1 1a1 5a.exe1 00110Commercials file that registers itself in the system registry and redirects IE to a certain commercial website 01
1 5load=1 7a1g.exe1 00 25Added by the ATAK.B WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.atak.b@mm.html0
3 9a-squared1 11a2guard.exe1 00137a-Squared antitrojan - can be run on demand but necessary in Startup if you prefer the a▓ 'Background Guard' real time protection feature27http://www.emsisoft.com/en/0
3 2a▓1 11a2guard.exe1 00137a-Squared antitrojan - can be run on demand but necessary in Startup if you prefer the a▓ 'Background Guard' real time protection feature27http://www.emsisoft.com/en/0
0 7ADSL_A21 11A2Installed1 00 78Associated with an Integrated Telecom Express (ITeX) ADSL driver installation. 01
433Aureal A3D Interactive Audio Init1 11A3dInit.exe1 00 80For Aureal based 3D soundcards. A3D sound features won't work with this disabled 01
3 7A4Proxy1 11A4Proxy.exe1 00 87Anonymity 4 Proxy - local proxy server that makes you anonymous when visiting web sites47http://www.findincontext.com/a4proxy/review.htm0
111popuppers651 8a65d.exe1 00162Popuppers delivers popup ads to your computer. The file is found in the Windows folder. It also adds media-motor.net and popuppers.com to your trusted sites list. 01
0 8AAACLEAN1 12AAACLEAN.INF1 00 2?? 01
1 4Heps1 8aaea.exe1 00 67Unknown malware. Located in %userprofile%\Application Data\aaea.exe 01
3 3AAK1 7aak.exe1 00140Advanced Anti-Keylogger - "Anti-spy software to prohibit operation of any keyloggers currently in use or presently being developed anywhere"30http://www.anti-keylogger.net/0
412AcBtnMgr_Xxx1 16AcBtnMgr_Xxx.exe1 00133Associated with the Lexmark Xxx (where "xx" is the model) all-in-one printer/scanner/copier. Required for correct operation 01
426Lexmark Xxx Button Manager1 16AcBtnMgr_Xxx.exe1 00133Associated with the Lexmark Xxx (where "xx" is the model) all-in-one printer/scanner/copier. Required for correct operation 01
3 3acc1 7acc.exe1 00102Advanced Call Center - "full-featured yet easy-to-use answering machine software for your voice modem"53http://www.voicecallcentral.com/#advanced_call_center0
310Accelerate1 14accelerate.exe1 00170Webroot Accelerate - allows you to optimize Windows network registry settings in order to boost surfing speeds. Leave this enabled if you find it improves your connection55http://www.webroot.com/wb/products/accelerate/index.php0
120Windows Task Manager1 23ACCOUNT_DETAILS.DOC.exe1 00 28Added by the QUATERS.A WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.quaters.a@mm.html0
3 7AcctMgr1 11AcctMgr.exe1 00246NortonÖ Password Manager - part of Norton SystemWorks 2004 - stores passwords and other personal information, and retrieves the data needed for email logins, shopping orders, banking, and other online activitiesùall from the safety of your own PC44http://www.symantec.com/sabu/sysworks/basic/0
1 9system xp1 15acdsee demo.exe2 00 26Added by the SALGA.A WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.salga.a@mm.html0
0 8Ace bows1 12Ace bows.exe2 00 2?? 01
417AspireTimeMachine1 11acertmb.exe1 00189System recovery software supplied with some Acer notebook PCs. Similar to GoBack and the restore program in WinXP, allowing you to restore a PC back to a working state with minimal re-entry 01
1 5necix1 13aceyukujy.exe1 00 89Added by W32/Sdbot-UE, a WORM/IRC backdoor TROJAN and found in the Windows system folder.56http://www.sophos.com/virusinfo/analyses/w32sdbotue.html0
413ACMonitor_Xxx1 17ACMonitor_Xxx.exe1 00133Associated with the Lexmark Xxx (where "xx" is the model) all-in-one printer/scanner/copier. Required for correct operation 01
426Lexmark Xxx Button Monitor1 17ACMonitor_Xxx.exe1 00133Associated with the Lexmark Xxx (where "xx" is the model) all-in-one printer/scanner/copier. Required for correct operation 01
313Acombo3dmouse1 12Acombo3d.exe1 00 71Mouse driver - required if you use non-standard Windows driver features 01
3 8acoustic1 12acoustic.exe1 00112Control panel program for Philips Acoustic Edge soundcard. Not required unless changed settings aren't retained198http://www.consumer.philips.com/global/b2c/ce/catalog/product.jhtml;jsessionid=5ZTUCSVZIGCWUCRQNFJRX1YKGBUEWHAW?divId=0&groupId=PCSTUFF&catId=&subCatId=SOUNDCARDS&productId=PSC706_050
317Acrobat Assistant1 12ACROTRAY.EXE1 00190Used to create PDF files with Acrobat Distiller. For Win9x/Me systems you can run this file manually beforehand. For WinXP systems this file must run at startup. Hence the "U" recommendation 01
413AolAcsDaemon11 8Acsd.exe1 00188AOL Connectivity Service - starts an automatic function that restores the connection should you lose it while online. Negates having to go through the procedure of signing back on manually 01
119DyFuCA Active Alert1 12actalert.exe1 00 32Adult content dialler - see here57http://www.sophos.com/virusinfo/analyses/dialdyfucaa.html0
011ActionAgent1 15actionagent.exe1 00204"A COM server that runs on the client as part of the Dell OpenManage Client Instrumentation 6.x package; provides a simple method for a remote administrator to perform actions on the instrumented client". 01
120kernel system daemon1 13ACTIVAT0R.exe1 00 28Added by the RANDEX.AW WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.aw.html0
210Activation1 14Activation.exe1 00 23Part of Microsoft Money 01
216MoneyStartUp10.01 14Activation.exe1 00 53Part of MS Money 2002. Available via Start - Programs 01
1 8ACTIVEDS1 12ACTIVEDS.EXE1 00 28Added by the OPASERV.T WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.T0
210ActiveEyes1 14ActiveEyes.exe1 00 30ActiveEyes from TFI Technology53http://www.tfi-technology.com/products.htm#ActiveEyes0
310ActiveMenu1 14ActiveMenu.exe1 00254WildTangent games that come with some HP computers. Unchecking it can prevent the games from running occasionally. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case38http://www.wildtangent.com/default.asp0
317HPGamesActiveMenu1 14ActiveMenu.exe1 00254WildTangent games that come with some HP computers. Unchecking it can prevent the games from running occasionally. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case38http://www.wildtangent.com/default.asp0
313Active shield1 16Activeshield.exe1 00177Active Shield is "an heuristic screen that actively protects your computer from trojans, spyware, adware, trackware, dialers, keyloggers, and even some special kinds of viruses"34http://www.securitystronghold.com/0
3 8ActMaker1 12ActMak25.exe1 00198"ActMaker mouse and keyboard toolkit can record the daily operation of your computer and reduce your workload. You don't need to do any coding, nor are you required to know a lot about the computer"34http://www.789987.com/products.htm0
3 3ACU1 7ACU.exe1 00 45Atheros wireless Client Utility For HP Compaq38http://www.nus.edu.sg/winzone/atheros/0
2 8Ad-aware1 12Ad-aware.exe1 00162Ad-aware from Lavasoft. Checks your PC for "Spyware" which reports back your internet activities to "base". Available via Start -> Programs40http://www.lavasoft.de/software/adaware/0
214Adaware Bootup1 12ad-aware.exe1 00162Ad-aware from Lavasoft. Checks your PC for "Spyware" which reports back your internet activities to "base". Available via Start -> Programs40http://www.lavasoft.de/software/adaware/0
117Lavasoft Ad-Aware1 12Ad-Aware.exe1 00 93Added by the RBOT-SO WORM! Note - this is not the popular Ad-aware spware/adware removal tool55http://www.sophos.com/virusinfo/analyses/w32rbotso.html0
3 8Ad-watch1 12Ad-watch.exe1 00147Part of Lavasoft Ad-aware Plus - realtime spyware-monitor watching your memory and registry for spyware that tries to install or change your system40http://www.lavasoft.de/software/adaware/0
3 5AWMON1 12Ad-Watch.exe1 00147Part of Lavasoft Ad-aware Plus - realtime spyware-monitor watching your memory and registry for spyware that tries to install or change your system40http://www.lavasoft.de/software/adaware/0
316Lavasoft Adwatch1 12Ad-watch.exe1 00147Part of Lavasoft Ad-aware Plus - realtime spyware-monitor watching your memory and registry for spyware that tries to install or change your system40http://www.lavasoft.de/software/adaware/0
310AD2KClient1 14AD2KClient.exe1 00190Executable for Active Disk from Iomega disk - allows software applications to be run directly from an Iomega Zip« disk. Required if you wish the applications to launch on insertion of a disk42http://www.iomega-activedisk.com/index.jsp0
114Adaware lptt011 11adaware.exe1 00234Variant of the RapidBlaster parasite (in a "Adaware" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here. Note - this is not the valid Lavasoft Adaware49http://www.doxdesk.com/parasite/RapidBlaster.html0
114Adaware ml097e1 11adaware.exe1 00186Variant of the RapidBlaster parasite (in a "Aimaol" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here49http://www.doxdesk.com/parasite/RapidBlaster.html0
113foobin lptt011 11adaware.exe1 00184Variant of the RapidBlaster parasite (in a "foo1" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here49http://www.doxdesk.com/parasite/RapidBlaster.html0
113foobin ml097e1 11adaware.exe1 00184Variant of the RapidBlaster parasite (in a "foo1" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here49http://www.doxdesk.com/parasite/RapidBlaster.html0
111AdDestroyer1 15AdDestroyer.exe1 00308Like VirtualBouncer, malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the malware it claims to remove/prevent, so definitely qualifies as unsolicited commercial software in itself. It also has an update feature that can download and execute arbitrary code 01
1 7svchost1 11ADMAGIC.EXE1 00124Added by the SMIBAG WORM! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup!76http://securityresponse.symantec.com/avcenter/venc/data/w32.smibag.worm.html0
120Admanager Controller1 12AdManCtl.exe1 00134This is a WindUpdates variant. You can uninstall it from Add/Remove Programs. It is found in C:\Program Files\Admanager Controller\. 01
118ADM Library Loader1 12admlib32.exe1 00 39Added by a variant of the SDBOT TROJAN!75http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.html0
310Ad-Muncher1 11ADMUNCH.EXE1 00184Ad Muncher removes adverts, pop-ups and general annoyances in your browser, file-sharing and messenger programs. Causes conflicts with Outlook, game sites and web-building applications25http://www.admuncher.com/0
318Adobe Gamma Loader1 22Adobe Gamma Loader.exe2 00231Adjusts monitor colours across all programs, including Photoshop. It is needed by some graphics professionals who want their monitor calibrated. Most home users will not need it. In my case I can verify this as Photoshop loads fine 01
1 5Adobe1 9Adobe.exe1 00 47Added by an unidentified VIRUS, WORM or TROJAN! 01
4 6dlmMgr1 24AdobeDownloadManager.exe1 00260This is Adobe's download manager that allows for resuming of partially complete downloads from their site. If you want the program to continue downloading you need to keep this entry. When it has completed downloading it will remove itself from the registry. 01
416Adobe LM Service1 14Adobelmsvc.exe1 00306This is Adobe's license management service that is used to make sure you are not using a pirated copy of their software. It does this by examining your hardware on your computer and asking you to reregister if this changes. This can not be disabled as it will reenable when you use one of their products. 01
1 6AdobeA1 10adobes.exe1 00 29Added by the FLOOD.BA TROJAN!43http://vil.nai.com/vil/content/v_100373.htm0
111ATM Control1 8adpn.exe1 00 24Added by the MMS.A WORM!86http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MMS.A&VSect=T0
3 9ADService1 13ADService.exe1 00175Part of Iomega's Active Disk - allows software applications to be run directly from an Iomega Zip« disk. Required if you wish the applications to launch on insertion of a disk42http://www.iomega-activedisk.com/index.jsp0
4 4ADSS1 8ADSS.exe1 00225ADSS is part of Access Denied security and privacy software (Access Denied Security Server) that monitors power status and provides some other services for Screen Guard. Important to keep its running while using Access Denied22http://www.johnru.com/0
310AdSubtract1 9adsub.exe1 00151AdSubtract blocks ads, cookies, pop-up windows, animations, music, and more. Can be disabled from within AdSubtract. Available via Start -> Programs26http://www.adsubtract.com/0
216Subtract the Ads1 9AdSub.exe1 00 62Removes adverts from web pages. Although useful - not required 01
213ADQuickAccess1 10Adtray.exe1 00112After Dark for Windows. Screen saver creation program produced before screen savers became integrated into Win95 01
1 6AdultX1 10AdultX.exe1 00 34Adult content dialler and hijacker 01
3 9ADUserMon1 13ADUserMon.exe1 00175Part of Iomega's Active Disk - allows software applications to be run directly from an Iomega Zip« disk. Required if you wish the applications to launch on insertion of a disk42http://www.iomega-activedisk.com/index.jsp0
1 6Advapi1 10Advapi.exe1 00 30Added by the NETDEVIL.12 WORM!80http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_NETDEVIL.120
220Advanced Tools Check1 10ADVCHK.EXE1 00141Checks when you install a new version of a Norton product that you have uninstalled all previous versions. Serves as a reminder if you forget 01
2 6ADVCHK1 10ADVCHK.EXE1 00141Checks when you install a new version of a Norton product that you have uninstalled all previous versions. Serves as a reminder if you forget 01
1 8advmon321 12advmon32.exe1 00 43Added by a variant of the CRYPTER.C TROJAN!58http://www.sophos.com/virusinfo/analyses/trojcrypterc.html0
1 3adw1 7adw.exe1 00 74Added by the Troj/AdClick-BK Trojan! File is found in the Windows folder.59http://www.sophos.com/virusinfo/analyses/trojadclickbk.html0
2 5load=1 9adw30.exe1 00102After Dark for Windows - screen saver program. Popular before screen savers were integrated into Win95 01
210Adware Spy1 13AdwareSpy.exe1 00 86Bogus adware remover, see this list of Rogue/Suspect Anti-Spyware Products & Web Sites52http://www.spywarewarrior.com/rogue_anti-spyware.htm0
012Aeiwlsta.exe1 12Aeiwlsta.exe1 00 42IBM High Rate Wireless LAN Adapter driver. 01
210SharkEject1 11AEJCT32.exe1 00136Allows you to eject a disk from the Avatar Shark drive from the system tray. When loaded, there is a desktop icon so this isn't required 01
2 8AELaunch1 12AELaunch.exe1 00 68Audio Applications Launcher for the Philips Acoustic Edge soundcard198http://www.consumer.philips.com/global/b2c/ce/catalog/product.jhtml;jsessionid=5ZTUCSVZIGCWUCRQNFJRX1YKGBUEWHAW?divId=0&groupId=PCSTUFF&catId=&subCatId=SOUNDCARDS&productId=PSC706_050
3 8NSHelper1 22aexnsinstallhelper.exe1 00 91Altiris Express Notification Server Install helper - monitors integrity of the installation 01
121Adobe Filter Platform1 19afilterplatform.exe1 00 26Added by the RBOT-OP WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotop.html0
2 5Agent1 9Agent.exe1 00174Cyberlink Power VCR II 3.0 is a TV tuner recording utility. If you want to schedule recordings you'll need this, otherwise can be disabled. Available via Start -> Programs24http://www.cyberlink.com0
2 9LookNMeet1 9Agent.exe1 00 24LooknMeet dating service47http://217.22.55.178/rdl/lnm_v4.3/nl/index.html0
3 8AgfaCLnk1 12AgfaCLnk.exe1 00162For Agfa digital cameras connected via USB. Enables Windows to access the contents of the memory stick (while the stick's still on the camera) via a virtual drive 01
1 3agp1 9agp32.exe1 00 28Added by the GAOBOT.SY WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.sy.html0
2 6acpart1 12agpart11.exe1 00 34Program for finding trucks on-line 01
219Creative AGP Wizard1 10agpwiz.exe1 00 33Part of Creative's BlasterControl 01
313QuickPassword1 12agquickp.exe1 00 69Smart card-based authentication and digital signature client software 01
213Forget Me Not1 12AGRemind.exe1 00 57Calendar reminder part of American Greetings« CreataCard« 7#FF00000
4 8AGRSMMSG1 12AGRSMMSG.exe1 00 20IBM AMR modem driver 01
211AGSatellite1 15AGSatellite.exe1 00111Program from AudioGalaxy that lets you download some MP3s from their server. Available via Start -> Programs 01
3 4ahfp1 8ahfp.exe1 00323Advanced Hide Folders - "is powerful file security program. It allows to hide folders or hide files. Advanced Hide Folders is very useful to keep your personal data away from others. Others will not know where your personal files exist and they will not be able to accidentally view, delete or modify them either"22http://www.softbe.com/0
3 7ahfprog1 8ahfp.exe1 00323Advanced Hide Folders - "is powerful file security program. It allows to hide folders or hide files. Advanced Hide Folders is very useful to keep your personal data away from others. Others will not know where your personal files exist and they will not be able to accidentally view, delete or modify them either"22http://www.softbe.com/0
3 5AHNSD1 9AhnSD.exe1 00 89AhnLab V3 antivirus updater - leave enabled unless you manually update on a regular basis48http://home.ahnlab.com/english/product/01_1.html0
0 5AHNUE1 9AHNUE.exe1 00 2?? 01
2 7AHQInit1 11ahqinit.exe1 00147Part of AudioHQ for the Soundblaster Live!. Appears as though it makes the AudioHW toolbar drop down from the top of the desktop and isn't required 8#AudioHQ0
2 6AutoEA1 10Ahqrun.exe1 00189For Creative Soundblaster Live! series soundcards. Specify for any audio application what audio preset to automatically associate with currently active speaker output. Available via AudioHQ 01
2 7AudioHQ1 9Ahqtb.exe1 00133For Creative Soundblaster Live! series soundcards. System tray application for SB Live! functions. Available via Start -> Programs 01
4 5load=1 12AICLIENT.EXE1 00141Asset Insight from Tangram - asset managing software. Required if an organisation is running a centrally administered asset management system32http://www.tangram.com/index.htm0
338Another Internet Explorer Popup Killer1 9aiepk.exe1 00 40Another IE Popup Killer - pop-up stopper56http://www.fadsoft.com/Another%20IE%20Popup%20Killer.htm0
112AIM reminder1 16AIM reminder.exe2 00 26Added by the BUDDY TROJAN!76http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_BUDDY.E0
2 3AIM1 7aim.exe1 00146AOL Instant Messenger. If connected to the internet, automatically runs up AIM. Convenience more than anything. Available via Start -> Programs 01
120Configuration Loader1 9aim95.exe1 00 39Added by the LOADCFG or SDBOT TROJANS!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_LOADCFG.A0
113aimaol lptt011 10aimaol.exe1 00186Variant of the RapidBlaster parasite (in a "Aimaol" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here49http://www.doxdesk.com/parasite/RapidBlaster.html0
113aimaol ml097e1 10aimaol.exe1 00186Variant of the RapidBlaster parasite (in a "Aimaol" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here49http://www.doxdesk.com/parasite/RapidBlaster.html0
211AimingClick1 15AimingClick.exe1 00 83AimingClick from AimingTech. Web searching tool. Available via Start -> Programs46http://www.aimingtech.com/aimingclick/home.htm0
212AIMWDInstall1 16AIMWDInstall.exe1 00240Version of the WildTangent on-line games installer that came with versions of AOL Instant Messenger. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case38http://www.wildtangent.com/default.asp0
418D-Link Air Utility1 10AirCFG.exe1 00 35D-Link wireless PCI adapter related 01
321Media Manager Indexer1 11AIRSVCU.EXE1 00284Part of MS Visual InterDev, Media Manager is an easy media file management system that works in conjunction with Windows Explorer. The Media Manager Indexer is a program that indexes all the information about your media files and puts it into a database. For more information see here79http://www.cug.edu.cn/fwzn/wlzx/wlfw/vid/USINGVID/0-7897/0-7897-0762-4/ch09.htm0
133Microsoft Synchronization Manager1 6al.exe1 00 32Added by the OPTXPRO.132 TROJAN!93http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=BKDR_OPTXPRO.1320
313Alarm Manager1 13Alarm.app.exe1 00 93Palm alarm event reminder that coordinates what is on your Palm with settings on your desktop 01
012AlarmWatcher1 16AlarmWatcher.exe1 00 88Associated with SynTPEnh and SynTPLpr which are from Synaptics for touchpads on laptops. 01
3 9LaunchApp1 11Alaunch.exe1 00 35Acer Launch tool utility on laptops23http://global.acer.com/0
1 6alcmtr1 10ALCMTR.EXE1 00213Realtek AC97 Audio - Event Monitor. "Sypware" file used surreptitiously monitor one's actions. It is not a sinister one, like remote control programs, but it is being used by Realtek to gather data about customers 01
2 7AlcWzrd1 11ALCWZRD.EXE1 00181RealTek High Definition audio driver related - detects new devices when plugged in, then pops up a dialog box. If everything works as expected you should be able to disable this one 01
111AlcxMonitor1 12Alcxmntr.exe1 00208Realtek AC97 Audio - Event Monitor. Sypware file used surreptitiously monitor one's actions. It is not a sinister one, like remote control programs, but is being used by Realtek to gather data about customers 01
312PC Alert III1 9alert.exe1 00119MSI PC Alert III - allows you to view your system and cpu temperature, fan rpm and more. Only required if you overclock 01
1 6Alevir1 10Alevir.exe1 00 55Added by the OPASERV.A or OPASERV.F or OPASERV.G WORMS!57http://www.sophos.com/virusinfo/analyses/w32opaserva.html0
2 5Alexa1 10Alexa.exe?1 00219Alexa Toolbar "is a downloadable toolbar that helps you navigate the Internet as you surf, by instantly providing you with related information about the site you're viewing". Available via Start -> Programs65http://download.alexa.com/alexa65/startpage.html?p=Dest_W_g_40_L10
017ALFY Accellerator1 12AlfyAC~1.exe1 00 2?? 01
124Microsoft ALG32 Protocol1 9alg32.exe1 00 38Added by a variant of the SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
225Alias SketchBook Snapshot1 12ALIASS~2.EXE1 00 43Screen-capture utility for Alias Sketchbook 01
3 7allSnap1 11allSnap.exe1 00147"allSnap is a small system tray app that makes all top level windows automatically align like they do in programs such as Winamp or Photoshop"48http://members.rogers.com/ivanheckman/index.html0
213AllTracksGone1 17alltracksgone.exe1 00471AllTracksGone lets you clear your tracks. It deletes files stored on your computer. For example, the web pages you've visited are stored in your URL History. Images you've seen on your computer are stored in a cache file. There are many other files that AllTracksGone can "clean". From one simple interface, you can have AllTracksGone clear your computer of unnecessary files on a regular basis. Normally located in C:\Program Files\AllTracksGone\alltracksgone.exe.28http://www.alltracksgone.com0
021AOL Instant Messenger1 7AlM.EXE1 00 99That is an L between the A and M, the start up location is wrong for AIM. What does this relate to? 01
319AcerNotebookManager1 13almxptray.exe1 00 82System Tray access on some Acer Notebooks to give faster access to system settings 01
3 8Alogserv1 12Alogserv.exe1 00372From McAfee VirusScan for logging scanning activities. In some cases, if left running it can cause CPU % usage to go between 5-95% or go to and stay at 100%. Disabling it impacts on the reported last scan date. It is reported to cause jerky graphics response in many games. As of version 6, this is a critical component of McAfee and disabling it can cause a PC to lock up 01
4 7Alerter1 10alrsvc.dll1 00125This service is used to notify selected computers and users of alerts from programs. This service is started by svchost.exe. 01
314AltoMB_service1 13AltoMBsrv.exe1 00125Alto Memory Booster from Alto Software - boost the computers performance via more intelligent and efficient memory management28http://www.altosoftware.com/0
3 8ALUAlert1 13ALUNotify.exe1 00116Notification reminder for Symantec's LiveUpdate. Leave enabled unless you manually run LiveUpdate on a regular basis 01
316AlwaysOnTopMaker1 20AlwaysOnTopMaker.exe1 00120Always On Top Maker - utilty to enable an application to always be displayed "on top" of others on the desktop43http://www.fadsoft.com/AlwaysOnTopMaker.htm0
217Action Manager 321 8am32.exe1 00136Associated with a Plustech scanner. Small utility that runs in the background for doing fax/copy/etc. Available via Start -> Programs 01
310CA-AMAgent1 11amagent.exe1 00355Unicenter Asset Management is a solution for proactively managing IT assets in a business environment. It provides full-featured asset tracking capabilities through automated discovery, hardware inventory, network inventory, software inventory, configuration management, software usage monitoring, license management and extensive cross-platform reporting47http://www3.ca.com/Solutions/Product.asp?ID=1940
4 4Amon1 8AMON.EXE1 00 45Monitoring part of Eset's NOD32 virus-scanner34http://www.nod32.com/home/home.htm0
4 8Amonitor1 8amon.exe1 00 22Tiny Personal Firewall44http://www.tinysoftware.com/home/tiny2?la=EN0
310WheelMouse1 12AMOUMAIN.EXE1 00 99A4Tech wireless mouse driver and utility - required if you use non-standard Windows driver features46http://www.a4tech.com/a4techenglish/index.html0
117lnternet Explorer1 12AMSNDMGR.EXE1 00120Added by the KWBOT.R WORM! Note that the "l" is a lower case "L" and not an upper case "I"84http://http://securityresponse.symantec.com/avcenter/venc/data/w32.kwbot.r.worm.html0
113Bar Ding lolt1 10Analiz.exe1 00 26Added by the RBOT-RP WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotrp.html0
212Utopia Angel1 9Angel.exe1 00 37Calculator for the online Utopia game31http://games.swirve.com/utopia/0
213Announcements1 12Annclist.exe1 00163MS WebTV for Windows. Used to display TV on your PC via a compatible video card with in-built tuner (such as ATI All-In-Wonder). If you don't use it - uninstall it 01
231Microsoft Announcement Listener1 12Annclist.exe1 00163MS WebTV for Windows. Used to display TV on your PC via a compatible video card with in-built tuner (such as ATI All-In-Wonder). If you don't use it - uninstall it 01
2 7Anntext1 11Anntext.exe1 00 39Caere Pagekeeper text annotation server 01
1 9HideStyle1 21Ante Browse Trust.exe2 00123IE toolbar taking you to Lop.com. If the exe is running, end it and remove the "Stupidmore" directory from C:\Program Files 01
320Anti-keylogger check1 11antikey.exe1 00 79Anti-keylogger - protects against keylogger programs monitoring your keystrokes31http://www.anti-keyloggers.com/0
320AntiWindowsMessenger1 13AntiMsMsg.exe1 00111Anti-Windows_Messenger is a small application that prevents Windows Messenger from remaining resident in memory49http://fileforum.betanews.com/detail/1069500643/10
3 9AntiPopUp1 13AntiPopUp.exe1 00 33AntiPopUp for IE - pop-up stopper38http://www.webknacks.com/antipopup.htm0
3 5ppass1 11Antispy.exe1 00172AntiSpy firewall - "program designed to combat against various types of intrusion and monitoring programs currently in use or presently being developed worldwide"59http://www.antivirus-program.com/antivirus_program/antispy/0
127Windows Anti-Virus Built 321 15AntiVirus32.exe1 00 27Added by the SDBOT-BG WORM!56http://www.sophos.com/virusinfo/analyses/w32sdbotbg.html0
0 9Eac_rnvdl1 21ANTIVIRUS_INSTALL.EXE1 00 2?? 01
4 5AnVir1 9AnVir.exe1 00102AnVir Task Manager - protects computer against viruses and manages running processes and startup files29http://anvir.com/taskmanager/0
418AnVir Task Manager1 9AnVir.exe1 00102AnVir Task Manager - protects computer against viruses and manages running processes and startup files29http://anvir.com/taskmanager/0
3 8anvshell1 12anvshell.exe1 00202System Tray tool for ASUS video cards. If disabled you lose all the ASUS specific video card options in Control Panel -> Display Properties -> Advanced as well as the System Tray shortcuts toolbar 01
2 6AnyDVD1 10AnyDVD.exe1 00195"AnyDVD is a driver, which descrambles DVD-Movies automatically in the background. This DVD appears unprotected and region code free for all applications and the Windows operating system as well"37http://www.slysoft.com/en/anydvd.html0
0 4ugon1 12aockstrs.exe1 00 2?? 01
214AOL Fast Start1 10AOL.EXE -b2 00154This allows AOL to load in the background when your computer starts. This make the program launch quicker when you want to use it, but uses up resources. 01
124Microsoft AOL32 Protocol1 9aol32.exe1 00 38Added by a variant of the SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
413AolAcsDaemon11 11AOLACSD.EXE1 00188AOL Connectivity Service - starts an automatic function that restores the connection should you lose it while online. Negates having to go through the procedure of signing back on manually 01
117AOL 9.0 Optimized1 13AOLCLIENT.EXE1 00 82Added by the Backdoor.Spyboter.A Trojan! File found in the Windows system folder.66http://www.sarc.com/avcenter/venc/data/pf/backdoor.spyboter.a.html0
2 9AOLDialer1 11AOLDial.exe1 00 69AOL ISP software dialer - can be activated through a desktop shortcut 01
2 6AolFix1 10AolFix.exe1 00211Run on Gateway Astra computers, and maybe a few others. Designed to repair a bad registry key in Gateway computers that would not allow AOL to run correctly. Not seen much any more and should only run once 01
011HostManager1 18AOLHostManager.exe1 00 43In a Program Files\Common Files\AOL folder. 01
113AOL Messenger1 12aolmsngr.exe1 00 27Added by the SDBOT-JF WORM!56http://www.sophos.com/virusinfo/analyses/w32sdbotjf.html0
228America Online *.* Tray Icon1 11aoltray.exe1 00126Puts AOL icon in System Tray (*.* denotes version if present). Connect to AOL via the desktop shortcut or Start -> Programs 01
3 8ccWasher1 13aolwasher.exe1 00200Webroot Cache & Cookie Washer - cleaning browser tracks, including cache, cookies, history, mail trash, drop-down address bar, auto-complete forms and downloaded program files for IE, Netscape and AOL 01
1 6Aornum1 10aornum.exe1 00107Installed along with iWon Prize Machine. Based upon their privacy statement this can be regarded as spyware79http://www.iwon.com/home/prizes/pm3_overview/0,21311,,00.html?PG=home?SEC=fnstf0
2 7AO Tray1 10AOTray.Exe1 00102System Tray application for AOpen soundcards. Can be run manually via Start - Settings - Control Panel 01
2 6AOTray1 10AOTray.Exe1 00102System Tray application for AOpen soundcards. Can be run manually via Start - Settings - Control Panel 01
322Monitor Apache Servers1 17ApacheMonitor.exe1 00125Part of the Apache Web Server package. Useful only if you're running such a server on your PC. Available via Start - Programs 01
4 8apc_tray1 12apc_tray.exe1 00124Part of the APC UPS software loaded with the BACK-UPS CS 350 unit. Required to monitor the APC unit in case of power failure 01
1 5API321 9api32.exe1 00 29Added by the IRCBOT-B TROJAN!57http://www.sophos.com/virusinfo/analyses/trojircbotb.html0
1 6APIMon1 11apimonx.exe1 00 40Added by the TIBSER.A downloader TROJAN! 01
0 8Apmsrv9x1 12APMSRV9X.EXE1 00 48Intel AnyPoint Wireless II Home Network related. 01
3 9AlpsPoint1 10Apoint.exe1 00261Touchpad software for laptop PC's. For instance it is found on the Panasonic machines and allows part of the touchpad to be used for document or Web-page scrolling. Required for proper functioning of the pointing software but not required for the laptop to work 01
3 6Apoint1 10Apoint.exe1 00261Touchpad software for laptop PC's. For instance it is found on the Panasonic machines and allows part of the touchpad to be used for document or Web-page scrolling. Required for proper functioning of the pointing software but not required for the laptop to work 01
1 5Prein1 38APP****.tmp [* = random char or digit]2 00 19Unidentified adware 01
120[executed file name]1 7App.exe1 00 25Added by the WAXPOW WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.waxpow.worm.html0
1 7appconn1 11appconn.exe1 00 25Added by the CARGAO WORM!74http://securityresponse.symantec.com/avcenter/venc/data/trojan.cargao.html0
311AppExtender1 12AppExtCB.exe1 00100Loads the Confimax add-in for popular E-mail programs to confirm E-mails have been sent and received67http://www.confimax.com/?PHPSESSID=aefc68296846f048b5b7ae96e48d854f0
1 9appis.exe1 9appis.exe1 00 29Added by the AGENT-BC TROJAN!68http://pestpatrol.com/PestInfo/t/trojandownloader_win32_agent_bc.asp0
3 7AppPlus1 11AppPlus.exe1 00249AppPlus - "menu bar or tray launcher that docks to your desktop, floats or sits in your System Tray. Create graphic/text-based buttons that launch any number of programs, Websites, e-mail addresses or folders (which open in the AppPlus Menu System)"29http://www.appplusonline.com/0
014ENSApServer2_01 12APSERVER.EXE1 00 48Intel AnyPoint Wireless II Home Network related. 01
3 8AEZBProc1 11aptezbp.exe1 00203IBM Aptiva keyboard customizer - enables certain special buttons on keyboard for CD operation, volume control, and few quickstart buttons. Keyboard will work without it but you lose the special functions 01
4 5Apvxd1 12APVXDWIN.EXE1 00 71Part of Panda Anti-Virus. Required to enable permanent virus protection29http://www.pandasoftware.com/0
4 8Apvxdwin1 12APVXDWIN.EXE1 00 71Part of Panda Anti-Virus. Required to enable permanent virus protection29http://www.pandasoftware.com/0
4 7Apwheel1 11Apwheel.exe1 00 37Wheel support for an Alps mouse 01
111aqadcup.exe1 11aqadcup.exe1 00 27Added by the AGENT.BG WORM!71http://www.liutilities.com/products/wintaskspro/processlibrary/aqadcup/0
2 4ares1 8ares.exe1 00246Ares is "a Windows program that enables peer-to-peer file-sharing on the Ares P2P network. As a member of the P2P community you can search and download any file shared by other users. You can meet new friends in Ares chatrooms while you download"39http://www.aresgalaxy.org/download.html0
2 8areslite1 12AresLite.exe1 00259Ares Lite Edition is "a Windows program that enables peer-to-peer file-sharing on the Ares P2P network. As a member of the P2P community you can search and download any file shared by other users. You can meet new friends in Ares chatrooms while you download"39http://www.aresgalaxy.org/download.html0
1 7Aritima1 11aritima.exe1 00 25Added by the ARITIM WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.aritim.html0
219Access Ramp Monitor1 11armon32.exe1 00433Monitors your progress on the internet; hang-ups, connection speeds, internet congestion and traffic flow. It prevents some games from running also. To disable the Access Ramp Monitor (1) Open Windows Explorer (2) Open the Program Files folder (3) Open the MindSpring folder (4) Open the AccessRamp folder (5) Double-click on the ARMCfg32.exe file (6) Uncheck Enable Dialup Monitor and click OK (7) Restart the computer and try again 01
220AccessRamp Monitor011 12ARMon32a.exe1 00681From a visitor "Just wanted to provide you with some info on Access Ramp software installed with Verizon DSL accounts in those areas that use the Winpoet PPPoE software. The Access Ramp TSRs are installed as part of IP Insight software (can't remember the software maker). You can decline to install IP Insight during Winpoet setup, or go into Add/Remove programs uninstall IP Insight by hand if it's already installed. It really doesn't do a darn thing for you. It was intended to help DSL techs monitor QoS, but the backend part was never implemented (at least as of earlier this year). This will not affect the user's ability or inability to access their DSL service." 01
110MS-Connect1 7arr.exe1 00 32Adult content dialler - see here49http://vil.mcafee.com/dispVirus.asp?virus_k=999720
3 6Artera1 12arteraui.exe1 00132Artera Turbo Internet Accelerator - "surf faster, boost download speed". Only required if you find it helps improve your performance27http://www.arteraturbo.com/0
215AccessRampLAN011 12ARUpld32.exe1 00683Version of the AccessRamp Monitor01 entry for LAN connections - a history uploader. The key in turning it off is a file named ARUCfg32.exe. This file (ARUCfg32.exe) does not show up in the startup process. If you have this file, you can execute it and remove all the monitoring activities it does. Removing all the checks in all the boxes (both tabs) still calls ARUpld32.exe to start when you start the dial up. You can block it from sending info if you have Zone Alarm installed. Renaming the extension of ARUCfg32.exe to ARUCfg32.exe1 works. The ARUpld32.exe is not loaded when launching the dial up client. Written by IP Insight and also included with Earthlink Total Access 2003 01
116Microsoft Update1 9ascdl.exe1 00 28Added by the GAOBOT.SY WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.sy.html0
116LoadPowerProfile1 10ASDAPI.EXE1 00130Added by the CABRO TROJAN! Not to be confused with the valid LoadPowerProfile entry where the command is Rundll32.exe powrprof.dll75http://securityresponse.symantec.com/avcenter/venc/data/backdoor.cabro.html0
213ASE Scheduler1 17ASE Scheduler.exe2 00174Aluria Software's spyware removal tool - we can't really recommend this product as Aluria have recently partnered with WhenU, the well known adware company, see here and here98http://www.boston.com/business/technology/articles/2004/11/06/spyware_killer_displays_its_own_ads/0
3 8RunAlert1 12AService.exe1 00199a target="_blank" href="http://www.msi.com.tw/program/products/pro_index.php"MSI MOtherboard PC Alert III - MSI motherboard monitoring software. Only required if you "overclock" your system 01
315Spyware Scanner1 14AseScanner.exe1 00174Aluria Software's spyware removal tool - we can't really recommend this product as Aluria have recently partnered with WhenU, the well known adware company, see here and here98http://www.boston.com/business/technology/articles/2004/11/06/spyware_killer_displays_its_own_ads/0
133Microsoft Synchronization Manager1 10asgard.exe1 00 27Added by the SDBOT.PH WORM!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.PH0
4 6avast!1 11ashDisp.exe1 00 34Part of Avast! anti-virus software35http://www.alwil.com/en/default.asp0
1 5ASHLT1 9Ashlt.exe1 00 35Adware - leads back to an ad server 01
211Vortex Tray1 12asp4setp.exe1 00124System Tray application for Aureal Vortex based soundcards. Can be run manually via Start -> Settings -> Control Panel 01
210VortexTray1 12asp4setp.exe1 00124System Tray application for Aureal Vortex based soundcards. Can be run manually via Start -> Settings -> Control Panel 01
2 8asp4tray1 12asp4tray.exe1 00116System Tray application for Aureal Vortex based soundcards. Can be run manually via Start - Settings - Control Panel 01
210VortexTray1 12asp4tray.exe1 00124System Tray application for Aureal Vortex based soundcards. Can be run manually via Start -> Settings -> Control Panel 01
218ExciteAssistantEXE1 13ASSISTANT.EXE1 00160With Excite Assistant, you can access a wide variety of online information, including email, news, and stock quotes without having to have a browser window open 01
1 3AST1 3AST1 00 48Added by the TROJANDOWNLOADER.WIN32.VB.AH VIRUS! 01
1 3AST1 3AST1 00 26Added by the VB.AH TROJAN!62http://www3.ca.com/securityadvisor/pest/pest.aspx?id=4530683220
1 6AStart1 6AStart1 00 26Added by the VB.AH TROJAN!62http://www3.ca.com/securityadvisor/pest/pest.aspx?id=4530683220
3 6ASTART1 10astart.exe1 00149ASUS TweakEnable - restores manually changed settings for ASUS based video cards such as overclocking. Only required if you use non-standard settings 01
316ASUS TweakEnable1 10astart.exe1 00130Restores manually changed settings for ASUS based video cards such as overclocking. Only required if you use non-standard settings 01
4 7Avast321 12Astart32.exe1 00 34Part of Avast! anti-virus software35http://www.alwil.com/en/default.asp0
2 6asTray1 10Astray.exe1 00113Voyetra Audio Station - part of Voyetra's Ultimate MP3 & CD Manager. MP3 and digital music jukebox/organizer42http://www.voyetra.com/site/products/ump3/0
2 5Astro1 9Astro.exe1 00 48Checks for updates to Quicken on a system reboot 01
2 5ASWDP1 9ASWDP.exe1 00141MLS Pulse - real estate software. Keeps the home buyer/seller continually informed on the status of his/her local/regional real estate market51http://www.stevejacksonre.com/mls_pulse_sign_up.htm0
319The Easy Bee's Hive1 12ATCEgSvr.exe1 00183The Easy Bee is a software that allows you to record Internet navigation sequences, which can include form filling and button clicking and to attach a replay schedule to each sequence 01
312MicroDialler1 14atdialler1.exe1 00115Part of the Freeserve Connection Kit - changes the dial-up for Freeserve AnyTime if access problems are encountered65https://www.freeserve.com/time/anytimereg/migration/?redirect=int0
3 5Athan1 9Athan.exe1 00112Athan - an application that calculates and reminds the five daily Islamic prayer times for anywhere in the world61http://www.islamasoft.co.uk/products/athan/athansoftware.html0
212@Hoc Toolbar1 9AtHoc.exe1 00 86One-click activated browsing toolbar used by various web-sites. See here for more info62http://siliconvalley.internet.com/news/article.php/3531_4799510
223Switchboard.com Toolbar1 9AtHoc.exe1 00 75Toolbar for the on-line version of Yellow Pages in the US - Switchboard.com27http://www.switchboard.com/0
3 6AtiCwd1 12Ati2cwad.exe1 00147This utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video card 01
3 8AtiCwd321 12Ati2cwad.exe1 00147This utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video card 01
0 8Ati2cwxx1 12Ati2cwxx.exe1 00139For some ATI video cards. Probably used to access features and may not be required - for example the ATI Radeon works fine without it 01
3 8ATIPOLAB1 12ati2evxx.exe1 00209ATI External Event Utility EXE Module. This task can comsume lots of CPU resournces on some computers, but it can help with graphics card problems. Leave enabled unless it consumes too many CPU resources 01
3 7ATIPOLL1 12ati2evxx.exe1 00209ATI External Event Utility EXE Module. This task can comsume lots of CPU resournces on some computers, but it can help with graphics card problems. Leave enabled unless it consumes too many CPU resources 01
2 8Ati2mdxx1 12Ati2mdxx.exe1 00 64For ATI video cards. System Tray access to display mode changing 01
313ATIModeChange1 12Ati2mdxx.exe1 00 89System Tray icon to access ATI graphics card settings and the Hydravision Desktop Manager 01
3 6AtiPTA1 12Ati2ptxx.exe1 00253Control panel for the ATI series of video cards allowing access to such features as display resolution, colour depth, etc. Available via Start -> Settings -> Control Panel -> Display. Some users may need it if they have optimised their settings 01
3 8AtiPTAAA1 12Ati2ptxx.exe1 00253Control panel for the ATI series of video cards allowing access to such features as display resolution, colour depth, etc. Available via Start -> Settings -> Control Panel -> Display. Some users may need it if they have optimised their settings 01
3 8atiptaxx1 12Ati2ptxx.exe1 00253Control panel for the ATI series of video cards allowing access to such features as display resolution, colour depth, etc. Available via Start -> Settings -> Control Panel -> Display. Some users may need it if they have optimised their settings 01
3 8ATISmart1 12ati2s9ag.exe1 00184ATI's "SMARTGART", which is included with the "Catalyst" drivers. When the system boots, it runs a couple of bus tests & tries to apply the most stable settings53http://mirror.ati.com/products/pc/catalyst/index.html0
4 9ATI Smart1 12ati2sgag.exe1 00273This Windows service is used at system boot up to check for system compatability and stability issues for ATI video cards. Also responsible for setting the AGP settings the video card will use. Unless this is causing a problem we recommend you leave this set as automatic. 01
116ATI VIDEO REGKEY1 11ati2vid.exe1 00 27Added by the SDBOT.UR WORM!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.UR0
112aticpaxx.exe1 12aticpaxx.exe1 00102A WORM/backdoor Trojan, W32/Rbot-XP will add this, and open the PC to attack by way of an IRC channel.55http://www.sophos.com/virusinfo/analyses/w32rbotxp.html0
3 6AtiCwd1 10AtiCwd.exe1 00147This utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video card 01
3 8AtiCwd321 10AtiCwd.exe1 00147This utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video card 01
3 6AtiCwd1 12AtiCwd32.exe1 00147This utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video card 01
3 8AtiCwd321 12AtiCwd32.exe1 00147This utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video card 01
113AtiDisplayDrv1 12atidrvxx.exe1 00 66Added by the W32/Rbot-VZ Worm! Found in the Windows system folder.55http://www.sophos.com/virusinfo/analyses/w32rbotvz.html0
216ATI DeviceDetect1 11ATIDtct.EXE1 00 91Utility meant for future use of the ATI TV WONDERÖ USB 2.0 video driver and can be disabled 01
223ATI GART Set-up Utility1 11Atigart.exe1 00169Program that checks the motherboard chipset and determines which GART driver bundle to install on ATI video cards. If you have one, once installed it shouldn't be needed 01
2 6AtiKey1 12AtiKey32.exe1 00149System Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Start - Settings - Control Panel - Display 01
3 6AtiPTA1 12Atiptaxx.exe1 00253Control panel for the ATI series of video cards allowing access to such features as display resolution, colour depth, etc. Available via Start -> Settings -> Control Panel -> Display. Some users may need it if they have optimised their settings 01
3 8AtiPTAAA1 12Atiptaxx.exe1 00253Control panel for the ATI series of video cards allowing access to such features as display resolution, colour depth, etc. Available via Start -> Settings -> Control Panel -> Display. Some users may need it if they have optimised their settings 01
3 8atiptaxx1 12Atiptaxx.exe1 00253Control panel for the ATI series of video cards allowing access to such features as display resolution, colour depth, etc. Available via Start -> Settings -> Control Panel -> Display. Some users may need it if they have optimised their settings 01
0 6AtiKey1 12atiptkad.exe1 00149System Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Start - Settings - Control Panel - Display 01
3 8AtiQiPcl1 12AtiQiPcl.exe1 00119Used for hardware DVD decoding on ATI video cards supporting this feature. Not required unless you regularly play DVD's 01
1 6System1 9Atira.exe1 00 26Added by the KOTIRA VIRUS!71http://securityresponse.symantec.com/avcenter/venc/data/w32.kotira.html0
418ATI Remote Control1 9ATIRW.exe1 00132Driver for the ATI REMOTE WONDERÖ RF remote control for ATI's All-In-Wonder graphic cards and other products. Required if you use it44http://www.ati.com/products/home-office.html0
213ATI Scheduler1 12Atisched.exe1 00305Component that remains resident in memory and automatically launches the ATI VIDEO PLAYER at a user selected time and date. Delete the shortcut in the Start -> Programs -> Startup folder as well. Functions could re-enable the program to load at start-up and re-introduce the shortcut. Try it and see 01
229ATI Task Application (Atikey)1 11Atitask.exe1 00161System Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Start -> Settings -> Control Panel -> Display 01
220ATI Task Application1 11Atitkad.exe1 00149System Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Start - Settings - Control Panel - Display 01
3 7atitray1 11atitray.exe1 00 66ATI Tray Tools - allows quick access to ATI graphics card settings 01
312AtiTrayTools1 11atitray.exe1 00 66ATI Tray Tools - allows quick access to ATI graphics card settings 01
2 7ATnotes1 11atnotes.exe1 00103Loads the ATnotes program for virtual sticky notes for your desktop. Available via Start -> Programs 01
310Atomic.exe1 10Atomic.exe1 00 79Atomic Clock Sync - synchronizes your computer's time with the NIST time server44http://www.worldtimeserver.com/atomic-clock/0
2 7Atomica1 11atomica.exe1 00195Atomica runs from the System Tray and allows the user to find out more about a word or phrase on any screen by pointing at it with the mouse and clicking button one while holding down the Alt key23http://www.atomica.com/0
310AtomicTime1 14ATOMICTIME.EXE1 00 71AtomicTime - utility that synchronizes your PC clock to an atomic clock30http://schmail.com/atomictime/0
3 6Atrack1 10atrack.exe1 00426New feature of Norton Internet Security (NIS) and Norton Personal Firewall (NPF) 3.0 is the Alert Tracker, an instant notification feature. The Alert Tracker displays information about events as they happen. This way, when a rule has been triggered or an access to the Internet made, you know about it immediately rather than finding out about it when you check your logs or notice that the NIS icon indicates a security alert 01
3 5Atray1 9Atray.exe1 00106Active Tray is a utility which lets you configure the system tray. You can also create your own tray icons32http://www.divcomsoft.com/atray/0
1 7Attunel1 11Attunel.exe1 00 67Spyware - part of an automated helpdesk software called Aveo Attune 01
118AttuneClientEngine1 13attune_ce.exe1 00 67Spyware - part of an automated helpdesk software called Aveo Attune 01
120AttuneContentUpdater1 13attune_cu.exe1 00 67Spyware - part of an automated helpdesk software called Aveo Attune 01
115AttuneDiscovery1 13attune_di.exe1 00 67Spyware - part of an automated helpdesk software called Aveo Attune 01
113AttuneSystray1 13attune_st.exe1 00 67Spyware - part of an automated helpdesk software called Aveo Attune 01
2 6aTuner1 10atuner.exe1 00 52aTuner - tweak tool for GeForce based graphics cards41http://www.3dcenter.de/atuner/index_e.php0
1 6au.exe1 6au.exe1 00 27Added by the BEAGLE.B WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.b@mm.html0
2 8AUXXTRAY1 12au30setp.exe1 00124System Tray application for Aureal Vortex based soundcards. Can be run manually via Start -> Settings -> Control Panel 01
210VortexTray1 12au30setp.exe1 00124System Tray application for Aureal Vortex based soundcards. Can be run manually via Start -> Settings -> Control Panel 01
3 8AU Agent1 11AUagent.exe1 00177Au Agent from Zilab Software. Win2K/NT enhancement tool. Allows you to run applications under any security context without closing the whole logon session to process a new logon46http://www.zilab.com/Products/Au/index_2.shtml0
4 7AUCBPNP1 11aucbnpn.exe1 00140Adaptec USB CardBus Safe-Eject - driver for the Adaptec USB 2.0 CardBus which provides USB 2.0 ports for laptop users via a PCMCIA card slot140http://www.adaptec.com/worldwide/product/proddetail.html?sess=no&language=English+US&prodkey=AUA-1420&cat=%2fTechnology%2fUSB%2fUSB+Adapters0
1 8Aucompat1 12Aucompat.exe1 00 25Added by the GEMA TROJAN!72http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html0
1 9Audiocntl1 13audiocntl.exe1 00 43Added by a variant of the CRYPTER.C TROJAN!58http://www.sophos.com/virusinfo/analyses/trojcrypterc.html0
1 8audioinf1 12audioinf.exe1 00 43Added by a variant of the CRYPTER.C TROJAN!58http://www.sophos.com/virusinfo/analyses/trojcrypterc.html0
1 8nodriver1 11AUEKXRZ.EXE1 00 38Added by a variant of the SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
111Auto Update1 7AUP.exe1 00 42Added by an unididentified WORM or TROJAN! 01
110MS Updates1 8aupd.exe1 00 22Spyware web downloader 01
1 5ausvc1 9ausvc.exe1 00 30Added by the AUTOUPDER TROJAN!79http://securityresponse.symantec.com/avcenter/venc/data/backdoor.autoupder.html0
1 5authz1 9authz.exe1 00 47Added by an unidentified VIRUS, WORM or TROJAN! 01
3 7Autobar1 11autobar.exe1 00 80Connect buttons on the keyboard for internet direct access, etc. on HP computers 01
310ConfigSafe1 11AUTOCHK.EXE1 00198ConfigSafe - lets you identify changes to the registry, INI files, System asset files, system hardware, network connections, and operating system versions -- provides a restore function. Your choice47http://www.imaginelan.com/configsafe/index.html0
323XTNDConnect PC - 3CmPlm1 11Autodet.exe1 00 88Component of EasySync Pro. Synchronisation between Palm PDAs and Microsoft Outlook15#EasySync%20Pro0
119Windows Data Server1 12autodisc.exe1 00 28Added by the SPYBOT-CB WORM!57http://www.sophos.com/virusinfo/analyses/w32spybotcb.html0
221AutoMate Task Service1 12automate.exe1 00133Task scheduler for Unisyn Automate 4 task automation/macro running software. Available via a desktop shortcut or Start -> Programs22http://www.unisyn.com/0
116Microsoft Update1 13automgr32.exe1 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
121Win32 Ms Auto Updater1 13AutomsUPD.exe1 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
3 9MaxtorReg1 11AUTOREG.EXE1 00166Part of SYSagent - small utility for retrieving all the hardware and software information required by anyone administering a machine and/or the network it's a part of37http://www.netsizzle.net/sysagent.asp0
212QBCD autorun1 11autorun.exe1 00 14Quick Books CD 01
3 9AutoSizer1 13AUTOSIZER.EXE1 00 76AutoSizer - utility that automatically maximizes windows when they're opened36http://www.southbaypc.com/AutoSizer/0
221HP JetSpeed Autostart1 13AUTOSTART.EXE1 00 61Autostart executable for the old multiplayer game HP Jetspeed 01
210Auto T Bar1 12autotbar.exe1 00140If you disable the HP VIEW toolbar in IE and rarrange the toolbars on a reboot they will be back as they were before if this is left enabled 01
2 8autotbar1 12autotbar.exe1 00140If you disable the HP VIEW toolbar in IE and rarrange the toolbars on a reboot they will be back as they were before if this is left enabled 01
2 8AutoTKit1 12AUTOTKIT.EXE1 00142On HP PC's. Unclear what purpose it serves - but there's a known issue with Internet Explorer Toolbar settings not being saved with it enabled 01
2 7autoupd1 11autoupd.exe1 00 84Raxco Software Auto Update utility."Used to keep your software up-to-date"59http://www.raxco.com/support/windows/kb_details.cfm?kbid=460
1 7autoupd1 11autoupd.exe1 00 84Added by an unidentified VIRUS, WORM or TROJAN! - found in a folder of the same name 01
312ATTRedUpdate1 14AutoUpdate.exe1 00246Additional item added to start-ups after AT&T took over the now bankrupt Excite@home high-speed internet service. Included for automatically downloading and installing updates. Leave it unless you plan to regularly run it to check for updates 01
1 7aux.exe1 7aux.exe1 00 25Added by the ZINS TROJAN!61http://www.symantec.com/avcenter/venc/data/backdoor.zins.html0
114auxAudioDevice1 9aux32.exe1 00 23Added by the AIZU WORM!69http://securityresponse.symantec.com/avcenter/venc/data/w32.aizu.html0
1 9Antivirus1 6av.exe1 00 63Added by the SINKIN TROJAN! Resets IE start page to realphx.com74http://securityresponse.symantec.com/avcenter/venc/data/trojan.sinkin.html0
1 6MSInfo1 10AVBgle.exe1 00 27Added by the NETSKY.O WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.o@mm.html0
312AvconsoleEXE1 12Avconsol.exe1 00151From McAfee VirusScan up to version 4.x and Dr Solomon's VirusScan. Used to schedule regular scans. If you don't have scans scheduled you don't need it 01
4 7AVG7_CC1 9AVGCC.exe1 00119AVG Anti-Virus 7.0 Control Center. Allows you to manage and control all AVG Anti-Virus components, settings and updates23http://www.grisoft.com/0
4 7avgcc321 11avgcc32.exe1 00105AVG anti-virus control center. Also enables scheduled tests, Outlook E-mail plug-in and automatic updates23http://www.grisoft.com/0
4 6AVG_CC1 11avgcc32.exe1 00105AVG anti-virus control center. Also enables scheduled tests, Outlook E-mail plug-in and automatic updates23http://www.grisoft.com/0
4 7AVGCtrl1 11AVGCTRL.EXE1 00144Background task of the a target="_blank" href="http://www.hbedv.com/"AntiVir antivirus program which scans files transparently in the background 01
4 8AVG7_EMC1 10AVGEMC.exe1 00 79AVG Anti-Virus 7.0 Email Cleaner. Scans incoming and outgoing email for viruses23http://www.grisoft.com/0
4 7AVG_EMC1 10AVGEMC.exe1 00 79AVG Anti-Virus 7.0 Email Cleaner. Scans incoming and outgoing email for viruses23http://www.grisoft.com/0
414AVG_RegCleaner1 12AVGREGCL.exe1 00111AVG Anti-Virus 7.0 Registry Cleaner - for checking the registry for virus additions and other security problems23http://www.grisoft.com/0
124Special Firewall Service1 11avguard.exe1 00 27Added by the NETSKY.G WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.g@mm.html0
1 4MyAV1 12avpguard.exe1 00 27Added by the NETSKY.J WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.j@mm.html0
4 4avpm1 8avpm.exe1 00 19Kaspersky antivirus 01
1 4Avpr1 8avpr.exe1 00 28Added by the MYDOOM.AF WORM!64http://www.symantec.com/avcenter/venc/data/w32.mydoom.af@mm.html0
1 9HtProtect1 13AVprotect.exe1 00 27Added by the NETSKY.L WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.l@mm.html0
1119xHtProtect1 15AVprotect9x.exe1 00 27Added by the NETSKY.M WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.m@mm.html0
111Wlan Driver1 10avscan.exe1 00 29Added by the WOOTBOT.DH WORM!109http://de.trendmicro-europe.com/enterprise/security_info/ve_detail.php?id=66558&VName=WORM_WOOTBOT.DH&VSect=T0
4 9AVSCHED321 13AVSched32.exe1 00 30AntiVir anti-virus from H+BDEV21http://www.hbedv.com/0
111avserve.exe1 11avserve.exe1 00 25Added by the SASSER WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.worm.html0
112avserve2.exe1 12avserve2.exe1 00 40Added by the SASSER.B or SASSER.C WORMS!78http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.b.worm.html0
112avserve3.exe1 12avserve3.exe1 00 27Added by the SASSER.G WORM!73http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.g.html0
422McAfeeVirusScanService1 12Avsynmgr.exe1 00196From McAfee VirusScan version 5.x. Runs VirusScan System Tray (Vsstat.exe), WebScanX (Webscanx.exe), VirusScan System Scan (Vshwin32.exe) and VirusScan Console (Avconsol.exe) under one application 01
1 9MSMcAfeee1 15Avsynmgr32e.exe1 00 27Added by the FRAMAR TROJAN!74http://securityresponse.symantec.com/avcenter/venc/data/trojan.framar.html0
1 9MSMcAfeeh1 15Avsynmgr32h.exe1 00 27Added by the FRANGO TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/backdoor.frango.html0
1 9MSMcAfeeS1 15Avsynmgr32S.exe1 00 39Added by the VOLAC or VOLAC.DR TROJANS!75http://securityresponse.symantec.com/avcenter/venc/data/backdoor.volac.html0
2 8awhost321 12awhost32.exe1 00267Part of Symantec's pcAnywhere remote PC management software. Provides an automatic startup of the client PC in host mode in conjuction with a host-definition file, so system administrators can access the machine. Can cause a 10% reduction in speed and not recommended72http://enterprisesecurity.symantec.com/products/products.cfm?productID=20
213Desktop Plant1 12AZARE10S.PLT1 00102Vritual plant from here - this version is an Azalea, there are others so the filename may be different40http://www.desksoft.com/DesktopPlant.htm0
1 7Desktop1 44rundll32.exe \avpcc.dll,Restore ControlPanel2 00 46Added by the Troj/StartPa-ES startpage Trojan. 01
142Activating the notepad common used library1 9[unknown]1 00 39Added by W32/Codbot-G, a WORM/backdoor.56http://www.sophos.com/virusinfo/analyses/w32codbotg.html0
3 2b91 6B9.exe1 00304FireTrust Benign - allows you to receive e-mail which is safe from viruses, worms, scripts, web bugs, privacy threats and other security risks, without affecting your e-mail. "Benign neutralizes or strips out the code that makes viruses, worms, scripts and other potentially harmful things run"84http://www.firetrust.com/products/benign/?PHPSESSID=b60bb4b6eb22115639c465d6f606b7880
218Babylon Translator1 11Babylon.exe1 00166"Babylon-Pro is a powerful information tool that instantly provides relevant information, translations & conversions for any word or value you click on"23http://www.babylon.com/0
1 8Services1 25back32.exe ...service.exe2 00130Added by an unidentified VIRUS, WORM or TROJAN! Back32.exe is the baddie whose purpose is to HIDE the MIRC32 server in service.exe 01
416Data Deposit Box1 10backup.exe1 00 74Required for the online backup services from the Data Deposit Box service.30http://www.datadepositbox.com/0
012BackupNotify1 16backupnotify.exe1 00 27HP Digital Imaging related. 01
2 9ActivSurf1 16backweb*****.exe1 00105Packard Bell ActivSurf - automatically detects an internet connection and downloads any available updates 01
222Kodak Software Updater1 16backweb*****.exe1 00 52Software updater for Kodak Easyshare digital cameras65http://www.kodak.com/global/en/digital/easyShare/indexFlash.jhtml0
215Updates from HP1 16backweb*****.exe1 00100Automatically detects an internet connection and downloads any available updates - * is random digit 01
1 9hp center1 18BACKWEB-137903.exe1 00417Based upon HP's own description from here - "With the My abbr title=Hewlett-PackardHP/abbr Center, consumers have access directly from the desktop to Internet sites featuring special offers for abbr title=Hewlett-PackardHP/abbr customers ranging from personal finance and shopping to digital imaging and music" I have classified this as adware. The number may change - if yours is different let me know52http://www.hp.com/hpinfo/newsroom/press/12oct01a.htm0
2 3LDM1 19backweb-8876480.exe1 00156Installed with the software for Logitech products. Automatically checks for software upgrades AND new products, services and special offerings from Logitech 01
226Logitech Desktop Messenger1 19backweb-8876480.exe1 00156Installed with the software for Logitech products. Automatically checks for software upgrades AND new products, services and special offerings from Logitech 01
2 7BackWeb1 11backweb.exe1 00225Automatically detects an internet connection and downloads any available updates. Typical on Compaq and HP PC's but not restricted to those OEM's. Resource hog and often causes malfunctions. Available via Start -> Programs 01
214Data LifeGuard1 12BACKWE~1.EXE1 00 75Data LifeGuard diagnostic tools for Western Digital's series of hard drives 01
3 7BACPI101 12bacpi10a.exe1 00206Known as "PowerKey" - a minimalistic keyboard driver that allows power management keys on BTC keyboards to function properly in older OS's (i.e. Win95/98/NT4). Also adds an icon to the system tray 01
2 8BacsTray1 12BacsTray.exe1 00141Broadcom Advanced Control Suite - for modems and set top boxes based upon Broadcom chipsets. Not required unless you have networking problems 01
1 7BADDATE1 11BADDATE.EXE1 00 47Added by an unidentified VIRUS, WORM or TROJAN! 01
2 9bascstray1 13BascsTray.exe1 00141Broadcom Advanced Control Suite - for modems and set top boxes based upon Broadcom chipsets. Not required unless you have networking problems 01
112WinSetBrowse1 19BasicUpdate.dll.vbs1 00 28Added by the BISCUIT.A WORM!77http://securityresponse.symantec.com/avcenter/venc/data/vbs.biscuit.a@mm.html0
025POS-Partnerbatchprocessor1 9BATCH.EXE1 00152VISA credit card batch processing related to Appcon. Is it needed or can it be started manually via Start -> Programs or a manually created shortcut? 01
313Battery Scope1 10batmgr.exe1 00 47Monitors battery levels on a notebook/laptop PC 01
310BatteryBar1 14batterybar.exe1 00 85BatteryBar - displays battery usage, and the current percentage of battery power left45http://www.nistech.com/BatteryBar/Default.htm0
310Power_Gear1 15BatteryLife.exe1 00 63Power management for all Asus notebook. Useful but not critical 01
1 8BatzBack1 12BatzBack.scr1 00 26Added by the BACKZAT WORM!64http://www.symantec.com/avcenter/venc/data/w32.backzat.worm.html0
3 5BAUSB1 9BAUSB.exe1 00 34Boston Acoustics Audio, USB driver 01
1 7bawindo1 11bawindo.exe1 00 42Added by the BEAGLE.AR or BEAGLE.AU WORMS!77http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.ar@mm.html0
3 7Bayswap1 11bayswap.exe1 00161Hot-swappable drive management on Compaq Notebooks which allows you to swap drives without closing down Windows. Only required if you frequently swap bay devices 01
113d3dupdate.exe1 11bbeagle.exe1 00 27Added by the BEAGLE.A WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.a@mm.html0
1 6Kernel1 8bboy.exe1 00 25Added by the MUMU.B WORM!75http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MUMU.B0
2 9bbSysTray1 13bbSysTray.exe1 00159Philips CD-RW related - "the 'Blue Button' feature gives users the chance to receive convenient online support for their possible device problems or questions" 01
3 4bbui1 8bbui.exe1 00 86AOL DSL status monitor displaying a red/green icon indicating if you have a connection 01
216Broadband Wizard1 9bbwiz.exe1 00156Starts Broadband Wizard so it runs in the System Tray. This application tests and optimizes your Cable or DSL connection. Available via Start -> Programs31http://www.broadbandwizard.net/0
3 8BCDetect1 12bcdetect.exe1 00184Bcdetect.exe searches the system to make sure Creative drivers are installed for the video card. It loads the BlasterControl when the drivers are detected. Your choice - try it and see 01
4 8BCMDMMSG1 12bcmdmmsg.exe1 00 75BCM voicemodem driver. Required for dial-up if you have one of these modems 01
4 8BCMSMMSG1 12BCMSMMSG.exe1 00 75BCM voicemodem driver. Required for dial-up if you have one of these modems 01
111LoadDBackUp1 10BcTool.exe1 00 23Added by the GIBE WORM!72http://securityresponse.symantec.com/avcenter/venc/data/w32.gibe@mm.html0
3 7BCTweak1 11bctweak.exe1 00171BlasterControl for Creative video cards - controls for desktop settings, monitor configuration, colour adjustments and performance tuning. May be needed to retain settings 01
2 8Bcvsrv321 12bcvsrv32.exe1 00 29Added by the GAOBOT.BQJ WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.bqj.html0
2 8BCWipeTM1 12bcwipetm.exe1 00186BCWipe Task Manager - scheduler for BCWipe so that it runs at convenient times. You can set a time for running the task, as well as special options for the task. Run manually when needed22http://www.jetico.com/0
1 3b3d1 20BDEsecureinstall.exe1 00348B3d Projector foistware - periodically trys to access the internet. (1) Uninstall it via Start -> Settings -> Control Panel -> Add/Remove Programs. (2) Remove the BDEsecureinstall.exe if still present in C:\\Windows\\System. (3) Disable and ideally delete it from the registry. (4) Remove the "BDE" directory and all its contents43http://www.kazaa.com/en/privacy/bundles.htm0
413BDSwitchAgent1 12bdswitch.exe1 00 36Bitdefender 8 antivirus and firewall55http://www.bitdefender.com/bd/site/products.php?p_id=250
2 9BearShare1 13bearshare.exe1 00 75BearShare file sharing client. Versions known to include spyware - see here25http://www.bearshare.com/0
0 4BEEI1 8beei.exe1 00 2?? 01
0 4BEHL1 8BEHL.exe1 00 2?? 01
0 5BEHLO1 9BEHLO.exe1 00 2?? 01
0 8BELORVBI1 12BELORVBI.exe1 00 2?? 01
010Belsta.exe1 10Belsta.exe1 00171Configuration tool for Belkin wireless network cards. Required to change the cardÆs configuration. Is it required for correct operation once the confuiguration is changed? 01
119Benadril Alert Tool1 17benadrilalert.exe1 00102Plug-in for WeatherBug advising when pollen count in your area is high - prompting you to buy Benadril 01
319BackupExecScheduler1 9besch.exe1 00 32Veritas "Back Up My PC" software 01
215BestPopUpKiller1 19BestPopupKiller.exe1 00179Popup killer of dubious repute by SwankSoft.com. For more info about the company, do a search for 'SwankSoft' on this web page on "Rogue/Suspect Anti-Spyware Products & Web Sites"52http://www.spywarewarrior.com/rogue_anti-spyware.htm0
016BullsEye Tracker1 11BeTrack.exe1 00 41Bullseye - intelligent research assistant53http://www.intelliseek.com/prod/bullseye/bullseye.htm0
3 6BGInfo1 10Bginfo.exe1 00174BGinfo automatically displays relevant information about a Windows computer on the desktop's background, such as the computer name, IP address, service pack version, and more55http://www.sysinternals.com/ntw2k/freeware/bginfo.shtml0
2 7bgsmsnd1 11bgsmsnd.exe1 00 53Printer driver to generate PDF files from any program 01
318BackgroundSwitcher1 12bgswitch.exe1 00339Background Switcher Powertoy. Included with the last beta version of the XP Powertoys. Whenever a user right clicked his desktop and chose properties he could see a new tab which allowed him to enable a "Desktop Slide Show." This would automatically change the Windows Desktop at an interval specified by the user. Available here33http://shellcity.net/content4.htm0
422Browser Hijack Blaster1 13bhblaster.exe1 00109Browser Hijack Blaster - protects your system from browser hijackers and spyware that alters your IE settings45http://www.wilderssecurity.com/bhblaster.html0
2 6BHOCop1 10BHOCop.exe1 00105ZDNet's BHO Cop that lets you see what browser helper objects are installed. Useful for detecting spyware70http://www.zdnet.com/products/stories/reviews/0,4161,2760348-9,00.html0
312BHODemon 2.01 12BHODemon.exe1 00386BHODemon "protects you from unknown Browser Helper Objects (BHOs), by letting you enable/disable them individually. When running, it also monitors your Registry and alerts you when a BHO is installed. Best of all, BHODemon knows about the most common BHOs - the good ones, and the not-so-good ones!". If you prefer forgoing resident protection, the application can also be run on demand 01
1 4LTM21 9bible.exe1 00 31Added by the LITMUS.203 TROJAN!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_LITMUS.2030
133This is a virus, please delete it1 15bigbadvirus.exe1 00 27Added by the RANDEX.F WORM!73http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.f.html0
2 6bigfix1 10BIGFIX.EXE1 00352BigFix can automatically download and read technical support information provided by computer and software manufacturers and other technical support experts (published in the form of Fixlet« Messages) and can automatically check your computer for bugs, configuration conflicts, and security holes. Should only be started manually as it's a resource hog40http://www.bigfix.com/website/index.html0
210Billminder1 12Billmind.exe1 00 90Can be setup in Quicken to remind user of due payments. Available via Start -> Programs 01
1 8dashplus1 21bind software bib.exe2 00200IE Toolbar for Lop.com. If the exe is running in your process list, end it, and delete the directory it is residing in. This directory is most likely in your user profile application data directory. 01
1 8bingdian1 12Bingdian.vbs1 00 24Added by the BINGD WORM!73http://securityresponse.symantec.com/avcenter/venc/data/vbs.bingd@mm.html0
1 5BIOS11 9BIOS1.EXE1 00 28Added by the OPASERV.T WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.T0
1 4Bios1 10Bios32.exe1 00 47Added by an unidentified VIRUS, WORM or TROJAN! 01
0 7BIOVCIP1 11BIOVCIP.exe1 00 2?? 01
323BitDefender_P2P_Startup1 27BitDefender_P2P_Startup.exe1 00164Bitdefender anti-virus for file transfers via internet messaging clients such as ICQ and MSN Messenger. Unless you have these running all the time start it manually52http://www.bitdefender.com/html/bd_msn_messenger.php0
128Microsoft Windows DLLHandler1 12bitpaint.exe1 00 28Added by the SDBOT.AHG WORM!108http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?id=82113&VName=WORM_SDBOT.AHG&VSect=T0
410LoadBlackD1 10blackd.exe1 00183This is the "intrusion detection system" of the BlackICE PC Protection (was Defender) firewall which loads independently of the "user interface" (BlackICE Utility)49http://blackice.iss.net/product_pc_protection.php0
4 8BlackICE1 10blackd.exe1 00167Internet Security System's BlackIce Firewall. Disabling this service will make the firewall not function. Should be found in C:\Program Files\ISS\BlackICE\blackd.exe49http://blackice.iss.net/product_pc_protection.php0
222BlackICE PC Protection1 12blackice.exe1 00410Loads the user interface for the BlackICE PC Protection (was Defender) firewall program. From the parent site - '(the user interface) starts in the "Startup" menu and adds itself to the taskbar. The user interface is independent from the rest of the system and only displays the output or reconfigures the system. It does not need to be running for the rest of the system to run.' See also LoadBlackD49http://blackice.iss.net/product_pc_protection.php0
216BlackIce Utility1 12blackice.exe1 00410Loads the user interface for the BlackICE PC Protection (was Defender) firewall program. From the parent site - '(the user interface) starts in the "Startup" menu and adds itself to the taskbar. The user interface is independent from the rest of the system and only displays the output or reconfigures the system. It does not need to be running for the rest of the system to run.' See also LoadBlackD49http://blackice.iss.net/product_pc_protection.php0
3 5blads1 9blads.exe1 00127A Tweak-XP component, blocks advertisement banners in Internet Explorer. Can be enabled/disabled via Tweak-XP / Internet Tweaks45http://www.totalidea.com/frameset-tweakxp.htm0
3 8BlockAds1 9blads.exe1 00127A Tweak-XP component, blocks advertisement banners in Internet Explorer. Can be enabled/disabled via Tweak-XP / Internet Tweaks45http://www.totalidea.com/frameset-tweakxp.htm0
0 7bldbubg1 11bldbubg.exe1 00 25Found on a Dell machine?? 01
0 7BuildBU1 11bldbubg.exe1 00 25Found on a Dell machine?? 01
1 4Bles1 8bles.exe1 00 32Added by a TROJAN, Troj/Blesh-A.56http://www.sophos.com/virusinfo/analyses/trojblesha.html0
215ESPN BottomLine1 9bline.exe1 00388ESPN BottomLine. "You can dock the BottomLine to the top or bottom of your screen or drag it around on your desktop, without even worrying about a browser. As long you keep the BottomLine running, you will continue to receive live scores and breaking news, and by clicking on any score or news item, you will be taken directly to the corresponding page on ESPN.com for a full break down." 01
115[various names]1 9bling.exe1 00 26Added by the RBOT-NI WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotni.html0
310Ad Blocker1 11blocker.exe1 00 77Ad Blocker - blocks popups, and also removes banners, image ads and flash ads20http://www.cdkm.com/0
212BlockTracker1 16BlockTracker.exe1 00 91If present on a HP machine it tracks all the processes and logs them to a blocklog.txt file 01
1 4blss1 8blss.exe1 00 27Added by the BLARUL TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/backdoor.blarul.html0
2 7BLSTAPP1 11blstapp.exe1 00 59Puts access to Creative's BlasterControl in the System Tray 01
215BookmarkCentral1 14BMLauncher.exe1 00123Bookmark Express - "offers a more flexible way to manage Web site bookmarks, regardless of which browser you use"31http://www.bookmarkexpress.com/0
3 7BMMLREF1 11BMMLREF.EXE1 00 40Battery Manager for IBM ThinkPad laptops 01
1 8Casdvqwa1 11bmqnzkg.exe1 00 28Added by the RANDEX.BE WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.be.html0
2 5Buzme1 8Bmui.exe1 00199Buzme by RingCentral, Inc - internet call waiting. Intercepts telephone calls like an answering machine and plays the voice message on your PC. Only required when you're on-line and via dial-up modem38http://www.buzme.com/buzme/default.asp0
2 8BMupdate1 12BMupdate.exe1 00155Related to the BookmarkCentral entry. Typically added after downloading drivers for Visioneer scanners for example, and you install the driver self-install 01
322Caddais BackupOnDemand1 10BODMon.exe1 00200Caddais BackupOnDemand - "runs in the background and monitors your important files for changes. Within seconds of changing, modified files are automatically backed up to an archive location"43http://www.caddais.com/BackupOnDemand.shtml0
3 8bombshel1 10BOMB32.EXE1 00163Part of McAfee Nuts & Bolts. Protects your Windows system from application failure and crashes - similar to Norton Crashguard. Your choice - may cause problems 01
1 4boot1 8boot.exe1 00 25Added by the ELEM TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/w32.elem.trojan.html0
113Internat Conf1 12bootconf.exe1 00 74Homepage hijacker, redirecting to coolwwwsearch.com; see for example here48http://boards.cexx.org/viewtopic.php?p=2464#24640
1 6sysPnP1 12bootconf.exe1 00 74Homepage hijacker, redirecting to coolwwwsearch.com; see for example here48http://boards.cexx.org/viewtopic.php?p=2464#24640
110BootLoader1 18BootLoader.exe.vbs1 00 29Added by the WATERWORKS WORM!67http://www.symantec.com/avcenter/venc/data/vbs.waterworks.worm.html0
114Microsoft Word1 14BootSector.exe1 00 45Added by a variant of the AGOBOT/GAOBOT WORM!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN0
310BootStatus1 12BOOTST~1.EXE1 00183Visual Basic program that pops up a small window on startup telling you how many times the machine has been booted that day. Once you exit it, it has no more effect on resources 01
3 8BootWarn1 12BootWarn.exe1 00838From here: "Norton AntiVirus Boot Warning. This program is installed as a startup item when you install Norton AntiVirus, and also sometimes when you do a LiveUpdate which updates Norton AntiVirus significantly enough that a reboot is needed to complete the installation. We believe its purpose to be to warn the end-user that he must reboot his PC before using Norton AntiVirus in those cases when a reboot did not happen with the result that Norton AntiVirus did not fully complete its installation or software updating. Recommendation : Start Norton AntiVirus from ôStart \ Programs \ Norton AntiVirusö. If Norton AntiVirus comes up without problems, then fix this entry from the Msconfig Startup tab û it was left behind by mistake and is no longer needed now that Norton AntiVirus is fully installed and opens without error messages"60http://www.answersthatwork.com/Tasklist_pages/tasklist_b.htm0
0 6Boston1 10Boston.exe1 00 49Part of the Boston Acoustics USB speaker systems. 01
133Microsoft Synchronization Manager1 7bot.exe1 00 27Added by the SDBOT.IH WORM!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.IH0
118Bouncer RunStartup1 11bouncer.exe1 00374VIrtualBouncer malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove, so definitely qualifies as unsolicited commercial software in itself. It also has an update feature that can download and execute arbitrary code. Warning - choose "custom" uninstall as "automatic" may remove other programs59http://www.pestpatrol.com/PestInfo/v/virtualbouncer_2_0.asp0
1 3RVP1 7bpc.exe1 00 67Spyware included with the latest version of Grokster. Also see here89http://www.spywareinfo.com/yabbse/index.php?board=11;action=display;threadid=4585;start=00
212BigPondCable1 11bpcable.exe1 00 62Telstra Bigpond Cable login software - can be started manually 01
311bpcpost.exe1 11bpcpost.exe1 00204MS TV Viewer Post Setup Program. Part of MS WebTV for Windows. Used to display TV on your PC via a compatible video card with in-built tuner (such as ATI All-In-Wonder). If you don't use it - uninstall it 01
3 3BPK1 7bpk.exe1 00189Blazing Tools Perfect Keylogger (monitoring program). Given a "U" recommendation because it depends if you intentionally installed it. If you didn't treat it as "X" and uninstall or remove36http://www.blazingtools.com/bpk.html0
212Backpack UDF1 12bpudfmon.exe1 00175Backpack UDF packet writing software for Microssolutions' Back Pack external CD-RW drive. Similar to DirectCD. Run manually before insert an appropriately formatted CD-RW disk20http://www.nero.com/0
315BigPond Toolbar1 12bpumTray.exe1 00202Telstra BigPond Toolbar - "Introducing the free and easy to use BigPond Toolbar that is designed to make your internet experience and managing your Telstra internet account a whole lot easier"42http://www.bigpond.com/helpcentre/toolbar/0
310BQTray.exe1 10BQTray.exe1 00180System Tray access to BurnQuick CD burning software. Only required if you use the queueing facility, hence the U recommendation. Create your own desktop shortcut to start manually25http://www.burnquick.com/0
215BurnQuick Queue1 10BQTray.exe1 00179System Tray access to BurnQuick CD burning software. Only required if you use the queueing facility, hence the U recommendation. Create your own desktop shortcut to start manually25http://www.burnquick.com/0
1 6Brasil1 10Brasil.exe1 00 28Added by the OPASERV.E WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.E0
1 6Brasil1 10BRASIL.PIF1 00 28Added by the OPASERV.E WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.E0
216ControlCenter2.01 12brctrcen.exe1 00 70Brother scanner 'Control Center' application - can be started manually 01
314Break_Reminder1 18BREAK REMINDER.exe2 00 94Break Reminder - Remind yourself to take breaks to prevent computer related injuries. See here34http://www.cheqsoft.com/break.html0
1 4Breg1 8breg.exe1 00101Added by the Adware.BroadcastPC.B adware/spyware. File is found in %ProgramFiles%\Common Files\Java\64http://www.sarc.com/avcenter/venc/data/adware.broadcastpc.b.html0
415Brindys BriTray1 11BRITRAY.EXE1 00433Main process for the following applications: GEDEX, SICARIO, BRINOTES, BRIRESPA, SICURE, TRASGO, UNDOCS, FRESH & BRIFAME (all of them from Brindys Software). Performs the following tasks [un]installation, web software autoupdate, notification windows, interprocess communication, tray bar icons & menus, alarms (brinotes), and common web launching from the mentioned applications. Can be stopped safely once run if so desired23http://www.brindys.com/0
013xBrotherMeCom1 11BrMeCom.exe1 00 37Related to Brother MFC-9200c printer. 01
214Status Monitor1 12BrMfcWnd.exe1 00 56Brother scanner status monitor - can be started manually 01
316Browser Sentinel1 19BrowserSentinel.exe1 00161Browser Sentinel. Notifies you if a program wants to penetrate into Internet explorer, add itself to the Windows auto-run list or change your home page. See here56http://www.unhsolutions.net/Browser-Sentinel/index.shtml0
112Fuck-The-IRC1 9brttm.exe1 00 76Added by the Troj/Wallop-A TROJAN/backdoor, and found in the Windows folder.57http://www.sophos.com/virusinfo/analyses/trojwallopa.html0
111BookedSpace1 14bs2.dll,DllRun1 00 41Adware, related to the Remanent parasite45http://www.doxdesk.com/parasite/Remanent.html0
2 7B'sCLiP1 10BSCLIP.exe1 00 80CD recording utility that comes with a lot of CDR/CDRW drives and isn't required 01
112Bsoft lppt011 9Bsoft.exe1 00195New variant of the RapidBlaster parasite (in a "BelmontSoft" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here49http://www.doxdesk.com/parasite/RapidBlaster.html0
0 6BBDial1 16BT Broadband.exe2 00 21Part of BT Broandband 01
0 6btinst1 10btinst.exe1 00 50Associated with an Anycom bluetooth wireless card. 01
010LoadBtnHnd1 10BtnHnd.exe1 00 24Fujitsu LifeBook related 01
3 7BtStart1 11btstart.exe1 00 60Broadcorp (formerly WIDCOMM) Bluetooth Connectivity Software41http://www.widcomm.com/Partners/index.asp0
313Button Server1 12bttnserv.exe1 00220Found on a Compaq PC, for the extra buttons on the keyboard for the speaker volume, media player, sleep and internet buttons. If the buttons aren't used on the keyboard or your's doesn't have them, then it isn't required 01
3 6bttray1 10bttray.exe1 00347System tray icon which shows the status of a BlueTooth wireless module. Most systems with such a module installed can enable/disable the module. The system tray icon changes from blue/white to blue/red when the module is turned off. Allows access to explore bluetooth places, setup wizard, advanced configuration, quick connect and shutdown device 01
4 9BTUSRBDGF1 12BtUsrBdg.exe1 00 41Used with a Mitsumi USB Bluetooth adaptor33http://www.mitsumi.de/index4.html0
1 4BtvC1 12btvclean.exe1 00 87Added by the Adware.BroadcastPC.B adware/spyware. File is found in %ProgramFiles%\BTV\64http://www.sarc.com/avcenter/venc/data/adware.broadcastpc.b.html0
2 9Buddyizer1 13Buddyizer.exe1 00112Part of the AIMster Peer to Peer (P2P) file sharing application that runs over the AOL Instant Messenger network 8#AIMster0
125System Buffer Application1 12buffer32.exe1 00 85Added by W32/Sdbot-UD, a WORM/backdoor TROJAN and found in the Windows system folder.56http://www.sophos.com/virusinfo/analyses/w32sdbotud.html0
318bugwatcher service1 14bugwatcher.exe1 00304Bugtoaster is a service that sends reports on system/program crashes (certain types) back to Bugtoaster. They relay information to program authors and provide, if available, any known solutions to the crashes. It doesn't take up any room in memory, just activates in the event of certain program failures26http://www.bugtoaster.com/0
414BullguardoptIn1 16bulldownload.exe1 00 28Part of Bullguard antivirus25http://www.bullguard.com/0
4 2bg1 13bullguard.exe1 00 95Bullguard antivirus and firewall. The P2P version is free with KaZaA Media Desktop and Grokster25http://www.bullguard.com/0
1 9SAHBundle1 10bundle.exe1 00 33ShopAtHomeSelect parasite related 7#FF00000
114VBundleOuterDL1 15BundleOuter.EXE1 00380VirtualBouncer 2.0 - malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove, so definitely qualifies as unsolicited commercial software in itself. It also has an update feature that can download and execute arbitrary code. Warning - choose "custom" uninstall as "automatic" may remove other programs59http://www.pestpatrol.com/PestInfo/v/virtualbouncer_2_0.asp0
011Scan Wizard1 10button.exe1 00102Associated with ScanWizard as supplied with Microtek scanners - see also Scanner Detector or SDetect.19#Scanner%20Detector0
2 9ButtonKey1 13ButtonKey.exe1 00219CyberView TWAIN driver for the Pacific Image range of 35mm film scanners. Enables the one touch scanning button and places an icon an the System Tray. Use your scanners software or run it manually by creating a shortcut45http://www.scanace.com/en/product/product.php0
3 9Buzof.exe1 9buzof.exe1 00170Buzof from Basta Computing "enables you to automatically answer, close or minimize virtually any recurring window including messages, prompts, and dialog boxes"34http://www.basta.com/ProdBuzof.htm0
1 7SysScan1 7bvt.exe1 00 30Added by the AUTOUPDER TROJAN!79http://securityresponse.symantec.com/avcenter/venc/data/backdoor.autoupder.html0
116XupiterCfgLoader1 15BWCfgLoader.exe1 00120Xupiter - adware and homepage hijacker. To remove Xupiter go here and to prevent it re-installing in the future see here44http://www.doxdesk.com/parasite/Xupiter.html0
218Service Connection1 10bwtray.exe1 00 32For Compaq PC's. Part of Backweb 01
316Boost XP Service1 13bxservice.exe1 00 53Boost XP from Systweak - WinXP tweaking utility 43http://www.systweak.com/boostxp/boostxp.htm0
1 1c1 19c:\archiv~1\win.com1 00 27Added by the CUYDOC TROJAN!74http://securityresponse.symantec.com/avcenter/venc/data/trojan.cuydoc.html0
1 6chkdsk1 15c:\autoexec.bat1 00 24Added by the ANPES WORM!73http://securityresponse.symantec.com/avcenter/venc/data/w32.anpes@mm.html0
121Microsoft Cab Manager1 7cab.exe1 00 77Added by the Troj/Delf-JJ Trojan! File is found in the root of the C: drive.56http://www.sophos.com/virusinfo/analyses/trojdelfjj.html0
1 6Cabchk1 10Cabchk.exe1 00 25Added by the GEMA TROJAN!72http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html0
1 8Cabchk321 12Cabchk32.exe1 00 25Added by the GEMA TROJAN!72http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html0
2 8Cacheman1 12Cacheman.exe1 00103Freeware disk cache tweaker from Outer Technologies. Should only be run once and not loaded at start-up25http://www.outertech.com/0
3 4CADS1 8cads.exe1 00 42Cyber Sentinel internet filtering software46http://www.securitysoft.com/new601/cs_home.htm0
221ABBYY Community Agent1 10CAGENT.EXE1 00243Installed with the Optical Character Recognition (OCR) software that comes bundled with a Compaq A3000 all-in-one printer/scanner. Its function appears to be to link you to the internet in an attempt to buy the 5.0 version of the software 01
2 6CAgent1 10CAgent.exe1 00100Abbyy Fine Reader OCR (Optical Character Recognition) software for scanning and converting documents27http://www.fine-reader.com/0
213CahootWebcard1 17CahootWebcard.exe1 00293"The Cahoot Webcard is a virtual card that allows you to use your Cahoot credit card online without ever having to expose your real card numbers over the web. It works by generating one-off transaction numbers as a substitute for your real cahoot credit card details". Run manually when needed 01
1 4Dir11 4caKe1 00 23Added by the CAKE WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.cake.html0
1 6DlDir11 4caKe1 00 23Added by the CAKE WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.cake.html0
233Photo Express Calendar Checker SE1 12CALCHECK.EXE1 00253If you create multiple Weekly/Monthly/Yearly calendars to use as your wallpaper, Photo Express will replace the wallpaper automatically. Photo Express 2.0 has a calendar checker which checks the date on your system and updates your wallpaper accordingly 01
232Ulead Photo Express x.0 Calendar1 12calcheck.exe1 00289Ulead Calendar Checker - part of Ulead Photo Express, where "x" represents the version number. Automatically replaces your calendar desktop wallpaper on a weekly/monthly/yearly basis if you've created them. Not required - change them manually. See here for disabling instructions33http://www.ulead.com/pe/runme.htm0
222Calendar 200X Reminder1 12calendar.exe1 00 76Calendar 200X - shows holidays, reminders of various anniversaries,tasks etc34http://www.jgraff.addr.com/cal.htm0
221Cal Reminder Shortcut1 10calrem.exe1 00 75Produces a pop-up reminder of events scheduled using the MS Office Calendar 01
2 8CamCheck1 12CamCheck.exe1 00 29NuCam camera software related34http://www.nucam.com.tw/index1.htm0
215Camera Detector1 13Camdetect.exe1 00138ACDSee Auto Device Detector detects when a device is connected to your PC and gives you the option to acquire images from it automatically73http://www.acdsystems.com/english/products/acdsee/overview?LAN=englishX700
215Camera Detector1 12CAMDET~*.EXE1 00138ACDSee Auto Device Detector detects when a device is connected to your PC and gives you the option to acquire images from it automatically73http://www.acdsystems.com/english/products/acdsee/overview?LAN=englishX700
220Creative WebCam Tray1 11Camtray.exe1 00 54Creative WebCam tray control - can be started manually 01
2 6Canada1 10Canada.exe1 00 53Known to be a dialler - but is it maliscous or clean? 01
311CARPservice1 12carpserv.exe1 00126Associated with Zoltrix modems - enables the internal modem speaker, allowing you to listen to the dial-up sounds for example23http://www.zoltrix.com/0
110CARPserver1 14CARPserver.exe1 00 30Added by the BANKER-AN TROJAN!58http://www.sophos.com/virusinfo/analyses/trojbankeran.html0
113ConfiggLoader1 11cart322.exe1 00 28Added by the GAOBOT.DJ WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.dj.html0
3 7CasAgnt1 11CasAgnt.exe1 00 80Program by Extended Systems which allows you to sync your Casio PDA with your PC 01
1 8CashBack1 12cashback.exe1 00109Part of eXact Advertising Software, consisting of "CashBack by BargainBuddy", BullsEye Network and NaviSearch 01
229Cashsurfers Cashbar Navigator1 11Cashbar.Exe1 00159Cashsurfers CashBar Navigator - "The CashBar rotates banner advertisements once per minute and provides you with access to up to date special offers and deals" 01
119Norton Live Updater1 12Cavapsvc.exe1 00 28Added by the GAOBOT.AO WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.ao.html0
0 6caxchg1 10caxchg.exe1 00 32Used by a USB Flash card reader. 01
1 8CAZNOVAS1 12CAZNOVAS.exe1 00 26Added by the CAZNO TROJAN!75http://securityresponse.symantec.com/avcenter/venc/data/backdoor.cazno.html0
011CallBumping1 10cbpopw.exe1 00 2?? 01
138Microsoft System Restore Configuration1 9CBRSS.EXE1 00 38Added by a variant of the SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
3 7CBWAttn1 11CBWAttn.exe1 00 77Required for Bitware to answer incoming faxes, can cause sleep mode problems53http://www.accpac.com/products/communication/bitware/0
0 7CBWUser1 11CBWDial.exe1 00 99Associated with Bitware that integrates fax, voice, pager, and data communications on your desktop53http://www.accpac.com/products/communication/bitware/0
3 7CBWHost1 11CBWHost.exe1 00 77Required for Bitware to answer incoming faxes, can cause sleep mode problems53http://www.accpac.com/products/communication/bitware/0
115SQConfigChecker1 6cc.exe1 00145Xupiter SQWire variant - adware and homepage hijacker. Note - cannot be removed via the Xupiter website in the same way as other Xupiter variants44http://www.doxdesk.com/parasite/Xupiter.html0
4 5ccApp1 9ccApp.exe1 00 92Part of Norton AntiVirus 2003. Auto-protect and E-mail check will not function without this37http://www.symantec.com/nav/nav_9xnt/0
129Symantec Configuration Loader1 11ccApp32.exe1 00 38Added by a variant of the GAOBOT WORM!83http://securityresponse.symantec.com/avcenter/venc/data/pf/w32.hllw.gaobot.gen.html0
420CCDoctorLogonTesting1 12ccdoctor.exe1 00369Checks your system to make sure it's configured properly for running Rational ClearCase, a source code management tool. ClearCase is fairly sophisticated so there are a lot of system-related things that can cause it grief. If you run ClearCase you should not disable this as it provides a valuable service, but technically it isn't required to use the ClearCase product52http://www.rational.com/products/clearcase/index.jsp0
4 8CcEvtMgr1 12ccEvtMgr.exe1 00219Part of Norton AntiVirus 2003. Event manager for scheduling weekly scans and or automatic virus updates. Used to start automatically via "ccApp" and was not required as a seperate entry but a recent update changed this37http://www.symantec.com/nav/nav_9xnt/0
116nortonsantivirus1 13ccEvtMngr.exe1 00 29Added by the HZDOOR-A TROJAN!57http://www.sophos.com/virusinfo/analyses/trojhzdoora.html0
214CorrectConnect1 12CConnect.exe1 00 89Broadband ISP diagnostic tool - as used by NTL and Cox Communications. Shortcut available 01
3 7ccProxy1 11CCPROXY.EXE1 00206Part of Norton Internet Security, proxy server that is used to support the parental controls. If you turn parental controls off at user level the process is not loaded. Reported to cause excessive CPU usage 01
4 8CcPxySvc1 12CCPXYSVC.exe1 00145Part of Norton's AntiVirus 2003, Internet Security and Firewall products. E-mail proxy service - required for E-mail scanning and the firewall37http://www.symantec.com/nav/nav_9xnt/0
4 8CcRegVfy1 12ccRegVfy.exe1 00203Part of Norton AntiVirus 2003. "ccRegVfy.exe is responsible for checking the integrity of the NAV registry entries to make sure that the information has not been changed by a malicious threat or a hack"37http://www.symantec.com/nav/nav_9xnt/0
4 8ccSetMgr1 12ccSetMgr.exe1 00 48Part of Norton AntiVirus 2004. What does it do? 01
120Configuration Loader1 10ccSort.exe1 00 28Added by the AGOBOT.SR WORM!84http://uk.trendmicro-europe.com/smb/security_info/ve_detail.php?Vname=WORM_AGOBOT.SR0
126Sygate Personals Firewalls1 9ccsrn.exe1 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 8ccUpdate1 12ccUpdate.exe1 00 28Added by the AGOBOT.YS WORM!99http://es.trendmicro-europe.com/enterprise/security_info/ve_detail.php?VName=WORM_AGOBOT.YS&VSect=T0
113Norton Update1 12ccUpdate.exe1 00 45Added by a variant of the AGOBOT/GAOBOT WORM!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN0
118Microsoft software1 12cdaccess.exe1 00 27Added by the RBOT.ABK WORM!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.ABK0
2 8CDANTSRV1 12CDANTSRV.exe1 00234C-Dilla License Management software. Used for any program that uses C-dilla Protection, example: 3D Studio Max 4.x. It loads as a service automatically but is not needed unless you run said program. Can be started and stopped manually 01
1 8Cdcompat1 12Cdcompat.exe1 00 25Added by the GEMA TROJAN!72http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html0
1 7cddrv321 11cddrv32.exe1 00 43Added by a variant of the CRYPTER.C TROJAN!58http://www.sophos.com/virusinfo/analyses/trojcrypterc.html0
3 9Cool Desk1 9cdesk.exe1 00249Cool Desk is a virtual desktops manager. "Ever you wished to have several screens on your computer? Cool Desk creates up to 9 virtual desktops and offers you to have different windows on each of them". Not required but may be of use to you25http://www.shelltoys.com/0
2 5bjcfd1 7cdf.exe1 00154BroadJump Client Foundation. Broadband troubleshooting software installed by various companies. Not required and you can remove it via Add/Remove programs25http://www.broadjump.com/0
213CDInterceptor1 7cdi.exe1 00 48CD indexer for measuring the speed of CD players 01
110MS-Connect1 7cdm.exe1 00 32Adult content dialler - see here49http://vil.mcafee.com/dispVirus.asp?virus_k=999720
1 9SystemTra1 10CDPlay.EXE1 00 39Added by a variant of the LOVGATE WORM!80http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.lovgate@mm.html0
2 6CDTray1 10CDTray.exe1 00 53On HP PCs, this is the small CD icon next to the time 01
1 6CyDoor1 11CD_Load.exe1 00 90Adware. Check here for information about Cy-Door and here for a program that can remove it30http://www.cexx.org/cydoor.htm0
112CydoorUpdate1 11CD_Load.exe1 00 90Adware. Check here for information about Cy-Door and here for a program that can remove it30http://www.cexx.org/cydoor.htm0
3 8CeEPOWER1 12cepmtray.exe1 00249Toshiba's Power Management Utility - allows the user to setup different profiles for both AC power and Battery Power on laptops. Contols CPU speed, Monitor Shut Off, Hard Drive Shut-Off, Monitor Brightness, System Stand-by and System Hibernate times 01
126Advanced Internet Protocol1 8cerf.exe1 00 38Added by a variant of the SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
313SetecCertUtil1 12Certutil.exe1 00196Setec Web and Email Security. Setec PKI smart card software. The PKI technology enables secure and reliable user identification in services offered through Internet, mobile handsets and digital TV 01
2 3CFD1 7CFD.exe1 00154BroadJump Client Foundation. Broadband troubleshooting software installed by various companies. Not required and you can remove it via Add/Remove programs25http://www.broadjump.com/0
236Corel Colleagues &Contacts Reminders1 10cffrem.exe1 00135Corel Colleagues & Contracts - all-in-one organizer for scheduling meetings, maintaining addresses, etc. Part of Corel Print Office43http://www.corel.com/printoffice_v1/ccc.htm0
231Corel Family &Friends reminders1 10CFFREM.EXE1 00112Corel Family & Friends - all-in-one calender, address book and list manager. Part of Corel Print House Magic67http://www.corel.com/products/graphicsandpublishing/phmagic/CFF.htm0
117Microsoft Runtime1 12CfgDll32.exe1 00 28Added by the RANDEX.BD WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.bd.html0
4 8cfgintpr1 12cfgintpr.exe1 00 61Configuration Interpreter - part of Tiny Personal Firewall V444http://www.tinysoftware.com/home/tiny2?la=EN0
014Printer Update1 10CFGREG.EXE1 00101Maybe a registration reminder or automatically updates drivers or application software for a printer? 01
310ConfigSafe1 11CFGSAFE.EXE1 00198ConfigSafe - lets you identify changes to the registry, INI files, System asset files, system hardware, network connections, and operating system versions -- provides a restore function. Your choice47http://www.imaginelan.com/configsafe/index.html0
0 5load=1 12cfgsys32.exe1 00 2?? 01
2 6cfgwiz1 10cfgwiz.exe1 00126Introduced with Norton Anti-Virus 2002, this is a real resource hog. Many NAV users will find they can live without loading it 01
210NAV CfgWiz1 10cfgwiz.exe1 00126Introduced with Norton Anti-Virus 2002, this is a real resource hog. Many NAV users will find they can live without loading it 01
224NAV Configuration Wizard1 10cfgwiz.exe1 00126Introduced with Norton Anti-Virus 2002, this is a real resource hog. Many NAV users will find they can live without loading it 01
218Norton SystemWorks1 10cfgwiz.exe1 00117Norton System Works configuration wizard. Reportedly a resource hog. Many users find they can live without loading it 01
120Configuration Wizard1 12Cfgwiz32.exe1 00127Added by a variant of the HACKTACK TROJAN! Not to be confused with the legitimate MS "ISDN Configuration Wizard" (Cfgwiz32.exe)80http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_HCKTCK.2K.C0
316TMA distribution1 10cfinst.exe1 00143Part of Intel's LANDesk Management Suite 6 and the Common Base Agent (CBA) - used for communicating between the core server and managed clients 01
113SFtrb Service1 11cftrb32.exe1 00 26Added by the SOBIG.D WORM!62http://www.symantec.com/avcenter/venc/data/w32.sobig.d@mm.html0
225Norton Crashguard Monitor1 10cgmenu.exe1 00100Troublesome program that doesn't actually work with WinME so Norton removed it from SystemWorks 2001 01
3 8CGServer1 12cgserver.exe1 00270Associated with an Eicon Networks ISDN or ADSL modem. Call Guard Server (CGserver) watches your modem and blocks incoming or outgoing calls. You need cgard.exe (from Startmenu) to configure cgserver with rules and telephone numbers. Good against unwanted dialer programs42http://www.eicon.com/worldwide/default.htm0
115Cgtask Services1 10cgtask.exe1 00 27Added by the LALA.B TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/backdoor.lala.b.html0
314System startup1 12charmapx.exe1 00 43Only required if using an oriental language 01
011Bingo Charm1 10charms.exe1 00 84Some kind of screen icon kind of like desk flag, but it gives you a choice of icons? 01
2 8Chatango1 12Chatango.exe1 00582Chatango - "allows people to be connected in real time through their Web browsers. Include your Chatango contact link or button when you create eBay auctions, blogs, personal websites, Friendster profiles, and your visitors will be able to contact you instantly, without downloading anything, or registering. Alo use it to send email to your friends, allowing them to respond to you in real time!." The 'MessageCatcher' icon in the System Tray notifies you when you get a message. When you get a message, a little alert pops up, which you can click on and start chatting immediately24http://www.chatango.com/0
2 8Chcenter1 12chcenter.exe1 00 86IMSI HiJaak - "the easiest way to convert, capture, and manage all your graphic files"49http://www.imsisoft.com/prodinfo.asp?t=1&mcid=1000
2 8Shcenter1 12chcenter.exe1 00 86IMSI HiJaak - "the easiest way to convert, capture, and manage all your graphic files"49http://www.imsisoft.com/prodinfo.asp?t=1&mcid=1000
1 8GigaByte1 11Cheatle.exe1 00 27Added by the SHODI.B VIRUS!77http://securityresponse.symantec.com/avcenter/venc/data/w32.hllp.shodi.b.html0
111mspaint.exe1 11check32.exe1 00 29Added by the AGENT.AH TROJAN!57http://www.sophos.com/virusinfo/analyses/trojagentah.html0
338WashAndGo - Cleanup of old Backupfiles1 11checker.exe1 00 29WashAndGo - temp file cleaner38http://www.abelssoft.com/washandgo.htm0
1 5eixfi1 9china.bat1 00 25Added by the WCUP.A WORM!74http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BAT_WCUP.A0
2 8CHKADMIN1 12CHKADMIN.EXE1 00129Compaq Network Management System. When running, it places an icon in the system tray titled "Intelligent Manageability" 01
211Pe2ckfnt SE1 11chkfont.exe1 00165Used to check whether the fonts are installed properly on your computer or not for a scanner. If you don't want to execute it, you can uncheck it in the startup menu 01
011ChangeLines1 12chngline.exe1 00 2?? 01
1 5Choke1 15Choke.exe-blahh1 00 24Added by the CHOKE WORM!62http://www.symantec.com/avcenter/venc/data/w32.choke.worm.html0
1 7chostsv1 11chostsv.exe1 00 30Added by the BANPAES.C TROJAN!78http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.banpaes.c.html0
015ChronitelInitTV1 12CHTVINIT.EXE1 00 2?? 01
110cihost.exe1 10cihost.exe1 00 26Added by the LINST TROJAN!73http://securityresponse.symantec.com/avcenter/venc/data/trojan.linst.html0
121Microsoft Data Helper1 10cihost.exe1 00 47Malware, possibly a variant of the LINST TROJAN73http://securityresponse.symantec.com/avcenter/venc/data/trojan.linst.html0
213CIJxP2PSERVER1 12CIJxP2PS.EXE1 00157Compaq printer utility which is required in order to make the printer work correctly - "x" depends upon the model, ie, for IJ300 x=3, for IJ700 x=7 01
214CISrvr Program1 10CISRVR.EXE1 00 40Related to internet setup on Compaq PC's 01
1 5Cissi1 9Cissi.exe1 00 26Added by the CISSI.A WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.cissi.a@mm.html0
315FamilyKeyLogger1 9cisvc.exe1 00154"Family Keylogger - is your best choice, if you want to know what other users on your machine are typing". Note! - this is not the cisvc.exe service.42http://www.spyarsenal.com/familykeylogger/0
2 7CitiVAN1 11CitiVAN.exe1 00140Option from Citibank to change a credit card number in a random fashion for each purchase. The number will only be used once and never again24http://www.citibank.com/0
122Windows Loader Service1 9civsc.exe1 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
4 7Cjstcom1 11Cjstcom.exe1 00 40Canon printer BJ status language monitor 01
228Canon Printer Monitor BJCxxx1 11Cjstlst.exe1 00 81Trayicon for Canon printer. xxx denotes model. Available via Start -> Programs 01
221BJ Status Monitor 5xx1 11CJSTRxx.EXE1 00172Canon printer status monitor - where "xx" is different depending upon the version. Not required as you can check the printer status via My Computer -> Printers 01
225BJ Printer Status Monitor1 10Cjstsr.exe1 00 31Canon BJ printer status monitor 01
312SymKeepAlive1 7CKA.exe1 00 72Part of Norton SystemWorks 2003 - keeps a dial-up modem connection alive44http://www.symantec.com/sabu/sysworks/basic/0
3 9CleanTemp1 13CleanTemp.exe1 00108CleanTemp - deletes the contents of the TEMP directory when Windows starts and then closes - using no memory44http://www.html2exe.com/mnu/dl/dl.shtml#free0
3 9CleanTemp1 13CLEANT~1.EXEB1 00108CleanTemp - deletes the contents of the TEMP directory when Windows starts and then closes - using no memory44http://www.html2exe.com/mnu/dl/dl.shtml#free0
014CleanupProgram1 11cleanup.exe1 00 44In a C:\Sony\sys folder - Sony Vaio related? 01
3 6ATICCC1 15cli.exe runtime2 00383ATI's CATALYSTÖ CONTROL CENTER. Required if you want to change graphics settings on a regular basis but you must have internet access and Microsoft's .NET framework installed. Note that this has "runtime" appended to cli.exe in the "Command" column of MSCONFIG. If not you can start the program manually via Start - Programs - ATI Catalyst Control Center - Advanced - Restart Runtime 01
224ATI CATALYST System Tray1 18CLI.exe SystemTray2 00235System Tray access to ATI's CATALYSTÖ CONTROL CENTER. Note that this has "SystemTray" appended to CLI.exe in the "Command" column of MSCONFIG. Not required to run the control center - which is available via a right-click on the desktop 01
3 6Vonage1 14click2call.exe1 00 43Vonage Voice over IP Internet phone service31http://www.vonage.com/index.php0
217Click Radio Tuner1 12clickr~1.exe1 00 70ClickRadio - subscription service playing radio music via the internet35http://www.clickradio.com/home.html0
219Click Tray Calendar1 12ClickT~1.EXE1 00 81ClickTray Calendar - shows holidays, reminders of various anniversaries,tasks etc55http://waseo.de/en/Freeware2/ClickTrayE/clicktraye.html0
1 8CLICONFG1 12CLICONFG.EXE1 00 28Added by the OPASERV.T WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.T0
2 9DigiGuide1 10CLIENT.EXE1 00 21TV guide and reminder 01
0 9pagmstart1 10client.exe1 00 25Possibly related to this? 7#FF00000
2 9DigiGuide1 12client01.exe1 00 21TV guide and reminder 01
210ClipMate5x1 12ClipMt5x.exe1 00128Clip Mate 5.x by Thornsoft. Utility that allows you to store more than one item in the clipboard. Available via Start - Programs44http://www.thornsoft.com/ProductOverview.asp0
2 9Clipmate61 12CLIPMT60.EXE1 00126Clip Mate 6 by Thornsoft. Utility that allows you to store more than one item in the clipboard. Available via Start - Programs35http://www.thornsoft.com/new_60.htm0
210Clipomatic1 14Clipomatic.exe1 00169Mike Lin's Clipomatic is a clipboard cache program - it remembers what was copied to the clipboard even after new data is copied, and allows you to retrieve the old data36http://www.mlin.net/Clipomatic.shtml0
216Clipbook Service1 11Clipsrv.exe1 00 86Supports Windows XP ClipBook Viewer, which allows pages to be seen by remote ClipBooks 01
2 7Clipsrv1 11Clipsrv.exe1 00 86Supports Windows XP ClipBook Viewer, which allows pages to be seen by remote ClipBooks 01
318SMS Client Service1 12clisvc95.exe1 00492When the SMS Client service starts on a domain controller, the Client service modifies the SMSCliToknAcct & user account group membership, user rights, and account comment. The Client service then waits for the synchronization of the comment to verify that the account and user rights are properly set for this account. This account is used to obtain a token to start the SMS Client processes, such as the Software Inventory and Software Distribution agents (MS Systems Management Server) 01
313CLMFrontPanel1 12clmpanel.exe1 00163System tray status/display/configuration utility for a number of modems. Can be disabled by right-clicking on the tray icon. If disabled, connection status is lost 01
3 9ClockWise1 13CLOCKWISE.EXE1 00258ClockWise - produced by R J Software - a time utility. It is a schedueler not only for dates, but you can choose it to run programs at any time. It also updates the time by connecting to an atomic clock server. This is a spyware-free alternative to ClockSync36http://www.rjsoftware.com/ClockWise/0
3 7CloneCD1 15CloneCDTray.exe1 00159System tray for CloneCD - the only useful option is "Hide CDR Media" only available via this tray. Has additional unknown functions in later versions36http://www.elby.org/CloneCD/english/0
311CloneCDTray1 15CloneCDTray.exe1 00159System tray for CloneCD - the only useful option is "Hide CDR Media" only available via this tray. Has additional unknown functions in later versions36http://www.elby.org/CloneCD/english/0
320CyberLat Ram Cleaner1 16CLRamCleaner.exe1 00206CyberLat RAM Cleaner is a program that Frees, Optimizes and Defrags your system's wasted memory (RAM). Some users swear by programs such as this but I suggest you read this article and make up your own mind35http://www.cyberlat.com/ramcleaner/0
1 9MSVersion1 14clrschp038.exe1 00 63Added by the POPMON.A TROJAN! - also known as PopMonster adware77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_POPMON.A0
3 3cma1 7cma.exe1 00 87DeskSite CMA siftware - "retrieves new content from the DeskSite Data Center"29http://www.desksitemusic.com/0
312Desksite CMA1 7cma.exe1 00 87DeskSite CMA siftware - "retrieves new content from the DeskSite Data Center"29http://www.desksitemusic.com/0
216CyberMedia Agent1 11CMAGENT.EXE1 00204Part of CyberMedia's Oil Change program. Not normally required. Note - if you have TextBridge, CyberMedia Agent may attach itself to TextBridge and cause TextBridge to crash everything if this is disabled 01
218Connection Manager1 12CManager.exe1 00229SBC Yahoo DSL service connection manager. You can connect from the network connections. Users having problems with this have been advised to uninstall the connection manager via Add/Remove Programs and it won't affect the service 01
118Dynamic Dns Binary1 9CMD16.EXE1 00113A R-Bot WORM variant functioning as a backdoor Trojan uses this file to terminate processes, among other actions.55http://www.sophos.com/virusinfo/analyses/w32rbotxm.html0
1 3Cmd1 9cmd32.exe1 00 25Added by the TANKED WORM!57http://www.viruslibrary.com/virusinfo/Worm.P2P.Tanked.htm0
120Configuration Loader1 9cmd32.exe1 00 39Added by the LOADCFG or SDBOT TROJANS!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_LOADCFG.A0
1 6cmdcon1 10cmdcon.exe1 00 30Added by the CRYPTER.A TROJAN!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A0
1 6MyLife1 11CmdServ.exe1 00 26Added by the HOLAR.A WORM!76http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_HOLAR.A0
1 3CME1 7cme.exe1 00 70Part of Gator advertising spyware - see here for removal instructions46http://www.thiefware.com/info/data.gator.shtml0
315Check Messenger1 12cmesseng.exe1 00 97Check Messenger from Qchex.com - program that helps you manage the activity of your Qchex account34http://www.qchex.com/messenger.asp0
1 6CmeSYS1 10CMEsys.exe1 00 70Part of Gator advertising spyware - see here for removal instructions46http://www.thiefware.com/info/data.gator.shtml0
1 6CmeUPD1 10CMEupd.exe1 00 70Part of Gator advertising spyware - see here for removal instructions46http://www.thiefware.com/info/data.gator.shtml0
0 8CMGrdian1 12CMGrdian.exe1 00 36One of the McAfee shared components. 01
2 8Guardian1 12CMGrdian.exe1 00211McAfee's QuickClean, an offline version of the one in their online Clinic. Normally run offline and not needed. Incidentally, incorporates more cleanup programs than the likes of WinOptimizer and System Mechanic 01
215McAfee Guardian1 12CMGRDIAN.EXE1 00211McAfee's QuickClean, an offline version of the one in their online Clinic. Normally run offline and not needed. Incidentally, incorporates more cleanup programs than the likes of WinOptimizer and System Mechanic 01
3 7ORiNOCO1 9Cmluc.exe1 00 56Client Manager software for an ORiNOCO wireless LAN card31http://www.orinocowireless.com/0
110Cmmon32Sys1 11cmmon32.exe1 00 29Added by the SMALL.CL TROJAN! 01
2 4run=1 9cmmpu.exe1 00212MIDI emulator driver for the integrated sound chip by C-Media based on the CMI-8330 chip set normally found in cheap motherboards. Also installed as part of the software for a Guillemot Maxi Muse sound card (PCI) 01
3 8CMPDPSRV1 12CMPDPSRV.EXE1 00237Printer Driver Plus from ViewAhead Technology (formerly DeviceGuys, Inc.). "Printer Driver Plus seamlessly integrates all the necessary components of a printer driver, plus more." Installed with some Compaq and Lexmark printers32http://www.viewahead.com/PDP.htm0
125Microsoft System32 Update1 9cmsrg.exe1 00 26Added by the RBOT-GN WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotgn.html0
118Microsofts Updatez1 10cmsssr.exe1 00 47Added by an unidentified VIRUS, WORM or TROJAN! 01
1 6cmt1011 10cmt101.exe1 00 43Added by a variant of the CRYPTER.C TROJAN!58http://www.sophos.com/virusinfo/analyses/trojcrypterc.html0
1 5cmx321 9cmx32.exe1 00 27Added by the GEMA.D TROJAN!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=404930
1 6CNBABE1 10CNBABE.EXE1 00103Appears to be spyware added by KAZAA (and maybe others) that displays pop-up ads whilst you're browsing 01
115UpdateComponent1 11CNF UPD.EXE2 00 30Added by the SPYBOT.GEN VIRUS! 01
1 8shambl3r1 7cnf.bat1 00 25Added by the REMABL WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.remabl.worm.html0
121Configuration Manager1 12CNFGLD32.EXE1 00 27Added by the SDBOT TROJAN!75http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.html0
121Configuration Manager1 11Cnfgldr.exe1 00 27Added by the SDBOT TROJAN!75http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.html0
1 7Cnfrm321 9cnfrm.exe1 00 27Added by the MIMAIL.D WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.mimail.d@mm.html0
1 6Dluxjp1 9cnfrm.exe1 00 28Added by the DLUCA.D TROJAN!79http://securityresponse.symantec.com/avcenter/venc/data/downloader.dluca.d.html0
1 5Cn3231 11cnfrm33.exe1 00 27Added by the MIMAIL.G WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.mimail.g@mm.html0
1 9Mspatch891 10cnqmax.exe1 00 27Added by the RANDEX.P WORM!73http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.p.html0
124System Failure Statistic1 10cnstat.exe1 00 26Added by the RBOT-LF WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotlf.html0
213CnxDslTaskBar1 12CnxDslTb.exe1 00 78Connexant DSL Taskbar as used on Acess Runner and Samsung AHT-E310 ADSL modems 01
2 9WooCnxMon1 10CnxMon.exe1 00 69Wanadoo ISP software related - not required - here's how to bypass it54http://www.faqoe.com/index.php?bas=/connexionmanel.htm0
3 8siscolor1 9color.exe1 00206Probably on-board graphics related based upon the SiS chipsets. Has been seen on ASUS motherboards with SiS chipsets and known to cause conflicts if you choose another graphics card and disable the on-board 01
3 8coloreal1 12coloreal.exe1 00 85Makes colours sharper and brighter, but will only work with coloreal capable monitors 01
3 9WCOLOREAL1 12coloreal.exe1 00 85Makes colours sharper and brighter, but will only work with coloreal capable monitors 01
411MaxtorCombo1 15ComboButton.exe1 00140Required to be able to use the Maxtor OneTouch button on your external Maxtor harddrive. It is used to start up backup software (Retrospect) 01
1 6COMCFG1 10comcfg.exe1 00 30Added by the TOADCOM.A TROJAN!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_TOADCOM.A0
1 8comctl321 12comctl32.exe1 00 88Adware - recognized by Kaspersky antivirus and others as TrojanDownloader.Win32.Agent.am36http://www.kaspersky.com/personalpro0
1 6VB_run1 13comctl_32.exe1 00 36Dubious downloader from densmail.com 01
229NB Common Dialog Enhancements1 12COMDLGEX.EXE1 00106Part of McAfee Nuts & Bolts. With Common Dialog Enhancements, you can add MRU list box to open dialogs 01
1 6CC2KUI1 9comet.exe1 00192Comet Cursor - displays different mouse pointers dependent upon the site your visiting. Malware because it automatically installs. See here for more information and for the uninstall procedure43http://www.accs-net.com/smallfish/comet.htm0
112SSWPlauncher1 27comet.exe /app:SSWPlauncher2 00 28CometCursor by Comet Systems48http://www.doxdesk.com/parasite/CometCursor.html0
2 6COM-IP1 9COMIP.EXE1 00189COM-IP Virtual Modem Driver (COM-IP Creates a Fake Serial Port that allows you to use older DOS Based Communications Programs over Telnet. Type atdt host.domain.com instead of atdt 5551212) 01
1 7COMMAND1 11command.exe1 00 29Added by the QQPASS.E TROJAN!80http://securityresponse.symantec.com/avcenter/venc/data/trojan.pws.qqpass.e.html0
110WinProfile1 11Command.exe1 00 26Added by the BUDDY TROJAN!76http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_BUDDY.E0
110Messenger61 11command.pif1 00 26Added by the INZAE.B WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.inzae.b@mm.html0
1 5candy1 13command32.exe1 00 26Added by the RBOT-LV WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotlv.html0
111Win Command1 13command32.exe1 00 28Added by the AGOBOT.XQ WORM!108http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?id=65289&VName=WORM_AGOBOT.XQ&VSect=T0
111Win Command1 13command32.exe1 00 28Added by the AGOBOT.XQ WORM!108http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?id=65289&VName=WORM_AGOBOT.XQ&VSect=T0
210IomegaWare1 13COMMANDER.EXE1 00 99Used by Iomega drives. Details of its purpose can be found here. Available via Start -> Programs57http://pw2.netcom.com/~deepone/zipjaz/ioware.html#startup0
316Browser Launcher1 12Commandr.exe1 00172Logitech internet keyboard "Commander" software - loads the software for the shortcut keys on the keyboard. Not required unless you want to use the short cut keys 01
317zBrowser Launcher1 12Commandr.exe1 00193For a Logitech internet keyboard - loads the software for the shortcut keys on the keyboard. Also used to display your keyboard LEDs on-screen to indicate Caps Lock, etc if it doesn't have them 01
