can monitor application usage, identify software usage patterns, and control application launches?all of which can help you make better decisions about your IT investments" | No |
| X | emoc0re | emo.exe | Added by the AGOBOT-AGE WORM! | No |
| U | Emouse | Emouse.exe | Genius mouse driver - required if you use non-standard Windows driver features | No |
| U | emoze | emoze.exe | emoze pcConnector - "Push your personal & business emails, contacts & calendar directly to your mobile device!" | No |
| X | empin | e121307.exe | Delfin Media Viewer adware related | No |
| X | empin | e121307.Stub.exe | Delfin Media Viewer adware related | No |
| U | Empowering Technology Launcher | eAPLauncher.exe | Empowering Technology Launcher, installed on Acer computer | No |
| X | emre1 | emre1.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | emsw.exe | emsw.exe | Attune HelpExpress - spyware. Disable and uninstall - see here | No |
| X | emule | emule.exe | Added by the RBOT-ALZ WORM! | No |
| N | eMule | emule.exe | eMule - "one of the biggest and most reliable peer-to-peer file sharing clients around the world. Thanks to it's open source policy many developers are able to contribute to the project, making the network more efficient with each release" | No |
| N | eMuleAutoStart | emule.exe | eMule - "one of the biggest and most reliable peer-to-peer file sharing clients around the world. Thanks to it's open source policy many developers are able to contribute to the project, making the network more efficient with each release" | No |
| N | eMusicClient Systray | eMusicClient.exe | eMusic MP3 download software | No |
| U | EM_EXEC | EM_EXEC.EXE | Logitech Mouseware driver. Needed to support some additional functionality of Logitech mice/trackballs such as "SmartMove". If you disable it and find you don't need it leave it disabled | No |
| N | EN4060C Taskbar | en4060ct.exe | Comes with Efficient Networks DSL Modems. Little red/green/yellow flashing icon in system tray | No |
| X | enBrowser | [name of file] | WINBO adware | No |
| ? | encapsulated command tool | wintr.com | ?? | No |
| N | Encarta Dictionary Quickshelf | QSHLFED.EXE | Provides quick access to Encarta's Dictionary features? | No |
| N | ENCMONITOR | monitor.exe | The Encompass Monitor. This program is the Connect Direct Program. It is more trouble than it is worth and few use it | No |
| N | Encoder Agent | WMENCAGT.EXE | MS Windows Media Encoder, which already has a shortcut in the Start Menu if installed | No |
| U | Encompass_ENCMONTR | ENCMONTR.EXE | Optional simple browser from Yahoo (Encompass) | No |
| ? | ENCSurf | surfboard.exe | ?? | No |
| N | Energizer FileSaver | Energizer FileSaver.exe | Energizer FileSaver - UPS back-up utility for Energizer UPS products. From their Tech Support staff this is known to have a memory leak since it's release - with no fix planned! It will grab 2-5 handles per second and crash the average system in less than 3 days - therefore not recommended | No |
| X | EnergyPlugIn | EnergyPlugin.exe | EnergyPlugin adware variant | No |
| U | enginecs2 | enginecs2.exe | Cyber Sentinel - internet filtering software | No |
| Y | EngUtil | EngUtil.exe | Part of Roxio EasyCD Creator 6.0 - corrects any modification made to the Roxio Engine, it exits after checking | No |
| X | Enh Win Updt | enhupdt.exe | Adware - detected by Kaspersky as the ONECLICKNETSEARCH.H TROJAN! | No |
| X | enhance32 | enhance32.exe | Added by the CRYPTER.A TROJAN! | No |
| N | EnigmaPopupStop | EnigmaPopupStop.exe | Part of Enigma SpyHunter - not recommended, see here | No |
| ? | ENSApServer2_0 | APSERVER.EXE | Intel AnyPoint Wireless II Home Network related. Now discontinued. What does it do and is it required? | No |
| ? | ENSMIX32.EXE | ENSMIX32.EXE | Sound card driver. Is it required? | No |
| U | EnsoniqMixer | starter.exe | Puts the Ensoniq mixer in system tray. From Ensoniq Technologies "Our mixer is a critical part of the soundcard as it fixes sound problems and replaces the MS mixer which can no longer be used". If you find you don't need it - try one of the solutions on this special page. Similar to Creative PCI Audio Configuration Utility | No |
| U | Entbloess 2 | Entbloess2.exe | Related to Window-Switcher (now Reflex Vision) - it allows you to see previews of all your open applications via a single keystroke in a manner similar to Apple's Expos?, for Windows 2K/XP | No |
| U | Enterprise Harmony | rsMenu.exe | Enterprise Harmony 99 for CASIO - synchronization software for use with Microsoft® Outlook 97/98/2000 | No |
| U | Enterprise Harmony '99 | rsMenu.exe | Enterprise Harmony 99 for CASIO - synchronization software for use with Microsoft® Outlook 97/98/2000 | No |
| U | Enterra Icon Keeper | IcnKeepr.exe | Icon Keeper - "tool to save and restore icon positions on the desktop" | No |
| X | Enumerate Service | wsys.exe | Added by the MANIFEST TROJAN! | No |
| Y | EnvyHFCPL | EnMixCPL.exe | VIA Envy24 PCI Audio Controller driver | No |
| U | eonemng | eOneMng.exe | eOne Manager, provides access to the buttons on the keyboard and on the front of the console for the eMachines eOne PC | No |
| U | EOUApp | EOUWiz.exe | Intel ProSET Wireless related - provides additional configuration options for these devices | No |
| U | EOUWiz | EOUWiz.exe | Intel ProSET Wireless related - provides additional configuration options for these devices | No |
| U | EPM-DM | epm-dm.exe | Device Manager - part of Acer Empowering Technology. "Acer ePower Management is a straightforward interface that allows users to select from pre-configured power usage profiles, or to create their own customized profiles" | No |
| U | ePowerManagement | ePM.exe | Part of Acer Empowering Technology. "Acer ePower Management is a straightforward interface that allows users to select from pre-configured power usage profiles, or to create their own customized profiles" | No |
| U | ePower_DMC | ePower_DMC.exe | Part of Acer Empowering Technology. "Acer ePower Management is a straightforward interface that allows users to select from pre-configured power usage profiles, or to create their own customized profiles" | No |
| U | EPoXUSDM | USDM.EXE | EPoX Universal Serial Data Monitor - a diagnostics tool that shows Temps, Fan Speeds, Voltages...etc | No |
| N | ePrint 3.0 Service | EPRINT3.EXE | LEADTOOLS ePrint file conversion software - "convert any file to and from over 150 document and image formats including searchable PDF, DOC, HTML, TXT, Multi-page TIFF, JPG, GIF, PNG and many more!" Can be started manually | No |
| N | ePrint 4.0 Service | EPRINT4.EXE | A component of the "LEADTOOLS ePrint File Conversion Software - Convert ANY file to and from over 150 document and image formats including searchable PDF, DOC, HTML, TXT , Multi-page TIFF, JPG, GIF, PNG and many more!" Can be started manually | No |
| U | ePrompter | ePrompter.exe | ePrompter - E-mail notification software | No |
| N | EPS | e_srcv02.exe | According to the Epson info: "Use this utility to automatically check for errors and also check the level of ink remaining." This utility can also be started on demand when about to print as follows: File menu > Print to bring up the print dialog box. Click on the Properties button which will bring up a display with 4 tabs. Click the Utility tab to get a list of utilities that can be executed including the Status Monitor 3 Environment Check | No |
| N | EPS | e_srcv03.exe | According to the Epson info: "Use this utility to automatically check for errors and also check the level of ink remaining." This utility can also be started on demand when about to print as follows: File menu > Print to bring up the print dialog box. Click on the Properties button which will bring up a display with 4 tabs. Click the Utility tab to get a list of utilities that can be executed including the Status Monitor 3 Environment Check | No |
| X | Epsilon Squared | vmmreg32.exe | Added by the AGENT.MVC TROJAN! | No |
| N | EPSON Background Monitor | STMS.EXE | Supposed to keep an Epson printer ready for quick printing. Users report little difference whether it is on or not | No |
| U | EPSON CardMonitor | EPSON CardMonitor1.0.exe | Monitors the PCMCIA memory card slot on EPSON cameras and printers and launches PhotoStarter or PhotoPrint | No |
| U | EPSON Status Monitor 3 | E_[various].EXE | Epson Status Monitor 3 for their range of printer and AIO devices - for monitoring printer status, checking ink levels, etc | No |
| N | EPSON Status Monitor 3 Environment Check | e_srcv03.exe | According to the Epson info: "Use this utility to automatically check for errors and also check the level of ink remaining." This utility can also be started on demand when about to print as follows: File menu > Print to bring up the print dialog box. Click on the Properties button which will bring up a display with 4 tabs. Click the Utility tab to get a list of utilities that can be executed including the Status Monitor 3 Environment Check | No |
| N | EPSON Status Monitor 3 Environment Check | e_srcv02.exe | According to the Epson info: "Use this utility to automatically check for errors and also check the level of ink remaining." This utility can also be started on demand when about to print as follows: File menu > Print to bring up the print dialog box. Click on the Properties button which will bring up a display with 4 tabs. Click the Utility tab to get a list of utilities that can be executed including the Status Monitor 3 Environment Check | No |
| N | EPSON Status Monitor 3 Environment Check 2 | e_srcv03.exe | According to the Epson info: "Use this utility to automatically check for errors and also check the level of ink remaining." This utility can also be started on demand when about to print as follows: File menu > Print to bring up the print dialog box. Click on the Properties button which will bring up a display with 4 tabs. Click the Utility tab to get a list of utilities that can be executed including the Status Monitor 3 Environment Check | No |
| N | EPSON Status Monitor 3 Environment Check 2 | e_srcv02.exe | According to the Epson info: "Use this utility to automatically check for errors and also check the level of ink remaining." This utility can also be started on demand when about to print as follows: File menu > Print to bring up the print dialog box. Click on the Properties button which will bring up a display with 4 tabs. Click the Utility tab to get a list of utilities that can be executed including the Status Monitor 3 Environment Check | No |
| U | EPSON Stylus C40 Series | E_S10IC2.EXE | Epson Status Monitor 3 for the Stylus C40 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus C41 Series | E_S10IC2.EXE | Epson Status Monitor 3 for the Stylus C41 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus C42 Series | E_S10IC2.EXE | Epson Status Monitor 3 for the Stylus C42 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus C43 Series | E_S08IC1.EXE | Epson Status Monitor 3 for the Stylus C43 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus C43 Series | E_S10IC2.EXE | Epson Status Monitor 3 for the Stylus C43 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus C44 Series | E_S10IC2.EXE | Epson Status Monitor 3 for the Stylus C44 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus C45 Series | E_S4I3T1.EXE | Epson Status Monitor 3 for the Stylus C45 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus C46 Series | E_S4I0T1.EXE | Epson Status Monitor 3 for the Stylus C46 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus C48 Series | E_S4I091.EXE | Epson Status Monitor 3 for the Stylus C48 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus C60 Series | E_S10IC2.EXE | Epson Status Monitor 3 for the Stylus C60 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus C61 Series | E_S10IC2.EXE | Epson Status Monitor 3 for the Stylus C61 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | Epson Stylus C62 Series | E-S0BIC1.EXE | Epson Status Monitor 3 for the Stylus C62 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus C62 Series | E_S10IC2.EXE | Epson Status Monitor 3 for the Stylus C62 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus C63 Series | E_S10IC2.EXE | Epson Status Monitor 3 for the Stylus C63 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus C64 Series | E_S10IC2.EXE | Epson Status Monitor 3 for the Stylus C64 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus C64 Series | E_S4I2C1.EXE | Epson Status Monitor 3 for the Stylus C64 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus C66 Series | E_S4I0S2.EXE | Epson Status Monitor 3 for the Stylus C66 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus C67 Series | E_FATIAAL.EXE | Epson Status Monitor 3 for the Stylus C67 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | Epson Stylus C82 Series | E_S0HIC1.EXE | Epson Status Monitor 3 for the Stylus C82 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus C82 Series | E_S10IC2.EXE | Epson Status Monitor 3 for the Stylus C82 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus C84 Series | E_S10IC2.EXE | Epson Status Monitor 3 for the Stylus C84 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus C84 Series | E_S4I2D1.EXE | Epson Status Monitor 3 for the Stylus C84 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus C87 Series | E_FATIABL.EXE | Epson Status Monitor 3 for the Stylus C87 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus CX2900 Series | E_FATIBFP.EXE | Epson Status Monitor 3 for the Stylus CX2900 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus CX3200 | E_S10IC2.EXE | Epson Status Monitor 3 for the Stylus CX3200 printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus CX3600 Series | E_FATI9BE.EXE | Epson Status Monitor 3 for the Stylus CX3600 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus CX3800 Series | E_FATIACA.EXE | Epson Status Monitor 3 for the Stylus CX3800 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus CX3900 Series | E_FATIBEP.EXE | Epson Status Monitor 3 for the Stylus CX3900 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus CX4200 Series | E_FATIAEA.EXE | Epson Status Monitor 3 for the Stylus CX4200 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus CX4500 Series | E_FATI9AP.EXE | Epson Status Monitor 3 for the Stylus CX4500 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus CX5000 Series | E_FATIBVA.EXE | Epson Status Monitor 3 for the Stylus CX5000 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus CX5400 | E_S4I2G1.EXE | Epson Status Monitor 3 for the Stylus CX5400 printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus CX6000 Series | E_FATIBIA.EXE | Epson Status Monitor 3 for the Stylus CX6000 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus CX6500 Series | E_FATI9EP.EXE | Epson Status Monitor 3 for the Stylus CX6500 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus CX6600 Series | E_FATI9EE.EXE | Epson Status Monitor 3 for the Stylus CX6600 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus CX6600 Series | E_FATI9EA.EXE | Epson Status Monitor 3 for the Stylus CX6600 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus CX7000F Series | E_FATIBKA.EXE | Epson Status Monitor 3 for the Stylus CX7000F Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus CX7400 Series | E_FATICDA.EXE | Epson Status Monitor 3 for the Stylus CX7400 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus CX7800 Series | E_FATIAFA.EXE | Epson Status Monitor 3 for the Stylus CX7800 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus CX8400 Series | E_FATICEA.EXE | Epson Status Monitor 3 for the Stylus CX8400 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus CX9400Fax Series | E_FATICFA.EXE | Epson Status Monitor 3 for the Stylus CX9400Fax Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus D68 Series | E_FATIAAE.EXE | Epson Status Monitor 3 for the Stylus D68 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus D78 Series | E_FATIBGE.EXE | Epson Status Monitor 3 for the Stylus D78 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus D88 Series | E_FATIABE.EXE | Epson Status Monitor 3 for the Stylus D88 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus DX3800 Series | E_FATIACE.EXE | Epson Status Monitor 3 for the Stylus DX3800 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus DX4000 Series | E_FATIBEE.EXE | Epson Status Monitor 3 for the Stylus DX4000 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus DX4400 Series | E_FATICAE.EXE | Epson Status Monitor 3 for the Stylus DX4400 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus DX4800 Series | E_FATIADE.EXE | Epson Status Monitor 3 for the Stylus DX4800 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus DX5000 Series | E_FATIBVE.EXE | Epson Status Monitor 3 for the Stylus DX5000 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus DX6000 Series | E_FATIBIE.EXE | Epson Status Monitor 3 for the Stylus DX6000 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus DX7400 Series | E_FATICDE.EXE | Epson Status Monitor 3 for the Stylus DX7400 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus DX8400 Series | E_FATICEE.EXE | Epson Status Monitor 3 for the Stylus DX8400 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus Photo 2200 | E_S10IC2.EXE | Epson Status Monitor 3 for the Stylus Photo 2200 printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus Photo 825 | E_S10IC2.EXE | Epson Status Monitor 3 for the Stylus Photo 825 printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus Photo 925 | E_S10IC2.EXE | Epson Status Monitor 3 for the Stylus Photo 925 printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus Photo R1800 | E_FATI9LA.EXE | Epson Status Monitor 3 for the Stylus Photo R1800 printer - for monitoring printer status, checking ink levels, etc, etc | No |
| U | EPSON Stylus Photo R200 Series | E_S4I0H2.EXE | Epson Status Monitor 3 for the Stylus Photo R200 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus Photo R220 Series | E_S6I2I1.EXE | Epson Status Monitor 3 for the Stylus Photo R220 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus Photo R220 Series | E_FATIAIE.EXE | Epson Status Monitor 3 for the Stylus Photo R220 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus Photo R240 Series | E_FATIAHE.EXE | Epson Status Monitor 3 for the Stylus Photo R240 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus Photo R2400 | E_FATI9SA.EXE | Epson Status Monitor 3 for the Stylus Photo R2400 printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus Photo R260 Series | E_FATIBNA.EXE | Epson Status Monitor 3 for the Stylus Photo R260 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus Photo R285 Series | E_FATICKE.EXE | Epson Status Monitor 3 for the Stylus Photo R285 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus Photo R300 Series | E_S4I2F1.EXE | Epson Status Monitor 3 for the Stylus Photo R300 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus Photo R300 Series | E_S10IC2.EXE | Epson Status Monitor 3 for the Stylus Photo R300 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus Photo R300 Series | E_S4I0F2.EXE | Epson Status Monitor 3 for the Stylus Photo R300 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus Photo R320 Series | E_FATI9FA.EXE | Epson Status Monitor 3 for the Stylus Photo R320 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus Photo R380 Series | E_FATIBOA.EXE | Epson Status Monitor 3 for the Stylus Photo R380 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus Photo R800 | E_FATI9YE.EXE | Epson Status Monitor 3 for the Stylus Photo R800 printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus Photo RX420 Series | E_FATI9CE.EXE | Epson Status Monitor 3 for the Stylus Photo RX420 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus Photo RX430 Series | E_FATI9CP.EXE | Epson Status Monitor 3 for the Stylus Photo RX430 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus Photo RX500 | E_S4I2K1.EXE | Epson Status Monitor 3 for the Stylus Photo RX500 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus Photo RX600 | E_S4I2M1.EXE | Epson Status Monitor 3 for the Stylus Photo RX600 printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus Photo RX640 Series | E_FATIAME.EXE | Epson Status Monitor 3 for the Stylus Photo RX640 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus Pro 4000 | E_S10IC2.EXE | Epson Status Monitor 3 for the Stylus Pro 4000 printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus Pro 7600 | E_S10IC2.EXE | Epson Status Monitor 3 for the Stylus Pro 7600 printer - for monitoring printer status, checking ink levels, etc | No |
| U | EpsonPhotoStarter | EPSON_PhotoStarter.exe | Only needed if you want to make full use of the capabilities of an Epson printer that included this | No |
| X | Eptr | nopdb.exe | Added by an unidentified WORM or TROJAN! | No |
| X | EQAdvice | EQAdvice.exe | NewAds1 adware | No |
| X | EQArticle | EQArticle.exe | EQArticle adware | No |
| ? | Equipmen | Equipmen.exe | ?? | No |
| U | Eraser | eraser.exe | Eraser allows for complete removal of data from your hard drive | No |
| U | eRecoveryService | check.exe | Acer Notebook related. Acer eRecovery allows the user to restore the operating system or backup the current system profile, thus ensuring system integrity | No |
| U | eRecoveryService | Monitor.exe | Part of Acer Empowering Technology. "Acer eRecovery Management is a powerful utility that does away with the need for recovery disks provided by the manufacturer, and also acts as a versatile standalone backup and recovery manager" | No |
| U | eRecoveryService | eRAgent.exe | Acer's eRecovery Management program. This program allows you to create and restore backups of your computer | No |
| N | EReg | reg32.exe | EReg is a software registration tool incorporated on products such as those by Br?derbund, Connectix, Hewlett-Packard, The Learning Company, and Sierra. Needless to say you don't need it | No |
| X | erfgddfk | wind2ll2.exe | Added by the BEAGLE.CQ WORM! | No |
| X | erghgjhgdr | windlhhl.exe | Added by the BEAGLE.BG WORM! | No |
| X | erghgjhjgdr | windlhhl.exe | Added by the BEAGLE.BG or BEAGLE.BH or BEAGLE.BI or BEAGLE.BJ WORMS! | No |
| ? | erm | erm.exe | ?? | No |
| X | Eroca | Eroca.exe | Detected by Kaspersky as Insider.i adware - see here | No |
| X | eros.exe | eros.exe | Adult content dailler | No |
| X | ErrClean | SysRep.exe | ErrClean misleading security software - not recommended, see here | No |
| N | Error Nuker | ErrorNuker.exe | ErrorNuker registry cleaner - only required if you want the application to run a scan at startup. The program can be launched manually if required | No |
| X | Error Safe | ers.exe | ErrorSafe misleading security software - not recommended, see here | No |
| X | ErrorGuard | ErrorGuard.exe | Spyware remover - not recommended, see here | No |
| X | errorhandler | errorhandler.exe | ErrorHandler adware | No |
| X | ERS | ers_startupmon.exe | ErrorSafe misleading security software - not recommended, see here | No |
| X | erscw | erscw.exe | ErrorSafe misleading security software - not recommended, see here | No |
| X | ERS_check | ers_startupmon.exe | ErrorSafe misleading security software - not recommended, see here | No |
| X | erthegdr | windll2.exe | Added by the BEAGLE.CG WORM! | No |
| X | erthgdr | windll.exe | Added by the BEAGLE.AO or BEAGLE.AQ WORMS! | No |
| X | erthgdr | svc.exe | Added by the BEAGLE.BN or BEAGLE.BP WORM! | No |
| X | erthgdr2 | svc23.exe | Added by the BAGLE.CG WORM! | No |
| ? | ERTS0749 | ERTS0749.exe | IBM Warranty Notification - presumably it's a reminder to either register or that warranty is about to expire? | No |
| U | ERUNT AutoBackup | AUTOBACK.EXE | ERUNT backup utility - when added to the user's startup folder automatically backs up the registry each time the system boots, resulting in numerous backups that can be restored | No |
| X | erwghjjrjt | ucbcg.exe | Added by the SMALL.CUL TROJAN! | No |
| Y | eSafe Protect | ESPWatch.exe | eSafe from Aladdin - internet security for gateway and E-mail servers | No |
| U | ESB | esb.exe | Easy Start Button - provides functionality on certain laptops that have additional keys. Not required unless you use the extra keys | No |
| Y | eScan Monitor | AVKWCTL9X.EXE | MicroWorld eScan antivirus | No |
| U | eScan Scheduler | avkserv.exe | MicroWorld eScan antivirus scheduler | No |
| U | eScan Updater | Trayicos.exe | MicroWorld eScan antivirus updater - allows users to automatically download updates and set the auto time interval for downloads | No |
| X | EScorcher | escorcher.exe | Part of eScorcher anti-virus software - responsible for performing virus checks and deletions. Used to collect information about the user and therefore treated as spyware - now the web-site is dead | No |
| N | ESFTP | esftp.exe | ESftp - FTP client for transfering files between a local PC and another remote computer | No |
| U | eSnips | ClientGW.exe | eSnips Client Gateway from eSnips | No |
| X | Esoh | Esoh123.exe | Added by the AGOBOT.FF WORM! | No |
| X | Especial | Deneca.bat | Added by the DELUZ VIRUS! | No |
| N | ESPN BottomLine | bline.exe | ESPN BottomLine. "You can dock the BottomLine to the top or bottom of your screen or drag it around on your desktop, without even worrying about a browser. As long you keep the BottomLine running, you will continue to receive live scores and breaking news, and by clicking on any score or news item, you will be taken directly to the corresponding page on ESPN.com for a full break down." | No |
| ? | ESS Daemon | Essd.exe | Related to an ESS based soundacard. Is it required? | No |
| ? | essapm | essapm.exe | ESS Solo soundcard driver. Is it required? | No |
| Y | Essdc | essdc.exe | Related to an ESS Solo soundcard. Seems as though it's required | No |
| ? | ESSNDSYS | ESSNDSYS.EXE | Related to an ESS based soundacard. Is it required? | No |
| Y | ESSOLO | ESSOLO.exe | Sound card driver that re-instates itself every time it's removed | No |
| Y | esspk | esspk.exe | ESS Technology modem speaker driver file. Required to get on-line with this modem | No |
| U | EssSpkPhone | essspk.exe | ESS Technologies Call waiting, which gets installed by the drivers for V92 modems based on ESS Technologies chipsets | No |
| ? | eSupInit | eSupCmd.exe | Related to SupportSoft (aka Support.com) "Real-Time Service Management software". What does it do and is it required? | No |
| X | ETB Tester | etbtest.exe | Added by the RBOT-ABR WORM! | No |
| X | etbrun | elit***32.exe [* = random char] | EliteBar adware | No |
| U | eTCertManger | eTCrtMng.exe | eToken Certificate Manager from Aladdin Knowledge Systems, Inc. A USB-based authentication, providing strong user authentication and password management solutions | No |
| N | Ethernet | tcaudiag.exe | 3Com NIC Installation/Diagnostic MFC application. Diagnostics may be run from the Start -> Programs | No |
| X | ethernet | airftp.exe | Added by a variant of the SDBOT WORM! | No |
| X | ethernet | msnger.exe | Added by a variant of the SDBOT WORM! | No |
| X | ethernet | msftp.exe | Added by the SDBOT.BXJ WORM! | No |
| X | ethernet adapter | csrmss.exe | Added by a variant of the RBOT WORM! | No |
| X | Ethernet Driver | cmsrrs.exe | Added by a variant of the RBOT WORM! | No |
| X | Ethernet Drivers | smrrs.exe | Added by the RBOT-AAK WORM! | No |
| X | Ethernet Drivers | ethernet.exe | Added by the GAOBOT.CEZ WORM! | No |
| X | Ethernet Linking | ethernet.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | Etraffic | JavaRun.exe | TopMoxie adware | No |
| Y | eTrust EZ Firewall | efpeadm.exe | eTrust EZ Firewall | No |
| U | eTrust PestPatrol Active Protection | PPActiveDetection.exe | PestPatrol real-time protection feature. "Stops spyware before it infects your system" | No |
| X | eTrust Realtime Monitor | realmon.exe | Added by the LAZAR.B TROJAN! | No |
| Y | eTrustCIPE | ezdsmain.exe | eTrust EZ Deskshield from Computer Associates. Protects against malicious email attachments and unauthorized use of email by detecting and blocking unusual behavior | No |
| X | eTunnel | winfw.exe | Added by an unidentified TROJAN! | No |
| U | Eudora | Eudora.exe | Eudora from Qualcomm allows you to receive and send Internet e-mails | No |
| X | EUP Service | eupsvc.exe | Added by the DELBOT-Q WORM! | No |
| U | EuroGlot | EuroGlot.exe | Euroglot - "multilanguage translating system, available in the languages Dutch, English, French, German, Spanish and Italian" | No |
| ? | Event Log | eventlog.exe | ?? | No |
| N | Event Planner Reminders | PLNRNote.exe | Part of Sierra/Hallmark Card Studio - System Tray notification of events such as birthdays and anniversaries that you've scheduled with the customizable Event Planner | No |
| N | Event Planner Reminders Tray Icon | PLNRnote.exe | Part of Sierra/Hallmark Card Studio - System Tray notification of events such as birthdays and anniversaries that you've scheduled with the customizable Event Planner | No |
| N | Event Reminder | pmremind.exe | A calendar/alarm program that installs with Br?derbund Printmaster | No |
| X | EventApplicationCmd | smschk.exe | Added by the IRCBOT-AO TROJAN! | No |
| U | EVENTLISTENER | EvLstnr.exe | Used with a Nikon digital camera to recognize when the camera is plugged in | No |
| N | eventmgr | eventmgr.exe | Used with a Microtek scanner. Manages the scanner's button events. Available via Start -> Programs | No |
| X | eventwvr | eventwvr.exe | Added by the COSIAM_G TROJAN! | No |
| ? | EverioService | EverioService.exe | Related to the Cyberlink software supplied with JVC's Everio camcorders. What does it do and is it required? | No |
| U | Evidence Cleaner | ecleaner.exe | Evidence Cleaner cleans up tracks left by your PC and Internet activities | No |
| N | Evidence Eliminator | ee.exe | Evidence Eliminator - cover the tracks of your browsing habits and E-mails if you think you need to. Run manually on a regular basis | No |
| X | Evil | Evil.exe | Added by the MYTOB.JM WORM! | No |
| N | evntsvc | evntsc.exe | Application Scheduler installed along with RealOne Player. Once installed, it runs independently of RealOne Player. See here for more information, including how to disable it. Also see evntsvc and Realsched. Note that eventsvc.exe no longer appears to be in a newer version. To disable "tkbell.exe" in the new version (1) Start RealOne Player (2) Tools -> Preferences (3) Automatic services in the Categories pane (4) Uncheck all options and then OK | No |
| U | EVOLOSTA | EVOLOSTA.EXE | Evolo Status Monitor for wireless network cards. Allows a user to enter a specific access-point mode SSID, peer-to-peer mode channel, link speed, WEP encryption options, and has enable/disable and rescan buttons. It is not needed if using Windows XP or higher, as they have this built-in to the control panel. Also, if the user is very sure that there is ONLY ONE network available to connect to, then they can remove this. If it is not in startup, and the user needs to run it, they can simply type EVOLOSTA in the Start -> Run dialog to run it | No |
| U | Evoluent Mouse Manager | EvoMouExec.exe | Mouse manager for Evoluent VertcialMouse | No |
| X | EvtHtm | evthtm.exe | Added by the DLUCA-EJ TROJAN! | No |
| U | EW Message Server | msg32.exe | Conexant (older versions are Brooktree) Wavestream Message Server - associated with Conexant based audio devices | No |
| N | eWare Startup | iWareStart.exe | eWare iWare task bar. Not required | No |
| X | ewupdater | ewupdater.exe | EasyWebSearch adware updater | No |
| X | example | [random filename].exe | Added by the NUCLEAR TROJAN! Note - this trojan file is found in the WindowsNR or WinntNR folder | No |
| N | Excite Platform | Exlaunch.exe | Loads an Icon in the startup tray that allows you to receive service update notices for Excite@Home if you desire (note that since Excite@Home appears to be winding down this becomes irrelevant). May also allow you to kill the Excite Toolbar that automatically loads in Internet Explorer | No |
| ? | Excite Private Messenger Pipe | x8impipe.exe | ?? | No |
| N | ExciteAssistantEXE | ASSISTANT.EXE | With Excite Assistant, you can access a wide variety of online information, including email, news, and stock quotes without having to have a browser window open | No |
| X | exdl.exe | exdl.exe | BargainBuddy adware | No |
| X | exe lptt01 | exe.exe | RapidBlaster variant (in a "Exe" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here | No |
| X | exe ml097e | exe.exe | RapidBlaster variant (in a "Exe" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here | No |
| X | execfg4 | execfg4.exe | Added by the ELECTRON WORM! | No |
| X | ExecUser | ExecUser.exe | Added by a variant of the RBOT WORM! | No |
| ? | Execute | delfolders.exe | ?? | No |
| X | ExeName32 | Warm.scr | Added by the SCOLD WORM! | No |
| X | ExFilter | Rundll32.exe [path] cdnspie.dll, ExecFilter | CNNIC Update pest | No |
| ? | exgiwsl | exgiwsl.exe | ?? | No |
| U | Exif Launcher | Exiflaquickdcr.exe | USB mass storage driver used by some digital cameras such as the Fuji Finepix. Only required if you use it regularly | No |
| U | Exif Launcher | QuickDCF.exe | USB mass storage driver used by some digital cameras such as the Fuji Finepix. Only required if you use it regularly | No |
| U | ExitKiller | Ekiller.exe | Exit Killer - automatically closes pop-up windows in your browser | No |
| ? | exmon | hpimoniter.exe | Some kind of hp digital camera maybe or a photo smart connection probe? | No |
| X | Exn | exn.exe | Added by the IRCBOT.RJ WORM! | No |
| X | exo.exe | exo.exe | Added by the AGOBOT.ALD WORM! | No |
| X | Expatch | [random filename] | Added by the PWSLMIR-G TROJAN! | No |
| X | expcrt | [random filename] | Added by a variant of the SLAPER TROJAN! | No |
| X | ExpertAntivirus | ExpertAntivirus.EXE | ExpertAntiVirus misleading antivirus program - not recommended, see here | No |
| X | EXPL0RE.EXE | EXPL0RE.EXE | Added by the POPNO-A TROJAN! Note that the filename is spelled using the digit "0" instead of the uppercase letter "o" | No |
| X | Expl0rer soft | expl0rer.pif | Added by the RBOT-AQR WORM! | No |
| X | expler | Updadv.exe | Added by the QQPASS-N TROJAN! | No |
| X | Explkw | expup.exe | Keywords hijacker | No |
| X | explord.exe | explord.exe | Added by the DLOADR-AYW TROJAN! | No |
| X | explore | explore.exe | Added by any number of VIRUSES, WORMS or TROJANS! | No |
| X | Explore | Explorer.exe | Added by the IRC.FLOOD.G BACKDOOR! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System% | No |
| X | Explore | explore.exe | Adult content dialler | No |
| X | explore manager | explore.exe | Added by the DONBOMB.A TROJAN! | No |
| X | explore.exe | Explore.exe | Added by the GRAYBIRD.G TROJAN! | No |
| X | exploreff.exe | exploreff.exe | Added by the FINFANSE TROJAN! | No |
| U | explorer | explorer.exe | Starts Windows Explorer. Unless this has been manually added to startups or added by another program it could be a virus such as PE_BISTRO or DVLDR or MYDOOM.C. Note that it is also not the explorer.exe task/service you'll see when via CTRL+ALT+DEL | No |
| X | explorer | wscript.exe [filename] | Sneaky way to start any VBS script. Many viruses use VBS files. Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted | No |
| X | Explorer | shellexpl.exe | Added by the SHELDOR TROJAN! | No |
| X | explorer | expl32.exe | Added by the RATSOU TROJAN! | No |
| X | Explorer | [path to worm] | Added by the AUTEX WORM! | No |
| X | Explorer | shellexp.exe | Added by a variant of the SHELDOR TROJAN! | No |
| X | EXPLORER | EXPL0RER.EXE | Added by the BEASTDO-Y TROJAN! Note the "0" in the filename rather than upper case "o" | No |
| X | EXPLORER | sys.exe | Added by the SILLYFDC-A TROJAN! | No |
| X | Explorer | config_.com | Added by the FLOPPY-D WORM! | No |
| X | Explorer | drv.exe | Added by the SMALL-FD TROJAN! | No |
| X | explorer | [path to trojan] | Added by the AGENT-EU TROJAN! | No |
| X | explorer | explorer.exe | Added by the KEYLOG-AK TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%\service | No |
| X | EXPLORER | EXPLORER.exe | Added by the NETHIEF-P TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%\ShellExt | No |
| X | explorer | explorer.exe | Added by the BLOCKEY-A TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%\config | No |
| X | explorer | Yinstall.exe | PurityScan/Clickspring adware | No |
| X | Explorer | Windows Explorer.exe | Added by the SILLYFDC-I WORM! | No |
| X | Explorer | explorar.vbs | Added by the DESKTO-A WORM! | No |
| X | Explorer Loader | explr32.exe | Added by the AGOBOT.N WORM! | No |
| X | Explorer Loader | explorerl.exe | Added by the SDBOT-ADI WORM! | No |
| X | Explorer lptt01 | explorer.exe | RapidBlaster variant (in a "explorer" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here.Note - this is not the legitimate Windows Explorer (explorer.exe) which would not normally appear in Msconfig/Startup unless you added it manually! | No |
| X | EXPLORER MICROSOFT SYSTEM | explore.exe | Added by a variant of the RBOT WORM! | No |
| X | Explorer ml097e | explorer.exe | RapidBlaster variant (in a "explorer" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here.Note - this is not the legitimate Windows Explorer (explorer.exe) which would not normally appear in Msconfig/Startup unless you added it manually! | No |
| X | Explorer soft | explorer.pif | Added by the RBOT-APK WORM! | No |
| X | Explorer soft | explorer.com | Added by the RBOT-ARM WORM! | No |
| X | Explorer Updater | IEXPLORE.exe | Added by the SDBOT-WO WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System% | No |
| X | explorer.exe | explorer.exe | Added by the AGENT-EW or PWS-CY TROJANS! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System% | No |
| X | explorer.exe | explorer.exe | Added by the DELF-ACL TROJAN! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in the Program Files folder | No |
| X | Explorer.exe | csrss.exe | Added by the JUEGO-B WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %AppData%\Microsoft | No |
| X | Explorer32 | Expl32.exe | Added by the HACKTACK.B TROJAN! | No |
| X | Explorer32 | explorer6s4.exe | Added by the Downloader.Win32.Small.biq TROJAN! | No |
| X | Explorer32 | efsdfgxg.exe | Added by the CLICKER-Y TROJAN! | No |
| X | Explorer5 | config_.com | Added by the VB.CBG WORM! | No |
| X | Explorer6.1.EXE | Explorer.exe | Added by the MYDOOM.B WORM! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! | No |
| X | ExploreUpdSched | [random filename] | ZenoSearch adware | No |
| X | exporet | winset.exe | Added by the QQPASS-I TROJAN! | No |
| U | Express ClickYes | ClickYes.exe | "Express ClickYes is a handy tool that runs in the system tray automatically clicks the Yes button for the Outlook Security security prompt, that asks you to confirm mail sending from third party applications" | No |
| U | Exshow95 | EXSHOW95.exe | Support software for some of the Kensington mice. Provides access to extra features like those available with enhanced Logitech and MS devices | No |
| N | Extender Resource Monitor | RMSysTry.exe | Related to Windows Media Center from Microsoft | No |
| X | External Dependencies | External.exe | Added by the MYTOB.EC WORM! | No |
| U | ExtraDNS | ExtraDNS.exe | ExtraDNS - DNS configuration tool | No |
| N | ExtraFilmHemmaAgent | Agent.exe | ExtraFilm Photo Assistant | No |
| ? | Extranet AutoDial | AutoExt.exe | Nortel Networks Contivity Extranet Switching Software | No |
| ? | ExxtremeHelperDemon | exxdemon.exe | Creative Exxtreme graphics card related? | No |
| N | Eye Tide Launcher | oneeyetideone.exe | Nascar wallpaper | No |
| X | EYORE | Notepad.scr | Added by the GIMLET-A WORM! | No |
| Y | EZ Firewall | ca.exe | eTrust EZ Armor Internet Security | No |
| U | EZ-DUB Finder | EZ-DUB.exe | Support software for the Lite-On EZ-DUB external DVD writer from Lite-On IT Corporation | No |
| N | ezagent | ezagent.exe | EzVCR recording software for the ASUS TV FM card. Available via Start -> Programs | No |
| N | EzButton | EzButton.EXE | EZbutton is a quick launcher for the Media player app that comes with certain laptops | No |
| N | EZDesk | EZDESK.EXE | Utility that remembers icon locations for each user and resolution. Available here | No |
| N | EzEjMnAp | EzEjMnAp.exe | For IBM Thinkpad Notebooks. Quote: "The IBM ThinkPad EasyEject Utility makes removing multiple devices from your computer faster and easier by enabling you to stop more than one device at once, rather than stopping each device individually". Available via Start -> Programs | No |
| N | ezHelper | ezHelper.exe | Part of the ezPeer+ ezHelper music sharing program. | No |
| X | eZmmod | mmod.exe | eZula TopText adware | No |
| ? | EZNORUN | EZNORUN.EXE | Easy Internet related? | No |
| N | EzPrint | ezprint.exe | Lexmark Fast Pics - helps users of their printers to enhance, print and manage their photos quickly and easily | No |
| Y | ezPS_Px | ezSP_PxEngine.exe | Engine that allows PrimoDVD from Veritas (was Prassi) and Drag'n Drop CD from Easy Systems (and maybe others) to record and protects against other software overwriting the settings | No |
| Y | ezPS_Px | ezSP_Px.exe | Engine that allows PrimoDVD from Veritas (was Prassi) and Drag'n Drop CD from Easy Systems (and maybe others) to record and protects against other software overwriting the settings | No |
| Y | ezShieldProtector for Px | ezSP_Px.exe | Engine that allows PrimoDVD from Veritas (was Prassi) and Drag'n Drop CD from Easy Systems (and maybe others) to record and protects against other software overwriting the settings | No |
| Y | ezShieldProtector for Px | ezSP_PxEngine.exe | Engine that allows PrimoDVD from Veritas (was Prassi) and Drag'n Drop CD from Easy Systems (and maybe others) to record and protects against other software overwriting the settings | No |
| U | EZSMART App | ezsmart.exe | EZ-S.M.A.R.T. hard drive monitoring software from StorageSoft - appears to be no longer supported | No |
| X | ezula | eZmmod.exe | eZula TopText adware | No |
| X | eZulaMain | eZulaMain.exe | eZula TopText adware | No |
| X | eZuluMain | eZuluMain.exe | Comes with "KaZaA" installation. Advertising Spyware. Not required but KaZaA won't work | No |
| X | eZWO | wo.exe | eZula TopText adware | No |
| U | E_S10IC2 | E_S10IC2.EXE | Epson Status Monitor 3 for the Stylus C44 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | E_S23 | E_SICN03.exe | Epson printer status monitor - for checking ink levels, etc. | No |
| U | E_S4I2F1 | E_S4I2F1.EXE | Epson Status Monitor 3 for the Stylus Photo R300 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | E_S4I2G1 | E_S4I2G1.EXE | Epson Status Monitor 3 for the Stylus CX5400 printer - for monitoring printer status, checking ink levels, etc | No |
| U | E_SOEIC1 | E_SOEIC1.exe | Epson Status Monitor 3 - for monitoring printer status, checking ink levels, etc | No |
| U | E_S[numbers] | [path] E_[various].EXE [path] E_S[numbers].tmp | Temporary entry related to Epson Status Monitor 3 for their range of printer and AIO devices - for monitoring printer status, checking ink levels, etc | No |
| X | f | ftkclean.exe | FlashEnhancer adware | No |
| U | F-PROT Antivirus Tray application | FProtTray.exe | System Tray access to F-PROT Antivirus | No |
| X | F-Secure 2005 | svchost.exe | Added by the BIFROSE-CH TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder | No |
| Y | F-Secure 2006 | fspex.exe | F-Secure Anti-Virus automatic updater | No |
| U | F-Secure Management Agent | FSMA32.EXE | F-Secure antivirus - F-Secure Policy Manager provides tools for administering F-Secure software products | No |
| Y | F-Secure Manager | FSM32.EXE | F-Secure antivirus - carry out scheduled virus scans automatically | No |
| Y | F-Secure Startup Wizard | FSSW.EXE | F-Secure antivirus | No |
| Y | F-Secure TNB | TNBUtil.exe | F-Secure antivirus | No |
| Y | F-StopW | F-StopW.exe | F-Prot anti-virus background scanner by F-Risk Software | No |
| U | f1Tray.exe | F1TRAY.EXE | System Tray icon for FusionOne's MightyPhone software. "MightyPhone is a concept for wirelessly synchronizing the data on your mobile phone with your web-based or PC based organizer" | No |
| ? | f23mxins | f23mxins | Related to the now discontinued ATI Fire GL3 graphics card. What does it do and is it required? | No |
| X | f607 | f607.exe | Added by the URAT.B TROJAN! | No |
| X | f73cdc8ee94e | btsendto.exe | Associated with mysearchnow.com/searchbar.html | No |
| X | f94mggfhfghodftdf | [path to trojan] | Added by the SMALL.JHZ TROJAN! | No |
| U | Fabrik Ultimate Backup Status | fabrikhomestat.exe | Status monitor for Fabrik Ultimate Backup from Fabrik Inc. "No matter what happens to the drive on your desk - a spilled drink, a curious toddler, a theft or a natural disaster - you know your files are still safe and secure on Fabrik Ultimate Backup's off-site servers" | No |
| U | FamilyKeyLogger | cisvc.exe | Family Keylogger keystroke logger/monitoring program - remove unless you installed it yourself! Located in %System%\CTF | No |
| X | Fantasia injector | wincfg.exe | Added by the AGOBOT.US WORM! | No |
| ? | fapmon | fapmon.exe | Fair Access Policy monitor for DirecPC/DirecWay internet access | No |
| X | farkrish | farkrish.exe | Added by a variant of the Storm/Nuwar/Zhelatin WORM! See here for an example | No |
| X | farmmext | farmmext.exe | VX2.Transponder parasite updater/installer related | No |
| X | Fash | Fash.exe | Unidentified adware | No |
| X | faslkakj11 | kjgagklj11.exe | Added by the LEGMIE-ARE TROJAN! | No |
| N | fast | fast.exe | Installs as part of Windows XP PowerToys as an option for very-fast user switching (allowing a keystoke to switch users instead of using the login screen). It is only used for the hot-key switch and yet it hogs 1.5 megs of memory in two separate processes (one run by the user & one by the system). Optional install in PowerToys | No |
| N | FAST Defrag | FAST2.EXE | FastDefrag defragmenting software | No |
| X | Fast Home | svcnvt.exe | Detected by Kaspersky as the DELF.KS TROJAN! This file may be found in the System folder on 9x machines, however as of this writing it has only been seen in the System32 folder | No |
| X | Fast Search | svcnv.exe | Homepage, Startpage hijacker. Possible variant of Trojan-Downloader.Win32.Delf | No |
| X | Fast start | Ntut.exe | Adware - deteced by Kaspersky as the FAVADD.I TROJAN! | No |
| X | Fast start | svcnt.exe | Adware - detected by Kaspersky as a variant of the FAVADD TROJAN! | No |
| U | FastCache | fc.exe | FastCache from AnalogX - speeds up browsing by resolving DNS requests locally | No |
| X | fastsmell | fastsmell.exe | Added by a variant of the Storm/Nuwar/Zhelatin WORM! See here for an example | No |
| X | FastStart | ntnut32.exe | Added by the STARTPAGE.L TROJAN! | No |
| X | FastStart | svcnut.exe | Browser hijacker - a variant of the STARTPAGE.L TROJAN! | No |
| X | FastStart | svcnut32.exe | Browser hijacker - a variant of the STARTPAGE.L TROJAN! | No |
| N | FastTrack Accelerator | SPEED UP.EXE | FastTrack Accelerator - "speedup" utility for programs that use the FastTrack network such as KaZaA Media Desktop, Grokster and Morpheus | No |
| X | FASTTRACKNETVISION | NETVISION.exe | DialCar-Z premium rate dialer | No |
| U | FastTVSync | FastTVSync.exe | Part of InterVideo (now Corel) DVD Copy - "fast DVD copying and file conversion software. In just three steps, you can copy videos to most DVD formats, or convert them for smooth, flawless viewing on your PSP® or iPod®. With broad format support and unique CopyLater™ technology, DVD Copy saves you time and ensures high-quality output like no other copying software" | No |
| N | FastUser | fast.exe | Installs as part of Windows XP PowerToys as an option for very-fast user switching (allowing a keystoke to switch users instead of using the login screen). It is only used for the hot-key switch and yet it hogs 1.5 megs of memory in two separate processes (one run by the user & one by the system). Optional install in PowerToys | No |
| N | FastUsr | fast.exe | Installs as part of Windows XP PowerToys as an option for very-fast user switching (allowing a keystoke to switch users instead of using the login screen). It is only used for the hot-key switch and yet it hogs 1.5 megs of memory in two separate processes (one run by the user & one by the system). Optional install in PowerToys | No |
| U | FatPipe | DHCP | Software enabling high speed internet browsing (2-4 times faster) and internet connection sharing for up to 5 users | No |
| U | Fatpipe Dialer | fpdialer.exe | Dailler for Fatpipe - software enabling high speed internet browsing (2-4 times faster) and internet connection sharing for up to 5 users | No |
| U | fatrecov | fatrecov.exe | SCKeyLog.j keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| U | FavoriteSync | FavoriteSync.exe | FavoriteSync keeps the same set of Internet Explorer Favorites on several computers in sync | No |
| U | FaxCenterServer | fm3032.exe | FaxMan integrates complete fax send and receive support into Windows applications without requiring additional fax software. Incorporated into software by Lexmark, MCI, Lotus, My Software, Broderbund, Traffic Software and many others | No |
| U | FaxCenterServer4_in_1 | fm3032.exe | FaxMan integrates complete fax send and receive support into Windows applications without requiring additional fax software. Incorporated into software by Lexmark, MCI, Lotus, My Software, Broderbund, Traffic Software and many others | No |
| U | FaxCtrl.exe | ASMediaProxyServer.exe | Part of Avaya's Contact Center Express - "a multi-channel, high-volume software solution from Avaya designed specifically for the intelligent routing and computer telephony integration (CTI) needs of medium-sized contact centers" | No |
| N | FaxTalk CallControl 6.0 | FTClCtrl.EXE | This allows the software to handle incoming and outgoing communications without requiring the FaxTalk Communicator application to be loaded into memory. Can be started manually | No |
| U | FBDirect | FBDirect.exe | Software that monitors the status of a Visioneer OneTouch scanner button and allows you to scan, fax, copy, print, and easily communicate by simply dragging and dropping scans on your PaperPort Desktop! | No |
| ? | FBI | FBISM.exe | Compaq related but what does it do? | No |
| X | fc | runfc.exe | Added by the CAMPURF WORM! | No |
| X | FCEngine | FCEngine.exe | CASClient adware | No |
| X | FCHelp | FCHelp.exe | Added by either FCHelp adware or a variant of it | No |
| X | FCMan | FCMan.exe | FCHelp adware | No |
| X | Fdaemon security | fsecur.exe | Added by the SDBOT.KXO WORM! | No |
| X | FDD SYSTEM | Fdd.exe | Added by the MYTOB-FO WORM! | No |
| X | Fdr Command Module | sp2.exe | Added by the SDBOT.WP WORM! | No |
| X | FDriver | windrv.exe | Added by the DELF.WG TROJAN! | No |
| U | FD_SAP | FD.exe | Reported to be the autopassword program from the Sony Microvault thumb drive | No |
| X | FeCPY | fecpy.exe | FlashEnhancer adware | No |
| U | feedreader.exe | feedreader.exe | "Feedreader is a freeware Windows application that reads and displays Internet newsfeeds aka ATOM and RSS feeds based on XML" | No |
| X | feelalright | mirc.exe | Added by the IRCFLOOD-M WORM! | No |
| U | FEELitDeviceManager | feelitdm.exe | Associated with Immersion TouchSense devices (Logitech Wingman Force Feedback Mouse and possibly other peripherals) | No |
| X | fegoze | SVCH0ST.EXE | Added by the GRAYBIRD.D VIRUS! Note - the filename has the digit 0 rather then the uppercase "o" | No |
| U | Fellowes Proxy | R3proxy.exe | Installed with Fellowes EasyPoint mouse software. Not necessary for normal functioning of Fellowes mice but it is necessary to use the extended features of all Fellowes mice | No |
| X | Fen Startups | fensvc32.exe | Added by the RANDEX.CCF WORM! | No |
| U | FerrariWallPaper | FerrariWP.exe | Calendar that replaces the default desktop background image. It comes with every Acer Ferrari 3000 laptop. Also downloadable for members of www.ferrari.com | No |
| X | ffis | ffisearch.exe | iSearch adware | No |
| U | FG1_00 | frntgate.exe | FrontGate MX - e-mail spam blocker | No |
| ? | fgl23DoubleScreenHooks | f23happ.exe | Related to the now discontinued ATI Fire GL3 graphics card. What does it do and is it required? | No |
| X | fGQEGqHOME | gwwgtp.exe | Added by the RANKY.J TROJAN! | No |
| X | FHPage | shdochp.exe | Added by the WINHOUND TROJAN! | No |
| X | FHStart | shdocsvc.exe | Added by the WINHOUND TROJAN! | No |
| U | Fhtisxk | fhtisxk.exe | XtraKeys keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| U | FieldForms Sync | SyncService.exe | Resco FieldForms. A solution for building of mobile forms that can be viewed or filled in on the run, on a wide range of mobile devices. Supports Microsoft Access databases, and provides for synchronization of other data as well | No |
| X | FiendlyType | csrss.exe | Added by the WEBUS TROJAN! Note - this worm replaces the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! | No |
| X | FILE | abcdefg.exe | Added by the KELVIR.DD WORM! | No |
| ? | file indexing service | msfindfile.exe | New version of MS FindFast and still a resource hog? | No |
| X | file laoder configuration | rnd32.exe | Added by the RBOT.BQJ WORM! | No |
| X | File Mapping Services | hp-1003.exe | Added by the RBOT.FAN WORM! | No |
| X | File Protection Monitor | filemon.exe | Added by a variant of the RBOT WORM! | No |
| X | File System | taskmqrs.exe | Added by a variant of the TOXBOT/CODBOT WORM! | No |
| X | File System | taskmqr.exe | Added by the RBOT.BWQ WORM! | No |
| X | File System Service | wmiprvsc.exe | Added by the AGOBOT-HZ TROJAN! | No |
| X | File-Sharing Wizard | shwizard.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | File0_0 | MD1.exe | Added by the DLOADER-OR TROJAN! | No |
| X | File1 | Dia Claro.htm | Added by the DLOADER-OR TROJAN! | No |
| X | FileFreedom_Plugin | wtm.exe | FileFreedom peer-to-peer sharing program | No |
| X | FileManager32 | Wscript.exe ChkMgr32.vbs | Added by the NOTUP.A WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted. The "ChkMgr32.vbs" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| X | filename process | kerneldll.exe | Added by the AOGBOT-PO WORM! | No |
| X | filename process | explore.exe | Added by the AOGBOT-QN WORM! | No |
| X | FileSoft | Wscript.exe UpdataFiles.vbs | Added by the SST.B WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted. The "UpdataFiles.vbs" file is located in the Winnt or Windows folder | No |
| U | FilmLoop | FilmLoopService.exe | Related to FilmLoop - a photocasting network. Share your pictures with your family and friends | No |
| U | FilterGate | filtergate.exe | Filtergate internet filtering software - filters sounds, popup ads, background sound and other unnecessary website items | No |
| U | Filterguard | Filtrgrd.exe | An icon located in the lower left of the screen and looks like a lifesaver. This icon is a "short-cut" to access the basic features of SOS-Guardian, SOS-KidProof Lite, SOS Best Defense and SOS Pro such as Internet filtering utility. You can access this menu by "right-clicking" on the icon | No |
| X | Find | find.exe | Added by the OPANKI WORM! | No |
| N | Find Fast | Findfast.exe | Resource hog from older versions of MS Office - searches disk drives for Office file types and creates an index to make opening them easier | No |
| Y | Find Virus Launch Program | fvlaunch.exe | Part of Dr. Solomon's Antivirus | No |
| X | findfast | findfast.exe | Added by the DLOADER.PFR TROJAN! Note - the is not the legitimate file of the same name installed with older versions of MS Office | No |
| X | findfast.exe | findfast.exe | Identified as the RUNDIS.A TROJAN! Note - the is not the legitimate file of the same name installed with older versions of MS Office | No |
| X | FindHack | [path to worm] | Added by the KELVIR-BA WORM! | No |
| U | FinePrint Dispatcher v4 | fpdisp4a.exe | FinePrint Dispatcher - handles the spooling of print jobs to the FinePrint printer. Version 4.x of the software. "FinePrint saves ink, paper, time and money by controlling and enhancing printed output" | No |
| U | FinePrint Dispatcher v4 | fpdisp4.exe | FinePrint Dispatcher - handles the spooling of print jobs to the FinePrint printer. Version 4.x of the software. "FinePrint saves ink, paper, time and money by controlling and enhancing printed output" | No |
| U | FinePrint Dispatcher v5 | fpdisp5a.exe | FinePrint Dispatcher - handles the spooling of print jobs to the FinePrint printer. Version 5.x of the software. "FinePrint saves ink, paper, time and money by controlling and enhancing printed output" | No |
| N | FineReader7NewsReaderPro | AbbyyNewsReader.exe | ABBYY FineReader OCR software - version 7 | No |
| X | Fire Wall services | [random filename] | Added by the IRCBOT-QY WORM! | No |
| ? | FireBox Control Panel | FireBox.exe | Control panel for the Presonus FireBox firewire based music recording system. Is it required? | No |
| X | FireExplore Update | FireExplore.exe | Added by a variant of the RBOT WORM! | No |
| X | FireFox | firefox.exe | Added by the RBOT-ATP WORM! Note - this is not the popular FireFox web browser and is located in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| X | Firefox Plugin Manager | firefoxpgm.exe | Added by the MSNPHOTO.E WORM! | No |
| X | FireFox Service Drivers | ssmss.exe | Added by a variant of the SDBOT WORM! | No |
| X | FireFox Startup Drivers | wuaclt.exe | Added by the RBOT.BYX WORM! | No |
| X | firefox.exe | firefox.exe | Added by the BANKER-EBO TROJAN! Note - this is not the popular FireFox web browser and is located in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| X | FiresWallservices | [random].exe | Added by the RBOT-FJT WORM! | No |
| X | Firewall | wmlaunch .exe | Added by the ELIPTER.A or ELIPTER.B WORMS! | No |
| X | Firewall | wmlaunch .exe | Added by the ELIPTER.D WORM! | No |
| X | Firewall | SP2 UPDATE.exe | Added by the ELITPER.E WORM! | No |
| X | Firewall | Firewall.bat | Added by the YPSAN.G WORM! | No |
| X | firewall | fw_304.exe | Added by the BDOOR-JQ BACKDOOR! | No |
| X | Firewall | ctfmon.exe | Added by a variant of the IRCBOT BACKDOOR! Note - this is not the legitimate ctfmon.exe process associated with alternate text inputs which is always located in %System%. This one is located in %Windir% | No |
| X | Firewall auto setup | winlogon.exe | Added by a TROJAN - see here. Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup! | No |
| X | Firewall Controls | sys32.exe | Added by the SDBOT-DGI WORM! | No |
| X | Firewall Policy | MidiDef32.exe | Added by the PIEBOT-A TROJAN! | No |
| X | Firewall Sp2 system | sys32Conf.exe | Added by the RBOT-ABT WORM! | No |
| X | Firewall Update System1 | WinedowsUpdater1.exe | Added by the RBOT-ARU WORM! | No |
| X | Firewall Updater | msnupdateit.exe | Added by the RBOT-AAQ WORM! | No |
| X | Firewall.exe | Firewall.exe | Added by the AGENT.AGL WORM! | No |
| X | FirewallActivies | csrss.exe | Added by the BANKER-AQ TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "3041" subfolder | No |
| Y | FirewallGUI | FirewallGUI.exe | System Tray access to PC Tools Firewall Plus from PC Tools - which "is a powerful personal firewall for Windows that protects your computer from intruders and controls the network traffic in and out of your PC" | Yes |
| U | FirewallStartup | Firewallstartup.exe | Innovative Startup Firewall - "designed to protect your computer from programs that install themselves in the StartUp area of your Windows without asking for your approval. Innovative StartUp Firewall will help you keep your computer clean, fast and in it's best shape" | No |
| X | FirewallSvr | FirewallSvr.exe | Added by the NETSKY.X or NETSKY.Y WORMS! | No |
| X | firewall_anti | firewall_anti.exe | Added by the NETDENY-B TROJAN! | No |
| X | FireWire Driver | samx.exe | Added by the SDBOT.AE WORM! | No |
| X | FireWire Service | nvscv32.exe | Added by a variant of the SDBOT WORM! | No |
| X | FireWire Services | nvcsv32.exe | Added by a variant of the SPYBOT WORM! | No |
| X | First Home Page | http://find.naupoint.com | Naupoint browser hijacker | No |
| X | FIX | WinFIX1.0.vbs | Added by the GORMLEZ-A WORM! | No |
| Y | Fix-it | mxtask.exe | Part of Ontrack's Fix-it Utilities Suite. Loads a System Tray icon that lets you access the full program. Needed if you run the crash guard, intellicluster, anti-virus, or autoupdater. Otherwise not required | No |
| Y | Fix-it AV | memcheck.exe | Part of Ontrack's Fix-it Utilities Suite anti-virus. Performs a quick check of memory for signs of any virus. Exits afterward and returns all resources used in one user's experience. Not required but could be left without a drain on resources | No |
| X | Fixnice | vcvw.exe | Added by the SDBOT TROJAN! | No |
| X | fjdslssdfd | mat2.exe | Added by the SLAPEW.C TROJAN! | No |
| U | FjMenu | FjMenu.exe | From the "Fujitsu Menu" tray icon you have instant access to the Control Panel, Tablet pc keyboard, Tablet and pen settings, Fujitsu display controls, brightness control, sounds and audio devices, capture screen, capture window, organize favorites, power options, printers and faxes, LCD brightness MIN, LCD brightness MAX, Enable/disable Button Panel and the Fujitsu menu settings, which are customizable | No |
| U | FJTWAIN Setup | FjtwSetup.exe | Fujitsu scanner utility | No |
| N | FJUPDNV_Chitose | fjdvrupd.exe | Driver update for a Fujitsu Siemens Lifebook laptop | No |
| X | FKS v2.0 | msngr.exe | Added by an unidentified WORM or TROJAN! | No |
| N | fkSysMon | fksysmon.exe | fkWrae SysMon - system monitor - "displays the current memory consumption, CPU and resource usage, date, time, Windows uptime, IP address and a lot more" | No |
| X | FlaCPY | flacpy.exe | FlashEnhancer adware | No |
| X | Flash Driver | [path to trojan] | Added by the AGENT.CWVT TROJAN! | No |
| X | Flash Media | %%%%%.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Flash Media | %%%.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Flash Media | [path to trojan] | Added by the IRCBOT.AUR TROJAN! | No |
| X | Flash Media | ^ ^^^ %% % ^% ^%%^ %^ .exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| X | Flash Media | ^^% ^ %%% %^%%%^%%^%^% % ^^%% % %^^^^ ^%%^%% .exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| X | Flash Media | ^^^^^.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Flash Media | ^^^^^^.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Flash Media | services.exe | Added by a variant of the IRCBOT BACKDOOR! See here. Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Temp% | No |
| X | Flash Media | zrpk��'�'%''msn'�%'fix''.exe" | Added by a variant of the IRCBOT BACKDOOR! | No |
| X | Flash Media | % ^% ^^^ %^% %% ^ ^ %%% ^% %^ % %^^.exe | Added by a variant of the IRCBOT BACKDOOR! See here. Note the space at the beginning of the filename | No |
| X | Flash Media | ^%%^%%%^% %^ ^ .exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| X | Flash Media | %^^%^^% %^^^^ .exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| X | Flash Media | ^%^^^%% ^ ^ %^^^^^ %^ ^%^^ ^%^^^^^ %^ ^^^%^%%.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| X | Flash Media | %^% ^ %^%% ^ % ^%%^^ %^^%^%^ ^%% %^.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| X | Flash Media | %%%%%%^^ ^ .exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| X | Flash Media | skxs��'�'%''msn'�%'fix''.exe" | Added by the AGENT.ZOY TROJAN! | No |
| X | Flash Media | ^ %%^%^%.exe | Added by the FLUSH.A TROJAN! Note the space at the beginning of the filename | No |
| X | Flash Media | %% % ^^ % %% ^%^^ ^^^ % ^%% ^ ^.exe | Added by a variant of the IRCBOT BACKDOOR! See here. Note the space at the beginning of the filename | No |
| X | Flash Media | ^ ^ % ^ % % ^ ^ ^%% ^% %%^^.exe | Added by the IRCBOT.BAW BACKDOOR! | No |
| X | Flash Player2 | [path to worm] | Detected by Trend Micro as the IRCBOT.PD WORM! See here | No |
| ? | FLASH32 | -flash32.exe | ?? | No |
| X | Flash32 | FLASH32.COM | Added by the STARTER-F TROJAN! | No |
| U | FlashEnc | FlashEnc.exe | Supplied with EasyDisk USB pen devices. The utility manages the encryption and compressed folders options. It will create these folders if running on the USB key without permission, which is a pain. No need for it if you do not want these features | No |
| N | Flashget | FlashGet.exe | FlashGet download manager | No |
| X | Flashget Download Manager | Flashget.exe | Added by the RBOT-AGZ WORM! | No |
| X | FlashGuard | FlashGuard.exe | Added by the AUTOIT.AL WORM! | No |
| U | FlashMute | FlashMute.exe | "FlashMute is a tool which allows you to mute/unmute Flash Movies loaded in a browser exclusively, or alternatively all sounds produced by the browser" | No |
| N | FlashPath Monitor | SDSTAT.EXE | System Tray icon that you can't get rid of - and does not need to run!. Tells you the battery status in the floppy disk adapter for the smartmedia cards. Available via Start -> Programs | No |
| N | FlashPath Monitor | FLSHSTAT.EXE | System Tray icon that you can't get rid of - and does not need to run!. Tells you the battery status in the floppy disk adapter for the smartmedia cards. Available via Start -> Programs | No |
| N | FlashPath Status | SDSTAT.EXE | System Tray icon that you can't get rid of - and does not need to run!. Tells you the battery status in the floppy disk adapter for the smartmedia cards. Available via Start -> Programs | No |
| N | FlashPath Status | FLSHSTAT.EXE | System Tray icon that you can't get rid of - and does not need to run!. Tells you the battery status in the floppy disk adapter for the smartmedia cards. Available via Start -> Programs | No |
| X | Flashy Bot | Flashy.exe | Added by the GLUPZY.A WORM! | No |
| X | Flash_Player_Install | ying.exe | Constructor VC2000 malware | No |
| X | FlenCPY | flencpy.exe | FlashEnhancer adware | No |
| U | Flexicd | Flexicd.exe | CD player - part of the Win95 Power Toys | No |
| U | FlingRun | fling.exe | Fling - free FTP software from NCH Software | No |
| U | FLMBROWSERMOUSE | mouse32A.exe | Mouse utility for a Trust brand (and possibly others) mouse. If you disable this entry you will not be able to use any of the non-standard functions of the mouse | No |
| U | FLMK08KB | MMKEYBD.EXE | Multimedia keyboard manager. Required if you use the additional keys | No |
| U | FLMK08KB | KbdAp32A.exe | Keyboard utility for a Medion brand (and possibly others) keyboard. If you disable this entry you will not be able to use any of the keyboard hotkeys or other non-standard functions on the keyboard | No |
| U | FLMLABTECMOUSE | mouse32A.exe | Mouse utility for a Labtec brand (and possibly others) mouse. If you disable this entry you will not be able to use any of the non-standard functions of the mouse | No |
| U | FLMMEDIONMOUSE | mouse32a.exe | Mouse utility for a Medion branded Fellowes mouse | No |
| U | FLMOFFICE4DMOUSE | moffice.exe | Mouse utility for a Labtec brand (and possibly others) mouse. If you disable this entry you will not be able to use any of the non-standard functions of the mouse | No |
| U | FLMOFFICE4DMOUSE | mouse32a.exe | Mouse utility for a Micro Innovations brand (and possibly others) mouse. If you disable this entry you will not be able to use any of the non-standard functions of the mouse | No |
| U | FLMTRUSTKB | KbdAp32A.exe | Keyboard utility for a Trust brand keyboard. If you disable this entry you will not be able to use any of the keyboard hotkeys or other non-standard functions on the keyboard | No |
| U | FLMTRUSTMOUSE | mouse32a.exe | Mouse utility for a Trust brand (and possibly others) mouse. If you disable this entry you will not be able to use any of the non-standard functions of the mouse | No |
| X | FlnCPY | flncpy.exe | FlashEnhancer adware | No |
| X | FLooDNeT | FLooDeR.exe | Added by the ENDOOL TROJAN! | No |
| X | Floppy Master | [path to trojan] | Added by the ZONIT-F TROJAN! | No |
| ? | Flow Go TV | flogotv.exe | ?? | No |
| X | flps | flps.vbs | Added by the BYRON WORM! | No |
| X | flpycntl | flpycntl.exe | Added by the CRYPTER.C TROJAN! | No |
| ? | FLSVCI | FLSVCI.exe | ?? | No |
| Y | FltProcess | msinet.exe | Part of Cyber Patrol internet filtering software to restrict access to certain types of material on the internet. It can be disabled but do not ask how it's done | No |
| X | FlyswatDesktop | flydesk.exe | Advertising spyware | No |
| U | FmctrlTray | Fmctrl.EXE | Genius SM-Live Control Panel. Enhances audio output through Genius sound cards (makes a big difference and worth the 3MB Ram used) | No |
| X | fmnwebassist | fmnwebassist.exe | Adware popup generator | No |
| U | FMStart | Fmstart.exe | GFI FAXmaker - native fax connector for Microsoft Exchange Server or for networks, allows all users to send and receive faxes right from their desktop | No |
| X | FMSZ | fmsz.exe | Added by the FMSZ TROJAN! | No |
| X | fnmwebassist | fnmwebassist.exe | WinPL adware | No |
| ? | Focus | Focus.exe | ISDN configuration wizard? | No |
| X | Folder Service | wssdtu.exe | Added by the MANIFEST TROJAN! | No |
| U | Folder View | folderview.exe | Folder View enhances the Windows file Explorer by making all folders you need available in a single click | No |
| U | FolderClone v*.*.* | folderclone.exe | Folderclone backup and synchronization software | No |
| X | FolderRaper | [path to worm] | Added by the VB.GOZ WORM! | No |
| U | FolderShare | FolderShare.exe | "FolderShare allows you to create a private peer-to-peer network that will help you to synchronize files across multiple devices and access or share files with colleagues and friends" | No |
| N | Folding@home | WINFAH.EXE | Folding@Home is a distributed computing project which studies protein folding, misfolding, aggregation, and related diseases - must be running in order to access the internet to upload to the servers. Available via Start -> Programs | No |
| N | FoneSyncSystemTray | FoneSyncSystemTray.exe | System Tray icon for Nokia FoneSync utility for the 7160/7190 mobiles. Useful to send data from/to the cell phone and the computer. You can use it to backup data or even to input data through the computer keyboard (which naturally is much more comfortable). Run manually when required | No |
| X | Font Viewer | fontviewer.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | FontFix | fontfix.exe | Added by an unidentified VIRUS, WORM or TROJAN! | No |
| N | fontnav | FontNav.exe | Font Navigator from Bitstream Inc. - a font management utility | No |
| X | FontsLoader | ldfnt32.hta | Unidentified malware | No |
| X | FONTVIEW | FONTVIEW.EXE | Added by the OPASERV.T WORM! | No |
| U | FooBar 1.0 | FooBar.exe | FooBar - "combines fifteen high-quality productivity tools in a single toolbar that floats on your desktop or runs in the Windows task bar" | No |
| X | foobin lptt01 | adaware.exe | RapidBlaster variant (in a "foo1" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here | No |
| X | foobin ml097e | adaware.exe | RapidBlaster variant (in a "foo1" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here | No |
| Y | FoolProof | fpwinldr.exe | FoolProof Security PC security software from SmartStuff | No |
| Y | FoolProofSweep | ?? | Part of FoolProof Security PC security software from SmartStuff | No |
| N | Forbes | ForbesAlerts.exe | Forbes Business News Alerts - displays business news headlines in a little window on the screen | No |
| X | ForceShow | rundll32.exe QaBar.dll, ForceShowBar | AdultLinks.QBar parasite related! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "QaBar.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| N | Forget Me Not | AGRemind.exe | Calendar reminder part of Broderbund's American Greetings? CreataCard? | No |
| Y | FortiClient | FortiClient.exe | Fortinet security systems are the new generation of real time network protection systems | No |
| U | Fortis Secure Layer Config | cseinst.exe | Fortis Bank Home Banking part. Installed during the installation of the software necessary to run the Home Banking. According to Fortis Bank this will not in any way be harmful to the system or relay system information | No |
| N | FotoStation Easy AutoLaunch | FotoStation Easy AutoLaunch.exe | Installed with a Nikon digital camera. Used to collect photos uploaded from camera program NkVwMon.exe. If your camera is not connected (via USB port) you do not need this program loaded either | No |
| U | Foul PX | FoulPX.exe | Foul PX, Optusnet usage stat checker | No |
| U | FourthDay | FourthDay.exe | The Fourth Day - "astronomical clock and almanac for your system tray" | No |
| X | FoWilCo | fowilco.exe | Added by the WOOTBOT.CR WORM! | No |
| X | foxdh | foxdhend.exe | Added by the MENGHUAN TROJAN! | No |
| X | foxdh | foxdh.exe | Added by the GWGHOST-Q TROJAN! | No |
| X | foxrxjh | foxrxjh.exe | Added by the GWGHOST-T TROJAN! | No |
| X | foxwudy9912 | service.exe | Added by the BANCOS-BT TROJAN! | No |
| Y | FP Loader | loadfp.exe | FoolProof Security - PC security software from SmartStuff | No |
| ? | FPWGMWZD | FPWGMWZD.exe | ?? | No |
| N | Fpx | mnmsrvc.exe | Remote Desktop Sharing service part of Microsoft's Netmeeting allowing users to share items on their screens across remote locations | No |
| X | fqor | stub_113_4_0_4_0.exe | TargetSaver adware | No |
| X | FrameWork 2.5 | FrameWork.exe | Added by the RBOT-FMW WORM! Note - can terminate AV related processes | No |
| X | France | svchost.exe | Added by the MIMAIL.L WORM! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder | No |
| U | Fraps | fraps.exe | Fraps Real-Time Video Capture software | No |
| N | Free Download Manager | fdm.exe | "Free Download Manager" - see here | No |
| ? | Free Downloads Monitor | fdcmon.exe | ?? | No |
| N | Free DVD Direct | FreeDVDDirect.exe | Free DVD Direct - provides a program to access a peer-to-peer (P2P) file-sharing network (see here) | No |
| U | Free Ram Optimizer | fro.exe | Free Ram Optimizer monitors your memory, and frees up ram if it falls below a certain minimum. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/ME. See this article and make up your own mind | No |
| N | Freebie Notes | FreebieNotes.exe | Freebie Notes by Power Soft - create electronic notes (stickers) | No |
| N | FreeCall | FreeCall.exe | FreeCall - free internet telephony utility using the VoIP (Voice over Internet Protocol). Call online friends for free and regular phones either for free (limited use) or low rates. One of a number provided by Betamax - the others generally have different rate plans. Similar to the more popular Skype | No |
| Y | Freedom | Freedom.exe | Freedom Internet Security & Privacy - anti-virus, personal firewall and parental control. It also blocks ads, safeguards your personal information, encrypts your passwords, and much more. No longer available for sale | No |
| U | FreeMem Pro | FMEMPRO.EXE | FreeMem Pro - memory optimizer. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mind | No |
| U | FreeMemVn2 | FreeMem.exe | FreeMem - memory optimizer. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mind | No |
| X | FreeMP3download | rundll32.exe MSA64CHK.dll, DllMostrar | MatrixDialer related. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in the Winnt or Windows folder | No |
| U | FreeRAM XP | FreeRAM XP Pro *.exe | FreeRAM XP Pro - memory optimizer where * represents the version. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mind | No |
| U | FreeRAM XP | FreeRAM XP Pro.exe | FreeRAM XP Pro - memory optimizer. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mind | No |
| X | freestyle | lockx.exe | Added by the RBOT-ATH WORM! | No |
| U | freesurfer | fs20.exe | EMS Free Surfer mk II - pop-up stopper | No |
| X | freexstyle | lockbar.exe | Added by the LOXBOT.D WORM! | No |
| X | freexstyle | lockbr.exe | Added by the LOXBOT.C WORM! | No |
| X | freinst | pgs.exe | WinSpyControl spyware remover - not recommended, see here | No |
| U | Fresh Desktop | freshdesktop.exe | Fresh Desktop is a utility that lets you manage vast collections of wallpapers for your desktop with ease. When run on bootup it changes the desktop wallpaper at startup or at specified intervals | No |
| N | freshclam | freshclam.exe | Auto update agent of the open source Clamwin virus scanner | No |
| ? | frguk | shdrkmck.exe | ?? | No |
| ? | FridaysInHellInstaller | FridaysInHellInstaller.exe | ?? | No |
| X | FriendlyType | lsass.exe | Added by the WEBUS.B TROJAN! Note - this is not the legitimate lsass.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the System folder | No |
| X | FriendlyTypeName | services.exe | Added by the NEVEG.B or NEVEG.C WORMS! Note - this is not the legitimate services.exe process, which should not appear in Msconfig/Startup! | No |
| X | FriendlyTypeName | winlogon.exe | Added by the NEVEG.A WORM! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup! | No |
| N | FriendlyWebQuick-Launch | SELFCERT.EXE | selfcert.exe is a stand alone program for creating your own digital certificates for macros - the .exe is installed as an extra basically by clicking on MS Office in add/remove programs and selecting remove - also I would do away with the FriendlyWebQuickLaunchBar as well | No |
| U | FRISK FP-Scheduler | F-Sched.exe | Scheduler for F-Prot anitvirus software. Leave enabled unless you scan manually on a regular basis | No |
| ? | FRITZ!DSL Startcenter | StCenter.exe | FRITZ! ISP software "StartCenter" User interface that allows you to manage, tweak and diagnose many aspects of your internet connection - is it required? | No |
| U | FRITZ!webProtect | FwebProt.exe | Firewall included in FRITZ! ISP DSL software | No |
| N | Fromine WinPopup | winpopup.exe | Instant Messenger program | No |
| X | froody | timoty.exe | Added by an unidentified malware | No |
| X | Frsk | frsk.exe | Unidentified adware downloader trojan | No |
| X | frun | derc32xz.exe | Added by an unidentified TROJAN! | No |
| Y | FRW_EXE | FRW.EXE | ConSeal Signal9 firewall - now McAfee Personal firewall | No |
| Y | frxmxins | frxmxins.exe | ATI 3D Studio MAX/VIZ driver | No |
| X | FS Agent | fagent.exe | Added by the VOLVER-B TROJAN! | No |
| X | FS6519 | FS6519.dll.vbs | Added by the SOLOW.B WORM! | No |
| Y | fsaa | fsaa.exe | F-Secure antivirus Authentication Agent - creates and stores private keys used by a client to access servers | No |
| N | FSCBoss | FSCBoss.exe | Free Store Club shop online software | No |
| ? | FSDPSRV | FSDPSRV.exe | ?? | No |
| X | FSH | svcnva.exe | Malware, detected by Ewido Security Suite as TrojanDownloader.Delf.ks | No |
| U | fsp | fsp.exe | Folder Shield - hide entire directories and thus prevent access by anyone else to your personal files and documents | No |
| Y | fspr | FolderShield.exe | Folder Shield - hide personal files and folders | No |
| N | FSScrCtl | FSScrCtl.exe | Screen saver control applet used by the "Stardust Screen Saver Toolkit" and "SolidWorks Screen Saver" | No |
| U | fsserv | fserv.exe | Farsighter Server - monitors a remote computer invisibly by streaming video to a viewer on your computer. You will know exactly what is happening on the remote computer as you see it in real-time | No |
| X | fstsvc | rundll32.exe fstsvc.dll,start | Added by the AKBOT-AA WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "fstsvc.dll" file is found in %System% | No |
| X | FSW | FSW.exe | FreeScratchAndWin parasite | No |
| U | FSWebServer | fsws.exe | Easy File Sharing Web Server is a Windows program that allows you to host a secure peer-to-peer and web-based file sharing system without any additional software or services | No |
| X | ftk | ftkclean.exe | FlashEnhancer adware | No |
| X | FtkCPY | ftkcpy.exe | FlashEnhancer adware | No |
| U | FtLnSOP_setup | FtLnSOP.exe | Fujitsu scanner utility | No |
| U | FTMSFLT(USB) | FTMSFLTU.EXE | Fujitsu's Touch Panel Message Notifier | No |
| X | FTP FOR WINDOWS | ftpwin32.exe | Added by a variant of the RBOT WORM! | No |
| X | FTPGraber | FTPGraber.exe | Added by the DLOADER-DT TROJAN! | No |
| N | FTPManager | FTPDM.exe | "Robust FTP is a Windows-based file transfer client application that transfers files between a user's local PC and another, remote computer system connected via a modem and telephone lines or by a local-area network (with upload transfer resume and download transfer resume)". Can be started manually | No |
| U | Ftpqueue | Ftpsched.exe | Part of WS_FTP Pro from Ipswitch. Queueing facility for scheduling FTP transfers | No |
| ? | FtpServer.exe | FtpServer.exe | Part of Sharpdesk from Sharp Electronics Corp. "An easy to use desktop-based, personal document management application that lets users browse, edit, search, compose, process, and forward both scanned and native electronic documents". Is it required? | No |
| U | ftutil2 | rundll32.exe ftutil2.dll, SetWriteCacheMode | Related to Promise Technology's FastTrak SX4030/4060 PCI ATA Raid 5 controller (and possibly others) | No |
| X | FuckD3w4 | FuckD3w4.exe | Added by the BRONTOK-DI WORM! | No |
| X | Fucker | fucker.vbs | Added by the CATCHER-A WORM! | No |
| U | Fujitsu Hotkey Utility | IndicatorUty.exe | Fujitsu Hotkey Utility displays icons on the screen when you use hotkeys on a Fujitsu Siemens Lifebook, eg, when you press the hotkey for muting the sound, a loudspeaker icon with a cross on it is displayed | No |
| U | Fujitsu Menu | FjMnuIco.exe | From the "Fujitsu Menu" tray icon you have instant access to the Control Panel, Tablet pc keyboard, Tablet and pen settings, Fujitsu display controls, brightness control, sounds and audio devices, capture screen, capture window, organize favorites, power options, printers and faxes, LCD brightness MIN, LCD brightness MAX, Enable/disable Button Panel and the Fujitsu menu settings, which are customizable | No |
| X | fukerservice | fukerz.exe | Added by a variant of the RBOT WORM! | No |
| X | FUKLBAR | bar.exe | PurityScan/Clickspring adware | No |
| X | Fun | Fun.exe | Added by the COIDUNG-A WORM! | No |
| N | FusionHdtvTray | FusionHdtvTray.exe | FusionTrayAgent - main executable for DVICO FusionHDTV software. It adds an icon to system tray that allows you to easily access Fusion HDTV software | No |
| U | FusionRC | FusionRC.exe | Remote control manager for DVICO FusionHDTV | No |
| U | FusionRemote | FusionRc.exe | Remote control manager for DVICO FusionHDTV | No |
| N | FusionTrayAgent | FusionHdtvTray.exe | FusionTrayAgent - main executable for DVICO FusionHDTV software. It adds an icon to system tray that allows you to easily access Fusion HDTV software | No |
| X | fvek | fvek.exe | Added by the DRIVOL-A TROJAN! | No |
| Y | FveNotify | fveNotify.exe | Windows Vista - BitLocker Drive Encryption Notification Utility. Available with Enterprise and Ultimate versions of Vista, "BitLocker prevents a thief who boots another operating system or runs a software hacking tool from breaking Windows Vista file and system protections or performing offline viewing of the files stored on the protected drive" - see here | No |
| X | FW Manager | fwcheck.exe | Added by the DELBOT-H WORM! | No |
| X | FWDMON.EXE | fwdmon.exe | Added by the PROXY-S TROJAN! | No |
| Y | fwenc.exe | fwenc.exe | Check Point SecuRemote VPN client - "dynamic and fixed IP addressing for all ISP services - dial-up, cable modem, or DSL - the ideal solution for telecommuters and mobile workers" | No |
| X | Fwr Command Module | fwr.exe | Added by the SDBOT-PP WORM! | No |
| N | fwrastrc | fwrastrc.exe | Dial-up software for Friendly Technologies/1NationOnLine free ISP | No |
| U | fwservice | fwservice | eAcceleration Stop-Sign security software related. Previously not recommended, see here | No |
| X | FX | ieloader.exe | Added by the SMALL.RR TROJAN! | No |
| U | fxredir | fxredir.exe | Canon MultiPASS fax redirector | No |
| X | fzg | svhost32.exe | Added by the DLOADER.BDK TROJAN! | No |
| X | f~a | ra32.exe | Added by the CAY TROJAN! | No |
| X | g.exe | g.exe | Added by the GRAYBIRD.Q TROJAN! | No |
| X | G00123 | [worm filename] | Added by the BUGBROS WORM! | No |
| X | G0mez | G0mez.vbs | Added by the GORMLEZ-A WORM! | No |
| X | G3 | GSMedia3.exe | Malware downloader - detected by Kaspersky as the VB.UX TROJAN! | No |
| ? | g3dctl | g3dctl.exe | ?? | No |
| X | G4G | [random filename] | Detected as Trojan-Downloader.Win32.VB.fki | No |
| U | G6FTP Server Tray Monitor | G6FTPTray.exe | System Tray monitoring tool for Gene6 FTP Server - "an advanced FTP server software for Windows developed specifically for security and high performance requirements" | No |
| ? | GACService | GACService.exe | Related to a Gemplus product. What does it do and is it required? | No |
| X | gadkgak12 | fsafsakx12.exe | Added by the ONLINEG-N TROJAN! | No |
| N | Gadu-Gadu | gg.exe | Polish language Instant Messaging client | No |
| N | Gadwin PrintScreen | PrintScreen.exe | Gadwin PrintScreen - utility to capture, print or save the current window | No |
| X | GAELICUM.EXE | GAELICUM.EXE | Added by the PENTA-A TROJAN! | No |
| X | gah95on6 | gah95on6.exe | ShopAtHome/SAHagent adware | No |
| U | gaim | gaim.exe | Gaim is an instant messenger client with capability to connect to AIM, ICQ, MSN Messenger, Yahoo, IRC, Jabber, Gadu-Gadu and Zephyr networks | No |
| U | Gainward | TBPanel.exe | Configuration utility for Gainward graphics cards. Not required unless you use non-default settings. Available via Start -> Settings -> Control Panel | No |
| X | game | shit.exe | Added by the Netclap Gold backdoor TROJAN! | No |
| X | game | patcher.scr | Added by the PSW-ED TROJAN! | No |
| N | Game Device | JOYUPDRV.EXE | Genius game controller profile activator | No |
| X | Game House | GameHouse.exe | Added by the DELF-DRA WORM! | No |
| N | GameDrive | GDTask.exe | GameDrive from FarStone - virtual CD/DVD drive emulator that allows you to run your PC games without the disc. Available via Start → Programs | No |
| X | Games Acceleration | svshost.exe | EasySearch adware | No |
| X | Games Acceleration | [path to trojan] | Added by the SMUTSRCH-A TROJAN! | No |
| X | Games Acceleration | svshost1.exe | Added by the DLOADR-AWD TROJAN! | No |
| X | Games toolbar | rundll32.exe [path] tbGame.dll, DllShowTB | Topconverting.com180Search "Games Toolbar" adware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| N | GameSpot | kontiki.exe | Kontiki Delivery Manager - Windows-based client software that enables secure delivery of content to users' desktops | No |
| U | gameutil.exe | gameutil.exe | Part of Redline RegTweak as supplied with Sapphire ATI graphics cards. You can configure different overlclocking settings on a per game basis and this sets those conditions following a re-boot | No |
| X | gamma | svchost.exe | Added by a variant of the DELF.IT TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! | No |
| U | GammaHotKeys | setgamma.exe | Part of the RadeonTweaker program for adjusting ATI Radeon graphics cards. Allows you to adjust the gamma (or brightness) when playing a full-screen game without switching back to the desktop | No |
| X | gangsta | gangsta.exe | Detected by Kaspersky as the RIMA.A BACKDOOR! See here | No |
| U | GARO Status Monitor | cnwism.exe | Print monitor for certain Canon printers | No |
| X | gaSrv | gaSrv.exe | Detected by Panda as the DOWNLOADER.ALQ TROJAN! Adware downloader | No |
| X | gaSrve | gaSrve.exe | Detected by Panda as the DOWNLOADER.ALQ TROJAN! Adware downloader | No |
| X | Gate Personal Firewall | Systpl.exe | Added by the RBOT.ADC WORM | No |
| N | Gateway Extended Warranty | GWCares.exe | Gateway Extended Warranty reminder | No |
| X | Gator | gator.exe | Gator eWallet adware. Please note that Claria Corporation no longer support GAIN-Supported software - see here | No |
| X | Gator eWallet | gator.exe | Gator eWallet adware. Please note that Claria Corporation no longer support GAIN-Supported software - see here | No |
| X | Gay_Sexy_** | Gay_Sexy_**.exe | Premium rate adult content dialler (where * is a random char) | No |
| U | GazelDisplay | gsyno.exe | BT Digital Access USB - Gazel ISDN installation System Tray icon | No |
| Y | GBMHome7Agent | GBMAgent.exe | Genie Backup Manager Home 7 - backup software | No |
| Y | GBMLite7Agent | GBMAgent.exe | Genie Backup Manager Lite 7 - backup software | No |
| Y | GBMPro7Agent | GBMAgent.exe | Genie Backup Manager Pro 7 - backup software | No |
| Y | GBSpaceMan | SpaceMan.exe | GreenBorder - secure your browsing activities on the internet | No |
| U | GBTray | GBTray.exe | System Tray icon access to Roxio's (nee Adaptec) GoBack software which allows you to revert back to a previously working state on you hard drive if you install a new program and your system goes faulty - performing the same functions with extra features as System Restore on WinMe/XP systems. Disable before running Scandisk or Defrag. Not required for WinMe/XP users, recommended for Win9x/NT/2K users | No |
| X | gCac | gcac.exe | Added by the TACTSLAY.U TROJAN! | No |
| X | gcasDtServ | gcasDtServ.exe | Added by an unidentified WORM or TROJAN. Note - this is not related to Microsoft Antispyware which has a process bearing the same name which doesn't appear as a startup | No |
| Y | gcasServ | gcasServ.exe | Giant Antipsyware - now superseded by Microsoft's Windows Defender | No |
| X | gcasServ | realsched.exe | Added by a variant of the TACTSLAY.A TROJAN! Note - this is not the legitimate RealOne Player (realsched.exe) application of the same name | No |
| ? | GCC Reminder | gccrem.exe | Associated with AcraMax Greeting Card Creator. Is it a registration reminder? | No |
| N | GCS | GrabClipSave.exe | GrabClipSave screen capture tool | No |
| X | GDAX | [path to backdoor] | Added by the RANKY.K TROJAN! | No |
| X | gdcw | GDCW.exe | WinAnonymous spyware remover - not recommended, see here | No |
| X | Gddlib | rundll32.exe gddlib.dll,start | Added by the AKBOT.EG WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "gddlib.dll" file is found in %System% | No |
| X | gdien32 | gdien32.exe | Added by the SINGU-P TROJAN! | No |
| X | gdimx | gdimx.exe | MPB-D dialer. Note - provides an uninstall option which can be accessed via the Add or Remove Programs dialog in the Windows Control Panel. The software is listed as "gdimx" | No |
| U | GDMgr.exe | gdmgr.exe | GuardMon is a commercial surveillance software program designed to monitor all forms of user activity on a computer | No |
| N | GDrive | GDriver.exe | Found on IBM systems. All it does is set the CDROM drive letter to G:. Set your drive letter manually via Start -> Settings -> Control Panel -> System -> Device Manager | No |
| N | Gearbox | confsvr.exe | NTL's Gearbox software for configuring internet connections with their NTLWorld software - does a similar job to the Internet Connection Wizard which can be used instead using the dial-up details available here | No |
| N | GEARsec | gearsec.exe | Installed by Apple Quicktime package - iPod®/iTunes® CDRW support. Can be disabled if you only require Quicktime player | No |
| X | GEDZAC | GEDZAC.exe | Added by the GEMEL WORM! | No |
| X | Gekio Startups | gnksvc32.exe | Added by the AGOBOT.AFJ WORM! | No |
| N | GemStRmW | GemStRmW.exe | For a GemPlus smart card reader. If it doesn't start automatically when you insert the smart card, start it manually | No |
| X | gencroot | gencroot.exe | Added by the SDBOT-AED WORM! | No |
| U | Gene USB Monitor | USBMonit.exe | Monitors USB ports for insertion of Sandisk USB flashdrives | No |
| X | general lptt01 | general.exe | RapidBlaster variant (in a "General" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here | No |
| X | general ml097e | general.exe | RapidBlaster variant (in a "General" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here | No |
| X | Generic host proccess for windows | SVCHOSTS.EXE | Added by the SPYBOT-GQ WORM! | No |
| X | Generic Host Process | SCHOST.EXE | Added by the RBOT-NC WORM! | No |
| X | Generic Host Process | svchost.exe | Added by the DLOADER-NX TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | Generic Host Process | camacttiv.exe | Detected by AVG as the CIADOOR.13 TROJAN! | No |
| X | Generic Host Process for Win Services | mscvs.exe | Added by a variant of the SDBOT WORM! | No |
| X | Generic Host Process for Win32 Service | svlhost.exe | Added by the WOOTBOT.EX WORM! | No |
| X | Generic Host Process for Win32 Service | svchost.exe | Added by the SPYBOT.NC WORM! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder | No |
| X | Generic Host Process for Win32 Services | ntspcv.exe | Added by the SDBOT.S TROJAN! | No |
| X | Generic Host Process for Win32 Services | intspvc.exe | Added by the DINFOR.D WORM! | No |
| X | Generic Host Process for Win32 Services | winsvc.exe | Added by the SDBOT-O WORM! | No |
| X | Generic Host Process for Win32 Services | bazzi.exe | Added by the AHKER.E WORM! | No |
| X | Generic Host Process for Win32 Services | winsvc32.exe | Added by the SDBOT-P WORM! | No |
| X | Generic Host Process for Win32 Services | lspsvc.exe | Added by the MUMU.C WORM! | No |
| X | Generic Host Process for Win32 Services | SPSVC.EXE | Added by the SDBOT.DA WORM! | No |
| X | Generic Host Process for Win32 Services | svchost32.exe | Added by the AGOBOT.ALH WORM! | No |
| X | Generic Host Process for Win32 Services | sv?h?st.exe | Added by the DLOADER.AK TROJAN! | No |
| X | Generic Host Process for Win32 Services | winlogon.exe | Added by a variant of the IRCBOT BACKDOOR! See here. Note - this is not the legitimate winlogon.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! | No |
| X | Generic Host Process for WinXP Services | mshelp.exe | Added by the AGENT-GQP TROJAN! | No |
| X | Generic Host Process2 System Backup | scvhost2.exe | Added by the RBOT-BAH WORM! | No |
| X | Generic Host Process326a System Backup | scvhost326a.exe | Added by a variant of the SDBOT WORM! | No |
| X | Generic Host Service | lshost.exe | Added by the RBOT.LU WORM! | No |
| X | Generic Service Process | regsvc32.exe | Added by the GAOBOT.UJ or GAOBOT.UL WORMS! | No |
| X | Generic Service Process | serv1ces.exe | Added by the AGOBOT-JK WORM! | No |
| X | Generic Service Process | nvsvc.exe | Added by the AGOBOT.BY WORM! Note - this is not the valid NVIDIA Driver Helper Service and is located in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| X | Generic Service Process | srvhost.exe | Added by the AGOBOT-FX WORM! | No |
| X | Generic Services Process | regsvc32.exe | Added by the GAOBOT.SY WORM! | No |
| X | GenericHostXP | WinLoaderXP.exe | Added by the BDOOR-ACX BACKDOOR! | No |
| Y | Genie USB Monitor | USBmonitor.exe | Port monitor for an external USB hard drive. Required to enable access to the drive | No |
| X | Genius Mose Driver | svghost.exe | Added by a variant of the SPYBOT WORM! See here | No |
| X | Geography TX 1.0 NT | CompuSpeed.vbs | Added by the NEWLEY-A WORM! | No |
| X | Gerenciamento de arquivos do Windows | Winmod32.exe | Added by the DLOADER-WG TROJAN! | No |
| X | german.exe | winsystems.exe | Added by the BAGLEDl-AE TROJAN! | No |
| X | german.exe | wintems.exe | Added by the BAGLE-AS TROJAN! | No |
| X | Gestionnaire de disques universel | sysoobe.exe | Added by the TOADER-A TROJAN! | No |
| N | Get Smile | getsmile.exe | Puts smilie faces in your E-mail. Run manually when required | No |
| X | Get-Torrent Service | wakeservice.exe | Get-Torrent bittorrent client - Installs LOP adware | No |
| Y | Getca | InfoMyCa.exe | Monitor for a Belkin USB Wireless adapter | No |
| X | GetModule18 | GetModule18.exe | Internet Speed Monitor adware related - see example here | No |
| X | GetModule19 | GetModule19.exe | Internet Speed Monitor adware related - see example here | No |
| X | GetModule20 | GetModule20.exe | Internet Speed Monitor adware related - see example here | No |
| X | GetModule21 | GetModule21.exe | Internet Speed Monitor adware related - see example here | No |
| X | GetModule23 | GetModule23.exe | Internet Speed Monitor adware related | No |
| X | GetModule24 | GetModule24.exe | Internet Speed Monitor adware related - see example here | No |
| X | GetModule25 | GetModule25.exe | Internet Speed Monitor adware related - see example here | No |
| X | GetModule26 | GetModule26.exe | Internet Speed Monitor adware related - see example here | No |
| X | GetModule27 | GetModule27.exe | Internet Speed Monitor adware related | No |
| X | GetModule29 | GetModule29.exe | Internet Speed Monitor adware related - see example here | No |
| X | GetModule30 | GetModule30.exe | Internet Speed Monitor adware related | No |
| X | GetMP3 | rundll32.exe MSA64CHK.dll, DllMostrar | MatrixDialer related. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in the Winnt or Windows folder | No |
| X | GetPack18 | GetPack18.exe | Internet Speed Monitor adware related - see example here | No |
| X | GetPack19 | GetPack19.exe | Internet Speed Monitor adware related - see example here | No |
| X | GetPack20 | GetPack20.exe | Internet Speed Monitor adware related - see example here | No |
| X | GetPack21 | GetPack21.exe | Internet Speed Monitor adware related - see example here | No |
| X | GetPack22 | GetPack22.exe | Internet Speed Monitor adware related | No |
| X | GetPack23 | GetPack23.exe | Internet Speed Monitor adware related | No |
| X | GetPack24 | GetPack24.exe | Internet Speed Monitor adware related - see example here | No |
| X | GetPack25 | GetPack25.exe | Internet Speed Monitor adware related | No |
| N | GetRight Tray Icon | GETRIGHT.EXE | GetRight from Headlight Software - download manager for resuming downloads and choosing multiple download locations. The freeware version is/was spyware. The registered version isn't if you don't install the Aureate/Radiate software. Available via Start -> Programs | No |
| X | GetTheMusic | rundll32.exe MSA64CHK.dll, DllMostrar | MatrixDialer related. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in the Winnt or Windows folder | No |
| U | Getting started with MacDrive | MDGetStarted.exe | MacDrive 7 from Mediafour Corporation - "enables anyone using Windows Vista, XP, and 2003 Server to seamlessly access Mac disks (HFS/HFS+) of all types, including CDs, DVDs, hard drives, floppy, Zip, Jaz, and more!" | No |
| X | getwin | winB_.exe | Added by the BANKER-HS TROJAN! | No |
| X | gf1.0.0.2 | ggf.exe | Added by the EDFON.A TROJAN! | No |
| X | gfxtray | rundll32 ctccw32.dll, findwnd | Detected by Kaspersky as the AGENT.AOU TROJAN! See here. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| X | Ghost Relay | [random filename] | Detected by Trend Micro as the DNSCHANG.EK TROJAN! See here | No |
| U | GhostSecuritySuite | gss.exe | Ghost Security Suite - protect the registry from unauthorized reading and modification and other tools | No |
| N | GhostStartService | GhostStartService.exe | Required to run the Windows based wizard in Norton Ghost - added from the 2003 version. Will start automatically when you run the wizard | No |
| N | GhostStartTrayApp | GhostStartTrayApp.exe | System Tray access to Norton Ghost - added from the 2003 version | No |
| Y | GhostSurfDelSatellite | DeleteSatellite.exe | Part of SpyCatcher spyware remover from Tenebril. Prevents rogue programs from sending personal information to a remote user via the Internet. If you use SpyCatcher with real time scanning, you'll want to leave this file in place | No |
| X | gigabit.exe | gigabit.exe | Added by the BEAGLE.U WORM! | No |
| X | GigaByte | Cheatle.exe | Added by the SHODI.B VIRUS! | No |
| U | Giganews Accelerator | GiganewsAccelerator.exe | Giganews Accelerator from Giganews, Inc. - "a software-based news proxy which will allow you to compress headers and enable 256-bit SSL encryption, regardless of whether or not SSL is supported natively by your news client" | No |
| Y | Gilat SOM Enumerator | dllhost.exe | For Gilat Communications internet satellite systems - associated with SkyBlaster modem. Required if you have this system | No |
| Y | GilatFTC | ftc.exe | For Gilat Communications internet satellite systems - associated with SkyBlaster modem. Required if you have this system | No |
| X | gimmygames | [path to trojan] | Added by the DLOADR-LN TROJAN! | No |
| X | gimmysmileys | gimmysmileys.exe | GimmySmileys adware | No |
| X | GinaDll | ntgina.dll | Added by the ANIG.A WORM! | No |
| ? | GisdnLog | gisdnlog.exe | BT Digital Access USB | No |
| U | Glass2k | Glass2k.exe | "Glass2k is a small little program that allows Win2K/XP users to make any window transparent" | No |
| X | GLF Network Lan Monitor | NPFMNTOR.exe | Added by the RBOT-AGY WORM! | No |
| Y | Glide | Glidew32.exe | Cirque touchpad driver | No |
| X | Global Startup | WinDash.EXE | Detected by Kaspersky as the VB.Q WORM! | No |
| X | GlobalSCAPE | [random filename] | Added by the RBOT-AYM WORM! | No |
| X | Glock Suite 1.1 | glock32.exe | Added by the TINY.GV TROJAN! | No |
| X | GLSetIT32 | msiexec16.exe | Added by the OPTIX PRO TROJAN! | No |
| X | GLSetIT32 | isass.exe | Added by a variant of the OPTIX PRO TROJAN! | No |
| X | GLSetT32 | smsiexec.exe | Added by the OPTIX-D TROJAN! | No |
| ? | gluon | gluon.exe | In a gluon/bin sub-directory | No |
| X | glv | glv.exe | Added by the DLOADER-NG TROJAN! | No |
| X | GMedia2 | GSM2.exe | Malware downloader - detected by Kaspersky as the VB.UX TROJAN! | No |
| X | GMedia2 | GSMedia3.exe | Malware downloader - detected by Kaspersky as the VB.UX TROJAN! | No |
| Y | Gmouse | Gmouse.exe | Amouse mouse driver - required if you use non-standard Windows driver features | No |
| U | Gnetmous | gnetmous.exe | Genius mouse driver - required if you use non-standard Windows driver features | No |
| U | GNETMOUSE | gnetmouse.exe | Genius mouse driver - required if you use non-standard Windows driver features | No |
| X | GNP Generic Host Process | svchost.exe | Added by the ZAPCHAS TROJAN! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup! | No |
| X | GNP Generic Host Process | svchost.exe | Added by the ZAPCHAS-R TROJAN! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup and is always located in the System32 folder. This worm file is found in the System folder | No |
| X | GNP Generic Host Process | svchost.exe | Added by the ZAPCHAS-AA TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This one replaces svchost.exe in the System32 folder with a copy of Mirc on (NT/2K/XP) systems and just adds svchost.exe to the System folder on (9x/Me) systems | No |
| ? | gnub | gnub.exe | ?? | No |
| X | go | cvir.exe | Added by the SILOV-A WORM! | No |
| X | Go!Zilla | gozilla.exe | Download manager for resuming downloads and choosing multiple download locations. Advertising spyware | No |
| X | Go!Zilla Monster Downloads | Go.exe | Download manager for resuming downloads and choosing multiple download locations. Advertising spyware | No |
| U | GoBack | GBMenu.exe | Roxio's (nee Adaptec) GoBack software which allows you to revert back to a previously working state on you hard drive if you install a new program and your system goes faulty - performing the same functions with extra features as System Restore on WinMe/XP systems. Disable before running Scandisk or Defrag. Not required for WinMe/XP users, recommended for Win9x/NT/2K users | No |
| U | GoBack | GBTray.exe | System Tray icon access to Roxio's (nee Adaptec) GoBack software which allows you to revert back to a previously working state on you hard drive if you install a new program and your system goes faulty - performing the same functions with extra features as System Restore on WinMe/XP systems. Disable before running Scandisk or Defrag. Not required for WinMe/XP users, recommended for Win9x/NT/2K users | No |
| U | GoBack Polling Service | GBPoll.exe | Roxio's (nee Adaptec) GoBack software which allows you to revert back to a previously working state on you hard drive if you install a new program and your system goes faulty - performing the same functions with extra features as System Restore on WinMe/XP systems. Disable before running Scandisk or Defrag. Not required for WinMe/XP users, recommended for Win9x/NT/2K users | No |
| U | GoBack Tray Icon | GBTray.exe | Roxio's (nee Adaptec) GoBack software which allows you to revert back to a previously working state on you hard drive if you install a new program and your system goes faulty - performing the same functions with extra features as System Restore on WinMe/XP systems. Disable before running Scandisk or Defrag. Not required for WinMe/XP users, recommended for Win9x/NT/2K users | No |
| X | GOG | GOG.exe | Added by the PHILIS.B VIRUS! | No |
| X | goidr | goidr.exe | Goidr adware | No |
| U | Goldensoft_MndlSvr | MndlSvr.exe | Goldensoft CD Ghost related - turns a computer into a 200X-speed CD-ROM tower. Working from the hard drive, users can simultaneously access as many as 23 virtual CD-ROM drives at a speed of 200X for true multitasking | No |
| X | Golum | services.exe | Added by the GOLUM.A TROJAN! Note - this is not the legitimate services.exe process, which should not appear in Msconfig/Startup! | No |
| X | golumm | services.exe | Added by the DLOADER-ET TROJAN! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "golumm" subfolder | No |
| X | good | badvir.exe | Added by the SILOV-B WORM! | No |
| X | google.exe | Added by the RBOT-AMW WORM! | No | |
| U | Google Desktop | GoogleDesktop.exe | Google Desktop - "a desktop search application that provides full text search over your email, files, music, photos, chats, Google Mail, web pages that you've viewed and more. By making your computer searchable, Google Desktop puts your information easily within your reach and frees you from having to manually organise your files, emails and bookmarks" | Yes |
| U | Google Desktop Search | GoogleDesktop.exe | Google Desktop - "a desktop search application that provides full text search over your email, files, music, photos, chats, Google Mail, web pages that you've viewed and more. By making your computer searchable, Google Desktop puts your information easily within your reach and frees you from having to manually organise your files, emails and bookmarks" | Yes |
| X | Google Earth | [random filename] | Added by the RBOT-AXK TROJAN! | No |
| N | Google Earth Viewer | GOOGLEMAPS.EXE | Google Earth "combines satellite imagery, maps and the power of Google Search to put the world's geographic information at your fingertips" | No |
| U | Google IME Autoupdater | GooglePinyinDaemon.exe | Google Pinyin Input Method Editor (IME) - allows a user to input Chinese characters by entering the pinyin of a Chinese character (with or without tone, depending on the system) and then presenting the user with a list of possible characters with that pronunciation | No |
| X | google Intrenet Explorer | google.pif | Added by the RBOT-ARA WORM! | No |
| X | Google service | Googlesetup.exe | Added by the IRCBOT-RJ WORM! | No |
| X | Google Service FR | GO0GLEFREE.EXE | Added by a variant of the SPYBOT WORM! | No |
| X | google toolbar | ggtb32.exe | Added by the AGOBOT-RR WORM! | No |
| N | Google Updater | GOOGLE~1.EXE | Downloads and installs updates for Google applications (Google Earth, Google Desktop, etc.) | No |
| N | Google Updater | GoogleUpdater.exe | Downloads and installs updates for Google applications (Google Earth, Google Desktop, etc.) | No |
| X | GoogleBot.exe | GoogleBot.exe | Added by the GB TROJAN! | No |
| N | GoogleDCClient | GoogleDCC.exe | Google Compute Client - only present if you installed the Google Toolbar with "Google Compute" client active. Does complex calculations in the background when idle. If you want to turn it off go to your browser, click on the little double-helix on the Google Toolbar, and click "Stop Computing". No longer supported | No |
| U | GoogleDesktop | GoogleDesktop.exe | Google Desktop - "a desktop search application that provides full text search over your email, files, music, photos, chats, Google Mail, web pages that you've viewed and more. By making your computer searchable, Google Desktop puts your information easily within your reach and frees you from having to manually organise your files, emails and bookmarks" | Yes |
| U | googletalk | googletalk.exe | Google Talk "enables you to call or send instant messages to your friends for free-anytime, anywhere in the world". Can be launched manually | No |
| U | GoogleToolbarNotifier | GoogleToolbarNotifier.exe | Part of Google Toolbar (from version 4 onwards) for IE. "Google Toolbar Notifier allows you to set Google as your default search engine and prevents your search settings from being changed without your consent. An icon in your system tray blinks if the Notifier identifies an attempt to change your default search engine. You can click the icon to get more details and allow the change". There was a bug in earlier versions where disabling the option resulted in the entry still running at startup but this has now been resolved | Yes |
| U | GoToMyPC | g2svc.exe | ExpertCity GoToMyPc logon - web-based remote-access solution that allows individuals and companies to register their computers online and then securely access those computers from any web browser | No |
| X | GotSmiley | GotSmiley.exe | GotSmiley - ad supported program that provides the user with smileys for use in emails. Not recommended. Please note that Claria Corporation no longer support GAIN-Supported software - see here | No |
| X | gouday.exe | readme.exe | Added by the BEAGLE.C WORM! | No |
| X | govurarope | Rundll32.exe retasevo.dll,s | Added by the BHO-HG TROJAN! The "retasevo.dll" file is found in %System% | No |
| X | GP Updater | gpupdater.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | GPLv3 | [random name].dll | Vundo adware | No |
| X | gpmce | window.exe | Added by the VB.CK WORM! | No |
| N | GRA | gra.exe | Looks at system resources at startup and warns you if they have dropped. Contains links to the Disk Clean Up, Defrag and Start Up Menu. It does have a link to a startup configuration utility. Similar to msconfig but can keep a list of disabled apps. Not really necessary. Only appears if you load the Gateway Startup Utility | No |
| ? | gramdate | 2Stop.exe | ?? | No |
| X | Graphic Driver | smss32.exe | Added by a variant of the RBOT WORM! | No |
| X | Graphic Loader | ntvdm32.exe | Added by a variant of the RBOT WORM! | No |
| X | Graphic Update | openglx.exe | Detected by PCTools as the IRCBOT.BIM TROJAN! See here | No |
| X | Graphics | _default.pif | Added by the AUTOSKY WORM! | No |
| X | Graphics adapter service | windll.exe | Added by the ATNAS.A WORM! | No |
| U | Gravis Appawareloader | dbserver.exe | Looks like it's associated with Gravis game controllers and the Keyset Manager, allowing the user to program the buttons for games that don't support them | No |
| U | Gravis Xperience Driver Support | Grxp4exe.exe | Driver for Gravis game controllers such as the Eliminator Aftershock. Must be loaded if you run the supplied application software for the controller to be recognized. Start it manually via a shortcut if not used | No |
| ? | GrdSys32 | GrdSys32.exe | X-Stream ISP software. Offers free Net access funded by on-screen ads. Is it required or can you create your own dial-up networking connection to use on demand? | No |
| X | GreasyPalmUpdate | GreasyPalmUpdate.exe | SearchFast adware | No |
| N | Greetings Workshop | GWREMIND.EXE | You really want to be reminded about somebody's birthday at the expense of resources? | No |
| X | gremier | wscript.exe gpremier.vbs | Added by the GPREMIER WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted. The "gpremier.vbs" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| X | Gremlin | intrenat.exe | Added by the DOOMJUICE WORM! | No |
| X | grinders | grinders.exe | Added by a variant of the Storm/Nuwar/Zhelatin WORM! See here for an example | No |
| N | Grokster | Grokster.exe | Grokster Peer-To-Peer File Sharing program | No |
| Y | Groove Virtual Office | Groove.exe | "Groove Virtual Office uses a peer-to-peer networking model to connect users in Groove Workspaces. In these workspaces geographically dispersed coworkers can do almost everything they could do in the same office. They can hold online meetings, store files and folders, save threaded discussions, scribble on whiteboards, share calendars, and track project information and timelines." Formerly by Groove Networks - now owned by Microsoft and part of MS Office | No |
| Y | GrooveMonitor | GrooveMonitor.exe | Microsoft Office Groove 2007 - Groove Folder Sharing synchronization (GFS). If you kill it, your GFS workspaces may not synchronize properly (particularly around unread-marks), and you might experience some nagging discomfort | No |
| U | GroupWise PDA Connect - 3CmPlm | AutoDet.exe | 3Com Palm PC specific translator for the GroupWise PDA Connect PDA synchronisation utility from Novell | No |
| U | GroupWise PDA Connect - GrpWse | Agnt.exe | GroupWise PDA Connect PDA synchronisation utility - from Novell | No |
| U | GroupWise PDA Connect - PocketPC | AUTODE~1.EXE | Windows Mobile Pocket PC specific translator for the GroupWise PDA Connect PDA synchronisation utility from Novell | No |
| U | GroupWise PDA Connect - ScheduleSync | SCHEDU~1.EXE | ScheduleSync specific translator for the GroupWise PDA Connect PDA synchronisation utility from Novell | No |
| N | GrpConv | grpconv.exe | Microsoft Windows Program Group Converter - used by installers (ONLY in the RunOnce keys) - provides the translation of groups and group items to folders and links. Also see this MS Knowledge Base article | No |
| X | GsAds | gms2.exe | PacerD_Media/Pacimedia.com adware | No |
| ? | Gscbc | Gscbc.exe | ?? | No |
| X | gshp | zzgshp.vbs | Homepage hi-jacker | No |
| N | Gsiconexe | Gsicon.exe | ADSL modem monitor from Eicon Networks (as used by BT for its Broadband internet service for example). Can safely be disabled without affecting the connection - all this does is give an indication of connectivity and access to the diagnostic facilities | No |
| ? | GsiFinal | rundll32 gspndll.dll,postInstall final | USB DSL modem related. What does it do and is it required? | No |
| ? | GSISETUP | [path] GsiInst.exe INSTALL [path] V205Res 13 | BT Voyager ADSL modem related - what does it do and is it required? | No |
| N | GSOrganizer | GSOrganizer.exe | GoldenSection Organizer (now WinOrganizer - personal information manager) | No |
| X | gssomatic | gssomatic.exe | Searchcentrix hijacker | No |
| Y | gStart | gStart.exe | gStart GPS software from Garmin | No |
| X | GStartup | GMT.exe | Gator spyware component - see here. Please note that Claria Corporation no longer support GAIN-Supported software - see here | No |
| X | gsv | gsv.exe | Added by the ROBAL 1.0 backdoor TROJAN! | No |
| X | GT | GT.EXE | Added by the SDBOT-AJ WORM! | No |
| X | GT15J4R49V | cpuserv.exe | Identified as a variant of the Trojan.Win32.Radi.gu malware | No |
| U | GTVEpg | GTVEpg.exe | Part of Got All Media - control your TV tuner and other utilities from your PC | No |
| U | GTVRec | GTVRec.exe | Part of Got All Media - control your TV tuner and other utilities from your PC | No |
| N | Gtwatch | gtwatch.exe | Associated with a Mustec scanner and not required | No |
| X | gtydf | iisca.exe | Added by the CLAGGER-BB TROJAN! | No |
| X | gtydf | iscca.exe | Added by the DWNLDR-GTK TROJAN! | No |
| X | gtydf | ggrrgg.exe | Added by the DLOADR-AZK TROJAN! | No |
| U | Guard | Guard.exe | Related to Phoenix Technologies Core Managed Environment (cME) Integration and Certification program | No |
| N | Guardian | CMGrdian.exe | McAfee's QuickClean, an offline version of the one in their online Clinic. Normally run offline and not needed. Incidentally, incorporates more cleanup programs than the likes of WinOptimizer and System Mechanic | No |
| U | Guardian PC Security Tools | Pfft.exe | Boomerang Software's Guardian PC Security Tools - now rebranded as the eXtendia Security Suite | No |
| X | guarnset | guarnset.exe | Adlogix adware | No |
| X | gummy | gummy.exe | Added by the VANEBOT-AQ WORM! | No |
| X | GURL | gurl.exe | GURLWatcher spyware | No |
| U | GuruNet | GuruNet.exe | GuruNet lets you click on any word on your screen to get the relevant information you want | No |
| X | GustavVED | [filename].exe | Added by the OPASERV.H WORM! | No |
| X | gvagfxj | rundll32 ...gvagfxj.dll | Unidentified adware, spyware or virus | No |
| Y | gw port controller | PORTCT95.EXE | From a visitor - "I must keep it active in start up or my Lexmark printer and RCA Cam program cannot discover a working port to work". From the file properties, the file is known as "Smart Thru Fax Drive Spy" and is supplied by Samsung | No |
| N | GWInkMonitor | GWInkMonitor.exe | Gateway ink monitor - makes an annoying popup that says your printer may be running out of ink, do you want to buy some! | No |
| X | gwiz | ntsystem.exe | Added by the NITWIZ.A TROJAN! | No |
| X | gwiz | arpl.exe | Detected by F-Prot as W32/Downloader-Sml-based | No |
| N | GWMDMMSG | GWMDMMSG.exe | Used with internal modems on Gateway and vprMatrix PCs. This is the "GTW modem messaging applet" and is not required for the modem to work correctly | No |
| U | GWMDMpi | GWMDMpi.exe | Used with internal modems on Gateway PCs such as the 450SX Notebook. Required for audio settings to be maintained and does not remain in memory once run. See here for more information | No |
| U | gwum | gwum.exe | Gigabyte utility manager. Loads if you have a Gigabyte motherboard and got a full bundle of utilities installed. Monitors CPU, fans, BIOS etc. Only used by system "tweakers" | No |
| ? | gyy | gyy.exe | Possibly Gator (and therefore spyware) related? | No |
| X | G_Server.exe | G_Server.exe | Added by the FEUTEL-C TROJAN! | No |
| X | G_Server1.2.exe | G_Server1.2.exe | Added by the GRAYBIRD-Z TROJAN! | No |
| U | H/PC Connection Agent | WCESCOMM.EXE | Active sync for use with Windows CE based palm PC | No |
| Y | H2O | cledx.exe | Related to copyright protection products by SyncroSoft | No |
| U | H2OWIBU | CXWibu.exe | Related to CodeMeter from WIBU-SYSTEMS AG. Software protection hardware | No |
| X | h4te Service Drivers | h4te.exe | Added by a variant of the RBOT WORM! | No |
| X | hachimitsu-lemon | hachimitsu-lemon.exe | Added by the HACHILEM TROJAN! | No |
| X | HackMuFpt | HackMuFpt.exe | Added by the SCLOG-AG TROJAN! | No |
| X | hagent | avp.exe | Added by the "Herman Agent" remote access TROJAN! | No |
| U | HalifaxHowardCluster | skinkers.exe | "Howard the Weatherman" desktop client from Halifax by Skinkers - marketing/messaging tool. Leave enabled if you want to receive messages | No |
| Y | Hamachi | hamachi.exe | LogMeIn Hamachi remote control and VPN software | No |
| U | HaMFrontPanel | hampanel.exe | Displays a panel simulating modem lights for the Intel HaM internal modem. The lights are useful as a reminder to disconnect from the net if you are likely to forget, but otherwise pointless | No |
| U | Handy Backup 3.9 | hbagent.exe | Handy Backup - automatic backup of your critical data to virtually any type of storage media including CD-RW devices and remote FTP servers | No |
| X | HanUpdate | hanz.exe | Added by the RBOT-GLJ WORM! | No |
| N | Hard Disk Sentinel | HDSentinel.exe | Hard Disk Sentinel - a multi-OS hard disk drive monitoring application. Its goal is to find, test, diagnose and repair hard disk drive problems, display hard disk health, performance degradations and failures | No |
| X | Hard drive Controller | hdcontroller.exe | Added by the KIMAN.B WORM! | No |
| U | Hardware Doctor | Hwdoctor.exe | Winbond Hardware Doctor - as included on some motherboard using Winbond's hardware monitoring chips. Displays fan speeds, voltages, temperatures. Only required if you're concerned about your system temperature - typically for "overclocked" systems | No |
| X | Hardware Monitor Service | mshms.exe | Added by the WOLLF-A TROJAN! | No |
| X | Hardware Profile | hxdef.exe | Added by the LOVGATE.AB WORM! | No |
| X | Hardware Profile | hxdef.exe... | Added by the LOVGATE.Z WORM! | No |
| U | Hardware Sensors Monitor | hmonitor.exe | Utility to monitor fan speed and temperatures - similar to Motherboard Monitor. Only required if you're concerned about your system temperature - typically for "overclocked" systems | No |
| X | Hardware Shell Detection | WinHSD.exe | Added by a variant of the RBOT WORM! | No |
| U | Hare | hare.exe | Hare - improve and optimize performance of desktop/laptop PCs | No |
| U | Harmony 98 - CasioOrg | CasAgnt.exe | Enterprise Harmony 98 for CASIO - synchronization software for use with Microsoft® Outlook 97/98/2000 | No |
| X | HATAPE | [path to trojan] | Added by the BANKER-QF TROJAN! | No |
| U | HawkEye | HAWK_95.EXE | Control Panel application for the old Number Nine graphics cards to change resolution, colour depth, etc. Available via Start -> Programs | No |
| U | HawkEye IV Control Panel | HAWK_32.EXE | Control Panel application for the old Number Nine graphics cards to change resolution, colour depth, etc. Available via Start -> Programs | No |
| U | Hawking HWU54G Utility | HWU54G.exe | Wireless management utility for the HWU54G Mini Wireless-G USB Adapter from Hawking Technologies, Inc | No |
| U | Hawking Wireless Utility | HWU8DD.exe | Wireless management utility for the HWU8DD Hi-Gain™ USB Wireless-G Dish Adapter from Hawking Technologies, Inc | No |
| X | Hbinst | Hbinst.exe | Hotbar adware | No |
| N | HC Reminder | hc.exe | For Compaq PC's. Help Compiler, crunches help database, will run without being in startup when needed | No |
| N | HCDetect | HCDetect.exe | MS HomeClick Network - simple home network setup and configuration program included with 3Com HomeConnect home networking products. Runs in the background for network printer notification, detection, and Internet Connection Sharing (ICS) taskbar icon. Not required - network can be set-up manually, also has a known memory leak problem | No |
| U | hcenter | tgcmd.exe | See also TgAddServer. This part ensures the software is installed correctly (similar to an installation wizard) as reported by Cox Regarded as spyware by some as it has the ability to retrieve user information. Whether it does so depends upon the provider. One Toshiba user reports problems with hibernate on his laptop if disabled - hence the "U" recommendation | No |
| X | hclean32.exe | hclean32.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| U | Hcontrol | hcontrol.exe | Hotkeys on an ASUS Notebook. Only required if you use the additional keys | No |
| N | hcsystray | hc_tray.exe | Kuma Notifier for the Shootout! game from the History Channel. "It lets you know whenever there?s a new episode that?s been released or an announcement from the Kuma team. Just click it to get up-to-the-minute game and event information" | No |
| N | HDAShCut | HDAShCut.exe | High definition audio page shortcut for Realtek audio devices - not required | No |
| U | HDAudDeck | HDAudioCPL.exe | Vista control panel for VIA Vinyl HD Audio Codecs from VIA Technologies, Inc - such as the VT1708B | No |
| U | HDAudDeck | HDeck.exe | XP control panel for VIA Vinyl HD Audio Codecs from VIA Technologies, Inc - such as the VT1708B | No |
| X | HDAudio | hda.exe | Added by the TACTSLAY.U TROJAN! | No |
| X | HDAudio Driver 1.0 | [random filename].exe | Added by the TEADOOR-D TROJAN! | No |
| X | HDAudio Driver 2.0 | [random filename].exe | Added by the TEADOOR-E TROJAN! | No |
| U | HDDHealth | hddhealth.exe | HDD Health is a "full-featured failure-prediction agent for machines using Windows 95, 98, NT, Me, 2000 and XP. Sitting in the system tray, it monitors hard disks and alerts you to impending failure" | No |
| U | HDDlife | HDDlife.exe | HDDlife checks the health of your hard drives at regular intervals and informs you about the results of these checks | No |
| ? | HDhelp | tbhdhelp.exe | Associated with Philips Edge series soundcards. Is it required? | No |
| X | hdlfoe df98ndf | svchots.exe | Added by a variant of the RBOT WORM! | No |
| X | hdlpscom | [8 random letters].exe | Added by the RBOT-FUL WORM! | No |
| X | HDriveSweeper | HDriveSweeper.exe | HDriveSweeper rogue privacy program - not recommended, removal instructions here | No |
| N | HDtray | HDtray.exe | Philips Edge Series Control Panel Tray Utility - system tray icon for a Philips Edge series soundcards. Available via Start -> Settings -> Control Panel | No |
| X | he3bbcff | rundll32.exe he3bbcff.dll, EnableRunDLL32 | LZIO.com adware downloader. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "he3bbcff.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| X | he3e3fc4 | rundll32.exe he3e3fc4.dll, EnableRunDLL32 | LZIO.com adware downloader. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "he3e3fc4.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| X | Hekio Startups | Hnksvc32.exe | Added by the AGOBOT-QE WORM! | No |
| X | HELLBOT TEST | 1hellbot.exe | Added by the MYDOOM.BO WORM! | No |
| X | HELLBOT3 | coolbot.exe | Added by the MYTOB.AB WORM! | No |
| X | hellfire | svchost.exe | Added by the LEOX.D TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder | No |
| X | hellodolly | shost.exe | Added by the YODO WORM! | No |
| X | helloserv | helloserv.exe | Added by a variant of the Storm/Nuwar/Zhelatin WORM! See here for an example | No |
| X | helloworld | nb32ext2.exe | Added by the MYDOOM.BV WORM! | No |
| X | helloworld | nb32ext3.exe | Added by the MYTOB.JT WORM! | No |
| X | helloworld3 | nb32ext4.exe | Added by the RITDOOR.A WORM! | No |
| ? | Help | helpext.exe | ?? | No |
| X | help | help.scr | Added by the BANCOS-BBU TROJAN! | No |
| X | Help | Wizardnil.exe | Added by the BANCOS-BCZ TROJAN! | No |
| X | Help | lshost.exe | Identified as a variant of the Trojan-Clicker.Win32.Delf.aro malware | No |
| X | Help and Support Service | usnsvc.exe | Detected by Kaspersky as the SDBOT.AAD TROJAN! See here | No |
| X | Help Temp Files | netreg.exe | Added by the FORBOT-EM WORM! | No |
| X | helpctl.exe | helpctl.exe | Added by the GASLIDE TROJAN! | No |
| X | Helper | eschlp.exe | Added by the BLASTER.T WORM! | No |
| X | HELPER | greece_nm.exe | AsdPlug premium rate adult content dialer variant | No |
| X | HELPER | Netherlands.exe | AsdPlug premium rate adult content dialer variant | No |
| X | HELPER | new_zealand.exe | AsdPlug premium rate adult content dialer variant | No |
| X | HELPER | sweden.exe | AsdPlug premium rate adult content dialer variant | No |
| X | HELPER | canada.exe | AsdPlug premium rate adult content dialer variant | No |
| X | HELPER | france.exe | AsdPlug premium rate adult content dialer variant | No |
| X | HELPER | temp532.exe | AsdPlug premium rate adult content dialer variant | No |
| X | helper.dll | rundll32.exe [path] helper.dll | CnsMin (Chinese Keywords) hijacker related. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| X | HelpExp.exe | HelpExp.exe | Attune HelpExpress - spyware. Disable and uninstall - see here | No |
| X | helpmanager | spoler.exe | Added by the RANDEX.J WORM! | No |
| X | helpo | helpo.exe | Added by the BANLOA-BU TROJAN! | No |
| X | helpw | helpw.exe | Adware downloader | No |
| X | hen | [filename].exe | Added by the TARNO.G TROJAN! | No |
| X | heomstool | heomstool.exe | Added by the HEOMS TROJAN! | No |
| ? | HerculesCamService | CamService.exe | Related to the Hercules Dualpix HD Webcam. What does it do and is it required? | No |
| X | hErcUnes | softhost.exe | Added by the GARROCH WORM! | No |
| U | Hermes Messenger | DGDRHE~1.EXE | A LAN messenger alternative to WinPopUp - Digital Dreams Software | No |
| X | Hewlett Packard Manager | hpmanager.exe | Added by the MYTOB.KE WORM! Note - this is not a valid Hewlett-Packard program | No |
| N | Hewlett Packard Recorder | Remind32.exe | HP multifunction registration | No |
| U | Hf | Hf.exe | Hide Folders - hide your folders so only you can view them | No |
| X | HF Security | hfsecure.exe | Added by the AGOBOT-TI WORM! | No |
| X | hfdtubvnx | keepSafe.exe | Added by the KILLAV.KAX TROJAN! | No |
| U | hffsrv | hffsrv.exe | Hide Files & Folders is a "password-protected security utility working at the Windows kernel level allowing you to password-protect files and folders, or to hide them securely from viewing and searching" | No |
| U | hfxp | hfxp.exe | Hide Folders XP - hide your folders so only you can view them | No |
| X | hgkytwe | keepSafe.exe | Added by the KILLAV.KAX TROJAN! | No |
| X | hgqhp.exe | hgqhp.exe | Added by the FLUSH.F TROJAN! | No |
| N | HGTXPEI | FirstReboot.exe | Herucles Audio tool for the Hercules Game Theater XP soundcard. Available via Start -> Settings -> Control Panel | No |
| X | hhtnsn | rnxntup.exe | Added by a variant of the ORCU.B TROJAN! | No |
| ? | HiberMonitor | HCount.exe | ?? | No |
| U | Hibernation | hib32.exe | Reduces the power consumption when the laptop isn't being used to preserve battery power. Similar programs on other laptops reduce the processor clock rate, etc. Required if you run of battery regularly | No |
| X | Hid.exe | hid.exe | Added by the RATSOU.B TROJAN! | No |
| U | HideOE | HideOE.exe | HideOE - allows you to 'hide' Outlook Express or minimize it to the System Tray | No |
| X | HideRun.exe | Hiderun.exe and svhost.exe and pro.gif | Added by the BOOHOO WORM! | No |
| X | HideStyle | Ante Browse Trust.exe | IE toolbar taking you to Lop.com. If the exe is running, end it and remove the "Stupidmore" directory from C:Program Files | No |
| U | hidserv | hidserv.exe | This is the Human Interface Device Server for Win98SE/2000/Me/XP, it is required only if you are using USB Audio Devices you can disable via Msconfig. See here. Typical examples are USB multimedia keyboards with volume control and web-ready keyboards. For example - loaded by default with MS DSS80 Speakers because they have Volume, Mute and Bass controls on the speaker. Some users may experience problems disabling this - if this is the case then re-enable it. Equivalent to MMHid in Win98. On HP Computers, HIDSERV is the controller for the keyboard sound controls on the USB and PS/2 keyboards | No |
| X | hid_start | gzmrotate.dll | AdRotator/IconAds adware | No |
| U | High Definition Audio Property Page Shortcut | CHDAudPropShortcut.exe | Realtek audio card related. Probably adds the odd feature to one of the "Sounds" Control Panel applet tabs - doesn't appear to be required | No |
| N | High Definition Audio Property Page Shortcut | HDAShCut.exe | High definition audio page shortcut for Realtek audio devices - not required | No |
| U | High Definition Audio Property Page Shortcut | CHDAudPropShortcut.exe | Realtek audio card related. Probably adds the odd feature to one of the "Sounds" Control Panel applet tabs - doesn't appear to be required | No |
| Y | HighPoint ATA RAID Management Software | raidman.exe | HighPoint RAID management - hard disk striping/mirroring utility for increased performance and reliability. See here for more information on RAID | No |
| X | Highspeeddownloader | SetupClickHere.EXE | Homepage hijacker, redirecting to "turbo-search101.com" - see here | No |
| U | HijackThis | HijackThis.exe | "HijackThis is a free utility which quickly scans your Windows computer to find settings that may have been changed by spyware, malware or other unwanted programs". This option is added when you select Config → "Run HijackThis scan at startup..." once a scan has been performed | No |
| U | HijackThis startup scan | HijackThis.exe | "HijackThis is a free utility which quickly scans your Windows computer to find settings that may have been changed by spyware, malware or other unwanted programs". This option is added when you select Config → "Run HijackThis scan at startup..." once a scan has been performed | No |
| X | HijSrv32 | hijsrv.exe | Added by the BANKGERM-D TROJAN! | No |
| X | himem.exe | [path to worm] | Added by the STRATION-FW WORM! | No |
| X | HistoriaLout. | GDC.exe | Added by and unidentified misleading security program | No |
| N | HistoryKill | histkill.exe | HistoryKill removes your web surfing path by removing the URL drop-list history, detailed history file, cache, and cookies in both IE and Netscape Navigator browsers. Available via Start -> Programs | No |
| U | Hitman Pro SurfRight Helper | srhelper.exe | Hitman Pro - a utility to start a number of Security Protection software. They can be started individualy | No |
| X | HitQ | HitQ.exe | Hijacker, for more information see here | No |
| U | HitwarePKLite | HITWAR~1.EXE | Hitware Popup Killer Lite | No |
| X | HIV | HIV.exe | Added by the HIVA TROJAN! | No |
| U | hk | hk.exe | KeyLoggerExp keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| U | hkcmd | hkcmd.exe | Part of Intels Common User Interface for chipsets with integrated graphics controllers - which allows user to change different driver properties through Windows User Interface. If the user wishes to have "HotKey" access to Intel's customised graphics properties, it is required, otherwise not. It can be disabled via the Display Properties in the Control Panel | No |
| X | HKEYok | runlli32.exe | Added by the QQPASS-U TROJAN! | No |
| X | HKLM\Run | windowsupdate.exe | Added by the FORBOT-BJ WORM! (where HKLMRun represents HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun) | No |
| U | hkserv | HKserv.exe | Keyboard manager program required to use programmable power and function keys on some laptops such as the Sony PCG R505TS | No |
| U | hkss | hkss.exe | Compaq HotKey Support - multimedia keyboard support | No |
| X | HLcleanup | hlsetup2.exe | LinkReplacer/FFinder adware | No |
| X | hldrrr | hldrrr.exe | Added by the BAGLE-KF WORM! | No |
| X | hlhtxo.exe | hlhtxo.exe | Added by the QLOWZONES-27 TROJAN! | No |
| X | HLL Data Parameter | hllcxpa.exe | Added by the RBOT.AFG WORM! | No |
| X | HMI PowerSystem | hmisvc32.exe | Added by the RANDEX.CZZ WORM! | No |
| X | HML PowerSource | hmlsvc32.exe | Added by the SDBOT-XL WORM! | No |
| U | Hmonitor | Hmonitor.exe | Hardware sensor monitoring program. Only required if you overclock your system and want to check on the status | No |
| X | HMV PowerSource | hmusvc32.exe | Added by the SDBOT-YW WORM! | No |
| X | ho2stdll.exe | ho2stdll.exe | Added by the BANKER-HO TROJAN! | No |
| X | HOI Services | holsvc32.exe | Added by the AGOBOT-SF WORM! | No |
| N | Holiday Lights | Holiday Lights.exe | Holiday Lights from Tiger Technologies. Festive desktop enhancement that adds lights. Available via Start -> Programs | No |
| X | Hollaback | slvhosts.exe | Added by the SDBOT.BMO WORM! | No |
| N | Home Theater SchSvr | SchSvr.exe | WinScheduler is installed with Home Theater Remote Control for WinDVD from Intervideo. If you want to schedule recordings from your TV tuner card, you will need it. Available via Start -> Programs | No |
| U | HomeAlarm | HomeAlarm.exe | Chameleon Clock - system tray clock replacement | No |
| ? | HomeCentre WakeUp | LGWAKEUP.EXE | Associated with the no longer supported Xerox HomeCentre printer/scanner | No |
| U | HomeKeyLogger | KeyLogger.exe | SpyKeySpy surveillance software. Uninstall this software unless you put it there yourself | No |
| X | Homeland Network | HomelandNetwork.exe | Homeland Network Notifier - pops ads | No |
| X | homepage.monitor.exe | isamonitor.exe | Added by the ZLOB.MEDIA-CODEC TROJAN! This purports to be a Windows Media Player upgrade (with names such as "iCodecPack", "X Password Manager" and "Media-Codec") to allow the user to view adult oriented videos on certain websites - but actually downloads and installs additional malware on the user's machine. Various directories and filenames are used - see the link for details | No |
| U | HondaHelper | HondaHelper.exe | Part of Honda Music Link which allows you to use your Honda's audio system's controls to play and search for music on your iPod® in you car | No |
| ? | Honor | honor.exe | ?? | No |
| U | Hook99startup | hk2re.exe | "Hook99 enables the user to customize the start button. You can change or remove the text and replace the Windows flag on button with icon of your choice. Supports Windows icons, bitmaps and can extract icons from executables and libraries. Hook99 can also make the background of desktop icons captions transparent" | No |
| U | HookSys | HookSys.exe | SurfinGuard Pro from Finjan - internet protection software, protects against all malicious code delivered through executables, scripting files, ActiveX and Java | No |
| U | HornetMonitor | MntrHrnt.exe | Hornet Monitor - monitoring system that detects and responds to unauthorized access attempts and sources of channel interference on any local DSSS network | No |
| Y | HorngTech4D | bally4d.exe | HorngTech 4D mouse driver | No |
| X | Host | N/A | Added by the POPDIS or STARTPAGE.F TROJANS! | No |
| X | host | help.exe | Identified as the DELF.LF by Ewido Security Suite | No |
| X | Host Process | mame.exe | Added by the RBOT-APO WORM! | No |
| X | Host Process | svchost.exe | Detected by Kaspersky as the AGENT.DGO TROJAN! See here. Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! The file is located in the Fonts directory | No |
| X | hostdll.exe | hostdll.exe | Added by the BANKER-BO TROJAN! | No |
| U | HostManager | AOLHostManager.exe | Manages a component essential to the operation of most current AOL software. If you remove it from startup it will load when IE is launched, increasing launching time | No |
| N | HostManager | AOLSoftware.exe | Quoted from AOL Beta Team, "Manages a component essential to the operation of most current AOL software, client or not. You should be able to remove it from Startup (it'll just load when Explorer is launched, which will extend load time a bit), but do leave it on your system". | No |
| X | Hostname Manager Server | host32srv.exe | Added by a variant of the RBOT WORM! | No |
| X | Hostren.exe | Hostren.exe | Added by PWS.BANKER.F, a variant of the BANKER-BO TROJAN! | No |
| X | hostserv | hostserv.exe | Added by the RBOT.BPZ WORM! | No |
| X | hostserv | wiz98.exe | Added by a variant of the SDBOT WORM! | No |
| U | HostsFileMgr | winHostsEdit.exe | AdBin from Gilmore Software Development. An easy solution to managing your Window's hosts file | No |
| U | HostsMan | hm.exe | "HostsMan is a freeware application that lets you manage your Hosts file with ease". It is mainly intended to block specific domains (mostly advertising servers) by redirecting them to localhost, but can also be used to add any other domain/Ip combination that you want to be included in the HOSTS file | No |
| X | HostSrv | sachostx.exe | Added by the LOOKSKY.H WORM! Drops multiple files in the System (9x/ME) or System32 (NT/2K/XP) folders | No |
| X | HostSrv | sachostx.exe | Added by the LOOKSKY.A or LOOKSKY.F or LOOKSKY.G WORMS! | No |
| X | HostSrv | sachostx.exe... | Added by the LOOKSKY.E WORM! | No |
| X | HostSVC syse | HostSVC.exe | Added by the RBOT-ANZ WORM! | No |
| X | Hot 8.0 Live | hot.exe | Added by the BANKER.EIE TROJAN! | No |
| U | Hot Corners | Hotc.exe | Hot Corners - "lets you quickly activate or disable your screen saver by moving the mouse into a given corner of the screen" | No |
| X | HOT FIX | Gothic.exe | Detected by Kaspersky as the RBOT.ESX WORM! | No |
| X | Hot Inside | Hottest Story Ever.exe | Added by the BHARAT.A WORM! | No |
| U | Hot Key Kbd 2690 Daemon | SK2690DM.EXE | Multi-function keyboard driver. Allows the use of programmable keys on mulimedia keyboards. Required if you use the additional keys | No |
| U | Hot Key Kbd 9910 Daemon | SK9910DM.exe | Multi-function keyboard driver. Allows the use of programmable keys on mulimedia keyboards. Required if you use the additional keys | No |
| ? | Hot Party 22 | hotpart22.exe | ?? | No |
| X | HotAction_hr | hotaction_hr.exe | Added by the SITEICON-B DIALER! An uninstall option can be accessed via the Add or Remove Programs dialog in the Windows Control Panel. The software is listed as "HotAction_hr" | No |
| X | Hotbar | Hbinst.exe | Hotbar adware | No |
| X | Hotbar | HbOEAddOn.exe | Hotbar adware | No |
| X | HotbarOE | OEAddOn.exe | Hotbar adware | No |
| X | HotbarSA | HotbarSA.exe | Hotbar adware | No |
| X | hotdlll | remote.cmd | Added by the BANKER-EHG TROJAN! | No |
| X | hotdlll | vmmreg32.exe | BANKER.DX spyware | No |
| X | hotefix | msnmanegers.exe | Detected by Trend Micro as the IRCBRUTE.AS TROJAN! See here | No |
| X | hotfix | msnnmaneger.exe | Added by the WOOTBOT.AF WORM! | No |
| X | Hotfix Updat | svdhost32.exe | Added by the GAOBOT.ZW WORM! | No |
| U | HOTFOON2 | hotfoon4.exe | Related to Hotfoon - a developer and provider of Internet Telephony technology based on LTP (Lightweight Telephony Protocol) | No |
| U | HotIDE | hotide.exe | HotIDE allows Acer TravelMate owners to hot-swap external drives without switching of their notebooks | No |
| U | HotkeyApp | HotkeyApp.exe | Programmable keys on Acer, Fujitsu and other laptops | No |
| U | HotKeysCmds | hkcmd.exe | Part of Intels Common User Interface for chipsets with integrated graphics controllers - which allows user to change different driver properties through Windows User Interface. If the user wishes to have "HotKey" access to Intel's customised graphics properties, it is required, otherwise not. It can be disabled via the Display Properties in the Control Panel | No |
| X | HotKeysCmds | [path to worm] | Added by the PAHATIA-A WORM! | No |
| X | HotPix | hotpix.exe | Adult content dialler | No |
| X | hotplug | hotplug.exe | Added by the SILLYDL TROJAN! | No |
| U | Hotplug | hot_plug.exe | Related to the SiS_Hot_Plug_Application. Enables automated driver loading for hotpluggable devices. If this service is stopped, hotplug devices will no longer function | No |
| N | HotSync Manager | hotsync.exe | Installed when connecting a Palm HotSync cradle up to a USB port. The Blue and Red Arrow Icon that enables Palm / Handspring Synchronizing. Available via Start → Programs | No |
| X | hotwetlove | hotwetlove.exe | Adult content dialler. Will not uninstall - components have to be manually deleted | No |
| X | Hot_Kiss | Hot_Kiss.exe | Adult content dialler | No |
| X | Hot_Tarts | Hot_Tarts.exe | Adult content dialler | No |
| X | Hot_Tarts_** | Hot_Tarts_**.exe | Premium rate adult content dialer (where * is a random char) | No |
| X | Hot_Tarts_Au | Hot_Tarts_Au.exe | Premium rate adult content dialler | No |
| X | Hot_Tarts_mc | Hot_Tarts_mc.exe | HotTarts adult content dialer | No |
| U | HoverDesk | HoverDesk.exe | HoverDesk - desktop replacement software | No |
| ? | hp 1000 firmware | fwdl.exe | HP LaserJet 1000 related. Is it a driver or automatic firmware update (based upon the filename)? | No |
| U | HP AutoIndexer | hppautoindexer.exe | Installed by HP multi-function printer driver software, related to PC faxing. If you are not using the PC faxing feature you can go ahead and disable these services from the startup | No |
| N | HP CD Writer | hpcdtray.exe | System Tray access to a HP CD-Writer's functions. Available via Start -> Programs | No |
| N | HP CD-DVD | hpcdtray.exe | System Tray access to a HP CD-Writer's functions. Available via Start -> Programs | No |
| N | HP CD-Writer | hpcdtray.exe | System Tray access to a HP CD-Writer's functions. Available via Start -> Programs | No |
| X | hp center | BACKWEB-*****.exe | See here - "messaging service that automatically sends you support information, tips, ideas, and special offers from HP and our partners, especially designed for HP and Compaq desktop computer owners". Applies to certain HP Pavilion desktop computers between Fall 2001 and Spring 2003. * can be any digit | No |
| N | hp center UI | ShadowBar.exe | User Interface for HP Center - see here | No |
| N | HP Component Manager | hpcmpmgr.exe | Checks the internet for updated drivers/utilities for your HP product - update manually. Disabling will remove the error "Windows can't shutdown the computer because hpcmpmgr.exe can't be ended" | No |
| X | HP Deskjet | HP_DeskJet_500.exe | Added by the FORBOT-DA WORM! | No |
| U | HP Digital Imaging Monitor | hpqtra08.exe | System Tray access to HP Director. Required if you prefer to use the all-in-one buttons to manually scan documents or transfer photos froma camera, for example | No |
| U | HP Display Settings | hpdisply.exe | Sets default display settings. Unchecking this item has been reported to cure a "Problem sending command to keyboard" error message | No |
| U | HP Health Check Schedule | HPHC_Scheduler.exe | HP Health Check Scheduler from Hewlett-Packard | No |
| ? | HP IDScheduler | HPIDSCHD.exe | HP Instant Delivery Scheduler | No |
| N | HP Image Zone Fast Start | hpqthb08.exe | Improves the startup time of HP Image Zone. If you disable it, HP Image Zone takes a long time to start up only the first time you run it. Subsequent startups are much faster than the first time | No |
| N | HP Info Express | ?? | On HP PCs, allows the computer to automatically receive notifications from HP over the Internet. Associated with BackWeb | No |
| U | HP Instant Support | matcli.exe | "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, state, etc and gets written to a log file". HP Instant Support is required to run with the Help and Support program. If you uncheck HP Instant Support and and then run Help and Support it will add another HP Instant Support in the startup menu. If you remove the HP Instant Support in the add/remove program some help menus in help and support will not be available. You decide | No |
| N | HP Internet Center | SURFBRD.EXE | Loads the HP Internet center surfboard on startup. HP Internet Center allows you to customize the multimedia keys on the fly without having to go the Control Panel --> Keyboards to change them | No |
| N | HP JetDiscovery | HPJETDSC.EXE | HP JetAdmin software which monitors printing jobs on a network environment | No |
| N | HP JetSpeed Autostart | AUTOSTART.EXE | Autostart executable for the old multiplayer game HP Jetspeed | No |
| U | HP Laser Jet Director | hppdirector.exe | System Tray icon that opens various functions such as copy, fax, email, scan, copy plus, etc. Right-click on it and you see a few options such as the preceding bar plus About, Help, ToolBox, Exit, etc | No |
| ? | HP Network Registry Agent | hpnra.exe | ?? | No |
| ? | HP OfficeJet Series xxx Startup | HPOSTR03.EXE | xxx represents the series number - such as 700. What does it do and it it required? | No |
| ? | HP OfficeJet Series xxx Startup | HPOstr05.exe | xxx represents the series number - such as 700. What does it do and it it required? | No |
| N | HP Parallel Port Test | hppt.exe | Associated with a HP ScanJet scanner | No |
| X | HP Photo Manager | HPPhotoManager.exe | Added by the SDBOT.AXU WORM! | No |
| N | HP Photosmart Premier Fast Start | hpqthb08.exe | Improves the startup time of HP Image Zone. If you disable it, HP Image Zone takes a long time to start up only the first time you run it. Subsequent startups are much faster than the first time | No |
| ? | HP Port Resolver | hpbpro.exe | ?? | No |
| N | HP Precision Scan | hpmdlbwx.exe | HP multifunction scanner software. Available from HP Office Jet R Toolbox so not required | No |
| N | HP Presentation Ready | PresRdy.exe | HP Omnibook related: "Press a dedicated button above the keyboard and the system will instantly load your presentation software and change the screen resolution to match your display device" | No |
| U | hp psc 2000 Series | hpobnz08.exe | System Tray icon indicating when the printer is ready. Can be started manually with HP Director but takes time to start | No |
| U | HP RecordNow | ?? | From HP "Software for the CD writer. Do not prevent from starting unless the CD writer is never going to be used." | No |
| U | HP ScanPatch | HPScanFix.exe | Program that starts up and automatically fixes earlier versions of the Scanjet 5100c software. If a Scanjet 5100C scanner is not going to be used, then it is safe to remove or prevent from starting | No |
| N | HP ScanPicture | hpsplmwa.exe | HP multifunction scanner software. Available from HP Office Jet R Toolbox so not required | No |
| U | HP SchedIndexer | hppschedindexer.exe | Installed by HP multi-function printer driver software, related to PC faxing. If you are not using the PC faxing feature you can go ahead and disable these services from the startup | No |
| X | HP Service Drivers | hdsys.exe | Added by the SDBOT-ZE WORM! | No |
| ? | hp Silent Service | HpSrvUI.exe | HP related | No |
| N | HP Simple Trax | Hpcron.exe | Supplied with HP CD-RW drives - stores information about CD contents on your hard drive. Available via Start -> Programs or Desktop Icon | No |
| N | HP software update | HPWuSchd2.exe | HP software updates. If a shortcut doesn't exist create your own and run it manually | No |
| N | HP software update | HPWuSchd.exe | HP software updates. If a shortcut doesn't exist, create your own and run it manually | No |
| N | HP Status | hpstatus.exe | HP Printer Status and Alerts | No |
| ? | HP Status Server | hpboid.exe | Copied during installation of HP Inkjet Printer Drivers in Win2K/XP. What does it do and is it required? | No |
| U | HP TV Now | HpTvNow.exe | Application supplied with HP notebooks. It activates the S-Video port and is said to improve the quality of the output signal (resolution/timeouts) | No |
| X | HP Update Assistant | HPAware.exe | Added by the MRO TROJAN! | No |
| N | HP Updates | ?? | On HP PCs, allows the computer to automatically receive notifications from HP over the Internet. Associated with BackWeb | No |
| ? | HP Visualize Init | HpVisIni.exe | HP Visualize software related. What does it do and is it required? | No |
| N | HP-Aio Flight | Remind32.exe | HP multifunction registration | No |
| U | HPADVISOR | HPAdvisor.exe | HP Total Care Advisor - a suite of help and hardware check programs to help you check the health of your PCs | No |
| N | hpaiodevice | hpodev07.exe | Direct from HP - "Device Objects Server - detects all device events and handles all ongoing communication on the device. Loads in the Startup group (except when "portable" is chosen during installation)". Related to various HP all-in-one printer/scanner/copier devices. They print and copy fine with those files disabled, and the icon installed on the desktop that points to "hpodir07.exe" works just fine if you need to use the scanner | No |
| ? | HPAiODevice(hp officejet g series) | hpoavn07.exe | HP Printer related, reportedly lets file transfers from an HP device pass files through Windows firewall. Is it required? | No |
| N | HPAiODevice(hp psc 900 series) -1 | hpobrt07.exe | Installed with a Hewlett Packard 900 series colour printer, scanner, fax, photo card slot printer, copier. Assumed to perform an identical function to the hpaiodevice entry | No |
| N | HPAIO_PrintFolderMgr | hpoopm07.exe | Directly from HP: "This process has one purpose - detects if the device moves to a different port, and notifies other processes to look on the new port." For various HP all-in-one printer/scanner/copier devices. They print and copy fine with those files disabled, and the HP icon installed on the desktop that points to "hpodir07.exe" works just fine if you need to use the scanner | No |
| U | HPBootOp | HPBootOp.exe | "HP Boot Optimizer intelligently and dynamically launches software during startup, based on available resources, to improve startup performance" | No |
| X | hpcmd | cmd.exe | Added by the ADCLICK-DS TROJAN! | No |
| N | hpcmpmgr | hpcmpmgr.exe | Checks the internet for updated drivers/utilities for your HP product - update manually. Disabling will remove the error "Windows can't shutdown the computer because hpcmpmgr.exe can't be ended" | No |
| U | HPDJ Taskbar Utility | hpztsb01.exe | HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer | No |
| U | HPDJ Taskbar Utility | hpztsb02.exe | HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer | No |
| U | HPDJ Taskbar Utility | hpztsb04.exe | HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer | No |
| U | HPDJ Taskbar Utility | hpztsb05.exe | HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer | No |
| U | HPDJ Taskbar Utility | hpztsb07.exe | HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer | No |
| U | HPDJ Taskbar Utility | hpztsb09.exe | HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer | No |
| U | HPDJ Taskbar Utility | hpztsb06.exe | HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer | No |
| U | HPDJ Taskbar Utility | hpztsb08.exe | HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer | No |
| U | HPDJ Taskbar Utility | hpztsb03.exe | HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer | No |
| U | HPDJ Taskbar Utility | hpztsb10.exe | HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer | No |
| U | HPDJ Taskbar Utility | hpztsb11.exe | HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer | No |
| U | HPDJ Taskbar Utility | hpztsb12.exe | HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer | No |
| U | HPDJ Taskbar Utility | hpztsb13.exe | HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer | No |
| N | hpfsched | hpfsched.exe | HPFSCHED is a small TSR that will remind you to clean the cartridges in your DeskJet from time to time in order to keep print quality high. It can be removed from the run line in win.ini if you do not want that feature | No |
| U | HPGamesActiveMenu | ActiveMenu.exe | Wild Tangent demo games that come with some HP computers. Unchecking it can prevent the games from running occasionally. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case | No |
| N | hpgs2wnd | hpgs2wnd.exe | "HP's exclusive Share-to-Web software makes it easy to share content with others through our affiliate Internet websites". Available via Start -> Programs | No |
| U | Hpha1mon | Hpha1mon.exe | Supports the memory card reader on some HP Photosmart and AIO (all-in-one) printers - displaying a System Tray icon for the drive and allowing you to transfer files directly via the SAVE button. This verison is applicable for version 2.0 to 2.3 drivers - see here. Known to cause 100% CPU load in some cases. Only needed if you use this feature | No |
| U | Hpha2mon | Hpha2mon.exe | Supports the memory card reader on some HP Photosmart and AIO (all-in-one) printers - displaying a System Tray icon for the drive and allowing you to transfer files directly via the SAVE button. This verison is applicable for version 3.1 to 3.2 drivers - see here. Known to cause 100% CPU load in some cases. Only needed if you use this feature | No |
| U | Hpha3mon | Hpha3mon.exe | Supports the memory card reader on some HP Photosmart and AIO (all-in-one) printers - displaying a System Tray icon for the drive and allowing you to transfer files directly via the SAVE button. This verison is applicable for version 3.3.138 to 3.4.13 drivers - see here. Known to cause 100% CPU load in some cases. Only needed if you use this feature | No |
| U | HPHmon03 | hphmon03.exe | Supports the memory card reader on some HP Photosmart and AIO (all-in-one) printers - displaying a System Tray icon for the drive and allowing you to transfer files directly via the SAVE button. Known to cause 100% CPU load in some cases. Only needed if you use this feature | No |
| U | HPHmon04 | hphmon04.exe | Supports the memory card reader on some HP Photosmart and AIO (all-in-one) printers - displaying a System Tray icon for the drive and allowing you to transfer files directly via the SAVE button. This verison is applicable for version 4.0 to 4.2 drivers - see here. Known to cause 100% CPU load in some cases. Only needed if you use this feature | No |
| U | hphmon05 | hphmon05.exe | Supports the memory card reader on some HP Photosmart and AIO (all-in-one) printers - displaying a System Tray icon for the drive and allowing you to transfer files directly via the SAVE button. This verison is applicable for version 5.0 to 5.3 drivers - see here. Known to cause 100% CPU load in some cases. Only needed if you use this feature | No |
| U | HPHmon06 | hphmon06.exe | Supports the memory card reader on some HP Photosmart and AIO (all-in-one) printers - displaying a System Tray icon for the drive and allowing you to transfer files directly via the SAVE button. This verison is applicable for version 6.0 drivers - see here. Known to cause 100% CPU load in some cases. Only needed if you use this feature | No |
| X | Hphome | hphome.js | Homepage hijacker | No |
| N | HPHUPD04 | hphupd04.exe | HP software update checker and wizard launcher. Available via Start -> Programs | No |
| N | HPHUPD05 | hphupd05.exe | HP software update checker and wizard launcher. Available via Start -> Programs | No |
| N | HPHUPD06 | hphupd06.exe | HP software update checker and wizard launcher. Available via the Start menu | No |
| N | HPHUPD07 | hphupd07.exe | HP software update checker and wizard launcher. Available via Start -> Programs | No |
| N | HPHUPD08 | hphupd08.exe | HP software update checker and wizard launcher. Available via Start -> Programs | No |
| ? | hpjsiroute | hpjsira.exe | Related to HP laserjet printers and IP addresses. An IP address is appended to the name field - ie "hpjsiroute192.168.1.2" | No |
| X | HPl Services | hmlsvc32.exe | Added by the AGOBOT-SI WORM and variants! | No |
| Y | HpLamp | HPLAMP.EXE | HP Scanner Utility that controls your scanners light bulb. Needed if it's switched on | No |
| U | hplampc | hplampc.exe | HP Scanner Lamp Utility - fixes an issue with the scanner lamp not going off | No |
| U | HPLaptopGamesActiveMenu | ActiveMenu.exe | Wild Tangent demo games that come with some HP computers. Unchecking it can prevent the games from running occasionally. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case | No |
| Y | HPLJ Config | SetConfig.exe | Connects system to networked HP printer. | No |
| U | HPLogiFinder | hp_finder.exe | HP LogiFinder helps detect and allows the use of the centre button for the Logitech mouse. Can be disabled if not used | No |
| U | HpMmKbd | HpMmKbd.exe | HP's multimedia keyboard driver which enables the end-user to use the automation features of the HP multimedia keyboard | No |
| U | HPMVTray | HPMVTray.exe | HP Media Vault Networked Storage Device - System Tray management utility | No |
| X | HPNT | hpdll.exe | Malware downloader - detected by Kaspersky as the VB.KU TROJAN! | No |
| N | hpodblia | hpodblia.exe | HP OfficeJet Scan Button Monitor on a multi-function printer/copier/scanner. Start your scanning software manually | No |
| N | hpoddt01.exe | N/A | Installed by the "HP Photo and Imaging Director" software. If you ask for the imaging software, this program will be started | No |
| U | hpoddt01.exe | hpotdd01.exe | Detection of new imaging, printing and other peripherals on HP machines such as USB printers, cameras and Bluetooth products | No |
| N | hpodlb08 | hpodlb08.exe | HP OfficeJet Scan Button Monitor on a multi-function printer/copier/scanner. Start your scanning software manually | No |
| Y | hpppt | hpppt.exe | Related to the drivers for HP ScanJet scanners | No |
| Y | hpppta | HPPPTA.exe | HP parallel port driver for certain hardware | No |
| X | HpPrinter | hpserver.exe | Added by the CMJSPY-W TROJAN! | No |
| N | HPPROPTY | HPPROPTY.EXE | HP LaserJet Toolbox | No |
| U | HPPWRSAV | HPPWRSAV.EXE | Power save related for HP Scanners. Many users have complained of system freezes with it running but it stops the light from remaining on all the time. Try www.hp.com, pick your OS option under the SUPPORT tab, follow the instructions and you will find an updated lamp control patch | No |
| ? | hpqcmon | hpqcmon.exe | From HP and related to digital imaging | No |
| U | HPSCANMonitor | hpsjvxd.exe | HP scanning software that enables you to scan images from your scanner. Needed if you're using the scanner | No |
| ? | hpScannerFirstBoot | scannerfb.exe | HP scanner related | No |
| N | hpsjbmgr | hpsjbmgr.exe | HP ScanJet Button Manager. It allows users of the HPScanJet scanners to indicate what the buttons on the scanner will do automatically if pushed. Not required at startup, unless the scanner is used every day, such as in a business environment | No |
| N | HPStart | hpstart.wsf | This a script used by HP that runs the first time one of their computers is started. Can't imagine why it would be starting up after the first boot | No |
| X | hpsysconf1 | [random filename] | Added by a variant of the VIVIA.A TROJAN! | No |
| U | hpsysdrv | hpsysdrv.exe | This item keeps track of how many times the system has been recovered and the times of the first and last recoveries done on the system. Leaving unchecked will sometimes prevent the Keyboard Manager program from detecting that the computer is an HP. Since this program/driver was only made to run on HP, if it can't tell that it is an HP it will not run. If unchecked, it can prevent the running of the Application Recovery CDs, the use of the multimedia keys, and the HP Instant Support. Also seen that without it running, the Riptide Sound card that was installed on some older HP computers stops working | No |
| X | hptools | hptools.exe | Added by a variant of the SDBOT WORM! | No |
| X | hptools | microsoft.exe | Added by a variant of the SDBOT WORM! | No |
| N | HPU | ProvenTactics.exe | Proven Internet Marketing software | No |
| U | hpWirelessAssistant | HP Wireless Assistant.exe | The HP Wireless Assistant is a user application that provides a way to control the enablement of individual wireless devices (such as Bluetooth or WLAN devices) and that shows the state of the radios for these wireless devices | No |
| U | hpWirelessAssistant | HPWAMain.exe | Wireless application bundled with HP computers that allows you to control different settings on the computer's wireless devices such as Bluetooth and WLAN | No |
| N | HPZTS04 | hpzts04.exe | Hewlett Packard printer toolbox shortcut that resides in the system tray | No |
| U | hpztsb02 | hpztsb02.exe | HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer | No |
| U | hpztsb04 | hpztsb04.exe | HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer | No |
| U | hpztsb05 | hpztsb05.exe | HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer | No |
| U | hpztsb07 | hpztsb07.exe | HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer | No |
| U | hpztsb09 | hpztsb09.exe | HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer | No |
| U | hpztsbol | hpztsbol.exe | HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer | No |
| N | HP_dla | dlatray.exe | On HP PCs, tray icon for dla - which provides drive letter access to HP's and Veritas' version of DirectCD | No |
| X | HQI Services | hqisvc32.exe | Added by the AGOBOT-RO WORM! | No |
| X | HQI Services | hqlsvc32.exe | Added by the AGOBOT-RP WORM! | No |
| N | hqtray | hqtray.exe | VMware Host Network Access Status Tray Application - part of both VMware Player (from version 2.0) and Workstation (until version 6.5) - which allow you to "run multiple operating systems simultaneously on a single PC." It's function is uknown at present and it displays no tray icon as the name suggests. Can be disabled without affecting the operation of either product | Yes |
| U | HR | Hr.exe | HiddenRecorder periodically takes screenshots of the computer. If you didn't install this yourself remove it | No |
| U | HREF.OCX | regsvr32.exe ....HREF.OCX | HREF.OCX is an ActiveX control developed by xFX JumpStart and used to provide HTML-alike clickable links on Windows-based programs such as PopUpKiller | No |
| X | Hrn_qtv | hrnsvc32.exe | Added by the SDBOT-AET WORM! | No |
| X | hsim | isearch.exe | Unidentified malware | No |
| X | hsim | sexgame.exe | Unidentified malware | No |
| X | hsim | toolbar.exe | Unidentified malware | No |
| U | HSLAB Logger | logger.exe | HSLABLogger logs user activity and Internet activity. The gathered information can be sent to a predetermined email address. If you didn't install this yourself uninstall it | No |
| U | HSON | HSON.exe | Toshiba HotStart button support for instant-on entertainment on their laptops | No |
| U | HSTrans | hstrans.exe | Homescan Internet Transporter - part of ACNielson Homescan. Recognizes when the ACNielsen Homescan Scanner is attached to the computer and allows it to transmit scanner information to ACNielsen | No |
| ? | HsuGuiControl | HsuGuiControl.exe | Part of the Starband Internet satellite client. What does it do and is it required? | No |
| U | Hti | npdor.exe | Appears in startup if you have chosen to participate in on survey by NPD Online Research. Required for the survey to work correctly. Otherwise not required | No |
| X | HTML Help System | hhs.pif | Added by the RBOT-ATB WORM! | No |
| X | HTML32 Help System | hhs32.pif | Added by the RBOT-ATE WORM! | No |
| U | HTpatch | htpatch.exe | HTpatch.exe is part of the SiS AGP patch - BUT unless your processor (and motherboard) supports HyperThreading (HT) and this feature is enabled it will actually SLOW your graphics card by around 6% | No |
| X | HtProtect | AVprotect.exe | Added by the NETSKY.L WORM! | No |
| X | htssv32.exe | htssv32.exe | Added by a variant of the SDBOT TROJAN! | No |
| X | HTTP Tunneling Server | mstunnel.exe | Added by the RBOT.EDL WORM! | No |
| X | http://www.lienvandekelder.be | LienVandeKelder.exe | Added by the MYTOB-AZ WORM! | No |
| X | http://www.lienvandekelder.be | Lien Van de Kelder.exe | Added by the MYTOB-AP WORM and variants! | No |
| X | http://www.lienvandekelder.be | Lien Vande Kelder.exe | Added by the MYTOB-AQ WORM! | No |
| X | http://www.lienvandekelder.be | Lien vd Kelder.exe | Added by the MYTOB-M WORM! | No |
| X | http://www.lienvandekelder.be | Lien.exe | Added by the MYTOB-CZ WORM! | No |
| X | http://www.lienvandekelder.be | Lientjeuh.exe | Added by the MYTOB-P WORM! | No |
| X | http://www.lienvandekelder.be | LienVdK.exe | Added by the MYTOB-U WORM! | No |
| X | http://www.lienvandekelder.be | Van de Kelder Lien.exe | Added by the MYTOB-BF WORM! | No |
| X | http://www.lienvandekelder.be | We Love Lien Van de Kelder.exe | Added by the MYTOB-CV WORM! | No |
| X | http://www.lienvandekelder.com | Lien Van de Kelder.exe | Added by the MYTOB-EQ WORM! | No |
| X | http://www.lienvandekelder.com/ | LienVandeKelder.exe | Added by the MYTOB-EO WORM! | No |
| X | httpd | c_pan.exe | Added by a variant of the DELF-A TROJAN! | No |
| X | httpd | deamon.exe | Added by the TACTSLAY.C TROJAN! | No |
| X | httpd | msgaol.exe | Added by the TACTSLAY.C TROJAN! | No |
| X | httpd | s_menu.exe | Added by the TACTSLAY.C TROJAN! | No |
| X | httpd | browse.exe | Added by the TACTSLAY.C TROJAN! | No |
| X | httpd | deamon.exe | Added by the TACTSLAY.C TROJAN! | No |
| X | https-ssl | https.exe | Added by the MOEGA.D WORM! | No |
| U | HughesNet Tools | matcli.exe | "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". HughesNet Tools is required to run with the Help and Support program. If you uncheck HughesNet Tools and then run Help and Support it will add another HughesNet Tools in the startup menu. If you remove the HughesNet Tools in the add/remove program some help menus in help and support will not be available. You decide | No |
| ? | huhdir | huhdir.exe | ?? | No |
| X | huigezi | HgzServer.exe | Added by the GRAYBIRD.C TROJAN! | No |
| X | Hvewsveqmg | ANACON.EXE | Added by the NACO.A WORM! | No |
| X | Hvid | Hvid.exe | Added by the GEMA TROJAN! | No |
| X | HWINFO* | HWINFO* | Added by the PUROL WORM! where * is a random character | No |
| Y | HWinst | N/A | For Gilat Communications internet satellite systems. Gilat rescue (Satellite system restore). Required if you have this system. Can cause a BSOD (blue screen of death) if left out | No |
| X | Hwp | system_wc.exe | Eziin adware | No |
| X | hws | hws.exe | Added by the STARTPA-CT TROJAN! | No |
| U | HWSetup | HWSetup.exe hwSetUP | "Toshiba Hardware Setup is the Toshiba configuration management tool available through Windows." Allows the user to change BIOS, hard disk, memory, boot disk priority and other settings | No |
| X | hxadsec | [path to trojan] | Added by the ADCLICK-AP TROJAN! | No |
| X | HXDL.EXE | HXDL.EXE | Attune HelpExpress - spyware. Disable and uninstall - see here | No |
| X | HXIUL.EXE | HXIUL.EXE | Attune HelpExpress - spyware. Disable and uninstall - see here | No |
| U | HydarVisionDesktopManager | desk95.exe | ATI's HydraVision desktop management software, allowing for multi-monitor support, as included in ATI HydraVision versions 2.5 and earlier. Has been reported to cause problems, such as this one. HydraVision can be uninstalled through Add/Remove Programs | No |
| U | HydraVisionDesktopManager | desk98.exe | ATI/Appian HydraVision Desktop Manager software - monitors and regulates window and dialog box placement according to user preferences when using a multi monitor setup | No |
| U | HydraVisionDesktopManager | HydraDM.exe | ATI/Appian HydraVision Desktop Manager software - monitors and regulates window and dialog box placement according to user preferences when using a multi monitor setup | No |
| U | HydraVisionViewport | viewport.exe | ATI/Appian HydraVision Desktop Manager software - monitors and regulates window and dialog box placement according to user preferences when using a multi monitor setup | No |
| X | Hyper Start | instantmsgrs.exe | Added by the RBOT-NH WORM! | No |
| X | I am not Ranky. I am eTunnel! | msyervice.exe | Added by an unidentified WORM or TROJAN! | No |
| X | I am not Ranky. I am eTunnel! | winsys.exe | Added by an unidentified WORM or TROJAN! | No |
| X | I am not Ranky. I am eTunnel! | disney.exe | Added by an unidentified WORM or TROJAN! | No |
| X | I just want to say I love Milko and I need a drink | svchost.exe | Added by the CHIKO WORM! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in Documents and Settings\Administrator\Local Settings\Application Data | No |
| X | I-Worm.GiGu | uGiG.eXe | Added by the GINK WORM! | No |
| X | I/O Controllers | svcnet.exe | Added by the TIBIK-B TROJAN! | No |
| X | I386 | I386.exe | Added by the MYPOWER WORM! | No |
| ? | I81SHELL | I81SHELL.exe | Appears to be related to drivers for an Intel 810 graphics chipset on an ASUS motherboard | No |
| U | i8kfangui | i8kfangui.exe | Graphical interface for fan speed control | No |
| U | IAAnotif | iaanotif.exe | IAA Event Monitor User Notification Tool - part of Intel® Application Accelerator - "a performance software package for desktop PCs using select Intel® chipsets" that "replaces the ATA drivers that come with Windows with drivers optimized for desktop and mobile PCs." If you use the RAID version it's required to notify you if a RAID 1 disk has failed | No |
| Y | iamapp | iamapp.exe | AtGuard personal firewall engine. As Atguard was bought by Symantec some time ago, it's now the Norton Personal Firewall executable as well | No |
| X | Iamnacho On Irc.MusIrc.com Is a Homosexual! | XBox64.exe | Added by the RANDEX.Y WORM! | No |
| ? | IaNvSrv | IaNvSrv.exe | Related to the option ROM part of the Intel® Matrix Storage Manager. Located in %ProgramFiles%\Intel\Intel Matrix Storage Manager\OROM\aNvSrv. What does it do and is it required? | No |
| ? | Iap | iap.exe | Possibly part of Dell OpenManage Client Instrumentation - software that allows remote management application programs to access information about, monitor the status of or change the state of the client computer, such as shutting it down remotely? | No |
| U | ias | ias.exe | InvisibleASpy keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| X | IASHLPR | IASHLPR.EXE | Added by the OPASERV.T WORM! | No |
| X | ibin | [path to trojan] | Added by the PERDA-C TROJAN! | No |
| X | ibm | ibm.exe | Added by the LEGMIR-AH TROJAN! | No |
| X | IBM Keyboard Driver | ikeybdrv.exe | Added by the SDBOT.IC TROJAN! | No |
| ? | IBM Warranty Notification | ERTS0749.exe | IBM Warranty Notification - presumably it's a reminder to either register or that warranty is about to expire? | No |
| N | ibmmessages | ibmmessages.exe | Allows IBM to push messages onto users' computers. Quote: "The Access IBM Message Center can display messages to inform you about software and solutions available from IBM as well as messages from IBM eSupport" | No |
| ? | Ibmmon.exe | Ibmmon.exe | ?? | No |
| U | Ibmpmsvc | ibmpmsvc.exe | Power management driver for IBM laptops. Provides support for the use of four keys on the thinkpad keyboard with blue key tops - Fn, F3, F4 & F12 - which have specific functions to control the standby and hibernate buttons. Not required if you don't plan to go into standy or hibernate modes | No |
| ? | IBMPRC | ibmprc.exe | IBM application - what does it do and is it required? | No |
| U | IBMUltraBayHotSwapCPLLoader | IBMBAY2N.EXE | Supports hot swapping in Thinkpad UltraBay Option on IBM ThinkPad laptops | No |
| ? | IBMUltraBayHotSwapSound | IBMBAYSN.EXE | Supports hot swapping in Thinkpad UltraBay Option on IBM ThinkPad laptops. Is it needed though - does it just play a sound? | No |
| Y | IBM_PWMGR | pwmgr.exe | IBM Password Manager | No |
| X | Ibs | ibs.exe | Added by the HIDEDIAL-B TROJAN! | No |
| U | IBWin Background process | IBackground.exe | IBackup for Windows | No |
| U | IBWin Monitor | IBMonitor.exe | IBackup for Windows | No |
| Y | IcaBar | icabar.exe | Related to Citrix MetaFrame | No |
| X | icasServ | icasServ.exe | Browser hijacker, redirecting to Searchforfree.info. Also detected as the ICASERV-A TROJAN! | No |
| X | icccomp | [8 random letters].exe | Detected by Kaspersky as the ZHELATIN.EQ WORM! See here | No |
| X | ICcontrol | iccontrol.exe | ICcontrol premium rate adult content dialer | No |
| X | icdd7ee6 | rundll32.exe icdd7ee6.dll, EnableRunDLL32 | LZIO.com adware downloader. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "icdd7ee6.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| X | icddefff | rundll32.exe icddefff.dll, EnableRunDLL32 | LZIO.com adware downloader. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "icddefff.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| N | ICH Synth | eusexe.exe | Sound related and can be disabled without affecting performance although advanced sound features may be sacrificed. May be related to Compaq PC's with "SoundMAX integrated Digital Audio" (Analog Devices Inc.) devices | No |
| X | icifati | yujixit.exe | Added by the SDBOT.ZZH WORM! | No |
| U | iClean | iClean.exe | IEClean - "advanced, comprehensive package of tools which perform a number of functions to allow you to control your online privacy" | No |
| U | ICM | ICM.EXE | Starts Internet Call Manager dialog box and/or taskbar icons at bootup. This is a subscription program from internetcallmanager.com that monitors a dialup phone line for incoming calls and handles voicemail | No |
| N | iCn | NAG.EXE | iChoose - shopping browser enhancement that alerts you to cheaper deals for goods you want to buy, if they exist. Not related to the Mac icon program of the same name | No |
| U | ICO | ICO.EXE | Found on some Sony Vaio, IBM Thinkpad and Dell (and possibly other) laptops and seems to be related to Mouse Suite 98 Daemon according to the properties. Required on the Dell Inspirion 530 as without it the Dell mouse suite does not load and mouse settings are not retained on a reboot. Appears to cause a behaviour where the desktop suddenly flips back up when playing DirectX associated games | No |
| N | Icon Animation | HDE.EXE | Part of McAfee Nuts & Bolts. Provides entertaining animation of your desktop icons | No |
| N | Icon Hearit 95 | hearit95.exe | Audio desktop customization utility from Moon Valley Software. Resource hog | No |
| N | Icon Hearit 98 | hearit98.exe | Audio desktop customization utility from Moon Valley Software. Resource hog | No |
| X | Icon lptt01 | icon.exe | RapidBlaster variant (in a "Icon" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here | No |
| X | Icon ml097e | icon.exe | RapidBlaster variant (in a "Icon" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here | No |
| Y | iconcache | icon.bat | Related to the Vista Customization Pack | No |
| Y | ICONCLNT | iconclnt.exe | APC PowerChute® Personal Edition tray icon | No |
| U | ICONDESK | ICONDESK.EXE | Small utility which will allow you the option of hiding or showing your desktop icons | No |
| N | Iconfig.exe | Iconfig.exe | Icon for LS-120 "Superdisk" | No |
| X | iConfigLoader | DIIhost.exe | Added by the GAOBOT.AO WORM! | No |
| N | Iconoid | Iconoid.exe | Iconoid is a desktop icon manager | No |
| N | Iconsaver | Iconsaver.exe | IconSaver is a desktop icon manager | No |
| X | ICQ | ICQNET.vbs | Added by the GORMLEZ-A WORM! | No |
| X | ICQ Agent | icq6.exe | Added by the AGENT-FZJ TROJAN! | No |
| X | ICQ Center | [path to worm] | Added by the RANDIN WORM! | No |
| X | ICQ Chat Service | icqjdhs.exe | Added by a variant of the RBOT WORM! | No |
| X | ICQ Hacking Pro | ICQpro.exe | Added by a variant of the NETSPY TROJAN! | No |
| N | ICQ Lite | ICQLite.exe | ICQ Lite - compact version of the popular messaging program | No |
| X | icq lite | scvhost.exe | Added by the AGENT-DSF TROJAN! | No |
| X | icq lite | winlog.exe | Added by the IRCBOT-TJ TROJAN! | No |
| X | ICQ Lite Messenger | [random filename] | Added by an unidentified VIRUS, WORM or TROJAN! Unlike the legitimate ICQ Lite executable, which will be located in the ICQLITE folder in Program Files, this particular impostor is located in the Windows or WinntSystem32 directory | No |
| X | ICQ Messenger 2002 | ICQ2002.exe | Added by the SDBOT-ABL WORM! | No |
| X | ICQ Net | winlogon.exe | Added by variants of the NETSKY WORMS! Note - this is not the legitimate winlogon.exe process which should not appear in Msconfig/Startup! | No |
| N | ICQ Plus | vplus.exe | ICQ Plus is a freeware utility makes your ICQ skinnable (change the look). Available via Start -> Programs | No |
| X | IcqBeta | webcamupdate.exe | Added by an unidentified TROJAN! | No |
| X | ICQNet | winlogon.exe | Added by the NETSKY-C WORM! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup and is always located in the System32 folder. This file is placed in the Windows or Winnt folder | No |
| X | icrosof Avps32 Control | av32.pif | Added by the RBOT-AVC WORM! | No |
| X | icrosoft Visual | plscx.exe | Added by the RBOT-AYO WORM! | No |
| X | icrosoft Visual InterDevc | zvslmqb.exe | Added by the RBOT-AYP WORM! | No |
| X | icrosoft Windows DLL Services Configuration | poker3.exe | Added by the SDBOT-AER WORM! | No |
| X | icrosoftf Avpx Control | avpx.exe | Added by the RBOT-AYN WORM! | No |
| U | ICSDCLT | rundll32.exe Icsdclt.dll, ICSClient | Internet Connection Sharing allows more than one computer to simultaneously access the internet with a single connection. Also required when networking two machines | No |
| N | ICServer | Icserver.exe | Intel Intercast viewer software. Gives access to selected internet pages which are broadcasted by several TV stations | No |
| Y | ICSMGR | ICSMGR.EXE | Monitors DNS and DHCP requests for ICS (Internet Connection Sharing). Needed if you're sharing the internet on various computers | No |
| X | ICU-Sucker | Service32.exe | Added by the ILLNOTIFIER.D TROJAN! | No |
| N | IC_KEY_3 | spvic.exe | Instant Chess related | No |
| N | ID Commander | IDCom.exe | Caller ID utility for identifying incoming telephone numbers | No |
| X | ID8525 | ID8525.exe | Added by the ID8525.A TROJAN! | No |
| X | ID8525 | id85255.exe | Added by the ID8525.A TROJAN! | No |
| ? | IDA | IDA.EXE | HP related - in a Program FilesHewlett-PackardPC COE folder | No |
| X | IDE | ide.exe | Added by the ASSASIN.F TROJAN! | No |
| X | IDE Loader | IDElibr32.exe | Added by the XILON TROJAN! Related to the game "Diablo II" | No |
| X | idecntl | idecntl.exe | Added by a variant of the CRYPTER.C TROJAN! | No |
| U | iDesktop | idesktop.exe | Immersion TouchWare Desktop software for devices such as the Logitech iFeel Mouse | No |
| X | idlesam | [8 random letters].exe | Detected by Kaspersky as the ZHELATIN.EQ WORM! See here | No |
| N | IDMan | IDMan.exe | Internet Download Manager - download files faster, schedule and resume | No |
| X | idmlssp | [random filename] | Added by a variant of the SLAPER TROJAN! | No |
| X | IDTemplates | IDTemplate.exe | Added by the BRONTOK-H WORM! | No |
| N | IDW Logging Tool | idwlog.exe | Added with WinXP SP1. Usually only found in internal builds only to indicate the current build being used. Can cause slow network logon problems | No |
| X | IE configure | explorer.exe | Added by the LINEAGE-C TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! | No |
| U | IE Doctor | IEDoctor.exe | IE Doctor Toolbar - "IE Doctor can help you to Repair IE easily, protect IE and OE from all malicious changes. It can Repair the HomePage, context menu, IE toolbar button, startup items, Favorites, typed URLs and the entire Internet Options" | No |
| X | IE Java Update | iejava.exe | Added by the AGENT-HD TROJAN! | No |
| X | IE Menu Extension toolbar | rundll32.exe [path] tbextn.dll DllShowTB | Topconverting.com180Search "IEMenuExtension" toolbar. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| U | IE New Window Maximizer | iemaximizer.exe | IE New Window Maximizer - automatically maximize new Internet Explorer and Outlook Express windows | No |
| X | IE Runtime | wini.exe | Added by the PICRATE.B WORM! | No |
| X | IE Runtimes | winis.exe | Added by the RBOT-ADZ TROJAN! | No |
| X | IE**.exe [* = random char] | IE**.exe [* = random char] | CoolWebSearch/HomeSearch adware - for examples, see this log | No |
| X | IE**32.exe [* = random char] | IE**32.exe [* = random char] | CoolWebSearch/HomeSearch adware - for examples, see this log | No |
| X | IE-Bar | iebar.exe | DesktopMedia adware | No |
| X | IE-Security | iescan.exe | IE-Security rogue spyware remover - not recommended, removal instructions here | No |
| X | IE-Security | wdscan.exe | IE-Security rogue spyware remover - not recommended, removal instructions here | No |
| X | IE6 | wkstmg.exe | Added by a variant of the SDBOT WORM! | No |
| X | IE6 | ssmss.exe | Added by the GAOBOT.DXO WORM! | No |
| X | IE6 | porn.pif | Added by the RBOT-ATF WORM! | No |
| X | IE6 | winsnt.exe | Added by the RBOT-GOV WORM! | No |
| X | IEACCESS | temp532.exe | AsdPlug premium rate adult content dialer variant | No |
| X | IEACCESS | surfya.exe | IEAccess premium rate adult content dialer variant | No |
| X | IEAgent update check | iewatch.exe | Added by the BOMKA TROJAN! | No |
| X | IECache | IECache.exe | Detected by Bitdefender as the DELF.OFC TROJAN! See here | No |
| N | iecheck | iecheck.exe | Integrity checker for IconEdit2 icon editor. It serves for IconEdit2 internal tasks only and can be safely deleted from the system if you are running the latest version of IconEdit2 | No |
| X | IECheck | MSDTCs.exe | Added by the TIRBOT-D WORM! | No |
| X | IECheck | xpssl.exe | Added by the TIRBOT-E WORM! | No |
| X | IECheck | mssvp.exe | Added by the TIRBOT-G WORM! | No |
| U | IECleanAux | Ieboot6.exe | IEClean by Kevin McAleavy - cookie manager, cache cleaner, history cleaner, etc. Performs cleaning tasks at startup | No |
| X | iedll | iedll.exe | Homepage hijacker, redirecting to coolwwwsearch.com | No |
| X | IEDriver | IEDriver.exe | IEDriver adware. Can be installed as part of peer-to-peer file sharing software called URLBlaze | No |
| X | IEDriver | xplore.exe | IeDriver adware variant | No |
| X | IEDriver | TD.exe | IeDriver adware variant | No |
| X | iedwa104 | iedwa104.exe | Added by the DLOADR-BBW TROJAN! | No |
| X | IEengine | IEeng.exe | STARTPAG.AI hijacker | No |
| X | IEexplorer AUpdate | IEexplore32.exe | Added by the RBOT-GRE WORM! | No |
| X | IEFeatures | IEFeatures.exe | Added by the POPMON.A TROJAN! - also known as PopMonster adware | No |
| X | IEFeatures | Internetfeatures.exe | Added by the POPMON.A TROJAN! - also known as PopMonster adware | No |
| X | IefxTray | IefxTray.exe | Added by the RILER-H TROJAN! | No |
| X | ieharv.exe | ieharv.exe | Added by the BANKER-HH TROJAN! | No |
| X | Iehelper | syslaunch.exe | Outwar adware downloader | No |
| X | iel2cde8 | rundll32.exe iel2cde8.dll, EnableRunDLL32 | LZIO.com adware downloader. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "iel2cde8.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| X | ielcaabe | rundll32.exe ielcaabe.dll, EnableRunDLL32 | LZIO.com adware downloader. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "ielcaabe.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| X | IELoader32 | iexplore32.exe | Added by the SPEX or SPEX.B WORMS! | No |
| X | Iesar | Iesar.exe | Browser hijacker - redirecting to an adult web page | No |
| X | Iesearch.exe | Iesearch.exe | LookNSearch adware | No |
| X | IESet | IExplorer.dll | Added by the PWS-BLUEDIT TROJAN! | No |
| X | iesetupi.exe | iesetupi.exe | Added by a variant of the RBOT WORM! | No |
| Y | IEShow | IEShow.exe | Anti-phishing component of BitDefender internet security products. Anti-phishing prevents sensitive data such as usernames, passwords and credit card details being acquired by web-sites and E-mails masquerading as a trustworthy sources | No |
| X | iestart | iexp1orer.exe | Added by the NEMOG.C TROJAN! | No |
| N | ietsr | ietsr.exe | IEClean by Kevin McAleavy - cookie manager, cache cleaner, history cleaner, etc | No |
| X | ieupdate | MCP****.exe [**** = random char] | Added by the ASOXY TROJAN! | No |
| X | ieupdate | mcpdll32.exe | Adware downloader trojan | No |
| X | ieupdates | ieupdates.exe | Added by a number of TROJANS such as DWNLDR-HGI and AGENT-HGA and the Antivirus 2009 rogue security software - see here | No |
| X | IEXPL0RER | IEXPL0RER.EXE | Added by the AGOBOT-QL WORM! Note the filename has a "0" rather than an upper case "o" | No |
| X | iexplo | iexplor.exe | Added by the SIDEA TROJAN! | No |
| X | IExploer | svshosts.exe | Added by the IRCBOT.BT TROJAN! | No |
| X | Iexploit | Iexploit.html | Added by the INKER.B WORM! | No |
| X | iexplor.exe | iexplor.exe | Added by an unidentified WORM or TROJAN! See here | No |
| X | Iexplore | iexplore.exe | Added by the BOXER TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System% | No |
| X | IEXPLORE | iexplore.exe | Added by the APHEXDOOR TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | IExplore | IEXPLORE.EXE | Added by the DLOADER-YZ TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in a "Custom" subfolder | No |
| X | IEXPLORE | IEXPLORE.EXE | Added by the BANKER-BWE TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System% | No |
| X | iExplore Ini | ie4uini.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Iexplore Services | iexplore.exe | Added by the LITHIUM BACKDOOR! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! | No |
| X | IEXPLORE.EXE | [path to trojan] | Added by the BANCOS-CJ TROJAN! | No |
| X | IEXPLORE.EXE | goot.exe | Added by the BIFROSE-C TROJAN! | No |
| X | IExplorer | Iexplor32.exe | Added by the BDOOR-BY BACKDOOR! | No |
| X | IExplorer | IExplorer.EXE | Added by the BANCOS-CH TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe) | No |
| X | IEXPLORER | msiecfg.exe | Added by the BDOOR-JU BACKDOOR or BANCBAN-IP TROJAN! | No |
| X | Iexplorer | explorer.exe | Added by the ZAPCHAS-AC TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System% | No |
| X | iexplorer lptt01 | iexplorer.exe | RapidBlaster variant (in a "iexplorer" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here | No |
| X | iexplorer ml097e | iexplorer.exe | RapidBlaster variant (in a "iexplorer" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here | No |
| X | Iexplorer.exe | Iexplorer.exe | Added by the BANCBAN-EN TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe) | No |
| X | IExplorer32 Java Scripting | IExplore32b.exe | Added by the RBOT.ABO WORM! | No |
| X | IExplorer32c Java Scripting | IExplore32cb.exe | Added by the RBOT.ABN WORM! | No |
| X | IExplorer6 Java Scripting | IExplore326.exe | Added by a variant of the SDBOT WORM! | No |
| X | IExplorer7 Java Scripting | IExplore327.exe | Added by a variant of the SDBOT WORM! | No |
| X | IExplorerService | WinSock.exe | Detected by Kaspersky as the AGENT.KIU TROJAN! See here | No |
| X | iExpresser | iexpresser.exe | Detected by Trend Micro as the SLENFBOT.AP WORM! See here | No |
| X | ifp | ipf.exe | Added by the CLAGGER-AG TROJAN! | No |
| X | ifperx | [random filename] | Added by a variant of the SLAPER TROJAN! | No |
| U | IFSplash.exe | IFSplash.exe | I-FORCE driver for force feedback steering wheel | No |
| U | IFXSPMGT | ifxspmgt.exe | Part of the Infineon Security Platform Software - which supports the on-board TPM security device included with some laptops from suppliers such as Acer, ASUS, HP and Sony | No |
| X | igamatu | ekor.exe | Added by the SDBOT.AQ TROJAN! | No |
| X | igamatu | atecaca.exe | Added by the IRCBOT.R WORM! | No |
| U | igfxtray | igfxtray.exe | Part of Intels Common User Interface for chipsets with integrated graphics controllers - which allows user to change different driver properties through Windows User Interface. Quick access to the control panel via a System Tray icon. Available via Start -> Settings -> Control Panel | No |
| ? | Iglpbv | Iglpbv.exe | ?? | No |
| N | igndlm.exe | DLM.exe | IGN Download Manager has become a requirement for downloading files through FilePlanet.com. It is based on Internet Explorer and it installs through an ActiveX-plugin, hence Internet Explorer must be installed beforehand and downloads has to be initialized through that browser | No |
| X | igsex2x | igsex2x.exe | NewDial premium rate adult content dialler | No |
| ? | iHP-100 | iHPDetect.exe | Drive Letter Searcher, iRiver iHP-100 iHP and H Series player related - does it need to start with Windows every time? | No |
| X | iilc | IILC.EXE | Homepage hijacker | No |
| X | Iinl | iptl.exe | PurityScan/Clickspring adware | No |
| X | IISADMINS | systems.exe | Added by the AGOBOT.U WORM! | No |
| X | iisvers | iisvers.exe | Added by an unidentified TROJAN or adware | No |
| X | iiuyvyu | uzcx.exe | Added by the AGENT-EOF TROJAN! | No |
| N | iIWiper | Systemwiper.exe | System Wiper from iI Software - allows you to clear the history of your activites from you computer. Run manually on a regular basis | No |
| Y | IJ75P2PSERVER | IJ75P2PS.EXE | Printer utility which is required in order to make the printer work correctly | No |
| Y | IKE Service 95 | IKEService.exe | Associated with PGP. The PGP Tray can be disabled, but without IKESERVICE you won't be able to de- or encrypt anything | No |
| U | iKeyWorks | IKEYMAIN.EXE | A4Tech wireless keyboard driver and utility | No |
| U | IKL | rundll32.exe [path] IKL.dll | IKL surveillance software. Uninstall this software unless you put it there yourself | No |
| X | iLLeGaL | Mplayer.exe | Added by the HOLAR.C (or GALIL) WORM! Note - this should not be comfused with Windows Media Player which has the same filename | No |
| X | iLLeGaL.exe | Mplayer.exe | Added by the HOLAR.C (or GALIL) WORM! Note - this should not be comfused with Windows Media Player which has the same filename | No |
| X | ilortgdg | keepSafe.exe | Added by the KILLAV.KAX TROJAN! | No |
| ? | ILO_Office_Manager | IntEdReg.exe /OFFMAN | Intense Educational Ltd - Language Office Software. Is it required? | No |
| U | iLyric | iLyric.exe | iLyric plugin for Winamp media player. Allows you to retrieve the lyrics for your songs with the press of a button | No |
| N | iM Start Center | iM_Tray.exe | Installed with the Sound Blaster Audigy range of soundcards. A radio tuner installed if the user chooses during installation. Available via Start -> Programs -> iM Networks -> iM Radio Tuner | No |
| X | Image | rundll32 [path] [trojan filename],Install | Added by the WINSHOW.Y TROJAN! | No |
| Y | Image & Restore | IMAGE32.exe | Part of McAfee Nuts & Bolts. Image/Restore can recover from drives that have been accidentally formatted or completely erased, if Image was recently run | No |
| X | Image Remote Players | sysvn.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| N | Image Transfer | SonyTray.exe | Sony Image Transfer software provides direct image transfer from your digital camera to a PC - can be started manually | No |
| U | ImageDrive-{hex numbers} | ImageDrive.exe | Nero ImageDrive from Ahead - virtual CD/DVD drive software | No |
| U | Imagefox | imagefox.exe | ImageFox 2.0 (formerly available from ACDSee) is an "add-on" graphics previewer for most Windows Open/Save As dialog boxes | No |
| X | Imagemgt32 | Imagemgt32.exe | Added by the GEMA TROJAN! | No |
| X | ImagePath | taskbarmngr.exe | Added by the SDBOT-XB WORM! | No |
| U | ImageTune | dthtml.exe | Display Tune (aka Image Tune) from Portrait Displays, Inc. - "is the perfect software utility to initially set-up and adjust your display to achieve its optimum performance. All adjustments are made through a simple graphical user interface and the user is guided, step-by-step, through the entire initial tuning process." Also licensed and renamed by manufacturers such as Gateway and HP | No |
| X | IMAPI | load.exe | Added by the DOWNDEL-A TROJAN! | No |
| N | iMarkup Client | iUtil.exe | Enables the iMarkup Client web page annotation utility to run in the background and be available in systray. Shortcut available via Start -> Programs | No |
| U | Imatio | imation.exe | Imation Disk Manager - enables you to create a password protected area on your Imation USB flash drive | No |
| X | imchat | imchat.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | IMClass | Svhosl.exe | Added by an unidentified WORM or TROJAN! | No |
| X | imcssl | xmliwvug.exe | Detected by Kaspersky as the SLAPER.U TROJAN! See here | No |
| N | imekrmig | imekrmig.exe | Part of MS Input Method Editor which is used to ease the input of Asian characters in MS Office (Chinese, Japanese and this one is Korean) | No |
| N | IMEKRMIG6.1 | IMEKRMIG.EXE | Part of MS Input Method Editor which is used to ease the input of Asian characters in MS Office (Chinese, Japanese and this one is Korean) | No |
| N | Imesh | ?? | Imesh is a file sharing system | No |
| N | Imesh Auto Update | ?? | Update check for the Imesh file sharing system. Turn the update off under "options" | No |
| X | IMEvtMgr.exe | IMEvtMgr.exe | Added by the KEYLOG-AR TROJAN! | No |
| U | ImgIcon | ImgIcon.exe | Displays Iomega icons in Explorer/My Computer, ejects Zip disks on shutdown and displays a special delete confirmation box when deleting files on an Iomega drive. Available via Start -> Programs. If you disable it remember to eject disks first before powering the drive down - hence the "U" recommendation. Note - FreeCell may not run with ImgIcon running | No |
| X | imgit | [path to file] | Added by the BANKER-EM TROJAN! | No |
| N | ImgStart | ImgStart.exe | Used by Iomega drives. Details of its purpose can be found here. Available via Start -> Programs | No |
| N | ImgTask | Imgtask.exe | Related to WalletPix digital photo album. "On some computers, the Wallet Pix device will leave behind a memory-resident file called ImgTask.exe. This file will be located in the operating system directory on your computer (typically C:\windows or C:\winnt). You can remove this file at any time and it will not impact your computer's performance or functionality. The file will be restored each time you plug in the Wallet Pix though" | No |
| N | Imjpmig*.* | IMJPMIG.EXE | Part of MS Input Method Editor which is used to ease the input of Asian characters in MS Office (Chinese, Korean and this one is Japanese). *.* represents the version number | No |
| X | IMJPMIG8.2 | msime82.exe | Added by the VB-CYG WORM! | No |
| ? | immcheck.exe | immcheck.exe | Related to I-FORCE driver for force feedback steering wheel? | No |
| X | ImMsn | timed.exe | Added by the WEBDOR.AK TROJAN! | No |
| U | IMOL | IMOLApp.exe | IncrediMail for Office Outlook Add-On | No |
| N | Imonitor | Plguni.exe | McAfee QuickClean 3.0 - removes internet clutter and unwanted programs | No |
| X | imonitor | [path to trojan] | Added by the IMONI-A TROJAN! | No |
| U | IMONTRAY | imontray.exe | System tray monitoring of fans, temperature, voltage, etc for Intel motherboards. Only needed if you "overclock" or live in hot environment. Can also cause problems when running on a laptop if you change PCMCIA cards | No |
| X | IMprocess | IM-svr.EXE | IMNames adware | No |
| U | IMStart | IMStart.exe | InterMute security software related | No |
| U | IMVU | IMVUClient.exe | IMVU chat client that allows you to create "your own avatars who chat in animated 3D scenes" | No |
| X | imwinsrvc | acpmonsrv.exe | Added by the SLAPER.E TROJAN! | No |
| X | IMwire | imwireup.exe | SafeSurfing adware variant | No |
| X | imxecs | vbrun70sp4.exe | Added by the AGOBOT.ALA WORM! | No |
| X | im_autorn | im_1.exe | Added by the IMAV.A WORM! | No |
| X | im_autorn | im_2.exe | Added by the BAGLEDL-BO TROJAN! | No |
| Y | InCD | incd.exe | Ahead InCD packet writing software - similar to DirectCD. For Nero 5.0 or 5.5 (InCD3), it does not need to start with Windows. You can run InCD.exe manually before inserting an appropriately formatted CD-RW (CD-MRW) disk. For Nero 6.0, 6.3 or 6.6 (InCD4), it does need to start with Windows. It does not function correctly when you try to run it manually, and you will not have write access to MRW (Mount Rainier) formatted CD-RW (CD-MRW) or DVD-MRW disks. To regain write access and other features, InCD 4 must start with Windows | No |
| N | IncMail | IncMail.exe | "IncrediMail is an advanced, feature-rich email program that offers you an unprecedented interactive experience. Unique multimedia features will enable you to tailor your email experience so that it fits your mood and personality" | No |
| N | InControl Desktop Manager | DMHKEY.EXE | For Diamond Multimedia video cards. Allows System Tray access to desktop utilities such as screen resolution. Available via Start -> Programs | No |
| N | Incredimail | incredimail.exe | "IncrediMail is an advanced, feature-rich email program that offers you an unprecedented interactive experience. Unique multimedia features will enable you to tailor your email experience so that it fits your mood and personality" | No |
| N | Incredimail | IncMail.exe | "IncrediMail is an advanced, feature-rich email program that offers you an unprecedented interactive experience. Unique multimedia features will enable you to tailor your email experience so that it fits your mood and personality" | No |
| X | Index Service | dllhost32.exe | Added by the AGOBOT.CH WORM! | No |
| U | Index Washer | WashIdx.exe | Window Washer from Webroot Software. Useful utility that deletes safe to remove files, cookies, browsing history, etc. Available via from Start -> Programs. Disable within the program options - otherwise it is re-enabled in MSCONFIG | No |
| X | Indexindicator | Indexindicator.exe | Added by the LAZAR TROJAN! | No |
| N | IndexSearch | IndexSearch.exe | Associated with PaperPort scanner software from ScanSoft | No |
| U | IndexTray | IndexTray.exe | Part of Sharpdesk from Sharp Electronics. "A desktop-based, personal document management application that lets users browse, edit, search, compose, process, and forward both scanned and native electronic documents" | No |
| U | IndicatorUty | IndicatorUty.exe | Fujitsu Hotkey Utility displays icons on the screen when you use hotkeys on a Fujitsu Siemens Lifebook, eg, when you press the hotkey for muting the sound, a loudspeaker icon with a cross on it is displayed | No |
| U | IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} | NMIndexStoreSvr.exe | Indexing service that catalogs all the media on your computer so that the files are available to all of the programs in the Nero suite of applications | No |
| X | ine | svchosts.exe | Added by the RBOT.BNL WORM! | No |
| X | INET | inetsync.exe | Meplex adware | No |
| X | Inet DataBase | Inetdbs.exe | Added by the QEDS WORM! | No |
| X | Inet Delivery | inetdl.exe | Inet Delivery adware | No |
| X | Inet Delivery | inetdl_2.exe | Inet Delivery adware | No |
| X | Inetapi | Netapi.exe | Added by the NETDEVIL.14 TROJAN! | No |
| U | inetcntrl | inetcntrl.exe | Bsafe Online - internet filter | No |
| ? | InetConf | inetconf.exe | ?? | No |
| U | Inetd | INETD32.EXE | Windows Inet Daemon from Hummingbird Communications. "Hummingbird Inetd has the advanced ability to conserve PC resources by listening for connection requests and launching server daemons". Provides PCs with the full functionality of a UNIX workstation | No |
| U | inetinfo.exe | inetinfo.exe | Executable used by MS Internet Information Server (IIS). If it's running, then so is IIS. Useful in knowing whether you require the patch for the Code Red worm. Comes with PWS (Personal Web Server) or NT4 and handles ASP-, PHP code (+ more) | No |
| X | inetinfomon manager | inetinfomon.exe | Added by the DONBOMB.A TROJAN! | No |
| X | inetmgr | inetmgr.exe | Actual Names (AdvSearch) Internet Keywords parasite | No |
| X | InetMSN | msnet.exe | Added by a variant of the SDBOT TROJAN! | No |
| X | InetServices | wsock32.exe | Added by the WOCK32-A TROJAN! | No |
| X | infamous.exe | wmplayer.exe | Added by unknown malware. WMPLAYER.EXE is stored in the location and uses the same name as Windows Media Player but that valid Windows program doesn't load at startup | No |
| X | InfeStop | InfeStopRemover.exe | InfeStop spyware remover - not recommended, see here | No |
| X | info | smss.exe | Added by the VB.EIW WORM! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %System%\inetsrv | No |
| U | Info Select | is.exe | Info Select from Micro Logic - personal information manager | No |
| X | Info32x | Info32x.exe | Added by the GEMA TROJAN! | No |
| X | InfoData | rundll32.exe ********.dll, realset [* = random char] | Added by the VUNDO TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The random DLL file is found in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| U | InfoPenMSN | InfoPenIM.exe | InfoPenMSN is a MSN Messenger plugin that allows you to send data written/drawn by hand | No |
| ? | Infoplay.exe | Infoplay.exe | Written by New Media Properties, LLC and you're asked if you want to download and install it if you visit one of their search engine websites (which I chose not to). What does it do and is it needed? | No |
| X | Information Update | iu.exe | Detected by Kaspersky as the CENTIM.CH TROJAN! | No |
| U | Infra-red Monitor | IRMON.EXE | System Tray access to infra-red devices. Not required unless you use infra-red devices | No |
| X | infus | infus.exe | Adult content dialler | No |
| U | Infuzer | Infuzer.exe | Infuzer - "is a service that copies dates from the web or an email straight to your electronic calendar". Beware of the following adware trait - "Infuzer provides web site owners with a unique opportunity to communicate with their visitors in a way that is useful and relevant to them, as well as increasing return visits and brand awareness, and providing new e-commerce opportunities" | No |
| X | infwin | infwin.exe | VX2.Transponder parasite updater/installer related | No |
| X | Init | [path to trojan] | Added by the DROPPER.EAT TROJAN! | No |
| X | Init32 | Init32.exe | Added by the WINEX.A TROJAN! | No |
| X | Initial Page | install.exe | EasySearch browser hijack installer | No |
| Y | Initialize8x8 | 8x8_init.exe | Tool that initializes a Pinnacle PCTV card - maybe in capture or in showing overlay | No |
| X | injob | injobs.exe | Added by the BINJO TROJAN! | No |
| N | Ink Monitor | InkMonitor.exe | Associated with Epson (and maybe other) printers. Tells you when the ink's running low and asks if you want to buy another cartridge on-line | No |
| N | InkWatch | InkWatch.exe | Associated with Canon (and maybe other) printers. Tells you when the ink's running low and asks if you want to buy another cartridge on-line | No |
| Y | InoRPC | InoRpc.exe | Associated with eTrust Antivirus/InoculateIT | No |
| Y | InoRT | InoRT9x.exe | Associated with the Realtime Monitor of eTrust Antivirus/InoculateIT version 6 virus scanners from Computer Associates. For NT/2K/XP users you may need a patch if seeing high CPU useage | No |
| U | InoTask | InoTask.exe | Scheduled scans and signature updates for eTrust Antivirus/InoculateIT version 6 virus scanners from Computer Associates. Leave enabled unless you manually update signatures or perform routine scans. If enabled it can result in high CPU useage when performing updates | No |
| X | iNotice | iservice.exe | Added by a variant of an MSN worm that tries to lure people to an infected site by using nude pictures and videos | No |
| ? | insCOA5 | insCOA5.exe | ?? | No |
| X | Insider | Insider.exe | Detected by PCTools as the AGENT.KMC TROJAN! See here | No |
| U | InstaAlert | InstaAlert.exe | "Kayako InstaAlert allows you to receive realtime alerts whenever a ticket gets updated under the assigned departments. The application displays popups as and when the tickets are created or replied to allowing you to answer your customer requests and issues promptly" | No |
| X | Instafinder | instafinder.exe | TopSearch.D adware | No |
| X | InstaFinderK | InstaFinderK inst.exe | InstaFinder adware | No |
| X | Install | Install.exe | Added by the BANCBAN-HG TROJAN! | No |
| X | Install part II | updates.exe | Added by the RELFEERWORM! | No |
| ? | Install Pending Files | sifxinst.exe | Uninstall program for Lanovation's Prism Deploy and Prism Pack adminstrators software deployement tools. For specific information see here. Is it required? | No |
| X | install32 | install32.exe | Detected by Kaspersky as the NUCLEAR.DG BACKDOOR! See here | No |
| N | InstallAurealDemos | InstallAurealDemos.js | Used to initialize the Aureal A3D demos InstallShield wizard | No |
| U | InstallBuddy | Ibtna.exe | InstallBuddy - automatically translates and installs your desktop documents, such as Adobe PDF, HTML, Microsoft Word, Excel and PowerPoint files, to your Palm organizer when you HotSync | No |
| X | InstallCleaner | InstallCleaner.exe | Added by the ANYHOMB.F TROJAN! | No |
| X | Installed shell32.dll | Office.exe... | Added by the LOVGATE.AO WORM! | No |
| X | Installed shell32.dll | Office.exe | Added by the LOVGATE.E WORM! | No |
| X | Installer | dial.exe | Malware - detected by Kaspersky as the AGENT.MM TROJAN! | No |
| ? | InstallNAIProduct | SETUP.EXE | Could be related to Network Associates Inc who own the McAfee VirusScan product amongst others. This was found in a directory called "VSC". Could it be an installation that failed and "SETUP.EXE" was left to run at startup as an error? | No |
| X | InstallProvider | newsoftware2007install.exe | WinAntiVirus Pro 2007 and Privacy Protector misleading security software - not recommended, see here | No |
| X | Installs SP2 | [path] repcale.exe [path] palsp.exe | Added by a variant of the RANDON.AN WORM! | No |
| U | Installstub | installstub.exe | Tool for Outlook and Outlook Express from Plaxo for organising and keeping contacts organised and updated and providing online access to your contacts and access from PDA or mobile phone | No |
| X | Instance 001 | [path to worm] | Added by the ALASROU-A WORM! | No |
| X | Instant Access | rundll32.exe EGDHTML_1023.dll, InstantAccess | InstantAccess premium rate adult content dialler variant. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| X | Instant Access | rundll32.exe eg_auth_****.dll, InstantAccess [**** = digits] | InstantAccess premium rate adult content dialler variant. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| X | Instant Access | rundll32.exe EGCOMLIB_****.dll, InstantAccess [**** = digits] | InstantAccess premium rate adult content dialler variant. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| X | Instant Access | rundll32.exe EGCOMSERVICE_****.dll, InstantAccess [**** = digits] | InstantAccess premium rate adult content dialler variant. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| X | Instant Access | rundll32.exe p2esocks_****.dll, InstantAccess [**** = digits] | InstantAccess premium rate adult content dialler variant. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| X | Instant Access | mwsrvacc.exe | InstantAccess premium rate adult content dialer | No |
| X | Instant Access | linewsrv.exe | InstantAccess premium rate adult content dialer variant | No |
| X | Instant Buzz Daemon | IBDaemon.exe | Instant Buzz adware | No |
| X | Instant Messenger Service | imservice.exe | Detected by Kaspersky as the HEUR TROJAN! | No |
| N | Instant Update Center | reminder.exe | From Broderbund's PrintMaster 10. It is an event reminder (for calendar dates, etc). Delete from the startup using Startup Manager program because it keeps re-checking itself when using MSCONFIG. PrintMaster 11 uses filename PMremind.exe - it has to be unchecked in startup in the same manner | No |
| U | Instant Wireless Configuration Utility | WUSB11cfg.exe | Utility used by the LINKSYS LINKSYS wireless USB Adapter (WUSB11) and indicates when a wireless access connection is made by a screen colour change. Also used for configuration | No |
| U | Instant Wireless Configuration Utility | WPC11Cfg.exe | Utility used by the LINKSYS wireless USB Adapter (WUSB11) and indicates when a wireless access connection is made by a screen colour change. Also used for configuration | No |
| N | InstantAccess | INSTAN~1.EXE | From TextBridge Pro 9.0 OCR scanner software. Available via Start -> Programs | No |
| U | InstantDrive | InstantDrive.exe | Pinnacle Systems (ex VOB) InstantDrive - creates a virtual CD-ROM drive on the computer's hard drive. Part of InstantCD/DVD burning software | No |
| X | InstantPleasure | instantpleasure.exe | Adult content dialler | No |
| X | InstantPleasureXXX | instantpleasurexxx.exe | Adult content dialler | No |
| N | InstantTray | PCLETray.exe | Pinnacle InstantCD/DVD disc creation software. Tray icon enabling a pop-up menu that lets you call up any of Instant CD/DVD's tools with one click. Can be started manually | No |
| X | instit | instit.bat | Added by the OPASERV.H WORM! | No |
| X | instit | INSTIT.BAT | Added by the OPASERV.K WORM! | No |
| ? | InstUtlR.exe | InstUtlR.exe | ?? | No |
| X | intdctrr | idctup20.exe | SafeSurfing adware variant | No |
| X | Intec Service Drivers | msmsgrs.exe | Added by the SDBOT-ADN WORM! | No |
| X | Intec Service Drivers | [path to worm] | Added by the RBOT-GLU WORM! | No |
| X | Intec Service Drivers | wing32.exe | Added by the RBOT.HAZ WORM! | No |
| X | Intec Services Driverrs | winrvc.exe | Added by a variant of the SDBOT WORM! | No |
| U | IntegardTray | IntegardTray.exe | System Tray access to Integardparental control software from Race River Corp | No |
| U | Intel Active Monitor | imontray.exe | System tray monitoring of fans, temperature, voltage, etc for Intel motherboards. Only needed if you "overclock" or live in hot environment. Can also cause problems when running on a laptop if you change PCMCIA cards | No |
| X | Intel Audio Studio V2.0 | fmideploy.exe | Detected by VBA32 as the BIFROSE.ADR TROJAN! | No |
| X | Intel Driver | csrs.exe | Added by a variant of the SDBOT WORM! | No |
| U | Intel File Transfer | xfr.exe | Part of Intel's LANDesk Management Suite 6 and the Common Base Agent (CBA) - used for communicating between the core server and managed clients | No |
| U | Intel PDS | pds.exe | Intel Ping Discovery Service (PDS). Part of Intel's LANDesk Management Suite 6 and the Common Base Agent (CBA) - used for communicating between the core server and managed clients. Will start the dial-up if installed and enabled | No |
| U | Intel Product Number Utility | IntelProcNumUtility.exe | Intel Processor Serial Number Control Utility allows you to enable and disable the processor serial number capability of an Intel PIII processor. You can find more information here. System Tray icon providing the user with a visual state indication. You can find more information here | No |
| N | Intel PROSet Tray Icon | promon.exe | System Tray icon for Intel PRO series ethernet adapters giving access to the diagnostic features | No |
| X | Intel Service Drivers | msconfig16.exe | Added by the MSCONFIG16 TROJAN! | No |