2 7CommCtr1 11commctr.exe1 00181"Net2Phone CommCenter is the latest in Internet voice technology allowing you to place calls easily all over the world right from your PC!". Available via Start - Programs62http://commcenter.net2phone.com/GLPPublish.asp?idpage=features0
311Comm Driver1 11commh32.exe1 00157G Data "PC Spion". PC monitoring and surveilling software, captures all users activity on the PC, see here. Disable/remove if you didn't install it yourself! 8PC Spion0
213AOL Companion1 13companion.exe1 00212Part of the AOL Connection Suite and installs an icon on the system tray offering easy access to AOL's additional utilities and functions. This program is a non-essential process, and is installed for ease of use 01
221Compaq Message Server1 14COMPAQ-RBA.EXE1 00718Applies to the CPQBootPerfDB entry as well. These files generate some kind of server or servlet that attempts to connect with Compaq online. They are like Trojans, but fairly harmless. They send information on the "Compaq Advisor/Compaq Message Screener" application that comes with every Compaq computer and provide feedback on how computer users use the Message Advisor. These messages appear occasionally and instruct and advise users on their computer and its use. They generally attempt to get you (these messages) to connect to Compaq's website. They may be safely disabled via (1) MSCONFIG or (2) Start - Programs - Compaq Advisor - Advisor Settings under the "advanced" tab. Not required and can cause problems 01
1 5comxt1 9comxt.exe1 00 26Added by the COMXT TROJAN!60http://www.symantec.com/avcenter/venc/data/trojan.comxt.html0
114Zekio Startups1 10condll.exe1 00113W32/Agobot-AGD is an IRC backdoor Trojan and network worm. This file is located in the Windows system directory.58http://www.sophos.com/virusinfo/analyses/w32agobotagd.html0
120Configuration Loader1 12confgldr.exe1 00 26Added by the POLYBOT WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.polybot.html0
1 6AolCon1 10config.com1 00 25Added by the TAPLAK WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.taplak.html0
214ConfigServices1 10Config.exe1 00 36Part of initial setup on a Compaq PC 01
221Configuration Utility1 10CONFIG.EXE1 00 64Controls linksys wireless connection. Available from the Desktop 01
121Microsoft Config File1 10config.exe1 00 94Added by the KILLFILES.GR TROJAN! This is malware that will attempt to delete all system dlls! 01
112Config33.exe1 12Config33.exe1 00 28Added by the SDBOT.T TROJAN!76http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.T0
121Configuration Loading1 13configldr.exe1 00 28Added by the AGOBOT-EC WORM!57http://www.sophos.com/virusinfo/analyses/w32agobotec.html0
021Palm MultiUser Config1 14Configtool.exe1 00 47MultiUser configuration for a Palm PDA device?. 01
2 7Gearbox1 11confsvr.exe1 00210NTL's Gearbox software for configuring internet connections with their NTLWorld software - does a similar job to the Internet Connection Wizard which can be used instead using the dial-up details available here41http://www.ntlworld.com/help/settings.htm0
2 6Conmgr1 10conmgr.exe1 00 28Starts Winfax pro at startup 01
310ConMgr.exe1 10conmgr.exe1 00172Connection Manager as used by Earthlink and others. If you need this to ensure a proper connection but don't want to connect at startup try creating your own shortcut 01
1 4Cons1 12consol32.exe1 00 89Hijacker - redirects to a p0rn portal, where foistware like ISTBar gets stealth installed 01
0 8Contacte1 12contacte.exe1 00 20Some kind of driver? 01
115Windows Control1 11Control.exe1 00218Browser hijacker. NOTE - On Win9x systems it will overwrite the Windows file of the same name in the Windows directory, so therefore it will be necessary to extract a fresh copy of the file from the Windows setup cabs! 01
310CookieWall1 10cookie.exe1 00147CookieWall from Analog X. Allows you to decide which internet sites can add "cookies" related to their sites for the next time you return59http://www.analogx.com/contents/download/network/cookie.htm0
312Cookie Cop 21 13CookieCop.exe1 00169Cookie Cop 2 from PC Magazine - cookie manager. Allows you to decide which internet sites can add "cookies" related to their sites for the next time you return50http://www.pcmag.com/article/0,2997,a=20844,00.asp0
3 9CookieJar1 13Cookiejar.exe1 00169Cookie Jar cookie manager from Jason's Toolbox. Allows you to decide which internet sites can add "cookies" related to their sites for the next time you return43http://www.jasons-toolbox.com/cookiejar.asp0
124Microsoft System Checkup1 8Cool.exe1 00 25Added by the DONK.B WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.donk.b.html0
322CopernicPerUserTaskMgr1 26CopernicPerUserTaskMgr.exe1 00 66Automatic tasking feature of Copernic Pro multi-search engine tool 01
113WinShowUpdate1 50copy C:\WINDOWS\winshow.new C:\WINDOW\Swinshow.dll2 00 96Winshow parasiate related - from the "RunOnce" keys it replaces "winshow.dll" with a new version44http://www.doxdesk.com/parasite/Winshow.html0
311Resume Copy1 12copyfstq.exe1 00231Part of Total Copy - an improved version of the Windows copy function. Allows for resumption file copies or moves in progress when computer was shut down. Not required if your not using the program or don't care about that function28http://ranvik.net/totalcopy/0
310CoreCenter1 14CoreCenter.exe1 00126MSI Core Center - motherboard utility for monitoring CPU speed, voltages, temperatures and fans speeds as well as overclocking 01
310CoreCenter1 12CORECE~1.EXE1 00126MSI Core Center - motherboard utility for monitoring CPU speed, voltages, temperatures and fans speeds as well as overclocking 01
1 7CoreSrv1 11coresrv.exe1 00 63Some IRC trojans/worms use this - see here for more information29http://lockdowncorp.com/bots/0
0 7CORESYS1 11coresys.exe1 00 2?? 01
111PC-Config321 10corona.exe1 00 28Added by the CORONEX.A WORM!57http://www.sophos.com/virusinfo/analyses/w32coronexa.html0
1 6cosine1 10cosine.exe1 00 26Added by the RBOT-SW WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotsw.html0
1 9couponica1 13couponica.exe1 00 17Adware - see here47http://vil.nai.com/vil/content/v_100077.htm#top0
3 7CP32NOT1 11CP32BTN.EXE1 00126For the programmable "one-touch" buttons on HP laptops (and others?). Safe to disable if you don't use these buttons 01
013CPA9P2PSERVER1 12CPA9P2PS.exe1 00 42Found on a Compaq Presario but what is it? 01
219Verizon Control Pad1 8cpad.exe1 00100Control Pad - installed with Verizon DSL accounts. Tool designed to streamline the online experience56http://www.verizon.net/pands/dsl/benefits/controlpad.asp0
3 7CPATR101 11CPATR10.EXE1 00148Dritek/Compal ATR10 Easy Button driver. Used on certain laptops (e.g. Toshiba, Compaq) to translate special hotkeys such as Play/Pause and Constrast 01
310Cookie Pal1 12CPBRWTCH.EXE1 00169Kookaburra Softwares Cookie Pal cookie manager. Allows you to decide which internet sites can add "cookies" related to their sites for the next time you return61http://www.pcmag.com/article/0,2997,s=1626&a=12703,00.asp0
3 8CPBrWtch1 12CPBrWtch.exe1 00169Kookaburra Softwares Cookie Pal cookie manager. Allows you to decide which internet sites can add "cookies" related to their sites for the next time you return61http://www.pcmag.com/article/0,2997,s=1626&a=12703,00.asp0
415McAfee Firewall1 7CPD.EXE1 00 78Firewall bundled with McAfee VirusScan 6.*. Can also be listed as CPD_EXE 01
010CPortPatch1 11cppatch.exe1 00107CPortPatch is a utility is required for Dell laptops that are using a docking station. Is it needed though? 01
322A1000 Settings Utility1 12cpqa1000.exe1 00164Compaq A1000 Print Fax All-in-One copy scan printer software. Required in the Startup in order to scan, print, copy and fax. Only required if you use these features 01
4 7CPQAcDc1 11CPQAcDc.exe1 00 53Compaq PowerCon power management software for laptops 01
314Compaq Alerter1 12CPQAlert.exe1 00265Compaq's Insight Manager Agent - a tool that allows for "fault, performance, and configuration management". Recommended for corporate users only. It's best removed if installed but not wanted, rather than disabled at startup. See here for more information70http://www.compaq.com/products/servers/management/cim-description.html0
3 8CPQAlert1 12CPQAlert.exe1 00265Compaq's Insight Manager Agent - a tool that allows for "fault, performance, and configuration management". Recommended for corporate users only. It's best removed if installed but not wanted, rather than disabled at startup. See here for more information70http://www.compaq.com/products/servers/management/cim-description.html0
213CPQBootPerfDB1 17CPQBootPerfDB.EXE1 00 39See the entry for Compaq Message Server 01
4 8CPQCalib1 12CPQCalib.exe1 00 53Compaq PowerCon power management software for laptops 01
2 8CPQDFWAG1 12CpqDfwAg.exe1 00 54For Compaq PC's. Runs Compaq diagnostics on every boot 01
210System DLF1 12cpqdiaga.exe1 00165Compaq Diagnostic record system utility which allow you to view information about your computer's hardware and software configuration. Available via Start - Programs 01
210Compaq DMI1 10cpqdmi.exe1 00 50Compaq version of the Desktop Management Interface 01
310CPQEASYACC1 11cpqeadm.exe1 00116For Compaq PC's. Allows the use of programmable keys on mulimedia keyboards. Required if you use the additional keys 01
3 7cpqeaui1 11cpqeaui.exe1 00116For Compaq PC's. Allows the use of programmable keys on mulimedia keyboards. Required if you use the additional keys 01
021CompaqHW Comp Manager1 10cpqhcm.exe1 00 39Running on a Compaq laptop - any ideas? 01
323CPQInet Runtime Service1 11CpqInet.exe1 00143For Compaq PC's. Allows AOL and Compuserve to use the Easy Access buttons for the internet. Is not required if you don't use the ISP providers75http://h18000.www1.hp.com/support/techpubs/whitepapers/13W1-1200a-wwen.html0
211CPQINKAGENT1 12cpqinkag.exe1 00164That is the Compaq Ink Agent for some inkjet printers, it lets users know when their ink cartridges are getting close to empty (by how many pages they have printed) 01
316Compaq PK Daemon1 9cpqkl.exe1 00 91For Compaq laptops for programming user configurable keys. Not required unless you use them 01
3 5cpqns1 12cpqnpcss.exe1 00 58Related to Compaq.Net - not required if you don't use that 01
213CompaqSystray1 11cpqpscp.exe1 00 23Compaq System Tray icon 01
125Norton Live Update Server1 9cpsdv.exe1 00 30Added by the AGOBOT.EW TROJAN!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.EW0
3 7CPUcool1 11Cpucool.exe1 00140Program to keep the processor cool when idle in "overclocked" systems. Also available via Start -> Settings -> Control Panel 01
111CPU Manager1 10cpumgr.exe1 00 27Added by the PANDEM.B WORM!78http://securityresponse.symantec.com/avcenter/venc/data/w32.pandem.b.worm.html0
319IntelProcNumUtility1 13cpunumber.exe1 00284Intel Processor Serial Number Control Utility allows you to enable and disable the processor serial number capability of an Intel PIII processor. You can find more information here. System Tray icon providing the user with a visual state indication. You can find more information here58http://www.intel.com/support/processors/pentiumiii/psu.htm0
1 7Cpusave1 11Cpusave.exe1 00 25Added by the GEMA TROJAN!72http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html0
1 9Cpusave321 13Cpusave32.exe1 00 25Added by the GEMA TROJAN!72http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html0
316cracked_windows11 20cracked_windows1.exe1 00 28Cracked Windows popup killer71http://www.angelfire.com/electronic/purplexed/files/crackedwindows.html0
116Create A Monster1 18createAMonster.exe1 00 80Kudd.com CreateAMonster. Reportedly stealth installed and Look2Me adware related54http://sarc.com/avcenter/venc/data/adware.look2me.html0
2 8CreateCD1 12Createcd.exe1 00 95Adaptec Easy CD Creator system tray application (pre version 5). Available via Start - Programs 01
210CreateCD501 14Createcd50.exe1 00 89Adaptec Easy CD Creator version 5 system tray application. Available via Start - Programs 01
110setFTPBack1 12createsw.exe1 00 30Added by the FTP_BMAIL TROJAN!79http://securityresponse.symantec.com/avcenter/venc/data/backdoor.ftp_bmail.html0
112Creative.exe1 12Creative.exe1 00 25Added by the PROLIN WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.prolin.worm.html0
127Print Driver Helper Service1 9crsrr.exe1 00 29Added by the AGENT-BC TROJAN!57http://www.sophos.com/virusinfo/analyses/trojagentbc.html0
110Auto updat1 9crsrs.exe1 00 28Added by the FORBOT-AK WORM!57http://www.sophos.com/virusinfo/analyses/w32forbotak.html0
115[various names]1 9crsrs.exe1 00 28Added by the FORBOT-AK WORM!57http://www.sophos.com/virusinfo/analyses/w32forbotak.html0
134Controlled Resource System Service1 8crss.exe1 00 28Added by the AGOBOT.GH WORM!68http://www.liutilities.com/products/wintaskspro/processlibrary/crss/0
121System Config Manager1 8crss.exe1 00 28Added by the AGOBOT.GH WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GH0
120Win32 Network Driver1 8crss.exe1 00 45Added by a variant of the AGOBOT/GAOBOT WORM!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN0
125Windows Registry Security1 8crss.exe1 00 41Added by a variant of the IRC.BOT TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.bot.html0
112CaptionMgr321 9crssr.exe1 00163Added by the Zar.A infection. It attempts to spread itself through emails sent out with the subject "Tsunami Donation!". The file is found in the Windows folder.43http://www.f-secure.com/v-descs/zar_a.shtml0
121Windows media service1 9crsss.exe1 00 27Added by the RBOT.ACY WORM!105http://es.trendmicro-europe.com/consumer/security_info/ve_detail.php?id=67015&VName=WORM_RBOT.ACY&VSect=T0
118CRC Value Verifier1 11crsss32.exe1 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
118CRC Value Verifier1 11Crsss64.exe1 00 26Added by the RBOT-NY WORM!58http://www.sophos.com.au/virusinfo/analyses/w32rbotny.html0
124Microsoft Control Center1 8crtl.exe1 00 20Added by W32/Rbot-VX55http://www.sophos.com/virusinfo/analyses/w32rbotvx.html0
121Windows media service1 9crvss.exe1 00 27Added by the SDBOT.VP WORM!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.VP0
118IPv6 Helper Driver1 9csass.exe1 00 28Added by the AGOBOT.TC WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.TC0
117WSAConfiguration11 9csass.exe1 00 28Added by the AGOBOT.WH WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.WH0
0 3csc1 7csc.exe1 00 2?? 01
122Microsoft Data Machine1 12csdata32.exe1 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
312CSINJECT.EXE1 12CSINJECT.EXE1 00221Part of Quarterdeck/Norton CleanSweep. For a full description see here. An excerpt - "Csinject must be loaded in order for Smart Sweep to automatically monitor installations and properly track registry changes."74http://service1.symantec.com/SUPPORT/cleansweep.nsf/docid/19990224132957280
338CleanSweep Smart Sweep- Internet Sweep1 12Csinsm32.exe1 00 89Automatic logging of installs from Norton CleanSweep - available via Start -> Programs 01
3 4MPEO1 12Csinsm32.exe1 00 89Automatic logging of installs from Norton CleanSweep - available via Start -> Programs 01
118Service Controller1 9Csrrs.exe1 00 28Added by the GAOBOT.AO WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.ao.html0
1 8Com+ Sys1 8csrs.exe1 00 28Added by the FORBOT-BT WORM!57http://www.sophos.com/virusinfo/analyses/w32forbotbt.html0
1 7NetWork1 8csrs.exe1 00 28Added by the AGOBOT.JJ WORM!91http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?VName=WORM_AGOBOT.JJ0
122Windows Update Service1 8csrs.exe1 00 28Added by the AGOBOT-NI WORM!57http://www.sophos.com/virusinfo/analyses/w32agobotni.html0
1 5csrsc1 9csrsc.exe1 00 47Added by an unidentified VIRUS, WORM or TROJAN! 01
118Microsoft Registry1 9csrse.exe1 00 26Added by the RBOT-PC WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotpc.html0
1 9.TEXTCONV1 9csrss.exe1 00124Added by the WEBUS TROJAN! Note - this is not the legitimate csrss.exe process, which should not appear in Msconfig/Startup!73http://securityresponse.symantec.com/avcenter/venc/data/trojan.webus.html0
1 8.WMAudio1 9csrss.exe1 00124Added by the WEBUS TROJAN! Note - this is not the legitimate csrss.exe process, which should not appear in Msconfig/Startup!73http://securityresponse.symantec.com/avcenter/venc/data/trojan.webus.html0
121AdRotator.Application1 9csrss.exe1 00167AdRotator adware. Note - this is not the valid Client Server Runtime Subsystem csrss.exe process, which provides text window support, shutdown, and hard-error handling79http://www.giantcompany.com/antispyware/research/spyware/spyware-AdRotator.aspx0
1 7BagleAV1 9csrss.exe1 00125Added by the NETSKY.AB WORM! Note - this is not the legitimate csrss.exe process which should NOT appear in Msconfig/Startup!77http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.ab@mm.html0
1 9BuildLabs1 9csrss.exe1 00124Added by the WEBUS TROJAN! Note - this is not the legitimate csrss.exe process, which should not appear in Msconfig/Startup!73http://securityresponse.symantec.com/avcenter/venc/data/trojan.webus.html0
1 7ccpApps1 9csrss.exe1 00124Added by the WEBUS TROJAN! Note - this is not the legitimate csrss.exe process, which should not appear in Msconfig/Startup!73http://securityresponse.symantec.com/avcenter/venc/data/trojan.webus.html0
114ClickTheButton1 9csrss.exe1 00134ClickTheButton Downloader-MY adware. Note - this is not the legitimate csrss.exe process, which should not appear in Msconfig/Startup!43http://vil.nai.com/vil/content/v_126801.htm0
1 5CSRSS1 9CSRSS.EXE1 00217Search page hijacker, redirecting to http://www.search-aide.com/. Note - this is not the valid Client Server Runtime Subsystem (csrss.exe) process, which provides text window support, shutdown, and hard-error handling69http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/0
1 6DIECOX1 9csrss.exe1 00139Added by a variant of the ATM.GEN TROJAN! Note - this is not the legitimate csrss.exe process, which should not appear in Msconfig/Startup!43http://vil.nai.com/vil/content/v_100826.htm0
111FiendlyType1 9csrss.exe1 00124Added by the WEBUS TROJAN! Note - this is not the legitimate csrss.exe process, which should not appear in Msconfig/Startup!73http://securityresponse.symantec.com/avcenter/venc/data/trojan.webus.html0
111KernellApps1 9csrss.exe1 00129Added by the BANCBAN-AC TROJAN! Note - this is not the legitimate csrss.exe process, which should not appear in Msconfig/Startup!59http://www.sophos.com/virusinfo/analyses/trojbancbanac.html0
110Key Logger1 9csrss.exe1 00125Added by the BUCHON.A WORM! Note - this is not the legitimate csrss.exe process, which should not appear in Msconfig/Startup!63http://www.symantec.com/avcenter/venc/data/w32.buchon.a@mm.html0
120Microsoft SourceSafe1 9csrss.exe1 00124Added by the WEBUS TROJAN! Note - this is not the legitimate csrss.exe process, which should not appear in Msconfig/Startup!73http://securityresponse.symantec.com/avcenter/venc/data/trojan.webus.html0
1 5NTDLM1 9csrss.exe1 00122Added by the HALE TROJAN! Note - this is not the legitimate csrss.exe process which should NOT appear in Msconfig/Startup!74http://securityresponse.symantec.com/avcenter/venc/data/backdoor.hale.html0
1 4Prog1 9csrss.exe1 00124Added by the WEBUS TROJAN! Note - this is not the legitimate csrss.exe process, which should not appear in Msconfig/Startup!73http://securityresponse.symantec.com/avcenter/venc/data/trojan.webus.html0
110RegDone Ex1 9csrss.exe1 00124Added by the WEBUS TROJAN! Note - this is not the legitimate csrss.exe process, which should not appear in Msconfig/Startup!73http://securityresponse.symantec.com/avcenter/venc/data/trojan.webus.html0
1 8RegWrite1 9csrss.exe1 00127Added by the SOKACAPS TROJAN! Note - this is not the legitimate csrss.exe process, which should not appear in Msconfig/Startup!78http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sokacaps.html0
111Run TaskMrg1 9csrss.exe1 00128Added by the LDPINCH-W TROJAN! Note - this is not the legitimate csrss.exe process, which should not appear in Msconfig/Startup!58http://www.sophos.com/virusinfo/analyses/trojldpinchw.html0
1 8rundll321 9csrss.exe1 00124Added by the GUTTA TROJAN! Note - this is not the legitimate csrss.exe process, which should not appear in Msconfig/Startup!73http://securityresponse.symantec.com/avcenter/venc/data/trojan.gutta.html0
1 9Shockwave1 9csrss.exe1 00122Added by the SNDOG WORM! Note - this is not the legitimate csrss.exe process, which should not appear in Msconfig/Startup!73http://securityresponse.symantec.com/avcenter/venc/data/w32.sndog@mm.html0
112SYSTEMSars321 9csrss.exe1 00123Added by the AHLEM.A WORM! Note - this is not the legitimate csrss.exe process which should NOT appear in Msconfig/Startup!62http://www.symantec.com/avcenter/venc/data/w32.ahlem.a@mm.html0
319WinUpdateProtection1 9csrss.exe1 00212ICE Remote Spy monitoring software, "secretly monitors everything your spouse, kids or employees do on the Internet and emails the data to you." Note - this file is installed in a C:\Windowsupdate\Ufp\Irs7 folder69http://www.kephyr.com/spywarescanner/library/iceremotespy/index.phtml0
1 6Runner1 9csrss.exe1 00 74Added by the Troj/AdClick-AG Trojan! File is found in the Windows folder. 01
1 6Update1 9csrss.exe1 00 74Added by the Troj/AdClick-AG Trojan! File is found in the Windows folder. 01
114System Process1 9csrss.exe1 00 74Added by the Troj/AdClick-AG Trojan! File is found in the Windows folder. 01
114_winsystem.sys1 9CSRSS.EXE1 00 93Added by the W32/Sober-K infection! File will be found in the %WINDIR%\msagent\win32 folder.55http://www.sophos.com/virusinfo/analyses/w32soberk.html0
113winsystem.sys1 9CSRSS.EXE1 00 93Added by the W32/Sober-K infection! File will be found in the %WINDIR%\msagent\win32 folder.55http://www.sophos.com/virusinfo/analyses/w32soberk.html0
114SernellApp.pcx1 9csrss.exe1 00 89Added by the Troj/Bancban-BJ trojan. Located in Windows system folder\D5133\csrss.exe.59http://www.sophos.com/virusinfo/analyses/trojbancbanbj.html0
126Microsoft CSRSS32 Protocol1 11csrss32.exe1 00 45Added by a variant of the AGOBOT/GAOBOT WORM!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN0
124Microsoft Update Service1 11csrss32.exe1 00 28Added by the AGOBOT-HC WORM!57http://www.sophos.com/virusinfo/analyses/w32agobothc.html0
116System Log Event1 11csrss32.exe1 00 28Added by the AGOBOT-JI WORM!57http://www.sophos.com/virusinfo/analyses/w32agobotji.html0
127Microsoft CSRSS386 Protocol1 12csrss386.exe1 00 38Added by a variant of the SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
129Client Server Runtime Process1 10csrsss.exe1 00 27Added by the SDBOT-LD WORM!56http://www.sophos.com/virusinfo/analyses/w32sdbotld.html0
112CSRSS Loader1 10csrsss.exe1 00 28Added by the AGOBOT.TX WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.TX0
1 6CSRSSU1 10CSRSSU.EXE1 00169CoolWebSearch parasite related - hijacking to Slawsearch.com. You are advised to ask for help in our HijackThis forum to remove it. Located in the Windows system folder.53http://www.spywareinfo.com/~merijn/cwschronicles.html0
115Display Drivers1 9cssrs.exe1 00 28Added by the AGOBOT.FX WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.FX0
1 5WinFX1 9cssrs.exe1 00 28Added by the AGOBOT.FX WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.FX0
1 7MSN ang1 10cssrss.exe1 00 28Added by the FORBOT-CE WORM!57http://www.sophos.com/virusinfo/analyses/w32forbotce.html0
1 4csss1 8Csss.exe1 00 27Added by the BALICK TROJAN!78http://securityresponse.symantec.com/avcenter/venc/data/w32.balick.trojan.html0
311CSS_Central1 12CSS_1631.EXE1 00232CSS Communication Agent (95 Host) from Command Software Systems "CSS CentralÖ provides administrators with a powerfully proactive tool to effectively manage and maintain the anti-virus strategy from a centralized console."50http://www.commandcom.com/enterprise/csscntrl.html0
3 5SysW81 8csta.exe1 00 45Clean Space - privacy and perfomance enhancer35http://www.teosoft.com/en/index.htm0
311ChineseStar1 9cstar.exe1 00 33Chinese language support software 01
223CleanSweep Useage Watch1 12CSUSEM32.EXE1 00151Quarterdeck/Norton CleanSweep component - tracks how often you use files and alerts you to files that have not been used for a specified period of time 01
119System time updator1 12CSysTime.exe1 00 27Added by the RANDEX.S WORM!73http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.s.html0
0 9checktime1 6ct.exe1 00 56Found in the HPSelectFrontend directory on a HP machine. 01
4 2ct1 6ct.exe1 00117ct.exe is a file is for the HP Learning Adventure software and if you use this software it is required to run it 01
2 8CTAVTray1 12CTAvTray.exe1 00144For Creative Soundblaster Live! series soundcards. Plays the EAX animation on start-up and adds a System Tray icon for it. Available via AudioHQ 01
223Creative MediaSource Go1 11CTCMSGo.exe1 00 91"Creative MediaSource playbacks music in DVD-Audio, MP3, WMA, WAV and other media formats"40http://www.soundblaster.com/mediasource/0
2 8CTDVDDet1 12CTDetect.exe1 00261Auto-detect and play a DVD when using a Creative Soundblaster Audigy2 soundcard. Uses about 2.2 MB of memory. Disable it by heading to the MediaSource DVD Audio Player, selecting Tools, then uncheck the Auto Start box. It should not start up automatically again 01
2 8CTDVDDet1 12CTDVDDet.exe1 00261Auto-detect and play a DVD when using a Creative Soundblaster Audigy2 soundcard. Uses about 2.2 MB of memory. Disable it by heading to the MediaSource DVD Audio Player, selecting Tools, then uncheck the Auto Start box. It should not start up automatically again 01
2 9CTStartup1 12CTEaxSpl.exe1 00 90Splash screen with sound on every boot up. Installed with a Sound Blaster Audigy soundcard 01
3 6ctfmon1 10ctfmon.exe1 00329CTFMon is involved with the language/alternative input services in Office XP. CTFMON.exe will continue to put itself back into MSConfig when you run the Office XP apps as long as the Text Services and Speech applets in the Control Panel are enabled. Not required if you don't need these features. For more info on ctfmon see here62http://support.microsoft.com/default.aspx?scid=kb;en-us;2825990
110Ctfmon.exe1 12ctfmon32.exe1 00 60CoolWebSearch parasite related - hijacking to Slawsearch.com53http://www.spywareinfo.com/~merijn/cwschronicles.html0
1 3MSN1 12ctfmoons.exe1 00 28Added by the SPYBOT.HI WORM!91http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?VName=WORM_SPYBOT.HI0
3 8CTHELPER1 12CTHELPER.EXE1 00737CTHELPER is a background task that is a plug-in manager for Creative drivers. The theory is that 3rd party manufacturers can use the CTHELPER plug-in interface to produce drivers, add-on features, and fixes that will integrate with a tighter fit with CreativeÆs sound drivers and utilities. Given its purpose CTHELPER would normally be classified as a "leave alone" background task. It also allows Creative speaker setup to be synchronized with Windows Control Panel speaker setting. Without it running that check box in Creative speaker setting is not functional (settings are not in sync). Unfortunately there are often problems with CTHELPER, most notably that it can use 100% of CPU time so it's best left disabled unless you need it 01
311WINDVDpatch1 12CTHELPER.EXE1 00737CTHELPER is a background task that is a plug-in manager for Creative drivers. The theory is that 3rd party manufacturers can use the CTHELPER plug-in interface to produce drivers, add-on features, and fixes that will integrate with a tighter fit with CreativeÆs sound drivers and utilities. Given its purpose CTHELPER would normally be classified as a "leave alone" background task. It also allows Creative speaker setup to be synchronized with Windows Control Panel speaker setting. Without it running that check box in Creative speaker setting is not functional (settings are not in sync). Unfortunately there are often problems with CTHELPER, most notably that it can use 100% of CPU time so it's best left disabled unless you need it 01
1 8CTHelper1 12cthelper.exe1 00 69Added by a WORM, W32/Rbot-XB, and found in the Windows system folder.55http://www.sophos.com/virusinfo/analyses/w32rbotxb.html0
1 6CTin101 10CTin10.exe1 00 29Added by the BANCOS.E TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.bancos.e.html0
217Creative Launcher1 14CTLauncher.exe1 00155For Creative Soundblaster Live! series soundcards. Adds a quick-launch bar to the top of the display and a System Tray icon. Available via Start - Programs 01
2 7TaskBar1 11CTLTask.exe1 00242Creative SoundBlaster Audigy Taskbar - used to choose between different types of EAX Effects, not required in startup. NOTE: if you get a ctltask.exe error message while installing the Audigy drivers, see this Microsoft Knowledge Base article41http://support.microsoft.com/?kbid=3219690
2 8Tasktray1 11CTLTray.exe1 00357Installed with the Sound Blaster Audigy range of soundcards. Allows you to set EAX effects or equalizer settings for the Sound Blaster Audigy from a systray icon. Also allows you to launch the Taskbar via right-click -> Show Taskbar. The tasktray can be accessed via Start -> Programs -> Creative -> Sound Blaster Audigy -> Taskbar 01
313CreativeMixer1 11CTMIX32.EXE1 00217Creative soundcard System Tray access to, for example, volume slider controls as normally provided by the "speaker" icon. Not required unless you adjust any settings otherwise available via the standard icon 01
314NOMAD Detector1 11ctmnrun.exe1 00270Detects the Creative NOMAD jukebox/MP3 player at the time it is attached to USB and starts the needed application (Creative PlayCentre 2) that you use to copy MP3 files to and from it. This is required if you want PlayCentre 2 to take control of the NOMAD once connected 01
220CreativeDiscNotifier1 12CTNOTIFY.EXE1 00153For Creative Soundblaster Live! series soundcards. Detects when you insert a CD-ROM, DVD-ROM, etc. Available via Start -> Settings -> Control Panel 01
213Disc Detector1 12CtNotify.exe1 00 64For Creative sound cards. Detects when you insert a CD, DVD, etc 01
0 8CTPDPSRV1 12CTPDPSRV.EXE1 00 65Printer driver (in the WINDOWSSystem32spoolDRIVERSW32X86 folder). 01
310pdp Server1 13ctpdpsrvr.exe1 00173Included and setup with the drivers for my Compaq A3000 all-in-one printer/scanner - maybe for networking. Works fine without it - but may be needed when used over a network 01
2 8CTRegRun1 12CTRegRun.exe1 00 98For Creative Soundblaster Live! series soundcards. Reminds you to register your card with Creative 01
3 7CtrlVol1 11CtrlVol.exe1 00 48Acer's on screen volume control using the Fn key 01
211Speed racer1 11CTSRReg.exe1 00 34Software for a Creative sound card 01
233Creative Service for CDROM Access1 12Ctsvccda.exe1 00204Resident program for Creative's PlayCenter included with Soundblaster Audigy sound cards - speeds up detection of some media CDs if the system doesn't natively support them. Available via Start - Programs 01
1 3cuo1 7cuo.exe1 00 28Added by the BUGBEAR.A WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_BUGBEAR.A0
2 8CursorXP1 12CursorXP.exe1 00 56CursorXP from Stardock - tool for creating mouse cursors42http://www.stardock.com/products/cursorxp/0
432Client Update Service for Novell1 10cusrvc.exe1 00156Part of the Novell Client for Windows and is used to keep the client up to date. It has a service name of cusrvc and is found in the Windows system folder. 01
227Client Access Check Version1 12cwbckver.exe1 00323Part of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. Checks the software version on your PC to that of the iSeries it is connected to. Not required - and can be turned off in the Client Access properties. It's a waste of resources52http://www-1.ibm.com/servers/eserver/iseries/access/0
2 8cwbckver1 12cwbckver.exe1 00323Part of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. Checks the software version on your PC to that of the iSeries it is connected to. Not required - and can be turned off in the Client Access properties. It's a waste of resources52http://www-1.ibm.com/servers/eserver/iseries/access/0
225Client Access Help Update1 12cwbinhlp.exe1 00271Client Access Help Registry Update Function - part of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. It only updates the help files on your PC to match the level of the attached iSeries52http://www-1.ibm.com/servers/eserver/iseries/access/0
2 8cwbinhlp1 12cwbinhlp.exe1 00271Client Access Help Registry Update Function - part of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. It only updates the help files on your PC to match the level of the attached iSeries52http://www-1.ibm.com/servers/eserver/iseries/access/0
221Client Access Service1 12CwbSvStr.Exe1 00405Part of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. Useful if you are going to access the iSeries through Windows Explorer to move files back and forth between Windows folders and iSeries folders. This is a tool that is only used by Client Access administrators (usually) so it is not required - a waste of resources52http://www-1.ibm.com/servers/eserver/iseries/access/0
2 8cwbsvstr1 12cwbsvstr.exe1 00405Part of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. Useful if you are going to access the iSeries through Windows Explorer to move files back and forth between Windows folders and iSeries folders. This is a tool that is only used by Client Access administrators (usually) so it is not required - a waste of resources52http://www-1.ibm.com/servers/eserver/iseries/access/0
029Client Access Express Welcome1 12cwbwlwiz.exe1 00166Welcome wizard launcher - Part of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers.52http://www-1.ibm.com/servers/eserver/iseries/access/0
0 8cwbwlwiz1 12cwbwlwiz.exe1 00166Welcome wizard launcher - Part of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers.52http://www-1.ibm.com/servers/eserver/iseries/access/0
024Crystal 3D Audio Control1 12CWD3DSND.EXE1 00 30Crystal 3D Audio sound driver. 01
213Coolwallpaper1 12cwm_tray.exe1 00103Cool Wallpaper software allows you to manage high quality photos as desktop wallpaper and screen savers45http://coolwallpaper.com/download/index2.html0
3 3C2K1 9CYB2K.EXE1 00181CYBERsitter 2000 or 2001 - anti-porn filter primarily. Required if you want the sites you visit filtered without having to load the software every time you launch your browser 01
2 5Cyber1 12cyberchk.exe1 00 59you to clean your drive after "x" amount of time has passed 01
1 9CyberWolf1 13CyberWolf.exe1 00 41Added by the KICKIN.A (or CYDOG.C) WORM!68http://www.symantec.com/avcenter/venc/data/w32.hllw.kickin.a@mm.html0
117Dos Prompt Loader1 10cygwin.exe1 00 79Added by W32/Sdbot-VV, A WORM/backdoor, and found in the Windows system folder.56http://www.sophos.com/virusinfo/analyses/w32sdbotvv.html0
1 5httpd1 9c_pan.exe1 00 40Added by a variant of the DELF-A TROJAN! 01
1 7drocher1 5d.exe1 00 21Adult content dialler 01
212D066UUtility1 12D066UUTY.EXE1 00104TWAIN driver for the CanoScan D660U flatbed scanner. Start scanning via your scanner management software 01
3 2D41 6D4.exe1 00106Dimension 4 - network time synchronization freeware - starts-up, adjusts the system clock, then shuts down45http://www.thinkman.com/dimension4/index.html0
310Dimension41 6d4.exe1 00106Dimension 4 - network time synchronization freeware - starts-up, adjusts the system clock, then shuts down45http://www.thinkman.com/dimension4/index.html0
1 7WinMine1 9D4NG3.vbs1 00 28Added by the BISCUIT.A WORM!77http://securityresponse.symantec.com/avcenter/venc/data/vbs.biscuit.a@mm.html0
211DACONFIGEXE1 12daconfig.exe1 00 563Com NIC Diagnostics. Available via Start -> Programs 01
4 6DadApp1 10dadapp.exe1 00265"DadApp is the SW utility that controls the programmable buttons on Dell Laptops. Not required, but should be left in because it can create a hassle and doesn't always restore functionality to those buttons once unchecked and rechecked" - direct from Dell 01
234Corel Desktop Application Director1 8dadx.exe1 00153The Desktop Application Director (DAD) gives you easy access to all Corel applications - x represents ther version number. Available via Start - Programs 01
3 6Daemon1 10Daemon.exe1 00 83Daemon Tools - used to map an image-file (.iso, .bin etc) to a virtual CD/DVD-drive36http://www.daemon-tools.net/main.htm0
317DAEMON Tools-10331 10Daemon.exe1 00 83Daemon Tools - used to map an image-file (.iso, .bin etc) to a virtual CD/DVD-drive36http://www.daemon-tools.net/main.htm0
313TrackpointSrv1 10daemon.exe1 00136Supports the "pointer stick" in lieu of a mouse on an IBM ThinkPad laptop. Necessary for the "scroll" button to work 01
2 6Daemon1 12DAEMON32.EXE1 00150Pre-loads game profiles for MS Sidewinder game controllers prior to release 2.0 of the software. Recommend upgrade. Available via Start -> Programs 01
210Dell Alert1 9DAMon.exe1 00 87"Dell Alert" utility, that's supposed to make interaction with Support easier 01
2 3Dap1 7DAP.exe1 00 70Download Accelerator Plus from SpeedBit - download manager/accelerator34http://www.speedbit.com/DAPDL.asp?0
229Download Accelerator Plus 5.01 7DAP.exe1 00192Download Accelerator Plus from Speedbit. Download manager for resuming downloads, amongst other features. Available via Start - Programs. Note that the free version is "adware" based24http://www.speedbit.com/0
119DownloadAccelerator1 7DAP.EXE1 00182Download Accelerator Plus from Speedbit. Download manager for resuming downloads, amongst other features. Available via Start - Programs. Note that the free version is "adware" based 01
1 5load=1 10dapdll.exe1 00 25Added by the ATAK.E WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.atak.e@mm.html0
318Codename Dashboard1 13dashboard.exe1 00266Codename: Dashboard - "an application that resides at the side of your screen. Built on the Microsoft .NET Framework, it is a host for interchangeable components through which C.D. allows you to have any information you want, on your desktop, all the time"46http://www.downlinx.com/proghtml/415/41557.htm0
3 9DataLayer1 13DataLayer.exe1 00229Nokia PC Suite 5 - "A collection of powerful tools that you can use to manage your phone features and data." Synchronize the phone with, for example Outlook. You can also use it to browse your phone, edit the phone list and so on 01
324Optus Cable Data Monitor1 15datamonitor.exe1 00 96Allows Optus customers to monitor their actual data usage against Optus' "data allowance limits" 01
1 8Datcheck1 12datcheck.exe1 00 29Added by the KEYPANIC TROJAN!63http://www.symantec.com/avcenter/venc/data/keypanic.trojan.html0
112Date Manager1 15datemanager.exe1 00 87Date Manager - calender program. Spyware/adware based provided by The Gator Corporation28http://www.date-manager.com/0
217Desktop Architect1 10DATRAY.EXE1 00 94Desktop theme manager available here - for managing the desktop appearance, fonts, sounds, etc55http://download.com.com/3000-2326-5630015.html?tag=list0
011DAW9532.exe1 11DAW9532.EXE1 00111Loaded during installation of some 3Com network cards. Enables their DynamicAccess desktop management software. 01
213Daily Planner1 11dayplan.exe1 00141Daily Planner - discontinued, and now part of KMCS Deluxe System Suite. Tool to plan your days, and check activities off as you complete them36http://www.kmcsonline.com/index.html0
3 8DayToday1 12DAYTODAY.EXE1 00 71DayToday from RoboMagic Software Corp. Displays the date on the taskbar43http://www.locutuscodeware.com/daytoday.htm0
124Microsoft System Checkup1 12dbnetlib.exe1 00 25Added by the DONK.L WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.donk.l.html0
2 6dbserv1 10dbserv.exe1 00 83Database Server for Norton Ghost on Win2k Pro. Ghost works fine when it is disabled 01
321Gravis Appawareloader1 12dbserver.exe1 00155Looks like it's associated with Gravis game controllers and the Keyset Manager, allowing the user to program the buttons for games that don't support them22http://www.gravis.com/0
314Dialer Control1 6dc.exe1 00 68Dialer-Control. Detects and protects from premium rate p0rn diallers29http://www.dialer-control.de/0
320DAZEL Delivery Agent1 12DcDaemon.exe1 00 62Control and send documents, etc, to any destination - see here58http://www.clickly.com/ISSVDO4Z/EN/user/proddet.html?P=8880
111DCE Manager1 10dcemgr.exe1 00 26Added by the TUMAG TROJAN!75http://securityresponse.symantec.com/avcenter/venc/data/backdoor.tumag.html0
3 7DCfssvc1 11dcfssvc.exe1 00302Associated with digital cameras and can cause problems which disappear if disabled. If this program is unchecked in startup, your camera will not cause your computer to open a pop-up window when you connect it. Leave enabled if you can't load pictures from your camera/dock - Kodak's dock is an example 01
3 7dcfssve1 11dcfssvc.exe1 00302Associated with digital cameras and can cause problems which disappear if disabled. If this program is unchecked in startup, your camera will not cause your computer to open a pop-up window when you connect it. Leave enabled if you can't load pictures from your camera/dock - Kodak's dock is an example 01
1 6System1 9dcomx.exe1 00 28Added by the CIREBOT TROJAN!81http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.cirebot.html0
313Dialer Detect1 6dd.exe1 00147DialerDetect detects stealth installed premium rate diallers, and sounds the alarm when such a connection is being installed without you knowing it43http://www.dialerdetect.nl/english/main.htm0
213DDCActiveMenu1 17DDCActiveMenu.exe1 00235Digital Distribution Channel - formally part of the WildTangent on-line games delivery service. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case38http://www.wildtangent.com/default.asp0
2 4DDCM1 10DDCMan.exe1 00435Digital Distribution Channel - formally part of the WildTangent on-line games delivery service. Note that WildTanget's WildTangent on-line games delivery service. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case" target="_blank"privacy policy used to state that they also collect and share individuals information but this is no longer the case38http://www.wildtangent.com/default.asp0
2 6DDCMan1 10DDCMan.exe1 00435Digital Distribution Channel - formally part of the WildTangent on-line games delivery service. Note that WildTanget's WildTangent on-line games delivery service. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case" target="_blank"privacy policy used to state that they also collect and share individuals information but this is no longer the case38http://www.wildtangent.com/default.asp0
114Winsvr manager1 10DDEsvr.exe1 00 67Added by the W32/Tirbot-B WORM! Found in the Windows system folder.56http://www.sophos.com/virusinfo/analyses/w32tirbotb.html0
1 7DirectX1 12ddhelp32.exe1 00 81Added by the BIONET.318 TROJAN! Note - not the DirectX helper which is ddhelp.exe79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_BIONET.3180
311CCD Manager1 7DDS.EXE1 00 63Project Labs Century CD manager for their CD/DVD storage device27http://www.centurycdna.com/0
223DynDNS-Updater Traytool1 11ddutray.exe1 00102DynDNS updater tray icon - allows easy configuration of the Dynamic DNSSM service. Can be run manually38http://www.dyndns.org/services/dyndns/0
1 7de32gen1 11de32gen.exe1 00 43Added by a variant of the CRYPTER.C TROJAN!58http://www.sophos.com/virusinfo/analyses/trojcrypterc.html0
1 5Debug1 12DebugW32.exe1 00122Added by the GUBED TROJAN Note - this is not the legitimate csrss.exe process which should NOT appear in Msconfig/Startup!73http://securityresponse.symantec.com/avcenter/venc/data/trojan.gutta.html0
1 4run=1 9dec25.exe1 00 25Added by the ATAK.F WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.atak.f@mm.html0
312NAV DefAlert1 12DefAlert.exe1 00162Norton Anti-Virus Definitions Alert. Warns you if virus definitions are out of date. Leave enabled unless you manually update virus definitions on a regular basis 01
118Windows DLL Loader1 17defragfat32pi.exe1 00 26Added by the RBOT-QQ WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotqq.html0
118Windows DLL Loader1 16defragfat32z.exe1 00 28Added by the LINKBOT.A WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.linkbot.a.html0
118Windows DLL Loader1 15defragfat39.exe1 00 27Added by the POEBOT-C WORM!56http://www.sophos.com/virusinfo/analyses/w32poebotc.html0
118Windows DLL Loader1 14defragfatz.exe1 00 28Added by the LINKBOT.H WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.linkbot.h.html0
1 7WebScan1 14DEFSCANGUI.EXE1 00150Stop-Sign from eAccelerration. Detects spyware, malware, viruses and keyloggers and stops popups. Spyware in itself - see their privacy statement here25http://www.stop-sign.com/0
3 8defwatch1 12defwatch.exe1 00191Detects out-of-date virus definitions for Norton Anti-Virus Corporate Edition and runs the Defwatch Wizard. Only required if you don't update the virus definitions manually on a regular basis 01
3 5Delay1 12delayrun.exe1 00 91On HP PCs this program is used to help prevent conflicts or timing issues on fast computers 01
3 8Delayrun1 12delayrun.exe1 00 91On HP PCs this program is used to help prevent conflicts or timing issues on fast computers 01
0 7DellDMI1 11delldmi.exe1 00379Possibly part of Dell OpenManage Client Instrumentation - software that allows remote management application programs to access information about, monitor the status of or change the state of the client computer, such as shutting it down remotely. Uses the DMI and/or common information model (CIM) protocols, which are systems management protocols defined by industry standards? 7#FF00000
3 8DELLMMKB1 12DELLMMKB.EXE1 00 93Multimedia keyboard control for Dell based PCs - only required if you use the multimedia keys 01
3 9DellTouch1 12DELLMMKB.EXE1 00 93Multimedia keyboard control for Dell based PCs - only required if you use the multimedia keys 01
2 6DellSC1 10dellsc.exe1 00 80Dell Solution Center - web-based troubleshooting tools and educational offerings 01
0 6DelTmp1 11DelTemp.exe1 00142Added to the startup list after installing a Creative SoundBlaster Audigy soundcard. Deletes temporary files once an installation is complete? 01
2 8DeltTray1 11deltray.exe1 00195System Tray access to the control panel for the M-Audio Delta 44 PCI Analog Recording Interface. Available via a desktop shortcut, Start -> Programs or Start -> Settings -> Control Panel51http://www.midiman.net/products/m-audio/delta44.php0
0 6delcab1 20deltreew.exe C:\cabs2 00 6??font 01
0 5demon1 9demon.exe1 00 45Part of the French Wanadoo ADSL extense pack. 01
325HydarVisionDesktopManager1 10desk95.exe1 00253ATI's HydraVision desktop management software, allowing for multi-monitor support, as included in ATI HydraVision versions 2.5 and earlier. Has been reported to cause problems, such as this one. HydraVision can be uninstalled through Add/Remove Programs39http://support.microsoft.com/?id=8109370
325HydraVisionDesktopManager1 10desk98.exe1 00167ATI/Appian HydraVision Desktop Manager software - monitors and regulates window and dialog box placement according to user preferences when using a multi monitor setup 01
210desktopmgr1 14desktopmgr.exe1 00132Synchronisation manager for the cradles for the Research In Motion range of wireless handhelds, including the "Blackberry"39http://www.rim.net/products/index.shtml0
223Copernic Desktop Search1 17DesktopSearch.exe1 00140Copernic Desktop Search - "Easily search your entire hard drive in less than a second to pinpoint the right file, e-mail, music or pictures"61http://www.copernic.com/en/products/desktop-search/index.html0
3 8DesktopX1 12DESKTOPX.EXE1 00 96A program that replaces the regular Desktop and Taskbar, and can be changed to the user's liking 01
2 6deskup1 10deskup.exe1 00 42Adds Iomega Zip drive icons to the desktop 01
2 8Detector1 12detector.exe1 00263USB port detector for LG scanners. Sits in the System Tray, and when it detects the scanner through the USB port, you can run the scanner software from the tray. It is not required at all, since you can use the scan software from almost any photo editing software 01
315Device Detector1 13DevDetect.exe1 00 78Watches for external digital imaging products being connected from ACD Systems43http://www.acdsystems.com/English/index.htm0
3 8devldr161 12devldr16.exe1 00425Associated with some Creative Labs sound cards. Provides audio support for DOS applications. Not needed if you don't have those. Required if you use "Sound Play Control" and "Sound Recorder". To disable: (1) Disable via MSCONFIG (2) Start -> Settings -> Control Panel -> System -> Device Manager then disable "Creative SB16 Emulation" under Creative Miscellaneous Devices 01
111Divx4 codec1 12devldr32.exe1 00 96Added by an unidentfied VIRUS! Note - this is not the legitimate Creative Labs devldr32.exe file76http://www.liutilities.com/products/wintaskspro/processlibrary/devldr32/F4120
0 6Devlog1 10devlog.exe1 00115Apparently mainboard/chipset related, by a French company called AS Media - what exactly is it, and is it required 01
111Dev Manager1 12devspecs.exe1 00107An Rbot variant. This infection connects to an IRC server where it will await commands from a remote user. 01
123Distributed File System1 9Dfsvc.exe1 00 38Added by the MYFIP.A or MYFIP.K WORMS!72http://securityresponse.symantec.com/avcenter/venc/data/w32.myfip.a.html0
316Hermes Messenger1 12DGDRHE~1.EXE1 00 65A LAN messenger alternative to WinPopUp - Digital Dreams Software27http://www.dgdr.com/hermes/0
0 4DGJM1 8DGJM.exe1 00 2?? 01
2 6dguard1 10dguard.exe1 00 59eAcceleration Stop-Sign related - not recommended, see note60http://www.spywarewarrior.com/rogue_anti-spyware.htm#ss_note0
2 7diagent1 11diagent.exe1 00127System Tray access for Creative Diagnostics for the Creative SoundBlaster series soundcards. Available via Start -> Programs 01
110User23.exe1 8DIAL.exe1 00 56This is a trojan trying to disguise itself as User32.dll 01
1 5Livre1 10Dibane.bat1 00 26Added by the BANEDI VIRUS!72http://securityresponse.symantec.com/avcenter/venc/data/w97m.banedi.html0
1 9rundll***1 23die.exe [path] mdll.exe2 00 61Added by the SUMTAX TROJAN! where *** is 134, 569, 777 or 94676http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sumtax.html0
1 9rundll***1 25die.exe [path] secure.bat2 00 61Added by the SUMTAX TROJAN! where *** is 134, 569, 777 or 94676http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sumtax.html0
1 9rundll***1 25die.exe [path] secure.exe2 00 61Added by the SUMTAX TROJAN! where *** is 134, 569, 777 or 94676http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sumtax.html0
1 9rundll***1 22die.exe [path] ttg.exe2 00 61Added by the SUMTAX TROJAN! where *** is 134, 569, 777 or 94676http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sumtax.html0
3 5DietK1 9DietK.exe1 00156DietK - add-on for Kazaa Media Desktop; "removes all adware and popups, built in Download Accelerator, makes searches faster and helps produce more results"21http://www.dietk.com/0
3 8DigiCell1 12DigiCell.exe1 00420MSI DigiCell - "the most useful and powerful utility that MSI has spent much research and efforts to develop, helps users to monitor and configure all the integrated peripherals of the system, such as audio program, power management, MP3 files management and communication / 802.11g WLAN settings. Moreover, with this unique utility, you will be able to activate the MSI well-known features, Live Update and Core Center" 01
2 9DIGStream1 13digstream.exe1 00222DIGStream Cache Manager - part of ESPN Motion and Disney Motion that periodically check for new videos and indication they're available in the System Tray. Starting ESPN Motion/Disney Motion starts digstream automatically39http://espn.go.com/motion/download.html0
113iConfigLoader1 11DIIhost.exe1 00 28Added by the GAOBOT.AO WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.ao.html0
3 9Dimension1 13Dimension.exe1 00220Dimension - a program which lets you customize MSN messenger such as adding animated and coloured nicknames, personal toast creator, war tools (login flooder), and allows viewing and interacting with the raw MSN protocol 01
1 5Dino31 9dino3.exe1 00138Related to Jurassic Park III and enables a dinosaur to walk across the screen. Also generates adverts and classified as adware as a result 01
1 7Printer1 10dipset.exe1 00 38Added by a variant of the FBSR TROJAN!46http://vil.nai.com/vil/content/Print119618.htm0
216Adaptec DirectCD1 12Directcd.exe1 00351DirectCD primarily allows you to drag and drop files onto a suitably formatted CD-RW disc. Unless you use this on a frequent basis it isn't required and is available via Start - Programs. Start the program before inserting a DirectCD formatted CD-RW in the drive. A re-boot is recommended if you close Adaptec DirectCD before re-opening it again later 01
215AdaptecDirectCD1 12Directcd.exe1 00355DirectCD primarily allows you to drag and drop files onto a suitably formatted CD-RW disc. Unless you use this on a frequent basis it isn't required and is available via Start -> Programs. Start the program before inserting a DirectCD formatted CD-RW in the drive. A re-boot is recommended if you close Adaptec DirectCD before re-opening it again later 01
2 8DirectCD1 12DirectCD.exe1 00355DirectCD primarily allows you to drag and drop files onto a suitably formatted CD-RW disc. Unless you use this on a frequent basis it isn't required and is available via Start -> Programs. Start the program before inserting a DirectCD formatted CD-RW in the drive. A re-boot is recommended if you close Adaptec DirectCD before re-opening it again later 01
111directs.exe1 11directs.exe1 00 64Added by the BEAGLE.O or BEAGLE.R or BEAGLE.S or BEAGLE.T WORMS!76http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.o@mm.html0
310DIRECTVDSL1 14Directvdsl.exe1 00 66Starts DirectTV DSL modem at boot up. Can also be started manually 01
1 7directx1 11Directx.exe1 00 28Added by the SDBOT.D TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.d.html0
1 7DirectX1 11DirectX.exe1 00 37Added by the BLAXE or LOGPOLE WORMS!75http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.blaxe.html0
116WindowsXP Module1 13DirectX3D.exe1 00 42Malware, reportedly a keylogger - see here51http://www.anti-spy.info/process/directx3d.exe.html0
1 9DirectX641 14DirectXset.exe1 00 28Added by the BROWNEY.A WORM!43http://vil.nai.com/vil/content/v_100098.htm0
3 6Dirkey1 10Dirkey.exe1 00287Dirkey - small utility that allows you to bookmark up to 9 folders by using the Ctrl+Alt+1..9 shortcut keys in an Open/Save File dialog or in Windows Explorer. After this the Ctrl+1..9 shortcut keys can be used in the same or another window to go to any of the 9 bookmarked folders 31http://www.protonfx.com/dirkey/0
1 4rn4d1 10dirote.exe1 00 34Added by the BKDR_MAROON.A TROJAN!107http://nl.trendmicro-europe.com/enterprise/security_info/ve_detail.php?id=59312&VName=BKDR_MAROON.A&VSect=O0
0 8discoveg1 12discoveg.exe1 00 2?? 01
126Windows (random character)1 13diskcheck.exe1 00 28Added by the SINGU.B TROJAN!64http://www.symantec.com/avcenter/venc/data/backdoor.singu.b.html0
1 7diskinf1 11diskinf.exe1 00 30Added by the CRYPTER.A TROJAN!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A0
011DISKMON.EXE1 11DISKMON.EXE1 00 2?? 01
2 7Disknag1 11disknag.exe1 00 65Dell program that reminds you to make your backup diskettes 01
312Disk_Monitor1 16Disk_Monitor.exe1 00225Multi-media, Smartmedia, Compact Flash card reader for reading digital camera cards. Device is recognised as internal USB disk drive. Necessary if camera cards are to be recognised as soon as they are inserted into the reader 01
414APC UPS Status1 11Display.exe1 00 43APC PowerChute Personal Edition status icon71http://www.apcc.com/products/family/index.cfm?id=129&web_displayed=0
224Distiller Assistant 3.011 12DISTASST.EXE1 00 94From Adobe. Creates PDF universal files for Acrobat Reader. Available via Start -> Programs 01
4 3Dit1 7dit.exe1 00139"Drive Icon and Label Utility" - assigns drive icons and names to flash memory cards. Required, otherwise the drives aren't found 01
210DiTask.exe1 10DiTask.exe1 00195Associated with an Eicon Networks ISDN or ADSL modem. System Tray icon which shows you the status of your lines (free, occupied with incoming or outgoing call). Available via Start -> Programs42http://www.eicon.com/worldwide/default.htm0
011Divamon.exe1 11Divamon.exe1 00 57Associated with an Eicon Networks Diva ISDN or ADSL modem42http://www.eicon.com/worldwide/default.htm0
112DivX Updater1 8DivX.Exe1 00 43Added by the NALDEM TROJAN or MASTAK VIRUS!74http://securityresponse.symantec.com/avcenter/venc/data/trojan.naldem.html0
111DivX Player1 14DivXPlayer.exe1 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
114djtopr1150.exe1 14djtopr1150.exe1 00 50Unknown malware. Located in %temp%\djtopr1150.exe" 01
216DiskeeperSystray1 10DkIcon.exe1 00 60DisKeeper defragmentation software - can be started manually42http://www.executive.com/defrag/defrag.asp0
4 9DkService1 13DkService.exe1 00200From Executive Software's Diskeeper defragmenting utility - a replacement for Windows Disk Defragmenter. It's recommended to leave this enabled, otherwise you could have problems starting it manually. 01
1 6DKTime1 10dktime.exe1 00 26Added by the LUNII TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/downloader.lunii.html0
113Dkware lptt011 10dkware.exe1 00190Variant of the RapidBlaster parasite (in a "DonkeySoft" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here49http://www.doxdesk.com/parasite/RapidBlaster.html0
113Dkware ml097e1 10dkware.exe1 00190Variant of the RapidBlaster parasite (in a "DonkeySoft" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here49http://www.doxdesk.com/parasite/RapidBlaster.html0
0 7dkzzixm1 11dkzzixm.exe1 00 2?? 01
2 7DlaTray1 11Dlatray.exe1 00404System Tray access to DLA - Drive letter access to HP's and Veritas' version of DirectCD. Does the same thing as DirectCD. From HP - "This is a needed file as it controles the readability of the Combo drives. Without this file loading the end user will be able to burn CD's but wont be able to read them. The drive itself will be able to read store bought master Cd's without the file but not burnt ones" 01
2 6HP_dla1 11dlatray.exe1 00106On HP PCs, tray icon for dla - which provides drive letter access to HP's and Veritas' version of DirectCD 01
221Dell AIO Printer A***1 12dlbabmgr.exe1 00 68Dell AIO Printer A*** related (*** = model). Not Required at Startup 01
221Dell AIO Printer A***1 12dlbfbmgr.exe1 00 68Dell AIO Printer A*** related (*** = model). Not Required at Startup 01
221Dell AIO Printer A***1 12dlbkbmgr.exe1 00 68Dell AIO Printer A*** related (*** = model). Not Required at Startup 01
1 5dlder1 9dlder.exe1 00289Advertising spyware. Considered to be one oft the worst - even creating a fake "explorer.exe" file. Can be installed via versions of "Grokster", "Lime Wire" and "KaZaA" amongst other file-sharing utilities (see here). Reported in the past as a virus70http://securityresponse.symantec.com/avcenter/venc/data/w32.dlder.html0
011DLForcerExe1 15DLForcerEXE.exe1 00 2?? 01
219Digital Line Detect1 7DLG.exe1 00201Detects whether your are plugged into a digital telephone line and displays the information graphically. Installed by Dell (and maybe others) and is included with all Connexant V.92 and Broadcom modems 01
2 3DLG1 11DLGCHBW.exe1 00175Backweb part of Data LifeGuard - diagnostic tools for Western Digital's series of hard drives. Automatically detects an internet connection and downloads any available updates 01
238Data LifeGuard LifeLine Lite installer1 9DLGLI.EXE1 00 29Backweb installer - see here29http://www.cexx.org/dlgli.htm0
212NetworkSetup1 9dlink.exe1 00 23D-Link System Tray icon44http://www.dlink.com/tech/faq/dlink-icon.htm0
1 5CLSID1 7dll.exe1 00 21Adult content dialler 01
111System32Dll1 12DLL32SYS.EXE1 00 28Added by the SPYBOT-CZ WORM!57http://www.sophos.com/virusinfo/analyses/w32spybotcz.html0
111DllCacherv21 14dllcachev2.exe1 00 27Added by the LATEDA TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/backdoor.lateda.html0
2 9Live Menu1 12Dllcmd32.exe1 00110eFax Send button for eFax Messenger Plus. Available via Start - Programs Disabling instructions available here34http://www.efax.com/help/index.asp0
1 6dlldmt1 10dlldmt.exe1 00 43Added by a variant of the CRYPTER.C TROJAN!58http://www.sophos.com/virusinfo/analyses/trojcrypterc.html0
1 7dllhelp1 11dllhelp.exe1 00 34Added by the STARTPAGE.DQ hijacker53http://www.hacksoft.com.pe/virus/w32_startpage_dq.htm0
119Win32 Configuration1 11dllhelp.exe1 00 27Added by the SDBOT.UL WORM!90http://it.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_SDBOT.UL0
1 7dllhelp1 10dllhlp.exe1 00 34Added by the Downloader-HI TROJAN!72http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=1231550
420Gilat SOM Enumerator1 11dllhost.exe1 00120For Gilat Communications internet satellite systems - associated with SkyBlaster modem. Required if you have this system 01
1 7WinMngn1 11dllhost.exe1 00181Added by the Troj/Sivion-A TROJAN by appearing to be an anti-virus program. Additional files are installed to the Program Files to enable unauthorised access by way of IRC channels.57http://www.sophos.com/virusinfo/analyses/trojsiviona.html0
113dllhostxp.exe1 13dllhostxp.exe1 00 38Browser hijacker and adware downloader 01
1 5Dlite1 14dllmanager.exe1 00 29Added by the WOOTBOT.DN WORM!90http://es.trendmicro-europe.com/consumer/security_info/ve_detail.php?Vname=WORM_WOOTBOT.DN0
1 5DLL321 12dllmem32.exe1 00 26Added by the KWBOT.E WORM!64http://www.symantec.com/avcenter/venc/data/w32.kwbot.e.worm.html0
1 6dllreg1 10dllreg.exe1 00 30Added by the CRYPTER.A TROJAN!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A0
1 3run1 10DLLREG.EXE1 00124Added by the W32/Dumaru.w Trojan! Acts as a keylogger and sends out the stolen information to a predetermined email address.43http://vil.nai.com/vil/content/v_100977.htm0
112DLLService321 12dllsvc32.exe1 00 28Added by the AGOBOT.VX WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.VX0
1 6Crusty1 9dmcpl.exe1 00 24Added by the RUSTY WORM!72http://securityresponse.symantec.com/avcenter/venc/data/w32.rusty@m.html0
225InControl Desktop Manager1 10DMHKEY.EXE1 00144For Diamond Multimedia video cards. Allows System Tray access to desktop utilities such as screen resolution. Available via Start -> Programs 01
2 6DMILDR1 10dmildr.exe1 00411Part of Dell OpenManage Client Instrumentation - software that allows remote management application programs to access information about, monitor the status of or change the state of the client computer, such as shutting it down remotely. Uses the DMI and/or common information model (CIM) protocols, which are systems management protocols defined by industry standards. Available via Start -> Programs 68http://docs.us.dell.com/docs/software/smcliins/cli60/en/ug/intro.htm0
2 5DMISL1 9DMISL.EXE1 00213DMI (Desktop Management Interface) Service Layer for Intel TokenExpress network card software. DMI support for the Intel network card managed through the Desktop Management Interface. See here for more information59http://support.intel.com/support/tokenexpress/pro/11601.htm0
2 8DMISLAPP1 12DMISLAPP.exe1 00213DMI (Desktop Management Interface) Service Layer for Intel TokenExpress network card software. DMI support for the Intel network card managed through the Desktop Management Interface. See here for more information59http://support.intel.com/support/tokenexpress/pro/11601.htm0
1 7Dmsvc321 11Dmsvc32.exe1 00 29Added by the AGOBOT.ABU WORM!100http://es.trendmicro-europe.com/enterprise/security_info/ve_detail.php?VName=WORM_AGOBOT.ABU&VSect=T0
1 6dmtdll1 10dmtdll.exe1 00 43Added by a variant of the CRYPTER.C TROJAN!58http://www.sophos.com/virusinfo/analyses/trojcrypterc.html0
1 6DM mgr1 10dm_mgr.exe1 00 27Added by the JITTAR TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/backdoor.jittar.html0
1 4Dnar1 8Dnar.exe1 00 91Unknown, except that it is not necessary. Tends to phone home a lot. DMI related - see here89http://www.spywareinfo.com/yabbse/index.php?board=10;action=display;threadid=1137;start=00
322distributed.net client1 9DNETC.EXE1 00205Dsitributed computing projects client from Distributed.net where numerous computers are used to share a projects workload - similar to SETI@Home and Folding@Home. Also prone to being distributed by viruses23http://distributed.net/0
120Windows Update Files1 9dnetc.exe1 00 93Added by an unidentified VIRUS, WORM or TROJAN! Note - wupdmgr.exe is the real Windows Update 01
012DNS2GoClient1 16dns2goclient.exe1 00171DNS2Go is a Domain Name System that will make your computer accessible anytime, anywhere by associating a domain name of your choice to your currently assigned IP address.28http://dns2go.deerfield.com/0
111DNS Service1 15dnsresolver.exe1 00 26Added by the RBOT-PQ WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotpq.html0
112Dns Resolver1 12dnsrslve.exe1 00 29Added by W32/Rbot-WS, a WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotws.html0
1 8ntupdate1 9dnsvc.exe1 00 27Added by the SDBOT-TC WORM!56http://www.sophos.com/virusinfo/analyses/w32sdbottc.html0
110Dns Server1 9dnswn.exe1 00106An Rbot variant. This infection connects to an IRC server where it will await commands from a remote user.32http://www.malwareblog.com/?p=990
0 5DNXVC1 9dnxvc.exe1 00 2?? 01
3 6BayMgr1 11DockApp.exe1 00156Hot-swappable drive management on laptops allowing you to change drives without closing down Windows. Only required if you frequently swap bay devices 01
1 6DocTor1 10Doctor.exe1 00 26Added by the DOTOR.A WORM!76http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_DOTOR.A0
0 5Doing1 9doing.exe1 00 2?? 01
311Don't Panic1 19dontpanicdemodp.exe1 0016630-day trial version of Don't Panic privacy software from Panicware. "Clean up Internet tracks and quickly hide personal documents with this privacy suite."40http://www.panicware.com/product_dp.html0
1 6wersds1 10doriot.exe1 00 27Added by the JECT.C TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/download.ject.c.html0
1 8wpds.exe1 10doriot.exe1 00 29Added by the SMALL-KY TROJAN!57http://www.sophos.com/virusinfo/analyses/trojsmallky.html0
113Window Loader1 9Dos32.exe1 00 28Added by the GAOBOT.AO WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.ao.html0
120Configuration Loader1 12dosrun32.exe1 00 28Added by the GAOBOT.AO WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.ao.html0
2 4eBot1 18DownloadWizard.exe1 00265eBot from Digital River - "helps ensure your computer always has the latest technology, fixes, add-ons, upgrades and 'cool stuff'." Can optionally be installed with software such as Net Nanny internet filtering software. Available via Start -> Programs30http://www.ebot.com/index.html0
215Download Wonder1 18DownloadWonder.exe1 00100Download Wonder from Forty Software. Download manager for resuming downloads, amongst other features21http://www.forty.com/0
218Digital River eBot1 12downlo~1.exe1 00271Digital River Systems EBOT for downloading software from their site. In some cases, if you purchase software online for a download from a software manufacturer, you will be sent to this online company's site for the download after the purchase is complete. Read more here164http://groups.google.com/groups?hl=en&threadm=39727D1B.3754C1D1%40concentric.net&rnum=3&prev=/groups%3Fq%3DDigital%2BRiver%2BeBot%26btnG%3DGoogle%2BSearch%26hl%3Den0
1 6Downxz1 10Downxz.bat1 00 26Added by the MYDOOM.W WORM76http://securityresponse.symantec.com/avcenter/venc/data/w32.mydoom.w@mm.html0
1 3Dsi1 13dp-******.exe1 00 66Added by an unidentified adware where ****** are random characters 01
4 6Dpcnav1 10dpcnav.exe1 00 65DirecWay from DirectTV satellite based high-speed internet access71http://www.professionalsatellite.com/html/direcway_dw4000_features.html0
1 8dpcproxy1 12dpcproxy.exe1 00 30Added by the GOLDENP-A TROJAN!58http://www.sophos.com/virusinfo/analyses/trojgoldenpa.html0
421DPCProxyLoadOnStartup1 12dpcstart.exe1 00 65DirecWay from DirectTV satellite based high-speed internet access71http://www.professionalsatellite.com/html/direcway_dw4000_features.html0
4 8Dpcstart1 12dpcstart.exe1 00 81DirecWay from DirectTV satellite based high-speed internet access. Proxy software71http://www.professionalsatellite.com/html/direcway_dw4000_features.html0
3 8Dpcstart1 12dpcstart.exe1 00105Startup program for Direcway 2-way satellite internet service. Loads DirecWay's Navigator, tray icon, etc 01
1 3dpi1 7dpi.exe1 00 42Delfin Media Viewer or "Promulgate" adware51http://www.spywareguide.com/product_show.php?id=7270
3 4NDPS1 10DPMW32.EXE1 00137Novell Distributed Printer Services - part of Novell's Netware Client and Groupwise products. Not required if you don't use this feature39http://www.novell.com/products/netware/0
326Don't Panic Pop-Up Stopper1 9dpps2.exe1 00320Pop-Up Stopper Companion from Panicware. Pop-up blocker integrated into the IE toolbar. Note that the Pro version doesn't load in startup as it is installed as an Internet Explorer toolbar. Can cause problems with IE if you use WinXP and uninstall Service Pack 1. Uninstalling the software leaves it in the startup group47http://www.panicware.com/product_companion.html0
3 5dpps21 9dpps2.exe1 00320Pop-Up Stopper Companion from Panicware. Pop-up blocker integrated into the IE toolbar. Note that the Pro version doesn't load in startup as it is installed as an Internet Explorer toolbar. Can cause problems with IE if you use WinXP and uninstall Service Pack 1. Uninstalling the software leaves it in the startup group47http://www.panicware.com/product_companion.html0
314Pop-Up Stopper1 9dpps2.exe1 00320Pop-Up Stopper Companion from Panicware. Pop-up blocker integrated into the IE toolbar. Note that the Pro version doesn't load in startup as it is installed as an Internet Explorer toolbar. Can cause problems with IE if you use WinXP and uninstall Service Pack 1. Uninstalling the software leaves it in the startup group45http://www.popupstopper.net/product_dpps.html0
1 3dps1 7dps.exe1 00135scumware-remover.org foistware, bogus adware/spyware remover, is in fact itself a browser hijacker, redirecting to smartestsearch.com 01
120DivX MediaPlayer 7.01 11Dr.DivX.exe1 00 30Added by the ALADINZ.G TROJAN!83http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.aladinz.g.html0
326Speedtouch USB Diagnostics1 12Dragdiag.exe1 00307For an external Alcatel ADSL high-speed modem. A diagnostic tool and can be run from the Start menu when required. The only reason it might be useful on startup is if you like seeing an 'at-a-glance' status indicator on the taskbar (the icon is a different colour depending on the status of the device/line) 01
0 8DragDrop1 12DragDrop.exe1 00 2?? 01
2 8DrgToDsc1 12DrgToDsc.exe1 00239Part of Roxio EasyCD Creator 6.0 - places the Roxio Drag-to-Disc icon in you system tray. "Easily drag and drop files for burning to CD or DVD. Disc formatting and burning will happen automatically". Not required for Roxio to work properly 01
215RoxioDragToDisc1 12DrgToDsc.exe1 00239Part of Roxio EasyCD Creator 6.0 - places the Roxio Drag-to-Disc icon in you system tray. "Easily drag and drop files for burning to CD or DVD. Disc formatting and burning will happen automatically". Not required for Roxio to work properly 01
3 6KE98011 12DriBat32.exe1 00 69KE-9801 multimedia keyboard - required if you use the multimedia keys30http://www.reset.bg/ke9801.htm0
0 9dried.exe1 9dried.exe1 00 2?? 01
211DriveSelect1 15driveselect.exe1 00144DVD X Copy XPress by 321 Studios. Creates a pop-up at Windows startup that asks for the DVD drive to be selected. Available via Start - Programs 01
2 9STManager1 8drst.exe1 00334Dr. SpeedTouch is some sort of diagnostics software which sends out information to a server which then relays the information back to the program to test the network to see if the SpeedTouch ADSL modem connection is working properly. Not required if connected via Ethernet (and probably USB). Can cause a slow down in Win2K - see here49http://flr.free.fr/spip/article.php?id_article=560
1 7syspath1 7drv.exe1 00 24Added by the SOBER WORM!45http://www.avp.ch/avpve/worms/email/sober.stm0
111drvddll.exe1 11drvddll.exe1 00 28Added by the BEAGLE.AP WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.ap@mm.html0
111Drvddll_exe1 11drvddll.exe1 00 27Added by the BEAGLE.X WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.x@mm.html0
3 7drvlsnr1 11drvlsnr.exe1 00120Compaq/ADI SoundMAX integrated digital audio controller related. May solve a problem if your sound cuts out unexpectedly 01
1 7drvr32h1 11drvr32h.exe1 00 47Added by an unidentified VIRUS, WORM or TROJAN! 01
111drvrmanager1 15drvrquery32.exe1 00 25Added by the BOOHOO WORM!76http://securityresponse.symantec.com/avcenter/venc/data/bat.boohoo.worm.html0
110drvsys.exe1 10drvsys.exe1 00 27Added by the BEAGLE.W WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.w@mm.html0
111Sync Server1 13drwatsoon.exe1 00 30Added by the WATSOON.A TROJAN!74http://securityresponse.symantec.com/avcenter/venc/data/w32.watsoon.a.html0
414Drwebscheduler1 12Drwebscd.exe1 00160Dr. Web antivirus related - scheduler that allows you to manage an automatic launch of applications, in particular the antivirus scanner or the update subsystem20http://www.sald.com/0
117COM+ Event System1 12DRWTSN16.EXE1 00 39Added by a variant of the LOVGATE WORM!80http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.lovgate@mm.html0
114Answer Problem1 11dSAFsqs.exe1 00 75W32/Sdbot-SC is an IRC backdoor Trojan! Found in the WIndows system folder.56http://www.sophos.com/virusinfo/analyses/w32sdbotsc.html0
022Desktop Service Centre1 7DSC.exe1 00 43OptusNet DSL or Dial-Up connection software 01
3 8DS Clock1 11dsclock.exe1 00 78Digital desktop clock including synchronization with atomic servers - see here35http://www.dualitysoft.com/dsclock/0
2 7DSentry1 11DSentry.exe1 00260Anti-spyware from Dell. Seems that after Dell found out certain applications being installed from DVD's would report back information about what customers were watching, they decided to implement an anti-spyware service. Run manually before installation starts 01
2 9DVDSentry1 11DSentry.exe1 00260Anti-spyware from Dell. Seems that after Dell found out certain applications being installed from DVD's would report back information about what customers were watching, they decided to implement an anti-spyware service. Run manually before installation starts 01
428Sharing and Mapping Software1 10DShmap.exe1 00126a target="_blank" href="http://www.intel.com/products/desk_lap/hm_sm_office/index.htm"Intel AnyPoint internet sharing software 01
1 9Dskcompat1 13Dskcompat.exe1 00 25Added by the GEMA TROJAN!72http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html0
411DSLagentexe1 12DSLagent.exe1 00175Used in conjunction with USB connected ADSL modems from Eicon Networks (as used by BT for its Broadband internet service for example). Required for a permanent ADSL connection42http://www.eicon.com/worldwide/default.htm0
221YAMAHA DS-XG Launcher1 12dslaunch.exe1 00101System Tray access for the features of the Yamaha DS-XG soundcard unless you regularly change set-ups 01
4 6dslmon1 10dslmon.exe1 00 62Sagem DSL modem related. Apparently needed to detect the modem 01
310DSLSTATEXE1 11dslstat.exe1 00103System tray connection status for ADSL modems from Eicon Networks (as used by BT Broadband for example) 01
0 8DSSSGENS1 12dssagens.exe1 00 2?? 01
1 3DSS1 12dssagent.exe1 00157DSSAgent by Br°derbund - spyware. Sends encrypted emails about the system back to the originators of the program. Also a resource hog. See here for more info28http://cexx.org/dssagent.htm0
223Iomega Backup Scheduler1 11dtiom98.exe1 00 95Used by Iomega drives. Details of its purpose can be found here. Available via Start - Programs57http://pw2.netcom.com/~deepone/zipjaz/ioware.html#startup0
2 8EDLoader1 12DTLoader.exe1 00 97Effective Desktop from MiniStars Software - desktop management software no longer being supported 01
129DirectX For Microsoft Windows1 14dtxservice.exe1 00 28Added by the PROGENT TROJAN!75http://securityresponse.symantec.com/avcenter/venc/data/trojan.progent.html0
3 9No-IP DUC1 9DUC20.exe1 00242Part of http://www.no-ip.com provided service. Keeps No-IP's dynamic nameserver (DNS) updated if and when your computer's (network's) dynamic IP-address changes so that you can run servers on computers with dynamic IP. Shortcut available20http://www.no-ip.com0
1 4duck1 8duck.exe1 00 83Added by W32/Agobot-APO, a WORM/backdoor. It is found in the Windows system folder.58http://www.sophos.com/virusinfo/analyses/w32agobotapo.html0
313Direct Update1 13DUControl.exe1 00 32DirectUpdate dynamic DNS updater28http://www.directupdate.net/0
2 8DU Meter1 11DUMETER.EXE1 00 45Hagel Technologies internet bandwidth monitor31http://www.dumeter.com/main.php0
0 9NWEReboot1 9dummy.exe1 00 2?? 01
212dumprep 0 -k1 12dumprep 0 -k2 00324Used in connection with memory dumps - you can disable these by - right clicking on My Computer, selecting Properties and then the Advanced tab. Click on the Settings button in 'Startup and Recovery'. In the bottom pane - under 'Write debugging information' - click on the down arrow and then select 'None' - OK your way out 01
216kernelfaultcheck1 12dumprep 0 -k2 00324Used in connection with memory dumps - you can disable these by - right clicking on My Computer, selecting Properties and then the Advanced tab. Click on the Settings button in 'Startup and Recovery'. In the bottom pane - under 'Write debugging information' - click on the down arrow and then select 'None' - OK your way out 01
312dumprep 0 -u1 12dumprep 0 -u2 00324Used in connection with memory dumps - you can disable these by - right clicking on My Computer, selecting Properties and then the Advanced tab. Click on the Settings button in 'Startup and Recovery'. In the bottom pane - under 'Write debugging information' - click on the down arrow and then select 'None' - OK your way out 01
216kernelfaultcheck1 12dumprep 0 -u2 00324Used in connection with memory dumps - you can disable these by - right clicking on My Computer, selecting Properties and then the Advanced tab. Click on the Settings button in 'Startup and Recovery'. In the bottom pane - under 'Write debugging information' - click on the down arrow and then select 'None' - OK your way out 01
214UserFaultCheck1 12dumprep 0 -u2 00324Used in connection with memory dumps - you can disable these by - right clicking on My Computer, selecting Properties and then the Advanced tab. Click on the Settings button in 'Startup and Recovery'. In the bottom pane - under 'Write debugging information' - click on the down arrow and then select 'None' - OK your way out 01
2 5dvd431 14DVD43_Tray.exe1 00106DVD43 is "a small tool that integrates into Windows and overrides CSS copy-protection found on DVD movies"32http://www.dvdidle.com/dvd43.htm0
3 9DVDBitSet1 13DVDBitSet.exe1 00192DVD+RW Drive/Disc Compatibility Setting. Installed with HP DVD+RW drives to enhance compatibility with existing readers. You can also set a DVD+RW default drive write mode which is always used 01
1 9Dvdcompat1 13Dvdcompat.exe1 00 25Added by the GEMA TROJAN!72http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html0
211DVDLauncher1 15DVDLauncher.exe1 00174A process belonging to the Cyberlink PowerCinema video viewing software which allows you to play DVDs upon insertion. Non-essential process - and is installed for ease of use 01
0 7DVDTray1 11DVDTray.exe1 00 56HP CD/DVD Tray icon. What does it do, and is it required 01
010DVDUpgrade1 12DVDUpgrd.exe1 00 2?? 01
122Microsoft Time Manager1 10dveldr.exe1 00 26Added by the RBOT-HQ WORM!55http://www.sophos.com/virusinfo/analyses/w32rbothq.html0
125Windows Automatic Updates1 9dvldr.exe1 00 26Added by the RBOT.MF WORM!76http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.MF0
1 8messnger1 11Dvldr32.exe1 00 28Added by the DELODER.A WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_DELODER.A0
4 5Dvp951 9Dvp95.exe1 00 92Scan engine for F-Secure and Command antivirus software based on the F-Prot AntiVirus engine35http://www.f-secure.com/index.shtml0
4 8dvpapi9x1 12DVPAPI9X.exe1 00 38Command AntiVirus for Windows 95/98/Me 01
012LoadDvpApi9x1 12DVPAPI9X.exe1 00 61Part of Command AntiVirus for Windows 95/98/Me. Is it needed? 01
4 6dvprpt1 10Dvprpt.exe1 00 38Command Antivirus real time protection53http://www.command.co.uk/html/products/csav/index.cfm0
1 8dvraudio1 12dvraudio.exe1 00 43Added by a variant of the CRYPTER.C TROJAN!58http://www.sophos.com/virusinfo/analyses/trojcrypterc.html0
3 6DVSync1 10dvsync.exe1 00127DVSync is the program that allows you to synchronize your daVinciÆs PDA's data with your Personal Information Manager on the PC 01
217DataViz Messenger1 11DvzMsgr.exe1 00229DataViz Documents to Go - "allows you to use your Word, Excel and PowerPoint files on your handheld anywhere, anytime. In addition, it now synchronizes e-mail with attachments, PDF files, pictures and Excel-like charts"46http://www.dataviz.com/products/documentstogo/0
112DownloadWare1 6dw.exe1 00337DownloadWare - executes arbitrary code from advertisers and not considered to be adware but is a security risk (see here). If a network connection is available it will connect to its servers, which can direct it to download and install software from advertisers. Installed along with programs such as MovieNetworks, Medialoads and PAgent24http://downloadware.net/0
1 2dw1 6dw.exe1 00337DownloadWare - executes arbitrary code from advertisers and not considered to be adware but is a security risk (see here). If a network connection is available it will connect to its servers, which can direct it to download and install software from advertisers. Installed along with programs such as MovieNetworks, Medialoads and PAgent24http://downloadware.net/0
110MediaLoads1 6dw.exe1 00154Medialoads is advertising software - running DownloadWare as its executable. Installed as a bundle with Kazaa Media Desktop. See here for more information26http://www.medialoads.com/0
120MediaLoads Installer1 6dw.exe1 00154Medialoads is advertising software - running DownloadWare as its executable. Installed as a bundle with Kazaa Media Desktop. See here for more information26http://www.medialoads.com/0
1 6sstata1 9dwdas.exe1 00 26Added by the DASDA TROJAN!61http://www.symantec.com/avcenter/venc/data/TROJAN!.dasda.html0
119DownloadWare Engine1 7Dwe.exe1 00337DownloadWare - executes arbitrary code from advertisers and not considered to be adware but is a security risk (see here). If a network connection is available it will connect to its servers, which can direct it to download and install software from advertisers. Installed along with programs such as MovieNetworks, Medialoads and PAgent24http://downloadware.net/0
318DWHeartbeatMonitor1 22DWHeartbeatMonitor.exe1 00175DWHeartbeatMonitor.exe is installed alongside the Weather.com instant messaging utility. This is a non-essential process. Disabling or enabling this is down to user preference 01
221DigitalWizard Monitor1 9dwMon.exe1 00131InstallShield's DigitalWizard - free, complete Digital Content Management Solution that makes it easy to experience digital content 01
1 6DxLoad1 12DX3DRndr.exe1 00 25Added by the GIBE.B WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.gibe.b@mm.html0
1 9Dx8compat1 13Dx8compat.exe1 00 25Added by the GEMA TROJAN!72http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html0
117Direct X Direct3D1 9dxd3d.exe1 00 37Added by a variant of the SDBOT WORM!43http://vil.nai.com/vil/content/v_100454.htm0
211DXDllRegExe1 12dxdllreg.exe1 00120Created when you select "Yes" to check the "WHQL Digital signatures" in the DirectX9 files at the first time you open it 01
136DirectX DLL Register Support Service1 12DXDLLSVC.EXE1 00 50Added by W32/Codbot-I, a WORM/IRC backdoor TROJAN!56http://www.sophos.com/virusinfo/analyses/w32codboti.html0
115Direct X Opengl1 12dxopengl.exe1 00 39Added by a variant of the RBOT-CJ WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotcj.html0
115Service Manager1 11dxsound.exe1 00 31Added by the PROXY-GRIC TROJAN!72http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=1008860
1 5Dxsty1 9Dxsty.exe1 00 25Added by the GEMA TROJAN!72http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html0
120DirectX Video Driver1 11dxterm5.exe1 00 28Added by the WILAB-A TROJAN!55http://www.sophos.com/virusinfo/analyses/w32wilaba.html0
112Dxupdate.exe1 12Dxupdate.exe1 00 24Added by the MAFEG WORM!70http://securityresponse.symantec.com/avcenter/venc/data/w32.mafeg.html0
118Dynamic Dns Binary1 12dynitora.exe1 00 85Added by W32/Rbot-WT, a WORM/backdoor, and will be found in the Windows system folder55http://www.sophos.com/virusinfo/analyses/w32rbotwt.html0
317Dynu Basic Client1 11dynubas.exe1 00 71Dynu online dynamic IP update client. Useful when using a dial up modem20http://www.dynu.com/0
0 8DZKillMe1 12DZSAVEME.EXE1 00 2?? 01
323Epson Stylus C62 Series1 12E-S0BIC1.EXE1 00132Required for an interface to some versions of MS Word to ensure that some fonts are printed correctly. Start it manually if required 01
1 800D34A521 12E5C5BDB4.exe1 00108Added by the Adware.CashSaver spyware/redirector. File found in the %System%\56171D04\E5C5BDB4.exe folder.60http://www.sarc.com/avcenter/venc/data/adware.cashsaver.html0
2 8OEXCheck1 12EA2Check.exe1 00118Express Assist from AJSystems.com. Utility for use with Outlook Express to backup, restore, synchronize amongst others37http://www.ajsystems.com/oexhome.html0
312eabconfg.cpl1 12EabServr.exe1 00 92Easy Access Buttons control panel on Compaq laptops. Only required if you use the extra keys 01
3 7EACLEAN1 11eaclean.exe1 00 61For Compaq PC's. Easy Access button support for the keyboard75http://h18000.www1.hp.com/support/techpubs/whitepapers/13W1-1200a-wwen.html0
113EanthologyApp1 12EANTHO~1.EXE1 00148Stop-Sign from eAccelerration. Detects spyware, malware, viruses and keyloggers and stops popups. Spyware itself - read their privacy statement here25http://www.stop-sign.com/0
1 6EasyAV1 10EasyAV.exe1 00 40Added by the NETSKY.S or NETSKY.T WORMS!76http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.s@mm.html0
224Lotus Organizer EasyClip1 12easyclip.exe1 00196"The Easy Clip icon automates the collection of information from sources such as e-mail to create an Organizer address, appointment, task or Notepad page." Available via Start - Programs 01
3 8Easy Key1 11easykey.exe1 00111For programming of the built-in functions keys on some laptops (and maybe desktops). Required if these are used 01
3 7EasyKey1 11easykey.exe1 00111For programming of the built-in functions keys on some laptops (and maybe desktops). Required if these are used 01
324Kodak EasyShare software1 13EasyShare.exe1 00123Software bundled with Kodak digital cameras to manage the connection between the PC and the Camera. Can be started manually 01
311EasyTuneIII1 12EasyTune.exe1 00 75Tuning (overclocking) utility for Gigabyte motherboards. Shortcut available 01
1 7easywww1 12easywww2.exe1 00 47Added by an unidentified VIRUS, WORM or TROJAN! 01
3 6eBoard1 10Eboard.exe1 00 73eMachines multimedia keyboard manager. Required if you use the extra keys 01
316eMachines eBoard1 10Eboard.exe1 00 73eMachines multimedia keyboard manager. Required if you use the extra keys 01
1 6E-Card1 9ecard.exe1 00 23Added by the YODI WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.yodi.html0
320C-Media Echo Control1 12EchoCtrl.exe1 00165C-Media produce audio chipsets that are often found on popular motherboards with on-board audio. You may need it if you use the echo control feature of C-Media Mixer 01
0 4ecpe1 8ECPE.EXE1 00 2?? 01
3 9Sgeecview1 10Ecview.exe1 00266SafeGuard Easy - "provides total company-wide protection for sensitive information on laptops and workstations. Boot protection, pre-boot user authentication and hard disk encryption using powerful algorithms guarantee against unauthorized access and hacker attacks"34http://www.ediport.hu/_sgeasy.html0
0 7edexter1 11edexter.exe1 00 2?? 01
1 7editpad1 11editpad.exe1 00 30Added by the CONSPER-B TROJAN!58http://www.sophos.com/virusinfo/analyses/trojconsperb.html0
111eDonkey20001 15eDonkey2000.exe1 00264A peer to peer application for sharing files over the Internet. The free version of this application should be avoided as it installs, without permission, New.Net, Webhancer, WebSearch Toolbar, and WinTools. Located in c:\program files\eDonkey2000\eDonkey2000.exe 01
3 8Edwizard1 12Edwizard.exe1 00266SafeGuard Easy - "provides total company-wide protection for sensitive information on laptops and workstations. Boot protection, pre-boot user authentication and hard disk encryption using powerful algorithms guarantee against unauthorized access and hacker attacks"34http://www.ediport.hu/_sgeasy.html0
219Evidence Eliminator1 6ee.exe1 00132Evidence Eliminator - cover the tracks of your browsing habits and E-mails if you think you need to. Run manually on a regular basis48http://www.evidence-eliminator.com/product.shtml0
1 6ee.exe1 6ee.exe1 00 48Unknown adware. Located in c:\program files\ee. 01
116Windows Explorer1 13EEXPLORER.EXE1 00 38Added by a variant of the SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
112efaxs lptt011 9efaxs.exe1 00186Variant of the RapidBlaster parasite (in an "efaxs" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here49http://www.doxdesk.com/parasite/RapidBlaster.html0
112efaxs ml097e1 9efaxs.exe1 00186Variant of the RapidBlaster parasite (in an "efaxs" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here49http://www.doxdesk.com/parasite/RapidBlaster.html0
3 9Efpap.exe1 9Efpap.exe1 00127Easy File & Folder Protector. Deny access to certain files and folders, or to hide them securely from viewing and searching41http://www.softstack.com/fileprotpro.html0
418eTrust EZ Firewall1 11efpeadm.exe1 00 18eTrust EZ Firewall47http://www1.my-etrust.com/products/Firewall.cfm0
0 6ehTray1 10ehtray.exe1 00 29eHome Media Center PC related 7#FF00000
1 8ei10.exe1 8ei10.exe1 00 28Added by the AGOBOT-NK WORM!57http://www.sophos.com/virusinfo/analyses/w32agobotnk.html0
310ExitKiller1 11Ekiller.exe1 00 65Exit Killer - automatically closes pop-up windows in your browser26http://www.exitkiller.net/0
315CloneCDElbyCDFL1 13ElbyCheck.exe1 00318From Elaborate Bytes who make CloneCD - monitors the installed filters of CD-ROMs/DVD-ROMs. Note - under Win2K removing this from startup causes the CD drive in the computer to not be recognized in the OS and after rechecking it prompts that the driver has been corrupted and asks you to restart the computer to fix it42http://www.elby.org/english/corp/index.htm0
3 9Elbycheck1 13ElbyCheck.exe1 00318From Elaborate Bytes who make CloneCD - monitors the installed filters of CD-ROMs/DVD-ROMs. Note - under Win2K removing this from startup causes the CD drive in the computer to not be recognized in the OS and after rechecking it prompts that the driver has been corrupted and asks you to restart the computer to fix it42http://www.elby.org/english/corp/index.htm0
1 7Element1 11Element.txt1 00 25Added by the ELEM TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/w32.elem.trojan.html0
115[various names]1 7elf.exe1 00 48Elf is a hacker program, tied to a trojan server 01
1 8antiware1 14elitezjx32.exe1 00 34Related to searchmiracle hijacker. 01
2 3elm1 10Elmenv.exe1 00 68ViaTech eLicense for securing, distributing and selling music online 01
313ELSAChipGuard1 12elsavect.exe1 00249ChipGuard for ELSA graphics cards - monitoring solution which monitors both the GPU temperature and fan speed, and will halt the system if either are at dangerous levels and restore the default clock speeds upon reboot. Leave enabled if overclocking 01
311EasyMessage1 7em2.exe1 00 72Easy Messenger, instant messenger for MSN, AOL, ICQ, and Yahoo. See here27http://www.easymessage.net/0
2 7EMA.exe1 7EMA.EXE1 00 75Time management system which helps you to manage your time and appointments 01
319Electron Microscope1 9EMIII.exe1 00332Electron Microscope or EM - is a program used to track Stanford's distributed computing program client called Folding at Home, FAH. It will monitor up to 50 clients and give you the details about each client's progress as the FAH client runs. EM will also show you what each change in the protein looks like as the process continues21http://www.em-dc.com/0
1 7emoc0re1 7emo.exe1 00 61W32/Agobot-AGE is a network worm with backdoor functionality.58http://www.sophos.com/virusinfo/analyses/w32agobotage.html0
115Help Temp Files1 9emp32.exe1 00 85Added by the http://www.sophos.com/virusinfo/analyses/w32forbotec.html Backdoor/Worm!13W32/Forbot-EC0
115Help Temp Files1 9emp32.exe1 00 85Added by the http://www.sophos.com/virusinfo/analyses/w32forbotec.html Backdoor/Worm!13W32/Forbot-EC0
1 8emsw.exe1 8emsw.exe1 00 62Attune HelpExpress - spyware. Disable and uninstall - see here32http://www.c-squad.org/hxdl.html0
214eMuleAutoStart1 9emule.exe1 00298"As of today, eMule is one of the biggest and most reliable peer-to-peer file sharing clients around the world. Thanks to it's open source policy many developers are able to contribute to the project, making the network more efficient with each release." Located in C:\Program Files\eMule\emule.exe54http://www.emule-project.net/home/perl/general.cgi?l=10
3 7EM_EXEC1 11EM_EXEC.EXE1 00196Logitech Mouseware driver. Needed to support some additional functionality of Logitech mice/trackballs such as "SmartMove". If you disable it and find you don't need it leave it disabled 01
215EN4060C Taskbar1 12en4060ct.exe1 00 94Comes with Efficient Networks DSL Modems. Little red/green/yellow flashing icon in system tray 01
116www.hidro.4t.com1 10enbiei.exe1 00 28Added by the BLASTER.F WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.f.worm.html0
318Encompass_ENCMONTR1 12ENCMONTR.EXE1 00 46Optional simple browser from Yahoo (Encompass) 01
217Status Monitor XE1 9ENGSS.EXE1 00258The Xerox Document WorkCentre XE Series Status Monitor displays information about your printer and currently active or waiting print jobs. You can use it to control your printing environment and manage your printing operations. Available via Start - Programs 01
4 7EngUtil1 11EngUtil.exe1 00110Part of Roxio EasyCD Creator 6.0 - corrects any modification made to the Roxio Engine, it exits after checking 01
418RoxioEngineUtility1 11EngUtil.exe1 00110Part of Roxio EasyCD Creator 6.0 - corrects any modification made to the Roxio Engine, it exits after checking 01
1 9enhance321 13enhance32.exe1 00 30Added by the CRYPTER.A TROJAN!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A0
112Enh Win Updt1 11enhupdt.exe1 00100Adware downloader - recognized by Kaspersky antivirus as Trojan-Downloader.Win32.OneClickNetSearch.h36http://www.kaspersky.com/personalpro0
215EnigmaPopupStop1 19EnigmaPopupStop.exe1 00 64SpyHunter - spyware remover of somewhat dubious repute, see note60http://www.spywarewarrior.com/rogue_anti-spyware.htm#sh_note0
0 9$EnterNet1 12Enternet.exe1 00 65Connection manager for the EnterNet ISP. You can also use RASPPOE37http://user.cs.tu-berlin.de/~normanb/0
3 7eonemng1 11eOneMng.exe1 00118eOne Manager, provides access to the buttons on the keyboard and on the front of the console for the eMachines eOne PC 01
412Naimagent_UI1 20EPOAgentnaimag32.exe1 00400Workstation background program for Network AssociatesÆ McAfee ePolicy Orchestrator - a network management tool for enforcing antivirus protection of the workstations using system policies. Works with both McAfee and Norton AntiVirus. NAIMAG32 and NAIMAS32 communicate with the ePolicy Orchestrator processes on the network fileserver to check for virus updates or for the need to perform a virus scan 01
417Naimagent_service1 20EPOAgentnaimas32.exe1 00268Networked version of McAfee VirusScan. Installs, configures and updates the software and DAT (virus definition) files on local computers from a network server. A resource hog but required for DAT updates and if disabled can also cause random freezes and error messages 01
317EPSON CardMonitor1 24EPSON CardMonitor1.0.exe2 00106Monitors the PCMCIA memory card slot on EPSON cameras and printers and launches PhotoStarter or PhotoPrint 01
317EpsonPhotoStarter1 22EPSON_PhotoStarter.exe1 00105Only needed if you want to make full use of the capabilities of an Epson printer that included this 01
0 8Equipmen1 12Equipmen.exe1 00 2?? 01
213OP12 Reminder1 8Ereg.exe1 00 55Registration reminder for OmniPage Pro 12 from ScanSoft33http://www.scansoft.com/omnipage/0
323XTNDConnect PC - ErPhn21 10ErPhn2.exe1 00 99Component of EasySync Pro. Synchronisation between SonyEricsson mobile phones and Microsoft Outlook15#EasySync%20Pro0
110ErrorGuard1 14ErrorGuard.exe1 00 33Spyware remover of dubious repute 01
323XTNDConnect PC - ErTray1 10ErTray.exe1 00 99Component of EasySync Pro. Synchronisation between SonyEricsson mobile phones and Microsoft Outlook15#EasySync%20Pro0
0 8ERTS07491 12ERTS0749.exe1 00110IBM Warranty Notification - presumably it's a reminder to either register or that warranty is about to expire? 01
025IBM Warranty Notification1 12ERTS0749.exe1 00110IBM Warranty Notification - presumably it's a reminder to either register or that warranty is about to expire? 01
217Easy Start Button1 7esb.exe1 00111Provides functionality on certain laptops that have additional keys. Not required unless you use the extra keys 01
3 3ESB1 7esb.exe1 00131Easy Start Button - provides functionality on certain laptops that have additional keys. Not required unless you use the extra keys 01
1 6Helper1 10eschlp.exe1 00 28Added by the BLASTER.T WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.t.worm.html0
1 9EScorcher1 13escorcher.exe1 00197Part of eScorcher anti-virus software - responsible for performing virus checks and deletions. Used to collect information about the user and therefore treated as spyware - now the web-site is dead25http://www.escorcher.com/0
2 5ESFTP1 9esftp.exe1 00 87ESftp - FTP client for transfering files between a local PC and another remote computer30http://esftp.com/features.html0
1 4Esoh1 11Esoh123.exe1 00 28Added by the AGOBOT.FF WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.FF0
413eSafe Protect1 12ESPWatch.exe1 00 69eSafe from Aladdin - internet security for gateway and E-mail servers44http://www.esafe.com/esafe/default.asp?cf=tl0
0 6essapm1 10essapm.exe1 00 26ESS Solo soundcard driver. 01
010ESS Daemon1 8Essd.exe1 00 35Related to an ESS based soundacard. 01
4 5Essdc1 9essdc.exe1 00 63Related to an ESS Solo soundcard. Seems as though it's required 01
0 8ESSNDSYS1 12ESSNDSYS.EXE1 00 35Related to an ESS based soundacard. 01
4 6ESSOLO1 10ESSOLO.exe1 00 65Sound card driver that re-instates itself every time it's removed 01
4 5esspk1 9esspk.exe1 00 81ESS Technology modem speaker driver file. Required to get on-line with this modem 01
3 5load=1 9esspk.exe1 00 60Speakerphone capability through a soundcard for an ESS modem23http://www.esstech.com/0
311EssSpkPhone1 10essspk.exe1 00116ESS Technologies Call waiting, which gets installed by the drivers for V92 modems based on ESS Technologies chipsets 01
310EasyTuneIV1 11ET4Tray.exe1 00 75Tuning (overclocking) utility for Gigabyte motherboards. Shortcut available 01
222Scotia OnLine Recovery1 12etdirrcv.exe1 00229Scotia OnLine Security Software provided by Entrust for Scotiabank. Provides trusted secure access to Scotia OnLine Secure Web sites. *.* represents the version number. Now obsolete after Scotiabank modernised their login process32http://www.entrust.com/index.cfm0
236Scotia OnLine Security v*.* Recovery1 12etdirrcv.exe1 00229Scotia OnLine Security Software provided by Entrust for Scotiabank. Provides trusted secure access to Scotia OnLine Secure Web sites. *.* represents the version number. Now obsolete after Scotiabank modernised their login process32http://www.entrust.com/index.cfm0
116Ethernet Drivers1 12ethernet.exe1 00163Added by the a href="http://www.sarc.com/avcenter/venc/data/w32.gaobot.cez.html#technicaldetails "W32.Gaobot.CEZ infection. Found in the Windows system directory. 01
115EthernetDrivers1 12ethernet.exe1 00 77Added by the W32.Gaobot.CEZ infection. Found in the Windows system directory.75http://www.sarc.com/avcenter/venc/data/w32.gaobot.cez.html#technicaldetails0
120WindowsRegKey%update1 15ethernet32m.exe1 00 26Added by the RBOT-EN WORM!55http://www.sophos.com/virusinfo/analyses/w32rboten.html0
221EarthLink ToolBar 5.01 12etoolbar.exe1 00199EarthLink Toolbar is a tool to help you get to all of the resources of the internet. EarthLink 5.0 Setup adds a few basic buttons to the Toolbar, but you can delete these or add more buttons any time 01
3 8EuroGlot1 12EuroGlot.exe1 00125Euroglot - "multilanguage translating system, available in the languages Dutch, English, French, German, Spanish and Italian"44http://www.euroglotonline.nl/en/default.html0
2 9ICH Synth1 10eusexe.exe1 00226Sound related and can be disabled without affecting performance although advanced sound features may be sacrificed. May be related to Compaq PC's with "SoundMAX integrated Digital Audio" (Analog Devices Inc.) devices 01
311DEventAgent1 12eventagt.exe1 00114DEvent Agent Module client - part of Dell OpenManage and used for server management. Only required if you use this 01
0 9Event Log1 12eventlog.exe1 00 2?? 01
2 8eventmgr1 12eventmgr.exe1 00101Used with a Microtek scanner. Manages the scanner's button events. Available via Start -> Programs 01
313EVENTLISTENER1 11EvLstnr.exe1 00 75Used with a Nikon digital camera to recognize when the camera is plugged in 01
2 7evntsvc1 10evntsc.exe1 00256Application Scheduler installed along with RealOne Player. Once installed, it runs independently of RealOne Player. Not required - see here for more information, including how to disable it. Note that eventsvc.exe no longer appears to be in a newer version20http://www.real.com/0
210TkBell.Exe1 11evntsvc.exe1 00256Application Scheduler installed along with RealOne Player. Once installed, it runs independently of RealOne Player. Not required - see here for more information, including how to disable it. Note that eventsvc.exe no longer appears to be in a newer version20http://www.real.com/0
2 9TkBellExe1 11evntsvc.exe1 00256Application Scheduler installed along with RealOne Player. Once installed, it runs independently of RealOne Player. Not required - see here for more information, including how to disable it. Note that eventsvc.exe no longer appears to be in a newer version20http://www.real.com/0
3 8EVOLOSTA1 12EVOLOSTA.EXE1 00544Evolo Status Monitor for wireless network cards. Allows a user to enter a specific access-point mode SSID, peer-to-peer mode channel, link speed, WEP encryption options, and has enable/disable and rescan buttons. It is not needed if using Windows XP or higher, as they have this built-in to the control panel. Also, if the user is very sure that there is ONLY ONE network available to connect to, then they can remove this. If it is not in startup, and the user needs to run it, they can simply type EVOLOSTA in the Start - Run dialog to run it 01
110exe lptt011 7exe.exe1 00184Variant of the RapidBlaster parasite (in an "Exe" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here49http://www.doxdesk.com/parasite/RapidBlaster.html0
110exe ml097e1 7exe.exe1 00184Variant of the RapidBlaster parasite (in an "Exe" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here49http://www.doxdesk.com/parasite/RapidBlaster.html0
129System Executable DLL Library1 13EXECDLL32.exe1 00 28Added by the RANDEX.AZ WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.az.html0
1 7execfg41 11execfg4.exe1 00 27Added by the ELECTRON WORM!78http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.electron.html0
0 7exgiwsl1 11exgiwsl.exe1 00 2?? 01
313Exif Launcher1 18Exiflaquickdcr.exe1 00116USB mass storage driver used by some digital cameras such as the Fuji Finepix. Only required if you use it regularly 01
215Excite Platform1 12Exlaunch.exe1 00287Loads an Icon in the startup tray that allows you to receive service update notices for Excite@Home if you desire (note that since Excite@Home appears to be winding down this becomes irrelevant). May also allow you to kill the Excite Toolbar that automatically loads in Internet Explorer 01
118Microsoft Internet1 12expl0rer.exe1 00 38Added by a variant of the SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
124Microsoft Update Machine1 12expl0rer.exe1 00 27Added by the SDBOT.OK WORM!85http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.OK&VSect=T0
1 8explorer1 10expl32.exe1 00 27Added by the RATSOU TROJAN!80http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.ratsou.html0
110Explorer321 10Expl32.exe1 00 31Added by the HACKTACK.B TROJAN!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_HACKTACK.B0
114Office Startup1 11Exploer.exe1 00 87Added by the GAOBOT.BV WORM! Note the different filename to the valid MS Office entries79http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.bv.html0
112COM++ System1 12exploier.exe1 00 39Added by a variant of the LOVGATE WORM!57http://www.sophos.com/virusinfo/analyses/w32lovgatef.html0
1 7explore1 11explore.exe1 00 49Added by any number of VIRUSES, WORMS or TROJANS! 01
111explore.exe1 11Explore.exe1 00 31Added by the GRAYBIRD.G TROJAN!80http://securityresponse.symantec.com/avcenter/venc/data/backdoor.graybird.g.html0
114SystemExplorer1 11explore.exe1 00 73Homepage hijacker - file located in the "Services" folder in Common Files 01
114Video Services1 11explore.exe1 00 28Added by the GAOBOT.GL WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.gl.html0
1 6Window1 11explore.exe1 00 29Added by the GAOBOT.ADW WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.adw.html0
116filename process1 11explore.exe1 00129Added by W32/Agobot-QN, a TROJAN/backdoor that allows for unauthorized access to the PC using an IRC channel to a remote server.57http://www.sophos.com/virusinfo/analyses/w32agobotqn.html0
119Microsoft Update 321 13explore32.exe1 00 29Added by the SPYBOT.CYM WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.cym.html0
1 5Video1 12explored.exe1 00 28Added by the GAOBOT.RF WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.rf.html0
113Windows Login1 12explored.exe1 00 28Added by the GAOBOT.SY WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.sy.html0
1 5ccreg1 12explorer.exe1 00178Added by the ZCREW TROJAN! Note - the valid "explorer.exe" is located in C:\Windows or C:\Winnt whereas this one is located in a C:\Windows\System or C:\Winnt\System subdirectory66http://www.symantec.com/avcenter/venc/data/backdoor.irc.zcrew.html0
1 7Explore1 12Explorer.exe1 00155Added by the IRC.FLOOD.G TROJAN! Note - this is not the legitimate Windows Explorer (explorer.exe) which would only be in startups if you added it manually81http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.flood.g.html0
3 8explorer1 12explorer.exe1 00248Starts Windows Explorer. Unless this has been manually added to startups or added by another program it could be a virus such as PE_BISTRO or DVLDR or MYDOOM.C. Note that it is also not the explorer.exe task/service you'll see when via CTRL+ALT+DEL84http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=PE_BISTRO&VSect=T0
115Explorer lptt011 12explorer.exe1 00314Variant of the RapidBlaster parasite (in an "explorer" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here. Note - this is not the legitimate Windows Explorer (explorer.exe) which would only be in startups if you added it manually!49http://www.doxdesk.com/parasite/RapidBlaster.html0
115Explorer ml097e1 12explorer.exe1 00314Variant of the RapidBlaster parasite (in an "explorer" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here. Note - this is not the legitimate Windows Explorer (explorer.exe) which would only be in startups if you added it manually!49http://www.doxdesk.com/parasite/RapidBlaster.html0
1 5smsys1 12Explorer.exe1 00186Added by the CLICKER-C TROJAN! Note - the valid "explorer.exe" is located in C:\Windows or C:\Winnt whereas this one is located in a C:\Windows\Template or C:\Winnt\Template subdirectory58http://www.sophos.com/virusinfo/analyses/trojclickerc.html0
1 6Sustem1 12explorer.exe1 00170Added by an unidentified VIRUS, WORM or TROJAN! Note - this is not the legitimate Windows Explorer (explorer.exe) which would only be in startups if you added it manually 01
112SustemUpdate1 12explorer.exe1 00170Added by an unidentified VIRUS, WORM or TROJAN! Note - this is not the legitimate Windows Explorer (explorer.exe) which would only be in startups if you added it manually 01
1 6system1 12Explorer.exe1 00247Added by the GRAYBIRD TROJAN! Note - this is located in this is located in C:\Windows\System (Win9x/Me), C:\Winnt\System32 (WinNT/2K), or C:\Windows\System32 (WinXP) rather than the valid Windows Explorer which is located in C:\Windows or C:\Winnt78http://securityresponse.symantec.com/avcenter/venc/data/backdoor.graybird.html0
114System Update21 12explorer.exe1 00 31Added by the AUTOTROJ-C TROJAN!59http://www.sophos.com/virusinfo/analyses/trojautotrojc.html0
1 7Windows1 12explorer.exe1 00170Added by an unidentified VIRUS, WORM or TROJAN! Note - this is not the legitimate Windows Explorer (explorer.exe) which would only be in startups if you added it manually 01
119Windowz Update V2.01 12Explorer.exe1 00150Added by the YODO WORM! Note - the valid "explorer.exe" is located in C:\Windows or C:\Winnt whereas this one is located in the System32 sub-directory74http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.yodo.html0
1 8WinUPD321 12explorer.exe1 00170Added by an unidentified VIRUS, WORM or TROJAN! Note - this is not the legitimate Windows Explorer (explorer.exe) which would only be in startups if you added it manually 01
114System-Service1 12EXPLORER.SCR1 00 61Added by the BENJAMIN WORM! KaZaA file-sharing users beware!90http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=WORM_BENJAMIN.A&VSect=T0
125Microsoft Windows Updates1 14explorer32.exe1 00 27Added by the SDBOT.VQ WORM!85http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.VQ&VSect=T0
134Windows Explorer Update Build 11421 14EXPLORER32.EXE1 00 50Added by the KaZaA based KWBOT or KWBOT.Y WORMS!76http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_KWBOT.A0
123MicrosoftServiceManager1 13EXPLORERE.EXE1 00 26Added by the YAHA.AB WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.yaha.ab@mm.html0
114Config Loader21 12explores.exe1 00 28Added by the GAOBOT.BT WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.bt.html0
128Microsoft EXPLOREXP Protocol1 13explorexp.exe1 00 38Added by a variant of the SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
1 6Explkw1 9expup.exe1 00 17Keywords hijacker 01
3 8Exshow951 12EXSHOW95.exe1 00142Support software for some of the Kensington mice. Provides access to extra features like those available with enhanced Logitech and MS devices 01
3 8ExtraDNS1 12ExtraDNS.exe1 00 33ExtraDNS - DNS configuration tool26http://www.extratools.com/0
2 7ezagent1 11ezagent.exe1 00 80EzVCR recording software for the ASUS TV FM card. Available via Start - Programs50http://www.asus.com/products/vga/tvfm/overview.htm0
3 8EzButton1 12EzButton.EXE1 00148EZbutton, is quick launcher of the Media player app that comes with certain laptops. Typically installed in C:\Program Files\EzButton\EzButton.EXE. 01
2 6EZDesk1 10EZDESK.EXE1 00 82Utility that remembers icon locations for each user and resolution. Available here32http://members.aol.com/EzDesk95/0
410eTrustCIPE1 12ezdsmain.exe1 00164eTrust EZ Deskshield from Computer Associates. Protects against malicious email attachments and unauthorized use of email by detecting and blocking unusual behavior128http://www1.my-etrust.com/products/info/Deskshield/4?CFID=6909348&CFTOKEN=43ce20d%2D0001f1aa%2Df6e5%2D1d77%2Dbe1e%2D2f0eac14303f0
2 8EzEjMnAp1 12EzEjMnAp.exe1 00272For IBM Thinkpad Notebooks. Quote: "The IBM ThinkPad EasyEject Utility makes removing multiple devices from your computer faster and easier by enabling you to stop more than one device at once, rather than stopping each device individually". Available via Start - Programs 01
01439ELTFH25Z8SKF1 10Ezg1q5.exe1 00 57Seems to be associated with software by Resplendence SP ? 7#FF00000
1 5jijbl1 9ezlwy.bat1 00 24Added by the REDDW WORM!78http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.reddw@mm.html0
1 5ezula1 10eZmmod.exe1 00128Regarded as spyware/theftware and bundled with the popular iMesh and KaZaA file-sharing programs. Read here for more information39http://www.ahfb2000.com/ezula/ezula.php0
0 7EZNORUN1 11EZNORUN.EXE1 00 22Easy Internet related? 01
016ab EazyScheduler1 11ezsched.exe1 00 2?? 01
311EZSMART App1 11ezsmart.exe1 00 97EZ-S.M.A.R.T. hard drive monitoring software from StorageSoft - appears to be no longer supported 01
4 7ezPS_Px1 11ezSP_Px.exe1 00180Engine that allows PrimoDVD from Veritas (was Prassi) and Drag'n Drop CD from Easy Systems (and maybe others) to record and protects against other software overwriting the settings35http://www.easy.co.jp/dd2e/sony/cd/0
424ezShieldProtector for Px1 11ezSP_Px.exe1 00180Engine that allows PrimoDVD from Veritas (was Prassi) and Drag'n Drop CD from Easy Systems (and maybe others) to record and protects against other software overwriting the settings35http://www.easy.co.jp/dd2e/sony/cd/0
4 7ezPS_Px1 17ezSP_PxEngine.exe1 00180Engine that allows PrimoDVD from Veritas (was Prassi) and Drag'n Drop CD from Easy Systems (and maybe others) to record and protects against other software overwriting the settings35http://www.easy.co.jp/dd2e/sony/cd/0
424ezShieldProtector for Px1 17ezSP_PxEngine.exe1 00180Engine that allows PrimoDVD from Veritas (was Prassi) and Drag'n Drop CD from Easy Systems (and maybe others) to record and protects against other software overwriting the settings35http://www.easy.co.jp/dd2e/sony/cd/0
1 9eZulaMain1 13eZulaMain.exe1 00136Ezula - regarded as spyware/theftware and bundled with the popular iMesh and KaZaA file-sharing programs. Read here for more information39http://www.ahfb2000.com/ezula/ezula.php0
1 9eZuluMain1 13eZuluMain.exe1 00 97Comes with "KaZaA" installation. Advertising Spyware. Not required but KaZaA won't work 01
323Epson Stylus C82 Series1 12e_s0hic1.EXE1 00132Required for an interface to some versions of MS Word to ensure that some fonts are printed correctly. Start it manually if required 01
3 8E_S10IC21 12E_S10IC2.exe1 00 60Epson Stylus printer monitor - for checking ink levels, etc. 01
2 8E_S4I2F11 12E_S4I2F1.exe1 00146Epson Status Monitor 3 for the Epson Stylus Photo R300 (and probably others) printers - monitors the status of a print job spooled to that printer 01
0 8E_S4I2G11 12E_S4I2G1.EXE1 00 58Related to the Epson Stylus CX5400 printer/scanner/copier. 01
3 5E_S231 12E_SICN03.exe1 00 60Epson printer status monitor - for checking ink levels, etc. 01
3 8E_SOEIC11 12E_SOEIC1.exe1 00 60Epson Stylus printer monitor - for checking ink levels, etc. 01
2 3EPS1 12e_srcv02.exe1 00443According to the Epson info: "Use this utility to automatically check for errors and also check the level of ink remaining." This utility can also be started on demand when about to print as follows: File menu Print to bring up the print dialog box. Click on the Properties button which will bring up a display with 4 tabs. Click the Utility tab to get a list of utilities that can be executed including the Status Monitor 3 Environment Check 01
240EPSON Status Monitor 3 Environment Check1 12e_srcv02.exe1 00457According to the Epson info: "Use this utility to automatically check for errors and also check the level of ink remaining." This utility can also be started on demand when about to print as follows: File menu > Print to bring up the print dialog box. Click on the Properties button which will bring up a display with 4 tabs. Click the Utility tab to get a list of utilities that can be executed including the Status Monitor 3 Environment Check 01
242EPSON Status Monitor 3 Environment Check 21 12e_srcv02.exe1 00457According to the Epson info: "Use this utility to automatically check for errors and also check the level of ink remaining." This utility can also be started on demand when about to print as follows: File menu > Print to bring up the print dialog box. Click on the Properties button which will bring up a display with 4 tabs. Click the Utility tab to get a list of utilities that can be executed including the Status Monitor 3 Environment Check 01
2 3EPS1 12e_srcv03.exe1 00443According to the Epson info: "Use this utility to automatically check for errors and also check the level of ink remaining." This utility can also be started on demand when about to print as follows: File menu Print to bring up the print dialog box. Click on the Properties button which will bring up a display with 4 tabs. Click the Utility tab to get a list of utilities that can be executed including the Status Monitor 3 Environment Check 01
240EPSON Status Monitor 3 Environment Check1 12e_srcv03.exe1 00457According to the Epson info: "Use this utility to automatically check for errors and also check the level of ink remaining." This utility can also be started on demand when about to print as follows: File menu > Print to bring up the print dialog box. Click on the Properties button which will bring up a display with 4 tabs. Click the Utility tab to get a list of utilities that can be executed including the Status Monitor 3 Environment Check 01
242EPSON Status Monitor 3 Environment Check 21 12e_srcv03.exe1 00457According to the Epson info: "Use this utility to automatically check for errors and also check the level of ink remaining." This utility can also be started on demand when about to print as follows: File menu > Print to bring up the print dialog box. Click on the Properties button which will bring up a display with 4 tabs. Click the Utility tab to get a list of utilities that can be executed including the Status Monitor 3 Environment Check 01
114Instant Access1 45rundll32.exe EGDACCESS_1057.dll,InstantAccess2 00 93Porn Dialer - Instant Access Dialer.F. File will be found in the %windir%\system32 directory.34http://www.mac-net.com/474482.page0