| X | Intel system tool | hookdump.exe | Added by the SPYRE-H TROJAN! | No |
| X | Intel system tool | winnook.exe | Added by the SPYRE-C TROJAN! | No |
| X | Intel system tool | svehost.exe | Added by the AGENT-EBT TROJAN! | No |
| X | Intel system works | iis.exe | Added by the RBOT.QGA WORM! | No |
| U | Intel(R) Common User Interface | igfxtray.exe | Part of Intels Common User Interface for chipsets with integrated graphics controllers - which allows user to change different driver properties through Windows User Interface. Quick access to the control panel via a System Tray icon. Available via Start -> Settings -> Control Panel | No |
| U | Intel(R) Common User Interface | hkcmd.exe | Part of Intels Common User Interface for chipsets with integrated graphics controllers - which allows user to change different driver properties through Windows User Interface. If the user wishes to have "HotKey" access to Intel's customised graphics properties, it is required, otherwise not. It can be disabled via the Display Properties in the Control Panel | No |
| N | Intel(R) Common User Interface | igfxpers.exe | Part of Intels Common User Interface for chipsets with integrated graphics controllers - which allows user to change different driver properties through Windows User Interface. Not known exactly what it does but apparently it isn't required | No |
| X | intel32.exe | intel32.exe | Added by the SmitFraud alias SPYJACK-B TROJAN! | No |
| U | IntelAPMClient | amclient.exe | LANDesk® Management Suite software component | No |
| N | IntelAudioStudio | IntelAudioStudio.exe | "Intel Audio Studio combines Intel? High Definition audio hardware features with Sonic Focus* Audio Refinement and Dolby* technologies to provide you with a comprehensive tool that puts you in control of your audio experience". Audio utility supplied with Intel motherboards | No |
| X | InteliSys | smss.exe | Advertisingvision adware! Note - this is not the legitimate smss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder | No |
| X | intell32.exe | intell32.exe | Added by the SmitFraud alias Desktophijack.C TROJAN! | No |
| X | intell321.exe | intell321.exe | Added by the SPYJACK-B TROJAN! | No |
| X | Intelliflag_be.exe | Intelliflag_be.exe | Intelliflag spyware | No |
| U | IntelliPoint | point32.exe | Microsoft Intellipoint software for their Intellimouse series of mice - required if you use non-standard Windows driver features | No |
| U | IntelliPoint | ipoint.exe | Microsoft Intellipoint software for their Intellimouse series of mice - required if you use non-standard Windows driver features | No |
| U | Intellitype | type32.exe | For MS programmable keyboards. If you disable Intellitype in Startup, any "Hot Keys" that are changed by the user to perform functions other than default settings, defer back to their default settings. Not required unless you have changed them | No |
| U | IntelMEM | IntelMEM.exe | Related to connection events on an Intel chipset based modem. It can alert you if the telephone line is being used when you're trying to get online (when you're using dial-up). It can also alert you if your modem line is disconnected. Furthermore, it can alert you if you have made a wrong connection with your modem line | No |
| U | IntelProcNumUtility | cpunumber.exe | Intel Processor Serial Number Control Utility allows you to enable and disable the processor serial number capability of an Intel PIII processor. You can find more information here. System Tray icon providing the user with a visual state indication. You can find more information here | No |
| Y | IntelWireless | ifrmewrk.exe | Associated with the Intel PRO/Set Wireless software | No |
| U | IntelZeroConfig | ZCfgSvc.exe | Zero Config MFC Application, part of Intel's ProSET utilities and installed by the drivers for many of Intel wireless network cards - essential to the proper functioning of many of the Intel ProSET utilities (but not all) and these System Tray ProSET utilities are a must if you are using your wireless connection, if only so you know when the signal is fading or dropping. The problem is that, in some PCs, ZCFGSVC can be incredibly badly behaved : taking up to 100% of CPU time and therefore resulting in an extremely slow PC, preventing the installation of software or Windows updates, or causing "Not Responding" or "End this Program" shutdown problems. If you experience this, try first the very latest drivers from Intel or your laptop manufacturer. If that still does not solve the problem and you have WinXP/2003, try setting the "Wireless Zero Configuration" service to disabled | No |
| ? | Intense Registry Service | IntEdReg.exe /CHECK | Intense Educational Ltd - Language Office Software. Is it required? | No |
| X | InterceptedSystem | [path to worm] | Added by the ANACON-B WORM! | No |
| Y | InterCheck Monitor | Icmon.exe | Part of Sophos ant-virus sofware | No |
| Y | InterCheckMonitor | ICMON.EXE | Part of Sophos anti-virus sofware | No |
| X | Interdll | Interdll.exe | Added by the DELF family of TROJANS! | No |
| X | Internal | [trojan filename] | Added by the SMOTHER and TRANSLAT TROJANS! | No |
| X | Internal | regedit.exe /s %windir%c:[month number] | Added by the FORTNIGHT.D TROJAN! | No |
| X | Internal Memory File | sysintmemory.exe | Added by the RBOT-GKT WORM! | No |
| X | InternalSystray | Kazza.exe | Added by a variant of the OPTIX TROJAN! Note - unlike the valid KaZaA executable, this is located in C:WindowsSystem (Win9x/Me), C:WinntSystem32 (WinNT/2K), or C:WindowsSystem32 (WinXP) | No |
| X | internat | internat.exe | Added by the LYDRA-F TROJAN! Note - the real internat.exe resides in %windir%\system (where %windir% is the Windows directory - C:\Windows or C:\Winnt) whereas this version resides in %windir% | No |
| X | Internat | systray.exe | Added by the ALADINZ.P TROJAN! Note - this is not the legitimate systray.exe process. If you right-click on the real systray.exe the "Properties" reveal it to be a Microsoft file | No |
| X | Internat | msgsrv32.exe | Added by the NYRUBOT-A WORM! | No |
| X | Internat | [trojan filename] | Added by the CMJSPY-Y TROJAN! | No |
| X | Internat Conf | bootconf.exe | Homepage hijacker, redirecting to coolwwwsearch.com; see for example here | No |
| N | internat.exe | internat.exe | Microsoft language selection icon in system tray, located in the System (Win98/Me) or System32 (WinNT/2K/XP) folder | No |
| X | Internat.exe | internat.exe | Added by the NETSNAKE TROJAN! Note - the real internat.exe resides in %windir%system (Win98/Me) or %windir%System32 (WinNT/2K/XP) (where %windir% is the Windows directory - C:\Windows or C:\Winnt) and has a "?" icon wheras this version resides in %windir% and has a ZIP icon | No |
| X | internct | WinSocks5.exe | Added by the GRAYBIRD.F TROJAN! | No |
| X | internet | smss.exe | Added by the MIFENG-K TROJAN! Note - this is not the legitimate smss.exe process which should NOT appear in Msconfig/Startup! | No |
| X | Internet | Internet.exe | Added by the PWS-CS TROJAN! | No |
| X | Internet | recruit.exe | Added by the RBOT-AJG WORM! | No |
| X | internet | [trojan filename].exe | Added by the MIFENG-D TROJAN! | No |
| X | Internet | winlogom.exe | Added by a variant of the SDBOT WORM! | No |
| X | Internet | nteusodp.exe | Added by the RBOT-GFJ WORM! | No |
| X | internet | winsas32.exe | Added by a variant of the SDBOT WORM! | No |
| X | internet | lsass.exe | Added by the DSPY-A TROJAN! Note - this is not the legitimate lsass.exe process which should not normally figure in Msconfig/Startup! | No |
| X | Internet | alm7tas.exe | Added by a variant of the RBOT WORM! | No |
| X | Internet | wins.exe | Detected by PCTools as the RBOT.AAYF WORM! See here | No |
| U | Internet Answering Machine | IAMNET~1.EXE | From Callwave. It offers a free utility to monitor your incoming phonecalls if you only have a single telephone line for internet access | No |
| U | Internet Answering Machine | IAM.exe | From Callwave - offers a free utility to monitor your incoming phonecalls if you only have a single telephone line for internet access | No |
| X | Internet Application Driver | expIorer.exe | Added by the IRCBOT-WK TROJAN! | No |
| U | Internet Call Director | ICD.EXE | TELUS Internet Call Director (ICD) provides Internet users with real-time call notification while connected to the Internet | No |
| U | Internet Call Manager | ICM.EXE | Starts Internet Call Manager dialog box and/or taskbar icons at bootup. This is a subscription program from internetcallmanager.com that monitors a dialup phone line for incoming calls and handles voicemail | No |
| X | Internet Config | svchosts.exe | Added by the SDBOT TROJAN! | No |
| X | Internet Connection Wizard | stisvsq.exe | EasySearch adware | No |
| X | Internet Connection Wizard | [path to trojan] | Added by the SMUTSRCH-A TROJAN! | No |
| X | Internet Connection Wizard | stisvsq1.exe | Added by the DLOADR-AWD TROJAN! | No |
| X | Internet Content Publisher | ICP.EXE | Added by the RBOT-UD WORM! | No |
| U | Internet Disk Cleaner | CLEARH~1.EXE | "Internet Disk Cleaner from Elongsoft "protects your privacy by cleaning up all Internet tracks and past computer activities" | No |
| U | Internet Download Accelerator | ida.exe | Internet Download Accelerator download manager | No |
| X | Internet download manager service | idman.exe | Added by the RBOT-BMS WORM! | No |
| X | Internet Exploere Services | urlmon32.dll.exe | Added by the EVIAN.C WORM! | No |
| X | Internet Explore Microsoft | lEXPLORE.EXE | Added by the RBOT-AOF WORM! Note - the executable is spelt with a lower case "L" rather than an lower or upper case "i" which is the case with Internet Explorer | No |
| X | Internet Explorer | iexplorer.exe | Added by the LORSIS WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) | No |
| X | Internet Explorer | IEXPLORE.EXE | Added by the RBOT-EY WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System% | No |
| X | Internet Explorer | IExplorer.exe | Added by the NETHIEF-O BACKDOOR! Note - this is not the legitimate Internet Explorer (iexplore.exe) | No |
| X | Internet Explorer | http.exe | Added as part of a new potential CWS infection, and part of a suite of programs that installs a web server, php, ftp server, socks, and mail server on your computer without your knowledge. These files are known to be part of an infection that transmits information about your bank accounts, passwords, and other financial information. It should be deleted immediately, you should enable your firewall, and you should contact your financial services in order to report the issue and to have your passwords changed | No |
| X | Internet Explorer | iexpiore.exe | Added by the RBOT-AZC WORM! | No |
| X | Internet Explorer | IEPLORE32.EXE | Added by the AOGBOT-CU WORM! | No |
| X | Internet Explorer Configuration | IEXPLORE.EXE | Added by the SDBOT-UL WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System% | No |
| X | Internet Explorer Security | iexplore.pif | Added by the RBOT-ALQ WORM! | No |
| X | Internet Explorer Updater | lexbac.exe | Added by the DOWNLOAD TROJAN! | No |
| X | Internet Explorer Updater | iexplorer.exe | Added by the REUR.B WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) | No |
| X | Internet Explorer6 | IEexplore.exe | Added by the RBOT.AGC WORM. Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System% | No |
| X | Internet Explorer6.0 | IEXPLORE.EXE | Added by the RBOT.ENZ WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System% | No |
| X | Internet Firewall Layer | tsqla.exe | Added by a variant of the SPYBOT WORM! | No |
| U | Internet History Eraser | HERASER.exe | Internet History Eraser - deletes your browsing tracks | No |
| X | Internet Loader1 | MSInstall61.exe | Added by the KWBOT.B WORM! | No |
| X | Internet Mail and News | msqdevl.exe | EasySearch adware | No |
| X | Internet Mail and News | [path to trojan] | Added by the SMUTSRCH-A TROJAN! | No |
| X | Internet Mail and News | msqdevl1.exe | Added by the DLOADR-AWD TROJAN! | No |
| X | Internet Optimizer | optimize.exe | Internet Optimizer parasite - detected by Sophos as the DLUCA-G TROJAN and variants | No |
| X | Internet Protocol Configuration Loader | ipcl32.exe | Added by the SDBOT TROJAN! | No |
| X | Internet Security Service | msq32.exe | Added by the RBOT-GFP WORM! | No |
| X | Internet Security Service | msq23.exe | Added by the RBOT-GQL WORM! | No |
| X | Internet Security Service | msql23.exe | Added by the RBOT-GML WORM! | No |
| X | Internet Security Service | mysqlwin32.exe | Added by the RBOT.UX TROJAN! | No |
| X | Internet Send | More log.exe | Unidentfied adware | No |
| X | Internet Server | inetsrv.exe | Added by the STARTPA-EM TROJAN! | No |
| X | Internet Service | intersvc.exe | Added by the SPYBOT-DE WORM! | No |
| X | internet service | syscfg32.exe | Added by the RBOT-QS WORM! | No |
| X | internet service | ssvhost.exe | Added by a variant of the RBOT WORM! | No |
| X | internet service | svho0st98.exe | Added by the RBOT.EAT WORM! | No |
| X | Internet Services | systemdev.exe | Added by the SDBOT-PW WORM! | No |
| X | Internet Services | internet.exe | Added by the MYTOB.BT WORM! | No |
| X | Internet Services | interserv.exe | Added by the RBOT.BNT WORM! | No |
| X | Internet Services | Netsvc.exe | Added by the MYTOB.MN WORM! | No |
| X | INTERNET SERVISES | winz32.exe | Added by the KWBOT.Z WORM! | No |
| Y | Internet Sharing Server | iss_srvr.exe | Intel AnyPoint internet sharing software. Now discontinued | No |
| X | Internet Suspention | story.exe | Added by the WOOTBOT.HV WORM! | No |
| N | Internet Sweeper | Sweeper.exe | Internet Sweeper - removes unnecessart left over files after browsing the internet | No |
| U | Internet Timer | ITIMER.exe | Shareware dial-up connection call cost calculator from Ratsoft | No |
| X | Internet Washer Pro | iw.exe | Internet Washer manages temporary browser files, cookies, etc - a 'trial' Internet Washer Pro seems to have been widely stealth-installed around March 2003 | No |
| X | Internet.exe | Internet.exe | Added by the MAGICCALL VIRUS! | No |
| X | internet.exe | yinyin3345.vbs | Added by the YINI MACRO! | No |
| X | Internet2 Optimizer | wkfix.exe | Added by a variant of the RBOT WORM! | No |
| N | InternetCalls | InternetCalls.exe | InternetCalls - free internet telephony utility using the VoIP (Voice over Internet Protocol). Call online friends for free and regular phones either for free (limited use) or low rates. One of a number provided by Betamax - the others generally have different rate plans. Similar to the more popular Skype | No |
| X | InternetExplorer2 | windows.exe | Added by the SDBOT-CZP WORM! | No |
| X | InternetExplorer32 | iexplore32.exe | Added by the RBOT-GRA WORM! | No |
| X | InternetShield | INTERN~1.EXE | InternetShield misleading security software - not recommended, see here | No |
| U | InternetSpy | InternetSpy.exe | Internet Spy - freeware keylogger that tracks all visited websites including the date and exact time these sites were visited. The information is stored in a file that may be accessed by the person who knows where it is saved. Remove unless you installed it yourself! | No |
| X | InternetWasherPro | iw.exe | Internet Washer manages temporary browser files, cookies, etc - a 'trial' Internet Washer Pro seems to have been widely stealth-installed around March 2003 | No |
| X | INTERNET_SERVISES | winz32.exe | Added by the SDBOT.Q TROJAN! | No |
| U | InternodeUsage | mum.exe | Australian ISP's free monthly download meter | No |
| X | Internt | Internt.exe | Added by the PEEPER or CARUFAX.A TROJANS! | No |
| X | Intersoft Msngr | intersoftmsngr.exe | Added by the AGOBOT-NW WORM! | No |
| N | InterTrust Quick Start | it_cpq~1.exe | InterTrust offers something known as Digital Rights Management to control legal software download and other E-commerce related business | No |
| X | InterU | WINDRV.EXE | Added by the IRCINTER.A TROJAN! | No |
| N | Intervideo Win Cinema Manager | WinCinemaMgr.exe | WinCinema Manager is needed when using the WinDVD Remote Control for WinDVD from Intervideo. Available via Start -> Programs | No |
| N | Intervideo Win Cinema Manager | WINCIN~1.EXE | WinCinema Manager is needed when using the WinDVD Remote Control for WinDVD from Intervideo. Available via Start -> Programs | No |
| N | Intervideo WinCinema Manager | WinCinemaMgr.exe | WinCinema Manager is needed when using the WinDVD Remote Control for WinDVD from Intervideo. Available via Start -> Programs | No |
| N | Intervideo WinCinema Manager | WINCIN~1.EXE | WinCinema Manager is needed when using the WinDVD Remote Control for WinDVD from Intervideo. Available via Start -> Programs | No |
| N | Intervideo WinScheduler | WinScheduler.exe | WinScheduler is installed with WinDVD Remote Control for WinDVD from Intervideo. If you want to schedule recordings from your TV tuner card, you will need it. Available via Start -> Programs | No |
| N | Intervideo WinScheduler | SchSvr.exe | WinScheduler is installed with WinDVD Remote Control for WinDVD from Intervideo. If you want to schedule recordings from your TV tuner card, you will need it. Available via Start -> Programs | No |
| N | InterVoip | InterVoip.exe | InterVoip - free internet telephony utility using the VoIP (Voice over Internet Protocol). Call online friends for free and regular phones either for free (limited use) or low rates. One of a number provided by Betamax - the others generally have different rate plans. Similar to the more popular Skype | No |
| U | InterWARN | interwarn.exe | InterWARN by Storm Alert Inc. Provides customized, automated access to critical weather and civil emergency information from the US National Weather Service. Required if audio and screen crawler alerts are desired. Also available via Start -> Programs | No |
| X | Intespention | IEXPLORE.exe | Added by the FORBOT-FL WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System% | No |
| X | Intmgr | Intmgr.exe | Added by the GEMA TROJAN! | No |
| X | intranet | SYS32CFG.EXE | Added by the SPYBOT-DW WORM! | No |
| X | Intranet | intranet.exe | Added by the CHIMOZ.AC TROJAN! | No |
| X | Intranet | schost.exe | Detected by Kaspersky as the RBOT.SV BACKDOOR! See here | No |
| X | Intranet Explorer | [random filename] | Detected by Trend Micro as the POEBOT.DK BACKDOOR! See here | No |
| X | Intrenat | Intrenat.exe | Added by the LEMIR.E TROJAN! | No |
| N | Introducing Media Manager | SPLASHA.EXE | MS Media Manager tour. Not required | No |
| N | Introduction-Registration | ?? | For Compaq PC's. Should only run first time, PC Introduction & Compaq registration | No |
| X | IntruderAlert | ia99.exe | Intruder Alert '99 from Bonzi - spyware | No |
| X | IntSys1 | [path to trojan] | Added by the BANLOA-ASE TROJAN! | No |
| U | Inventory Scan | LDISCN32.EXE | LANDesk® Management Suite software component | No |
| X | Ioadqm | Media Player.exe | Added by the HAWAWI WORM! | No |
| N | iobi | iobiClient.exe | iobi Home - a mail/voice service by Verizon | No |
| Y | iolo AntiVirus | ioloAV.exe | iolo AntiVirus | No |
| Y | iolo Personal Firewall | ioloFW.exe | iolo Personal Firewall | No |
| U | Iolo Task Agent | Task_Agent.exe | Iolo System Mechanic Task Agent. Scheduled maintenance | No |
| N | iolo Utility Bar | SMUtilityBar.exe | Iolo System Mechanic Utility Bar - can be launched manually | No |
| U | ioloDelayModule | delay.exe | Part of Iolo System Mechanic. Used to delay the start of an application which loads automatically as Windows loads | No |
| U | Iomega Automatic Backup | ibackup.exe | Iomega Automatic Backup - automatic backups for use with Iomega portable HDD | No |
| U | Iomega Automatic Backup 1.0.1 | ibackup.exe | Iomega Automatic Backup - automatic backups for use with Iomega portable HDD | No |
| N | Iomega Backup Scheduler | dtiom98.exe | Used by Iomega drives. Details of its purpose can be found here. Available via Start -> Programs | No |
| U | Iomega Disk Icons | IMGICON.EXE | Displays Iomega icons in Explorer/My Computer, ejects Zip disks on shutdown and displays a special delete confirmation box when deleting files on an Iomega drive. Available via Start -> Programs. If you disable it remember to eject disks first before powering the drive down - hence the "U" recommendation. Note - FreeCell may not run with ImgIcon running | No |
| U | Iomega Drive Icons | IMGICON.EXE | Displays Iomega icons in Explorer/My Computer, ejects Zip disks on shutdown and displays a special delete confirmation box when deleting files on an Iomega drive. Available via Start -> Programs. If you disable it remember to eject disks first before powering the drive down - hence the "U" recommendation. Note - FreeCell may not run with ImgIcon running | No |
| U | Iomega ImIconXP | imiconxp.exe | Iomega REV System Software - allows your Iomega REV drive to interact with the operating system via the Iomega REV UDF file system, and provides drag-and-drop file access, access and write protection, and formatting of the disks | No |
| ? | Iomega QuickSync | Quicksync.exe | ?? | No |
| N | Iomega Startup Options | IMGSTART.EXE | Used by Iomega drives. Details of its purpose can be found here. Available via Start -> Programs | No |
| N | Iomega Watch | IOWATCH.EXE | Used by Iomega drives. Available via Start -> Programs | No |
| N | IomegaWare | COMMANDER.EXE | Used by Iomega drives. Details of its purpose can be found here. Available via Start -> Programs | No |
| X | Iomega_loader | Iomega_loader.exe | Added by the ANTINNY.F WORM! | No |
| U | Iomon98.exe | Iomon98.exe | PC-Cillin 98 real time virus check. Can cause floppy disk accesses to hang | No |
| X | ioroxxo microsoft sux | system32.exe | Added by a variant of the RBOT WORM! | No |
| X | IP Packet Redirect Service | ipredirect.exe | Added by the FORBOT.SM WORM! | No |
| X | IP Stack | ipstack.exe | Added by the AGOBOT.CW WORM! | No |
| X | IP**.exe [* = random char] | IP**.exe [* = random char] | CoolWebSearch/HomeSearch adware - for examples, see this log | No |
| X | IP**32.exe [* = random char] | IP**32.exe [* = random char] | CoolWebSearch/HomeSearch adware - for examples, see this log | No |
| N | iPalm | mon.exe | Installed with a Panasonic iPalm digital camera. Used to upload photos from the camera. If your camera is not connected (via USB port) you do not need this program loaded | No |
| X | IPC Connection | ipcconn.exe | Added by the RBOT-AEG WORM! | No |
| X | IPC Spool Manager | wnmgre.exe | Added by the SDBOT-ZC WORM! | No |
| X | IPC Spool Manager | winspec.exe | Added by the SDBOT-BLU WORM! | No |
| X | ipcfg.exe | ipcfg.exe | Adware - detected by McAfee as a variant of the ADCLICKER-BM TROJAN! | No |
| X | IPConfig | svcxnv32.exe | Added by the HACARMY.E TROJAN! | No |
| X | IPConfig | svcxnw32.exe | Added by a variant of the HACARMY.E TROJAN! | No |
| X | IpCtrl | ipcon32.exe | Added by an unidentified VIRUS, WORM or TROJAN! | No |
| X | IPFW | ipwf.exe | Added by the DLOADER-YF TROJAN! | No |
| ? | IPHSend | IPHSend.exe | AOL related. What does it do and is it required? | No |
| X | IPInSightLAN 0* | ipclient.exe | Installed with Verizon DSL accounts. IP Insight is a Quality of Service monitor and diagnostic tool that isn't required - see here for more information. This one constantly "phones home" and wastes resources. * represents 1 or 2 | No |
| N | IPInSightMonitor 0* | ipmon32.exe | Installed with Verizon DSL accounts. IP Insight is a Quality of Service monitor and diagnostic tool that isn't required - see here for more information. * represents 1 or 2 | No |
| Y | IPinst | N/A | For Gilat Communications internet satellite systems. Gilat rescue (Satellite system restore). Required if you have this system. Can cause a BSOD (blue screen of death) if left out | No |
| X | IPLog Security | iplogsec.exe | Detected by Trend Micro as the IRCBOT.GP BACKDOOR! See here | No |
| ? | iPlusAgent2 | iAgent2.exe | Related to iriver portable media products. What does it do and is it required? | No |
| X | ipmon.exe | ipmon.exe | Added by the RECERV or R3C.B TROJANS! | No |
| X | IpNetwork | ipnetwork.exe | Maxifiles adware | No |
| X | Ipnuker | Ipnuker.vbs | Added by the INKER.B WORM! | No |
| N | IPO3 | IP Operator 2005.exe | IP Operator 2005 - found on LG Electronics Notebook. The applet makes network connections easier to view and manage than does the standard Windows Network Connections tool. The WLAN module is easy to turn on or off with the press of a single button | No |
| X | Ipod Help | [9 random letters].exe | Added by a variant of the RBOT WORM! | No |
| X | iPOD USB Driver | IPODUSB.EXE | Added by a variant of the RBOT WORM! | No |
| X | iPod USB Service | iPODService.exe | Added by a variant of the RBOT WORM! Do NOT confuse with the Apple iPod process of the same name. The legitimate iPod file will always be located in the Program FilesiPodbin folder, and is implemented as a system service, thus NOT listed in Msconfig/Startup! | No |
| U | iPodManager | iPodManager.exe | Apple iPod® management software for the iPod® player - updates, formating, restoring and other functions associated with the iPod® | No |
| ? | iPodWatcher | iPodWatcher.exe | Associated with Apple's iPod® player. Detects when the iPod® is connected? | No |
| X | IPOT Service Drivers | compaq.exe | Added by a variant of the FUROOTKIT TROJAN! | No |
| X | IPOT USB Service DRIVER | hpsebc087.exe | Added by the SDBOT-WA WORM! | No |
| X | IPOT USB Service DRV32 | hpsebc08.exe | Added by the SDBOT-WH WORM! | No |
| N | IPPDetect | IPP4Detect.exe | Part of Presto! Mr.Photo - "an ideal program for creating, sharing, and manag-ing digital images and videos" | No |
| X | ipreg | ipreg.exe | Added by the ZAGABAN-H TROJAN! | No |
| ? | iPrint LPT Redirector | nipplpte.exe | Related to Novell iPrint - "a printing solution that enables you to send documents to printers located throughout the Net." Is it required? | No |
| N | iPrint Tray | iprntctl.exe | Novell? iPrint - based on Novell Distributed Print Services - enables you to send documents to printers located throughout the Net | No |
| U | iProtectYou | ip.exe | iProtectYou - internet filtering/parental control and network monitoring software | No |
| X | iprun | iPY.exe | iProtectYou spyware | No |
| X | IPSEC Configuration | wsupdate.exe | Added by the AOGBOT-IQ WORM! | No |
| X | iPSec7 | ipsec7.exe | Detected by Trend Micro as the AGENT.AHVR TROJAN! See here | No |
| U | ipsecdialer | IPSECD~1.EXE | Cisco VPN Client - lets local users gain Administrator privileges on the operating system | No |
| U | ipsecdialer | ipsecdialer.exe | Cisco VPN Client - lets local users gain Administrator privileges on the operating system | No |
| Y | IPSecMon | IPSecMon.exe | Microsoft L2TP/IPSec VPN Client for Win98/Me/NT. Secure technology for making remote access virtual private network (VPN) connections across public networks such as the Internet | No |
| X | IPTable Configuration | Winipcfgs.exe | Added by a variant of the RBOT WORM! | No |
| N | iptray | iptray.exe | System Tray access to Intel Desktop Utilities - "provides you with the means to monitor system temperatures, voltages, fan speeds, and hard drive health; view detailed system information, and test your system hardware for common errors" | No |
| X | IPv6 Helper Driver | csass.exe | Added by the AGOBOT.TC WORM! | No |
| X | IPv6 STUN Service | netstun.exe | Added by a variant of the SDBOT WORM! | No |
| N | IPW | IPW.exe | Internet Phone Wizard from Actiontec - Voice over IP (VoIP) that allows you to "make and receive free Internet calls on your regular phone" whilst "at the same time, make and receive regular (landline) calls on your phone" | No |
| N | ipw | usbipw.exe | Related to Internet Phone Wizard from Actiontec - Voice over IP (VoIP) that allows you to "make and receive free Internet calls on your regular phone" whilst "at the same time, make and receive regular (landline) calls on your phone" | No |
| X | ipwf | ipwf.exe | Added by the SCHOEBERL TROJAN! | No |
| X | IpWins | ipwins.exe | IPWins adware | No |
| X | ipxwshel | ipxwshel.exe | Added by the WAREZOV.DG WORM! | No |
| ? | IQES.exe | iqes.exe | ?? | No |
| U | Ir41_32.ax | regsvr32.exe Ir41_32.ax | Intel® Indeo® video 4.4 Decompression Filter related. The "Ir41_32.ax" file is located in %System% | No |
| X | irassync | irasyncd.exe | IRASSync adware | No |
| X | irc session | sessionmgr.exe | Added by the SDBOT-ACE WORM! | No |
| Y | IREIKE | IreIKE.exe | Microsoft L2TP/IPSec VPN Client for Win98/Me/NT. Secure technology for making remote access virtual private network (VPN) connections across public networks such as the Internet | No |
| N | iRis Active Monitor | winmon32.exe | Iris Antivirus - discontinued, replace with good alternative | No |
| N | iRiS AntiVirus Active Monitor | WIMMUN32.exe | Iris Antivirus - discontinued, replace with good alternative | No |
| U | iRiver AutoDB | MLService.exe | Associated with the iRiver Music Manager | No |
| N | iRiver Updater | Updater.exe | Updates for the iRiver Music Manager - used with their digital music players | No |
| U | IrMon | IRMON.EXE | System Tray access to infra-red devices. Not required unless you use infra-red devices | No |
| ? | IRPMonitor | itcnmon.exe | ?? | No |
| X | irssyncd | irssyncd.exe | SafeSurfing adware variant | No |
| X | Irwftp | [path to trojan] | Added by the BANCOS-AP TROJAN! | No |
| X | irwftp | iexplorer.exe | Added by the BANKER-AN TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe) | No |
| X | irwftp | ftpmon.exe | Added by the BANCBAN-BO TROJAN! | No |
| U | IrXfer | IrXfer.exe | Microsoft Infrared Transfer application | No |
| X | ir_ftp | ir_ftp.exe | Added by the IRFTP TROJAN! | No |
| X | ir_ftp | irwftp.exe | Added by the BANCOS.H TROJAN! | No |
| N | IS CfgWiz | cfgwiz.exe | Norton Internet Security configuration wizard | No |
| X | iSafeAV | iSafeAV.exe | iSafe AntiVirus rogue security software - not recommended, removal instructions here | No |
| X | isamini.exe | isamonitor.exe | Added by the ZLOB.MEDIA-CODEC TROJAN! This purports to be a Windows Media Player upgrade (with names such as "iCodecPack", "X Password Manager" and "Media-Codec") to allow the user to view adult oriented videos on certain websites - but actually downloads and installs additional malware on the user's machine. Various directories and filenames are used - see the link for details. The most popular for this example appears to be "Video ActiveX Object" | No |
| X | isamonitor.exe | isamonitor.exe | Added by the ZLOB.MEDIA-CODEC TROJAN! This purports to be a Windows Media Player upgrade (with names such as "iCodecPack", "X Password Manager" and "Media-Codec") to allow the user to view adult oriented videos on certain websites - but actually downloads and installs additional malware on the user's machine. Various directories and filenames are used - see the link for details | No |
| X | Isass | Isass.exe | Added by the FUTRO TROJAN! | No |
| X | IsassRenascimento | Issas.exe | Detected by Kaspersky as the BANKER.GAX TROJAN! See here | No |
| U | ISBMgr.exe | ISBMgr.exe | Related to Sony ISB Utility | No |
| X | iscch | iscch.exe | Added by the LCPRANK-A WORM! | No |
| N | isdbdc | isdbdc.exe | For Compaq PC's. May install properties in dial-up networking when you register with an ISP | No |
| U | isDeleteMe | isDel.bat | Used by Norton Internet Security to remove certain files and directories on reboot when uninstalling their product | No |
| N | ISDN Monitor | Linksts.exe | Tray icon which gets installed when you install the drivers for Asuscom internal ISDN modem cards (or rebadged Asuscom ISDN cards, such as MRi). This icon enables you to monitor or configure your ISDN card. Once you have configured your ISDN card correctly, you will never need to use this icon | No |
| U | ISDNwatch | IWatch.exe | FRITZ!X ISDNWatch - "dialing filter for more security and control on the ISDN PC. The PC is doubly protected against dialer programs and premium-service numbers: ISDNWatch allows the user to block calls to and from both individual numbers and whole number blocks" | No |
| X | iSecurity applet | rundll32.exe iSecurity.cpl,SecurityMonitor | Added by the DLOADER.UZO TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| U | ISHelp | help.exe | ISpy is a security risk that logs keystrokes and captures screenshots. If you didn't install this yourself uninstall it | No |
| U | iShield | iShield.exe | "GuardWare iShield blocks pornographic images when you surf the Internet on your computer using a web browser" | No |
| X | ishost.exe | ishost.exe | Added by the DLOADR-XJ TROJAN! | No |
| Y | ISLP2STA | ISLP2STA.EXE | A process from Cisco Systems Inc associated with Windows Update for wireless NIC drivers | No |
| X | ISMModule | ISMModule.exe | Internet Speed Monitor C adware related - see example here | No |
| X | ISMModule2 | ISMModule2.exe | Internet Speed Monitor C adware related - see example here | No |
| X | ISMModule3 | ISMModule3.exe | Internet Speed Monitor C adware | No |
| X | ISMModule4 | ISMModule4.exe | Internet Speed Monitor A adware related | No |
| X | ISMModule6 | ISMModule6.exe | Internet Speed Monitor C adware related - see example here | No |
| X | ISMModule7 | ISMModule7.exe | Internet Speed Monitor C adware related - see example here | No |
| X | ISMModule8 | ISMModule8.exe | Internet Speed Monitor C adware related | No |
| X | ISMPack5 | ISMPack5.exe | Internet Speed Monitor C adware related - see example here | No |
| X | ISMPack6 | ISMPack6.exe | Internet Speed Monitor C adware related - see example here | No |
| X | ISMPack7 | ISMPack7.exe | Internet Speed Monitor C adware | No |
| X | ISMPack8 | ISMPack8.exe | Internet Speed Monitor C adware related - see example here | No |
| Y | ISP.COM High Speed | slipgui.exe | User interface for Slipstream - internet acceleration through compression/decompression techniques, intelligent cacheing on the server side, and real-time conversion of large/high-bandwidth images to less bulky pix. Used by popular ISPs such as IceNet, Wanadoo, Terra, OnSpeed, United Online and AOL Canada. Required if the user's account is locked in to that proxy server | No |
| X | ISPSERVICE | psycho.exe | Added by the IRCFLOOD-O TROJAN! | No |
| X | ISPSERVICE | wintmp.exe | Detected by Trend Micro as the FLOOD.BC BACKDOOR! See here | No |
| U | iSpyNOW | ispynow.exe | iSpyNOW - remote monitoring and surveillance software | No |
| X | Israfel | Israfel.vbs | Added by the GAGGLE.D or GAGGLE.E WORMS! | No |
| N | IsReminder | ISPopup.exe | Related to GuardWare iShield - this is the registration reminder for the trial version, so not required in startup | No |
| X | ISS | inet.exe | Meplex adware | No |
| X | issearch.exe | issearch.exe | Added by the ZLOB-QF TROJAN! | No |
| X | issEnc32Svr | issEnc32.exe | Added by a variant of the RBOT WORM! | No |
| N | ISSI EZUpdate Service | issimsvc.exe | Part of IBM Global Services - used internally by IBM for automatic updating of software and Microsoft patching | No |
| U | ISStart | ISStart.exe | LogitechGalleryRepair/LogitechVideoRepair - part of Logitech Image Studio - installed with Logitech QuickCam cameras. Required from version 8.11 onwards if you use the software to take pictures and capture videos, not if you don't. Also not required for versions up to and including 7.30 and after version 8.30 - hence the "U" rather than "Y" recommendation | No |
| Y | ISSVC | ISSVC.exe | Part of Norton Internet Security Suite | No |
| Y | ISS_Certtool | certtool.exe | IBM Client Security Certification Tool | No |
| X | IST Service | istsvc.exe | ISTBar adware | No |
| X | ist service uninstall | [random filename] | ISTBar adware related | No |
| X | istinstall zazzer.exe | istinstall zazzer.exe | Unidentified adware downloader/installer | No |
| Y | ISTray | pctsTray.exe | System Tray access to both PC Tools Internet Security suite and Spyware Doctor antispyware from PC Tools | Yes |
| N | ISUSPM Startup | ISUSPM.exe | InstallShield Update Service Scheduler. Automatically searches for and performs any updates to the software so you're always working with the most current version | No |
| N | ISUSScheduler | issch.exe | InstallShield Update Service Scheduler. Automatically searches for and performs any updates to the software so you're always working with the most current version | No |
| U | ISW.exe | ISW.exe | Related to Internet Security Wizard from AT&T (formerly BellSouth Premium Internet Security) alerts users about any potential security threats. It should not be uninstalled unless the user wants to completely remove all traces of AT&T Internet Security Suite | No |
| X | isxa | isxa.exe | Added by the SMALL-EIV TROJAN! | No |
| N | iSysCleaner | iSysCleaner.exe | iSysCleaner - a simple tool that searches for junk files on your computer and allows you to delete them. Simple cleaning maintenance can be done by the user | No |
| X | isystem | isystem.exe | Added by the CHORUS-A TROJAN! Searchforfree browser hijacker | No |
| X | ItalU | italfds.exe | Added by a TROJAN - see here | No |
| U | Itk | Itk.exe | In The Know - surveillance software that creates records of everything people do on a computer, ie, spying or monitoring depending upon how you call it | No |
| U | itk.exe | itk.exe | Insert ToggleKey by Mike Lin. ITK sounds a tone whenever you press Insert | No |
| U | iTouch | iTouch.exe | Loads the iTouch configuration program for Logitech keyboards. It's needed if your keyboard has shortcut buttons and if you use them. It's also needed if your keyboard does not have the num lock, caps lock, and scroll lock lights on it and you use the on-screen displays for num lock, caps lock, and scroll lock | No |
| N | ItsDeductiblePopUp | ItsDeductible.exe | ItsDeductible from Income Dynamics. Calculates your noncash donations quickly and easily. This startup entry checks a registry entry for the next 'PopUp' date and if it is a past or current date displays a program related tip | No |
| X | ITUNES | itune.exe | Added by the RBOT-ZU WORM! | No |
| X | ITUNES | itunes.exe | Added by the OSCABOT-L WORM! Note - this file will be placed in the WindowsSystem32 or WinntSystem32 folder, and should not be confused with the (legitimate) Apple iTunes process, always located in the Program FilesiTunes folder | No |
| X | Itunes | dials.exe | Detected by Kaspersky as the AGENT.MM TROJAN! | No |
| Y | iTunes Helper | iTunesHelper.exe | Installed with Apple's iTunes for Windows. Uses ~3-4MB of memory and if disabled in MSCONFIG or deleted from the registry it will re-instate itself after running iTunes a few times - hence the reluctant Y recommendation | No |
| X | iTunes Music | iTunesHelper32.exe | Added by the SDBOT.CHK WORM! | No |
| X | iTunesAgent | ita.exe | Added by the TACTSLAY.U TROJAN! | No |
| X | itunesff | itunesff.exe | Added by the EB adult premium dialer | No |
| Y | iTunesHelper | iTunesHelper.exe | Installed with Apple's iTunes for Windows. Uses ~3-4MB of memory and if disabled in MSCONFIG or deleted from the registry it will re-instate itself after running iTunes a few times - hence the reluctant Y recommendation | No |
| U | itype | itype.exe | Microsoft IntelliType Pro related. Allows you to map the extra function keys to any program you like. The extra keys are set to defaults such as Messenger, Mail, My Document, etc. Not required unless you want to use the extra keys | No |
| N | Iusage | netdet.exe | Internet Usage Monitor - utility to calculate the cost and time on the internet via dial-up | No |
| X | iut75 | uzcx.exe | Added by the DLOADER-AXV TROJAN! | No |
| X | ivHost | taskManager.exe | Added by a variant of the SPYBOT WORM! See here | No |
| X | ivHost | [6 random letters].exe | Added by a variant of the SPYBOT WORM! See examples here and here | No |
| N | IVPServiceMgr | ivpsvmgr.exe | Toshiba IVP Service Manager application which appears as a red satellite dish icon in the System Tray. This is Toshiba's equivalent to the Windows Automatic Update feature as, whenever you are connected to the Internet, it will check for Windows updates and Toshiba updates | No |
| X | ivy.exe | ivy.exe | Added by the AGENT-ENZ TROJAN! | No |
| N | IW ControlCenter | iwctrl.exe | Pinnacle Systems InstantWrite enables you to use your CD-R, CD-RW and DVD-RAM drive just like a hard disk or floppy disk. You can drag and drop files, create new directories right on your CD-R, CD-RW or DVD-RAM. Maybe required if you use this feature on a regular basis | No |
| U | iwctrl | iwctrl.exe | Pinnacle Systems InstantWrite enables you to use your CD-R, CD-RW and DVD-RAM drive just like a hard disk or floppy disk. You can drag and drop files, create new directories right on your CD-R, CD-RW or DVD-RAM. Maybe required if you use this feature on a regular basis | No |
| X | ixplore | ixplore.exe | Added by the SDBOT-CY TROJAN! | No |
| X | ixproxy | [path to trojan] | Added by the XORPIX-A TROJAN! | No |
| X | ixsso | ixsso.exe | Added by the AGENT.AM TROJAN! Note - example names include "XviD", "Winamp Remote", "Windows Media Player" and "Futuremark" | No |
| X | iyelejiv | yujixit.exe | Added by the SDBOT.BJK WORM! | No |
| ? | IZE | N/A | ?? | No |
| N | j2 Tray Menu | HotTray.exe | eFax Messenger Tray Menu system tray icon for eFax Messenger Plus. Available via Start -> Programs. Disabling instructions available here | No |
| X | JA Cfg Util v2 | jacfg2.exe | Added by the RBOT-AL WORM! | No |
| X | JA Config 32 | Awesome32.exe | Added by a variant of the SDBOT WORM! | No |
| U | Jammer | jammer.exe | Jammer by Agnitum - "Jammer is the last word in Internet security. It combines a user-friendly interface with very sophisticated and powerful security measures that protect your Windows system while you are surfing the web" | No |
| X | Jammer2nd | Jammer2nd.exe | Added by the NETSKY.Z WORM! | No |
| X | java | remote.cmd | Added by the BANKER-EHG TROJAN! | No |
| X | java | system.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| X | Java applet | javaup.exe | Added by the SDBOT-ACF WORM! | No |
| X | Java Auto Update | ujm.exe | Added by the SDBOT-ADH WORM! | No |
| X | Java Runtime Environment | jbuild.exe | Added by the DELBOT-J WORM! | No |
| X | Java Runtime Value | runjava.exe | Added by the RBOT-DDJ WORM! | No |
| X | Java Runtimes | iexplore.exe | Added by the KILLAV.B WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This file is located in a %Windir%\Java\Java folder | No |
| X | Java Softe | Java32.com | Detected by Kaspersky as the RBOT.ECN WORM! See here | No |
| X | Java update | javaqs.exe | Added by the SWARLEY.A WORM! | No |
| X | Java Update | keeper.exe | Added by the AGENT-DIS TROJAN! | No |
| X | Java Virtual Machine | javaw.exe | Added by a variant of the RBOT WORM! | No |
| X | Java**.exe [* = random char] | Java**.exe [* = random char] | CoolWebSearch/HomeSearch adware - for examples, see this log | No |
| X | Java**32.exe [* = random char] | Java**32.exe [* = random char] | CoolWebSearch/HomeSearch adware - for examples, see this log | No |
| X | java-plugin | javasctp.exe | Added by the VB.AMX TROJAN! | No |
| X | Java32 Configuration Loader | msnmesgr.exe | Added by a variant of the RBOT WORM! | No |
| X | JavaCore | JavaCore.exe | Added by the MATCASH TROJAN! | No |
| X | Javascript | jscript.exe | Added by the DELBOT-AD WORM! | No |
| X | JavaScript Debugging Service | JsDbgMan.exe | Added by the DERDERO.E WORM! | No |
| X | JavaScriptMsxrs | Msxrs.exe | Detected by Kaspersky as the BANLOAD.ERP TROJAN! See here | No |
| X | JavaUpdate0.07 | [filename] | Added by the JUPDATE TROJAN! | No |
| X | JavaUpdateSched | jusched32.exe | Added by the BCKDR-CKB BACKDOOR! | No |
| X | JavaVM | java.exe | Added by the MYDOOM.M or MYDOOM.N or other variants of the MYDOOM WORMS! Note - not to be confused with the valid Windows "java.exe" which resides in C:WindowsSystem (Win9x/Me), C:WinntSystem32 (WinNT/2K) or C:WindowsSystem32 (WinXP) as this resides in C:Windows or C:Winnt | No |
| X | jawa32 | jawa32.exe | Added by the AGENT.BG WORM! | No |
| X | Jawa322 | jawa32.exe | Added by a variant of the AGENT.BG trojan | No |
| N | JB | Jiffybar.exe | "Get Paid As You surf" application | No |
| X | jcidls | [random filename] | Added by a variant of the SLAPER TROJAN! | No |
| U | Jessops Insert Detect | InsDetect.exe | Jessops Insert Detect from Jessops Picture Suite | No |
| N | Jet Detection | ADGJDet.exe | Added with SoundBlaster Live! or Audigy soundcards for headphone autodetection | No |
| Y | JetAdmin Discovery Indicator | HPJETDSC.EXE | HP JetAdmin software for HP JetDirect Print Servers. HPJETDSC.EXE is the file necessary for the JetAdmin Discovery Indicator (paper airplane in the taskbar). It gets launched automatically through the registry, and remains active to control the Discovery Indicator | No |
| X | jete | yujixit.exe | Added by the SDBOT.BRT WORM! | No |
| X | jiahus | svchqs.exe | Added by the WOWPWS-AL TROJAN! | No |
| X | jijbl | ezlwy.bat | Added by the REDDW WORM! | No |
| X | jkdfj94kgdftdf | winlogan.exe | Added by the ZLOB.BZ TROJAN! | No |
| U | JMB36X Configure | JMRaidTool.exe | JMB36x series RAID configuration utility from JMicron Technology for their PCI Express to SATA II and PATA Host Controllers | No |
| Y | JMB36X Configure | JMRaidSetup.exe | JMB36x series RAID configuration utility from JMicron Technology for their PCI Express to SATA II and PATA Host Controllers | No |
| U | JMB36X IDE Setup | JMInsIDE.exe | JMB36x series IDE (or Parallel ATA) configuration utility from JMicron Technology for their PCI Express to SATA II and PATA Host Controllers | No |
| U | JMB36X IDE Setup | xInsIDE.exe | JMB36x series IDE (or Parallel ATA) configuration utility from JMicron Technology for their PCI Express to SATA II and PATA Host Controllers. This is normally located in %Windir%\RaidTool | No |
| X | Jnskdfmf9eldfd | csrssc.exe | Added by the AGENT.EBC TROJAN! | No |
| U | Job-oversigt | taskmon.exe | Task Monitor (on Danish language versions of Windows) - checks the disk-access patterns of programs when they are started and stores this information in log files in the Applog folder. Task Monitor also records the number of times you use a program. Task Monitor also records the number of times you use a program. The Disk Defragmenter tool uses this information to optimize your hard disk so that programs that you use frequently are loaded faster. Not required - but can be useful. Note: for Norton Anti-Virus 2002 users, loading TaskMonitor will typically solve many, if not most, of those annoying IE scripting errors (per Symantec's Knowledgebase) | No |
| U | JobHisInit | JobHisInit.exe | Used by Ricoh network printers to enable network printing from the client | No |
| U | Jog Serve | JogServ2.exe | "Jog Dial" on a Sony Vaio laptop. The dial can select various functions such as control audio. Needed if you use its features | No |
| U | JogServ2 | JogServ2.exe | "Jog Dial" on a Sony Vaio laptop. The dial can select various functions such as control audio. Needed if you use its features | No |
| X | johkjh | srvd.exe | Added by a variant of the SLAPER TROJAN! | No |
| X | john315 | srrvc.exe | Added by a variant of the MAILBOT-BI TROJAN! | No |
| X | johnj315 | srvc.exe | Added by a variant of the MAILBOT-BI TROJAN! | No |
| X | johnj3155 | srvcc.exe | Added by a variant of the MAILBOT-BI TROJAN! | No |
| X | johnj3cd | srvdc.exe | Added by a variant of the SLAPER TROJAN! | No |
| X | jon315 | [path to trojan] | Added by the MAILBOT-BI TROJAN! | No |
| ? | jotl | millenzje.exe | ?? | No |
| U | JOYTECH USB Neo S Controller | JoytechNeoSTrayIcon.exe | System Tray access to Joytech Neo S PC gamepad controller software | No |
| X | jpgdiag | [path to worm] | Added by the STRATION-AN WORM! | No |
| X | jpupd | jpupd.exe | Added by the DIALER.CM TROJAN! | No |
| X | Jreg | Jreg2b.exe | FlashEnhancer adware | No |
| X | jucheck | jucheck.exe | Added by the SCRIMGE.O WORM! | No |
| X | Jufualt | winxp2.exe | Added by the SDBOT-AAB WORM! | No |
| X | Jufualt | svhost.exe | Added by the SDBOT-ADJ WORM! | No |
| N | Juno_uoltray | exec.exe | Juno ISP software - not required | No |
| N | jusched | jusched.exe | Checks with Sun's Java updates site to see if newer Java versions are available. Either visit the Java download page or click on Start → Control Panel → Java → Update → Update Now | No |
| X | jusched | [path to trojan] | Added by the BANKER-BWR TROJAN! | No |
| X | jusched | jusched.exe | Added by the BANKER-BOV TROJAN! Note that this is not the legitimate Sun Microsystems file (of the same name) which is usually located in %Program Files%\Java\version number\bin. This one is located in %System% | No |
| X | jushed32.exe | jushed32.exe | CoolWebSearch parasite variant - also detected as the BIZTEN-L TROJAN! | No |
| X | jusodl | severe.exe | Added by the QQPASS.48436 TROJAN! | No |
| U | JussDropUtility | JussDrop.exe | Related to DropShots Inc. A subscription based service for family to connect, converse and share photos and videos | No |
| N | JustVoip | JustVoip.exe | JustVoip - free internet telephony utility using the VoIP (Voice over Internet Protocol). Call online friends for free and regular phones either for free (limited use) or low rates. One of a number provided by Betamax - the others generally have different rate plans. Similar to the more popular Skype | No |
| X | jutsu | jutsu.exe | Added by the RBOT-LS WORM! | No |
| U | jv16 PT TempFileTool | TempTool.exe | jv16 PowerTools File Cleaner - "allows you to find obsolete and left-over temporary files" | No |
| U | jv16PT - Privacy Protector | Task.jvb | jv16 PowerTools Privacy Protector - "allows you to protect your privacy by automatically clearing out all the unwanted history items and cookies from you computer, every time you start your computer" | No |
| U | Jv16pt Network Resident | jv16pt_network.exe | jv16 PowerTools network resident program. Only needed if you are using the program's network features | No |
| X | JvcHost | jvcsvc32.exe | Added by the AGOBOT-AIU WORM! | No |
| X | jvdnlssn | fljzsshc.exe | Flingstone.com adware - and its Golden Palace Casino program | No |
| X | JVM0 | JVM0.exe | Added by the BANLOA-AX TROJAN! | No |
| X | JVM0.12 | [random filename] | Added by the TEADOOR-A TROJAN! | No |
| X | JVM0.14 | [random filename] | Added by the TEADOOR-B TROJAN! | No |
| X | jvms.exe | jvms.exe | Added by the ORCU.B TROJAN! | No |
| X | JW Manager | jwmngr.exe | Added by the DELBOT-G WORM! | No |
| X | jxef1104 | jxef1104.exe | Added by the XIPI-A WORM! | No |
| X | JXL Radio | jxl.exe | Added by the RBOT-EBE WORM! | No |
| X | jysyqm | [random filename] | ZenoSearch adware | No |
| ? | Jzi16 | jzi16.exe | ?? | No |
| X | K2ps_full.task | K2ps_full.exe | Added by the JUNTADOR.K TROJAN! | No |
| N | K6CPU.EXE | K6CPU.EXE | Authenticates CPU as K6 in system properties | No |
| X | Kadoc | [random filename].exe | Added by the STAPREW TROJAN! | No |
| U | KADxMain | KADxMain.exe | System Tray access to IntelliSonic Speech Enhancement - by Knowles Acoustics. Designed to render speech from a user selectable direction, while canceling interfering speech from other directions, thus minimizing the effects of environmental noise and eliminating acoustic echo feedback. Found on some Dell and Fujitsu Seimens laptops | No |
| X | kak | kak.hta | Added by the KAKWORM WORM! | No |
| U | Kalender | Kalender.exe | UK's Kalender "helps you organizing your dates and tasks and reminds you of upcoming events" | No |
| U | Kalibump | Kalibump.exe | Used with the now unsupported Kali software for on-line gaming. This is used to automatically bump up the priority of WinProxy to GREATLY improve game speed when using a SOCKS proxy | No |
| X | kalvsys | kalv****.exe [* = random char] | EliteBar adware | No |
| X | kalvsys | kalv***32.exe [* = random char] | EliteBar adware | No |
| N | Kana Reminder | Reminder.exe | Kana Reminder is a program which can be used to set a reminder to be triggered at a specified time | No |
| U | Karen's Once-A-Day II | PTOAD.exe | "Have a job that should be run exactly once each day? Karen's Once-A-Day II is just what you need!" Scheduler that lets you specify progams, web pages and files that be run or opened automatically, the first time | No |
| U | KASP | OESpamTest.exe | Kaspersky Anti-Spam | No |
| X | Kasper Antivirus | KASPERANTIVIRUS.EXE | Added by a variant of the SPYBOT WORM! | No |
| Y | Kaspersky Anti-Hacker | KAVPF.exe | Kaspersky Anti-Hacker firewall | No |
| X | Kaspersky Antivirus | KasperskyAV.exe | Added by a variant of the RBOT WORM! | No |
| X | Kaspersky Email Security | javaupd.exe | Added by the SWARLEY.A WORM! | No |
| X | kaspersky32 | kasperskyLabs32.exe | Added by the RBOT-GOT WORM! | No |
| X | KasperskyAv | kaspersky.exe | Added by the MIMAIL.T WORM! Note - this has nothing to do with the real Kaspersky anti-virus | No |
| X | KasperskyAVEng | Kasperskyaveng.exe | Added by the NETSKY.V WORM! | No |
| X | KAT | KAT.vbs | Added by the SOAD-D WORM! | No |
| U | KatMouse | KatMouse.exe | KatMouse - utility to enhance the functionality of mice with a scroll wheel, offering 'universal' scrolling, etc | No |
| Y | kav | avp.exe | Kaspersky anti-virus and AOL's Active Virus Shield (by Kaspersky) - found in either a Kaspersky or AOL sub-directory | No |
| X | kava | kavo.exe | Added by the LINEAG-GLG TROJAN! | No |
| X | KAVFOX | win1ogoin.exe | Added by the GWGHOST-M TROJAN! | No |
| X | kavir | kavir.exe | Added by a variant of the Storm/Nuwar/Zhelatin WORM! See here for an example | No |
| X | KAVPersonal | svchost.exe | Added by the LINEAGE-V TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder | No |
| Y | KAVPersonal50 | Kav.exe | Kaspersky Anti-Virus Personal 5.0 | No |
| X | KAVPersonal90 | wscntfy.exe | Added by the BANKER-FZ TROJAN! | No |
| Y | KavPFW | KavPFW.exe | KingSoft Personal Firewall | No |
| X | KavRuns | Windll.exe | Added by the TRYNOMA TROJAN! | No |
| Y | KavStart | KAVStart.exe | KingSoft Personal Firewall | No |
| Y | kavsvc | kavsvc.exe | Kaspersky antivirus | No |
| X | KavSvc | ******.exe reg_run [* = random char] | Added by the QOOLOGIC TROJAN! | No |
| X | kavsvc | [random 6 char filename] | Added by the QOOLOGIC TROJAN! Uses random file names (examples: nzkklz.exe, rzazzi.exe, ivpaan.exe) | No |
| X | KAVutil | [worm filename] | Added by the WINTOO.B WORM! | No |
| N | KAZAA | kazaa.exe | KAZAA is a file-sharing program which unfortunately being ad-based includes "Cy-door" adware. Check here for information about "Cy-door" and here for a program that can remove it | No |
| N | KAZAA | [path] kpp.exe [path] kazaalite.kpp | System Tray access to later versions of the Kazaa Lite P2P file sharing utility - namely the K++ and Resurrection variants. Kazaa Lite is the unauthorized modification of the original Kazaa Media Desktop - with the malware removed | No |
| X | Kazaa Download Accelerator Updater (required) | regsvr32 kdp****.dll [* = random char] | SafeguardProtect/Veevo hijacker. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The random DLL file is found in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| X | Kazaa lptt01 | kazaa.exe | RapidBlaster variant (in a "kazaa" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here. Note - this is not the valid KaZaA file sharing program which has the same executable name | No |
| X | Kazaa ml097e | kazaa.exe | RapidBlaster variant (in a "kazaa" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here. Note - this is not the valid KaZaA file sharing program which has the same executable name | No |
| X | KAZAACuf | 9 | Added by the KITRO.D (or ARGEN.A) WORM! | No |
| N | kazaalite | kazaalite.exe | Kazaalite is a file sharing client - not to be confused with the original Kazaa program. Unlike the original, this one does not contain any advertising or tracking mechanisms | No |
| N | KaZooM | KaZooM.Exe | KaZoom from Blue Haven Media - "add-on application that automatically speeds up the download process and finds the files you want with far more power than regular KaZaA searches" | No |
| X | kb | AUTO.txt | Added by the BRONTOK-CV WORM! | No |
| Y | KB891711 | KB891711.exe | Installed by the Windows KB891711 critical update, see this security bulletin - this file reportedly needs to continue running in order to patch the vulnerability, at least until a more practical solution is found. There have however been reports of fatal exception errors in systems running Windows 98, and in such a case Microsoft advises to either uninstall the patch (Add/Remove Programs) or prevent it from running at startup | No |
| Y | KB918547 | KB918547.EXE | Bug-fix for a Microsoft graphics rendering engine vulnerability - see here. Windows 98/Me only | No |
| Y | KB926239 | rundll32.exe apphelp.dll, ShimFlushCache | Microsoft KB926239 fix. Windows Media Player 10 may close unexpectedly on a Windows XP-based computer | No |
| U | KBD | KBD.EXE | Multimedia keyboard manager. Required if you use the multimedia keys | No |
| U | KBD | KbdStub.EXE | Key Watcher from HP - watches for Multimedia Keys on HP keyboards | No |
| U | KBD MediaCenter | MEDIACTR.EXE | Multimedia keyboard manager. Required if you use the multimedia keys | No |
| X | kbddrv32 | kbddrv32.exe | Added by the CRYPTER.A TROJAN! | No |
| X | kbddrvinf | kbddrvinf.exe | Added by the CRYPTER.A TROJAN! | No |
| N | KCeasy | KCeasy.exe | KCeasy - a Windows peer-to-peer filesharing application which uses giFT as its 'back end' foundation. The networks currently supported are OpenFT and Gnutella | No |
| U | KClient | kstatus.exe | KClient Kerberos client software for Win32 systems. It provides the libraries and utilities needed to use Kerberos-based PC applications developed by Computing Services such as KWeb and NiftyTelnet | No |
| X | kdmsx | [8 random letters].exe | Detected by Kaspersky as the SDBOT.AIJ BACKDOOR! See here | No |
| N | kdx | KHost.exe | Verisign Kontiki Delivery Management System - Windows-based client software that enables secure delivery of content to users' desktops | No |
| U | KE9801 | DriBat32.exe | KE9801 multimedia keyboard driver - required if you use the multimedia keys | No |
| X | Keenvalue | Keenvalue.exe | KeenVal adware | No |
| U | KEMailKb | KEMailKb.EXE | Controls the buttons at the top of the Micro Innovations 650i Internet Access Keyboard. If you disable it you cannot use the buttons - like volume control or shut down | No |
| ? | Kemet | kemet.exe | ?? | No |
| U | KeNotify | KeNotify.exe | Toshiba utility found on their laptops. This program is responsible for the Toshiba LapTop Help 'FlashCards' utility that sits at the top of the screen giving easy access to the 'F keys' alternative functions such as Lock,Power Mode,Sleep etc | No |
| X | kERe | kERe.exe | Added by the BRONTOK-BT WORM! | No |
| U | Kerio VPN Client | kvpnclient.exe | Kerio VPN Client | No |
| X | kern64dll | [random filename] | Added by the TARNO.J TROJAN! | No |
| X | Kernal Fault Check | ntosrkl.exe | Added by a variant of the SDBOT WORM! | No |
| X | kernctl32 | rundll32 kctl32.dll, initialize | Added by the AGENT.AT TROJAN! | No |
| X | Kerne0223 | Kerne0223.exe | Added by the LEGMIR-ZA TROJAN! | No |
| X | Kernel | bboy.exe | Added by the MUMU.B WORM! | No |
| X | Kernel | services.exe | Added by the FOOZ-A TROJAN! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Windows or Winnt folder | No |
| X | kernel | kernel.exe | Added by the MATCASH.CF TROJAN! | No |
| X | KERNEL 32 | SKERNEL32.com | Added by the SEMAPI-A WORM | No |
| U | Kernel and Hardware Abstraction Layer | KHALMNPR.EXE | Part of the Logitech Setpoint software for their wired and wireless mice and trackballs. Sets the Windows mouse sensitivity to minimum. The idea is that you will use the SetPoint Control Panel to adjust your mouse sensitivity. This setting is maintained separately from the Windows setting, but is combined with the Windows setting to determine the final sensitivity. For this reason, KHALMNPR sets the Windows setting to 0 so it doesn't alter the one you set in SetPoint | No |
| X | Kernel Faults | ftphost.exe | Added by the RBOT.BHU WORM! | No |
| X | Kernel Loader | ntkrnl.exe | Added by the CERVIVEC.A WORM! | No |
| X | Kernel Manager | krnlmgr.exe | Added by the JUNY.A TROJAN! | No |
| X | Kernel Safe Mode | smss.exe | Added by the 78CRACK-A TROJAN! Note - this is not the legitimate smss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder | No |
| X | Kernel Services | service32.exe | Added by the PRX-B TROJAN! | No |
| X | kernel system daemon | ACTIVAT0R.exe | Added by the RANDEX.AW WORM! | No |
| X | kernel12.exe | kernel12.exe | Added by an unidentified WORM or TROJAN! | No |
| X | kernel32 | kern32.exe | Added by the BADTRANS.A WORM! | No |
| X | Kernel32 | Kernel32.exe | Added by a number of VIRUSES, WORMS and TROJANS! | No |
| X | kernel32 | kernel.dli | Added by the NETDEVIL.B TROJAN! | No |
| X | Kernel32 | Kernel.dll | Added by the REDLOF.M VIRUS! | No |
| X | kernel32 | kernel32.dlI | Added by the NETDEVIL.15 TROJAN! | No |
| X | Kernel32 | krnl32.exe | Added by the EPON WORM! | No |
| X | Kernel32 | Kernel32.win | Added by the GAGGLE.D or GAGGLE.E WORMS! | No |
| X | Kernel32 | kernel32s.exe | Added by the BCKDR-CIC BACKDOOR! | No |
| X | kernel32 | kernel32.dll.vbs | Added by the WEKODE-A WORM! | No |
| X | Kernel32 | svchosts.exe | Added by an unidentified WORM or TROJAN! | No |
| X | kernel32dll | guardpc.exe | Added by the FORBOT-CU WORM! | No |
| X | kernel44.dll | taskkill /f /fi "PID ge 0" /im * | Added by the VBS.LIDO WORM! | No |
| X | KernelCheck | sys****.exe [* = digit] | Added by an unidentified TROJAN! | No |
| X | KernelCheck | winser.exe | Added by the TSPY_LMIR.SL TROJAN! | No |
| X | KernelConfig | destiny32.exe | Added by the AGOBOT.AMB WORM! | No |
| N | kernelfaultcheck | dumprep 0 -k | Used in connection with memory dumps - you can disable these by - right clicking on My Computer, selecting Properties and then the Advanced tab. Click on the Settings button in 'Startup and Recovery'. In the bottom pane - under 'Write debugging information' - click on the down arrow and then select 'None' - OK your way out | No |
| N | kernelfaultcheck | dumprep 0 -u | Used in connection with memory dumps - you can disable these by - right clicking on My Computer, selecting Properties and then the Advanced tab. Click on the Settings button in 'Startup and Recovery'. In the bottom pane - under 'Write debugging information' - click on the down arrow and then select 'None' - OK your way out | No |
| X | KernelFaultCheck | ptool32.exe | Added by the LEGMIR-BN TROJAN! | No |
| X | KernelFaultChk | sms.exe | Added by the DEADHAT WORM! Do not confuse with the valid "kernelfaultcheck" which runs "dumprep 0 -k" or "dumprep 0 -u" | No |
| X | Kernell | systems.exe | Added by the TARNO.C TROJAN! | No |
| X | Kernell32 | Kernell.dll | Added by the DESTINY.A TROJAN! | No |
| X | KernellApps | csrss.exe | Added by the BANCBAN-AC TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "System" subfolder | No |
| X | KernellApps | lexplore.exe | Added by the BANCBAN-BS TROJAN! Note - the executable is spelt with a lower case "L" rather than an lower or upper case "i" which is the case with Internet Explorer | No |
| X | KernellApps32 | smss.exe | Added by the BANCBAN-AN TROJAN! Note - this is not the legitimate smss.exe process which should not normally figure in Msconfig/Startup! | No |
| X | KernelRuntime | [path to worm] | Added by the MYTOB-JO WORM! | No |
| X | Kernelw | Kernelw32.exe | Added by the INDOR.E WORM! | No |
| X | Kernel_check | wmiprvse.exe | Added by the SONEBOT-B WORM! Note - this is not the legitimate wmiprvse.exe process which is always located in the System32wbem folder and should not normally figure in Msconfig/Startup! | No |
| X | key | sysxp.exe | Added by the BEAGLE.AB WORM! | No |
| X | key | sys_xp.exe | Added by the BEAGLE.AC WORM! | No |
| X | key | winxp.exe | Added by the BEAGLE.AG WORM! | No |
| X | Key Logger | csrss.exe | Added by the BUCHON.A WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in the root folder (ie, C:\) | No |
| N | Key Text | KeyText.exe | Key Text 2000 from MJMSoft Design - utility to automate repetitive keyboard tasks. Available via Start -> Programs | No |
| X | Key1 | Rlid.exe | Added by the LIXY TROJAN! | No |
| ? | Key2 | serve.exe | ?? | No |
| X | key2 | winlog.exe | Added by the BAGLEDI-AL TROJAN! | No |
| Y | KeyAccess | keyacc32.exe | KeyServer KeyAccess client software - "when the KeyServer program is launched, the KeyServer process becomes active so license requests from client computers can be serviced. Without KeyAccess, a keyed program cannot run, so license control is very secure" | No |
| X | Keybdcntl | keybdcntl.exe | Added by a variant of the CRYPTER.C TROJAN! | No |
| U | KeyBoard | Keyboard.exe | Labtec keyboard utility | No |
| X | keyboard | keyboard*.exe [* = number] | Detected by Kaspersky as the VB.ZG TROJAN! | No |
| X | keyboard | kybrdef_7.exe | DollarRevenue adware | No |
| X | keyboard | [path to trojan] | Added by the DLOADR-AOZ TROJAN! | No |
| U | Keyboard Manager | MMKeybd.exe | Multimedia keyboard manager. Required if you use the additional keys | No |
| Y | Keyboard Preload Check | Preload.exe | Millenium Multi-Function Keyboard driver | No |
| X | keyboard_enum | keyboard_enum.exe | Added by the BDOOR-GP BACKDOOR! | No |
| U | KeyMaestro | kmaestro.exe | Multimedia keyboard manager. Required if you use the multimedia keys | No |
| U | keymap | keymap.exe | System Tray utility and background task used by games produced by Kesmai (published by Interactive Magic) and which enables you to program keys to do specific actions during the game | No |
| X | keymgrldr | rundll32 setupapi, InstallHinfSection... keymgr3.inf | CoolWebSearch Oemsyspnp parasite variant | No |
| U | KeyPatrol | KeyPatrol.exe | KeyPatrol - key logger detector using both behavioral and pattern-matching algorithms that used to be part of PestPatrol before CA's aquisition | No |
| X | keyserv | keyserv.exe | KeyThief spyware | No |
| U | Keyspan Digital Media Remote | KDMRdmn.exe | Remote control driver for Keyspan Digital Media Remote devices | No |
| U | keystroke | keystroke.exe | QuickLaunch surveillance software. Uninstall this software unless you put it there yourself | No |
| U | KeyWallet | KWallet.exe | "KeyWallet is a useful and convenient desktop utility that spares you the trouble of filling in your logins, passwords and other personal data manually" | No |
| X | kfienq | masbl.bat | Added by the KIFER TROJAN! | No |
| X | Kgjg | rnnypbw.exe | Added by the QuickLinks/Forethought adware | No |
| X | KHATARNAK Loader | KHATARNAK.exe | Added by the AUTORUN.ACO WORM! | No |
| N | khooker | khooker.exe | SiS Keyboard Daemon. System Tray utility which gets installed by the drivers of the latter day SiS VGA cards. Can cause errors at startup and isn't required | No |
| X | Kiamat Sudah Dekat_16_04 | ISASS.exe | Added by the PAHATIA.B WORM! | No |
| U | KICKMON.EXE | KICKMON.EXE | KeepItClean - utility that deletes safe to remove files, cookies, browsing history, etc. This is the scheduler - if you don't schedule clean-ups it isn't required | No |
| U | Kill Popup | KillPopup.exe | KillPopup - pop-up stopper | No |
| X | KillAndClean | KillAndClean.exe | KillAndClean spyware remover - not recommended, see here | No |
| X | kimochiz.exe | kimochiz.exe | Added by the MDROP-BB TROJAN! | No |
| N | Kinberlink | Kinberlink.exe | Kinberlink network messaging. Available via Start -> Programs | No |
| X | kiss | pingy.exe | Added by a variant of the IRCBOT BACKDOOR! The file is located in a random subfolder of %ProgramFiles% | No |
| X | KIT3 | hpprintqueue.exe | Added by the ADCLICK-DS TROJAN! | No |
| U | KK Loader | loadkk.exe | KeyKey XP Professional from KeyKey.com. "Monitor Instant Messages, Chats, Emails, Web Site URLs, Passwords, Computer Programs, Start Up and Shut Down time and much more completely undetected to the user." | No |
| X | KKM Service | kkm.exe | Added by the NANPY-I WORM! | No |
| X | KL AntiFunLove | flcss.exe | Added by the FUNLOVE.4099 VIRUS! | No |
| U | KLog | Keyspy.exe | KeyLoggPro.B keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| X | klop | [path to file] | Added by the AGENT-WQ TROJAN! | No |
| X | klop | [random].tmp | Found with Trojan.Win32.StartPage.aw. Possibly a variant of the AGENT-WQ TROJAN! | No |
| U | klp | run32dll.exe | PAL PC Spy - key recorder and screen capture utility which controls and monitors everything that happens on your pc and online | No |
| U | klp | explorer.exe | ComSurveilSys keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| U | KM9801U | MMHotKey.exe | Multimedia key handling for the relevant type of Turbo-Media keyboard. Shortcut available. Note that with this running it can crash DirectX8/9 under WinXP when a game switches to full-screen | No |
| U | kmw_run.exe | kmw_run.exe | Kensington MouseWorks - mouse/trackball software. Not required unles you use any special features | No |
| U | kmw_show.exe | kmw_show.exe | Kensington MouseWorks - mouse/trackball software. Not required unles you use any special features | No |
| X | KnowledgeBase GUI | wppewafaj.exe | Added by the RBOT-GRZ WORM! | No |
| U | KN_PanelApp | PanelApp.exe | KnowledgePanel online survey software | No |
| N | Kodak Batch Transfer | pezdow1.exe | Part of "Kodak Picture Easy" software for digital cameras. Includes the display of an icon in the System Tray to quickly transfer photos to a PC | No |
| U | Kodak EasyShare software | EasyShare.exe | Software bundled with Kodak digital cameras to manage the connection between the PC and the Camera. Can be started manually | No |
| N | Kodak Picture Easy *.* Batch Transfer | PezDownload.exe | Part of "Kodak Picture Easy" software for digital cameras. Includes the display of an icon in the System Tray to quickly transfer photos to a PC. *.* represents the version | No |
| N | Kodak Picture Transfer Software | pts.exe | Looks for Kodak camera connection and media insertion. Available via Start -> Programs | No |
| N | Kodak Software Updater | backweb*****.exe | Software updater for Kodak Easyshare digital cameras | No |
| N | KODAK Software Updater | Kodak Software Updater.exe | Software updater for Kodak Easyshare digital cameras | No |
| Y | KodakCCS | KodakCCS.exe | Kodak DC File System Driver | No |
| U | Komunikator | tlen.exe | Tlen - a Polish language instant messaging client | No |
| U | KONICA MINOLTA magicolor 2400W STD | MSTMON_S.EXE | Konica Minolta Magicolor 2400W colour printer monitor | No |
| N | Konni Symbol Autostart | KonniSymbol.exe | Gives configuration access to RagTime Solo professional business publishing software. RagTime Solo is the private user version of RagTime 5 | No |
| N | kontiki | kontiki.exe | Kontiki Delivery Manager - Windows-based client software that enables secure delivery of content to users' desktops | No |
| Y | KPDrv4XP | KPDrv4XP.exe | MediaKey USB Keypad Driver | No |
| Y | KPFW32.EXE | KPFW32.EXE | KingSoft Personal Firewall | No |
| Y | KPFWSvc.EXE | KPFWSvc.EXE | KingSoft Personal Firewall | No |
| X | Kr0n1C | Kr0n1C.exe | Added by the BRONTOK-BO WORM! | No |
| X | krag | krag.exe | Added by the AGENT-FOW WORM! | No |
| U | Kraidman | Kraidman.exe | "Toshiba RAID Support is a Toshiba EasyGuard feature that uses RAID Level 1 technology to minimise downtime by protecting against data loss and ensuring quick data recovery" - for Toshiba laptops | No |
| Y | Krait | razerhid.exe | Razer Krait mouse driver | No |
| U | KREC32 | krec32.exe | StarrCommander Pro Keystroke logging software | No |
| X | KRNL | Kernl32.exe | Added by the ZOMBY.B TROJAN! | No |
| X | Krnlcheck | csrss.exe | Added by the BOTNACHALA TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| U | Krnlmod | Krnlmod.exe | Keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| U | Kryptel Component Start | Kicker.exe | Kryptel encryption software | No |
| X | ksrlnhm | zxatgso.exe | Added by the DLOADER-LI TROJAN! | No |
| X | Ksrv32 | Ksrv32.exe | Added by the AGOBOT-PI WORM! | No |
| X | KTAX Auto Loader | ktax.exe | Added by the SDBOT-MZ WORM! | No |
| U | ktchnsnk | ktchnsnk.exe | HP program found with the Office Jet 500/600/700 series which initializes the Office Jet manager each time the computer is booted up or rebooted | No |
| Y | KTPWare | ktp.exe | Related to KTP Ware TSR Enhancements from ELANTECH | No |
| X | KV2005 | word.EXE | Added by the IW TROJAN! | No |
| X | kv3000 | lover.vbe | Added by the ZSYANG.B WORM! | No |
| X | kvasoft | kva8wr.exe | Added by the ONLINEG.ICC WORM! | No |
| X | kvern16.dll | regsvr32.exe kvern16.dll | DailyWinner adware. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The "kvern16.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| X | Kvsc3 | Kvsc3.exe | Added by the PWS-ANM TROJAN! | No |
| X | KV_HOST | cxjx.exe | Added by the LEGMIR-BB TROJAN! | No |
| X | kw3eef76 | rundll32.exe kw3eef76.dll, EnableRunDLL32 | LZIO.com adware downloader. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "kw3eef76.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| N | kX Mixer | kxmixer.exe | Provides Mixer and Control functionality to KxProject Audio driver for EMU10k based soundcards | No |
| U | KX509 | kx509_kfwk5.exe | Kerberos Secure Authentication for Windows | No |
| ? | KYE_Showicon | shwicon.exe | Card reader for memory cards from digital cameras. Is it required? | No |
| X | KYK Control Settings | KYSVCXD.EXE | Added by a variant of the RBOT WORM! | No |
| X | KYM Control Settings | phqghum.exe | Added by the RBOT.BQD WORM! | No |
| X | L0aders | faxneti.exe | Added by a variant of the SDBOT TROJAN! | No |
| X | l44sys** | freecell | Added by the VBS.LIDO WORM - where ** is a number between 1 and 12 | No |
| X | l44sys** | iexplore | Added by the VBS.LIDO WORM - where ** is a number between 65 and 76 | No |
| X | l44sys** | winmine | Added by the VBS.LIDO WORM - where ** is a number between 33 and 44 | No |
| X | L4r1$$a | L4r1$$a.pif | Added by the ASSIRAL-C WORM! | No |
| Y | Lachesis | razerhid.exe | Razer Lachesis mouse driver | No |
| U | LaCie Backup | LaCieBackup.exe | LaCie '1-Click' backup software for their range of mobile hard drives | No |
| U | laim | aimlite.exe | "AIM Lite is a reference application for testing some new client technology developed here at AOL?, with the goal of being a simple, fun, light IM client" | No |
| X | laltin | L90112201.Stub.exe | Delfin Media Viewer adware related | No |
| X | LAN Driver | landriver32.exe | Added by the RBOT.BT WORM! | No |
| X | lanbrup | lanbrup.exe | SafeSurfing adware | No |
| U | LANDeskInventoryClient | LDIScn32.exe | LANDesk® Management Suite software component | No |
| U | LanguageMonitor | Oplmsb01.exe | OKI Printer language support monitor | No |
| ? | LanguageShortcut | Language.exe | Part of Cyberlink's PowerDVD prior to version 8. Language settings? | No |
| X | LanGuard | languard.exe | Adware downloader - also detected as the SECONDT-C TROJAN! | No |
| X | LanGuard | [path to trojan] | Added by the DLOADER-VO TROJAN! | No |
| X | lanmanwrk.exe | lanmanwrk.exe | Added by the AGENT.AIA TROJAN! | No |
| U | LANMessage Pro | LANMES~1.exe | LANMessage Pro - "a powerful tool for communicating with other people on your office/home network" | No |
| U | LanSpeed2 | LanSpeed2.exe | Monitors any traffic that is using a LAN adapter (Ethernet or Token ring network card) | No |
| ? | LanzarL2007 | [path] setup.exe | ?? | No |
| U | LaoKey | LaoKey.exe | Lao Script for Windows (LSWin) is an extension to the Windows operating system to allow Lao language to be used with many different Windows-based applications | No |
| U | Laplink PDASync 3.0 - LtNts4 | NtsAgnt.exe | Laplink PDASync for (IBM) Lotus Notes 4 - PDA synchronisation utility | No |
| U | Laplink PDASync 3.1 - PocketPC | AUTODE~1.EXE | Laplink PDASync for Windows Mobile Pocket PC - PDA synchronisation utility | No |
| U | Laplink PDASync 3.1 - ScheduleSync | ScheduleSync.exe | Laplink PDASync for ScheduleSync - PDA synchronisation utility | No |
| U | LapLink scheduler | Llsched.exe | Utility that automatically performs file transfers as unattended background operations | No |
| X | Laptop Access | Sage.exe | Added by the SDBOT-NB WORM! | No |
| X | Lar | Llass.exe | Added by the INOR-A TROJAN! | No |
| X | lar | [trojan filename] | Added by the ROXY.C TROJAN! | No |
| X | LARISSA ANTI VIRUS | LARISSA_ANTI_VIRUS.exe | Added by the KLASSIR TROJAN! | No |
| ? | Lasb | ewat.exe | ?? | No |
| X | LaserJet | spoolvs.exe | Added by the DLOADER.PFR TROJAN! This is not the file of the same name from older versions of MS Office - see the link for the location | No |
| X | LasErma | Ermasys32.exe | Added by the LERMA-A WORM! | No |
| X | LAsIAf32 | RePEAtLD.exe | Added by the REPEATLD WORM! | No |
| X | lasse | lasse.exe | Added by the NTOS TROJAN! | No |
| Y | LASTinst | N/A | For Gilat Communications internet satellite systems. Gilat rescue (Satellite system restore). Required if you have this system. Can cause a BSOD (blue screen of death) if left out | No |
| ? | Later | later.exe | ?? | No |
| U | LaunApp | LaunApp.exe | Part of Acer Launch Manager - programmable keys on such laptops as the TravelMate 610 | No |
| ? | Launcg | launcg.exe | ?? | No |
| U | Launch Ai Booster | OverClk.exe | ASUS Ai Booster is an application that allows you to overclock the CPU either manually or automatically without the hassle of entering the BIOS Setup | No |
| N | Launch Context 5.0 | Launch.exe | Context - electronic dictionary | No |
| U | Launch K9 | K9.exe | K9 by Robert Keir - "an email filtering application that works in conjunction with your regular POP3 email program and automatically classifies incoming emails as spam (junk email) or non-spam without the need for maintaining dozens of rules or constant updates to be downloaded. It uses intelligent statistical analysis that can result in extremely high accuracy over time" | No |
| U | Launch LCDMon | LCDMon.exe | Driver/utility for Logitech G-Series gaming keyboards and mice | No |
| U | Launch LGDCore | LGDCore.exe | Driver/utility for Logitech G-Series gaming keyboards and mice | No |
| X | Launch Norton AntiVirus 2000 | jorgf.exe | Added by the RBOT-AUI WORM! | No |
| N | Launch YahooPOPs! at Windows startup | YAHOOPOPS.EXE | YahooPOPs - enables free POP3/SMTP access to Yahoo! Mail through a service on localhost that emulates the web interface. Available via Start -> Programs | No |
| U | LaunchAp | LaunchAp.exe | Programmable keys on Acer, Fujitsu and other laptops | No |
| U | LaunchApp | Alaunch.exe | Acer Launch tool utility on laptops | No |
| U | Launchboard | lnchbrd.exe | "LaunchBoard software from Darwin turns your keyboard into a remote control for the Internet and your computer! With LaunchBoard 2.0, you can customize up to 38 keys on your PC keyboard to instantly launch Web Sites, start applications, perform custom macros, handle Windows shortcuts, store passwords, and perform loads of other customizable functions" | No |
| X | Launcher | launcher.exe | Spyware component related to DownloadWare and found in %ProgramFiles%\KFH | No |
| N | Launcher | relaunch.exe | Audio Applications Launcher for the Philips Rythmic Edge soundcard (the Philips Rhythmic Edge is the same as the Thunderbird PCI soundcard - see TBtray). Available via Start -> Programs | No |
| U | Launcher | launcher.exe | PC Angel recovery program from SoftThinks. Located in a "SMINST" sub-folder of the Windows or Winnt directory | No |
| U | Launcher | Launcher.exe | SpeedUpMyPC 2009 from Uniblue - which "lets you monitor and control all your PC resources with easy, one click instructions. System settings, internet usage, disk clutter, RAM and CPU are all automatically scanned, cleaned and optimized for peak performance." Located in %ProgramFiles%\Uniblue\SpeedUpMyPC | No |
| ? | LaunchList | LaunchList2.exe | Part of Pinnacle Studio video editing suite. What does it do and is it required? | No |
| X | Lavasoft Ad-Aware | Ad-Aware.exe | Added by the RBOT-SO WORM! Note - this is not the popular Ad-Aware spware/adware removal tool and is located in %System% | No |
| U | Lavasoft Adwatch | Ad-watch.exe | Part of Lavasoft Ad-aware Plus - realtime spyware-monitor watching your memory and registry for spyware that tries to install or change your system | No |
| X | layersldm | hostplsrvc.exe | Added by a variant of the SDBOT WORM! | No |
| X | Laz | Kernn.exe | Added by the BANCOS-LN WORM! | No |
| X | LBTWiz.exe | LBTWiz.exe | Added by the SDBOT-DHY WORM! | No |
| X | Lcass | Lcass.exe | Added by the SILLYFDC-W WORM! | No |
| U | LCD Smartie | LCDSmartie.exe | "LCD Smartie is software for Windows that you can use to show lots of different types of information on your LCD/VFD." Typically used by the PC modding community to display statistics such as CPU temp, fan/cooler speed, etc on an LCD display | No |
| U | LCDC | LCDC.exe | LCDC is an application that displays various information on your LCD or VFD screen. The number of things that LCDC can do is expandable by Plugins | No |
| U | LCDMon | LCDMon.exe | Driver/utility for Logitech G-Series gaming keyboards and mice | No |
| Y | LCDPlayer | LCDPlyer.exe | Related to SuperAdBlocker | No |
| N | lcfep | lcfep.exe | Tivoli 'TME' System Tray icon - "'lcfep' is the program that displays statistics about the Endpoint. Apparently stopping/removing this process has no impact on the Endpoint itself which will continue to function normally" | No |
| ? | LCIDConfig | lcidchng.exe | ?? | No |
| U | LClock | lclock.exe | LClock is a program that makes the Windows' clock look like a Windows Longhorn Clock | No |
| X | lcvga | lcvga.exe | Added by the HOSTOL-A TROJAN! | No |
| X | ld | ld.exe | CoolWebSearch Tooncomics parasite affiliate variant - redirects to fastwebfinder.com | No |
| N | LDM | backweb-8876480.exe | Installed with the software for Logitech products. Automatically checks for software upgrades AND new products, services and special offerings from Logitech | No |
| N | LDM | ldmconf.exe | Installed with the software for Logitech products. Automatically checks for software upgrades AND new products, services and special offerings from Logitech | No |
| N | LDM | LogitechDesktopMessenger.exe | Installed with the software for Logitech products. Automatically checks for software upgrades AND new products, services and special offerings from Logitech | No |
| X | ldriver | ldriver.exe | Added by the CHORUS-A TROJAN! Searchforfree browser hijacker | No |
| U | LED TRAY | LEDTRAY.EXE | Installs a USB compact flash card reader or drive on start-up. The device is distributed by Microtech and is made by a company called SnapShot. Required if you want the reader to work | No |
| U | ledpointer | CNYHKey.exe | Chicony Electronics Multimedia Keyboard Hotkey Driver | No |
| N | LeechGet | LeechGet.exe | LeechGet download manager | No |
| X | leeman | leeman.exe | Added by the COSIAM-D TROJAN! | No |
| U | LELA | Linksys EasyLink Advisor.exe | System Tray access to Linksys EaasyLink Advisor - which "is designed to set up your home network. LELA can locate computers, routers, storage, cameras and printers as well as other devices connected to your network". Included with their newest routers | No |
| X | LEMSRV | lemsrv.exe | Added by the IRCBOT-TC TROJAN! | No |
| X | LetsSearch | LetsSearch.exe | BrowserAid/BrowserPal foistware | No |
| X | Letum | [path to worm] | Added by the LETUM.A WORM! | No |
| U | Lexmark 1200 Series | lxczbmgr.exe | "Lexmark Scan & Copy Control Program" for the Lexmark 1200 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc | No |
| U | Lexmark 2200 Series | lxbvbmgr.exe | "Lexmark Scan & Copy Control Program" for the Lexmark 2200 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc | No |
| U | Lexmark 3100 Series | lxbrbmgr.exe | "Lexmark Scan & Copy Control Program" for the Lexmark 3100 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc | No |
| U | Lexmark 4200 Series | lxbmbmgr.exe | "Lexmark Scan & Copy Control Program" for the Lexmark 4200 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc | No |
| U | Lexmark 5000 Series Fax Server | fm3032.exe | FaxMan integrates complete fax send and receive support into Windows applications without requiring additional fax software | No |
| U | Lexmark 5200 series | lxbtbmgr.exe | "Lexmark Scan & Copy Control Program" for the Lexmark 5200 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc | No |
| U | Lexmark 5400 Series Fax Server | fm3032.exe | FaxMan integrates complete fax send and receive support into Windows applications without requiring additional fax software | No |
| U | Lexmark 6500 Series Fax Server | fm3032.exe | FaxMan integrates complete fax send and receive support into Windows applications without requiring additional fax software | No |
| U | Lexmark 7600 Series Fax Server | fm3032.exe | FaxMan integrates complete fax send and receive support into Windows applications without requiring additional fax software | No |
| U | Lexmark 9300 Series Fax Server | fm3032.exe | FaxMan integrates complete fax send and receive support into Windows applications without requiring additional fax software | No |
| X | Lexmark Print | lexmark.exe | Added by a variant of the SPYBOT WORM! See here | No |
| U | Lexmark X1100 Series | lxbkbmgr.exe | "Lexmark Scan & Copy Control Program" for the Lexmark X1100 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc | No |
| U | Lexmark X5100 Series | lxbabmgr.exe | "Lexmark Scan & Copy Control Program" for the Lexmark X5100 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc | No |
| U | Lexmark X5400 Series Fax Server | fm3032.exe | FaxMan integrates complete fax send and receive support into Windows applications without requiring additional fax software | No |
| U | Lexmark X6100 Series | lxbfbmgr.exe | "Lexmark Scan & Copy Control Program" for the Lexmark X6100 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc | No |
| U | Lexmark X63 Button Manager | AcBtnMgr_X63.exe | "Lexmark Scan & Copy Control Program" for the Lexmark X63 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc | No |
| U | Lexmark X63 Button Monitor | ACMonitor_X63.exe | Button monitor for the Lexmark X63 all-in-one multifunction printer/copier/scanner. Works in conjunction with the "Lexmark Scan & Copy Control Program" button manager whose filename is "AcBtnMgr_X63.exe" | No |
| U | Lexmark X73 Button Manager | AcBtnMgr_X73.exe | "Lexmark Scan & Copy Control Program" for the Lexmark X73 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc | No |
| U | Lexmark X73 Button Monitor | ACMonitor_X73.exe | Button monitor for the Lexmark X73 all-in-one multifunction printer/copier/scanner. Works in conjunction with the "Lexmark Scan & Copy Control Program" button manager whose filename is "AcBtnMgr_X73.exe" | No |
| U | Lexmark X74-X75 | lxbbbmgr.exe | "Lexmark Scan & Copy Control Program" for the Lexmark X74-X75 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc | No |
| U | Lexmark X83 Button Manager | AcBtnMgr_X83.exe | "Lexmark Scan & Copy Control Program" for the Lexmark X83 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc | No |
| U | Lexmark X83 Button Monitor | ACMonitor_X83.exe | Button monitor for the Lexmark X83 all-in-one multifunction printer/copier/scanner. Works in conjunction with the "Lexmark Scan & Copy Control Program" button manager whose filename is "AcBtnMgr_X83.exe" | No |
| U | Lexmark X84-X85 Button Manager | AcBtnMgr_X84-X85.exe | "Lexmark Scan & Copy Control Program" for the Lexmark X84-X85 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc | No |
| U | Lexmark X84-X85 Button Monitor | ACMonitor_X84-X85.exe | Button monitor for the Lexmark X84-X85 all-in-one multifunction printer/copier/scanner. Works in conjunction with the "Lexmark Scan & Copy Control Program" button manager whose filename is "AcBtnMgr_X84-X85.exe" | No |
| N | LexmarkPrinTray | printray.exe | Lexmark Printer icon in the System Tray for quick access. Not required - uncheck via Printer configuration rather than MSCONFIG. Can also be listed as PrinTray | No |
| X | Lexmark_X79-55 | lsasss.exe | Added by the ZONEBAC TROJAN! | No |
| X | lexplore | lexplore.exe | Added by the BROPIA WORM! Note - the executable is spelt with a lower case "L" rather than an lower or upper case "i" which is the case with Internet Explorer | No |
| N | lexpps | lexpps.exe | For Lexmark printers. From Lexmark: "This enables bi-directional printing over a peer to peer network. If the printer is connected directly to your PC, the file is not used, (or should not be used) at all". It is known that firewalls can however alert you to "lexpps.exe" requesting server privileges | No |
| U | LexStart | lexstart.exe | Lexmark printer software may add Lexstart.exe in the startup folder to handle print commands that you send to the printer. Sometimes required for the printer to work correctly - not in the case of a Lexmark Z42 for instance | No |
| X | Lfh | Lfh.exe | Added by the ZAURGA-A TROJAN! | No |
| U | Lfsndmng | lfsndmng.exe | LightningFAX Enterprise Fax Server - "puts faxing at the fingertips of networked enterprise users. It enables rapid, secure sending and Direct-To-Desktop Delivery of mission-critical documents" | No |
| U | LG Direct Media Button Service | LGDMEBTN.exe | Supports the Direct Media button on LG Notebooks that support it - such as the S1 PRO EXPRESS DUAL. Pressing this button launches the application for watching movies or listening to music | No |
| N | LG Intelligent Update | autoupdate.exe | Automatic update utility for LG Notebooks | No |
| N | LG Magnifier | MagnifyingGlass.exe | Screen area magnifying utility for LG Notebooks | No |
| U | LGDCore | LGDCore.exe | Driver/utility for Logitech G-Series gaming keyboards and mice | No |
| X | lgfxTray | lgfxTray.exe | Added by the TAKEOBEL WORM! Note - the filename has a lower case "L" rather than an upper case "i" at the beginning and should not be confused with the valid Intel graphics file "igfxtray.exe" | No |
| X | lgm | lgm.exe | Added by the ACID-F WORM! | No |
| U | LGODDFU | fwupdate.exe | Auto firmware update program for LG Electronics CD-ROM/DVD writer | No |
| U | LgWDskTp | LgWDskTp.exe | Logitech Wireless Desktop mouse and keyboard software. There is an icon for this program on the taskbar next to the clock | No |
| N | lhttseng | rundll32.exe ..lhttseng.inf, RemoveCabinet | Left over after installation of the British English version of the Lernout & Hauspie Text To Speech (TTS) Engine | No |
| X | li-multi**** | li-multi****.exe | Adult web-dialler - **** is random | No |
| X | li-rcash00001 | vldial.exe | Added by the Vl TROJAN! | No |
| X | li-speed**** | dlres.exe | Adult web-dialler - **** is random | No |
| X | li-thund**** | li-thund****.exe | Adult web-dialler - **** is random | No |
| X | li-vita**** | li-vita****.exe | Adult web-dialler - **** is random | No |
| X | li01f948 | rundll32.exe li01f948.dll, EnableRunDLL32 | LZIO.com adware downloader. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "li01f948.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| X | libtec | rundll32.exe libtec.dll,start | Added by the AKBOT-AI WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "libtec.dll" file is found in %System% | No |
| N | LicCrtl | runservice.exe | Part of the eLicense Copy Protection scheme employed by some software and games. When this service is not running, the eLicense wrapper is unable to extract and execute the program | No |
| U | LicCtrl | rundll32.exe MMFS.DLL, Service | Part of the eLicense Copy Protection scheme employed by some software and games. When this service is not running, the eLicense wrapper is unable to extract and execute the program. Note that the "MMFS.DLL" file is located in the Winnt or Windows folder | No |
| X | License Manager | license_manager.exe | MediaPipe peer-to-peer file swapping program also reported as a hijacker | No |
| X | lich | lich.exe | Added by the QLOWZON-BN TROJAN! | No |
| U | LidPolicy | pwrschem.exe | A utility for configuring certain HP notebook models to enter Standby mode when the lid is closed only when running on battery | No |
| X | Life FireWall Update1 | FireWall-Update1.exe | Added by the RBOT-ARS WORM! | No |
| ? | LifeCam | LifeExp.exe | Related to Microsoft's LifeCam series of webcams. What does it do and is it required? | No |
| U | LifeChat | LifeChat.exe | Support software for Microsoft's "LifeChat" headsets - which are optimized for use with Windows Live Messenger | No |
| N | LifeDrive Manager | LifeDriveMgr.exe | Keeps the Palm LifeDrive Manager utility in the systray. Shortcut available via Start -> Programs | No |
| U | LifeDrive? Manager | LifeDriveMgrTray.exe | System Tray utility for the Palm LifeDrive Mobile Manager | No |
| N | LifeScape Media Detector | PicasaMediaDetector.exe | Media detector for Picasa's automatic photo organizer | No |
| X | lify | yujixit.exe | Added by a variant of the SDBOT WORM! | No |
| U | Lightning Download | Lightning.exe | Lightning Download download manager. Can be launched manually, but will need to start up if you want it to "catch clicks" off Internet Explorer | No |
| N | Lightscribe | LightScribeControlPanel.exe | System Tray access to the LightScribe Control Panel for CD/DVD writers based upon HP's LightScribe laser-etching process - which allows you to burn a label straight onto specially coated blank disks. Part of the main LightScribe System Software (LSS) | Yes |
| N | LightScribe Control Panel | LightScribeControlPanel.exe | System Tray access to the LightScribe Control Panel for CD/DVD writers based upon HP's LightScribe laser-etching process - which allows you to burn a label straight onto specially coated blank disks. Part of the main LightScribe System Software (LSS) | Yes |
| N | LightScribeControlPanel | LightScribeControlPanel.exe | System Tray access to the LightScribe Control Panel for CD/DVD writers based upon HP's LightScribe laser-etching process - which allows you to burn a label straight onto specially coated blank disks. Part of the main LightScribe System Software (LSS) | Yes |
| X | liibr | liibr.exe | Added by a variant of the Storm/Nuwar/Zhelatin WORM! | No |
| X | Limewire | LimeWire.exe | Added by the RBOT-AGH WORM! | No |
| N | LimeWire On Startup | LimeWire.exe | LimeWire - Peer to Peer (P2P) file-sharing client. Note - as with all P2P sharing programs they are susceptible to various forms of malware | No |
| N | LimeWire x.x | LimeWire.exe | LimeWire - Peer to Peer (P2P) file-sharing client. x.x represents the version number. Note - as with all P2P sharing programs they are susceptible to various forms of malware | No |
| X | limewirepro.exe | limewirepro.exe | Added by the IRCBOT-WA WORM! | No |
| X | Limpet | explorer16.exe | Added by the RBOT-AJD WORM! | No |
| N | Line Speed Meter V3.0 | LineSpeedMeter.exe | LineSpeedMeter - detect the download and upload speed of your internet connection | No |
| U | Lingvo Launcher | Lvagent.exe | ABBYY Lingvo Electronic Dictionaries | No |
| U | LingvoTraining | Tutor.exe | ABBYY Lingvo Electronic Dictionaries | No |
| X | Linker | LinkMaker.exe | Links adware | No |
| X | links | links.exe | Added by the LOWZONE-BI TROJAN! | No |
| N | Linksts | linksts.exe | Tray icon which gets installed when you install the drivers for Asuscom internal ISDN modem cards (or rebadged Asuscom ISDN cards, such as MRi). This icon enables you to monitor or configure your ISDN card. Once you have configured your ISDN card correctly, you will never need to use this icon | No |
| X | Linksys Modem Drivers | linksys.exe | Added by the IRCBOT.VD WORM! | No |
| X | linkyuu | linkuyy.exe | Added by the DLOADER.MC TROJAN! | No |
| X | Linux | Linux.vbs | Added by the LOVELETTER.AS VIRUS! | No |
| U | LiquidView | lviewj.exe | "Liquid View lets you increase the legibility of the Microsoft Windows interface regardless of your display's native resolution. The software lets you increase the size of items that are hard to read on your monitor" | No |
| X | Lisa | Lisa.exe | Added by the SCOM-D premium rate adult content dialler | No |
| X | List checker 32 BIT | list32.exe | Added by the RBOT-AHO WORM! | No |
| X | Litebot | [path to trojan] | Added by the LITEBOT-A TROJAN! | No |
| N | LIU | LIU.exe | Logitech Internet Update. Used to update drivers/software for Logitech's Wingman, QuickCam, etc devices. Reports claim it doesn't work very well and you can manually update the files anyway | No |
| N | LIU | Rubicon.exe | Logitech Internet Update. Used to update drivers/software for Logitech's Wingman, QuickCam, etc devices. Reports claim it doesn't work very well and you can manually update the files anyway | No |
| N | Live Menu | Dllcmd32.exe | eFax Send button for eFax Messenger Plus. Available via Start -> Programs Disabling instructions available here | No |
| X | Live Messanger | livemsgr.exe | Detected by Kaspersky as the RBOT.BXX WORM! See here | No |
| X | Live Messanger | wllmsngr.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| ? | live rdr | loadloud.exe | ?? | No |
| X | Live update monitor | srvany32.exe | Added by the AGOBOT.AFM WORM! | No |
| X | Live Windows Messenger Version | msnmessage7.7.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Live Windows Messenger Version | msnmsngrlive.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| X | Live-Help | lmns.exe | Added by the RBOT-GHE WORM! | No |
| X | Live-Messenger.exe | Live-Messenger.exe | Detected by Symantec as the SILLYP2P WORM! See here | No |
| N | LiveMonitor | LMonitor.exe | MSI Live Update - auto-detects and suggests the latest BIOS/Driver/Utilities information | No |
| N | LiveNote | Livenote.exe | Asus graphics card driver live update feature | No |
| X | LiveSexCams | LiveSexCams.exe | Premium rate adult content dialler | No |
| U | LiveUpdate | LiveUpdate.exe | Web-update utility as used by various types of software - see here | No |
| X | LiveUpdate | [Windows username]05.exe | Added by the LINEAGE TROJAN! | No |
| X | LiveUpdate | smss.exe | Added by the VB.BAU TROJAN! Note - this is not the legitimate smss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "isas" subfolder of the Winnt or Windows folder | No |
| N | LiveUpdate | Copyer.exe | Samsung PC Studio is a Windows-based PC program package that you can use easily to manage personal data and multimedia files by connecting a Samsung Electronics Mobile phone (GSM/GPRS/UMTS) to your PC. You can launch the update manually - see the instructions here for example | No |
| X | LiveUpdate32 | services.exe | Added by the VB.BAU TROJAN! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "isas" subfolder of the Winnt or Windows folder | No |
| X | Livre | Dibane.bat | Added by the BANEDI VIRUS! | No |
| X | Ljx | rundll32.exe | Added by the LINEAG-ABD TROJAN! Note - this is not the legitimate rundll32.exe process, which is found in the Windows folder (98ME) or the System32 folder(NT2000XP). This file is located in the "inf" sub-folder | No |
| X | lk3h1 | [path to file] | Added by the MOSUCK-G TROJAN! | No |
| ? | LLMODCL2 | rundll.exe setupx.dll, InstallHinfSection ..LLMODCL2.INF | ?? | No |
| N | LM Status | LMSTATUS.EXE | Xerox WorkCenter XE - language monitor status application | No |
| X | LMA Manager | lmamanager.exe | Added by the TILEBOT-AD WORM! | No |
| U | LManager | QtZgAcer.EXE | Acer Launch Manager - on Acer laptops it allows users to configure shortcut keys and to set the operating state of the WLAN module and the (optional) Bluetooth radio | No |
| U | LManager | QtZpAcer.exe | Acer Launch Manager - on Acer laptops it allows users to configure shortcut keys and to set the operating state of the WLAN module and the (optional) Bluetooth radio | No |
| U | LManager | HotkeyApp.exe | Programmable keys on Acer, Fujitsu and other laptops | No |
| U | LManager | QtaET2S.EXE | Acer Launch Manager - on Acer laptops, provides configurability for the special keys on their range of multimedia keyboards | No |
| U | LManager | CPLBCL53.EXE | System Tray icon found on Acer Travelmate laptops that allow you control access to the Internet and email buttons and other computer configurations | No |
| X | lMAPl | lMAPl.exe | Added by the AGOBOT-RE WORM! | No |
| U | LMgrOSD | OSDCtrl.exe | OSD (on-screen-display) utility - part of Acer Launch Manager. Gives you control to customize the monitor to your liking...from sound, brightness, contrast, horizontal and vertical positions, phase, pixel clock, color and language | No |
| N | LMonitor | LMonitor.exe | MSI Live Update - auto-detects and suggests the latest BIOS/Driver/Utilities information | No |
| ? | lmpdpsrv | lmpdpsrv.exe | Related to a Lexmark printer/scanner. Printer sharing server? Is it required? | No |
| X | lmrt | lmrt.exe | Unidentified adware | No |
| N | LMSTATUS | LMSTATUS.EXE | Xerox WorkCenter XE - language monitor status application | No |
| Y | LMSXXD | LMSXXD.exe | Driver for Xerox XD series printer/copiers | No |
| X | lmu | LMU.exe | Detected by Kaspersky as the AGENT.BG TROJAN! | No |
| X | lnternet Explorer | AMSNDMGR.EXE | Added by the KWBOT.R WORM! Note that the "l" is a lower case "L" and not an upper case "I" | No |
| X | lnternet Update | lExplore.exe | Added by the RBOT-GRH WORM! Note - the executable is spelt with a lower case "L" rather than an lower or upper case "i" which is the case with Internet Explorer | No |
| X | lnwin.exe | lnwin.exe | Added by the DLOADR-ATC TROJAN! | No |
| X | load | mdm.exe | Added by the BINGHE TROJAN! Note - this is not the legitimate Machine Debug Manager (mdm.exe) process which is always located in %ProgramFiles%\Microsoft Shared. This one is located in %System% | No |
| X | load | msgsr32.exe | Added by the SDBOT-QR WORM! | No |
| X | load | [path to worm] | Added by the KELVIR.AI WORM! | No |
| X | Load | MyGame.exe | Added by the LAMEYEAR-A WORM! | No |
| X | load | _Kerne1.exe | Added by the LINEAGE-AN TROJAN! | No |
| X | load | Internat.exe | Added by the WOWCRAFT TROJAN! | No |
| X | load | rundll32.exe | Added by the WOWCRAFT TROJAN! | No |
| X | load | svhost32.exe | Added by the WOWCRAFT TROJAN! | No |
| X | load | svchsot.exe | Added by the GWGHOST-O TROJAN! | No |
| X | load | explorer.exe | Added by the LINEAGE-OZ TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System% | No |
| X | load | Kerne121.exe | Added by the LINEAGE-ON TROJAN! | No |
| X | load | Kerne1211.exe | Added by the LINEAGE-DY TROJAN! | No |
| X | load | rundl132.exe | Added by the LOOKED-CK WORM! | No |
| X | load | ctftpscr32.exe | Added by the AGENT-FPN TROJAN! | No |
| X | Load | win32.exe | Added by the RUBBLE-A WORM! | No |
| X | load | QQ.exe | Added by the QUADRULE.A WORM! Note - this is not the Tencent QQ Asian instant messanger program which is located in %Windir% | No |
| X | load | WinExplorer.exe | Added by the VB.EIW WORM! | No |
| X | load | Systemfile.dll.vbs | Added by an unidentified WORM or TROJAN! See here | No |
| X | Load Service | SvHost.exe | Added by the PESIN-D WORM! | No |
| U | LOAD WB | LOADWB.EXE | Part of Stardock's WindowBlinds custom desktop program. "WindowBlinds is the first utility of its kind. It extends Win98/NT/2K/XP to have a fully skinnable user interface. You can change the style of title bars, buttons, toolbars and much more". If you use it - keep it if not then uninstall it | No |
| X | Load-Guard | Wscript.exe LGuarg.exe.vbs | Added by the YENO.B and YENO.C WORMS! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted. The "LGuarg.exe.vbs" file is located in the Winnt or Windows folder | No |
| X | LOAD32 | Lorena.exe | Added by the MAPSON.C WORM! | No |
| X | load32 | load32.exe | Added by the NIBU, BAMBO TROJANS and DUMARU WORM! | No |
| X | load32 | l32x.exe | Added by the DUMARU.Z or DUMARU.Y or DUMARU.AD WORM! | No |
| X | load32 | 1111a.exe | Added by the DUMARU.AH WORM! | No |
| X | load32 | swchost.exe | Added by the TURTA.A WORM! | No |
| X | load32 | netda.exe | Added by the NIBU.E TROJAN! | No |
| X | load32 | winldra.exe | Added by the NIBU.J BACKDOOR or DUMARU-BI TROJAN! Note - also known as Srv.SSA-KeyLogger by Sunbelt Software which has developed a free removal tool for this keylogger | No |
| N | load= | adw30.exe | After Dark for Windows - screen saver program. Popular before screen savers were integrated into Win95 | No |
| U | load= | asistat.exe | Status monitor for an NEC SuperScript printer | No |
| ? | load= | cfgsys32.exe | ?? | No |
| U | load= | esspk.exe | Speakerphone capability through a soundcard for an ESS modem | No |
| Y | load= | hotkey.exe | Solo 5300 display driver for Win2K on some Gateway laptops | No |
| N | load= | HPWHRC.EXE | Loads the Status Window software for the HP Laserjet printers | No |
| ? | load= | WPSLOAD.EXE | Windows printing system that comes with the setup for Canon BJC series on the manufacturer's disk | No |
| N | load= | vi_grm.exe | Monitor drivers for Trio2x/3x based video cards - displays control panel for quick access to display settings | No |
| ? | load= | WINOSCFG.EXE | Could it be something to do with configuring Windows on a new PC from an OEM supplier? | No |
| Y | load= | wpshrc.exe | Required to prevent configuration errors on a Compaq LBP-660 and LBP-460 parallel port laser printers (and maybe others) | No |
| Y | load= | Bfrecv.exe | Bitware modem driver | No |
| X | load= | msater.exe | Added by the RETSAM TROJAN! | No |
| X | load= | shambl3r.exe | Added by the REMABL WORM! | No |
| X | load= | Spoolsv.exe | Added by the CIADOOR.B TROJAN! Note - this is not the legitimate spoolsv.exe which is always located in %System%. This one is located in %Windir% | No |
| ? | Load= | wtfeat.exe | Associated with the Wintab Digitizer | No |
| Y | load= | AICLIENT.EXE | Asset Insight from Tangram - asset managing software. Required if an organisation is running a centrally administered asset management system | No |
| X | load= | hint.exe | Added by the ATAK WORM! | No |
| X | load= | win32exec.exe | Added by the BITTER WORM! | No |
| X | load= | a1g.exe | Added by the ATAK.B WORM! | No |
| X | load= | dapdll.exe | Added by the ATAK.E WORM! | No |
| X | load= | svhost32.exe | Added by the LINEAGE-AB TROJAN! | No |
| Y | load= | 01comm32.exe | Related to Elsa CommPro (Communicate Pro) access software for Microlink modems - this software contains answering machine and fax functions, plus a terminal program, a WWW-browser launch function, Internet telephony, and address management. Required if you use those | No |
| X | load= | inetinfo.exe | Added by the PROXY-GG TROJAN! | No |
| X | load= | Kerne14.exe | Added by the LINEAGE-BA TROJAN! | No |
| X | Loadab1 | explorer.exe | Added by the LINEAGE-AJ TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %ProgramFiles% | No |
| Y | LoadBlackD | blackd.exe | This is the "intrusion detection system" of the BlackICE PC Protection (was Defender) firewall which loads independently of the "user interface" (BlackICE Utility) | No |
| U | LoadBtnHnd | BtnHnd.exe | Fujitsu Siemens Lifebook laptops have some buttons on the case that can be programmed to execute specified programs (like hotkeys). The buttons can also be used as a combination lock input | No |
| X | LoadDBackUp | BcTool.exe | Added by the GIBE WORM! | No |
| X | loaddll | loaddll.exe | Winvest spyware | No |
| Y | LoadDvpApi9x | DVPAPI9X.exe | Command AntiVirus for Windows 95/98/Me | No |
| X | loader | loader.exe | Homepage hijacker, redirecting to coolwwwsearch.com. Downloader for iedll.exe | No |
| X | loader | WMPLAYER.EXE | Unknown baddie - WMPLAYER.EXE is stored in the location and uses the same name as Windows Media Player but that valid Windows program doesn't load at startup | No |
| X | loader32 | sys*****.exe [***** = random digit] | Added by the DOMCOM TROJAN! | No |
| X | loader32 | Loader32.exe | Added by an unidentified TROJAN! | No |
| X | Loaders | HeIp.exe | Added by the SDBOT-ADB WORM! | No |
| X | loadfax | loadfax.exe | Added by the WINFLUX-C TROJAN! | No |
| X | LoadFonts | LoadFonts.vbs | Homepage hijacker that changes your homepage to an adult content site | No |
| X | LoadFonts | Tahoma.vbs | Homepage hijacker that changes your homepage to an adult content site | No |
| U | LoadFujitsuQuickTouch | QuickTouch.exe | Maps the keys on a Fujitsu Siemens Lifebook application panel to various programs and functions | No |
| X | LoadGolfCourses | LoadGolfCourses.exe | PlayMiniGolf.com foistware - stealth installed! | No |
| X | LoadHTML | rundll32.exe mshtmpre.dll, MShtmpre | Mshtmpre adware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "mshtmpre.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| X | LoadingAgent | ZipLoader32.exe | Added by the OBLIVION TROJAN! This executable is one of the most common but there are more | No |
| X | LoadingAgent | msload32.exe | Added by the OBLIVION TROJAN! This executable is one of the most common but there are more | No |
| X | LoadManager | msload.exe | Added by the OPASERV.T WORM! | No |
| X | loadMecq0 | explorer.exe | Added by the MUMUBOY.C TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %ProgramFiles% | No |
| X | loadMecq3 | rundll32.exe | Added by the LEGMIR-AS TROJAN! Note - this is not the legitimate rundll32.exe process, which is found in the Windows folder (98ME) or the System32 folder(NT2000XP). This file is located in the Root folder (C:), (D:), etc | No |
| X | loadMect1 | explorer.exe | Added by the LINEAGE-L TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %ProgramFiles% | No |
| X | loadMefs | rundll32.exe | Added by the LEGMIR-JB TROJAN! Note - this is not the legitimate rundll32.exe process, which is found in the Windows folder (98ME) or the System32 folder(NT2000XP). This file is located in the Windowsinf or Winntinf folder | No |
| X | loadMefs | smss32.exe | Added by the FLOOD-EL TROJAN! | No |
| N | LoadMSvcmm | msvcmm32.exe | Auto-update for Movielink - internet movie rental System Tray access | No |
| X | LoadOrderVerification | [random filename] | Added by the TRON.A TROJAN! | No |
| U | Loadout Manager | nost_LM.exe | Manager for the Belkin Nostromo n50 SpeedPad game controller - see here | No |
| X | LoadPFW | wmimgr.exe | Added by the QEDS-B WORM! | No |
| X | LoadPowerProfile | ASDAPI.EXE | Added by the CABRO TROJAN! Not to be confused with the valid LoadPowerProfile entry where the command is Rundll32.exe powrprof.dll | No |
| U | LoadPowerProfile | Rundll32.exe powrprof.dll | Power management specifics such as monitor shut-off, system standby, etc. Associated with power management and is listed twice - see here. Loads your selected power scheme. May not be required - depends upon whether you modify the default Control Panel -> Power Options settings | No |
| X | LoadPowerProfile | Rundll.exe powerprof.dll | Added by the LOXOSCAM TROJAN! Note - do not confuse with the valid LoadPowerProfile entry! Notice that the infected version uses "Rundll.exe" whereas the uninfected version uses "Rundll32.exe" | No |
| X | LoadPowerProfile | rundl.exe | Added by the TOFAZZOL TROJAN! Not to be confused with the valid LoadPowerProfile entry where the command is Rundll32.exe powrprof.dll | No |
| X | LoadPowerProfile | Rundll32.exe | Added by the MIROOT WORM! Note - do not confuse with the valid LoadPowerProfile entry which has "powrprof.dll" appended to the command/data line | No |
| X | LoadPowerScheme | rundll32.exe powerprof.dll CheckPowerProfile | Ulubione adult content dialer. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| U | LoadQM | loadqm.exe | Installed with MSN Explorer and loads the MSN Queue Manager. Required to enable the WU AutoUpdate feature. Note that disabling this can sometimes prevent internet sharing working on Win2K Pro SP2. Reports also suggest that removing it will re-enable internet access - hence the "users choice" recommendation. If you have problems leave it, otherwise I recommend you disable it | No |
| X | loads.exe | loads.exe | MediaMotor adware | No |
| X | loads.exe | medload.exe | Medload adware | No |
| X | loads.exe | suploads.exe | Added by the AGENT-BZ TROJAN! | No |
| X | LoadService | Rest In Peace | Added by the KANGAROO-A WORM! | No |
| X | LoadService | Maaf, tempatmu bukan di sin | Added by the KAGEN-A TROJAN! | No |
| X | LoadService | Virus | Added by the CAGER.A WORM! | No |
| X | LoadSIPS | rundll32.exe SIPSPI32.dll, SIPSPI32 | 123Mania adware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "SIPSPI32.dll" file is found in the System folder | No |
| ? | LoadWatcher | Test.exe | Reportedly part of a webcam surveillance program that's supposed to test SMTP dialling in the event of an alert? Is this correct? | No |
| X | LoadWatcher | watcher.exe | Watcher spyware | No |
| X | loadwin | winset.exe | Added by the QQPASS-I TROJAN! | No |
| X | loadwin | winsys.exe | Added by the QQPASS-J TROJAN! | No |
| X | LoadWindowsFile | Kernel32.exe | Added by the DELF.B TROJAN! | No |
| X | LoadWindowsFile | winreg.exe | Added by the HUPIGON.A BACKDOOR! | No |
| X | Local Area Network | OpenGL.exe | Added by a variant of the RBOT WORM! | No |
| X | Local Authority Service | lsass.exe | Added by the MARKTMAN-C TROJAN! Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | Local Internet Connection | LIC.exe | Added by the SDBOT-YA WORM! | No |
| X | LOCAL INTERNET WEB DRIVERS FOR WIN32 | phqghume.exe | Added by a variant of the RBOT WORM! | No |
| X | Local Page | http://find.naupoint.com | Naupoint browser hijacker | No |
| X | Local runole service | srvc32.exe | Added by the SMALL-DP TROJAN! | No |
| X | Local Security Authority Servce | lssas.exe | Added by the POEBOT-T WORM! | No |
| X | Local Security Authority Service | lssas.exe | Added by the POEBOT-J WORM! | No |
| X | Local Security Authority Service | Isass.exe | Added by the LINKBOT.M WORM! | No |
| X | Local Service | Intenat.exe | Added by the NUCLEAR-J TROJAN! | No |
| X | Local Service | services.exe | Added by the P2PWORM-T WORM! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "Cursors" subfolder of the Windows or Winnt folder | No |
| X | Local-Settings-of-[User Name] | [User Name].exe | Added by the GAVGENT.A WORM! | No |
| U | LocalProxy | proxy4free.exe | "ProxyTools is a package of Perl network utilities designed mainly to assist those whose Internet access is censored, unreliable, or otherwise damaged. Uncensored access is provided to any outside service required (Usenet News, Web browsing, IRC, Socks etc.). Setup requires installation of Perl and some modules" | No |
| X | LocalSystem | svchost.exe | EHU adware. Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup! | No |
| X | Locator Service | [filename] | Added by the AGOBOT-KY TROJAN! | No |
| U | Lock My PC | lockpc.exe | Lock My PC - a tool for quick computer locking when you leave it unattended. It shows a lock screen, disables Windows hot keys and mouse | No |
| X | logg | logo_1.exe | Added by the PWFUZZ-A WORM! | No |
| X | Logical Disk Detection | mrisvc.exe | Detected by Kaspersky as the IRCBOT.AOW TROJAN! See here | No |
| N | Logiciel de transfert d'images KODAK | pts.exe | Looks for Kodak camera connection and media insertion. Available via Start -> Programs | No |
| U | Login | winlog.exe | Salfeld Child Control - parental control software | No |
| X | login | [path to trojan] | Added by the HOTWORD-A TROJAN! | No |
| X | Login | Login.exe | Added by the BANCBAN-AH TROJAN! | No |
| X | Login | lala.exe | Added by the BUGSPR-A TROJAN! | No |
| X | Login Screen Saver | login.scr | Added by the RBOT-AVN WORM! | No |
| X | Login Service | [path to file] | Added by the MIGMAF TROJAN! | No |
| X | LoginPassport | Lgnpsp32.exe | Added by the REDIST.C WORM! | No |
| X | loginui32 | loginui32.exe | Added by the LONGNU.A TROJAN! | No |
| X | Logitech | Logitech.exe | Added by the RBOT.BJH WORM! | No |
| U | Logitech BT Wizard | LBTWiz.exe | Bluetooth connection manager for Logitech based bluetooth wireless products | No |
| X | Logitech Camera | Soundcane.exe | Added by the SDBOT.MUC WORM! | No |
| X | Logitech Desktop | ApPache.exe | Added by the RBOT-YP WORM! | No |
| X | Logitech Desktop | IPCONN.EXE | Added by the SDBOT-WE WORM! | No |
| X | Logitech Desktop Controller | wrcam.exe | Added by a variant of the RBOT WORM! | No |
| N | Logitech Desktop Messenger | backweb-8876480.exe | Installed with the software for Logitech products. Automatically checks for software upgrades AND new products, services and special offerings from Logitech | No |
| N | Logitech Desktop Messenger | ldmconf.exe | Installed with the software for Logitech products. Automatically checks for software upgrades AND new products, services and special offerings from Logitech | No |
| N | Logitech Desktop Messenger | LogitechDesktopMessenger.exe | Installed with the software for Logitech products. Automatically checks for software upgrades AND new products, services and special offerings from Logitech | No |
| U | Logitech Hardware Abstraction Layer | Khalmnpr.exe | Part of the Logitech Setpoint software for their wired and wireless mice and trackballs. Sets the Windows mouse sensitivity to minimum. The idea is that you will use the SetPoint Control Panel to adjust your mouse sensitivity. This setting is maintained separately from the Windows setting, but is combined with the Windows setting to determine the final sensitivity. For this reason, KHALMNPR sets the Windows setting to 0 so it doesn't alter the one you set in SetPoint | No |
| U | Logitech Harmony Remote | HarmonyClient.exe | Logitech Harmony advanced universal remote | No |
| U | Logitech Harmony Remote Software 7 | HARMON~1.EXE | Logitech Harmony Advanced Universal Remote controller software | No |
| U | Logitech SetPoint | KEM.exe | Keyboard and mouse drivers and utilities for Logitech's latest products - supersedes iTouch and MouseWare on their older products. Required if you use special features such as multimedia keys | No |
| U | Logitech SetPoint | KHALMNPR.EXE | Part of the Logitech Setpoint software for their wired and wireless mice and trackballs. Sets the Windows mouse sensitivity to minimum. The idea is that you will use the SetPoint Control Panel to adjust your mouse sensitivity. This setting is maintained separately from the Windows setting, but is combined with the Windows setting to determine the final sensitivity. For this reason, KHALMNPR sets the Windows setting to 0 so it doesn't alter the one you set in SetPoint | No |
| U | Logitech SetPoint | Setpoint.exe | Logitech SetPoint Event Manager for their range of mice and keyboards. Required if you want to use the advanced features of these devices and is located in the LogitechSetpoint sub-folder of Program Files | No |
| U | Logitech Utility | Logi_MwX.exe | Logitech Mouseware driver. Needed to support some additional functionality of Logitech mice/trackballs such as "SmartMove". If you disable it and find you don't need it leave it disabled | No |
| N | Logitech Wakeup | lgwakeup.exe | Loads at startup and monitors the scanner. When a document is inserted in the scanner the wakeup program feeds the document a fraction of a inch into the scanner and then it launches the control center software. From the control center you can select whether to fax or copy or print the scanned documents. If you uncheck the Logitech wakeup software from the startup it no longer launches the control center or feeds the document a fraction of an inch. You can manually launch the control center software via Start ->Programs and still be able to scan images | No |
| X | Logitech Wireless | logitechwls.exe | Added by the MYTOB-BS WORM! | No |
| U | LogitechCameraAssistant | CameraAssistant.exe | Related to Logitech QuickCams and provides additional configuration options for these devices | No |
| U | LogitechCameraService(E) | ElkCtrl.exe | Related to Logitech Camera Service and provides additional configuration options for these devices | No |
| Y | LogitechCommunicationsManager | communications_helper.exe | Installed with a Logitech Quickcam Messenger and if disabled the camera will not work - at least not in the quick capture mode | No |
| N | LogitechDesktopMessenger | LogitechDesktopMessenger.exe | Installed with the software for Logitech products. Automatically checks for software upgrades AND new products, services and special offerings from Logitech | No |
| U | LogitechGalleryRepair | ISStart.exe | LogitechGalleryRepair/LogitechVideoRepair - part of Logitech Image Studio - installed with Logitech QuickCam cameras. Required from version 8.11 onwards if you use the software to take pictures and capture videos, not if you don't. Also not required for versions up to and including 7.30 and after version 8.30 - hence the "U" rather than "Y" recommendation | No |
| N | LogitechImageStudioTray | LogiTray.exe | Logitech Image Studio - installed with Logitech QuickCams | No |
| N | LogitechQuickCamRibbon | quickcam10.exe | Installed with a Logitech Quickcam Messenger. Camera's software which is non-essential. When you open it, it allows you to open the quick capture, camera settings, etc | No |
| X | Logitechs | Logitechs.exe | Added by the SDBOT.BWE WORM! | No |
| N | LogitechSoftwareUpdate | ManifestEngine.exe | Updater, part of Logitech Image Studio - installed with Logitech QuickCam cameras | No |
| U | LogitechVideoRepair | ISStart.exe | LogitechGalleryRepair/LogitechVideoRepair - part of Logitech Image Studio - installed with Logitech QuickCam cameras. Required from version 8.11 onwards if you use the software to take pictures and capture videos, not if you don't. Also not required for versions up to and including 7.30 and after version 8.30 - hence the "U" rather than "Y" recommendation | No |
| N | LogitechVideoTray | LogiTray.exe | Logitech Image Studio - installed with Logitech QuickCams | No |
| N | LogitechVideo[inspector] | InstallHelper.exe | Logitech QuickCam software installation helper | No |
| N | LogiTray | LogiTray.exe | Logitech Image Studio - installed with Logitech QuickCams | No |
| U | Logi_Mwx | Logi_MwX.exe | Logitech Mouseware driver. Needed to support some additional functionality of Logitech mice/trackballs such as "SmartMove". If you disable it and find you don't need it leave it disabled | No |
| U | LogMeIn GUI | LogMeInSystray.exe | RemotelyAnywhere is a remote administration and remote control solution for Windows. It allows access to the host computer via the network (the LAN, an intranet or the Internet) - and on the client side all you need is a web browser, a terminal emulator or a WAP-enabled phone | No |
| U | LogMeIn GUI | ragui.exe | RemotelyAnywhere is a remote administration and remote control solution for Windows. It allows access to the host computer via the network (the LAN, an intranet or the Internet) - and on the client side all you need is a web browser, a terminal emulator or a WAP-enabled phone | No |
| X | Logo | [path to trojan] | Added by the DLOADER-RH TROJAN! | No |
| U | Logon Loader | LogonLoader.exe | Logon Loader - customize boot & login screens | No |
| U | Logon Loader Random | LogonLoader.exe | Logon Loader - customize boot & login screens | No |
| X | Logon<user> | CSRSS.EXE | Added by the BRONTOK-BH WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in Documents and Settings\<User>\Local Settings\Application Data\WINDOWS | No |
| X | Logon.exe | logon.exe | Added by the ZINS.A TROJAN! | No |
| X | LogonAdministrator | imoet.exe | Added by the RAHIWI.A WORM! | No |
| X | Logonrepclient1 | CSRSS.EXE | Added by the BRONTOK-BT WORM and variants! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in Documents and Settings\<User>\Local Settings\Application Data\WINDOWS | No |
| X | Logonsara | csrss.exe | Added by the BRONTOK-BS WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in Documents and Settings\<User>\Local Settings\Application Data\WINDOWS | No |
| U | LogonStudio | logonstudio.exe | WinCustomize LogonStudio - "Allows Windows XP users to edit, change, and apply new logon screens. LogonStudio comes built with a visual editor to make it easy to create your own logons which can then be uploaded to websites to be used by others users" | No |
| X | logonUiInit | Rundll32.exe rgtndz.dll | Identified as a variant of the Trojan-Clicker.Win32.Agent.bqy malware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "rgtndz.dll" file is found in %System% | No |
| X | LogService | wincalc.exe | Added by the PAPROXY TROJAN! | No |
| X | LogService | lsass.exe | Added by the BDOOR-IU BACKDOOR! Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | LogService | lsrss.exe | Added by the PAPROXY-D TROJAN! | No |
| U | LogService | LogService.exe | SmartKeylogger keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| U | LogWatch | logwat95.exe | Licensing patch for products installed on NT by Computer Associates such as eTrust. Detects and updates old versions of lic98.dll. Not required if you already have a newer version or the patch has been applied | No |
| X | lololol | _hideme_imhiddenlololol.exe | Added by the HIDEME-A TROJAN! | No |
| X | longos | WIWT.EXE | Added by the BANKER-CD TROJAN! | No |
| Y | Look 'n' Stop | looknstop.exe | Look 'n' Stop personal firewall | No |
| N | LookNMeet | Agent.exe | LooknMeet dating service | No |
| X | Lookup_Sys | lookupsys.exe | P04n trojan | No |
| N | Lotus Organizer EasyClip | easyclip.exe | "The Easy Clip icon automates the collection of information from sources such as e-mail to create an Organizer address, appointment, task or Notepad page." Available via Start -> Programs | No |
| N | Lotus QuickStart | smartctr.exe | Lotus central application, called SmartCenter, which runs on the Windows desktop. SmartCenter toolbar stretches across the top or, optionally, the bottom of the screen. Uses a lot of resources. Available via Start -> Programs | No |
| U | Lotus SuiteStart | suitest.exe | Puts the individual Lotus components in the system tray taskbar when you start Windows. Can be disabled via MSCONFIG -> Startup as "Lotus SuiteStart 97 Edition". All individual components available via Start -> Programs | No |
| X | LotusHlp | LotusHlp.exe | Added by the WINKO.AO WORM! | No |
| N | LowRateVoip | LowRateVoip.exe | LowRateVoip - free internet telephony utility using the VoIP (Voice over Internet Protocol). Call online friends for free and regular phones either for free (limited use) or low rates. One of a number provided by Betamax - the others generally have different rate plans. Similar to the more popular Skype | No |
| X | LowVersionSupport | [filename] | Added by the LASTRAS TROJAN! | No |
| U | LPManager | LPMGR.exe | Part of Lenovo's (was IBM) ThinkVantage Productivity Center - "guides you to a host of information and tools to help you set up, understand, maintain, and enhance your ThinkPad® notebook or ThinkCentre® desktop" | No |
| X | Lpr | Lpr123.exe | Added by the REMPSTEAL password stealer TROJAN! | No |
| X | Lpr123 | Lpr123.exe | Added by the REMPSTEAL password stealer TROJAN! | No |
| U | LPS | Lps.exe | Local Port Scanner - "With LPS you're able to check your computer for open or listening ports" | No |
| U | LPtask | lptask.exe | Program Lock It And Protect Pro - lock and protect your folders from being opened, moved or deleted | No |
| X | LRBZ Utility 32 | lrbz32.exe | Added by the AGOBOT-JQ WORM! | No |
| N | LS120 Superdisk | ?? | Supposed to accelerate transfer rate on LS-120, contributes to system lockups | No |
| X | LSA | wfdmgr.exe | Added by the MYTOB.C WORM! | No |
| X | LSA | lsa.exe | Added by the SDBOT-YV WORM! | No |
| X | LSA | msdn.exe | Added by an unidentified malware | No |
| X | LSA Service | LSASS.exe | Added by the AHKER.G WORM! Note - this is not the legitimate lsass.exe process, which should not appear in Msconfig/Startup! | No |
| X | lsa Services | lsa2srv.exe | Added by the TAME-C WORM! | No |
| X | LSA Shell (Export Version) | LSASS.exe | Added by several variants of the AHKER WORM! Note - this is not the legitimate lsass.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder | No |
| X | LSA Shellu | lsass.exe | Detected by Symantec as the SILLYFDC WORM! See here. Note - this is not the legitimate lsass.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! | No |
| X | LsaManager | lsamgr.exe | Added by the BEAGLE.DR WORM! | No |
| X | lsas | lsas.exe | Added by the BIGFAIRY-C WORM! | No |
| X | lsass | lsass.exe | Added by the RATSOU.B TROJAN! Note - this is not the legitimate lsass.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a DebugUserMode subfolder of the Winnt or Windows folder | No |
| X | lsass | start.bat | Added by the ZCREW TROJAN! | No |
| X | lsass | [path to lsass.exe] | Added by the ALADINZ.F TROJAN! Note - this is not the legitimate lasss.exe process which should NOT appear in Msconfig/Startup! | No |
| X | lsass | lsasrv.exe | Added by the MYDOOM.AG or MYDOOM.AS or MYDOOM.AU WORMS! | No |
| X | Lsass | woekd.exe | Added by an unidentified WORM or TROJAN! | No |
| X | lsass | elite***32.exe | EliteBar adware | No |
| X | Lsass | Lsass.exe | Added by the ALCOP-B WORM! Note - this is not the legitimate lsass.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder | No |
| X | Lsass | Lsass.exe | Added by the VOUMIT-A WORM! Note - this is not the legitimate lsass.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "mirc32" folder | No |
| X | LsasS | Sygate.exe | Added by the SDBOT.BCA WORM! | No |
| X | Lsass | kavmm.exe | Added by an unidentified WORM or TROJAN! NOTE - do NOT confuse with the legitimate Kaspersky antivirus module as described here. Contrary to this impostor, the legitimate file will always be located in the Kaspersky Lab folder in Program Files | No |
| X | Lsass | LSASS.EXE | Added by the PUNYA-B WORM! Note - this is not the legitimate lsass.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! | No |
| X | LSASS 32 | ISASS32.pif | Added by the ASSIRAL-C WORM! | No |
| X | Lsass 32 Manager | lsass32.exe | Added by the SDBOT.EOG WORM! | No |
| X | lsass 32-biT | lsass32.exe | Added by the RBOT.QGC WORM! | No |
| X | LSASS Authority | lshosts32.exe | Added by the SDBOT-UY TROJAN! | No |
| X | LSASS Authority | lsvhosts.exe | Added by the SDBOT.BCE WORM! | No |
| X | LSASS Daemon | LSASSd.exe | Added by a variant of the AGOBOT/GAOBOT WORM! | No |
| X | lsass service | lsass2.exe | Added by a variant of the AGOBOT/GAOBOT WORM! | No |
| X | lsass16 | lsass16.exe | Added by the BANKER-BXX TROJAN! | No |
| X | lsass2k Update | lsass2k.exe | Added by a variant of the RBOT WORM! | No |
| X | LSASS32 | Isass32.exe | Added by the KELVIR.M WORM! | No |
| X | lsass32 | lsass32.exe | Added by the LYDRA-B TROJAN! | No |
| X | lsass64BiT.exe | lsass64BiT.exe | Added by the FORBOT-CK WORM! | No |
| X | lsassig | lsassig.exe | Added by the BANCOS-EC TROJAN! | No |
| X | lsasss | lsasss.exe | Added by the GEEKMY-A TROJAN! | No |
| X | lsasss.exe | lsasss.exe | Added by the SASSER.E WORM! | No |
| Y | lsburnwatcher | lsburnwatcher.exe | HP software which helps one create labels after a music CD is burned using LightScribe discs. If you want to use LightScribe labeling, do not prevent from starting | No |
| Y | LSBWatcher | lsburnwatcher.exe | HP software which helps one create labels after a music CD is burned using LightScribe discs. If you want to use LightScribe labeling, do not prevent from starting | No |
| X | lsess | lsess.exe | Added by the SINNAKA.A WORM! | No |
| X | lsmass | lsmass.exe | Added by the WALLOP-B TROJAN! | No |
| X | lsmss.exe | lsmss.exe | Added by the PROXY-GG TROJAN! | No |
| U | LSPFix | LSPmonitor.exe | eAcceleration Stop-Sign security software related. Previously not recommended, see here | No |
| X | lspins | igps.exe | Detected by Kaspersky as the VB.KC TROJAN! | No |
| U | LSPmonitor | LSPmonitor.exe | eAcceleration Stop-Sign security software related. Previously not recommended, see here | No |
| X | lssass | lssas.exe | Added by the AGOBOT.RL WORM! | No |
| X | LSvr | LSvr.exe | PowerStrip foistware. Note - this is not the same as the video tweaking utility of the same name here | No |
| Y | LT DAEMON | ltdaemon.exe | Acts as a data spooler for the DSL modem (similar to a cache). Do not uncheck if the DSL modem is being used | No |
| X | LTCISI | ltcisi.exe | Added by the DELBOT-AP WORM! | No |
| U | LtcyCfgApply | LtcyCfg.exe | PCI Latency Tool - "Utility to set PCI Latency and possibly prevent game stutter or improve FPS" for older AGP/PCI graphics cards | No |
| X | LTDMgr | LTDMgr.exe | PowerStrip foistware. Note - this is not the same as the video tweaking utility of the same name here | No |
| X | LTM2 | MSGSRV32.EXE | Added by the LITMUS.A TROJAN! Note - MSGSRV32.EXE in this case is in a Litmus sub-directory and is not to be confused with the valid version in C:WindowsSystem | No |
| X | LTM2 | MPGSRV32.EXE | Added by the LITMUS.201 TROJAN! | No |
| X | LTM2 | MSGSRV320.EXE | Added by the LITMUS.C TROJAN! | No |
| X | LTM2 | winupdate.exe | Added by the LITMUS.203 TROJAN! | No |
| X | LTM2 | bible.exe | Added by the LITMUS.203 TROJAN! | No |
| X | LTM2 | winscan.exe | Added by the LITMUS-B TROJAN! | No |
| X | LTM2 | lssas.exe | Added by a variant of the LITMUS TROJAN! | No |
| X | LTM2 | MSGSSV32.EXE | Added by the FC.C TROJAN! | No |
| X | LTM2 | msns6 | Added by the LITMUS.C TROJAN! | No |
| X | LTM2 | RundlI.exe | Added by the MULTIDRP.BG TROJAN! | No |
| X | LTM2 | SVCHOST32.exe | Added by the LITMUS.203B TROJAN! | No |
| X | LTM2 | SVCHOST?.exe | Added by the DROPPERFL.A TROJAN! | No |
| X | LTM2 | winvers16.exe | Added by the SMALL.ND TROJAN! | No |
| U | LtMoh | Ltmoh.exe | Modem On Hold utility - manages incoming/outgoing voice calls on a single phone line while being connected to the internet | No |
| Y | LTMSG | ltmsg.exe | One of the "popular" WinModem series. WinModems use software rather than hardware - hence putting a load on the CPU. Needed if you have it for loading the drivers. See here for more WinModem information | No |
| Y | Lto Manager | DesktopLtoManager.exe | Related to Global Positioning System (GPS) found on HP iPAQ hw6500 unit and others | No |
| N | LTSMMSG | LTSMMSG.exe | Lucent Tech. Soft Modem Messaging application - may be found on Fujitsu Lifebook, Acer and Sony Vaio notebooks, maybe others too | No |
| X | LTSMSG | Shell32.exe | Added by the LEMIR.B TROJAN! | No |
| X | ltssvc | rundll32.exe ltssvc.dll,start | Added by the AKBOT-AG WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "ltssvc.dll" file is found in %System% | No |
| X | LTT2 | rundll32.exe | Added by the LINEAGE-BI TROJAN! | No |
| Y | LTWinModem1 | ltmsg.exe | One of the "popular" WinModem series. WinModems use software rather than hardware - hence putting a load on the CPU. Needed if you have it for loading the drivers. See here for more WinModem information | No |
| X | ltwob | formatsys.exe | Added by the SERFLOG.A WORM! | No |
| X | ltwob | msmbw.exe | Added by the SERFLOG.A WORM! | No |
| X | ltwob | serbw.exe | Added by the SERFLOG.A WORM! | No |
| U | LUGuard | LUGuard.exe | PC-Duo Remote Control enables your help desk technicians to take instant control of any remote desktop PC at any location across the LAN, WAN or internet | No |
| X | lup | lup.exe | Added by the IRCBOT_GEN WORM! | No |
| Y | Lusetup | LUSetup.exe | Symantec LiveUpdate installer - required to install a new version of the application. Will only run once, and the entry is automatically deleted after a reboot | No |
| U | LVComs | lvcoms.exe | Lvcomm server. Related to Logitech Quick Cam - works fine without it but it is needed for the Logitech ImageStudio software to connect to the camera | No |
| N | LVCOMSX | LVCOMSX.EXE | It provides extra functionality for Logitech multimedia webcam devices. When disabled the camera still works in quick capture but you can get a slight increase in picture quality - not so snowy and the movement wasn't so jerky | No |
| U | LWBKEYBOARD | KbdAp32A.exe | Keyboard utility for a Labtec brand (and possibly others) keyboard. If you disable this entry you will not be able to use any of the keyboard hotkeys or other non-standard functions on the keyboard | No |
| U | LWBMOUSE | lwbwheel.exe | Mouse driver - required if you use non-standard Windows driver features | No |
| U | LWBMOUSE | MOUSE32A.EXE | Mouse utility for a Lenovo brand (and possibly others) mouse. If you disable this entry you will not be able to use any of the non-standard functions of the mouse | No |
| N | Lwinst Run Profiler | lwtest.exe | Logitech Wingman Profiler for the Logitech joysticks. Available via Start -> Programs | No |
| X | lwjcjuti.exe | lwjcjuti.exe | Added by the DWNLDR-GTQ TROJAN! | No |
| Y | lxamsp32 | lxamsp32.exe | Lexmark Scan and Copy Control Program for the X63 (and maybe others) printer/scanner. Required for the scanner to work | No |
| ? | LXbbmgr | LXbbmgr.exe | Lexmark printer button manager? Is it required? | No |
| ? | LXBLKsk | LXBLKsk.exe | Lexmark related. What does it do, and is it required? | No |
| U | lxbrbmgr | lxbrbmgr.exe | "Lexmark Scan & Copy Control Program" for the Lexmark 3100 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc | No |
| ? | LXBRKsk | LXBRKsk.exe | Lexmark printer related. What does it do and is it required? | No |
| Y | LXBSCATS | rundll32 [path] LXBStime.dll, _RunDLLEntry@16 | Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll) | No |
| Y | LXBTCATS | rundll32 [path] LXBTtime.dll, _RunDLLEntry@16 | Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll) | No |
| Y | LXBUCATS | rundll32 [path] LXBUtime.dll, _RunDLLEntry@16 | Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll) | No |
| U | lxbumon.exe | lxbumon.exe | Lexmark 6200 Series printer device monitor | No |
| Y | LXBXCATS | rundll32 [path] LXBXtime.dll, _RunDLLEntry@16 | Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll) | No |
| U | lxbxmon.exe | lxbxmon.exe | Lexmark 7100 Series printer device monitor | No |
| Y | LXBYCATS | rundll32 [path] LXBYtime.dll, _RunDLLEntry@16 | Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll) | No |
| U | lxbymon.exe | lxbymon.exe | Lexmark P910 Series printer device monitor | No |
| Y | LXCCCATS | rundll32 [path] LXCCtime.dll, _RunDLLEntry@16 | Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll) | No |
| U | lxccmon.exe | lxccmon.exe | Lexmark 3300 Series printer device monitor | No |
| U | LXCDCATS | rundll32 [path] LXCDtime.dll, _RunDLLEntry@16 | Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll) | No |
| Y | LXCECATS | rundll32 [path] LXCEtime.dll, _RunDLLEntry@16 | Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll) | No |
| Y | LXCFCATS | rundll32 [path] LXCFtime.dll, _RunDLLEntry@16 | Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll) | No |
| Y | LXCGCATS | rundll32 [path] LXCGtime.dll, _RunDLLEntry@16 | Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll) | No |
| U | lxcgmon.exe | lxcgmon.exe | Lexmark 2300 Series printer device monitor | No |
| Y | LXCJCATS | rundll32 [path] LXCJtime.dll, _RunDLLEntry@16 | Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll) | No |
| Y | LXCQCATS | rundll32 [path] LXCQtime.dll, _RunDLLEntry@16 | Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll) | No |
| U | lxcqmon.exe | lxcqmon.exe | Lexmark 9300 Series printer device monitor | No |
| Y | LXCRCATS | rundll32 [path] LXCRtime.dll, _RunDLLEntry@16 | Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll) | No |
| U | lxcrmon.exe | lxcrmon.exe | Lexmark 2400 Series printer device monitor | No |
| Y | LXCTCATS | rundll32 [path] LXCTtime.dll, _RunDLLEntry@16 | Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll) | No |
| U | lxctmon.exe | lxctmon.exe | Lexmark 5400 Series printer device monitor | No |
| Y | LXCYCATS | rundll32 [path] LXCYtime.dll, _RunDLLEntry@16 | Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll) | No |
| U | lxcymon.exe | lxcymon.exe | Lexmark 3400 Series printer device monitor | No |
| U | lxdcamon | lxdcamon.exe | Lexmark 1300 Series printer device monitor | No |
| Y | LXDCCATS | rundll32 [path] LXDCtime.dll, _RunDLLEntry@16 | Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details | No |
| U | lxdcmon.exe | lxdcmon.exe | Lexmark 1300 Series printer device monitor | No |
| U | lxddamon | lxddamon.exe | Lexmark 2500 Series printer device monitor | No |
| U | lxddmon.exe | lxddmon.exe | Lexmark 2500 Series printer device monitor | No |
| U | lxdfamon | lxdfamon.exe | Lexmark 6500 Series printer device monitor | No |
| U | lxdfmon.exe | lxdfmon.exe | Lexmark 6500 Series printer device monitor | No |
| U | lxdiamon | lxdiamon.exe | Lexmark 3500-4500 Series printer device monitor | No |
| Y | LXDICATS | rundll32 [path] LXDItime.dll, _RunDLLEntry@16 | Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll) | No |
| U | lxdimon.exe | lxdimon.exe | Lexmark 3500-4500 Series printer device monitor | No |
| U | lxdjamon | lxdjamon.exe | Lexmark 1400 Series printer device monitor | No |
| U | LXDJCATS | rundll32 [path] LXDJtime.dll, _RunDLLEntry@16 | Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll) | No |
| U | lxdjmon.exe | lxdjmon.exe | Lexmark 1400 Series printer device monitor | No |
| U | lxdmamon | lxdmamon.exe | Lexmark 5000 Series printer device monitor | No |
| U | lxdmmon.exe | lxdmmon.exe | Lexmark 5000 Series printer device monitor | No |
| U | lxdvamon | lxdvamon.exe | Lexmark X5400 Series printer device monitor | No |
| U | lxdvmon.exe | lxdvmon.exe | Lexmark X5400 Series printer device monitor | No |
| U | lxdwamon | lxdwamon.exe | Lexmark 7600 Series printer device monitor | No |
| U | lxdwmon.exe | lxdwmon.exe | Lexmark 7600 Series printer device monitor | No |
| N | LXSUPMON | LXSUPMON.EXE | Lexmark printer related. The printer should work fine without it but what does it do? | No |
| ? | lycosInside | Lyc_SysTray.exe | Lycos eMail related - what does it do and is it required? | No |
| U | LyraHD2TrayApp | LYRAHD2TrayApp.exe | Related to RCA Lyra MP3 Player | No |
| X | LzioMediaUpdater | LzioMediaUpdater.exe | LZIO.com adware downloader | No |
| ? | M Player Post Installer | postinstallm.exe | ?? | No |
| X | M S DVD DirectX Dll Drivers | msxdl.exe | Added by the SDBOT-BJN WORM! | No |
| N | M-Audio Delta Taskbar Icon | DeltTray.exe | M-Audio Delta Control Panel for M-Audio brand Delta series audio cards. System Tray access to audio settings - available through Control Panel | No |
| U | M-Audio MobilePre Control Panel Launcher | MPTask.exe | Control Panel Launcher for MobilePre USB bus-powered preamp and audio interface from M-Audio | No |
| U | M-Audio Taskbar Icon | DeltaIITray.exe | System Tray access to the Delta Control Panel for the M-Audio Delta series of PCI audio cards | No |
| X | M-soft Office | M-soft Office.hta | HTA file which creates an executable on the hard drive which subsequently proceeds to download files from a malware site! | No |
| X | M1cr0s0ft S3rcurity | systemconfig.exe | Added by the RBOT.BKB WORM! | No |
| X | M1cr0s0ft Upd4t4zS | update32.exe | Added by the RBOT-MI WORM! | No |
| X | m32info | m32info.exe | Added by the CRYPTER.A TROJAN! | No |
| X | M3Development_WhenUSave_Installer | M3Development_WhenUSave_Installer.exe | WhenU.Save adware | No |
| N | M3Tray | m3tray.exe | Movielink - internet movie rental System Tray access | No |
| U | MAAgent | MAAgent.exe | Related to MarkAny - a solution to prevent is unauthorized distribution of information through Floppy, CD, email, etc | No |
| U | MacDrive | MacDrive.exe | MacDrive 7 & MacDrive 6 CrossStripe Edition from Mediafour Corporation - "a perfect way to share files between Mac OS and Windows." Version 6 is not Vista compatible but doesn "include support for striped Mac arrays created with ATTO ExpressStripe software." | No |
| U | MacDrive application | MacDrive.exe | MacDrive 7 from Mediafour Corporation - "enables anyone using Windows Vista, XP, and 2003 Server to seamlessly access Mac disks (HFS/HFS+) of all types, including CDs, DVDs, hard drives, floppy, Zip, Jaz, and more!" | No |
| ? | MacDrive7.0.4TimeOutPatch | TimeOutPatch.EXE | Part of MacDrive 7 from Mediafour Corporation - "enables anyone using Windows Vista, XP, and 2003 Server to seamlessly access Mac disks (HFS/HFS+) of all types, including CDs, DVDs, hard drives, floppy, Zip, Jaz, and more!" Interim patch for an older version? Is it no longer required? | No |
| X | Macfee Security Patch | Mpfsheild.exe | Added by the RBOT-NP WORM! | No |
| U | Machine Debug Manager | mdm.exe | Used by developers for debugging. Those who have encountered it have unchecked it with no degradation in performance. May cause your computer to "hang" if you have MS Visual Studio installed and this disabled because it appears to take over error handling - hence the U recommendatioon. Can also be listed as MDM7. See here to disable | No |
| X | Machine Debug Manager | msdn.exe | Added by a variant of the RBOT WORM! | No |
| X | Machine Update Soft | wusas.exe | Added by an unidfentified WORM! | No |
| X | machine-debugger | WMIPRVSW.exe | Added by the AGOBOT.WW WORM! | No |
| X | MachineTest | CMagesta.exe | Added by the SDBOT TROJAN! | No |
| X | mackfy.exe | msms.exe | Added by the SDBOT-DID WORM! | No |
| N | MacLic | MacLic.exe | Part of Conversions Plus from DataViz - allowing PC and MAC owners to share disks | No |
| N | MacLicense | MacLic.exe | Part of Conversions Plus from DataViz - allowing PC and MAC owners to share disks | No |
| N | MacName | MacName.exe | Part of Conversions Plus from DataViz - allowing PC and MAC owners to share disks | No |
| X | Macromedia 8 | Flash Player.exe | Added by the JAMBU-A WORM! | No |
| X | Macromedia Critical Updater | rarww.exe | Added by a variant of the RBOT WORM! | No |
| X | Macromedia Dreamweaver XM | macdwXM.exe | Added by the AGOBOT-RI WORM! | No |
| X | Macromedia Drive | Iexplor32.exe | Added by a variant of the RBOT WORM! | No |
| X | Macromedia Flash Update | scvhost.exe | Added by a variant of the RBOT WORM! | No |
| U | MACVNTFY | MACVNTFY.EXE | Part of MacDrive 6 CrossStripe Edition from Mediafour Corporation - "a perfect way to share files between Mac OS and Windows." Unlike the standard version of MacDrive 7, this version is not Vista compatible but does "include support for striped Mac arrays created with ATTO ExpressStripe software." | No |
| Y | MAD.EXE | MAD.EXE | MAD.exe is the MS Exchange 5.5 System Attendant and can also consume a large amount of resources - resolved by the latest Exchange 5.5 Service Pack. Also part of Exchange 2000 Server but does it have the same problems?. Apparently you need to leave this running but is it needed at start-up? | No |
| N | MadExe | LaunchRA.exe | Part of Dell Resolution Assistant - "a diagnostic program that allows you to contact Dell. When factory-installed by Dell, it allowed you to perform hardware and software diagnostics that provided alerts to potential problems and enabled real-time communication with Dell RA techs. You can now use RA only to contact Dell by e-mail" | No |
| U | MAFWTaskbarApp | MAFWTray.exe | Drivers for the M-Audio Firewire Audiophile - Interface | No |
| U | Magentic | Magentic.exe | Magentic by Incredimail - wallpaper/screensaver manager | No |
| U | MagicDisc | MagicDisc.exe | MagicISO - "very helpful utility designed for creating and managing virtual CD drives and CD/DVD discs" | No |
| U | MagicDsk | MAGICDSK.EXE | Magic DeskTop is a small and novel utility which will allow you the option of hiding or showing your desktop icons | No |
| U | MagicKeyboard | PreMKBD.exe | Related to Samsung laptops. Provides ability to program keys to perform specific functions | No |
| U | MagicLinker3 | MagicLnk.exe | ThaiSoftware Thai Dictionary | No |
| N | Magitime | Magitime.exe | Magitime - connection tracking utility which monitors online time, expense, data transfer | No |
| X | mahmud | mahmud.exe | Added by a variant of the Storm/Nuwar/Zhelatin WORM! See here for an example | No |
| ? | Mail.com | mcalert.exe | Mail.com - free web-mail service. Does mcalert.exe notify you when new mail has arrived? | No |
| U | MailBell | mailbell.exe | MailBell e-mail notification tool that will notify you about new messages arrived to your mailbox. Works with both POP3 mailboxes and web-mail based systems. You should be able to set your mail system to check all accounts at regular intervals anyway if you prefer (in Outlook for instance) | No |
| U | Mailbox Verifier | mboxvrfy.exe | Mailbox Verifier (MV) is free software that will notify you about new messages arrived to your mailbox. Only works with POP3 mailboxes (not web-mail based systems). You should be able to set your mail system to check all accounts at regular intervals anyway if you prefer (in Outlook for instance) | No |
| U | MailCleaner | MAILCLEANER.EXE | MailCleaner "protect your computer from viruses sent to your machine via the popular e-Mail reader Incredimail. In addition the program will check all incoming files downloaded by Internet Explorer, Netscape Navigator, ICQ and iMesh". Not recommended as it bundles GAIN adware. Please note that Claria Corporation no longer support GAIN-Supported software - see here | No |
| X | mailman.exe | mailman.exe | Added by the CERTIF-E TROJAN! | No |
| Y | MailScan Dispatcher | Launch.exe | MicroWorld MailScan Dispatcher splits each e-mail message into various components such as the header, body and attachment. Compressed formats (ZIP, ARJ, etc.) are scanned for viruses and cleaned | No |
| X | MailSkinner | mailskinner.exe | MailSkinner - an application by Electronic Group , notorious for its premium rate "drive by" installed adult content dialers (see here) | No |
| X | Mail_Check | Mail_Check.exe | Added by the PANOIL.C WORM! | No |
| U | MAIN | main.exe | SpyCop surveillance software detection - checks to see when your machine was last scanned and if it was more than a week asks if you want to scan | No |
| ? | Main Executable (HP) | HP05T0R5.exe | HP (Hewlett-Packard) related. Maybe related to printers. Now - what does it do? | No |
| X | main16 | main16.exe | Added by the CRYPTER.A TROJAN! | No |
| X | main32 | main32.exe | Added by the CRYPTER.A TROJAN! | No |
| X | MainStart | svcmfte32.exe | Added by the STINX-A TROJAN! | No |
| X | mainviewex | mainviewex.exe | Added by the GEMA.D TROJAN! | No |
| X | main_module | drvmmx32.exe | Added by the DILA TROJAN! | No |
| X | Major Microsoft Windows Driver Boot loader | bpool.exe | Added by the MYTOB.AJ WORM! | No |
| U | Malware Sweeper | MalSwep.exe | Malware Sweeper - "Protects the user from malicious malware and monitors the sanity of the running programs" | No |
| X | Malware-Wipe | Malware-Wipe.exe | Malware remover - not recommended, see here | No |
| X | Malware-Wiped | Malware-Wiped.exe | Malware remover - not recommended, see here | No |
| X | MalwareAlarm | MalwareAlarm.exe | MalwareAlarm malware remover - not recommended, see here | No |
| X | MalwareBot | MalwareBot.exe | MalwareBot spyware remover - not recommended, see here | No |
| X | MalwareCrush | MalwareCrush.exe | MalwareCrush spyware remover - not recommended, see here | No |
| X | MalwareStopper | MalwareStopper.exe | MalwareStopper malware remover - not recommended, see here | No |
| X | MalwareWipe | MalwareWipe.exe | MalwareWipe malware remover - not recommended, see here | No |
| X | MalwareWiped | MalwareWiped.exe | MalwareWiped malware remover - not recommended, see here | No |
| X | MalwareWiper | MalwareWiper.exe | MalwareWiper malware remover - not recommended, see here | No |
| Y | Mamutu Guard | mamutu.exe | Mamutu from Emsi Software - behaviour based protection that "recognizes new and unknown Trojans, Worms and Viruses (Zero-Day attacks), without daily updates" | No |
| U | ManageDesk Lite | ManageDesk Lite.exe | ManageDesk Lite from Managebytes Desktop management software. Each desktop is a separate working space for you to use | No |
| X | ManageProtocolCtrl | csmsv.exe | Added by the LOOKSKY.B TROJAN! | No |
| X | manager | manager.exe | Detected by Kaspersky as the SMALL.CVT TROJAN! | No |
| U | Manager Monitor | monitor.exe | MindStorm AnalyzerPro from Secure Associates. "A security management tool for customers easy to manage report and analyze security events across heterogeneous security devices" | No |
| X | Managment Service | [random filename] | Added by the RBOT.BIS TROJAN! | No |
| N | Mania Win Restore | RESWIN.EXE | Pinball Mania for Windows from 21st Century Entertainment LTD (1995). Runs briefly at start-up then terminates. Available via Start -> Programs | No |
| X | manrotce | manrotce.exe | Added by unidentified malware | No |
| X | Mantis | [filename] | Added by the MANTIBE VIRUS! | No |
| X | MapEDC | MapEDC.exe | Added by the WaveRevenue-McBoo TROJAN! | No |
| X | MapiDrv | mpisvc.exe | Added by the MIPSIV TROJAN! | No |
| X | mapisvc32 | mapisvc32.exe | Added by the KX VIRUS and also recognised by Symantec as FPAI adware | No |
| X | mark the service | xxtra32.exe | Added by the SDBOT.APP WORM! | No |
| X | Martini | pinmart.exe | Added by a variant of the SDBOT WORM! | No |
| X | Mascro soft SDK updates2 | SDKrepair2.exe | Added by the SDBOT.BXM WORM! | No |
| X | maskrider | maskrider2001.vbs | Added by the SOLOW-G WORM! | No |
| U | masqform.exe | masqform.exe | PureEdge Viewer - provides automation framework to manage and deploy XML forms-based processes for e-business and e-government systems. PureEdge was taken over by IBM (see here) and the product became Workplace Forms | No |
| N | Mass storage check registry | rundll32.exe MSDServ.dll, check registry | Used with a USB based smartmedia card reader | No |
| X | Master | svcghost.exe | Added by the IRCBOT.RB TROJAN! | No |
| X | Master Card Updaate 32 | Mastercard32.exe | Added by a variant of the RBOT WORM! | No |
| U | Master Volume Spy | MASTERVOLUMESPY.EXE | Volume control for the Gateway Destination "DestiVu" media interface | No |
| X | MasterBoot Switch | popupkill.exe | Added by a variant of the RBOT WORM! | No |
| U | Matador | mlfbuddy.exe | MailFrontier - anti-spam application | No |
| U | Matador | mantispm.exe | MailFrontier Desktop (Matador) email spam blocker software | No |
| U | Matrix Screen Locker | matrix.exe | Matrix Screen Locker is a system tray application that allows for quick and secure PC lock when you wish. The screen does a "matrix style" scrolling characters effect when the lock is running | No |
| X | MatrixScreen | [filename] | Added by the MATRIXSCREEN TROJAN! | No |
| X | MatrixScreenSaver | mss.exe | Unidentified malware | No |
| N | Matrox Color Control | hgcctl95.exe | For Matrox video cards. Quick access to changing colors | No |
| N | Matrox Control Center | mgactrl.exe | For Matrox video cards. Quick access to settings | No |
| N | Matrox Diagnostic | mgadiag.exe | For Matrox video cards. Quick access to diagnostics | No |
| N | Matrox Powerdesk | PDesk.exe | "Matrox PowerDesk software provides extra multi-display desktop management controls" | No |
| N | Matrox PowerDesk 8 | matrox.powerdesk.exe | "Matrox PowerDesk software provides extra multi-display desktop management controls" | No |
| N | Matrox QuickDesk | mgaqdesk.exe | For Matrox video cards. Quick access to tweak your card to your liking | No |
| X | MAV_check | mav_startupmon.exe | WinAntiVirus Pro 2007 misleading virus software - not recommended, see here | No |
| X | MaxAlerts | max.exe | Bonzi MaxALERT - spyware | No |
| U | MaxBackSchedule | maxbackservice.exe | Backup scheduler for the Maxtor (now Seagate) range of external hard drives - part of Maxtor Quick Start | No |
| U | MaxBlastMonitor | MaxBlastMonitor.exe | Maxblast hard drive utility for Maxtor (Seagate) drives | No |
| Y | MaxtorCombo | ComboButton.exe | Required to be able to use the Maxtor OneTouch button on your external Maxtor harddrive. It is used to start up backup software (Retrospect) | No |
| U | MaxtorOneTouch | OneTouch.exe | Maxtor OneTouch Hard Drives/OneTouch Family hard disk backup software | No |
| U | MaxtorReg | AUTOREG.EXE | Part of SYSagent - small utility for retrieving all the hardware and software information required by anyone administering a machine and/or the network it's a part of | No |
| Y | MayaPan | MayaPan.Exe | Audiotrak Maya soundcard driver | No |
| X | mb2np | [random filename] | Added by the IRCBOT.TJ WORM! | No |
| X | MbarInstall | [random filename] | Detected by PCTools as Mirar adware. See here | No |
| U | MBkLogOnHook | LogOnHook.exe | Related to McAfee Backup from Network Associates | No |
| U | MBM 4 | MBM4.exe | Motherboard Monitor 4 - only needed if you overclock your system and want to keep a check on system temperatures/voltages/etc. Available via Start -> Programs | No |
| U | MBM 5 | MBM5.exe | Motherboard Monitor 5 - only needed if you overclock your system and want to keep a check on system temperatures/voltages/etc. Available via Start -> Programs | No |
| ? | MBMon | Rundll32 CTMBHA.DLL, MBMon | Creative Filter AudioControlMB Module - related to the Creative Audigy line of sound cards. What does it do and is it required? | No |
| U | MBNet | mbnet.exe | MBNet (Portugal) Credit Card Processing software | No |
| U | MBProbe | mbrpobe.exe | MBProbe - only needed if you overclock your system and want to keep a check on system temperatures/voltages/etc. Available via Start -> Programs | No |
| U | mbssm32 | mbssm32.exe | Reported as Micro Bill Systems foistware - but not according to the company themselves, see here | No |
| X | mbssm32 | monstu.exe | Detected by AVG as the AGENT.CNM TROJAN - see here | No |
| X | MC | wintrims.exe | Added by the WINTRIM TROJAN! | No |
| X | MC | MAGICON.EXE | Added by the MAGICON.A TROJAN! | No |
| X | MC | N/A | Added by the SIMCSS TROJAN! | No |
| X | MC | WINTRIM.EXE | Added by the WINTRIM.A TROJAN! | No |
| X | McAfee | McAffeAv.exe | Added by the NETSKY.AL WORM! | No |
| X | mcafee | Win32.dll.vbs | Added by the CATCHER-B WORM! | No |
| X | Mcafee Anti Scan | NortonScn.exe | Added by a variant of the RBOT WORM! | No |
| X | McAfee Antivirus | McAfeeAV.exe | Added by a variant of the RBOT WORM! | No |
| X | Mcafee Antivirus Monitoring System326 | VSStatmn326.exe | Added by a variant of the SDBOT WORM! | No |
| X | Mcafee Antivirus Monitoring System32mn | VSStatmn32.exe | Added by a variant of the RBOT WORM! | No |
| X | McAfee Antivirus Protection | mcafeeAV.exe | Added by a variant of the RBOT WORM! | No |
| X | Mcafee Auto Protect | mcafeshield.exe | Added by the RBOT-UH WORM! | No |
| U | McAfee Backup | McAfeeDataBackup.exe | McAfee Backup from Networks Associates | No |
| Y | McAfee Desktop Firewall Tray | FireTray.exe | McAfee Desktop Firewall | No |
| Y | McAfee Firewall | CPD.EXE | Firewall bundled with McAfee VirusScan 6.*. Can also be listed as CPD_EXE | No |
| N | McAfee Guardian | CMGRDIAN.EXE | McAfee's QuickClean, an offline version of the one in their online Clinic. Normally run offline and not needed. Incidentally, incorporates more cleanup programs than the likes of WinOptimizer and System Mechanic | No |
| X | McAfee Online virus Scanner | avp.exe | Added by the RBOT-GCV WORM! Not to be confused with Kaspersky anti-virus and AOL's Active Virus Shield (by Kaspersky) - found in either a Kaspersky or AOL sub-directory | No |
| X | McAfee Online Virus Scanner | nzm.exe | Detected by Trend Micro as the IRCBOT.XV TROJAN! See here | No |
| N | McAfee QuickClean Imonitor | Plguni.exe | McAfee QuickClean 3.0 - removes internet clutter and unwanted programs | No |
| X | mcafee Software Intrenet | mcafee.exe | Added by the RBOT-ATR WORM! Note - this is not a valid McAfee program | No |
| X | McAfee Windows Protection | mcafee32.exe | Added by a variant of the SPYBOT WORM! | No |
| N | McAfee Winguage | ?? | Part of McAfee Nuts & Bolts. "WinGuage is a dynamic reporting tool that constantly monitors your use of Windows and your applications, to alert you to potential problems before they become serious". Resource hog. Available via Start -> Programs | No |
| U | McAfee.InstantUpdate.Monitor | RuLaunch.exe | Instant Updater for McAfee's VirusScan, Internet Security, Quick Clean, Uninstaller and Firewall products. In the case of VirusScan leave it enabled unless you update manually on a regular basis | No |
| Y | McAfeeFireTray | Firetray.exe | McAfee Desktop Firewall | No |
| X | McAfeeScanPlus | McAfeeScanPlus.exe | Added by the MEPCOD TROJAN! This trojan file does not belong to any McAfee Antivirus Software and is found in the Windows or Winnt folder | No |
| Y | McAfeeUpdaterUI | UpdaterUI.exe | McAfee common updater user interface | No |
| Y | McAfeeVirusScanService | Avsynmgr.exe | From McAfee VirusScan version 5.x. Runs VirusScan System Tray (Vsstat.exe), WebScanX (Webscanx.exe), VirusScan System Scan (Vshwin32.exe) and VirusScan Console (Avconsol.exe) under one application | No |
| Y | McAfeeWebscanX | WebScanX.exe | From McAfee VirusScan up to version 4.x. Provides functionality for VShield Download Scan and Internet Filter modules. Enables internet scanning. Guards against malicious ActiveX programs, etc | No |
| X | Mcaffe Antivirus | Mcafeescn.exe | Added by a variant of the SPYBOT WORM! | No |
| X | MCAFFE FLD LOADER | MCAFFEFLD.EXE | Added by the RBOT-PY WORM! | No |
| X | Mcaffee | mcsheild.exe | Added by the RBOT-FDP WORM! | No |
| U | McAgentExe | mcagent.exe | From McAfee VirusScan On-line. The Agent is a red M icon that appears in the Windows system tray or Notification Area (if you're running Windows XP). If you don't see the agent icon, VirusScan Online may not be installed | No |
| Y | Mcappins.exe | mcappins.exe | Used by McAfee Virusscan to perform product updates. When updates are available the program will download and install them automatically. Recommended to leave enabled | No |
| X | mceipww | [8 random letters].exe | Detected by Kaspersky as the ZHELATIN.EQ WORM! See here | No |
| N | MChanger | MChanger.exe | Media Changer - utility that allows you to change wallpapers, sounds, themes, etc | No |
| U | MCI USB Icon | USBIcon.exe | MCI USB software used for managing a USB card reader | No |
| N | McLogLch_exe | McLogLch.exe | Related to McAfee security suite. This is a non-essential program, but should not be disabled unless suspected to be causing problems | No |
| X | MCM3 | mcm3.exe | ShopAtHome/SAHagent adware variant | No |
| ? | McRegWiz | mcregwiz.exe | McAfee antivirus related. What does it do and is it required? | No |
| X | Mcrosoftr Update | Mcrosoftr.exe | Added by a variant of the RBOT WORM! | No |
| Y | McShld9x | mcshld9x.exe | Part of McAfee's Virusscan Online. Must be enabled for scanning to work | No |
| Y | MCTskShd | mctskshd.exe | Part of McAfee SecurityCenter. Runs in the background controlling critcal updates and control antivirus related actions. This program is important for the stable and secure running of your computer | No |
| U | McUpdateExe | mcupdate.exe | From McAfee VirusScan On-line. Automatically updates your virus definitions. Leave enabled unless you regularly update these definitions | No |
| Y | McVsRte | mcvsrte.exe | Part of McAfee's SecurityCenter. Must remain checked but one user reports Windows glitches with no response from McAfee as to why | No |
| Y | mcvsshld | mcvsshld.exe | McAfee VirusScan On-line. See also the McAgentExe entry | No |
| X | MCX Update | wisp.exe | Added by the RBOT-AQH WORM! | No |
| X | MCX Updte | scorti.exe | Added by the RBOT-ARP WORM! | No |
| X | MD IE Plugin | md.exe | Marketdart spyware | No |
| X | MD IE Plugin | winy.exe | Adware | No |
| N | mdac_runonce | runonce.exe | Associated with MS Data Access Components (MDAC). Sometimes left over after installation - not required. NOTE :- don't delete "runonce.exe". | No |
| U | MDDiskProtect | MDDiskProtect.exe | Part of MacDrive 6 CrossStripe Edition from Mediafour Corporation - "a perfect way to share files between Mac OS and Windows." Unlike the standard version of MacDrive 7, this version is not Vista compatible but does "include support for striped Mac arrays created with ATTO ExpressStripe software." | No |
| U | MDDiskProtect.exe | MDDiskProtect.exe | Part of MacDrive 6 CrossStripe Edition from Mediafour Corporation - "a perfect way to share files between Mac OS and Windows." Unlike the standard version of MacDrive 7, this version is not Vista compatible but does "include support for striped Mac arrays created with ATTO ExpressStripe software." | No |
| X | mdetect | [path to trojan] | Added by the SPABOT TROJAN! | No |
| U | MDGetStarted | MDGetStarted.exe | MacDrive 7 from Mediafour Corporation - "enables anyone using Windows Vista, XP, and 2003 Server to seamlessly access Mac disks (HFS/HFS+) of all types, including CDs, DVDs, hard drives, floppy, Zip, Jaz, and more!" | No |
| U | MDGetStarted.exe | MDGetStarted.exe | MacDrive 7 from Mediafour Corporation - "enables anyone using Windows Vista, XP, and 2003 Server to seamlessly access Mac disks (HFS/HFS+) of all types, including CDs, DVDs, hard drives, floppy, Zip, Jaz, and more!" | No |
| X | Mdm | Mdm.vbs | Added by the WHITEHO VIRUS or TRAPPY WORM! | No |
| X | mdm | mdm.exe | Added by the LYDRA-F TROJAN! Note - this is not the legitimate Machine Debug Manager (mdm.exe) process which is always located in %ProgramFiles%\Microsoft Shared. This one is located in %Windir% | No |
| U | MDM7 | mdm.exe | Used by developers for debugging. Those who have encountered it have unchecked it with no degradation in performance. May cause your computer to "hang" if you have MS Visual Studio installed and this disabled because it appears to take over error handling - hence the U recommendatioon. Can also be listed as Machine Debug Manager. See here to disable | No |
| X | Mdmdll | mdmdll.exe | Added by the CRYPTER TROJAN! | No |
| X | Mdmdll32 | mdmdll32.exe | Added by a variant of the CRYPTER.C TROJAN! | No |
| X | MDN | MDNS.exe | Added by the SPYBOT.JPB WORM! | No |
| X | MDN | MDNZ.exe | Added by the RBOT.AQD WORM! | No |
| X | MDN | MDN.exe | Added by the RBOT.AOA WORM! | No |
| X | MDNS | service.exe | Mirar adware variant | No |
| X | mds.exe | mds.exe | Added by the MADS-A TROJAN! | No |
| X | MDSA Sentinel X | smss.exe | SentinelX spyware. Note - SentinelX is spyware that logs keystrokes. It also monitors and records Web sites visited and applications used. The risk can capture periodic screen shots and may be configured so as to block access to specific Web sites and chat rooms, must be manually installed. Note - this is not the legitimate smss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "MDSA Software" subfolder of the Program Files folder | No |
| X | mdwmdmsp | mdwmdmsp.exe | Adware - detected by Kaspersky as the AGENT.AM TROJAN! | No |
| N | MECA | Meca.exe | Meca cross-platform communications technology, branded messengers will connect with AOL, MSN, Yahoo!, and ICQ users | No |
| X | MedGS | MEDGS1.exe | PacerD_Media/Pacimedia.com adware | No |
| X | Media Access | MediaAccK.exe | WindUpdates MediaPass adware | No |
| X | Media Adapter | bitblt.exe | Added by the HANSAH-A WORM! | No |
| U | Media Card Companion Monitor | MCC Monitor.exe | Monitor for Media Card Companion from ArcSoft. "Automates the tedious processes associated with downloading and sharing files from digital cameras, card readers, and other removable media" | No |
| U | Media Codec Update Service | update.exe | Windows Essentials Codec Pack 1.0 is a collection of the most commonly needed video and audio codecs. This program allows keeps these codecs updated | No |
| X | Media Gateway | MediaGateway.exe | WindUpdates MediaPass adware | No |
| X | Media Load | msn32.exe | Added by a unidentified WORM or TROJAN! | No |
| U | Media Manager Indexer | AIRSVCU.EXE | Part of MS Visual InterDev, Media Manager is an easy media file management system that works in conjunction with Windows Explorer. The Media Manager Indexer is a program that indexes all the information about your media files and puts it into a database | No |
| X | Media Pass | MediaPassK.exe | WindUpdates MediaPass adware | No |
| X | Media Pass | MediaPass.exe | WindUpdates MediaPass adware | No |
| X | Media Player | media.exe | Added by the FLDMEDIA-A TROJAN! | No |
| X | Media Player | wmplayer.exe | Added by the AGOBOT-BM WORM! | No |
| X | Media Player | Sysdll.exe | Added by the BANKER-BR TROJAN! | No |
| X | Media Player | Sysnet.exe | BANKER.MW spyware | No |
| X | Media Player Update | xpsp1mfh.exe | Added by a variant of the RBOT WORM! | No |
| X | Media Plug x.1.2 | msdm.exe | Added by the MULDROP.352 VIRUS! | No |
| X | Media Server | msdts.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | Media Service | msn64.exe | Added by the SPYBOT.EV WORM! | No |
| X | Media service | msnmsgxr.exe | Added by the SDBOT.TF WORM! | No |
| X | Media service | SYSTEM64.EXE | Added by the RBOT.QV WORM! | No |
| X | Media service | notpad.exe | Added by a variant of the AGOBOT/GAOBOT WORM! | No |
| X | Media Software UPdater | sscs.exe | Added by the RBOT-ABE WORM! | No |
| X | Media Transfer Protocals | msstc.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | Media X Services | MSNGRx.exe | Added by the RBOT.AUL WORM! | No |
| X | Media-XP-Service-Pack3 | msnzx.exe | Added by the SDBOT-ACW WORM! | No |
| X | MEDIA32 | [path to trojan] | Added by the PURSCAN-Z TROJAN! | No |
| U | MediaButtons | MediaButtons.exe | Supports the eject button on the front on the Dell Studio Hybrid desktop. If disabled, the user will have to eject the CD/DVD by opening My Computer, right-clicking on the drive and selecting "Eject" from the available options | No |
| N | MediaFace Integration | Sethook.exe | Fellowes Neato? cd label design software. "Launch NEATO's MediaFACE II label making software directly from the productname toolbar" | No |
| U | Mediafour Mac Volume Notifications | MACVNTFY.EXE | Part of MacDrive 6 CrossStripe Edition from Mediafour Corporation - "a perfect way to share files between Mac OS and Windows." Unlike the standard version of MacDrive 7, this version is not Vista compatible but does "include support for striped Mac arrays created with ATTO ExpressStripe software." | No |
| U | Mediafour MacDrive | MacDrive.exe | MacDrive 7 & MacDrive 6 CrossStripe Edition from Mediafour Corporation - "a perfect way to share files between Mac OS and Windows." Version 6 is not Vista compatible but doesn "include support for striped Mac arrays created with ATTO ExpressStripe software." | No |
| U | Mediafour MacDrive | MDDiskProtect.exe | Part of MacDrive 6 CrossStripe Edition from Mediafour Corporation - "a perfect way to share files between Mac OS and Windows." Unlike the standard version of MacDrive 7, this version is not Vista compatible but does "include support for striped Mac arrays created with ATTO ExpressStripe software." | No |
| U | Mediafour MacDrive | MDGetStarted.exe | MacDrive 7 from Mediafour Corporation - "enables anyone using Windows Vista, XP, and 2003 Server to seamlessly access Mac disks (HFS/HFS+) of all types, including CDs, DVDs, hard drives, floppy, Zip, Jaz, and more!" | No |
| U | Mediafour XPlay Tray Notification Icon | Xptryicn.exe | Mediafour Xplay - allows you to use an Apple iPod digital music player with a PC running Windows. If not used regularily start manually before connecting the iPod | No |
| U | Mediafour XPlay Tray Notification Icon | Xptryicn.exe | Xplay 2 from Mediafour Corporation - "expands what you can do with any iPod, including the iPhone and touch, and a Windows computer." No longer supported | No |
| U | MediafourGettingStartedWithMacDrive6 | MacDrive.exe | MacDrive 6 CrossStripe Edition from Mediafour Corporation - "a perfect way to share files between Mac OS and Windows." Unlike the standard version of MacDrive 7, this version is not Vista compatible but does "include support for striped Mac arrays created with ATTO ExpressStripe software." | No |
| U | MediaKey | MediaKey.exe | Multimedia keyboard manager. Required if you use the multimedia keys | No |
| U | MediaLifeService | MediaLifeService.exe | Related to MediaPlay Cordless Mouse from Logitech | No |
| X | MediaLoads | dw.exe | Medialoads adware | No |
| X | MediaLoads Installer | dw.exe | Medialoads adware | No |
| N | MediaMonitor | Mediam~1.exe | Installed by Smartdisk MVP CD burning software. Software will work fine without it | No |
| X | mediamotor.exe | mmups.exe | Added by the AGENT-BY TROJAN! | No |
| X | MediaPath | Proyecto1.exe | Added by the GRUEL WORM! | No |
| X | MediaPath | Root.exe | Added by the GRUEL WORM! | No |
| X | MediaPipe P2P Loader | mpp2pl.exe | MediaPipe peer-to-peer file swapping program also reported as a hijacker | No |
| X | mediapluscash.exe | mediapluscash.exe | MediaGateway adware | No |
| N | MediaRing Talk | mrtalk.exe | Media Ring Talk, voice recognition software, Resource hog. Available via Start -> Programs | No |
| X | MediaXPServicePack | mxpsp.exe | Added by the SDBOT.CDT WORM! | No |
| X | media_manager | mediaman.exe | Mini-Player, IMESH related foistware | No |
| X | media_stub | stub.exe | Mini-Player, IMESH related foistware | No |
| U | MEDIC | sprtcmd.exe /P MEDIC | Self-help support tool for an unidentified high-speed internet provider (provided by SupportSoft, Inc). Identifies and automatically fixes typical problems that may occur with your high-speed internet service | No |
| X | Medichi | medichi.exe | Added by the VIRANTIX.B TROJAN! | No |
| X | Medichi2 | medichi2.exe | Added by the VIRANTIX.B TROJAN! | No |
| ? | MedionVFD | MdionLCM.exe | Related to Medion Display Information. What does it do and is it required? | No |
| X | Meeting Connection | comsutil.exe | Added by the PPDOOR-E TROJAN! | No |
| X | Meeting Connection | wowdache.exe | Added by the PPDOOR-D TROJAN! | No |
| X | Meeting Connection | hgakdl32.exe | Looks like a variant of the PPDOOR-E TROJAN! | No |
| U | MegaPanel | HSTrans.exe | Homescan Internet Transporter - part of ACNielson Homescan. Recognizes when the ACNielsen Homescan Scanner is attached to the computer and allows it to transmit scanner information to ACNielsen | No |
| ? | meidntpa | vqgdpfrs.exe | ?? | No |
| X | melg34 | mdmd.exe | Added by an unidentified WORM or TROJAN - see here | No |
| X | melg3445 | mdmdd.exe | Added by a variant of the RBOT WORM! | No |
| X | mem32 | mem32.exe | Added by the AGENT-FWF WORM! | No |
| X | Members area | ******.exe [* = random digit] | Premium rate adult content dialer | No |
| X | MemConfig | SetupIE.com | Added by the TAPLAK WORM! | No |
| N | Memento | Memento.exe | Memento - simple app to keep text notes on your desktop | No |
| U | MemMonster | memmnstr.exe | MemMonster - memory optimizer. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mind | No |
| U | MemoKit | MK.EXE | Memory optimizer. It loads from startup group and it goes off as soon as the program (memokit.exe) is loaded in the System Tray. Mk.exe does not run while the memokit.exe is running. Probably loads a flash screen at startup and shutdown that stays on screen less than 5 seconds and gives you a button to push to purchase the full version. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mind | No |
| X | memory | outlookrem.exe | Added by the NOPIR.C WORM! | No |
| X | Memory Allocation Host | cihost.exe | Detected by Avast as a variant of the IRCBOT-CHZ WORM! | No |
| X | Memory Allocation Server | ciserv.exe | Added by an unidentified malware | No |
| X | Memory Allocation Services | cisrv.exe | Detected by Trend Micro as the IRCBOT.FC TROJAN! See here | No |
| X | Memory Check | memore.exe | Added by the KILLAV.C TROJAN! | No |
| X | Memory manager | himem32.exe | Added by the MANCSYN TROJAN! | No |
| X | Memory Manager | memorymanager.pif | Added by the DELF-JJ TROJAN! | No |
| X | Memory relocation service | reloc32.exe | Added by the RELFEERWORM! | No |
| X | Memory Service | freememory.exe | Added by the RBOT.GEN WORM! | No |
| N | Memory Stick Monitor | MSTAT.exe | Used with the Sony floppy disk adapter for memory sticks, showing if there is a stick in the computer | No |
| U | Memory Stick Monitor | MSstat.exe | Sony/SmartDisk memorystick-floppydisk-adapter software - allows you to read memorysticks in a normal floppydrive | No |
| X | Memory Watcher | MemoryWatcher.exe | MemoryWatcher spyware | No |
| U | Memory+ | tfimemsr.exe | Memory optimizer. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mind | No |
| U | MemoryBoost | MemoryBoost.exe | MemoryBoost - memory optimizing program made by Tenebril Inc. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/ME. See this article and make up your own mind | No |
| U | MemoryCardManager | MemCard.exe | Memory Card Manager - for removable memory cards found on Dell or Lexmark photo printers | No |
| X | MemoryManager | [random name].dll | Virtumondo adware related | No |
| X | MemoryMeter | MemoryMeter.exe | MemoryMeter - bundled with TVMedia adware | No |
| U | MemoryZipperPlus | memzip.exe | Memory Zipper Plus - "optimizes the memory management of your system and boost-up its performance amazingly!" | No |
| X | memreader.exe | memreader.exe | Added by the AGOBOT-TY WORM! | No |
| X | MEMreaload | MEMreaload.exe | Added by the LAZAR TROJAN! | No |
| X | MemScanner | MemScanner.exe | Part of Enigma SpyHunter - not recommended, see note | No |
| U | MemTurbo | memturbo.exe | MemTurbo memory optimizer. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mind | No |
| N | MenuSnap | MenuSnap.exe | MenuSnap from Rietta Solutions. Utility that re-orders your Start Menu items alphabetically. You may not want this utility if you're able to do this manually by selecting Start -> Programs and right-clicking and choosing "Sort by Name" if availabe | No |
| N | Mercora | MercoraClient.exe | Mercora MusicSearch "Search, find and listen to music on the world's largest jukebox, built by people just like you". Note - if you subscribe make sure you read the Privacy Policy | No |
| X | Message Queuing | msmqs.exe | Added by the FREEFORS TROJAN! | No |
| N | MessagerStarter Freeserve | StartMessager.exe | Freeserve Messenger | No |
| U | Message_Blocker | messageblock.exe | Message Blocker - "prevents Outlook Express from loading images or other content from the internet without confirmation, as well as executing scripts when displaying a formatted email message" | No |
| X | Messanger | trillian.exe | Added by the RBOT.CKI WORM! | No |
| X | Messanger | deamon.exe | Added by the TACTSLAY.C TROJAN! | No |
| X | Messanger | msgaol.exe | Added by the TACTSLAY.C TROJAN! | No |
| X | Messanger | s_menu.exe | Added by the TACTSLAY.C TROJAN! | No |
| X | Messanger | browse.exe | Added by the TACTSLAY.C TROJAN! | No |
| X | Messenger | messenger.exe | Added by the KUTEX TROJAN! | No |
| X | Messenger | ntsubsys.exe | Added by the SDBOT.BGE WORM! | No |
| X | Messenger | Wmsngr.exe | Added by a variant of the RBOT WORM! | No |
| Y | Messenger | SCANMSG.EXE | AntiVirus Quick Heal - virus protection | No |
| N | Messenger | msnmsgr.exe | MSN Messenger (now superseded by Windows Live Messenger) utility. If you don't use MSN Messenger, this can be annoying. Available via the Start menu. Go to MS Messenger → Tools → Options → General → deselect "Automatically run Messenger when I log on to Windows" | Yes |
| X | Messenger Block | msngrblock.exe | Added by the PATOO WORM! | No |
| X | Messenger Journel | usnsvc.exe | Detected by Trend Micro as the RBOT.FKT WORM! See here | No |
| X | Messenger Protocol | netsender.exe | Added by the SDBOT-ACC WORM! | No |
| X | Messenger Service | msmsgs.exe | Added by the SDBOT-ZB WORM! | No |
| X | Messenger Service | nvhost.exe | Added by the JLOK-A WORM! | No |
| X | Messenger Service Updater | svshost.exe | Added by the MYTOB.GC WORM! | No |
| X | Messenger Sharing Control | mnwsvc.exe | Added by a variant of the IRCBOT TROJAN! See here | No |
| X | Messenger start-up | Msgran.exe | Added by the GRAMOS WORM! | No |
| X | Messenger6 | command.pif | Added by the INZAE.B WORM! | No |
| U | MessengerDiscovery | MessengerDiscovery.exe | MessengerDiscovery is a MSN Messenger add-on - adding over 70 new features. Now superseded by MessengerDiscovery Live - with support added for Windows Live | No |
| N | MessengerPlus | MsgPlus.exe | MessengerPlus - third party MSN Messenger extension that adds a number of useful features. Bundles the hard to remove C2Media LOP adware. The software does offer you a choice during setup - make sure to install MessengerPlus WITHOUT that "sponsor program"! | No |
| N | MessengerPlus2 | MsgPlus.exe | MessengerPlus - third party MSN Messenger extension that adds a number of useful features. Bundles the hard to remove C2Media LOP adware. The software does offer you a choice during setup - make sure to install MessengerPlus WITHOUT that "sponsor program"! | No |
| N | MessengerPlus3 | MsgPlus.exe | MessengerPlus - third party MSN Messenger extension that adds a number of useful features. Bundles the hard to remove C2Media LOP adware. The software does offer you a choice during setup - make sure to install MessengerPlus WITHOUT that "sponsor program"! | No |
| X | messengerskinner | MessengerSkinner.exe | Messenger Skinner malware - uses a rootkit to hide executable files | No |
| X | messnger | [worm filename] | Added by the DELODER WORM! | No |
| X | messnger | Dvldr32.exe | Added by the DELODER.A WORM! | No |
| N | Metacafe | MetacafeAgent.exe | Metacafe - video sharing on the web. Note - if you subscribe make sure you read the Privacy Policy | No |
| X | MeTaLRoCk (irc.musirc.com) has sex with printers | metalrock-is-gay.exe | Added by the RANDEX.Q WORM! | No |
| X | MeuPrograma | accwizz.exe | Added by the RULAND.A WORM! | No |
| X | Mfc**.exe [* = random char] | Mfc**.exe [* = random char] | CoolWebSearch/HomeSearch adware - for examples, see this log | No |
| X | Mfc**32.exe [* = random char] | Mfc**32.exe [* = random char] | CoolWebSearch/HomeSearch adware - for examples, see this log | No |
| ? | mfgboot | ?? | ?? | No |
| X | mfhsornwnduy | regsvr32.exe gisyflngpshcvuakv.dll | Pro AntiSpyware 2009 rogue spyware remover - not recommended, removal instructions here | No |
| X | mFilter | MNeck.exe | Added by the CLICKER-AG TROJAN! | No |
| X | mfin32 | mfin32.exe | MyFreeInternetUpdate - adware downloader | No |
| Y | MFP Server Agent | MFPAgent.exe | Multi Function Printer (MFP) Server Agent for Belkin's Wirless G All-in-One Print Server and ZyXEL's NPS-520 | No |
| ? | MGA Hook | Mgahook.exe | MATROX Graphics card related. What does it do and is it required? | No |
| N | MGA Quickdesk | MGAQDESK.EXE | For Matrox video cards. Quick access to tweak your card to your liking | No |
| U | Mgabg | Mgabg.exe | Matrox BIOS Guard - monitors a Matrox card's BIOS, and will reflash it when needed. Cards like the G400 have a nasty habit of losing their BIOS, especially on poor power supplies. If you make an emergency BIOS disk with the utility in their BIOS package, you can disable Mgabg.exe and just use the crash disk if/when needed | No |
| Y | mgavctrl | mgavrtcl.exe | McAfee's Virus Scan Online | No |
| Y | mgavctrl | mgavrte.exe | McAfee's Virus Scan Online | No |
| Y | mgavrtclexe | mgavrtcl.exe | McAfee's Virus Scan Online | No |
| Y | mgavrtclexe | mgavrte.exe | McAfee's Virus Scan Online | No |
| N | MGA_CD_Install | mgasetup.exe | Matrox Millennium video driver. Not required once drivers installed | No |
| X | mgmtapi | mgmtapi.exe | Unidentified malware | No |
| X | MHDOGStart | mhdogst.EXE | Added by an unidentified VIRUS, WORM or TROJAN! A possibility is a trojan known as PENIS | No |
| N | MHINIT | MHINIT.EXE | Part of the Cybermedia Clean Sweep package | No |
| X | mhs3 | mhs3.exe | Added by the PWS-ALZ TROJAN! | No |
| X | Mi7sft sdce | b0yz.exe | Added by the RBOT.CWG WORM! | No |
| X | Mi7sft sdce | MNSQ.exe | Added by the RBOT.DMU WORM! | No |
| X | Mi7sft sdce | scorti.exe | Added by the RBOT.ELC WORM! | No |
| X | Mickey Mouse Cereal | [random filename].exe | Added by the RANKY.Q TROJAN! | No |
| X | Micosoft Data Core | runservice.exe | Added by the IRCBOT.BK WORM! | No |
| X | Micosoft Data Core stuff | svshosts.exe | Added by the RBOT.FZA WORM! | No |
| X | Micosoft Startup | syscall.exe | Added by the SDBOT-JI WORM! | No |
| X | Micr Update | soundblaster.exe | Added by the SDBOT.NP WORM! | No |
| X | Micr Update System | upwin.exe | Added by the SDBOT.YS WORM! | No |
| X | Micr0s0ft Ms D0s | msdx.exe | Added by the RBOT-AON WORM! | No |
| X | Micr0s0ft Upd4t4z | svchost32.exe | Added by the RBOT.ALF WORM! | No |
| X | Micrcoft Exploerer | spoolsal.exe | Added by the RBOT-AKK WORM! | No |
| X | Micrcoft Exploerer | svchose.exe | Added by the RBOT-ASL WORM! | No |
| X | Micrcoft Updat | spoolsae.exe | Added by the RBOT-AIB WORM! | No |
| X | Micrcoft Updat | spoolsaex.exe | Added by the RBOT-AJM WORM! | No |
| X | Micrcoft Updat | Internet.exe | Added by the RBOT-ANA WORM! | No |
| X | Micrcsoft Certificate Services | cflmon.exe | Added by the RBOT-FWV WORM! | No |
| X | Micro CRC Protocol | scrc32.exe | Added by a variant of the SDBOT WORM! | No |
| X | Micro Office | [path to trojan] | Added by the BANCBAN-QC TROJAN! | No |
| X | Micro Process | appconf.exe | Added by an unidentified WORM or TROJAN! | No |
| X | Micro Update | dailin.exe | Added by the RBOT-ER WORM! | No |
| N | Microangelo Desktop | Muamgr.exe | Using MicroAngelo On Display, you can easily select the icon images that you prefer rather than the default icons displayed by Windows. On Display provides a consistent and elegant method to customize the icon display for almost every icon on your system | No |
| N | microAttuneDownload | atmdlusr.exe | Application Launcher, MS Office application. USR (US Robotics) modem auto updater. May be a sub-set of Attune | No |
| U | MicroBrew | MicroBrew2.exe | Related to Bluebeam PDF printer support. Prints AutoCAD .dwgs to PDF's | No |
| X | MicroCQ0 | explorer.exe | Added by the LINEAGE-AK TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %ProgramFiles% | No |
| U | MicroDialler | atdialler1.exe | Part of the Freeserve Connection Kit - changes the dial-up for Freeserve AnyTime if access problems are encountered | No |
| X | MicroedSoft Toolbar | Smoked.exe | Added by the RBOT-ALN WORM! | No |
| X | Microfinder lptt01 | mcf.exe | RapidBlaster variant (in a "mcf" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here | No |
| X | Microfinder ml097e | mcf.exe | RapidBlaster variant (in a "mcf" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here | No |
| X | Microfot Update | winldx32.exe | Added by a variant of the RBOT WORM! | No |
| X | Microft Exploerer | spoolsac.exe | Added by the RBOT-AMD WORM! | No |
| X | Microft Update 32 | winssx.exe | Added by the RBOT-AQS WORM! | No |
| X | MicroLoad | [random filename] | Added by the DARBY WORM! | No |
| X | Micromedia Flash Update | wdfmrg.exe | Added by a variant of the SDBOT WORM! | No |
| X | Micromedia Flash Update | xptxt.exe | Added by the RBOT-GAB WORM! | No |
| X | Microoft Timing | pupdate.exe | Added by a variant of the RBOT WORM! | No |
| X | MICROSFT ANTIVIRUS UPDATE SUPPORT | [random 10-letter filename].EXE | Added by the RBOT-AQA WORM! | No |
| X | MICROSFT ANTIVIRUS UPDATE SUPPORT | MSGUPDATED.EXE | Added by the RBOT-APZ WORM! | No |
| X | Microsft Conf 32 | msaconf.exe | Added by the RBOT.EYA WORM! | No |
| X | Microsft Confige 32 | msaconfigurez.exe | Added by the RBOT.CLC WORM! | No |
| X | Microsft Corporation Version 2001.12.4414 | comrel.exe | Added by a variant of the SDBOT TROJAN! | No |
| X | Microsft Corporation Version 2002.12.2414 | comserv.exe | Added by a variant of the SLAPER TROJAN! | No |
| X | MICROSFT MX UPDATE SUPPORT | taskmngrs.exe | Added by the RBOT-AUZ WORM! | No |
| X | MICROSFT MX UPDATE SUPPORT | winmx32.EXE | Added by the IRCBOT-FD WORM! | No |
| X | MICROSFT RAMA UPDATE SUPPORT | [random filename] | Added by the RBOT-ASM or RBOT-AUW WORMS! | No |
| X | MICROSFT RAMA UPDATE SUPPORT | MSN32.EXE | Added by the RBOT-AWJ WORM! | No |
| X | MICROSFT RAMA UPDATE SUPPORT | mtakthmyn.EXE | Added by the RBOT-AUJ WORM! | No |
| X | Microsft Remote Procedure Daemon | msrpcd.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| X | Microsft Security Monitor Process | cmh.exe | Detected by Kaspersky as the EGGDROP.V BACKDOOR! See here | No |
| X | Microsft Security Monitor Process | mssmppp.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| X | Microsft Security Monitor Process | mssmpp.exe | Detected by Kaspersky as the VIRUT.B VIRUS! See here | No |
| X | Microsft Updtes | sarvice.exe | Added by a variant of the SDBOT WORM! | No |
| X | Microsft Upgraed | [random filename].exe | Added by a variant of the SDBOT WORM! | No |
| X | Microsft Windows Adapter 5.1.3013 | [random filename] | Detected by Kaspersky as the SMALL.HIT TROJAN! See here | No |
| X | microsft windows updates | mwupdate32.exe | Added by a variant of the TOXBOT/CODBOT WORM! | No |
| X | Microsof Value | nmatt.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsof Windows Host | svhost32.exe | Added by the RBOT.ADY WORM! | No |
| X | Microsof Winlog Host | wilogon32.exe | Added by the RBOT.XC WORM! | No |
| X | Microsofot x386 System Monitor | system32.exe | Added by the WOOTBOT.M WORM! | No |
| X | microsoft | svchost.exe | Added by the ASTEF or RESPAN WORMS! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup! | No |
| X | microsoft | microsoft.hta | HTA file which creates an executable on the hard drive which subsequently proceeds to download files from a malware site! | No |
| X | Microsoft | win32.exe | Added by the DARKMOON TROJAN! | No |
| X | Microsoft | iexplore.exe | Added by the QQROB-R TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System% | No |
| X | Microsoft | svchost.exe | Added by the ADUYO-A TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder | No |
| X | Microsoft | wuauclt.exe | Added by the QQROB-AAQ TROJAN! Note - this is not the legitimate wuauclt.exe process, which should not appear in Msconfig/Startup! | No |
| X | Microsoft | guard.exe | Added by a variant of the SDBOT WORM! | No |
| X | Microsoft | wcsntfy.exe | Added by the AGOBOT-AHT WORM! | No |
| X | Microsoft | ssmss.exe | Added by the RBOT-FZF WORM! | No |
| X | Microsoft | lsass.ppf | Added by the RBOT-GAA WORM! | No |
| X | Microsoft | msvchost.exe | Added by the RBOT-GAW WORM! | No |
| X | Microsoft | mixers.exe | Added by the AGOBOT-AHU WORM! | No |
| X | Microsoft | msmsger.exe | Added by a variant of the SDBOT WORM! | No |
| X | Microsoft | MSUPDATE.exe | Added by an unidentified WORM or TROJAN! | No |
| X | Microsoft | radnom.exe | Added by the RBOT-GHO WORM! | No |
| X | Microsoft | rtvcscan.exe | Added by the RBOT-GGU WORM! | No |
| X | Microsoft | taskbar.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft | updater.exe | Added by the RBOT-GHP WORM! | No |
| X | Microsoft | windl32.exe | Added by the SDBOT-DCZ WORM! | No |
| X | Microsoft | aim.exe | Added by the RBOT-GRY WORM! Note - this is not the popular AOL Instant Messenger utility | No |
| X | Microsoft | Explorerr.exe | Added by the IRCBOT-WG TROJAN! | No |
| X | Microsoft | kasperskyLive32.exe | Added by the RBOT-GRT WORM! | No |
| X | Microsoft | msngerf.exe | Added by the RBOT-GLW WORM! | No |
| X | Microsoft | netsrv.exe | Added by the RBOT-GOS WORM! | No |
| X | Microsoft | rundll.exe | Added by the RBOT-GSJ WORM! | No |
| X | Microsoft | WinSecUp.exe | Added by the RBOT-GPL WORM! | No |
| X | Microsoft | wsim32.exe | Added by the RBOT-GTL WORM! | No |
| X | Microsoft | wplayer.exe | Detected by Kaspersky as the RBOT.DYU TROJAN! See here | No |
| X | Microsoft | Explorer.exe | Added by a variant of the RBOT WORM! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System% | No |
| X | Microsoft | install.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| X | Microsoft | internetdat.exe | Detected by Kaspersky as the RBOT.ETY BACKDOOR! See here | No |
| X | Microsoft | ntsvr.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft | schost.exe | Detected by Kaspersky as the RBOT.FEH BACKDOOR! See here | No |
| X | Microsoft | soundvol32.exe | Detected by Kaspersky as the RBOT.CIJ BACKDOOR! See here | No |
| X | Microsoft | sqlservice.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Microsoft | svhost.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| X | Microsoft | winampaa.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Microsoft | winline.exe | Detected by Kaspersky as the AGENT.KT TROJAN! See here | No |
| X | Microsoft | wplayer.exe | Detected by Kaspersky as the RBOT.GHZ BACKDOOR! See here | No |
| X | Microsoft Associates, Inc. | iexplorer.exe | Added by the LOVGATE.Z WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) | No |
| X | Microsoft (C) HTML Application host | [random filename] | Added by the RBOT-YB WORM! | No |
| X | Microsoft (R) Windows Configuration Backup Service | svchost.exe | Added by the RANKY.X TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in either a "config", "mapping" or "security" subfolder of the Winnt or Windows folder | No |
| X | Microsoft (R) Windows DLL Loader | rundll32.exe | Added by the RANKY.W TROJAN! Note - this is not the legitimate rundll32.exe process, which is found in %Windir% (98ME) or %System% (NT2000XP). This one is located in %Windir%\dll | No |
| X | Microsoft (R) Windows Network Latency Controller | 1.tmp | Added by a generic password stealer TROJAN - see here | No |
| X | Microsoft (R) Windows Network Latency Controller | nlc.exe | Added by a generic password stealer TROJAN - see here | No |
| X | Microsoft (R) Windows Network Latency Controller | sp2vc.exe | Added by a generic password stealer TROJAN - see here | No |
| X | Microsoft (R) Windows Network Security Management Service | nsms.exe | Added by the RANKY.LC TROJAN! | No |
| X | Microsoft (R) Windows Protected Content Restoration Service | services.exe | Added by the AGENT.AGV BACKDOOR! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\etc | No |
| X | Microsoft (R) Windows Protocol Deployment Manager | [random].tmp | Added by an unidentified WORM or TROJAN! | No |
| X | Microsoft (R) Windows TCP/IP Socket Driver | [path to trojan] | Added by the PROXY-DD TROJAN! | No |
| X | Microsoft (R) Windows TCP/IP Socket Layer | services.exe | Added by the RBOT.ARM WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\winsock | No |
| X | Microsoft (R) Windows Update Service | wuauclt.exe | Added by a variant of the SDBOT WORM! Note - this is not the legitimate wuauclt.exe process, which should not appear in Msconfig/Startup! | No |
| X | Microsoft (R) Windows Vista/NT Runtime Compatibility Service | nrcs.exe | Added by the RANKY.X TROJAN! | No |
| X | Microsoft .NET Confingurator | msnconf.exe | Added by an unidentified VIRUS, WORM or TROJAN! | No |
| X | Microsoft 16Bit Update | wuapdate16.exe | Added by the RBOT.CZ WORM! | No |
| X | Microsoft 64 Bit Runtime Updater | wupdt64.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft ActiveX Debugger NT | [path to trojan] | Added by the BANCOS-DO TROJAN! | No |
| X | Microsoft Admin Protocal | MSADNIN.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft ADservice | [random filename] | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Agent | mdss32.exe | Added by the KEYLOG-AG TROJAN! | No |
| X | Microsoft Agent | svch0st.exe | Added by the VB-DRO WORM! | No |
| X | Microsoft ALG32 Protocol | alg32.exe | Added by a variant of the SPYBOT WORM! | No |
| X | Microsoft ALGXP Protocol | alg32.exe | Added by a variant of the SDBOT WORM! | No |
| X | Microsoft all | mmall.exe | Wopla.ac malware variant | No |
| N | Microsoft Announcement Listener | Annclist.exe | MS WebTV for Windows. Used to display TV on your PC via a compatible video card with in-built tuner (such as ATI All-In-Wonder). If you don't use it - uninstall it | No |
| X | Microsoft Ansti Update | msie.exe | Added by the RBOT-LE WORM! | No |
| X | Microsoft Anti Virus Controller | msavc.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Microsoft Anti Virus Controller | msavc32.exe | Detected by Kaspersky as the SDBOT.EPW BACKDOOR! See here | No |
| X | Microsoft Anti-Spy | [random filename] | Added by a variant of the SDBOT WORM! | No |
| X | Microsoft AntiSpyware | Bazzi.exe | Added by the AHKER.J WORM! | No |
| X | Microsoft AntiSpyware | KT06.pif | Added by the IRCBOT.GEN WORM! | No |
| X | Microsoft AOL Instant Messenger | MSAOL32.exe | Added by the RBOT-AAI WORM! | No |
| X | Microsoft AOL32 Protocol | aol32.exe | Added by a variant of the SPYBOT WORM! | No |
| X | Microsoft Application Center | mappc.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Application Manager | msapl32.exe | Added by the BROPIA-AE TROJAN! | No |
| X | Microsoft AUT Update | MSlti32.exe | Added by the RBOT-X WORM! | No |
| X | Microsoft AUT Update | MSlti16.exe | Added by the RBOT.EB WORM! | No |
| X | Microsoft Authority Service | lsass.exe | Added by the KALEL-D WORM! Note - this is not the legitimate lsass.exe process, which should not appear in Msconfig/Startup! | No |
| X | Microsoft auto update | winupdate.exe | Added by the BMBOT TROJAN! | No |
| X | Microsoft Auto Update | WINHLP16.EXE | Added by the RBOT.GY WORM! | No |
| X | Microsoft auto update | wuauclt.exe | Added by the CULT-B TROJAN! Note - this is not the legitimate wuauclt.exe process, which should not appear in Msconfig/Startup! | No |
| X | Microsoft Automatic Update Serivce | msautou.exe | Added by the RBOT-AOB WORM! | No |
| X | Microsoft Automatic Updater | Explorer.exe | Added by the RBOT-SG WORM! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System% | No |
| X | Microsoft AutoUpdater | svhost.exe | Added by the RBOT.QG WORM! | No |
| X | Microsoft Bool Value | MV2.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft boot system cfg32 | actboost.exe | Added by the BROPIA.R WORM! | No |
| U | Microsoft Broadband Networking | MSBNTray.exe | Microsoft Broadband Networking Tray Application | No |
| X | Microsoft Browser Services | Brwsr32.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | Microsoft Browser Services | Brwsr64.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | Microsoft Cab Manager | exec.exe | Affilred adware | No |
| X | Microsoft Cab Manager | cab.exe | Added by the DELF-JJ TROJAN! | No |
| X | Microsoft Calculator | calc.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | Microsoft checker | MsPMSPTv.exe | Added by a variant of the SDBOT WORM! | No |
| X | Microsoft Client | mshost.exe | Added by the RBOT-AND WORM! | No |
| X | Microsoft Client | msclient.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Microsoft Client Pc | spoolsrv.exe | Added by the RBOT-AQM WORM! | No |
| X | Microsoft Client/Server Runtime Server Subsystem | csrs.exe | Added by a variant of the AGOBOT/GAOBOT WORM! | No |
| X | Microsoft Client/Server Runtime Server Subsystem | csrssa.exe | Added by a variant of the AGOBOT/GAOBOT WORM! | No |
| X | Microsoft Com Port Manager | svdhost.exe | Added by the SDBOT-NI WORM! | No |
| X | Microsoft Command Line | wincmd.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Conf Ldr | sysconf.exe | Added by a variant of the SDBOT TROJAN! | No |
| X | Microsoft ConfgKeys | wurmgrd32.exe | Added by the RBOT-ARX WORM! | No |
| X | Microsoft Config | msconf.exe | Added by the RBOT.PV WORM! | No |
| X | Microsoft Config | MSCONF.EXE | Added by the RBOT-LG WORM! | No |
| X | Microsoft Config 32 | msconfigx32.exe | Reported as the MSCONFIGX32 TROJAN! Possible Rbot variant | No |
| X | Microsoft Config 32bit | mscnfg32.exe | Added by the RBOT-Z WORM! | No |
| X | Microsoft Config File | config.exe | Added by the KILLFILES.GR TROJAN! This is malware that will attempt to delete all system dlls! | No |
| X | Microsoft Config Loader | msconfig32.exe | Added by the AGOBOT.XX WORM! | No |
| X | Microsoft Config Loader | msrun32.exe | Added by the AOGBOT-DY WORM! | No |
| X | Microsoft Config Loader | msconf32.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Configoration Service | msconfigs.exe | Added by the RBOT-ETT WORM! | No |
| X | Microsoft Configs 32 | msgconfigrs.exe | Added by a variant of the SDBOT WORM! | No |
| X | Microsoft Configuration | msconfig32.exe | Added by the SDBOT.MQ WORM! | No |
| X | Microsoft Configuration 35 | microsot1.exe | Added by an unidentified TROJAN! | No |
| X | Microsoft Configuration Wizard | taskmrg.exe | Added by the SDBOT-MX TROJAN! | No |
| X | Microsoft Configure 32 | msgconfigre.exe | Added by a variant of the AGOBOT/GAOBOT WORM! | No |
| X | Microsoft Connection Manager Monitor | cmmon.pif | Added by the RBOT-AKV WORM! | No |
| X | Microsoft Control Center | crtl.exe | Added by the RBOT-VX WORM! | No |
| X | Microsoft Core Support | MSxUP32.exe | Added by the RBOT-ANR WORM! | No |
| X | Microsoft Core Support | [random filename] | Added by a variant of the RBOT TROJAN! | No |
| X | Microsoft Corp SQL Certificates | sqlcer.exe | Added by the ZYBOT-C WORM! | No |
| X | Microsoft Corp SSL Certificates | windowz.exe | Added by the RBOT-GCZ WORM! | No |
| X | Microsoft Corp TLS Certificates | msauth.exe | Added by the RBOT-GAC WORM! | No |
| X | Microsoft Corp Updates | wupdates.exe | Added by the RBOT-AUU WORM! | No |
| X | Microsoft Corp. Host Services | svchosl.exe | Added by the RBOT-FMZ WORM! | No |
| X | Microsoft Corporaticn SQL Handler | sqlhandler.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Corporation | [random filename] | Added by various VIRUSES, WORMS & TROJANS! | No |
| X | Microsoft Corporation | jview.exe | Added by the RBOT-AOD WORM! | No |
| X | Microsoft Corporation Svchost Service | mssvc.exe | Added by a variant of the SDBOT WORM! See here | No |
| X | Microsoft Corporation Svchost Service | mswsc.exe | Added by the AGENT.MAB TROJAN! | No |
| X | Microsoft Corporation SYM monitor | mssym.exe | Added by the RBOT-GDB WORM! | No |
| X | Microsoft CP Web Manager | webcp.exe | Added by the IRCBOT.HP TROJAN! | No |
| X | Microsoft CPU Over Heat Manager | CPU.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | Microsoft CPXP Protocol | cpxp.exe | Added by the RBOT.ATP WORM! | No |
| X | Microsoft Critical Services | svhhost.exe | Added by the AGOBOT-AJA WORM! | No |
| X | Microsoft Crs Fix Serv | wincrs.exe | Added by the SDBOT.BWF WORM! | No |
| X | Microsoft CRT Monitor Manager | crtmon.exe | Added by the ROBOTON.A WORM! | No |
| X | Microsoft CSRSS Service | nsmscrs.exe | Added by the RBOT-BPT WORM! | No |
| X | Microsoft CSRSS32 Protocol | csrss32.exe | Added by a variant of the AGOBOT/GAOBOT WORM! | No |
| X | Microsoft CSRSS386 Protocol | csrss386.exe | Added by a variant of the SPYBOT WORM! | No |
| X | Microsoft Cvrt | mscvrt32.exe | Added by an unidentified VIRUS, WORM or TROJAN! | No |
| X | Microsoft Data Helper | cihost.exe | Malware, possibly a variant of the LINST TROJAN | No |
| X | Microsoft Data Machine | csdata32.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Database Handler | mssql32.exe | Added by the RANDEX.AX WORM! | No |
| X | Microsoft Datalog Application | msdata.exe | Added by a variant of the SDBOT WORM! | No |
| X | Microsoft DDE Control | wupades.exe | Added by a variant of the SDBOT WORM! | No |
| X | Microsoft DDEs Control | Erun.pif | Added by the RBOT-AMU WORM! | No |
| X | Microsoft Debug Service | dbgbgr.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Decryption Technology | Msfenoe.exe | Added by the SPYBOT-DG WORM! | No |
| X | Microsoft Desktop Manager | msdesk32.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Dev | iexplorer32.exe | Added by a variant of the AGOBOT/GAOBOT WORM! | No |
| X | Microsoft Development Debugger | msdev.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Development Services | msdevelop.exe | Added by the RBOT-FWS WORM! | No |
| X | Microsoft Device Manager | msdevmgr32.exe | Added by the LATEDA.B TROJAN! | No |
| X | Microsoft Device Manager | mscmtl32.exe | Detected by Kaspersky as the AGENT.BMQ TROJAN! See here | No |
| X | Microsoft Device Manager | svcswin.exe | Added by the IRCBOT-YH TROJAN! | No |
| X | Microsoft Diagnostic | [random filename] | Added by the ACEBOT TROJAN! | No |
| X | Microsoft Diagnostic | msdiag32.exe | Added by the RBOT-UC WORM! | No |
| X | Microsoft Digital Clock | msclock.exe | Added by the NACKBOT-D WORM! | No |
| X | Microsoft Digital Cryptors | mdigits.exe | Added by the SDBOT.LM WORM! | No |
| X | Microsoft DirectX | Spoolserv.exe | Added by the DINFOR WORM! | No |
| X | Microsoft DirectX | rasmngr.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft DirectX | PDSched.exe | Added by the SDBOT.CN WORM! | No |
| X | Microsoft DirectX | wuamgrd.exe | Added by the SDBOT.MY WORM! | No |
| X | Microsoft DirectX | time123.exe | Added by the SDBOT.MD WORM! | No |
| X | Microsoft Directx | directxat.exe | Added by the SDBOT-BXF WORM! Note - disables autostart for the SharedAccess service and deactivates the Microsoft Internet Connection Firewall (ICF) | No |
| X | Microsoft Directx click | directxclick.exe | Added by a variant of the RBOT-GHT WORM! | No |
| X | Microsoft Directx clicks | directxclickers.exe | Added by the RBOT-GHT WORM! | No |
| X | Microsoft Directx push | directxpushup.exe | Added by a variant of the RBOT-GHT WORM! | No |
| X | Microsoft Directxsp | directxbt.exe | Added by a variant of the RBOT-GHT WORM! | No |
| X | Microsoft Directxspnew | directxnew.exe | Added by a variant of the RBOT-GHT WORM! | No |
| X | Microsoft DirktorWin | [random filename] | Added by the SPYBOT.GEN3 TROJAN! | No |
| X | Microsoft Disk Scanner | scansdisk.exe | Added by the WOOTBOT.DT WORM! | No |
| X | Microsoft DLL | fumeta.exe | Added by the RBOT-AUG WORM! | No |
| X | Microsoft Dll | runapidll.exe | Added by the RBOT-GRG WORM! | No |
| X | Microsoft DLL Authentification | dllsecure.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | Microsoft DLL Extensions | SystemDll.exe | Added by the RBOT-ADV WORM! | No |
| X | Microsoft dll Host Service | wkssr.exe | Added by a variant of the SDBOT WORM! | No |
| X | Microsoft DLL Host Service | dllmemhost.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | Microsoft DLL Host Service | svcdllhst.exe | Added by the AGENT.EAK TROJAN! | No |
| X | Microsoft dll Host Service | svchost.exe | Detected by Kaspersky as the RBOT.BMS WORM! See here. Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! | No |
| X | Microsoft DLL Library | winlib32.exe | Added by the ATNAS.A WORM! | No |
| X | Microsoft Dll Management | windll.exe | Added by the RBOT-MT WORM! | No |
| X | Microsoft Dll Manager | microsoft32dll.exe | Added by the SHEUR.LH TROJAN! | No |
| X | Microsoft DLL Monitor | dllmon32.exe | Detected by Trend Micro as the AGENT.WP WORM! See here | No |
| X | Microsoft DLL Monitor | dllmon64.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | Microsoft DLL Monitor | dllmonitor.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | Microsoft Dll Printer Manager | dllpt.exe | Added by the SDBOT.BIH WORM! | No |
| X | Microsoft DLL Service | servicedll.exe | Detected by Trend Micro as the RCBOT.OX TROJAN! See here | No |
| X | Microsoft DLL Service | svcdll.exe | Added by a variant of the SPYBOT WORM! | No |
| X | Microsoft DLL Source | dllsrc.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | Microsoft DLL Verifier | file.exe | Added by the RBOT-AED WORM! | No |
| X | Microsoft DLL Verifier | chkfile.exe | Added by the RBOT-AOC WORM! | No |
| X | Microsoft DLL Verifier | csrssv.exe | Added by the RBOT-ATK WORM! | No |
| X | Microsoft DLL Verifier | mscon.exe | Added by the SDBOT.EAH WORM! | No |
| X | Microsoft DLL Verifier | winavguard.exe | Added by the SDBOT.AAD WORM! | No |
| X | Microsoft DLLSet32 | dllset32.exe | Added by the RBOT.OZ WORM! | No |
| X | Microsoft DNS Query | msdns.exe | Added by a variant of the WOOTBOT WORM! | No |
| X | Microsoft DNSx | mdnex.exe | Added by the DELBOT-AI WORM! | No |
| X | Microsoft Document | krisp.exe | Added by the SDBOT-RQ WORM! | No |
| X | Microsoft Domain Controller | mstc.exe | Added by the NUGACHE.A WORM! | No |
| X | Microsoft Driver | faet.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Driver Control | windrv.exe | Added by the SDBOT.FW WORM! | No |
| X | Microsoft Driver Manager | mswindrv.exe | Added by the FORBOT-EZ WORM! | No |
| X | Microsoft driver update | Mshome.exe | Added by the SDBOT.BL WORM! | No |
| X | Microsoft Drivers | WSconf.exe | Added by a variant of the SDBOT WORM! | No |
| X | Microsoft ErgoPack | wserb32.exe | Added by the RBOT-RI WORM! | No |
| X | Microsoft EV32 Service | MSev32.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Event Engine | EvtEngn.exe | Added by the RBOT-XV WORM! | No |
| X | Microsoft Excel | msexcel.exe | Added by the RBOT-TQ WORM! | No |
| X | Microsoft Excele | msmsgs.exe | Detected by Kaspersky as the AGENT.XFO TROJAN! See here | No |
| X | Microsoft Excell | wuamngr32.exe | Added by the RBOT-QH WORM! | No |
| X | Microsoft Executing | microsoft.exe | Added by the AGOBOT.UV WORM! | No |
| X | Microsoft Explorer | svapache.exe | Added by the RBOT-VR WORM! | No |
| X | Microsoft Explorer | explorer.scr | Added by the RBOT-ADH WORM! | No |
| X | Microsoft Explorer | explorer.pif | Added by the SDBOT-ACX WORM! | No |
| X | Microsoft Explorer | explorer.exe | Added by the POEBOT-LY WORM! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System% | No |
| X | Microsoft Explorer Service | msexplore.exe | Detected by Kaspersky as the IRCBOT.AYB TROJAN! See here | No |
| X | Microsoft explorer Update | internal.exe | Added by an unidentified WORM or TROJAN! | No |
| X | Microsoft Explorer2 | system.exe | Added by the IRCBOT.BS TROJAN! | No |
| X | Microsoft Explorer2 | nome.exe | Added by the RANDEX.AA WORM! | No |
| X | Microsoft Explorer2 | bitchbot.exe | Added by the SDBOT.EV WORM! | No |
| X | Microsoft EXPLOREXP Protocol | explorexp.exe | Added by a variant of the SPYBOT WORM! | No |
| X | Microsoft Features | ms32cfg.exe | Added by the RBOT.HO WORM! | No |
| X | Microsoft Features | msie.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft File Demand Manager | wmgrdf.exe | Added by a variant of the RBOT WORM! | No |
| N | Microsoft Find Fast | Findfast.exe | Resource hog from older versions of MS Office - searches disk drives for Office file types and creates an index to make opening them easier | No |
| X | Microsoft Firewall | firewallsp2.exe | Added by the RBOT-MC WORM! | No |
| Y | MICROSOFT FIREWALL CLIENT | ISATRAY.EXE | MS Internet Security and Acceleration Server - see here | No |
| X | Microsoft FixUp | pevblbvr.exe | Added by the RBOT.DWK WORM! | No |
| X | Microsoft FixUp | wnpzjpuw.exe | Added by a variant of the SDBOT WORM! | No |
| X | Microsoft Games | gamemanager.exe | Added by the SPYBOT.AHQ WORM! | No |
| X | Microsoft Generic Update Manager | wupdate.exe | Added by the RBOT-AWC TROJAN! | No |
| X | Microsoft Genetic Procress | svchost.exe | Added by a variant of the SDBOT WORM! | No |
| X | Microsoft Genuine Logon | msnmsg.exe | Added by the IRCBOT-XH WORM! | No |
| X | Microsoft Genuine Logon | svchost.exe | Added by the SDBOT.EXT WORM! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder | No |
| X | MicroSoft Getway Dire | [random filename] | Added by the IRCBRUTE>AM WORM! | No |
| X | MicroSoft Getway mqbol | [12 random letters].exe | Detected by Trend Micro as the RBOT.GBA WORM! See here | No |
| X | Microsoft Gina V Encryption | MSGINAV.EXE | Added by an unidentified VIRUS, WORM or TROJAN! | No |
| N | Microsoft Greetings Reminders | MHPRMIND.EXE | Microsoft Home Publishing greetings reminder | No |
| N | Microsoft Greetings Workshop Reminder | Gwremind.exe | You really want to be reminded about somebody's birthday at the expense of resources? | No |
| N | Microsoft Greetings Reminder | MHPRMINF.EXE | You really want to be reminded about somebody's birthday at the expense of resources? | No |
| X | Microsoft HDCP for NT | msdhcp.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft HDCP for NT and Win9x | msdhcprs.exe | Added by a variant of the PEERBOT WORM! | No |
| X | Microsoft Help | svh0st.exe | Added by a variant of the SPYBOT WORM! | No |
| X | Microsoft Help | svchosl.exe | Added by the AGENT-GPX TROJAN! | No |
| X | Microsoft Help Support | mshelp32.exe | Addded by the KELVIR-BF WORM! | No |
| X | Microsoft Help SVC | msnmngr.exe | Added by the SDBOT-PQ WORM! | No |
| X | Microsoft Help System | mshelp32.exe | CoolWebSearch parasite variant | No |
| X | Microsoft Host Protocol | svhost.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Hosting Service | WINHOSTING.EXE | Added by the RBOT.AEV WORM! | No |
| X | Microsoft Hosts Service | Isass.exe | Added by a variant of the RBOT WORM! | No |
| U | microsoft hotmail monitor | mshotmon.exe | Added by the MYTOB-FL WORM! | No |
| X | Microsoft hren1 | mmhren1.exe | Added by a variant of the AGENT.IWW TROJAN! | No |
| X | Microsoft Hyptertext Helper | mshtha.exe | Added by a variant of the SPYBOT WORM! | No |
| X | Microsoft IDCN | mshe1p.exe | Added by an unidentified TROJAN! | No |
| X | Microsoft IE | Iexplore.exe | Added by the FORBOT-AG WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System% | No |
| X | Microsoft IE Execute shell | IEExec.exe | Added by the ALADINZ.N TROJAN! | No |
| X | MicroSoft IE Sasser | ISASS.EXE | Added by the SDBOT.MX WORM! | No |
| X | Microsoft IIS | syshost.exe | Added by the FRANCETTE WORM! | No |
| X | Microsoft IIS | [filename] | Added by the FRANCETTE-S WORM! | No |
| X | Microsoft Inc. | iexplorer.exe | Added by the LOVGATE.E WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) | No |
| X | Microsoft Inc. | iexplorer.exe... | Added by the LOVGATE.AO WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) | No |
| X | Microsoft Incroporate | mfs.exe | Added by the RBOT-ANF WORM! | No |
| X | Microsoft Inet Xp.. | teekids.exe | Added by the BLASTER.C WORM! | No |
| X | Microsoft Information Check | microsoft.exe | Added by the IRCBOT.AUH TROJAN! | No |
| X | Microsoft Initialization Service | initsvc.exe | Detected by Trend Micro as the IRCBOT.AXK BACKDOOR! See here | No |
| X | Microsoft Initialization Services | initserv.exe | Added by the IRCBOT-ABO TROJAN! | No |
| X | Microsoft Install Shield Services | rundll64 | Added by the RBOT-FSH WORM! | No |
| X | Microsoft Installshield | nundll32.exe | Added by the AGOBOT-AHZ WORM! | No |
| X | Microsoft Instant Messenger | msngmsngr32.exe | Added by the SPYBOTER.GEN TROJAN! | No |
| X | Microsoft Int Service | MsIntSrv.exe | Added by a variant of the RBOT WORM! | No |
| U | Microsoft Intellitype Pro | speedkey.exe | Additional keyboard shortcuts on MS programmable keyboard | No |
| X | Microsoft Internal AntiVirus Systems | dIlhost.exe | Added by the RBOT-AEV WORM! | No |
| X | Microsoft Internel Corporat | netvhost.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| X | Microsoft Internel Corporat | smbvhost.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| X | Microsoft Internet | expl0rer.exe | Added by a variant of the SPYBOT WORM! | No |
| X | Microsoft Internet | windows32.exe | Added by the SDBOT-F WORM! | No |
| X | Microsoft Internet | wincfg16.exe | Added by a variant of the SDBOT WORM! | No |
| X | Microsoft Internet Acceleration Utility | iau.exe | EasySearch adware | No |
| X | Microsoft Internet Acceleration Utility | [path to file] | Added by the AGENT-CX TROJAN! | No |
| X | Microsoft Internet Acceleration Utility | [path to trojan] | Added by the SMUTSRCH-A TROJAN! | No |
| X | Microsoft Internet Antivirus Protection | antivirus.exe | Detected by Kaspersky as the IRCBOT.BSK TROJAN! | No |
| X | Microsoft Internet Dumping Protocol | inetdump.exe | Detected by Kaspersky as the IRCBOT.BLL TROJAN! See here | No |
| X | Microsoft Internet Exp | iiexplorer.exe | Added by the RBOT-KX WORM! | No |
| X | Microsoft Internet Explorer | iexplore.exe | Added by the POEBOT-J WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System% | No |
| X | Microsoft Internet Explorer | iexplorer.exe | Added by the SDBOT-XN | No |
| X | Microsoft Internet Explorer | crsys32.exe | Added by the RBOT.UZ WORM! | No |
| X | Microsoft Internet Explorer | movies.exe | Added by the BANCOS-DZ TROJAN! | No |
| X | Microsoft Internet Explorer | svzhost.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Internet Explorer | mccagent.exe | Added by the DLOADER-UD TROJAN! | No |
| X | Microsoft Internet Explorer | sysini.exe | Added by the DELF-LN TROJAN! | No |
| X | Microsoft Internet Explorer | svchost.exe | Added by the IRCBOT-AK TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "drivers" subfolder | No |
| X | Microsoft Internet Explorer | lEXPLORE.EXE | Added by the RBOT-AMM WORM! Note - the executable is spelt with a lower case "L" rather than an lower or upper case "i" which is the case with Internet Explorer | No |
| X | Microsoft Internet Explorer Manager | ie.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | Microsoft Internet Explorer Update | ieupdate.exe | Added by the SHEUR.MH TROJAN! | No |
| X | Microsoft Internet Firewall | firewall.exe | Added by the IRCBOT.MD BACKDOOR! | No |
| X | Microsoft Internet Firewall Manager | GMT16.exe | Added by the RANDEX.AT WORM! | No |
| X | Microsoft Internet Firewall Update | updater.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | Microsoft Internet Services | Smss32.exe | Added by the RBOT.MS WORM! | No |
| X | Microsoft Internet Syncing | inetsync.exe | Detected by Kaspersky as the IRCBOT.BLL TROJAN! See here | No |
| X | Microsoft Intrenet Explorer | goaw.pif | Added by the RBOT-API WORM! | No |
| X | Microsoft Intrenet Explorer | Soundsyst.exe | Added by the RBOT-AQU WORM! | No |
| X | Microsoft Intrenet Explorer | cnsg.pif | Added by the RBOT-ARO WORM! | No |
| X | Microsoft Intrenet Explorer | wcumrg.exe | Added by the SDBOT-AFD WORM! | No |
| X | Microsoft IPC | system.exe | Added by the NULLBOT TROJAN! | No |
| X | Microsoft IPC | svshost.exe | Added by an unidentified VIRUS, WORM or TROJAN! | No |
| X | Microsoft IT Update | win64.exe | Added by the RBOT.GA WORM! | No |
| X | Microsoft IT Update | [random filename] | Added by a variant of the RBOT WORM! | No |
| X | Microsoft IT Update | IEserv.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft IT Update | msupdate.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft IT Update | winn43.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft IT Update | svchsst.exe | Added by the RBOT-DH WORM! | No |
| X | Microsoft IT Update | win43.exe | Added by the RBOT-SA WORM! | No |
| X | Microsoft IT Update | windows.exe | Added by the RBOT-JM WORM! | No |
| X | Microsoft IT Update | winsyst32.exe | Added by the RBOT-FC WORM! | No |
| X | Microsoft IT Update | Rhost32.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | Microsoft Java Virtual Machine | winscr32.exe | Added by a variant of the WOOTBOT WORM! | No |
| X | Microsoft Java Virtual Machine | MsConfiG.exe | Added by the FORBOT-DV WORM! | No |
| X | Microsoft Java Virtual Machine | msjvm.exe | Added by a variant of the SDBOT WORM! | No |
| X | Microsoft Java Virtual Machine | javavm.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Java Windows Update | [filename] | Added by the RBOT-DZ WORM! | No |
| X | Microsoft JavaVM | msjarun.exe | Added by the RBOT-JW WORM! | No |
| X | Microsoft Kernel | Windows_kernel32.exe | Added by the NETSKY.AE WORM! | No |
| X | Microsoft Keyboard Enhance 2.0. | iasrecst.exe | Added by the BCKDR-QIL TROJAN! | No |
| X | Microsoft Keyboard Enhance V2.0 | iasrecst.exe | Detected by F-Prot as the DOWNLOADER2.AILI TROJAN! | No |
| X | Microsoft Kinetik Svc | msftksvc.exe | Detected by Trend Micro as the AGENT.AGDO TROJAN! See here | No |
| X | Microsoft LAN32 Protocol | lanXp.exe | Added by the RBOT-SS WORM! | No |
| X | MicroSoft Legal Syst3m32 | Syst3m32.exe | Detected by PCTools as the RBOT.UYL WORM! See here | No |
| X | Microsoft Lmhosting Service | lmhosts.exe | Added by the RBOT-RC WORM! | No |
| X | Microsoft Locals 332 | [random filename] | Added by the RBOT-KU WORM! | No |
| X | Microsoft Locals466 | xagwxzy.exe | Added by the SPYBOT.EL WORM! | No |
| U | Microsoft Location Finder | LocationFinder.exe | Microsoft Location Finder "is a client-side application that turns a regular WiFi enabled laptop, Tablet or PC into a location determining device without the addition of any separate hardware" | No |
| X | Microsoft Login | winlogin.exe | Added by the RBOT-AJP WORM! | No |
| X | Microsoft LSA layer | MSLSA32.exe | Added by the RBOT-AKZ WORM! | No |
| X | Microsoft Lsass Center | Isass.exe | Added by a variant of the SDBOT WORM! | No |
| X | Microsoft Lsass Center | telecomes.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Lsass Manager | lsass.exe | Added by a variant of the SDBOT WORM! Note - this is not the legitimate lsass.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! | No |
| X | Microsoft Lsass Service | wintcp32.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | Microsoft LSASS386 Protocol | scvhost32.exe | Added by a variant of the SPYBOT WORM! | No |
| X | Microsoft LV | [path to file] | Added by the BDOOR-BDL BACKDOOR! | No |
| X | Microsoft Machine | winjava.exe | Added by a variant of the AGOBOT/GAOBOT WORM! | No |
| X | Microsoft machine | blah.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft machine | svchost.exe | Detected by Kaspersky as the RBOT.AEU TROJAN! See here. Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! | No |
| X | Microsoft Machine Script | iexplorersis.exe | Added by the RBOT-CMH WORM! | No |
| X | Microsoft Macro Protection SubSsy | msacroprots386.exe | Added by the RBOT-KE WORM! | No |
| X | Microsoft Macro Protection Subsystems | msmacroprotxz.exe | Added by a variant of the SPYBOT WORM! | No |
| X | Microsoft Macro Protection Subsystems | Msmacroprot32.exe | Added by the RBOT.KN WORM! | No |
| X | Microsoft Manage Services | sychost.exe | Added by the SLENFBOT.AD WORM! | No |
| X | Microsoft Manage Services | schost.exe | Detected by PCTools as the SLENFBOT.B WORM! See here | No |
| X | Microsoft Management | lmas.exe | Added by the FORBOT-CZ WORM! | No |
| X | Microsoft Management Console | lssas.exe | EasySearch adware | No |
| X | Microsoft Management Console | [path to trojan] | Added by the SMUTSRCH-A TROJAN! | No |
| X | Microsoft Management Console | lssas1.exe | Added by the DLOADR-AWD TROJAN! | No |
| X | Microsoft Manager | msmanager.exe | Added by the MYTOB.LF WORM! | No |
| X | Microsoft Map PC | mappc.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Mapped PC | mappedpc.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft media | winmplayers.exe | Added by a variant of the SPYBOT WORM! | No |
| X | Microsoft Media Manager | medman.exe | Added by the RBOT.EUZ WORM! | No |
| X | Microsoft Media player 9 | msmedia32.exe | Added by the RBOT-ADO WORM! | No |
| X | Microsoft media services | Iassd.exe | Added by a variant of the AGOBOT/GAOBOT WORM! | No |
| X | Microsoft media services | winmplayer.exe | Added by the RBOT.ZO WORM! | No |
| X | Microsoft MediaScope | winmes.exe | Added by the RBOT-XU WORM! | No |
| X | Microsoft Memory Dumping Protocol | memdump.exe | Detected by Kaspersky as the IRCBOT.BJK TROJAN! See here | No |
| X | Microsoft Memory Flow Cycle | flowcycle.exe | Detected by PCTools as the IRCBOT.WAD TROJAN! See here | No |
| X | Microsoft Memory Flow Cycle | flowcycles.exe | Detected by Kaspersky as the WAREZOV.AAK WORM! See here | No |
| X | Microsoft Message Machine | msmesg32.exe | Added by the SPYBOT.BI WORM! | No |
| X | Microsoft Messenger Management Controls | msmgmctl.exe | Added by the RBOT-APA WORM! | No |
| X | Microsoft messenger sd | msngersd.exe | Added by an unidentified TROJAN! | No |
| X | Microsoft Messenger Service | msmsg32.exe | Added by the RBOT.BOK WORM! | No |
| X | Microsoft Messenger XP | MSMSN32.exe | Added by the RBOT-ZP WORM! | No |
| X | Microsoft MicroP Protocol | wdgmr32.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Movie Maker | Mmaker.exe | Added by the IRCBOT.C TROJAN! Note that this is not a valid Microsoft program | No |
| X | Microsoft MSGPLUS32 Protocol | msgplus32.exe | Added by a variant of the SPYBOT WORM! | No |
| X | Microsoft MSN 7 Services | msnmsg.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| X | Microsoft MSN 7 Services | msnmsger.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| X | Microsoft MSN Messenger | msnmnsgr.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | Microsoft MSNGR32 Protocol | msngr32.exe | Added by a variant of the SPYBOT WORM! | No |
| X | Microsoft msnseru | msnseru.exe | Added by the RBOT-APB WORM! | No |
| X | Microsoft MsnST | msnst32.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft MSUPDATE | SpoolSvc.exe | Added by the SXTB-A TROJAN! | No |
| X | Microsoft Neser Experience | nese.exe | Added by the RBOT-YH WORM! | No |
| X | Microsoft NetMeeting Associates, Inc. | NetMeeting.exe | Added by the LOVGATE.AB WORM! | No |
| X | Microsoft Netview | gesfm32.exe | Added by the RANDEX.C WORM! | No |
| X | Microsoft Netview | mssvc32.exe | Added by an unidentified VIRUS, WORM or TROJAN! | No |
| X | Microsoft Netview Component v5.1 | msnv32.exe | Added by the RANDEX.F WORM! | No |
| X | Microsoft Network | msnet.exe | Added by the MOCKBOT.A WORM! | No |
| X | Microsoft Network | Networksystem.exe | Added by the SDBOT-AAI WORM! | No |
| X | Microsoft Network Daemon for Win32 | Netd32.exe | Added by the SDBOT.R TROJAN! | No |
| X | Microsoft Network Host | svc0host.exe | Added by the SDBOT-AEN WORM! | No |
| X | Microsoft Network Neighbourhood | networknbh.exe | Added by the RBOT.DMN WORM! | No |
| X | Microsoft Network Services Controller | mmsvc32.exe | Added by the NANPY-A WORM! | No |
| X | Microsoft Networking Agent For SP2 | msnac32.exe | Added by the SPYBOT.PEN WORM! | No |
| X | Microsoft Nod32 Service | nood32.exe | Added by the RBOT.EJP WORM! | No |
| X | Microsoft Norotn Anti Virus | mnhpot.exe | Added by the RBOT-GRO WORM! | No |
| X | Microsoft Norton Antivirus | norton.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | Microsoft NotePad | notepad.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft NT Drivers | ntdrv.exe | Added by the SDBOT.AJN TROJAN! | No |
| X | Microsoft NT Update | winexec32.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Nvidia Video | nvidia.exe | Added by a variant of the SDBOT WORM! | No |
| N | Microsoft Office | Osa.exe | Application which launches common MS Office components to help speed up the launch of Office programs. It's somewhat of a resource hog, and some users claim there's no difference with or without it but it usually isn't required. Note - if you make use of the Microsoft Office Shortcut Bar outside an office program this application will need to be enabled for it to show | No |
| N | Microsoft Office | Msoffice.exe | Alternative shortcuts to the Start -> Programs way of running applications installed as part of MS Office. Some people prefer it but a better way is to create Desktop Shortcuts if you want access these programs quickly | No |
| X | Microsoft Office | MSMSGR.exe | Added by the GAOBOT.BB WORM! | No |
| N | Microsoft Office | Osa9.exe | Application which launches common MS Office components to help speed up the launch of Office programs. It's somewhat of a resource hog, and some users claim there's no difference with or without it but it usually isn't required. Note - if you make use of the Microsoft Office Shortcut Bar outside an office program this application will need to be enabled for it to show | No |
| X | Microsoft Office | lserv.exe | Added by the SDBOT.MH WORM! | No |
| X | Microsoft Office | Microsoft Office.hta | HTA file which creates an executable on the hard drive which subsequently proceeds to download files from a malware site! | No |
| X | Microsoft Office | msoicons.exe | Added by the RBOT-ZI WORM! - NOTE - do no confuse with the legitimate Msoicons.exe file described here. The latter wil not be listed among your startups! | No |
| X | Microsoft Office | Nxcao.exe | Added by the RBOT-ZE WORM! | No |
| X | Microsoft Office | nxcxtpr.exe | Added by the RBOT-YG WORM! | No |
| X | Microsoft Office | svxhost.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Office | msoffice32.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Office | msoff.exe | Added by the RAKER-C TROJAN! | No |
| X | Microsoft Office | microsoft.exe | Added by the BANKER-VF TROJAN! | No |
| X | Microsoft Office | msvcp.exe | Added by the AGENT-XK TROJAN! | No |
| X | Microsoft Office | msmsgr.exe | Added by the GAOBOT.BB WORM! | No |
| X | Microsoft Office | mdm.exe | Added by the IBOT-A TROJAN! Note - this is not the legitimate Machine Debug Manager (mdm.exe) process which is always located in %ProgramFiles%\Microsoft Shared. This one is located in %System% | No |
| N | Microsoft Office Fast Cache | Fastboot.exe | Part of MS Office 95 (v7.0). According to this it improves the performance. Most likely a predecessor of MS Find Fast and can be disabled | No |
| X | Microsoft Office Monitor | alg2k.exe | Added by the SDBOT-CZO WORM! | No |
| X | Microsoft Office Monitor | aql32.exe | Added by the RBOT-GCY TROJAN! | No |
| U | Microsoft Office OneNote 2003 Quick Launch | ONENOTEM.EXE | ONENOTEM.EXE is a part of the note taking program that ships with Microsoft Office 2003. It's required for the side note windows to work | No |
| X | Microsoft Office Quick Launcher | iau1.exe | Added by the DLOADR-AWD TROJAN! | No |
| N | Microsoft Office Shortcut Bar | Msoffice.exe | Alternative shortcuts to the Start -> Programs way of running applications installed as part of MS Office. Some people prefer it but a better way is to create Desktop Shortcuts if you want access these programs quickly | No |
| X | Microsoft Office Start | winupdates.exe | Added by the GAOBOT.BC WORM! | No |
| N | Microsoft Office Startup | Osa.exe | Application which launches common MS Office components to help speed up the launch of Office programs. It's somewhat of a resource hog, and some users claim there's no difference with or without it but it usually isn't required. Note - if you make use of the Microsoft Office Shortcut Bar outside an office program this application will need to be enabled for it to show | No |
| N | Microsoft Office Startup | Osa9.exe | Application which launches common MS Office components to help speed up the launch of Office programs. It's somewhat of a resource hog, and some users claim there's no difference with or without it but it usually isn't required. Note - if you make use of the Microsoft Office Shortcut Bar outside an office program this application will need to be enabled for it to show | No |
| X | Microsoft Office Studio | scvhvst.exe | Added by the RANDEX.CST WORM! | No |
| X | Microsoft OfficeXP | officeXP.exe | Added by the KILLAV.MA WORM! | No |
| X | Microsoft Oftice | msmsgs.exe | Added by the IRCBOT.ALT WORM! Note - not to be confused with msmsgs.exe, the well known MSN Instant Messaging application! | No |
| X | Microsoft Opeions | IEXwe.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Outlook Express Protocol | svchst.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Patch Update | bootini.exe | Added by the RBOT-FMN WORM! | No |
| X | Microsoft PC Health Remote Assistance File Open & Save controls | sfrcdlg32.exe | Added by the RBOT-AVY WORM! | No |
| X | Microsoft PCHealth32 | [path to file] | Added by the NICE-A TROJAN! | No |
| X | Microsoft PCHealth32 | NDDENB.exe | Added by the PWSYAHOO-A TROJAN! | No |
| X | Microsoft PCI Manager | mspci.exe | Added by a variant of the SDBOT WORM! | No |
| X | Microsoft Personal Firewalls | bakw.exe | Added by the RBOT-KS WORM! | No |
| X | Microsoft Problem Doctor | windr128.exe | Added by the SMALLTRO.EF TROJAN! | No |
| X | Microsoft Problem Doctor | windr32.exe | Added by a variant of the SMALLTRO.EF TROJAN! | No |
| X | Microsoft Problem Doctor | windr64.exe | Added by a variant of the SMALLTRO.EF TROJAN! | No |
| X | Microsoft Proc Driver32 | msprc.exe | Added by a variant of the WOOTBOT WORM! | No |
| X | Microsoft Procedure Call | MSPCALL.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Process Manager | process32.exe | Added by the CHECKOUT WORM! See here | No |
| X | Microsoft Profile Manager | profile.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | Microsoft PSTCP32 Data | pstcp32.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft QMGR | msnqmgr.exe | Added by the IRCBOT-S TROJAN! | No |
| X | Microsoft RDLL | sysconf32.exe | Added by a variant of the SDBOT TROJAN! | No |
| X | Microsoft Redirect | [path to file] | Added by the BANKER-FW TROJAN! | No |
| X | Microsoft Redirect | systen.exe | Added by the BANCOS-FO TROJAN! | No |
| X | Microsoft Regestry Edit Manager | regedit.exe | Added by the SHEUR.HC TROJAN! | No |
| X | Microsoft Regestry Manager | regedit32.exe | Added by a variant of the IRCBOT.ARD WORM! | No |
| X | Microsoft Regestry Manager | registry32.exe | Added by the IRCBOT.ARD WORM! | No |
| X | Microsoft Registro | svchostt.exe | Added by the BANCOS-DH TROJAN! | No |
| X | Microsoft Registry | csrse.exe | Added by the RBOT-PC WORM! | No |
| X | MicroSoft Remote Secure Service | MSRSS.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Restore | scrgrd.exe | Added by the SPYBOT.BR WORM! | No |
| X | Microsoft Router Manager | linksys.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | Microsoft Router Manager | router.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | Microsoft Rundll | windos.exe | Added by the SDBOT-WF WORM! | No |
| X | Microsoft Runtime | CfgDll32.exe | Added by the RANDEX.BD WORM! | No |
| X | Microsoft Safe Mode Manager | safemode.exe | Added by the IRCBOT.HM BACKDOOR! | No |
| X | Microsoft Scanreg | microsoftscanreg.exe | Added by the FRANRIV.A WORM! | No |
| X | Microsoft SCVHOST32 Protocol | scvhost32.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft sddcE Contol | taskmnegr.exe | Added by the RBOT-AUM WORM! | No |
| X | Microsoft sdk temp | sdktemp.exe | Added by the RBOT-ANP WORM! | No |
| X | Microsoft SDKP3 | mswinsdq.exe | Added by the RBOT-ARY WORM! | No |
| X | Microsoft Secure Messenger.NET Service | securitychk.exe | Added by the SDBOT.VT WORM! | No |
| X | Microsoft Security | winService.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft security adviser | mssadv.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | Microsoft Security Center | savservices.exe | Added by the RBOT-ANU WORM! | No |
| X | Microsoft Security Center | wcsntfy.exe | Added by the SDBOT.BYD WORM! | No |
| X | Microsoft Security Controlers | fxsecues.exe | Added by a variant of the SDBOT WORM! | No |
| X | Microsoft Security GManagers | [random filename] | Added by a variant of the SDBOT WORM! | No |
| X | Microsoft Security Hot Fix Update | mshotfix.exe | Affilred adware | No |
| X | Microsoft Security Management | winnt.exe | Added by the RBOT-MQ WORM! | No |
| X | Microsoft Security Management | winserv.exe | Added by the RBOT-MJ WORM! | No |
| X | Microsoft Security Management | winamp.exe | Added by a variant of the RBOT WORM! Note - this is NOT the popular Winamp media player which resides in a "Winamp" subdirectory of the Program Files directory | No |
| X | Microsoft Security Management | wuauct1.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Security Management | bling.exe | Added by the RBOT.XL WORM! | No |
| X | Microsoft Security Management | sp2fix.exe | Added by the RBOT.UB WORM! | No |
| X | Microsoft Security Manager | winamp.exe | Added by the RBOT.TU WORM! Note - this is NOT the popular Winamp media player which is located in %ProgramFiles%\Winamp. This one is located in %System% | No |
| X | Microsoft Security Monitor Process | mssmp.exe | Added by the RBOT-FUB WORM! | No |
| X | Microsoft Security Monitor Process | mnsmp.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| X | Microsoft Security Monitor Process | msmp.exe | Detected by Trend Micro as the RBOT.GKQ WORM! See here | No |
| X | Microsoft Security Monitor Process | mssm32.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | Microsoft Security Monitor Process | lsas.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Microsoft Security Monitor Process | msword.exe | Detected by Kaspersky as the VIRUT.P VIRUS! See here | No |
| X | Microsoft Security Monitor Process | service.exe | Detected by PCTools as the DELF.BERW BACKDOOR! See here | No |
| X | Microsoft Security Monitor Process | svcchost.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Microsoft Security Monitor Process | windowsupdate.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Microsoft Security Monitor Process | [random filename] | Added by variants of the RBOT WORM! See here | No |
| X | Microsoft Security Monitor Process | com.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| X | Microsoft Security Monitor Process | exel.exe | Detected by Trend Micro as the SDBOT.AFX BACKDOOR! See here | No |
| X | Microsoft Security Monitor Process | firewall.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| X | Microsoft Security Monitor Process | flash.exe | Detected by Trend Micro as the EGGDROP.EE BACKDOOR! See here | No |
| X | Microsoft Security Monitor Process | hel.exe | Detected by Kaspersky as the EGGDROP.V BACKDOOR! See here | No |
| X | Microsoft Security Monitor Process | HelpMe.exe | Detected by Kaspersky as the VB.BJO TROJAN! See here | No |
| X | Microsoft Security Monitor Process | kar.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Microsoft Security Monitor Process | lindicracker.exe | Detected by Trend Micro as the BIFROSE.GR BACKDOOR! See here | No |
| X | Microsoft Security Monitor Process | mail.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| X | Microsoft Security Monitor Process | mmp.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| X | Microsoft Security Monitor Process | mssm32.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| X | Microsoft Security Monitor Process | mssmpi32.exe | Added by a variant of the RBOT WORM! See here | No |
| X | Microsoft Security Monitor Process | nitty.exe | Detected by Kaspersky as the RBOT.AEU BACKDOOR! See here | No |
| X | Microsoft Security Monitor Process | ofice.exe | Detected by Kaspersky as the VIRUT.N VIRUS! See here | No |
| X | Microsoft Security Monitor Process | point.exe | Detected by Trend Micro as the IRCBOT.AVP BACKDOOR! See here | No |
| X | Microsoft Security Monitor Process | princ.exe | Detected by Trend Micro as the HUPIGON.WTL TROJAN! See here | No |
| X | Microsoft Security Monitor Process | web.exe | Detected by Kaspersky as the EGGDROP.V BACKDOOR! See here | No |
| X | Microsoft Security Monitor Process | winsys32.exe | Detected by Kaspersky as the VIRUT.N VIRUS! See here | No |
| X | Microsoft Security Monitor Process | winsyss32.exe | Detected by Kaspersky as the RBOT.AEU BACKDOOR! See here | No |
| X | Microsoft Security Monitor Process | word.exe | Detected by Trend Micro as the EGGDROP.DC BACKDOOR! See here | No |
| X | Microsoft Security Panager | [filename] | Added by the RBOT-ANL WORM! | No |
| X | Microsoft Security Panagers | [random filename] | Added by the RBOT-AIG WORM! | No |
| X | Microsoft Security Panagers | zzoboony.exe | Added by the RBOT-AOI WORM! | No |
| X | Microsoft Security Process | wininit.exe | Added by the RBOT-FKM WORM! | No |
| X | Microsoft Security System | mssecsys.exe | Added by the IRCBOT-WJ TROJAN! | No |
| X | Microsoft Security Update | security32.exe | Added by the DELF-JJ TROJAN! | No |
| X | Microsoft Server | rserv.exe | Added by the AGOBOT.AVS WORM! | No |
| X | Microsoft Server Applacations | msnmsg.exe | Added by the AGOBOT.BBM WORM! | No |
| X | Microsoft Server Applacations | wuauct1.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Server Applacations | lsasss.exe | Added by the RBOT-AQQ WORM! | No |
| X | Microsoft Server Applacations | Q8See.exe | Added by the SPYBOT.GEN3 TROJAN! | No |
| X | Microsoft Server Applacations | cli.exe | Added by the RBOT-GAQ WORM! | No |
| X | Microsoft Server Application | Sound.exe | Added by the RBOT-NE WORM! | No |
| X | microsoft server base | lass.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Server Process | svhst32.exe | Added by the BCKDR-QHR BACKDOOR! | No |
| X | Microsoft Service | microhost.exe | Added by the RBOT-LC WORM! | No |
| X | Microsoft Service | winsvc.exe | Added by the SPYBOT-DB WORM! | No |
| X | Microsoft Service | rundll.exe | Added by the POPO-A WORM! Note - this is NOT the Windows system file of the same name as described here | No |
| X | Microsoft Service 32 | mssvc32.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | Microsoft Service 32 | sysddm32.exe | Added by the SDBOT.AKC WORM! | No |
| X | Microsoft Service Access Manager | Access.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Microsoft Service Boot | sboot.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | Microsoft Service Controller | services.exe | Added by the KALEL-D WORM! Note - this is not the legitimate services.exe process, which should not appear in Msconfig/Startup! | No |
| X | Microsoft Service Disk Cycle | disksave.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | Microsoft Service Drivers | System.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Service Drivers | VSADNIM.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Service Execution Manager | execute.exe | Added by a variant of the IRCBOT TROJAN! See here | No |
| X | Microsoft Service firewall Manager | firewall.exe | Added by a variant of the SDBOT WORM! | No |
| X | Microsoft Service Host Manager | 32svchost.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | Microsoft Service Host Process | svchost.exe | Added by the KRYNOS.B WORM! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "Help" subfolder of the Winnt or Windows folder | No |
| X | Microsoft Service Information | msnservices.exe | Added by the RBOT.ID WORM! | No |
| X | Microsoft Service Login Manager | winlogin.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | Microsoft Service Manager | service32.exe | Added by a variant of the RBOT WORM! See here | No |
| X | Microsoft Service Manager | winsvc.exe | Added by a variant of the RBOT WORM! See here | No |
| X | Microsoft Service Pack | WindowsSP.exe | Added by the RBOT-RF WORM! | No |
| X | Microsoft Service Pack2.1 | svchost2.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Services | lsserv.exe | Added by an unidentified VIRUS, WORM or TROJAN! | No |
| X | Microsoft Services | lssrv.exe | Added by the RBOT.CW WORM! | No |
| X | Microsoft Services | services.exe | Added by the ALETS TROJAN! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Windows or Winnt folder | No |
| X | Microsoft Services | lsrv.exe | Added by the RBOT-BK WORM! | No |
| X | Microsoft Services | svshost.exe | Added by the ALETS.B TROJAN! | No |
| X | Microsoft Services | bsc32.exe | Added by the BDOOR-AW BACKDOOR! | No |
| X | Microsoft Services | Smss32.exe | Added by the RBOT-AD WORM! | No |
| X | Microsoft Services | svssshost.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Services | module.exe | Added by the LAVITS WORM! | No |
| X | Microsoft Services | msmpserv.exe | Added by the IRCBOT.BKA BACKDOOR! | No |
| X | Microsoft Services Unitd | MSU32.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Servicez Manager | servicemgrz.exe | Added by the RBOT-ASN WORM! | No |
| X | Microsoft Session Manager Subsystem | smss.exe | Added by the KALEL-D WORM! Note - this is not the legitimate smss.exe process which should NOT appear in Msconfig/Startup! | No |
| X | Microsoft Setup Initializazion | localhost.exe | Added by a variant of the IRCBOT TROJAN! | No |
| N | Microsoft Sidewinder Game Controller Software | SWTRAY.EXE | MS SideWinder game controller system tray icon. Available via Start -> Programs | No |
| X | Microsoft Sinsup | odjiwjf.exe | Added by the RBOT-DN WORM! | No |
| X | Microsoft Software | sysinfo33.exe | Added by the RBOT.LS WORM! | No |
| X | microsoft software | ****.exe [* = random char] | Added by an unidentified WORM or TROJAN! | No |
| X | Microsoft software | cdaccess.exe | Added by the RBOT.ABK WORM! | No |
| X | Microsoft Software Update | nmon.exe | Added by the RBOT.HZ WORM! | No |
| X | Microsoft Sound Driver | sound32.exe | Added by a variant of the SPYBOT WORM! | No |
| X | Microsoft Sound Technology | winsound.exe | Added by the RBOT-AGG WORM! | No |
| N | Microsoft Sound Volume Tool | mssvol.exe | This is a Blue version of the yellow speaker icon on the system tray and is used to edit advanced Sound Features that the MS DSS80 Speakers add. Should be accessible via Start -> Settings -> Control Panel | No |
| X | Microsoft Sounds | soundman.exe | Added by the RBOT-GCI WORM! | No |
| X | Microsoft SourceSafe | csrss.exe | Added by the WEBUS TROJAN! Note - this worm replaces the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! | No |
| X | Microsoft SpA Service | msapps.exe | Added by the RBOT-VI WORM! | No |
| X | Microsoft SpA Service | win32.exe | Added by the RBOT.ATS WORM! | No |
| X | Microsoft SpA Service | Winupd32.exe | Added by the RBOT.LT WORM! | No |
| X | Microsoft Special offer | infoebay.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Spool ** Service | spool**.exe | Added by a variant of the IRCBOT TROJAN - where ** represents a 2 digit number | No |
| X | Microsoft Spool Server for Win32 | spoolsrv.exe | Added by the RANDEX.H WORM! | No |
| X | Microsoft Spool Svc | spoolsvc32.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| X | Microsoft Spooler Services | Spoolsv.exe | Added by a variant of the SPYBOT WORM! See here | No |
| X | MicroSoft ssas3s1 | SADASDA.exe | Detected by PCTools as the RBOT.URF WORM! See here | No |
| X | Microsoft SSISVRI32 Protocol | ssisvri.exe | Added by a variant of the SPYBOT WORM! | No |
| X | Microsoft Standard Executions Library | win32lib.exe | Added by the RBOT-AUK WORM! | No |
| X | Microsoft standard protector | winsocks5.exe | Added by the SMALL.CF TROJAN! | No |
| X | Microsoft standard protector | [path to trojan] | Added by the STOX-C TROJAN! | No |
| X | Microsoft startup | wmpIayer.exe | Added by the IRCBOT.ACI TROJAN! | No |
| X | Microsoft Stuff you know | winslogin.exe | Added by a variant of the SDBOT WORM! | No |
| X | Microsoft Sum32 | sum32.exe | Added by the RBOT-YW WORM! | No |
| X | Microsoft Support | sys32ms.exe | Added by the RBOT-AHI WORM! | No |
| X | microsoft support | svchostt.exe | Added by the AGOBOT.AWN WORM! | No |
| X | Microsoft SVC | mssvc.exe | Added by the BIFROSE-UQ TROJAN! | No |
| X | Microsoft Svchost local services | winoem.exe | Added by the RBOT-FPE WORM! | No |
| X | Microsoft Svchost local services | nzm23.exe | Added by the RBOT-GMC WORM! | No |
| X | Microsoft Svchost local services | msnserver.exe | Added by the RBOT-GPM WORM! | No |
| X | Microsoft Syn Manager | Manager.exe | Added by the SDBOT.BEF WORM! | No |
| X | Microsoft Synchronization Manager | asgard.exe | Added by the SDBOT-AEA WORM! | No |
| X | Microsoft Synchronization Manager | bot.exe | Added by the SDBOT.IH WORM! | No |
| X | Microsoft Synchronization Manager | netscape.exe | Added by the RANDEX.AE WORM! | No |
| X | Microsoft Synchronization Manager | slhost.exe | Added by the SDBOT.YH WORM! | No |
| X | Microsoft Synchronization Manager | svhost.exe | Added by the SDBOT-PY WORM! | No |
| X | Microsoft Synchronization Manager | WinLoginnn.exe | Added by the SPYBOT.FO WORM! | No |
| X | Microsoft Synchronization Manager | winupdate.exe | Added by the SDBOT.ER WORM! | No |
| X | Microsoft Synchronization Manager | xXx.exe | Added by the SDBOT-KZ WORM! | No |
| X | Microsoft Synchronization Manager | ___synmgr.exe | Added by the MASLAN.A or MASLAN.C WORMS! | No |
| X | Microsoft Synchronization Manager | al.exe | Added by the OPTXPRO.132 TROJAN! | No |
| X | Microsoft Synchronization Manager | win.exe | Added by the SDBOT.AK WORM! | No |
| X | Microsoft Synchronization Manager | java.exe | Added by a variant of the SDBOT WORM! | No |
| X | Microsoft Synchronization Manager | svchosts.exe | Added by the SDBOT-LM WORM! | No |
| X | Microsoft Synchronization Manager | winlogon32.exe | Added by the SDBOT.AEU WORM! | No |
| X | Microsoft Synchronization Manager | svxhost.exe | Added by the SDBOT-ZU WORM! | No |
| X | Microsoft Synchronization Manager | wincfg32.exe | Added by the SDBOT.DO WORM! | No |
| X | Microsoft Synchronization Manager | screen.exe | Added by the SDBOT-ACO WORM! | No |
| X | Microsoft Synchronization Manager | devldr32.exe | Added by a variant of the RBOT WORM! Note - do not confuse with the legitimate Creative Labs devldr32.exe file | No |
| X | Microsoft Synchronization Manager | explorer.exe | Added by the SDBOT-AEA WORM! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System% | No |
| X | Microsoft Synchronization Manager | firewire.exe | Added by the SDBOT-AFC WORM! | No |
| X | Microsoft Synchronization Manager | wmedia.exe | Added by the SDBOT.BFC WORM! | No |
| X | Microsoft Synchronization Manager | win932.exe | Added by the SDBOT.AH WORM! | No |
| X | MicroSoft sys32 | sysmsgr32.exe | Added by a variant of the SPYBOT WORM! See here | No |
| X | MicroSoft sys3s1 | h4ckn3t.exe | Detected by PCTools as the RBOT.QTY WORM! See here | No |
| X | Microsoft System | msupdtm.exe | Added by the SPYBOT.PKC WORM! | No |
| X | Microsoft System | mssys32.exe | Added by the PETTICK.A WORM! | No |
| X | Microsoft System | sys.exe | Added by the RBOT.AKI WORM! | No |
| X | Microsoft System Administration | system.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| X | Microsoft System Backup | [random filename] | Added by the RBOT-AGM WORM! | No |
| X | Microsoft System Checkup | Cool.exe | Added by the DONK.B WORM! | No |
| X | Microsoft System Checkup | Wnetlib.exe | Added by the DONK.C WORM! | No |
| X | Microsoft System Checkup | dbnetlib.exe | Added by the DONK.L WORM! | No |
| X | Microsoft System Checkup | Keymgr.exe | Added by the DONK.M WORM! | No |
| X | Microsoft System Checkup | inetman.exe | Added by the DONK.O WORM! | No |
| X | Microsoft System Checkup | ntsysmgr.exe | Added by the DONK.S WORM! | No |
| X | Microsoft System Checkup | ntsysman.exe | Added by the SDBOT-QW WORM! | No |
| X | Microsoft System Checkup | libsysmgr.exe | Added by the SDBOT-CAF WORM! | No |
| X | Microsoft System Checkup | sysmgr.exe | Added by the SDBOT-OO TROJAN! | No |
| X | Microsoft System Checkup | netapi32.exe | Added by the DONK-E WORM! | No |
| X | Microsoft System Checkup | wnetmgr.exe | Added by the DONK.Q WORM! | No |
| X | Microsoft System Checkup | libsys32.exe | Added by the SDBOT-ACK WORM! | No |
| X | Microsoft System Debug | services32.exe | Added by the RBOT.AKH WORM! | No |
| X | Microsoft System DLL Services Configuration | windir32.exe | Added by the SDBOT-ACY TROJAN! | No |
| X | Microsoft System File | svchots.exe | Added by the RBOT.BYU WORM! | No |
| X | Microsoft System Firewall 2006.2 | msmsgr.exe | Added by a variant of the SDBOT WORM! | No |
| X | Microsoft System Firewall 2006.2 | msnmsgr.exe | Added by a variant of the SDBOT WORM! Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %System% | No |
| X | Microsoft System Firewall 2006.2 | reg32.exe | Added by a variant of the SDBOT WORM! | No |
| X | Microsoft System Init | mtmnr0.exe | Added by the SDBOT.BR TROJAN! | No |
| X | Microsoft System Monitor | monsys.exe | Added by the IRCBOT-YV TROJAN! | No |
| X | Microsoft System Monitor | system.exe | Detected by Trend Micro as the IRCBOT.AUT TROJAN! See here | No |
| X | Microsoft System NT | svhost.exe | Added by the SDBOT.COU WORM! | No |
| X | Microsoft System Restore Configuration | CBRSS.EXE | Added by a variant of the SPYBOT WORM! | No |
| X | Microsoft System Saver | [path to worm] | Added by the RBOT.BSK WORM! | No |
| X | Microsoft System Security Agent | MSTSA.EXE | Added by the RBOT.CCM WORM! | No |
| X | Microsoft System Service | dnservice.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | Microsoft System Service | taskmgr1.exe | Added by a variant of the SPYBOT WORM! See here | No |
| X | Microsoft System Service | winIogon2.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | Microsoft System Service Device | mssdh.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | Microsoft System Services | msnmgsr.exe | Added by the KELVIR.K WORM! | No |
| X | Microsoft System Services | msmsgr.exe | Added by the RBOT-ZH WORM! | No |
| X | Microsoft System Update | sysupdate.exe | Added by the SDBOT.DG WORM! | No |
| X | Microsoft system Value | sys57.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft System32 Update | cmsrg.exe | Added by the RBOT-GN WORM! | No |
| X | Microsoft Task Manager Daemon | spoolsrv.exe | Added by the SDBOT.FLL WORM! | No |
| X | Microsoft task tray monitor | ctray.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Task32 Protocol | taskmgr32.exe | Added by a variant of the SDBOT WORM! | No |
| X | Microsoft Taskmanager Updater | keyboard.exe | Added by the RBOT-ALU WORM! | No |
| X | Microsoft TCP Protocol | wintcp32.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | Microsoft TCP/IP Connection Monitor | svchost32.exe | Added by the RBOT.KS WORM! | No |
| X | Microsoft Telecom Center | tellecom.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Telecoma Center | tellcoma.exe | Added by the RBOT-AWX WORM! | No |
| X | Microsoft Telecoms Center | telcoms.exe | Added by the IRCBOT.GEN WORM! | No |
| X | Microsoft Telecoms Center | xpfilesys.exe | Added by the RBOT.BCJ TROJAN! | No |
| X | Microsoft Telecoms Center | winupn.exe | Added by a variant of the SDBOT WORM! | No |
| X | Microsoft Telecoms Center | svcchost.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Time Manager | dveldr.exe | Added by the RBOT-HQ WORM! | No |
| X | MicroSoft Toolbar | key.exe | Added by the RBOT-AEW WORM! | No |
| X | Microsoft Transfer File Server | mtfs.exe | Added by the RBOT.AFE WORM! | No |
| X | Microsoft Tray | [random filename] | Added by the DELF.BZ TROJAN! | No |
| X | Microsoft TTL Verifier | msttl.exe | Added by the RBOT-GAP WORM! | No |
| X | Microsoft U | wuamkopxp.exe | Added by the RBOT-AHC WORM! | No |
| X | Microsoft UMA Update | MSuma32.exe | Added by the RBOT.FS WORM! | No |
| X | MICROSOFT UNPACCKER SYSTEM | unpak32.exe | Added by a variant of the RBOT WORM! | No |
| X | MICROSOFT UNPACK SYSTEM | winrarx.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Updat3 | mswkst32.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Update | Microsoft.exe | Added by the GAOBOT.AFJ WORM! | No |
| X | Microsoft Update | mssmgrd.exe | Added by the SDBOT.JT WORM! | No |
| X | Microsoft Update | mvsc.exe | Added by the SPYBOT.DAZ WORM! | No |
| X | Microsoft Update | ascdl.exe | Added by the GAOBOT.SY WORM! | No |
| X | Microsoft Update | Isac.exe | Added by the RBOT-AU WORM! | No |
| X | Microsoft Update | automgr32.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Update | mediap.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Update | Microsoftx.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Update | msconfg.exe | Added by the RBOT.H WORM! | No |
| X | Microsoft Update | Mslti32.exe | Added by the RBOT-LX WORM! | No |
| X | Microsoft Update | muamgrd.exe | Added by a variant of the AGOBOT/GAOBOT WORM! | No |
| X | Microsoft Update | navmgrd.exe | Added by the SDBOT.DP TROJAN! | No |
| X | Microsoft Update | Smss32.exe | Added by the RBOT-CB WORM! | No |
| X | Microsoft Update | sys32cfg.exe | Added by the RBOT.DR WORM! | No |
| X | Microsoft Update | VPC32.EXE | Added by the AGOBOT.XM WORM! | No |
| X | Microsoft Update | winsys32.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Update | wuamgrd.exe | Added by the RBOT-LK WORM! | No |
| X | Microsoft Update | wuammgr32.exe | Added by the RBOT-AW WORM! | No |
| X | Microsoft Update | wudmate.exe | Added by the RBOT.AP WORM! | No |
| X | Microsoft Update | msawindows.exe | Added by the GAOBOT.AFJ WORM! | No |
| X | Microsoft Update | msiwin84.exe | Added by the GAOBOT.AFJ WORM! | No |
| X | Microsoft Update | wuamgrd32.exe | Added by the RBOT.ZB WORM! | No |
| X | Microsoft Update | NAV.exe | Added by the RBOT-IV WORM! | No |
| X | Microsoft Update | systemi32.exe | Added by a variant of the SPYBOT WORM! | No |
| X | Microsoft Update | xpupdate.exe | Added by the RBOT-QE WORM! | No |
| X | Microsoft Update | webm.exe | Added by the SDBOT.WK WORM! | No |
| X | Microsoft Update | wuagrd.exe | Added by the RBOT-FK WORM! | No |
| X | Microsoft Update | aaupdt.exe | Added by the RBOT-RQ WORM! | No |
| X | Microsoft Update | lsac.exe | Added by the GAOBOT.XW WORM! | No |
| X | Microsoft Update | Mupdate.exe | Added by the RBOT-AG WORM! | No |
| X | Microsoft Update | prowind32.exe | Added by a variant of the AGOBOT/GAOBOT WORM! | No |
| X | Microsoft Update | snlogsvc.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Update | svhost.exe | Added by the RBOT-PI WORM! | No |
| X | Microsoft Update | wauguard.exe | Added by the RBOT.AEE WORM! | No |
| X | Microsoft Update | winscv.exe | Added by the RBOT-BH WORM! | No |
| X | Microsoft Update | winsys.exe | Added by the RBOT-GV WORM! | No |
| X | Microsoft Update | wserv32.exe | Added by the RBOT.AF WORM! | No |
| X | Microsoft Update | wtm32.exe | Added by the RBOT-AQ WORM! | No |
| X | Microsoft Update | wumgrd.exe | Added by the SDBOT-KY WORM! | No |
| X | Microsoft Update | wuampd.exe | Added by the RBOT-UT WORM! | No |
| X | Microsoft Update | msupdate32.exe | Added by a variant of the SPYBOT WORM! | No |
| X | Microsoft Update | Botnet.exe | Added by the RBOT.AFL WORM! | No |
| X | Microsoft Update | sghost.exe | Added by the SDBOT.AKV WORM! | No |
| X | Microsoft Update | update_w.exe | Added by the RBOT-EW WORM! | No |
| X | Microsoft Update | windows24.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Update | wingrd32.exe | Added by the RBOT-DW WORM! | No |
| X | Microsoft Update | wssvr.exe | Added by the RBOT-OD WORM! | No |
| X | Microsoft Update | wuamagr32.exe | Added by the SPYBOT.CG WORM! | No |
| X | Microsoft Update | WinUpdate32.exe | Added by the RBOT-TI WORM! | No |
| X | Microsoft Update | wkfix.exe | Added by the RBOT-ABZ WORM! | No |
| X | Microsoft Update | Kkk.exe | Added by the RBOT-AHL WORM! | No |
| X | Microsoft Update | mcupdate.exe | Added by the RBOT.XT WORM! Note - this file is located in the WindowsSystem32 or WinntSystem32 folder, and should not be confused with the McAfee antivirus executable as described here | No |
| X | Microsoft Update | Micr0s0ft.exe | Added by the AGOBOT.AAR WORM! | No |
| X | Microsoft Update | Msnmsngr.exe | Added by the RBOT.BQS WORM! | No |
| X | Microsoft Update | msupdate32.exe | Added by the SPYBOT.LZ WORM! | No |
| X | Microsoft Update | scvhost.exe | Added by the RBOT-AEM WORM! | No |
| X | Microsoft Update | svghost.exe | Added by the RBOT.BUJ WORM! | No |
| X | Microsoft Update | sys.exe | Added by the RBOT-AJ WORM! | No |
| X | Microsoft Update | up2dat5.exe | Added by a variant of the SDBOT WORM! | No |
| X | Microsoft Update | winamp.exe | Added by a variant of the RBOT WORM! Note - this is NOT the popular Winamp media player | No |
| X | Microsoft Update | win-mang.exe | Added by the RBOT-AFK WORM! | No |
| X | Microsoft Update | winupdater.exe | Added by the RBOT.BIN WORM! | No |
| X | Microsoft Update | wuamk0032.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Update | wuamk032.exe | Added by the RBOT-AHD WORM! | No |
| X | Microsoft Update | wuamk0p32.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Update | wuamkop.exe | Added by the RBOT-AFI WORM! | No |
| X | Microsoft Update | wuamkop32.exe | Added by the RBOT.BGU WORM! | No |
| X | Microsoft Update | wuampkd.exe | Added by the SDBOT.BBX WORM! | No |
| X | Microsoft Update | svzhost.exe | Added by the RBOT.OX WORM! | No |
| X | Microsoft Update | win32.exe | Added by a variant of the SDBOT WORM! | No |
| X | Microsoft Update | wininit.exe | Added by the RBOT-AKR WORM! | No |
| X | Microsoft Update | wuamgrd3.exe | Added by the RBOT-AMC WORM! | No |
| X | Microsoft Update | Wudates.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Update | ms.exe | Added by the SDBOT.CC WORM! | No |
| X | Microsoft Update | wuagmsd.exe | Added by the RBOT-AX WORM! | No |
| X | Microsoft Update | cmss.exe | Added by the RBOT-ATQ WORM! | No |
| X | Microsoft Update | wuamgrb.exe | Added by the RBOT-AZE WORM! | No |
| X | Microsoft Update | WINDOC.EXE | Added by the SDBOT.PF WORM! | No |
| X | Microsoft Update | phqghumea.exe | Added by the SDBOT.AFO WORM! | No |
| X | Microsoft Update | system32.exe | Added by the RBOT.IS WORM! | No |
| X | Microsoft Update | bling.exe | Added by the RBOT-AVK WORM! | No |
| X | Microsoft Update | Sygate.exe | Added by a variant of the SDBOT WORM! | No |
| X | Microsoft Update | update.exe | Added by a variant of the SDBOT WORM! | No |
| X | Microsoft Update | WinDrv32.exe | Added by the RBOT.EGW WORM! | No |
| X | Microsoft Update | devmks32.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft update | winupdate.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Update | msupdate.exe | Added by the BOROBOT-I TROJAN! | No |
| X | Microsoft Update | mixer.exe | Added by the RBOT-AIR WORM! | No |
| X | Microsoft Update | taskmgr32.exe | Added by the RBOT-CV WORM! | No |
| X | Microsoft Update | drive.exe | Added by the BIFROSE-PN WORM! | No |
| X | Microsoft Update | wangard.exe | Added by the RBOT-LH WORM! | No |
| X | MICROSOFT UPDATE | WUAGTRD.EXE | Added by the RBOT-CJ WORM! | No |
| X | Microsoft Update | spool.exe | Added by the AGENT-GJC TROJAN! | No |
| X | Microsoft Update | bnmveqfts.exe | Detected by Kaspersky as the BANLOAD.KWQ TROJAN! See here | No |
| X | Microsoft Update | dqbxhupdt | Added by a variant of the SDBOT WORM! See here | No |
| X | Microsoft Update | enule.exe | Detected by Kaspersky as the IRCBOT.DU BACKDOOR! See here | No |
| X | Microsoft Update | explorer.exe | Detected by Kaspersky as the RBOT.AEU BACKDOOR! See here. Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System% | No |
| X | Microsoft Update | imchemaoa.exe | Detected by Kaspersky as the BANLOAD.KWQ TROJAN! See here | No |
| X | Microsoft Update | livemessenger.com | Added by the ADLOAD-LN TROJAN! | No |
| X | Microsoft Update | msnmsgl.exe | Added by a variant of the SPYBOT WORM! See here | No |
| X | Microsoft Update | nnwyaupdt | Detected by Kaspersky as the RBOT.RHK BACKDOOR! See here | No |
| X | Microsoft Update | ntservice.exe | Added by the AGENT-DIS TROJAN! | No |
| X | Microsoft Update | rundll32.dll | Detected by Kaspersky as the CIADOOR.GN BACKDOOR! See here | No |
| X | Microsoft Update | wuamgrdx.exe | Added by a variant of the SPYBOT WORM! See here | No |
| X | Microsoft Update | wutr.exe | Added by the SPYBOT.AAR WORM! | No |
| X | Microsoft Update | SetPoints.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| X | Microsoft Update | system.exe | Detected by Kaspersky as a variant of the RBOT BACKDOOR! See here | No |
| X | Microsoft Update | service.exe | Added by a variant of the RBOT WORM! See here | No |
| X | Microsoft Update 23 | NtKernelSystem.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Update 23 | spoolvs.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Update 32 | explore32.exe | Added by the SPYBOT.CYM WORM! | No |
| X | Microsoft Update 32 | MSupdate32.exe | Added by a variant of the SPYBOT WORM! | No |
| X | Microsoft Update 32 | wininit.exe | Added by the RBOT-ANY WORM! | No |
| X | Microsoft Update 32 | wininit32.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Update 32 | [path to file] | Added by the RBOT-AJJ WORM! | No |
| X | Microsoft Update 32 | mscnfg.exe | Added by the RBOT-ALM WORM! | No |
| X | Microsoft Update 32 | servic.exe | Added by the RBOT-AXN WORM! | No |
| X | Microsoft Update 32 | winitXP32.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Update 32 | mssetup32.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Update 32 | wiit.exe | Added by the RBOT-AMS WORM! | No |
| X | Microsoft Update 32 | explorer.exe | Added by the RBOT-ARF WORM! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System% | No |
| X | Microsoft Update 32 | network.exe | Added by the RBOT-ARZ WORM! | No |
| X | Microsoft Update 32 | om4r.exe | Added by the RBOT-AQP WORM! | No |
| X | Microsoft Update 32 | winin.exe | Added by the RBOT-ARR WORM! | No |
| X | Microsoft Update 32 | wuinit.exe | Added by the AGOBOT-UE WORM! | No |
| X | Microsoft Update 32 | neta.exe | Added by the RBOT-AMI WORM! | No |
| X | Microsoft Update 32 | spoolvs.exe | Added by the RBOT-BBQ WORM! | No |
| X | Microsoft Update 32 | rundll32.exe | Detected by Kaspersky as the RBOT.AIE BACKDOOR! See here. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| X | Microsoft Update 32 | taskMangr.exe | Detected by Kaspersky as the RBOT.AIE BACKDOOR! See here | No |
| X | Microsoft Update 33 | init.exe | Added by the RBOT-ATT WORM! | No |
| X | Microsoft Update 64 BIT | wininit32.exe | Added by the RBOT-AHE WORM! | No |
| X | Microsoft Update 64 BIT | winman32.exe | Added by the RBOT-AKI WORM! | No |
| X | Microsoft Update 64 BIT | schvost.exe | Added by the RBOT.CAU WORM! | No |
| X | Microsoft Update 64 BIT | winl32xe.exe | Added by the RBOT-AQO WORM! | No |
| X | MICROSOFT UPDATE CONFIGURATION | WIN32SNC.EXE | Added by the RBOT-AI WORM! | No |
| X | Microsoft Update Control | Ms64.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Update Debugger | wincfg32.exe | Added by the SPYBOT.ZC WORM! | No |
| X | Microsoft Update Device | flolo.exe | Added by a variant of the SPYBOT WORM! See here | No |
| X | Microsoft Update Device Drivers | wuauclt.exe | Added by a variant of the SDBOT WORM! Note - this is not the legitimate wuauclt.exe process, which should not appear in Msconfig/Startup! | No |
| X | Microsoft Update DLL | rxxhost.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Update Drivers | explorers.exe | Added by a variant of the SDBOT WORM! | No |
| X | Microsoft Update Emulator | kern-mxe.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Update Loader | [random filename] | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Update Loaders 2005 | winusers.exe | Added by the RBOT-AIQ WORM! | No |
| X | Microsoft Update Loaders 2006 | winusersystem32.exe | Added by a variant of the AGOBOT/GAOBOT WORM! | No |
| X | Microsoft Update Machine | expl0rer.exe | Added by the SDBOT.OK WORM! | No |
| X | Microsoft Update Machine | rxhost.exe | Added by the RBOT.FC WORM! | No |
| X | Microsoft Update Machine | servicz.exe | Added by the RBOT-HU WORM! | No |
| X | Microsoft Update Machine | SP2.exe | Added by the SPYBOT.FP WORM! | No |
| X | Microsoft Update Machine | winini.exe | Added by the RBOT-KV WORM! | No |
| X | Microsoft Update Machine | xvshost.exe | Added by the RBOT.QP WORM! | No |
| X | Microsoft Update Machine | memstat.exe | Added by the RBOT-OM WORM! | No |
| X | Microsoft Update Machine | ntce.exe | Added by the RBOT-FA WORM! | No |
| X | Microsoft Update Machine | system03.exe | Added by the RBOT-NM WORM! | No |
| X | Microsoft Update Machine | wuawx.exe | Added by the RBOT-CE WORM! | No |
| X | Microsoft Update Machine | zonealarm.exe | Added by the RBOT-BZ WORM! Note - this is not the valid Zone Labs firewall program! | No |
| X | Microsoft Update Machine | systemll.exe | Added by the RBOT-JT WORM! | No |
| X | Microsoft Update Machine | winupdt.exe | Added by the RBOT-FP WORM! | No |
| X | Microsoft Update Machine | svshost.exe | Added by the RBOT.AK WORM! | No |
| X | Microsoft Update Machine | wuamgd.exe | Added by the SDBOT.HQ WORM! | No |
| X | Microsoft Update Machine | wupdt32x.exe | Added by a variant of the SDBOT WORM! | No |
| X | Microsoft Update Machine | [random filename] | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Update Machine | linux.exe | Added by the RBOT-IM WORM! | No |
| X | Microsoft Update Machine | lmrss.exe | Added by the RBOT-DY WORM! | No |
| X | Microsoft Update Machine | windowsu.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Update Machine | wininigo.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Update Machine | winmgr.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Update Machine | Winmsixp32.exe | Added by the RBOT.DN WORM! | No |
| X | Microsoft Update Machine | Winregs32.exe | Added by the RBOT.DN WORM! | No |
| X | Microsoft Update Machine | winxpini.exe | Added by the RBOT-OB WORM! | No |
| X | Microsoft Update Machine | wuamgrd.exe | Added by the RBOT-HE WORM! | No |
| X | Microsoft Update Machine | wuagrd.exe | Added by the RBOT-GF WORM! | No |
| X | Microsoft Update Machine | LANWAKE.EXE | Added by the RBOT-QZ WORM! | No |
| X | Microsoft Update Machine | scvhost.exe | Added by the RBOT-GS WORM! | No |
| X | Microsoft Update Machine | winhost.exe | Added by the RBOT-GK WORM! | No |
| X | Microsoft Update Machine | winss.exe | Added by the RBOT.JU WORM! | No |
| X | Microsoft Update Machine | WUAMGRDXS.EXE | Added by the RBOT-GL WORM! | No |
| X | Microsoft Update Machine | crss32.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Update Machine | lsasse.exe | Added by the RBOT-DI WORM! | No |
| X | Microsoft Update Machine | qwerty.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Update Machine | rxxhost.exe | Added by the RBOT.EP WORM! | No |
| X | Microsoft Update Machine | servicez.exe | Added by the SPYBOT.BI WORM! | No |
| X | Microsoft Update Machine | spoolserv.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Update Machine | Systemnt.exe | Added by the RBOT.DA WORM! | No |
| X | Microsoft Update Machine | systemse.exe | Added by the RBOT-BD WORM! | No |
| X | Microsoft Update Machine | taskmngrs.exe | Added by the RBOT-CR WORM! | No |
| X | Microsoft Update Machine | windowsup.exe | Added by the RBOT-FV WORM! | No |
| X | Microsoft Update Machine | wuamgard.exe | Added by the SPYBOT.CS WORM! | No |
| X | Microsoft Update Machine | wupdate32.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Update Machine | system.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Update Machine | TMEMSER.EXE | Added by the RBOT-NQ WORM! | No |
| X | Microsoft Update Machine | winnie.exe | Added by the RBOT-ACD WORM! | No |
| X | Microsoft Update Machine | winortho.exe | Added by the RBOT-NW WORM! | No |
| X | Microsoft Update Machine | wins32.exe | Added by the RBOT.EZ WORM! | No |
| X | Microsoft Update Machine | serviz.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Update Machine | TASKMAN4.EXE | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Update Machine | wftestb.exe | Added by the RBOT-AFZ WORM! | No |
| X | Microsoft Update Machine | Win32.exe | Added by the SDBOT.UV WORM! | No |
| X | Microsoft Update Machine | windns.exe | Added by the RBOT.EF WORM! | No |
| X | Microsoft Update Machine | MSOICONS.EXE | Added by the RBOT.AWS WORM! Note - do no confuse with the legitimate Msoicons.exe file described here. The latter should not normally figure in Msconfig/Startup! | No |
| X | Microsoft Update Machine | WINSVC32.EXE | Added by the RBOT.CU WORM! | No |
| X | Microsoft Update Machine | ntsystem.exe | Added by the RBOT.GF WORM! | No |
| X | Microsoft Update Machine | winupdte.exe | Added by the RBOT-GKL WORM! | No |
| X | Microsoft Update Machine | jkfrnz.exe | Added by the RBOT-GOZ WORM! | No |
| X | Microsoft Update Machine | wlimyc.exe | Added by the RBOT-GQN WORM! | No |
| X | Microsoft Update Machine | xagwxzy.exe | Added by the RBOT.S WORM! | No |
| X | Microsoft Update Machine | jkydxg.exe | Detected by Kaspersky as the RBOT.AEA BACKDOOR! See here | No |
| X | Microsoft Update Machine | opmmve.exe | Detected by Kaspersky as the KOLABC.DES WORM! See here | No |
| X | Microsoft Update Machine | paxrxo.exe | Detected by McAfee as the PUSHBOT.A WORM! See here | No |
| X | Microsoft Update Machine | psmszw.exe | Detected by Trend Micro as the KOLABC.CC WORM! See here | No |
| X | Microsoft Update Machine | syadpo.exe | Detected by Kaspersky as the CIADOOR.GN BACKDOOR! See here | No |
| X | Microsoft Update Machine | systemi.exe | Detected by McAfee as the PUSHBOT.A WORM! See here | No |
| X | Microsoft Update Machine | thvfyq.exe | Detected by Kaspersky as the RBOT.AEA BACKDOOR! See here | No |
| X | Microsoft Update Machine | ubthec.exe | Detected by Kaspersky as the AGENT.AWZ TROJAN! See here | No |
| X | Microsoft Update Manager | WINRLS.EXE | Added by the RBOT-AF WORM! | No |
| X | Microsoft Update Manager | svshost.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Update Manager | scvhost.exe | Added by the AGOBOT.AXJ WORM! | No |
| X | Microsoft Update Manager | scvideo.exe | Added by the SDBOT-CVP TROJAN! | No |
| X | Microsoft Update Mechene | Updatez.exe | Added by the RBOT-GI WORM! | No |
| X | Microsoft Update Module | rundll24.exe | Added by the RBOT-PS WORM! | No |
| X | Microsoft Update Process | wmipcvse.exe | Added by the AGOBOT-JF TROJAN! | No |
| X | Microsoft Update Security Patch | mssecurityupdatepatch.exe | Added by the AGENT.EF TROJAN! | No |
| X | Microsoft Update Server | mssrv.exe | Added by an unidentified VIRUS, WORM or TROJAN! | No |
| X | Microsoft Update Service | csrss32.exe | Added by the AGOBOT-HC WORM! | No |
| X | Microsoft Update Service | mswin32.exe | Added by a variant of the SPYBOT WORM! | No |
| X | Microsoft update service | systemm.exe | Added by a variant of the SDBOT WORM! | No |
| X | Microsoft Update SERVICE | phqghum.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Update Service | msupdate.pif | Added by the RBOT-AQB WORM! | No |
| X | Microsoft Update Services | wcsnfty.exe | Added by the RBOT-AGK WORM! | No |
| X | Microsoft Update Services | wsnfty.exe | Added by the RBOT-AFU WORM! | No |
| X | Microsoft Update Time | wuam.exe | Added by the RBOT-M WORM! | No |
| X | Microsoft Update USB2 | wuammgrd32.exe | Added by the RBOT-ADT WORM! | No |
| X | Microsoft Update v2.6 | lxxex.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Update Win32a | winupdate32a.exe | Added by the RBOT-LO WORM! | No |
| X | Microsoft Update Win32x | winupdate32x.exe | Added by the RBOT-AJN WORM! | No |
| X | Microsoft Updater | Winsys32.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Updater | msconsole.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | Microsoft Updater | svhost.exe | Detected by Kaspersky as the AGENT.CDF TROJAN! See here | No |
| X | Microsoft Updater | vbcjlg.exe | Added by a variant of the SPYBOT WORM! See here | No |
| X | Microsoft Updater | wuamgrds.exe | Added by the RBOT.A WORM! | No |
| X | Microsoft Updater Resources | WinFixd32.exe | Added by the SPYBOT.CA WORM! | No |
| X | Microsoft UPDATER32 | lsass.exe | Added by the RANDEX.AR WORM! Note - this is not the legitimate Lsass.exe system file should normally NOT figure in Msconfig/Startup! | No |
| X | Microsoft UPDATER32 | LSASS32.EXE | Added by the RANDEX.AR WORM! | No |
| X | Microsoft Updaters | tskmgr.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Updaters | sysconfigs.exe | Added by the RBOT-DF TROJAN! | No |
| X | Microsoft Updaters Pros | WINDLL32XP.EXE | Added by the SPYBOTTER.GEN VIRUS! | No |
| X | Microsoft Updates | systemc32.exe | Added by the RBOT-GR WORM! | No |
| X | Microsoft Updates | wkssvr.exe | Added by the RBOT.R WORM! | No |
| X | Microsoft Updates | wkssvrs.exe | Added by the RBOT-EB WORM! | No |
| X | Microsoft Updates | wuamgrd.exe | Added by the RBOT-CO WORM! | No |
| X | Microsoft Updates | wtemp32.exe | Added by the RBOT-AHQ WORM! | No |
| X | Microsoft Updates | svehost.exe | Added by the RBOT-GRW WORM! | No |
| X | Microsoft Updates | svshost.exe | Added by the AGOBOT-AIW WORM! | No |
| X | Microsoft Updates | svdhost.exe | Added by the RBOT-GVH WORM! | No |
| X | Microsoft Updates | service.exe | Detected by Kaspersky as the POISON.HPT BACKDOOR! See here | No |
| X | Microsoft Updates 2 USB | wgafixer.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Updates 5 USB | sp3fixer.exe | Added by the RBOT-ADS WORM! | No |
| X | Microsoft Updates Resources | WinFixIDs.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Updating | navguard.exe | Added by the RBOT.HW WORM! | No |
| X | Microsoft Updating | syswr.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Updating | wuamguards.exe | Added by the RBOT-BY WORM! | No |
| X | Microsoft Updating Client | websvc.exe | Added by the RBOT.AQ WORM! | No |
| X | Microsoft Updating Machine | sysc0de.exe | Added by the RBOT.RB WORM! | No |
| X | Microsoft Updatting | miroupdate.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Updote | [random filename] | Added by the RBOT-ARC WORM! | No |
| X | Microsoft UpMachine | doezs.exe | Added by the RBOT.BCT WORM! | No |
| X | Microsoft upnp Update | msie.exe | Added by the RBOT-LQ WORM! | No |
| X | Microsoft uptime Service | sysuptime.exe | Added by the RBOT-ACG WORM! | No |
| X | Microsoft uptime Service | sycuptime.exe | Added by the RBOT-AHY WORM! | No |
| X | Microsoft UpToDate Driver (32-bits) | [random filename].exe | Added by the SPYBOT.LXJ WORM! | No |
| X | Microsoft Urlmon | urlmon.exe | Added by the AGENT-GOO TROJAN! | No |
| X | Microsoft USA Plug | usaplug.exe | Added by the RBOT-DVC WORM! | No |
| X | Microsoft USB2 Driver | crmss.exe | Added by the RBOT-VK WORM! | No |
| X | Microsoft usnsvc Service | usnsvc.exe | Added by a variant of the KOBOT-C WORM! | No |
| N | Microsoft Utility Startup | OSA9.exe | Application which launches common MS Office components to help speed up the launch of Office programs. It's somewhat of a resource hog, and some users claim there's no difference with or without it but it usually isn't required. Note - if you make use of the Microsoft Office Shortcut Bar outside an office program this application will need to be enabled for it to show | No |
| X | Microsoft Values | igfkishc.exe | Added by the RBOT-GLO WORM! | No |
| X | Microsoft Vertupdate | MSvert32.exe | Added by the MYTOB-CY WORM! | No |
| X | Microsoft Video Capture Controls | MSsrvs32.exe | Added by the SDBOT-AAK WORM! | No |
| X | Microsoft Video Controls | tskmsgr.exe | Added by a variant of the SPYBOT WORM! | No |
| X | Microsoft Viewer Monitor Manager | viewmon.exe | Added by the XPAK.A TROJAN! | No |
| X | Microsoft Virtual Service Manager | vservice32.exe | Added by the MSNWORM.T WORM! | No |
| X | Microsoft Virual Machine | sms.exe | Added by the RBOT-SP WORM! | No |
| X | Microsoft Vista Upgrade Validation Service | cfmon.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| X | Microsoft Visual Application | vpcrtf.exe | Added by the IRCBOT-XJ TROJAN! | No |
| X | Microsoft Visual SourceSafe | services.exe | Added by the NEVEG.B or NEVEG.C WORMS! Note - this is not the legitimate services.exe process, which should not appear in Msconfig/Startup! | No |
| X | Microsoft Visual SourceSafe | winlogon.exe | Added by the NEVEG.A WORM! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup! | No |
| X | MicroSoft Visual SP2 | igfxsrvc32.exe | Added by the SDBOT.GAV WORM! | No |
| X | Microsoft Visual Studio | plscdksxg.exe | Added by the RBOT-AWV WORM! | No |
| X | Microsoft Visual Studio VSA | varpc32.exe | Added by a variant of the SPYBOT WORM! | No |
| X | Microsoft Web CP Manager | webcp32.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Microsoft Web Device | wdevice.exe | Added by a variant of the SDBOT WORM! | No |
| X | Microsoft web update | webmsn.exe | Added by the RBOT-EMQ WORM! | No |
| U | Microsoft Webserver | svctrl.exe | Personal web server program which enables you to create and host a web server from your computer. Not required for most people | No |
| X | Microsoft Win Corp TLS Verification | mswintls.exe | Added by the RBOT-GCT WORM! | No |
| X | Microsoft WIN32 DOS | MSdos32.exe | Added by a variant of the SDBOT WORM! | No |
| X | Microsoft WIN32 Security | MSsec32.exe | Added by the RBOT-DOQ TROJAN! | No |
| X | MicroSoft Wind0ws Updater | winsupdater.exe | Added by a variant of the RBOT WORM! | No |
| X | MicroSoft Window Updater | winsupdater.exe | Added by the RBOT-ZZ WORM! | No |
| X | Microsoft Windows | mstask0.exe | Added by the SDBOT.FQ WORM! | No |
| X | Microsoft Windows | atup | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Windows | Microsoft Windows.hta | HTA file which creates an executable on the hard drive which subsequently proceeds to download files from a malware site! | No |
| X | Microsoft Windows | explorar.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Windows | [path to file] | Added by the BDOOR-LI BACKDOOR! | No |
| X | Microsoft Windows | bootini.exe | Added by the VANEBOT-K WORM! | No |
| X | Microsoft Windows | Kernel.exe | Added by the EDIBARA-A VIRUS! | No |
| X | Microsoft Windows | Kernel.vbs | Added by the EDIBARA-A VIRUS! | No |
| X | Microsoft Windows | pwjbvphi.exe | Added by the RBOT-GQK WORM! | No |
| X | Microsoft Windows (D) | iexplore.exe | Identified as a variant of the TrojanSpy.Agent malware | No |
| X | Microsoft Windows 128bit Subsystem | system12.exe | Added by the RANCK-CZ TROJAN! | No |
| X | Microsoft Windows 16Bit | mswinn16.exe | Added by a variant of the SPYBOT WORM! | No |
| X | Microsoft Windows 2000 | Winupdsdgm.exe | Added by the GAOBOT.AO WORM! | No |
| X | Microsoft Windows 32 Update | win32update.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | Microsoft Windows 32Bit | mswinn32.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Windows 64 Bit | mswin32.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Windows Adapter 5.1.3214 | [worm filename].exe | Added by the STRAT.GEN-3 WORM! | No |
| X | Microsoft Windows Client Firewall | msclt.exe | Added by the VANEBOT-F WORM! | No |
| X | Microsoft Windows Communicator for NT/XP | wincomm.exe | Added by the RBOT.ATH WORM! | No |
| X | Microsoft Windows Config 32 | win32conf.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Windows Control | mswctl32.exe | Added by the RBOT.JP WORM! | No |
| X | Microsoft Windows CSRSS | csrss.exe | Added by the KALEL-A WORM! Note - this worm replaces the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! | No |
| X | Microsoft Windows DHCP | ___r.exe | Added by the MASLAN.A or MASLAN.C WORMS! | No |
| X | Microsoft Windows DLL 32-BIT | msncheck32.exe | Added by the SDBOT-XX WORM! | No |
| X | Microsoft Windows DLL Services | mwindll.exe | Added by the SDBOT-VX WORM! | No |
| X | Microsoft Windows DLL Services Configuration | newdll.exe | Added by the SDBOT-ZR WORM! | No |
| X | Microsoft Windows DLL Services Configuration | newdll2.exe | Added by the SDBOT-ABD WORM! | No |
| X | Microsoft Windows DLL Services Configuration | poker.exe | Added by the SDBOT-ZY WORM! | No |
| X | Microsoft Windows DLL Services Configuration | poker3.exe | Added by the SDBOT-AAH WORM! | No |
| X | Microsoft Windows DLL Services Configuration | proxy.exe | Added by the SDBOT-ZL WORM! | No |
| X | Microsoft Windows DLL Services Configuration | windir32.exe | Added by the SDBOT.BHF WORM! | No |
| X | Microsoft Windows DLL Services Configuration | windir32a.exe | Added by a variant of the SDBOT.BHF WORM! | No |
| X | Microsoft Windows DLL Services Configuration | windll32.exe | Added by the SDBOT.BHD WORM! | No |
| X | Microsoft Windows DLL Services Configuration | winDSL.exe | Added by the SDBOT-ZG WORM! | No |
| X | Microsoft Windows DLL Services Configuration | dllmanager32.exe | Added by the SDBOT-BTU WORM! | No |
| X | Microsoft Windows DLLHandler | bitpaint.exe | Added by the SDBOT.AHG WORM! | No |
| X | Microsoft Windows Drivers | windrv.exe | Added by a variant of the SDBOT WORM! | No |
| X | Microsoft Windows DVR | windvr.exe | Added by the RBOT-AXD WORM! | No |
| X | Microsoft Windows Expl0rer | expl0rer.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Microsoft Windows Explorer | iexplorer.exe | Added by a variant of the RBOT WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) | No |
| X | Microsoft Windows Explorer | explorewin.exe | Added by the IRCBOT.WORM.212480.H WORM! | No |
| X | Microsoft Windows Express | Microsoft Update | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Microsoft Windows Express | websploit.exe | Added by a variant of the SPYBOT WORM! See here | No |
| X | Microsoft Windows Express | windowslogonb.exe | Detected by PCTools as the SDBOT.ABOO WORM! See here | No |
| X | Microsoft Windows Files Loader | cgy32win.exe | Added by the RBOT-AXR WORM! | No |
| X | Microsoft Windows Game Updater | msgame32.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Windows GUI | Windowz.exe | Added by the RANDEX.AEV WORM! | No |
| X | Microsoft Windows GUI | msmonk32.exe | Added by the SDBOT-PE WORM! | No |
| X | Microsoft Windows Kernel Services | winkrnl386.exe | Added by the ZEBROXY TROJAN! | No |
| X | Microsoft Windows Loader | wloader.exe | Added by a variant of the AGOBOT/GAOBOT WORM! | No |
| X | Microsoft Windows Logon Process | winlogon.exe | Added by the PROXYSER-R TROJAN! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup and is always located in the System32 folder. This worm file is placed in the Winnt or Windows folder | No |
| X | Microsoft Windows Media Player | mediaplayer.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Windows Media Player | wimp.exe | Added by the RBOT-FN WORM! | No |
| X | Microsoft Windows Registry Service | wregistry.exe | Added by the AGOBOT.AKG WORM! | No |
| X | Microsoft Windows Secure | windocs.exe | Added by a variant of the SDBOT WORM! | No |
| X | Microsoft Windows Secure | windocs.exe | Added by a variant of the SDBOT WORM! | No |
| X | Microsoft Windows Secure Server | rpcxWindows.exe | Added by the RBOT-LL WORM! | No |
| X | Microsoft Windows Secure Update | rpcxwinupdt.exe | Added by an unidentified WORM or TROJAN! | No |
| X | Microsoft Windows Securety | wurguar.exe | Added by the RBOT-KY WORM! | No |
| X | Microsoft Windows Security | spvsper.exe | Added by a variant of the SDBOT WORM! | No |
| X | Microsoft Windows Security | wscndrives.exe | Added by the RBOT-AJK WORM! | No |
| X | Microsoft Windows Service | winsys.exe | Added by the RBOT-ADP WORM! | No |
| X | Microsoft Windows Service Pack | winspkn.exe | Added by the RBOT-AYD WORM! | No |
| X | Microsoft Windows Services | msw32.exe | Added by the RBOT-FWQ WORM! | No |
| X | Microsoft Windows Services Edt | ssvvcchhoosst.exe | Added by the RBOT-FYF TROJAN! | No |
| X | Microsoft Windows Services Edt | dllrun32.exe | Added by the RBOT-GAF WORM! | No |
| X | Microsoft Windows Session Manager Subsystem | smss.exe | Added by the PROXYSER-R TROJAN! Note - this is not the legitimate smss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder | No |
| U | Microsoft Windows Sidebar | Sidebar.exe | Windows Sidebar is a pane on the side of the Microsoft Windows Vista desktop where you can keep your gadgets organized and always available. If the file isn't located in %ProgramFiles%\Windows Sidebar or you're using other versions of Windows it could be part of the Searchcentrix hijacker | Yes |
| X | Microsoft Windows Socketx32 Services | winsockx32.exe | Added by the RBOT-FWT WORM! | No |
| X | Microsoft Windows Sound | svghost.exe | Added by a variant of the SPYBOT WORM! See here | No |
| X | Microsoft Windows Sound | svshost.exe | Detected by Kaspersky as the RBOT.ME BACKDOOR! See here | No |
| X | Microsoft Windows Sound | svuhost.exe | Detected by PCTools as the KOLAB.XC WORM! See here | No |
| X | Microsoft Windows Storage Machine Service | winms.exe | Added by the RBOT-AHK WORM! | No |
| X | Microsoft Windows SVCHOST | SVCHOST.exe | Detected by Kaspersky as the VB.KV WORM! See here. Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! | No |
| X | Microsoft Windows System | srwhost.exe | Added by a variant of the RBOT-ASW WORM! | No |
| X | Microsoft Windows System | syshost.exe | Added by the RBOT-ASW WORM! | No |
| X | Microsoft Windows System | System.exe | Detected by Kaspersky as the VB.KV WORM! See here | No |
| X | Microsoft Windows System Kernel | kernel32.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | Microsoft Windows System Service Manager | winsvc.exe | Added by the SPYBOT.LR WORM! | No |
| X | Microsoft Windows Task Management | mstasks.exe | Added by a variant of the SDBOT WORM! | No |
| X | Microsoft Windows Task Manger | Mstosk.exe | Added by the SDBOT-WW WORM! | No |
| X | Microsoft Windows Tasks Management | taskmng.exe | Added by the RBOT-FXK WORM! | No |
| X | Microsoft Windows Updata | scvhost.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Windows Updata | windows.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Windows Update | rundlls.exe | Added by the HABRACK WORM! | No |
| X | Microsoft Windows Update | msoffice2.exe | Added by the RBOT-GB WORM! | No |
| X | Microsoft Windows Update | spools.exe | Added by the SDBOT.TD WORM! | No |
| X | Microsoft Windows Update | svchos.exe | Added by the SDBOT.AC WORM! | No |
| X | Microsoft Windows Update | svcshost.exe | Added by the FORBOT-CF WORM! | No |
| X | Microsoft Windows Update | svmhost.exe | Added by the FORBOT-CH WORM! | No |
| X | Microsoft Windows Update | svshost.exe | Added by the WOOTBOT.CJ WORM! | No |
| X | Microsoft Windows Update | msnmessenger.exe | Added by the SDBOT.AJ WORM! | No |
| X | Microsoft Windows Update | msnwun.exe | Added by the SDBOT-RM WORM! | No |
| X | Microsoft Windows Update | scvvhost.exe | Added by the FORBOT-DH WORM! | No |
| X | Microsoft Windows Update | swwhost.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Windows Update | MSNMSGR.EXE | Added by the SDBOT-WM WORM! Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %System% | No |
| X | Microsoft Windows Update | svzhost.exe | Added by the FORBOT-EV WORM! | No |
| X | Microsoft Windows Update | sccvhost.exe | Added by a variant of the SDBOT WORM! | No |
| X | Microsoft Windows Update | scrhost.exe | Added by the RBOT-AOW WORM! | No |
| X | Microsoft Windows Update | mnswinsx.exe | Added by the RBOT-AWH WORM! | No |
| X | MICROSOFT Windows update | pdate.exe | Added by the RBOT.BZT WORM! | No |
| X | Microsoft Windows Update | srshost.exe | Added by a variant of the SDBOT WORM! | No |
| X | Microsoft Windows Update | rhost32.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | Microsoft Windows Update | windowsupdate.exe | Added by the AGOBOT.ON WORM! | No |
| X | Microsoft Windows Update Application | wuap.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Windows Update Client | csrss.exe | Added by the KEBEDE-G WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\Systems32 | No |
| X | Microsoft Windows Update Logon | win-logon.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Windows Update Service | wupdmgr32.exe | Added by the DOS.AUTOCAT TROJAN! | No |
| X | Microsoft Windows Update Service | msnmsg.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| X | Microsoft Windows Update x86 | [various filenames] | Added by a variant of the RBOT WORM! Filenames seen include (but are not limited to firefox.exe, opera.exe, taskmrg.exe, aim.exe, Winxdiag.exe and usnesvc.exe | No |
| X | Microsoft Windows Update XP64 | ********.exe [* = random char] | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Windows Updater | winupdgm.exe | Added by the GAOBOT.BI WORM! | No |
| X | Microsoft Windows Updater | WINIUPDATES.EXE | Added by the RBOT-KK WORM! | No |
| X | Microsoft Windows Updater | WINUPDATE.EXE | Added by the RBOT-LI WORM! | No |
| X | Microsoft Windows Updater | TMNTSrv.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft Windows Updater | win32upd.exe | Added by the RBOT-EC WORM! | No |
| X | Microsoft Windows Updater | msnupdateit.exe | Added by the AGOBOT-RL WORM! | No |
| X | Microsoft Windows Updater | windates.exe | Added by the SDBOT.TE WORM! | No |
| X | Microsoft Windows Updater | spoolvs.exe | Added by the RBOT.ACQ WORM! | No |
| X | Microsoft Windows Updater | suvhost.exe | Added by a variant of the SDBOT WORM! | No |
| X | Microsoft Windows updaterD | log32zx.exe | Added by the MYDOOM.W WORM! | No |
| X | Microsoft Windows Updates | explorer32.exe | Added by the SDBOT.VQ WORM! | No |
| X | Microsoft Windows Updates | wsap32.exe | Added by a variant of the SDBOT WORM! | No |
| X | Microsoft Windows Updating System | msresource.exe | Added by the RBOT-EAM WORM! | No |
| X | Microsoft Windows Visual V2.0 | msiutil.exe | Added by the DELF.JPH TROJAN! | No |
| X | Microsoft Windows W32 Services | mssw32.exe | Added by a variant of the SPYBOT WORM! | No |
| X | Microsoft Windows WinSaSS Management | winsass.exe | Added by the RBOT-APW WORM! | No |
| X | Microsoft Windows WKS Service | gt.exe | Added by the SDBOT.IR WORM! | No |
| X | Microsoft Windows WKS Service | mstask0.exe | Added by the SDBOT.FV WORM! | No |
| X | Microsoft Windows Workstation | devcode.exe | Added by the RBOT-AWL WORM! | No |
| X | Microsoft Windows XP Configuration Loader | m32svco.exe | Added by the SDBOT.WORM!.48548 WORM! | No |
| X | Microsoft Windows XP/2K Explorer | winexplorer.exe | Added by a variant of the IRCBOT TROJAN! See here | No |
| X | Microsoft Winedows startup | WinKey.exe | Added by a variant of the SDBOT WORM! See here | No |
| X | Microsoft Winedows WinServ | iPodFix.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft WINGS32 Protocol | WinSGR32.exe | Added by the RBOT-APU WORM! | No |
| X | Microsoft WinRaR | winrar.exe | Added by the RBOT-AEC WORM! | No |
| X | Microsoft Winsock | mswinsck.exe | Added by the RBOT-ANK WORM! | No |
| X | Microsoft Winsock Service | msusvc.exe | Added by the RBOT-ANS WORM! | No |
| X | Microsoft Winsock Wrapper | ws2_32s.exe | Added by a variant of the SPYBOT WORM! | No |
| X | Microsoft WinSound | [random filename] | Added by a variant of the RBOT WORM! | No |
| X | Microsoft winsupdater | WINSUPDATER.EXE | Detected by Kaspersky as the SPYBOTER.FB BACKDOOR! See here | No |
| X | Microsoft WinUpdate | mntcgf032.exe | Added by the RBOT-PF WORM! | No |
| X | Microsoft WinUpdate | svh0st.exe | Added by the SPYBOT.DL WORM! | No |
| X | Microsoft WinUpdate | syslx32.exe | Added by an unidentified VIRUS, WORM or TROJAN! | No |
| X | Microsoft WinUpdate | syswin32.exe | Added by the RBOT-HO WORM! | No |
| X | Microsoft WinUpdate | spfix.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft WinUpdate | Winamp61.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft WinUpdate | Winupd32.exe | Added by the RBOT.MQ WORM! | No |
| X | Microsoft WinUpdate | WinNTinit32.exe | Added by the RBOT.VS WORM! | No |
| X | Microsoft WinUpdate | msupdte.exe | Added by an unidentified TROJAN! See examples here & here | No |
| X | Microsoft WinUpdates | serm32.exe | Added by the RBOT.GE WORM! | No |
| X | Microsoft WM | mswm32.exe | Added by the BCKDR-AM BACKDOOR! | No |
| X | Microsoft Word | BootSector.exe | Added by a variant of the AGOBOT/GAOBOT WORM! | No |
| X | Microsoft Word Profissional | csrss.exe | Added by the BANCBAN-DB TROJAN! Note - this is not the legitimate csrss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "s1613" subfolder | No |
| X | Microsoft Word Profissional | Java Plug In close.exe | Added by the BANKER-EL TROJAN! | No |
| X | Microsoft Word Profissional | csrss.exe | Added by the BANKER-DJ TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "protect" subfolder | No |
| X | Microsoft Word Profissional | csrss.exe | Added by the BANKER-DP TROJAN! ! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "JavaVM" subfolder | No |
| N | Microsoft Works Calendar Reminders | wkcalrem.exe | Produces a pop-up reminder of events scheduled using the MS Works Calendar | No |
| N | Microsoft Works Portfolio | WksSb.exe | The Works Portfolio tool lets you collect and organize text and pictures from the Web or your favorite program. The Works Portfolio provides a location where you can store items you want to later put into a document or other file. Can be prevented from starting from a setting within Portfolio | No |
| N | Microsoft Works Update Detection | wkdetect.exe | Checks for updates to MS Works | No |
| X | Microsoft World Service | winworld.exe | Added by an unidentified IRC worm with backdoor capability! | No |
| X | Microsoft WPCEmail | svchost.exe | Added by the SNIFFER-N TROJAN! | No |
| X | Microsoft WWW | free.exe | Added by a variant of the CWS.AK TROJAN! | No |
| X | Microsoft Wxdate | Syswu32.exe | Added by the SPYBOT.HZ WORM! | No |
| X | Microsoft X Update | wuamkoppnp.exe | Added by the RBOT-ANI WORM! | No |
| X | microsoft xdaemon 2.0 | xdaemon.exe | Added by the DELF.D TROJAN! | No |
| X | Microsoft XML Service | msxmlx.exe | Added by the RBOT.KS WORM! | No |
| X | Microsoft Xp Systems loader | winsystem32xp.exe | Added by the KELVIR.W WORM! | No |
| X | Microsoft Xp Systems loaders | win32xpsys.exe | Added by the SPYBOT.NYT WORM! | No |
| X | Microsoft XPSP Protocol | xp386.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoft xpsp2 | Networksystem.exe | Added by a variant of the SDBOT WORM! | No |
| X | Microsoft xpsp2 | xpsp2.exe | Added by the SDBOT-YQ WORM! | No |
| U | Microsoft® Windows® Operating System | ehTray.exe | System Tray access to Media Center for Windows Vista Home Premium and XP Media Center Edition | No |
| N | Microsoft® Windows® Operating System | RunDLL32.exe ehuihlp.dll, BootMediaCenter | Starts Windows Media Center every time Windows Vista (Home Premium or Ultimate) boots. Disable by unchecking the "Start Windows Media Center when Windows Starts" option via Windows Media Center -> Tasks -> Settings -> General -> Startup and Window Behaviour | No |
| N | Microsoft® Windows® Operating System | rundll32.exe oobefldr.dll, ShowWelcomeCenter | Shows the Welcome Center every time you boot into Windows Vista | No |
| X | Microsoft's System Module | Sysmodule.exe | Added by the BDOOR-FJ BACKDOOR! | No |
| X | Microsoft(R) System Manager | sysmgr.exe | Added by the AGENT.QTR TROJAN! | No |
| X | Microsoft--Updates | sxvhost.exe | Added by the RBOT-FH WORM! | No |
| X | Microsoft-software | ****.exe [* = random char] | Added by a variant of the RBOT WORM! | No |
| X | Microsoft-Update | wngard.exe | Added by the RBOT-JV WORM! | No |
| X | Microsoft-Updates | svxhost.exe | Added by the RBOT-CT WORM! | No |
| X | Microsoft.exe | [random].exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | Microsoft32 | win32sys.exe | Added by an unidentified WORM or TROJAN! | No |
| X | microsoft420 | microsoft420.exe | Added by the MENACE.B WORM! | No |
| X | Microsoft64 | antiv.exe | Added by the SOBER WORM! | No |
| X | Microsoft? ActiveX Debugger NT | setdebugnt.exe | Added by the BANCOS-CZ TROJAN! | No |
| X | Microsoft? PID Lex | PIDLex.exe | Added by the NIOVADOOR TROJAN! | No |
| X | Microsoft? System Mapper | SysMap.exe | Added by the MAPSY TROJAN! | No |
| Y | MicrosoftAntiSpywareCleaner | gcASCleaner.exe | Microsoft Antipsyware - now superseded by Microsoft's Windows Defender | No |
| X | MicrosoftDriverService32 | drsys32.exe | Detected by Trend Micro as the IRCBOT.AKX TROJAN! See here | No |
| X | Microsoftf DDEs ContDLL | rune.pif | Added by the RBOT-AGF WORM! | No |
| X | Microsoftf DDEs ContrDL | runm.pif | Added by the RBOT-AFQ WORM! | No |
| X | Microsoftf DDEs Control | lxes.exe | Added by the RBOT.BOF WORM! | No |
| X | Microsoftf DDEs Control | wees.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoftf DDEs Control | soff.pif | Added by the RBOT-AKH WORM! | No |
| X | Microsoftf DDEs Control | why-.exe | Added by the RBOT-AMV WORM! | No |
| X | Microsoftf DDEs Control | msnn.exe | Added by the RBOT-AXT WORM! | No |
| X | Microsoftf DDEs Control | FEnR.exe | Added by the RBOT-AIM WORM! | No |
| X | Microsoftf DDEs Control | w33s.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoftf DDEs Control | waes.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsoftkeysd | systemproc.exe | Added by the FORBOT-BI WORM! | No |
| X | Microsoftkeysd | systemwin32s.exe | Added by the WOOTBOT.CO WORM! | No |
| X | Microsoftkeysds | lass32.exe | Added by a variant of the RBOT WORM! | No |
| X | MicrosoftKs | Drivers.bat | Added by the SHUTDOWN-F TROJAN! | No |
| X | microsoftm eegs cuntrol | loor.pif | Added by a variant of the RBOT WORM! | No |
| X | MicrosoftMessenger | msnserv.exe | Added by the DARKER.M WORM! | No |
| X | Microsoftmsn32.exe | microsoftmsn32.exe | Added by the CERTIF-C TROJAN! | No |
| X | MicrosoftMultimediaTask | Mmtask.exe | Adware downloader - not the valid MusicMatch Jukebox which shares the same filename | No |
| X | MicrosoftNetwork Daemon for Win32 | NETD32.EXE | Added by the RANDEX.F WORM! | No |
| X | MicrosoftOEM | smvss.exe | Added by the DEDLER-G TROJAN! | No |
| X | MicrosoftPersonalFirewall | spoolsrv.exe | Added by the WOOTBOT.DO BACKDOOR! | No |
| X | MicrosoftROMDriverService | cdrss.exe | Detected by Kaspersky as the IRCBOT.BLF TROJAN! See here | No |
| X | Microsofts media | winmplayd.exe | Added by an undidentified WORM or TROJAN! | No |
| X | Microsofts media | wingtp.exe | Added by the RBOT-VO WORM! | No |
| X | Microsofts MediaScope | winmep.exe | Added by the RBOT-WB WORM! | No |
| X | Microsofts MediaScope | winmedplay.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsofts Security Manager | ****.exe [**** = random char] | Added by the RBOT-WH TROJAN! | No |
| X | Microsofts Service | lcsrv16.exe | Added by a variant of the RBOT WORM! | No |
| X | Microsofts Updates | lsasss.exe | Added by the RBOT-AEX WORM! | No |
| X | Microsofts Updatez | cmsssr.exe | Added by an unidentified VIRUS, WORM or TROJAN! | No |
| X | Microsofts Updatez | exploirez.exe | Added by a variant of the RBOT WORM! | No |
| X | MicrosoftServiceManager | mstask32.exe | Added by the YAHA.P WORM! | No |
| X | MicrosoftServiceManager | Wintsk32.exe | Added by the YAHA.U WORM! | No |
| X | MicrosoftServiceManager | EXPLORERE.EXE | Added by the YAHA.AB WORM! | No |
| X | MicrosoftServiceManager | msupdat.exe | Added by the YAHA.AA WORM! | No |
| X | MicrosoftShell | Shellcomm.exe | Added by the BANCBAN-QG TROJAN! | No |
| X | MicrosoftSourceSafe | lsass.exe | Added by the WEBUS.B TROJAN! Note - this is not the legitimate lsass.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the System folder | No |
| X | MicrosoftSys | SPOOLSYS.exe | Added by the TARNO.N TROJAN! | No |
| X | MicrosoftUpdate | syshelper.exe | Added by the WOOTBOT.AC WORM! | No |
| X | MicrosoftUpdate | WinUp32.exe | Added by an unidentified VIRUS, WORM or TROJAN! | No |
| X | MicrosoftUpdate | MicrosoftUpdate.exe | Added by the BANKER-EHC TROJAN! | No |
| X | MicrosoftUpdate | windll.exe | Added by the RBOT-IH WORM! | No |
| X | MicrosoftUpdate | RBuilder.exe | Added by the DLOADR-BMV TROJAN! | No |
| X | MicrosoftUpdates | [path to trojan] | Added by the DELF-LO TROJAN! | No |
| X | MicrosoftValue | syscnfg.exe | Added by an unidentified VIRUS, WORM or TROJAN! "syscnfg.exe" is found in C:windowsfonts (or C:winntfonts) directory where no *.exe files should reside | No |
| X | Microsoftvirus | sysoverload.exe | Added by the FORBOT-AL WORM! | No |
| X | MicrosoftWindows | [various filenames] | MagicSearch - a CoolWebSearch parasite variant | No |
| X | MicrosoftWindows | a@26m.exe | Added by the KILLPAR-B TROJAN! | No |
| X | MicrosoftXP Service Pack 2 | servicepack2.exe | Added by the RBOT.EMC WORM! | No |
| X | Microsoftz turn Control | aexl.exe | Added by the SDBOT.BCO WORM! | No |
| X | Microsoftz turn Control | read.pif | Added by the RBOT-AFS WORM! | No |
| U | Microsoft® Windows® Operating System | Sidebar.exe | Windows Sidebar is a pane on the side of the Microsoft Windows Vista desktop where you can keep your gadgets organized and always available. If the file isn't located in %ProgramFiles%\Windows Sidebar or you're using other versions of Windows it could be part of the Searchcentrix hijacker | Yes |
| X | Microsong | svchosts11.exe | Added by the SDBOT-EV WORM! | No |
| X | Microsot NT Support | [random filename].exe | Added by the RBOT-CTI WORM! | No |
| X | microsystem | snddrv.exe | Detected by Kaspersky as the VB.AXG TROJAN! See here | No |
| X | Microszoft Update Mach1nezs | svchst.exe | Added by the RBOT-ED WORM! | No |
| U | Microtek Scanner Finder | ScannerFinder.exe | Monitors whether a scanner is present. Provided with Microtek scanners | No |
| X | Microzoft_Ofiz | KdzEregli.exe | Added by the AMUS.A WORM! | No |
| X | Micrsft Updese | xagwxz.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| X | Micrsoft CFG 32 | lrbzus32.exe | Added by a variant of the AGOBOT/GAOBOT WORM! | No |
| X | Micrsoft DerSystem | uqieelpb.exe | Added by the RBOT-GRI WORM! | No |
| X | Micrsoft Driver | windrive.exe | Added by the SDBOT.AF TROJAN! | No |
| X | Micrsoft Driver | msdriver.exe | Added by the SDBOT-XD WORM! | No |
| X | Micrsoft Internet Explorer | IEXPL0RE.EXE | Added by the RBOT-AQV WORM! Note the number "0" in the filename | No |
| X | Micsoft-Published-Software | explrer.exe | Added by the RBOT-GFL WORM! | No |
| X | Micsorosft Security Center | wcnsfty.exe | Added by the RBOT-AHU WORM! | No |
| X | mig2 | mig2.exe | Added by the BRONTOK-BW WORM! | No |
| N | MightyFAX Controller | MFNTCTL.EXE | Mighty FAX from RKS Software - "installs a printer driver so that you can fax directly from Windows software" | No |
| ? | MigrationVendorSetupCaller | rundll32.exe migrate.dll, CallVendorSetupDlls | ?? | No |
| X | Military Net Killer | MNK.exe | Added by the MILLNET-A WORM! | No |
| U | MilShieldSlave | ShieldWorker.exe | Mil Shield from Mil Incorporated. It protects your privacy by removing all tracks from your online or offline computer activities | No |
| N | MimBoot | mimboot.exe | Starts Musicmatch Jukebox at bootup - can be started manually | No |
| X | Mincer | Mincer.exe | Added by the MINCEME-A VIRUS! | No |
| U | Mindful | Mindful.exe | Mindful from Felitec inc. "Event reminder software with date and time tools in a simple to use system tray application" | No |
| U | Mini-XP | Mini-XP.exe | Minimizer-XP from Totalidea Software - adds an additional button in the top right-corner of any application window to allow you to quickly minimize it to the System Tray. No longer available from the author but still available from download sites such as Download.com | No |
| X | MINIBUG | MINIBUG.EXE | Displays ads inside Weatherbug - see here | No |
| N | MiniEYE-MiniREAD Launch | ARLaunch.exe | eyeQ - improve your reading speed | No |
| N | MINIFERT.EXE | MINIFERT.EXE | Part of Backweb | No |
| U | minilog | MINILOG.EXE | If you don't have ZoneAlarm or ZoneAlarm Pro running you don't need this. This must be enabled if programs such as VisualZone Report utility or ZoneLog Analyzer are in use | No |
| N | MiniMavis | MiniMavis.exe | Mavis Beacon typing tutor | No |
| X | minimo | [path to file] | Added by the MOSUCK-X TROJAN! | No |
| N | MiniNote | MININOTE.EXE | Mini NoteTab was the first in the family of "NoteTab" text and HTML editors from Fookes Software | No |
| N | Miniphone | glophone.exe | VoiceGlo Glophone - "an affordable and convenient way to call friends and family throughout the world using a dial-up or broadband Internet connection on your computer" using the VoIP (Voice over Internet Protocol). No longer available | No |
| X | miniport | usb2chk.exe | Added by the LAZAR-A TROJAN! | No |
| X | MiniPortRt | miniport_mp.exe | Malware - see here | No |
| U | MiniReminder | MiniReminder.exe | "MiniReminder is a small, fast, and simple program for Microsoft Windows to remind yourself of important yearly events, like birthdays, anniversaries, renewals, etc" | No |
| X | MiniServer.exe | MiniServer.exe | Added by the LITTLEW-E TROJAN! | No |
| U | MinMaxExtender | Mmext.exe | MinMaxExtender - window handling tool | No |
| X | Mioft Wiws Seice ent | [worm filename].exe | Added by the RBOT-GIJ WORM! | No |
| X | Miosf Update | wimsqaad.exe | Added by the SDBOT.AG TROJAN! | No |
| U | MioSync | mioSync.exe | Related to Mio GPS navigation devices | No |
| N | Mirabilis ICQ | NDetect.exe | If connected to the internet, automatically runs up ICQ. Convenience more than anything. ICQ can be started from Start -> Programs | No |
| N | Mirabilis ICQ | icq.exe | If connected to the internet, automatically runs up ICQ. Convenience more than anything. ICQ can be started from Start -> Programs | No |
| N | Mirabilis ICQ | ICQNet.exe | If connected to the internet, automatically runs up ICQ. Convenience more than anything. ICQ can be started from Start -> Programs | No |
| U | Miramar Systems, Inc. | atmsg.exe | Miramar PC/Mac networking software | No |
| N | Miranda IM | miranda32.exe | Miranda instant messaging client | No |
| X | Mirate Sp 2 Information | miratesp2.exe | Added by the RBOT.QH WORM! | No |
| X | Mircosoft DNS Service | svchost.exe | Added by the IRCBOT-AK TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "drivers" subfolder | No |
| X | Mircosoft Sockets SP2 | mssck.exe | Added by the MYTOB.ET WORM! | No |
| X | Mircosoft Update | wuampkd.exe | Added by a variant of the SDBOT WORM! | No |
| X | Mircrosoft Svchost32 | svchost32.exe | Added by the RBOT-AZW WORM! | No |
| X | Mircrosoft Windows Config DLL | rundllc32b.exe | Added by the RBOT-ZY WORM! | No |
| N | miroVIDEO Tray Tool | misitray.exe | Tool for quickly changing options for miro/Pinnacle capture cards during capture/playback/output. When this program is closed, another program (mv-ctrl) is also closed, but mv-ctrl does not have its own EXE file. Only needed when using the capture card, e.g. for the above actions | No |
| U | Mirra | Mirra.Client.exe | Mirra Personal Server from Seagate Tech - "a powerful hardware/software solution that integrates high-capacity storage with content protection, remote access, sharing and multi-computer synchronization" | No |
| U | MirrorFolderShell | mrfshl.exe | MirrorFolder backup software | No |
| X | Mirsoft sdcE | taskmegr.exe | Added by the RBOT-AWY WORM! | No |
| X | Mirsoft sdcE | taskmegr.exe | Added by the RBOT.DFQ WORM! | No |
| X | Miscrosoft Windows Explorer | IEEXPLORER.exe | Reported as the SDBOT.YX WORM! | No |
| ? | misiCTRL | misiCTRL.exe | Miro video driver related. Is it required? | No |
| ? | misiTRAY | misiTRAY.exe | Miro video driver related. Is it required? | No |
| X | Mismo | win32x.exe | Added by the RBOT-JP WORM! | No |
| N | Mixer | Mixer.exe | C-Media Mixer - C-Media produce audio chipsets that are often found on popular motherboards with on-board audio. Provides System Tray access to change audio settings. Available via Start -> Settings -> Control Panel or Start -> Programs | No |
| N | Mixersel | mixersel.exe | Configuration for Realtek audio devices | No |
| N | Mixghost | mixghost.exe | Management software for Altec Lansing speakers. If a change is needed, the user can launch it from the Start menu | No |
| X | MJ | te32.exe | Added by the AGENT.HAA TROJAN | No |
| X | mjc | mjc.exe | Detected by Trend Micro as the AGENT.AKCI TROJAN! See here | No |
| X | ml00!.exe | ml00!.exe | Malware, detected by Panda as the BWD TROJAN! | No |
| U | ML1HelperStartUp | ML1HEL~1.EXE | ScreenScenes "Midnight Lake" screensaver. The freeware version comes with GAIN branded ads (pop-ups and others). ScreenScenes do however offer you the option of doing away with the ads by purchasing the screensaver for a whopping $30. Please note that Claria Corporation no longer support GAIN-Supported software - see here | No |
| U | ML1HelperStartUp | ML1Helper.exe | ScreenScenes "Midnight Lake" screensaver. The freeware version comes with GAIN branded ads (pop-ups and others). ScreenScenes do however offer you the option of doing away with the ads by purchasing the screensaver for a whopping $30. Please note that Claria Corporation no longer support GAIN-Supported software - see here | No |
| X | ml34 | [path to trojan] | Added by the MAILBOT-BH TROJAN! | No |
| X | Mlcr0s0ftf DDEs C0ntr0i | WAed.pif | Added by the RBOT-BJW WORM! | No |
| X | mlibsysmc | comzcinc.exe | Added by the SDBOT-CXS WORM! | No |
| X | mload | lxmstart.exe | Added by an unidentified VIRUS, WORM or TROJAN! | No |
| ? | MM Install | setup.exe | Possibly Money Manager from Moneysoft? | No |
| X | MMB2 | explorer.exe | Added by an unidentified WORM or TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System% | No |
| X | MMC | inisys.exe | Added by the OSCABOT-I WORM! | No |
| X | mmcndmgr | mmcndmgr.exe | Added by an unidentified VIRUS, WORM or TROJAN! | No |
| N | MMCWINMGMT | winmgmt.exe | Used for Enterprise Management. If you are not an IT Administrator you don't need it to be running. Also runs from the PCHealth "scheduler" - refer here | No |
| X | mmemdrv | mmemdrv.exe | SecondSight spyware. Note - SecondSight is spyware that captures keystrokes and screen shots, and logs user activity on the compromised computer. The risk can then send the logged information to a remote attacker via email, must be manually installed | No |
| U | MMERefresh | MMERefresh.exe | Part of Digidesgin Protools. Refreshes your midi ports on the 002(R) (the 002R is a hardware audio/midi converter connected to your computer via firewire). Must be running in order to use the MIDI functionality of the Digi002R | No |
| X | Mmessenger | messenger.exe | Added by the AGOBOT.GM WORM! | No |
| X | Mmgsvc | mmgsvc.exe | Mmgsvc spyware | No |
| U | MMhid | mmhid.dll | This is the Human Interface Device Server for Win98, it is required only if you are using USB Audio Devices you can disable via Msconfig. See here. Typical examples are USB multimedia keyboards with volume control and web-ready keyboards. For example - loaded by default with MS DSS80 Speakers because they have Volume, Mute and Bass controls on the speaker. Some users may experience problems disabling this - if this is the case then re-enable it. Equivalent to Hidserv in Win98SE/2000/Me/XP | No |
| ? | MMHK | mmhk.exe | A driver found on a Compaq Presario 800T notebook. Possibly something to do with multimedia hot keys? | No |
| N | MMHotKey | MMHotKey.exe | Multimedia key handling for the relevant type of Turbo-Media keyboard. Shortcut available. Note that with this running it can crash DirectX8/9 under WinXP when a game switches to full-screen | No |
| X | MMicrosoft Security Management | inetforn.exe | Added by the RBOT.AFZ WORM! | No |
| U | MMKeybd | MMKeybd.exe | Multimedia keyboard manager. Required if you use the additional keys | No |
| U | Mmm | Mmm.exe | Hace Mmm - free utility to configure your Windows menus and move and remove menu-items you never use | No |
| X | mmod | mmod.exe | eZula TopText adware | No |
| N | mmpti | m1mmpti.exe | Mpact Mediaware Properties Taskbar Icon - multimedia software icon for Chromatic Research Mpact video cards | No |
| N | MMReminderService | MMReminderService.exe | Mind Manager from Mindjet - "easy way to organize ideas and information". Registration reminder | No |
| ? | MMRun | mmrun.exe | ?? | No |
| X | mmsass | mmdmm.exe | Added by the SDBOT.SO WORM! | No |
| X | mmsddlx | [random filename] | Added by a variant of the SLAPER TROJAN! | No |
| ? | mmsys | recover.exe | ?? | No |
| X | MMSystem | RunDll32 | Added by the FUNNER-A WORM! | No |
| Y | MMTASK | mmtask.tsk | A check on the file's properties reveals "Multimedia background task support module". MMTASK is a very simple 16-bit program used by certain multimedia drivers (which are still 16-bit on Win9x) to perform background processing. Some soundcards need this to support MIDI, etc | No |
| N | mmtask | mmtask.exe | Part of MusicMatch Jukebox - digital music player / CD burner and ripper / music organizer / playlist creator | No |
| X | MMtask Service | mmtask.exe | Added by the BACKGAT.A TROJAN! Not the valid MusicMatch Jukebox which has the same filename | No |
| N | MMTray | mm_tray.exe | MusicMatch Jukebox icon in the task tray - digital music player / CD burner and ripper / music organizer / playlist creator | No |
| N | MMTray | MMTray.exe | Part of Morgan Multimedia Codecs. Only required when the codecs are used | No |
| N | MMTray2K | MMTray2K.exe | Part of Morgan Multimedia Codecs. Only required when the codecs are used | No |
| N | MMTrayLSI | MMTrayLSI.exe | Part of Morgan Multimedia Codecs. Only required when the codecs are used | No |
| ? | mmusrstp | procrun.exe | ?? | No |
| X | mmxp2passion.exe | mmxp2passion.exe | MediaMotor adware | No |
| X | mmxrun | msosa.exe | Added by an unidentified TROJAN or WORM! | No |
| X | mmxrun | mswinindex.exe | TwoSeven spyware | No |
| U | mm_server | mm_server.exe | Part of MusicMatch Jukebox - digital music player / CD burner and ripper / music organizer / playlist creator | No |
| X | mnklins | mnklins.exe | VX2.Transponder parasite updater/installer related | No |
| X | MNPol | mnpol.exe | Added by the DLUCA.B TROJAN! | No |
| U | MNS | MNS.exe | Mobile Net Switch enables you to use your computer on more then one network with the click of a button. It allows you to automatically select the correct drive mappings, printer settings, IP settings and much more | No |
| X | mnsa | mnso.exe | Added by the LINEAG-AI TROJAN! | No |
| X | mnsvc | mnsvc.exe | Added by the AUTOUPDER TROJAN! | No |
| X | mnsvcsp | mnsvcsp.exe | Added by an unidentified VIRUS, WORM or TROJAN! | No |
| ? | mnu | igomnu.exe | Wanadoo broadband ISP (now rebranded as Orange) related. What does it do and is it required? | No |
| U | Mobile Phone Suite | MobilePhoneSuite.exe | Logitech Mobile Phone Suite | No |
| U | mobile PhoneTools | mPhonetools.exe | Motorola Phone Tools | No |
| U | Mobipocket Reader Notifications | readernotify.exe | Part of Mobipocket Reader - "Store all your eBooks, eNews & self-published eDocs on your PC. Download eBooks in Mobi format from your favorite ebookstores to read on your smartphone, PDA, laptop or on your desktop PC" | No |
| U | Mobipocket Web Companion | webcomp.exe | Related to Mobipocket eBook Reader | No |
| N | mobsync | mobsync.exe | MS Syncrhonization Manager - updates the network copy of materials that were edited offline, such as documents, calendars, and e-mail messages. Find more information about its use here | No |
| X | MOBSYNC32.EXE | mobsync32.exe | Added by the FINERO TROJAN! | No |
| N | MOD | muamgr.exe | Using MicroAngelo On Display, you can easily select the icon images that you prefer rather than the default icons displayed by Windows. On Display provides a consistent and elegant method to customize the icon display for almost every icon on your system | No |
| X | Modem | locatesvc.exe | Added by a variant of the SPYBOT WORM! | No |
| X | Modem Driverz Updates | mdmdrv.exe | Added by a variant of the SDBOT WORM! | No |
| U | MODEMBTR | MODEMBTR.EXE | Modem Booster from inKline Global to improve ISP connections | No |
| X | Modeminf | Modeminf.exe | Added by a variant of the CRYPTER.C TROJAN! | No |
| U | ModemOnHold | MOH.EXE | NetWaiting/Modem-on-Hold - allows you to place your Internet connection on hold while you take a voice call (if Call Waiting is supported by your phone company). See here for more information | No |
| U | ModemOnHold | netWaiting.exe | NetWaiting/Modem-on-Hold - allows you to place your Internet connection on hold while you take a voice call (if Call Waiting is supported by your phone company). See here for more information | No |
| N | ModemUtility | mdmsetpe.exe | System Tray configuration icon for Aztech modems | No |
| X | Modifiet Amateur HTPB | wuaclt.exe | Detected by Trend Micro as the IRCBOT.AYS WORM! See here | No |
| U | ModPS2 | ModPS2Key.exe | Hotkey drivers for Chicony keyboard. Required if you use the hotkeys | No |
| X | ModularConfig | syscnfg.exe | Added by an unidentified VIRUS, WORM or TROJAN! "syscnfg.exe" is found in C:windowsfonts (or C:winntfonts) directory where no *.exe files should reside | No |
| X | Module Call initialize | RUNDLL32.EXE reg.dll, ondll_reg | Added by the LOVGATE.C WORM! | No |
| X | Modulo 00FE0F01 Host Internet | syschost.exe | Added by the DELF-KW TROJAN! | No |
| X | MonAppli | [random filename] | Detected by Kaspersky as the DELF.IF TROJAN! See here | No |
| N | Money Express | moneyexpress.exe | Part of MS Money. Available via Start -> Programs | No |
| N | MoneyAgent | money express.exe | Part of MS Money. Available via Start -> Programs | No |
| N | MoneyAgent | mnyexpr.exe | Microsoft Money | No |
| N | MoneyStartUp | Money Startup.exe | Microsoft Money | No |
| N | MoneyStartUp10.0 | Activation.exe | Part of MS Money 2002. Available via Start -> Programs | No |
| X | monitor | monitor.exe | Browser hijacker, redirecting to NCM Search | No |
| U | Monitor | SD Monitor.exe | "Transfer data quickly between your memory card and your computer with SanDisk's Readers, Writers and Adapters" | No |
| U | Monitor Apache Servers | ApacheMonitor.exe | Part of the Apache Web Server package. Useful only if you're running such a server on your PC. Available via Start -> Programs | No |
| X | Monitor calibration | AV1i.exe | Anti-Virus-1 rogue security software - not recommended, removal instructions here | No |
| U | Monitor Helper | monitor.exe | MyLittleSpy keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| X | Monitor Test | [random filename] | Added by the SDBOT-NC WORM! | No |
| X | Monitoring Service | svchost.exe | Added by the CONE.C WORM! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "tasks" subfolder of the Winnt or Windows folder | No |
| X | Monitormgt | Monitormgt.exe | Added by the GEMA TROJAN! | No |
| U | MonitorSD | SDMonitor.exe | Spyware Detector - spyware remover. Initially not recommended due to false positives but the later versions have since improved - see here | No |
| X | MONPluginSrIvcs | n3monap23.exe | Added by a variant of the RBOT WORM! | No |
| N | Monstersoundtray | Freectrl.exe | Diamond Multimedia sound card control panel | No |
| X | MonTest | vccxzq.exe | Added by the SDBOT-EA WORM! | No |
| U | MoodBook | mb.exe | MoodBook is a free Windows utility that brings art to your desktop | No |
| N | moon phase | moon.exe | Moon Phase - tray icon that indicates the phases of the moon | No |
| X | MooNlight | MySqld-nt.cmd | Added by the BOBANDY-A WORM! | No |
| X | MoreContent | rundll32.exe MSA64CHK.dll, DllMostrar | MatrixDialer related. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in the Winnt or Windows folder | No |
| X | MoreResults | MoreResults.exe | MoreResults adware | No |
| N | Morpheus | morpheus.exe | MusicCity Networks' Morpheus - another peer-to-peer client based on Kazaa. Notable in that this one doesn't seem to install the adware that clog the Kazaa download. They claim they are adware free, and a visitor quotes "I have seen no instance of any since using it" | No |
| X | morphstb | morphstb.exe | Adware - detected by Kaspersky as the STUBBY.C TROJAN! | No |
| X | mosearch | mosearch.exe | Fast Search in Office XP - similar to the new revision of the Find Fast feature in Office 2000. Fast Search uses the Indexing Services in Office XP to create a catalog of Office files on your computer's hard disk. As with Find Fast - a waste of resources. If it can't be disabled via MSCONFIG try here | No |
| X | Motherboard Config | Ati2xxx.exe | Added by the RBOT-AIK WORM! | No |
| X | MotherBoard Sounds | Sounds.exe | Added by the RBOT-AAP WORM! | No |
| N | Motive SmartBridge | mpbtn.exe | System tray icon for the Virtual Assistant from AT&T Broadband, used to communicate internet problems via the network rather than telephone. Available via desktop shortcut or Start -> Programs - not required | No |
| N | Motive SmartBridge | MotiveSB.exe | System tray icon for the Virtual Assistant from AT&T Broadband, used to communicate internet problems via the network rather than telephone. Available via desktop shortcut or Start -> Programs - not required | No |
| N | Motive SmartBridge | BTHelpNotifier.exe | System tray icon for help from BT Broadband, used to communicate internet problems via the network rather than telephone. Available via desktop shortcut or Start -> Programs - not required | No |
| U | MotiveMonitor | motmon.exe | Found on HP/Dell and Compaq systems (and maybe others). MotiveMonitor is used?the suppliers on-line support and allows the agent at the far end to do harddrive/ram/video/etc tests on the computer. Can cause some users problems with IE and Netscape by disabling this - in this case leave it to run. You may also wish to leave it alone if the PC is still within the support period from the manufcaturer. For most users it's not required | No |
| N | MotiveSB | MotiveSB.exe | System tray icon for the Virtual Assistant from AT&T Broadband, used to communicate internet problems via the network rather than telephone. Available via desktop shortcut or Start -> Programs - not required | No |
| U | MotMon | motmon.exe | Found on HP/Dell and Compaq systems (and maybe others). MotiveMonitor is used?the suppliers on-line support and allows the agent at the far end to do harddrive/ram/video/etc tests on the computer. Can cause some users problems with IE and Netscape by disabling this - in this case leave it to run. You may also wish to leave it alone if the PC is still within the support period from the manufcaturer. For most users it's not required | No |
| X | motoin | mm15201518.Stub.exe | Delfin Promulgate adware variant | No |
| U | Motorola Desktop Suite | DesktopSuite.exe | Related to Motorola Desktop Suite - PC software managing Motorola mobiles such as the A1000 | No |
| U | Motorola Desktop Suite mRouter Config | mRouterConfig.exe | Configuration for Motorola's version of Intuwave's m-Router - "that enables easy connectivity between mobile devices and PCs across Bluetooth, Infrared, USB and serial cable connections". It was licensed and used by the Symbian OS but m-Router is no longer readily available since Intuwave went into administration in 2006 | No |
| U | Motor_Tracking_Tool | MTTool.exe | Sweex Motion Tracking Webcam utility. "The motion tracking function ensures that the camera can follow all your movements. So you can move and chat, without disappearing from view" | No |
| U | Mount Safe & Sound | Fbmount.exe | From McAfee VirusScan version 5.x. Creates back-up sets of critical files in a separate area of a hard drive. If you make regular back-ups it's not needed and can be painful during system start | No |
| U | mount.exe | mount.exe | Part of "GiPo@FileUtilities - GiPo@Mount "Provides advanced substitutional and mounting services. It allows to attach a local drive to an empty folder on an NTFS volume (only for Windows 2000/XP) and to substitute a local folder for a drive letter" | No |
| X | mouse | mouse.exe | Added by the RBOT-AHJ WORM! | No |
| U | Mouse 32A | Mouse32A.exe | Mouse utility. If you disable this entry you will not be able to use any of the non-standard functions of the mouse | No |
| N | Mouse Suite 98 Daemon | pelmiced.exe | Mouse driver. Appears to cause a behaviour where the desktop suddenly flips back up when playing DirectX associated games | No |
| U | Mouse Suite 98 Daemon | ICO.EXE | Found on some Sony Vaio, IBM Thinkpad and Dell (and possibly other) laptops and seems to be related to Mouse Suite 98 Daemon according to the properties. Required on the Dell Inspirion 530 as without it the Dell mouse suite does not load and mouse settings are not retained on a reboot. Appears to cause a behaviour where the desktop suddenly flips back up when playing DirectX associated games | No |
| X | mousebut | mousebut.exe | Added by the CRYPTER.A TROJAN! | No |
| X | Mousecntl | mousecntl.exe | Added by a variant of the CRYPTER.C TROJAN! | No |
| N | MouseCount | MC.exe | MouseCount by Kittyfeet Software. "Utility for counting how many times us computer junkies click our mouse in a given session/day/week/month/year." Not required | No |
| X | MouseDrv | [path to worm] | Added by the ZOLOAD-B WORM! | No |
| X | MouseDrv | update.exe | Added by the ZOTOB.N WORM! | No |
| U | mouseElf | MC.exe | Genius NetScroll mouse driver - required if you use non-standard Windows driver features | No |
| U | mouseElf | mouseElf.exe | System Tray access to the mouse control panel for Genius Netscroll mice. Required if you use non-standard Windows driver features | No |
| U | MouseImp | MImpHost.exe | MouseImp Pro - "A reliable assistant that turns your mouse into a simple, native but powerful controlling device" | No |
| X | mousepad | mousepad.exe | Added by the CLICKER TROJAN! | No |
| U | Mousinfo | mousinfo.exe | MS mouse information tool - for troubleshooting mouse problems | No |
| X | MoussaEvil | [path to file] | Added by the MUSANUB-A WORM! | No |
| X | MoveSearch | Search.exe | PigSearch adware | No |
| N | Movielink Manager Uninstall | msvcmm32.exe | Auto-update for Movielink - internet movie rental System Tray access | No |
| X | MovieM | lmovie.exe | Added by the BEAGLE.DS WORM! | No |
| X | moviemk | moviemk.exe | Added by the DWNLDR-GTB TROJAN! | No |
| X | MovieNetworks | MovieNetworks.exe | MovieNetworks will connect you by DOMESTIC PREMIUM RATE TELEPHONE NUMBER 900-xxx-xxxx. So you get xxx rated pictures and junk. And it will allow you to stay on the internet on their line and $$$ and remove the C:Program FilesMovieNetworks directory | No |
| X | Movieplace | Movieplace.exe | MoviePlace malware | No |
| X | Mozila | mozila.exe | Added by the DELBOT-AJ WORM! | No |
| X | Mozila Firefox | firebox.exe | Added by the RBOT-AIP WORM! | No |
| X | Mozilla Firebird v0.8 Internet Browser | netstats.exe | Added by the IRCBOT.MC TROJAN! | No |
| X | Mozilla Firefox | F1REF0X.EXE | Added by a variant of the SDBOT WORM! | No |
| N | Mozilla Quick Launch | Netscp6.exe | Netscape 6 and Mozilla browsers | No |
| N | Mozilla Quick Launch | Mozilla.exe | Netscape 6 and Mozilla browsers | No |
| N | mozilla_cleanup | xpicleanup.exe | Firefox Mozilla cleans up after installation. It is invoked on a restart after installation, to remove the bits and pieces resulting from the installation | No |
| U | Mozy Status | mozystat.exe | Mozy - free backup at a secure, remote location | No |
| X | MP Tcloakss | mptclock.exe | Added by the NACKBOT-B WORM! | No |
| X | MP Tcloaxs | mptcloaxs.exe | Added by the RANDEX.CT WORM! | No |
| X | MP Tclockvv | mptclock.exe | Added by the NACKBOT-A WORM! | No |
| X | MP Tclockvv | mptclock.exe | Added by the NACKBOT-A WORM! | No |
| X | MP Tclockvv | mptclockvv.exe | Added by the RANDEX.CJ WORM! | No |
| N | MP3 CD Extractor | CD-Extractor.exe | "MP3 CD Extractor is an audio CD to MP3 ripper which can extract Digital Audio tracks from Audio CDs into files on the hard disk" | No |
| X | Mp3 Loader | Sysdata.EXE | Added by the AVETTE-A VIRUS! | No |
| X | MP3Collection | rundll32.exe MSA64CHK.dll, DllMostrar | MatrixDialer related. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in the Winnt or Windows folder | No |
| X | MP3download | rundll32.exe MSA64CHK.dll, DllMostrar | MatrixDialer related. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in the Winnt or Windows folder | No |
| X | MP3freeDownload | rundll32.exe MSA64CHK.dll, DllMostrar | MatrixDialer related. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in the Winnt or Windows folder | No |
| X | MP4 Player | mp4Player.exe | MP4 Player allows you to view MP4 videos. Marked as undesirable due to the fact that it changes your homepage to a custom Google search engine, changes your browser's default search provider, and runs hidden in the background. Terms of use also state that it collects and tracks urls you visit in order to display relevant ads | No |
| X | MPatrolPRO | MPatrolPRO.exe | Malware Patrol Pro rogue spyware remover - not recommended, see here | No |
| U | MPEO | Csinsm32.exe | Automatic logging of installs from Norton CleanSweep - available via Start -> Programs | No |
| Y | MPFExe | mpf.exe | McAfee Personal Firewall | No |
| Y | MPFExe | MpfTray.exe | McAfee Personal Firewall | No |
| Y | MPFTray | MpfTray.exe | McAfee Personal Firewall | No |
| X | MPL32 driver | MPL32.exe | Added by the LOONY-M TROJAN! | No |
| X | MPlay64 | mplay64.exe | Added by the MPLAY64 TROJAN! | No |
| U | MplSetup | MplSetup.exe | Used by Ricoh network printers to enable network printing from the client | No |
| X | MPM Manager | MPM.exe | Added by the DONBOMB.A TROJAN! | No |
| X | MPNet | mpn.exe | Added by the DELBOT-W WORM! | No |
| U | MPower | MPower.exe | MPower from MindBeat. "Defragments and frees your RAM giving more stability to your system and avoiding needless use of swap file. Willl also benchmark (speed test) your hard disk drives and your CPU load". MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mind | No |
| X | mppdds | mppdds.exe | Added by the PWS-AKZ TROJAN! | No |
| X | mppds | mppds.exe | LEGMIR.AQZ spyware | No |
| X | MPR MSG | mprmsg32.exe | Added by the MYTOB.CF WORM! | No |
| X | MPREXE | MPREXE.EXE | Added by the OPASERV.T WORM! Note - this is not the legitimate Mprexe.exe system file | No |
| Y | MPREXE.exe | mprexe.exe | WIN32 Network Service Interface Process. MPREXE.exe enables the computer to have multiple clients/protocols for networks. There are some problems with it sometimes though - see here. Note - why some people have it listed in start-up programs I don't know but I was asked to include it here. It automatically runs in the background. NOTE : sometimes it will appear in start-ups if you have a virus | No |
| X | MprHTML | MprHTML.exe | Added by a variant of the VAGRNOCKER TROJAN! | No |
| X | mprocessor | mprocessor.exe | InstallDollars.com foistware | No |
| U | MPSExe | mscifapp.exe | McAfee.com Privacy Service - "combines personal identifiable information (PII) protection with online advertisement blocking and content filtering" | No |
| Y | MpsOnn | MpsOnn.exe | Canon printer driver | No |
| ? | MPT | MPT.exe | ?? | No |
| X | MPtask Services | mptask.exe | Added by the LALA or AOT TROJANS! | No |
| N | MPTBox | MPTBOX.EXE | Cannon Multi-Pass toolbox - a button bar | No |
| X | mptsgsvc.exe | mptsgsvc.exe | Hacker Tool - detected by DiamondCS TDS-3 anti-trojan as "HackTool.Win32.Hidd.j" | No |
| N | MPXTray | mpxptray.exe | Windows Media Player PowerToy which is run from the taskbar. It can be used to hide Windows Media Player (when in use) and choose various standard buttons (play/pause, next,previous) etc | No |
| U | MP_STATUS_MONITOR | monitr32.exe | Cannon Multi-Pass status monitor - your choice | No |
| X | mqbkup | mqbkup.exe | Added by the OPASERV.K WORM! | No |
| X | MQT Svc | mqtsvc.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| U | mRouterConfig | mRouterConfig.exe | Configuration for Intuwave's m-Router - "that enables easy connectivity between mobile devices and PCs across Bluetooth, Infrared, USB and serial cable connections". It was licensed and used by the Symbian OS but m-Router is no longer readily available since Intuwave went into administration in 2006 | No |
| X | mrsvctr | mrsvctr.exe | Added by a variant of the SDBOT WORM! | No |
| Y | MRT | MRT.exe | Microsoft's Malicious Software Removal Tool | No |
| N | mrtMngr | mrtMngr.exe | Maintenance Release Task Manager for Intuit's QuickBooks or Quicken | No |
| U | MRU-Blaster Scheduler | scheduler.exe | Scheduler for MRU-Blaster - "a program made to do one large task - detect and clean MRU (most recently used) lists on your computer" | No |
| N | MRU-Blaster Silent Clean | mrublaster.exe | MRU-Blaster - performs silent cleaning of MRU lists at boot | No |
| U | MRUBlaster | indexcleaner.exe | MRU-Blaster related - runs once in order to delete the index.dat file in the Temporary Internet Files and/or Cookies folder | No |
| X | Mr_CoolFace_Game | Emma.exe | Added by the ROMARIO-A WORM! | No |
| X | ms | svhost32.exe | Added by the LEGMIR-AQO TROJAN! | No |
| X | MS Agent Protection | ag1.exe | Detected by Kaspersky as the IRCBOT.AZ BACKDOOR! See here | No |
| X | MS AntiSpyware 2009 | msas2009.exe | MS AntiSpyware 2009 rogue spyware remover - not recommended, removal instructions here | No |
| X | MS Auto-IPSec Protection | MSASP32.exe | Added by the RBOT-AER WORM! | No |
| X | MS Autoloader 32 | MSAuto32.exe | Added by the SPYBOT.BD WORM! | No |
| X | Ms Builders | Wupated.exe | Added by the AGOBOT-SS WORM! | No |
| X | MS Config | msdconfig.exe | Added by the RBOT-CZH WORM! | No |
| X | MS Config Loader | svchos1.exe | Added by the AGOBOT.R WORM! | No |
| X | MS Config Loader | MSWin32bck.exe | Added by the GAOBOT.AA WORM! | No |
| X | MS Config Loader | svcrhost.exe | Added by a variant of the RBOT WORM! | No |
| X | MS Config Service | Msloader32.exe | Added by the RBOT-KJ WORM! | No |
| X | MS Config v12 | mscfg12.exe | Added by the AGOBOT.YP WORM! | No |
| X | MS Config v13 | lrbz32.exe | Added by the GAOBOT.AOL WORM! | No |
| X | MS Config v13 | mscfg13.exe | Added by the AGOBOT.YQ WORM! | No |
| X | Ms configsu | msconfigsu.exe | Added by a variant of the SDBOT WORM! | No |
| X | MS Configuration | MSFramer.exe | Added by the RANDEX.OL WORM! | No |
| X | Ms Configuration | microsoftsa32.exe | Added by the KELVIR.X WORM! | No |
| X | MS Configuration Utility | msconfig32.exe | Added by the WOOTBOT.DY WORM! | No |
| X | MS DATABASE | MSDATA32.EXE | Added by a variant of the SDBOT WORM! | No |
| X | MS Decryption Software | active.exe | MediaTickets adware variant | No |
| X | MS DirectX Sound Drivers | msdrvdx.exe | Added by the RBOT.BCX WORM! | No |
| X | MS DLL Library Manager | dllsys64.exe | Added by the RANKY TROJAN! | No |
| X | MS Domain Name Server Deamon | MSDNSD32.exe | Added by the RBOT-CMZ WORM! | No |
| X | MS Domain Name System | MSWDNS32.exe | Added by the RBOT-GKY WORM! | No |
| X | MS DVD DirectX Dll Drivers | mdxdl.exe | Added by the SDBOT-XI WORM! | No |
| X | MS DVD DirectX Sound Drivers | msdrvdx.exe | Added by the SDBOT-XJ WORM! | No |
| X | MS Explorer | mexplore.exe | Added by the YAHA.AE WORM! | No |
| X | MS FIREWALL | msfrewall.exe | Added by the SDBOT-PU WORM! | No |
| X | MS FIREWALL | msfirewall.exe | Added by the SDBOT-QH WORM! | No |
| X | MS Host | msthost.exe | Added by the SLENFBOT.AH WORM! | No |
| X | MS Host Manager | ivhost.exe | Added by the RBOT-BJN WORM! | No |
| X | MS Hosts | msthosts.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | MS HTML | msHtml.exe | Added by the PESTDOOR.31 TROJAN! | No |
| X | MS HTML | mslat.exe | Added by the LATINUS.SVR TROJAN! | No |
| X | MS HTML Location Class | MSHTML32.exe | Added by the RBOT-YD WORM! | No |
| X | MS Initial | mstinitial.exe | Detected by Trend Micro as the IRCBOT.ASP WORM! See here | No |
| X | MS Internet Executor 32 | MSIXEC32.exe | Added by the RBOT-AEQ WORM! | No |
| X | MS Internet Explore | MSIEx.exe | Added by a variant of the RBOT WORM! | No |
| X | MS Java Applets for Windows NT & XP | javaapplet.exe | Added by the RBOT.BHG WORM! | No |
| X | MS Java Applets for Windows NT, ME | javaapplets.exe | Added by the VANEBOT-B WORM! | No |
| X | Ms Java for Windows 98, NT, ME & XP | msjavames.exe | Added by the RBOT.BHJ WORM! | No |
| X | Ms Java for Windows 98, NT, XP & ME | msjavaxps.exe | Added by the BACKDOOR.GEN TROJAN! | No |
| X | Ms Java for Windows NT | MS32.exe | Added by the VANEBOT-H WORM! | No |
| X | Ms Java for Windows NT | msi32java.exe | Added by the VANEBOT-I WORM! | No |
| X | Ms Java for Windows NT | msjava.exe | Added by the VANEBOT-E WORM! | No |
| X | Ms Java for Windows NT | msi32info.exe | Added by the RBOT.AFX WORM! | No |
| X | MS Java for Windows NT, XP & ME | xpjavams.exe | Added by the KASSBOT-V WORM! | No |
| X | MS Java for Windows XP & NT | javanet.exe | Added by the VANEBOT-A WORM! | No |
| X | MS Java Service Wrapper for Windows NT | wrapper.exe | Added by the VANEBOT-D WORM! | No |
| X | Ms Java Update For Windows NT/XP | msijavaupdt32.exe | Added by the RANDEX.AF WORM! | No |
| X | MS Java virtual machine | javavm.exe | Added by the RBOT.ABG WORM! | No |
| X | MS LARISSA | MS_LARISSA.exe | Added by the ASSIRAL.B WORM! | No |
| X | MS lsass Startup | lsass135.exe | Added by the RBOT.WM WORM! | No |
| ? | MS management console | mms.exe | Suspicious as the legitimate "Microsoft Management Console" is "mmc.exe" and not "mms.exe" and doesn't normally run at startup | No |
| X | MS Microsoft Socket Deamon | MSSCKD32.exe | Added by a variant of the RBOT WORM! | No |
| X | MS MSN Menssenger 7.0 | MSMSN7.exe | Added by the RBOT-ACA WORM! | No |
| X | MS MSN Menssenger 7.0 | MSEXPORT.exe | Added by a variant of the SDBOT WORM! | No |
| X | MS Network Control | mswin.exe | Added by the DUMBA TROJAN! | No |
| X | ms ownage | winPE.exe | Added by the RBOT-AJL WORM! | No |
| X | MS Paint | mspainter.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | MS PLUS INC | wpad.exe | Added by the MYTOB-AN WORM! | No |
| X | Ms Processe Manager | msproc.exe | Added by the RBOT.ATO WORM! | No |
| X | MS Real Player | RealPlyr.exe | Added by the RBOT.MR WORM! | No |
| X | MS Registry Service | MSRMS32.exe | Added by the RBOT-AKP WORM! | No |
| X | MS Remote Procedure Call | msrpc32.exe | Added by the RBOT-QL WORM! | No |
| X | MS Screen Saver | scrsave.scr | Added by the RBOT-AGT WORM! | No |
| X | MS Security | systm.pif | Added by the RBOT-AQN WORM! | No |
| X | MS Security Authority Service | lsass.exe | Added by the KALEL-B WORM! Note - this is not the legitimate lsass.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the System folder | No |
| X | MS Security Hotfix | service5.exe | Added by the GAOBOT.AG WORM! | No |
| X | MS Security Update 993 | msident.exe | Added by a variant of the SDBOT WORM! | No |
| X | MS service | msservice.exe | Added by the RBOT-ZG WORM! | No |
| X | MS Service Drivers | winscv.exe | Added by the SDBOT-COG WORM! | No |
| X | Ms sock for Windows NT | winser.exe | Added by a variant of the SDBOT WORM! | No |
| X | MS Sound Config 16bit | sndcfg16.exe | Added by the SDBOT.MB TROJAN! | No |
| X | Ms Sound Drivers | msdrv.exe | Added by the SDBOT-WR WORM! | No |
| X | ms spool service | msspooler.exe | Added by a variant of the RBOT WORM! | No |
| X | Ms Spool32 | MS SPOOL32.EXE | Added by the ASASSIN TROJAN! | No |
| X | MS SyS Restore | sysrestore.exe | Added by the RBOT.XM WORM! | No |
| X | MS Sys Security | mswin.pif | Added by the RBOT-APJ WORM! | No |
| X | MS System Call Function | msscf32.exe | Added by the RBOT-GBZ WORM! | No |
| X | Ms System Config | Mscfg.exe | Added by the SDBOT-CCR WORM! | No |
| X | Ms System Config | pcedit.exe | Added by a variant of the SDBOT WORM! | No |
| X | MS System Security | mswin32.pif | Added by the RBOT-AOX WORM! | No |
| X | Ms task manager | tskmgr.exe | Added by the SDBOT.CCD WORM! | No |
| X | MS Task Manager 32 | mstskmgr.exe | Added by the RANKY.DE TROJAN! | No |
| X | MS taskbar | crssr.exe | Added by the RBOT-AGO WORM! | No |
| X | MS taskbar | nts.exe | Added by the RBOT-AGB WORM! | No |
| X | MS taskbar | taskbars.exe | Added by the RBOT.BRW WORM! | No |
| X | MS Taskbars | taskbars.exe | Added by the SDBOT-ACV WORM! | No |
| X | MS taskmanager | tskmgr.exe | Added by the RBOT-AKA WORM! | No |
| X | MS Time | timezone.exe | Added by the AGOBOT.ADY WORM! | No |
| X | MS UniX | navupdate64.exe | Added by a variant of the RBOT WORM! | No |
| X | MS Unix Binary | win32ttb.exe | Added by the SPYBOT.OQ WORM! | No |
| X | MS Unix Binary | msmq2inst.exe | Added by the RBOT-YF WORM! | No |
| X | MS Unix Binary | msnupdate.exe | Added by the RBOT-AAM WORM! | No |
| X | MS Unix Binary | outlookexpressupdate.exe | Added by the RBOT-YU WORM! | No |
| X | MS Unix Binary | Win32Update.exe | Added by the RBOT-BAS WORM! | No |
| X | MS Unix Binary | Norton2005Update.exe | Added by a variant of the RBOT WORM! | No |
| X | MS Unix Binary | trmupdate.exe | Added by the RBOT-ACC WORM! | No |
| X | MS Unix Binary | WinGuard.exe | Added by the RBOT-ACL WORM! | No |
| X | MS Unix Binary | msnq3insller.exe | Added by a variant of the RBOT WORM! | No |
| X | MS Update | syshost.exe | Added by the EVAMAN-F WORM! | No |
| X | Ms Update WinServices NT/XP | winservnt32.exe | Added by the VANEBOT-G WORM! | No |
| X | MS Updates | mscache.exe | Spyware web downloader | No |
| X | MS Updates | syshosts.exe | Added by the MYDOOM.Y WORM! | No |
| X | MS Updates | aupd.exe | Spyware web downloader | No |
| X | MS Updating Utility | msupdater.exe | Added by the RBOT-XR WORM! | No |
| X | MS USB 2.0 Windows Support | msusb32.exe | Added by a variant of the RBOT WORM! | No |
| X | Ms Valud Loader | Svhots.exe | Added by the AGOBOT-SP WORM! | No |
| X | MS Win32 Network Services | windriver.exe | Added by the AGOBOT.ADH WORM! | No |
| X | ms window update | ******.exe [* = random character] | Added by a variant of the RBOT WORM! | No |
| X | MS Windows AOL Driver | MSAOLdrv.exe | Added by the RBOT-ASP WORM! | No |
| X | MS windows Data list process | MSDATLST.exe | Added by an unidentified WORM or TROJAN! | No |
| X | MS Windows Executor Process | MSEXECP32.exe | Added by a variant of the RBOT WORM! | No |
| X | MS Windows Local Directory | MSWLD32.exe | Added by a variant of the RBOT WORM! | No |
| X | MS Windows procces 32 | msprocces.exe | Added by the RBOT-AEZ WORM! | No |
| X | MS Windows Process Class | MSPRCSS32.exe | Added by the RBOT-YQ WORM! | No |
| X | MS Windows Process Init | MSWPI32.exe | Added by the RBOT-ASQ WORM! | No |
| X | MS Windows Security Updater | updater.pif | Added by the RBOT-AKY WORM! | No |
| X | MS Windows System Alert | MSWSA32.exe | Added by the RBOT-BFN WORM! | No |
| X | MS Windows TASK Service | MSWTASK32.exe | Added by a variant of the RBOT WORM! | No |
| X | MS Windows Update | scguard.exe | Added by the RBOT-YZ WORM! | No |
| X | MS WINS Binary | ign32.pif | Added by the RBOT-ASB WORM! | No |
| X | MS Winsock | msws2_32.exe | Added by the AKBOT-A TROJAN! | No |
| X | ms************* [* = random digit] | ms*************.exe [* = random digit] | WINBO adware | No |
| X | Ms**.exe [* = random char] | Ms**.exe [* = random char] | CoolWebSearch/HomeSearch adware - for examples, see this log | No |
| X | Ms**32.exe [* = random char] | Ms**32.exe [* = random char] | CoolWebSearch/HomeSearch adware - for examples, see this log | No |
| X | MS-Connect | arr.exe | Adult content dialler - see here | No |
| X | MS-Connect | cdm.exe | Adult content dialler - see here | No |
| X | MS-Connect | game.exe | Adult content dialler - see here | No |
| X | MS-Connect | msite18.exe | Adult content dialler - see here | No |
| X | MS-Connect | web.exe | Adult content dialler - see here | No |
| X | MS-DOS Boot Service | Boot32.pif | Added by the RBOT-AMF WORM! | No |
| X | MS-DOS Security Service | ms-dos.pif | Added by the RBOT-AMR WORM! | No |
| X | MS-DOS Service | MS-DOS.pif | Added by the RBOT-AII WORM! | No |
| X | MS-DOS Windows Service | MS-DOS.PIF | Added by the RBOT-AJW WORM! | No |
| X | MS-HTML | [random filename] | Added by the LATINUS.15 TROJAN! | No |
| X | MS-patch | msconfig32.exe | Added by the RBOT-AUF WORM! | No |
| X | MS-patch | mspatch32.exe | Added by the RBOT-AWF TROJAN! | No |
| X | MS-RunKey | arr.exe | MS-Connect dialler/hijacker | No |
| X | ms2src | ms2src.exe | Added by a TROJAN - see here | No |
| X | MS32DLL | achi.dll.vbs | Added by the ACHI-A TROJAN! | No |
| X | MS32DLL | Bha.dll.vbs | Added by the BUTSUR-A WORM! | No |
| X | MS32DLL | MS32DLL.dll.vbs | Added by the ZODGILA WORM! | No |
| X | MS32DLL | ffqca.exe | Added by the SDBOT-YD WORM! | No |
| X | MS7531 | ms7531.exe | Homepage hijacker | No |
| X | MSACM | msacm.exe | Added by the OPASERV-O WORM! | No |
| X | msadcheck | msadcheck32.exe | Browser hijacker, redirecting to search-system.com | No |
| X | MSAdmin | jdbgmrg.exe | Added by the DASMIN.A TROJAN! Note - this is not the valid JDBGMGR.EXE file - see here | No |
| X | MSAgent | mshtm.exe | Browser hijacker - redirecting to buldog-search.com | No |
| X | MSAgent | hhnt.exe | AGENT.JI spyware | No |
| X | MSAgentXP | MSAgentXP.exe | Detected by Ewido Security Suite as the REQLOOK.C TROJAN! | No |
| U | msaim | msaolim.exe | MessageSpy keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| X | msappts32 | msappts32.exe | Added by the ELBURRO-A TROJAN! | No |
| Y | MSASCui | MSASCui.exe | Main user interface for Microsoft's Windows Defender - which "helps protect your computer against pop-ups, slow performance, and security threats caused by spyware and other unwanted software by detecting and removing known spyware from your computer". Used in conjuction with the associated service, this entry is always running and the user also has the option to always display the System Tray icon and monitor/control new startup programs | Yes |
| X | MsAudio | explorer.exe | Added by the LEGMIR-BY TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System% | No |
| X | MsAudio | MsVM_STI.EXE RunDll32 cmicnfg.cpl, CMICtrlWnd | Added by the LEGMIR-BY TROJAN! Note - this is not associated with C-Media based audio which uses a similar command entry (see here) | No |
| X | msavsc.exe | msavsc.exe | Detected by Kaspersky as the AGENT.ANQ TROJAN! See here | No |
| X | MSbackups | backups.exe | Added by the BANLOAD-TL TROJAN! | No |
| X | MSBB | msbb.exe | Advertising spyware | No |
| X | msbcs | msbcs.exe | Added by the DADOBRA-G TROJAN! | No |
| X | MsBootMgr.exe | MsBootMgr.exe | Added by the VERIFY TROJAN! | No |
| X | msbsc | [path to trojan] | Added by the BANKER-DF TROJAN! | No |
| X | msccrt | msccrt.exe | Added by the PWS-ALA TROJAN! | No |
| X | mscheck | rundll32.exe wincheck071008.dll mymain | Detected by Trend Micro as the AGENT.ADXH TROJAN! See here. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "wincheck071008.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| X | mschkdf.exe | mschkdf.exe | Added by a variant of the SDBOT WORM! | No |
| X | MSChoExE | suge.exe | Added by a variant of the RBOT WORM! | No |
| ? | msci | mcinfo.exe | McAfee Internet Security related. What does it do and is it required? | No |
| X | mscman | mscman.exe | ClientMan parasite variant | No |
| U | mscn | mscn.exe | Part of the SafeChildNet internet filtering program - required if you use it | No |
| X | Mscnt | mscnt.exe | Added by the DLUCA-C TROJAN! | No |
| X | Mscolour | mscolour.exe | Added by the GEMA TROJAN! | No |
| X | MSCommX | mscommx.exe | Added by a variant of the RBOT WORM! | No |
| X | Msconf32 | Msconf32.exe | Added by the AGOBOT-NR WORM! | No |
| X | MSCONFG32.EXE | MSCONFG32.EXE | Added by the OPTIX.04.C TROJAN! | No |
| N | MSConfig | msconfig.exe | Entry that appears when you uncheck an item in the MSConfig Startup group, and will disappear if on the next reboot you select the option to not be reminded that you are running in Selective Startup mode | No |
| X | MSConfig | MSCONFIG32.EXE | Added by the SPYBOT.B WORM! | No |
| X | msconfig | msconfig.exe | CoolWebSearch parasite related. Note - this is not the legitimate msconfig.exe which should only appear in Msconfig/Startup if you leave the warning box unchecked after changing an Msconfig entry and rebooting | No |
| X | Msconfig | msconfig.exe | Added by the WINUR WORM! Note - this is not the real msconfig.exe as it's located in C:winrun | No |
| X | msconfig | wins.exe | Added by the RBOT.PF WORM! | No |
| X | MSConfig | MSCONFIG35.EXE | Added by a variant of the SPYBOT WORM! | No |
| X | msconfig | scvhost.exe | Added by the AGENT-DSF TROJAN! | No |
| X | msconfig | winlog.exe | Added by the IRCBOT-TJ TROJAN! | No |
| X | Msconfig | icpldrvx.exe | Added by the BANLOAD.BFT TROJAN! | No |
| X | msconfig | msconfig.com | Added by the IRCBOT-SM WORM! | No |
| X | msconfig | msconfig.bat | Added by the PAHATIA.B WORM! | No |
| X | Msconfig lptt01 | msconfig.exe | RapidBlaster variant (in a "msconfig" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here. Note - this is not the valid Windows Msconfig which has the same executable name | No |
| X | MSConfig Manager | msupdate.exe | CoolWebSearch parasite variant | No |
| X | Msconfig ml097e | msconfig.exe | RapidBlaster variant (in a "msconfig" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here. Note - this is not the valid Windows Msconfig which has the same executable name | No |
| X | msconfig service | MSupdate32.exe | Added by a variant of the SPYBOT WORM! | No |
| X | msconfig.exe | proxy.exe | Added by a variant of the AGENT.AH downloader TROJAN! | No |
| X | msconfig.exe | uline.exe | Added by a variant of the AGENT.AH downloader TROJAN! | No |
| X | msconfig38 | mssvcc.exe | Added by the RBOT-BJV WORM! | No |
| X | MSConfig45 | MSConfig45.exe | Added by the SDBOT.OJ TROJAN! | No |
| X | MSConfigr | jdbgmrg.exe | Added by the DASMIN.C TROJAN! Note - this is not the valid JDBGMGR.EXE file - see here | No |
| N | MSConfigReminder | msconfig.exe | Entry that appears when you uncheck an item in the MSConfig Startup group, and will disappear if on the next reboot you select the option to not be reminded that you are running in Selective Startup mode | No |
| X | MsConfigs | MsConfigs.exe | Added by the ALCAN.A WORM! | No |
| X | MSConfigs | RUNDLL64.dll.vbs | Added by the WEKODE-B WORM! | No |
| X | MSControl28 | crsss.exe | Added by the SPYBOT.AJX WORM! | No |
| X | MSControl31 | winnsyst.exe | Added by the RBOT.CFY WORM! | No |
| X | MSControl3d1 | isasse.exe | Added by the RBOT.CGU WORM! | No |
| X | MSCORE | syscnfg.exe | Added by an unidentified VIRUS, WORM or TROJAN! "syscnfg.exe" is found in C:windowsfonts (or C:winntfonts) directory where no *.exe files should reside | No |
| X | Mscsgs | MSCSGS.EXE | Added by the ZEZER WORM! | No |
| X | Mscsgs32 | MSCSGS32.EXE | Added by the ZEZER WORM! | No |
| X | mscsvc.exe | mscsvc.exe | Added by the BANCOS.T TROJAN! | No |
| X | msctrl.exe | msctrl.exe | Detected by Kaspersky as the AGENT.ANQ TROJAN! See here | No |
| X | Msctrl32 | Msctrl32.scr | Added by the REDIST WORM! | No |
| X | MSCVT | MSCVT.exe | Added by the SLIDESHOW WORM! | No |
| X | msdbgm.exe | msdbgm.exe | Added by the CIMUZ-CQ TROJAN! | No |
| X | MSDcom | MSDcom.exe | Added by a variant of the SDBOT WORM! | No |
| X | msdefender | msdefender.exe | Identified as a variant of the PAKES.CMD TROJAN! See here for an example | No |
| X | msdefender.exe | msdefender.exe | Added by the PAKES.ZL TROJAN! | No |
| X | msdev | msdev.exe | Added by the FORBOT-CR WORM! | No |
| X | msdev | msconfig.exe | Added by the AGOBOT.AAU WORM! Note - this is not the legitimate msconfig.exe which should only appear in Msconfig/Startup if you leave the warning box unchecked after changing an Msconfig entry and rebooting | No |
| X | msdev control | msdevctrl.exe | Added by the SPYBOT.N BACKDOOR! | No |
| X | msdir32 | msdir32.bat | Added by the ROOKIE-A TROJAN! | No |
| X | msdirect.exe | msdirect.exe | Added by the CERTIF-L TROJAN! | No |
| X | MSDLL | syscnfg.exe | Added by an unidentified VIRUS, WORM or TROJAN! "syscnfg.exe" is found in C:windowsfonts (or C:winntfonts) directory where no *.exe files should reside | No |
| X | Msdmxm | msdmxm.exe | Added by the DLUCA-DC TROJAN! | No |
| X | MSDN | nese.exe | Added by the SDBOT.AHY WORM! | No |
| X | MSDN for Windows NT | msdn.exe | Added by a variant of the RBOT WORM! | No |
| X | MSDN for Windows NT & WinXP | msdnxp.exe | Added by the IRCBOT-PE WORM! | No |
| X | MSDN for Windows with NT's | msdn-nt.exe | Added by the RBOT-EWD WORM! | No |
| X | MSDN HELP | msdn.exe | Added by the AGOBOT.AIB WORM! | No |
| X | MSDNN | help.exe | Added by the AGENT-GBK TROJAN! | No |
| X | MSDOS Security Service | msdos.pif | Added by the RBOT-AMP WORM! | No |
| X | MSDOS Service | MSDOS.PIF | Added by the RBOT-AIY WORM! | No |
| X | MSDOS Windows Service | MSDOS.PIF | Added by the RBOT-AKF WORM! | No |
| X | Msdos32 | Msdos32.pif | Added by the RECORY WORM! | No |
| X | msdos423 | msdos423.exe | Added by the MENACE.A WORM! | No |
| X | MSDosdrv | msdosdrv.exe | Added by the BACROS WORM! | No |
| X | MSDrive | rundll32.exe drvkoc.dll | Added by a variant of the OP DIALER! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "drvkoc.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| X | MSDrive | rundll32.exe drvmod.dll | Added by a variant of the OP DIALER! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "drvmod.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| X | MSDrive | rundll32.exe drvsoh.dll | Added by a variant of the OP DIALER! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "drvsoh.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| X | msdrvctrl | msdrvctrl.exe | Detected by Kaspersky as the AGENT.BN TROJAN! See here | No |
| N | MSDTC | msdtc.exe | MS Distributed Transaction Coordinator - handles transactions across multiple servers and is installed by MS Personal Web Server and MS SQL Server | No |
| X | Msemu32 | Msemu32.exe | Unidentified spyware/adware/hijacker | No |
| X | msennger | l4m3r.exe | Added by the PROGENT-AF TROJAN! | No |
| X | mservices.exe | mservices.exe | Added by the SDBOT.WJ WORM! | No |
| X | Msfind | Msfind.exe | CoolWebSearch parasite variant | No |
| X | MSFind32 | msfind32.exe | Added by the CAYAM WORM! | No |
| X | msfindosa.exe | msfindosa.exe | Added by the DOWNLOADER-BS TROJAN! | No |
| X | MSFTP Service Config | r3grun.exe | Added by a variant of the SDBOT WORM! | No |
| X | msfw.exe | msfw.exe | Detected by Kaspersky as the AGENT.ANQ TROJAN! See here | No |
| X | MSFWAVTSM | FTPDev.exe | Added by the RBOT-ACF WORM! | No |
| X | Msg Fixage | msgfixed.exe | Added by the SDBOT.ZD WORM! | No |
| X | MsgApi | [path to file] | Added by the DEDLER-D TROJAN! | No |
| X | msgb1 | msgb1.exe | Added by the DLUCA.GEN TROJAN! | No |
| N | MsgCenterExe | RealOneMessageCenter.exe | RealNetworks RealPlayer related - disabling this application will not affect Real Player in any way | No |
| X | msgex32 | msgex32.exe | Added by the APPFLET-A WORM! | No |
| X | Msgmgr | [path to worm] | Added by the BABYBEAR WORM! | No |
| X | msgserv_ | Syss.exe | Added by the FANTA TROJAN! | No |
| X | msgsm32 | msgsm32.exe | Added by the RBOT-ASG WORM! | No |
| X | Msgsrv16 | Msgsrv16.exe | Added by the DELF family of TROJANS! | No |
| Y | MSGSRV32.exe | msgsrv32.exe | Windows 32-bit VxD Message Server. For more information on its function and why it's needed, see here. Note - why some people have it listed in start-up programs I don't know but I was asked to include it here. It automatically runs in the background | No |
| X | Msgsvc32 | [worm filename] | Added by the NAUTICAL-A WORM! | No |
| X | MsgSvcMgr32 | cmdzxdll.exe | Added by the RBOT-AEK WORM! | No |
| X | msgsvr32 | msgsvr32.exe | Added by the DEADHAT.B WORM! Note - not to be confused with the valid "msgsrv32.exe" file which resides in the same directory (C:WindowsSystem) on a Win9x/Me machine | No |
| U | MSGTAG | MSGTAG.exe | MSGTAG is an application that tells you when your emails have been received and opened | No |
| X | Msgtray | sys16.exe | Added by an unknown VIRUS! | No |
| X | Mshelp32 | mshelp32.exe | CoolWebSearch parasite variant | No |
| X | Mshosts | Mshosts.exe | Added by the STARTPAG.CF TROJAN! | No |
| X | MSHT@ | MSHT@.EXE | Added by the MAGISTR.A VIRUS! | No |
| X | mshtmll | mshtmll.dll | Added by the DELF.BAS TROJAN! | No |
| X | MSI Configuration | msiconf.exe | Added by the AGENT.AKSZ TROJAN! | No |
| X | msiconf.exe | msiconf.exe | Added by a variant of the FAKEALERT TROJAN! | No |
| X | msidle | msidle.exe | Added by the OPASERV-O WORM! | No |
| X | MsIdle32.exe | MsIdle32.exe | Added by the VERIFY TROJAN! | No |
| X | MSIdll | winmp.exe | Added by a variant of the RBOT WORM! | No |
| X | MSIE Parsers | MSIE32ab.exe | Added by the SDBOT.MV WORM! | No |
| X | msiemon.exe | msiemon.exe | Detected by Kaspersky as the AGENT.ANQ TROJAN! See here | No |
| X | msiew | mseiw.exe | Added by the LITTLOG TROJAN! | No |
| X | MSIEXEC | MSIEXEC32.exe | Added by the AINESEY.A WORM! | No |
| X | MSIEXEC | MSIEXEC.EXE | Added by the YOSENIO-A VIRUS! | No |
| X | msiexecs.exe | msiexecs.exe | Added by a variant of the SDBOT WORM! | No |
| X | msig | disk10.exe | Added by the BANBRA-KF TROJAN! | No |
| X | MsIMMs32 | MsIMMs32.exe | ONLINEG.GDJ spyware | No |
| X | msimn | msimn.exe | Added by the AGOBOT.JL WORM! | No |
| X | MSIMN32 | MSIMN32.EXE | Added by the CWS-M TROJAN! | No |
| ? | MSIN | MSin.exe | ?? | No |
| X | Msinet | Msinet.exe | Added by the RBOT-AOA WORM! | No |
| X | MSInfo | msinfo.exe | Added by the ALADINZ.M TROJAN! | No |
| X | MSInfo | AVBgle.exe | Added by the NETSKY.O WORM! | No |
| X | MSInstall | smvss.exe | Added by the DEDLER-G TROJAN! | No |
| X | msjava service | xpcd.exe | Added by the SDBOT.VM WORM! | No |
| U | MSKAGENTEXE | MskAgent.exe | McAfee Spamkiller | No |
| X | MSKCES32 | [random filename] | Added by the CLONER TROJAN! | No |
| U | MSKDetectorExe | MSKDetct.exe | Part of McAfee Spamkiller | No |
| X | MSKernel32 | MSKernel32.vbs | Added by the LOVELETTER (I LOVE YOU) VIRUS! | No |
| X | MSkernel32 | System.exe 4820 | Added by the TUXDER BACKDOOR! | No |
| U | MSKExe | spamkiller.exe | McAfee Spamkiller | No |
| X | mskj | mskj.exe | Added by the KAEMON TROJAN! | No |
| X | mskrider | maskrider.dll.vbs | Added by the SOLOW-F WORM! | No |
| U | MSKServerExe | MSKSrvr.exe | Part of McAfee Spamkiller | No |
| X | mslagent | mslagent.exe | Added by the WINTRIM-F TROJAN! | No |
| X | MSLARISSA | MSLARISSA.pif | Added by the ASSIRAL.B WORM! | No |
| ? | MSLIB32 | mswatch32.exe | ?? | No |
| X | msliveupdate | msliveupdate.exe | Added by the AGOBOT.ALT WORM! | No |
| X | MSLog | MicrosoftLog.exe | Added by a variant of the SDBOT WORM! | No |
| X | Mslogon lptt01 | mslogon.exe | RapidBlaster variant (in a "Mslogon" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here | No |
| X | Mslogon ml097e | mslogon.exe | RapidBlaster variant (in a "Mslogon" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here | No |
| X | msm | msm.scr | Added by the BANKER-EHJ TROJAN! | No |
| X | msmacro32 | msmacro32.exe | Identified as a variant of the AGENT.QB TROJAN! | No |
| X | MsManager | msmgr32.exe | Added by the YAHA.AF WORM! | No |
| X | msmanager32 | msmngr32.exe | Added by the RANDON-R (or WOMANIZ.A) WORM! | No |
| X | msmautoprotect | msmssgs.exe | Added by the BIFROSE-AJ TROJAN! | No |
| X | msmc | mscpbo.exe | ClientMan parasite variant | No |
| X | msmc | msgdmf.exe | ClientMan parasite variant | No |
| X | msmc | msongn.exe | ClientMan parasite variant | No |
| X | msmc | msmc.exe | ClientMan parasite variant | No |
| X | msmc | ms****.exe [* = random char] | ClientMan parasite variant | No |
| X | MSMcAfeee | Avsynmgr32e.exe | Added by the FRAMAR TROJAN! | No |
| X | MSMcAfeeh | Avsynmgr32h.exe | Added by the FRANGO TROJAN! | No |
| X | MSMcAfeeS | Avsynmgr32S.exe | Added by the VOLAC or VOLAC.DR TROJANS! | No |
| X | MSMessnger | msnupd.exe | Added by the RBOT-ADY WORM! | No |
| ? | msmgr | msmgr.exe | ?? | No |
| X | msMGR | rtkmsg.exe | Added by the SDBOT-BPY WORM! | No |
| X | Msmgt | msmgt.exe | Total Velocity adware/hijacker | No |
| X | msmmi | msmmi.exe | Added by the AGENT.RFR TROJAN! | No |
| X | MSMNTGNT | MSMNTGNT.EXE | Added by the BANKER-IE TROJAN! | No |
| X | MSMNTJBE | MSMNTJBE.EXE | Added by the BANCOS-EF TROJAN! | No |
| X | MSMNTJNG | MSMNTJNG.EXE | Added by the GRABER-G TROJAN! | No |
| X | MSMNTMTS | MSMNTMTS.EXE | Added by the BANKER-GZ TROJAN! | No |
| X | msmon | msmon.exe | Added by a variant of the GEMA.D TROJAN! | No |
| X | MsMovies | MsMovies.exe | Malware - detected by Kaspersky as the WINAD.H TROJAN! | No |
| ? | MsmqIntCert | regsvr32 /s mqrt.dll | Microsoft Message Queue Server - Internal Certificate - see here for more info and here for a potential problem. Is it required? | No |
| X | MSMSGNER | [4-8 random letters].exe | Added by the FOWLDO-GEN TROJAN! | No |
| X | MSMSGNER | zzgf.exe | Added by the PWS-CCB TROJAN! | No |
| X | msmsgr | msmsgss.exe | Detected by Kaspersky as the RBOT.AJJ WORM! | No |
| U | MSMSGS | msmsgs.exe | Windows Messenger utility. If you don't use Windows Messenger, this can be annoying. Available via the Start menu. Go to Windows Messenger → Tools → Options → Preferences and uncheck "Run this program when Windows starts" | Yes |
| X | Msmsgs | Msmsgs.exe | Added by the SILLYFDC-AP WORM! Note - this particular msmsgs.exe file is located in %System% and should not be mistaken for the MSN Messenger file of the same name! | No |
| X | MSMsgs | msmessgs.exe | Added by the SMALL-EW TROJAN! | No |
| X | msmsgs | msmsgs.exe | Added by the SCLOG-AL TROJAN! | No |
| X | MSMSGS | winlogon.exe | Added by the RAHIWI.A WORM! | No |
| X | MSMSGS | winlogon.exe | Added by the BRONTOK-BS WORM! Note - this is not the legitimate winlogon.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in Documents and Settings\<User>\Local Settings\Application Data\WINDOWS | No |
| X | MsMsgSrv | msmsgsrv.exe | Added by the CQO TROJAN! | No |
| X | MSMsgSvc | MSMSGSVC.exe | Browser hijacker, identified by some antiviruses as a variant of the StartPage.QC TROJAN! | No |
| X | msmsngr | msmsngr.exe | Added by the DOPBOT-B WORM! | No |
| X | msn | system32.exe | Added by the KITRO.A WORM! | No |
| X | msn | msnmsg.exe | Added by the RBOT-GO WORM! | No |
| X | MSN | msnmsgs.exe | Added by the RBOT-KL WORM! Note - not to be confused with msmsgs.exe, the well known MSN Instant Messaging application! | No |
| X | MSN | ctfmoons.exe | Added by the SPYBOT.HI WORM! | No |
| X | MSN | msnmesengers.exe | Added by the RBOT-ME WORM! | No |
| X | MSN | MSN.exe | Added by the MINIT WORM! | No |
| X | MSN | msnmsgr.exe | Added by the MYTOB or MYTOB.B WORMS! Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %System% | No |
| X | msn | msnsvc.exe | Added by a variant of the SDBOT WORM! | No |
| X | MSN | msn16.exe | Added by the SDBOT-VN WORM! | No |
| X | MSN | msnsgr.exe | Added by an unidentified WORM or TROJAN! | No |
| X | MSN | install.exe | Added by the AGENT-GDO TROJAN! | No |
| X | MSN | netstats.exe | Added by the IRCBOT.UXP WORM! | No |
| X | MSN | scvhost.exe | Added by the IRCBOT-ZW WORM! | No |
| X | MSN | wdlrss.exe | Added by a variant of the SDBOT TROJAN! | No |
| X | MSN | wkssvr.exe | Added by the PUSHBOT.S WORM! | No |
| X | MSN | iTuneshelp.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | MSN | lsass32.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | MSN | msscomd.exe | Added by a variant of the SPYBOT WORM! See here | No |
| X | MSN | systems.exe | Identified as a variant of the Backdoor.PosionIvy keylogging malware | No |
| X | MSN | taskngr.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | MSN | wkssvrs.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | MSN | wksvr.exe | Added by the IRCBOT-XU WORM! | No |
| X | MSN | wmev.exe | Added by a variant of the SPYBOT WORM! See here | No |
| X | Msn 8.0 Live | msn.exe | Added by the BANKER.EIE TROJAN! | No |
| X | MSN 9.0 Plus | [random letters].exe | Added by the RBOT-ALY WORM! | No |
| X | MSN Administration For Windows | msnadp32.exe | Added by the BROPIA.W WORM! | No |
| X | MSN ang | cssrss.exe | Added by the FORBOT-CE WORM! | No |
| X | MSN Auto-Updater | msnaupdater.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| X | MSN Auto-Updater | msnupdates.exe | Added by the AUTORUN.WORM.GEN WORM! | No |
| X | MSN BETA | service.exe | Added by the RBOT.AUU WORM! | No |
| X | MSN Booster | msnbooster.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Msn Boot | msnbootcfg.exe | Detected by Trend Micro as the IRCBOT.BFU TROJAN! See here | No |
| X | MSN Checker | msnchecker.exe | Added by the SDBOT-AGB WORM! | No |
| X | MSN Client Manager | msnclimgr.exe | Added by the AUTORUN-FV WORM! | No |
| X | MSN CNF Manager | msncnfmgr.exe | Added by the VUNDO TROJAN! | No |
| X | MSN Communication Manager | msncommgr.exe | Added by an unidentified WORM or TROJAN! See here | No |
| X | Msn Config | msngf.exe | Added by the RBOT-QG WORM! | No |
| X | MSN Configuration | msnconfig.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | Msn Configuration Loader | msngms.exe | Added by the KELVIR.T WORM! | No |
| X | MSN CST Manager | mancstmgr.exe | Added by an unidentified WORM or TROJAN! See here | No |
| X | MSN Database Client | msndbcli.exe | Added by an unidentified WORM or TROJAN! See here | No |
| X | MSN Debug Mgr | msndebugs.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | MSN Explorer | msnexplorer.exe | Added by the AGENT-CAX TROJAN! | No |
| X | MSN Explorer | explorer..exe | Dropper for the Ciadoor.cb TROJAN! | No |
| X | MSN File & Folder Sharing App | msnfileshare.exe | Added by an unidentified WORM or TROJAN! See here | No |
| X | MSN File Configuration | msnfilecfg.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| X | MSN File Sharing | msnusr.exe | Added by the SLENFBOT.AM WORM! | No |
| X | MSN File Sharing Wizard | msnsharewiz.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| X | MSN File Sharing! | msnuser.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | MSN Funny Images | imsngsr.exe | Added by the AGOBOT-TT WORM! | No |
| X | MSN Gaming Zone | Twain.exe | Detected by Kaspersky as the AGENT.BEA TROJAN! See here | No |
| X | MSN Hostn | msnhostn.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| N | MSN Internet Access | trayclnt.exe | Quick way to connect to MSN internet service - replaces "MSN Quick View" from V5.6 onwards | No |
| X | MSN Live Client | msnlvclient.exe | Added by the IRCBOT.AWF BACKDOOR! | No |
| X | MSN Live Messanger | msnlivegs.exe | Added by the RBOT-FSG WORM! | No |
| X | MSN Manager | cvss.exe | Added by a variant of the SPYBOT WORM! | No |
| X | MSN Manager | mscmgr.exe | Unidentified malware - causes multiple browser windows to open | No |
| X | MSN Manager | msnmgrsv.exe | Added by the IRCBOT.BAZ BACKDOOR! | No |
| X | MSN Manager | usnmsn.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | Msn Message Acount Helper 7.7 | msnmessage7.7.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | MSN Message Background loader | msnmesg.exe | Added by a variant of the RBOT WORM! | No |
| X | MSN Message Service | msnmsg.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Msn Messager | msnmsgr.exe | Added by the DOWNLOADER.19456.C TROJAN! Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %System% | No |
| X | MSN Messager | msnmgr.exe | Added by the IRCBOT-ACD WORM! | No |
| X | MSN Messages | msnmesg.exe | Added by the RBOT-ACN WORM! | No |
| X | MSN Messages | msnmessgs.exe | Detected by Trend Micro as the AGENT.ITG TROJAN! See here | No |
| X | MSN Messanger | msnmsng.exe | Added by the SDBOT.XN WORM! | No |
| X | MSN messanger | msnmsgsm.exe | Added by the RBOT-FMP WORM! | No |
| X | MSN Messanger | msnmsgsmn.exe | Added by the RBOT-FOQ WORM! | No |
| X | Msn Messanger | crsss.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| X | Msn Messanger | msnmsgem.exe | Detected by Kaspersky as the RBOT.BLL BACKDOOR! See here | No |
| X | MSN Messanger Live | winntmsn.exe | Added by the RBOT-FSO WORM! | No |
| X | Msn Messeng | windns.exe | Added by a variant of the RBOT WORM! | No |
| X | Msn Messenge | IExplorer.exe | Added by the DELF-LL TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe) | No |
| X | MSN messenger | messenger.exe | Added by an unidentified TROJAN! Note - this is not the real MSN Messenger | No |
| X | Msn Messenger | msnmsgs.exe | Added by the LOONY-P TROJAN! Note - not to be confused with msmsgs.exe, the well known MSN Instant Messaging application! | No |
| X | MSN Messenger | Reosmsngr.exe | Added by a variant of the SPYBOT WORM! | No |
| X | MSN MESSENGER | msmmsgr.exe | Added by the KELVIR.Q WORM! | No |
| X | MSN Messenger | msmsgs.exe | Added by the DLOADER-LN or ZLOB-C or ZLOBDROP-C TROJANS! Note - this particular msmsgs.exe file is located in %System% and should not be mistaken for the MSN Messenger file of the same name! | No |
| X | MSN Messenger | msnmsgr.exe | Added by the AGOBOT.AOQ WORM! Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %System% | No |
| X | MSN Messenger | msmsgs.exe | Added by the ZLOB TROJAN! Note - this particular msmsgs.exe file is located in %System% and should not be mistaken for the MSN Messenger file of the same name! | No |
| X | MSN Messenger | msnmsngr.exe | Added by a variant of the RBOT WORM! | No |
| X | MSN Messenger | IExplorer.exe | Added by the BANKER-EU TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe) | No |
| X | Msn Messenger | msnmsnr.exe | Added by the BANKER-GG TROJAN! | No |
| X | MSN Messenger | PIC1324.exe | Added by the CHOKE.C WORM! | No |
| X | MSN Messenger | explorer..exe | Dropper for the Ciadoor.cb TROJAN! | No |
| X | Msn Messenger | nkbf.exe | Added by the RBOT-GMQ WORM! | No |
| X | MSN Messenger | live.messenger.com | Added by the DELF.AOI BACKDOOR! | No |
| X | Msn Messenger | msnmgr.exe | Added by the AGOBOT.HA WORM! | No |
| X | MSN Messenger 32 | msniu.exe | Added by the RBOT-AWB WORM! | No |
| X | MSN Messenger 323 | msniu3.exe | Added by the RBOT-AXB WORM! | No |
| X | MSN Messenger 6.2 | tyd.exe | Added by a variant of the RBOT WORM! | No |
| X | MSN MESSENGER 9.0 | messengerr.exe | Added by a variant of the RBOT WORM! | No |
| X | MSN Messenger Inbox Loader | msninbox.exe | Detected by Trend Micro as the SHEUR.BTY TROJAN! See here | No |
| X | MSN Messenger Live Login | msnmessengerlive.exe | Added by an unidentified WORM or TROJAN! See here | No |
| X | MSN Messenger Live Windows | messengerlive.exe | Added by an unidentified WORM or TROJAN! See here | No |
| X | MSN messenger service | mssgs.exe | Added by an unidentified TROJAN! | No |
| X | Msn Messenger Service | msnmsg.exe | Added by the SDBOT.BMU WORM! | No |
| X | MSN Messenger Service Starter | msnmgsr.exe | Added by the RBOT-AOS WORM! | No |
| X | MSN Messenger Service Startup | msnservice.exe | Added by a variant of the RBOT WORM! See here | No |
| X | MSN Messenger Services | msnmgr.exe | Added by the RBOT.ADF TROJAN! | No |
| X | MSN Messenger Services | msnmgr.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Msn Messenger Update | msnupdate.exe | Added by a variant of the RBOT WORM! | No |
| X | Msn Messenger update | msnservice.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| X | MSN Messenger User Controls | msmsgr.exe | Added by the KELVIR.HI WORM! | No |
| X | Msn Messengers | MSNMSGR.EXE | Added by the RBOT.KX WORM! Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %System% | No |
| X | MSN Messengger | MsRun32.exe | Added by the IMAUT.CO WORM! | No |
| X | Msn Messsenger | regsvr.exe | Added by the AGENT-GXM TROJAN! | No |
| X | MSN MMISSENGER | mssmmspgr.exe | Added by the KELVIR.AJ WORM! | No |
| X | MSN P2P Manager | msnp2pmgr.exe | Detected by Kaspersky as the AUTORUN.EHF WORM! See here | No |
| X | Msn Patch | msndp.exe | Added by the RBOT.AAI WORM! | No |
| X | Msn Patches | msndr.exe | Added by a variant of the SDBOT WORM! | No |
| X | Msn Plus Updater | msnplus.exe | Added by the RBOT-MU WORM! | No |
| X | MSN Popup Blocker | msnpopblck.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Msn Processe Manager | msni32.exe | Added by the RBOT-ADX WORM! | No |
| N | MSN Quick View | Msndc.exe | Quick way to connect to MSN internet service | No |
| X | MSN Registry loader | msmnwin.exe | Added by the KELVIR.FK WORM! | No |
| X | MSN Router | msnrouter.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | MSN RPC Manager | msnrpcmgr.exe | Added by an unidentified WORM or TROJAN! See here | No |
| X | MSN Rx Manager | msnrxmgr.exe | Added by an unidentified WORM or TROJAN! See here | No |
| X | MSN Security Agent | msnsecure.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| X | MSN Serv | msmsnserv.exe | Added by the IRCBOT.AVF BACKDOOR! | No |
| X | Msn Serv | msnserv.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | MSN Server | msmsnserver.exe | Added by the IRCBOT.AUS BACKDOOR! | No |
| X | MSN service | msnmgr16.exe | Added by a variant of the RBOT WORM! | No |
| X | MSN Service | amsnmsgrs.exe | Added by a variant of the SDBOT WORM! | No |
| X | Msn Service | matrixcam.exe | Added by the MYTOB.JH WORM! | No |
| X | Msn Service | raloded.exe | Added by the MYTOB-DY WORM! | No |
| X | MSN service | msnmsgr16.exe | Added by the RBOT-RZ WORM! | No |
| X | MSN service | NTDKRN.EXE | Added by the RBOT.UJ WORM! | No |
| X | MSN Service | msnsvc.exe | Detected by Trend Micro as the IRCBOT.PU TROJAN! See here | No |
| X | MSN Service Updates | winproc.exe | Added by the KELVIR-BB WORM! | No |
| X | MSN Service Utilities | nkn.exe | Added by the KELVIR-BC WORM! | No |
| X | MSN Service! | msnservice.exe | Added by a variant of the RBOT WORM! See here | No |
| X | MSN Servicer | msnsrv.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | MSN Servicer | msnservicer.exe | Detected by Trend Micro as the IRCBOT.ARO BACKDOOR! See here | No |
| X | MSN Services | msnserv.exe | Added by a variant of the IRCBOT TROJAN! See here | No |
| X | MSN Services | msnservice.exe | Added by the IMPARD-A TROJAN! | No |
| X | MSN Settings | msnsettings.exe | Added by the IRCBOT.AWH BACKDOOR! | No |
| X | MSN Settings Manager | msnsetmg.exe | Added by an unidentified WORM or TROJAN! See here | No |
| X | MSN Setup | MSN.msn | Added by the JAMBU WORM! | No |
| X | MSN Software | msnsoftware.exe | Added by the IRCBOT.AWD BACKDOOR! | No |
| X | MSN Start | msnmsgr7.exe | Added by the RBOT-PH WORM! | No |
| X | Msn Startup | msnstartup.exe | Added by the ARBOT.AA WORM! | No |
| X | MSN Tray Monitor | msnmsgr.exe | Added by the SDBOT.FKX WORM! Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %System%\inetsrv | No |
| X | MSN Update | mscon.exe | Added by the RBOT-QA WORM! | No |
| X | MSN Update | msn32.exe | Added by the RBOT.AHN WORM! | No |
| X | MSN Update | DLLCON.EXE | Added by the RBOT-EA WORM! | No |
| X | MSN Update Cfg | msnupdbt.exe | Added by an unidentified WORM or TROJAN! See here | No |
| X | MSN Update Client | msnupdater.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| X | MSN Update Client | msnupdcli.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| X | Msn Update Manager (Sp2) | MSMSGS.EXE | Added by the AGOBOT-NL WORM! | No |
| X | Msn Update Service | userx.exe | Added by the MYTOB.JF WORM! | No |
| X | MSN Update Service | msnupdsv.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | MSN Updater | msnms.exe | Added by the FORBOT-CG WORM! | No |
| X | Msn Updater | msnplugins.exe | Added by the RBOT-HS WORM! | No |
| X | Msn Updater | windatemanager.exe | Added by the SDBOT.TS WORM! | No |
| X | MSN UPDATERS | virtualmemory.exe | Added by the RBOT-JK WORM! | No |
| X | MSN Updating | msnupdate.exe | Detected by Kaspersky as the QHOST.AEI TROJAN! See here | No |
| X | MSN User | mymsnusr.exe | Added by the IRCBOT.AVD WORM! | No |
| X | MSN User Server | msnserver.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | MSN User Server! | msnservices.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | MSN User Service! | msnserv.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | MSN User Services | msnuserv.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| U | MSN Video Enhanced | MSNVE.exe | "MSN Video Enhanced can play videos that have dramatically improved video quality and sound. It can play the latest high-quality videos at the best possible quality." No longer appears to exist | No |
| N | MSN Webcam Recorder | ml20gui.exe | "MSN Webcam Recorder is a tool that allows you to record video streamed to and from your computer by MSN Messenger's Webcam Feature" | No |
| X | msn.exe | son.exe | Added by the STARTPA-GS TROJAN! | No |
| X | MSN32 X Service | MSN32x.EXE | Added by an unidentified WORM! | No |
| X | MSN6.1 Auto-Updater | v6msn.exe | Added by the AUTORUN-MM WORM! | No |
| X | MSN8m Startup | msn8m.exe | Added by a variant of the RBOT WORM! | No |
| X | msnager32 | svchostt.exe | Added by the WOMANIZ.E TROJAN! | No |
| N | msnappau | msnappau.exe | Updater for the MSN toolbar that can be downloaded onto IE. Calls home every day or so to "update" the toolbar | No |
| X | Msnarrator | msnarrator.exe | Added by the NARAT.A TROJAN! - also identified as MPGCOM Toolbar adware | No |
| X | MSNavWH | MSWkwrH.exe | Added by the ANAV-A WORM! | No |
| X | msndrvsys | msndrvsys.exe | Added by the BROGGER-D TROJAN! | No |
| X | MSNET | msnet.exe | Added by the BOA WORM! | No |
| X | MsnExplorer | winagent.exe | Added by the BDOOR-EQ BACKDOOR! | No |
| X | MsnExplorer | MSEXPLOREN.EXE | Added by the BDOOR-EB BACKDOOR! | No |
| X | MsnExplorer | SHCH.EXE | Added by the BDOOR-EB BACKDOOR! | No |
| X | MsnExplorer | SVCHST.EXE | Added by the BDOOR-EB BACKDOOR! | No |
| X | MsnExplorer | msnexploren.exe | Added by the TACTSLAY.B TROJAN! | No |
| X | MsnExplorer | sdhch.exe | Added by the TACTSLAY.B TROJAN! | No |
| ? | MsnFixer | msnfixjs.js | Located in the HPbinmsnfix directory of a HP PC | No |
| X | MSNGrabber | MSNgrabber.exe | Added by the ENVID.A WORM! | No |
| X | msngta32 | msngta32.exe | Added by a variant of the RBOT WORM! | No |
| N | MSNIA | MSNIASVC.EXE | Added with MSN version 9. Resets certain internet settings upon bootup and can't be disabled via MSCONFIG | No |
| X | msnload32.exe | msnload32.exe | Added by the BANCOS.M TROJAN! | No |
| X | MSNMESENGER | Main.exe | Added by the PRORAT TROJAN! | No |
| X | msnmessenger | msnmessenger.exe | Added by the BANCBAN-KJ TROJAN! | No |
| X | MsnMessengerSvc | msnmsgr.exe | Added by a variant of the RBOT WORM! Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %System% | No |
| X | msnmgr | msnmgr.exe | Added by the BIFROSE-K WORM! | No |
| X | msnmsg | asgag.exe | CoolWebSearch parasite variant | No |
| X | msnmsg | TBC.exe | Added by an unidentified TROJAN! | No |
| X | msnmsg | msnmsg.exe | Added by the BANKER-CLX TROJAN! | No |
| X | msnmsg.exe | mscmd32.exe | Added by a variant of the AGENT.AH TROJAN! | No |
| X | msnmsg.exe | msnmsg.exe | Added by the BANCBAN-KN TROJAN! | No |
| X | msnmsgq32 | msnmsgq.exe | Added by the TACTSLAY.H TROJAN! | No |
| X | msnmsgq32 | msnmsgq32.exe | Added by the TACTSLAY.F TROJAN! | No |
| X | msnmsgq32 | sssasasb32.exe | Added by the TACTSLAY.F TROJAN! | No |
| N | msnmsgr | msnmsgr.exe | MSN Messenger (now superseded by Windows Live Messenger) utility. If you don't use MSN Messenger, this can be annoying. Available via the Start menu. Go to MS Messenger → Tools → Options → General → deselect "Automatically run Messenger when I log on to Windows" | Yes |
| X | MsnMsgr | MsnMsgrs.exe | Added by the NETSKY.AD WORM! | No |
| X | MsnMsgr | msnmsgr.exe | Added by the ANNEW-FAM WORM! Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %System% | No |
| X | Msnmsgr.exe | lsass.exe | Added by the DWNLDR-GWE TROJAN! Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in the root directory (i.e. C:\ or D:\) | No |
| X | msnmsgr32-.exe | msnmsgr-.exe | Added by a variant of the SPYBOT WORM! | No |
| X | MSNMSGR5 | MSNMSGR5.exe | Added by the RBOT.PQ WORM! | No |
| X | MSNMSGRE | swef.bat | IRC backdoor TROJAN or WORM! | No |
| X | MSNMSGRR | swin.bat | IRC backdoor TROJAN or WORM! | No |
| X | MSNMSGRS | swe.bat | IRC worm or backdoor trojan! | No |
| X | MSNMSGRS | swiss.bat | IRC worm or backdoor trojan! | No |
| X | MSNMSGRS1 | swed.bat | IRC backdoor TROJAN or WORM! | No |
| X | msnmsgs.exe | msnmsgs.exe | Added by the BANKER-HK TROJAN! Note - not to be confused with msmsgs.exe, the well known MSN Instant Messaging application! | No |
| X | msnmsgsgs | msnmsgsgs.exe | Added by the "Catal" alias Spy.Delitall.B backdoor TROJAN! | No |
| X | msnmsgy | [path to file] | Added by the BANKER-EQ TROJAN! | No |
| X | msnnt | winampb.exe | Chinese originated adware - detected by Kaspersky as the AGENT.TL TROJAN! | No |
| X | msnnt | winampf.exe | Added by the SMALL.DTS TROJAN! | No |
| X | MSNPluginSrIvcs | n3vasap23.exe | Added by a variant of the RBOT WORM! | No |
| X | MSNPluginSrvcs | p6.exe | Added by the SDBOT.AKJ or RBOT-VJ WORMS! | No |
| X | MSNPluginSrvcs | sagate.exe | Added by the SDBOT.AKJ WORM! | No |
| X | MSNPlus | msnplus.exe | Added by the BANKER-DAN TROJAN! | No |
| X | MSNS PLUS XP2 | msdupd.exe | Added by the RBOT-BCE WORM! | No |
| X | msnsched2 | msnsched2.exe | Added by the SPYBOT.NNT WORM! | No |
| X | MSNService | MSNService.exe | Added by the CARPET.C WORM! | No |
| X | msnsgs | msnsgs.exe | Added by the CHEUKO-B TROJAN! | No |
| X | msnshed | msnshed.exe | Added by the RBOT-YN WORM! | No |
| X | msnsmgr | MsnMsr.exe | Added by the LOONY-N TROJAN! | No |
| N | msnsyslog | msnappm.exe | Related to Messenger Applications. When you uninstall the trial version the msnappm keeps saying (You have xx days left) this is adware and it very annoying | No |
| X | MSNSysRestore | pc32.exe | Added by a variant of the MASTAK VIRUS! | No |
| X | msnToolbaar | msnmsgesc.exe | Added by the RBOT.BMF WORM! | No |
| X | msnupdt | kolie.exe | Added by a variant of the RBOT WORM! | No |
| X | MSObject32 | MSObject32.js | Added by the PUN TROJAN! | No |
| X | Msoffice | msoffice.hta | Hijacker - redirecting to Searchdot.net | No |
| X | MSOffice | services.exe | Added by the DLOADER-EU TROJAN! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in an "MSOffice" subfolder | No |
| X | MSOffice32 | msjcf.exe | Added by the RAKER-A TROJAN! | No |
| X | MSOfficeCfg | msocfg.exe | Premium rate adult content dialer | No |
| X | MSOfficeCfg | navchk.exe | Premium rate adult content dialer | No |
| X | MSOfficeCfg | qservice.exe | Premium rate adult content dialer | No |
| X | MSOfficeCfg | shman.exe | Premium rate adult content dialer | No |
| X | MSOfficeCfg | ssvr.exe | Premium rate adult content dialer | No |
| X | msoffwz | msoffwz.EXE | Added by the BANCBAN-HQ TROJAN! | No |
| X | msoft-updater23 | mssysstems.exe | Added by the RBOT-ATU WORM! | No |
| X | msoft-updater23 | slssystem.exe | Added by the RBOT-ASR WORM! | No |
| X | MSOleath32 | winss.exe | Added by the KATHER TROJAN! | No |
| X | MSOOBD | MSOOBD.EXE | Added by the MAGISTR.A VIRUS! | No |
| X | msoupdater | msoupdater.exe | Added by the DLOADER.GBD TROJAN! | No |
| X | mspaint.exe | check32.exe | Added by the AGENT.AH TROJAN! | No |
| X | Mspatch69 | [path to trojan] | Added by the MPROX TROJAN! | No |
| X | Mspatch89 | cnqmax.exe | Added by the RANDEX.P WORM! | No |
| X | MSPetServ | PET32.EXE | Added by the IRCBOT-VE WORM! | No |
| X | msping | msping.exe | Added by the FLOODBLACK TROJAN! | No |
| X | msping.exe | msping.exe | Added by the BDOOR-MZ BACKDOOR! | No |
| X | MSPluginSrvc | p3.exe | Added by the RBOT-WV WORM! | No |
| X | MSPLUS | msplus32.exe | Added by the MYTOB-AM or MYTOB-CL WORMS! | No |
| X | MSPP System Update 64 | wiaadmgr.exe | Detected by Kaspersky as the RANKY.GEN TROJAN! | No |
| X | MSPQFile | MSA****.TMP [* = random char] | Homepage hijacker | No |
| X | MsPrint32D | MsPrint32D.exe | Added by the WINKO.AO WORM! | No |
| X | MSPRO32 | [path to worm] | Added by the IBERIO WORM! | No |
| X | MSPRO32 | pnp.exe | Added by the ZOTOB.O WORM! | No |
| X | MSprotect.exe | MSprotect.exe | Added by the DABYREV.A VIRUS! | No |
| U | mspwr | pupstman.exe | "Transparent icon background" feature of Ashampoo'sPowerUp XP (WinNT/2K/XP) and PowerUp Deluxe (Win98/Me) | No |
| U | mspwr | pupxpman.exe | Related to Ashampoo's PowerUp XP | No |
| U | mspwr | pwrupst.exe | Ashampoo's PowerUp XP is a "tool for fine-tuning your Windows NT4, 2000, 2003 Server and XP configuration" | No |
| U | mspwr | PuXpMan2.exe | Related to Ashampoo's Magic Defrag Utility | No |
| N | MSPY2002 | ImScInst.exe | Part of Microsoft's Input Message Editor (IME) for translating Japanese/Chinese text in IE, Outlook and Word | No |
| X | msqssr | msqssr.exe | Detected by Kaspersky as the DLUCA.GEN TROJAN! | No |
| X | MSR | msr.exe | Added by the AGOBOT.RT WORM! | No |
| X | Msrc | Msrc.exe | Added by the KRYPTONIC GHOST TROJAN! | No |
| X | msrdc | msrdc.exe | Added by the SDBOT-CXO WORM! | No |
| X | msreg.exe | msrege.exe | Added by the ZINX TROJAN! | No |
| X | msReg32 Loader | msreg32.exe | Added by the AGOBOT.IU WORM! | No |
| X | MSREGIT | Msgp.exe | Added by the KRYPGHOS.13 TROJAN! | No |
| U | MSRegScan | SGP.exe | SpyGator surveillance software. Uninstall this software unless you put it there yourself | No |
| X | MSRegScan | SSDemo.exe | Supremespy spyware | No |
| U | MSRegScan | ETNKL.exe | ComKeylogger surveillance software. Uninstall this software unless you put it there yourself | No |
| X | MSRegSvc | regsvc32.exe | Homepage hijacker that changes your homepage to an adult content site | No |
| X | msresear | [path to trojan] | Added by the WEASYW-B TROJAN! | No |
| X | msresearch | msresearch.exe | TROJAN! - 180SearchAssistant adware related | No |
| X | msresearch | tool3.exe | Spy Sheriff/SpywareNO malware, also detected as the SPYHOAX-A TROJAN, pretends to be a spyware remover! - file names spotted sofar include VXH8JKDQ2.EXE, NS6281400.so, CVXH8JKDQ2.EXE, down3.exe, sefe.exe, winstall.exe, and tool2.exe | No |
| X | msrundll | msrund1l32.exe | Added by the BINGHE TROJAN! | No |
| X | msrunocx32 | msrunocx32.exe | Added by the SKUS WORM! | No |
| X | Mss Serv | msssrv.exe | Added by the SLENFBOT.AA WORM! | No |
| X | Mss VC | mssvc.exe | Added by the OPANKI.AB WORM! | No |
| X | mssaru | mssaru.exe | Added by the AGENT.AM TROJAN! Note - example names include "XviD", "Winamp Remote", "Windows Media Player" and "Futuremark" | No |
| X | msscan.exe | msscan.exe | Detected by Kaspersky as the AGENT.ANQ TROJAN! See here | No |
| U | MSSCDL | MSSCDLL.exe | SpyCapture keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| X | mssdbsrv | msupdtck.exe | Added by a variant of a password stealing TROJAN! | No |
| X | msserv | msserv.exe | Added by the BLACKLOG-A TROJAN! | No |
| X | msserv | lvsrev.exe | Added by the BROWMON-B TROJAN! | No |
| X | msserv32 | msserv32.exe | Added by the RBOT-ACK WORM! | No |
| X | MsServer | msfun80.exe | Added by the VB-CYG WORM! | No |
| X | MSServer | Rundll32.exe [random].dll,#1 | Unidentified malware! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The file is typically found in either %System% or the Windows "Temp" folder | No |
| X | msservice | msserv.exe | Added by the HYD WORM! | No |
| X | MSService_v1.0 | realsched.exe | EHU adware. Note - this is not the legitimate RealOne Player (realsched.exe) application of the same name | No |
| X | MSService_v1.0 | vfp02.exe | NewWeb adware | No |
| X | mssfos | sfool.exe | Added by the RANDEX.EUS WORM! | No |
| X | MSSGisg | [path to file] | Added by the RANKY.N TROJAN! | No |
| X | Msshield.exe | Msshield.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | MSShow | MSShow.exe | Added by the QQROB-M TROJAN! | No |
| X | MSSHVC | MSSHVC.exe | Added by the NUFFY.A WORM! | No |
| X | mssonfig | winupdate.exe | Added by a variant of the SDBOT WORM! | No |
| X | mssoul | msmscc2.exe | Added by the DAPIZL.A banker WORM! (A "banker worm" is designed to pillage banking information and send it back to the perpetrators!) | No |
| X | mssoul | msmscc.exe | Added by the BANCOS.HKT TROJAN! | No |
| X | mssp3 | mssp22.exe | Added by the IBANK-D TROJAN! | No |
| X | MSSQL | Mssql.exe | Added by the SDBOT TROJAN! | No |
| X | MSSQL for Windows NT & XP | mssqlsnt.exe | Added by a variant of the SDBOT WORM! | No |
| N | mssSort | msssort.exe | Maxtor (now Seagate) "Drag and Sort" for their external storeage - "Just drag documents onto the Shared Storage II icon and Maxtor?s Drag and Sort organizes your files, placing them in appropriate shared folders" | No |
| X | Msstart | msstart.exe | Added by the LIVUP.C TROJAN! | No |
| X | MSStartOptimizer | Iexpres.exe | Added by the DASMIN-E TROJAN! | No |
| X | MSStartOptimizer | WINUPD.EXE | Added by the DASMIN-E TROJAN! | No |
| X | MSStartOptimizer | SCVHOST.EXE | Added by the DASMIN-E TROJAN! | No |
| X | msstask | msstask.exe | Added by the MYPARTY WORM! | No |
| X | mssurfer lptt01 | mssurfer.exe | RapidBlaster variant (in a "surfer" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here | No |
| X | mssurfer ml097e | mssurfer.exe | RapidBlaster variant (in a "surfer" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here | No |
| X | mssvc | [path to trojan] | Added by the PSK TROJAN! | No |
| X | MSSVC | svcsys.exe | Added by the FATOOS-C TROJAN! | No |
| Y | MSSVC.EXE | MSSVC.EXE | StealthDisk - hides folders, files and applications. Will also encrypt them for better protection | No |
| X | mssvc32 | mssvc32.exe | Added by the AGOBOT-ME WORM! | No |
| X | mssync20 | mssync20.exe | Added by the LDPINC-QC TROJAN! | No |
| X | mssys | mssys.exe | Added by the MYSS.B TROJAN! | No |
| X | mssysint | Iexplore .exe | Added by the PWSTEAL.ABCHLP and PSPIDER.310.B TROJANS! Note - this is not the legitimate Internet Explorer (iexplore.exe) process as there is a space before the ".exe" | No |
| X | mssysint | comime.exe | Added by the NETSNAKE-I TROJAN! | No |
| X | mssyslanhelper | msmsgri32.exe | Added by the RANDEX.D WORM! | No |
| X | MsSystem | msdos.exe | Adult content downloader - see here | No |
| X | MsSystem | mssys.exe | Added by the VANTA.A TROJAN! | No |
| X | MSSYSTEM | svcsys.exe | Added by the FATOOS-C TROJAN! | No |
| U | Mstapi | Mstapi.exe | Keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| X | Mstask | mstask.exe | Added by the OPASERV.N WORM! Note - this is not the legitimate mstask.exe system file and the executable resides in C:Windows or C:WINNT | No |
| X | mstask | mstask.exe | Browser hijacker - redirecting to find-more.net. Note - this is not the legitimate mstask.exe system file | No |
| X | MSTask | run dll.exe | Yuupsearch adware | No |
| X | MStask | svchost.exe | Added by the LDPINCH-BV TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | MsTask | wstask32.exe | Added by the MYTOB-FE WORM! | No |
| X | Mstask | kernel32.exe | Added by the STAP-C WORM! | No |
| X | Mstask | MSDTC.exe | Added by the STAP-D WORM! | No |
| X | Mstask32driver | Mstask32.exe | Added by the LOONY-D TROJAN! | No |
| X | MSTaskbar 32 | tbsvc32.exe | Added by the RBOT.BQZ WORM! | No |
| X | mstasks | mstasks.exe | Added by the MULTIDR-AY TROJAN! | No |
| ? | Mstcgww | MSTCGWW.EXE | ?? | No |
| X | mstds.exe | mstds.exe | Added by the IPTABLES TROJAN! | No |
| X | mstg32.exe | mstg32.exe | Added by the AGENT.BI TROJAN! | No |
| N | MSTMON_N | MSTMON_N.EXE | Generates an error message on startup if a Konica Minolta printer is not turned on and ready | No |
| N | MSTMON_Q | MSTMON_Q.exe | Generates an error message on startup if the Konica Minolta PagePro 1350W printer is not turned on and ready | No |
| X | Mstng32 | MSTng32.exe | Added by the TANG WORM! | No |
| X | mstsdsc.exe | mstsdsc.exe | Added by the CIMUZ-CD TROJAN! | No |
| X | msupd | msupd.exe | Added by the IEACCESS DIALER! | No |
| X | MSUpdate | wupd.exe | Added by the ALADINZ.M TROJAN! | No |
| X | MSUpdate | svchosthlp.exe | Added by the BLASTER.T WORM! | No |
| X | msupdate | msupdate.exe | Added by the RBOT-MZ WORM! | No |
| X | MSUpdate | criticalUpdate.exe | Affilred adware | No |
| X | msupdate | update.exe | Added by a variant of the SDBOT WORM! | No |
| X | Msupdate | expIorer.exe | Added by the TACTSLAY.A TROJAN! | No |
| X | Msupdate | outIook.exe | Added by the TACTSLAY.A TROJAN! | No |
| X | Msupdate | svchosts.exe | Added by a variant of the TACTSLAY TROJAN! | No |
| X | Msupdate | svcrhost.exe | Added by the TACTSLAY.A TROJAN! | No |
| X | Msupdate | svcshost.exe | Added by the TACTSLAY.A TROJAN! | No |
| X | MSupdate.exe | N/A | CoolWebSearch parasite variant - resets home page to an adult content site | No |
| X | MSUpdateDevKit | axfd.exe | Added by the SDBOT-ZD WORM! | No |
| X | msupdater | msupdater.exe | Added by a variant of the Storm/Nuwar/Zhelatin WORM! See here for an example | No |
| X | MsUpdater System | udpsys32.exe | Added by the RBOT.AAA WORM! | No |
| X | MSupdater.exe | N/A | CoolWebSearch parasite variant. Installs the Winshow.dll browser plugin | No |
| X | msupdater25 | lsasser.exe | Added by the RBOT-ATS WORM! | No |
| X | msupdates | msupdt.exe | Added by the RBOT-JO WORM! | No |
| X | MSUpdSrv | msupdsrv.exe | Browser hijacker, redirecting to a adult content site | No |
| X | msurl | msurl32.exe | Added by the CRYPTER.A TROJAN! | No |
| X | msuser32.exe | msuser32.exe | Added by the ANDROV TROJAN! | No |
| X | MsVBdll | sys32dll.exe | Added by the AIMDES.B or AIMDES.C WORMS! | No |
| X | MsVBdll | MsVBdll.pif | Added by the AIMDES.A WORM! | No |
| X | MSVBVM60 | MSVBVBM60.pif | Added by the SCOLD-B WORM! | No |
| X | msvc32 | msvc32.exe | ClientMan parasite variant | No |
| X | msvc32 | msvc32.exe | Added by the AGOBOT-NT WORM! | No |
| X | msvcc | msvchost.exe | Added by the XOMBE TROJAN! | No |
| X | msvcc25 | svcchost.exe | Added by a variant of the SDBOT WORM! | No |
| X | msvcc25 | salvage.exe | Added by a variant of the SDBOT WORM! | No |
| X | msvcc25 | svcchost.exe | Added by the SDBOT-CSE WORM! | No |
| X | msvccc66 | svcchosst.exe | Added by the RBOT-GLS WORM! | No |
| X | msvccc66 | dload.exe | Added by a variant of the RBOT WORM! | No |
| X | msvecurity | msvecurity.exe | Added by the DORF-BO WORM! | No |
| X | MSVersion | INTERNETFEATURES.exe | Added by the POPMON.A TROJAN! - also known as PopMonster adware | No |
| X | MSVersion | clrschp038.exe | Added by the POPMON.A TROJAN! - also known as PopMonster adware | No |
| X | msvhost | aig.exe | Added by the AIMBOT-BC TROJAN! | No |
| X | msvload32 | msvload32.exe | Added by the RBOT-ACI WORM! | No |
| X | msvps | msvps.exe | Added by the AGOBOT.ALI WORM! | No |
| X | msvsc32 | msdev.exe | Added by the RBOT-GJ WORM! | No |
| X | MSVsmt | rpcxctx.exe | Added by an unidentified WORM or TROJAN! | No |
| X | msvss | msvss.exe | Added by a variant of the RBOT WORM! | No |
| X | MSVSync | videosync.exe | Added by a variant of the SPYBOT WORM! | No |
| X | msvupdater | msvupdater.exe | Added by a variant of the Storm/Nuwar/Zhelatin WORM! See here for an example | No |
| X | MSVXD | MSVXD.EXE | Added by the DATOM.A WORM! | No |
| X | mswave | mswave.exe | Added by the CRYPTER.A TROJAN! | No |
| X | Mswavedll | mswavedll.exe | Added by the CRYPTER-C TROJAN! | No |
| U | MSwheel | mswheel.exe | Microsoft Intellipoint software for their Intellimouse series of mice - required if you use non-standard Windows driver features | No |
| X | MSWin | mswin.exe | Added by the BANKER-CU TROJAN! | No |
| X | Mswincfg | Mswincfg32.exe | Added by the CYBRSPY.D TROJAN! | No |
| X | MsWindows DRT Drivers | wsdrt32.exe | Added by the RBOT.ALT WORM! | No |
| X | MsWindows SSL Drivers | mssl32.exe | Added by the SPYBOT.API WORM! | No |
| X | MsWindows SysDate | sysmsvc.exe | Added by the SPYBOT.FCD WORM! | No |
| X | MSWindows Syspg | mspg32.exe | Added by the RBOT-TB WORM! | No |
| X | MSWindowsUpdate | Systern.exe | Added by the RBOT-AFD WORM! | No |
| X | MSWindowsUpdate | mswinup.exe | Added by a variant of the SDBOT WORM! | No |
| X | MSWinlogon | SynCor.exe | Added by the AGENT-FZL TROJAN! | No |
| X | MSWinlogon | winlogon.exe | Added by the AGENT-FZM TROJAN! Note - this is not the legitimate winlogon.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! | No |
| X | Mswinpid32 | mswinpid32.exe | Added by the LAPOS.A TROJAN! This is a keylogger which emails back to China PayPal passwords and account information - thus allowing the perpetrators to steal PayPal funds in the name of the victim! | No |
| X | MSWinSrv | MSWinSrv.exe | Added by the MTRON TROJAN! | No |
| X | MSWinSrv32 | MSWinSrv32.exe | Added by the MTRON-B TROJAN! | No |
| X | MSWinupd | winupd.exe | Added by the DLOADER-YE or DLOADR-AAA or DLOADER-ZF TROJANS - and others | No |
| X | MSWinupdate | winupdate.exe | Added by the DLOADR-AAW TROJAN! | No |
| X | MsWinVgr | msvgr.exe | Added by the MYTOB.LE WORM! | No |
| X | mswiz32 | mswiz32.exe | Added by the STRATIO-BG WORM! | No |
| X | mswkork Service | msework.exe | Added by a variant of the RBOT WORM! | No |
| X | msword | msword.exe | Added by the RBOT-ADR WORM! | No |
| X | mswspl | [random filename] | Added by the SMALL.IQ TROJAN! | No |
| X | mswspl | searchbarcash.exe | SearchBarCash adware | No |
| X | mswspl | vnmispoisn downloader.exe | SearchBarCash adware variant | No |
| X | mswspl | plugin1.exe | Added by the SMALL.IQ TROJAN! | No |
| X | MSWTL32 | MSATL32.exe | Added by an unidentified WORM or TROJAN! See here | No |
| X | msxct | msxct.exe | eXact Advertising (NaviSearch, BargainBuddy, CashBack) adware | No |
| X | Msy Startups | msyh32.exe | Added by the AGOBOT-QC WORM! | No |
| X | Msy1 Startups | msyj32.exe | Added by the AGOBOT-QQ WORM! | No |
| X | msys lptt01 | msys.exe | RapidBlaster variant (in a "Msyss" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here | No |
| X | Msys32 | morfitwebentrance.exe | Morfit ADjectPager - "uses home page rental technology for generating revenues". Homepage hi-jacker that re-defines your IE or Netscape start page as http://www.web-entrance.com/. Any installed application including this must be un-installed before you can reset your homepage | No |
| X | MSysDrv | msdrv.exe | Added by the VB.WF TROJAN! | No |
| X | ms_anti_spyware | mwfirewall.exe | Added by the GAMQOWI TROJAN! | No |
| X | ms_anti_spywarebxp | mwfirebpx.exe | Added by the SURILA-D TROJAN! | No |
| X | ms_anti_spywarebxp | mwfibpx.exe | Added by the SURILA-J TROJAN! | No |
| X | MS_LARISSA | MS_LARISSA.exe | Added by the ASSIRAL WORM! | No |
| X | MS_NETD_WIN32 | netd32.EXE | Added by the RANDEX.F WORM! | No |
| X | MS_SETUP.EXE | MS_SETUP.EXE | Added by the CHARGE TROJAN! | No |
| X | MS_Update Check | wdfmgr.exe | Added by the AGOBOT-TB WORM! | No |
| X | MS_update_0704_KB74073.exe | MS_update_0704_KB74073.exe | Added by a variant of the UPDATEKB TROJAN! | No |
| N | MtdAcq | MtdAcq.exe | Creative MediaSource "Media Sniffer" - monitors the drive for new media files then automatically adds them to the media library | No |
| ? | MtdAcqu | MtdAcqu.exe | Metadata monitor part of Creative MediaSource™ player/organizer - which "enables you to manage your entire digital music collection on both your computer and your Creative portable music player effortlessly." Collects information on the songs. Is it required? | No |
| X | Mtr2 | mtr2.exe | Added by the KRYPTONIC GHOST TROJAN! | No |
| U | MUAL | mual.exe | Millesky video mail updater and launcher | No |
| N | muamgr | muamgr.exe | Using MicroAngelo On Display, you can easily select the icon images that you prefer rather than the default icons displayed by Windows. On Display provides a consistent and elegant method to customize the icon display for almost every icon on your system | No |
| X | muBlinder | muBlinder.exe | Program that bypasses Microsoft Update?s Genuine Windows Validation | No |
| ? | Mufix | mufix.exe | Part of INFOConnect, web-based, enterprise client configuration, management, and deployment software, as used by ABSS (a financial management system used by the US military which will allow purchase request packages to be electronically submitted to contracting, and which also facilitates electronic receipt of items and EFT) - what does it do and is it required | No |
| X | mule_st_key | flec006.exe | Added by the BAGLE.AV TROJAN! | No |
| U | Multi-function keyboard | GWHotkey.exe | Software that sets up the Gateway AnyKey keyboard shortcuts (a series of buttons that allow one-click access to e-mail, browser, volume and CD/DVD controls, etc) | No |
| U | MultiCAM Initializer | MCamBoot.exe | The MultiCAM Initializer is part of the MultiCAM software package provided by Vista Imaging in order to run up to 10 USB ViCAM or 3Com Home Connect PC Digital cameras on a single computer. Clears itself from memory once initialized but can also be safely disabled | No |
| X | Multimedia Codecs | mcc.exe | Added by the DLOADER-MB TROJAN! | No |
| X | Multimedia extensions | mservice.exe | EasySearch adware | No |
| X | Multimedia extensions | [path to trojan] | Added by the SMUTSRCH-A TROJAN! | No |
| X | Multimedia extensions | mservice1.exe | Added by the DLOADR-AWD TROJAN! | No |
| U | Multimedia KBD | MMKeybd.exe | Multimedia keyboard manager. Required if you use the additional keys | No |
| U | MULTIMEDIA KEYBOARD | MMKeybd.exe | Multimedia keyboard manager. Required if you use the additional keys | No |
| X | multiran | multiran.exe | Added by the COSIAM-E TROJAN! | No |
| U | MultiRes | MultiRes.exe | MultiRes - system tray utility allowing quick access to changing desktop resolutions and has the ability to lock the screen refresh rate in WinNT/2K/XP | No |
| U | MUPS | MUPS.exe | Launches the Belkin Bulldog Plus Service - required if you want to access the UPS advanced functions | No |
| Y | murphy shield | lmgui.exe | Firewall part of BitDefender virus scanner/firewall | No |
| N | Music01 Server | Music01 Server.exe | J River Media Jukebox | No |
| X | MusIRC (irc.music.com) client | musirc4.71.exe | Added by the RANDEX.Q WORM! | No |
| X | Mustafx | mustafx.exe | Added by a variant of the VIRANTIX.B TROJAN! | No |
| ? | Mustek MDC 3000 | Mounter.exe | Related to software for the Mustek MDC 3000 digital camera - what does it do and is it required? | No |
| N | MutexServiceEx | Sys32Smm.exe | Webroot Sofware's discontinued "Privacy Master" | No |
| X | mv2 | crasos.exe | Added by the DROPPS-A TROJAN! | No |
| U | MVRescue | mvrescue | Related to Multivision Computers back up/restore program. Multivision Computers ceased operating in 2004 | No |
| X | mvsyswina | acsysiom.exe | Added by a variant of the SDBOT WORM! | No |
| U | MW1HelperStartUp | Mw1helper.exe | ScreenScenes "Magic Waterfall" screensaver. The freeware version comes with GAIN branded ads (pop-ups and others). ScreenScenes do however offer you the option of doing away with the ads by purchasing the screensaver for a whopping $30. Please note that Claria Corporation no longer support GAIN-Supported software - see here | No |
| U | MW1HelperStartUp | MW1HEL~1.EXE | ScreenScenes "Magic Waterfall" screensaver. The freeware version comes with GAIN branded ads (pop-ups and others). ScreenScenes do however offer you the option of doing away with the ads by purchasing the screensaver for a whopping $30. Please note that Claria Corporation no longer support GAIN-Supported software - see here | No |
| U | mwavscan | mwavscan.com | MicroWorld Anti Virus Toolkit is a free anti-virus scanner that runs on-demand. You can choose to scan your entire system, including memory, services, starup items and registry, or only scan files in a specified folder or drive | No |
| U | MWLExe | MwlGui.exe | Part of McAfee Wireless Protection for Wi-Fi users | No |
| N | MWProEng | MWProEng.exe | Logitech Mouseware Pro software - only required when using special functions | No |
| N | MWSnap | MWSnap.exe | MWSnap - screen capture utility. Start manually when required | No |
| X | mwsoemon | mwsoemon.exe | MyWebSearch parasite | No |
| X | Mwsvm | mwsvm.exe | SeekSeek search hijacker related - see here | No |
| X | mxb2 | [path to worm] | Added by the IXBOT-G WORM! | No |
| X | MxHLp32 | MxHLp32.exe | Added by a variant of the VAGRNOCKER TROJAN! | No |
| X | mxjxde.exe | mxjxde.exe | Added by the ORCU.B TROJAN! | No |
| U | MXO Auto Loader | MXOaldr.exe | Maxtor includes a driver to bypass the Windows certified drivers check just when it detects an external drive. MXOaldr.exe is installed with the new driver and if disabled the button on a Maxtor OneTouch External Store no longer functions | No |
| U | MXOBG | MXOALDR.EXE | Maxtor includes a driver to bypass the Windows certified drivers check just when it detects an external drive. MXOaldr.exe is installed with the new driver and if disabled the button on a Maxtor OneTouch External Store no longer functions | No |
| ? | mxomssmenu | maxmenumgr.exe | Related to Maxtor's One Touch series of external hard drives. What does it do and is it required? | No |
| U | MxRunner | MxRunner.exe | EasyUninstall from Aladdin Systems (formerly by Ontrack) | No |
| U | Mxvgautil | Mxvgautil.EXE | Utility for a USB to VGA converter from MCT Corp | No |
| X | My Agent | msagent.exe | Added by the NEGASMS.A TROJAN! | No |
| X | My App | SMSSvc.exe | Added by the NEGASMS.A TROJAN! | No |
| U | My Essentials Wireless USB Utility | O-Maxwcui.exe | Belkin My Essentials Wireless USB Utility | No |
| X | My Kazaa Gold | MyGoldKazaa.exe | My Kazaa Gold - regarded as a scam by McAfee SiteAdvisor as you're paying for something which available for free elsewhere | No |
| X | My Search Bar Eq | S4BAREQ.EXE | MySearch parasite | No |
| X | My Supervisor | MSup1bf7.exe | My Supervisor rogue system suite - not recommended, removal instructions here | No |
| X | My Web Search Bar | MWSBAR.DLL | MyWay - an IE Browser Helper Object used by adware WebSearch to add an IE toolbar to provide search features, and hijack browser search requests to its controlling servers run by MyWay | No |
| X | My Web Search Bar Search Scope Monitor | m3SrchMn.exe | MyWebSearch parasite | No |
| X | My Web Search Community Tools | m3IMPipe.exe | MyWebSearch parasite | No |
| U | My-disgo | MyKey disgo.exe | Related to disgo pro. Program will synchronize data | No |
| X | MyAccessMedia | tmp**.exe [* = random char/digit] | My AccessMedia toolbar related, stealth installed! | No |
| U | MyAgtTry | MyAgtTry.exe | System tray notification for McAfee VirusScan ASaP on-line scanner. Not required to be protected but you lose notifications | No |
| X | Myapp | [filename] | Added by the FATEE.B WORM! | No |
| X | Myapp | service.exe | Homepage hijacker | No |
| X | MyAV | avpguard.exe | Added by the NETSKY.J WORM! | No |
| Y | MyCIO Agent Service | myagtsvc.exe | McAfee VirusScan ASaP Agent service | No |
| U | myCIO.com ASaP | MyAgtTry.exe | System tray notification for McAfee VirusScan ASaP on-line scanner. Not required to be protected but you lose notifications | No |
| N | myCIO.com Splash | Splash.exe | Splash screen for McAfee VirusScan ASaP on-line scanner | No |
| X | myCleanerPC | myCleanerPC.exe | MyCleanerPC spyware remover - not recommended, see here | No |
| X | MyCometCursor | MYCOME~1.EXE | Comet Cursor adware | No |
| X | MyDailyHoroscope | MYDAIL~1.EXE | MyDailyHoroscope foistware | No |
| X | MyDailyHoroscope | MyDailyHoroscope.exe | MyDailyHoroscope foistware | No |
| U | MyEmoticons | MYEMOTICONS.EXE | MyEmoticons from Persona Ltd - add icons (emoticons) to your E-mail | No |
| X | MyFastAccess | myfastupdate.exe | My-Fast-Access toolbar updater | No |
| X | myhuy | huy.exe | Added by the BLASTER-C WORM! | No |
| X | myhuy | huy2.exe | Added by the BLASTER-L WORM! | No |
| U | MyIE.exe | MyIE.exe | MyIE2/Maxthon browser related | No |
| X | MyLife | CmdServ.exe | Added by the HOLAR.A WORM! | No |
| X | myMh2 | iexpl0re.exe | Added by the DELF.FAI TROJAN! | No |
| U | myNetWatchman | nwclient.exe | Sends your firewall alerts to a website, which then filters them and forwards details of suspicious activities to the host ISP they originated from. Only needs to be running when your firewall is running | No |
| X | MyPointsPointAlert | wjview ...MyPointsPointAlertrun.exe | "With MyPoints you can earn rewards from name-brand merchants. You can even earn vacations and frequent flyer miles". Dubious privacy policy | No |
| U | MyPopupKiller | mpk.exe | MyPopupKiller - popup killer | No |
| U | myprint mileage | mpm.exe | Reports battery status on a portable printer | No |
| X | Mysee Alert | Mysee Alert.exe | MySee Alert adware | No |
| X | MyShares | MyShares.exe | EHU adware | No |
| X | MySLScan | msvc32.exe | Added by the FORBOT-EH WORM! | No |
| X | mysoft | winexplor.exe | Browser hijacker, also detected as the STARTPA-JR TROJAN! | No |
| N | MySoftware NewsFlash | Newsflsh.exe | Runs in your task bar and receives alerts and release information on MySoftware products from Avenquest | No |
| N | MySpaceIM | MySpaceIM.exe | MySpaceIM internet messenger | No |
| X | mysvcig38 | mysvcc.exe | Added by the RBOT-FOU WORM! | No |
| X | mysvcig38 | recsl.exe | Added by a variant of the RBOT-FOU WORM! | No |
| X | MyTam | MyTam.exe | Covert Sys Exec malware variant | No |
| U | MytekSystrayExePath | MyTekSystray.exe | MyTek system tray - web site providing computer tech support in Australia | No |
| X | MyTotalSearch Email Plugin | mtsoemon.exe | MyTotalSearchBar adware | No |
| X | MyVBApp | SysNT.exe | ReferAd adware | No |
| X | MyVBApp | install.exe | Detected as Generic Downloader.s by McAfee, probable variant of ReferAd adware! | No |
| X | MyVBApp | setup.exe | Detected by Kaspersky as the VB.KB TROJAN! File location is in the Root folder (C:), (D:), etc | No |
| X | MyVirt.exe | MyVirt.exe | Added by the REMADM-C TROJAN! | No |
| U | MyVitalAgent | VtlAgent.exe | MyVitalAgent from Lucent Technologies. Replacement for Net.Medic, monitoring all popular internet transactions and alerting the user of the location of connection problems. Available via Start -> Programs | No |
| X | MyWebSearch Email Plugin | mwsoemon.exe | MyWebSearch parasite | No |
| X | MyWebSearch Plugin | rundll32 [path] M3PLUGIN.DLL,UPF | MyWebSearch parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| X | My_Heart | My_Heart.exe | Added by the SILLYFDC-AD WORM! | No |
| U | N2PTray | Net2fone.exe | An Internet telephony application. Needed only if you have an account at Net2Phone, Inc | No |
| N | NADaemon | NADAEMON.EXE | Program by NetActive which appears to be piggybacked onto some Nvidia graphics cards software. They seem to look after "digital rights management". One user reports disabling it has no detrimental affect - not required | No |
| N | Naggerrunkey | nagger.exe | Packard Bell Free Internet Signup screen | No |
| Y | Naimagent_service | EPOAgentnaimas32.exe | Networked version of McAfee VirusScan. Installs, configures and updates the software and DAT (virus definition) files on local computers from a network server. A resource hog but required for DAT updates and if disabled can also cause random freezes and error messages | No |
| Y | Naimagent_UI | EPOAgentnaimag32.exe | Workstation background program for Network Associates McAfee ePolicy Orchestrator - a network management tool for enforcing antivirus protection of the workstations using system policies. Works with both McAfee and Norton AntiVirus. NAIMAG32 and NAIMAS32 communicate with the ePolicy Orchestrator processes on the network fileserver to check for virus updates or for the need to perform a virus scan | No |
| Y | Naimagent_UI | naimag32.exe | Workstation background program for Network Associates McAfee ePolicy Orchestrator - a network management tool for enforcing antivirus protection of the workstations using system policies. Works with both McAfee and Norton AntiVirus. NAIMAG32 and NAIMAS32 communicate with the ePolicy Orchestrator processes on the network fileserver to check for virus updates or for the need to perform a virus scan | No |
| X | Name | Iexplorer0.exe | Added by the THREADSYS TROJAN! | No |
| X | Name Server | mswins.exe | Added by a variant of the SDBOT WORM! | No |
| X | NAMEDPIPE SYSTEM | namedpipe.exe | Added by the MYTOB-FH TROJAN! | No |
| X | nano | svchost.exe | Added by the NANO-A TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | Nano Antivirus | nanoav.exe | Nano Antivirus rogue security software - not recommended, removal instructions here | No |
| X | NAP32 | NAP32.exe | Premium rate adult content dialler | No |
| X | NarmonVirusAnti | smss.exe | Added by the AUTORUN-DV WORM! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ~A~m~B~u~R~a~D~u~L~ subfolder | No |
| X | Narrator | ******.exe [* = random char] | Added by the QOOLOGIC TROJAN! | No |
| U | Narrator | Narrator.exe | Associated with the Narrator accessibility feature on Windows XP. It is used to convert text to speech | No |
| X | Natal | Natal.scr | Added by the OPASERV.AE WORM! | No |
| X | NAV | RuxDLL32.exe | Added by the MAPSON.D WORM! | No |
| Y | NAV Agent | navapw32.exe | Norton Anti-Virus's background scanning process | No |
| X | nAv AGENT | N/A | Added by the RIOSYS MACRO! Note the lower-case "n" and "v" in the name as this is not the valid Norton AntiVirus entry of the same name - indeed it closes Norton AV processes | No |
| X | NAV Agent | systems.exe | Added by the TARNO.C TROJAN! Note - this is not the valid Norton Antivirus entry of the same name | No |
| X | NAV Agent | winsnav.vbs | Added by the ANPES WORM! | No |
| X | NAV Agent | wmilib32.exe | Added by the VB-XU TROJAN! | No |
| X | NAV Auto Prot | navprot1.exe | Added by the RBOT.ZAC WORM! | No |
| X | NAV Auto Protect | msfwe1.exe | Added by a variant of the RBOT WORM! | No |
| X | NAV Auto Protect | navprotect.exe | Added by a variant of the RBOT WORM! | No |
| X | NAV Auto Protect | dnsserv.exe | Added by a variant of the SDBOT WORM! | No |
| X | NAV Auto Protect | mcafee32.exe | Added by a variant of the SPYBOT WORM! | No |
| X | NAV Auto Update | Navautoupdate.exe | Added by a variant of the SPYBOT WORM! | No |
| X | NAV Auto Updates | csrssp.exe | Added by a variant of the SDBOT WORM! | No |
| X | NAV Auto Updates | navwindows.exe | Added by a variant of the SDBOT WORM! | No |
| X | NAV Auto Updates | slserves.exe | Added by a variant of the SDBOT WORM! | No |
| X | NAV Auto Updates | navupdaters.exe | Added by the RBOT-UN WORM! | No |
| X | NAV Auto Updates | navupdaterx.exe | Added by a variant of the RBOT WORM! | No |
| N | NAV CfgWiz | cfgwiz.exe | Introduced with Norton Anti-Virus 2002, this is a real resource hog. Many NAV users will find they can live without loading it | No |
| N | NAV Configuration Wizard | cfgwiz.exe | Introduced with Norton Anti-Virus 2002, this is a real resource hog. Many NAV users will find they can live without loading it | No |
| U | NAV DefAlert | DefAlert.exe | Norton Anti-Virus Definitions Alert. Warns you if virus definitions are out of date. Leave enabled unless you manually update virus definitions on a regular basis | No |
| X | NAV Live Update | [path to worm] | Added by the DEBORMS.C WORM! Note - this is not a valid Norton Anti-Virus (NAV) function from Symantec | No |
| X | NAV Scan Service | NAVSCAN32.EXE | Added by the SDBOT.VG WORM! | No |
| X | NavAgent32 | lasvr32.exe | Added by the FEMOT.D WORM! | No |
| X | NavAgent32 | SCardSvr32.Exe | Added by the MOFEI.B WORM! | No |
| X | navapp | navapp.exe | NavExcel adware variant | No |
| Y | navapw32 | navapw32.exe | Norton Anti-Virus's background scanning process | No |
| X | NAVCheck | navchk.exe | Premium rate adult content dialer | No |
| X | NAVCheck | shman.exe | Premium rate adult content dialer | No |
| U | NaverPCGreen | NPCGreenUpgrader.exe | Related to Naver_Anti-virus Realtime Monitor From NHNCorp | No |
| U | Naviscope | naviscope.exe | Naviscope is a multipurpose browser enhancement that can speed up Web searches, lock out cookies, examine HTML send/receive headers, provide single-click network diagnostics, and much more | No |
| X | NaviSearch | nls.exe | NaviSearch, eXact Advertising variant | No |
| N | NavLoad | NAVBrowser.exe | Registration reminder for CorelDRAW 10 | No |
| X | navman_20 | sysnav32.exe | Hijacker, possibly a CoolWebSearch parasite variant | No |
| ? | NAVMD25 | UpdtNv28.exe | Added by Symantec for updating the MicroDefs for their AV products - is it required? | No |
| X | NAVMon32 | NAVMon32.exE | Added by the WINKO.AO WORM! | No |
| X | NAVNet | ***.tmp [* = random digit] | Unidentified adware | No |
| X | navp.exe | navp.exe | Added by the AGOBOT-OE WORM! | No |
| X | NavPass | NavPass.exe | Free system for gaining access to and downloading from adult content web-sites | No |
| X | NavScan | [filename] | Added by the OBSORB TROJAN! | No |
| X | NAVSCAN32.EXE | NAVSCAN32.exe | Added by the SDBOT-DO WORM! | No |
| X | NAVSCANNER32 | NAVSCANNER32.EXE | Added by the RBOT.QC WORM! | No |
| X | NAVUpd | rundll32.exe navupd.dll, Startup | Added by the NAVU TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| X | NAVWatch | NAVWatcher.exe | VX2.Transponder parasite updater/installer related | No |
| X | NAV_Update | NAV_Update.exe | Unidentified WORM or TROJAN! | No |
| X | nawadll32 | nawadll32.exe | Added by the SDBOT-ZI WORM! | No |
| X | nawdll32 | nawdll32.exe | Added by the SDBOT-ZM WORM! | No |
| N | NB Common Dialog Enhancements | COMDLGEX.EXE | Part of McAfee Nuts & Bolts. With Common Dialog Enhancements, you can add MRU list box to open dialogs | No |
| N | NB Start Menu | STARTM.EXE | Part of McAfee Nuts & Bolts. Provides the same control as MSCONFIG and can be used instead if you have N&B | No |
| N | NB Windows Patterns | WINDBKGND.EXE | Part of McAfee Nuts & Bolts. With Background Patterns, you can change background patterns of wizard and dialog windows | No |
| X | NBInstall | MBDownloader_876919.exe | Added by the MIRAR_D TROJAN! | No |
| U | NBJ | NBJ.exe | Ahead Nero BackItUp - backup program. Only required for if you have scheduled back-ups | No |
| U | NbkCtrl | NbkCtrl.exe | Scheduling engine of NovaSTOR Backup Service. Only required if scheduling is enabled and wanted - see here | No |
| U | NBKeyScan | NBKeyScan.exe | This tool comes with a special version of Nero BackItUp for some external harddisks. Controls two buttons on the drive - one button power off the drive and the other directly calls Nero BackItUp to make a quick backup | No |
| X | NBT System alias | [path] repcale.exe [path] beird.exe | Added by a variant of the RANDON.AN WORM! | No |
| ? | nbustrce1D | nbustrce1D.exe | Device driver, possibly CD/DVD - what exactly is it and is it required in startup? | No |
| X | NC1565 | winntsrv -l -p10001 -d -e cmd.exe -L | Added by the NEWLEY-A WORM! | No |
| X | Ncao | osoa.exe | PurityScan/Clickspring adware | No |
| X | Ncao | urpo.exe | PurityScan/Clickspring adware | No |
| ? | NCClient | N/A | ?? | No |
| N | NCD | ncd.exe | Norton Change Directory - from the DOS days that allows the user to change directories on their machine without typing the complete path | No |
| N | NCLAUNCH | NCLAUNCH.exe | Part of SWF Studio from Northcode Inc. - an extension to Flash. Bundled when you create a self-installing screen-saver on Win2K/XP | No |
| X | nClient | cnen.exe | Added by the DELBOT-AL WORM! | No |
| Y | NCSW Server | NcsW.exe | LockLink access control management software. LockLink 7.0 lets users seamlessly manage both offline and online access control solutions available from IR Security & Safety | No |
| N | NCS_SS | Csinsm32.exe | Same as CleanSweep Smart Sweep-Internet Sweep | No |
| X | NDAv | csnss.exe | Added by the SERFLOG.C WORM! | No |
| X | NDAv | svhost.exe | Added by the SERFLOG.C WORM! | No |
| ? | NDDEAGNT | NDDEAGNT.EXE | WinNT default process. Network Dynamic Data Exchange (DDE) Agent, handles requests for network DDE services | No |
| X | NDIS Adapter | ndis.exe | Added by the SDBOT.VF WORM! | No |
| X | NDIS Adapter | windows.exe | Added by the FORBOT-BR WORM! | No |
| X | NDIS Adapter | lsass2.exe | Added by the WOOTBOT.CW WORM! | No |
| X | NDIS Adapter | servenxpp.exe | Added by the FORBOT-GP WORM! | No |
| X | NDIS Adapter | Servenxp.exe | Added by the SPYBOT.LY WORM! | No |
| X | NDIS Adapter | svchosttt.exe | Added by the WOOTBOT.AN WORM! | No |
| X | NDIS Adapter | Winman.exe | Added by the WOOTBOT.AG WORM! | No |
| X | ndlhosta | uiremsyl.exe | Added by a variant of the SDBOT WORM! | No |
| X | Ndpldaemon | [path to trojan] | Added by the RPCSDBOT-A TROJAN! | No |
| X | NDplDeamon | nstask32.exe | Added by the RANDEX.E WORM! | No |
| X | NDplDeamon | winlogin.exe | Added by the RANDEX.E WORM! | No |
| U | NDPS | DPMW32.EXE | Novell Distributed Printer Services - part of Novell's Netware Client and Groupwise products. Not required if you don't use this feature | No |
| X | NDrv | NDrv.exe | PurityScan/Clickspring adware | No |
| U | NDSTray | NDSTray.exe | ConfigFree Tray on a Toshiba laptop. Tray utility for their network switching application which permits switching network devices and settings with a click on the tray icon. While it is not required, for people who span multiple networks and want an easy way to go from wired to wireless and change addresses and other network settings, it's a must have | No |
| U | NDSTray.exe | NDSTray.exe | ConfigFree Tray on a Toshiba laptop. Tray utility for their network switching application which permits switching network devices and settings with a click on the tray icon. While it is not required, for people who span multiple networks and want an easy way to go from wired to wireless and change addresses and other network settings, it's a must have | No |
| X | Ndtstat | Ndtstat.exe | Added by a variant of the BANLOAD family of TROJANS! | No |
| N | Necbar | Necbar.exe | Nec Assistant; Ark's Navigator, a graphical interface for NEC computers | No |
| Y | NECMFK | necmfk.exe | NEC wireless keyboard driver | No |