318FRISK FP-Scheduler1 11F-Sched.exe1 00 99Scheduler for F-Prot anitvirus software. Leave enabled unless you scan manually on a regular basis22http://www.f-prot.com/0
310f1Tray.exe1 10F1TRAY.EXE1 00182System Tray icon for FusionOneÆs MightyPhone software. "MightyPhone is a concept for wirelessly synchronizing the data on your mobile phone with your web-based or PC based organizer"27http://www.mightyphone.com/0
1 4f6071 8f607.exe1 00 27Added by the URAT.B TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/backdoor.urat.b.html0
411Toshiba Fan1 7fan.exe1 00 97Toshiba untilty to keep the fan on a laptop running if they fail to detect there is too much heat 01
0 6fapmon1 10fapmon.exe1 00 63Fair Access Policy monitor for DirecPC/DirecWay internet access33http://www.copperhead.cc/fap.html0
2 4fast1 8fast.exe1 00332Installs as part of Windows XP PowerToys as an option for very-fast user switching (allowing a keystoke to switch users instead of using the login screen). It is only used for the hot-key switch and yet it hogs 1.5 megs of memory in two separate processes (one run by the user & one by the system). Optional install in PowerToys 01
2 7FastUsr1 8fast.exe1 00332Installs as part of Windows XP PowerToys as an option for very-fast user switching (allowing a keystoke to switch users instead of using the login screen). It is only used for the hot-key switch and yet it hogs 1.5 megs of memory in two separate processes (one run by the user & one by the system). Optional install in PowerToys 01
227Microsoft Office Fast Cache1 12Fastboot.exe1 00137Part of MS Office 95 (v7.0). According to this it improves the performance. Most likely a predecessor of MS Find Fast and can be disabled63http://support.microsoft.com/default.aspx?scid=kb;en-us;Q1327550
316Windows Guardian1 12Fawgrd32.exe1 00158Part of First Aid by Cybermedia who were subsequently bought by McAfee (Network Associates). Protects your Windows system from application failure and crashes 01
3 8FBDirect1 12FBDirect.exe1 00286Software that monitors the status of a Visioneer OneTouch scanner button and allows you to scan, fax, copy, print, and easily communicate by simply dragging and dropping scans on your PaperPort Desktop!. The **** represents the model, 5300, 7600, etc. Available via Start -> Programs 01
2 9PP****usb1 12FBDirect.exe1 00282Software that monitors the status of a Visioneer OneTouch scanner button and allows you to scan, fax, copy, print, and easily communicate by simply dragging and dropping scans on your PaperPort Desktop!. The **** represents the model, 5300, 7600, etc. Available via Start - Programs 01
0 3FBI1 9FBISM.exe1 00 35Compaq related but what does it do? 01
317Mount Safe &Sound1 11Fbmount.exe1 00193From McAfee VirusScan version 5.x. Creates back-up sets of critical files in a separate area of a hard drive. If you make regular back-ups it's not needed and can be painful during system start 01
1 6dvsfss1 12fbsfsdrs.exe1 00 27Added by the SDBOT-QA WORM!56http://www.sophos.com/virusinfo/analyses/w32sdbotqa.html0
1 8System331 10FB_PNU.EXE1 00 29Added by the NICHELLO-A WORM!59http://www.sophos.com/virusinfo/analyses/w32nicehelloa.html0
3 9FastCache1 6fc.exe1 00 77FastCache from AnalogX - speeds up browsing by resolving DNS requests locally55http://www.analogx.com/contents/download/network/fc.htm0
0 6FD_SAP1 6FD.exe1 00 27Genicom SAP Printer driver. 01
221Free Download Manager1 7fdm.exe1 00 34"Free Download Manager" - see here15 - see <a href=0
311ODBC BackUp1 9fdxxl.exe1 00156G Data "PC Spion" - monitoring and surveillance software, captures all users activity on the PC, see here. Disable/remove if you didn't install it yourself! 8PC Spion0
3 8SysPilot1 9fdxxl.exe1 00156G Data "PC Spion" - monitoring and surveillance software, captures all users activity on the PC, see here. Disable/remove if you didn't install it yourself! 8PC Spion0
319FEELitDeviceManager1 12feelitdm.exe1 00115Associated with Immersion TouchSense devices (Logitech Wingman Force Feedback Mouse and possibly other peripherals) 01
112Fen Startups1 12fensvc32.exe1 00 29Added by the RANDEX.CCF WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.ccf.html0
316FerrariWallPaper1 13FerrariWP.exe1 00155Calendar that replaces the default desktop background image. It comes with every Acer Ferrari 3000 laptop. Also downloadable for members of www.ferrari.com 01
311FolderGuard1 9FGKEY.EXE1 00 85Part of the Winability's Folderguard program. Used to protect folders on a computer.26http://www.winability.com/0
3 7Fhtisxk1 11fhtisxk.exe1 00210XtraKeys - keylogger (monitoring program). Given a "U" recommendation because it depends if you intentionally installed it. If you didn't treat it as "X" and uninstall or remove via Spybot S&D (for example) 01
310FilterGate1 14filtergate.exe1 00120Filtergate internet filtering software - filters sounds, popup ads, background sound and other unnecessary website items26http://www.filtergate.com/0
311Filterguard1 12Filtrgrd.exe1 00289An icon located in the lower left of the screen and looks like a lifesaver. This icon is a ôshort-cutö to access the basic features of SOS-Guardian, SOS-KidProof Lite, SOS Best Defense and SOS Pro such as Internet filtering utility. You can access this menu by ôright-clickingö on the icon 01
1 9Find Fast1 12Findfast.exe1 00121Complete utter waste of space! Part of MS Office - searches disk drives for Office file types to make opening them easier 01
119Microsoft Find Fast1 12Findfast.exe1 00142Complete utter waste of space! Part of MS Office - searches disk drives for Office file types and creates an index to make opening them easier 01
211BrowseProxy1 15FindService.exe1 00212Actual Names - "It is now possible to enter a particular word or keyword phrase that is associated with your business, and immediately be directed to YOUR WEBSITE! The Actual Names technology can do this for you"46http://actualnames.com/index.php?cont=products0
110Protection1 12Firewall.exe1 00 77Added by W32/Elitper-A, a WORM, and found inthe Windows Program Files folder.57http://www.sophos.com/virusinfo/analyses/w32elitpera.html0
118Microsoft Firewall1 15firewallsp2.exe1 00 26Added by the RBOT-MC WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotmc.html0
111FirewallSvr1 15FirewallSvr.exe1 00 40Added by the NETSKY.X or NETSKY.Y WORMS!76http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.x@mm.html0
2 7HGTXPEI1 15FirstReboot.exe1 00118Herucles Audio tool for the Hercules Game Theater XP soundcard. Available via Start -> Settings -> Control Panel 01
2 8fkSysMon1 12fksysmon.exe1 00153fkWrae SysMon - system monitor - "displays the current memory consumption, CPU and resource usage, date, time, Windows uptime, IP address and a lot more"39http://www.fkware.com/sysmon/index.html0
211DataCaching1 12FlashKsk.exe1 00172SmartMedia Card management from the installation of a SanDisk reader for a camera's SmartMedia card and also adds the "Unplug and Eject Hardware" System Tray icon24http://www.smartdisk.com0
2 7PP3100b1 11flatbed.exe1 00184Twain driver for the Visioneer PaperPort 3100b scanner that allows you to scan, fax, copy, print, and easily communicate by simply dragging and dropping scans on your PaperPort Desktop 01
3 7Flexicd1 11Flexicd.exe1 00 40CD player - part of the Win95 Power Toys86http://www.microsoft.com/windows95/downloads/contents/WUToys/W95PwrToysSet/Default.asp0
1 8jvdnlssn1 12fljzsshc.exe1 00 60Flingstone.com adware - and its Golden Palace Casino program 01
010Flow Go TV1 11flogotv.exe1 00 2?? 01
1 8FLooDNeT1 11FLooDeR.exe1 00 30Added by of the ENDOOL TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/backdoor.endool.html0
1 4flps1 8flps.vbs1 00 24Added by the BYRON WORM!73http://securityresponse.symantec.com/avcenter/venc/data/vbs.bryon@mm.html0
1 8flpycntl1 12flpycntl.exe1 00 30Added by the CRYPTER.C TROJAN!58http://www.sophos.com/virusinfo/analyses/trojcrypterc.html0
217FlashPath Monitor1 12FLSHSTAT.EXE1 00188System Tray icon that you can't get rid of - and does not need to run!. Tells you the battery status in the floppy disk adapter for the smartmedia cards. Available via Start -> Programs 01
216FlashPath Status1 12FLSHSTAT.EXE1 00188System Tray icon that you can't get rid of - and does not need to run!. Tells you the battery status in the floppy disk adapter for the smartmedia cards. Available via Start -> Programs 01
310FmctrlTray1 10Fmctrl.EXE1 00145Genius SM-Live Control Panel. Enhances audio output through Genius sound cards (makes a big difference and worth the 3MB Ram used) 01
2 4run=1 10fmedia.exe1 00 45FMedia FaxWorks related - can be run manually 01
311FreeMem Pro1 11FMEMPRO.EXE1 00186Some users swear by memory management utilities such as FreeMem Pro but others say you don't need them - especially if you have Win98 or WinME. See this article and make up your own mind34http://www.aumha.org/a/memmgmt.htm0
3 7FMStart1 11Fmstart.exe1 00150GFI FAXmaker - native fax connector for Microsoft Exchange Server or for networks, allows all users to send and receive faxes right from their desktop28http://www.gfi.com/faxmaker/0
1 4FMSZ1 8fmsz.exe1 00 25Added by the FMSZ TROJAN!45http://www.pestpatrol.com/pestinfo/f/fmsz.asp0
110RealP1ayer1 10folder.bat1 00113Added by the Trojan.Rplay.A Trojan! Files are located in the C: drive or in the folder where the trojan was run.75http://www.sarc.com/avcenter/venc/data/trojan.rplay.a.html#technicaldetails0
110RealP1ayer1 10folder.exe1 00113Added by the Trojan.Rplay.A Trojan! Files are located in the C: drive or in the folder where the trojan was run.75http://www.sarc.com/avcenter/venc/data/trojan.rplay.a.html#technicaldetails0
4 4fspr1 16FolderShield.exe1 00 47Folder Shield - hide personal files and folders38http://www.baxbex.de/foldershield.html0
218FoneSyncSystemTray1 22FoneSyncSystemTray.exe1 00284System Tray icon for Nokia FoneSync utility for the 7160/7190 mobiles. Useful to send data from/to the cell phone and the computer. You can use it to backup data or even to input data through the computer keyboard (which naturally is much more comfortable). Run manually when required 01
1 7FontFix1 11fontfix.exe1 00 47Added by an unidentified VIRUS, WORM or TROJAN! 01
110AdobeFonts1 9fonts.hta1 00 48Browser hijacker - redirecting to Hugesearch.net 01
1 8FONTVIEW1 12FONTVIEW.EXE1 00 28Added by the OPASERV.T WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.T0
1 7Tiny AV1 11fooding.exe1 00 27Added by the NETSKY.I WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.i@mm.html0
2 6Forbes1 16ForbesAlerts.exe1 00 95Forbes Business News Alerts - displays business news headlines in a little window on the screen 01
1 6deejay1 10forboo.exe1 00 28Added by the FORBOT-AY WORM!57http://www.sophos.com/virusinfo/analyses/w32forbotay.html0
227FotoStation Easy AutoLaunch1 31FotoStation Easy AutoLaunch.exe2 00193Installed with a Nikon digital camera. Used to collect photos uploaded from camera program NkVwMon.exe. If your camera is not connected (via USB port) you do not need this program loaded either 01
3 9FourthDay1 13FourthDay.exe1 00 70The Fourth Day - "astronomical clock and almanac for your system tray"46http://www.starstonesoftware.com/fourthday.htm0
314Fatpipe Dialer1 12fpdialer.exe1 00137Dailler for Fatpipe - software enabling high speed internet browsing (2-4 times faster) and internet connection sharing for up to 5 users 01
223FinePrint Dispatcher vx1 12FPDISPxA.EXE1 00185FinePrint - virtual printer for use with any printer. Search for "dispatcher" here for more information. If removed, it will re-install when program is run - hence the Y recommendation44http://www.softwarelabs.com/fp/fineprint.htm0
228pdfFactory Pro Dispatcher v11 11fppdis1.exe1 00167"With pdfFactory you can create PDF documents from any program printing to the virtual PDF printer". Available via a desktop shortcut or Start -> Programs44http://www.fineprint.com/software/index.html0
326Warning: do not remove it!1 11fpplock.exe1 00141Part of Folder Password Expert by ZQS Software Team - "a software program to restrict access to the folders that contain your sensitive data" 01
115Terminate Popup1 8FPUK.exe1 00257a target="_blank" href="http://www.free-popup-killer.com/"Free Popup Killer - foistware proven to install the Regsvc32 homepage hijacker. Also see a target="_blank" href="http://www.spywareinfo.com/yabbse/index.php?board=21;action=display;threadid=2411"here 01
0 8FPWGMWZD1 12FPWGMWZD.exe1 00 2?? 01
4 9FoolProof1 12fpwinldr.exe1 00 55FoolProof Security PC security software from SmartStuff42http://www.smartstuff.com/fps/fpsinfo.html0
413Quick Startup1 12Fquick32.exe1 00 91For a Nisis G6 USB Graphics Tablet. Re-enables itself if disabled therefore best left alone31http://www.nisis.com/index.html0
3 5Fraps1 9fraps.exe1 00 38Fraps Real-Time Video Capture software 01
216Monstersoundtray1 12Freectrl.exe1 00 43Diamond Multimedia sound card control panel 01
4 7Freedom1 11Freedom.exe1 00173Zero Knowledge Freedom - Anti-Virus, Personal Firewall and Parental Control, it also blocks ads, safeguards your personal information, encrypts your passwords, and much more23http://www.freedom.net/0
3 9Safeworld1 11Freedom.exe1 00 27SafeWorld Internet Security72http://www.safeworldsoftware.com/products/is2003_features.html/SafeWorld0
422TELUS Security service1 11freedom.exe1 00 63Freedom Internet Security, provided by TELUS Communications Inc60http://www.freedom.net/products/bundles/security_bundle.html0
310FreeMemVn21 11FreeMem.exe1 00182Some users swear by memory management utilities such as FreeMem but others say you don't need them - especially if you have Win98 or WinME. See this article and make up your own mind34http://www.aumha.org/a/memmgmt.htm0
4 8Freenote1 12freenote.exe1 00 96FreeNote is a freeware application that lets you place virtual sticky notes around your desktop.39http://www.mgshareware.com/fnmain.shtml0
310FreeRAM XP1 20FreeRAM XP Pro x.exe2 00233Some users swear by memory management utilities such as FreeRAM XP Pro but others say you don't need them - especially if you have Win98 or WinME. See this article and make up your own mind. "x" indicates the version number33http://www.yourwaresolutions.com/0
214Spyware Begone1 12freescan.exe1 00 73Spyware BeGone - free spyware removal utility. Not recommended - see note52http://www.spywarewarrior.com/rogue_anti-spyware.htm0
116Spyware Vanisher1 15FreeScanner.exe1 00 99Spyware remover of dubious repute, see this list of Rogue/Suspect Anti-Spyware Products & Web Sites52http://www.spywarewarrior.com/rogue_anti-spyware.htm0
2 9freshclam1 13freshclam.exe1 00 58Auto update agent of the open source Clamwin virus scanner23http://www.clamwin.com/0
313Fresh Desktop1 16freshdesktop.exe1 00195Fresh Desktop is a utility that lets you manage vast collections of wallpapers for your desktop with ease. When run on bootup it changes the desktop wallpaper at startup or at specified intervals41http://www.softcows.com/fresh_desktop.htm0
4 7FRW_EXE1 7FRW.EXE1 00 55ConSeal Signal9 firewall - now McAfee Personal firewall42http://www.claymania.com/rate-conseal.html0
4 8frxmxins1 12frxmxins.exe1 00 28ATI 3D Studio MAX/VIZ driver 01
3 7DepFrez1 12frzstate.exe1 00259Deep Freeze from Hyper Technologies. "Freezes" the current software configuration so that an a re-boot all changes made refer back to their original settings. Not required for most users - more likely to be used by system administrators, for example70http://www.winselect.com/pages/deepfreeze/dpfrz_info.htm?B13=More+Info0
2 7FSCBoss1 11FSCBoss.exe1 00 36Free Store Club shop online software53http://freestorenow.com/dollardriven/makingmoney.html0
0 7FSDPSRV1 11FSDPSRV.exe1 00 2?? 01
1 8dasxdads1 9fsdqd.exe1 00 29Added by the GAOBOT.BIQ WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.biq.html0
3 6fsserv1 9fserv.exe1 00272a target="_blank" href="http://www.bysoft.se/sureshot/farsighter/manual.html"Farsighter Server - monitors a remote computer invisibly by streaming video to a viewer on your computer. You will know exactly what is happening on the remote computer as you see it in real-time 01
129DirectX for Microsoft Windows1 12Fservice.exe1 00 27Added by the PRORAT TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/backdoor.prorat.html0
1 8Trickler1 15fsg-ag_3102.exe1 00 6Adware 01
1 8Trickler1 7fsg.exe1 00 6Adware 01
1 8Trickler1 12Fsg_3202.exe1 00 96Added by the Gator Adware. This program downloads and displays advertisements on your computer.56http://www.sarc.com/avcenter/venc/data/adware.gator.html0
012fsg_4104.exe1 12fsg_4104.exe1 00 53Installed with Kazaa and believed to be Gator adware? 01
3 3fsp1 7fsp.exe1 00115Folder Shield - hide entire directories and thus prevent access by anyone else to your personal files and documents39http://www.baxbex.com/foldershield.html0
2 8FSScrCtl1 12FSScrCtl.exe1 00121Screen saver control applet used by the "Stardust Screen Saver Toolkit" and "SolidWorks Screen Saver" 01
220Screen Saver Control1 12FSScrCtl.exe1 00151Installs as part of the Hubble Space Telescope screen saver (and possibly others). Lets you control your installed screensavers from a System Tray icon 01
4 8GilatFTC1 7ftc.exe1 00120For Gilat Communications internet satellite systems - associated with SkyBlaster modem. Required if you have this system 01
211CallControl1 12ftctrl32.exe1 00268FaxTalk Messenger Pro is a Windows TAPI based 32-bit application. When installed, the software automatically loads FaxTalk CallControl when you start Windows. When FaxTalk CallControl is running, any TAPI compliant application can request to use the modem from Windows 01
016anycom bluetooth1 15ftflauncher.exe1 00 50Associated with an Anycom bluetooth wireless card. 01
1 9FTPGraber1 13FTPGraber.exe1 00 31Added by the DLOADER-DT TROJAN!59http://www.sophos.com/virusinfo/analyses/trojdloaderdt.html0
1 6irwftp1 10ftpmon.exe1 00103Added by a password stealing TROJAN, Troj/Bancban-BO. This file is found in the Windows system folder.59http://www.sophos.com/virusinfo/analyses/trojbancbanbo.html0
3 8Ftpqueue1 12Ftpsched.exe1 00 80Part of WS_FTP Pro from Ipswitch. Queueing facility for scheduling FTP transfers40http://www.ipswitch.com/Products/WS_FTP/0
218BMail Installation1 12FTP_back.exe1 00202Part of iMesh - a file sharing system. Reported by Norton AntiVirus as a trojan. Once deleted does not prevent file sharing working. Older versions of iMesh re-instate this but the newer versions do not20http://www.imesh.com0
415FlexType 2K.lnk1 11FType2K.exe1 00 44A program used to write and read in Cyrillic 01
112fukerservice1 10fukerz.exe1 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 7reg_key1 13FUKULAMER.exe1 00 28Added by the BEAGLE.AH WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.ah@mm.html0
425Find Virus Launch Program1 12fvlaunch.exe1 00 81Part of a target="_blank" href="http://www.drsolomon.com/"Dr. Solomon's Antivirus 01
119Norton Antivirus AV1 13FVProtect.exe1 00 71Added by the NETSKY.P WORM! Note - this is not the popular AV software!76http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.p@mm.html0
016hp 1000 firmware1 8fwdl.exe1 00 96HP LaserJet 1000 related. Is it a driver or automatic firmware update (based upon the filename)? 01
0 8UpdateFW1 11fwdload.exe1 00 98Appears to be firmware update software for a Network Associates ATMbook OC-3 SMF Interface Module? 7#FF00000
4 9fwenc.exe1 9fwenc.exe1 00272a target="_blank" href="http://www.checkpoint.com/products/protect/vpn-1_srsc.html"Check Point SecuRemote VPN client - "dynamic and fixed IP addressing for all ISP services - dial-up, cable modem, or DSL - the ideal solution for telecommuters and mobile workers" 01
116All Sea web link1 10FWLink.exe1 00 71"Free screensaver", installs lots of foistware. See here. Get rid of it42, installs lots of foistware. See <a href=0
1 9fwservice1 9fwservice1 00 59eAcceleration Stop-Sign related - not recommended, see note60http://www.spywarewarrior.com/rogue_anti-spyware.htm#ss_note0
3 7VGAUtil1 9G-VGA.exe1 00111Gigabyte VGA Utility - access card options (application needs to be run at startup, but is not system critical) 01
1 5G0mez1 9G0mez.vbs1 00 77Added by the VBS.Gormlez@mm infection! Found in the Windows system directory.75http://www.sarc.com/avcenter/venc/data/vbs.gormlez@mm.html#technicaldetails0
3 8GoToMyPC1 9g2svc.exe1 00195ExpertCity GoToMyPc logon - web-based remote-access solution that allows individuals and companies to register their computers online and then securely access those computers from any web browser37https://www.gotomypc.com/ad/corp/home0
1 5adobe1 7gam.exe1 00 40Added by an unidentified WORM or TROJAN! 01
110MS-Connect1 8game.exe1 00 32Adult content dialler - see here49http://vil.mcafee.com/dispVirus.asp?virus_k=999720
215WT Game Channel1 15GameChannel.exe1 00248WildTangent GameChannel - notification of new games, quick access to games and fast and easy game downloads. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case64http://www.wildtangent.com/default.asp?pageID=webdriver_download0
214WT GameChannel1 15GameChannel.exe1 00248WildTangent GameChannel - notification of new games, quick access to games and fast and easy game downloads. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case64http://www.wildtangent.com/default.asp?pageID=webdriver_download0
312gameutil.exe1 12gameutil.exe1 00192Part of Redline RegTweak as supplied with Sapphire ATI graphics cards. You can configure different overlclocking settings on a per game basis and this sets those conditions following a re-boot 01
1 5Gator1 9gator.exe1 00 43Spyware - see here for removal instructions41http://www.pchell.com/support/gator.shtml0
113Gator eWallet1 9gator.exe1 00 85Gator eWallet from The Gator Corporation. Spyware - see here for removal instructions27http://www.gator.com/about/0
111Gay_Sexy_**1 15Gay_Sexy_**.exe1 00 61Premium rate adult content dialler (where * is a random char) 01
1 9jidifedig1 9gba1t.exe1 00133Added by the A href="http://www.sophos.com/virusinfo/analyses/w32sdbotvb.html"W32/Sdbot-VB WORM! Found in the Windows system folder. 01
3 6GoBack1 10GBMenu.exe1 00376Roxio's (nee Adaptec) GoBack software which allows you to revert back to a previously working state on you hard drive if you install a new program and your system goes faulty - performing the same functions with extra features as System Restore on WinMe/XP systems. Disable before running Scandisk or Defrag. Not required for WinMe/XP users, recommended for Win9x/NT/2K users51http://www.roxio.com/en/products/goback/index.jhtml0
1 6Driver1 8gbot.exe1 00 31Added by the JUNTADOR.K TROJAN!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_JUNTADOR.K0
322GoBack Polling Service1 10GBPoll.exe1 00376Roxio's (nee Adaptec) GoBack software which allows you to revert back to a previously working state on you hard drive if you install a new program and your system goes faulty - performing the same functions with extra features as System Restore on WinMe/XP systems. Disable before running Scandisk or Defrag. Not required for WinMe/XP users, recommended for Win9x/NT/2K users51http://www.roxio.com/en/products/goback/index.jhtml0
3 6GBTray1 10GBTray.exe1 00403System Tray icon access to Roxio's (nee Adaptec) GoBack software which allows you to revert back to a previously working state on you hard drive if you install a new program and your system goes faulty - performing the same functions with extra features as System Restore on WinMe/XP systems. Disable before running Scandisk or Defrag. Not required for WinMe/XP users, recommended for Win9x/NT/2K users51http://www.roxio.com/en/products/goback/index.jhtml0
3 6GoBack1 10GBTray.exe1 00403System Tray icon access to Roxio's (nee Adaptec) GoBack software which allows you to revert back to a previously working state on you hard drive if you install a new program and your system goes faulty - performing the same functions with extra features as System Restore on WinMe/XP systems. Disable before running Scandisk or Defrag. Not required for WinMe/XP users, recommended for Win9x/NT/2K users51http://www.roxio.com/en/products/goback/index.jhtml0
316GoBack Tray Icon1 10GBTray.exe1 00403System Tray icon access to Roxio's (nee Adaptec) GoBack software which allows you to revert back to a previously working state on you hard drive if you install a new program and your system goes faulty - performing the same functions with extra features as System Restore on WinMe/XP systems. Disable before running Scandisk or Defrag. Not required for WinMe/XP users, recommended for Win9x/NT/2K users51http://www.roxio.com/en/products/goback/index.jhtml0
012GCC Reminder1 10gccrem.exe1 00 77Associated with AcraMax Greeting Card Creator. Is it a registration reminder?50http://www.arcamax.com/products/oem/ogccreator.htm0
2 6GDrive1 11GDriver.exe1 00180Found on IBM systems. All it does is set the CDROM drive letter to G:. Set your drive letter manually via Start -> Settings -> Control Panel -> System -> Device Manager 01
2 7GEARsec1 11gearsec.exe1 00117Installed by Apple Quicktime package - iPod/iTunes CDRW support. Can be disabled if you only require Quicktime player 01
1 6GEDZAC1 10GEDZAC.exe1 00 24Added by the GEMEL WORM!62http://www.symantec.com/avcenter/venc/data/w32.hllw.gemel.html0
4 9GeekAlarm1 13GeekAlarm.exe1 00168GeekAlarm is a program that helps you take breaks from staring at your computer screen for too long. This program is required to run in order for the alerts to appear.25http://www.geekalarm.com/0
2 8GemStRmW1 12GemStRmW.exe1 00116For a GemPlus smart card reader. If it doesn't start automatically when you insert the smart card, start it manually 01
114general lptt011 11general.exe1 00187Variant of the RapidBlaster parasite (in a "General" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here49http://www.doxdesk.com/parasite/RapidBlaster.html0
114general ml097e1 11general.exe1 00187Variant of the RapidBlaster parasite (in a "General" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here49http://www.doxdesk.com/parasite/RapidBlaster.html0
117Microsoft Netview1 11gesfm32.exe1 00 27Added by the RANDEX.C WORM!60http://www.symantec.com/avcenter/venc/data/w32.randex.c.html0
218GetRight Tray Icon1 12GETRIGHT.EXE1 00268GetRight from Headlight Software - download manager for resuming downloads and choosing multiple download locations. The freeware version is/was spyware. The registered version isn't if you don't install the Aureate/Radiate software. Available via Start -> Programs 01
2 9Get Smile1 12getsmile.exe1 00 60Puts smilie faces in your E-mail. Run manually when required 01
1 83Dfx Acc1 10GFXACC.EXE1 00 23Added by the GIBE WORM!72http://securityresponse.symantec.com/avcenter/venc/data/w32.gibe@mm.html0
2 9Gadu-Gadu1 6gg.exe1 00 40Polish language Instant Messaging client 01
217GhostStartService1 21GhostStartService.exe1 00136Required to run the Windows based wizard in Norton Ghost - added from the 2003 version. Will start automatically when you run the wizard50http://www.symantec.com/sabu/ghost/ghost_personal/0
217GhostStartTrayApp1 21GhostStartTrayApp.exe1 00 64System Tray access to Norton Ghost - added from the 2003 version50http://www.symantec.com/sabu/ghost/ghost_personal/0
111gigabit.exe1 11gigabit.exe1 00 27Added by the BEAGLE.U WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.u@mm.html0
1 7Cheatle1 12GigaByte.exe1 00 27Added by the SHODI.B VIRUS!77http://securityresponse.symantec.com/avcenter/venc/data/w32.hllp.shodi.b.html0
0 8GisdnLog1 12gisdnlog.exe1 00 21BT Digital Access USB43http://www.bt.com/homehighway/more_info.htm0
1 8uteyilix1 12givohise.exe1 00139http://www.sarc.com/avcenter/venc/data/backdoor.sdbot.am.html"Backdoor.Sdbot.AM Backdoor infection! Found in the Windows system directory. 01
3 7Glass2k1 11Glass2k.exe1 00103"Glass2k is a small little program that allows Win2K/XP users to make any window transparent"42http://www.chime.tv/products/glass2k.shtml0
0 9Miniphone1 12glophone.exe1 00257VoiceGlo Glophone Voice over Internet Protocol (VOIP) communications software - "an affordable and convenient way to call friends and family throughout the world using a dial-up or broadband Internet connection on your computer" - is it required in startup?24http://www.voiceglo.com/0
0 5gluon1 9gluon.exe1 00 28In a gluon/bin sub-directory 01
4 6Gmouse1 10Gmouse.exe1 00 78Amouse mouse driver - required if you use non-standard Windows driver features 01
1 8GStartup1 7GMT.exe1 00 33Gator spyware variant. See Gator 6#Gator0
135Microsoft Internet Firewall Manager1 9GMT16.exe1 00 28Added by the RANDEX.AT WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.at.html0
3 8Gnetmous1 12gnetmous.exe1 00 89Genius NetScroll+ mouse driver - required if you use non-standard Windows driver features56http://www.geniusnet.com.tw/product/mouse/netscroll+.htm0
338{0228e555-4f9c-4e35-a3ec-b109a192b4c2}1 11gnotify.exe1 00 66Google Gmail_notifier. Alerts you when you have new Gmail messages39http://toolbar.google.com/gmail-helper/0
0 4gnub1 8gnub.exe1 00 2?? 01
126Go!Zilla Monster Downloads1 6Go.exe1 00101Download manager for resuming downloads and choosing multiple download locations. Advertising spyware 01
1 3GOG1 7GOG.exe1 00 28Added by the PHILIS.B VIRUS!78http://securityresponse.symantec.com/avcenter/venc/data/w32.hllp.philis.b.html0
214GoogleDCClient1 13GoogleDCC.exe1 00366a target="_blank" href="http://toolbar.google.com/dc/faq_dc.html#about1"Google Compute Client - only present if you installed the Google Toolbar with "Google Compute" client active. Does complex calculations in the background when idle. If you want to turn it off go to your browser, click on the little double-helix on the Google Toolbar, and click "Stop Computing" 01
221Google Desktop Search1 17GoogleDesktop.exe1 00344Google Desktop Search - "a desktop search application that provides full text search over your email, computer files, chats, and the web pages you've viewed. By making your computer searchable, Google Desktop Search puts your information easily within your reach and frees you from having to manually organize your files, emails, and bookmarks"36http://desktop.google.com/about.html0
1 7Command1 9Gotit.exe1 00 24Added by the TITOG WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.titog.worm.html0
1 8Go!Zilla1 11gozilla.exe1 00101Download manager for resuming downloads and choosing multiple download locations. Advertising spyware 01
2 3GRA1 7gra.exe1 00329Looks at system resources at startup and warns you if they have dropped. Contains links to the Disk Clean Up, Defrag and Start Up Menu. It does have a link to a startup configuration utility. Similar to msconfig but can keep a list of disabled apps. Not really necessary. Only appears if you load the Gateway Startup Utility 01
121DarkDevil.Grasiele.BR1 12Grasiele.VBS1 00 25Added by the LEMBRA WORM!74http://securityresponse.symantec.com/avcenter/venc/data/vbs.lembra@mm.html0
0 8GrdSys321 12GrdSys32.exe1 00160X-Stream ISP software. Offers free Net access funded by on-screen ads. Is it required or can you create your own dial-up networking connection to use on demand? 01
0 9AliUSBfix1 11GREENMK.exe1 00 59May be realted to a USB 2.0 PCI card - the IOgear GIC220OU? 01
2 7GrpConv1 11grpconv.exe1 00253To facilitate the upgrade from Windows 3.1 to Win95/98, an executable file named GRPCONV.EXE is included with Win95/98. This file provides the translation of groups and group items to folders and links unless you need to access Win 3.1 Group files 01
331Gravis Xperience Driver Support1 12Grxp4exe.exe1 00211Driver for Gravis game controllers such as the Eliminator Aftershock. Must be loaded if you run the supplied application software for the controller to be recognized. Start it manually via a shortcut if not used22http://www.gravis.com/0
0 5Gscbc1 9Gscbc.exe1 00 2?? 01
1 8DOGStart1 11GSDOGST.EXE1 00 88Added by an unidentified VIRUS, WORM or TROJAN! A possibility is a trojan known as PENIS 01
1 6zzgshp1 8gshp.vbs1 00 65Homepage hi-jacker that re-defines your IE or Netscape start page 01
2 9Gsiconexe1 10Gsicon.exe1 00252ADSL modem monitor from Eicon Networks (as used by BT for its Broadband internet service for example). Can safely be disabled without affecting the connection - all this does is give an indication of connectivity and access to the diagnostic facilities42http://www.eicon.com/worldwide/default.htm0
211GSOrganizer1 15GSOrganizer.exe1 00 54GoldenSection Organizer - personal information manager33http://www.tgslabs.com/index.php30
111VideoDriver1 12gspotbot.exe1 00 29Added by the SPIGOT.C TROJAN!78http://securityresponse.symantec.com/avcenter/venc/data/backdoor.spigot.c.html0
1 5ccApp1 14gsw332.exe.vbs1 00 77Added by VBS/Speery-A, a WORM! It will be found in the Windows system folder.56http://www.sophos.com/virusinfo/analyses/vbsspeerya.html0
312GazelDisplay1 9gsyno.exe1 00 64BT Digital Access USB - Gazel ISDN installation System Tray icon43http://www.bt.com/homehighway/more_info.htm0
2 7Gtwatch1 11gtwatch.exe1 00 49Associated with a Mustec scanner and not required 01
111kernel32dll1 11guardpc.exe1 00 28Added by the FORBOT-CU WORM!57http://www.sophos.com/virusinfo/analyses/w32forbotcu.html0
218WinTOTAL Scheduler1 8guru.exe1 00 47WinTOTAL Real estate appraisal software related 01
3 7GuruNet1 11GuruNet.exe1 00 90GuruNet lets you click on any word on your screen to get the relevant information you want37http://www.gurunet.com/what_tools.jsp0
323Multi-function keyboard1 12GWHotkey.exe1 00161Software that sets up the Gateway AnyKey keyboard shortcuts (a series of buttons that allow one-click access to e-mail, browser, volume and CD/DVD controls, etc) 01
212GWInkMonitor1 16GWInkMonitor.exe1 00120Gateway ink monitor - makes an annoying popup that says your printer may be running out of ink, do you want to buy some! 01
2 8GWMDMMSG1 12GWMDMMSG.exe1 00158Used with internal modems on Gateway and vprMatrix PCs. This is the "GTW modem messaging applet" and is not required for the modem to work correctly 01
3 7GWMDMpi1 11GWMDMpi.exe1 00183Used with internal modems on Gateway PCs such as the 450SX Notebook. Required for audio settings to be maintained and does not remain in memory once run. See here for more information153http://support.gateway.com/support/drivers/moreinfo.asp?readmeURL=ftp%3A//ftp.gateway.com/pub/hardware_support/drivers/win_xp/portable/450sx4/7512994.txt0
210SourcePath1 9gwreg.exe1 00 91Used to update Gateway registry settings for System Restoration Kit and Web update programs 01
218Greetings Workshop1 12GWREMIND.EXE1 00 85You really want to be reminded about somebody's birthday at the expense of resources? 01
237Microsoft Greetings Workshop Reminder1 12Gwremind.exe1 00 85You really want to be reminded about somebody's birthday at the expense of resources? 01
3 4gwum1 8gwum.exe1 00183Gigabyte utility manager. Loads if you have a Gigabyte motherboard and got a full bundle of utilities installed. Monitors CPU, fans, BIOS etc. Only used by system "tweakers" 01
110fGQEGqHOME1 10gwwgtp.exe1 00 28Added by the RANKY.J TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.ranky.j.html0
231Ultra Hal Assistant 4.5 Startup1 11HalAsst.exe1 00138Zabaware Ultra Hal Assistant - artificial intelligence conversation simulator. It is capable of being your digital secretary and companion34http://www.zabaware.com/assistant/0
112yeahdude.exe1 13hallowelt.exe1 00 42Added by the GAOBOT.RS or GAOBOT.SA WORMS!79http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.rs.html0
313HaMFrontPanel1 12hampanel.exe1 00190Displays a panel simulating modem lights for the Intel HaM internal modem. The lights are useful as a reminder to disconnect from the net if you are likely to forget, but otherwise pointless 01
3 4Hare1 8hare.exe1 00 61Hare - improve and optimize performance of desktop/laptop PCs51http://www.foxpop.ndirect.co.uk/pc/dachshund_03.htm0
324HawkEye IV Control Panel1 11HAWK_32.EXE1 00140Control Panel application for the old Number Nine graphics cards to change resolution, colour depth, etc. Available via Start -> Programs 01
3 7HawkEye1 11HAWK_95.EXE1 00140Control Panel application for the old Number Nine graphics cards to change resolution, colour depth, etc. Available via Start -> Programs 01
316Handy Backup 3.91 11hbagent.exe1 00139Handy Backup - automatic backup of your critical data to virtually any type of storage media including CD-RW devices and remote FTP servers27http://www.handybackup.com/0
1 6Hbinst1 10Hbinst.exe1 00292Hotbar enhances the surfing experience offering a variety of innovative and fresh skins to the browser while providing users worldwide with access to various services of added value and fun. Also regarded as adware/spyware due to it's adds and browsing habits information gathering - see here22http://www.hotbar.com/0
1 6Hotbar1 10Hbinst.exe1 00292Hotbar enhances the surfing experience offering a variety of innovative and fresh skins to the browser while providing users worldwide with access to various services of added value and fun. Also regarded as adware/spyware due to it's adds and browsing habits information gathering - see here22http://www.hotbar.com/0
211HC Reminder1 6hc.exe1 00101For Compaq PC's. Help Compiler, crunches help database, will run without being in startup when needed 01
2 8HCDetect1 12HCDetect.exe1 00335MS HomeClick Network - simple home network setup and configuration program included with 3Com HomeConnect home networking products. Runs in the background for network printer notification, detection, and Internet Connection Sharing (ICS) taskbar icon. Not required - network can be set-up manually, also has a known memory leak problem 01
2 5spc_w1 7hcm.exe1 00 22NetZero Search related 01
3 8Hcontrol1 12hcontrol.exe1 00 73Hotkeys on an ASUS Notebook. Only required if you use the additional keys 01
012HiberMonitor1 10HCount.exe1 00 2?? 01
244High Definition Audio Property Page Shortcut1 21HDAudPropShortcut.exe1 00139Realtek audio card related - probably adds the odd feature to one of the "Sounds" Control Panel applet tabs - doesn't appear to be required 01
3 9HDDHealth1 13hddhealth.exe1 00199HDD Health is a "full-featured failure-prediction agent for machines using Windows 95, 98, NT, Me, 2000 and XP. Sitting in the system tray, it monitors hard disks and alerts you to impending failure"27http://www.panterasoft.com/0
214Icon Animation1 7HDE.EXE1 00 86Part of McAfee Nuts & Bolts. Provides entertaining animation of your desktop icons 01
2 6HDtray1 10HDtray.exe1 00158Philips Edge Series Control Panel Tray Utility - system tray icon for a Philips Edge series soundcards. Available via Start -> Settings -> Control Panel167http://www.consumer.philips.com/global/b2c/ce/catalog/subcategory.jhtml;jsessionid=4ORTA0KYTJOWWCRQNFJRX1YKGBUEWHAW?subCatId=SOUNDCARDS&groupId=PCSTUFF&divId=00
214Icon Hearit 951 12hearit95.exe1 00 75Audio desktop customization utility from Moon Valley Software. Resource hog 01
214Icon Hearit 981 12hearit98.exe1 00 75Audio desktop customization utility from Moon Valley Software. Resource hog 01
2 9PicasaNet1 9Hello.exe1 00130Hello is an application that allows Blogger users to post digital photos and captions directly to their personal weblogs, or blogs30http://www.hello.com/index.php0
019Windows Help System1 8Help.pif1 00 2?? 01
111helpctl.exe1 11helpctl.exe1 00 28Added by the GASLIDE TROJAN!75http://securityresponse.symantec.com/avcenter/venc/data/trojan.gaslide.html0
111HelpExp.exe1 11HelpExp.exe1 00 62Attune HelpExpress - spyware. Disable and uninstall - see here32http://www.c-squad.org/hxdl.html0
0 4Help1 11helpext.exe1 00 2?? 01
1 5helpw1 9helpw.exe1 00 17Adware downloader 01
323Internet History Eraser1 11HERASER.exe1 00 54Internet History Eraser - deletes your browsing tracks49http://www.internet-history-eraser.com/index.html0
1 9wzservice1 8hess.exe1 00 31Added by the HACKARMY.W TROJAN! 01
3 2Hf1 6Hf.exe1 00 58Hide Folders - hide your folders so only you can view them24http://www.fspro.net/hf/0
3 4hfxp1 8hfxp.exe1 00 61Hide Folders XP - hide your folders so only you can view them26http://www.fspro.net/hfxp/0
223Colorific Control Panel1 12Hgcctl95.exe1 00146From E_Color. Colorific delivers accurate gamma and color temperature across your entire system - monitor to printer and digital camera to monitor 01
220Matrox Color Control1 12hgcctl95.exe1 00 55For Matrox video cards. Quick access to changing colors 01
1 7huigezi1 13HgzServer.exe1 00 31Added by the GRAYBIRD.C TROJAN!80http://securityresponse.symantec.com/avcenter/venc/data/backdoor.graybird.c.html0
311Hibernation1 9hib32.exe1 00202Reduces the power consumption when the laptop isn't being used to preserve battery power. Similar programs on other laptops reduce the processor clock rate, etc. Required if you run of battery regularly 01
127Working Network Connections1 9hicom.exe1 00151Added by the Trojan.Chimo.A Trojan. This file is installed as a service with the service name TY164. The file is found in the Windows system folder.92http://securityresponse.symantec.com/avcenter/venc/data/trojan.chimo.a.html#technicaldetails0
1 7Hid.exe1 7hid.exe1 00 29Added by the RATSOU.B TROJAN!82http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.ratsou.b.html0
111HideRun.exe1 38Hiderun.exe and svhost.exe and pro.gif2 00 25Added by the BOOHOO WORM!76http://securityresponse.symantec.com/avcenter/venc/data/bat.boohoo.worm.html0
3 7hidserv1 11hidserv.exe1 00602This is the Human Interface Device Server for Win98SE/2000/Me/XP, it is required only if you are using USB Audio Devices you can disable via Msconfig. See here. Typical examples are USB multimedia keyboards with volume control and web-ready keyboards. For example - loaded by default with MS DSS80 Speakers because they have Volume, Mute and Bass controls on the speaker. Some users may experience problems disabling this - if this is the case then re-enable it. Equivalent to MMHid in Win98. On HP Computers, HIDSERV is the controller for the keyboard sound controls on the USB and PS/2 keyboards53http://www.microsoft.com/hwdev/tech/input/audctrl.asp0
1 5load=1 8hint.exe1 00 23Added by the ATAK WORM!72http://securityresponse.symantec.com/avcenter/venc/data/w32.atak@mm.html0
211HistoryKill1 12histkill.exe1 00201HistoryKill removes your web surfing path by removing the URL drop-list history, detailed history file, cache, and cookies in both IE and Netscape Navigator browsers. Available via Start -> Programs 01
1 3HIV1 7HIV.exe1 00 25Added by the HIVA TROJAN!72http://securityresponse.symantec.com/avcenter/venc/data/trojan.hiva.html0
313Hook99startup1 9hk2re.exe1 00320"Hook99 enables the user to customize the start button. You can change or remove the text and replace the Windows flag on button with icon of your choice. Supports Windows icons, bitmaps and can extract icons from executables and libraries. Hook99 can also make the background of desktop icons captions transparent"47http://thunder.prohosting.com/~ladi/e_hook.html0
3 5hkcmd1 9hkcmd.exe1 00248Installed by the Intel 810 and 815 chipset graphic drivers. If you want the Ctrl+Alt+F12 or similar keypresses to access Intel's customised graphics properties, you need it, otherwise not. Can be disabled via the Display Properties in Control Panel 01
311HotKeysCmds1 9hkcmd.exe1 00247Installed by the Intel 810 and 815 chipset graphic drivers. If you want the Ctrl+Alt+F12 or similar keypresses to access Intel's customised graphics properties, you need it, otherwise not. Can be disabled via Control Panel -> Display Properties 01
1 7windows1 8hkey.exe1 00 29Added by the GAOBOT.AFW WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.afw.html0
3 6hkserv1 10HKserv.exe1 00121Keyboard manager program required to use programmable power and function keys on some laptops such as the Sony PCG R505TS 01
3 4hkss1 8hkss.exe1 00 51Compaq HotKey Support - multimedia keyboard support 01
118HLL Data Parameter1 11hllcxpa.exe1 00 27Added by the RBOT.AFG WORM!96http://es.trendmicro-europe.com/smb/security_info/virus_encyclopedia.php?s=1&VName=WORM_RBOT.AFG0
324Hardware Sensors Monitor1 12hmonitor.exe1 00191Utility to monitor fan speed and temperatures - similar to Motherboard Monitor. Only required if you're concerned about your system temperature - typically for "overclocked" systems 01
3 8Hmonitor1 12Hmonitor.exe1 00110Hardware sensor monitoring program. Only required if you overclock your system and want to check on the status 01
3 9Sync Data1 11Hndsync.exe1 00123a target="_blank" href="http://www.pocketrealestate.com/PREWireless.asp"Pocket Real Estate - mobile synchronization manager 01
114Hekio Startups1 12Hnksvc32.exe1 00 42Added by the W32/Agobot-QE TROJAN & WORM.57http://www.sophos.com/virusinfo/analyses/w32agobotqe.html0
214Holiday Lights1 18Holiday Lights.exe2 00120Holiday Lights from Tiger Technologies. Festive desktop enhancement that adds lights. Available via Start -> Programs37http://www.tigertech.com/hlights.html0
3 7HookSys1 11HookSys.exe1 00118SurfinGuard Pro - protects against all malicious code delivered through executables, scripting files, ActiveX and Java51http://www.rocketdownload.com/details/secu/6889.htm0
114Windows Update1 10host32.exe1 00 26Added by the RBOT-GU WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotgu.html0
112ControlPanel1 44host32.exe internat.dll, LoadKeyboardProfile2 00 41Added by a vairant of the DELF.DW TROJAN!106http://it.trendmicro-europe.com/enterprise/security_info/ve_detail.php?id=65504&VName=TROJ_DELF.DW&VSect=T0
119Windows Host Device1 11hostsvc.exe1 00 26Added by the ZOOTY-A WORM!55http://www.sophos.com/virusinfo/analyses/w32zootya.html0
311Hot Corners1 8Hotc.exe1 00124Hot Corners - "lets you quickly activate or disable your screen saver by moving the mouse into a given corner of the screen"37http://www.southbaypc.com/HotCorners/0
0 6PLFFAP1 18HotfixQ0306270.exe1 00 75Prolific Technology Inc. USB Flash Disk driver - is it required in startup? 01
3 6HotIDE1 10hotide.exe1 00101HotIDE allows Acer TravelMate owners to hot-swap external drives without switching of their notebooks 01
4 5load=1 10hotkey.exe1 00 58Solo 5300 display driver for Win2K on some Gateway laptops 01
3 9HotkeyApp1 13HotkeyApp.exe1 00 85Part of Acer Launch Manager - programmable keys on such laptops as the TravelMate 61023http://global.acer.com/0
110CPQHotKeys1 13hotkeysvc.exe1 00139Added by the W32/Rbot-XA WORM, which allows exploitation by a remote attacker over IRC channels. It is found in the Windows system folder.55http://www.sophos.com/virusinfo/analyses/w32rbotxa.html0
1 7hotplug1 11hotplug.exe1 00 28Added by the SILLYDL TROJAN!63http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=395740
215HotSync Manager1 11hotsync.exe1 00180Installed when connecting a Palm HotSync cradle up to a USB port. The Blue and Red Arrow Icon that enables Palm / Handspring Synchronizing. Available via Start -> Programs 01
218eFax.com Tray Menu1 11HotTray.exe1 00136eFax Messenger Tray Menu system tray icon for eFax Messenger Plus. Available via Start - Programs. Disabling instructions available here34http://www.efax.com/help/index.asp0
212j2 Tray Menu1 11HotTray.exe1 00136eFax Messenger Tray Menu system tray icon for eFax Messenger Plus. Available via Start - Programs. Disabling instructions available here34http://www.efax.com/help/index.asp0
110hotwetlove1 14hotwetlove.exe1 00 82Adult content dialler. Will not uninstall - components have to be manually deleted 01
020Main Executable (HP)1 12HP05T0R5.exe1 00 79HP (Hewlett-Packard) related. Maybe related to printers. Now - what does it do? 01
016HP Status Server1 10hpboid.exe1 00 2?? 01
016HP Port Resolver1 10hpbpro.exe1 00 2?? 01
013TomcatStartup1 12hpbpsttp.exe1 00 71Apache Tomcat web server, part of HP LaserJet "Printer Tools" software. 01
017TomcatStartup 2.51 12hpbpsttp.exe1 00 71Apache Tomcat web server, part of HP LaserJet "Printer Tools" software. 01
212HP CD Writer1 12hpcdtray.exe1 00 84System Tray access to a HP CD-Writer's functions. Available via Start -> Programs 01
2 9HP CD-DVD1 12hpcdtray.exe1 00 84System Tray access to a HP CD-Writer's functions. Available via Start -> Programs 01
220HP Component Manager1 12hpcmpmgr.exe1 00194Checks the internet for updated drivers/utilities for your HP product - update manually. Disabling will remove the error "Windows can't shutdown the computer because hpcmpmgr.exe can't be ended" 01
0 8hpcmpmgr1 12hpcmpmgr.exe1 00 2?? 01
214HP Simple Trax1 10Hpcron.exe1 00139Supplied with HP CD-RW drives - stores information about CD contents on your hard drive. Available via Start -> Programs or Desktop Icon 01
219HP Display Settings1 12hpdisply.exe1 00131Sets default display settings. Unchecking this item has been reported to cure a "Problem sending command to keyboard" error message 01
1 4HPNT1 9hpdll.exe1 00 63Unknown adware. Found in the C:\Program Files\hpdll\ directory. 01
2 21:1 9hpdrv.exe1 00 69HP utility for monitoring when and how many recoveries have been done 01
2 4run=1 8hpfsched1 00218HPFSCHED is a small TSR that will remind you to clean the cartridges in your DeskJet from time to time in order to keep print quality high. It can be removed from the run line in win.ini if you do not want that feature 01
2 8hpfsched1 12hpfsched.exe1 00218HPFSCHED is a small TSR that will remind you to clean the cartridges in your DeskJet from time to time in order to keep print quality high. It can be removed from the run line in win.ini if you do not want that feature 01
2 8hpgs2wnd1 12hpgs2wnd.exe1 00167"HP's exclusive Share-to-Web software makes it easy to share content with others through our affiliate Internet websites." Available via Start -> Programs66http://www.hp.com/peripherals2/scanjet_info/share-to-web/index.htm0
229Share-to-Web Namespace Daemon1 12hpgs2wnd.exe1 00270"HP's exclusive Share-to-Web software makes it easy to share content with others through our affiliate Internet websites." In other words an application that allows users to upload scanned images to their personal webpages if desired. Available via Start - Programs66http://www.hp.com/peripherals2/scanjet_info/share-to-web/index.htm0
3 8HPHAxMON1 12HPHAxMON.EXE1 00321Media card reader for some HP series printers allowing them to read digital camera memory cards directly. Only needed if you use this feature and known to cause system crashes in some cases. "x" can be 1, 2 or 3 and depends upon driver version. Replaced by HPHmon** (where ** is the version number) from version 4 onwards 01
3 8HPHmon**1 12HPHMON**.EXE1 00324Monitors the status of the memory card reader slot on a HP printers and displays a tray icon if a memory card isn't inserted. Also creates a virtual drive and assigns it the first available drive letter - which can lead to problems with drive management. ** represents the version number. Disable if you don't use the reader 01
3 8HPHmon041 12hphmon04.exe1 00141Media card reader for some HP series printers allowing them to read digital camera memory cards directly. Only needed if you use this feature 01
0 5exmon1 14hpimoniter.exe1 00 71Some kind of hp digital camera maybe or a photo smart connection probe? 01
2 5CXMon1 15Hpi_Monitor.exe1 00146Autodetects when a HP camera is attached to the computer and launches the "HP Photoimaging Software". Available via Start -> Programs 01
215HP JetDiscovery1 12HPJETDSC.EXE1 00 74HP JetAdmin software which monitors printing jobs on a network environment 01
428JetAdmin Discovery Indicator1 12HPJETDSC.EXE1 00264HP JetAdmin software for HP JetDirect Print Servers. HPJETDSC.EXE is the file necessary for the JetAdmin Discovery Indicator (paper airplane in the taskbar). It gets launched automatically through the registry, and remains active to control the Discovery Indicator 01
010hpjsiroute1 11hpjsira.exe1 00132Related to HP laserjet printers and IP addresses. An IP address is appended to the name field - ie "hpjsiroute192.168.1.2" 01
4 6HpLamp1 10HPLAMP.EXE1 00123HP Scanner Utility that controls your scannerÆs light bulb. Needed if it's switched on. Also refer here for troubleshooting102http://www.hp.com/cgi-bin/cposupport/get_doc.pl?SNI=hpscanjet320506&LC=scanners&Tfile=nps050420
3 7hplampc1 11hplampc.exe1 00 76HP Scanner Lamp Utility - fixes an issue with the scanner lamp not going off 01
217HP Precision Scan1 12hpmdlbwx.exe1 00 89HP multifunction scanner software. Available from HP Office Jet R Toolbox so not required 01
3 7HpMmKbd1 11HpMmKbd.exe1 00119HPÆs multimedia keyboard driver which enables the end-user to use the automation features of the HP multimedia keyboard 01
016VDI Manager (HP)1 13HPO0VDX05.exe1 00 52HP (Hewlett-Packard) related. Now - what does it do? 01
318hp psc 2000 Series1 12hpobnz08.exe1 00119System Tray icon indicating when the printer is ready. Can be started manually with HP Director but takes time to start 01
233HPAiODevice(hp psc 900 series) -11 12hpobrt07.exe1 00172Installed with a Hewlett Packard 900 series colour printer, scanner, fax, photo card slot printer, copier. Assumed to perform an identical function to the hpaiodevice entry 01
2 8hpodblia1 12hpodblia.exe1 00114HP OfficeJet Scan Button Monitor on a multi-function printer/copier/scanner. Start your scanning software manually 01
211hpaiodevice1 12hpodev07.exe1 00466Direct from HP - "Device Objects Server - detects all device events and handles all ongoing communication on the device. Loads in the Startup group (except when "portable" is chosen during installation)". Related to various HP all-in-one printer/scanner/copier devices. They print and copy fine with those files disabled, and the icon installed on the desktop that points to "hpodir07.exe" works just fine if you need to use the scanner 01
2 8hpodlb081 12hpodlb08.exe1 00114HP OfficeJet Scan Button Monitor on a multi-function printer/copier/scanner. Start your scanning software manually 01
220HPAIO_PrintFolderMgr1 12hpoopm07.exe1 00401Directly from HP: "This process has one purpose - detects if the device moves to a different port, and notifies other processes to look on the new port." For various HP all-in-one printer/scanner/copier devices. They print and copy fine with those files disabled, and the HP icon installed on the desktop that points to "hpodir07.exe" works just fine if you need to use the scanner 01
014officejet 61001 12hposol08.exe1 00 66Associated with a HP PSC2110 (and maybe others) all-in-one machine 01
031HP OfficeJet Series xxx Startup1 12HPOSTR03.EXE1 00 47xxx represents the series number - such as 700. 01
031HP OfficeJet Series xxx Startup1 12HPOstr05.exe1 00 47xxx represents the series number - such as 700. 01
315DeviceDiscovery1 12hpotdd01.exe1 00237Detection of new imaging, printing and other peripherals on HP machines such as USB printers, cameras and Bluetooth products. "This program is a non-essential process, but should not be terminated unless suspected to be causing problems" 01
412hpotdd01.exe1 12hpotdd01.exe1 00237Detection of new imaging, printing and other peripherals on HP machines such as USB printers, cameras and Bluetooth products. "This program is a non-essential process, but should not be terminated unless suspected to be causing problems" 01
314HP AutoIndexer1 18hppautoindexer.exe1 00181Installed by HP multi-function printer driver software, related to PC faxing. If you are not using the PC faxing feature you can go ahead and disable these services from the startup 01
321HP Laser Jet Director1 15hppdirector.exe1 00200System Tray icon that opens various functions such as copy, fax, email, scan, copy plus, etc. Right-click on it and you see a few options such as the preceding bar plus About, Help, ToolBox, Exit, etc 01
4 6hpppta1 10HPPPTA.exe1 00 44HP parallel port driver for certain hardware 01
122Win USB 2.0 USB Driver1 11HPPrint.exe1 00 29Added by the SPYBOT.DNB WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.dnb.html0
315HP SchedIndexer1 19hppschedindexer.exe1 00181Installed by HP multi-function printer driver software, related to PC faxing. If you are not using the PC faxing feature you can go ahead and disable these services from the startup 01
221HP Parallel Port Test1 8hppt.exe1 00 36Associated with a HP ScanJet scanner 01
3 8HPPWRSAV1 12HPPWRSAV.EXE1 00287Power save related for HP Scanners. Many users have complained of system freezes with it running but it stops the light from remaining on all the time. Try www.hp.com, pick your OS option under the SUPPORT tab, follow the instructions and you will find an updated lamp control patch17http://www.hp.com0
010CamMonitor1 11hpqcmon.exe1 00 38From HP and related to digital imaging 01
0 7hpqcmon1 11hpqcmon.exe1 00 38From HP and related to digital imaging 01
312HP ScanPatch1 13HPScanFix.exe1 00197Program that starts up and automatically fixes earlier versions of the Scanjet 5100c software. If a Scanjet 5100C scanner is not going to be used, then it is safe to remove or prevent from starting 01
1 9HpPrinter1 12HPSERVER.EXE1 00 43Added by Troj/CmjSpy-T , a backdoor TROJAN!57http://www.sophos.com/virusinfo/analyses/trojcmjspyt.html0
2 8hpsjbmgr1 12hpsjbmgr.exe1 00242HP ScanJet Button Manager. It allows users of the HPScanJet scanners to indicate what the buttons on the scanner will do automatically if pushed. Not required at startup, unless the scanner is used every day, such as in a business environment 01
313HPSCANMonitor1 11hpsjvxd.exe1 00106HP scanning software that enables you to scan images from your scanner. Needed if you're using the scanner 01
214HP ScanPicture1 12hpsplmwa.exe1 00 89HP multifunction scanner software. Available from HP Office Jet R Toolbox so not required 01
017hp Silent Service1 11HpSrvUI.exe1 00 10HP related 01
2 7HPStart1 11hpstart.wsf1 00147This a script used by HP that runs the first time one of their computers is started. Can't imagine why it would be starting up after the first boot 01
2 9HP Status1 12hpstatus.exe1 00 28HP Printer Status and Alerts 01
3 8hpsysdrv1 12hpsysdrv.exe1 00606This item keeps track of how many times the system has been recovered and the times of the first and last recoveries done on the system. Leaving unchecked will sometimes prevent the Keyboard Manager program from detecting that the computer is an HP. Since this program/driver was only made to run on HP, if it can't tell that it is an HP it will not run. If unchecked, it can prevent the running of the Application Recovery CDs, the use of the multimedia keys, and the HP Instant Support. Also seen that without it running, the Riptide Sound card that was installed on some older HP computers stops working 01
216Display Settings1 11hptasks.exe1 00 98Allows for the adjustment of the display for LCD screen, CRT Monitor and TV output on HP computers 01
2 5load=1 10HPWHRC.EXE1 00 61Loads the Status Window software for the HP Laserjet printers 01
117Win Drivers SSL321 13hpwsnnsbc.exe1 00 68Added by the W32/Sdbot-VG WORM! Found in the Windows system folder.56http://www.sophos.com/virusinfo/analyses/w32sdbotvg.html0
218HP software update1 12HPWuSchd.exe1 00 85HP software updates. If a shortcut doesn't exist, create your own and run it manually 01
218HP software update1 13HPWuSchd2.exe1 00 84HP software updates. If a shortcut doesn't exist create your own and run it manually 01
218HP software update1 13HPWuSchd2.exe1 00 85HP software updates. If a shortcut doesn't exist, create your own and run it manually 01
2 7HPZTS041 11hpzts04.exe1 00 72Hewlett Packard printer toolbox shortcut that resides in the system tray 01
320HPDJ Taskbar Utility1 12hpztsb04.exe1 00361(1) Ghostscript device driver for printers understanding Hewlett-Packard's Printer Command Language - see here for more info or (2) Creates 1 or all 3 icons on taskbar. The 1st one has a yellow border around it warning that ink is low on the printer. The 2nd one is HP Device Detection Software and the 3rd one is about a card being inserted into the Hp printer57http://home.t-online.de/home/Martin.Lottermoser/pcl3.html0
320HPDJ Taskbar Utility1 12hpztsb05.exe1 00361(1) Ghostscript device driver for printers understanding Hewlett-Packard's Printer Command Language - see here for more info or (2) Creates 1 or all 3 icons on taskbar. The 1st one has a yellow border around it warning that ink is low on the printer. The 2nd one is HP Device Detection Software and the 3rd one is about a card being inserted into the Hp printer57http://home.t-online.de/home/Martin.Lottermoser/pcl3.html0
320HPDJ Taskbar Utility1 12hpztsbol.exe1 00361(1) Ghostscript device driver for printers understanding Hewlett-Packard's Printer Command Language - see here for more info or (2) Creates 1 or all 3 icons on taskbar. The 1st one has a yellow border around it warning that ink is low on the printer. The 2nd one is HP Device Detection Software and the 3rd one is about a card being inserted into the Hp printer57http://home.t-online.de/home/Martin.Lottermoser/pcl3.html0
320HPDJ Taskbar Utility1 12hpztsd02.exe1 00361(1) Ghostscript device driver for printers understanding Hewlett-Packard's Printer Command Language - see here for more info or (2) Creates 1 or all 3 icons on taskbar. The 1st one has a yellow border around it warning that ink is low on the printer. The 2nd one is HP Device Detection Software and the 3rd one is about a card being inserted into the Hp printer57http://home.t-online.de/home/Martin.Lottermoser/pcl3.html0
110HP Deskjet1 18HP_DeskJet_500.exe1 00 28Added by the FORBOT-DA WORM!60http://www.sophos.com.au/virusinfo/analyses/w32forbotda.html0
312HPLogiFinder1 13hp_finder.exe1 00118HP LogiFinder helps detect and allows the use of the centre button for the Logitech mouse. Can be disabled if not used 01
3 7HTpatch1 11htpatch.exe1 00197HTpatch.exe is part of the SiS AGP patch - BUT unless your processor (and motherboard) supports HyperThreading (HT) and this feature is enabled it will actually SLOW your graphics card by around 6% 01
1 9https-ssl1 9https.exe1 00 26Added by the MOEGA.D WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.moega.d.html0
0 6huhdir1 10huhdir.exe1 00 2?? 01
0 8voowsmcr1 10huhdir.exe1 00 2?? 01
1 4Hvid1 8Hvid.exe1 00 25Added by the GEMA TROJAN!72http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html0
315Hardware Doctor1 12Hwdoctor.exe1 00247Winbond Hardware Doctor - as included on some motherboard using Winbond's hardware monitoring chips. Displays fan speeds, voltages, temperatures. Only required if you're concerned about your system temperature - typically for "overclocked" systems 01
1 7HWINFO*1 7HWINFO*1 00 55Added by the PUROL WORM! where * is a random character75http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.purol.html0
116Hardware Profile1 9hxdef.exe1 00 39Added by a variant of the LOVGATE WORM!80http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.lovgate@mm.html0
116Hardware Profile1 12hxdef.exe...1 00 39Added by a variant of the LOVGATE WORM!80http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.lovgate@mm.html0
116Soft Profile Inc1 12hxdef.exe...1 00 39Added by a variant of the LOVGATE WORM!80http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.lovgate@mm.html0
1 8HXDL.EXE1 8HXDL.EXE1 00 62Attune HelpExpress - spyware. Disable and uninstall - see here32http://www.c-squad.org/hxdl.html0
1 9HXIUL.EXE1 9HXIUL.EXE1 00 62Attune HelpExpress - spyware. Disable and uninstall - see here32http://www.c-squad.org/hxdl.html0
1 8rate.exe1 12i11r54n4.exe1 00 76Added by the BEAGLE.E or BEAGLE.F or BEAGLE.G or BEAGLE.H or BEAGLE.I WORMS!76http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.E@mm.html0
1 4I3861 8I386.exe1 00 27Added by the MYPOWER WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.mypower.b@mm.html0
118Config Loadatiorin1 14I3Explorer.exe1 00 28Added by the SDBOT.H TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.h.html0
0 8I81SHELL1 12I81SHELL.exe1 00 89Appears to be related to drivers for an Intel 810 graphics chipset on an ASUS motherboard 01
3 9i8kfangui1 13i8kfangui.exe1 00 41Graphical interface for fan speed control 01
113IntruderAlert1 8ia99.exe1 00 39Intruder Alert '99 from Bonzi - spyware56http://www.safersite.com/PestInfo/db/i/internetalert.asp0
3 8IAAnotif1 12iaanotif.exe1 00352IAA Event Monitor User Notification Tool - part of Intel« Application Accelerator - "a performance software package for desktop PCs using select Intel« chipsets" that "replaces the ATA drivers that come with Windows with drivers optimized for desktop and mobile PCs." If you use the RAID version it's required to notify you if a RAID 1 disk has failed42http://www.intel.com/support/chipsets/iaa/0
326Internet Answering Machine1 7IAM.exe1 00134From Callwave - offers a free utility to monitor your incoming phonecalls if you only have a single telephone line for internet access24http://www.callwave.com/0
4 6iamapp1 10iamapp.exe1 00139AtGuard personal firewall engine. As Atguard was bought by Symantec some time ago, it's now the Norton Personal Firewall executable as well 01
326Internet Answering Machine1 12IAMNET~1.EXE1 00136From Callwave. It offers a free utility to monitor your incoming phonecalls if you only have a single telephone line for internet access24http://www.callwave.com/0
0 3Iap1 7iap.exe1 00247Possibly part of Dell OpenManage Client Instrumentation - software that allows remote management application programs to access information about, monitor the status of or change the state of the client computer, such as shutting it down remotely? 7#FF00000
1 7IASHLPR1 11IASHLPR.EXE1 00 28Added by the OPASERV.T WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.T0
124Microsoft media services1 9Iassd.exe1 00 45Added by a variant of the AGOBOT/GAOBOT WORM!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN0
139Microsoft Internet Acceleration Utility1 7iau.exe1 00 17EasySearch adware57http://sarc.com/avcenter/venc/data/adware.easysearch.html0
0 6RenolB1 6ib.exe1 00 2?? 01
323Iomega Automatic Backup1 11ibackup.exe1 00 76Iomega Automatic Backup - automatic backups for use with Iomega portable HDD113http://www.iomega-europe.com/eu/category.asp?catalog%5Fname=Iomega&category%5Fname=Iomega+Automatic+Backup&Page=10
329Iomega Automatic Backup 1.0.11 11ibackup.exe1 00 76Iomega Automatic Backup - automatic backups for use with Iomega portable HDD113http://www.iomega-europe.com/eu/category.asp?catalog%5Fname=Iomega&category%5Fname=Iomega+Automatic+Backup&Page=10
327IBMUltraBayHotSwapCPLLoader1 12IBMBAY2N.EXE1 00 73Supports hot swapping in Thinkpad UltraBay Option on IBM ThinkPad laptops 01
023IBMUltraBayHotSwapSound1 12IBMBAYSN.EXE1 00123Supports hot swapping in Thinkpad UltraBay Option on IBM ThinkPad laptops. Is it needed though - does it just play a sound? 01
211ibmmessages1 15ibmmessages.exe1 00210Allows IBM to push messages onto users' computers. Quote: "The Access IBM Message Center can display messages to inform you about software and solutions available from IBM as well as messages from IBM eSupport" 01
010Ibmmon.exe1 10Ibmmon.exe1 00 2?? 01
3 8Ibmpmsvc1 12ibmpmsvc.exe1 00295Power management driver for IBM laptops. Provides support for the use of four keys on the thinkpad keyboard with blue key tops - Fn, F3, F4 & F12 - which have specific functions to control the standby and hibernate buttons. Not required if you don't plan to go into standy or hibernate modes 01
112Shmgrate.exe1 9ibot4.exe1 00 27Added by the GASTER TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/backdoor.gaster.html0
312InstallBuddy1 9Ibtna.exe1 00185InstallBuddy - automatically translates and installs your desktop documents, such as Adobe PDF, HTML, Microsoft Word, Excel and PowerPoint files, to your Palm organizer when you HotSync58http://www.bluenomad.com/ib/prod_installbuddy_details.html0
3 6iClean1 10iClean.exe1 00132IEClean - "advanced, comprehensive package of tools which perform a number of functions to allow you to control your online privacy"35http://www.nsclean.com/ieclean.html0
4 7Sweep951 12ICLOAD95.EXE1 00 32Part of Sophos ant-virus sofware40http://www.sophos.com/products/software/0
418InterCheck Monitor1 9Icmon.exe1 00 32Part of Sophos ant-virus sofware40http://www.sophos.com/products/software/0
2 3ICO1 7ICO.EXE1 00213Found on a Sony Vaio laptop and seems to be related to Mouse Suite 98 Daemon according to the properties. Appears to cause a behaviour where the desktop suddenly flips back up when playing DirectX associated games 01
111Icon lptt011 8icon.exe1 00185Variant of the RapidBlaster parasite (in an "Icon" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here49http://www.doxdesk.com/parasite/RapidBlaster.html0
111Icon ml097e1 8icon.exe1 00185Variant of the RapidBlaster parasite (in an "Icon" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here49http://www.doxdesk.com/parasite/RapidBlaster.html0
4 8ICONCLNT1 12iconclnt.exe1 00 58APC PowerChute Tray Icon. Associated with the UPS listing 4#UPS0
3 8ICONDESK1 12ICONDESK.EXE1 00 85Small utility which will allow you the option of hiding or showing your desktop icons 01
211Iconfig.exe1 11Iconfig.exe1 00 37Icon for LS-120 "Superdisk" 01
3 7E-color1 11IconMgr.Exe1 00314Sets the colour of your monitor when running games that recognise E-Color so that you get 'what the game designer intended' when you see the game. Also allows monitor callibration through a program called 3-Deep. If you play a lot of games it can be useful. Can be disabled from starting up from within the program 01
2 7Iconoid1 11Iconoid.exe1 00 33Iconoid is a desktop icon manager34http://www.sillysot.com/index.html0
2 9Iconsaver1 13Iconsaver.exe1 00 35IconSaver is a desktop icon manager35http://www.iconsaver.com/index.html0
213Mirabilis ICQ1 7icq.exe1 00133If connected to the internet, automatically runs up ICQ. Convenience more than anything. ICQ can be started from Start -> Programs 01
2 8ICQ Lite1 11ICQLite.exe1 00112a target="_blank" href="http://www.icq.com/download/"ICQ Lite - compact version of the popular messaging program 01
213Mirabilis ICQ1 10ICQNet.exe1 00133If connected to the internet, automatically runs up ICQ. Convenience more than anything. ICQ can be started from Start -> Programs 01
1 3ICQ1 10ICQNET.vbs1 00 62Added by the VBS.Gormlez@mm infection! Found in the C:\ drive.75http://www.sarc.com/avcenter/venc/data/vbs.gormlez@mm.html#technicaldetails0
115ICQ Hacking Pro1 10ICQpro.exe1 00 40Added by a variant of the NETSPY TROJAN!75http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_NETSPY0
2 8ICServer1 12Icserver.exe1 00117Intel Intercast viewer software. Gives access to selected internet pages which are broadcasted by several TV stations 01
4 6ICSMGR1 10ICSMGR.EXE1 00128Monitors DNS and DHCP requests for ICS (Internet Connection Sharing). Needed if youÆre sharing the internet on various computers 01
215SetupICWDesktop1 12icwconn1.exe1 00256Appears to be the "Internet Connection Wizard" from Internet Explorer being set-up as a desktop shortcut. Appears under the RunOnce registry key but is available under Start -> Programs -> Accessories -> Communication (or similar) anyway 01
112stcinstaller1 8id53.exe1 00 32Added by the SCTHOUGHT.L TROJAN!80http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_SCTHOUGHT.L0
1 6ID85251 10ID8525.exe1 00 29Added by the ID8525.A TROJAN!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_ID8525.A0
1 6ID85251 11id85255.exe1 00 29Added by the ID8525.A TROJAN!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_ID8525.A0
0 3IDA1 7IDA.EXE1 00 59HP related - in a Program FilesHewlett-PackardPC COE folder 01
1 3IDE1 7ide.exe1 00 30Added by the ASSASIN.F TROJAN!66http://www.symantec.com/avcenter/venc/data/backdoor.assasin.f.html0
1 7idecntl1 11idecntl.exe1 00 43Added by a variant of the CRYPTER.C TROJAN!58http://www.sophos.com/virusinfo/analyses/trojcrypterc.html0
110IDE Loader1 13IDElibr32.exe1 00 68Added by the XILON TROJAN! Related to the game "Diablo II"77http://securityresponse.symantec.com/avcenter/venc/data/w32.xilon.trojan.html0
3 8iDesktop1 12idesktop.exe1 00 81Immersion TouchWare Desktop software for devices such as the Logitech iFeel Mouse59http://www.immersion.com/products/ce/generaldownloads.shtml0
3 6detect1 11idetect.exe1 00178iNTERNET Turbo from Clasys Ltd. "It accelerates any Windows 95/98/Me/NT/2000/XP internet connection in seconds". If you find it helps your connectivity leave it enabled41http://www.clasys.com/internet_turbo.html0
216IDW Logging Tool1 10idwlog.exe1 00144Added with WinXP SP1. Usually only found in internal builds only to indicate the current build being used. Can cause slow network logon problems 01
3 6CCWC7I1 8idxl.exe1 00 64Moleculesoft Cache, Cookie & Windows Cleaner Ver. 7 - auto clean39http://www.moleculesoft.se/index2b.html0
117Internet Explorer1 6IE.EXE1 00122Added by W32/Sdbot-VS TROJAN/backdoor. Remote access, by way of the IRC network, becomes available to unauthorized users.56http://www.sophos.com/virusinfo/analyses/w32sdbotvs.html0
310IECleanAux1 11Ieboot6.exe1 00115IEClean by Kevin McAleavy - cookie manager, cache cleaner, history cleaner, etc. Performs cleaning tasks at startup35http://www.nsclean.com/ieclean.html0
2 7iecheck1 11iecheck.exe1 00181Integrity checker for IconEdit2 icon editor. It serves for IconEdit2 internal tasks only and can be safely deleted from the system if you are running the latest version of IconEdit225http://www.iconedit2.com/0
1 5iedll1 9iedll.exe1 00 51Homepage hijacker, redirecting to coolwwwsearch.com 01
3 9IE Doctor1 12IEDoctor.exe1 00241IE Doctor Toolbar - "IE Doctor can help you to Repair IE easily, protect IE and OE from all malicious changes. It can Repair the HomePage, context menu, IE toolbar button, startup items, Favorites, typed URLs and the entire Internet Options" 01
1 8IEDriver1 12IEDriver.exe1 00 93Installed as part of adware (Cydoor) based peer-to-peer file sharing software called URLBlaze 01
116Config Loadation1 14iEEexplore.exe1 00 28Added by the SDBOT.H TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.h.html0
126Microsoft IE Execute shell1 10IEExec.exe1 00 30Added by the ALADINZ.N TROJAN!83http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.aladinz.n.html0
110IEFeatures1 14IEFeatures.exe1 00 63Added by the POPMON.A TROJAN! - also known as PopMonster adware77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_POPMON.A0
2 5ietsr1 9ietsr.exe1 00 79IEClean by Kevin McAleavy - cookie manager, cache cleaner, history cleaner, etc35http://www.nsclean.com/ieclean.html0
1 7iestart1 13iexp1orer.exe1 00 28Added by the NEMOG.C TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.nemog.c.html0
119Default web browser1 12IexpIore.exe1 00204Added by the OBLIVION.B TROJAN! Note - do not confuse "IexpIore.exe" with "iexplore.exe" (Internet Explorer), the first has a captial "i" in place of lower case "L"59http://www.sophos.com/virusinfo/analyses/trojoblivionb.html0
120Configuration Loader1 12IEXPL0RE.EXE1 00 39Added by the LOADCFG or SDBOT TROJANS!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_LOADCFG.A0
1 9IEXPL0RER1 13IEXPL0RER.EXE1 00 77Added by the W32/Agobot-QL WORM! File is found in the Windows system folder.57http://www.sophos.com/virusinfo/analyses/w32agobotql.html0
1 9Antivirus1 13iexpl0res.exe1 00 40Added by an unidentified WORM or TROJAN! 01
1 2[]1 13iexpl0res.exe1 00 40Added by an unidentified WORM or TROJAN! 01
113winsockdriver1 11IEXPLOR.EXE1 00 95Added by the W32/WarPigs-C WORM/IRC backdoor TROJAN! It is found in the Windows system folder.57http://www.sophos.com/virusinfo/analyses/w32warpigsc.html0
1 8mssysint1 13Iexplore .exe2 00202Added by the PWSTEAL.ABCHLP and PSPIDER.310.B TROJANS! Note - this is not the legitimate Internet Explorer (iexplore.exe) process, which should not appear in Msconfig/Startup unless you add it manually!62http://www.symantec.com/avcenter/venc/data/pwsteal.abchlp.html0
121$WindowsRegKey%update1 12IEXPLORE.EXE1 00174Added by the RBOT-EZ WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) process, which should not appear in Msconfig/Startup unless you add it manually!55http://www.sophos.com/virusinfo/analyses/w32rbotez.html0
116Explorer Updater1 12IEXPLORE.exe1 00175Added by the SDBOT-WO WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) process, which should not appear in Msconfig/Startup unless you add it manually!56http://www.sophos.com/virusinfo/analyses/w32sdbotwo.html0
1 8Iexplore1 12iexplore.exe1 00174Added by the BOXER TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe) process, which should not appear in Msconfig/Startup unless you add it manually!73http://securityresponse.symantec.com/avcenter/venc/data/trojan.boxer.html0
1 8IEXPLORE1 12iexplore.exe1 00178Added by the APHEXDOOR TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe) process, which should not appear in Msconfig/Startup unless you add it manually!79http://securityresponse.symantec.com/avcenter/venc/data/backdoor.aphexdoor.html0
117Iexplore Services1 12iexplore.exe1 00195Added by an unidentified VIRUS, WORM or TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe) process, which should not appear in Msconfig/Startup unless you add it manually!72http://www.liutilities.com/products/wintaskspro/processlibrary/iexplore/0
117Internet Explorer1 12IEXPLORE.EXE1 00174Added by the RBOT-EY WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) process, which should not appear in Msconfig/Startup unless you add it manually!55http://www.sophos.com/virusinfo/analyses/w32rbotey.html0
113Java Runtimes1 12iexplore.exe1 00177Added by the KILLAV.B TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe) process, which should not appear in Msconfig/Startup unless you add it manually!76http://securityresponse.symantec.com/avcenter/venc/data/trojan.killav.b.html0
112Microsoft IE1 12Iexplore.exe1 00176Added by the FORBOT-AG WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) process, which should not appear in Msconfig/Startup unless you add it manually!57http://www.sophos.com/virusinfo/analyses/w32forbotag.html0
127Microsoft Internet Explorer1 12iexplore.exe1 00166Downloader trojan. Note - this is not the legitimate Internet Explorer (iexplore.exe) process, which should not appear in Msconfig/Startup unless you add it manually!72http://www.liutilities.com/products/wintaskspro/processlibrary/iexplore/0
1 9OPTIMIZER1 12iexplore.exe1 00176Added by the EVIVINC TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe) process, which should not appear in Msconfig/Startup unless you add it manually!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.evivinc.html0
118Program in Windows1 12iexplore.exe1 00187Added by a variant of the LOVGATE WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) process, which should not appear in Msconfig/Startup unless you add it manually!80http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.lovgate@mm.html0
1 5slide1 12Iexplore.exe1 00176Added by the GASLIDE TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe) process, which should not appear in Msconfig/Startup unless you add it manually!75http://securityresponse.symantec.com/avcenter/venc/data/trojan.gaslide.html0
120System Configuration1 12iexplore.exe1 00176Added by the RANDEX.AD WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) process, which should not appear in Msconfig/Startup unless you add it manually!75http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.a.d.html0
131Internet Explorer Configuration1 12Iexplore.exe1 00121Added by the http://www.sophos.com/virusinfo/analyses/w32sdbotgib.html Backdoor/Worm! Found in the Windows system folder13W32/Sdbot-GIB0
110IELoader321 14iexplore32.exe1 00 36Added by the SPEX or SPEX.B WORMS!74http://securityresponse.symantec.com/avcenter/venc/data/w32.spex.worm.html0
116iexplorer lptt011 13iexplorer.exe1 00190Variant of the RapidBlaster parasite (in an "iexplorer" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here49http://www.doxdesk.com/parasite/RapidBlaster.html0
116iexplorer ml097e1 13iexplorer.exe1 00190Variant of the RapidBlaster parasite (in an "iexplorer" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here49http://www.doxdesk.com/parasite/RapidBlaster.html0
117Internet Explorer1 13iexplorer.exe1 00165Added by the LORSIS WORM! Note - the legitimate IE (iexplore.exe) does not figure in Msconfig/Startup unless added manually and this loads from the "RunServices" key76http://securityresponse.symantec.com/avcenter/venc/data/w32.lorsis.worm.html0
125Internet Explorer Updater1 13iexplorer.exe1 00 93Added by the REUR.B WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe)76http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.reur.b.html0
1 6irwftp1 13iexplorer.exe1 00 30Added by the BANKER-AN TROJAN!58http://www.sophos.com/virusinfo/analyses/trojbankeran.html0
127Microsoft Associates, Inc.1 13iexplorer.exe1 00 39Added by a variant of the LOVGATE WORM!80http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.lovgate@mm.html0
126Microsoft Associates, Inc.1 13iexplorer.exe1 00 39Added by a variant of the LOVGATE WORM!80http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.lovgate@mm.html0
114Microsoft Inc.1 13iexplorer.exe1 00 39Added by a variant of the LOVGATE WORM!80http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.lovgate@mm.html0
1 8syscheck1 13iexplorer.exe1 00 29Added by the AGENT.DM TROJAN! 01
1 9sysconfig1 13iexplorer.exe1 00 25Added by the CULT.C WORM!66http://www.symantec.com/avcenter/venc/data/w32.hllw.cult.c@mm.html0
1 9sysconfig1 13iexplorer.exe1 00 25Added by the CULT.H WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.cult.h@mm.html0
128Windows Backup Configuration1 13IEXPLORER.exe1 00 28Added by the GAOBOT.AZ WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.az.html0
1 6WinVNC1 13iexplorer.exe1 00 27Added by the EVIVINC VIRUS!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.evivinc.html0
1 9IExplorer1 13IExplorer.EXE1 00126Troj/Bancos-BC is a password stealing infection that targets users of Brazlilian banks. Found in the Program Files directory.58http://www.sophos.com/virusinfo/analyses/trojbancosbc.html0
1 4Name1 14Iexplorer0.exe1 00 30Added by the THREADSYS TROJAN!79http://securityresponse.symantec.com/avcenter/venc/data/backdoor.threadsys.html0
114Windows Update1 14iexplorere.exe1 00 28Added by the GAOBOT.AP WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.ap.html0
116MSStartOptimizer1 11Iexpres.exe1 00 28Added by the POLDO.B TROJAN!75http://securityresponse.symantec.com/avcenter/venc/data/trojan.poldo.b.html0
312IFSplash.exe1 12IFSplash.exe1 00 48I-FORCE driver for force feedback steering wheel 01
2 8igfxtray1 12igfxtray.exe1 00217Quick access to the control panel via a System Tray icon for graphics based upon the Intel chipsets (ie, i810). These chipsets are often included on motherboards. Available via Start -> Settings -> Control Panel 01
228Intel« Common User Interface1 12igfxtray.exe1 00209Quick access to the control panel via a System Tray icon for graphics based upon the Intel chipsets (ie, i810). These chipsets are often included on motherboards. Available via Start - Settings - Control Panel 01
1 4WUPD1 12iglmtray.exe1 00 23Added by the TZET WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.tzet.worm.html0
122Microsoft Internet Exp1 14iiexplorer.exe1 00 26Added by the RBOT-KX WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotkx.html0
1 4iilc1 8IILC.EXE1 00 17Homepage hijacker 01
118Intel system works1 7iis.exe1 00 27Added by the RBOT.QGA WORM!90http://ae.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_RBOT.QGA0
413IJ75P2PSERVER1 12IJ75P2PS.EXE1 00 77Printer utility which is required in order to make the printer work correctly 01
414IKE Service 951 14IKEService.exe1 00 77disabled, but without IKESERVICE you won't be able to de- or encrypt anything 01
3 9iKeyWorks1 12IKEYMAIN.EXE1 00 43A4Tech wireless keyboard driver and utility46http://www.a4tech.com/a4techenglish/index.html0
3 6iLyric1 10iLyric.exe1 00114iLyric plugin for Winamp media player. Allows you to retrieve the lyrics for your songs with the press of a button33http://www.ilyric.net/winamp.html0
414Image &Restore1 11IMAGE32.exe1 00156Part of McAfee Nuts & Bolts. Image/Restore can recover from drives that have been accidentally formatted or completely erased, if Image was recently run 01
3 8Imagefox1 12imagefox.exe1 00 99ImageFox 2.0 is an "add-on" graphics previewer for most Windows Open/Save As dialog boxes76http://www.acdsystems.com/English/Products/ImageFox/index.htm?LAN=EnglishX200
110Imagemgt321 14Imagemgt32.exe1 00 25Added by the GEMA TROJAN!72http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html0
2 7imekrig1 11imekrig.exe1 00138Part of MS Input Method Editor which is used to ease the input of Asian characters in MS Office (Chinese, Japanese and this one is Korean)73http://www.microsoft.com/windows/ie/downloads/recommended/ime/default.asp0
211IMEKRMIG6.11 12IMEKRMIG.EXE1 00138Part of MS Input Method Editor which is used to ease the input of Asian characters in MS Office (Chinese, Japanese and this one is Korean)73http://www.microsoft.com/windows/ie/downloads/recommended/ime/default.asp0
3 7ImgIcon1 11ImgIcon.exe1 00354Displays Iomega icons in Explorer/My Computer, ejects Zip disks on shutdown and displays a special delete confirmation box when deleting files on an Iomega drive. Available via Start - Programs. If you disable it remember to eject disks first before powering the drive down - hence the "U" recommendation. Note - FreeCell may not run with ImgIcon running 01
317Iomega Disk Icons1 11IMGICON.EXE1 00354Displays Iomega icons in Explorer/My Computer, ejects Zip disks on shutdown and displays a special delete confirmation box when deleting files on an Iomega drive. Available via Start - Programs. If you disable it remember to eject disks first before powering the drive down - hence the "U" recommendation. Note - FreeCell may not run with ImgIcon running 01
318Iomega Drive Icons1 11IMGICON.EXE1 00354Displays Iomega icons in Explorer/My Computer, ejects Zip disks on shutdown and displays a special delete confirmation box when deleting files on an Iomega drive. Available via Start - Programs. If you disable it remember to eject disks first before powering the drive down - hence the "U" recommendation. Note - FreeCell may not run with ImgIcon running 01
313ZipDisk Icons1 11IMGICON.EXE1 00354Displays Iomega icons in Explorer/My Computer, ejects Zip disks on shutdown and displays a special delete confirmation box when deleting files on an Iomega drive. Available via Start - Programs. If you disable it remember to eject disks first before powering the drive down - hence the "U" recommendation. Note - FreeCell may not run with ImgIcon running 01
2 8ImgStart1 12ImgStart.exe1 00 99Used by Iomega drives. Details of its purpose can be found here. Available via Start -> Programs57http://pw2.netcom.com/~deepone/zipjaz/ioware.html#startup0
222Iomega Startup Options1 12IMGSTART.EXE1 00 95Used by Iomega drives. Details of its purpose can be found here. Available via Start - Programs57http://pw2.netcom.com/~deepone/zipjaz/ioware.html#startup0
315Iomega ImIconXP1 12imiconxp.exe1 00228Iomega REV System Software - allows your Iomega REV drive to interact with the operating system via the Iomega REV UDF file system, and provides drag-and-drop file access, access and write protection, and formatting of the disks47http://www.iomega.com/software/revsystemsw.html0
2 7imjpmig1 11IMJPMIG.EXE1 00138Part of MS Input Method Editor which is used to ease the input of Asian characters in MS Office (Chinese, Korean and this one is Japanese)73http://www.microsoft.com/windows/ie/downloads/recommended/ime/default.asp0
210Imjpmig8.11 11IMJPMIG.EXE1 00138Part of MS Input Method Editor which is used to ease the input of Asian characters in MS Office (Chinese, Korean and this one is Japanese)73http://www.microsoft.com/windows/ie/downloads/recommended/ime/default.asp0
012immcheck.exe1 12immcheck.exe1 00 60Related to I-FORCE driver for force feedback steering wheel? 01
3 4IMOL1 11IMOLApp.exe1 00 37IncrediMail for Office Outlook Add-On53http://www.incredimail.com/english/help/sysadmin.html0
421Remote Update Monitor1 12imonitor.exe1 00190Sophos Antivirus Remote Update utility - provides an easy way for remote workers to keep up to date with their virus protection via a website or network connection provided by their employer35http://www.sophos.com/products/sav/0
320Intel Active Monitor1 12imontray.exe1 00226System tray monitoring of fans, temperature, voltage, etc for Intel motherboards. Only needed if you "overclock" or live in hot environment. Can also cause problems when running on a laptop if you change PCMCIA cards 01
2 8MSPY20021 12ImScInst.exe1 00108Part of Microsoft's Input Message Editor (IME) for translating Japanese/Chinese text in IE, Outlook and Word 01
215iM Start Center1 11iM_Tray.exe1 00199Installed with the Sound Blaster Audigy range of soundcards. A radio tuner installed if the user chooses during installation. Available via Start -> Programs -> iM Networks -> iM Radio Tuner 01
2 4InCD1 8incd.exe1 00187Ahead InCD packet writing software. Similar to DirectCD. On my system there isn't an entry, on another visitor's there is. Run manually before insert an appropriately formatted CD-RW disk20http://www.nero.com/0
2 7IncMail1 11IncMail.exe1 00240"IncrediMail is an advanced, feature-rich email program that offers you an unprecedented interactive experience. Unique multimedia features will enable you to tailor your email experience so that it fits your mood and personality"45http://www.incredimail.com/english/index.html0
211Incredimail1 15incredimail.exe1 00240"IncrediMail is an advanced, feature-rich email program that offers you an unprecedented interactive experience. Unique multimedia features will enable you to tailor your email experience so that it fits your mood and personality"45http://www.incredimail.com/english/index.html0
211IndexSearch1 15IndexSearch.exe1 00 56Associated with PaperPort scanner software from ScanSoft 01
3 9inetcntrl1 13inetcntrl.exe1 00 30Bsafe Online - internet filter 01
0 8InetConf1 12inetconf.exe1 00 2?? 01
3 5Inetd1 11INETD32.EXE1 00262Windows Inet Daemon from Hummingbird Communications. "Hummingbird Inetd has the advanced ability to conserve PC resources by listening for connection requests and launching server daemons". Provides PCs with the full functionality of a UNIX workstation55http://www.hummingbird.com/products/nc/inetd/index.html0
113Inet DataBase1 11Inetdbs.exe1 00 23Added by the QEDS WORM!72http://securityresponse.symantec.com/avcenter/venc/data/w32.qeds@mm.html0
114Windows Update1 11inetinf.exe1 00 45Added by a variant of the AGOBOT/GAOBOT WORM!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN0
312inetinfo.exe1 12inetinfo.exe1 00240Executable used by MS Internet Information Server (IIS). If it's running, then so is IIS. Useful in knowing whether you require the patch for the Code Red worm. Comes with PWS (Personal Web Server) or NT4 and handles ASP-, PHP code (+ more) 01
124Microsoft System Checkup1 11inetman.exe1 00 25Added by the DONK.O WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.donk.o.html0
1 7inetmgr1 11inetmgr.exe1 00 51Actual Names (AdvSearch) Internet Keywords parasite52http://www.pestpatrol.com/pestinfo/a/actualnames.asp0
221Compaq Internet Setup1 14inetwizard.exe1 00 89For Compaq PC's. Runs Compaq internet setup wizard and offers you to signup from ISP list 01
1 7Info32x1 11Info32x.exe1 00 25Added by the GEMA TROJAN!72http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html0
012Infoplay.exe1 12Infoplay.exe1 00199Written by New Media Properties, LLC and you're asked if you want to download and install it if you visit one of their search engine websites (which I chose not to). What does it do and is it needed? 7#FF00000
3 7Infuzer1 11Infuzer.exe1 00386Infuzer - "is a service that copies dates from the web or an email straight to your electronic calendar". Beware of the following adware trait - "Infuzer provides web site owners with a unique opportunity to communicate with their visitors in a way that is useful and relevant to them, as well as increasing return visits and brand awareness, and providing new e-commerce opportunities"36http://www.infuzer.com/IDC/features/0
010ScanInicio1 10Inicio.exe1 00279Part of Panda Anti-Virus. Responsible for scanning the boot sector of your disk and your memory at startup to check for viruses that try and load and act before your anti-virus is fully operational. It only adds a fraction of a second to start-up time and is worth leaving active29http://www.pandasoftware.com/0
111Win_Library1 10INISvc.exe1 00 25Added by the ANARCH WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.anarch@mm.html0
110[not used]1 10inject.exe1 00225Added by Troj/Small-EH it also installs RSHELL32.DLL, both are hidden in the Windows system folder. Once run, .DLL may modify a system component to penetrate a firewall and provide a new remote shell which can be exploited.57http://www.sophos.com/virusinfo/analyses/trojsmalleh.html0
211Ink Monitor1 14InkMonitor.exe1 00140Associated with Epson (and maybe other) printers. Tells you when the ink's running low and asks if you want to buy another cartridge on-line 01
2 8InkWatch1 12InkWatch.exe1 00140Associated with Canon (and maybe other) printers. Tells you when the ink's running low and asks if you want to buy another cartridge on-line 01
4 6InoRPC1 10InoRpc.exe1 00 44Associated with eTrust Antivirus/InoculateIT96http://www1.my-etrust.com/?CFID=6909348&CFTOKEN=43ce20d-0001f1aa-f6e5-1d77-be1e-2f0eac14303f0
4 5InoRT1 11InoRT9x.exe1 00196Associated with the Realtime Monitor of eTrust Antivirus/InoculateIT version 6 virus scanners from Computer Associates. For NT/2K/XP users you may need a patch if seeing high CPU useage - see here96http://www1.my-etrust.com/?CFID=6909348&CFTOKEN=43ce20d-0001f1aa-f6e5-1d77-be1e-2f0eac14303f0
3 7InoTask1 11InoTask.exe1 00278Scheduled scans and signature updates for eTrust Antivirus/InoculateIT version 6 virus scanners from Computer Associates. Leave enabled unless you manually update signatures or perform routine scans. If enabled it can result in high CPU useage when performing updates - see here96http://www1.my-etrust.com/?CFID=6909348&CFTOKEN=43ce20d-0001f1aa-f6e5-1d77-be1e-2f0eac14303f0
0 7insCOA51 11insCOA5.exe1 00 2?? 01
218Nielsen NetRatings1 11insight.exe1 00251Nielsen NetRatings - "Provides real-time research and analysis about Internet users, delivering the timely, actionable data you need to make critical business decisions on your competition, your Web siteÆs audience and your customers".53http://www.nielsen-netratings.com/mktg.jsp?section=ps0
218InstallAurealDemos1 21InstallAurealDemos.js1 00 60Used to initialize the Aureal A3D demos InstallShield wizard 01
312InstantDrive1 16InstantDrive.exe1 00140Pinnacle Systems (ex VOB) InstantDrive - creates a virtual CD-ROM drive on the computerÆs hard drive. Part of InstantCD/DVD burning software26http://www.pinnaclesys.com0
3 5VOBID1 16InstantDrive.exe1 00140Pinnacle Systems (ex VOB) InstantDrive - creates a virtual CD-ROM drive on the computerÆs hard drive. Part of InstantCD/DVD burning software26http://www.pinnaclesys.com0
111Hyper Start1 16instantmsgrs.exe1 00 26Added by the RBOT-NH WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotnh.html0
111Windows Fix1 13integator.exe1 00 28Added by the SDBOT.ZAB WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.ZAB0
3 8IntelMEM1 12IntelMEM.exe1 00321Related to connection events on an Intel chipset based modem. It can alert you if the telephone line is being used when you're trying to get online (when you're using dial-up). It can also alert you if your modem line is disconnected. Furthermore, it can alert you if you have made a wrong connection with your modem line 01
328Intel Product Number Utility1 23IntelProcNumUtility.exe1 00284Intel Processor Serial Number Control Utility allows you to enable and disable the processor serial number capability of an Intel PIII processor. You can find more information here. System Tray icon providing the user with a visual state indication. You can find more information here58http://www.intel.com/support/processors/pentiumiii/psu.htm0
1 8Interdll1 12Interdll.exe1 00 36Added by the DELF family of TROJANS!81http://securityresponse.symantec.com/avcenter/venc/data/backdoor.delf.family.html0
1 6CnsMax1 12Internat.exe1 00192Added by the POINTEX TROJAN! Note - the real internat.exe resides in %windir%\system (where %windir% is the Windows directory - C:\Windows or C:\Winnt) whereas this version resides in %windir%64http://www.symantec.com/avcenter/venc/data/backdoor.pointex.html0
1 8internat1 12internat.exe1 00192Added by the LYDRA-F TROJAN! Note - the real internat.exe resides in %windir%\system (where %windir% is the Windows directory - C:\Windows or C:\Winnt) whereas this version resides in %windir%56http://www.sophos.com/virusinfo/analyses/trojlydraf.html0
212internat.exe1 12internat.exe1 00 38Language selection icon in system tray 01
112Internat.exe1 12internat.exe1 00240Added by the NETSNAKE TROJAN! Note - the real internat.exe resides in %windir%\system (where %windir% is the Windows directory - C:\Windows or C:\Winnt) and has a "?" icon wheras this version resides in %windir% and has a ZIP icon77http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.netsnake.html0
123Windows Taskbar Manager1 12internat.exe1 00 30Added by the PROTORIDE-H WORM!59http://www.sophos.com/virusinfo/analyses/w32protorideh.html0
112blah service1 12internet.exe1 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
112Internet.exe1 12Internet.exe1 00 29Added by the MAGICCALL VIRUS!74http://securityresponse.symantec.com/avcenter/venc/data/w32.magiccall.html0
121NetworkAssociates Inc1 12internet.exe1 00 26Added by the LOVGATE WORM!80http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.lovgate@mm.html0
324True Internet Color Icon1 17internetcolor.exe1 00270Part of Colorific & 3Deep from LightSurf Technologies (nee E-Color). "With True Internet Color PCs can display the best color possible over the web. Enabled web sites will know how connected monitors display color and will send them color corrected images"34http://www.colorific.com/index.htm0
110IEFeatures1 20Internetfeatures.exe1 00 63Added by the POPMON.A TROJAN! - also known as PopMonster adware77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_POPMON.A0
1 9MSVersion1 20INTERNETFEATURES.exe1 00 63Added by the POPMON.A TROJAN! - also known as PopMonster adware77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_POPMON.A0
1 7Internt1 11Internt.exe1 00 41Added by the PEEPER or CARUFAX.A TROJANS!76http://securityresponse.symantec.com/avcenter/venc/data/backdoor.peeper.html0
116Internet Service1 12intersvc.exe1 00 28Added by the SPYBOT-DE WORM!57http://www.sophos.com/virusinfo/analyses/w32spybotde.html0
3 9InterWARN1 13interwarn.exe1 00254InterWARN by Storm Alert Inc. Provides customized, automated access to critical weather and civil emergency information from the US National Weather Service. Required if audio and screen crawler alerts are desired. Also available via Start -> Programs39http://www.interwarn.com/interwarn.html0
1 6Intmgr1 10Intmgr.exe1 00 25Added by the GEMA TROJAN!72http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html0
1 7intnets1 11intnets.exe1 00 81Added by the Adware.Adtest browser hijacker. Found in the Windows system folder.57http://www.sarc.com/avcenter/venc/data/adware.adtest.html0
1 7Gremlin1 12intrenat.exe1 00 28Added by the DOOMJUICE WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.doomjuice.html0
1 8Intrenat1 12Intrenat.exe1 00 28Added by the LEMIR.E TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.lemir.e.html0
139Generic Host Process for Win32 Services1 11intspvc.exe1 00 27Added by the DINFOR.D WORM!78http://securityresponse.symantec.com/avcenter/venc/data/w32.dinfor.d.worm.html0
311Iomon98.exe1 11Iomon98.exe1 00 74PC-Cillin 98 real time virus check. Can cause floppy disk accesses to hang 01
212Iomega Watch1 11IOWATCH.EXE1 00 53Used by Iomega drives. Available via Start - Programs 01
311iProtectYou1 6ip.exe1 00 81iProtectYou - internet filtering/parental control and network monitoring software39http://www.softforyou.com/ip-index.html0
1 2IP1 6IP.EXE1 00 31Added by a WORM, W32/Agobot-QO.57http://www.sophos.com/virusinfo/analyses/w32agobotqo.html0
1 9ipcfg.exe1 9ipcfg.exe1 00 79Adware - recognized by McAfee antivirus as a variant of the AdClicker-BM trojan54http://vil.mcafeesecurity.com/vil/content/v_130215.htm0
115IPInSightLAN 011 12ipclient.exe1 00249Installed with Verizon DSL accounts. IP Insight is a Quality of Service monitor and diagnostic tool that isn't required - see here for more information. This one constantly "phones home" and wastes resource - hence the "X" status34http://www.dslreports.com/faq/12470
1 6IpCtrl1 11ipcon32.exe1 00 47Added by an unidentified VIRUS, WORM or TROJAN! 01
3 5wfips1 11iphider.exe1 00249ICQ (messaging/chat program) anti-bomb software. "WFIPS is anti-bomb software for safeguarding ICQ Bomb before the bombing. 'ICQ Defoolder' is a tool for removing ICQ bomb after being exposed." For more information about ICQ bombs see here39http://www.yammie.cc/ibinfo/ibinfo8.asp0
1 9ipmon.exe1 9ipmon.exe1 00 37Added by the RECERV or R3C.B TROJANS!63http://www.symantec.com/avcenter/venc/data/backdoor.recerv.html0
219IPInSightMonitor 011 11ipmon32.exe1 00151Installed with Verizon DSL accounts. IP Insight is a Quality of Service monitor and diagnostic tool that isn't required - see here for more information34http://www.dslreports.com/faq/12470
311iPodManager1 15iPodManager.exe1 00135Apple iPod Management software for the iPod MP3 player. Allows updating, formating, restoring and other functions associated with iPods 01
212iPod Service1 15iPodService.exe1 00107This service is used by Itunes for using your Ipod. If you do not use Itunes you can disable this service. 01
011iPodWatcher1 15iPodWatcher.exe1 00 76Associated with Apple's iPod MP3 player. Detects when the iPod is connected? 01
324Cisco Systems VPN Client1 15ipsecdialer.exe1 00 89Cisco VPN Client - lets local users gain Administrator privileges on the operating system54http://www.cisco.com/en/US/products/sw/secursw/ps2308/0
4 8IPSecMon1 12IPSecMon.exe1 00177Microsoft L2TP/IPSec VPN Client for Win98/Me/NT. Secure technology for making remote access virtual private network (VPN) connections across public networks such as the Internet84http://www.microsoft.com/windows2000/server/evaluation/news/bulletins/l2tpclient.asp0
1 8IP Stack1 11ipstack.exe1 00 28Added by the AGOBOT.CW WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.CW0
128Randex virus built for IRBMe1 9irbme.exe1 00 28Added by the RANDEX.RH WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.rh.html0
4 6IREIKE1 10IreIKE.exe1 00177Microsoft L2TP/IPSec VPN Client for Win98/Me/NT. Secure technology for making remote access virtual private network (VPN) connections across public networks such as the Internet84http://www.microsoft.com/windows2000/server/evaluation/news/bulletins/l2tpclient.asp0
317Infra-red Monitor1 9IRMON.EXE1 00 86System Tray access to infra-red devices. Not required unless you use infra-red devices 01
3 5IrMon1 9IRMON.EXE1 00 86System Tray access to infra-red devices. Not required unless you use infra-red devices 01
111ssgrate.exe1 8irun.exe1 00 33Added by the MITGLIEDER.D TROJAN!80http://securityresponse.symantec.com/avcenter/venc/data/trojan.mitglieder.d.html0
1 9ssate.exe1 9irun4.exe1 00 27Added by the BEAGLE.J WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.j@mm.html0
111ssgrate.exe1 9irun4.exe1 00 33Added by the MITGLIEDER.F TROJAN!80http://securityresponse.symantec.com/avcenter/venc/data/trojan.mitglieder.f.html0
1 6ir_ftp1 10irwftp.exe1 00 29Added by the BANCOS.H TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.bancos.h.html0
3 6IrXfer1 10IrXfer.exe1 00 39Microsoft Infrared Transfer application 01
1 6ir_ftp1 10ir_ftp.exe1 00 26Added by the IRFTP TROJAN!74http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.irftp.html0
311Info Select1 6is.exe1 00 59Info Select from Micro Logic - personal information manager32http://www.miclog.com/isover.htm0
116Microsoft Update1 8Isac.exe1 00 26Added by the RBOT-AU WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotau.html0
4 7CAISafe1 9isafe.exe1 00 46Part of Computer Associates eTrus EZ Antivirus49http://www1.my-etrust.com/products/Antivirus.cfm?0
1 9GLSetIT321 9isass.exe1 00 43Added by a variant of the OPTIX PRO TROJAN!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?ID=394820
1 5Isass1 9Isass.exe1 00 26Added by the FUTRO TROJAN!62http://www.symantec.com/avcenter/venc/data/backdoor.futro.html0
1 4Anti1 9ISASS.EXE1 00 31Added by the W32/Bropia-M worm. 01
424MICROSOFT FIREWALLCLIENT1 11ISATRAY.EXE1 00 49MS Internet Security and Acceleration Server 2000 01
2 6isdbdc1 10isdbdc.exe1 00 91For Compaq PC's. May install properties in dial-up networking when you register with an ISP 01
110SystemInit1 10iservc.exe1 00 25Added by the FIZZER WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.fizzer@mm.html0
2 8ISLP2STA1 12ISLP2STA.EXE1 00102Possibly a left over from Windows Update for wireless NIC (maybe Linksys) drivers? Not required though 01
313ServiceConfig1 10ispbeg.exe1 00229Comcast Transition Wizard. On June 30th, 2003 it will migrate E-mail and web pages from AT&T Broadband Internet to Comcast High-Speed Internet. Until then it will run at startup and then terminate - hence the U recommendation 01
1 7Israfel1 11Israfel.vbs1 00 40Added by the GAGGLE.D or GAGGLE.E WORMS!73http://securityresponse.symantec.com/avcenter/venc/data/vbs.gaggle.d.html0
213ISUSScheduler1 9issch.exe1 00162InstallShield Update Service Scheduler. Automatically searches for and performs any updates to the software so youÆre always working with the most current version 01
3 7ISStart1 11ISStart.exe1 00357LogitechGalleryRepair/LogitechVideoRepair - part of Logitech Image Studio - installed with Logitech QuickCam cameras. Required from version 8.11 onwards if you use the software to take pictures and capture videos, not if you don't. Also not required for versions up to and including 7.30 and after version 8.30 - hence the "U" rather than "Y" recommendation 01
321LogitechGalleryRepair1 11ISStart.exe1 00357LogitechGalleryRepair/LogitechVideoRepair - part of Logitech Image Studio - installed with Logitech QuickCam cameras. Required from version 8.11 onwards if you use the software to take pictures and capture videos, not if you don't. Also not required for versions up to and including 7.30 and after version 8.30 - hence the "U" rather than "Y" recommendation 01
319LogitechVideoRepair1 11ISStart.exe1 00357LogitechGalleryRepair/LogitechVideoRepair - part of Logitech Image Studio - installed with Logitech QuickCam cameras. Required from version 8.11 onwards if you use the software to take pictures and capture videos, not if you don't. Also not required for versions up to and including 7.30 and after version 8.30 - hence the "U" rather than "Y" recommendation 01
214ISUSPM Startup1 10ISUSPM.exe1 00162InstallShield Update Service Scheduler. Automatically searches for and performs any updates to the software so youÆre always working with the most current version 01
213DigitalWizard1 12ISWizard.exe1 00131InstallShield's DigitalWizard - free, complete Digital Content Management Solution that makes it easy to experience digital content 01
3 3Itk1 7Itk.exe1 00151In The Know - surveillance software that creates records of everything people do on a computer, ie, spying or monitoring depending upon how you call it32http://www.itksoft.com/index.asp0
316Praize Messenger1 10itLoad.exe1 00 92a target="_blank" href="http://www.praize.com/IM/"Praize IM Christian chat instant messenger 01
3 6iTouch1 10iTouch.exe1 00318iTouch loads the iTouch configuration program for Logitech keyboards. ItÆs needed if your keyboard has shortcut buttons and if you use them. ItÆs also needed if your keyboard does not have the num lock, caps lock, and scroll lock lights on it and you use the on-screen displays for num lock, caps lock, and scroll lock 01
317zBrowser Launcher1 10iTouch.exe1 00193For a Logitech internet keyboard - loads the software for the shortcut keys on the keyboard. Also used to display your keyboard LEDs on-screen to indicate Caps Lock, etc if it doesn't have them 01
218ItsDeductiblePopUp1 17ItsDeductible.exe1 00225ItsDeductible from Income Dynamics. Calculates your noncash donations quickly and easily. This startup entry checks a registry entry for the next 'PopUp' date and if it is a past or current date displays a program related tip30http://www.itsdeductible2.com/0
413iTunes Helper1 16iTunesHelper.exe1 00219Installed with Apple's iTunes for Windows. Uses ~3-4MB of memory and if disabled in MSCONFIG or deleted from the registry it will re-instate itself after running iTunes a few times - hence the reluctant Y recommendation 01
222InterTrust Quick Start1 12it_cpq~1.exe1 00135InterTrust offers something known as Digital Rights Management to control legal software download and other E-commerce related business36http://www.intertrust.com/index.html0
119Internet Washer Pro1 6iw.exe1 00155Internet Washer manages temporary browser files, cookies, etc - a 'trial' Internet Washer Pro seems to have been widely stealth-installed around March 200330http://www.internetwasher.com/0
117InternetWasherPro1 6iw.exe1 00155Internet Washer manages temporary browser files, cookies, etc - a 'trial' Internet Washer Pro seems to have been widely stealth-installed around March 200330http://www.internetwasher.com/0
213eWare Startup1 14iWareStart.exe1 00 34eWare iWare task bar. Not required36http://www.eware.com/about/index.asp0
3 9ISDNwatch1 10IWatch.exe1 00263FRITZ!X ISDNWatch - "dialing filter for more security and control on the ISDN PC. The PC is doubly protected against dialer programs and premium-service numbers: ISDNWatch allows the user to block calls to and from both individual numbers and whole number blocks"63http://www.avm.de/en/press/announcements/2003/2003_05_19_1.php30
216IW ControlCenter1 10iwctrl.exe1 00269Pinnacle Systems InstantWrite enables you to use your CD-R, CD-RW and DVD-RAM drive just like a hard disk or floppy disk. You can drag and drop files, create new directories right on your CD-R, CD-RW or DVD-RAM. Maybe required if you use this feature on a regular basis27http://www.pinnaclesys.com/0
3 6iwctrl1 10iwctrl.exe1 00269Pinnacle Systems InstantWrite enables you to use your CD-R, CD-RW and DVD-RAM drive just like a hard disk or floppy disk. You can drag and drop files, create new directories right on your CD-R, CD-RW or DVD-RAM. Maybe required if you use this feature on a regular basis27http://www.pinnaclesys.com/0
214Camio Viewer x1 12IXApplet.exe1 00158Image viewing program that comes with digital cameras. Shows pictures that are in the camera before downloading them. "x" in the name is the version 01
114scvhost loader1 11ixplore.exe1 00 29Added by the SDBOT-CY TROJAN!57http://www.sophos.com/virusinfo/analyses/trojsdbotcy.html0
215CorelCENTRAL 101 13I_26dadCC.exe1 00135CorelCENTRAL 10 - personal information manager (PIM). Supplied as part of Corel WordPerfect Office 2002. Available via Start - Programs112http://www3.corel.com/cgi-bin/gx.cgi/AppLogic+FTContentServer?pagename=Corel/Product/Feature&fid=CC1ZX1WPOP40
3 6Jammer1 10jammer.exe1 00223Jammer by Agnitum - "Jammer is the last word in Internet security. It combines a user-friendly interface with very sophisticated and powerful security measures that protect your Windows system while you are surfing the web"39http://www.agnitum.com/products/jammer/0
1 9Jammer2nd1 13Jammer2nd.exe1 00 27Added by the NETSKY.Z WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.z@mm.html0
118*JanisRuckenbrodII1 9janis.com1 00 23Added by the POPS WORM!69http://securityresponse.symantec.com/avcenter/venc/data/w32.pops.html0
1 6JavaVM1 8java.exe1 00249Added by the MYDOOM.M or MYDOOM.N WORMS! Note - not to be confused with the valid Windows "java.exe" which resides in C:\Windows\System (Win9x/Me), C:\Winnt\System32 (WinNT/2K) or C:\Windows\System32 (WinXP) as this resides in C:\Windows or C:\Winnt76http://securityresponse.symantec.com/avcenter/venc/data/w32.mydoom.m@mm.html0
1 8Etraffic1 11JavaRun.exe1 00 32Marketing software from TopMoxie24http://www.etraffic.com/0
1 8topmoxie1 11JavaRun.exe1 00 32Marketing software from TopMoxie24http://www.etraffic.com/0
2 8Swap Nut1 9javaw.exe1 00233SwapNut is a peer-to-peer file sharing and searching utility developed and marketed by File Metrics, Inc. Users can search for and find almost any type of digital file (audio, video, photos etc.) through a secure peer-to-peer network 01
1 6jawa321 10jawa32.exe1 00 27Added by the AGENT.BG WORM!71http://www.liutilities.com/products/wintaskspro/processlibrary/aqadcup/0
1 7Jawa3221 10jawa32.exe1 00 41Added by a variant of the AGENT.BG trojan70http://www.liutilities.com/products/wintaskspro/processlibrary/jawa32/0
1 7MSAdmin1 11jdbgmrg.exe1 00 86Added by the DASMIN.A TROJAN! Note - this is not the valid JDBGMGR.EXE file - see here77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_DASMIN.A0
1 9MSConfigr1 11jdbgmrg.exe1 00 86Added by the DASMIN.C TROJAN! Note - this is not the valid JDBGMGR.EXE file - see here77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_DASMIN.C0
2 2JB1 12Jiffybar.exe1 00 44"Get Paid As You surf" application 01
122msjava critical update1 11jjfixer.exe1 00 37Troj/Hector-A is a downloader Trojan.57http://www.sophos.com/virusinfo/analyses/trojhectora.html0
311Creata Mail1 10JMSrvr.exe1 00131Creata_Mail. Smileys, stationary and more for you email. Required if you want to access the program from Outlook or Outlook Express41http://www.bluemountain.com/mail/index.pd0
310JobHisInit1 14JobHisInit.exe1 00 73Used by Ricoh network printers to enable network printing from the client 01
3 9Jog Serve1 12JogServ2.exe1 00141"Jog Dial" on a Sony Vaio laptop. The dial can select various functions such as control audio. Needed if you use its features 01
3 8JogServ21 12JogServ2.exe1 00141"Jog Dial" on a Sony Vaio laptop. The dial can select various functions such as control audio. Needed if you use its features 01
211Game Device1 12JOYUPDRV.EXE1 00 40Genius game controller profile activator 01
431USB SECURITY DEVICE CoInstaller1 11JupitCo.exe1 00 91ButterflyMedia USB Flash drive related - required for the password security feature to work79http://www.butterflymedia.com/USBFlashDriveManual/ButterflyFlashDriveManual.htm0
2 7jusched1 11jusched.exe1 00150Checks with Sun's Java updates site to see if newer Java versions are available. Visit http://java.sun.com or just run the Java Plug-In Control Panel19http://java.sun.com0
218SunJavaUpdateSched1 11jusched.exe1 00150Checks with Sun's Java updates site to see if newer Java versions are available. Visit http://java.sun.com or just run the Java Plug-In Control Panel19http://java.sun.com0
1 5jutsu1 9jutsu.exe1 00 26Added by the RBOT-LS WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotls.html0
323Jv16pt Network Resident1 18jv16pt_network.exe1 00102jv16 PowerTools' network resident program. Only needed if you are using the program's network features46http://www.vtoy.fi/jv16/shtml/powertools.shtml0
0 5Jzi161 9jzi16.exe1 00 2?? 01
1 7JVM0.121 15Random Filename2 00129http://www.sophos.com/virusinfo/analyses/trojteadoora.html"Troj/Teadoor-A trojan. File is found in the Windows system directory. 01
1 7JVM0.121 17[random filename]2 00119Trojan downloaded with possible backdoor functionality. Found in the Windows system directory with a random file name. 01
114K2ps_full.task1 13K2ps_full.exe1 00 31Added by the JUNTADOR.K TROJAN!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_JUNTADOR.K0
2 9K6CPU.EXE1 9K6CPU.EXE1 00 44Authenticates CPU as K6 in system properties 01
1 3kak1 7kak.hta1 00 26Added by the KAKWORM WORM!63http://www.symantec.com/avcenter/venc/data/wscript.kakworm.html0
3 8Kalibump1 12Kalibump.exe1 00181Used with the now unsupported Kali software for on-line gaming. This is used to automatically bump up the priority of WinProxy to GREATLY improve game speed when using a SOCKS proxy20http://www.kali.net/0
111KasperskyAv1 13kaspersky.exe1 00 91Added by the MIMAIL.T WORM! Note - this has nothing to do with the real Kaspersky AntiVirus76http://securityresponse.symantec.com/avcenter/venc/data/w32.mimail.t@mm.html0
119Kaspersky Antivirus1 15KasperskyAV.exe1 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
114KasperskyAVEng1 18Kasperskyaveng.exe1 00 27Added by the NETSKY.V WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.v@mm.html0
413KAVPersonal501 7Kav.exe1 00 33Kaspersky Anti-Virus Personal 5.033http://www.kaspersky.com/personal0
2 5KAZAA1 9kazaa.exe1 00198KAZAA is a file-sharing program which unfortunately being ad-based includes "Cy-door" adware. Check here for information about "Cy-door" and here for a program that can remove it30http://www.cexx.org/cydoor.htm0
112Kazaa lptt011 9kazaa.exe1 00277Variant of the RapidBlaster parasite (in a "kazaa" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here. Note - this is not the valid KaZaA file sharing program which has the same executable name49http://www.doxdesk.com/parasite/RapidBlaster.html0
112Kazaa ml097e1 9kazaa.exe1 00277Variant of the RapidBlaster parasite (in a "kazaa" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here. Note - this is not the valid KaZaA file sharing program which has the same executable name49http://www.doxdesk.com/parasite/RapidBlaster.html0
2 9kazaalite1 13kazaalite.exe1 00174Kazaalite is a file sharing client - not to be confused with the original Kazaa program. Unlike the original, this one does not contain any advertising or tracking mechanisms44http://www.webattack.com/get/kazaalite.shtml0