| U | Necutray | Necutray.exe | Driver for external USB storage devices (hard drives, flsh disks, etc) | No |
| X | neos | neos.exe | Added by the BDOORB-FAM TROJAN! | No |
| ? | neqprvfy.exe | neqprvfy.exe | Appears to be related to the downloading of some application - possibly verifying updates? | No |
| X | Nero | shch.exe | Added by a variant of the BDOOR-EB BACKDOOR! | No |
| X | Nero Checker | nerocheck.exe | Added by the PROXY-X TROJAN! Note - this is not related to "Nero Burning Rom" CD writing software | No |
| N | Nero DriveSpeed | DRIVESPEED.EXE | Ahead Nero DriveSpeed - set the CD reading speed of a CD/DVD drive on-the-fly to reduce the noise on high-speed drives | No |
| N | Nero PhotoShow Media Manager | mssysmgr.exe | Nero rebranded version of Simple Star's PhotoShow photo editing and organizing software, makes it easy to send and share digital photos | No |
| X | Nero Updater.6.12 | wmp9.exe | Added by the AGOBOT-AAG WORM! | No |
| X | Nero.ma | ***.exe [*** = 2 to 3 digits] | Added by the JONBARR.D WORM! | No |
| X | NeroAutoStartClient | NeroASM.exe | Added by the AGOBOT.VG WORM! | No |
| U | NeroCheck | nerocheck.exe | Associated with "Nero Burning Rom" CD writing software. Checks for driver issues | No |
| X | NeroCheck | regedit.exe | Added by the DOOMJUICE.B WORM! Note - this is not the valid Ahead Nero CD/DVD burning program. Also, it is not the valid Windows registry editor which resides in Windows or Winnt and will not figure in Msconfig/Startup! This version resides in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| X | NeroFil | NeroFil.EXE | Added by the RBOT.EAM TROJAN! | No |
| X | NeroFileCheck | msjavam32.exe | Added by the AGOBOT.AKM WORM! | No |
| U | NeroFilterCheck | NeroCheck.exe | Associated with "Nero Burning Rom" CD writing software. Checks for driver issues | No |
| U | NeroHomeFirstStart | NMFirstStart.exe | Associated with Nero Scout, added by version 7 of the Nero digital media suite (CD & DVD burning, authoring, etc). Thanks to Help2Go.com, if you feel this is draining more resources that necessary you can disable it by clicking here | No |
| X | NeroLoader | NeroLoader.exe | Added by the BANCBAN-EJ TROJAN! | No |
| N | NeroNETTrayIcon | NNServiceCtrl.exe | System tray access to NeroNET - Ahead Software's network-capable extension of their CD/DVD burning program. NeroNET allows a burner to be shared across a network | No |
| X | NeroUpdate Check | msjava.exe | Added by the AGOBOT.AMH WORM! | No |
| X | NeroUpdater6.8 | winjava.exe | Added by the AGOBOT.AMK WORM! | No |
| X | Net | WINREG.EXE | Added by the ASSASIN.D TROJAN! | No |
| U | Net Accelerator | NetAccelerator.exe | Rizal NetAccelerator - "Optimizing Dial-Up, Lan, Cable, DSL, and Satellite connections do you want to speed up your Internet access up to 200% - 300% ???". Only required if you find it helps improve your performance | No |
| U | Net Activity Diagram | nad.exe | Net Activity Diagram from MetaProducts. Monitors your computer internet activity. Available via Start -> Programs | No |
| X | NET Bios Stats | ntbstats.exe | Added by the SDBOT-ZX WORM! | No |
| X | Net Command Senter | nvscvse.exe | Added by the IRCBOT!DF6280E5 VIRUS! | No |
| X | Net CoNN | Antispy.exe | Added by the AGOBOT.ALK WORM! | No |
| X | NET DEMON | ndemon.exe | Added by the AGOBOT-LA WORM! | No |
| U | Net iD | iid.exe | "With the Net_iD program, you can easily and securely logon with a smart card into a domain, a virtual private network (VPN) or in Citrix and Terminal Server environments" | No |
| X | NET protection system | netst.exe | Added by the RIZO.A TROJAN! | No |
| X | Net**.exe [* = random char] | Net**.exe [* = random char] | CoolWebSearch/HomeSearch adware - for examples, see this log | No |
| X | Net**32.exe [* = random char] | Net**32.exe [* = random char] | CoolWebSearch/HomeSearch adware - for examples, see this log | No |
| N | Net-It Launcher | NILaunch.exe | Net-It - web publishing software | No |
| X | net32 | svhost.exe | Added by a variant of the Trojan.Clicker family | No |
| X | net64 | svhoster.exe | Detected by PCTools as the AGENT.JVF TROJAN! See here | No |
| U | NetAccelerator | NetAccel.exe | NetAccelerator is a "software utility that optimizes your internet access up to 1200% faster!. NetAccelerator speeds all modems allowing you to download faster, browse faster, surf faster!. Only required if you find it helps improve your performance | No |
| X | NetAdm7 | NETADM7.EXE | Added by the BANCOS.F TROJAN! | No |
| X | Netapi | Netapi.exe | Added by the NETDEVIL.14 TROJAN! | No |
| X | netapi32 | netapi32.exe | Added by an unidentified TROJAN! | No |
| X | NetApp | winserv.exe | Added by the SHADOWTHIEF TROJAN! | No |
| N | NetAppel | NetAppel.exe | NetAppel - free internet telephony utility using the VoIP (Voice over Internet Protocol). Call online friends for free and regular phones either for free (limited use) or low rates. One of a number provided by Betamax - the others generally have different rate plans. Similar to the more popular Skype | No |
| U | NetAssistant | matcli.exe | "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". NetAssistant Help is required to run with the Help and Support program. If you uncheck NetAssistant Help and and then run Help and Support it will add another NetAssistant Help in the startup menu. If you remove the NetAssistant Help in the add/remove program some help menus in help and support will not be available. You decide | No |
| X | Netbeans | netbeans.exe | Added by the DELBOT-R WORM! | No |
| X | Netbios Helper | nbthlp.exe | Added by the BANKER.Y TROJAN! | No |
| X | NetBiosSrvc | HPSrvPrt.exe | Added by the SDBOT-COL WORM! | No |
| X | NetBioy Client | netbioy.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | netc | svc.exe | Detected by Bitdefender as DROPPER.LDPINCH.Q malware | No |
| X | netconfig | netconfig.exe | Added by the NETWARE TROJAN! | No |
| U | NetCruiser Dialer | NCDialer.exe | NetCruiser Dialer from NetCruiser Software. "An Internet dialer and connection monitor with features to launch applications when a connection is detected, dial and hangup at predefined times and automatic redialing of dropped connections" | No |
| X | netdaemon | netdaemon /v | Malware designed to "kill" a number of antispyware applications (SpyBot, Giant, SpyDoctor, SpySweeper, SpyHunter, Anvir, WinPatrol, and more) | No |
| X | netdll32 | netdll32.exe | Added by the CRYPTER.A TROJAN! | No |
| X | netdllex | netdllex.Exe | Added by the CRYPTER.A TROJAN! | No |
| X | NetDy | VisualGuard.exe | Added by the NETSKY.N or NETSKY.W WORMS! | No |
| X | NETFP32.EXE | NETFP32.EXE | Added by the AGENT.CD TROJAN! | No |
| ? | netfxupdate | netfxupdate.exe | Would appear to be a valid Microsoft .NET file (see here) but other sources suggest it could be a trojan | No |
| ? | NetFxUpdate_v1.0.3705 | netfxupdate.exe | Would appear to be a valid Microsoft .NET file (see here) but other sources suggest it could be a trojan | No |
| U | NETGEAR WG111T Smart Wizard | wlan111t.exe | Configuration utility for the Netgear WG111T multi-rate Wireless USB 2.0 Adapter that "provides wireless access to your desktop or notebook PC through the computer's USB port" | No |
| U | NetGuard | NetGuard.exe | FBM Software ZeroSpyware 2004 spyware detector and remover - real time monitor | No |
| X | nethost.exe | [path to file] | Added by the PERDA-J TROJAN! | No |
| U | Netlimiter | Netlimiter.exe | Netlimiter - "An internet traffic control tool to monitor applications which access the internet and actively control their internet traffic. Use it o set (download/upload) speed limits for applications or even single connection. NetLimiter also allows you to share your internet connection bandwidth among all applications running on your PC." | No |
| N | Netline User | netchk.exe | Netline supplies internet related products and services and this program identifies user ID and IP information. Found installed along with the Falcon 4 game, for example | No |
| X | NetLink | netlink32.exe | Added by the GAOBOT.WO WORM! | No |
| X | NetLogon | userint.exe | Added by the SDBOT-BC WORM! | No |
| U | NetManageImport | nmcpdata.exe | NetManage business software related | No |
| X | NetManagerService | ntss.exe | Added by the BESTPICS.A TROJAN! | No |
| U | NetMeter | NetMeter.exe | "Net Meter is a small, customizable network bandwidth monitoring program for Win9x/Me/NT4/2K/XP. NetMeter is and will always stay freeware. The program has been tested extensively on Win2K/XP, but it should work just as well on all other Win32 operating systems" | No |
| X | NetMeter | NielsenOnline.exe | NetRatings software by Opistat. "OpiStat measures Internet usage anonymously and surveys participants according to their profiles and online habits". This software has been reported to get downloaded and installed automatically after a Grokster install. It anonymously collects your use of the Internet protocols (sites visited, Web pages, advertisements seen, electronic commerce, streaming). To be avoided! | No |
| U | NetMeter | HooNetMeter.exe | "Net Meter is a powerful and easy-to-use bandwidth meter. It monitors traffic of all network connections and displays real-time graphical and numerical data transfer rates. Net Meter can display details of multiple network connections at the same time. It records all network traffic and includes extensive logging (daily, weekly and monthly) and traffic events. Net Meter works with virtually all types of network connections including phone modems, DSL, cable modem, LAN, satellite and more." | No |
| X | NetMon | netmon.exe | Added by the MIMAIL.M WORM! | No |
| X | Netmonw | Netmonw.exe | Added by the BDOOR-FX BACKDOOR! | No |
| U | netmsg | netmsg.exe | Net_Message is a small tool to send messages across the network, using the Windows Messenger Service, so there is no client install required to receive the messages. It has a number of other features as well | No |
| U | NetOnHold | FTNOHMgr.EXE | "FaxTalk NetOnHold 1.5 works with the Modem-On-Hold capabilities found in V.92 modems to provide the ability to place an Internet connection "on hold" and receive incoming calls or place outgoing calls" | No |
| U | NetPanel | Starter.exe | Gemius surveillance software. Uninstall this software unless you put it there yourself | No |
| U | NetPatrol | winclient.exe | NetPatrol network monitoring software | No |
| X | netpc32.exe | netpc32.exe | Malware, probably a CoolWebSearch parasite variant | No |
| N | NetPerSec | NetPerSec.exe | NetPerSec - measures the real-time speed of your Internet connection | No |
| N | NetPumper | NetPumperIEProxy.exe | NetPumper download manager - bundles Cydoor and SaveNow adware, see here | No |
| X | NetReach | nrcheck.exe | Added by an unidentified VIRUS, WORM or TROJAN! | No |
| X | Netropa Internet Receiver | Netropa.exe | Netropa Internet Receiver. Shows a scrolling bar with the news. Major resource hog and flagged as spyware | No |
| U | NetRun | NetRun.exe | NetRun - will 'RUN' a 'List' of programs only when a internet connection is detected, and close/kill the same 'List' when the connection is lost | No |
| U | Netscape | InstallService.exe | Related to Netscape installation | No |
| N | Netscape Messenger | NETSCAPE.EXE | In Netscape 6 (I know for sure with 6.2.1, maybe with 6.0) Netscape.exe is the main executable file for Netscape Navigator, Netscape Mail and News, and Netscape Messenger (the new name for the embedded AIM, no doubt to make it sound like Windows Messenger, the XP version of MSN Messenger). Basically, netscape.exe can be more than just Netscape Messenger, and Messenger can be more then just AIM in disguise, depending on the version of Netscape installed | No |
| N | Netscp6 | Netscp6.exe | Netscape 6 | No |
| U | NetScreen-Remote | SafeCfg.exe | NetScreen Remote VPN client software | No |
| X | NetService | ntsvc.exe | Added by the QQPASS-DU TROJAN! | No |
| X | netservices | recall.exe | Added by the WOOTBOT.D WORM! | No |
| X | netservices | svchostn.exe | Added by the SDBOT.GI WORM! | No |
| X | NETServices | csxrs.exe | Added by a variant of the SDBOT WORM! | No |
| U | NetShow Powerpoint Helper | NSPPTHLP.EXE | If disabled, user created fonts can no longer be seen by other programs | No |
| X | NetStart | svchost.exe | Added by the MKAR-A VIRUS! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "NETSTART" subfolder | No |
| N | NetStat Live | Nsl.exe | AnalogX NetStat Live - TCP/IP protocol monitor which can be used to see your exact throughput on both incoming and outgoing data | No |
| X | netsv32 | netsv32.exe | Added by the SDBOT-PX WORM! | No |
| X | netsv32 | sv.exe | Detected by PCTools as the DELF.CCD TROJAN! See here | No |
| Y | NettGain2000 | WgwMngr.exe | Part of Flash-Networks NettGain2000 product. NettGain 2000 is a combined hardware/software networking solution, which is designed to improve performance of satellite networks by increasing data transmission speeds and maximizing the existing bandwidth for complete utilization when sending TCP/IP applications over a satellite. It is needed when connecting to the internet via satellite to provide speed faster than 60k or so | No |
| Y | NettGain2000 Verifier | NettGain2000 Verifier.exe | Part of the Starband satellite client that attempts to optimize your satellite connection to increase speed | No |
| U | NetTime | NETTIME.EXE | From a visitor - "This is the executable for NetTime. It is started from the registry when you check the box to start at startup. NetTime allows you to synchronize your computers' clock with a server on your local net or the internet using any of several protocols, e.g. NTP." | No |
| U | NetTurbo | netturbo.exe | NetTurbo from SharewareOnline.com. "Accelerate Your Internet Connections by up to 600%". If you find it helps your connectivity leave it enabled | No |
| X | Netunit32 | wunit32.exe | Added by an unidentified WORM or TROJAN! | No |
| X | netupdate32 | netupdate32.exe | Added by the RBOT-GQZ WORM! | No |
| X | NETVISIONAdulti | [random filename] | Trafficadvance dialer | No |
| X | NETVISIONPasse-partout | Passe-partout.exe | Added by the DIALCAR-M DIALER! | No |
| X | netw | svw.exe | Detected by Bitdefender as a variant of DROPPER.LDPINCH.Q malware | No |
| X | NetWatch32 | netwatch.exe | Added by the MIMAIL.C WORM! | No |
| N | Netword Agent | nwant33.exe | An interesting browser utility that allows you to navigate by typing a single word or phrase (a "NetWord") related to what you're looking for into your browser's location field. It also puts an icon in the system tray icon that is a circle with the letter N in the center to access the menu faster. Available via Start -> Programs | No |
| X | NetWork | csrs.exe | Added by the AGOBOT.JJ WORM! | No |
| X | Network Access | winssh.exe | Added by a variant of the SDBOT WORM! | No |
| X | Network Administration | NAS.exe | Added by the ANTILAM.20.Q TROJAN! | No |
| X | Network Administration Service | rsvc32.exe | Added by the RBOT.ABH WORM! | No |
| U | Network Associates Error Reporting Service | TBMon.exe | Network Associates Error Reporting Tool - tool traps errors and requests submission to NAI for the purpose of betatesting new software | No |
| X | Network Connections | internat.exe | Added by the VB-ZD TROJAN! | No |
| X | network device driver | msfirewall.exe | Added by the DELF-LB TROJAN! | No |
| U | NetWork Device Switch | NetDevSW.exe | Toshiba laptops with built-in Wi-Fi. Allows switching between Wi-Fi and internal ethernet. Only necessary if you have regular need to switch back and forward between these network interfaces. Located in Startup folder so make own shortcut to it and disable if not really necessary | No |
| X | Network Host Controller | [path to trojan] | Added by the WHISPER TROJAN! | No |
| X | Network Host Service | msmnart32.exe | Added by the RBOT-CJV WORM! | No |
| X | Network Host Service | [random]32.exe | Added by the RBOT-BAB WORM! | No |
| X | Network maneger | svchost.exe | Detected by Trend Micro as the AGENT.BX BACKDOOR! See here. Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! | No |
| X | Network Protocol Service | wuamgrd.exe | Added by the RBOT.EA WORM! | No |
| X | Network protocol service | wintcp.exe | Added by a variant of the AGOBOT/GAOBOT WORM! | No |
| X | Network Provisioning Service | WinNPS.exe | Added by an unidentified WORM/TROJAN! | No |
| X | Network Security | secsvc.exe | Added by the RBOT-ALX WORM! | No |
| X | Network Security | NSecurity.exe | Added by the IRCBOT.AAV WORM! | No |
| X | Network Security Guard | **********.exe [* = random char] | CoolWebSearch parasite variant | No |
| X | Network Security Guard | [path to trojan] | Added by the COLEM-A TROJAN! | No |
| X | Network Security XP | nvsvc86.exe | Added by the RBOT-GUI WORM! | No |
| X | Network Service | svchost.exe | Added by the STARTPA-CC TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | Network Service | svhost.exe | Added by the HACDEF-K TROJAN! | No |
| X | Network Service | MccTrayApp.exe | Added by an unidentified WORM or TROJAN! | No |
| X | Network Service Manager | netsvc.exe | Added by a variant of the AGOBOT/GAOBOT WORM! | No |
| X | Network Translation System Service | ntss.exe | Added by the UNPDOOR TROJAN! | No |
| X | NetworkAssociates Inc | internet.exe | Added by the LOVGATE.AB WORM! | No |
| X | NetworkClient | NetworkClient.exe | Added by the LEMUR WORM! | No |
| X | NetworkKey | netkey.exe | Added by the IRCBOT-AJ TROJAN! | No |
| X | Networks Configurator | NetConfs.exe | Added by the RBOT-OX WORM! | No |
| X | Networks Controler | Netsis.exe | Added by the RBOT-NG WORM! | No |
| N | NetworkSetup | dlink.exe | D-Link System Tray icon | No |
| X | netx | svx.exe | Detected by Bitdefender as a variant of DROPPER.LDPINCH.Q malware | No |
| X | netzip | svzip.exe | Detected by PCTools as the DELF.ZWL TROJAN! See here | No |
| X | Netzip Smart Downloader | npnzdad.exe | Advertising spyware | No |
| N | NetZIPFolders | nzfprop.exe | Netzip Classic zip file manager | No |
| X | NeuroMedia(IESpeaker) | NeuroMedia.exe | Part of an older freeware version of IESpeaker - a program that allows you to listen to web pages. NeuroMedia.exe only downloads advertisments. Not included in the paid-for version currently available | No |
| N | NeuroSpeech OESpeaker | OEMonitor.exe | Part of OESpeaker - a program that allows you to listen to long E-mails instead of reading them in Outlook Express. OEMonitor.exe checks whether OE is open or not | No |
| X | New Anti Virus | System.exe | Added by the BRONTOK-CH WORM! | No |
| X | New Csnm Manager | csmn.exe | Added by the SDBOT.BZS WORM! | No |
| X | New.net Startup | rundll32 [path] NEWDOT~1.DLL, ClientStartup | NewDotNet foistware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| X | New.net Startup | rundll32 [path] NEWDOT~1.DLL, NewDotNetStartup | NewDotNet foistware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| X | New.net Startup | rundll32 [path] NEWDOT~2.DLL, ClientStartup | NewDotNet foistware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| X | New.net Startup | rundll32 [path] NEWDOT~2.DLL, NewDotNetStartup | NewDotNet foistware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| X | Newman | playavi.exe | Added by the LINEAGE-AT TROJAN! | No |
| X | newname | [path to trojan] | Added by the DRSMARTL-S TROJAN! | No |
| ? | News Service | ispnews.exe | F-Secure antivirus related. However, is this particular item required? | No |
| N | Newsalrt | NEWSALRT.EXE | MSNBC News system tray utility to alert you to new news | No |
| X | Newsgroup lptt01 | newsgroup.exe | RapidBlaster variant (in a "newsgroup" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here | No |
| X | Newsgroup ml097e | newsgroup.exe | RapidBlaster variant (in a "newsgroup" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here | No |
| N | NewsUpd | newsupd.exe | For Creative Soundblaster Live! series soundcards. System tray application for News updates. Available via Start -> Programs. Also spyware - see here. | No |
| X | NewtonKnowsUpd | NewtKnow.exe ...NewtnUpd.dll, runkey | NewtonKnows hijacker | No |
| X | Nex | nex.exe | Added by the AGENT-FPQ TROJAN! | No |
| U | NexusServer | PNXSERVR.exe | Related to ProCoder 2.0 from Canopus. "ProCoder 2.0 software combines speed and flexibility into a streamlined video conversion tool for professionals. Featuring, extensive input/output options, advanced filtering, batch processing and an easy-to-use interface, ProCoder 2.0 is the ideal solution for high-quality multi-format video creation" | No |
| U | NFM Service | NPDOR9x.exe | Appears in startup if you have chosen to participate in on survey by NPD Online Research. Required for the survey to work correctly. Otherwise not required | No |
| X | Nfo | nfomon.exe | Delfin Media Viewer adware related | No |
| N | nForce Tray Options | sstray.exe | nVidia nForce Taskbar Utility - quick access to the nForce2 "Sound Storm" control panel and related utilitys | No |
| U | NGClient | ngctw32.exe | Symantec Ghost Server software - needed for a "a Ghost multicast" (transfer images to multiple machines). Can be launched manually | No |
| X | ngpw36 | ngpw36.exe | AdBlaster adware variant | No |
| N | NGServer | ngserver.exe | Symantec/Norton Ghost Console service | No |
| X | NI.UERSM_0001_N68M1602 | UERSM_0001_N68M1602NetInstaller.exe | ErrorSafe misleading security software - not recommended, see here | No |
| N | NI.UGDC_0002_N108M1007 | installer_en.exe | MyContentAssistant security program, not recommend - see here | No |
| N | NI.UGES_0001_N108M2006 | setup_en.exe | MyContentAssistant security program, not recommend - see here | No |
| X | NI.UGES_0001_N122M2111 | mofugclq.exe | Added by an unidentified misleading security program - not recommended | No |
| X | NI.UWA6P_0001_N56M1001 | WinAntiVirusPro2006Installer.exe | WinAntiVirus Pro 2006 misleading virus software - not recommended, see here | No |
| X | NI.UWA6P_0001_N69M0303 | WinAntiVirusPro2006Installer[1].exe | WinAntiVirus Pro 2006 misleading virus software - not recommended, see here | No |
| X | NI.UWA6P_0001_N73M1004 | WinAntiVirusPro2006FreeInstall.exe | WinAntiVirus Pro 2006 misleading virus software - not recommended, see here | No |
| X | NI.UWA6P_0001_N91M1807 | winantiviruspro2006freeinstall[1].exe | WinAntiVirus Pro 2006 misleading virus software - not recommended, see here | No |
| X | NI.UWA7P_0001_N91M0809 | winantiviruspro2007freeinstall[1].exe | WinAntiVirus Pro 2007 misleading virus software - not recommended, see here | No |
| X | NI.UWAS5LP_0001_0811 | UWAS5LP_0001_0811NetInstaller.exe | WinFixer web installer. Winfixer is "Foistware", pretending to be system optimization, protection and recovery software - stealth installed, see here | No |
| X | NI.UWAS6_0001_N57M1312 | WinAntiSpyware2006FreeInstall.exe | WinAntiSpyware 2006 rogue spyware remover - not recommended, see here | No |
| X | NI.UWAS6_0001_N68M2301 | UWAS6_0001_N68M2301NetInstaller.exe | WinFixer web installer. Winfixer is "Foistware", pretending to be system optimization, protection and recovery software - stealth installed, see here | No |
| X | NI.UWFX5 | UWFX5NetInstaller.exe | WinFixer web installer. Winfixer is "Foistware", pretending to be system optimization, protection and recovery software - stealth installed, see here | No |
| X | NI.UWFX5T | UWFX5TNetInstaller.exe | Added by the DOWNLDR-BO TROJAN! | No |
| X | NI.UWFX5[various] | [various filenames] | WinFixer web installer. Winfixer is "Foistware", pretending to be system optimization, protection and recovery software - stealth installed, see here. Example filenames are UWFX5LP_0001_0802NetInstaller.exe, UWFX5V_0001_0802NetInstaller.exe, UWFX5_0001_N66M1101NETINSTALLER.EXE, 1D7C.tmp, WinFixerScannerInstall[1].exe | No |
| X | NI.UWFX6_0001_N68M2301 | UWFX6_0001_N68M2301NetInstaller.exe | WinFixer web installer. Winfixer is "Foistware", pretending to be system optimization, protection and recovery software - stealth installed, see here | No |
| X | NiceDownloads | rundll32.exe MSA64CHK.dll, DllMostrar | MatrixDialer related. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in the Winnt or Windows folder | No |
| X | NiceMP3 | rundll32.exe MSA64CHK.dll, DllMostrar | MatrixDialer related. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in the Winnt or Windows folder | No |
| X | Nielsen NetRatings | insight.exe | NetRatings Premeter spyware | No |
| X | NIEUW | [path to dialler] | "Switch-F" premium rate adult content dialler | No |
| U | NIHomeAM | LiteClientAM.exe | A managed web based internet security service that provides comprehensive & total protection for laptops/desktops - regardless of how, when or where they connect to the Internet. Made by Netintelligence Ltd | No |
| X | nikLaus | nikLaus.exe | Added by the NIKLAS WORM! | No |
| N | Nikon Monitor | nkmonitor.exe | Monitors for a Nikon CoolPix camera being connected via USB port. As soon as it detects a CoolPix camera it executes the Nikon View software to enable the user to transfer images from the camera to the PC | No |
| N | NInit | NInit.exe | Norton Uninstall Deluxe. Monitors programs being installed and logs them for removing later. Available via Start -> Programs for manual logging - not required | No |
| X | NiroFile Updated | NiroFile.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | nisdisa | nisdisa.exe | Added by a variant of the Storm/Nuwar/Zhelatin WORM! See here for an example | No |
| Y | nisserv | NISSERV.EXE | Norton Personal Firewall | No |
| Y | Nisum | NISUM.EXE | Norton Personal Firewall | No |
| U | niSvcLoc | niSvcLoc.exe | Related to National Instruments Corp. LabView | No |
| U | Nitro PDF Printer Monitor | NitroPDFPrinterMonitor.exe | Printer monitor for Nitro PDF Professional from Nitro PDF, Inc. - "complete, affordable and easy-to-use set of tools to work with PDF documents" | No |
| X | NJG40 | NJG40.EXE | Added by the BANCOS.D TROJAN! | No |
| N | NkbMonitor.exe | NkbMonitor.exe | Part of Nikon PictureProject - image management for Nikon digital cameras | No |
| N | NkvMon.exe | NkvMon.exe | Nikon View 5 - for transferring pictures from Nikon digital cameras | No |
| N | NkVwMon.exe | NkVwMon.exe | Nikon View - for transferring pictures from Nikon digital cameras | No |
| U | NliaClient | Netpia.exe | Netpia NLIA System - "In the existing Internet address system, the Domain Name System (DNS) layer runs on the IP address layer. In the NLIA system, however, the upper layer is implemented on DNS" | No |
| X | NLS Keyboard | keyboard.exe | Added by a variant of the SPYBOT WORM! | No |
| X | NLS MonBoard | NSBARD.EXE | Added by the SPYBOT.T TROJAN! | No |
| X | NLS Monitor | nlsmon.exe | Added by the RBOT-AXJ WORM! | No |
| U | nmapp | nmapp.exe | Pure Networks "Network Magic eliminates common frustrations and saves time by simplifying and automating set up, management and repair of home networks, and makes printer and file sharing effortless" | No |
| U | NMBgMonitor | NMBgMonitor.exe | Associated with Nero Scout, added by version 7 of the Nero digital media suite (CD & DVD burning, authoring, etc). Thanks to Help2Go.com, if you feel this is draining more resources that necessary you can disable it by clicking here | No |
| U | nmctxth | nmctxth.exe | Related to Pure Networks comprehensive home and small business networking software that simplifies network configuration | No |
| U | NMFirstStart | NMFirstStart.exe | Associated with Nero Scout, added by version 7 of the Nero digital media suite (CD & DVD burning, authoring, etc). Thanks to Help2Go.com, if you feel this is draining more resources that necessary you can disable it by clicking here | No |
| X | nmgr | nnmgr.exe | FFToolBar adware toolbar | No |
| Y | NMSSupport | IntelHCTAgent.exe | Network monitor for Intel® Hub Connect Technology | No |
| ? | NMSSvc | NMSSVC.EXE | NIC Management Service - diagnostics program for Intel Pro family network cards | No |
| Y | NMSVC | nmSvc.exe | Covenant Eyes - surveillance software that creates records of everything people do on a computer, ie, spying or monitoring depending upon how you call it. Disabling it means loss of internet connection until renabled - therefore required if you use it | No |
| ? | nMTaskBarService | nMtsk.exe | Taskbar control for ISDN NetMod modem. What does it do and is it required? | No |
| U | NNLL | nnll.exe | Net Nanny internet filter | No |
| X | nnqcouu | nnqcouu.exe | The Abi Network adware | No |
| U | NNSvc | nnsvc.exe | Net Nanny internet filter | No |
| X | No Credit Card | plugin-[random].exe | Adult content pop-up dialler | No |
| U | No-IP DUC | DUC20.exe | Part of http://www.no-ip.com provided service. Keeps No-IP's dynamic nameserver (DNS) updated if and when your computer's (network's) dynamic IP-address changes so that you can run servers on computers with dynamic IP. Shortcut available | No |
| U | NoAds | NoAds.exe | Blocks advertisement banners in Internet Explorer | No |
| X | NoAdware | NoAdware.exe | NoAdware - spyware remover. This version is not recommended - see here | No |
| U | NoAdware3 | NoAdware3.exe | NoAdware - spyware remover. Initially not recommended due to false positives and aggressive advertising but the later versions have since improved - see here | No |
| U | NoAdware4 | NoAdware4.exe | NoAdware - spyware remover. Initially not recommended due to false positives and aggressive advertising but the later versions have since improved - see here | No |
| X | Nocana | [path to worm] | Added by the ANACON-B WORM! | No |
| X | Nod23 Service | nod23.exe | Added by the RBOT-GMK WORM! | No |
| X | Nod29 Service | nodwr.exe | Added by a variant of the RBOT WORM! | No |
| X | NOD32 FiX | regedt32.exe | NodFix is a is a potentially unwanted application. This application is given an (X) status because we does not and will not support Cracks or Warez. Do not delete the regedt32.exe as it is the legitimate Windows application. NodFix interferes with the default settings of the NOD32 AV application allowing to bypass its free using period as well as changes the default update server to that eval signatures thus allowing to update NOD32 without password. Note - to avoid interfering with the NOD32 application original settings no full cleanup can be provided | No |
| X | Nod32 Free antivirus | nod32krn.exe | Added by the RBOT-AAO WORM! Note - not the popular free NOD32 antivirus software, which shares the same filename | No |
| X | Nod32 Runtime | sysregi.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Nod32 Service | nod64.exe | Added by the RBOT.ESJ WORM! | No |
| X | Nod32 Service | alserv32.exe | Added by the RBOT.DHN WORM! | No |
| X | Nod32 Service | AutoUpdateWin32.exe | Added by the SDBOT-DJG WORM! | No |
| X | Nod32 Service | nod6.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| U | Nod32CC | nod32cc.exe | Control Center part of Eset's NOD32 virus-scanner. Leave this enabled if you want to update your virus data files via the click of a button | No |
| Y | NOD32kernel | Nod32krn.exe | NOD32 antivirus | No |
| Y | nod32kui | nod32kui.exe | NOD32 antivirus | No |
| Y | NOD32POP3 | Pop3scan.exe | POP3 E-mail part of Eset's NOD32 virus-scanner | No |
| X | Nod3d2 Free antivirus | N0D32KRN.EXE | Added by the RBOT-ABQ WORM! | No |
| ? | NodeMnger | Nodemngr.exe | Part of the Dell OpenManage Client installation - to allow Dell representatives to remote logon? | No |
| X | NoDNS | NoDNS.exe | Added by the CLICKER.WI TROJAN! | No |
| X | nodriver | AUEKXRZ.EXE | Added by a variant of the SPYBOT WORM! | No |
| X | NOFIIN.EXE | NOFIIN.EXE | Added by the HAXDOOR-DP TROJAN! | No |
| X | Noha | aasd.exe | PurityScan/Clickspring adware | No |
| X | Nokia Check | nokiacheck.exe | Added by the RBOT.CDC WORM! | No |
| N | Nokia Connection Monitor | NclConf.exe | Monitors the infrared port, the serial ports and the Bluetooth for a Nokia phone connection. It is installed by the Nokia PC Suite (and Nokia PC Connectivity SDK), and the tray icon shows if a phone has been connected. If you have a conflict with another program, such as TV tuner card remote control monitor, you can disable it, and run only when needed. Available via a desktop shortcut or Start -> Programs - not required | No |
| U | Nokia Tray Application | NclTray.exe | Nokia PC Suite 5 - "A collection of powerful tools that you can use to manage your phone features and data." Synchronize the phone with, for example Outlook. You can also use it to browse your phone, edit the phone list and so on | No |
| U | NOMAD Detector | ctnmrun.exe | Detects the Creative NOMAD jukebox/MP3 player at the time it is attached to USB and starts the needed application (Creative PlayCentre 2) that you use to copy MP3 files to and from it. This is required if you want PlayCentre 2 to take control of the NOMAD once connected | No |
| N | NomdCheck | nomdchek.exe | Part of Intel's Native Audio | No |
| U | nomtray | nomtray.exe | System Tray access to NetMotion Wireless options - including connectivity status (see here) | No |
| X | none | pmsngr.exe | Added by the ZLOB.MEDIA-CODEC TROJAN! This purports to be a Windows Media Player upgrade (with names such as "iCodecPack", "X Password Manager" and "Media-Codec") to allow the user to view adult oriented videos on certain websites - but actually downloads and installs additional malware on the user's machine. Various directories and filenames are used - see the link for details. The most popular for this example appears to be "Video ActiveX Object" | No |
| N | Nonoh | Nonoh.exe | Nonoh - free internet telephony utility using the VoIP (Voice over Internet Protocol). Call online friends for free and regular phones either for free (limited use) or low rates. One of a number provided by Betamax - the others generally have different rate plans. Similar to the more popular Skype | No |
| X | NoooH | sys.exe | Added by the ALNUH WORM! | No |
| X | Nord | nordsys.exe | Added by the DREF-S WORM! | No |
| X | Norman Worl System Ability | nwcss32.exe | Detected by Trend Micro as the DELF.IO TROJAN! See here | No |
| U | Norman ZANDA | ZLH.EXE | System Tray icon for Norman Antivirus | No |
| X | NortE Antivirus | norte.exe | Added by the RBOT.BQQ WORM! | No |
| X | NortE Antivirus | norten.exe | Added by the RBOT-AFF WORM! | No |
| X | norten Software Intrenet | norten.pif | Added by the RBOT-AWA WORM! | No |
| X | Norton Antiviral Scanner | navscnr.exe | Added by the DELBOT-K WORM! | No |
| X | Norton Antivirus | nortonav.exe | Added by the RBOT-AYE TROJAN! Note - this is not the real Norton AV! | No |
| X | Norton Antivirus 2004 | SYMANTECAV2.EXE | Added by the SPYBOT-DY WORM! Note - this is not the real Norton AV! | No |
| X | Norton Antivirus 7.0a | [path to file] | Added by the PERDA-B or RANCK-CT TROJANS! | No |
| X | Norton Antivirus AV | FVProtect.exe | Added by the NETSKY.P WORM! Note - this is not the popular AV software! | No |
| X | Norton AntiVirus Sys | NAVsys32.exe | Added by a variant of the WOOTBOT WORM! | No |
| X | Norton Antivirus Updater | nortonav.exe | Added by the DELBOT-T WORM! Note - this is not the real Norton AV! | No |
| X | Norton Auto Protect | nava.exe | Added by an unidentified WORM or TROJAN! | No |
| X | Norton Auto Protect | crss32.exe | Added by the SDBOT.ATF WORM! | No |
| Y | Norton Auto-Protect | navapw32.exe | Norton Anti-Virus's background scanning process | No |
| X | Norton Auto-Protect | ccApp.exe | Added by the AKHER.D WORM! Note - for the valid Norton AV entry the filename is "navapexe". This is also not the valid Norton AV file with the same filename | No |
| X | Norton Auto-Protect | SERVICES.exe | Added by the Ahker.B WORM! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Windows or Winnt folder. Also, this is not part of Norton AV | No |
| ? | Norton AV Preload | Premend.exe | Norton Antivirus related. What does it do and is it required | No |
| X | Norton AV Protection Startup | Ati2xxx.exe | Added by a variant of the RBOT WORM! | No |
| N | Norton Crashguard Monitor | cgmenu.exe | Troublesome program that doesn't actually work with WinME so Norton removed it from SystemWorks 2001 | No |
| N | Norton Disk Doctor | Ndd32.exe | Norton Disk Doctor from Norton Utilities. Automatically runs at start-up, checking for disk errors. Better than ScanDisk but can be started manually via Start -> Programs. Delete the shortcut in the Start -> Programs -> Startup folder as well | No |
| X | Norton Drive Protection | msdt32.exe | Added by the FORBOT-GB WORM! Note - this not a valid Norton program! | No |
| Y | Norton eMail Protect | POPROXY.EXE | Proxy E-mail protection from Norton Anti-Virus (prior to 2002). If you have it installed, leave it enabled to automatically check for suspect attachments in E-mails that may contain viruses. It downloads the E-mail into poproxy, which serves as a proxy server on the local machine, before scanning it | No |
| X | Norton Firewall | [path to trojan] | Added by the BANKER-ET TROJAN! | No |
| N | Norton Ghost 10.0 | GhostTray.exe | Norton Ghost tray icon - the application can be launched manually | No |
| N | Norton Ghost 9.0 | GhostTray.exe | Norton Ghost tray icon - the application can be launched manually | No |
| X | Norton GProtect | ngrfn.exe | Added by a variant of the RBOT WORM! | No |
| X | Norton Guard 32 | ntguard32.exe | Added by a variant of the RBOT WORM! | No |
| X | Norton Live Update Server | cpsdv.exe | Added by the AGOBOT.EW TROJAN! | No |
| X | Norton Live Updater | Cavapsvc.exe | Added by the GAOBOT.AO WORM! | No |
| X | Norton Live Updater | Sochost.exe | Added by the GAOBOT.AO WORM! | No |
| N | Norton Navigator Loader | nnloader.exe | An older Norton utility for file management under Windows 95. More information here | No |
| X | Norton Personal Firewall | jah.exe | Added by a variant of the SDBOT WORM! | No |
| X | Norton Personal Firewall | npfw.exe | Added by the RBOT-UI WORM! | No |
| X | Norton Personal Firewall | lah.exe | Added by a variant of the RBOT WORM! | No |
| X | Norton Personal Firewall | npfw32.exe | Added by the RBOT-UQ WORM! | No |
| Y | Norton Personal Firewall | IntroWiz.exe | Part of Norton Personal Firewall or Norton Internet Security | No |
| U | Norton Program Scheduler | nsched32.exe | Installed on a Windows system where the Windows Task Scheduler isn't used as part of the OS (Win95, WinNT(?), Win2K(?)) to schedule automatic tasks such as Norton Anti-Virus scans | No |
| U | Norton Program Scheduler | NPSsvc.exe | Installed on a Windows system where the Windows Task Scheduler isn't used as part of the OS (Win95, WinNT(?), Win2K(?)) to schedule automatic tasks such as Norton Anti-Virus scans | No |
| ? | Norton Program Scheduler Event Checker | npscheck.exe | Part of Norton Anti-Virus. What does it do? Apparently it can safely be disabled without causing problems. Can also be listed as NPS Event Checker | No |
| X | Norton Protect | npprotect.exe | Added by the RBOT-WW WORM! | No |
| X | Norton protect | nvsvc.exe | Added by a variant of the RBOT WORM! | No |
| X | Norton Protect Activies | csrss.exe | Added by the BANKER-CZ TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "D5133" subfolder | No |
| X | Norton Service Driver | wsul.exe | Added by the RBOT-ABI WORM! | No |
| X | Norton Service Process | navapvc.exe | Added by a variant of the AGOBOT/GAOBOT WORM! | No |
| X | Norton SpySweeper AutoUpdate | navsw.exe | Added by the FORBOT-AS WORM! | No |
| X | Norton System | csrs.scr | Added by the BANLOA-AFM TROJAN! | No |
| N | Norton System Doctor | Sysdoc32.exe | Norton Disk Doctor from Norton Utilities. Automatically runs at start-up, major resource hog and best started manually form Start -> Programs. Delete the shortcut in the Start -> Programs -> Startup folder as well | No |
| N | Norton SystemWorks | cfgwiz.exe | Norton System Works configuration wizard. Reportedly a resource hog. Many users find they can live without loading it | No |
| X | Norton Update | ccUpdate.exe | Added by a variant of the AGOBOT/GAOBOT WORM! | No |
| X | Norton Update | winsvc.exe | Added by the AGOBOT.ALP WORM! | No |
| X | Norton Update | cUpdate.exe | Added by the AGOBOT.APP WORM! | No |
| X | Norton updated | NVSV32.EXE | Added by the SDBOT.ABH WORM! | No |
| X | Norton Updater | winset.exe | Added by a variant of the SPYBOT WORM! | No |
| X | Norton Updater | lsa.exe | Added by a variant of the RBOT WORM! | No |
| X | Norton Updater | NortonUpdate.exe | Added by an unidentified WORM or TROJAN! | No |
| X | Norton Updater | ccUpdate.exe | Added by a variant of the AGOBOT/GAOBOT WORM! | No |
| X | Norton Updater | navupdtr.exe | Added by the SDBOT.AXV WORM! | No |
| X | Norton Wizzard | nwiz.exe | Added by the GAOBOT.ADV WORM! Note - this is not the valid nVidia application that shares the same name | No |
| X | norton32 | norton32.exe | Added by an unidentified VIRUS, WORM or TROJAN! | No |
| X | NortonAntivirus | LSASS.exe | Added by the PEXMOR WORM! Note - this is not the legitimate lsass.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "Temp" subfolder of the Winnt or Windows folder. It also has nothing to do with Norton AV | No |
| X | NortonAV | norton_antivirus.exe | Added by the NETJOE TROJAN! Note - this is not the legitimate Symantec AV program | No |
| X | nortonav | CCUPD32.EXE | Added by an unidentified WORM or TROJAN! | No |
| X | nortonp | nortonp.exe | Added by the JD-A TROJAN! | No |
| X | Nortons AV SYSTEM | scvchost.exe | Added by a variant of the RBOT WORM! | No |
| X | Nortons AVS Systems | arse.exe | Added by the RBOT.AWY WORM! | No |
| X | nortonsantivirus | ccEvtMngr.exe | Added by the HZDOOR-A TROJAN! | No |
| X | NortonVPlus | svchost.exe | Added by the ROAMER-A TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! | No |
| X | noskrnl | noskrnl.exe | Added by the PEACOMM.D TROJAN! | No |
| U | Notebook Maximizer | maximizer_startup.exe | Toshiba Notebook Maximizer software - adjust settings to save battery power and increase efficiency | No |
| U | NotebookHardwareControl | nhc.exe | "With Notebook Hardware Control you can easily control the hardware components of your Notebook" | No |
| ? | NotebookManager | nbm.exe | Associated with Acer notebook PCs. What does it do and is it required? | No |
| N | NoteBurner | VTBurnerGUI.exe | NoteBurner from NoteBurner Inc. - "a versatile music converter that can be used as MP3 music converter, AAC audio converter, WAV to MP3 converter, M4A to MP3 converter, and RM to MP3 converter" | No |
| X | NotePad | [worm filename] | Added by the SILLYFDC-G WORM! | No |
| X | Notepad | ntoepad.exe | Added by the DELBOT-AK WORM! | No |
| X | Notepad lptt01 | notepad.exe | RapidBlaster variant (in a "Notepad" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here. Note - this is not Windows Notepad which has the same executable name | No |
| X | Notepad ml097e | notepad.exe | RapidBlaster variant (in a "Notepad" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here. Note - this is not Windows Notepad which has the same executable name | No |
| X | notepad.exe | upx.exe | Added by a variant of the AGENT.AH TROJAN! | No |
| X | notepad.exe | msmsgs.exe | Added by the ZLOB TROJAN and variants! Note - this particular msmsgs.exe file is located in %System% and should not be mistaken for the MSN Messenger file of the same name! | No |
| X | notepad2.exe | popuper.exe | Added by the PUPER-E TROJAN! | No |
| X | notes | notepaad.exe | Added by the RBOT.BME WORM! | No |
| U | NoticeP.exe | NoticeP.exe | Part of iSync which allows "you to transfer songs from any music downloading software to your iTunes? library". The trial version displays advertisements which disappear if you purchase the software | No |
| X | Notification Utility | altpayV2.exe | Reported by Ewido Security Suite as WeirWeb adware | No |
| X | Notn | Eber.exe | PurityScan/Clickspring adware | No |
| X | Notn | wtta.exe | PurityScan/Clickspring adware | No |
| U | NovaBackup * Tray Control | NbkCtrl.exe | Scheduling engine of NovaSTOR Backup Service. Only required if scheduling is enabled and wanted - see here. * represents the version number | No |
| ? | NovaPortal Single User Service | NPSU.exe | ?? | No |
| U | NovastorSchedulerd | SCHENGD.EXE | NovaStor NovaBACKUP Scheduler - back-up utility. If you don't have regularly scheduled back-ups you don't need it | No |
| X | novsvida.exe | novsvida.exe | GlobalAccess dialer | No |
| X | NoWayVirus | pgs.exe | NoWayVirus misleading security software - not recommended, see here | No |
| X | NOYPI_KANG_ASTIG | Exit to DosPrompt.pif | Added by the FILUKIN.A WORM! | No |
| X | np | upnp.exe | Added by the YABE.AE TROJAN! | No |
| X | NPF Value | NPFMONTR.exe | Added by the RBOT-AWD WORM! | No |
| ? | NPFMonitor | NPFMntor.exe | Norton AntiVirus Firewall Install Monitor. What does it do and is it required? | No |
| X | npkmnc | npkmnc.exe | WebVia adware | No |
| U | NPROTECT | nprotect.exe | Norton Protected Recycle Bin from Norton Utilities. Adds an extra layer of safety before you remove deleted files from the Recycled Bin. Can be listed twice which is valid | No |
| ? | NPS Event Checker | npscheck.exe | Part of Norton Anti-Virus. What does it do? Apparently it can safely be disabled without causing problems. Can also be listed as Norton Program Scheduler Event Checker | No |
| X | NS | ns.exe | Added by the AGOBOT-HS WORM! | No |
| X | NSCheck | NSCHECK.EXE | MarketScore parasite - ActiveX control used to download premium-rate dialers | No |
| X | nscntrl | nscntrl.exe | Added by the DLOAD-DC TROJAN! | No |
| X | nsdcmd services | nsdcmdav.exe | Added by a variant of the AGOBOT/GAOBOT WORM! | No |
| X | nsdcmd vid process | nsdcmdwin.exe | Added by a variant of the AGOBOT/GAOBOT WORM! | No |
| X | nsdlua | nsdlua.exe | All-In-One Telcom - adult content dialler | No |
| X | nsdriver | nssys32.exe | NetShagg adware | No |
| X | nse | nse.exe | Added by the AGOBOT-ML WORM! | No |
| U | Nsengine | Nsengine.exe | Scheduling engine of NovaSTOR Backup Service. Only required if scheduling is enabled and wanted - see here | No |
| U | NSHelper | aexnsinstallhelper.exe | Altiris Express Notification Server Install helper - monitors integrity of the installation | No |
| U | NSK | NSK.exe | Ardakey keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| U | NSRKey | NSRTray.exe | System Tray access to Norton Save & Restore backup utility | No |
| X | nssysconf | [random filename] | Added by the VIVIA.A TROJAN! | No |
| X | nstat | netstat.exe | Adult content dialler | No |
| X | NSupdate | NSupdate.exe | Added by the Dial/Laet-B premium rate dialer! | No |
| X | Nsv | nsvsvc.exe | Delfin Promulgate adware | No |
| X | nsvcin | n20050308.exe | Delfin Media Viewer adware related | No |
| X | Nsvdr | nsvdr.exe | Adult content dialler | No |
| U | nsys | nsys.exe | NetSpy keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| X | nsys32 | nsys32.exe | Added by the AGOBOT-SU WORM! | No |
| N | NSystemMonitor | Symmon.exe | Norton Uninstall Deluxe - monitors programs being installed and logs them for removing later. Available via Start -> Programs for manual logging | No |
| N | NT Kernel Patch | ntkrnlpt.exe | FaxServe network fax software | No |
| X | NT LM Security Support Provider | WinNTLM.exe | Added by a variant of the SDBOT WORM! | No |
| X | NT Logging Service | Syslog32.exe | Added by the DONK.B WORM and variants! | No |
| X | NT MICROSOFT SVCD | ntvsvcd.exe | Added by a variant of the RBOT WORM! | No |
| X | NT security | rundll32.com | Added by the RBOT-AJC WORM! | No |
| X | NT Service | NTOKSRNL.EXE | Added by the RBOT-AAG WORM! | No |
| X | NT Services | ntsvc.exe | Added by the AGOBOT.VJ WORM! | No |
| X | Nt System Protocol | ntsystem.exe | Added by the RBOT.DSB TROJAN! | No |
| X | NT Virtual Machine | [path to file] | Added by the SCAERBOT-A WORM! | No |
| X | NT Windows System Manager Loader | csrlss.exe | Added by the AGOBOT.OX WORM! | No |
| X | Nt**.exe [* = random char] | Nt**.exe [* = random char] | CoolWebSearch/HomeSearch adware - for examples, see this log | No |
| X | Nt**32.exe [* = random char] | Nt**32.exe [* = random char] | CoolWebSearch/HomeSearch adware - for examples, see this log | No |
| X | NT-Virtual Device Manager | ntvdmn.exe | Added by the SDBOT-AAA WORM! | No |
| X | Ntcheck | mapserver.exe | Added by the TOMPAI-B WORM! | No |
| X | NTCommLib3 | NTCommLib3.exe | Admess adware variant | No |
| X | ntddetect | ntddetect.exe | Added by the AGENT-CU TROJAN! | No |
| X | NTdhcp | NTdhcp.exe | Added by the QQROB-C TROJAN! | No |
| X | NTdhcp | CiKewl.exe | Added by the QQROB-N TROJAN! | No |
| X | ntdll | ntdll.exe | Added by the BIONET.404 TROJAN! | No |
| X | ntdll.dll | TrustCleaner.exe | Smitfraud variant | No |
| X | NTDLM | csrss.exe | Added by the HALE TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "Qossrv" subfolder | No |
| X | Ntech.patchs | [trojan filename] | Added by the LEMIR.G TROJAN! | No |
| X | ntechin | n20050308.exe | Delfin Media Viewer adware related | No |
| X | nternet Explorer | iexplore.exe | Added by the FORBOT-CT WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System% | No |
| X | NTFS16 | ntfs16.exe | Added by the RBOT-LY WORM! | No |
| Y | NTFSCLUP | NTFSCLUP.EXE | Part of ConfigSafe- "checks if an ntfssos restore has been performed since it was last run. It exits immediately after running. 99+% of the time it will only execute about a dozen instructions before exiting" | No |
| X | ntfsmonitorpro | ntfs64.exe | Added by the FORBOT-EB WORM! | No |
| X | NTFSS Microsoft System | filees.exe | Added by the RBOT.GAB WORM! | No |
| X | NTFSS MICROSOFT SYSTEM | filess.exe | Added by the RBOT.AXZ WORM! | No |
| X | ntfyapp | ntfyapp.exe | Detected by PCTools as the ZHELATIN WORM! See here | No |
| Y | ntl Netguard | RPS.exe | ntl Netguard - anti-virus a package of services, specifically designed to keep you safe and secure with their ntlworld online services | No |
| X | ntldr | ntldr.exe | Browser hijacker to search-control.com (TrojanDropper.Win32.Small.ig). In addition to Registry changes found by HijackThis, also creates the following system files: C:WINDOWSSYSTEMntldr.exe, C:m.exe, C:WINDOWSSearch-For-You.url, C:n.bat, C:q.exe, C:r.bat | No |
| N | ntlfreedom | rundll32 [path] RyDial.dll, QuickStart | NTL Freedom dial-up ISP software - not required | No |
| X | NTmessageSystem | loadnewmessage.exe | Added by the HIDAGENT-B WORM! | No |
| X | ntmsevt | ntmsevt.exe | Added by the STOPED-B TROJAN | No |
| X | NTP Server | [path to trojan] | Added by the RANKY.F TROJAN! | No |
| Y | nTrayFw | ntrayfw.exe | Software interface for NVIDIA ActiveArmor - hardware firewall built into nVidia nForce motherboard chipsets | No |
| N | NTrtc | ntrtc.exe | Dell year 2000 tool to deal with non-standard applications. Only required on older Dell PCs that may need this support | No |
| X | NTSet32 | services.exe | Added by the WINSPY-C TROJAN! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\dll32 | No |
| X | NTSF Microsoft System | fylez.exe | Added by a variant of the RBOT WORM! | No |
| X | NTSF MICROSOFT SYSTEM | wntsf.exe | Added by the RBOT.ATC WORM! | No |
| X | NTSF MICROSOFT SYSTEM | fufffy.exe | Added by the RBOT-AEL WORM! | No |
| X | NTSF MICROSOFT SYSTEM | ntssf.exe | Added by a variant of the RBOT WORM! | No |
| X | NTSF MICROSOFT SYSTEM | scvhost.exe | Added by a variant of the RBOT WORM! | No |
| X | NTSF MICROSOFT SYSTEM | winsis32.exe | Added by a variant of the RBOT WORM! | No |
| X | NTSF MICROSOFT SYSTEM | marya.exe | Added by the RBOT-AXY WORM! | No |
| X | NTSF MICROSOFT SYSTEM | sysman.exe | Added by the RBOT.EDP WORM! | No |
| X | ntsmod | ntsmod.exe | Adware downloader/installer, probably VX2/Look2Me related - also detected as the WIN32.VB.RL TROJAN! | No |
| X | NTsocket | NoeWinnt.exe | Added by the ATAKA-E TROJAN! | No |
| X | NTSpool | NTSpool.exe | Added by the AGENT-GPY TROJAN! | No |
| X | NTsrv.exe | NTsrv.exe | Added by a variant of the SERVU-O TROJAN! | No |
| X | Ntsysv | ntsysv.exe | Added by the MIFENG-E TROJAN! | No |
| U | nTune | nTune.exe | nVidia nTune - motherboard monitoring and overclocking utility for nVidia nForce chipset based motherboards | No |
| U | nTuneCmd | nTuneCmd.exe | nVidia nTune - motherboard monitoring and overclocking utility for nVidia nForce chipset based motherboards | No |
| X | ntupd32 | ntupd32.exe | Unidentified malware - see here | No |
| X | ntupdate | dnsvc.exe | Added by the SDBOT-TC WORM! | No |
| X | NTupdater | [path to trojan] | Added by the DIGARIX-D TROJAN! | No |
| X | ntuser | ctfmun.exe | Detected by Symantec as the SILLYFDC WORM! See here | No |
| X | ntuser | ntuser.exe | Added by the SMALL!SD5 TROJAN! | No |
| X | ntuser | spool.exe | Detected by Symantec as the SILLYFDC WORM! See here | No |
| X | ntuser | spools.exe | Detected by Symantec as the SILLYFDC WORM! See here | No |
| X | ntuser | svchost.exe | Added by the POLYCRYP.DY TROJAN! | No |
| U | NTVDM | NTVDM.EXE | Windows NT Virtual DOS Machine (NTVDM) for running 16-bit tasks on the 32-bit OS's (Windows NT, 2K and XP). Required if hardware on a machine with these OS's needs 16-bit DOS drivers. You can find a bit more about NTVDM here | No |
| X | ntvdmd | ntvdmd.exe | Adware downloader - also detected as the DLOADER-YP TROJAN! | No |
| X | ntvdscm | ntvdscm.exe | Added by the SCKEYLOG-I TROJAN! | No |
| X | ntx32 | ntx32.exe | Added by an unidentified WORM or TROJAN! | No |
| X | Numerical Xterm Agent | 0x32.exe | Added by the RBOT-FWP WORM! | No |
| X | Numerical Xterm Agents | 2x32.exe | Added by the RBOT-FWY WORM! | No |
| X | Numerical Xtermz Agent | 1x32.exe | Added by the RBOT-FWX WORM! | No |
| Y | NuTCSetupEnviron | ncoeenv.exe | Used by the MKS Toolkit for Enterprise Developers product. NuTCracker is a Unix runtime environment for Windows, so disabling this would be unwise if you are using NuTCracker or any 3rd party package that is using it. Since you might not know what is actually using it it's probably best left alone | No |
| U | NuvaTime | NuvaTime.exe | NuvaTime - reminder for women using NuvaRing | No |
| X | NvagNT | nvagNT.exe | Added by the AGOBOT-RV WORM! | No |
| X | nvc Win32 | nvcvc.exe | Added by the RBOT-ADD WORM! | No |
| X | NvCCCpl | NvCCCpl.exe | Added by the NOGATA-A TROJAN! | No |
| X | nvchost | winlogon.exe | Added by the KLONE-J TROJAN! Note - this is not the legitimate winlogon.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | NvClipRsv | svchost.exe | Added by the DUMARU-K WORM! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | NvClipRsv | swchost.exe | Added by the DUMARU-AK WORM! | No |
| ? | NVCLOCK | rundll32 nvclock.dll, fnNvclock | Overclocking utility for nVidia based graphics cards? | No |
| X | nvcoi | nvcoi.exe | Added by the DLOADER.TYO TROJAN! | No |
| ? | NvColorInit | rundll32.exe NvQtwk.dll, NvColorInit | Associated with Nvidia based graphics cards | No |
| X | NVCOM | NVCOM.exe | Added by the AGOBOT-SB WORM! | No |
| X | NvCp1Do | [path to trojan] | Added by the DWNLDR-GWE TROJAN! The most common filename seen is "smss.exe" - which is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! | No |
| U | NvCpl | rundll32.exe NvCpl.dll, NvStartup | Intializes the clock and memory settings on nVidia based graphics cards. Enable if you overclock your card | No |
| X | NvCpl | NvCpl.EXE | Added by the YANZ.B WORM! | No |
| X | NvCpl | [random filename] | Added by the AGOBOT-APJ WORM! | No |
| X | NvCpl | windowsp.exe | Added by a variant of the SDBOT WORM! | No |
| X | NvCpl | rundl32.exe | Added by the AGOBOT-TO WORM! Note - the valid version of this entry has the command line as "rundll32.exe NvCpl.dll,NvStartup" | No |
| X | NvCPL32 | nvcpl32.exe | Added by the AGOBOT.DAA WORM! | No |
| X | NvCpl32Deamon | nvcpl.exe | Added by the SPYBOT.S WORM! | No |
| X | NvCplD | m2gr32.exe | "Switch" premium rate adult content dialler variant | No |
| X | NvCplD | ntcpl.exe | "Switch" premium rate adult content dialler variant | No |
| N | NvCplDaemon | rundll32.exe NvQtwk.dll, NvCplDaemon | System Tray icon used to change display settings, change the clock rate and memory speed for nVidia based graphics cards. This is unnecessary since you can easily configure these settings the way you want them in the Display Properties and not have to mess with them again. Also disable the "NVIDIA Driver Helper Service" if enabled as it can cause this entry to be re-enabled on re-boot (note that this service can also cause extreme shutdown delays if enabled - see here) | No |
| U | NvCplDaemon | rundll32.exe NvCpl.dll, NvStartup | Intializes the clock and memory settings on nVidia based graphics cards. Enable if you overclock your card | No |
| X | NvCplDaemon | msmsgrs.exe | Added by the DLOADER-YI TROJAN! | No |
| X | NvCplDaemon32 | anvshell32.exe | Added by the VB-XU TROJAN! | No |
| X | NvCplDeamon | nvdisp.exe | Added by the PEEPVIE-I TROJAN! | No |
| X | NvCplDmn | NAVSVC.EXE | Added by an unidentified VIRUS, WORM or TROJAN! | No |
| X | NvCplScan | msc32.exe | Added by the FORBOT-DD WORM! | No |
| X | NvCplScan | winasp.exe | Added by the FORBOT.BZ WORM! | No |
| X | NvCplScan | nvsc32.exe | Added by the BROPIA.N WORM! | No |
| X | NvCplScan | kav32.exe | Added by the FORBOT-EW WORM! | No |
| X | NvCplScan | netstat32.exe | Added by the SDBOT.BRL WORM! | No |
| X | nvctrl.exe | nvctrl.exe | Added by the ZLOB.G TROJAN! | No |
| X | nvd32 lptt01 | nvd32.exe | RapidBlaster variant (in a "nvd32" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here | No |
| X | nvd32 ml097e | nvd32.exe | RapidBlaster variant (in a "nvd32" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here | No |
| X | NVDispDrv | NVDispDRV.EXE | Added by the WINKO.AO WORM! | No |
| X | NvGraphicsInterface | [path to trojan] | Added by the BCKDR-QKI BACKDOOR! | No |
| U | NVHotkey | rundll32.exe nvHotkey.dll | Enables the use of "hot keys" for changing setting on Nvidia graphics | No |
| X | Nvid | [8 random charachters] | Unidentified adware | No |
| X | Nvid32 | Nvid32.exe | Added by the GEMA TROJAN! | No |
| X | Nvidex32 | Nvidex32.exe | Added by the GEMA TROJAN! | No |
| Y | NVIDIA ActiveArmor | ntrayfw.exe | Software interface for NVIDIA ActiveArmor - hardware firewall built into nVidia nForce motherboard chipsets | No |
| X | nVidia Application Drivers | nvidiav32.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| X | Nvidia Control Daemon | nksvc32.exe | Added by an unidentified WORM or TROJAN! | No |
| X | Nvidia Control Panel | ncsvc32.exe | Added by an unidentified VIRUS, WORM or TROJAN! | No |
| X | nVidia Display Drivers (x86) | nvsys86.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | NVIDIA Driver | MSPMSPSU.EXE | Added by the WOOTBOT.Y WORM! | No |
| X | nVidia Drivers | nVidiaDrvers.exe | Added by the SDBOT-AFX WORM! Note - this is not related to any nVidia based motherboard or graphics card | No |
| X | NVidia Drivers | [path to trojan] | Added by the RANCK-R TROJAN! Note - this is not related to any nVidia based motherboard or graphics card | No |
| N | NVIDIA nForce APU1 Utilities | NVATray.exe | nVidia's nForce Audio Processing Unit (APU)- "provides 3D positional audio and DirectX 8.0 compatibility, and encodes and decodes Dolby Digital 5.1 audio in real time" | No |
| U | NVIDIA nTune | nTune.exe | nVidia nTune - motherboard monitoring and overclocking utility for nVidia nForce chipset based motherboards | No |
| X | nVidia System Drivers | nvsys32.exe | Added by an unidentified WORM or TROJAN! See here | No |
| U | NVidia System Utility | NVSystemUtility.exe | NVidia System Utility (now nTune) lets you adjust bus speeds, hardware voltages, memory controller timings, and fan speed as well as additional settings to increase performance aggressiveness and hardware voltages. Will also display a dynamic graph of CPU and system temperatures, hardware voltages, and memory bus speeds | No |
| X | NVIDIA Video drivers | video_32D.exe | Added by the AGOBOT.KV WORM! | No |
| X | NVIDIA Video drivers | video_32sD.exe | Added by the RBOT-BB WORM! | No |
| X | Nvidia32 | nvidia32.exe | CoolWebSearch parasite variant - also detected as the HOSTS-B TROJAN! | No |
| X | NviDiaGT | lsass.exe | Added by the AUTORUN-DV WORM! Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ~A~m~B~u~R~a~D~u~L~ subfolder | No |
| N | NvidiaQuickTweak | rundll32.exe NvQtwk.dll, NvTaskbarInit | System Tray icon used to manage settings for nVidia based graphics cards. May be required for some 3D applications to recognize your card correctly - such as the game "Everquest". Otherwise, settings can be changed manually via Display Properties | No |
| X | nvidll32 | nvidll32.exe | Added by the RBOT-XK WORM! | No |
| U | NVIEW | rundll32.exe nview.dll, nViewLoadHook | This is a DLL to enable multiple display monitors on a single computer. It can be a cause of numerous problems on some computers | No |
| X | nviload32 | nviload32.exe | Added by the SDBOT-VT WORM! | No |
| N | NvInitialize | rundll32.exe NvQtwk.dll, NvXTInit | Thought to enable the clock frequency option on nVidia control panels. You can overclock without leaving this enabled | No |
| X | nvirundll | nvirundll.exe | Added by the SPYBOT.NPS WORM! | No |
| X | nvjxue | nvjxue.exe | Added by the EYEVEG-J WORM! | No |
| Y | NVmax | NVmax.exe | NVmax is a old tweaking utility for NVidia graphics cards. In the startup list if the user chooses to overclock their card | No |
| N | NVMCTRAY | RUNDLL32.EXE ...NVMCTRAY.DLL, NvTaskbarInit | System Tray icon used to manage settings for nVidia based graphics cards. May be required for some 3D applications to recognize your card correctly - such as the game "Everquest". Otherwise, settings can be changed manually via Display Properties | No |
| U | NvMediaCenter | RunDLL32.exe NvMCTray.dll, NvTaskbarInit | System Tray icon used to manage settings for nVidia based graphics cards. May be required for some 3D applications to recognize your card correctly - such as the game "Everquest". Otherwise, settings can be changed manually via Display Properties | No |
| N | NVMixerTray | NVMixerTray.exe | System Tray access to audio controls from nVidia's motherboard ForceWare software | No |
| X | nvmsgdwn | NVMSGDWN.EXE | Added by the GRABER-D TROJAN! | No |
| X | NvMsnW | Isass.exe | Added by the BROPIA.K WORM! | No |
| X | nvpatch | napatch.exe | Added by the SASSER-F WORM! | No |
| U | NvPvrNetMon | NvPvrNetMon.exe | Network monitor for the Personal Video Recorder function of the NVIDIA ForceWare Multimedia application - "makes sure you don?t miss your favorite show. If you won?t be home to watch the show, just use the PVR to set future recordings" | No |
| N | NVQuickTweak | rundll32.exe NvQtwk.dll, NvTaskbarInit | System Tray icon used to manage settings for nVidia based graphics cards. May be required for some 3D applications to recognize your card correctly - such as the game "Everquest". Otherwise, settings can be changed manually via Display Properties | No |
| N | NVRaidService | nvraidservice.exe | nVidia NVRaid - hard disk striping/mirroring utility for increased performance and reliability. Doesn't seem to be required if you have a RAID setup as there is no performance difference without it | No |
| ? | NVRotateSysTray | nvsysrot.dll | Related to NVIDIA nView Control Panel. What does it do and is it required? | No |
| N | NVRT | nvrt.exe | NVRefreshTool is a utility that will automatically detect the maximum refresh rate at each resolution that your monitor supports | No |
| ? | NVRTClk | NVRTClk.exe | Related to a Gigabyte video card. What does it do, and is it required? | No |
| X | nvsv32.exe | nvsv32.exe | Added by the FORBOT-DI WORM! | No |
| X | nvsv32.exe | cstr.exe | Added by a variant of the SDBOT WORM! | No |
| X | nvsv32.exe | asr_fnt.exe | Added by the WOOTBOT.GE WORM! | No |
| X | nvsv32.exe | nvsv33.exe | Added by the WOOTBOT.FP WORM! | No |
| N | NvSvc | nvsvc.exe | NVIDIA Driver Helper Service - installed when you change from the WDM drivers to nVidia's latest versions but not requied. Extreme shutdown delays can be encountered with this service active, but no adverse side effects with it disabled. NOTE: If using drivers other than nVidia's, such as Asus, this service may have been renamed to reflect that | No |
| X | nvsvc | nvsvc.exe | Added by the BANKER-HQ TROJAN! Note - this is not the valid NVIDIA Driver Helper Service and is located in %System% | No |
| X | NVSVC | nvsvc.exe | Added by the AGOBOT.ALX WORM! Note - this is not the valid NVIDIA Driver Helper Service and is located in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| Y | NvSvc | rundll32.exe nvsvc.dll, nvsvcStart | Related to NVIDIA graphics cards | No |
| X | nvsvca32 | nvsvca32.exe | Added by the TACTSLAY.E TROJAN! | No |
| X | nvsvca32 | clfmon.exe | Added by the TACTSLAY.E TROJAN! | No |
| X | NVSystem32 | nvscv32.exe | Added by the AGOBOT-NO WORM! | No |
| X | Nvt32 | complaint_7251.exe | Added by the ARTIEF.B TROJAN! | No |
| X | NvUpdater | nwiz32.exe | Added by a variant of the RBOT WORM! | No |
| X | NvVideoCenter | NvVid.exe | Added by the HAXDOOR-DO TROJAN! | No |
| X | NvXplDeamon | xstyles.exe | Added by the SMALL.AJ VIRUS! | No |
| ? | NWEReboot | dummy.exe | ?? | No |
| U | nwiz | nwiz.exe | Nvidia nView Wizard - present with the newer versions of nVidia graphics cards drivers. Allows you to immensely improve desktop layouts by setting preferences and optimizations. If you use any of the special nView features available in the control panel leave this alone - otherwise you can disable it | No |
| X | nwiz32 | nwiz32.exe | Added by the SINBANK-A TROJAN! | No |
| Y | Nwpopup | Nwpopup.exe | Broadcast message handler part of Novell Netware that displays server, printer and other messages | No |
| U | nwrecmsg | nwrecmsg.exe | Broadcast message handler part of Novell Netware that displays server, printer and other messages - can cause crashes | No |
| U | nwss | Sp0.exe | SpyOutside surveillance software. Uninstall this software unless you put it there yourself | No |
| Y | NWTRAY | nwtray.exe | Novell Netware. Displays the red "N" tray icon which can be disabled (by right-click on the icon) but is also needed by the client | No |
| X | nxgsvc | rundll32.exe nxgsvc.dll,start | Added by the AKBOT.BA WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "nxgsvc.dll" file is found in %System% | No |
| X | nxosys | rundll32.exe nxosys.dll,start | Added by the AKBOT.BD WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "nxosys.dll" file is found in %System% | No |
| U | nxpclient | sprtcmd.exe /P nxpclient | NetExpert - "India's first ever automated Broadband care technology." Identifies and automatically fixes typical problems that may occur with your high-speed internet service | No |
| ? | oadaemon | oadaemon.exe | Background process that establishes connection with a C3-1000 scanner and watch general status of the device and for scanner button presses. Can it be started manually? | No |
| Y | oahstifr | oahstifr.exe | Comes with HyperTextStudio. From the supplier - "The Osserver maintains the database for HyperText Studio projects - absolutely vital, it verifies all the links etc in a site. It runs as a service in NT, 2K and XP but needs to start up in Win 9.x so you'll see a DOS box for a short while during boot up." | No |
| U | OAKSTART | OAKSTART.EXE | Sets the spindown timeout and access speeds at startup and displays a splash screen for CD-RW. | No |
| N | OAKTASK | OAKTASK.EXE | Taskbar utility for a "control panel" for a CD-RW | No |
| U | OASClnt | oasclnt.exe | McAfee VirusScan On-Access Scan Client service | No |
| X | OB Updater | ob.exe | Added by the AOGBOT-KN WORM! | No |
| Y | Object Store Server | osserver.exe | Comes with HyperTextStudio. From the supplier - "The Osserver maintains the database for HyperText Studio projects - absolutely vital, it verifies all the links etc in a site. It runs as a service in NT, 2K and XP but needs to start up in Win 9.x so you'll see a DOS box for a short while during boot up." | No |
| X | ObjectDock | Brico.cmd | Added by the BOBANDY-A WORM! | No |
| ? | objtjprx | objtjprx.exe | ?? | No |
| ? | obsver | obsver.exe | Part of LingoWare translating software - what does it do and is it required? | No |
| N | OCAudioIni | OCAudioIni.exe | One-click Audio Converter - allows you to convert files of multiple audio formats right from Windows Explorer | No |
| N | ocraware | ocraware.exe | Optical Character Recognition software as part of OmniPage Limited Edition - supplied with some scanners. Scan directly into most word processor applications, such as Word, WordPerfect, etc. Available via Start -> Programs | No |
| U | Octoshape Streaming Services | OctoshapeClient.exe | Octoshape Live Streaming - "is a revolutionary technology that will reduce your bandwidth cost and improve the quality in sound and picture" | No |
| X | ocx32 | ocx32.exe | Added by the ASTEF or RESPAN WORMS! | No |
| X | OCXUPDT32 | ocxupdt32.exe | Added by the AGOBOT-IF WORM! | No |
| X | OD | SYSCNTR.EXE | HotVideo dialler | No |
| X | od-matrxx | od-matrxx.exe | Adult dialler - xx can be any number | No |
| X | od-stndxx | od-stndxx.exe | Adult dialler - xx can be any number | No |
| X | od-teenxx | od-teenxx.exe | Adult dialler - xx can be any number | No |
| U | ODBC BackUp | fdxxl.exe | G Data "PC Spion". PC monitoring and surveilling software, captures all users activity on the PC, see here. Disable/remove if you didn't install it yourself! | No |
| X | oddworldz.exe | oddworldz.exe | Added by the MULTIDR-EG TROJAN! | No |
| N | Odebit Multimedia V2 | Odebit.exe | Odébit Multimedia - free French multimedia player giving access to the best of television, videos, radio, games and chat | No |
| N | Odebit Multimedia V3 | Odebit.exe | Odébit Multimedia - free French multimedia player giving access to the best of television, videos, radio, games and chat | No |
| N | Odebit Multimedia V3 - Services | Odebit.exe | Odébit Multimedia - free French multimedia player giving access to the best of television, videos, radio, games and chat | No |
| N | Odometer | Odometer.EXE | Mouse odometer - tracks how far your pointer/arrow has traveled on the screen. Shortcut available | No |
| U | ODSPConfig | ODSPConfig.exe | DsktopSurveil surveillance software. Uninstall this software if you did not install it yourself | No |
| X | Oeloader | Oeloader.exe | Xupiter OrbitExplorer toolbar related. Drive-by foistware. Use Spybot S&D, Adware or similar to detect and remove and to prevent it re-installing in the future see here | No |
| X | OEM Tools 32 | tres32.exe | Added by the RBOT.QB WORM! | No |
| U | OEM02Mon.exe | OEM02Mon.exe | Creative Live! Cam Console Auto Launcher | No |
| ? | OEM07Mon.exe | OEM07Mon.exe | Related to Live Camera Console Auto Launcher by Creative Technology LTD. What does it do and is it required? | No |
| X | OEM32 Tools | sres32.exe | Added by a variant of the SPYBOT WORM! | No |
| N | OEMCLEANUP | oemreset.exe | Resets OEM installation settings at bootup. Not required unless you're new to PC's | No |
| U | OEMRESET | oemreset.exe | Resets OEM installation settings at bootup. Not required unless you're new to PC's | No |
| U | OEMRUNONCE | oemrun.exe | Windows Millennium file - used by setup when installing the OEM 'express' version of the operating system. Uncheck after setup has finished | No |
| U | oeplugin | bxOEPlugin.exe | noHTML for Outlook Express is an add-on that protects Outlook Express from email viruses and email scripts by converting incoming email messages from HTML format to simple text | No |
| ? | OEPowerPlugs | winoeinit.exe | ?? | No |
| U | oepsrv | oepsrv.exe | Outlook Express Protector is designed for controlling access to Outlook Express and its e-mail and address data bases | No |
| X | OESET | setup60.exe | Added by the WAREZDL.28672 TROJAN! | No |
| U | OESpamTest | OESpamTest.ExE | Kaspersky Anti-Spam | No |
| N | OEXCheck | EA2Check.exe | Express Assist from AJSystems.com. Utility for use with Outlook Express to backup, restore, synchronize amongst others | No |
| X | oe_drop_spam | oesrv.exe | Dropspam adware | No |
| Y | OE_OEM | TMAS_OEMon.exe | Related to Trend Micro PC-cillin - Internet Security 12 | No |
| X | Offer Companion | offers.exe | Adware | No |
| X | Offers | offers.exe | Adware | No |
| X | Offica Monitor Secura Systeme | winxp_sp3.exe | Added by a variant of the RBOT WORM! | No |
| X | Office | Office.exe | Added by the KRAIMER.12 TROJAN! | No |
| X | Office Desktops | imag.exe | Detected by Trend Micro as the SPYBOT.AQR WORM! See here | No |
| U | Office Mail | off_mail.exe | Office Mail from Burrotech Ltd - "complete email solution for small/medium businesses, homes, schools and colleges. It is a small email server which forms the perfect gateway between your internal and external email" | No |
| U | Office Mail Alerter | om_Alerter.exe | Office Mail Alerter - "alert Office Mail users when they receive new emails" via a System Tray icon | No |
| X | Office Monitor | adv32.exe | Added by the SDBOT-CWO WORM! | No |
| X | Office Monitor | alg32.exe | Added by the RBOT-GMM WORM! | No |
| X | Office Monitor | nvsvc86.exe | Detected by Trend Micro as the IRCBOT.BVO BACKDOOR! See here | No |
| X | Office Monitor Secure Systema | absecure32.exe | Added by the RBOT.FPW WORM! | No |
| X | Office Monitor Word Exel R | svch.exe | Added by the DWNLDR-GWW TROJAN! | No |
| X | Office Monitor Word Exel R | u.exe | Added by the SDBOT-DEE WORM! | No |
| X | Office Monitors | GoogleUpdater.exe | Added by the RBOT-GKZ WORM! Note - this is not the updater for the popular Google tools | No |
| X | Office Monitorse | [path to worm] | Added by the SDBOT-CZX WORM! | No |
| N | Office Startup | Osa.exe | Application which launches common MS Office components to help speed up the launch of Office programs. It's somewhat of a resource hog, and some users claim there's no difference with or without it but it usually isn't required. Note - if you make use of the Microsoft Office Shortcut Bar outside an office program this application will need to be enabled for it to show | No |
| X | Office Startup | Exploer.exe | Added by the GAOBOT.BV WORM! Note the different filename to the valid MS Office entries | No |
| N | Office Startup | Osa9.exe | Application which launches common MS Office components to help speed up the launch of Office programs. It's somewhat of a resource hog, and some users claim there's no difference with or without it but it usually isn't required. Note - if you make use of the Microsoft Office Shortcut Bar outside an office program this application will need to be enabled for it to show | No |
| X | Office SturtUp | osa9.exe | Added by the CLICKER-EC TROJAN! Note - this trojan is located in %Windir% and should not be confused with the Microsoft office program, located in %Program Files%\Microsoft Office\Office | No |
| X | OfficeAgent | expIorer.exe | Added by the TACTSLAY.A TROJAN! | No |
| X | OfficeAgent | outIook.exe | Added by the TACTSLAY.A TROJAN! | No |
| X | OfficeAgent | svcrhost.exe | Added by the TACTSLAY.A TROJAN! | No |
| X | OfficeAgent | svcshost.exe | Added by the TACTSLAY.A TROJAN! | No |
| X | OfficeDeamon | msorunner.exe | Added by a variant of the TACTSLAY TROJAN! | No |
| Y | OfficeGuard RegChecker | ogrc.exe | Kaspersky Labs anti-virus | No |
| X | OfficeGuardUI | svcss.exe | Added by the DEDLER-C TROJAN! | No |
| ? | officejet 6100 | hposol08.exe | Associated with a HP PSC2110 (and maybe others) all-in-one machine | No |
| U | OFFICEKB | kbdap32a.EXE | Keyboard utility for a Micro Innovations brand keyboard. If you disable this entry you will not be able to use any of the keyboard hotkeys or other non-standard functions on the keyboard | No |
| X | OfficeQuickAccess | OfficeHost.vbs | Added by the PEXMOR WORM! | No |
| X | Offices | msnmgd32.exe | Added by the FORBOT-DV WORM! | No |
| X | Offices Monitors | [path to worm] | Added by the RBOT-GKO WORM! | No |
| X | Offices Monitorse | [path to worm] | Added by the RBOT-GKO WORM! | No |
| X | Offices Monitorse | algose32.exe | Added by the RBOT-GDD WORM! | No |
| Y | OfficeScan95 | pccwin97.exe | Trend Micro antivirus OfficeScan | No |
| Y | OfficeScanNT Monitor | pccntmon.exe | Trend Micro OfficeScan Antivirus real-time scan monitor | No |
| X | OfficeWord Monitor | msn32.exe | Added by the RBOT-GUE WORM! | No |
| X | OfficeWord Monitors | Offlce.exe | Added by the IRCBOT.JZ TROJAN! | No |
| X | OFFICEXP | OFFICEXP.exe | Added by the WOOTBOT.HE WORM! | No |
| X | Office_app | msnmrgs.exe | Added by a variant of the VBBANC-A TROJAN! | No |
| X | office_update | [path to trojan] | Added by the DLOADER-ZB TROJAN! | No |
| N | OfotoNow USB Detection | Rundll32.exe OFUSBS.DLL, WatchForConnection OfotoNow | Autodetects when a digital camera is attached to a USB port and launches OfotoNow image software. Available via Start -> Programs | No |
| Y | ogrc | ogrc.exe | Kaspersky Labs anti-virus | No |
| N | Oil Change | OCTray32.exe | From CyberMedia/Network Associates. Checks for updates to software installed on your PC. Available via Start -> Programs | No |
| ? | OIM | oim.exe | Related to the O2 (was "genie") mobile phone service. What does it do and is it required? | No |
| X | OKGO | winutade.exe | Added by the BANKER-EHZ TROJAN! | No |
| U | OKI LPR Utility | okilpr.exe | OKI printer utility | No |
| X | OKMaster | OKMaster.exe | OKToolbar adware | No |
| X | OLE | [filename] | Added by the STAWIN or TARNO.D TROJANS! | No |
| X | OLE Automation Server | ole32aut.vbe | CoolWebSearch parasite variant | No |
| X | oleaccrc | oleaccrc.exe | Adware - detected by Kaspersky as the AGENT.AM TROJAN! | No |
| X | OLEDb Service | runoledb32.exe | Added by a variant of the SPYRE.B TROJAN! | No |
| X | olehelp | olehelp.exe | Added by the BOOKMARKER.D or BOOKMARKER.G TROJANS! | No |
| X | OleLoader | ole32.exe | Added by the DELF.BR TROJAN! | No |
| U | olesvr | olesvr.exe | Salfeld Child Control - parental control software | No |
| X | Olive System | Szchost.exe | Added by the MERCURYCAS.A TROJAN! | No |
| X | olpr | olpr.exe | Added by the DWNLDR-GWQ TROJAN! | No |
| N | OLPSYNCH | OlpSynch.exe | Related to Offline Course Player from Element K Corp. Provider of the Technology, Compliance, Management and Business training content for effective programs | No |
| X | Olympic | IE4321.exe | Adult content premium rate dialer - also detected as SMALL.CZ | No |
| N | OM2_Monitor | FirstStart.exe | Olympus Master 2 - digital camera management tools | No |
| N | OM2_Monitor | MMonitor.exe | Olympus Master 2 - digital camera management tools | No |
| X | Omf4 | OMF4.EXE | Added by the FREEMEGA TROJAN! | No |
| N | OmgStartup | omgstartup.exe | Sony program called OpenMG Jukebox - player and music organizer | No |
| U | OmniHTTPd | ohttpd.exe | OmniHTTPd web server from Omnicron | No |
| N | OmniPage | Opware32.exe | Part of OmniPage from Nuance (was Scansoft) - "the fastest, easiest way to turn paper documents into digital files you can edit". Links Word, via OLE, with OmniPage. If running, a user can call up OmniPage from inside of Word and ask it to scan something, via "File, Acquire Page". Also some of OmniPage's Options dialog boxes are accessible from within Word. Only required by novices and is Available via Start -> Programs | No |
| U | OmniPass | scureapp.exe | OmniPass from Softex Inc. - secure password management software | No |
| N | OM_Monitor | FirstStart.exe | Olympus Master 1 - digital camera management tools | No |
| N | OM_Monitor | Monitor.exe | Olympus Master 1 - digital camera management tools | No |
| U | On Screen Display | OSD.EXE | By Netropa for HP and other brands. Same group as KBD MediaCenter & Touch Manager. Pressing a "hot key" on such a keyboard brings a corresponding panel on the screen for volume, etc. Nice but not required if you don't adjust things regularly - can also freeze | No |
| X | once | help.exe | Identified as the DELF.LF by Ewido Security Suite | No |
| N | One Touch Monitor | OneTouchMonitor.exe | For Visioneer OneTouch scanners. System tray access to the control panel for the scanner | No |
| N | One Touch Monitor | 1tou~2.exe | For Visioneer OneTouch scanners. System tray access to the control panel for the scanner | No |
| N | One Touch Monitor | ONETOU~2.EXE | For Visioneer OneTouch scanners. System tray access to the control panel for the scanner | No |
| Y | OneCareUI | winssnotify.exe | Related to Windows OneCare Live from Microsoft | No |
| X | OneMoreKey | xpa.exe | XP Antivirus rogue security software - not recommended | No |
| U | OneNote 2007 Screen Clipper and Launcher | ONENOTEM.EXE | ONENOTEM.EXE is a part of the note taking program that ships with Microsoft Office 2007. It's required for the side note windows to work | No |
| N | OneTouch Monitor | OneTouchMon.exe | For Visioneer OneTouch scanners. System tray access to the control panel for the scanner | No |
| N | OneTouchMonitor | OneTouchMonitor.exe | For Visioneer OneTouch scanners. System tray access to the control panel for the scanner | No |
| N | OneTouchMonitor | 1tou~2.exe | For Visioneer OneTouch scanners. System tray access to the control panel for the scanner | No |
| N | OneTouchMonitor | ONETOU~2.EXE | For Visioneer OneTouch scanners. System tray access to the control panel for the scanner | No |
| N | ONETOU~2 | OneTouchMonitor.exe | For Visioneer OneTouch scanners. System tray access to the control panel for the scanner | No |
| N | ONETOU~2 | 1tou~2.exe | For Visioneer OneTouch scanners. System tray access to the control panel for the scanner | No |
| N | ONETOU~2 | ONETOU~2.EXE | For Visioneer OneTouch scanners. System tray access to the control panel for the scanner | No |
| X | Onflow | onflow.exe | Onflow is a internet company that offers an online advertising program. Not required - uninstall | No |
| U | OnfolioStorage | onfserv.exe | "Onfolio is the complete solution for collecting, organizing and sharing online content" | No |
| ? | online cdrom | Active acid.exe | ?? | No |
| X | Online Service | svchost.exe | Added by the HOSTIDEL.B or HOSTIDEL.C or TARNO.B TROJANS! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup! | No |
| Y | OnlineArmor GUI | oaui.exe | Online_Armor personal firewall | No |
| X | OnlineGuard | OnlineGuard.exe | OnlineGuard misleading security software - not recommended, see here | No |
| X | OnlineHelpmate | GDC.exe | OnlineHelpmate misleading security software - not recommended | No |
| U | OnlinePCfix SmoothSurfer | SS.exe | Smooth-Surfer - blocks banners, ads, popups, and cleans MRU and Recent file lists | No |
| N | OnlineTime | onlinetime.exe | OnlineTimer - monitors your Windows dial-up network and logs the time you spend online as well as the resulting costs | No |
| X | online_party | online_party.exe | Adult content dialler | No |
| X | Onluna Sarvice | sachost.exe | Added by the TOFGER-AA TROJAN! | No |
| X | Onlune Sarvice | sachost.exe | Added by the DAEMONI-J TROJAN! | No |
| X | only23 | SCVHOST.exe | Added by the BCKDR-PUQ BACKDOOR! | No |
| X | OnSrvr | OnSrvr.exe | OnWebMedia adware | No |
| X | oo4 | RunDLL32.EXE oo4.dll, DllRun | BookedSpace parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "oo4.dll" file is located in the Winnt or Windows folder | No |
| U | OODefragTray | oodtray.exe | System Tray access to O&O Defrag disk defragmentation software | No |
| ? | OOLHELPT | OOLHELPT.exe | ?? | No |
| N | OP12 Reminder | Ereg.exe | Registration reminder for OmniPage from Nuance (was Scansoft) | No |
| U | OpAgent | OpAgent.exe | Part of Nuance (was Scansoft) OmniPage Pro document conversion software | No |
| X | Open Service Drivers | opiater.exe | Added by a variant of the RBOT WORM! | No |
| X | Open Site | opnste.exe | OpenSite adware | No |
| X | Open Site | opensite.exe | OpenSite adware | No |
| X | Open2Enter | runme.exe | Adult content dialler | No |
| X | Open2Enter | runme2.exe | Adult content dialler | No |
| X | OpenApizs | zrscbm.exe | Added by the AGENT.RLH TROJAN! | No |
| X | OpenGL Drivers | 0penGLD.exe | Added by the YIMP-A WORM! | No |
| X | OpenMstart | [path to dialler] | "Switch-E" premium rate adult content dialer | No |
| N | OpenOffice.org *.*.* | quickstart.exe | OpenOffice.org office suite quick start (where "*.*.*" is the version number) | No |
| N | OpenOffice.org x | QUICKS~1.EXE | Displays OpenOffice quick start applet in System tray. Right clicking on the icon allows rapid starting up of components of the OpenOffice suite. Available via Start -> Programs. Will automatically be started when any OpenOffice component is started from Start -> Programs. A resource hog (takes > 16 MB of memory). "x" represents the version number | No |
| U | openvpn-gui | openvpn-gui.exe | "OpenVPN is a full-featured SSL VPN solution which can accomodate a wide range of configurations, including remote access, site-to-site VPNs, WiFi security, and enterprise-scale remote access solutions with load balancing, failover, and fine-grained access-controls" | No |
| U | Openwares LiveUpdate | LiveUpdate.exe | Web-update utility as used by various types of software - see here | No |
| N | Operations Typhoon Rising Registration | NOVG.EXE | Joint Operations registration reminder | No |
| N | Operator | ?? | Media Pilot operator, in Win.ini. Locks port open | No |
| U | Operator | xtmop.exe | Fax/Phone answering facility for Extreem Machine - as supplied with the old Diamond SupraExpress modems. No longer supported | No |
| X | OpiStat | OpiStat.exe | NetRatings Premeter spyware | No |
| X | OPQFile | regedit.exe /s ...rad03FA6.tmp | Unsavoury program that resets your homepage every time you restart - uncheck in MSCONFIG and delete it via a registry edit | No |
| X | opr | opr.exe | MediaMotor adware | No |
| U | OpScheduler | OpScheduler.exe | Part of Nuance (was Scansoft) OmniPage Pro document conversion software | No |
| N | OPSE reminder | Ereg.exe | Registration reminder for OmniPage from Nuance (was Scansoft) | No |
| X | opsql update check | opsql.exe | Added by the RBOT-ACJ WORM! | No |
| X | OPTIMIZER | iexplore.exe | Added by the EVEVINC TROJAN! Note - this is not the legitimate Internet Explorer iexplore.exe process which is always located in the Program FilesInternet Explorer folder and should not normally figure in Msconfig/Startup! This file is located in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| X | OPTIMIZER | iexplore.exe | Added by the EVIVINC BACKDOOR! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System% | No |
| X | Optimum Online | Netsurf.exe | OptimumOnline ISP software related spyware - displays advertising popups and collects information about user activity | No |
| X | Optional Web Drivers For WIN32 | phqghume.exe | Added by a variant of the RBOT WORM! | No |
| U | OPTMOUSEMOUSE | optmouse.exe | Related to a Samsung optical mouse | No |
| U | Optus Cable Data Monitor | datamonitor.exe | Allows Optus customers to monitor their actual data usage against Optus' "data allowance limits" | No |
| N | OptusNet Desktop Service Centre | DSC.exe | OptusNet DSL or Dial-Up connection software | No |
| U | OptusNetUsage | OptusNet Usage Meter.exe | Designed specifically for OptusNet users who wish to have their connection monitored on a frequent basis. It can also estimate when you are going to hit your usage limit, and how far over your suggested limit you should be | No |
| N | Opware12 | Opware12.exe | OmniPage from Nuance (was Scansoft) - version 12. If running, a user can call up OmniPage from inside of Word and ask it to scan something, via "File, Acquire Page." Also some of OmniPage's Options dialog boxes are accessible from within Word. Only required by novices and is available via Start -> Programs | No |
| N | Opware14 | Opware14.exe | OmniPage from Nuance (was Scansoft) - version 14. If running, a user can call up OmniPage from inside of Word and ask it to scan something, via "File, Acquire Page." Also some of OmniPage's Options dialog boxes are accessible from within Word. Only required by novices and is available via Start -> Programs | No |
| N | Opware15 | Opware15.exe | OmniPage from Nuance (was Scansoft) - version 15. If running, a user can call up OmniPage from inside of Word and ask it to scan something, via "File, Acquire Page." Also some of OmniPage's Options dialog boxes are accessible from within Word. Only required by novices and is available via Start -> Programs | No |
| N | OpwareSE2 | OpwareSE2.exe | Hardware bundled version of OmniPage from Nuance (was Scansoft). If running, a user can call up OmniPage from inside of Word and ask it to scan something, via "File, Acquire Page." Also some of OmniPage's Options dialog boxes are accessible from within Word. Only required by novices and is available via Start -> Programs | No |
| N | OpwareSE4 | OpwareSE4.exe | Hardware bundled version of OmniPage from Nuance (was Scansoft). If running, a user can call up OmniPage from inside of Word and ask it to scan something, via "File, Acquire Page." Also some of OmniPage's Options dialog boxes are accessible from within Word. Only required by novices and is available via Start -> Programs | No |
| U | Oracle Web-to-Go | webtogo.exe | "Oracle Web-to-go, a component of Oracle9i Lite, consists of a collection of modules and services that facilitate development, deployment, and management of mobile Web applications" | No |
| N | OrangeShark | OSharkUpdater.exe | Orange Shark updater - online games for all ages | No |
| U | Orb | OrbTray.exe | Related to Orb Tray from InstallShield Software Corporation now owned by Macrovision | No |
| X | OrbitUpdate | update.exe | Xupiter OrbitExplorer toolbar related. Drive-by foistware. Use Spybot S&D, Adware or similar to detect and remove and to prevent it re-installing in the future see here | No |
| X | OrbitView | view.exe | Xupiter OrbitExplorer toolbar related. Drive-by foistware. Use Spybot S&D, Adware or similar to detect and remove and to prevent it re-installing in the future see here | No |
| N | OrderReminder | OrderReminder.exe | The HP Order Reminder utility is installed with the HP LaserJet printer software and allows you to set specific times for reminders to check the current level of toner in the print cartridge - it also contains an Order Now link to a Web page that helps you order supplies online from a reseller of your choice | No |
| X | orderShell | order****.exe [* = random char] | Added by the DLOADR-UN TROJAN! | No |
| X | order_Shell | order_smey.exe | Added by the BANKSNIF-H TROJAN! | No |
| ? | org5.exe | org5.exe | Lotus Organizer 5 application file, Lotus Organizer software. What does it do and is it required? | No |
| X | OrgyCam | OrgyCam.exe | Adult content dialler | No |
| U | OrigRage128Tweaker | RAGE128TWEAK.EXE | Third party tweaker for ATI Rage 128 Video cards from http://www.rageunderground.com | No |
| U | ORiNOCO | Cmluc.exe | Client Manager software for a Proxim ORiNOCO 11a/b/g wireless LAN PCI card | No |
| X | OS Boot Configuration | bootconfig.exe | Added by the IRCBOT.HJ WORM! | No |
| X | OS Boot Configuration! | bootconf.exe | CoolWebSearch BootConf adware | No |
| X | OS Boot Load | bootload.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | OS Security | mswind32.pif | Added by the RBOT-ASU WORM! | No |
| X | OSA | winword.exe | Added by the KANGAROO-A TROJAN! | No |
| X | Osa32 | NTOSA32.exe | Added by the ANIG WORM! | No |
| U | osCheck | osCheck.exe | Part of Norton Antivirus. Initiates a quick scan (at startup) of the portions of the OS Symantec currently (as defined by the most recent updates downloaded onto the host computer) thinks are most susceptible to infection. This scan is not necessary for proper operation of Norton Antivirus | No |
| U | OSD | OSD.exe | By Netropa for HP and other brands. Same group as KBD MediaCenter & Touch Manager. Pressing a "hot key" on such a keyboard brings a corresponding panel on the screen for volume, etc. Nice but not required if you don't adjust things regularly - can also freeze | No |
| X | OSD | ALG.exe | Added by the STARTPAGE-ID TROJAN! | No |
| U | OsdMaestro | OSD.exe | By Netropa for HP and other brands. Same group as KBD MediaCenter & Touch Manager. Pressing a "hot key" on such a keyboard brings a corresponding panel on the screen for volume, etc. Nice but not required if you don't adjust things regularly - can also freeze | No |
| U | OsdMaestroOSD.exe | OSD.EXE | By Netropa for HP and other brands. Same group as KBD MediaCenter & Touch Manager. Pressing a "hot key" on such a keyboard brings a corresponding panel on the screen for volume, etc. Nice but not required if you don't adjust things regularly - can also freeze | No |
| X | OSS | ossproxy.exe | MarketScore parasite - ActiveX control used to download premium-rate dialers | No |
| X | OSS | rk.exe | MarketScore parasite - ActiveX control used to download premium-rate dialers | No |
| X | OSS | rlvknlg.exe | MarketScore parasite - ActiveX control used to download premium-rate dialers | No |
| U | OSSelectorReinstall | oss_reinstall.exe | Related to Acronis Disk Director Suite | No |
| X | OSSProxy | OSSPROXY.EXE | MarketScore parasite - ActiveX control used to download premium-rate dialers | No |
| U | OStivityInvAgt | ostivity.exe | OStivity - "a desktop and server hardware and software asset/inventory solution for small to enterprise sized organizations that need to quickly gain knowledge of 'what's installed' without having to manually touch every computer in the company. The next time the computer logs into the network, a complete inventory (software and hardware) is taken of the system" | No |
| X | Osus | acao.exe | PurityScan/Clickspring adware | No |
| X | Osus | rrup.exe | PurityScan/Clickspring adware. The executable is located in the user's "Application Data" folder or the Program Fileshtwu folder | No |
| X | otcx | otcxxh.exe | Added by the CAROOL TROJAN! | No |
| N | OurPictures | OurPictures.exe | Related to RitzPix Online Photo Print services | No |
| X | Outerinfo | Outerinfo.exe | PurityScan/Clickspring adware | No |
| X | OuterinfoUpdate | OuterinfoUpdate.exe | PurityScan/Clickspring adware | No |
| X | outlook | outlook.exe | Added by the SDBOT-RU WORM! | No |
| X | outlook | outlook.exe | Added by the ALCRA.F WORM! Note - this is not the valid MS Office program which is found in Program FilesMicrosoft OfficeOffice. This file is found in Program FilesOutlook | No |
| X | Outlook Express | msinm.exe | Added by a variant of the RBOT WORM! | No |
| X | Outlook Express Config | *****.exe [* = random char] | Added by a variant of the RBOT WORM! | No |
| X | Outlook Express Protocol | look.exe | Added by the RBOT-ACS WORM! | No |
| X | Outlook Mail Services | express.exe | Added by the RBOT.CJN WORM! | No |
| X | Outlook Mail Services | outlook.exe | Added by the RBOT-BKA TROJAN! Note that the valid MS Outlook executeable is located in %ProgramFiles%\Microsoft Office\Office directory whereas this one is located in %System% | No |
| U | OutlookOnDesktop | OutlookDesktop.exe | "Outlook On the Desktop is a program that displays Outlook as a transparent, interactive object embedded in your desktop" | No |
| X | OutLooks | InSane.exe | Added by the SWOOP TROJAN! | No |
| Y | Outpost Firewall | outpost.exe | Outpost personal firewall | No |
| Y | OutpostFeedBack | feedback.exe | Part of Outpost firewall by Agnitum. The feedback service is for reporting issues directly to Agnitum from within OP | No |
| Y | OutpostMonitor | op_mon.exe | Monitor for Outpost Firewall PRO (and Free) from Agnitum | No |
| X | outpostupdate | outpostupdate.exe | Added by the COSIAM-C TROJAN! | No |
| X | Outwar | syslaunch.exe | Outwar adware downloader | No |
| ? | OVCJ | ovcj.exe | ?? | No |
| X | overinstall | pgs.exe | WinSecureAv spyware remover - not recommended, see here | No |
| N | Overnet | Overnet.exe | Overnet peer-to-peer (P2P) file sharing program | No |
| X | ovyriwi | telace.exe | Added by the SDBOT.BVS WORM! | No |
| U | OWCCardbusTray | ocbtray.exe | Icon in the system tray for safely removing PCMCIA cards. Only required if you have a laptop or desktop which includes a PCMCIA card interface | No |
| U | OWCWebCamDV | wcdvtray.exe | WebCamDV from Orange Micro, Inc - enables the user to use a DV camera connected via Firewire as a Webcam | No |
| X | OWMngr | OWMngr.exe | OnWebMedia/SearchSeekFind advertising foistware | No |
| X | oxbvpen | gwthtis.exe | Added by the SILLYFDC-AH WORM! | No |
| U | OxigenClientAdmin | Oxigen.exe | Open University Oxigen screensaver admin client. Downloads the latest information from the net to display in the screen saver | No |
| X | oz2 | oz2.exe | Added by the MYDOOM.W WORM! | No |
| X | P0w3rF1Y | svchost.exe | Added by the BDOOR-MM BACKDOOR! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| U | P17Helper | Rundll32 P17.dll, P17Helper | ASIO (Audio Stream In/Out) drivers for the SoundBlaster Audigy 2 series soundcards - for recording and home project studios. Required if you use this functionality | No |
| ? | P17Helper | Rundll32 SPIRun.dll, RunDLLEntry | Related to Creative audio products. What does it do and is it required? | No |
| U | P2kAutostart | P2kAutostart.exe | P2kCommander a filemanager application for Motorola p2k mobile phones | No |
| N | P2P NETWORKING | P2P Networking.exe | Peer to Peer (P2P) sharing of files on the internet | No |
| N | P2P Networking | P2P | Peer to Peer (P2P) sharing of files on the internet | No |
| X | p2p networking | p2pnetworking.exe | Added by the RBOT-ECP WORM! | No |
| X | P2P Networking2 | P2P Networking2.exe | P2P Networking2.exe is an advertising program by Joltid. This process monitors your browsing habits and distributes the data back to the author's servers for analysis. This also prompts advertising popups. This program is a registered security risk and should be removed immediately | No |
| N | P2P Networking3 | P2P Networking3.exe | P2P Networking, a component bundled with Kazaa that enables other applications to use Peer-to-Peer functionality. Not required - see here | No |
| X | p2pnetwork | p2pnetwork.exe | Added by the ALCAN.A WORM! | No |
| X | p2pnetworking | p2pnetworking.exe | Added by the RBOT-AFL WORM! | No |
| X | p2snetis | comippwa.exe | Added by the SPAMTOO-AL TROJAN! | No |
| U | P3000x_S2P | ScanToPc.exe | Dell Laser MFP 1600N network application for scanning files to the PC | No |
| X | P3p4chk | P3p4chk.exe | Added by the GEMA TROJAN! | No |
| X | p4mx4 | p4mx4.exe | Added by the CRYPTER.A TROJAN! | No |
| U | PAC7302_Monitor | Monitor.exe | Related to PixArt CMOS image sensors from PixArt Imaging Inc | No |
| X | PaciSoft | pacis.exe | PacerD Media/Pacimedia.com adware installer | No |
| ? | Packard Bell EverSafe Tray Control | TrayControl.exe | Packard Bell EverSafe software. What does it do, and is it required? | No |
| N | PadTouch | PadExe.exe | Toshiba Touch and Launch - offers easy movement and freedom of programs navigation with TouchPad | No |
| X | Pag Windows Monitor | pag.exe | Added by the AGENT-EOT TROJAN! | No |
| U | Pagekeeper Jobs | pkjobs.exe | PageKeeper Jobs is a separate PageKeeper program that handles the analysis of new documents and keeps track of the location and content of current documents in PageKeeper. Pagekeeper comes bundled with scanners such has HP, Microtek, etc | No |
| U | Pagekeeper Lite | pkjobs.exe | PageKeeper Jobs is a separate PageKeeper program that handles the analysis of new documents and keeps track of the location and content of current documents in PageKeeper. Pagekeeper comes bundled with scanners such has HP, Microtek, etc | No |
| X | PAgent | PAgent.exe | Scans your hard drive for the popular P2P file-sharing applications BearShare, Grokster, Kazaa, Limewire and Morpheus. After searching the entire local filesystem for any files with those names it connects to the DownloadWare servers and tells it what, if anything, is found | No |
| U | Pagis Schedule Monitor | Monitor.exe | Scheduler for the Pagis scanning suite from Scansoft (now Nuance) | No |
| N | Pagis Scheduler | Monitor.exe | Scheduler for the Pagis scanning suite from Scansoft (now Nuance) | No |
| ? | pagmstart | client.exe | ?? | No |
| N | Pagoo | PAGOO.EXE | Pagoo - internet call waiting. Intercepts telephone calls like an answering machine and plays the voice message on your PC. Only required when you're on-line and via dial-up modem | No |
| X | paint.exe | shnlog.exe | Added by the PUPER-A TROJAN! | No |
| X | PaintingRoom evidence monitor | paintingroom.exe | Paintingroom.com smiley software - not recommended as the site tries to drop a trojan on you... | No |
| X | PaintingRoom smile monitor | paintingroom.exe | Paintingroom.com smiley software - not recommended as the site tries to drop a trojan on you... | No |
| N | PAL Evidence Eliminator | Cleaner.exe | PAL Evidence Eliminator - cover the tracks of your browsing habits and E-mails if you think you need to. Run manually on a regular basis | No |
| N | Palm Desktop | Palm.exe | Palm Desktop Software for use with Palm handheld devices. Available via Start -> Programs | No |
| ? | Palm MultiUser Config | Configtool.exe | MultiUser configuration for a Palm PDA device?. Is it required? | No |
| N | palmOne Registration | register.exe | Registration reminder for Palm products | No |
| X | PalNetaware | pnetaware.exe | PalTalk adware - as included in Morpheus | No |
| N | Palo Alto Software Update Manager 8.0 | PAS8_UD.exe | Update manager for small business planning software from Palo Alto Software - such as Business Plan Pro, Marketing Plan Pro and Email Center Pro | No |
| N | PaltalkNetaware.exe | PALNETAW~1.EXE | Voice chat program. This program stores all buddy list info apparently on the server itself so you never lose your buddy list should you need to reinstall the program due for whatever reason or even reformat. Available via Start → Programs. Delete the shortcut in Start → Programs → StartUp as well otherwise it will be reinstated | No |
| U | pamela.exe | pamela.exe | Pamela is a plug-in or add-on that adds features to Skype peer to peer voice service | No |
| U | Panasonic Communications Utility | Mfpscdl.exe | Port manager for Panasonic Panafax fax_machines | No |
| U | Panasonic HotKey Manager | HKEYAPP.EXE | HotKey management for Panasonic rugged mobile PCs | No |
| U | Panda Antispam Server Service | PasSrv.exe | AntiSpam part of an older version of Panda Internet Security | No |
| Y | Panda Cleaner | pavdr.exe | Panda internet security software related. Possibly the ActiveScan on-line scanner? | No |
| Y | Panda Preventium+ Service | PREVSRV.EXE | Part of the 2004 & 2005 versions of Panda Antivirus and Internet Security | No |
| U | Panda Scheduler | pavsched.exe | Scheduler for older versions of Panda Antivirus. Required if you have scans scheduled on a regular basis | No |
| X | Panda Software Intrenet | panda.pif | Added by the RBOT-ATZ WORM! | No |
| X | PandaAVEngine | PandaAVEngine.exe | Added by the NETSKY.R WORM! | No |
| U | PandaScheduler | pavsched.exe | Scheduler for older versions of Panda Antivirus. Required if you have scans scheduled on a regular basis | No |
| U | Pando | Pando.exe | "Pando is free software that lets you send and receive files and folders of any size* with your existing email address" | No |
| X | Pantera | pantera.exe | Added by the SDBOT.AYN WORM! | No |
| N | Paperport | runppdrv.exe | Loads the drivers associated with monitoring scanner status associated with PaperPort software. Can be a resource hog - see here | No |
| N | PaperPort PTD | pptd40nt.exe | "PaperPort" software associated with scanners | No |
| N | PaperQuote System Tray Icon | PQTRAY.EXE | PaperQuote is a "wallpaper" changer with daily quotes that are either for inspiration or motivation | No |
| X | Parallel Tasking | ptask.exe | Added by the SMALL-CJ TROJAN! | No |
| X | PaRaY_VM | winlogon.exe | Added by the AUTORUN-DV WORM! Note - this is not the legitimate winlogon.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ~A~m~B~u~R~a~D~u~L~ subfolder | No |
| U | ParentalControl | ParentalControl.Exe | Crawler Parental Control - "Get perfect control of websites your children browse, software they use, and folders they access. Regulate the time when they can use your computer and connect to the Internet. Hide content on your computer that you don't want them to see" | No |
| Y | ParetoLogic Anti-Spyware | Pareto_AS.exe | "ParetoLogic Anti-Spyware delivers Active Protection in the form of real-time blocking" | No |
| U | PartSeal | PartSeal.exe | System backup for Sony Vaio PCs. Adds a recovery mechanism for users over and above any System Restore features - allowing users to revert a drive back to the state it was when bought form the factory by hitting F10. The user obviously loses any data stored if not backed-up elsewhere | No |
| X | PASMonitor | pbm.exe | PersonalAntiSpy rogue spyware remover - not recommended, removal instructions here | No |
| X | passcxd | [random filename] | Added by a variant of the SLAPER TROJAN! | No |
| Y | PassLocker | PassLocker.exe | "PassLocker is a complete password manager helping you to manage and safely store your passwords" | No |
| U | Password Door Loader | PDMonitor.exe | Password Door - password protection software | No |
| U | Password Tracker Deluxe | PwTrkr.exe | "Password Tracker Deluxe stores passwords and usernames neatly and securely (encrypted) on your computer" | No |
| N | PasteLister | plister.exe | PasteLister - clipboard extender. Start manually when required | No |
| X | PaSystem | pasystem.exe | Targetsaver adware variant | No |
| Y | PASystemTray | PASystemTray.exe | Related to Panda Security Software - part of Panda Administrator 3 | No |
| X | PAS_Check | udcpas.exe | DriveCleaner rogue security software - not recommended, see here | No |
| X | pas_check | pasmon.exe | SystemDoctor misleading security software - not recommended, see here | No |
| X | Patah Hati | [path to worm] | Added by the PAHATIA-A WORM! | No |
| X | Patah Hati | ISASS.exe | Added by the PAHATIA.A WORM! | No |
| X | Patch | patch.exe | Added by the NETBUS WORM! | No |
| X | Patches Value | WinGamed.exe | Added by the SDBOT.BR WORM! | No |
| ? | Path | lide.exe | ?? | No |
| X | pathname | pathname.exe | Added by the IRCCONTACT TROJAN! | No |
| ? | PathNvidiaTV | patchnvidiaTVout.exe | Appears to be related to Nvidia Gigabyte Video card. Typical file location is the Program FilesGigabyteNvidia folder | No |
| X | PAV.EXE | %Number% | Added by the KITRO.D (or ARGEN.A) WORM! %Number% can be any number | No |
| Y | PAV.EXE | PAV.EXE | PER Antivirus | No |
| Y | PAVFIRES | PavFires.exe | Firewall included with older versions of Panda Antivirus and Internet Security | No |
| Y | PAVFNSVR | PavFnSvr.exe | Part of Panda Antivirus and Internet Security | No |
| Y | Pavkre9x | pavkre9x.exe | Part of the 2005 & 2006 versions of Panda Antivirus and Internet Security | No |
| Y | PavProc | PavPrS9x.exe | Part of Panda Antivirus and Internet Security | No |
| Y | PavProt | PavProt.exe | Part of the 2004 & 2005 versions of Panda Antivirus and Internet Security | No |
| Y | Pavprot9 | Pavprot9.exe | Part of the 2005 versions of Panda Antivirus and Internet Security | No |
| X | PayTime | paytime.exe | Added by the STARTPA-YR TROJAN! | No |
| U | PbAdminACAD | PbMngr5.exe | Bluebeam PDF software printer support. Prints AutoCAD ".dwg" to PDF | No |
| U | pbagent | pbagent.exe | Probot keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| U | PBKScheduler | PBKScheduler.exe | Scheduler for CyberLink PowerBackup - archiving/backup utility | No |
| U | PC Alert III | alert.exe | MSI PC Alert III - allows you to view your system and cpu temperature, fan rpm and more. Only required if you overclock | No |
| U | PC Booster | pcbooster.exe | PC Booster from inKline Global - "easy-to-use computer system optimizer that gives your system the extra speed and stability you want while ensuring that your computer is kept clean and in tip-top condition" | No |
| U | PC Doc Pro - 3.1 | pcdocpro.exe | PC Doc Pro (now Win Doc Pro) - system health check and fix utility | No |
| U | PC Dynamics SdwMon32 | sdwmon32.exe | SafeHouse "Personal Privacy" protects and hides your private and personal photos, videos, files and folders by making them "invisible" and encrypted | No |
| N | PC Pitstop Optimize Reminder | Reminder.exe | Registration reminder for the PC Pitstop Optimize 2.0 system optimizatoon utility by CA. Located in %ProgramFiles%\PCPitstop\Optimize2 | No |
| U | PC Pitstop Optimize Scheduler | PCPOptimize.exe | PC Pitstop Optimize - "an application that will make your PC run faster, make it more stable, and clean up hard drive space" | No |
| U | PC Pitstop Optimize Scheduler | PCPOptimize.exe | Scheduler for the Optimize system optimization utility from PC Pitstop | No |
| N | PC SpeedScan Pro | PCSpeedScan.exe | Ascentive PC SpeedScan Pro registry optimizer - not recommended, see here and here | No |
| U | PC Spy Keylogger | ToolKeylogger.exe | PCSpyKeyLogger keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| N | PC Suite for Smartphones | Application Launcher.exe | System Tray accesss to Sony Ericsson PC Suite which "connects your phone to your computer and expands the capabilities of your phone". Start manually via the Start Menu (or optional desktop shortcut) before connecting the phone | No |
| N | PC Suite Tray | PCSuite.exe | System Tray access to Nokia PC Suite. PC Suite lets you synchronize, edit, and back up many of your phone's files on a compatible PC through a wireless or cable connection. PC Suite can also be launched through Start Menu | No |
| Y | PC Tools AntiVirus Client | PCTAV.exe | System Tray access to PC Tools AntiVirus from PC Tools - which "provides world-leading protection against viruses, worms and Trojans with rapid updates and IntelliGuard™ technology" | Yes |
| U | PC Tools Disk Suite | aDSProcMngr.exe | Part of PC Tools Disk Suite from PC Tools - which "is an all-in-one hard-disk management utility that integrates disk optimization, defragmentation and backup tools in one easy to use package". Proxy (or agent) for the Disk Suite Service. Based upon my experience, if this is disabled it does not appear to adversely affect on-demand or scheduled tasks but has a "U" recommendation as it's function isn't fully known | Yes |
| Y | PC Tools Firewall Plus | FirewallGUI.exe | System Tray access to PC Tools Firewall Plus from PC Tools - which "is a powerful personal firewall for Windows that protects your computer from intruders and controls the network traffic in and out of your PC" | Yes |
| U | PC Tools Privacy Guardian | pg.exe | Part of Privacy Guardian from PC Tools - which "is a safe and easy-to-use privacy protection tool that securely deletes online Internet tracks and program activity records that are stored in your browser and other hidden files on your computer". This startup entry runs only on the next reboot if the "Cache, History and Address Bar" option is selected under "Browsers" when the users selects "Clean Your Computer". This startup entry is only created when Privacy Guardian is installed on XP. Also included in PC Tools Desktop Maestro (which incorporates Privacy Guardian) | Yes |
| X | PC-Checkup | PCCheckUp.exe | Installed by SpeedItUp without permission, along with Search Defender - which is detected by DrWeb as the STARTPAGE.ORIGIN TROJAN! | No |
| X | PC-Cleaner | PC-Cleaner.exe | PC-Cleaner spyware remover - not recommended, see here | No |
| X | PC-Config32 | corona.exe | Added by the CORONEX.A WORM! | No |
| X | PC2X | initial.bat | Added by the DWNLDR-FZZ TROJAN! | No |
| U | pcAnywhere Agent | pcamgt.exe | Part of pcAnywhere 9.0 or later. This process listens for incoming PC Anywhere connections if your PC is configured as a PC Anywhere host | No |
| Y | PCBG | PCBODYGUARD.EXE | PC Bodyguard from Calluna - protects system files and settings from being deleted, modified, etc | No |
| Y | PCBODYGUARD | PCBODYGUARD.EXE | PC Bodyguard from Calluna - protects system files and settings from being deleted, modified, etc | No |
| U | PcBoost | PcBoost.exe | PCBoost from PGWARE, LLC increases computer performance by allocating higher portions of CPU power to active applications and games | No |
| Y | PCCClient.exe | PCCClient.exe | PC-Cillin 2002 antivirus software | No |
| Y | pccguide.exe | pccguide.exe | PC-Cillin 2002 antivirus software | No |
| Y | PCCIOMON.EXE | PCCIOMON.EXE | PC-Cillin 2000 antivirus software. This is the actual virus-scanner | No |
| X | PCCleaner | SysCleaner.exe | SysCleaner spyware remover - not recommended, see here | No |
| Y | PCClient.exe | PCClient.exe | Trend Micro PC-Cillin Internet Security | No |
| Y | PccPfw | PccPfw.exe | Trend Micro PC-Cillin Internet Security | No |
| Y | PcCtlCom | Pcctlcom.exe | Trend Micro PC-cillin Internet Security | No |
| N | PCDRealtime | realtime.exe | Apparently the monitoring device for PC Doctor Online. It provides a "free" examination on system files (i.e. registry), reports the number of errors it finds, and invites you to "order" the fee-based fixes from its web site | No |
| U | PCDrProfiler | RunProfiler.exe | Part of PC Doctor software installed for some machines. Disabling or enabling it is down to your preference | No |
| X | PcEXPLODE | specialfile.exe | Added by the RBOT.RH WORM! | No |
| U | PcEye | pceye.exe | PCEye 2000 - parental control utility | No |
| N | PCHbutton | PCHbutton.exe | Used by HP Instant Support | No |
| N | PCHealth | pchschd.exe | This is a "scheduler" and does not turn off PC Health. For more information refer here | No |
| X | PCHEasySearch | STUpdate.exe | PCH EasySearch bar | No |
| ? | PCIMODEM | pcimodem.exe | Associated with Lucent based Aztech MDP7800-U PCI modems. Is it required? | No |
| U | PCLEPCI | ppe.exe | Pinnacle Systems PCI Performance Enhancer. "This tool helps to increase the PCI Busmaster performance of all Pinnacle PCI boards." | No |
| X | PClK | PClK.exe | Added by the LEGMIR-BL TROJAN! | No |
| ? | PCMCIA Resource Monitor | nvp2pmon.exe | NVIDIA nForce P2P Driver. What does it do and is it required? | No |
| X | PCMM2007RT | pcmm2007.exe | PC MightyMax 2007 rogue security software - not recommended, see here | No |
| X | PCMMRealtime | pcmm.exe | PC MightyMax rogue security software - not recommended, see here | No |
| U | PCMService | PCMService.exe | Part of Cyberlink's Power Cinema. Commonly distributed with the Dell MultiMedia software suite. It is used to watch movies, play music and even watch TV in a central location | No |
| U | PCPerf | pcperf.exe | PC Accelerator 2007 from DefendGate Inc. "Powerful all-in-one PC performance and Internet acceleration solution designed to help increase your system and online performance and security" | No |
| N | PCPitstop Registration Reminder | Reminder.exe | Registration reminder for the Exterminate antimalware package from PC Pitstop | No |
| U | PCPitStopEraser | PCPitStopErase.exe | "PC PitStop Erase is both a free privacy scanner and paid tracks cleaner" | No |
| U | PCPOptimize | PCPOptimize.exe | PC Pitstop Optimize - "an application that will make your PC run faster, make it more stable, and clean up hard drive space" | No |
| U | PCPOptimize | PCPOptimize.exe | Scheduler for the Optimize system optimization utility from PC Pitstop | No |
| X | PCPrivacyTool | GDC.exe | PCPrivacyTool misleading security program - not recommended, see here | No |
| X | PCprot | crcss.exe | Added by an unidentified WORM! | No |
| ? | pcqmqgn.exe | pcqmqgn.exe | ?? | No |
| U | PCRecSA | PCRecSA.exe | Part of the IBM/XPoint Rapid Restore backup utility. If you choose, you can use it to create a "clean" backup of your hard drive. The process involves the software partitioning your hard drive, making a compressed image of the working drive which will then allow you to revert to that should you need to | No |
| X | pcServer | server.exe | Ssppyy spyware | No |
| X | PCShield | regsvr32 sfg_****.dll [* = random char] | SafeguardProtect/Veevo hijacker. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The random DLL file is found in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| N | PCStart | Pcm25.exe | Runs as part of PCMonitor which is a program for monitoring your activity on your system. It makes screen dumps and key logging. It can hang-up your system because the screen dump page gets VERY big | No |
| N | PCSuiteTrayApplication | TrayApplication.exe | System Tray icon for Nokia PC Suite. PC Suite lets you synchronize, edit, and back up many of your phone's files on a compatible PC through a wireless or cable connection. PC Suite can also be launched through Start Menu | No |
| N | PCSuiteTrayApplication | LaunchApplication.exe | System Tray icon for Nokia PC Suite. PC Suite lets you synchronize, edit, and back up many of your phone's files on a compatible PC through a wireless or cable connection. PC Suite can also be launched through Start Menu | No |
| X | Pcsv | pcsvc.exe | Delfin Media Viewer or "Promulgate" adware | No |
| N | PcSync | PcSync.exe | If a Nokia phone has been connected, synchronises the phone with MS Outlook or other organiser software. It is installed by the Nokia PC Suite, and the tray icon shows if a phone has been connected. Available via a desktop shortcut or Start -> Programs | No |
| X | PcSync | PcSync.exe | Added by the RBOT-XJ WORM! Note - do not confuse with the Nokia application described here | No |
| N | PcSync | PcSync2.exe | If a Nokia phone has been connected, synchronises the phone with MS Outlook or other organiser software. It is installed by the Nokia PC Suite, and the tray icon shows if a phone has been connected. Available via a desktop shortcut or Start -> Programs | No |
| Y | PCTAV | PCTAV.exe | System Tray access to PC Tools AntiVirus from PC Tools - which "provides world-leading protection against viruses, worms and Trojans with rapid updates and IntelliGuard™ technology" | Yes |
| Y | PCTAVApp | PCTAV.exe | System Tray access to PC Tools AntiVirus from PC Tools - which "provides world-leading protection against viruses, worms and Trojans with rapid updates and IntelliGuard™ technology" | Yes |
| X | pctdf.exe | pctdf.exe | PCTotalDefender rogue spyware remover variant | No |
| U | PcThrust | PcThrust.exe | PCThrust from SwiftDog - "increases computer performance by allocating higher portions of CPU power to active applications and games" | No |
| U | pctspk | pctspk.exe | Used for modems based upon PC-TEL chipsets. Normally used for some Voice and Speakerphone functions and also for some Power management options. If you remove it you may not be able to use any of those functions | No |
| Y | pctsTray | pctsTray.exe | System Tray access to both PC Tools Internet Security suite and Spyware Doctor antispyware from PC Tools | Yes |
| Y | pctsTray.exe | pctsTray.exe | System Tray access to both PC Tools Internet Security suite and Spyware Doctor antispyware from PC Tools | Yes |
| U | PCTVOICE | pctvoice.exe | The program PCTVoice is used by the modem to interface with your computer and also used for some V.80 functions for Video Conferencing. if you uncheck it, it comes back. It's better to leave it | No |
| U | PCTVRemote | remoterm.exe | Controls the remote control on some Pinnacle TV tuners | No |
| U | PCWatch | pcwatch.exe | PCWatch surveillance software. Uninstall this software if you did not install it yourself | No |
| U | PD0620 STISvc | P0620Pin.dll | Creative Technology Ltd installation plug-in related | No |
| U | Pd71Pan | Pd71Pan.Exe | Audiotrak Prodigy 7.1 sound card control panel | No |
| X | PDA Commander | stisvc32.exe | Added by the AGOBOT-TX WORM! | No |
| U | PdaNet Desktop | PdaNetPC.exe | PdaNet from June Fabrics Technology Inc. Use Windows Mobile Smartphone or PocketPC Phone as wireless modem for your PC | No |
| X | PDASCAN | pdascan.exe | Added by the AGOBOT-QY WORM! | No |
| U | PDAsync | SyncLauncher.exe | Laplink PDASync - PDA synchronisation utility | No |
| U | PDDM | pddm.exe | Patchlink Update - "core product of the leading patch and vulnerability management software solution for medium and large enterprise network security" | No |
| U | PDEngine | PDEngine.exe | PerfectDisk from Raxco - disk defragmenter. Only required if you schedule disk defragmenting at re-boot | No |
| N | pdexplo | PDEXPLO.EXE | PowerDesk Pro by PowerDesk Pro by Ontrack. Enhanced desktop and file manager. Available via Start -> Programs | No |
| U | PDF Complete | pdfsty.exe | "PDF Complete is a high-quality PDF document creation tool that operates much like the Acrobat® PDF Writer solution. Almost any document can be converted to a pdf file by simply printing the document to the PDF Complete printer" | No |
| ? | PDF Converter Registry Controller | RegistryController.exe | Nuance (was Scansoft) PDF Converter Registry Controller related - what does it do and is it required? | No |
| U | pdfFactory Dispatcher v1 | fppdis1a.exe | FinePrint pdfFactory Dispatcher - background task which handles the creation of PDF files when you print to the FinePrint pdfFactory printer. Version 1.x of the software. "pdfFactory products offer a unique approach to PDF creation that is simpler, more effective and less expensive than that offered by other programs" | No |
| U | pdfFactory Dispatcher v2 | fppdis2a.exe | FinePrint pdfFactory Dispatcher - background task which handles the creation of PDF files when you print to the FinePrint pdfFactory printer. Version 2.x of the software. "pdfFactory products offer a unique approach to PDF creation that is simpler, more effective and less expensive than that offered by other programs" | No |
| U | pdfFactory Pro Dispatcher v1 | fppdis1.exe | FinePrint pdfFactory Pro Dispatcher - background task which handles the creation of PDF files when you print to the FinePrint pdfFactory PRO printer. Version 1.x of the software. "pdfFactory products offer a unique approach to PDF creation that is simpler, more effective and less expensive than that offered by other programs" | No |
| U | pdfFactory Pro Dispatcher v3 | fppdis3a.exe | FinePrint pdfFactory Pro Dispatcher - background task which handles the creation of PDF files when you print to the FinePrint pdfFactory Pro printer. Version 3.x of the software. "pdfFactory products offer a unique approach to PDF creation that is simpler, more effective and less expensive than that offered by other programs" | No |
| U | pdfMachine dispatcher | mapisnd.exe | pdfMachine Windows print driver | No |
| N | pdfSaver3 | pdfSaver3.exe | PDF-XChange - create Adobe compatible PDF files from virtually any Windows software such as MS Word, Excel, AutoCAD, MS Publisher etc | No |
| N | PDirect | PDirect.exe | IBM Presentation Director software | No |
| U | pdp Server | ctpdpsrvr.exe | Included and setup with the drivers for my Compaq A3000 all-in-one printer/scanner - maybe for networking. Works fine without it - but may be needed when used over a network | No |
| U | PDService.exe | pdservice.exe | Related to Utimaco Safeware Easy. "Your electronic safe for protecting confidential data" | No |
| U | pduip6000dmon | PDUiP6000DMon.exe | Canon PIXMA iP6000D printer memory card utility | No |
| U | PDUiP6000DTskbr | PDUiP6000DTskbr.exe | Canon PIXMA iP6000D printer memory card utility | No |
| ? | PDVD8LanguageShortcut | Language.exe | Part of Cyberlink's PowerDVD version 8. Language settings? | No |
| ? | PDVDDXSrv | PDVDDXSrv.exe | Related to Cyberlink PowerCinema. Possibly the driver for a remote control where included? | No |
| U | PDVDServ | PDVDServ.exe | Remote Control background application for Cyberlink's PowerDVD version 5 and above. Enables you to use a remote control with your DVD drive if your drive came with one. Not required if you don't have a remote control, or don't wish to use one | No |
| N | Pe2ckfnt SE | chkfont.exe | Used to check whether the fonts are installed properly on your computer or not for a scanner. If you don't want to execute it, you can uncheck it in the startup menu | No |
| ? | PeachtreePrefetcher | PeachtreePrefetcher.exe | Related to Peachtree accounting software by Sage Software. What does it do and is it required? | No |
| ? | PeachtreePrefetcher.exe | PeachtreePrefetcher.exe | Related to Peachtree accounting software by Sage Software. What does it do and is it required? | No |
| X | PECarlin | PECarlin.exe | Adware - see here | No |
| ? | Peeramid | PService.exe | In a "Koptimizer" folder in Program Files. What does it do and is it required? | No |
| U | PeerGuardian | PeerGuardian_1.99b_pr14.exe | PeerGuardian - IP blocker for Windows. Used to protect privacy on P2P networks by blocking IP addresses specified in blocklists. Features support for multiple lists, a list editor, automatic blocklist updates, and blocking all of IPv4 (TCP, UDP, ICMP, etc) | No |
| U | PeerGuardian | pg2.exe | PeerGuardian - IP blocker for Windows. Used to protect privacy on P2P networks by blocking IP addresses specified in blocklists. Features support for multiple lists, a list editor, automatic blocklist updates, and blocking all of IPv4 (TCP, UDP, ICMP, etc) | No |
| U | Pent@VALUE 3.2 | Pent@VALUE.exe | Pent@VALUE Digital Satellite Internet PC Receiver | No |
| X | PeqBL100 | PEQBL100.exe | Added by the ENVID.D WORM! | No |
| Y | PER Email Protection | pavmail.exe | PER Antivirus | No |
| X | Perfect Defender 2009 | pdfndr.exe | Perfect Defender 2009 rogue security software - not recommended, removal instructions here | No |
| N | PerfectPrint | pfppop70.exe | Print engine used by Corel WordPerfect 7 and Presentations 7 | No |
| X | PerfFont (Performance True Type Font) | perfont.exe | Added by the MUTECH-E TROJAN! | No |
| U | perfmon | perfmon.vbs | MindStorm AnalyzerPro from Secure Associates. "A security management tool for customers easy to manage report and analyze security events across heterogeneous security devices" | No |
| X | Perfomance Monitor | davcsync.exe | Added by the LAMUD-A WORM! | No |
| X | Perfomance Settings | svchost.exe | Added by the TOFGER-AP TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in the Winnt or Windows folder | No |
| X | Performance | MyHeart.exe | Added by the PESIN-D WORM! | No |
| N | Performance Center | ApcMain.exe | Ascentive Performance Center - not recommended, see here and here | No |
| X | Performs peer to peer connection | WinPTTP.exe | Added by the RBOT-GMI WORM! | No |
| X | PermissionResearch | prmrsr.exe | MarketscoreRelevantKnowledge adware | No |
| Y | PersFw | PersFw.exe | Kerio or Tiny Personal Firewall | No |
| N | Persistence | igfxpers.exe | Part of Intels Common User Interface for chipsets with integrated graphics controllers - which allows user to change different driver properties through Windows User Interface. Not known exactly what it does but apparently it isn't required | No |
| X | Personal Computer | scvhost.exe | Added by the RBOT-AJE WORM! | No |
| X | Personal Defender 2009 | pdefendr.exe | Personal Defender 2009 rogue security software - not recommended, removal instructions here | No |
| X | Personal Firwall | ptmedsrv.exe | Added by the SDBOT.XY WORM! | No |
| X | Personal Security Center Monitor | isc_ui.exe | Added by the FAKEALERT TROJAN! | No |
| X | PersonalAntiSpy Free | pas.exe | PersonalAntiSpy rogue spyware remover - not recommended, removal instructions here | No |
| U | Pervasive.SQL Workgroup Engine | W3dbsmgr.exe | Database Service Manager for Pervasive SQL 2000 Workgroup edition. Required if you use Pervasive SQL but it's recommended you start it manually before using it as it has a tendancy to crash/freeze if loaded with other applications at startup | No |
| X | Pest-Capture | PestCapture.exe | Pest-Capture malware remover - not recommended, see here | No |
| X | PestCapture | PestCapture.exe | Pest-Capture malware remover - not recommended, see here | No |
| U | PestPatrol Control Center | PPControl.exe | PestPatrol Control Terminal - utility that launched PestPatrol features such as PPMemCheck and CookiePatrol before CA's acquisition | No |
| ? | PestPatrolCL | PestPatrolCL.exe | PestPatrol's command line scanner, combines with the Windows Task scheduler and is required in cases where schedules for regular scanning are set | No |
| X | PestTrap | PestTrap.exe | PestTrap spyware remover - not recommended, see here | No |
| U | Petit Larousse 2001 | HIPL2000Popup.exe | Popup dictionary tool | No |
| X | Pex Sound Driver | Today's Results.vbs | Added by the TRODE-A WORM! | No |
| X | pex Sound driver 2 | Today's Results.vbs | Added by the TRODE-A WORM! | No |
| U | PFM3.0 | PFM30.exe | Management software for the Philips 8FF3WMI/27 digital PhotoFrame. Used to configure the device, transfer photos from a PC by drag and drop and on this wireless model, you can also use it to download RSS feeds to and display Internet photos on the device. Only required if you use the wireless features - otherwise it can be started when you manually connect the device. May also be included with other models but currently only available for this one | No |
| U | PFM30 | PFM30.exe | Management software for the Philips 8FF3WMI/27 digital PhotoFrame. Used to configure the device, transfer photos from a PC by drag and drop and on this wireless model, you can also use it to download RSS feeds to and display Internet photos on the device. Only required if you use the wireless features - otherwise it can be started when you manually connect the device. May also be included with other models but currently only available for this one | No |
| ? | PFW_CfgEngine | PFWCFG~1.EXE | Personal Firewall related? | No |
| ? | PFW_PullSrv | PULL.EXE | Personal Firewall related? | No |
| U | pg | pg.exe | Part of Privacy Guardian from PC Tools - which "is a safe and easy-to-use privacy protection tool that securely deletes online Internet tracks and program activity records that are stored in your browser and other hidden files on your computer". This startup entry runs only on the next reboot if the "Cache, History and Address Bar" option is selected under "Browsers" when the users selects "Clean Your Computer". This startup entry is only created when Privacy Guardian is installed on XP. Also included in PC Tools Desktop Maestro (which incorporates Privacy Guardian) | Yes |
| Y | Pghist | PgHist.exe | Part of Privacy Guardian from PC Tools - which "is a safe and easy-to-use privacy protection tool that securely deletes online Internet tracks and program activity records that are stored in your browser and other hidden files on your computer". This startup entry runs only on the next reboot if the "Cache, History and Address Bar" option is selected under "Browsers" when the users selects "Clean Your Computer" and is only created when Privacy Guardian is installed on XP. Also included in PC Tools Desktop Maestro (which incorporates Privacy Guardian) | Yes |
| Y | PgHist.exe | PgHist.exe | Part of Privacy Guardian from PC Tools - which "is a safe and easy-to-use privacy protection tool that securely deletes online Internet tracks and program activity records that are stored in your browser and other hidden files on your computer". This startup entry runs only on the next reboot if the "Cache, History and Address Bar" option is selected under "Browsers" when the users selects "Clean Your Computer" and is only created when Privacy Guardian is installed on XP. Also included in PC Tools Desktop Maestro (which incorporates Privacy Guardian) | Yes |
| Y | PgIndex | PgIndex.exe | Part of Privacy Guardian from PC Tools - which "is a safe and easy-to-use privacy protection tool that securely deletes online Internet tracks and program activity records that are stored in your browser and other hidden files on your computer". This startup entry runs only on the next reboot if the "Index.dat" option is selected for IE under "Browsers" when the users selects "Clean Your Computer". Index.dat files keep a track of pages, images, cookies or sounds from web sites you have visited, even if these files are deleted from your system. Also included in PC Tools Desktop Maestro (which incorporates Privacy Guardian) | Yes |
| X | PgMonitr | PgMonitr.exe | Delfin Promulgate adware variant | No |
| Y | PGPSDKSVC | pgpsdkserv.exe | PGPsdkServ.exe is the new SDK service which is responsible for performing all PGP key management and cryptographic functions. This functionality was moved into a service to allow multiple modules simultaneous read/write access to the keyrings, among other things. As you can imagine, it is necessary for PGPsdkServ to be running in order to perform practically any PGP functionality | No |
| U | PGPSERVICE | pgpservice.exe | PGPservice.exe has two main purposes: (1) it handles a large part of the PGPnet functionality (along with the PGPnet driver) and (2) it allows efficient access to the PGP preferences database. The individual PGP modules normally access the preferences through PGPservice, but they are capable of a "fall-back" mode where they can handle such access on their own. Thus, if you are not running PGPnet, you may not immediately notice much of a difference if you disable PGPservice. If you are running PGPnet, you will notice a big difference | No |
| N | PGPtray | pgptray.exe | PGP 7.x. Provides icon tray shortcuts to PGP programs from Network Associates. Available via Start -> Programs | No |
| X | PGQL | pgql.exe | Added by the BCKDR-PQN BACKDOOR! | No |
| X | PGStub.exe | [various filenames] | Unidentified adware | No |
| X | pgtaff | pgtaff.exe | AdRotator adware variant | No |
| U | Phase One Media Reader | DCIMImp.exe | Phase One Media Reader Capture images | No |
| U | phc700 | vphc700.exe | Related to the Philips SPC700NC web camera | No |
| Y | PhiBtn | PhiBtn.exe | Snapshot and Launch button application from Philips belonging to Philips SPC 900NC Camera | No |
| U | Philips Intelligent Agent | Philips Intelligent Agent.exe | Philips Intelligent Agent searches automatically the correct update for your recordable drive in only three simple steps | No |
| U | Philips PhotoFrame Manager | PFM30.exe | Management software for the Philips 8FF3WMI/27 digital PhotoFrame. Used to configure the device, transfer photos from a PC by drag and drop and on this wireless model, you can also use it to download RSS feeds to and display Internet photos on the device. Only required if you use the wireless features - otherwise it can be started when you manually connect the device. May also be included with other models but currently only available for this one | No |
| N | PhilipsDM | DeviceManager.exe | Device manager for Philips portable media players such as the GoGear | No |
| ? | PhilipsLime | LimeAlive.exe | Associated with some Philips portable media players such as the GoGear. What does it do and is it required? | No |
| N | Phime2002a | TINTSETP.EXE | Part of Microsoft's Input Message Editor (IME) for translating Japanese/Chinese text in IE, Outlook and Word | No |
| N | PHIME2002ASync | TINTSETP.EXE | Part of Microsoft's Input Message Editor (IME) for translating Japanese/Chinese text in IE, Outlook and Word | No |
| X | PHIME2004C | CTFMDN.exe | Added by the DLOADR-AMV TROJAN! | No |
| X | PHIME2OO2ASyst | [path to trojan] | Added by the DBDOOR-B TROJAN! | No |
| U | PhoneFree version 6.2 | PHONEF??.EXE | An Internet telephony application. Complicated registration and ad banners tailored to your profile - see here | No |
| N | Photo Express Calendar Checker SE | CALCHECK.EXE | If you create multiple Weekly/Monthly/Yearly calendars to use as your wallpaper, Photo Express will replace the wallpaper automatically. Photo Express 2.0 has a calendar checker which checks the date on your system and updates your wallpaper accordingly | No |
| N | Photo Loader supervisory | Plauto.exe | Casio's Photo Loader software. Hook up your camera to the USB port, and it pops up and asks you if you want to load your pictures | No |
| U | PhotoExplosionCalCheck | calcheck.exe | Calendar management feature of Nova Development's Photo Explosion | No |
| U | PhotoManager | PhotoManager.exe | Management software for Philips digital PhotoFrame range. Used to edit photos and transfer them directly from a PC via a USB cable. Start manually when you connect the device | Yes |
| X | Photoshop | svchost.exe | Added by the CDOPEN-E TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the "Program Files" folder | No |
| N | PhotoShow Deluxe Media Manager | mssysmgr.exe | Simple Star PhotoShow Deluxe photo editing and organizing software, makes it easy to send and share digital photos. Bundled with software from Nero, ComCast, SnapFish, MacroMedia and others | No |
| N | PhotoWise QuickLink | quicklnk.exe | Agfa PhotoWise - "PhotoWise QuickLinkTM lets you drag and drop photos right from the camera into your document (applications must be OLE-compliant). Use PhotoWise to print contact sheets and photographic prints. Create slide shows, screen savers, wallpaper and more." | No |
| U | PhraseExpress | phrase.exe | "PhraseExpress organizes your frequently used text phrases and allows pasting them into any application" | No |
| N | PI Notify | PINotify.exe | Property Intellect from Wild Rabbit Software Ltd - "is widely used in the residential lettings markets to help landlords, investors and managing agents deal with the day-to-day aspects of looking after property" | No |
| X | PIC SYSTEM | picx.exe | Added by the MYTOB.LL WORM! | No |
| N | Picaboo | PicabooMain.exe | Picaboo - "Easily create stunning photo books and cards with your digital photos" | No |
| N | Picasa Media Detector | PicasaMediaDetector.exe | Media detector for Picasa's automatic photo organizer | No |
| N | PicasaNet | Hello.exe | Hello is an application that allows Blogger users to post digital photos and captions directly to their personal weblogs, or blogs | No |
| N | Pickatag | pickatag.exe | Pick-a-tag - "freeware utility for random selection of your taglines. This utility randomly picks a tagline out of a list of taglines. It will create a signature file which your mailer can use to place under your messages" | No |
| U | PicoZip | PicoZipTray.exe | System tray access to PicoZip - "an easy to use Zip and UnZip utility that runs on all 32-bit Windows platforms such as Windows 95, 98, ME, NT4, 2000 and XP" | No |
| N | PICPRTR | PICPRTR.EXE | Program for viewing and measuring a variety of 3D CAD data formats | No |
| X | picsvr | picsvr.exe | Delfin Promulgate adware | No |
| N | Picture Motion Browser Media Check Tool | SPUVolumeWatcher.exe | Part of the Sony Picture Uility software supplied with Sony camera/camcorder products. Automatically invokes an import process if the camera/camcorder is connected and has media on it | No |
| U | Picture Package VCD Maker | Residence.exe | Sony Picture Package software for their range of Digital Handycam video cameras. Used to connect the camcorder via USB and allows the user to burn the content directly to a CD | No |
| N | pictureBUZZTray | swtray.exe | System Tray access to PictureBUZZ on-line printing software from Streetwise Software. If you use the software set the page you use as a favourite in your browser and run it manually | No |
| X | picview | picview.exe | Added by the DWNLDR-FPH TROJAN! | No |
| X | picview | msnmsgr.exe | Added by the BANLOA-AF TROJAN! Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %Windir% | No |
| U | Pidgin | pidgin.exe | Pidgin IM client - "a multi-protocol Instant Messaging client that allows you to use all of your IM accounts at once" | No |
| U | PiDunHK | PIDUNHK.EXE | Part of the Prodigy Internet software - part of the dialer/DUN. Presumably needed for users of that service otherwise you may not be able to connect, although you may try creating your own shortcut and see what happens | No |
| X | pigglett | pigglett.exe | Added by a variant of the SMALL.EP TROJAN! | No |
| U | piiserviceOE | N/A | Spam Inspector (nee Postal Inspector) from The Giant Company or iHateSpam from Sunbelt Software - spam filter add-ons for OE | No |
| X | pilif | pilif.exe | Added by the FILI WORM! | No |
| N | Pinger | pinger.exe | Pinger is the resident program for Toshiba updates. Periodically checks to see if there are any software/driver upgrades for your particular computer model. If it finds any, it posts a notification | No |
| X | PingTimeout Institution | pingchek.exe | Added by the SDBOT-VY WORM! | No |
| X | PingTimeout Institution | internal.exe | Added by the SDBOT.BMH WORM! | No |
| U | Pink Calendar | PinkCal.exe | Pink Calendar & Day Planner | No |
| Y | PinnacleDriverCheck | PSDrvCheck.exe | Part of Pinnacle Systems InstantCD/DVD and InstantCopy CD/DVD copying software that verifies drive settings. Once loaded it doesn't use any resources so you can leave it enabled | No |
| N | PINotify | PINotify.exe | Property Intellect from Wild Rabbit Software Ltd - "is widely used in the residential lettings markets to help landlords, investors and managing agents deal with the day-to-day aspects of looking after property" | No |
| N | Piolet | piolet.exe | Piolet - peer-to-peer file sharing client | No |
| X | PIPE SYSTEM | pipe.exe | Added by the MYTOB-FF WORM! | No |
| N | Piracy | SysUtil.exe | Software Piracy Alert feature bundled with PGWare software. Cries foul when it detects an 'illegal' version. The alerts are reported to disappear as soon as the software is correctly registered. There are privacy issues though: "The Software includes a feature that assigns a unique order number to GameGain based on purchase information. The Software reports this number to us via the internet either when you run the Software or enter the registration number, or both. The Software may also identify and report to us your IP address, date and time of installation, registration and/or use. We use this information strictly to count the number of installations, detect unauthorized access or piracy of the Software, and develop rough statistical data regarding the geographic location of our users" | No |
| N | PitFrame Module | Reminder.exe | Registration reminder for the PC Pitstop Optimize 2.0 system optimizatoon utility by CA. Located in %ProgramFiles%\PCPitstop\Optimize2 | No |
| N | PivotSoftware | wpctrl.exe | PivotPro from Portrait Studios - allows a screen to be rotated to match rotated LCD screens, for example). Shortcut available via Display Properties | No |
| X | Pixel32 | Pixel32.exe | Added by the GEMA TROJAN! | No |
| X | Pixelpwr32 | Pixelpwr32.exe | Added by the GEMA TROJAN! | No |
| X | Pixelsvr | Pixelsvr.exe | Added by the GEMA TROJAN! | No |
| U | pjWebCam | pjWebCam.exe | Webcam automation software that saves regular photos from webcam and can also act as HTTP server | No |
| X | PK Guard | pkguard32.exe | Added by the GUAPIM WORM! | No |
| X | PK Services | pksvc.exe | Added by the FORBOT-BW WORM! | No |
| N | PKR Pal | pkrpal.exe | PKR Pal utility from PKR - "helps keep your software updated so in future there will be no lengthy waits for new versions to install. Based on your selected options it will also let you know when your favourite tournaments are starting!" | No |
| N | pkrpal | pkrpal.exe | PKR Pal utility from PKR - "helps keep your software updated so in future there will be no lengthy waits for new versions to install. Based on your selected options it will also let you know when your favourite tournaments are starting!" | No |
| N | pkrpal.exe | pkrpal.exe | PKR Pal utility from PKR - "helps keep your software updated so in future there will be no lengthy waits for new versions to install. Based on your selected options it will also let you know when your favourite tournaments are starting!" | No |
| U | PktAnything | PocketCompanion.exe | PocketAnything lets you save anything on your computer to your mobile, with one click | No |
| U | Planl?gningsagent | mstask.exe | Windows Task Scheduler (on Danish language versions of Windows) - displayed as a box with a stopwatch in the System Tray. Required if you have regularly scheduled tasks like defragmenting, ScanDisk, weekly virus scans and so on | No |
| X | Plasdll service | [random filename] | Added by a variant of the SDBOT WORM! | No |
| X | play ooze | user grim.exe | Added by and unidentified WORM or TROJAN! | No |
| X | Playboy | playavi.exe | Added by the GAMANLOCK TROJAN! | No |
| N | PlayMovie | PMVService.exe | Part of Acer Arcade Deluxe lets you browse pictures, listen to music from a variety of sources, enjoy DVD movies, and create multimedia through one convenient interface | No |
| U | PLEAPCPUCPL | pleapu.exe | CPU Control Panel for the Powerleap CPU upgrade | No |
| ? | PLFFAP | HotfixQ0306270.exe | Prolific Technology Inc. USB Flash Disk driver - is it required in startup? | No |
| N | Plguni | Plguni.exe | McAfee QuickClean 3.0 - removes internet clutter and unwanted programs | No |
| X | plite731 | plite731.exe | Poplite A adware | No |
| U | plmg.exe | plmg.exe | Paragon Last Minute Bidder - auction assistant software | No |
| N | PLNRNote | PLNRNote.exe | Part of Sierra/Hallmark Card Studio - System Tray notification of events such as birthdays and anniversaries that you've scheduled with the customizable Event Planner | No |
| ? | PLoader | umsd.exe | USB Mass Storage Disk related tray icon. Is it required? | No |
| X | Plob | kernel.com | Added by the OPTIXPRO.12 TROJAN! | No |
| X | Plook | plook.exe | AffiliateTarget.com alias PLook adware | No |
| U | Pluck Tray | PluckTray.exe | RSS (XML TAGS) reader program | No |
| N | PluckSvr | PluckUpdater.exe | Pluck Toolbar updater | No |
| X | Plug And Play | msnmsg.exe | Added by the RBOT-ID WORM! | No |
| U | Plus! Alarm Clock | AlarmClock.exe | Alarm Clock function of Microsoft Plus! Digital Media Edition (which is no longer available) | No |
| X | Pluto! Pager | srvhandle.exe | Added by the REDPLUT VIRUS! | No |
| U | PLXSTART | PLXSTART.EXE | Sets the spindown timeout and access speeds at startup and displays the "Plextor Manager 2000" splash screen for Plextor CD-RW. | No |
| N | PLXTASK | PLXTASK.EXE | Taskbar utility for a "control panel" for a Plextor CD-RW. Has MVP 2000 (audio CD player), DiscDupe 2000 (self explanatory CD copying program) and AudioCapture 2000 (rips audio CDs into MP3 or WAV files) | No |
| X | pm32ctrl | pwr32crtl.exe | Added by the CRYPTER.A TROJAN! | No |
| X | pm32info | pm32info.exe | Added by the CRYPTER.A TROJAN! | No |
| X | pmc | 764.exe | Adult content dialler | No |
| X | pmcqt | pmcqt.exe | Added by the DLUCA-V TROJAN! | No |
| ? | PMCS | PMC.Service.Main.exe | Related to MediaCenterService from Pinnacle Systems. What does it do and is it required? | No |
| X | Pmedia | winsrvc.exe | Internet marketing sofware from Permissioned Media Inc as used in E-Card FriendGreetings foistware - see here. Treated by Trend as the FRIENDGRT.B WORM! | No |
| ? | PmProxy | PmProxy.exe | Associated with Analog Devices "SoundMAX" audio chipset - often built-in to motherboards. What does it do and is it required? | No |
| X | pmr | pmr.exe | PowerStrip foistware. Note - this is not the same as the video tweaking utility of the same name here | No |
| X | pmsngr.exe | pmsngr.exe | Added by the ZLOB.MEDIA-CODEC TROJAN! This purports to be a Windows Media Player upgrade (with names such as "iCodecPack", "X Password Manager" and "Media-Codec") to allow the user to view adult oriented videos on certain websites - but actually downloads and installs additional malware on the user's machine. Various directories and filenames are used - see the link for details | No |
| U | PMT | personalmoneytree.exe | According to the web site Personal Money Tree is an automatic cash rebate program. Note: Not recommended | No |
| N | PMTSHOOT | pmtshoot.exe | MS tool for troubleshooting power management problems | No |
| U | PMXInit | pmxinit.exe | Restores user display preferences Kyro2 based graphics cards. Not required unless you change the default settings - such as gamma | No |
| N | PNAgent | PNAgent.exe | PhatNoise Music Manager - manages WMA, MP3, WAV, etc music files | No |
| X | PNP | wuaaclt.exe | Added by the LILBRE-A WORM! | No |
| X | PnP Driver | playboy.exe | Added by the FORBOT-FR WORM! | No |
| X | PNP FIX | [worm filename] | Added by the RBOT-AKQ WORM! | No |
| U | Pnpchk | Pnpchk.exe | Aztech Labs Sound 3 PnP driver | No |
| X | pnpsvc_lock | ******.exe [* = random digit] | Browser hijacker | No |
| X | pnpsvc_lock | startsvs.exe | Browser hijacker | No |
| U | PNSetup | PNSetup.exe | PopNot - pop-up killer | No |
| X | PNtask Services | pntask.exe | Added by the LALA.C TROJAN! | No |
| X | pnvifj | jusodl.exe | Added by the QQPASS.48436 TROJAN! | No |
| U | Pocket Sheet Sync | PSXLTRAY.EXE | Casio Pocket Sheet synchronization software | No |
| X | Poet | Poet.exe | Added by the DOEP.A WORM! | No |
| X | Pofatch | nstrue.exe | Added by the RANDEX.Z WORM! | No |
| U | point32 | point32.exe | Microsoft Intellipoint software for their Intellimouse series of mice - required if you use non-standard Windows driver features | No |
| U | POINTER | point32.exe | Microsoft Intellipoint software for their Intellimouse series of mice - required if you use non-standard Windows driver features | No |
| X | Points Manager | points manager.exe | Altnet TopSearch adware | No |
| N | PoivY | PoivY.exe | PoivY - free internet telephony utility using the VoIP (Voice over Internet Protocol). Call online friends for free and regular phones either for free (limited use) or low rates. One of a number provided by Betamax - the others generally have different rate plans. Similar to the more popular Skype | No |
| X | PoliceAV | xppolice.exe | XP Police Antivirus rogue security software - not recommended, removal instructions here | No |
| X | Pollon | pollone.exe | Added by the SPYBOT.FW WORM! | No |
| X | polo.exe | polo.exe | Added by the AGENT-PE TROJAN! | No |
| X | poolsv | poolsv.exe | Added by an unidentified WORM or TROJAN! | No |
| X | POP | PopSrv***.exe | PeopleonPage foistware, bundled with Grokster where *** are random digits | No |
| X | POP Manager | popmgr.exe | Added by the BCKDR-PYV BACKDOOR! | No |
| U | POP Peeper | POPPeeper.exe | POP_Peeper from Mortal Universe Software Entertainment "is an email notifier that runs in your Windows task bar and alerts you when you have new email on your POP3, IMAP, etc" | No |
| U | Pop-Up Smasher | PopupSmasher.exe | Pop-Up Smasher - pop-up killer | No |
| U | Pop-Up Stopper | dpps2.exe | Pop-Up Stopper Companion from Panicware. Pop-up blocker integrated into the IE toolbar. Note that the Pro version doesn't load in startup as it is installed as an Internet Explorer toolbar. Can cause problems with IE if you use WinXP and uninstall Service Pack 1. Uninstalling the software leaves it in the startup group | No |
| U | Pop-Up_Blocker | Popup.exe | A Tweak-XP component, blocks advertisement pop-up windows in Internet Explorer. Can be enabled/disabled via Tweak-XP -> Internet Tweaks | No |
| U | Pop-Up_Scanner | Popupscn.exe | Panicware popup blocker | No |
| X | pop06ap | pop06ap2.exe | MediaMotor adware | No |
| X | pop06apelt | thiselt.exe | ZenoSearch adware | No |
| U | pop3 Server | config.cfg | Part of HTML2POP3 - "Convert Webmail to POP3.Is also included a SMTP/POP3 tunneling system that allow send and receive email in a private network HTTP PROXY based. All connection are plugin based. Over 250 email server supported and tested" | No |
| Y | pop3trap.exe | pop3trap.exe | PC-Cillin 2000 antivirus software -> E-mail scanner | No |
| X | PopeSvr | PopeSvr.exe | Added by the LEGMIR-AJ TROJAN! | No |
| X | PopMark | WinTask.exe | "Pop Marketing" adware | No |
| U | PopNot | PopNot.exe | PopNot - pop-up killer | No |
| U | PopOops | PopOops.exe | PopOops - pop-up killer | No |
| U | Popopen | popopen.exe | PopOpen makes your windows spring open with animation effects | No |
| Y | Poproxy | POPROXY.EXE | Proxy E-mail protection from Norton Anti-Virus (prior to 2002). If you have it installed, leave it enabled to automatically check for suspect attachments in E-mails that may contain viruses. It downloads the E-mail into poproxy, which serves as a proxy server on the local machine, before scanning it | No |
| X | popsrv146 | popsrv146.exe | AproposMedia adware | No |
| U | PopSubtract | PopSub.exe | PopSubtract - pop-up killer | No |
| X | PopularScreensaversWallpaper | rundll32 [path] F3SCRCTR.DLL,LES | MyWebSearch parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "F3SCRCTR.DLL" is located in %ProgramFiles%\MyWebSearch\bar\1.bin | No |
| U | Popup Ad Filter | PopFilter.exe | Popup Ad Filter - pop-up killer | No |
| X | Popup and Advertisement Killers | adkillers.exe | Added by the RBOT-DDH WORM! | No |
| X | Popup Blocker System | PopUpBlocker.exe | Added by a variant of the RBOT WORM! | No |
| X | Popup Blocker System326a Monitoring | PopUpBlocker6a.exe | Added by the RBOT.AUH WORM! | No |
| X | Popup Blocker System8 Monitoring | PopUpBlocker8.exe | Added by a variant of the RBOT WORM! | No |
| X | Popup Blocker Updater | regsvr32 veev****.dll [* = random char] | SafeguardProtect/Veevo hijacker. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The random DLL file is found in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| U | PopUp Buster+ | popupbuster.exe | PopUp Buster - free Pop-up blocker | No |
| X | Popup Defence Updater | regsvr32 pdfupd.dll | SafeguardProtect/Veevo hijacker. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The "pdfupd.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| U | Popup Defender | PD.exe | Popup Defender - pop-up killer | No |
| U | PopUp Destroy | Popup-Destroy.exe | French pop-up killer from VSoft | No |
| U | Popup Terminator | GLADManager.exe | Popup Terminator - pop-up killer | No |
| U | PopupEliminator | Popup Eliminator.exe | Popup Eliminator - pop-up killer | No |
| U | PopUpKiller | PopUpKiller.exe | PopUpKiller - pop-up killer | No |
| X | popuppers | newpop63.exe | Medload adware | No |
| X | popuppers64 | a64sddd.exe | Popuppers adware, also detected as the LOWZONE-AA TROJAN! | No |
| X | popuppers65 | [path to file] | Medload adware | No |
| U | PopUpStopperCompanion | PSComp.exe | PopupStopper Companion popup blocker | No |
| U | PopUpStopperFreeEdition | PSFREE.EXE | Panicware's Pop-Up Stopper - free limited features version | No |
| U | PopUpStopperProfessional | PopUpStopperProfessional.exe | Panicware's Pop-Up Stopper - paid for version | No |
| U | PopupVanish | PopupVanish.exe | Pop-up blocker | No |
| U | PopUpWasher | PopUpWasher.exe | PopUpWasher pop-up killer | No |
| X | PopUpWatch | PopUpWatch.exe | BPS spyware remover - not recommended, see here | No |
| ? | POS-Partnerbatchprocessor | BATCH.EXE | VISA credit card batch processing related to Appcon. Is it needed or can it be started manually via Start -> Programs or a manually created shortcut? | No |
| U | Post-it® Digital Notes | PDNotes.exe | Post-it® Digital Notes from 3M - "a simple to use software that lets you make and organize lists, plan projects step by step, sort your notes by category, personalize messages with photos, even set alarms to remind you of appointments or key dates" | No |
| N | Post-it® Software Notes | psn.exe | Post-it® Software Notes - Lite. "You can use this digital version of the famous canary yellow note to remind you to do something, to capture an idea or to organize all those important phone numbers - all from your computer desktop" | No |
| U | Post-it(R) Digital Notes | PDNotes.exe | Post-it® Digital Notes from 3M - "a simple to use software that lets you make and organize lists, plan projects step by step, sort your notes by category, personalize messages with photos, even set alarms to remind you of appointments or key dates" | No |
| N | Post-It(r) Software | Psnotes.exe | Pop-up "yellow" notes on screen. Available via Start -> Programs | No |
| X | PostBootReminder | [random filename] | Added by and unidentified WORM or TROJAN! | No |
| X | PostSetupCheck | Rundll32.exe atgban.dll | TrafficSol adware variant. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "atgban.dll" file is found in %System% | No |
| X | postSetupCheck | Rundll32.exe gzmrt.dll | TrafficSol adware variant. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "gzmrt.dll" file is found in %System% | No |
| X | PostSetupCheck | Rundll32.exe cpmsky.dll | TrafficSol adware variant. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "cpmsky.dll" file is found in %System% | No |
| U | POW! | pow.exe | Pop-up killer | No |
| X | Power Scan | powerscan.exe | Foistware by Integrated Search Technologies - the people behind ISTBar adware | No |
| X | Power-Antivirus-2009 | Power-Antivirus-2009.exe | Power Antivirus 2009 rogue security software - not recommended, see here | No |
| U | Power2GoExpress | Power2GoExpress.exe | Power2GoExpress - all media disc burning software | No |
| N | PowerArchiver Tray | PASTARTER.EXE | System Tray access to PowerArchiver from ConeXware, Inc - file compression support tool | No |
| N | PowerBar | Powerbar.exe | Part of Cyberlink's PowerDVD software. Not sure what exactly it does, but not required in startup | No |
| Y | PowerChute | Pwrchute.exe | "During a power outage, if you're not available to save your files & close down Windows....PowerChute will do that for you. PowerChute will save your application files, close your applications and shut down your computer just like you would...otherwise, the APC UPS (Uninterruptible Power Supply) unit would go to battery until it wore down, then your computer would shutoff" | No |
| X | PowerChute | Pwrchute.exe | Added by the LAZAR-A TROJAN! Note - this is located in %ProgramFiles%\APC_Power | No |
| U | PowerDOCSAPIHost | papihost.exe | Hummingbird PowerDOCS - "delivers powerful enterprise document management functionality via a tightly integrated Microsoft WinNT/98/2K environment" | No |
| N | PowerDVD | PowerDVD.exe | Launches Cyberlink's PowerDVD software and creates a system tray icon. If enabled, PowerDVD will open automatically when a DVD movie is inserted. Launch manually | No |
| U | PowerForPhone | PowerForPhone.exe | "ASUS Power 4 Phone is a telephone terminal emulation utility which can use hotkeys to handle a phone call from Skype or Modem in your notebook system." For more information you can find a user's manual here | No |
| N | PowerGramo | PowerGramo.exe | "PowerGramo Skype recorder is a perfect Skype recording solution. With it you can easily record skype calls of any kind" | No |
| U | PowerKey | PowerKey.exe | Part of Acer Launch Manager - programmable keys on such laptops as the TravelMate 610 | No |
| X | PowerManagement | Rundlll.exe | Added by the SURDUX TROJAN! | No |
| X | PowerManager | Svchost.exe | Added by the JEEFO VIRUS! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in the Winnt or Windows folder | No |
| U | Powermarks | pm.exe | Powermarks from Kaylon Technologies - bookmark manager and personal search engine | No |
| Y | PowerPanel | POWPANEL.EXE | Power management utility on notebooks/laptops - automatically switches modes when running on battery | No |
| U | PowerPanel Personal Edition User Interaction | pppeuser.exe | CyberPower PowerPanel Personal Edition UPS Monitoring & Control Software - "is included with CyberPower's products. This exclusive software allows control and monitoring of your UPS to provide protection for your computer system, components, peripherals, and most importantly, your data" | No |
| X | PowerPrifile | rundl132 kenel.dll, PowerProfileEnable | Added by the INMOTA WORM! | No |
| U | PowerPro | powerpro.exe | Part of the power professional program that loads the floating menu bar. Can be accessed from Start -> Programs, but I'd leave it alone if you use this program | No |
| X | PowerProf | PowerProf.exe | Added by the LOREX.B TROJAN! | No |
| X | PowerProfile | mfcp30.exe | Added by the RINDAS-A TROJAN! | No |
| N | PowerQuest Startup Utility | PQINIT.EXE | From a visitor - "This seems to be installed when you install Power Quest Partition Magic. I think that it implements the changes when you use the magic mover app. If you don't have any mappings set up, it does nothing (except waste bytes and cycles). I disabled it using msconfig.exe with no problems" | No |
| N | PowerReg Scheduler | PowerReg Scheduler.exe | PowerREGISTER from Leadertech. Registration reminder as used by Iomega, Hasbro & Microprose - amongst others | No |
| N | PowerReg SchedulerV2 | PowerReg SchedulerV2.exe | PowerREGISTER from Leadertech. Registration reminder as used by Iomega, Hasbro & Microprose - amongst others | No |
| N | PowerReg SchedulerV3 | PowerReg SchedulerV3.exe | PowerREGISTER from Leadertech. Registration reminder as used by Iomega, Hasbro & Microprose - amongst others | No |
| ? | POWERR~1 | POWERR~1.exe | Power monitoring? | No |
| ? | PowerS | PowerS.exe | ProlinkTest for either their AGP graphics card or TV/FM capture card. Is it required? | No |
| ? | PowerSet | Regedit.exe /s ...PowerSet_8100_CU.REG | Appears to be Toshiba power management related | No |
| N | PowerStrip | powerstrip.exe | PowerStrip is a Video Mode Editor to allow special Refresh Rates and Tweaking of Video Settings | No |
| N | PowerStrip | PSTRIP.EXE | PowerStrip is a Video Mode Editor to allow special Refresh Rates and Tweaking of Video Settings | No |
| U | PowerTools Tray Icon | pttray.exe | PowerTools - add-on for AOL | No |
| U | Powertweak | PT2.EXE | "Powertweak is designed to configure your system in the best way. A processor, the core of the system, or a chipset (a set of components that manage the data flows between the different parts of the system) can be configured." This item is added to startup if 'Use predefined settings' is enabled in the programs options | No |
| U | Powertweak | PTCTRL.EXE | "Powertweak is designed to configure your system in the best way. A processor, the core of the system, or a chipset (a set of components that manage the data flows between the different parts of the system) can be configured." This item is added to startup if 'Configure system at logon' is enabled in the programs options | No |
| U | Power_Gear | BatteryLife.exe | Power management for all Asus notebook. Useful but not critical | No |
| U | PP Gamma | ppgamma.exe | Profile Prism software that allows monitor calibration and can generate ICC profiles for digital cameras | No |
| N | PP****usb | FBDirect.exe | Software that monitors the status of a Visioneer OneTouch scanner button and allows you to scan, fax, copy, print, and easily communicate by simply dragging and dropping scans on your PaperPort Desktop!. The **** represents the model, 5300, 7600, etc. Available via Start -> Programs | No |
| U | PP2000 Instaupdate | PPInupdt.exe | Protector Plus anti-virus software - instant update program for virus data updates. Not required if you regularly update virus data manually | No |
| Y | PP2000 Real Time Scan | PPVstop.exe | Protector Plus anti-virus software - real time scanner | No |
| Y | PP2000 Taskbar Control | PPTbc.exe | Protector Plus anti-virus software - system tray access | No |
| N | PP3100b | flatbed.exe | Twain driver for the Visioneer PaperPort 3100b scanner that allows you to scan, fax, copy, print, and easily communicate by simply dragging and dropping scans on your PaperPort Desktop | No |
| U | ppass | Antispy.exe | AntiSpy firewall - "program designed to combat against various types of intrusion and monitoring programs currently in use or presently being developed worldwide" | No |
| U | PPControl | PPControl.exe | PestPatrol Control Terminal - utility that launched PestPatrol features such as PPMemCheck and CookiePatrol before CA's acquisition | No |
| U | PPCRunonce | PPCRunOnce.exe | Related to PeoplePC ISP software - may display advertising, see here | No |
| U | PPHIDPAD | pphidpad.exe | PenPower Chinese handwriting recognition software | No |
| U | PPK Setup(Server) | SEServe.exe | Programmable Power Key on Sony Vaio laptops. "Using the Programmable Power Key (PPK) button, collect your e-mail automatically with one key stroke. You can also program your PPK to turn on your SuperSlim Notebook at a predetermined time and perform simple tasks - completely unattended" | No |
| N | ppmate | ppmate.exe | PPMate - free tool for streaming online TV via P2P (peer-to-peer) | No |
| U | PPMemCheck | ppmemcheck.exe | PPMemCheck - used to be part of PestPatrol before CA's acquisition | No |
| X | PPPOEO | pingppac.exe | Added by the SPYBOT.KHC WORM! | No |
| N | PProTray | pprotray.exe | Part of the power professional program. Loads the System Tray control | No |
| ? | PPScheduler | PPScheduler.exe | Nuance (was ScanSoft) PaperPort Scheduler - what does it do and is it required? | No |
| U | PPSVC | [path to file] | PC Police surveillance software that logs keystrokes, files looked at, applications used, and chats on either MSN, Yahoo, ICQ or AOL. This information can then be transmitted to a remote user. Uninstall this software if you did not install it yourself | No |
| U | PPSYS | ppsys.exe | PC Police commercial keystroke logger. Uninstall this software if you did not install it yourself | No |
| N | pptd40nt | pptd40nt.exe | "PaperPort" software associated with scanners | No |
| U | PPUpdate | ppupdater.exe | PPUpdater - updater that used to be part of PestPatrol before CA's acquisition | No |
| N | PPWWebCap | PPWebCap.exe | "PaperPort" software associated with scanners | No |
| X | pqhelper | pqhelper.exe | Searchcentrix hijacker | No |
| U | PractiSearch | PSearch.exe | PractiSearch web search software | No |
| U | Praize Messenger | itLoad.exe | Praize IM Christian chat instant messenger | No |
| U | Prayer | PTW.EXE | Islamic Adhan program (call fpr daily prayers) | No |
| X | PrdMgr.exe | PrdMgr.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| X | prdtect | prdtect.exe | Prutect malware from e2Give - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth! | No |
| ? | PreAnnotate | PreAnntt.exe | Genius Wizard Pen Tablet driver related. Is it required? | No |
| N | Precision Time Clock Checker | PrecisionTime.exe | Precision Time 2.0. Checks your computer clock time against the Naval Observatory or some other source to assure accurate time | No |
| X | PrecisionTime | PrecisionTime.exe | PrecisionTime - clock synchronizing software containg spyware by Claria/GAIN. Please note that Claria Corporation no longer support GAIN-Supported software - see here | No |
| X | precpop2 | starter.exe | PrecisionPop adware | No |
| X | Prein | APP****.tmp [* = random char or digit] | Unidentified adware | No |
| Y | Preload | Preload.exe | Millenium Multi-Function Keyboard driver | No |
| N | preload | RUNXMLPL.exe | Software found on Acer computers from Wistron. Information suggests it maps keyboard buttons to operating system functions | No |
| ? | PreloadApp | hphprld.exe | HP PhotoSmart printers related. What does it do and is it required? | No |
| X | Premeter | nrpr.exe | NetRatings Premeter spyware | No |
| X | Premeter | prmt.exe | NetRatings Premeter spyware | No |
| X | PremierOpinion | pmropn.exe | PremierOpinion adware | No |
| X | present | .exe | Added by the RUBBLE-C WORM! | No |
| N | PrestoNotes | PrestoNotes.exe | PrestoNotes lets you create virtual notes on your desktop, that can be hidden or shown as needed | No |
| X | Preview AdService | PrevAdServ.exe | Windupdates adware variant | No |
| X | PrevX | prevx.exe | Added by the IRCBOT-TF WORM! Note - this worm is located in the System (Win9x/Me) or System32 (XP/WinNT/2K) directory and is not the PrevX Home intrusion prevention software | No |
| Y | PrevxHome | SAGUI.exe | PrevX Home intrusion prevention software | No |
| Y | PrevxOne | PXConsole.exe | Prevx intrusion prevention software | No |
| Y | PrevxPro | SAGUI.exe | PrevX Home intrusion prevention software | No |
| X | prgtect | prgtect.exe | Prutect malware from e2Give - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth! | No |
| N | Price Patrol | neo.exe | Price Patrol by Half.com - internet shopping companion for finding the best on-line prices | No |
| ? | PrimaLauncher | Launcher.exe | Associated with PrimaScan scanners. Is it required? | No |
| U | Primax 3D Mouse | 3dmoused.exe | Enables the scroll button on the Primax 3-D Scroll mouse | No |
| ? | Primsta | Primsta.exe | Linksys Wireless CompactFlash Card driver related. Is it required? | No |
| X | Print Driver Helper Service | crsrr.exe | Added by the AGENT-BC TROJAN! | No |
| X | Print Hp Tray | hpprint.exe | Added by the RBOT-GWE WORM! | No |
| N | Print Master Event Reminder | PMremind.exe | Print Master Gold - calander feature that pops up reminders, such as birthdays | No |
| X | Print Scheduler | usnsvc.exe | Added by a variant of the KOBOT-C WORM! | No |
| N | Print Screen Deluxe | psdeluxe.exe | Utility allows "Print Scrn" or "Print Screen" key to capture, print or save the current window | No |
| X | Print Services | spolserv32.exe | Added by the RBOT.ZP WORM! | No |
| X | print sharing | start.bat | Added by the ZCREW TROJAN! | No |
| X | print sharing | [path] hidden32.exe [path] explorer.exe | Added by the ZCREW.B BACKDOOR! Note - the legitimate Windows Explorer (explorer.exe) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! | No |
| X | Print Spooler | Spoolsv.exe | Added by the CIADOOR.B TROJAN! Note - this is not the legitimate spoolsv.exe which is always located in %System%. This one is located in %Windir% | No |
| X | Print Spooler | spoolsvc32.exe | Added by the SDBOT.BB TROJAN! | No |
| X | Print Spooler | spools.exe | Added by the RBOT-LD WORM! | No |
| X | Print Spooler | spool.exe | Added by the BDOOR-IS BACKDOOR! | No |
| X | Print Spooler | spoolsv32.exe | Added by the RBOT.SW WORM! | No |
| X | Printer | Spyassault.exe | SpyAssault spyware remover - not recommended, see here | No |
| X | Printer | [path to file] | Added by the LOWTAPER TROJAN! | No |
| X | Printer | dipset.exe | Added by a variant of the FBSR TROJAN! | No |
| X | printer | SpyAssaultScanner.exe | SpyAssault spyware remover - not recommended, see here | No |
| X | Printer | vmmon32.exe | Added by the RBOT-CSB WORM! | No |
| X | printer | printer.exe | WinIFixer spyware remover - not recommended, see here | No |
| X | printer | sysprinter.exe | Added by the SMALL.ZY TROJAN! | No |
| X | Printer Monitor | webprinter.exe | Added by the IRCBOT-Z TROJAN! | No |
| X | Printer Spool | updater.exe | Added by a variant of the RBOT WORM! | No |
| X | Printer spool Service | spool.exe | Added by the RBOT-ACP WORM! | No |
| X | printer spooler | commonaccess.exe | Added by the DELF-LB TROJAN! | No |
| X | Printer Spooler | spooler.exe | Added by the DELF-JJ TROJAN! | No |
| X | Printer Spooler Subsystem | spoolss.exe | Added by a variant of the RBOT WORM! - Note - this is NOT the legitimate Windows spoolss.exe process, located in the Winnt/System32 or WindowsSystem32 folder, and which should NOT figure in Msconfig/Startup! | No |
| ? | Printer Update | CFGREG.EXE | Maybe a registration reminder or automatically updates drivers or application software for a printer? | No |
| X | printerdrv | vdms.exe | Added by the OPTIXKIL.30 TROJAN! | No |
| X | PrinterSpool | [path] RESTORE.EXE [path] SPOOL.EXE | Added by the ALADINZ.K TROJAN! | No |
| X | Printing Driver | msprint.exe | Added by the RBOT.JH WORM! | No |
| N | Printkey2000 | printkey2000.exe | Screen grabber that intercepts the pressing of the Print Screen (Prn Scrn) key. Start manually when required | No |
| X | PrintMngr | system.exe | Added by an unidentified TROJAN! | No |
| N | printnow | printnow.exe | PrintNow - a utility that primarily allows "Print Srceen" or "Alt+Print Screen" screenshots to be sent directly to a printer | No |
| N | PrinTray | Printray.exe | Lexmark/Compaq printer icon in the System Tray for quick access. Not required - uncheck via Printer configuration rather than MSCONFIG. See also LexmarkPrintray and CompaqPrinTray | No |
| N | PrintScreen | UNWISE.EXE | Gadwin PrintScreen - utility to capture, print or save the current window | No |
| N | Printscreen 95 | PRT95MIN.EXE | Printscreen 95 - utility to capture, print or save the current window | No |
| U | PrintSpooler | lass.exe | Win-Spy keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| X | PrintSpoolSv | System.exe | Added by the BDOOR-S BACKDOOR! | No |
| N | PrintUtil | PrintUtil.exe | HP Print Utility - a troubleshooting utility for HP printers and all-in-ones | No |
| U | PRISMSTA.EXE | PRISMSTA.EXE | Creates a system tray icon for accessing information about Intersil Prism Wireless Settings. Intersil silicon is used by Trendware/Trendnet for example | No |
| U | PRISMSVR | PRISMSVR.EXE | Configuration and settings utility for PRISM chipset based wireless modems such as the 2Wire Wireless Gateway (2701HG) and Siemens Gigaset USB Adapter | No |
| U | PRISMSVR.EXE | PRISMSVR.EXE | Configuration and settings utility for PRISM chipset based wireless modems such as the 2Wire Wireless Gateway (2701HG) and Siemens Gigaset USB Adapter | No |
| N | Privacy Eraser Pro | PrivacyEraser.exe | Privacy Eraser Pro - protects your Internet privacy by cleaning up all Internet history tracks and past computer activities | No |
| Y | Privacy Guardian | PgIndex.exe | Part of Privacy Guardian from PC Tools - which "is a safe and easy-to-use privacy protection tool that securely deletes online Internet tracks and program activity records that are stored in your browser and other hidden files on your computer". This startup entry runs only on the next reboot if the "Index.dat" option is selected for IE under "Browsers" when the users selects "Clean Your Computer". Index.dat files keep a track of pages, images, cookies or sounds from web sites you have visited, even if these files are deleted from your system. Also included in PC Tools Desktop Maestro (which incorporates Privacy Guardian) | Yes |
| U | Privacy Guardian | pg.exe | Part of Privacy Guardian from PC Tools - which "is a safe and easy-to-use privacy protection tool that securely deletes online Internet tracks and program activity records that are stored in your browser and other hidden files on your computer". This startup entry runs only on the next reboot if the "Cache, History and Address Bar" option is selected under "Browsers" when the users selects "Clean Your Computer". This startup entry is only created when Privacy Guardian is installed on XP. Also included in PC Tools Desktop Maestro (which incorporates Privacy Guardian) | Yes |
| Y | PrivacyGuardianIndex | PgIndex.exe | Part of Privacy Guardian from PC Tools - which "is a safe and easy-to-use privacy protection tool that securely deletes online Internet tracks and program activity records that are stored in your browser and other hidden files on your computer". This startup entry runs only on the next reboot if the "Index.dat" option is selected for IE under "Browsers" when the users selects "Clean Your Computer". Index.dat files keep a track of pages, images, cookies or sounds from web sites you have visited, even if these files are deleted from your system. Also included in PC Tools Desktop Maestro (which incorporates Privacy Guardian) | Yes |
| U | PrivacyKeyboard | PrivacyKeyboard.exe | PrivacyKeyboard is a product "that can provide every computer with strong protection against ALL types of keylogging programs and keylogging hardware devices, both known and unknown, currently in use or presently being developed worldwide" | No |
| X | PrivacyProtector Free | UPRP.exe | PrivacyProtector misleading security software - not recommended, see here | No |
| X | PrivacyScanner | pscan.exe | Privacy Champion, a stealth installed 'Privacy Scanner'. It purportedly scans your PC for links to adult content websites, and then offers to "clean" them. Produces loads of False Positives as goad to purchase | No |
| X | PrivateNet | [various filenames] | Premium rate adult content dialler | No |
| U | Privoxy | privoxy.exe | Privoxy - web proxy with advanced filtering capabilities for protecting privacy, filtering web page content, managing cookies, controlling access, and removing ads, banners, pop-ups and other obnoxious Internet junk | No |
| X | PrizeSurfer | prizesurfer.exe | "PrizeSurfer is the free software that automatically enters you to win cash and prizes just for surfing the web and shopping online!" Stealth installed malware | No |
| X | prjtect | prjtect.exe | Prutect malware from e2Give - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth! | No |
| X | prktect | prktect.exe | Prutect malware from e2Give - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth! | No |
| X | prltect | prltect.exe | Prutect malware from e2Give - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth! | No |
| X | prmt | prmt.exe | NetRatings Premeter spyware | No |
| X | prmtect | prmtect.exe | Prutect malware from e2Give - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth! | No |
| U | PrnSys Executable | PrnSys.exe | Print screen utility bundled with some HP printer software - not required, but your choice if you like that feature | No |
| X | pro | [path to file] | Added by the SPYWAD-F TROJAN! | No |
| X | pro | SpySheriff.exe | Added by the SPYWAD-I TROJAN! | No |
| X | Pro Antispyware 2009 | proas2009.exe | Pro AntiSpyware 2009 rogue spyware remover - not recommended, removal instructions here | No |
| U | Pro PCL Status Monitor | PENGSS.EXE | Xerox printer/fax/copier status monitor (PCL = printer control language) | No |
| X | ProAntiVirus | ProAntiVirus.exe | Added by the RBOT-FTP WORM! | No |
| ? | ProArt | ProArt.exe | ?? | No |
| X | Proc | aprocess.exe | Added by the MOVINGMOUSE.475811 TROJAN! | No |
| X | Proc992 | [path to file] | Added by the IXBOT-C WORM! | No |
| X | Proc993 | wqxfne.exe | Added by the IXBOT-D WORM! | No |
| X | process.exe | process.exe | Added by the BANCOS.P TROJAN! | No |
| U | ProcessGovernor | processgovernor.exe | Core engine for Process Lasso from Bitsum Technologies - "a state-of-the-art, highly optimized, automated Windows process (program) management tool. Through managing the programs running on your computer, Process Lasso increases system responsiveness" | No |
| U | ProcessSupervisorGUI | ProcessSupervisor.exe | Graphical user interface (GUI) for Process Lasso from Bitsum Technologies - "a state-of-the-art, highly optimized, automated Windows process (program) management tool. Through managing the programs running on your computer, Process Lasso increases system responsiveness" | No |
| U | ProcessTamer | ProcessTamerTray.exe | Mouser's Software Process Tamer "is a tiny (140k) and super efficient utility for Microsoft Windows XP/2K/NT that runs in your system tray and constantly monitors the cpu usage of other processes" | No |
| X | procmon | procmon.exe | Added by the BIONET.40A TROJAN! | No |
| ? | Prodigy DSL | EnterNetDUN.Exe | Prodigy EnterNet DUN PPPoE Client - is it required? | No |
| N | ProdikeysAutorun | Prodload.exe | Creative Prodikeys software. "an interactive music entertainment device which not only functions as a full-featured, ergonomic ?QWERTY? keyboard but also comes equipped with 37 touch-sensitive music keys and accessible music controls for endless entertainment at your desktop. Coupled with the Sound Blaster audio card, you can explore a wide array of realistic instrument sounds and have non-stop fun making music right at your desktop" | No |
| N | ProDsl | ProDsl.exe | Intel Pro/DSL 2100 modem connection manager. Available via Start -> Programs | No |
| X | Profile | Profile.vbs | Added by the WHITEHO VIRUS or TRAPPY WORM! | No |
| N | Profiler | Profiler.exe | Enables the "Profiler" to be launched from a System Tray icon for Saitek's game controllers. Available via Start -> Programs | No |
| X | profiler | liteout.exe | Added by the ZAPCHAS-G WORM! | No |
| X | profiler | prof.exe | Added by the ZAPCHAS-G WORM! | No |
| N | Profiler | ProfilerU.exe | Enables the "Profiler" to be launched from a System Tray icon for Saitek's game controllers. Available via Start -> Programs | No |
| N | ProfilerU | ProfilerU.exe | Saitek SST (Saitek Smart Technolgy) Profile Launcher - allows System Tray access to the "Profiler" and "Control Panel" for Saitek's game controllers. Start manually via Start -> Programs -> Saitek SD6 Programming Software -> Profiler | No |
| X | Prog | csrss.exe | Added by the WEBUS TROJAN! Note - this worm replaces the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! | No |
| X | Prog | lsass.exe | Added by the WEBUS.B TROJAN! Note - this is not the legitimate lsass.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the System folder | No |
| X | Program Access Service | [10 random letters].exe | Detected by Trend Micro as the RBOT.GJJ WORM! See here | No |
| X | Program File | Progmon.exe | Added by the PEEPER TROJAN! | No |
| X | Program in Windows | IEXPLORE.exe | Added by the LOVGATE.AB WORM! | No |
| U | Program Neighborhood Agent | pnagent.exe | Citrix Program Neighborhood Agent | No |
| X | ProgramControl | ProgramControl.exe | Added by the DLOADR-BAG TROJAN! | No |
| ? | ProgramWindow | more comp.exe | ?? | No |
| U | ProjectWhois | ProjectWhois.exe | "Project Whois loads the domain names from all open Firefox and Internet Explorer windows into the one-click menu and gives easy access to the whois records from the System Tray" | No |
| N | projselector | projselector.exe | Roxio Project Selector - can be started manually | No |
| N | Promon.exe | promon.exe | System Tray icon for Intel PRO series ethernet adapters giving access to the diagnostic features | No |
| X | PromoReg | [path to worm] | Added by the WALEDAC.C WORM! | No |
| X | PromoReg | alt.exe.exe | Added by a variant of the AGENT.DOM TROJAN! | No |
| X | prompt drive | [random filename] | Added by the SDBOT.AMF WORM! | No |
| X | PromulGate | PgMonitr.exe | Delfin Promulgate adware variant | No |
| N | PRONoMgr.exe | PRONoMgr.exe | System Tray icon for Intel PRO series ethernet adapters giving access to the diagnostic features | No |
| U | PRONoMgrWired | PRONoMgr.exe | Intel's Pro 100 Ethernet card manager | No |
| U | Propel Accelerator | PropelAC.exe | Propel Internet Accelerator | No |
| U | ProPort Startup | ProPort.exe | Proport is a port monitor/protector. Monitors an infinite amount of ports for trojans and nukes. Some additional features are auto connection-kill, and IP resolving | No |
| X | proses | [5 random letters].exe | Added by a variant of the RBOT WORM! | No |
| X | ProSiteFinder | prositefinder.exe | 180Solutions adware related | No |
| X | Prote??o de tela | ssmaze.scr | Added by the BANCBAN-FB TROJAN! | No |
| U | Protect | SHVRTF.EXE | PC Angel takes a 5-second snapshot of the current system registry each time the PC boots up. In the event of a crash, PC ANGEL will retrieve everything up to the minute before the crash or the last known stable registry | No |
| X | protect | protect.scr | Added by the DLOADER-TQ TROJAN! | No |
| X | Protected Storage | RUNDLL32.EXE MSSIGN30.DLL ondll_reg | Added by the LOVGATE-W WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| X | Protection | [path] runtask.exe [path] protection.exe | Added by a variant of the AGENT.3.AU TROJAN! | No |
| X | Protection | Protection.exe | Added by the FEBELNECK-A WORM! | No |
| X | Protection | Firewall.exe | Added by the ELIPTER.A or ELIPTER.B WORMS! | No |
| X | Protection | IExplore .exe | Added by the ELIPTER.D WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) process as there is a space before the ".exe" | No |
| X | Protection | Norton Internet Security.exe | Added by the ELITPER.E WORM! | No |
| X | Protections | ProtEX32.exe | Ultimate SecuritySuite misleading malware remover - not recommended, see here | No |
| X | Protector GB | protectgb.exe | Added by the BANKER.EIE TROJAN! | No |
| X | Protocol Settings | kav.exe | Added by a variant of the RBOT WORM! | No |
| X | ProtocolDiskChk | ssrms.exe | Added by the BDOOR-ML BACKDOOR! | No |
| X | ProtocolDiskChk | svcvlw32.exe | Added by the STINX-Y TROJAN! | No |
| X | ProtocolEventTsk | csrwjd.exe | Added by the STINX-N TROJAN! | No |
| X | prov | prov.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | Provan Security | psecure.exe | Added by the RBOT.BRV WORM! | No |
| Y | proxim_orinoco_11abg | orinoco.exe | Proxim ORiNOCO 11a/b/g PCI Card wireless configuration utility | No |
| N | PROXOMITRON | PROXOMITRON.EXE | A free, highly flexible, user-configurable, small but very powerful, local HTTP web-filtering proxy - see here | No |
| N | PROXOMITRON | PROXOM~1.EXE | A free, highly flexible, user-configurable, small but very powerful, local HTTP web-filtering proxy - see here | No |
| Y | ProxyCap | ProxyCap.exe | "ProxyCap enables you to tunnel Internet applications through HTTP, SOCKS v4, and SOCKS v5 Proxy Servers" | No |
| U | ProxyWay | proxyway.exe | ProxyWay anonymous proxy surfing software | No |
| U | PRPCMonitor | PRPCUI.exe | Intel® SpeedStep™ interface. This automatically detects whether a mobile PC is using battery or AC power. When using battery power, SpeedStep scales the processor clock frequency and voltage to reduce the power it needs by 40% | No |
| X | prqtect | prqtect.exe | Prutect malware from e2Give - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth! | No |
| X | prrtect | prrtect.exe | Prutect malware from e2Give - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth! | No |
| X | prstect | prstect.exe | Prutect malware from e2Give - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth! | No |
| X | prtcct | prtcct.exe | Prutect malware from e2Give - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth! | No |
| X | prttect | prttect.exe | Prutect malware from e2Give - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth! | No |
| X | PrU Async Service | [path to worm] | Added by the IRCBOT-UG WORM! | No |
| X | prutcct | prutcct.exe | Prutect malware from e2Give - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth! | No |
| X | prutdct | prutdct.exe | Prutect malware from e2Give - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth! | No |
| X | prutgct | prutgct.exe | Prutect malware from e2Give - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth! | No |
| X | pruthct | pruthct.exe | Prutect malware from e2Give - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth! | No |
| X | prutict | prutict.exe | Prutect malware from e2Give - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth! | No |
| X | prutlct | prutlct.exe | Prutect malware from e2Give - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth! | No |
| X | prutpct | prutpct.exe | Prutect malware from e2Give - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth! | No |
| X | prutsct | prutsct.exe | Prutect malware from e2Give - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth! | No |
| X | prvtect | prvtect.exe | Prutect malware from e2Give - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth! | No |
| X | prxtect | prxtect.exe | Prutect malware from e2Give - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth! | No |
| X | ps1 | ps1.exe | PacerD Media/Pacimedia.com adware | No |
| U | PS2 | ps2.exe | Multimedia Keyboard companion on HP computers. If this is prevented from starting, then some keyboard functionality will be lost. | No |
| X | psaload32 | psaload32.exe | Added by the RBOT-ADL WORM! | No |
| X | PSC main | sttool32.exe | Added by the OBFUSCATED.EV TROJAN! | No |
| X | PSCastor | PSCastor.exe | Added by the PSCASTOR TROJAN! | No |
| X | PSCMain | pscmain2.exe | Added by the OBFUSCATED.EV TROJAN! | No |
| X | PSD Tools Channel | ChannelUp.exe | BuddyLinks adware | No |
| Y | PSDrvCheck | PSDrvCheck.exe | Part of Pinnacle Systems InstantCD/DVD and InstantCopy CD/DVD copying software that verifies drive settings. Once loaded it doesn't use any resources so you can leave it enabled | No |
| X | PService | svcnow32.exe | Added by the SPYBOT-DJ TROJAN! | No |
| U | PSFree | PSFree.exe | Pop-Up Stopper Free from Panicware. Pop-up blocker integrated into the IE toolbar. Note that the Pro version doesn't load in startup as it is installed as an Internet Explorer toolbar. Can cause problems with IE if you use WinXP and uninstall Service Pack 1. Uninstalling the software leaves it in the startup group | No |
| X | PSGuard | PSGuard.exe | Variant of the SmitFraud alias FAKEALE-C TROJAN! | No |
| X | PSGuard spyware remover | PSGuard.exe | Variant of the SmitFraud alias FAKEALE-C TROJAN! | No |
| X | pshower | pshwr.exe | SafeSurfing adware variant | No |
| Y | PSIMSVC | PSIMSVC.exe | Part of Panda Antivirus and Internet Security | No |
| N | PSIWin2.3 Connection Server | Psconsv.exe | Allows connectivity between a PC and a Psion device. Access can be gained from the Desktop or Start -> Programs | No |
| U | pskl | keyspy.exe | KeyboardLogger keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| X | PSLister | PSLister.exe | PurityScan C adware | No |
| U | PsMFCard | PsMFCard.exe | Component of the Toshiba Controls. Provides power-saving functions for the PCMCIA slots. Through the Power Save Mode Properties dialogue, the user can select from 3 PCMCIA power options - On, Auto1 and Auto2. Disabling this item has no adverse effects, except disabling the ability to reduce power consumption by powering-down the PCMCIA slots when not in use | No |
| N | psn.exe | psn.exe | Post-it® Software Notes - Lite. "You can use this digital version of the famous canary yellow note to remind you to do something, to capture an idea or to organize all those important phone numbers - all from your computer desktop" | No |
| N | PsnLite | PsnLite.exe | Post-it® Software Notes - Lite. "You can use this digital version of the famous canary yellow note to remind you to do something, to capture an idea or to organize all those important phone numbers - all from your computer desktop" | No |
| Y | PSNotify | psnotify.exe | Pharos SignUp Vx - "PC reservation and management application that addresses the PC scheduling needs of public libraries and higher education labs and libraries" | No |
| X | PSof1 | PSof1.exe | PacerD Media/Pacimedia.com adware installer | No |
| X | PSoft1 | psoft1.exe | PacerD Media/Pacimedia.com adware installer | No |
| Y | PsPCCard | PsPCCard.EXE | Background Power Saving task found on Toshiba laptops and which handles turning Power Saving ON and OFF on any inserted PC Card (PCMCIA card). Only ever disable if you do not use any power saving or hibernation settings (ie: they are all OFF) | No |
| U | PspContr | pspcontr.exe | Driver/controller for the Philips SpeechMike 6174. As the Philips FreeSpeech application is no longer supported it can be disabled but the Mike can still be used for certain functions using this driver | No |
| ? | PspUsbCf | PspUsbCf.exe | ?? | No |
| Y | PSQLLauncher | launcher.exe | IBM ThinkVantage Fingerprint Software | No |
| U | PsSound | PsSound.exe | On a Toshiba laptop. Operates your sound in one of 4 modes, off, on , on only with powerr, same as #3 but longer delay | No |
| U | pst | memaker2.exe | SpymodePCSpy surveillance software. Uninstall this software unless you put it there yourself | No |
| ? | PSTORES | PSTORES.EXE | Part of Windows Services Protected Storage? | No |
| U | PSwitch | ProxySwitcher.exe | "Proxy Switcher offers full featured connection management solution" as different internet connections often require completely different proxy server settings and it's a real pain to change them manually | No |
| X | psybnc server 3.1 | psybnc321.exe | Detected by Kaspersky as the RBOT.ENI TROJAN! See here | No |
| X | psyBNC-2.1.4 Client Server | psyBNC215.exe | Added by a variant of the RBOT WORM! | No |
| X | ptask | ptask.exe | WinSecureAv spyware remover - not recommended, see here | No |
| U | PTBSync | PTBSync.exe | PTBSync from ElmüSoft - a tool to synchronize your PC time with an an atomic clock via the internet | No |
| N | ptfb | ptfb.exe | Push the Freakin' Button - "When a dialog causes irritation, you simply tell PTFB which button should be pressed, and it will handle the dialog in future" | No |
| U | PTHOSTTR | PTHOSTTR.EXE | System Tray access to HP ProtectTools Security Manager - "can be configured to prevent unauthorized access using Smart Cards, TPM Embedded security chips, USB tokens and other security technologies" | No |
| ? | Ptipbmf | rundll32.exe ptipbmf.dll, SetWriteCacheMode | Installed with the miniport drivers for Promise hard drive controllers in both RAID and non-RAID installations. May be necessary in order to maintain preferences applied to the RAID array connected to the Promise controller | No |
| U | PtiuPbmd | Rundll32.exe ptipbm.dll, SetWriteBack | Installed with the miniport drivers for Promise hard drive controllers in both RAID and non-RAID installations. Tells the drivers that the connected Drives should use the "Write Back" Caching. You can disable this if you don't want to use "Write Back" Caching or if you have not connected any driver to your Promise Controller | No |
| X | PTRGMYGK | rundll32.exe ptmg1v.dll, DllRunMain | Added by an unidentified TROJAN, WORM or other malware! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| U | ptrun32 | ptrun32.exe | ParentTools surveillance software. Uninstall this software unless you put it there yourself | No |
| U | PTRUN32 | ptr32w.exe | ParentTools surveillance software. Uninstall this software unless you put it there yourself | No |
| N | Ptsnoop | Ptsnoop.exe | These descriptions I've come across - all valid as far as I can see :- (1) Program installed with some modems that monitors the COM ports for the modem driver. Not required from what I've read - may need a registry edit to get rid of it (2) Backdoor trojan virus that copies itself as PTSNOOP.EXE -see here for more info(3) Apparently the people who put it out claim it's a driver for a Voice modems (don't know who they are though - Ed) Note: If using AOL and you disable this you may lose your connection or lock up (4) Can also be an older Logitech scanner program. Remove from the Win.ini tab under Load='path'PTSNOOP and the System.ini tab under drivers='path'ptrtkr.drb. Can cause parallel port conflicts big time dragging system resources way down when a conflict exists (5) Allows audio monitoring of modem phone dialling tones and can be useful if you have connection problems (6) Karen Kenworthy's Snooper - "logs the start and stop time of all programs run under Windows" | No |
| X | PTSShell | PTSShell.exe | Added by the WINKO.AO WORM! | No |
| U | pttrun | pttrun.exe | Transmeta Crusoe processor related. Reduces application launch times and makes the computer "more responsive" | No |
| N | PtUDFApp | PtUDFApp.exe | Sony abCD program, included on the CD Xtreme install CD, used to format CD-RWs for packet writing (similar to DirectCD). Available via Start -> Programs. Note that you must add a /T switch to the command line to get it to load to the taskbar | No |
| U | PUAC v2.0.7 | Puac.exe | "Peter's Ultimate Alarm Clock" | No |
| X | Public Microsoft ODBC | ODBC32*.exe [* = random char] | Added by the MASLAN.D WORM! | No |
| X | Pujangga | KOMPTI.exe | Added by the PITKOM-A TROJAN! | No |
| U | pumcfgp | proxycfg.exe | "GuardWare iShield blocks pornographic images when you surf the Internet on your computer using a web browser" | No |
| N | Pure Networks Port Magic | PortAOL.exe | Pure Networks Port Magic, as available in the latest version of the AOL? 9.0 Optimized SE software; automatically configures most in-home Internet gateways, improving access and performance for applications such as instant messaging, online gaming, and streaming music and video. See here | No |
| U | PureText.exe | PureText.exe | PureText by Steve Miller. "Have you ever copied some text from a web page or a document and then wanted to paste it as simple text into another application without getting all the formatting from the original source? PureText makes this simple by adding a new Windows hot-key (default is WINDOWS+V) that allows you to paste text to any application without formatting" | No |
| U | Purgative | PURGATIVE100.EXE | AIM (AOL Instant Messenger) Ad Remover Using Active Memory Edits instead of a patch/crack | No |
| X | Purgatory | Purga.exe | Added by the PURGORY-B WORM! | No |
| U | Purge with Current Options | PURGEIE.EXE | PurgeIE from Assistance & Resources for Computing, Inc. - Internet Explorer browsing history cleaner | No |
| N | Push Client | pull.exe | Client software from Interwise that MS use for their webcasts | No |
| N | Push The Freakin' Button | ptfb.exe | Push the Freakin' Button - "When a dialog causes irritation, you simply tell PTFB which button should be pressed, and it will handle the dialog in future" | No |
| N | PUSH6599 | PUSH6599.EXE | Scan button monitor for Relysis Episode MF6599 USB scanner as you can start scanning manually via the scanning software | No |
| X | pushbot | service5.exe | Added by a variant of the PUSHBOT WORM! A family of worms that spread using MSN Messenger | No |
| X | pushbot | service52.exe | Added by a variant of the PUSHBOT WORM! A family of worms that spread using MSN Messenger | No |
| X | PutA!! | PutA!!.exe | Added by the OPASERV.L WORM! | No |
| X | PutAS! | PutA!!.com | Added by the OPASERV.Z WORM! | No |
| X | putil | [filename] | Added by the LDPINCH TROJAN! | No |
| U | PV92TRAY | PV92Tray.exe | PCtel HSP V.92 modem configuration utility | No |
| X | PVModule | pvmodule.exe | Adperform.com/adoptim.com adware, file located in a Program FilesPrintView folder and detected by AntiVir antivirus as TR/Dldr.Agent.alb. NOTE: the 'real' PrintView installs in a C:CBR folder instead! | No |
| N | PVR | PVR.exe | Pocket Voice Recorder - freeware sound recorder that records from microphone and any other input line available with your sound card | No |
| U | PVUnInst1 | PVUnInst1.exe | Privacy View - privacy software that ensures that all your private computer files, photos, documents, and websites remain secure from prying eyes | No |
| X | Pwr32ctr | Pwr32ctr.exe | Added by the GEMA TROJAN! | No |
| X | Pwr32ctrl | Pwr32ctrl.exe | Added by the GEMA TROJAN! | No |
| X | Pwr32mgt | Pwr32mgt.exe | Added by the GEMA TROJAN! | No |
| U | PWRESET | pwreset.exe | Related to the Avaya IP Softphone | No |
| N | PWRISOVM.EXE | PWRISOVM.EXE | PowerISO - a powerful CD/DVD image file processing tool | No |
| Y | PWRMGRTR | PWRMGRTR.DLL | Power Manager - background monitor module for IBM ThinkPad laptops. Leave it alone to ensure proper power management functions | No |
| Y | Pwrmonit | Rundll32 PwrMonit.dll | IBM's proprietary 'battery maximiser' and power monitoring software for laptops | No |
| X | Pwroff | Pwroff.exe | Added by the GEMA TROJAN! | No |
| U | Pwrsave | Pwrsave.exe | Toshiba Power Saver utilities. Required on a laptop if you run of a battery and want to conserve power | No |
| ? | Pwruplogin | pulogin.exe | ?? | No |
| U | PwrupTweakMe | PUPXPTWK.EXE | Ashampoo's PowerUp XP is a "tool for fine-tuning your Windows NT4, 2000, 2003 Server and XP configuration". Boot-up options won't work if disabled | No |
| U | PWS Tray | PwsTray.exe | Microsoft's Personal Web Server, an application which allows PCs to behave as web servers (allows you to test your .asp pages on your own PC without having to load them onto the internet). Available via Start -> Programs | No |
| U | PWSActivePrint_5 | ActivePrintSystem.exe | ActivePrint from Pocket Watch LLC - "Windows Mobile users are given the invaluable capability of printing from their mobile devices to any Windows 2000/XP/2003/Vista compatible printer without the necessity of wireless hardware" | No |
| N | p_981116 | p_981116.exe | Win32 cabinet self extractor. More info here | No |
| N | Q152404 | wsript.exe Q152404.VBS | Appears to run Scandisk at bootup on NEC PCs | No |
| X | q36i36O | lms2cenu.exe | Added by the SECONDTHOUGHT VIRUS! | No |
| N | QAGENT | qagent.exe | Quicken program is controlled by a separate utility program called the Quicken Download Manager (also known as Qagent). When Quicken Download Manager option is enabled, background downloading takes advantage of unused bandwidth to download current financial information anytime your computer is connected to the Internet | No |
| X | qappsrvc32.exe | qappsrvc32.exe | Detected by Kaspersky as the WEBBER.M TROJAN! | No |
| N | QBCD autorun | autorun.exe | Quick Books CD | No |
| X | qbkupdbs | mqbkup.exe | Added by the OPASERV.K WORM! | No |
| X | qbotd | [random filename] | Added by the BOTTEN TROJAN! | No |
| N | QBReminderFlash | QBReminder.exe | Upgrade reminder for Intuit's QuickBooks | No |
| ? | qBrowse | qbrowse.exe | ?? | No |
| X | QBRSR | QuickBrowser.exe | top-banners.com adware | No |
| U | Qchex Tray Icon | Qchex.exe | Related to G7 Productivity Systems Check Software | No |
| U | QCTRAY | Qctray.exe | System Tray icon providing access to the "IBM Access Connections" wizard on ThinkPad laptops and also allows to change the network environment. Not the same as QCWLIcon, which is pertinent only to the Wireless LAN | No |
| U | QCWLICON | Qcwlicon.exe | Used by IBM Thinkpad laptops with built-in wireless card (802.11). System Tray icon that provides a shortcut to "Wireless Connection Status" and allows to turn WL on and off | No |
| N | QD FastAndSafe | QDCSFS.exe | Automatically runs Fast & Safe clean-up from Norton/Quarterdeck Cleansweep. Deletes safe to remove files such as Temporary Internet Files (cache). Recommended you run it manually | No |
| U | QDM | QdmStart.exe | QDM (QDI Desktop Manager) - part of QDI ManageEasy for QDI's series of motherboards for monitoring PSU, temperatures, BIOS information, etc. Only required if you overclock system components and need to monitor temperatures, etc | No |
| U | QDMStart | QdmStart.exe | QDM (QDI Desktop Manager) - part of QDI ManageEasy for QDI's series of motherboards for monitoring PSU, temperatures, BIOS information, etc. Only required if you overclock system components and need to monitor temperatures, etc | No |
| X | QdrModule10 | QdrModule10.exe | Internet Speed Monitor adware | No |
| X | QdrModule11 | QdrModule11.exe | Internet Speed Monitor adware related - see example here | No |
| X | QdrModule12 | QdrModule12.exe | Internet Speed Monitor adware related - see example here | No |
| X | QdrModule13 | QdrModule13.exe | Internet Speed Monitor adware related - see example here | No |
| X | QdrModule15 | QdrModule15.exe | Internet Speed Monitor I adware | No |
| X | QdrModule16 | QdrModule16.exe | Internet Speed Monitor adware related - see example here | No |
| X | QdrModule17 | QdrModule17.exe | Internet Speed Monitor I adware | No |
| X | QdrModule9 | QdrModule9.exe | Internet Speed Monitor H adware | No |
| X | QdrPack10 | QdrPack10.exe | Internet Speed Monitor H adware | No |
| X | QdrPack11 | QdrPack11.exe | Internet Speed Monitor adware related - see example here | No |
| X | QdrPack12 | QdrPack12.exe | Internet Speed Monitor adware related - see example here | No |
| X | QdrPack13 | QdrPack13.exe | Internet Speed Monitor adware related - see example here | No |
| X | QdrPack14 | QdrPack14.exe | Internet Speed Monitor adware related - see example here | No |
| X | QdrPack15 | QdrPack15.exe | Internet Speed Monitor adware related - see example here | No |
| X | QdrPack16 | QdrPack16.exe | Internet Speed Monitor adware related - see example here | No |
| X | QdrPack17 | QdrPack17.exe | Internet Speed Monitor adware related - see example here | No |
| X | QdrPack9 | QdrPack9.exe | Internet Speed Monitor adware | No |
| ? | Qdsafe | ?? | ?? | No |
| ? | Qexplo | Qexplo.exe | ?? | No |
| X | qgqqft | [path to Trojan] | Added by the RANKY.T TROJAN! | No |
| Y | QH Live Update Scheduler | UPSCHD.EXE | Quick Heal Anti-Virus | No |
| Y | QH Office 2K Check | O2KCHECK.EXE | Quick Heal Anti-Virus MS Office documents virus checker | No |
| X | qkoszvd.dll | rundll32.exe qkoszvd.dll,jwezubg | Added by the DLOADR-AVD TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "qkoszvd.dll" file is located in %System% | No |
| U | QlbCtrl | QlbCtrl.exe | HP Quick Launch Buttons control center on their laptops | No |
| ? | QMusic | QMAgent.exe | ?? | No |
| U | Qnext | qnext.exe | "Qnext is the world?s most advanced communication and sharing suite" | No |
| N | QNPlus | QNPlus.exe | Quick Notes Plus by Conceptworld - sticky notes tool | No |
| U | Qoeloader | Qoeloader.exe | Qurb 2.0 anti-spam tool for Outlook/Outlook Express. Required when supporting OE but not for Outlook. Shortcut available via Start -> Programs | No |
| U | QPService | QPService.exe | HP QuickPlay - "brings your favorite music and movies to life with the touch of a button" | No |
| X | sendmess.exe | Added by the SEMES TROJAN! | No | |
| X | QQ.exe | QQ.exe | Added by a variant of the SDBOT WORM! Note - this is not the Tencent QQ Asian instant messanger program and resides in the Windows folder | No |
| X | QQKAV | scvhsot.exe | Added by the QQROB.ARQ WORM! | No |
| X | QQServer | QQ.exe | Added by the DOWNLDR-AN TROJAN! | No |
| X | qservices | qservice.exe | Added by the PROGENT-A TROJAN! | No |
| N | QSort2000 | QSORT.EXE | Utility that sorts your Start menu and Favourites in alphanumerical order. Not required - at any time you can right-click on these lists and choose "Sort by Name" | No |
| U | QT4HPOT | OneTouch.exe | Hewlett Packard One Touch keyboard driver. Required if you use the additional keys | No |
| U | QT4StBtn | SwiftBtn.EXE | SwiftBtn - installed alongside the system drivers on Fujitsu Siemens notebooks and allows extra keyboard support | No |
| U | QTaskStartup | qtask.exe | Feature of Quicken.com Brokerage to customize and display Desktop Alerts and icon. It is not required for the Quicken Program to run correctly, it is only required for the Desktop Alerts feature | No |
| X | QTime | nrchk.exe | Premium rate adult content dialler | No |
| N | QTSTUB.EXE | Qtstub.exe | Part of an old version of the Quick Tax application. It enables Quick Tax Calendar Popup to show tax calendar reminders | No |
| X | QTSvc | msocfg.exe | Premium rate adult content dialler | No |
| X | QTSvc | navchk.exe | Premium rate adult content dialler | No |
| X | QTSvc | shman.exe | Premium rate adult content dialler | No |
| X | QTSvc | ssvr.exe | Premium rate adult content dialler | No |
| N | qttask | Qttask.exe | System Tray access to Apple's "Quick Time" viewer from version 5 onwards | No |
| U | QtVprMtx | QTVPRMTX.EXE | Multimedia keyboard driver from Dritek System Inc | No |
| X | Quantifier Security | qsecue.exe | Added by the SPYBOT.UOL WORM! | No |
| ? | QUBCity | qtp.exe | ?? | No |
| ? | Queensla | Queensla.exe | ?? | No |
| U | Quick Controls | Astrotoolbar.exe | Gateway Astro Screen and Sound Controls tray icon | No |
| U | Quick Heal Firewall Pro | qhfw.exe | Quick Heal Firewall Pro | No |
| U | Quick Heal Messenger | QHM32.EXE | Quick Heal Anti-Virus Messenger - keeps you informed about the latest threats, hoaxes etc | No |
| Y | Quick Heal On-Line Protection | Cateye.exe | Quick Heal - virus scanner | No |
| Y | Quick Heal Startup Scan | QHSTRT32.EXE | Quick Heal - virus scanner | No |
| U | Quick Hide Windows | qhw.exe | Quick Hide Windows from CronoSoft - "provides a quick and easy way for home and office PC users to quickly get sensitive materials off the screen without closing programs or losing documents" | No |
| N | Quick Shelf xx | qushelfxx.exe | Places an icon in the system tray for launching MS Bookshelf. Available via Start -> Programs"xx" represents the version number - ie, 98, 99 | No |
| Y | Quick Startup | Fquick32.exe | For a Nisis G6 USB Graphics Tablet. Re-enables itself if disabled therefore best left alone | No |
| X | Quick Time file manager | quicktimeprom.exe | Added by the SDBOT TROJAN! | No |
| N | Quick Time Task | qttask.exe | System Tray access to Apple's "Quick Time" viewer from version 5 onwards | No |
| N | Quick View Plus | QVP32.EXE | Quick View Plus from Inso Corporation. Multiple file type viewer. Available via Start -> Programs | No |
| U | QuickBooks Database Server Manager | QBServerUtilityMgr.exe | Part of QuickBooks Pro/Premier from Intuit - "QuickBooks Database Server Manager is a utility that allows you to configure the QuickBooks Server for multi-user access." See here for further information | No |
| N | QuickBooks Delivery Agent | QBDAGENT.EXE | As far QAGENT but for QuickBooks. Can also have the version number in the name | No |
| N | Quickbooks Update Agent | qbupdate.exe | Associated with Intuit's Quickbooks but not required. Possibly to do with the payroll update service but you're prompted to check for updates when appropriate whether this is running or not | No |
| U | QuickCamPro | QuickCamPro.exe | System Tray for Picture Capture utility that can run unattended. Pictures every 30 seconds for example, auto FTP Upload, etc | No |
| U | QUICKCARE | sprtcmd.exe /P QUICKCARE | Qwest Broadband QuickCare (provided by SupportSoft, Inc) is a free self-help tool for Qwest DSL users. Identifies and automatically fixes typical problems that may occur with your high-speed internet service | No |
| U | QuickDVBT | QuickDVB-T.exe | AVerTV_DVB-T connects Digital TV with your PC or Notebook and allows you to watch free-to-air digital terrestrial television channels with no subscription to pay | No |
| X | quicken | quicken.exe | CoolWebSearch Therealsearch parasite variant | No |
| X | quicken | Winrar.exe | CoolWebSearch Therealsearch parasite variant. Note - this is not the file zipping utility also known as WinRAR! | No |
| X | quicken | Waol.exe | CoolWebSearch Therealsearch parasite variant | No |
| N | Quicken Scheduled Updates | bagent.exe | Quicken background downloading module | No |
| N | Quicken Startup | QWDLLS.EXE | Quicken option to load DLLs at startup | No |
| N | QuickenSEMessage | Qsemsg.exe | Quicken option | No |
| N | QuickFinder Scheduler | QFSCHD100.exe | Used in Corel 2002 & Corel Suite 7 - finds files faster by indexing your files (similar to Microsoft's Find Fast or Fast Search for its Office products) | No |
| N | QuickFinder Scheduler | QFSched.exe | Used in Corel 2002 & Corel Suite 7 - finds files faster by indexing your files (similar to Microsoft's Find Fast or Fast Search for its Office products) | No |
| N | QuickFinder Scheduler | QFSCHD110.EXE | Used in Corel WordPerfect Office 11 - finds files faster by indexing your files (similar to Microsoft's Find Fast or Fast Search for its Office products). See here | No |
| N | QuickFinder Scheduler | QFSCHD130.EXE | Used in Corel WordPerfect Office X3 - finds files faster by indexing your files (similar to Microsoft's Find Fast or Fast Search for its Office products). See here | No |
| X | QuickInstallPack | QuickInstallPack.exe | Installed and used by rogue security products such as Cleaner2009, AntiMalwareSuite, SecureExpertCleaner and System Guard Center | No |
| X | QuickInstallPack | CLN_2009FreeInstall.exe | Installed and used by rogue security products such as Cleaner2009, AntiMalwareSuite, SecureExpertCleaner and System Guard Center | No |
| Y | QuickLaunchEr | QuickLaunchEr.Exe | QuickLaunchEr - allows you to quickly launch programs from an icon in the system tray | No |
| N | Quicklink III | QL.EXE | HP fax program and only needs to be in the start-up group if you allow your phone to automatically answer your phone in fax mode, that is, to receive faxes after a certain number of rings. Available via Start -> Programs | No |
| N | Quicknote | quicknote.exe | JC&MB Quicknote Virtual Scrapbook | No |
| U | QuickPassword | agquickp.exe | Smart card-based authentication and digital signature client software | No |
| N | QuickRes | QUICKRES.EXE | Utility to quickly change desktop resolution - left over from Win95 Power Toys. In Win98 and above incorporated via Control Panel -> Display. Not required unless you have to change resolutions on a regular basis | No |
| N | quickset | quickset.exe | Dell taskbar icon allowing you to quickly change settings | No |
| X | QuickSet | mmspng.exe | Added by a variant of the IROFFER.Z TROJAN! | No |
| X | Quicktime | qttasks.exe | Added by the ADCLICK-AK TROJAN! | No |
| X | Quicktime | shch.exe | Added by a variant of the BDOOR-EB BACKDOOR! | No |
| X | QuickTime | qttask.exe | Added by the AGENT-ENG TROJAN! Note - this is not the legitimate Apple "Quick Time" viewer that has the same startup name and filename and is normally located in %ProgramFiles%\QuickTime. This one is located in %System% | No |
| X | Quicktime Mediaplayer | winmplyer32.exe | Added by the RBOT-PM WORM! | No |
| X | Quicktime Mediaplayr | wnmplyr.exe | Added by a variant of the RBOT WORM! | No |
| X | Quicktime Pro 3.0 | winuodps.exe | Added by the GAOBOT.BH WORM! | No |
| N | QuickTime Task | Qttask.exe | System Tray access to Apple's "Quick Time" viewer from version 5 onwards | No |
| X | QuickTime Task | qttasks.exe | CoolWebSearch parasite variant | No |
| X | Quicktime Task | [random filename] | Trafficadvance dialer | No |
| X | QuickTime Task | qttask.exe | Trojan that is typically bundled with rogue security programs (such as Virus Trigger and AntivirusTrigger) and fake codecs. Note - this is not the legitimate Apple "Quick Time" viewer that has the same startup name and filename and is normally located in %ProgramFiles%\QuickTime. This one is located in %ProgramFiles%\WebMediaViewer | No |
| N | QuickTime Update Completion x | quicktimeupdatehelper.exe | Different numbers caused by number of launches. So if 3 updates are made separately, 3 would appear (in theory) | No |
| X | QuicktimeMngr | QUICKTIMEMNGR.EXE | Added by the WOOTBOT.AW WORM! | No |
| X | QuickTimeUpdate | QuickUpdate.exe | Added by the BIFROSE-CW TROJAN! | No |
| X | Quicktlme | ru.exe | Adult content dialler | No |
| U | QuickTV | QuickTV.exe | Infra-red remote control driver for the AVerTV Studio TV tuner/personal video recoder from AVerMedia. Required if you use the remote control | No |
| X | Quickzip | Ls.exe | MsConnect browser hijacker and dialler | No |
| X | QuickZip | lu.exe | MsConnect browser hijacker and dialler | No |
| N | QuikShield | qkshield.exe | QuikShield popup blocker - reportedly stealth installed, see here | No |
| N | QuikSync | QUIKSYNC.EXE | Used by Iomega drives. Available via Start -> Programs | No |
| X | qwe | qwe.exe | Added by the LINEAGE-F TROJAN! | No |
| ? | QWERTY | qwerty.exe | Possibly adult content related adware | No |
| X | qwertybot.exe | qwertybot.exe | Added by the AGENT.ALF TROJAN! | No |
| U | QWS3270 Sessions | sessions.exe | QWS3270 Secure terminal emulation software | No |
| X | R | rundll32.exe msprt.dll | Chinese originated browser hijacker - redirecting to 4199.com Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| X | RA Server | Slave.exe | Added by the RA TROJAN! | No |
| X | RabbitWannaHome | rabbit.exe | Added by the MIMAIL.S WORM! | No |
| Y | Rabo Session Monitor | RaboSessionMon.exe | Related to RaboBank electronic banking software | No |
| N | RaConfig2500 | RaConfig2500.exe | RaLink wireless LAN configuration utility | No |
| N | RadarSync | RadarSync.exe | Radarsync utility comes from DFI with their latest motherboards, e.g., DFI LanParty Ultra - checks for BIOS and driver updates periodically | No |
| U | RadBoot | RadBoot.exe | RadLinker - tweaker/linker for ATI Radeon based graphics cards. It allows you easy access to per game settings | No |
| U | Radio365Agent | Radio365TrayAgent.exe | Radio365 - create playlists and broadcast live straight from your PC! | No |
| U | RadioSvr | RadioSvr.EXE | Used to configure wire less networks. Windows automatically detects the Wireless network and it configures the network | No |
| U | RAID Event Monitor | iaanotif.exe | IAA Event Monitor User Notification Tool - part of Intel® Application Accelerator - "a performance software package for desktop PCs using select Intel® chipsets" that "replaces the ATA drivers that come with Windows with drivers optimized for desktop and mobile PCs." If you use the RAID version it's required to notify you if a RAID 1 disk has failed | No |
| U | RaidTool | raid_tool.exe | VIA V-RAID Tool - hard disk striping/mirroring utility for increased performance and reliability | No |
| U | Rainlendar | Rainlendar.exe | Rainlendar is a customizable calendar that displays the current month | No |
| U | Rainlendar2 | Rainlendar2.exe | Rainlendar is a customizable calendar that displays the current month | No |
| N | Rainmeter | Rainmeter.exe | Rainmeter is a customizable performance meter, which can display the CPU load, memory utilization, etc | No |
| U | RAM Idle Professional | RAM_XP.exe | RAM Idle LE - "A smart memory management program that will keep your computer running better, faster, and longer. RAM Idle works by freeing up physical RAM wasted by Windows and other applications. In addition, RAM Idle also includes Cache and startup manager program that will give you more power to optimize your Windows." MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mind | No |
| U | RAMASST | RAMASST.exe | Optionally installed with some DVD drives (LG, Panasonic, etc). Disables Windows XP's CD-burning abilities because they cause some incompatibilities. It does not affect your ability to burn CDs. If you do not have this program running, you may have some compatibility issues with burnt DVDs | No |
| X | RamBooster2 | rb.exe | Added by the AKAK TROJAN! | No |
| U | RAMDef | ramdef.exe | Ram Def Xtreme - monitors and defragments your system RAM to improve reliability and speed. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mind | No |
| U | RAMDrive | RDTask.exe | Virtual Hard Drive Pro from Farstone - "takes a portion of your system memory and creates a RAM disk drive, which functions like a physical hard drive, only with much better access rates" | No |
| U | RamIdle | ramidle.exe | RAM Idle LE - "A smart memory management program that will keep your computer running better, faster, and longer. RAM Idle works by freeing up physical RAM wasted by Windows and other applications. In addition, RAM Idle also includes Cache and startup manager program that will give you more power to optimize your Windows." MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mind | No |
| U | RAMpage | RAMpage.exe | Small Windows utility that displays the amount of available memory in an icon in the System Tray. It can also free memory by double clicking the tray icon, or by setting a threshold that activates the program automatically, or by having it run automatically when an application exits. RAMpage is free, and open source | No |
| X | Randex virus built for IRBMe | irbme.exe | Added by the RANDEX.RH WORM! | No |
| X | random | random.exe | Added by the DLOADER-KM TROJAN! | No |
| X | Random Interface Network | rst.exe | Added by the DELBOT-P WORM! | No |
| X | Random Interface Network Manager | rinsv.exe | Added by the DELBOT-L WORM! | No |
| X | Random Unique ID | [worm filename] | Added by the XROVE-A WORM! | No |
| X | RandomWin32 | mgnwin32.exe | Added by the SDBOT-DV WORM! | No |
| U | Randsoft Harmony '98 | rsMenu.exe | Randsoft Harmony '98 (superseeded by Enterprise Harmony 98) for CASIO - synchronization software for use with Microsoft® Outlook 97/98/2000 | No |
| X | rant | rant.exe | Added by the RBOT-ZB WORM! | No |
| Y | RapApp | RAPAPP.EXE | Application protection component of BlackICE PC Protection (was Defender) firewall, informing you of any modifications to programs, files or folders and detecting unknown programs trying to launch | No |
| X | Rapdata | ravsecs.exe | Added by the QQPASS-V TROJAN! | No |
| X | Rapdatae | rabseuser.exe | Added by the QQPASS-S TROJAN! | No |
| X | Rapdatybs | ravseteyns.exe | Added by the PWS-ACP TROJAN! | No |
| X | Rapid Antivirus | Rapid Antivirus.exe | Rapid Antivirus rogue security software - not recommended, removal instructions here | No |
| U | Rapid Restore | rrpcsb.exe | XPoint "Rapid Restore PC" - a "Managed Recovery? solution that enables IT Administrators to protect the corporate image, while offloading personal data backup and recovery chores to the end user" | No |
| X | RapidBlaster | rb32.exe | RapidBlaster parasite. Recommended you use RapidBlaster Killer to uninstall - see here | No |
| X | Raptelnet | ravspeger.exe | Added by the QQPASS-AA TROJAN! | No |
| X | Raptelt | ravspegtl.exe | Added by the QQPASS-AB TROJAN! | No |
| Y | Raptor Mobile | vpnservices.exe | Symantec VPN Client used to connect to corporate networks. If unchecked, must be uninstalled using Add/Remove Programs as it tightly integrates into networking | No |
| X | RasCon Remote Access Service Manager | rasmngr.exe | Added by the SPYBOT.EM WORM! | No |
| X | rasctrs | rasctrs.exe | Hijacker, also detected as the ADWAHECK TROJAN! | No |
| X | Rase | boln.exe | PurityScan/Clickspring adware | No |
| X | rasman | rasman32.exe | Added by the BCKDR-QGN BACKDOOR! | No |
| X | RasMan.exe | RasMan.exe | Added by the FEUTEL-H TROJAN! | No |
| X | rate.exe | i11r54n4.exe | Added by the BEAGLE-I WORM! | No |
| X | rate.exe | i1ru74n4.exe | Added by the BEAGLE.E WORM and variants! | No |
| Y | RAV8Tray | ravtray8.exe | RAV anti-virus related | No |
| X | RavAv | RavMonE.exe | Added by the RJUMPF-F WORM! | No |
| X | RavAv | AdobeR.exe | Added by the RJUMP.D WORM! | No |
| X | RAVEN_VLZS.EXE | RAVEN_VLZS.EXE | DownloadReceiver parasite - no longer in existence | No |
| Y | RavMon | RavMon.exe | RAV AntiVirus | No |
| X | ravshell | expl0rer.exe | Added by the DLOADER.MAR TROJAN! | No |
| X | Ravshell | explore3.exe | Added by the PAKES.HZ TROJAN! | No |
| X | Ravshell | IEXPLORER.EXE | Added by the AGENT.URZ TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe) | No |
| X | Ravshell | rund1132.exe | Added by the AGENT.OKZ TROJAN! | No |
| X | Ravshell | svch0st.exe | Added by the NSPM.PU TROJAN! Notice the digit "0" in the filename rather than the lower case "O" | No |
| X | ravshell | 1explore.exe | Added by the DLOADER.MJF TROJAN! | No |
| Y | RavStub | ravstub.exe | Rising antivirus | No |
| X | ravtask | rund1132.exe | Added by the DLOADER.IYT TROJAN! | No |
| X | ravtask | svch0st.exe | Added by the LINEAG-AIN TROJAN! | No |
| Y | RavTask | RavTask.exe | Rising antivirus | No |
| X | RavTime | Mstray.exe | Added by the WUKILL.A WORM! | No |
| Y | RavTimer | RavTimer.exe | RAV AntiVirus | No |
| X | RavTimer | explores.exe | Added by the HOMEY-A TROJAN! | No |
| X | RavTimeXP | [worm filename] | Added by the WULLIK.B WORM! | No |
| X | RavTimeXP | Virus | Added by the CAGER.A WORM! | No |
| X | RavTimXP | [worm filename] | Added by the WULLIK.B WORM! | No |
| X | RavUptets | agetlke.exe | Added by the QQPASS-AK TROJAN! | No |
| X | RavUptkt | agetlktz.exe | Added by the QQPASS-AJ TROJAN! | No |
| X | RavUptpe | ravsesur.exe | Added by the QQPASS-T TROJAN! | No |
| ? | rav_temp.exe | rav_temp.exe | ?? | No |
| X | rawload | [path to trojan] | Added by the DARKIRC.QZ TROJAN! | No |
| X | RAX SYSTEM | scrigz.exe | Added by the MYTOB.KR WORM! | No |
| N | Ray Process Killer | Prkill.exe | Ray Process Killer - clicking right mouse button produces popup menu with current active tasks. You can choose any task and click "Ok" to terminate it. Use CTRL+ALT+DEL instead | No |
| X | Raymond present | friska_w32.exe | Added by the RUBBLE-C WORM! | No |
| U | razer | razerhid.exe | Razer mouse driver | No |
| X | rb32 lptt01 | rb32.exe | RapidBlaster variant (in a "RapidBlaster" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here | No |
| X | rb32 ml097e | rb32.exe | RapidBlaster variant (in a "RapidBlaster" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here | No |
| X | rbenh ml***e | rbenh.exe | RapidBlaster variant (in a "RBEnhance" folder in Program Files) where *** represents random digits. Recommended you use RapidBlaster Killer to uninstall - see here | No |
| X | RBOT v2 with NetAPI exploit traded with billgates I gave my mother Greetz - OG - Bluehell Irc Server | glossary.exe | Added by the VANEBOT-J WORM! | No |
| X | Rcf Driver | rcf.exe | Added by the RANDEX.BLD WORM! | No |
| U | RCHotKey | RCHotKey.exe | Part of RingCentral Call Controller™ which "turns your PC into your personal business command center. It brings you real time control of your calls, and immediate access to faxing, your account, Microsoft Outlook® contacts, and many powerful business efficiency tools" | No |
| X | rcimlby.exe | rcimlby.exe | Added by the SDBOT-DHK WORM! | No |
| X | rCron | rcron.exe | "Switch" premium rate adult content dialler variant | No |
| X | rCron | dservice.exe | "Switch" premium rate adult content dialler variant | No |
| U | RCScheduleCheck | RCSCHED.EXE | Scheduler for VCOM's Recovery Commander - which "can restore your non-booting system back to normal. It only takes a few minutes to get your system back up and running" | No |
| X | RCSync | RCSync.exe | PrizeSurfer related. "PrizeSurfer is the free software that automatically enters you to win cash and prizes just for surfing the web and shopping online!" Stealth installed malware | No |
| U | RCSystem | DLLML.exe RCSystem | Related to Creative DLL Module Loader for the Sound Blaster X-Fi (and maybe others). This program is non-essential process to the running of the system, but should not be terminated unless suspected to be causing problems | No |
| U | RDClient | RDCLIENT.EXE | Remote Disconnection Utility from Twiga. Used for connecting and disconnecting dial up connections on a network - only needed if there is a shared internet connection | No |
| X | RDLL | RunDll16.exe | Added by the SDBOT.F TROJAN! | No |
| X | rdvs | [worm filename] | Added by the ULTIMAX.B WORM! | No |
| X | Reactor3 | [random name]32.exe | Added by the BOFRA.A WORM! | No |
| X | Reactor5 | [random name]32.exe | Added by the BOFRA.D WORM! | No |
| X | Reactor6 | [random name]32.exe | Added by the BOFRA.C WORM! | No |
| X | Reactor7 | [random name]32.exe | Added by the BOFRA.B WORM! | No |
| X | Reactor8 | [random name]32.exe | Added by the BOFRA.E WORM! | No |
| X | Reactor9 | [random name]32.exe | Added by the BOFRA.E WORM! | No |
| X | readdb40 | rundll32.exe readdb40.dll, EnableRunDLL32 | LZIO.com adware downloader. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "readdb40.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| U | readericon | readericon45G.exe | Tray icon to set various configuration settings for Sunkist (and maybe other) media card readers | No |
| N | REAL | realjbox.exe | Real Jukebox - MP3 and music files player | No |
| X | Real Internet Player | Reaiplay.exe | Added by a variant of the SPYBOT WORM! | No |
| X | Real Media Player | realplayer2.exe | Added by a variant of the RBOT WORM! | No |
| X | Real player updater | realupd.exe | Added by the PARLAY TROJAN! | No |
| X | real scheduler.hta | RealAudio.exe | Added by the CEEGAR TROJAN! Note - this is not associated with the popular RealPlayer media player | No |
| U | Real Spy Monitor | Winrsm.exe | Realspy keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| X | Real Statics Agent | ccreal.exe | Added by a variant of the RBOT WORM! | No |
| X | Real-Tens | Real-Tens.exe | DownloadWare adware | No |
| X | RealAudio | RealAudio.exe | Added by the CEEGAR TROJAN! Note - this is not associated with the popular RealPlayer media player | No |
| X | Realaudio Player | realaudio32.exe | Added by the AGOBOT.AFR WORM! | No |
| X | RealAV.exe | RealAV.exe | Real Antivirus rogue security suite - not recommended, removal instructions here | No |
| N | RealDownload | RealPlay.exe | Download manager. Available via Start -> Programs | No |
| X | RealDownload Express | npnzdad.exe | Advertising spyware | No |
| N | Reality Fusion GameCam SE | RFTRay.exe | Reality Fusion GameCam Video Interaction Technology Software that comes with the Logitech QuickCam PC video camera and other USB cameras. It's only an icon that appears on your System Tray. Available via Start -> Programs | No |
| N | RealJukeboxSystray | tsystray.exe | System Tray icon for RealJukebox | No |
| X | realone_nt2003 | moniker.exe | Added by the SNONE.A WORM! | No |
| X | RealP1ayer | [path to file] | Added by the RPLAY.A TROJAN! Note that the name has a number "1" in place of the second lower case "L" | No |
| N | realplay | realplay.exe | System Tray icon for RealPlayer. If you subsequently start RealPlayer manually it adds itself back to the start-up list. You can stop this from happening by right-clicking on the tray icon and disabling StartCenter via Preferences | No |
| X | realplay lptt01 | realplay.exe | RapidBlaster variant (in a "RealPlay" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here. Note - this is not RealPlayer which can have the same executable name | No |
| X | realplay ml097e | realplay.exe | RapidBlaster variant (in a "RealPlay" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here. Note - this is not RealPlayer which can have the same executable name | No |
| N | RealPlayer | realplay.exe | System Tray icon for RealPlayer. If you subsequently start RealPlayer manually it adds itself back to the start-up list. You can stop this from happening by right-clicking on the tray icon and disabling StartCenter via Preferences | No |
| X | RealPlayer Ath Check | rnathchk.exe | Added by the MYTOB.AG WORM! | No |
| X | Realplayer Codec Support | realsched.exe | Added by the AGOBOT-AAD WORM! Note - this is not the legitimate RealOne Player (realsched.exe) application of the same name | No |
| X | Realplayer One | realplay.exe | Added by the RBOT-NK WORM! | No |
| X | Realplayer Video | RealPlay.exe | Added by a variant of the RBOT WORM! | No |
| X | Realplayer.exe | Realplayer.exe | Added by the DELF.CNV TROJAN! | No |
| N | RealPlayer2 | MsgCenterExe | RealNetworks RealPlayer related - disabling this application will not affect Real Player in any way | No |
| X | RealPlayerUpdater | realupd32.exe | Added by the LOHAV-T TROJAN! | No |
| ? | Realpopup | Realpopup.exe | RealPopup - "Replaces old winpopup with a full featured freeware tool which remains stable and simple as its predecessor" | No |
| N | Realsched | realsched.exe | Application Scheduler installed along with RealOne Player. Runs independently of RealOne Player, to remind AutoUpdate and Message Center to perform their tasks at pre-scheduled intervals. If it can't be disabled try deleting or renaming realsched.exe and then delete the entry in the registry | No |
| U | RealSPEED | RealSPEED.Exe | RealSPEED - tweaking utility to speed-up your internet connection | No |
| X | Realtek Sound Manager | Tecompntwx.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| U | Realtime Audio Engine | mmrtkrnl.exe | Associated with ALCATech BPM Studio | No |
| Y | Realtime Monitor | realmon.exe | Realtime scanner part of eTrust Antivirus/InoculateIT version 6 virus scanners from Computer Associates | No |
| X | RealTimeProtector | winlogon.exe | Detected by Kaspersky as the AUTORUN.DIB WORM! See here. Note - this is not the legitimate winlogon.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ~A~m~B~u~R~a~D~u~L~ subfolder | No |
| ? | RealTimeUpdate | RealTimeUpdate.exe | Product description in properties is "InternetExplorerCommunicationAgent Module" ? | No |
| X | realtpsk | realsched.exe | Chinese originated adware - detected by Panda as NewWeb. Note - this is not the legitimate RealOne Player (realsched.exe) application of the same name and this file is located in %System% | No |
| N | RealTray | RealPlay.exe | System Tray icon for RealPlayer. If you subsequently start RealPlayer manually it adds itself back to the start-up list. You can stop this from happening by right-clicking on the tray icon and disabling StartCenter via Preferences | No |
| X | RealUpdater | realupd.exe | Added by the PARLAY or MITGLIEDER.I TROJANS! | No |
| X | RebateNation0 | RebateNation0.exe | RebateNation adware | No |
| N | Reboot | Reboot.exe | MS-DOS/Win3.1 utility use to clean boot a system. Sometimes installed by default from some driver CDs for motherboards | No |
| U | Receiver | PcfaxRcv.exe | Incorporated on multifunction digital copiers (such as the MX-3500NM), Sharp's innovative PC fax driver enables users to send fax documents right from their desktop | No |
| Y | Recguard | recguard.exe | On HP computers, Recguard prevents the deletion or corruption of the WinXP Recovery Partition. Without it enabled, it is possible to knock that completely out and force the customer to send the PC back to HP for a re-image, possibly at the customer's expense | No |
| N | Reclip | reclip.exe | Reclip Popup Clipboard manager | No |
| X | Recommended Hotfix - {0421701D-CF13-4E70-ADF0-45A953E7CB8B} | RH.DLL | SmartPops search hijacker | No |
| N | Recover | N/A | Added during the installation of Comcast High Speed Internet software. During installation the system reboots and if the disk is removed a screen appears asking for the disk to be re-inserted to complete installation. Not required once installion is complete | No |
| X | recover.bmp.exe | Rundll.exe | Added by the ANAFTP-01 TROJAN! Note - this is NOT the Windows system file of the same name as described here | No |
| N | RecoverFromReboo | RECOVE~1.EXE | Part of a DSL installer package from SBC (probably SBC/Yahoo DSL). If the installation is botched, this entry may be left in the registry | No |
| N | RecoverFromReboo | RecoverFromReboot.exe | Part of a DSL installer package from SBC (probably SBC/Yahoo DSL). If the installation is botched, this entry may be left in the registry | No |
| N | RecoverFromReboot | RECOVE~1.EXE | Part of a DSL installer package from SBC (probably SBC/Yahoo DSL). If the installation is botched, this entry may be left in the registry | No |
| N | RecoverFromReboot | RecoverFromReboot.exe | Part of a DSL installer package from SBC (probably SBC/Yahoo DSL). If the installation is botched, this entry may be left in the registry | No |
| X | Recoveru system | svchast.exe | Added by a variant of the LINEAGE-AV TROJAN! | No |
| X | Recoveru systems | svchost.exe | Added by a variant of the SDBOT WORM! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! ! This file is located in the "temp" folder | No |
| N | RecShe | RecSche.exe | Recording scheduler for WatchTV Capture Card (TV Tuner card) | No |
| X | Recycle Bin Handler | recycler.exe | Added by the SHUCKBOT-A TROJAN! | No |
| X | Recycle Bin Handler 2005 | system.exe | Added by the BDOOR-HO BACKDOOR! | No |
| X | Recycler DO NOT MODIFY | recyclecl.exe | Added by the RBOT.DDA WORM! | No |
| X | RecycleSTR | msreg32.exe | Added by the RBOT-TC WORM! | No |
| N | Red Flag | redflag.exe | PMS prediction program with modes for guys and girls - no longer available | No |
| U | Red Swoosh EDN Client | RSEDNClient.exe | Red_Swoosh distributed networking software - a desktop client that enables users to download and stream files from each other, rather than from webservers | No |
| X | redirect | redirect*.exe | Dotcomtoolbar/Linksummary hijacker installer - where * is a random digit | No |
| N | Redline Taskbar | taskbar.exe | Taskbar icon for the Redline RegTweak overclocking program as supplied with Sapphire ATI graphics cards | No |
| X | REEGRUN | [path to file] | Added by the SECDROP.AI TROJAN | No |
| X | Reek 32 Server | reek32.exe | Added by the RANDEX.AL WORM! | No |
| U | Referee | referee.exe | MediaComm's monitor for file association changes. Stop rogue programs from screwing your settings either on installation or whenever they run | No |
| U | Reflex Vision | ReflexVision.exe | Reflex Vision from Increment Software. "A background application for Windows XP that makes switching windows faster and easier" | No |
| N | Refresh | Refresh.exe | (Iomega) Refresh - loads the Iomega desktop icons at startup | No |
| X | Reg | Reg.hta | Passon homepage hi-jacker | No |
| ? | Reg Check | lpt.exe | Related to Supanet ISP software - what does it do and is it required? | No |
| X | reg run | Systen.exe | Added by the BANCOS-BS TROJAN! | No |
| X | Reg Service | winsy.exe | Added by a variant of the SPYBOT WORM! | No |
| X | Reg Service | winslogon.exe | Added by the AGOBOT-SC WORM! | No |
| X | Reg Service | ipcfg.exe | Added by the AGOBOT-SO WORM! | No |
| X | Reg Service | REGSRV32.EXE | Added by the RBOT.ZW WORM! | No |
| X | Reg Service | WinnConfig.exe | Added by the AGOBOT-PF WORM! | No |
| X | Reg Service | NT32.exe | Added by the AGOBOT.G TROJAN! | No |
| X | Reg Services | Winboot32.exe | Added by the RBOT.PB WORM! | No |
| X | reg1.reg | vuamgard.exe | Added by a variant of the IRCBOT TROJAN! | No |
| U | reg2.0 | SVCH0ST.EXE | eSpyNow surveillance software. Uninstall this software unless you put it there yourself. Note - the filename has the digit 0 rather then the uppercase "o" | No |
| X | Reg32 | Reg32.exe | Hijacker - redirecting to only-virgins.com | No |
| X | reg32 | reg32.exe | Added by the NOUPDATE.B TROJAN! | No |
| X | Reg32 | reg33.exe | CoolWebSearch parasite variant - also detected as the STARTPA-M TROJAN! | No |
| X | Regcheck | ~CAB001.EXE | Added by the CYBRSPY.13A or CYBRSPY.13B TROJANS! | No |
| X | regcheck | [path to file] | Added by the SERVPAM TROJAN! | No |
| U | RegClean Expert Scheduler | RCHelper.exe | "Registry Clean Expert scans the Windows registry and finds incorrect or obsolete information in the registry. By fixing these obsolete information in Windows registry, your system will run faster and error free" | No |
| U | RegClean Expert Scheduler | RCScheduler.exe | "Registry Clean Expert scans the Windows registry and finds incorrect or obsolete information in the registry. By fixing these obsolete information in Windows registry, your system will run faster and error free" | No |
| X | RegCleaner | SYSio32.exe | Added by an unidentified VIRUS, WORM or TROJAN! Note - do not confuse this with the popular RegCleaner registry cleaner freeware | No |
| X | RegCompres | Regcpm32.exe | Added by the POLDO.B TROJAN! | No |
| X | RegCompres | REGCPM32.EXE | Added by the DASMIN-E TROJAN! | No |
| X | Regcxdinaf | REGCXDINAF.EXE | Added by the BANCOS-BW TROJAN! | No |
| X | Regcxmarq | REGCXMARQ.EXE | Added by the BANCOS.DK TROJAN! Note that the filename has a leading space, ie, " REGCXMARQ.EXE" | No |
| X | Regcxn | Regcxn.exe | Added by the COIBOA-D TROJAN! | No |
| U | regdefend | regdefend.exe | "RegDefend is a configurable, kernel based registry protection system, designed to intercept selected changes before they occur, thus also preventing malicious software like viruses, trojans and worms from using the registry to their advantage" | No |
| X | RegDone | services.exe | Added by the NEVEG.B or NEVEG.C WORMS! Note - this is not the legitimate services.exe process, which should not appear in Msconfig/Startup! | No |
| X | RegDone | winlogon.exe | Added by the NEVEG.A WORM! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup! | No |
| X | RegDone Ex | csrss.exe | Added by the WEBUS TROJAN! Note - this worm replaces the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! | No |
| X | RegDoneEx | lsass.exe | Added by the WEBUS.B TROJAN! Note - this is not the legitimate lsass.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the System folder | No |
| X | regedit | regedit.exe | Added by the BRID.A WORM! Note - this is not the valid Windows registry editor which resides in Windows or Winnt and will not figure in Msconfig/Startup! This version resides in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| X | REGEDIT | Regsrv32.com | Added by the SOUTHGHOST WORM! | No |
| X | regedit | autoexe.exe | Added by a variant of the RBOT WORM! | No |
| X | regedit | svchost.exe ccRegVfy | Added by the HOTWORD.B TROJAN! Note - this is not the legitimate svchost.exe process which should not normally figure in Msconfig/Startup! | No |
| X | regedit | regedit.exe | Added by the GANBATE.A WORM! Note - this is not the valid Windows registry editor which resides in Windows or Winnt and will not figure in Msconfig/Startup! This version resides in a "securityDatabase" subfolder | No |
| X | RegEdit32 | RegEdit32.exe | Added by the VOUMIT-A WORM! Note - this is not the legitimate regedit32.exe application which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "mirc32" folder | No |
| X | Regexit | runlli32.exe | Added by the QQPASS-U TROJAN! | No |
| X | Regexit | Updadv.exe | Added by the QQPASS-N TROJAN! | No |
| X | RegFreeze | regfreeze.exe | RegFreeze rogue spyware remover - not recommended, see here | No |
| X | reggsdg | spoolserv.exe | Added by the SDBOT-MS WORM! | No |
| X | reggsdg | spoolsrv.exe | Added by the SDBOT-DI WORM! | No |
| U | RegHelp | svchosts.exe | SpyGraphica spy software - "Stealth monitoring of ALL PC or Network Activity with DVD-like playback. EVERY keystroke can be e-mailed in a detailed activity report every 15 minutes...anywhere in the world." | No |
| ? | reginfo32 | reginfo32.exe | ?? | No |
| X | Register Manager | RegistryManage.exe | Added by the SDBOT.AYH WORM! | No |
| N | Register MediaRing Talk | register.exe | If you don't want to register MediaRing and be reminded about it every bootup disable it | No |
| ? | Register SeqChk | regsvr32.exe ..csseqchk.dll | ?? | No |
| U | RegisterDropHandler | REGIST~1.EXE | Part of the OCR software TextBridge Pro 9.0 (and possibly earlier versions). Typically used with imaging devices such as scanners and digital cameras for creating text documents from images. This item will probably be displayed twice and will re-instate itself whenever you start the main program so leave it - once started it frees the memory it used. Its purpose and an explanation of how to correct a problem it creates for "Send To" can be found here. Note that you don't have to uninstall TextBridge for this fix to work and the program works fine afterwards. Not used on later versions of the software - hence the 'U' recommendation | No |
| X | Registration Service | toker.exe | Added by the SDBOT-BB WORM! | No |
| X | Registration Service | msvdm6.exe | Added by the SDBOT-HE TROJAN! | No |
| N | Registration-Studio 8 | RegTool.exe | Registration for Pinnacle Studio Version 8 home video software from Pinnacle Systems | No |
| X | Registry | wscript.exe ShakiraPics.jpg.vbs | Added by the VBSWG.AQ WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted. The "ShakiraPics.jpg.vbs" file is located in the Winnt or Windows folder | No |
| U | Registry | class0117[random].exe | Blackbox captures emails and chat logs, and monitors Internet activity - remove if you didn't intentionally install it | No |
| X | Registry Checker | Regrun.exe | Added by the SDBOT TROJAN! | No |
| X | Registry Checkup | winreg.exe | Added by an unidentified WORM or TROJAN! | No |
| X | Registry Checkup System326a Monitor | Winregs326a.exe | Added by a variant of the SDBOT WORM! | No |
| X | Registry Cleaner | Regclean.exe | Registry Cleaner misleading security software - not recommended, see here | No |
| X | Registry Integrity Checker | regintmon.exe | Added by a variant of the AGOBOT/GAOBOT WORM! | No |
| X | Registry Integritycheck | WCPDT.EXE | Added by the AGOBOT-RF WORM! | No |
| X | Registry Loader | regloadr.exe | Added by the GAOBOT.AO WORM! | No |
| X | Registry Loader | winhlpp32.exe | Added by the GAOBOT.AO WORM! | No |
| U | Registry Mechanic | RegMech.exe | Part of Registry Mechanic from PC Tools - which "is an advanced registry cleaner for Windows that can safely clean, repair and optimize your registry in a few simple mouse clicks!". This entry is created when Registry Mechanic is installed on XP and loads the System Tray icon and runs a registry scan at startup - if either are enabled | Yes |
| U | Registry Mechanic Vista Tray | RMTray.exe | Part of Registry Mechanic from PC Tools - which "is an advanced registry cleaner for Windows that can safely clean, repair and optimize your registry in a few simple mouse clicks!" This entry is created when Registry Mechanic is installed on Vista and loads the System Tray icon (RegMech.exe) and runs a registry scan at startup - if either are enabled | Yes |
| X | Registry Monitor | regmon.exe | Added by the BCKDR-QKH BACKDOOR! | No |
| X | Registry oidet | win32.exe | Added by the RBOT.BMT WORM! | No |
| X | Registry Protector | regprotect.exe | Added by the ARIVER.A WORM! | No |
| X | Registry Scanner | regscanr.exe | Added by a variant of the OPTIX TROJAN! | No |
| X | Registry Serv | regsvr.exe | Added by the WEBMONEY-G TROJAN! | No |
| X | Registry Server | regsrv32.exe | Added by the RBOT-GM WORM! | No |
| X | Registry Server | regserv.exe | Added by a variant of the IRCBOT TROJAN! See here | No |
| X | Registry Service | REGSRV32.EXE | Added by a variant of the RBOT WORM! | No |
| X | Registry Service | resvs.exe | Added by the DELBOT-I WORM! | No |
| X | Registry Services | Registry.exe | Added by the CILE TROJAN! | No |
| X | Registry Startup Check | checkreg.exe | Added by the REMLOAD-A or DANMEC-B TROJANS! | No |
| X | Registry System | Regsys.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Registry System16 Checkup Monitor | SystemReg16.exe | Added by a variant of the RBOT WORM! | No |
| X | Registry System166 Checkup Monitor | SystemReg166.exe | Added by a variant of the RBOT WORM! | No |
| X | Registry Value Name | roses.exe | Added by the RBOT-AFT WORM! | No |
| X | Registry Value Name | service.exe | Added by the RBOT-AHT WORM! | No |
| X | Registry Value Name | winapi32.exe | Added by a variant of the RBOT WORM! | No |
| X | Registry Value Name | syswinxp.exe | Added by the RBOT.BTZWORM! | No |
| X | Registry Value Name Start | MsPMSPSa.exe | Added by a variant of the SDBOT WORM! | No |
| X | RegistryCheck | rundll32.exe chkreg.dll, CheckRegistry | Ulubione adult content dialer. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| X | RegistryChk | winbackup.exe | Added by the MERTIAN WORM! | No |
| X | RegistryCleanFixMFC | registrycleanfix.exe | RegistryCleanFix misleading security program - not recommended, see here | No |
| X | RegistryConfig | rundll.exe | Added by the AOGBOT-KN WORM! | No |
| U | RegistryMechanic | RegMech.exe | Part of Registry Mechanic from PC Tools - which "is an advanced registry cleaner for Windows that can safely clean, repair and optimize your registry in a few simple mouse clicks!". This entry is created when Registry Mechanic is installed on XP and loads the System Tray icon and runs a registry scan at startup - if either are enabled | Yes |
| U | RegistryMechanic | RMTray.exe | Part of Registry Mechanic from PC Tools - which "is an advanced registry cleaner for Windows that can safely clean, repair and optimize your registry in a few simple mouse clicks!" This entry is created when Registry Mechanic is installed on Vista and loads the System Tray icon (RegMech.exe) and runs a registry scan at startup - if either are enabled | Yes |
| X | RegistryMonitor | registry.pif | Affilred adware | No |
| X | RegistryMonitor | sysfade.exe | Added by the SYSFADE TROJAN! | No |
| X | RegistryMonitor1 | mljul1.exe | Added by the SPAMBOT TROJAN! | No |
| U | REGIST~1 | REGIST~1.EXE | Part of the OCR software TextBridge Pro 9.0 (and possibly earlier versions). Typically used with imaging devices such as scanners and digital cameras for creating text documents from images. This item will probably be displayed twice and will re-instate itself whenever you start the main program so leave it - once started it frees the memory it used. Its purpose and an explanation of how to correct a problem it creates for "Send To" can be found here. Note that you don't have to uninstall TextBridge for this fix to work and the program works fine afterwards. Not used on later versions of the software - hence the 'U' recommendation | No |
| X | Regkey for autostart | winservice.exe | Added by the RBOT-NU WORM! | No |
| U | RegKillTray | RegKillTray.exe | DVD region killer part of CloneDVD from Elaborate Bytes AG. Copies the main movie, Special Features and/or the original menu onto a DVD Recordable or onto your harddisk | No |
| U | RegMech | RegMech.exe | Part of Registry Mechanic from PC Tools - which "is an advanced registry cleaner for Windows that can safely clean, repair and optimize your registry in a few simple mouse clicks!". This entry is created when Registry Mechanic is installed on XP and loads the System Tray icon and runs a registry scan at startup - if either are enabled | Yes |
| X | Regmonitor | regmaping.exe | Added by the BEAGLE.DO WORM! | No |
| X | REGMSYS | [path to file] | Added by the LOWZONE-AX TROJAN! | No |
| X | RegMutex | lexplore_.exe | Added by the MSNOPT-A TROJAN! | No |
| X | RegPowerClean | RegPowerClean.exe | RegistryPowerCleaner misleading secuirty software - not recommended, see here | No |
| Y | RegProt | Regprot.exe | RegistryProt from Diamond Computer Systems - protects the system registry against changes | No |
| X | Regptmens | REGPTMENS.EXE | Added by the BANCOS-ED TROJAN! | No |
| X | Regro | rundll132.exe | Added by the OKARAG TROJAN! | No |
| X | RegRun | mActiveX.exe | Adware downloader - also detected as a variant of the LOWZONES.BW or AGENT.RD TROJANS! | No |
| X | REGRUN | winfix22490.exe | Adware downloader - also detected as a variant of the LOWZONES.BW or AGENT.RD TROJANS! | No |
| X | REGRUN | [path to trojan] | Added by the LOWZONE-AH TROJAN! | No |
| X | REGRUN | regeditt.exe | Adware downloader - also detected as a variant of the LOWZONES.BW or AGENT.RD TROJANS! | No |
| X | REGRUN | sory.exe | Adware downloader - also detected as a variant of the LOWZONES.BW or AGENT.RD TROJANS! | No |
| X | REGRUN | dialer.exe | Adware downloader - also detected as a variant of the LOWZONES.BW or AGENT.RD TROJANS! | No |
| U | RegRun WinBait | winbait.exe | Part of RegRun - used to detect unknown viruses. RegRun compares winbait.exe with the original copy called winbait.org and warns if the files are different.. | No |
| Y | Regrun2 | WatchDog.exe | Greatis Software's RegRun security suite which amongst other things replaces MSCONFIG. The WatchDog check for registry changes caused by trojan's, viruses, etc | No |
| X | REGRUNM | autoprotect.exe | Added by an unidentified WORM or TROJAN! | No |
| X | Regrx | rundll32.exe | Added by the WAYIC-A TROJAN! Note - this is not the legitimate rundll32.exe process, which is found in the Windows folder (98ME) or the System32 folder(NT2000XP). The file is located in C:Windows | No |
| X | Regscan | regscanr.exe | Added by the OPTIX-SE TROJAN! | No |
| X | RegScan | DLLSRV32.EXE | Added by the AGOBOT.AEW WORM! | No |
| X | RegScan | Regscan.exe | Added by the TALEX TROJAN! | No |
| ? | RegServer | regserve.exe | Related to XGI Technology's Volari graphics cards - what does it do and is it required? | No |
| X | regservices.exe | regservices.exe | Added by an unidentified VIRUS, WORM or TROJAN! | No |
| N | RegShave | regshave.exe | Part of the USB driver for your Fuji digital cameras - used when uninstalling the USB drivers, erasing all entries from the registry. Only required BEFORE attempting to uninstall the Fuji software or the uninstall may not work correctly | No |
| X | regsrv | regsrv.exe | Added by the OPTIXPRO.11 TROJAN! | No |
| X | regsrv | scvhost.exe | Added by the AGOBOT.E WORM! | No |
| X | RegSrv64D | RegSrv64D.exE | Added by the WINKO.AO WORM! | No |
| X | regsrvc | regsrvc.exe | Added by the STOPED-A TROJAN! | No |
| X | Regsv | regsv.exe | Search hijacker - redirecting to scheo.com | No |
| X | Regsvc | regsv.exe | Added by an unidentified TROJAN! | No |
| X | regsvc32 | regsvc32.exe | Homepage hijacker that changes your homepage to an adult content site | No |
| X | regsvr | regsvr.exe | Added by the WEBMONEY-G TROJAN! | No |
| U | REGSVR32 | regsvr32.exe ctasio.dll | ASIO (Audio Stream In/Out) drivers for the SoundBlaster Audigy 2 series soundcards - for recording and home project studios. Required if you use this functionality | No |
| X | RegSvr32 | msmsgs.exe | Added by the ZLOB.B TROJAN! | No |
| X | regsync | regsync.exe | SafeSurfing adware | No |
| ? | regtmlp | N/A | ?? | No |
| U | RegTweak | RegTwk.exe | Rage3d Tweak - ATI Radeon tweaker which allows access to registry tweak options, custom display modes, refresh rates and overclocking all through an easy to use interface | No |
| X | RegVer | REGVER.EXE | Added by the LATINUS.16 TROJAN! | No |
| X | RegVfy32 | Regverif32.exe | Added by the SYGYP.A WORM! | No |
| X | RegWrite | csrss.exe | Added by the SOKACAPS TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\Media | No |
| Y | Regx10EXE | atix10.exe | ATI Remote Wonder? - PC wireless remote control driver. Required if you use it | No |
| X | reg_key | FUKULAMER.exe | Added by the BEAGLE.AH WORM! | No |
| X | reg_key | loader_name.exe | Added by the BEAGLE.Y or BEAGLE.Z or BEAGLE.AA WORMS! | No |
| X | Reg_WFT | Regsysw.com | Added by the WILSEF VIRUS! | No |
| X | Reg_WFT | scanreg32.com | Added by the SENNASPY-F TROJAN! | No |
| X | Reg_WFT | Regsysw.exe | Added by the WILSEF.A WORM! | No |
| U | ReleaseRAM | RRAM.exe | "Release RAM allows your computer to run faster and uses your computer's RAM more efficiently". MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mind | No |
| X | relinson | cmdno.exe | Added by the DROPPER-PS TROJAN! | No |
| X | reload | reload.vbs | Added by the LOVELETTER.AS VIRUS! | No |
| X | Reload | reload.exe | Added by the LAZAR TROJAN! | No |
| N | RemHelp | Remhelp.exe | BT Voyager ADSL Modem Help related | No |
| N | Reminder | reminder.exe | From MS Money. Reminds you of your bills | No |
| N | Reminder | Remind_XP.exe | HP-specific program that reminds users to create System Recovery CDs. Once they use the Recovery CD Creator (Start -> PC Help & Tools -> Recovery CD Creator) to make the recovery CDs the entry will remove itself from the startup list | No |
| N | Reminder | Reminder.exe | Registration reminder for the PC Pitstop Optimize 2.0 system optimizatoon utility by CA. Located in %ProgramFiles%\PCPitstop\Optimize2 | No |
| X | Reminder | Reminder.exe | Registration reminder for the Secure Expert Cleaner rogue privacy program - see here. Located in %ProgramFiles%\SecureExpertCleaner | No |
| N | Reminder-cpqXXXXX | remind32.exe | Compaq printer Registration | No |
| N | Reminder-hpcXXXXX | remind32.exe | HP CD-Writer Registration | No |
| N | Reminder-ranXXXXX | remind32.exe | Registration reminder widget for Rand Mcnally maps | No |
| N | reminder-ScanSoft Product Registration | remind32.exe | Registration reminder for ScanSoft products such as PaperPort | No |
| U | RemindMe | RemindMe.exe | Remind-Me - calendar software | No |
| N | Remind_XP | Remind_XP.exe | HP-specific program that reminds users to create System Recovery CDs. Once they use the Recovery CD Creator (Start -> PC Help & Tools -> Recovery CD Creator) to make the recovery CDs the entry will remove itself from the startup list | No |
| X | Remndr | CsRemnd.exe | CasinoOnline foistware | No |
| U | Remote | Remote.exe | Remote Control driver for LifeView internal and external TV products | No |
| U | Remote Access | rnaapp.exe | Dial-up networking application - not normally found in the startup locations. It runs when you connect to the net via this method (ie, analogue 56K modem) and terminates after the connection is closed | No |
| X | Remote Access Adapter | rvasvc.exe | Detected by PCTools as the IRCBOT.BIF TROJAN! See here | No |
| X | Remote Access Domain | rswsvc.exe | Added by the IRCBOT.BFA TROJAN! | No |
| X | Remote Access Monitor | rpgsvc.exe | Added by a variant of the IRCBOT TROJAN! See here | No |
| X | Remote Access Service Manager | rasmngr.exe | Added by the AGOBOT.KU WORM! | No |
| X | Remote Access Slave | Synchost.exe | Added by the RIPJAC TROJAN! | No |
| X | Remote Access Tool | rwosvc.exe | Added by a variant of the IRCBOT TROJAN! See here | No |
| N | Remote Control | Rc.exe | Hinet Hi-Five ISP software | No |
| N | Remote Controller | TVRMVCR.EXE | ProLink PlayTVpro TV tuner software | No |
| U | Remote Data Backups | CBSysTray.exe | System Tray access to Remote Data Backups online system/data backup utility | No |
| U | Remote Data Backups | COBackup.exe | Remote Data Backups online system/data backup utility | No |
| U | Remote Data Backups TaskBar Icon | CBSysTray.exe | System Tray access to Remote Data Backups online system/data backup utility | No |
| U | Remote Desktop Computing | marspc.exe | Marspc Remote Desktop Computing | No |
| X | Remote Desktop Help Session Manager | WinRDH.exe | Added by a variant of the SDBOT WORM! | No |
| X | Remote Event System | resmsvc.exe | Added by the IRCBOT.YF BACKDOOR! | No |
| U | Remote Management Agent | zenrc32.exe | Part of Novell's ZENworks - "Complete End-to-End Directory-enabled Network Management". Installed on a managed workstation fo an administrator to remotely manage the workstation. Required if the PC is a managed workstation | No |
| U | remote master | remote master.exe | Required if you want your ASUS Remote control to work at all. Available via Start -> Programs | No |
| X | Remote Procedure Call | winrpc.exe | Added by the RBOT-KM WORM! | No |
| X | Remote Procedure Call | winsysrpc.exe | Added by the SDBOT-PS WORM! | No |
| X | Remote Procedure Call For Windows 32bit | rpc.exe | Added by the RBOT-MD WORM! | No |
| X | Remote Procedure Call Locator | RUNDLL32.EXE reg678.dll ondll_reg | Added by the LOVGATE.F WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| X | Remote Procedure Calls | mswinrpc.exe | Added by the RBOT.KJ WORM! | No |
| X | Remote Procedure Calls | mswinc.exe | Added by the RBOT-IT WORM! | No |
| X | Remote Procedure Calls | win.exe | Added by the SDBOT-QI WORM! | No |
| X | Remote Services Manager | msrmsvc.exe | Added by a variant of the IRCBOT TROJAN! See here | No |
| X | Remote Storage Access | rmasvc.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Remote Terminal Task | rtsbsvc.exe | Added by the IRCBOT.AUZ BACKDOOR! | No |
| Y | Remote Update Monitor | imonitor.exe | Sophos Antivirus Remote Update utility - provides an easy way for remote workers to keep up to date with their virus protection via a website or network connection provided by their employer | No |
| Y | RemoteAgent | RAUAgent.exe | Trend Micro's Office Scan Client, see here - "Its Web-based management console gives administrators transparent access to desktop and mobile clients to coordinate automatic deployment of security policies and software updates" | No |
| U | RemoteCenter | RcMan.exe | Remote control for Creative MediaSource - plays back music in DVD-Audio, MP3, WMA, WAV and other media formats | No |
| U | RemoteControl | rmctrl.exe | Remote Control background application for Cyberlink's PowerDVD version 4 and above. Enables you to use a remote control with your DVD drive if your drive came with one. Not required if you don't have a remote control, or don't wish to use one | No |
| U | RemoteControl | PDVDServ.exe | Remote Control background application for Cyberlink's PowerDVD version 5 and above. Enables you to use a remote control with your DVD drive if your drive came with one. Not required if you don't have a remote control, or don't wish to use one | No |
| U | RemoteControl8 | PDVD8Serv.exe | Remote Control background application for Cyberlink's PowerDVD version 8. Enables you to use a remote control with your DVD drive if your drive came with one. Not required if you don't have a remote control, or don't wish to use one | No |
| N | Remote_Agent | RemoteAgent.exe | Cyberlink's Power VCR II 3.0 is a TV tuner recording utility. If you want to schedule recordings you'll need this, otherwise can be disabled. Available via Start -> Programs | No |
| X | Remove 54tr10 | smss.exe | Added by the BRONTOK-CH WORM! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in Documents and Settings\<User>\Local Settings\Application Data | No |
| X | REMOVE ME | windos.exe | Added by the SDBOT.EE WORM! | No |
| N | Removecpl | Removecpl.exe | Related to a Belkin 54Mbps Wireless Utility Control Panel applet | No |
| X | Removed.exe | Removed.exe | GatorCheat - adware downloader | No |
| U | RemoveIT Pro XT | removeit.exe | RemoveIT Pro from InCode Solutions - spyware, virus and malware removal tool | No |
| ? | RemStart | remstart.exe | Part of McAfee's Remote Desktop 32 Agent application. What does it do and is it required? | No |
| X | renascimento | svchost.exe | Detected by Kaspersky as the BANKER.GAX TROJAN! See here. Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the "Help" sub-folder of the Winnt or Windows folder | No |
| ? | RenolB | ib.exe | ?? | No |
| X | repl | repl.exe | Added by the YABE.CD TROJAN! | No |
| U | Replay Center | ReplayRadio.exe | Replay Radio - "makes it easy to automatically record your favorite radio shows, so you can listen wherever and whenever you like" | No |
| U | Replicator | PTReplicator.exe | Replicator from Karen's powertools. "Automatically backup files, directories, even entire drives!" | No |
| U | RepliGo Assistant | RepliGoMon.exe | Cerience RepliGo software - "any document you have on your PC can be transferred to your mobile device" | No |
| U | ReproPRD | PrdUsb.exe | Thrustmaster Corporation Presets application - a game controller driver, presumably necessary for certain functions to work | No |
| X | requester | requester.*.exe | Added by a variant of the MUQUEST.A trojan - NOTE: the * stands for a digit, examples: requester.5.exe, requester.10.exe | No |
| X | Requester | requester.11.exe | Added by the MUQUEST TROJAN! | No |
| X | Required Service Drivers | micront.exe | Added by the RBOT-ABD WORM! | No |
| X | resagnt | restun.exe | Detected by Panda as the DOWNLOADER.ALQ TROJAN! Adware downloader | No |
| U | ResChanger2004 | ResChanger2004.exe | EVGA graphic card utility providing easy access to display settings | No |
| X | reseurce | [path to trojan] | Added by the LINEAGE-AI TROJAN! | No |
| X | reseurce | svchost.exe | Added by the LINEAGE-FV TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder | No |
| U | Resolution Assistant | matcli.exe | Dell Resolution Assistant. "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, state, etc and gets written to a log file". Resolution Assistant is required to run with the Help and Support program. If you uncheck Resolution Assistant and and then run Help and Support it will add another Resolution Assistant in the startup menu. If you remove the Resolution Assistant in the add/remove program some help menus in help and support will not be available. You decide | No |
| N | Resource Meter | rsrcmtr.exe | Windows Resource Meter. Available via Start -> Programs. You may want this enabled if your PC is suffering from crashes and want to know potential causes | No |
| ? | Restart Watch | Watch.exe | Associated with an Eicon Networks Diva ISDN or ADSL modem. What does it do and is it required? | No |
| U | Restart WSC Setting | wscrestp.exe | WinStart Commander - part of Ultra WinCleaner Utility Suite. Starts Windows faster and controls hidden programs to boost performance and prevent system slow downs and crashes | No |
| ? | Restart_VS | Viewsonic.exe | Could be a left-over from the installation of a Viewsonic flat panel display | No |
| X | Restore Operation | svchots.exe | Added by a variant of the RBOT WORM! | No |
| U | RestoreDesktop | RestoreDesktop.exe | Softwarium Restore Desktop "is a Windows Context Menu addition that automatically saves and restores the icons' positions on the Windows desktop after a resolution change" | No |
| Y | RestoreIT! | VBPTASK.EXE | RestoreIT! from FarStone - "automatically backs up all files on your computer to a protected partition on your hard drive" | No |
| X | restory | restory.exe | Added by the RETSAM TROJAN! | No |
| U | Resume Copy | copyfstq.exe | Part of Total Copy - an improved version of the Windows copy function. Allows for resumption file copies or moves in progress when computer was shut down. Not required if your not using the program or don't care about that function | No |
| U | ResumeFixClocks | resumefix.exe | Part of the RadeonTweaker utility for overclocking ATI Radeon graphics cards | No |
| X | reszrv | [8 random letters].exe | Added by a variant of the SDBOT WORM! See here | No |
| X | retime | retime.exe | Added by the GIPMA TROJAN! | No |
| U | RetrieverScheduler | retrieverscheduler.exe | 80-20 Retriever from 80-20 - "80-20 Retriever is a powerful personal search tool that encompasses email folders, archived email, and local or network file systems, giving users one point of fast, accurate search for all personal information". Real-time scheduler - shortcut available | No |
| U | RetroExpress | RetroExpress.exe | EMC (was Dantz) Retrospect Express - backup software for external hardware storage devices | No |
| U | RevoTaskbarApp | RevoTask.exe | Control Application for M-Audio Revolution 7.1 sound card. The sound card will function without it - but changes to speaker setup and sound modification (Bass/Treble etc) will not be available | No |
| N | RexSyMon | rexsymon.exe | Intellisync for REX sychronization software for Xircom REX MicroPDAs for sharing information between the PDA and PC | No |
| X | RF | EC.exe | Added by the LINEAGE-U TROJAN! | No |
| U | rfagent | rfagent.exe | Registry First Aid - scans the Windows registry for orphan file/folder references, finds these files or folders on your drives that may have been moved from their initial locations, and then corrects your registry entries to match the located files or folders | No |
| X | rforce | EXP1ORER.EXE | Added by the DROPPER.KN TROJAN! Note the number "1" in the filename rather than letter "L". It also drops another file named DEVICEMAP.SYS which is the ROOTKIT.O TROJAN! | No |
| N | RFTray | RFTRay.exe | Reality Fusion GameCam Video Interaction Technology Software that comes with the Logitech QuickCam PC video camera and other USB cameras. It's only an icon that appears on your System Tray. Available via Start -> Programs | No |
| Y | rfw | Rfw.exe | RAV AntiVirus | No |
| Y | RfwMain | rfwmain.exe | Rising antivirus | No |
| ? | rfwydg | rfwydg.exe | ?? | No |
| N | RFX_auto_upgrade | rundll32.exe npvpg005.dll | A browser plugin called the RichFX player. Here is a link to download RichFX's solution to removing the auto upgrade | No |
| X | Rg2catbd | Rg2catbd.exe | Added by a variant of the BANLOAD family of TROJANS! | No |
| U | RH | rh32.exe | EuroFonts - adds Euro symbols to pre-Euro computers | No |
| X | Rhino | [random name]32.exe | Added by the BOFRA.A WORM! | No |
| U | RhinoBlocker | RhinoBlocker.exe | RhinoBlocker - pop-up stopper | No |
| N | RHPTray | RHPTray.exe | System tray access to Red Hot Pawn - online chess | No |
| N | RHSI SHS | SHS.exe | Rogers Hi-Speed Internet software. "Should you ever lose access to your Rogers Hi-Speed Internet connection or e-mail, the Self-Healing Software (SHS.exe) will automatically repair your settings to get you up and running in a flash" | No |
| X | RichMedia | HBHelper.dll | HenBang adware | No |
| X | RichMedia | rundll32.exe [path] hbcast.dll, WaitWindows | Henbang adware variant. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| X | richup | richup.exe | SafeSurfing adware | No |
| U | RightFAX Print-to-Fax Driver | FaxCtrl.exe | Part of RightFAX from Captaris - "the proven market leader in fax server and document delivery software" | No |
| U | Ring Central Fax | rcenterrll.exe | Only needed if you want a PC to answer faxes automatically | No |
| X | rIOphosIs | rIOPHosIs.vBS | Added by the RIOSYS MACRO! | No |
| N | Riorad Manager | riomgr.exe | "Riorad Explorer is hands-down the most advanced Windows software companion for your Rio MP3 player" | No |
| ? | RIS2PostReboot | LaunchRIS2.exe | Part of the programming software for LEGO® Mindstorms robotic building system. What does it do and is it required? | No |
| U | RivaTuner | RivaTuner.exe | RivaTuner for tweaking nVidia graphics cards. Required if you make any changes | No |
| U | RivaTunerStartupDaemon | RivaTuner.exe | RivaTuner for tweaking nVidia graphics cards. Required if you make any changes | No |
| ? | RjLyraInstaller | setup.exe | ?? | No |
| U | RK Launcher | RKLauncher.exe | RK Launcher by RaduKing - "is a free application that will allow the user to have a visually pleasing bar at the side of the screen that is used to quickly launch shortcuts" | No |
| X | rmalt | [random filename] | Added by the CLICKER-CS TROJAN! Filenames spotted inlcude Setup.exe, Keygen.exe, Keygen-Serial.exe, Photoshop.CS2.KeyGen.exe and more | No |
| U | rmctrl | rmctrl.exe | Remote Control background application for Cyberlink's PowerDVD version 4 and above. Enables you to use a remote control with your DVD drive if your drive came with one. Not required if you don't have a remote control, or don't wish to use one | No |
| X | rmdrfje.dll | rundll32.exe rmdrfje.dll,[random characters] | Added by the DLOADR-ANM TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "rmdrfje.dll" file is located in %Windir% | No |
| N | rmmon | mprmmon.exe | Resource Monitor for the now defunct Chromatic Research MPact2 3DVD graphics card | No |
| U | rmoc3260.dll OCX | regsvr32.exe rmoc3260.dll | A module that contains COM components for media playback used by both RealPlayer and Windows Media Player - see here. The "rmoc3260.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| ? | RMremote | RmRemote.exe | Remote control driver for REALmagic Xcard. Is it required? | No |
| X | rn4d | dirote.exe | Added by the MAROON.A TROJAN! | No |
| U | Rnaomflt | naomf.exe | Naomi internet filtering software | No |
| X | RNBc Test | wf32vbs.exe | Added by the RBOT-AGR WORM! | No |
| X | RNBc Test | bvldv32.exe | Added by the RBOT-AJF WORM! | No |
| U | RNBOStart | sentstrt.exe | Program used to initialise the VxD virtual driver for Sentinel drivers associated with Rainbow H/W keys that plug-in to the parallel port. These are usually supplied with workplace design tools and restrict the use of the software only to the machine to which the H/W key is connected. Required if you have such tools | No |
| X | RNBz Test | wf32vbc.exe | Added by the RBOT-AEY WORM! | No |
| X | RNDc Test | wf32b.exe | Added by a variant of the SDBOT WORM! | No |
| ? | rndll2 | rndll2.exe | May be related to the DivX program as a *.dat file in the same directory had "DivXPro505Bundle.exe" mentioned within? | No |
| X | rngmf | [path to trojan] | Added by the RANKY.C TROJAN! | No |
| X | Rnudll32 | tadxtr.exe | Added by the QQPASS-O TROJAN! | No |
| ? | rnxqh | rnxqh.exe | ?? | No |
| X | Roam04 | ActiveX.exe | Added by the ROAMER-A TROJAN! | No |
| N | RoboForm | RoboTaskBarIcon.exe | Roboform - password manager and web form filler. Will work without this startup entry, as the "active" component is an integrated Internet Explorer browser plugin | No |
| N | RoboFormWatcher | RoboFormWatcher.exe | Roboform from Siber Systems. Automatically completes web forms. Available via Start -> Programs | No |
| U | Rocket.Time | RocketTime.exe | Rocket.Time - time synchronization software from Rocket Software | No |
| N | RocketDock | RocketDock.exe | "RocketDock is a smoothly animated, alpha blended application launcher. It provides a nice clean interface to drop shortcuts on for easy access and organization" | No |
| X | Roflcopteur | seman.exe | Added by an unidentified WORM or TROJAN! | No |
| N | RogueMonitor | RogueRemoverPRO.exe | Rogue Remover PRO - utility to detect and remove misleading security programs masqerading as virus scanners, spyware removers, etc that lure people into buying them with false positives | No |
| ? | roketpipe | rpclient.exe | ?? | No |
| U | Rollback | RollbackTray.exe | Added by the RollBack Rx system restore program | No |
| X | rollbk | dsm.exe | Added by the SERFLOG.B WORM! | No |
| X | rollbk | msmpatch.exe | Added by the SERFLOG.B WORM! | No |
| X | rollbk | svosm.exe | Added by the SERFLOG.B WORM! | No |
| X | rollbk | sysup.exe | Added by the SERFLOG.B WORM! | No |
| X | romahere | matrixhere.exe | SuperSpider hijacker - a CoolWebSearch parasite variant | No |
| X | romahere2 | ************.exe [* = random char] | SuperSpider hijacker - a CoolWebSearch parasite variant. Also detected as the KREPPER-AE TROJAN! | No |
| X | romahere3 | ************.exe [* = random char] | SuperSpider hijacker - a CoolWebSearch parasite variant. Also detected as the KREPPER-AE TROJAN! | No |
| X | Root_Machine | [path to trojan] | Added by the BANCBAN-DI TROJAN! | No |
| X | ROOT_Machine | winlogon.exe | Added by the BANKER-FI TROJAN! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup and is always located in the System32 folder. This worm file is placed in the Windowsinf or Winntinf folder | No |
| X | RosTika | RosTika.exe | Added by the BRONTOK-BU WORM! | No |
| ? | ROUTD | ROUTD.exe | ?? | No |
| X | Router | Router.exe | Detected by Kaspersky as the AGENT.FJN TROJAN! See here | No |
| N | RoxAssist | RoxAssist.exe | Roxio Assistant is designed to correct Engine Initialization errors. If Easy CD & DVD Creator's Engine does not initialize, the applications in Easy CD & DVD Creator will not recognize your recorder. After running this program you should receive the message "Engine initialized successfully with full recorder support". If you do not receive the message, update your Virus software and then check and clean your system for viruses. After the removal of any viruses, uninstall and then reinstall Easy CD & DVD Creator (use "Add Remove Programs" in "Control Panel"). Can be run manually | No |
| ? | Roxio Engine | MSMNGR32.EXE | Not believed to be a valid Roxio program - more likely a variant on the WOMANIZ.A TROJAN! | No |
| N | RoxioAudioCentral | RxMon.exe | Part of Roxio EasyCD Creator 6.0 - places the Roxio AudioCentral icon in you system tray. "Includes a player, media manager, ripper, tag and sound editor - integrated in a single application". Not required for Roxio to work properly. | No |
| N | RoxioDragToDisc | DrgToDsc.exe | Part of Roxio EasyCD Creator 6.0 - places the Roxio Drag-to-Disc icon in you system tray. "Easily drag and drop files for burning to CD or DVD. Disc formatting and burning will happen automatically". Not required for Roxio to work properly | No |
| Y | RoxioEngineUtility | EngUtil.exe | Part of Roxio EasyCD Creator 6.0 - corrects any modification made to the Roxio Engine, it exits after checking | No |
| N | RoxWatchTray | RoxWatchTray.exe | System Tray icon installed by Roxio Easy Media Creator 8 and which allows you to configure your watched folders or to turn the ?Watched Folders? feature of Roxio ON or OFF | No |
| U | RP32 | rp32.exe | Unicenter Remote Control (was Remotely Possible) from Enterprise International for remote control and access to Win9x/NT systems | No |
| X | RPC | MSschost.exe | Added by a variant of the AGOBOT/GAOBOT WORM! | No |
| X | RPC DCOM Vulnerability Patch | msgfix.exe | Added by the RBOT.S WORM! | No |
| X | RPC Drivers | rpcall.exe | Added by the SDBOT.FLY WORM! | No |
| X | RPC Patcher | [path to worm] | Added by the BOLGI WORM! | No |
| X | RPC Service | [random filename] | Added by the BDOOR-AAD BACKDOOR! | No |
| X | rpc Win32 | shost32.exe | Added by the RBOT-ABL WORM! | No |
| X | rpc Win32 | spoolscv.exe | Added by a variant of the RBOT WORM! | No |
| X | RPCall_WIN2K | Kurawas.exe | Added by the BHARAT.A WORM! | No |
| X | RPCall_[ComputerName] | smhost.exe | Added by the REDPLUT-B TROJAN! | No |
| X | rpcc | rpcc.exe | Added by the SPAMMIT-E TROJAN! | No |
| X | rpcda Win32 | rpcda.exe | Added by the RBOT-AEE WORM! | No |
| X | RPCser32g | services.exe | Added by the RITDOOR-C WORM! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Windows or Winnt folder | No |
| X | RPCser32g1 | services.exe | Added by the PREXOT.D TROJAN! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Windows or Winnt folder | No |
| X | RPCser32g3 | services.exe | Added by the PREXOT.D TROJAN! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Windows or Winnt folder | No |
| X | RPCser32g4 | services.exe | Added by the PREXOT.E TROJAN! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Windows or Winnt folder | No |
| X | RPCserr32g | winlogon.exe | Added by the RITDOOR-B WORM! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup and is always located in the System32 folder. This file is placed in the Windows or Winnt folder | No |
| X | RPCserv32 | services.exe | Added by the MYDOOM.AL WORM! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Windows or Winnt folder | No |
| X | RPCserv32g | services.exe | Added by the BOBAX.AA WORM! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Windows or Winnt folder | No |
| X | RPCserv32g | CSRSS.EXE | Added by the BOBAX.AD WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | RPCserv32g | MSDEFR.EXE | Added by the BOBAX.AD WORM! | No |
| X | RPCserv32g | NB32EXT2.EXE | Added by the BOBAX.AD WORM! | No |
| X | RPCserv32g | WINLOGON.EXE | Added by the BOBAX.AD WORM! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup and is always located in the System32 folder. This file is placed in the Windows or Winnt folder | No |
| Y | RPCSS.exe | rpcss.exe | Remote Procedure Call. Required by windows for programs to communicate with each other on networks/different machines. Originally for NT only but now installed with Win98/98se. Under Win98/98se, a program may need it to communicate with other components of itself. You could delete the program but if any abnormalities occur soon after then reinstall. Under NT, deleting this critical system component will disable the OS. For a more detailed explanation see here | No |
| X | RpcxWindows Extensions | rpcxwinex.exe | Added by the RBOT.ACP WORM! | No |
| X | Rr2 | rundll32.exe | Added by the LINEAG-ADI TROJAN! Note - this is not the legitimate rundll32.exe process, which is found in the Windows folder (98ME) or the System32 folder(NT2000XP). This file is located in an "addins" sub-folder | No |
| X | RRMedic | rrmedic.exe | Troubleshooting utility for the RoadRunner cable internet service. Not required and you are advised to completely uninstall it. Provides a lot of false alarms and gets a lot of people panicking about there internet connection | No |
| U | rscmpt | rscmpt.exe | Required on the GeFroce 64 meg MX card to show the full 64 meg memory and appears to be a software memory emulator running under the Win2K - see here. High CPU useage results - hence the U status | No |
| X | rsmb | rsmb.exe | Added by the WAREZOV.C WORM! | No |
| U | rsMenu | rsMenu.exe | Enterprise Harmony 99 for CASIO - synchronization software for use with Microsoft® Outlook 97/98/2000. Formally Randsoft Harmony '98 | No |
| X | RSPC Driver | [random filename].exe | Added by the RBOT-SN WORM! | No |
| X | RSPC Driver D | [random filename] | Added by a variant of the RBOT WORM! | No |
| ? | RSRCMTZ | RSRCMTZ.exe | ?? | No |
| X | rsrvmon.exe | rsrvmon.exe | Detected by Kaspersky as the AGENT.NY TROJAN! See here | No |
| X | RSS | rundll32 RSSToolbar.dll, DllRunMain | "Related Sites" toolbar - SearchAndClick hijacker variant | No |
| U | RssReader | RssReader.exe | RssReader - a free RSS reader able to display any RSS and Atom news feed (XML) | No |
| X | RsWin | lsass.exe | Added by the SILLY.BR WORM! Note - this is not the legitimate lsass.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "4350" sub-folder | No |
| X | RSync | netsync.exe | SafeSurfing adware | No |
| X | rtasks | rtasks.exe | Misleading security software such as AntiSpywareSuite, AntivirusPCSuite, SpyGuardPro, WinAntiVirus Pro 2006 - not recommended, see here | No |
| U | rtcdll | rtcdll.exe | RTCDLL is "Real Time Communication" and is associated with Windows Messenger (the IM application, not messenger service). It is only necessary if you use Windows Messenger. Most people use MSN Messenger instead, so it is not required in those cases | No |
| U | RTHDCPL | RTHDCPL.EXE | Realtek HD Audio Sound Effect Manager | No |
| U | RtHDVCpl | RtHDVCpl.exe | High definition audio codec driver from Realtek Semiconductor | No |
| X | rtkernsw | [random filename] | Added by a variant of the SLAPER TROJAN! | No |
| X | rtl.exe | rtl.exe | Added by the TIOTUA-J TROJAN! | No |
| N | RtlMon.exe | RtlMon.exe | Monitor for RealTek network card | No |
| Y | RTMonitor | RTMonitor.exe | Cheyenne (now eTrust) antivirus | No |
| X | rtos | rtos.exe | IRC trojan | No |
| ? | RTStartMute | N/A | ?? | No |
| Y | rtvscn95 | RTVSCN95.EXE | Real-time virus scanner component of Norton Anti-Virus Corporate Edition | No |
| U | RtWLan | RtWLan.exe | Configuration utility for the Netgear WG111 54 Mbps Wireless USB 2.0 Adapter that "provides wireless access to your desktop or notebook PC through the computer's USB port" | No |
| X | RubeL | RubeL.exe | Added by the RUBY-B TROJAN! | No |
| X | Ruby13 | Ruby13.exe | Added by the MEXER.E WORM! | No |
| X | Ruby14 | Ruby14.exe | Added by the FIGHTRUB-A WORM! | No |
| X | ruin | system32.exe | Added by the DELF-JM TROJAN! | No |
| U | RuLaunch | RuLaunch.exe | Instant Updater for McAfee's VirusScan, Internet Security, Quick Clean, Uninstaller and Firewall products. In the case of VirusScan leave it enabled unless you update manually on a regular basis | No |
| X | Run | real.exe | Added by the LOVGATE.E WORM! | No |
| X | run | Autoexec.com | Added by the HOLCAS.A WORM! | No |
| X | run | inetinfo.exe | Added by the BINGHE TROJAN! | No |
| X | Run | help.exe | Identified as the DELF.LF by Ewido Security Suite | No |
| X | run | rundll32.exe rsrc.dll | Chinese originated browser hijacker - redirecting to 4199.com Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| X | run | cchost.exe | Added by the SQUATBOT-C TROJAN! | No |
| X | run | e.exe | Added by the IMONI-E TROJAN! | No |
| X | run | mexica.exe | Added by the AUTORUN.AEV WORM! | No |
| X | Run | Manager.exe | Detected by Kaspersky as the DELF.EUN TROJAN! See here. The file is found in %AppData%\Adobe - see the link for more information | No |
| U | Run Google Web Accelerator | GoogleWebAccWarden.exe | Google Web Accelerator | No |
| X | Run Msn Messenger | msnmgr.exe | Added by the AGOBOT.HA WORM! | No |
| X | Run MSupdt32 | wscript MSupdt32.vbs | Added by the CASER WORM! | No |
| U | Run Nintendo Wi-Fi USB Connector Registration Tool | NintendoWFCReg.exe | Related to Wi-Fi USB Connector from Nintendo | No |
| U | Run POPFile in background | perl.exe | POPFile - E-mail spam blocker | No |
| U | Run POPFile in background | wperl.exe | POPFile - E-mail spam blocker | No |
| X | Run Services as Application | localsvc.exe | Added by the DLOADER-NY TROJAN! | No |
| X | Run Services as Application | netsvc.exe | Added by the DLOADER-NY TROJAN! | No |
| X | Run Services as Application | spoolsvc.exe | Added by the DLOADER-NY TROJAN! | No |
| X | Run Services as Application | svcadmin.exe | Added by the DLOADER-NY TROJAN! | No |
| X | Run Services as Application | svcman.exe | Added by the DLOADER-NY TROJAN! | No |
| X | Run Services as Application | svcrun.exe | Added by the DLOADER-NY TROJAN! | No |
| X | Run Services as Application | tcpsvc.exe | Added by the DLOADER-NY TROJAN! | No |
| X | Run Services as Application | websvc.exe | Added by the DLOADER-NY TROJAN! | No |
| U | Run StartupMonitor | StartupMonitor.exe | Mike Lin's StartupMonitor, throws up an alert and asks your permission every time any change is made to your start-up configuration, either in the registry or start menu | No |
| X | run windows | servic.bat | Added by the REBOOT-AP TROJAN! | No |
| X | Run05 | rundll_32.exe | Added by the BANCOS-DT TROJAN! | No |
| X | run32 | run32dll.exe | Added by the SDBOT-CWB WORM! | No |
| X | run32dll | WINClock.exe | Added by an unidentified VIRUS, WORM or TROJAN! | No |
| X | run32dll | task32.exe | Added by an unidentified VIRUS, WORM or TROJAN! | No |
| X | Run32dll | ocxdll.exe | Added by an unidentified VIRUS, WORM or TROJAN! | No |
| N | run= | cmmpu.exe | MIDI emulator driver for the integrated sound chip by C-Media based on the CMI-8330 chip set normally found in cheap motherboards. Also installed as part of the software for a Guillemot Maxi Muse sound card (PCI) | No |
| N | run= | hpfsched | HPFSCHED is a small TSR that will remind you to clean the cartridges in your DeskJet from time to time in order to keep print quality high. It can be removed from the run line in win.ini if you do not want that feature | No |
| N | run= | lxdboxcp.exe | Lexmark DOS-Printing Control Program for the Lexmark 2050. Only required if you need to print from DOS | No |
| N | run= | pcfix2k.exe | pcfix2k splash screen | No |
| X | run= | ptlseq.cpl | PhoenixNet BIOS adware. See here | No |
| U | run= | ramsys.exe | Advanced Startup Manager from Rays Lab | No |
| ? | run= | wallflip.exe | Desktop wallpaper changer? | No |
| X | run= | svcinit.exe | CoolWebSearch parasite variant | No |
| X | run= | fntldr.exe | CoolWebSearch Tapicfg parasite variant | No |
| Y | run= | smsrun16.exe | Microsoft Systems Management Server (SMS) related - program that reads SMSRUN16.INI on clients running Win 3.1, Windows for Workgroups, Win95, or OS/2 to create program groups on the client and then launch SMS client programs | No |
| ? | run= | win.ini | ?? | No |
| X | run= | RAVMOND.exe | Added by the LOVGATE-F WORM! | No |
| X | run= | dec25.exe | Added by the ATAK.F WORM! | No |
| ? | run= | LXBTppls.exe | Reportedly part of Lexmark printer software - what does it do and is it required? | No |
| N | run= | fmedia.exe | FMedia FaxWorks related - can be run manually | No |
| Y | run= | wswpd.exe | Used with some models of Panasonic, Epson and NEC printers - required for printer to work | No |
| X | run= | cyxid98.exe | Unidentified malware | No |
| X | run= | info32.exe | CoolWebSearch Tapicfg parasite variant | No |
| X | run= | mouse_configurator.win | Added by the GAGGLE.E WORM! | No |
| X | run= | RegistryReminder.exe | Added by the APSTROJAN.OB TROJAN! | No |
| X | run= | sec5dec.exe | Added by the ATAK.G WORM! | No |
| X | run= | wmplayer.exe | CoolWebSearch Smartsearch parasite variant | No |
| X | run= | Autoexec.com | Added by the HOLCAS.A WORM! | No |
| X | run= | htmlsync.exe | Searchforfree.info browser hijacker | No |
| X | run= | msoffice.exe | Added by the ADWARELOADER TROJAN! Note - do not confuse with the legitimate Microsoft Office file, which would typically be located in the Program FilesMicrosoft OfficeOffice folder! | No |
| X | run= | DRDOOM.EXE | Added by the SEMAPI-A WORM! | No |
| X | run= | svhost.exe | Added by the ADMINCASH.B TROJAN! | No |
| X | run= | dllreg.exe | Added by the DUMARU-L TROJAN! | No |
| X | run= | Celine.scr | Added by the CELINE-A TROJAN! | No |
| X | run= | services.exe | Added by the KREPPER-N TROJAN! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "inet10066" subfolder of the Windows or Winnt folder | No |
| U | RunAlert | AService.exe | PC Alert III - MSI motherboard monitoring software. Only required if you "overclock" your system. Appears as a service in XP/Vista and under the "RunServices" registry key in Win98/2K | No |
| N | runAP | runAP.exe | Not required but what is it? | No |
| X | runapp | icqchk.exe | Added by the BOMKA TROJAN! | No |
| X | Runapp32 | Runapp32.exe | Added by the NEODURK TROJAN! | No |
| Y | RunCA | InvokeSvc3.exe | Wireless-G USB Wireless Network Adapter related - would appear to be required | No |
| X | Rund11 | Rund11.EXE | Added by the MARIO-C WORM! | No |
| X | rund1132 | rund1132.exe | Added by the DOPBOT-A WORM! | No |
| X | Rund1132.exe | Rund1132.exe | Added by the STARTPA-HS TROJAN! | No |
| X | Rund1l32 | Winfi1e32.exe | Added by the MERTIAN WORM! | No |
| X | runddlfile | runddl.exe | Added by the DELF.D TROJAN! | No |
| X | Rundil32 | runlli32.exe | Added by the QQPASS-U TROJAN! | No |
| X | Rundil32 | Updadv.exe | Added by the QQPASS-N TROJAN! | No |
| X | rundl332 | math.exe ...pluged.exe | Added by the DOOMJUICE WORM! | No |
| X | rundli32 | rundli32.exe | Added by the LADE WORM! | No |
| X | RunDLL | rundll32.exe [path] Bridge.dll,Load | Flingstone.com browser hijacker. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| X | Rundll | Rundll~.exe | Added by the DELF-KT TROJAN! | No |
| X | Rundll | rundll32.exe [random filename].dll | Added by the MYTOB.IG WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The random DLL file is found in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| X | RunDll | RunDll.exe | Added by the QQPASS-AH TROJAN! Note - this is NOT the Windows system file of the same name as described here | No |
| X | RunDll | [path to trojan] | Added by the DROPPER.EAT TROJAN! | No |
| X | RunDLL Kernel File Core | rundll.exe | Added by a variant of the SLAPER TROJAN! | No |
| X | rundll*** | die.exe [path] mdll.exe | Added by the SUMTAX TROJAN! where *** is 134, 569, 777 or 946 | No |
| X | rundll*** | die.exe [path] secure.bat | Added by the SUMTAX TROJAN! where *** is 134, 569, 777 or 946 | No |
| X | rundll*** | die.exe [path] secure.exe | Added by the SUMTAX TROJAN! where *** is 134, 569, 777 or 946 | No |
| X | rundll*** | die.exe [path] ttg.exe | Added by the SUMTAX TROJAN! where *** is 134, 569, 777 or 946 | No |
| X | Rundll16 | Rundll16.exe | Added by a number of VIRUSES, WORMS and TROJANS! | No |
| X | Rundll32 | Rundll32.exe | Added by the DVLDR TROJAN! Note - this is not the valid "Rundll32.exe" as it's in the WindowsFonts directory | No |
| N | RUNDLL32 | RUNDLL32.EXE NvQtwk, NvCplDaemon | System Tray icon used to change display settings, change the clock rate and memory speed for nVidia based graphics cards. This is unnecessary since you can easily configure these settings the way you want them in the Display Properties and not have to mess with them again. Also disable the "NVIDIA Driver Helper Service" if enabled as it can cause this entry to be re-enabled on re-boot (note that this service can also cause extreme shutdown delays if enabled - see here) | No |
| N | RunDLL32 | RunDLL32.exe NvMCTray.dll, NvTaskbarInit | System Tray icon used to manage settings for nVidia based graphics cards. May be required for some 3D applications to recognize your card correctly - such as the game "Everquest". Otherwise, settings can be changed manually via Display Properties | No |
| X | RunDLL32 | winupdate.exe | Added by an unidentified TROJAN! - possibly a BMBOT variant | No |
| X | Rundll32 | Windows.exe | Added by the QQPASS.E TROJAN! | No |
| U | Rundll32 | Rundll32.exe ptipbm.dll, SetWriteBack | Installed with the miniport drivers for Promise hard drive controllers in both RAID and non-RAID installations. Tells the drivers that the connected Drives should use the "Write Back" Caching. You can disable this if you don't want to use "Write Back" Caching or if you have not connected any driver to your Promise Controller | No |
| X | rundll32 | [path to worm] | Added by the AUTEX WORM! | No |
| ? | rundll32 | rundll32.exe ptipbmf.dll, SetWriteCacheMode | Installed with the miniport drivers for Promise hard drive controllers in both RAID and non-RAID installations. May be necessary in order to maintain preferences applied to the RAID array connected to the Promise controller | No |
| X | rundll32 | rundll32.exe | Added by the SANKER WORM! Note - this is not the legitimate rundll32.exe process, which is found in the Windows folder (98ME) or the System32 folder(NT2000XP). This one is is located in the Winnt or Windows folder | No |
| X | rundll32 | csrss.exe | Added by the GUTTA TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| U | rundll32 | RunDLL32.exe irprops.cpl, BluetoothAuthenticationAgent | Associated with BlueTooth software, and registers the "Infrared Port properties" Control Panel applet. Should you get the error message, "Rundll irprops.cpl missing entry Bluetooth authentication agent", click here here for more information. In case you no longer have BlueTooth support installed, and don't need it, simply uncheck the entry in Msconfig > Startup | No |
| X | RUNDLL32 | rundl32.exe | Added by the DEMOTRY-A WORM! | No |
| X | rundll32 | rundll32.exe | Added by the AGENT-EZ TROJAN! Note - the real rundll32.exe resides in the System (9x/Me) or System32 (NT/2K/XP) folder whereas this file is found in a "SHELLEXT" subfolder | No |
| X | Rundll32 | RUNDDLL32.EXE | Added by the STARTPAGE.AXH TROJAN! | No |
| X | rundll32 | kernel32.exe | Added by the STAP-C WORM! | No |
| X | rundll32 | kernel33.exe | Added by the STAP-D WORM! | No |
| X | rundll32 | MSDTC.exe | Added by the STAP-E WORM! | No |
| X | rundll32 | rookie.vbs | Added by the ROOKIE-A TROJAN! | No |
| X | rundll32 | rundll64.exe | Added by the DELF.BKC TROJAN! | No |
| N | Rundll32 cmicnfg | Rundll32 cmicnfg.cpl, CMICtrlWnd | System tray control panel for C-Media based soundcards - often included on popular motherboards with in-built audio. Available via Start -> Settings -> Control Panel | No |
| Y | RunDll32 essprops | RunDll32 essprops.cpl, TaskbarIconWnd | Associated with a Logitech mouse - required for proper operation | No |
| U | Rundll32 P17 | Rundll32 P17.dll, P17Helper | ASIO (Audio Stream In/Out) drivers for the SoundBlaster Audigy 2 series soundcards - for recording and home project studios. Required if you use this functionality | No |
| X | Rundll32.exe | Proyecto1.exe | Added by the GRUEL WORM! | No |
| X | Rundll32.exe | Root.exe | Added by the GRUEL WORM! | No |
| X | Rundll32_7 | rundll32.exe MSIEFR40.DLL, DllRunServer | BrowserAid/BrowserPal foistware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| X | Rundll32_8 | rundll32.exe inetp60.dll, DllRunServer | BrowserAid/BrowserPal foistware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| X | Rundll32_8 | rundll32.exe 1.dll, DllRunServer | BrowserAid/BrowserPal foistware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| X | rundll64 | [path to worm] | Added by the AUTEX WORM! | No |
| X | RundllSvr | Rundll.exe | Added by the HUAYU WORM! Note - this is NOT the Windows system file of the same name as described here | No |
| X | Rundllsystem32 | Rundllsystem32.exe | Added by the NETDEVIL.B TROJAN! | No |
| X | Rundnm | Rundnm.exe | Added by the DELF-HA TROJAN! | No |
| X | RUNGogoTools | LaunchAdware.exe | GoGoTools adware | No |
| X | RUNGogoTools | GoGoLaunch.exe | GoGoTools adware | No |
| X | RUNHYPER | hyperx.exe | PurityScan/Clickspring adware | No |
| X | runing | win.exe | Added by the DELF-LC TROJAN! | No |
| X | RUNLOAD | l0ad.exe | PurityScan/Clickspring adware | No |
| X | RUNLOUD | loud.exe | PurityScan/Clickspring adware | No |
| U | Runmarc8mManager | marc8m95.exe | MARC Sound System Manager for the Marc 8 MIDI sound card - allows for easy adjustment of the settings | No |
| U | RunNarrator | Narrator.exe | Associated with the Narrator accessibility feature on Windows XP. It is used to convert text to speech | No |
| X | Runner | lsass.exe [trojan filename] | Added by the DROWSY-B TROJAN! Note - this is not the legitimate lsass.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located the Winnt or Windows folder | No |
| X | Runner | csrss.exe | Added by the ADCLICK-AG TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | Runner | lsass.exe | Added by the ADCLICK-AG TROJAN! Note - this is not the legitimate lsass.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder | No |
| X | Runner | svchost.exe | Added by the ADCLICK-AG TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder | No |
| X | runner1 | updater.exe | Added by the CRYPT.ULPM.GEN TROJAN! | No |
| X | runner1 | retadpu.exe | Added by the AGENT.SLZ TROJAN! | No |
| X | runner1 | mrofinu.exe | Added by the AGENT.CZC TROJAN! | No |
| X | runner1 | retadpu[random digits].exe | Added by the SMALL.CTV TROJAN! | No |
| X | runner1 | tsitra.exe | Added by the AGENT.ABFQ TROJAN! | No |
| U | RunOnce | RUNONCE.EXE | Part of MS Data Access Components - only required if you use these | No |
| X | Runonce | runouce.exe | Added by the CHIR-B WORM! | No |
| X | RunOnceEx | sms.exe | Identified as the DELF.LF by Ewido Security Suite | No |
| X | RunProg | Server.exe | Added by the OPTIX.04.A TROJAN! | No |
| X | RunProg | wini.exe | Added by the OPTIX.04.D TROJAN! | No |
| X | runreper | viewer.exe | Added by the REPER.A VIRUS! | No |
| X | runs | run.exe | Added by the RBOT-BWF WORM! | No |
| X | RunSearvices | tread.exe | Identified as the DELF.LF by Ewido Security Suite | No |
| X | RunServices | runsvc32.exe | Added by the AGOBOT.QJ WORM! | No |
| X | runservices | services.exe | Identified as a variant of the SMALL.QO TROJAN! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | runsql | runsql.exe | Detected by PCTools as the DELF.ZWK TROJAN! See here | No |
| X | runSubvalues | [path to file] | Added by the DLOADER-QY TROJAN! | No |
| X | runsvc | runsvc.exe | Added by the SMALL-CF TROJAN! | No |
| U | RunSysd32 | RunSysd32.exe | DesktopShield2000 by St?phane Groleau. Locks the desktop at bootup so that users cannot bypass the Windows screensaver password. Only essential if using the program and is an optional setting. It can be disabled from within | No |
| X | Runtime Process | Csrss.exe | Added by the CIADOOR-J BACKDOOR! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | Runtime Server Subsystem | csrss.exe | Added by the IRCBOT-XV WORM! | No |
| X | runtime.exe | runtime.exe | Added by a variant of the Tibs malware | No |
| X | Runtt1 | Internat.exe | Added by the LINEAGE-R TROJAN! | No |
| X | Runtt1 | Internet.exe | Added by the LINEAGE-Q TROJAN! | No |
| X | RunWin | [path to file] | Added by the BANKER-ES TROJAN! | No |
| X | runwin32 | runwin32.exe | Added by the ESEARCH-A TROJAN! | No |
| X | RUNWIN32 | runwin32.exe | Added by the VB-AET TROJAN! | No |
| X | RunWindowsUpdate | uptodate.exe | BrowserAid/BrowserPal foistware | No |
| X | runwinlogon | winlogon.exe | Added by the AGENT.TQY TROJAN! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup! | No |
| X | Run[0] | syscnfg.exe | Added by an unidentified VIRUS, WORM or TROJAN! "syscnfg.exe" is found in C:windowsfonts (or C:winntfonts) directory where no *.exe files should reside | No |
| X | Run_cd | Run_cd.exe | Added by the GHOST.23 TROJAN! | No |
| Y | run_pbnext | PBNext.exe | PBNext is virtual phone system which offers the same functionality as expensive PBX hardware | No |
| U | Rupsw32 | Rupsw32.exe | MegaTec Rups, UPS monitoring software - monitor and control DB9 UPS running on either Windows & Novell NetWare (with RUPS 2000) or Unix (with RUPS for Unix / Plus) operating systems | No |
| ? | RUSBHOLoader | rundll32.exe RUSBHOLoader.dll, AutoRegister | ?? | No |
| X | RVC6Player | tskdbg.exe | Added by the ZAPCHAS-M TROJAN! | No |
| X | rvde | N/A | Related to li-speed**** | No |
| X | RVP | bpc.exe | BroadcastPC adware | No |
| X | rw service | alg32.exe | LOOPAD.A adware | No |
| X | rx | rundll32.exe | Added by the LINEAGE-BP TROJAN! Note - this is not the legitimate rundll32.exe process, which is found in the Windows folder (98ME) or the System32 folder(NT2000XP). This file is found in the Windows or Winnt folder | No |
| X | rx | explore.exe | Added by the ZHENGTU-A TROJAN! | No |
| N | RxMon | rxmon9x.exe | Part of Dell Resolution Assistant - "a diagnostic program that allows you to contact Dell. When factory-installed by Dell, it allowed you to perform hardware and software diagnostics that provided alerts to potential problems and enabled real-time communication with Dell RA techs. You can now use RA only to contact Dell by e-mail" | No |
| N | RxUser | RxUser.exe | Part of Dell Resolution Assistant - "a diagnostic program that allows you to contact Dell. When factory-installed by Dell, it allowed you to perform hardware and software diagnostics that provided alerts to potential problems and enabled real-time communication with Dell RA techs. You can now use RA only to contact Dell by e-mail" | No |
| X | ryan1918 | servidevice.exe | Added by the RBOT-GVR WORM! | No |
| X | rydanmxe.exe | rydanmxe.exe | Added by the DLOADR-AZZ TROJAN! | No |
| X | ryy | rundl132.exe | Added by the PWS-ANA TROJAN! | No |
| X | rzt | rundll32.exe | Added by the LINEAGE.BDP TROJAN! Note - this is not the legitimate rundll32.exe process, which is found in the Windows folder (98ME) or the System32 folder(NT2000XP). This file is found in an "Intel" sub-folder of the Windows or Winnt folder | No |
| Y | R_server | r_server.exe | Radmin - remote admistrator server. Note - the file is located in %ProgramFiles%\Radmin | No |
| X | r_server | service.exe | Added by the MULTIDR-CP TROJAN! | No |
| X | r_server | r_server.exe | Added by the HACDEF-DR TROJAN! Note - do not confuse with the valid Radmin file with the same name which is located in %ProgramFiles%\Radmin. This one is located in %System% | No |
| X | S | svhost.exe | Added by the AGOBOT-LN WORM! | No |
| X | S0undMan | svch0st.exe | Added by the LOVGATE.AB WORM! Note - the filename has the digit 0 rather then the uppercase "o" | No |
| ? | S24EvMon | S24EvMon.exe | Event Monitor - supports driver extensions to NIC Driver for wireless adapters. Is it required? | No |
| X | S3 Internal Chip | s3serv.exe | Added by the AGOBOT-DD WORM! | No |
| N | S3apphk | S3apphk.exe | A tool installed alongside the drivers for your S3 video output device. It is not necessary but should be allowed to run unless it is causing problems | No |
| U | S3Hotkey | s3hotkey.exe | Hotkey system tray icon to enable switching between monitors. Found on laptops with an S3 Twister integrated graphics card | No |
| ? | S3Mon | S3Mon.exe | S3DuoVue multi-monitor taskbar helper by S3 Graphics. What does it do and is it required? | No |
| U | S3TRAY | S3Tray.exe | S3 display configuration taskbar utility for S3 chipset based graphics cards. Can be run from Start-> Settings -> Control Panel -> Display | No |
| ? | s3tray2 | s3tray2.exe | S3 display configuration taskbar utility for S3 chipset based graphics cards? | No |
| ? | S3TRAYHP | S3trayhp.exe | S3 Video driver related. What does it do and is it required? | No |
| U | S3Trayp | S3trayp.exe | S3 display configuration taskbar utility for S3 chipset based graphics cards. Can be run from Start-> Settings -> Control Panel -> Display | No |
| U | S4F | S4F.exe | FilterPak from S4F, Inc - internet filtering software | No |
| X | s4helper | s4helper.exe | Searchcentrix hijacker | No |
| X | s9201 | av2008xp.exe | Antivirus 2008 XP rogue security software - not recommended, see here | No |
| X | s9201 | as2008xp.exe | AntiSpyware XP 2008 rogue spyware remover - not recommended, removal instructions here | No |
| X | s9201 | asproxp.exe | AntiSpyware Pro XP rogue spyware remover - not recommended, removal instructions here | No |
| ? | SA | Sa3.exe | Logitech QuickCam driver. Is it required? | No |
| ? | SA Service | SAservice.exe | Associated with Cyber Trio and Warner troubleshooting software from G-Tek Technologies and pre-installed on some Packard Bell and NEC PCs. What function does this perform and is it required? | No |
| N | Sa3dsrv | Sa3dsrv.exe | For Aureal based 3D soundcards. A3D sound features won't work with this disabled | No |
| X | saap | saap.exe | NCase adware | No |
| N | Sabreserver | SABSERV.EXE | Airline reservation software from Sabre. Available via Start -> Programs | No |
| X | sac | sac.exe | NCase adware | No |
| X | SACC | sacc.exe | SurfAccuracy adware | No |
| N | SAClient | RegCon.exe | AT&T or ComCast BBClient - monitors system and network-delivered services for availability. Your current network status is displayed on a color-coded web page in near-real time. When problems are detected, you're immediately notified by e-mail, pager, or text messaging | No |
| X | sacmemds | smcntlwio.exe | Added by the MAILBOT-BZ TROJAN! | No |
| X | Safe | SafeWin.exe | Added by the FOCOSENHA TROJAN! | No |
| X | Safe | [path to trojan] | Added by the BANKER-DT TROJAN! | No |
| X | Safeguard 2009 | sf2009.exe | XP AntiSpyware 2009 rogue spyware remover - not recommended, removal instructions here | No |
| X | SafeGuard Popup Blocker Updater | regsvr32 sfgupd.dll | SafeguardProtect/Veevo hijacker. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The "sfgupd.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| X | SafeGuard Popup Blocker Updater (required) | regsvr32 sfg****.dll [* = ramdom char] | SafeguardProtect/Veevo hijacker. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The random DLL file is found in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| X | SafeGuard Popup Updater (required) | regsvr32 sfg****.dll [* = random char] | SafeguardProtect/Veevo hijacker. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The random DLL file is found in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| X | SafeGuard Popup Updater (required) | regsvr32 PDF****.dll [* = random char] | SafeguardProtect/Veevo hijacker. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The random DLL file is found in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| U | SafeHouseSystemTray | SDWTRAY.EXE | SafeHouse "Personal Privacy" system tray icon - PP protects and hides your private and personal photos, videos, files and folders by making them "invisible" and encrypted | No |
| N | SafeInstall.exe | SAFEIN~1.EXE | Monitors a download and ensures an newer version of a file isn't replaced by an older one | No |
| N | SafeOFF | SafeOff.exe | Provides protection that if user accidentally presses the power switch a dialog will pop up for confirmation | No |
| X | SafeSearch | safesearch.exe | SafeSearch.A adware | No |
| Y | SafeSpace | SafeSpaceSysTray.exe | Part of SafeSpace (from Artificial Dynamics) which "protects computers from Internet malware infection without the need for signature updates or regular maintenance" | No |
| X | SafeStrip | SafeStrip.exe | SafeStrip spyware remover - not recommended, see here | No |
| X | SafeStripReminder | SafeStripReminder.exe | SafeStrip spyware remover - not recommended, see here | No |
| X | SafeSurfingUpdate | SSUpdate.exe | MoneyTree parasite - ActiveX control used to download premium-rate dialers | No |
| X | SafeSys | SafeSys.exe | Added by the AUTORUN.DMI WORM! | No |
| U | SafetyNet | ipcTray.exe | Safety.Net from Netveda - "offers Internet security, content security and advanced Internet firewall protection for all your LAN computers, and trust controls to block unwanted or harmful applications from accessing the network" | No |
| U | SafetyNet_Notifier | ipcLn.exe | Safety.Net from Netveda - "offers Internet security, content security and advanced Internet firewall protection for all your LAN computers, and trust controls to block unwanted or harmful applications from accessing the network" | No |
| U | Safeworld | Freedom.exe | SafeWorld Internet Security - now no longer available | No |
| X | Sagate Security Firewall | sagate.exe | Added by the GAOBOT.BOW WORM! | No |
| N | SAgent2ExePath | SAgent2.exe | Seiko Epson printer status agent. Disable if printer is not used often | No |
| U | SAGENTSERVICE | Sagent.exe | TinySpyAgent commercial keystroke logger. Uninstall this software if you did not install it yourself | No |
| X | sagnt | sagnt.exe | Adware web downloader | No |
| X | SAHagent | Sahagent.exe | ShopAtHomeSelect parasite | No |
| X | SAHBundle | bundle.exe | ShopAtHomeSelect parasite | No |
| X | SAHBundle | shop1003.exe | ShopAtHomeSelect parasite | No |
| X | saie | saie.exe | NCase adware | No |
| U | SaiMfd | SaiMfd.exe | Saitek MFD File System Driver - associated with the Saitek SST (Saitek Smart Technolgy) configuration software for their game controllers. Create a shortcut and run manually when required | No |
| U | SAIMON | SaiMon.exe | Saitek joystick driver | No |
| X | sain | sain.exe | NCase adware | No |
| X | sais | sais.exe | NCase adware | No |
| U | SaiSmart | SaiSmart.exe | "Smart Button Special Sauce" - included with the latest software for Saitek game controllers. Related to the "S", "Shift" or "Smart" button and gives gamers extra features on the buttons. Only required if you use this feature | No |
| U | SaitekAutoConfigure | saicnfig.exe | Configuration for Saitek game controllers | No |
| X | Sakemsneql | simenu.exe | Added by the SDBOT.BTO WORM! | No |
| X | Sakora | Sakora.exe | Detected by Microsoft as the GOWELES.A TROJAN! See here | No |
| N | SalaatTime | SalaatTime.exe | "Salaat Time is a FREE multi-function Islamic application that calculates the prescribed five daily Muslim prayer times as well as Qiblah direction for anywhere in the world" | No |
| X | Salestart | WAS7Mon.exe | WinAntiSpyware spyware remover - not recommended, see here | No |
| X | Salestart | bm.exe | Misleading security software such as AntiSpywareSuite, AntivirusPCSuite, SpyGuardPro, WinAntiVirus Pro 2006, WinSecureAv and WinSpyControl - not recommended, see here | No |
| X | Salestart | dcpasmon.exe | SystemDoctor misleading security software - not recommended, see here | No |
| X | Salestart | dcsm.exe | PrivacyProtector misleading security software - not recommended, see here | No |
| X | Salestart | mc.exe | OnlineHelpmate and ConfidentUser misleading security software - not recommended | No |
| X | Salestart | stm.exe | WinAnonymous spyware remover - not recommended, see here | No |
| X | Salestart | strpmon.exe | Misleading security software such as WinPCDoctor, StorageProtector, ErrClean and SystemErrorFixer - not recommended | No |
| X | salm | salm.exe | NCase adware | No |
| X | saly | saly*****.exe | Added by a variant of the AW.AWK TROJAN! | No |
| X | Sam-sung | Sam-sung.exe | Added by a variant of the SDBOT WORM! | No |
| X | SaMail | [WORM FILE NAME].vbs | Added by the VBS.LIDO WORM! | No |
| U | SAMcal | SAMcal.exe | SamCal - calendar/reminder program | No |
| U | Sametime Connect | Connect.exe | IBM Lotus Sametime - instant messaging and Web conferencing software | No |
| X | Samsong | Samsong.exe | Added by the SDBOT.BNE WORM! | No |
| X | Samsung | Samsungs.exe | Added by an IRC TROJAN variant! | No |
| U | Samsung PanelMgr | ssmmgr.exe | Samsung printer monitor - for checking ink levels, etc. | No |
| U | SandboxieControl | Control.exe | SandBoxie - allows data to be read from the hard drive by an application but never written back unless you allow it | No |
| U | SandboxieControl | SbieCtrl.exe | "SandBoxie runs your programs in an isolated space which prevents them from making permanent changes to other programs and data in your computer" | No |
| N | SandIcon | SandIcon.exe | SanDisk ImageMate CompactFlash card reader SDDR-31 (USB). Very little use except to place the Sandisk icon beside its drive designation in Windows Explorer. The reader itself will work fine without it. The simplest thing is to just unplug the reader when you're not using it. It may slow the startup by a few nanoseconds, but once the software sees there's no reader, you get back the resources | No |
| X | SANS Service | sansv.exe | Added by the VANEBOT-AH WORM! | No |
| U | SansaDispatch | SansaDispatch.exe | Sansa Updater - "The Sansa Updater is an application that checks for the latest firmware updates then downloads and installs the firmware to your Sansa device" | No |
| X | Santa Bastards Bitch | SANTAS.BITCH.txt | Added by the ATNAS.A WORM! | No |
| X | sapp | sapp.exe | NCase adware | No |
| U | SaskTel Accelerated Dial-up | sasktelgui.exe | "Experience faster surfing, downloading and e-mail by adding SaskTel Accelerated Dial-up Internet" | No |
| X | sasserfix | package.exe | Added by the DABBER.B WORM! | No |
| X | saSyncMgr | rundll32.exe sasync.dll, SyncWait | Browser hijacker - redirecting to Searchant.com. Note - the real Tweak UI entry for this is "rundll32.exe tweakui.cpl, tweakmeup". Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| U | SATARaid | SATARaid.exe | RAID driver for serial ATA disks on some motherboards such as the DFI Lanparty range. Only loaded if one is using RAID support on SATA drives | No |
| X | satmat | satmat.exe | VX2.Transponder parasite updater/installer related | No |
| X | sau | sau.exe | 180Solutions adware related | No |
| U | SAUpdate | SAUpdate.exe | Big Brother from Quest Software. System and network monitor | No |
| U | SAutoLaunchExe | SAutoLaunchExe.exe | Sharp Zaurus PDA related, needed to synchronize information with a Desktop or Notebook | No |
| Y | SAVAgent | SAVAgent.exe | Part of Sophos anti-virus software. Required for centrally administered Sophos updates to work correctly, e.g. automatically updating PCs used by dial-in home or out-of-office users | No |
| X | Save | Save.exe | WhenU.Save adware | No |
| X | SaveDate | SaveStartDate.Exe | Unidentified adware | No |
| X | Savenow | SaveNow.exe | WhenU.Save adware | No |
| X | Savsvc | rundll32.exe savsvc.dll,start | Added by the AKBOT.BE WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "savsvc.dll" file is found in %System% | No |
| X | SAW | saw.exe | SmartAdware adware | No |
| U | Say The Time 5.0 | SAYTIME.EXE | This program has audio cues for the system clock in male and female voices, customizes the appearance of the system clock, and can synchronize it to a time server regularly | No |
| U | SB | SB.exe | Acer Soft Button on Acer Tablet PCs | No |
| X | SB | SpywareBomber.exe | SpywareBomber spyware remover - not recommended, see here | No |
| N | SB Audigy 2 Startup Menu | /l:eng | Related to the Dell OEM version of the Sound Blaster Audigy 2 sound card. If this item is listed and checked in startup, the System32 Folder will appear on every startup. A patch is available - filename R75304.EXE - that fixes the issue. You can find that file at support.dell.com by typing that name in the 'Search' box available there. It addresses the root of the problem in Creative's software and corrects it. Unfortunately there is no direct link to the file, but it's easily available using the search function | No |
| X | SB Watchdog | SBWatchdog.exe | Spyware utility installed by the manufacturers of some laptops (Sony) used to monitor browsing habits and send them back to whoever installed it - released by SoftBank | No |
| X | SB13mini | RYZO32.EXE | Added by the SPYBOT-EJ WORM! | No |
| U | SBAutoUpdate | sbautoupdate.exe | SpywareBlaster auto-updater | No |
| U | SBC RoamingClient | SBCFL.exe | Part of AT&T FreedomLink Wi-Fi connection software | No |
| U | SBC Self Support Tool | matcli.exe | matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file. The SBC Self Support Tool is required to run with the Help and Support program. If you uncheck SBC and and then run Help and Support it will add another SBC entry in the startup menu. If you remove this software in "add/remove programs" some help menus in help and support will not be available. You decide | No |
| N | SBC Yahoo! Connection Manager | ConnectionManager.exe | Used to create and connect your SBC Yahoo DSL connection. This program has been reported to cause problems for some users. If you find that it causes you pc to become slow or unstable you should uninstall it (using Add/Remove programs) and manually connect your DSL connection | No |
| Y | SBCSTray | SBCSTray.exe | System Tray access to CounterSpy antispyware software | No |
| U | SBDrvDet | SBDrv.exe | Detects the "Easy Front-Panel Audio Connectivity Drive Internal Drive Bay" on the Sound Blaster Audigy 2 Platinium eX. Can be disabled if you don't have one | No |
| N | sbdrvdet | sbdrvdet.exe | Checks to see if Creative sound card driver should be updated | No |
| X | SBHC | sbhc.exe | SuperBar parasite - uninstall available here | No |
| X | SBI | install_sbd_en.exe | Downloader for a variety of rogue anti-spyware programs | No |
| X | SBMPOP | SBMPop.exe | SearchByMedia adware | No |
| N | SBMX | sbmx.exe | SoundMAX MPU401 MIDI device emulator for x86 VM DOS games/apps (for Win9x only) | No |
| X | SBR2009F | SystemBooster2009.exe | SystemBooster2009 rogue system suite - not recommended, removal instructions here | No |
| X | sbss Launcher | sbss.exe | SideBySide adware | No |
| U | SbUsb AudCtrl | RunDll32 sbusbdll.dll, RCMonitor | Control for Soundblaster MP3 external (USB) sound card | No |
| N | sc | scrubxp.exe | ScrubXP - utility that deletes safe to remove files, cookies, browsing history, etc | No |
| U | sc | sc.exe | Watchdog 2.0 Software - monitoring program | No |
| U | sc | run.exe | All-In-One_SPY stealth monitoring software - allows monitoring and recording of all actions performed on a computer. It records all keystrokes, remembers addresses of Internet pages visited, and maintains a log file listing all applicationsrun on the computer. It can create screenshots and record sounds from the computer's microphone to a sound file | No |
| X | SC2 | scprot4.exe | Added by the AGENT.APP TROJAN! | No |
| ? | sc23exec | sc23exec.exe | Possibly related to a digital camera | No |
| Y | SC3300CC | SC3300CC.exe | SiPix digital camera Twain device driver | No |
| X | scain | s030109.Stub.exe | Delfin Media Viewer adware related | No |
| X | ScamDisk | SVOHOST.exe | Added by the LEWOR.D WORM! | No |
| X | scan | mscman.exe | ClientMan parasite variant | No |
| ? | Scan Detector | Pmxdetect.exe | Associated with PrimaScan scanners. Is it required? | No |
| X | Scan Register | ssms.exe | Added by the RBOT-AT WORM! | No |
| ? | Scan Wizard | button.exe | Associated with Scan Wizard as supplied with Microtek scanners - see also the Scanner Detector and Sdetect entries. What does it do and is it required? | No |
| X | ScanDisc | satan.exe | Added by the GREGSTAR TROJAN! | No |
| X | ScanDisk | ScanDisk.exe | Added by the GANDA.A WORM! Note - this is not the valid "ScanDisk" Win9x/Me standard disk error checker | No |
| X | scands32.exe | scands32.exe | Added by a variant of the ADCLICKER TROJAN! | No |
| X | Scandsk2 | scandsk2.exe | Added by the AGOBOT-PK WORM! | No |
| X | scandskx.exe | scandskx.exe | Added by the DLOADR-ARM TROJAN! | No |
| ? | ScanFile | ?? | ?? | No |
| Y | ScanInicio | Inicio.exe | Part of Panda Antivirus. Responsible for scanning the boot sector of your disk and your memory at startup to check for viruses that try and load and act before your anti-virus is fully operational. It only adds a fraction of a second to start-up time and is worth leaving active | No |
| N | Scanner Detector | SDetect.exe | ScanSuite Scanner Detector - part of ScanWizard, supplied with Microtek scanners. Waits until you press the "GO" button and seems to serve no other purpose. Automatically installed without prompting. Not required if you can start your scanning application before pressing the "GO" button | No |
| Y | Scanner File Utility | NsCatCom.exe | Kycocera Mita network copier/printer/scanner process to dump scanned documents onto a workstation | No |
| ? | ScanPanel | ScanPanel.exe | Trust Easy Webscan scanner related - what does it do and is it required? | No |
| X | Scanreg | [filename] | Added by the QQPASS.E TROJAN! | No |
| X | ScanRegistry | nsrvnt.exe | Added by the NERTE TROJAN! Not to be confused with the real ScanRegistry - which is a vital Windows file. This version has the executable as nsrvnt.exe not scanregw.exe | No |
| X | ScanRegistry | scanregv.exe | Added by the MASTERLOCK TROJAN!. Not to be confused with the real ScanRegistry - which is a vital Windows file. This version has the executable as scanregv.exe not scanregw.exe | No |
| Y | ScanRegistry | Scanregw.exe | Scans the system registry and makes back-ups at start-up. Important should the registry become corrupt. The executable "Scanregw.exe" is located in %windir% (where %windir% is the Windows directory - C:Windows or C:Winnt) | No |
| X | ScanRegistry | Scanregw.exe | Added by the STATOR WORM! Note - this is not legitimate ScanRegistry entry - which is a vital Windows file. The executable "Scanregw.exe" is located in %System%. Runs from the registry RunServices key as opposed to the Run key | No |
| X | ScanRegistry | N/A | Added by the DINOXI or DINOXI.B WORMS! | No |
| X | ScanRegistry | scanregw.exe | Added by the NYXEM-D WORM! Note - do not confuse this with the legitimate Windows process scanregw.exe which is always found in the Windows folder on Win9x/ME machines. This worm file is found in the System (9x/ME) or System32 (NT/2K/XP) folder | No |
| X | ScanRegistry | update.exe | Added by the DWNLDR-FZY TROJAN! | No |
| X | ScanSpyware v * | Scanner.exe | ScanSpyware spyware remover (where * = the version number) - not recommended, see here | No |
| X | scApp | scApp.exe | Added by the STANDO-E WORM! | No |
| X | scApp | suchost.exe | Added by the ACNATT.A WORM! | No |
| N | SCardSvr | scardsvr.exe | Related to SmartCard readers and sometimes uses lots of system resources | No |
| X | SCardSvr | SCardSvr32.Exe | Added by the MOFEI.B WORM! | No |
| U | SCDEmuApp.exe | SCDEmuApp.exe | Related to PowerISO - CD/DVD image file processing tool | No |
| X | scheck45 | scheck45.exe | Related to unknown malware - hidden installer associated with it | No |
| X | schedl | schedl.exe | Added by the VB-DVW WORM! | No |
| U | schedm | schedm.exe | Part of Antivir PersonalEdition Classic anti-virus | No |
| X | ScheduIe | nrchk.exe | Premium rate adult content dialler | No |
| X | ScheduIr | msexploren.exe | Added by a variant of the SDBOT WORM! | No |
| X | ScheduIr | shch.exe | Added by a variant of the SDBOT WORM! | No |
| X | ScheduIr | svchst.exe | Added by a variant of the SDBOT WORM! | No |
| X | ScheduIr | winagent.exe | Added by a variant of the SDBOT WORM! | No |
| U | Schedule | Schedule.exe | Scheduler for Mercury Ez View TV Tuner Card | No |
| N | Scheduled Maintenance | Scheduled_Maintenance.exe | Scheduler for Iolo System Mechanic tweaking utility. It can cleans your registry and deletes temporary files at defined intervals. Available via Start -> Programs | No |
| X | Scheduler | expIorer.exe | Added by the TACTSLAY.A TROJAN! | No |
| X | Scheduler | MSMSGS.EXE | Added by the HOSTBANK-A TROJAN! Note - this particular msmsgs.exe file is located in the WindowsSystem32Config or WinntSystem32Config folder, and should not be mistaken for the MSN Messenger file of the same name! | No |
| X | Scheduler | outIook.exe | Added by the TACTSLAY.A TROJAN! | No |
| X | Scheduler | svcrhost.exe | Added by the TACTSLAY.A TROJAN! | No |
| X | Scheduler | svcshost.exe | Added by the TACTSLAY.A TROJAN! | No |
| X | Scheduler | winagent.exe | Added by the TACTSLAY.B TROJAN! | No |
| U | Scheduler | Scheduler daemon.exe | Tenebril GhostSurf or SpyCatcher related scheduler - you can schedule daily, weekly, monthly or one-time only cleanings | No |
| X | Scheduler | msnexploren.exe | Added by the TACTSLAY.B TROJAN! | No |
| X | Scheduler | sdhch.exe | Added by the TACTSLAY.B TROJAN! | No |
| X | Scheduler | svchst.exe | Added by the TACTSLAY.B TROJAN! | No |
| X | Scheduler Service | wsass.exe | Added by the LIOTEN.KX WORM! | No |
| X | SchedulerMgr | navchk.exe | Premium rate adult content dialer | No |
| U | scheduler_monitor | init_scheduler.exe | Scheduler for ReaConverter advanced image converter | No |
| X | Scheduling Agent | Scheduler.exe | Added by the SUBWOOFER TROJAN! Note - this is not the real MS Scheduling agent as the executable is incorrect | No |
| X | SchedulingAgant | MMTASK.EXE | Added by the YAB.A TROJAN! Not the valid MusicMatch Jukebox which has the same filename | No |
| U | SchedulingAgent | mstask.exe | MS Scheduling Agent displayed as a box with a stopwatch in the System Tray that is only needed if you have regular scheduled disk defragmenting, ScanDisk, etc. Required if you have regularily scheduled events such as weekly virus scans | No |
| U | SchedulingAgent | mstinit.exe | MS Scheduling Agent displayed as a box with a stopwatch in the System Tray that is only needed if you have regular scheduled disk defragmenting, ScanDisk, etc. Required if you have regularily scheduled events such as weekly virus scans | No |
| X | SchedulingAgent | N/A | Added by the DINOXI or DINOXI.B WORMS! | No |
| U | Schmaili | Schmaili.exe | Schmaili - insert animated smilies into your e-mail | No |
| X | schost | [path to trojan] | Added by the TJSERV.D TROJAN! | No |
| N | SchSvr | SchSvr.exe | WinScheduler is installed with Home Theater or WinDVD Remote Control for WinDVD from Intervideo. If you want to schedule recordings from your TV tuner card, you will need it. Available via Start -> Programs | No |
| Y | SCHWIZEX | SCHWIZEX.EXE | Part of ConfigSafe - lets you identify changes to the registry, INI files, System asset files, system hardware, network connections, and operating system versions - provides a restore function. This part takes a snapshot of your system following a healthy re-boot | No |
| X | sck121 | helpsyss.exe | Added by a variant of the MAILBOT TROJAN! | No |
| X | sclick | sclick.exe | Added by the FAKEALERT TROJAN! | No |
| X | ScManager | scman.exe | Added by the FORBOT-CW WORM! | No |
| X | scopedll | scopedll.exe | Added by a variant of the CRYPTER.C TROJAN! | No |
| N | Scotia OnLine Recovery | etdirrcv.exe | Scotia OnLine Security Software provided by Entrust for Scotiabank. Provides trusted secure access to Scotia OnLine Secure Web sites. *.* represents the version number. Now obsolete after Scotiabank modernised their login process | No |
| N | Scotia OnLine Security v*.* Recovery | etdirrcv.exe | Scotia OnLine Security Software provided by Entrust for Scotiabank. Provides trusted secure access to Scotia OnLine Secure Web sites. *.* represents the version number. Now obsolete after Scotiabank modernised their login process | No |
| X | Scr | scr.scr | Added by the OPASERV.T WORM! | No |
| N | ScrapPad | Scrappad.exe | ScrapPad allows you to quickly and easily record notes, thoughts, messages, and just about anything you want. Use it like you use scrap paper | No |
| X | scrbmk | [path to trojan] | Added by the DLOADER-VP TROJAN! | No |
| U | Screen Calendar | scrcal.exe | Screen Calendar allows you to create custom desktop wallpapers with built in active calendar and scheduler | No |
| U | Screen Guard | launch.exe | Part of Access Denied security and privacy software | No |
| U | Screen Guard Message Scan | sgms.exe | Part of Access Denied security and privacy software | No |
| X | Screen Saver | scrnsaver.scr | Added by the RBOT-AGP WORM! | No |
| N | Screen Saver Control | FSScrCtl.exe | Installs as part of the Hubble Space Telescope screen saver (and possibly others). Lets you control your installed screensavers from a System Tray icon | No |
| N | ScreenHunter 4.0 Free | ScreenHunter.exe | "ScreenHunter 4.0 Free is a completely free screen capture software for you to easily take screenshots" | No |
| N | ScreenPrint32 | ScreenPrint32.exe | ScreenPrint32 screen capture software - can be launched manually | No |
| X | ScreenSaverPlus | rundll32.exe MSA64CHK.dll, DllMostrar | MatrixDialer related. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in the Winnt or Windows folder | No |
| ? | screxe | scruser2k.exe | ?? | No |
| ? | script | script.bat | Maybe associated with DOS on a Win9x machine | No |
| Y | ScriptBlocking | SBServ.exe | Update to Norton AntiVirus 2001. Detects certain types of script-based viruses without the need for specific virus definitions - such as JavaScript and VBScript. This will help protect you from these viruses even before virus definitions are available. Note - some users complain of problems once the update is installed - refer here for more information | No |
| Y | ScriptSentry | Scriptsentry.exe | Script Sentry from Jason's Toolbox. Blocks malicious scripts and allows safe scripts to run. Only required if you want it to check the file associations it guards at startup. It will function regardlessly | No |
| U | Scroll-In-Mouse V2.0 | SCROLL.EXE | Toolkit for the Lynx-3D Net scroll mouse from QTronix. Required if you use the special features | No |
| X | scroller | fpapli.exe | CoolWebSearch parasite variant | No |
| X | scrss | scrss.exe | Added by the HACDEF-R TROJAN! | No |
| X | scrsvc | scrsvc.exe | Added by the AGENT-DS TROJAN! | No |
| X | ScrSvr | ScrSvr.exe | Added by the OPASERV WORM! | No |
| X | ScrSvrOld | [worm filename] | Added by the OPASERV WORM! | No |
| Y | Scsi | Scsi.exe | SCSI Miniport driver | No |
| X | sctrlmgr | sescmgr.exe | Added by a variant of the DWNLDR-GAH TROJAN! | No |
| X | scvhost | svzhost.exe | Added by a variant of the SPYBOT WORM! | No |
| U | scvhost | scvhost.exe | Wiretap surveillance software. Uninstall this software unless you put it there yourself | No |
| X | scvhost | scvhost.exe | Added by the AOGBOT-LI WORM! | No |
| X | scvhost loader | ixplore.exe | Added by the SDBOT-CY TROJAN! | No |
| X | scvhost.exe | scvhost.exe | Added by the LOHAV-N TROJAN! | No |
| X | sd32info | sd32info.exe | Added by the CRYPTER.A TROJAN! | No |
| U | SDaemon | sdaemon.exe | PC Security from Tropical Software. 'PC Security? 5.1 is the ultimate in computer security, offering multiple locking systems for the Windows environment and internet. Lock files, monitor programs' activities, even detect intruders! PC Security? offers flexible and complete password protection, "Drag and Drop" support, plus many other handy features' | No |
| U | SDAutoLiveupdate | LiveUpdateSD.exe | Spyware Detector - spyware remover. Initially not recommended due to false positives but the later versions have since improved - see here | No |
| X | SDAv | csnss.exe | Added by the SERFLOG.C WORM! | No |
| X | SDAv | svhost.exe | Added by the SERFLOG.C WORM! | No |
| X | sdchosts32 | vbdd.exe | Added by the RANKY.AG TROJAN! | No |
| ? | SDClientMonitor | sdclientmonitor.exe | Related to LANDesk Management Suite from LANDesk Software Ltd. What does it do and is it required? | No |
| N | SDetect | SDetect.exe | ScanSuite Scanner Detector - part of ScanWizard, supplied with Microtek scanners. Waits until you press the "GO" button and seems to serve no other purpose. Automatically installed without prompting. Not required if you can start your scanning application before pressing the "GO" button | No |
| X | sdfsdfsdf | sp2update.exe | Added by a variant of the SPYBOT WORM! | No |
| X | SDIN Adapter | sdin.exe | Added by the FORBOT-AP WORM! | No |
| ? | SDJobCheck | triggusr.exe | Part of CA Unicenter Software Delivery - manage software across various systems, from desktops and servers to PDAs and mobile phones, in a controlled and standardized way - is it required at startup? | No |
| X | SDK Codre Function22 | sdkimddprovment2.exe | Added by the SDBOT-YJ WORM! | No |
| X | SDK Core Component | sdkcore.exe | Added by the SDBOT-WC WORM! | No |
| X | SDK Core Function | sdkimprovment.exe | Added by the RBOT.BHL WORM! | No |
| X | SDK Core Function2 | sdkimprovment2.exe | Added by the SPYBOT.OGX WORM! | No |
| X | Sdk**.exe [* = random char] | Sdk**.exe [* = random char] | CoolWebSearch/HomeSearch adware - for examples, see this log | No |
| X | Sdk**32.exe [* = random char] | Sdk**32.exe [* = random char] | CoolWebSearch/HomeSearch adware - for examples, see this log | No |
| X | SDKcore Update Components2 | SDKC0R3.exe | Added by the RBOT-ABA WORM! | No |
| X | sdkupdate22 | SDK0mCORE.exe | Added by the FORBOT-DT WORM! | No |
| ? | SDMSSplash | launcher.exe | Part of HP's Smart Desktop Management System - "Preloaded on select business desktops, SDMS features automatic remote backup and disaster recovery via secure offsite storage and helps detect and remove PC security threats." Is this just the "splash" screen shown when the program lauches and is it therefore required? | No |
| N | SDPhotoBar.exe | SDPhotoBar.exe | SmartDraw Photo (now FotoFinsh) - "organize, enhance, print, and share your photos. It's also a powerful graphic editor for creating images and web graphics" | No |
| X | SDR6_Check | udcsdr.exe | DriveCleaner rogue security software - not recommended, see here | No |
| X | sdrss | sdrss.exe | Added by the SDBOT-SQ WORM! | No |
| U | sds20 | svchost.exe | InlookExpress logs keystrokes and captures screenshots. If you didn't install this yourself remove it. Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in C:\sds20 | No |
| X | SdScans** | stup_tmp.#32 | Added by the SDSCAN.A TROJAN - where ** are random upper case letters | No |
| U | SDTray | sdtray.exe | RSA Keon Web PassPort - software that allows organizations to use digital certificates in a Web-based environment to help ensure that their transactions are authentic, confidential and digitally signed | No |
| Y | SDTray | SDTrayApp.exe | System Tray access to an older version of Spyware Doctor antispyware from PC Tools | No |
| X | sdxsys32 | sdxsys32.exe | Added by the BROGGER-A TROJAN! | No |
| U | sealmon | sealmon.exe | SealedMedia enables you to combine document protection and control with your existing applications - such as Microsoft Word, Microsoft Excel, Microsoft PowerPoint and Email | No |
| X | Search Bar | taskbar.exe | Added by the OPANKI-F WORM! | No |
| X | Search Defender | SearchDefender.exe | Installed by SpeedItUp without permission, along with PC-Checker. Detected by DrWeb as the STARTPAGE.ORIGIN TROJAN! | No |
| ? | Search Hook | srchhook.exe | ?? | No |
| X | Search Page | http://find.naupoint.com | Naupoint browser hijacker | No |
| U | Search Protection | SearchProtection.exe | "Yahoo! Search Protection will alert you if an attempt is made to change your default browser search engine from Yahoo!" | No |
| X | Search-Exe | SE.exe | Search-Exe hijacker | No |
| X | Search.vbs | Hijacker | No | |
| X | SearchAndDestroyMFC | Search And Destroy.exe | Search And Destroy rogue security software - not recommended, see here | No |
| X | SearchAndDestroyScheduler | SearchAndDestroy.exe | Search And Destroy rogue security software - not recommended, see here | No |
| X | SearchAndDestroyT | SearchAndDestroy.exe | Search And Destroy rogue security software - not recommended, see here | No |
| X | searchbar | vnmispoisn downloader.exe | SearchBarCash adware variant | No |
| X | SearchEnhancement | scbar.exe | SCBar foistware | No |
| X | searchnav | searchnav.exe | SearchNav adware - IEFeatures/Popnav variant | No |
| X | SearchNavVersion | searchnavversion.exe | SearchNav adware - IEFeatures/Popnav variant | No |
| X | SearchNet_Up | ServeUp.exe | SearchNet adware | No |
| U | SearchProtection | SearchProtection.exe | "Yahoo! Search Protection will alert you if an attempt is made to change your default browser search engine from Yahoo!" | No |
| X | SearchSetter | searchsetter[1].exe | Browser hijacker - redirecting to FindWhateverNow.com | No |
| X | SearchSettings | SearchSettings.exe | Vendio "Search Settings" foistware - reportedly installed without notice, see here and here | No |
| X | SearchSpy | SearchSpy.exe | SearchSpy spyware remover - not recommended, see here | No |
| X | SearchSquire[number] | SearchSquire[number].exe | SearchSquire adware | No |
| X | SearchUpgrader | SearchUpgrader.exe | Hijacker | No |
| X | Secboot | w32tm.exe | Added by the HAXDOOR.D TROJAN! | No |
| X | secboot | mszx23.exe | Added by a variant of the HAXDOOR.BC TROJAN! | No |
| X | secboot | vtd 16.exe | Added by the HAXDOOR-AE TROJAN! | No |
| X | secdrive.exe | secdrive.exe | Added by a variant of the SPYBOT WORM! See here | No |
| U | Second Copy 2000 | SecCopy.exe | Related to Second Copy? - a files/folders backup utility | No |
| U | SecondChance | sctray.exe | Power Quest Second Chance. Sets checkpoints for saving a backup copy of the registry to a disk so you can restore it if you have a crash | No |
| X | Secret | Secret.exe | Added by the DELF-LW TROJAN! | No |
| X | Secret-Crush | start.exe | Hijacker that may reset your browser's home page and/or search settings to point to undesired sites | No |
| U | SECRETMAKER | secretmaker.exe | Secretmaker is a combination of eight privacy-defending programs, including Spam Fighter Pro, Worm Hunter, Pop-Up Killer, Banner Blocker, Cookie Eraser, Privacy Protector, History Cleaner, and Garbage Cleaner | No |
| U | SecretSmileys | ss.exe | "Secret Smileys is an add-on for AIM that provides users access to 1000's of new Smileys that can be viewed by anyone using a current version of AIM. Secret Smileys also adds other features such as logging of IM conversations, and it gets rid of that annoying advertisement on your buddy list window" | No |
| X | secserv.exe | secserv.exe | Detected by Panda as an EasySearch adware variant. Note - EasySearch modifies the Internet Explorer settings and may download programs onto the infected computer | No |
| X | secsvc32 | secsvcnt.exe | Added by the GLOBAL PATROL TROJAN! | No |
| U | Secsys | Secsys.exe | UltraSoft Key Interceptor surveillance software - uninstall this unless you put it there yourself! | No |
| U | SecurDisc | NBHGui.exe | Part of the Nero multimedia suite backup function - "Recover your data quickly and easily and create discs that are password protected. SecurDisc technology gives you peace of mind" | No |
| X | secure | [random].exe | DealHelper adware | No |
| X | secure | svshost.exe | Added by the RBOT-AFO WORM! | No |
| X | secure socket layer | wins32a.exe | Added by an IRCBOT TROJAN! | No |
| X | Secure Socket Layer Certification | sslcert.exe | Added by the VANEBOT-AN WORM! | No |
| X | Secure System | integitor.exe | Added by the AGOBOT.ACI WORM! | No |
| X | Secure32 | Shell32.com StartUp | Added by the BRONTOK-CJ WORM! | No |
| X | Secure64 | Regedit32.com StartUp | Added by the BRONTOK-CJ WORM! | No |
| N | SecureClean4RegManager | scregmanager4.exe | WhiteCanyon SecureClean 4 disk cleaner - clean hard drive data, MRUs, temp files and more. Can be started manually | No |
| N | SecureClean4Tray | sctray4.exe | WhiteCanyon SecureClean 4 disk cleaner - clean hard drive data, MRUs, temp files and more. Can be started manually | No |
| X | SecureCleaner | SecureCleaner.exe | SecureCleaner spyware remover - not recommended, see here | No |
| N | SecureCleanIEClean | SCIEClean.exe | SecureClean - scans your system for hidden temporary files, deleted email messages, Internet histories and caches | No |
| X | SecureExpertCleaner | sec.exe | Secure Expert Cleaner rogue privacy program - not recommended, removal instructions here | No |
| U | SecureItPro | Secureitpro470p.exe | SecureIt Pro - lock your computer when you're not there, to stop malicious users from accessing your desktop | No |
| X | SecureLogin | Mslg32.exe | Added by the REDZED WORM! | No |
| U | SecureOnlineAccountNumbers | SOAN.exe | Related to Secure Online Account Numbers by Discover(R) Card from Orbiscom Ltd. Secure and innovative payment solutions | No |
| X | SecurePCCleaner | GDC.exe | SecurePCCleaner spyware remover - not recommended, see here | No |
| U | SecurePCSolutionsBootCheck | BootCheck.exe | 1 Click Fixer PLUS from Secure PC Solutions "takes the guesswork out of locating and solving problems in the Windows registry" | No |
| X | Security | WindowsSecurityUpdate.exe | Added by a variant of the SDBOT WORM! | No |
| X | Security 2009 | Security2009.exe | Security 2009 rogue security suite - not recommended, removal instructions here | No |
| X | Security Accounts Manager SM | samsm.exe | Added by the SPYBOT.JE WORM! | No |
| X | Security Agent | securag.exe | Added by the BANCBAN-F TROJAN! | No |
| X | Security Agent Manager | mssams.exe | Added by the RBOT-SV WORM! | No |
| X | Security Antivirus Xp 1 | inetfor.exe | Added by the SDBOT.BAV WORM! | No |
| X | Security Center | AppControl.exe | Added by the SDBOT.CFT WORM! | No |
| X | Security Center Distribution | securesec.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Security iGuard | Security iGuard.exe | Security iGuard spyware remover - not recommended, see here | No |
| U | Security Manager | SecurityManager.exe | A ComCast Internet software suite that provides a variety of features (firewall, popup blocker, parental controls etcetera) to help ensure your computer is secure, and your information is kept private | No |
| X | Security Monitor | securemon.exe | Detected by Kaspersky as the AUTORUN.LPF WORM! See here | No |
| X | Security Patch | scmss.exe | Added by the RBOT-ZW WORM! | No |
| X | Security Patch | WinUpdate32.exe | Added by the SDBOT-BM WORM! | No |
| X | Security Patches | msnkn.exe | Added by the RBOT.WW WORM! | No |
| X | Security Patches | WinLab32.exe | Added by the SDBOT-KB WORM! | No |
| X | Security Server DB | secserver.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | security service | syss.exe | Added by an unidentified WORM or TROJAN! | No |
| X | Security Service | secsvc.exe | Added by the RBOT-GGF WORM! | No |
| X | Security Service DB | secservice.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Security Service Process | svhost.exe | Added by the AGOBOT-LC WORM! | No |
| X | Security System | securesys.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Security Update Service | wmiprvce.exe | Added by the AGOBOT.ZW WORM! | No |
| X | securw | Nctrup.exe | Added by the NOPIR.A WORM! | No |
| Y | SECWIZ98 | SECWIZ98.EXE | Security Wizard 98 by Chris Farmer. Offers you a variety of ways to restrict access to many of the programs and settings on your PC. Available here | No |
| X | seekmo | seekmo.exe | Seekmo Search, a 180Solutions adware variant - also see here | No |
| X | SeekmoSA | SeekmoSA.exe | 180Solutions.Zango adware | No |
| X | SeekmoToolbar | ${HOOKOE_FILE} | 180solutions/Seekmo adware | No |
| X | seeve | seeve.exe | Medload adware | No |
| X | Select server | slcsvr.exe | Added by the DLOADER-WD TROJAN! | No |
| ? | SelfHostUtil | slefhost.exe | ?? | No |
| X | seli | [path to file] | Added by the LOWZONE-AS TROJAN! | No |
| X | SemanticInsight | SemanticInsight.exe | RXToolbar adware. Software that displays pop-up/pop-under advertisements when the primary user interface is not visible | No |
| U | SeMS | SeMS.exe | PCsms - tool that enables you to send sms text messages from your PC to any UK mobile phone | No |
| X | Sen | tlii.exe | Detected by Kaspersky as PurityScan.ah | No |
| U | Sensiva | Sensiva.exe | Symbol Commander makes the use of your PC, laptop, Tablet PC, and Pocket PC much easier and much faster. It recognizes your handwriting with unparalled performance and executes commands in a snap. Just by using your mouse, pen, or touchpad, simply draw symbols to execute actions instantly | No |
| X | SENTRY | SENTRY.exe | From IP Insight. Allows website owners "to instantly determine the precise geographic location, connection speed and detailed demographics of every visitor to your website". Will be detected by most firewalls and the majority of home users should disable it | No |
| X | Sepate Security Firewall | sepate.exe | Added by a variant of the RBOT WORM! | No |
| N | SEPCSuite | SEPCSuite.exe | System Tray accesss to Sony Ericsson PC Suite which "connects your phone to your computer and expands the capabilities of your phone". Start manually via the Start Menu (or optional desktop shortcut) before connecting the phone | Yes |
| X | septpop06apsept | septpop06apsept.exe | MediaMotor.Popupwithcast adware | No |
| X | Serials | serials.exe | Any one of a variety of worms and trojans | No |
| X | Serices Hostin | servicez.exe | Detected by Trend Micro as the IRCBOT.AUA BACKDOOR! See here | No |
| X | SernellApp.pcx | csrss.exe | Added by the BANCBAN-BJ TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "D5133" subfolder | No |
| X | serpe | formatsys.exe | Added by the SERFLOG.A WORM! | No |
| X | serpe | msmbw.exe | Added by the SERFLOG.A WORM! | No |
| X | serpe | serbw.exe | Added by the SERFLOG.A WORM! | No |
| Y | serrdctl.exe | serrdctl.exe | "Shared Modem Service Client Event Viewer" - used when a number of PCs have access to a number of modems. Required to be running on each PC for access to the modems | No |
| X | serrv | serrv.exe | Added by the WAREZOV.DC WORM! | No |
| X | SERV PacK2 | nerx.exe | Added by the SDBOT-ACP WORM! | No |
| N | Serv-U | serv-u32.exe | FTP server | No |
| X | Serv-U | wssdsu.exe | Added by the MANIFEST TROJAN! | No |
| X | server | server.exe | Added by the DELTAD.A WORM! | No |
| X | server | system.exe | Added by the METHS-A TROJAN! | No |
| X | server | server.exe | Added by the SINGU-Q TROJAN! | No |
| Y | Server Application for MFP Server | ServoApp.exe | Multi Function Printer (MFP) Server Agent for Belkin's Wirless G All-in-One Print Server and ZyXEL's NPS-520 | No |
| X | Server Backbone | server05.exe | Added by the RBOT-ZM WORM! | No |
| X | Server Daemon Host Manager | sdhost.exe | Added by the RBOT-GWC WORM! | No |
| X | Server Runtime Error | unsec.exe | Added by the SDBOT-DFA WORM! | No |
| X | Server Runtime Process | wbemstest.exe | Added by the SDBOT-DDB WORM! | No |
| X | SERVER.EXE | SERVER.EXE | Added by the BUSHTRO122 or SMOKODOOR TROJANS! | No |
| X | serverex | Server.txt.vbs | Added by the DELTAD.A WORM! | No |
| X | Serverx | Serverx.exe | Added by the MADANGEL VIRUS! | No |
| X | Service | service.exe | Added by the ALADINZ.H TROJAN! | No |
| X | Service | [trojan filename] | Added by the KAITEX.E TROJAN! | No |
| X | Service | services.exe | Added by the NETSKY or NETSKY.B WORMS! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Windows or Winnt folder | No |
| X | Service | SYSNT.exe | Added by the CHA TROJAN! | No |
| X | Service | Service.pif | Added by the ASSIRAL-C WORM! | No |
| X | service | wN2S.exe | Added by a variant of the RBOT WORM! | No |
| U | Service Centre | launcher.exe | Management tool for the Open Networks iConnect series of products - as used by Australian ISP's such as iiNet and Hotkey | No |
| X | Service Cleaner | filen.exe | Added by the RBOT.BRH WORM! | No |
| X | Service Client | winsvcli.exe | Added by an unidentified WORM or TROJAN! See here | No |
| N | Service Connection | sccenter.exe | For Compaq PC's. Part of Backweb | No |
| N | Service Connection | bwtray.exe | For Compaq PC's. Part of Backweb | No |
| X | Service Controller | Csrrs.exe | Added by the GAOBOT.AO WORM! | No |
| X | Service Controller | service.exe | Added by the PREVERT TROJAN! | No |
| X | Service Defender | [random filename] | Added by a variant of the ZLOB TROJAN! See here | No |
| X | Service Drivers | msnpg.exe | Added by the RBOT.BMD WORM! | No |
| X | Service Drivers | PC.EXE | Added by the SDBOT-WK WORM! | No |
| X | Service Drivers | Compt.exe | Added by the RBOT-ZJ WORM! | No |
| X | Service Drivers | abl.exe | Added by the SDBOT-YX WORM! | No |
| X | Service Drivers | MSNMEssenger.exe | Added by a variant of the RBOT WORM! | No |
| X | Service Host | svchost.exe | Added by the TORVEL WORM! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in the Winnt or Windows folder | No |
| X | Service Host | [filename].exe | Added by the TORVEL.B WORM! | No |
| X | Service Host | spoolxx.exe | Added by the TORVEL WORM! | No |
| X | Service Host | svchost.exe | Added by the DAOSER-A TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a Services{C922CCC4-CF61-4589-A0D1-828160704853} subfolder | No |
| X | Service Host | svchost.exe | Added by the DAOSER-C TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a Services[random] subfolder | No |
| X | Service Host Driver | svchost.exe | Added by the HITON TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in the Winnt or Windows folder | No |
| X | Service Host Process | spoolsvc.exe | Added by the GAOBOT.GEN!POLY WORM! | No |
| N | Service Manager | sqlmangr.exe | SQL Server Service Manager - provides tray access to SQL server, the server agent and MSDTC. Available via Start → Programs | No |
| X | Service Manager | SERVICEMGR.EXE | Added by the PASSMAIL-D VIRUS! | No |
| X | Service Manager | dxsound.exe | Added by the PROXY-GRIC TROJAN! | No |
| X | service manager | service.exe | Added by the DONBOMB.A TROJAN! | No |
| X | Service Monitor | msnfilen.exe | Added by the RBOT-ALE WORM! | No |
| X | Service Monitor | javams32.exe | Added by the DELF-NK TROJAN! | No |
| X | Service Monitor | javams64.exe | Added by the SDBOT-AFO WORM! | No |
| X | Service Monitor | msnserve.exe | Added by the SPYBOT.YQW WORM! | No |
| X | Service Monitor | WinOcx.exe | Added by the RBOT-AQJ WORM! | No |
| X | Service Monitor | csnss.exe | Added by the RBOT.EEH WORM! | No |
| X | Service Monitor | filen.exe | Added by a variant of the RBOT WORM! | No |
| X | Service Pack | [various filenames] | Added by the LERPA-A WORM! Note - the file name will be one of the following common.exe, common.pif, common.scr, Sexo.exe, Sexo.jpg.pif, ini_file__.pif, load_me__.tmp, msfile.pif, system_load_.pif or zipped.rar.pif | No |
| X | Service Pack 1 | [random filename] | Added by the VXGAME.Z TROJAN! Note - the filename is random - see the link. Typical examples are vexg6ame4.exe, vexga3me2.exe, vexga4m1et4.exe, etc | No |
| X | Service Pack DLL Runtime | spdll32.exe | Added by a variant of the RBOT WORM! | No |
| X | Service PAck SFVP | [worm filename].exe | Added by a variant of the RBOT WORM! The filename is 4 random characters | No |
| X | Service Process | SVCHOST.EXE | Added by the DARKER WORM! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in the Winnt or Windows folder | No |
| X | Service Process | winset.exe | Added by a variant of the SPYBOT WORM! | No |
| X | Service Process | service.exe | Added by the DCMBOT-C TROJAN! | No |
| X | Service Process | smss.exe | Added by the DCMBOT-E TROJAN! Note - this is not the legitimate smss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "config" subfolder | No |
| X | Service Process | svchost.exe | Added by the DCMBOT-A TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "config" subfolder | No |
| X | Service Registry NT Save | jdbgmgrnt.exe | Added by the BANCOS-CG TROJAN! | No |
| X | Service Registry NT Save | taskmgrnt.exe | Added by the BANCOS-BY TROJAN! | No |
| X | Service Registry NT Save | regeditnt.exe | Added by the BANCOS-BM TROJAN! | No |
| X | Service Scheduler | scheduler.exe | Added by the AGOBOT-PH WORM! | No |
| X | Service System | kernels32.exe | Added by the BANCOS-DA TROJAN! | No |
| X | Service System | windowsXP.exe | Added by the BANCOS-EL TROJAN! | No |
| X | Service System | kgbfsm344.exe | Added by the BANCOS-FS TROJAN! | No |
| X | Service System | wernell87.exe | Added by the BANCOS-FJ TROJAN! | No |
| X | service updaer | qualityz.exe | Added by an unidentified VIRUS, WORM or TROJAN! - probably a SPYBOT variant | No |
| X | Service Update Client | svcupdcli.exe | Added by an unidentified WORM or TROJAN! See here | No |
| X | Service<user> | SERVICES.EXE | Added by the BRONTOK-BH WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in Documents and Settings\<User>\Local Settings\Application Data\WINDOWS | No |
| X | Service.exe | Service.exe | "servedby.advertising" popup generator | No |
| X | Service2 | Service2.exe | Identified as a variant of the Win32.Iroffer malware. Located in %Windir%\Drivers\Intel | No |
| X | service32 | service32.exe | Added by the AGOBOT-ST WORM! | No |
| X | service32.exe | [path to trojan] | Added by the DLOADR-AYX TROJAN! | No |
| U | ServiceConfig | ispbeg.exe | Comcast Transition Wizard. On June 30th, 2003 it will migrate E-mail and web pages from AT&T Broadband Internet to Comcast High-Speed Internet. Until then it will run at startup and then terminate - hence the U recommendation | No |
| X | serviceconnect | serviceconnect.exe | Added by the AGOBOT.AIR WORM! | No |
| X | Servicee | services.exe | Detected by Trend Micro as the AGENT.DEI TROJAN! See here. Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Windows or Winnt folder | No |
| X | ServiceHost | svch0st.exe | Detected by Kaspersky as the VB.HE VIRUS! See here | No |
| Y | ServiceLayer | ServiceLayer.exe | Nokia Connectivity Library support task that is needed by NCLTRAY and by the Nokia Connection Manager for either to work properly | No |
| X | servicemng | service.exe | Added by the TAME-C WORM! | No |
| X | Servicer | servcr.exe | Added by the SDBOT.BAH TROJAN! | No |
| X | Servicerepclient1 | SERVICES.EXE | Added by the BRONTOK-BT WORM and variants! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in Documents and Settings\<User>\Local Settings\Application Data\WINDOWS | No |
| X | services | start.bat | Added by the ZCREW TROJAN! | No |
| X | Services | [path to trojan] | Added by the METEORSHELL TROJAN! | No |
| X | Services | back32.exe ...service.exe | Added by an unidentified VIRUS, WORM or TROJAN! Back32.exe is the baddie whose purpose is to HIDE the MIRC32 server in service.exe | No |
| X | Services | services.exe | Added by a number of VIRUSES, WORMS and TROJANS! Note - this is not the legitimate services.exe process which should NOT appear in Msconfig/Startup! | No |
| X | Services | winread.exe | Added by an unidentified VIRUS, WORM or TROJAN! | No |
| X | Services | windns.exe | Added by a variant of the RBOT WORM! | No |
| X | Services | mshost.exe | Added by the LANFILT-J TROJAN! | No |
| X | services | Svchosts.exe | Added by the SDBOT-N TROJAN! | No |
| X | Services | csrss.exe | Added by a variant of the RANKY.U TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! | No |
| X | Services | scks32.exe | Added by a Proxy Trojan variant | No |
| X | Services | sockys32.exe | Added by the RANKY.L TROJAN! | No |
| X | Services | sys.exe | Added by a Proxy Trojan variant | No |
| X | services | windows32.exe | Added by the FLYVB-C WORM! | No |
| X | services | socks.exe | Added by the WIN32.SMALL.N TROJAN! | No |
| X | Services | services.exe | Added by the ZINCITE.A TROJAN! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Windows or Winnt folder | No |
| X | Services | [path to trojan] | Added by the RANCK-DB TROJAN! | No |
| X | Services | iexplore.exe | Added by the MOGI WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System% | No |
| X | Services | svchost.exe | Added by the REPER-B WORM! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder | No |
| X | Services | sysamp.exe | Added by a variant of the SDBOT WORM! | No |
| X | Services | prosys32.exe | Added by an unidentified WORM or TROJAN! | No |
| X | Services | iexplorer.exe | Added by an unidentified WORM or TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe) | No |
| X | Services | iexploler.exe | Added by the RANCK-LT TROJAN! | No |
| X | Services | iexpolere.exe | Added by the RANCK.LU TROJAN! | No |
| X | services | sample.exe | Added by a variant of the RANKY TROJAN! | No |
| X | Services Administrator | localsvc.exe | Added by the DLOADER-NY TROJAN! | No |
| X | Services Administrator | netsvc.exe | Added by the DLOADER-NY TROJAN! | No |
| X | Services Administrator | spoolsvc.exe | Added by the DLOADER-NY TROJAN! | No |
| X | Services Administrator | svcadmin.exe | Added by the DLOADER-NY TROJAN! | No |
| X | Services Administrator | svcman.exe | Added by the DLOADER-NY TROJAN! | No |
| X | Services Administrator | svcrun.exe | Added by the DLOADER-NY TROJAN! | No |
| X | Services Administrator | tcpsvc.exe | Added by the DLOADER-NY TROJAN! | No |
| X | Services Administrator | websvc.exe | Added by the DLOADER-NY TROJAN! | No |
| X | Services Controller | lsassa.exe | Added by the CIADOOR.122 VIRUS! | No |
| X | Services Controller | services.exe | Added by the CIADOOR-F TROJAN! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Windows or Winnt folder | No |
| X | Services DLL Loader | srvdll.exe | Detected by Trend Micro as the IRCBOT.AYN BACKDOOR! See here | No |
| X | Services Host | Scchost.exe | Added by the DONK WORM! | No |
| X | Services Host | svchost32.exe | Added by the AGOBOT-TG WORM! | No |
| X | Services host | svchost.com | Added by the RBOT-EU WORM! | No |
| X | Services Logon | services.exe | Added by the CROWT.A WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in Documents and Settings\<User>\Templates | No |
| X | Services Management Clients | servc.exe | Added by the RIZO.A TROJAN! | No |
| X | Services Managements | servcs.exe | Added by the RBOT-GUC WORM! | No |
| X | Services Manager | svsmanager.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Services Manager! | svmanager.exe | Added by the IRCBOT.ATZ BACKDOOR! | No |
| X | Services Managers | svcmanager.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Services Process | services.exe | Spyware - detected by Kaspersky as the SMALL.X TROJAN! Note - this is not the legitimate services.exe process, which should not appear in Msconfig/Startup! | No |
| X | Services Process | smss.exe | Added by the SMALL-EK TROJAN! Note - this is not the legitimate smss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "config" subfolder | No |
| X | Services Start2 | odcwinst.exe | Added by the PYSKE-D WORM! | No |
| X | Services Startup | services.exe | Added by the CROWT.A WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %ProgramFiles%\Common Files | No |
| X | Services Startup | svhost33.exe | Added by a variant of the RBOT WORM! | No |
| X | Services.dll | smss.exe | Added by the SOBER-L WORM! Note - this is not the legitimate smss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a msagentsystem subfolder of the Winnt or Windows folder | No |
| X | Services.EXE | services.exe | Added by the KAZPING WORM! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Windows or Winnt folder | No |
| X | services.exe | Services.exe | Added by the CIADOOR-F TROJAN! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Windows or Winnt folder | No |
| X | services.exe | servicess.exe | Added by the MSNSPY-B TROJAN! | No |
| X | Services004 | [worm filename] | Added by the BUGBROS WORM! | No |
| X | services32 | mc-110-12-0000079.exe | Added by the TrojanDownloader.Agent.rv TROJAN! | No |
| X | services32 | mc-58-12-0000120.exe | "Shorty" adware - also detected as the AGENT.FD TROJAN! | No |
| X | services32 | mc-58-12-0000140.exe | "Shorty" adware - also detected as the AGENT.FD TROJAN! | No |
| X | Services32 Startup | win32dll.exe | Added by the SDBOT-XO WORM! | No |
| X | ServicesAdministrator | SERVICES.EXE | Added by the PUNYA-B WORM! Note - this is not the legitimate services.exe process, which should not appear in Msconfig/Startup! | No |
| X | Servicesara | services.exe | Added by the BRONTOK-BS WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in Documents and Settings\<User>\Local Settings\Application Data\WINDOWS | No |
| X | ServicesLoad | lsass.exe | Added by the DEARIS-A TROJAN! Note - this is not the legitimate lsass.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder | No |
| X | ServicesLog | ccapp32.exe | Added by the RBOT-AMX WORM! | No |
| U | ServicesNotify | ServicesNotify.exe | Defender Pro Antispy | No |
| X | servicestub.exe | servicestub.exe | Detected by Trend Micro as the RBOT.CN TROJAN! See here | No |
| X | Servicewin | Hide32.exe | Added by the MSNVB-D WORM! | No |
| X | Servicing | hostd.exe | Added by the SDBOT.BUI WORM! | No |
| X | Servicio Local | svhost.exe | Added by the SPYBOT.BGX WORM! | No |
| X | Servicos | AdobeLanc.exe | Added by the BANKER-EHR TROJAN! | No |
| X | Servicos | System.exe | Added by the BANCOS-BCM TROJAN! | No |
| X | servics | servics.exe | Added by the SINGU-J TROJAN! | No |
| X | SERVlCE | SERVlCE.EXE | Added by the AGOBOT-UB WORM! | No |
| ? | ServUTrayIcon | ServUTray.exe | System Tray icon for Serv-U FTP server. Is it required? | No |
| X | SES Service | sesvc.exe | Added by the SDBOT-CZU WORM! | No |
| U | Session Client | sescli.exe | SurfSpy keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| X | Session Manager Subsystem | smssa.exe | Added by the RBOT-AGS WORM! | No |
| X | SESync | sed.exe | DownloadWare adware | No |
| ? | SetCacheMode | rundll32.exe ptipbmf.dll, SetWriteCacheMode | Installed with the miniport drivers for Promise hard drive controllers in both RAID and non-RAID installations. May be necessary in order to maintain preferences applied to the RAID array connected to the Promise controller | No |
| ? | SetDefaultMIDI | MIDIDef.exe | Related to a Soundblaster Audigy soundcards. What does it do and is it required? | No |
| Y | SetDefaultPrinter | cloaker.exe | Used by HP and Compaq computers to hide the windows of programs passed as arguments to it | No |
| N | setdefprt | setdefprt.exe | Used to set a Brother MFC printer/copier/scanner as the default printer after installation | No |
| N | SetDefPrt | BrStDvPt.exe | Used to set a Brother MFC printer/copier/scanner as the default printer after installation | No |
| U | SetecCertUtil | Certutil.exe | Setec Web and Email Security. Setec PKI smart card software. The PKI technology enables secure and reliable user identification in services offered through Internet, mobile handsets and digital TV | No |
| X | setFTPBack | createsw.exe | Added by the FTP_BMAIL TROJAN! | No |
| N | SetHook | SetHook.exe | Fellowes Neato CD label design software. "Launch NEATO's MediaFACE II label making software directly from the productname toolbar" | No |
| N | SETI@home | SETI@home.exe | SETI@home is a scientific experiment that uses Internet-connected computers in the Search for Extraterrestrial Intelligence (SETI). You can participate by running a free program that downloads and analyzes radio telescope data | No |
| N | seticlient | SETI@home.exe | SETI@home is a scientific experiment that uses Internet-connected computers in the Search for Extraterrestrial Intelligence (SETI). You can participate by running a free program that downloads and analyzes radio telescope data | No |
| N | SetIcon | SetIcon.exe | Installed by a 6-in-1 (4 Media Card slots, a floppy drive and a USB connection) device. Constantly updates the icons for the four Media Card slots that it has and is a resource hog | No |
| N | SetiQueue | Setiqu~1.exe | Provides work unit buffering for Seti@Home clients - see here for more details | No |
| N | SetiSpy | SetiSpy.exe | SETI Spy is a little program to "spy" on the progress and performance of the SETI@home client. Called a "spy" because it is unobtrusive as possible | No |
| X | SetPoint | SetPoint.exe | Added by the RBOT-BWI WORM! Note - this is not the valid Logitech Setpoint mouse and keyboard entry that uses the same filename and is located in the LogitechSetpoint sub-folder of Program Files. This file is located in the System (9x/Me) or System32 (NT/2K/XP/Vista) folder | No |
| U | SetPoint | Setpoint.exe | Logitech SetPoint Event Manager for their range of mice and keyboards. Required if you want to use the advanced features of these devices and is located in the LogitechSetpoint sub-folder of Program Files | No |
| X | SETPOINT Logitech Inc | KHALMNP.exe | Added by the RBOT-AAX WORM! | No |
| U | SetRefresh | SetRefresh.exe | Video refresh rate utility found on some HP and Compaq PCs. Recommended for CRTs but not LCDs | No |
| X | Setting | sysweb.exe | Added by the SDBOT.GEN TROJAN! | No |
| N | setup | hphprld.exe ....setup.exe | HP DeskJet Setup - printers function normally without it | No |
| X | Setup | [path to trojan] | Added by the DROPPER.EAT TROJAN! | No |
| X | Setup experation | svchost.exe | Added by the TOFGER-AW TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in the Winnt or Windows folder | No |
| X | setupa | runt32.exe | Added by the QQPASS-K TROJAN! | No |
| X | setupdata | rnll32.exe | Added by the QQPASS-AC TROJAN! | No |
| N | SetupICWDesktop | icwconn1.exe | Appears to be the "Internet Connection Wizard" from Internet Explorer being set-up as a desktop shortcut. Appears under the RunOnce registry key but is available under Start -> Programs -> Accessories -> Communication (or similar) anyway | No |
| X | setupuser | regedit.exe setupuser.log | Regfile in disguise - another CoolWebSearch parasite variant | No |
| ? | setuzp | setuzp.exe | ?? | No |
| X | SetVrc | setvrc.exe | Added by the HUNTOCX WORM! | No |
| X | Sevice | winconfig.exe | Added by the GIP.113.B1 TROJAN! | No |
| X | Sex Teris | st01b.exe | Added by the REPAD WORM! | No |
| X | Sexnow | Sexnow.exe | Added by the SENOW-B premium rate adult content dialler | No |
| X | Sexy_Blondes | Sexy_Blondes.exe | Added by the Sexy DIALER! Related also to Hot Tarts DIALER! | No |
| X | Sexy_sg | Sexy_sg.exe | Premium rate adult content dialler | No |
| X | sf | sf.exe | SurfEnhance adware component | No |
| N | SFIGUI | SFIGUI.EXE | Sonic Focus - "enhances music, movie and game sound by analyzing compressed audio streams in realtime, then restoring and enriching audio back to its original performance qualities" | No |
| X | sfita | sfita.exe | Added by the FAVADD-H TROJAN! Also known as SurfEnhance adware | No |
| X | SfKg6w | rayiou.exe | Added by the AGENT.BUO WORM! | No |
| X | SfKg6wIP | [random filename] | Identified as a variant of the TrojanDownloader.Matcash malware | No |
| X | SfKg6wIPu | [random filename] | Identified as a variant of the TrojanDownloader.Matcash malware | No |
| N | SFP | vzSFPWin.EXE | Verizon Online Support Center - prompts for online updates | No |
| U | sfpc | sfpc.exe | Spy4PC surveillance software. Uninstall this software unless you put it there yourself | No |
| X | SFtrb Service | cftrb32.exe | Added by the SOBIG.D WORM! | No |
| U | SfWinStartInfo | sfWinStartupInfo.exe | SFIRM32 Online Banking software | No |
| U | Sgecrypt | Sgecrypt.exe | SafeGuard Easy - "provides total company-wide protection for sensitive information on laptops and workstations. Boot protection, pre-boot user authentication and hard disk encryption using powerful algorithms guarantee against unauthorized access and hacker attacks" | No |
| U | Sgeecview | Ecview.exe | SafeGuard Easy - "provides total company-wide protection for sensitive information on laptops and workstations. Boot protection, pre-boot user authentication and hard disk encryption using powerful algorithms guarantee against unauthorized access and hacker attacks" | No |
| U | sginst | sginst.exe | eAcceleration Stop-Sign security software related. Previously not recommended, see here | No |
| ? | SGTBox | SGTBox.exe | Canon scanner driver. Is it required? | No |
| U | sgtray | sgtray.exe | StorageGuard from Veritas. Free utility that integrates with Backup MyPC (formerly Backup Exec Desktop), Simple Backup and MS Backup. Provides system tray access and background monitoring - warning you of files that haven't recently been backed up. Required unless you backup manually on a regular basis or have scheduled backups | No |
| Y | Shadow | Shadow.exe | "NTI Shadow 3 is an award-winning easy-to-use backup application that automatically protects your photo, music, video, and various data files. It makes data restoration as easy as dragging and dropping files from one place to another" | No |
| U | ShadowUser Pro Edition | ShadowUser.exe | "StorageCraft? ShadowUser? provides easy to use desktop security and protection for Windows operating systems. ShadowUser is the best way to prevent unwanted changes to PCs and laptops" | No |
| X | shambl3r | cnf.bat | Added by the REMABL WORM! | No |
| X | shambl3r* | shambl3r.exe | Added by the REMABL WORM! where * is 2 to 11 | No |
| X | SHAProc | SHAProc.exe | Added by the WINKO.AO WORM! | No |
| N | Share-to-Web Namespace Daemon | hpgs2wnd.exe | HP's exclusive Share-to-Web software makes it easy to share content with others through our affiliate Internet websites. In other words an application that allows users to upload scanned images to their personal webpages if desired. Available via Start -> Programs | No |
| N | Shareaza | Shareaza.exe | Shareaza P2P client | No |
| U | Shareaza | bindata.exe | Shareaza P2P client related | No |
| X | sharedprem | sharedprem.exe | Added by the MAKECALL TROJAN! | No |
| X | ShareSearcher | [path to trojan] | Added by the AGENT-FPE TROJAN! | No |
| X | ShareSearcher | wsusupd.exe | Added by the ENCLAG-A TROJAN! | No |
| Y | Sharing and Mapping Software | DShmap.exe | Intel AnyPoint internet sharing software. Now discontinued | No |
| N | SharkEject | AEJCT32.exe | Allows you to eject a disk from the Avatar Shark drive from the system tray. When loaded, there is a desktop icon so this isn't required | No |
| U | SharpTray | SharpTray.exe | Part of Sharpdesk from Sharp Electronics. "A desktop-based, personal document management application that lets users browse, edit, search, compose, process, and forward both scanned and native electronic documents" | No |
| N | Shcenter | chcenter.exe | IMSI HiJaak - "the easiest way to convert, capture, and manage all your graphic files" | No |
| X | shdef | shdef.exe | Added by the VB-DVS TROJAN! | No |
| X | SheduIer | svchst.exe | Premium rate adult content dialler | No |
| X | SheduIer | shch.exe | Added by the BDOOR-EB BACKDOOR! | No |
| X | SheduIer | winagent.exe | Added by the BDOOR-EB BACKDOOR! | No |
| X | Shedule Connection | arpo412.exe | Added by the PPDOOR-R WORM! | No |
| X | Sheduler | nerocheck.exe | Added by the TACTSLAY.B TROJAN! | No |
| X | Shell | Shell32.exe | Added by the BADSECTOR TROJAN! | No |
| X | Shell | ray.exe | Homepage hijacker re-directing browsers to adult content websites | No |
| X | Shell | Tray.exe | Homepage hijacker re-directing browsers to adult content websites | No |
| X | Shell | wmedia16.exe | Added by the GOLDUN TROJAN! | No |
| X | Shell | Open32.exe | Added by the SMALL-DL TROJAN! | No |
| X | Shell | Explorer.exe sound_drive16.exe | Added by the GP TROJAN! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in the System subfolder | No |
| X | Shell | Explorer.exe, msmsgs.exe | Added by the ZLOB TROJAN! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| X | Shell | Explorer.exe [path] svchost.exe | Added by the DOYORG TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in the Winnt or Windows folder | No |
| X | shell | explorer.exe | Added by the KAKKEYS TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System% | No |
| X | Shell | iexplore.exe | Added by the KIPIS-U WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System%\Microsoft | No |
| X | Shell | ibm0000*.exe [* = digit] | Added by the TORPIG-C and TORPIG-J TROJANS! Filenames spotted include ibm00001.exe, ibm00002.exe, ibm00005.exe and so on | No |
| X | Shell | taskmrg.exe | Added by the BANCBAN-FT TROJAN! | No |
| X | Shell | Explorer.exe winupdate.exe | Added by the AGENT-FD TROJAN! | No |
| X | Shell | ibm[RANDOM 5 DIGIT NUMBER].exe | Added by the ANSERIN TROJAN! | No |
| X | Shell | svchost.exe | Added by the GOLDSPY-B TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder | No |
| X | Shell | ibm00001.dll | Added by the TORPIG-Q TROJAN! | No |
| X | Shell | wmedia32.exe | Added by the AGENT-BR TROJAN! | No |
| X | Shell API32 | svcnet.exe | Added by the TIBICK.C WORM! | No |
| X | Shell Extension | spollsv.exe | Added by the LOVGATE.Z WORM! | No |
| X | Shell Tray Window | ShellTraywnd.exe | Added by the STULTDOR-A TROJAN! | No |
| X | shell update | shellexec.exe | Added by the RBOT-ANC WORM! | No |
| X | Shell.exe | Shell.exe | Added by the EMERLEOX.S WORM! | No |
| X | Shell32 | Shell32.vbs | Added by the SCAFENE WORM! | No |
| X | shell32 | ntldrt.exe | Added by the JLOK-A WORM! | No |
| X | Shell32 | iexplore.exe | Added by the IRCBOT-AY BACKDOOR! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System% | No |
| X | Shell32 | explorer.exe | Added by the SDBOT-NF WORM! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System% | No |
| X | ShellApi | SHELLMSN.EXE | Added by the NETDEV.B TROJAN! | No |
| X | Shellapi32 | Shellapi32.exe | Added by the NETDEVIL (or NERTE) TROJAN! | No |
| X | Shellapi32 | mcvsrte.exe | Added by an unidentified WORM! Note - do not confuse with the McAfee SecurityCenter file of the same name | No |
| X | shellbn | [random].dll | SoftStop misleading security software - not recommended, see here | No |
| X | ShellCommand | [path to file] | Added by the REMCON-A TROJAN! | No |
| X | Shelldaemon | Shelldaemon.exe | Added by a variant of the AGENT.ALN TROJAN! | No |
| X | ShellEx | ShellEx.exe | Added by the ANAKHA TROJAN! | No |
| X | ShellN | isca.exe | Added by the IBILL.Z TROJAN! | No |
| X | ShellOS | A+++.exe | Added by the AV TROJAN! | No |
| X | ShellRun | lexplore_.exe | Added by the MSNOPT-A TROJAN! | No |
| X | ShellRun32 | iexplore.exe | Added by the IRCBOT-AY BACKDOOR! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System% | No |
| X | Shellspl | lsas.exe | Added by the YALER-A TROJAN! | No |
| X | Shellspl | spools.exe | Added by the PROXAGE-A TROJAN! | No |
| X | shellsystem | shellsystem.exe | Added by the UPCHAN TROJAN! | No |
| X | shhost | shhost.exe | Added by the AGENT.CE TROJAN! | No |
| N | shicoxp | shicoxp.exe | Installed with the drivers for multi card readers of various brands. To differentiate between the various card slots on multi slot readers the shicoxp.exe file assigns and loads unique drive icons for the various card slots that are displayed in Windows Explorer | No |
| X | Shield Security | shield.exe | Added by the RIZO.A TROJAN! | No |
| X | Shield32 Security | shield32.exe | Added by the RIZO.A TROJAN! | No |
| X | Shine | Shine.exe | Added by the HAPPYLOW (or NISHE-A) VIRUS! | No |
| ? | SHINITV | shinitv.exe | ?? | No |
| X | Shmgrate.exe | ibot4.exe | Added by the GASTER TROJAN! | No |
| N | ShockmachineReminder | SmReminder.exe | "Shockmachine is a stand-alone application that lets users collect Macromedia Shockwave and Flash titles and play them offline". Could be a registration reminder for the trial version | No |
| X | Shockwave | csrss.exe | Added by the SNDOG WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| N | Shockwave Init | SWINIT.EXE | Part of Macromedia Shockwave. Controls the Shockwave Remote Control Panel. The Remote Control can be activated manually from the Start Menu by locating and selecting Shockwave and then Shockwave Remote under Programs | No |
| X | Shockwave Support | FlashPlayer.exe | Added by the DELF-DRA WORM! | No |
| N | ShopSafe | ShopSafe.exe | Created by Orbiscom for MNBA (now Bank of America) - ShopSafe creates a temporary card number each time you make an online purchase | No |
| N | ShortKeys 99 | SHORTKEY.EXE | ShortKeys from Insight Software Solutions - allows you to program keys with text strings | No |
| U | ShortKeys Lite | shklite.exe | ShortKeys Lite from Insight Software Solutions, Inc. A macro utility to automate a task that you perform repeatedly or on a regular basis | No |
| Y | sHotKey | sHotKey.exe | Special function key manager for Chicony keyboards - see here | No |
| X | Showbehind | SHOWBEHIND.EXE | Advertisement display which can be stopped here | No |
| X | ShowFF | ShowFF.exe | FFToolBar adware toolbar | No |
| ? | ShowIcon_Justrams_USB Product Driver v2.12r012 | shwicon.exe | Related to Just Rams USB product driver. Is it required? | No |
| U | ShowIcon_PNY_PNY Attach | shwicon.exe | PNY Attach? USB flash memory stick System Tray icon - shows when the device is plugged in | No |
| ? | ShowIcon_SmartDisk Corporation_USB Card Reader v1.14e051 | shwicon.exe | Card reader for memory cards from digital cameras. Is it required? | No |
| U | ShowLOMControl | [strange symbol] | Note that there is a strange symbol in the command field. HKLMSoftwareMicrosoftWindowsCurrent VersionRunShowLOMControl Reg_DWORD 0x00000001 (1) LOM = LAN on Motherboard.It mean Show "LAN on Motherboard" Control.On systems where you can install an external LAN interface, it will warn you that you already have a built-in LAN interface. Appears to be a feature on certain Dell systems | No |
| X | Showme | Ruden.vbs | Added by the HANDLE-A VIRUS! | No |
| U | ShowWnd | ShowWnd.exe | Found on Gateway computers (and maybe others) - see here. "Showwnd is included with the Chicony keyboard software and is used by the software to stop the keyboard driver's taskbar entry from reappearing. It is not necessary to remove the keyboard software, however if you wish it can be removed through Add or Remove Programs" | No |
| U | SHPC32 | SHPC32.exe | Port monitor for Lexmark printers on a USB connection. Ties in with the Printer Control Program. Features like cancelling a print are unavailable if disabled | No |
| Y | ShStatEXE | SHSTAT.EXE | From McAfee VirusScan NT 4.x. Handles program communication among VShield components, displays VShield icon. Can be started automatically or available via Start -> Programs | No |
| U | Shutdownaware | shutdownaware.exe | Loaded by the SWEEX 6-in-1 Media Card Reader to properly manage the reader while it is connected to your system | No |
| U | ShutDownPro | ShutDownPro.exe | ShutDownPro - shutdown, reboot, logoff your System with one mouse click | No |
| N | Si Meter | SIMETER.EXE | Si Meter - keep track of things like CPU activity, network activity and speed, hard-drive activity, hard-drive space, system memory, running processes, or just date and time | No |
| X | si91e44b | rundll32.exe si91e44b.dll, EnableRunDLL32 | LZIO.com adware downloader. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "si91e44b.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| U | SIA2006 | SIA2006.exe | Part of Steganos Internet Anonym privacy software | No |
| U | SIAPRO6 | sia.exe | Steganos Internet Anonym privacy software | No |
| X | Sicom | Sicom.exe | Added by the NETLIP WORM! | No |
| U | SideACT | SideACT.exe | SideACT organizer software | No |
| U | Sidebar | Sidebar.exe | Windows Sidebar is a pane on the side of the Microsoft Windows Vista desktop where you can keep your gadgets organized and always available. If the file isn't located in %ProgramFiles%\Windows Sidebar or you're using other versions of Windows it could be part of the Searchcentrix hijacker | Yes |
| N | SIDEBAR | dsidebar.exe | "Desktop Sidebar provides you with instant access to the information you most desire by grabbing data from your PC and the internet. The result is a dynamic visual display you configure and control" | No |
| N | SideWinderTrayV4 | SWTrayV4.exe | MS SideWinder game controller system tray icon. This is specific to version 4 of the software. Available via Start -> Programs | No |
| U | SightSpeed | SightSpeed.exe | SightSpeed Video Chat - "lets you connect with all your friends and family easily. Make video calls, phone calls, and send video mails and text messages to everyone in your network, anywhere in the world" | No |
| N | SigmaTel Audio | setup.exe | Sigmatel audio driver | No |
| N | SigmatelSysTrayApp | stsystra.exe | System tray program for the Sigmatel Audio sound card. Often found on Dell computers | No |
| N | SigmatelSysTrayApp | sttray.exe | System tray program for the Sigmatel Audio sound card. Often found on Dell computers | No |
| ? | SigX | sigx.exe | ?? | No |
| X | SigXC | SigX.exe | SigX is a "dynamic signature image generated based on whatever data your computer sends it though our SigX program. It can display your current Mp3, current OS, Free Ram, your current time and more" | No |
| N | Simcast | SimcastAlerts.exe | Simcast is a free service that allows you to subscribe to information on a large variety of topics. Alerts will appear on your desktop when a channel that you have subscribed to has something to say | No |
| N | Simple Star PhotoShow Media Manager | mssysmgr.exe | Simple Star PhotoShow photo editing and organizing software, makes it easy to send and share digital photos. Bundled with software from Nero, ComCast, SnapFish, MacroMedia and others | No |
| N | Simplify Media | SimplifyMedia.exe | Simplify Media media manager - "enjoy songs from home while at work or from any WiFi location. Explore friends' music while they are online" | No |
| U | SimpLite-MSN | SimpLite-MSN.exe | Required if you use the SimpLite add-on to MSN Messenger (SimpLite adds encryption to the instant messaging service) | No |
| X | sInErA | .exe | Added by the SILLYFDC-AB WORM! | No |
| X | Singapore | singapore.exe | Adds a blue crescent to the taskbar and when double-clicked displays an adult-content web-site. Also known to drop your internet connection and dial an international telephone number. See here for more information. Must be disabled in MSCONFIG before un-installing or it re-instates itself | No |
| U | Sinus 1054 data WLAN Manager | Wifiusb.exe | Wireless management utility for the T-Com Sinus 1054 Data WLAN adapter | No |
| N | SipDiscount | SipDiscount.exe | SipDiscount - internet telephony utility using the VoIP (Voice over Internet Protocol). Call online friends for free and regular phones either for free (limited use) or low rates. One of a number provided by Betamax - the others generally have different rate plans. Similar to the more popular Skype | No |
| U | SIPPS | SIPPS.exe | Web.de Internet phone utility | No |
| X | SiS Dns | dnssvc.exe | Added by the DLOADER-UE TROJAN! | No |
| N | SiS KHooker | khooker.exe | SiS Keyboard Daemon. System Tray utility which gets installed by the drivers of the latter day SiS VGA cards. Can cause errors at startup and isn't required | No |
| X | SiS Mpc Service | mpcsvc.exe | Added by the CIADOOR-CJ TROJAN! | No |
| U | SiS Tray | sistray.exe | System Tray icon for SiS based graphics. Note - this resides in C:WindowsSystem | No |
| U | SiS Windows KeyHook | keyhook.exe | SIS graphics cards related: "Super VGA Keyboard Daemon" - hooks into the keyboard processing chain in order to enable hotkey settings | No |
| X | sis32 | winsos.exe | Added by the QQPASS.IA WORM! | No |
| Y | SiS7012Utility | SiSAudUt.exe | SiS Corporation sound card driver | No |
| ? | SISAM10M | SISAM10M.exe | ?? | No |
| N | SiSAudio | MP_S3.exe | WinME patch for an older SiS 961 chipset FERR bug. Enable if you have audio problems | No |
| U | siscolor | color.exe | Probably on-board graphics related based upon the SiS chipsets. Has been seen on ASUS motherboards with SiS chipsets and known to cause conflicts if you choose another graphics card and disable the on-board | No |
| U | siService.exe | siService.exe | Spam Inspector - anti email spam software | No |
| ? | SiSPower | Rundll32.exe SiSPower.dll, ModeAgent | Responsible for power management for SIS chipsets - is it required? | No |
| U | SiSRaid | SRaid.exe | Related to the SIS Raid system from Silicon Integrated Systems | No |
| ? | SiSSetCDfmt | SiSSetCDfmt.exe | Related to a Silicon Integrated Systems Corp (SiS) product? | No |
| ? | SISSoundman | Soundman.exe | Related to a Silicon Integrated Systems Corp (SiS) product? | No |
| U | SiSSWLED | sisswled.exe | System Tray utility for SiS 900 network cards | No |
| X | Sistema | wab32.exe | Added by an unidentified VIRUS, WORM or TROJAN! See here | No |
| X | sistrai.exe | sistrai.exe | Added by the PROVA TROJAN! | No |
| X | sistray | sistray.exe | Added by the PROVA TROJAN! | No |
| U | sistray | sistray.exe | System Tray icon for SiS based graphics. Note - this resides in C:WindowsSystem | No |
| X | Sistray32 | remotehost.pif | Added by the HOLCAS.A WORM! | No |
| X | Sistray32 | win.bat | Added by the JUMPRED.A WORM! | No |
| X | Sistray32 | virus.exe | Added by the TOMETA-C TROJAN! | No |
| X | sistry | sistry.exe | Added by the CEBE WORM! | No |
| N | SiSUSBRG | SiSUSBrg.exe | SiS USB Registry Patch File - fixes the undetectable problem with SiS USB controller on Windows XP | No |
| U | SiteAdvisor | SiteAdv.exe | SiteAdvisor from McAfee warns you before you interact with a dangerous Web site | No |
| X | sittachasnahalbasya | ntoskernel.exe | Added by the HANSAH-A WORM! | No |
| X | sixer566 | sscc.exe | Added by an unidentified WORM or TROJAN! | No |
| X | sixtysix | sixtypopsix.exe | Medload adware | No |
| X | sjduwiwx | rnxntup.exe | Added by a variant of the ORCU.B TROJAN! | No |
| U | SK51 | SK51.EXE | SaveKeys keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| U | SK60 | SK60.EXE | SaveKeys keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| U | SK9910DM | SK9910DM.EXE | Multi-function keyboard driver. Allows the use of programmable keys on mulimedia keyboards. Required if you use the additional keys | No |
| U | SKDAEMON | SKDAEMON.EXE | Multi-function keyboard driver. Allows the use of programmable keys on mulimedia keyboards. Required if you use the additional keys | No |
| U | SkinClock | AtomicAlarmClock.exe | Atomic Alarm Clock - "Alert yourself about important events with different alarms and replace your computer tray clock using different skins. Computer Alarm clock that will play any MP3 file. It can also run a program, log off, wake up, reboot, shut down, turn off etc..." | No |
| U | skinkers | skinkers.exe | Selection of desktop messaging/marketing tools with celebrity tie-ins including MTV's "Desktop Ozzy" and Arsenal's "Desktop Wenger" - see here. Leave enabled if you want to receive messages | No |
| X | Skra | Skra.exe | Identified as a variant of the TrojanDownloader.Matcash malware | No |
| U | SKRSpyWarn | Warn.exe | SmartKeylogger keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| U | sks-32 | SKS32P~1.EXE | SpyKeySpy surveillance software. Uninstall this software unless you put it there yourself | No |
| U | sks-32 | sks32proc.exe | SpyKeySpy surveillance software. Uninstall this software unless you put it there yourself | No |
| X | Skunk | Skunk.exe | Added by the SUNK-A WORM! Note - this file is found in the root folder (C:), (D:), etc | No |
| Y | SkyBlaster Scheduler | SSFSch.exe | For Gilat Communications internet satellite systems - associated with SkyBlaster modem. Required if you have this system | No |
| X | skynetave.exe | skynetave.exe | Added by the SASSER.D WORM! | No |
| X | SkynetRevenge | winlogon.scr | Added by the NETSKY.AA WORM! | No |
| N | Skype | Skype.exe | "Skype is free and simple software that will enable you to make free calls anywhere in the world in minutes" | No |
| X | Skype Startup | skyp.exe | Added by the VANBOT-C WORM! | No |
| N | SkypeMate | SkypeMate.exe | SkypeMate acts as a bridge between networks of VoIP and PSTN | No |
| X | SkypeStartup | Skype.exe | Added by the PYKSE-A WORM! | No |
| Y | SkySurfer Management Service | SmaServ.exe | For Gilat Communications internet satellite systems - associated with SkyBlaster modem. Required if you have this system | No |
| U | SkyTel | SkyTel.exe | Process associated with Realtek Voice Manager for some of their audio chipsets | No |
| X | sl4 rules | rbot32.exe | Added by the SDBOT-QC WORM! | No |
| X | slack12 | mfcee.exe | Added by a variant of the SDBOT WORM! | No |
| X | Slayhacker734 | slay7383.exe | Added by the SIKBOT-A TROJAN! | No |
| N | SleepManager | SleepMgr.exe | This program locates free contiguous disk spaces and allocates them for storing BASE MEMORY, EXTENDED MEMORY, VIDEO MEMORY, and SM RAM. It helps the computer come out of hibernate mode | No |
| U | Slibe.com | Sliber.EXE | Sliber - freeware screen capturing & online sharing tool | No |
| U | SlickRun | sr.exe | "SlickRun is a floating command line utility for Windows. It gives you almost instant access to any program or website. SlickRun allows you to create command aliases (known as MagicWords), so C:Program FilesOutlook Expressmsimn.exe becomes MAIL" | No |
| X | slide | Iexplore.exe | Added by the GASLIDE TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! | No |
| N | slimp3 | SliMP3 Server.exe | Slimp3 Server - "presents an entirely new way of accessing and enjoying your music collection. Instead of storing your music on CDs or memory cards, the SliMP3 uses your home network to access the music stored on your PC" | No |
| N | Slingshot | SLINGS~1.EXE | Atomica Slingshot - "reference tool with access to dictionary and encyclopedia terms, bios, technical terms, history, geography, and much more". Now superseed by 1-Click Answers | No |
| Y | slipcore | slipcore.exe | Core module for Slipstream - internet acceleration through compression/decompression techniques, intelligent cacheing on the server side, and real-time conversion of large/high-bandwidth images to less bulky pix. Used by popular ISPs such as IceNet, Wanadoo, Terra, OnSpeed, United Online and AOL Canada. Required if the user's account is locked in to that proxy server | No |
| Y | slipgui | slipgui.exe | User interface for Slipstream - internet acceleration through compression/decompression techniques, intelligent cacheing on the server side, and real-time conversion of large/high-bandwidth images to less bulky pix. Used by popular ISPs such as IceNet, Wanadoo, Terra, OnSpeed, United Online and AOL Canada. Required if the user's account is locked in to that proxy server | No |
| Y | SlipStream | slipcore.exe | Core module for Slipstream - internet acceleration through compression/decompression techniques, intelligent cacheing on the server side, and real-time conversion of large/high-bandwidth images to less bulky pix. Used by popular ISPs such as IceNet, Wanadoo, Terra, OnSpeed, United Online and AOL Canada. Required if the user's account is locked in to that proxy server | No |
| X | slmss | slmss.exe | SeekSeek search hijacker related - see here | No |
| X | sload | sload.exe | Win SynchroAd adware, also detected as DLOADER-QG TROJAN! | No |
| X | sload | sload32.exe | Added by the SDBOT-OY WORM! | No |
| X | slvchost32 | slvchost32.exe | Added by an unidentified VIRUS, WORM or TROJAN! | No |
| X | sm | sa_exe.exe | Added by the OLFEB.A TROJAN! | No |
| X | sm | sf_exe.exe | Added by the OLFEB.A TROJAN! | No |
| X | sm | sm_exe.exe | Added by the OLFEB.A TROJAN! | No |
| X | sm | sr_exe.exe | Added by the LUKUSPAM TROJAN! | No |
| X | SM | iro.bat | Added by the IROFFER.CT TROJAN! | No |
| N | SM1BG | SM1BG.EXE | USB driver for downloading from within Napster and iTunes to portable MP3 players. Only required at startup if you use it all the time - otherwise start it manually when required | No |
| N | SM1NINT | SM1NINT.exe | Cypress USB Mass Storage Driver Notification Icon Application - tray notification for Cypress base memory sticks and external storage devices for Win98 | No |
| N | SM56 Helper Win32 Utility | sm56hlpr.exe | Helper utility for Motorola based SM56 software modems - resides in the System Tray | No |
| N | Sm56acl | sm56hlpr.exe | Helper utility for Motorola based SM56 software modems - resides in the System Tray | No |
| U | sma | sma.exe | SmartKeylogger keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| X | sman | app***.tmp [* = digit] | Unidentified adware | No |
| X | SManager | smanager.*.exe [* = digit] | Added by the AGENT.BJO TROJAN! | No |
| X | SManager | smanager.7.exe | Added by the DWNLDR-GVG TROJAN! | No |
| X | SmansaApp | winlogon.exe | Added by the ROMARIO-A WORM! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup and is always located in the System32 folder. This file is placed in the Windows or Winnt folder | No |
| N | Smapp | smtray.exe | System Tray access for the Compaq/ADI SoundMAX integrated digital audio controller | No |
| N | Smart Card Service | ScardSvr.exe | For Smart Card readers. Known to cause problems, especially for Windows 2000 users - see here. Probably not required unless you use such a device regularly | No |
| U | Smart Connect Monitor | SCMon.exe | Appears on a Sony Vaio. Smart Connect Version 2.1 enables data transfer between Vaios via i.LINK cable. Smart Connect supports File and Printer Sharing for MS networks. You can copy files from your Vaio to another Vaio or print using a printer connected to a remote Vaio | No |
| U | Smart Connect Setup | SCSetup.exe | Appears on a Sony Vaio. Smart Connect Version 2.1 enables data transfer between Vaios via i.LINK cable. Smart Connect supports File and Printer Sharing for MS networks. You can copy files from your Vaio to another Vaio or print using a printer connected to a remote Vaio | No |
| U | Smart Keyboard | Smartkbd.exe | Netropa Smart Keyboard driver | No |
| N | Smart Label O Server | ssloserv.exe | Part of the printer software for the smart-label printer made by Seiko. Can be disabled safely | No |
| N | Smart Label RFViewer | SSLFVIEW.EXE | Part of the printer software for the smart-label printer made by Seiko. Can be disabled safely | No |
| N | Smart Start UP | PnPDetect.exe | Part of Presto! Mr.Photo - "an ideal program for creating, sharing, and manag-ing digital images and videos" | No |
| U | Smart Touch | STouch.exe | Related to Plustek OpticSlim scanner | No |
| N | Smart Type Assistant | sta.exe | Smart Type Assistant - a complex typing automation tool, intended to make your work faster and safer | No |
| U | Smartalec | pcaccel.exe | Smartalec PC Accelerator - system optimization utility | No |
| U | SmartAudio | SmartAudio.exe | Conexant SmartAudio PC audio chipset software - typically available on HP notebooks with built-in microphones | No |
| N | SmartBarXP | SmartBarXP.exe | SmartBarXP is a bar that runs down the side of your screen, and can be configured to display interactive panels known as 'panes'. These panes include media players, slideshow and image viewing panes, a virtual desktop manager, and live news, weather and stock feeds to mention but a few | No |
| N | sMaRTcaPs | SMARTC~1.EXE | sMaRTcaPs from Phoebus LLC - enables you to configure the time needed to depress Caps Lock, Num Lock & Insert keys | No |
| N | SmartDefrag | IObit SmartDefrag.exe | "IObit SmartDefrag helps defragment your hard drive more efficiently than any other product on the market - free or not" | No |
| U | Smarthruengine | QS.exe | Samsung smarthru software, used with Lexmark Z82 or Samsung multifunction printers | No |
| U | SmartPCXL | pcaccel.exe | Smartalec PC Accelerator - system optimization utility | No |
| U | SmartRAM | MemCleaner.exe | Memory Cleaner - monitors your system in the background and frees up memory when ever need to increase the performance of your computer. Part of IOBit Advanced Windows Care Personal/Professional | No |
| U | SmartRAM | Sup_SmartRAM.exe | Memory management part of the Advanced SystemCare system utility from IObit | No |
| U | SmartSync Pro | SmartSync.exe | Related to CompanionLink Software Inc. Synchronization solutions for ACT!, GoldMine, Lotus Notes and Microsoft Outlook | No |
| N | SMax4 | SMax4.exe | System Tray icon for SoundMax integrated sound. Sound properties can be accessed through the Start Menu or Control Panel | No |
| U | SMax4PNP | SMax4PNP.exe | SoundMax integrated sound. Required if you have custom settings for your sound, such as effects and environments | No |
| ? | smbdpmi | smbdpmi.exe | IBM Netfinity Director and Universal Management Services related. What does it do and is it required? | No |
| Y | smc | smc.exe | Sygate Firewall | No |
| Y | smc | spfsmc.exe | Sygate Firewall | No |
| Y | SMC Service | smc.exe | Sygate Firewall | No |
| Y | SMC Service | spfsmc.exe | Sygate Firewall | No |
| X | smcserv | winsrv.exe | Added by the AGOBOT-OU WORM! | No |
| Y | SmcService | smc.exe | Sygate Firewall | No |
| Y | SmcServices | smc.exe | Sygate Firewall | No |
| Y | SmcServices | spfsmc.exe | Sygate Firewall | No |
| X | smcss | smcss.exe | Added by the SCLOG-AJ TROJAN! | No |
| ? | Smcsta.exe | Smcsta.exe | SMC Networks wireless PCI card driver. Is it required? | No |
| X | SmcSVR | SmcSVR.exe | Added by the LEGMIR.JU TROJAN! | No |
| X | smgr | mgrs.exe | Covert Sys Exec malware variant | No |
| X | smgr | smgr.exe | Added by an unidentified WORM or TROJAN! | No |
| X | smile | wcs.exe | Added by the ZLOB.MEDIA-CODEC TROJAN! This purports to be a Windows Media Player upgrade (with names such as "iCodecPack", "X Password Manager" and "Media-Codec") to allow the user to view adult oriented videos on certain websites - but actually downloads and installs additional malware on the user's machine. Various directories and filenames are used - see the link for details | No |
| N | SmileboxTray | SmileboxTray.exe | System Tray access to Smilebox photo sharing/printing service | No |
| X | Smiley District | plugin.exe | Smiley District adware | No |
| N | Smileycons | smileycons.exe | Smileycons - free smileys, emoticons and animations package | No |
| N | Smith Micro try | smiptray.exe | Smith Micro shared files. Comes with D-Link web cam | No |
| U | smodul | smodule.exe | UserMonitor from Neuber. Teachers can broadcast screen to other screens, see students screens in a network and detect unauthorized software | No |
| N | SmoothView | SmoothView.exe | TOSHIBA Zooming Utility - allows "automatic" zoom feature in some appications, like IE, MS-Office, WMPlayer, Adobe Reader and also desktop icons | No |
| U | SMPAutoStart | smpdemo.exe | Smart Phone Recorder demo from KenGolf.com. Answering Machine, Caller ID, Call Recording | No |
| U | SmpcSys | SmpSys.exe | "Set Up My PC" utility supplied with some Packard Bell computers | No |
| X | smres | smres.exe | Added by the AGOBOT-UA WORM! | No |
| X | smrtdrv | runtime.exe | Added by the AGOBOT.MT WORM! | No |
| X | SMS | iro.bat | Added by the IROFFER.CT TROJAN! | No |
| U | SMS Application Launcher | LAUNCH32.EXE | Microsoft Systems Management Server - used to manage computers on a network remotely | No |
| U | SMS Client Service | clisvc95.exe | When the SMS Client service starts on a domain controller, the Client service modifies the SMSCliToknAcct & user account group membership, user rights, and account comment. The Client service then waits for the synchronization of the comment to verify that the account and user rights are properly set for this account. This account is used to obtain a token to start the SMS Client processes, such as the Software Inventory and Software Distribution agents (MS Systems Management Server) | No |
| X | Sms System32 | SmsSystem32.exe | Unidentified malware | No |
| U | SMS Win9x Message Agent | SMSMsg.exe | This program assigns a user to a Systems Management Server site | No |
| N | SmsDiscount | SmsDiscount.exe | SmsDiscount - free internet telephony utility using the VoIP (Voice over Internet Protocol). Call online friends for free and regular phones either for free (limited use) or low rates. One of a number provided by Betamax - the others generally have different rate plans. Similar to the more popular Skype | No |
| N | Smserial | sm56hlpr.exe | Helper utility for Motorola based SM56 software modems - resides in the System Tray | No |
| X | SMSERIALSTARTER | win32st.exe | Detected by McAfee as the FAKEALERT-AH TROJAN! See here. Installed with the SpyBurner spyware remover - which is not recommended, see here | No |
| X | SMSERIALWORKERSTART | shellexcon.exe | Detected by McAfee as the FAKEALERT-AH TROJAN! See here. Installed with the SpyBurner spyware remover - which is not recommended, see here | No |
| X | SMSERIALWORKERSTARTER | winstrse.exe | Added by an unidentified WORM or TROJAN! See here. Installed with the SpyBurner spyware remover - which is not recommended, see here | No |
| X | SMSERIALWORKSTARTER | comsysobj.exe | Detected by McAfee as the FAKEALERT-AH TROJAN! See here. Installed with the SpyBurner spyware remover - which is not recommended, see here | No |
| X | smsger | Win.exe | Added by a variant of the SDBOT WORM! | No |
| N | SMSI Loader | SMLoader.exe | Smith Micro HotFax - fax software | No |
| X | smsm | smsm.exe | Added by the BANKER-CO TROJAN! | No |
| X | smsrv | smsrv.exe | Added by the AGOBOT-SX WORM! | No |
| X | SMSS | smss.exe | Added by the FLOOD.F TROJAN! Note - this is not the legitimate smss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "Catroot" subfolder | No |
| X | smss | [path to smss.exe] | Added by the ALADINZ.F TROJAN! Note - this is not the legitimate smss.exe process which should NOT appear in Msconfig/Startup! | No |
| X | smss | smss.exe | Added by the AGENT-TR TROJAN! Note - this is not the legitimate smss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder | No |
| X | smss | smss.exe | Added by the BOROBOT-J TROJAN and variants! Note - this is not the legitimate smss.exe process which should not normally figure in Msconfig/Startup! | No |
| X | Smss | ssms.exe | Added by the RBOT.OP WORM! | No |
| X | Smss Host | smhost.exe | Added by the IRCBOT-ACC TROJAN! | No |
| X | smss.exe | csrss.exe | Added by the DALBUG WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | smssLevel4 | smss.exe | Unidentified malware! Note - this is not the legitimate smss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in Program FilesWindows Media PlayerSkinsWindowsMediaSkinDataLevel4 folder | No |
| X | SMSSS | smsss.exe | Added by the SDBOT.ZD WORM! | No |
| X | SMSSS Loader | smsss.exe | Added by the AGOBOT.MQ WORM! | No |
| X | SMSSU | SMSSU.EXE | Added by the STARTPAGE.O TROJAN! | No |
| X | smsys | Explorer.exe | Added by the CLICKER-C BACKDOOR! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in a "Template" subfolder | No |
| X | smsys | vi.exe | Adult content dialler | No |
| U | SMSystemAnalyzer | SMSystemAnalyzer.exe | Part of the Iolo System Mechanic optimization tool | No |
| X | sms_msn | sms_msn.exe | Added by an unknown WORM or TROJAN! | No |
| X | sms_msn40 | sms_msn40.exe | Added by an unknown WORM or TROJAN infection | No |
| U | Smt | SMT.exe | Win-Spy keyboard logger/monitoring software - remove unless you installed it yourself | No |
| N | SMToolbar | SMToolbar.exe | StartMake.com toolbar | No |
| X | SMTP32 Mailing Protocol | smtp32.exe | Added by a variant of the RBOT WORM! | No |
| ? | SmWizard | SmWizard.exe | SmartWizard MFC Application - associated with C-Media who produce audio chipsets commonly used for on-board sound on motherboards. What does it do and is it required? | No |
| X | SM_IAN | ian_monitor.exe | AdvancedCleaner misleading security software - not recommended, see here | No |
| X | SN Messenger | msnmsgr.exe | Added by the RBOT-AVP WORM! Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %System% | No |
| U | SnagIt 8 | SnagIt32.exe | "SnagIt lets you capture, edit, and share exactly what you see on your screen - fast" | No |
| U | Snapfish Media Detector | SnapfishMediaDetector.exe | Snapfish Media Detector - "Upload your photos to Snapfish, where you can store and share your photos for free on line" | No |
| U | SnapfishMediaDetector | SnapfishMediaDetector.exe | Snapfish Media Detector - "Upload your photos to Snapfish, where you can store and share your photos for free on line" | No |
| X | snapple | snapple.exe | Added by the FORBOT-EG WORM! | No |
| ? | snbr | snbr.exe | ?? | No |
| X | snbupt | snbupt.exe | UpSpiralBar adware | No |
| X | sncntr | sncntr.exe | Added by the DLUCA-I TROJAN! | No |
| ? | SNCT511 | vsnct511.exe | Unidentified "Snapshot Viewer"- what does it do and is it required? | No |
| X | SND Volumes | sndvolumes.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | snd332 | snd332.exe | Added by the B1LD0 AIM WORM! | No |
| X | Sndcompat | Sndcompat.exe | Added by the GEMA TROJAN! | No |
| U | sndmi13 | vsndmi13.exe | Driver for DualCam cameras - that combine the best features of a digital still camera and a webcam | No |
| U | SNDMon | SNDMon.exe | Part of Symantec's LiveUpate (eg, Norton). Not required if you run manual updates but probably require if you leave them to run automatically. Also, if one runs a small office network and SNDMon is disabled on one of the computers ? then other computers disappear from the network for this computer, including shared devices like printers and scanners. Hence the "U" recommendation | No |
| X | Sndsaver | Sndsaver.exe | Added by the GEMA TROJAN! | No |
| ? | sndsrvc | SNDSRVC.EXE | Part of Norton Personal Firewall and Norton Internet Security - what does it do and is it required? | No |
| X | SNInstall | [various filenames] | Spy Sheriff/SpywareNO malware, also detected as the SPYHOAX-A TROJAN, pretends to be a spyware remover! - file names spotted sofar include VXH8JKDQ2.EXE, NS6281400.so, CVXH8JKDQ2.EXE, down3.exe, sefe.exe, winstall.exe, and tool2.exe | No |
| U | Snippet | SnippingTool.exe | The Snipping Tool (part of the Experience Pack for Tablet PC) allows you to easily "cut out" anything on screen and share it with other people. The whole screen becomes an "inkable" surface that you can add comments to and mark up however you like. You can then save that annotated image to use later, or send it to someone else in an E-mail message | No |
| U | SNM | SNM.exe | SpyNoMore spyware remover - previously not recommended, see here | No |
| U | SnoopFreeUI | SnoopFreeUI.exe | Anti-keylogging software made by SnoopFree Software | No |
| X | SNP Generic Host Process | svchost.exe | Added by the ZAPCHAS-O TROJAN! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup! | No |
| N | snp2std | vsnp2std.exe | Digital camera related | No |
| ? | snpstd | vsnpstd.exe | Sonix PC Camera Monitor MFC Application. What does it do and is it required? | No |
| ? | SNPSTD2 | vsnpstd2.exe | CameraMonitor MFC Application. Appears to be related to a USB connection to a digital camera -is it required? | No |
| Y | snpstd3 | vsnpstd3.exe | Sonix Inc. Camera Monitor MFC Application | No |
| N | Snsicon | Snsicon.exe | Launches a screensaver program from Second Nature | No |
| X | SNSS.EXE | SNSS.EXE | Nunci premium rate dialer | No |
| X | snvc | snvc.exe | Added by an unidentified WORM or TROJAN! | No |
| ? | SO5 Integrator Pass One | sointgr.exe | StarOffice 5. See here for more details | No |
| ? | SO5 Integrator Pass Two | sointgr.exe | StarOffice 5. See here for more details | No |
| X | Soar | Rwon.exe | PurityScan/Clickspring adware | No |
| X | Social Security Agency | rpcxsocsa.exe | Added by a variant of the RBOT WORM! | No |
| X | Sock32 | sock32.exe | Added by the SDBOT TROJAN! | No |
| X | Socket Utility | svchostz.exe | Added by the DAEMONI-E TROJAN! | No |
| X | Socket Utility | socket.exe | Added by the DAEMONI-E TROJAN! | No |
| Y | SoDA Startup | SodaStartup.exe | Used by the IBM Rational SoDA project management tool. Unsure of it's actual purpose but it's recommended you leave it enabled if you use the software | No |
| N | soffice | SOFFICE.EXE | Displays StarOffice quick start applet in System tray. Right clicking on the icon allows rapid starting up of components of the StarOffice 6.0 suite. Available via Start -> Programs. Automatically started when any StarOffice 6.0 component is started from the Start -> Programs. A resource hog (it eats > 16 MB of memory). | No |
| X | Soft Profile Inc | hxdef.exe... | Added by the LOVGATE.AO WORM! | No |
| X | Soft Profile Inc | hxdef.exe | Added by the LOVGATE.E WORM! | No |
| X | soft2 | ********.exe [* = random digit] | Added by the KARDPHISHER TROJAN! | No |
| U | Softany Monitor Control | MonitorControl.exe | Softany Monitor Control - "control your computer's monitor and screensaver" | No |
| U | SoftGridTray | SFTTray.exe | System Tray access to SoftGrid from Microsoft - "the only virtualization solution that delivers applications that are never installed and dynamically delivered, on demand" | No |
| X | softIce Update 32 | wininits.exe | Added by the RBOT-ANB WORM! | No |
| U | SoftickPPP | PPPGate.exe | Softick PPP is a Microsoft Windows driver that allows to establish PPP session between Palm powered devices and Microsoft Windows desktop computer | No |
| Y | SOFTinst | N/A | For Gilat Communications internet satellite systems. Gilat rescue (Satellite system restore). Required if you have this system. Can cause a BSOD (blue screen of death) if left out | No |
| U | SoftStuff Wallpaper Changer | softstrt.exe | AzureBay wallpaper changer | No |
| X | Software | software.exe | Added by the CRABTON-B TROJAN! | No |
| X | Software Soft Stop | Spyware Soft Stop.exe | SoftStop misleading security software - not recommended, see here | No |
| U | SoftwareStation | station.exe | eAcceleration Stop-Sign security software related. Previously not recommended, see here | No |
| U | SolidWorks Task Scheduler Engine | swBOEngine.exe | Task scheduler for SolidWorks 3D CAD software | No |
| Y | Solo Sentry | Solosent.exe | Solo Antivirus | No |
| U | SoloSchedule | Solocfg.exe | Scheduler for Solo Antivirus. Leave enabled unless you scan manually on a regular basis | No |
| U | SoloSysCheck | Syscheck.exe | Solo antivirus System Integrity Check - Monitors system registry, system.ini, win.ini and startup to protect you from new Internet Worms and Backdoors | No |
| X | somatic | somatic.exe | Searchcentrix hijacker | No |
| X | some | icthis.exe | Added by the ZLOB.MEDIA-CODEC TROJAN! This purports to be a Windows Media Player upgrade (with names such as "iCodecPack", "X Password Manager" and "Media-Codec") to allow the user to view adult oriented videos on certain websites - but actually downloads and installs additional malware on the user's machine. Various directories and filenames are used - see the link for details | No |
| X | some | scit.exe | Added by the ZLOB.MEDIA-CODEC TROJAN! This purports to be a Windows Media Player upgrade (with names such as "iCodecPack", "X Password Manager" and "Media-Codec") to allow the user to view adult oriented videos on certain websites - but actually downloads and installs additional malware on the user's machine. Various directories and filenames are used - see the link for details. This particular one is "NetProject" | No |
| X | some | wcs.exe | Added by the ZLOB.MEDIA-CODEC TROJAN! This purports to be a Windows Media Player upgrade (with names such as "iCodecPack", "X Password Manager" and "Media-Codec") to allow the user to view adult oriented videos on certain websites - but actually downloads and installs additional malware on the user's machine. Various directories and filenames are used - see the link for details | No |
| N | Sonic A3D Control | vrtxctrl.exe | Sound related options | No |
| X | Sonic RecordNow! | smsc.exe | Added by a variant of the SDBOT WORM! | No |
| N | SonicFocus | SFIGUI.EXE | Sonic Focus - "enhances music, movie and game sound by analyzing compressed audio streams in realtime, then restoring and enriching audio back to its original performance qualities" | No |
| N | SoniqueQuickStart | sqstart.exe | Quickstart for the discontinued Sonique audio player. Available via Start -> Programs | No |
| N | SonnReg | SonnReg.exe | Registration for Colorific® and 3Deep® monitor calibration sofware from E-Color. Now superseded by ColorWizzard™ and 3DxWizzard™ | No |
| X | SonudMan | SonudMan.exe | Added by the STARTPAGE.Q TROJAN! | No |
| X | SonudMan | WNILOGON.exe | Added by the QQROB-DC TROJAN! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup! | No |
| X | SonudMon | SonudMon.exe | Added by the LEWOR-J TROJAN! | No |
| N | Sony Ericsson PC Suite | Application Launcher.exe | System Tray accesss to Sony Ericsson PC Suite which "connects your phone to your computer and expands the capabilities of your phone". Start manually via the Start Menu (or optional desktop shortcut) before connecting the phone | Yes |
| N | Sony Ericsson PC Suite | SEPCSuite.exe | System Tray accesss to Sony Ericsson PC Suite which "connects your phone to your computer and expands the capabilities of your phone". Start manually via the Start Menu (or optional desktop shortcut) before connecting the phone | Yes |
| U | SonyPowerCfg | SPMgr.exe | Related to Sony VAIO Power Management Module installed on laptops and provides additional configuration options for these devices | No |
| ? | Soot | rcea.exe | ?? | No |
| ? | sophagnt | sophagnt.exe | Possibly related to Sophocles Screenwriting Software? | No |
| X | SOProc_RegSoAlertWxLiteNnAj | rundll32 shell32.dll, ShellExec_RunDLL [path] soproc.exe | SoftwareOnline Intelligent Downloader - "Bundle engine to enable download of end user approved third party applications and reporting of installs for billing purposes only". Said to monitor user's browsing habits and display pop-up ads | No |
| X | SOS | SOS.exe | Added by the PHILIS VIRUS! | No |
| ? | SoSyncMonitor | SoSyncMonitor.exe | SuperOffice related. What does it do and is it required? | No |
| X | Sound | [path to trojan] | Added by the DROPPER.EAT TROJAN! | No |
| X | Sound Loader | sndloader.exe | Added by the AGOBOT-BV WORM! | No |
| X | Sound services | SOUND32.EXE | Added by the AGOBOT.GG WORM! | No |
| X | Sound System | WinSound1.exe | Added by an unidentified VIRUS, WORM or TROJAN! | No |
| X | Sound Volume | svchosI.exe | Added by a variant of the IRCBOT TROJAN! See here | No |
| X | soundcontrl | soundcontrl.exe | Added by the GAOBOT.AFJ WORM! | No |
| X | sounddrv | sndbdrv3104.exe | CoolWebSearch parasite variant | No |
| ? | SoundFusion | rundll32 cwcprops.cpl | Control panel item for the Terratec DMX Xfire 1024 soundcard (Start -> Settings -> Control Panel) based upon a Cirrus Logic "SoundFusion" DSP. Does it need to run at start-up every time? | No |
| ? | SoundFusion | rundll32 hercplgs.cpl, BootEntryPoint | Control panel item for Hercules Fortissimo soundcards (Start -> Settings -> Control Panel) based upon a Cirrus Logic "SoundFusion" DSP. Does it need to run at start-up every time? | No |
| ? | SoundFusion | RunDll32 cwaprops.cpl, C25CrystalControlWnd | Control panel item for a Terratec soundcard (Start -> Settings -> Control Panel) based upon a Cirrus Logic "SoundFusion" DSP. Does it need to run at start-up every time? | No |
| X | SoundMam | SVOHOST.exe | Added by the QQROB-AAL TROJAN! | No |
| N | soundman | soundman.exe | System Tray icon for the Realtek AC97 Audio Sound Manager for AC97 onboard audio. Available via Start -> Settings-> Control Panel | No |
| X | SoundMan | soundman.exe | Added by the AGOBOT.HM WORM! Note - this is not the legitimate SiS or Realtek file of the same name that is located in the Windows or WINNT directory | No |
| X | SOUNDMAN Microsoft Help | soun.pif | Added by the RBOT-AIU WORM! | No |
| N | SoundMAX | SMax4.exe | System Tray icon for SoundMax integrated sound. Sound properties can be accessed through the Start Menu or Control Panel | No |
| X | SoundMAX | SoundMAX.exe | Added by the RIZON-A WORM! Note - this file is placed in the Startup folder itself, and has NO relation to SoundMax sound cards! | No |
| X | SoundMax Audio Drivers | SndMAX.exe | Added by a variant of the SDBOT WORM! | No |
| U | SoundMAXPnP | SMax4PNP.exe | SoundMax integrated sound. Required if you have custom settings for your sound, such as effects and environments | No |
| X | soundmix | soundmix.exe | Added by the AGENT.PGV WORM! | No |
| X | SoundMixer | smvss.exe | Added by the DEDLER-G TROJAN! | No |
| X | SoundMnEx32 | [path to worm] | Added by the STRATION-FW WORM! | No |
| X | Soundmx | Soundmx.exe | CoolWebSearch Tapicfg parasite variant | No |
| X | soundtask | soundtask.exe | Added by the AGOBOT-MD WORM! | No |
| X | soundtasks | soundtasks.exe | Added by a variant of the CRYPTER.C TROJAN! | No |
| X | soundtctrls | soundtctrls.exe | Added by the AGOBOT-ZV WORM! | No |
| X | SoundView | msdview32.exe | Trojan downloader | No |
| X | sounofts | sounofts.exe | Added by the AGOBOT-ND WORM! | No |
| X | sountskmanager | sountaskmgr | Added by an unidentified WORM or TROJAN! | No |
| N | SourcePath | gwreg.exe | Used to update Gateway registry settings for System Restoration Kit and Web update programs | No |
| X | sp | sp.reg | IE search hijacker - changes the default search to http://www.gocybersearch.com/ | No |
| X | sp | regedit-s .... sp.dll | Malicious javascript annoyance that changes the default search engine in IE to one of many including "topsearcher". See here for more and a fix | No |
| X | sp | se.dll,DllInstall | STARTPAGE.M hijacker | No |
| X | sp | rundll32 (Path to Trojan DLL), DllInstall | Added by the ABLANK-W and ABLANK-Z TROJANS! | No |
| U | SP TimeSync | SP TimeSync.exe | SP TimeSync lets you synchronize your computer's clock with any Internet atomic clock (time server) | No |
| X | SP00LSV | Sp00lsv.exe | Added by the GRAYBIRD.E TROJAN! | No |
| U | SP2 Connection Patcher | SP2ConnPatcher.exe | Changes limit of concurrent TCP connections of Windows Service Pack 2 | No |
| X | SP2 data | [path] repcale.exe [path] apc.exe | Added by a variant of the RANDON.AN WORM! | No |
| X | SP2 Firewall/Internet Updater | crssrs.exe | Added by the RBOT.BJO WORM! | No |
| X | sp2chk.exe | sp2chk.exe | Added by the ALUROOT.A TROJAN! | No |
| X | sp2ctr | sp2ctr.exe | Added by the DLUCA-M TROJAN! | No |
| X | sp2fwxp | sp2fwxp.exe | Added by the SMALL.ABW TROJAN! | No |
| X | sp2svc | sp2svc.exe | Added by a variant of the RBOT WORM! | No |
| X | sp2update | sp2update.exe | SP2Update adware! Tracks URLs visited and search terms entered into Internet Explorer | No |
| X | Spam Blocker for Outlook Express | SBInst.exe | Hotbar adware | No |
| X | SPAM FIREWALL | mfirewall.exe | Added by the SDBOT.AOU WORM! | No |
| U | Spam Monitor | SpamMonitor.Exe | System Tray access to Spam Monitor from PC Tools - which "is an easy-to-use spam filter that detects and isolates unsolicited junk mail sent to your mailbox. Designed for computer users, not experts, Spam Monitor's step-by-step wizard configures your PC with the safest anti-spam settings automatically" | Yes |
| U | Spam Sleuth | SpamSleuth.exe | Spam Sleuth E-mail spam detection program | No |
| X | SpamBlocker | SbOEAddOn.exe | Hotbar adware | No |
| U | SPAMfighter Agent | SFAgent.exe | SPAMfighter anti email spam filter | No |
| U | spamihilator | spamihilator.exe | Spamihilator - spam filter | No |
| U | SpamMonitor | SpamMonitor.Exe | System Tray access to Spam Monitor from PC Tools - which "is an easy-to-use spam filter that detects and isolates unsolicited junk mail sent to your mailbox. Designed for computer users, not experts, Spam Monitor's step-by-step wizard configures your PC with the safest anti-spam settings automatically" | Yes |
| U | SpamMonitor Application | SpamMonitor.Exe | System Tray access to Spam Monitor from PC Tools - which "is an easy-to-use spam filter that detects and isolates unsolicited junk mail sent to your mailbox. Designed for computer users, not experts, Spam Monitor's step-by-step wizard configures your PC with the safest anti-spam settings automatically" | Yes |
| U | SpamPal | spampal.exe | SpamPal - anti-spam tool | No |
| U | SpamSubtract | SpamSubtract.exe | Intermute SpamSubtract - junk email detection and removal program | No |
| U | spamsubtract | SpamSub.exe | InterMute™ SpamSubtract - junk email detection and removal program. InterMute™ is now part of Trend Micro and their products are no longer supported | No |
| U | Spare Backup | SpareBackup.exe | Spare Backup - "Once Spare Backup is installed, backups are automatic. With Spare Backup it's easy, you don't even have to select files for backup, Spare Backup does it for you" | No |
| U | Spark | Spark.exe | Spark instant messaging client | No |
| N | SparVoip | SparVoip.exe | SparVoip - free internet telephony utility using the VoIP (Voice over Internet Protocol). Call online friends for free and regular phones either for free (limited use) or low rates. One of a number provided by Betamax - the others generally have different rate plans. Similar to the more popular Skype | No |
| X | spa_start | Rundll32.exe spads.dll | IconAds adware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "spads.dll" file is located in the Winnt or Windows folder | No |
| X | spa_start | Rundll32.exe sprt_ads.dll | Superiorads adware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "sprt_ads.dll" file is located in %System% | No |
| ? | SPC610NC_Monitor | Monitor.exe | Related to the Philips SPC610NC webcam. What does it do and is it required? | No |
| N | spc_w | hcm.exe | NetZero Search Enhancement related | No |
| N | spc_w | blspc.exe | NetZero Search Enhancement related | No |
| N | spc_w | nzspc.exe | NetZero Search Enhancement related | No |
| N | Spdstart | Spdstart.exe | Norton Utilities Speed Start. "This feature optimizes the start up speed of launching applications, such as Word and Excel." | No |
| U | Speaking Clock Deluxe | SpClDlx.exe | Speaking Clock Deluxe - turns your computer into a speaking clock with several languages. It can also keep track of up to 50 alarms that can be set to a time and a date, and be repeated daily, weekly, monthly and yearly | No |
| X | Special Firewall Service | avguard.exe | Added by the NETSKY.G WORM! Note - do not confuse with AntiVir® antivirus which uses the same filename. This one is located in %Windir% | No |
| X | SpecialOffers | SpecialOffers*.exe [* = digit] | SpecialOffers adware | No |
| X | SpecialOffers | SpecialOffers.exe | SpecialOffers adware | No |
| X | specific | specixic.exe | Added by a variant of the SDBOT WORM! | No |
| N | Speed racer | CTSRReg.exe | Software for a Creative sound card | No |
| U | Speed Tec | speedtec.exe | Accel SpeedTec from Montana Software speeds up your modem. SpeedTec modifies the Internet Protocol settings in the Windows registry to speed downloads on all modems. If you find this improves your connectivity and download speeds leave this enabled | No |
| N | SpeedBitVideoAccelerator | VideoAccelerator.exe | "SpeedBit Video Accelerator makes videos from YouTube and over 150 sites stream faster and play smoother by reducing buffering problems and video interruptions or hiccups" | No |
| X | SpeedBoss | [worm filename] | Added by the OPASERV.AD WORM! | No |
| U | SpeedItUp | SPEEDITUP.EXE | Speed It Up - "all in one Speed Booster designed to significantly increase the speed of your computer and boost your PC available memory". Installs PC-Checkup and Search Defender (which is detected by DrWeb as the STARTPAGE.ORIGIN TROJAN) without permission | No |
| U | SpeedItUpEX | SpeedItUpEx.exe | "Speed-It-Up Extreme is designed to speed of your computer up to 3 times faster and boost your PC available memory" | No |
| U | Speedkey | SPEEDKEY.EXE | Additional keyboard shortcuts on MS programmable keyboard | No |
| U | SpeedMeter | SpeedMeter.exe | Application measuring upload and download speed | No |
| U | SpeedOptimizer | spo.exe | SpeedOptimizer is designed to optimize and speed-up your Internet data transmission including browsing, streaming, downloading, uploading and e-mail communication | No |
| U | Speedport W 100 Stick WLAN Manager | Wifiusb.exe | Wireless management utility for the Speedport W 100 Stick WLAN USB stick | No |
| X | SpeedRunner | SpeedRunner.exe | Identified as a variant of the TrojanDownloader.Matcash malware | No |
| U | SpeedswitchXP | SpeedswitchXP.exe | SpeedswitchXP is a CPU frequency control for notebooks running Windows XP | No |
| U | Speedtouch USB Diagnostics | Dragdiag.exe | For an external Alcatel ADSL high-speed modem. A diagnostic tool and can be run from the Start menu when required. The only reason it might be useful on startup is if you like seeing an 'at-a-glance' status indicator on the taskbar (the icon is a different colour depending on the status of the device/line) | No |
| U | SpeedUpMyPC | speedupmypc.exe | Older version of SpeedUpMyPC from Uniblue - which "lets you monitor and control all your PC resources with easy, one click instructions. System settings, internet usage, disk clutter, RAM and CPU are all automatically scanned, cleaned and optimized for peak performance" | No |
| X | Spees1 | speedy.scr | Added by the OPASERV.Y WORM! | No |
| X | Spees2 | Speedy.bat | Added by the OPASERV.AD WORM! | No |
| X | Spees3 | SPEEDY.PIF | Added by the OPASERV.AD WORM! | No |
| N | Spellex Anywhere | sa.exe | Spellex-Anywhere - adds spell checking functionality to almost any Window program. Create a shortcut and run manually before it's to be used | No |
| U | Spiceworks | spicetray_silent.exe | System Tray access to Spiceworks - which "combines everything you need to manage IT in one easy-to-use application" | No |
| Y | SpIDerMail | spiderml.exe | DrWeb antivirus Spider Mail e-mail scanner | No |
| N | Spinner Plus | spinner.exe | "Spinner Plus lets you listen to over 100 channels of music broadcast from Spinner.com. Spinner Plus uses RealNetwork's G2 technology to provide high-quality online audio. The technology adjusts the audio streaming to match your Internet connection speed, which helps eliminate sound distortion or choppiness". Available via Start -> Programs | No |
| X | SPINX | Wscript.exe OXNEY.B.VBS | Added by the YENO.B and YENO.C WORMS! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted. The "OXNEY.B.VBS" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| ? | SPIRun | Rundll32 SPIRun.dll, RunDLLEntry | Related to Creative audio products. What does it do and is it required? | No |
| X | SPnt | SPnt.exe | Premium rate adult content dialler | No |
| U | SpokeSysTray | SpokeSysTray.exe | Spoke Software client application. Spoke "uses data in your e-mail and other enterprise information systems to discover the existing relationships of people in your enterprise. It then builds a private, secure relationship network for each user without any additional manual data entry" | No |
| X | spoo1sv | spoo1sv.exe | Added by the SOULJET TROJAN! | No |
| X | Spool | [path to trojan] | Added by the RANKY.R TROJAN! | No |
| X | Spool | wys.exe | WhileUSurf adware | No |
| X | SPOOL Configuration | spoolsvc.exe | Added by the SDBOT-KD WORM! | No |
| X | Spool Loader | spool.exe | Added by a variant of the RBOT WORM! | No |
| X | Spool LoadKIt | spoolv.exe | Added by a variant of the RBOT WORM! | No |