2 6KaZooM1 10KaZooM.Exe1 00179KaZoom from Blue Haven Media - "add-on application that automatically speeds up the download process and finds the files you want with far more power than regular KaZaA searches"30http://www.bluehavenmedia.com/0
115InternalSystray1 9Kazza.exe1 00191Added by a variant of the OPTIX TROJAN! Note - unlike the valid KaZaA executable, this is located in C:\Windows\System (Win9x/Me), C:\Winnt\System32 (WinNT/2K), or C:\Windows\System32 (WinXP)64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?ID=161060
3 3KBD1 7KBD.EXE1 00 68Multimedia keyboard manager. Required if you use the multimedia keys 01
010FLMTRUSTKB1 12KbdAp32A.exe1 00 44Keyboard utility for a Trust brand keyboard. 01
1 8kbddrv321 12kbddrv32.exe1 00 30Added by the CRYPTER.A TROJAN!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A0
1 9kbddrvinf1 13kbddrvinf.exe1 00 30Added by the CRYPTER.A TROJAN!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A0
215TypingSatellite1 10KBOOST.exe1 00156Typing Master 2002 background utility that collects typing errors and builds up customised typing lessons for your needs. Available via Start -> Programs27http://www.typingmaster.com0
2 6KCeasy1 10KCeasy.exe1 00158KCeasy - a Windows peer-to-peer filesharing application which uses giFT as its 'back end' foundation. The networks currently supported are OpenFT and Gnutella24http://kceasy.com/about/0
3 5cpqek1 10kcpqek.exe1 00 61For Compaq PC's. Easy Access button support for the keyboard75http://h18000.www1.hp.com/support/techpubs/whitepapers/13W1-1200a-wwen.html0
114Microzoft_Ofiz1 13KdzEregli.exe1 00 25Added by the AMUS.A WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.amus.a@mm.html0
1 9Keenvalue1 13Keenvalue.exe1 00 28Keenvalue spyware - see here42http://www.infobeat.com/infobar/terms.html0
317Logitech SetPoint1 7KEM.exe1 00191Keyboard and mouse drivers and utilities for Logitech's latest products - supersedes iTouch and MouseWare on their older products. Required if you use special features such as multimedia keys 01
3 8KEMailKb1 12KEMailKb.EXE1 00168Controls the buttons at the top of the Micro Innovations 650i Internet Access Keyboard. If you disable it you cannot use the buttons - like volume control or shut down69http://www.mic-innovations.com/micro_inv/large_image_pages/kb650i.htm0
0 5Kemet1 9kemet.exe1 00 2?? 01
125Microsoft Update Emulator1 12kern-mxe.exe1 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 8kernel321 10kern32.exe1 00 29Added by the BADTRANS.A WORM!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_BADTRANS.A0
1 4Plob1 10kernel.com1 00 32Added by the OPTIXPRO.12 TROJAN!80http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_OPTIXPRO.120
1 8kernel321 10kernel.dli1 00 31Added by the NETDEVIL.B TROJAN!67http://www.symantec.com/avcenter/venc/data/backdoor.netdevil.b.html0
1 8Kernel321 10Kernel.dll1 00 28Added by the REDLOF.M VIRUS!49http://vil.mcafee.com/dispVirus.asp?virus_k=994760
1 6Win32G1 12Kernel32.com1 00 29Added by the ESTRELLA TROJAN!73http://securityresponse.symantec.com/avcenter/venc/data/w32.estrella.html0
1 8kernel321 12kernel32.dlI1 00 32Added by the NETDEVIL.15 TROJAN!81http://securityresponse.symantec.com/avcenter/venc/data/backdoor.netdevil.15.html0
1 8Kernel321 12Kernel32.exe1 00 48Added by a number of VIRUSES, WORMS and TROJANS! 01
114Windoes Kernel1 12kernel32.exe1 00 41Added by the KICKIN.A (or CYDOG.C) WORM!68http://www.symantec.com/avcenter/venc/data/w32.hllw.kickin.a@mm.html0
1 7Windows1 12Kernel32.exe1 00 28Added by the TENDOOLF WORM!78http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=WORM_TENDOOLF.A0
127Win32 Kernel core component1 12Kernel32.pif1 00 24Added by the MOKS VIRUS!69http://securityresponse.symantec.com/avcenter/venc/data/w32.moks.html0
1 8Kernel321 12Kernel32.win1 00 40Added by the GAGGLE.D or GAGGLE.E WORMS!73http://securityresponse.symantec.com/avcenter/venc/data/vbs.gaggle.d.html0
123Distributed File System1 15kernel32dll.exe1 00 38Added by the MYFIP-C or MYFIP.K WORMS!55http://www.sophos.com/virusinfo/analyses/w32myfipc.html0
136Distributed Link Tracking Extensions1 15kernel32dll.exe1 00106Added by the W32/Myfip-I WORM wirh a service display name of "Distributed Link Tracking Extensions", also.55http://www.sophos.com/virusinfo/analyses/w32myfipi.html0
1 8Kernel321 13kernel32s.exe1 00 29Added by the SDBOT-PU TROJAN!58http://www.sophos.com/virusinfo/analyses/trojbckdrcic.html0
1 9Kernell321 11Kernell.dll1 00 30Added by the DESTINY.A TROJAN!77http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=TROJ_DESTINY.A0
1 6System1 13kernels32.exe1 00 31Added by the DLOADER-FC TROJAN!59http://www.sophos.com/virusinfo/analyses/trojdloaderfc.html0
1 7Kernelw1 13Kernelw32.exe1 00 26Added by the INDOR.E WORM!67http://www.symantec.com/avcenter/venc/data/w32.hllw.indor.e@mm.html0
1 3Laz1 9Kernn.exe1 00 53Added by the Troj/Bancos-LN password stealing TROJAN!58http://www.sophos.com/virusinfo/analyses/trojbancosln.html0
4 9KeyAccess1 12keyacc32.exe1 00256KeyServer KeyAccess client software - "when the KeyServer program is launched, the KeyServer process becomes active so license requests from client computers can be serviced. Without KeyAccess, a keyed program cannot run, so license control is very secure" 01
1 9Keybdcntl1 13keybdcntl.exe1 00 43Added by a variant of the CRYPTER.C TROJAN!58http://www.sophos.com/virusinfo/analyses/trojcrypterc.html0
112NLS Keyboard1 12keyboard.exe1 00 38Added by a variant of the SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
319SiS Windows KeyHook1 11keyhook.exe1 00133SIS graphics cards related: "Super VGA Keyboard Daemon" - hooks into the keyboard processing chain in order to enable hotkey settings 01
112WinEssential1 11Keyhost.exe1 00 33Hijacker - hailing from jraun.com 01
1 3ABC1 13keylogger.exe1 00139Monitors keystrokes so you can check if someone has typed anything while your away from your PC. Reported as spyware by SpyCop in their FAQ32http://www.spycop.com/index.html0
312CherryKeyMan1 10KeyMan.exe1 00108Multimedia keyboard manager for the Cherry keyboard series. Only required if you use any of the special keys34http://www.cherrycorp.com/english/0
3 6keymap1 10keymap.exe1 00182System Tray utility and background task used by games produced by Kesmai (published by Interactive Magic) and which enables you to program keys to do specific actions during the game 01
124Microsoft System Checkup1 10Keymgr.exe1 00 25Added by the DONK.M WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.donk.m.html0
3 9KeyPatrol1 13KeyPatrol.exe1 00122KeyPatrol - detects Key Loggers ("keyboard loggers" or "keyloggers") using both behavioral and pattern-matching algorithms36http://www.pestpatrol.com/KeyPatrol/0
010ChromeMark1 9keysh.exe1 00 75Related to this. Don't know what keysh.exe does though and if it's required 7#FF00000
317Toshiba Key State1 12KEYSTATE.EXE1 00200Displays an icon in the System Tray indicating the state of the CAPS LOCK key. Can be handy on (e.g., Toshiba) laptops which do not have a Caps Lock indicator light. Available via Start -> Programs 01
2 8Key Text1 11KeyText.exe1 00113Key Text 2000 from MJMSoft Design - utility to automate repetitive keyboard tasks. Available via Start - Programs34http://www.mjmsoft.com/keytext.htm0
115Winsock2 driver1 13kgzgjkpcw.exe1 00 28Added by the SDBOT.T TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.t.html0
035Logitech Hardware Abstraction Layer1 12Khalmnpr.exe1 00253Logitech Bluetooth mouse Hardware Abstraction layer. A "hardware abstraction layer" is an interface that enables adding support for new devices and new ways of connecting devices to the computer, without modifying every application that uses the device. 01
2 7khooker1 11khooker.exe1 00156SiS Keyboard Daemon. System Tray utility which gets installed by the drivers of the latter day SiS VGA cards. Can cause errors at startup and isn't required 01
211SiS KHooker1 11khooker.exe1 00156SiS Keyboard Daemon. System Tray utility which gets installed by the drivers of the latter day SiS VGA cards. Can cause errors at startup and isn't required 01
2 3kdx1 9KHost.exe1 00344KonTiki Secure Delivery Plug In related. "The Kontiki Delivery Management System (DMS) is a secure delivery network for distribution of video, software, audio, documents, and other digital media. The Kontiki DMS enables enterprises to efficiently publish, secure, deliver and track digital media to employees, partners, and customers"95http://help.kontiki.com/enduser/group.jsp;jsessionid=445B8C402E10C9AFBC8E053A3BBC395C?node=18290
311KICKMON.EXE1 11KICKMON.EXE1 00162KeepItClean - utility that deletes safe to remove files, cookies, browsing history, etc. This is the scheduler - if you don't schedule clean-ups it isn't required 01
210Kinberlink1 14Kinberlink.exe1 00 60Kinberlink network messaging. Available via Start - Programs45http://www.kinberlin.com/kinberlink/index.asp0
1 8WinAC v41 12klsuicbn.exe1 00 28Added by the FORBOT-CS WORM!57http://www.sophos.com/virusinfo/analyses/w32forbotcs.html0
310KeyMaestro1 12kmaestro.exe1 00 68Multimedia keyboard manager. Required if you use the multimedia keys 01
311kmw_run.exe1 11kmw_run.exe1 00 97Kensington MouseWorks - mouse/trackball software. Not required unles you use any special features 01
312kmw_show.exe1 12kmw_show.exe1 00 97Kensington MouseWorks - mouse/trackball software. Not required unles you use any special features 01
1 6WinSrv1 8kn0x.exe1 00 27Added by the HOBBIT.F WORM!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_HOBBIT.F0
4 8KodakCCS1 12KodakCCS.exe1 00 27Kodak DC File System Driver 01
222Konni Symbol Autostart1 15KonniSymbol.exe1 00139Gives configuration access to RagTime Solo professional business publishing software. RagTime Solo is the private user version of RagTime 536http://www.besoftware.com/index.html0
2 4cnet1 11kontiki.exe1 00115Kontiki Delivery Manager - Windows-based client software that enables secure delivery of content to users' desktops95http://help.kontiki.com/enduser/group.jsp;jsessionid=2C47C896EA1784C5321FD3E6845E8157?node=28460
2 8GameSpot1 11kontiki.exe1 00115Kontiki Delivery Manager - Windows-based client software that enables secure delivery of content to users' desktops95http://help.kontiki.com/enduser/group.jsp;jsessionid=2C47C896EA1784C5321FD3E6845E8157?node=28460
2 7kontiki1 11kontiki.exe1 00115Kontiki Delivery Manager - Windows-based client software that enables secure delivery of content to users' desktops95http://help.kontiki.com/enduser/group.jsp;jsessionid=2C47C896EA1784C5321FD3E6845E8157?node=28460
2 5zdnet1 11kontiki.exe1 00115Kontiki Delivery Manager - Windows-based client software that enables secure delivery of content to users' desktops95http://help.kontiki.com/enduser/group.jsp;jsessionid=2C47C896EA1784C5321FD3E6845E8157?node=28460
3 6KREC321 10krec32.exe1 00 45StarrCommander Pro Keystroke logging software 01
118Microsoft Document1 9krisp.exe1 00 27Added by the SDBOT-RQ WORM!56http://www.sophos.com/virusinfo/analyses/w32sdbotrq.html0
1 8Kernel321 10krnl32.exe1 00 23Added by the EPON WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.epon@mm.html0
3 7Krnlmod1 11Krnlmod.exe1 00191Keylogger - see here. Given a "U" recommendation because it depends if you intentionally installed it. If you didn't, treat it as "X" and uninstall or remove via Spybot S&D (for example)58http://www.pestpatrol.com/PestInfo/W/Windows_Keylogger.asp0
3 7KClient1 11kstatus.exe1 00197KClient Kerberos client software for Win32 systems. It provides the libraries and utilities needed to use Kerberos-based PC applications developed by Computing Services such as KWeb and NiftyTelnet 01
3 8ktchnsnk1 12ktchnsnk.exe1 00144HP program found with the Office Jet 500/600/700 series which initializes the Office Jet manager each time the computer is booted up or rebooted 01
3 9KeyWallet1 11KWallet.exe1 00162"KeyWallet is a useful and convenient desktop utility that spares you the trouble of filling in your logins, passwords and other personal data manually"34http://www.keywallet.com/index.php0
2 8kX Mixer1 11kxmixer.exe1 00 94Provides Mixer and Control functionality to KxProject Audio driver for EMU10k based soundcards 01
1 6NvMsnW1 9Isass.exe1 00 31Added by the W32/Bropia-M worm.56http://www.sophos.com/virusinfo/analyses/w32bropiam.html0
1 6load321 8l32x.exe1 00 52Added by the DUMARU.Z or DUMARU.Y or DUMARU.AD WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.dumaru.z@mm.html0
010SystemBoot1 10ladies.htm1 00 36Unknown but sounds very suspicious?? 01
114TCP Monitoring1 11LanNSvc.exe1 00 29Added by the RANDEX.AAS WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.aas.html0
3 9LanSpeed21 13LanSpeed2.exe1 00 86Monitors any traffic that is using a LAN adapter (Ethernet or Token ring network card) 01
124Microsoft Update Machine1 11LANWAKE.EXE1 00 26Added by the RBOT-QZ WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotqz.html0
124Microsoft LAN32 Protocol1 9lanXp.exe1 00126Added by W32/Rbot-SS, it will terminate processes and perform a variety of other functions under control of a remote attacker.55http://www.sophos.com/virusinfo/analyses/w32rbotss.html0
3 7ZeroAds1 11LAS0Ads.exe1 00 86ZeroAds - culls ads, cookies and pop-ups. Required for the cookie interception to work36http://zeroads.com/flash/default.asp0
1 6.mscdr1 9lassa.exe1 00 28Added by the WEBUS.C TROJAN!62http://www.symantec.com/avcenter/venc/data/trojan.webus.c.html0
110NavAgent321 11lasvr32.exe1 00 26Added by the FEMOT.D WORM!64http://www.symantec.com/avcenter/venc/data/w32.femot.d.worm.html0
0 5Later1 9later.exe1 00 2?? 01
3 7LaunApp1 11LaunApp.exe1 00 85Part of Acer Launch Manager - programmable keys on such laptops as the TravelMate 610 01
0 6Launcg1 10launcg.exe1 00 2?? 01
419MailScan Dispatcher1 10Launch.exe1 00183MailScan Dispatcher splits each e-mail message into various components such as the header, body and attachment. Compressed formats (ZIP, ARJ, etc.) are scanned for viruses and cleaned49http://www.mspl.net/antivirus/mailscan/ms4adv.asp0
312Screen Guard1 10launch.exe1 00 51Part of Access Denied security and privacy software22http://www.johnru.com/0
2 9Traceless1 10launch.exe1 00174Traceless 2003 - clear your cookies, temp directories and browser history with a click of a button. It also clears the recent documents and the IE drop down auto complete box56http://users.bigpond.com/pvantarakis/traceless/index.htm0
324SMS Application Launcher1 12LAUNCH32.EXE1 00 84Microsoft Systems Management Server - used to manage computers on a network remotely45http://www.microsoft.com/smserver/default.asp0
3 8LaunchAp1 12LaunchAp.exe1 00 85Part of Acer Launch Manager - programmable keys on such laptops as the TravelMate 61023http://global.acer.com/0
1 8Launcher1 12launcher.exe1 00 71Spyware component related to DownloadWare and found in Program FilesKFH 01
013PrimaLauncher1 12Launcher.exe1 00 35Associated with PrimaScan scanners.25http://www.primascan.com/0
313ATI Launchpad1 12launchpd.exe1 00174Convenient way to start all your Multimedia Center applications (DVD, Video CD, CD Audio, File Player). You can right-click LaunchPad, and uncheck Load on Startup in the menu 01
412laxmsp32.exe1 12laxmsp32.exe1 00124Lexmark Scan and Copy Control Program for the X63 (and maybe others) printer/scanner. Required for the scanner to work 01
116Winsock32 driver1 7lcd.exe1 00 27Added by the SPYBOT.B WORM!56http://www.sophos.com/virusinfo/analyses/w32spybotb.html0
3 4LCDC1 8LCDC.exe1 00146LCDC is an application that displays various information on your LCD or VFD screen. The number of things that LCDC can do is expandable by Plugins28http://www.lcdc.cc/about.htm0
2 5lcfep1 9lcfep.exe1 00221Tivoli æTMEÆ System Tray icon - "'lcfep' is the program that displays statistics about the Endpoint. Apparently stopping/removing this process has no impact on the Endpoint itself which will continue to function normally" 01
2 6Tivoli1 9LCFEP.EXE1 00221Tivoli æTMEÆ System Tray icon - "'lcfep' is the program that displays statistics about the Endpoint. Apparently stopping/removing this process has no impact on the Endpoint itself which will continue to function normally" 01
1 5lcvga1 9lcvga.exe1 00 29Added by the HOSTOL-A TROJAN!57http://www.sophos.com/virusinfo/analyses/trojhostola.html0
1 2ld1 6ld.exe1 00 63CoolWebSearch parasite related - redirects to fastwebfinder.com53http://www.spywareinfo.com/~merijn/cwschronicles.html0
2 3LDM1 11ldmconf.exe1 00156Installed with the software for Logitech products. Automatically checks for software upgrades AND new products, services and special offerings from Logitech 01
226Logitech Desktop Messenger1 11ldmconf.exe1 00156Installed with the software for Logitech products. Automatically checks for software upgrades AND new products, services and special offerings from Logitech 01
3 8LED TRAY1 11LEDTRAY.EXE1 00183Installs a USB compact flash card reader or drive on start-up. The device is distributed by Microtech and is made by a company called SnapShot. Required if you want the reader to work 01
125Internet Explorer Updater1 10lexbac.exe1 00 29Added by the DOWNLOAD TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/download.trojan.html0
1 8lexplore1 8lexplore1 00116Added by the Bropia.A WORM! This worm spreads through MSN Messenger. File is found in the Windows system directory.46http://www.f-secure.com/v-descs/bropia_a.shtml0
127Windws Configuration Loader1 12LEXPLORE.exe1 00 26Added by the SODABOT WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.sodabot.html0
111KernellApps1 12lexplore.exe1 00 85Added by Troj/Bancban-BS, it is found in the Windows system folder, in a new folder.59http://www.sophos.com/virusinfo/analyses/trojbancbanbs.html0
2 6lexpps1 10lexpps.exe1 00320For Lexmark printers. From Lexmark: "This enables bi-directional printing over a peer to peer network. If the printer is connected directly to your PC, the file is not used, (or should not be used) at all". It is known that firewalls can however alert you to "lexpps.exe" requesting server privileges 01
3 8LexStart1 12lexstart.exe1 00223Lexmark printer software may add Lexstart.exe in the startup folder to handle print commands that you send to the printer. Sometimes required for the printer to work correctly - not in the case of a Lexmark Z42 for instance 01
020Configuration Loader1 9lfass.exe1 00 2?? 01
3 8Lfsndmng1 12lfsndmng.exe1 00193LightningFAX Enterprise Fax Server - "puts faxing at the fingertips of networked enterprise users. It enables rapid, secure sending and Direct-To-Desktop Delivery of mission-critical documents"62http://www.lightningfax.com/products/lightningfax/features.htm0
113LoginPassport1 12Lgnpsp32.exe1 00 27Added by the REDIST.C WORM!81http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.redist.c@mm.html0
017HomeCentre WakeUp1 12LGWAKEUP.EXE1 00 72Associated with the no longer supported Xerox HomeCentre printer/scanner 01
215Logitech Wakeup1 12lgwakeup.exe1 00561Loads at startup and monitors the scanner. When a document is inserted in the scanner the wakeup program feeds the document a fraction of a inch into the scanner and then it launches the control center software. From the control center you can select whether to fax or copy or print the scanned documents. If you uncheck the Logitech wakeup software from the startup it no longer launches the control center or feeds the document a fraction of an inch. You can manually launch the control center software via Start ->Programs and still be able to scan images 01
112li-multi****1 16li-multi****.exe1 00 34Adult web-dialler - **** is random 01
112li-thund****1 16li-thund****.exe1 00 34Adult web-dialler - **** is random 01
111li-vita****1 15li-vita****.exe1 00 34Adult web-dialler - **** is random 01
124Microsoft System Checkup1 13libsysmgr.exe1 00 28Added by the SDBOT-CAF WORM!57http://www.sophos.com/virusinfo/analyses/w32sdbotcaf.html0
112WinLibUpdate1 13libupdate.exe1 00 69Added by the BIONET series of TROJANS such as BIONET.31 or BIONET.31078http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_BIONET.310
114WinLibUpdate321 15libupdate32.exe1 00 31Added by the BIONET.405 TROJAN! 01
111WinLibUpdte1 12libupdte.exe1 00 31Added by the BIONET.318 TROJAN!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_BIONET.3180
0 4Path1 8lide.exe1 00 2?? 01
318Lightning Download1 13Lightning.exe1 00143Lightning Download download manager. Can be launched manually, but will need to start up if you want it to "catch clicks" off Internet Explorer44http://www.lightningdownload.com/index.shtml0
212LimeWire x.x1 12LimeWire.exe1 00174LimeWire - Peer to Peer (P2P) file-sharing client. x.x represents the version number. Note - as with all P2P sharing programs they are susceptible to various forms of malware24http://www.limewire.com/0
221Line Speed Meter V3.01 18LineSpeedMeter.exe1 00 81LineSpeedMeter - detect the download and upload speed of your internet connection48http://www.tcpiq.com/tcpiq/linespeed/Default.asp0
212ISDN Monitor1 11Linksts.exe1 00294Tray icon which gets installed when you install the drivers for Asuscom internal ISDN modem cards (or rebadged Asuscom ISDN cards, such as MRi). This icon enables you to monitor or configure your ISDN card. Once you have configured your ISDN card correctly, you will never need to use this icon 01
2 7Linksts1 11linksts.exe1 00294Tray icon which gets installed when you install the drivers for Asuscom internal ISDN modem cards (or rebadged Asuscom ISDN cards, such as MRi). This icon enables you to monitor or configure your ISDN card. Once you have configured your ISDN card correctly, you will never need to use this icon 01
1 7Linksts1 11linksts.exe1 00294Tray icon which gets installed when you install the drivers for Asuscom internal ISDN modem cards (or rebadged Asuscom ISDN cards, such as MRi). This icon enables you to monitor or configure your ISDN card. Once you have configured your ISDN card correctly, you will never need to use this icon 01
124Microsoft Update Machine1 9linux.exe1 00 26Added by the RBOT-IM WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotim.html0
1 5Linux1 9Linux.vbs1 00 33Added by the LOVELETTER.AS VIRUS!42http://vil.nai.com/vil/content/v_98684.htm0
2 3LIU1 7LIU.exe1 00189Logitech Internet Update. Used to update drivers/software for Logitech's Wingman, QuickCam, etc devices. Reports claim it doesn't work very well and you can manually update the files anyway 01
218AceGain LiveUpdate1 14LiveUpdate.exe1 00292AceGain_LiveUpdate. "AceGain LiveUpdate provides a fully managed and customizable LiveUpdate platform that seamlessly integrates with a game. As soon as an update is made available, AceGain manages the alert, download and installation as well as version control and user network preferences."27http://gameone.acegain.com/0
118Bouncer RunStartup1 14LiveUpdate.exe1 00374VIrtualBouncer malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove, so definitely qualifies as unsolicited commercial software in itself. It also has an update feature that can download and execute arbitrary code. Warning - choose "custom" uninstall as "automatic" may remove other programs59http://www.pestpatrol.com/PestInfo/v/virtualbouncer_2_0.asp0
310LiveUpdate1 14LiveUpdate.exe1 00 66Web-update utility as used by various types of software - see here32http://liveupdate.openwares.org/0
320Openwares LiveUpdate1 14LiveUpdate.exe1 00 66Web-update utility as used by various types of software - see here32http://liveupdate.openwares.org/0
1 3Lar1 9Llass.exe1 00 27Added by the INOR-A TROJAN!55http://www.sophos.com/virusinfo/analyses/trojinora.html0
317LapLink scheduler1 11Llsched.exe1 00 86Utility that automatically performs file transfers as unattended background operations 01
120Microsoft Management1 8lmas.exe1 00 28Added by the FORBOT-CZ WORM!57http://www.sophos.com/virusinfo/analyses/w32forbotcz.html0
413murphy shield1 9lmgui.exe1 00 51Firewall part of BitDefender virus scanner/firewall27http://www.bitdefender.com/0
127Microsoft Lmhosting Service1 11lmhosts.exe1 00 26Added by the RBOT-RC WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotrc.html0
211LiveMonitor1 12LMonitor.exe1 00 88MSI Live Update - auto-detects and suggests the latest BIOS/Driver/Utilities information 01
2 8LMonitor1 12LMonitor.exe1 00 88MSI Live Update - auto-detects and suggests the latest BIOS/Driver/Utilities information 01
0 8lmpdpsrv1 12lmpdpsrv.exe1 00 61Related to a Lexmark printer/scanner. Printer sharing server? 01
124Microsoft Update Machine1 9lmrss.exe1 00 26Added by the RBOT-DY WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotdy.html0
1 7q36i36O1 12lms2cenu.exe1 00 33Added by the SECONDTHOUGHT VIRUS! 01
2 8LMSTATUS1 12LMSTATUS.EXE1 00 90Lexmark Status Monitor. Checks the current status of Lexmark printers (and other devices?) 01
315XE 8x LM Status1 10lmsxxe.exe1 00 45Xerox XE8 series laser printer status monitor 01
112SysService321 9ln32k.dll1 00 26Added by the KINDAL VIRUS!43http://vil.nai.com/vil/content/v_100207.htm0
311Launchboard1 11lnchbrd.exe1 00363"LaunchBoard software from Darwin turns your keyboard into a remote control for the Internet and your computer! With LaunchBoard 2.0, you can customize up to 38 keys on your PC keyboard to instantly launch Web Sites, start applications, perform custom macros, handle Windows shortcuts, store passwords, and perform loads of other customizable functions" 01
1 6load321 10load32.exe1 00 49Added by the NIBU, BAMBO TROJANS and DUMARU WORM!74http://securityresponse.symantec.com/avcenter/venc/data/backdoor.nibu.html0
120Configuration Loader1 13loadcfg32.exe1 00 39Added by the LOADCFG or SDBOT TROJANS!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_LOADCFG.A0
112ClrSchLoader1 10Loader.exe1 00 31Clearsearch variant of IGetNet39http://www.igetnet.com/iGetNet_Home.asp0
1 6loader1 10loader.exe1 00 77Homepage hijacker, redirecting to coolwwwsearch.com. Downloader for iedll.exe 01
1 7reg_key1 15loader_name.exe1 00 53Added by the BEAGLE.Y or BEAGLE.Z or BEAGLE.AA WORMS!76http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.y@mm.html0
1 9LoadFonts1 13LoadFonts.vbs1 00 69Homepage hijacker that changes your homepage to an adult content site 01
4 9FP Loader1 10loadfp.exe1 00 57FoolProof Security - PC security software from SmartStuff42http://www.smartstuff.com/fps/fpsinfo.html0
3 9KK Loader1 10loadkk.exe1 00214KeyKey XP Professional from KeyKey.com. "Monitor Instant Messages, Chats, Emails, Web Site URLs, Passwords, Computer Programs, Start Up and Shut Down time and much more completely undetected to the user."33http://www.keykey.com/index1.html0
3 6LoadQM1 10loadqm.exe1 00377Installed with MSN Explorer and loads the MSN Queue Manager. Required to enable the WU AutoUpdate feature. Note that disabling this can sometimes prevent internet sharing working on Win2K Pro SP2. Reports also suggest that removing it will re-enable internet access - hence the "users choice" recommendation. If you have problems leave it, otherwise I recommend you disable it63http://support.microsoft.com/default.aspx?scid=KB;EN-US;q3094180
3 7LOAD WB1 10LOADWB.EXE1 00309Part of Stardock's WindowBlinds custom desktop program. "WindowBlinds is the first utility of its kind. It extends Win98/NT/2K/XP to have a fully skinnable user interface. You can change the style of title bars, buttons, toolbars and much more". If you use it - keep it if not then uninstall it28http://www.windowblinds.net/0
215BrowserWebCheck1 10loadwc.exe1 00 57Checks to make sure that IE is still your default browser 01
122Windows Streams Server1 12localsrv.exe1 00 27Added by the SDBOT.LN WORM!99http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?id=60777&VName=WORM_SDBOT.LN0
1 5Modem1 13locatesvc.exe1 00 38Added by a variant of the SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
310Lock My PC1 10lockpc.exe1 00136Lock_My_PC - a tool for quick computer locking when you leave it unattended. It shows a lock screen, disables Windows hot keys and mouse26http://www.fspro.net/lmpc/0
112Winlogin.exe1 7log.exe1 00 53Added by a variant of the AGENT.AH downloader TROJAN! 01
126Microsoft Windows updaterD1 11log32zx.exe1 00 27Added by the MYDOOM.W WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.mydoom.w@mm.html0
112winlogin.exe1 11logfile.exe1 00 29Added by the AGENT.AH TROJAN! 01
223LogitechImageStudioTray1 12LogiTray.exe1 00 57Logitech Image Studio - installed with Logitech QuickCams 01
217LogitechVideoTray1 12LogiTray.exe1 00 57Logitech Image Studio - installed with Logitech QuickCams 01
2 8LogiTray1 12LogiTray.exe1 00 57Logitech Image Studio - installed with Logitech QuickCams 01
316Logitech Utility1 12Logi_MwX.exe1 00196Logitech Mouseware driver. Needed to support some additional functionality of Logitech mice/trackballs such as "SmartMove". If you disable it and find you don't need it leave it disabled 01
3 8Logi_Mwx1 12Logi_MwX.exe1 00196Logitech Mouseware driver. Needed to support some additional functionality of Logitech mice/trackballs such as "SmartMove". If you disable it and find you don't need it leave it disabled 01
314Customizer20001 9logon.exe1 00199Automatic logon feature of Customizer 2000 - "a special utility which is designed to optimize Win9x/ME performance. The program lets you explore the many hidden settings in Windows, and make changes"55http://www.hot-shareware.com/utilities/customizer-2000/0
1 9Logon.exe1 9logon.exe1 00 27Added by the ZINS.A TROJAN!88http://ae.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=BKDR_ZINS.A0
114update run dos1 9logon.exe1 00 37Added by a variant of the SDBOT WORM!43http://vil.nai.com/vil/content/v_100454.htm0
1 8WinLogon1 9logon.exe1 00 70Added by the Troj/Abox-A Trojan! File is found in the Windows folder. 01
311LogonStudio1 15logonstudio.exe1 00261WinCustomize LogonStudio - "Allows Windows XP users to edit, change, and apply new logon screens. LogonStudio comes built with a visual editor to make it easy to create your own logons which can then be uploaded to websites to be used by others users"45http://www.stardock.com/products/logonstudio/0
3 8LogWatch1 12logwat95.exe1 00220Licensing patch for products installed on NT by Computer Associates such as eTrust. Detects and updates old versions of lic98.dll - see here. Not required if you already have a newer version or the patch has been applied61http://support.ca.com/Download/patches/licenseit/LO51215.html0
413Look 'n' Stop1 13looknstop.exe1 00 31Look 'n' Stop personal firewall38http://www.looknstop.com/En/index2.htm0
1 4abtu1 13lopsearch.exe1 00 67Loads the executable for Lop.com. lopsearch.exe is the beta version35http://www.spywareinfo.com/lop.html0
1 6LOAD321 10Lorena.exe1 00 27Added by the MAPSON.C WORM!65http://www.symantec.com/avcenter/venc/data/w32.mapson.c.worm.html0
1 6kv30001 9lover.vbe1 00 27Added by the ZSYANG.B WORM!76http://securityresponse.symantec.com/avcenter/venc/data/vbs.zsyang.b@mm.html0
1 3Lpr1 10Lpr123.exe1 00 47Added by the REMPSTEAL password stealer TROJAN!78http://securityresponse.symantec.com/avcenter/venc/data/spyware.rempsteal.html0
1 6Lpr1231 10Lpr123.exe1 00 47Added by the REMPSTEAL password stealer TROJAN!78http://securityresponse.symantec.com/avcenter/venc/data/spyware.rempsteal.html0
3 3LPS1 7Lps.exe1 00 94Local Port Scanner - "With LPS you're able to check your computer for open or listening ports" 01
0 9Reg Check1 7lpt.exe1 00 31Related to Supanet ISP software23http://www.supanet.com/0
3 6LPtask1 10lptask.exe1 00 99Program Lock It And Protect Pro - lock and protect your folders from being opened, moved or deleted45http://www.sanegroup.com/sanegroup/lppro.html0
1 8Quickzip1 6Ls.exe1 00 38MsConnect browser hijacker and dialler 01
116Microsoft Update1 8lsac.exe1 00 28Added by the GAOBOT.XW WORM!88http://www.pandasoftware.com/virus_info/encyclopedia/overview.aspx?lst=det&idvirus=484280
124COM+ System Applications1 8lsas.exe1 00 28Added by the AGOBOT.SE WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.SE0
1 6SYSTEM1 8lsas.exe1 00 28Added by the SPYBOT.CJ WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.CJ0
116Windows Explorer1 8Lsas.exe1 00146Added by the GAOBOT.AO WORM! Note - this is not the valid Windows Explorer (explorer.exe) which would only be in startups if you added it manually79http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.ao.html0
1 5lsass1 10lsasrv.exe1 00 28Added by the MYDOOM.AG WORM!64http://www.symantec.com/avcenter/venc/data/w32.mydoom.ag@mm.html0
1 9.TEXTCONV1 9lsass.exe1 00126Added by the WEBUS.B TROJAN! Note - this is not the legitimate lsass.exe process, which should not appear in Msconfig/Startup!62http://www.symantec.com/avcenter/venc/data/trojan.webus.b.html0
1 8.WMAudio1 9lsass.exe1 00126Added by the WEBUS.B TROJAN! Note - this is not the legitimate lsass.exe process, which should not appear in Msconfig/Startup!62http://www.symantec.com/avcenter/venc/data/trojan.webus.b.html0
1 7ccpApps1 9lsass.exe1 00126Added by the WEBUS.B TROJAN! Note - this is not the legitimate lsass.exe process, which should not appear in Msconfig/Startup!62http://www.symantec.com/avcenter/venc/data/trojan.webus.b.html0
112FriendlyType1 9lsass.exe1 00126Added by the WEBUS.B TROJAN! Note - this is not the legitimate lsass.exe process, which should not appear in Msconfig/Startup!62http://www.symantec.com/avcenter/venc/data/trojan.webus.b.html0
1 5lsass1 9lsass.exe1 00134Added by the RATSOU.B TROJAN! Note - this is not the legitimate Lsass.exe system file should normally NOT figure in Msconfig/Startup!82http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.ratsou.b.html0
119Microsoft UPDATER321 9lsass.exe1 00132Added by the RANDEX.AR WORM! Note - this is not the legitimate Lsass.exe system file should normally NOT figure in Msconfig/Startup!74http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.ar.html0
119MicrosoftSourceSafe1 9lsass.exe1 00126Added by the WEBUS.B TROJAN! Note - this is not the legitimate lsass.exe process, which should not appear in Msconfig/Startup!62http://www.symantec.com/avcenter/venc/data/trojan.webus.b.html0
1 4Prog1 9lsass.exe1 00126Added by the WEBUS.B TROJAN! Note - this is not the legitimate lsass.exe process, which should not appear in Msconfig/Startup!62http://www.symantec.com/avcenter/venc/data/trojan.webus.b.html0
1 9RegDoneEx1 9lsass.exe1 00126Added by the WEBUS.B TROJAN! Note - this is not the legitimate lsass.exe process, which should not appear in Msconfig/Startup!62http://www.symantec.com/avcenter/venc/data/trojan.webus.b.html0
114System Handler1 9LSASS.EXE1 00128Added by the NIMOS WORM! Note - this is not the legitimate Lsass.exe system file should normally NOT figure in Msconfig/Startup!75http://securityresponse.symantec.com/avcenter/venc/data/w32.nimos.worm.html0
1 7Traybar1 9lsass.exe1 00131Added by the MYDOOM.L WORM! Note - this is not the legitimate Lsass.exe system file should normally NOT figure in Msconfig/Startup!76http://securityresponse.symantec.com/avcenter/venc/data/w32.mydoom.l@mm.html0
1 6Runner1 9lsass.exe1 00 74Added by the Troj/AdClick-AG Trojan! File is found in the Windows folder. 01
1 6Update1 9lsass.exe1 00 74Added by the Troj/AdClick-AG Trojan! File is found in the Windows folder. 01
114System Process1 9lsass.exe1 00 74Added by the Troj/AdClick-AG Trojan! File is found in the Windows folder. 01
116MS lsass Startup1 12lsass135.exe1 00 26Added by the RBOT.WM WORM!89http://ae.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_RBOT.WM0
113lsass service1 10lsass2.exe1 00 45Added by a variant of the AGOBOT/GAOBOT WORM!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN0
112NDIS Adapter1 10lsass2.exe1 00 45Added by a variant of the AGOBOT/GAOBOT WORM!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN0
119Services Controller1 10lsassa.exe1 00 31Added by the CIADOOR.122 VIRUS! 01
112LSASS Daemon1 10LSASSd.exe1 00 45Added by a variant of the AGOBOT/GAOBOT WORM!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN0
110lsasss.exe1 10lsasss.exe1 00 27Added by the SASSER.E WORM!90http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?VName=WORM_SASSER.E0
119Windows Taskmanager1 10lsassx.exe1 00 94Added by the W32/Rbot-WX WORM and IRC backdoor Trojan, and found in the Windows system folder.55http://www.sophos.com/virusinfo/analyses/w32rbotwx.html0
118Adope File Manager1 9lsasv.exe1 00 40Added by an unidentified WORM or TROJAN! 01
116Microsoft Office1 9lserv.exe1 00 27Added by the SDBOT.MH WORM!85http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.MH&VSect=T0
1 6Sysino1 9lsess.exe1 00 28Added by the FORBOT-BF WORM!57http://www.sophos.com/virusinfo/analyses/w32forbotbf.html0
120Generic Host Service1 10lshost.exe1 00 26Added by the RBOT.LU WORM!84http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.LU&VSect=T0
115LSASS Authority1 13lshosts32.exe1 00 59Added by Troj/Sdbot-UY. Found in the Windows system folder.57http://www.sophos.com/virusinfo/analyses/trojsdbotuy.html0
1 6LSPFix1 14LSPmonitor.exe1 00 78eAcceleration Stop-Sign related - foistware. Read their privacy statement here37http://www.eacceleration.com/privacy/0
110LSPmonitor1 14LSPmonitor.exe1 00 78eAcceleration Stop-Sign related - foistware. Read their privacy statement here37http://www.eacceleration.com/privacy/0
1 4lspp1 8lspp.exe1 00187Added by the A href="http://www.sarc.com/avcenter/venc/data/adware.lspp.html"Adware.LSPP Adware. This delivers advertisements on your computer and may download other programs to install. 01
118Microsoft Services1 8lsrv.exe1 00 26Added by the RBOT-BK WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotbk.html0
1 6lssass1 9lssas.exe1 00 28Added by the AGOBOT.RL WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.RL0
132Local Security Authority Service1 9lssas.exe1 00 67W32/Poebot-A is a network WORM! Found in the Windows system folder.56http://www.sophos.com/virusinfo/analyses/w32poebota.html0
118Microsoft Services1 10lsserv.exe1 00 47Added by an unidentified VIRUS, WORM or TROJAN! 01
118Microsoft Services1 9lssrv.exe1 00 26Added by the RBOT.CW WORM!84http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.CW&VSect=T0
1 6.mscdr1 12lsvchost.exe1 00 28Added by the WEBUS.D TROJAN!62http://www.symantec.com/avcenter/venc/data/trojan.webus.d.html0
413XircWinModem41 12ltcm000c.exe1 00182WinModem drivers. WinModems use software rather than hardware - hence putting a load on the CPU. Needed if you have it for loading the drivers. See here for more WinModem information34http://808hi.com/56k/winmodems.asp0
4 9LT DAEMON1 12ltdaemon.exe1 00108Acts as a data spooler for the DSL modem (similar to a cache). Do not uncheck if the DSL modem is being used 01
3 5LtMoh1 9Ltmoh.exe1 00122Modem On Hold utility - manages incoming/outgoing voice calls on a single phone line while being connected to the internet 01
318V.92 Modem On Hold1 9Ltmoh.exe1 00122Modem On Hold utility - manages incoming/outgoing voice calls on a single phone line while being connected to the internet 01
4 5LTMSG1 9ltmsg.exe1 00212One of the "popular" WinModem series. WinModems use software rather than hardware - hence putting a load on the CPU. Needed if you have it for loading the drivers. See here for more WinModem information34http://808hi.com/56k/winmodems.asp0
411LTWinModem11 9ltmsg.exe1 00212One of the "popular" WinModem series. WinModems use software rather than hardware - hence putting a load on the CPU. Needed if you have it for loading the drivers. See here for more WinModem information34http://808hi.com/56k/winmodems.asp0
2 7LTSMMSG1 11LTSMMSG.exe1 00128Lucent Tech. Soft Modem Messaging application - may be found on Fujitsu Lifebook, Acer and Sony Vaio notebooks, maybe others too 01
1 8QuickZip1 6lu.exe1 00 38MsConnect browser hijacker and dialler 01
4 7Lusetup1 11LUSetup.exe1 00159Symantec LiveUpdate installer - required to install a new version of the application. Will only run once, and the entry is automatically deleted after a reboot74http://service1.symantec.com/support/sharedtech.nsf/docid/19990519111108130
3 6LVComs1 10lvcoms.exe1 00148Lvcomm server. Related to Logitech Quick Cam - works fine without it but it is needed for the Logitech ImageStudio software to connect to the camera 01
310LiquidView1 10lviewj.exe1 00216"Liquid View lets you increase the legibility of the Microsoft Windows interface regardless of your display's native resolution. The software lets you increase the size of items that are hard to read on your monitor" 01
3 8LWBMOUSE1 12lwbwheel.exe1 00 71Mouse driver - required if you use non-standard Windows driver features 01
222Start Wingman Profiler1 13lwemon.exeááá1 00149Logitech Wingman software required to operate Logitech joysticks and gamepads. Unless you're a hard-core gamer, it's best to leave it unchecked 01
219Lwinst Run Profiler1 10lwtest.exe1 00 84Logitech Wingman Profiler for the Logitech joysticks. Available via Start - Programs 01
222Start Wingman Profiler1 10lwtest.exe1 00149Logitech Wingman software required to operate Logitech joysticks and gamepads. Unless you're a hard-core gamer, it's best to leave it unchecked 01
0 8lxamsp321 12lxamsp32.exe1 00 33Associated with a Lexmark Printer 01
320Lexmark X5100 Series1 12lxbabmgr.exe1 00148System Tray application that enables scan or fax functions to run directly from the printer via the buttons. Can be launched from a desktop shortcut 01
315Lexmark X74-X751 12lxbabmgr.exe1 00148System Tray application that enables scan or fax functions to run directly from the printer via the buttons. Can be launched from a desktop shortcut 01
113M-soft Office1 17M-soft Office.hta2 00121HTA file which creates an executable on the hard drive which subsequently proceeds to download files from a malware site! 01
2 5mmpti1 11m1mmpti.exe1 00107Mpact Mediaware Properties Taskbar Icon - multimedia software icon for Chromatic Research Mpact video cards 01
1 7m32info1 11m32info.exe1 00 30Added by the CRYPTER.A TROJAN!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A0
2 6M3Tray1 10m3tray.exe1 00 52Movielink - internet movie rental System Tray access25http://www.movielink.com/0
2 6MacLic1 10MacLic.exe1 00 81Part of Conversions Plus from DataViz - allowing PC and MAC owners to share disks58http://www.dataviz.com/products/conversionsplus/index.html0
2 7MacName1 11MacName.exe1 00 81Part of Conversions Plus from DataViz - allowing PC and MAC owners to share disks58http://www.dataviz.com/products/conversionsplus/index.html0
1 6RegRun1 12mActiveX.exe1 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
334Mediafour Mac Volume Notifications1 12Macvntfy.exe1 00162Mediafour Xplay - allows you to use an Apple iPod digital music player with a PC running Windows. If not used regularily start manually before connecting the iPod40http://www.mediafour.com/products/xplay/0
4 7MAD.EXE1 7MAD.EXE1 00291MAD.exe is the MS Exchange 5.5 System Attendant and can also consume a large amount of resources - resolved by the latest Exchange 5.5 Service Pack. Also part of Exchange 2000 Server but does it have the same problems?. Apparently you need to leave this running but is it needed at start-up? 01
014MAFWTaskbarApp1 12MAFWTray.exe1 00 81Related to the M-Audio Firewire Interface. Located in the Windows system folder. 01
3 8MagicDsk1 12MAGICDSK.EXE1 00114Magic DeskTop is a small and novel utility which will allow you the option of hiding or showing your desktop icons 01
2 8Magitime1 12Magitime.exe1 00 89Magitime - connection tracking utility which monitors online time, expense, data transfer47http://www.geocities.com/magistone/magitime.htm0
3 8MailBell1 12mailbell.exe1 00290MailBell e-mail notification tool that will notify you about new messages arrived to your mailbox. Works with both POP3 mailboxes and web-mail based systems. You should be able to set your mail system to check all accounts at regular intervals anyway if you prefer (in Outlook for instance)30http://www.emtec.com/mailbell/0
110Mail_Check1 14Mail_Check.exe1 00 27Added by the PANOIL.C WORM!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_PANOIL.C0
3 4MAIN1 8main.exe1 00145SpyCop surveillance software detection - checks to see when your machine was last scanned and if it was more than a week asks if you want to scan22http://www.spycop.com/0
111MSNMESENGER1 8Main.exe1 00 27Added by the PRORAT TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/backdoor.prorat.html0
316SpyCop ScanCheck1 8MAIN.EXE1 00145SpyCop surveillance software detection - checks to see when your machine was last scanned and if it was more than a week asks if you want to scan22http://www.spycop.com/0
325SuperCool Compress Backup1 8Main.exe1 00 94"SuperCool Zip Backup software is a data backup,restore and file synchronization program"43http://www.supercoolbookmark.com/zipbackup/0
1 6main161 10main16.exe1 00 30Added by the CRYPTER.A TROJAN!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A0
1 6main321 10main32.exe1 00 30Added by the CRYPTER.A TROJAN!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A0
311APC_SERVICE1 12mainserv.exe1 00108PowerChute« Personal Edition - "safe system shutdown software with sophisticated power management functions"65http://www.apcc.com/tools/download/software_comp.cfm?sw_sku=SDW750
110mainviewex1 14mainviewex.exe1 00 27Added by the GEMA.D TROJAN!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=404930
1 9Antivirus1 8maja.exe1 00 27Added by the NETSKY.H WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.h@mm.html0
115system firewall1 13makeini32.exe1 00125Added by the W32/Agobot-PS worm. Acts as an IRC bot which allows backdoor functionality. Found in the Windows system folder.57http://www.sophos.com/virusinfo/analyses/w32agobotps.html0
022LogitechSoftwareUpdate1 18ManifestEngine.exe1 00104Updater, part of Logitech Image Studio - installed with Logitech QuickCam cameras. Probably not required 01
221ADSL Diagnostic Tools1 12mapiicon.exe1 00 85System tray access to ADSL modem diagnostic tools. Available via Start -> Programs 01
1 9mapisvc321 13mapisvc32.exe1 00 69Added by the KX VIRUS and also recognised by Symantec as FPAI adware72http://securityresponse.symantec.com/avcenter/venc/data/adware.fapi.html0
1 6cronos1 10MARCO!.SCR1 00 28Added by the OPASERV.G WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.G0
1 6kfienq1 9masbl.bat1 00 26Added by the KIFER TROJAN!70http://securityresponse.symantec.com/avcenter/venc/data/w32.kifer.html0
212masqform.exe1 12masqform.exe1 00102PureEdge Viewer 6.0, reportedly associated with viewing and text editing US Air Force electronic forms 01
116WindowsKeyUpdate1 10master.exe1 00 24Added by the JOSAM WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.josam.worm.html0
317Master Volume Spy1 19MASTERVOLUMESPY.EXE1 00 68Volume control for the Gateway Destination "DestiVu" media interface 01
322AOL Broadband Check-Up1 10matcli.exe1 00498"matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". The AOL Self Support Tool is required to run with the Help and Support program. If you uncheck AOL and and then run Help and Support it will add another AOL entry in the startup menu. If you remove this software in "add/remove programs" some help menus in help and support will not be available. You decide 01
331Blueyonder Instant Support Tool1 10matcli.exe1 00526"matcli.exe is a motive Assistant Command line interface that gathers information about your system\'s identity like your name email address, city, state, etc and gets written to a log file". Blueyonder Instant Support is required to run with the Help and Support program. If you uncheck it and and then run Help and Support it will add another Blueyonder Instant Support in the startup menu. If you remove Blueyonder Instant Support in add/remove programs some help menus in help and support will not be available. You decide 01
317BT Broadband Help1 10matcli.exe1 00521"matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". BT Broadband Help is required to run with the Help and Support program. If you uncheck BT Broadband Help and and then run Help and Support it will add another BT Broadband Help in the startup menu. If you remove the BT Broadband Help in the add/remove program some help menus in help and support will not be available. You decide 01
318HP Instant Support1 10matcli.exe1 00534"matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, state, etc and gets written to a log file". HP Instant Support is required to run with the Help and Support program. If you uncheck HP Instant Support and and then run Help and Support it will add another HP Instant Support in the startup menu. If you remove the HP Instant Support in the add/remove program some help menus in help and support will not be available. You decide 01
220Resolution Assistant1 10matcli.exe1 00569Dell Resolution Assistant. "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, state, etc and gets written to a log file". Resolution Assistant is required to run with the Help and Support program. If you uncheck Resolution Assistant and and then run Help and Support it will add another Resolution Assistant in the startup menu. If you remove the Resolution Assistant in the add/remove program some help menus in help and support will not be available. You decide 01
321SBC Self Support Tool1 10matcli.exe1 00496matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file. The SBC Self Support Tool is required to run with the Help and Support program. If you uncheck SBC and and then run Help and Support it will add another SBC entry in the startup menu. If you remove this software in "add/remove programs" some help menus in help and support will not be available. You decide 01
329Verizon Online Support Center1 10matcli.exe1 00578"matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, state, etc and gets written to a log file". Verizon Online Support Center is required to run with the Help and Support program. If you uncheck Verizon Online Support Center and and then run help and Support it will add another Verizon Online Support Center in the startup menu. If you remove the Verizon Online Support Center in the add/remove program some help menus in help and support will not be available. You decide 01
313Net Assistant1 10matcli.exe1 00759A href="http://productsandservice.aliant.net/PS/nb/english/productsandservices/ps_2.jsp?section=51&subsection=1&bodycont=productsandservices%2ffacts_51_7.jsp&curbody=51"Aliant Net Assistant. "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, state, etc and gets written to a log file". The Aliant Net Assistant Tool is required to run with the Help and Support program. If you uncheck Aliant and and then run Help and Support it will add another Aliant entry in the startup menu. If you remove this software in "add/remove programs" some help menus in help and support will not be available. Normally found in C:\Program Files\Aliant\Net Assistant\bin\matcli.exe. 01
1 8rundl3321 22math.exe ...pluged.exe2 00 28Added by the DOOMJUICE WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.doomjuice.html0
318Notebook Maximizer1 21maximizer_startup.exe1 00 99Toshiba Notebook Maximizer software - adjust settings to save battery power and increase efficiency 01
3 8MoodBook1 6mb.exe1 00 66MoodBook is a free Windows utility that brings art to your desktop24http://www.moodbook.com/0
3 5MBM 41 8MBM4.exe1 00161Motherboard Monitor 4 - only needed if you overclock your system and want to keep a check on system temperatures/voltages/etc. Available via Start -> Programs 01
3 5MBM 51 8MBM5.exe1 00157Motherboard Monitor 5 - only needed if you overclock your system and want to keep a check on system temperatures/voltages/etc. Available via Start - Programs27http://mbm.livewiredev.com/0
316Mailbox Verifier1 12mboxvrfy.exe1 00297Mailbox Verifier (MV) is free software that will notify you about new messages arrived to your mailbox. Only works with POP3 mailboxes (not web-mail based systems). You should be able to set your mail system to check all accounts at regular intervals anyway if you prefer (in Outlook for instance) 7http://0
3 7MBProbe1 11mbrpobe.exe1 00147MBProbe - only needed if you overclock your system and want to keep a check on system temperatures/voltages/etc. Available via Start -> Programs41http://mbprobe.livewiredev.com/about.html0
210MouseCount1 6MC.exe1 00170MouseCount by Kittyfeet Software. "Utility for counting how many times us computer junkies click our mouse in a given session/day/week/month/year." Not required39http://www.kittyfeet.com/mousecount.htm0
3 8mouseElf1 6MC.exe1 00 88Genius NetScroll mouse driver - required if you use non-standard Windows driver features50http://www.geniusnet.com.tw/product/mouse_line.htm0
120Windows Media Player1 11mcafe32.exe1 00 99Added by the W32/Rbot-XG WORM/backdoor, it connects to an IRC channel to allow unauthorized access.55http://www.sophos.com/virusinfo/analyses/w32rbotxg.html0
116Mcaffe Antivirus1 13Mcafeescn.exe1 00 38Added by a variant of the SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
124Sygate Personal Firewall1 16Mcafeeupdate.exe1 00 26Added by the RBOT.YN WORM!106http://de.trendmicro-europe.com/enterprise/security_info/ve_detail.php?id=66562&VName=WORM_RBOT.YN&VSect=T0
310McAgentExe1 11mcagent.exe1 00220From McAfee VirusScan On-line. The Agent is a red M icon that appears in the Windows system tray or Notification Area (if you're running Windows XP). If you don't see the agent icon, VirusScan Online may not be installed 01
0 8Mail.com1 11mcalert.exe1 00 88Mail.com - free web-mail service. Does mcalert.exe notify you when new mail has arrived?23http://mail01.mail.com/0
320MultiCAM Initializer1 12MCamBoot.exe1 00263The MultiCAM Initializer is part of the MultiCAM software package provided by Vista Imaging in order to run up to 10 USB ViCAM or 3Com Home Connect PC Digital cameras on a single computer. Clears itself from memory once initialized but can also be safely disabled40http://www.vistaimaging.com/multicam.htm0
117Multimedia Codecs1 7mcc.exe1 00 24Added by the MCC TROJAN!94http://www.giantcompany.com/antispyware/research/spyware/spyware-Trojan.PornDownloaderMCC.aspx0
118Microfinder lptt011 7mcf.exe1 00182Variant of the RapidBlaster parasite (in a "mcf" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here49http://www.doxdesk.com/parasite/RapidBlaster.html0
118Microfinder ml097e1 7mcf.exe1 00182Variant of the RapidBlaster parasite (in a "mcf" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here49http://www.doxdesk.com/parasite/RapidBlaster.html0
2 8MChanger1 12MChanger.exe1 00 81Media Changer - utility that allows you to change wallpapers, sounds, themes, etc 01
0 4msci1 10mcinfo.exe1 00 33McAfee Internet Security related. 01
412VSOCheckTask1 12MCMNHDLR.EXE1 00 91Part of McAfee's SecurityCenter and Virusscan Online. Must be enabled for scanning to work51http://us.mcafee.com/root/product.asp?productid=msc0
1 8ieupdate1 32MCP****.exe [**** = random char]2 00 26Added by the ASOXY TROJAN!75http://securityresponse.symantec.com/avcenter/venc/data/backdoor.asoxy.html0
4151A:Stardock MCP1 13mcpserver.exe1 00138Master Control Program for Stardock apps, in development. People should leave it running if they're using any of the Stardock applications 01
117cmssSystemProcess1 10mcsmss.exe1 00 42Added by a variant of the AGENT.EI TROJAN!85http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_AGENT.EI&VSect=T0
311McUpdateExe1 12mcupdate.exe1 00136From McAfee VirusScan On-line. Automatically updates your virus definitions. Leave enabled unless you regularly update these definitions 01
4 7McVsRte1 10mcusrt.exe1 00135Part of McAfee's SecurityCenter. Must remain checked but one user reports Windows glitches with no response from McAfee as to why51http://us.mcafee.com/root/product.asp?productid=msc0
412ActiveShield1 12MCVSSHLD.EXE1 00 55McAfee VirusScan On-line. See also the McAgentExe entry 01
4 8mcvsshld1 12mcvsshld.exe1 00 55McAfee VirusScan On-line. See also the McAgentExe entry 01
416VirusScan Online1 12mcvsshld.exe1 00 55McAfee VirusScan On-line. See also the McAgentExe entry 01
321Machine Debug Manager1 7mdm.exe1 00335Used by developers for debugging. Those who have encountered it have unchecked it with no degradation in performance. May cause your computer to "hang" if you have MS Visual Studio installed and this disabled because it appears to take over error handling - hence the U recommendatioon. Can also be listed as MDM7. See here to disable 4hang0
1 3mdm1 7mdm.exe1 00110Added by the LYDRA-F TROJAN! Note - this is not the valid Machine Debug Manager which shares the same filename56http://www.sophos.com/virusinfo/analyses/trojlydraf.html0
3 4MDM71 7mdm.exe1 00352Used by developers for debugging. Those who have encountered it have unchecked it with no degradation in performance. May cause your computer to "hang" if you have MS Visual Studio installed and this disabled because it appears to take over error handling - hence the U recommendatioon. Can also be listed as Machine Debug Manager. See here to disable 4hang0
1 3Mdm1 7Mdm.vbs1 00 42Added by the WHITEHO VIRUS or TRAPPY WORM!42http://vil.nai.com/vil/content/v_99145.htm0
1 6Mdmdll1 10mdmdll.exe1 00 28Added by the CRYPTER TROJAN!71http://www.pestpatrol.com/PestInfo/t/trojandownloader_win32_crypter.asp0
1 8Mdmdll321 12mdmdll32.exe1 00 43Added by a variant of the CRYPTER.C TROJAN!58http://www.sophos.com/virusinfo/analyses/trojcrypterc.html0
1 3MDN1 7mdn.exe1 00 44Backdoor.Win32.Rbot.gen is a backdoor agent.62http://www3.ca.com/securityadvisor/pest/pest.aspx?id=4530900190
1 8mdwmdmsp1 12mdwmdmsp.exe1 00 88Adware - recognized by Kaspersky antivirus and others as TrojanDownloader.Win32.Agent.am36http://www.kaspersky.com/personalpro0
1 6Ioadqm1 16Media Player.exe2 00 25Added by the HAWAWI WORM!63http://www.symantec.com/avcenter/venc/data/w32.hawawi.worm.html0
112Media Player1 9media.exe1 00 31Added by the FLDMEDIA-A TROJAN!59http://www.sophos.com/virusinfo/analyses/trojfldmediaa.html0
315KBD MediaCenter1 12MEDIACTR.EXE1 00 68Multimedia keyboard manager. Required if you use the multimedia keys 01
3 8MediaKey1 12MediaKey.exe1 00 68Multimedia keyboard manager. Required if you use the multimedia keys62http://www.futurepowerusa.com/support/kb_911/help/overview.htm0
113media_manager1 12mediaman.exe1 00227a target="_blank" href="http://www.mini-player.com/"Mini-Player, IMESH related foistware, see a target="_blank" href="http://www.spywareinfo.com/yabbse/index.php?board=10;action=display;threadid=2633;start=0#msg20371"here 01
212MediaMonitor1 12Mediam~1.exe1 00 82Installed by Smartdisk MVP CD burning software. Software will work fine without it 01
116Microsoft Update1 10mediap.exe1 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
110Media Pass1 13MediaPass.exe1 00106This is a Trojan Downloader that appears to be part of the Windupdates family of adware delivery products. 01
120Windows Media Player1 15MediaPIayer.exe1 00 92Added by the SDBOT-QO TROJAN! - note, the executable is called 'MediapIayer', with an 'i' !)57http://www.sophos.com/virusinfo/analyses/trojsdbotqo.html0
130Microsoft Windows Media Player1 15mediaplayer.exe1 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
115[various names]1 17mediaplayer32.exe1 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 9(Default)1 16media_driver.exe1 00 25Added by the TUPEG VIRUS!70http://securityresponse.symantec.com/avcenter/venc/data/w32.tupeg.html0
4 9Fix-it AV1 12memcheck.exe1 00242Part of Ontrack's Fix-it Utilities Suite anti-virus. Performs a quick check of memory for signs of any virus. Exits afterward and returns all resources used in one user's experience. Not required but could be left without a drain on resources 01
319TuneUp MemOptimizer1 16memoptimizer.exe1 00178Part of "TuneUp Utilities", specifically 2003 version. "Monitors and optimizes free memory in the background." Basically, it cleans RAM and also allows you to clear the clipboard 01
112Memory Check1 10memore.exe1 00 29Added by the KILLAV.C TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/trojan.killav.c.html0
114Memory Manager1 17memorymanager.pif1 00 78Added by the Troj/Delf-JJ Trojan! File is found in the Windows system folder.56http://www.sophos.com/virusinfo/analyses/trojdelfjj.html0
111MemoryMeter1 15MemoryMeter.exe1 00 40Autoinstalling spyware by Total Velocity29http://www.totalvelocity.com/0
210MemScanner1 14MemScanner.exe1 00 64SpyHunter - spyware remover of somewhat dubious repute, see note60http://www.spywarewarrior.com/rogue_anti-spyware.htm#sh_note0
124Microsoft Update Machine1 11memstat.exe1 00 26Added by the RBOT-OM WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotom.html0
3 8MemTurbo1 12memturbo.exe1 00140MemTurbo memory optimizer. MS professionals recommend not using memory managers with Win98/SE/ME. See this article and make up your own mind24http://www.memturbo.com/0
2 8MenuSnap1 12MenuSnap.exe1 00260MenuSnap from Rietta Solutions. Utility that re-orders your Start Menu items alphabetically. You may not want this utility if you're able to do this manually by selecting Start -> Programs and right-clicking and choosing "Sort by Name" if availabe31http://www.rietta.com/menusnap/0
315Message_Blocker1 16messageblock.exe1 00202Message Blocker - "prevents Outlook Express from loading images or other content from the internet without confirmation, as well as executing scripts when displaying a formatted email message"40http://www.ograhl.com/en/messageblocker/0
1 9Messenger1 13messenger.exe1 00 26Added by the KUTEX TROJAN!75http://securityresponse.symantec.com/avcenter/venc/data/backdoor.kutex.html0
113MSN messenger1 13messenger.exe1 00 91Added by an unidentified TROJAN! Note - this is not the real MSN Messenger, see this thread63http://forums.techguy.org/showthread.php?s=&threadid=1090540
113System driver1 13Messenger.exe1 00 42Added by a variant of the SMALL.BJ TROJAN! 01
318MessengerDiscovery1 22MessengerDiscovery.exe1 00 74MessengerDiscovery is a MSN Messenger add-on - adding over 70 new features34http://www.messengerdiscovery.com/0
148MeTaLRoCk (irc.musirc.com) has sex with printers1 20metalrock-is-gay.exe1 00 27Added by the RANDEX.Q WORM!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RANDEX.Q0
125Windows MeTaLRoCk service1 13metalrock.exe1 00 29Added by the TASTYRED TROJAN!82http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.tastyred.html0
111MS Explorer1 12mexplore.exe1 00 26Added by the YAHA.AE WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.yaha.ae@mm.html0
112PowerProfile1 10mfcp30.exe1 00135Added by the Troj/Rindas-A TROJAN and found in the Windows system folder. It allows access to a compromised PC by way of IRC channels.57http://www.sophos.com/virusinfo/analyses/trojrindasa.html0
226CorelMedia FoldersIndexer81 13MFindexer.exe1 00 98Part of CorelDraw bundles for indexing media files - similar to "fast find" in MS Office 01
226CorelMedia FoldersIndexer81 12MFINDE~1.EXE1 00 98Part of CorelDraw bundles for indexing media files - similar to "fast find" in MS Office 01
220MightyFAX Controller1 11MFNTCTL.EXE1 00119Mighty FAX from RKS Software - "installs a printer driver so that you can fax directly from Windows software"50http://www.rkssoftware.com/mightyfax/overview.html0
0 5Mgabg1 9Mgabg.exe1 00 18Matrox BIOS Guard. 01
221Matrox Control Center1 11mgactrl.exe1 00 48For Matrox video cards. Quick access to settings 01
217Matrox Diagnostic1 11mgadiag.exe1 00 51For Matrox video cards. Quick access to diagnostics 01
111RandomWin321 12mgnwin32.exe1 00 27Added by the SDBOT-DV WORM!56http://www.sophos.com/virusinfo/analyses/w32sdbotdv.html0
4 9BullGuard1 8mgui.exe1 00 28Part of Bullguard antivirus25http://www.bullguard.com/0
110MHDOGStart1 11mhdogst.EXE1 00 88Added by an unidentified VIRUS, WORM or TROJAN! A possibility is a trojan known as PENIS 01
2 6MHINIT1 10MHINIT.EXE1 00 42Part of the Cybermedia Clean Sweep package 01
3 7CHotKey1 11mhotkey.exe1 00148Enables special keys on Chicony keyboards. Special combinations include Internet, E-mail, vol+, vol-, mute, etc. Only required for extended features 01
229Microsoft Greetings Reminder1 12MHPRMINF.EXE1 00 85You really want to be reminded about somebody's birthday at the expense of resources? 01
117Microsoft Service1 13microhost.exe1 00 26Added by the RBOT-LC WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotlc.html0
112SystemBackup1 12MicroLog.exe1 00 31Added by the MICROLOG.A TROJAN!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_MICROLOG.A0
116Microsoft Office1 20Microsoft Office.hta2 00121HTA file which creates an executable on the hard drive which subsequently proceeds to download files from a malware site! 01
120Configuration Loader1 13microsoft.exe1 00 28Added by the GAOBOT.JB WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.jb.html0
119Microsoft Executing1 13microsoft.exe1 00 28Added by the AGOBOT.UV WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.UV0
116Microsoft Update1 13Microsoft.exe1 00 29Added by the GAOBOT.AFJ WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.afj.html0
1 9microsoft1 13microsoft.hta1 00121HTA file which creates an executable on the hard drive which subsequently proceeds to download files from a malware site! 01
112microsoft4201 16microsoft420.exe1 00 27Added by the MENACE.B WORM!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MENACE.B0
118Microsoftmsn32.exe1 18microsoftmsn32.exe1 00 29Added by the CERTIF-C TROJAN!57http://www.sophos.com/virusinfo/analyses/trojcertifc.html0
117Microsoft Scanreg1 20microsoftscanreg.exe1 00 28Added by the FRANRIV.A WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_FRANRIV.A0
116Microsoft Update1 14Microsoftx.exe1 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
014SetDefaultMIDI1 11MIDIDef.exe1 00 44Related to a Soundblaster Audigy soundcards. 01
0 4jotl1 13millenzje.exe1 00 2?? 01
2 7MimBoot1 11mimboot.exe1 00 61Starts Musicmatch Jukebox at bootup - can be started manually26http://www.musicmatch.com/0
3 8MouseImp1 12MImpHost.exe1 00123MouseImp Pro - "A reliable assistant that turns your mouse into a simple, native but powerful controlling device" 01
212MINIFERT.EXE1 12MINIFERT.EXE1 00 15Part of Backweb 01
3 7minilog1 11MINILOG.EXE1 00171If you don't have ZoneAlarm or ZoneAlarm Pro running you don't need this. This must be enabled if programs such as VisualZone Report utility or ZoneLog Analyzer are in use 01
2 8MiniNote1 12MININOTE.EXE1 00106Mini NoteTab was the first in the family of "NoteTab" text and HTML editors from Fookes Software43http://www.fookes.com/software/mininote.htm0
114ToolbarInstall1 14MirarSetup.exe1 00149Added by the Mirar adware. This program will install a toolbar and display advertisements with the same subject matter as websites you are visiting.56http://www.sarc.com/avcenter/venc/data/adware.mirar.html0
123Mirate Sp 2 Information1 13miratesp2.exe1 00 26Added by the RBOT.QH WORM!87http://uk.trendmicro-europe.com/consumer/security_info/ve_detail.php?Vname=WORM_RBOT.QH0
111taskmgr.exe1 8mirc.exe1 00 42Added by a variant of the AGENT.AH TROJAN! 01
1 6Nvidia1 8mirc.exe1 00 86Added by Troj/Delbot-A, a TROJAN/IRC backdoor, and found in the windows system folder.57http://www.sophos.com/virusinfo/analyses/trojdelbota.html0
115Winsock2 driver1 10MIRC32.exe1 00 28Added by the SPYBUZZ TROJAN!81http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.spybuzz.html0
0 8misiCTRL1 12misiCTRL.exe1 00 26Miro video driver related.49http://www.video-drivers.com/drivers/26/26750.htm0
219miroVIDEO Tray Tool1 12misitray.exe1 00285Tool for quickly changing options for miro/Pinnacle capture cards during capture/playback/output. When this program is closed, another program (mv-ctrl) is also closed, but mv-ctrl does not have its own EXE file. Only needed when using the capture card, e.g. for the above actions 01
0 8misiTRAY1 12misiTRAY.exe1 00 26Miro video driver related.49http://www.video-drivers.com/drivers/26/26750.htm0
213C-Media Mixer1 9Mixer.exe1 00229C-Media produce audio chipsets that are often found on popular motherboards with on-board audio. Provides System Tray access to change audio settings. Available via Start -> Settings -> Control Panel or Start -> Programs 01
2 5Mixer1 9Mixer.exe1 00245C-Media Mixer - C-Media produce audio chipsets that are often found on popular motherboards with on-board audio. Provides System Tray access to change audio settings. Available via Start -> Settings -> Control Panel or Start -> Programs 01
2 8Mixghost1 12mixghost.exe1 00119Management software for Altec Lansing speakers. If a change is needed, the user can launch it from the Start menu 01
3 7MemoKit1 6MK.EXE1 00452Memory optimizer. It loads from startup group and it goes off as soon as the program (memokit.exe) is loaded in the System Tray. Mk.exe does not run while the memokit.exe is running. Probably loads a flash screen at startup and shutdown that stays on screen less than 5 seconds and gives you a button to push to purchase the full version. MS professionals recommend not using memory managers with Win98/SE/ME. See this article and make up your own mind34http://www.aumha.org/a/memmgmt.htm0
3 7CHotKey1 10MK9805.EXE1 00148Enables special keys on Chicony keyboards. Special combinations include Internet, E-mail, vol+, vol-, mute, etc. Only required for extended features 01
121Microsoft Movie Maker1 10Mmaker.exe1 00 77Added by the IRCBOT.C TROJAN! Note that this is not a valid Microsoft program73http://securityresponse.symantec.com/avcenter/venc/data/w32.ircbot.c.html0
1 8mmcndmgr1 12mmcndmgr.exe1 00 47Added by an unidentified VIRUS, WORM or TROJAN! 01
310MMERefresh1 14MMERefresh.exe1 00226Part of Digidesgin Protools. Refreshes your midi ports on the 002(R) (the 002R is a hardware audio/midi converter connected to your computer via firewire). Must be running in order to use the MIDI functionality of the Digi002R26http://www.digidesign.com/0
3 5MMhid1 9mmhid.dll1 00493This is the Human Interface Device Server for Win98, it is required only if you are using USB Audio Devices you can disable via Msconfig. See here. Typical examples are USB multimedia keyboards with volume control and web-ready keyboards. For example - loaded by default with MS DSS80 Speakers because they have Volume, Mute and Bass controls on the speaker. Some users may experience problems disabling this - if this is the case then re-enable it. Equivalent to Hidserv in Win98SE/2000/Me/XP53http://www.microsoft.com/hwdev/tech/input/audctrl.asp0
0 4MMHK1 8mmhk.exe1 00101A driver found on a Compaq Presario 800T notebook. Possibly something to do with multimedia hot keys? 01
3 7KM9801U1 12MMHotKey.exe1 00190Multimedia key handling for the relevant type of Turbo-Media keyboard. Shortcut available. Note that with this running it can crash DirectX8/9 under WinXP when a game switches to full-screen 01
2 8MMHotKey1 12MMHotKey.exe1 00190Multimedia key handling for the relevant type of Turbo-Media keyboard. Shortcut available. Note that with this running it can crash DirectX8/9 under WinXP when a game switches to full-screen 01
310Activboard1 11MMKeybd.exe1 00176Packard Bell ActiveBoard keyboard - multimedia keyboard manager. Required if you use the additional keys and want to see the status of the Num Lock, Caps Lock, Scroll Lock keys 01
3 9DellTouch1 11MMKeybd.exe1 00 73Dell multimedia keyboard manager. Required if you use the additional keys 01
316Keyboard Manager1 11MMKeybd.exe1 00 68Multimedia keyboard manager. Required if you use the additional keys 01
3 7MMKeybd1 11MMKeybd.exe1 00 68Multimedia keyboard manager. Required if you use the additional keys 01
314Multimedia KBD1 11MMKeybd.exe1 00 68Multimedia keyboard manager. Required if you use the additional keys 01
319MULTIMEDIA KEYBOARD1 11MMKeybd.exe1 00 68Multimedia keyboard manager. Required if you use the additional keys 01
1 6eZmmod1 8mmod.exe1 00136Ezula - regarded as spyware/theftware and bundled with the popular iMesh and KaZaA file-sharing programs. Read here for more information39http://www.ahfb2000.com/ezula/ezula.php0
1 4mmod1 8mmod.exe1 00136Ezula - regarded as spyware/theftware and bundled with the popular iMesh and KaZaA file-sharing programs. Read here for more information39http://www.ahfb2000.com/ezula/ezula.php0
021MS management console1 7mms.exe1 00 95Suspicious as the Microsoft Management Console is "mmc.exe" and doesn't normally run at startup 01
123MicrosoftMultimediaTask1 10Mmtask.exe1 00 83Adware downloader - not the valid MusicMatch Jukebox which shares the same filename 01
2 6mmtask1 10mmtask.exe1 00110Part of MusicMatch Jukebox - digital music player / CD burner and ripper / music organizer / playlist creator97http://www.musicmatch.com/download/plus/jukebox_intro.htm?os=pc&mode=input&BTD=1&DID=0
114MMtask Service1 10mmtask.exe1 00 91Added by the BACKGAT.A TROJAN! Not the valid MusicMatch Jukebox which has the same filename58http://www.sophos.com/virusinfo/analyses/trojbackgata.html0
115SchedulingAgant1 10MMTASK.EXE1 00 87Added by the YAB.A TROJAN! Not the valid MusicMatch Jukebox which has the same filename74http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_YAB.A0
4 6MMTASK1 10mmtask.tsk1 00284A check on the file's properties reveals "Multimedia background task support module". MMTASK is a very simple 16-bit program used by certain multimedia drivers (which are still 16-bit on Win9x) to perform background processing. Some soundcards need this to support MIDI, etc 01
2 6MMTray1 10MMTray.exe1 00 73Part of Morgan Multimedia Codecs. Only required when the codecs are used33http://www.morgan-multimedia.com/0
2 8MMTray2K1 12MMTray2K.exe1 00 73Part of Morgan Multimedia Codecs. Only required when the codecs are used33http://www.morgan-multimedia.com/0
2 9MMTrayLSI1 13MMTrayLSI.exe1 00 73Part of Morgan Multimedia Codecs. Only required when the codecs are used33http://www.morgan-multimedia.com/0
1 3XiD1 7mmx.exe1 00 28Added by the ANALOGX TROJAN!75http://securityresponse.symantec.com/avcenter/venc/data/trojan.analogx.html0
2 6MMTray1 11mm_tray.exe1 00123MusicMatch Jukebox icon in the task tray - digital music player / CD burner and ripper / music organizer / playlist creator97http://www.musicmatch.com/download/plus/jukebox_intro.htm?os=pc&mode=input&BTD=1&DID=0
318Goldensoft_MndlSvr1 11MndlSvr.exe1 00216Goldensoft CD Ghost related - turns a computer into a 200X-speed CD-ROM tower. Working from the hard drive, users can simultaneously access as many as 23 virtual CD-ROM drives at a speed of 200X for true multitasking 01
2 3Fpx1 11mnmsrvc.exe1 00132Remote Desktop Sharing service part of Microsoft's Netmeeting allowing users to share items on their screens across remote locations 01
3 3MNS1 7MNS.exe1 00213Mobile Net Switch enables you to use your computer on more then one network with the click of a button. It allows you to automatically select the correct drive mappings, printer settings, IP settings and much more31http://www.mobilenetswitch.com/0
1 5mnsvc1 9mnsvc.exe1 00 30Added by the AUTOUPDER TROJAN!79http://securityresponse.symantec.com/avcenter/venc/data/backdoor.autoupder.html0
1 7mnsvcsp1 11mnsvcsp.exe1 00 47Added by an unidentified VIRUS, WORM or TROJAN! 01
119Microsoft WinUpdate1 13mntcgf032.exe1 00 37Added by a variant of the SDBOT WORM!43http://vil.nai.com/vil/content/v_100454.htm0
2 7mobsync1 11mobsync.exe1 00142MS Syncrhonization Manager - updates the network copy of materials that were edited offline, such as documents, calendars, and e-mail messages 01
223Synchronization Manager1 11mobsync.exe1 00 40Find more information about its use here62http://support.microsoft.com/default.aspx?scid=kb;en-us;2561390
113MOBSYNC32.EXE1 13mobsync32.exe1 00 27Added by the FINERO TROJAN!75http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.finero.html0
3 8MODEMBTR1 12MODEMBTR.EXE1 00 60Modem Booster from inKline Global to improve ISP connections25http://inklineglobal.com/0
1 8Modeminf1 12Modeminf.exe1 00 43Added by a variant of the CRYPTER.C TROJAN!58http://www.sophos.com/virusinfo/analyses/trojcrypterc.html0
123Windows Security Module1 10module.exe1 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 6tgbcde1 12module32.exe1 00 28Added by the REIGN.R TROJAN!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?ID=400980
2 5iPalm1 7mon.exe1 00172Installed with a Panasonic iPalm digital camera. Used to uploaded photos from the camera. If your camera is not connected (via USB port) you do not need this program loaded71http://www.panasonic.com/consumer_electronics/digital_cameras/ipalm.asp0
210MoneyAgent1 17money express.exe2 00 48Part of MS Money. Available via Start - Programs 01
213Money Express1 16moneyexpress.exe1 00 48Part of MS Money. Available via Start - Programs 01
114realone_nt20031 11moniker.exe1 00 26Added by the SNONE.A WORM!72http://securityresponse.symantec.com/avcenter/venc/data/w32.snone.a.html0
210ENCMONITOR1 11monitor.exe1 00123The Encompass Monitor. This program is the Connect Direct Program. It is more trouble than it is worth and few use it 01
215Pagis Scheduler1 11Monitor.exe1 00 59Scheduler for the Pagis scanning suite from Scansoft. 30http://www.scansoft.com/pagis/0
226Belkin PCMCIA WLAN Monitor1 13monitorbk.exe1 00 71Belkin USB Network Adapter Management utility - can be started manually 01
110Monitormgt1 14Monitormgt.exe1 00 25Added by the GEMA TROJAN!72http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html0
017MP_STATUS_MONITOR1 12monitr32.exe1 00 28Related to Cannon Multi-Pass 01
424Alps Electric USB Server1 11Monserv.exe1 00 61Alps Electric USB Server - required according to this article62http://support.microsoft.com/default.aspx?scid=kb;en-us;2006920
210moon phase1 8moon.exe1 00 60Moon Phase - tray icon that indicates the phases of the moon30http://www.locutuscodeware.com0
1 9w32alanis1 8mope.scr1 00 25Added by the SINALA WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.sinala@mm.html0
1 6Msys321 21morfitwebentrance.exe1 00292Morfit ADjectPager - "uses home page rental technology for generating revenues". Homepage hi-jacker that re-defines your IE or Netscape start page as http://www.web-entrance.com/. Any installed application including this must be un-installed before you can reset your homepage 26http://www.morfit.com/Eng/0
2 8Morpheus1 12morpheus.exe1 00276MusicCity Networks' Morpheus - another peer-to-peer client based on Kazaa. Notable in that this one doesn't seem to install the adware that clog the Kazaa download. They claim they are adware free, and a visitor quotes "I have seen no instance of any since using it" 01
1 8mosearch1 12mosearch.exe1 00301Fast Search in Office XP - similar to the new revision of the Find Fast feature in Office 2000. Fast Search uses the Indexing Services in Office XP to create a catalog of Office files on your computer's hard disk. As with Find Fast - a waste of resources. If it can't be disabled via MSCONFIG try here62http://support.microsoft.com/support/kb/articles/Q282/1/06.asp0
218Motive SmartBridge1 12MotiveSB.exe1 00210System tray icon for the Virtual Assistant from AT&T Broadband, used to communicate internet problems via the network rather than telephone. Available via desktop shortcut or Start - Programs - not required21http://www.attbi.com/0
2 8MotiveSB1 12MotiveSB.exe1 00210System tray icon for the Virtual Assistant from AT&T Broadband, used to communicate internet problems via the network rather than telephone. Available via desktop shortcut or Start - Programs - not required21http://www.attbi.com/0
313MotiveMonitor1 10motmon.exe1 00434Found on HP/Dell and Compaq systems (and maybe others). MotiveMonitor is usedáthe suppliers on-line support and allows the agent at the far end to do harddrive/ram/video/etc tests on the computer. Can cause some users problems with IE and Netscape by disabling this - in this case leave it to run. You may also wish to leave it alone if the PC is still within the support period from the manufcaturer. For most users it's not required 01
3 6MotMon1 10motmon.exe1 00434Found on HP/Dell and Compaq systems (and maybe others). MotiveMonitor is usedáthe suppliers on-line support and allows the agent at the far end to do harddrive/ram/video/etc tests on the computer. Can cause some users problems with IE and Netscape by disabling this - in this case leave it to run. You may also wish to leave it alone if the PC is still within the support period from the manufcaturer. For most users it's not required 01
013FLMTRUSTMOUSE1 12mouse32a.exe1 00 38Mouse utility for a Trust brand mouse. 01
3 8LWBMOUSE1 12MOUSE32A.EXE1 00 71Mouse driver - required if you use non-standard Windows driver features 01
2 9Mouse 32A1 12Mouse32A.exe1 00 82Mouse driver to control mouse functions from Azona. Available via Start - Programs 01
1 8mousebut1 12mousebut.exe1 00 30Added by the CRYPTER.A TROJAN!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A0
1 9Mousecntl1 13mousecntl.exe1 00 43Added by a variant of the CRYPTER.C TROJAN!58http://www.sophos.com/virusinfo/analyses/trojcrypterc.html0
1 8mousedrv1 12mousedrv.exe1 00 30Added by the CRYPTER.A TROJAN!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A0
3 8mouseElf1 12mouseElf.exe1 00129System Tray access to the mouse control panel for Genius Netscroll mice. Required if you use non-standard Windows driver features 01
2 4Tips1 13mousetips.exe1 00 33Suggests tips on using your mouse 01
1 4run=1 22mouse_configurator.win1 00 27Added by the GAGGLE.E WORM!76http://securityresponse.symantec.com/avcenter/venc/data/vbs.gaggle.e@mm.html0
3 8Mousinfo1 12mousinfo.exe1 00 62MS mouse information tool - for troubleshooting mouse problems 01
113MovieNetworks1 17MovieNetworks.exe1 00250MovieNetworks will connect you by DOMESTIC PREMIUM RATE TELEPHONE NUMBER 900-xxx-xxxx. So you get xxx rated pictures and junk. And it will allow you to stay on the internet on their line and $$$ and remove the C:\Program Files\MovieNetworks directory29http://www.movienetworks.com/0
220Mozilla Quick Launch1 11Mozilla.exe1 00 31Netscape 6 and Mozilla browsers 01
1 4abtu1 12mp3serch.exe1 00 67Loads the executable for Lop.com. mp3serch.exe is the final version35http://www.spywareinfo.com/lop.html0
4 3MPB1 7MPB.exe1 00127File is found on Evesham computers and is used to assign programs to 4 different buttons. Found in C:\WINDOWS\System32\MPB.exe. 01
218Motive SmartBridge1 9mpbtn.exe1 00210System tray icon for the Virtual Assistant from AT&T Broadband, used to communicate internet problems via the network rather than telephone. Available via desktop shortcut or Start - Programs - not required21http://www.attbi.com/0
4 6MPFExe1 7mpf.exe1 00 24McAfee Personal Firewall 01
121Macfee Security Patch1 13Mpfsheild.exe1 00 26Added by the RBOT-NP WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotnp.html0
4 6MPFExe1 11MpfTray.exe1 00 24McAfee Personal Firewall 01
1 4LTM21 12MPGSRV32.EXE1 00 31Added by the LITMUS.201 TROJAN!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_LITMUS.2010
1 7MapiDrv1 10mpisvc.exe1 00 27Added by the MIPSIV TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/backdoor.mipsiv.html0
112MPL32 driver1 9MPL32.exe1 00 28Added by the LOONY-M TROJAN!56http://www.sophos.com/virusinfo/analyses/trojloonym.html0
1 7iLLeGaL1 11Mplayer.exe1 00126Added by the HOLAR.C (or GALIL) WORM! Note - this should not be comfused with Windows Media Player which has the same filename76http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_HOLAR.C0
111iLLeGaL.exe1 11Mplayer.exe1 00126Added by the HOLAR.C (or GALIL) WORM! Note - this should not be comfused with Windows Media Player which has the same filename76http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_HOLAR.C0
3 8MplSetup1 12MplSetup.exe1 00 73Used by Ricoh network printers to enable network printing from the client 01
315myprint mileage1 7mpm.exe1 00 44Reports battery status on a portable printer 01
3 6MPower1 10MPower.exe1 00320MPower from MindBeat. "Defragments and frees your RAM giving more stability to your system and avoiding needless use of swap file. Willl also benchmark (speed test) your hard disk drives and your CPU load". Some users swear by programs such as this but I suggest you read this article and make up your own mind24http://www.mindbeat.com/0
1 6MPREXE1 10MPREXE.EXE1 00 86Added by the OPASERV.T WORM! Note - this is not the legitimate Mprexe.exe system file78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.T0
410MPREXE.exe1 10mprexe.exe1 00405WIN32 Network Service Interface Process. MPREXE.exe enables the computer to have multiple clients/protocols for networks. There are some problems with it sometimes though - see here and here. Note - why some people have it listed in start-up programs I don't know but I was asked to include it here. It automatically runs in the background. NOTE : sometimes it will appear in start-ups if you have a virus70http://support.microsoft.com/directory/article.asp?ID=KB;EN-US;Q1780840
1 7MprHTML1 11MprHTML.exe1 00 44Added by a variant of the VAGRNOCKER TROJAN!80http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_VAGRNOCK.120
2 5rmmon1 11mprmmon.exe1 00 81Resource Monitor for the now defunct Chromatic Research MPact2 3DVD graphics card 01
0 3MPT1 7MPT.exe1 00 2?? 01
115MPtask Services1 10mptask.exe1 00 33Added by the LALA or AOT TROJANS!74http://securityresponse.symantec.com/avcenter/venc/data/backdoor.lala.html0
2 6MPTBox1 10MPTBOX.EXE1 00 40Cannon Multi-Pass toolbox - a button bar 01
110MP Tcloaxs1 13mptcloaxs.exe1 00 28Added by the RANDEX.CT WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RANDEX.CT0
2 7MPXTray1 12mpxptray.exe1 00186Windows Media Player PowerToy which is run from the taskbar. It can be used to hide Windows Media Player (when in use) and choose various standard buttons (play/pause, next,previous) etc 01
2 8SiSAudio1 9MP_S3.exe1 00 84WinME patch for an older SiS 961 chipset FERR bug. Enable if you have audio problems 01
1 6mqbkup1 10mqbkup.exe1 00 28Added by the OPASERV.K WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.opaserv.k.worm.html0
1 8qbkupdbs1 10mqbkup.exe1 00 28Added by the OPASERV.K WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.opaserv.k.worm.html0
126Windows Network Controller1 11Mqguard.exe1 00 28Added by the FORBOT-CL WORM!57http://www.sophos.com/virusinfo/analyses/w32forbotcl.html0
1 7SVCHOST1 13mrowyekdc.exe1 00 25Added by the GOTORM WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gotorm.html0
214MediaRing Talk1 10mrtalk.exe1 00 89Media Ring Talk, voice recognition software, Resource hog. Available via Start - Programs 01
2 7mrtMngr1 11mrtMngr.exe1 00 67Maintenance Release Task Manager for IntuitÆs QuickBooks or Quicken 01
224MRU-Blaster Silent Clean1 14mrublaster.exe1 00 59MRU-Blaster - performs silent cleaning of MRU lists at boot46http://www.wilderssecurity.com/mrublaster.html0
110Ms Spool321 14MS SPOOL32.EXE2 00 28Added by the ASASSIN TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.assasin.html0
118Microsoft Features1 11ms32cfg.exe1 00 26Added by the RBOT.HO WORM!97http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?VName=WORM_RBOT.HO&VSect=T0
1 9systemdrv1 11ms32sys.exe1 00 68Added by an unidentified WORM or TROJAN - most likely GAOBOT variant76http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.html0
113Video Process1 11MS32x16.exe1 00 26Added by the RBOT.RH WORM!87http://it.trendmicro-europe.com/consumer/security_info/ve_detail.php?Vname=WORM_RBOT.RH0
1 8MSPQFile1 11MSA****.TMP1 00 70Homepage hijacker. See here for more information. **** can be anything89http://www.spywareinfo.com/yabbse/index.php?board=11;action=display;threadid=776;start=100
120Windows Media Player1 7msa.exe1 00 26Added by the RBOT-SI WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotsi.html0
1 5MSACM1 9msacm.exe1 00 28Added by the OPASERV-O WORM!57http://www.sophos.com/virusinfo/analyses/w32opaservo.html0
133Microsoft Macro Protection SubSsy1 18msacroprots386.exe1 00 26Added by the RBOT-KE WORM!56http://www.sophos.com/virusinfo/analyses/w32sdbotpn.html0
1 9msadcheck1 15msadcheck32.exe1 00 50Browser hijacker, redirecting to search-system.com 01
1 8My Agent1 11msagent.exe1 00 30Added by the NEGASMS.A TROJAN!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_NEGASMS.A0
1 8WinApp321 9msapp.exe1 00 26Added by the RSBOT TROJAN!62http://www.symantec.com/avcenter/venc/data/backdoor.rsbot.html0
111msnmsgs.exe1 9msapp.exe1 00 90Added by the Troj/Dloader-IE TROJAN! This file can be found in the Windows system folder.59http://www.sophos.com/virusinfo/analyses/trojdloaderie.html0
1 5load=1 10msater.exe1 00 27Added by the RETSAM TROJAN!74http://securityresponse.symantec.com/avcenter/venc/data/trojan.retsam.html0
116Microsoft Update1 14msawindows.exe1 00 29Added by the GAOBOT.AFJ WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.afj.html0
1 4MSBB1 8msbb.exe1 00 19Advertising spyware 01
126System Information Manager1 8Msbb.exe1 00 50Added by a variant of the BACKDOOR.IRC.BOT TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.bot.html0
119windows auto update1 11msblast.exe1 00 28Added by the BLASTER.B WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.b.worm.html0
1 9NvCplScan1 9msc32.exe1 00 28Added by the FORBOT-DD WORM!57http://www.sophos.com/virusinfo/analyses/w32forbotdd.html0
110MS Updates1 11mscache.exe1 00 22Spyware web downloader 01
111System Tray1 11msccn32.exe1 00189Added by the PALYH.A WORM! Warning - spreading via infected E-mail attachments with the sender address faked as support@microsoft.com. Note - this is not the valid SystemTray (SysTray.exe)43http://vil.nai.com/vil/content/v_100307.htm0
125System Efficiency Monitor1 13mscedit32.exe1 00 28Added by the SDBOT.P TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.p.html0
119windows shellext.321 11mschost.exe1 00 28Added by the BLASTER.K WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.k.worm.html0
3 6MPSExe1 12mscifapp.exe1 00157McAfee.com Privacy Service - "combines personal identifiable information (PII) protection with online advertisement blocking and content filtering" 01
123Microsoft Digital Clock1 11msclock.exe1 00 28Added by the NACKBOT-D WORM!57http://www.sophos.com/virusinfo/analyses/w32nackbotd.html0
110ClientMan11 10mscman.exe1 00214Spyware/malware, included into the latest version of Grokster, among others. According to research by SpyBot's PMK, "able to trick ZoneAlarm, auto-clicking it to allow passing through the firewall!" 01
1 6mscman1 10mscman.exe1 00199Spyware/malware, included into the latest version of Grokster, among others. According to research by SpyBot's PMK, "able to trick ZoneAlarm, auto-clicking it to allow passing through the firewall!" 01
1 4scan1 10mscman.exe1 00214Spyware/malware, included into the latest version of Grokster, among others. According to research by SpyBot's PMK, "able to trick ZoneAlarm, auto-clicking it to allow passing through the firewall!" 01
110msnmsg.exe1 11mscmd32.exe1 00 42Added by a variant of the AGENT.AH TROJAN! 01
111MSN Manager1 10mscmgr.exe1 00 62Unidentified malware - causes multiple browser windows to open 01
3 4mscn1 8mscn.exe1 00 76Part of the SafeChildNet internet filtering program - required if you use it 01
1 8Mscolour1 12mscolour.exe1 00 25Added by the GEMA TROJAN!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?ID=405740
111COM Service1 11mscom32.com1 00 29Added by the BEASTY.H TROJAN!78http://securityresponse.symantec.com/avcenter/venc/data/backdoor.beasty.h.html0
117Windows Dcom2 Fix1 11mscom32.exe1 00 26Added by the RBOT-QT WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotqt.html0
125System Efficiency Monitor1 13mscommand.exe1 00 26Added by the KWBOT.P WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.kwbot.p.worm.html0
1 7MSCommX1 11mscommx.exe1 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
110MSN Update1 9mscon.exe1 00 26Added by the RBOT-QA WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotqa.html0
116Microsoft Config1 10msconf.exe1 00 26Added by the RBOT.PV WORM!89http://it.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_RBOT.PV0
116Microsoft Config1 10MSCONF.EXE1 00 26Added by the RBOT-LG WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotlg.html0
112AppInit_DLLs1 11msconfd.dll1 00 77Added by the Adware.CWSMSConfd hijacker! This is for the NT/XP/2000 version.61http://www.sarc.com/avcenter/venc/data/adware.cwsmsconfd.html0
116Microsoft Update1 11msconfg.exe1 00 25Added by the RBOT.H WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=396620
113MSCONFG32.EXE1 13MSCONFG32.EXE1 00 31Added by the OPTIX.04.C TROJAN!80http://securityresponse.symantec.com/avcenter/venc/data/backdoor.optix.04.c.html0
2 8MSConfig1 12msconfig.exe1 00203Entry that appears when you uncheck an item in the MSConfig Startup group, and will disappear if on the next reboot you select the option to not be reminded that you are running in Selective Startup mode 01
1 8msconfig1 12msconfig.exe1 00209CoolWebSearch parasite related. Note - this is not the legitimate msconfig.exe which should only appear in Msconfig/Startup if you leave the warning box unchecked after changing an Msconfig entry and rebooting53http://www.spywareinfo.com/~merijn/cwschronicles.html0
1 8Msconfig1 12msconfig.exe1 00 95Added by the WINUR WORM! Note - this is not the real msconfig.exe as it's located in C:\winrun\75http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.winur.html0
115Msconfig lptt011 12msconfig.exe1 00269Variant of the RapidBlaster parasite (in a "msconfig" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here. Note - this is not the valid Windows Msconfig which has the same executable name49http://www.doxdesk.com/parasite/RapidBlaster.html0
115Msconfig ml097e1 12msconfig.exe1 00269Variant of the RapidBlaster parasite (in a "msconfig" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here. Note - this is not the valid Windows Msconfig which has the same executable name49http://www.doxdesk.com/parasite/RapidBlaster.html0
216MSConfigReminder1 12msconfig.exe1 00203Entry that appears when you uncheck an item in the MSConfig Startup group, and will disappear if on the next reboot you select the option to not be reminded that you are running in Selective Startup mode 01
1 5msdev1 12msconfig.exe1 00207Added by the AGOBOT.AAU WORM! Note - this is not the legitimate msconfig.exe which should only appear in Msconfig/Startup if you leave the warning box unchecked after changing an Msconfig entry and rebooting87http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.AAU&VSect=T0
1 6winrun1 12msconfig.exe1 00 97Added by the WINUR.A WORM! Note - this is not the real msconfig.exe as it's located in C:\winrun\75http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.winur.html0
1 8MSConfig1 14MSCONFIG32.EXE1 00 37Unidentified adware, spyware or virus 01
110MSConfig451 14MSConfig45.exe1 00 29Added by the SDBOT.OJ TROJAN!99http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?id=56539&VName=BKDR_SDBOT.OJ0
110MSCSCLIENT1 14mscsclient.exe1 00 92Added by the Adware.CashSaver spyware/redirector. File found in the Windows System folder.60http://www.sarc.com/avcenter/venc/data/adware.cashsaver.html0
1 6Mscsgs1 10MSCSGS.EXE1 00 24Added by the ZEZER WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.zezer.worm.html0
1 8Mscsgs321 12MSCSGS32.EXE1 00 24Added by the ZEZER WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.zezer.worm.html0
1 8Msctrl321 12Msctrl32.scr1 00 25Added by the REDIST WORM!66http://www.symantec.com/avcenter/venc/data/w32.hllw.redist@mm.html0
112System MScvb1 11mscvb32.exe1 00 26Added by the SOBIG.C WORM!62http://www.symantec.com/avcenter/venc/data/w32.sobig.c@mm.html0
114Microsoft Cvrt1 12mscvrt32.exe1 00 47Added by an unidentified VIRUS, WORM or TROJAN! 01
1 5MSCVT1 9MSCVT.exe1 00 28Added by the SLIDESHOW WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.slideshow.html0
111Testing 1231 10msdata.dat1 00 25Added by the NITS.A WORM!58http://www.symantec.com/avcenter/venc/data/w32.nits.a.html0
2 5Zebus1 10msdc32.exe1 00 42Runs a HTML tutorial on the Zebus web-site 01
1 5msdev1 9msdev.exe1 00 28Added by the FORBOT-CR WORM!57http://www.sophos.com/virusinfo/analyses/w32forbotcr.html0
1 7msvsc321 9msdev.exe1 00 26Added by the RBOT-GJ WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotgj.html0
124Microsoft Device Manager1 14MSDEVMGD32.EXE1 00 79Added by W32/Domwis-F, a WORM/IRC backdoor TROJAN! Found in the Windows folder.56http://www.sophos.com/virusinfo/analyses/w32domwisf.html0
124Microsoft Device Manager1 14msdevmgr32.exe1 00 83Added by the Backdoor.Lateda.B Backdoor infection! Found in the Windows directory.78http://www.sarc.com/avcenter/venc/data/backdoor.lateda.b.html#technicaldetails0
116Media Plug x.1.21 8msdm.exe1 00 31Added by the MULDROP.352 VIRUS! 01
111VnCplUpdate1 8msdm.exe1 00147Masssend - spam relayer. Listens on a port for the spammers to feed it a list of addresses and what to send out. More information in this advisory72http://www.dslreports.com/forum/remark,8021632~root=security,1~mode=flat0
119Microsoft DNS Query1 9msdns.exe1 00 39Added by a variant of the WOOTBOT WORM!80http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.GEN0
1 5msdns1 9msdns.exe1 00 48Added by Troj/Dloader-VK , a downloader Trojan.60http://www.sophos.com/virusinfo/analyses/trojdloadervk.htmll0
127System Document Application1 14msdocument.exe1 00 83Added by the W32.Randex.COX infection. File is found in the Windows system folder.75http://www.sarc.com/avcenter/venc/data/w32.randex.cox.html#technicaldetails0
1 8MsSystem1 9msdos.exe1 00 35Adult content downloader - see here43http://vil.nai.com/vil/content/v_100801.htm0
1 7Msdos321 11Msdos32.pif1 00 25Added by the RECORY WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.recory@mm.html0
1 8msdos4231 12msdos423.exe1 00 27Added by the MENACE.A WORM!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MENACE.A0
1 7Windows1 11msdos98.exe1 00 29Added by the PWSTEAL TROJAN!75http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.trojan.html0
2 8MSDosdrv1 12msdosdrv.exe1 00 25Added by the BACROS WORM!71http://securityresponse.symantec.com/avcenter/venc/data/w32.bacros.html0
111COM Service1 10msdrce.com1 00 29Added by the BEASTY.I TROJAN!78http://securityresponse.symantec.com/avcenter/venc/data/backdoor.beasty.i.html0
123Windows Driver Services1 12msdrvs32.exe1 00 28Added by the WOOTBOT.L WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.L0
118Windows Automation1 10msdspr.exe1 00 27Added by the SOLAME.A WORM!73http://securityresponse.symantec.com/avcenter/venc/data/w32.solame.a.html0
2 5MSDTC1 9msdtc.exe1 00146MS Distributed Transaction Coordinator - handles transactions across multiple servers and is installed by MS Personal Web Server and MS SQL Server 01
127Device Configuration Loader1 11msdvc32.exe1 00 45Added by a variant of the AGOBOT/GAOBOT WORM!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN0
1 8MSFind321 12msfind32.exe1 00 24Added by the CAYAM WORM!78http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.cayam@mm.html0
021file indexing service1 14msfindfile.exe1 00 52New version of MS FindFast and still a resource hog? 01
113msfindosa.exe1 13msfindosa.exe1 00 34Added by the DOWNLOADER-BS TROJAN!42http://vil.nai.com/vil/content/v_99960.htm0
111MS FIREWALL1 14msfirewall.exe1 00 27Added by the SDBOT-QH WORM!56http://www.sophos.com/virusinfo/analyses/w32sdbotqh.html0
116Win32 FRT Driver1 10msfr32.exe1 00 38Added by a variant of the FORBOT WORM!57http://sophos.com.au/virusinfo/analyses/w32forbotgen.html0
116MS Configuration1 12MSFramer.exe1 00 28Added by the RANDEX.OL WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.ol.html0
111MS FIREWALL1 13msfrewall.exe1 00 27Added by the SDBOT-PU WORM!56http://www.sophos.com/virusinfo/analyses/w32sdbotpu.html0
124Windows Firewall Manager1 8msfw.exe1 00 26Added by the RBOT.WR WORM!76http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.WR0
317EW Message Server1 9msg32.exe1 00112Conexant (older versions are Brooktree) Wavestream Message Server - associated with Conexant based audio devices 01
1 5msgb11 9msgb1.exe1 00 30Added by the DLUCA.GEN TROJAN! 01
120Configuration Loader1 10msgfix.exe1 00 53Added by the GAOBOT.AUS or SDBOT.J or SDBOT-QG WORMS!75http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.aus.html0
113change-me-now1 11msgfix1.exe1 00 27Added by the SDBOT.ZD WORM!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.ZD0
110Msg Fixage1 12msgfixed.exe1 00 27Added by the SDBOT.ZD WORM!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.ZD0
127Microsoft Gina V Encryption1 11MSGINAV.EXE1 00 47Added by an unidentified VIRUS, WORM or TROJAN! 01
0 8WM_LOGIN1 12MSGLOGIN.EXE1 00 57Part of McAfee Firewall. What is it for and is it needed? 01
1 7MSREGIT1 8Msgp.exe1 00 32Added by the KRYPGHOS.13 TROJAN!80http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_KRYPGHOS.130
1 5CLSID1 11msgplus.exe1 00 97Premium rate adult content dialer. Note - this is NOT the MSN Messenger 'MessengerPlus' extension 01
213MessengerPlus1 11MsgPlus.exe1 00256MessengerPlus - third party MSN Messenger extension that adds a number of useful features. Bundles the hard to remove C2Media LOP adware. The software does offer you a choice during setup - make sure to install MessengerPlus WITHOUT that "sponsor program"!23http://www.msgplus.net/0
214MessengerPlus21 11MsgPlus.exe1 00256MessengerPlus - third party MSN Messenger extension that adds a number of useful features. Bundles the hard to remove C2Media LOP adware. The software does offer you a choice during setup - make sure to install MessengerPlus WITHOUT that "sponsor program"!23http://www.msgplus.net/0
214MessengerPlus31 11MsgPlus.exe1 00256MessengerPlus - third party MSN Messenger extension that adds a number of useful features. Bundles the hard to remove C2Media LOP adware. The software does offer you a choice during setup - make sure to install MessengerPlus WITHOUT that "sponsor program"!23http://www.msgplus.net/0
128Microsoft MSGPLUS32 Protocol1 13msgplus32.exe1 00 38Added by a variant of the SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
412CheckMsgPlus1 32MsgPlusH.dll, VerifyInstallation2 00128Added by MSN Messenger Plus, a third party extension to MSN Messenger. This is the auto-update feature - see here for more info.50http://www.patchou.com/msgplus/faq.htm#stopconnect0
118Messenger start-up1 10Msgran.exe1 00 25Added by the GRAMOS WORM!71http://securityresponse.symantec.com/avcenter/venc/data/w32.gramos.html0
1 9svshost321 12msgrsv32.exe1 00 29Added by the RANKY.AJ TROJAN! 01
1 8WinCSRSS1 11MSGRT32.EXE1 00 30Added by the REWINDO-A TROJAN!58http://www.sophos.com/virusinfo/analyses/trojrewindoa.html0
1 8Msgsrv161 12Msgsrv16.exe1 00 36Added by the DELF family of TROJANS!81http://securityresponse.symantec.com/avcenter/venc/data/backdoor.delf.family.html0
1 4LTM21 12MSGSRV32.EXE1 00161Added by the LITMUS.A TROJAN! Note - MSGSRV32.EXE in this case is in a Litmus sub-directory and is not to be confused with the valid version in C:\Windows\System89http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_LITMUS.A&VSect=T0
412MSGSRV32.exe1 12msgsrv32.exe1 00250Windows 32-bit VxD Message Server. For more information on its function and why it's needed, see here. Note - why some people have it listed in start-up programs I don't know but I was asked to include it here. It automatically runs in the background62http://support.microsoft.com/support/kb/articles/q138/7/08.asp0
1 4LTM21 13MSGSRV320.EXE1 00 29Added by the LITMUS.C TROJAN!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_LITMUS.C0
1 8msgsvr321 12msgsvr32.exe1 00167Added by the DEADHAT.B WORM! Note - not to be confused with the valid "msgsrv32.exe" file which resides in the same directory (C:\Windows\System) on a Win9x/Me machine79http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.deadhat.b.html0
121Microsoft Help System1 12mshelp32.exe1 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
133Microsoft Security Hot Fix Update1 12mshotfix.exe1 00 15Affilred adware58http://sarc.com/avcenter/venc/data/pf/adware.affilred.html0
1 5MSHT@1 9MSHT@.EXE1 00 29Added by the MAGISTR.A VIRUS!76http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=PE_MAGISTR.A0
1 7MS HTML1 10msHtml.exe1 00 32Added by the PESTDOOR.31 TROJAN!80http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_PESTDOOR.310
122WindowsRegKey%$ update1 10msi332.exe1 00 26Added by the RBOT-IX WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotix.html0
1 6msidle1 10msidle.exe1 00 28Added by the OPASERV-O WORM!57http://www.sophos.com/virusinfo/analyses/w32opaservo.html0
122Microsoft Ansti Update1 8msie.exe1 00 26Added by the RBOT-LE WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotle.html0
121Microsoft upnp Update1 8msie.exe1 00 26Added by the RBOT-LQ WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotlq.html0
1 9GLSetIT321 13msiexec16.exe1 00 30Added by the OPTIX PRO TROJAN!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?ID=394820
1 7MSIEXEC1 13MSIEXEC32.exe1 00 28Added by the AINESEY.A WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.ainesey.a@mm.html0
110Windows TM1 13msiexec32.exe1 00155Added by the W32/Forbot-DV WORM/BACKDOOR! The file is found in the Windows system folder. This infection also installs a service called draeco.sytes.net.57http://www.sophos.com/virusinfo/analyses/w32forbotdv.html0
1 8msiishlp1 12MSIISHLP.EXE1 00 99A service added by the Troj/Bdoor-GML TROJAN/backdoor, it's display name is "Microsoft IIS helper".58http://www.sophos.com/virusinfo/analyses/trojbdoorgml.html0
0 4MSIN1 8MSin.exe1 00 2?? 01
410FltProcess1 10msinet.exe1 00161Part of Cyber Patrol internet filtering software to restrict access to certain types of material on the internet. It can be disabled but do not ask how it's done27http://www.cyberpatrol.com/0
1 6MSInfo1 10msinfo.exe1 00 30Added by the ALADINZ.M TROJAN!83http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.aladinz.m.html0
113Bymer.Scanner1 10Msinit.exe1 00 24Added by the BYMER WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.bymer.html0
116Internet Loader11 15MSInstall61.exe1 00 26Added by the KWBOT.B WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.kwbot.b.worm.html0
110MS-Connect1 11msite18.exe1 00 32Adult content dialler - see here49http://vil.mcafee.com/dispVirus.asp?virus_k=999720
116Microsoft Update1 12msiwin84.exe1 00 29Added by the GAOBOT.AFJ WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.afj.html0
116Microsoft JavaVM1 11msjarun.exe1 00 26Added by the RBOT-JW WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotjw.html0
410UsB driver1 12msjavx86.exe1 00 69Added by W32/Agobot-PQ. FIle is located in the Windows system folder.57http://www.sophos.com/virusinfo/analyses/w32agobotpq.html0
111COM Service1 10msjclh.com1 00 25Added by the PLUX TROJAN!61http://www.symantec.com/avcenter/venc/data/backdoor.plux.html0
311MSKAGENTEXE1 12MskAgent.exe1 00 25Part of McAfee Spamkiller47http://us.mcafee.com/root/package.asp?pkgid=1560
314MSKDetectorExe1 12MSKDetct.exe1 00 25Part of McAfee Spamkiller47http://us.mcafee.com/root/package.asp?pkgid=1560
110MSKernel321 14MSKernel32.vbs1 00 44Added by the LOVELETTER (I LOVE YOU) VIRUS!77http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=VBS_LOVELETTER0
312MSKServerExe1 11MSKSrvr.exe1 00 25Part of McAfee Spamkiller47http://us.mcafee.com/root/package.asp?pkgid=1560
1 8mslagent1 12mslagent.exe1 00 25Added by SIMCSS.B adware!76http://securityresponse.symantec.com/avcenter/venc/data/trojan.simcss.b.html0
1 7MS HTML1 9mslat.exe1 00 32Added by the LATINUS.SVR TROJAN!80http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_LATINUS.SVR0
118windows automation1 11mslaugh.exe1 00 28Added by the BLASTER.E WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.e.worm.html0
111CiaBackdoor1 9msldr.com1 00 17Added by a VIRUS! 01
111SecureLogin1 10Mslg32.exe1 00 25Added by the REDZED WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.redzed@mm.html0
111LoadManager1 10msload.exe1 00 28Added by the OPASERV.T WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.T0
112LoadingAgent1 12msload32.exe1 00 90Added by the OBLIVION TROJAN! This executable is one of the most common but there are more78http://securityresponse.symantec.com/avcenter/venc/data/backdoor.oblivion.html0
117Zip Driver Loader1 12msload32.exe1 00 90Added by the OBLIVION TROJAN! This executable is one of the most common but there are more78http://securityresponse.symantec.com/avcenter/venc/data/backdoor.oblivion.html0
117MS Config Service1 14Msloader32.exe1 00 26Added by the RBOT-KJ WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotkj.html0
114Mslogon lptt011 11mslogon.exe1 00187Variant of the RapidBlaster parasite (in a "Mslogon" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here49http://www.doxdesk.com/parasite/RapidBlaster.html0
114Mslogon ml097e1 11mslogon.exe1 00187Variant of the RapidBlaster parasite (in a "Mslogon" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here49http://www.doxdesk.com/parasite/RapidBlaster.html0
120Microsoft AUT Update1 11MSlti16.exe1 00 26Added by the RBOT.EB WORM!84http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.EB&VSect=T0
120Microsoft AUT Update1 11MSlti32.exe1 00 25Added by the RBOT-X WORM!54http://www.sophos.com/virusinfo/analyses/w32rbotx.html0
116Microsoft Update1 11Mslti32.exe1 00 26Added by the RBOT-LX WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotlx.html0
113Video Process1 11MSlti64.exe1 00 28Added by the AGOBOT.UE WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.UE0
137Microsoft Macro Protection Subsystems1 17Msmacroprot32.exe1 00 26Added by the RBOT.KN WORM!76http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.KN0
137Microsoft Macro Protection Subsystems1 17msmacroprotxz.exe1 00 38Added by a variant of the SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
111msmanager321 12msmngr32.exe1 00 42Added by the RANDON-R (or WOMANIZ.A) WORM!59http://www.us.sophos.com/virusinfo/analyses/w32randonr.html0
012Roxio Engine1 12MSMNGR32.EXE1 00 90Not believed to be a valid Roxio program - more likely a variant on the WOMANIZ.A TROJAN! 7#FF00000
1 5msmon1 9msmon.exe1 00 40Added by a variant of the GEMA.D TROJAN!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=404930
121Microsoft Windows GUI1 12msmonk32.exe1 00 27Added by the SDBOT-PE WORM!56http://www.sophos.com/virusinfo/analyses/w32sdbotpe.html0
115Message Queuing1 9msmqs.exe1 00 29Added by the FREEFORS TROJAN!78http://securityresponse.symantec.com/avcenter/venc/data/backdoor.freefors.html0
1 6mssoul1 11msmscc2.exe1 00133Added by the DAPIZL.A banker WORM! (A "banker worm" is designed to pillage banking information and send it back to the perpetrators!) 01
116Microsoft Office1 10MSMSGR.exe1 00 28Added by the GAOBOT.BB WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.bb.html0
114mssyslanhelper1 13msmsgri32.exe1 00 27Added by the RANDEX.D WORM!73http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.d.html0
121System Initialization1 13msmsgri32.exe1 00 54Added by the RANDEX.D WORM or ROXY or ROXY.B TROJANS!73http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.d.html0
3 6MSMSGS1 10msmsgs.exe1 00242Windows Messenger utility. If you don't use Windows Messenger, this can be annoying. Available via Start - Programs. Go to Windows Messenger > Tools > Options > Preferences and uncheck "Run this program when Windows starts"63http://www.microsoft.com/windowsxp/windowsmessenger/default.asp0
124Msn Update Manager (Sp2)1 10MSMSGS.EXE1 00 28Added by the AGOBOT-NL WORM!57http://www.sophos.com/virusinfo/analyses/w32agobotnl.html0
1 9Scheduler1 10MSMSGS.EXE1 00118Troj/Hostbank-A modifies the HOSTS file to redirect certain banking and ebay sites. Found in %windir%\system32\config. 01
1 7IPfigre1 10msmsgs.exe1 00148Added by a SDBot variant. This type of infection is known to act as a backdoor. it also creates a Windows service if you have XP,NT,2000 or 20003. 01
1 7IPfigre1 10msmsgs.exe1 00145Added by a SDBot variant. This type of infection is known to act as a backdoor. It also creates Run entries to start the program automatically. 01
1 8MSMsgSvc1 12MSMSGSVC.exe1 00 89Browser hijacker, identified by some antiviruses as a variant of the StartPage.QC TROJAN! 01
1 3MSN1 7MSN.exe1 00 24Added by the MINIT WORM!73http://securityresponse.symantec.com/avcenter/venc/data/trojan.minit.html0
1 3MSN1 9msn16.exe1 00103W32/Sbbot-VN is a network worm with backdoor Trojan functionality found in the Windows system folder.56http://www.sophos.com/virusinfo/analyses/w32sdbotvn.html0
110Media Load1 9msn32.exe1 00 39Added by a unidentified WORM or TROJAN! 01
113win32 regedit1 9msn32.exe1 00 40Added by an unidentified WORM or TROJAN! 01
113Media Service1 9msn64.exe1 00 28Added by the SPYBOT.EV WORM!91http://hu.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_SPYBOT.EV0
2 8msnappau1 12msnappau.exe1 00110Updater for the MSN toolbar that can be downloaded onto IE. Calls home every day or so to "update" the toolbar 01
110Msnarrator1 14msnarrator.exe1 00 71Added by the NARAT.A TROJAN! - also identified as MPGCOM Toolbar adware76http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_NARAT.A0
128Microsoft .NET Confingurator1 11msnconf.exe1 00 47Added by an unidentified VIRUS, WORM or TROJAN! 01
214MSN Quick View1 9Msndc.exe1 00 44Quick way to connect to MSN internet service 01
1 9Msn Patch1 9msndp.exe1 00 27Added by the RBOT.AAI WORM!83http://uk.trendmicro-europe.com/smb/security_info/ve_detail.php?Vname=WORM_RBOT.AAI0
111Msn Patches1 9msndr.exe1 00 37Added by a variant of the SDBOT WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.GEN0
1 7InetMSN1 9msnet.exe1 00 39Added by a variant of the SDBOT TROJAN!75http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.html0
117Microsoft Network1 9msnet.exe1 00 28Added by the MOCKBOT.A WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.mockbot.a.worm.html0
1 5MSNET1 9msnet.exe1 00 22Added by the BOA WORM!71http://securityresponse.symantec.com/avcenter/venc/data/trojan.boa.html0
1 5Spore1 10MsNews.vbs1 00 26Added by the SPORE.A WORM!75http://securityresponse.symantec.com/avcenter/venc/data/vbs.sorpe.a@mm.html0
0 8MsnFixer1 11msnfixjs.js1 00 47Located in the HPbinmsnfix directory of a HP PC 01
1 8avupdate1 10msnftp.exe1 00104An Rbot variant. This infections connects to an IRC server where it awaits commands from a remote user.33http://www.malwareblog.com/?p=1050
110Msn Config1 9msngf.exe1 00 26Added by the RBOT-QG WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotqg.html0
126Microsoft MSNGR32 Protocol1 11msngr32.exe1 00 38Added by a variant of the SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
110MSNGrabber1 14MSNgrabber.exe1 00 26Added by the ENVID.A WORM!62http://www.symantec.com/avcenter/venc/data/w32.envid.a@mm.html0
115Messenger Block1 14msngrblock.exe1 00 24Added by the PATOO WORM!73http://securityresponse.symantec.com/avcenter/venc/data/w32.patoo@mm.html0
319Windows System Tray1 8msni.exe1 00 33Iambigbrother monitoring software29http://www.iambigbrother.com/0
2 5MSNIA1 12MSNIASVC.EXE1 00105Added with MSN version 9. Resets certain internet settings upon bootup and can't be disabled via MSCONFIG 01
116Security Patches1 9msnkn.exe1 00 26Added by the RBOT.WW WORM!76http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.WW0
113msnload32.exe1 13msnload32.exe1 00 29Added by the BANCOS.M TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.bancos.m.html0
1 3MSN1 16msnmesengers.exe1 00 26Added by the RBOT-ME WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotme.html0
124Microsoft Windows Update1 16msnmessenger.exe1 00 27Added by the SDBOT.AJ WORM!78http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.aj.html0
1 7Offices1 12msnmgd32.exe1 00154Added by the W32/Forbot-DV WORM/BACKDOOR! The file is found in the Windows system folder. This infection also installs a service called draeco.sytes.net.57http://www.sophos.com/virusinfo/analyses/w32forbotdv.html0
1 7Offices1 12msnmgd32.exe1 00132Added by the W32/Forbot-DV WORM/BACKDOOR! The file is found in the Windows system folder. This infection also installs Run entries.57http://www.sophos.com/virusinfo/analyses/w32forbotdv.html0
118Microsoft Help SVC1 11msnmngr.exe1 00 27Added by the SDBOT-PQ WORM!56http://www.sophos.com/virusinfo/analyses/w32sdbotpq.html0
329BitDefender for MSN Messenger1 10msnmon.exe1 00110Bitdefender anti-virus for MSN Messenger. Unless you have MSN Messenger running all the time start it manually52http://www.bitdefender.com/html/bd_msn_messenger.php0
111MSN Updater1 9msnms.exe1 00 28Added by the FORBOT-CG WORM!57http://www.sophos.com/virusinfo/analyses/w32forbotcg.html0
1 3msn1 10msnmsg.exe1 00 26Added by the RBOT-GO WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotgo.html0
113Plug And Play1 10msnmsg.exe1 00 26Added by the RBOT-ID WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotid.html0
116Windows Registry1 10msnmsg.exe1 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
114msnmsgr32-.exe1 12msnmsgr-.exe1 00 38Added by a variant of the SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
114Msn Messengers1 11MSNMSGR.EXE1 00 26Added by the RBOT.KX WORM!84http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.KX&VSect=T0
2 7msnmsgr1 11msnmsgr.exe1 00229MSN Messenger utility. If you don't use MSN Messenger, this can be annoying. Available via Start - Programs. Go to MS Messenger > Tools > Options > Preferences and uncheck "Run this program when Windows starts"25http://messenger.msn.com/0
1 3MSN1 11msnmsgr.exe1 00130Not to be confused with the legitimate filename, this is added by W32/Mytob-A, a WORM/backdoor and exploits users of IRC channels.55http://www.sophos.com/virusinfo/analyses/w32mytoba.html0
1 8MSNMSGR51 12MSNMSGR5.exe1 00 26Added by the RBOT.PQ WORM!102http://uk.trendmicro-europe.com/enterprise/security_info/virus_encyclopedia.php?s=1&VName=WORM_RBOT.PQ0
1 9MSN Start1 12msnmsgr7.exe1 00 26Added by the RBOT-PH WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotph.html0
112blah service1 12msnmsgrr.exe1 00 26Added by the RBOT.PZ WORM!84http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.PZ&VSect=T0