| X | Spool lptt01 | spool.exe | RapidBlaster variant (in a "spool" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here | No |
| X | Spool Manager | spoolsrv.exe | Added by the BANKER-FR TROJAN! | No |
| X | Spool ml097e | spool.exe | RapidBlaster variant (in a "spool" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here | No |
| X | Spool32 | pool32.exe | Added by the ASSASIN-F TROJAN! | No |
| X | spoolax | [path to trojan] | Added by the PERDA-D TROJAN! | No |
| X | Spooler Host | smhost.exe | Added by the IRCBOT.BSQ BACKDOOR! | No |
| X | Spooler Service | Spoolsrv.exe | Added by the JOINER.C1 TROJAN! | No |
| X | Spooler Subsystem | spoolsub.exe | Added by the SDBOT-ABG TROJAN! | No |
| X | Spooler SubSystem App | spoolsvc.exe | Added by the POEBOT-J WORM! | No |
| X | Spooler SubSystem App | spooIsv.exe | Added by the LINKBOT.M WORM! | No |
| X | Spooler SubSystem Application | localsvc.exe | Added by the DLOADER-NY TROJAN! | No |
| X | Spooler SubSystem Application | netsvc.exe | Added by the DLOADER-NY TROJAN! | No |
| X | Spooler SubSystem Application | spoolsvc.exe | Added by the DLOADER-NY TROJAN! | No |
| X | Spooler SubSystem Application | svcadmin.exe | Added by the DLOADER-NY TROJAN! | No |
| X | Spooler SubSystem Application | svcman.exe | Added by the DLOADER-NY TROJAN! | No |
| X | Spooler SubSystem Application | svcrun.exe | Added by the DLOADER-NY TROJAN! | No |
| X | Spooler SubSystem Application | tcpsvc.exe | Added by the DLOADER-NY TROJAN! | No |
| X | Spooler SubSystem Application | websvc.exe | Added by the DLOADER-NY TROJAN! | No |
| X | Spooler Subsytem App | spoolsvc.exe | Added by the SDBOT-MM WORM! | No |
| X | SpoolerSubSystemProcess | SpooI32.exe | Added by the EHKS.21 keylogger! Note - the "I" between "o" and "3" is a capital "i" not a lower case "L" | No |
| X | spoolms | spoolms.exe | Added by the LEGMIR-ARO TROJAN! | No |
| X | Spools Service Controller | spools.exe | Added by the KASSBOT-C WORM! | No |
| X | spoolserv | spoolserv.exe | Added by the SDBOT-PN WORM! | No |
| X | SpoolService | spolsv.exe | Added by the AGOBOT-CS WORM! | No |
| X | spoolsrv.exe | spoolsrv.exe | Added by an unidentified WORM or TROJAN! Located in %System% | No |
| X | Spoolsv | Spoolsv.exe | Added by the CIADOOR.121 VIRUS! Note - this is not the legitimate spoolsv.exe which is always located in %System%. This one is located in %Windir% | No |
| X | spoolsv | scvhosts.exe | Added by the SMALL-AW TROJAN! | No |
| X | spoolsv | svchost.exe | Added by the DLOADER-FI TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\HELP | No |
| X | spoolsv | spoclsv.exe | Added by the FUJACKS-M WORM! | No |
| X | spoolsv | spoolsv.exe | Added by the ZAPCHAS-EE TROJAN! Note - this is not the legitimate spoolsv.exe which is always located in %System%. This one is located in %Windir%\Temp\spoolsv | No |
| X | spoolsv | spoolvs.exe | Identified by Kaspersky antivirus as a variant of the QHOST.AES TROJAN! | No |
| X | spoolsv | spoolsv.exe | Added by the ANTINNY-BH WORM! Note - this is not the legitimate spoolsv.exe which is always located in %System%. This one is located in %ProgramFiles%\Messenger | No |
| X | spoolsv | spoolsv.exe | Added by the OURXIN.C TROJAN! Note - this is not the legitimate spoolsv.exe which is always located in %System%. This one is located in a "spoolsv" subfolder | No |
| X | Spoolsv | spoolsv.exe | Added by the ANTINNY.F WORM! Note - this is not the legitimate spoolsv.exe which is always located in %System%. This one is located in %Program Files%\Lotus | No |
| X | spoolsv manager | SpoolMgr.exe | Added by the ASSIRAL WORM! | No |
| X | spoolsv service | spoolsv32.exe | Added by the RBOT-AHP WORM! | No |
| X | spoolsv.exe | [random filename] | Added by the RBOT-JB WORM! | No |
| X | SPOOLSV32 | SPOOLSV32.EXE | Added by the CWS-I or HAZIF-B TROJANS! | No |
| X | SPOOLSV32.exe | SPOOLSV32.exe | Added by the STARTPAGE.O TROJAN! | No |
| X | spoolsvc | spoolsvc.exe | Added by the DROPPER-AT TROJAN! | No |
| X | spoolsvr | SPOOLSVR.EXE | Added by the RAYROB.A TROJAN! | No |
| X | spoolsvr32 | csmss.exe | Added by the AGENT-AU TROJAN! | No |
| X | spoolsvr32 | csmss32.exe | Added by a variant of the AGENT-AU TROJAN! | No |
| X | spoolsvs | wintre.exe | Added by the SDBOT.EGQ WORM! | No |
| X | spoolsvs | wincfy.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| X | spoolsvs.exe | spoolsvs.exe | Added by the DLOADER-RK TROJAN! | No |
| X | SPOOLSVU | SPOOLSVU.EXE | Added by the STARTPAGE.K hijacker | No |
| X | spoolsvv | spoolsvv.exe | Searchcentrix hijacker | No |
| X | Spoolvs | spoolvs.exe | Added by the SDBOT.AUS WORM! | No |
| X | Spore | MsNews.vbs | Added by the SORPE.A WORM! | No |
| X | Spore.b | Scmhlpr.vbs | Added by the SORPE.B WORM! | No |
| ? | SPP | run.exe | ?? | No |
| X | spp | regedit -s spp.reg | IE search hijacker - changes the default search to http://www.hotsearchbox.com/ie/ | No |
| ? | sppbridge | sppbridge.exe | Associated with an Anycom bluetooth wireless card on laptops - used for printing to portable printers for example. Is it required or can it be started manually? | No |
| ? | SprintPort | SprintPortA.exe | Novatel wireless modem related. What does it do and is it required? | No |
| U | SpriteService | SpriteService.exe | Sprite Backup is a backup application for Windows Mobile Pocket PC or Smartphone | No |
| X | Sproc32 | sproc32.exe | Added by the SPROCIT TROJAN! | No |
| X | sprof | sprof.exe | Detected by Kaspersky as the FRAUDLOAD.VATF TROJAN! See here | No |
| U | sprtcmd | sprtcmd.exe | Self-help support tool for a number of high-speed internet providers and computer suppliers such as Comcast, Qwest and Dell. Identifies and automatically fixes typical problems that may occur with your high-speed internet service. Provided by SupportSoft, Inc | No |
| X | Spruce - Auto Update | Spruce.exe | Rabio "Search Enhancer" adware variant | No |
| U | SPSTEALT | SmartProtectorPro.exe | Smart Protector Pro - internet privacy tool that erases tracks, MRU lists, etc | No |
| ? | spstore | storesp.exe | Softprobe - program designed to provide managers with an analysis of an individuals computer use who are under their supervision. This program is NOT related to Winpup | No |
| U | Spy Blocker | spyblocker.exe | SpyBlocker blocks the communications of spyware installed on a PC so spyware runs but can't exchange data with the server to which it should report. Ensuring spyware can't communicate is important, as you may find after using Ad-Aware that some applications containing spyware subsystems may not run correctly or at all | No |
| U | Spy Protector | SpyProtector.exe | Included in the full version of Security Task Manager, Spy Protector prevents keyboard and mouse monitoring, warns when the registry is changed and eliminates internet activity and work traces | No |
| X | Spy Protector | srcss.exe | SpyProtector rogue security suite - not recommended, removal instructions here | No |
| X | Spy-Control | Spy-Control.exe | Spy-Control spyware remover - not recommended, see here | No |
| U | Spy-Keylogger | skl.exe | SpyKeylogger keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| X | SpyAway | spyaway.exe | SpyAway spyware remover - not recommended, see here | No |
| X | SpyAxe | spyaxe.exe | SpyAxe spyware remover - not recommended, see here. For removal instructions see here | No |
| X | SpyBan | SpyBan.exe | SpyBan spyware remover - not recommended, see here | No |
| X | SpyBlast | SpyBlast.exe | Spyware killer that is in effect autoinstalled foistware, targeted by SpyBot, among others | No |
| U | SpyBlocker | spyblocker.exe | SpyBlocker blocks the communications of spyware installed on a PC so spyware runs but can't exchange data with the server to which it should report. Ensuring spyware can't communicate is important, as you may find after using Ad-Aware that some applications containing spyware subsystems may not run correctly or at all | No |
| X | SpyBlocs | SpyBlocs.exe | SpyBlocs spyware remover - not recommended, see here | No |
| X | SpyBlocs3.0 | SpyBlocs3.0.exe | SpyBlocs spyware remover - not recommended, see herea> | No |
| Y | Spybot - Search & Destroy | TeaTimer.exe | Part of the popular Spybot - Search & Destroy spyware removal tool from Safer Networking Limited. "Resident TeaTimer is a tool of Spybot-S&D which perpetually monitors the processes called/initiated. It immediately detects known malicious processes wanting to start and terminates them giving you some options, how to deal with this process in the future". Also provides System Tray access to Spybot S&D and detects when processes want to change critical registry settings such as the startup entries - giving the user the option to allow/deny the change | Yes |
| U | Spybot-S&D | SpybotSD.exe | Main program part of the popular Spybot - Search & Destroy spyware removal tool from Safer Networking Limited. A number of other options are available if this runs at start up (enabled under Mode → Advanced : Settings → Settings → Automation → System Start) - including autocheck, autofix and autoclose | Yes |
| Y | SpybotDeleting***** | [cmd or command] /c del [path] [filename] | Generated by Spybot Search & Destroy if it encounters files that cannot be deleted during runtime because they are locked by other processes. For example, C:\WINDOWS\SchedLgU.Txt is the scheduler log file and is locked by Windows as long as it runs. For operating system compatibility reasons the autorun entries are generated with cmd and command. These entries should be left alone and will be removed on the next reboot/login. **** represents a combination of a single letter and up to 4 numbers | No |
| U | SpybotSD | SpybotSD.exe | Main program part of the popular Spybot - Search & Destroy spyware removal tool from Safer Networking Limited. A number of other options are available if this runs at start up (enabled under Mode → Advanced : Settings → Settings → Automation → System Start) - including autocheck, autofix and autoclose | Yes |
| Y | SpybotSD TeaTimer | TeaTimer.exe | Part of the popular Spybot - Search & Destroy spyware removal tool from Safer Networking Limited. "Resident TeaTimer is a tool of Spybot-S&D which perpetually monitors the processes called/initiated. It immediately detects known malicious processes wanting to start and terminates them giving you some options, how to deal with this process in the future". Also provides System Tray access to Spybot S&D and detects when processes want to change critical registry settings such as the startup entries - giving the user the option to allow/deny the change | Yes |
| U | SpybotSnD | SpybotSD.exe | Main program part of the popular Spybot - Search & Destroy spyware removal tool from Safer Networking Limited. A number of other options are available if this runs at start up (enabled under Mode → Advanced : Settings → Settings → Automation → System Start) - including autocheck, autofix and autoclose | Yes |
| X | Spybott lptt01 | spybott.exe | RapidBlaster variant (in a "Spybott" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here | No |
| X | Spybott ml097e | spybott.exe | RapidBlaster variant (in a "Spybott" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here | No |
| X | SpyBurner | SpyBurner.exe | SpyBurner spyware remover - not recommended, see here | No |
| X | SpyClean | 1ClickSpyClean.exe | 1 Click Spy Clean uses a database that was stolen from SpybotS&D. Not recommended, see here | No |
| X | SpyClean | SpyClean.exe | SpyClean spyware remover - not recommended, see here | No |
| U | SpyCop ScanCheck | MAIN.EXE | SpyCop surveillance software detection - checks to see when your machine was last scanned and if it was more than a week asks if you want to scan | No |
| U | SpyEmergency | SpyEmergency.exe | SpyEmergency security software from Netgate | No |
| X | SpyEx | Winllogo.exe | Added by the PRSKEY-A WORM! | No |
| X | SpyFighterMonitor | SpyFighter.exe | SpyFighter spyware remover - not recommended, see here | No |
| X | SpyFighterUpdate | AutoUpdate.exe | SpyFighter spyware remover - not recommended, see here | No |
| X | SpyGuarder | spyguarder.exe | SpyGuarder spyware remover - not recommended, see here | No |
| X | SpyHealer | SpyHealer.exe | Spyware remover - not recommended, see here | No |
| X | SpyHeals | SpyHeals.exe | Smitfraud variant | No |
| X | SpyHunter | SpyHunter.exe | Enigma SpyHunter - not recommended, see note | No |
| U | Spykiller | Spykiller.exe | Spyware remover - older versions are not recommended, see here | No |
| X | SpyLax | SpyLax.exe | SpyLax spyware remover - not recommended, see here | No |
| X | SpyLocked | SpyLocked.exe | SpyLocked spyware remover - not recommended, see here | No |
| X | SpyLocked 4.3 | SpyLocked 4.3.exe | SpyLocked spyware remover - not recommended, see here | No |
| X | SpyMaxx | SpyMaxx.exe | SpyMaxx spyware remover - not recommended, see here | No |
| X | SpyMedic | SpyMedic.exe | SpyMedic spyware remover - not recommended, see here | No |
| X | SpyNuker | Spynuker.exe | A "spyware removal program" by TrekBlue, which is being heavily advertised through junk e-mail from its affiliates and misleading fake-dialogue-box web advertising. This is the same company as E-mail marketers 'TrekData' and 'Blue Haven Media', who distribute spyware through ActiveX drive-by-download on web pages | No |
| X | SpyOnThis Monitor | SpyOnThisMonitor.exe | SpyOnThis Monitor spyware remover - not recommended, see here | No |
| X | spyprodetector | spydetector.exe | Spyware Process Detector misleading security software - not recommended | No |
| X | SpyPry | SpyPry.exe | SpyPry spyware remover - not recommended, see here | No |
| X | SpyQuake2.com | Spy-Quake2.exe | SpyQuake2 spyware remover - not recommended, see here | No |
| X | SpyRid | Spy-Rid.exe | SpyRid spyware remover - not recommended, see here | No |
| X | SpySheriff | SpySheriff.exe | SpySheriff malware | No |
| X | SpyShredder | SpyShredder.exe | SpyShredder spyware remover - not recommended, see here | No |
| X | SpySpotter | SpySpotter.exe | SpySpotter spyware remover - not recommended, see here | No |
| X | SpySpotter System Defender | Defender.exe | SpySpotter spyware remover - not recommended, see here | No |
| U | SpyStopper | spystopper.exe | SpyStopper - blocks intrusive spyware, Web bugs, worms, scripts, advertisements, and cookies. Protects you from being profiled and tracked | No |
| U | SpySubtract | SpySub.exe | SpySubtract - multi spyware removal tool | No |
| U | SpySweeper | SpySweeper.exe | Spy Sweeper - detects and removes spyware | No |
| U | SpySweeper | SpySweeperUI.exe | Spy Sweeper - detects and removes spyware | No |
| U | SpySweeperEnterprise | SpySweeperUI.exe | User interface for Spy Sweeper Enterprise edition - "a centrally managed, scalable enterprise solution that provides best of breed protection against all types of malicious spyware, adware, and other harmful intruders" | No |
| X | SpyTrooper | SpyTrooper.exe | SpyTrooper rogue spyware remover - not recommended, see here | No |
| X | Spyware | Spyware.exe | BPS spyware remover - not recommended, see here | No |
| U | Spyware Begone | SpywareBeGone.exe | Spyware BeGone - spyware remover. Previously not recommended, see here | No |
| U | Spyware Begone | freescan.exe | Spyware BeGone - spyware remover. Previously not recommended, see here | No |
| Y | Spyware Doctor | spydoctor.exe | Older version of Spyware Doctor antispyware from PC Tools | No |
| Y | Spyware Doctor | swdoctor.exe | Older version of Spyware Doctor antispyware from PC Tools | No |
| U | Spyware Guard Control Panel | spywareguardcp.exe | "SpywareGuard provides a real-time protection solution against spyware" | No |
| U | Spyware Nuker | swn2.exe | Spyware remover by TrekBlue. Previously not recommended but the latest version was delisted here | No |
| U | Spyware Nuker Installer | SpywareNukerInstaller.exe | Spyware remover by TrekBlue. Previously not recommended but the latest version was delisted here | No |
| X | Spyware remover | Remove_spyware.exe | Unidentified, but not known to belong to any known spyware remover, and strongly suspected to be adware related! | No |
| N | Spyware Scanner | AseScanner.exe | Aluria Software's spyware removal tool - we can't really recommend this product as Aluria have recently partnered with WhenU, the well known adware company, see here and here | No |
| U | SpyWare Shield | Shield.exe | Acronis Privacy Expert Spyware Shield prevents spyware and other suspicious programs from being installed on PCs | No |
| X | Spyware Slayer | SpywareSlayer.Exe | Spyware Slayer spyware remover - not recommended, see here | No |
| X | Spyware Soft Stop | Spyware Soft Stop.exe | SoftStop misleading security software - not recommended, see here | No |
| X | Spyware Stormer | SpywareStormer.Exe | Spyware Stormer spyware remover - not recommended, see here | No |
| X | Spyware Striker Pro | SpywareStriker.exe | Ascentive Spyware Striker Pro rogue spyware remover - not recommended, see here | No |
| X | Spyware Sweeper | SpywareSweeper.exe | SpywareSweeper spyware remover - not recommended, see here | No |
| U | Spyware Vanisher | FreeScanner.exe | Spyware Vanisher - spyware remover. Previously not recommended, see here | No |
| U | Spyware Vanisher | SpywareVanisher.exe | Spyware Vanisher - spyware remover. Previously not recommended, see here | No |
| Y | Spyware X-terminator | SpywareX.exe | Spyware X-terminator antispyware from StompSoft, Inc - no longer available since StompSoft were acquired by Migo Software Inc | No |
| X | Spyware-Cop | Spyware-Cop.exe | Spyware-Cop spyware remover - not recommended, see here | No |
| X | SpywareBomb | SpywareBomb.exe | SpywareBomb spyware remover - not recommended, see here | No |
| X | SpywareBot | SpywareBot.exe | SpywareBot spyware remover - not recommended, see here | No |
| U | spywarefighterguard | spfprc.exe | Spyware Fighter - anti spyware program | No |
| Y | SpywareGuard | sgmain.exe | "SpywareGuard provides a real-time protection solution against spyware" | No |
| X | SpywareGuard | winproc32.exe | Startpage adware Trojan | No |
| X | SpywareGuard | deinst_qfe001.exe | Added by a variant of the Win32.Small TROJAN! - Do NOT confuse with the legitimate SpywareGuard application | No |
| X | spywareguard | spywareguard.exe | Spyware Guard 2008 rogue spyware remover - not recommended, removal instructions here. Note - do not confuse with the legitimate SpywareGuard application | No |
| X | Spywareguard lptt01 | Spywareguard.exe | RapidBlaster variant (in a "Spyguard" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here | No |
| X | Spywareguard ml097e | Spywareguard.exe | RapidBlaster variant (in a "Spyguard" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here | No |
| X | SpywareGuardPlus | winmm64.exe | StartPage.ht homepage hijacker | No |
| X | spywareisolator | spywareisolator.exe | SpywareIsolator spyware remover - not recommended, see here | No |
| X | SpywareKilla | SpywareKilla.exe | SpywareKilla spyware remover - not recommended, see here | No |
| X | SpywareLocked | SpywareLocked.exe | SpywareLocked spyware remover - not recommended, see here | No |
| X | SpywareLocked 3.5 | SpywareLocked 3.5.exe | SpywareLocked spyware remover - not recommended, see here | No |
| X | SpywareNo | SpywareNo.exe | SpywareNo spyware remover - not recommended, see here | No |
| X | SpywareQuake | SpywareQuake.exe | SpywareQuake spyware remover - not recommended, see here | No |
| X | SpywareRemover | SpywareRemover.exe | SpywareRemover spyware remover - not recommended, see here | No |
| X | SpywareRemover2009 | SR.exe | SpywareRemover 2009 rogue spyware remover - not recommended, removal instructions here | No |
| X | SpywareStop | SpywareStop.exe | SpywareStop rogue spyware remover - not recommended, see here | No |
| X | SpywareStrike | SpywareStrike.exe | SpywareStrike spyware remover - not recommended, see here | No |
| X | SpywareSweeper | SpywareSweeper.exe | SpywareSweeper spyware remover - not recommended, see here | No |
| U | SpywareTerminator | SpywareTerminatorShield.exe | Spyware Terminator - spyware remover. Initially not recommended due to false positives but the later versions have since improved - see here | No |
| X | SPYWATCH | SpyWatch.exe | BPS spyware remover - not recommended, see here | No |
| X | SpyWatchE | SpyWatchE.exe | SpyWatchE spyware remover - not recommended, see here | No |
| X | SQConfigChecker | cc.exe | Xupiter SQWire toolbar related. Use Spybot S&D, Adware or similar to detect and remove and to prevent it re-installing in the future see here | No |
| X | SQInstaller | SQInstaller.exe | Xupiter SQWire toolbar related. Use Spybot S&D, Adware or similar to detect and remove and to prevent it re-installing in the future see here | No |
| X | SQL | server.exe | Added by the PUNYA-B WORM! | No |
| N | SQL Server | scm.exe | SQL Server Service Control Manager. Available via Start -> Programs | No |
| X | SQL Server Service | sql.exe | Added by the RBOT-ADF | No |
| X | sqservices | wins32.exe | Added by the PROGENT-B TROJAN! | No |
| X | SQUpdatesChecker | uc.exe | Xupiter SQWire toolbar related. Use Spybot S&D, Adware or similar to detect and remove and to prevent it re-installing in the future see here | No |
| X | sqvynikp | sqvynikp.exe | Free_Scratch_Cards foistware | No |
| Y | SR Agent | AGENTSVC.EXE | Related to Secure Resolutions - desktop virus protection | No |
| Y | Sr Agent | SrLogon.exe | Related to Secure Resolutions - desktop virus protection | No |
| ? | sr1exe | updtSup3.exe | Found on a Dell computer in Documents and Settings\All Users\Application Data\DellAlert2 | No |
| X | sr64 | [path to trojan] | Added by the AGENT.X TROJAN! | No |
| X | SrchfstUpdate | srchupdt.exe | SearchFast adware downloader | No |
| X | sre | rundll32.exe sre.dll, Register | CoolWebSearch parasite variant - also detected by Kaspersky as the AGENT.FC TROJAN! | No |
| ? | srePostpone | rundll32.exe [path] srescan.dll, DoSpecialAction | Related to ZoneAlarm. What does it do and is it required? | No |
| ? | SRFirstRun | rundll32 srclient.dll, CreateFirstRunRp | Created by execution of the Windows XP sr.inf file, which installs the Windows XP System Restore feature, needed for example when installing System Restore into Windows Server 2003. Does this indeed need to run at every bootup? | No |
| U | Srmclean | srmclean.exe | Srmclean helps in the installation and execution of the SoundMax SoftPaq for Compaq/ADI SoundMax Integrated Digital Audio. According to Compaq - "If you disable the entry from loading into startup, then you will not be able to use the features of the sound card" | No |
| X | SRNG | srng.exe | ShopNavSearch.Srng search hijacker | No |
| U | SRP Startup | srrpro.exe | System Restore Remover Pro allows you to safely and easily remove System Restore and various other Windows Millennium "features". This is enabled if you tick the "Remove unnecessary System Restore information on startup" box. Available via Start -> Settings -> Control Panel | No |
| Y | SRS Applet | SrsTray.Exe | S3 Sonic Vibes sound card drivers - if disabled you loose sound | No |
| U | SRS Audio Sandbox | SRSSSC.exe | SRS Audio Sandbox "provide amazing audio immersion and maximum thump for a personalized audio experience!" | No |
| X | srshost.exe | srshost.exe | Added by a variant of the RBOT-ASW WORM! | No |
| U | SRUUninstall | msiexec.exe | Symantec Network Driver Update - part of LiveUpdate | No |
| X | Srv Host | srvhost.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Srv RPCrom | NClienti386.exe | Added by the WATSOON.A TROJAN! | No |
| X | Srv32 | Srv32.exe | Added by the OPASERV.J WORM! | No |
| X | Srv32 | Srv32.exe | Added by the OPASERV.S WORM! | No |
| X | Srv32 spool service | runsrv32.exe | Topantispyware.com malware - detected by Kaspersky as the SPYRE.B TROJAN! | No |
| X | Srv32 spool service | spoolsrv32.exe | Added by the SPYRE-B TROJAN! | No |
| X | Srv32 spool service | [path to trojan] | Added by the DLOADER-LB TROJAN! | No |
| X | Srv325 | Srv325.exe | Added by the AGOBOT-PR WORM! | No |
| X | Srv32Old | [worm filename].PIF | Added by the OPASERV.J WORM! | No |
| U | Srv32Win | SpyAgent4.exe | SpyAgent - monitoring software that creates records of everything people do on a computer, ie, spying or monitoring depending upon how you call it | No |
| U | Srv32Win | Svchost.exe | Realtime-Spy keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| U | Srv32Win | sysdiag.exe | SpyAgent surveillance software. Uninstall this software unless you put it there yourself | No |
| U | srv32win | win16dll.exe | Screenspy captures screenshots silently. If you didn't install this yourself remove it | No |
| X | Srvce Pack Updte | svcpack.exe | Added by a variant of the RBOT WORM! | No |
| X | srvexc.exe | srvexc.exe | Added by the SERVSAX TROJAN! | No |
| X | srvhost | srvhost.exe | Added by the LIVUP.A BACKDOOR! | No |
| U | srvprc | srvprc.exe | ActMon surveillance software. Uninstall this software unless you put it there yourself | No |
| N | srxTray | srxTray.exe | Titan FTP Server - FTP server | No |
| N | SsAAD.exe | SsAAD.exe | Sony's SonicStage digital music manager for their range of MP3 players. It monitors your HDD for newly added music tracks and automatically offers to add them to your playlist when you connect your player | No |
| X | ssate.exe | irun4.exe | Added by the BEAGLE.J WORM! | No |
| X | ssate.exe | winsys.exe | Added by the BEAGLE.K WORM! | No |
| N | SSBkgdUpdate | SSBkgdupdate.exe | ScanSoft OmniPage auto updater. Can be disabled using the main program's options. Note - if you have a Soundblaster Audigy2 ZS soundcard installed on your computer and the volume of your soundsystem is turned on extremely high disabling this will solve the problem | No |
| U | SSC Service Utility | ssc_serv.exe | SSC Service Utility is a printer utility for refilled Epson cartridges | No |
| U | SSCFBTN.EXE | SSCFBTN.EXE | Samsung smarthru software,used with Lexmark Z82 or Samsung multifunction printers | No |
| Y | sscRun | SSCRun.exe | AOL's firewall | No |
| Y | SSC_UserPrompt | UsrPrmpt.exe | Part of Symantec's AntiVirus suite and comes usually with a product update, if not on the system already. Required for essential applications to work properly | No |
| Y | Ssd | Std.exe | Stealthdisk - file and folder hiding/locking utility | No |
| ? | ssdiag | ssdiag.exe | Equinox (now Avocent) "Configuration and DOS Diagnostic for DOS and Windows platforms" | No |
| N | SSDPSRV | ssdpsrv.exe | Simple Service Discovery Protocol (SSDP) and General Event Notification Architecture (GENA) services for network plug and play functionality. Starts up a web server on port 5000. Used by Universal Plug and Play (for network device discovery). To remove this program, open Add/Remove Programs, select either Communications (Me) or Networking Services (XP), and remove the checkmark next to Universal Plug and Play | No |
| X | ssgrate.exe | system.exe | Added by the MITGLIEDER.C TROJAN! | No |
| X | ssgrate.exe | irun.exe | Added by the MITGLIEDER.D TROJAN! | No |
| X | ssgrate.exe | irun4.exe | Added by the MITGLIEDER.F TROJAN! | No |
| X | ssgrate.exe | sysdoor.exe | Added by the MITGLIEDER.N TROJAN! | No |
| X | ssgrate.exe | winerdir.exe | Added by the MITGLIEDER.O TROJAN! | No |
| X | ssgrate.exe | winsystems.exe | Added by the BAGLEDL-J TROJAN! | No |
| X | ssgrate.exe | wintems.exe | Added by the MITGLIEDER.Q TROJAN! | No |
| U | SSh32 | SSh32.exe | 2Spy keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| X | SSK Service | winssk32.exe | Added by the SOBIG.E WORM! | No |
| X | SSL | svchost.exe | Added by an unidentified VIRUS, WORM or TROJAN! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup! | No |
| X | SSL Manager | amsnmsgs.exe | Added by a variant of the SDBOT WORM! | No |
| X | SSLDyn | SSLDyn.exE | FRETHOG.MM spyware | No |
| U | ssmmgr | ssmmgr.exe | Samsung printer monitor - for checking ink levels, etc. | No |
| X | ssms.exe | SSMS.EXE | Added by the GISMOR WORM! | No |
| U | SSPY | SSYTEM.EXE | SurfingSpy keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| U | SSS7 | SSS7.exe | Steganos Security Suite 7 - "A comprehensive collection of methods to prevent your data falling into the wrong hands, and highly recommended if you have anything you feel you need to hide" | No |
| X | sssasasb32 | sssasasb32.exe | Added by the TACTSLAY.F TROJAN! | No |
| X | sssasasb32 | msnmsgq32.exe | Added by the TACTSLAY.F TROJAN! | No |
| X | sstata | dwdas.exe | Added by the DASDA TROJAN! | No |
| X | sstata | [path to trojan] | Added by the RANCK-DF TROJAN! | No |
| X | SStb.exe | SStb.exe | Adpowerzone.com "ServerSide" keyword hijacker | No |
| N | sstray | sstray.exe | nVidia nForce Taskbar Utility - quick access to the nForce2 "Sound Storm" control panel and related utilitys | No |
| X | SSUpdate | SSUpdate.exe | MoneyTree parasite - ActiveX control used to download premium-rate dialers | No |
| X | ssvchost | ssvchost.exe | Added by the HELIOS.B TROJAN! | No |
| X | SSWPlauncher | comet.exe | Comet Cursor adware | No |
| N | Stacmon | Stacmon.exe | Installed with the drivers for a SigmaTel C-Major Audio card (on a Dell Inspiron 600m PC for example). Appears as though it can be disabled with no ill effects | No |
| N | StacSysTray | StacSysTray.exe | System Tray control panel for SigmaTel C-Major on-board audio - as used on some Dell and Packard Bell PCs | No |
| X | staeck12 | mfcee.exe | Added by an unidentified WORM or TROJAN! | No |
| X | staeck122 | mfceee.exe | Added by an unidentified WORM or TROJAN! | No |
| X | standalone.exe | standalone.exe | Added by the AGOBOT-ADS WORM! | No |
| U | Stardock ObjectDock | ObjectDock.exe | Stardock ObjectDock is a program that enables users to organize their shortcuts, programs and running tasks into an attractive and fun animated Dock | No |
| U | StarSkin | starskin.exe | StarSkin allows you to change the view and appearance of your Windows XP box with the use of publically available themes | No |
| Y | Start | Quick95.exe | For a Nisis G6 USB Graphics Tablet. Re-enables itself if disabled therefore best left alone | No |
| X | Start | windows.vbs | Homepage hijacker | No |
| ? | start | start.exe | ?? | No |
| X | start | sdcc.exe | Added by the AGENT.CSX TROJAN! | No |
| X | start | isfmntr.exe | Added by the ZLOB.MEDIA-CODEC TROJAN! This purports to be a Windows Media Player upgrade (with names such as "iCodecPack", "X Password Manager" and "Media-Codec") to allow the user to view adult oriented videos on certain websites - but actually downloads and installs additional malware on the user's machine. Various directories and filenames are used - see the link for details | No |
| X | start | sbmntr.exe | Added by the ZLOB.MEDIA-CODEC TROJAN! This purports to be a Windows Media Player upgrade (with names such as "iCodecPack", "X Password Manager" and "Media-Codec") to allow the user to view adult oriented videos on certain websites - but actually downloads and installs additional malware on the user's machine. Various directories and filenames are used - see the link for details. This particular one is "NetProject" | No |
| X | start | iebtm.exe | Added by the ZLOB.MEDIA-CODEC TROJAN! This purports to be a Windows Media Player upgrade (with names such as "iCodecPack", "X Password Manager" and "Media-Codec") to allow the user to view adult oriented videos on certain websites - but actually downloads and installs additional malware on the user's machine. Various directories and filenames are used - see the link for details | No |
| X | Start aThx Roll | f0mered.exe | Added by the RBOT.AAV WORM! | No |
| X | Start CurePCSolution | CurePCSolution.exe | CurePCSolution spyware remover - not recommended, see here | No |
| X | start extracting | spoolvse.exe | Added by the RBOT-XF WORM! | No |
| X | start extracting | spoolvs.exe | Added by the RBOT.BAN WORM! | No |
| X | start extracting | mcafee.exe | Detected by Kaspersky as the RBOT.FO BACKDOOR! See here. Note - this is not a valid McAfee program and is located in %System% | No |
| N | Start Getright | getright.exe | See Getright Tray Icon | No |
| X | Start It Upping | svchosets.exe | Added by a variant of the RBOT WORM! | No |
| U | Start Network Scanner Tool | sdFTP.exe | Part of Sharpdesk from Sharp Electronics. "A desktop-based, personal document management application that lets users browse, edit, search, compose, process, and forward both scanned and native electronic documents" | No |
| X | Start Page | http://find.naupoint.com | Naupoint browser hijacker | No |
| X | Start Page | svcnt32.exe | Homepage hijacker, also detected as Trojan-Downloader.Win32.Delf.ks | No |
| Y | Start RF Wireless Keyboard | ktrexe.exe | Yuanxun Electronics RF wireless keyboard driver | No |
| Y | Start RF Wireless Mouse | cm20.exe | Yuanxun Electronics RF wireless mouse driver | No |
| U | Start Service | upssrv.exe | Cyber Power PowerPanelPlus software. "During a power failure the system automatically saves and closes open files within the battery backup time and safely powers down your computer" | No |
| U | Start Up Cop | startcop.exe | StartUp Cop - startup manager | No |
| X | start uploading | smsss.exe | Added by a variant of the SDBOT WORM! | No |
| X | start uploading | crsss.exe | Added by the RBOT-SZ WORM! | No |
| X | Start Upping | taskmrg.exe | Added by the RBOT-MA WORM! | No |
| X | Start Upping | SVCHOSTES.EXE | Added by the RBOT-NB WORM! | No |
| X | Start Upping | taksmgr.exe | Added by the RBOT-QK WORM! | No |
| X | Start Upping | mcrt32.exe | Added by a variant of the SPYBOT WORM! | No |
| X | Start Upping | windupds.exe | Added by the SDBOT.AFH WORM! | No |
| X | Start Upping | windupdts.exe | Added by a variant of the RBOT WORM! | No |
| X | Start Upping | xdcc.exe | Added by the SPYBOT.OY WORM! | No |
| X | Start Upping | spoolnt.exe | Added by the RBOT-TM WORM! | No |
| X | Start Uppings | svcchosts.exe | Added by the SDBOT.VY WORM! | No |
| X | Start Uppings | mssupdate.exe | Added by a variant of the RBOT WORM! | No |
| N | Start Wingman Profiler | lwtest.exe | Logitech Wingman software required to operate Logitech joysticks and gamepads. Unless you're a hard-core gamer, it's best to leave it unchecked | No |
| N | Start Wingman Profiler | lwemon.exe | Logitech Wingman software required to operate Logitech joysticks and gamepads. Unless you're a hard-core gamer, it's best to leave it unchecked | No |
| U | Startacc | startacc.exe | Launches Webroot's Accelerate 2000 software that "speeds up your Internet connection by up to 300%". Leave enabled if you find it improves internet connection | No |
| N | StartCCC | CLIStart.exe | Puts the ATI Catalyst™ Control Center Icon/Shortcut on the System Tray - available via Start → Programs | No |
| X | startdrv | startdrv.exe | Added by the DROPRK-A TROJAN! | No |
| U | StartEAK | StartEAK.exe | Easy Access Button Support for Compaq PCs. Allows the use of programmable keys on multimedia keyboards. Required if you use the additional keys | No |
| X | startemdoit | [path to trojan] | Added by the DLOADR-AVP TROJAN! | No |
| X | Starter | scvhosting.exe | Added by the SDBOT.RU WORM! | No |
| X | starter | scvhostingg.exe | Added by the FORBOT-FB WORM! | No |
| X | starter | iexplore.exe | Added by the FORBOT-DU WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System% | No |
| U | StartFoxie | StartFoxie.exe | Foxie Suite from Softonic International. "This suite of free tools comes in the form of an Internet Explorer add-on and includes a mix of powerful security enhancements" | No |
| X | startkey | svcmgr.exe | Added by the HIPPER-B TROJAN! | No |
| X | startkey | update.exe | Added by the BIFROSE-DG TROJAN! | No |
| X | startkey | XMCHAI.EXE | Added by the BIFROSE-AO TROJAN! | No |
| X | startkey | explore32.exe | Added by the BDOOR-MT BACKDOOR! | No |
| X | startkey | CKOTS.exe | Added by the BIFROSE-HM TROJAN! | No |
| X | StartKey | pligde.exe | Added by the BIFROSE.E TROJAN! | No |
| X | startkey | RunWinRaR.exe | Added by a variant of the BIFROSE-LV TROJAN! | No |
| X | startkey | Mysia.exe | Added by the CEP TROJAN! | No |
| X | startkey | explorer.exe | Added by the BCKDR-MLD BACKDOOR! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System% | No |
| X | startkey | furzi.exe | Added by the BIFROSE-OK TROJAN! | No |
| X | startkey | krnl.exe | Added by the BIFROSE-S TROJAN! | No |
| X | startkey | royale.exe | Added by a variant of the SDBOT WORM! | No |
| X | startkey | rtfmsv.exe | Added by the EDEPOL-C TROJAN! | No |
| X | startkey | scvhost.exe | Added by the BIFROSE-PM TROJAN! | No |
| X | startkey | server.exe | Added by the BIFROSE-DB TROJAN! | No |
| X | startkey | win32i.exe | Added by the BIFROSE-R TROJAN! | No |
| X | startkey | winampXP.exe | Added by the BIFROSE-OY TROJAN! | No |
| X | startkey | svchost32.exe | Added by a variant of the SDBOT WORM! | No |
| X | startkey | winlogin.exe | Added by the BIFROSE-PM TROJAN! | No |
| X | startkey | antivir.exe | Added by the BIFROSE-TO TROJAN! | No |
| X | startkey | svchost.exe | Added by the AGENT-FPL TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder | No |
| N | startl.exe | startl.exe | Lingocom LingoWare - translates any application into your language | No |
| X | StartMenu | deamon.exe | Added by the TACTSLAY.C TROJAN! | No |
| X | StartMenu | msgaol.exe | Added by the TACTSLAY.C TROJAN! | No |
| X | StartMenu | s_menu.exe | Added by the TACTSLAY.C TROJAN! | No |
| X | StartMenu | browse.exe | Added by the DROWSY-C TROJAN! | No |
| X | startpage | startpage.exe | Browser hijacker - redirecting to pages2start.com | No |
| U | STARTPAGE | start1.exe | NoSpy.org - prevents spyware from changing your startpage and other browser properties. The start1.exe file is located in a NOSPY.ORG folder | No |
| X | StartReplySystem | loadnewmessage.exe | Added by the HIDAGENT-B WORM! | No |
| U | StartSecurDoc | SDPin.exe | SecurDoc from WinMagic Inc - "Provides full disk encryption to protect sensitive information stored on laptops, desktops and PDAs" | No |
| U | StartStop | STARTSTOP.EXE | StartStop from TFI Technology - startup manager | No |
| U | StartSurfing | STARTS.exe | Start Surfing allows you to protect your privacy while surfing and searching the Internet by acting as a "filter" between you and the website you are visiting. Startsurfing acts as your shield from Pop Up Windows, Mouse Traps, Window Resizing, and scripts that attempt to record your personal information. Available via Start -> Programs | No |
| N | Startup | ?? | Related to an Iomega drive | No |
| X | Startup | WinlogonStartup | Unidentified malware | No |
| X | Startup | mirc.exe | Added by the FLOOD-EU TROJAN! An uninstall option for mirc.exe can be accessed via the Add or Remove Programs dialog in the Windows Control Panel. The software is listed as mIRC. This one puts 10 files in the Windows or Winnt folder | No |
| X | Startup Configuration | [six character filename] | Added by the RBOT-ARV WORM! | No |
| X | Startup Configuration | wztoid.exe | Added by the RBOT-ASD WORM! | No |
| ? | Startup Launcher GUI | GUI.exe | Startup manager? | No |
| U | Startup Manager Scanner | StartupMonitor.exe | Startup-Mechanic Startup monitor - offers boot protection of your PC from harmful trojans, adult-dialers, and other scumware | No |
| Y | Startup Scan | Sensor.EXE | AntiVirus Quick Heal - scheduling agent | No |
| X | Startup Update | Cvshost.exe | Added by the GAOBOT.AO WORM! | No |
| X | StartupBin | iwnujdss.exe | Added by the SDBOT-XZ WORM! | No |
| U | StartupMonitor | StartupMonitor.exe | Mike Lin's StartupMonitor, throws up an alert and asks your permission every time any change is made to your start-up configuration, either in the registry or start menu | No |
| X | StartupOption | loadsysdisk.exe | Added by the HIDAGENT-B WORM! | No |
| X | Startwd | rundll32.exe wd081025.dll,Hook | Detected by Kaspersky as the AGENT.DE TROJAN! See here. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "wd081025.dll" file is found in %System% | No |
| X | startwin | startwin.exe | Added by the ANTIMAN.A WORM! | No |
| X | startwindowskeyuser | rundle2.exe | Added by the JAVAKILLER TROJAN! | No |
| N | Stat 'n' Perf | StatnPerf.exe | Stat 'n' Perf monitors your internet connection and displays information about sent and received bytes | No |
| X | StatBar | STATBAR.exe | StatBar (system status bar) allows you to quickly get an overview of your system's condition (memory, CPU, uptime, and much more). Due to the sheer number of resources (over 60%) consumed by this program, it is unsuitable for Windows 9x/Me | No |
| X | State Service | csrss.exe | Added by the DADOBRA-CP TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| U | StationPlaylistStudio | SPLStudio.exe | StationPlaylist Studio - "simple to use on-air broadcast playback software for the studio and/or DJ" for small to medium sized radio broadcasters, and internet webcasters | No |
| X | Statistics | statslist.exe | Added by the OPANKI-S WORM! | No |
| N | Status Monitor | BrMfcWnd.exe | Brother scanner status monitor - can be started manually | No |
| U | Status Monitor CLJ1500 | HPPOUMUI.exe | Status monitor for the HP Color LaserJet 1500 printer from Hewlett-Packard - for monitoring printer status, checking ink levels, etc | No |
| N | Status Monitor XE | ENGSS.EXE | The Xerox Document WorkCentre XE Series Status Monitor displays information about your printer and currently active or waiting print jobs. You can use it to control your printing environment and manage your printing operations. Available via Start -> Programs | No |
| ? | StatusClient | StatusClient.exe | Part of Hewlett Packard network printer drivers | No |
| ? | StatusClient 2.6 | StatusClient.exe | Part of Hewlett Packard network printer drivers | No |
| N | StatusView | StatusView.exe | Status View intra-office messaging | No |
| N | Stay Connected! | StayCon.exe | More than just a pinger, actually simulates online activity. Supports AOL, NetZero, MSN, ATT WorldNet, CompuServe and many other ISPs as well. Available via Start -> Programs | No |
| U | StayAlive | StayAlive.Exe | Part of RealSPEED - tweaking utility to speed-up your internet connection. Stay connected even after a period of inactivity on the net | No |
| U | StayAlive | sa.exe | StayAlive from TFI Technology. "This top-notch tool intercepts crashes when they happen, keeping your programs running so you can save your work." | No |
| ? | STBVision | STBVisn.exe | Related to the STB Velocity graphics card. What does it do and is it required? | No |
| N | STBWEBTV | STBWEBTV.EXE | Used to display TV on your PC | No |
| X | stcinstaller | id53.exe | Added by the SCTHOUGHT.L TROJAN! | No |
| X | stcloader | stcloader.exe | SecondThought adware | No |
| X | STCLOA~1 | STCLOA~1.EXE | SecondThought adware | No |
| Y | STCPO | STCPO.exe | Sophos Sweep antivirus software | No |
| X | StdAFX | stdafx.exe | Added by the DELBOT-AF WORM! | No |
| X | stdlib | [filename] | Added by the PERDA-E TROJAN! | No |
| Y | STDSB | STDSB.exe | Scrollbar driver for notebooks. If taken out of the Startup, it will not provide scrolling | No |
| U | Stealth Anonymizer 2.5 | stealth25.exe | Now named Stealther - proxy server agent that lets you travel the Internet with maximum possible privacy | No |
| X | stealth.dcom.exe | stealth.dcom.exe | Added by the THEALS.A WORM! | No |
| X | stealth.ddos.exe | stealth.ddos.exe | Added by the THEALS.A WORM! | No |
| X | stealth.exe | stealth.exe | Added by the THEALS.A WORM! | No |
| X | stealth.injector.exe | stealth.injector.exe | Added by the THEALS.A WORM! | No |
| X | stealth.stat.exe | stealth.stat.exe | Added by the THEALS.A WORM! | No |
| X | stealth.wm.exe | stealth.wm.exe | Added by the THEALS.A WORM! | No |
| X | stealth.worm.exe | stealth.worm.exe | Added by the THEALS.A WORM! | No |
| N | Steam | steam.exe | Valve Software's STEAM broadband game client. Steam is Valve's new way of getting games into your hands ASAP. Games like Half-Life, Counter-Strike, and Counter-Strike: Condition Zero are all being made available through Steam. Steam games are automatically kept up-to-date with the latest content and revisions. Steam also includes an instant-message client which even works while you're in-game | No |
| X | steam | steam.exe | Added by the RBOT-AJT WORM! Note - the file steam.exe will be found in the WindowsSystem folder and is not associated with Valve Software's game client | No |
| X | SteFanie | SteFanie.vbs | Added by the STEFAN WORM! Note - make sure you check the hyperlink as this one copies it's self to numerous dirves and folders | No |
| ? | stgclean | w32main2.exe | Related to IBM Standard Software Installer. What does it do and is it required? | No |
| N | Stickies | Stickies.exe | Stickies - "lets you put yellow sticky notes on your Windows desktop, much like the popular Mac OS application. It is very simple, very customizable, and completely free!". Available via Start → Programs | No |
| N | Sticky Notes | stikynot.exe | Microsoft Sticky Notes - virtual sticky notes tool | No |
| U | Sticky Pad | StickyPad.exe | Sticky Pad from Green Eclipse. Place sticky notes on your desktop | No |
| N | StickyNote | StickyNote.exe | Utility that allows you to put yellow "Post-It" type messages on your desktop. Available via Start -> Programs | No |
| U | StillImageMonitor | Stimon.exe | Stimon.exe enables a USB still-image device (such as a scanner) to initiate data transfer to a program. For example, if your scanning device has a scan button, it may start a program and begin scanning when you press it. Create a shortcut and start it manually when needed if your scanner otherwise fails to scan. May be required for your USB scanner to work - including all HP scanners and some of their SCSI scanners | No |
| X | stisrv | stisrv.exe | Added by the RBOT.BQF WORM! | No |
| X | stlbdist | rundll32exe stlbdist.DLL, DllRunMain | Hijacker pointing to www.searchandclick.com | No |
| X | stlbupdt | rundll32.exe stlbupdt.DLL, DllRunMain | BrowserAid/BrowserPal foistware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| N | STManager | drst.exe | Dr. SpeedTouch is some sort of diagnostics software which sends out information to a server which then relays the information back to the program to test the network to see if the SpeedTouch ADSL modem connection is working properly. Not required if connected via Ethernet (and probably USB). Can cause a slow down in Win2K - see here | No |
| X | stmha | wkfxi.js | Added by the SPETH WORM! | No |
| X | stonedrv | stonedrv.exe | Added by the COSIMA-K TROJAN! | No |
| U | StopSignSsTsMon | sstsmon.dll, VerifyStatus | eAcceleration Stop-Sign security software related. Previously not recommended, see here | No |
| U | StopSignStatus | stopsinfo.dll | eAcceleration Stop-Sign security software related. Previously not recommended, see here | No |
| U | STOPzilla | Stopzilla.exe | StopZilla! - pop-up killer | No |
| U | STOPzilla Service | SZNTSVC.EXE | StopZilla! - pop-up killer | No |
| U | StorageGuard | sgtray.exe | StorageGuard from Veritas. Free utility that integrates with Backup MyPC (formerly Backup Exec Desktop), Simple Backup and MS Backup. Provides system tray access and background monitoring - warning you of files that haven't recently been backed up. Required unless you backup manually on a regular basis or have scheduled backups | No |
| X | StorageProtector | SysRep.exe | StorageProtector misleading security software - not recommended, see here | No |
| U | StormCodec_Helper | StormSet.exe | Storm Codec is a codec pack for Windows | No |
| ? | STPMGR | STPMGR.EXE | Part of SafeTP which is transparent FTP security software. Does it need to be running permanently or can it be started manually via Start -> Programs | No |
| X | stratas | xmconfig.exe | Added by the RBOT-AHR WORM! | No |
| X | stratas | lockx.exe | Added by the SDBOT-ADD WORM! | No |
| X | Stratas | ggfig.exe | Added by the OPANKI.W WORM! | No |
| X | StreamAppliance | wuauclt14.exe | Added by the RBOT-GMB WORM! | No |
| X | StreamAppliance | wuauclt16.exe | Added by the RBOT-GME WORM! | No |
| N | Streamload Downloader | SlDB.exe | Downloader for MediaMax (was Streamload) - "gives you a private and secure place to upload, store, access, and share your personal videos, photos, movies, music, and files" | No |
| N | Streamload Uploader | StreamMgr.exe | Uploader for MediaMax (was Streamload) - "gives you a private and secure place to upload, store, access, and share your personal videos, photos, movies, music, and files" | No |
| X | Streams Drivers | [trojan filename] | Added by the RESTARTER.E TROJAN! | No |
| U | StreamZap Remote | zremote.exe | StreamZap PC Remote - control Windows Media Player, iTunes, RealPlayer, Winamp, PowerPoint, MusicMatch Jukebox, and many other multimedia applications | No |
| U | StrgSync.exe | StrgSync.exe | SimpleTech Inc's StorageSync backup software - backs up an entire PC, or selected files and folders | No |
| X | strkjhk | sdflkj3.exe | Added by an unidentified WORM or TROJAN - see here | No |
| X | strmsnmgrs | msnxmsgrsc.exe | Added by the SDBOT.JDR WORM! | No |
| X | strmsnmsgr | msnmsgrs.exe | Added by the RBOT-ACQ WORM! | No |
| X | strmsnmsgrs | msnmsgrsc.exe | Added by a variant of the RBOT WORM! | No |
| X | strmsnnms | msnmegrs.exe | Added by the SDBOT-YU TROJAN! | No |
| X | strmsnnrs | msnmcgrs.exe | Added by the RBOT-ACT TROJAN! | No |
| X | strmsoums | msnmegrse.exe | Added by the SDBOT-ZK TROJAN! | No |
| X | Strng32 | strngbox.exe | Added by the STRANO WORM! | No |
| U | StrokeIt | strokeit.exe | StrokeIt is an "advanced mouse gesture recognition engine and command processor" | No |
| X | strtas | lock1.exe | Added by the SDBOT-ADQ WORM! | No |
| X | strtas | lockx.exe | Added by the SDBOT-AEB WORM! | No |
| X | strtas | l074.exe | Added by the AGENT-II TROJAN! | No |
| X | strtas | loc1.exe | Added by the RBOT-AZU TROJAN! | No |
| X | strto | strto.exe | Added by the KILLPROC-F TROJAN! | No |
| X | strto | [path to trojan] | Added by the KILLAV-AP TROJAN! | No |
| X | Sts | iwnujdss2.exe | Added by the SDBOT-YI WORM! | No |
| X | Stubbish | Stubbish.exe | Added by the STUBBOT-A WORM! | No |
| X | StubPath | Sservice.exe | Added by the PRORAT TROJAN! | No |
| X | stup | 138762763.exe | Added by the FIRESPY-A TROJAN! It will attempt to register the dropped component as a Firefox plugin and begin monitoring the user's browsing habits, stealing information including monitoring and logging information from Web forms | No |
| X | stup1db0t | _win.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| N | StupAssist | StupAssist.exe | Associated with Nikon digital cameras | No |
| X | STV | winscrne.exe | Added by a variant of the SDBOT WORM! | No |
| X | stxrmsgms | mstats.exe | Added by the IRCBOT-AE TROJAN! | No |
| U | StyleXP | StyleXP.exe | StyleXP allows you customize the way WinXP looks. If disabled via msconfig it re-instates itself at reboot, therefore uninstall it if you don't want it | No |
| X | SubAH | SubAH.exe | Added by the SUBAH TROJAN! | No |
| U | Subliminal Power | Subliminal.exe | Subliminal Power - displays subliminal messages of your choice on your computer screen | No |
| N | Subtract the Ads | AdSub.exe | Removes adverts from web pages. Although useful - not required | No |
| X | suck | l0ad.exe | PurityScan/Clickspring adware | No |
| U | Suitcase Startup | Suitcase.exe | Suitcase - system font manager start up utility. Used for dynamic managment of fonts on your system | No |
| X | Suite | SuiteOffices.exe | Added by the LAZAR TROJAN! | No |
| X | SULFNBJ.EXE | SULFNBJ.EXE | Added by the PE_MAGISTR.DAM VIRUS! | No |
| X | Sun Java Console for Windows NT & XP | jconsole.exe | Added by the VANEBOT-C WORM! | No |
| U | Sunasdtserv | Sunasdtserv.exe | CounterSpy by Sunbelt Software - adware/spyware protection | No |
| U | sunasServ | sunasServ.exe | CounterSpy by Sunbelt Software - adware/spyware protection | No |
| X | Sunjava | javasmart.exe | Added by the AGENT.AHV TROJAN! | No |
| X | SunJavaSched | ccEvtMngr.exe | Added by the SDBOT-YP WORM! | No |
| X | SunJavaSched Updater | avamx.exe | Added by the RBOT-ABJ WORM! | No |
| X | SunJavaUpdate | smvss.exe | Added by the DEDLER-G TROJAN! | No |
| X | SunJavaUpdater | javaw.exe | Added by the MYTOB.QR WORM! | No |
| N | SunJavaUpdateSched | jusched.exe | Checks with Sun's Java updates site to see if newer Java versions are available. Either visit the Java download page or click on Start → Control Panel → Java → Update → Update Now | No |
| X | SunJavaUpdateSched | scvhost.exe | Added by the SDBOT-AVX WORM! | No |
| X | SunJavaUpdateSched | javamx.exe | Added by the SDBOT-WI WORM! | No |
| X | SunJavaUpdatSched | spoolsv.exe | Added by the BANCBAN-NP TROJAN! Note - this is not the legitimate spoolsv.exe which is always located in %System%. This one is located in %ProgramFiles%\MSN Messenger | No |
| U | Sunkist | shwicon98.exe | Card reader for memory cards from digital cameras, etc | No |
| U | Sunkist2k | shwicon2k.exe | Card reader for memory cards from digital cameras, etc | No |
| U | SunKistEM | shwiconem.exe | Used by your computer to communicate with your Alcor Micro Multimedia Card Reader - necessary if you're using this software | No |
| U | SuNotification | suatshut.exe | ShadowSurfer - "provides a safe computing environment by creating a virtual twin of your PC. Restore the pre-ShadowMode system state no matter what changes have occurred to your PC" | No |
| Y | SunProtectionServer | SunProtectionServer.exe | CounterSpy antispyware software | No |
| Y | SunServer | SunServer.exe | CounterSpy antispyware software | No |
| ? | SupaDial | SupaDial.exe | SupaNet.com modem driver related - is it required? | No |
| N | Supastatus | status.exe | Supanet ISP software | No |
| X | supdate | supdate.exe | Added by the MALWARE.D TROJAN! | No |
| X | supdate2.dll | rundll32.exe supdate2.dll | Added by the ZLOB-VL TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "supdate2.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| X | super | fuckbx.exe | Added by the LINEAGE-H TROJAN! | No |
| X | super | super.exe | Added by the AGOBOT-QT WORM! | No |
| U | Super Popup Blocker | popkill.exe | Saga Super Popup Blocker - pop-up stopper | No |
| U | Super X Desktop Version 3.4 | SXDesk.exe | Super X Desktop - virtual desktop manager | No |
| U | SuperAdBlocker | SAdBlock.exe | SuperAdBlocker | No |
| Y | SUPERAntiSpyware | SUPERAntiSpyware.exe | SUPERAntiSpyware is the most thorough scanner on the market. Our Multi-Dimensional Scanning and Process Interrogation Technology will detect spyware that other products miss! SUPERAntiSpyware will remove ALL the Spyware, NOT just the easy ones!" | Yes |
| X | SuperBar.Component | [path to services.exe] | Added by the SMALL-AQ TROJAN! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in an "Inetsrv" subfolder | No |
| X | SuperBar.Component | services.exe | FakeMessage/AdRotator adware. Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in an "Inetsrv" subfolder | No |
| U | Supercleaner | Supercleaner.exe | Supercleaner - all in one disk cleaner for your computer | No |
| U | SuperCool Compress Backup | Main.exe | "SuperCool Zip Backup software is a data backup,restore and file synchronization program" | No |
| X | SuperHeissSex | SuperHeissSex.exe | HeissSex premium rate adult content dialer! | No |
| X | supernews12 | newsd32.exe | Adware, also detected as the DLOADER-JN TROJAN! | No |
| X | Supernova | [worm filename] | Added by the SURNOVA.A (or SUPOVA) WORM! | No |
| X | superproxy | superproxy.exe | Added by the DELBACK-B TROJAN! | No |
| U | SuperRam | SuperRam.exe | SuperRam memory manager. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See SuperRam article and make up your own mind | No |
| X | superslut | msslut32.exe | Added by the SLUTER-A WORM! | No |
| U | SuperSpamKiller Pro | Ssk.exe | SuperSpamKiller Pro email spam blocker | No |
| X | Supervisor.exe | Supervisor.exe | Has been reported to be associated with various antitrojan software like ATS and PC Doorguard. If so it's required in Startup - any further information is welcome | No |
| X | support-reverse-smileys | [trojan filename] | Added by the LITEBOT TROJAN! | No |
| X | supporter5 | supporter5.exe | Part of eScorcher anti-virus software- responsible for updates of new virus bases each time you logon to the web. Used to collect information about the user and therefore treated as spyware - now the web-site is dead | No |
| U | Sup_SmartRAM | Sup_SmartRAM.exe | Memory management part of the Advanced SystemCare system utility from IObit | No |
| U | Sup_SmartRAM.exe | Sup_SmartRAM.exe | Memory management part of the Advanced SystemCare system utility from IObit | No |
| U | SureCleanProfessional | SRClean.exe | SureClean PC and Internet tracks cleaner | No |
| U | Sureshotpopupkiller | Stopthepop.exe | Stop-the-Pop-Up popup blocker | No |
| U | Sureshotpopupkiller | pusak.exe | Stop-the-Pop-Up popup blocker | No |
| X | SurfAccuracy | sacc.exe | SurfAccuracy adware | No |
| X | SurfBuddy | rundll32 [path] sbuddy.dll | SurfBuddy adware - not to be confused with the legitimate SurfBuddy application by SurfApps!. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| U | SurfChoice | SCMan.exe | SCMan is a utility that can control services on WinNT from the command line. This utility can create, start, pause, stop, delete services. Furthermore it can retrieve a service's current state, get the displayname for a service and vice versa | No |
| X | Surfer lptt01 | surfer.exe | RapidBlaster variant (in a "mssurfer" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here | No |
| X | Surfer ml097e | surfer.exe | RapidBlaster variant (in a "mssurfer" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here | No |
| U | SurfHelper | SurfHelp.exe | Related to SurfHelper - a free tool to remove popup windows, clear history, control window properties of IE, and more | No |
| U | SurfinGuard Pro | winsfcm.exe | SurfinGuard Pro from Finjan - internet protection software, protects against all malicious code delivered through executables, scripting files, ActiveX and Java | No |
| U | SurfSecret | ss2-full.exe | "House-cleaning utility that enables you to keep your computer usage to yourself. Runs quietly from the system tray, eliminating tell-tale files at a regular interval of your choosing. You can set it to clear your Internet cache files, cookies, history, temp folder, etc. It can also clear the history of your Run and Find menus, in addition to the AOL cache" | No |
| X | SurfSideKick | Ssk.exe | SurfSideKick adware | No |
| X | SurfSideKick 2 | Ssk.exe | SurfSideKick adware | No |
| X | SurfSideKick 3 | Ssk.exe | SurfSideKick adware | No |
| U | SurfStream | SurfStream.exe | Conceiva "SurfStream lets you surf the Web faster. It contains a fully featured proxy server that lets you surf the Web significantly faster. It also blocks all pop-up windows and banner ads from Web pages. An intelligent tune-up tool automatically analyzes and optimizes your computer's Internet connection and TCP/IP settings" | No |
| X | Surs | awab.exe | PurityScan/Clickspring adware | No |
| N | Surveysa | surveysa.exe | Found on Sony laptops, it brings up a prompt to take a survey. It goes away if you fill out the survey or you choose "never prompt me again" but keeps popping if you either exit out of it or select "take survey later" | No |
| U | suScheduler | UCLauncher.exe | Related to Lenovo ThinkVantage Technologies. ThinkVantage Technologies help make ThinkPad/ThinkCentre PCs less dependent on IT staff | No |
| X | Susp | Susp.exe | VX2.Transponder parasite updater/installer related | No |
| X | susse | hpsw.exe | LinkMaker adware | No |
| X | Sustem | explorer.exe | Added by an unidentified VIRUS, WORM or TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! | No |
| X | SustemUpdate | explorer.exe | Added by an unidentified VIRUS, WORM or TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! | No |
| X | SV00LSV | SV00LSV.EXE | Added by the GRAYBIRD-C TROJAN! | No |
| X | SVA Player | SVAplayer.exe | SVAPlayer parasite | No |
| X | Svc | svc.exe | ClientMan parasite variant | No |
| U | SVC | svchost.exe | ElfSpy keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| X | svc | expseny.exe | Added by the PWS-ANG TROJAN! | No |
| X | SVC Service | svcinit.exe | Added by the SINIT TROJAN! | No |
| X | SVC Service | svcinit.exe | CoolWebSearch parasite variant | No |
| X | SVC Service | svcpack.exe | CoolWebSearch Svcinit parasite variant | No |
| X | SVC Service | svc32.pif | Added by the RBOT-ASC WORM! | No |
| X | SVC Socks | mstaskm.exe | CoolWebSearch parasite variant | No |
| X | svc32 | svc32.exe | Identified as a variant of the Banker-EQC/DLoader.GPJI malware | No |
| X | Svced | Svced.exe | Added by the DELF.F TROJAN! | No |
| X | SvcH0st | msexploren.exe | Added by the BACKDOOR-CGZ TROJAN! | No |
| X | SvcH0st | SHCH.EXE | Added by the BDOOR-EB BACKDOOR! | No |
| X | SvcH0st | SVCHST.EXE | Added by the BDOOR-EB BACKDOOR! | No |
| X | SvcH0st | WINAGENT.EXE | Added by the BDOOR-EB BACKDOOR! | No |
| X | SVCH0ST | spoo1sv.exe | Added by the VB-HF TROJAN! | No |
| X | SVCH0ST | SVCH0ST.EXE | Added by the VB-IK TROJAN! Note - the filename has the digit 0 rather then the uppercase "o" | No |
| X | SvcH0st | msnexploren.exe | Added by the TACTSLAY.B TROJAN! | No |
| X | SvcH0st | sdhch.exe | Added by the TACTSLAY.B TROJAN! | No |
| X | SVCH0TS | sp00lvs.exe | Added by the LINEAGE-AZ TROJAN! | No |
| X | svchast | svchast.exe | Added by the LINEAGE-AV TROJAN! | No |
| X | svchctrl | svchctrl.exe | Added by the COBFINN TROJAN! | No |
| X | svchos | svchos.exe | Added by the EZIBOT-B TROJAN! | No |
| X | svchosd | [path to trojan] | Added by the BANCOS-BCX TROJAN! | No |
| X | SVCHOSI | SVCHOSI.EXE | Added by the VBBOT-AA WORM! | No |
| X | SVCHOST | svchost.exe | System1060 homepage hi-jacker. Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\System1060 | No |
| X | svchost | svchost.exe | Added by many TROJANS amd WORMS, such as MORB or TARNO. Note - this is not the legitimate svchost.exe process which should not normally figure in Msconfig/Startup! | No |
| X | SVCHOST | mrowyekdc.exe | Added by the GOTORM WORM! | No |
| X | svchost | Svch0st.exe | Added by the GRAYBIRD and GRAYBIRD.B TROJANS! Note - the filename has the digit 0 rather then the uppercase "o" | No |
| X | svchost | [path to trojan] | Added by the HAZZER TROJAN! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup! | No |
| X | svchost | ADMAGIC.EXE | Added by the SMIBAG WORM! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup! | No |
| X | Svchost | winhost.exe | Added by the LOLAWEB.A TROJAN! | No |
| X | Svchost | svchost.exe | Added by the MOZE-A WORM! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in the Winnt or Windows folder | No |
| X | SVCHOST | var.txt.exe | Added by the LDPINCH.C TROJAN! | No |
| X | Svchost | svchosl.pif | Added by the INZAE.A or INZAE.B WORMS! | No |
| X | svchost | [path] SETUP.EXE | Added by the SETCLO WORM! | No |
| X | SVCHOST | scvhost.exe | Added by the MYTOB.E or MYTOB.G WORMS! | No |
| X | SVCHOST | taskgmr.exe | Added by the MYTOB.F or MYTOB.H WORMS! | No |
| X | svchost | olehelp.exe | Added by the BOOKMARKER.G TROJAN! | No |
| X | SVCHOST | updater32.exe | Added by the RANTS.A WORM! | No |
| X | SVCHOST | SPOOLSV.EXE | Added by the BAITAP-A WORM! Note - this is not the legitimate spoolsv.exe which is always located in %System%. This one is located in %Windir% | No |
| X | SvcHost | svchost32.exe | Added by the AGOBOT-TM WORM! | No |
| X | svchost | svchost.exe | Added by the BANCBAN-HL TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "config" subfolder of the Winnt or Windows folder | No |
| X | svchost | [path to explorer.exe] | Added by the UNREAL-A TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! | No |
| X | svchost | rundll16.exe | Added by the STARTPA-PB TROJAN! | No |
| X | Svchost | svchost.exe | Added by the ADCLICK-AX TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Program FilesInternet Explorer folder | No |
| X | svchost | svchost.exe | Added by the BDOOR-ES BACKDOOR! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "Microsoft" subfolder | No |
| X | svchost | svchost.exe | Added by the DLOADER-EV TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %ProgramFiles% | No |
| X | svchost | winhelp.exe | Added by the GAOBOT.GEN!POLY WORM! | No |
| X | SVCHOST | MDM.EXE | Added by the LCJUMP-A WORM! Note - this is not the legitimate Machine Debug Manager (mdm.exe) process which is always located in %ProgramFiles%\Microsoft Shared. This one is located in %Windir% | No |
| X | Svchost | svchots.exe | Added by the RBOT.ADK WORM! | No |
| X | svchost | ying.exe | Constructor VC2000 malware | No |
| X | svchost | inetinfo.scr | Added by the ODELUD WORM! | No |
| X | SVCHOST | svchost64.exe | Added by the STARTP-G TROJAN! | No |
| X | svchost | svchost.com | Added by the BANLOA-ABL TROJAN! | No |
| X | svchost connection monitor | svchost32.exe | Added by a variant of the SDBOT WORM! | No |
| X | SVCHOST Generic application | svchost.exe | Added by the DAEMONI-K TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in the Winnt or Windows folder | No |
| X | svchost Netware Manager | svchost.exe | Added by the EXVID.A WORM! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder | No |
| X | SVCHost Protocol32 | scvhost32.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | Svchost Service | svchost.exe | Added by the VB-DVQ WORM! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Help subfolder of the Winnt or Windows folder | No |
| X | Svchost Windows Remote Services | svhost.exe | Added by the IRCBOT-IV WORM! | No |
| X | svchost.exe | svchost32.exe | CoolWebSearch Svchost32 parasite variant | No |
| X | SVCHOST.EXE | SVCHOST.EXE | Added by the WRMSCAN-A TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in the Winnt or Windows folder | No |
| X | svchost.exe | [path to executeable] | Added by the BANKER-MO TROJAN! | No |
| X | svchost.exe | svchost.exe | Added by the ZAPCHAS-V TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "drivers" subfolder | No |
| X | svchost.exe | swchost.exe | Added by the SADELPHI-A TROJAN! | No |
| X | svchost1 | svchost1.exe | Added by the AGOBOT.ZZ WORM! | No |
| X | SvcHost32 | svchost32.exe | Added by the MIMAIL.I or MIMAIL.J WORMS! | No |
| X | svchost32.exe | svchost32.exe | Added by the ASSASIN.20B BACKDOOR! | No |
| X | svchost64 | svchost64.exe | Added by the SDBOTER.G VIRUS! | No |
| X | svchosta | svchosta.exe | Added by the SNIFFER-I TROJAN! | No |
| X | svchostb | svchostb.exe | Added by the SNIFFER-J TROJAN! | No |
| X | SvcHostDHCP | svchost32.exe | Added by the ASSASIN.20B BACKDOOR! | No |
| X | svchostdll.scr | svchostdll.scr | Added by the BANCBAN-FM TROJAN! | No |
| X | SvcHosto | v1rg1n.exe | Added by the AGOBOT-TK WORM! | No |
| X | svchostr | svchostr.exe | Added by an unidentified WORM or TROJAN! | No |
| X | svchosts | svchosts.exe | Added by the BANCBAN-DC or BANKER-ED TROJANS! | No |
| X | svchosts.exe | svchosts.exe | Added by the AGOBOT-JN WORM! | No |
| X | svchosts.scr | svchosts.scr | Added by the BANCBAN-DQ TROJAN and variants! | No |
| X | SVCHOT | SVCHOT.exe | Added by the QQROB-U TROJAN! | No |
| X | svchst | svchst.exe | Added by the KBROY-C TROJAN! | No |
| X | svcinfo | svcinfo.exe | Added by the CRYPTER.A TROJAN! | No |
| X | Svclhost | svcchost.exe | Added by an unidentified WORM or TROJAN! | No |
| X | SvcManager | restore3.exe | Added by the AGENT-DSS TROJAN! | No |
| X | SvcManager | spoolvs3.exe | Added by an unidentified WORM or TROJAN! | No |
| U | svcmon | svcmon.exe | PersonInspect surveillance software. Uninstall this software unless you put it there yourself | No |
| X | Svconr | Svconr.exe | WaveRevenue-lBann adware | No |
| X | svcroot | svcroot.exe | Added by the KEYLOG-AC TROJAN! | No |
| X | svcshare | winampXP.exe | Added by the FUJACKS-J VIRUS! | No |
| X | svcshare | spoclsv.exe | Added by the FUJACKS-A VIRUS! | No |
| X | svcshare | CTMONTv.exe | Added by the FUJACKS-AJ WORM! | No |
| X | svcshare | nvscv32.exe | Added by the FUJACKS-Z WORM! | No |
| X | SvcSys | [path to file] | Added by the BANCOS.Z TROJAN! | No |
| X | Svcsys Registry Manager | svcsysreg.exe | Detected by Kaspersky as the AGENT.CV TROJAN! | No |
| X | svcsys32 | svcsys32.exe | Added by the AGOBOT-LL WORM! | No |
| X | svctask | svctask.exe | Added by the CHUCKYB-A TROJAN! | No |
| X | svcwinprocess32 | [path to worm] | Added by the UPERING WORM! | No |
| X | SVGA Adapter | svghost.exe | Added by a variant of the SPYBOT WORM! See here | No |
| X | svhcost | svhcost.exe | OpenSearch adware | No |
| X | svhoost | checksys.exe | Added by a downloader TROJAN of Chinese origin! | No |
| X | SVHOST | svhost.exe | Added by the MYDOOM.I WORM! | No |
| X | SVHOST | SVHOST.EXE | Added by the ZORI.A VIRUS! | No |
| X | Svhost Loader | svshost.exe | Added by the AGOBOT.G WORM! | No |
| X | Svhost Service Server | svhostser.exe | Added by a variant of the RBOT WORM! See here | No |
| X | svhost updates | Svhost.exe | Added by a variant of the RBOT WORM! | No |
| X | svhost windows services | svhost8.exe | Added by the RBOT-WQ WORM! | No |
| ? | SVIDC32M | SVIDC32M.exe | ?? | No |
| X | sVideo2 | [path to dialler] | "Switch-D" premium rate adult content dialler | No |
| X | sviload32 | sviload32.exe | Added by the RBOT-AAS WORM! | No |
| ? | SVM Pop | svmpop.exe | ?? | No |
| X | svnlitup32 | svnlitup32.exe | Added by the RBOT.CBJ WORM! | No |
| X | svnloader | svnload32.exe | Added by the RBOT-ACU WORM! | No |
| X | svphost.exe | svphost.exe | Added by the AGENT.CS TROJAN! | No |
| U | SVPWUTIL | SVPWUTIL.exe SVPwUTIL | Part of Toshiba Hardware Setup | No |
| X | svrrun | svrrun.exe | Adware hailing from Deskwizz.com | No |
| X | svsekin | svsekt.exe | Added by the QQPASS.G TROJAN! | No |
| X | svshost | svshost.exe | Added by the CHODE-H WORM! | No |
| X | svshost | messenger.exe | Added by the LOONY-G TROJAN! | No |
| X | Svshost Update Service | svcbind.exe | Added by the MYTOB.LH WORM! | No |
| X | svshost32 | msgrsv32.exe | Added by the RANKY.AJ TROJAN! | No |
| X | svshost32 | svshost32.exe | Added by a variant of the SDBOT WORM! | No |
| X | svshostdriver | svshost.exe | Added by the SDBOT-HN TROJAN! | No |
| X | svtcin | n20050308.a.Stub.EXE | Added by the N20050308 TROJAN! | No |
| X | svwin32 | unninst32.exe | Added by the AGOBOT-NF WORM! | No |
| X | SVX Control Service | svxhost.exe | Added by the FORBOT-K WORM! | No |
| U | SW20 | sw20.exe | Related to MSI's Dynamic Overclocking Technology | No |
| U | SW24 | sw24.exe | Related to MSI's Dynamic Overclocking Technology | No |
| N | Swap Nut | javaw.exe | javaw.exe can be loaded by other programs at startup but in this instance it's SwapNut, a peer-to-peer file sharing and searching utility developed and marketed by File Metrics, Inc. Users can search for and find almost any type of digital file (audio, video, photos etc.) through a secure peer-to-peer network | No |
| X | SWCaller | SWcaller.exe | Swporta homepage hijacker | No |
| X | SWCaller | Swcaller2.exe | Swporta homepage hijacker | No |
| X | Swchost | Swhost.exe | Added by the BDOOR-MP BACKDOOR! | No |
| U | SWClient | swsys.exe | ActivMonAgent keyboard logger/monitoring program - remove unless you installed it yourself | No |
| X | swcroot | swcroot.exe | Added by the SOLENO-A TROJAN! | No |
| N | SWd | winwd.exe | PC Security from Tropical Software - lock files, password protect, etc | No |
| Y | Sweep95 | ICLOAD95.EXE | Part of Sophos ant-virus sofware | No |
| N | SweetIM | SweetIM.exe | vSweetIM - send fancier smiley-faces and IM graphics to friends who are using MSN Messenger. They are only able to see these advanced smiley-faces if they also have SweetIM installed | No |
| X | Swf32 | AVupdate.exe | Added by the MERKUR.E WORM! | No |
| X | Swf32 | _backup.exe | Added by the SYMTEN WORM! | No |
| U | swg | GoogleToolbarNotifier.exe | Part of Google Toolbar (from version 4 onwards) for IE. "Google Toolbar Notifier allows you to set Google as your default search engine and prevents your search settings from being changed without your consent. An icon in your system tray blinks if the Notifier identifies an attempt to change your default search engine. You can click the icon to get more details and allow the change". There was a bug in earlier versions where disabling the option resulted in the entry still running at startup but this has now been resolved | Yes |
| X | SwimSuitNetwork | SwimSuitNetwork.exe | Advertising spyware | No |
| X | swingsys | SWINGSYS.EXE | Added by the BANCOS-CX TROJAN! | No |
| U | Switch Off | swoff.exe | Switch Off - tray-based system utility that can automatically perform various frequently used operations like shutdown or restart your computer, disconnect your current dialup connection, lock workstation, etc | No |
| N | Switchboard.com Toolbar | AtHoc.exe | Toolbar for the on-line version of Yellow Pages in the US - Switchboard.com | No |
| U | Switcher | Switcher.exe | "On a Sony laptop with built in wireless it allows the user to select which wireless services they want to run (i.e. Wireless LAN, Bluetooth, both) when turning the wireless switch on if disabled)" | No |
| X | switp | switpa.exe | OfferAgent adware | No |
| U | SWL | rundll32.exe [path] SWL.dll rdl | StealthWeblog surveillance software. Uninstall this software unless you put it there yourself! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| U | SWN2 | swnxt.exe | Spyware remover by TrekBlue. Previously not recommended but the latest version was delisted here | No |
| X | sws.exe | [random filename] | Haldex type adult content dialler | No |
| X | sws.exe | gd-dial.exe | Globaldialer adult content premium rate dialer | No |
| N | SwTray | SWTRAY.EXE | MS SideWinder game controller system tray icon. Available via Start -> Programs. May have the version number after it | No |
| N | SWTrayV4 | SWTrayV4.exe | MS SideWinder game controller system tray icon. This is specific to version 4 of the software. Available via Start -> Programs | No |
| U | SwyxIt! | SwyxIt!.exe | PC Based soft phone from Swyx - see here for more details | No |
| U | SX Virtual Link | Connect.exe | SX Virtual Link from Silex Technology America, Inc. Utility to connect USB devices | No |
| ? | SXGDSENU | sxgdsenu.exe | Yamaha SXG soundcard driver | No |
| N | SxgTkBar | sxgtkbar.exe | Yamaha SXG soundcard utility - gives quick and easy access via the system tray bar to diagnostics and configuration | No |
| ? | Sxplog | sxpstub.exe | Part of CA Unicenter Software Delivery - manage software across various systems, from desktops and servers to PDAs and mobile phones, in a controlled and standardized way - is it required at startup? | No |
| X | sxrrv | sxrrv.pif | Added by the VAX-A TROJAN! | No |
| X | sy | s2.exe | Added by a variant of the RBOT WORM! | No |
| U | SybaseCentral43 | scjview.exe | Related to SQL Anywhere from Sybase. A comprehensive package providing data management and data exchange technologies | No |
| X | SyBot v2.1 By Sky-Dancer | HPSV.exe | Added by the ZOTOB.I WORM! | No |
| X | SYDNEY | [file path] | Added by the SYNEY WORM! | No |
| X | syelimS-esreveR-troppuS | [filename] | Added by the LITBOT.C TROJAN! | No |
| X | Syga432te Pe432rsonal Firewall | MrNo4236.exe | Added by the RBOT-AQY WORM! | No |
| X | Sygaete Personal Firewall | SyGate.exe | Added by the RBOT-GLX WORM! | No |
| X | Sygate Peral Firewall | Syga.exe | Added by the RBOT-AQK WORM! | No |
| X | Sygate Personal 3 | svrv.exe | Added by the RBOT-XD WORM! | No |
| X | Sygate Personal Block | Studio.exe | Added by the RBOT-TW WORM! | No |
| X | Sygate Personal Firewall | Win32x.exe | Added by the RBOT-KZ WORM! | No |
| X | Sygate Personal Firewall | system32.exe | Added by the RBOT.VI WORM! | No |
| X | Sygate Personal Firewall | sysgut.exe | Added by the SDBOT.WM WORM! | No |
| X | Sygate Personal Firewall | Sygate.exe | Added by the RBOT-PN WORM! | No |
| X | Sygate Personal Firewall | Mcafeeupdate.exe | Added by the RBOT.YN WORM! | No |
| X | Sygate Personal Firewall | Sygate32.exe | Added by the RBOT.ATW WORM! | No |
| X | Sygate Personal Firewall | MSNSRV32.exe | Added by a variant of the RBOT WORM! | No |
| X | Sygate Personal Firewall | service.exe | Added by a variant of the RBOT WORM! | No |
| X | Sygate Personal Firewall | t1ktik.exe | Added by the RBOT-VP WORM! | No |
| X | Sygate Personal Firewall | host32.exe | Added by the RBOT.ALD WORM! | No |
| X | Sygate Personal Firewall | sexy.exe | Added by the RBOT-XY WORM! | No |
| X | Sygate Personal Firewall | sys.exe | Added by the RBOT-ZC WORM! | No |
| X | Sygate Personal Firewall | syserror.exe | Added by the RBOT.UC WORM! | No |
| X | Sygate Personal Firewall | hostserv.exe | Added by the RBOT.BKO WORM! | No |
| X | Sygate Personal Firewall | msnmsgrs.exe | Added by the RBOT.XN WORM! | No |
| X | Sygate Personal Firewall | Sygat.exe | Added by a variant of the RBOT WORM! | No |
| X | Sygate Personal Firewall | wins.exe | Added by the RBOT.AOB WORM! | No |
| X | Sygate Personal Firewall | winxpstat.exe | Added by a variant of the RBOT WORM! | No |
| X | Sygate Personal Firewall | Syga.exe | Added by the RBOT-AQD WORM! | No |
| X | Sygate Personal Firewall | svchots.exe | Added by the RBOT.ABT WORM! | No |
| X | Sygate Personal Firewall | win31243.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | Sygate Personal Firewall Start | services32.exe | Added by the RBOT-MB WORM! | No |
| X | Sygate Personal Firewall Start | servic.exe | Added by the RBOT-RY WORM! | No |
| X | Sygate Personal Port | crss.exe | Added by the RBOT-PX WORM! | No |
| X | Sygate Personal Port Blocker | volume.exe | Added by a variant of the RBOT WORM! | No |
| X | Sygate Personal Port Blocker | winupdate.exe | Added by a variant of the RBOT WORM! | No |
| X | Sygate Personals Firewalls | ccsrn.exe | Added by a variant of the RBOT WORM! | No |
| U | SyGateService | sgserv95.exe | SyGate is a useful little program that lets you share an internet connection over an intranet. Is it needed - it saves a lot of headache to just let SyGate load at startup. Available via Start -> Programs | No |
| X | Symantec | ccapp.exe | Added by the REATLE WORM! Note - this is not a Symantec file | No |
| X | Symantec Anti Virus | symantec32.exe | Added by a variant of the WOOTBOT WORM! | No |
| X | Symantec Antivirus professional | dfrgfrat.exe | Added by a variant of the FORBOT WORM! | No |
| X | Symantec Antivirus professional | autoformat.exe | Added by a variant of the FORBOT WORM! | No |
| X | Symantec Antivirus professional | dyndns.exe | Added by a variant of the FORBOT WORM! | No |
| X | Symantec Antivirus professional | f0dns.exe | Added by the FORBOT-GT WORM! | No |
| X | Symantec Antivirus professional | flushdns.exe | Added by a variant of the FORBOT WORM! | No |
| X | Symantec Antivirus professional | for.exe | Added by a variant of the FORBOT WORM! | No |
| X | Symantec Antivirus professional | regedit.exe | Added by a variant of the FORBOT WORM! | No |
| X | Symantec Antivirus professional | Symantex.exe | Added by a variant of the FORBOT WORM! | No |
| X | Symantec Antivirus professional | windows .exe | Added by a variant of the FORBOT WORM! | No |
| X | Symantec Antivirus professional | Winhp32.exe | Added by a variant of the FORBOT WORM! | No |
| X | Symantec Antivirus professional | winudp.exe | Added by a variant of the WOOTBOT WORM! See here | No |
| X | Symantec Antivirus professional | xplrer.exe | Added by a variant of the FORBOT WORM! | No |
| X | Symantec Autoscan | [random filename] | Added by the RBOT-AJO WORM! | No |
| X | Symantec Client Security | symclient.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Symantec Configuration Loader | ccApp32.exe | Added by the AGOBOT-EE WORM! | No |
| Y | Symantec Core LC | symlcsvc.exe | Part of Norton AntiVirus 2004. What does it do? | No |
| X | Symantec Debug Client | symdebugs.exe | Added by the IRCBOT-ACM TROJAN! | No |
| N | Symantec Fax Starter Edition Port | OLFSNT40.EXE | Offers a virtual printer as a fax machine. Can be run via a desktop shortcut | No |
| U | Symantec NetDriver Monitor | SNDMon.exe | Part of Symantec's LiveUpate (eg, Norton). Not required if you run manual updates but probably require if you leave them to run automatically. Also, if one runs a small office network and SNDMon is disabled on one of the computers ? then other computers disappear from the network for this computer, including shared devices like printers and scanners. Hence the "U" recommendation | No |
| U | Symantec NetDriver Warning | SNDWarn.exe | Part of Symantec Live Update - displays the warning when you need to update the firewall database | No |
| U | Symantec PIF AlertEng | PIFSvc.exe | Symantec LiveUpdate Notice Service | No |
| X | Symantec Secure Server | svrhost.exe | Added by the IRCBOT-UB TROJAN! | No |
| X | Symantec Security | symantec32.exe | Added by the RANDEX.PR or RANDEX.YR WORMS! | No |
| X | Symantec Security Addon | nvsvc.exe | Added by a variant of the AGOBOT/GAOBOT WORM! Note - do NOT confuse with the legitimate NVIDIA Driver Helper Service file of the same name as described here | No |
| X | Symantec Security Routine Addon for Microsoft Windows | navpxaw32.exe | Added by the AGOBOT-GJ TROJAN! | No |
| X | Symantec Service | ccApp.exe | Added by the AKHER.D WORM! Note - this is also not the valid Norton AV file with the same filename | No |
| X | SymantecFilterCheck | svhost.exe | Added by the BANKER-EEO TROJAN! | No |
| X | SymantecFilterCheck | gmilogof.exe | Added by the BANKER-EKC TROJAN! | No |
| X | SymantecFilterCheck | [path to trojan] | Added by the BANKER-EIN TROJAN! | No |
| X | SymantecFilterCheck | bsyys.scr | Added by the BANLOAD.DZC TROJAN! | No |
| X | SymAV | SymAV.exe | Added by the NETSKY.U WORM! | No |
| U | SymKeepAlive | CKA.exe | Part of Norton SystemWorks 2003 - keeps a dial-up modem connection alive | No |
| X | Symlcs | [path to file] | Added by the YASPY-A TROJAN! | No |
| X | Symmetrical Network | symmec.exe | Added by the DELBOT-N WORM! | No |
| X | SymRun | N/A | Added by the KANGAROO-A TROJAN! | No |
| X | SymRun | ccApps.exe | Added by the KAGEN-A TROJAN! | No |
| N | SymTray - Norton SystemWorks | SYMTRAY.EXE | Keeps all System Tray icons for Norton SystemWorks together to reduce clutter. SystemWorks includes Norton Anti-Virus, Norton Utilities and Norton CleanSweep - mentioned elsewhere here. Personally I only have Norton eMail Protect running which doesn't need SymTray | No |
| U | Synaptics Pointing Device Driver | SynTPEnh.exe | Synaptics touchpad tray icon. Displays status and provides quick launch to touchpad features such as scrolling and tap zones. Required on IBM Thinkpads with UnltraNav (pointstick and touchpad combo) if you don't want to loose the advanced pointstick features such as scroll | No |
| U | Sync Data | Hndsync.exe | Pocket Real Estate - mobile synchronization manager | No |
| X | Sync Server | drwatsoon.exe | Added by the WATSOON.A TROJAN! | No |
| U | Sync-It | Syncit.exe | Sync-It - synchronizes the system clock with time servers on the internet | No |
| U | SyncAgent | syncagent.exe | Ghost Keylogger keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| X | Synchronization Manage | rservers.exe | Added by the FORBOT-FM WORM! | No |
| N | Synchronization Manager | mobsync.exe | MS Syncrhonization Manager - updates the network copy of materials that were edited offline, such as documents, calendars, and e-mail messages. Find more information about its use here | No |
| X | syncman | winsync.exe | Added by the MANCSYN-A TROJAN! | No |
| X | SyncManager | msorunner.exe | Added by a variant of the TACTSLAY TROJAN! | No |
| X | SyncMon | adslcomdos.exe | Added by the CLUNKY-A TROJAN! | No |
| X | SyncMon | fixcomdos.exe | Added by the CLUNKY-B TROJAN! | No |
| ? | SynSetup | SynTP.tmp RunOnce.exe | Probably associated Synaptics touchpads on laptops as for the SynTPEnh and SynTPLpr entries but what does it do and is it required? | No |
| X | Syntax | windows32.exe | Added by the SDBOT.CQ WORM! | No |
| X | Syntax Script | systacq.exe | Added by the SDBOT.AI WORM! | No |
| U | SynTPEnh | syntpenh.exe | Synaptics touchpad tray icon. Displays status and provides quick launch to touchpad features such as scrolling and tap zones. Required on IBM Thinkpads with UnltraNav (pointstick and touchpad combo) if you don't want to loose the advanced pointstick features such as scroll | No |
| Y | SynTPLpr | syntplpr.exe | Synaptics touchpad driver helper. Required for touchpad features to work | No |
| U | SynTPStart | SynTPStart.exe | Synaptics Pointing Device starter belonging to Synaptics Pointing Device Driver | No |
| X | sys | regedit /s sys.reg | Hijacker | No |
| X | sys | regedit sysdllwm.reg | CoolWebSearch parasite variant - also detected as the FEMAD-L TROJAN! | No |
| X | Sys Ren | SysRen.exe | Part of FlashEnhancer adware | No |
| X | sys************* [* = random digit] | sys*************.exe [* = random digit] | WINBO adware | No |
| X | Sys**.exe [* = random char] | Sys**.exe [* = random char] | CoolWebSearch/HomeSearch adware - for examples, see this log | No |
| X | Sys**32.exe [* = random char] | Sys**32.exe [* = random char] | CoolWebSearch/HomeSearch adware - for examples, see this log | No |
| X | Sys-Stat | wuapdxe.exe | Added by the SDBOT.HK WORM! | No |
| X | sys008 | sys008.exe | Hijacker, also detected as the STARTPA-GK TROJAN! | No |
| X | sys009 | sys009.exe | Added by the STARTPA-ZB TROJAN! | No |
| X | SYS1 | system.exe | Added by the SILLYFDC-AP WORM! | No |
| X | SYS2 | bad1.exe | Added by the SILLYFDC-AP WORM! | No |
| X | sys201 | sys209.exe | Added by the STARTPA-ZY TROJAN! | No |
| X | Sys29 | win***32.exe [* = random char] | EliteBar adware | No |
| X | SYS3 | bad2.exe | Added by the SILLYFDC-AP WORM! | No |
| X | sys32 | sys32.exe | Added by the FLUX.E TROJAN! | No |
| X | sys32 | sysx32.exe | Added by the KVEX-A VIRUS! | No |
| U | sys32cmd | sys32win.exe | Active Keylogger keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| X | sys32dll | sys32dll.exe | Added by the AIMDES.B WORM! | No |
| U | sys32sql | sys32win.exe | Active Keylogger keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| X | sys33 | sys33.exe | Added by the AGOBOT-WJ WORM! | No |
| X | SYS4 | bad3.exe | Added by the SILLYFDC-AP WORM! | No |
| X | SysA | win***32.exe [* = random char] | EliteBar adware | No |
| U | SysAgent | SysAgent.exe | SYSagent - small utility for retrieving all the hardware and software information required by anyone administering a machine and/or the network it's a part of | No |
| X | SysAI | SysAI.exe | AproposMedia adware | No |
| X | sysalgg | sysalgg.exe | Added by the TIBS.BF WORM! | No |
| X | SysAntivirus 2009 | sysav.exe | SysAntivirus 2009 rogue security software - not recommended, removal instructions here | No |
| X | SysATW | sysatw.exe | Added by the VANEBOT-AM WORM! | No |
| U | SysBkup | [path to file] | Keyspy keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| X | SysBoot | syskernel.exe | Added by the AUTORUN-EY WORM! | No |
| U | Sysbot | sysbot.exe | Spector - spying (or monitoring) software to record internet activity | No |
| X | syscfg | syscfg32.exe | Added by the KWBOT.S WORM! | No |
| X | syscfg34.exe | syscfg34.exe | Added by the ELECTRON WORM! | No |
| X | Syscheck | win.hta | Browser hijacker | No |
| X | syscheck | iexplorer.exe | Added by the AGENT.DM TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe) | No |
| X | sysclx | ntldrt.exe | Added by the JLOK-A WORM! | No |
| X | syscm | Syscm.exe | Vanish adware | No |
| ? | SysComp | mssdnl.com | Unknown but suspect as *.com are not usually run at start up and the name isn't recognized | No |
| X | syscon | syscon.exe | Added by the APRILCONE.A WORM! | No |
| X | syscon lptt01 | syscon.exe | RapidBlaster variant (in a "Syscon" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here | No |
| X | syscon ml097e | syscon.exe | RapidBlaster variant (in a "Syscon" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here | No |
| X | sysconfig | iexplorer.exe | Added by the CULT.C WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) | No |
| X | SysConfig | syscfg35.exe | Added by the KAZMOR.C WORM! | No |
| X | SysConfig | wincfg32.exe | Added by the SDBOT.ZD WORM! | No |
| U | Sysconfig | Stealth KeySpy.exe | StealthKeySpy - keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| X | Syscpy | Syscpy.exe | Firewall-bypassing, proxied spam relayer. Detected by Symantec as the HOGLE TROJAN! | No |
| X | SysCtl | sysctl.exe | Added by the AOK TROJAN! | No |
| X | Sysctrls | procdll.exe | Added by the WEEDBOTZ.14 TROJAN! | No |
| X | Sysctrls | winupdate.exe | Added by an unidentified WORM or TROJAN! | No |
| X | Sysctrls | mscntrl.exe | Detected by Kaspersky as the KOLABC.BB WORM! See here | No |
| X | Sysctrls | Sysctrls.exe | Detected by Kaspersky as the AGENT.AWZ TROJAN! See here | No |
| X | Sysctrls | win32dll.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Sysctrls32 | sevchost.exe | Detected by Kaspersky as the RBOT.ADF BACKDOOR! See here | No |
| X | SysCVMS.exe | SysCVMS.exe | Added by the SMALL.CBA TROJAN! | No |
| X | sysdat.dll | sysdat.dll.exe | Added by the NISHICA 1.1 TROJAN! | No |
| X | SysData | [path to file] | Added by the RANCK-BA TROJAN! | No |
| X | SysDeskqqfx | qqfx.exe | Added by the QQPASS.H TROJAN! | No |
| X | SysDeskqqfx | Runddll32.exe | Added by the CHANGGAME TROJAN! | No |
| X | SysDesktop | fswanQQ.exe | Added by the QQSEND-A TROJAN! | No |
| X | sysdir | winrun.exe | Added by the WINBUR.B WORM! | No |
| X | sysdll | windll.exe | Added by the AUTORUN.ECT WORM! | No |
| X | sysdll | [trojan filename] | Added by the HUGESOT TROJAN! | No |
| X | Sysdpt | sysdpt.exe | CRYPT trojan downloader | No |
| X | sysdxvid | sysdxvid.exe | Added by the DLUCA-S TROJAN! | No |
| X | sysemls | sysem.exe | Added by a variant of the SDBOT WORM! | No |
| X | SysEQ | svclgx32.exe | Added by the IRCBOT-AC TROJAN! | No |
| X | sysfiler | sysfiler.exe | Added by the RETSAM TROJAN! | No |
| X | SYSfit | SYSfit.exe | AdShooter adware variant | No |
| X | sysflg32 | sysflg32.exe | Added by a variant of the CRYPTER.C TROJAN! | No |
| X | sysformat | sysformat.exe | Added by the BAGLE-BK WORM! | No |
| X | sysfrcx | sysfrcx.exe | Added by the KEYLOG-SCLOG TROJAN! | No |
| X | Sysgate Personal Firewall | syst3ms.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | sysguard | sysguard.exe | Added by the FAKEAV-KI TROJAN! | No |
| X | sysguardn | s | Spyware Protect 2009 rogue spyware remover - not recommended, removal instructions here | No |
| X | syshelp | syshelp.exe | Added by the LOVGATE.C WORM! | No |
| X | syshost | syshost.exe | Added by the VB-DVZ TROJAN! | No |
| X | sysin | [path to file] | Added by the DSRC-A TROJAN! | No |
| X | sysinfo | sysinfo.exe | Added by the BEDRILL TROJAN! | No |
| X | sysinfo.exe | sysinfo.exe | Added by the BEAGLE.V WORM! | No |
| X | SysInit | wininit32.exe | Added by the XABOT WORM! | No |
| X | sysinit | services.exe | Added by the NEWLFRM-A TROJAN! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in an "golumm" subfolder | No |
| X | Sysino | lsess.exe | Added by the FORBOT-BF WORM! | No |
| X | sysint16 | sysint16.exe | Added by the CRYPTER.A TROJAN! | No |
| X | sysinter | ADIRSS.EXE | Added by the AGENT.JVJ TROJAN! | No |
| X | Syskey | sysinit.exe | Added by the BEAGLE.AX WORM! | No |
| X | Syslib | Syslib.exe | Adult content related downloader trojan | No |
| X | Syslog lptt01 | Syslog.exe | RapidBlaster variant (in a "Syslog" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here | No |
| X | Syslog ml097e | Syslog.exe | RapidBlaster variant (in a "Syslog" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here | No |
| X | syslogin.exe | syslogin.exe | Added by the BAGZ-B WORM! | No |
| U | Sysman | Sysman.exe | KeyTrap is a surveillance software program that records all keyboard activities. Uninstall this software unless you put it there yourself | No |
| X | SysManager | Manager.EXE | Added by the DAGGER.140 TROJAN! | No |
| X | sysme | sysme.exe | Added by the PSW_STEALER_C TROJAN! | No |
| X | sysmem | mmsete.exe | Added by the NOPIR.C WORM! | No |
| X | sysmem | outlookrem.exe | Added by the NOPIR-C WORM! | No |
| X | SysMemory manager | mdms.exe | Added by the CIMUZ-D TROJAN! | No |
| U | SysMetrix | SysMetrix.exe | SysMetrix - skinnable clock and metering application. It monitors and reports on a great number of statistics | No |
| X | sysMett1 | explorer.exe | Added by the LEGMIR-Y TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %ProgramFiles% | No |
| X | sysmini | sysmini.exe | Added by the ADLOAD.DD TROJAN! | No |
| X | sysmngr32 | sys64mnger.exe | Added by a variant of the RBOT WORM! | No |
| X | sysmntrc | sysmntrc.exe | Added by the BANCOS-FX TROJAN! | No |
| X | sysmod | sysmod.exe | Added by the SPYBOT-DU WORM! | No |
| X | sysmon | sysmon.exe | Added by the BIZEX WORM! | No |
| X | Sysmon | rpcmon.exe | Added by the RANDEX.ATX WORM! | No |
| X | sysmon | sysmon44.exe | Added by a variant of the BACKDOOR-CBA TROJAN! | No |
| X | SysMon | wowexece.exe | Added by the MULAN-A TROJAN! | No |
| X | Sysmon | SystemMonitor.exe | Added by the NUJAMA-A WORM! | No |
| X | Sysmon | msnmssgs.exe | Added by the SDBOT.FK WORM! | No |
| X | sysmon12 | [various filenames] | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | SysmonLog | mslog.exe | Added by the AGENT.AOV TROJAN! | No |
| X | sysmonnt | sysmonnt.exe | SearchPounder sends keywords typed into HTML forms and popular Internet search engines to a remote server | No |
| X | SysMonXP | SysMonXP.exe | Added by the NETSKY.Q WORM! | No |
| X | Sysmppcvppp | SysTdSvr.dll | Generic2.PQG adware | No |
| X | sysmss | sysems.exe | Added by a variant of the SLAPER TROJAN! | No |
| X | sysnate | sysnate.exe | Added by the MEDIAS TROJAN! | No |
| X | Sysnet | snuninst.exe | Unidentified adware | No |
| X | sysnet | sysnet.exe | CasClient adware - also detected as the CMAPP TROJAN! | No |
| X | sysobj.exe | sysobj.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | SysOps | SysOps | Added by the MSNCORRUPT TROJAN! | No |
| X | syspare | syspare.exe | Added by the BIFROSE-AN TROJAN! | No |
| X | syspath | drv.exe | Added by the SOBER WORM! | No |
| X | sysPersonalFirewall | msnmssgr.exe | Added by a variant of the RBOT WORM! | No |
| X | sysPersonalFirewall | system.exe | Added by the WOOTBOT.FH WORM! | No |
| X | sysPersonalFirewall | tskm0nitor.exe | Added by a variant of the RBOT WORM! | No |
| U | SysPilot | fdxxl.exe | G Data "PC Spion". PC monitoring and surveilling software, captures all users activity on the PC, see here. Disable/remove if you didn't install it yourself! | No |
| X | sysPnP | bootconf.exe | Homepage hijacker, redirecting to coolwwwsearch.com; see for example here | No |
| X | SysPnP | rundll32 setupapi, InstallHinfSection [varies] oemsyspnp.inf | CoolWebSearch PnP parasite variant | No |
| Y | SysPool | Mssvc.exe | StealthDisk - hides folders, files and applications. Will also encrypt them for better protection | No |
| X | SysPool | MSSVC32.EXE | Added by the BANCBAN-IO TROJAN! | No |
| X | SysProtect | System.exe | Added by the NETSPY TROJAN! | No |
| X | SysProtect | syp.exe | SysProtect rogue security software, associated with WinFixer - not recommended, see here | No |
| X | SysProtect | USYP.exe | SysProtect rogue security software, associated with WinFixer - not recommended | No |
| X | SysProtect Free | USYP.exe | SysProtect rogue security software, associated with WinFixer - not recommended | No |
| X | syspw32.exe | syspw32.exe | Added by the APPFLET.A WORM! | No |
| X | Sysqq | LSESS.exe | Added by the FORBOT-BF WORM! | No |
| X | SysR | sysmd.exe | Ulubione adult content dialer | No |
| X | SysReg | SysReg.exe | Added by the CHEKIN TROJAN! | No |
| X | SysReg | SysReg.exe | SearchSeekFind textual marketing foistware | No |
| X | Sysres | Sysres.exe | Added by the LOGMOD.A TROJAN! | No |
| X | SysRes | TASKMANAGER.exe | Added by the ELIPTER.A or ELIPTER.B WORMS! | No |
| X | SysRes | WWE DIVAS.exe | Added by the ELIPTER.D WORM! | No |
| X | SysRes | IExpIore .exe | Added by the ELITPER.E WORM! | No |
| X | sysrest32.exe | sysrest32.exe | Added by the AGENT-GIN TROJAN! | No |
| X | sysrestore32.exe | sysrestore32.exe | Unknown malware detected by McAfee. See here | No |
| X | Syss | ehuupdate.exe | EHU adware | No |
| X | SysScan | bvt.exe | Added by the AUTOUPDER TROJAN! | No |
| X | SysSearch | Regedit.exe -s pcsearch.reg | Added by the STARTPAGE-FN TROJAN! Note that regedit.exe is a legitimate Microsoft file and shouldn't be deleted. The "pcsearch.reg" file is located in the Winnt or Windows folder | No |
| X | SysSearch | Regedit.exe -s sysreg.reg | Added by the STARTPA-ME TROJAN! Note that regedit.exe is a legitimate Microsoft file and shouldn't be deleted. The "sysreg.reg" file is located in the Winnt or Windows folder | No |
| U | SysSense | SysSense.exe | "SysSense is your personal desktop Google AdSense monitor. It keeps your current Google AdSense information in the Windows system tray". Google AdSense account required | No |
| X | sysser | [path to file] | Added by the RAHACK WORM! | No |
| X | SysService | SysService.exe | Added by the DELF family of TROJANS! | No |
| U | SysService | SERVICES.EXE | NSKeyLogger keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| X | SysService32 | SysService32.exe | Added by the KINDAL VIRUS! | No |
| X | SysService32 | ln32k.dll | Added by the KINDAL VIRUS! | No |
| X | SysService32l | systask32l.exe | Added by the THEUG WORM! | No |
| X | SYSsfitb | SYSsfitb.exe | AdShooter adware | No |
| X | SySSL | sysl.exe | Added by the RBOT-CKH WORM! | No |
| X | SysStart | [random filename] | ZenoSearch adware | No |
| X | SysStart | syswin.exe 1 | Added by the AUTORUN-EY WORM! | No |
| X | SysStrt | systemc.exe | Added by the AGOBOT-QA TROJAN! | No |
| X | syst | syst.exe | Added by the DUMB.A "Joke" virus | No |
| X | Systam13 | f1r5st83.exe | Added by the IRCBOT-YM WORM! | No |
| X | System | run322.exe | Added by the LANFILT TROJAN! | No |
| X | System | system.exe | Added by various WORMS and TROJANS! | No |
| X | system | regedit -s system.dll | Homepage hijacker | No |
| X | system | systemsearch.hta | Jetseeker.com hijacker | No |
| X | System | dcomx.exe | Added by the CIREBOT TROJAN! | No |
| X | system | Explorer.exe | Added by the GRAYBIRD BACKDOOR! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System% | No |
| X | System | YPager.exe | Added by the JUNTADOR.K TROJAN! Note - this is not Yahoo! Messenger | No |
| X | system | outlook.exe | Added by the MIMAIL.Q WORM! Note that the valid MS Outlook executeable is located in the Program FilesMicrosoft OfficeOffice directory wheras this one is found in the Windows or Winnt directory | No |
| X | System | Atira.exe | Added by the KOTIRA VIRUS! | No |
| X | SYSTEM | lsas.exe | Added by the SPYBOT.CJ WORM! | No |
| X | System | kernels32.exe | Added by the DLOADER-FC TROJAN! | No |
| U | System | sysctrl.exe | Added by WinGuardian. Note - this commercial keylogger is no longer made or sold by Webroot but older copies may still be in existance, those copies will be identified as spyware | No |
| X | System | csrss.exe | Added by the LDPINCH.E TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | System | svchost.exe | Added by the LDPINCH-AU TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in the Winnt or Windows folder | No |
| X | system | lsasse.exe | Added by the RBOT-YL WORM! | No |
| X | System | systray.exe | Added by the PISABOY-A TROJAN! Note - this is not the legitimate systray.exe process | No |
| X | System | abcdefg.exe | Added by the HARWIG-B WORM! | No |
| X | System | cber.exe | Added by an unidentified TROJAN! | No |
| X | System | serwin.exe | Added by the LDPINCH-BN TROJAN! | No |
| X | System | svch?st.exe | Added by the LDPINCH-BF TROJAN! | No |
| X | System | system.exe (74295303) | Added by the VB-IU WORM! | No |
| X | System | WINL0G0N.EXE | Added by the BANCOS-DB TROJAN! | No |
| X | System | wumgrd32.exe | Added by a variant of the RBOT WORM! | No |
| X | System | SPOOLSU.EXE | Added by the BANKER-FC TROJAN! | No |
| X | System | system23.exe | Added by the LEBREAT-D WORM! | No |
| X | System | windowsps.exe | Added by a variant of the RBOT WORM! | No |
| X | SYSTEM | d.exe | Added by the MYTOB.LP WORM! | No |
| X | System | inetinfo.exe | Added by the PARDROP-A TROJAN! | No |
| X | system | services.exe | Added by the DELF-LQ TROJAN! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "HELP" subfolder of the Windows or Winnt folder | No |
| X | SYSTEM | VSSMON.exe | Added by the RBOT-AWW TROJAN! | No |
| X | SYSTEM | wiinlogon.exe | Added by the RBOT-AVG WORM! | No |
| X | System | kernels64.exe | Added by the VIXUP-S TROJAN! | No |
| X | system | lsass.exe | Added by the SATILOLER.B TROJAN! Note - this is not the legitimate lsass.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Program FilesCommon Filessystem folder | No |
| X | System | smss.exe | Added by the AGENT.AEP TROJAN! Note - this is not the legitimate smss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! | No |
| X | System | winupd.exe | Added by a variant of the SDBOT WORM! | No |
| X | system | messenger.exe | Added by an unidentified WORM or TROJAN! | No |
| X | System | kernels1118.exe | Added by a variant of the SDBOT WORM! | No |
| X | System | wsscntfy.exe | Added by a variant of the SDBOT WORM! | No |
| X | SYSTEM | windmupdr.exe | Added by a variant of the RBOT WORM! | No |
| X | system | svcr.exe | Added by the SPYONE TROJAN! | No |
| X | System | kernels88.exe | Added by the TIBS-PP TROJAN! | No |
| X | System | kernels8.exe | Added by the TIBS.AI TROJAN! | No |
| X | System | OeApi.vbs | Added by the AGUI WORM! | No |
| X | System | Updaterun.exe | Added by the QQHELP-DX TROJAN! | No |
| X | System | Zap.exe | Added by the MSNVB-D WORM! | No |
| X | System | BrO_AcT.exe | Added by the SILLYFDC-AL WORM! | No |
| X | System | Juegs.exe | Added by the CULLER-C WORM! | No |
| X | System | kernel8.exe | Added by the DLOADR-AOL TROJAN! | No |
| X | System | kernelwind32.exe | Added by the VXIDL.FT TROJAN! | No |
| X | System | Xsfr.exe | Added by the CULLER-D WORM! | No |
| X | System | kernelwind64.exe | Added by the DLOADER.DJD TROJAN! | No |
| X | SYSTEM | SystemFile.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | system | ssclie.exe | Added by the AGENT.LW BACKDOOR! | No |
| X | System 64 Driver for Games | sys64dvr.exe | Added by the SDBOT TROJAN! | No |
| X | System Analyzer | lsass32.exe | Added by the SDBOT.CNI WORM! | No |
| X | System Applications Profile | sap.exe | Added by the RBOT-QF WORM! | No |
| X | System Auth | system52.exe | Identified as a variant of the Win32:Rizo-E malware | No |
| X | System Backup | msystem.exe | Adult content dialler | No |
| X | System backup | [random filename] | Added by the ADMINCASH.B TROJAN! Note - multiple different file names have been spotted, examples: web.exe, soft.exe, msxmidi.exe, wmplayer.exe, as well as completely random ones such as 9a2de006.exe, 36c75e3c.exe and so on | No |
| X | System Backup Services | backups32.exe | Added by a variant of the RBOT WORM! | No |
| X | System Boot Check | sysload3.exe | Added by the FUBALCA WORM! | No |
| X | System Boot Loader | sysboot32.exe | Added by the SDBOT.PG WORM! | No |
| X | System Buffer Application | buffer32.exe | Added by the SDBOT-UD WORM! | No |
| X | System Cache | SysCache.exe | Added by an unidentified VIRUS, WORM or TROJAN! | No |
| X | System CGI Manager | syscgmgr.exe | Added by an unidentified WORM or TROJAN! See here | No |
| U | System Check | Rundll32.exe SysDll32.dll, SystemCheck | XPCSpy Pro keystroke logger/monitoring program - remove unless you installed it yourself! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| X | system check | updater.exe | Unidentified adware downloader | No |
| X | System Check | win_klr32.exe | Added by the DELF-DRA WORM! | No |
| X | System Checking | wasul.exe | Added by the RBOT.BHM WORM! | No |
| X | System Config | BF3.EXE | Added by the SPYBOT-DT WORM! | No |
| X | System Config | sysloadcnf.exe | Added by a variant of the SDBOT WORM! See here | No |
| X | System Config Boot | syscgboot.exe | Detected by Kaspersky as the AGENT.VWU TROJAN! See here | No |
| X | System Config Manager | crss.exe | Added by the AGOBOT.GH WORM! | No |
| X | System Config Manager | smssl.exe | Added by the AGOBOT-ZJ WORM! | No |
| X | System Configuration | iexplore.exe | Added by the RANDEX.AD WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System% | No |
| X | System Configuration | syscfg32.exe | Added by the MYTOB.EA WORM! | No |
| X | system configure | svchost.exe | Added by the LINEAGE-C TROJAN! Note - this is not the legitimate svchost.exe process which should not normally figure in Msconfig/Startup! | No |
| X | System Core Memory | syscoremem.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | System CPL manager | [random filename] | Added by the RBOT-SR WORM! | No |
| X | System CSRSS Patch | scrtkfg.exe | Added by the RBOT-ADA WORM! | No |
| X | System Database administration | systemDA.exe | Added by the DERDERO.B WORM! | No |
| X | System Database Administration Support Process | sysdasp.exe | Added by the DERDERO.C WORM! | No |
| X | System DataBase Root | sysdbroot.exe | Added by the QHOST-W TROJAN! | No |
| X | System DB Manager | sysdbmg.exe | Added by an unidentified WORM or TROJAN! See here | No |
| X | System Device | devices.exe | Detected by Trend Micro as the AGENT.AFIF WORM! See here | No |
| X | System Device Version | systemdv.exe | Added by a variant of the RBOT WORM! | No |
| X | System Diagnostics | sysdiag32.exe | Added by the SDBOT.GEN TROJAN! | No |
| N | System DLF | cpqdiaga.exe | Compaq Diagnostic record system utility which allow you to view information about your computer's hardware and software configuration. Available via Start -> Programs | No |
| U | System DLL Resources | sysdll.exe | SnapKey is a surveillance software program that records all keyboard activities. Uninstall this software unless you put it there yourself | No |
| X | System Document Application | nmod.exe | Added by the SDBOT-ABB WORM! | No |
| X | System Document Application | msdocument.exe | Added by the RANDEX.COX WORM! | No |
| X | System Document Application | wins.exe | Added by the SDBOT.AUB WORM! | No |
| X | System Download Manager | SysMgr.exe | Added by the RBOT.CIG WORM! | No |
| X | System driver | Messenger.exe | Added by the WOOTBOT.GI WORM! | No |
| X | System Drivers | wingmt.exe | Added by the SDBOT-MG WORM! | No |
| X | System Drivers | cpsq32.exe | Added by the SDBOT.AXH WORM! | No |
| X | System Efficiency Monitor | mscedit32.exe | Added by the SDBOT.P TROJAN! | No |
| X | System Efficiency Monitor | mscommand.exe | Added by the KWBOT.P WORM! | No |
| X | System Efficiency Monitor | msedit32.exe | Added by the STEPH-B WORM! | No |
| X | System Efficiency Monitor | svchostx.exe | Added by the KWBOT.E WORM! | No |
| X | System Event Manager | secsvc.exe | Added by the RBOT.BMY WORM! | No |
| X | System Executable DLL Library | EXECDLL32.exe | Added by the RANDEX.AZ WORM! | No |
| X | System Failure Statistic | cnstat.exe | Added by the RBOT-LF WORM! | No |
| X | System File Drivers | nvsysvc32.exe | Added by the AGOBOT.WJ WORM! | No |
| X | System File Startup | sys32.exe | Detected by PCTools as the RBOT.OTL WORM! See here | No |
| U | System Files Updater | System Files Updater.exe | System Files Updater from Flyakiteosx "will transform the look of an ordinary Windows XP system to resemble the look of Mac OS X" | No |
| X | system firewall | makeini32.exe | Added by the AGOBOT-PS WORM! | No |
| X | System Firewalls | commandprompt32.exe | Added by the RBOT.BJT WORM! | No |
| X | System Guard | mhguard.exe | Added by the RBOT-AGU WORM! | No |
| X | System Handler | LSASS.EXE | Added by the NIMOS WORM! Note - this is not the legitimate lsass.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the System folder | No |
| X | system handler | srvhandle.exe | Added by the REDPLUT VIRUS! | No |
| X | System handler | Pandawas.exe | Added by the BHARAT.A WORM! | No |
| X | System Host | scvhost.exe | Added by a variant of the RBOT WORM! | No |
| X | System Host Manager | syshost.exe | Added by the BANWORM-C WORM! | No |
| X | System Host Service | svchost.exe | Added by the CONE.F WORM! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\tasks | No |
| X | System Information Manager | Navcpe.exe | Added by the SDBOT-QB WORM! | No |
| X | System Information Manager | Msbb.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | System Information Manager | iexplore.exe | Added by a variant of the IRCBOT BACKDOOR! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System% | No |
| X | System Information Manager | mslog.exe | Detected by Kaspersky as the DELF.AKO TROJAN! See here | No |
| X | System Information Manager | no.exe | Added by the SPYBOT.NO WORM! | No |
| X | System Information Manager | syspass.exe | Added by the SDBOT-MO WORM! | No |
| X | System Information Manager | win.exe | Added by the SDBOT-MU WORM! | No |
| X | System Information Manager | windowsNt.com | Added by the SDBOT-ND WORM! | No |
| X | System Init | systeminit.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | System Initialization | msmsgri32.exe | Added by the RANDEX.D WORM or ROXY or ROXY.B TROJANS! | No |
| X | System Initialization | payload.dat | Added by the RANDEX.D WORM or ROXY or ROXY.B TROJANS! | No |
| X | System IP | systemip.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | System Kernal Support | system.exe | Added by the SDBOT.BWV WORM! | No |
| X | System Kernel | lsass.exe | Added by the VBBOT-G TROJAN! Note - this is not the legitimate lsass.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder | No |
| U | System LifeGuard Scheduler | Slsched.exe | System LifeGuard scheduler | No |
| X | System Loader | systems.exe | Added by the AGOGBOT-FI WORM! | No |
| X | System Log Event | csrss32.exe | Added by the AGOBOT-JI WORM! | No |
| X | System Management Service | smsc.exe | Added by the RBOT-ANN WORM! | No |
| X | System Manager | svchost.exe | Added by the BANKER-AE TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in the Winnt or Windows folder | No |
| X | system manager | System.exe | Added by the FORBOT-BO WORM! | No |
| X | System Manager | winsrv32.exe | Added by an unidentified WORM or TROJAN! | No |
| X | System Manager | sysmng.exe | Added by the TAME-C WORM! | No |
| X | System Manager | sysmgr.exe | Added by the IRCBOT.AGW BACKDOOR! | No |
| X | System Manager | User Documents.exe | Added by the VB.GF VIRUS! | No |
| X | System Manager | sysmngr.exe | Added by the IRCBOT.BAQ BACKDOOR! | No |
| X | System Manager | ncvs32.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| X | System Manager Updates | winsvc.exe | Added by the AGOBOT.AEM WORM! | No |
| U | System Mechanic Popup Blocker | PopupBlocker.exe | Popup blocker part of Iolo System Mechanic utility suite | No |
| U | System Mechanic Popup Stopper | Popupstopper.exe | Popup stopper part of Iolo System Mechanic utility suite | No |
| N | System Mechanic Professional Update [Incinerator.dll] | SysMech4.exe /REREG: [path] Incinerator.dll | Iolo System Mechanic "Incinerator" feature securely deletes files and folders from your PC so they can never be recovered again | No |
| U | System Mechanic Startup Guard | StartupGuard.exe | System Mechanic Startup Guard protects the Window's startup locations from being modified by viruses, spyware, malware and other annoying programs | No |
| X | SYSTEM MESSAGER | wmisg.exe | Added by the MYTOB.ES WORM! | No |
| X | System Messaging Queue | SMCSS.EXE | Added by a variant of the RBOT WORM! | No |
| X | System Messenger | SYSMSG32.EXE | Added by the SPYBOT-DK WORM! | No |
| X | System Messenger32 | systgmgr32.exe | Added by the SDBOT.DF WORM! | No |
| X | System Microsoft Core | smc.exe | Added by the RIZO.A TROJAN! | No |
| U | System Monitor | SYSMON.EXE | Comes with some Aopen motherboards. Monitors CPU temp, voltage and fan speed. Warns if any become abnormal | No |
| X | System Monitor | Sysmon16.exe | Added by the SDBOT TROJAN! | No |
| X | System Monitoring | cute.exe | Added by the RAHIWI.A WORM! | No |
| X | System Monitoring | Mooks.EXE | Added by the BHARAT.A WORM! | No |
| X | System Monitoring | lsass.exe | Added by the BRONTOK-BS WORM! Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in Documents and Settings\<User>\Local Settings\Application Data\WINDOWS | No |
| X | System MScvb | mscvb32.exe | Added by the SOBIG.C WORM! | No |
| X | System Net | sys32.exe | Added by the FORBOT-FX WORM! | No |
| X | System Net Database | sysnd.exe | Added by the RBOT-AAW WORM! | No |
| X | System Networking | sysnet.exe | Added by the RBOT.API WORM! | No |
| X | System Power Managment | svcnost.exe | Added by the DREF-I WORM! | No |
| X | System Presets | [temp name].exe | Added by the HOSTINF-A WORM! | No |
| X | System Process | csrss.exe | Added by the ADCLICK-AG TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | System Process | lsass.exe | Added by the ADCLICK-AG TROJAN! Note - this is not the legitimate lsass.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder | No |
| X | System Process | svchost.exe | Added by the ADCLICK-AG TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in the Winnt or Windows folder | No |
| X | System Process | CSRSR.exe | Added by the AGOBOT-SQ WORM! | No |
| X | System Process Analization | sysproc.exe | Added by a variant of the RBOT WORM! | No |
| X | System Process Analization Thread | system.exe | Added by a variant of the RBOT WORM! | No |
| X | System Profile | Regsrv.exe | Added by a variant of the OPTIX TROJAN! | No |
| X | System Reboot | rebootsys.exe | Added by the RBOT-WU WORM! | No |
| X | System Redirect | sysbho.exe | Downloader trojan, "Melkosoft" adware related | No |
| X | System Registry Manager | sysrgmgr.exe | Added by an unidentified WORM or TROJAN! See here | No |
| X | System Restore | svcnet.exe | Added by the TIBICK WORM! | No |
| X | System Restore Data | [path] repcale.exe [path] beird.exe | Added by the RANDON.AN WORM! | No |
| X | System Security Checker | ssc.exe | Added by the IRCBOT-WI TROJAN! | No |
| X | System Service | MSREXE.EXE | Added by the AML TROJAN! | No |
| X | system service | spoolcrv.cpl | Added by the INSPIR.11 TROJAN! | No |
| X | System Service | systems.exe | Added by the AGOBOT.VZ WORM! | No |
| X | System Service | coderxt.exe | Added by the RBOT-ALD WORM! | No |
| X | System Service | exp0lrer.exe | Added by a variant of the RBOT WORM! | No |
| X | System Service | servicent.exe | Added by the RBOT-AJI WORM! | No |
| X | System service | system.exe | Added by the BANCOS.AA TROJAN! | No |
| X | System Service | msnwindows.exe | Added by the SPYBOT.YCL WORM! | No |
| X | System Service | servicez.exe | Added by the RBOT-AOY WORM! | No |
| X | System Service | msnxpexe.exe | Added by the RBOT-AUA WORM! | No |
| X | System Service | teskmangr.exe | Added by the RBOT-AUV WORM! | No |
| X | System Service | backup.exe | Added by the PACKBOT.AA WORM! | No |
| X | System Service | serious.exe | Added by the RBOT-FMV WORM! Note - deactivates the Microsoft Internet Connection Firewall (ICF) | No |
| X | SYSTEM service helper | svchelper.exe | Added by the MONKBD-A WORM! | No |
| X | SYSTEM service helper | syshelp.exe | Added by a variant of the MONKBD-A WORM! | No |
| X | System Service Manager Device | svho.exe | Detected by Kaspersky as the RBOT.GCG BACKDOOR! See here | No |
| X | System service** | pokapoka**.exe | EliteBar adware - where ** represents the numbers 61 to 79 | No |
| X | System service78 | [path to file] | Added by the ELITEBAR-T and ELITEBAR-U TROJANS! | No |
| X | System service79 | [path to file] | Added by the ELITEBAR-V TROJAN! | No |
| X | System Services | [random file name] | Added by a variant of the RBOT WORM! | No |
| X | System Services | connection.exe | Added by an unidentified WORM or TROJAN! | No |
| X | System Services | svcsenes.exe | Added by a variant of the RBOT WORM! | No |
| X | System Services | svcsenes32a.exe | Added by the RBOT-AFG WORM! | No |
| X | System Services | ssms.exe | Added by a variant of the RBOT WORM! | No |
| X | System Services Monitor | server.exe | Bifrost malware | No |
| X | System Session Manager | smss.exe | Added by the KALEL-E WORM! Note - this is not the legitimate smss.exe process which should NOT appear in Msconfig/Startup! | No |
| X | System settings | burndl32.exe | Added by the SDBOT-ZO WORM! | No |
| X | System Setup | rpcxcmod.exe | Added by an unidentified WORM or TROJAN! | No |
| X | System Soap Pro | soap.exe | System Soap Pro internet cleaning software. Bundles foistware like Httper and Zipclix - best avoided | No |
| X | system spool | syspools.exe | Added by the DREF-T WORM/VIRUS! | No |
| U | System startup | charmapx.exe | Only required if using an oriental language | No |
| X | System Startup | Voltio.exe | Added by the RBOT.NJ WORM! | No |
| X | System Startup | kimochi.exe | Added by a variant of the RBOT WORM! | No |
| X | System Startup | sys.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | System Startup Manager | smcss.exe | Added by the RBOT.AMD WORM! | No |
| X | System Stats | SystemStats.exe | Added by a variant of the WOOTBOT WORM! | No |
| X | System Support | syscfg.exe | Added by the RBOT-AGQ WORM! | No |
| X | System Support | system32.exe | Added by the RBOT-AHA WORM! | No |
| X | System Support | syssql.exe | Added by the RBOT-AUH WORM! | No |
| X | System Support | torrent.exe | Added by a variant of the RBOT WORM! | No |
| X | System Task Manager | taskmrg.exe | Added by a variant of the SPYBOT WORM! See here | No |
| X | System Terminal | SYSTEM2.EXE | Added by the SPYBOT-BZ TROJAN! | No |
| X | System time updator | CSysTime.exe | Added by the RANDEX.S WORM! | No |
| X | system tool | sysguard.exe | Added by the FAKEALE-LY TROJAN! | No |
| X | System Toolkit | Systools.exe | Added by the RONOPER-G WORM! | No |
| X | System Tray | msccn32.exe | Added by the SOBIG.B WORM! Warning - spreading via infected E-mail attachments with the sender address faked as support@microsoft.com! Note - this is not the legitimate systray.exe process | No |
| X | System Tray | systray.exe | Added by the FAN-A WORM! | No |
| X | System Tray Monitor | tray.exe | Added by the RBOT.UXR WORM! | No |
| X | System Tray Services | spooles32.exe | Added by the AGOBOT.ZH WORM! | No |
| X | System Tray32 | SysTray32.exe | Added by the REPAD WORM! | No |
| X | System Unix | syscfg32.exe | Added by the RBOT-ZD WORM! | No |
| X | system updata | updata.exe | Added by the LINEAGE-C TROJAN! | No |
| X | System Update | [filename].exe | CoolWebSearch parasite variant | No |
| X | System Update | [random filename] | Added by the KORGO.W or KORGO.X WORMS! | No |
| X | System Update | wupdmgr.exe | Added by the SOROMO-A TROJAN! | No |
| X | System Update | [random filename] | Added by the SOROMO-A TROJAN! | No |
| X | System Update | wauluclt.exe | Added by the SDBOT.EF WORM! | No |
| X | System Update | [path to trojan] | Added by the AUTOTROJ-D TROJAN! | No |
| X | System Update | mssetupconf.exe | Added by the RBOT.DLC WORM! | No |
| X | System Update Application | msbuffer.exe | Added by the SDBOT.AFF WORM! | No |
| X | System Update Service | wmiprvsa.exe | Added by the AGOBOT-RG TROJAN! | No |
| X | System Update Service | winupd32.exe | Added by the ADTODA-A TROJAN! | No |
| X | System Update Service | system.pif | Added by the RBOT-ALL WORM! | No |
| X | System Update Service | update.pif | Added by the SPYBOT.WOE WORM! | No |
| X | System Update Service | wmiprvsv.exe | Added by the AGOBOT.YG WORM! | No |
| X | System Update2 | explorer.exe | Added by the AUTOTROJ-C TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System% | No |
| X | System Update2 | services.exe | Added by the AUTOTROJ-C TROJAN!Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! | No |
| X | System Update2 | svchost.exe | Added by the AUTOTROJ-C TROJAN! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup! | No |
| X | System Update2 | system.exe | Added by the AUTOTROJ-C TROJAN! | No |
| X | System Update2 | taskman.exe | Added by the AUTOTROJ-C TROJAN! | No |
| X | System Update2 | taskmon.exe | Added by the AUTOTROJ-C TROJAN! | No |
| X | System Update2 | update.exe | Added by the AUTOTROJ-C TROJAN! | No |
| X | System Update2 | webcheck.exe | Added by the AUTOTROJ-C TROJAN! | No |
| X | System Update2 | wininet.exe | Added by the AUTOTROJ-C TROJAN! | No |
| X | System Update2 | winlogon.exe | Added by the AUTOTROJ-C TROJAN! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup! | No |
| X | System Update2 | winspool.exe | Added by the AUTOTROJ-C TROJAN! | No |
| X | System Update2 | wupdmgr.exe | Added by the AUTOTROJ-C TROJAN! | No |
| X | System Updater Machine | crhwss.exe | Added by the CIADOOR-DQ TROJAN! | No |
| X | System Updater Machine | system.exe | Detected by Kaspersky as the CIADOOR.GN BACKDOOR! See here | No |
| X | System Updater Service | wmiprvsw.exe | Added by the GAOBOT.AFC WORM! | No |
| X | System Updates | winsci.exe | Added by a variant of the RBOT WORM! | No |
| X | System Updates | szwi.exe | Added by the RBOT-AXE WORM! | No |
| X | System Updates | unve.exe | Added by the RBOT-AWG TROJAN! | No |
| X | System Updates | wmkl.exe | Added by the RBOT-AYJ WORM! | No |
| X | System Updates 4 | mssysfix.exe | Added by the RBOT-ADU WORM! | No |
| X | System Updates Manager | winserv32.exe | Added by the AGOBOT-AGA WORM! | No |
| X | System Updates Service | updates.pif | Added by the RBOT-AMA WORM! | No |
| X | System Uptime Server | SYSENTRY.EXE | Added by the RBOT.LK WORM! | No |
| X | System Uptime Server | SYSENTRY32.EXE | Added by the RBOT.LK WORM! | No |
| X | system xp | acdsee demo.exe | Added by the SALGA.A WORM! | No |
| X | System-Config | msptmf32.com | Added by the LIOTEN.FA WORM! | No |
| X | System-Service | EXPLORER.SCR | Added by the BENJAMIN.A WORM! KaZaA file-sharing users beware! | No |
| X | System-Stat | systats.exe | Added by the SDBOT.RA WORM! | No |
| X | system. | system..exe | Added by the OPTIXPRO.13.C TROJAN! | No |
| X | system... | system...exe | Added by the OPTIXPRO.13.C TROJAN! | No |
| X | System.exe | System.exe | Added by various WORMS and TROJANS! | No |
| X | system.exe | system.exe | Added by the JAMPORK.E WORM! | No |
| X | system.exe | system.exe | Added by a variant of the IRCBOT BACKDOOR! Located in %WINDIR%\pchealth\helpctr\binaries | No |
| X | System132 | Csrtss.exe | Added by the LANFILT-I TROJAN! | No |
| X | system23 | notPad.exe | Added by the ESTEEMS.D TROJAN! | No |
| X | System32 | system.exe | Added by the BUSHTRO122 TROJAN! | No |
| X | System32 | System32.exe | Added by any number of WORMS or TROJANS! | No |
| U | System32 | sysdiag.exe | SpyAgent surveillance software. Uninstall this software unless you put it there yourself | No |
| X | System32 | system32,1.exe | Added by an unidentified VIRUS, WORM or TROJAN! | No |
| X | system32 | NeT-BoT.exe | Added by the AGOBOT-LJ WORM! | No |
| X | System32 | lsasss.exe | Added by the RBOT-XW WORM! | No |
| X | System32 | crsvvc.exe | Added by the RBOT.BLY WORM! | No |
| X | system32 | QQGame.exe | Added by the QQPASS-AC TROJAN! | No |
| X | System32 | [worm filename] | Added by the NAUTICAL-A WORM! | No |
| X | System32 | winds32.exe | Added by the DWNLDR-HFY TROJAN! | No |
| X | System32 PCI Manager | syspci32.exe | Added by the RBOT-AFR WORM! | No |
| X | System32 Runtime StartUp | sysrs.exe | Added by the AGOBOT.ANW WORM! | No |
| X | System32 TCP Manager | systcpm.exe | Added by a variant of the RBOT WORM! | No |
| X | System32 TCP Manager | systerm.exe | Added by the RBOT.AFD WORM! | No |
| X | System32 Temp Service | systmp.exe | Added by the RBOT-AET WORM! | No |
| X | system32.dll | systeminit.exe | CoolWebSearch parasite variant - re-directing to your-search.info | No |
| X | system32.dll | sysdll32.exe | CoolWebSearch parasite variant. Redirecting to wholeworldmarket.com, most likely other domains as well | No |
| X | system32.exe | services32.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | system32.exe | system32.exe | Added by the GRAYBIRD.P TROJAN! | No |
| X | System32BLSJ Agent | System32BLSJ.exe | Added by the MDROP-BPT TROJAN! | No |
| X | System32Check | [random].exe | Added by the CHAST-A TROJAN! | No |
| X | System32Dll | DLL32SYS.EXE | Added by the SPYBOT-CZ WORM! | No |
| X | System32Ex | System32Ex.exe | Added by the IRCCONTACT TROJAN! | No |
| U | System32kfvw | sysdiag.exe | SpyAgent surveillance software. Uninstall this software unless you put it there yourself | No |
| X | System32Root | Gadu-Gadu.exe | Added by a variant of the IRCBOT TROJAN! Note - doe not confuse with the Polish language Instant Messaging client also called Gadu-Gadu | No |
| X | system32WXBP Agent | system32WXBP.exe | Detected by Trend Micro as TSPY_ARDAMAX.HR spyware. See here | No |
| X | System33 | FB_PNU.EXE | Added by the NICHELLO-A WORM! | No |
| X | system34.exe | system34.exe | Added by the DWNLDR-FXY TROJAN! | No |
| X | System4224411 | Virus | Added by the CAGER.A WORM! | No |
| X | System4224411 | Systemdll.exe | Added by the YUSUFALI-B WORM! | No |
| X | system43.exe | system43.exe | Added by a variant of the SDBOT WORM! | No |
| X | System51616 | msnmsgesser.exe | Added by a variant of the PUSHBOT WORM! A family of worms that spread using MSN Messenger | No |
| X | System64 | inet.exe | Added by the DENGLE-A TROJAN! | No |
| X | SystemAdministration | Wincmp32.exe | Added by the ASYLUM TROJAN! | No |
| U | SystemAgent | Sage.exe | "Microsoft Plus! System Agent automatically tunes your system, performing tasks such as disk optimization and error correction. It can also run any application at prescheduled times" | No |
| X | SystemB | MessengerStopper.exe | MessStopper adware | No |
| X | systemb | systemb.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | SystemBackup | mtx.exe | Added by the MTX VIRUS/WORM! | No |
| X | SystemBackup | MicroLog.exe | Added by the MICROLOG.A TROJAN! | No |
| X | SystemBooster2009 | sbr_updater.exe | SystemBooster2009 rogue system suite - not recommended, removal instructions here | No |
| ? | SystemBoot | ladies.htm | Unknown but sounds very suspicious?? | No |
| X | SystemBoot | Mshta.exe ...filename.hta | Adult content dialler | No |
| X | SystemBoot | services.exe | Added by the SOBER-Q TROJAN! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\Help\Help | No |
| X | Systemboot | msnsngr.exe | Added by a variant of the RBOT WORM! | No |
| X | SystemCheck | Systemcheck.exe | Added by the LAVITS WORM! | No |
| X | SystemCheck | services.exe | Added by the SOBER-M WORM! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a Configsystem subfolder of the Windows or Winnt folder | No |
| X | SystemCheck | svchost.exe | Added by the DELF-KR TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a C:DriverLoad folder | No |
| X | SystemCheck | SysCheckBop32.exe | WINBO adware | No |
| X | SystemChecker | Syschk.exe | Added by the GALIL.F WORM! | No |
| X | SystemCONF98i | SystemCONF98i.exe | Added by the GLITCH TROJAN! | No |
| X | SystemDebug | Sysdeb32.exe | Added by the SYSBUG TROJAN! | No |
| X | SystemDefender | SystemDefender.exe | SystemDefender spyware remover - not recommended, see here | No |
| X | SystemDevic | devic.exe | Detected by Trend Micro as the MIMBOT.A WORM! See here | No |
| X | SystemDll | SystemDll.exe | Added by the LOXOSCAM TROJAN! | No |
| X | systemdll32.exe | systemdll32.exe | Added by the FEUTEL-F TROJAN! | No |
| X | SystemDoctor 2006 Free | sd2006.exe | SystemDoctor misleading security software - not recommended, see here | No |
| X | SystemDriver | csrss.exe | Added by the ASCETIC.B TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\addins\explorer | No |
| X | SystemDriverCheck | svchost.exe | Added by the DELF-KR TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a C:DriverLoad folder | No |
| X | SystemDriverLoad | svchost.exe | Added by the DELF-KR TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a C:DriverLoad folder | No |
| X | systemdrv | ms32sys.exe | Added by an unidentified WORM or TROJAN - most likely GAOBOT variant | No |
| X | SystemEmergency | [various filenames] | CoolWebSearch Smartsearch parasite variant | No |
| X | SystemErrorFixer | SysRep.exe | SystemErrorFixer spyware remover - not recommended, see here | No |
| X | SystemExplorer | explore.exe | Homepage hijacker - file located in the "Services" folder in Common Files | No |
| X | SystemFile | SystemFile.exe | Added by the DULLDOOR-A TROJAN! | No |
| X | SystemFTP | VSENMB.exe | Malware (ie, malicious software). Also changes the system.ini Shell line to read Shell=Explorer.exe VSENMB.exe, and it hacks the Winstart.bat as well | No |
| X | SystemGent | CVT.exe | Added by the BRONTOK-H WORM! | No |
| X | systemguard | systemguard.exe | System Guard 2009 rogue security software - not recommended, removal instructions here | No |
| ? | SystemGuardAlerter | SystemGuardAlerter.exe | Part of the Iolo System Mechanic maintenance software. What does it do? | No |
| X | SystemGuardCenter | SystemGuardCenter.exe | System Guard Center rogue security suite - not recommended, removal instructions here | No |
| X | SystemGuardCenter | SystemGuardCenter.exe | System Guard Center rogue security suite - not recommended, removal instructions here | No |
| X | SystemHelp | RUNDLL32.EXE SystemHper.dll,Install | Detected by Kaspersky as the WOW.COK TROJAN! See here. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "SystemHper.dll" file is found in %System% | No |
| X | SystemInit | iservc.exe | Added by the FIZZER WORM! | No |
| X | systeminit | systeminit.exe | Added by the SILLYFDC-AN WORM! | No |
| X | Systemiom Updater | Systemiom.exe | Added by the SPYBOT.TY WORM! | No |
| U | SystemKey | rundll32.exe [path] SystemKey.dll rdl | Stealth Keylogger keystroke logger/monitoring program - remove unless you installed it yourself! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| X | SystemLoad32 | sysload32.exe | Added by the MIMAIL.E WORM! | No |
| X | SystemLoader | sysldr32.exe | Added by the DOWNLDR-NS TROJAN! | No |
| X | SystemManager | Sysman32.exe | Added by the DOWNLOADER-BW.B TROJAN! | No |
| X | SystemManager | [random filename] | Added by the SETTEC ROOTKIT! | No |
| X | SystemMap32 | Netisp32.vbs | Added by the REDIST.C WORM! | No |
| X | SystemMD | md.exe | Homepage hijacker | No |
| X | SystemMgr | Ir32_a.exe | Added by the MAGANIA-OU TROJAN! | No |
| X | SystemMigration | WinMedia.exe | Added by the KELVIR.EI WORM! | No |
| X | SystemMonitor | Sysmon32.exe | Added by the AIDID.A WORM! | No |
| X | SystemNetwork | NETSERV.EXE | Added by the NETCONTROL VIRUS! | No |
| X | SystemNetwork | sysnet.exe | Added by a variant of the RBOT WORM! | No |
| X | SystemNT | SystemNT.exe | Added by the PWSVB-EG TROJAN! | No |
| X | SystemOPsv | scrtvc32.exe | Added by a variant of the SPYBOT WORM! | No |
| X | SystemProcEvent | csrwnd.exe | Added by the IRCBOT.I TROJAN! | No |
| X | systemr | d11host.exe | Added by the VB-GX TROJAN! | No |
| X | systemr | gedit.exe | Added by the ADCLICK-AQ TROJAN! | No |
| ? | SystemReg | PROCES.EXE | ?? | No |
| X | SystemReg | svchost.exe | Added by the DEWIN.E TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in the Winnt or Windows folder | No |
| X | SystemReg | WINREG.EXE | Added by the DEWIN.A TROJAN! | No |
| X | Systems | scchost.exe | Added by the DAEMOZ.A TROJAN! | No |
| X | Systems | svch0st.exe | Added by the MYDOOM.BI WORM! | No |
| X | Systems | Systems.exe | Added by the BANKBOA-A TROJAN! | No |
| X | Systems | itDDD.exe | Added by the DLOADER-PP TROJAN! | No |
| X | Systems | sescmgr.exe | Added by the DWNLDR-GAH TROJAN! | No |
| X | Systems | spoolsvc.exe | Added by the DLOADR-SW TROJAN! | No |
| X | Systems | sysmon.exe | Added by the VIXUP-BI WORM! | No |
| X | Systems Backups | windrives.exe | Added by the AGOBOT-RB WORM! | No |
| X | Systems Restart | slchost.exe | Added by the MULTIDROP.C TROJAN! | No |
| X | Systems Restart | spchost.exe | Added by an unidentified WORM or TROJAN! | No |
| X | Systems Restart | Rundll32.exe beem.dll, DllRegisterServer | Browser hijacker - the file serves to register a dll implemented as a browser plugin. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| X | Systems Restart | Rundll32.exe snim.dll, DllRegisterServer | Added by the STARTPAGE.I TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| X | Systems Restart | Rundll32.exe zolk.dll, DllRegisterServer | Added by a variant of the STARTPAGE TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| X | Systems Restart | Rundll32.exe boln.dll, DllRegisterServer | Added by the STARTPAGE.J TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| X | Systems Service | drivex.exe | Added by a variant of the RBOT WORM! | No |
| X | systems usb driver | Windows2.exe | Added by a variant of the RBOT WORM! | No |
| U | Systems.exe | Systems.exe | Keyboard Spectator - monitoring software that creates records of everything people do on a computer, ie, spying or monitoring depending upon how you call it | No |
| U | systems.exe | systems.exe | KGBSpy is a commercial surveillance software program. It logs keystrokes, Web sites visited, and clipboard activity. It also has a screen capture logger and can be run automatically in a silent, undetectable mode | No |
| U | SystemSafe | Syssafe.exe | System Safety Monitor - system monitoring tool with additional application firewalling | No |
| X | SYSTEMSars32 | csrss.exe | Added by the AHLEM.A WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | SystemSAS | System32.exe | Added by the KWBOT.C WORM! | No |
| X | systemscroot | systembin.exe | Added by a variant of the RBOT WORM! | No |
| X | SystemSearch | regedit.exe -s c:ie.reg | Installs a Seachxl.com browser page hijack | No |
| X | SystemSearch | regedit.exe -s c:sys.reg | Installs a i--search.com browser page hijack | No |
| X | SystemService | msocfg.exe | Premium rate adult content dialler | No |
| X | SystemService | navchk.exe | Premium rate adult content dialler | No |
| X | SystemService | qservice.exe | Premium rate adult content dialler | No |
| X | SystemService | shman.exe | Premium rate adult content dialler | No |
| U | SystemService | nsserver.exe | NiceSpy keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| X | SystemSettingf | TRUG.vbs | Added by the TRUG.B MACRO! | No |
| U | SystemSuite Task Manager | MXTASK.EXE | vcom (nee Ontrack) SystemSuite - PC maintenance and security. Use the program's configuration options to enable only the parts you want running all the time - such as Virusscanner Pro | No |
| X | SystemSv12 | newmaxxsv234.exe | Added by the TIBS-TS TROJAN! | No |
| X | SystemSv121 | n2ewma1xxsv234.exe | Detected by PCTools as the TIBS.JT TROJAN! See here | No |
| X | SystemTasks | filez.exe | Adult content dialler | No |
| X | SystemTasks | sexypicz.exe | Adult content dialler | No |
| X | SystemTasks | loaded.exe | Adult content dialler | No |
| X | SystemTools | kernels32.exe | Added by the DLOADER-FC TROJAN! | No |
| X | SystemTools | kernels1118.exe | Added by the SMALL.DGK TROJAN! | No |
| X | SystemTools | kernels8.exe | Added by the FNG TROJAN! | No |
| X | SystemTools | kernels88.exe | Added by the TIBS-PP TROJAN! | No |
| X | Systemtra | Systra.exe | Added by the LOVGATE-W WORM! | No |
| X | SystemTra | CDPlay.EXE | Added by the LOVGATE.Z WORM! | No |
| X | SystemTra | Video.EXE | Added by the LOVGATE.E WORM! | No |
| U | SystemTray | SysTray.Exe | SYSTRAY.EXE - System Tray Services. Provides the Volume Control, PC Card Status, Power Management and other icons that reside in the System Tray (see here). SYSTRAY.EXE may be disabled if none of these services are required. It will launch as and when required if you later enable the icons. If you need these items they're available via Start -> Settings -> Control Panel | No |
| X | SystemTray | SystemTray.exe | Added by the BIGFOOT TROJAN! Note - this is not the legitimate systray.exe process | No |
| X | SystemTray | SysTray.exe | Added by the ALADINZ.P TROJAN! Note - this is not the legitimate systray.exe process. If you right-click on the real systray.exe the "Properties" reveal it to be a Microsoft file | No |
| X | SystemTray | lsvhostwinlk.exe | Added by a variant of the SPYBOT WORM! | No |
| X | SystemTray | mssgl2.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | SystemTray | wekls4.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | SystemTray | Windowsupd.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | SystemTray Monitor | SysTraymon.exe | Added by a variant of the SPYBOT WORM! See here | No |
| U | SystemTraySD | SDSystemTray.exe | Spyware Detector - spyware remover. Initially not recommended due to false positives but the later versions have since improved - see here | No |
| U | SystemTraySR | SRSystemTray.exe | Spyware Detector - spyware remover. Initially not recommended due to false positives but the later versions have since improved - see here | No |
| X | SystemTuner | SystemTuner.exe | System Tuner rogue system suite - not recommended, removal instructions here | No |
| N | SystemUpd | SystemUpd.exe | Updater for Swapoo.com, a kind of Napster for games | No |
| X | SystemUpdate | Negdo.exe | Added by the CULLER-C WORM! | No |
| X | SystemUpdate | Xeyu.exe | Added by the CULLER-D WORM! | No |
| X | systemw32 | systemw32.exe | Added by a variant of the RBOT WORM! | No |
| U | SystemWeb | rundll32.exe [path] SystemWeb.dll rdl | StealthWeblog surveillance software. Uninstall this software unless you put it there yourself! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| X | SystemWideHook for Windows NT | %WinHook32.exe | Added by the MYDOOM.AC WORM! | No |
| U | SystemWizard Sniffer | Sniffer.exe | SystemWizard for Win98/ME from SystemSoft - diagnoses and solves hardware and software problems on a PC | No |
| X | SystemX | nzm.exe | Added by a variant of the RBOT WORM! | No |
| X | systemx32 | systemx32.exe | Added by a variant of the RBOT WORM! | No |
| X | systemyom Updater | systemyom.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | SYSTEMZ Patch | SYSZ.exe | Added by the ALADINZ.P TROJAN! | No |
| U | System_Messages | pprsen.exe | TerminatorX - "offers an easy and effective method of stopping users running predetermined file sharing programs like KaZaA, messenger programs, chat rooms and the like" | No |
| X | systen32.exe | systen32.exe | Added by the DLOADR-AQP TROJAN! | No |
| X | Systes | jrdtifkkxbbsa.exe | Added by the RBOT-ADC WORM! | No |
| X | Systesms.exe | systesms.exe | Added by the RBOT-HI WORM! | No |
| U | Systest | Systest.exe | Clean Space internet evidence eliminator | No |
| X | SysteZ | d1.exe | Added by the MSNDIABLO.A WORM! | No |
| X | systhread | winkernal.exe | Added by the LIAMED WORM! | No |
| X | SysTime | systime.exe | CoolWebSearch parasite variant - also detected as the STARTPA-FL TROJAN! | No |
| X | Systmesy | Systmesy.exe | Added by the RBOT-KQ WORM! | No |
| X | Systoan32 | systoan.exe | Added by an unidentified VIRUS, WORM or TROJAN! | No |
| X | systr | SYSERVER.exe | Added by the VB-DQY WORM! | No |
| X | systr2 | SERVICE.exe | Added by the VB-DQY WORM! | No |
| ? | systr32 | systr32.exe | ?? | No |
| X | systrans | [path to trojan] | Added by the STARTPA-GZ TROJAN! | No |
| ? | systrax | systrax.exe | ?? | No |
| X | Systray | Systray_.Exe | Added by the KERGEZ.A WORM! | No |
| X | Systray | [filename.exe] | Winfavorites adware | No |
| X | SYSTRAY | UNMT.EXE | Added by the DLOADER-LQ TROJAN! | No |
| U | SysTray | SysTray.Exe | SYSTRAY.EXE - System Tray Services. Provides the Volume Control, PC Card Status, Power Management and other icons that reside in the System Tray (see here). SYSTRAY.EXE may be disabled if none of these services are required. It will launch as and when required if you later enable the icons. If you need these items they're available via Start -> Settings -> Control Panel | No |
| X | SysTray | Snnpapi.exe | Added by an unidentified TROJAN! | No |
| X | Systray | w32explorer.exe | Added by the RBOT-AJY WORM! | No |
| X | Systray | SteFanie.vbs | Added by the STEFAN WORM! Note - make sure you check the hyperlink as this one copies it's self to numerous dirves and folders | No |
| X | Systray | KAT.vbs | Added by the SOAD-D WORM! | No |
| X | SysTray | svhost.exe | Added by the RAJILO-A WORM! | No |
| X | SysTray | system.exe | Added by the DELF.E TROJAN! | No |
| X | systray | system234.exe | Added by the AUTORUN.AEV WORM! | No |
| X | Systray driver | systray.exe | Added by the MUTEBOT TROJAN! Note - this is not the legitimate systray.exe process | No |
| X | SystrayServices | Msxpw.exe | Added by the CITOR WORM! | No |
| U | SYSTRAYX | SysTrayX.EXE | "SystrayX helps you hide some of the less used icons from the system tray (the hidden icons can still be seen and used in the special SysTrayX menu but will no longer permanently take precious space from your system tray)" | No |
| X | systree | systree | Added by the BANCOS.L TROJAN! | No |
| X | Systry | [path to worm] | Added by the AUTEX WORM! | No |
| X | Systryt | [path to worm] | Added by the AUTEX WORM! | No |
| X | SystUphes | algesetp.exe | Added by the QQPASS-AM TROJAN! | No |
| U | Systweak Ad and Popup Blocker | adblock.exe | Ad and popup blocker part of Advanced System Optimizer from Systweak | No |
| U | Systweak Memory Optimizer | memtuneup.exe | Part of SysTweak Advanced System Optimizer | No |
| X | sysu | sysu.exe | Dynamic Desktop Media adware - see here | No |
| X | sysug32.exe | sysug32.exe | Added by an unidentified TROJAN or WORM! | No |
| X | SysUpd | Sysupd.exe | VirtuMonde adware | No |
| X | sysupdate | cmman32.exe | Added by a variant of the SDBOT WORM! | No |
| X | Sysvupex | Sysvupex.exe | Added by the MEDIAS TROJAN! | No |
| X | sysvx | sysvx_.exe | Added by the LOOSKY-BX TROJAN! | No |
| U | SysW8 | csta.exe | Clean Space internet evidence eliminator | No |
| U | SYSWB6 | SYSWB6.exe | Part of We-Blocker - gives parents the opportunity to monitor their children's Internet access and provide them with age-appropriate content, while filtering out sites that contain adult content. Works in conjunction with Winkb6 and both files are needed to run We-Blocker | No |
| X | SysWin | SysWin.exe | Added by the IRCCONTACT TROJAN! | No |
| X | syswin | v6.exe | Added by the AGENT-ECM TROJAN! | No |
| X | syswin.txt | [3 random letters].exe | Added by a variant of the SPYBOT WORM! See here | No |
| X | syswin32 | syswin32.exe | Added by a variant of the SPYBOT WORM! | No |
| X | Syswindow | Syswindow.exe | Added by the COW TROJAN! | No |
| X | SysWy | rundll32.exe | Added by the LINEAGE-JH TROJAN! Note - this file is found in the C:WindowsSystem folder, and is not to be confused with the legitimate rundll32.exe file, always located in the Windows folder on Win98/ME systems, and in the WinntSystem32 or WindowsSystem32 folder in WinXP/NT/2K! | No |
| X | sysX3 | sys22.exe | Added by the RANTS.C WORM! | No |
| X | sysygm32 | syscxd32.exe | Added by the IRCBOT-PC TROJAN! | No |
| X | sysygm64 | winrxd64.exe | Added by the IRCBOT-RK TROJAN! | No |
| X | SYS_CLEAN | Service.exe | Added by the FLOPCOPY WORM! | No |
| X | Sys_Run | ghost.exe | Added by the LINEAGE-N TROJAN! | No |
| X | sys_Runtt1 | explorer.exe | Added by the LINEAGE-M TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %ProgramFiles% | No |
| X | sys_up1 | svchostsys.exe | Added by the MULTIDR-FL TROJAN! | No |
| X | SyZ | f1.exe | Added by the MSNDIABLO.A WORM! | No |
| X | SyztMy | expiorer.exe | Added by the LINEAG-AIN TROJAN! | No |
| U | SZMsgSvc.exe | SZMsgSvc.exe | StopZilla! - pop-up killer | No |
| X | t | xclean.exe | FlashEnhancer adware | No |
| U | T-Com WLAN Manager | TS154USB.exe | Wireless management utility for the T-Com Sinus 154 Data II WLAN adapter | No |
| N | T-DSL SpeedMgr | speedmgr.exe | T-Online ISP SpeedManager - shows upload and download speed. Also checks for updates automatically | No |
| X | T2W | Memoria.exe | Detected by Symantec as the SILLYFDC WORM! See here | No |
| U | T3Console | T3Console.exe | Related to T3 Security Suite - prevents unauthorized or inappropriate access to your PC and data | No |
| X | T4skM4n4g3r | Wink3sk9.exe | Added by a variant of the IRCBOT TROJAN! | No |
| U | Taakcontrole | taskmon.exe | Task Monitor (on Dutch language versions of Windows) - checks the disk-access patterns of programs when they are started and stores this information in log files in the Applog folder. Task Monitor also records the number of times you use a program. The Disk Defragmenter tool uses this information to optimize your hard disk so that programs that you use frequently are loaded faster. Not required - but can be useful. Note: for Norton Anti-Virus 2002 users, loading TaskMonitor will typically solve many, if not most, of those annoying IE scripting errors (per Symantec's Knowledgebase) | No |
| X | Taba | stte.exe | PurityScan/Clickspring adware | No |
| N | Tablet | Tablet.exe | Loads the tablet drivers for the Wacom Graphics Tablet. This can be unchecked in msconfig without problems if you don't need the tablet functional all the time. Create your own shortcut if you need to run it ad hoc. If you forget to run it before running Paint Shop Pro & Adobe Photo Shop) you may find the following: (1) Paint Shop Pro (version 7.04) - (a) Browse function will NOT work (program freezes) (b) On program exit, PSP does not terminate (you have to CTRL+ALT+DEL to close it) (2) Photo Shop (version 6.01) - (a) Program functions slowdown (d) On program exit it takes noticeably longer to shut down (like 30-45 seconds) | No |
| Y | tablet s | tablet s | Starts the Wacom Penabled driver on Acer Tablet PCs (tablet icon with a green check appears during startup if successful) | No |
| X | Tablet Task | tabletsk32.exe | Added by the RBOT-AJB WORM! | No |
| U | TabletTip | tabtip.exe | The Microsoft Tablet PC Input Panel converts handwriting to text dynamically, and you can make corrections quickly and easily before inserting text | No |
| U | TabletWizard | SPLSHWRP.EXE | Microsoft Tablet PC Component | No |
| Y | TabUserW | TabUserW.exe | Wacom pen tablet driver | No |
| ? | TAcelMgr | TAcelMgr.exe | TOSHIBA Acceleration Utilities related. What does it do and is it required? | No |
| N | Tad | tad.exe | From Turtle Beach's Santa Cruz on a Dell WinME system. Not required - works fine without it including keyboard hot controls for volume and mute | No |
| X | taengtae | AutoRun.bat | Added by the GATINA-B WORM! | No |
| X | Taesk managers | tase.pif | Added by the RBOT-AYK TROJAN! | No |
| X | taetae | Exit to DosPrompt.pif | Added by the GATINA-B WORM! | No |
| ? | TAG | tag.exe | ?? | No |
| N | Tahni Deskmate | Tahni.exe | Tahni Deskmate - "Interactive cartoon character that lives on your Windows desktop" | No |
| X | TakeMP3 | rundll32.exe MSA64CHK.dll, DllMostrar | MatrixDialer related. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in the Winnt or Windows folder | No |
| X | TAKSMGN | taskmr.exe | Added by the RBOT-AHS WORM! | No |
| X | talk | talk.bat | Added by the TIOTUA-G WORM! | No |
| N | TalkingReminder | TALKINGREMINDER.EXE | Talking Reminder from Software River Solutions - talking calendar reminder | No |
| ? | talknow | talknow.exe | Could it be related to this or something similar? | No |
| U | TalkTalk | sprtcmd.exe /P TalkTalk | Self-help support tool for TalkTalk Broadband users (provided by SupportSoft, Inc). Identifies and automatically fixes typical problems that may occur with your high-speed internet service | No |
| ? | Tango | Setup.exe | Tango Broadband access software. Is it required? | No |
| ? | TangoManager | TangoManager.exe | Tango Broadband access software. Is it required? | No |
| X | TANG_INA_MO | AutoRun.bat | Added by the FILUKIN.A WORM! | No |
| X | Tapicfg | Tapicfg.exe | CoolWebSearch Tapicfg parasite variant | No |
| X | Tapisys | tss.exe | Added by the SMALL TROJAN! | No |
| U | TapiTNA | TapiTNA.exe | Telephony Location Selector allowing mobile users to change dialling locations - part of the Win95 Power Toys | No |
| Y | Tarantula | razerhid.exe | Razer Tarantula gaming keyboard driver | No |
| U | Tardis | Tardis.exe | Tardis - time synchronization software | No |
| X | Task | tasker.exe | Added by the MYDOOM.R WORM! | No |
| X | Task | LSASS.EXE | Added by the PUNYA-A WORM! Note - this is not the legitimate lsass.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! | No |
| X | Task Alert | cmosvc.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | Task Bar | TASKBAR.EXE | Added by the FRETHEM.J WORM! | No |
| ? | Task BarClient | TaskBarClient.exe | Responsible for creating the System Tray icon and associated display system for the Starband satellite always on internet service | No |
| ? | Task BarSvr | TaskBarSvr.exe | Part of the Starband satellite always on internet service. Not included on the current system. What does it do and is it needed? | No |
| U | Task Catcher | tasktrap.exe | Task Catcher - utility that will block unwanted programs from running | No |
| U | Task Catcher Real-Time Detector | tasktrap.exe | Task Catcher - utility that will block unwanted programs from running | No |
| X | Task Commander | regsvc32.exe | Added by the AGOBOT-RX WORM! | No |
| U | Task Completion | AMCLIENT.EXE | LANDesk® Management Suite software component | No |
| X | Task Debugger | sysdll.exe | Added by the RBOT-CQ WORM! | No |
| X | Task Debugger | tskdbg.exe | Added by the AOGBOT-KK WORM! | No |
| X | Task Help | wualcts.exe | Added by a variant of the RBOT WORM! | No |
| X | Task Loader | {rdprM@Y_VO^ | Added by the AGOBOT.CB WORM! | No |
| X | Task managebrkb | taskmg.exe | Added by a variant of the SPYBOT WORM! See here | No |
| X | Task Manager | taskmngr.exe | Added by the RBOT.Y WORM! | No |
| X | Task Manager | taskman.exe | Added by the FORBOT-T WORM! | No |
| X | Task Manager | prcview.exe | Added by the AGOBOT-RT WORM! | No |
| X | Task manager | taskemngr.exe | Added by the RBOT-AGA WORM! | No |
| X | Task manager | TikTo.exe | Added by the RBOT.LV WORM! | No |
| X | Task manager | taskmngr.exe | Added by the RBOT-AYZ WORM! | No |
| X | Task Manager | svchost.exe | Added by the SOHANA-P WORM! Note - this is not the legitimate svchost.exe process which should not normally figure in Msconfig/Startup! | No |
| X | Task Manager | taskmng.exe | Added by the TIOTUA-E WORM! | No |
| X | Task Manager | svhost32.exe | Added by the TERMX.A WORM! | No |
| X | Task manager | taskmgr2.exe | Added by a variant of the RBOT WORM! | No |
| X | Task Manager | tskmngr.exe | Added by the RBOT-GOU WORM! | No |
| X | Task manager | UPDATEWIN.exe | Added by the RBOT.BBS WORM! | No |
| X | Task Monitoring Service | svchost.exe | Added by the CONE.D WORM! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "tasks" subfolder of the Winnt or Windows folder | No |
| X | Task Scheduler Engine | schedsvc32.exe | Added by the RBOT-ASJ WORM! | No |
| X | task service | taskservices.exe | Added by a variant of the RBOT WORM! | No |
| X | Task service | taskmgs.exe | Added by a variant of the RBOT WORM! | No |
| X | TASK SETUP | tasksetup.exe | Added by the RBOT-YR WORM! | No |
| N | Taskbar | Taskbar.exe | Taskbar icon for the Redline RegTweak overclocking program as supplied with Sapphire ATI graphics cards | No |
| N | TaskBar | CTLTask.exe | Creative SoundBlaster Audigy Taskbar - used to choose between different types of EAX Effects, not required in startup. NOTE: if you get a ctltask.exe error message while installing the Audigy drivers, see this Microsoft Knowledge Base article | No |
| Y | Taskbar Button Manager | tbm.exe | Taskbar Button Manager from Innovative Solutions - "is a simple utility that helps you arrange the buttons on your Windows taskbar in any way you want by using drag and drop" | No |
| N | Taskbar Display Controls | RunDLL deskcp16.dll, QUICKRES_RUNDLLENTRY | Only appears in MSCONFIG if you have a Display Settings icon in the System Tray allowing resolution changes on the fly. Can also be disabled under Control Panel -> Display -> Settings -> Advanced -> General. Also appears if you have Win95 with the QuickRes "Powertoy" installed | No |
| X | Taskbar Service | taskbar.svc | Unidentified adware | No |
| Y | Taskbar Shuffle | taskbarshuffle.exe | "Taskbar Shuffle is a simple, small, free utility that lets you drag and drop your Windows taskbar buttons to rearrange them" | No |
| X | Taskbar System | tasksys.exe | Added by a variant of the SDBOT WORM! | No |
| N | Taskbar++ | TaskbarPP.exe | Taskbar++ is a software that allows you to sort (move) the buttons of the Windows taskbar by Drag & Drop | No |
| Y | taskbarshuffle | taskbarshuffle.exe | "Taskbar Shuffle is a simple, small, free utility that lets you drag and drop your Windows taskbar buttons to rearrange them" | No |
| X | Taskbell.exe | Rund1.exe | Added by the YIPID TROJAN! | No |
| X | taskdir | taskdir.exe | Added by the LAGER.AQ TROJAN! | No |
| X | TaskList | tasklist32.exe | Added by the BANCOS-DX TROJAN! | No |
| X | TaskMan | rundll32.exe | Added by the DVLDR TROJAN! Note - this is not the valid "rundll32.exe" as it's in the WindowsFonts directory | No |
| X | taskmanager | taskmgr.com | Added by the BEREB WORM! | No |
| X | taskmanager | taskmanager.exe | Added by the AGOBOT-TF WORM! | No |
| X | TaskManager | [path to trojan] | Added by the LDPINCH-CF TROJAN! | No |
| X | TaskManager Load Module | TSKMNGR32.EXE | Added by the SPYBOT.I WORM! | No |
| X | taskmanger | taskmanger.exe | Added by a variant of the RBOT WORM! | No |
| X | Taskmgo | [path to file] | Added by the BANCBAN-T TROJAN! | No |
| X | Taskmgr | Taskmgr.exe | System1060 homepage hi-jacker. Note - this is not the legitimate taskmgr.exeprocess which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "1060" sub-folder | No |
| X | Taskmgr | tskmgr32.exe | Homepage hi-jacker | No |
| X | taskmgr | taskmgr.exe | Added by the STARTPAGE.G hijacker. Note - this is NOT the Windows Task Manager file! | No |
| X | Taskmgr | system.exe | Added by the PAKES.G TROJAN! | No |
| X | taskmgr | explorer.exe | Added by the ZAPCHAS-AC TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System% | No |
| X | taskmgr | [path to trojan] | Added by the AGENT-ENV TROJAN! | No |
| X | taskmgr | taskmanager.exe | Added by the BCKDR-QHT BACKDOOR! | No |
| X | TaskMgr | keymayker.exe | Added by the LDPINCH-EP TROJAN! | No |
| N | taskmgr.exe | taskmgr.exe | Windows Task Manager in Windows XP. If run from the Startup folder, the tray icon will be put to the system tray after boot. Useful to check if XP has finished running the delayed services after boot. Available via a desktop shortcut | No |
| X | taskmgr.exe | paint.exe | Added by a variant of the AGENT.AH TROJAN! | No |
| X | taskmgr.exe | mirc.exe | Added by a variant of the AGENT.AH TROJAN! | No |
| X | taskmgr.exe | paintms.exe | Added by a variant of the AGENT.AH TROJAN! | No |
| X | TASKMGRU | TASKMGRU.EXE | Added by the CWS-M TROJAN! | No |
| X | taskmngr | [path] msnve.exe [path] task.exe | Added by the FLOOD-EK TROJAN! | No |
| X | taskmngr lptt01 | taskmngr.exe | RapidBlaster variant (in a "Taskmngr" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here | No |
| X | taskmngr ml097e | taskmngr.exe | RapidBlaster variant (in a "Taskmngr" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here | No |
| X | TaskMon | taskmon.exe | Added by the MYDOOM.A or MYDOOM.J WORMS! Note - this is not the legitimate Win9x/Me file of the same name which resides in C:Windows as this version resides in C:WindowsSystem (Win9x/Me), C:WinntSystem32 (WinNT/2K), or C:WindowsSystem32 (WinXP). It is not normally on a WinXP system | No |
| X | TaskMon | [path to trojan] | Added by the DROPPER.EAT TROJAN! | No |
| X | Taskmon driver | winampa.exe | Added by the LOONY-I TROJAN! Note - this is NOT associated with the popular Winamp media player. The valid file for the Winamp Agent resides in a "Winamp" subdirectory of the Program Files directory whereas this file is located in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| X | taskmone | taskmone.exe | Added by the SINGU-S TROJAN! | No |
| U | TaskMonitor | taskmon.exe | The Task Monitor checks the disk-access patterns of programs when they are started and stores this information in log files in the Applog folder. Task Monitor also records the number of times you use a program. The Disk Defragmenter tool uses this information to optimize your hard disk so that programs that you use frequently are loaded faster. Not required - but can be useful. Note: for Norton Anti-Virus 2002 users, loading TaskMonitor will typically solve many, if not most, of those annoying IE scripting errors (per Symantec's Knowledgebase) | No |
| X | TaskMrg | csrss.exe | Added by the LDPINCH-W TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | taskmrg | taskmrg.exe | Added by the BANKER-BZZ TROJAN! | No |
| X | taskmrg.exe | taskimg.exe | Added by the DLOADER-QZ TROJAN! | No |
| X | taskmrg.exe | [path to trojan] | Added by the BANCBAN-BN TROJAN! | No |
| X | taskmsgs | [path to trojan] | Added by the BANCOS-BBW TROJAN! | No |
| X | taskngr | taskngr.exe | Added by the BANCOS-AWX TROJAN! | No |
| X | taskngr | taskngr.exe | Added by the BANCOS-AWX TROJAN! | No |
| X | taskopen.exe | taskopen.exe | Added by the HIDD.C TROJAN! | No |
| N | TaskPlus | TASKPLUS0.EXE | Task and calendar management software available as freeware or as a "Professional" version for sharing over a LAN | No |
| N | TaskPlus | TASKPL~1.EXE | Task and calendar management software available as freeware or as a "Professional" version for sharing over a LAN | No |
| X | TaskReg | [random filename] | Added by the CBLAD WORM! | No |
| X | TaskS manager | taskmgrs.exe | Added by the AGOBOT.QU WORM! | No |
| X | Taskschd | TRAYWND.EXE | Added by the LITMUS.002 TROJAN! | No |
| U | TaskScheduler | TaskSch.exe | ProSeries accounting software related | No |
| U | taskswitch | taskswitch.exe | ALT+TAB replacement Powertoy for Windows XP - enhances the graphics displayed when you want to switch between programs running full-screen | No |
| U | TaskSwitchXP | TaskSwitchXP.exe | "TaskSwitchXP from NTWind Software. Advanced task management utility that picks up where the standard Windows Alt Tab switcher leaves off. It provides the same functionality, and adds visual styles to the dialog and also enhances it by displaying thumbnail preview of the application that will be switched to" | No |
| X | tasksys | tasksys.vbs | Added by the BYRON WORM! | No |
| N | Tasktray | CTLTray.exe | Installed with the Sound Blaster Audigy range of soundcards. Allows you to set EAX effects or equalizer settings for the Sound Blaster Audigy from a systray icon. Also allows you to launch the Taskbar via right-click → Show Taskbar. The tasktray can be accessed via Start → Programs → Creative → Sound Blaster Audigy → Taskbar | No |
| X | Tasmgr | Taskmgr.bat | Added by the YPSAN.G WORM! | No |
| X | tat | tatss.exe | Delfin Promulgate adware variant | No |
| Y | Tau monitor | Taumon.exe | "Tauscan is a powerful Trojan Horse detection and removal engine capable of catching every known type of backdoor that can threaten your system" | No |
| ? | TAudEffect | TAudEff.exe | TOSHIBA Notebook related. What does it do and is it required? | No |
| X | tava | tavo.exe | Added by the CRPYT.DE TROJAN! | No |
| X | TA_Start | [random filename] | Zeno Think-Adz adware | No |
| U | TB2PROEXE | tb2start.exe | Timbuktu Pro - remote desktop access software | No |
| U | TBC Pro | tbcpro.exe | TitleBarClock Pro - displays Day, Time, Date, Month, Year, FreeMem, and FreeDriveSpace on the right side of the title bar in any main window that has the mouse or keyboard focus | No |
| U | TBC.exe | TBC.exe | TitleBarClock Pro - displays Day, Time, Date, Month, Year, FreeMem, and FreeDriveSpace on the right side of the title bar in any main window that has the mouse or keyboard focus | No |
| N | tbctray | tbctray.exe | Provides quick access via a System Tray icon to the control panel for Turtle Beach's Santa Cruz or VideoLogic's SonicFury soundcards. Available via Start -> Settings -> Control Panel | No |
| Y | TBLFUNC | tblmouse.exe | Aiptek HyperPen graphics tablet driver | No |
| Y | tbm | tbm.exe | Taskbar Button Manager from Innovative Solutions - "is a simple utility that helps you arrange the buttons on your Windows taskbar in any way you want by using drag and drop" | No |
| X | tbon | tbon.exe | BestOffers adware | No |
| U | TBPanel | TBPanel.exe | Configuration utility for Gainward graphics cards. Not required unless you use non-default settings. Available via Start -> Settings -> Control Panel | No |
| X | TBPS | TBPS.exe | WebSearch Toolbar - HuntBar hijacker, toolbar installer variant | No |
| N | TBTray | tbtray.exe | VLSI/QSound ThunderBird PCI Control Panel. System Tray access to the settings for this and related soundcards. Available via Start -> Settings -> Control Panel | No |
| ? | TB_setup | TB_ANI~1.EXE | ?? | No |
| X | TB_setup | tb_setup.exe | HuntBar hijacker, toolbar installer | No |
| Y | tcactive | tca.exe | Part of The Cleaner from MooSoft - stops virus trojans before they can do any damage | No |
| N | TCASUTIEXE | tcaudiag.exe | 3Com NIC Installation/Diagnostic MFC application. Diagnostics may be run from the Start -> Programs | No |
| N | TCASUTIEXE | TCASUTI.exe | Associated with the 3COM diagnostic module (3COM NIC Doctor).?No further information is available | No |
| N | TCAUDIAG -off | tcaudiag.exe | 3Com NIC Installation/Diagnostic MFC application. Diagnostics may be run from the Start -> Programs | No |
| ? | TCDPbtn | TCDPbtn.exe | Found on a Toshiba laptop | No |
| ? | TCDPlay | TCDPlay.drv | Found on a Toshiba laptop - sounds like the driver for the CD-ROM but why doesn't it use the standard Windows drivers - any comments? | No |
| U | TClock | TCLOCK.EXE | Kazubon TClock. Utility that amongst other things synchronizes your system clock with Internet time servers. Available via Start -> Programs | No |
| X | TClock.exe | tclock_install.exe | TClock - distributed and installed without user permission by other rogue software or malware. TClock contains no uninstall facility through Windows. As TClock is of dubious origin and usefulness, it should be terminated and removed if detected | No |
| U | TClockEx | TCLOCKEX.EXE | Puts a configurable time/date display in the tray (and other features). Freeware by Dale Nurden and is popular on cover disks | No |
| U | tcmonitor | tcm.exe | Part of The Cleaner from MooSoft - warns of changes to the registry | No |
| U | tcomantidialerrun | T-Com Antidialer.exe | T-Com Antidialer from T-Com internet provider. It's a small antidialer utility which monitors whether you're trying to dial a new connection. It basically asks you do you want to dial the shown number or not. Protects agains dialer malware | No |
| U | TCOYFReminder | tcoyftray.exe | My ParenTime Fertility Planner Reminder. The calendar provides a quick overview of the status of your fertility | No |
| X | Tcp Application Manager | localsvc.exe | Added by the DLOADER-NY TROJAN! | No |
| X | Tcp Application Manager | netsvc.exe | Added by the DLOADER-NY TROJAN! | No |
| X | Tcp Application Manager | spoolsvc.exe | Added by the DLOADER-NY TROJAN! | No |
| X | Tcp Application Manager | svcadmin.exe | Added by the DLOADER-NY TROJAN! | No |
| X | Tcp Application Manager | svcman.exe | Added by the DLOADER-NY TROJAN! | No |
| X | Tcp Application Manager | svcrun.exe | Added by the DLOADER-NY TROJAN! | No |
| X | Tcp Application Manager | tcpsvc.exe | Added by the DLOADER-NY TROJAN! | No |
| X | Tcp Application Manager | websvc.exe | Added by the DLOADER-NY TROJAN! | No |
| X | tcp checker | tcpcheck.exe | Added by the VBBOT-A TROJAN! | No |
| X | TCP Internet Services | TCPSVC32.EXE | Added by the SPYBOT.X TROJAN! | No |
| X | TCP Monitoring | LanNSvc.exe | Added by the RANDEX.AAS WORM! | No |
| X | tcpipmon | tcpipmon.exe | Added by the CLICKER-EF TROJAN! | No |
| X | tcpippui | tcpippui.exe | Added by the RBOT-APS WORM! | No |
| X | tcpippui32 | tcpippui32.exe | Added by the RBOT-ART WORM! | No |
| X | TCPServer | TCPServer.exe | Added by a variant of the SDBOT WORM! | No |
| X | TCPXP Update | tcpxp.exe | Added by the RBOT-UL WORM! | No |
| ? | TCtlIHook.exe | TCtrlIOHook.exe | TOSHIBA Control Utility Hotkey Hook - hotkey configuration process unique to Toshiba laptops. What does it do and is it required? | No |
| ? | TCtrlIOHook | TCtrlIOHook.exe | TOSHIBA Control Utility Hotkey Hook - hotkey configuration process unique to Toshiba laptops. What does it do and is it required? | No |
| ? | TCtryIOHook | TCtrlIOHook.exe | TOSHIBA Control Utility Hotkey Hook - hotkey configuration process unique to Toshiba laptops. What does it do and is it required? | No |
| X | tcupdater | tcupdater.exe | Topconverting.com/180Search adware updater | No |
| U | TDispVol | TDispVol.exe | Used on Toshiba computers to make the Fn key have control over the volume on/off | No |
| U | TDKSTART | TDKSTART.EXE | Sets the spindown timeout and access speeds at startup and displays a splash screen for CD-RW. | No |
| N | TDKTASK | TDKTASK.EXE | Taskbar utility for a "control panel" for a CD-RW | No |
| ? | TDockNUndock | N/A | Found on a Toshiba laptop - for use with a docking station? | No |
| U | TDS3 | TDS-3.exe | DiamondCS TDS-3 antitrojan. Can be used to scan on demand, but required in startup if you prefer real time protection | No |
| ? | TDspOff | Tdspoff.exe | Found on a Toshiba laptop | No |
| N | Teach In Box | teachbox.exe | Tutoring program that comes with a SystemAX Computer | No |
| Y | TeaTimer | TeaTimer.exe | Part of the popular Spybot - Search & Destroy spyware removal tool from Safer Networking Limited. "Resident TeaTimer is a tool of Spybot-S&D which perpetually monitors the processes called/initiated. It immediately detects known malicious processes wanting to start and terminates them giving you some options, how to deal with this process in the future". Also provides System Tray access to Spybot S&D and detects when processes want to change critical registry settings such as the startup entries - giving the user the option to allow/deny the change | Yes |
| Y | Tech-In-A-Box | techbox.exe | Tech-in-a-Box "provides easy-to-use tools for various system maintenance tasks. From backup and restore to diagnostics and repairs, Tech-in-a-Box is your tool to stay up and running" | No |
| U | Telechips,Mass | patch.exe | Removable disk driver for the Muro MP3 player | No |
| N | Telemeter 3.0 | telemeter3.exe | Internet connection bandwidth meter from a user ISP | No |
| Y | Telepath | telepath.exe | Drivers for the WinModem versions of the US Robotics "Telepath" series - as supplied to Gateway for instance. WinModems use software rather than hardware - hence putting a load on the CPU. Needed if you have it for loading the drivers. See here for more WinModem information | No |
| X | Telnet | Telnet.exe | Added by the VOUMIT-A WORM! Note - this is not the legitimate telnet.exe application which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "mirc32" folder | No |
| X | Telnet24 | [random filename] | Added by the RBOT-ARD WORM! | No |
| U | TELUS eCare | matcli.exe | TELUS Resolution Assistant. "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, state, etc and gets written to a log file". Resolution Assistant is required to run with the Help and Support program. If you uncheck Resolution Assistant and and then run Help and Support it will add another Resolution Assistant in the startup menu. If you remove the Resolution Assistant in the add/remove program some help menus in help and support will not be available. You decide | No |
| Y | TELUS Security service | freedom.exe | Freedom Internet Security & Privacy - anti-virus, personal firewall and parental control. It also blocks ads, safeguards your personal information, encrypts your passwords, and much more. No longer available for sale | No |
| X | TempCom | [randomname].com | Added by the TRAXG WORM! | No |
| X | tempx | tempx.exe | Added by the TEMPEX.A TROJAN! | No |
| X | Tencent QQ | Rund1132.exe qq.dll, Rundll32 | Added by the QQPASS.F TROJAN! | No |
| N | Tencent QQ | QQ.exe | Tencent QQ Asian instant messanger program | No |
| X | Terminal Services | mstscc.exe | Added by the SDBOT-CZW WORM! | No |
| X | Terminal Update | biosefui.exe | Added by the PPDOOR-O TROJAN! | No |
| X | Terminate Popup | ZPU.exe | Free Popup Killer - foistware proven to install the Regsvc32 homepage hijacker. Also see here | No |
| X | Terminate Popup | fpuk.exe | Popup killer - foistware proven to install the Regsvc32 homepage hijacker | No |
| U | TEscKey | TEscKey.exe | Toshiba Escape Key handler. Enables you to program and use the <FN><Esc> key combination to perform a specific function | No |
| N | Tesco.net | rundll32 [path] RyDial.dll, QuickStart | Tesco.net dial-up ISP software - not required | No |
| ? | Tesla | TESLA.EXE | ?? | No |
| X | test | i love you.exe | Added by the SINGU-T TROJAN! | No |
| X | test | zistro.exe | Added by the KIMAT-C TROJAN! | No |
| X | Testing 123 | msdata.dat | Added by the NITS.A WORM! | No |
| X | testit.exe | testit.exe | ISTBar adware | No |
| ? | TExBUtil Registry | TExBUtil.exe | ?? | No |
| N | TextAloud | TextAloudMP3.exe | TextAloud MP3 - convert text into spoken words and MP3s | No |
| N | Textbridge Instant Access OCR | telepath.exe | TextBridge from Nuance (was Scansoft). OCR (optical character recognition) software for scanning documents into popular editing applications. Available via Start -> Programs | No |
| X | TEXTCONV | services.exe | Added by the NEVEG.B or NEVEG.C WORMS! Note - this is not the legitimate services.exe process, which should not appear in Msconfig/Startup! | No |
| X | TEXTCONV | winlogon.exe | Added by the NEVEG.A WORM! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup! | No |
| U | TFncKy | TFncky.exe | Deals with the <Fn> - <Function> key combinations on a Toshiba laptop | No |
| U | TFNF5 | TFNF5.exe | Toshiba Hotkey Utility for Display Devices. By pressing <FN> + <F5>, a window appears showing the displays that can be chosen ? LCD, LCD + CRT, CRT, TV | No |
| Y | tfswctrl | tfswctrl.exe | Drive letter access to a UDF packet writer for CD-RW - from HP, Veritas an others. Similar to Roxio's DirectCD and does the same thing. From HP - "This is a needed file as it controles the readability of the Combo drives. Without this file loading the end user will be able to burn CD's but wont be able to read them. The drive itself will be able to read store bought master Cd's without the file but not burnt ones" | No |
| X | TFTP*** | tftp*** | Added by a variant of the SPYBOT WORM! where *** can be any number | No |
| Y | TFTray | TFTray.exe | System Tray access to ThreatFire no-signature anti-malware from PC Tools - which "features innovative real-time behavioral technology that provides powerful protection against both known and unknown viruses, worms, trojans, rootkits, buffer overflows, spyware, adware and other malware" | Yes |
| U | TFunckey | TFuncKey.exe | Deals with the <Fn> - <Function> key combinations on a Toshiba laptop | No |
| N | TgAddServer | tgfix.exe | Software from SupportSoft (aka Support.com) provided to manufacturers (such as Sony (Vaio Support Agent) and Toshiba (Virtual Tech)) and ISPs (such as Comcast, Cox and Charter (Pipeline Support Agent)) that allows them to offer on-line support - to update drivers, fix faults, etc. Can cause a deterioration in a PC's peformance (see here). This part does the protection and "self-healing". Uninstallation is recommended by most people - especially for System Restore users (WinME/XP). If not available via Add/Remove try here | No |
| X | tgbcde | module32.exe | Added by the REIGN.R TROJAN! | No |
| U | Tgcmd | tgcmd.exe | See also TgAddServer. This part ensures the software is installed correctly (similar to an installation wizard) as reported by Cox Regarded as spyware by some as it has the ability to retrieve user information. Whether it does so depends upon the provider. One Toshiba user reports problems with hibernate on his laptop if disabled - hence the "U" recommendation | No |
| U | tgcmd | hcenter.exe | Bellsouth help center. See also TgAddServer. This part ensures the software is installed correctly (similar to an installation wizard) as reported by Cox. Regarded as spyware by some as it has the ability to retrieve user information. Whether it does so depends upon the provider. One Toshiba user reports problems with hibernate on his laptop if disabled - hence the "U" recommendation | No |
| U | tgcmdprovidersbc | tgcmd.exe | See also TgAddServer. This part ensures the software is installed correctly (similar to an installation wizard) as reported by Cox Regarded as spyware by some as it has the ability to retrieve user information. Whether it does so depends upon the provider. One Toshiba user reports problems with hibernate on his laptop if disabled - hence the "U" recommendation | No |
| N | TGCMG | ?? | Related to Rogers@Home, causes errors in WinSock32.dll. Not required for connection to work | No |
| X | TGDC IE Plugin | tgdc.exe | ShopForGood spyware - see here | No |
| X | tgkill | tgkill.exe | Comcast (the cable folks who are replacing @home in some parts of the USA) have struck a deal with Tioga to provide an "enhanced" support and self-repairing tool. This is "beta" at present and was made available to download by mistake at present. Remove via Start -> Settings -> Add/Remove Programs | No |
| N | TGPro Office | IdxOffice.exe | With IdiomaX Office Translator "you can translate documents directly from your favorite text editor (Microsoft Word, WordPerfect or Lotus WordPro)" | No |
| U | Tgsetsite | tgfix.exe | See also TgAddServer. This part ensures the software is installed correctly (similar to an installation wizard) as reported by Cox Regarded as spyware by some as it has the ability to retrieve user information. Whether it does so depends upon the provider. One Toshiba user reports problems with hibernate on his laptop if disabled - hence the "U" recommendation | No |
| ? | Thdetrf | thdetr32.exe | Appears to be related to Lycos advertising | No |
| X | ThE | wind0s.exe | Added by an unidentified WORM or TROJAN! | No |
| N | The Assistant | eSched.exe | Related to WinTotal from a la mode inc. FormFiller for appraisers | No |
| U | The Easy Bee's Hive | ATCEgSvr.exe | The Easy Bee is a software that allows you to record Internet navigation sequences, which can include form filling and button clicking and to attach a replay schedule to each sequence | No |
| X | The Ethernet | ethernet.exe | Added by a variant of the SDBOT WORM! | No |
| X | The Ethernet | intranet.exe | Added by a variant of the SDBOT WORM! | No |
| X | The Intranet | intranet.exe | Added by a variant of the SDBOT WORM! | No |
| N | The Proxomitron | Proxomitron.exe | A free, highly flexible, user-configurable, small but very powerful, local HTTP web-filtering proxy - see here | No |
| X | The Spy Guard | spyguard.exe | The SpyGuard spyware remover - not recommended, see here | No |
| X | The Spy Guard Monitor | spyguard_monitor.exe | The SpyGuard spyware remover - not recommended, see here | No |
| X | TheBestMP3 | rundll32.exe MSA64CHK.dll, DllMostrar | MatrixDialer related. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in the Winnt or Windows folder | No |
| X | TheLastDefender | LastDefender.exe | TheLastDefender spyware remover - not recommended, see here | No |
| ? | TheMainStart | N/A | ?? | No |
| X | TheMonitor | [path to trojan] | Added by the DLOADR-LO TROJAN! | No |
| X | TheMonitor | Duce6.exe | YourEnhancement downloader | No |
| X | TheSpyBot | TheSpyBot.exe | TheSpyBot rogue spyware remover - not recommended, see here | No |
| U | THGuard | TH_Guard.exe | Resident memory scanning for TrojanHunter | No |
| U | THGuard | THGuard.exe | Resident memory scanning for TrojanHunter | No |
| X | Think-Adz | [random filename] | Zeno Think-Adz adware | No |
| X | This is a virus, please delete it | bigbadvirus.exe | Added by the RANDEX.F WORM! | No |
| U | Thoosje Vista Sidebar | Thoosje Vista Sidebar.exe | Thoosje's Vista Sidebar - sidebar and skins for microsoft Windows XP and Vista | No |
| U | THOTKEY | THotkey.exe | Associated with the Fn+ keys on Toshiba laptops. When disabled some keys still worked, like the one that regulates the volume of the system beep, but others didn't, like the one that immediately blackens your screen | No |
| Y | ThpSrv | thpsrv.exe | Toshiba Hard Drive Protection Utility - moves the Hard Drive head to a safe position in case of shock or vibration to reduce the risk of damage that could be caused by head-to-disk contact | No |
| X | Threaded | intcp32.exe | Added by the RANDEX.UG WORM! | No |
| Y | ThreatFire | TFTray.exe | System Tray access to ThreatFire no-signature anti-malware from PC Tools - which "features innovative real-time behavioral technology that provides powerful protection against both known and unknown viruses, worms, trojans, rootkits, buffer overflows, spyware, adware and other malware" | Yes |
| U | ThrustTSR | TMTMTSR.exe | Thrustmaster Thrustmapper - "t-mapper - icon sits on your taskbar and automatically detects when the joystick is plugged in and configures it accordingly" | No |
| X | Thumbs Plus *.* | thmbplus**.exe | Added by the AGOBOT-AAF WORM! ** is a combination of a random digits and characters | No |
| U | TI WLAN | TIWLANCu.exe | Texas Instruments TI wireless LAN products | No |
| X | tibs3 | tibs3.exe | Premium rate adult content dialler - see here | No |
| X | tibs5 | tibs5.exe | Premium rate adult content dialer - see here | No |
| ? | Ticket API Monitor | tktmon.exe | Syntegra Device Identification Logger. What does it do and is it required? | No |
| X | Tiger | Shine.exe | Added by the HAPPYLOW (or NISHE-A) VIRUS! | No |
| U | TiKL | tikl.exe | TinyKeylogger keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| X | TileFree | Tilecomfree.com | Added by the RBOT.CQE WORM! | No |
| X | Tilerun | Tilecom32.com | Added by a variant of the SDBOT WORM! | No |
| X | Time Manager | TimeManager.exe | Added by the MYTOB-BV WORM! | No |
| X | Time Zone Synchronization | wscript zshell.js | Added by the NETDEX-A TROJAN! | No |
| U | TimeCalendar | tc.exe | TimeCalendar digital planner | No |
| N | Timed Backups Manager Startup | BACKTIME.EXE | Backup Plus - backup software | No |
| U | TimeLeft | TimeLeft.exe | TimeLeft is a countdown, reminder, clock, alarm clock, stopwatch, timer, sticker and time synchronization utility which uses Winamp skins to show digits and text | No |
| U | Timemanager.exe | Timemanager.exe | Time Manager will let you track billable and non-billable time by customer, by category and by associate and then integrate directly to our custom billing package | No |
| N | TimeOnline | TIMEONLINE.EXE | Lightman Groups's TimeOnline monitor. For dial-up users to monitor time spent on the net. Available via Start -> Programs | No |
| X | TIMER | TIMER.EXE | Added by the TIMESE.AG WORM! | No |
| X | Timer | comm.exe | Added by the BDOOR-IP BACKDOOR! | No |
| X | Timer | timed.exe | Added by the BDOOR-LV BACKDOOR! | No |
| X | Timer | msncomm.exe | Added by the WEBDOR.AK TROJAN! | No |
| X | TimeService | trun.exe | TlfLic-A premium rate adult content dialler | No |
| X | TimeSink Add Client | TSADBOT.EXE | Advertising spyware | No |
| X | timessquare | timessquare.exe | Detected by Kaspersky as the STARTPAGE.AW TROJAN! | No |
| X | timestamp | timeapr32.exe | Added by the AGENT-DRU TROJAN! | No |
| X | TimeSyncApp | TimeSynchronize.exe | DealHelper adware | No |
| N | TimeUp | Timeup.exe | TimeUp - internet online timer | No |
| U | Timezone | TimeZone.exe | Microsoft Daylight Saving Time Update Utility - see here | No |
| X | TIMHost | TIMHost.exe | Added by the PWS-ANT TROJAN! | No |
| U | TimounterMonitor | TimounterMonitor.exe | Part of Acronis True Image backup software. Monitor for the backup archive explorer for moving and viewing files within an archive | No |
| N | TINTSETP | TINTSETP.EXE | Part of Microsoft's Input Message Editor (IME) for translating Japanese/Chinese text in IE, Outlook and Word | No |
| X | Tiny AV | fooding.exe | Added by the NETSKY.I WORM! | No |
| Y | Tiny Personal Firewall | persfw.exe | Tiny Personal Firewall | No |
| N | Tiny Watcher Logon Time | Watcher.exe | Tiny Watcher detects changes to your system. It will not prevent your system from being modified or corrupted. It will only tell you that something suspicious happened. Think of it as an early CAT scan against system tumors. Better to install a tool that will detect and remove bad items | No |
| U | tinySpell | tinyspell.exe | Tinyspell - "allows you to easily and quickly check the spelling of words in any Windows application. Monitors your typing on the fly, alerts you whenever it detects a misspelled word, and checks the spelling of every word you copy to the clipboard" | No |
| U | TiomanExe | Tioman.Exe | Agate Tioman - warm and hot swap removable bay device manager for IBM laptops | No |
| X | tipguard.exe | tipguard.exe | Privacy Commander rogue privacy program - not recommended, removal instructions here | No |
| N | Tips | mousetips.exe | Suggests tips on using your mouse | No |
| U | TiTleBarClock | TiTleBarClock.exe | TitleBarClock - displays Day, Time, Date, Month, Year, FreeMem, and FreeDriveSpace on the right side of the title bar in any main window that has the mouse or keyboard focus | No |
| U | TitleTime | TiTime.exe | "TitleTime adds the current date and/or time to the Caption of the currently active application window. Additional options are a second clock (with a different time), week number, GMT/UTC time, Swatch Internet Time and Sounds at each full, half or quarter hour" | No |
| N | Tivoli | LCFEP.EXE | Tivoli 'TME' System Tray icon - "'lcfep' is the program that displays statistics about the Endpoint. Apparently stopping/removing this process has no impact on the Endpoint itself which will continue to function normally" | No |
| ? | TivoNotify | TiVoNotify.exe | Part of Tivo Desktop. What does it do and is it required? | No |
| U | TivoServer | TiVoServer.exe | Tivo Server - installed with the TiVo Home Media Option. It streams audio files to your television/home theater from your PC | No |
| U | TivoTransfer | TivoTransfer.exe | Tivo Transfer Service. TiVo Desktop is an easy-to-use application that lets you publish and share digital music, photos and TiVo recordings between your networked TiVo Series2 DVR and your computer | No |
| X | tiwi | tiwi | Added by the RAHIWI.A WORM! | No |
| U | TIxDSL | tidslmon.exe | Actiontec DSL modem. Associated with High Speed AOL DSL. Used to get line sync with the Actiontec DSL USB Modem. Available via Start -> Programs | No |
| N | TizzleTalk | TizzleTalk.exe | TizzeTalk is a dialect translator for Yahoo, MSN, AOL Instant Messengers. Bundles adware, hence not recommended. From their EULA : "As a result of installing the Company's Software, you will see occasional banner ads, pop-up or pop-under ads, or other types of ads selected based on your online activities .../... Occasionally, we may automatically or through other remote means, update, upgrade, patch or uninstall the Company's Software, including the Company's advertising-supported software, without further notice to you. These upgrades also may include installation of additional applications from the Company as well as third party applications" | No |
| X | tjstartup | [path to file] | Added by the TJSERV.C TROJAN! | No |
| N | TK8 EasyNote | EasyNote.exe | TK8 EasyNote - desktop post-it notes | No |
| N | TkBell.Exe | evntsvc.exe | Application Scheduler installed along with RealOne Player. Once installed, it runs independently of RealOne Player. See here for more information, including how to disable it. Also see evntsvc and Realsched. Note that eventsvc.exe no longer appears to be in a newer version. To disable "tkbell.exe" in the new version (1) Start RealOne Player (2) Tools -> Preferences (3) Automatic services in the Categories pane (4) Uncheck all options and then OK | No |
| N | TkBell.Exe | realsched.exe | Application Scheduler installed along with RealOne Player. Once installed, it runs independently of RealOne Player. See here for more information, including how to disable it. Also see evntsvc and Realsched. Note that eventsvc.exe no longer appears to be in a newer version. To disable "tkbell.exe" in the new version (1) Start RealOne Player (2) Tools -> Preferences (3) Automatic services in the Categories pane (4) Uncheck all options and then OK | No |
| N | TkBell.Exe | tkbell.exe | Application Scheduler installed along with RealOne Player. Once installed, it runs independently of RealOne Player. See here for more information, including how to disable it. Also see evntsvc and Realsched. Note that eventsvc.exe no longer appears to be in a newer version. To disable "tkbell.exe" in the new version (1) Start RealOne Player (2) Tools -> Preferences (3) Automatic services in the Categories pane (4) Uncheck all options and then OK | No |
| N | TkBellExe | evntsvc.exe | Application Scheduler installed along with RealOne Player. Once installed, it runs independently of RealOne Player. See here for more information, including how to disable it. Also see evntsvc and Realsched. Note that eventsvc.exe no longer appears to be in a newer version. To disable "tkbell.exe" in the new version (1) Start RealOne Player (2) Tools -> Preferences (3) Automatic services in the Categories pane (4) Uncheck all options and then OK | No |
| N | TkBellExe | realsched.exe | Application Scheduler installed along with RealOne Player. Once installed, it runs independently of RealOne Player. See here for more information, including how to disable it. Also see evntsvc and Realsched. Note that eventsvc.exe no longer appears to be in a newer version. To disable "tkbell.exe" in the new version (1) Start RealOne Player (2) Tools -> Preferences (3) Automatic services in the Categories pane (4) Uncheck all options and then OK | No |
| N | TkBellExe | tkbell.exe | Application Scheduler installed along with RealOne Player. Once installed, it runs independently of RealOne Player. See here for more information, including how to disable it. Also see evntsvc and Realsched. Note that eventsvc.exe no longer appears to be in a newer version. To disable "tkbell.exe" in the new version (1) Start RealOne Player (2) Tools -> Preferences (3) Automatic services in the Categories pane (4) Uncheck all options and then OK | No |
| X | TkNetDriver Monitor | lexbce.exe | Added by the SDBOT-ADF WORM! | No |
| N | tkonnect | TKONNECT.EXE | Dialer for the Tiscali internet service provider. Available as a desktop shortcut | No |
| X | tlc | update911.js | Hijacker installer | No |
| ? | TlcR | avp.exe | ?? | No |
| U | tlntsvr | tlntsvr.exe | Microsoft program associated with Telnet | No |
| U | TLogonPath | tb2logon.exe | Timbuktu Pro - remote desktop access software | No |
| X | tlz | 47681727.exe | Added by an unidentified TROJAN! | No |
| U | TM Outbreak Agent | TMOAgent.exe | Trend Micro Internet Security anti-virus software virus outbreak warnings. Notifies users of virus outbreaks and offers to update the scanner | No |
| U | TMA distribution | cfinst.exe | Part of Intel's LANDesk Management Suite 6 and the Common Base Agent (CBA) - used for communicating between the core server and managed clients | No |
| X | tmax | pupdate.exe | Adware pop-up generator | No |
| X | tmchook | tmchook.exe | Detected by Kaspersky as the VB.AA TROJAN! | No |
| U | TMEEJME.EXE | TMEEJME.EXE | Toshiba TME (Toshiba Mobile Extension) Control | No |
| U | TMERzCtl.EXE | TMERzCtl.EXE | Toshiba TME (Toshiba Mobile Extension) Control | No |
| U | TMESBS | TMESBS21.exe | Toshiba Mobile Extension Selectable Bay Service for WinXP - support for docking stations. Not required if you don't use a docking station | No |
| U | TMESBS32.EXE | TMESBS32.EXE | Toshiba Mobile Extension Slim Select Bay Service. You can disable this task if you have no intention of ever taking the DVD CD-Writer out while the laptop is turned on | No |
| U | TMESRV31.EXE | TMESRV31.EXE | Toshiba utility related to inserting and removing a laptop from a docking station. Not required if you don't use a docking station | No |
| U | TMExLogon | TMESRV.EXE | Toshiba utility related to inserting and removing a laptop from a docking station. Not required if you don't use a docking station | No |
| ? | Tmmkb | Tmmkysvr.exe | Toshiba multi-media keyboard software - possibly including creating keyboard shortcuts? | No |
| X | TmNetDriver Monitor | exbce.exe | Added by the SDBOT-ABR WORM! | No |
| X | Tmntsrv32 | Tmntsrv32.exe | Added by the STARTPAGE.O TROJAN! | No |
| U | TMOUSE | tmouse.exe | Component of the Toshiba Mouse Control that allows users with an AccuPoint mouse to scroll MS-scroll-compatible documents by holding CTRL + ALT and moving the AccuPoint up or down. It also allows zooming by holding CTRL + SHIFT and moving the AccuPoint up or down. Disabling this item has no adverse effects, except disabling the scroll/zoom features of the AccuPoint | No |
| Y | tmproxy | tmproxy.exe | Trend Micro PC-cillin 2003 antivirus software | No |
| X | tmp_up | sample.exe | QuickBar adware | No |
| U | TMRUBottedTray | TMRUBottedTray.exe | RUBotted (from Trend Micro) monitors your computer for suspicious activities and regularly checks with an online service to identify behavior associated with Bots. Upon discovering a potential infection, RUBotted prompts you to scan and clean your computer | No |
| U | TMTMTSR | TMTMTSR.exe | Thrustmaster Thrustmapper - "t-mapper - icon sits on your taskbar and automatically detects when the joystick is plugged in and configures it accordingly" | No |
| U | TnPopUp | billbrz.exe | Related to Technesis "award-winning solutions for tracking and managing print, copy, fax and scan activities" | No |
| U | TNTClk | TNTCLK.exe | Overclocking program for TNT, TNT2, and other graphics cards. This program can overclock the graphics card manually after startup when needed, especially before starting a gaming session. However, for simplicity, it can be left checked to let it run once at startup to automatically overclock the graphics card. In this case, it doesn't even run in the background after doing its job | No |
| U | ToADiMon.exe | ToADiMon.exe | T-Online ISP software connection assistant | No |
| U | Toggler | toggler.exe | "Toggler allows you to gain control over your Caps Lock, Num Lock, and Insert keys. It prevents you from writing in ALL CAPS when your finger has slipped to accidentally hit the Caps Lock key" | No |
| X | Tok-Cirrhatus | IDTemplate.exe | Added by the RONTOKBRO.A WORM! | No |
| X | Tok-Cirrhatus | smss.exe | Added by the BRONTOK-A WORM and variants! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in Documents and Settings#92;<User>#92;Local Settings#92;Application Data | No |
| X | Tok-Cirrhatus | [path to file] | Added by the BRONTOK-F WORM! | No |
| X | Tok-Cirrhatus-1464 | br3951on.exe | Added by the BRONTOK.AD WORM! | No |
| X | Tok-Cirrhatus-1959 | br4941on.exe | Added by the BRONTOK-J WORM! | No |
| X | Tok-Cirrhatus-1959 | [random].exe | Added by the BRONTOK-CF WORM! | No |
| X | Tok-Cirrhatus-1959sarc | sv711224030r.exe | Added by the BRONTOK-R WORM! | No |
| X | Tok-Cirrhatus-1959sarc | yesbron.com | Added by the BRONTOK-R WORM! | No |
| X | Tok-Cirrhatus-2454 | br5931on.exe | Added by the BRONTOK.AD WORM! | No |
| X | Tok-Cirrhatus-2784 | br6591on.exe | Added by the BRONTOK-L WORM! | No |
| X | Tok-Cirrhatus-2784 | smss.exe | Added by the BRONTOK-S WORM! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in Documents and Settings#92;<User>#92;Local Settings#92;Application Data | No |
| X | Tok-Cirrhatus-[4 random digits] | br[4 random digits]on.exe | Added by the BRONTOK-M WORM! | No |
| ? | TomcatStartup | hpbpsttp.exe | Apache Tomcat web server, part of HP LaserJet "Printer Tools" software. What does it do and is it required? | No |
| ? | TomcatStartup 2.5 | hpbpsttp.exe | Apache Tomcat web server, part of HP LaserJet "Printer Tools" software. What does it do and is it required? | No |
| ? | Tommorrow | tomorrow.exe | ?? | No |
| N | TomTomHOME.exe | TomTomHOME.exe | TomTom HOME - free management program for your PC to look after their GPS navigation products | No |
| X | ToolbarInstall | MirarSetup.exe | Mirar adware | No |
| N | toolbar_eula_launcher | EULALauncher.exe | Related to Google Desktop | No |
| U | ToolBoxFX | HPTLBXFX.exe | HP ToolBoxFX - "provides desktop configuration, status and support for every feature". Supplied with some HP multifunction printers | No |
| X | ToolHelp | hwpv.exe | Added by a variant of the INFOSTEALER TROJAN! | No |
| X | ToP | LSASS.exe | Added by the WOWCRAFT.C TROJAN! Note - this is not the legitimate lsass.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder | No |
| X | Top Tilecom | Tilecomtop.com | Added by the RBOT.BXD WORM! | No |
| ? | ToPassSrv | Pktopass.exe | Related to Caere Pagekeeper scanning software (now taken over by Scansoft), Disabling is known to cause problems | No |
| X | topat | zlip.exe | Added by the FLOOD-IG TROJAN! | No |
| U | TopDesk | TopDesk.exe | TopDesk - puts an icon in your system tray that when clicked upon, opens a pop-up menu that gives instant access to all of your desktop programs without having to minimize, resize, move or close other programs or files | No |
| X | Topic cPanr | cPaner.com | Detected by Trend Micro as the SDBOT.AJP WORM! See here | No |
| X | Topic lnternet | lnternet32.exe | Added by the RBOT-GLZ WORM! | No |
| X | Topic MSNGR32 | MSNGR32.com | Added by a variant of the IRCBOT TROJAN! | No |
| X | Topic Soft | Tilesoft.com | Detected by Trend Micro as the RBOT.GDH WORM! See here | No |
| X | Topic Tilesys | Tilesys.com | Detected by Kaspersky as the RBOT.AUS BACKDOOR! See here | No |
| X | ToPicks Starter | Idhost.exe | TOPicks adware | No |
| U | TopmostClock | TopMostClock.exe | TopMost Clock - transparent analog clock which displays on top of your other windows | No |
| X | topmoxie | JavaRun.exe | TopMoxie adware | No |
| X | TopSearch | TopSearch.exe | TopSearch adware variant | No |
| N | Tor | tor.exe | Tor anonymous internet communication system. Shortcut available via Start -> Programs | No |
| X | tor anonymous proxy | tor32.exe | Added by the SDBOT-ADR WORM! | No |
| X | Torjan Program | [path to trojan] | Added by the LEGMIR-BO TROJAN! | No |
| X | Torjan Program | smss.exe | Added by the WOWCRAFT.B TROJAN! Note - this is not the legitimate smss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder | No |
| X | Torjan Program | WINLOGON.EXE | Added by the WOWCRAFT.D TROJAN! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup! This trojan file is found in the Windows or Winnt folder | No |
| X | Torrent Management Service | system32.exe | Added by a variant of the IRCBOT TROJAN! See here | No |
| X | Torrent Management Service | TMANAGESVC.EX | Added by a variant of the IRCBOT TROJAN! | No |
| N | TOSCDSPD | toscdspd.exe | Related to Toshiba laptop CD/DVD drivers. This is a non-essential process. Disabling or enabling this is down to user preference | No |
| U | TOSHIBA Accessibility | FnKeyHook.exe | "Allows you to use the Fn key to create a hot key combination with one of the function keys without pressing the two keys simultaneously as is usually required. Using Accessibility lets you make the Fn key a sticky key, meaning you can press it once, release it, and then press a function key to activate the hot key function" | No |
| Y | Toshiba Fan | fan.exe | Toshiba untilty to keep the fan on a laptop running if they fail to detect there is too much heat | No |
| U | Toshiba Key State | KEYSTATE.EXE | Displays an icon in the System Tray indicating the state of the CAPS LOCK key. Can be handy on (e.g., Toshiba) laptops which do not have a Caps Lock indicator light. Available via Start -> Programs | No |
| N | Toshiba Registration | ToshibaRegistration.exe | Toshiba Registration - available via Start -> Programs | No |
| N | Toshiba TEMPO | Toshiba.Tempo.UI.TrayApplication.exe | TEMPO is a software service developed by Toshiba. It will advise you on how to fine-tune the performance of your notebook and keep you informed of the latest Toshiba software and driver updates as soon as they are released. It does this by delivering various types of alerts into a special TEMPO inbox area on your notebook PC | No |
| N | ToshibaPinger | pinger.exe | Pinger is the resident program for Toshiba Upgrades. Periodically checks to see if there are any software/driver upgrades for your particular computer model. If it finds any, it posts a notification | No |
| U | TOSHIBSU | Toshibsu.exe | Reduces the power consumption when the laptop isn't being used to preserve battery power. Hibernate function doesn't work if this is disabled. Similar programs on other laptops reduce the processor clock rate, etc. Required if you run off battery regularly | No |
| U | TosHKCW | TosHKCW.exe | Toshiba Hot Key Change/Control Wireless. Permits you to use a hot key to activate/deactivate built-in 802.11b wireless transmission on a laptop (if installed) | No |
| U | TosHKCW.exe | TosHKCW.exe | Toshiba Hot Key Change/Control Wireless. Permits you to use a hot key to activate/deactivate built-in 802.11b wireless transmission on a laptop (if installed) | No |
| Y | TosMem | tosmem.exe | Toshiba laptop related. Win98/Me ACPI system can not hibernate or go on standby if all of the physical memory lower than 640KB is locked. This utility allocates and locks three pages on boot and then releases them on standby/hibernation for ACPI.SYS in order to solve the above problem | No |
| U | TosRotation | TRot.exe | TOSHIBA Rotation Utility - allows users to rotate a notebook's screen image 180 degrees in order to share information on the screen with others seated across a table or desk | No |
| X | totacon | totacon.exe | Added by a variant of the Storm/Nuwar/Zhelatin WORM! See here for an example | No |
| X | Total Protect 2009 | pcpc_starter.exe | Total Protect 2009 rogue security software - not recommended, removal instructions here | No |
| X | Total Virus Protection | TotalVirusProtection.exe | Total Virus Protection rogue security software - not recommended, removal instructions here | No |
| X | Total Virus Protection | TotalVirusProtection.exe | Total Virus Protection rogue security software - not recommended, removal instructions here | No |
| U | TotalMedia Backup Monitor | uBBMonitor.exe | ArcSoft's TotalMedia Backup - "Backing up your precious photos, videos, and essential documents couldn't be easier!" | No |
| U | TotRecSched | TotRecSched.exe | Scheduler for Total Recorder - allows automatic recording of a show at a given time for later playback or you can use the scheduler as an alarm | No |
| Y | ToUcamVProperty | VProperty.exe | Philips Web Camera model name pcvc740k, ToUcam driver configuration tray icon | No |
| U | Touch Manager | WinLED.exe | Dell keyboard utility. Disabling can result in loss of screen saver and power saver functionality | No |
| U | TouchED | TouchED.exe | TouchPad On/Off Utility on a Toshiba laptop | No |
| N | tour | regedit ..tour.reg | Edits registry values to keep the WinMe tour in Task Scheduler | No |
| N | Tour | wincool.exe | Component of WinME that's annoying as hell. Pop's up a prompt to play the C:WINDOWSApplication DataMicrosoftINTROCONTENT.HTA that plays a full screen version of the WinME product preview Windows Media video file that cannot be stopped to my knowledge until it finishes. That prompt will keep popping up after an install/reinstall of WinME until you give in and watch the thing. It also puts a task scheduler entry to run that annoying thing every 30 minutes, and don't bother deleting that entry, Windows puts it right back. Not only should you disable it from running, you should delete the thing altogether, as it, somehow can re-enable itself. Apparently you can try setting the file to read only | No |
| N | tourpath | regedit /s [path] tour.reg | Edits registry values to keep the Win 2000 "tour" in Task Scheduler | No |
| U | TP4EX | tp4ex.exe | Adds accessibility options for an IBM TrackPoint | No |
| U | tp4mon | tp4mon.exe | Supports the "pointer stick" in lieu of a mouse on an IBM ThinkPad laptop. Necessary for the "scroll" button to work | No |
| U | tp4serv | tp4serv.exe | Supports the "pointer stick" in lieu of a mouse on an IBM ThinkPad laptop. Necessary for the "scroll" button to work | No |
| ? | TP98TRAY | TP98TRAY.EXE | IBM Thinkpad related utility. What does it do and is it required? | No |
| N | TP98UTIL | TP98.EXE | IBM Thinkpad feature setup & configuration utility | No |
| ? | Tpam.exe | tpam.exe | TP Attach Manager - part if IBM Personal Communications. What does it do and is it required? | No |
| X | tpcupdater | updatetc.exe | 180Solutions adware related | No |
| U | TpHotKey | TPHKMGR.EXE | Activates "ThinkPad Help" when the "Thinkpad key" is pressed on an IBM ThinkPad laptop. Also activates the audio buttons (volume up/down, mute) on models such as the Thinkpad T30 | No |
| U | TPKBDLED | TpScrLk.exe | IBM Thinkpad utility for displaying the Scroll Lock status on the System Tray - for Thinkpad's that don't have a Scroll Lock LED | No |
| U | TPKMAPHELPER | TpKmapAp.exe | IBM Thinkpad - Keyboard Customizer Utility. Allows the user to set keyboard shortcuts, emulate such features as Windows key on laptop, can be disabled from within program, is available from Programs > Access IBM. Not required | No |
| U | TpKmapMn | TpKmapMn.exe | Create Keyboard combinations for special Thinkpad buttons when using an external keyboard, e.g. "Ctrl-arrow up" for "volume up". Only required when using an external keyboard. Available via Start -> Programs | No |
| U | tpopservice | tpopservice.exe | DirecWay two-way satellite internet service enhanced POP proxy server for email | No |
| U | TPP Auto Loader | Tppaldr.exe | Installed with DataStor's (and some other manufacturers) USB 2.0 based external DVD, CD-ROM and CD-RW drives. System tray icon allowing the user to disconnect the external drive without an error message being displayed | No |
| U | Tprtray | Tprtray.exe | Displays the Power icon in the System Tray on a Toshiba laptop | No |
| U | Tpscrex | Tpscrex.exe | Lenovo (IBM) ThinkPad hotkey related | No |
| U | TpScrLk | TpScrLk.exe | IBM Thinkpad utility for displaying the Scroll Lock status on the System Tray - for Thinkpad's that don't have a Scroll Lock LED | No |
| Y | TpShocks | TpShocks.exe | Responsible for controlling the IBM Hard Drive Active Protection system found on newer models of IBM Thinkpads, including T41, T42, X40, R50, and R51. The Hard Drive Active Protection system is based on a technology similar to that used in automobiles to deploy airbags on contact: An accelorometer on the motherboard detects physical acceleration--such as when the notebook falls--and in response the system temporarily parks the hard drive's read/write head until stability returns | No |
| U | TPSmain | TPSMain.exe | Toshiba Power Saver - associated with Toshiba laptops/desktops. Manages the power save function to make sure that the system goes to a power saver mode when not used | No |
| Y | TPSODDCtl | TPSODDCtl.exe | Power saving software on Toshiba laptops | No |
| N | TPTray | TPTray.exe | Touchpad configuration tray icon for Toshiba laptops. Available via Start -> Settings -> Control Panel | No |
| ? | TPTRAY | TP98TRAY.EXE | IBM Thinkpad related utility. What does it do and is it required? | No |
| Y | TPwrMain | TPwrMain.EXE | Power management software for Toshiba laptops | No |
| ? | TPwrMgr | TPwrMgr.exe | Found on a Toshiba laptop. Related to power management? | No |
| Y | TPWRTRAY | Tpwrtray.exe | Toshiba laptop's own Advanced Power Management system which disables Windows APM (greyed-out in Control Panel). You can't choose which of the 2 systems to use | No |
| U | tqrecv | tqrecv.exe | Tellique satellite broadcast reception software | No |
| N | Traceless | launch.exe | Traceless 2003 - clear your cookies, temp directories and browser history with a click of a button. It also clears the recent documents and the IE drop down auto complete box | No |
| U | Track4WinMonitor | STMonitor.exe | Track4Win Monitor surveillance software. Uninstall this software unless you put it there yourself | No |
| ? | Tracker | Tracker.exe | Possibly associated with My Deluxe Invoices program | No |
| X | trackerx90.th.gs | anti_data_exe_by_trackerx90.exe | Added by the BCKDR-QIT BACKDOOR! | No |
| U | TrackpointSrv | daemon.exe | Supports the "pointer stick" in lieu of a mouse on an IBM ThinkPad laptop. Necessary for the "scroll" button to work | No |
| U | TrackpointSrv | tp4serv.exe | Supports the "pointer stick" in lieu of a mouse on an IBM ThinkPad laptop. Necessary for the "scroll" button to work | No |
| U | TrackPointSrv | tp4mon.exe | Supports the "pointer stick" in lieu of a mouse on an IBM ThinkPad laptop. Necessary for the "scroll" button to work | No |
| U | Tracks Eraser | te.exe | Tracks Eraser from Acesoft - "Erases all tracks of your internet activity" | No |
| U | Tracks Eraser Pro | te.exe | Tracks Eraser Pro from Acesoft - "Erases all tracks of your internet activity" | No |
| U | tranicon | tranicon.exe | A Tweak-XP component (only in the registered version), makes Desktop icons transparent. Can be enabled/disabled via Tweak-XP -> System + File Tweaks -> Windows Tweaks -> Desktop Tweaks -> Make Desktop Icons Transparent | No |
| X | Transaction Tasker | stdhost.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| N | Transcode360 | Transcode360Tray.exe | Designed for WinXP Media Center Edition 2005 and the Xbox 360, Transcode360 aims to broaden the support for a wide range of video media including DivX and XviD | No |
| U | Transparent | TransparentW.exe | Utility to turn desktop icon text backgrounds transparent. The last letter defines the icon text color: D= as desktop, W=white, B=black. Available from here | No |
| U | Transparent | TransparentD.exe | Utility to turn desktop icon text backgrounds transparent. The last letter defines the icon text color: D= as desktop, W=white, B=black. Available from here | No |
| U | Transparent | TransparentB.exe | Utility to turn desktop icon text backgrounds transparent. The last letter defines the icon text color: D= as desktop, W=white, B=black. Available from here | No |
| U | TransparentIcons | tranicon.exe | A Tweak-XP component (only in the registered version), makes Desktop icons transparent. Can be enabled/disabled via Tweak-XP -> System + File Tweaks -> Windows Tweaks -> Desktop Tweaks -> Make Desktop Icons Transparent | No |
| U | transtask | transtask.exe | A Tweak-XP component, makes the taskbar icons transparent | No |
| X | transys | rundll32.exe transys.dll,start | Added by the AKBOT-AE WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "transys.dll" file is found in %System% | No |
| U | Trashgrd | TRASHGRD.EXE | Part of McAfee Nuts & Bolts. Protects all the files you delete, even files deleted in DOS or in 16-bit Windows applications, by sending them to the Recycle Bin | No |
| X | Tray | rundll32.exe | Added by the LINEAG-ADR TROJAN! Note - this is not the legitimate rundll32.exe process, which is found in the Windows folder (98ME) or the System32 folder(NT2000XP). This file is located in an "command" sub-folder | No |
| Y | Tray control for Malwarebytes' Anti-Malware | mbamtrayctrl.exe | Malwarebytes' Anti-Malware - "monitors every process and actually stops malicious processes before they even start. It uses our impressive technology that is in fact a completely novel way of heuristic scanning and it is our response to the increasingly complex malware threats" | No |
| X | Tray manager system | traysys.exe | Added by the RIZO.A TROJAN! | No |
| U | Tray Pilot Lite | TrayPlt.exe | Tray Pilot allows you to hide the System Tray window. No longer supported by the authors | No |
| N | Tray Temperature | Weatherbug.exe | Weatherbug provides current outdoor temperature in the System Tray, also weather alerts. Available via Start -> Programs | No |
| X | Traybar | lsass.exe | Added by the MYDOOM.L WORM! Note - this is not the legitimate lsass.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder | No |
| U | traydate.exe | TRAYDATE.EXE | Displays the date as well as the time in the System Tray. Available from TUCOWS | No |
| U | TrayIt! | trayit!.exe | TrayIt! minimizes open windows to the System Tray as icons instead of the usual taskbar | No |
| U | TrayManager | Trayman.exe | TrayManager hides system tray icons (FreeCell won't work when TrayMan is loaded) | No |
| U | Traymin900 | Tray900.exe | Related to the Philips SPC webcam - System Tray manager for Personal 900 series camera | No |
| U | Traymon | traymon.exe | Netropa Internet Receiver traymonitor. Will only launch the bar if you are connected to the internet and there's new news | No |
| N | TraySantaCruz | tbctray.exe | Provides quick access via a System Tray icon to the control panel for Turtle Beach's Santa Cruz or VideoLogic's SonicFury soundcards. Available via Start -> Settings -> Control Panel | No |
| N | TrayServer | TrayServer.exe | For monitoring tray icons | No |
| X | TrayX | winppr32.exe | Added by the SOBIG.F WORM! | No |
| N | tray_helper | tray_helper.exe | Tray Helper is an Email checker with additional tools, including a popup window killer, pinger module to monitor hosts and an event reminder | No |
| Y | Trend Micro Anti-Spyware | Tmas.exe | Trend Micro Anti-Spyware - required when using real time monitoring but now discontinued | No |
| Y | Trend Micro AntiVirus 2007 | tavui.exe | Trend Micro AntiVirus | No |
| Y | TrendMicro Antivirus | Aveagent.exe | Virus scanner | No |
| Y | TrendMicro OfficeScan NT | TMLISTEN.EXE | Virus scanner | No |
| X | Trickler | [path to file] | GAIN adware. Please note that Claria Corporation no longer support GAIN-Supported software - see here | No |
| Y | TridentTVIcon | tvicon.exe | Trident Microsystems, Inc Display driver | No |
| ? | TridTray | TridTray.exe | System Tray access to Trident 4DWave soundcards? | No |
| U | Trillian | trillian.exe | Part of Trillian IRC client | No |
| Y | trirot | trirot.exe | Trident Microsystems 3D video driver | No |
| U | TRIXX | TRIXX.exe | Sapphire TRIXX overclocking tool for the X800 GTO graphics card (and possiby others) - "push default clock speeds to 560MHz or better" | No |
| X | Trkwks | trkwksvc.exe | Added by the IRCBOT.AW WORM! | No |
| X | Trojan Guarder Gold Version | Trojan Guarder.exe | TrojanGuarder misleading security software - not recommended, see here | No |
| U | Trojancheck 6 Guard | tcguard.exe | TrojanCheck anti-trojan software | No |
| U | TrojanScanner | Trjscan.exe | Trojan Remover from Simply Super Software. Scans for an removes trojan viruses where anti-virus software may have not detected or removed | No |
| U | TrojanShield | Init.exe | TrojanShield | No |
| U | TrojanShield Protector | Port.exe | TrojanShield anti-hacker/anti-trojan software | No |
| U | True Internet Color Icon | internetcolor.exe | Part of 3Deep® from E-Color (now superseded by 3DxWizzard™) - "With True Internet Color PCs can display the best color possible over the web. Enabled web sites will know how connected monitors display color and will send them color corrected images" | No |
| U | TrueAssistant | TrueWizard.exe | "TrueSwitch makes changing your Internet Service Provider easy. We copy all your personal data to the new account, notify everyone with the new email address, forward emails sent to your old email address and help you cancel the old account" | No |
| U | TrueCrypt | TrueCrypt.exe | TrueCrypt is a free open-source disk encryption software for Windows XP/2K/2003 and Linux. This the Truecrypt background task that enables some background function of truetyp: Hot-keys, autodismount, etc | No |
| X | TrueFonts | fonts.hta | Browser hijacker - redirecting to Hugesearch.net | No |
| N | TrueImageMonitor.exe | TrueImageMonitor.exe | Part of Acronis True Image - backup software. Can be disabled without affecting TrueImage | No |
| Y | TrueMobile 1150 Client Manager | cmdel.exe | Client Manager for the Dell TrueMobile 1150 Series PC Card - "a wireless network PC Card that fits into any standard PC Card Type II slot. It has two LED indicators and an integrated antenna" | No |
| N | TrueSync Launcher | tstool.exe | Starfish TrueSync - for synchronization between Windows platforms and popular devices, applications and services. Stafish became Intellisync which was acquired by Nokia and is now no longer supported | No |
| X | truetype | truetype.exe | Added by the COSIAM-I TROJAN! | No |
| Y | TrueVector | VSMON.EXE | Even if you don't have ZoneAlarm or ZoneAlarm Pro run at start-up you do need this | No |
| X | Trust Cleaner | TrustCleaner.exe | Smitfraud variant | No |
| X | TrustIn Popups | TrustInPopups.exe | TrustInPopups adware | No |
| ? | trustras.exe | trustras.exe | Trust ADSL modem related. Is it required? | No |
| X | TrustyHound-TS | TrustyHound-TS.exe | TrustyHound spyware | No |
| X | tsa | tsm.exe | TargetSaver adware | No |
| X | Tsa2 | tsm2.exe | TargetSaver adware | No |
| X | TsAdbot | TSADBOT.EXE | TimeSink Add Client - advertising spyware | No |
| ? | TSBxLogon | TMESBS2.EXE | Found on a Toshiba laptop. May be related to TMESBS? | No |
| U | TSClientMSIUninstaller | tscuinst.vbs | Related to Terminal Services Client Remote Desktop Connection Software from Microsoft | No |
| U | TSE_PLUtil | PLBkMon.exe | Prolific USB Flash Disk Log On Application | No |
| X | Tsk Mng Hlp | wins32.exe | Added by the AGOBOT-JB WORM! | No |
| X | tskdbg | tskdbg.exe | Added by the FLOOD.E TROJAN! | No |
| X | Tsklist | tsklist32.exe | Detected by Kaspersky as the BANCOS.SP TROJAN! | No |
| U | TSkrMain | TSkrMain.exe | TOSHIBA Accelerometer Utilities - hardware utilities that work with the motion sensors built into their Tablet PCs. Detect the way you are holding it at any given moment, you can set the machine to perform a specific function when the unit is quickly tilted to the left or right, or to the front or back and you can also take control of the cursor in some applications and make it move by leaning the PC in a certain direction | No |
| X | Tsl | tsl.exe | Uploader-R adware | No |
| X | Tsl2 | tsl2.exe | TargetSaver adware | No |
| N | TSMsger | TSMsger.exe | Epson scannner software - required for "one-touch" operation. Can be launched manually | No |
| N | tsnp2std | tsnp2std.exe | Digital camera related | No |
| Y | tsnpstd3 | tsnpstd3.exe | Related to Sonix Inc. Camera Monitor MFC Application | No |
| ? | TSPower | spower.drv | Found on a Toshiba laptop. Related to power management? | No |
| X | tsrv | t2serv.exe | Added by the WAREZOV.AT WORM! | No |
| X | tsrv | tsrv.exe | Added by the WAREZOV.W WORM! | No |
| ? | TSService | NSSERVICE.EXE | ?? | No |
| X | tsvcin | n20050308.exe | Delfin Media Viewer adware related | No |
| ? | tsyssmon | tsyssmon.exe | Found in a Toshibasysstability directory | No |
| X | TSystem | [trojan filename] | Added by the NSYS-A TROJAN! | No |
| X | ttaa | tata.exe | Added by the LINEAGE-T TROJAN! | No |
| ? | ttasq | ttasq.exe | ?? | No |
| X | ttool | scvc.exe | Added by the BCKDR-OWM BACKDOOR! | No |
| X | ttool | [random numbers].exe | Added by the BCKDR-QII BACKDOOR! The filename seen most often is "9129837.exe" | No |
| X | TTS Sync | testtts.exe | Added by the SDBOT.BVA WORM! | No |
| X | Ttt | Ttt.exe | Added by a variant of the SDBOT WORM! | No |
| X | ttupt | ttupt.exe | eZula TopText adware | No |
| ? | Tukati | TukatiRedistributor.exe | Tukati Digital Content Distribution. Is it required? | No |
| N | tunebite | tunebite.exe | "Tunebite lets you make unprotected copies of copy-protected music files by recording them while they are being played". Can be launched from it's Start Menu shortcut | No |
| U | TuneUp MemOptimizer | memoptimizer.exe | Part of "TuneUp Utilities", specifically 2003 version. "Monitors and optimizes free memory in the background." Basically, it cleans RAM and also allows you to clear the clipboard | No |
| N | Turbine Download Manager Tray Icon | TurbineDownloadManagerIcon.exe | Turbine Download Manager (TDM) - download manager associated with the game "The Lord of the Rings Online™" | No |
| X | TurBo | System.Trubo.vbs | Added by the AUTOM-C WORM! | No |
| U | TurboExplorer | TE.exe | Web accelerator - "TurboExplorer 2.x is a real-time web surfing accelerator specifically designed for Internet Explorer 4/5 to achieve a faster and more effective approach to the internet". Only needed if you find it improves web browsing | No |
| U | TurboLaunch | Tlaunch.exe | TurboLaunch is a tool-bar style application that can be set up to run many programs and perform certain pre-programmed actions | No |
| U | TurboMemoryCharger | turbomemorycharger.exe | Turbo Memory Charger - memory optimizer. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mind | No |
| N | TurboNote | tbnote.exe | Post-It's on your desktop. Available via Start -> Programs | No |
| U | TurboTop | TurboTop.exe | TurboTop - make any window "Always on top" | No |
| X | TURXP Protocol | sps32.exe | Added by a variant of the SDBOT WORM! | No |
| X | tutcdchk2 | tutcdchk2.exe | Added by the HAXDOOR ROOTKIT! | No |
| X | TV Media | Tvm.exe | TVMedia adware | No |
| U | TV Scheduler | TVSCHL.EXE | ProLink PlayTVpro TV tuner software scheduler | No |
| U | TV878 Remote Control | C7XRCtl.exe | Related to Kworld TV878 Tuner | No |
| X | tvctray | tvctray.exe | Added by the VB.QJ TROJAN! | No |
| X | TVMD | tvmd.exe | Total Velocity - "Secure commerce company that enables the 'checkout' process for our customers in order to safely and securely purchase our award winning software". Autointsalling spyware | No |
| U | TvNow | TvNow.exe | Application supplied with HP notebooks. It activates the S-Video port and is said to improve the quality of the output signal (resolution/timeouts) | No |
| U | TvrRemote | Remote.exe | Remote Control driver for LifeView internal and external TV products | No |
| U | TvrSchedule | Schedule.exe | Scheduler for Mercury Ez View TV Tuner Card | No |
| N | Tvs | TvsTray.exe | Toshiba Virtual Sound on a notebook. Allows you to change sound settings on the fly - default setting is "build-in speaker". You can also select external speaker, open type headphone, or closed type headphone. Each setting has presets for Bass, Stereo, and Clarity - which can also be changed by user if desired. Can also be launched from Start -> Programs -> Toshiba -> Utilities | No |
| X | tvs_b | tvs_b.exe | BroadcastPC adware | No |
| X | tvs_b | tvs_ln.exe | BroadcastPC adware variant | No |
| X | tvs_re | tvs_re_inst.exe | BroadcastPC adware | No |
| ? | TVT Scheduler Proxy | scheduler_proxy.exe | Part of IBM ThinkPads SystemUpdate software. Is it required? | No |
| X | TVTMD | TVTMD.EXE | Total Velocity variant - autoinstalling spyware | No |
| U | TVTunerLib | TVTLInstTool.exe | Related to Sony installer tool for Sony TV tuner library | No |
| N | TVWakeup | tvwakeup.exe | MS WebTV for Windows. Used to display TV on your PC via a compatible video card with in-built tuner (such as ATI All-In-Wonder). If you don't use it - uninstall it | No |
| ? | Tvwatch | tvwatch.exe | Associated with the TV-oOut option on Asus AGP or Intel graphics cards. Is it required? | No |
| X | Twain | Twain.exe | Identified as a variant of the TrojanDownloader.Matcash Trojan | No |
| X | Twain image | mmp32.exe | DailyWinner adware | No |
| ? | TWarmBay | N/A | Found on a Toshiba laptop. Related to hotswap bay management? | No |
| U | TWarnMsg | twarnmsg.exe | Toshiba System Warning Function for Windows 98, Me, 2000 - provides notification dialog when the cooling fan stops | No |
| ? | TWBbtn | N/A | Found on a Toshiba laptop | No |
| ? | TWBrowse | TWBrowse.drv | Found on a Toshiba laptop. Possibly related to TWAIN drivers (ie, scanners, etc) - see this? | No |
| ? | Tweak Manager | WinManager.Exe | WinGuides Tweak Manager. Is this required for the live updates feature and/or if settings are changed? | No |
| U | Tweak UI | rundll32.exe tweakui.cpl, tweakmeup | Restores settings that can't be retained if you have Microsoft's Tweak UI "powertoy" installed | No |
| U | Tweak UI | rundll32.exe tweakui.cpl, tweaklogon | Automatically logs you on if you have Microsoft's Tweak UI "powertoy" installed | No |
| X | Tweak UI | RunDLL32 tweakUI.DLL, TWEAKUI /tweakmeup | Added by the SUBWOOFER TROJAN! Note - the real Tweak UI entry for this is "rundll32.exe tweakui.cpl, tweakmeup". Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| U | Tweak UI 1.33 deutsch | RUNDLL32.EXE TWEAKUI.CPL, TweakMeUp | Restores settings that can't be retained if you have Microsoft's Tweak UI "powertoy" installed - German version | No |
| U | Tweak-Me | TWEAK-ME.exe | 3rd party version of Miscrosoft'sTweak UI "powertoy" with many more options and controls (plus full support), designed specifically to take advantage of features in WinMe/2K and above, available from here | No |
| U | Tweak-xp | Tweak-xp.exe | Main program for Tweak-XP - a WinXP tweaking utility | No |
| U | TweakDUN | tweakdun.exe | Utility to optimize your Internet Browser Software. TweakDUN promotes faster Internet data transfer rates and faster downloads by eliminating fragmentation of data packets | No |
| U | Tweaki4PU | twksup.exe | "Tweaki puts several Windows utilities into one easy to use program while adding hundreds of additional tweaks not found in other system tweakers" | No |
| ? | tweakico | tweakico.exe | May be a HP program to control their icons? | No |
| U | TweakMASTER | TMTray.exe | TweakMASTER Internet Optimizer | No |
| U | TweakVI | tweakvi.exe | TweakVI from Totalidea Software - "Tweak hundreds of hidden features of Windows Vista, optimize your machine and customize it to your needs" | No |
| ? | TweakYC | TweakYC.exe | VideoMate TV tuner and capture card related - what does it do and is it required? | No |
| U | twister | twister.exe | Twister "AntiTrojanVirus" | No |
| N | TwkSCardSrv | SCardS32.Exe | Used with Towitoko SmartCard Readers for card recognition | No |
| X | twunk service | twunk16.exe | Added by the RBOT.BAT WORM! | No |
| X | Twunk_64 | twunk_64.exe | System1060 homepage hi-jacker. Note - this is not a Windows file and is found in a WindowsSystem1060 directory | No |
| X | TXMouie | keepSafe.exe | Added by the KILLAV.KAX TROJAN! | No |
| X | tyack drive | tyack.pif | Added by the RBOT-AMT WORM! | No |
| X | tymsetvc | osskhbd.exe | Added by the MAILBOT-BW TROJAN! | No |
| X | type | bat.exe | Added by the ANSKYA-A WORM! | No |
| N | type32 | type32.exe | For MS programmable keyboards. If you disable Intellitype in Startup, any "Hot Keys" that are changed by the user to perform functions other than default settings, defer back to their default settings. Not required unless you have changed them | No |
| ? | TypeRegChecker | TypeRegChecker.exe | Part of Sharpdesk from Sharp Electronics Corp. "An easy to use desktop-based, personal document management application that lets users browse, edit, search, compose, process, and forward both scanned and native electronic documents". Is it required? | No |
| N | TypingSatellite | KBOOST.exe | Typing Master 2002 background utility that collects typing errors and builds up customised typing lessons for your needs. Available via Start -> Programs | No |
| X | TZ Spyware Remover | SpyRem.exe | TZ Spyware Remover spyware remover - not recommended, see here | No |
| U | U.S.Robotics WLAN Adapter Configuration Utility | USRWLAN.exe | U.S.Robotics LAN Adapter - wireless LAN (WLAN) configuration utility | No |
| X | UADC_3240389055 | UADCcw.exe | Advanced Cleaner misleading security program - not recommended, see here | No |
| X | UADC_599141581 | UADCcw.exe | Advanced Cleaner misleading security program - not recommended, see here | No |
| X | Uate | oocs.exe | PurityScan/Clickspring adware | No |
| U | UberIcon | UberIcon Manager.exe | Uber Icon by Punk Labs. Creates a more customizable atmosphere on your desktop by extending Windows to perform new effects when you launch your icons and folders | No |
| U | UBSShell | UBSShell.exe | UBS (United Bank of Switzerland) banking software | No |
| X | UCmd | fallfour.exe | Added by the SDBOT-AZA WORM! | No |
| U | UCmore XP - The Search Accelerator | rundll32.exe UCMTSAIE.dll, DllShowTB | UCmore toolbar - search accelerator | No |
| X | ucookw | ucookw.exe | Misleading security software such as WinPCDoctor, StorageProtector and ErrClean - not recommended | No |
| N | UC_SMB | ucstart.exe | Part of IBM Update connector on IBM PCs for updating drivers on a new installation. Once you manually run the IBM Update connector program (shortcut) this entry is removed | No |
| N | uc_start | ucstartup.exe | Auto updater feature for IBM machines that tries to connect to IBM to see if there are any new drivers, patches and etc | No |
| U | UD Agent | UD.EXE | The United Devices Agent can recycle your PC's unused resources and use them to perform valuable scientific and medical research without disturbing your usual computer use - similar to SETI@home but for medical research. Available via Start > Programs | No |
| X | UDC6cw | UDC6cw.exe | DriveCleaner misleading security program - not recommended, see here | No |
| X | udinajkv.exe | udinajkv.exe | Added by a premium rate adult material dialer! | No |
| X | udjudwq | sybqnub.exe | Added by the SILLYFDC-AH WORM! | No |
| X | udzok | udzou.exe | Added by the SDBOT-CUS WORM! | No |
| U | Ueproc32 | UEPROC32.exe | Part of Norton Utilities - most likely associated with the Unerase Wizard in older versions | No |
| ? | UFD Monitor9382 | ufdlmon.exe | Part of USB Flashdisk software - what does it do and is it required? | No |
| ? | UFD Utility9382 | UFDTool.exe | Part of USB Flashdisk software - what does it do and is it required? | No |
| Y | UfSeAgnt.exe | UfSeAgnt.exe | Part of Trend Micro Internet Security | No |
| X | uga6pcw | uga6pcw.exe | AVSystemCare misleading security software - not recommended, see here | No |
| X | ugac | ugac.exe | WinSecureAv spyware remover - not recommended, see here | No |
| X | ugcw | ugcw.exe | WinSpyControl, NoWayVirus, AVSystemCare, SpyGuardPro and other misleading security software - not recommended | No |
| X | ugdccw | UGDCcw.exe | PCPrivacyTool and OnlineHelpmate misleading security software - not recommended | No |
| X | ugescw | ugescw.exe | Rogue security software such as ErrClean and SystemErrorFixer - not recommended | No |
| ? | ugon | aockstrs.exe | ?? | No |
| X | uhvjsul.dll | rundll32.exe uhvjsul.dll, mrpmvyf | Added by the BUSKY-G TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "uhvjsul.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| N | Uidler | Uidler.exe | Uniloc Titlewave Browser used with some shareware | No |
| N | UIWatcher | UIWatcher.exe | Ashampoo's Uninstaller Suite - installation watcher. Available via Start -> Programs | No |
| U | ujm | nm32.exe | Stranget keystroke logger/monitoring program - remove unless you installed it yourself! Found in an "fyt" subfolder of the Windows or Winnt folder | No |
| X | UKVideo2 | ukvideo2.exe | Adult content dialler | No |
| ? | Ulead AutoDetector | Monitor.exe | Related to Ulead Systems Inc. programs. What does it do and is it required? | No |
| ? | Ulead AutoDetector v2 | monitor.exe | Related to Ulead Systems Inc.. What does it do and is it required? | No |
| N | Ulead Calendar Checker | CalCheck.exe | Ulead Calendar Checker - part of Ulead Photo Express - automatically replaces your calendar desktop wallpaper on a weekly/monthly/yearly basis if you've created them. Not required - change them manually | No |
| U | Ulead Memory Card Detector | Monitor.exe | Ulead Memory Card Detector - "Automatically starts datadownload when your card is inserted into a memory card reader" | No |
| N | Ulead Photo Express Calendar Checker | calcheck.exe | If you create multiple Weekly/Monthly/Yearly calendars to use as your wallpaper, Photo Express will replace the wallpaper automatically. Photo Express 2.0 has a calendar checker which checks the date on your system and updates your wallpaper accordingly | No |
| N | Ulead Photo Express x.0 Calendar | calcheck.exe | Ulead Calendar Checker - part of Ulead Photo Express, where "x" represents the version number. Automatically replaces your calendar desktop wallpaper on a weekly/monthly/yearly basis if you've created them. Not required - change them manually | No |
| X | Ultimate Cleaner | App.exe | Ultimate Cleaner spyware remover - not recommended, see here | No |
| X | Ultimate Defender | UltimateDefender.exe | Ultimate Defender spyware remover - not recommended, see here | No |
| X | UltimateBuddy | UltimateBuddy.exe | UltimateBuddy - installs malware, or is bundled with malware | No |
| N | UltimateZip Quick Start | uzqkst.exe | UltimateZip - file compression utility | No |
| N | Ultra Hal Assistant 4.5 Startup | HalAsst.exe | Zabaware Ultra Hal Assistant - artificial intelligence conversation simulator. It is capable of being your digital secretary and companion | No |
| ? | UltraDVDMon | DVDMon.exe | UltraDVD DVD player software - is it required? | No |
| X | Ulubione | sys****.exe | Ulubione adware | No |
| N | UMAX VistaAccess | vsaccess.exe | VistaAccess gives you quick and easy access to scanning functions right from your desktop | No |
| U | UMonit | umonit.exe | Alerts when USB device is plugged in | No |
| Y | umxagent | umxagent.exe | Tiny Personal Firewall V4 - main engine | No |
| Y | umxldra | umxldra.exe | User mode executive module DLL loader - part of Tiny Personal Firewall V4 | No |
| Y | UMXLDRW | UMXLDRW.exe | Tiny Personal Firewall (pre V4) | No |
| X | un32info | un32info.Exe | Added by the CRYPTER.A TROJAN! | No |
| X | Undefined | winter.exe | Added by the KILLAV.LW TROJAN! | No |
| X | UNERI | yujixit.exe | Added by the SDBOT.BOO WORM! | No |
| U | UnHackMe Monitor | hackmon.exe | UnHackMe allows you to detect and remove a new generation of 'invisible' Trojan programs called "rootkits" | No |
| U | Uniblue Quick Access | qaccess.exe | Quick Access application from UniBlue Systems Ltd - "helps you account for all processes on your computer by providing an additional plug-in for the Windows task manager" | No |
| U | Uniblue Registry Booster | RegistryBooster.exe | Uniblue "Registry Booster is the safest and most trusted solution to clean and optimise your system, free it from registry errors and fragmented entries" | No |
| U | Uniblue SpeedUpMyPC | SpeedUpMyPC.exe | Older version of SpeedUpMyPC from Uniblue - which "lets you monitor and control all your PC resources with easy, one click instructions. System settings, internet usage, disk clutter, RAM and CPU are all automatically scanned, cleaned and optimized for peak performance" | No |
| U | Uniblue SpyEraser | spyeraser.exe | SpyEraser from Uniblue. Spyware detection program | No |
| U | UniblueSpeedUpMyPC | Launcher.exe | SpeedUpMyPC 2009 from Uniblue - which "lets you monitor and control all your PC resources with easy, one click instructions. System settings, internet usage, disk clutter, RAM and CPU are all automatically scanned, cleaned and optimized for peak performance." Located in %ProgramFiles%\Uniblue\SpeedUpMyPC | No |
| X | uninstal | regsvr32 image.dll | CoolWebSearch parasite variant | No |
| X | Uninstall**** | upd.exe | Adult content based screen saver where **** can be any number | No |
| N | UninstallAbility | uability.exe | UninstallAbility free uninstaller | No |
| X | UninstallHL | PreUninstallHL.exe | LinkReplacer/FFinder adware | No |
| X | UninstallQL | PreUninstallQL.exe | LinkReplacer/FFinder adware | No |
| X | Uninstall_TBPS | TBuninst.exe | WebSearch Toolbar - HuntBar hijacker, toolbar installer variant | No |
| U | UniPrint | SetDfltSettings.exe | Drivers for Uniprint, a printing help for Terminal Services and Citrix which recieves downloaded files from a Uniprint enabled server and prints them locally allowing for truly universal printing through Terminal Services or Citrix | No |
| U | UniSc | Unisc.exe | McAfee UnInstaller | No |
| ? | uniucu | uniucu.exe | ?? | No |
| X | Universal Plug & Play devices | WinUPPD.exe | Added by an unidentified WORM/TROJAN! | No |
| X | Universal USB Service | svchost32.exe | Added by the KELVIR.R WORM! | No |
| X | Unix File Support | init3.exe | Added by the RBOT-ZN WORM! | No |
| X | unldr16 | unldr16.exe | Added by a variant of the CRYPTER.C TROJAN! | No |
| X | unldr32 | unldr32.exe | Added by a variant of the CRYPTER.C TROJAN! | No |
| U | UnlockerAssistant | UnlockerAssistant.exe | Related to Unlocker utility to unlock files when the OS reports the file is being used by an other person or program | No |
| X | UnSpyPC | UnSpyPC.exe | UnSpyPC spyware remover - not recommended, see here | No |
| Y | untray | untray.exe | Command Antivirus related | No |
| N | uoltray | exec.exe | Netzero free ISP software - not required | No |
| X | Up Service | up32.pif | Added by the RBOT-ARI WORM! | No |
| X | upascw | upascw.exe | PersonalAntiSpy rogue spyware remover - not recommended, removal instructions here | No |
| N | UpConfgVer | UpgConf.exe | Part of Panda Antivirus and Internet Security. Purpose unclear, but according to Panda Software not required for the AV to function | No |
| X | Updade Windows | winlogom.exe | Added by the TONAX-A TROJAN! | No |
| X | UpData | wupdata.exe | Added by the IRCBOT-AA TROJAN! | No |
| X | Update | [original file path] | Added by the LYNDEGG WORM! | No |
| X | Update | CDUpdater.exe | "Carpe Diem" adult premium rate dialler related | No |
| X | Update | Sysupd.exe | Added by the SLACKBOT VIRUS! | No |
| X | Update | Zupdate.exe | Associated with B3d Projector foistware - see here | No |
| X | Update | mshtm.exe | Browser hijacker - redirecting to buldog-search.com | No |
| X | Update | UPDATE-28062004.exe[25 blank spaces].vbs | Added by the MIDFIN WORM! | No |
| X | update | winis.exe | Added by the RBOT-VD WORM! | No |
| X | update | r00t.exe | Added by the RBOT-ACO WORM! | No |
| X | UPDATE | WinUpdater5.0.vbs | Added by the GORMLEZ-A WORM! | No |
| X | UpDate | RAuth.exe | Added by the DLOADER-UL TROJAN! | No |
| X | Update | csrss.exe | Added by the ADCLICK-AG TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | Update | csrss.exe | Added by the MEHEERWAR TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "winupdate" subfolder | No |
| X | Update | lsass.exe | Added by the ADCLICK-AG TROJAN! Note - this is not the legitimate lsass.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder | No |
| X | Update | svchost.exe | Added by the ADCLICK-AG TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder | No |
| X | Update | Update.exe | QuickButton adware | No |
| X | Update | hanz.exe | Added by a variant of the RBOT-GLJ WORM! | No |
| X | Update Checker | winlog.exe | Added by the IRCBOT-TJ TROJAN! | No |
| X | Update Checker | scvhost.exe | Added by the AGENT-DSF TROJAN! | No |
| X | Update Explorer | iexploreupd.exe | Added by a variant of the RBOT WORM! | No |
| X | Update for Windows | [various filenames] | Added by the LERPA-A WORM! Note - the file name will be one of the following common.exe, common.pif, common.scr, Sexo.exe, Sexo.jpg.pif, ini_file__.pif, load_me__.tmp, msfile.pif, system_load_.pif or zipped.rar.pif | No |
| ? | Update for Works | MSWkstz.exe | Maybe related to later versions of MS Works? | No |
| N | Update Grokster | WiseUpdt.exe | Automatically updates the Grokster file sharing software. Beware of adware and spyware when using this type of program, for instance, Grokster contains CyDoor | No |
| X | Update Install | Schost.exe | Added by the GAOBOT.AO WORM! | No |
| ? | Update local | SetCPQLC.exe | Running on a Compaq desktop. Any ideas? | No |
| N | Update Manager | UpdateManager.exe | Searches for updates for the Rogers Yahoo! Browser - can be run manually | No |
| X | update mon sys | updaterar.exe | Added by a variant of the RBOT WORM! | No |
| X | update run dos | logon.exe | Added by a variant of the SDBOT WORM! | No |
| X | Update Run MSword | LOGON.EXE | Added by the RBOT.TY WORM! | No |
| Y | Update Service | Update.exe | Loaded by Handybits programs such as EasyCrypto. Re-instates itself every time the program is run so best to leave it enabled. Prevent it dialling out via a firewall | No |
| X | update service | svxhost.exe | Added by the RBOT-MG WORM! | No |
| X | Update Service | winu32.exe | Added by the RBOT-MG WORM! | No |
| X | update service | winx.exe | Added by a variant of the RBOT WORM! | No |
| ? | Update TUT | WiseUpdt.exe | ?? | No |
| X | Update ver 1.0 | Swap.exe | Added by the SWAP-C WORM! | No |
| X | Update Windows | EXPLORE.EXE | Added by a variant of the SDBOT WORM! | No |
| X | Update Windows | EXPLORE.EXE | Added by a variant of the SDBOT WORM! | No |
| X | Update.exe | ravseuper.exe | Added by the QQPASS-P TROJAN! | No |
| X | Update32 | configs.exe | Hijacker, also detected as the QURL-2 TROJAN! | No |
| X | UpdateCheck | winstall.exe | Added by the SPYBOT-CY WORM! | No |
| X | UpdateComponent | CNF UPD.EXE | Added by the SPYBOT.GEN VIRUS! | No |
| ? | UpdateFW | fwdload.exe | Appears to be firmware update software for a Network Associates ATMbook OC-3 SMF Interface Module? | No |
| ? | UPDATEHOOK | Rundll32.exe | ?? | No |
| X | updatelavasoft | updatelavasoft.exe | CoolWebSearch parasite variant - redirecting to lalasearch.com | No |
| U | UpdateManager | sgtray.exe | StorageGuard from Veritas (this version by Sonic). Free utility that integrates with Backup MyPC (formerly Backup Exec Desktop), Simple Backup and MS Backup. Provides system tray access and background monitoring - warning you of files that haven't recently been backed up. Required unless you backup manually on a regular basis or have scheduled backups | No |
| X | UpdateManager | updmanager.exe | Added by the ANYHOMB.F TROJAN! | No |
| X | UpdateMedia | UpdateMedia.exe | MediaUpdate foistware | No |
| X | UpdateMgr | updmgr.exe | SouthBeachTel premium rate adult content dialer | No |
| N | updateMgr | AdobeUpdateManager.exe | Automatic updates for the Adobe Reader file viewer | No |
| N | updatemgr.exe | updatemgr.exe | Once a month, your EarthLink 5.0 Update Manager contacts EarthLink's servers to check for software updates. If an update is available for your EarthLink software, Update Manager will inform you and, with your permission, download and install the update. Can go to http://www.earthlink.net and download the updates manually | No |
| X | UPDATEMSN | svhost.exe | Added by an unidentified WORM or TROJAN! | No |
| X | updater | wupdater.exe | KeenVal adware | No |
| ? | updater | updater.exe | ?? | No |
| X | Updater | adservernow.exe | AdServerNow adware | No |
| X | updater | wisvc.exe | Added by the ORSE-A TROJAN! | No |
| X | UpDaTer | csrss.exe | Detected by Kaspersky as the AUTORUN.DIB WORM! See here. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ~A~m~B~u~R~a~D~u~L~� subfolder | No |
| X | Updater Service Process | svhost32.exe | Added by the AGOBOT.TY WORM! | No |
| X | updater32 | winload32.exe | Added by the CULT.M WORM! | No |
| X | updatereal | realupdate.exe | Chinese originated adware | No |
| X | Updates | msupdate.exe | CoolWebSearch parasite variant | No |
| N | Updates from HP | backweb*****.exe | See here - "messaging service that automatically sends you support information, tips, ideas, and special offers from HP and our partners, especially designed for HP and Compaq desktop computer owners". * can be any digit | No |
| N | Updates from HP | Updates from HP.exe | Automatically detects an internet connection and downloads any available updates | No |
| X | updatesched | [random filename] | ZenoSearch adware | No |
| X | UpdateService | wservice.exe | Added by the DREF-K WORM! | No |
| X | Updatestats | Updatestats.exe | Statblaster adware | No |
| X | UpdateStats | UpdateStats.exe | SeekSeek search hijacker related - see here | No |
| N | updatev01 | updatev01.exe | Ultra-networks.com software updater/downloader | No |
| X | updatewin | update.exe | Added by a variant of the SDBOT WORM! | No |
| X | UpdateWin | [random filename] | Detected by Kaspersky as the IRCBOT.AZW TROJAN! See here | No |
| ? | Updatewiz | updatewiz.exe | ?? | No |
| X | UpdateXpSp | MS045-XP2.exe | Added by the IRCBOT.NY TROJAN! | No |
| X | updatexwin | winxrpc.exe | Added by the AOGBOT-KJ WORM! | No |
| N | UPDATE~1 | updatemgr.exe | Once a month, your EarthLink 5.0 Update Manager contacts EarthLink's servers to check for software updates. If an update is available for your EarthLink software, Update Manager will inform you and, with your permission, download and install the update. Can go to http://www.earthlink.net and download the updates manually | No |
| X | upddateit | winit.exe | Added by the RBOT-MS WORM! | No |
| X | Updmgr | updmgr.exe | KeenVal adware | No |
| X | updmgr | rvupdmgr.exe | KeenVal adware | No |
| X | upDpacketo | services.exe | Added by the NAFBOT-A TROJAN! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "TEMPER" subfolder of the Windows or Winnt folder | No |
| N | UpdReg | Updreg.exe | Reminder to register Creative Labs SoundBlaster Live! cards | No |
| X | UpdSys | [random filename] | Added by the BJ TROJAN! | No |
| X | Updt Service | updt.pif | Added by the RBOT-AYU WORM! | No |
| X | updwebmin | updwebmin.exe | Added by the BACKDOOR.GEN TROJAN! | No |
| ? | UPERVGAS | UPERVGAS.exe | ?? | No |
| X | Upgrade Sarvice | sxchost.exe | Added by a variant of the TOFGER-I TROJAN! | No |
| X | Upgrade Service | sxchost.exe | Added by the TOFGER-I TROJAN! | No |
| X | Upgrade Service | winupd.exe | Added by the TOFGER-U TROJAN! | No |
| X | upme | [filename] | Added by the MUGLY.F WORM! | No |
| X | Upme | DLLMAN.EXE | Added by the MUGLY.I WORM! | No |
| X | upnp | upnp.exe | Added by the DLOADR-YT WORM! | No |
| X | UPNP | [path to trojan] | Added by the DROPPER.EAT TROJAN! | No |
| X | UPNP | upnpsvc.exe | Added by the CLOMP-B TROJAN! | No |
| X | UPnP Manager | upnpman.exe | Added by a variant of the AGOBOT/GAOBOT WORM! | No |
| X | UPNPService | WinSVCservice.exe | Added by the AGOBOT.UN WORM! | No |
| U | Upromise | Upromise.exe | Upromise college savings program | No |
| U | Upromise Tray | UpromiseTray.exe | System Tray access to the Upromise college savings program | No |
| U | Upromise Update | UpromiseUa.exe | Updater for the Upromise college savings program | No |
| U | Upromise0 | Upromise0.exe | Upromise college savings program | No |
| U | UpromiseRemindU | wjview ...Code | Part of the Upromise saving scheme but associated with Ebates MoneyMaker adware so the choice is yours | No |
| X | uprpcw | uprpcw.exe | PrivacyProtector misleading security software - not recommended, see here | No |
| Y | UPS | ups.exe | PowerChute v5.02 - UPS Monitoring Module (which loads iconclnt - the tray icon) | No |
| X | UPS | UPS32.exe | Added by the FEMOT.O WORM! | No |
| Y | UPSentry 2000 | upsd.exe | Used with Belkin UPS (Uninterruptable Power Supply) for support in the event of a power-loss | No |
| Y | UPSlim | upsd.exe | Used with Belkin UPS (Uninterruptable Power Supply) for support in the event of a power-loss | No |
| U | UPSMON | UPSMON.exe | UPSMON Power Management software | No |
| X | UPSUtl | web.exe | CoolWebSearch parasite variant | No |
| U | Uptimer4 | Uptimer4.exe | Uptimer4 is an appbar which displays time, date, uptime, free ram, free pagefile, cpu usage, disk free space, battery power, IP addresses, TCP throughput, list of running processes, netstat and several more things | No |
| X | UpTimes service | WinUp.exe | Added by the RBOT-AKB WORM! | No |
| X | UpToDate | uptodate.exe | BrowserAid/BrowserPal foistware | No |
| X | uptolate | nucle.exe | Added by a variant of the BIFROSE TROJAN! | No |
| X | upxdn | upxdn.exe | Added by the AGENT.NCC TROJAN! | No |
| X | upxdnd | upxdnd.exe | Added by the JD-A TROJAN! | No |
| X | upyxo | yujixit.exe | Added by the SDBOT.BIX WORM! | No |
| Y | UrlLstCk | UrlLstCk.exe | Part of Norton Internet Security. From Symantec - "UrlLstCk.exe is a necessary file that will be present in C:Program FilesNorton Internet Security. It is a URL Checklist. It should not be disabled" | No |
| N | URLMAP | Urlmap.exe | Installed by MS Money, and runs whenever you start IE. All it does is bring up an annoying sidebar (kind of like the search window) with 'financial links' when the web page supports it | No |
| Y | UrtSvcExe | Urt95Svc.exe | "Cisco Secure URT is a virtual LAN (VLAN) assignment service that enhances LAN security by actively identifying and authenticating users and then associating them only to their specific network services and resources" | No |
| X | urudjeffni | winlogon.exe | Added by the ROMARIO-A WORM! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup and is always located in the System32 folder. This file is placed in the Windows or Winnt folder | No |
| X | USAR | USAR.exe | Ultimate Spyware Adware Remover - not recommended, see here | No |
| ? | Usb | Usb.exe | HP related - not sure whether it's required | No |
| X | usb | SASS.EXE | Added by the FUNSTA-A TROJAN! | No |
| X | USB 2.0 Driver | updateXPSPC.exe | Added by the AGOBOT-RJ WORM! | No |
| X | USB 2.0 Driver | Winsys32.exe | Added by the AGOBOT-QM WORM! | No |
| X | USB 2.0 Driver | updateXP.exe | Added by the AGOBOT-QP WORM! | No |
| X | USB 2.0 Driver | winsystem.exe | Added by the AGOBOT-QS WORM! | No |
| X | USB 2.0 Driver | UpdateXPSP.exe | Added by the AGOBOT-QD WORM! | No |
| X | USB 2.1 Driver | winupdate1.exe | Added by a variant of the RBOT WORM! | No |
| X | USB controller | Svcmm32.exe | SvcMM backdoor parasite downloader | No |
| X | USB Device | servicelog.exe | Added by the WOOTBOT.CB WORM! | No |
| X | USB Device | win32usb.exe | Added by the FORBOT-BQ WORM! | No |
| X | USB Device Server! | usbserver.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | USB Driver4 | UpdateXP*.exe [* = random digit] | Added by a variant of the SDBOT WORM! | No |
| X | USB Drivers1 | msupdate.exe | Added by a variant of the RBOT WORM! | No |
| X | USB Driverz2 | msnplus1.exe | Added by the SDBOT-XQ WORM! | No |
| X | USB Fix 1.1 | wuservices.exe | Added by a variant of the SDBOT WORM! | No |
| X | USB Fixes | wuafix.exe | Added by the RBOT-ABV TROJAN! | No |
| X | USB Hardware Monitoring | USBhardware.exe | Added by the RBOT-NN WORM! | No |
| X | USB Hardware326 Monitoring | USBhardware326.exe | Added by a variant of the SPYBOT WORM! | No |
| X | USB Hardware32c Monitoring | USBHARDWARE32C.EXE | Added by the RBOT-UU WORM! | No |
| X | USB Host Service | usbsvc.exe | Added by the RBOT-GG WORM! | No |
| ? | USB Hub Keyboard Patch | SKBPATCH.EXE | USB HUB Update | No |
| X | USB MS Update | USBS.exe | Added by a variant of the RBOT WORM! | No |
| Y | USB SECURITY DEVICE CoInstaller | JupitCo.exe | ButterflyMedia USB Flash drive related - required for the password security feature to work | No |
| X | USB Updates | mservices.exe | Added by a variant of the SDBOT WORM! | No |
| X | USB Updates | msfirewalls.exe | Added by a variant of the RBOT WORM! | No |
| X | USB Updates 2 | wugfixx.exe | Added by a variant of the RBOT WORM! | No |
| N | USB2Check | PCLECoInst.dll | Related to Pinnacle Systems Inc. CoInstaller - you can execute the USB2.0 interface check program (Usb2Check.exe file) to check if your system is a USB2.0 enabled system | No |
| X | USBConfigration2 | wmmndir.exe | Added by the AGOBOT-SV WORM! | No |
| X | UsbD | smss32.exe | Adware - detected by Kaspersky as the AGENT.CJ TROJAN! | No |
| X | UsbD | svhost32.exe | Added by the AGENT.IB TROJAN! | No |
| X | Usbd | usb_d.exe | Added by the CIDRA-A TROJAN! | No |
| X | UsbD | [path to trojan] | Added by the CIDRA-F TROJAN! | No |
| U | USBDetector | USBDetector.exe | USBDetector sets up an icon in the System Tray for a USB card which is intended to be used to eject or unplug hardware | No |
| U | USBDetector | UDetect.exe | USB tray icon/detection for external Belkin (and maybe other makes) under Win98 | No |
| X | USBDrives | msfirewalI.exe | Added by the RBOT-ABP WORM! | No |
| X | usbdrv | servicetask.exe | Added by a variant of the SDBOT WORM! | No |
| X | USBHWDRV | gam.exe | Added by a variant of the LOWZONE-I TROJAN! | No |
| X | USBHWDRV | msdc.exe | Added by a variant of the LOWZONE-I TROJAN! | No |
| X | USBHWDRV | sst4.exe | Added by a variant of the LOWZONE-I TROJAN! | No |
| X | USBHWINFO | mac.exe | Added by the LOWZONE-I TROJAN! | No |
| X | USBHWINFO | [path to trojan] | Added by the LOWZONE-I TROJAN! | No |
| X | USBHWINFO | sst6.exe | Added by the LOWZONE-I TROJAN! | No |
| U | USBMMKBD | usbmmkbd.exe | USB multimedia keyboard for HP systems. Allows the use of special function keys on USB keyboards. The latest version no longer pings a server when on-line wheras the older version did but did not transmit any user information | No |
| U | USBMonit.exe | USBMonit.exe | Monitors USB ports for insertion of Sandisk USB flashdrives | No |
| X | usbn | usbn.exe | Adult content dialer - detected by Kaspersky as the SMALL.AFA TROJAN! | No |
| X | usbn | [path to trojan] | Added by the HOGIL-C TROJAN! | No |
| U | USBPhoneforSkype | USBPhoneforSkype.exe | USBPhoneForSkype uses Skype to dial out from a generic USB phone | No |
| Y | USBPNP | USBPNP.exe | SiPix digital camera Twain USB driver | No |
| N | USBTA | usbtapnp.exe | System Tray access for the BeWAN Gazel 128 USB ISDN adapter | No |
| ? | USBToolTip | USBTip.exe | Related to Pinnacle Systems Inc. What does it do and is it required? | No |
| X | USD Driver | ccrss.exe | Added by the SDBOT.BFH WORM! | No |
| X | USDR6cw | USDR6cw.exe | SystemDoctor misleading malware remover - not recommended, see here | No |
| X | useful-soft | svchst.exe | Added by the STARTPA-HH TROJAN! | No |
| X | user | user32.exe | Added by the BINGHE TROJAN! | No |
| X | User | .exe | Added by the PUNYA-B WORM! | No |
| X | User Debug Manager | usndebug.exe | Added by a variant of the SPYBOT WORM! See here | No |
| X | User Host | usnhost.exe | Added by a variant of the IRCBOT TROJAN! See here | No |
| X | User Hosting Service | usnhost.exe | Detected by Trend Micro as the IRCBOT.SN WORM! See here | No |
| X | User Input Services | CTFMON32.EXE | Added by the MANCSYN.AK TROJAN! | No |
| U | User Logger | UsrLog.exe | UserLogger commercial surveillance software that logs keystrokes, programs used and computer ID information. It also captures screenshots, can hide its presence on the computer and can be disguised in the Windows Task list. Uninstall this software if you did not install it yourself | No |
| X | user logon | [path to worm] | Added by the PAHATIA-A WORM! | No |
| X | user logon | user logon.exe | Added by the PAHATIA.A WORM! | No |
| X | User Manager | fcllls.exe | Added by the ZAGABAN-B TROJAN! | No |
| X | User Messages | usrmsg.exe | Added by a variant of the IRCBOT TROJAN! See here | No |
| X | User Messages Manager | usnmsgs.exe | Added by a variant of the IRCBOT TROJAN! See here | No |
| X | User Messenger Manager | usnmsgr.exe | Added by a variant of the IRCBOT TROJAN! See here | No |
| X | User Servicer | usnsrvc.exe | Added by a variant of the IRCBOT TROJAN! See here | No |
| X | User Services | usersvc.exe | Added by the REVCUSS.A TROJAN! | No |
| X | User Services | usrsvc.exe | Added by the IRCBOT.SN WORM! | No |
| X | User Sharing | usrshare.exe | Added by a variant of the IRCBOT TROJAN! See here | No |
| X | User Sharing Manager | usnsharen.exe | Added by a variant of the IRCBOT TROJAN! See here | No |
| X | User Sharing Server | usnsrv.exe | Added by a variant of the IRCBOT TROJAN! See here | No |
| X | User Sharing Services | usnsvc.exe | Added by a variant of the KOBOT-C WORM! | No |
| X | User Sharing Wizard | usnshare.exe | Detected by Trend Micro as the IRCBOT.GS WORM! See here | No |
| X | User23.exe | DIAL.exe | This is a trojan trying to disguise itself as User32.dll | No |
| X | User32 | [filename] | Added by the NETTRASH TROJAN! | No |
| X | userd | systems.com | Added by the OUTLAW-A WORM! | No |
| N | UserFaultCheck | dumprep 0 -u | Used in connection with memory dumps - you can disable these by - right clicking on My Computer, selecting Properties and then the Advanced tab. Click on the Settings button in 'Startup and Recovery'. In the bottom pane - under 'Write debugging information' - click on the down arrow and then select 'None' - OK your way out | No |
| X | Userfile Sharing Serv | usnsrv.exe | Added by a variant of the IRCBOT TROJAN! See here | No |
| X | Userfile Sharing Server | usnserv.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | Userinit | lsass.exe | Added by the VIRAN-A TROJAN! Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Program Files%\Common Files%\System | No |
| X | userinit | winlogon.exe | Added by the DLOADER-TP TROJAN! Note - this is not the legitimate winlogon.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | userinit | smss.exe | Added by the DLOADR-B TROJAN! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | userinit | choo_003956f4 | Added by the PEED.16896 TROJAN! | No |
| X | userinit | ntos.exe | Added by the AGENT-ECU TROJAN! | No |
| X | Userinit | cologsver.exe | Added by the DROPPER.DJO TROJAN! | No |
| X | UserInit StartUp | rpcxuisu.exe | Added by a variant of the SDBOT WORM! | No |
| X | userinit.exe | userinit.exe | Added by the HAXDOOR-DP TROJAN! | No |
| X | userint32 | userint32.exe | Added by an unidentified TROJAN via an Instant Message that says, "This was cool, check it out here." Also contains Aurora popups | No |
| X | USERINTERFACE REPORT3R | M0USE.exe | Added by the MYTOB.HS WORM! | No |
| X | Userinterface Reporter | fuuuucktttttt.exe | Added by the MYTOB-DK WORM! | No |
| X | Userinterface Reporter | srv32.exe | ISTBar adware | No |
| X | UserSystem | [filename] | CoolWebSearch Smartsearch parasite variant. Also detected as the SEARCH-A TROJAN! | No |
| X | userun32 | userun32.exe | Added by the LYDRA-B TROJAN! | No |
| X | ushli | sscbltqu.exe | Obtained from an MP3 search list site. Also generates random processes on reboot | No |
| U | USIUDF_Eject_Monitor | USISrv.exe | Added by Ulead DVD Moviefactory. This program monitors your DVD or CD drives and alerts when you eject the media or have no media present | No |
| X | usnsvc.exe | usnsvc.exe | Detected by Trend Micro as the SPYBOT.AMD WORM! See here | No |
| X | usrgtway.exe | syswrun4x.exe | Added by the MITGLIEDER.E TROJAN! | No |
| N | USRobotics 802.11g Wireless Network Utility | USRWLANG.exe | USRobotics Wireless Network Utility - used to configure security settings for connecting to WEP encrypted Access Point through the USR Wireless adapter. You must uncheck "Use Windows to configure my wireless settings" for the program to work properly. Has Site Survey capabilities, and reports link quality and signal strength. Not required for proper operation of the device as the features given are accessible in the network connection properties | No |
| N | Usrobotics Online Registration | ?? | Pop-up reminding customers to register their products online at US Robotics | No |
| Y | USRpdA | USRmlnkA.exe | Modem driver files from US Robotics | No |
| X | Usrr | rncr.exe | PurityScan/Clickspring adware | No |
| X | Usrr | rpen.exe | PurityScan/Clickspring adware | No |
| ? | USRSTA | USRSTA.exe | Wireless Card controller. What does it do and is it required? | No |
| ? | USRSTA.EXE | USRSTA.EXE | Wireless Card controller. What does it do and is it required? | No |
| N | USSShReg | USSSHREG.EXE | Registration reminder for Ulead SmartSaver Pro - compacts large graphics for web designers | No |
| U | UStorag | ustorage.exe | U-Storage is application software running under Microsoft Windows, it provides functions and utility to manage STF flash drive (USB drive) for security, partition, boot-ability and recovery. See note | No |
| N | Ustorage | Ustorage.exe | Maintenance tool (enable security functions) for a USB drive from Pretec | No |
| X | utasvc | rundll32.exe utasvc.dll,start | Added by the AKBOT-AB WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "utasvc.dll" file is found in %System% | No |
| ? | Utility Ping | UTILIT~1.EXE | ?? | No |
| N | UtilityPro | UtilityPro.exe | IE search toolbars as supplied by people such as Yellow Internet and SearchBoss and written by Rawhide Search Solutions | No |
| Y | UTILsInst | N/A | For Gilat Communications internet satellite systems. Gilat rescue (Satellite system restore). Required if you have this system. Can cause a BSOD (blue screen of death) if left out | No |
| N | Utopia Angel | Angel.exe | Calculator for the online Utopia game | No |
| X | uvnx | uvcx.exe | Added by the DLOADR-AWF TROJAN! | No |
| X | uvnx | uvnx.exe | Added by the SMALL.CUL TROJAN! | No |
| U | UVS10 Preload | uvPL.exe | Related to Ulead VideoStudio video editing and DVD authoring software | No |
| X | uwa7pcw | uwa7pcw.exe | WinAntiVirus Pro 2007 misleading virus software - not recommended, see here | No |
| X | uwas7cw | uwas7cw.exe | WinAntiSpyware spyware remover - not recommended, see here | No |
| X | uwyrl | uwyrl.exe | Added by the PHEL.A TROJAN! | No |
| X | uwyw.exe | yujixit.exe | Added by the SDBOT.BGB WORM! | No |
| ? | v | WMPVer.EXE | Dritek System Inc. 3D Mouse related. Is it required? | No |
| U | V.92 Modem On Hold | Ltmoh.exe | Modem On Hold utility - manages incoming/outgoing voice calls on a single phone line while being connected to the internet | No |
| U | V0220Mon.exe | V0220Mon.exe | Creative Live! Cam Console Auto Launcher | No |
| U | V0230Mon.exe | V0230Mon.exe | Creative Live! Cam Console Auto Launcher | No |
| Y | V0250Mon.exe | V0250Mon.exe | Part of Creative Webcam Launcher | No |
| Y | V128IID | Rundll32.exe v128iitw.dll, STB_InitTweak | Loads drivers for some STB graphics cards such as the STB nVIDIA TNT 16MB. Required if you don't want to experience lock-ups or error messages | No |
| ? | V128IITV | ?? | Loads drivers for some STB graphics cards. May be related to such a card with a TV out option? | No |
| ? | V66SHELL | V66SHELL.EXE | It looks to be part of the display driver set for ASUS V3800, V6600 and V6800 display adapters. Probably a system tray quick access control? | No |
| U | va10key | va10key.exe | Only required if you use the 10 kay bay unit with a Sony Vaio laptop | No |
| X | VaCtrls | v7 | Downloader, detected as a variant of the ALPHABET TROJAN! | No |
| Y | Vade Retro Outlook Express | Vaderetro_oe.exe | Vade Retro anti-spam software for Outlook Express from GOTO software products | No |
| X | Vaganza-XPloit-[User Name]" | [user name].exe | Added by the GAVGENT.A WORM! | No |
| Y | VAGCtrl | VAGCTRL.EXE | Vexira Antivirus - virus scanner from Central Command | No |
| Y | VAGuard | VAGNT.exe | Vexira Antivirus - virus scanner from Central Command | No |
| U | VAIO Action Setup (Server) | VAServ.exe | Sony Vaio utility that auto-launches selected applications when you plug in a digital video camera, digital still camera, etc. via iLink (FireWire) or USB | No |
| U | VAIO Recovery | PartSeal.exe | System backup for Sony Vaio PCs. Adds a recovery mechanism for users over and above any System Restore features - allowing users to revert a drive back to the state it was when bought form the factory by hitting F10. The user obviously loses any data stored if not backed-up elsewhere | No |
| U | VAIO Update 2 | VAIOUpdt.exe | Related to Sony Vaio Update service | No |
| X | ValidData | [path to trojan] | Added by the RANKY.H TROJAN! | No |
| X | valuename | svchosts.exe | Added by a variant of the SDBOT WORM! | No |
| X | ValueS0ft | [random filename] | Added by a variant of the SPYBOT WORM! See here | No |
| X | ValueX | [random filename] | Detected by Trend Micro as the IRCBOT.EE TROJAN! See here | No |
| X | vb6 | vb6.exe | Added by the MUGLY.D WORM! | No |
| X | vbcdtm | [random filename] | Added by a variant of the SLAPER TROJAN! | No |
| X | vbe | [random name].vbe | Added by the UISGON-A WORM! | No |
| X | VBouncer | VirtualBouncer.exe | Virtual Bouncer - malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove, so definitely qualifies as unsolicited commercial software in itself. It also has an update feature that can download and execute arbitrary code. Warning - choose "custom" uninstall as "automatic" may remove other programs - see here | No |
| X | VbouncerDL | VbouncerInner****.exe [* = random char] | Virtual Bouncer - malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove, so definitely qualifies as unsolicited commercial software in itself. It also has an update feature that can download and execute arbitrary code. Warning - choose "custom" uninstall as "automatic" may remove other programs - see here | No |
| X | VbouncerDL | VBouncerInner.exe | Virtual Bouncer - malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove, so definitely qualifies as unsolicited commercial software in itself. It also has an update feature that can download and execute arbitrary code. Warning - choose "custom" uninstall as "automatic" may remove other programs - see here | No |
| X | VBS.Ipnuker@mm | [worm filename].vbs | Added by the NUKIP WORM! | No |
| X | VBS_AUTO_UPDATE | 0548656X.vbs | Added by the GORMLEZ-A WORM! | No |
| X | VBundleOuterDL | BundleOuter.EXE | Virtual Bouncer - malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove, so definitely qualifies as unsolicited commercial software in itself. It also has an update feature that can download and execute arbitrary code. Warning - choose "custom" uninstall as "automatic" may remove other programs - see here | No |
| X | VB_run | comctl_32.exe | Dubious downloader from densmail.com | No |
| X | VC5MediaPlayer | csmss.exe | Added by the DEDLER-B WORM! | No |
| N | VC5Play | VC5Play.exe | Virtual CD drive emulator - version 5. Available via Start -> Programs | No |
| N | VC6play | VC6Play.exe | Virtual CD drive emulator - version 6. Available via Start -> Programs | No |
| N | VC7Play | VC7Play.exe | Virtual CD drive emulator - version 7. Available via Start -> Programs | No |
| N | VC7Player | VC7Play.exe | Virtual CD drive emulator - version 7. Available via Start -> Programs | No |
| U | VC9Player | VC9Play.exe | Virtual CD from H H Software GmbH. "With Virtual CD, all your favorite CDs and DVDs are immediately accessible without constantly inserting and ejecting media" | No |
| X | VCatch | Vcatch.exe | CommonSearch Vcatch - "antivirus" software which actually bundles spy/adware itself! | No |
| X | VCatch Premium | VCatchpre.exe | VCatch antivirus. Considered spyware itself - see here | No |
| X | vcbbjf | keepSafe.exe | Added by the KILLAV.KAX TROJAN! | No |
| N | VCDPlayer | VCDPlayer.exe | Virtual CD drive emulator. Available via Start -> Programs | No |
| N | vcdplayx | vcdplayx.exe | CD emulation part of GameDrive & VirtualDrive from Farstone. Not required as starting these programs load this automatically | No |
| U | VCDTower | VCDTower.exe | Goldensoft CD Ghost related - turns a computer into a 200X-speed CD-ROM tower. Working from the hard drive, users can simultaneously access as many as 23 virtual CD-ROM drives at a speed of 200X for true multitasking | No |
| ? | VCDWATCH | VCDWATCH.EXE | Confirmed as Voyetra CD Watcher as it was found in a Compaq/Voyetra/AS2 directory but what does it do? | No |
| X | vcmicrec | msccsed.exe | Added by the MAILBOT-CE TROJAN! | No |
| X | VCMnet11 | VCMnet11.exe | Windows AFA Internet Enhancement - a browser hijacker, redirecting to adsourcecorp.com. See here | No |
| X | VCS Host | vcshost.exe | Added by the RBOT-FKT WORM! | No |
| N | VCSPlayer | vcsplay.exe | Virtual CD drive emulator. Available via Start -> Programs | No |
| X | VCXD Settings | phqg.EXE | Added by the RBOT.BRF WORM! | No |
| U | VC_Log | keylog.exe | PaqKeylog is a surveillance software program that logs keystrokes and can run in stealth mode. Uninstall this software unless you put it there yourself | No |
| X | Vdat Update | lalaa.exe | Added by a variant of the RBOT WORM! | No |
| ? | VDI Manager (HP) | HPO0VDX05.exe | HP (Hewlett-Packard) related. Now - what does it do? | No |
| U | VDrive2 | WebLifeDisk.exe | EarthLink WebLife Disk - "Consumers can quickly save files from their desktop into WebLife Disk, and then easily access them from any Internet connection without taking a laptop on the road or keeping up with a USB key" | No |
| N | vdtask | vdtask.exe | Program part of GameDrive & VirtualDrive virtual CD/DVD drive emulators from Farstone. Not required as starting these programs load this automatically | No |
| N | Vegas Palms - Launcher | Launcher.exe | Vegas Palms on-line cassino | No |
| X | veja_fotos.exe | veja_fotos.exe | Added by the MDROP-F TROJAN! | No |
| X | Vekio Startups | Pnksvc32.exe | Added by the AGOBOT.AJG WORM! | No |
| U | VentaDrv | vfdrv32.exe | Related to VentaFax Voice - send and receive black-and-white or color faxes, and turns your PC's fax modem into a versatile answering machine | No |
| U | Veo Velocity Connect | stim11.exe | Support software for the Veo Velocity Connect webcam | No |
| U | Veoh | VeohClient.exe | Veoh lets you share your video with other internet users | No |
| U | VERBATIM STORE 'N' G | verbatim store 'n' go.exe | Loads the driver for the Verbatim Store'n'Go PRO USB Flash Drive - reportedly required only on systems running Windows 98 and Millennium | No |
| X | Verif | vxst.exe | Added by the NOPIR.B WORM! | No |
| X | Veritas Patch | veritas.exe | Added by the RBOT-XT WORM! | No |
| N | Verizon Control Pad | cpad.exe | Control Pad - installed with Verizon DSL accounts. Tool designed to streamline the online experience | No |
| U | Verizon Online Support Center | matcli.exe | "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, state, etc and gets written to a log file". Verizon Online Support Center is required to run with the Help and Support program. If you uncheck Verizon Online Support Center and and then run help and Support it will add another Verizon Online Support Center in the startup menu. If you remove the Verizon Online Support Center in the add/remove program some help menus in help and support will not be available. You decide | No |
| U | VerizonServicepoint.exe | VerizonServicepoint.exe | Part of Verizon Online Support Manager | No |
| X | vern16.dll | regsvr32.exe vernn16.dll | DailyWinner adware. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The "vernn16.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| U | versato | versato.exe | "Hot" button (such as volume and browser control) management and a CD player as supplied with QTronix (as possibly Micro Innovations) keyboards | No |
| X | verse | verse.exe | Added by the STAP-C WORM! | No |
| X | Version | Version.exe | JRAUN adware variant | No |
| X | Version | manage.exe | JRAUN adware variant | No |
| X | version | [random].exe | DealHelper adware | No |
| Y | Vet Alert | vetmsg9x.exe | Computer Associates "InnoculateIT" and Vet Anti-Virus virus software | No |
| Y | Vet Alert | VETMSG.EXE | Computer Associates Vet Anti-Virus software | No |
| Y | Vet Start Up | vet98.exe | Computer Associates "InnoculateIT" and Vet Anti-Virus virus software. This option will slow down your system, if set too aggressively. There is no need to scan every file when opened, closed, etc. Check in InoculateIT PE options | No |
| Y | Vet Start Up | vet32.exe | Computer Associates "InnoculateIT" and Vet Anti-Virus virus software. This option will slow down your system, if set too aggressively. There is no need to scan every file when opened, closed, etc. Check in InoculateIT PE options | No |
| Y | VetAlert | VETMSG.EXE | Computer Associates Vet Anti-Virus software | No |
| U | VetTray | vettray.exe | Computer Associates "InnoculateIT" and Vet Anti-Virus virus software. System Tray quicklaunch access, not really necessary but only occupies 36k resources | No |
| X | VFW Encoder/Decoder Settings | RUNDLL32.exe MSSIGN30.DLL ondll_reg | Added by the LOVGATE-W WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| X | VGA Startup | vgacard.exe | Added by a variant of the RBOT WORM! | No |
| X | VgaDriver | RsrVga32.exe | Added by the KEYLOG-AH TROJAN! | No |
| X | VGATune | VGATune.exe | Added by the RBOT-AWM WORM! | No |
| U | VGAUtil | G-VGA.exe | Gigabyte VGA Utility - access card options (application needs to be run at startup, but is not system critical) | No |
| X | Vhosts Protection | vhosts.exe | Added by an unidentified WORM or TROJAN! | No |
| X | vid32cntl | vid32cntl.Exe | Added by the CRYPTER.A TROJAN! | No |
| N | Vidalia | Vidalia.exe | Vidalia is a cross-platform GUI controller for the Tor anonymityn package. Using Vidalia, you can start and stop Tor, view the status of Tor at a glance, and monitor Tor's bandwidth usage | No |
| X | vidcntl | vidcntl.Exe | Added by the CRYPTER.A TROJAN! | No |
| X | Vidcompat | Vidcompat.exe | Added by the GEMA TROJAN! | No |
| X | vidctrl | vidctrl.exe | Delfin Promulgate adware variant | No |
| X | Video | explored.exe | Added by the GAOBOT.RF WORM! | No |
| X | Video | winamp32.exe | Added by the AGOBOT-NG WORM! | No |
| X | Video Camera Frog | wcamfrog.exe | Added by a variant of the IRCBOT TROJAN! See here | No |
| X | Video Card Driver (do not remove) | tsasi.exe | Added by the SPYBOT-EF WORM! | No |
| X | Video Driver | svchost.exe | Added by an unidentified WORM or TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! | No |
| X | Video Lan Player | VideoLanPlayer.exe | Added by the RBOT-MY WORM! | No |
| X | Video Manager | videomgr.exe | Added by the PANDEM.C WORM! | No |
| X | Video Multimedia Driver | ndrives32.exe | Added by the RBOT-DK WORM! | No |
| X | Video Proces | winaps.exe | Added by the AGOBOT.HD WORM! | No |
| X | Video Process | sysconf.exe | Added by the GAOBOT.GEN!POLY or GAOBOT.UM or GAOBOT.ADX WORMS! | No |
| X | Video Process | MS32x16.exe | Added by the RBOT.RH WORM! | No |
| X | Video Process | netsvcs.exe | Added by the AGOBOT.LH WORM! | No |
| X | Video Process | MSlti64.exe | Added by the AGOBOT.UE WORM! | No |
| X | Video Process | [random filename] | Added by the RBOT-LM WORM! | No |
| X | Video Process | winasp.exe | Added by the AGOBOT-IS WORM! | No |
| X | Video Process | msn5.exe | Added by the AGOBOT-TW WORM! | No |
| X | Video Process | MStli32s.exe | Added by the RBOT-GAD WORM! | No |
| X | Video Process | wincert32.exe | Added by the AGOBOT.JT WORM! | No |
| X | Video Proes | winaii.exe | Added by the AOGBOT-FH WORM! | No |
| X | Video Services | explore.exe | Added by the GAOBOT.GL WORM! | No |
| X | Video Services | videol_32.exe | Added by the AGOBOT-DM WORM! | No |
| X | Video Services | sys32.exe | Added by the AGOBOT.PS WORM! | No |
| X | Videocntl | Videocntl.exe | Added by a variant of the GEMA.D TROJAN! | No |
| X | VideoDriver | [filename] | Added by the GSPOT20.A TROJAN! | No |
| X | VideoDriver | videodrv.exe | Added by the MIMAIL.A WORM! | No |
| X | VideoDriver | gspotbot.exe | Added by the SPIGOT.C TROJAN! | No |
| X | VideoDriverHook | vmdriver.exe | Added by the BCKDR-PSS BACKDOOR! | No |
| X | Videool32 | VIDEOL32.EXE | Added by the AGOBOT.EC WORM! | No |
| X | videoporno.exe | videoporno.exe | Premium rate adult content dialer | No |
| Y | Videora | Videora.exe | Video Holding personal video downloading program | No |
| X | VidiaDrivers | [path to trojan] | Added by the RANKY.U TROJAN! | No |
| X | vidmon | VIDMON.EXE | Delfin Media Viewer adware related | No |
| N | VidSvr | vidsvr.exe | MS WebTV for Windows Channel Guide. Used to display TV on your PC via a compatible video card with in-built tuner (such as ATI All-In-Wonder). If you don't use it - uninstall it | No |
| X | vietato.exe | vietato.exe | Adult content dialler | No |
| X | VIEW POINT DRIVERS | phqghum.exe | Added by the RBOT.BRX WORM! | No |
| X | VIEW POINT DRIVERS FOR WIN32 | phqghu.exe | Added by a variant of the RBOT WORM! | No |
| U | Viewbar | Viewbar.exe | Agloco Viewbar is a small toolbar that rests on the bottom of your screen or browser window while you surf the Internet. The Viewbar software is what enables AGLOCO to collect the money you are earning while browsing the Internet". Get paid for browsing but you must consent to them collecting your personal information | No |
| N | ViewMgr | ViewMgr.exe | Viewpoint Manager - automatic updates for ViewPoint products such as ViewPoint Media Player (as bundled with AOL, AOL Instant Messenger, Compuserve, etc). Can be run manually via Start -> Settings -> Control Panel by enabling auto-updates temporarily, re-booting and then disabling again. Not recommended as Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This may change in 2006 - read this article | No |
| U | ViewpointPhotosDeviceConnect | FotomatDeviceConnect.exe | Related to Viewpoint which is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 according to this article. You can remove it via Start -> Settings -> Control Panel -> Add/Remove Programs list... | No |
| U | ViivMonitor | ViivMonitor.exe | Related to Intel Media Share Software. "Stream or download media files from your Intel® Core®2 Processor with Viiv® technology-based PC" | No |
| ? | Vinny | ?? | ?? | No |
| X | vipantispyware | vipantispyware.exe | VipAntiSpyware spyware remover - not recommended, see here | No |
| X | Virscanner | smss.exe | Added by the DWNLDR-GWE TROJAN! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | Virt.exe | Virt.exe | Added by the REMADM-C TROJAN! | No |
| U | VirtuaGirl | Vg.exe | VirtuaGirl is a shareware program featuring scantily dressed girls on your desktop. They say hi in the morning, remind you of your appointments and dance for you on request... | No |
| U | VirtuaGirl2 | VirtuaGirl2 | VirtuaGirl is a shareware program featuring scantily dressed girls on your desktop. They say hi in the morning, remind you of your appointments and dance for you on request... | No |
| X | virtual | winit.exe | Added by the MUGLY.A or MUGLY.B WORMS! | No |
| X | virtual | winprotect.exe | Added by the MUGLY.C WORM! | No |
| X | virtual | wini.exe | Added by the RBOT-YX WORM! | No |
| U | Virtual Access Scheduler | VASCHD32.EXE | The scheduler for mail and usenet tool | No |
| X | Virtual Bouncer | VirtualBouncer.exe | Virtual Bouncer - malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove, so definitely qualifies as unsolicited commercial software in itself. It also has an update feature that can download and execute arbitrary code. Warning - choose "custom" uninstall as "automatic" may remove other programs - see here | No |
| X | Virtual CD v6 | grplscd.exe | Added by the RBOT-AXV WORM! | No |
| X | Virtual CD v6 | [random].exe | Added by the RBOT-AZV WORM! | No |
| X | Virtual CDROM | deamon.exe | Added by the RBOT.VP WORM! | No |
| X | Virtual Protocol | vr32.exe | Added by a variant of the SDBOT WORM! | No |
| X | virtual-ie | winlogi.exe | Malware - detected by Kaspersky as the WINAD.H TROJAN! | No |
| X | virtual-machine | svchosts.exe | Added by the RBOT-US WORM! | No |
| X | virtual-machine | winlogin.exe | Added by the RBOT-VU WORM! | No |
| X | virtual-machine | wini.exe | Added by the RBOT-WR WORM! | No |
| N | VirtualCloneDrive | VCDDaemon.exe | Virtual Clone Drive, part of CloneCD CD/DVD copying sofware. Discontinued | No |
| N | VirtualDrive | VDTask.exe | VirtualDrive from Farstone - virtual CD/DVD drive emulator. Available via Start → Programs | No |
| U | VirtualExpander | VirtualExpander.exe | Micro Vault Virtual Expander from Sony for their range of USB memory sticks. This software will compress your data to virtually store about 3 times as much data | No |
| U | VirtuaReminder | VirtuaReminder.exe | VirtuaReminder is a tool allowing the user to create reminders for such things as important appointments, birthdays, etc | No |
| U | Virtuele Katja | VKatja.exe | Virtuele Katja - have an attractive moviestar parade on your Desktop and help you search the Dutch "Gouden Gids" business directory too... | No |
| X | Virus | Anti.exe | Added by the SEENBOT.O WORM! | No |
| X | Virus Doctor | Vdoc[random].exe | Virus Doctor rogue security software - not recommended, removal instructions here | No |
| X | Virus Protect | vrsprtc.exe | Added by the RBOT-APR WORM! | No |
| X | Virus Removal Tool | [path to trojan] | Added by the TOMETA-B TROJAN! | No |
| X | Virus Scan | virscana.exe | Added by an unidentified VIRUS, WORM or TROJAN! | No |
| X | Virus-Burst | Virus-Burst.exe | Virus-Burst spyware remover - not recommended, see here | No |
| X | VirusBurst | VirusBurst.exe | VirusBurst spyware remover - not recommended, see here | No |
| X | VirusCheckII | AVIRCHK.EXE | Added by the DASMIN TROJAN! | No |
| X | VirusHeat 3.9 | VirusHeat 3.9.exe | VirusHeat misleading security program - not recommended, see here | No |
| X | VirusIsolator | VirusIsolator.exe | VirusIsolator misleading security software - not recommended, see here | No |
| U | VirusKeeper | VirusKeeper.exe | VirusKeeper uses a powerful real-time threat detection engine | No |
| X | VirusProtect 3.* | VirusProtect 3.*.exe | VirusProtect misleading antivirus program (where * represents the version number) - not recommend, see here | No |
| X | VirusProtectPro 3.* | VirusProtectPro 3.*.exe | VirusProtect Pro misleading antivirus program (where * represents the version number) - not recommend, see here | No |
| X | VirusRay 3.8 | VirusRay 3.8.exe | VirusRay spyware remover - not recommended, see here | No |
| X | VirusRemover2009 | VRM2009.exe | Total Protect 2009 rogue security software - not recommended, removal instructions here | No |
| X | VirusRescue | VirusRescue.exe | Virus program - not recommended, see here | No |
| X | VirusResponseLab2009 | VirusResponseLab2009.exe | VirusResponse Lab 2009 rogue security software - not recommended, see here | No |
| X | VirusRL2009 | VirusRL2009.exe | VirusResponse Lab 2009 rogue security software - not recommended, see here | No |
| Y | VirusScan Online | mcvsshld.exe | McAfee VirusScan On-line. See also the McAgentExe entry | No |
| ? | VirusScanMSC | VsStat.exe | Part of McAfee VirusScan. System Tray application as with previous versions (were also VsStat.exe), McAfee SecurityCenter integration or something else? Is it required? | No |
| X | VirusScanner | mnsys.exe | Added by the SDBOT-AFQ WORM! | No |
| X | VirusTriggerBin | VirusTriggerBin.exe | Virus Trigger rogue security software - not recommended, removal instructions here | No |
| X | Virus_Scanner | Virus_Cleaner.exe | Added by the PANOL WORM! | No |
| X | visin | visin.exe | Lmir.1DB8!pws spyware | No |
| N | visionGS | VISIONGS.EXE | visionGS webcam software | No |
| X | VistaDrive | VistaDrive.exe | VistaDrive malware | No |
| ? | Vistadrv | vsdrv.exe | Vista Drive - part of ArabLionZ XP Tools. What does it do and is it required? | No |
| N | Vistascan | vistascan.exe | Included in VistaScan are VistaAccess and VistaShuttle. VistaAccess gives you quick and easy access to scanning functions right from your desktop. For Windows users, you'll see a scanner icon in the Windows Tray of the Taskbar. Click this icon and a menu opens | No |
| X | VistaUpgrade | vistaupgrade.exe | Added by the STRATION-AX WORM! | No |
| X | Visual Element FX5 | [various filenames] | ClearStream Accelerator adware | No |
| X | VisualStudio | msorunner.exe | Added by a variant of the TACTSLAY TROJAN! | No |
| U | VisualTaskTips | VisualTaskTips.exe | "Visual Task Tips is a lightweight shell enhancement utility. It provides thumbnail preview image for each task in the Windows Taskbar" | No |
| U | VisualTooltip | VisualToolTip.exe | Related to VisualTooltip. Shows a thumbnail of a window by placing the mouse cursor over a button on the taskbar | No |
| X | ViSulaBaCis | lsass.exe | Detected by Kaspersky as the AUTORUN.DIB WORM! See here. Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ~A~m~B~u~R~a~D~u~L~ subfolder | No |
| X | VITAL BOOT PROCESS | taskmngr.exe | Added by a variant of the RBOT WORM! | No |
| X | VITAL BOOT PROCESS | taskmnsgr.exe | Added by the Rbot-VY WORM! | No |
| X | Vital Load Process | Spoolsvr.exe | Added by the RBOT.AIF WORM! | No |
| X | Vital Master-boot DLL | crsss.exe | Added by the RBOT.ASE WORM! | No |
| X | VividGalut | VividGalut.exe | Adult content related web downloader | No |
| X | vlc | vlc.exe | Detected as the BUZUS.DVE TROJAN! | No |
| X | vmcleaner | gxlib.exe | Added by the SMALL-HS TROJAN! | No |
| ? | VMConsole.exe | VMConsole.exe | Sony VAIO Media Console - installed on the VAIO Media Integrated Server PCs. What does it do and is it required? | No |
| Y | VMDFW | vmdfw.exe | VirusMD Personal Firewall. Vendor's Note: "VirusMD Personal Firewall is a micro-firewall and should not be use as your primary virus scanner or as your primary firewall. It does not pan-block incoming or outgoing data. Rather, is a diagnostic and therapeutic utility designed to help professionals save time and effort in eradicating Trojan horses" | No |
| X | vmlib | vmlib.exe | Added by the LOWZONE-AQ TROJAN! | No |
| X | Vmlist | apphelps.dll | Added by the ALAMNAHE.A VIRUS! | No |
| X | Vmmon32 | vmmon32.exe | Browser hijacker | No |
| X | vmnetdhcp | vmnetdhcp.exe | Added by the DWNLDR-GTC TROJAN! | No |
| X | VMount drive | vmount.exe | Added by the RIZO.A TROJAN! | No |
| X | vmsnGraber | VMSNGRABER.EXE | Added by the ENVID.B WORM! | No |
| X | vmss | vmss.exe | Delfin Media Viewer or "Promulgate" adware variant | No |
| X | vmtuner | gclib.exe | Hijacker - detected by Kaspersky as the SMALL.FH TROJAN! | No |
| X | vmtuner | gglib.exe | Added by the QLOWZON-D TROJAN! | No |
| X | VMware hptray | hpmon.exe | Trojan that is typically bundled with rogue security programs (such as Virus Trigger and AntivirusTrigger) and fake codecs. Note - this is not a legitimate VMware entry | No |
| N | VMware hqtray | hqtray.exe | VMware Host Network Access Status Tray Application - part of both VMware Player (from version 2.0) and Workstation (until version 6.5) - which allow you to "run multiple operating systems simultaneously on a single PC." It's function is uknown at present and it displays no tray icon as the name suggests. Can be disabled without affecting the operation of either product | Yes |
| U | VMware Workstation | vmware-tray.exe | System Tray access to virtual machines (VMs) currently in a "powered on" state in VMware Workstation - which "makes it simple to create and run multiple virtual machines on your desktop or laptop computer". Can be helpful if VMs are configured to run "headless" at Windows startup, in which case it can help you interact with the headless VMs. In that case, VMs could be powered on headless without ever starting up Workstation. If VMs aren't configured to run headless it isn't really required | No |
| N | VMware Workstation | hqtray.exe | VMware Host Network Access Status Tray Application - part of both VMware Player (from version 2.0) and Workstation (until version 6.5) - which allow you to "run multiple operating systems simultaneously on a single PC." It's function is uknown at present and it displays no tray icon as the name suggests. Can be disabled without affecting the operation of either product | Yes |
| U | vmware-tray | vmware-tray.exe | System Tray access to virtual machines (VMs) currently in a "powered on" state in VMware Workstation - which "makes it simple to create and run multiple virtual machines on your desktop or laptop computer". Can be helpful if VMs are configured to run "headless" at Windows startup, in which case it can help you interact with the headless VMs. In that case, VMs could be powered on headless without ever starting up Workstation. If VMs aren't configured to run headless it isn't really required | No |
| X | VnCplUpdate | msdm.exe | Masssend - spam relayer. Listens on a port for the spammers to feed it a list of addresses and what to send out. More information in this advisory | No |
| X | vnmispoisn downloader | vnmispoisn downloader.exe | SearchBarCash adware variant | No |
| X | VnrBlock20 | VnrBlock20.exe | Berlinads adware | No |
| X | VnrBlock21 | VnrBlock21.exe | Internet Speed Monitor adware | No |
| X | VnrPack15 | VnrPack15.exe | Detected by PCTools as Zeno_Search_Assistant adware. See here | No |
| X | VnrPack16 | VnrPack16.exe | Detected by PCTools as Zeno_Search_Assistant adware. See here | No |
| X | VnrPack17 | VnrPack17.exe | Internet Speed Monitor adware related - see example here | No |
| X | VnrPack20 | VnrPack20.exe | Internet Speed Monitor adware related - see example here | No |
| U | VOBID | InstantDrive.exe | Pinnacle Systems (ex VOB) InstantDrive - creates a virtual CD-ROM drive on the computer's hard drive. Part of InstantCD/DVD burning software | No |
| Y | VOBRegCheck | VOBRegCheck.exe | Part of Pinnacle Systems InstantCD/DVD and InstantCopy CD/DVD copying software that verifies drive settings. Once loaded it doesn't use any resources so you can leave it enabled | No |
| U | VoiceCenter | AndreaVC.exe | Related to Andrea's Superbeam microphone utility | No |
| U | voip phone | voip phone.exe | Related to Acer Bluetooth VoIP phone - as optionally supplied with some of their notebooks such as the TravelMate 8200 | No |
| N | VoipBuster | VoipBuster.exe | VoipBuster - free internet telephony utility using the VoIP (Voice over Internet Protocol). Call online friends for free and regular phones either for free (limited use) or low rates. One of a number provided by Betamax - the others generally have different rate plans. Similar to the more popular Skype | No |
| N | VoipBusterPro | VoipBusterPro.exe | VoipBusterPro - internet telephony utility using the VoIP (Voice over Internet Protocol). Call online friends for free and regular phones either for free (limited use) or low rates. One of a number provided by Betamax - the others generally have different rate plans. Similar to the more popular Skype | No |
| N | VoipCheap | VoipCheap.exe | VoipCheap - free internet telephony utility using the VoIP (Voice over Internet Protocol). Call online friends for free and regular phones either for free (limited use) or low rates. One of a number provided by Betamax - the others generally have different rate plans. Similar to the more popular Skype | No |
| N | VoipCheapCom | VoipCheapCom.exe | VoipCheapCom - free internet telephony utility using the VoIP (Voice over Internet Protocol). Call online friends for free and regular phones either for free (limited use) or low rates. One of a number provided by Betamax - the others generally have different rate plans. Similar to the more popular Skype | No |
| N | VoipDiscount | VoipDiscount.exe | VoipDiscount - free internet telephony utility using the VoIP (Voice over Internet Protocol). Call online friends for free and regular phones either for free (limited use) or low rates. One of a number provided by Betamax - the others generally have different rate plans. Similar to the more popular Skype | No |
| N | VoipHit | VoipHit.exe | VoipHit - free internet telephony utility using the VoIP (Voice over Internet Protocol). Call online friends for free and regular phones either for free (limited use) or low rates. One of a number provided by Betamax - the others generally have different rate plans. Similar to the more popular Skype | No |
| N | VoipRaider | VoipRaider.exe | VoipRaider - free internet telephony utility using the VoIP (Voice over Internet Protocol). Call online friends for free and regular phones either for free (limited use) or low rates. One of a number provided by Betamax - the others generally have different rate plans. Similar to the more popular Skype | No |
| N | VoipStunt | VoipStunt.exe | VoipStunt - free internet telephony utility using the VoIP (Voice over Internet Protocol). Call online friends for free and regular phones either for free (limited use) or low rates. One of a number provided by Betamax - the others generally have different rate plans. Similar to the more popular Skype | No |
| N | Voipwise | Voipwise.exe | Voipwise - free internet telephony utility using the VoIP (Voice over Internet Protocol). Call online friends for free and regular phones either for free (limited use) or low rates. One of a number provided by Betamax - the others generally have different rate plans. Similar to the more popular Skype | No |
| N | VoipZoom | VoipZoom.exe | VoipZoom - internet telephony utility using the VoIP (Voice over Internet Protocol). Call online friends for free and regular phones either for free (limited use) or low rates. One of a number provided by Betamax - the others generally have different rate plans. Similar to the more popular Skype | No |
| U | VolPanel | VolPanel.exe | Related to Creative Sound Blaster X-Fi | No |
| X | Voltage Manager | [random filename] | Added by the DREFFORT WORM! | No |
| X | Volume Controller | VolumeControl.exe | Added by the SDBOT.AYI WORM! | No |
| X | Volume Shadow Configuration | vbmsvc.exe | Detected by Kaspersky as the IRCBOT.AMU TROJAN! See here | No |
| X | Volume Shadow Manager | vbcsvc.exe | Added by a variant of the IRCBOT TROJAN! See here | No |
| U | Vonage | click2call.exe | Vonage Voice over IP Internet phone service | No |
| N | Vongo Tray | Tray.exe | System Tray access the now discontinued Vongo video-on-demand service | No |
| U | VoodooBanshee | rundll32.exe 3DBBps.dll, BansheeLoadSettings | Loads the configuration settings for a 3dfx Voodoo Banshee chipset based graphics card. If you change some of the settings from default you probably need this - otherwise maybe not | No |
| ? | voowsmcr | huhdir.exe | ?? | No |
| N | Vortex Tray | asp4setp.exe | System Tray application for Aureal Vortex based soundcards. Can be run manually via Start -> Settings -> Control Panel | No |
| N | VortexTray | au30setp.exe | System Tray application for Aureal Vortex based soundcards. Can be run manually via Start -> Settings -> Control Panel | No |
| N | VortexTray | asp4tray.exe | System Tray application for Aureal Vortex based soundcards. Can be run manually via Start -> Settings -> Control Panel | No |
| N | VortexTray | asp4setp.exe | System Tray application for Aureal Vortex based soundcards. Can be run manually via Start -> Settings -> Control Panel | No |
| N | VoyetraTray | vtray.exe | This provides an abbreviated Control Group for the Turtle Beach Montego II sound functions/associated with AudioStation 3 and 32 | No |
| U | VP-EYE | vpeyev4.exe | VP-EYE Web Cam control panel software | No |
| U | VPCUserServices | VMUSrvc.exe | Part of "DOS Virtual Machine Additions" for Microsoft Virtual PC, software virtualization software that allows you to run multiple PC-based operating systems simultaneously on one workstation. This process provides additional functionalities such as Shared Folders | No |
| Y | VPNClient | ipigclient.exe | iOpus Private Internet Gateway (iPIG) client. 'Using powerful 256-bit AES encryption technology, the iOpus Private Internet Gateway (iPIG) creates a secure "tunnel" that protects your inbound and outbound communications (Email, Web, IM, VOIP, calls, FTP, etc.) at any Wi-Fi hotspot or wired network' | No |
| U | Vpop3 Mail Server | vpop3.exe | Mail server from Paul Smith Computer Services. Runs in system tray to collect mail. Can be run from a shortcut and if it isn't running then it won't get your email! | No |
| U | vptray | vptray.exe | System Tray icon for Norton Anti-Virus Corporate Edition. Gives access to the options available and may not be required. Some users may have problems - refer here | No |
| X | vptray analyzing | vptray.exe | Added by the RIZO.A TROJAN! | No |
| X | vptraya analyzing | vptraya.exe | Added by the RIZO.A TROJAN! | No |
| Y | Vrmon | vrmonnt.exe | Hauri ViRobot anti-virus. Located in Program FilesViRobotXP | No |
| U | Vrmon | vrmonnt.exe | The Shield Antivirus. Located in a Program FilesPCSecurityShieldShieldAntivirus. Not recommended by some because one of their other products (Privacy Defender) was adware based and used false positives (see here). McAfee SiteAdvisor seems to blacklist the whole domain. Hence the "U" recommendation | No |
| Y | VrSchedule | Vrres.exe | Hauri ViRobot anti-virus. Located in Program FilesViRobotXP | No |
| Y | VS.VSN | Part of eSafe antivirus "SmartScan" - alerts the user if files have been changed/added | No | |
| X | vsadmin | smrs.exe | Added by the AGOBOT-RC WORM! | No |
| X | Vsample | winxpsock.exe | Added by the SDBOT.BLK WORM! | No |
| X | vscan | joke.vbs | Added by the ROOKIE-A TROJAN! | No |
| X | vscanner | spooll32.exe | Added by the OPTIXPRO.10 TROJAN! | No |
| X | vschost | vschosts.exe | Added by the VIPSY-A TROJAN! | No |
| X | vschost | vschost.exe | Detected by Kaspersky as the AGENT.QK BACKDOOR! See here | No |
| N | VsEcomrEXE | VSECOMR.EXE | From McAfee VirusScan up to version 4.x. This executable is responsible for the periodic "update" prompts | No |
| Y | Vshwin32EXE | VSHWIN32.EXE | From McAfee VirusScan up to version 4.x and Dr Solomon's VirusScan. Communicates between VSSTAT.EXE and the VShield System Scan module. Can be started automatically or available via Start -> Programs | No |
| X | VSMP | hlojsnigc.exe | Added by the RBOT-GQS WORM! | No |
| N | VSN | VSN.exe | Software to share photographs across the internet | No |
| Y | vsnpstd3 | vsnpstd3.exe | Sonix Inc. Camera Monitor MFC Application | No |
| Y | VSOCheckTask | MCMNHDLR.EXE | Part of McAfee's SecurityCenter and Virusscan Online. Must be enabled for scanning to work | No |
| X | VSP32 Controls | vsp32.exe | Added by the RBOT-VA WORM! | No |
| N | vspdfprsrv.exe | vspdfprsrv.exe | Visage PDF Printer | No |
| X | vspell | vspell.exe | Added by a variant of the SMALL.PI TROJAN! | No |
| X | vsrv32 | vsrv32.exe | Added by the AGOBOT.AIF WORM! | No |
| X | vssms32 | vssms32.exe | Added by the BCKDR-LBF BACKDOOR! | No |
| Y | VsStatEXE | VSSTAT.EXE | From McAfee VirusScan up to version 4.x and Dr Solomon's VirusScan. Communicates between VSSTAT.EXE and the VShield System Scan module. Can be started automatically or available via Start -> Programs | No |
| X | vst | vstkmgr.exe | Added by the AGOBOT.SK WORM! | No |
| X | VStudio Manager | vstudio.exe | Added by the RIZO.A TROJAN! | No |
| X | vtmesys | netcxcfm.exe | Added by a variant of the RBOT-GNA WORM! | No |
| X | vtmesys | netlprto.exe | Added by the RBOT-GNA WORM! | No |
| N | vTPass | vtpassld.exe | Part of vTrails - a live media delivery solution. vTPass is the driver enabling the system to work. If unavailable via Start -> Programs, create your own shortcut for the "vtpass.exe" file | No |
| U | VTPreset | VTPreset.exe | Savage Pro S3 graphics software | No |
| N | VTrayp | VTtrayp.exe | Part of S3 Graphics Controllers - S3 Screentoys Helper | No |
| U | VTTimer | VTTimer.exe | Driver file for the on-board VIA/S3G KM400/KN400 graphics which enables TV in/out communication | No |
| N | vTunerStartUp | vTuner.exe | vTuner - "an easy way to find and listen to radio and TV broadcasts over the Internet" | No |
| X | vuaaa | reg.exe | Added by a variant of the RBOT WORM! | No |
| X | VVSN | VVSN.exe | WhenU.Save adware | No |
| X | VX Audio | vxaudio.exe | Added by the VANEBOT-AI WORM! | No |
| ? | VX1000 | vVX1000.exe | Associated with Microsoft's VX-1000 LifeCam webcams. What does it do and is it required? | No |
| ? | VX3000 | vVX3000.exe | Associated with Microsoft's VX-3000 LifeCam webcams. What does it do and is it required? | No |
| ? | VX6000 | vVX6000.exe | Associated with Microsoft's VX-6000 LifeCam webcams. What does it do and is it required? | No |
| U | VZAccess Manager | VZAccess Manager.exe | Verizon Access manager for enterprises | No |
| U | VZRemoteCommander | AvRmtCtr.exe | Related to Sony's VAIO Zone Remote Commander | No |
| X | w02db700.dll | [random filename] | ZenoSearch adware | No |
| X | W1N32.DLL | WINLOGON .exe | Added by the DROPPERFL.A TROJAN! | No |
| X | w32 | w32.exe | Added by the SOKEVEN TROJAN! | No |
| X | W32.Scran | Scran.exe | Added by the NARCS WORM! | No |
| X | w32alanis | mope.scr | Added by the SINALA WORM! | No |
| X | W32data | eworo.exe | Added by a variant of the RBOT WORM! | No |
| X | W32Load | [random filename].scr | Added by the CASPID WORM! | No |
| X | W32PluginsDownloader XMLHTTPSelfClearing7520 | wiper.exe | Added by the PROXYSER-M TROJAN! | No |
| X | w32sup | w32sup.exe | Adult content dialler | No |
| X | W32SYS | w32sys.exe | Added by the JAMBU-A WORM! | No |
| X | W32Tc | WTC32.scr | Added by the VOTE.D or VOTE.K WORMS! | No |
| X | W3KNetwork | rundll32.exe w3knet.dll, dllinitrun | Web3000 adware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| Y | W75P2PSERVER | W75P2PS.EXE | Printer utility which is required in order to make the printer work correctly | No |
| X | w7zip | w7zip.exe | Added by the BANCBAN-QB TROJAN! | No |
| U | W815DM | W815DM.exe | Enuff Parental Control Software by Akrontech | No |
| U | w98Eject | w98Eject.exe | Related to USB support for Sigmatel MP3 audio palyer (and others such as SanDisk). It's intent is to "put away" the "disk" before you unplug it from the USB port, ostensibly to avoid "losing" data | No |
| X | wab.exe | wab.exe | Added by a variant of the SDBOT WORM! | No |
| U | wait4IP | wait4IP.exe | Packard Bell net2Plug allows you to network PCs anywhere in your house | No |
| U | wallchgr.exe wstart | Wallchgr.exe | WallChanger - wallpaper changer from Blue Tree Software | No |
| U | WallMaster | wallmast.exe | WallMaster - "The free and easiest way to master your desktop wallpaper!" | No |
| X | WallPaper | taskimgr.exe | Added by the BANKER-GX TROJAN! | No |
| U | WallPaper | WALLPA~1.EXE | Wallpaper Changer - wallpaper manager that can change your background images on every startup | No |
| U | WallpaperChanger | Wallpaper.exe | A wallpaper changer and manager utility. There is the Freeware version and the Pro version. The freeware version is completely free. The Pro version is 30-day trialware, and after the 30 days some of the more advanced features will be disabled unless you register it | No |
| U | WallpaperSS | WallpaperSS.exe | Wallpaper Slideshow LT from gPhotoShow.com - "a great utility for displaying your favorite photos as your desktop wallpaper" | No |
| N | Wanadoo Messenger.exe | Wanadoo Messenger.exe | Wanadoo ISP instant messenger client | No |
| X | wanman.exe | wanman.exe | Added by the RBOT.HDO WORM! | No |
| Y | WanMPSvc | WanMPSvc.exe | An AOL component, the Wan miniport (ATW) service. If you delete this and logon, AOL reports a problem with your internet connection, and reinstalling AOL doesn't help | No |
| X | WAPI | wts**.exe [* = random char] | PurityScan/Clickspring adware | No |
| N | War FTPD Tray Icon | wartray.exe | War-ftpd - FTP server | No |
| N | war-ftpd.exe | WAR-FTPD.EXE | War FTP Daemon from JGAA's Internet - FTP client | No |
| X | Wardo | syslaunch.exe | Added by the ADCLICKER.G TROJAN! | No |
| X | WareOut | WareOut.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| N | warez | warez.exe | Warez P2P client | No |
| X | Warga KompTi | KOMPTI.exe | Added by the PITKOM-A TROJAN! | No |
| U | Warner | warner.exe | Also known as "CyberWarner". From G-Tek Technologies and pre-installed on some Packard Bell PCs. Protects critical files | No |
| U | Warnet | warnet.exe | Warnet - system cleanup software | No |
| U | Warning: do not remove it! | fpplock.exe | Part of Folder Password Expert by ZQS Software Team - "a software program to restrict access to the folders that contain your sensitive data" | No |
| Y | Warning: do not remove it! (system) | cfpsys.exe | Folder Password Protect - a program that lets you set a password on folders of your choice | No |
| N | WarReg_PopUp | WarReg_PopUp.exe | Acer warranty registration popup | No |
| N | WARSVR | war-ftpd.exe | "War FTP Daemon - the original free FTP server for windows" | No |
| U | WashAndGo - Cleanup of old Backupfiles | checker.exe | WashAndGo - temp file cleaner | No |
| U | Washer | washer.exe | Window Washer from Webroot Software. Useful utility that deletes safe to remove files, cookies, browsing history, etc. Available via from Start -> Programs. Disable within the program options - otherwise it is re-enabled in MSCONFIG | No |
| N | Washerie.exe | washerie.exe | Cookie Washer for Internet Explorer from Webroot Software. Light version of Windows Washer, specific for cleaning the IE cache and cookies. Available via Start -> Programs | No |
| U | washindex | washidx.exe | Window Washer from Webroot Software. Useful utility that deletes safe to remove files, cookies, browsing history, etc. Available via from Start -> Programs. Disable within the program options - otherwise it is re-enabled in MSCONFIG | No |
| X | Wast | wast.exe | Grokster ads updater | No |
| N | Watch | watch.exe | Found to be used by a Trust USB scanner for auto starting the scanning software when the lid is lifted | No |
| U | Watch | 1200UBWATCH.EXE | Button press monitor for the Mustek 1200 UB Scanner | No |
| N | Watch Dog Program | watchdog.exe | For Compaq PC's. Associated with Compaq's internet services. Not required if you don't use services provided by them and may not be required even if you do | No |
| N | Watchdog | Watchdog.exe | Definitely part of the Mustek scanner drivers and software (for 600 III EP Plus and maybe others), launches from the Startup folder in the Start Menu, but not required as they give instructions on removing it on their webpage | No |
| ? | WatchDog | watchdog.exe | Part of Motorola "Mobile Phone Tools" v3 - in a "Mobiile Phone Tools" sub-directory of Program Files | No |
| ? | WatchDog | DVDCheck.exe | Related to an Intervideo program. What does it do and is it required in startup? | No |
| N | WatchWAN | WatchWAN.exe | WatchWAN keeps an accurate account of the data that is flowing between your computer and the Internet at any given moment. This readout is presented in both numerical and graphical format, in real time | No |
| X | waumgr | waumgr.exe | Added by a variant of the IRCBOT TROJAN! | No |
| Y | WaveFramer | WaveFramer.exe | Part of SafeSpace (from Artificial Dynamics) which "protects computers from Internet malware infection without the need for signature updates or regular maintenance" | No |
| N | WaveTop Launcher | WaveTop.exe | WaveTop - "Get push content from TV without an Internet connection" - now possibly a defunct system in the US included as an optional part of WebTV in Win98 | No |
| N | WaveTop Receiver 1 | N/A | WaveTop - "Get push content from TV without an Internet connection" - now possibly a defunct system in the US included as an optional part of WebTV in Win98 | No |
| N | WaveTop Receiver 2 | N/A | WaveTop - "Get push content from TV without an Internet connection" - now possibly a defunct system in the US included as an optional part of WebTV in Win98 | No |
| N | WaveTop Upload Manager | N/A | WaveTop - "Get push content from TV without an Internet connection" - now possibly a defunct system in the US included as an optional part of WebTV in Win98 | No |
| U | WAWifiMessage | WiFiMsg.exe | "HP Wireless Assistant is a user application that provides a method for controlling the enablement of individual wireless devices (such as Bluetooth or WLAN devices) and that shows the state of the radios for these wireless devices" | No |
| X | Wbcmgr | wbcmgr.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| ? | wben | wben.exe | Appears to be related to Desktop Notifier from Starfield Technologies. What does it do and is it required? | No |
| N | Wbiff | Wbiff.exe | Wbiff! E-mail checker - automatically checks your e-mail and notifies you if any new e-mail has been received | No |
| X | wblogon | ubpr01.exe | Added by the AGENT-HFI TROJAN! | No |
| X | wblogon | ubpr01.exe | Added by the AGENT-HFI TROJAN! | No |
| X | wblogon | algg.exe | Added by the AGENT.AGGI TROJAN! | No |
| U | Wbutton | Wbutton.exe | Turns on and off the integrated WiFi on Acer (and other laptops) | No |
| N | WCESCOMM | WCESCOMM.EXE | Active sync for use with Windows CE based palm PC | No |
| X | WCESMngr | spoolsb.exe | Added by the AGOBOT-QZ WORM! | No |
| X | WCESMngr | WCEMNGR.EXE | Added by the AGOBOT-QX WORM! | No |
| X | WCheckUp | WCheckUp.exe | Barok keylogger and password stealer | No |
| U | wcmdmgr | wcmdmgrl.exe | Web Driver delivery system for WildTangent on-line games. Periodically checks for updates - can be disabled within the programs control panel. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case | No |
| N | wcmdmgr.exe | wcmdmgr.exe | Web Driver delivery system for WildTangent on-line games. Periodically checks for updates - can be disabled within the programs control panel. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case | No |
| U | wcmdmgrl | wcmdmgrl.exe | Web Driver delivery system for WildTangent on-line games. Periodically checks for updates - can be disabled within the programs control panel. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case | No |
| U | WCOLOREAL | coloreal.exe | Makes colours sharper and brighter, but will only work with coloreal capable monitors | No |
| ? | WCPC | wintsvcc.exe | ?? | No |
| X | WCPI | wintsvit.exe | PurityScan/Clickspring adware | No |
| X | WCPS | Wint**.exe [* = random char] | PurityScan/Clickspring adware | No |
| X | WCPT | wintsvtr.exe | PurityScan/Clickspring adware | No |
| X | wcsys | wcsys.exe | Added by the KEYLOG-AP TROJAN! | No |
| U | WD Backup Monitor | uBBMonitor.exe | WD Backup - customized version of ArcSoft's TotalMedia Backup for Western Digital external drives (see here) | No |
| U | WD Button Manager | WDBtnMgr.exe | Button manager installed with a western digital external disk drive. Allows you to back up your system with one click | No |
| U | WD Spindown Utility | ExSpinDn.exe | Spindown utility "for use with all Western Digital external hard drives except for the Media Center and the Dual-option Backup drives. It is designed to give greater user control over the spindown of the external drive" | No |
| X | wdfmgr32.exe | wdfmgr32.exe | Added by the DWNLDR-FVL TROJAN! | No |
| X | WDInfo | wdinfo.exe | Added by the DLUCA.B TROJAN! | No |
| X | wdmon | wdmon.exe | Detected as the BUZUS.DVE TROJAN! | No |
| X | WDNS SYSTEM | nibie.exe | Added by the MYTOB-BY WORM! | No |
| X | WDNS SYSTEM | skybotx.exe | Added by the MYTOB-BY WORM! | No |
| X | WDNS SYSTEM | wdns33.exe | Added by the MYTOB-BY WORM! | No |
| X | wdskctl | wdskctl.exe | IEPlugin spyware | No |
| X | wdwctrl | wdwctrl.exe | Added by the DLUCA.E TROJAN! | No |
| U | WD_SRT | WD_SRT.EXE | Western Digital USB disk driver | No |
| N | WEATHER | WEATHER.EXE | Weatherbug provides current outdoor temperature in the System Tray, also weather alerts. Available via Start -> Programs | No |
| U | Weather Pulse | weatherpulse.exe | Weather Pulse from Tropic Designs. "Display popular Satellite images and video from around the globe, share images with your friends and family, stay updated on current and expected weather conditions, it's just plain fun!" | No |
| N | WeatherCast | Weather.exe | Weather reporting in the System Tray. Available via Start -> Programs. Installed via Radlight | No |
| N | WeatherEye | WeatherEye.exe | WeatherEye - desktop weather from TheWeatherNetwork | No |
| X | WeatherOnTray | WeatherOnTray.exe | Hotbar adware | No |
| X | WeatherOnTray | SbWeatherOnTray.exe | Hotbar adware | No |
| N | Weatherscope | Weatherscope.exe | WeatherScope - "displays your current local temperature in the system tray of your computer (near the clock) whenever you are online!" Not recommended as it bundles GAIN adware. You can get the adware free version for a whopping $30. Please note that Claria Corporation no longer support GAIN-Supported software - see here | No |
| X | WeatherStudio Desktop | WeatherStudio Desktop.exe | WeatherStudio adware | No |
| N | WeatherWatcher | ww.exe | WeatherWatcher - weather reporting in the System Tray | No |
| X | web | ******.exe [* = random char] | Added by a variant of the EASTO.A TROJAN! | No |
| X | WEB DRIVERS FOR WIN32 | phqgh.exe | Added by a variant of the RBOT WORM! | No |
| X | Web Offer | ezPopStub.exe | eZula TopText adware | No |
| X | Web Offer | ezStub.exe | eZula TopText adware | No |
| X | Web Offer | EZSTUB22.EXE | eZula TopText adware | No |
| X | Web Offer | vl_ezstub.exe | eZula TopText adware | No |
| ? | Web Search | ?? | ?? | No |
| X | Web Service | [random filename].exe | Added by the ADMINCASH TROJAN! | No |
| X | Web Service | sm.exe | Added by the BUBE-F VIRUS! | No |
| X | Web Service | MSXMIDI.EXE | CoolWebSearch parasite variant, detected by Kaspersky as the SMALL.CW TROJAN! | No |
| U | Web2Pop | Web2Pop.exe | Web2Pop allows you to retrieve your web-based accounts messages to read them in your favorite e-mail client | No |
| Y | web3trap | web3trap.exe | PC-Cillin 2000 anti-virus software → ActiveX filter. Guards against malicious ActiveX programs, etc | No |
| X | webalize | webalize.exe | Searchcentrix hijacker | No |
| N | WebArmyKnife | WAK.exe | Web Army Knife - a suite of web site developer's tools | No |
| X | webassist | webassist.exe | Adware popup generator | No |
| X | WebBuying | webbuying.exe | WebBuying adware | No |
| N | WebCallDirect | WebCallDirect.exe | WebCallDirect - free internet telephony utility using the VoIP (Voice over Internet Protocol). Call online friends for free and regular phones either for free (limited use) or low rates. One of a number provided by Betamax - the others generally have different rate plans. Similar to the more popular Skype | No |
| X | webcam | webcam.exe | Added by the MONAD-A TROJAN! Note - this malware actually changes the default value data of the Registry Run and RunServices keys in order to force Windows to launch it at boot. Name field may be empty | No |
| ? | Webcam Go Sti Service Application | wbcgosvc.exe | Control software for the portable Creative Webcam Go digital camera/PC web cam. What does it do and is it required? | No |
| N | WebcamRT.exe | WEBCAMRT.exe | For Logitech Web Cams. Not required - camera works fine without it | No |
| X | Webcelerator | webcel.exe | Webcelerator from eAcceleration speeds your Web browsing by both remembering where you have been and anticipating where you will go. Only needed if you find it improves web browsing. Now no longer available and supported and when available was classed as spyware - see here | No |
| X | WebCheck | WebCheck.pif | Added by the CONE.C or CONE.F WORMS! | No |
| X | WebCpr0 | WebCpr0.exe | WebRebates adware | No |
| X | Webdav.exe | webdav.exe | IRC DDoS bot which gives the hacker full control over your system | No |
| U | WebExRemoteAccessAgent | raagtapp.exe | Related to Web Meetings from WebEx Communications, Inc. Share and present online with anyone, anywhere | No |
| X | WebHancer Agent | whagent.exe | System Tray application that starts up Webhancer software. Software that optimizes your web browser and is also advertising spyware that you can find out about here | No |
| X | webHancer Survey Companion | whSurvey.exe | WebHancertrackware - traffic measurement service that uses a client agent that is stealth installed on user machines, gathering detailed data about sites visited, their performance and, most important, what the user actually does while there | No |
| X | WebInstall | WebInstall.exe | ClipGenie adware downloader | No |
| X | WebInstall2 | WebInstall.exe | ClipGenie adware downloader | No |
| N | WebKey | WebKey.exe | WebKey from JB Utilities. Utility to keep track of login data required when browsing the internet | No |
| N | WebLink | WebLink.exe | Softex is a "cost-effective way to provide software updates, technical support or new product information to specific end-users - it can silently provide end-users with software updates, technical support and new product information customized to their specific needs through a persistent link" | No |
| N | WebOutfitterTray | sttray.exe | Intel WebOutfitter service System Tray icon | No |
| N | Webposition Gold 2 | wpsche~1.exe | Scheduler for Web Position Gold - utility to help optimize the position of web-sites in search engines | No |
| X | WebRebates0 | WebRebates0.exe | WebRebates adware | No |
| Y | Webroot Desktop Firewall | WDF.exe | Webroot Desktop Firewall | No |
| X | WebRun | [random filename] | Added by the ADWARELOADER TROJAN! | No |
| U | websaverlive | websaverlive.exe | WebSaver Live! is a companion program to Websaver that retrieves information from the Internet on a schedule and displays it on your screen when your computer is idle | No |
| X | WebSavingsfromEbates | WebSavingsfromEbatesrun.exe | Web Savings From Ebates Software, a shopping tool that opens pop-up windows | No |
| X | WebSavingsFromEbates0 | WebSavingsFromEbates0.exe | Web Savings From Ebates Software, a shopping tool that opens pop-up windows | No |
| U | WebScan | DEFSCANGUI.EXE | eAcceleration Stop-Sign security software related. Previously not recommended, see here | No |
| U | webscan | stopsignav.exe | eAcceleration Stop-Sign security software related. Previously not recommended, see here | No |
| Y | WebScanX | WebScanX.exe | From McAfee VirusScan up to version 4.x. Provides functionality for VShield Download Scan and Internet Filter modules. Enables internet scanning. Guards against malicious ActiveX programs, etc | No |
| X | websearch | wjview ...websearch.exe | "Web Savings" From Ebates Software, a shopping tool that opens pop-up windows | No |
| N | WebSecureAlert | WebSecureAlert.exe | WebSecureAlert - "helps to protect your browser security by monitoring for unauthorized tampering with Internet Explorer's security settings, and can help to protect your privacy by deleting your web surfing history on a regular basis". Not recommended as it bundles GAIN adware. You can get the adware free version for a whopping $30. Please note that Claria Corporation no longer support GAIN-Supported software - see here | No |
| ? | WebServer | VBI_SE~1.EXE | Related to a Pinnacle sound card. What does it do and is it needed? | No |
| U | Webshots | Webshots Tray.exe | Webshots - software that displays photos as your screensaver and wallpaper, and provides tools for sharing your personal photos on the web | No |
| U | Webshots | websho~1.exe | Webshots - software that displays photos as your screensaver and wallpaper, and provides tools for sharing your personal photos on the web | No |
| U | Webshots | Launcher.exe | Webshots - software that displays photos as your screensaver and wallpaper, and provides tools for sharing your personal photos on the web | No |
| U | Webshots | WebshotsTray.exe | Webshots - software that displays photos as your screensaver and wallpaper, and provides tools for sharing your personal photos on the web | No |
| X | Website Administrator Info | webadmin.exe | Added by the FORBOT-FY WORM! | No |
| X | WebSpecials | rundll32 [path] webspec.dll | WebSpecials spyware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| X | WebSUpdater | wupda.exe | Detected by Kaspersky as the STARTPAGE.C TROJAN! See here | No |
| X | Websx | Int*****.exe | Adult content dialler - where ***** are random | No |
| Y | Webtrap | webtrap.exe | Part of PC-Cillin anti-virus software. Checks web-sites for malicious Java and ActiveX elements in a similar way to McAfee WebScanX. A few users find it infuriating | No |
| Y | WebTrapNT.exe | WebTrapNT.exe | Part of PC-Cillin anti-virus software. Checks web-sites for malicious Java and ActiveX elements in a similar way to McAfee WebScanX. A few users find it infuriating | No |
| U | WebWasher | wwasher.exe | Free Pop-up/ad/javascript filter program from Siemens. If not running then browsers will not be protected but will still work. Available via Start -> Programs | No |
| X | WeirdOnTheWeb | WeirdOnTheWeb.exe | WeirdOnTheWeb adware | No |
| N | Welcome | Welcome.exe | Launches the Welcome to Windows tutorial on boot up | No |
| X | Welcome | winconfig.exe | Added by the GIP.113.B1 TROJAN! | No |
| X | Welcome | CONFIG.EXE | Added by the PSWGIP.B TROJAN! | No |
| ? | WEPstat | Wepstat.exe | Cisco Aironet 340 Series PC Card driver. If it can be started manually it shouldn't be required if you don't use the PC card facility regularily - hence the status could be "U". Can anybody confirm this? | No |
| X | wersds | doriot.exe | Added by the JECT.C TROJAN! | No |
| X | wersds.exe | doriot.exe | Added by the BAGLEDI-A TROJAN! | No |
| X | wescmv | [random filename] | Added by a variant of the SLAPER TROJAN! | No |
| X | wesumu | wiustv.exe | Added by the QQPASS-L TROJAN! | No |
| N | WetSock | wetsock.exe | RoboMagic Wetsock - weather reporting in the System Tray | No |
| N | wextract_cleanup0 | advpack.dll, DelNodeRunDLL32 [path] [filename].TMP | Wextract Cleanup0 is valid and legal software included or sold to help clean up temporary or cab files created by the installer software for a wide variety of software. It should disapear after a restart of the system. If not fix it | No |
| N | WFGStartup | WFGStartup.exe | World Weather. "This midlet displays the current weather conditions for major cities around the world. This version is for memory limited mobile phones" | No |
| U | wfips | iphider.exe | ICQ (messaging/chat program) anti-bomb software. "WFIPS is anti-bomb software for safeguarding ICQ Bomb before the bombing. 'ICQ Defoolder' is a tool for removing ICQ bomb after being exposed." For more information about ICQ bombs see here | No |
| N | WFXCTL32.EXE | WFXCTL32.EXE | From WinFax 10.0 and possibly earlier versions. Appears if you chose to have WinFax appear in the taskbar (System Tray) during installation and displays a yellow fax/telephone icon. Available via Start -> Programs | No |
| Y | wfxsnt40 | wfxsnt40.exe | WinFax 10.0 and maybe earlier versions. Used to initiate the WinFax port to enable printing to the WinFax printer (send a fax) from any application | No |
| ? | WFXSwtch | WFXSWTCH.exe | Related to WinFax. What does it do and is it required? | No |
| U | WG111v2 Smart Wizard Wireless Setting | RtlWake.exe | Configuration utility for the Netgear WG111 54 Mbps Wireless USB 2.0 Adapter that "provides wireless access to your desktop or notebook PC through the computer's USB port" | No |
| Y | WG511WLU | WG511WLU.exe | Netgear configuration programme for the 54g wireless lan card - required to monitor and manage the lan card | No |
| X | wgeax | wgeax.exe | Added by the IRCBOT-TM WORM! | No |
| X | wgs3 | wgs3.exe | Added by the LEGMIR-AQH TROJAN! | No |
| X | WGV | WGV.exe | Added by the ZIPPIE TROJAN! | No |
| U | WGWLocalManager | WGWLocalManager.exe | Part of Flash-Networks NettGain2000 product. NettGain 2000 is a combined hardware/software networking solution, which is designed to improve performance of satellite networks by increasing data transmission speeds and maximizing the existing bandwidth for complete utilization when sending TCP/IP applications over a satellite. It is needed when connecting to the internet via satellite to provide speed faster than 60k or so. It could be started by creating a shortcut, running it only when connecting to the internet. If internet is used often, it's recommended to leave it in startup so it starts with the system | No |
| Y | WgwMngr | WgwMngr.exe | Part of Flash-Networks NettGain2000 product. NettGain 2000 is a combined hardware/software networking solution, which is designed to improve performance of satellite networks by increasing data transmission speeds and maximizing the existing bandwidth for complete utilization when sending TCP/IP applications over a satellite. It is needed when connecting to the internet via satellite to provide speed faster than 60k or so | No |
| X | whagent | whagent.exe | System Tray application that starts up Webhancer software. Software that optimizes your web browser and is also advertising spyware that you can find out about here | No |
| X | What Frenz | FriendEQUALsuX.exe | Added by the BHARAT.A WORM! | No |
| U | WhatPulse | WHATPU~1.EXE | WhatPulse keeps track of your keystrokes, allowing you to find out just how much you type a day | No |
| U | WheelMouse | 4DMAIN.EXE | Mouse software for "Fellowes" Wheelman mouse. Has caused some users problems but shouldn't be needed if you don't use any enhanced features it may provide | No |
| U | WheelMouse | AMOUMAIN.EXE | A4Tech wireless mouse driver and utility - required if you use non-standard Windows driver features | No |
| X | WheelsMouse | [path to trojan] | Added by the SOCKSPR-D TROJAN! | No |
| X | WhenUSave | Save.exe | WhenU.Save adware | No |
| X | WhenUSearch | Search.exe | WhenU.Save adware | No |
| X | WhenUSearchWHSE | whse.exe | WhenU.Save adware | No |
| X | Whistler | whismng.exe | Added by the WHISTLER-F TROJAN! | No |
| X | Whitechix | brightx.exe | Added by a variant of the SDBOT WORM! | No |
| N | WhitephonePersonal | WhitePhonePersonal.exe | WhitePhone Personal from Voice Commerce Group - "provides free PC to PC calls globally and access to low cost calls to phones worldwide." Free internet telephony utility using the VoIP (Voice over Internet Protocol). No longer appears to be available | No |
| X | Whvlxd | Whvlxd.exe | Added by the ZAPCHAS-CS TROJAN! | No |
| X | whxpin service | ssvsol.exe | Added by a variant of the SDBOT WORM! | No |
| X | wiascr | wiascr.exe | Added by the AGENT.AM TROJAN! Note - example names include "XviD", "Winamp Remote", "Windows Media Player" and "Futuremark" | No |
| N | WIAWizardMenu | RUNDLL32.EXE sti_ci.dll, WiaCreateWizardMenu | Still Image Class Installer - installed with a webcam | No |
| X | Widnows Xp Web scan | xpscan.exe | Added by a variant of the SDBOT WORM! | No |
| X | wifeman | wifeman.exe | Unidentified malware | No |
| X | Wifi Boot | wifiboot.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Wifi Booter | wifibooter.exe | Added by the IRCBOT.ATH BACKDOOR! | No |
| X | Wifi Configuration | wificonfig.exe | Added by the IRCBOT.AWB BACKDOOR! | No |
| X | Wifi Configuration! | wificonfigs.exe | Added by the IRCBOT.AWB BACKDOOR! | No |
| X | Wifi Connection | wificon.exe | Added by the SLENFBOT.AC WORM! | No |
| X | Wifi Connection! | wificonnect.exe | Added by the IRCBOT.XEL BACKDOOR! | No |
| X | Wifi Debug | wifidebug.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Wifi Loader | wifiload.exe | Added by the IRCBOT.XEL BACKDOOR! | No |
| X | Wifi Loader! | wifiloader.exe | Added by the IRCBOT.XES BACKDOOR! | No |
| X | Wifi Setup | wifisetup.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | WiFix service | [random filename] | Added by a variant of the SDBOT WORM! | No |
| X | WildFlics | WildFlics.exe | Direct-B premium rate adult content dialler | No |
| ? | WildTangent CDA | RUNDLL32.exe cdaEngine0400.dll, cdaEngineMain | Part of the WildTangent on-line games system. What does it do and is it required? | No |
| U | WildTangent Web Driver updater | wcmdmgrl.exe | Web Driver delivery system for WildTangent on-line games. Periodically checks for updates - can be disabled within the programs control panel. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case | No |
| N | Wildwire Monitor | WWMon.exe | This places a status icon on the taskbar for the DSL WildWire Tiger Modem. This is also a shortcut to the diagnostics utility for the DSL modem | No |
| N | Willow Road | WillowRoad.exe | Willow Road Screen Saver | No |
| X | WillPolo | WillPolo.vbs | Added by the SOLOW.AF VIRUS! | No |
| X | wimpas | wimpas.exe | Added by the AGENT2.FGG TROJAN! | No |
| X | win | regedit -s ..win.dll | Added by the SEEKER.K TROJAN! | No |
| X | win | xwinxrpc32.exe | Added by the AGOBOT-MV WORM! | No |
| X | win | xwinxrpc.exe | Added by the AGOBOT-MV WORM! | No |
| X | WIN | ehshell.exe | Added by the MYTOB-CQ WORM! | No |
| X | WIN | windows.exe | Added by the REATLE.C WORM! | No |
| U | win | homesec.exe | Related to the Sentry Parental Controls software | No |
| X | Win Antivir 2008 | Win Antivir 2008.exe | Win Antivir 2008 rogue security software - not recommended, see here | No |
| X | Win Antivirus 2008 | Win Antivirus 2008.exe | Win Antivirus 2008 rogue security software - not recommended, see here | No |
| U | Win Chimes | winchi~1.exe | WinChimes - enhancement software for the system clock that runs in the system tray | No |
| X | Win Comm | WinComm.exe | Added by the WINCOM TROJAN! | No |
| X | Win Command | command32.exe | Added by the AGOBOT.XQ WORM! | No |
| X | Win Config | winconfig.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Win CPU | sysin.pif | Added by the RBOT-AXL WORM! | No |
| X | win ctl app | wuctl.exe | Added by a variant of the SDBOT WORM! | No |
| X | Win Defrag | windfrag.exe | Added by a variant of the SDBOT WORM! See here | No |
| X | Win Defrag! | windefrag.exe | Added by a variant of the SDBOT WORM! See here | No |
| X | Win Defrags | defrag.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Win Drivers SSL | hpws.exe | Added by the IRCBOT.67098 WORM! | No |
| X | Win Drivers SSL | TASKMAN4.exe | Added by a variant of the RBOT WORM! | No |
| X | Win Drivers SSL32 | hpwsnnsbc.exe | Added by the SPYBOT.MAR WORM! | No |
| X | Win exe file managr | crss.exe | Added by the RBOT.CCI WORM! | No |
| X | WIN HOST PROCESS | WIN HOST PROCESS.EXE | Added by the KEYLOGGER.CLONE TROJAN! | No |
| X | Win INI 32 | msrp32.exe | Added by the RBOT-FZC WORM! | No |
| X | Win l5oahder | winampa.exe | Added by a variant of the RBOT WORM! Note - this is NOT associated with the popular Winamp media player. The valid file for the Winamp Agent resides in a "Winamp" subdirectory of the Program Files directory | No |
| X | Win Login | winlogin.exe | Added by the RBOT-AWE WORM! Note - this trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder | No |
| X | Win Microsoft 98 | win14.exe | Added by the RBOT-AKX WORM! | No |
| ? | win name | stat.exe | ?? | No |
| X | Win Net Wks32 | netwks32.exe | Added by the RBOT.AA WORM! | No |
| X | Win Patch | ntldr.exe | Added by the SDBOT-GS WORM! | No |
| X | Win Process Updates | winupdates.exe | Added by a variant of the SDBOT WORM! | No |
| X | Win Prosess0r | [random filename] | Added by the RBOT-BIT WORM! | No |
| X | WIN prosessor16 | [random filename].exe | Added by a variant of the SDBOT WORM! | No |
| X | Win Proxy32 Protocol | bsvtem.exe | Added by a variant of the SDBOT WORM! | No |
| X | Win Secure Update | [random filename] | Added by the RBOT-AGI WORM! | No |
| X | Win Security | msw32.pif | Added by the RBOT-AQT WORM! | No |
| X | Win Security | winsecure.exe | Detected by Trend Micro as the IRCBOT.AVE BACKDOOR! See here | No |
| X | Win Server | winserv.exe | Added by the IMISERV.A TROJAN! | No |
| X | Win Server Updt | wupdt.exe | Added by the IMISERV.A TROJAN! | No |
| X | Win Server Updt | winserver.exe | Added by a variant of the IMISERV TROJAN! | No |
| X | Win Server Updt | pxckdla.exe | IEPlugin adware | No |
| X | Win SSL | SP2s.exe | Added by the RBOT.BBI WORM! | No |
| X | Win Sync montr | winsyncupx.exe | Detected by Kaspersky as the RBOT.BYJ TROJAN! See here | No |
| X | Win TaskLoader | msgmr.exe | Added by the MYTOB.L WORM! | No |
| X | win update | wupda32.exe | Added by the SDBOT.J WORM! | No |
| X | win update | wapdate.exe | Added by a variant of the RBOT WORM! | No |
| X | Win Update | SysUpdate.exe | Added by the AGOBOT-TN WORM! | No |
| X | Win Update | oleupdate.exe | Added by the AGENT-UY TROJAN! | No |
| X | Win Update | msnmger.exe | Added by the RBOT-GDP WORM! | No |
| X | Win Updater | WINUPDATER.EXE | Added by the RBOT.IP WORM! | No |
| X | Win Updator Services | ctfnom.exe | Added by a variant of the WOOTBOT WORM! | No |
| X | WIN USB 2.0 | usbsystem.exe | Added by an unidentified WORM of TROJAN! | No |
| X | WIN USB 2.0 | winusb.exe | Added by a variant of the RBOT WORM! | No |
| X | Win USB 2.0 USB Driver | HPPrint.exe | Added by the SPYBOT.DNB WORM! | No |
| X | WIN USB SUPPORT | grxsrv.exe | Added by a variant of the RBOT WORM! | No |
| X | Win Validation Application | DBExecCom.exe | Added by the VBSILLY-A WORM! | No |
| X | Win WinAmp | winamp.exe | Added by the RBOT.AGF WORM! Note - this is NOT the popular Winamp media player which resides in a "Winamp" subdirectory of the Program Files directory. This file is located in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| X | win************* [* = random digit] | win*************.exe [* = random digit] | WINBO adware | No |
| X | WIN-BUGSFIX | WIN-BUGSFIX.EXE | Added by the LOVELETTER (I LOVE YOU) VIRUS! | No |
| X | win-xp | nvsc32.exe | Added by the BROPIA.N WORM! | No |
| X | win-xp | winis.exe | Added by the BROPIA.N WORM! | No |
| X | win.exe | win.exe | Added by the PODROP-C TROJAN! | No |
| U | win16.dll | win16dll.exe | Screenspy captures screenshots silently. If you didn't install this yourself, remove it | No |
| X | win23.exe | win23.exe | Detected by Kaspersky as the BIFROSE.BSJ TROJAN! See here | No |
| X | Win2Drv | [worm filename] | Added by the WINTOO WORM! | No |
| X | WIN32 | WIN32.EXE | Added by the RATEGA TROJAN! | No |
| X | win32 | Shakira_1997_Part_1_.Mpeg_.scr | Added by the MYLIFE.N WORM! | No |
| X | win32 | Setup_32.exe | Added by the EVILBOT.B TROJAN! | No |
| X | Win32 | Win32.exe | Added by the ISRAZ.A WORM! | No |
| X | win32 | winsrv32.exe | Added by the ADUENT TROJAN! Acts as a hi-jacker redirecting to Surferbar.com and adult content sites | No |
| X | win32 | WinSetup.exe | Added by the EVILBOT.B TROJAN! | No |
| X | Win32 | system32.vbs | Added by the SWERUN VIRUS! | No |
| X | Win32 | Game.exe.vbs | Added by the SCAFENE WORM! | No |
| X | Win32 | arsetup.exe | Added by the SPAZBOX.A TROJAN! | No |
| X | win32 | winhost.exe | Added by the BROPIA.J WORM! | No |
| X | Win32 | winnnit.exe | Added by a variant of the SDBOT WORM! | No |
| X | Win32 | msnsrv.exe | Added by a variant of the SDBOT WORM! | No |
| X | Win32 | sysmon.exe | Added by the MYTOB-HQ TROJAN! | No |
| X | Win32 | zaq.exe | Added by the RBOT-GCE WORM! | No |
| X | Win32 Bios | Winbios.exe | Added by the SEMAPI-A WORM! | No |
| X | Win32 Configuration | videosd32.exe | Added by the SDBOT.TT WORM! | No |
| X | Win32 Configuration | dllhelp.exe | Added by the SDBOT.UL WORM! | No |
| X | Win32 Configuration | mplayer.exe | Added by the FORBOT-BZ WORM! | No |
| X | Win32 Critical File | Win32.exe | Added by the RBOT-GUB WORM! | No |
| X | WIN32 DDOSSER | dos.exe | Added by the KELVIR.F WORM! | No |
| X | Win32 Debug Manager | Win32Debug.exe | Added by a variant of the WOOTBOT WORM! | No |
| X | Win32 Debug Manager | microsoftupd.exe | Added by the RBOT-GRJ WORM! | No |
| X | Win32 Device Loader | Win32ldr.exe | Added by a variant of the AGOBOT/GAOBOT WORM! | No |
| X | Win32 Driver | svchosts.exe | Added by the FORBOT-FD WORM! | No |
| X | Win32 Drivers | winlogons.exe | Added by the FORBOT-FG WORM! | No |
| X | Win32 DRK Driver | wdrk32.exe | Added by the WOOTBOT.CY WORM! | No |
| X | Win32 exe file | winstr32.exe | Added by a variant of the SPYBOT WORM! | No |
| X | Win32 Explorer | Explorer32.exe | StartPa-MN homepage hijacker | No |
| X | Win32 Firewall Driver | winfw.exe | Added by a variant of the RBOT WORM! | No |
| X | Win32 FireWire Driver | CTHELPER32.EXE | Added by the WOOTBOT TROJAN! | No |
| X | Win32 FRT Driver | msfr32.exe | Added by a variant of the FORBOT WORM! | No |
| X | Win32 Help32 Service | win32help.exe | Added by the DELBOT-U WORM! | No |
| X | Win32 Info | windowsnfo.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | Win32 Information Service | crsrs.exe | Added by the RINBOT.Y WORM! | No |
| X | win32 internet server | winserver.exe | Added by the DERMON-D TROJAN! | No |
| X | Win32 Kernel core component | Kernel32.pif | Added by the MOKS VIRUS! | No |
| X | Win32 Kernel Update | win32update.exe | Added by the PROXY-BS TROJAN! | No |
| X | Win32 LSA Driver | lsa.exe | Added by the FORBOT-FJ WORM! | No |
| X | Win32 Ms Auto Updater | AutomsUPD.exe | Added by a variant of the RBOT WORM! | No |
| X | Win32 NDIS | Ndiswin.exe | Added by the RBOT.AMG WORM! | No |
| X | Win32 NDIS Driver | xpndis.exe | Added by a variant of the RBOT WORM! | No |
| X | Win32 NDIS Driver | Ndistcp.exe | Added by the WOOTBOT.EU WORM! | No |
| X | Win32 Network Driver | crss.exe | Added by a variant of the AGOBOT/GAOBOT WORM! | No |
| X | Win32 NT Adv Services | taskmngr.exe | Added by the RBOT-ADE WORM! | No |
| X | Win32 nvc | nvcva.exe | Added by the RBOT-ABF WORM! | No |
| X | Win32 NVIDIA Driver | MSPMSPSU.EXE | Added by a variant of the WOOTBOT.Y WORM! | No |
| X | win32 regedit | msn32.exe | Added by an unidentified WORM or TROJAN! | No |
| X | Win32 Rundll Loader | Rundll32.exe | Added by the SDBOT.A TROJAN! Note - this is not to be confused with the legitimate rundll32.exe file! | No |
| X | Win32 Secure | msconfigsvc.exe | Added by a variant of the SDBOT WORM! | No |
| X | Win32 Security Protocol | secure32.exe | Added by the RBOT-ETI WORM! | No |
| X | Win32 Security Service | crsss.exe | Added by the DELBOT-O WORM! | No |
| X | win32 security updates downloader | tskmngr.exe | Added by a variant of the SDBOT WORM! See here | No |
| X | Win32 Service | bazzi.exe | Added by the AHKER.E WORM! | No |
| X | Win32 Services | odbc32.exe | Added by the SPYBOT-EK WORM! | No |
| X | Win32 Services Config | winwkys.exe | Added by the RBOT.BKY WORM! | No |
| X | Win32 Services1 | wuamngr1.exe | Added by the SDBOT-PV WORM! | No |
| X | Win32 Src Service | win32src.exe | Added by the RBOT-SX WORM! | No |
| X | Win32 SSL Driver | winssv.exe | Added by the FORBOT-BH WORM! | No |
| X | Win32 Svchosts Driver | svchosts.exe | Added by the FORBOT-FO WORM! | No |
| X | Win32 System Kernel | winservice.exe | Added by the SDBOT.KIN WORM! | No |
| X | win32 system server | winserver.exe | Added by the DERMON-A TROJAN! | No |
| X | Win32 System Spool | spoolsvc.exe | Added by the SDBOT.UK WORM! | No |
| X | Win32 Test | bleatest.exe | Added by a variant of the RBOT WORM! | No |
| X | Win32 Update | svchosts.exe | Added by a variant of the SDBOT WORM! | No |
| X | Win32 Update | dl32.exe | Added by an unidentified WORM or TROJAN! | No |
| X | win32 update service | svchostt.exe | Added by a variant of the SDBOT WORM! | No |
| X | Win32 USB Driver | winxpinit.exe | Added by the SDBOT.AA TROJAN! | No |
| X | Win32 USB Driver | mvsecn.exe | Added by the FORBOT-BK WORM! | No |
| X | Win32 Usb Driver | svhosint32.exe | Added by the FORBOT-BE or FORBOT-J WORMS! | No |
| X | Win32 Usb Driver | usb32.exe | Added by the SDBOT-OV WORM! | No |
| X | Win32 Usb Driver | AvpG.exe | Added by the FORBOT-BX WORM! | No |
| X | Win32 USB2 | wins32.exe | Added by a variant of the RBOT WORM! | No |
| X | Win32 USB2 Driver | win32usb.exe | Added by the SPYBOT.DHV WORM! | No |
| X | Win32 USB2 Driver | smsc.exe | Added by the SDBOT.FO WORM! | No |
| X | Win32 USB2 Driver | svchosting.exe | Added by the FORBOT.J or SDBOT.HU WORM! | No |
| X | Win32 USB2 Driver | sys32.exe | Added by the WOOTBOT.X WORM! | No |
| X | Win32 USB2 Driver | sys32snd.exe | Added by the FORBOT-AN WORM! | No |
| X | Win32 USB2 Driver | wind32.exe | Added by the FORBOT-AH WORM! | No |
| X | Win32 USB2 Driver | winupdate.exe | Added by the AGOBOT.YE WORM! | No |
| X | Win32 USB2 Driver | updatemgr.exe | Added by a variant of the FORBOT WORM! | No |
| X | Win32 USB2 Driver | winsnd32.exe | Added by a variant of the SDBOT WORM! | No |
| X | Win32 USB2 Driver | msn.exe | Added by the FORBOT-EX WORM! | No |
| X | Win32 USB2 Driver | syscfg32.exe | Added by the FORBOT-R WORM! | No |
| X | Win32 USB2 Driver | algg.exe | Added by the TIBS.BF WORM! | No |
| X | Win32 USB2.0 Driver | 386.exe | Added by the IRCBOT.D WORM! | No |
| X | Win32 USB2.0 Driver | rundll16.exe | Added by the WOOTBOT.H WORM! | No |
| X | Win32 USB2.0 Driver | w32usb2.exe | Added by the SPYBOT.DN WORM! | No |
| X | Win32 USB2.0 Driver | service.exe | Added by the SDBOT-QF WORM! | No |
| X | Win32 USB3 Driver | win32tool.exe | Added by a variant of the RBOT WORM! | No |
| X | Win32 Wmls Driver | winitr32.exe | Added by the WOOTBOT.B WORM! | No |
| X | Win32 Word Services | msword32.exe | Added by a variant of the RBOT WORM! | No |
| X | win32.exe | win32.exe | Added by the STARTPAGE TROJAN! | No |
| X | Win32.exe | Win32.exe | Added by the AWQ.A TROJAN! | No |
| X | Win32.Exploit.mzH | mzrun.exe | Added by the PAINTER TROJAN! | No |
| X | Win32.Trojan.Downloader | netstat2.exe | Added by the PAINTER TROJAN! | No |
| X | Win32BaseServiceMOD | Wintask.exe | Added by the NAVIDAD WORM! | No |
| X | win32beta | win32sys4.exe | Added by the BANKER-DA TROJAN! | No |
| X | win32clf | win32clf.exe | Added by an unidentified VIRUS, WORM or TROJAN! | No |
| X | win32debug | win32debug.exe | Added by the GUDEB WORM! | No |
| X | Win32DLL | Win32DLL.vbs | Added by the LOVELETTER (I LOVE YOU) VIRUS! | No |
| X | Win32dll | Win32dll.exe | Added by the BANPAES TROJAN! | No |
| X | WIN32DS | clienttimer.exe | Eziin adware | No |
| X | Win32G | Kernel32.com | Added by the ESTRELLA TROJAN! | No |
| X | Win32G | Scandisk.com | Added by the ESTRELLA TROJAN! | No |
| X | win32gb | win32gb.exe | Added by the DLUCA-F TROJAN! | No |
| X | Win32Host Process | webemir.exe | Added by the TURGEN -A TROJAN! | No |
| X | win32info | win32info.exe | Adult content dialler | No |
| X | win32ini | systroy.exe | Added by the IRC.ALADINZ.C TROJAN! | No |
| X | WIN32io | clienttimer.exe | Eziin adware | No |
| X | win32Kernel | findx.exe | Added by the BANLOA-EY TROJAN! | No |
| X | Win32KernelStart | microsoft.exe | Added by the DELF-EWZ TROJAN! | No |
| X | Win32R | Server.com | Added by the ESTRELLA TROJAN! | No |
| X | WIn32S Java DLL | kavsvx.exe | Added by the AGOBOT-RZ WORM! | No |
| X | win32serv | devicer.exe | Added by the CHECKOUT WORM! See here | No |
| X | win32serv | servicesetup.exe | Added by a variant of the PUSHBOT WORM! A family of worms that spread using MSN Messenger | No |
| X | win32serv | systemdevices.exe | Added by a variant of the PUSHBOT WORM! A family of worms that spread using MSN Messenger | No |
| X | win32servv | load.exe | iSearch adware | No |
| X | win32servv | ms1.exe | iSearch adware | No |
| Y | WIN32SL | Win32sl.exe | Part of Dell OpenManage Client Instrumentation - software that allows remote management application programs to access information about, monitor the status of or change the state of the client computer, such as shutting it down remotely. Uses the DMI and/or common information model (CIM) protocols, which are systems management protocols defined by industry standards. The specific function of this is to load MIF's in order for Dell OpenManage Client to work | No |
| X | WIN32SNDS | banc.exe | Added by an unidentified WORM or TROJAN! | No |
| X | Win32system | [random filename] | Added by the DDV.B WORM! | No |
| X | Win32System | win32s.exe | Added by the MYDOOM.V WORM! | No |
| X | Win32SystemMonitor | ***.exe [* = random char] | Browser hijacker | No |
| X | Win32SysV | xin.exe | Added by the FORBOT-EO WORM! | No |
| X | win32us | win32us.exe | All-In-One-Telcom (adult content dialler) variant | No |
| X | win32usbd | ssrs.exe | Added by the RBOT-RA WORM! | No |
| X | Win32Usr | WinCab.exe | Added by the DEDMIR-A WORM! | No |
| X | WIN32WN | system_wc.exe | Eziin adware | No |
| X | win32_i lptt01 | win32_i.exe | RapidBlaster variant (in a "win32_i" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here | No |
| X | win32_i ml097e | win32_i.exe | RapidBlaster variant (in a "win32_i" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here | No |
| X | Win386 | Win386.exe | Added by the GOSUSUB VIRUS! | No |
| X | Win386 | sp32.dll | Homepage hijacker. Not a dll but a regfile in disguise | No |
| X | WIN3S2SNDS | winabsmod.exe | Added by the AGENT.DN TROJAN - known to BOClean as "CWS/INDEX", "shuts down anything that wants to open and is used as a spam proxy as well" | No |
| X | WIN3S2SNDS | winiprtx.exe | Added by the AGENT.DN TROJAN - known to BOClean as "CWS/INDEX", "shuts down anything that wants to open and is used as a spam proxy as well" | No |
| X | Win64 Compatibility Check | load win64.drv | CoolWebSearch parasite variant | No |
| X | WIN95DEFVIEW | [path to file] | Added by the DEDLER-D TROJAN! | No |
| X | WIN95DEFVIEW | csmss.exe | Added by the DEDLER-D TROJAN! | No |
| X | win98 DNS | wingrd.exe | Added by a variant of the RBOT WORM! | No |
| X | winabc | rundll32.exe [Temp][ORIGFILENAME].DLL, InstallLaunchEv | Added by the LINEAGE-PN TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| X | WinAble | winable.exe | Added by the MATCASH.BG TROJAN! | No |
| X | WinAC v4 | klsuicbn.exe | Added by the FORBOT-CS WORM! | No |
| U | Winacsr | Winacsr.exe | AceScreenSpy keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| X | winactive | WINACTIVE.EXE | WinActive variant of the LOP.com hijacker | No |
| X | WinActiveJ | WinActiveJ.exe | Added by the ROTARRAN VIRUS! | No |
| X | Winad Client | Winad.exe | WinAd adware by eXact Advertising | No |
| X | WinAdCnt.exe | WinAdCnt.exe | Added by the BANKER-BU TROJAN! | No |
| X | winadm | winadm.exe | Browser hijacker - redirecting to Search-World.net. Related to the SMALL.AEX TROJAN! | No |
| ? | WinAgent | WinAgent.exe | Standard Life Insurance program. Is it required at startup? | No |
| X | Winahlp.exe | Winahlp.exe | Added by a variant of the VAGRNOCKER TROJAN! | No |
| X | winallap | winallap.exe | Added by the DELF.E TROJAN! | No |
| X | winallapu | winallapu.exe | Added by the DELF.E TROJAN! | No |
| X | Winamp | winamp.hta | Hijacker - re-directing to adult content sites. Note - this isn't the real Winamp | No |
| X | Winamp | winamp.exe | Added by the AGOBOT.XI WORM! Note - this is NOT the popular Winamp media player | No |
| X | WinAMP | winamp62.exe | Added by the SDBOT-WN WORM! | No |
| N | Winamp | winamp.exe | Winamp media player. Resides in a "Winamp" subdirectory of the Program Files directory | No |
| X | Winamp Agent | winamp.exe | Added by a variant of the RBOT WORM! Note - this is NOT the popular Winamp media player. The valid filename for the Winamp Agent is "winampa.exe" - see here | No |
| X | Winamp Media | qmedia.exe | Added by the DIAZMON-A TROJAN! | No |
| X | Winamp media player | winapa.exe | Added by an unidentified VIRUS, WORM or TROJAN! | No |
| X | Winamp Media Player | winamap.exe | Detected by PCTools as the SDBOT.ACJM BACKDOOR! See here | No |
| X | Winamp Media Player | winamp.exe | Added by a variant of the IRCBOT BACKDOOR! See here. Note - this is NOT the popular Winamp media player which resides in a "Winamp" subdirectory of %ProgramFiles% | No |
| X | WinAmp Player | winampp.exe | Added by the RBOT-AQI WORM! Note - this is NOT the popular Winamp media player which has a different filename | No |
| X | Winamp Player 6 | Winamp6.exe | Added by a variant of the SPYBOT WORM! | No |
| U | Winamp to Google Talk | winamptogoogletalk.exe | Winamp to Google Talk, available here shows your current Winamp track in your Google Talk status | No |
| X | Winamp Update | yhn.exe | Added by the SDBOT-ACR WORM! | No |
| U | Winampa | WINAMPa.exe | Loads the System Tray icon for the popular Winamp media player - see here. Can be used to mantain file associations so programs like QuickTime and RealPlayer don't take over as default player for various media types. Available via Start -> Programs. Resides in a "Winamp" subdirectory of the Program Files directory | No |
| X | Winampa | winampa.exe | Added by the AGOBOT-GS TROJAN! ! Note - this is NOT associated with the popular Winamp media player. The valid file for the Winamp Agent resides in a "Winamp" subdirectory of the Program Files directory whereas this file is located in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| X | Winampa Agent | WINAMPA.EXE | Added by a variant of the RBOT WORM! Note - this is NOT the popular Winamp media player. The valid filename for the Winamp Agent is "winampa.exe" - see here | No |
| U | WinampAgent | WINAMPa.exe | Loads the System Tray icon for the popular Winamp media player - see here. Can be used to mantain file associations so programs like QuickTime and RealPlayer don't take over as default player for various media types. Available via Start -> Programs. Resides in a "Winamp" subdirectory of the Program Files directory | No |
| X | WinAmpAgent | Msexploren.exe | Added by the BDOOR-EB BACKDOOR! Note - this is NOT the popular Winamp media player which has a different filename | No |
| X | WinAmpAgent | Shch.exe | Added by the BDOOR-EB BACKDOOR! Note - this is NOT the popular Winamp media player which has a different filename | No |
| X | WinAmpAgent | svchst.exe | Added by the BDOOR-EB BACKDOOR! Note - this is NOT the popular Winamp media player which has a different filename | No |
| X | WinAmpAgent | Winagent.exe | Added by the BDOOR-EB BACKDOOR! Note - this is NOT the popular Winamp media player which has a different filename | No |
| X | WinAmpAgent | msnexploren.exe | Added by the TACTSLAY.B TROJAN! | No |
| X | WinAmpAgent | sdhch.exe | Added by the TACTSLAY.B TROJAN! | No |
| X | WinAnonymous | GDC.exe | WinAnonymous spyware remover - not recommended, see here | No |
| X | WinAntiSpyware 2005 | was5.exe | WinAntiSpyware 2005 spyware remover - not recommended, see here | No |
| X | WinAntiSpyware 2006 Scanner | was6.exe | WinAntiSpyware 2006 rogue spyware remover - not recommended, see here | No |
| X | WinAntiSpyware 2007 | was7.exe | WinAntiSpyware 2007 spyware remover - not recommended, see here | No |
| X | WinAntispyware2008 | WinAntispyware2008.exe | WinAntispyware2008 rogue spyware remover - not recommended, see here | No |
| X | WinAntiVirus Pro 2007 | WinAV.exe | WinAntiVirus Pro 2007 rogue anti-virus software - not recommended, see here | No |
| X | WinAntiVirusPro2006 | WinAV.exe | WinAntiVirus Pro 2006 rogue virus software - not recommended, see here | No |
| X | WinApi | winapix.exe | Added by a variant of the TIBSER.A downloader TROJAN! | No |
| X | WINAPLOGUPD | WINAPLOGUPD.EXE | Added by the CAPSIDE-C WORM! | No |
| X | Winapp | winpup32.exe | Produces popup ads to adult content sites | No |
| X | WinApp32 | msapp.exe | Added by the RSBOT TROJAN! | No |
| U | WinAppLog | svchost.exe | StingKeyLogger keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| X | WinAuth | winlogon.exe | Hijacker, also indentified as the STRTPAGE.BE TROJAN! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup and is always located in the System32 folder. This file is placed in the Windows or Winnt folder | No |
| X | WinAvX | WinAvX.exe | WinAntiSpyware spyware remover - not recommended, see here | No |
| X | WinAVX | WinAvXX.exe | Added by the FAKEAVALERT TROJAN! | No |
| X | WinAwk | WinAwk.exe | Added by the SDBOT-AYF WORM! | No |
| U | WinBackup Scheduler | Wbsched.exe | LIUtilities WinBackup scheduler - backup software | No |
| U | WinBar | WinBar.exe | "WinBar is a free and compact program that lets you monitor your system and provides easy access to frequently used controls" | No |
| X | winbar.pif | packe.pif | Added by the RBOT-AVI WORM! | No |
| X | Winbed | winbed.exe | Hijacker | No |
| X | Winbin | swchost.exe | Added by the RBOT.CLS WORM! | No |
| X | winbin32 | win32exe.exe | Added by the RBOT-ZL WORM! | No |
| X | winbo32 | winbo32.exe | Added by the RBOT-GRU WORM! | No |
| X | winboot | winboot.exe | Added by the BANLOAD-W TROJAN! | No |
| X | winbot | winbot.exe | Added by the MIDRUG-A TROJAN! | No |
| U | WinBrush | winbrush.exe | WinBrush - "handy tool that keep your privacy and make your system clean. It works by cleaning up your tracks (document histories, recent opened files from popular software, cookies, temporary internet files, etc)" | No |
| X | WinButler | WinButler.exe | Identified as a variant of the Trojan-Dropper.Agent.DKN malware | No |
| X | WinCheck | WinCheck.exe | Added by the PWS-CY TROJAN! | No |
| X | WinCheck | services.exe | Added by the SOBER.S WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\ConnectionStatus\Microsoft | No |
| X | WinCheck | check.exe | Added by the DELBOT-Y WORM! | No |
| X | winchost | winchost.exe | Added by the DLOADER-PO TROJAN! | No |
| N | WINCINEMAMGR | WINCIN~1.EXE | WinCinema_Manager is needed when using the WinDVD Remote Control for WinDVD from Intervideo. Available via Start -> Programs | No |
| N | WinCinemaMgr | WinCinemaMgr.exe | WinCinema_Manager is needed when using the WinDVD Remote Control for WinDVD from Intervideo. Available via Start -> Programs | No |
| U | WINCINEMAMGR | WinRemote.exe | InterVideo WinCinema Manager - needed for the use of WinDVD Remote Control | No |
| X | winclean | winclean.exe | Added by the AGENT.GXR TROJAN! | No |
| X | wincls | rundll32.exe wincls.dll,start | Added by the AKBOT-AR WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "wincls.dll" file is found in %System% | No |
| X | wincmap | wincmapp.exe | CasClient adware variant - also detected as the CMAPP TROJAN! | No |
| U | WinColorReminder | WinColorReminder.exe | The Microsoft Color Control Panel Applet for Windows XP "helps you manage Windows color settings in one place." Part of the Pro Imaging Powertoys | No |
| X | WinCore32.exe | WinCore32.exe | Added by the CLICKER-EN TROJAN! | No |
| X | wincrt.exe | [path to worm] | Added by the STRATIO-HA WORM! | No |
| X | WinCRT32 | wincrt32.exe | Added by the DOGBOT-D WORM! | No |
| X | WinCSRSS | MSGRT32.EXE | Added by the REWINDO-A TROJAN! | No |
| X | winctl | winctl.exe | Added by the IRCBOT-YI TROJAN! | No |
| X | WINCX | wincore332.exe | Added by the AGOBOT-MG WORM! | No |
| X | Wind Logd File | servicelogd.exe | Added by a variant of the RBOT WORM! | No |
| X | Wind Security | mswi32.pif | Added by the RBOT-ARH WORM! | No |
| X | wind.exe | wind.exe | Added by the MITGLIEDER.BD TROJAN! | No |
| X | WIND0WS | WIND0WS.exe | Added by the SPYBOT.DQ WORM! | No |
| X | WIND0WS | mella.bat | Added by the ALLEM WORM! | No |
| X | Wind0ws | wordpad.exe | Added by the AGOBOT-TL WORM! Note - this is not the legitimate Windows application wordpad.exe (which is found in the Program FilesAccessories folder) which should not normally be seen in Msconfig or as a Startup item. This file is loacted in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| X | Wind0ws Ser7ice Agent | colwindos.exe | Added by the RBOT-GQO TROJAN! | No |
| X | Wind0ws Sharing | ssprotecter.exe | Added by the RBOT-AHW WORM! | No |
| X | Wind32 | Wind32.exe | Identified as a variant of the Backdoor.Win32.Poison.avs malware | No |
| X | WinData | services.exe | Added by the SOBER.AA WORM! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "PoolData" subfolder of the Windows or Winnt folder | No |
| N | WinDates | windates.exe | WinDates is a calendar, date organizer and event reminder program from Rockin' Software | No |
| X | windbs | winxtc.exe | Added by the AGOBOT-WD WORM! | No |
| X | Winde | winde.exe | Added by the DLUCA TROJAN! | No |
| X | windef | Win32sp.vbs | Added by the ANPES WORM! | No |
| X | windef | windef.exe | Added by the WURMARK-O WORM! | No |
| X | windefender | windefender.exe | Added by the AGENT.BYH TROJAN! | No |
| X | WinDefender2009 | windef.exe | WinDefender 2009 rogue security software - not recommended, removal instructions here | No |
| X | Windeows NetStart Service2 | tesakrmger.exe | Added by the RBOT-AMY WORM! | No |
| X | WinDevils | WinDevils.exe | Added by the BRONTOK-BS WORM! | No |
| X | windhost.exe | osrwin32.exe | Added by the BANKER-CB TROJAN! | No |
| X | windhost.exe | windhost.exe | Added by the BANKER-BV TROJAN! | No |
| X | windhost.exe | winos.exe | Added by the PWSAGENT-A WORM! | No |
| X | windir | winrun.exe | Added by the WINBUR.B WORM! | No |
| X | Windir Working | wuaumqr1.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | Windll | Windll.exe | Added by the TRYNOMA TROJAN! | No |
| U | WINDLL | WSYS.EXE | STARR key logger. "It logs almost everything that goes through the box. It logs all key strokes, all passwords transacted even if they weren't keyed in, all web sites visited, every program launched including the path to that program, and more" | No |
| X | windll | windll32.exe | Added by the ASTEF or RESPAN WORMS! | No |
| X | WinDLL (algs.exe) | rundll32.exe algs.exe,start | Detected by Kaspersky as the AKBOT.E BACKDOOR! See here. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "algs.exe" file is found in %System% | No |
| X | WinDLL (aqls32.exe) | aqls32.exe | Added by a variant of the IRCBOT BACKDOOR! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "aqls32.exe" file is found in %System% | No |
| X | WinDLL (asdfsa.exe) | rundll32.exe asdfsa.exe,start | Added by a variant of the IRCBOT BACKDOOR! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "asdfsa.exe" file is found in %System% | No |
| X | WinDLL (bee.dll) | rundll32.exe bee.dll,start | Added by a variant of the IRCBOT BACKDOOR! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "bee.dll" file is found in %System% | No |
| X | WinDLL (bix.exe) | rundll32.exe bix.exe,start | Detected by Kaspersky as the KOLAB.OL WORM! See here. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "bix.exe" file is found in %System% | No |
| X | WinDLL (csmss.exe) | rundll32.exe CSMSS.EXE,start | Added by the AKBOT.U WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "CSMSS.EXE" file is found in %System% | No |
| X | WinDLL (ctfmonm.exe) | rundll32.exe ctfmonm.exe,start | Added by a variant of the IRCBOT BACKDOOR! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "ctfmonm.exe" file is found in %System% | No |
| X | WinDLL (dasda.com) | rundll32.exe dasda.com,start | Added by a variant of the IRCBOT BACKDOOR! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "dasda.com" file is found in %System% | No |
| X | WinDLL (diem.exe) | rundll32.exe diem.exe,start | Added by the AKBOT.E WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "diem.exe" file is found in %System% | No |
| X | WinDLL (dlfksdld.exe) | rundll32.exe dlfksdld.exe,start | Detected by Kaspersky as the IRCBOT.BPM TROJAN! See here. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "dlfksdld.exe" file is found in %System% | No |
| X | WinDLL (jbi32.dll) | rundll32.exe jbi32.dll,start | Added by the AKBOT.E WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "jbi32.dll" file is found in %System% | No |
| X | WinDLL (lcass.exe) | rundll32.exe lcass.exe,start | Added by a variant of the IRCBOT BACKDOOR! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "lcass.exe" file is found in %System% | No |
| X | WinDLL (mysnlive.exe) | rundll32.exe mysnlive.exe,start | Added by a variant of the IRCBOT BACKDOOR! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "mysnlive.exe" file is found in %System% | No |
| X | WinDLL (ProsFix.exe) | ProsFix.exe | Added by a variant of the IRCBOT BACKDOOR! The "ProsFix.exe" file is found in %System% | No |
| X | WinDLL (qwex.dll) | rundll32.exe qwex.dll,start | Added by a variant of the IRCBOT BACKDOOR! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "qwex.dll" file is found in %System% | No |
| X | WinDLL (redyLive.exe) | rundll32.exe redyLive.exe,start | Added by a variant of the IRCBOT BACKDOOR! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "redyLive.exe" file is found in %System% | No |
| X | WinDLL (scvhost32.dll) | rundll32.exe scvhost32.dll,start | Added by the AKBOT.M WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "scvhost32.dll" file is found in %System% | No |
| X | WinDLL (service.exe) | service.exe | Detected by Kaspersky as the AGENT.BX WORM! See here. The "service.exe" file is found in %System% | No |
| X | WinDLL (slmss.exe) | rundll32.exe slmss.exe,start | Added by the AKBOT.AW WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "slmss.exe" file is found in %System% | No |
| X | WinDLL (slsass.exe) | rundll32.exe slsass.exe,start | Detected by Kaspersky as the AKBOT.E TROJAN! See here. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "slsass.exe" file is found in %System% | No |
| X | WinDLL (smaprnter.exe) | rundll32.exe smaprnter.exe,start | Added by a variant of the IRCBOT BACKDOOR! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "smaprnter.exe" file is found in %System% | No |
| X | WinDll (sslms.exe) | rundll32.exe sslms.exe,start | Added by the AKBOT-AS WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "sslms.exe" file is found in %System% | No |
| X | WinDLL (start0s.exe) | rundll32.exe start0s.exe,start | Added by a variant of the IRCBOT BACKDOOR! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "start0s.exe" file is found in %System% | No |
| X | WinDLL (steam.dll) | rundll32.exe steam.dll,start | Added by the AKBOT.M WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "steam.dll" file is found in %System% | No |
| X | WinDLL (svc.exe) | rundll32.exe svc.exe,start | Added by a variant of the IRCBOT BACKDOOR! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "svc.exe" file is found in %System% | No |
| X | WinDLL (svchost.dll) | rundll32.exe svchost.dll,start | Added by a variant of the IRCBOT BACKDOOR! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "svchost.dll" file is found in %System% | No |
| X | WinDLL (sysx32.dll) | rundll32.exe sysx32.dll,start | Added by a variant of the IRCBOT BACKDOOR! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "sysx32.dll" file is found in %System% | No |
| X | WinDLL (tepmlayer.exe) | rundll32.exe tepmlayer.exe,start | Added by a variant of the IRCBOT BACKDOOR! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "tepmlayer.exe" file is found in %System% | No |
| X | WinDLL (tmp.exe) | rundll32.exe tmp.exe,start | Detected by Kaspersky as the KOLAB.L WORM! See here. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "tmp.exe" file is found in %System% | No |
| X | WinDLL (tock24.dll) | rundll32.exe tock24.dll,start | Added by a variant of the IRCBOT BACKDOOR! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "tock24.dll" file is found in %System% | No |
| X | WinDLL (tqurity.exe) | rundll32.exe tqurity.exe,start | Added by a variant of the IRCBOT BACKDOOR! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "tqurity.exe" file is found in %System% | No |
| X | WinDLL (v4mon.dll) | rundll32.exe v4mon.dll,start | Added by a variant of the IRCBOT BACKDOOR! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "v4mon.dll" file is found in %System% | No |
| X | WinDLL (vdm32.dll) | rundll32.exe vdm32.dll,start | Added by a variant of the IRCBOT BACKDOOR! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "vdm32.dll" file is found in %System% | No |
| X | WinDLL (vxd32.dll) | rundll32.exe vxd32.dll,start | Added by the AKBOT.R WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "vxd32.dll" file is found in %System% | No |
| X | WinDLL (wchshield.exe) | rundll32.exe wchshield.exe,start | Added by a variant of the IRCBOT BACKDOOR! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "wchshield.exe" file is found in %System% | No |
| X | WinDLL (wimimi.exe) | rundll32.exe wimimi.exe,start | Added by a variant of the IRCBOT BACKDOOR! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "wimimi.exe" file is found in %System% | No |
| X | WinDLL (windns32.dll) | rundll32.exe windns32.dll,start | Detected by Kaspersky as the AKBOT.E WORM! See here. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "windns32.dll" file is found in %System% | No |
| X | WinDLL (wingatey32.exe) | rundll32.exe wingatey32.exe,start | Added by a variant of the IRCBOT BACKDOOR! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "wingatey32.exe" file is found in %System% | No |
| X | WinDLL (wintmp.exe) | rundll32.exe wintmp.exe,start | Detected by Kaspersky as the AKBOT.E BACKDOOR! See here. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "wintmp.exe" file is found in %System% | No |
| X | WinDLL (wsync32.dll) | rundll32.exe wsync32.dll,start | Added by a variant of the IRCBOT BACKDOOR! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "wsync32.dll" file is found in %System% | No |
| X | WinDLL (xvd32.dll) | rundll32.exe xvd32.dll,start | Added by a variant of the IRCBOT BACKDOOR! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "xvd32.dll" file is found in %System% | No |
| X | Windll.exe | Windll.exe | Added by the STEALER TROJAN! | No |
| X | Windll32 | Windll32.exe | Added by the MSNPWS TROJAN! | No |
| X | WinDll32 | _WIN32.EXE | Added by the LEGMIR.AQ TROJAN! | No |
| X | windllsys32.exe | windllsys32.exe | Added by a variant of the MITGLIE-A TROJAN! | No |
| X | WinDNS | windns32.exe | Added by the GAOBOT.WX WORM! | No |
| X | Windo Servic Agen | alirexe.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| X | Windo Servic Agent 32 | xagw.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| X | Windoes Kernel | kernel32.exe | Added by the KICKIN.A (or CYDOG.C) WORM! | No |
| X | Windos Seres Agnts | [worm filename].exe | Added by the RBOT-GUN WORM! | No |
| X | Window | explore.exe | Added by the GAOBOT.ADW WORM! | No |
| X | Window Loader | Dos32.exe | Added by the GAOBOT.AO WORM! | No |
| X | Window Monitor | winmon32.exe | Added by the SDBOT.RT WORM! | No |
| X | Window Msn Live Messanger | msnmsgsls.exe | Detected by Kaspersky as the RBOT.BJD WORM! See here | No |
| X | Window service | [random filename] | Added by the RBOT-ACH WORM! | No |
| X | Window upadate | pe2.exe | Added by a variant of the RBOT WORM! | No |
| U | Window Washer | wwDisp.exe | Window Washer from Webroot Software. Useful utility that deletes safe to remove files, cookies, browsing history, etc. Available via from Start -> Programs. Disable within the program options - otherwise it is re-enabled in MSCONFIG | No |
| X | window.exe | window.exe | Added by the MITGLIEDER.H or MITGLIEDER.J TROJANS! | No |
| X | window2 | ssvchost.exe | Added by the IRCBOT.H TROJAN! | No |
| U | WindowBlinds | wbload.exe | WindowBlinds from Stardock. Skin application to change the appearence on Windows desktops. Available as an individual download or as part of Object Desktop. Required to restore settings if you use it. Available via right-click on the Desktop -> Properties -> Skins | No |
| X | WindowEnhancer | Winex.exe | SCBar foistware variant | No |
| X | Windowfdgfds DasdLL Verifier | winupdatr.exe | Detected by Trend Micro as the AGOBOT.HZ WORM! See here | No |
| X | Windowfdgfds DasdLL Verifiew | [path to worm] | Added by the RBOT-GGX WORM! | No |
| X | Windowfdgfds DLL fgfdg Verifier | Windowsdldfglcheckkk.exe | Added by the RBOT.CSP WORM! | No |
| X | Windowfdgfds DLL fgfdg Verifier | winsecure.exe | Added by a variant of the RBOT WORM! | No |
| U | WindowFX | wfxload.exe | Stardock WindowFX - "Allows you to add an unprecedented number of special effects to windows" | No |
| X | windown | wiusyt.exe | Added by the QQPASS-M TROJAN! | No |
| X | WindowRegKey update | wins.exe | Added by the SPYBOT.I WORM! | No |
| X | Windows | Kernel32.exe | Added by the TENDOOLF.A WORM! | No |
| X | Windows | msdos98.exe | Added by the PWSTEAL TROJAN! | No |
| X | Windows | Windows.exe | Added by the KAZMOR.A, BOBBINS & ALADINZ.D TROJANS! | No |
| X | Windows | explorer.exe | Added by the POEBOT-J WORM! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System% | No |
| X | windows | [path to trojan] | Added by the AIMWIN TROJAN! | No |
| X | windows | hkey.exe | Added by the GAOBOT.AFW WORM! | No |
| X | windows | system copy.exe | Added by the SALGA.A WORM! | No |
| X | Windows | gearsec.exe | Added by the STUBBOT-B WORM! | No |
| X | Windows | run.exe | Added by the SPYBOT.OFN WORM! | No |
| X | Windows | system.exe | Added by the SPYBOT.OBB WORM! | No |
| X | WINDOWS | windows.exe | Added by the MONBOT-A TROJAN! | No |
| X | Windows | services.exe | Added by the SOBER-Z WORM! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! ! This file is located in a "WinSecurity" subfolder of the Windows or Winnt folder | No |
| X | WINDOWS | jif.exe | Added by the MYTOB.MK WORM! | No |
| X | windows | iexplore.exe | Added by the RBOT-UM WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System% | No |
| X | Windows | services.exe | Added by the DLOADR-GW TROJAN! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "Windows" subfolder | No |
| X | Windows | smss.exe | Added by the BANCBAN-QF TROJAN! Note - this is not the legitimate smss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder | No |
| X | windows | svchost.exe | Added by the SLOMIRC-A WORM! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder | No |
| X | WINDOWS | ymssgr.exe | Added by the BCKDR-PS BACKDOOR! Note - deactivates the Microsoft\Internet Connection Firewall (ICF) | No |
| X | Windows | taskmngr.exe | Added by a variant of the SDBOT WORM! | No |
| X | Windows | Cfreer.exe | Added by the CULLER-C WORM! | No |
| X | Windows | Zser.exe | Added by the CULLER-D WORM! | No |
| X | Windows | spoovlss.exe | Added by an unidentified WORM or TROJAN! See here | No |
| U | Windows & Internet Cleaner Pro | WICleaner.exe | Windows & Internet Cleaner Pro - "Powerful and easy to use internet surfing privacy protection & PC security software" | No |
| X | Windows (ICS) Spooler | crtss.exe | Added by a variant of the RBOT WORM! | No |
| X | Windows (random character) | diskcheck.exe | Added by the SINGU.B TROJAN! | No |
| X | Windows .Net Manager | localsvc.exe | Added by the DLOADER-NY TROJAN! | No |
| X | Windows .Net Manager | netsvc.exe | Added by the DLOADER-NY TROJAN! | No |
| X | Windows .Net Manager | spoolsvc.exe | Added by the DLOADER-NY TROJAN! | No |
| X | Windows .Net Manager | svcadmin.exe | Added by the DLOADER-NY TROJAN! | No |
| X | Windows .Net Manager | svcman.exe | Added by the DLOADER-NY TROJAN! | No |
| X | Windows .Net Manager | svcrun.exe | Added by the DLOADER-NY TROJAN! | No |
| X | Windows .Net Manager | tcpsvc.exe | Added by the DLOADER-NY TROJAN! | No |
| X | Windows .Net Manager | websvc.exe | Added by the DLOADER-NY TROJAN! | No |
| X | Windows 128 Module | win128.exe | Added by the FORBOT-ES WORM! | No |
| X | Windows 2004 | csrss.exe | Added by the BANKER-DY TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %ProgramFiles%\Windows 2004\Tools | No |
| X | Windows 32 Editor | Win32edit.exe | Added by the WOOTBOT.GQ WORM! | No |
| X | Windows 32 Rescue | win32resc.exe | Added by the FORBOT-EU WORM! | No |
| X | Windows 32 Update | Windows-Update.exe | Added by a variant of the RBOT WORM! | No |
| X | Windows 32-bit DLL Integrity Verifier | dllrun.exe | Added by Remote Storm - a remote control tool that is a network application that allows users to manage and control PCs or networks from a remote location | No |
| U | Windows Accelerators | setup.exe | KeySpy keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| X | Windows Account Alternation | wauclt.exe | Added by a variant of the IRCBOT TROJAN! See here | No |
| X | Windows Acer Service | acersv.exe | Detected by PCTools as the IRCBOT.YFQ BACKDOOR! See here | No |
| X | Windows Action | csrs.exe | Added by the SECCMU-A WORM! | No |
| X | Windows Activate System | syssv.exe | Added by a variant of the SPYBOT WORM! | No |
| X | Windows AdControl | WinAdCtl.exe | Windupdates adware variant | No |
| X | Windows AdService | WinAdServ.exe | Windupdates adware variant | No |
| X | Windows AdStatus | WinStat.exe | Added by the BLESHARE!DR VIRUS! | No |
| X | Windows AdTools | WinAdTools.exe | Windupdates adware variant | No |
| X | Windows Anti Verifier | Windows-Anti.exe | Added by the RBOT.ETT WORM! | No |
| X | Windows Anti Virus Control Center | avrscan.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| X | Windows Anti Virus Control Center | winavscan.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| X | Windows Anti-Virus Built 32 | AntiVirus32.exe | Added by the SDBOT-BG WORM! | No |
| X | Windows APCI Verifier | dhcpserv.exe | Added by the RBOT-FON WORM! Note - Disables the automatic startup of other software and deactivates the Microsoft Internet Connection Firewall (ICF) | No |
| X | Windows API Control Task | apitsk32.exe | Added by the MYTOB.HI WORM! | No |
| X | Windows Application Layer | walg32.exe | Added by the AGOBOT.ATN WORM! | No |
| X | Windows Application Layer Gateway | walg32.exe | Added by the AGOBOT-AAZ WORM! | No |
| X | Windows ARP Detectionc | nvudlsp.exe | Detected by Kaspersky as the AGENT.LMW BACKDOOR! See here | No |
| X | Windows ARP Detectionc | winlogon.exe | Detected by Trend Micro as the RBOT.EAB WORM! See here. Note - this is not the legitimate winlogon.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | Windows ARP Detectioncx | winlogon.exe | Added by a variant of the IRCBOT BACKDOOR! Note - this is not the legitimate winlogon.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! | No |
| X | Windows ASN Service | rge.exe | Added by the RBOT-AOK WORM! | No |
| X | Windows ASN Service | [random filename] | Added by the AGOBOT-TC WORM! | No |
| X | Windows Audio Components | nncsvc.exe | Added by a variant of the IRCBOT TROJAN! See here | No |
| X | Windows Audio Control | ppnsvc.exe | Added by the HAM TROJAN! | No |
| X | Windows Audio Layer | narsvc.exe | Detected by Trend Micro as the IRCBOT.AFT TROJAN! See here | No |
| X | Windows Audio Panel | nppsvc.exe | Added by a variant of the IRCBOT TROJAN! See here | No |
| X | Windows Audio Startup | nndsvc.exe | Added by the IRCBOT-AAE TROJAN! | No |
| X | Windows Audio System | nndsvc.exe | Added by a variant of the IRCBOT TROJAN! See here | No |
| X | Windows Authority Service | lsass.exe | Added by the KALEL-E WORM! Note - this is not the legitimate lsass.exe process which should not normally figure in Msconfig/Startup! | No |
| X | windows auto update | msblast.exe | Added by the BLASTER.B WORM! | No |
| X | windows auto update | penis32.exe | Added by the BLASTER (or MSBLAST.A) WORM! | No |
| X | Windows Auto Update | winupdater.exe | Added by the SDBOT.TF WORM! | No |
| X | Windows auto update | bazzi.exe | Added by the AHKER.E WORM! | No |
| X | Windows auto update | LSASS.exe | Added by the AHKER.G WORM! Note - this is not the legitimate lsass.exe process, which should not appear in Msconfig/Startup! | No |
| X | Windows Auto Updater | WINDOWSUPDATE.EXE | Added by the SDBOT.PB WORM! Note that there is a space at the beginning of the filename, ie, " WINDOWSUPDATE.EXE" | No |
| X | Windows Automatic Update | wuamgrder.exe | Added by a variant of the RBOT WORM! | No |
| X | Windows Automatic Updater | windrg.exe | Added by a variant of the RBOT WORM! | No |
| X | Windows Automatic Updates | dvldr.exe | Added by the RBOT.MF WORM! | No |
| X | Windows Automatical Updater | dcz.exe | Added by the RBOT.CXS WORM! | No |
| X | Windows AutomaticUpdater | runddls.exe | Added by a variant of the RBOT WORM! | No |
| X | windows automation | mslaugh.exe | Added by the BLASTER.E WORM! | No |
| X | Windows Automation | msdspr.exe | Added by the SOLAME.A WORM! | No |
| X | Windows Autostart Loader | notepad32.exe | Added by a variant of the RBOT WORM! | No |
| X | Windows Ba?lang?? Dosyas? | sistem.exe | Added by the MUZK WORM! | No |
| X | Windows backup | systemss.exe | Added by a variant of the SPYBOT WORM! | No |
| X | Windows Backup Configuration | IEXPLORER.exe | Added by the GAOBOT.AZ WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) | No |
| X | Windows Boot | winboot.exe | Added by the AGENT.HBD TROJAN! | No |
| X | Windows Boot | windowsboot.exe | Added by the IRCBOT.AZT BACKDOOR! | No |
| X | Windows Booter | winboot.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | Windows Booter! | winbooter.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Windows Bootup | ms-wks32.exe | Added by the RBOT-AFM WORM! | No |
| X | Windows Bootup | Systemwks32.exe | Added by a variant of the RBOT WORM! | No |
| X | Windows Bootup | task-mngr.exe | Added by the RBOT-AWP WORM! | No |
| X | Windows Browser Services | browser128.exe | Added by a variant of the IRCBOT TROJAN! See here | No |
| X | Windows Browser Services | browser32.exe | Added by a variant of the IRCBOT TROJAN! See here | No |
| X | Windows Browser Services | browser64.exe | Added by a variant of the IRCBOT TROJAN! See here | No |
| X | Windows Browser Services | Browsr32.exe | Detected by Kaspersky as the IRCBOT.BUR TROJAN! See here | No |
| X | Windows Browser Services | browsr64.exe | Added by a variant of the IRCBOT TROJAN! See here | No |
| X | Windows bypass security SMSS Service | SbiCvy.exe | Added by the RBOT-GRF WORM! | No |
| X | Windows Clean-Up Pro | WINDOWS CLEAN-UP PRO.Exe | Windows Clean-Up Pro spyware remover - not recommended, see here | No |
| X | Windows Cleaner Service | winclean.exe | Added by a variant of the IRCBOT TROJAN! See here | No |
| X | Windows Client Service 32 | csrss.exe | Added by the RBOT-ALB WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a drivers\winsdriver subfolder | No |
| X | Windows Client/Server Runtime Server | csrs.exe | Added by the RBOT.KD WORM! | No |
| X | Windows CODE Fix Msy Startups | msyh32.exe | Added by the AGOBOT.AKK WORM! | No |
| X | Windows Command | wincmd.exe | Added by the RBOT.ANV WORM! | No |
| X | Windows Communicator | wincomm.exe | Added by the AGOBOT-BH WORM! | No |
| X | Windows Communicator for NT/XP | osndyrn.exe | Added by the SDBOT-CPK WORM! Note - can terminate AV related processes | No |
| X | Windows Compliant | [random filename] | Added by the RBOT-IR WORM! | No |
| X | Windows Computer Browser | bcwsvc.exe | Added by a variant of the IRCBOT TROJAN! See here | No |
| X | Windows Conf | windowsconf.exe | Added by a variant of the IRCBOT TROJAN! See here | No |
| X | Windows Config | SSYS.EXE | Added by the SPYBOT-DA WORM! | No |
| X | Windows Config | wins.exe | Added by the SPYBOT.JR WORM! | No |
| X | Windows Config | RUNDLL.EXE | Added by the SPYBOT-DX WORM! Note - this is not the Windows system file of the same name as described here | No |
| X | Windows Config | pvphost.exe | Added by a variant of the SLAPER TROJAN! | No |
| X | Windows Config | winconfig.exe | Detected by Trend Micro as the IRCBOT.BAP BACKDOOR! See here | No |
| X | Windows Config Connection | msicll.exe | Added by the RBOT-EXQ WORM! | No |
| X | Windows Config Loader | Wincfg32.exe | Added by the SILVERFTP TROJAN! | No |
| X | Windows Config Manager | winconf.exe | Added by the RBOT-AIT WORM! | No |
| X | Windows Config System | config.exe | Added by a variant of the SDBOT WORM! | No |
| X | Windows Configuration | wsys32.exe | Added by the GAOBOT.FB WORM! | No |
| X | Windows Configuration | wincfg32.exe | Added by the MYTOB.ED WORM! | No |
| X | Windows Configuration Loader | asclt.exe | Added by the SDBOT-OA WORM! | No |
| X | Windows Configuration Utility | winxupdate.exe | Added by the AGOBOT.LW WORM! | No |
| X | Windows Configurator | winconf.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | Windows connection manager | Internet.exe | Added by the RBOT-APN WORM! Note - file is found in the Windows or Winnt folder. Make sure you check the link on this one, it copies it's self under three other file names and folder locations | No |
| X | Windows Console | wkssvc.exe | Added by the SDBOT-DJX WORM! | No |
| X | Windows Console Component | wrasvc.exe | Added by a variant of the IRCBOT TROJAN! See here | No |
| X | Windows Console Monitor | [path to worm] | Added by the KEDEBE WORM! | No |
| X | Windows Console Monitor | gcasAV32.exe | Added by the KEDEBE-A WORM! | No |
| X | Windows Console Norms | wnbsvc.exe | Added by a variant of the IRCBOT TROJAN! See here | No |
| X | Windows Console Source | wnbsvc.exe | Added by a variant of the IRCBOT TROJAN! See here | No |
| X | Windows Control | Control.exe | Browser hijacker. NOTE - On Win9x systems it will overwrite the Windows file of the same name in the Windows directory, so therefore it will be necessary to extract a fresh copy of the file from the Windows setup cabs! | No |
| X | Windows ControlAd | WinCtlAd.exe | Windupdates adware variant | No |
| X | Windows Core Kernel Update | win32bootcfg.exe | Added by the RANCK-EL TROJAN! | No |
| X | Windows CPU host | winbog32.exe | Added by a variant of the RBOT WORM! | No |
| X | Windows Critical Alert | wincrt.exe | Added by the ALEDO-A TROJAN! | No |
| X | Windows Custom Services | CSRCS.EXE | Added by the SPYBOT-EI WORM! | No |
| X | Windows Data Server | autodisc.exe | Added by the SPYBOT-CB WORM! | No |
| X | Windows Data Server | [random name].exe | Added by the SPYBOT-DS WORM! | No |
| X | Windows Database | WinDat.exe | Added by an unidentified WORM or TROJAN! | No |
| X | Windows Database | wiinsvc.exe | Added by the AGOBOT-RU WORM! | No |
| X | Windows Dcom2 Fix | mscom32.exe | Added by the RBOT-QT WORM! | No |
| X | Windows DDE Loader | windde32.exe | Added by the SDBOT-UZ WORM! | No |
| X | Windows debug logging | winlogg.exe | Added by the RBOT-OY WORM! | No |
| X | Windows debug logging | winloggs.exe | Added by the RBOT-QN WORM! | No |
| X | Windows Debugger | windbg.exe | Added by an unidentified VIRUS, WORM or TROJAN! | No |
| X | Windows Debugger | msdbg32.exe | Added by a variant of the RBOT WORM! | No |
| X | Windows Debugger | windbg32.exe | Added by the ZOTOB.L WORM! | No |
| X | Windows Debugging Tools | updatecfg.exe | Added by the RBOT-AXU WORM! | No |
| X | Windows Default Configuration | svchost.exe | Added by the DLOADER-U TROJAN! Note - this is not the legitimate svchost.exe process which should not normally figure in Msconfig/Startup! | No |
| X | Windows Default Server | wfdmgrsp.exe | Detected by Kaspersky as the IRCBOT.BCX TROJAN! See here | No |
| X | Windows Default Server | winampa.exe | Added by the IRCBOT.AUN WORM! Note - this is NOT associated with the popular Winamp media player. The valid file for the Winamp Agent resides in a "Winamp" subdirectory of the Program Files directory | No |
| Y | Windows Defender | MSASCui.exe | Main user interface for Microsoft's Windows Defender - which "helps protect your computer against pop-ups, slow performance, and security threats caused by spyware and other unwanted software by detecting and removing known spyware from your computer". Used in conjuction with the associated service, this entry is always running and the user also has the option to always display the System Tray icon and monitor/control new startup programs | Yes |
| X | Windows Defender | wdc*.exe | Added by a variant of the FakeAlert TROJAN! This infection displays fake Windows Defender alerts which link to spyware-kicker.com | No |
| X | Windows Defender Adds | wda*.exe | Added by a variant of the FakeAlert TROJAN! This infection displays fake Windows Defender alerts which link to spyware-kicker.com | No |
| X | Windows Defender Monitor | wdm*.exe | Added by a variant of the FakeAlert TROJAN! This infection displays fake Windows Defender alerts which link to spyware-kicker.com | No |
| X | Windows Defender Updater | wdu*.exe | Added by a variant of the FakeAlert TROJAN! This infection displays fake Windows Defender alerts which link to spyware-kicker.com | No |
| X | WINDOWS DENEME | deneme.exe | Added by the MYTOB-CR WORM! | No |
| X | Windows Desktop Controler | windesktop.exe | Added by the SDBOT-XH WORM! | No |
| X | Windows Desktop Daemon | winpadg.exe | Added by a variant of the SPYBOT WORM! | No |
| U | Windows Desktop Search | WindowsSearch.exe | Windows Desktop Search from Microsoft | No |
| X | Windows Dialup Service | dialup.exe | Added by the AGOBOT.AAH WORM! | No |
| X | Windows Disk Defragmenter | wpabaln32.exe | Added by the BANCOS-ASJ TROJAN! | No |
| X | Windows Disk Manager | cmnvc.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | Windows Display Coupler | display.exe | Added by the IRCBOT-YS TROJAN! | No |
| X | Windows DLL host | winupd32.exe | Added by a variant of the SPYBOT WORM! | No |
| X | Windows DLL Host | dllhost32.exe | Added by an unidentified WORM or TROJAN! | No |
| X | Windows DLL Loader | RUNDLL16.EXE | Added by the DOMWIS TROJAN! | No |
| X | Windows DLL Loader | defragfat32z.exe | Added by the LINKBOT.A WORM! | No |
| X | Windows DLL Loader | rundll32.exe | Added by the WHIPSER-B WORM! Note - this is not the legitimate rundll32.exe process | No |
| X | Windows DLL Loader | defragfat32pi.exe | Added by the RBOT-QQ WORM! | No |
| X | Windows DLL Loader | defragfat39.exe | Added by the POEBOT-C WORM! | No |
| X | Windows DLL Loader | defragfatz.exe | Added by the LINKBOT.H WORM! | No |
| X | Windows DLL Loader | defragfat32.exe | Added by the SDBOT-SS WORM! | No |
| X | Windows DLL Loader | defragfat32abc.exe | Added by the RBOT-RG WORM! | No |
| X | Windows DLL Loader | wdevice.exe | Added by a variant of the SDBOT WORM! | No |
| X | Windows DLL Loader | SYSCFG16.EXE | Added by the DOMWIS-N WORM! | No |
| X | Windows DLL Loader | WINCFG32.EXE | Added by the AGOBOT-TE WORM! | No |
| X | Windows DLL Services | winsvc32.exe | Added by the RBOT-ZF WORM! | No |
| X | Windows DLL Services | svchost.exe | AGENT.H spyware. Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! | No |
| X | Windows DLL Services | system.exe | AGENT.H spyware | No |
| X | Windows DLL Tracker | spoolsrv.exe | Added by a variant of the WOOTBOT WORM! | No |
| X | Windows DLL Verifier | xptl.exe | Added by a variant of the RBOT WORM! | No |
| X | Windows DLL Verifier | windlls.exe | Added by the RBOT-AZQ WORM! | No |
| X | Windows DNS | windns.exe | Added by the SDBOT-XU WORM! | No |
| X | Windows DNS Daemon | windnsd.exe | Added by the WOOTBOT.AS WORM! | No |
| X | Windows Domain Name Drivers | windns.exe | Added by the FORBOT-EP WORM! | No |
| X | Windows DOS | dosw.exe | Added by the SALAY-A WORM! | No |
| X | Windows DotFix live | msdotfix.exe | Added by the IRCBOT.XGK BACKDOOR! | No |
| X | Windows Download Manager | windlmngr.exe | Added by an unidentified TROJAN! | No |
| X | Windows Drive Compatibility | System32Driver32.exe | Added by the SUPOVA.Z WORM! | No |
| X | Windows Driver | winxpdriver.exe | Added by the WOOTBOT.EE WORM! | No |
| X | Windows Driver | windrive.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Windows Driver Adapter | svchost.exe | Added by the ANTINNY-K WORM! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in a "drivers" subfolder | No |
| X | Windows Driver Foundation | MTVSCMXT.EXE | Added by a variant of the RBOT WORM! | No |
| X | Windows Driver Services | msdrvs32.exe | Added by the WOOTBOT.L WORM! | No |
| X | Windows Driver Sup | windvrhost.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Windows Driver! | windriver.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Windows Drivers | ssms.exe | Added by the RBOT-AT WORM! | No |
| X | Windows drivers update | windowsupdate.exe | Added by the RBOT-ACE WORM! | No |
| X | Windows Dynamic Loading Header | winDLL32.exe | Added by a variant of the SDBOT WORM! | No |
| X | Windows Email Server | wmserv.exe | Added by the FOUNDU-AWORM! | No |
| X | Windows Essensials | mvnesc.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | Windows Event Detection | wecsvc.exe | Added by a variant of the IRCBOT TROJAN! See here | No |
| X | Windows Event Provider | wposvc.exe | Added by a variant of the IRCBOT TROJAN! See here | No |
| X | Windows Event Section | sntsvc.exe | Added by a variant of the IRCBOT TROJAN! See here | No |
| X | Windows Event Service | winserv.exe | Detected by Kaspersky as the SDBOT.XD TROJAN! See here | No |
| X | Windows Executable | winmys.exe | Added by the RBOT-ABO WORM! | No |
| X | Windows Executer | bling.exe | Added by the SDBOT-DFT WORM! | No |
| X | Windows Executer | svchostie.exe | Detected by Kaspersky as the EGGDROP.V BACKDOOR! See here | No |
| X | Windows ExpIorer | [random filename] | Added by the RBOT-AKO WORM! | No |
| X | Windows Explorer | [filename].exe | Added by the SDBOT TROJAN! | No |
| X | Windows Explorer | Lsas.exe | Added by the GAOBOT.AO WORM! | No |
| X | Windows Explorer | olecom32.exe | Added by an unidentified WORM or TROJAN! | No |
| X | Windows Explorer | EEXPLORER.EXE | Added by a variant of the SPYBOT WORM! | No |
| X | Windows Explorer | explorer.exe | Added by the POEBOT-J WORM! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System% | No |
| X | Windows Explorer | explorer.pif | Added by the RBOT-AID WORM! | No |
| X | Windows Explorer | system32.exe | Added by the RBOT-AJH WORM! | No |
| X | Windows Explorer | explorer32.exe | Added by a variant of the SDBOT WORM! | No |
| X | Windows Explorer | Windows Explorer.EXE | Added by the VB-EBA WORM! | No |
| X | Windows Explorer Services | exploresys.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Windows Explorer Shell | Winexec32.exe | Added by the REDIST.B WORM! | No |
| X | Windows Explorer SP2 | csrss.exe | Added by the BANKER-DM TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "JavaBeans" subfolder | No |
| X | Windows Explorer Update Build 1142 | EXPLORER32.EXE | Added by the KaZaA based KWBOT or KWBOT.Y WORMS! | No |
| X | Windows Explorer-3212 | WINRE16.EXE | Added by the HARDOC WORM! | No |
| X | Windows Explorer.exe | Explorer.exe | Added by the FALTER-A TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System% | No |
| X | Windows Express | pci32b.exe | Detected by PCTools as the BUZUS.C TROJAN! See here | No |
| X | Windows Extensions for Win32 | winprgs32.exe | Added by the SDBOT.AFA WORM! | No |
| N | Windows Eyes | ?? | For blind people, gives a voice description of items on the screen. Windows application which gives you total control over what you hear, when you hear it, and how you hear it. Available via Start -> Programs | No |
| X | Windows FAT 32 | WINFAT32B.exe | Added by the SPYBOT-AGT WORM! | No |
| X | Windows File Protection | winprotect.exe | Added by the AGOBOT.JB WORM! | No |
| X | Windows File System Frame | ntframe.exe | Added by an unidentified WORM or TROJAN! | No |
| X | Windows File Verification Service | wfvs.exe | Added by the RANKY.AC TROJAN! | No |
| X | Windows File XP Manager | wfdmgr.exe | Added by the SDBOT.XD TROJAN! | No |
| X | Windows FileSharing Service | mcwsvc.exe | Detected by Trend Micro as the IRCBOT.AJF TROJAN! See here | No |
| X | Windows Firewal | Lsess.exe | Added by a variant of the RBOT WORM! | No |
| X | Windows Firewall | WindowsFirewall.exe | Added by the MYTOB.AO WORM! | No |
| X | Windows Firewall | svchost.exe | Added by the PROXY-HT TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder | No |
| X | Windows Firewall | ipservice32.exe | Added by a variant of the RBOT WORM! | No |
| X | Windows Firewall | rundll32.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| X | Windows Firewall Log | winlog.exe | Added by an unidentified WORM or TROJAN! | No |
| X | Windows Firewall Manager | msfw.exe | Added by the RBOT.WR WORM! | No |
| X | Windows firewall manager | chh.exe | Added by a variant of the RANDEX.GEL WORM! | No |
| X | Windows firewall manager | msguard.exe | Added by a variant of the RANDEX.GEL WORM! | No |
| X | Windows Firewall Service | wfsvc.exe | Added by the IRCBOT-YL WORM! | No |
| X | Windows Firewall Updater | updatees.exe | Added by the RBOT-GX WORM! | No |
| X | Windows Firewall Updater | cronos.exe | Added by the RBOT-GBY WORM! | No |
| X | Windows Firewall Updater | ctfcom.exe | Added by the RBOT-GCB WORM! | No |
| X | Windows Firewalll | scvhost.exe | Added by the RBOT-EK WORM! | No |
| X | Windows Firewalll | sphost.exe | Added by a variant of the RBOT WORM! | No |
| X | Windows Firewalll | svvhost.exe | Added by a variant of the RBOT WORM! | No |
| X | Windows Firewalll | winmu.exe | Added by a variant of the RBOT WORM! | No |
| X | Windows Fix | integator.exe | Added by the SDBOT.ZAB WORM! | No |
| X | Windows Fixes Systems | elite.exe | Added by the MYTOB.EG WORM! | No |
| X | Windows FormatAd | WinForm.exe | Windupdates adware variant | No |
| X | Windows Frame Works | frmwrks32.exe | Added by a variant of the RBOT WORM! | No |
| X | Windows Framework | frmwrk.exe | Added by the DWNLDR-GWV TROJAN! | No |
| X | WINDOWS FUCK BY CLASIC | fuck.exe | Added by the ZOTOB.H or ZOTOB.J WORMS! | No |
| X | Windows Gamma Display | wingamma.exe | Antivirus 2010 rogue security software - not recommended, removal instructions here | No |
| X | Windows Generic Proc | procmsg.exe | Added by the ALLIM.B WORM! | No |
| X | Windows Genuine | svghost.exe | Added by a variant of the SPYBOT WORM! See here | No |
| X | Windows Genuine Validate | winservicessss.exe | Detected by PCTools as the IRCBOT.UUI BACKDOOR! See here | No |
| X | Windows Global Init | ngpsvc.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Windows GMT32 | wingmt32.exe | Added by the MYTOB.KM WORM! | No |
| X | Windows Graphics Loaders | wingraphics.exe | Added by the SPYBOT.JG WORM! | No |
| X | Windows Guard | WAUMGRD.EXE | Added by the RBOT-GY WORM! | No |
| U | Windows Guardian | thehel1iawgrd32.exe | Part of First Aid by Cybermedia who were subsequently bought by McAfee (Network Associates). Protects your Windows system from application failure and crashes | No |
| U | Windows Guardian | Fawgrd32.exe | Part of First Aid by Cybermedia who were subsequently bought by McAfee (Network Associates). Protects your Windows system from application failure and crashes | No |
| X | Windows haz Layer | [5 random letters].exe | Added by a variant of the RBOT WORM! | No |
| X | Windows Help | mailinfo.exe | Added by the MYTOB.JX WORM! | No |
| X | Windows Help File | winhelper32.exe | Added by the SDBOT-QK TROJAN! | No |
| X | Windows Help Manager | svchost32.exe | Added by the RBOT-OZ WORM! | No |
| X | Windows Help Service | winhelpsv.exe | Added by the RBOT-LP WORM! | No |
| X | Windows Help Service | winhlp.pif | Added by the RBOT-AKW WORM! | No |
| ? | Windows Help System | Help.pif | ?? | No |
| X | Windows Helper | winhelp.exe | Detected by Kaspersky as the BANKER.APE TROJAN! See here | No |
| X | Windows Helper | wsctnfy.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Windows Hijack Protection | comngr.exe | Added by the AGENT-FYD TROJAN! | No |
| X | Windows Hijack Protection System | commngr.exe | Added by a variant of the AGENT-FYD TROJAN! | No |
| X | Windows his Layer | pilotGame.exe | Added by the RBOT.GLX WORM! | No |
| X | Windows Host | hosts.exe | Added by the KELVIR.U WORM! | No |
| X | Windows Host | winhost.exe | Added by the PRYSAT TROJAN! | No |
| X | Windows Host Booter | hostbooter.exe | Added by an unidentified WORM or TROJAN! See here | No |
| X | Windows Host Device | hostsvc.exe | Added by the ZOOTY-A WORM! | No |
| X | Windows Host Name | lmass.exe | Added by the GAOBOT.O WORM! | No |
| X | Windows Host Service | scvhosts.exe | Added by the SPYBOT.NLI WORM! | No |
| X | Windows Host Service | host.exe | Added by the KELVIR.AN WORM! | No |
| X | Windows Host Service | svchoste.exe | Added by the KELVIR.BF WORM! | No |
| X | Windows Host Service | svchosts32.exe | Added by the KELVIR.AW WORM! | No |
| X | Windows Host32 Starter | hostserv.exe | Added by the SDBOT-WU WORM! | No |
| X | Windows Hosts | hosts.exe | Added by the KELVIR-O TROJAN! | No |
| X | Windows Hosts | winhosts.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | Windows HP Drivers | hpdmws.exe | Added by the SDBOT.AQU WORM! | No |
| X | Windows HTML file reader | Sysconf32.exe | Added by the NOOMY.A WORM! | No |
| X | Windows HTTP services | winhttps.exe | Added by a variant of the SDBOT WORM! See here | No |
| X | Windows Icons Manager | wicomgr.exe | Added by the RBOT-AIF WORM! | No |
| X | WINDOWS ID SYSTEM | wID32.exe | Added by the MYTOB.LN WORM! | No |
| X | Windows Identify | sysays.exe | Added by a variant of the SPYBOT WORM! See here | No |
| X | Windows Image | wintimage.exe | Detected by Avast as the SDBOT-GEN44 WORM! | No |
| X | Windows Image Acquisition (WIASC) | WIAcs.exe | Added by the RIZO.A TROJAN! | No |
| X | Windows Image Acquisition (WIASSC) | WIAcss.exe | Added by the RIZO.A TROJAN! | No |
| X | Windows iMessenger Messenger | winimsg.exe | Added by the ALLIM.A WORM! | No |
| X | Windows Incontext | InSearch.exe | PacerD_Media/Pacimedia.com/Z-Quest adware installer | No |
| X | Windows Insecure | [path to worm] | Added by the RBOT-FSM WORM! | No |
| X | Windows installer | winstall.exe | SpySheriff malware. For more information on registry key changes see SPYWAD-E | No |
| X | Windows Installer | ntdll.exe | Added by an unidentified WORM or TROJAN! | No |
| X | Windows Installer 1 | msnconfig.exe | Added by the PURITYSCN.B TROJAN! | No |
| X | Windows Instruction Services | winstruct32.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Windows Internet Browser Services | internet.exe | Added by a variant of the IRCBOT TROJAN! See here | No |
| X | Windows Internet Browser Services | internet128.exe | Added by a variant of the IRCBOT TROJAN! See here | No |
| X | Windows Internet Browser Services | internet32.exe | Added by a variant of the IRCBOT TROJAN! See here | No |
| X | Windows Internet Browser Services | internet64.exe | Added by a variant of the IRCBOT TROJAN! See here | No |
| X | Windows Internet Explorer 6 | firefox.exe | Added by the SPYBOT.ANA WORM! Note - this is not the Mozilla Firefox web browser which is always located in %ProgramFiles%\Mozilla Firefox. This file is found in %System% | No |
| X | Windows Internet Manager | svchost.exe | Added by a variant of the IRCBOT TROJAN! See here. Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder | No |
| X | Windows Internet Protocol | winproc32.exe | CoolWebSearch Winproc32 parasite variant - also detected as the STARTPA-BF TROJAN! | No |
| X | Windows Internet Protocol | deinst_qfe001.exe | Added by a variant of the Win32.Small TROJAN! | No |
| X | Windows Internet Service | wininet.exe | Added by the RBOT-AUX WORM! | No |
| U | Windows IP Security | ipsec.exe | Related to the VPN IPSec utility - used to create Security Policy (SP) entries and Security Association (SA) entries in the kernel | No |
| X | Windows IP Security Service | ipsecs.exe | Added by the RBOT.BPW WORM! | No |
| X | Windows IPv6 Drivers | wipv6.exe | Added by the SDBOT-VJ WORM! | No |
| X | Windows Java Update | weatherBug32.exe | Added by a variant of the RBOT WORM! | No |
| X | Windows JavaScript Daemon | Winjsd.exe | Added by the WOOTBOT.AF WORM! | No |
| X | Windows Kernel 64 | kernal64.exe | Added by the YIMP-B WORM! | No |
| X | Windows Kernel System Service | wkssvr.exe | Added by a variant of the RANDEX.GEL WORM! | No |
| X | Windows kev Messenger | mskev.exe | Added by the SDBOT-XV WORM! | No |
| X | Windows Keyboard Services | winkeyboard.exe | Detected by Trend Micro as the IRCBOT.AFS WORM! See here | No |
| X | Windows Keyboard Services | winkeybrd.exe | Added by a variant of the IRCBOT TROJAN! See here | No |
| X | Windows Keyboard Services | winkeybrd32.exe | Added by a variant of the IRCBOT TROJAN! See here | No |
| X | Windows Live | msgnms.exe | Detected by Trend Micro as the XPACK.AV TROJAN! See here | No |
| X | Windows Live Care.exe | WindowsLiveCare.exe | Added by unidentfied MALWARE - see here! Do not confuse with Microsoft's Windows Live OneCare security software which is found in %ProgramFiles%\Microsoft Windows OneCare Live. This one is found in %System% and runs from both the HKLM\Run & HKLM\RunServices registry keys | No |
| X | Windows Live Client | msnclient.exe | Added by a variant of the IRCBOT TROJAN! See here | No |
| X | Windows Live Manager | winlivemgr.exe | Detected by Trend Micro as the SHEUR.EB WORM! See here | No |
| X | Windows Live Messages | msgnlive.exe | Detected by Trend Micro as the AGENT.AYH WORM! See here | No |
| X | Windows Live Messenger | msnmsgr.exe | Added by a variant of the RBOT WORM! Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %System% | No |
| X | Windows live Messenger | msn.com | Added by the IRCBOT-AAV WORM! | No |
| X | Windows Live Messenger | msnlive.exe | Detected by Kaspersky as the RBOT.BMV TROJAN! See here | No |
| X | Windows Live Messenger Addon | wllivemsngr.exe | Added by a variant of the SDBOT WORM! See here | No |
| X | Windows Live Messenger Servicer | msmgslive.exe | Added by a variant of the IRCBOT TROJAN! See here | No |
| X | Windows Live Messenger Services | msgrlive.exe | Added by a variant of the IRCBOT TROJAN! See here | No |
| X | Windows Live Messenger! | livemsngr.exe | Added by the IRCBOT.AWE BACKDOOR! | No |
| X | Windows Live Messenger! | msgrlive.exe | Added by a variant of the IRCBOT TROJAN! See here | No |
| X | Windows Live Msgs | wlivemsg.exe | Added by a variant of the IRCBOT TROJAN! See here | No |
| X | Windows Live Msgs! | wlivemsgs.exe | Added by a variant of the IRCBOT TROJAN! See here | No |
| X | Windows Live Service | msnlive.exe | Added by a variant of the IRCBOT TROJAN! See here | No |
| X | Windows Live Servicer | usrserv.exe | Added by the SMALL.LU BACKDOOR! | No |
| X | Windows live Support | wlmsngr.exe | Added by the RBOT-BKL WORM! | No |
| ? | Windows Load | windows.com | ?? | No |
| X | Windows Loader | wstart32.exe | Added by the GAOBOT.CA WORM! | No |
| X | Windows Loader | winServices.pif | Detected by Kaspersky as the CARDSPY.D TROJAN! | No |
| X | Windows Loader | SysUpdate.exe | Added by a variant of the SDBOT WORM! | No |
| X | Windows Loader Service | civsc.exe | Added by a variant of the RBOT WORM! | No |
| X | windows Loadxm | Win_.exe | Added by the FODDER-A TROJAN! | No |
| X | Windows Local ISP | winthcr.exe | Detected by Trend Micro as the SDBOT.ENZ BACKDOOR! See here | No |
| X | Windows Local Services | localsvc.exe | Added by the DLOADER-NY TROJAN! | No |
| X | Windows Local Services | netsvc.exe | Added by the DLOADER-NY TROJAN! | No |
| X | Windows Local Services | spoolsvc.exe | Added by the DLOADER-NY TROJAN! | No |
| X | Windows Local Services | svcadmin.exe | Added by the DLOADER-NY TROJAN! | No |
| X | Windows Local Services | svcman.exe | Added by the DLOADER-NY TROJAN! | No |
| X | Windows Local Services | svcrun.exe | Added by the DLOADER-NY TROJAN! | No |
| X | Windows Local Services | tcpsvc.exe | Added by the DLOADER-NY TROJAN! | No |
| X | Windows Local Services | websvc.exe | Added by the DLOADER-NY TROJAN! | No |
| X | Windows Locator | wsass.exe | Added by the IRCBOT.N TROJAN! | No |
| X | Windows Log Agent | winlogon.exe | Added by the KEYLOGGER.AVK TROJAN! Note - this is not the legitimate winlogon.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %ProgramFiles%\Common Files | No |
| X | Windows Logger | winlog.exe | Added by the NSHADOW-B TROJAN! | No |
| X | Windows logging | winlogd.exe | Added by the RBOT-ON WORM! | No |
| X | Windows logging | asgasg.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | Windows Logical Adapter | wsrsvc.exe | Detected by Kaspersky as the IRCBOT.ARU TROJAN! See here | No |
| X | Windows Logical Connection | wcnsvc.exe | Detected by Kaspersky as the VIRUT.AO VIRUS! See here | No |
| X | Windows Login | explored.exe | Added by the GAOBOT.SY WORM! | No |
| X | Windows Login | winlog.exe | Added by the AGOBOT.MG WORM! | No |
| X | Windows Login | lmss.exe | Added by the AGOBOT-JA WORM! | No |
| X | Windows Login | msnmsgr.exe | Added by the AOGBOT-UC WORM! Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %System% | No |
| X | Windows Login | login.exe | Detected by NOD32 as a variant of the BIFROSE TROJAN! | No |
| X | Windows Login Folder | winzep.exe | Added by the AGOBOT-TZ WORM! | No |
| X | Windows Login Manager | winlogin.exe | Added by a variant of the SDBOT WORM! | No |
| X | Windows Login Security | winlogin.pif | Added by an unidentified WORM or TROJAN! | No |
| X | Windows Login Service | winlog.exe | Added by the RBOT-AFN WORM! | No |
| X | Windows Login Service | winlogin.pif | Added by the SDBOT-ACU WORM! | No |
| X | Windows Logon | winlogin.exe | Added by the SPYBOT-C TROJAN! | No |
| X | Windows Logon | winlogon.exe | Detected by Kaspersky as the VB.HE VIRUS! See here. Note - this is not the legitimate winlogon.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %ProgramFiles%\Common Files\system | No |
| X | Windows Logon Application | WinIogon.exe | Added by the LINKBOT.M WORM! | No |
| X | Windows Logon Application | logon.exe | Added by the POEBOT-J WORM! | No |
| X | Windows Logon Application | services.exe | Added by the CIADOOR-L TROJAN! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Windows or Winnt folder | No |
| X | Windows Logon Application | win32help.exe | Added by the DELBOT-X WORM! | No |
| X | Windows Logon Application | winlogon.exe | Added by the POEBOT-KW WORM! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup! | No |
| X | Windows Logon Application | winamp.exe | Added by the POEBOT-LR WORM! Note - this is NOT the popular Winamp media player which resides in a "Winamp" subdirectory of the Program Files directory | No |
| X | Windows Logon Applicationedc | winlogon.exe | Added by the DWNLDR-HGR TROJAN! Note - this is not the legitimate winlogon.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %UserProfile% | No |
| X | Windows Logon Manager | logon.exe | Added by a variant of the RBOT WORM! | No |
| X | Windows Logon Procedure | Svchoste.exe | Added by a variant of the SPYBOT WORM! | No |
| X | Windows Logon Procedure | Svchosta.exe | Added by a variant of the SPYBOT WORM! | No |
| X | windows logon procedure | winlogonpc.exe | Added by the WINLOGON TROJAN! | No |
| X | Windows Logon Service | winlogon.pif | Added by the RBOT-AOU WORM! | No |
| X | Windows Logon Service | napi32.exe | Added by the SPYBOT.ANDM WORM! | No |
| X | Windows LoL Layer | gqwdcr.exe | Added by the AGOBOT-AHS WORM! | No |
| X | Windows LoL Layer | win.exe | Added by the RBOT-FTO WORM! | No |
| X | Windows LoL Layer | [random filename].exe | Added by the RBOT-GMD WORM! | No |
| X | Windows LoL Layer | pyvnpt.exe | Added by the RBOT-GKV WORM! | No |
| X | Windows LoL Layer | winlolx.exe | Added by the RBOT-FOR WORM! | No |
| X | Windows LoL Layer | azypbrx.exe | Added by the RBOT-GMZ WORM! | No |
| X | Windows LoL Layer | blvpnmcny.exe | Added by the RBOT-GOR WORM! | No |
| X | Windows Management Instrumentation | mwd.exe | Added by the GRAPS WORM! | No |
| X | Windows Management Instrumentation | [path to file] | Added by the QEDS-A WORM! | No |
| X | WINDOWS MANAGEMENT SYSTEM | wm1exe.exe | Added by the RBOT-VT WORM! | No |
| X | Windows Manager | winmants.exe | Added by the MANTAS WORM! | No |
| X | Windows Manager | winsrv.exe | Added by a variant of the AGOBOT/GAOBOT WORM! | No |
| X | Windows Manager Update Inc | tgb.exe | Added by the SDBOT-ACM WORM! | No |
| X | Windows mangement | winlogonn.exe | Added by the RANDEX.FC WORM! | No |
| X | Windows Media AP | winmapp.exe | Added by an unidentified WORM or TROJAN! | No |
| X | Windows Media APP | wmapp.exe | Added by an unidentified WORM or TROJAN! | No |
| N | Windows Media Center | RunDLL32.exe ehuihlp.dll, BootMediaCenter | Starts Windows Media Center every time Windows Vista (Home Premium or Ultimate) boots. Disable by unchecking the "Start Windows Media Center when Windows Starts" option via Windows Media Center -> Tasks -> Settings -> General -> Startup and Window Behaviour | No |
| N | Windows Media Connect 2 | WMCCFG.exe | Windows Media Connect from Microsoft - stream digital media files on your computer to digital media receivers (DMRs) that are connected to your home network | No |
| X | Windows Media Driver | msnger.exe | Added by a variant of the RBOT WORM! | No |
| X | Windows Media Loader | wmloader.exe | Added by a variant of the GAOBOT WORM! | No |
| X | Windows Media Player | wmediaplayer.exe | Added by the AGOBOT-NQ WORM! | No |
| X | Windows Media Player | MediaPIayer.exe | Added by the SDBOT-QO TROJAN! Note - the lower case "l" in "MediapIayer" is a capital "i" | No |
| X | Windows Media Player | [random filename] | Added by a variant of the RBOT WORM! | No |
| X | Windows Media Player | msa.exe | Added by the RBOT-SI WORM! | No |
| X | Windows Media Player | mcafe32.exe | Added by the RBOT-YO WORM! | No |
| X | Windows Media Player | wmplayer.exe | Added by the KELVIR.G WORM or variants! Note - this is not the valid Windows Media Player as the executeable resides is C:WindowsSystem (Win9x/Me), C:WinntSystem32 (WinNT/2K) or C:WindowsSystem32 (WinXP) rather than C:Program FilesWindows Media Player | No |
| X | Windows Media Player | 50cent.exe | Added by a variant of the RBOT WORM! | No |
| X | Windows Media Player | mpwe.exe | Added by the RBOT-TT WORM! | No |
| X | Windows Media Player | msams.exe | Added by the RBOT.AHR WORM! | No |
| X | Windows Media Player | vmmreg32.exe | Added by the AGENT.AQO TROJAN! | No |
| X | Windows Media Player 3.6 | wmpa36.exe | Added by a variant of the RBOT WORM! | No |
| X | Windows Media Player 3.6b | WMPA36B.EXE | Added by the RBOT-VV WORM! | No |
| X | Windows Media Player 3.6d | wmpa36d.exe | Added by the RBOT-YA WORM! | No |
| X | Windows Media Player 3.9 | wmpa36.exe | Added by a variant of the RBOT WORM! | No |
| X | Windows Media Player Service | wmedia.exe | Added by the RBOT.213504 WORM! | No |
| X | Windows Media Player Update | [random filename] | Added by the RBOT-ET WORM! | No |
| N | Windows Media Powerpoint Helper | NSPPTHLP.EXE | German software (comes with some Toshiba CD writers) that helps convert Powerpoint files to ASF (Streaming Media) files. Available via Start -> Programs | No |
| X | Windows Media Server | wmserv.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Windows Media Server! | wmserver.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Windows media service | crvss.exe | Added by the SDBOT.VP WORM! | No |
| X | Windows media service | crsss.exe | Added by the RBOT.ACY WORM! | No |
| X | Windows media service | Sygate32.exe | Added by the RBOT.ADE WORM! | No |
| X | Windows media services | cvrsss.exe | Added by the RBOT-MW WORM! | No |
| X | Windows Media SP.2.37 | [random filename] | Added by the LEMIR.C TROJAN! | No |
| X | Windows Media Updater | crease.exe | Added by the RBOT-ATI WORM! | No |
| X | Windows Media Upgrade | NeUpgrade.exe | Added by the RBOT.BMF TROJAN! | No |
| X | Windows Media Utility | wmediautil.exe | Added by a variant of the SPYBOT WORM! | No |
| X | Windows Memory Drivers | memretain.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | Windows Memory Manager | windowsmem.exe | Added by a variant of the IRCBOT TROJAN! See here | No |
| X | Windows Memory Running Services | memrun.exe | Detected by Kaspersky as the IRCBOT.BLL TROJAN! See here | No |
| X | Windows Memory Sharing | memoryshr.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | Windows Memory Sharing | memshare.exe | Detected by Trend Micro as the IRCBRUTE.AG TROJAN! See here | No |
| X | Windows Memory Sharing | memshr.exe | Detected by PCTools as the IRCBOT.WCH TROJAN! See here | No |
| X | Windows Messanger Control Center | svchosl.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Windows Messanger Control Center | svhost.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Windows Messanger Control Center | winlogin.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Windows Messanger Control Center | winlogon.exe | Added by a variant of the IRCBOT BACKDOOR! See here. Note - this is not the legitimate winlogon.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | Windows Messanger Control Center | winsys.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Windows messenger | messengers.exe | Added by the MYTOB.EI WORM! | No |
| X | Windows Messenger | msnsmgs.exe | Added by the RBOT-ANJ WORM! | No |
| X | Windows Messenger | msnmsg.exe | Added by the SPYBOT.BV WORM! | No |
| X | Windows Messenger Connect | wmdsvc.exe | Detected by Trend Micro as the SLENFBOT.S WORM! See here | No |
| X | Windows Messenger Fileshare | wivsvc.exe | Detected by Symantec as the SILLYIM WORM! See here | No |
| X | Windows Messenger Live MSN | winlivemsnmessenger.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| X | Windows Messenger Live Startup | windowslivemsn.exe | Added by an unidentified WORM or TROJAN! See here | No |
| X | Windows Messenger Live Startup | windowsmsnlive.exe | Detected by Kaspersky as the DELF.DAX TROJAN! See here | No |
| X | Windows Messenger Messenger | winmsg.exe | Added by the VELKBOT.A WORM! | No |
| X | Windows Messenger Panel | wbcsvc.exe | Added by the IRCBOT.ADA BACKDOOR! | No |
| X | Windows Messenger Service | winsmsgr.exe | Added by the RBOT-VW WORM! | No |
| X | Windows Messenger Service | kaspersky.exe | Added by the MYTOB.HY WORM! | No |
| X | Windows Messenger Share | wmssvc.exe | Added by a variant of the IRCBOT TROJAN! See here | No |
| X | Windows Messenger Starter | wmvsvc.exe | Detected by Trend Micro as the SLENFBOT.T WORM! See here | No |
| X | Windows MeTaLRoCk service | metalrock.exe | Added by the TASTYRED TROJAN! | No |
| X | Windows Micro Drivers | wupdates32.exe | Added by the RBOT-AEH WORM! | No |
| X | Windows Microsoft Service | [random filename] | Added by the AGENT-HCD TROJAN! | No |
| X | Windows Microsoft Services | [8 random letters].exe | Detected by Trend Micro as the KOLAB.AW WORM! See here for an example | No |
| X | Windows Microsoft Update | wintask32.exe | Added by a variant of the SDBOT WORM! | No |
| X | Windows Microsoft Verifier | winauth23.exe | Added by a variant of the RBOT WORM! | No |
| U | Windows Mobile Device Center | wmdc.exe | Windows Mobile Device Center for Windows Vista. Replaces Microsoft ActiveSync and provides overall device management features for your Windows Mobile powered devices for Windows Vista | No |
| U | Windows Mobile-based device management | wmdSync.exe | Part of Windows Mobile Device Center in Vista. Microsoft Windows Mobile Device Center enables you to set up new partnerships, synchronize content and manage music, pictures and video with Windows Mobile powered devices (Windows Mobile 2003 or later) | No |
| U | Windows Mobile-based device management | wmdc.exe | Windows Mobile Device Center for Windows Vista. Replaces Microsoft ActiveSync and provides overall device management features for your Windows Mobile powered devices for Windows Vista | No |
| X | Windows mod Verifier | Windows-mod.exe | Added by the RBOT.DSU WORM! | No |
| X | Windows modez Verifier | w1nz0zz0.exe | Added by a variant of the SDBOT WORM! | No |
| X | Windows modez Verifier | Window2.exe | Added by a variant of the RBOT WORM! | No |
| X | Windows modez Verifier | WindowsLogon.exe | Added by a variant of the SDBOT WORM! | No |
| X | Windows modez Verifier | Wwuamguard.exe | Added by the RBOT.EZJ WORM! | No |
| X | Windows modez Verifier | winlogom.exe | Added by a variant of the RBOT WORM! | No |
| X | Windows modez Verifier | Windows-.exe | Added by the RBOT-DIO WORM! | No |
| X | Windows modez Verifier | taskmngr.exe | Added by a variant of the RBOT WORM! | No |
| X | Windows modez Verifier | winl0g0z.exe | Added by the RBOT-FNB WORM! | No |
| X | Windows modez Verifier | wuamguard.exe | Detected by Kaspersky as the RBOT.CYA TROJAN! See here | No |
| X | Windows Monitor | winmon.exe | Added by the SDBOT.VB WORM! | No |
| X | Windows Monitor | arsetup.exe | Added by the SPAZBOX.A TROJAN! | No |
| X | Windows Monitor Services | winmonitor.exe | Added by the RBOT-XX WORM! | No |
| X | Windows Monitoring Service | winmon.exe | Added by a variant of the SDBOT WORM! | No |
| X | Windows More Choice | TopContext.exe | ZQuest adware | No |
| X | Windows Mouse Services | winmouse.exe | Added by the CHECKOUT WORM! See here | No |
| X | Windows Mouse Services | winmouse64.exe | Detected by Trend Micro as the IRCBOT.AIA TROJAN! See here | No |
| X | Windows Mouse Utilities | mouseutils.exe | Added by the RBOT-ABU WORM! | No |
| X | Windows ms Drivers | msnup32.exe | Added by the SDBOT-AAL WORM! | No |
| X | Windows MS Update 32 | fhm.exe | Added by the IRCBOT.GEN WORM! | No |
| X | Windows MS Update 32 | sucker.exe | Added by the FORBOT-GJ WORM! | No |
| X | Windows MSConfig Startup Logger | winlog.exe | Added by the RBOT.BCU WORM! | No |
| X | Windows MSN | MSN.msn | Added by the TRIXCU.A WORM! | No |
| X | Windows Msn Live Messanger | msnmsgsman.exe | Added by a variant of the SDBOT WORM! | No |
| X | Windows MSN Live Messanger | wmsnlive.exe | Detected by Kaspersky as the RBOT.BMV TROJAN! See here | No |
| X | Windows MSN Live Messanger | livemsngs.exe | Detected by Kaspersky as the RBOT.BMV BACKDOOR! See here | No |
| X | Windows MSN Live Messenger | winlivemsn.exe | Added by an unidentified WORM or TROJAN! See here | No |
| X | Windows MSN Live Messenger | winmessengerlive.exe | Detected by Kaspersky as the IRCBOT.EAD BACKDOOR! See here | No |
| X | Windows MSN Updates | wnd32.exe | Added by the IRCBOT-ABA TROJAN! | No |
| X | Windows MSN2 XP | swchost.exe | Detected by Trend Micro as the KOLAB.AA WORM! See here | No |
| X | Windows MSX drivers | winmsx.exe | Added by the RBOT-AYG TROJAN! | No |
| X | Windows Net Cfg | service.exe | Added by a variant of the RBOT WORM! | No |
| X | Windows NetDDe | wrmana32.exe | Added by the MYTOB.IM WORM! | No |
| X | Windows Nets | WinNET.exe | Added by the RBOT-MO WORM! | No |
| X | Windows NetStart Service | winsN2S.exe | Added by the RBOT-ZX WORM! | No |
| X | Windows NetStart Service2 | winsN2S.exe | Added by the RBOT-ABN WORM! | No |
| X | Windows NetStart Service2 | winsN2SD.exe | Added by a variant of the RBOT WORM! | No |
| X | Windows Netsystem Layer | Netsystem.exe | Added by the RBOT.BEI WORM! | No |
| X | Windows Network Controller | Mqguard.exe | Added by the FORBOT-CL WORM! | No |
| X | Windows Network Controller | WinxPupd.exe | Added by the FORBOT-DK WORM! | No |
| X | Windows Network Controller | winmms32.exe | Added by the FORBOT-ED WORM! | No |
| X | Windows Network Controller | wingmt.exe | Added by a variant of the SDBOT WORM! | No |
| X | Windows Network Controller | Win9x.exe | Added by the WOOTBOT.I WORM! | No |
| X | Windows Network Firewall | firewall.exe | Added by the POEBOT-J WORM! | No |
| X | Windows Network Logon | npesvc.exe | Detected by Trend Micro as the AGENT.ERZ TROJAN! See here | No |
| X | Windows Network Service | winvc32.exe | Added by the RBOT.RY WORM! | No |
| X | Windows Network Service | Msconf32.exe | Added by a variant of the RBOT WORM! | No |
| X | Windows Network Services | winnetwork.exe | Added by a variant of the IRCBOT TROJAN! See here | No |
| X | Windows Network Services | winnetwork128.exe | Added by the CHECKOUT WORM! See here | No |
| X | Windows Network Services | winnetwork32.exe | Added by a variant of the IRCBOT TROJAN! See here | No |
| X | Windows Network Services | winnetwork64.exe | Added by a variant of the IRCBOT TROJAN! See here | No |
| X | Windows Network Session | nspsvc.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Windows Networking | winsys32.exe | Added by the GAOBOT.FL WORM! | No |
| X | Windows Networking Monitor | mdm.exe | Added by a variant of the IRCBOT BACKDOOR! Note - this is not the legitimate Machine Debug Manager (mdm.exe) process which is always located in %ProgramFiles%Microsoft Shared. This one is located in %System% | No |
| X | Windows Networking Monitorin | xmdmx.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Windows Networking Monitoring | mdm.exe | Added by the IRCBOT.AKZ WORM! Note - this is not the legitimate Machine Debug Manager (mdm.exe) process which is always located in %ProgramFiles%\Microsoft Shared. This one is located in %System% | No |
| X | Windows Networks | netcog.exe | Added by the MYTOB.FH WORM! | No |
| X | Windows Nivedia Driver | sysMGT.exe | Added by a variant of the RBOT WORM! | No |
| X | Windows NNT | [path to trojan] | Added by the RANKY.E TROJAN! | No |
| X | Windows NT 32 | ntlogin32.exe | Added by the RANDEX.BRD WORM! | No |
| X | Windows NT Login | ntlogin32.exe | Added by the SDBOT.WG WORM! | No |
| X | Windows NT Login Session Manager | WNSM.EXE | Added by the RBOT.BIV WORM! | No |
| X | Windows NT Logon Application | winlogon.scr | Added by the RBOT-ALP WORM! | No |
| X | Windows NT Service Name | winshock.exe | Added by the RBOT-PK WORM! | No |
| X | Windows NT Service Name | svchcst.exe | Added by the RBOT-NV WORM! | No |
| X | Windows NT Session Manager | sess.exe | Added by a variant of the RBOT WORM! | No |
| X | Windows NT Update Manager | WINL0G0N.exe | Added by the AGOBOT-NU WORM! Note that those are zeroes in the filename and not capital "o" | No |
| X | Windows NTFS Volume Manage | [6 random letters].exe | Detected by Kaspersky as the RBOT.EDL TROJAN! See here | No |
| X | Windows OEM Tools | winres32.exe | Added by the SPYBOT.FD WORM! | No |
| X | Windows Offical Netvvorks | mywriter32.exe | Added by a variant of the SDBOT WORM! See here | No |
| X | Windows Office Monitor | emdm.exe | Detected by Trend Micro as the RBOT.GJO TROJAN! See here | No |
| X | Windows OLE Automation Server | ole32aut.vbe | CoolWebSearch parasite variant | No |
| X | Windows Online Updater | dllman.exe | Added by the RBOT-TE WORM! | No |
| X | Windows Pc | winmgr.exe | Added by the BIBOT-A WORM! | No |
| X | Windows PDG | winpdg.exe | Added by the RBOT-ADW WORM! | No |
| X | Windows Performance Monitor | wmscupd.exe | Added by the IRCBOT_GEN WORM! | No |
| X | Windows PNP | winpnp.exe | Added by the RBOT-AKN WORM! | No |
| X | Windows PNP Server | pnpsrv.exe | Added by the MS05-039 variant of the SDBOT WORM! | No |
| X | Windows Pool Manager | poolsc.exe | Added by the OBOT.CH WORM! | No |
| X | Windows Pool Setup | poolmc.exe | Added by the IRCBOT.RU BACKDOOR! | No |
| X | Windows Population Logger | winpo32.exe | Added by the AGENT.YKR WORM! | No |
| X | Windows Portable Device Drivers | MSKSVRVS.EXE | Added by a TROJAN - see here | No |
| X | Windows Portable Devices | MSKSVRTSS.EXE | Added by the SPYBOT.APEO WORM! | No |
| X | Windows Print Monitor Daemon | [random filename].exe | Added by a variant of the SDBOT WORM! | No |
| ? | Windows Print Spooler | SCVHOSTS.EXE | Suspicious due to the similarity to the valid "svchost.exe" file | No |
| X | Windows Print Spooler | NavAgent32.exe | Added by an unidentified VIRUS, WORM or TROJAN! | No |
| X | Windows Print Spooler | SVEHOST.EXE | Added by the SPYBOT.H WORM! | No |
| X | Windows Printing Driver | WinPrint.exe | Added by a variant of the RBOT WORM! | No |
| X | Windows Printing Driver | WinSpooler.exe | Added by an unknown malware | No |
| X | Windows Process | win_update.exe | Added by the LASTWORD WORM! | No |
| X | Windows Process Manager | winproc.exe | Added by an unidentified WORM or TROJAN! | No |
| X | Windows Processe Manager | mspn32.exe | Added by a variant of the RBOT WORM! | No |
| X | Windows Proffesional Security | WinSecure32.exe | Added by the AGOBOT.VA WORM | No |
| X | Windows Protected Storage | npssvc.exe | Added by the IRCBOT.AUL BACKDOOR! | No |
| X | Windows Protectot | boxide.exe | Added by a variant of the WOOTBOT WORM! | No |
| X | Windows Recavery Adware | lsass.exe | Added by an unidentified TROJAN - see here. Note - this is not the legitimate lsass.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! | No |
| X | Windows Recylinder Check | zwdomsgemw.exe | Added by the RBOT-EGJ WORM! | No |
| X | Windows Reg Services | ffservice.exe | Added by the DLOADER-PL or DLOADER-XM TROJANS! | No |
| X | Windows Reg Services | dservice.exe | Added by the PRORAT-D TROJAN! | No |
| X | Windows Reg Services | fservice.exe | Added by the PRORAT-D TROJAN! | No |
| X | Windows Reg Services | ssservice.exe | Added by the PRORAT-D TROJAN! | No |
| X | Windows Reg Services | lncom.exe | Added by the PRORAT-O TROJAN! | No |
| X | Windows Reg Services | lservice.exe | Added by the PRORAT-O TROJAN! | No |
| X | Windows Reg Services | wservice.exe | Added by the PRORAT-O TROJAN! | No |
| X | WINDOWS REGISTER EDIT | registr32.exe | Added by an unidentified WORM or TROJAN! | No |
| X | Windows Register Settings | svmhost.exe | Added by a variant of the FORBOT WORM! | No |
| X | Windows Registers | winservicess.exe | Added by a variant of the SDBOT WORM! | No |
| X | Windows Registery Center | svhchosts.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Windows Registry | msnmsg.exe | Added by a variant of the RBOT WORM! | No |
| X | Windows Registry | winhost.exe | Added by a variant of the RBOT WORM! | No |
| X | Windows Registry Cleaner | winclean.exe | Added by a variant of the SPYBOT WORM! | No |
| X | Windows Registry Control | winreg.exe | Added by a variant of the IRCBOT TROJAN! See here | No |
| X | Windows Registry DLL | winregdll.exe | Detected by Trend Micro as the IRCBOT.FB TROJAN! See here | No |
| X | Windows Registry Express Loader | regexpress.exe | Added by the FORBOT-CJ WORM! | No |
| X | Windows Registry Manager | tasksmanagers.exe | Added by the MYTOB.ER WORM! | No |
| X | Windows Registry Name | [random filename] | Added by the RBOT-AEB WORM! | No |
| X | Windows Registry Name | winses.exe | Added by the RBOT-ADB WORM! | No |
| U | Windows Registry Repair Pro | RegistryRepairPro.exe | Registry Repair Pro. "Scans the Windows Registry for invalid or obsolete information in the registry" | No |
| X | Windows Registry Scan | regscan32.exe | Added by the RBOT.KE WORM! | No |
| X | Windows Registry Scan | timeupdate.exe | Added by the SPYBOT.JE WORM! | No |
| X | Windows Registry Scan | svcdll.exe | Added by the RBOT-TP WORM! | No |
| X | Windows Registry Scan | regscan23.exe | Added by a variant of the RBOT WORM! | No |
| X | Windows Registry Scan | regscan.exe | Added by the RBOT-HA WORM! | No |
| X | Windows Registry Scan | winmedia.exe | Added by the SPYBOT.GK WORM! | No |
| X | Windows Registry Security | crss.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | Windows Registry Services | regserv.exe | Added by a variant of the IRCBOT TROJAN! See here | No |
| X | Windows Registry Startup | wind32.exe | Added by the AGOBOT-BZ WORM! | No |
| X | Windows Registry XP | winxptdl.exe | Added by the IRCBOT.AUN WORM! | No |
| X | Windows Relay Service | ipcbind.exe | Added by the DELFINJECT.F TROJAN! | No |
| X | Windows Relay Service | irfnga.exe | Added by the DROPPER.ACO TROJAN! | No |
| X | Windows Remote Addressing | wnpcgs.exe | Added by the DELF-EZN TROJAN! | No |
| X | Windows Remote Launcher | wnpmcs.exe | Detected by Kaspersky as the IRCBOT.ASX TROJAN! See here | No |
| X | Windows Repair | toxikx.exe | Added by the SDBOT-ADL WORM! | No |
| X | Windows report | swchost.exe | Added by the SMALL-BD TROJAN! | No |
| X | Windows Rescue System | winsto.exe | Detected by Kaspersky as the SUURCH.CG TROJAN! See here | No |
| X | Windows Reverse Preperation | winrvp.exe | Added by a variant of the IRCBOT TROJAN! See here | No |
| X | Windows Reversed Virus Protection | winrsvp.exe | Added by a variant of the IRCBOT TROJAN! See here | No |
| X | windows run | system.exe | Added by the ICPASS-A WORM! | No |
| X | Windows Run-Time 64bit | win64rt.exe | Added by a variant of the RBOT WORM! | No |
| X | Windows Running DLL Service | rundll128.exe | Added by the IRCBOT.XDH BACKDOOR! | No |
| X | Windows Running DLL Service | rundll64.exe | Added by a variant of the IRCBOT TROJAN! See here | No |
| X | Windows Runtime Help | win32hlp.exe | Added by a variant of the AIMVISION TROJAN! | No |
| X | Windows Runtime Help | WinRunHelp.wrh | Added by a variant of the AIMVISION TROJAN! | No |
| X | Windows Runtime Proccess | 32RUNdll.exe | Added by the SDBOT.QW WORM! | No |
| X | Windows SA | omniscient.exe | BLAZEFIND adware | No |
| X | Windows Scheduler | wmscheduler.exe | Added by a variant of the SDBOT WORM! See here | No |
| X | Windows Scheduler! | scheduler.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Windows Screensaver | Service.exe | Added by the KELVIR.P WORM! | No |
| X | WINDOWS SCREENSAVER | ssaver.scr | Added by the SDBOT-YZ WORM! | No |
| X | Windows secure | setver32.exe | Added by the SPYBOT.EP WORM! | No |
| X | Windows Secure Connection | winsc.exe | Added by the SDBOT.BTN WORM! | No |
| X | Windows Secure Layer | [random filename] | Added by the RBOT.DRF WORM! | No |
| X | Windows Secure Messaging System | msnmsgrsrvc.exe | Added by the RBOT-RE WORM! | No |