1 7MsnMsgr1 12MsnMsgrs.exe1 00 28Added by the NETSKY-AD WORM!64http://www.symantec.com/avcenter/venc/data/w32.netsky.ad@mm.html0
131Windows Secure Messaging System1 15msnmsgrsrvc.exe1 00 26Added by the RBOT-RE WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotre.html0
1 3MSN1 11msnmsgs.exe1 00 26Added by the RBOT-KL WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotkl.html0
113Msn Messenger1 11msnmsgs.exe1 00 28Added by the LOONY-P TROJAN!56http://www.sophos.com/virusinfo/analyses/trojloonyp.html0
1 932 Driver1 11msnmsgs.exe1 00209This is an SDBot variant that attempts to connect to the IRC server chit.badpenguin.net and join channel #fucked with password open. This allows a remote user in that channel to take control of your computer. 01
1 9msnmsgsgs1 13msnmsgsgs.exe1 00 58Added by the "Catal" alias Spy.Delitall.B backdoor TROJAN! 01
113Media service1 12msnmsgxr.exe1 00 27Added by the SDBOT.TF WORM!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.TF0
113MSN Messanger1 11msnmsng.exe1 00 27Added by the SDBOT.XN WORM!90http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_SDBOT.XN0
116WinUpdate Loader1 9msnnm.exe1 00 30Added by the REVCUSS.C TROJAN!78http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.revcuss.c.html0
111Msn Updater1 14msnplugins.exe1 00 26Added by the RBOT-HS WORM!55http://www.sophos.com/virusinfo/analyses/w32rboths.html0
116Msn Plus Updater1 11msnplus.exe1 00 26Added by the RBOT-MU WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotmu.html0
110MSNService1 14MSNService.exe1 00 27Added by the CARPET.C WORM!78http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.carpet.c.html0
120Configuration Loader1 9msnss.exe1 00 29Added by the GAOBOT.AUS WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.aus.html0
115Microsoft MsnST1 11msnst32.exe1 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
132Microsoft Netview Component v5.11 10msnv32.exe1 00 27Added by the RANDEX.F WORM!73http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.f.html0
124Microsoft Windows Update1 10msnwun.exe1 00 27Added by the SDBOT-RM WORM!56http://www.sophos.com/virusinfo/analyses/w32sdbotrm.html0
110MSObject321 13MSObject32.js1 00 24Added by the PUN TROJAN!74http://securityresponse.symantec.com/avcenter/venc/data/js.pun.trojan.html0
216Microsoft Office1 12Msoffice.exe1 00221Alternative shortcuts to the Start -> Programs way of running applications installed as part of MS Office. Some people prefer it but a better way is to create Desktop Shortcuts if you want access these programs quickly 01
229Microsoft Office Shortcut Bar1 12Msoffice.exe1 00221Alternative shortcuts to the Start -> Programs way of running applications installed as part of MS Office. Some people prefer it but a better way is to create Desktop Shortcuts if you want access these programs quickly 01
1 8Msoffice1 12msoffice.hta1 00 39Hijacker - redirecting to Searchdot.net 01
124Microsoft Windows Update1 13msoffice2.exe1 00 26Added by the RBOT-GB WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotgb.html0
1 6MSOOBD1 10MSOOBD.EXE1 00 29Added by the MAGISTR.A VIRUS!76http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=PE_MAGISTR.A0
1 6mmxrun1 9msosa.exe1 00183Adult content dialler - see here. This has to be cleared at the same time as MSStartOptimizer (WINUPD.EXE), atisrc2 (windfind.exe) and RegCompres (REGCPM32.EXE), otherwise they return85http://www.spywareinfo.com/forums/index.php?act=ST&f=11&t=7756&hl=&s=0
112winlogin.exe1 11mspaint.exe1 00 42Added by a variant of the AGENT.AH TROJAN! 01
113NVIDIA Driver1 12MSPMSPSU.EXE1 00 28Added by the WOOTBOT.Y WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.Y0
119Win32 NVIDIA Driver1 12MSPMSPSU.EXE1 00 41Added by a variant of the WOOTBOT.Y WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.Y0
113MSprotect.exe1 13MSprotect.exe1 00 29Added by the DABYREV.A VIRUS!76http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=PE_DABYREV.A0
113System-Config1 12msptmf32.com1 00 28Added by the LIOTEN.FA WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394290
122Internet Mail and News1 11msqdevl.exe1 00 17EasySearch adware57http://sarc.com/avcenter/venc/data/adware.easysearch.html0
1 3MSR1 7msr.exe1 00 28Added by the AGOBOT.RT WORM!91http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_AGOBOT.RT0
1 4Msrc1 8Msrc.exe1 00 36Added by the KRYPTONIC GHOST TROJAN! 01
114msReg32 Loader1 11msreg32.exe1 00 28Added by the AGOBOT.IU WORM!99http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?VName=WORM_AGOBOT.IU&VSect=T0
110RecycleSTR1 11msreg32.exe1 00 26Added by the RBOT-TC WORM!55http://www.sophos.com/virusinfo/analyses/w32rbottc.html0
1 8winlogon1 11msreg32.exe1 00 27Added by the SDBOT.EO WORM!90http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=BKDR_SDBOT.EO0
1 9msreg.exe1 10msrege.exe1 00 25Added by the ZINX TROJAN!74http://securityresponse.symantec.com/avcenter/venc/data/backdoor.zinx.html0
114System Service1 10MSREXE.EXE1 00 24Added by the AML TROJAN!42http://vil.nai.com/vil/content/v_99793.htm0
124MS Remote Procedure Call1 11msrpc32.exe1 00 26Added by the RBOT-QL WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotql.html0
110msrunocx321 14msrunocx32.exe1 00 23Added by the SKUS WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.skus.html0
117MatrixScreenSaver1 7mss.exe1 00 18Malware, see here77http://www.spywareinfo.com/forums/index.php?s=&act=ST&f=11&t=72780
122Security Agent Manager1 10mssams.exe1 00 26Added by the RBOT-SV WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotsv.html0
1 3RPC1 12MSschost.exe1 00 45Added by a variant of the GAOBOT/AGOBOT WORM!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN0
0 7SysComp1 10mssdnl.com1 00 90Unknown but suspect as *.com are not usually run at start up and the name isn't recognized 01
1 9.mssecure1 12MSSECURE.EXE1 00168Troj/Borobot-E is an IRC backdoor Trojan. Copies itself to the Windows system directory or into the folder Application Data\Microsoft\Internet Explorer in your profile. 01
131Microsoft Update Security Patch1 25mssecurityupdatepatch.exe1 00 29Added by the AGENT.EF TROJAN! 01
1 9msservice1 10msserv.exe1 00 22Added by the HYD WORM!71http://securityresponse.symantec.com/avcenter/venc/data/w32.hyd@mm.html0
121MSN messenger service1 9mssgs.exe1 00 91Added by an unidentified TROJAN! Note - this is not the real MSN Messenger, see this thread63http://forums.techguy.org/showthread.php?s=&threadid=1090540
1 9atiupdate1 12msshed32.exe1 00 39Added by the DELF.EP downloader TROJAN! 01
1 6MSSHVC1 10MSSHVC.exe1 00 26Added by the NUFFY.A WORM!72http://securityresponse.symantec.com/avcenter/venc/data/w32.nuffy.a.html0
1 9superslut1 12msslut32.exe1 00 27Added by the SLUTER-A WORM!56http://www.sophos.com/virusinfo/analyses/w32slutera.html0
116Microsoft Update1 11mssmgrd.exe1 00 27Added by the SDBOT.JT WORM!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.JT0
1 5MSSQL1 9Mssql.exe1 00 26Added by the SDBOT TROJAN!75http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.html0
126Microsoft Database Handler1 11mssql32.exe1 00 28Added by the RANDEX.AX WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.ax.html0
123Microsoft Update Server1 9mssrv.exe1 00 47Added by an unidentified VIRUS, WORM or TROJAN! 01
1 7Msstart1 11msstart.exe1 00 28Added by the LIVUP.C TROJAN!89http://it.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=BKDR_LIVUP.C0
1 7msstask1 11msstask.exe1 00 26Added by the MYPARTY WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.myparty@mm.html0
320Memory Stick Monitor1 10MSstat.exe1 00112Sony/SmartDisk memorystick-floppydisk-adapter software - allows you to read memorysticks in a normal floppydrive 01
113Start Uppings1 13mssupdate.exe1 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
115mssurfer lptt011 12mssurfer.exe1 00186Variant of the RapidBlaster parasite (in a "surfer" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here49http://www.doxdesk.com/parasite/RapidBlaster.html0
115mssurfer ml097e1 12mssurfer.exe1 00186Variant of the RapidBlaster parasite (in a "surfer" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here49http://www.doxdesk.com/parasite/RapidBlaster.html0
4 9MSSVC.EXE1 9MSSVC.EXE1 00 97Stealthdisk - hides folders, files and applications. Will also encrypt them for better protection27http://www.stealthdisk.com/0
4 7SysPool1 9Mssvc.exe1 00 97StealthDisk - hides folders, files and applications. Will also encrypt them for better protection34http://www.invisicom.com/index.asp0
117Microsoft Netview1 11mssvc32.exe1 00 47Added by an unidentified VIRUS, WORM or TROJAN! 01
1 7mssvc321 11mssvc32.exe1 00 28Added by the AGOBOT-ME WORM!57http://www.sophos.com/virusinfo/analyses/w32agobotme.html0
227Microsoft Sound Volume Tool1 10mssvol.exe1 00210This is a Blue version of the yellow speaker icon on the system tray and is used to edit advanced Sound Features that the MS DSS80 Speakers add. Should be accessible via Start -> Settings -> Control Panel 01
1142020Downloader1 9mssvr.exe1 00 572020Search Toolbar related. Reported to be auto-installed 01
130Microsoft Windows W32 Services1 10mssw32.exe1 00 38Added by a variant of the SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
1 5mssys1 9mssys.exe1 00 27Added by the MYSS.B TROJAN!74http://securityresponse.symantec.com/avcenter/venc/data/trojan.myss.b.html0
1 8MsSystem1 9mssys.exe1 00 28Added by the VANTA.A TROJAN!76http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_VANTA.A0
1 6Mstask1 10mstask.exe1 00138Added by the OPASERV.N WORM! Note - this is not the legitimate mstask.exe system file and the executable resides in C:\Windows or C:\WINNT78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.N0
1 6mstask1 10mstask.exe1 00105Browser hijacker - redirecting to find-more.net. Note - this is not the legitimate mstask.exe system file70http://www.liutilities.com/products/wintaskspro/processlibrary/mstask/0
315SchedulingAgent1 10mstask.exe1 00235MS Scheduling Agent displayed as a box with a stopwatch in the System Tray that is only needed if you have regular scheduled disk defragmenting, ScanDisk, etc. Required if you have regularily scheduled events such as weekly virus scans 01
117Microsoft Windows1 11mstask0.exe1 00 27Added by the SDBOT.FQ WORM!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.FQ0
123MicrosoftServiceManager1 12mstask32.exe1 00 25Added by the YAHA.P WORM!50http://vil.mcafee.com/dispVirus.asp?virus_k=1000920
120Configuration Loader1 11MSTasks.exe1 00 39Added by the LOADCFG or SDBOT TROJANS!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_LOADCFG.A0
1 7mstasks1 11mstasks.exe1 00 31Added by the MULTIDR-AY TROJAN!59http://www.sophos.com/virusinfo/analyses/trojmultidray.html0
220Memory Stick Monitor1 9MSTAT.exe1 00101Used with the Sony floppy disk adapter for memory sticks, showing if there is a stick in the computer 01
0 7Mstcgww1 11MSTCGWW.EXE1 00 2?? 01
315SchedulingAgent1 11mstinit.exe1 00235MS Scheduling Agent displayed as a box with a stopwatch in the System Tray that is only needed if you have regular scheduled disk defragmenting, ScanDisk, etc. Required if you have regularily scheduled events such as weekly virus scans 01
2 8MSTMON_Q1 12MSTMON_Q.exe1 00108Generates an error message on startup if the Konica Minolta PagePro 1350W printer is not turned on and ready 01
1 7Mstng321 11MSTng32.exe1 00 23Added by the TANG WORM!64http://www.symantec.com/avcenter/venc/data/w32.hllw.tang@mm.html0
129Microsoft Windows Task Manger1 10Mstosk.exe1 00 27Added by the SDBOT-WW WORM!56http://www.sophos.com/virusinfo/analyses/w32sdbotww.html0
1 7RavTime1 10Mstray.exe1 00 27Added by the WUKILL.A WORM!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WUKILL.A0
123MicrosoftServiceManager1 11msupdat.exe1 00 26Added by the YAHA.AA WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.yaha.aa@mm.html0
119Microsoft IT Update1 12msupdate.exe1 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
119Microsoft Update 321 14MSupdate32.exe1 00 38Added by a variant of the SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
116msconfig service1 14MSupdate32.exe1 00 38Added by a variant of the SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
1 8MSUpdSrv1 12msupdsrv.exe1 00 44Browser hijacker, redirecting to a porn site 01
1 9msupdates1 10msupdt.exe1 00 26Added by the RBOT-JO WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotjo.html0
1 5msurl1 11msurl32.exe1 00 30Added by the CRYPTER.A TROJAN!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A0
112msuser32.exe1 12msuser32.exe1 00 27Added by the ANDROV TROJAN!74http://securityresponse.symantec.com/avcenter/venc/data/trojan.androv.html0
1 7MsVBdll1 11MsVBdll.pif1 00 72Added by the W32.Aimdes.A@mm infection! Found in the Windows directory. 01
1 8MySLScan1 10msvc32.exe1 00 77Added by the W32/Forbot-EH WORM! File is found in the Windows system folder.57http://www.sophos.com/virusinfo/analyses/w32forboteh.html0
1 5msvcc1 12msvchost.exe1 00 26Added by the XOMBE TROJAN!73http://securityresponse.symantec.com/avcenter/venc/data/trojan.xombe.html0
210LoadMSvcmm1 12msvcmm32.exe1 00 68Auto-update for Movielink - internet movie rental System Tray access25http://www.movielink.com/0
227Movielink Manager Uninstall1 12msvcmm32.exe1 00 68Auto-update for Movielink - internet movie rental System Tray access25http://www.movielink.com/0
1 5MSVXD1 9MSVXD.EXE1 00 26Added by the DATOM.A WORM!76http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_DATOM.A0
0 7MSLIB321 13mswatch32.exe1 00 2?? 01
1 6mswave1 10mswave.exe1 00 30Added by the CRYPTER.A TROJAN!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A0
1 9Mswavedll1 13mswavedll.exe1 00 30Added by the CRYPTER-C TROJAN!58http://www.sophos.com/virusinfo/analyses/trojcrypterc.html0
125Microsoft Windows Control1 12mswctl32.exe1 00 26Added by the RBOT.JP WORM!76http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.JP0
3 7MSwheel1 11mswheel.exe1 00128Microsoft Intellipoint software for their Intellimouse series of mice - required if you use non-standard Windows driver features38http://www.microsoft.com/intellipoint/0
118MS Network Control1 9mswin.exe1 00 26Added by the DUMBA TROJAN!73http://securityresponse.symantec.com/avcenter/venc/data/trojan.dumba.html0
124Microsoft Update Service1 11mswin32.exe1 00 38Added by a variant of the SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
116MS Config Loader1 14MSWin32bck.exe1 00 28Added by the GAOBOT.AA WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.aa.html0
122Remote Procedure Calls1 10mswinc.exe1 00 26Added by the RBOT-IT WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotit.html0
1 8Mswincfg1 14Mswincfg32.exe1 00 30Added by the CYBRSPY.D TROJAN!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_CYBERSPY.D0
110Mswinpid321 14mswinpid32.exe1 00198Added by the LAPOS.A TROJAN! This is a keylogger which emails back to China PayPal passwords and account information - thus allowing the perpetrators to steal PayPal funds in the name of the victim! 01
122Remote Procedure Calls1 12mswinrpc.exe1 00 26Added by the RBOT.KJ WORM!87http://uk.trendmicro-europe.com/consumer/security_info/ve_detail.php?Vname=WORM_RBOT.KJ0
1 8MSWinSrv1 12MSWinSrv.exe1 00 26Added by the MTRON TROJAN!75http://securityresponse.symantec.com/avcenter/venc/data/backdoor.mtron.html0
110MSWinSrv321 14MSWinSrv32.exe1 00 28Added by the MTRON-B TROJAN!56http://www.sophos.com/virusinfo/analyses/trojmtronb.html0
016Update for Works1 11MSWkstz.exe1 00 44Maybe related to later versions of MS Works? 01
3 6WmcCds1 12mswmccds.exe1 00203Windows Media Connect (WMC) allows Universal Plug and Play devices to be used by Windows Media Player. As Universal Plug and Player is considered a security risk, disable this unless you need to use it. 01
1 8xpsystem1 11MSXMIDI.EXE1 00 97CoolWebSearch parasite variant, identified by Kaspersky_antivirus as TrojanDropper.Win32.Small.cw53http://www.spywareinfo.com/~merijn/cwschronicles.html0
111XML Service1 9msxml.exe1 00 26Added by the RBOT-HD WORM!55http://www.sophos.com/virusinfo/analyses/w32rbothd.html0
121Microsoft XML Service1 10msxmlx.exe1 00 26Added by the RBOT.KS WORM!76http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.KS0
115SystrayServices1 9Msxpw.exe1 00 24Added by the CITOR WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.citor.html0
1 2/a1 12MSYGSY32.EXE1 00 83Added by the W32/Sdbot-VC Backdoor Trojan/WORM! Found in the Windows system folder.56http://www.sophos.com/virusinfo/analyses/w32sdbotvc.html0
113Msy1 Startups1 10msyj32.exe1 00153Added by the W32/Agobot-QQ WORM, it allows remote control by way of an IRC channel, modification of the HOSTS file and termination of specific processes.57http://www.sophos.com/virusinfo/analyses/w32agobotqq.html0
111COM Service1 10msynvr.com1 00 29Added by the BEASTY.G TROJAN!78http://securityresponse.symantec.com/avcenter/venc/data/backdoor.beasty.g.html0
111msys lptt011 8msys.exe1 00189New variant of the RapidBlaster parasite (in a "Msyss" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here49http://www.doxdesk.com/parasite/RapidBlaster.html0
110MS_LARISSA1 14MS_LARISSA.exe1 00 82Added by the W32/Assiral-A Infection! File is found in the Windows system folder.57http://www.sophos.com/virusinfo/analyses/w32assirala.html0
112MS_SETUP.EXE1 12MS_SETUP.EXE1 00 27Added by the CHARGE TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/backdoor.charge.html0
1 9winreg_321 9mtask.exe1 00 59Added by Troj/Banker-GQ and found the Windows system files.58http://www.sophos.com/virusinfo/analyses/trojbankergq.html0
130Microsoft Transfer File Server1 8mtfs.exe1 00 27Added by the RBOT.AFE WORM!103http://www.trendmicro-middleeast.com/enterprise/security_info/ve_detail.php?VName=WORM_RBOT.AFE&VSect=T0
1 4Mtr21 8mtr2.exe1 00 36Added by the KRYPTONIC GHOST TROJAN! 01
112SystemBackup1 7mtx.exe1 00 28Added by the MTX VIRUS/WORM!55http://www.symantec.com/avcenter/venc/data/w95.mtx.html0
3 4MUAL1 8mual.exe1 00 40Millesky video mail updater and launcher 01
2 3MOD1 11muamger.exe1 00150MicroAngelo On Display from Impact Software lets you customize Windows icons. With a few exceptions, you can customize icons by right-clicking on them57http://www.impactsoft.com/muangelo/ondisplay/prodinfo.htm0
319Microangelo Desktop1 10Muamgr.exe1 00227Quick access to MicroAngelo 5.0. It can make the background of the icon text transparent and also change the color of the shortcut's text to a color you want. Very useful, if you have a wallpaper. Available via Start - Programs 01
3 6muamgr1 10muamgr.exe1 00227Quick access to MicroAngelo 5.0. It can make the background of the icon text transparent and also change the color of the shortcut's text to a color you want. Very useful, if you have a wallpaper. Available via Start - Programs 01
116Microsoft Update1 11muamgrd.exe1 00 45Added by a variant of the AGOBOT/GAOBOT WORM!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN0
0 5Mufix1 9mufix.exe1 00363Part of INFOConnect, web-based, enterprise client configuration, management, and deployment software, as used by ABSS (a financial management system used by the US military which will allow purchase request packages to be electronically submitted to contracting, and which also facilitates electronic receipt of items and EFT) - what does it do and is it required 01
3 8MultiRes1 12MultiRes.exe1 00151MultiRes - system tray utility allowing quick access to changing desktop resolutions and has the ability to lock the screen refresh rate in WinNT/2K/XP28http://www.entechtaiwan.com/0
116Microsoft Update1 11Mupdate.exe1 00 26Added by the RBOT-AG WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotag.html0
3 4MUPS1 8MUPS.exe1 00 99Lauches the Belkin Bulldog Plus Service - required if you want to access the UPS advanced functions22http://www.belkin.com/0
214Music01 Server1 18Music01 Server.exe2 00 82J River a target="_blank" href="http://www.musicex.com/mediajukebox/"Media Jukebox 01
129MusIRC (irc.music.com) client1 14musirc4.71.exe1 00 27Added by the RANDEX.Q WORM!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RANDEX.Q0
116Microsoft Update1 8mvsc.exe1 00 29Added by the SPYBOT.DAZ WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.daz.html0
116Win32 USB Driver1 10mvsecn.exe1 00 28Added by the FORBOT-BK WORM!57http://www.sophos.com/virusinfo/analyses/w32forbotbk.html0
3 8mwavscan1 12mwavscan.com1 00227MicroWorld Anti Virus Toolkit is a free anti-virus scanner that runs on-demand. You can choose to scan your entire system, including memory, services, starup items and registry, or only scan files in a specified folder or drive 01
2 9Copyright1 11mwcpyrt.exe1 00 47Displays copyright information on IBM ThinkPads 01
134Windows Management Instrumentation1 7mwd.exe1 00 24Added by the GRAPS WORM!51https://www.europe.f-secure.com/v-descs/graps.shtml0
135Config Loader for Microsoft Windows1 13mwincfg32.exe1 00 28Added by the AGOBOT.BD WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.BD0
2 8MWProEng1 12MWProEng.exe1 00 76Logitech Mouseware Pro software - only required when using special functions 01
1 8mwsoemon1 12mwsoemon.exe1 00 23"My Web Search" malware 01
124MyWebSearch Email Plugin1 12mwsoemon.exe1 00 23"My Web Search" malware 01
1 4absr1 9mwsvm.exe1 00 48SeekSeek search hijacker related - as seen here115http://www.net-integration.net/cgi-bin/forum/ikonboard.cgi?act=ST&f=32&t=6790&st=0&&#entry345430
1 5Mwsvm1 9mwsvm.exe1 00 48SeekSeek search hijacker related - as seen here115http://www.net-integration.net/cgi-bin/forum/ikonboard.cgi?act=ST&f=32&t=6790&st=0&&#entry345430
1 7MxHLp321 11MxHLp32.exe1 00 44Added by a variant of the VAGRNOCKER TROJAN!80http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_VAGRNOCK.120
315MXO Auto Loader1 11MXOaldr.exe1 00238Maxtor includes a driver to bypass the Windows certified drivers check just when it detects an external drive. MXOaldr.exe is installed with the new driver and if disabled the button on a Maxtor OneTouch External Store no longer functions 01
3 8MxRunner1 12MxRunner.exe1 00 56EasyUninstall from Aladdin Systems (formerly by Ontrack)40http://www.aladdinsys.com/easyuninstall/0
4 6Fix-it1 10mxtask.exe1 00207Part of Ontrack's Fix-it Utilities Suite. Loads a System Tray icon that lets you access the full program. Needed if you run the crash guard, intellicluster, anti-virus, or autoupdater. Otherwise not required 01
324SystemSuite Task Manager1 10MXTASK.EXE1 00183vcom (nee Ontrack) SystemSuite - PC maintenance and security. Use the program's configuration options to enable only the parts you want running all the time - such as Virusscanner Pro40http://www.v-com.com/product/ss_ind.html0
3 8MyAgtTry1 12MyAgtTry.exe1 00123System tray notification for McAfee VirusScan ASaP on-line scanner. Not required to be protected but you lose notifications60http://www.mcafeeasap.com/content/virusscan_asap/default.asp0
314myCIO.com ASaP1 12MyAgtTry.exe1 00123System tray notification for McAfee VirusScan ASaP on-line scanner. Not required to be protected but you lose notifications60http://www.mcafeeasap.com/content/virusscan_asap/default.asp0
319MytekSystrayExePath1 16MyTekSystray.exe1 00 73MyTek system tray - web site providing computer tech support in Australia24http://www.mytek.com.au/0
110MyVirt.exe1 10MyVirt.exe1 00 29Added by the REMADM-C TROJAN!57http://www.sophos.com/virusinfo/analyses/trojremadmc.html0
1 7Desktop1 42rundll32.exe msconfd, Restore ControlPanel2 00 74Added by the Adware.CWSMSConfd hijacker! This is for the 95/98/Me version61http://www.sarc.com/avcenter/venc/data/adware.cwsmsconfd.html0
2 6/l:eng1 3N/A1 00517Related to the Dell OEM version of the Sound Blaster Audigy 2 sound card. If this item is listed and checked in startup, the System32 Folder will appear on every startup. A patch is available - filename R75304.EXE - that fixes the issue. You can find that file at support.dell.com by typing that name in the 'Search' box available there. It addresses the root of the problem in Creative's software and corrects it. Unfortunately there is no direct link to the file, but it's easily available using the search function 01
01317779Proj20021 3N/A1 00 2?? 01
216ARCSolo Recovery1 3N/A1 00 60Backup software by Computer Associates - no longer supported 01
2 9Batchreg11 3N/A1 00256Part of the Windows System Recovery process. Added to the registry via Msbatch.inf. The existence of this key or process after the last reboot during installation indicates an unsuccessful installation, as that key should be deleted automatically. See here103http://www.vanwijk.com/-=%20Bookz%20=-/Special%20Edition%20Using%20Windows%2098/ch10/ch10.htm#Heading240
0 6DashIE1 3N/A1 00 67Could be related to "Dash Power Shopping" tool bar in IE? 01
011Datechecker1 3N/A1 00 25Could be related to this? 7#FF00000
1 4Host1 3N/A1 00 43Added by the POPDIS or STARTPAGE.F TROJANS!74http://securityresponse.symantec.com/avcenter/venc/data/trojan.popdis.html0
212hpoddt01.exe1 3N/A1 00124Installed by the "HP Photo and Imaging Director" software. If you ask for the imaging software, this program will be started 01
4 6HWinst1 3N/A1 00179For Gilat Communications internet satellite systems. Gilat rescue (Satellite system restore). Required if you have this system. Can cause a BSOD (blue screen of death) if left out 01
4 6IPinst1 3N/A1 00179For Gilat Communications internet satellite systems. Gilat rescue (Satellite system restore). Required if you have this system. Can cause a BSOD (blue screen of death) if left out 01
0 3IZE1 3N/A1 00 2?? 01
4 8LASTinst1 3N/A1 00179For Gilat Communications internet satellite systems. Gilat rescue (Satellite system restore). Required if you have this system. Can cause a BSOD (blue screen of death) if left out 01
112MSupdate.exe1 3N/A1 00 74CoolWebSearch parasite related - resets home page to an adult content site53http://www.spywareinfo.com/~merijn/cwschronicles.html0
1 9nAv AGENT1 3N/A1 00174Added by the RIOSYS MACRO! Note the lower-case "n" and "v" in the name as this is not the valid Norton AntiVirus entry of the same name - indeed it closes Norton AV processes72http://securityresponse.symantec.com/avcenter/venc/data/w97m.riosys.html0
0 8NCClient1 3N/A1 00 2?? 01
312piiserviceOE1 3N/A1 00124Spam Inspector (nee Postal Inspector) from The Giant Company or iHateSpam from Sunbelt Software - spam filter add-ons for OE37http://www.giantcompany.com/piOe.aspx0
2 7Recover1 3N/A1 00258Added during the installation of Comcast High Speed Internet software. During installation the system reboots and if the disk is removed a screen appears asking for the disk to be re-inserted to complete installation. Not required once installion is complete 01
0 7regtmlp1 3N/A1 00 2?? 01
011RTStartMute1 3N/A1 00 2?? 01
1 4rvde1 3N/A1 00 23Related to li-speed**** 01
4 8SOFTinst1 3N/A1 00179For Gilat Communications internet satellite systems. Gilat rescue (Satellite system restore). Required if you have this system. Can cause a BSOD (blue screen of death) if left out 01
012TDockNUndock1 3N/A1 00 59Found on a Toshiba laptop - for use with a docking station? 01
012TheMainStart1 3N/A1 00 2?? 01
0 8TWarmBay1 3N/A1 00 61Found on a Toshiba laptop. Related to hotswap bay management? 01
0 6TWBbtn1 3N/A1 00 25Found on a Toshiba laptop 01
4 9UTILsInst1 3N/A1 00179For Gilat Communications internet satellite systems. Gilat rescue (Satellite system restore). Required if you have this system. Can cause a BSOD (blue screen of death) if left out 01
218WaveTop Receiver 11 3N/A1 00156WaveTop - "Get push content from TV without an Internet connection" - now possibly a defunct system in the US included as an optional part of WebTV in Win9855http://www.zdnet.com/pcmag/firstlooks/9804/f980406a.htm0
218WaveTop Receiver 21 3N/A1 00156WaveTop - "Get push content from TV without an Internet connection" - now possibly a defunct system in the US included as an optional part of WebTV in Win9855http://www.zdnet.com/pcmag/firstlooks/9804/f980406a.htm0
222WaveTop Upload Manager1 3N/A1 00156WaveTop - "Get push content from TV without an Internet connection" - now possibly a defunct system in the US included as an optional part of WebTV in Win9855http://www.zdnet.com/pcmag/firstlooks/9804/f980406a.htm0
118Windows Update.exe1 3N/A1 00 27Homepage hijacker, see here104http://www.net-integration.net/cgi-bin/forums/ikonboard.cgi?s=3eafe1342019ffff;act=ST;f=32;t=2924;hl=new0
112Winlogon.exe1 3N/A1 00 75CoolWebSearch parasite related - resets home page to an adult material site53http://www.spywareinfo.com/~merijn/cwschronicles.html0
2 6WMBoot1 3N/A1 00 85Associated with Logitech Wingman game controllers. Not required but what does it do? 01
1 6anbv321 10nabv32.exe1 00 26Added by the TITOG.C WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.titog.c.worm.html0
320Net Activity Diagram1 7nad.exe1 00116Net Activity Diagram from MetaProducts. Monitors your computer internet activity. Available via Start -> Programs58http://www.metaproducts.com/mp/mpProducts_Detail.asp?id=200
2 8NADaemon1 12NADAEMON.EXE1 00228Program by NetActive which appears to be piggybacked onto some Nvidia graphics cards software. They seem to look after "digital rights management". One user reports disabling it has no detrimental affect - not required25http://www.netactive.com/0
2 3iCn1 7NAG.EXE1 00112iChoose - shopping browser enhancement that alerts you to cheaper deals for goods you want to buy, if they exist51http://www.rocketdownload.com/Details/Inte/4948.htm0
212Naggerrunkey1 10nagger.exe1 00 40Packard Bell Free Internet Signup screen 01
412Naimagent_UI1 12naimag32.exe1 00400Workstation background program for Network AssociatesÆ McAfee ePolicy Orchestrator - a network management tool for enforcing antivirus protection of the workstations using system policies. Works with both McAfee and Norton AntiVirus. NAIMAG32 and NAIMAS32 communicate with the ePolicy Orchestrator processes on the network fileserver to check for virus updates or for the need to perform a virus scan 01
320Application Explorer1 11Naldesk.exe1 00337Novell Zenworks Application Explorer Executable. "For almost all users the Novell ZENworks agent (either Application Launcher or Application Explorer) will be run via the user's login script on each successful login. ZENworks is used to periodically deliver software updates and is also used to install the remote management components." 01
427Novell Application Launcher1 12nalntsrv.exe1 00 94Part of the Novell client for Windows. Found in the C:\Program Files\Novell\ZENworks\ folder. 01
418Application Window1 12NALWIN32.EXE1 00 82Part of Novell's Zenworks. Found in the C:\Program Files\Novell\ZENworks\ folder. 01
122Network Administration1 7NAS.exe1 00 33Added by the ANTILAM.20.Q TROJAN!82http://securityresponse.symantec.com/avcenter/venc/data/backdoor.antilam.20.q.html0
1 64wd!!!1 10Natal!.pif1 00 29Added by the OPASERV.AI WORM!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.AI0
1 5Natal1 9Natal.scr1 00 29Added by the OPASERV.AE WORM!80http://securityresponse.symantec.com/avcenter/venc/data/w32.opaserv.ae.worm.html0
116Microsoft Update1 7NAV.exe1 00 26Added by the RBOT-IV WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotiv.html0
119Norton Auto Protect1 8nava.exe1 00 40Added by an unidentified WORM or TROJAN! 01
121Windows Print Spooler1 14NavAgent32.exe1 00 47Added by an unidentified VIRUS, WORM or TROJAN! 01
122Norton Service Process1 11navapvc.exe1 00 45Added by a variant of the AGOBOT/GAOBOT WORM!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN0
4 8navapw321 12navapw32.exe1 00 47Norton Anti-Virus's background scanning process 01
419Norton Auto-Protect1 12navapw32.exe1 00 47Norton Anti-Virus's background scanning process 01
115NAV Auto Update1 17Navautoupdate.exe1 00 38Added by a variant of the SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
214Corel Reminder1 14NAVBROWSER.EXE1 00 94If you don't want to register Corel products and be reminded about it every 2 weeks disable it 01
126System Information Manager1 10Navcpe.exe1 00 27Added by the SDBOT-QB WORM!56http://www.sophos.com/virusinfo/analyses/w32sdbotqb.html0
3 9Naviscope1 13naviscope.exe1 00188Naviscope is a multipurpose browser enhancement that can speed up Web searches, lock out cookies, examine HTML send/receive headers, provide single-click network diagnostics, and much more21http://naviscope.com/0
116Microsoft Update1 11navmgrd.exe1 00 29Added by the SDBOT.DP TROJAN!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.DP0
1 8navp.exe1 8navp.exe1 00 28Added by the AGOBOT-OE WORM!57http://www.sophos.com/virusinfo/analyses/w32agobotoe.html0
1 7NavPass1 11NavPass.exe1 00 78Free system for gaining access to and downloading from adult content web-sites 01
153Symantec Security Routine Addon for Microsoft Windows1 13navpxaw32.exe1 00 30Added by the AGOBOT-GJ TROJAN!57http://www.sophos.com/virusinfo/analyses/w32agobotqj.html0
116NAV Scan Service1 13NAVSCAN32.EXE1 00 27Added by the SDBOT.VG WORM!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.VG0
112NAVSCANNER321 16NAVSCANNER32.EXE1 00 26Added by the RBOT.QC WORM!76http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.QC0
1 8NvCplDmn1 10NAVSVC.EXE1 00 47Added by an unidentified VIRUS, WORM or TROJAN! 01
128Norton SpySweeper AutoUpdate1 9navsw.exe1 00 28Added by the FORBOT-AS WORM!57http://www.sophos.com/virusinfo/analyses/w32forbotas.html0
120Norton AntiVirus Sys1 12NAVsys32.exe1 00 39Added by a variant of the WOOTBOT WORM!80http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.GEN0
3 3NBJ1 7NBJ.exe1 00 85Ahead Nero BackItUp backup program. Only required for if you have scheduled back-ups43http://www.nero.com/en/631898241464531.html0
3 7NbkCtrl1 11NbkCtrl.exe1 00108Scheduling engine of NovaSTOR Backup Service. Only required if scheduling is enabled and wanted - see here44http://www.no-panic.com/backup/n_backup.html0
325NovaBackup * Tray Control1 11NbkCtrl.exe1 00139Scheduling engine of NovaSTOR Backup Service. Only required if scheduling is enabled and wanted - see here. * represents the version number44http://www.no-panic.com/backup/n_backup.html0
015NotebookManager1 7nbm.exe1 00 34Associated with Acer notebook PCs. 01
114Netbios Helper1 11nbthelp.exe1 00158Added by the W32/Codbot-D WORM! This infection is installed as a service which is started even in safe mode. The file is found in the Windows system folder.56http://www.sophos.com/virusinfo/analyses/w32codbotd.html0
2 3NCD1 7ncd.exe1 00136Norton Change Directory - from the DOS days that allows the user to change directories on their machine without typing the complete path 01
317NetCruiser Dialer1 12NCDialer.exe1 00248NetCruiser Dialer from NetCruiser Software. "An Internet dialer and connection monitor with features to launch applications when a connection is detected, dial and hangup at predefined times and automatic redialing of dropped connections"48http://www.netcruiser-software.com/products.html0
0 8NCLAUNCH1 12NCLAUNCH.Exe1 00130Part of SWF Studio from Northcode Inc - an extension to Flash. Bundled when you create a self-installing screen-saver on Win2K/XP.54http://www.northcode.com/products/swfstudio/index.html0
224Nokia Connection Monitor1 11NclConf.exe1 00427Monitors the infrared port, the serial ports and the Bluetooth for a Nokia phone connection. It is installed by the Nokia PC Suite (and Nokia PC Connectivity SDK), and the tray icon shows if a phone has been connected. If you have a conflict with another program, such as TV tuner card remote control monitor, you can disable it, and run only when needed. Available via a desktop shortcut or Start -> Programs - not required 01
110Srv RPCrom1 15NClienti386.exe1 00 30Added by the WATSOON.A TROJAN!61http://www.symantec.com/avcenter/venc/data/w32.watsoon.a.html0
322Nokia Tray Application1 11NclTray.exe1 00229Nokia PC Suite 5 - "A collection of powerful tools that you can use to manage your phone features and data." Synchronize the phone with, for example Outlook. You can also use it to browse your phone, edit the phone list and so on 01
416NuTCSetupEnviron1 11ncoeenv.exe1 00298Used by the MKS Toolkit for Enterprise Developers product. NuTCracker is a Unix runtime environment for Windows, so disabling this would be unwise if you are using NuTCracker or any 3rd party package that is using it. Since you might not know what is actually using it it's probably best left alone52http://www.mkssoftware.com/products/tk/ds_tkedev.asp0
120Nvidia Control Panel1 11ncsvc32.exe1 00 47Added by an unidentified VIRUS, WORM or TROJAN! 01
218Norton Disk Doctor1 9Ndd32.exe1 00251Norton Disk Doctor from Norton Utilities. Automatically runs at start-up, checking for disk errors. Better than ScanDisk but can be started manually via Start -> Programs. Delete the shortcut in the Start -> Programs -> Startup folder as well 01
0 8NDDEAGNT1 12NDDEAGNT.EXE1 00107WinNT default process. Network Dynamic Data Exchange (DDE) Agent, handles requests for network DDE services 01
213Mirabilis ICQ1 11NDetect.exe1 00133If connected to the internet, automatically runs up ICQ. Convenience more than anything. ICQ can be started from Start -> Programs 01
112NDIS Adapter1 8ndis.exe1 00 27Added by the SDBOT.VF WORM!85http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.VF&VSect=T0
123Video Multimedia Driver1 13ndrives32.exe1 00 26Added by the RBOT-DK WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotdk.html0
3 7NDSTray1 11NDSTray.exe1 00354ConfigFreeT Tray on a Toshiba laptop. Tray utility for their network switching application which permits switching network devices and settings with a click on the tray icon. While it is not required, for people who span multiple networks and want an easy way to go from wired to wireless and change addresses and other network settings, it's a must have 01
2 6Necbar1 10Necbar.exe1 00 71Nec Assistant; Ark's Navigator, a graphical interface for NEC computers 01
3 8Necutray1 12Necutray.exe1 00 70Driver for external USB storage devices (hard drives, flsh disks, etc) 01
212Price Patrol1 7neo.exe1 00 90Price Patrol by Half.com - internet shopping companion for finding the best on-line prices39http://corp.half.ebay.com/20010612.html0
012neqprvfy.exe1 12neqprvfy.exe1 00 90Appears to be related to the downloading of some application - possibly verifying updates? 01
119NeroAutoStartClient1 11NeroASM.exe1 00 28Added by the AGOBOT.VG WORM!86http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.VG&VSect=T0
3 9NeroCheck1 13nerocheck.exe1 00 90Associated with "Nero Burning Rom" CD writing software. Checks for driver issues 01
315NeroFilterCheck1 13NeroCheck.exe1 00 90Associated with "Nero Burning Rom" CD writing software. Checks for driver issues 01
1 8system321 11NeT-BoT.exe1 00 28Added by the AGOBOT-LJ WORM!57http://www.sophos.com/virusinfo/analyses/w32agobotlj.html0
3 7N2PTray1 12Net2fone.exe1 00 87An Internet telephony application. Needed only if you have an account at Net2Phone, Inc25http://web.net2phone.com/0
314NetAccelerator1 12NetAccel.exe1 00254NetAccelerator is a "software utility that optimizes your internet access up to 1200% faster!. NetAccelerator speeds all modems allowing you to download faster, browse faster, surf faster!. Only required if you find it helps improve your performance30http://www.netaccelerator.net/0
315Net Accelerator1 18NetAccelerator.exe1 00215Rizal NetAccelerator - "Optimizing Dial-Up, Lan, Cable, DSL, and Satellite connections do you want to speed up your Internet access up to 200% - 300% ???". Only required if you find it helps improve your performance29http://www.rizalsoftware.com/0
1 7NetAdm71 11NETADM7.EXE1 00 29Added by the BANCOS.F TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.bancos.f.html0
1 7Inetapi1 10Netapi.exe1 00 32Added by the NETDEVIL.14 TROJAN!80http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_NETDEVIL.140
1 6Netapi1 10Netapi.exe1 00 32Added by the NETDEVIL.14 TROJAN!80http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_NETDEVIL.140
212Netline User1 10netchk.exe1 00169Netline supplies internet related products and services and this program identifies user ID and IP information. Found installed along with the Falcon 4 game, for example 01
1 9netconfig1 13netconfig.exe1 00 28Added by the NETCONF TROJAN!60http://www.pestpatrol.com/PestInfo/n/netware_trojan_v1_0.asp0
121Networks Configurator1 12NetConfs.exe1 00 26Added by the RBOT-OX WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotox.html0
134Microsoft Network Daemon for Win321 10Netd32.exe1 00 28Added by the SDBOT.R TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.r.html0
133MicrosoftNetwork Daemon for Win321 10NETD32.EXE1 00 27Added by the RANDEX.F WORM!73http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.f.html0
113MS_NETD_WIN321 10netd32.EXE1 00 27Added by the RANDEX.F WORM!73http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.f.html0
1 6load321 9netda.exe1 00 27Added by the NIBU.E TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/backdoor.nibu.e.html0
1 9netdaemon1 12netdaemon /v2 00141Malware designed to "kill" a number of antispyware applications (SpyBot, Giant, SpyDoctor, SpySweeper, SpyHunter, Anvir, WinPatrol, and more) 01
1 7xload321 9netdd.exe1 00 27Added by the NETSPY TROJAN!54http://www.pestpatrol.com/pestinfo/n/netspy__dk32_.asp0
2 6Iusage1 10netdet.exe1 00 91Internet Usage Monitor - utility to calculate the cost and time on the internet via dial-up48http://members.tripod.com/gauravdhup0/iumos.html0
321NetWork Device Switch1 12NetDevSW.exe1 00280Toshiba laptops with built-in Wi-Fi. Allows switching between Wi-Fi and internal ethernet. Only necessary if you have regular need to switch back and forward between these network interfaces. Located in Startup folder so make own shortcut to it and disable if not really necessary 01
1 8netdll321 12netdll32.exe1 00 30Added by the CRYPTER.A TROJAN!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A0
1 8netdllex1 12netdllex.Exe1 00 30Added by the CRYPTER.A TROJAN!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A0
111NETFP32.EXE1 11NETFP32.EXE1 00 29Added by the AGENT.CD TROJAN! 01
011netfxupdate1 15netfxupdate.exe1 00 92Would appear to be a valid Microsoft .NET file (see here) but this suggest's it's a trojan? 7#FF00000
021NetFxUpdate_v1.0.37051 15netfxupdate.exe1 00 92Would appear to be a valid Microsoft .NET file (see here) but this suggest's it's a trojan? 7#FF00000
3 8NetGuard1 12NetGuard.exe1 00 78FBM Software ZeroSpyware 2004 spyware detector and remover - real time monitor 01
111SystemMap321 12Netisp32.vbs1 00 27Added by the REDIST.C WORM!81http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.redist.c@mm.html0
310Netlimiter1 14Netlimiter.exe1 00344Netlimiter - "An internet traffic control tool to monitor applications which access the internet and actively control their internet traffic. Use it o set (download/upload) speed limits for applications or even single connection. NetLimiter also allows you to share your internet connection bandwidth among all applications running on your PC."26http://www.netlimiter.com/0
1 7NetLink1 13netlink32.exe1 00 28Added by the GAOBOT.WO WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.wo.html0
0 71CmailS1 11NETMAIL.EXE1 00 2?? 01
137Microsoft NetMeeting Associates, Inc.1 14NetMeeting.exe1 00 39Added by a variant of the LOVGATE WORM!80http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.lovgate@mm.html0
1 8NetMeter1 12NetMeter.exe1 00409NetRatings software by Opistat . "OpiStat measures Internet usage anonymously and surveys participants according to their profiles and online habits". This software has been reported to get downloaded and installed automatically after a Grokster install. It anonymously collects your use of the Internet protocols (sites visited, Web pages, advertisements seen, electronic commerce, streaming). To be avoided!36http://www.opistat.com/mp/index.html0
1 6NetMon1 10netmon.exe1 00 27Added by the MIMAIL.M WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.mimail.m@mm.html0
3 6netmsg1 10netmsg.exe1 00207Net_Message is a small tool to send messages across the network, using the Windows Messenger Service, so there is no client install required to receive the messages. It has a number of other features as well33http://users.pandora.be/Grrrippp/0
2 9NetPerSec1 13NetPerSec.exe1 00 68NetPerSec - measures the real-time speed of your Internet connection48http://www.pcmag.com/article2/0,4149,1735,00.asp0
2 9NetPumper1 20NetPumperIEProxy.exe1 00 72NetPumper download manager - bundles Cydoor and SaveNow adware, see here25http://www.netpumper.com/0
125Netropa Internet Receiver1 11Netropa.exe1 00105Netropa Internet Receiver. Shows a scrolling bar with the news. Major resource hog and flagged as spyware 01
3 6NetRun1 10NetRun.exe1 00144NetRun - will 'RUN' a 'List' of programs only when a internet connection is detected, and close/kill the same 'List' when the connection is lost33http://www.czarsoft.shorturl.com/0
133Microsoft Synchronization Manager1 12netscape.exe1 00 28Added by the RANDEX.AE WORM!97http://es.trendmicro-europe.com/smb/security_info/virus_encyclopedia.php?s=1&VName=WORM_RANDEX.AE0
218Netscape Messenger1 12NETSCAPE.EXE1 00456In Netscape 6 (I know for sure with 6.2.1, maybe with 6.0) Netscape.exe is the main executable file for Netscape Navigator, Netscape Mail and News, and Netscape Messenger (the new name for the embedded AIM, no doubt to make it sound like Windows Messenger, the XP version of MSN Messenger). Basically, netscape.exe can be more than just Netscape Messenger, and Messenger can be more then just AIM in disguise, depending on the version of Netscape installed 01
220Mozilla Quick Launch1 11Netscp6.exe1 00 31Netscape 6 and Mozilla browsers 01
2 7Netscp61 11Netscp6.exe1 00 10Netscape 6 01
113SystemNetwork1 11NETSERV.EXE1 00 30Added by the NETCONTROL VIRUS! 01
118Networks Controler1 10Netsis.exe1 00 26Added by the RBOT-NG WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotng.html0
117IPv6 STUN Service1 11netstun.exe1 00 37Added by a variant of the SDBOT WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.GEN0
214Optimum Online1 11Netsurf.exe1 00 94Optimum Online ISP software. Not required, just window dressing & advertising from Optimum98http://www.optimumonline.com/index.jhtml;jsessionid=5LMI3XSXKRAYYCQLARQCF3QKBMCGCI5G?pageType=what0
1 7netsv321 11netsv32.exe1 00 27Added by the SDBOT-PX WORM!56http://www.sophos.com/virusinfo/analyses/w32sdbotpx.html0
123Network Service Manager1 10netsvc.exe1 00 45Added by a variant of the AGOBOT/GAOBOT WORM!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN0
123Network Service Manager1 10netsvc.exe1 00 45Added by a variant of the GAOBOT/AGOBOT WORM!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN0
113Video Process1 11netsvcs.exe1 00 28Added by the AGOBOT.LH WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.LH0
1 8winsock21 10netsvr.exe1 00 28Added by the AGOBOT.LY WORM!86http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.LY&VSect=T0
3 7NetTime1 11NETTIME.EXE1 00286From a visitor - "This is the executable for NetTime. It is started from the registry when you check the box to start at startup. NetTime allows you to synchronize your computers' clock with a server on your local net or the internet using any of several protocols, e.g. NTP." 01
3 8NetTurbo1 12netturbo.exe1 00154NetTurbo from SharewareOnline.com. "Accelerate Your Internet Connections by up to 600%". If you find it helps your connectivity leave it enabled24http://www.netturbo.com/0
110NetWatch321 12netwatch.exe1 00 27Added by the MIMAIL.C WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.mimail.c@mm.html0
113NetworkClient1 17NetworkClient.exe1 00 24Added by the LEMUR WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.lemur.html0
1 6WinSig1 9NetXP.exe1 00 30Added by the BANKER-FN TROJAN!58http://www.sophos.com/virusinfo/analyses/trojbankerfn.html0
121NeuroMedia(IESpeaker)1 14NeuroMedia.exe1 00201Part of an older freeware version of IESpeaker - a program that allows you to listen to web pages. NeuroMedia.exe only downloads advertisments. Not included in the paid-for version currently available24http://www.iespeaker.com0
2 8Newsalrt1 12NEWSALRT.EXE1 00 55MSNBC News system tray utility to alert you to new news 01
116Newsgroup lptt011 13newsgroup.exe1 00188Variant of the RapidBlaster parasite (in a "newsgroup" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here49http://www.doxdesk.com/parasite/RapidBlaster.html0
116Newsgroup ml097e1 13newsgroup.exe1 00188Variant of the RapidBlaster parasite (in a "newsgroup" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here49http://www.doxdesk.com/parasite/RapidBlaster.html0
2 7NewsUpd1 11newsupd.exe1 00149For Creative Soundblaster Live! series soundcards. System tray application for News updates. Available via Start - Programs. Also spyware - see here.27http://cexx.org/newsupd.htm0
3 8NGClient1 11ngctw32.exe1 00130Symantec Ghost Server software - needed for a "a Ghost multicast" (transfer images to multiple machines). Can be launched manually 01
2 8NGServer1 12ngserver.exe1 00 37Symantec/Norton Ghost Console service 01
1 7nikLaus1 11nikLaus.exe1 00 25Added by the NIKLAS WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.niklas.html0
215Net-It Launcher1 12NILaunch.exe1 00 32Net-It - web publishing software22http://www.net-it.com/0
2 5NInit1 9NInit.exe1 00161Norton Uninstall Deluxe. Monitors programs being installed and logs them for removing later. Available via Start -> Programs for manual logging - not required 01
4 7nisserv1 11NISSERV.EXE1 00 24Norton Personal Firewall 01
4 5Nisum1 9NISUM.EXE1 00 24Norton Personal Firewall 01
1 5NJG401 9NJG40.EXE1 00 29Added by the BANCOS.D TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.bancos.d.html0
112Boot Manager1 9Njgal.exe1 00 25Added by the KILO TROJAN!61http://www.symantec.com/avcenter/venc/data/backdoor.kilo.html0
210NkvMon.exe1 10NkvMon.exe1 00 67Nikon View 5 - for transferring pictures from Nikon digital cameras 01
211NkVwMon.exe1 11NkVwMon.exe1 00 65Nikon View - for transferring pictures from Nikon digital cameras 01
127System Document Application1 8nmod.exe1 00 28Added by the SDBOT-ABB WORM!57http://www.sophos.com/virusinfo/analyses/w32sdbotabb.html0
125Microsoft Software Update1 8nmon.exe1 00 26Added by the RBOT.HZ WORM!76http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.HZ0
0 6NMSSvc1 10NMSSVC.EXE1 00 79NIC Management Service - diagnostics program for Intel Pro family network cards 01
4 5NMSVC1 9nmSvc.exe1 00256Covenant Eyes - surveillance software that creates records of everything people do on a computer, ie, spying or monitoring depending upon how you call it. Disabling it means loss of internet connection until renabled - therefore required if you use it37http://www.covenanteyes.com/about.php0
223Norton Navigator Loader1 12nnloader.exe1 00 83An older Norton utility for file management under Windows 95. More information here58http://www.mg.co.za/mg/pc/history/dec10-nortnavigator.html0
215NeroNETTrayIcon1 17NNServiceCtrl.exe1 00161System tray access to NeroNET - Ahead Software's network-capable extension of their CD/DVD burning program. NeroNET allows a burner to be shared across a network43http://www.nero.com/us/631898255953125.html0
3 5NNSvc1 9nnsvc.exe1 00 24NetNanny internet filter53http://www.netnanny.com/products/netnanny5/index.html0
3 5NoAds1 9NoAds.exe1 00 49Blocks advertisement banners in Internet Explorer 01
2 8NoAdware1 12NoAdware.exe1 00 63Adware/spyware remover - not particularly recommended, see here51http://www.adwarereport.com/mt/archives/000023.html0
3 7Nod32CC1 11nod32cc.exe1 00139Control Center part of Eset's NOD32 virus-scanner. Leave this enabled if you want to update your virus data files via the click of a button34http://www.nod32.com/home/home.htm0
411NOD32kernel1 12Nod32krn.exe1 00 25Nod32 Antivirus Version 234http://www.nod32.com/home/home.htm0
4 8nod32kui1 12nod32kui.exe1 00 25Nod32 Antivirus Version 234http://www.nod32.com/home/home.htm0
0 9NodeMnger1 12Nodemngr.exe1 00 96Part of the Dell OpenManage Client installation - to allow Dell representatives to remote logon? 01
1 8NTsocket1 12NoeWinnt.exe1 00 28Added by the ATAKA-E TROJAN!56http://www.sophos.com/virusinfo/analyses/trojatakae.html0
2 9NomdCheck1 12nomdchek.exe1 00 28Part of Intel's Native Audio 01
3 7nomtray1 11nomtray.exe1 00 91System Tray access to NetMotion Wireless options - including connectivity status (see here)59http://www.netmotionwireless.com/support/technotes/2140.asp0
1 4Wxp41 17Norton Update.exe2 00 26Added by the ERKEZ.D WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.erkez.d@mm.html0
1 8norton321 12norton32.exe1 00 47Added by an unidentified VIRUS, WORM or TROJAN! 01
116Mcafee Anti Scan1 13NortonScn.exe1 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 8NortonAV1 20norton_antivirus.exe1 00 81Added by the NETJOE TROJAN! Note - this is not the legitimate Symantec AV program76http://securityresponse.symantec.com/avcenter/venc/data/backdoor.netjoe.html0
315Loadout Manager1 11nost_LM.exe1 00 72Manager for the Belkin Nostromo n50 SpeedPad game controller - see here86http://catalog.belkin.com/IWCatProductPage.process?Merchant_Id=1&Product_Id=1077270
1 9(Default)1 11NOTEPAD.exe1 00 95Added by the RUSTY WORM! Note - not to be confused with the valid Windows "NOTEPAD" text editor72http://securityresponse.symantec.com/avcenter/venc/data/w32.rusty@m.html0
114Notepad lptt011 11notepad.exe1 00256Variant of the RapidBlaster parasite (in a "nvd32" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here. Note - this is not Windows Notepad which has the same executable name49http://www.doxdesk.com/parasite/RapidBlaster.html0
114Notepad ml097e1 11notepad.exe1 00256Variant of the RapidBlaster parasite (in a "nvd32" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here. Note - this is not Windows Notepad which has the same executable name49http://www.doxdesk.com/parasite/RapidBlaster.html0
012Disable EHCI1 11nousb20.exe1 00 2?? 01
3 3Hti1 9npdor.exe1 00156Appears in startup if you have chosen to participate in on survey by NPD Online Research. Required for the survey to work correctly. Otherwise not required21http://www.npdor.com/0
311NFM Service1 11NPDOR9x.exe1 00156Appears in startup if you have chosen to participate in on survey by NPD Online Research. Required for the survey to work correctly. Otherwise not required21http://www.npdor.com/0
124Norton Personal Firewall1 12npmsysnt.exe1 00 75Added by the W32/Rbot-TY WORM! File is found in the Windows system folder.55http://www.sophos.com/virusinfo/analyses/w32rbotty.html0
114Norton Protect1 13npprotect.exe1 00 73The WORM/backdoor W32/Rbot-WW will add this to the Windows system folder.55http://www.sophos.com/virusinfo/analyses/w32rbotww.html0
3 8NPROTECT1 12nprotect.exe1 00183Norton Protected Recycle Bin from Norton Utilities. Adds an extra layer of safety before you remove deleted files from the Recycled Bin. Can be listed twice which is valid - see here139http://service1.symantec.com/SUPPORT/nunt.nsf/e35d98be79cddc2785256951004d59cd/b6cb75a0d23fd6fb8825662f00734a64?OpenDocument&src=bar_sc0
038Norton Program Scheduler Event Checker1 12npscheck.exe1 00146Part of Norton Anti-Virus. What does it do? Apparently it can safely be disabled without causing problems. Can also be listed as NPS Event Checker 01
017NPS Event Checker1 12npscheck.exe1 00167Part of Norton Anti-Virus. What does it do? Apparently it can safely be disabled without causing problems. Can also be listed as Norton Program Scheduler Event Checker 01
324Norton Program Scheduler1 10NPSsvc.exe1 00179Installed on a Windows system where the Windows Task Scheduler isn't used as part of the OS (Win95, WinNT(?), Win2K(?)) to schedule automatic tasks such as Norton Anti-Virus scans 01
030NovaPortal Single User Service1 8NPSU.exe1 00 2?? 01
1 8NetReach1 11nrcheck.exe1 00 47Added by an unidentified VIRUS, WORM or TROJAN! 01
1 8Premeter1 8nrpr.exe1 00409NetRatings software by Opistat . "OpiStat measures Internet usage anonymously and surveys participants according to their profiles and online habits". This software has been reported to get downloaded and installed automatically after a Grokster install. It anonymously collects your use of the Internet protocols (sites visited, Web pages, advertisements seen, electronic commerce, streaming). To be avoided!36http://www.opistat.com/mp/index.html0
1 2NS1 6ns.exe1 00 28Added by the AGOBOT-HS WORM!57http://www.sophos.com/virusinfo/analyses/w32agoboths.html0
324Norton Program Scheduler1 12nsched32.exe1 00179Installed on a Windows system where the Windows Task Scheduler isn't used as part of the OS (Win95, WinNT(?), Win2K(?)) to schedule automatic tasks such as Norton Anti-Virus scans 01
1 3nse1 7nse.exe1 00 28Added by the AGOBOT-ML WORM!57http://www.sophos.com/virusinfo/analyses/w32agobotml.html0
3 8Nsengine1 12Nsengine.exe1 00108Scheduling engine of NovaSTOR Backup Service. Only required if scheduling is enabled and wanted - see here44http://www.no-panic.com/backup/n_backup.html0
212NetStat Live1 7Nsl.exe1 00128AnalogX NetStat Live - TCP/IP protocol monitor which can be used to see your exact throughput on both incoming and outgoing data56http://www.analogx.com/contents/download/network/nsl.htm0
325NetShow Powerpoint Helper1 12NSPPTHLP.EXE1 00 71If disabled, user created fonts can no longer be seen by other programs 01
231Windows Media Powerpoint Helper1 12NSPPTHLP.EXE1 00155German software (comes with some Toshiba CD writers) that helps convert Powerpoint files to ASF (Streaming Media) files. Available via Start -> Programs 01
112ScanRegistry1 10nsrvnt.exe1 00169Added by the NERTE TROJAN!. Not to be confused with the real ScanRegistry - which is a vital Windows file. This version has the executable as nsrvnt.exe not scanregw.exe75http://securityresponse.symantec.com/avcenter/venc/data/backdoor.nerte.html0
0 9TSService1 13NSSERVICE.EXE1 00 2?? 01
1 8nsdriver1 11nssys32.exe1 00 47Added by an unidentified VIRUS, WORM or TROJAN! 01
110NDplDeamon1 12nstask32.exe1 00 27Added by the RANDEX.E WORM!73http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.e.html0
1 7Pofatch1 10nstrue.exe1 00 27Added by the RANDEX.Z WORM!72http://securityresponse.symantec.com/avcenter/venc/data/w32.randexz.html0
1 5ntdll1 9ntdll.exe1 00 31Added by the BIONET.404 TROJAN!80http://securityresponse.symantec.com/avcenter/venc/data/backdoor.bionet.404.html0
1 6NTFS161 10ntfs16.exe1 00 26Added by the RBOT-LY WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotly.html0
114ntfsmonitorpro1 10ntfs64.exe1 00108W32/Forbot-EB is a network worm with backdoor Trojan functionality. Located in the Windows system directory.57http://www.sophos.com/virusinfo/analyses/w32forboteb.html0
4 8NTFSCLUP1 12NTFSCLUP.EXE1 00208Part of ConfigSafe- "checks if an ntfssos restore has been performed since it was last run. It exits immediately after running. 99+% of the time it will only execute about a dozen instructions before exiting" 01
1 7GinaDll1 10ntgina.dll1 00 25Added by the ANIG.A WORM!88http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?VName=WORM_ANIG.A0
115Norton Guard 321 13ntguard32.exe1 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
118WinSocketComponent1 10nthost.exe1 00 47Added by an unidentified VIRUS, WORM or TROJAN! 01
113Kernel Loader1 10ntkrnl.exe1 00 29Added by the CERVIVEC.A WORM!78http://securityresponse.symantec.com/avcenter/venc/data/w32.cervivec.a@mm.html0
1 5ntldr1 9ntldr.exe1 00263Browser hijacker to search-control.com (TrojanDropper.Win32.Small.ig). In addition to Registry changes found by HijackThis, also creates the following system files: C:\WINDOWS\SYSTEM\ntldr.exe, C:\m.exe, C:\WINDOWS\Search-For-You.url, C:\n.bat, C:\q.exe, C:\r.bat 01
1 9Win Patch1 9ntldr.exe1 00 27Added by the SDBOT-GS WORM!56http://www.sophos.com/virusinfo/analyses/w32sdbotgs.html0
113Windows NT 321 13ntlogin32.exe1 00 29Added by the RANDEX.BRD WORM!62http://www.symantec.com/avcenter/venc/data/w32.randex.brd.html0
116Windows NT Login1 13ntlogin32.exe1 00 27Added by the SDBOT.WG WORM!90http://fr.trendmicro-europe.com/enterprise/security_info/ve_detail.php?VName=WORM_SDBOT.WG0
1 5Osa321 11NTOSA32.exe1 00 23Added by the ANIG WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.anig.html0
2 5NTrtc1 9ntrtc.exe1 00129Dell year 2000 tool to deal with non-standard applications. Only required on older Dell PCs that may need this support - see here68http://www.euro.dell.com/countries/ae/enu/bsd/topics/y2k_rtctest.htm0
323XTNDConnect PC - LtNts41 11NtsAgnt.exe1 00 25Component of EasySync Pro15#EasySync%20Pro0
121NTSF MICROSOFT SYSTEM1 8ntsf.exe1 00148An Rbot A href="http://www.malwareblog.com/?p=100"variant. This infection connects to an IRC server where it will await commands from a remote user. 01
139Generic Host Process for Win32 Services1 10ntspcv.exe1 00 28Added by the SDBOT.S TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.s.html0
1 9NTsrv.exe1 9NTsrv.exe1 00 41Added by a variant of the SERVU-O TROJAN!56http://www.sophos.com/virusinfo/analyses/trojservuo.html0
117NetManagerService1 8ntss.exe1 00 31Added by the BESTPICS.A TROJAN!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_BESTPICS.A0
111NT Services1 9ntsvc.exe1 00 28Added by the AGOBOT.VJ WORM!91http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_AGOBOT.VJ0
124Microsoft System Checkup1 12ntsysman.exe1 00 27Added by the SDBOT-QW WORM!56http://www.sophos.com/virusinfo/analyses/w32sdbotqw.html0
124Microsoft System Checkup1 12ntsysmgr.exe1 00 25Added by the DONK.S WORM!71http://securityresponse.symantec.com/avcenter/venc/data/w32.donk.s.html0
110Fast start1 8Ntut.exe1 00 89Added by unidentified adware - recognized by Kaspersky antivirus as Trojan.Win32.Favadd.i36http://www.kaspersky.com/personalpro0
3 5NTVDM1 9NTVDM.EXE1 00224Windows NT Virtual DOS Machine (NTVDM) for running 16-bit tasks on the 32-bit OS's (Windows NT, 2K and XP). Required if hardware on a machine with these OS's needs 16-bit DOS drivers. You can find a bit more about NTVDM here63http://support.microsoft.com/default.aspx?scid=kb;en-us;Q2643200
1 7ntvdscm1 11ntvdscm.exe1 00 31Added by the SCKEYLOG.O TROJAN!109http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?id=66002&VName=TROJ_SCKEYLOG.O&VSect=O0
228NVIDIA nForce APU1 Utilities1 11NVATray.exe1 00167nVidia's nForce Audio Processing Unit (APU)- "provides 3D positional audio and DirectX 8.0 compatibility, and encodes and decodes Dolby Digital 5.1 audio in real time"37http://www.nvidia.com/object/apu.html0
1 5NvCpl1 9NvCpl.EXE1 00 25Added by the YANZ.B WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.yanz.b@mm.html0
3 5NvCpl1 9NvCpl.EXE1 00 25Added by the YANZ.B WORM!61http://www.symantec.com/avcenter/venc/data/w32.yanz.b@mm.html0
112nvd32 lptt011 9nvd32.exe1 00184Variant of the RapidBlaster parasite (in a "nvd32" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here49http://www.doxdesk.com/parasite/RapidBlaster.html0
112nvd32 ml097e1 9nvd32.exe1 00184Variant of the RapidBlaster parasite (in a "nvd32" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here49http://www.doxdesk.com/parasite/RapidBlaster.html0
1 6Nvid321 10Nvid32.exe1 00 25Added by the GEMA TROJAN!72http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html0
1 8Nvidex321 12Nvidex32.exe1 00 25Added by the GEMA TROJAN!72http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html0
1 8nvidll321 12nvidll32.exe1 00138W32/Rbot-XK uses this file to run automatically at logon, providing a backdoor for exploitation by a remote attacker using an IRC channel.55http://www.sophos.com/virusinfo/analyses/w32rbotxk.html0
1 9nviload321 13nviload32.exe1 00 95Added by W32/Sdbot-VT, a WORM/backdoor. The IRC network is used for unauthorized remote access.56http://www.sophos.com/virusinfo/analyses/w32sdbotvt.html0
4 5NVmax1 9NVmax.exe1 00122NVmax is a old tweaking utility for NVidia graphics cards. In the startup list if the user chooses to overclock their card 01
211NVMixerTray1 15NVMixerTray.exe1 00 81System Tray access to audio controls from nVidia's motherboard ForceWare software 01
2 4NVRT1 8nvrt.exe1 00128NVRefreshTool is a utility that will automatically detect the maximum refresh rate at each resolution that your monitor supports 01
0 7NVRTClk1 11NVRTClk.exe1 00 33Related to a Gigabyte video card. 01
1 9NvCplScan1 10nvsc32.exe1 00 41Added by a variant of the IRC.BOT TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.bot.html0
110NVSystem321 11nvscv32.exe1 00 28Added by the AGOBOT-NO WORM!57http://www.sophos.com/virusinfo/analyses/w32agobotno.html0
110nvsv32.exe1 10nvsv32.exe1 00 28Added by the FORBOT-DI WORM!57http://www.sophos.com/virusinfo/analyses/w32forbotdi.html0
2 5NvSvc1 9nvsvc.exe1 00346NVIDIA Driver Helper Service - installed when you change from the WDM drivers to nVidia's latest versions but not requied. Extreme shutdown delays can be encountered with this service active, but no adverse side effects with it disabled. NOTE: If using drivers other than nVidia's, such as Asus, this service may have been renamed to reflect that 01
123Symantec Security Addon1 9nvsvc.exe1 00 45Added by a variant of the AGOBOT/GAOBOT WORM!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN0
119System File Drivers1 13nvsysvc32.exe1 00 28Added by the AGOBOT.WJ WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.WJ0
213Netword Agent1 11nwant33.exe1 00339An interesting browser utility that allows you to navigate by typing a single word or phrase (a "NetWord") related to what you're looking for into your browser's location field. It also puts an icon in the system tray icon that is a circle with the letter N in the center to access the menu faster. Available via Start - Programs 01
313myNetWatchman1 12nwclient.exe1 00203Sends your firewall alerts to a website, which then filters them and forwards details of suspicious activities to the host ISP they originated from. Only needs to be running when your firewall is running29http://www.mynetwatchman.com/0
114Norton Wizzard1 8nwiz.exe1 00117Added by the GAOBOT.ZX or GAOBOT.ADV WORMS! Note - this is not the valid nVidia application that shares the same name74http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.zx.html0
2 4nwiz1 8nwiz.exe1 00233Associated with the newer versions of nVidia graphics cards drivers. Allows you to immensely improve desktop layouts by setting preferences and optimizations. However, this isn't necessary for the operation of your system 01
4 7Nwpopup1 11Nwpopup.exe1 00 97Broadcast message handler part of Novell Netware that displays server, printer and other messages39http://www.novell.com/products/netware/0
3 8nwrecmsg1 12nwrecmsg.exe1 00117Broadcast message handler part of Novell Netware that displays server, printer and other messages - can cause crashes39http://www.novell.com/products/netware/0
4 6NWTRAY1 10nwtray.exe1 00140Novell Netware. Displays the red "N" tray icon which can be disabled (by right-click on the icon) but is also needed by the client39http://www.novell.com/products/netware/0
116Microsoft Office1 11Nxcxtpr.exe1 00392This is a SDBot variant infection. When run this infection connects to an IRC server, hoeee.routing.vu, and join channel #kloni with password 1q2wxc where it waits for commands from a remote user allowing this remote user to access your computer. It will also remove the administrative shares from your computer so that another infection will not be able to take over your computer as well. 01
213NetZIPFolders1 11nzfprop.exe1 00 31Netzip Classic zip file manager78http://www.netzip.com/products/info_netzip_win.html?src=site,netzip,plugin,nzc0
112NavProtect321 15Random Filename2 00 75Troj/Bancos-BA is a password-stealing Trojan that targets banking websites.58http://www.sophos.com/virusinfo/analyses/trojbancosba.html0
0 8oadaemon1 12oadaemon.exe1 00168Background process that establishes connection with a C3-1000 scanner and watch general status of the device and for scanner button presses. Can it be started manually? 01
4 8oahstifr1 12oahstifr.exe1 00315Comes with HyperTextStudio. From the supplier - "The Osserver maintains the database for HyperText Studio projects - absolutely vital, it verifies all the links etc in a site. It runs as a service in NT, 2K and XP but needs to start up in Win 9.x so you'll see a DOS box for a short while during boot up."30http://www.hypertextstudio.com0
3 8OAKSTART1 12OAKSTART.EXE1 00 94Sets the spindown timeout and access speeds at startup and displays a splash screen for CD-RW. 01
2 7OAKTASK1 11OAKTASK.EXE1 00 59Taskbar utility for a "control panel" for a CD-RW 01
0 8objtjprx1 12objtjprx.exe1 00 2?? 01
0 6obsver1 10obsver.exe1 00 38Part of LingoWare translating software33http://www.lingoware.com/english/0
210OCAudioIni1 14OCAudioIni.exe1 00109One-click Audio Converter - allows you to convert files of multiple audio formats right from Windows Explorer43http://www.streamware-dev.com/products.html0
314OWCCardbusTray1 11ocbtray.exe1 00142Icon in the system tray for safely removing PCMCIA cards. Only required if you have a laptop or desktop which includes a PCMCIA card interface 01
2 8ocraware1 12ocraware.exe1 00230uO/uptical uC/uharacter uR/uecognition software as part of OmniPage Limited Edition - supplied with some scanners. Scan directly into most word processor applications, such as Word, WordPerfect, etc. Available via Start - Programs 01
210Oil Change1 12OCTray32.exe1 00119From CyberMedia/Network Associates. Checks for updates to software installed on your PC. Available via Start - Programs 01
1 5ocx321 9ocx32.exe1 00 35Added by the ASTEF or RESPAN WORMS!75http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.astef.html0
1 8Run32dll1 10ocxdll.exe1 00 47Added by an unidentified VIRUS, WORM or TROJAN! 01
1 9od-matrxx1 13od-matrxx.exe1 00 36Adult dialler - xx can be any number 01
1 9od-stndxx1 13od-stndxx.exe1 00 36Adult dialler - xx can be any number 01
1 9od-teenxx1 13od-teenxx.exe1 00 36Adult dialler - xx can be any number 01
2 8Odometer1 12Odometer.EXE1 00 97Mouse odometer - tracks how far your pointer/arrow has traveled on the screen. Shortcut available 01
221NeuroSpeech OESpeaker1 13OEMonitor.exe1 00163Part of OESpeaker - a program that allows you to listen to long E-mails instead of reading them in Outlook Express. OEMonitor.exe checks whether OE is open or not24http://www.iespeaker.com0
210OEMCLEANUP1 12oemreset.exe1 00 82Resets OEM installation settings at bootup. Not required unless you're new to PC's 01
3 8OEMRESET1 12oemreset.exe1 00 82Resets OEM installation settings at bootup. Not required unless you're new to PC's 01
115Offer Companion1 10offers.exe1 00 6Adware 01
1 6Offers1 10offers.exe1 00 6Adware 01
121Installed shell32.dll1 13Office.exe...1 00 39Added by a variant of the LOVGATE WORM!80http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.lovgate@mm.html0
1 7olehelp1 11olehelp.exe1 00 50Added by the BOOKMARKER.D or BOOKMARKER.G TROJANS!80http://securityresponse.symantec.com/avcenter/venc/data/trojan.bookmarker.d.html0
1 7svchost1 11olehelp.exe1 00118Added by the Olehelp adware. This program delivers advertisements to your computer and hijacks your browser settings.58http://www.sarc.com/avcenter/venc/data/adware.olehelp.html0
3 7Devices1 10olesvr.exe1 00 54Salfeld Child Control 2003 - parental control software52http://www.salfeld.com/parental_control_overwiew.htm0
233Symantec Fax Starter Edition Port1 12OLFSNT40.EXE1 00 76Offers a virtual printer as a fax machine. Can be run via a desktop shortcut 01
1 4Omf41 8OMF4.EXE1 00 29Added by the FREEMEGA TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.freemega.html0
210OmgStartup1 14omgstartup.exe1 00 63Sony program called OpenMG Jukebox - player and music organizer 01
342Microsoft Office OneNote 2003 Quick Launch1 12ONENOTEM.EXE1 00136ONENOTEM.EXE is a part of the note taking program that ships with Microsoft Office 2003. It's required for the side note windows to work 01
3 7QT4HPOT1 12OneTouch.exe1 00 82Hewlett Packard One Touch keyboard driver. Required if you use the additional keys 01
216OneTouch Monitor1 15OneTouchMon.exe1 00 88For Visioneer OneTouch scanners. System tray access to the control panel for the scanner 01
217One Touch Monitor1 19OneTouchMonitor.exe1 00 88For Visioneer OneTouch scanners. System tray access to the control panel for the scanner 01
215OneTouchMonitor1 19OneTouchMonitor.exe1 00 88For Visioneer OneTouch scanners. System tray access to the control panel for the scanner 01
2 8ONETOU~21 19OneTouchMonitor.exe1 00 88For Visioneer OneTouch scanners. System tray access to the control panel for the scanner 01
217One Touch Monitor1 12ONETOU~2.EXE1 00 88For Visioneer OneTouch scanners. System tray access to the control panel for the scanner 01
215OneTouchMonitor1 12ONETOU~2.EXE1 00 88For Visioneer OneTouch scanners. System tray access to the control panel for the scanner 01
2 8ONETOU~21 12ONETOU~2.EXE1 00 88For Visioneer OneTouch scanners. System tray access to the control panel for the scanner 01
1 6Onflow1 10onflow.exe1 00 96Onflow is a internet company that offers an online advertising program. Not required - uninstall 01
2 7Cleanup1 12ONICTASK.EXE1 00110Internet Cleanup from Aladdin Systems (used to be by OnTrack) - cleans up tracks left by browsing the internet42http://www.aladdinsys.com/internetcleanup/0
210OnlineTime1 14onlinetime.exe1 00232a target="_blank" href="http://www.freedownloadscenter.com/Network_and_Internet/Online_Timers/OnlineTimer_Pro.html"OnlineTimer - monitors your Windows dial-up network and logs the time you spend online as well as the resulting costs 01
2 8DriveLED1 10OODLed.exe1 00 72O&O DriveLED - displays your HDD LED on your monitor. Start manually43http://www.oosoft.de/english/products/oodl/0
0 8OOLHELPT1 12OOLHELPT.exe1 00 2?? 01
1 5Shell1 10open32.exe1 00152Added by the Troj/Small-DL TROJAN which displays a HTML page to lure a user to links. Another file, "open32.conf", may also be found in %System% folder.57http://www.sophos.com/virusinfo/analyses/trojsmalldl.html0
2 7OpiStat1 11OPISTAT.EXE1 00103OpiStat is a European Research Institute whose goal is to understand consumer needs and opinions better36http://www.opistat.com/mp/index.html0
1 9Open Site1 10opnste.exe1 00 17Adware - see here76http://securityresponse.symantec.com/avcenter/venc/data/adware.opensite.html0
1 6DyFuCA1 12optimize.exe1 00 32Adult content dialler - see here57http://www.sophos.com/virusinfo/analyses/dialdyfucaa.html0
318Internet Optimizer1 12optimize.exe1 00 89Internet connection optimizer. Leave this enabled if you find it improves your connection 01
313OptusNetUsage1 24OptusNet Usage Meter.exe2 00222Designed specifically for OptusNet users who wish to have their connection monitored on a frequent basis. It can also estimate when you are going to hit your usage limit, and how far over your suggested limit you should be 01
2 8Opware121 12Opware12.exe1 00 29OmniPage Pro 12 from ScanSoft33http://www.scansoft.com/omnipage/0
2 8OmniPage1 12Opware32.exe1 00458Part of OmniPage Pro from Scansoft (was Caere) - "the fastest, easiest way to turn paper documents into digital files you can edit." Opware32.exe links Word, via OLE, with OmniPage. If running, a user can call up OmniPage from inside of Word and ask it to scan something, via "File, Acquire Page." Also some of OmniPage's Options dialog boxes are accessible from within Word. Only required by novices and is Available via Start - Programs33http://www.scansoft.com/omnipage/0
216Microsoft Office1 7Osa.exe1 00370Application which launches common MS Office components to help speed up the launch of Office programs. It's somewhat of a resource hog, and some users claim there's no difference with or without it but it usually isn't required. Note - if you make use of the Microsoft Office Shortcut Bar outside an office program this application will need to be enabled for it to show 01
224Microsoft Office Startup1 7Osa.exe1 00370Application which launches common MS Office components to help speed up the launch of Office programs. It's somewhat of a resource hog, and some users claim there's no difference with or without it but it usually isn't required. Note - if you make use of the Microsoft Office Shortcut Bar outside an office program this application will need to be enabled for it to show 01
214Office Startup1 7Osa.exe1 00370Application which launches common MS Office components to help speed up the launch of Office programs. It's somewhat of a resource hog, and some users claim there's no difference with or without it but it usually isn't required. Note - if you make use of the Microsoft Office Shortcut Bar outside an office program this application will need to be enabled for it to show 01
216Microsoft Office1 8Osa9.exe1 00370Application which launches common MS Office components to help speed up the launch of Office programs. It's somewhat of a resource hog, and some users claim there's no difference with or without it but it usually isn't required. Note - if you make use of the Microsoft Office Shortcut Bar outside an office program this application will need to be enabled for it to show 01
224Microsoft Office Startup1 8Osa9.exe1 00370Application which launches common MS Office components to help speed up the launch of Office programs. It's somewhat of a resource hog, and some users claim there's no difference with or without it but it usually isn't required. Note - if you make use of the Microsoft Office Shortcut Bar outside an office program this application will need to be enabled for it to show 01
225Microsoft Utility Startup1 8OSA9.exe1 00370Application which launches common MS Office components to help speed up the launch of Office programs. It's somewhat of a resource hog, and some users claim there's no difference with or without it but it usually isn't required. Note - if you make use of the Microsoft Office Shortcut Bar outside an office program this application will need to be enabled for it to show 01
214Office Startup1 8Osa9.exe1 00370Application which launches common MS Office components to help speed up the launch of Office programs. It's somewhat of a resource hog, and some users claim there's no difference with or without it but it usually isn't required. Note - if you make use of the Microsoft Office Shortcut Bar outside an office program this application will need to be enabled for it to show 01
317On Screen Display1 7OSD.EXE1 00273By Netropa for HP and other brands. Same group as KBD MediaCenter & Touch Manager. Pressing a "hot key" on such a keyboard brings a corresponding panel on the screen for volume, etc. Nice but not required if you don't adjust things regularly - can also freeze 01
3 3OSD1 7OSD.exe1 00273By Netropa for HP and other brands. Same group as KBD MediaCenter & Touch Manager. Pressing a "hot key" on such a keyboard brings a corresponding panel on the screen for volume, etc. Nice but not required if you don't adjust things regularly - can also freeze 01
220Dialog Box Assistant1 9OSDEx.exe1 00140Dialog Box Assistant from Duality Software. Helps with the standard Open and Save As dialog boxes by showing recently used files and folders33http://www.dualitysoft.com/osdex/0
419Object Store Server1 12osserver.exe1 00315Comes with HyperTextStudio. From the supplier - "The Osserver maintains the database for HyperText Studio projects - absolutely vital, it verifies all the links etc in a site. It runs as a service in NT, 2K and XP but needs to start up in Win 9.x so you'll see a DOS box for a short while during boot up."30http://www.hypertextstudio.com0
314OStivityInvAgt1 12ostivity.exe1 00374OStivity - "a desktop and server hardware and software asset/inventory solution for small to enterprise sized organizations that need to quickly gain knowledge of 'what's installed' without having to manually touch every computer in the company. The next time the computer logs into the network, a complete inventory (software and hardware) is taken of the system"42http://www.somix.com/products/ostivity.php0
1 4otcx1 10otcxxh.exe1 00 27Added by the CAROOL TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/backdoor.carool.html0
1 7outlook1 11outlook.exe1 00 27Added by the SDBOT-RU WORM!56http://www.sophos.com/virusinfo/analyses/w32sdbotru.html0
1 6system1 11outlook.exe1 00150Added by the MIMAIL.Q WORM! Note that Microsoft's outlook.exe resides in the Program Files sub-directory wheras this resides in C:\Windows or C:\Winnt76http://securityresponse.symantec.com/avcenter/venc/data/w32.mimail.q@mm.html0
416Outpost Firewall1 11outpost.exe1 00 25Outpost personal firewall40http://www.agnitum.com/products/outpost/0
0 4OVCJ1 8ovcj.exe1 00 2?? 01
317Launch Ai Booster1 11OverClk.exe1 00149ASUS Ai Booster is an application that allows you to overclock the CPU either manually or automatically without the hassle of entering the BIOS Setup64http://www.asuscom.de/pub/ASUS/mb/sock478/p4p800/AIBooster_u.pdf0
1 6OWMngr1 10OWMngr.exe1 00 73OnWebMedia advertising foistware - see here for exactly what to look for45http://www.f-secure.com/v-descs/checkin.shtml0
116www.symantec.com1 11oz11111.exe1 00 26Added by the MYDOOM.W WORM76http://securityresponse.symantec.com/avcenter/venc/data/w32.mydoom.w@mm.html0
1 3oz21 7oz2.exe1 00 27Added by the MYDOOM.W WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.mydoom.w@mm.html0
1 5Ohipa1 16Random file name2 00 38Troj/Ranck-CL is an HTTP proxy Trojan.57http://www.sophos.com/virusinfo/analyses/trojranckcl.html0
110Search.vbs1 01 00 8Hijacker 01
4 6VS.VSN1 01 00 86Part of eSafe antivirus "SmartScan" - alerts the user if files have been changed/added44http://www.esafe.com/esafe/default.asp?cf=tl0
213%cmpmixtitle%1 11%cmpmixstr%1 00 48Possibly related to C-Media Mixer Control panel? 01
1 7PAV.EXE1 8%Number%1 00 67Added by the KITRO.D (or ARGEN.A) WORM! %Number% can be any number77http://securityresponse.symantec.com/avcenter/venc/data/w32.kitro.d.worm.html0
129SystemWideHook for Windows NT1 14%WinHook32.exe1 00 28Added by the MYDOOM.AC WORM!64http://www.symantec.com/avcenter/venc/data/w32.mydoom.ac@mm.html0
1 9romahere21 34************.exe [* = random char]2 00 55SuperSpider hijacker - a CoolWebSearch parasite variant44http://doxdesk.com/parasite/SuperSpider.html0
1 9romahere31 34************.exe [* = random char]2 00 55SuperSpider hijacker - a CoolWebSearch parasite variant44http://doxdesk.com/parasite/SuperSpider.html0
125WindowsRegKey upd4te2d4te1 31*********.exe [* = random char]2 00 26Added by the RBOT.XQ WORM!87http://it.trendmicro-europe.com/consumer/security_info/ve_detail.php?Vname=WORM_RBOT.XQ0
1 4sr641 13********. exe2 00 27Adware, as yet unidentified 01
121Cryptographic Service1 28******.exe [* = random char]2 00 50Added by the KORGO.W or KORGO.X or KORGO.AB WORMS!72http://securityresponse.symantec.com/avcenter/venc/data/w32.korgo.w.html0
1 8Narrator1 28******.exe [* = random char]2 00 30Transponder/VX2 related adware 01
1 3web1 28******.exe [* = random char]2 00 41Added by a variant of the EASTO.A TROJAN!78http://www.pestpatrol.com/pestinfo/w/win32_trojandownloader_easto_a_trojan.asp0
111pnpsvc_lock1 29******.exe [* = random digit]2 00 16Browser hijacker 01
113cyberfree.exe1 26****.dat [* = random char]2 00 19Unidentified adware 01
118microsoft software1 31****.exe E255 [* = random char]2 00 40Added by an unidentified WORM or TROJAN! 01
127Microsofts Security Manager1 29****.exe [**** = random char]2 00 28Added by the RBOT-WH TROJAN!55http://www.sophos.com/virusinfo/analyses/w32rbotwh.html0
118Win32SystemMonitor1 25***.exe [* = random char]2 00 16Browser hijacker 01
1 7Nero.ma1 29***.exe [*** = 2 to 3 digits]2 00 28Added by the JONBARR.D WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.jonbarr.d@mm.html0
024Description of Shortcuts1 5*.exe1 00227* seems to be a sequence of alphanumerics that can be different, i.e., 1960F8A9, 4EBD23F5, etc. Each of these files would appear to be a shortcut, i.e., 4EBD23F5 is actually Works Calender Reminder (found via a registry search) 01
0 7FLASH321 12-flash32.exe1 00 2?? 01
224SB Audigy 2 Startup Menu1 6/l:eng1 00517Related to the Dell OEM version of the Sound Blaster Audigy 2 sound card. If this item is listed and checked in startup, the System32 Folder will appear on every startup. A patch is available - filename R75304.EXE - that fixes the issue. You can find that file at support.dell.com by typing that name in the 'Search' box available there. It addresses the root of the problem in Creative's software and corrects it. Unfortunately there is no direct link to the file, but it's easily available using the search function 01
3 7ZeroAds1 101 00107ZeroAds - culls ads, cookies and pop-ups. Tells ZeroAds not to run at startup - needed to start it manually36http://zeroads.com/flash/default.asp0
1 9Zonavirus1 101 00 40Added by the KITRO.D (or ARGEN.A) WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.kitro.d.worm.html0
3 8000StTHK1 12000StTHK.exe1 00160Toshiba Hot key functionality for the function keys (Fn-Esc, Fn-F1 (lock), Fn-F2, Fn-F3, Fn-F4, Fn-F5 (switching between laptop and CRT display output), etc...) 01
3 900THotkey1 1300THotKey.exe1 00 87For Toshiba Satellite notebook series to use the front buttons, play, stop, next, prev. 01
1 51.exe1 51.exe1 00123Added by the http://www.sophos.com/virusinfo/analyses/trojmultidrcf.html Trojan! This file is found in the Windows folder.14Troj/Multidr-C0
1 6load321 91111a.exe1 00 28Added by the DUMARU.AH WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.dumaru.ah@mm.html0
217One Touch Monitor1 101tou~2.exe1 00 88For Visioneer OneTouch scanners. System tray access to the control panel for the scanner 01
215OneTouchMonitor1 101tou~2.exe1 00 88For Visioneer OneTouch scanners. System tray access to the control panel for the scanner 01
2 8ONETOU~21 101tou~2.exe1 00 88For Visioneer OneTouch scanners. System tray access to the control panel for the scanner 01
1 52.exe1 52.exe1 00123Added by the http://www.sophos.com/virusinfo/analyses/trojmultidrcf.html Trojan! This file is found in the Windows folder.14Troj/Multidr-C0
4 83c1807pd1 273cmlink.exe 3cpipe-3c1807pd2 00 603Com WinModem driver. See here for more WinModem information34http://808hi.com/56k/winmodems.asp0
4 73Cmlink1 123CmlinkW.exe1 00164For a US Robotics WinModem. Provides the link to Windows as the CPU does the processing on WinModems - won't work without it. See here for more WinModem information34http://808hi.com/56k/winmodems.asp0
1 73D Text1 113D Text.scr2 00 27Added by the JERMY.A WORM!72http://securityresponse.symantec.com/avcenter/venc/data/w32.jermy.a.html0
3193Deep Control Panel1 123DeepCTL.EXE1 00115From LightSurf Technologies (nee E-Color) - 3Deep corrects lighting, shading and color for all your 2D and 3D games34http://www.colorific.com/index.htm0
4103dfx Tools1 113dfxCmn.dll1 00132Updates the registry with information that can't be held for Voodoo 3/4/5 series graphics cards. Important for owners of these cards 01
2173dfx Task Manager1 113dfxMan.exe1 00 91System Tray application for 3dfx Voodoo 3/4/5 functions. Available via Start -> Programs 01
4123dfxv2ps.dll1 123dfxv2ps.dll1 00116Updates the registry with info that can't be held for 3dfx Voodoo 2 video cards. Important for owners of these cards 01
3173DLabsHelperDemon1 123dldemon.exe1 00375Directly from the programs author "It is a tiny program that is installed by the Permedia2/3 and probably other Oxygen-series cards. Normally it sits in the background doing nothing at all (sleeping on a semaphore), so it should take zero CPU time and virtually zero memory, since it will all be paged out to the hard drive." In most cases it can be safely disabled 01
0303Dlabs Taskbar Display Manager1 103DLman.exe1 00 723DLabs graphics driver related. System Tray access to display settings? 01
4 93ware 3DM1 73dm.exe1 00 63Monitors status of the disk array on 3ware IDE RAID controllers 01
315Primax 3D Mouse1 123dmoused.exe1 00 56Enables the scroll button on the Primax 3-D Scroll mouse 01
3103qdctl.exe1 103qdctl.exe1 00194Provided with Terratec 128i PCI and similar sound cards. Loads a sound profile at bootup, restoring volume and other audio settings to a pre-determined default. Similar to Creative Lab's AudioHQ 01
310WheelMouse1 104DMAIN.EXE1 00164Mouse software for "Fellowes" Wheelman mouse. Has caused some users problems but shouldn't be needed if you don't use any enhanced features it may provide 01
1 57VGAV1 97VGAV.exe1 00 81Part of the Adware.Winpup infection. File is found in the Windows system folder. 01
413Initialize8x81 128x8_init.exe1 00 83Tool that initializes a Pinnacle PCTV card - maybe in capture or in showing overlay 01
1 8KAZAACuf1 191 00 40Added by the KITRO.D (or ARGEN.A) WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.kitro.d.worm.html0
114WinMsgServices1 5?.exe1 00169Added by the Troj/Kelebek-G. This file is added to the Windows system folder. The name of the filename is the ASCII character 255 which corresponds to an empty space.58http://www.sophos.com/virusinfo/analyses/trojkelebekg.html0
011AAAKeyboard1 2??1 00 2?? 01
224AccuWeather.com« Desktop1 2??1 00 36Desktop weather from AccuWeather.com71http://wwwa.accuweather.com/adcbin/public/index.asp?partner=accuweather0
2 7AIMster1 2??1 00123Peer to Peer (P2P) file sharing client that runs over the AOL Instant Messenger network. Available via Start -> Programs 01
0 7Avxnews1 2??1 00 2?? 01
111Bonzi Buddy1 2??1 00 69Spyware - read here for information and here for removal instructions57http://www.safersite.com/pestinfo/B/BonziBuddy_Adware.asp0
223Compaq Video CD Watcher1 2??1 00 28For Compaq PC's. MPEG viewer 01
013Coupon Offers1 2??1 00 2?? 01
014CQSCP2P SERVER1 2??1 00166"Compaq printer utility which is required in the startup menu in order to make the printer work correctly". Personally I doubt whether it is actually needed 01
0 8CQSCP2PS1 2??1 00166"Compaq printer utility which is required in the startup menu in order to make the printer work correctly". Personally I doubt whether it is actually needed 01
0 6Devlog1 2??1 00 2?? 01
0 6Dosbat1 2??1 00 2?? 01
3 9EDRestore1 2??1 00110Set Point from Easy Desk Software - "small utility that automatically sets System Restore points for WinME/XP"42http://www.easydesksoftware.com/spoint.htm0
414FoolProofSweep1 2??1 00 63Part of FoolProof Security PC security software from SmartStuff42http://www.smartstuff.com/fps/fpsinfo.html0
215HP Info Express1 2??1 00120On HP PCs, allows the computer to automatically receive notifications from HP over the Internet. Associated with BackWeb 01
312HP RecordNow1 2??1 00124From HP "Software for the CD writer. Do not prevent from starting unless the CD writer is never going to be used." 01
210HP Updates1 2??1 00120On HP PCs, allows the computer to automatically receive notifications from HP over the Internet. Associated with BackWeb 01
2 5Imesh1 2??1 00 30Imesh is a file sharing system20http://www.imesh.com0
217Imesh Auto Update1 2??1 00 83Update check for the Imesh file sharing system. Turn the update off under "options"20http://www.imesh.com0
225Introduction-Registration1 2??1 00 86For Compaq PC's. Should only run first time, PC Introduction & Compaq registration 01
215LS120 Superdisk1 2??1 00 77Supposed to accelerate transfer rate on LS-120, contributes to system lockups 01
215McAfee Winguage1 2??1 00257Part of McAfee Nuts & Bolts. "WinGuage is a dynamic reporting tool that constantly monitors your use of Windows and your applications, to alert you to potential problems before they become serious". Resource hog. Available via Start - Programs 01
0 7mfgboot1 2??1 00 2?? 01
2 8Operator1 2??1 00 49Media Pilot operator, in Win.ini. Locks port open 01
0 6Qdsafe1 2??1 00 2?? 01
0 8ScanFile1 2??1 00 2?? 01
323SMS Win9x Message Agent1 2??1 00 63This program assigns a user to a Systems Management Server site 01
2 7Startup1 2??1 00 26Related to an Iomega drive 01
2 5TGCMG1 2??1 00 91Related to Rogers@Home, causes errors in WinSock32.dll. Not required for connection to work 01
230Usrobotics Online Registration1 2??1 00 75Pop-up reminding customers to register their products online at US Robotics 01
0 8V128IITV1 2??1 00 94Loads drivers for some STB graphics cards. May be related to such a card with a TV out option? 01
0 5Vinny1 2??1 00 2?? 01
010Web Search1 2??1 00 2?? 01
212Windows Eyes1 2??1 00211For blind people, gives a voice description of items on the screen. Windows application which gives you total control over what you hear, when you hear it, and how you hear it. Available via Start -> Programs 01
011WRECK GUARD1 2??1 00 2?? 01
114?ekio Startups1 12?nksvc32.exe1 00167Added by the W32/Agobot-OV WORM/IRC backdoor. ? is a random character. It will kill processes, record keystrokes, allowing unauthorised access to enable other actions.57http://www.sophos.com/virusinfo/analyses/w32agobotov.html0
125Windows boot system cfg321 12actboost.exe1 00 38Added by W32/Forbot-G, a network WORM!57http://www.sophos.com/virusinfo/analyses/w32forbotgl.html0
113Configuration1 11apphost.exe1 00 38Added by W32/Sdbot-VP, a network WORM!56http://www.sophos.com/virusinfo/analyses/w32sdbotvp.html0
139Generic Host Process for Win32 Services1 9bazzi.exe1 00194Added by the W32/Ahker-E WORM, from an email attachment. First added to the Startup folder as BADO.EXE and MICHO.EXE, it copies itself bazzi.exe. Uses P2P to spread, and modifies the HOST file.55http://www.sophos.com/virusinfo/analyses/w32ahkere.html0
113Wins32 Online1 11cfgpwnz.exe1 00 37Added by W32/Rbot-WN, a network WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotwn.html0
1 4upme1 10dllman.exe1 00 26Added by the MUGLY.F WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.mugly.f@mm.html0
1 8doit.exe1 8doit.exe1 00134Added by the W32/Forbot-EK WORM! This file is found in the Windows system folder. May also create a Windows service called doit.exe.57http://www.sophos.com/virusinfo/analyses/w32forbotek.html0
1 6alkasr1 9╬Σ╥φ╤.exe1 00 28Added by the BALKART TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.balkart.html0
110[not used]1 12mcafee32.exe1 00117w32rbotxe drops a TROJAN, creating several files in %Program Files%, %Windir%, and %system% in addition to this file.55http://www.sophos.com/virusinfo/analyses/w32rbotxe.html0
130Microsoft Java Virtual Machine1 12MsConfiG.exe1 00155Added by the W32/Forbot-DV WORM/BACKDOOR! The file is found in the Windows system folder. This infection also installs a service called draeco.sytes.net.57http://www.sophos.com/virusinfo/analyses/w32forbotdv.html0
120Microsoft Diagnostic1 12msdiag32.exe1 00 97Added by W32/Rbot-UC, a network worm and IRC backdoor Trojan found in the Windows system folder.56http://www.sophos.com/virusinfo/analyses/w32rbotuc.htmll0
115Help Temp Files1 10netreg.exe1 00151Added by a network worm with backdoor functionality, W32/Forbot-EJ copies itself to the Windows system folder as netreg.exe and sets registry entries.57http://www.sophos.com/virusinfo/analyses/w32forbotej.html0
124System Registry Settings1 11regedit.exe1 00126Added by the W32/Rbot-WL WORM/backdoor Trojan and allows unauthorised remote access to infected computers via the IRC network.55http://www.sophos.com/virusinfo/analyses/w32rbotwl.html0
120Configuration Loader1 10seru32.exe1 00 76Added by the 32/Forbot-EL WORM! File is found in the Windows system folder.56http://www.sophos.com/virusinfo/analyses/w32sdbotvr.html0
127Microsoft Internet Explorer1 11smiissm.exe1 00123Added by the Troj/Delf-KK Trojan! The infection creates a folder called SYS in the Windows folder and copies itself there.56http://www.sophos.com/virusinfo/analyses/trojdelfkk.html0
118Auth Starter Ident1 13startauth.exe1 00 31Added by the W32/Rbot-WP WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotwp.html0
123svhost windows services1 11Svhost8.exe1 00105Added by a WORM, W32/Rbot-WQ, with backdoor Trojan functionality and found in the Windows system folder.55http://www.sophos.com/virusinfo/analyses/w32rbotwq.html0
1 3LSA1 10wfdmgr.exe1 00 76Added by the W32/MyDoom-BG WORM! File is found in the Windows system folder.57http://www.sophos.com/virusinfo/analyses/w32mydoombg.html0
110128 Module1 10win128.exe1 00177Added by the W32/Forbot-ES WORM/backdoor Trojan, which allows unauthorized access to the PC using the IRC network and registration of a new service process "Windows 128 Module".57http://www.sophos.com/virusinfo/analyses/w32forbotes.html0
1 4down1 11winhelp.exe1 00 89Added by a TROJAN/DOWNLOADER, Troj/Dloader-FQ, and is found in the Windows system folder.59http://www.sophos.com/virusinfo/analyses/trojdloaderfq.html0
115virtual-machine1 8wini.exe1 00 70Added by the WORM W32/Rbot-WR, and found in the Windows system folder.55http://www.sophos.com/virusinfo/analyses/w32rbotwr.html0
1 4Nvid1 22[8 random charachters]2 00 19Unidentified adware 01
1 6fsdsft1 11[file name]2 00 40Added by the Backdoor.Ranky.S Backdoor!77http://www.sarc.com/avcenter/venc/data/backdoor.ranky.s.html#technicaldetails0
1 6SYDNEY1 11[file path]2 00 24Added by the SYNEY WORM!78http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.syney@mm.html0
1 7;Rundll1 10[filename]1 00 32Added by the PWSLEGMIR.E TROJAN!80http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_PWSLEGMIR.E0
113Configuration1 10[filename]1 00 27Added by the SDBOT-ML WORM!56http://www.sophos.com/virusinfo/analyses/w32sdbotml.html0
114JavaUpdate0.071 10[filename]1 00 28Added by the JUPDATE TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.jupdate.html0
115LoadWindowsFile1 10[filename]1 00 65Added by the DELF.B TROJAN! where [filename] is the infected file76http://securityresponse.symantec.com/avcenter/venc/data/backdoor.delf.b.html0
115Locator Service1 10[filename]1 00 30Added by the AGOBOT-KY TROJAN!57http://www.sophos.com/virusinfo/analyses/w32agobotky.html0
117LowVersionSupport1 10[filename]1 00 28Added by the LASTRAS TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.lastras.html0
1 6Mantis1 10[filename]1 00 27Added by the MANTIBE VIRUS!72http://securityresponse.symantec.com/avcenter/venc/data/w32.mantibe.html0
112MatrixScreen1 10[filename]1 00 33Added by the MATRIXSCREEN TROJAN!80http://securityresponse.symantec.com/avcenter/venc/data/trojan.matrixscreen.html0
129Microsoft Java Windows Update1 10[filename]1 00 26Added by the RBOT-DZ WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotdz.html0
1 5Myapp1 10[filename]1 00 26Added by the FATEE.B WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.fatee.b.html0
1 7NavScan1 10[filename]1 00 27Added by the OBSORB TROJAN!74http://securityresponse.symantec.com/avcenter/venc/data/trojan.obsorb.html0
1 3OLE1 10[filename]1 00 39Added by the STAWIN or TARNO.D TROJANS!77http://securityresponse.symantec.com/avcenter/venc/data/keylogger.stawin.html0
1 5putil1 10[filename]1 00 28Added by the LDPINCH TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.ldpinch.html0
1 7Scanreg1 10[filename]1 00 29Added by the QQPASS.E TROJAN!80http://securityresponse.symantec.com/avcenter/venc/data/trojan.pws.qqpass.e.html0
1 6User321 10[filename]1 00 29Added by the NETTRASH TROJAN!78http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.nettrash.html0
110UserSystem1 10[filename]1 00 49CoolWebSearch SmartSearch variant - also see here53http://www.spywareinfo.com/~merijn/cwschronicles.html0
111VideoDriver1 10[filename]1 00 30Added by the GSPOT20.A TROJAN!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_GSPOT20.A0
114Windows Update1 10[filename]1 00 82Added by the NORIO TROJAN! Acts as a hi-jacker redirecting to adult content sites73http://securityresponse.symantec.com/avcenter/venc/data/trojan.norio.html0
1 9GustavVED1 14[filename].exe1 00 28Added by the OPASERV.H WORM!66http://www.symantec.com/avcenter/venc/data/w32.opaserv.h.worm.html0
1 3hen1 14[filename].exe1 00 28Added by the TARNO.G TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.tarno.g.html0
112Service Host1 14[filename].exe1 00 27Added by the TORVEL.B WORM!81http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.torvel.b@mm.html0
116Windows Explorer1 14[filename].exe1 00144Added by the SDBOT TROJAN! Note - this is not the valid Windows Explorer (explorer.exe) which would only be in startups if you added it manually75http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.html0
1 5cAgOu1 14[filename].hta1 00 26Added by the KAKWORM WORM!63http://www.symantec.com/avcenter/venc/data/wscript.kakworm.html0
1 6ZaCker1 14[filename].PIF1 00 26Added by the HOLAR.A WORM!76http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_HOLAR.A0
1 8AddClass1 19[Installation_Path]1 00 32Added by the STARTPAGE.F TROJAN!79http://securityresponse.symantec.com/avcenter/venc/data/trojan.startpage.f.html0
1 6Update1 20[original file path]2 00 26Added by the LYNDEGG WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.lyndegg.html0
1 4GDAX1 18[path to backdoor]2 00 28Added by the RANKY.K TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.ranky.k.html0
1132thousandbuck1 14[path to file]2 00 28Added by the RANKY.L TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.ranky.l.html0
1 8Band-Aid1 14[path to file]2 00 28Added by the RANKY.O TROJAN!64http://www.symantec.com/avcenter/venc/data/backdoor.ranky.o.html0
1 7DSAcass1 14[path to file]2 00 28Added by the RANKY.M TROJAN!64http://www.symantec.com/avcenter/venc/data/backdoor.ranky.m.html0
113Login Service1 14[path to file]2 00 27Added by the MIGMAF TROJAN!52https://www.europe.f-secure.com/v-descs/migmaf.shtml0
1 6MsgApi1 14[path to file]2 00 29Added by the DEDLER-D TROJAN!57http://www.sophos.com/virusinfo/analyses/trojdedlerd.html0
1 7MSSGisg1 14[path to file]2 00 28Added by the RANKY.N TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.ranky.n.html0
2 7Printer1 14[path to file]2 00 29Added by the LOWTAPER TROJAN!78http://securityresponse.symantec.com/avcenter/venc/data/backdoor.lowtaper.html0
1 7REEGRUN1 14[path to file]2 00 30Added by the SECDROP.AI TROJAN79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_SECDROP.AI0
112ShellCommand1 14[path to file]2 00 29Added by the REMCON-A TROJAN!57http://www.sophos.com/virusinfo/analyses/trojremcona.html0
1 6sysser1 14[path to file]2 00 25Added by the RAHACK WORM!58http://www.symantec.com/avcenter/venc/data/w32.rahack.html0
1 7Taskmgo1 14[path to file]2 00 30Added by the BANCBAN-T TROJAN!58http://www.sophos.com/virusinfo/analyses/trojbancbant.html0
1 9tjstartup1 14[path to file]2 00 29Added by the TJSERV.C TROJAN!65http://www.symantec.com/avcenter/venc/data/backdoor.tjserv.c.html0
123Windows Taskbar Manager1 14[path to file]2 00 30Added by the PROTORIDE.B WORM!63http://www.symantec.com/avcenter/venc/data/w32.protoride.b.html0
1 9WinXP fix1 14[path to file]2 00 28Added by the RANKY.P TROJAN!64http://www.symantec.com/avcenter/venc/data/backdoor.ranky.p.html0
1 9_Hazafibb1 14[path to file]2 00 25Added by the ZAFI.B WORM!86http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?VName=PE_ZAFI.B0
1 5lsass1 19[path to lsass.exe]2 00127Added by the ALADINZ.F TROJAN! Note - this is not the legitimate lasss.exe process which should NOT appear in Msconfig/Startup!83http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.aladinz.f.html0
1 4smss1 18[path to smss.exe]2 00126Added by the ALADINZ.F TROJAN! Note - this is not the legitimate smss.exe process which should NOT appear in Msconfig/Startup!83http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.aladinz.f.html0
1 5CTime1 16[path to trojan]2 00 28Added by the HTTPDOS TROJAN!75http://securityresponse.symantec.com/avcenter/venc/data/trojan.httpdos.html0
1 6Irwftp1 16[path to trojan]2 00 30Added by the BANCOS.CR TROJAN!108http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?id=65604&VName=TROJ_BANCOS.CR&VSect=T0
1 7mdetect1 16[path to trojan]2 00 27Added by the SPABOT TROJAN!74http://securityresponse.symantec.com/avcenter/venc/data/trojan.spabot.html0
1 9Mspatch691 16[path to trojan]2 00 26Added by the MPROX TROJAN!75http://securityresponse.symantec.com/avcenter/venc/data/backdoor.mprox.html0
1 5mssvc1 16[path to trojan]2 00 24Added by the PSK TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.psk.html0
123Network Host Controller1 16[path to trojan]2 00 28Added by the WHISPER TROJAN!81http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.whisper.html0
110NTP Server1 16[path to trojan]2 00 28Added by the RANKY.F TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.ranky.f.html0
1 5rngmf1 16[path to trojan]2 00 28Added by the RANKY.C TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.ranky.c.html0
1 8Services1 16[path to trojan]2 00 33Added by the METEORSHELL TROJAN!81http://securityresponse.symantec.com/avcenter/venc/data/backdoor.meteorshell.html0
1 5Spool1 16[path to trojan]2 00 28Added by the RANKY.R TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.ranky.r.html0
1 7svchost1 16[path to trojan]2 00126Added by the HAZZER TROJAN! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup!74http://securityresponse.symantec.com/avcenter/venc/data/trojan.hazzer.html0
1 9ValidData1 16[path to trojan]2 00 28Added by the RANKY.H TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.ranky.h.html0
1 7windows1 16[path to trojan]2 00 27Added by the AIMWIN TROJAN!80http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.aimwin.html0
111Windows NNT1 16[path to trojan]2 00 28Added by the RANKY.E TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.ranky.e.html0
112WindowsSetup1 16[path to trojan]2 00 26Added by the EZBOT TROJAN!75http://securityresponse.symantec.com/avcenter/venc/data/backdoor.ezbot.html0
111WindUpdates1 16[path to trojan]2 00 29Added by the AGENT.BF TROJAN!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_AGENT.BF0
1 8WinLsass1 16[path to trojan]2 00 24Added by the SCANE WORM!70http://securityresponse.symantec.com/avcenter/venc/data/w32.scane.html0
1 6WINSYS1 16[path to trojan]2 00 29Added by the GOLDPLAY TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.goldpay.html0
1 6winzip1 16[path to trojan]2 00 42Added by the BANCOS.G or BANCOS.K TROJANS!77http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.bancos.g.html0
1 4x3yy1 16[path to trojan]2 00 28Added by the TANNICK TROJAN!62http://www.symantec.com/avcenter/venc/data/trojan.tannick.html0
1 8yyyyyyyy1 16[path to trojan]2 00 30Added by the MUMUBOY.B TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/trojan.mumuboy.b.html0
1 5Zen.A1 16[path to trojan]2 00 29Added by the ZOOMEN-A TROJAN!57http://www.sophos.com/virusinfo/analyses/perlzoomena.html0
113ACCDEFRAGINFO1 14[path to worm]2 00 26Added by the DARBY-O WORM!55http://www.sophos.com/virusinfo/analyses/w32darbyo.html0
1 3AHU1 14[path to worm]2 00 27Added by the ANACON-B WORM!56http://www.sophos.com/virusinfo/analyses/w32anaconb.html0
1 7Cekirge1 14[path to worm]2 00 27Added by the KERGEZ.A WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.kergez.a@mm.html0
119DLL Service Manager1 14[path to worm]2 00 29Added by the RPCBOT.F TROJAN!82http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.rpcbot.f.html0
1 8Explorer1 14[path to worm]2 00 24Added by the AUTEX WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.autex.worm.html0
110ICQ Center1 14[path to worm]2 00 25Added by the RANDIN WORM!71http://securityresponse.symantec.com/avcenter/venc/data/w32.randin.html0
117InterceptedSystem1 14[path to worm]2 00 27Added by the ANACON-B WORM!56http://www.sophos.com/virusinfo/analyses/w32anaconb.html0
1 6Msgmgr1 14[path to worm]2 00 27Added by the BABYBEAR WORM!63http://www.symantec.com/avcenter/venc/data/w32.babybear@mm.html0
115NAV Live Update1 14[path to worm]2 00102Added by the DEBORMS.C WORM! Note - this is not a valid Norton Anti-Virus (NAV) function from Symantec66http://www.symantec.com/avcenter/venc/data/w32.hllw.deborms.c.html0
1 6Nocana1 14[path to worm]2 00 27Added by the ANACON-B WORM!56http://www.sophos.com/virusinfo/analyses/w32anaconb.html0
111RPC Patcher1 14[path to worm]2 00 24Added by the BOLGI WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.bolgi.worm.html0
1 8rundll321 14[path to worm]2 00 24Added by the AUTEX WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.autex.worm.html0
1 8rundll641 14[path to worm]2 00 24Added by the AUTEX WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.autex.worm.html0
115svcwinprocess321 14[path to worm]2 00 26Added by the UPERING WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.upering.worm.html0
1 6Systry1 14[path to worm]2 00 24Added by the AUTEX WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.autex.worm.html0
1 7Systryt1 14[path to worm]2 00 24Added by the AUTEX WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.autex.worm.html0
1 9WinKernel1 14[path to worm]2 00105Added by the a href"http://securityresponse.symantec.com/avcenter/venc/data/w32.hllp.plea.htmlPLEA VIRUS!82http://securityresponse.symantec.com/avcenter/venc/data/w32.hllp.plea.html<a href=0
111Winres32vis1 14[path to worm]2 00 26Added by the THRAX.A WORM!76http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_THRAX.A0
130[Ephemeral 2.x] by TreeHugger,1 14[path to worm]2 00 55Added by the LEMOOR.A WORM! where "x" represents 3 or 473http://securityresponse.symantec.com/avcenter/venc/data/w32.lemoor.a.html0
111App.EXEName1 19[path to worm]\.exe2 00 25Added by the BODIRU WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.bodiru.html0
113print sharing1 39[path] hidden32.exe [path] explorer.exe2 00 89Added by the ZCREW.B TROJAN! Note - this is not the valid Windows Explorer (explorer.exe)81http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.zcrew.b.html0
3 9BelNotify1 39[path] NPBelv32.dll, RunDll32_BelNotify2 00322"BelTech enables licensees to offer automated, Web-based problem resolution to their end-users. BelTech allows the end-user to simply go to a web page and automatically resolve their problem or point them to the right solution. BelTech Manager allows non-programmers to rapidly and easily deploy and maintain this service"34http://www.belarc.com/BelTech.html0
114DATABASE MySql1 35[path] repcale.exe [path] beird.exe2 00 41Added by a variant of the RANDON.AN WORM!91http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_RANDON.AN0
116NBT System alias1 35[path] repcale.exe [path] beird.exe2 00 41Added by a variant of the RANDON.AN WORM!91http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_RANDON.AN0
119System Restore Data1 35[path] repcale.exe [path] beird.exe2 00 28Added by the RANDON.AN WORM!91http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_RANDON.AN0
112PrinterSpool1 35[path] RESTORE.EXE [path] SPOOL.EXE2 00 30Added by the ALADINZ.K TROJAN!83http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.aladinz.k.html0
110Protection1 40[path] runtask.exe [path] protection.exe2 00 44Added by a variant of the AGENT.3.AU TROJAN! 01
1 7svchost1 16[path] SETUP.EXE2 00 25Added by the SETCLO WORM!71http://securityresponse.symantec.com/avcenter/venc/data/w32.setclo.html0
1 7svchost1 16[path] SETUP.EXE2 00 25Added by the SETCLO WORM!71http://securityresponse.symantec.com/avcenter/venc/data/w32.setclo.html0
113AOL Messenger1 17[random filename]2 00 47Added by an unidentified VIRUS, WORM or TROJAN! 01
1 7ara-key1 17[random filename]2 00 26Added by the ANTINNY WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.antinny.html0
120Avril Lavigne - Muse1 17[random filename]2 00 26Added by the AVRIL-A WORM!55http://www.sophos.com/virusinfo/analyses/w32avrila.html0
1 5Bnexe1 17[random filename]2 00 40Added by the KITRO.D (or ARGEN.A) WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.kitro.d.worm.html0
1 5ccApp1 17[random filename]2 00 91Added by the OBSORB TROJAN! Note the random filename compared to the valid Norton AntiVirus74http://securityresponse.symantec.com/avcenter/venc/data/trojan.obsorb.html0
1 7Danton*1 17[random filename]2 00 51Added by the DANTON TROJAN! where * = random number76http://securityresponse.symantec.com/avcenter/venc/data/backdoor.danton.html0
118educational writer1 17[random filename]2 00 26Added by the RBOT-LZ WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotlz.html0
110hpsysconf11 17[random filename]2 00 41Added by a variant of the VIVIA.A TROJAN!106http://de.trendmicro-europe.com/enterprise/security_info/ve_detail.php?id=59209&VName=TROJ_VIVIA.A&VSect=T0
118ICQ Lite Messenger1 17[random filename]2 00231Added by an unidentified VIRUS, WORM or TROJAN! Unlike the legitimate ICQ Lite executable, which will be located in the ICQLITE folder in Program Files, this particular impostor is located in the Windows or Winnt\System32 directory 01
121ist service uninstall1 17[random filename]2 00 23ISTBar parasite related53http://sarc.com/avcenter/venc/data/adware.istbar.html0
1 9kern64dll1 17[random filename]2 00 28Added by the TARNO.J TROJAN!63http://www.symantec.com/avcenter/venc/data/pwsteal.tarno.j.html0
121LoadOrderVerification1 17[random filename]2 00 27Added by the TRON.A TROJAN!75http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_TRON.A0
1 9MicroLoad1 17[random filename]2 00 24Added by the DARBY WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.darby.html0
121Microsoft Corporation1 17[random filename]2 00 42Added by various VIRUSES, WORMS & TROJANS! 01
120Microsoft Diagnostic1 17[random filename]2 00 27Added by the ACEBOT TROJAN!47http://www3.ca.com/virusinfo/Virus.asp?ID=115320
119Microsoft IT Update1 17[random filename]2 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
120Microsoft Locals 3321 17[random filename]2 00 26Added by the RBOT-KU WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotku.html0
114Microsoft Tray1 17[random filename]2 00 28Added by the DELF.BZ TROJAN!43http://www.vsantivirus.com/back-delf-bz.htm0
123Microsoft Update Loader1 17[random filename]2 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
124Microsoft Update Machine1 17[random filename]2 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 7MS-HTML1 17[random filename]2 00 31Added by the LATINUS.15 TROJAN!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_LATINUS.150
1 8MSKCES321 17[random filename]2 00 27Added by the CLONER TROJAN!80http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.cloner.html0
1 6mswspl1 17[random filename]2 00 29Added by the SMALL.IQ TROJAN!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_SMALL.IQ0
1 9nssysconf1 17[random filename]2 00 28Added by the VIVIA.A TROJAN!106http://de.trendmicro-europe.com/enterprise/security_info/ve_detail.php?id=59209&VName=TROJ_VIVIA.A&VSect=T0
1 5qbotd1 17[random filename]2 00 27Added by the BOTTEN TROJAN!78http://securityresponse.symantec.com/avcenter/venc/data/downloader.botten.html0
113RSPC Driver D1 17[random filename]2 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 7sws.exe1 17[random filename]2 00 33Haldex type adult content dialler74http://securityresponse.symantec.com/avcenter/venc/data/dialer.haldex.html0
113System Update1 17[random filename]2 00 38Added by the KORGO.W or KORGO.X WORMS!72http://securityresponse.symantec.com/avcenter/venc/data/w32.korgo.w.html0
1 7TaskReg1 17[random filename]2 00 24Added by the CBLAD WORM!76http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_CBLAD.A0
1 6UpdSys1 17[random filename]2 00 23Added by the BJ TROJAN!53http://hq.mcafeeasap.com/dispVirus.asp?virus_k=1000570
113Video Process1 17[random filename]2 00 26Added by the RBOT-LM WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotlm.html0
111Win32system1 17[random filename]2 00 24Added by the DDV.B WORM!70http://securityresponse.symantec.com/avcenter/venc/data/vbs.ddv.b.html0
117Windows Compliant1 17[random filename]2 00 26Added by the RBOT-IR WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotir.html0
120Windows Media Player1 17[random filename]2 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
127Windows Media Player Update1 17[random filename]2 00 26Added by the RBOT-ET WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotet.html0
121Windows Media SP.2.371 17[random filename]2 00 28Added by the LEMIR.C TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.lemir.c.html0
117Windows Update V61 17[random filename]2 00 26Added by the RBOT-KT WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotkt.html0
119WindowsRegistration1 17[random filename]2 00 26Added by the RBOT-NO WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotno.html0
124WindowsRegKey Autoupdate1 17[random filename]2 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
120WindowsRegKey update1 17[random filename]2 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 9WinLoader1 17[random filename]2 00 42Added by variants of the SUBSEVEN TROJAN!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_SUB7.213.B0
1 9zonealarm1 17[random filename]2 00132Added by an unidentified VIRUS, WORM or TROJAN! The only exception is if you have an older version of the ZoneAlarm firewall running 01
1 5Sav321 17[random filename]2 00 56Added by the W32/Famus-G WORM! File found in c:\recycled55http://www.sophos.com/virusinfo/analyses/w32famusg.html0
1 9(default)1 21[random filename].exe2 00 27Added by the BLACKMAL WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.blackmal@mm.html0
119Mickey Mouse Cereal1 21[random filename].exe2 00 28Added by the RANKY.Q TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.ranky.q.html0
111RSPC Driver1 21[random filename].exe2 00 26Added by the RBOT-SN WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotsn.html0
118WindowsReg% update1 21[random filename].exe2 00 26Added by the RBOT-HH WORM!55http://www.sophos.com/virusinfo/analyses/w32rbothh.html0
1 7W32Load1 21[random filename].scr2 00 25Added by the CASPID WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.caspid.html0
1 6center1 19[random name]32.exe2 00 26Added by the BOFRA.A WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.bofra.a@mm.html0
1 8Reactor31 19[random name]32.exe2 00 26Added by the BOFRA.A WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.bofra.a@mm.html0
1 8Reactor51 19[random name]32.exe2 00 26Added by the BOFRA.D WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.bofra.d@mm.html0
1 8Reactor61 19[random name]32.exe2 00 26Added by the BOFRA.C WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.bofra.c@mm.html0
1 8Reactor71 19[random name]32.exe2 00 26Added by the BOFRA.B WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.bofra.b@mm.html0
1 8Reactor81 19[random name]32.exe2 00 26Added by the BOFRA.E WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.bofra.e@mm.html0
1 8Reactor91 19[random name]32.exe2 00 26Added by the BOFRA.E WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.bofra.e@mm.html0
1 5Rhino1 19[random name]32.exe2 00 26Added by the BOFRA.A WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.bofra.a@mm.html0
1 7TempCom1 16[randomname].com1 00 24Added by the TRAXG WORM!73http://securityresponse.symantec.com/avcenter/venc/data/w32.traxg@mm.html0
1 4usbn1 8[random]1 00115Added by the Troj/Hogil-B Trojan. This infection adds various links to porn sites in your Desktop and Start Menu.56http://www.sophos.com/virusinfo/analyses/trojhogilb.html0
1 9vadseinst1 8[random]1 00 34Added by the Troj/Ranck-CM Trojan!57http://www.sophos.com/virusinfo/analyses/trojranckcm.html0
111taskmrg.exe1 8[random]1 00 74Added by Troj/Bancban-BN, a TROJAN that attempts to steal banking details.59http://www.sophos.com/virusinfo/analyses/trojbancbanbn.html0
1 8Services1 8[random]1 00 35Added by the Troj/Agent-BV Trojan.57http://www.sophos.com/virusinfo/analyses/trojagentbv.html0
118NT Virtual Machine1 8[random]1 00110Added by Troj/Agent-BV, a network WORM with backdoor Trojan functionality found in the Windows system folder.58http://www.sophos.com/virusinfo/analyses/w32scaerbota.html0
1 3DI21 8[random]1 00 24Added by Troj/Dloader-IK59http://www.sophos.com/virusinfo/analyses/trojdloaderik.html0
113Microsoft IIS1 8[random]1 00 43Added by the WORM variant, W32/Francette-Q.59http://www.sophos.com/virusinfo/analyses/w32francetteq.html0
1 9bluestart1 8[random]1 00 35Added by Troj/Dloader-IR, a TROJAN!59http://www.sophos.com/virusinfo/analyses/trojdloaderir.html0
1 8xpsystem1 8[random]1 00114Added by Troj/Krepper-M, a TROJAN! It will be found in a subfolder of the Windows system folder named "services".58http://www.sophos.com/virusinfo/analyses/trojkrepperm.html0
1 6XpAspy1 8[random]1 00 72Added by Troj/Delf-WH, a TROJAN! It will be found in the Windows folder.56http://www.sophos.com/virusinfo/analyses/trojdelfwh.html0
1 9WXcmeinst1 8[random]1 00156Added by Troj/Ranck-CD, a backdoor TROJAN! It will chose a TCP port in the range 10000-49999 to notify a remote web server on that port using a web request.57http://www.sophos.com/virusinfo/analyses/trojranckcd.html0
111CacheLoader1 8[random]1 00171Troj/Dloader-IX will download the [random] file to the Windows folder, sub-folder "Cache". That done, it moves to "Security iGuard.exe", found in the Program Files folder.59http://www.sophos.com/virusinfo/analyses/trojdloaderix.html0
1 8sixtysix1 8[random]1 00120Troj/LowZone-R TROJAN is responsible for a file found in the Windows folder that will reduce IE security zone settings.58http://www.sophos.com/virusinfo/analyses/trojlowzoner.html0
1 5lk3h11 8[random]1 00 65Added by the Troj/Mosuck-G TROJAN into the Windows system folder.57http://www.sophos.com/virusinfo/analyses/trojmosuckg.html0
113Floppy Master1 8[random]1 00 68Added by the Troj/Zonit-E TROJAN to send spam using other computers.56http://www.sophos.com/virusinfo/analyses/trojzonite.html0
1 7CSRSWIN1 17[trojan filename]2 00 32Added by the WINSHELL.50 TROJAN!81http://securityresponse.symantec.com/avcenter/venc/data/backdoor.winshell.50.html0
1 5CSRSX1 17[trojan filename]2 00 34Added by the WINSHELL.50.B TROJAN!83http://securityresponse.symantec.com/avcenter/venc/data/backdoor.winshell.50.b.html0
1 8Internal1 17[trojan filename]2 00 43Added by the SMOTHER and TRANSLAT TROJANS!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.smother.html0
1 3lar1 17[trojan filename]2 00 27Added by the ROXY.C TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/backdoor.roxy.c.html0
112Ntech.patchs1 17[trojan filename]2 00 28Added by the LEMIR.G TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.lemir.g.html0
1 7Service1 17[trojan filename]2 00 29Added by the KAITEX.E TROJAN!78http://securityresponse.symantec.com/avcenter/venc/data/backdoor.kaitex.e.html0
111Disk Master1 13[trojan name]2 00 44Added by the DISTER TROJAN! - a spam relayer76http://securityresponse.symantec.com/avcenter/venc/data/backdoor.dister.html0
1 9*WinLogon1 38[trojan path] ren time:[random number]2 00 26Added by the VUNDO TROJAN!73http://securityresponse.symantec.com/avcenter/venc/data/trojan.vundo.html0
115SystemEmergency1 19[various filenames]2 00 46SmartSearch - a CoolWebSearch parasite variant53http://www.spywareinfo.com/~merijn/cwschronicles.html0
1 5wingo1 19[various filenames]2 00 27Added by the BAGLE-AU WORM!56http://www.sophos.com/virusinfo/analyses/w32bagleau.html0
110LiveUpdate1 24[Windows username]05.exe2 00 28Added by the LINEAGE TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.lineage.html0
1 9AlevirOld1 15[worm filename]2 00 28Added by the OPASERV.G WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.G0
1 9BrasilOld1 15[worm filename]2 00 28Added by the OPASERV.P WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.P0
1 6G001231 15[worm filename]2 00 26Added by the BUGBROS WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.bugbros@mm.html0
1 7KAVutil1 15[worm filename]2 00 27Added by the WINTOO.B WORM!78http://securityresponse.symantec.com/avcenter/venc/data/w32.wintoo.b.worm.html0
1 8messnger1 15[worm filename]2 00 26Added by the DELODER WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.deloder.html0
1 9RavTimeXP1 15[worm filename]2 00 27Added by the WULLIK.B WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.wullik.b@mm.html0
1 8RavTimXP1 15[worm filename]2 00 27Added by the WULLIK.B WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.wullik.b@mm.html0
1 4rdvs1 15[worm filename]2 00 27Added by the ULTIMAX WORM!90http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_ULTIMAX.B&VSect=T0
1 9ScrSvrOld1 15[worm filename]2 00 26Added by the OPASERV WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.opaserv.worm.html0
111Services0041 15[worm filename]2 00 26Added by the BUGBROS WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.bugbros@mm.html0
1 9SpeedBoss1 15[worm filename]2 00 29Added by the OPASERV.AD WORM!81http://securityresponse.symantec.com/avcenter/venc/data/w32.opaserv.a.d.worm.html0
1 9Supernova1 15[worm filename]2 00 38Added by the SURNOVA (or SUPOVA) WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SURNOVA.A0
1 7Win2Drv1 15[worm filename]2 00 25Added by the WINTOO WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.wintoo.worm.html0
1 8Srv32Old1 19[worm filename].PIF2 00 28Added by the OPASERV.J WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.opaserv.j.worm.html0
1 5Swf321 11_backup.exe1 00 25Added by the SYMTEN WORM!66http://www.symantec.com/avcenter/venc/data/w32.hllw.symten@mm.html0
1 9_x-Finder1 13_x-Finder.exe1 00 61Disconnects and redials an ISP modem to an adult content site 01
122Microsoft Windows DHCP1 8___r.exe1 00 40Added by the MASLAN.A or MASLAN.C WORMS!76http://securityresponse.symantec.com/avcenter/venc/data/w32.maslan.a@mm.html0
133Microsoft Synchronization Manager1 13___synmgr.exe1 00 40Added by the MASLAN.A or MASLAN.C WORMS!76http://securityresponse.symantec.com/avcenter/venc/data/w32.maslan.a@mm.html0
1 8Regcheck1 11~CAB001.EXE1 00 48Added by the CYBRSPY.13A or CYBRSPY.13B TROJANS!80http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_CYBRSPY.13A0
1 8^`d}qZxu1 12~`d}qzxu3zYF1 00 34Added by the GAOBOT.GEN!POLY WORM!80http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.gen!poly.html0
3 7PsnLite1 11PsnLite.exe1 00234Post-it« Software Notes - Lite. "You can use this digital version of the famous canary yellow« note to remind you to do something, to capture an idea or to organize all those important phone numbers -- all from your computer desktop."56http://www.3m.com/market/office/postit/com_prod/psnotes/0
214P2P NETWORKING1 18P2P Networking.exe2 00 51Peer to Peer (P2P) sharing of files on the internet 01
215P2P Networking31 19P2P Networking3.exe2 00137P2P Networking, a component bundled with Kazaa that enables other applications to use Peer-to-Peer functionality. Not required - see here70http://www.kephyr.com/spywarescanner/library/p2pnetworking/index.phtml0
112MSPluginSrvc1 6p3.exe1 00 29Added by W32/Rbot-WV, a WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotwv.html0
1 7P3p4chk1 11P3p4chk.exe1 00 25Added by the GEMA TROJAN!72http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html0
1 5p4mx41 9p4mx4.exe1 00 30Added by the CRYPTER.A TROJAN!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A0
2 8PadTouch1 10PadExe.exe1 00 96Toshiba Touch and Launch - offers easy movement and freedom of programs navigation with TouchPad 01
1 6PAgent1 10PAgent.exe1 00298Scans your hard drive for the popular P2P file-sharing applications BearShare, Grokster, Kazaa, Limewire and Morpheus. After searching the entire local filesystem for any files with those names it connects to the DownloadWare servers and tells it what, if anything, is found. See here for more info49http://and.doxdesk.com/parasite/DownloadWare.html0
2 5Pagoo1 9PAGOO.EXE1 00179Pagoo - internet call waiting. Intercepts telephone calls like an answering machine and plays the voice message on your PC. Only required when you're on-line and via dial-up modem27http://www.pagoo.com/cc.asp0
111taskmgr.exe1 9paint.exe1 00 53Added by a variant of the AGENT.AH downloader TROJAN! 01
111taskmgr.exe1 11paintms.exe1 00 42Added by a variant of the AGENT.AH TROJAN! 01
2 8Palm.exe1 8Palm.exe1 00 88Palm Desktop Software for use with Palm handheld devices. Available via Start - Programs54http://www.palm.com/support/downloads/win_desktop.html0
219PaltalkNetaware.exe1 14PALNETAW~1.EXE1 00343Voice chat program. This program stores all buddy list info apparently on the server itself so you never lose your buddy list should you need to reinstall the program due for whatever reason or even reformat. Available via Start - Programs. Delete the shortcut in Start -> Programs -> StartUp as well otherwise it will be reinstated 01
113PandaAVEngine1 17PandaAVEngine.exe1 00 27Added by the NETSKY.R WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.r@mm.html0
316PowerDOCSAPIHost1 12papihost.exe1 00147Hummingbird PowerDOCS - "delivers powerful enterprise document management functionality via a tightly integrated Microsoft WinNT/98/2K environment"53http://www.imageware.ch/tr/products/dms/powerdocs.jsp0
3 8PartSeal1 12PartSeal.exe1 00284System backup for Sony Vaio PCs. Adds a recovery mechanism for users over and above any System Restore features - allowing users to revert a drive back to the state it was when bought form the factory by hitting F10. The user obviously loses any data stored if not backed-up elsewhere 01
313VAIO Recovery1 12PartSeal.exe1 00284System backup for Sony Vaio PCs. Adds a recovery mechanism for users over and above any System Restore features - allowing users to revert a drive back to the state it was when bought form the factory by hitting F10. The user obviously loses any data stored if not backed-up elsewhere 01
1 5Patch1 9patch.exe1 00 26Added by the NETBUS WORM!60http://www.dark-e.com/archive/trojans/netbusworm/index.shtml0
1 9AV Client1 14patch31345.exe1 00 28Added by the MYDOOM.AD WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.mydoom.ad@mm.html0
111AV Industry1 14patch31345.exe1 00 28Added by the MYDOOM.AD WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.mydoom.ad@mm.html0
315Panda Scheduler1 12pavsched.exe1 00225Panda Antivirus scan scheduler. Required if this is your virus scanner program and you have scans scheduled on a regular basis. I recommend that you scan manually so you don't need this but if you tend to forget then leave it29http://www.pandasoftware.com/0
121System Initialization1 11payload.dat1 00 54Added by the RANDEX.D WORM or ROXY or ROXY.B TROJANS!73http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.d.html0
113MSNSysRestore1 8pc32.exe1 00 39Added by a variant of the MASTAK VIRUS! 01
3 9Smartalec1 11pcaccel.exe1 00128a target="_blank" href="http://www.smartalec2000.com/pcxl4000deluxe.shtml"Smartalec PC Accelerator - system optimization utility 01
3 9SmartPCXL1 11pcaccel.exe1 00128a target="_blank" href="http://www.smartalec2000.com/pcxl4000deluxe.shtml"Smartalec PC Accelerator - system optimization utility 01
4 4PCBG1 15PCBODYGUARD.EXE1 00 96PC Bodyguard from Calluna - protects system files and settings from being deleted, modified, etc34http://www.calluna.com/pcbody.html0
411PCBODYGUARD1 15PCBODYGUARD.EXE1 00 96PC Bodyguard from Calluna - protects system files and settings from being deleted, modified, etc34http://www.calluna.com/pcbody.html0
310PC Booster1 13pcbooster.exe1 00207PC Booster from inKline Global - "easy-to-use computer system optimizer that gives your system the extra speed and stability you want while ensuring that your computer is kept clean and in tip-top condition"52http://www.inklineglobal.net/products/pcb/index.html0
214Acme.PCHButton1 13pchbutton.exe1 00 26Used by HP Instant Support 01
2 9PCHbutton1 13PCHbutton.exe1 00 26Used by HP Instant Support 01
2 8PCHealth1 11pchschd.exe1 00 96This is a "scheduler" and does not turn off PC Health. For more information refer here105http://groups.google.com/groups?q=PCHealth%2Bpchschd.exe&hl=en&selm=eeuEENQ6AHA.1484%40tkmsftngp03&rnum=10
0 8PCIMODEM1 12pcimodem.exe1 00 57Associated with Lucent based Aztech MDP7800-U PCI modems. 01
211InstantTray1 12PCLETray.exe1 00171Pinnacle InstantCD/DVD disc creation software. Tray icon enabling a pop-up menu that lets you call up any of Instant CD/DVD's tools with one click. Can be started manually72http://www.pinnaclesys.com/ProductPage_n.asp?Product_ID=1431&Langue_ID=70
2 7PCStart1 9Pcm25.exe1 00198Runs as part of PCMonitor which is a program for monitoring your activity on your system. It makes screen dumps and key logging. It can hang-up your system because the screen dump page gets VERY big21http://pcmonitor.com/0
010PCMService1 14PCMService.exe1 00 39In a DellMedia Experience sub-directory 01
3 7PCRecSA1 11PCRecSA.exe1 00303Part of the IBM/XPoint Rapid Restore backup utility. If you choose, you can use it to create a "clean" backup of your hard drive. The process involves the software partitioning your hard drive, making a compressed image of the working drive which will then allow you to revert to that should you need to 01
2 4Pcsv1 9pcsvc.exe1 00 42Delfin Media Viewer or "Promulgate" adware51http://www.spywareguide.com/product_show.php?id=7270
2 6PcSync1 10PcSync.exe1 00255If a Nokia phone has been connected, synchronises the phone with MS Outlook or other organiser software. It is installed by the Nokia PC Suite, and the tray icon shows if a phone has been connected. Available via a desktop shortcut or Start -> Programs 01
1 6PcSync1 10PCsync.exe1 00176Added by the W32/Rbot-XJ WORM/IRC backdoor, the file will be hidden with system attributes. Unauthorised remote access is enabled by contact with an pre-determined IRC channel.55http://www.sophos.com/virusinfo/analyses/w32rbotxj.html0
214Country Select1 10pctptt.exe1 00235Country selection for a PCtel HSP56 based modem. Often found in OEM (Dell,Compaq, HP, etc) systems for their modems included on the motherboard or as a separate card. Once you've set the modem up to the chosen country it's not required 01
216CountrySelection1 10pctptt.exe1 00235Country selection for a PCtel HSP56 based modem. Often found in OEM (Dell,Compaq, HP, etc) systems for their modems included on the motherboard or as a separate card. Once you've set the modem up to the chosen country it's not required 01
3 6pctspk1 10pctspk.exe1 00210Used for modems based upon PC-TEL chipsets. Normally used for some Voice and Speakerphone functions and also for some Power management options. If you remove it you may not be able to use any of those functions 01
3 8PCTVOICE1 12pctvoice.exe1 00193The program PCTVoice is used by the modem to interface with your computer and also used for some V.80 functions for Video Conferencing. if you uncheck it, it comes back. ItÆs better to leave it 01
213Dialog Helper1 12PDDLGHLP.EXE1 00177Dialog Helper from PowerDesk Pro by Ontrack. Helps with the standard Open and Save As dialog boxes by showing recently used files and folders. Available via Start -> Programs33http://www.ontrack.com/powerdesk/0
3 8PDEngine1 12PDEngine.exe1 00103PerfectDisk from Raxco - disk defragmenter. Only required if you schedule disk defragmenting at re-boot44http://www.raxco.com/products/perfectdisk2k/0
216Matrox Powerdesk1 9PDesk.exe1 00 70For Matrox video cards. Quick access to tweak your card to your liking 01
2 7pdexplo1 11PDEXPLO.EXE1 00 91PowerDesk Pro by Ontrack. Enhanced desktop and file manager. Available via Start - Programs33http://www.ontrack.com/powerdesk/0
2 9pdfSaver31 13pdfSaver3.exe1 00133PDF-XChange - create Adobe compatible PDF files from virtually any Windows software such as MS Word, Excel, AutoCAD, MS Publisher etc56http://www.docu-track.com/home/prod_user/pdfxchange_pro/0
2 7PDirect1 11PDirect.exe1 00 34IBM Presentation Director software 01
320Password Door Loader1 13PDMonitor.exe1 00 44Password Door - password protection software39http://www.toplang.com/passworddoor.htm0
3 9Intel PDS1 7pds.exe1 00228Intel Ping Discovery Service (PDS). Part of Intel's LANDesk Management Suite 6 and the Common Base Agent (CBA) - used for communicating between the core server and managed clients. Will start the dial-up if installed and enabled 01
117Microsoft DirectX1 11PDSched.exe1 00 27Added by the SDBOT.CN WORM!85http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.CN&VSect=T0
3 8PDVDServ1 12PDVDServ.exe1 00242Remote Control background application for CyberLink's PowerDVD version 5 and above. Enables you to use a remote control with your DVD drive if your drive came with one. Not required if you don't have a remote control, or don't wish to use one 01
313RemoteControl1 12PDVDServ.exe1 00242Remote Control background application for CyberLink's PowerDVD version 5 and above. Enables you to use a remote control with your DVD drive if your drive came with one. Not required if you don't have a remote control, or don't wish to use one 01
212PeerGuardian1 27PeerGuardian_1.99b_pr14.exe1 00299PeerGuardian "is a tiny firewall program especially designed for P2P software users, but also for anyone who is concerned about the investigations that corporations and authorities perform on the internet. PeerGurdian blocks connections for the configured IP ranges and logs the blocked connections"73http://www.afterdawn.com/software/p2p_software/p2p_tools/peerguardian.cfm0
221Mouse Suite 98 Daemon1 12pelmiced.exe1 00121Mouse driver. Appears to cause a behaviour where the desktop suddenly flips back up when playing DirectX associated games 01
322Pro PCL Status Monitor1 10PENGSS.EXE1 00 72Xerox printer/fax/copier status monitor (PCL = printer control language) 01
1 9penis.exe1 9penis.exe1 00121Added by the W32.Cissi.W backdoor! Found in the Windows system directory and adds a copy to the All Users startup group.72http://www.sarc.com/avcenter/venc/data/w32.cissi.w.html#technicaldetails0
110[not used]1 9penis.exe1 00153Added by the W32/Cissi-F WORM, the system .ini field {boot} will be modiified and remote access made available to an attacker(s) using an IRC channel(s).55http://www.sophos.com/virusinfo/analyses/w32cissif.html0
119windows auto update1 11penis32.exe1 00 41Added by the BLASTER (or MSBLAST.A) WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.html0
314Pent@VALUE 3.21 14Pent@VALUE.exe1 00 49Pent@VALUE Digital Satellite Internet PC Receiver 01
1 8PeqBL1001 12PEQBL100.exe1 00 26Added by the ENVID.D WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.envid.d@mm.html0
1 9PerformCl1 10perfcl.exe1 00 55Downloads and installs other adware onto your computer. 01
4 6PersFw1 10PersFw.exe1 00 31Kerio or Tiny Personal Firewall37http://www.kerio.com/us/kpf_home.html0
422Tiny Personal Firewall1 10persfw.exe1 00 22Tiny Personal Firewall44http://www.tinysoftware.com/home/tiny2?la=EN0
012PestPatrolCL1 16PestPatrolCL.exe1 00 49Associated with PestPatrol anti-malware software.26http://www.pestpatrol.com/0
220Kodak Batch Transfer1 11pezdow1.exe1 00154Part of "Kodak Picture Easy" software for digital cameras. Includes the display of an icon in the System Tray to quickly transfer photos to a PC 01
212PerfectPrint1 12pfppop70.exe1 00 60Print engine used by Corel WordPerfect 7 and Presentations 7 01
412!1_pgaccount1 13pgaccount.exe1 00292DiamondCS ProcessGuard security software - stops malicious worms and trojans from being executed silently in the background, as well as a variety of other attacks. You will see one instant of pgaccount.exe for every active account on your system, and this is essential for PG to work properly41http://www.diamondcs.com.au/processguard/0
1 8statload1 12pgjd83sa.exe1 00 76Backdoor.Sdbot.AO Infection! File is found in the Windows system directory. 01
4 9PGPSDKSVC1 14pgpsdkserv.exe1 00382PGPsdkServ.exe is the new SDK service which is responsible for performing all PGP key management and cryptographic functions. This functionality was moved into a service to allow multiple modules simultaneous read/write access to the keyrings, among other things. As you can imagine, it is necessary for PGPsdkServ to be running in order to perform practically any PGP functionality 01
310PGPSERVICE1 14pgpservice.exe1 00548PGPservice.exe has two main purposes: (1) it handles a large part of the PGPnet functionality (along with the PGPnet driver) and (2) it allows efficient access to the PGP preferences database. The individual PGP modules normally access the preferences through PGPservice, but they are capable of a "fall-back" mode where they can handle such access on their own. Thus, if you are not running PGPnet, you may not immediately notice much of a difference if you disable PGPservice. If you are running PGPnet, you will notice a big difference 01
2 7PGPtray1 11pgptray.exe1 00109PGP 7.x. Provides icon tray shortcuts to PGP programs from Network Associates. Available via Start - Programs 01
120Winux Piriax Service1 8PH32.EXE1 00 27Added by the RANDEX.G WORM!73http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.g.html0
310Dialgo SDK1 15PhoneAnswer.exe1 00271Dialgo Wave Modem ActiveX - "Telephone Answering Machine for scripting your own professional call center business scripts using a voice modem. Features Caller-ID, Wave Playback, Wave Recording, Digit Monitoring, POP3 e-mail Manipulation, Speech Recognition and Synthesis" 01
321PhoneFree version 6.21 12PHONEF??.EXE1 00110An Internet telephony application. Complicated registration and ad banners tailored to your profile - see here25http://www.phonefree.com/0
0 7dregfix1 13ph_finder.exe1 00 2?? 01
224LifeScape Media Detector1 23PicasaMediaDetector.exe1 00 53Media detector for Picasa's automatic photo organizer22http://www.picasa.net/0
221Picasa Media Detector1 23PicasaMediaDetector.exe1 00 53Media detector for Picasa's automatic photo organizer22http://www.picasa.net/0
2 8Pickatag1 12pickatag.exe1 00232Pick-a-tag - "Freeware utility for random selection of your taglines. This utility randomly picks a tagline out of a list of taglines. It will create a signature file which your mailer can use to place under your messages"43http://home.wanadoo.nl/jeroen/software.html0
2 7PICPRTR1 11PICPRTR.EXE1 00 66Program for viewing and measuring a variety of 3D CAD data formats 01
118Microsoft⌐ PID Lex1 10PIDLex.exe1 00 30Added by the NIOVADOOR TROJAN!79http://securityresponse.symantec.com/avcenter/venc/data/backdoor.niovadoor.html0
3 7PiDunHK1 11PIDUNHK.EXE1 00218Part of the Prodigy Internet software - part of the dialer/DUN. Presumably needed for users of that service otherwise you may not be able to connect, although you may try creating your own shortcut and see what happens 01
1 5pilif1 9pilif.exe1 00 23Added by the FILI WORM!59http://www.symantec.com/avcenter/venc/data/w32.fili@mm.html0
2 6Pinger1 10pinger.exe1 00197Pinger is the resident program for Toshiba updates. Periodically checks to see if there are any software/driver upgrades for your particular computer model. If it finds any, it posts a notification 01
213ToshibaPinger1 10pinger.exe1 00227Pinger is the resident program for Toshiba Upgrades. Periodically checks to see if there are any software/driver upgrades for your particular computer model. If it finds any, it posts a notification. Disabling instructions here81http://www.spywareinfo.com/yabbse/index.php?board=18;action=display;threadid=26730
1 7directx1 11PipeCmd.exe1 00 28Added by the SDBOT.D TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.d.html0
1 7Pixel321 11Pixel32.exe1 00 25Added by the GEMA TROJAN!72http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html0
110Pixelpwr321 14Pixelpwr32.exe1 00 25Added by the GEMA TROJAN!72http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html0
1 8Pixelsvr1 12Pixelsvr.exe1 00 25Added by the GEMA TROJAN!72http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html0
3 8pjWebCam1 12pjWebCam.exe1 00 96Webcam automation software that saves regular photos from webcam and can also act as HTTP server 01
315Pagekeeper Jobs1 10pkjobs.exe1 00237PageKeeper Jobs is a separate PageKeeper program that handles the analysis of new documents and keeps track of the location and content of current documents in PageKeeper. Pagekeeper comes bundled with scanners such has HP, Microtek, etc 01
315Pagekeeper Lite1 10pkjobs.exe1 00237PageKeeper Jobs is a separate PageKeeper program that handles the analysis of new documents and keeps track of the location and content of current documents in PageKeeper. Pagekeeper comes bundled with scanners such has HP, Microtek, etc 01
111PK Services1 9pksvc.exe1 00 28Added by the FORBOT-BW WORM!57http://www.sophos.com/virusinfo/analyses/w32forbotbw.html0
0 9ToPassSrv1 12Pktopass.exe1 00112Related to Caere Pagekeeper scanning software (now taken over by Scansoft), Disabling is known to cause problems 01
224Photo Loader supervisory1 10Plauto.exe1 00129Casio's Photo Loader software. Hook up your camera to the USB port, and it pops up and asks you if you want to load your pictures 01
311PLEAPCPUCPL1 10pleapu.exe1 00 47CPU Control Panel for the Powerleap CPU upgrade41http://www.powerleap.com/Products/ccp.htm0
2 8Imonitor1 10Plguni.exe1 00 70McAfee QuickClean 3.0 - removes internet clutter and unwanted programs44http://www.mcafee.com/myapps/qc3/default.asp0
226McAfee QuickClean Imonitor1 10Plguni.exe1 00 70McAfee QuickClean 3.0 - removes internet clutter and unwanted programs44http://www.mcafee.com/myapps/qc3/default.asp0
2 6Plguni1 10Plguni.exe1 00 70McAfee QuickClean 3.0 - removes internet clutter and unwanted programs44http://www.mcafee.com/myapps/qc3/default.asp0
1 5WinXP1 11plugin1.exe1 00 34Added by the Downloader-JW TROJAN! 01
3 8PLXSTART1 12PLXSTART.EXE1 00137Sets the spindown timeout and access speeds at startup and displays the "Plextor Manager 2000" splash screen for Plextor CD-RW. 01
2 7PLXTASK1 11PLXTASK.EXE1 00213Taskbar utility for a "control panel" for a Plextor CD-RW. Has MVP 2000 (audio CD player), DiscDupe 2000 (self explanatory CD copying program) and AudioCapture 2000 (rips audio CDs into MP3 or WAV files) 01
1 8pm32info1 12pm32info.exe1 00 30Added by the CRYPTER.A TROJAN!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A0
0 7PmProxy1 11PmProxy.exe1 00 89Associated with Analog Devices "SoundMAX" audio chipset - often built-in to motherboards. 01
214Event Reminder1 12pmremind.exe1 00 66A calendar/alarm program that installs with Br°derbund Printmaster 01
227Print Master Event Reminder1 12PMremind.exe1 00 78Print Master Gold - calander feature that pops up reminders, such as birthdays 01
2 8PMTSHOOT1 12pmtshoot.exe1 00 53MS tool for troubleshooting power management problems 01
013Scan Detector1 13Pmxdetect.exe1 00 35Associated with PrimaScan scanners.25http://www.primascan.com/0
3 7PMXInit1 11pmxinit.exe1 00135Restores user display preferences Kyro2 based graphics cards. Not required unless you change the default settings - such as gamma 01
2 7PNAgent1 11PNAgent.exe1 00 64PhatNoise Music Manager - manages WMA, MP3, WAV, etc music files60http://www.phatnoise.com/products/software/music_manager.php0
111PalNetaware1 13pnetaware.exe1 00 81PalTalk adware - as included in Morpheus, see here towards the bottom of the page49http://www.pestpatrol.com/pestinfo/m/morpheus.asp0
114Vekio Startups1 12Pnksvc32.exe1 00 84Added by the W32/Agobot-PZ Backdoor Trojan/Worm! Found in the Windows system folder.57http://www.sophos.com/virusinfo/analyses/w32agobotpz.html0
115PNtask Services1 10pntask.exe1 00 27Added by the LALA.C TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/backdoor.lala.c.html0
311PktAnything1 19PocketCompanion.exe1 00 85PocketAnything lets you save anything on your computer to your mobile, with one click42http://www.o2pocket.com/pocketanythinginfo0
1 4Poet1 8Poet.exe1 00 25Added by the DOEP.A WORM!71http://securityresponse.symantec.com/avcenter/venc/data/w32.doep.a.html0
3 7point321 11point32.exe1 00128Microsoft Intellipoint software for their Intellimouse series of mice - required if you use non-standard Windows driver features38http://www.microsoft.com/intellipoint/0
3 7POINTER1 11point32.exe1 00128Microsoft Intellipoint software for their Intellimouse series of mice - required if you use non-standard Windows driver features38http://www.microsoft.com/intellipoint/0
2 6Altnet1 18points manager.exe2 00223Altnet Points Manager - manages the new Kazaa Plus scheme for awarding you points if you share music files on your machine with others rather than simply getting files and not sharing their own. Start manually when required26http://www.altnet.com/faq/0
219AltnetPointsManager1 18points manager.exe2 00223Altnet Points Manager - manages the new Kazaa Plus scheme for awarding you points if you share music files on your machine with others rather than simply getting files and not sharing their own. Start manually when required26http://www.altnet.com/faq/0
214Points Manager1 18points manager.exe2 00223Altnet Points Manager - manages the new Kazaa Plus scheme for awarding you points if you share music files on your machine with others rather than simply getting files and not sharing their own. Start manually when required26http://www.altnet.com/faq/0
4 9NOD32POP31 12Pop3scan.exe1 00 46POP3 E-mail part of Eset's NOD32 virus-scanner34http://www.nod32.com/home/home.htm0
1 9PopAdStop1 13popadstop.exe1 00131PopAdStop claims to be an ad blocker, but instead sends advertisements to other computers on your network via the Net Send command.60http://www.sarc.com/avcenter/venc/data/adware.popadstop.html0
315Popup Ad Filter1 13PopFilter.exe1 00 31Popup Ad Filter - pop-up killer21http://www.meaya.com/0
3 7Popopen1 11popopen.exe1 00 61PopOpen makes your windows spring open with animation effects49http://www.jsmadeeasy.com/archive/shellutilities/0
420Norton eMail Protect1 11POPROXY.EXE1 00300Proxy E-mail protection from Norton Anti-Virus (prior to 2002). If you have it installed, leave it enabled to automatically check for suspect attachments in E-mails that may contain viruses. It downloads the E-mail into poproxy, which serves as a proxy server on the local machine, before scanning it 01
4 7Poproxy1 11POPROXY.EXE1 00300Proxy E-mail protection from Norton Anti-Virus (prior to 2002). If you have it installed, leave it enabled to automatically check for suspect attachments in E-mails that may contain viruses. It downloads the E-mail into poproxy, which serves as a proxy server on the local machine, before scanning it 01
1 3POP1 13PopSrv***.exe1 00 73PeopleonPage foistware, bundled with Grokster where *** are random digits48http://www.pchell.com/support/peopleonpage.shtml0
1 9popsrv1461 13popsrv146.exe1 00125PeopleOnPage online dating browser enhancement - also adware and privacy issues, see here. For removal instructions see here49http://www.doxdesk.com/parasite/AproposMedia.html0
314Pop-Up_Blocker1 9Popup.exe1 00134A Tweak-XP component, blocks advertisement pop-up windows in Internet Explorer. Can be enabled/disabled via Tweak-XP - Internet Tweaks45http://www.totalidea.com/frameset-tweakxp.htm0
321Ashampoo PopUpBlocker1 15PopUpKiller.exe1 00 66Ashampoo popup blocker, part of Privacy Protector Plus - see here97http://www.ashampoo.com/frontend/products/php/product.php?idstring=0204&session_langid=2ñcy_id=-10
310PopUpWatch1 14PopUpWatch.exe1 00206Part of BPS Trace Remover - made by the folks who "developed" BPS Spyware Remover which reportedly uses an old, "borrowed" SpyBot database. Read this and this. Do not support these guys!104http://www.net-integration.net/cgi-bin/forums/ikonboard.cgi?s=3e746190523affff;act=ST;f=28;t=1546;hl=bps0
224Pure Networks Port Magic1 11PortAOL.exe1 00288Pure Networks Port Magic, as available in the latest version of the AOL« 9.0 Optimized SE software; automatically configures most in-home Internet gateways, improving access and performance for applications such as instant messaging, online gaming, and streaming music and video. See here37http://www.purenetworks.com/products/0
418gw port controller1 12PORTCT95.EXE1 00255From a visitor - "I must keep it active in start up or my Lexmark printer and RCA Cam program cannot discover a working port to work". From the file properties, the file is known as "Smart Thru Fax Drive Spy" and is supplied by Samsung 01
023M Player Post Installer1 16postinstallm.exe1 00 2?? 01
3 4POW!1 7pow.exe1 00 13Pop-up killer 01
2 8PowerBar1 12Powerbar.exe1 00 97Part of CyberLink's PowerDVD software. Not sure what exactly it does, but not required in startup 01
2 8PowerDVD1 12PowerDVD.exe1 00161Launches Cyberlink's PowerDVD software and creates a system tray icon. If enabled, PowerDVD will open automatically when a DVD movie is inserted. Launch manually 01
312AcerPowerkey1 12Powerkey.exe1 00134PowerKey utility for Acer TravelMate notebook PCs. Allows the user to quickly switch between different power schemes by pressing Fn+F3 01
3 8PowerKey1 12PowerKey.exe1 00 85Part of Acer Launch Manager - programmable keys on such laptops as the TravelMate 61023http://global.acer.com/0
3 8PowerPro1 12powerpro.exe1 00162Part of the power professional program that loads the floating menu bar. Can be accessed from Start -> Programs, but I'd leave it alone if you use this program 01
1 9PowerProf1 13PowerProf.exe1 00 28Added by the LOREX.B TROJAN! 01
218PowerReg Scheduler1 22PowerReg Scheduler.exe2 00112PowerREGISTER from Leadertech. Registration reminder as used by Iomega, Hasbro & Microprose - amongst others38http://www.leadertech.com/register.htm0
220PowerReg SchedulerV21 24PowerReg SchedulerV2.exe2 00112PowerREGISTER from Leadertech. Registration reminder as used by Iomega, Hasbro & Microprose - amongst others38http://www.leadertech.com/register.htm0
220PowerReg SchedulerV31 24PowerReg SchedulerV3.exe2 00108PowerREGISTER from Leadertech. Registration reminder as used by Iomega, Hasbro & Microprose - amongst others 01
0 6PowerS1 10PowerS.exe1 00 69ProlinkTest for either their AGP graphics card or TV/FM capture card.27http://www.prolink-usa.com/0
110Power Scan1 13powerscan.exe1 00 84Foistware by Integrated Search Technologies - the people behind the ISTbar parasite42http://217.115.153.73/parasite/ISTbar.html0
210PowerStrip1 14powerstrip.exe1 00 95PowerStrip is a Video Mode Editor to allow special Refresh Rates and Tweaking of Video Settings34http://www.entechtaiwan.com/ps.htm0
410PowerPanel1 12POWPANEL.EXE1 00100Power management utility on notebooks/laptops - automatically switches modes when running on battery 01
335eTrust PestPatrol Active Protection1 21PPActiveDetection.exe1 00 86PestPatrol real-time protection feature. "Stops spyware before it infects your system"26http://www.pestpatrol.com/0
325PestPatrol Control Center1 13PPControl.exe1 00 94PestPatrol Control Terminal - launches PestPatrol features such as PPMemCheck and CookiePatrol36http://www.pestpatrol.com/PPControl/0
3 9PPControl1 13PPControl.exe1 00 94PestPatrol Control Terminal - launches PestPatrol features such as PPMemCheck and CookiePatrol36http://www.pestpatrol.com/PPControl/0
3 7PCLEPCI1 7ppe.exe1 00140Pinnacle Systems PCI Performance Enhancer. "This tool helps to increase the PCI Busmaster performance of all Pinnacle PCI boards."129http://www.pinnaclesys.com/docsupport1.asp?division_id=1&langue_id=2&product_id=469&product_name=Studio%20version%207&page_id=1460
318PP2000 Instaupdate1 12PPInupdt.exe1 00140Protector Plus anti-virus software - instant update program for virus data updates. Not required if you regularly update virus data manually 01
310PPMemCheck1 14ppmemcheck.exe1 00178PPMemCheck - "extends PestPatrol's power so that the most dangerous Pests -- those that are about to execute -- are found, terminated, and cleaned from a user's system"37http://www.pestpatrol.com/PPMemCheck/0
2 8PProTray1 12pprotray.exe1 00 69Part of the power professional program. Loads the System Tray control 01
315System_Messages1 10pprsen.exe1 00169TerminatorX - "offers an easy and effective method of stopping users running predetermined file sharing programs like KaZaA, messenger programs, chat rooms and the like"27http://www.plevna.f9.co.uk/0
422PP2000 Taskbar Control1 9PPTbc.exe1 00 55Protector Plus anti-virus software - system tray access 01
213PaperPort PTD1 12pptd40nt.exe1 00 55"PaperPort" software associated with scanners 01
2 8pptd40nt1 12pptd40nt.exe1 00 55"PaperPort" software associated with scanners 01
3 8PPUpdate1 13ppupdater.exe1 00253PPUpdater - "is the update program that ships with PestPatrol. It is able to update licensed and evaluation versions, and presents a visual display of what it is doing". Run manually unless you think you'll forget to check for updates on a regular basis36http://www.pestpatrol.com/PPUpdater/0
421PP2000 Real Time Scan1 11PPVstop.exe1 00 54Protector Plus anti-virus software - real time scanner 01
2 9PPWWebCap1 12PPWebCap.exe1 00 55"PaperPort" software associated with scanners 01
226PowerQuest Startup Utility1 10PQINIT.EXE1 00312From a visitor - "This seems to be installed when you install Power Quest Partition Magic. I think that it implements the changes when you use the magic mover app. If you don't have any mappings set up, it does nothing (except waste bytes and cycles). I disabled it using msconfig.exe with no problems" 01
227PaperQuote System Tray Icon1 10PQTRAY.EXE1 00109PaperQuote is a "wallpaper" changer with daily quotes that are either for inspiration or motivation 01
1 7prdtect1 11prdtect.exe1 00229Prutect malware from e2Give - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth!75http://securityresponse.symantec.com/avcenter/venc/data/spyware.e2give.html0
3 8ReproPRD1 10PrdUsb.exe1 00123Thrustmaster Corporation Presets application - a game controller driver, presumably necessary for certain functions to work 01
228Precision Time Clock Checker1 17PrecisionTime.exe1 00126Precision Time 2.0. Checks your computer clock time against the Naval Observatory or some other source to assure accurate time55http://www.ubr.com/clocks/timesw/prectime/prectime.html0
017Norton AV Preload1 11Premend.exe1 00 61Norton Antivirus related. What does it do and is it required 01
221HP Presentation Ready1 11PresRdy.exe1 00206HP Omnibook related: "Press a dedicated button above the keyboard and the system will instantly load your presentation software and change the screen resolution to match your display device" 01
1 7prgtect1 11prgtect.exe1 00229Prutect malware from e2Give - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prxtect.exe, prdtect.exe and so forth!75http://securityresponse.symantec.com/avcenter/venc/data/spyware.e2give.html0
212Printkey20001 16printkey2000.exe1 00108Screen grabber that intercepts the pressing of the Print Screen (Prn Scrn) key. Start manually when required 01
2 8printnow1 12printnow.exe1 00144PrintNow - a utility that primarily allows "Print Srceen" or "Alt+Print Screen" screenshots to be sent directly to a printer48http://www.pcmag.com/article2/0,4149,8418,00.asp0
214CompaqPrinTray1 12printray.exe1 00168Puts printer icon in the System Tray. When this option is disabled you will no longer be able to access the Control Program or Printer Driver directly from your desktop 01
215LexmarkPrinTray1 12printray.exe1 00159Lexmark Printer icon in the System Tray for quick access. Not required - uncheck via Printer configuration rather than MSCONFIG. Can also be listed as PrinTray 01
2 8PrinTray1 12Printray.exe1 00179Lexmark/Compaq printer icon in the System Tray for quick access. Not required - uncheck via Printer configuration rather than MSCONFIG. See also LexmarkPrintray and CompaqPrinTray 01
218Gadwin PrintScreen1 15PrintScreen.exe1 00 73Gadwin PrintScreen - utility to capture, print or save the current window34http://www.gadwin.com/printscreen/0
312PRISMSTA.EXE1 12PRISMSTA.EXE1 00151Creates a system tray icon for accessing information about Intersil Prism Wireless Settings. Intersil silicon is used by Trendware/Trendnet for example 01
218Privacy Eraser Pro1 17PrivacyEraser.exe1 00123Privacy Eraser Pro - protects your Internet privacy by cleaning up all Internet history tracks and past computer activities29http://www.privacyeraser.com/0
3 7Privoxy1 11privoxy.exe1 00215Privoxy - web proxy with advanced filtering capabilities for protecting privacy, filtering web page content, managing cookies, controlling access, and removing ads, banners, pop-ups and other obnoxious Internet junk23http://www.privoxy.org/0
111PrizeSurfer1 15prizesurfer.exe1 00159"PrizeSurfer is the free software that automatically enters you to win cash and prizes just for surfing the web and shopping online!" Stealth installed malware 01
1 7prjtect1 11prjtect.exe1 00229Prutect malware from e2Give - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth!75http://securityresponse.symantec.com/avcenter/venc/data/spyware.e2give.html0
218Ray Process Killer1 10Prkill.exe1 00186Ray Process Killer - clicking right mouse button produces popup menu with current active tasks. You can choose any task and click "Ok" to terminate it. Use CTRL+ALT+DEL instead33http://www.delphi32.com/vcl/4248/0
1 7prktect1 11prktect.exe1 00229Prutect malware from e2Give - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth!75http://securityresponse.symantec.com/avcenter/venc/data/spyware.e2give.html0
1 7prltect1 11prltect.exe1 00229Prutect malware from e2Give - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth!75http://securityresponse.symantec.com/avcenter/venc/data/spyware.e2give.html0
1 8Premeter1 8prmt.exe1 00409NetRatings software by Opistat . "OpiStat measures Internet usage anonymously and surveys participants according to their profiles and online habits". This software has been reported to get downloaded and installed automatically after a Grokster install. It anonymously collects your use of the Internet protocols (sites visited, Web pages, advertisements seen, electronic commerce, streaming). To be avoided!36http://www.opistat.com/mp/index.html0
1 4prmt1 8prmt.exe1 00418NetRatings software by Opistat. "OpiStat measures Internet usage anonymously and surveys participants according to their profiles and online habits". This software has been reported to get downloaded and installed automatically after a Grokster install. It anonymously collects your use of the Internet protocols (sites visited, Web pages, advertisements seen, electronic commerce, streaming). To be avoided!36http://www.opistat.com/mp/index.html0
1 7prmtect1 11prmtect.exe1 00229Prutect malware from e2Give - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prxtect.exe, prdtect.exe and so forth!75http://securityresponse.symantec.com/avcenter/venc/data/spyware.e2give.html0
317PrnSys Executable1 10PrnSys.exe1 00115Print screen utility bundled with some HP printer software - not required, but your choice if you like that feature 01
0 6ProArt1 10ProArt.exe1 00 2?? 01
1 8Sysctrls1 11procdll.exe1 00 32Added by the WEEDBOTZ.14 TROJAN!92http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_WEEDBOTZ.14&VSect=T0
0 9SystemReg1 10PROCES.EXE1 00 2?? 01
111process.exe1 11process.exe1 00 59Added by Troj/Banker-JJ Found in the %WINDOWS%\ directory 01
315ProcessGovernor1 19processgovernor.exe1 00255Process Supervisor "is a technology designed to automatically configure and manage processes on one or more computers for the goal of maintaining system stability and responsiveness, restricting executables from running, and logging of program executions"43http://www.collakesoftware.com/prosuper.htm0
320ProcessSupervisorGUI1 21ProcessSupervisor.exe1 00255Process Supervisor "is a technology designed to automatically configure and manage processes on one or more computers for the goal of maintaining system stability and responsiveness, restricting executables from running, and logging of program executions"43http://www.collakesoftware.com/prosuper.htm0
423!1_ProcessGuard_Startup1 13procguard.exe1 00162DiamondCS ProcessGuard security software - stops malicious worms and trojans from being executed silently in the background, as well as a variety of other attacks41http://www.diamondcs.com.au/processguard/0
1 7procmon1 11procmon.exe1 00 31Added by the BIONET.40A TROJAN!80http://securityresponse.symantec.com/avcenter/venc/data/backdoor.bionet.40a.html0
0 8mmusrstp1 11procrun.exe1 00 2?? 01
216ProdikeysAutorun1 12Prodload.exe1 00437Creative Prodikeys software. "an interactive music entertainment device which not only functions as a full-featured, ergonomic ôQWERTYö keyboard but also comes equipped with 37 touch-sensitive music keys and accessible music controls for endless entertainment at your desktop. Coupled with the Sound Blaster audio card, you can explore a wide array of realistic instrument sounds and have non-stop fun making music right at your desktop"44http://www.prodikeys.com/products/prodikeys/0
2 6ProDsl1 10ProDsl.exe1 00 75Intel Pro/DSL 2100 modem connection manager. Available via Start - Programs 01
1 7Profile1 11Profile.vbs1 00 42Added by the WHITEHO VIRUS or TRAPPY WORM!42http://vil.nai.com/vil/content/v_99145.htm0
2 8Profiler1 12Profiler.exe1 00133Enables the "Profiler" to be launched from a System Tray icon for Saitek's game controllers. Available via Start - Programs22http://www.saitek.com/0
112Program File1 11Progmon.exe1 00 27Added by the PEEPER TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/backdoor.peeper.html0
212projselector1 16projselector.exe1 00 48Roxio Project Selector - can be started manually 01
222Intel PROSet Tray Icon1 10promon.exe1 00 96System Tray icon for Intel PRO series ethernet adapters giving access to the diagnostic features 01
210Promon.exe1 10promon.exe1 00 96System Tray icon for Intel PRO series ethernet adapters giving access to the diagnostic features 01
212PRONoMgr.exe1 12PRONoMgr.exe1 00 96System Tray icon for Intel PRO series ethernet adapters giving access to the diagnostic features 01
313PRONoMgrWired1 12PRONoMgr.exe1 00 37IntelÆs Pro 100 Ethernet card manager 01
318Propel Accelerator1 12PropelAC.exe1 00 27Propel Internet Accelerator22http://www.propel.com/0
315ProPort Startup1 11ProPort.exe1 00164Proport is a port monitor/protector. Monitors an infinite amount of ports for trojans and nukes. Some additional features are auto connection-kill, and IP resolving31http://www.tdupage.com/main.htm0
110Protection1 14Protection.exe1 00 30Added by the FEBELNECK-A WORM!59http://www.sophos.com/virusinfo/analyses/w32febelnecka.html0
2 3HPU1 17ProvenTactics.exe1 00 34Proven Internet Marketing software29http://www.proventactics.com/0
116Microsoft Update1 13prowind32.exe1 00 45Added by a variant of the AGOBOT/GAOBOT WORM!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN0
112msconfig.exe1 9proxy.exe1 00 53Added by a variant of the AGENT.AH downloader TROJAN! 01
110DevicePath1 13Proyecto1.exe1 00 24Added by the GRUEL WORM!73http://securityresponse.symantec.com/avcenter/venc/data/w32.gruel@mm.html0
1 9MediaPath1 13Proyecto1.exe1 00 24Added by the GRUEL WORM!73http://securityresponse.symantec.com/avcenter/venc/data/w32.gruel@mm.html0
112Rundll32.exe1 13Proyecto1.exe1 00 24Added by the GRUEL WORM!73http://securityresponse.symantec.com/avcenter/venc/data/w32.gruel@mm.html0
311PRPCMonitor1 10PRPCUI.exe1 00226Intel« SpeedStepÖ interface. This automatically detects whether a mobile PC is using battery or AC power. When using battery power, SpeedStep scales the processor clock frequency and voltage to reduce the power it needs by 40% 01
1 7prrtect1 11prrtect.exe1 00229Prutect malware from e2Give - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth!75http://securityresponse.symantec.com/avcenter/venc/data/spyware.e2give.html0
1 7prstect1 11prstect.exe1 00229Prutect malware from e2Give - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth!75http://securityresponse.symantec.com/avcenter/venc/data/spyware.e2give.html0
214Printscreen 951 12PRT95MIN.EXE1 00 69Printscreen 95 - utility to capture, print or save the current window29http://www.printscreen95.com/0
1 6prtcct1 10prtcct.exe1 00229Prutect malware from e2Give - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth!75http://securityresponse.symantec.com/avcenter/venc/data/spyware.e2give.html0
013Clotusorgreg01 23prtStart.exe Orgprt.exe2 00 82Lotus SmartSuite related. In a LotusOrgReg folder. Unclear what exactly it does?74http://www.lotus.com/products/smrtsuite.nsf/wPages/smartsuite?OpenDocument0
1 7prttect1 11prttect.exe1 00229Prutect malware from e2Give - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prxtect.exe, prdtect.exe and so forth!75http://securityresponse.symantec.com/avcenter/venc/data/spyware.e2give.html0
1 7prutcct1 11prutcct.exe1 00229Prutect malware from e2Give - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth!75http://securityresponse.symantec.com/avcenter/venc/data/spyware.e2give.html0
1 7prutdct1 11prutdct.exe1 00229Prutect malware from e2Give - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth!75http://securityresponse.symantec.com/avcenter/venc/data/spyware.e2give.html0
1 7prutgct1 11prutgct.exe1 00229Prutect malware from e2Give - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth!75http://securityresponse.symantec.com/avcenter/venc/data/spyware.e2give.html0
1 7pruthct1 11pruthct.exe1 00229Prutect malware from e2Give - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth!75http://securityresponse.symantec.com/avcenter/venc/data/spyware.e2give.html0
1 7prutict1 11prutict.exe1 00229Prutect malware from e2Give - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth!75http://securityresponse.symantec.com/avcenter/venc/data/spyware.e2give.html0
1 7prvtect1 11prvtect.exe1 00229Prutect malware from e2Give - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prdtect.exe, prmtect.exe and so forth!75http://securityresponse.symantec.com/avcenter/venc/data/spyware.e2give.html0
1 7prxtect1 11prxtect.exe1 00229Prutect malware from e2Give - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prdtect.exe, prmtect.exe and so forth!75http://securityresponse.symantec.com/avcenter/venc/data/spyware.e2give.html0
3 3PS21 7ps2.exe1 00129Multimedia Keyboard companion on HP computers. If this is prevented from starting, then some keyboard functionality will be lost. 01
114PrivacyScanner1 9pscan.exe1 00200Privacy Champion, a stealth installed 'Privacy Scanner'. It purportedly scans your PC for links to porn websites, and then offers to "clean" them. Produces loads of False Positives as goad to purchase 01
227PSIWin2.3 Connection Server1 11Psconsv.exe1 00114Allows connectivity between a PC and a Psion device. Access can be gained from the Desktop or Start -> Programs 01
219Print Screen Deluxe1 12psdeluxe.exe1 00114Utility allows "Print Scrn" or "Print Screen" key to capture, print or save the current window 01
419PinnacleDriverCheck1 14PSDrvCheck.exe1 00177Part of Pinnacle Systems InstantCD/DVD and InstantCopy CD/DVD copying software that verifies drive settings. Once loaded it doesn't use any resources so you can leave it enabled27http://www.pinnaclesys.com/0
410PSDrvCheck1 14PSDrvCheck.exe1 00177Part of Pinnacle Systems InstantCD/DVD and InstantCopy CD/DVD copying software that verifies drive settings. Once loaded it doesn't use any resources so you can leave it enabled27http://www.pinnaclesys.com/0
312PractiSearch1 11PSearch.exe1 00 32PractiSearch web search software28http://www.practisearch.com/0
0 8Peeramid1 12PService.exe1 00 42In a "Koptimizer" folder in Program Files. 01
111Xecuter.bat1 10psexec.bat1 00 25Added by the BOOHOO WORM!76http://securityresponse.symantec.com/avcenter/venc/data/bat.boohoo.worm.html0
3 6PSFree1 10PSFree.exe1 00315Pop-Up Stopper Free from Panicware. Pop-up blocker integrated into the IE toolbar. Note that the Pro version doesn't load in startup as it is installed as an Internet Explorer toolbar. Can cause problems with IE if you use WinXP and uninstall Service Pack 1. Uninstalling the software leaves it in the startup group44http://www.panicware.com/product_psfree.html0
3 8PsMFCard1 12PsMFCard.exe1 00359Component of the Toshiba Controls. Provides power-saving functions for the PCMCIA slots. Through the Power Save Mode Properties dialogue, the user can select from 3 PCMCIA power options - On, Auto1 and Auto2. Disabling this item has no adverse effects, except disabling the ability to reduce power consumption by powering-down the PCMCIA slots when not in use 01
219Post-It(r) Software1 11Psnotes.exe1 00 73Pop-up "yellow" notes on screen. Available via Start - Programs 01
4 8PSNotify1 12psnotify.exe1 00161Pharos SignUp Vx - "PC reservation and management application that addresses the PC scheduling needs of public libraries and higher education labs and libraries"41http://www.pharos.com/Products/SignUp.asp0
4 8PsPCCard1 12PsPCCard.EXE1 00242Background Power Saving task found on Toshiba laptops and which handles turning Power Saving ON and OFF on any inserted PC Card (PCMCIA card). Only ever disable if you do not use any power saving or hibernation settings (ie: they are all OFF) 01
3 8PspContr1 12pspcontr.exe1 00201Driver/controller for the Philips SpeechMike 6174. As the Philips FreeSpeech application is no longer supported it can be disabled but the Mike can still be used for certain functions using this driver 01
3 7PsSound1 11PsSound.exe1 00118On a Toshiba laptop. Operates your sound in one of 4 modes, off, on , on only with powerr, same as #3 but longer delay 01
012AutoShutdown1 9pssvc.exe1 00 81Utility to fix vCard Export in MS Outlook 2000 - although why are these together? 01
0 7PSTORES1 11PSTORES.EXE1 00 43Part of Windows Services Protected Storage? 01
210PowerStrip1 10PSTRIP.EXE1 00 95PowerStrip is a Video Mode Editor to allow special Refresh Rates and Tweaking of Video Settings34http://www.entechtaiwan.com/ps.htm0
310Powertweak1 7PT2.EXE1 00330"Powertweak is designed to configure your system in the best way. A processor, the core of the system, or a chipset (a set of components that manage the data flows between the different parts of the system) can be configured." This item is added to startup if 'Use predefined settings' is enabled in the programs options26http://www.powertweak.com/0
116Parallel Tasking1 9ptask.exe1 00101Added by unidentified adware - recognized by Kaspersky antivirus as Trojan-Downloader.Win32.Small.adg36http://www.kaspersky.com/personalpro0
310Powertweak1 10PTCTRL.EXE1 00332"Powertweak is designed to configure your system in the best way. A processor, the core of the system, or a chipset (a set of components that manage the data flows between the different parts of the system) can be configured." This item is added to startup if 'Configure system at logon' is enabled in the programs options26http://www.powertweak.com/0
2 4ptfb1 8ptfb.exe1 00164Push the Freakin' Button - "When a dialog causes irritation, you simply tell PTFB which button should be pressed, and it will handle the dialog in future"41http://www.bobos.demon.co.uk/par/PTFB.htm0
224Push The Freakin' Button1 8ptfb.exe1 00164Push the Freakin' Button - "When a dialog causes irritation, you simply tell PTFB which button should be pressed, and it will handle the dialog in future"41http://www.bobos.demon.co.uk/par/PTFB.htm0
1 4run=1 10ptlseq.cpl1 00 32PhoenixNet BIOS adware. See here31http://www.cexx.org/phoenix.htm0
116Personal Firwall1 12ptmedsrv.exe1 00 27Added by the SDBOT.XY WORM!90http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_SDBOT.XY0
3 7ptrun321 11ptrun32.exe1 00 20Parent Tools for AIM28http://www.parent-tools.com/0
231Kodak Picture Transfer Software1 7pts.exe1 00 89Looks for Kodak camera connection and media insertion. Available via Start -> Programs 01
2 7Ptsnoop1 11Ptsnoop.exe1 00983These descriptions I've come across - all valid as far as I can see :- (1) Program installed with some modems that monitors the COM ports for the modem driver. Not required from what I've read - may need a registry edit to get rid of it (2) Backdoor trojan virus that copies itself as PTSNOOP.EXE -see here for more info(3) Apparently the people who put it out claim it's a driver for a Voice modems (don't know who they are though - Ed) Note: If using AOL and you disable this you may lose your connection or lock up (4) Can also be an older Logitech scanner program. Remove from the Win.ini tab under Load='path'PTSNOOP and the System.ini tab under drivers='path'ptrtkr.drb. Can cause parallel port conflicts big time dragging system resources way down when a conflict exists (5) Allows audio monitoring of modem phone dialling tones and can be useful if you have connection problems (6) Karen Kenworthy's Snooper - "logs the start and stop time of all programs run under Windows"45http://www.f-secure.com/v-descs/ptsnoop.shtml0
320PowerTools Tray Icon1 10pttray.exe1 00 27PowerTools - add-on for AOL43http://www.bpssoft.com/PowerTools/index.htm0
3 6pttrun1 10pttrun.exe1 00109Transmeta Crusoe processor related. Reduces application launch times and makes the computer "more responsive" 01
2 8PtUDFApp1 12PtUDFApp.exe1 00240Sony abCD program, included on the CD Xtreme install CD, used to format CD-RWs for packet writing (similar to DirectCD). Available via Start - Programs. Note that you must add a /T switch to the command line to get it to load to the taskbar 01
3 5mspwr1 12pupstman.exe1 00122"Transparent icon background" feature of Ashampoo's PowerUp XP (WinNT/2K/XP) and PowerUp Deluxe (Win98/Me) 71http://www.ashampoo.com/frontend/products/php/product.php?idstring=01050
312PwrupTweakMe1 12PUPXPTWK.EXE1 00350"Ashampoo PowerUp XP is a convenient tool for fine-tuning your Windows« NT4, 2000 and XP configuration to suit your precise needs and wishes. It gives you direct access to many frequently-required settings and parameters, enabling you to make your operating system behave the way you want." Boot-up options won't work if disabled 71http://www.ashampoo.com/frontend/products/php/product.php?idstring=01050
3 9Purgative1 16PURGATIVE100.EXE1 00 89AIM (AOL Instant Messenger) Ad Remover Using Active Memory Edits instead of a patch/crack 01
2 8PUSH65991 12PUSH6599.EXE1 00119Scan button monitor for Relysis Episode MF6599 USB scanner as you can start scanning manually via the scanning software 01
1 6PutAS!1 10PutA!!.com1 00 28Added by the OPASERV.Z WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.Z0
1 6PutA!!1 10PutA!!.exe1 00 28Added by the OPASERV.L WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.L0
2 3PVR1 7PVR.exe1 00132Pocket Voice Recorder - freeware sound recorder that records from microphone and any other input line available with your sound card26http://www.xemico.com/pvr/0
214DocuMagix Init1 10PWATCH.EXE1 00166PaperMaster is an application for the PC designed to automate the process of organizing, archiving, and retrieving digital versions of files. Start manually if needed25http://www.documagix.com/0
1 8pm32ctrl1 13pwr32crtl.exe1 00 30Added by the CRYPTER.A TROJAN!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A0
1 8Pwr32ctr1 12Pwr32ctr.exe1 00 25Added by the GEMA TROJAN!72http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html0
1 9Pwr32ctrl1 13Pwr32ctrl.exe1 00 25Added by the GEMA TROJAN!72http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html0
1 8Pwr32mgt1 12Pwr32mgt.exe1 00 25Added by the GEMA TROJAN!72http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html0
410PowerChute1 12Pwrchute.exe1 00389"During a power outage, if you're not available to save your files & close down Windows....PowerChute will do that for you. PowerChute will save your application files, close your applications and shut down your computer just like you would...otherwise, the APC UPS (Uninterruptible Power Supply) unit would go to battery until it wore down, then your computer would shutoff" 01
1 6Pwroff1 10Pwroff.exe1 00 25Added by the GEMA TROJAN!72http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html0
3 7Pwrsave1 11Pwrsave.exe1 00102Toshiba Power Saver utilities. Required on a laptop if you run of a battery and want to conserve power 01
3 8PWS Tray1 11PwsTray.exe1 00219Microsoft's Personal Web Server, an application which allows PCs to behave as web servers (allows you to test your .asp pages on your own PC without having to load them onto the internet). Available via Start - Programs 01
216DXM6Patch_9811161 12p_981116.exe1 00 44Win32 cabinet self extractor. More info here149http://groups.google.com/groups?hl=en&threadm=OpHhSjpd%24GA.249%40cppssbbsa04&rnum=18&prev=/groups%3Fq%3DP_981116.exe%26hl%3Den%26start%3D10%26sa%3DN0
2 8p_9811161 12p_981116.exe1 00 44Win32 cabinet self extractor. More info here149http://groups.google.com/groups?hl=en&threadm=OpHhSjpd%24GA.249%40cppssbbsa04&rnum=18&prev=/groups%3Fq%3DP_981116.exe%26hl%3Den%26start%3D10%26sa%3DN0
111popuppers641 11random name2 00 23Added by Troj/LowZone-P 01
2 6QAGENT1 10qagent.exe1 00320Quicken program is controlled by a separate utility program called the Quicken Download Manager (also known as Qagent). When Quicken Download Manager option is enabled, background downloading takes advantage of unused bandwidth to download current financial information anytime your computer is connected to the Internet 01
114qappsrvc32.exe1 14qappsrvc32.exe1 00 98Added by a Proxy Trojan variant - identified by Kaspersky antivirus as Trojan-Proxy.Win32.Webber.m46http://www.f-secure.com/v-descs/trojprox.shtml0
225QuickBooks Delivery Agent1 12QBDAGENT.EXE1 00 78As far QAGENT but for QuickBooks. Can also have the version number in the name 01
0 7qBrowse1 11qbrowse.exe1 00 2?? 01
223Quickbooks Update Agent1 12qbupdate.exe1 00189Associated with Intuit's Quickbooks but not required. Possibly to do with the payroll update service but you're prompted to check for updates when appropriate whether this is running or not 01
3 6QCTRAY1 10Qctray.exe1 00213System Tray icon providing access to the "IBM Access Connections" wizard on ThinkPad laptops and also allows to change the network environment. Not the same as QCWLIcon, which is pertinent only to the Wireless LAN 01
3 8QCWLICON1 12Qcwlicon.exe1 00173Used by IBM Thinkpad laptops with built-in wireless card (802.11). System Tray icon that provides a shortcut to "Wireless Connection Status" and allows to turn WL on and off 01
214QD FastAndSafe1 10QDCSFS.exe1 00182Automatically runs Fast & Safe clean-up from Norton/Quarterdeck Cleansweep. Deletes safe to remove files such as Temporary Internet Files (cache). Recommended you run it manually 01
3 3QDM1 12QdmStart.exe1 00227QDM (QDI Desktop Manager) - part of QDI ManageEasy for QDI's series of motherboards for monitoring PSU, temperatures, BIOS information, etc. Only required if you overclock system components and need to monitor temperatures, etc 01
3 8QDMStart1 12QdmStart.exe1 00227QDM (QDI Desktop Manager) - part of QDI ManageEasy for QDI's series of motherboards for monitoring PSU, temperatures, BIOS information, etc. Only required if you overclock system components and need to monitor temperatures, etc 01
0 6Qexplo1 10Qexplo.exe1 00 2?? 01
221QuickFinder Scheduler1 13QFSCHD100.exe1 00156Used in Corel 2002 & Corel Suite 7 - finds files faster by indexing your files (similar to Microsoft's Find Fast or Fast Search for its Office products) 01
221QuickFinder Scheduler1 11QFSched.exe1 00156Used in Corel 2002 & Corel Suite 7 - finds files faster by indexing your files (similar to Microsoft's Find Fast or Fast Search for its Office products) 01
213Quicklink III1 6QL.EXE1 00219HP fax program and only needs to be in the start-up group if you allow your phone to automatically answer your phone in fax mode, that is, to receive faxes after a certain number of rings. Available via Start - Programs 01
2 6QNPlus1 10QNPlus.exe1 00 52Quick Notes Plus by Conceptworld - sticky notes tool35http://www.conceptworld.com/qnp.asp0
3 9Qoeloader1 13Qoeloader.exe1 00141Qurb 2.0 anti-spam tool for Outlook/Outlook Express. Required when supporting OE but not for Outlook. Shortcut available via Start - Programs20http://www.qurb.com/0
014Smarthruengine1 6QS.exe1 00 37Unknown but disabled without problems 01
2 9QSort20001 9QSORT.EXE1 00172Utility that sorts your Start menu and Favourites in alphanumerical order. Not required - at any time you can right-click on these lists and choose "Sort by Name" 01
1 6zcproo1 12qssstiej.exe1 00103Possible homepage hijacker installing a toolbar: http://tdko.com/ ,Lop.com in disguise. see this thread93http://www.lavasoft.nu/cgi-bin/forums/ikonboard.cgi?s=3d69d34f399dffff;act=ST;f=14;t=304;st=00
312QTaskStartup1 9qtask.exe1 00194Feature of Quicken.com Brokerage to customize and display Desktop Alerts and icon. It is not required for the Quicken Program to run correctly, it is only required for the Desktop Alerts feature79http://www.quicken.com/support/investments/email/help/?desktop.q.howdoi&pop0
0 7QUBCity1 7qtp.exe1 00 2?? 01
210QTSTUB.EXE1 10Qtstub.exe1 00119Part of an old version of the Quick Tax application. It enables Quick Tax Calendar Popup to show tax calendar reminders 01
2 6qttask1 10Qttask.exe1 00 82System Tray access to Apple's "Quick Time" viewer from version 5 onwards 01
214QuickTime Task1 10Qttask.exe1 00 82System Tray access to Apple's "Quick Time" viewer from version 5 onwards 01
3 8LManager1 12QtZgAcer.EXE1 00165Acer Launch Manager - on Acer laptops it allows users to configure shortcut keys and to set the operating state of the WLAN module and the (optional) Bluetooth radio 01
3 8LManager1 12QtZpAcer.exe1 00165Acer Launch Manager - on Acer laptops it allows users to configure shortcut keys and to set the operating state of the WLAN module and the (optional) Bluetooth radio 01
118auto repair system1 12qualityx.exe1 00 67Added by an unidentified WORM or TROJAN - probably a SPYBOT variant76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
114service updaer1 12qualityz.exe1 00 75Added by an unidentified VIRUS, WORM or TROJAN! - probably a SPYBOT variant76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
0 8Queensla1 12Queensla.exe1 00 2?? 01
4 5Start1 11Quick95.exe1 00 91For a Nisis G6 USB Graphics Tablet. Re-enables itself if disabled therefore best left alone31http://www.nisis.com/index.html0
311QuickCamPro1 15QuickCamPro.exe1 00124System Tray for Picture Capture utility that can run unattended. Pictures every 30 seconds for example, auto FTP Upload, etc 01
313Exif Launcher1 12QuickDCF.exe1 00116USB mass storage driver used by some digital cameras such as the Fuji Finepix. Only required if you use it regularly 01
413QuickLaunchEr1 17QuickLaunchEr.Exe1 00 85QuickLaunchEr - allows you to quickly launch programs from an icon in the system tray42http://www.rikster.co.uk/QuickLauncher.htm0
219PhotoWise QuickLink1 12quicklnk.exe1 00277Agfa PhotoWise - "PhotoWise QuickLinkTM lets you drag and drop photos right from the camera into your document (applications must be OLE-compliant). Use PhotoWise to print contact sheets and photographic prints. Create slide shows, screen savers, wallpaper and more." 01
2 8QuickRes1 12QUICKRES.EXE1 00214Utility to quickly change desktop resolution - left over from Win95 Power Toys. In Win98 and above incorporated via Control Panel -> Display. Not required unless you have to change resolutions on a regular basis 01
2 8quickset1 12quickset.exe1 00 57Dell taskbar icon allowing you to quickly change settings 01
016Iomega QuickSync1 13Quicksync.exe1 00 2?? 01
216OpenOffice.org x1 12QUICKS~1.EXE1 00368Displays OpenOffice quick start applet in System tray. Right clicking on the icon allows rapid starting up of components of the OpenOffice suite. Available via Start -> Programs. Will automatically be started when any OpenOffice component is started from Start -> Programs. A resource hog (takes > 16 MB of memory). "x" represents the version number26http://www.openoffice.org/0
113QuicktimeMngr1 17QUICKTIMEMNGR.EXE1 00 29Added by the WOOTBOT.AW WORM!92http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?VName=WORM_WOOTBOT.AW0
229QuickTime Update Completion x1 25quicktimeupdatehelper.exe1 00111Different numbers caused by number of launches. So if 3 updates are made separately, 3 would appear (in theory) 01
3 7QuickTV1 11QuickTV.exe1 00141Infra-red remote control driver for the AVerTV Studio TV tuner/personal video recoder from AVerMedia. Required if you use the remote control56http://www.aver.com/products/tvtuner_AVerTV_studio.shtml0
2 8QuikSync1 12QUIKSYNC.EXE1 00 53Used by Iomega drives. Available via Start - Programs 01
211QuitCounter1 15QuitCounter.exe1 00226QuitCounter is program to help you stop smoking. It is not necessary to run and you can start it when you like to see information about your progess. It is typically located in C:\Program Files\Quit Counter\QuitCounter.exe.30http://www.xarka.com/freeware/0
019AntiVirusProtection1 8qumk.exe1 00 2?? 01
214Quick Shelf xx1 13qushelfxx.exe1 00149Places an icon in the system tray for launching MS Bookshelf. Available via Start - Programs"xx" represents the version number - ie, 98, 99 01
215Quick View Plus1 9QVP32.EXE1 00 96Quick View Plus from Inso Corporation. Multiple file type viewer. Available via Start - Programs 01
215Quicken Startup1 10QWDLLS.EXE1 00 38Quicken option to load DLLs at startup 01
0 6QWERTY1 10qwerty.exe1 00 37Possibly adult content related adware 01
314Fellowes Proxy1 11R3proxy.exe1 00173Installed with Fellowes EasyPoint mouse software. Not necessary for normal functioning of Fellowes mice but it is necessary to use the extended features of all Fellowes mice 01
2 9RadarSync1 13RadarSync.exe1 00139Radarsync utility comes from DFI with their latest motherboards, e.g., DFI LanParty Ultra - checks for BIOS and driver updates periodically 01
3 7RadBoot1 11RadBoot.exe1 00110RadLinker - tweaker/linker for ATI Radeon based graphics cards. It allows you easy access to per game settings 01
4 8RadClock1 12RadClock.exe1 00 81Manages Radeon clock rate at system boot. Found in %windir%\system32\RadClock.exe 01
3 8RadioSvr1 12RadioSvr.EXE1 00118Used to configure wire less networks. Windows automatically detects the Wireless network and it configures the network 01
318OrigRage128Tweaker1 16RAGE128TWEAK.EXE1 00 84Third party tweaker for ATI Rage 128 Video cards from http://www.rageunderground.com30http://www.rageunderground.com0
3 7RAMASST1 11RAMASST.exe1 00290Optionally installed with some DVD drives (LG, Panasonic, etc). Disables Windows XP's CD-burning abilities because they cause some incompatibilities. It does not affect your ability to burn CDs. If you do not have this program running, you may have some compatibility issues with burnt DVDs 01
3 6RAMDef1 10ramdef.exe1 00195Ram Def Xtreme - monitors and defragments your system RAM to improve reliability and speed. Some users swear by programs such as this but I suggest you read this article and make up your own mind35http://vstef.softnews.ro/ramdef.php0
3 7RamIdle1 11ramidle.exe1 00441RAM Idle - "A smart memory management program that will keep your computer running better, faster, and longer. RAM Idle works by freeing up physical RAM wasted by Windows and other applications. In addition, RAM Idle also includes Cache and startup manager program that will give you more power to optimize your Windows." Some users swear by programs such as this but I suggest you read this article and make up your own mind35http://www.tweaknow.com/ramidl.html0
3 7RAMpage1 11RAMpage.exe1 00317Small Windows utility that displays the amount of available memory in an icon in the System Tray. It can also free memory by double clicking the tray icon, or by setting a threshold that activates the program automatically, or by having it run automatically when an application exits. RAMpage is free, and open source 01
3 4run=1 10ramsys.exe1 00 38Advanced Startup Manager from Rays Lab59http://www.rayslab.com/startup_manager/startup_manager.html0
4 6RapApp1 10RAPAPP.EXE1 00196Application protection component of BlackICE PC Protection (was Defender) firewall, informing you of any modifications to programs, files or folders and detecting unknown programs trying to launch49http://blackice.iss.net/product_pc_protection.php0
117Microsoft DirectX1 11rasmngr.exe1 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
136RasCon Remote Access Service Manager1 11rasmngr.exe1 00 28Added by the SPYBOT.EM WORM!86http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.EM&VSect=T0
411RemoteAgent1 12RAUAgent.exe1 00226Trend Micro's Office Scan Client, see here - "Its Web-based management console gives administrators transparent access to desktop and mobile clients to coordinate automatic deployment of security policies and software updates"42http://www.trendmicro-europe.com/relax/uk/0
114RAVEN_VLZS.EXE1 14RAVEN_VLZS.EXE1 00 74Another eAcceleration program - spyware. Read their privacy statement here37http://www.eacceleration.com/privacy/0
1 4run=1 11RAVMOND.exe1 00 39Added by a variant of the LOVGATE WORM!80http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.lovgate@mm.html0
111RamBooster21 6rb.exe1 00 25Added by the AKAK TROJAN!74http://securityresponse.symantec.com/avcenter/venc/data/backdoor.akak.html0
112RapidBlaster1 8rb32.exe1 00 61Homepage hijacker (adult content) - see this newsgroup thread122http://groups.google.com/groups?q=rapidblaster&hl=en&lr=&ie=UTF-8&selm=oE7V8.8636%24Bd2.7643%40nwrddc01.gnilink.net&rnum=20
111rb32 lptt011 8rb32.exe1 00192Variant of the RapidBlaster parasite (in a "RapidBlaster" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here49http://www.doxdesk.com/parasite/RapidBlaster.html0
111rb32 ml097e1 8rb32.exe1 00192Variant of the RapidBlaster parasite (in a "RapidBlaster" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here49http://www.doxdesk.com/parasite/RapidBlaster.html0
112rbenh ml***e1 9rbenh.exe1 00224Variant of the RapidBlaster parasite (in a "RBEnhance" folder in Program Files) where *** represents random digits. It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here49http://www.doxdesk.com/parasite/RapidBlaster.html0
1 9WinUpdate1 12RBSKQQBO.EXE1 00 28Added by the VBSWG2B.A WORM!77http://securityresponse.symantec.com/avcenter/venc/data/vbs.vbswg2b.a@mm.html0
411ElsaCapiCtl1 9Rcapi.exe1 00231Assumed to stand for Remote Common Application Programming Interface (RCAPI), this was installed with an Elsa Microlink ISDN modem. If it is not there you can not bring up the dialog box which is sometimes needed to reset the modem 01
0 4Soot1 8rcea.exe1 00 2?? 01
316Ring Central Fax1 14rcenterrll.exe1 00 58Only needed if you want a PC to answer faxes automatically 01
110Rcf Driver1 7rcf.exe1 00 29Added by the RANDEX.BLD WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.bld.html0
1 7.norton1 10rchost.exe1 00 41Added by a variant of the BOXED-A TROJAN!56http://www.sophos.com/virusinfo/analyses/trojboxeda.html0
312RemoteCenter1 9RcMan.exe1 00110Remote control for Creative MediaSource - plays back music in DVD-Audio, MP3, WMA, WAV and other media formats40http://www.soundblaster.com/mediasource/0
315RCScheduleCheck1 11RCSCHED.EXE1 00168Scheduler for VCOM's Recovery Commander - which "can restore your non-booting system back to normal. It only takes a few minutes to get your system back up and running"57http://www.v-com.com/product/Recovery_Commander_Home.html0
1 6RCSync1 10RCSync.exe1 00180PrizeSurfer related. "PrizeSurfer is the free software that automatically enters you to win cash and prizes just for surfing the web and shopping online!" Stealth installed malware 01
3 8RDClient1 12RDCLIENT.EXE1 00166Remote Disconnection Utility from Twiga. Used for connecting and disconnecting dial up connections on a network - only needed if there is a shared internet connection31http://www.twiga.ltd.uk/rdu.asp0
110RealP1ayer1 14rea1p1ayer.exe1 00113Added by the Trojan.Rplay.A Trojan! Files are located in the C: drive or in the folder where the trojan was run.75http://www.sarc.com/avcenter/venc/data/trojan.rplay.a.html#technicaldetails0
225Adobe Reader Speed Launch1 13reader_sl.exe1 00133Speeds up the time it takes to load the Adobe Reader application. Your choice, but not required for Adobe Reader to function properly53http://www.adobe.com/products/acrobat/readermain.html0
110gouday.exe1 10readme.exe1 00 27Added by the BEAGLE.C WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.c@mm.html0
120Real Internet Player1 12Reaiplay.exe1 00 38Added by a variant of the SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
1 9Real-Tens1 13Real-Tens.exe1 00 37DownloadWare based advetising spyware49http://www.doxdesk.com/parasite/DownloadWare.html0
1 4run=1 8real.exe1 00 39Added by a variant of the LOVGATE WORM!80http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.lovgate@mm.html0
1 9RealAudio1 13RealAudio.exe1 00 98Added by the CEEGAR TROJAN! Note - this is not associated with the popular RealPlayer media player74http://securityresponse.symantec.com/avcenter/venc/data/trojan.ceegar.html0
416Realtime Monitor1 11realmon.exe1 00103Realtime scanner part of eTrust Antivirus/InoculateIT version 6 virus scanners from Computer Associates96http://www1.my-etrust.com/?CFID=6909348&CFTOKEN=43ce20d-0001f1aa-f6e5-1d77-be1e-2f0eac14303f0
110RealP1ayer1 14realp1ayer.exe1 00113Added by the Trojan.Rplay.A Trojan! Files are located in the C: drive or in the folder where the trojan was run.75http://www.sarc.com/avcenter/venc/data/trojan.rplay.a.html#technicaldetails0
212RealDownload1 12RealPlay.exe1 00 52Download manager. Available via Start -> Programs 01
115realplay lptt011 12realplay.exe1 00259Variant of the RapidBlaster parasite (in a "RealPlay" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here. Note - this is not RealPlayer which can have the same executable name49http://www.doxdesk.com/parasite/RapidBlaster.html0
115realplay ml097e1 12realplay.exe1 00259Variant of the RapidBlaster parasite (in a "RealPlay" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here. Note - this is not RealPlayer which can have the same executable name49http://www.doxdesk.com/parasite/RapidBlaster.html0
114Realplayer One1 12realplay.exe1 00 26Added by the RBOT-NK WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotnk.html0
2 8RealTray1 12RealPlay.exe1 00230System Tray icon for RealPlayer. If you subsequently start RealPlayer manually it adds itself back to the start-up list. You can stop this from happening by right-clicking on the tray icon and disabling StartCenter via Preferences 01
0 9Realpopup1 13Realpopup.exe1 00131RealPopup - "Replaces old winpopup with a full featured freeware tool which remains stable and simple as its predecessor"24http://www.realpopup.it/0
2 9Realsched1 13realsched.exe1 00292Application Scheduler installed along with RealOne Player. Runs independently of RealOne Player, to remind AutoUpdate and Message Center to perform their tasks at pre-scheduled intervals. If it can't be disabled try deleting or renaming realsched.exe and then delete the entry in the registry20http://www.real.com/0
210TkBell.Exe1 13realsched.exe1 00189Application Scheduler installed along with RealOne Player. Once installed, it runs independently of RealOne Player. Not required - see here for more information, including how to disable it20http://www.real.com/0
2 9TkBellExe1 13realsched.exe1 00189Application Scheduler installed along with RealOne Player. Once installed, it runs independently of RealOne Player. Not required - see here for more information, including how to disable it20http://www.real.com/0
1 7WinHelp1 13realsched.exe1 00133Added by a variant of the LOVGATE WORM! Note - this is not the legitimate RealOne Player (realsched.exe) application of the same name80http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.lovgate@mm.html0
211PCDRealtime1 12realtime.exe1 00224Apparently the monitoring device for PC Doctor Online. It provides a "free" examination on system files (i.e. registry), reports the number of errors it finds, and invites you to "order" the fee-based fixes from its web site 01
014RealTimeUpdate1 18RealTimeUpdate.exe1 00 82Product description in properties is "InternetExplorerCommunicationAgent Module" ? 01
119Real player updater1 11realupd.exe1 00 27Added by the PARLAY TROJAN!43http://vil.nai.com/vil/content/v_100830.htm0
111RealUpdater1 11realupd.exe1 00 44Added by the PARLAY or MITGLIEDER.I TROJANS!43http://vil.nai.com/vil/content/v_100830.htm0
2 6Reboot1 10Reboot.exe1 00118MS-DOS/Win3.1 utility use to clean boot a system. Sometimes installed by default from some driver CDs for motherboards 01
113System Reboot1 13rebootsys.exe1 00 74Added by W32/Rbot-WU, a WORM/backdoor, found in the Windows system folder.55http://www.sophos.com/virusinfo/analyses/w32rbotwu.html0
111netservices1 10recall.exe1 00 37Added by a variant of the SDBOT WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.GEN0
4 8Recguard1 12recguard.exe1 00258On HP computers, Recguard prevents the deletion or corruption of the WinXP Recovery Partition. Without it enabled, it is possible to knock that completely out and force the customer to send the PC back to HP for a re-image, possibly at the customer's expense 01
2 8Red Flag1 11redflag.exe1 00 74PMS prediction program with modes for guys and girls - no longer available 01
1 8redirect1 13redirect*.exe1 00 72Dotcomtoolbar/Linksummary hijacker installer - where * is a random digit 01
3 7Referee1 11referee.exe1 00141MediaComm's monitor for file association changes. Stop rogue programs from screwing your settings either on installation or whenever they run23http://www.mc1soft.com/0
2 7Refresh1 11Refresh.exe1 00 60(Iomega) Refresh - loads the Iomega desktop icons at startup 01
411Refreshlock1 15Refreshlock.exe1 00 65Tool used to lock the refresh rate of your monitor in Windows XP. 01
2 4EReg1 9reg32.exe1 00186EReg is a software registration tool incorporated on products such as those by Br°derbund, Connectix, Hewlett-Packard, The Learning Company, and Sierra. Needless to say you don't need it 01
1 5Reg321 9Reg32.exe1 00 42Hijacker - redirecting to only-virgins.com 01
1 5reg321 9reg32.exe1 00 31Added by the NOUPDATE.B TROJAN!78http://securityresponse.symantec.com/avcenter/venc/data/trojan.noupdate.b.html0
212Card Monitor1 12REGCNT09.exe1 00100For the USB connection on a Panasonic PV-DV701 Digital Camcorder. Available via Start -> Programs 01
2 8SAClient1 10RegCon.exe1 00269AT&T or ComCast BBClient - monitors system and network-delivered services for availability. Your current network status is displayed on a color-coded web page in near-real time. When problems are detected, you're immediately notified by e-mail, pager, or text messaging 01
110RegCompres1 12Regcpm32.exe1 00 28Added by the POLDO.B TROJAN!75http://securityresponse.symantec.com/avcenter/venc/data/trojan.poldo.b.html0
110RegCompres1 12REGCPM32.EXE1 00176Adult content dialler - see here. This has to be cleared at the same time as MSStartOptimizer (WINUPD.EXE), atisrc2 (windfind.exe) and mmxrun (msosa.exe), otherwise they return85http://www.spywareinfo.com/forums/index.php?act=ST&f=11&t=7756&hl=&s=0
1 6Regcxn1 10Regcxn.exe1 00 29Added by the COIBOA-D TROJAN!57http://www.sophos.com/virusinfo/analyses/trojcoiboad.html0
1 1@1 20regedit -s ..win.dll2 00 29Added by the SEEKER.K TROJAN!72http://securityresponse.symantec.com/avcenter/venc/data/js.seeker.k.html0
1 3win1 20regedit -s ..win.dll2 00 29Added by the SEEKER.K TROJAN!72http://securityresponse.symantec.com/avcenter/venc/data/js.seeker.k.html0
1 3spp1 18regedit -s spp.reg2 00 82IE search hijacker - changes the default search to http://www.hotsearchbox.com/ie/ 01
2 4tour1 18regedit ..tour.reg2 00 62Edits registry values to keep the WinMe tour in Task Scheduler 01
2 8DJREGFIX1 28regedit /s c:\hpdjregfix.reg2 00285DJRegFix showed up first in WinME as a "clever" way to ensure that all Hewlett-Packard DeskJet printers actually worked with WinME - since most were having major problems. This "utility" adds the functionality and compatibility HP forgot to add in its WinME drivers 01
1 3sys1 18regedit /s sys.reg2 00 8Hijacker 01
2 8tourpath1 26regedit /s [path] tour.reg2 00 67Edits registry values to keep the Win 2000 "tour" in Task Scheduler 01
1 2sp1 21regedit-s .... sp.dll2 00153Malicious javascript annoyance that changes the default search engine in IE to one of many including "topsearcher". See here for more and a fix118http://groups.google.com/groups?q=sp.dll%2Bregedit&hl=en&rnum=3&selm=e991edcb.0110211021.67587458%40posting.google.com0
1 9NeroCheck1 11regedit.exe1 00300Added by the DOOMJUICE.B WORM! Note - this is not the valid Ahead Nero CD burning program. Also it is not the valid Windows registry editor which resides in C:\Windows or C:\Winnt wheras this version resides in C:\Windows\System (Win9x/Me), C:\Winnt\System32 (WinNT/2K) or C:\Windows\System32 (WinXP)81http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.doomjuice.b.html0
1 7regedit1 11regedit.exe1 00228Added by the BRID.A WORM! Note - resides in C:\Windows\System (Win9x/Me), C:\Winnt\System32 (WinNT/2K), or C:\Windows\System32 (WinXP). The valid "regedit.exe" resides in C:\Windows (Win9x/Me/XP) or C:\Winnt (WinNT/2K)74http://securityresponse.symantec.com/avcenter/venc/data/w32.brid.a@mm.html0
1 8Internal1 40regedit.exe /s %windir%c:\[month number]2 00 32Added by the FORTNIGHT.D TROJAN!75http://securityresponse.symantec.com/avcenter/venc/data/js.fortnight.d.html0
0 8PowerSet1 38Regedit.exe /s ...PowerSet_8100_CU.REG2 00 46Appears to be Toshiba power management related 01
1 7OPQFile1 30regedit.exe /s ...rad03FA6.tmp2 00122Unsavoury program that resets your homepage every time you restart - uncheck in MSCONFIG and delete it via a registry edit 01
1 9setupuser1 25regedit.exe setupuser.log2 00 60Regfile in disguise - another CoolWebSearch parasite variant53http://www.spywareinfo.com/~merijn/cwschronicles.html0
124Service Registry NT Save1 13regeditnt.exe1 00 83Added by Troj/Bancos-BM TROJAN to steal passwords and download code from websites.58http://www.sophos.com/virusinfo/analyses/trojbancosbm.html0
131Windows Registry Express Loader1 14regexpress.exe1 00 28Added by the FORBOT-CJ WORM!57http://www.sophos.com/virusinfo/analyses/w32forbotcj.html0
223Register MediaRing Talk1 12register.exe1 00 88If you don't want to register MediaRing and be reminded about it every bootup disable it 01
117Registry Services1 12Registry.exe1 00 36Added by the DOWNLOADER.CILE TROJAN!83http://securityresponse.symantec.com/avcenter/venc/data/trojan.downloader.cile.html0
1 4run=1 20RegistryReminder.exe1 00 33Added by the APSTROJAN.OB TROJAN!42http://vil.nai.com/vil/content/v_10232.htm0
319RegisterDropHandler1 12REGIST~1.EXE1 00654Part of the OCR software TextBridge Pro 9.0 (and possibly earlier versions). Typically used with imaging devices such as scanners and digital cameras for creating text documents from images. This item will probably be displayed twice and will re-instate itself whenever you start the main program so leave it - once started it frees the memory it used. Its purpose and an explanation of how to correct a problem it creates for "Send To" can be found here. Note that you don't have to uninstall TextBridge for this fix to work and the program works fine afterwards. Not used on later versions of the software - hence the 'U' recommendation 39http://www.nvdi.com/whertra/w950812.htm0
115Registry Loader1 12regloadr.exe1 00 28Added by the GAOBOT.AO WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.ao.html0
316RegistryMechanic1 11RegMech.exe1 00215Registry Mechanic for Windows - "you can safely clean and repair Windows registry problems with a few simple mouse clicks! Problems with the Windows registry are a common cause of Windows crashes and error messages"33http://www.winguides.com/regmech/0
2 8AUTOPROP1 24REGPROP.EXE WMPADDIN.DLL2 00112Both the files are in the MS Office/Bots/FP_WMP directory. Apparently, it registers the FrontPage WiMP extension 01
4 7RegProt1 11Regprot.exe1 00 89RegistryProt from Diamond Computer Systems - protects the system registry against changes47http://www.diamondcs.com.au/web/htm/regprot.htm0
121Windows Registry Scan1 13regscan32.exe1 00 26Added by the RBOT.KE WORM!84http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.KE&Vsect=T0
116Registry Scanner1 12regscanr.exe1 00 39Added by a variant of the OPTIX TROJAN!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?ID=161060
115regservices.exe1 15regservices.exe1 00 47Added by an unidentified VIRUS, WORM or TROJAN! 01
2 8RegShave1 12regshave.exe1 00236Part of the USB driver for your Fuji digital cameras - used when uninstalling the USB drivers, erasing all entries from the registry. Only required BEFORE attempting to uninstall the Fuji software or the uninstall may not work correctly 01
1 6regsrv1 10regsrv.exe1 00 32Added by the OPTIXPRO.11 TROJAN!80http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_OPTIXPRO.110
114System Profile1 10Regsrv.exe1 00 39Added by a variant of the OPTIX TROJAN!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?ID=161060
1 7REGEDIT1 12Regsrv32.com1 00 29Added by the SOUTHGHOST WORM!80http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.southghost.html0
120[executed file name]1 12Regsrv32.com1 00 29Added by the SOUTHGHOST WORM!80http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.southghost.html0
115Registry Server1 12regsrv32.exe1 00 26Added by the RBOT-GM WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotgm.html0
123Generic Service Process1 12regsvc32.exe1 00 42Added by the GAOBOT.UJ or GAOBOT.UL WORMS!74http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.uj.html0
124Generic Services Process1 12regsvc32.exe1 00 28Added by the GAOBOT.SY WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.sy.html0
1 8MSRegSvc1 12regsvc32.exe1 00 69Homepage hijacker that changes your homepage to an adult content site 01
1 8regsvc321 12regsvc32.exe1 00 69Homepage hijacker that changes your homepage to an adult content site 01
111DHCP Server1 10regsvr.exe1 00 26Added by the RBOT-PR WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotpr.html0
1 6regsvr1 10regsvr.exe1 00 31Added by the WEBMONEY-G TROJAN!59http://www.sophos.com/virusinfo/analyses/trojwebmoneyg.html0
011MsmqIntCert1 20regsvr32 /s mqrt.dll2 00112Microsoft Message Queue Server - Internal Certificate - see here for more info and here for a potential problem.30http://www.microsoft.com/msmq/0
010WUx_RegSvr1 12RegSvr32.exe1 00 17x is any number?? 01
3 8HREF.OCX1 25regsvr32.exe ....HREF.OCX2 00150HREF.OCX is an ActiveX control developed by xFX JumpStart and used to provide HTML-alike clickable links on Windows-based programs such as PopUpKiller55http://software.xfx.net/utilities/popupkiller/index.php0
3 7AsioReg1 23regsvr32.exe ctasio.dll2 00163ASIO (Audio Stream In/Out) drivers for the SoundBlaster Audigy 2 series soundcards - for recording and home project studios. Required if you use this functionality69http://www.soundblaster.com/resources/read.asp?articleid=60&cat=20
3 8REGSVR321 23regsvr32.exe ctasio.dll2 00163ASIO (Audio Stream In/Out) drivers for the SoundBlaster Audigy 2 series soundcards - for recording and home project studios. Required if you use this functionality69http://www.soundblaster.com/resources/read.asp?articleid=60&cat=20
129Compatibility Service Process1 10regsvs.exe1 00 28Added by the GAOBOT.YN WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.yn.html0
1 7Reg_WFT1 11Regsysw.com1 00 26Added by the WILSEF VIRUS!71http://securityresponse.symantec.com/avcenter/venc/data/w32.wilsef.html0
221Registration-Studio 81 11RegTool.exe1 00 85Registration for Pinnacle Studio Version 8 home video software from Pinnacle Systems75http://www.pinnaclesys.com/ProductPage_n.asp?Product_ID=577&Langue_ID=20
3 8RegTweak1 10RegTwk.exe1 00170Rage3d Tweak - ATI Radeon tweaker which allows access to registry tweak options, custom display modes, refresh rates and overclocking all through an easy to use interface31http://www.rage3d.com/r3dtweak/0
1 6RegVer1 10REGVER.EXE1 00 31Added by the LATINUS.16 TROJAN!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_LATINUS.160
2 8Launcher1 12relaunch.exe1 00185Audio Applications Launcher for the Philips Rythmiic Edge soundcard (the Philips Rhythmic Edge is the same as the Thunderbird PCI soundcard - see TBtray). Available via Start - Programs198http://www.consumer.philips.com/global/b2c/ce/catalog/product.jhtml;jsessionid=ONLYIDABKOHRQCRQNE2RYVIKGBUCWHD0?divId=0&groupId=PCSTUFF&catId=&subCatId=SOUNDCARDS&productId=PSC703_050
1 6reload1 10reload.vbs1 00 33Added by the LOVELETTER.AS VIRUS!42http://vil.nai.com/vil/content/v_98684.htm0
2 7RemHelp1 11Remhelp.exe1 00 34BT Voyager ADSL Modem Help related 01
2 8B.Reader1 9remin.exe1 00 43Birthday Reminder 5.0 - as the name implies25http://www.harshal.da.ru/0
218Corel Registration1 12Remind32.exe1 00 94If you don't want to register Corel products and be reminded about it every 2 weeks disable it 01
227Corel Registration Reminder1 12Remind32.exe1 00 94If you don't want to register Corel products and be reminded about it every 2 weeks disable it 01
238reminder-ScanSoft Product Registration1 12remind32.exe1 00 61Registration reminder for ScanSoft products such as PaperPort 01
2 5@loha1 12reminder.exe1 00 51Registration reminder for @loha@home E-mail utility67http://www.pcworld.com/downloads/file_description/0,fid,6581,00.asp0
221Instant Update Center1 12reminder.exe1 00298From Broderbund's PrintMaster 10. It is an event reminder (for calendar dates, etc). Delete from the startup using Startup Manager program because it keeps re-checking itself when using MSCONFIG. PrintMaster 11 uses filename PMremind.exe - it has to be unchecked in startup in the same manner 01
213Kana Reminder1 12Reminder.exe1 00 98Kana Reminder is a program which can be used to set a reminder to be triggered at a specified time40http://www.istop.com/~phartana/reminder/0
2 8Reminder1 12reminder.exe1 00 40From MS Money. Reminds you of your bills 01
2 8Reminder1 13Remind_XP.exe1 00231HP-specific program that reminds users to create System Recovery CDs. Once they use the Recovery CD Creator (Start - PC Help & Tools - Recovery CD Creator) to make the recovery CDs the entry will remove itself from the startup list 01
2 9Remind_XP1 13Remind_XP.exe1 00231HP-specific program that reminds users to create System Recovery CDs. Once they use the Recovery CD Creator (Start - PC Help & Tools - Recovery CD Creator) to make the recovery CDs the entry will remove itself from the startup list 01
313remote master1 17remote master.exe2 00 92Required if you want your ASUS Remote control to work at all. Available via Start - Programs 01
212Remote_Agent1 15RemoteAgent.exe1 00173Cyberlink Power VCR II 3.0 is a TV tuner recording utility. If you want to schedule recordings, you will need this, otherwise can be disabled. Available via Start - Programs24http://www.cyberlink.com0
2 9Removecpl1 13Removecpl.exe1 00 64Related to a Belkin 54Mbps Wireless Utility Control Panel applet 01
1 9Zonealarm1 12Removeme.exe1 00 28Added by the FORBOT-BG WORM!57http://www.sophos.com/virusinfo/analyses/w32forbotbg.html0
115Spyware remover1 18Remove_spyware.exe1 00112Unidentified, but not known to belong to any known spyware remover, and strongly suspected to be adware related! 01
0 6Agente1 10Remupd.exe1 00144Part of Panda Antivirus Titanium. Is this an update reminder (guess because of the name), virus definition update reminder or something similar?47http://www.pandasoftware.com/products/titanium/0
1 8LAsIAf321 12RePEAtLD.exe1 00 27Added by the REPEATLD WORM!78http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.repeatld.html0
317RepliGo Assistant1 14RepliGoMon.exe1 00104Cerience RepliGo software - "any document you have on your PC can be transferred to your mobile device"47http://www.cerience.com/docs/ppc/docs/index.htm0
1 9requester1 15requester.5.exe1 00 57Adware downloader, identified as TrojanProxy.Win32.Delf.h 01
1 9requester1 15requester.5.exe1 00 30Added by the MUQUEST.A TROJAN!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=410000
1 9requester1 15requester.6.exe1 00 44Added by a variant of the MUQUEST.A TROJAN!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=410000
1 9requester1 15requester.8.exe1 00 44Added by a variant of the MUQUEST.A TROJAN!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=410000
254[System Mechanic Professional Update [Incinerator.dll]1 29REREG: [path] Incinerator.dll2 00124System_Mechanic's "Incinerator" feature securely deletes files and folders from your PC so they can never be recovered again41http://www.iolo.com/sm/4pro/tutorials.cfm0
1 7restory1 11restory.exe1 00 27Added by the RETSAM TROJAN!74http://securityresponse.symantec.com/avcenter/venc/data/trojan.retsam.html0
315ResumeFixClocks1 13resumefix.exe1 00 76Part of the RadeonTweaker utility for overclocking ATI Radeon graphics cards37http://radeontweaker.sourceforge.net/0
217Mania Win Restore1 10RESWIN.EXE1 00142Pinball Mania for Windows from 21st Century Entertainment LTD (1995). Runs briefly at start-up then terminates. Available via Start - Programs 01
1 6retime1 10retime.exe1 00 26Added by the GIPMA TROJAN!73http://securityresponse.symantec.com/avcenter/venc/data/trojan.gipma.html0
318RetrieverScheduler1 22retrieverscheduler.exe1 0028380-20 Retriever from 80-20 - "80-20 Retriever is a powerful personal search tool that encompasses email folders, archived email, and local or network file systems, giving users one point of fast, accurate search for all personal information". Real-time scheduler - shortcut available54http://www.80-20.com/products/one-search/retriever.asp0
314RevoTaskbarApp1 12RevoTask.exe1 00192Control Application for M-Audio Revolution 7.1 sound card. The sound card will function without it - but changes to speaker setup and sound modification (Bass/Treble etc) will not be available 01
2 8RexSyMon1 12rexsymon.exe1 00115Intellisync for REX sychronization software for Xircom REX MicroPDAs for sharing information between the PDA and PC52http://support.intel.com/support/peripherals/xc/pda/0
3 7rfagent1 11rfagent.exe1 00259Registry First Aid - scans the Windows registry for orphan file/folder references, finds these files or folders on your drives that may have been moved from their initial locations, and then corrects your registry entries to match the located files or folders40http://www.rosecitysoftware.com/reg1aid/0
114Windows-TCP-IP1 12rfkampig.exe1 00 26Added by the GIPMA TROJAN!73http://securityresponse.symantec.com/avcenter/venc/data/trojan.gipma.html0
225Reality Fusion GameCam SE1 10RFTRay.exe1 00115System Tray access for Logitech's Reality Fusion GameCam. For more details see here. Available via Start - Programs49http://www.realityfusion.com/gamecam/bethere.html0
1 6RFTray1 10RFTRay.exe1 00220Reality Fusion GameCam Video Interaction Technology Software that comes with the Logitech QuickCam PC video camera and other USB cameras. It's only an icon that appears on your System Tray. Available via Start - Programs 01
1 9rIOphosIs1 13rIOPHosIs.vBS1 00 26Added by the RIOSYS MACRO!72http://securityresponse.symantec.com/avcenter/venc/data/w97m.riosys.html0
3 9RivaTuner1 13RivaTuner.exe1 00 78RivaTuner for tweaking nVidia graphics cards. Required if you make any changes28http://guru3d.com/rivatuner/0
322RivaTunerStartupDaemon1 13RivaTuner.exe1 00 78RivaTuner for tweaking nVidia graphics cards. Required if you make any changes28http://guru3d.com/rivatuner/0
1 4Key11 8Rlid.exe1 00 25Added by the LIXY TROJAN!74http://securityresponse.symantec.com/avcenter/venc/data/backdoor.lixy.html0
313RemoteControl1 10rmctrl.exe1 00242Remote Control background application for CyberLink's PowerDVD version 4 and above. Enables you to use a remote control with your DVD drive if your drive came with one. Not required if you don't have a remote control, or don't wish to use one 01
3 6rmctrl1 10rmctrl.exe1 00242Remote Control background application for CyberLink's PowerDVD version 4 and above. Enables you to use a remote control with your DVD drive if your drive came with one. Not required if you don't have a remote control, or don't wish to use one 01
0 8RMremote1 12RmRemote.exe1 00 42Remote control driver for REALmagic Xcard.46http://www.sigmadesigns.com/products/xcard.htm0
313Remote Access1 10rnaapp.exe1 00200Dial-up networking application - not normally found in the startup locations. It runs when you connect to the net via this method (ie, analogue 56K modem) and terminates after the connection is closed 01
0 6rndll21 10rndll2.exe1 00117May be related to the DivX program as a *.dat file in the same directory had "DivXPro505Bundle.exe" mentioned within? 01
215RoboFormWatcher1 19RoboFormWatcher.exe1 00 97AI Roboform from Siber Systems. Automatically completes web forms. Available via Start - Programs30http://www.siber.com/roboform/0
2 8RoboForm1 19RoboTaskBarIcon.exe1 00162Roboform - password manager and web form filler. Will work without this startup entry, as the "active" component is an integrated Internet Explorer browser plugin 01
311Rocket.Time1 14RocketTime.exe1 00 50Time synchronization software from Rocket Software51http://www.rocketsoftware.com/products/download.htm0
110DevicePath1 8Root.exe1 00 24Added by the GRUEL WORM!73http://securityresponse.symantec.com/avcenter/venc/data/w32.gruel@mm.html0
1 9MediaPath1 8Root.exe1 00 24Added by the GRUEL WORM!73http://securityresponse.symantec.com/avcenter/venc/data/w32.gruel@mm.html0
112Rundll32.exe1 8Root.exe1 00 24Added by the GRUEL WORM!73http://securityresponse.symantec.com/avcenter/venc/data/w32.gruel@mm.html0
0 5ROUTD1 9ROUTD.exe1 00 2?? 01
2 9RoxAssist1 13RoxAssist.exe1 00584Roxio Assistant is designed to correct Engine Initialization errors. If Easy CD & DVD Creator's Engine does not initialize, the applications in Easy CD & DVD Creator will not recognize your recorder. After running this program you should receive the message "Engine initialized successfully with full recorder support". If you do not receive the message, update your Virus software and then check and clean your system for viruses. After the removal of any viruses, uninstall and then reinstall Easy CD & DVD Creator (use "Add Remove Programs" in "Control Panel"). Can be run manually 01
3 4RP321 8rp32.exe1 00114ControlIT (was Remotely Possible) from Enterprise International for remote control and access to Win9x/NT systems. 7http://0
139Remote Procedure Call For Windows 32bit1 7rpc.exe1 00 26Added by the RBOT-MD WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotmd.html0
449Remote Packet Capture Protocol v.0 (experimental)1 10rpcapd.exe1 00 65File is found at this location: %ProgramFiles%\WinPcap\rpcapd.exe 01
0 9roketpipe1 12rpclient.exe1 00 2?? 01
1 6Sysmon1 10rpcmon.exe1 00 29Added by the RANDEX.ATX WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.atx.html0
4 9RPCSS.exe1 9rpcss.exe1 00463Remote Procedure Call. Required by windows for programs to communicate with each other on networks/different machines. Originally for NT only but now installed with Win98/98se. Under Win98/98se, a program may need it to communicate with other components of itself. You could delete the program but if any abnormalities occur soon after then reinstall. Under NT, deleting this critical system component will disable the OS. For a more detailed explanation see here27http://www.cexx.org/rpc.htm0
121RPC+ Service Provider1 12rpcss_pl.exe1 00 83br /br /HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs\\DependOnService 01
113windowsupdate1 12RPCX1sQ3.exe1 00 29Added by the IRCBOT.B TROJAN!73http://securityresponse.symantec.com/avcenter/venc/data/w32.ircbot.b.html0
116WSAConfiguration1 12rpcxmn32.exe1 00 29Added by the AGOBOT.ABG WORM!102http://uk.trendmicro-europe.com/smb/security_info/ve_detail.php?id=66485&VName=WORM_AGOBOT.ABG&VSect=T0
131Microsoft Windows Secure Server1 15rpcxWindows.exe1 00 26Added by the RBOT-LL WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotll.html0
1 6RplSvr1 10rplsvr.exe1 00112The WORM variant W32/MyDoom-J uses email & P2P to add a TROJAN, copies itself as this file to run at each logon.56http://www.sophos.com/virusinfo/analyses/w32mydoomj.html0
310ReleaseRAM1 8RRAM.exe1 00209"Release RAM allows your computer to run faster and uses your computer's RAM more efficiently". Some users swear by programs such as this but I suggest you read this article and make up your own mind26http://www.releaseram.com/0
1 7RRMedic1 11rrmedic.exe1 00225Troubleshooting utility for the RoadRunner cable internet service. Not required and you are advised to completely uninstall it. Provides a lot of false alarms and gets a lot of people panicking about there internet connection24http://www.rr.com/rdrun/0
313Rapid Restore1 10rrpcsb.exe1 00195XPoint "Rapid Restore PC" - a "Managed RecoveryÖ solution that enables IT Administrators to protect the corporate image, while offloading personal data backup and recovery chores to the end user"53http://www.xpointdirect.com/jp/IBMRRPC/XPRRPC_why.asp0
3 6rscmpt1 10rscmpt.exe1 00195Required on the GeFroce 64 meg MX card to show the full 64 meg memory and appears to be a software memory emulator running under the Win2K - see here. High CPU useage results - hence the U status56http://www.guru3d.com/comments.php?category=1&id=6730
121Red Swoosh EDN Client1 15RSEDNClient.exe1 00266Red Swoosh - mechanism used by web sites to allow you to download files from those sites quicker and more efficiently. Note from the license agreement they automatically update the software and share non-personally identifiable information with others in the network25http://www.redswoosh.com/0
3 6rsMenu1 10rsMenu.exe1 00 40Synchronizes a Casio PDA with MS Outlook 01
214Resource Meter1 11rsrcmtr.exe1 00156Windows Resource Meter. Available via Start -> Programs. You may want this enabled if your PC is suffering from crashes and want to know potential causes 01
0 7RSRCMTZ1 11RSRCMTZ.exe1 00 2?? 01
130Network Administration Service1 10rsvc32.exe1 00 27Added by the RBOT.ABH WORM!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.ABH0
210RtlMon.exe1 10RtlMon.exe1 00 32Monitor for RealTek network card 01
2 3LIU1 11Rubicon.exe1 00189Logitech Internet Update. Used to update drivers/software for Logitech's Wingman, QuickCam, etc devices. Reports claim it doesn't work very well and you can manually update the files anyway 01
1 6Ruby131 10Ruby13.exe1 00 26Added by the MEXER.E WORM!67http://securityresponse.symantec.com/avcenter/venc/data/w32.mexer.e0
1 6Ruby141 10Ruby14.exe1 00 29Added by the FIGHTRUB-A WORM!58http://www.sophos.com/virusinfo/analyses/w32fightruba.html0
328McAfee.InstantUpdate.Monitor1 12RuLaunch.exe1 00194Instant Updater for McAfee's VirusScan, Internet Security, Quick Clean, Uninstaller and Firewall products. In the case of VirusScan leave it enabled unless you update manually on a regular basis 01
3 8RuLaunch1 12RuLaunch.exe1 00194Instant Updater for McAfee's VirusScan, Internet Security, Quick Clean, Uninstaller and Firewall products. In the case of VirusScan leave it enabled unless you update manually on a regular basis 01
3 2sc1 7run.exe1 00351All-In-One_SPY stealth monitoring software - allows monitoring and recording of all actions performed on a computer. It records all keystrokes, remembers addresses of Internet pages visited, and maintains a log file listing all applicationsrun on the computer. It can create screenshots and record sounds from the computer's microphone to a sound file27http://www.allinonespy.com/0
0 3SPP1 7run.exe1 00 2?? 01
1 6System1 10run322.exe1 00 28Added by the LANFILT TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.lanfilt.html0
3 3klp1 12run32dll.exe1 00126PAL PC Spy - key recorder and screen capture utility which controls and monitors everything that happens on your pc and online40http://www.newfreeware.com/internet/480/0
1 7winstro1 12RUN32DLL.exe1 00 28Added by the FTP_ANA TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.ftp_ana.html0
2 5runAP1 9runAP.exe1 00 28Not required but what is it? 01
1 8Runapp321 12Runapp32.exe1 00 28Added by the NEODURK TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.neodurk.html0
1 6micore1 8runc.exe1 00125a href ="http://www.sarc.com/avcenter/venc/data/adware.mediainject.html"Mediainject displays advertisements on your computer. 01
112Taskbell.exe1 9Rund1.exe1 00 26Added by the YIPID TROJAN!74http://securityresponse.symantec.com/avcenter/venc/data/TROJAN!.yipid.html0
1 8rund11321 12rund1132.exe1 00 31Added by the W32/Dopbot-A worm.56http://www.sophos.com/virusinfo/analyses/w32dopbota.html0
110Tencent QQ1 29Rund1132.exe qq.dll, Rundll322 00 29Added by the QQPASS.F TROJAN!80http://securityresponse.symantec.com/avcenter/venc/data/trojan.pws.qqpass.f.html0
116LoadPowerProfile1 9rundl.exe1 00133Added by the TOFAZZOL TROJAN! Not to be confused with the valid LoadPowerProfile entry where the command is Rundll32.exe powrprof.dll73http://securityresponse.symantec.com/avcenter/venc/data/w32.tofazzol.html0
112PowerPrifile1 38rundl132 kenel.dll, PowerProfileEnable2 00 25Added by the INMOTA WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.inmota.worm.html0
119startwindowskeyuser1 11rundle2.exe1 00 31Added by the JAVAKILLER TROJAN!82http://securityresponse.symantec.com/avcenter/venc/data/w32.javakiller.trojan.html0
1 8rundli321 12rundli32.exe1 00 23Added by the LADE WORM!69http://securityresponse.symantec.com/avcenter/venc/data/w32.lade.html0
224Taskbar Display Controls1 41RunDLL deskcp16.dll, QUICKRES_RUNDLLENTRY2 00299Only appears in MSCONFIG if you have a Display Settings icon in the System Tray allowing resolution changes on the fly. Can also be disabled under Control Panel -> Display -> Settings -> Advanced -> General. Also appears if you have Win95 with the QuickRes "Powertoy" installed 01
420DNE Binding Watchdog1 35rundll dnes.dll, DnDneCheckBindings2 00409Deterministic NDIS Extender (DNE). DNE is an NDIS-compliant module which appears to be a network device driver to all protocol stacks and a protocol driver to all network device drivers. Part of Gilat Communications internet satellite systems. Required if you have this system. Also installed by Winproxy - a proxy program for sharing internet connections through one computer. Required if you want it to work 01
416DNE DUN Watchdog1 32rundll dnes.dll, DnDneCheckDUN132 00409Deterministic NDIS Extender (DNE). DNE is an NDIS-compliant module which appears to be a network device driver to all protocol stacks and a protocol driver to all network device drivers. Part of Gilat Communications internet satellite systems. Required if you have this system. Also installed by Winproxy - a proxy program for sharing internet connections through one computer. Required if you want it to work 01
1 9RundllSvr1 10Rundll.exe1 00 24Added by the HUAYU WORM!57http://www.symantec.com/avcenter/venc/data/w32.huayu.html0
113Windows Upate1 10rundll.exe1 00103Added by the HAKO TROJAN! Note - this is NOT the Windows system file of the same name as described here59http://www.symantec.com/avcenter/venc/data/trojan.hako.html0
1 9Windows321 10rundll.exe1 00 42Added by the AGOBOT-LK or AGOBOT-ND WORMS!57http://www.sophos.com/virusinfo/analyses/w32agobotlk.html0
116LoadPowerProfile1 24Rundll.exe powerprof.dll2 00192Added by the LOXOSCAM TROJAN! Note - do not confuse with the valid LoadPowerProfile entry! Notice that the infected version uses "Rundll.exe" whereas the uninfected version uses "Rundll32.exe"78http://securityresponse.symantec.com/avcenter/venc/data/backdoor.loxoscam.html0
1 7ZIBMACC1 22rundll.exe ZIBMACC.INF2 00240ZIBMACC.INF is an IBM file that is only loaded and installed under a recovery operation. The file is a support file for IBM access to the system if needed. You may delete this file. This is as from IBM Technical Support (USA - 800-887-7435) 01
1 4RDLL1 12RunDll16.exe1 00 28Added by the SDBOT.F TROJAN!64http://www.symantec.com/avcenter/venc/data/backdoor.sdbot.f.html0
1 8Rundll161 12Rundll16.exe1 00 48Added by a number of VIRUSES, WORMS and TROJANS! 01
119Win32 USB2.0 Driver1 12rundll16.exe1 00 28Added by the WOOTBOT.H WORM!99http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?VName=WORM_WOOTBOT.H&VSect=T0
118Windows DLL Loader1 12RUNDLL16.EXE1 00 27Added by the DOMWIS TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/backdoor.domwis.html0
1 7svchost1 12Rundll16.exe1 00190Added by the Troj/StartPa-PB TROJAN! Redirecting of browser start & search pages will result. DBG.EXE and RUNDLL.EXE are copied to the Windows folder to initiate the actions of this trojan.59http://www.sophos.com/virusinfo/analyses/trojstartpapb.html0
123Microsoft Update Module1 12rundll24.exe1 00 26Added by the RBOT-PS WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotps.html0
1 8MMSystem1 8RunDll321 00 27Added by the FUNNER-A WORM! 01
2 7Cmaudio1 32Rundll32 cmicnfg.cpl, CMICtrlWnd2 00163System tray control panel for C-Media based soundcards - often included on popular motherboards with in-built audio. Available via Start - Settings - Control Panel 01
216Rundll32 cmicnfg1 32Rundll32 cmicnfg.cpl, CMICtrlWnd2 00163System tray control panel for C-Media based soundcards - often included on popular motherboards with in-built audio. Available via Start - Settings - Control Panel 01
1 6babeie1 31rundll32 cnbabe.dll, dllstartup2 00 49CommonName Toolbar spyware. To uninstall see here62http://www.commonname.com/english/ug/toolbar/default.asp?idx=10
1 5Zenet1 31rundll32 CNBabe.dll, DllStartup2 00 49CommonName Toolbar spyware. To uninstall see here62http://www.commonname.com/english/ug/toolbar/default.asp?idx=10
011SoundFusion1 21rundll32 cwcprops.cpl2 00202Control panel item for the Terratec DMX Xfire 1024 soundcard (Start -> Settings -> Control Panel) based upon a Cirrus Logic "SoundFusion" DSP. Does it need to run at start-up every time? 01
011SoundFusion1 37rundll32 hercplgs.cpl, BootEntryPoint2 00195Control panel item for Hercules Fortissimo soundcards (Start -> Settings -> Control Panel) based upon a Cirrus Logic "SoundFusion" DSP. Does it need to run at start-up every time? 01
1 9kernctl321 31rundll32 kctl32.dll, initialize2 00 29Added by the AGENT.AT TROJAN! 01
3 9WinXPLoad1 39Rundll32 LoadDll, LoadExe WinXPLoad.exe2 00 55Compaq hotkey related - required if you use the hotkeys 01
0 7NVCLOCK1 31rundll32 nvclock.dll, fnNvclock2 00 53Overclocking utility for nVidia based graphics cards? 01
0 9P17Helper1 27Rundll32 P17.dll, P17Helper2 00 98ASIO driver for the Sound Blaster Audigy & Audigy 2 series sound card - is it required in startup?65http://www.soundblaster.com/resources/read.asp?articleid=60&cat=20
4 8Pwrmonit1 21Rundll32 PwrMonit.dll2 00 79IBM's proprietary 'battery maximiser' and power monitoring software for laptops 01
3 6BMMGAG1 38Rundll32 PWRMONIT.DLL, StartPwrMonitor2 00165Displays a battery gauge icon in the Taskbar (not the System Tray). Provides shortcuts to IBM's proprietary power saving settings and to a battery information window 01
010SRFirstRun1 39rundll32 srclient.dll, CreateFirstRunRp2 00227Created by execution of the Windows XP sr.inf file, which installs the Windows XP System Restore feature, needed for example when installing System Restore into Windows Server 2003. Does this indeed need to run at every bootup? 01
1 8Tweak UI1 40RunDLL32 tweakUI.DLL, TWEAKUI /tweakmeup2 00116Added by the SUBWOOFER TROJAN! Note - the real Tweak UI entry for this is "rundll32.exe tweakui.cpl, tweakmeup"79http://securityresponse.symantec.com/avcenter/venc/data/backdoor.subwoofer.html0
1 9SurfBuddy1 26rundll32 [path] sbuddy.dll2 00 92SurfBuddy adware - not to be confused with the legitimate SurfBuddy application by SurfApps!44http://www.surfapps.com/surfbuddy/index.html0
3 8BatInfEx1 12rundll32.exe1 00 54Displays battery status information on an IBM Thinkpad 01
116LoadPowerProfile1 12Rundll32.exe1 00144Added by the MIROOT WORM! Note - do not confuse with the valid LoadPowerProfile entry which has "powrprof.dll" appended to the command/data line76http://securityresponse.symantec.com/avcenter/venc/data/w32.miroot.worm.html0
1 8Rundll321 12Rundll32.exe1 00119Added by the DVLDR TROJAN! Note - this is not the valid "Rundll32.exe" as it's in the Windows\Fonts directory75http://securityresponse.symantec.com/avcenter/venc/data/backdoor.dvldr.html0
1 8rundll321 12rundll32.exe1 00133Added by the SANKER WORM! Note that the valid "rundll32.exe" resides in C:\Windows\System32 wheras this version resides in C:\Windows76http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.sanker.html0