| X | Windows Secure Services | ssms.exe | Added by the RBOT-GAR WORM! | No |
| X | Windows Secure talal32 | [7 random letters].exe | Detected by Kaspersky as the RBOT.HTP TROJAN! See here | No |
| X | Windows Secure Update | winupser.exe | Added by the RBOT-GCG WORM! | No |
| X | Windows Secure Update | WinSecUp.exe | Added by the RBOT-GCD WORM! | No |
| X | Windows Secure Update | load.exe | Added by the FORBOT-GU WORM! | No |
| X | WINDOWS SECURITY | wingrd.exe | Added by a variant of the RBOT WORM! | No |
| X | Windows Security | win.pif | Added by the RBOT-APT WORM! | No |
| X | Windows Security | ms32.pif | Added by the RBOT-ARN WORM! | No |
| X | Windows Security | winscure.exe | Added by the RBOT-BAF WORM! | No |
| X | Windows Security Assistant | rundll32.vbe | CoolWebSearch Alfasearch parasite variant - also detected as the STARTPA-U TROJAN! | No |
| X | Windows Security Assistant | winsec.exe | CoolWebSearch parasite variant | No |
| X | Windows Security Authority Service | lsass.exe | Added by the KALEL-A WORM! Note - this is not the legitimate lsass.exe process, which should not appear in Msconfig/Startup! | No |
| X | Windows Security Center Notification App | wscnfty.exe | Added by a variant of the RBOT WORM! | No |
| X | Windows Security Center Notification Appls | sxe.exe | Added by the RBOT-GKX WORM! | No |
| X | Windows Security Center Notification Applse | sxes.exe | Added by the RBOT-GLR WORM! | No |
| X | Windows Security Center Notification Applse | os.exe | Added by a variant of the RBOT-GLR WORM! | No |
| X | Windows Security Center Notification Applsee | sysecurex.exe | Added by a variant of the RBOT-GKX WORM! | No |
| X | Windows Security Manager | winsecurity.exe | Added by the AGOBOT-KI WORM! | No |
| X | Windows Security Manager | winsecure.exe | Affilred adware | No |
| X | Windows Security Manager | svchost.exe | Added by the ANTINNY.AX WORM!! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "Microsoft" subfolder | No |
| X | Windows Security Module | module.exe | Added by a variant of the RBOT WORM! | No |
| X | Windows Security Policy | lsass32.exe | Added by the AGOBOT-CR WORM! | No |
| X | Windows Security Service | [random file name] | Added by the RBOT-ALV WORM! | No |
| X | Windows Security Service | arrdt.exe | Added by a variant of the RBOT WORM! | No |
| X | Windows Security Service | windows.pif | Added by the RBOT-AMG WORM! | No |
| X | Windows Security Survy | svchosl.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Windows Security Update | security32.exe | Affilred adware | No |
| X | Windows Serv Patch | Mcaffe2005.exe | Added by a variant of the RBOT WORM! | No |
| X | Windows Servce Agent | [random filename] | Added by a variant of the IRCBOT TROJAN! | No |
| X | Windows Servcesc | [9 random letters].exe | Added by a variant of the SDBOT WORM! See here | No |
| X | Windows ServeAd | WinServAd.exe | Windupdates adware variant | No |
| X | Windows Server | winserv.exe | Added by the IRCBOT.AVM BACKDOOR! | No |
| X | Windows Server Client Verification Service | wscvs.exe | Added by the AGENT.AWC TROJAN! | No |
| X | Windows Server Drivers | syssrv.exe | Added by a variant of the IRCBOT TROJAN! See here | No |
| X | Windows Server Information | servinfo.exe | Added by the FORBOT-EN WORM! | No |
| X | Windows Server IP Verification Service | wsivs.exe | Added by an unidentified WORM or TROJAN! See here | No |
| X | Windows Server Peer Verification Service | wspvs.exe | Added by a variant of the RANKY TROJAN! | No |
| X | Windows Server! | winsvr.exe | Added by the IRCBOT.AYC BACKDOOR! | No |
| X | Windows Servic2 | winsy.exe | Added by the RBOT-AIA WORM! | No |
| X | Windows service | wuamgrd.exe | Added by the RBOT-QW WORM! | No |
| X | Windows Service | dddd.exe | Detected by Kaspersky as Dialer.Salc, also known to come with the Bube family of trojans | No |
| X | Windows Service | prvdi.exe | Malware - detected by Kaspersky as the SMALL.RD TROJAN! | No |
| X | Windows Service | video.exe | Added by an unidentified TROJAN! | No |
| X | Windows Service | svvhost.exe | Added by the AGOBOT-HL WORM! | No |
| X | Windows Service | private-zone.exe | Added by an unidentified WORM or TROJAN! | No |
| X | Windows Service | pd7.exe | Added by the SMALL.VZ TROJAN! | No |
| X | Windows Service | dstart4.exe | Added by an unidentified TROJAN! | No |
| X | Windows Service | pd14.exe | Adware - detected by DiamondCS TDS-3 anti-trojan as the DELF.DG TROJAN! | No |
| X | Windows Service | video2.exe | Added by the DOWNLOADER.SMALL.MY TROJAN! | No |
| X | Windows Service | services.exe | Added by the KALEL-A WORM! Note - this is not the legitimate services.exe process, which should not appear in Msconfig/Startup! | No |
| X | Windows Service | WINSVC.EXE | Added by the SPYBOT-DH TROJAN! | No |
| X | Windows Service | r.exe | Added by a variant of the SMALL.VZ TROJAN! | No |
| X | Windows Service | windowz.exe | Added by the SDBOT-AYI WORM! Note - dissables the automatic startup of other software and deactivates the Microsoft Internet Connection Firewall (ICF) | No |
| X | Windows Service Ag3nt | [6 random letters].exe | Detected by Trend Micro as the SDBOT.EZX TROJAN! See here | No |
| X | Windows Service Agent | czf.exe | Added by the RBOT-GAJ WORM! | No |
| X | Windows Service Agent | [random filename].exe | Added by the IRCBOT-XE TROJAN! | No |
| X | Windows Service Agent | agl23.exe | Added by the RBOT-GQU WORM! | No |
| X | Windows Service Agent | co0l.exe | Added by the RBOT-GQY WORM! | No |
| X | Windows Service Agent | dsass.exe | Added by the RBOT.MIRCO.BNG WORM! | No |
| X | Windows Service Agent | msnmagr.exe | Added by a variant of the SLAPER TROJAN! | No |
| X | Windows Service Agent | taskmgr32.exe | Added by the RBOT-GMN WORM! | No |
| X | Windows Service Agent | win32wins.exe | Added by the RBOT-LOL WORM! | No |
| X | Windows Service Agent | winup32.exe | Added by the RBOT-GQX WORM! | No |
| X | Windows Service Agent | winupds32.exe | Added by the RBOT-GQT WORM! | No |
| X | Windows Service Agent | wit.exe | Added by the RBOT-GQV WORM! | No |
| X | Windows Service Agent | wmscc.exe | Added by the RBOT-GQP WORM! | No |
| X | Windows Service Agent | spoolvs.exe | Added by the RBOT-GXI WORM! | No |
| X | Windows Service Agent | msngerr.exe | Added by the RBOT.EOZ WORM! | No |
| X | Windows Service Agent | mssngear.exe | Detected by Kaspersky as the RBOT.KGU BACKDOOR! See here | No |
| X | Windows Service Agent 32 | mrthd.exe | Added by the AGENT-GAQ TROJAN! | No |
| X | Windows Service Agnts | [8 random letters].exe | Detected by Trend Micro as the SDBOT.BCQ WORM! See here for an example | No |
| X | Windows Service Ajav | java128.exe | Added by the RBOT.BNG WORM! | No |
| X | Windows Service alge | [random filename] | Detected by Trend Micro as the RBOT.GJO TROJAN! See here | No |
| X | Windows Service Controller | services.exe | Added by the KALEL-B WORM! Note - this is not the legitimate services.exe process, which should not appear in Msconfig/Startup! | No |
| X | Windows Service Controller Agent | taksmgr.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Windows Service DC | uhpnjcjl.exe | Added by the RBOT-GLY WORM! | No |
| X | Windows Service help | winservices.exe | Added by the DROPPER.TT TROJAN! | No |
| X | Windows Service Host | scvhost.exe | Added by the SDBOT.N TROJAN! | No |
| X | Windows Service Host | svchost.exe | Added by the CONE.B WORM! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in the Winnt or Windows folder | No |
| X | Windows Service Host | svchost.exe | Added by the KALEL-C WORM! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup! | No |
| X | Windows Service Host | schost.exe | Added by the GAOBOT.AO WORM! | No |
| X | Windows Service Host Process | [path to file] | Added by the EZIO-A WORM! | No |
| X | Windows Service Hosting | USERINIT.exe | Added by the GOMMER-A WORM! | No |
| X | Windows Service Layer | config.exe | Added by the RBOT.DDJ WORM! | No |
| X | Windows Service Loader | Window.exe | Added by the RBOT-XO WORM! | No |
| X | Windows Service Manager | userint32.exe | Added by the OSCABOT-C WORM! | No |
| X | Windows Service Manager | localsvc.exe | Added by the DLOADER-NY TROJAN! | No |
| X | Windows Service Manager | msgs.exe | Added by the OSCABOT-E WORM! | No |
| X | Windows Service Manager | msnmrg.exe | Added by the OSCABOT-G WORM! | No |
| X | Windows Service Manager | netsvc.exe | Added by the DLOADER-NY TROJAN! | No |
| X | Windows Service Manager | spoolsvc.exe | Added by the DLOADER-NY TROJAN! | No |
| X | Windows Service Manager | svcadmin.exe | Added by the DLOADER-NY TROJAN! | No |
| X | Windows Service Manager | svcman.exe | Added by the DLOADER-NY TROJAN! | No |
| X | Windows Service Manager | svcmgr32.exe | Added by the OSCABOT-D WORM! | No |
| X | Windows Service Manager | svcrun.exe | Added by the DLOADER-NY TROJAN! | No |
| X | Windows Service Manager | tcpsvc.exe | Added by the DLOADER-NY TROJAN! | No |
| X | Windows Service Manager | websvc.exe | Added by the DLOADER-NY TROJAN! | No |
| X | Windows Service Manager | taskmgr.exe | Detected by Kaspersky as the IAMBIGBROTHER.91 TROJAN! Note - this is not the legitimate taskmgr.exeprocess which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "fonts\svc" sub-folder | No |
| X | Windows Service Manager | initsvc.exe | Added by the RBOT-BWT WORM! | No |
| X | Windows Service Pack 2 | WindowsSP2.exe | Added by the SDBOT-TQ WORM! | No |
| X | Windows Service Pack Auto Update | winworks.exe | Adware downloader - detected by eScan antivirus as the AGENT.BT TROJAN! | No |
| X | Windows Service Pack Auto Update | figgaz.exe | Detected by Kaspersky as the AGENT.BT TROJAN! | No |
| X | Windows Service Pack Auto Update | ballin.exe | Added by an unidentified WORM or TROJAN! | No |
| X | Windows Service Pack Auto Update | del-me.exe | Adware, also detected as the LOWZONES.BH TROJAN! | No |
| X | Windows Service Pack2 | svchhost.exe | Added by a variant of the RBOT WORM! | No |
| X | Windows Service Pack2 | WIN43.EXE | Added by the GAOBOT.G WORM! | No |
| X | Windows Service Supply | winsupply.exe | Detected by Kaspersky as the IRCBOT.BFB TROJAN! See here | No |
| X | Windows Service Support Call | SVSS32.EXE | Added by the RBOT-XQ WORM! | No |
| X | Windows Service SV | sv32.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | Windows Service Threads | svcthreading.exe | Added by the SHEUR.AUM TROJAN! | No |
| X | Windows Service Threads | svcthreads.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Windows Service Update | livecal.exe | Added by the SDBOT-DEY WORM! | No |
| X | Windows Service Update | crsss.exe | Added by the SDBOT.CWX WORM! | No |
| X | Windows Service Update | mswsgs.exe | Added by the RBOT.FQB WORM! | No |
| X | Windows Service Utitity | winsrvc.exe | Added by the RBOT-ASI WORM! | No |
| X | Windows Service XP | XpFirewall.exe | Added by the MYTOB.AM WORM! | No |
| X | Windows Servicer | xqobypik.exe | Added by the SDBOT-DFB WORM! | No |
| X | Windows Services | service.exe | Added by the RANDEX.R WORM! | No |
| X | Windows Services | svchosts.exe | Added by the AGOBOT-KL TROJAN! | No |
| X | Windows Services | Explorer.exe | Added by the SDBOT-WT WORM! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System% | No |
| X | Windows Services | NetworkDriver32.exe | Added by the RBOT-ACR WORM! | No |
| X | Windows Services | scmsg.exe | Added by a variant of the SDBOT WORM! | No |
| X | Windows Services | scvhoste.exe | Added by the SPYBOT.OBZ WORM! | No |
| X | Windows Services | winsvc32.exe | Added by the MYTOB-CB WORM! | No |
| X | Windows Services | NetworkDrivers.exe | Added by the SDBOT-YO WORM! | No |
| X | Windows Services | smsc.exe | Added by a variant of the SDBOT WORM! | No |
| X | Windows Services | spoolsvc.exe | Added by the SDBOT.CPZ WORM! | No |
| X | Windows Services | iexplore.exe | Added by the RBOT-WE WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System% | No |
| X | Windows Services | avsrv32.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| X | Windows Services | servicez.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Windows Services | w32edus.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Windows Services | w32service.exe | Added by the AUTORUN-FU WORM! | No |
| X | Windows Services | w32services.exe | Added by the AUTORUN-FT WORM! | No |
| X | Windows Services | winlogon.exe | Added by a variant of the IRCBOT BACKDOOR! Note - this is not the legitimate winlogon.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | Windows Services | winsysdll.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Windows Services | winsyssrv.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Windows Services | winudp.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| X | Windows Services Agant | regs32.exe | Added by the SDBOT-DIK WORM! | No |
| X | Windows Services Aganters | [10 random letters].exe | Detected by Trend Micro as the RBOT.CUN WORM! See here for an example | No |
| X | Windows Services B-Runner | svcbrun.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Windows Services B-Runner | svcbrunner.exe | Added by the IRCBOT.BYV BACKDOOR! | No |
| X | Windows Services Certification | svccert.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Windows Services Guide | svcguide.exe | Detected by Symantec as the SILLYIM WORM! See here | No |
| X | Windows Services Guide | svcguides.exe | Added by the SHEUR.YS BACKDOOR! | No |
| X | Windows Services Host | svchost.exe | Added by the CONE or CONE.E WORMS! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup! | No |
| X | Windows Services Hosts | svhosts.exe | Added by the SDBOT-YH TROJAN! | No |
| X | Windows Services Ink Platform Tablet Input Subsystem | wsiptis.exe | Added by the RBOT.APC WORM! | No |
| X | Windows Services Jog | svcjog.exe | Added by the AGENT.ALWZ WORM! | No |
| X | Windows Services Jog | svcjogg.exe | Added by the AGENT.QAF WORM! | No |
| X | Windows Services Joger | svcjoger.exe | Added by the RBOT.CAT WORM! | No |
| X | Windows Services Jogging | svcjogging.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Windows Services Joging | svcjoging.exe | Added by the IRCBOT.AVI BACKDOOR! | No |
| X | Windows Services Layer | winlogz2.exe | Added by the RBOT-FZE WORM! | No |
| X | Windows Services Layer | winl0g0.exe | Added by the RBOT-FZQ WORM! | No |
| X | Windows Services Layer | sslms.exe | Added by the RBOT-GAH WORM! | No |
| X | Windows Services M7 | ctfmon32.exe | Detected by Kaspersky as the AGENT.WOH TROJAN! See here | No |
| X | Windows Services Tower | svctowers.exe | Added by the IRCBOT.AGJ BACKDOOR! | No |
| X | Windows Services Tower | svctowing.exe | Added by a variant of the IRCBOT TROJAN! See here | No |
| X | Windows Services Update | svch0st.exe | Added by a variant of the RBOT WORM! Note - the filename has the digit 0 rather then the uppercase "o" | No |
| X | Windows Serviece Agents | [8 random letters].exe | Detected by Trend Micro as the AGENT.BHR TROJAN! See here for an example | No |
| X | Windows Servser | serviser.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Windows Session Manager | smss32.exe | Added by a variant of the RBOT WORM! | No |
| X | Windows Session Manager Subsystem | smss.exe | Added by the KALEL-B WORM! Note - this is not the legitimate smss.exe process which should NOT appear in Msconfig/Startup! | No |
| ? | Windows shell | win70.exe | ?? | No |
| X | Windows Shell | shell.exe | Added by the MYTOB-CA WORM! | No |
| X | Windows Shell | taskgmr.exe | Added by the MYTOB.BV WORM! | No |
| X | Windows Shell Library Loader | load shell.dll | CoolWebSearch parasite variant | No |
| X | windows shellext.32 | mschost.exe | Added by the BLASTER.K WORM! | No |
| X | WINDOWS SKY | sky.exe | Added by the MYTOB.CH WORM! | No |
| X | Windows Smart Manager | smart.exe | Added by the RBOT-SL WORM! | No |
| X | Windows smss service | service.exe | Added by the AGENT-FPY TROJAN! | No |
| X | Windows Socket Procedure | WinSock32.exe | Added by the RBOT-FMX WORM! | No |
| X | Windows Software | hbsppe.exe | Added by the RBOT-GLL WORM! | No |
| X | Windows Sound | svdhost.exe | Detected by PCTools as the RBOT.ABCC WORM! See here | No |
| X | Windows Sound Driver | SndMon32.exe | Added by a variant of the SPYBOT WORM! | No |
| X | Windows Sound Emulator | snd32_win.exe | Added by the ATNAS.A WORM! | No |
| X | Windows Sound Manager | SndMon32.exe | Added by the FORBOT-BU WORM! | No |
| X | Windows Sound Manager | SndMon16.exe | Added by a variant of the FORBOT WORM! | No |
| X | Windows Sound Verifier | WinIp32.exe | Added by the RBOT-FMO WORM! | No |
| X | Windows SP2 Firewall | wfirewall7.exe | Added by a variant of the RBOT WORM! | No |
| X | Windows SP2 Update | Sp2update.exe | Added by the WOOTBOT.BS WORM! | No |
| X | Windows SP2 Version Load | wuauclt32.exe | Added by the GAOBOT.CX WORM! | No |
| X | Windows SP4 | directCC.exe | Added by the RBOT-ACX WORM! | No |
| X | Windows Spool | winspool.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | Windows Spool Server | spoolsrv.exe | Added by the SDBOT-ACT WORM! | No |
| X | Windows SpoolaPrint Service | spoolasrv.exe | Added by the SDBOT-AYD WORM! | No |
| X | Windows Spooler | SPOOLSRV.EXE | Added by the SPYBOT.P WORM! | No |
| X | Windows Spooler | spoolsv32.exe | Added by an unidentified WORM or TROJAN! | No |
| X | Windows Spooler | winsplr.exe | Added by the SHEUR.ANX TROJAN! | No |
| X | Windows Spooler Services | spool.exe | Added by the AGOBOT-AMO WORM! | No |
| X | Windows SpoolPrint Service | spoolersrv.exe | Added by the SDBOT-ZT WORM! | No |
| X | Windows Spools SV | winsv.exe | Added by the RBOT-AUQ WORM! | No |
| X | Windows spoolservr Service | spoolservr.exe | Added by the SDBOT-AAN WORM! | No |
| X | Windows Spoolsre Service | spoolsre.exe | Added by the SDBOT-AAE WORM! | No |
| X | Windows Spoolsrv Service | spoolmsv.exe | Added by the SDBOT-ZS WORM! | No |
| X | windows spoolsrv service | spoolssv.exe | Added by the SDBOT-AWV WORM! | No |
| X | Windows Spoolsurf Service | spoolsurf.exe | Added by the SDBOT-ZZ WORM! | No |
| X | Windows SpooltPrint Service | spooltsrv.exe | Added by the SDBOT-AYE WORM! | No |
| X | Windows Spoolvvv Service | spoolvvv.exe | Added by the SDBOT-AAW WORM! | No |
| X | Windows spyware remover | Windows-spyware.exe | Added by the SystemPoser TROJAN! | No |
| X | Windows sq Drivers | winmsn32.exe | Added by the RBOT-ADI WORM! | No |
| X | Windows SQL management 1.33 | scvhost.exe | Added by the SPYBOT-OB WORM! | No |
| X | Windows Sql Service For Windows 32 Bit | winsql32.exe | Added by the FORBOT-FC WORM! | No |
| X | Windows SSH Client | winssh.exe | Added by the RBOT-AXC WORM! | No |
| X | Windows SSL File | winssv.exe | Added by the WOOTBOT.CA WORM! | No |
| X | Windows SSL Secondary Drivers | SSL32Dr.exe | Added by the SDBOT.ASQ WORM! | No |
| X | Windows Stand Sound Drivers | Sounddrv.exe | Added by the SDBOT-XF WORM! | No |
| X | Windows Standard Securty | [random 3-letter filename] | Added by the RBOT-ALF WORM! | No |
| X | Windows Start Server 2000 | traficy.exe | Added by the RBOT-AHM WORM! | No |
| X | Windows Startup | winsta~1.exe | GoHip foistware | No |
| X | Windows Startup | winstartup.exe | GoHip foistware | No |
| X | Windows Startup | Wdrun32.exe | Added by the GAOBOT.AO WORM! | No |
| X | Windows Startup | services21.exe | Added by the AGOBOT-MX WORM! | No |
| X | Windows Startup 32 Bits | sysrun32.exe | Added by a variant of the DARKSUN TROJAN! | No |
| X | Windows Storm-Memory Drivers | memorystorm.exe | Added by a variant of the IRCBOT TROJAN! See here | No |
| X | Windows Stortup | svchost.exe | Added by the TOGER-V TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder | No |
| X | Windows Streams Server | localsrv.exe | Added by the SDBOT.LN WORM! | No |
| X | Windows Subsys | winload.exe | Added by the NETSPREE.C WORM! | No |
| X | WINDOWS SVC | winsvc.exe | Added by the MYTOB-EY WORM! | No |
| X | Windows svchost | avserv.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| X | Windows svchost | ctfmon32.exe | Added by a variant of the SPYBOT WORM! See here | No |
| X | Windows svchost | happy2008.exe | Detected by Kaspersky as the IRCBOT.AYA BACKDOOR! See here | No |
| X | Windows svchost | service.exe | Detected by Kaspersky as the SDBOT BACKDOOR! See here | No |
| X | Windows svchost | serviceaaa.exe | Detected by Trend Micro as the LAMER.AA BACKDOOR! See here | No |
| X | Windows svchost | servicean.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Windows svchost | svchost.exe | Added by the IRCBOT-ZQ WORM! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | Windows svchost | ups.exe | Detected by McAfee as the PUSHBOT.A WORM! See here | No |
| X | Windows svchost | upss.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Windows Svchost Authority | slsass.exe | Added by the RBOT-UA WORM! | No |
| X | Windows Svshost Service Update 32 | svcsshost32.exe | Added by the FORBOT-GD WORM! | No |
| X | Windows SYN Control Center | winmnon32.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Windows SyncroAd | SyncroAd.exe | Windupdates adware variant | No |
| X | WINDOWS SYSTEM | beta.exe | Added by the MYTOB.DF WORM! | No |
| X | WINDOWS SYSTEM | dcomuser.exe | Added by the MYTOB.EO WORM! | No |
| X | WINDOWS SYSTEM | lf66prc.exe | Added by the MYTOB.GC WORM! | No |
| X | WINDOWS SYSTEM | msdev32.exe | Added by the MYTOB.EH WORM! | No |
| X | WINDOWS SYSTEM | nec.exe | Added by the MYTOB-L WORM and variants! | No |
| X | WINDOWS SYSTEM | nibie.exe | Added by the MYTOB-BY WORM! | No |
| X | WINDOWS SYSTEM | ninfoie.exe | Added by the MYTOB-EP WORM! | No |
| X | WINDOWS SYSTEM | skybot.exe | Added by the MYTOB-CX WORM! | No |
| X | WINDOWS SYSTEM | skybotx.exe | Added by the MYTOB-BY WORM! | No |
| X | WINDOWS SYSTEM | smoc.exe | Added by the MYTOB.FU WORM! | No |
| X | WINDOWS SYSTEM | smsc.exe | Added by the MYTOB-BR WORM! | No |
| X | WINDOWS SYSTEM | test.exe | Added by the MYTOB.DJ WORM! | No |
| X | WINDOWS SYSTEM | test2.exe | Added by the MYTOB.DJ WORM! | No |
| X | WINDOWS SYSTEM | test3.exe | Added by the MYTOB.DV WORM! | No |
| X | WINDOWS SYSTEM | wdns33.exe | Added by the MYTOB-BY WORM! | No |
| X | WINDOWS SYSTEM | win.exe.exe | Added by the MYTOB.FA WORM! | No |
| X | WINDOWS SYSTEM | winaup.exe | Added by the MYTOB-DN WORM! | No |
| X | WINDOWS SYSTEM | winligon.exe | Added by the MYTOB.EP WORM! | No |
| X | WINDOWS SYSTEM | winmon.exe | Added by the MYTOB.GB WORM! | No |
| X | WINDOWS SYSTEM | winNTsys32.exe | Added by the MYTOB-DM WORM! | No |
| X | WINDOWS SYSTEM | winsvc32.exe | Added by the MYTOB.HH WORM! | No |
| X | Windows System | WINSYS.exe | Added by the RBOT-AEF WORM! | No |
| X | WINDOWS SYSTEM | winsys33.exe | Added by the MYTOB.EK WORM! | No |
| X | WINDOWS SYSTEM | winvnc.exe | Added by the MYTOB.EU WORM! | No |
| X | WINDOWS SYSTEM | winxpserv.exe | Added by the MYTOB-BQ WORM! | No |
| X | WINDOWS SYSTEM | xxx.exe | Added by the MYTOB.CZ WORM! | No |
| X | Windows System | winsys32.exe | Added by the MYTOB-IS WORM! | No |
| X | WINDOWS SYSTEM | skybot.exe | Added by the MYTOB.JU WORM! | No |
| X | WINDOWS SYSTEM | botzor.exe | Added by the ZOTOB WORM! | No |
| X | WINDOWS SYSTEM | gothica.exe | Added by the MYTOB.HU WORM! | No |
| X | WINDOWS SYSTEM | msnl.exe | Added by the MYTOB.IK WORM! | No |
| X | WINDOWS SYSTEM | per.exe | Added by the ZOTOB.C WORM! | No |
| X | WINDOWS SYSTEM | twunk_65.exe | Added by the MYTOB-EG WORM! | No |
| X | WINDOWS SYSTEM | servce.exe | Added by the MYTOB-EI WORM! | No |
| X | WINDOWS SYSTEM | servises.exe | Added by the ZOTOB-I WORM! | No |
| X | WINDOWS SYSTEM | xpupdate.exe | Added by the ZOTOB-G WORM! | No |
| X | WINDOWS SYSTEM | expI0rer.exe | Added by the MYTOB-FI WORM! Note the upper case "i" and number "0" in the filename | No |
| X | WINDOWS SYSTEM | msn32.exe | Added by the MYTOB-FX WORM! | No |
| X | WINDOWS SYSTEM | sky.exe | Added by the MYTOB.LB WORM! | No |
| X | WINDOWS SYSTEM | Win32IMAPSVR.exe | Added by the MYTOB-FQ or MYTOB-FU WORMS! | No |
| X | WINDOWS SYSTEM | winsvc.exe | Added by the MYTOB.LM WORM! | No |
| X | WINDOWS SYSTEM | mswins.exe | Added by the MYTOB.DP WORM! | No |
| X | WINDOWS SYSTEM | mtrnqs.exe | Added by the MYTOB.IG WORM! | No |
| X | WINDOWS SYSTEM | logic.exe | Added by the MYTOB.IC WORM! | No |
| X | WINDOWS SYSTEM | ctech.exe | Added by the MYTOB-KD WORM! | No |
| X | WINDOWS SYSTEM | efefefe.exe | Added by the MYTOB-KH WORM! | No |
| X | Windows System 32 | winsys_32.exe | Added by the RBOT-FTR WORM! | No |
| X | Windows System 32-Bat Service | win32bat.exe | Added by the MYTOB.FI WORM! | No |
| X | Windows System Backup | SysBackup.exe | Unidentified malware | No |
| X | WINDOWS SYSTEM By FEnR | windasz-updote.exe | Added by the MYTOB.LR WORM! | No |
| X | WINDOWS SYSTEM Cleaner | h3.exe | Added by the MYTOB.EQ WORM! | No |
| X | WINDOWS SYSTEM CLEANER | iexplore.exe | Added by the MYTOB.ET WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System% | No |
| X | Windows System Configuration | SYSCFG16.EXE | Added by the WISDOOR-K TROJAN! | No |
| X | Windows System Configuration | Passcfg16.exe | Added by the DOMWIS-E TROJAN! | No |
| X | Windows System Configuration | Winfrw.exe | Added by the SOLUFINA TROJAN or the DOMWIS-J WORM! | No |
| X | Windows System Configuration | wincfg.exe | Added by the AGOBOT.OP WORM! | No |
| X | Windows System Configuration | WINCFG32.EXE | Added by the AGOBOT-TE WORM! | No |
| X | Windows System Configuration | WinNeth.exe | Added by the RETHE-A WORM! | No |
| X | Windows System Configuration | nether.exe | Added by the OPANKI-AB WORM! | No |
| X | WINDOWS SYSTEM Dns | windsns.exe | Added by the MYTOB.EY WORM! | No |
| X | WINDOWS SYSTEM DNSPOOL | hbmail.exe | Added by the MYTOB.FW WORM! | No |
| X | Windows System Drivers | sysretain.exe | Added by a variant of the IRCBOT TROJAN! See here | No |
| X | Windows System File | cmxp.exe | Added by the SPYBOT.KHO WORM! | No |
| X | WINDOWS SYSTEM FILE | winload.exe | Added by the MYTOB.DK WORM! | No |
| X | Windows System Gateway | SPOOLER.EXE | Added by a variant of the RBOT WORM! | No |
| X | Windows System Init | winit32.exe | Added by a variant of the RBOT WORM! | No |
| X | Windows System Manager | winsystem.exe | Added by the RBOT-AN WORM! | No |
| X | Windows System Manager | CRSL.EXE | Added by the SDBOT.MG WORM! | No |
| X | Windows System Manager | sysconf.exe | Added by the MYTOB.AL WORM! | No |
| X | Windows System Manager | smsc.exe | Added by a variant of the RBOT WORM! | No |
| X | Windows System Manager | crssm.exe | Added by the RBOT-AFH WORM! | No |
| X | WINDOWS SYSTEM MANAGER | spoolsvc.exe | Added by the MYTOB-LY WORM! | No |
| X | Windows System Manager | winsysmgr.exe | Added by the IRCBOT.BJG BACKDOOR! | No |
| X | Windows System Manager Loader | smsls.exe | Added by the AGOBOT.TF WORM! | No |
| X | Windows System Manager Proc | winsmc.exe | Added by the RBOT.JH WORM! | No |
| X | WINDOWS SYSTEM MEMORY LOADER | memloader.exe | Added by the MYTOB-IN WORM! | No |
| X | WINDOWS SYSTEM mscdvvs | mscdvvs.exe | Added by the MYTOB.MD WORM! | No |
| X | windows system notepad | wnpsm.exe | Added by a variant of the RBOT WORM! | No |
| X | Windows System Restore Configuration | Sblhost.exe | Added by a variant of the SPYBOT WORM! | No |
| X | Windows System Restorer | SystemRestorer.exe | Added by the DULOAD.C WORM! | No |
| X | WINDOWS SYSTEM SCALPE | scalpe91.exe | Added by the MYTOB-HI WORM! | No |
| X | Windows System Security | winmp.exe | Added by the RBOT.IV WORM! | No |
| X | Windows System Security | sys32.pif | Added by the RBOT-AOL WORM! | No |
| X | Windows System Security Monitor | [4 random letters].exe | Added by the PINKTON.A WORM! | No |
| X | Windows System Serivce | winserv.exe | Added by the RBOT.ACA WORM! | No |
| X | windows system service | winsock.exe | Added by the RBOT-MR WORM! | No |
| X | Windows System Service | wnuserv.exe | Added by the SPYBOT.ANDM WORM! | No |
| X | Windows System Service | [worm filename] | Added by the RBOT.XG WORM! | No |
| U | Windows System Tray | msni.exe | Iambigbrother monitoring software | No |
| X | Windows System Tray | swhost.exe | Added by an unidentified VIRUS, WORM or TROJAN! | No |
| X | WINDOWS SYSTEM UPDATE | xDcc.exe | Added by the MYOTB-EH WORM! | No |
| X | Windows System Update Tools | upds.exe | Added by the VANBOT.CX BACKDOOR! | No |
| X | Windows System-Control Drivers | syscontrl.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Windows System32 | windowsp.exe | Added by the MYTOB.GD WORM! | No |
| X | Windows System32 | winsys32.exe | Added by the SDBOT-AHS WORM! | No |
| X | Windows System32 | clsas32.exe | Added by the RBOT-AZO WORM! | No |
| X | Windows System32 | explorer.exe | Added by the OPANKI-V WORM! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is also copied to %System% | No |
| X | Windows System32 | System32.exe | Added by the SDBOT-ALI WORM! | No |
| X | Windows SYSTEM32 | Realplayer.exe | Added by the SPYBOT.ZH WORM! | No |
| X | Windows System32 | wingrd32.exe | Added by a variant of the RBOT WORM! | No |
| X | Windows System32 Driver | clsass32.exe | Added by the SDBOT-AGG WORM! | No |
| X | Windows System32 Kernel | system32.exe | Added by the SDBOT-AAT WORM! | No |
| X | WINDOWS SYSTEMn | servicces.exe | Added by the MYTOB-EL WORM! | No |
| X | Windows Systemnmg | stagmr.exe | Added by the MYTOB.S WORM! | No |
| X | Windows Systems16 | winjews16.exe | Added by a variant of the SDBOT WORM! | No |
| X | Windows SYStry | spoolsvr.exe | Added by the SDBOT.GN BACKDOOR! | No |
| X | Windows SYStry | systry.exe | Added by the SDBOT-E WORM! | No |
| X | Windows Sz Host | winshvc.exe | Added by a variant of the SDBOT WORM! | No |
| X | Windows Task Manager | ACCOUNT_DETAILS.DOC.exe | Added by the QUATERS.A WORM! | No |
| X | Windows Task Manager | taskmgn.exe | Unidentified malware, either a variant of the RBOT WORM or part of a Casino Palazzo foistware install | No |
| X | Windows Task Manager | taskmrg.exe | Added by the MYTOB.AV WORM! | No |
| X | Windows Task Manager | taskgmr.exe | Added by the MYTOB.BJ WORM! | No |
| X | Windows Task Manager | taskmg.exe | Browser hijacker - identified by DrWeb antivirus as "Trojan.StartPage.601" | No |
| X | Windows Task Manager | taskmngr.exe | Added by the RBOT-ANM WORM! | No |
| X | Windows Task Manager Emulator | kennewr.exe | Added by the SPYBOT-FA WORM! | No |
| X | Windows Task Mgr | mstasks.exe | Added by the IRCBOT.UN BACKDOOR! | No |
| X | Windows Task Mgr! | mstasker.exe | Added by the IRCBOT.OE BACKDOOR! | No |
| X | Windows Task Scheduler | asijdie.exe | Added by an unidentified WORM or TROJAN! | No |
| X | Windows Task Service (32-bits) | tasksys.exe | Added by the DREFIR.D WORM! | No |
| X | Windows TaskAd | Wintaskad.exe | Windupdates adware variant | No |
| X | Windows Taskbar Manager | internat.exe | Added by the PROTORIDE-H WORM! | No |
| X | Windows Taskbar Manager | [path to file] | Added by the PROTORIDE.B WORM! | No |
| X | Windows Taskbar System | tasksys.exe | Added by a variant of the SDBOT WORM! | No |
| X | Windows Taskmanager | lsassx.exe | Added by the KELVIR.E WORM! | No |
| X | Windows Taskmanager | winpifviewer.exe | Added by a variant of the IRCBOT TROJAN! See here | No |
| X | Windows Taskmanager | iexplorer.exe | Added by a variant of the IRCBOT BACKDOOR! See here. Note - this is not the legitimate Internet Explorer (iexplore.exe) | No |
| X | Windows Taskmanager | service.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Windows Taskmanager | svchost.exe | Added by the IMBOT.AC WORM! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | Windows Taskmanager | taskmrg.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Windows Taskmanager | taskngr.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| X | Windows Taskmanager | tskmngr.exe | Detected by Kaspersky as the IRCBOT.DHR BACKDOOR! See here | No |
| X | Windows Taskmanager | wdtsvc.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Windows Taskmanager | winpifviewer.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Windows Taskmanager | winrl.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Windows Taskmanager Data | csrrss.exe | Added by the RBOT-BBH WORM! | No |
| X | Windows TCP/IP | wintcp.exe | Added by the AGOBOT-ZH WORM! | No |
| X | Windows Telnet Server | wintel.exe | Added by the AGOBOT-MW WORM! | No |
| X | Windows Temperate Services | wintmp.exe | Detected by Trend Micro as the SLENFBOT.AT WORM! See here | No |
| X | Windows Terminal Manager | rmbsvc.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | Windows Time | tmservice.exe | Added by a variant of the RBOT-YK WORM! | No |
| X | Windows Time | winmgr.exe | Added by the RBOT-XC WORM! | No |
| X | Windows Time Server | TimeSRV.exe | Added by the SPYBOT.DNC WORM! | No |
| X | Windows Time Service Diagnostic Tool | winscrvs.exe | Detected by Trend Micro as the RBOT.FTV BACKDOOR! See here | No |
| X | Windows TM | SVPHOST.exe | Added by a variant of the RBOT WORM! | No |
| X | Windows TM | rundlI32.exe | Added by a variant of the RBOT WORM! | No |
| X | Windows TM | windowssys32.exe | Added by a variant of the RBOT WORM! | No |
| X | Windows TM | WinxSys.exe | Added by a variant of the RBOT WORM! | No |
| X | Windows Tracking Client | ctwsvc.exe | Added by the AGENT-GMB TROJAN! | No |
| X | Windows UDP Control | winudspm.exe | Added by a variant of the SDBOT WORM! See here | No |
| X | Windows UDP Control Center | auth.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Windows UDP Control Center | ehSched.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Windows UDP Control Center | fxstaller.exe | Added by the AGENT-IEE TROJAN! | No |
| X | Windows UDP Control Center | installer.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| X | Windows UDP Control Center | msnmngs.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Windows UDP Control Center | msnpd.exe | Detected by Kaspersky as the SDBOT.EBA BACKDOOR! See here | No |
| X | Windows UDP Control Center | mswinudpmgr32.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Windows UDP Control Center | scvhost.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| X | Windows UDP Control Center | taksmrg.exe | Detected by Kaspersky as the AGENT.WOH TROJAN! See here | No |
| X | Windows UDP Control Center | tmps.exe | Detected by Kaspersky as the SDBOT.EBA BACKDOOR! See here | No |
| X | Windows UDP Control Center | winlive32.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Windows UDP Control Center | winmsn.exe | Detected by Kaspersky as the SDBOT.EBA BACKDOOR! See here | No |
| X | Windows UDP Control Center | winrofl32.exe | Added by the LDPINCH-RZ TROJAN! | No |
| X | Windows UDP Control Center | winudpmg.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Windows UDP Control Center | winudpmgr.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Windows UDP Control Center | winudpmgrs.exe | Detected by Trend Micro as the DROPPER.CMV TROJAN! See here | No |
| X | Windows UDP Control Center | winudpmsgr.exe | Detected by Trend Micro as the SDBOT.GAV WORM! See here | No |
| X | Windows UDP Control Center | winupmgr.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Windows UDP Control Center | winuscn32.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Windows UDP Control Center | wksvcsc.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Windows UDP Control Manager | winudpmgr.exe | Added by a variant of the SPYBOT WORM! See here | No |
| X | Windows UDP Control Services | wksvcsc.exe | Added by the ANTIAV-C TROJAN! | No |
| X | Windows Upate | rundll.exe | Added by the HAKO TROJAN! Note - this is NOT the Windows system file of the same name as described here | No |
| X | Windows Update | [filename] | Added by the NORIO TROJAN! Acts as a hi-jacker redirecting to adult content sites | No |
| X | Windows Update | iexplorere.exe | Added by the GAOBOT.AP WORM! | No |
| X | windows update | uddater.exe | Added by the LEOX TROJAN! | No |
| X | Windows Update | wudate.exe | Added by the AGOBOT.ML WORM! | No |
| X | Windows Update | wupdate.exe | Wengs adware | No |
| X | windows update | sychost.exe | Added by the LEOX.B WORM! | No |
| X | Windows Update | Wuamgrd.exe | Added by a variant of the SPYBOT WORM! | No |
| X | Windows Update | inetinf.exe | Added by a variant of the AGOBOT/GAOBOT WORM! | No |
| X | Windows Update | WindowsUpdate.exe | Added by the BAYROB-A TROJAN! | No |
| X | Windows Update | host32.exe | Added by the RBOT-GU WORM! | No |
| X | windows update | wuraclt.exe | Added by the RBOT-PO WORM! | No |
| X | windows update | Wuanclt.exe | Added by the RBOT.XZ WORM! | No |
| X | Windows Update | svchosts.exe | Added by the FRUCTA TROJAN! | No |
| X | Windows Update | ebay.exe | Added by the GAOBOT.BUU WORM! | No |
| X | Windows Update | windows.exe | Added by the RBOT-RB WORM! | No |
| X | windows update | wuaurlt.exe | Added by the RBOT.ADG WORM! | No |
| X | Windows Update | Update.exe | Added by the DELF-FN TROJAN! | No |
| X | Windows Update | winmguard.exe | Added by the RBOT-EM WORM! | No |
| X | Windows Update | wuampd.exe | Added by the RBOT.UM WORM! | No |
| X | windows update | wuarclt.exe | Added by the RBOT-OF WORM! | No |
| X | Windows Update | winupdate.exe | Added by the SDBOT-WS WORM! | No |
| X | Windows Update | msnwinsb.exe | Added by the RBOT-AAH WORM! | No |
| X | Windows Update | scvhost.exe | Added by the SDBOT-XT WORM! | No |
| X | windows update | Microsoft.exe | Added by the LMIR.A TROJAN! | No |
| X | Windows Update | mplupdate.exe | Added by the MOEGA WORM! | No |
| X | windows update | msnsever.exe | Added by the RBOT-AHN WORM! | No |
| X | Windows Update | taskmr.exe | Added by the MYTOB-GZ WORM! | No |
| X | Windows Update | update32.exe | Added by a variant of the RBOT WORM! | No |
| X | Windows Update | wininfo.exe | Added by the MYTOB.GA WORM! | No |
| X | Windows Update | winlogin.exe | Added by the BANKER-DV TROJAN! | No |
| X | Windows Update | msnupdates.exe | Added by the RBOT-ALK WORM! Note - this file has nothing to do with Windows updates or MSN | No |
| X | Windows Update | qtask.exe | Added by the RBOT-AKU WORM! Note - do not confuse with the Quicken file of the same name as described here | No |
| X | windows update | real.exe | Added by the LEGMIR-AU WORM! | No |
| X | Windows Update | windowsx.exe | Added by the BANCD-A TROJAN! | No |
| X | Windows update | wudupdate.exe | ISTBar adware related | No |
| X | Windows Update | wupdmgr.exe | Added by the BANCBAN-FC TROJAN and variants! | No |
| X | Windows Update | csrss.exe | Added by the BANKER-HM TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | Windows Update | msnsupdate.exe | Added by the RBOT-AXS WORM! | No |
| X | Windows Update | XPLoogNT.exe | Added by the BANCD-B TROJAN! | No |
| X | Windows Update | install.exe | Added by the BANKER-IB TROJAN! | No |
| X | Windows Update | msi.exe | Added by the BANKER-XB TROJAN! | No |
| X | Windows Update | Sqltob.exe | Added by the DASHER.A WORM! | No |
| X | windows update | logonuit.exe | Added by the LEGMIR-AO TROJAN! | No |
| X | Windows Update | avkir.exe | Added by the RBOT-GJP WORM! | No |
| X | Windows Update | easypwnt.exe | Added by a variant of the SDBOT WORM! | No |
| X | Windows Update | MSDEVS30.exe | Added by the SPYBOT.AHC WORM! | No |
| X | Windows Update | SecretStub.exe | Added by the SRAMLER.C WORM! | No |
| X | Windows Update | Winload.exe | Added by the DEDMIR-A WORM! | No |
| X | Windows Update | taskngr.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Windows Update | usnsvc.exe | Added by the KOBOT-C WORM! | No |
| X | Windows Update | win32update.exe | Detected by PCTools as the SDBOT.FTK WORM! See here | No |
| X | Windows Update | livesrvs.exe | Added by a variant of the RBOT WORM! | No |
| X | Windows Update | McAfee.exe | Added by a variant of the IRCBOT BACKDOOR! See here. Note - this is not a valid McAfee program | No |
| X | Windows Update | McAfee3.exe | Added by an unidentified WORM or TROJAN! See here | No |
| X | Windows Update | msconfig32.exe | Added by a variant of the SPYBOT WORM! See here | No |
| X | Windows Update | msnsa32.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Windows Update | scrigz.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| X | Windows Update | winsc.exe | Detected by Kaspersky as the BUZUS.RYI TROJAN! See here | No |
| X | Windows update 2005 | [random filename] | Added by the RBOT.ARP WORM! | No |
| X | Windows Update 32 | winlogons.exe | Added by the FORBOT-FI WORM! | No |
| X | Windows Update 32 | rempss.exe | Added by the FORBOT-FW WORM! | No |
| X | Windows Update 32 | slsys.exe | Added by a variant of the FORBOT WORM! | No |
| X | Windows Update 63 | shupd64.exe | Added by the FORBOT-GA WORM! | No |
| X | Windows Update 64 | nbupd64.exe | Added by a variant of the FORBOT WORM! | No |
| X | Windows Update 64 | WinV.exe | Added by the FORBOT-FP WORM! | No |
| X | Windows Update Auto Update | wuaumgr.exe | Added by a variant of the SPYBOT WORM! | No |
| X | Windows Update Automation | winuptdate.exe | Added by a variant of the RBOT WORM! | No |
| X | Windows Update AutoUpdate Client | waucult.exe | Added by a variant of the RBOT WORM! | No |
| X | Windows Update AutoUpdate Client | wuauclt.exe | Added by the LAZAR.B TROJAN! Note - this is not the legitimate wuauclt.exe process, which should not appear in Msconfig/Startup! | No |
| X | Windows Update AutoUpdate Client Product | wuauct.exe | Added by the AGOBOT.ACL WORM! | No |
| X | Windows Update Center | svthx.exe | Added by the STUBBOT.A WORM! | No |
| X | Windows Update Center | W32RSA.exe | Added by an unidentified WORM or TROJAN! | No |
| X | Windows Update Check | syslodr.exe | Added by the SMALL.LU TROJAN! | No |
| X | Windows Update Checker | [random filename] | Adware downloader trojan | No |
| X | Windows Update Checker | msupdte32.exe | Added by the SDBOT-AEF WORM! | No |
| X | Windows Update Checker | deinst_qfe001.exe | Added by a variant of the Win32.Small TROJAN! | No |
| X | Windows Update Checker | deinst_qfe002.exe | Added by a variant of the Win32.Small TROJAN! | No |
| X | Windows Update Client | wuclient.exe | Added by the SMALL-RN TROJAN! | No |
| X | Windows Update Client Service | windrvl32.exe | Added by the AGOBOT-MM TROJAN! | No |
| X | Windows update config | svhost.exe | Added by the SDBOT-PF WORM! | No |
| X | windows update configurator | svghost.exe | Added by a variant of the SPYBOT WORM! | No |
| X | Windows Update Controller | mwoffice.exe | Added by the BATTRY-A TROJAN! | No |
| X | Windows Update Draven | draven.exe | Added by a variant of the SDBOT WORM! | No |
| X | Windows Update Drive | updrvs.exe | Added by a variant of the SDBOT WORM! | No |
| X | Windows Update Files | dnetc.exe | Added by an unidentified VIRUS, WORM or TROJAN! Note - wupdmgr.exe is the real Windows Update | No |
| X | Windows Update Firewall System | ctfmoom.exe | Added by the RBOT-GAN WORM! | No |
| X | Windows Update Firewall System | winmsfw.exe | Added by the RBOT-EEO WORM! | No |
| X | Windows Update GUI Executable x32x | wupdategux32.exe | Added by the RBOT.CXY WORM! | No |
| X | Windows Update Host | winupsvc.exe | Added by a variant of the SDBOT WORM! | No |
| X | Windows Update IPv6 Layer | WIN32IPV6.EXE | Added by the RBOT.DUD WORM! | No |
| X | Windows update loader | xpupdate.exe | Added by the BRAVE-A TROJAN! | No |
| X | Windows Update Manager | wupdmngr.exe | Added by the RANDEX.BTB WORM! | No |
| X | Windows Update Manager | Winlog0n.exe | Added by the AGENT-BO TROJAN! | No |
| X | Windows Update Manager | wupdate.exe | Added by a variant of the RBOT WORM! | No |
| X | Windows Update Manager | bootwiz.exe | Added by the MYBOT WORM! | No |
| X | Windows Update Manager | WindowsUpdateManager.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | Windows Update Manager for NT | wupdmgr32.exe | Added by the SDBOT.AH WORM! | No |
| X | Windows Update Monitoring Service | winupdt.exe | Added by the RBOT-PL WORM! | No |
| X | Windows Update Process | wmiprvsc.exe | Added by the SDBOT-CB WORM! | No |
| X | Windows Update Service | csrs.exe | Added by the AGOBOT-NI WORM! | No |
| X | Windows Update Service | smcg.exe | Added by the SDBOT.QY WORM! | No |
| X | Windows Update Service | SP00ISS.exe | Added by the SDBOT-ZH WORM! | No |
| X | Windows Update Service | update32.pif | Added by the RBOT-ALC WORM! | No |
| X | Windows Update Service | trest.exe | Identified by BitDefender as a variant of the PEED TROJAN! | No |
| X | Windows Update Service | wmiprvse32.exe | Added by the AGOBOT.NI WORM! | No |
| X | Windows Update Service 2004/2005 | systemupdate.exe | Added by the RBOT-JE WORM! | No |
| X | Windows Update services | wins32svcs.exe | Added by a variant of the RBOT WORM! | No |
| X | Windows Update Services | winupdate32.exe | Added by a variant of the RBOT WORM! | No |
| X | Windows Update Software | system.exe | TOFGER.BX spyware | No |
| X | Windows Update Svc | xpuupdate.exe | Added by the AGENT.BTF TROJAN! Note - installs "ContraVirus", a misleading spyware remover using false positives as goad to purchase - see here | No |
| X | Windows Update System | mswins.exe | Added by the IRCBOT.DN WORM! | No |
| X | Windows Update System Shell | svhostcs32.exe | Added by the RBOT-AAZ WORM! | No |
| X | Windows Update V6 | [random filename] | Added by the RBOT-KT WORM! | No |
| X | Windows Update.exe | N/A | Homepage hijacker | No |
| X | Windows Updated | spoolsae.exe | Added by the RBOT-APM WORM! | No |
| X | Windows Updated | updatr.exe | Added by the RBOT-AYB WORM! | No |
| X | Windows Updater | wupdmgr32.exe | Added by a variant of the DOS.AUTOCAT TROJAN! | No |
| X | Windows Updater | iexplorerrs.exe | Added by the RBOT-TN WORM! | No |
| X | Windows Updater | svigost.exe | Added by the RBOT-VS WORM! | No |
| X | Windows Updater | wupdate.exe | Added by the WOOTBOT.AJ WORM! | No |
| X | Windows Updater | sdsys.exe | Added by the FORBOT-JG WORM! | No |
| X | Windows Updater Online | winupdatexx.exe | Added by a variant of the RBOT WORM! | No |
| X | Windows Updater Servc | xpuupdate.exe | Added by the AGENT.BTF TROJAN! Note - installs "ContraVirus", a misleading spyware remover using false positives as goad to purchase - see here | No |
| X | Windows Updater Service Manager | winupdatr.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| X | Windows Updater Services | msnupdate.exe | Added by a variant of the RBOT WORM! | No |
| X | Windows Updates | lsassx.exe | Added by a variant of the SDBOT WORM! | No |
| X | Windows Updates | winupd32.exe | Added by the MYTOB.CE WORM! | No |
| X | Windows Updates | w32dns.exe | Added by the SDBOT-BFW WORM! | No |
| X | Windows Updates Agent | winupdate.exe | Detected by Trend Micro as the SPYBOT.HW WORM! See here | No |
| X | Windows Updating Service | updating.pif | Added by the RBOT-ALW WORM! | No |
| X | Windows Updtee Mgnr | W1NT45K.exe | Added by the MYTOB.DC WORM! | No |
| X | Windows USB 2.0 Driver | usbtskmgr.exe | Added by the RBOT-BKG WORM! | No |
| X | Windows USB 2.0 Driver | usb2ctrl.exe | Added by the RBOT-BIW WORM! | No |
| X | Windows USB Control Driver | iexplore.exe | Added by a variant of the IRCBOT BACKDOOR! See here. Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | Windows USB controler | winusb.exe | Added by the RBOT-HR WORM! | No |
| X | Windows USB Driver Support | Windowsusb.exe | Added by a variant of the SPYBOT WORM! | No |
| X | Windows USB Monitor | servupdate.exe | Detected by Trend Micro as the IRCBRUTE.AQ TROJAN! See here | No |
| X | Windows USB Printer | exe.exe | Added by a variant of the RBOT WORM! | No |
| X | Windows USB Printer | unqgod.exe | Detected by Trend Micro as the RBOT.BKC TROJAN! See here | No |
| X | Windows USB Printer | xqteby.exe | Added by a variant of the SPYBOT WORM! See here | No |
| X | Windows USB Service | 666.exe | Added by the MYTOB.AR WORM! | No |
| X | Windows USB v3 | wsvc.exe | Added by a variant of the SDBOT WORM! | No |
| X | Windows USBD | msifirewall.exe | Added by an unidentified WORM or TROJAN! | No |
| X | Windows User Mode Driver Manager | wdfmrg.exe | Added by the SDBOT-ZN WORM! | No |
| X | Windows User Starter | winuser32.exe | Added by the RBOT.SN WORM! | No |
| N | Windows Version Check | ver_chk.exe | Version checker for CyberAudioLibrary - "a new way to exchange information through the Internet" | No |
| X | Windows Version Service | sysvers.exe | Added by a variant of the IRCBOT TROJAN! See here | No |
| X | Windows video | vide_32.exe | Added by a variant of the AGOBOT/GAOBOT WORM! | No |
| X | Windows Video Acquisition (WVA) | wvsvc.exe | Added by the AGOBOT.YM WORM! | No |
| X | Windows Video Component | wvcsvc.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | Windows Video Drivers | videons32.exe | Added by the GAOBOT.AZT WORM! | No |
| X | Windows Video Input | viwsvc.exe | Detected by Kaspersky as the SUURCH.CG TROJAN! See here | No |
| X | Windows Virtual Services | winvirtual.exe | Detected by Trend Micro as the SLENFBOT.V WORM! See here | No |
| X | Windows Virtual Services | winvirtual32.exe | Detected by Trend Micro as the SLENFBOT.U WORM! See here | No |
| X | Windows Virus Control | plou.exe | Added by the SDBOT-ACZ WORM! | No |
| X | Windows Virus Scanner | winvsvc.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Windows Vista Corparation Agent Services | winxp_sp3.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | Windows Volume Control | ongsvc.exe | Added by a variant of the IRCBOT TROJAN! See here | No |
| X | Windows Web Services | localsvc.exe | Added by the DLOADER-NY TROJAN! | No |
| X | Windows Web Services | netsvc.exe | Added by the DLOADER-NY TROJAN! | No |
| X | Windows Web Services | spoolsvc.exe | Added by the DLOADER-NY TROJAN! | No |
| X | Windows Web Services | svcadmin.exe | Added by the DLOADER-NY TROJAN! | No |
| X | Windows Web Services | svcman.exe | Added by the DLOADER-NY TROJAN! | No |
| X | Windows Web Services | svcrun.exe | Added by the DLOADER-NY TROJAN! | No |
| X | Windows Web Services | tcpsvc.exe | Added by the DLOADER-NY TROJAN! | No |
| X | Windows Web Services | websvc.exe | Added by the DLOADER-NY TROJAN! | No |
| X | Windows Winhlp32 Stub Service | winhlp32.pif | Added by the AIMBOT.AH TROJAN! | No |
| X | Windows WKS | wsass.exe | Added by the SDBOT-DK WORM! | No |
| X | Windows WKS Services | wkssvr1.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Windows WMF Fix | winfix.exe | Added by the RBOT-FTQ WORM! | No |
| X | Windows Workstation | mpci.exe | Added by a variant of the RBOT WORM! | No |
| X | Windows Workstation | msup32a.exe | Added by a variant of the SDBOT WORM! | No |
| X | Windows Workstation Service | explore.exe | Added by unknown malware | No |
| X | Windows Workstation Service | wkssvc.exe | Added by the IRCBOT-AAI WORM! | No |
| X | Windows Workstation Service (32-bits) | wkssvc32.exe | Added by a variant of the SDBOT WORM! | No |
| X | Windows Workstation Service [5.1-2600] | windrm.exe | Added by the RBOT-CNY WORM! | No |
| X | Windows Workstation Start Service | mslanmgr.exe | Added by a variant of the RBOT WORM! | No |
| X | Windows Xp | nortonguard.exe | Added by the MYTOB-DZ WORM! | No |
| X | Windows xp | Wins.exe | Detected by Trend Micro as the RBOT.VH TROJAN! See here | No |
| X | Windows XP Automatic Update | wXPupdate.exe | Added by the RBOT-AFC WORM! | No |
| X | Windows Xp Service Pack 2 | svchost.exe | Added by the XPLOS-A TROJAN! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup! | No |
| X | Windows XP SP2 KeyGen | Windows XP SP2 KeyGen.exe | Added by the TIBICK-C WORM! | No |
| X | Windows Zero Spooler | nmvcs.exe | Detected by Kaspersky as the IRCBOT.ALO TROJAN! See here | No |
| X | Windows�Updates | Update.exe | Detected by Kaspersky as the RBOT.TRA BACKDOOR! See here | No |
| X | Windows-System | System32.exe | Added by the LOGPOLE.C WORM! | No |
| X | Windows-TCP-IP | rfkampig.exe | Added by the GIPMA TROJAN! | No |
| X | Windows-XP-Service-Pack | xpspz.exe | Added by the SDBOT-AAC WORM! | No |
| X | windows16 | windows16.exe | Added by the VB-XU TROJAN! | No |
| X | Windows32 | rundll.exe | Added by the AGOBOT-LK or AGOBOT-ND WORMS! Note - this is NOT the Windows system file of the same name as described here | No |
| X | windows32 | windows32.exe | Added by the VB-XU TROJAN! | No |
| X | Windows32 | wuuaclt.exe | Added by the BRATLE.B WORM! | No |
| X | Windows32 | win.exe | Added by the AOGBOT-KN WORM! | No |
| X | Windows32 | system.exe | Unknown malware | No |
| X | Windows32 Configuration Loader | msrf32.exe | Added by the SDBOT-ABX WORM! | No |
| X | Windows32 Messenger Service | msmsgv.exe | Added by the RBOT.ANS WORM! | No |
| X | Windows32 Net Database | msnd32.exe | Added by the RBOT-AAL WORM! | No |
| X | Windows32 Serivces | winser32.exe | Added by the SPYBOT.AAF WORM! | No |
| X | WindowsACEbar | acebarupdate.exe | BarACE adware | No |
| X | WindowsAgent | WindowsAgent.exe | Added by the GOP.G WORM! | No |
| X | WindowsAgent | sysexhook.exe | Added by the GOP keyboard logger/TROJAN! | No |
| X | WindowsAPI.DLL | Server5.exe | Added by the "Fear and Hope" TROJAN! | No |
| X | WindowsAudio | systemupd.exe | Added by the AGENT-TH WORM! | No |
| X | WindowsBackup | WINDOWSBACKUP.EXE | Added by the STANG WORM! | No |
| X | WindowsBool | aimplg.exe | Added by the SDBOT-CNG WORM! | No |
| X | WindowsCRC | wscrc.exe | Added by the SDBOT-VU WORM! | No |
| X | WindowsCriticalUpdate | windows_critical_update.exe | Added by the ASTEF or RESPAN WORMS! | No |
| X | WindowsD | s1.exe | Added by the MSNDIABLO.A WORM! | No |
| X | WindowsDiskEvt | svcsvh32.exe | Added by the NANINF.D TROJAN! | No |
| X | WindowsDiskLog | cstsm.exe | Added by the STINX-C or STINX-D TROJANS! | No |
| X | WindowsFileSystem | winsfs32.exe | Added by the RBOT-FMQ WORM! | No |
| X | WindowsFirewallSvc | winsvcup.exe | Added by a variant of the SDBOT WORM! | No |
| X | WINDOWSflashbrg | sqldata1.exe | Added by a variant of the AGENT-IC TROJAN! | No |
| X | WindowsFY | wp.exe | Part of a "Security IGuard" parasite infestation - also detected as DESKTOPHIJACK | No |
| X | WindowsFY | bsw.exe | Added by a variant of the DESKTOPHIJACK TROJAN! For removal see here | No |
| X | WindowsFY | [path to trojan] | Added by the FAKEALE-E TROJAN! | No |
| X | WindowsFZ | [path to file] | Added by the DESKTOPHIJACK VIRUS! Also see DESKTOPHIJACK.B TROJAN! | No |
| X | WindowsFZ | A5281300.so | Variant of the SmitFraud alias FAKEALE-C TROJAN! | No |
| X | WindowsFZ | zloader3.exe | Variant of the SmitFraud alias FAKEALE-C TROJAN! | No |
| X | WindowsHive | rpcc.exe | Added by the DLENA-A TROJAN! | No |
| X | WindowsIPRelay | winipsvc.exe | Added by the IRCBOT-AAA WORM! | No |
| X | WindowsK | a1.exe | Added by the MSNDIABLO.A WORM! | No |
| X | WindowsKeyUpdate | master.exe | Added by the JOSAM WORM! | No |
| X | WindowsMGM | Winmgm32.exe | Added by the SOBIG.A WORM and LALA.C TROJAN! | No |
| X | WindowsNT CWServices | CWServices.com | Detected by Bitdefender as the AGENT.AGDK TROJAN! See here | No |
| X | WindowsNT Services | Services.com | Detected by Bitdefender as the DELF.OFC TROJAN! See here | No |
| X | WindowsProtocolLog | lsadst.exe | Added by the NANINF.C TROJAN! | No |
| X | WindowsReg% update | [random filename].exe | Added by the RBOT-HH WORM! | No |
| X | WindowsRegistration | [random filename] | Added by the RBOT-NO WORM! | No |
| X | WindowsRegKey Autoupdate | [random filename] | Added by a variant of the RBOT WORM! | No |
| X | WindowsRegKey upd4te2d4te | *********.exe [* = random char] | Added by the RBOT.XQ WORM! | No |
| X | WindowsRegKey update | winupdate.exe | Added by the RBOT-QJ WORM! | No |
| X | WindowsRegKey update | windns.exe | Added by the RBOT.IE WORM! | No |
| X | WindowsRegKey update | winupdatexx.exe | Added by the RBOT.LW WORM! | No |
| X | WindowsRegKey update | [random filename] | Added by the RBOT.QT WORM! | No |
| X | WindowsRegKey update | svchoosts.exe | Added by the RBOT.ADB WORM! | No |
| X | WindowsRegKey update | svchostc.exe | Added by the RBOT.IF WORM! | No |
| X | WindowsRegKey update | wdnupdate.exe | Added by the SDBOT.QX WORM! | No |
| X | WindowsRegKey update | Windowsup.exe | Added by the SDBOT.PU WORM! | No |
| X | WindowsRegKey update | WINUPDATES.EXE | Added by the RBOT-MM WORM! | No |
| X | WindowsRegKey update | rkbuouoxfl.exe | Added by the RBOT-OO WORM! | No |
| X | WindowsRegKey update | winsys.exe | Added by the RBOT-JY WORM! | No |
| X | WindowsRegKey update | winupdat32.exe | Added by the RBOT-AGW WORM! | No |
| X | WindowsRegKey update XP | windexv1.exe | Added by the RBOT-ABM WORM! | No |
| X | WindowsRegKey%$ update | msi332.exe | Added by the RBOT-IX WORM! | No |
| X | WindowsRegKey%update | ethernet32m.exe | Added by the RBOT-EN WORM! | No |
| X | WindowsRegKeys update | winsysi.exe | Added by the SDBOT.WE WORM! | No |
| X | WindowsService | [random name].dll | Added by the VUNDO-X TROJAN! | No |
| X | WindowsServicesH | servicedhs.exe | Added by the AOGBOT-KN WORM! | No |
| X | WindowsServicesStartup | svchost.exe | Added by the ECUP WORM! | No |
| X | WindowsSetup | [path to trojan] | Added by the EZBOT TROJAN! | No |
| X | WindowsSp2 | sp2.exe | Added by the POSSE WORM! | No |
| X | WindowsSystem32 | asper.exe | Added by the AGENT-EFP TROJAN! | No |
| X | WindowsSystem32 | svchosts.exe | Added by the AGENT-EDA TROJAN! | No |
| X | WindowsSystem32 | [path to worm] | Added by the SDBOT-DFG WORM! | No |
| X | WindowsSystem32 | msnmssgr.exe | Detected by Kaspersky as the AGENT.ALY TROJAN! See here | No |
| X | windowstime.exe | windowstime.exe | Added by the DLOADR-AQV TROJAN! | No |
| U | WindowsTranslator | DWinTrsl.exe | Delta Translator® English < > Portugese (Brazilian) version - "an automatic, bi-directional machine translation software system that quickly and automatically translates multiple pages, paragraphs, sentences, phrases or just individual words in documents, letters, memos, faxes, reports, manuals, booklets, publications, spreadsheets, e-mail and even web pages as you browse the Internet" | No |
| U | WindowsTranslator_Espanhol | DWinTrsl.exe | Delta Translator® Spanish < > Portugese (Brazilian) version - "an automatic, bi-directional machine translation software system that quickly and automatically translates multiple pages, paragraphs, sentences, phrases or just individual words in documents, letters, memos, faxes, reports, manuals, booklets, publications, spreadsheets, e-mail and even web pages as you browse the Internet" | No |
| X | WindowsUpd | WindowsUpd4.exe | VirtuMonde adware | No |
| X | WindowsUpd1 | WindowsUpd1.exe | VirtuMonde adware | No |
| X | WindowsUpd2 | WindowsUpd2.exe | VirtuMonde adware | No |
| X | WindowsUpdate | windows_update.exe | Added by the LOFNI WORM! | No |
| X | WindowsUpdate | svchost.exe | Added by the ASTEF or RESPAN WORMS or AGENT-V TROJAN! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup! | No |
| X | windowsupdate | RPCX1sQ3.exe | Added by the IRCBOT.B TROJAN! | No |
| X | WindowsUpdate | USRINIT.EXE | Added by the MADDIS.B WORM! | No |
| X | windowsupdate | winupdate.exe | Added by the WARPI WORM! | No |
| X | WindowsUpdate | svchost.exe | Added by the BDOOR-IK BACKDOOR! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup! | No |
| X | WindowsUpdate | winnnint.exe | Added by an unidentified WORM or TROJAN! | No |
| X | WindowsUpdate | [path to file] | Added by the DUPA-B TROJAN! | No |
| X | WindowsUpdate | svchostw.exe | Added by the COBFINN_B TROJAN! | No |
| X | WindowsUpdate | Nzil.exe | Added by the CULLER-C WORM! | No |
| X | WindowsUpdate | Strad.exe | Added by the CULLER-D WORM! | No |
| X | Windowsupdate | Windowsupdate .exe | Detected by Kaspersky as the BANKER.ARK TROJAN! See here | No |
| X | Windowsupdate | wupdmgr98.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| X | WinDOwsUPdate | smss.exe | Detected by Kaspersky as the AUTORUN.DIB WORM! See here. Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ~A~m~B~u~R~a~D~u~L~ subfolder | No |
| X | WindowsUpdate renew | iexplore.exe | Added by the AGENT.QG TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | WindowsUpdate Service | wuautlc.exe | Added by the RBOT-NR WORM! | No |
| X | Windowsupdate Service | csrss.exe | Added by the BABA-B WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in the root folder (ie, C:\) | No |
| X | WindowsUpdateDirect | dupadirect.exe | Added by the DUPA-C TROJAN! | No |
| X | WindowsUpdatem1 | [path to file] | Added by the AGENT-AAJ TROJAN! | No |
| X | WindowsUpdatem2 | svchost.exe | Added by an unidentified WORM or TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! | No |
| X | WindowsUpdateManager | wupdmng.exe | Added by the IRCBOT.OE BACKDOOR! | No |
| X | WindowsUpdateNT | svwhost.exe | Added by the SHELLOT-B TROJAN! | No |
| X | WindowsUpdateR | regserv.exe | Added by the COBFINN_B TROJAN! | No |
| N | WindowsWelcomeCenter | rundll32.exe oobefldr.dll,ShowWelcomeCenter | Shows the Welcome Center every time you boot into Windows Vista - which "pulls all the tasks you'll most likely want to complete when you set up your computer into a single location" | Yes |
| X | WindowsXP Module | DirectX3D.exe | Malware, reportedly a keylogger - see here | No |
| X | WindowsXp Security | spool.exe | Added by the RBOT-GRK WORM! | No |
| X | WindowsXP Update | windowsxpupdate.exe | Added by the RBOT-PB WORM! | No |
| X | WindowsXPserv | svcnxp32.exe | Addee by the NANINF-A TROJAN! | No |
| X | windowsxxx | windowsxxx.exe | Added by the DUBING-A TROJAN! | No |
| X | windowsxxx2 | windowsxxx2.exe | Added by the DUBING-A TROJAN! | No |
| X | Windows_LowLevel_Security_Core | lsass.exe | Added by the PADMIN-A TROJAN! Note - this is not the legitimate lsass.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "Repair" subfolder of the Winnt or Windows folder | No |
| X | Windows_Protect | winsystem.exe | Added by a variant of the RBOT WORM! | No |
| X | Windows_Protect | winregal.exe | Added by a variant of the RBOT WORM! | No |
| X | Windows_Protect | lsas.exe | Added by the RBOT.ARO WORM! | No |
| X | Windows_Protect | wincontrol32.exe | Added by the RBOT-ADK WORM! | No |
| X | Windows_Serivce | SERVICE.exe | Added by the WOOTBOT.AH WORM! | No |
| X | Windows_Updates | svthost.exe | Added by a variant of the SPYBOT WORM! | No |
| X | Windows_VXD | user32.exe | Added by the PPORT TROJAN! | No |
| X | Windowz | [original worm filename].vbs | Added by the NUKIP WORM! | No |
| X | Windowz Update V2.0 | Explorer.exe | Added by the YODO WORM! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System% | No |
| X | Windowz Update V2.0 | updater.exe | Added by the YODO-C WORM! | No |
| X | Window_Protect | winsi32.exe | Added by a variant of the RBOT WORM! | No |
| X | Windoxs Update Center | W32RfSA.exe | Added by a variant of the SDBOT WORM! | No |
| X | WinDrg32 | windrg32.exe | Added by the DRUDGEBOT.A WORM! | No |
| X | WinDriv32 | WinDriv32.exe | Added by the SMALL-BA TROJAN! | No |
| X | WinDriver Configuration | windrvconf.exe | Added by the AGOBOT-LX TROJAN! | No |
| X | WinDrives | WinDrives.EXE | Added by the SMALL.DIG WORM! | No |
| X | WINDRUN | taskgmrs.exe | Added by the MYTOB-BT WORM! | No |
| X | windrv | windrv32.exe | Added by an unidentified VIRUS, WORM or TROJAN! - possibly a strain of OBLIVION or BIONET | No |
| X | WinDrv | windrvx.exe | Added by a variant of the TIBSER.A downloader TROJAN! | No |
| X | Winds Sers Agts | [5 random letters].exe | Added by a variant of the RBOT WORM! | No |
| U | WinDSL MTU-Adjust | WinDSL_MTU.exe | Adjusts the registry setting of the DUN-Adapters (MTU) and the TCP/IP-Protocol (RWIN) by ENGEL Technologieberatung | No |
| ? | WinDSL_MTU | WinDSL_MTU.exe | May be realted to Tiscali broadband, if so is it required? | No |
| X | WinDSNX | Win****.exe [* = random char] | Added by the DSNX TROJAN! | No |
| U | Windstream Broadband Check-up Center | matcli.exe | Part of the Windstream Broadband service from AllTel. "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, state, etc and gets written to a log file". ALLTEL Instant Support is required to run with the Help and Support program. If you uncheck it and and then run Help and Support it will add another ALLTEL Instant Support in the startup menu. If you remove ALLTEL Instant Support in add/remove programs some help menus in help and support will not be available. You decide | No |
| X | WindUpdates | [path to trojan] | Added by the AGENT.BF TROJAN! | No |
| X | WindUpdates | WinUpdt.exe | Windupdates adware variant | No |
| U | WINDVDpatch | CTHELPER.EXE | CTHELPER is a background task that is a plug-in manager for Creative drivers. The theory is that 3rd party manufacturers can use the CTHELPER plug-in interface to produce drivers, add-on features, and fixes that will integrate with a tighter fit with Creative's sound drivers and utilities. Given its purpose CTHELPER would normally be classified as a "leave alone" background task. It also allows Creative speaker setup to be synchronized with Windows Control Panel speaker setting. Without it running that check box in Creative speaker setting is not functional (settings are not in sync). Unfortunately there are often problems with CTHELPER, most notably that it can use 100% of CPU time so it's best left disabled unless you need it | No |
| N | WinDVR SchSvr | SchSvr.exe | WinScheduler is installed with WinDVD Remote Control for WinDVD from Intervideo. If you want to schedule recordings from your TV tuner card, you will need it. Available via Start -> Programs | No |
| N | WinDVRCtrl | WinDVRCtrl.exe | Control center software for an AOpen VA1000 TV tuner card | No |
| X | Windws Configuration Loader | LEXPLORE.exe | Added by the SODABOT WORM! | No |
| X | WinDynManager | amsnmsg.exe | Added by the SDBOT-IA BACKDOOR! | No |
| X | winenv | winenv.exe | Added by a variant of the SDBOT WORM! | No |
| X | WinEssential | Keyhost.exe | Hijacker - hailing from jraun.com | No |
| X | WinEssential | keyword.exe | Jraun adware | No |
| X | WinEx | lexplore_.exe | Added by the MSNOPT-A TROJAN! | No |
| X | WinExec | Winexec.exe.vbs | Added by the AINESEY.A WORM! | No |
| X | WinExec | WinExec.exe | Added by the FALUS-A WORM! | No |
| X | WinExec | Lsass.exe | Added by the CRUTLE-B WORM! Note - this is not the legitimate lsass.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder | No |
| X | WinExec32 | WinExec32.exe | Added by the KAZWIN WORM! | No |
| X | Winexec32 | windhelp32.exe | Added by the AGENT-HKU TROJAN! | No |
| U | WinFast Schedule | Wfwiz.exe | Leadtek WinFast TV tuner scheduler and remote control driver - required if you use the latter | No |
| U | Winfast2KLoadDefault | Rundll32.exe Wf2kcpl.dll, DllLoadDefaultSettings | Loads default settings for Leadtek Winfast graphics cards | No |
| U | WinFastDTV | DTVSchdl.exe | Scheduler for WinFast DTV digital TV cards from Leadtek Research Inc | No |
| U | Winfast_2K | WF2k.exe | System Tray application that starts up the Winfox utility for a Leadtek Winfast grpahics card to restore settings. Can be started manually from Start -> Settings -> Control Panel Display. Only needed if you wish to run things like the hardware monitor or overclock your card | No |
| U | WinFast_Gamma | Rundll32.exe wfcpl.dll, DllLoadGammaRampSettings | Loads if you change the gamma settings on Leadtek WinFast graphics cards | No |
| U | WinFast_Taskbar | rundll32.exe wftask.dll, WFDllLoadDefaultSettings | Loads default settings for Leadtek WinFast graphics cards | No |
| X | WinFavorites | WinFavorites.exe1 | Loudmarketing.com adware downloader | No |
| N | WinFax PRO | FAXMNG32.EXE | WinFax PRO from Symantec - fax management software | No |
| N | WinFax PRO Controller | WFXCTL32.EXE | From WinFax 10.0 and possibly earlier versions. Appears if you chose to have WinFax appear in the taskbar (System Tray) during installation and displays a yellow fax/telephone icon. Available via Start -> Programs | No |
| Y | WinFaxAppPortStarter | wfxsnt40.exe | WinFax 10.0 and maybe earlier versions. Used to initiate the WinFax port to enable printing to the WinFax printer (send a fax) from any application. | No |
| X | WinFire | WF.exe | Added by the DELF-SY TROJAN! | No |
| X | WinFix service | rsswjzgp.exe | Added by the RBOT-FAE WORM! | No |
| X | WinFixer 2005 | wfx5.exe | WinFixer web installer. Winfixer is "Foistware", pretending to be system optimization, protection and recovery software - stealth installed, see here | No |
| X | WinFixer 2006 | uwfx6.exe | WinFixer web installer. Winfixer is "Foistware", pretending to be system optimization, protection and recovery software - stealth installed, see here | No |
| X | WinFixer helper | wfxcwr.exe | WinFixer rogue spyware remover - not recommended, see here | No |
| X | WinFixer service | [random filename].exe | Added by a variant of the SDBOT WORM! | No |
| X | WinFixer2006 | uwfx6.exe | WinFixer web installer. Winfixer is "Foistware", pretending to be system optimization, protection and recovery software - stealth installed, see here | No |
| X | WinFlyer32.dll | WinFlyer32.dll | Added by the WINFLYER TROJAN! | No |
| X | winfont | winfont.exe | Added by the DEATH TROJAN! | No |
| X | winform | winform.exe | Added by the PWS-ALB TROJAN! | No |
| U | WinFoxV2 | WF2k.exe | System Tray application that starts up the Winfox utility for a Leadtek Winfast grpahics card to restore settings. Can be started manually from Start -> Settings -> Control Panel Display. Only needed if you wish to run things like the hardware monitor or overclock your card | No |
| X | WinFX | cssrs.exe | Added by the AGOBOT.FX WORM! | No |
| U | WinGate Engine Monitor | wgengmon.exe | WinGate Internet Client Dialup Monitor - component of WinGate proxy server software. Displays the status of the WinGate engine, and appears in the system tray of each workstation on the network reassuring clients that their workstations have connectivity with the WinGate Server | No |
| X | WinGate initialize | WinGate.exe | Added by the LOVGATE.F WORM! | No |
| X | wingerver2.0.exe | wingerver2.0.exe | Added by the GRAYBRD-AE TROJAN! | No |
| X | wingo | wingo.exe | Added by the BEAGLE.AW or BEAGLE.AV WORMS! | No |
| X | wingo | [various filenames] | Added by the BAGLE-AU WORM! | No |
| N | WinGuage Pro | WGPRO32.EXE | Part of McAfee Nuts & Bolts. "WinGauge is a dynamic reporting tool that constantly monitors your use of Windows and your applications, to alert you to potential problems before they become serious". Resource hog. Available via Start -> Programs | No |
| Y | Winguard | WGFE95.EXE | Dr Solomon's Virex antivirus | No |
| X | winguard | wingrd32.exe | Added by a variant of the RBOT WORM! | No |
| U | WinGuard Pro | wgp.exe | Winguard Pro | No |
| N | WinHacker | rundll32.exe wh95.dll, HackMe | WinHacker tweaking utility by Wedge Software. There are far better tweakers and, unlike WinHacker, most are free | No |
| X | Winhelp | winhe1p.exe | Added by the QQPASS.E TROJAN! | No |
| X | WinHelp | WinHelp.exe | Added by the LOVGATE.F WORM! Note - this file is located in %System% whereas the valid one is located in %Windir% | No |
| X | WinHelp | realsched.exe | Added by the LOVGATE-F WORM! Note - this is not the legitimate RealPlayer (realsched.exe) application of the same name. This one is located in %System% | No |
| X | Winhelp | TkBellExe.exe... | Added by the LOVGATE.Z WORM! | No |
| X | winhelp | dns32.exe | Added by a variant of the RBOT WORM! | No |
| X | winhelp | Updadv.exe | Added by the QQPASS-N TROJAN! | No |
| X | Winhelp | TkBellExe.exe | Added by the LOVGATE.E WORM! | No |
| X | winhlp.exe | winhlp.exe | Added by the FORMGLIEDER TROJAN! | No |
| X | winhlp3.exe | winhlp3.exe | Added by a variant of the EASTO.A TROJAN! | No |
| X | Winhlp32 | Wscript.exe Msexec32.vbs | Added by the GANT.B WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted. The "Msexec32.vbs" file is found in %System% | No |
| X | winhlp32.exe | winhlp32.exe | Added by the EASTO.A TROJAN! | No |
| X | winhlpp32.exe | winhlpp32.exe | Added by the GAOBOT.SY WORM! | No |
| X | Winhost | wintt.exe | Added by the LOLAWEB.B TROJAN! | No |
| X | Winhost | win.exe | Added by the DLOADER-AP TROJAN! | No |
| X | Winhost | yahoo.exe | Added by the DELF-KM TROJAN! | No |
| X | Winhost | winhost.exe | Added by the REATLE.F WORM! | No |
| X | winhost.exe | winhost.exe | Added by the LOHAV-R TROJAN! | No |
| X | winhost32.exe | winhost32.exe | Added by the TABDIM TROJAN! | No |
| X | WinHound | WinHound.exe | WinHound spyware remover - not recommended, see here | No |
| X | WinIeRun | winierun.exe | Added by the RNWATCH-A WORM! | No |
| X | WinIFixer | WinIFixer.exe | WinIFixer spyware remover - not recommended, see here | No |
| X | winimage | wvsvc.exe | Added by the RBOT.TX WORM! | No |
| X | WinINet | services.exe | Added by the SOBER-P WORM! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "ConnectionStatus" subfolder of the Windows or Winnt folder | No |
| X | wininet | wininet.exe | Added by the STUBBOT-C WORM! | No |
| X | wininet.dll | regperf.exe | Added by the ZLOB TROJAN and variants! | No |
| X | wininet32 | wininet32.exe | Added by the RAZNEW-A TROJAN! | No |
| X | wininetd | wininetd.exe | Added by the WINET TROJAN! | No |
| X | Winini.dll | winini.vbs | Added by the STARTP-M TROJAN! | No |
| X | wininit | wininit.exe | Added by the WOLLF.16 TROJAN! | No |
| X | WinInit | Win86.exe | Added by the SMALL-PB TROJAN! | No |
| X | winint | winint.exe | Added by the SDBOT-ADA WORM! | No |
| X | winipsec | winipsec.exe | Unidentified malware | No |
| U | WinIRXHelper | WinIRXHelper.exe | MSI Media Center Deluxe software - see here | No |
| X | winis | winis.exe | Added by the RBOT-WI WORM! | No |
| X | Winjava xml | dirx9.exe | Added by the HAXDOOR ROOTKIT! | No |
| X | Wink*.exe | Wink*.exe [* = random char] | Added by a variant of the KLEZ WORM! | No |
| U | Winkb6 | winkb6.exe | Part of We-Blocker - gives parents the opportunity to monitor their children's Internet access and provide them with age-appropriate content, while filtering out sites that contain adult content. Works in conjunction with Winkb6 and both files are needed to run We-Blocker | No |
| X | WinKernel | WinKer.exe | Added by the MIRAB or SERVIDOR TROJANS! | No |
| X | WinKernel | [path to virus] | Added by the PLEA VIRUS! | No |
| X | winkernel32 | wWin32.com | Added by the BANSAP TROJAN! | No |
| U | WinKey | winkey.exe | Loads Copernic's WinKey. Used to map out Windows key hotkey combinations. Not required for the system, but is necessary for this to be running if you use these hotkey combos | No |
| X | winla | winla.exe | Added by the DLOADR-AQL TROJAN! | No |
| X | winldr | [path to file] | Added by the VIDLO-P TROJAN! | No |
| X | winldr | Rechnung.pdf.exe | Added by the ACS TROJAN! | No |
| U | winlgn | winsplg.exe | Related to the Sentry Parental Controls software | No |
| X | winlgz2 | winlgz2.exe | Added by the KILLFIL-Q TROJAN! | No |
| X | winlibs.exe | winlibs.exe | Added by the EVAMAN.C WORM! | No |
| X | WinLibUpdate | libupdate.exe | Added by the BIONET series of TROJANS such as BIONET.31 or BIONET.310 | No |
| X | WinLibUpdate32 | libupdate32.exe | Added by the BIONET.405 TROJAN! | No |
| X | WinLibUpdte | libupdte.exe | Added by the BIONET.318 TROJAN! | No |
| X | Winlink | winlink32.exe | Added by the GAOBOT.AAY WORM! | No |
| X | Winlme | windll.exe | Added by the GOP.F WORM! | No |
| U | WinLoad | Winload.exe | PCTattletale is a surveillance software program that monitors user activity, logs keystrokes, and takes screenshots. Uninstall this software unless you put it there yourself | No |
| X | WinLoader | [random filename] | Added by variants of the SUBSEVEN TROJAN! | No |
| X | winlocatorupdate | updatewinlocator.exe | Locator adult content toolbar related | No |
| X | winlog | winlog.exe | Added by the GAOBOT.DF WORM! | No |
| X | winlog manager | winlog.exe | Added by the DONBOMB.A TROJAN! | No |
| X | WINLOG0N | WINLOG0N.EXE | Added by the MYDOOM.BI WORM! | No |
| X | WinLogin | winlogin.exe | Added by the AGOBOT-IX WORM! | No |
| X | winlogin | win32x.exe | Browser hijacker, also detetected as the STARTPA-DF TROJAN! | No |
| X | Winlogin.exe | log.exe | Added by a variant of the AGENT.AH downloader TROJAN! | No |
| X | winlogin.exe | logfile.exe | Added by the AGENT.AH TROJAN! | No |
| X | winlogin.exe | mspaint.exe | Added by a variant of the AGENT.AH TROJAN! | No |
| X | Winlogin.exe | steam.exe | Added by a variant of the AGENT.AH TROJAN! | No |
| X | winlogoff | winlogoff.exe | Added by the AGOBOT-TR WORM! | No |
| X | winlogon | winlogon.exe | Hijacker or adult content dialler! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup and is always located in the System32 folder. This file is placed in the Windows or Winnt folder | No |
| X | winlogon | winlogin.exe | Added by the RANDEX.E WORM! | No |
| X | winlogon | winlogon.exe | Added by the TRODAL TROJAN! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup and is always located in the System32 folder. This file is placed in the Windows or Winnt folder | No |
| X | winlogon | msreg32.exe | Added by the SDBOT.EO WORM! | No |
| X | winlogon | winlogon32.exe | Added by the MASLAN.C WORM! | No |
| X | winlogon | wpwlogon.exe | Added by an unidentified WORM or TROJAN! | No |
| X | WINLOGON | wscript.exe WINLOGON.vbs | Added by the YSPAN.F WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted. The "WINLOGON.vbs" file is found in %System% | No |
| X | Winlogon | lsass.exe | Added by the VB-EJ TROJAN! Note - this is not the legitimate lsass.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder | No |
| X | Winlogon | lsass.exe | Added by the FLOPPY-B VIRUS! Note - this is not the legitimate lsass.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder | No |
| X | winlogon | nvchost.exe | Added by an unidentified WORM or TROJAN! | No |
| X | Winlogon | WINLOGON.EXE | Added by the PUNYA-B WORM! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup! | No |
| X | winlogon | system.exe | Added by a variant of the DELF.CNS TROJAN! | No |
| X | winlogon | cleanmg.exe | Added by the AGENT-ICR TROJAN! | No |
| X | winlogon service | urx.exe | Added by the SPYBOT.EN WORM! | No |
| X | Winlogon Shell | Explorer.exe svchost.exe | Added by the KIPIS.M WORM! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the "1032" sub-folder | No |
| X | Winlogon.exe | N/A | CoolWebSearch parasite variant - resets home page to an adult content site | No |
| X | winlogon.exe | helper.exe | Added by the FAKESPY-A TROJAN! | No |
| X | winlogon.exe | msole32.exe | Adware, also detected as the FAKESPY-B TROJAN! | No |
| X | winlogon32_ | [path to file] | Added by the RULAND.A WORM! | No |
| X | Winlogun | winlogin.exe | Added by the P2LOAD-C WORM! | No |
| X | WinLsass | servicec.exe | Added by the SCANE WORM! | No |
| X | WinLsass | [path to trojan] | Added by the SCANE WORM! | No |
| X | winltmpv | winln.exe | Added by the TCXMEDI-C TROJAN! | No |
| X | winltmpv | wutop.exe | Added by the TCXMEDI-C TROJAN! | No |
| X | Winmain | winmain.exe | One of the first of a new breed of malware. When run it immediately loads MSHTA.EXE from the Windows folder, placing it on "hot standby", ready to accept HTA scripting within a web page and then EXECUTE what is embedded IN the page as a program! In other words, it's possible for a "rogue" website to actually embed trojans, worms and/or viruses directly into a web page. NSClean's HTA Stop offers an easy way to toggle this capabiltity, or rather vulnerability, on and off. I suggest you leave it disabled! | No |
| X | WinManage | wmanage.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| ? | WinManager | schost.exe | ?? | No |
| U | winmatrix.exe | WinMatrixXP.exe | WinMatrix XP - wallpaper replacement that shows different matrix effects (including flowing matrix codes from 'The Matrix' movie) on your desktop | No |
| X | WinMed | winmed.exe | Added by the AGENT.AIRF TROJAN! | No |
| X | WinMedia | [path to trojan] | Added by the ZEROBE-A TROJAN! | No |
| X | WinMedia | msupd******.exe [*= random digit] | Added by the INJECT.163 TROJAN! | No |
| X | WinMedia32 | winmedia32.exe | Added by the YABE.F TROJAN! | No |
| U | WinMem | WinMem.exe | WinMem Cleaner - part of Ultra WinCleaner Utility Suite. Makes more memory available for your programs and the Operating System. It also defragments your system | No |
| X | WinMenssage | winmax.exe | Added by the BANCOS.B TROJAN! | No |
| X | WinMessenger | syshost.exe | Added by the OPANKI-E WORM! | No |
| N | WinMgmt | WinMgmt.exe | Used for Enterprise Management. If you are not an IT Administrator you don't need it to be running. Also runs from the PCHealth "scheduler" - refer here | No |
| X | winmgmt32.exe | winmgmt32.exe | Added by the LUZIA.AD TROJAN! | No |
| X | WINMGR | taskgmgr.exe | Added by the MYTOB.AN WORM! | No |
| X | Winmgr.exe | scvhost.exe | Added by the AGOBOT.AFG WORM! | No |
| X | WinMgr32 | winmgr32.exe | Added by the MIMAIL.P WORM! | No |
| X | WinMine | D4NG3.vbs | Added by the BISCUIT.A WORM! | No |
| Y | winmodem | wmexe.exe | Software for software based modems. Required if you have one of these. WinModems use software rather than hardware - hence putting a load on the CPU. Needed if you have it for loading the drivers. See here for more WinModem information | No |
| X | Winmon32 | winmon32.exe | Added by the RBOT-OQ WORM! | No |
| X | WinMoviePlugIn | WinMoviePlugIn.exe | Sfonditalia adult content premium rate dialer | No |
| X | Winmsg | winwork.exe | Added by the GAOBOT.GEN!POLY WORM! | No |
| X | WinMsg | winmsgr.exe | Added by the DLOADR-AS TROJAN! | No |
| X | WinMsrv32 | WinMsrv32.exe | Added by the GAOBOT.AFJ WORM! | No |
| N | WinMX | WinMX.exe | WinMX file sharing application | No |
| N | winmysqladmin | winmysqladmin.exe | Starts the MySQL database admin tool | No |
| N | WinMySQLadmin Tool | winmysqladmin.exe | Starts the MySQL database admin tool | No |
| X | winnet | winnet.exe | CommonName Toolbar spyware. To uninstall see here | No |
| X | WinNetDDE | [random characters].exe | Added by the NETDEPIX.B TROJAN! | No |
| X | WinNite | niteaim.exe | Added by the OPANKI.B WORM! | No |
| X | winnload | winnload.COM | Added by the DOWNLD-ABG TROJAN! | No |
| ? | Winnov Menu | WnvMenu.Exe | Winnov Video Capture Card related. What does it do and is it required? | No |
| ? | Winnov Remote | WnvRsvr.Exe | Winnov Video Capture Card related. What does it do and is it required? | No |
| ? | Winnov Status | WvStatus.Exe | Winnov Video Capture Card related. What does it do and is it required? | No |
| X | winnsvc | msvc.exe | Added by the PWS.O TROJAN! | No |
| X | winnt | winnt.exe | Added by the MONA-E WORM! | No |
| X | WinNT | WinNT.com | Added by the AUTOSKY WORM! | No |
| X | winnt DNS ident | wuamgrd32.exe | Added by the RBOT-BAU WORM! | No |
| X | winnt DNS ident | iexplorer.exe | Added by a variant of the RBOT WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) | No |
| X | winnt DNS ident | pidchk32.exe | Added by the RBOT-ACY WORM! | No |
| X | winnt DNS ident | windowxp.exe | Added by a variant of the RBOT WORM! | No |
| X | winnt DNS ident | Winupd32.exe | Added by the RBOT.AVU WORM! | No |
| X | winnt DNS ident | winupdate32.exe | Added by a variant of the RBOT WORM! | No |
| X | winnt DNS ident | wuamgrd33.exe | Added by a variant of the RBOT WORM! | No |
| X | Winnt DNS ident | windowsp.exe | Added by the RBOT.BAL WORM! | No |
| X | Winnt DNS ident | msnmsrg.exe | Added by the RBOT.BVQ WORM! | No |
| X | winNT updatc | wupgrd.exe | Added by a variant of the RBOT WORM! | No |
| X | WinNtBB | WinntBB.exe | Added by the DULOAD.C WORM! | No |
| X | Winnup | win32nls.exe | Added by a variant of the SPYBOT WORM! | No |
| X | winocx32 | winocx32.exe | Added by the PROTORIDE.I WORM! | No |
| X | WINOWS SYSTEM | winnt.exe | Added by the MYTOB.ID WORM! | No |
| X | WINP | winmic.exe | Added by the SPYBOT-EB WORM! | No |
| X | Winpack | winpack.exe | Adware - detected by Kaspersky as the AGENT.GG TROJAN! | No |
| X | WinPatch Protection | winpatch.exe | Added by an unidentified WORM or TROJAN! | No |
| U | WinPatrol | winpatrol.exe | WinPatrol - "Manage Startup programs, tasks, cookies; will sniff out Worms, Trojan horses, Cookies, Adware, Spyware, Klez, Assumption and other malicious programs" | Yes |
| Y | WinPatrol Explorer | WinPatrolEx.exe | Part of WinPatrol | No |
| U | WinPatrol Monitor | winpatrol.exe | WinPatrol - "Manage Startup programs, tasks, cookies; will sniff out Worms, Trojan horses, Cookies, Adware, Spyware, Klez, Assumption and other malicious programs" | Yes |
| X | WinPCDoctor | SysRep.exe | WinPCDoctor misleading security software - not recommended, see here | No |
| X | winphonics7536 | vbsystem35.exe setups.exe vb.vb | Added by a variant of the MUTIN-C TROJAN! | No |
| X | winpipe | winpipe.exe | Browser hijacker redirecting to wow-access.com | No |
| U | WinPLOSION | WinPlosion.exe | "WinPLOSION allows you to immediately view and select from all the windows running on your computer, just those of the active application, or to minimise all windows and display a clear desktop" | No |
| Y | WinPoet | WinPPPoverEthernet.exe | WinPoET is the industry's first Windows-based PPP over Ethernet client. Developed by iVasion, WinPoET is attractive to equipment providers, modem suppliers, RBOCs and ISPs. For more info read here. It uses dial-up networking for new high-speed internet customers who are more familiar with analogue modems. If unchecked in MSCONFIG it reports Error 360 - Hardware Error in dial-up networking | No |
| X | winpol | winpol.exe | Added by the AGENT.IWD TROJAN! | No |
| Y | Winpooch | Winpooch.exe | "Winpooch is a Windows watchdog, free and open source. Anti spyware and anti trojan, it gives a full protection against local or external attacks by scanning the activity of programs in real time. Associated with ClamWin antivirus, Winpooch keeps safe your computer against virus" | No |
| X | WinPop | winpop.exe | Brudevic A adware | No |
| N | WinPopup | WINPOPUP.EXE | Intranet chat software provided by windows for chat on small networks. Handy little LAN messaging utility. Has been included in Windows since 95, and maybe in WFWG 3.11. Normally it won't set itself up to run unless the user specifically adds it to startup | No |
| X | winpopup | winupie.exe | Adware by Tradeexit.com | No |
| N | Winpower | Winpower.exe | Part of InstallAnywhere from Zero G Software, now owned by Macrovision | No |
| X | Winprocer32 Update | winprocer32.exe | Added by the RBOT.GW WORM! | No |
| X | winprocessor Update | winprocessor.exe | Added by the RBOT.IO WORM! | No |
| X | WinProfile | Command.exe | Added by the BUDDY.E TROJAN! | No |
| X | WinProfile | sndcfg16.exe | Added by the SNDC.A WORM! | No |
| X | winprofile | iexpiore.exe | Added by a variant of the MONCHER WORM! | No |
| X | WinProfile | iexpIore.exe | Added by the CHUM-C TROJAN! | No |
| X | WinProt | Winprot.exe | Added by the CHUPACABRA TROJAN! | No |
| X | WinProt | server.exe | Added by the CHUPACABRA TROJAN! | No |
| X | winprotect | win32.exe | Added by the MUGLY.E WORM! | No |
| X | winprotect | winprotect.exe | Added by the SDBOT-SB WORM! | No |
| U | WinProxy | WinProxy.EXE | "WinProxy is the world-first proxy server and a firewall with integrated mail server for Windows 95/98/ME/NT/2000/XP" | No |
| X | Winproxy Personal | WINPROXY.EXE | Added by the SDBOT.BMF WORM! | No |
| X | winpsd | winpsd.exe | Added by the MYDOOM.Q WORM! | No |
| X | WinPWD Manager | wpwdmgr.exe | Added by the RBOT-AUT WORM! | No |
| X | winrapid | winrapid.exe | Added by a variant of the RBOT WORM! | No |
| X | winrar | winrar.exe | CoolWebSearch Therealsearch parasite variant. Note - this is not the file zipping utility also known as WinRAR! | No |
| X | WinRaR Service | WinrarCO.com | Added by an unidentified WORM/TROJAN! | No |
| X | winrarshell | winrarshell32.exe | Added by the SALIRA TROJAN! | No |
| X | WinReader | read.exe | Added by the DELBOT-V WORM! | No |
| X | WinReanimator | WinReanimator.exe | WinReanimator spyware remover - not recommended, see here | No |
| X | winReg | winReg.exe | Added by the YAHA.H or YAHA.J WORMS! | No |
| X | WinReg32 service | holqdnoxpmeu.exe | Added by a variant of the SDBOT WORM! | No |
| X | winregsrv | winregsrv.exe | Added by the SYNRG TROJAN! | No |
| X | winreg_32 | svchosst.exe | Added by the BANCOS-CE TROJAN! | No |
| X | winreg_32 | [path to trojan] | Added by the BANKER-DB TROJAN! | No |
| X | winreg_32 | sysdll.exe | Added by the DLOADER-IJ TROJAN! | No |
| X | winreg_32 | Vc030405.exe | Added by the BANCOS-CT TROJAN! | No |
| U | WINREMOTE | WinRemote.exe | InterVideo WinCinema Manager - needed for the use of WinDVD Remote Control | No |
| X | Winres32vis | [path to worm] | Added by the THRAX.A WORM! | No |
| X | winrestore1 | winrestore.exe | Added by the KILLFIL-Q TROJAN! | No |
| X | winreups | winreups.exe | Added by a variant of the RBOT WORM! | No |
| X | winroot | winsn.exe | Added by the QQPASS.IA WORM! | No |
| N | winroute | winroute.exe | Win-Route 4.27. WinRoute Tray Icon for starting and stopping the WrCtrl.exe process, also to log in to the console to view logs and change settings. Can be unchecked and the engine still runs and functions normally. Can then use provided shortcuts for administration of the program. Loaded in SERVICES on Windows 2k | No |
| X | WinRPC | winrpcmx.exe | Added by the BANKER-EEI TROJAN! | No |
| X | winrun | msconfig.exe | Added by the WINUR WORM! Note - this is not the real msconfig.exe as it's located in C:winrun | No |
| X | winrun | winrun.exe | Added by the WINBUR.B WORM! | No |
| X | WINRUN | taskgmr32.exe | Added by the MYTOB.AP WORM! | No |
| X | WINRUN | svchost32.exe | Added by the MYTOB-AI WORM! | No |
| X | WINRUN | taskgmr.exe | Added by the MYTOB-BX WORM! | No |
| X | WinRun | AutoRun.ini | Added by the LOVELET-AD WORM! | No |
| X | WINRUN z | W1NT45K.exe | Added by the MYTOB.BL WORM! | No |
| X | WinRunners | WinDrivers.exe | Added by the DULOAD.C WORM! | No |
| X | Wins Loader5 | Gadu-Gadu.exe | Added by a variant of the IRCBOT TROJAN! Note - doe not confuse with the Polish language Instant Messaging client also called Gadu-Gadu | No |
| X | Wins Service Driver | winet.exe | Added by the RBOT-APV WORM! | No |
| X | Wins Update 32 | services32.exe | Added by the FORBOT-FN WORM! | No |
| X | Wins32 Online | cfgpwnz.exe | Added by the BROPIA.R WORM! | No |
| X | WinScMngr | winsmc.exe | Added by the SDBOT-BPZ WORM! | No |
| X | WinSec | winsec16.exe | Added by the AGOBOT.ZF WORM! | No |
| X | winsecure | winsecure.exe | Browser hijacker, redirecting to specificsearches.com | No |
| X | WinSecure | [random].exe | Added by the AGENT-LR TROJAN! | No |
| X | Winsecure Antivirus | Secureantivirus.exe | Added by a variant of the SPYBOT WORM! | No |
| X | WinSecureAv | pgs.exe | WinSecureAv spyware remover - not recommended, see here | No |
| X | WinSecured32 | ssmr.exe | Added by a variant of the FORBOT WORM! | No |
| X | Winserv | Winserv.ila | Added by the NODMIN WORM! | No |
| X | winserver | Server.txt.vbs | Added by the DELTAD.A WORM! | No |
| X | Winservice | winmain.exe | Adult content related malware | No |
| X | winservice | svchost.exe | Added by the CVK TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder | No |
| X | WinService | hosth.exe | Added by the DWNLDR-FUX TROJAN! | No |
| X | WinService | Ttt.exe | Added by the MSNVB-D WORM! | No |
| X | WinService | WinServ.exe | Added by the SKOWOR-O WORM! | No |
| U | WinService32 | ssmgr.exe | 007 Spy Software - "stealthy monitoring program which allows you to secretly track all activities of computer users and automatically deliver logs to you via Email or FTP" | No |
| U | WinService32 | svchost.exe | 007 Spy Software - "stealthy monitoring program which allows you to secretly track all activities of computer users and automatically deliver logs to you via Email or FTP" | No |
| X | WinServices | WinServices.exe | Added by the YAHA.K or YAHA.M WORMS! | No |
| X | winservices | bootvfy.exe | Added by an unidentified WORM or TROJAN! | No |
| X | winservit | cassl.exe | Added by the RBOT.ASG WORM! | No |
| X | winservn | winservn.exe | PurityScan/Clickspring adware | No |
| X | winservs | winservs.exe | PurityScan/Clickspring adware | No |
| X | WinSetBrowse | BasicUpdate.dll.vbs | Added by the BISCUIT.A WORM! | No |
| X | winsfc | winsfc.exe | Added by the WISFC VIRUS! | No |
| X | Winshell | remote.exe | Added by the MYTOB.LJ WORM! | No |
| ? | Winshoe | wuadfdqr.exe | Probably an unidentified VIRUS! Adds itself to 3 registry "Run" keys and prevents Task Manager being displayed. This is not the Winshoe IRC Client as the visitor did not have it installed | No |
| X | winshost.exe | winshost.exe | Added by the TOOSO WORM and variants! | No |
| X | winshow | [path to trojan] | Added by the VB-DXP TROJAN! | No |
| X | WinShowUpdate | copy C:WINDOWSwinshow.new C:WINDOWSwinshow.dll | Winshow parasiate related - from the "RunOnce" keys it replaces "winshow.dll" with a new version | No |
| X | WinSig | NetXP.exe | Added by the BANKER-FN TROJAN! | No |
| X | winskype | winskype.exe | Added by the BROGGER-C TROJAN! | No |
| X | winsock | svch0st.exe | Added by the SAGE-A WORM! Note - the filename has the digit 0 rather then the uppercase "o" | No |
| X | Winsock driver | winnt update.exe | Added by the SPYBOT-DM TROJAN! | No |
| X | Winsock driver | winnt64.exe | Added by the SPYBOT-DR WORM! | No |
| X | Winsock Driver | nvscv32.exe | Added by the AOGBOT-FD WORM! | No |
| X | Winsock Driver | scvhost.exe | Detected by Kaspersky as the RBOT.AEU BACKDOOR! See here | No |
| X | Winsock driver | win.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Winsock Startup | Main2.exe | Added by a variant of the SDBOT WORM! | No |
| X | winsock.client | winsock.exe | Added by the DIABLO-M TROJAN! | No |
| X | winsock2 | netsvr.exe | Added by the AGOBOT.LY WORM! | No |
| X | Winsock2 driver | SDJOIJE.EXE | Added by the SPYBOT.DR TROJAN! | No |
| X | Winsock2 driver | MIRC32.exe | Added by the SPYBUZZ TROJAN! | No |
| X | Winsock2 driver | kgzgjkpcw.exe | Added by the SDBOT.T TROJAN! | No |
| X | Winsock2 driver | ZONEALARM.EXE | Added by the SDBOT.T TROJAN! Note - ZONEALARM.EXE is not the valid Zone Labs firewall program | No |
| X | Winsock2 driver | WINCFG.SCR | Added by a variant of the SPYBOT WORM! | No |
| X | Winsock2 driver | winupdate.exe | Added by the SPYBOT-BX WORM! | No |
| X | Winsock2 driver | SPOLSV.EXE | Added by the SPYBOT-CM WORM! | No |
| X | Winsock2 driver | Zonealarmupdate.exe | Added by a variant of the SPYBOT WORM! | No |
| X | Winsock2 driver | sysreq.exe | Added by the SPYBOT-CC WORM! | No |
| X | Winsock2 driver | AMSNMGR.EXE | Added by a variant of the SPYBOT WORM! | No |
| X | Winsock2 driver | WUAUMQR.EXE | Added by the SPYBOT-DP WORM! | No |
| X | Winsock2 driver | wincfg.exe | Added by the SPYBOT.CO WORM! | No |
| X | Winsock2 driver | ntsys32.exe | Added by the SPYBOT-DD WORM! | No |
| X | Winsock2 driver | svchorsst.exe | Added by the SPYBOT-EE WORM! | No |
| X | Winsock2 driver | SYSTEM32.EXE | Added by the SPYBOT-EG WORM! | No |
| X | Winsock2 driver | dllcfg32.exe | Added by the SPYBOT.AG WORM! | No |
| X | Winsock2 driver | CFTMON.EXE | Added by a variant of the IRCBOT BACKDOOR! | No |
| X | Winsock2 wqr1s | WUAUMQR1.EXE | Added by the SPYBOT.KD WORM! | No |
| X | Winsock2.dll | WINLODR.SCR | Added by an unidentified VIRUS, WORM or TROJAN! | No |
| X | Winsock32 driver | Testing.exe | Added by the SPYBOT.B WORM! | No |
| X | Winsock32 driver | system32.exe | Added by the IRCBOT-VT TROJAN! | No |
| X | Winsock32driver | win32server.scr | Added by the HACARMY TROJAN! | No |
| X | Winsock32driver | sp2XPupdate.exe | Added by the HACKARMY.S TROJAN! | No |
| X | Winsock32driver | win32server.exe | Added by the BACKDOOR-AZV TROJAN! | No |
| X | Winsock32driver | ZoneAlarmPr0.exe | Added by the HACKARMY-B TROJAN! | No |
| X | Winsock32driver | ZoneLockup.exe | Added by the HACARMY.D TROJAN! | No |
| X | Winsock32driver | win32server.exe | Added by the HACARMY.F TROJAN! | No |
| X | Winsock32driver | winXPupdate.exe | Added by the HACKARMY.9728 TROJAN! | No |
| X | Winsock32driver | svchhost.exe | Added by the HACKARMY.I TROJAN! | No |
| X | Winsock6 MIC driver | ieservicesupd.exe | Added by the SPYBOT.AFZ WORM! | No |
| X | winsockdriver | tskmg.exe | Added by the SDBOT.GEN TROJAN or WARPIGS.C WORM! | No |
| X | winsockdriver | winsock2.2.exe | Added by a variant of the SPYBOT WORM! | No |
| X | winsockdriver | iexplor.exe | Added by the BLATIC.A WORM! | No |
| X | winsockdriver | winsock3.exe | Added by the SPYBOT-DO WORM! | No |
| X | winsockdriver | bot.exe | Added by the WARPIGS-D WORM! | No |
| X | winsockdriver | winsock4.1.exe | Added by a variant of the IRCBOT TROJAN! See here | No |
| X | WinSocketComponent | nthost.exe | Added by an unidentified VIRUS, WORM or TROJAN! | No |
| X | Winsocks2 driver | mznmgr.exe | Added by a variant of the SDBOT WORM! | No |
| U | WINSOS VERIFY | WINSOS.EXE | WinSOS - "deletes spyware, optimizes your computer - backs up selected data" | No |
| X | WinSP | [path] REGEDIT.EXE -s [path] sysreg.reg | Added by the STARTPA-ME TROJAN! | No |
| X | winspd32dll | winspd32.exe | Added by a variant of the AGOBOT/GAOBOT WORM! | No |
| X | WinSPF | windrv32.exe | Added by the MYDOOM.T WORM! | No |
| X | WinSPF | winspf32.exe | Added by the MYDOOM.S WORM! | No |
| X | Winspl | winsplx.exe | Added by a variant of the TROLL-A TROJAN! | No |
| X | winsplog | wsmmlog.exe | Added by the MAILBOT-CA TROJAN! | No |
| X | Winspool | spoolsvr.exe | Added by a variant of the SDBOT WORM! | No |
| X | WinSpyControl | pgs.exe | WinSpyControl spyware remover - not recommended, see here | No |
| X | WinSpyDemo | WinSpyDemo.exe | WinSpy rogue spyware - not recommended, see here | No |
| X | WinSpyKiller | WinSpyKiller.exe | WinSpyKiller rogue spyware remover - not recommended, see here | No |
| X | WinSpywareProtect | WinSpywareProtect.exe | WinSpywareProtect rogue spyware remover - not recommended, see here | No |
| X | WinSpywareProtect (ver. 5.1) | WinSpywareProtect.exe | WinSpywareProtect rogue spyware remover - not recommended, see here | No |
| X | WinSrv | kn0x.exe | Added by the HOBBIT.F WORM! | No |
| X | WinSrv | SHIZZLE.EXE | Added by the HOBBIT.C WORM! | No |
| X | Winsrv | winsrv.exe | Added by the OPASERV.T WORM! | No |
| X | winsrv | winsrv.exe | Added by the NETSNAK-B TROJAN! | No |
| X | winsrv3 | services.exe | Added by the NAFBOT-A TROJAN! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Windows or Winnt folder | No |
| X | WinsSystem | syssmss.exe | Added by the DELF.IG TROJAN! | No |
| X | WinStabilizer | WinStabilizer.exe | Added by the AGOBOT-SW WORM! | No |
| X | WinStart | WinStart.exe | From IGetNet - turns the IE address bar into a keyword engine piped into IGetNet. In other words, with this installed, typing "car" in the IE address bar will point the browser to the Lexus web site. Foistware - installs components without your knowledge | No |
| X | WinStart | Wscript.exe WinStart.vbs | Added by the CIAN.C WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted. The "WinStart.vbs" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| X | WinStart | winstart32.exe | Added by the PUROL WORM! | No |
| X | WinStart | WinStart.pif | Added by the CONE.E WORM! | No |
| X | winstart | winstart.exe | Added by the SCKEYLO-AB TROJAN! | No |
| X | WinStart001 | WinStart001.exe | From IGetNet - turns the IE address bar into a keyword engine piped into IGetNet. In other words, with this installed, typing "car" in the IE address bar will point the browser to the Lexus web site. Foistware - installs components without your knowledge | No |
| X | WinStart001.EXE | WinStart001.exe | From IGetNet - turns the IE address bar into a keyword engine piped into IGetNet. In other words, with this installed, typing "car" in the IE address bar will point the browser to the Lexus web site. Foistware - installs components without your knowledge | No |
| X | winstats | winstats.exe | Added by the GARGAFX TROJAN! | No |
| X | Winsta~1 | winsta~1.exe | GoHip foistware | No |
| X | WinSth16 | WinSth16.exe | Added by the CAKE WORM! | No |
| X | winstro | RUN32DLL.exe | Added by the FTP_ANA TROJAN! | No |
| X | winsupdater | winsupdater.exe | Added by the ALCRA-F WORM! | No |
| X | winsupdatesysmngr64 | winsys64mnger.exe | Added by the RBOT-BAG WORM! | No |
| X | WinSvc16.exe | WinSvc16.exe | Added by the SDBOT.FQ TROJAN! | No |
| X | Winsvc32 | Winsvc32.exe | Homepage hijacker | No |
| X | winsvc32.exe | winsvc32.exe | Added by the GREPAGE TROJAN! | No |
| X | Winsvr | msupd******.exe [*= random digit] | Added by the INJECT.163 TROJAN! | No |
| X | Winsvr | [random filename].exe | Added by the ADCLICK-DK TROJAN! | No |
| X | Winsvr manager | DDEsvr.exe | Added by the TIRBOT-C WORM! | No |
| X | winsy32.exe | winsy32.exe | CoolWebSearch parasite variant | No |
| X | winsync | ******.exe reg_run [* = random char] | Added by a variant of the QOOLOGIC TROJAN! | No |
| U | Winsys | Winsys.exe | Win-Spy keyboard logger/monitoring software - remove unless you installed it yourself | No |
| X | WINSYS | [path to trojan] | Added by the GOLDPLAY TROJAN! | No |
| X | winsys | syschost.exe | Added by an unidentified TROJAN! | No |
| X | WinSys | winmgmt.com | Added by the VB.EIW WORM! | No |
| X | WinSys32 | Winsys32.exe | Added by the CIGIVIP TROJAN or RECKUS WORM! | No |
| X | winsys32 Driver | winsys32.exe | Added by the LOONY-O TROJAN! | No |
| U | WinSysAppMon | WinSysRM.exe | Home & Family Content Filter related. See here | No |
| X | winsysban | [path to trojan] | Added by the CLICKER-CD TROJAN! | No |
| X | winsyslog lptt01 | winsyslog.exe | RapidBlaster variant (in a "Winsyslog" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here | No |
| X | WinSysM | 371662M.exe | Added by the WINKO.AO WORM! | No |
| X | WinSysModule | [path to trojan] | Added by the AGENT-DIQ TROJAN! | No |
| X | WinSysStartUpWKbLw | TaskSystemDll.Exe | Added by the BACKZAT.G WORM! | No |
| X | WinSyst32 | winsyst32.exe | Added by the MORB WORM! | No |
| X | WinSystem | winsystem.exe | Added by the WHITEBAIT WORM! | No |
| U | WinSystem | WinSystems.exe | CMKeyLogger keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| X | WinSystems | winsystems16.exe | Added by the SDBOT-CZT WORM! | No |
| X | winsystems25 | winsystems.exe | Added by the RBOT-CNZ WORM! | No |
| X | winsysupd | [path to trojan] | Added by the STARTPA-NI TROJAN! | No |
| X | WinSysW | 371662L.exe | Added by the WINKO.AO WORM! | No |
| X | WINT | wcp****.exe [* = random char] | PurityScan/Clickspring adware | No |
| X | WINT | wcpcc.exe | PurityScan/Clickspring adware | No |
| X | WINT | wcpsvit.exe | PurityScan/Clickspring adware | No |
| X | WinTask | Wintask.exe | Added by the HIPO or LEMIR.F TROJANS! | No |
| X | WINTASK | taskgmr.exe | Added by the MYTOB.I WORM and variants! | No |
| X | WINTASK | taskgamr.exe | Added by the MYTOB.AU WORM! | No |
| X | WINTASK | sys32.exe | Added by the MYTOB.K WORM! | No |
| X | WINTASK | msmgrxp.exe | Added by the MYTOB.AQ WORM! | No |
| X | WINTASK | iexplorer.exe | Added by the MYTOB-CH WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) | No |
| X | WINTASK | taskgmr32.exe | Added by the MYTOB.BU WORM! | No |
| X | WINTASK | msvhost.exe | Added by the MYTOB-AR WORM! | No |
| X | WINTASK | t4skmgr.exe | Added by the MYTOB-AK WORM! | No |
| X | WINTASK | taskfile.exe | Added by the MYTOB.EF WORM! | No |
| X | WINTASK | taskgm.exe | Added by the MYTOB-AO WORM! | No |
| X | WINTASK | taskgmrs.exe | Added by the MYTOB.DH WORM! | No |
| X | WINTASK | yahooicons.exe | Added by the MYTOB-HM WORM! | No |
| X | WINTASK DLL | jusched32.exe | Added by the MYTOB.AI WORM! | No |
| X | WINTASK DLL32 | smsrss.exe | Added by the MYTOB.BS WORM! | No |
| X | WINTASK DLL32 | updatewin | Added by the MYTOB.NI WORM! | No |
| X | WinTask driver | wintask.exe | Added by the DLOADER-NA TROJAN! | No |
| X | WINTASK32 | taskgmr32.exe | Added by the MYTOB.BN WORM! | No |
| X | WINTASK32 | taskgmrr.exe | Added by the MYTOB.FX WORM! | No |
| X | wintask32 | Jwintask.com | Added by the NAFBOT-A WORM! | No |
| X | WINTASKMANAGER | taskgmr.exe | Added by the MYTOB-AF WORM! | No |
| X | WINTASKMGR | ccsrs.exe | Added by the MYTOB.Q WORM! | No |
| X | WINTASKS | taskgmr.exe | Added by the MYTOB.BO WORM! | No |
| X | WINTASKS | winxpro.exe | Added by the MYTOB.EZ WORM! | No |
| X | WinTasks DLL Library (32-bits) | winkll.exe | Added by the RBOT-AJZ WORM! | No |
| U | WinTasks Traybar | wintasks.exe | WinTasks - "Efficient Resource and Task Management is absolutely critical if you want to achieve the highest system performance levels possible. WinTasks 4 will not only help you achieve this task, but will actually make your system run faster and more smoothly than ever before" | No |
| X | wintasks.exe | wintasks.exe | Added by the EVAMAN WORM! | No |
| X | Wintbp.exe | wintbp.exe | Added by the ZOTOB.E WORM! | No |
| X | Wintbpx.exe | wintbpx.exe | Added by the ZOTOB.F WORM! | No |
| U | wintective | wintective.exe | Wintective logs keystrokes, captures screenshots, and monitors Internet activity. The gathered information can be sent to a predetermined email address. If you didn't install this yourself remove it | No |
| X | WintelUpdate | [path to trojan] | Added by the SMALL-EKW TROJAN! | No |
| X | winter | happy.exe | Added by the SDBOT-YF WORM! | No |
| N | Wintercooler Pro | WINCOOL.EXE | Wintercooler Pro - utility that monitors CPU usage, RAM consumption and Internet connection speed | No |
| X | winthelp | winthelp.exe | AdvancedCleaner misleading security software - not recommended, see here | No |
| N | WinTidy | WinTidy.exe | Desktop icon manager from PC Magazine (Ziff-Davis). Available via Start -> Programs | No |
| X | Wintime | Wintime.exe | Added by the HARNIG TROJAN! | No |
| U | WinTime | wintime.exe | WinTime - change desktop icons' color and font | No |
| N | Wintime Wtxpload | Wxpload.exe Wintime | Part of the software to support a Dexxa USB graphics tablet. From a visitor - "This gets started anyway when you plug in the USB connector for the graphics tablet, if it's not already running. It then starts an application which manages the tablet messages. Since I leave the tablet unplugged unless I need to use it, I don't need this running at startup. I suspect that this program monitors a number of windows messages, so that when it's loaded, my regular mouse slows down - it acts like it 'sticks' entering and leaving windows. Certainly my performance returned to what I expected when I removed this item using MSCONFIG" | No |
| X | WinTimer | msupdate.cmd | Hijacker - detected by Kaspersky as the STARTPAGE.TJ TROJAN! | No |
| X | Wintl | msdred.exe | Identified as a variant of the Trojan-Spy.Win32.Agent.cch malware | No |
| X | wintnask32.exe | wintnask32.exe | Added by the RBOT-AFP WORM! | No |
| X | wintnl.exe | wintnl.exe | Added by a variant of the ZOTOB.K WORM! | No |
| X | wintnpx.exe | wintnpx.exe | Added by the ZOTOB.H WORM! | No |
| X | WinTools | WToolsA.exe | Wintools adware | No |
| N | WinTOTAL Scheduler | guru.exe | WinTOTAL Real estate appraisal software related | No |
| X | WinTouch | WinTouch.exe | Detected by Kaspersky as the AGENT.BUO TROJAN! | No |
| X | WinTray | wintray.exe | Added by the LEGUARDIEN.B TROJAN! | No |
| X | wintsk32dll | wintsk32dll.exe | Added by the RBOT-AAJ WORM! | No |
| X | winudll.exe | winudll.exe | Added by the MITGLIE-CE TROJAN! | No |
| X | winui | z.exe | Added by the KONDELI TROJAN! | No |
| X | WinUp | svchost.exe | Added by the SILLY.BR WORM! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "4350" sub-folder | No |
| X | winupated.exe | winupated.exe | Added by a variant of the SDBOT WORM! | No |
| X | winupd | RUNDLL32.EXE [random value].dll, _mainRD | Added by the MOTA.A WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The random DLL file is found in the Windows or Winnt folder | No |
| X | winupd | winupd.exe | SearchNew adware | No |
| X | winupd.exe | winupd.exe | Added by the BEAGLE.M or BEAGLE.N WORMS! | No |
| X | WinUPD32 | explorer.exe | Added by an unidentified VIRUS, WORM or TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! | No |
| X | winupdat | winupdat.exe | Added by the CANBOT.A WORM! | No |
| X | WinUpdate | RBSKQQBO.EXE | Added by the VBSWG2B.A WORM! | No |
| X | WinUpdate | wmbem.exe | Added by the REVCUSS.B TROJAN! | No |
| X | WinUpdate | updsys.exe | Added by a variant of the RBOT WORM! | No |
| X | winupdate | winupdate.exe | Added by the ALCAN.B WORM! | No |
| X | WinUpdate | svhost.exe | Added by a variant of the SDBOT WORM! | No |
| X | WinUpdate | svchots.exe | Added by the SMALL.GXJ TROJAN! | No |
| X | winupdate | jusched.exe | Added by the DWNLDR-FUX TROJAN! Note that this is not the legitimate Sun Microsystems file (of the same name) which is usually located in %Program Files%\Java\version number\bin. This one is located in %Windir% | No |
| X | Winupdate Engine | wupeng.exe | MalwareCrush spyware remover - not recommended, see here | No |
| X | WinUpdate Loader | msnnm.exe | Added by the REVCUSS.C TROJAN! | No |
| X | winupdate.exe | winupdate.exe | Added by the RADO TROJAN! | No |
| X | winupdate.reg | winupdate.exe | Added by the SPYBOT.EAS WORM! | No |
| X | winupdate2846 | vbsystem35.exe msvbrun.exe | Added by a variant of the MUTIN-C TROJAN! | No |
| X | WinUpdateAdministrator | CSRSS.EXE | Added by the PUNYA-A WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in C:\Application Data\WINDOWS | No |
| X | WinUpdateB | breatle.exe | Added by the BRATLE.AWORM! | No |
| X | winupdateconn | [path to file] | Added by the COMBRA-A WORM! | No |
| X | winupdateconn_ | Explorer.EXE | Added by the COMBRA-B WORM! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System% | No |
| X | winupdatefiv_ | [path to file] | Added by the COMBRA.C WORM! | No |
| U | WinUpdateProtection | csrss.exe | EmployeeWatch is a commercial surveillance software program designed to monitor user activity on a computer. Note - this is not the same file as the csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a subfolder of C:\windowsupdate\ufp | No |
| X | WinUpdater | update.exe | Detected by Kaspersky as the STARTPAGE.C TROJAN! See here | No |
| X | winupdates | winupdates.exe | Added by the ALCRA-B WORM! | No |
| X | winupdate_ | [path to file] | Added by the COMDOR.A WORM! | No |
| X | WinUpdating | WinUpdating.exe | Added by the AGENT-GSC TROJAN! | No |
| X | WinUPDbc | winupdbc.exe | Added by the BANKER-DSN TROJAN! | No |
| X | WinUpdsv | winupdsv.exe | Added by the DROPO MACRO! | No |
| X | winupdt | RUNDLL32.EXE [random.dll] | Added by the MABUT.A WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The random DLL file is found in the Windows or Winnt folder | No |
| X | winupdtl | winupdtl.exe | SecondThought adware | No |
| X | WinUpgrader | [path to trojan] | Added by the AGENT-DZ TROJAN! | No |
| X | WinUPPD.exe | [random filename] | Added by an unidentified WORM/TROJAN! | No |
| X | winur | winrun.exe | Added by the WINUR.B WORM! | No |
| X | winusb.dll | winguard.exe | Added by the FORBOT-CN WORM! | No |
| X | WinUser32K | usr32wink.exe | Added by the HK TROJAN! | No |
| X | WinUsr | WinUsr.exe K1S2 | Added by the CLUNK.A WORM! | No |
| U | WinUtilities Memory Optimizer | ToolMemoryOptimizer.exe | "WinUtilities Memory Optimizer optimizes the memory management of your system and boost-up its performance amazingly!" MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mind | No |
| X | Winux Piriax Service | PH32.EXE | Added by the RANDEX.G WORM! | No |
| X | winversion | winversion.exe | Browser hijacker, redirecting to specificsearches.com | No |
| U | WinVNC | WinVNC.exe | WinVNC is an application that allows you to remote control your PC from another PC somewhere on the internet. Now superseded by RealVNC | No |
| X | WinVNC | iexplorer.exe | Added by the EVIVINC BACKDOOR! Note - this is not the legitimate Internet Explorer (iexplore.exe) | No |
| X | winvxd32 | winvxd32.exe | Added by the GABLOLIZ.A WORM! | No |
| X | winwan lptt01 | winwan.exe | RapidBlaster variant (in a "Winwan" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here | No |
| X | winwan ml097e | winwan.exe | RapidBlaster variant (in a "Winwan" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here | No |
| X | WinwebSecurity | WinwebSecurity.exe | Winweb Security rogue security software - not recommended, removal instructions here | No |
| X | winword | winword.exe | Added by the TORPID-C TROJAN! | No |
| X | WINWORD.exe | WINWORD.exe | Added by the DRIVUS TROJAN! Note - this is not the legitimate MS Word process of the same name, which is always located in the Program Files folder. This one is found in System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! | No |
| X | WinWorks | vstmgr.exe | Added by the AGOBOT.ACJ WORM! | No |
| X | winwsl.exe | winwsl.exe | Added by the ZOTOB-J WORM! | No |
| X | WinXDefender | WinXDefender.exe | WinXDefender rogue spyware remover - not recommended, see here | No |
| X | WinxDiagUpdate | WinxDiagUpdate | Detected by Kaspersky as the RBOT.BWQ TROJAN! See here | No |
| X | winXP | 33.exe | Added by the ANPES WORM! | No |
| X | WinXP | plugin1.exe | Added by the Downloader-JW TROJAN! | No |
| X | WinXP | csrss.exe | Added by the BANCOS-AG TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %ProgramFiles%\WinXP\Tools | No |
| X | winxp | winxp.exe | Added by the BRONTOK-DN WORM! | No |
| X | WinXP fix | [path to file] | Added by the RANKY.P TROJAN! | No |
| X | WinXP Processor Generator v1.2 | intspnsr32.exe | Added by the SDBOT.LP WORM! | No |
| X | Winxp update | Cappp.exe | Added by the RBOT.DKO WORM! | No |
| X | WinXp Updater | winxp32.exe | Added by the RBOT-HG WORM! | No |
| X | WinXP-98 | CSRSS.exe | Added by the BANKER-DS TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %ProgramFiles%\WinXP-98\Tools | No |
| X | winxpdll32.exe | winxpdll32.exe | Added by a variant of the SMALL downloader TROJAN! | No |
| X | WinXPHome | plugin2.exe | Added by the malicious INOR.T SCRIPT! | No |
| U | WinXPLoad | Rundll32 LoadDll, LoadExe WinXPLoad.exe | Compaq hotkey related - required if you use the hotkeys | No |
| X | WinXProtector | WinXProtector.exe | WinXProtector rogue security software - not recommended, see here | No |
| X | WinXPService | Tskdbg.exe | Added by the MDROP-BPQ TROJAN! | No |
| X | WinXPService | lsass.exe | Added by the ZAPCHAS-AS TROJAN! Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "Lavan" subfolder | No |
| X | WinXPService | taksmgr.exe | Identified as a variant of the IRC/Flood.tool malware | No |
| X | WinXPService | Tskdbg.exe | Added by the MDROP-BPQ TROJAN! | No |
| X | WinXPService | ctfmon.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| X | WinXPService | mirc.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | WinXPService | nero.exe | Detected by Trend Micro as the IRCFLOOD.AG BACKDOOR! See here. Note - this is not the Ahead Softwares Nero CD/DVD burning software which is normally located in %ProgramFiles%\Ahead\Nero. This file is found in %System% | No |
| X | WinXPService | taksmgr.exe | Detected by Trend Micro as the KIRSUN.A BACKDOOR! See here. This file is located in %System% | No |
| X | WinXPService | taksmgr.exe | Detected by Trend Micro as the KIRSUN.A BACKDOOR! See here. This one is located in the root directory, i.e., C:\ | No |
| X | WinXPService | wacult.exe | Detected by Trend Micro as the KIRSUN.A BACKDOOR! See here. This file is located in %Windir%\Fonts | No |
| X | WinXPService | wacult.exe | Detected by Trend Micro as the KIRSUN.A BACKDOOR! See here. This file is located in %System%\mnut | No |
| X | WinXpUpdate32 | WinXpUpdate32.exe | Added by the AGENT.YWL WORM! | No |
| X | winxpusbd | winxp64.exe | Added by a variant of the RBOT WORM! | No |
| X | winystems25 | winystems.exe | Added by a variant of the SDBOT WORM! | No |
| X | Winz Firewall | [random filename].exe | Added by a variant of the SDBOT WORM! | No |
| X | WinZap Check | winzbp.exe | Added by the RBOT-AWZ WORM! | No |
| X | winzip | [path to trojan] | Added by the BANCOS.G or BANCOS.K TROJANS! Note - this is not part of the popular WinZip file compression utility | No |
| X | Winzip | [various filenames] | Added by the LERPA-A WORM! Note - the file name will be one of the following common.exe, common.pif, common.scr, Sexo.exe, Sexo.jpg.pif, ini_file__.pif, load_me__.tmp, msfile.pif, system_load_.pif or zipped.rar.pif | No |
| X | winzip | winzip.exe | Added by the RBOT.BDAWORM! Note - this is not part of the popular WinZip file compression utility | No |
| X | Winzip Application | winzip81.exe | Added by the RBOT-BKZ WORM! | No |
| N | WinZip Quick Pick | WZQKPICK.EXE | Added with WinZip version 8.1. "The new WinZip Quick Pick taskbar tray icon gives you instant access to WinZip and your Zip files. Just left click the icon to open WinZip, or right click it to instantly reopen recently used Zip files, access your Favorite Zip Folders, open WinZip Help, or start WinZip itself.". You can right-click and close it - choosing to not re-load it at start-up | No |
| X | WinZip Update | WinZip.exe | Added by a variant of the RBOT WORM! Note - this is not part of the popular WinZip file compression utility | No |
| X | WinZix Service | wakeservice.exe | WinZix adware | No |
| X | winzSystam | xly.exe | Added by a variant of the SDBOT WORM! | No |
| X | Win_api_driver | system.exe | Added by the REVIRD TROJAN! | No |
| X | Win_BooT | [path to file] | Added by the BANKER-GI TROJAN! | No |
| X | WIN_DRIVR32 | shchostv.exe | Added by a TROJAN - see here | No |
| X | win_drivr32 | zxhstn.exe | Added by the SMALL.CXO TROJAN! | No |
| X | Win_Library | INISvc.exe | Added by the ANARCH WORM! | No |
| X | win_spool2 | win_spool2.exe | Added by the SCKEYLOG.B TROJAN! | No |
| X | win_supp00.exe | Win Const.exe | Added by the ASSASIN-H TROJAN! | No |
| X | win_upd.exe | WINdirect.exe | Added by the MITGLIEDER.M TROJAN! | No |
| X | win_upd2.exe | WINdirect.exe | Added by the BEAGLE.AO WORM! | No |
| X | Win_vader | Win_vader.vbs | Added by the INVASION.A VIRUS! | No |
| X | WIP Config GUI | Winipcfgs.exe | Added by the RBOT-CN WORM! | No |
| U | Wireless Connection Manager | wirelesscm.exe | Wireless adapter configuration utility for D-Link's range | No |
| N | Wireless Console | wcourier.exe | ASUS Wireless Console - installed alongside ASUS wireless components and provides additional configuration options for these devices | No |
| U | Wireless PCI Card Configuration Utility | WMP11Cfg.exe | Utility used by the LINKSYS wireless PCI card (WMP11) and indicates when a wireless access connection is made by a screen colour change. Also used for configuration | No |
| X | Wireless Provider Server | wpsvr.exe | Added by the FORBOT-AD WORM! | No |
| U | Wireless Switching Setting Utility | Switcher.exe | On a Sony laptop with built in wireless it allows the user to select which wireless services they want to run (i.e. Wireless LAN, Bluetooth, both) when turning the wireless switch on if disabled) | No |
| Y | Wireless-G Notebook Adapter | Gcc.exe | LinkSys Wireless-G Notebook Adapter driver | No |
| U | Wireless-G Notebook Adapter Utility | WPC54CFG.EXE | Utility used by the LINKSYS Wireless-G Notebook Adapter (WPC54G) | No |
| U | WireLessKeyboard | PS2USBKbdDrv.exe | Related to WireLess Keyboard Multimedia Combo Set by SANSUN Industries | No |
| U | WireLessMouse | StartAutorun.exe MouseDrv.exe | Related to WireLess Mouse Multimedia Combo Set by SANSUN Industries | No |
| X | wise | clockwise.exe | Added by the LAZAR-A TROJAN! | No |
| X | WIZZ | dazzler.exe | Detected by Kaspersky as the DIALER.IS TROJAN! | No |
| N | wjview | wjview.exe | MS tool used to view window-based Java applications from the command line | No |
| N | wkcalrem | wkcalrem.exe | Produces a pop-up reminder of events scheduled using the MS Works Calendar | No |
| N | WkDetect | WkDetect.exe | Checks for updates to MS Works | No |
| N | wkfud | wkfud.exe | A marketing program for MS Works | No |
| N | WksSb | WksSb.exe | The Works Portfolio tool lets you collect and organize text and pictures from the Web or your favorite program. The Works Portfolio provides a location where you can store items you want to later put into a document or other file | No |
| X | WksSVC | EXPLORER.exe | Added by the MYTOB-BW WORM! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System% | No |
| N | WkUFind | WkUFind.exe | MS Works Update Detection. MS Picture It! (versions 7 to current) use this automatic update feature during the log on process. It can also cause your system to automatically dial into your ISP as it tries to access the internet, if you have your system set to automatically dial when the internet is invoked. To manually update, go to Microsoft's Office/Works update site. You can also turn of the automatic update feature within Picture It! - see here | No |
| X | Wkyo86 | [path to worm] | Added by the PITIN-A WORM! | No |
| X | Wlan Drier | Winusb2.exe | Added by the WOOTBOT.DC WORM! | No |
| X | Wlan Driver | avscan.exe | Added by the WOOTBOT.DH WORM! | No |
| U | WLAN Manager | WLANManager.exe | Wireless management utility for the T-Com Speedport W 100 Card WLAN PCMCIA card | No |
| N | WLAN Status Tray Applet | WLANSTA.EXE | System Tray icon for checking the status of a Wireless LAN | No |
| U | wlancfg | wlancfg.exe | Inventel wireless router related - required in order to automatically connect to the Net at bootup | No |
| Y | wlancfg5 | wlancfg5.exe | NetGear WG311v3 wireless PCI adapter driver - required in order to automatically connect to the wireless router/gateway at bootup. Note - may not install correctly on Windows9x/ME computers which have Slipstream accelerator installed. Uninstall Slipstream first, disabling slipcore and slipgui are insufficient | No |
| N | WLANSTA.EXE | WLANSTA.EXE | System Tray icon for checking the status of a Wireless LAN | No |
| Y | WLAN_Cfg.exe | WLAN_Cfg.exe | Linksys Instant Wireless USB Network Adapter driver | No |
| X | wlinles | svchost.exe | Added by the LIJI-A WORM! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the "spool" sub-folder | No |
| X | wlm | [path to trojan] | Added by the BANCOS-BCY TROJAN! | No |
| X | wlsass | wlsass.exe | Added by the RANKY.CY TROJAN! | No |
| N | wltray | wltray.exe | System tray access to wireless LAN card configuration options | No |
| X | WLWin | WINSYS.EXE | Added by the NAVER.A WORM! | No |
| N | WM VCR | WMVCR.exe | WM Recorder allows you to record Windows Media(tm) streaming Video or Audio content. Can be accessed via Start Menu -> Programs | No |
| Y | Wm24Pan | Wm24Pan.Exe | ESI external sound card driver | No |
| X | wm41a398 | rundll32.exe wm41a398.dll, EnableRunDLL32 | LZIO.com adware downloader. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "wm41a398.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| X | WMAudio | services.exe | Added by the NEVEG.B or NEVEG.C WORMS! Note - this is not the legitimate services.exe process, which should not appear in Msconfig/Startup! | No |
| X | WMAudio | winlogon.exe | Added by the NEVEG.A WORM! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup! | No |
| N | WMBoot | N/A | Associated with Logitech Wingman game controllers. Not required but what does it do? | No |
| X | wmcbaaca | rundll32.exe wmcbaaca.dll, EnableRunDLL32 | LZIO.com adware downloader. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "wmcbaaca.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| N | WMC_RebootCheck | unregmp2.exe | Corrects problems with installations of Windows Media Player from version 9 onwards - see here and search for "unregmp2.exe" | No |
| X | WMDM PMSP Service | cssrss.exe | Added by the KNOCKIT-A TROJAN! | No |
| X | WMedia32 | wmedia32.exe | Added by the BANGER TROJAN! | No |
| X | WMI Application Interface | wmiapi.exe | Added by the SPYBOT.RBY WORM! | No |
| X | WMI Performance Adapter Services | wmiapsrvs.exe | Detected by Kaspersky as the RBOT.COU WORM! See here | No |
| X | WMI Standard Event Consumer - Scripting | scrcons32.exe | Added by the RBOT-GRD WORM! | No |
| U | WMIEXE.exe | wmiexe.exe | NT component, used by Windows Millennium to detect Plug and Play-compliant IEEE 1394 devices during the startup process. Since this is important for the computer to work properly if you have these, Windows Millennium protects wmiexe.exe and will restore the file even if it's deleted or renamed | No |
| X | Wminf | Wminf.exe | Added by the GEMA TROJAN! | No |
| X | Wminfo | Wminfo.exe | Added by the GEMA TROJAN! | No |
| X | wmiprv | wmiprv.exe | Added by the RBOT-WM WORM! | No |
| X | wmisrv | wmisrv.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | wmon | jusched.exe | Added by the AGOBOT-OW WORM! Note that this is not the legitimate Sun Microsystems file (of the same name) which is usually located in %Program Files%\Java\version number\bin. This one is located in %System% | No |
| X | WMP Auto Update | WINMEDUP.EXE | Added by the RBOT.CF WORM! | No |
| Y | WMP54Gv4 | WMP54Gv4.exe | Linksys WMP54Gv4 wireless PCI adapter driver - required in order to automatically connect to the wireless router/gateway at bootup. Note - may not install correctly on Windows9x/ME computers which have Slipstream accelerator installed. Uninstall Slipstream first, disabling slipcore and slipgui are insufficient | No |
| X | wmplayer | vergon1885.exe | Added by the BRONTOK-DG WORM! | No |
| X | wmplayer.exe | wmplayer.exe | Added by the BANCBAN-CZ TROJAN! | No |
| U | wmpnscfg | wmpnscfg.exe | "Microsoft Windows uses wmpnscfg.exe to alert users when media rendering devices are found on the network. Wmpnscfg starts the Windows Media Player Network Sharing Service (NSS) and then waits for notifications from the service. When wmpnscfg is notified that a new media device is available on the network, it displays a popup in the system tray that informs the user about the availability of the new device. If the user clicks the popup, wmpnscfg launches Windows Media Player, which displays a dialog box that asks the user to either allow or deny sharing with the new device." - see here | No |
| X | wms3 | wms3.exe | Added by the LEGMIR-AQG TROJAN! | No |
| X | WMSDOS-ServicePack2 | cmd.exe /c C:\WMSDOS.sys | Detected by Bitdefender as the DELF.OFC TROJAN! See here. Note that cmd.exe is a legitimate Microsoft file normally located in %System% and shouldn't be deleted | No |
| X | wmsys32 | wmsys32.exe | Added by the BANPAES.B TROJAN! | No |
| U | WMUAgent.exe | WMUAgent.exe | "WakeMeUp! is an advanced alarm clock for computers with Windows 2000, XP or Server 2003" | No |
| X | wmv | winmonv.exe | Added by the AGENT-DG TROJAN! | No |
| ? | WM_LOGIN | MSGLOGIN.EXE | Part of McAfee Firewall. What is it for and is it needed? | No |
| X | WN Services | wnsvc.exe | Added by the KBBOT-A TROJAN! | No |
| X | WNAD | WNAD.EXE | Spyware added as a result of running a program called "Yo Mama Osama" (osama.exe). See here for more and how to get rid of it. There are other ways this can show up on your system, and it will manifest itself by periodically opening a new browser window with advertising for copy DVD software and the like | No |
| X | wnddrv | svchost.exe | Added by an unidentified TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in the Winnt or Windows folder | No |
| X | WNILOGON | WNILOGON.exe | Added by the LEWOR-M TROJAN! | No |
| X | WNSC | wns*****.exe [* = random char] | PurityScan/Clickspring adware | No |
| X | Wnsck2 driver | wlogf.exe | Added by the SPYBOT-AF WORM! | No |
| X | WNSI | wnscp**.exe [* = random char] | PurityScan/Clickspring adware | No |
| X | WNSO | WNSO.exe | Baidu.SoBar adware | No |
| X | WNST | wns*****.exe [* = random char] | PurityScan/Clickspring adware | No |
| X | wntlgns | wntlgns.exe | CoolWebSearch parasite variant | No |
| X | wnxpupdate | spvspool.exe | Added by the DABORA.B WORM! | No |
| X | wnxupdate | updatexp.exe | Added by the COMBRA-G WORM! | No |
| X | won update | WAPDATE.EXE | Added by the RBOT.N WORM! | No |
| U | WonderFrog | WonderFrog.exe | Wonder Frog typing monitor | No |
| N | WooCnxMon | CnxMon.exe | Wanadoo ISP software related - not required - here's how to bypass it | No |
| X | Woods Inc | wcmd.exe | Added by the KILLFIL-O TROJAN! | No |
| ? | WOOKIT | GestMaj.exe EspaceWanadoo.exe | Wanadoo broadband ISP (now rebranded as Orange) related. What does it do and is it required? | No |
| ? | WOOKIT | Shell.exe appLaunchClientZone.shl | Related to the Wanadoo broadband ISP (now rebranded as Orange). What does it do and is it required? | No |
| X | woopie | winamp.exe | Added by the AGOBOT.XV WORM! Note - this is NOT the popular Winamp media player | No |
| N | WOOTASKBARICON | GestMaj.exe TaskbarIcon.exe | Wanadoo broadband ISP (now rebranded as Orange) taskbar icon - not required | No |
| N | Woowatch | Watch.exe | Wanadoo broadband ISP (now rebranded as Orange) related - not required | No |
| X | word pair | bopotsvr.exe | Added by the SHED-A TROJAN! | No |
| N | WordPerfect Office 1215 | Registration.exe | Corel WordPerfect Office 12 registration wizard | No |
| Y | WordQ carat flag | WordQcrs.exe | Related to WordQ Writing Aid Software | No |
| X | Words | Words.exe | Added by the AGENT.GIT TROJAN! | No |
| N | WordWeb | wweb32.exe | WordWeb - free theasaurus and dictionary. Start manually | No |
| N | WordWeb Pro | wweb32.exe | WordWeb Pro - theasaurus and dictionary. Start manually | No |
| ? | Workflo | workflow.exe | Related to BroadJump Client Foundation - broadband troubleshooting software installed by various companies. Is it required? | No |
| X | Working System Analyzer | syswork.exe | Added by the FORBOT-FZ WORM! | No |
| X | worknote1 | [filename].exe | Added by the MEETOT WORM! | No |
| U | WorkPace 3.0 | workpace.exe | WorkPace - stress injury prevention software | No |
| N | Works Calendar Reminder | wkcalrem.exe | Produces a pop-up reminder of events scheduled using the MS Works Calendar | No |
| N | WorksFUD | wkfud.exe | A marketing program for MS Works | No |
| U | Workstation Scheduler | wm95.exe | Desktop Management Scheduler. Part of Novell's Netware Client. Schedueles NDS events. If events have been schedueled, it is required, otherwise, it is useless and a memory hog | No |
| X | Workstation Services | wrkstn.exe | Added by the RBOT-OJ WORM! | No |
| X | Workstation Ver 5.0 | vmware.exe | Added by the RBOT-AHB WORM! | No |
| X | WorldAntiSpy | worldantispy.exe | WorldAntiSpy rogue spyware remover - not recommended, see here | No |
| U | WorldTime.exe | WorldTime.exe | Part of AnyTime Organizer Deluxe from Individual Software Inc - "Check the time anywhere in the world and know when to communicate. Place up to twelve clocks on your desktop" | No |
| U | Worm Detector | wd.exe | Worm Detector - antivirus add-on for Outlook 2K or XP for handling worms and spam | No |
| X | wormexe | winstart.exe | Added by the EARLYBIRD WORM! | No |
| X | Worms | logon.bat | Added by the DELMP3-A WORM! | No |
| X | wovax | wovax.exe | Added by the DAQA.A TROJAN! | No |
| X | wow | bar.exe | PurityScan/Clickspring adware | No |
| X | wow | wwf.exe | Added by the LINEAGE-Y TROJAN! | No |
| X | wow | Launcher.exe | Added by the DELF-DOR TROJAN! | No |
| X | wow | gewow.exe | Added by the WOWPWS-KA TROJAN! | No |
| N | Wpctrl | wpctrlnt.exe | WinPortrait plug-in for PivotPro from Portrait Studios - allows a screen to be rotated to match rotated LCD screens, for example). Shortcut available via Display Properties | No |
| N | Wpctrl | wpctrl95.exe | WinPortrait plug-in for PivotPro from Portrait Studios - allows a screen to be rotated to match rotated LCD screens, for example). Shortcut available via Display Properties | No |
| N | wpctrl95 | wpctrlnt.exe | WinPortrait plug-in for PivotPro from Portrait Studios - allows a screen to be rotated to match rotated LCD screens, for example). Shortcut available via Display Properties | No |
| N | wpctrl95 | wpctrl95.exe | WinPortrait plug-in for PivotPro from Portrait Studios - allows a screen to be rotated to match rotated LCD screens, for example). Shortcut available via Display Properties | No |
| Y | WPCUMI | WpcUmi.exe | Windows Vista Parental Control Notifications from Microsoft Corporation | No |
| Y | WPCycle.exe | WpCycleWin.exe | Added when selecting Mplayer2 to open media files. Forces other codes to Wait for Previous instructions to end, preventing instability of your CPU (freezing) | No |
| X | wpds.exe | doriot.exe | Added by the SMALL-KY TROJAN! | No |
| X | wpds.exe | wwnrot.exe | Added by the BAGLEDI-B TROJAN! | No |
| X | WPlayer | WPlayer.exe | Identified as a variant of the LDPinch.A malware | No |
| X | WPSVC Services | wpnsc.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| X | wpwmgrs | wpwmgrs.exe | Added by the MYTOB-DH WORM! | No |
| X | wpxmls | [random filename] | Added by a variant of the SLAPER TROJAN! | No |
| X | WQK | WQK.exe | Added by the KLEZ.H WORM! | No |
| ? | wr | WR.EXE | ?? | No |
| ? | WR Command | wr.exe | ?? | No |
| X | wrclib | rundll32.exe wrclib.dll,start | Added by the AKBOT-AH WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "wrclib.dll" file is found in %System% | No |
| N | WrCtrl | WrCtrl.exe | Win-Route 4.27 NAT engine on Win2k Pro for connection sharing and security using Win-Route by Tiny Software. A connection sharing/Firewall Application. If service is disabled the program does not work, but you can manually start/stop the service with a shortcut the program installs at any time | No |
| X | WRDialer | WrDialer.exe | WinPoet DSL dialler | No |
| ? | WRECK GUARD | ?? | ?? | No |
| ? | WregBios | wregbios.exe | Desktop Management BIOS (DMI BIOS) related. Apparently invokes the DosBios.exe file. Is it required? | No |
| U | wrexec | wrexec.exe | Watch Right - monitoring program, part of the PowerTools add-on for AOL. Records instant messages, E-mail, chat. Watch Right appears to be, and functions as an online clock updater which connects with the U.S. National Institute of Standards and Technology. It was designed for parents who wish to keep an eye on what their children are doing online | No |
| ? | wriste | wriste.exe | ?? | No |
| U | Write DVD-R! | saimon.exe | Saimon's WriteDVD! "gives total support for DVD-RAM drives. It provides many functions such as setting partitions on DVD-RAM disks and FixDVD! can diagnose and repair UDF formatted disks" | No |
| U | WrtMon.exe | WrtMon.exe | Related to Presto PageManager which is bundled with Canon Scanners | No |
| X | ws2 32 | svchst.exe | Added by the VOKEN-A TROJAN! | No |
| X | ws2help | ws2help.exe | Added by a variant of the SMALL.AN TROJAN! | No |
| X | ws2_64.exe | ws2_64.exe | Added by the AGENT.AOXK TROJAN! | No |
| X | WSAConfiguration | wmon32.exe | Added by the GAOBOT.BAJ WORM! | No |
| X | WSAConfiguration | svchostt.exe | Added by the AGOBOT.ZT WORM! | No |
| X | WSAConfiguration | rpcxmn32.exe | Added by the AGOBOT.ABG WORM! | No |
| X | WSAConfiguration | win32upd.exe | Added by a variant of the RBOT WORM! | No |
| X | WSAConfiguration | drrss.exe | Added by a variant of the AGOBOT/GAOBOT WORM! | No |
| X | WSAConfiguration | winlogon32.exe | Added by the AGOBOT-WC WORM! | No |
| X | WSAConfiguration | ntguard32.exe | Added by a variant of the AGOBOT/GAOBOT WORM! | No |
| X | WSAConfiguration | csrsvcs.exe | Added by the AGOBOT.VI WORM! | No |
| X | WSAConfiguration | winmx32.exe | Added by the AOGBOT-JE WORM! | No |
| X | WSAConfiguration | kernel32.exe | Added by the AOGBOT-KV WORM! | No |
| X | WSAConfiguration | winmon32.exe | Added by the AGOBOT.TM WORM! | No |
| X | WSAConfiguration1 | csass.exe | Added by the AGOBOT.WH WORM! | No |
| X | wsass32 | wsass32.exe | Added by the BANKEM-V TROJAN! | No |
| ? | wsbklite | wsbklite.exe | Related to the Acer Soft Button on Acer Tablet PCs. Appears to do nothing so is it required? | No |
| U | WScheduler | WScheduler.exe | Windows Scheduler - "schedule unattended running of applications, batch files, scripts and much more. Also, you can schedule popup reminders so you'll never forget reminders, tasks and other events." | No |
| X | wscmgr | wscmgr.exe | Added by the AUTORUN-AA WORM! | No |
| X | wscnfty | wscnfty.exe | Added by a variant of the RBOT WORM! | No |
| X | wscntfys | wsscntfy.exe | Added by the SDBOT-TN WORM! | No |
| X | wscript.exe | vabian.vbs | Added by the VABI VIRUS! | No |
| X | wscsvc.exe | wscsvc.exe | Added by a password stealing BANKER TROJAN! | No |
| X | wsctf.exe | wsctf.exe | Added by the JAMPORK.E WORM! | No |
| X | Wsdata service | WSconf.exe | Added by the SDBOT.ZU WORM! | No |
| X | wserv | wserv.exe | Added by a variant of the SDBOT WORM! | No |
| X | wserver | wserver.exe | Added by the NETSKY.AC or SASSER.G WORMS! | No |
| U | WService | WService.exe | Tablet client Driver for UC-Logic Pen/Graphics Tablet | No |
| U | wsg32 | wsg32.exe | GoldenKeylog keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| U | wskrnl | wskrnl.exe | ActMon surveillance software. Uninstall this software unless you put it there yourself | No |
| X | wsock32 | svchost.exe | Added by the HORST-A WORM! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in the Winnt or Windows folder | No |
| X | WSockDrv32 | WSockDrv32.exe | Added by the WINKO.AO WORM! | No |
| X | wsrv32 | wsrv32.exe | Detected by Kaspersky as the AGENT.EP TROJAN! | No |
| X | WSSAConfiguration | wmmon32.exe | Added by the AGOBOT-KC WORM! | No |
| U | wssys | wssys.exe | WebPI logs keystrokes and captures screenshots. If you didn't install this yourself remove it | No |
| X | Wstat32 driver | Wstat32.exe | Added by the LOONBOT TROJAN! | No |
| Y | wstimeb | wstimeb.exe | Used with NEC printers. You can disable it before printing but it re-loads itself when printing so you may as well leave it | No |
| X | wsttrs | wsttrs.exe | Added by the LDPINCH-QS TROJAN! | No |
| X | wsvbs | wsvbs.exe | Added by the PWS-AEB TROJAN! | No |
| U | WSVCS | SERVICES.EXE | WSLogger keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| Y | wswpd | wswpd.exe | Used with some models of Panasonic, Epson and NEC printers. Some older drivers known to have a "memory leak". Needed for printing to work | No |
| U | wsys.exe | wsys.exe | SpyloPCMonitor is a surviellance software program that monitors user activity, logs keystrokes, and takes screenshots. It ends the processes of anti-spyware programs. If you didn't install this yourself remove it | No |
| X | ws_d | ws32.exe | Added by the LEGMIR-RL TROJAN! | No |
| N | WT Game Channel | GameChannel.exe | WildTangent GameChannel - notification of new games, quick access to games and fast and easy game downloads. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case | No |
| N | WT Game Channel | wtgamechannel.exe | WildTangent GameChannel - notification of new games, quick access to games and fast and easy game downloads. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case | No |
| N | WT GameChannel | GameChannel.exe | WildTangent GameChannel - notification of new games, quick access to games and fast and easy game downloads. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case | No |
| N | WT GameChannel | wtgamechannel.exe | WildTangent GameChannel - notification of new games, quick access to games and fast and easy game downloads. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case | No |
| X | WTF Test | wtftest.exe | Added by the RBOT-ACM WORM! | No |
| U | WTIndicator | SchedInd.exe | WinTask - software that automates a variety of routine tasks quickly and simply | No |
| X | WTSI | wapisvit.exe | PurityScan/Clickspring adware | No |
| X | WTSS | wap***.exe [* = random char] | PurityScan/Clickspring adware | No |
| X | WTST | wapisvtr.exe | PurityScan/Clickspring adware | No |
| Y | WU713STA.EXE | WU713STA.EXE | Blitzz Technology wireless NIC adapter driver | No |
| X | wuanguard | wuanguard32.exe | Added by the RBOT-AAF WORM! | No |
| X | WudfSvc | WudfSvc.exe | Added by the SHEUR.BBB TROJAN! | No |
| Y | WUOLService | WUOLService9x.exe | Remote wakeup status agent. Part of Novell's ZenWorks. Processes Wake-up on LAN requests (turn on a computer remotely on LAN) | No |
| X | wuosdial | wuosdial.exe | Added by a variant of the RBOT WORM! | No |
| X | WUPD | iglmtray.exe | Added by the TZET WORM! | No |
| X | wupd | symcsvc.exe | Added by the ABWIZ.C TROJAN! | No |
| X | wupd | win32.exe | Added by the ORSE-C TROJAN! | No |
| X | wupdate | wisvccz.exe | Added by the ORSE-B TROJAN! | No |
| X | wupdate | wi32.exe | Detected by Panda as Trustbid spyware | No |
| X | WUpdate | 1037v.exe | Added by the CLAGGER-AR TROJAN! | No |
| X | Wupdate driver | [various filenames] | Added by a variant of the SPYBOT WORM! | No |
| X | WUpdates | WUpdates.exe | Added by the SWEPDAT TROJAN! | No |
| X | Wupdm32 | Wupdm32.exe | Added by the MIDLAK WORM! | No |
| X | wupdmgr32.exe | wupdmgr32.exe | Added by the CERTIF-I TROJAN! | No |
| X | wupdt | wupdt.exe | Added by the IMISERV.A TROJAN! | No |
| X | Wupftp | wupftp.exe | Added by the AGOBOT.AKV WORM! | No |
| X | wupipenimi | Rundll32.exe jinorije.dll,s | Detected by Microsoft as the VUNDO.JC TROJAN! See here. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "jinorije.dll" file is found in %System% | No |
| X | wupipenimi | Rundll32.exe luyenofe.dll,s | Detected by Microsoft as the VUNDO.JD TROJAN! See here. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "luyenofe.dll" file is found in %System% | No |
| X | wupipenimi | Rundll32.exe poyimimu.dll,s | Detected by Microsoft as the VUNDO.JD TROJAN! See here. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "poyimimu.dll" file is found in %System% | No |
| X | wupipenimi | Rundll32.exe siremase.dll,s | Detected by Microsoft as a variant of the AGENT TROJAN! See here. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "siremase.dll" file is found in %System% | No |
| X | wupipenimi | Rundll32.exe tamuyiko.dll,s | Added by an unidentified VIRUS, WORM or TROJAN! See here. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "tamuyiko.dll" file is found in %System% | No |
| Y | WUSB11B.exe | WUSB11B.exe | Linksys WUSB11 WLAN USB adapter | No |
| Y | WUSB54GS | InvokeSvc3.exe | Wireless-G USB Wireless Network Adapter related - would appear to be required | No |
| Y | WUSB54Gv2 | InvokeSvc3.exe | Wireless-G USB Wireless Network Adapter related - would appear to be required | No |
| Y | WUSB54Gv4 | WUSB54Gv4.exe | Wireless-G USB Wireless Network Adapter related - would appear to be required | No |
| X | wuviewer | wuviewer.exe | Added by a Proxy Trojan variant | No |
| ? | WUx_RegSvr | RegSvr32.exe | x is any number?? | No |
| X | WWKS | wsass.exe | Added by the SDBOT-BT WORM! | No |
| X | www.hidro.4t.com | enbiei.exe | Added by the BLASTER.F WORM! | No |
| X | www.symantec.com | oz11111.exe | Added by the MYDOOM.W WORM | No |
| X | WXcmeinst | [path to file] | Added by the RANCK-CD TROJAN! | No |
| X | Wxp4 | Norton Update.exe | Added by the ERKEZ.D WORM! | No |
| N | WXProcMgr Module | WXprocMgr.exe | TVTonic from Wavexpress - "enjoy 3 full-screen, DVD-quality video channels for FREE". Allows data content to be downloaded and synchronized on your system | No |
| U | WZCBDLService | WZCBDL9X.exe | WZCBDLService Launcher from D-Link - configuration/drivers | No |
| X | wzdmg | wzdmg.exe | Added by a generic downloader TROJAN - see here | No |
| X | wzhelper | wzhelper.exe | Searchcentrix hijacker | No |
| X | wzservice | hess.exe | Added by the HACKARMY.W TROJAN! | No |
| U | X Server | X.exe | "XoftWare for Windows" enables you to run network-based UNIX programs ("X programs" or "clients") side-by-side with Windows applications on your personal computer. You can also share programs and computing resources with host computers connected to your PC over a network | No |
| U | X-Cleaner Deluxe | xcleaner.exe | X-Cleaner Deluxe - privacy and anti-spy application | No |
| U | X-Cleaner Freeware | XCLEAN~1.EXE | X-Cleaner Freeware - "cookie cleaning, Internet cache cleaning, scans for many popular spy software packages and performs permanent file shredding" | No |
| N | X-Grabber | sswizard.exe | ScreenShot Wizard | No |
| U | X1 | X1.exe | Part of X1's Enterprise Desktop Search Resource Center. An enterprise desktop search engine | No |
| U | X1 System Tray | X1Systray.exe | Part of X1's Enterprise Desktop Search Resource Center. An enterprise desktop search engine | No |
| U | X10 Device Network Service | x10nets.exe | Belongs to X10 video streaming device(s) | No |
| X | X10Weax | WTHRTRAY.EXE | WeatherCheck - "bring the latest local weather to your desktop". Not recommended as it reportedly pops ads, and contains no uninstaller | No |
| U | X1FileMonitor.exe | X1FileMonitor.exe | Part of X1's Enterprise Desktop Search Resource Center. An enterprise desktop search engine | No |
| U | x3watch | x3watch.exe | "program helping with online integrity. Whenever you browse the internet and accesses a site which may contain questionable material, the program will save the site name on your computer. Approximately every 30 days, a person of your choice (an accountabiltiy partner) will receive an e-mail containing all possible questionable sites you may have visited within the month. This information is meant to encourage an open and honest conversation between friends and help us all be more accountable" | No |
| X | x3yy | [path to trojan] | Added by the TANNICK TROJAN! | No |
| U | X4ALLNL | wdfsctl.exe | XS4All Webdisk - web space management utility for the Dutch ISP | No |
| N | Xanadu | Xanadu.exe | Xanadu - free language and translation wizard from Foreignword | No |
| ? | XboxStat | XboxStat.exe | Xbox 360 related. What does it do and is it required? | No |
| ? | xBrotherMeCom | BrMeCom.exe | Related to Brother MFC-9200c printer. What does it do and is it required? | No |
| U | xbtl | bootldr.exe | Active Keylogger keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| X | xcanxbwv | axcvqvzk.exe | Added by the RANDEX.AR WORM! | No |
| X | xcfdhtyjkx | keepSafe.exe | Added by the KILLAV.KAX TROJAN! | No |
| X | Xcpy1 | Xcpy1.exe | FlashEnhancer adware | No |
| X | xcxdsaa7 | slcskxsdl7.exe | Added by the ONLINEG-K TROJAN! | No |
| U | XDeskCal | XDeskCal.exe | "XDeskCal is a fully customizable Desktop calendar that will allows users to display 'to do' list, appointments,and holidays on the screen . It is a lightweight application that doesn't use much system resources or take much space on your desktop" | No |
| X | xDRam rar procx | xwinupdaterarx.exe | Added by the RILER-W TROJAN! | No |
| X | xdxqa | dewa.exe | Added by the SDBOT-YB WORM! | No |
| U | XE 8x LM Status | lmsxxe.exe | Xerox XE8 series laser printer status monitor | No |
| X | Xecuter.bat | psexec.bat | Added by the BOOHOO WORM! | No |
| U | XemiCo | ADC.EXE | XemiComputers Active Desktop Calendar | No |
| U | XemiComputers Scheduler | Scheduler.exe | Smooth Program Scheduler from XemiComputers "will start any program you want at a scheduled time" | No |
| U | XeroxScannerDaemon | XrxFTPLt.exe | Xerox Scanner Daemon - driver for Xerox Scanner model fu621d | No |
| U | XFilesDialog | XFilesDialog.EXE | "XFilesDialog is designed to improve all the (more or less standard) Windows file dialogs (Open / Load / Save)" | No |
| Y | XFILTER | xfilter.exe | Filseclab Personal Firewall Professional Edition | No |
| N | Xfire | Xfire.exe | Terratec DMXFire 1024 soundcard control panel | No |
| U | Xfire Music | xfiremusic.exe | XfirePlus Music plugin is a program written to display your currently playing music into your Xfire Status. Currently the program supports 10 different music players and is packed with features to make it work just for you | No |
| X | xflash | xflash.exe | Added by the BANCJ-A TROJAN! | No |
| X | xftpGraber | Xftpgraber.exe | Added by the ENVID.C WORM! | No |
| ? | XGIWatchDog | XWatDog.exe | Related to XGI Technology's Volari graphics cards - what does it do and is it required? | No |
| X | xhi | xhi.exe | Added by the SCLOG-A TROJAN! | No |
| X | xhrmy | Xhrmy.exe | HyperLinker adware | No |
| X | xibquxs | rnxntup.exe | Added by a variant of the ORCU.B TROJAN! | No |
| ? | xicon | xicon.exe | Part of the IBM/XPoint Rapid Restore utility. What does it do and is it required? | No |
| X | XiD | mmx.exe | Added by the ANALOGX TROJAN! | No |
| X | xInsIDE | xInsIDE.exe | Detected by Trend Micro as the ADLOAD.BH TROJAN! See here. Note - this should not be confused with the valid IDE configuration utility from JMicron Technology which is normally located in %Windir%\RaidTool and uses the same filename. This one is located in %ProgramFiles%\xInsIDE | No |
| U | xInsIDE | xInsIDE.exe | JMB36x series IDE (or Parallel ATA) configuration utility from JMicron Technology for their PCI Express to SATA II and PATA Host Controllers. This is normally located in %Windir%\RaidTool | No |
| Y | XircWinModem4 | ltcm000c.exe | WinModem drivers. WinModems use software rather than hardware - hence putting a load on the CPU. Needed if you have it for loading the drivers. See here for more WinModem information | No |
| U | xitami | Xiwin32.exe | Xitami Multiplatform Open Source web server | No |
| ? | xkstartup | RunDll32 InstZ82.dll, SetUsbPrinterPort | On a system with a Lexmark printer | No |
| X | xload32 | netdd.exe | Added by the NETSPY TROJAN! | No |
| X | xloadnet | xloadnet.exe | Added by the VB.NCK TROJAN! | No |
| X | XML Service | msxml.exe | Added by the RBOT-HD WORM! | No |
| X | XMLmedia 10.0 | wmsdkns.exe | Added by the FAKEALERT TROJAN! | No |
| X | xmnfuruwk | rnxntup.exe | Added by the ORCU.B TROJAN! | No |
| X | XNSearchAssistant | SrchAsst.exe | iWon Search Assistant - spyware | No |
| Y | XoftSpy | XoftSpy.exe | XoftSpy antispyware software by Pareto Logic | No |
| X | xor | svchost.exe | Added by the XORDOOR TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in a "xor" subfolder | No |
| X | xor | svshost.exe | Added by the AGENT.DC TROJAN! | No |
| X | Xordate | wuauclt10.exe | Added by the RBOT-GKN WORM! | No |
| X | Xordate | wuauclt11.exe | Added by the RBOT-GLI WORM! | No |
| X | Xordate | wuauclt12.exe | Added by the RBOT-GLQ WORM! | No |
| X | Xordate | wuauclt13.exe | Added by the RBOT-GLM WORM! | No |
| X | xp | winis.exe | Added by the RBOT-WO WORM! | No |
| X | Xp | p2pnetworking.exe | Added by the SDBOT.XA WORM! | No |
| X | XP Antispyware 2009 | XP_AntiSpyware.exe | XP AntiSpyware 2009 rogue spyware remover - not recommended, removal instructions here | No |
| X | XP Antivirus | xpantivirus.exe | XPAntivirus misleading security program - not recommended, see here | No |
| X | XP Antivirus | xpa.exe | XP Antivirus rogue security software - not recommended | No |
| X | XP HOT FIS | kbx.exe | Added by the FORBOT-GS WORM! | No |
| X | XP Loader | loaderxp.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | XP Protection Center | XPProtectionCenter.exe | XP Protection Center rogue security software - not recommended, removal instructions here | No |
| X | XP SecurityCenter | XPSecurityCenter.exe | XP SecurityCenter rogue security software - not recommended, see here | No |
| X | XP Service Pack | xpservicepack.exe | Added by the SDBOT.AQA WORM! | No |
| X | xp service pack 2 | xpsp2.exe | Added by the RBOT-KW WORM! | No |
| X | XP System | systemxp.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| U | XP Tools | xptools.exe | XPTools - "integrated suite of powerful PC Utilities to fix, speed up, maintain and protect your computer" | No |
| X | XP-C300C3AC | XP-C300C3AC.EXE | Added by the AUTORUN.EHW WORM! | No |
| X | xp32win | xpupdater02.exe | Added by the MOSUCK-A TROJAN! | No |
| ? | XPAgent | XPAgent.exe | Part of the IBM/XPoint Rapid Restore utility - normally located in %ProgramFiles%\XPOINT\AGENT folder. Appears as a service in XP/Vista and under the "RunServices" registry key in Win98. What does it do and is it required? | No |
| X | XPAgent | XPAgent.exe | Detected by Panda as the CLICKER.LE TROJAN! Do not confuse this with the IBM/XPoint Rapid Restore file which is normally located in %ProgramFiles%\XPOINT\AGENT folder. This one is found in %System% | No |
| X | XPAntivirus | XPAntivirus.exe | XPAntivirus rogue security software - not recommended | No |
| ? | xpcfg | xpcfg.exe | ?? | No |
| ? | Xpclient | xpclient.exe | Part of the IBM/XPoint Rapid Restore utility. What does it do and is it required? | No |
| X | XPCPHOST Settings | xpcphost.exe | Added by a variant of the RBOT WORM! | No |
| X | xpiupdate | xpiupdate.exe | Added by the RBOT-AAB WORM! | No |
| U | xPlanetControl | xPlanetControl.exe | Tool that displays a globe with current day/night zones and clouds on users desktop. | No |
| U | Xplay | XPlay.exe | Xplay 3 from Mediafour Corporation - "expands what you can do with any iPod, including the iPhone and iTouch, and a Windows computer." If not used regularily start manually before connecting the iPod/iTouch | No |
| U | XPlay.exe | XPlay.exe | Xplay 3 from Mediafour Corporation - "expands what you can do with any iPod, including the iPhone and iTouch, and a Windows computer." If not used regularily start manually before connecting the iPod/iTouch | No |
| X | XPSoft | CVDAsDW.exe | Added by the SDBOT-SY WORM! | No |
| X | XPSP2 Firewall | xpsp2fw.exe | Added by the SMALL-RN TROJAN! | No |
| X | xpstart | wini.exe | Added by the PICRATE.A WORM! | No |
| X | xpstat | winlogins.exe | Added by the RBOT-AAR WORM! | No |
| X | XPsys | XPsys.exe | Added by the DELF-KQ TROJAN! | No |
| X | xpsystem | y.exe | CoolWebSearch parasite variant | No |
| X | Xpsystem | SERVICES.EXE | Added by the DAEMOZ.A TROJAN! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in an "SERVICES" subfolder | No |
| X | xpsystem | services.exe | CoolWebSearch parasite variant. Note - this is not the legitimate services.exe process, which should not appear in Msconfig/Startup! | No |
| X | xpsystem | MSXMIDI.EXE | CoolWebSearch parasite variant, detected by Kaspersky as the SMALL.CW TROJAN! | No |
| X | xpupdate | updates.exe | Added by the BROPIA.L WORM! | No |
| X | XpyBurner | XpyBurner.exe | XpyBurner rogue spyware remover - not recommended, removal instructions here | No |
| X | xp_system | [filename] | Added by the BOOKMARKER.J TROJAN! This file is located in a Windowsinet20004 or Winntinet20004 folder | No |
| X | xp_system | winlogon.exe | Added by the KREPPER-G TROJAN! - a CoolWebSearch parasite variant. Note - this is not the legitimate winlogon.exe, which should not figure in Msconfig/Startup! | No |
| X | xp_system | services.exe | Added by the KREPPER-N TROJAN and variants! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! The file is located in a "inet*****" subfolder of the Windows or Winnt folder - where ***** varies dependent upon the variant, examples are 20088, 20001, 10066 | No |
| X | xrt_Shell | xrt_****.exe | XRT spyware | No |
| X | xrt_Shell | xrt_brel.exe | Added by the AGENT.AJAT BACKDOOR! | No |
| U | XSC SIP Client | X-Lite.exe | "CounterPath's X-Lite 3.0 is the market's leading free SIP based softphone available for download". For VOIP and broadband users | No |
| X | xserv | [path to trojan] | Added by the STUMPY-A TROJAN! | No |
| U | XStop95 | XStop95.exe | XStop - internet filter | No |
| X | xswdmse | [8 random letters].exe | Added by a variant of the SPYBOT WORM! See here | No |
| N | xswin | xswin.exe | Installed with a Xerox Work Centre Pro 555. Unchecking it removes an "out of system memory" error | No |
| ? | XTCsgloader | XTCsgloader.exe | Another Xupiter toolbar variant?? | No |
| X | XTN Service Drivers | winxtn.exe | Added by the SDBOT-YK WORM! | No |
| U | XTNDConnect PC | XCPCMenu.exe | XTNDConnect PC - "award-winning desktop-sync application that enables you to easily synchronize your contacts, calendar, tasks, email and notes between your mobile devices and popular PC applications" | No |
| U | XTNDConnect PC - 3CmPlm | Autodet.exe | 3Com Palm PC specific translator for XTNDConnect PC - "award-winning desktop-sync application that enables you to easily synchronize your contacts, calendar, tasks, email and notes between your mobile devices and popular PC applications" | No |
| U | XTNDConnect PC - CasioOrg | CasAgnt.exe | Casio Pocket PC specific translator for XTNDConnect PC - "award-winning desktop-sync application that enables you to easily synchronize your contacts, calendar, tasks, email and notes between your mobile devices and popular PC applications" | No |
| U | XTNDConnect PC - ErPhn2 | ErTray.exe | Sony Ericsson IrMC (Infrared Mobile Connectivity) phones and smartphones specific translator for XTNDConnect PC - "award-winning desktop-sync application that enables you to easily synchronize your contacts, calendar, tasks, email and notes between your mobile devices and popular PC applications" | No |
| U | XTNDConnect PC - LtNts4 | NtsAgnt.exe | (IBM) Lotus Notes 4 specific translator for XTNDConnect PC - "award-winning desktop-sync application that enables you to easily synchronize your contacts, calendar, tasks, email and notes between your mobile devices and popular PC applications" | No |
| U | XTNDConnect PC - MyPalm | MPTray.exe | Palm OS specific translator for XTNDConnect PC - "award-winning desktop-sync application that enables you to easily synchronize your contacts, calendar, tasks, email and notes between your mobile devices and popular PC applications" | No |
| U | XTNDConnect PC - PocketPC | AutoDetect.exe | Windows Mobile Pocket PC specific translator for XTNDConnect PC - "award-winning desktop-sync application that enables you to easily synchronize your contacts, calendar, tasks, email and notes between your mobile devices and popular PC applications" | No |
| U | XTNDConnect PC - ScheduleSync | SCHEDU~1.EXE | ScheduleSync specific translator for XTNDConnect PC - "award-winning desktop-sync application that enables you to easily synchronize your contacts, calendar, tasks, email and notes between your mobile devices and popular PC applications" | No |
| X | Xtray | xtray_link.exe | Added by the VB.JL TROJAN! | No |
| U | XtreamLok License Manager | xl.exe | License manager for xLok (XtreamLok) - prevents software being reverse engineered | No |
| U | Xtrem parental control | pcx.exe | ParentXtreme is a surviellance software program that monitors user activity, logs keystrokes, and takes screenshots. It ends the processes of anti-spyware programs. If you didn't install this yourself remove it | No |
| X | XTServiceUpdate | XTServiceUpdate.exe | hahame.net adware downloader | No |
| X | XtTb.exe | XtTb.exe | Top-banners.com adware | No |
| ? | xuio.exe | xuio.exe | ?? | No |
| X | Xupiter Startup | XupiterStartup.exe | Xupiter - adware and homepage hijacker. Use Spybot S&D, Adware or similar to detect and remove and to prevent it re-installing in the future see here | No |
| X | XupiterCfgLoader | XTCfgLoader.exe | Xupiter - adware and homepage hijacker. Use Spybot S&D, Adware or similar to detect and remove and to prevent it re-installing in the future see here | No |
| X | XupiterCfgLoader | BWCfgLoader.exe | Xupiter - adware and homepage hijacker. Use Spybot S&D, Adware or similar to detect and remove and to prevent it re-installing in the future see here | No |
| X | xupiterstartup2003 | xupiterstartup2003.exe | Xupiter - adware and homepage hijacker. Use Spybot S&D, Adware or similar to detect and remove and to prevent it re-installing in the future see here | No |
| X | XupiterToolbarLoader | XupiterToolbarLoader.exe | Xupiter - adware and homepage hijacker. Use Spybot S&D, Adware or similar to detect and remove and to prevent it re-installing in the future see here | No |
| U | xv_ctrl | v_ctrl.exe | 3dfx Underground Tools - "Gives direct hardware control to your video graphics adapter" | No |
| X | xware | xware.exe | Malware downloader from xxsware.com, causes adult content popups | No |
| X | xware | cskware.exe | Malware downloader from xxsware.com, produces adult content popups | No |
| ? | XWMSUSBAPI | XWMSAPI.EXE | Part of the installation of a Xerox WorkCentre printer/scanner. Is it required? | No |
| X | xxcm | sys.exe | Added by the KRISWORM-A WORM! | No |
| X | xxsrSrv32 | xxsrsrv.exe | Added by the BANCSDE-E TROJAN! | No |
| X | XXXmpeg | XXXmpeg.exe | Adult content dialler | No |
| X | xxxvideo | xxxvideo.exe | AccessPlugin premium rate adult content dialler | No |
| X | xy | svhost32.exe | Added by the DELF.FAI TROJAN! | No |
| X | xzkadsfk10 | afslkfasl10.exe | Added by the ONLINEG-R TROJAN! | No |
| X | x[Number from 1 to 7] | x[Number from 1 to 7].exe | Added by the DADOBRA-A TROJAN! | No |
| X | x~{{dybel | x~{{dy8%nsn | Added by the AGOBOT.DQ WORM! | No |
| U | Y!TunnelBasic | YTBasic.exe | Y!TunnelBasic software provides additional features to Yahoo! Messenger | No |
| U | Y!TunnelPro | YTunnelPro.exe | Spam, bot and ad blocker for Yahoo! Messenger from Digital Asphyxia | No |
| U | Y!TunnelPro | YTPro.exe | Spam, bot and ad blocker for Yahoo! Messenger from Digital Asphyxia | No |
| U | Y'z Shadow | YzShadow.exe | Y'z Shadow 'adds a shadow effect to the windows in pursuit of the "beauty of a shadow". It also allows the user the option of making menus transparent' | No |
| U | Y'z Toolbar | YzToolBar.exe | Y'z Toolbar "allows the user to change the toolbar icons in Explorer and Internet Explorer. The user can also create and add their own themes" | No |
| X | y1959sar | sv711224030r.exe | Added by the BRONTOK-AK WORM and variants! | No |
| X | y1959sar | yesbron.com | Added by the BRONTOK-AK WORM and variants! | No |
| X | Ya Salam | NancyAjram.exe | Added by the JALABED WORM! | No |
| ? | YaAutoRepair | yrepair.dll | Appears to be related to software from Yahoo China. What does it do and is it required? | No |
| X | yaemu.exe | yaemu.exe | Added by the WIN32.DNSCHANGER.S TROJAN! | No |
| X | yahoo groups | upgrdmgr.exe | Added by a variant of the RBOT WORM! | No |
| ? | Yahoo HP Reminder 1.1 | yr.exe | ?? | No |
| X | yahoo inc. | ypages.exe | Added by a variant of the SDBOT.62235D21 WORM! | No |
| X | Yahoo Instant Messengar | YahooMsgr.exe | Added by the SDBOT.GEN TROJAN! | No |
| X | Yahoo Messenger | Yahoomsg.exe | Added by an unidentified WORM or TROJAN! | No |
| X | Yahoo Messenger | YPager.exe | Added by the RBOT-QO WORM! | No |
| X | Yahoo Messenger | svchost32.exe | Added by the SOHANA-P WORM! | No |
| X | Yahoo Messengger | SVICHHOST.exe | Added by the TIOTUA-C TROJAN! | No |
| X | Yahoo Messengger | RVHOST.exe | Added by the SILLYFDC-G WORM! | No |
| X | Yahoo Messengger | SSVICHOSST.exe | Added by the SOHANA-R WORM! | No |
| X | Yahoo Messengger | SCVHOST.exe | Added by the SOHANA-V WORM! | No |
| X | Yahoo Messengger | SCVHSOT.exe | Added by the HAKAG-A WORM! | No |
| X | Yahoo Messengger | SCVVHSOT.exe | Added by the SILLYFDC-AE WORM! | No |
| X | Yahoo Messengger | SSCVIHOST.exe | Added by the SOHANA-W WORM! | No |
| X | Yahoo Messengger | SSCVIIHOST.exe | Added by the SOHANA-Y WORM! | No |
| X | Yahoo Update | Yahoo!.exe | Added by the YAHOO! TROJAN! | No |
| X | Yahoo Updater | Messenger.exe | Added by the FORBOT-FE WORM! | No |
| N | Yahoo! Friend | YahooFriend.exe | Yahoo!_Friend - plug-in for Yahoo! Messenger that add lots of emoticons and windows effects | No |
| U | Yahoo! Mail | YMailAdvisor.exe | Yahoo! Mail Advisor - informs you of any changes to your Yahoo! Mail settings (i.e., if your default mail client changes). Bundled with some Yahoo! programs, Toolbar or Messenger | No |
| X | Yahoo! Messanger | ymsngr32.exe | Added by the WOOTBOT.HY WORM! Note - this should not be confused with Yahoo! Messenger | No |
| N | Yahoo! Pager | ypager.exe | Yahoo! Messenger allows you to send instant messages. Available via Start -> Programs | No |
| N | Yahoo! Pager | YAHOOM~1.EXE | Yahoo! Messenger allows you to send instant messages. Available via Start -> Programs | No |
| U | Yahoo! Widget Engine | YahooWidgetEngine.exe | Yahoo! Widget Engine lets you run little files called Widgets that can do pretty much whatever you want them to | No |
| X | Yahoo2000 | Anti.exe | Added by the RBOT.ATK WORM! | No |
| X | Yahoo2000 | Anti.exe | Added by an unknown Malware, possibly a variant of the RBOT-RAM WORM! | No |
| X | yahoomsgr | Yahoomsngr.exe | Added by the AGOBOT.AKZ WORM! | No |
| X | YahooStock | [path to file] | Adtomi adware | No |
| X | yahoo_toolbar lptt01 | yahoo_toolbar.exe | RapidBlaster variant (in a "yahoo_toolbar" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here | No |
| X | yahoo_toolbar ml097e | yahoo_toolbar.exe | RapidBlaster variant (in a "yahoo_toolbar" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here | No |
| ? | YAMAHA AC-XG Power Utility | yacpower.exe | YAMAHA AC-XG Power Utility. What does it do and is it required? | No |
| N | YAMAHA DS-XG Launcher | dslaunch.exe | System Tray access for the features of the Yamaha DS-XG soundcard unless you regularly change set-ups | No |
| N | Yankee Clipper III | YankClip.exe | Yankee Clipper III - 'A super powerful Windows clipboard extender/memory - now in its third generation. Handles Pictures, Richtext, URLS, etc - any size. Features printing, drag and drop, optional permanent storage of clippings. Familiar "Outlook" interface'. Freeware | No |
| U | Yapta Tracker | YaptaClient.exe | Yapta "make it easy for you to secure the best airfare deals available on the Web. We do this by giving you a tool to "tag" the trips you like while shopping online, then we track prices on these trips and alert you when prices drop" | No |
| N | YBrowser | ybrwicon.exe | SBC Yahoo! Browser system tray icon | No |
| U | YCentral | YahooCentral.exe | Yahoo! Central - "alerts you if your default home page, search, or email is changed or if updates are available for your Yahoo! software. You can manage your default Internet settings and get updates to your software from Yahoo!" | No |
| X | yeahdude.exe | hallowelt.exe | Added by the GAOBOT.RS or GAOBOT.SA WORMS! | No |
| X | yemarvd | sysmon.exe | Added by the AGENT-CH TROJAN! | No |
| N | YeppStudioAgent | SamsungMediaStudioAgent.exe | Samsung Media Studio MP3 player file management software - see here for an example | No |
| X | YhooUapdates | ymssmsgs.exe | Added by a variant of the SMALL_K TROJAN! | No |
| X | YhooUpdates | ymsmsgs.exe | Added by the SMALL_K TROJAN! | No |
| X | ying | ying.exe | Constructor VC2000 malware | No |
| N | YLive.exe | Ylive.exe | Yahoo! Assistant (formerly 3721 Internet Assistant) - not recommended | No |
| U | YMailAdvisor | YMailAdvisor.exe | Yahoo! Mail Advisor - informs you of any changes to your Yahoo! Mail settings (i.e., if your default mail client changes). Bundled with some Yahoo! programs, Toolbar or Messenger | No |
| N | ymetray | ymetray.exe | Yahoo! Music system tray icon | No |
| X | ynavmrcd.exe | ynavmrcd.exe | Added by the DLOADR-AVC TROJAN! | No |
| N | YOP | yop.exe | Dashboard Module for SBC Yahoo! Online Protection | No |
| U | You've Got Pictures Screensaver | ygpsstra.exe | AOL You've Got Pictures Screensaver | No |
| X | YourMP3 | rundll32.exe MSA64CHK.dll, DllMostrar | MatrixDialer related. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in the Winnt or Windows folder | No |
| ? | YOW tuner | WatchPNM.exe | ?? | No |
| N | ypager | ypager.exe | Yahoo! Messenger allows you to send instant messages. Available via Start -> Programs | No |
| U | YPC | ypc.exe | Yahoo Parental controls - "Let you decide what type of sites and Yahoo! services your kids can access" | No |
| U | YPOPs | YPOPs.exe | YPOPs! - an application that provides POP3 access to Yahoo! Mail. Yahoo! Mail disabled free access to its POP3 service in 2002. This application emulates a POP3 server and enables popular email clients like Outlook, Netscape, Eudora, Mozilla, etc., to download email from Yahoo! account | No |
| U | YPOPs | YPOPs | YPOPs! - an application that provides POP3 access to Yahoo! Mail. Yahoo! Mail disabled free access to its POP3 service in 2002. This application emulates a POP3 server and enables popular email clients like Outlook, Netscape, Eudora, Mozilla, etc., to download email from Yahoo! account | No |
| U | YSearchProtection | SearchProtection.exe | "Yahoo! Search Protection will alert you if an attempt is made to change your default browser search engine from Yahoo!" | No |
| Y | YTrayMagic Lite 1 | YTRAYMAGIC.EXE | YTrayMagic from YoconSoft automatically restores your tray icons after an Explorer(the windows shell) crash. Leave to run at startup since only those icons that are in the taskbar after YTrayMagic has initialized will be restored | No |
| U | Yumgo's Homepage Protector V1 | YumgoHomepageProtector.exe | Yumgo's Homepage Protector | No |
| X | ywwvc.exe | ywwvc.exe | Added by the STARTPA-HR TROJAN! | No |
| X | ywzizdon | ywzizdon.exe | Free_Scratch_Cards foistware | No |
| X | yx | uu.exe | Added by the AGOBOT-YX WORM! | No |
| X | yyyyyyyy | [path to trojan] | Added by the MUMUBOY.B TROJAN! | No |
| X | yz.exe | yz.exe | Added by the VARDO TROJAN! | No |
| X | YZH | YZH.exe | Added by the LEGMIR-BM VIRUS! | No |
| X | YZH.SYS | YZH.exe | Added by the PHILIS.C VIRUS! | No |
| X | Z | zmon.exe | Added by the DELBOT-AO WORM! | No |
| U | z-WrDialer | WrDialer.exe | WinPoet DSL dialer | No |
| X | ZaCker | [filename].PIF | Added by the HOLAR.A WORM! | No |
| X | Zacker | Zacker.exe | Added by the GEMEL WORM! | No |
| X | zango | zango.exe | NCase adware | No |
| X | Zango SiteFinder | ZangoSiteFinder.exe | 180Solutions ZangoSearch adware variant | No |
| X | Zango TvTimes | ZANGOT~1.EXE | ZangoSearch adware | No |
| X | ZangoOE | OEAddOn.exe | NCase adware | No |
| X | ZangoSA | ZangoSA.exe | NCase adware | No |
| X | zanu | zanu.exe | NCase adware | No |
| Y | Zapro | Zapro.exe | Firewall program from Zonelabs - paid for version | No |
| U | Zboard | Zboard.exe | Ideazon Zboard gaming software | No |
| U | ZboardTray | ZboardTray.exe | Ideazon Zboard gaming keyboard driver - allows you to customise keyboard functions | No |
| U | zBrowser Launcher | iTouch.exe | Loads the iTouch configuration program for Logitech keyboards. It's needed if your keyboard has shortcut buttons and if you use them. It's also needed if your keyboard does not have the num lock, caps lock, and scroll lock lights on it and you use the on-screen displays for num lock, caps lock, and scroll lock | No |
| U | zBrowser Launcher | Commandr.exe | For a Logitech internet keyboard - loads the software for the shortcut keys on the keyboard. Also used to display your keyboard LEDs on-screen to indicate Caps Lock, etc if it doesn't have them | No |
| ? | zcb | zcb.exe | ?? | No |
| U | Zcfgsvc | ZCfgSvc.exe | Zero Config MFC Application, part of Intel's ProSET utilities and installed by the drivers for many of Intel wireless network cards - essential to the proper functioning of many of the Intel ProSET utilities (but not all) and these System Tray ProSET utilities are a must if you are using your wireless connection, if only so you know when the signal is fading or dropping. The problem is that, in some PCs, ZCFGSVC can be incredibly badly behaved : taking up to 100% of CPU time and therefore resulting in an extremely slow PC, preventing the installation of software or Windows updates, or causing "Not Responding" or "End this Program" shutdown problems. If you experience this, try first the very latest drivers from Intel or your laptop manufacturer. If that still does not solve the problem and you have WinXP/2003, try setting the "Wireless Zero Configuration" service to disabled | No |
| U | ZCfgSvc.exe | ZCfgSvc.exe | Zero Config MFC Application, part of Intel's ProSET utilities and installed by the drivers for many of Intel wireless network cards - essential to the proper functioning of many of the Intel ProSET utilities (but not all) and these System Tray ProSET utilities are a must if you are using your wireless connection, if only so you know when the signal is fading or dropping. The problem is that, in some PCs, ZCFGSVC can be incredibly badly behaved : taking up to 100% of CPU time and therefore resulting in an extremely slow PC, preventing the installation of software or Windows updates, or causing "Not Responding" or "End this Program" shutdown problems. If you experience this, try first the very latest drivers from Intel or your laptop manufacturer. If that still does not solve the problem and you have WinXP/2003, try setting the "Wireless Zero Configuration" service to disabled | No |
| X | zcproo | qssstiej.exe | Possible homepage hijacker installing a toolbar: http://tdko.com/ ,Lop.com in disguise | No |
| X | zcseacrt | [random filename] | Added by a variant of the SLAPER TROJAN! | No |
| ? | ZDConfig | ZDConfig.exe | Related to various brands of Wireless USB LAN Adapter - what does it do and is it required? | No |
| N | zdnet | kontiki.exe | Kontiki Delivery Manager - Windows-based client software that enables secure delivery of content to users' desktops | No |
| N | Zebus | msdc32.exe | Runs a HTML tutorial on the Zebus web-site | No |
| X | Zekio Startups | znksvc32.exe | Added by the AGOBOT-AGI WORM! | No |
| X | Zen.A | [path to trojan] | Added by the ZOOMEN-A TROJAN! | No |
| X | Zenet | rundll32 CNBabe.dll, DllStartup | CommonName Toolbar spyware. To uninstall see here | No |
| X | Zeno | [random filename] | ZenoSearch adware | No |
| X | Zeno | nwinrqez.exe | Added by the QEXREZ family of TROJANS! | No |
| Y | ZENRC | zenrc32.exe | The main component of Novell's ZenWorks - "Complete End-to-End Directory-enabled Network Management". Leave well alone | No |
| Y | ZENRC Tray Icon | zentray.exe | Part of Novell's ZenWorks - "Complete End-to-End Directory-enabled Network Management". Best left alone | No |
| Y | ZENworks Imaging Service | ZISWin.exe | Imaging Agent. Part of Novell's ZenWorks - "Complete End-to-End Directory-enabled Network Management" | No |
| U | Zero PoPup Killer XP | zpk_xp.exe | Intelligent anti-pop-up software product by Ax-Soft | No |
| U | ZeroAds | 0 | ZeroAds - culls ads, cookies and pop-ups. Tells ZeroAds not to run at startup - needed to start it manually | No |
| U | ZeroAds | LAS0Ads.exe | ZeroAds - culls ads, cookies and pop-ups. Required for the cookie interception to work | No |
| U | ZeroAds | Zeroads.exe | ZeroAds - a popular Internet accelerator and anti-adware application | No |
| U | ZeroSpyware | ZeroSpyware.exe | FBM Software ZeroSpyware 2004 spyware detector and remover | No |
| X | zervpack2 | update2.exe | Added by the SDBOT.WD WORM! | No |
| ? | ZGNUBI | ZGNUBI.exe | ?? | No |
| X | Zi5 | AntiVirus Update.exe | Added by the ERKEZ.G WORM! | No |
| U | ZIBMACC | rundll.exe ZIBMACC.INF | ZIBMACC.INF is an IBM file that is only loaded and installed under a recovery operation. The file is a support file for IBM access to the system if needed. You may delete this file. This is as from IBM Technical Support (USA - 800-887-7435) | No |
| X | ZincgrubInc | Lsass.exe | Added by the VOUMIT-A WORM! Note - this is not the legitimate lsass.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "mirc32" folder | No |
| U | ZingSpooler | ZingSpooler.exe | Was used for a drag and drop program to upload pictures to www.zing.com but Zing has gone out of business. Now used for Sony ImageStation's upload photos to online albums | No |
| N | Zinio DLM | ZDLM.EXE | Zinio - used to read magazines in digital rather than paper format | No |
| N | Zinio DLM | ZinioDeliveryManager.exe | Related to Zinio used to read magazines in digital rather than paper format | No |
| X | Zip Driver Loader | ZipLoader32.exe | Added by the OBLIVION TROJAN! This executable is one of the most common but there are more | No |
| X | Zip Driver Loader | msload32.exe | Added by the OBLIVION TROJAN! This executable is one of the most common but there are more | No |
| U | ZipDisk Icons | IMGICON.EXE | Displays Iomega icons in Explorer/My Computer, ejects Zip disks on shutdown and displays a special delete confirmation box when deleting files on an Iomega drive. Available via Start -> Programs. If you disable it remember to eject disks first before powering the drive down - hence the "U" recommendation. Note - FreeCell may not run with ImgIcon running | No |
| N | ZipGenius Clean | zg.exe | ZipGenius file compression utility | No |
| X | ziphelp | ziphelp.exe | CoolWebSearch parasite variant | No |
| N | ZipMagic | zm32.exe | Zip utility by Ontrack. Preloading ZipMagic allows you to access files within a zip archive without unzipping them first | No |
| Y | zlclient | zlclient.exe | Firewall program from Zonelabs. Pro version inlcudes other online security options | No |
| U | ZLH | ZLH.EXE | System Tray icon for Norman Antivirus | No |
| U | ZMatrix | matrix.exe | ZMatrix - "an animated desktop background which displays streaming characters in a style similar to what was used in the movie 'The Matrix'" | No |
| X | ZNN | znnsvc.exe | Added by the SDBOT-DAA WORM! | No |
| X | Zolero Translator | ZoleroTranslator.exe | Zolero Translator - added by Clickspring, the makers of Purityscan, products and are bundled with the Outer Info Network Client, or OIN client | No |
| X | Zonavirus | 0 | Added by the KITRO.D (or ARGEN.A) WORM! | No |
| X | Zone Alarm | vsmon.exe | Added by the RBOT.BO WORM! If this was the ZoneAlarm firewall the name column would be TrueVector | No |
| X | zone alarm security | zlclint.exe | Added by the NIRBOT WORM! | No |
| Y | Zone Labs Client | zlclient.exe | Firewall program from Zonelabs. Pro version inlcudes other online security options | No |
| X | Zone Labs Client Ex | svchost.exe | Added by the NETSKY.F WORM! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in the Winnt or Windows folder | No |
| X | Zone system | szchost.exe | Added by the MULTIDR-AC TROJAN! | No |
| Y | ZoneAlarm | zonealarm.exe | Firewall program from Zonelabs - free version | No |
| X | zonealarm | [random filename] | Added by an unidentified VIRUS, WORM or TROJAN! The only exception is if you have an older version of the ZoneAlarm firewall running | No |
| X | Zonealarm | Removeme.exe | Added by the FORBOT-BG WORM! | No |
| X | Zonealarm | iexplore.exe | Added by the FORBOT-CP WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System% | No |
| Y | ZoneAlarm Plus | zaplus.exe | Firewall program from Zonelabs - paid for version | No |
| Y | ZoneAlarm Pro | Zapro.exe | Firewall program from Zonelabs - paid for version | No |
| X | Zonesoft Cleaner | rnsys.exe | Added by a variant of the SDBOT WORM! | No |
| U | ZoneUpdate | csrss.exe | WinSpy surveillance software. Uninstall this software unless you put it there yourself. Note - this is not the same file as the csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "ComRoot" subfolder | No |
| U | Zoom | zoom.exe | Zoom - speeds up Windows startup and manages startup applications | No |
| U | Zooming | ZoomingHook.exe | Toshiba Zooming Utility - found on Toshiba laptops and Tablet PCs. It allows users to zoom in (or magnify) text | No |
| U | ZoomingHook | ZoomingHook.exe | Toshiba Zooming Utility - found on Toshiba laptops and Tablet PCs. It allows users to zoom in (or magnify) text | No |
| Y | ZPLED | ZPKBDLED.exe | Driver for the Advent ADE-AD2 Wireless Keyboard | No |
| X | ZPoint | winmuse.exe | Added by the DLOADR-VJ TROJAN! | No |
| Y | ZPOINT32 | ZPOINT32.exe | USB graphics/writing tablet driver | No |
| X | zSearch | Zstb.exe | TotalVelocity zSearch parasite | No |
| X | zSecurity Service | szsvc.exe | Added by the SDBOT-DAB WORM! | No |
| X | zsms | smss.exe | Added by the BANCOS-CK TROJAN! Note - this is not the legitimate smss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder | No |
| X | zsmscc | rundll32.exe zsmscc071001.dll mymain | Added by the GENETIK.KQ TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "zsmscc071001.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| X | zsmsgs | iservice.exe | Added by the BANCOS-BU TROJAN! | No |
| X | zsmss | smss.exe | Added by the BANCOS-DD TROJAN! Note - this is not the legitimate smss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder | No |
| U | zSPGuard | Spguard.exe | "StartPage Guard (SPG) protects your PC from cyberscam, by detecting and preventing any unauthorized changes to your internet browser's Start and Search pages. It is also capable of removing automatically most of known 'invaders'." | No |
| U | ZSScheduler | zsscheduler.dll | ZeroSpyware from FBM Software | No |
| N | ZSSnp211 | ZSSnp211.exe | Vmicro webcam USB utility - allows the webcam to initiate data transfer to a program. Create a shortcut and start it manually when needed | No |
| X | ZStart | [various filenames] | VX2.Transponder parasite updater/installer related | No |
| X | Zstart | cxdxregt.exe | ZenoSearch adware | No |
| X | ZtgServerSwitch | server.vbs | ZTGServerswitch is part of Sony's Vaio support agent - designed by Support.com. Not required if the user does not wish to use the Vaio support agent and regarded as spyware | No |
| U | Zune Launcher | ZuneLauncher.exe | Only needed if running Microsoft's new Zune software for use with their new Zune music player. Similar to iTunes for the iPod | No |
| X | zupacha.exe | zupacha.exe | Added by the DROPPER-QL TROJAN! | No |
| X | Zupdate | Zupdate.exe | Associated with B3d Projector foistware - see here | No |
| X | zzb | zzb.exe | IAGold adware | No |
| X | zzb2 | zzb2.exe | IAGold adware | No |
| X | zzgshp | gshp.vbs | Homepage hi-jacker that re-defines your IE or Netscape start page | No |
| X | zztp | svchost.exe | Added by the TANNICK.B TROJAN! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup! | No |
| ? | zzz-hpi-boot | hpi-boot.exe | Associated with HP Photosmart printers | No |
| ? | zzzCamlnSuitelll | setup.exe 46*** | ?? | No |
| ? | zzzhpsetup | setup.exe | ?? | No |
| X | Z_Start | [random filename] | ZenoSearch adware | No |
| X | [12 random characters] | avifile5.exe | IeDriver adware variant | No |
| X | [12 random characters] | bootvid4.exe | IeDriver adware variant | No |
| X | [12 random characters] | browser8.exe | IeDriver adware variant | No |
| X | [12 random characters] | atitvo32.exe | IeDriver adware variant | No |
| X | [12 random characters] | autodisc.exe | IeDriver adware variant | No |
| X | [12 random characters] | cabview1.exe | IeDriver adware variant | No |
| X | [12 random characters] | advpack1.exe | IeDriver adware variant | No |
| X | [12 random characters] | batmeter.exe | IeDriver adware variant | No |
| X | [12 random characters] | bidispl2.exe | IeDriver adware variant | No |
| X | [12 random characters] | asferror.exe | IeDriver adware variant | No |
| X | [12 random characters] | catsrvps.exe | IeDriver adware variant | No |
| X | [12 random characters] | admparse.exe | IeDriver adware variant | No |
| X | [12 random characters] | audiosrv.exe | IeDriver adware variant | No |
| X | [12 random characters] | bootvid2.exe | IeDriver adware variant | No |
| X | [12 random characters] | cmpbk321.exe | IeDriver adware variant | No |
| X | [12 random characters] | ADPTIF67.exe | IeDriver adware variant | No |
| X | [12 random characters] | asycfilt.exe | IeDriver adware variant | No |
| X | [12 random characters] | ati2dvag.exe | IeDriver adware variant | No |
| X | [12 random characters] | atl91036.exe | IeDriver adware variant | No |
| X | [12 random characters] | blackbox.exe | IeDriver adware variant | No |
| X | [12 random characters] | browser5.exe | IeDriver adware variant | No |
| X | [12 random characters] | bthserv1.exe | IeDriver adware variant | No |
| X | [12 random characters] | camocx28.exe | IeDriver adware variant | No |
| X | [12 random characters] | CAMOCX74.exe | IeDriver adware variant | No |
| X | [12 random characters] | capesnpn.exe | IeDriver adware variant | No |
| X | [3-4 random letters] | nslookup.exe | PurityScan/Clickspring adware. Not to be confused with the legitimate nslookup.exe which is found in the System32 folder | No |
| X | [3-4 random letters]Srv32 | [path to file] | Added by the BANCSADE-A TROJAN! | No |
| X | [32 random numbers] | av2009.exe | Antivirus 2009 rogue security software - not recommended, see here | No |
| X | [32 random numbers] | av360.exe | Antivirus 360 rogue security software - not recommended, removal instructions here | No |
| X | [32 random numbers] | AVS.exe | Antivirus Sentry rogue security software - not recommended, removal instructions here | No |
| X | [32 random numbers] | xpa.exe | XP Antivirus rogue security software - not recommended | No |
| X | [decimal number] | [path to worm] | Added by the OPOSSUM-A WORM! The decimal number can be anything, eg, 0.12345678 | No |
| X | [default] | DrWatson32.exe | Added by the DREMN TROJAN! | No |
| X | [Entry name] | System.exe | Added by the NETHIEF-N TROJAN! | No |
| X | [Ephemeral 2.5] by TreeHugger, | [path to worm] | Added by the LEMOOR-C WORM! | No |
| X | [Ephemeral 2.x] by TreeHugger, | [path to worm] | Added by the LEMOOR.A WORM! where "x" represents 3 or 4 | No |
| X | [executed file name] | App.exe | Added by the WAXPOW WORM! | No |
| X | [executed file name] | Regsrv32.com | Added by the SOUTHGHOST WORM! | No |
| X | [filename] | svchost.scr | Added by the BANKER-CC TROJAN! | No |
| X | [original filename] | svchost.scr | Added by the BANCBAN-CX TROJAN! | No |
| X | [original filename] | xphost.scr | Added by the BANCBAN-HM TROJAN! | No |
| X | [random characters] | securewinload32x.exe | Added by the OPTIXP-N TROJAN! | No |
| X | [random characters] | rsbmsc.exe | Detected by AntiVir antivirus as the BDS/Agent.adt TROJAN! | No |
| X | [random characters] | _default[random].pif | Added by the BRONTOK-AI WORM and variants! | No |
| X | [random characters] | j[random].exe | Added by the BRONTOK-AI WORM and variants! | No |
| X | [random characters] | sv[random].exe | Added by the BRONTOK-AI WORM and variants! | No |
| X | [random characters] | yesbron.com | Added by the BRONTOK-AI WORM and variants! | No |
| X | [random filename] | slk8x2peu.exe | QuickLinks adware | No |
| X | [random names] | eee2.exe | MediaMotor adware | No |
| X | [random name] | wincpu.exe | Added by an unidentified VIRUS, WORM or TROJAN! | No |
| X | [random name] | m?dtc.exe | PurityScan/Clickspring adware | No |
| X | [random name] | ping.exe | PurityScan/Clickspring adware. Note - do not confuse with the Microsoft utility of the same name as described here | No |
| X | [random name] | CXTPLS_LOADER.EXE | AproposMedia adware | No |
| X | [random name] | ??plorer.exe | PurityScan/Clickspring adware | No |
| X | [random name] | ?hkdsk.exe | PurityScan/Clickspring adware | No |
| X | [random name] | ?hkntfs.exe | PurityScan/Clickspring adware | No |
| X | [random name] | l?gonui.exe | PurityScan/Clickspring adware | No |
| X | [random name] | m?iexec.exe | PurityScan/Clickspring adware | No |
| X | [random name] | r?gsvr32.exe | PurityScan/Clickspring adware | No |
| X | [random name] | t?skmgr.exe | PurityScan/Clickspring adware | No |
| X | [random name] | w?auboot.exe | PurityScan/Clickspring adware | No |
| X | [random name] | w?auclt.exe | PurityScan/Clickspring adware | No |
| X | [random name] | w?crtupd.exe | PurityScan/Clickspring adware | No |
| X | [random name] | w?wexec.exe | PurityScan/Clickspring adware | No |
| X | [random name] | ??erinit.exe | PurityScan/Clickspring adware | No |
| X | [random name] | d?dplay.exe | PurityScan/Clickspring adware | No |
| X | [random name] | n?tepad.exe | PurityScan/Clickspring adware | No |
| X | [random name] | ??chost.exe | PurityScan/Clickspring adware | No |
| X | [random name] | ??oolsv.exe | PurityScan/Clickspring adware | No |
| X | [random name] | ??xplore.exe | PurityScan/Clickspring adware | No |
| X | [random name] | r?ndll32.exe | PurityScan/Clickspring adware | No |
| X | [random name] | se?vices.exe | PurityScan/Clickspring adware | No |
| X | [random name] | w?nlogon.exe | PurityScan/Clickspring adware | No |
| X | [random name] | w?nword.exe | PurityScan/Clickspring adware | No |
| X | [random name] | ??anregw.exe | PurityScan/Clickspring adware | No |
| X | [random name] | ?ttrib.exe | PurityScan/Clickspring adware | No |
| X | [random name] | j?vaw.exe | PurityScan/Clickspring adware | No |
| X | [random name] | l?ass.exe | PurityScan/Clickspring adware | No |
| X | [random name] | m?config.exe | PurityScan/Clickspring adware | No |
| X | [random name] | n?lookup.exe | PurityScan/Clickspring adware | No |
| X | [random name] | n?pdb.exe | PurityScan/Clickspring adware | No |
| X | [random name] | ??ool32.exe | PurityScan/Clickspring adware | No |
| X | [random name] | ??rss.exe | PurityScan/Clickspring adware | No |
| X | [random name] | ??rvices.exe | PurityScan/Clickspring adware | No |
| X | [random name] | ?ti2evxx.exe | PurityScan/Clickspring adware | No |
| X | [random name] | chkdsk.exe | PurityScan/Clickspring adware. Unlike this file, the legitimate Windows chkdisk.exe will in Windows XP/2K/NT always be located in the WinntSystem32 or WindowsSystem32 folder, and ought moreover NOT to figure among the startups! | No |
| X | [random name] | d?xplore.exe | PurityScan/Clickspring adware | No |
| X | [random name] | dvdplay.exe | PurityScan/Clickspring adware | No |
| X | [random name] | spoolsv.exe | PurityScan/Clickspring adware. Do not confuse with the legitimate Microsoft Printer Spooler Service (spoolsv.exe) | No |
| X | [random name] | w?aclt.exe | PurityScan/Clickspring adware | No |
| X | [random name] | wucrtupd.exe | PurityScan/Clickspring adware. Do not confuse with the legitimate Windows Critical Update Notification (wucrtupd.exe) | No |
| X | [random name] | charmapnt.exe | Added by the BANCOS-DR TROJAN! | No |
| X | [random name] | n?tdde.exe | PurityScan/Clickspring adware | No |
| X | [random name] | r?gedit.exe | PurityScan/Clickspring adware | No |
| X | [random name] | r?ndll.exe | PurityScan/Clickspring adware | No |
| X | [random name] | scanregw.exe | PurityScan/Clickspring adware | No |
| X | [random name] | wuauboot.exe | PurityScan/Clickspring adware. Note - do not confuse with the legitimate wuauboot.exe file, which should not figure in Msconfig/Startup! | No |
| X | [random name] | w?nspool.exe | PurityScan/Clickspring adware | No |
| X | [random name] | svchost.exe | Added by the BANCBAN-JC TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "config" subfolder of the Winnt or Windows folder | No |
| X | [random name] | [random name].dll | SearchNet adware | No |
| X | [random name] | iexpl0ra.exe | Added by the ULPM.BD TROJAN! | No |
| X | [random name] | rundl13a.exe | Added by the GAMPASS-L TROJAN! | No |
| X | [random name] | Servere.exe | Added by the LEGMIR-AQM TROJAN! | No |
| X | [random name] | twain_32.exe | Added by the AGENT.AM TROJAN! Note - example names include "XviD", "Winamp Remote", "Windows Media Player" and "Futuremark" | No |
| X | [random name] | explore3.exe | Added by the DELF.FAN TROJAN! | No |
| X | [random number] | explorer.exe | Added by the KEYLOG-AN TROJAN! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one copies it's self under 9 additional file names in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| X | [Randomly chosen existing folder name] | _autorun.exe | Added by the ANTINNY-L WORM! | No |
| X | [Randomly chosen existing folder name] | _cfg.exe | Added by the ANTINNY-L WORM! | No |
| X | [Randomly chosen existing folder name] | _config.exe | Added by the ANTINNY-L WORM! | No |
| X | [Randomly chosen existing folder name] | _env.exe | Added by the ANTINNY-L WORM! | No |
| X | [Randomly chosen existing folder name] | _loader.exe | Added by the ANTINNY-L WORM! | No |
| X | [Randomly chosen existing folder name] | _login.exe | Added by the ANTINNY-L WORM! | No |
| X | [Randomly chosen existing folder name] | _setup.exe | Added by the ANTINNY-L WORM! | No |
| X | [Randomly chosen existing folder name] | _start.exe | Added by the ANTINNY-L WORM! | No |
| X | [random] | lsass.scr | Added by the BANCBAN-CW TROJAN! | No |
| X | [random] | svchost.scr | Added by the BANCBAN-CY TROJAN! | No |
| X | [trojan filename] | Install.exe | Added by the BANCBAN-FS TROJAN! | No |
| X | [trojan name] | svchost.exe | Added by the BANCBAN-CI TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! | No |
| X | [username] config | [path to trojan] | Added by the MOSUCK-H TROJAN! | No |
| X | [various filenames] | qtsks.exe | Added by the WEBDOR.Y TROJAN | No |
| X | [various names] | elf.exe | Elf is a hacker program, tied to a trojan server | No |
| X | [various names] | crsrs.exe | Added by the FORBOT-AK WORM! | No |
| X | [various names] | Windows32.exe | Added by any of a number of WORM or TROJAN variants | No |
| X | [various names] | bling.exe | Added by the RBOT-NI WORM! | No |
| X | [various names] | mediaplayer32.exe | Added by a variant of the RBOT WORM! | No |
| X | [various names] | winlogon32.exe | Added by an unidentified WORM or TROJAN! | No |
| X | [various names] | svchostss.exe | Added by a variant of the RBOT WORM! | No |
| X | [various names] | win32snd.exe | Added by the RBOT-DQ WORM! | No |
| X | [various names] | shch.exe | Premium rate adult content dialler | No |
| X | [various names] | PasswdMon.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | runload32.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | dstart2.exe | Adware - detected by Kaspersky as the SMALL.ALW TROJAN! | No |
| X | [various names] | msdos32.exe | Added by a variant of the AGENT.AH TROJAN! | No |
| X | [various names] | sitebar.exe | Added by an unidentified TROJAN! | No |
| X | [various names] | backorif.exe | Added by a NTROOTKIT TROJAN variant! | No |
| X | [various names] | bhoserv.exe | Added by a NTROOTKIT TROJAN variant! | No |
| X | [various names] | driver32.exe | Added by a variant of the SDBOT WORM! | No |
| X | [various names] | hyandex.exe | Added by a NTROOTKIT TROJAN variant! | No |
| X | [various names] | Uint32.exe | Added by a NTROOTKIT TROJAN variant! | No |
| X | [various names] | Uint32.exe | Added by a NTROOTKIT TROJAN variant! | No |
| X | [various names] | _ctcp.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | 10010.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | 321102.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | 34763.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | abrek.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | ActionScr.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | AliceSD.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | AppMasterCenter.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | atl_helper.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | ATLIEHELPER.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | avpmondll.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | awinrar.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | backd.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | backorif.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | barint.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | bhoserv.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | bingo9.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | bnui.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | Bogobot.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | borlandg.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | BoundRec.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | br0ken.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | Brong32.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | clamav.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | cmon14.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | cnftips.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | control64.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | corrida.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | CToolBar.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | DCC_send.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | defect08.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | Dest068.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | dialer423.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | diskserv.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | driver64.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | DTOURS.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | ERTYDF.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | ExchangeMaster.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | EXE32EXE.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | expoler.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | FLKPT.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | forces_elite.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | ftbar.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | gabber.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | hyandex.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | iehelper.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | iesetupdll.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | init32.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | InpriseMon.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | install2.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | jopplerg.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | Kargo.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | keybdll.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | KeywordFinder.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | killall.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | LOPTCON.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | media64.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | MNTP.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | MON76234.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | moniter.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | mozilla-text.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | msag.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | ms-its.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | MsNetHelper.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | new32.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | newbreed.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | nmdllw.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | NopeZ.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | NsCplTray.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | NSYSCPLSTR.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | NukeSpan.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | openstre.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | panel_its.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | ParisM.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | pizda.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | powerdll.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | PrcIdle.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | prcmon.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | Preliminary.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | prgsys0984.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | progmen.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | qwe.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | RtlFindVal.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | SAPSTR.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | sbin.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | scanSYS.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | Serviceprocess.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | SetupExeDll.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | Shaitan1678.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | slamm.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | sound64.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | SpyElim.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | srbho.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | ssweeper.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | StartCpl.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | startman.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | StatusCheck.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | stuffmon.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | sysconf16.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | SysEntry.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | sysmon12.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | syspanel.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | SysSupport.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | SYSTRAV.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | TemplateDongle.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | teqq32.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | Testimonials.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | TForm1.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | TorontoMail.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | Trayz.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | TRPT.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | trycrt.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | typeconf.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | Uint32.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | uio.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | UserSp1.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | utsgmon.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | vxdman.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | WhatsNewBot.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | WinInitDll.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | wormexe.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | WTFCTF.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | XTermInit.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | xwiz.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | xxtoolbar.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | zantu.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | zxc.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | ABCXYZ.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | dePloy.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | JAguAr.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | 80d0.exe | MediaMotor adware | No |
| X | [various names] | exe81.exe | MediaMotor adware | No |
| X | [various names] | exe82.exe | MediaMotor adware | No |
| X | [various names] | MSTCPDLL.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| X | [various names] | seli.exe | MediaMotor adware | No |
| X | \IEService.exe | IEService.exe | FastFind parasite variant | No |
| X | \Pribi.exe | Pribi.exe | FastFind adware variant | No |
| X | \SysInit | svchost.exe | Added by the STARTPA-BD TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Program Files/Common Files folder | No |
| X | \\TOOLS.exe | tools.exe | Lycos SideSearch/Fastfind.org adware | No |
| X | ^`d}qZxu | ~`d}qzxu3zYF | Added by the GAOBOT.GEN!POLY WORM! | No |
| X | _ | mzqdd.exe | Detected by Kaspersky as the AGENT.BZB TROJAN! See here | No |
| Y | _AntiSpyware | MssCli.exe | Part of McAfee AntiSpyware | No |
| Y | _AntiSpyware | masalert.exe | Part of McAfee AntiSpyware | No |
| X | _Cat1 | nmmst.exe | Added by the SMALL.SD TROJAN! | No |
| X | _Cat2 | nmstt.exe | Added by the SMALL-DT TROJAN! | No |
| X | _Cat3 | msmsgrxp.exe | Added by a variant of the SMALL-DT downloader TROJAN | No |
| X | _Cat4 | msmsgr2.exe | Added by the SMALL-EB TROJAN! | No |
| X | _explore manager | _explore.exe | Added by the SPEXTA-C TROJAN! | No |
| X | _Hazafibb | [path to file] | Added by the ZAFI.B WORM! | No |
| X | _mzu_stonedrv2 | _mzu_stonedrv2.exe | Added by a variant of the DWNLDR-FTB TROJAN! | No |
| X | _mzu_stonedrv3 | _mzu_stonedrv3.exe | Added by the DWNLDR-FTB TROJAN! | No |
| X | _mzu_stonedrv7 | _mzu_stonedrv7.exe | Added by a variant of the DWNLDR-FTB TROJAN! | No |
| X | _mzu_stonedrv8 | _mzu_stonedrv8.exe | Added by the DOWNLOADER-MZU TROJAN! | No |
| X | _ntrdlhost | _Ntrdlhost.exe | Added by the DLOADER-JV TROJAN! | No |
| X | _ntrRescueService | _ntrrs.exe | Added by the DLOADER-JV TROJAN! | No |
| X | _pnd_Panda Antivirus | _pnd_*****.exe [* = random char/digit] | Added by the AGENT.NAK TROJAN! | No |
| X | _Setv | Setv.com | Added by the BESAM WORM! | No |
| X | _svchost.con | svchost.com | Added by the ERKEZ.C WORM! | No |
| X | _SystemBoot | services.exe | Added by the SOBER-Q TROJAN! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a HelpHelp subfolder of the Windows or Winnt folder | No |
| X | _SystemDriver | csrss.exe | Added by the ASCETIC.B TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\addins\explorer | No |
| X | _System_Run | _svchost_.exe | Added by the LINEAGE-Z TROJAN! | No |
| X | _tdiserv_ | _tdicli_.exe | Added by the TDISERV.A WORM! | No |
| U | _winadm | winadm.exe | Parents Friend - "Log any activity and protect programs with a password. Further more you can lock the pc any hour in the week you want with the main password. You can also give users allowed programs in their program-lists and you can limit the maximal daily hours and maximal weekly hours user spend on the PC" | No |
| X | _WinCheck | services.exe | Added by the SOBER.V WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\ConnectionStatus\Microsoft | No |
| X | _WinData | services.exe | Added by the SOBER.AA WORM! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "PoolData" subfolder of the Windows or Winnt folder | No |
| X | _Windows | services.exe | Added by the SOBER.X WORM! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "WinSecurity" subfolder of the Windows or Winnt folder | No |
| X | _WinMain | winexec.exe | Added by the DLOADER-XX TROJAN! | No |
| X | _WinStart | services.exe | Added by the SOBER.O WORM! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a Connection WizardStatus subfolder of the Windows or Winnt folder | No |
| X | _winsystem.sys | smss.exe | Added by the SOBER.K TROJAN! Note - this is not the legitimate lsass.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a msagentwin32 subfolder of the Winnt or Windows folder | No |
| X | _x-Finder | _x-Finder.exe | Disconnects and redials an ISP modem to an adult content site | No |
| X | {**-**-**-**-**} | mrdsregp.exe | Zenosearch adware, where ** are random characters | No |
| X | {**-**-**-**-**} | rwwnw64d.exe | Identified as a variant of the AdWare.Win32.ZenoSearch.am malware, where ** are random characters | No |
| U | {0228e555-4f9c-4e35-a3ec-b109a192b4c2} | gnotify.exe | Google Gmail Notifier. Alerts you when you have new Gmail messages | No |
| X | {05CD0D77-4947-4a56-94FA-0DF0DC644D7B} | sysqyzwud.exe | Detected by McAfee as the FAKEALERT-AH TROJAN! See here | No |
| U | {1290A33C-85F5-4164-A1BE-7DD299D4986A} | PBKScheduler.exe | Scheduler for CyberLink PowerBackup - archiving/backup utility | No |
| X | {12EE7A5E-0674-42f9-A76B-000000004D00} | rundll32.exe stlb2.dll, DllRunMain | BrowserAid/BrowserPal foistware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| X | {157627A6-2A10-4aa1-B97F-90B8DC6F24AC} | sysqkmwfedz.exe | Added by the FAKEALERT.AH TROJAN! | No |
| X | {1C-CC-C5-54-ZN} | dwdsregt.exe | ZenoSearch adware | No |
| X | {29123221-3AF8-488c-85DE-6B3EC59E8074} | netmedia.exe | NetMedia adware | No |
| X | {2C70168B-97CE-4f31-B85D-1FEC5002721D} | sxpgknrwva.exe | Detected by McAfee as the FAKEALERT-AH TROJAN! See here | No |
| X | {2C70168B-97CE-4f31-B85D-1FEC5002721D} | sysavxjgdu.exe | Detected by McAfee as the FAKEALERT-AM TROJAN! See here | No |
| X | {2C70168B-97CE-4f31-B85D-1FEC5002721D} | sysawpbkvnq.exe | Detected by McAfee as the FAKEALERT-AH TROJAN! See here | No |
| X | {2C70168B-97CE-4f31-B85D-1FEC5002721D} | sysxhtcwbse.exe | Detected by McAfee as the FAKEALERT-AM TROJAN! See here | No |
| X | {2CF0B992-5EEB-4143-99C0-5297EF71F444} | rundll32.exe stlbdist.dll, DllRunMain | BrowserAid/BrowserPal foistware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "stlbdist.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| X | {2CF0B992-5EEB-4143-99C2-5297EF71F44B} | rundll32.exe stlbupdt.DLL, DllRunMain | BrowserAid/BrowserPal foistware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "stlbupdt.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| X | {2F-FF-F4-4C-ZN} | omdsregk.exe | ZenoSearch adware | No |
| X | {357AA41A-B7A8-4632-A27D-5B980B25CF43} | [path to svchost.exe] | Added by the SMALL-AQ TROJAN! | No |
| X | {357AA41A-B7A8-4632-A27D-5B980B25CF43} | services.exe | FakeMessage/AdRotator adware. Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in an "Inetsrv" subfolder | No |
| X | {357AA41A-B7A8-4632-A27D-5B980B25CF43} | [path to trojan] | Added by the SMALL-EP TROJAN! | No |
| X | {42562052-EE17-4197-82C7-91CB2E4B0666} | sysrswva.exe | Added by the FAKEALERT.AH TROJAN! | No |
| X | {52-28-8E-E8-ZN} | thinksnet.exe | Zeno Think-Adz adware | No |
| X | {78B578D7-BCE1-4d83-9CD4-195BC34D8CB3} | sxjecknqhu.exe | Detected by McAfee as the FAKEALERT-AM TROJAN! See here | No |
| X | {78B578D7-BCE1-4d83-9CD4-195BC34D8CB3} | syspyukrazv.exe | Detected by McAfee as the FAKEALERT-AH TROJAN! See here | No |
| X | {78B578D7-BCE1-4d83-9CD4-195BC34D8CB3} | syssfzvakqg.exe | Detected by McAfee as the FAKEALERT-AM TROJAN! See here | No |
| X | {7DD4A7AC-A3F1-4495-884A-7947C5B89108} | sysahbecjh.exe | Detected by McAfee as the FAKEALERT-AM TROJAN! See here | No |
| X | {8C-C4-4A-A4-ZN} | dwdsregt.exe | ZenoSearch adware | No |
| U | {914C5BF8-EEDD-4F3A-A8BE-34EE71CF1B29} | XPlay.exe | Xplay 3 from Mediafour Corporation - "expands what you can do with any iPod, including the iPhone and iTouch, and a Windows computer." If not used regularily start manually before connecting the iPod/iTouch | No |
| X | {9754B85A-3B34-4969-BE1F-CD03227E9470} | syszweuas.exe | Added by the FAKEALERT.AM TROJAN! | No |
| X | {9754B85A-3B34-4969-BE1F-CD03227E9470} | sysatjsicj.exe | Detected by McAfee as the FAKEALERT-AM TROJAN! See here | No |
| X | {A4C928E8-0ABA-4fd3-83DF-23BE54ADF9A4} | sxnwhbvrzc.exe | Detected by McAfee as the FAKEALERT-AM TROJAN! See here | No |
| X | {A4C928E8-0ABA-4fd3-83DF-23BE54ADF9A4} | sysqrnxstju.exe | Detected by McAfee as the FAKEALERT-AM TROJAN! See here | No |
| X | {B081DB1F-4EE6-4021-9DD4-8B300F0D636D} | syssngbeh.exe | Added by the FAKEALERT.AH TROJAN! | No |
| U | {B179023B-6238-4499-8F26-CD73E9D90E0A} | MacDrive.exe | MacDrive 7 from Mediafour Corporation - "enables anyone using Windows Vista, XP, and 2003 Server to seamlessly access Mac disks (HFS/HFS+) of all types, including CDs, DVDs, hard drives, floppy, Zip, Jaz, and more!" | No |
| X | {B3B48B54-C0EC-4705-8EE8-1981AEF656A7} | sysjcyrq.exe | Added by the FAKEALERT.AH TROJAN! | No |
| X | {BAAA759D-56F0-428c-B8DA-827EA3B08C2C} | sysawechod.exe | Detected by McAfee as the FAKEALERT-AH TROJAN! See here | No |
| X | {C2220120-1C24-4a79-BA7A-DDCBFC209DB3} | sysfbdgv.exe | Added by the FAKEALERT.AM TROJAN! | No |
| X | {C599792D-C6D9-461d-93CA-B48BFF8E37B1} | sysfdyev.exe | Added by the FAKEALERT.AM TROJAN! | No |
| X | {DD651081-A909-45ad-BD71-2335B0ADE043} | sysutrnez.exe | Added by the FAKEALERT.AH TROJAN! | No |
| X | {DD651081-A909-45ad-BD71-2335B0ADE043} | sysabmpmfr.exe | Detected by McAfee as the FAKEALERT-AH TROJAN! See here | No |
| X | {DD651081-A909-45ad-BD71-2335B0ADE043} | sysnxcphmgy.exe | Detected by McAfee as the FAKEALERT-AH TROJAN! See here | No |
| X | {E4785213-3EFE-4c26-A9B4-332440E31F6F} | sysrxmfdksp.exe | Detected by McAfee as the FAKEALERT-AH TROJAN! See here | No |
| X | {F758F78B-0885-490e-AA3C-4A38D28B0240} | sxpjbwvahn.exe | Detected by McAfee as the FAKEALERT-AM TROJAN! See here | No |
| X | {F758F78B-0885-490e-AA3C-4A38D28B0240} | sysyeabdgfp.exe | Detected by McAfee as the FAKEALERT-AM TROJAN! See here | No |
Presentation, format & comments Copyright © Paul Collins, 2001 - 2009
Portions Copyright © Peter Forrest, Denny Denham, Sylvain Prevost, Tony Klein, CastleCops & BleepingComputer
Software support by John Mayer
All rights reserved