1 7TaskMan1 12rundll32.exe1 00119Added by the DVLDR TROJAN! Note - this is not the valid "rundll32.exe" as it's in the Windows\Fonts directory75http://securityresponse.symantec.com/avcenter/venc/data/backdoor.dvldr.html0
010UPDATEHOOK1 12Rundll32.exe1 00 2?? 01
119Win32 Rundll Loader1 12Rundll32.exe1 00235Added by the SDBOT.A TROJAN! Note: Rundll32.exe is a valid Windows application called "Run a DLL as an App" and stored in the C:\Windows directory. The version created by this virus is saved in the C:\Windows\System directory75http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.A0
118Windows DLL Loader1 12rundll32.exe1 00236Added by the WHIPSER-B WORM! Note - rundll32.exe file is placed in the Windows\System folder, wheras the legitimate rundll32.exe is located in the C:\Windows\System (Win9x/Me), C:\Winnt\System32 (WinNT/2K) or C:\Windows\System32 (WinXP)57http://www.sophos.com/virusinfo/analyses/w32whipserb.html0
2 8NVMCTRAY1 43RUNDLL32.EXE ...NVMCTRAY.DLL, NvTaskbarInit2 00246System Tray icon used to manage settings for nVidia based graphics cards. May be required for some 3D applications to recognize your card correctly - such as the game "Everquest". Otherwise, settings can be changed manually via Display Properties 01
2 8lhttseng1 42rundll32.exe ..lhttseng.inf, RemoveCabinet2 00116Left over after installation of the British English version of the Lernout & Hauspie Text To Speech (TTS) Engine 01
313VoodooBanshee1 44rundll32.exe 3DBBps.dll, BansheeLoadSettings2 00186Loads the configuration settings for a 3dfx Voodoo Banshee chipset based graphics card. If you change some of the settings from default you probably need this - otherwise maybe not 01
3 6BCMHal1 33rundll32.exe bcmhal9x.dll, bcinit2 00171BlasterControl for Creative video cards - controls for desktop settings, monitor configuration, colour adjustments and performance tuning. May be needed to retain settings 01
115Systems Restart1 40Rundll32.exe beem.dll, DllRegisterServer2 00 84Browser hijacker - the file serves to register a dll implemented as a browser plugin 01
015WildTangent CDA1 44RUNDLL32.exe cdaEngine0400.dll,cdaEngineMain2 00 45Part of the WildTangent on-line games system.38http://www.wildtangent.com/default.asp0
215CrazyTalk Serve1 45rundll32.exe CrazyTalk.dll, DIIServeMediaFile2 00320CrazyTalk from Reallusion - "the worlds only facial animation tool that gives you the power to create talking animated images from a single photograph, complete with emotions." Can apparently be installed without your knowledge as well as being a legitimate download in it's own right from sites such as TUCOWS47http://www.reallusion.com/crazytalk/default.asp0
3 7ICSDCLT1 35rundll32.exe Icsdclt.dll, ICSClient2 00164Internet Connection Sharing allows more than one computer to simultaneously access the internet with a single connection. Also required when networking two machines 01
329BlueToothAuthentication Agent1 54RunDLL32.exe irprops.cpl, BluetoothAuthenticationAgent2 00362Associated with BlueTooth software, and registers the "Infrared Port properties" Control Panel applet. Should you get the error message, "Rundll irprops.cpl missing entry Bluetooth authentication agent", click here here for more information. In case you no longer have BlueTooth support installed, and don't need it, simply uncheck the entry in Msconfig Startup24Infrared Port properties0
329BlueToothAuthentication Agent1 54rundll32.exe irprops.cpl, BluetoothAuthenticationAgent2 00348Associated with BlueTooth software, and registers the "Infrared Port properties" Control Panel applet. Should you get the error message, "Rundll irprops.cpl missing entry Bluetooth authentication agent", click here for more information. In case you no longer have BlueTooth support installed, and don't need it, simply uncheck the entry in Msconfig24Infrared Port properties0
3 8rundll321 54RunDLL32.exe irprops.cpl, BluetoothAuthenticationAgent2 00362Associated with BlueTooth software, and registers the "Infrared Port properties" Control Panel applet. Should you get the error message, "Rundll irprops.cpl missing entry Bluetooth authentication agent", click here here for more information. In case you no longer have BlueTooth support installed, and don't need it, simply uncheck the entry in Msconfig Startup24Infrared Port properties0
117Protected Storage1 35RUNDLL32.EXE MSSIGN30.DLL ondll_reg2 00 39Added by a variant of the LOVGATE WORM!80http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.lovgate@mm.html0
128VFW Encoder/Decoder Settings1 35RUNDLL32.exe MSSIGN30.DLL ondll_reg2 00 39Added by a variant of the LOVGATE WORM!80http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.lovgate@mm.html0
1 6NAVUpd1 32rundll32.exe navupd.dll, Startup2 00 25Added by the NAVU TROJAN!73http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.navu.html0
216RFX_auto_upgrade1 25rundll32.exe npvpg005.dll2 00116A browser plugin called the RichFX player. Here is a link to download RichFX's solution to removing the auto upgrade47http://download.richfx.com/player/uninstall.exe0
3 5NvCpl1 33rundll32.exe NvCpl.dll, NvStartup2 00106Intializes the clock and memory settings on nVidia based graphics cards. Enable if you overclock your card 01
311NvCplDaemon1 33rundll32.exe NvCpl.dll, NvStartup2 00106Intializes the clock and memory settings on nVidia based graphics cards. Enable if you overclock your card 01
3 5NVIEW1 37rundll32.exe nview.dll, nViewLoadHook2 00128This is a DLL to enable multiple display monitors on a single computer. It can be a cause of numerous problems on some computers 01
313NvMediaCenter1 40RunDLL32.exe NvMCTray.dll, NvTaskbarInit2 00246System Tray icon used to manage settings for nVidia based graphics cards. May be required for some 3D applications to recognize your card correctly - such as the game "Everquest". Otherwise, settings can be changed manually via Display Properties 01
2 8RunDLL321 40RunDLL32.exe NvMCTray.dll, NvTaskbarInit2 00246System Tray icon used to manage settings for nVidia based graphics cards. May be required for some 3D applications to recognize your card correctly - such as the game "Everquest". Otherwise, settings can be changed manually via Display Properties 01
2 8RUNDLL321 32RUNDLL32.EXE NvQtwk, NvCplDaemon2 00473System Tray icon used to change display settings, change the clock rate and memory speed for nVidia based graphics cards. This is unnecessary since you can easily configure these settings the way you want them in the Display Properties and not have to mess with them again. Also disable the "NVIDIA Driver Helper Service" if enabled as it can cause this entry to be re-enabled on re-boot (note that this service can also cause extreme shutdown delays if enabled - see here)28NVIDIA Driver Helper Service0
011NvColorInit1 36rundll32.exe NvQtwk.dll, NvColorInit2 00 43Associated with Nvidia based graphics cards 01
211NvCplDaemon1 36rundll32.exe NvQtwk.dll, NvCplDaemon2 00473System Tray icon used to change display settings, change the clock rate and memory speed for nVidia based graphics cards. This is unnecessary since you can easily configure these settings the way you want them in the Display Properties and not have to mess with them again. Also disable the "NVIDIA Driver Helper Service" if enabled as it can cause this entry to be re-enabled on re-boot (note that this service can also cause extreme shutdown delays if enabled - see here)28NVIDIA Driver Helper Service0
216NvidiaQuickTweak1 38rundll32.exe NvQtwk.dll, NvTaskbarInit2 00246System Tray icon used to manage settings for nVidia based graphics cards. May be required for some 3D applications to recognize your card correctly - such as the game "Everquest". Otherwise, settings can be changed manually via Display Properties 01
212NVQuickTweak1 38rundll32.exe NvQtwk.dll, NvTaskbarInit2 00246System Tray icon used to manage settings for nVidia based graphics cards. May be required for some 3D applications to recognize your card correctly - such as the game "Everquest". Otherwise, settings can be changed manually via Display Properties 01
212NvInitialize1 33rundll32.exe NvQtwk.dll, NvXTInit2 00117Thought to enable the clock frequency option on nVidia control panels. You can overclock without leaving this enabled 01
222OfotoNow USB Detection1 52Rundll32.exe OFUSBS.DLL, WatchForConnection OfotoNow2 00128Autodetects when a digital camera is attached to a USB port and launches OfotoNow image software. Available via Start - Programs89http://www.ofoto.com/DownloadClient30.jsp?UV=673857175481_20140377403&US=0&c=f_on0
114Instant Access1 44rundll32.exe p2esocks_xxxx.dll,InstantAccess2 00109Added by the Instant Access Adware. The file name always starts with p2esocks_ followed by 4 random numbers.64http://www.sarc.com/avcenter/venc/data/adware.instantaccess.html0
316LoadPowerProfile1 25Rundll32.exe powrprof.dll2 00281Power management specifics such as monitor shut-off, system standby, etc. Associated with power management and is listed twice - see here. Loads your selected power scheme. May not be required - depends upon whether you modify the default Control Panel -> Power Options settings62http://support.microsoft.com/default.aspx?scid=kb;en-us;1876110
1 8Rundll321 37Rundll32.exe ptipbm.dll, SetWriteBack2 00111Installed with the miniport drivers for Promise hard drive controllers in both RAID and non-RAID installations. 01
0 8rundll321 43rundll32.exe ptipbmf.dll, SetWriteCacheMode2 00223Installed with the miniport drivers for Promise hard drive controllers in both RAID and non-RAID installations. May be necessary in order to maintain preferences applied to the RAID array connected to the Promise controller 01
122Module Call initialize1 31RUNDLL32.EXE reg.dll, ondll_reg2 00 39Added by a variant of the LOVGATE WORM!80http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.lovgate@mm.html0
129Remote Procedure Call Locator1 33RUNDLL32.EXE reg678.dll ondll_reg2 00 39Added by a variant of the LOVGATE WORM!80http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.lovgate@mm.html0
1 61234561 54rundll32.exe shell32.dll, Control_RunDLL ...123456.cpl2 00 84Added by the KITRO.C (or DANDI.A) WORM! 123456 can be any random 3 to 6 digit number77http://securityresponse.symantec.com/avcenter/venc/data/w32.kitro.c.worm.html0
213WIAWizardMenu1 44RUNDLL32.EXE sti_ci.dll, WiaCreateWizardMenu2 00 53Still Image Class Installer - installed with a webcam 01
2 8Ccdecode1 43rundll32.exe streamci, StreamingDeviceSetup2 00 70Part of the closed caption decdoder/MS VBI codec. Should only run once 01
312System Check1 38Rundll32.exe SysDll32.dll, SystemCheck2 00 58XPCSpy Pro keylogger, surveillance and monitoring software24http://www.x-pcsoft.com/0
3 8Tweak UI1 36rundll32.exe tweakui.cpl, tweaklogon2 00 89Automatically logs you on if you have Microsoft's Tweak UI "powertoy" installed 01
3 8Tweak UI1 35rundll32.exe tweakui.cpl, tweakmeup2 00104Restores settings that can't be retained if you have Microsoft's Tweak UI "powertoy" installed 01
334UCmore XP - The Search Accelerator1 36rundll32.exe UCMTSAIE.dll, DllShowTB2 00 35UCmore toolbar - search accelerator22http://www.ucmore.com/0
4 7V128IID1 40Rundll32.exe v128iitw.dll, STB_InitTweak2 00142Loads drivers for some STB graphics cards such as the STB nVIDIA TNT 16MB. Required if you don't want to experience lock-ups or error messages 01
110W3KNetwork1 35rundll32.exe w3knet.dll, dllinitrun2 00 68Advertising spyware. Check here for more info on this particular one45http://www.safersite.com/PestInfo/Web3000.asp0
2 9WinHacker1 29rundll32.exe wh95.dll, HackMe2 00112Tweaking utility by Wedge Software. There are far better tweakers and, unlike WinHacker, most are free25http://www.winhacker.com/0
3 7LicCtrl1 37rundll32.exe [path] MMFS.DLL, Service2 00180Part of the eLicense Copy Protection scheme employed by some software and games. When this service is not running, the eLicense wrapper is unable to extract and execute the program 01
115PowerManagement1 11Rundlll.exe1 00 27Added by the SURDUX TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/backdoor.surdux.html0
124Microsoft Windows Update1 11rundlls.exe1 00 26Added by the HABRACK WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.habrack.html0
114Rundllsystem321 18Rundllsystem32.exe1 00 32Added by the NETDEVIL.B TROJAN!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_NETDEVIL.B0
111RUNDLLW.EXE1 11RUNDLLW.EXE1 00124Added by the W32/Dumaru.w Trojan! Acts as a keylogger and sends out the stolen information to a predetermined email address.43http://vil.nai.com/vil/content/v_100977.htm0
1 6Rundnm1 10Rundnm.exe1 00 28Added by the DELF-HA TROJAN!56http://www.sophos.com/virusinfo/analyses/trojdelfha.html0
1 2fc1 9runfc.exe1 00 26Added by the CAMPURF WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.campurf@mm.html0
212mdac_runonce1 11runonce.exe1 00156Associated with MS Data Access Components (MDAC). Sometimes left over after installation - not required. NOTE :- don't delete "runonce.exe". 01
3 7RunOnce1 11RUNONCE.EXE1 00 66Part of MS Data Access Components - only required if you use these 01
2 9Paperport1 12runppdrv.exe1 00128Loads the drivers associated with monitoring scanner status associated with PaperPort software. Can be a resource hog - see here97http://groups.google.com/groups?q=runppdrv.exe&hl=en&rnum=7&selm=6v04nv%24q3l%241%40supernews.com0
2 7LicCrtl1 14runservice.exe1 00 68eLicense, licensing system incorporated with some software and games24http://www.elicense.com/0
3 7LicCtrl1 14runservice.exe1 00180Part of the eLicense Copy Protection scheme employed by some software and games. When this service is not running, the eLicense wrapper is unable to extract and execute the program 01
415LicCtrl Service1 14runservice.exe1 00143Elicense is a common licensing tool used and installed by many programs. It should only be disabled if it is known to be causing you problems.24http://www.elicense.com/0
119Srv32 spool service1 12runsrv32.exe1 00 93Topantispyware.com malware, recognized by Kaspersky antivirus as Trojan-Clicker.Win32.Spyre.b36http://www.kaspersky.com/personalpro0
111RunServices1 12runsvc32.exe1 00 28Added by the AGOBOT.QJ WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.QJ0
3 9RunSysd321 13RunSysd32.exe1 00223DesktopShield2000 by StΘphane Groleau. Locks the desktop at bootup so that users cannot bypass the Windows screensaver password. Only essential if using the program and is an optional setting. It can be disabled from within 01
1 8runwin321 12runwin32.exe1 00 30Added by the ESEARCH-A TROJAN!58http://www.sophos.com/virusinfo/analyses/trojesearcha.html0
1 6Run_cd1 10Run_cd.exe1 00 29Added by the GHOST.23 TROJAN!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_GHOST.230
1 3NAV1 12RuxDLL32.exe1 00 27Added by the MAPSON.D WORM!78http://securityresponse.symantec.com/avcenter/venc/data/w32.mapson.d.worm.html0
0 8RVS CAPI1 12rvs_cent.exe1 00125A href="http://www.rvs.de/start.html"RVCS_CENT is used by certain Internet Providers in Germany for ISDN and DSL connections. 01
124Microsoft Update Machine1 10rxhost.exe1 00 26Added by the RBOT.FC WORM!76http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.FC0
217RoxioAudioCentral1 9RxMon.exe1 00233Part of Roxio EasyCD Creator 6.0 - places the Roxio AudioCentral icon in you system tray. "Includes a player, media manager, ripper, tag and sound editor - integrated in a single application". Not required for Roxio to work properly. 01
1 2sp1 42rundll32 [tempdirectory]\SE.DLL,DllInstall2 00147Start Page Hijacker. More information can be at this site. For help removing this infection please post a HijackThis log in our HijackThis forum.59http://www.sophos.com/virusinfo/analyses/trojadclickai.html0
0 8S24EvMon1 12S24EvMon.exe1 00 79Event Monitor - supports driver extensions to NIC Driver for wireless adapters. 01
116S3 Internal Chip1 10s3serv.exe1 00 28Added by the AGOBOT-DD WORM!57http://www.sophos.com/virusinfo/analyses/w32agobotdd.html0
2 6S3TRAY1 10S3Tray.exe1 00147S3 display configuration taskbar utility for S3 chipset based graphics cards. Can be run from Start-> Settings -> Control Panel -> Display 01
0 7s3tray21 11s3tray2.exe1 00 39Same as the s3tray entry in this table? 01
0 8S3TRAYHP1 12S3trayhp.exe1 00 24S3 Video driver related. 01
116My Search Bar Eq1 11S4BAREQ.EXE1 00 21MySearch bar parasite41http://doxdesk.com/parasite/MySearch.html0
3 3S4F1 7S4F.exe1 00 31S4F internet filtering software43http://www.s4f.com/home/filterpak/index.asp0
216Spellex Anywhere1 6sa.exe1 00140Spellex-Anywhere - adds spell checking functionality to almost any Window program. Create a shortcut and run manually before it's to be used51http://www.spellex.com/Spellex-Anywhere/default.htm0
3 9StayAlive1 6sa.exe1 00161StayAlive from TFI Technology. "This top-notch tool intercepts crashes when they happen, keeping your programs running so you can save your work."43http://www.tfi-technology.com/stayalive.htm0
1 7Unshare1 13SafeShare.exe1 00105P2P Program typically installed with adware or spyware. Typically found in C:\Program Files\safe-share\. 01
1 4Safe1 11SafeWin.exe1 00 30Added by the FOCOSENHA TROJAN!65http://www.symantec.com/avcenter/venc/data/pwsteal.focosenha.html0
124Sagate Security Firewall1 10sagate.exe1 00 29Added by the GAOBOT.BOW WORM!62http://www.symantec.com/avcenter/venc/data/w32.gaobot.bow.html0
311SystemAgent1 8Sage.exe1 00182"Microsoft Plus! System Agent automatically tunes your system, performing tasks such as disk optimization and error correction. It can also run any application at prescheduled times" 01
214SAgent2ExePath1 11SAgent2.exe1 00 70Seiko Epson printer status agent. Disable if printer is not used often 01
1 5sagnt1 9sagnt.exe1 00 21Adware web downloader 01
4 9PrevxHome1 9SAGUI.exe1 00 40PrevX Home intrusion prevention software21http://www.prevx.com/0
0 8SaiSmart1 12SaiSmart.exe1 00180"Smart Button Special Sauce" - included with the latest software for Saitek game controllers. Related to the "S", "Shift" or "Smart" button.22http://www.saitek.com/0
128Security Accounts Manager SM1 9samsm.exe1 00 28Added by the SPYBOT.JE WORM!84http://nl.trendmicro-europe.com/smb/security_info/ve_detail.php?Vname=WORM_SPYBOT.JE0
115FireWire Driver1 8samx.exe1 00 27Added by the SDBOT.AE WORM!65http://www.symantec.com/avcenter/venc/data/backdoor.sdbot.ae.html0
2 8SandIcon1 12SandIcon.exe1 00394SanDisk ImageMate CompactFlash card reader SDDR-31 (USB). Very little use except to place the Sandisk icon beside its drive designation in Windows Explorer. The reader itself will work fine without it. The simplest thing is to just unplug the reader when you're not using it. It may slow the startup by a few nanoseconds, but once the software sees there's no reader, you get back the resources 01
127System Applications Profile1 7sap.exe1 00 26Added by the RBOT-QF WORM!58http://www.sophos.com.au/virusinfo/analyses/w32rbotqf.html0
010SA Service1 13SAservice.exe1 00138Associated with Cyber Trio and Warner troubleshooting software from G-Tek Technologies and pre-installed on some Packard Bell and NEC PCs. 01
3 8SATARaid1 12SATARaid.exe1 00141RAID driver for serial ATA disks on some motherboards such as the DFI Lanparty range. Only loaded if one is using RAID support on SATA drives 01
318ATTBroadbandUpdate1 12SAUpdate.exe1 00 59Big Brother from Quest Software. System and network monitor15http://bb4.com/0
3 8SAUpdate1 12SAUpdate.exe1 00 59Big Brother from Quest Software. System and network monitor15http://bb4.com/0
4 8SAVAgent1 12SAVAgent.exe1 00181Part of Sophos anti-virus software. Required for centrally administered Sophos updates to work correctly, e.g. automatically updating PCs used by dial-in home or out-of-office users 01
1 4Save1 8Save.exe1 00 48Rebranded version of SaveNow advertising spyware 01
1 9WhenUSave1 8Save.exe1 00 48Rebranded version of SaveNow advertising spyware 01
1 7Savenow1 11SaveNow.exe1 00 84Advertising spyware. Installed as part of the Kazaa Media Desktop bundle for example43http://www.kazaa.com/en/privacy/bundles.htm0
1 7Savenow1 11savenow.exe1 00 28Added by the SPREDA.B VIRUS!78http://securityresponse.symantec.com/avcenter/venc/data/w32.hllp.spreda.b.html0
316Say The Time 5.01 11SAYTIME.EXE1 00172This program has audio cues for the system clock in male and female voices, customizes the appearance of the system clock, and can synchronize it to a time server regularly 01
3 8SBDrvDet1 9SBDrv.exe1 00156Detects the "Easy Front-Panel Audio Connectivity Drive Internal Drive Bay" on the Sound Blaster Audigy 2 Platinium eX. Can be disabled if you don't have one 01
1 4SBHC1 8sbhc.exe1 00 45SuperBar parasite - uninstall available here45http://www.doxdesk.com/parasite/SuperBar.html0
136Windows System Restore Configuration1 11Sblhost.exe1 00 38Added by a variant of the SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
2 4SBMX1 8sbmx.exe1 00 79SoundMAX MPU401 MIDI device emulator for x86 VM DOS games/apps (for Win9x only) 01
414ScriptBlocking1 10SBServ.exe1 00354Update to Norton AntiVirus 2001. Detects certain types of script-based viruses without the need for specific virus definitions - such as JavaScript and VBScript. This will help protect you from these viruses even before virus definitions are available. Note - some users complain of problems once the update is installed - refer here for more information31http://www.symantec.com/search/0
210Eapcisetup1 11sbsetup.exe1 00 71Rockwell RipTide soundcard application software. Sound works without it 01
111SB Watchdog1 14SBWatchdog.exe1 00199Spyware utility installed by the manufacturers of some laptops (Sony) used to monitor browsing habits and send them back to whoever installed it - released by SoftBank. See here for more information51http://trek.thesteveco.com/slashnot.cgi?article=3290
0 8sc23exec1 12sc23exec.exe1 00 36Possibly related to a digital camera 01
4 8SC3300CC1 12SC3300CC.exe1 00 40SiPix digital camera Twain device driver 01
1 8Driver321 10Scam32.exe1 00 26Added by the SIRCAM WORM!66http://www.symantec.com/avcenter/venc/data/w32.sircam.worm@mm.html0
1 6Win32G1 12Scandisk.com1 00 28Added by the ESTRELLA TROJAN73http://securityresponse.symantec.com/avcenter/venc/data/w32.estrella.html0
1 8ScanDisk1 12ScanDisk.exe1 00103Added by the GANDA.A WORM! Note - this is not the valid "ScanDisk" Win9x/Me standard disk error checker62http://www.symantec.com/avcenter/venc/data/w32.ganda.a@mm.html0
112scands32.exe1 12scands32.exe1 00 43Added by a variant of the Adclicker TROJAN!79http://securityresponse.symantec.com/avcenter/venc/data/trojan.a.d.clicker.html0
115ScanSpyware v *1 11Scanner.exe1 00130Spyware remover (where * = the version number) of dubious repute, see this list of Rogue/Suspect Anti-Spyware Products & Web Sites52http://www.spywarewarrior.com/rogue_anti-spyware.htm0
018hpScannerFirstBoot1 13scannerfb.exe1 00 18HP scanner related 01
112ScanRegistry1 12scanregv.exe1 00176Added by the MASTERLOCK TROJAN!. Not to be confused with the real ScanRegistry - which is a vital Windows file. This version has the executable as scanregv.exe not scanregw.exe42http://vil.nai.com/vil/content/v_98023.htm0
412ScanRegistry1 12Scanregw.exe1 00233Scans the system registry and makes back-ups at start-up. Important should the registry become corrupt. The executable "Scanregw.exe" is located in %windir% (where %windir% is the Windows directory - C:\Windows or C:\Winnt) 01
112ScanRegistry1 12Scanregw.exe1 00309Added by the STATOR WORM! Not to be confused with the legitimate ScanRegistry entry - which is a vital Windows file. The executable "Scanregw.exe" is located in %windir%\System (where %windir% is the Windows directory - C:\Windows or C:\Winnt). Runs from the registry RunServices key as opposed to the Run key74http://securityresponse.symantec.com/avcenter/venc/data/w32.stator@mm.html0
211TwkSCardSrv1 12SCardS32.Exe1 00 57Used with Towitoko SmartCard Readers for card recognition 01
2 8SCardSvr1 12scardsvr.exe1 00 72Related to SmartCard readers and sometimes uses lots of system resources 01
218Smart Card Service1 12ScardSvr.exe1 00155For Smart Card readers. Known to cause problems, especially for Windows 2000 users - see here. Probably not required unless you use such a device regularly90http://support.microsoft.com/support/kb/articles/Q293/5/07.ASP?LN=EN-GB&SD=gn&FR=00
110NavAgent321 14SCardSvr32.Exe1 00 26Added by the MOFEI.B WORM!76http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MOFEI.B0
1 8SCardSvr1 14SCardSvr32.Exe1 00 26Added by the MOFEI.B WORM!76http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MOFEI.B0
236Compaq Computer Corp SCCenter Module1 12SCCENTER.EXE1 00 32For Compaq PC's. Part of Backweb 01
218Service Connection1 12sccenter.exe1 00 32For Compaq PC's. Part of Backweb 01
113Services Host1 11Scchost.exe1 00 23Added by the DONK WORM!61http://www.symantec.com/avcenter/venc/data/w32.hllw.donk.html0
1 7Systems1 11scchost.exe1 00 29Added by the DAEMOZ.A TROJAN!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_DAEMOZ.A0
326Acronis Scheduler2 Service1 12schedhlp.exe1 00254Part of Acronis True Image - backup software. Co-operates with the "schedul2.exe" servuce to perform backup/restore tasks correctly. Required if you want to use TrueImage to do some real backup/restore tasks - not if you only want to explore/mount images42http://www.acronis.com/products/trueimage/0
311WTIndicator1 12SchedInd.exe1 00 79WinTask - software that automates a variety of routine tasks quickly and simply23http://www.wintask.com/0
221Scheduled Maintenance1 25Scheduled_Maintenance.exe1 00161Scheduler for Iolo System Mechanic tweaking utility. It can cleans your registry and deletes temporary files at defined intervals. Available via Start - Programs19http://www.iolo.com0
321MRU-Blaster Scheduler1 13scheduler.exe1 00 90MRU-Blaster scheduler - detects and cleans MRU (most recently used) lists on your computer46http://www.wilderssecurity.com/mrublaster.html0
116Scheduling Agent1 13Scheduler.exe1 00109Added by the SUBWOOFER TROJAN! Note - this is not the real MS Scheduling agent as the executable is incorrect79http://securityresponse.symantec.com/avcenter/venc/data/backdoor.subwoofer.html0
318NovastorSchedulerd1 11SCHENGD.EXE1 00113NovaStor NovaBACKUP Scheduler - back-up utility. If you don't have regularly scheduled back-ups you don't need it 01
3 8Schmaili1 12Schmaili.exe1 00 51Schmaili - insert animated smilies into your e-mail33http://www.schmaili.com/index.htm0
120Generic Host Process1 10SCHOST.EXE1 00 26Added by the RBOT-NC WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotnc.html0
114Update Install1 10Schost.exe1 00 28Added by the GAOBOT.AO WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.ao.html0
010WinManager1 10schost.exe1 00 2?? 01
223Intervideo WinScheduler1 10SchSvr.exe1 00193WinScheduler is installed with WinDVD Remote Control for WinDVD from Intervideo. If you want to schedule recordings from your TV tuner card, you will need it. Available via Start -> Programs25http://www.intervideo.com0
213WinDVR SchSvr1 10SchSvr.exe1 00189WinScheduler is installed with WinDVD Remote Control for WinDVD from Intervideo. If you want to schedule recordings from your TV tuner card, you will need it. Available via Start - Programs25http://www.intervideo.com0
415CSScheduleCheck1 12SCHWIZEX.EXE1 00264Part of ConfigSafe - lets you identify changes to the registry, INI files, System asset files, system hardware, network connections, and operating system versions - provides a restore function. This part takes a snapshot of your system following a healthy re-boot47http://www.imaginelan.com/configsafe/index.html0
4 8SCHWIZEX1 12SCHWIZEX.EXE1 00264Part of ConfigSafe - lets you identify changes to the registry, INI files, System asset files, system hardware, network connections, and operating system versions - provides a restore function. This part takes a snapshot of your system following a healthy re-boot47http://www.imaginelan.com/configsafe/index.html0
218SecureCleanIEClean1 13SCIEClean.exe1 00113SecureClean - scans your system for hidden temporary files, deleted email messages, Internet histories and caches62http://www.accessdata.com/Product05_Overview.htm?ProductNum=050
210SQL Server1 7scm.exe1 00 66SQL Server Service Control Manager. Available via Start - Programs 01
1 9ScManager1 9scman.exe1 00 28Added by the FORBOT-CW WORM!57http://www.sophos.com/virusinfo/analyses/w32forbotcw.html0
310SurfChoice1 9SCMan.exe1 00242SCMan is a utility that can control services on WinNT from the command line. This utility can create, start, pause, stop, delete services. Furthermore it can retrieve a service's current state, get the displayname for a service and vice versa 01
1 7Spore.b1 11Scmhlpr.vbs1 00 26Added by the SPORE.B WORM!75http://securityresponse.symantec.com/avcenter/venc/data/vbs.sorpe.b@mm.html0
321Smart Connect Monitor1 9SCMon.exe1 00270Appears on a Sony Vaio. Smart Connect Version 2.1 enables data transfer between Vaios via i.LINK cable. Smart Connect supports File and Printer Sharing for MS networks. You can copy files from your Vaio to another Vaio or print using a printer connected to a remote Vaio 01
1 8scopedll1 12scopedll.exe1 00 43Added by a variant of the CRYPTER.C TROJAN!58http://www.sophos.com/virusinfo/analyses/trojcrypterc.html0
1 3Scr1 7scr.scr1 00 28Added by the OPASERV.T WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.T0
1 9W32.Scran1 9Scran.exe1 00 24Added by the NARCS WORM!57http://www.symantec.com/avcenter/venc/data/w32.narcs.html0
2 8ScrapPad1 12Scrappad.exe1 00141ScrapPad allows you to quickly and easily record notes, thoughts, messages, and just about anything you want. Use it like you use scrap paper38http://www.jackcreations.com/scrappad/0
315Screen Calendar1 10scrcal.exe1 00106Screen Calendar allows you to create custom desktop wallpapers with built in active calendar and scheduler30http://www.screencalendar.com/0
2 6cursor1 27Screendragon_VS_Taskbar.exe1 00 25ScreenDragon video player28http://www.screendragon.com/0
213ScreenPrint321 17ScreenPrint32.exe1 00 64ScreenPrint32 screen capture software - can be launched manually52http://www.provtech.co.uk/software/screenprint32.asp0
117Microsoft Restore1 10scrgrd.exe1 00 28Added by the SPYBOT.BR WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.BR0
0 6script1 10script.bat1 00 44Maybe associated with DOS on a Win9x machine 01
412ScriptSentry1 16Scriptsentry.exe1 00204Script Sentry from Jason's Toolbox. Blocks malicious scripts and allows safe scripts to run. Only required if you want it to check the file associations it guards at startup. It will function regardlessly46http://www.jasons-toolbox.com/scriptsentry.asp0
320Scroll-In-Mouse V2.01 10SCROLL.EXE1 00 95Toolkit for the Lynx-3D Net scroll mouse from QTronix. Required if you use the special features37http://www.qtronix.com/Lynx3dnet.html0
1 6ScrSvr1 10ScrSvr.exe1 00 26Added by the OPASERV WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.opaserv.worm.html0
2 2sc1 11scrubxp.exe1 00 83ScrubXP - utility that deletes safe to remove files, cookies, browsing history, etc44http://www.bartdart.com/modules/mydownloads/0
0 6screxe1 13scruser2k.exe1 00 2?? 01
319Smart Connect Setup1 11SCSetup.exe1 00270Appears on a Sony Vaio. Smart Connect Version 2.1 enables data transfer between Vaios via i.LINK cable. Smart Connect supports File and Printer Sharing for MS networks. You can copy files from your Vaio to another Vaio or print using a printer connected to a remote Vaio 01
4 4Scsi1 8Scsi.exe1 00 20SCSI Miniport driver 01
312SecondChance1 10sctray.exe1 00136Power Quest Second Chance. Sets checkpoints for saving a backup copy of the registry to a disk so you can restore it if you have a crash61http://www.pcug-colorado.org/newsletter/pcoc0200/2ndchanc.htm0
3 8OmniPass1 12scureapp.exe1 00 63OmniPass from Softex Inc. - secure password management software25http://www.softexinc.com/0
113Config Loader1 11scvhost.exe1 00 42Added by the GAOBOT.AE or GAOBOT.AO WORMS!79http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.ae.html0
124Microsoft Update Machine1 11scvhost.exe1 00 26Added by the RBOT-GS WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotgs.html0
111scvhost.exe1 11scvhost.exe1 00 28Added by the LOHAV-N TROJAN!56http://www.sophos.com/virusinfo/analyses/trojlohavn.html0
120Windows Service Host1 11scvhost.exe1 00 28Added by the SDBOT.N TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.n.html0
115Security Center1 11scvhost.exe1 00111W32/Rbot-TG is a network worm with IRC backdoor functionality. File is located in the Windows system directory.55http://www.sophos.com/virusinfo/analyses/w32rbottg.html0
127Microsoft LSASS386 Protocol1 13scvhost32.exe1 00 38Added by a variant of the SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
128Microsoft SCVHOST32 Protocol1 13scvhost32.exe1 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 7starter1 14scvhosting.exe1 00 29Added by the IRCBOT.E TROJAN!73http://securityresponse.symantec.com/avcenter/venc/data/w32.ircbot.e.html0
1 7Starter1 14scvhosting.exe1 00 27Added by the SDBOT.RU WORM!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.RU0
1 7spoolsv1 12scvhosts.exe1 00 29Added by the SMALL-AW TROJAN!57http://www.sophos.com/virusinfo/analyses/trojsmallaw.html0
021Windows Print Spooler1 12SCVHOSTS.EXE1 00 64Suspicious due to the similarity to the valid "svchost.exe" file 01
123Microsoft Office Studio1 11scvhvst.exe1 00 85Added by the W32/Sdbot-VQ WORM/Backdoor! File is found in the Windows system folder.56http://www.sophos.com/virusinfo/analyses/w32sdbotvq.html0
124Microsoft Windows Update1 12scvvhost.exe1 00 28Added by the FORBOT-DH WORM!57http://www.sophos.com/virusinfo/analyses/w32forbotdh.html0
1 8sd32info1 12sd32info.exe1 00 30Added by the CRYPTER.A TROJAN!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A0
3 7SDaemon1 11sdaemon.exe1 00361PC Security from Tropical Software. 'PC SecurityÖ 5.1 is the ultimate in computer security, offering multiple locking systems for the Windows environment and internet. Lock files, monitor programs' activities, even detect intruders! PC Security offers flexible and complete password protection, "Drag and Drop" support, plus many other handy features' 01
115Direct settings1 11sdchost.exe1 00 30Added by the DAEMONI-I TROJAN!58http://www.sophos.com/virusinfo/analyses/trojdaemonii.html0
216Scanner Detector1 11SDetect.exe1 00307ScanSuite Scanner Detector - part of ScanWizard, supplied with Microtek scanners. Waits until you press the "GO" button and seems to serve no other purpose. Automatically installed without prompting. Not required if you can start your scanning application before pressing the "GO" button 01
2 7SDetect1 11SDetect.exe1 00307ScanSuite Scanner Detector - part of ScanWizard, supplied with Microtek scanners. Waits until you press the "GO" button and seems to serve no other purpose. Automatically installed without prompting. Not required if you can start your scanning application before pressing the "GO" button 01
112SDIN Adapter1 8sdin.exe1 00 28Added by the FORBOT-AP WORM!57http://www.sophos.com/virusinfo/analyses/w32forbotap.html0
115Winsock2 driver1 11SDJOIJE.EXE1 00 30Added by the SPYBOT.DR TROJAN!74http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.dr.html0
116Winsock32 driver1 11Sdjoije.exe1 00 27Added by the SPYBOT.B WORM!56http://www.sophos.com/virusinfo/analyses/w32spybotb.html0
214SDPhotoBar.exe1 14SDPhotoBar.exe1 00141SmartDraw Photo - "organize, enhance, print, and share your photos. It's also a powerful graphic editor for creating images and web graphics"36http://www.ttp.co.uk/abtsdphoto.html0
1 5sdrss1 9sdrss.exe1 00 27Added by the SDBOT-SQ WORM!56http://www.sophos.com/virusinfo/analyses/w32sdbotsq.html0
217FlashPath Monitor1 10SDSTAT.EXE1 00188System Tray icon that you can't get rid of - and does not need to run!. Tells you the battery status in the floppy disk adapter for the smartmedia cards. Available via Start -> Programs 01
216FlashPath Status1 10SDSTAT.EXE1 00188System Tray icon that you can't get rid of - and does not need to run!. Tells you the battery status in the floppy disk adapter for the smartmedia cards. Available via Start -> Programs 01
114Windows Update1 11sdvhost.exe1 00 61W32/Agobot-AEU is a network worm with backdoor functionality.58http://www.sophos.com/virusinfo/analyses/w32agobotaeu.html0
3 7sealmon1 11sealmon.exe1 00172SealedMedia enables you to combine document protection and control with your existing applications - such as Microsoft Word, Microsoft Excel, Microsoft PowerPoint and Email48http://www.sealedmedia.com/solutions/default.asp0
1 4run=1 11sec5dec.exe1 00 25Added by the ATAK.G WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.atak.g@mm.html0
3 6Secsys1 10Secsys.exe1 00155Key Interceptor - surveillance software that creates records of everything people do on a computer, ie, spying or monitoring depending upon how you call it35http://www.ultrasoft.ro/page_ky.htm0
1 3Bat1 11secure2.bat1 00 28Added by the ZCREW.C TROJAN!81http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.zcrew.c.html0
311SecureItPro1 19Secureitpro470p.exe1 00108SecureIt Pro - lock your computer when you're not there, to stop malicious users from accessing your desktop62http://homepages.ihug.com.au/~ipex/secureitpro/secureitpro.htm0
215Security iGuard1 19Security iGuard.exe2 00 99Spyware remover of dubious repute, see this list of Rogue/Suspect Anti-Spyware Products & Web Sites52http://www.spywarewarrior.com/rogue_anti-spyware.htm0
125Microsoft Security Update1 14security32.exe1 00 78Added by the Troj/Delf-JJ Trojan! File is found in the Windows system folder.56http://www.sophos.com/virusinfo/analyses/trojdelfjj.html0
138Microsoft Secure Messenger.NET Service1 15securitychk.exe1 00 27Added by the SDBOT.VT WORM!88http://uk.trendmicro-europe.com/consumer/security_info/ve_detail.php?Vname=WORM_SDBOT.VT0
316Security Manager1 19SecurityManager.exe1 00200A ComCast Internet software suite that provides a variety of features (firewall, popup blocker, parental controls etcetera) to help ensure your computer is secure, and your information is kept private 01
4 8SECWIZ981 12SECWIZ98.EXE1 00147Security Wizard 98 by Chris Farmer. Offers you a variety of ways to restrict access to many of the programs and settings on your PC. Available here59http://www.zdnet.com/downloads/stories/info/0,,000T5S,.html0
1 6Selene1 10Selene.exe1 00 37Added by the Trojan.Eneles infection!74http://www.sarc.com/avcenter/venc/data/trojan.eneles.html#technicaldetails0
223FriendlyWebQuick-Launch1 12SELFCERT.EXE1 00272selfcert.exe is a stand alone program for creating your own digital certificates for macros - the .exe is installed as an extra basically by clicking on MS Office in add/remove programs and selecting remove - also I would do away with the FriendlyWebQuickLaunchBar as well 01
3 4SeMS1 8SeMS.exe1 00103p align=leftPCsms - tool that enables you to send sms text messages from your PC to any UK mobile phone21http://www.pcsms.net/0
1 2QQ1 12sendmess.exe1 00 26Added by the SEMES TROJAN!75http://securityresponse.symantec.com/avcenter/venc/data/backdoor.semes.html0
3 7Sensiva1 11Sensiva.exe1 00289Symbol Commander makes the use of your PC, laptop, Tablet PC, and Pocket PC much easier and much faster. It recognizes your handwriting with unparalled performance and executes commands in a snap. Just by using your mouse, pen, or touchpad, simply draw symbols to execute actions instantly39http://www.sensiva.com/symbolcommander/0
1 6SENTRY1 10SENTRY.exe1 00273From IP Insight. Allows website owners "to instantly determine the precise geographic location, connection speed and detailed demographics of every visitor to your website". Will be detected by most firewalls and the majority of home users should disable it 36http://www.ipinsight.com/default.asp0
3 9RNBOStart1 12sentstrt.exe1 00317Program used to initialise the VxD virtual driver for Sentinel drivers associated with Rainbow H/W keys that plug-in to the parallel port. These are usually supplied with workplace design tools and restrict the use of the software only to the machine to which the H/W key is connected. Required if you have such tools 01
124Sepate Security Firewall1 10sepate.exe1 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 7Serials1 11serials.exe1 00 41Any one of a variety of worms and trojans 01
120Microsoft WinUpdates1 10serm32.exe1 00 26Added by the RBOT.GE WORM!84http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.GE&VSect=T0
412serrdctl.exe1 12serrdctl.exe1 00174"Shared Modem Service Client Event Viewer" - used when a number of PCs have access to a number of modems. Required to be running on each PC for access to the modems 01
2 6Serv-U1 12serv-u32.exe1 00 10FTP server 01
124Microsoft Windows Update1 10servcs.exe1 00 77Backdoor.Sdbot.A backdoor Infection! Found in the Windows system directory.78http://www.sarc.com/avcenter/venc/data/backdoor.sdbot.al.html#technicaldetails0
0 4Key21 9serve.exe1 00 2?? 01
1 6Win32R1 10Server.com1 00 29Added by the ESTRELLA TROJAN!73http://securityresponse.symantec.com/avcenter/venc/data/w32.estrella.html0
1 8easyServ1 10Server.exe1 00 29Added by the EASYSERV TROJAN!78http://securityresponse.symantec.com/avcenter/venc/data/backdoor.easyserv.html0
1 7RunProg1 10Server.exe1 00 31Added by the OPTIX.04.A TROJAN!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_OPTIX.04.A0
1 6server1 10server.exe1 00 27Added by the DELTAD.A WORM!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_DELTAD.A0
110SERVER.EXE1 10SERVER.EXE1 00 45Added by the BUSHTRO122 or SMOKODOOR TROJANS!60http://www.sophos.com/virusinfo/analyses/trojbushtro122.html0
1 7WinProt1 10server.exe1 00 31Added by the CHUPACABRA TROJAN!40http://www.hackfix.org/miscfix/cha.shtml0
1 8serverex1 14Server.txt.vbs1 00 27Added by the DELTAD.A WORM!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_DELTAD.A0
1 9winserver1 14Server.txt.vbs1 00 27Added by the DELTAD.A WORM!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_DELTAD.A0
115ZtgServerSwitch1 10server.vbs1 00172ZTGServerswitch is part of Sony's Vaio support agent - designed by Support.com. Not required if the user does not wish to use the Vaio support agent and regarded as spyware 01
114WindowsAPI.DLL1 11Server5.exe1 00 36Added by the "Fear and Hope" TROJAN!54http://www.pestpatrol.com/pestinfo/f/fear_and_hope.asp0
130Sygate Personal Firewall Start1 10servic.exe1 00 26Added by the RBOT-RY WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotry.html0
1 6Config1 11service.exe1 00 26Added by the ISRAZ.B WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.israz.b@mm.html0
120Configuration Loader1 11Service.exe1 00 28Added by the GAOBOT.AO WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.ao.html0
1 9SYS_CLEAN1 11Service.exe1 00 27Added by the FLOPCOPY WORM!78http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.flopcopy.html0
119Win32 USB2.0 Driver1 11service.exe1 00 27Added by the SDBOT-QF WORM!56http://www.sophos.com/virusinfo/analyses/w32sdbotqf.html0
116Windows Services1 11service.exe1 00 27Added by the RANDEX.R WORM!73http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.r.html0
115Windows_Serivce1 11SERVICE.exe1 00 29Added by the WOOTBOT.AH WORM!92http://it.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_WOOTBOT.AH0
1 8MSN BETA1 11SERVICE.EXE1 00 75Added by the W32/Rbot-WZ WORM/backdoor Trojan to the Windows system folder.55http://www.sophos.com/virusinfo/analyses/w32rbotwz.html0
120Configuration Loader1 12service5.exe1 00 28Added by the GAOBOT.AF WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.af.html0
118MS Security Hotfix1 12service5.exe1 00 28Added by the GAOBOT.AG WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.ag.html0
1 8WinLsass1 12servicec.exe1 00 24Added by the SCANE WORM!70http://securityresponse.symantec.com/avcenter/venc/data/w32.scane.html0
412ServiceLayer1 16ServiceLayer.exe1 00129Nokia Connectivity Library support task that is needed by NCLTRAY and by the Nokia Connection Manager for either to work properly 01
110USB Device1 14servicelog.exe1 00 29Added by the WOOTBOT.CB WORM!81http://www.trendmicro.co.jp/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.CB0
1 5.Prog1 12services.exe1 00139Added by the NEVEG.B or NEVEG.C WORMS! Note - this is not the legitimate services.exe process, which should not appear in Msconfig/Startup!75http://securityresponse.symantec.com/avcenter/venc/data/w32.neveg.b@mm.html0
1 8BuildLab1 12services.exe1 00139Added by the NEVEG.B or NEVEG.C WORMS! Note - this is not the legitimate services.exe process, which should not appear in Msconfig/Startup!75http://securityresponse.symantec.com/avcenter/venc/data/w32.neveg.b@mm.html0
1 6ccApps1 12services.exe1 00139Added by the NEVEG.B or NEVEG.C WORMS! Note - this is not the legitimate services.exe process, which should not appear in Msconfig/Startup!75http://securityresponse.symantec.com/avcenter/venc/data/w32.neveg.b@mm.html0
116FriendlyTypeName1 12services.exe1 00139Added by the NEVEG.B or NEVEG.C WORMS! Note - this is not the legitimate services.exe process, which should not appear in Msconfig/Startup!75http://securityresponse.symantec.com/avcenter/venc/data/w32.neveg.b@mm.html0
1 6golumm1 12services.exe1 00132CoolWebSearch parasite variant. Note - this is not the legitimate services.exe process, which should not appear in Msconfig/Startup!53http://www.spywareinfo.com/~merijn/cwschronicles.html0
118Microsoft Services1 12services.exe1 00127Added by the ALETS TROJAN! Note - this is not the legitimate services.exe process, which should not appear in Msconfig/Startup!75http://securityresponse.symantec.com/avcenter/venc/data/backdoor.alets.html0
127Microsoft Visual SourceSafe1 12services.exe1 00182Added by the NEVEG.B or NEVEG.C WORMS!. Note - this is not the legitimate services.exe process, which should not appear in Msconfig/Startup or the Microsoft Visual SourceSafe program75http://securityresponse.symantec.com/avcenter/venc/data/w32.neveg.b@mm.html0
1 8MSOffice1 12services.exe1 00185Browser hijacker. The file is placed in a newly created MSOffice folder in System32. Note - this is NOT the legitimate services.exe process, which should NOT figure in Msconfig/Startup!72http://www.liutilities.com/products/wintaskspro/processlibrary/services/0
1 7RegDone1 12services.exe1 00139Added by the NEVEG.B or NEVEG.C WORMS! Note - this is not the legitimate services.exe process, which should not appear in Msconfig/Startup!75http://securityresponse.symantec.com/avcenter/venc/data/w32.neveg.b@mm.html0
1 7Service1 12services.exe1 00138Added by the NETSKY or NETSKY.B WORMS! Note - this is not the legitimate services.exe process which should NOT appear in Msconfig/Startup!74http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky@mm.html0
1 8Services1 12services.exe1 00148Added by a number of VIRUSES, WORMS and TROJANS! Note - this is not the legitimate services.exe process which should NOT appear in Msconfig/Startup!72http://www.liutilities.com/products/wintaskspro/processlibrary/services/0
116Services Process1 12services.exe1 00 84Added by unidentified spyware - recognized by Kaspersky antivirus as Small.X TROJAN!36http://www.kaspersky.com/personalpro0
112Services.EXE1 12services.exe1 00126Added by the KAZPING WORM! Note - this is not the legitimate services.exe process which should NOT appear in Msconfig/Startup!64http://www.symantec.com/avcenter/venc/data/w32.hllw.kazping.html0
112services.exe1 12Services.exe1 00131Added by the CIADOOR-F TROJAN! Note - this is NOT the legitimate services.exe process, which should NOT figure in Msconfig/Startup!58http://www.sophos.com/virusinfo/analyses/trojciadoorf.html0
1 7sysinit1 12services.exe1 00131Added by the NEWLFRM-A TROJAN! Note - this is not the legitimate services.exe process, which should not appear in Msconfig/Startup!58http://www.sophos.com/virusinfo/analyses/trojnewifrma.html0
114System Update21 12services.exe1 00 31Added by the AUTOTROJ-C TROJAN!59http://www.sophos.com/virusinfo/analyses/trojautotrojc.html0
1 8TEXTCONV1 12services.exe1 00139Added by the NEVEG.B or NEVEG.C WORMS! Note - this is not the legitimate services.exe process, which should not appear in Msconfig/Startup!75http://securityresponse.symantec.com/avcenter/venc/data/w32.neveg.b@mm.html0
1 7WMAudio1 12services.exe1 00139Added by the NEVEG.B or NEVEG.C WORMS! Note - this is not the legitimate services.exe process, which should not appear in Msconfig/Startup!75http://securityresponse.symantec.com/avcenter/venc/data/w32.neveg.b@mm.html0
1 8Xpsystem1 12SERVICES.EXE1 00129Added by the DAEMOZ.A TROJAN! Note - this is not the legitimate services.exe process which should NOT appear in Msconfig/Startup!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_DAEMOZ.A0
1 9xp_system1 12services.exe1 00131Added by the KREPPER-G TROJAN! Note - this is not the legitimate services.exe process, which should not appear in Msconfig/Startup!58http://www.sophos.com/virusinfo/analyses/trojkrepperg.html0
119Norton Auto-Protect1 12SERVICES.EXE1 00 31Added by the Anker e-mail WORM!45http://www.f-secure.com/v-descs/anker_a.shtml0
115Windows Service1 12SERVICES.EXE1 00 31Added by the Anker e-mail WORM!45http://www.f-secure.com/v-descs/anker_a.shtml0
1 9RPCserv321 12SERVICES.EXE1 00 69Added by the MyDoom.AN WORM! File is found in the Windows directory.47http://www.f-secure.com/v-descs/mydoom_an.shtml0
116Services Startup1 12services.exe1 00 79Added by the W32.Crowt.A@mm infection. Found in c:\program files\common files\.75http://www.sarc.com/avcenter/venc/data/w32.crowt.a@mm.html#technicaldetails0
114Services Logon1 12services.exe1 00103Added by the W32.Crowt.A@mm infection. Found in C:\Documents and Settings\[user name]\Templates folder.75http://www.sarc.com/avcenter/venc/data/w32.crowt.a@mm.html#technicaldetails0
138{357AA41A-B7A8-4632-A27D-5B980B25CF43}1 12services.exe1 00 84Added by the Adware.Clickbank adware. File is found in %windir%\system32\inetsrv\.60http://www.sarc.com/avcenter/venc/data/adware.clickbank.html0
118SuperBar.Component1 12services.exe1 00 95Added by the Adware.Clickbank adware. File is found in the %windir%\system32\inetsrv\ folder.60http://www.sarc.com/avcenter/venc/data/adware.clickbank.html0
121AdRotator.Application1 12services.exe1 00 95Added by the Adware.Clickbank adware. File is found in the %windir%\system32\inetsrv\ folder.60http://www.sarc.com/avcenter/venc/data/adware.clickbank.html0
1 9xp_system1 12services.exe1 00 91Added by the Adware.CWSConyc hijacker. Found in the %WINDIR%\inet10050\services.exe folder.59http://www.sarc.com/avcenter/venc/data/adware.cwsconyc.html0
1 3run1 12services.exe1 00 91Added by the Adware.CWSConyc hijacker. Found in the %WINDIR%\inet10050\services.exe folder.59http://www.sarc.com/avcenter/venc/data/adware.cwsconyc.html0
115Windows Startup1 14services21.exe1 00 28Added by the AGOBOT-MX WORM!57http://www.sophos.com/virusinfo/analyses/w32agobotmx.html0
130Sygate Personal Firewall Start1 14services32.exe1 00 26Added by the RBOT-MB WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotmb.html0
112system32.exe1 14services32.exe1 00 50Added by a variant of the BACKDOOR.IRC.BOT TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.bot.html0
120Configuration Loader1 13Servicess.exe1 00 28Added by the GAOBOT.AO WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.ao.html0
1 6usbdrv1 15servicetask.exe1 00 37Added by a variant of the SDBOT WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.GEN0
124Microsoft Update Machine1 11servicz.exe1 00 26Added by the RBOT-HU WORM!51http://sophos.com/virusinfo/analyses/w32rbothu.html0
126Windows Server Information1 12servinfo.exe1 00158Added by the W32/Forbot-EN WORM/IRC backdoor Trojan, which also starts a new service "Windows ExplorerTM" with a display name of "Windows Server Information".57http://www.sophos.com/virusinfo/analyses/w32forboten.html0
118Windows ExplorerTM1 12servinfo.exe1 00109A service initiated by the W32/Forbot-EN, with a display name of "Windows Server Information" on NT systems.57http://www.sophos.com/virusinfo/analyses/w32forboten.html0
317PPK Setup(Server)1 11SEServe.exe1 00296Programmable Power Key on Sony Vaio laptops. "Using the Programmable Power Key (PPK) button, collect your e-mail automatically with one key stroke. You can also program your PPK to turn on your SuperSlim Notebook at a predetermined time and perform simple tasks - completely unattended" 01
111irc session1 14sessionmgr.exe1 00 28Added by the SDBOT-ACE WORM!57http://www.sophos.com/virusinfo/analyses/w32sdbotace.html0
411HPLJ Config1 13SetConfig.exe1 00 40Connects system to networked HP printer. 01
012Update local1 12SetCPQLC.exe1 00 39Running on a Compaq desktop. Any ideas? 01
0 9setdefprt1 13setdefprt.exe1 00 29Related to a Brother printer? 01
312GammaHotKeys1 12setgamma.exe1 00191Part of the RadeonTweaker program for adjusting ATI Radeon graphics cards. Allows you to adjust the gamma (or brightness) when playing a full-screen game without switching back to the desktop37http://radeontweaker.sourceforge.net/0
221MediaFace Integration1 11Sethook.exe1 00141Fellowes NeatoÖ cd label design software. "Launch NEATO's MediaFACE II label making software directly from the productname toolbar" 01
2 7SetHook1 11SetHook.exe1 00130Fellowes Neato CD label design software. "Launch NEATO's MediaFACE II label making software directly from the productname toolbar" 01
2 9SETI@home1 13SETI@home.exe1 00226SETI@home is a scientific experiment that uses Internet-connected computers in the Search for Extraterrestrial Intelligence (SETI). You can participate by running a free program that downloads and analyzes radio telescope data 01
210seticlient1 13SETI@home.exe1 00226SETI@home is a scientific experiment that uses Internet-connected computers in the Search for Extraterrestrial Intelligence (SETI). You can participate by running a free program that downloads and analyzes radio telescope data 01
2 7SetIcon1 11SetIcon.exe1 00180Installed by a 6-in-1 (4 Media Card slots, a floppy drive and a USB connection) device. Constantly updates the icons for the four Media Card slots that it has and is a resource hog 01
2 9SetiQueue1 12Setiqu~1.exe1 00 78Provides work unit buffering for Seti@Home clients - see here for more details39http://www.reneris.com/seti/default.asp0
2 7SetiSpy1 11SetiSpy.exe1 00212From the site - 'SETI Spy is a little program I wrote to "spy" on the progress and performance of the SETI@home client. I call it a "spy" because I tried to make it as unobtrusive as possible'36http://pages.tca.net/roelof/setispy/0
010SetRefresh1 14SetRefresh.exe1 00 49Found on a Compaq PC. Video refresh rate utility? 01
017InstallNAIProduct1 9SETUP.EXE1 00255Could be related to Network Associates Inc who own the McAfee VirusScan product amongst others. This was found in a directory called "VSC". Could it be an installation that failed and "SETUP.EXE" was left to run at startup as an error? 01
010MM Install1 9setup.exe1 00 38Possibly Money Manager from Moneysoft? 7#FF00000
320Windows Accelerators1 9setup.exe1 00173KeySpy keylogger (monitoring program). Given a "U" recommendation because it depends if you intentionally installed it. If you didn't treat it as "X" and uninstall or remove22http://www.keyspy.net/0
010zzzhpsetup1 9setup.exe1 00 2?? 01
016zzzCamlnSuitelll1 15setup.exe 46***2 00 2?? 01
1 9MemConfig1 11SetupIE.com1 00 25Added by the TAPLAK WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.taplak.html0
1 5win321 12Setup_32.exe1 00 30Added by the EVILBOT.B TROJAN!79http://securityresponse.symantec.com/avcenter/venc/data/backdoor.evilbot.b.html0
0 6setuzp1 10setuzp.exe1 00 2?? 01
114Windows secure1 12setver32.exe1 00 28Added by the SPYBOT.EP WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.EP0
1 6SetVrc1 10setvrc.exe1 00 26Added by the HUNTOCX WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.huntocx.html0
3 8Sgecrypt1 12Sgecrypt.exe1 00266SafeGuard Easy - "provides total company-wide protection for sensitive information on laptops and workstations. Boot protection, pre-boot user authentication and hard disk encryption using powerful algorithms guarantee against unauthorized access and hacker attacks"34http://www.ediport.hu/_sgeasy.html0
2 6sginst1 10sginst.exe1 00 59eAcceleration Stop-Sign related - not recommended, see note60http://www.spywarewarrior.com/rogue_anti-spyware.htm#ss_note0
312SpywareGuard1 10sgmain.exe1 00 88p align=left"SpywareGuard provides a real-time protection solution against spyware"48http://www.wilderssecurity.net/spywareguard.html0
325Screen Guard Message Scan1 8sgms.exe1 00 51Part of Access Denied security and privacy software22http://www.johnru.com/0
313SyGateService1 12sgserv95.exe1 00203SyGate is a useful little program that lets you share an internet connection over an intranet. Is it needed - it saves a lot of headache to just let SyGate load at startup. Available via Start - Programs22http://www.sygate.com/0
3 6sgtray1 10sgtray.exe1 00329StorageGuard from Veritas. Free utility that integrates with Backup MyPC (formerly Backup Exec Desktop), Simple Backup and MS Backup. Provides system tray access and background monitoring - warning you of files that haven't recently been backed up. Required unless you backup manually on a regular basis or have scheduled backups83http://www.veritas.com/products/category/ProductDetail.jhtml?productId=storageguard0
312StorageGuard1 10sgtray.exe1 00335StorageGuard from Veritas. Free utility that integrates with Backup MyPC (formerly Backup Exec Desktop), Simple Backup and MS Backup. Provides system tray access and background monitoring - warning you of files that haven't recently been backed up. Required unless you backup manually on a regular basis or have scheduled backups 83http://www.veritas.com/products/category/ProductDetail.jhtml?productId=storageguard0
313UpdateManager1 10sgtray.exe1 00353StorageGuard from Veritas (this version by Sonic). Free utility that integrates with Backup MyPC (formerly Backup Exec Desktop), Simple Backup and MS Backup. Provides system tray access and background monitoring - warning you of files that haven't recently been backed up. Required unless you backup manually on a regular basis or have scheduled backups 01
112hp center UI1 13ShadowBar.exe1 00 28User Interface for HP Center 01
1 5win321 30Shakira_1997_Part_1_.Mpeg_.scr1 00 27Added by the MYLIFE.N WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.mylife.n@mm.html0
1 5load=1 12shambl3r.exe1 00 25Added by the REMABL WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.remabl.worm.html0
1 9shambl3r*1 12shambl3r.exe1 00 44Added by the REMABL WORM! where * is 2 to 1176http://securityresponse.symantec.com/avcenter/venc/data/w32.remabl.worm.html0
1 9(Default)1 10Shania.vbs1 00 27Added by the SHANIA TROJAN!71http://securityresponse.symantec.com/avcenter/venc/data/vbs.shania.html0
112System Icons1 11shell16.exe1 00 67Added by the W32/Sdbot-VD WORM! Found in the Windows system folder.56http://www.sophos.com/virusinfo/analyses/w32sdbotvd.html0
1 6LTSMSG1 11Shell32.exe1 00 28Added by the LEMIR.B TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.lemir.b.html0
1 5Shell1 11Shell32.exe1 00 30Added by the BADSECTOR TROJAN!44http://www.f-secure.com/v-descs/badsec.shtml0
110Shellapi321 14Shellapi32.exe1 00 40Added by the NETDEVIL (or NERTE) TROJAN!78http://securityresponse.symantec.com/avcenter/venc/data/backdoor.netdevil.html0
1 7ShellEx1 11ShellEx.exe1 00 27Added by the ANAKHA TROJAN!63http://www.symantec.com/avcenter/venc/data/backdoor.anakha.html0
1 8Explorer1 12shellexp.exe1 00 41Added by a variant of the SHELDOR TROJAN!63http://www.symantec.nl/avcenter/venc/data/backdoor.sheldor.html0
1 8Explorer1 13shellexpl.exe1 00 39Added by the GPIX and SHELDOR VIRUSES!45http://www.z-virus.com/Eng-virus-HTM/gpix.htm0
1 8ShellApi1 12SHELLMSN.EXE1 00 29Added by the NETDEV.B TROJAN!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_NETDEV.B0
111shellsystem1 15shellsystem.exe1 00 27Added by the UPCHAN TROJAN!74http://securityresponse.symantec.com/avcenter/venc/data/trojan.upchan.html0
2 7shicoxp1 11shicoxp.exe1 00262Installed with the drivers for multi card readers of various brands. To differentiate between the various card slots on multi slot readers the shicoxp.exe file assigns and loads unique drive icons for the various card slots that are displayed in Windows Explorer 01
1 5Shine1 9Shine.exe1 00 41Added by the HAPPYLOW (or NISHE-A) VIRUS!78http://securityresponse.symantec.com/avcenter/venc/data/w32.hllc.happylow.html0
1 5Tiger1 9Shine.exe1 00 41Added by the HAPPYLOW (or NISHE-A) VIRUS!78http://securityresponse.symantec.com/avcenter/venc/data/w32.hllc.happylow.html0
0 7SHINITV1 11shinitv.exe1 00 2?? 01
1 6WinSrv1 11SHIZZLE.EXE1 00 27Added by the HOBBIT.C WORM!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_HOBBIT.C0
115Sub Connections1 10shmyga.exe1 00383Added by an unknown Trojan Downloader. It installs itself as a service with a servicename of Pro. Shmyga.exe is located in the Windows system folder. When executed it downloads zalupen.exe from a website which then copies two files, serve.exe and serve.dll to the Windows system folder and starts serve.exe. Serve.exe listens on port 80 and udp port 53 and appears to be a backdoor. 01
212ShortKeys 991 12SHORTKEY.EXE1 00 88ShortKeys from Insight Software Solutions - allows you to program keys with text strings25http://www.shortkeys.com/0
110hellodolly1 9shost.exe1 00 23Added by the YODO WORM!72http://securityresponse.symantec.com/avcenter/venc/data/w32.yodo@mm.html0
110Showbehind1 14SHOWBEHIND.EXE1 00 47Advertisement display which can be stopped here38http://www.showbehind.com/adremove.exe0
310Cyber Trio1 12showmode.exe1 00246From G-Tek Technologies. Allows you to set the PC in one of three modes, Standard, Enhanced and Kiddo. Standard is full function, Enhanced prevents accidental damage and Kiddo is a play environment for kids. Pre-installed on some Packard Bell PCs 01
3 6SHPC321 10SHPC32.exe1 00157Port monitor for Lexmark printers on a USB connection. Ties in with the Printer Control Program. Features like cancelling a print are unavailable if disabled 01
2 8RHSI SHS1 7SHS.exe1 00232Rogers Hi-Speed Internet software. "Should you ever lose access to your Rogers Hi-Speed Internet connection or e-mail, the Self-Healing Software (SHS.exe) will automatically repair your settings to get you up and running in a flash"75http://www.rogershelp.com/help/content/download/software/softwareinfo.shtml0
4 9ShStatEXE1 10SHSTAT.EXE1 00175From McAfee VirusScan NT 4.x. Handles program communication among VShield components, displays VShield icon. Can be started automatically or available via Start -> Programs 01
313Shutdownaware1 17shutdownaware.exe1 00111Loaded by the SWEEX 6-in-1 Media Card Reader to properly manage the reader while it is connected to your system45http://www.sweexeurope.com/product.asp?pid=980
311ShutDownPro1 15ShutDownPro.exe1 00 71ShutDownPro - shutdown, reboot, logoff your System with one mouse click55http://home.tiscali.de/kurtzimmermann/shutdownpro_e.htm0
056ShowIcon_SmartDisk Corporation_USB Card Reader v1.14e0511 11shwicon.exe1 00 50Card reader for memory cards from digital cameras. 01
3 9Sunkist2k1 13shwicon2k.exe1 00 54Card reader for memory cards from digital cameras, etc 01
3 7Sunkist1 13shwicon98.exe1 00 54Card reader for memory cards from digital cameras, etc 01
1 5Sicom1 9Sicom.exe1 00 25Added by the NETLIP WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.netlip.worm.html0
021Install Pending Files1 12sifxinst.exe1 00139Uninstall program for Lanovation's Prism Deploy and Prism Pack adminstrators software deployement tools. For specific information see here.26http://www.lanovation.com/0
0 4SigX1 8sigx.exe1 00 2?? 01
1 5SigXC1 8SigX.exe1 00198SigX is a "dynamic signature image generated based on whatever data your computer sends it though our SigX program. It can display your current Mp3, current OS, Free Ram, your current time and more"22http://sigx.yuriy.net/0
323Compaq Knowledge Center1 21silent.exe&matcli.exe1 00681"matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, state, etc and gets written to a log file while silent.exe executes matcli.exe quietly in the background. Compaq Knowledge Center is required to run with the Help and Support program. If you uncheck Compaq Knowledge Center and and then run help and Support it will add another Compaq Knowledge Center in the startup menu. If you remove the Compaq Knowledge Center in the add/remove program some help menus in help and support will not be available like Fix my Presario, Preference, and Contact Technical Support". You decide 01
2 7Simcast1 17SimcastAlerts.exe1 00198Simcast is a free service that allows you to subscribe to information on a large variety of topics. Alerts will appear on your desktop when a channel that you have subscribed to has something to say35http://www.simcast.com.au/index.jsp0
312SimpLite-MSN1 16SimpLite-MSN.exe1 00116Required if you use the SimpLite add-on to MSN Messenger (SimpLite adds encryption to the instant messaging service) 01
1 9Singapore1 13singapore.exe1 00289Adds a blue crescent to the taskbar and when double-clicked displays an adult-content web-site. Also known to drop your internet connection and dial an international telephone number. See here for more information. Must be disabled in MSCONFIG before un-installing or it re-instates itself138http://groups.google.com/groups?q=singapore+singapore.exe&hl=en&lr=&safe=off&selm=38b007ea@news.swiftech.com.sg&rnum=10
3 5SIPPS1 15SIPPS\SIPPS.exe1 00 29Web.de Internet phone utility 01
0 8SISAM10M1 12SISAM10M.exe1 00 2?? 01
313siService.exe1 13siService.exe1 00 41Spam Inspector - anti email spam software70http://www.giantcompany.com/(xg1iwg55yqze3245i5lvaqbb)/p_features.aspx0
011SiSSetCDfmt1 15SiSSetCDfmt.exe1 00 59Related to a Silicon Integrated Systems Corp (SiS) product? 01
125Windows Ba■lang²τ Dosyas²1 10sistem.exe1 00 23Added by the MUZK WORM!73http://securityresponse.symantec.com/avcenter/venc/data/w32.muzk.irc.html0
111sistrai.exe1 11sistrai.exe1 00 27Added by the PROVA TROJAN!73http://securityresponse.symantec.com/avcenter/venc/data/trojan.prova.html0
3 8SiS Tray1 11sistray.exe1 00 81System Tray icon for SiS based graphics. Note - this resides in C:\Windows\System 01
1 7sistray1 11sistray.exe1 00 27Added by the PROVA TROJAN!73http://securityresponse.symantec.com/avcenter/venc/data/trojan.prova.html0
3 7sistray1 11sistray.exe1 00 81System Tray icon for SiS based graphics. Note - this resides in C:\Windows\System 01
1 6sistry1 10sistry.exe1 00 23Added by the CEBE WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.cebe.html0
2 8SiSUSBRG1 12SiSUSBrg.exe1 00 98SiS USB Registry Patch File - fixes the undetectable problem with SiS USB controller on Windows XP 01
323Hot Key Kbd 2690 Daemon1 12SK9910DM.exe1 00 66Multimedia keyboard manager - required if you use any special keys 01
325Hot Key Keybd 9910 Daemon1 12SK9910DM.exe1 00 66Multimedia keyboard manager - required if you use any special keys 01
3 8SK9910DM1 12SK9910DM.EXE1 00131Multi-function keyboard driver. Allows the use of programmable keys on mulimedia keyboards. Required if you use the additional keys 01
1 36661 7Ska.exe1 00 26Added by the PIPES TROJAN!55http://www.sophos.com/virusinfo/analyses/trojpipes.html0
3 8SKDAEMON1 12SKDAEMON.EXE1 00137Multi-function keyboard driver. Allows the use of programmable keys on mulimedia keyboards. Required if you use the additional keys 01
320HalifaxHowardCluster1 12skinkers.exe1 00135Howard the Weatherman desktop client from Halifax by Skinkers - marketing/messaging tool. Leave enabled if you want to receive messages36http://www.skinkers.com/clients.html0
3 8skinkers1 12skinkers.exe1 00189Selection of desktop messaging/marketing tools with celebrity tie-ins including MTV's "Desktop Ozzy" and Arsenal's "Desktop Wenger" - see here. Leave enabled if you want to receive messages12Desktop Ozzy0
113skynetave.exe1 13skynetave.exe1 00 27Added by the SASSER.D WORM!73http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.d.html0
2 5Skype1 9Skype.exe1 00118"Skype is free and simple software that will enable you to make free calls anywhere in the world in minutes"21http://www.skype.com/0
1 9RA Server1 9Slave.exe1 00 23Added by the RA TROJAN!46http://www.avp.ch/avpve/trojan/backdoor/ra.stm0
115Systems Restart1 11slchost.exe1 00 30Added by the BANCOS.RF TROJAN!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_BANCOS.RF0
212SleepManager1 12SleepMgr.exe1 00184This program locates free contiguous disk spaces and allocates them for storing BASE MEMORY, EXTENDED MEMORY, VIDEO MEMORY, and SM RAM. It helps the computer come out of hibernate mode 01
012SelfHostUtil1 12slefhost.exe1 00 2?? 01
133Microsoft Synchronization Manager1 10slhost.exe1 00 27Added by the SDBOT.YH WORM!88http://it.trendmicro-europe.com/consumer/security_info/ve_detail.php?Vname=WORM_SDBOT.YH0
2 6slimp31 17SliMP3 Server.exe2 00221Slimp3 Server - "presents an entirely new way of accessing and enjoying your music collection. Instead of storing your music on CDs or memory cards, the SliMP3 uses your home network to access the music stored on your PC"41http://www.macupdate.com/info.php/id/89730
2 9Slingshot1 12SLINGS~1.EXE1 00158Atomica Slingshot - "reference tool with access to dictionary and encyclopedia terms, bios, technical terms, history, geography, and much more"55http://www.atomica.com/us/products/slingshot/index.html0
1 5slmss1 9slmss.exe1 00 48SeekSeek search hijacker related - as seen here115http://www.net-integration.net/cgi-bin/forum/ikonboard.cgi?act=ST&f=32&t=6790&st=0&&#entry345430
110slvchost321 14slvchost32.exe1 00 47Added by an unidentified VIRUS, WORM or TROJAN! 01
0 5SM1BG1 9SM1BG.EXE1 00131USB driver for downloading from within Napster to portable MP3 players. Is it required to run at startup or can it be run manually? 01
2 7Sm56acl1 12sm56hlpr.exe1 00 83Helper utility for Motorola based SM56 software modems - resides in the System Tray 01
4 8Smserial1 12sm56hlpr.exe1 00 27Motorola based modem driver 01
121Windows Smart Manager1 9smart.exe1 00 26Added by the RBOT-SL WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotsl.html0
316dRMON SmartAgent1 12SmartAgt.exe1 00 87Part of the network monitoring program group for 3Com NIC cards. See here for more info78http://support.3com.com/infodeli/tools/netmgt/rmonprob/product/drmon/chap1.htm0
210SmartBarXP1 14SmartBarXP.exe1 00286SmartBarXP is a bar that runs down the side of your screen, and can be configured to display interactive panels known as 'panes'. These panes include media players, slideshow and image viewing panes, a virtual desktop manager, and live news, weather and stock feeds to mention but a few56http://www.smartbarxp.com/cgi-bin/cws/home.php?page=desc0
216Lotus QuickStart1 12smartctr.exe1 00224Lotus central application, called SmartCenter, which runs on the Windows desktop. SmartCenter toolbar stretches across the top or, optionally, the bottom of the screen. Uses a lot of resources. Available via Start - Programs 01
2 9sMaRTcaPs1 12SMARTC~1.EXE1 00118sMaRTcaPs from Phoebus LLC - enables you to configure the time needed to depress Caps Lock, Num Lock & Insert keys52http://www.phoebusllc.com/index.htm#SC%20Description0
3 8SPSTEALT1 21SmartProtectorPro.exe1 00 78Smart Protector Pro - internet privacy tool that erases tracks, MRU lists, etc42http://smartprotector.com/eraser/index.htm0
428SkySurfer Management Service1 11SmaServ.exe1 00120For Gilat Communications internet satellite systems - associated with SkyBlaster modem. Required if you have this system 01
2 5SMax41 9SMax4.exe1 00120System Tray icon for SoundMax integrated sound. Sound properties can be accessed through the Start Menu or Control Panel 01
2 8SoundMAX1 9SMax4.exe1 00120System Tray icon for SoundMax integrated sound. Sound properties can be accessed through the Start Menu or Control Panel 01
3 8SMax4PNP1 12SMax4PNP.exe1 00112SoundMax integrated sound. Required if you have custom settings for your sound, such as effects and environments 01
311SoundMAXPnP1 12SMax4PNP.exe1 00112SoundMax integrated sound. Required if you have custom settings for your sound, such as effects and environments 01
0 7smbdpmi1 11smbdpmi.exe1 00 65IBM Netfinity Director and Universal Management Services related. 01
4 3smc1 7smc.exe1 00 15Sygate Firewall 01
411SMC Service1 7smc.exe1 00 15Sygate Firewall 01
411SmcServices1 7smc.exe1 00 15Sygate Firewall 01
122Windows Update Service1 8smcg.exe1 00 27Added by the SDBOT.QY WORM!90http://fr.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_SDBOT.QY0
112blah service1 8smnp.exe1 00 26Added by the RBOT.IZ WORM!76http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.IZ0
220ShockmachineReminder1 14SmReminder.exe1 00216Shockmachine is an entertainment playback device that lets you save your favorite Shockwave.com titles and play them back in full-screen mode, off-line, anytime. Could be a registration reminder for the trial version60http://www.shockwave.com/sw/downloads/collections/favorites/0
114KernelFaultChk1 7sms.exe1 00119Added by the DEADHAT WORM! Do not confuse with the valid "kernelfaultcheck" which runs "dumprep 0 -k" or "dumprep 0 -u"77http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.deadhat.html0
124Microsoft Virual Machine1 7sms.exe1 00 26Added by the RBOT-SP WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotsp.html0
117Win32 USB2 Driver1 8smsc.exe1 00 27Added by the SDBOT.FO WORM!85http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.FO&Vsect=T0
1 8GLSetT321 12smsiexec.exe1 00 28Added by the OPTIX-D TROJAN!56http://www.sophos.com/virusinfo/analyses/trojoptixd.html0
323SMS Win9x Message Agent1 10SMSMsg.exe1 00 63This program assigns a user to a Systems Management Server site 01
4 4run=1 12smsrun16.exe1 00225Microsoft Systems Management Server (SMS) related - program that reads SMSRUN16.INI on clients running Win 3.1, Windows for Workgroups, Win95, or OS/2 to create program groups on the client and then launch SMS client programs 01
1 9InteliSys1 8smss.exe1 00218Advertisingvision adware - file is located in C:\Windows or C:\Winnt, and not in it's System32 subdirectory, as is the case with the legitimate Smss.exe system file which would normally NOT figure in Msconfig/Startup!68http://www.liutilities.com/products/wintaskspro/processlibrary/smss/0
1 4SMSS1 8smss.exe1 00132Added by the FLOOD.F TROJAN! Note - this is not the legitimate Smss.exe system file should normally NOT figure in Msconfig/Startup!81http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.flood.f.html0
114_winsystem.sys1 8smss.exe1 00 93Added by the W32/Sober-K infection! File will be found in the %WINDIR%\msagent\win32 folder.55http://www.sophos.com/virusinfo/analyses/w32soberk.html0
113winsystem.sys1 8smss.exe1 00 93Added by the W32/Sober-K infection! File will be found in the %WINDIR%\msagent\win32 folder.55http://www.sophos.com/virusinfo/analyses/w32soberk.html0
1 5Debug1 8SMSS.exe1 00 65Added by the Adware.DreamAd adware. Found in the Windows folder.14Adware.DreamAd0
113_Services.dll1 8SMSS.EXE1 00105Added by the W32/Sober-L WORM! File is found in a subfolder of the Windows folder named \MSAGENT\SYSTEM.55http://www.sophos.com/virusinfo/analyses/w32soberl.html0
120Configuration Loader1 10smss32.exe1 00 28Added by the AGOBOT.MB WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.MB0
127Microsoft Internet Services1 10Smss32.exe1 00 26Added by the RBOT.MS WORM!89http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_RBOT.MS0
116Microsoft Update1 10Smss32.exe1 00 26Added by the RBOT.CB WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotcb.html0
1 4UsbD1 10smss32.exe1 00 84Adware downloader - recognized by Kaspersky antivirus as Trojan-Proxy.Win32.Agent.cj36http://www.kaspersky.com/personalpro0
1 9Microsoft1 14smssdriver.exe1 00126The Troj/Roneve-A TROJAN places the file into the Program files folder, creating a sub-folder it calls Xerox.nt when doing so.57http://www.sophos.com/virusinfo/analyses/trojronevea.html0
1 5SMSSS1 9smsss.exe1 00 27Added by the SDBOT.ZD WORM!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.ZD0
112SMSSS Loader1 9smsss.exe1 00 28Added by the AGOBOT.MQ WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.MQ0
115start uploading1 9smsss.exe1 00 37Added by a variant of the SDBOT WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.GEN0
1 6My App1 10SMSSvc.exe1 00 30Added by the NEGASMS.A TROJAN!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_NEGASMS.A0
2 5Smapp1 10smtray.exe1 00 82System Tray access for the Compaq/ADI SoundMAX integrated digital audio controller 01
112MicrosoftOEM1 9smvss.exe1 00 29Added by the DEDLER-G TROJAN!57http://www.sophos.com/virusinfo/analyses/trojdedlerg.html0
1 9MSInstall1 9smvss.exe1 00 29Added by the DEDLER-G TROJAN!57http://www.sophos.com/virusinfo/analyses/trojdedlerg.html0
110SoundMixer1 9smvss.exe1 00 29Added by the DEDLER-G TROJAN!57http://www.sophos.com/virusinfo/analyses/trojdedlerg.html0
113SunJavaUpdate1 9smvss.exe1 00 29Added by the DEDLER-G TROJAN!57http://www.sophos.com/virusinfo/analyses/trojdedlerg.html0
011CM-SmWizard1 12SmWizard.exe1 00130SmartWizard MFC Application - associated with C-Media who produce audio chipsets commonly used for on-board sound on motherboards. 01
0 8SmWizard1 12SmWizard.exe1 00130SmartWizard MFC Application - associated with C-Media who produce audio chipsets commonly used for on-board sound on motherboards. 01
121MS Sound Config 16bit1 12sndcfg16.exe1 00 29Added by the SDBOT.MB TROJAN!46http://www.f-secure.com/v-descs/sdbot_mb.shtml0
110WinProfile1 12sndcfg16.exe1 00 25Added by the SNDC.A WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=397710
1 9Sndcompat1 13Sndcompat.exe1 00 25Added by the GEMA TROJAN!72http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html0
112Sound Loader1 13sndloader.exe1 00 28Added by the AGOBOT-BV WORM!57http://www.sophos.com/virusinfo/analyses/w32agobotbv.html0
3 6SNDMon1 10SNDMon.exe1 00381Part of Symantec's LiveUpate (eg, Norton). Not required if you run manual upadtes but probably require if you leave them to run automatically. Also, if one runs a small office network and SNDMon is disabled on one of the computers û then other computers disappear from the network for this computer, including shared devices like printers and scanners. Hence the "U" recommendation 01
326Symantec NetDriver Monitor1 10SNDMon.exe1 00381Part of Symantec's LiveUpate (eg, Norton). Not required if you run manual upadtes but probably require if you leave them to run automatically. Also, if one runs a small office network and SNDMon is disabled on one of the computers û then other computers disappear from the network for this computer, including shared devices like printers and scanners. Hence the "U" recommendation 01
120Windows Sound Driver1 12SndMon32.exe1 00 38Added by a variant of the SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
121Windows Sound Manager1 12SndMon32.exe1 00 28Added by the FORBOT-BU WORM!57http://www.sophos.com/virusinfo/analyses/w32forbotbu.html0
1 8Sndsaver1 12Sndsaver.exe1 00 25Added by the GEMA TROJAN!72http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html0
0 7sndsrvc1 11SNDSRVC.EXE1 00 61Part of Norton Personal Firewall and Norton Internet Security 01
320SystemWizard Sniffer1 11Sniffer.exe1 00103SystemWizard for Win98/ME from SystemSoft - diagnoses and solves hardware and software problems on a PC59http://www.systemsoft.com/l-2/l-3/products-systemwizard.htm0
116Microsoft Update1 12snlogsvc.exe1 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 7SysTray1 11Snnpapi.exe1 00 32Added by an unidentified TROJAN! 01
2 7Snsicon1 11Snsicon.exe1 00 49Launches a screensaver program from Second Nature 01
115System Soap Pro1 8soap.exe1 00102System Soap Pro internet cleaning software. Bundles foistware like HTTPER and Zipclix - best avoided26http://www.systemsoap.com/0
119Norton Live Updater1 11Sochost.exe1 00 28Added by the GAOBOT.AO WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.ao.html0
1 6Sock321 10sock32.exe1 00 26Added by the SDBOT TROJAN!75http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.html0
412SoDA Startup1 15SodaStartup.exe1 00146Used by the Rational SoDA project management tool. Unsure of it's actual purpose but it's recommended you leave it enabled if you use the software47http://www.rational.com/products/soda/index.jsp0
2 7soffice1 11SOFFICE.EXE1 00330Displays StarOffice quick start applet in System tray. Right clicking on the icon allows rapid starting up of components of the StarOffice 6.0 suite. Available via Start -> Programs. Automatically started when any StarOffice 6.0 component is started from the Start -> Programs. A resource hog (it eats > 16 MB of memory). 01
1 8hErcUnes1 12softhost.exe1 00 26Added by the GARROCH WORM!62http://www.symantec.com/avcenter/venc/data/w32.garroch@mm.html0
1 8Software1 12software.exe1 00 30Added by the CRABTON-B TROJAN!58http://www.sophos.com/virusinfo/analyses/trojcrabtonb.html0
023SO5 Integrator Pass One1 11sointgr.exe1 00 39StarOffice 5. See here for more details 7#FF00000
023SO5 Integrator Pass Two1 11sointgr.exe1 00 39StarOffice 5. See here for more details 7#FF00000
312SoloSchedule1 11Solocfg.exe1 00136Scheduler for a target="_blank" href="http://www.srnmicro.com/"Solo Antivirus. Leave enabled unless you scan manually on a regular basis 01
0 7SonnReg1 11SonnReg.exe1 00 78Part of E-Color 3Deep for color calibration. Possibly a registration reminder?97http://www.ecolor.com/page.asp?content=colorific_and_3deep&lev1=1&lev2=1_4&lev3=1_4_10
0 8sophagnt1 12sophagnt.exe1 00 53Possibly related to Sophocles Screenwriting Software? 7#FF00000
1 3SOS1 7SOS.exe1 00 26Added by the PHILIS VIRUS!76http://securityresponse.symantec.com/avcenter/venc/data/w32.hllp.philis.html0
128Microsoft Server Application1 9Sound.exe1 00 26Added by the RBOT-NE WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotne.html0
122Microsoft Sound Driver1 11sound32.exe1 00 38Added by a variant of the SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
114Sound services1 11SOUND32.EXE1 00 28Added by the AGOBOT.GG WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GG0
111Micr Update1 16soundblaster.exe1 00 27Added by the SDBOT.NP WORM!90http://no.trendmicro-europe.com/enterprise/security_info/ve_detail.php?VName=WORM_SDBOT.NP0
111soundcontrl1 15soundcontrl.exe1 00 29Added by the GAOBOT.AFJ WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.afj.html0
011SISSoundman1 12Soundman.exe1 00 59Related to a Silicon Integrated Systems Corp (SiS) product? 01
2 8soundman1 12soundman.exe1 00127System Tray icon for the Realtek AC97 Audio Sound Manager for AC97 onboard audio. Available via Start - Settings- Control Panel 01
1 9soundtask1 13soundtask.exe1 00 28Added by the AGOBOT-MD WORM!57http://www.sophos.com/virusinfo/analyses/w32agobotmd.html0
110soundtasks1 14soundtasks.exe1 00 43Added by a variant of the CRYPTER.C TROJAN!58http://www.sophos.com/virusinfo/analyses/trojcrypterc.html0
111soundtctrls1 15soundtctrls.exe1 00 28Added by the AGOBOT-ZV WORM!57http://www.sophos.com/virusinfo/analyses/w32agobotzv.html0
1 8sounofts1 12sounofts.exe1 00 28Added by the AGOBOT-ND WORM!57http://www.sophos.com/virusinfo/analyses/w32agobotnd.html0
311SP TimeSync1 15SP TimeSync.exe2 00 99SP TimeSync lets you synchronize your computer's clock with any Internet atomic clock (time server)33http://www.spdialer.com/timesync/0
1 2sp1 6sp.reg1 00 80IE search hijacker - changes the default search to http://www.gocybersearch.com/ 01
1 7SP00LSV1 11Sp00lsv.exe1 00 31Added by the GRAYBIRD.E TROJAN!80http://securityresponse.symantec.com/avcenter/venc/data/backdoor.graybird.e.html0
1 9MSLARISSA1 13SP00Lsv32.pif1 00148Added by the W32/Assiral-B WORM! This worm will also install and run a file C:\WINDOWS\WinVBS.vbs to restrict user activity and terminate processes.57http://www.sophos.com/virusinfo/analyses/w32assiralb.html0
116Cinnabd Prompt321 13SP00Lsv32.pif1 00148Added by the W32/Assiral-B WORM! This worm will also install and run a file C:\WINDOWS\WinVBS.vbs to restrict user activity and terminate processes.57http://www.sophos.com/virusinfo/analyses/w32assiralb.html0
124(L4r1$$4) (4nt1) (V1ruz)1 13SP00Lsv32.pif1 00144Added by the W32/Assiral-B WORM! This worm will terminate processes and also install/run a file C:\WINDOWS\WinVBS.vbs to restrict user activity.57http://www.sophos.com/virusinfo/analyses/w32assiralb.html0
124Microsoft Update Machine1 7SP2.exe1 00 28Added by the SPYBOT.FP WORM!91http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_SPYBOT.FP0
1 6sp2ctr1 10sp2ctr.exe1 00 28Added by the DLUCA-M TROJAN!56http://www.sophos.com/virusinfo/analyses/trojdlucam.html0
1 9sdfsdfsdf1 13sp2update.exe1 00 38Added by a variant of the SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
118Windows SP2 Update1 13Sp2update.exe1 00 29Added by the WOOTBOT.BS WORM!90http://es.trendmicro-europe.com/consumer/security_info/ve_detail.php?Vname=WORM_WOOTBOT.BS0
115Winsock32driver1 15sp2XPupdate.exe1 00 47Added by an unidentified VIRUS, WORM or TROJAN! 01
1 6Win3861 8sp32.dll1 00 54Homepage hijacker. Not a dll but a regfile in disguise 01
115Systems Restart1 11spchost.exe1 00 43Added by a variant of the BANCOS.RF TROJAN!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_BANCOS.RF0
321Speaking Clock Deluxe1 11SpClDlx.exe1 00219Speaking Clock Deluxe - turns your computer into a speaking clock with several languages. It can also keep track of up to 50 alarms that can be set to a time and a date, and be repeated daily, weekly, monthly and yearly33http://www.lux-aeterna.com/clock/0
2 8Spdstart1 12Spdstart.exe1 00134Norton Utilities Speed Start. "This feature optimizes the start up speed of launching applications, such as Word and Excel." 01
211DSL Monitor1 11spdstrm.exe1 00 94Comes with Efficient Networks DSL Modems. Little red/green/yellow flashing icon in system tray 01
1 9PcEXPLODE1 15specialfile.exe1 00 26Added by the RBOT.RH WORM!87http://it.trendmicro-europe.com/consumer/security_info/ve_detail.php?Vname=WORM_RBOT.RH0
113SpecialOffers1 30SpecialOffers*.exe [* = digit]2 00178Specialoffersnetworks.com adware. "Special Offers is a state of the art advertising product that delivers to you contextually relevant web offers including discounts and coupons" 01
113SpecialOffers1 17SpecialOffers.exe1 00178Specialoffersnetworks.com adware. "Special Offers is a state of the art advertising product that delivers to you contextually relevant web offers including discounts and coupons" 01
221FastTrack Accelerator1 12SPEED UP.EXE2 00146FastTrack Accelerator - "speedup" utility for programs that use the FastTrack network such as KaZaA Media Desktop, Grokster and Morpheus40http://www.sharemonkey.com/fta/index.php0
325Microsoft Intellitype Pro1 12speedkey.exe1 00 57Additional keyboard shortcuts on MS programmable keyboard 01
3 8Speedkey1 12SPEEDKEY.EXE1 00 57Additional keyboard shortcuts on MS programmable keyboard 01
310SpeedMeter1 14SpeedMeter.exe1 00 47Application measuring upload and download speed 01
214T-DSL SpeedMgr1 12speedmgr.exe1 00 98T-Online ISP SpeedManager - shows upload and download speed. Also checks for updates automatically 01
3 9Speed Tec1 12speedtec.exe1 00248Accel SpeedTec from Montana Software speeds up your modem. SpeedTec modifies the Internet Protocol settings in the Windows registry to speed downloads on all modems. If you find this improves your connectivity and download speeds leave this enabled45http://www.montanasoft.com/speedtec/index.asp0
1 6Spees21 10Speedy.bat1 00 29Added by the OPASERV.AD WORM!81http://securityresponse.symantec.com/avcenter/venc/data/w32.opaserv.a.d.worm.html0
1 6Spees31 10SPEEDY.PIF1 00 29Added by the OPASERV.AD WORM!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.AD0
1 6Spees11 10speedy.scr1 00 28Added by the OPASERV.Y WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.Y0
3 8zSPGuard1 11Spguard.exe1 00241"StartPage Guard (SPG) protects your PC from cyberscam, by detecting and preventing any unauthorized changes to your internet browser's Start and Search pages. It is also capable of removing automatically most of known 'invaders'."38http://pjwalczak.com/spguard/index.php0
410SpIDerMail1 12spiderml.exe1 00 42DrWeb antivirus Spider Mail e-mail scanner38http://www.drweb-online.de/index_e.htm0
212Spinner Plus1 11spinner.exe1 00351"Spinner Plus lets you listen to over 100 channels of music broadcast from Spinner.com. Spinner Plus uses RealNetwork's G2 technology to provide high-quality online audio. The technology adjusts the audio streaming to match your Internet connection speed, which helps eliminate sound distortion or choppiness". Available via Start - Programs 01
225Introducing Media Manager1 11SPLASHA.EXE1 00 35MS Media Manager tour. Not required69http://www.frontpageworld.com/frontpagetools/mediamanager/default.htm0
314SpeedOptimizer1 7spo.exe1 00162SpeedOptimizer is designed to optimize and speed-up your Internet data transmission including browsing, streaming, downloading, uploading and e-mail communication30http://www.speedoptimizer.com/0
312SpokeSysTray1 16SpokeSysTray.exe1 00286Spoke Software client application. Spoke "uses data in your e-mail and other enterprise information systems to discover the existing relationships of people in your enterprise. It then builds a private, secure relationship network for each user without any additional manual data entry"48http://www.spoke.com/products/enterpriseFAQ.html0
111helpmanager1 10spoler.exe1 00 27Added by the RANDEX.J WORM!73http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.j.html0
115Shell Extension1 11spollsv.exe1 00 39Added by a variant of the LOVGATE WORM!80http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.lovgate@mm.html0
112SpoolService1 10spolsv.exe1 00 28Added by the AGOBOT-CS WORM!57http://www.sophos.com/virusinfo/analyses/w32agobotcs.html0
115Winsock2 driver1 10SPOLSV.EXE1 00 28Added by the SPYBOT-CM WORM!57http://www.sophos.com/virusinfo/analyses/w32spybotcm.html0
1 2[]1 12spolsvr2.exe1 00 32Added by the EVILSOCK.10 TROJAN! 01
1 7spoo1sv1 11spoo1sv.exe1 00 28Added by the SOULJET TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.souljet.html0
123SpoolerSubSystemProcess1 11SpooI32.exe1 00154Added by the EHKS.21 keylogger! Note - the "I" between "o" and "3" is a captial "i" not a lower case "L"49http://www.pestpatrol.com/pestinfo/e/ehks_2_1.asp0
121Printer spool Service1 9spool.exe1 00 37Added by a variant of the SDBOT WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.GEN0
112Spool lptt011 9spool.exe1 00184Variant of the RapidBlaster parasite (in a "spool" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here49http://www.doxdesk.com/parasite/RapidBlaster.html0
112Spool ml097e1 9spool.exe1 00184Variant of the RapidBlaster parasite (in a "spool" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here49http://www.doxdesk.com/parasite/RapidBlaster.html0
126Spooler Sub System Process1 11SPOOL32.EXE1 00 26Added by the YAB.A TROJAN!74http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_YAB.A0
114system service1 12spoolcrv.cpl1 00 30Added by the INSPIR.11 TROJAN! 01
115Printer Spooler1 11spooler.exe1 00 77Added by the Troj/Delf-JJ Trojan! File is found in the root of the C: drive.56http://www.sophos.com/virusinfo/analyses/trojdelfjj.html0
120System Tray Services1 13spooles32.exe1 00 28Added by the AGOBOT.ZH WORM!86http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.ZH&VSect=T0
1 8vscanner1 12spooll32.exe1 00 32Added by the OPTIXPRO.10 TROJAN!80http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_OPTIXPRO.100
115spoolsv manager1 12SpoolMgr.exe1 00 75Added by the W32/Assiral-A Infection! File is found in the Windows folder.57http://www.sophos.com/virusinfo/analyses/w32assirala.html0
124Microsoft Windows Update1 10spools.exe1 00 27Added by the SDBOT.TD WORM!99http://uk.trendmicro-europe.com/enterprise/security_info/virus_encyclopedia.php?VName=WORM_SDBOT.TD0
113Print Spooler1 10spools.exe1 00 26Added by the RBOT-LD WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotld.html0
117Microsoft DirectX1 13Spoolserv.exe1 00 25Added by the DINFOR WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.dinfor.worm.html0
1 7reggsdg1 13spoolserv.exe1 00 27Added by the SDBOT-MS WORM!56http://www.sophos.com/virusinfo/analyses/w32sdbotms.html0
1 9spoolserv1 13spoolserv.exe1 00 27Added by the SDBOT-PN WORM!56http://www.sophos.com/virusinfo/analyses/w32sdbotpn.html0
132Microsoft Spool Server for Win321 12spoolsrv.exe1 00 27Added by the RANDEX.H WORM!73http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.h.html0
115Spooler Service1 12Spoolsrv.exe1 00 30Added by the JOINER.C1 TROJAN!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_JOINER.C10
115Windows Spooler1 12SPOOLSRV.EXE1 00 27Added by the SPYBOT.P WORM!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.P0
119Srv32 spool service1 14spoolsrv32.exe1 00 93Topantispyware.com malware, recognized by Kaspersky antivirus as Trojan-Clicker.Win32.Spyre.b36http://www.kaspersky.com/personalpro0
1 6System1 11SPOOLSU.EXE1 00 90Added by the Troj/Banker-BJ password stealing Trojan! File is found in the Windows folder.58http://www.sophos.com/virusinfo/analyses/trojbankerbj.html0
1 5load=1 11Spoolsv.exe1 00162Added by the CIADOOR.B TROJAN! Note - "Spoolsv.exe" is located in the Windows or Winnt directory, and not in System32, like the legitimate Spoolsv.exe system file79http://securityresponse.symantec.com/avcenter/venc/data/backdoor.ciadoor.b.html0
113Print Spooler1 11Spoolsv.exe1 00162Added by the CIADOOR.B TROJAN! Note - "Spoolsv.exe" is located in the Windows or Winnt directory, and not in System32, like the legitimate Spoolsv.exe system file79http://securityresponse.symantec.com/avcenter/venc/data/backdoor.ciadoor.b.html0
1 7Spoolsv1 11Spoolsv.exe1 00163Added by the CIADOOR.121 VIRUS! Note - "Spoolsv.exe" is located in the Windows or Winnt directory, and not in System32, like the legitimate Spoolsv.exe system file 01
118Microsoft MSUPDATE1 12SpoolSvc.exe1 00 27Added by the SXTB-A TROJAN!55http://www.sophos.com/virusinfo/analyses/trojsxtba.html0
119SPOOL Configuration1 12spoolsvc.exe1 00 27Added by the SDBOT-KD WORM!56http://www.sophos.com/virusinfo/analyses/w32sdbotkd.html0
120Spooler Subsytem App1 12spoolsvc.exe1 00 27Added by the SDBOT-MM WORM!57http://www.sophos.com/virusinfo/analyses/trojsdbotmm.html0
118Win32 System Spool1 12spoolsvc.exe1 00 27Added by the SDBOT.UK WORM!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.UK0
113Print Spooler1 14spoolsvc32.exe1 00 29Added by the SDBOT.BB TROJAN!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.BB0
1 6SYStry1 12spoolsvr.exe1 00 27Added by the SDBOT.GN WORM!88http://www.pandasoftware.com/virus_info/encyclopedia/overview.aspx?lst=det&idvirus=429840
1 8Winspool1 12spoolsvr.exe1 00 37Added by a variant of the SDBOT WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.GEN0
1 5ALG321 12SPOOLSVU.EXE1 00 90The Troj/Agent-CJ TROJAN drops this file, alg32.exe and htass.dll into the Windows folder.57http://www.sophos.com/virusinfo/analyses/trojagentcj.html0
116start extracting1 12spoolvse.exe1 00193Added by the W32/Rbot-XF WORM/backdoor Trojan. It allows unauthorized access by malicious user(s) of the IRC network, killing processes and participating in DoS attacks among other activities.55http://www.sophos.com/virusinfo/analyses/w32rbotxf.html0
112Service Host1 11spoolxx.exe1 00 25Added by the TORVEL WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.torvel@mm.html0
0 7TSPower1 10spower.drv1 00 55Found on a Toshiba laptop. Related to power management? 01
0 9sppbridge1 13sppbridge.exe1 00166Associated with an Anycom bluetooth wireless card on laptops - used for printing to portable printers for example. Is it required or can it be started manually? 01
2 6csaRem1 12spqmdmui.exe1 00 30Compaq modem country selection 01
126Microsoft Windows Security1 11spvsper.exe1 00 37Added by a variant of the SDBOT WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.GEN0
3 61Srv321 13SpyAgent4.exe1 00121SpyTech SpyAgent monitoring software. "Spy software that allows you to monitor EVERYTHING users do on your PC."41http://www.spytech-web.com/spyagent.shtml0
3 8Srv32Win1 13SpyAgent4.exe1 00146SpyAgent - monitoring software that creates records of everything people do on a computer, ie, spying or monitoring depending upon how you call it41http://www.spytech-web.com/spyagent.shtml0
1 7Printer1 14Spyassault.exe1 00 60Dubious "spyware killer" - see here. To be avoided80http://www.spywareinfo.com/yabbse/index.php?board=9;action=display;threadid=46960
1 8SpyBlast1 12SpyBlast.exe1 00 90Spyware killer that is in effect autoinstalled foistware, targeted by SpyBot, among others 01
311Spy Blocker1 14spyblocker.exe1 00319SpyBlocker blocks the communications of spyware installed on a PC so spyware runs but can't exchange data with the server to which it should report. Ensuring spyware can't communicate is important, as you may find after using Ad-Aware that some applications containing spyware subsystems may not run correctly or at all47http://personal.atl.bellsouth.net/mia/k/r/kryp/0
3 9SpyBotSnD1 12Spybotsd.exe1 00 82Spybot - Search & Destroy - free multi-spyware removal tool from Patrick Kolla34http://spybot.safer-networking.de/0
114Spybott lptt011 11spybott.exe1 00186Variant of the RapidBlaster parasite (in a "Spybott" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here49http://www.doxdesk.com/parasite/RapidBlaster.html0
114Spybott ml097e1 11spybott.exe1 00186Variant of the RapidBlaster parasite (in a "Spybott" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here49http://www.doxdesk.com/parasite/RapidBlaster.html0
314Spyware Doctor1 13spydoctor.exe1 00 30Spyware Doctor spyware remover38http://www.pctools.com/spyware-doctor/0
2 9SpyHunter1 13SpyHunter.exe1 00 64SpyHunter - spyware remover of somewhat dubious repute, see note60http://www.spywarewarrior.com/rogue_anti-spyware.htm#sh_note0
3 9Spykiller1 13Spykiller.exe1 00119Shareware "Spyware remover" of questionable quality and repute. There are better alternatives that are freeware to boot 01
1 8SpyNuker1 12Spynuker.exe1 00314A "spyware removal program" by TrekBlue, which is being heavily advertised through junk e-mail from its affiliates and misleading fake-dialogue-box web advertising. This is the same company as E-mail marketers æTrekDataÆ and æBlue Haven MediaÆ, who distribute spyware through ActiveX drive-by-download on web pages 01
210SpySpotter1 14SpySpotter.exe1 00 99Spyware remover of dubious repute, see this list of Rogue/Suspect Anti-Spyware Products & Web Sites52http://www.spywarewarrior.com/rogue_anti-spyware.htm0
310SpyStopper1 14spystopper.exe1 00138SpyStopper - blocks intrusive spyware, Web bugs, worms, scripts, advertisements, and cookies. Protects you from being profiled and tracked36http://www.itcompany.com/Privacy.htm0
311SpySubtract1 10SpySub.exe1 00 40SpySubtract - multi spyware removal tool37http://www.intermute.com/spysubtract/0
310SpySweeper1 14SpySweeper.exe1 00 41Spy Sweeper - detects and removes spyware55http://www.webroot.com/wb/products/spysweeper/index.php0
1 7Spyware1 11Spyware.exe1 00142p align=leftBPS Spyware Remover - reportedly uses an old, "borrowed" SpyBot database. Read this and this. Do not support these guys!104http://www.net-integration.net/cgi-bin/forums/ikonboard.cgi?s=3e746190523affff;act=ST;f=28;t=1546;hl=bps0
214Spyware Begone1 17SpywareBeGone.exe1 00 73Spyware BeGone - free spyware removal utility. Not recommended - see note52http://www.spywarewarrior.com/rogue_anti-spyware.htm0
119Spywareguard lptt011 16Spywareguard.exe1 00187Variant of the RapidBlaster parasite (in a "Spyguard" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here49http://www.doxdesk.com/parasite/RapidBlaster.html0
119Spywareguard ml097e1 16Spywareguard.exe1 00187Variant of the RapidBlaster parasite (in a "Spyguard" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here49http://www.doxdesk.com/parasite/RapidBlaster.html0
212SpywareKilla1 16SpywareKilla.exe1 00153Spyware remover of ill repute. For more info about it do a search for 'SpyareKilla' at this web page on "Rogue/Suspect Anti-Spyware Products & Web Sites"52http://www.spywarewarrior.com/rogue_anti-spyware.htm0
123Spyware Nuker Installer1 25SpywareNukerInstaller.exe1 00336p align=leftA "spyware removal program" by TrekBlue, which is being heavily advertised through junk e-mail from its affiliates and misleading fake-dialogue-box web advertising. This is the same company as E-mail marketers æTrekDataÆ and æBlue Haven MediaÆ, who distribute spyware through ActiveX drive-by-download on web pages 01
114Spyware Slayer1 17SpywareSlayer.Exe1 00 99Spyware remover of dubious repute, see this list of Rogue/Suspect Anti-Spyware Products & Web Sites52http://www.spywarewarrior.com/rogue_anti-spyware.htm0
215Spyware Stormer1 18SpywareStormer.Exe1 00 58SpywareStormer spyware remover. Not recommended - see here52http://www.spywarewarrior.com/rogue_anti-spyware.htm0
327Spyware Guard Control Panel1 12spywar~1.exe1 00 88p align=left"SpywareGuard provides a real-time protection solution against spyware"48http://www.wilderssecurity.net/spywareguard.html0
3 8SPYWATCH1 12SpyWatch.exe1 00142p align=leftBPS Spyware Remover - reportedly uses an old, "borrowed" SpyBot database. Read this and this. Do not support these guys!104http://www.net-integration.net/cgi-bin/forums/ikonboard.cgi?s=3e746190523affff;act=ST;f=28;t=1546;hl=bps0
1 7directx1 14Sqlexploit.exe1 00 28Added by the SDBOT.D TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.d.html0
215Service Manager1 12sqlmangr.exe1 00133SQL Server Service Manager - provides tray access to SQL server, the server agent and MSDTC. Available via Start - Programs 01
217SoniqueQuickStart1 11sqstart.exe1 00 67Quickstart for Sonique audio player. Available via Start - Programs23http://www.sonique.com/0
3 8SlickRun1 6sr.exe1 00248"SlickRun is a floating command line utility for Windows. It gives you almost instant access to any program or website. SlickRun allows you to create command aliases (known as MagicWords), so C:\Program Files\Outlook Express\msimn.exe becomes MAIL"31http://www.bayden.com/SlickRun/0
321SureCleanProfessional1 11SRClean.exe1 00 40SureClean PC and Internet tracks cleaner47http://www.panicware.com/product_sureclean.html0
111OEM32 Tools1 10sres32.exe1 00 38Added by a variant of the SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
3 8Srmclean1 12srmclean.exe1 00262Srmclean helps in the installation and execution of the SoundMax SoftPaq for Compaq/ADI SoundMax Integrated Digital Audio. According to Compaq - "If you disable the entry from loading into startup, then you will not be able to use the features of the sound card" 01
1 4SRNG1 8srng.exe1 00 26Search hijacker - see here41http://www.doxdesk.com/parasite/Srng.html0
311SRP Startup1 10srrpro.exe1 00300System Restore Remover Pro allows you to safely and easily remove System Restore and various other Windows Millennium "features." This is enabled if you tick the "Remove unnecessary System Restore information on startup" box. Available via Start -> Settings -> Control Panel35http://www.definition-software.com/0
410SRS Applet1 11SrsTray.Exe1 00 63S3 Sonic Vibes sound card drivers - if disabled you loose sound 01
1 4Oesi1 8srts.exe1 00 52PurityScan delivers advertisements to your computer.63http://www.sarc.com/avcenter/venc/data/adware.purityscan.b.html0
1 5Srv321 9Srv32.exe1 00 28Added by the OPASERV.J WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.opaserv.j.worm.html0
1 5Srv321 9Srv32.exe1 00 28Added by the OPASERV.S WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.S0
1 6Srv3251 10Srv325.exe1 00 59Added by W32/Agobot-PR. Found in the Windows system folder.57http://www.sophos.com/virusinfo/analyses/w32agobotpr.html0
110srvexc.exe1 10srvexc.exe1 00 28Added by the SERVSAX TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.servsax.html0
324OnlinePCfix SmoothSurfer1 6SS.exe1 00 81Smooth-Surfer - blocks banners, ads, popups, and cleans MRU and Recent file lists29http://www.smooth-surfer.com/0
310SurfSecret1 12ss2-full.exe1 00369"House-cleaning utility that enables you to keep your computer usage to yourself. Runs quietly from the system tray, eliminating tell-tale files at a regular interval of your choosing. You can set it to clear your Internet cache files, cookies, history, temp folder, etc. It can also clear the history of your Run and Find menus, in addition to the AOL cache" 01
212SSBkgdUpdate1 16SSBkgdupdate.exe1 00 80ScanSoft OmniPage auto updater. Can be disabled using the main program's options 01
1 5ushli1 12sscbltqu.exe1 00 80Obtained from an MP3 search list site. Also generates random processes on reboot 01
0 6ssdiag1 10ssdiag.exe1 00 82Equinox "Configuration and DOS Diagnostic for DOS and Windows platforms"40http://www.equinox.com/Utilities147.html0
2 7SSDPSRV1 11ssdpsrv.exe1 00412Simple Service Discovery Protocol (SSDP) and General Event Notification Architecture (GENA) services for network plug and play functionality. Starts up a web server on port 5000. Used by Universal Plug and Play (for network device discovery). To remove this program, open Add/Remove Programs, select either Communications (Me) or Networking Services (XP), and remove the checkmark next to Universal Plug and Play 01
129DirectX for Microsoft Windows1 12Sservice.exe1 00 27Added by the PRORAT TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/backdoor.prorat.html0
1 8StubPath1 12Sservice.exe1 00 27Added by the PRORAT TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/backdoor.prorat.html0
420SkyBlaster Scheduler1 10SSFSch.exe1 00120For Gilat Communications internet satellite systems - associated with SkyBlaster modem. Required if you have this system 01
128Microsoft SSISVRI32 Protocol1 11ssisvri.exe1 00 38Added by a variant of the SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
319SuperSpamKiller Pro1 7Ssk.exe1 00 38SuperSpamKiller Pro email spam blocker30http://www.superspamkiller.de/0
220Smart Label RFViewer1 12SSLFVIEW.EXE1 00 94Part of the printer software for the smart-label printer made by Seiko. Can be disabled safely 01
220Smart Label O Server1 12ssloserv.exe1 00 94Part of the printer software for the smart-label printer made by Seiko. Can be disabled safely 01
312WinService321 9ssmgr.exe1 00171007 Spy Software - "stealthy monitoring program which allows you to secretly track all activities of computer users and automatically deliver logs to you via Email or FTP"30http://www.e-spy-software.com/0
3 6ssmmgr1 10ssmmgr.exe1 00 55Samsung printer monitor - for checking ink levels, etc. 01
112WinSecured321 8ssmr.exe1 00 38Added by a variant of the FORBOT WORM!57http://sophos.com.au/virusinfo/analyses/w32forbotgen.html0
1 9win32usbd1 8ssrs.exe1 00 26Added by the RBOT-RA WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotra.html0
219nForce Tray Options1 10sstray.exe1 00118nVidia nForce Taskbar Utility - quick access to the nForce2 "Sound Storm" control panel and related utilitys 01
2 6sstray1 10sstray.exe1 00118nVidia nForce Taskbar Utility - quick access to the nForce2 "Sound Storm" control panel and related utilitys 01
114Windows Config1 8SSYS.EXE1 00 28Added by the SPYBOT-DA WORM!57http://www.sophos.com/virusinfo/analyses/w32spybotda.html0
1 9Sex Teris1 9st01b.exe1 00 24Added by the REPAD WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.repad.worm.html0
220Smart Type Assistant1 7sta.exe1 00100Smart Type Assistant - a complex typing automation tool, intended to make your work faster and safer36http://www.blazingtools.com/sta.html0
2 7Stacmon1 11Stacmon.exe1 00159Installed with the drivers for a SigmaTel C-Major Audio card (on a Dell Inspiron 600m PC for example). Appears as though it can be disabled with no ill effects 01
1 5lsass1 9start.bat1 00 26Added by the ZCREW TROJAN!55http://www.sophos.com/virusinfo/analyses/trojzcrew.html0
113print sharing1 9start.bat1 00 26Added by the ZCREW TROJAN!55http://www.sophos.com/virusinfo/analyses/trojzcrew.html0
1 8services1 9start.bat1 00 26Added by the ZCREW TROJAN!55http://www.sophos.com/virusinfo/analyses/trojzcrew.html0
112Secret-Crush1 9start.exe1 00 99Hijacker that may reset your browser's home page and/or search settings to point to undesired sites 01
0 5start1 9start.exe1 00 2?? 01
3 9STARTPAGE1 10start1.exe1 00140NoSpy.org - prevents spyware from changing your startpage and other browser properties. The start1.exe file is located in a NOSPY.ORG folder23http://www.nospy.org/1/0
3 8Startacc1 12startacc.exe1 00158Launches Webroot's Accelerate 2000 software that "speeds up your Internet connection by up to 300%". Leave enabled if you find it improves internet connection55http://www.webroot.com/wb/products/accelerate/index.php0
312Start Up Cop1 12startcop.exe1 00 29StartUp Cop - startup manager50http://www.pcmag.com/article2/0,4149,897438,00.asp0
4 8StartEAK1 12StartEAK.exe1 00 68Easy Access Button Support for Compaq PCs. Required if you use these75http://h18000.www1.hp.com/support/techpubs/whitepapers/13W1-1200a-wwen.html0
240Creative PCI Audio Configuration Utility1 11starter.exe1 00192System Tray icon to configure a Creative Soundblaster PCI soundcard. Not required and re-instates itself when un-checked. Try one of the solutions on this special page. Similar to EnsoniqMixer58http://www.pacs-portal.co.uk/startup_pages/starter_exe.htm0
312EnsoniqMixer1 11starter.exe1 00335Puts the Ensoniq mixer in system tray. From Ensoniq Technologies "Our mixer is a critical part of the soundcard as it fixes sound problems and replaces the MS mixer which can no longer be used". If you find you don't need it - try one of the solutions on this special page. Similar to Creative PCI Audio Configuration Utility19all/starter_exe.htm0
312StartSurfing1 10STARTS.exe1 00346Start Surfing allows you to protect your privacy while surfing and searching the Internet by acting as a "filter" between you and the website you are visiting. Startsurfing acts as your shield from Pop Up Windows, Mouse Traps, Window Resizing, and scripts that attempt to record your personal information. Available via Start - Programs27http://www.startsurfing.com0
318Run StartupMonitor1 18StartupMonitor.exe1 00170Mike Lin's StartupMonitor, throws up an alert and asks your permission every time any change is made to your start-up configuration, either in the registry or start menu40http://www.mlin.net/StartupMonitor.shtml0
314StartupMonitor1 18StartupMonitor.exe1 00170Mike Lin's StartupMonitor, throws up an alert and asks your permission every time any change is made to your start-up configuration, either in the registry or start menu40http://www.mlin.net/StartupMonitor.shtml0
0 8win name1 8stat.exe1 00 2?? 01
1 7StatBar1 11STATBAR.exe1 00250StatBar (system status bar) allows you to quickly get an overview of your system's condition (memory, CPU, uptime, and much more). Due to the sheer number of resources (over 60%) consumed by this program, it is unsuitable for Windows 95/98/SE/Me22http://www.statbar.nl/0
4 9*StateMgr1 12statemgr.exe1 00 54Windows ME default for System Restore. Do NOT disable! 01
012Bart Station1 12station.sbrt1 00 64Related to PeoplePC ISP. May be a dialler for dial-up accounts? 7#FF00000
213Stat 'n' Perf1 13StatnPerf.exe1 00102Stat 'n' Perf monitors your internet connection and displays information about sent and received bytes38http://www.soft4ever.com/StatnPerf/En/0
215Stay Connected!1 11StayCon.exe1 00173More than just a pinger, actually simulates online activity. Supports AOL, NetZero, MSN, ATT WorldNet, CompuServe and many other ISPs as well. Available via Start - Programs 01
0 9STBVision1 11STBVisn.exe1 00 42Related to the STB Velocity graphics card. 01
2 8STBWEBTV1 12STBWEBTV.EXE1 00 29Used to display TV on your PC 01
1 9stcloader1 13stcloader.exe1 00 35Popup adware by 2ndThought software 01
1 8STCLOA~11 13stcloader.exe1 00 35Popup adware by 2ndThought software 01
1 9stcloader1 12STCLOA~1.exe1 00 35Popup adware by 2ndThought software 01
1 8STCLOA~11 12STCLOA~1.exe1 00 35Popup adware by 2ndThought software 01
0 5STCPE1 9STCPE.exe1 00 46Used to allow access to UCLA computer systems. 01
322Stealth Anonymizer 2.51 13stealth25.exe1 00104Now named Stealther - proxy server agent that lets you travel the Internet with maximum possible privacy50http://www.photono-software.de/Stealther/main.php30
2 5Steam1 9steam.exe1 00395Valve Software's STEAM broadband game client. Steam is Valve's new way of getting games into your hands ASAP. Games like Half-Life, Counter-Strike, and Counter-Strike: Condition Zero are all being made available through Steam. Steam games are automatically kept up-to-date with the latest content and revisions. Steam also includes an instant-message client which even works while you're in-game28http://www.steampowered.com/0
112Winlogin.exe1 9steam.exe1 00 42Added by a variant of the AGENT.AH TROJAN! 01
2 8Stickies1 12STICKIES.EXE1 00163Stickies - utility that allows you to put yellow "Post-It" type messages on your desktop and can be used to set reminders. Available via Start - Programs38http://www.btinternet.com/~tom.revell/0
210StickyNote1 14StickyNote.exe1 00119Utility that allows you to put yellow "Post-It" type messages on your desktop. Available via Start - Programs 01
317StillImageMonitor1 10Stimon.exe1 00418Stimon.exe enables a USB still-image device (such as a scanner) to initiate data transfer to a program. For example, if your scanning device has a scan button, it may start a program and begin scanning when you press it. Create a shortcut and start it manually when needed if your scanner otherwise fails to scan. May be required for your USB scanner to work - including all HP scanners and some of their SCSI scanners 01
224EPSON Background Monitor1 8STMS.EXE1 00120Supposed to keep an Epson printer ready for quick printing. Users report little difference whether it is on or not 01
1 5stone1 9stone.exe1 00271http://www.sophos.com/virusinfo/analyses/w32agobotpx.html"W32/Agobot-PX WORM! File is found in the Windows system folder.W32/Agobot-PX is capable of spreading to computers on the local network protected by weak passwords after receiving the appropriate backdoor command. 01
2 7webscan1 14stopsignav.exe1 00 59eAcceleration Stop-Sign related - not recommended, see note60http://www.spywarewarrior.com/rogue_anti-spyware.htm#ss_note0
214StopSignStatus1 28stopsinfo.dll", VerifyStatus2 00 59eAcceleration Stop-Sign related - not recommended, see note60http://www.spywarewarrior.com/rogue_anti-spyware.htm#ss_note0
0 7spstore1 11storesp.exe1 00167Softprobe - program designed to provide managers with an analysis of an individuals computer use who are under their supervision. This program is NOT related to Winpup25http://www.softprobe.com/0
0 6STPMGR1 10STPMGR.EXE1 00152Part of SafeTP which is transparent FTP security software. Does it need to be running permanently or can it be started manually via Start -> Programs 7#FF00000
1 7Strng321 12strngbox.exe1 00 25Added by the STRANO WORM!71http://securityresponse.symantec.com/avcenter/venc/data/w32.strano.html0
317All Aboard Status1 10stswin.exe1 00134a target="_blank" href="http://yippee.i4free.co.nz/html/win/internet/title6724.htm"All Aboard! Internet Connection Sharing status icon 01
1 4Taba1 8stte.exe1 00 19Clickspring spyware 01
216WebOutfitterTray1 10sttray.exe1 00 43Intel WebOutfitter service System Tray icon60http://www.intel.com/pressroom/archive/releases/cn032699.htm0
110media_stub1 8stub.exe1 00227a target="_blank" href="http://www.mini-player.com/"Mini-Player, IMESH related foistware, see a target="_blank" href="http://www.spywareinfo.com/yabbse/index.php?board=10;action=display;threadid=2633;start=0#msg20371"here 01
113PCHEasySearch1 12STUpdate.exe1 00 18PCH EasySearch bar 01
410CPQSTUTFIX1 11stutfix.exe1 00193For Compaq PC's. Fixes audio stutter problems for ESS Maestro soundcards. You can download it here. This is a Compaq originated file and has been verified as free from viruses by McAfree/Norton17files/StutFix.exe0
3 7StyleXP1 11StyleXP.exe1 00151StyleXP allows you customize the way WinXP looks. If disabled via msconfig it re-instates itself at reboot, therefore uninstall it if you don't want it35http://www.tgtsoft.com/product.html0
135Automatic Microsoft Windows Updater1 11suchost.exe1 00 26Added by the RBOT-EQ WORM!55http://www.sophos.com/virusinfo/analyses/w32rboteq.html0
112COM++ System1 11suchost.exe1 00 39Added by a variant of the LOVGATE WORM!57http://www.sophos.com/virusinfo/analyses/w32lovgatef.html0
121Configuration Service1 11suchost.exe1 00 25Added by the TREB TROJAN!72http://securityresponse.symantec.com/avcenter/venc/data/trojan.treb.html0
1 8MSChoExE1 8suge.exe1 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
316Suitcase Startup1 12Suitcase.exe1 00 98Suitcase. System font manager start up utility. Used for dynamic managment of fonts on your system55http://www.extensis.com/en/products/font_management.jsp0
316Lotus SuiteStart1 11suitest.exe1 00235Puts the individual Lotus components in the system tray taskbar when you start Windows. Can be disabled via MSCONFIG -> Startup as "Lotus SuiteStart 97 Edition". All individual components available via Start -> Programs 01
111SULFNBJ.EXE1 11SULFNBJ.EXE1 00 34Added by the PE_MAGISTR.DAM VIRUS!77http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=PE_MAGISTR.DAM0
0 8SupaDial1 12SupaDial.exe1 00 32SupaNet.com modem driver related 01
1 5super1 9super.exe1 00145Added by the W32/Agobot-QT WORM/IRC backdoor, which changes the HOSTS file and allows an attacker access - making possible several other actions.57http://www.sophos.com/virusinfo/analyses/w32agobotqt.html0
312Supercleaner1 16Supercleaner.exe1 00 56Supercleaner - all in one disk cleaner for your computer96http://www.softandco.com/redir.html?u=http://www.SouthBayPC.com/SuperCleaner&pn=SuperCleaner0
014Supervisor.exe1 14Supervisor.exe1 00162Has been reported to be associated with various antitrojan software like ATS and PC Doorguard. If so it's required in Startup - any further information is welcome24http://www.atshield.com/0
2 9DwlClient1 11support.exe1 00 40Download manager for Dell support alerts 01
110supporter51 14supporter5.exe1 00216Part of eScorcher anti-virus software- responsible for updates of new virus bases each time you logon to the web. Used to collect information about the user and therefore treated as spyware - now the web-site is dead25http://www.escorcher.com/0
0 7ENCSurf1 13surfboard.exe1 00 2?? 01
218HP Internet Center1 11SURFBRD.EXE1 00195Loads the HP Internet center surfboard on startup. HP Internet Center allows you to customize the multimedia keys on the fly without having to go the Control Panel --> Keyboards to change them 01
113Surfer lptt011 10surfer.exe1 00187Variant of the RapidBlaster parasite (in a "mssurfer" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here49http://www.doxdesk.com/parasite/RapidBlaster.html0
113Surfer ml097e1 10surfer.exe1 00187Variant of the RapidBlaster parasite (in a "mssurfer" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here49http://www.doxdesk.com/parasite/RapidBlaster.html0
310SurfStream1 14SurfStream.exe1 00328Conceiva "SurfStream lets you surf the Web faster. It contains a fully featured proxy server that lets you surf the Web significantly faster. It also blocks all pop-up windows and banner ads from Web pages. An intelligent tune-up tool automatically analyzes and optimizes your computer's Internet connection and TCP/IP settings" 01
0 8Surveysa1 12surveysa.exe1 00 58Found in the Sony\Vaio\survey directory on a Sony Vaio PC. 01
110SVA Player1 13SVAplayer.exe1 00106QuickFlicks Streaming Player - regarded as spyware. See here for details of how to disable or uninstall it37http://www.quickflicks.com/index.html0
1 3Svc1 7svc.exe1 00113Hijacker, Clientman parasite variant, redirecting to madfinder.com. Detected by Symantec as the MADFIND TROJAN!46http://www.doxdesk.com/parasite/ClientMan.html0
130Computing Technologie Firewall1 11svcauth.exe1 00146Added as a WORM with backdoor functionality, W32/Sdbot-VO copies itself to the Windows system folder as svcauth.exe and creates registry entries.56http://www.sophos.com/virusinfo/analyses/w32sdbotvo.html0
113Start Uppings1 13svcchosts.exe1 00 27Added by the SDBOT.VY WORM!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.VY0
1 5Svced1 9Svced.exe1 00 27Added by the DELF.F TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/backdoor.delf.f.html0
1 6fegoze1 11SVCH0ST.EXE1 00 31Added by the GRAYBIRD.D TROJAN!80http://securityresponse.symantec.com/avcenter/venc/data/backdoor.graybird.d.html0
1 8S0undMan1 11svch0st.exe1 00 29Added by the LOVGATE.AB WORM!78http://securityresponse.symantec.com/avcenter/venc/data/w32.lovgate.ab@mm.html0
1 7svchost1 11Svch0st.exe1 00 31Added by the GRAYBIRD.B TROJAN!67http://www.symantec.com/avcenter/venc/data/backdoor.graybird.b.html0
1 7svchost1 11Svch0st.exe1 00128Added by the GRAYBIRD TROJAN! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup!78http://securityresponse.symantec.com/avcenter/venc/data/backdoor.graybird.html0
123Windows Services Update1 11svch0st.exe1 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 7winsock1 11svch0st.exe1 00 25Added by the SAGE-A WORM!54http://www.sophos.com/virusinfo/analyses/w32sagea.html0
124Microsoft Windows Update1 10svchos.exe1 00 27Added by the SDBOT.AC WORM!65http://www.symantec.com/avcenter/venc/data/backdoor.sdbot.ac.html0
121Configuration Loading1 11svchos1.exe1 00 28Added by the GAOBOT.DK WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.dk.html0
116MS Config Loader1 11svchos1.exe1 00 27Added by the AGOBOT.R WORM!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.R0
113Config Loader1 11svchosl.exe1 00 27Added by the GAOBOT.P WORM!65http://www.symantec.com/avcenter/venc/data/w32.hllw.gaobot.p.html0
1 7Svchost1 11svchosl.pif1 00 38Added by the INZAE.A or INZAE.B WORMS!75http://securityresponse.symantec.com/avcenter/venc/data/w32.inzae.a@mm.html0
112_svchost.con1 11svchost.com1 00 26Added by the ERKEZ.C WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.erkez.c@mm.html0
111CashToolbar1 11svchost.exe1 00132CashToolbar Downloader-MY adware. Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup!43http://vil.nai.com/vil/content/v_126801.htm0
1 6France1 11svchost.exe1 00127Added by the MIMAIL.L WORM!. Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup!76http://securityresponse.symantec.com/avcenter/venc/data/w32.mimail.l@mm.html0
1 9microsoft1 11svchost.exe1 00134Added by the ASTEF or RESPAN WORMS! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup!75http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.astef.html0
118Monitoring Service1 11svchost.exe1 00124Added by the CONE.C WORM! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup!74http://securityresponse.symantec.com/avcenter/venc/data/w32.cone.c@mm.html0
115Network Service1 11svchost.exe1 00130CoolWebSearch parasite related. Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup!53http://www.spywareinfo.com/~merijn/cwschronicles.html0
1 9NvClipRsv1 11svchost.exe1 00127Added by the DUMARU-AK WORM! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup!57http://www.sophos.com/virusinfo/analyses/w32dumaruak.html0
114Online Service1 11svchost.exe1 00156Added by the HOSTIDEL.B or HOSTIDEL.C or TARNO.B TROJANS! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup!82http://securityresponse.symantec.com/avcenter/venc/data/w32.hostidel.trojan.b.html0
112PowerManager1 11Svchost.exe1 00124Added by the JEEFO VIRUS! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup!50http://vil.mcafee.com/dispVirus.asp?virus_k=1002770
112Service Host1 11svchost.exe1 00124Added by the TORVEL WORM! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup!79http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.torvel@mm.html0
119Service Host Driver1 11svchost.exe1 00125Added by the HITON TROJAN! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup!73http://securityresponse.symantec.com/avcenter/venc/data/w32.hiton@mm.html0
115Service Process1 11SVCHOST.EXE1 00124Added by the DARKER WORM! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup!76http://securityresponse.symantec.com/avcenter/venc/data/w32.darker.worm.html0
116Setup experation1 11svchost.exe1 00123Added by the TOFGER-AW TROJAN! Note - this is not the legitimate svchost.exe process, which NOT appear in Msconfig/Startup!58http://www.sophos.com/virusinfo/analyses/trojtofgeraw.html0
3 8Srv32Win1 11Svchost.exe1 00179Realtime-Spy keylogger (monitoring program). Given a "U" recommendation because it depends if you intentionally installed it. If you didn't treat it as "X" and uninstall or remove28http://www.realtime-spy.com/0
1 3SSL1 11svchost.exe1 00146Added by an unidentified VIRUS, WORM or TROJAN! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup!71http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/0
1 7SVCHOST1 11svchost.exe1 00170System1060 homepage hi-jacker. Found in a Windows\System1060 directory. Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup!71http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/0
1 7svchost1 11svchost.exe1 00139Added by the MORB WORM or TARNO TROJAN! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup!64http://www.symantec.com/avcenter/venc/data/w32.hllw.morb@mm.html0
1 7Svchost1 11svchost.exe1 00 77Added by the MOXE-A WORM! This is not the valid svchost.exe as described here54http://www.sophos.com/virusinfo/analyses/w32mozea.html0
119System Host Service1 11svchost.exe1 00125Added the the CONE.F WORM! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup!74http://securityresponse.symantec.com/avcenter/venc/data/w32.cone.f@mm.html0
114System Manager1 11svchost.exe1 00129Added by the BANKER-AE TROJAN! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup!58http://www.sophos.com/virusinfo/analyses/trojbankerae.html0
114System Update21 11svchost.exe1 00 31Added by the AUTOTROJ-C TROJAN!59http://www.sophos.com/virusinfo/analyses/trojautotrojc.html0
1 9SystemReg1 11svchost.exe1 00127Added by the DEWIN.E TROJAN! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup!76http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_DEWIN.E0
123Task Monitoring Service1 11svchost.exe1 00124Added by the CONE.D WORM! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup!74http://securityresponse.symantec.com/avcenter/venc/data/w32.cone.d@mm.html0
1 9tjstartup1 11svchost.exe1 00127Added by the CURDEAL TROJAN! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.curdeal.html0
120Windows Service Host1 11svchost.exe1 00124Added by the CONE.B WORM! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup!74http://securityresponse.symantec.com/avcenter/venc/data/w32.cone.b@mm.html0
121Windows Services Host1 11svchost.exe1 00133Added by the CONE or CONE.E WORMS! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup!72http://securityresponse.symantec.com/avcenter/venc/data/w32.cone@mm.html0
113WindowsUpdate1 11svchost.exe1 00152Added by the ASTEF or RESPAN WORMS or AGENT-V TROJAN! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup!75http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.astef.html0
1 3xor1 11svchost.exe1 00127Added by the XORDOOR TROJAN! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.xordoor.html0
119Zone Labs Client Ex1 11svchost.exe1 00126Added by the NETSKY.F WORM! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup!76http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.f@mm.html0
1 4zztp1 11svchost.exe1 00 41Added by the Trojan.Tannick.B infection.77http://www.sarc.com/avcenter/venc/data/trojan.tannick.b.html#technicaldetails0
1 6Runner1 11svchost.exe1 00 74Added by the Troj/AdClick-AG Trojan! File is found in the Windows folder. 01
1 6Update1 11svchost.exe1 00 74Added by the Troj/AdClick-AG Trojan! File is found in the Windows folder. 01
114System Process1 11svchost.exe1 00 74Added by the Troj/AdClick-AG Trojan! File is found in the Windows folder. 01
127SVCHOST Generic application1 11svchost.exe1 00 66Added by the Trojan! File is found in the Windows system folder.58http://www.sophos.com/virusinfo/analyses/trojdaemoniw.html0
1 7.mscsbl1 11SVCHOST.EXE1 00147Added by the Troj/Borobot-A infection! It is found in either the Windows system folder or the Application Data\Microsoft\Internet Explorer folder.58http://www.sophos.com/virusinfo/analyses/trojborobota.html0
112COM++ System1 14svchost.exe...1 00 39Added by a variant of the LOVGATE WORM!57http://www.sophos.com/virusinfo/analyses/w32lovgatef.html0
115random filename1 11svchost.scr1 00192http://www.sophos.com/virusinfo/analyses/trojbancbanbk.html"Troj/Bancban-BK. This infections attempts to steal passwords for certain Brazilian banking sites. Found in the %System%\of Windows. 01
1 8svchost11 12svchost1.exe1 00 28Added by the AGOBOT.ZZ WORM!91http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_AGOBOT.ZZ0
118CRC Value Verifier1 13svchost32.exe1 00 26Added by the RBOT-OA WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotoa.html0
111svchost.exe1 13svchost32.exe1 00 90CoolWebSearch parasite related. Note - this is not the valid svchost.exe as described here53http://www.spywareinfo.com/~merijn/cwschronicles.html0
1 9SvcHost321 13svchost32.exe1 00 40Added by the MIMAIL.I or MIMAIL.J WORMS!76http://securityresponse.symantec.com/avcenter/venc/data/w32.mimail.i@mm.html0
120Windows Help Manager1 13svchost32.exe1 00 26Added by the RBOT-OZ WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotoz.html0
1 9svchost641 13svchost64.exe1 00 29Added by the SDBOTER.G VIRUS! 01
1 8MSN Beta1 14SVCHOSTdll.exe1 00117http://www.sophos.com/virusinfo/analyses/w32rbotwf.html"W32/Rbot-WF WORM! File is found in the Windows system folder. 01
123Windows Logon Procedure1 12Svchoste.exe1 00 38Added by a variant of the SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
112Start Upping1 13SVCHOSTES.EXE1 00 26Added by the RBOT-NB WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotnb.html0
1 8MSUpdate1 14svchosthlp.exe1 00 28Added by the BLASTER.T WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.t.worm.html0
117Win32 USB2 Driver1 14svchosting.exe1 00 39Added by the FORBOT.J or SDBOT.HU WORM!90http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_SDBOT.HU0
1 8svchostr1 12svchostr.exe1 00 40Added by an unidentified WORM or TROJAN! 01
133Generic host proccess for windows1 12SVCHOSTS.EXE1 00 47Added by an unidentified VIRUS, WORM or TROJAN! 01
115Internet Config1 12svchosts.exe1 00 26Added by the SDBOT TROJAN!75http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.html0
116Windows Services1 12svchosts.exe1 00 30Added by the AGOBOT-KL TROJAN!57http://www.sophos.com/virusinfo/analyses/w32agobotkl.html0
113[random name]1 12Svchosts.exe1 00 28Added by the SDBOT.N TROJAN!56http://www.sophos.com/virusinfo/analyses/trojsdbotn.html0
115«Windows Update1 12svchosts.exe1 00 27Added by the FRUCTA TROJAN!74http://securityresponse.symantec.com/avcenter/venc/data/trojan.frutca.html0
1 6SysTry1 12svchosts.exe1 00216Added by the Troj/Banker-BD password stealing Trojan! The file is found in the Windows system folder. If you have this file on your computer, it is recommended that you change your online banking passwords and pins.58http://www.sophos.com/virusinfo/analyses/trojbankerbd.html0
115virtual-machine1 12svchosts.exe1 00 85Added by W32/Rbot-US, a WORM/backdoor IRC Trojan, found in the Windows system folder.55http://www.sophos.com/virusinfo/analyses/w32rbotus.html0
115[various names]1 13svchostss.exe1 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
116WSAConfiguration1 12svchostt.exe1 00 28Added by the AGOBOT.ZT WORM!91http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_AGOBOT.ZT0
125Microsoft Windows Updater1 12svchostz.exe1 00 30Added by the DAEMONI-E TROJAN!58http://www.sophos.com/virusinfo/analyses/trojdaemonie.html0
1 8boot_reg1 10svchot.exe1 00 77Added by Troj/Bancban-BQ, a TROJAN. It is found in the Windows system folder.59http://www.sophos.com/virusinfo/analyses/trojbancbanbq.html0
119Microsoft IT Update1 11svchsst.exe1 00 26Added by the RBOT-DH WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotdh.html0
127Microszoft Update Mach1nezs1 10svchst.exe1 00 26Added by the RBOT-ED WORM!55http://www.sophos.com/virusinfo/analyses/w32rboted.html0
114System Restore1 10svcnet.exe1 00 25Added by the TIBICK WORM!71http://securityresponse.symantec.com/avcenter/venc/data/w32.tibick.html0
110Shellapi321 10svcnet.exe1 00 71Added by W32/Tibick-C, a P2P WORM with limited backdoor functionality.56http://www.sophos.com/virusinfo/analyses/w32tibickc.html0
1 8PService1 12svcnow32.exe1 00 75Added by Troj/Spybot-DJ, a TROJAN, and found in the Windows system folder.58http://www.sophos.com/virusinfo/analyses/trojspybotdj.html0
113WindowsXPserv1 12svcnxp32.exe1 00 77Added by the Troj/Naninf-A trojan. Located in the Windows system directory.57http://www.sophos.com/virusinfo/analyses/trojnaninfa.html0
1 7svcroot1 11svcroot.exe1 00 30Added by the KEYLOG-AC TROJAN!58http://www.sophos.com/virusinfo/analyses/trojkeylogac.html0
124Microsoft Windows Update1 12svcshost.exe1 00 28Added by the FORBOT-CF WORM!57http://www.sophos.com/virusinfo/analyses/w32forbotcf.html0
1 5MSSVC1 10svcsys.exe1 00 29Added by the FATOOS-C TROJAN!57http://www.sophos.com/virusinfo/analyses/trojfatoosc.html0
1 8MSSYSTEM1 10svcsys.exe1 00 29Added by the FATOOS-C TROJAN!57http://www.sophos.com/virusinfo/analyses/trojfatoosc.html0
1 8svcsys321 12svcsys32.exe1 00 28Added by the AGOBOT-LL WORM!57http://www.sophos.com/virusinfo/analyses/w32agobotll.html0
319Microsoft Webserver1 10svctrl.exe1 00126Personal web server program which enables you to create and host a web server from your computer. Not required for most people 01
1 8IPConfig1 12svcxnv32.exe1 00 30Added by the HACARMY.E TROJAN!66http://www.symantec.com/avcenter/venc/data/backdoor.hacarmy.e.html0
3 8COMDRV321 11svdhost.exe1 00246Orvell Monitoring 2003 - surveillance software that creates records of everything people do on a computer, ie, spying or monitoring depending upon how you call it. Note - asks for permission to contact the IP address of http://www.protectcom.com/26http://www.protectcom.com/0
112Hotfix Updat1 13svdhost32.exe1 00 28Added by the GAOBOT.ZW WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.zw.html0
121Windows Print Spooler1 11SVEHOST.EXE1 00 27Added by the SPYBOT.H WORM!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.H0
127windows update configurator1 11svghost.exe1 00 38Added by a variant of the SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
119Microsoft WinUpdate1 10svh0st.exe1 00 28Added by the SPYBOT.DL WORM!86http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.DL&VSect=T0
116Win32 Usb Driver1 14svhosint32.exe1 00 42Added by the FORBOT-BE or FORBOT-J WORMS!57http://www.sophos.com/virusinfo/analyses/w32forbotbe.html0
121Microsoft AutoUpdater1 10svhost.exe1 00 26Added by the RBOT.QG WORM!87http://es.trendmicro-europe.com/consumer/security_info/ve_detail.php?Vname=WORM_RBOT.QG0
133Microsoft Synchronization Manager1 10svhost.exe1 00 27Added by the SDBOT-PY WORM!56http://www.sophos.com/virusinfo/analyses/w32sdbotpy.html0
116Microsoft Update1 10svhost.exe1 00 26Added by the RBOT-PI WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotpi.html0
1 6SVHOST1 10svhost.exe1 00 27Added by the MYDOOM.I WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.mydoom.i@mm.html0
121Windows update config1 10svhost.exe1 00 27Added by the SDBOT-PF WORM!56http://www.sophos.com/virusinfo/analyses/w32sdbotpf.html0
112Win32 Loader1 10svhost.exe1 00 67Added by the W32/Sdbot-VH WORM. Found in the Windows system folder.56http://www.sophos.com/virusinfo/analyses/w32sdbotvh.html0
121Microsof Windows Host1 12svhost32.exe1 00 27Added by the RBOT.ADY WORM!79http://www.trendmicro.co.jp/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.ADY0
123Updater Service Process1 12svhost32.exe1 00 28Added by the AGOBOT.TY WORM!80http://www.trendmicro.co.jp/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.TY0
1 4UsbD1 12svhost32.exe1 00 29Added by the AGENT.IB TROJAN!90http://ae.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=TROJ_AGENT.IB0
120Configuration Loader1 9svhst.exe1 00 28Added by the GAOBOT.YC WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.yc.html0
0 8SVIDC32M1 12SVIDC32M.exe1 00 2?? 01
115Windows Updater1 11svigost.exe1 00 36W32/Rbot-VS is classified as a worm.55http://www.sophos.com/virusinfo/analyses/w32rbotvs.html0
124Microsoft Windows Update1 11svmhost.exe1 00 28Added by the FORBOT-CH WORM!57http://www.sophos.com/virusinfo/analyses/w32forbotch.html0
0 7SVM Pop1 10svmpop.exe1 00 2?? 01
110[not used]1 11svohost.exe1 00161This dumaru variant attempts to terminate antivirus programs so that it remains undetected. It is a mass-mailing worm with backdoor and keylogging capabilities.93http://securityresponse.symantec.com/avcenter/venc/data/w32.dumaru.y@mm.html#technicaldetails0
111svphost.exe1 11svphost.exe1 00 29Added by the AGENT.CS TROJAN!85http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_AGENT.CS&VSect=T0
1 6svrrun1 10svrrun.exe1 00 32Adware hailing from Deskwizz.com 01
117Sygate Personal 31 8svrv.exe1 00121Added by the W32/Rbot-XD WORM/backdoor Trojan, which attempts to modify network shares and users and terminate processes.55http://www.sophos.com/virusinfo/analyses/w32rbotxd.html0
113Microsoft IPC1 11svshost.exe1 00 47Added by an unidentified VIRUS, WORM or TROJAN! 01
118Microsoft Services1 11svshost.exe1 00 28Added by the ALETS.B TROJAN!64http://www.symantec.com/avcenter/venc/data/backdoor.alets.b.html0
124Microsoft Update Machine1 11svshost.exe1 00 26Added by the RBOT.AK WORM!76http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.AK0
124Microsoft Windows Update1 11svshost.exe1 00 29Added by the WOOTBOT.CJ WORM!109http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?id=66325&VName=WORM_WOOTBOT.CJ&VSect=T0
113Svhost Loader1 11svshost.exe1 00 27Added by the AGOBOT.G WORM!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.G0
1 7svshost1 11svshost.exe1 00 47Added by an unidentified VIRUS, WORM or TROJAN! 01
113svshostdriver1 11svshost.exe1 00 29Added by the SDBOT-HN TROJAN!57http://www.sophos.com/virusinfo/analyses/trojsdbothn.html0
115Windows_Updates1 11svthost.exe1 00 38Added by a variant of the SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
117Microsoft-Updates1 11svxhost.exe1 00 26Added by the RBOT-CT WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotct.html0
119SVX Control Service1 11svxhost.exe1 00 27Added by the FORBOT-K WORM!56http://www.sophos.com/virusinfo/analyses/w32forbotk.html0
114update service1 11svxhost.exe1 00 26Added by the RBOT-MG WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotmg.html0
1 7scvhost1 11svzhost.exe1 00 38Added by a variant of the SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
120Configuration Loader1 8sw32.exe1 00 28Added by the AGOBOT.BQ WORM!91http://es.trendmicro-europe.com/enterprise/security_info/ve_detail.php?VName=WORM_AGOBOT.BQ0
114Update ver 1.01 8Swap.exe1 00 25Added by the SWAP-C WORM!54http://www.sophos.com/virusinfo/analyses/w32swapc.html0
1 8SWCaller1 12SWcaller.exe1 00 28Homepage hijacker - see here75http://securityresponse.symantec.com/avcenter/venc/data/swporta.trojan.html0
1 8SWCaller1 13Swcaller2.exe1 00 28Homepage hijacker - see here75http://securityresponse.symantec.com/avcenter/venc/data/swporta.trojan.html0
1 6load321 11swchost.exe1 00 26Added by the TURTA.A WORM!97http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?VName=WORM_TURTA.A&VSect=T0
1 9NvClipRsv1 11swchost.exe1 00 28Added by the DUMARU-AK WORM!57http://www.sophos.com/virusinfo/analyses/w32dumaruak.html0
114Windows report1 11swchost.exe1 00 29Added by the SMALL-BD TROJAN!57http://www.sophos.com/virusinfo/analyses/trojsmallbd.html0
314Spyware Doctor1 12swdoctor.exe1 00 30Spyware Doctor spyware remover38http://www.pctools.com/spyware-doctor/0
1 9MSNMSGRS11 8swed.bat1 00 28IRC backdoor TROJAN or WORM! 01
216Internet Sweeper1 11Sweeper.exe1 00 82Internet Sweeper - removes unnecessart left over files after browsing the internet23http://www.bmesite.com/0
1 8MSNMSGRE1 8swef.bat1 00 28IRC backdoor TROJAN or WORM! 01
119Windows System Tray1 10swhost.exe1 00 47Added by an unidentified VIRUS, WORM or TROJAN! 01
1 8MSNMSGRR1 8swin.bat1 00 28IRC backdoor TROJAN or WORM! 01
214Shockwave Init1 10SWINIT.EXE1 00216Part of Macromedia Shockwave. Controls the Shockwave Remote Control Panel. The Remote Control can be activated manually from the Start Menu by locating and selecting Shockwave and then Shockwave Remote under Programs 01
310Switch Off1 9swoff.exe1 00209Switch Off - tray-based system utility that can automatically perform various frequently used operations like shutdown or restart your computer, disconnect your current dialup connection, lock workstation, etc24http://yasoft.km.ru/eng/0
245Microsoft Sidewinder Game Controller Software1 10SWTRAY.EXE1 00 82MS SideWinder game controller system tray icon. Available via Start -> Programs 01
215pictureBUZZTray1 10swtray.exe1 00181System Tray access to PictureBUZZ on-line printing software from Streetwise Software. If you use the software set the page you use as a favourite in your browser and run it manually26http://www.picturebuzz.com0
2 6SwTray1 10SWTRAY.EXE1 00120MS SideWinder game controller system tray icon. Available via Start -> Programs. May have the version number after it 01
216SideWinderTrayV41 12SWTrayV4.exe1 00129MS SideWinder game controller system tray icon. This is specific to version 4 of the software. Available via Start -> Programs 01
2 8SWTrayV41 12SWTrayV4.exe1 00129MS SideWinder game controller system tray icon. This is specific to version 4 of the software. Available via Start -> Programs 01
1 5sxprv1 9sxprv.pif1 00 66The TROJAN Troj/Dloader-IT adds this to the Windows system folder.59http://www.sophos.com/virusinfo/analyses/trojdloaderit.html0
0 6Sxplog1 11sxpstub.exe1 00199Part of CA Unicenter Software Delivery - manage software across various systems, from desktops and servers to PDAs and mobile phones, in a controlled and standardized way - is it required at startup?47http://www3.ca.com/Solutions/Product.asp?ID=2340
118Microsoft--Updates1 11sxvhost.exe1 00 26Added by the RBOT-FH WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotfh.html0
120Configuration Loader1 11sycfg34.exe1 00 28Added by the GAOBOT.AN WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.an.html0
114windows update1 11sychost.exe1 00 25Added by the LEOX.B WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.leox.b.html0
124Sygate Personal Firewall1 10Sygate.exe1 00 26Added by the RBOT-PN WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotpn.html0
119Symantec Anti Virus1 14symantec32.exe1 00 39Added by a variant of the WOOTBOT WORM!80http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.GEN0
117Symantec Security1 14symantec32.exe1 00 42Added by the RANDEX.PR or RANDEX.YR WORMS!74http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.pr.html0
1 5SymAV1 9SymAV.exe1 00 27Added by the NETSKY.U WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.u@mm.html0
416Symantec Core LC1 12symlcsvc.exe1 00 48Part of Norton AntiVirus 2004. What does it do? 01
214NSystemMonitor1 10Symmon.exe1 00143Norton Uninstall Deluxe - monitors programs being installed and logs them for removing later. Available via Start - Programs for manual logging 01
228SymTray - Norton SystemWorks1 11SYMTRAY.EXE1 00264Keeps all System Tray icons for Norton SystemWorks together to reduce clutter. SystemWorks includes Norton Anti-Virus, Norton Utilities and Norton CleanSweep - mentioned elsewhere here. Personally I only have Norton eMail Protect running which doesn't need SymTray 01
1 9ClockSync1 8Sync.exe1 00242ClockSynck - synchronizes your system clock with an internet time server. It's by WhenU, the makers of the Save Now spyware, and they're usually seen in tandem, so it's advised to replace it with one of may spyware free alternatives available26http://www.clock-sync.com/0
215BookMarkSync2It1 11sync2it.exe1 00172Sync2IT BookMarkSync - "real-time automatic synchronization service that allows you to access your bookmarks, favorites and favorite files from any computer or any browser"23http://www.sync2it.com/0
3 9SyncAgent1 13syncagent.exe1 00172Ghost Keylogger (monitoring program). Given a "U" recommendation because it depends if you intentionally installed it. If you didn't treat it as "X" and uninstall or remove25http://www.keylogger.net/0
119Remote Access Slave1 12Synchost.exe1 00 27Added by the RIPJAC TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/backdoor.ripjac.html0
315FieldForms Sync1 15SyncService.exe1 00228Resco FieldForms. A solution for building of mobile forms that can be viewed or filled in on the run, on a wide range of mobile devices. Supports Microsoft Access databases, and provides for synchronization of other data as well47http://www.resco-net.com/enterprise/fieldforms/0
0 8SynSetup1 21SynTP.tmp RunOnce.exe2 00 91Probably associated Synaptics touchpads on laptops as for the SynTPEnh and SynTPLpr entries 01
3 8SynTPEnh1 12syntpenh.exe1 00273Synaptics touchpad tray icon. Displays status and provides quick launch to touchpad features such as scrolling and tap zones. Required on IBM Thinkpads with UnltraNav (pointstick and touchpad combo) if you don't want to loose the advanced pointstick features such as scroll 01
4 8SynTPLpr1 12syntplpr.exe1 00 72Synaptics touchpad driver helper. Required for touchpad features to work 01
1 8Ulubione1 11sys****.exe1 00 83Search Hijacker, redirecting to maxxxhosters.com - where **** are random characters 01
1 2Dx1 28sys*.exe [* = random number]2 00 27Added by the DEXTER.A WORM!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_DEXTER.A0
1 7Msgtray1 9sys16.exe1 00 26Added by an unknown VIRUS! 01
1 5sys321 9sys32.exe1 00 27Added by the FLUX.E TROJAN!81http://fr.trendmicro-europe.com/smb/security_info/ve_detail.php?VName=BKDR_FLUX.E0
114Video Services1 9sys32.exe1 00 28Added by the AGOBOT.PS WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.PS0
117Win32 USB2 Driver1 9sys32.exe1 00 28Added by the WOOTBOT.X WORM!89http://it.trendmicro-europe.com/consumer/security_info/ve_detail.php?Vname=WORM_WOOTBOT.X0
110System Net1 9sys32.exe1 00117Added by the W32/Forbot-FX WORM, which also creates a new service called "Win32", with the display name "System Net".57http://www.sophos.com/virusinfo/analyses/w32forbotfx.html0
1 5Win321 9sys32.exe1 00178A service created by W32/Forbot-FX with a display name of "System Net" allows remote attack via IRC channel, deletion of files, modification of data and ternination of processes.57http://www.sophos.com/virusinfo/analyses/w32forbotfx.html0
116Microsoft Update1 12sys32cfg.exe1 00 38Added by a variant of the SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
1 7MsVBdll1 12sys32dll.exe1 00130Added by the W32/Aimdes-C WORM to insure automatically running, it will exploit AOL instant messenger and harvest email addresses.56http://www.sophos.com/virusinfo/analyses/w32aimdesc.html0
117Win32 USB2 Driver1 12sys32snd.exe1 00 28Added by the FORBOT-AN WORM!57http://www.sophos.com/virusinfo/analyses/w32forbotan.html0
3 8sys32cmd1 12sys32win.exe1 00312Active Keylogger monitoring software - also see here. From the Symantec article: "This spyware program must be manually installed. However, there are several known programs that have Spyware.ActiveKeylog within them and that install it as the program itself is installed". Disable/remove if you didn't install it81http://securityresponse.symantec.com/avcenter/venc/data/spyware.activekeylog.html0
126System 64 Driver for Games1 12sys64dvr.exe1 00 26Added by the SDBOT TROJAN!75http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.html0
3 8SysAgent1 12SysAgent.exe1 00158SYSagent - small utility for retrieving all the hardware and software information required by anyone administering a machine and/or the network it's a part of37http://www.netsizzle.net/sysagent.asp0
1 5SysAI1 9SysAI.exe1 00100AproposMedia adware - also creates SysAI folder in Program Files where the SysAI.exe is also located45http://doxdesk.com/parasite/AproposMedia.html0
1 5Adobe1 12sysbat32.exe1 00 31Added by the LOWZONES.T TROJAN!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_LOWZONES.T0
3 6Sysbot1 10sysbot.exe1 00 69Spector - spying (or monitoring) software to record internet activity62http://www.spectorsoft.com/products/Spector_Windows/index.html0
112System Cache1 12SysCache.exe1 00 47Added by an unidentified VIRUS, WORM or TROJAN! 01
128Windows System Configuration1 12SYSCFG16.EXE1 00 30Added by the WISDOOR.Z TROJAN!58http://www.sophos.com/virusinfo/analyses/trojwisdoork.html0
120Configuration Loader1 12syscfg32.exe1 00 28Added by the SDBOT.B TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.b.html0
116internet service1 12syscfg32.exe1 00 26Added by the RBOT-QS WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotqs.html0
1 6syscfg1 12syscfg32.exe1 00 26Added by the KWBOT.S WORM!80http://securityresponse.symantec.com/avcenter/venc/data/w32.kwbot.s.worm@mm.html0
112syscfg34.exe1 12syscfg34.exe1 00 27Added by the ELECTRON WORM!78http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.electron.html0
1 9SysConfig1 12syscfg35.exe1 00 27Added by the KAZMOR.C WORM!78http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.kazmor.c.html0
312SoloSysCheck1 12Syscheck.exe1 00150Solo antivirus System Integrity Check - Monitors system registry, system.ini, win.ini and startup to protect you from new Internet Worms and Backdoors24http://www.srnmicro.com/0
113SystemChecker1 10Syschk.exe1 00 26Added by the GALIL.F WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.galil.f@mm.html0
114MicrosoftValue1 11syscnfg.exe1 00155Added by an unidentified VIRUS, WORM or TROJAN! "syscnfg.exe" is found in C:\windows\fonts (or C:\winnt\fonts) directory where no *.exe files should reside 01
113ModularConfig1 11syscnfg.exe1 00155Added by an unidentified VIRUS, WORM or TROJAN! "syscnfg.exe" is found in C:\windows\fonts (or C:\winnt\fonts) directory where no *.exe files should reside 01
1 6MSCORE1 11syscnfg.exe1 00155Added by an unidentified VIRUS, WORM or TROJAN! "syscnfg.exe" is found in C:\windows\fonts (or C:\winnt\fonts) directory where no *.exe files should reside 01
1 5MSDLL1 11syscnfg.exe1 00155Added by an unidentified VIRUS, WORM or TROJAN! "syscnfg.exe" is found in C:\windows\fonts (or C:\winnt\fonts) directory where no *.exe files should reside 01
1 6Run[0]1 11syscnfg.exe1 00155Added by an unidentified VIRUS, WORM or TROJAN! "syscnfg.exe" is found in C:\windows\fonts (or C:\winnt\fonts) directory where no *.exe files should reside 01
1 2OD1 11SYSCNTR.EXE1 00 16HotVideo dialler 01
113syscon lptt011 10syscon.exe1 00185Variant of the RapidBlaster parasite (in a "Syscon" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here49http://www.doxdesk.com/parasite/RapidBlaster.html0
113syscon ml097e1 10syscon.exe1 00185Variant of the RapidBlaster parasite (in a "Syscon" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here49http://www.doxdesk.com/parasite/RapidBlaster.html0
118Microsoft Conf Ldr1 11sysconf.exe1 00 39Added by a variant of the SDBOT TROJAN!75http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.html0
113Video Process1 11sysconf.exe1 00 62Added by the GAOBOT.GEN!POLY or GAOBOT.UM or GAOBOT.ADX WORMS!80http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.gen!poly.html0
110ConfLoader1 13sysconf16.exe1 00 29Added by the SDBOT-FB TROJAN!57http://www.sophos.com/virusinfo/analyses/trojsdbotfb.html0
114Microsoft RDLL1 13sysconf32.exe1 00 39Added by a variant of the SDBOT TROJAN!75http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.html0
124Windows HTML file reader1 13Sysconf32.exe1 00 26Added by the NOOMY.A WORM!76http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_NOOMY.A0
1 5Adobe1 13sysconfig.exe1 00 40Added by an unidentified WORM or TROJAN! 01
1 6Syscpy1 10Syscpy.exe1 00 84Firewall-bypassing, proxied spam relayer. Detected by Symantec as the HOGLE TROJAN!75http://securityresponse.symantec.com/avcenter/venc/data/backdoor.hogle.html0
1 6SysCtl1 10sysctl.exe1 00 24Added by the AOK TROJAN!42http://vil.nai.com/vil/content/v_99942.htm0
111SystemDebug1 12Sysdeb32.exe1 00 27Added by the SYSBUG TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sysbug.html0
118System Diagnostics1 13sysdiag32.exe1 00 30Added by the SDBOT.GEN TROJAN!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.GEN0
1 9winreg_321 10Sysdll.exe1 00 74Added by the Troj/Dloader-IJ Trojan! File is found in the Windows folder.59http://www.sophos.com/virusinfo/analyses/trojdloaderij.html0
112system32.dll1 12sysdll32.exe1 00102CoolWebSearch parasite related. Redirecting to wholeworldmarket.com, most likely other domains as well53http://www.spywareinfo.com/~merijn/cwschronicles.html0
220Norton System Doctor1 12Sysdoc32.exe1 00222Norton Disk Doctor from Norton Utilities. Automatically runs at start-up, major resource hog and best started manually form Start -> Programs. Delete the shortcut in the Start -> Programs -> Startup folder as well 01
111ssgrate.exe1 11sysdoor.exe1 00 33Added by the MITGLIEDER.N TROJAN!80http://securityresponse.symantec.com/avcenter/venc/data/trojan.mitglieder.n.html0
120System Uptime Server1 12SYSENTRY.EXE1 00 26Added by the RBOT.LK WORM!89http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?VName=WORM_RBOT.LK0
120System Uptime Server1 14SYSENTRY32.EXE1 00 26Added by the RBOT.LK WORM!89http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?VName=WORM_RBOT.LK0
1 8sysfiler1 12sysfiler.exe1 00 27Added by the RETSAM TROJAN!74http://securityresponse.symantec.com/avcenter/venc/data/trojan.retsam.html0
1 8sysflg321 12sysflg32.exe1 00 43Added by a variant of the CRYPTER.C TROJAN!58http://www.sophos.com/virusinfo/analyses/trojcrypterc.html0
1 9sysformat1 13sysformat.exe1 00103Added by Bagle.AY WORM!. This infections scans your hard drive for email addresses to send itself to.46http://www.f-secure.com/v-descs/bagle_ay.shtml0
124Sygate Personal Firewall1 10sysgut.exe1 00 27Added by the SDBOT.WM WORM!85http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.WM&Vsect=T0
1 7syshelp1 11syshelp.exe1 00 39Added by a variant of the LOVGATE WORM!80http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.lovgate@mm.html0
115MicrosoftUpdate1 13syshelper.exe1 00 47Added by an unidentified VIRUS, WORM or TROJAN! 01
113Microsoft IIS1 11syshost.exe1 00 28Added by the FRANCETTE WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.francette.worm.html0
1 9MS Update1 11syshost.exe1 00 27Added by the EVAMAN-F WORM!56http://www.sophos.com/virusinfo/analyses/w32evamanf.html0
1 7securer1 11syshost.exe1 00201A href="http://www.sophos.com/virusinfo/analyses/trojbdoordu.html"Troj/Bdoor-DU is a backdoor Trojan for the Windows platform. It is located in the directory Windows system folder\securer\syshost.exe. 01
110MS Updates1 12syshosts.exe1 00 27Added by the MYDOOM.Y WORM!68http://securityresponse.symantec.com/avcenter/venc/data/w32.mydoom.y0
1 8sysinfer1 12sysinfer.exe1 00 81Added by the Adware.Adtest browser hijacker. Found in the Windows system folder.57http://www.sarc.com/avcenter/venc/data/adware.adtest.html0
120Configuration Loader1 11sysinfo.exe1 00 28Added by the GAOBOT.FQ WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.fq.html0
1 7sysinfo1 11sysinfo.exe1 00 28Added by the BEDRILL TROJAN!75http://securityresponse.symantec.com/avcenter/venc/data/trojan.bedrill.html0
111sysinfo.exe1 11sysinfo.exe1 00 27Added by the BEAGLE.V WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.v@mm.html0
118Microsoft Software1 13sysinfo33.exe1 00 26Added by the RBOT.LS WORM!89http://it.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_RBOT.LS0
1 6Syskey1 11sysinit.exe1 00 28Added by the BEAGLE.AX WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.ax@mm.html0
1 8sysint161 12sysint16.exe1 00 30Added by the CRYPTER.A TROJAN!58http://www.sophos.com/virusinfo/analyses/trojcryptera.html0
110RegCleaner1 11SYSio32.exe1 00128Added by an unidentified VIRUS, WORM or TROJAN! Note - do not confuse this with the popular RegCleaner registry cleaner freeware 01
1 5Wardo1 13syslaunch.exe1 00 32Added by the ADLCICKER.G TROJAN!85http://securityresponse.symantec.com/avcenter/venc/data/w32.a.d.clicker.g.trojan.html0
113Config Loader1 12sysldr32.exe1 00 25Added by the GAOBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.html0
1 6Syslib1 10Syslib.exe1 00 39Adult content related downloader trojan 01
112SystemLoad321 13sysload32.exe1 00 27Added by the MIMAIL.E WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.mimail.e@mm.html0
113Syslog lptt011 10Syslog.exe1 00185Variant of the RapidBlaster parasite (in a "Syslog" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here49http://www.doxdesk.com/parasite/RapidBlaster.html0
113Syslog ml097e1 10Syslog.exe1 00185Variant of the RapidBlaster parasite (in a "Syslog" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here49http://www.doxdesk.com/parasite/RapidBlaster.html0
118NT Logging Service1 12Syslog32.exe1 00 72Added by the DONK.B or DONK.C or DONK.L or DONK.M or DONK.O WORMS!76http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.donk.b.html0
112syslogin.exe1 12syslogin.exe1 00 25Added by the BAGZ-B WORM!54http://www.sophos.com/virusinfo/analyses/w32bagzb.html0
119Microsoft WinUpdate1 11syslx32.exe1 00 47Added by an unidentified VIRUS, WORM or TROJAN! 01
113SystemManager1 12Sysman32.exe1 00 36Added by the DOWNLOADER-BW.B TROJAN!43http://vil.nai.com/vil/content/v_100164.htm0
124Microsoft« System Mapper1 10SysMap.exe1 00 26Added by the MAPSY TROJAN!75http://securityresponse.symantec.com/avcenter/venc/data/backdoor.mapsy.html0
1 4SysR1 9sysmd.exe1 00 81Adult content based "foistware" (adds hidden components to your system) 01
3 9SysMetrix1 13SysMetrix.exe1 00109SysMetrix - skinnable clock and metering application. It monitors and reports on a great number of statistics34http://www.xymantix.com/sysmetrix/0
124Microsoft System Checkup1 10sysmgr.exe1 00 29Added by the SDBOT-OO TROJAN!56http://www.sophos.com/virusinfo/analyses/w32sdbotoo.html0
122Windows Nivedia Driver1 10sysMGT.exe1 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 6sysmon1 10sysmon.exe1 00 24Added by the BIZEX WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.bizex.worm.html0
314System Monitor1 10SYSMON.EXE1 00106Comes with some Aopen motherboards. Monitors CPU temp, voltage and fan speed. Warns if any become abnormal 01
114System Monitor1 12Sysmon16.exe1 00 26Added by the SDBOT TROJAN!75http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.html0
011.NET config1 12sysmon32.exe1 00 2?? 01
113SystemMonitor1 12Sysmon32.exe1 00 26Added by the AIDID.A WORM!87http://si.trendmicro-europe.com/consumer/security_info/ve_detail.php?Vname=WORM_AIDID.A0
1 6sysmon1 12sysmon44.exe1 00 46Added by a variant of the BACKDOOR-CBA TROJAN!43http://vil.nai.com/vil/content/v_122468.htm0
1 8SysMonXP1 12SysMonXP.exe1 00 27Added by the NETSKY.Q WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.q@mm.html0
116System Messenger1 12SYSMSG32.EXE1 00 31Added by W32/Spybot-DK, a WORM!57http://www.sophos.com/virusinfo/analyses/w32spybotdk.html0
117MsWindows SysDate1 11sysmsvc.exe1 00 29Added by the SPYBOT.FCD WORM!62http://www.symantec.com/avcenter/venc/data/w32.spybot.fcd.html0
1 7sysnate1 11sysnate.exe1 00 27Added by the MEDIAS TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/backdoor.medias.html0
1 9navman_201 12sysnav32.exe1 00 42Hijacker, possibly a CoolWebSearch variant53http://www.spywareinfo.com/~merijn/cwschronicles.html0
1 2/a1 10SYSNET.EXE1 00144Added by the A href="http://www.sophos.com/virusinfo/analyses/w32rbotwj.html"W32/Rbot-WJ infection. File is found in the Windows system folder. 01
1 6SysOps1 6SysOps1 00 31Added by the MSNCORRUPT TROJAN!80http://securityresponse.symantec.com/avcenter/venc/data/backdoor.msncorrupt.html0
114Microsoftvirus1 15sysoverload.exe1 00 28Added by the FORBOT-AL WORM!57http://www.sophos.com/virusinfo/analyses/w32forbotal.html0
1 6SysReg1 10SysReg.exe1 00 27Added by the CHEKIN TROJAN!83http://securityresponse.symantec.com/avcenter/venc/data/trojan.download.chekin.html0
114SystemRegistry1 10SysReg.vbs1 00105Added by VBS/Ediboy-C. File is located in the Windows System directory. Also see bWUpdate_35253825.vbs/b56http://www.sophos.com/virusinfo/analyses/vbsediboyc.html0
1 6Sysres1 10Sysres.exe1 00 27Added by the LOGMOD TROJAN!52http://www.viruslist.com/eng/viruslist.html?id=514650
114MS SyS Restore1 14sysrestore.exe1 00 26Added by the RBOT.XM WORM!106http://es.trendmicro-europe.com/enterprise/security_info/ve_detail.php?id=66436&VName=WORM_RBOT.XM&VSect=T0
123Windows Startup 32 Bits1 12sysrun32.exe1 00 41Added by a variant of the DARKSUN TROJAN! 01
1 8msgserv_1 8Syss.exe1 00 26Added by the FANTA TROJAN!73http://securityresponse.symantec.com/avcenter/venc/data/fanta.trojan.html0
116security service1 8syss.exe1 00 40Added by an unidentified WORM or TROJAN! 01
310SystemSafe1 11Syssafe.exe1 00 86System Safety Monitor - system monitoring tool with additional application firewalling47http://www.webattack.com/get/systemsafety.shtml0
110SysService1 14SysService.exe1 00 36Added by the DELF family of TROJANS!81http://securityresponse.symantec.com/avcenter/venc/data/backdoor.delf.family.html0
112SysService321 16SysService32.exe1 00 26Added by the KINDAL VIRUS!43http://vil.nai.com/vil/content/v_100207.htm0
113Syntax Script1 11systacq.exe1 00 27Added by the SDBOT.AI WORM!65http://www.symantec.com/avcenter/venc/data/backdoor.sdbot.ai.html0
113SysService32l1 14systask32l.exe1 00 24Added by the THEUG WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.theug.html0
1 7windows1 15system copy.exe2 00 26Added by the SALGA.A WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.salga.a@mm.html0
1 9system...1 12system...exe1 00 34Added by the OPTIXPRO.13.C TROJAN!83http://securityresponse.symantec.com/avcenter/venc/data/backdoor.optixpro.13.c.html0
1 7system.1 11system..exe1 00 34Added by the OPTIXPRO.13.C TROJAN!83http://securityresponse.symantec.com/avcenter/venc/data/backdoor.optixpro.13.c.html0
1 4Data1 14System.dat.vbs1 00 28Added by the BISCUIT.A WORM!77http://securityresponse.symantec.com/avcenter/venc/data/vbs.biscuit.a@mm.html0
1 7Command1 10system.exe1 00 48Added by the GATECRASH.A or GATECRASH.B TROJANS!80http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_GATECRASH.A0
120Configuration Loader1 10System.exe1 00 28Added by the GAOBOT.AO WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.ao.html0
113Control Panel1 10System.exe1 00 25Added by the DANI TROJAN!61http://www.symantec.com/avcenter/venc/data/backdoor.dani.html0
113Microsoft IPC1 10system.exe1 00 28Added by the NULLBOT TROJAN!75http://securityresponse.symantec.com/avcenter/venc/data/trojan.nullbot.html0
112PrintSpoolSv1 10System.exe1 00 28Added by the BDOOR-S TROJAN!56http://www.sophos.com/virusinfo/analyses/trojbdoors.html0
111ssgrate.exe1 10system.exe1 00 33Added by the MITGLIEDER.C TROJAN!80http://securityresponse.symantec.com/avcenter/venc/data/trojan.mitglieder.c.html0
110SysProtect1 10System.exe1 00 27Added by the NETSPY TROJAN!75http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_NETSPY0
1 6System1 10system.exe1 00 35Added by various WORMS and TROJANS! 01
114system manager1 10System.exe1 00 28Added by the FORBOT-BO WORM!57http://www.sophos.com/virusinfo/analyses/w32forbotbo.html0
114System Update21 10system.exe1 00 31Added by the AUTOTROJ-C TROJAN!59http://www.sophos.com/virusinfo/analyses/trojautotrojc.html0
110System.exe1 10System.exe1 00 35Added by various WORMS and TROJANS! 01
1 8System321 10system.exe1 00 31Added by the BUSHTRO122 TROJAN!60http://www.sophos.com/virusinfo/analyses/trojbushtro122.html0
114Win_api_driver1 10system.exe1 00 27Added by the REVIRD TROJAN!83http://securityresponse.symantec.com/avcenter/venc/data/trojan.download.revird.html0
110MSkernel321 15System.exe 48202 00 27Added by the TUXDER TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/backdoor.tuxder.html0
124Microsoft Update Machine1 12system03.exe1 00 26Added by the RBOT-NM WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotnm.html0
115System Terminal1 11SYSTEM2.EXE1 00 30Added by the SPYBOT-BZ TROJAN!58http://www.sophos.com/virusinfo/analyses/trojspybotbz.html0
1 8Bcvsrv321 11system2.exe1 00 88Added by the W32/Agobot-PU IRC backdoor Trojan/WORM! Found in the WIndows system folder.57http://www.sophos.com/virusinfo/analyses/w32agobotpu.html0
1 8System321 14system32,1.exe1 00 47Added by an unidentified VIRUS, WORM or TROJAN! 01
1 3N/A1 12system32.exe1 00 87Added by the AGOBOT-KU WORM! Note - has a blank entry under the Startup Item/Name field57http://www.sophos.com/virusinfo/analyses/w32agobotku.html0
130Microsofot x386 System Monitor1 12system32.exe1 00 28Added by the WOOTBOT.M WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.M0
1 3msn1 12system32.exe1 00 27Added by the KITRO.A WORM!76http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_KITRO.A0
124Sygate Personal Firewall1 12system32.exe1 00 26Added by the RBOT.VI WORM!76http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.VI0
1 8System321 12System32.exe1 00 40Added by any number of WORMS or TROJANS! 01
1 9SystemSAS1 12System32.exe1 00 26Added by the KWBOT.C WORM!90http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=WORM_BENJAMIN.A&VSect=T0
114Windows-System1 12System32.exe1 00 28Added by the LOGPOLE.C WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.logpole.c.html0
1 4ruin1 12system32.exe1 00 33Added by the Troj/Delf-JM Trojan!56http://www.sophos.com/virusinfo/analyses/trojdelfjm.html0
1 5Win321 12system32.vbs1 00 66Added by the VBS.Swerun Infection! Found in the Windows directory.71http://www.sarc.com/avcenter/venc/data/vbs.swerun.html#technicaldetails0
127Windows Drive Compatibility1 20System32Driver32.exe1 00 27Added by the SUPOVA.Z WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.supova.z@mm.html0
110System32Ex1 14System32Ex.exe1 00 31Added by the IRCCONTACT TROJAN!80http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irccontact.html0
113Media service1 12SYSTEM64.EXE1 00 26Added by the RBOT.QV WORM!106http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?id=65730&VName=WORM_RBOT.QV&VSect=T0
1 7SysStrt1 11systemc.exe1 00 30Added by the AGOBOT-QA TROJAN!57http://www.sophos.com/virusinfo/analyses/w32agobotqa.html0
117Microsoft Updates1 13systemc32.exe1 00 26Added by the RBOT-GR WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotgr.html0
111SystemCheck1 15Systemcheck.exe1 00 25Added by the LAVITS WORM!63http://www.symantec.com/avcenter/venc/data/w32.hllw.lavits.html0
113SystemCONF98i1 17SystemCONF98i.exe1 00 31Added by the GLITCH BOT TROJAN!60http://www.pestpatrol.com/pestinfo/t/trojan_win32_glitch.asp0
119M1cr0s0ft S3rcurity1 16systemconfig.exe1 00 27Added by the RBOT.BKB WORM!90http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_RBOT.BKB0
117Internet Services1 13systemdev.exe1 00 27Added by the SDBOT-PW WORM!56http://www.sophos.com/virusinfo/analyses/w32sdbotpw.html0
1 9SystemDll1 13SystemDll.exe1 00 29Added by the LOXOSCAM TROJAN!78http://securityresponse.symantec.com/avcenter/venc/data/backdoor.loxoscam.html0
116Microsoft Update1 13systemi32.exe1 00 38Added by a variant of the SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
112system32.dll1 14systeminit.exe1 00 55CoolWebSearch hijacker re-directing to your-search.info53http://www.spywareinfo.com/~merijn/cwschronicles.html0
117Systemiom Updater1 13Systemiom.exe1 00 28Added by the SPYBOT.TY WORM!91http://fr.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_SPYBOT.TY0
124Microsoft Update Machine1 12systemll.exe1 00 26Added by the RBOT-JT WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotjt.html0
124Microsoft update service1 11systemm.exe1 00 37Added by a variant of the SDBOT WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.GEN0
114Microsoftkeysd1 14systemproc.exe1 00 28Added by the FORBOT-BI WORM!57http://www.sophos.com/virusinfo/analyses/w32forbotbi.html0
133Registry System16 Checkup Monitor1 15SystemReg16.exe1 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
123Windows System Restorer1 18SystemRestorer.exe1 00 27Added by the DULOAD.C WORM!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_DULOAD.C0
120Configuration Loader1 12systemry.exe1 00 45Added by a variant of the AGOBOT/GAOBOT WORM!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN0
1 7Kernell1 11systems.exe1 00 28Added by the TARNO.C TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.tarno.c.html0
1 9NAV Agent1 11systems.exe1 00 97Added by the TARNO.C TROJAN! Note - this is not the valid Norton Antivirus entry of the same name76http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.tarno.c.html0
114System Service1 11systems.exe1 00 28Added by the AGOBOT.VZ WORM!108http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?id=64895&VName=WORM_AGOBOT.VZ&VSect=T0
311Systems.exe1 11Systems.exe1 00156Keyboard Spectator - monitoring software that creates records of everything people do on a computer, ie, spying or monitoring depending upon how you call it33http://www.refog.com/download.htm0
1 7Systems1 11Systems.exe1 00 87Added by the Troj/Bankboa-A TROJAN, it targets a specific website and steals passwords.58http://www.sophos.com/virusinfo/analyses/trojbankboaa.html0
114Windows backup1 12systemss.exe1 00 38Added by a variant of the SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
112System Stats1 15SystemStats.exe1 00 39Added by a variant of the WOOTBOT WORM!80http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.GEN0
110SystemTray1 14SystemTray.exe1 00 82Added by the BIGFOOT TROJAN! Note - this is not the valid SystemTray (SysTray.exe)64http://www.symantec.com/avcenter/venc/data/backdoor.bigfoot.html0
2 9SystemUpd1 13SystemUpd.exe1 00 51Updater for Swapoo.com, a kind of Napster for games 01
132Windows Update Service 2004/20051 16systemupdate.exe1 00 26Added by the RBOT-JE WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotje.html0
114Microsoftkeysd1 16systemwin32s.exe1 00 29Added by the WOOTBOT.CO WORM!100http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?VName=WORM_WOOTBOT.CO&VSect=T0
2 7iIWiper1 15Systemwiper.exe1 00132System Wiper from iI Software - allows you to clear the history of your activites from you computer. Run manually on a regular basis38http://nn101.virtualave.net/clean.html0
117systemyom Updater1 13systemyom.exe1 00 50Added by a variant of the BACKDOOR.IRC.BOT TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.bot.html0
112Systesms.exe1 12systesms.exe1 00 26Added by the RBOT-HI WORM!55http://www.sophos.com/virusinfo/analyses/w32rbothi.html0
2 7Systest1 11Systest.exe1 00 30Clean Space temp files cleaner35http://www.teosoft.com/en/index.htm0
1 5value1 12systimer.exe1 00 98Added by Adware.Downreceive. File is found in the C:\Program Files\ Acceleration Software folder.62http://www.sarc.com/avcenter/venc/data/adware.downreceive.html0
1 8Systmesy1 12Systmesy.exe1 00 26Added by the RBOT-KQ WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotkq.html0
1 9Systoan321 11systoan.exe1 00 47Added by an unidentified VIRUS, WORM or TROJAN! 01
114System Toolkit1 12Systools.exe1 00 28Added by the RONOPER-G WORM!57http://www.sophos.com/virusinfo/analyses/w32ronoperg.html0
0 7systr321 11systr32.exe1 00 2?? 01
1 9Systemtra1 10Systra.exe1 00 39Added by a variant of the LOVGATE WORM!80http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.lovgate@mm.html0
0 7systrax1 11systrax.exe1 00 2?? 01
114Coldlife -icmp1 11Systray.exe1 00 75Added by the FLOOD.AV TROJAN! Note - this is not the legitimate SysTray.exe46http://vil.nai.com/vil/content/Print100363.htm0
1 8Internat1 11systray.exe1 00 84Added by the ALADINZ.P TROJAN! Note - this is not the legitimate systray.exe process83http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.aladinz.p.html0
310SystemTray1 11SysTray.Exe1 00378SYSTRAY.EXE - System Tray Services. Provides the Volume Control, PC Card Status, Power Management and other icons that reside in the System Tray (see here). SYSTRAY.EXE may be disabled if none of these services are required. It will launch as and when required if you later enable the icons. If you need these items they're available via Start -> Settings -> Control Panel62http://support.microsoft.com/default.aspx?scid=kb;en-us;1281290
110SystemTray1 11SysTray.exe1 00286Added by the ALADINZ.P TROJAN! Note - this is not the valid System Tray (systray.exe) which resides in C:\Windows\System (Win9x/Me), C:\Winnt\System32 (WinNT/2K) or C:\Windows\System32 (WinXP). If you right-click on the real systray.exe the "Properties" reveal it to be a Microsoft file83http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.aladinz.p.html0
3 7SysTray1 11SysTray.Exe1 00378SYSTRAY.EXE - System Tray Services. Provides the Volume Control, PC Card Status, Power Management and other icons that reside in the System Tray (see here). SYSTRAY.EXE may be disabled if none of these services are required. It will launch as and when required if you later enable the icons. If you need these items they're available via Start -> Settings -> Control Panel62http://support.microsoft.com/default.aspx?scid=kb;en-us;1281290
114Systray driver1 11systray.exe1 00 98Added by the MUTEBOT TROJAN! Note - this is not the real SystemTray which shares the same filename81http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.mutebot.html0
113ActiveDesktop1 13systray32.exe1 00 25Added by the DABOOM WORM!66http://www.symantec.com/avcenter/venc/data/w32.hllw.daboom@mm.html0
113System Tray321 13SysTray32.exe1 00 24Added by the REPAD WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.repad.worm.html0
1 7Systray1 12Systray_.Exe1 00 27Added by the KERGEZ.A WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.kergez.a@mm.html0
1 7systree1 7systree1 00 29Added by the BANCOS.L TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.bancos.l.html0
1 8win32ini1 11systroy.exe1 00 34Added by the IRC.ALADINZ.C TROJAN!70http://www.symantec.com/avcenter/venc/data/backdoor.irc.aladinz.c.html0
1 4sysu1 8sysu.exe1 00 39Dynamic Desktop Media adware - see here69http://www.symantec.com/avcenter/venc/data/adware.dynamicupdater.html0
1 6Update1 10Sysupd.exe1 00 28Added by the SLACKBOT VIRUS! 01
2 6Piracy1 11SysUtil.exe1 00799Software Piracy Alert feature bundled with PGWare software. Cries foul when it detects an 'illegal' version. The alerts are reported to disappear as soon as the software is correctly registered. There are privacy issues though: "The Software includes a feature that assigns a unique order number to GameGain based on purchase information. The Software reports this number to us via the internet either when you run the Software or enter the registration number, or both. The Software may also identify and report to us your IP address, date and time of installation, registration and/or use. We use this information strictly to count the number of installations, detect unauthorized access or piracy of the Software, and develop rough statistical data regarding the geographic location of our users"40http://www.pgware.com/products/gamegain/0
1 8Sysvupex1 12Sysvupex.exe1 00 27Added by the MEDIAS TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/backdoor.medias.html0
3 6SYSWB61 10SYSWB6.exe1 00186We-Blocker - gives parents the opportunity to monitor their children's Internet access and provide them with age-appropriate content, while filtering out sites that contain adult content26http://www.we-blocker.com/0
1 7Setting1 10sysweb.exe1 00 30Added by the SDBOT.GEN TROJAN!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.GEN0
1 6SysWin1 10SysWin.exe1 00 31Added by the IRCCONTACT TROJAN!80http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irccontact.html0
119Microsoft WinUpdate1 12syswin32.exe1 00 37Added by a variant of the SDBOT WORM!43http://vil.nai.com/vil/content/v_100454.htm0
1 8syswin321 12syswin32.exe1 00 38Added by a variant of the SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
1 9Syswindow1 13Syswindow.exe1 00 24Added by the COW TROJAN!60http://www.symantec.com/avcenter/venc/data/backdoor.cow.html0
123Working System Analyzer1 11syswork.exe1 00118This is a SDBot variant infection. These types of infections are backdoor trojans. It also creates a Windows Service. 01
123Working System Analyzer1 11syswork.exe1 00140This is a SDBot variant infection. These types of infections are backdoor trojans. It also creates Run registry entries to start this file. 01
1 9Wut Nigga1 11syswork.exe1 00 91A service created by W32/Forbot-FZ and bearing the display name of Working System Analyzer.57http://www.sophos.com/virusinfo/analyses/w32forbotfz.html0
112usrgtway.exe1 13syswrun4x.exe1 00 33Added by the MITGLIEDER.E TROJAN!80http://securityresponse.symantec.com/avcenter/venc/data/trojan.mitglieder.e.html0
116Microsoft Wxdate1 11Syswu32.exe1 00 28Added by the SPYBOT.HZ WORM!86http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.HZ&VSect=T0
1 3key1 9sysxp.exe1 00 28Added by the BEAGLE.AB WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.ab@mm.html0
113SYSTEMZ Patch1 8SYSZ.exe1 00 30Added by the ALADINZ.P TROJAN!83http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.aladinz.p.html0
127eanth_critical_update_alert1 13sys_alert.exe1 00156Stop-Sign from eAcceleration. Purports to detect spyware, malware, viruses and keyloggers, but is in fact spyware itself - read their privacy statement here37http://www.eacceleration.com/privacy/0
220eanth_system_patcher1 13sys_alert.exe1 00 59eAcceleration Stop-Sign related - not recommended, see note60http://www.spywarewarrior.com/rogue_anti-spyware.htm#ss_note0
1 3key1 10sys_xp.exe1 00 28Added by the BEAGLE.AC WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.ac@mm.html0
112Olive System1 11Szchost.exe1 00 33Added by the MERCURYCAS.A TROJAN!80http://securityresponse.symantec.com/avcenter/venc/data/trojan.mercurycas.a.html0
111Zone system1 11szchost.exe1 00 31Added by the MULTIDR-AC TROJAN!59http://www.sophos.com/virusinfo/analyses/trojmultidrac.html0
1 9StartMenu1 10s_menu.exe1 00 40Added by a variant of the DELF-A TROJAN! 01
124Sygate Personal Firewall1 10t1ktik.exe1 00106W32/Rbot-VP is a worm with limited backdoor functionality. It is located in the Windows System directory.55http://www.sophos.com/virusinfo/analyses/w32rbotvp.html0
4 8tablet s1 8tablet s2 00121Starts the Wacom Penabled driver on Acer Tablet PCs (tablet icon with a green check appears during startup if successful) 01
2 6Tablet1 10Tablet.exe1 00636Loads the tablet drivers for the Wacom Graphics Tablet. This can be unchecked in msconfig without problems if you don't need the tablet functional all the time. Create your own shortcut if you need to run it ad hoc. If you forget to run it before running Paint Shop Pro & Adobe Photo Shop) you may find the following: (1) Paint Shop Pro (version 7.04) - (a) Browse function will NOT work (program freezes) (b) On program exit, PSP does not terminate (you have to CTRL+ALT+DEL to close it) (2) Photo Shop (version 6.01) - (a) Program functions slowdown (d) On program exit it takes noticeably longer to shut down (like 30-45 seconds) 01
3 9TabletTip1 10tabtip.exe1 00147The Microsoft Tablet PC Input Panel converts handwriting to text dynamically, and you can make corrections quickly and easily before inserting text 01
2 3Tad1 7tad.exe1 00143From Turtle Beach's Santa Cruz on a Dell WinME system. Not required - works fine without it including keyboard hot controls for volume and mute 01
0 3TAG1 7tag.exe1 00 2?? 01
214Tahni Deskmate1 9Tahni.exe1 00 93Tahni Deskmate - "Interactive cartoon character that lives on your Windows desktop"21http://www.tahni.com/0
1 9LoadFonts1 10Tahoma.vbs1 00 69Homepage hijacker that changes your homepage to an adult content site 01
112Start Upping1 11taksmgr.exe1 00 26Added by the RBOT-QK WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotqk.html0
215TalkingReminder1 19TALKINGREMINDER.EXE1 00 74Talking Reminder from Software River Solutions - talking calendar reminder55http://www.softwareriver.com/html/talking_reminder.html0
0 7talknow1 11talknow.exe1 00 49Could it be related to this or something similar? 7#FF00000
3 7TapiTNA1 11TapiTNA.exe1 00109Telephony Location Selector allowing mobile users to change dialling locations - part of the Win95 Power Toys86http://www.microsoft.com/windows95/downloads/contents/WUToys/W95PwrToysSet/Default.asp0
3 6Tardis1 10Tardis.exe1 00 38Tardis - time synchronization software29http://www.kaska.demon.co.uk/0
1 8run32dll1 10task32.exe1 00 47Added by an unidentified VIRUS, WORM or TROJAN! 01
215Redline Taskbar1 11taskbar.exe1 00103Taskbar icon for the Redline RegTweak overclocking program as supplied with Sapphire ATI graphics cards 01
1 8Task Bar1 11TASKBAR.EXE1 00 28Added by the FRETHEM.J WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_FRETHEM.J0
2 7Taskbar1 11Taskbar.exe1 00103Taskbar icon for the Redline RegTweak overclocking program as supplied with Sapphire ATI graphics cards 01
014Task BarClient1 17TaskBarClient.exe1 00130Responsible for creating the System Tray icon and associated display system for the Starband satellite always on internet service 7#FF00000
011Task BarSvr1 14TaskBarSvr.exe1 00128Part of the Starband satellite always on internet service. Not included on the current system. What does it do and is it needed? 7#FF00000
1 4Task1 10tasker.exe1 00 27Added by the MYDOOM.R WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.mydoom.r@mm.html0
116CentralProcessor1 12taskimgr.exe1 00 29Added by the BANCOS.J TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.bancos.j.html0
114System Update21 11taskman.exe1 00 31Added by the AUTOTROJ-C TROJAN!59http://www.sophos.com/virusinfo/analyses/trojautotrojc.html0
1 6SysRes1 15TASKMANAGER.exe1 00 61Added by the W32/Elitper-A WORM, found in the Windows folder.57http://www.sophos.com/virusinfo/analyses/w32elitpera.html0
120Windows Task Manager1 11taskmgn.exe1 00108Unidentified malware, either a variant of the WIN32.RBOT WORM, or part of a Casino Palazzo foistware install64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 8cftmon321 25taskmgr*.exe [* = number]2 00 41Added by the SOWSAT.C and SOWSAT.J WORMS!76http://securityresponse.symantec.com/avcenter/venc/data/w32.sowsat.c@mm.html0
111taskmanager1 11taskmgr.com1 00 24Added by the BEREB WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.bereb.html0
1 7Taskmgr1 11Taskmgr.exe1 00110System1060 homepage hi-jacker. Note - this is not a Windows file and is found in a WindowsSystem1060 directory 01
1 7taskmgr1 11taskmgr.exe1 00 84Added by the Startpage.G hijacker. Note - this is NOT the Windows Task Manager file!79http://securityresponse.symantec.com/avcenter/venc/data/trojan.startpage.g.html0
211taskmgr.exe1 11taskmgr.exe1 00233Windows Task Manager in Windows XP. If run from the Startup folder, the tray icon will be put to the system tray after boot. Useful to check if XP has finished running the delayed services after boot. Available via a desktop shortcut 01
1 6ctfmon1 27taskmgr32*.exe [* = number]2 00 27Added by the SOWSAT.B WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.sowsat.b@mm.html0
112Task Manager1 12taskmngr.exe1 00 25Added by the RBOT.Y WORM!88http://de.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_RBOT.Y0
115taskmngr lptt011 12taskmngr.exe1 00177Variant of the RapidBlaster parasite (in a "Taskmngr" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here49http://www.doxdesk.com/parasite/RapidBlaster.html0
115taskmngr ml097e1 12taskmngr.exe1 00177Variant of the RapidBlaster parasite (in a "Taskmngr" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here49http://www.doxdesk.com/parasite/RapidBlaster.html0
118VITAL BOOT PROCESS1 13taskmnsgr.exe1 00168W32/Rbot-VY WORM! Spreads by exploiting weak passwords on computers and sql servers, security holes, and other worm's backdoors. Found in the Windows system directory.55http://www.sophos.com/virusinfo/analyses/w32rbotvy.html0
114System Update21 11taskmon.exe1 00 31Added by the AUTOTROJ-C TROJAN!59http://www.sophos.com/virusinfo/analyses/trojautotrojc.html0
1 7TaskMon1 11taskmon.exe1 00289Added by the MYDOOM.A or MYDOOM.J WORMS! Note - this is not the legitimate Win9x/Me file of the same name which resides in C:\Windows as this version resides in C:\Windows\System (Win9x/Me), C:\Winnt\System32 (WinNT/2K), or C:\Windows\System32 (WinXP). It is not normally on a WinXP system76http://securityresponse.symantec.com/avcenter/venc/data/w32.mydoom.a@mm.html0
311TaskMonitor1 11taskmon.exe1 00549The Task Monitor checks the disk-access patterns of programs when they are started and stores this information in log files in the Applog folder. Task Monitor also records the number of times you use a program. The Disk Defragmenter tool uses this information to optimize your hard disk so that programs that you use frequently are loaded faster. Not required - but can be useful. Note: for Norton Anti-Virus 2002 users, loading TaskMonitor will typically solve many, if not most, of those annoying IE scripting errors (per Symantec's Knowledgebase) 01
112Start Upping1 11taskmrg.exe1 00 26Added by the RBOT-MA WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotma.html0
1 8candynet1 11Taskmsg.exe1 00 26Added by the RBOT-NA WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotna.html0
112taskopen.exe1 12taskopen.exe1 00 27Added by the HIDD.C TROJAN! 01
211E6TaskPanel1 12TaskPanl.exe1 00130Earthlink Task Panel - part of Earthlink TotalAccess 2003 internet access software. Quick access to internet, E-mail and web-space39http://www.earthlink.net/home/software/0
2 8TaskPlus1 13TASKPLUS0.EXE1 00123Task and calendar management software available as freeware or as a "Professional" version for sharing over a LAN 01
2 8TaskPlus1 12TASKPL~1.EXE1 00123Task and calendar management software available as freeware or as a "Professional" version for sharing over a LAN 01
112task service1 16taskservices.exe1 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
310CoolSwitch1 14taskswitch.exe1 00138ALT+TAB replacement Powertoy for Windows XP - enhances the graphics displayed when you want to switch between programs running full-screen 01
210taskswitch1 14taskswitch.exe1 00138ALT+TAB replacement Powertoy for Windows XP - enhances the graphics displayed when you want to switch between programs running full-screen 01
122Windows Taskbar System1 11tasksys.exe1 00 37Added by a variant of the SDBOT WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.GEN0
1 7tasksys1 11tasksys.vbs1 00 24Added by the BYRON WORM!73http://securityresponse.symantec.com/avcenter/venc/data/vbs.bryon@mm.html0
118WinSysStartUpWKbLw1 17TaskSystemDll.Exe1 00 28Added by the BACKZAT.G WORM!66http://www.symantec.com/avcenter/venc/data/w32.hllw.backzat.g.html0
120All Sea screen saver1 12TaskTray.exe1 00 71"Free screensaver", installs lots of foistware. See here. Get rid of it42, installs lots of foistware. See <a href=0
411Tau monitor1 10Taumon.exe1 00155"Tauscan is a powerful Trojan Horse detection and removal engine capable of catching every known type of backdoor that can threaten your system."44http://www.agnitum.com/download/tauscan.html0
112blah service1 11tazkmgr.exe1 00 26Added by the RBOT.UA WORM!76http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.UA0
310TLogonPath1 12tb2logon.exe1 00 45Timbuktu Pro - remote desktop access software45http://www.netopia.com/software/products/tb2/0
3 7TBC Pro1 10tbcpro.exe1 00177TitleBarClock Pro - displays Day, Time, Date, Month, Year, FreeMem, and FreeDriveSpace on the right side of the title bar in any main window that has the mouse or keyboard focus37http://www.wfcravener.com/tbcpro.html0
2 7tbctray1 11tbctray.exe1 00188Provides quick access via a System Tray icon to the control panel for Turtle Beach's Santa Cruz or VideoLogic's SonicFury soundcards. Available via Start -> Settings -> Control Panel 01
213TraySantaCruz1 11tbctray.exe1 00188Provides quick access via a System Tray icon to the control panel for Turtle Beach's Santa Cruz or VideoLogic's SonicFury soundcards. Available via Start -> Settings -> Control Panel 01
0 6HDhelp1 12tbhdhelp.exe1 00 47Associated with Philips Edge series soundcards.167http://www.consumer.philips.com/global/b2c/ce/catalog/subcategory.jhtml;jsessionid=4ORTA0KYTJOWWCRQNFJRX1YKGBUEWHAW?subCatId=SOUNDCARDS&groupId=PCSTUFF&divId=00
342Network Associates Error Reporting Service1 9TBMon.exe1 00134Network Associates Error Reporting Tool - tool traps errors and requests submission to NAI for the purpose of betatesting new software 01
2 9TurboNote1 10tbnote.exe1 00 61Post-It's on your desktop. Available via Start -> Programs 01
3 8Gainward1 11TBPanel.exe1 00155Configuration utility for Gainward graphics cards. Not required unless you use non-default settings. Available via Start -> Settings -> Control Panel 01
3 7TBPanel1 11TBPanel.exe1 00155Configuration utility for Gainward graphics cards. Not required unless you use non-default settings. Available via Start -> Settings -> Control Panel 01
2 6TBTray1 10tbtray.exe1 00165VLSI/QSound ThunderBird PCI Control Panel. System Tray access to the settings for this and related soundcards. Available via Start -> Settings -> Control Panel 01
3 8Bayswap21 12TbUpdate.exe1 00161Hot-swappable drive management on Compaq Notebooks which allows you to swap drives without closing down Windows. Only required if you frequently swap bay devices 01
312TimeCalendar1 6tc.exe1 00 28TimeCalendar digital planner28http://www.timecalendar.com/0
4 8tcactive1 7tca.exe1 00 84Part of The Cleaner from MooSoft - stops virus trojans before they can do any damage34http://www.moosoft.com/thecleaner/0
210TCASUTIEXE1 11TCASUTI.exe1 00 97Associated with the 3COM diagnostic module (3COM NIC Doctor).áNo further information is available 01
2 8Ethernet1 12tcaudiag.exe1 001023Com NIC Installation/Diagnostic MFC application. Diagnostics may be run from the Start -> Programs 01
210TCASUTIEXE1 12tcaudiag.exe1 00 983Com NIC Installation/Diagnostic MFC application. Diagnostics may be run from the Start - Programs 01
213TCAUDIAG -off1 12tcaudiag.exe1 00 983Com NIC Installation/Diagnostic MFC application. Diagnostics may be run from the Start - Programs 01
0 7TCDPbtn1 11TCDPbtn.exe1 00 25Found on a Toshiba laptop 01
0 7TCDPlay1 11TCDPlay.drv1 00133Found on a Toshiba laptop - sounds like the driver for the CD-ROM but why doesn't it use the standard Windows drivers - any comments? 01
3 6TClock1 10TCLOCK.EXE1 00139Kazubon TClock. Utility that amongst other things synchronizes your system clock with Internet time servers. Available via Start - Programs 01
3 8TClockEx1 12TCLOCKEX.EXE1 00125Puts a configurable time/date display in the tray (and other features). Freeware by Dale Nurden and is popular on cover disks35http://users.iafrica.com/d/da/dalen0
3 9tcmonitor1 7tcm.exe1 00 67Part of The Cleaner from MooSoft - warns of changes to the registry34http://www.moosoft.com/thecleaner/0
3 8TDKSTART1 12TDKSTART.EXE1 00 94Sets the spindown timeout and access speeds at startup and displays a splash screen for CD-RW. 01
2 7TDKTASK1 11TDKTASK.EXE1 00 59Taskbar utility for a "control panel" for a CD-RW 01
3 4TDS31 9TDS-3.exe1 00116DiamondCS TDS3 antitrojan. Can be used to scan on demand, but required in startup if you prefer real time protection28http://tds.diamondcs.com.au/0
0 7TDspOff1 11Tdspoff.exe1 00 25Found on a Toshiba laptop 01
313Tracks Eraser1 6te.exe1 00 84Tracks Eraser from Acesoft - "Erases all tracks of your internet activity"23http://www.acesoft.net/0
317Tracks Eraser Pro1 6te.exe1 00 88Tracks Eraser Pro from Acesoft - "Erases all tracks of your internet activity"23http://www.acesoft.net/0
313TurboExplorer1 6TE.exe1 00250Web accelerator - "TurboExplorer« 2.x is a real-time web surfing accelerator specifically designed for Internet Explorer« 4/5 to achieve a faster and more effective approach to the internet". Only needed if you find it improves web browsing42http://www.downlinx.com/proghtml/9/969.htm0
212Teach In Box1 12teachbox.exe1 00 52Tutoring program that comes with a SystemAX Computer 01
317SpybotSD TeaTimer1 12TeaTimer.exe1 00268TeaTimer is a new tool of Spybot S&D - spam filter which perpetually monitors the processes called/initiated. It immediately detects known malicious processes wanting to start and terminates them giving you some options, how to deal with this process in the future28http://www.spamihilator.com/0
413Tech-In-A-Box1 11techbox.exe1 00182Tech-in-a-Box "provides easy-to-use tools for various system maintenance tasks. From backup and restore to diagnostics and repairs, Tech-in-a-Box is your tool to stay up and running"43http://tools.supportforyourpc.com/tiab.html0
119Microsoft Inet Xp..1 11teekids.exe1 00 28Added by the BLASTER.C WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.c.worm.html0
213Telemeter 3.01 14telemeter3.exe1 00 51Internet connection bandwidth meter from a user ISP 01
4 8Telepath1 12telepath.exe1 00284Drivers for the WinModem versions of the US Robotics "Telepath" series - as supplied to Gateway for instance. WinModems use software rather than hardware - hence putting a load on the CPU. Needed if you have it for loading the drivers. See here for more WinModem information34http://808hi.com/56k/winmodems.asp0
229Textbridge Instant Access OCR1 12telepath.exe1 00159TextBridge from Scansoft. OCR (optical character recognition) software for scanning documents into popular editing applications. Available via Start - Programs35http://www.scansoft.com/textbridge/0
1 5tempx1 9tempx.exe1 00 29Added by the TEMPEX.A TROJAN! 01
3 7TEscKey1 11TEscKey.exe1 00123Toshiba Escape Key handler. Enables you to program and use the <FN<Esc key combination to perform a specific function 01
0 5Tesla1 9TESLA.EXE1 00 2?? 01
011LoadWatcher1 8Test.exe1 00129Reportedly part of a webcam surveillance program that's supposed to test SMTP dialling in the event of an alert? Is this correct? 01
116Winsock32 driver1 11Testing.exe1 00 27Added by the SPYBOT.B WORM!56http://www.sophos.com/virusinfo/analyses/w32spybotb.html0
212AlienAutopsy1 11Test_BS.exe1 00 45Alienware computer technical support software25http://www.alienware.com/0
017TExBUtil Registry1 12TExBUtil.exe1 00 2?? 01
2 9TextAloud1 16TextAloudMP3.exe1 00 55TextAloud MP3 - convert text into spoken words and MP3s46http://www.nextuptech.com/TextAloud/index.html0
3 7Memory+1 12tfimemsr.exe1 00131Memory optimizer. MS professionals recommend not using memory managers with Win98/SE/ME. See this article and make up your own mind34http://www.aumha.org/a/memmgmt.htm0
3 6TFncKy1 10TFncky.exe1 00 81Deals with the <Fn> - <Function> key combinations on a Toshiba laptop 01
3 5TFNF51 9TFNF5.exe1 00155Toshiba Hotkey Utility for Display Devices. By pressing <FN + <F5, a window appears showing the displays that can be chosen û LCD, LCD + CRT, CRT, TV 01
4 3dla1 12tfswctrl.exe1 00386Drive letter access to HP's and Veritas' version of DirectCD. Does the same thing as DirectCD. From HP - "This is a needed file as it controles the readability of the Combo drives. Without this file loading the end user will be able to burn CD's but wont be able to read them. The drive itself will be able to read store bought master Cd's without the file but not burnt ones" 01
4 8tfswctrl1 12tfswctrl.exe1 00386Drive letter access to HP's and Veritas' version of DirectCD. Does the same thing as DirectCD. From HP - "This is a needed file as it controles the readability of the Combo drives. Without this file loading the end user will be able to burn CD's but wont be able to read them. The drive itself will be able to read store bought master Cd's without the file but not burnt ones" 01
1 7TFTP***1 7tftp***1 00 66Added by a variant of the SPYBOT WORM! where *** can be any number76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
3 8TFunckey1 12TFuncKey.exe1 00 81Deals with the <Fn> - <Function> key combinations on a Toshiba laptop 01
3 5Tgcmd1 9tgcmd.exe1 00424See also TgAddServer. This part ensures the software is installed correctly (similar to an installation wizard) as reported by Cox. Regarded as spyware by some as it has the ability to retrieve user information. Whether it does so depends upon the provider. "tgcmdprovidersbc" is for SBC Yahoo DSL. One Toshiba user reports problems with hibernate on his laptop if disabled - hence the "U" recommendation34http://www.cox.com/info/policy.asp0
316tgcmdprovidersbc1 9tgcmd.exe1 00424See also TgAddServer. This part ensures the software is installed correctly (similar to an installation wizard) as reported by Cox. Regarded as spyware by some as it has the ability to retrieve user information. Whether it does so depends upon the provider. "tgcmdprovidersbc" is for SBC Yahoo DSL. One Toshiba user reports problems with hibernate on his laptop if disabled - hence the "U" recommendation34http://www.cox.com/info/policy.asp0
114TGDC IE Plugin1 8tgdc.exe1 00 30ShopForGood spyware - see here48http://www.spywareguide.com/spydet_424_tgdc.html0
211TgAddServer1 9tgfix.exe1 00663Software from SupportSoft (aka Support.com) provided to manufacturers (such as Sony (Vaio Support Agent) and Toshiba (Virtual Tech)) and ISPs (such as Comcast, Cox and Charter (Pipeline Support Agent)) that allows them to offer on-line support - to update drivers, fix faults, etc. Can cause a deterioration in a PC's peformance (see here). This part does the protection and "self-healing". Uninstallation is recommended by most people - especially for System Restore users (WinME/XP). If not available via Add/Remove, Charter offer some uninstallation instructions involving a registry patch that you may be able to modify for your proivder or try here23http://www.support.com/0
3 9Tgsetsite1 9tgfix.exe1 00424See also TgAddServer. This part ensures the software is installed correctly (similar to an installation wizard) as reported by Cox. Regarded as spyware by some as it has the ability to retrieve user information. Whether it does so depends upon the provider. "tgcmdprovidersbc" is for SBC Yahoo DSL. One Toshiba user reports problems with hibernate on his laptop if disabled - hence the "U" recommendation34http://www.cox.com/info/policy.asp0
114ComcastSUPPORT1 10tgkill.exe1 00324Comcast (the cable folks who are replacing @home in some parts of the USA) have struck a deal with Tioga to provide an "enhanced" support and self-repairing tool. This is "beta" at present and was made available to download by mistake at present. Remove via Start -> Settings -> Add/Remove Programs 01
1 6tgkill1 10tgkill.exe1 00324Comcast (the cable folks who are replacing @home in some parts of the USA) have struck a deal with Tioga to provide an "enhanced" support and self-repairing tool. This is "beta" at present and was made available to download by mistake at present. Remove via Start -> Settings -> Add/Remove Programs 01
2 7Thdetrf1 12thdetr32.exe1 00 42Appears to be related to Lycos advertising 01
215Desktop Weather1 23THE WEATHER CHANNEL.exe2 00 94Desktop Weather by The Weather Channel - provides current temperature, conditions, alerts, etc58http://www.weather.com/services/desktop.html?from=tutorial0
217Desktop Weather 31 23THE WEATHER CHANNEL.exe2 00 96Desktop Weather 3 by The Weather Channel - provides current temperature, conditions, alerts, etc44http://www.weather.com/services/desktop.html0
316Windows Guardian1 19thehel1iawgrd32.exe1 00158Part of First Aid by Cybermedia who were subsequently bought by McAfee (Network Associates). Protects your Windows system from application failure and crashes 01
217Desktop Weather 31 12THEWEA~1.EXE1 00 96Desktop Weather 3 by The Weather Channel - provides current temperature, conditions, alerts, etc44http://www.weather.com/services/desktop.html0
3 7THGuard1 11THGuard.exe1 00 41Resident memory scanning for TrojanHunter43http://www.mischel.dhs.org/trojanhunter.jsp0
3 7THOTKEY1 11THotkey.exe1 00215Associated with the Fn+ keys on Toshiba laptops. When disabled some keys still worked, like the one that regulates the volume of the system beep, but others didn't, like the one that immediately blackens your screen 01
12332-bit Thunking service1 11thunk32.exe1 00172Added by the W32/Derdero.a@MM Infection. Spreads by sending email from your computer from addresses it finds on your computer. File is found in the Windows system folder.54http://vil.mcafeesecurity.com/vil/content/v_131863.htm0
3 7THGuard1 12TH_Guard.exe1 00 41Resident memory scanning for TrojanHunter43http://www.mischel.dhs.org/trojanhunter.jsp0
3 6TiADSL1 12tidslmon.exe1 00143Actiontec DSL modem. Associated with High Speed AOL DSL. Used to get line sync with the Actiontec DSL USB Modem. Available via Start - Programs 01
1 9Time Sync1 8time.exe1 00 70Troj/Dloader-HZ is a Trojan downloader. Found in the users Start Menu.59http://www.sophos.com/virusinfo/analyses/trojdloaderhz.html0
215Timemanager.exe1 15Timemanager.exe1 00107Easy to use program for recording how you spend your time, designed to help you in billing multiple clients 01
210TimeOnline1 14TIMEONLINE.EXE1 00120Lightman Groups's TimeOnline monitor. For dial-up users to monitor time spent on the net. Available via Start - Programs 01
1 5TIMER1 9TIMER.EXE1 00 28Added by the TIMESE.AG WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.timese.ag.html0
119Windows Time Server1 11TimeSRV.exe1 00 29Added by the SPYBOT.DNC WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.dnc.html0
121Windows Registry Scan1 14timeupdate.exe1 00 28Added by the SPYBOT.JE WORM!84http://nl.trendmicro-europe.com/smb/security_info/ve_detail.php?Vname=WORM_SPYBOT.JE0
3 8Timezone1 12TimeZone.exe1 00 56Microsoft Daylight Saving Time Update Utility - see here172http://www.microsoft.com/resources/documentation/WindowsServ/2003/all/techref/en-us/Default.asp?url=/Resources/Documentation/windowsserv/2003/all/techref/en-us/timezone.asp0
210Phime2002a1 12TINTSETP.EXE1 00108Part of Microsoft's Input Message Editor (IME) for translating Japanese/Chinese text in IE, Outlook and Word 01
214PHIME2002ASync1 12TINTSETP.EXE1 00108Part of Microsoft's Input Message Editor (IME) for translating Japanese/Chinese text in IE, Outlook and Word 01
2 8TINTSETP1 12TINTSETP.EXE1 00108Part of Microsoft's Input Message Editor (IME) for translating Japanese/Chinese text in IE, Outlook and Word 01
3 9tinySpell1 13tinyspell.exe1 00249Tinyspell - "allows you to easily and quickly check the spelling of words in any Windows application. Monitors your typing on the fly, alerts you whenever it detects a misspelled word, and checks the spelling of every word you copy to the clipboard"44http://www.megspace.com/computers/tinyspell/0
3 9TiomanExe1 10Tioman.Exe1 00 78Agate Tioman - warm and hot swap removable bay device manager for IBM laptops24http://www.agatetech.com0
313TiTleBarClock1 17TiTleBarClock.exe1 00148TitleBarClock displays the day/month/time and free physical RAM on the right hand side of an open window, replacing the system tray clock at startup34http://www.wfcravener.com/TBC.html0
310TizzleTalk1 14TizzleTalk.exe1 00 72TizzeTalk is a dialect translator for Yahoo, MSN, AOL Instant Messangers26http://www.tizzletalk.com/0
210TkBell.Exe1 10tkbell.exe1 00448Application Scheduler installed along with RealOne Player. Once installed, it runs independently of RealOne Player. See here for more information, including how to disable it. Also see evntsvc and Realsched. Note that eventsvc.exe no longer appears to be in a newer version. To disable "tkbell.exe" in the new version (1) Start RealOne Player (2) Tools - Preferences (3) Automatic services in the Categories pane (4) Uncheck all options and then OK20http://www.real.com/0
2 9TkBellExe1 10tkbell.exe1 00448Application Scheduler installed along with RealOne Player. Once installed, it runs independently of RealOne Player. See here for more information, including how to disable it. Also see evntsvc and Realsched. Note that eventsvc.exe no longer appears to be in a newer version. To disable "tkbell.exe" in the new version (1) Start RealOne Player (2) Tools - Preferences (3) Automatic services in the Categories pane (4) Uncheck all options and then OK20http://www.real.com/0
1 7Winhelp1 16TkBellExe.exe...1 00 39Added by a variant of the LOVGATE WORM!80http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.lovgate@mm.html0
2 8tkonnect1 12TKONNECT.EXE1 00 81Dialer for the Tiscali internet service provider. Available as a desktop shortcut25http://www.tiscali.co.uk/0
1 7tmchook1 11tmchook.exe1 00 64Detected by Kaspersky as the TrojanDownloader.Win32.VB.aa VIRUS! 01
0 7TMEEJME1 11TMEEJME.EXE1 00 67Found in a ToshibaTME3 directory. Toshiba Mobile Extension related? 01
0 8TMERzCtl1 12TMERzCtl.EXE1 00 67Found in a ToshibaTME3 directory. Toshiba Mobile Extension related? 01
0 9TSBxLogon1 11TMESBS2.EXE1 00 52Found on a Toshiba laptop. May be related to TMESBS? 7#FF00000
3 6TMESBS1 12TMESBS21.exe1 00137Toshiba Mobile Extension Selectable Bay Service for WinXP - support for docking stations. Not required if you don't use a docking station 01
0 8TMESBS321 12TMESBS32.EXE1 00 67Found in a ToshibaTME3 directory. Toshiba Mobile Extension related? 01
3 9TMExLogon1 10TMESRV.EXE1 00130Toshiba utility related to inserting and removing a laptop from a docking station. Not required if you don't use a docking station 01
3 8TMESRV311 12TMESRV31.EXE1 00130Toshiba utility related to inserting and removing a laptop from a docking station. Not required if you don't use a docking station 01
125Microsoft Windows Updater1 11TMNTSrv.exe1 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
317TM Outbreak Agent1 12TMOAgent.exe1 00141Trend Micro Internet Security anti-virus software virus outbreak warnings. Notifies users of virus outbreaks and offers to update the scanner 01
3 6TMOUSE1 10tmouse.exe1 00367Component of the Toshiba Mouse Control that allows users with an AccuPoint mouse to scroll MS-scroll-compatible documents by holding CTRL + ALT and moving the AccuPoint up or down. It also allows zooming by holding CTRL + SHIFT and moving the AccuPoint up or down. Disabling this item has no adverse effects, except disabling the scroll/zoom features of the AccuPoint 01
127Microsoft Internet Explorer1 7tms.exe1 00126Added by the Troj/Dloader-JA Trojan! The infection creates a folder called SYS in the Windows folder and copies itself there.59http://www.sophos.com/virusinfo/analyses/trojdloaderja.html0
3 9ThrustTSR1 11TMTMTSR.exe1 00172Thrustmaster Thrustmapper. "The Thrustmapper - t-mapper - icon sits on your taskbar and automatically detects when the joystick is plugged in and configures it accordingly"74http://us.thrustmaster.com/news/read.php3?newsid=159&skin=Thrustmaster0
2 7TMTMTSR1 11TMTMTST.exe1 00165Installed with Thrustmaster game controllers. It launches the Thrustmapper utility. Not required if you install the "driver only" from Thrustmaster website27http://www.thrustmaster.com0
3 6TNTClk1 10TNTCLK.exe1 00398Overclocking program for TNT, TNT2, and other graphics cards. This program can overclock the graphics card manually after startup when needed, especially before starting a gaming session. However, for simplicity, it can be left checked to let it run once at startup to automatically overclock the graphics card. In this case, it doesn't even run in the background after doing its job 01
3 7CheckIt1 11ToolBox.exe1 00227CheckIt Toolbox from WinCheckIt Diagnostic Software. Toolbox automatically backs up critical system files (such as .ini files and the Windows Registry), and performs a check on various system parameters at intervals you specify76http://cssvc.pcworld.compuserve.com/computing/cis/article/0,aid,15497,00.asp0
219Clik Status Monitor1 18toolsclickstat.exe1 00114Part of Iomega Tools to let you know whether an Iomega PocketZip (nee Clik) removable drive cartridge is installed 01
3 7TopDesk1 11TopDesk.exe1 00218TopDesk - puts an icon in your system tray that when clicked upon, opens a pop-up menu that gives instant access to all of your desktop programs without having to minimize, resize, move or close other programs or files 01
0 8TOSCDSPD1 12toscdspd.exe1 00 22Toshiba laptop related 01
3 8TOSHIBSU1 12Toshibsu.exe1 00256Reduces the power consumption when the laptop isn't being used to preserve battery power. Hibernate function doesn't work if this is disabled. Similar programs on other laptops reduce the processor clock rate, etc. Required if you run off battery regularly 01
3 7TosHKCW1 11TosHKCW.exe1 00158Toshiba Hot Key Change/Control Wireless. Permits you to use a hot key to activate/deactivate built-in 802.11b wireless transmission on a laptop (if installed) 01
4 6TosMem1 10tosmem.exe1 00285Toshiba laptop related. Win98/Me ACPI system can not hibernate or go on standby if all of the physical memory lower than 640KB is locked. This utility allocates and locks three pages on boot and then releases them on standby/hibernation for ACPI.SYS in order to solve the above problem 01
311TotRecSched1 15TotRecSched.exe1 00143Scheduler for Total Recorder - allows automatic recording of a show at a given time for later playback or you can use the scheduler as an alarm40http://www.highcriteria.com/products.htm0
3 7TouchED1 11TouchED.exe1 00 43TouchPad On/Off Utility on a Toshiba laptop 01
3 5TP4EX1 9tp4ex.exe1 00 48Adds accessibility options for an IBM TrackPoint 01
0 6tp4mon1 10tp4mon.exe1 00 44May be IBM Thinkpad mouse/trackpoint related 01
3 7tp4serv1 11tp4serv.exe1 00149Supports the "pointer stick" on Thinkpads in lieu of a mouse on an IBM ThinkPad laptop. Necessary for the "scroll" button to work 01
313TrackpointSrv1 11tp4serv.exe1 00136Supports the "pointer stick" in lieu of a mouse on an IBM ThinkPad laptop. Necessary for the "scroll" button to work 01
0 8TP98TRAY1 12TP98TRAY.EXE1 00 29IBM Thinkpad related utility. 01
0 6TPTRAY1 12TP98TRAY.EXE1 00 29IBM Thinkpad related utility. 01
3 8TpHotKey1 11TPHKMGR.EXE1 00178Activates "ThinkPad Help" when the "Thinkpad key" is pressed on an IBM ThinkPad laptop. Also activates the audio buttons (volume up/down, mute) on models such as the Thinkpad T30 01
3 8TpKmapMn1 12TpKmapMn.exe1 00206Create Keyboard combinations for special Thinkpad buttons when using an external keyboard, e.g. "Ctrl-arrow up" for "volume up". Only required when using an external keyboard. Available via Start - Programs 01
311tpopservice1 15tpopservice.exe1 00 79DirecWay two-way satellite internet service enhanced POP proxy server for email 01
315TPP Auto Loader1 11Tppaldr.exe1 00223Installed with DataStor's (and some other manufacturers) USB 2.0 based external DVD, CD-ROM and CD-RW drives. System tray icon allowing the user to disconnect the external drive without an error message being displayed27http://www.datastor.com.tw/0
3 7Tprtray1 11Tprtray.exe1 00 62Displays the Power icon in the System Tray on a Toshiba laptop 01
3 7TpScrLk1 11TpScrLk.exe1 00128IBM Thinkpad utility for displaying the Scroll Lock status on the System Tray - for Thinkpad's that don't have a Scroll Lock LED 01
4 8TpShocks1 12TpShocks.exe1 00483Responsible for controlling the IBM Hard Drive Active Protection system found on newer models of IBM Thinkpads, including T41, T42, X40, R50, and R51. The Hard Drive Active Protection system is based on a technology similar to that used in automobiles to deploy airbags on contact: An accelorometer on the motherboard detects physical acceleration--such as when the notebook falls--and in response the system temporarily parks the hard drive's read/write head until stability returns 01
0 7TPSmain1 11TPSMain.exe1 00 15Toshiba related 01
2 6TPTray1 10TPTray.exe1 00100Touchpad configuration tray icon for Toshiba laptops. Available via Start - Settings - Control Panel 01
0 7TPwrMgr1 11TPwrMgr.exe1 00 55Found on a Toshiba laptop. Related to power management? 01
4 8TPWRTRAY1 12Tpwrtray.exe1 00158Toshiba laptop's own Advanced Power Management system which disables Windows APM (greyed-out in Control Panel). You can't choose which of the 2 systems to use 01
0 7Tracker1 11Tracker.exe1 00 51Possibly associated with My Deluxe Invoices program 01
3 8tranicon1 12tranicon.exe1 00214A Tweak-XP component (only in the registered version), makes Desktop icons transparent. Can be enabled/disabled via Tweak-XP - System + File Tweaks - Windows Tweaks - Desktop Tweaks - Make Desktop Icons Transparent45http://www.totalidea.com/frameset-tweakxp.htm0
316TransparentIcons1 12tranicon.exe1 00214A Tweak-XP component (only in the registered version), makes Desktop icons transparent. Can be enabled/disabled via Tweak-XP - System + File Tweaks - Windows Tweaks - Desktop Tweaks - Make Desktop Icons Transparent45http://www.totalidea.com/frameset-tweakxp.htm0
311Transparent1 16TransparentB.exe1 00156Utility to turn desktop icon text backgrounds transparent. The last letter defines the icon text color: D= as desktop, W=white, B=black. Available from here45http://home.attbi.com/~jguerette/transparent/0
311Transparent1 16TransparentD.exe1 00156Utility to turn desktop icon text backgrounds transparent. The last letter defines the icon text color: D= as desktop, W=white, B=black. Available from here45http://home.attbi.com/~jguerette/transparent/0
311Transparent1 16TransparentW.exe1 00156Utility to turn desktop icon text backgrounds transparent. The last letter defines the icon text color: D= as desktop, W=white, B=black. Available from here45http://home.attbi.com/~jguerette/transparent/0
3 9transtask1 13transtask.exe1 00 57A Tweak-XP component, makes the taskbar icons transparent45http://www.totalidea.com/frameset-tweakxp.htm0
3 8Trashgrd1 12TRASHGRD.EXE1 00163Part of McAfee Nuts & Bolts. Protects all the files you delete, even files deleted in DOS or in 16-bit Windows applications, by sending them to the Recycle Bin 01
222PCSuiteTrayApplication1 19TrayApplication.exe1 00220System Tray icon for Nokia PC Suite. PC Suite lets you synchronize, edit, and back up many of your phone's files on a compatible PC through a wireless or cable connection. PC Suite can also be launched through Start Menu 01
219MSN Internet Access1 12trayclnt.exe1 00100Quick way to connect to MSN internet service - replaces "MSN Quick View" from V5.6 onwards 01
034Packard Bell EverSafe Tray Control1 15TrayControl.exe1 00 31Packard Bell EverSafe software. 01
312traydate.exe1 12TRAYDATE.EXE1 00 79Displays the date as well as the time in the System Tray. Available from TUCOWS73http://download.tucows.com/perl/PDA.html?Target=/wince/preview/32627.html0
310CacheBoost1 12trayicon.exe1 00131CacheBoost "optimizes the System Cache-Management of Windows XP/2000/NT and Windows .Net Servers, resulting in a performance boost"35http://www.systweak.com/cacheboost/0
215DisplayTrayIcon1 12TrayIcon.exe1 00155System Tray access to display properties for ABIT graphics cards. Unless you change your desktop resolution, etc regularily use Control Panel -> Display 01
313eScan Updater1 12Trayicos.exe1 00117eScan antivirus updater - allows users to automatically download updates and set the auto time interval for downloads45http://www.mspl.net/antivirus/escan/escan.asp0
311TrayManager1 11Trayman.exe1 00 80TrayManager hides system tray icons (FreeCell won't work when TrayMan is loaded)63http://www.zdnet.com/pcmag/pctech/content/18/04/ut1804.001.html0
3 7Traymon1 11traymon.exe1 00121Netropa Internet Receiver traymonitor. Will only launch the bar if you are connected to the internet and there's new news 01
2231A:MacVisionTrayMonitor1 15TrayMonitor.exe1 00 90Comes with the MacVision program for monitoring tray icons (Note : program is by Stardock) 01
212AAATraySaver1 13TraySaver.exe1 00189System Tray management utility from Mike Lin which allows you to hide, show, restore icons that are lost in an Explorer crash, remove dead tray icons, minimize any window to the System Tray20http://www.mlin.net/0
4231A:Stardock TrayMonitor1 14TrayServer.exe1 00 92For monitoring tray icons - if disabled icons will not be displayed in ObjectBar or DesktopX 01
1 8Taskschd1 11TRAYWND.EXE1 00 31Added by the LITMUS.002 TROJAN!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_LITMUS.0020
211tray_helper1 15tray_helper.exe1 00140Tray Helper is an Email checker with additional tools, including a popup window killer, pinger module to monitor hosts and an event reminder48http://www.republika.pl/trayhelper/indexeng.html0
1 5trend1 9trend.exe1 00 96Troj/Bancos-AZ is a password-stealing Trojan and downloader. Found in the Windows system folder.58http://www.sophos.com/virusinfo/analyses/trojbancosaz.html0
112OEM Tools 321 10tres32.exe1 00 26Added by the RBOT.QB WORM!84http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.QB&VSect=T0
1 8Trickler1 12Trickler.exe1 00 96Added by the Gator Adware. This program downloads and displays advertisements on your computer.56http://www.sarc.com/avcenter/venc/data/adware.gator.html0
010SDJobCheck1 12triggusr.exe1 00199Part of CA Unicenter Software Delivery - manage software across various systems, from desktops and servers to PDAs and mobile phones, in a controlled and standardized way - is it required at startup?47http://www3.ca.com/Solutions/Product.asp?ID=2340
4 6trirot1 10trirot.exe1 00 36Trident Microsystems 3D video driver 01
313TrojanScanner1 11Trjscan.exe1 00137Trojan Remover from Simply Super Software. Scans for an removes trojan viruses where anti-virus software may have not detected or removed46http://www.simplysup.com/tremover/details.html0
225Acronis TrueImage Monitor1 20TrueImageMonitor.exe1 00 89Part of Acronis True Image - backup software. Can be disabled without affecting TrueImage42http://www.acronis.com/products/trueimage/0
114SystemSettingf1 8TRUG.vbs1 00 26Added by the TRUG.B MACRO!72http://securityresponse.symantec.com/avcenter/venc/data/w97m.trug.b.html0
1 6tskdbg1 10tskdbg.exe1 00 28Added by the FLOOD.E TROJAN!68http://www.symantec.com/avcenter/venc/data/backdoor.irc.flood.e.html0
113winsockdriver1 9tskmg.exe1 00 48Added by the SDBOT.GEN TROJAN or WARPIGS.C WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.GEN0
124Microsoft Video Controls1 11tskmsgr.exe1 00 38Added by a variant of the SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
2 7TSMsger1 11TSMsger.exe1 00 86Epson scannner software - required for "one-touch" operation. Can be launched manually 01
1 7Tapisys1 7tss.exe1 00 26Added by the SMALL TROJAN! 01
217TrueSync Launcher1 10tstool.exe1 00112Starfish TrueSync - for synchronization between Windows platforms and popular devices, applications and services48http://www.starfish.com/solutions/data/data.html0
0 8tsyssmon1 12tsyssmon.exe1 00 40Found in a Toshibasysstability directory 01
218RealJukeboxSystray1 12tsystray.exe1 00 32System Tray icon for RealJukebox 01
0 5ttasq1 9ttasq.exe1 00 2?? 01
222Christmas Music Player1 10TTEST6.EXE1 00 98I"/IChristmas Music PlayerI /Ibrings the music of the Christmas Holiday to your desktop" 01
1 7Scvhost1 12ttplorer.exe1 00 82Troj/Lineage-D is a password-stealing Trojan. Found in the Windows system folder.58http://www.sophos.com/virusinfo/analyses/trojlineaged.html0
0 6Tukati1 23TukatiRedistributor.exe1 00 36Tukati Digital Content Distribution.30http://www.tukati.com/vno.html0
412tunebite.exe1 12tunebite.exe1 00116Tunebite is a program that re-records music that you play on your computer in the attempts to bypass its encryption.33http://www.tunebite.com/index.php0
0 6detect1 15turbodetect.exe1 00 2?? 01
318TurboMemoryCharger1 22turbomemorycharger.exe1 00197Some users swear by memory management utilities such as Turbo Memory Charger but others say you don't need them - especially if you have Win98 or WinME. See this article and make up your own mind34http://www.turbomemorycharger.com/0
3 8TurboTop1 12TurboTop.exe1 00 42TurboTop - make any window "Always on top"39http://www.savardsoftware.com/turbotop/0
1 4TVMD1 8tvmd.exe1 00198Total Velocity - "Secure commerce company that enables the æcheckoutÆ process for our customers in order to safely and securely purchase our award winning software". Autointsalling spyware29http://www.totalvelocity.com/0
3 5TvNow1 9TvNow.exe1 00147Application supplied with HP notebooks. It activates the S-Video port and is said to improve the quality of the output signal (resolution/timeouts) 01
2 8TVWakeup1 12tvwakeup.exe1 00163MS WebTV for Windows. Used to display TV on your PC via a compatible video card with in-built tuner (such as ATI All-In-Wonder). If you don't use it - uninstall it 01
0 7Tvwatch1 11tvwatch.exe1 00 71Associated with the TV-oOut option on Asus AGP or Intel graphics cards. 01
3 8TWarnMsg1 12twarnmsg.exe1 00114Toshiba System Warning Function for Windows 98, Me, 2000 - provides notification dialog when the cooling fan stops 01
0 8TWBrowse1 12TWBrowse.drv1 00 92Found on a Toshiba laptop. Possibly related to TWAIN drivers (ie, scanners, etc) - see this? 7#FF00000
3 8Tweak-Me1 12TWEAK-ME.exe1 002143rd party version of Miscrosoft'sTweak UI "powertoy" with many more options and controls (plus full support), designed specifically to take advantage of features in WinMe/2K and above, available from here23http://www.tweak-me.de/0
3 8Tweak-xp1 12Tweak-xp.exe1 00 52Main program for Tweak-XP - a WinXP tweaking utility45http://www.totalidea.com/frameset-tweakxp.htm0
3 8TweakDUN1 12tweakdun.exe1 00171Utility to optimize your Internet Browser Software. TweakDUN promotes faster Internet data transfer rates and faster downloads by eliminating fragmentation of data packets 01
0 8tweakico1 12tweakico.exe1 00 43May be a HP program to control their icons? 01
1 9(default)1 12twunk_32.exe1 00 29Added by the BLACKMAL.C WORM!78http://securityresponse.symantec.com/avcenter/venc/data/w32.blackmal.c@mm.html0
1 8Twunk_641 12twunk_64.exe1 00110System1060 homepage hi-jacker. Note - this is not a Windows file and is found in a WindowsSystem1060 directory 01
311Intellitype1 10type32.exe1 00239For MS programmable keyboards. If you disable Intellitype in Startup, any "Hot Keys" that are changed by the user to perform functions other than default settings, defer back to their default settings unless you have changed them 01
2 6type321 10type32.exe1 00253For MS programmable keyboards. If you disable Intellitype in Startup, any "Hot Keys" that are changed by the user to perform functions other than default settings, defer back to their default settings. Not required unless you have changed them 01
111winexplorer1 11typesys.exe1 00 36Added by Troj/Dloader-IY, a TROJAN!59http://www.sophos.com/virusinfo/analyses/trojdloaderiy.html0
1 7ttfload1 38wscript.exe %windir%\Fonts\ttfload.vbs2 00 92Added by the A href="http://www.sophos.com/virusinfo/analyses/vbsmcong.html"VBS/Mcon-G worm. 01
3 8UBSShell1 12UBSShell.exe1 00 49UBS (United Bank of Switzerland) banking software 01
116SQUpdatesChecker1 6uc.exe1 00145Xupiter SQWire variant - adware and homepage hijacker. Note - cannot be removed via the Xupiter website in the same way as other Xupiter variants44http://www.doxdesk.com/parasite/Xupiter.html0
2 6UC_SMB1 11ucstart.exe1 00171Part of IBM Update connector on IBM PCs for updating drivers on a new installation. Once you manually run the IBM Update connector program (shortcut) this entry is removed 01
2 8uc_start1 13ucstartup.exe1 00119Auto updater feature for IBM machines that tries to connect to IBM to see if there are any new drivers, patches and etc 01
276Automatically launches the United Devices Agent when you start your computer1 6UD.EXE1 00255The United Devices Agent can recycle your PC's unused resources and use them to perform valuable scientific and medical research without disturbing your usual computer use - similar to SETI@home but for medical research. Available via Start -> Programs36http://members.ud.com/download/gold/0
3 8UD Agent1 6UD.EXE1 00251The United Devices Agent can recycle your PC's unused resources and use them to perform valuable scientific and medical research without disturbing your usual computer use - similar to SETI@home but for medical research. Available via Start - Programs36http://members.ud.com/download/gold/0
114windows update1 11uddater.exe1 00 25Added by the LEOX TROJAN!73http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.leox.html0
011USBDetector1 11UDetect.exe1 00 81USB detector, apparently for an MP3 player - any further information appreciated! 01
3 8Ueproc321 12UEPROC32.exe1 00 91Part of Norton Utilities - most likely associated with the Unerase Wizard in older versions 01
111I-Worm.GiGu1 8uGiG.eXe1 00 23Added by the GINK WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.gink.worm.html0
310ABIT uGuru1 9uGuru.exe1 00140Provides quick access to several Abit motherboard utilities - such as monitoring cpu temperature, fan speeds, overclocking, flashing of BIOS 01
2 6Uidler1 10Uidler.exe1 00 49Uniloc Titlewave Browser used with some shareware 01
2 9UIWatcher1 13UIWatcher.exe1 00 85Ashampoo Uninstaller Suite - installation watcher. Available via Start -> Programs92http://www.ashampoo.com/frontend/products/php/product.php?idstring=0103&session_langid=20
112msconfig.exe1 9uline.exe1 00 53Added by a variant of the AGENT.AH downloader TROJAN! 01
3 6UMonit1 10umonit.exe1 00 36Alerts when USB device is plugged in 01
0 7PLoader1 8umsd.exe1 00 40USB Mass Storage Disk related tray icon. 01
4 8umxagent1 12umxagent.exe1 00 39Tiny Personal Firewall V4 - main engine44http://www.tinysoftware.com/home/tiny2?la=EN0
4 7umxldra1 11umxldra.exe1 00 73User mode executive module DLL loader - part of Tiny Personal Firewall V444http://www.tinysoftware.com/home/tiny2?la=EN0
4 7UMXLDRW1 11UMXLDRW.exe1 00 31Tiny Personal Firewall (pre V4)44http://www.tinysoftware.com/home/tiny2?la=EN0
1 8un32info1 12un32info.Exe1 00 30Added by the CRYPTER.A TROJAN!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A0
111foxhonz55681 10unicox.exe1 00 53Added by the Troj/Bancos-BH password stealing TROJAN!58http://www.sophos.com/virusinfo/analyses/trojbancosbh.html0
1 8[random]1 10unicox.exe1 00136Added by Troj/Bancos-BK. This TROJAN may be found in the Windows sytem folder, also as "Carteiro2.exe", and in the Windows help folder.58http://www.sophos.com/virusinfo/analyses/trojbancosbk.html0
3 5UniSc1 9Unisc.exe1 00 18McAfee UnInstaller 01
0 6uniucu1 10uniucu.exe1 00 2?? 01
1 7unldr161 11unldr16.exe1 00 43Added by a variant of the CRYPTER.C TROJAN!58http://www.sophos.com/virusinfo/analyses/trojcrypterc.html0
1 7unldr321 11unldr32.exe1 00 43Added by a variant of the CRYPTER.C TROJAN!58http://www.sophos.com/virusinfo/analyses/trojcrypterc.html0
1 7SYSTRAY1 8UNMT.EXE1 00 24Added by the SDBOT WORM!43http://vil.nai.com/vil/content/v_100454.htm0
1 7svwin321 13unninst32.exe1 00 28Added by the AGOBOT-NF WORM!57http://www.sophos.com/virusinfo/analyses/w32agobotnf.html0
4 6untray1 10untray.exe1 00 25Part of Command AntiVirus65http://www.authentium.com/solutions/products/commandantivirus.cfm0
211PrintScreen1 10UNWISE.EXE1 00 73Gadwin PrintScreen - utility to capture, print or save the current window34http://www.gadwin.com/printscreen/0
113Uninstall****1 7upd.exe1 00 61Adult content based screen saver where **** can be any number 01
1 2AV1 40UPDATE-28062004.exe[25 blank spaces].vbs2 00 25Added by the MIDFIN WORM!74http://securityresponse.symantec.com/avcenter/venc/data/vbs.midfin@mm.html0
1 6Update1 40UPDATE-28062004.exe[25 blank spaces].vbs2 00 25Added by the MIDFIN WORM!74http://securityresponse.symantec.com/avcenter/venc/data/vbs.midfin@mm.html0
125Automatic Windows Updater1 10Update.exe1 00 28Added by the GAOBOT.AO WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.ao.html0
114System Update21 10update.exe1 00 31Added by the AUTOTROJ-C TROJAN!59http://www.sophos.com/virusinfo/analyses/trojautotrojc.html0
414Update Service1 10Update.exe1 00165Loaded by Handybits programs such as EasyCrypto. Re-instates itself every time the program is run so best to leave it enabled. Prevent it dialling out via a firewall39http://www.handybits.com/easycrypto.htm0
114Windows Update1 10Update.exe1 00 28Added by the DELF-FN TROJAN!56http://www.sophos.com/virusinfo/analyses/trojdelffn.html0
1 9AV UpDate1 10Update.exe1 00 34Added by the Troj/Furoot-A TROJAN!57http://www.sophos.com/virusinfo/analyses/trojfuroota.html0
1 9zervpack21 11update2.exe1 00 27Added by the SDBOT.WD WORM!85http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.WD&VSect=T0
118M1cr0s0ft Upd4t4zS1 12update32.exe1 00 26Added by the RBOT-MI WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotmi.html0
214Update Manager1 17UpdateManager.exe1 00 72Searches for updates for the Rogers Yahoo! Browser - can be run manually37http://help.yahoo.com/rogers/browser/0
213updatemgr.exe1 13updatemgr.exe1 00322Once a month, your EarthLink 5.0 Update Manager contacts EarthLink's servers to check for software updates. If an update is available for your EarthLink software, Update Manager will inform you and, with your permission, download and install the update. Can go to http://www.earthlink.net and download the updates manually 01
2 8UPDATE~11 13updatemgr.exe1 00322Once a month, your EarthLink 5.0 Update Manager contacts EarthLink's servers to check for software updates. If an update is available for your EarthLink software, Update Manager will inform you and, with your permission, download and install the update. Can go to http://www.earthlink.net and download the updates manually 01
117Win32 USB2 Driver1 13updatemgr.exe1 00 38Added by a variant of the FORBOT WORM!57http://sophos.com.au/virusinfo/analyses/w32forbotgen.html0
119AVG Grisoft Updater1 11updater.exe1 00 28Added by the AGOBOT-OT WORM!57http://www.sophos.com/virusinfo/analyses/w32agobotot.html0
214iRiver Updater1 11Updater.exe1 00 76Updates for the iRiver Music Manager - used with their digital music players22http://www.iriver.com/0
015McAfeeUpdaterUI1 13UpdaterUI.exe1 00 93Associated with McAfee Enterprise 7.0.0. Updater for McAfee anti-virus and security programs? 01
211Updatestats1 15Updatestats.exe1 00252Statblaster - "Get officially liscensed MLB pitch-by-pitch real time updates from every stadium around the league. StatBlaster provides live streaming statistics for each fantasy matchup you want tracked either in one league or across all your leagues"27http://www.statblaster.com/0
116winlocatorupdate1 20updatewinlocator.exe1 00 37Locator adult content toolbar related 01
0 9Updatewiz1 13updatewiz.exe1 00 2?? 01
114USB 2.0 Driver1 12updateXP.exe1 00 80Added by W32/Agobot-QP, a Worm/IRC backdoor, found in the Windows system folder.57http://www.sophos.com/virusinfo/analyses/w32agobotqp.html0
114USB 2.0 Driver1 15updateXPSPC.exe1 00 86W32/Agobot-QU adds the file, acting much like othe variants of this WORM/IRC backdoor.57http://www.sophos.com/virusinfo/analyses/w32agobotqu.html0
124Microsoft Update Mechene1 11Updatez.exe1 00 26Added by the RBOT-GI WORM!58http://www.sophos.com.au/virusinfo/analyses/w32rbotgi.html0
315Bulldog Service1 8upsd.exe1 00150Belkin's Bulldog Plus control software which runs under Windows 95 or later and monitors the UPS (Uninterrupted Power Supply) via a serial or USB link 01
413UPSentry 20001 8upsd.exe1 00 92Used with Belkin UPS (Uninterruptable Power Supply) for support in the event of a power-loss 01
4 6UPSlim1 8upsd.exe1 00 92Used with Belkin UPS (Uninterruptable Power Supply) for support in the event of a power-loss 01
313Start Service1 10upssrv.exe1 00218Cyber Power PowerPanelPlus software. "In the event of a power outage, PowerPanelPlus Software automatically saves and closes all open files, and then shuts down the computer system in an intelligent and orderly manner"44http://www.cyberpowersystems.com/1500AVR.htm0
3 8Uptimer41 12Uptimer4.exe1 00213Uptimer4 is an appbar which displays time, date, uptime, free ram, free pagefile, cpu usage, disk free space, battery power, IP addresses, TCP throughput, list of running processes, netstat and several more things 01
111notepad.exe1 7upx.exe1 00 42Added by a variant of the AGENT.AH TROJAN! 01
4 8UrlLstCk1 12UrlLstCk.exe1 00200Part of Norton Internet Security. From Symantec - "UrlLstCk.exe is a necessary file that will be present in C:\Program Files\Norton Internet Security. It is a URL Checklist. It should not be disabled" 01
2 6URLMAP1 10Urlmap.exe1 00184Installed by MS Money, and runs whenever you start IE. All it does is bring up an annoying sidebar (kind of like the search window) with 'financial links' when the web page supports it 01
126Internet Exploere Services1 16urlmon32.dll.exe1 00 26Added by the EVIAN.C WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.evianc.html0
1 3rfv1 13url_mon32.exe1 00 78Added by the PWSteal.Tarno.M infection. Found in the %Windir%\z~c\ directory.76http://www.sarc.com/avcenter/venc/data/pwsteal.tarno.m.html#technicaldetails0
4 9UrtSvcExe1 12Urt95Svc.exe1 00217"Cisco Secure URT is a virtual LAN (VLAN) assignment service that enhances LAN security by actively identifying and authenticating users and then associating them only to their specific network services and resources" 01
116winlogon service1 7urx.exe1 00 28Added by the SPYBOT.EN WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.EN0
0 3Usb1 7Usb.exe1 00 43HP related - not sure whether it's required 01
116Win32 Usb Driver1 9usb32.exe1 00 27Added by the SDBOT-OV WORM!56http://www.sophos.com/virusinfo/analyses/w32sdbotov.html0
311USBDetector1 15USBDetector.exe1 00118USBDetector sets up an icon in the System Tray for a USB card which is intended to be used to eject or unplug hardware 01
123USB Hardware Monitoring1 15USBhardware.exe1 00 26Added by the RBOT-NN WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotnn.html0
3 8USBMMKBD1 12usbmmkbd.exe1 00242USB multimedia keyboard for HP systems. Allows the use of special function keys on USB keyboards. The latest version (available here) no longer pings a server when on-line wheras the older version did but did not transmit any user information145http://h20015.www2.hp.com/en/softwareDownloadIndex.jhtml?reg=&cc=&softitem=pv-10327-1&prodId=hppavilion18376&lc=en&sw_lang=en0
316Gene USB Monitor1 12USBMonit.exe1 00 59Monitors USB ports for insertion of Sandisk USB flashdrives 01
417Genie USB Monitor1 14USBmonitor.exe1 00 83Port monitor for an external USB hard drive. Required to enable access to the drive 01
1 4usbn1 8usbn.exe1 00 92Adult content dialer, recognized by Kaspersky antivirus as Trojan-Downloader.Win32.Small.afa36http://www.kaspersky.com/personalpro0
4 6USBPNP1 10USBPNP.exe1 00 37SiPix digital camera Twain USB driver 01
116USB Host Service1 10usbsvc.exe1 00 26Added by the RBOT-GG WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotgg.html0
111WIN USB 2.01 13usbsystem.exe1 00 40Added by an unidentified WORM of TROJAN! 01
2 5USBTA1 12usbtapnp.exe1 00 59System Tray access for the BeWAN Gazel 128 USB ISDN adapter56http://www.bewan.com/bewan/products/isdn/gazel128usb.php0
1 4Usbd1 9usb_d.exe1 00 28Added by the CIDRA-A TROJAN!56http://www.sophos.com/virusinfo/analyses/trojcidraa.html0
111Windows_VXD1 10user32.exe1 00 34Added by the PWSTEAL.PPORT TROJAN!74http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.pport.html0
1 8NetLogon1 11userint.exe1 00 27Added by the SDBOT-BC WORM!56http://www.sophos.com/virusinfo/analyses/w32sdbotbc.html0
113User Services1 11usersvc.exe1 00 30Added by the REVCUSS.A TROJAN!78http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.revcuss.a.html0
113WindowsUpdate1 11USRINIT.EXE1 00 27Added by the MADDIS.B WORM!73http://securityresponse.symantec.com/avcenter/venc/data/w32.maddis.b.html0
4133cpipe-USRpdA1 12USRmlnkA.exe1 00 35Modem driver files from US Robotics 01
014SSC_UserPrompt1 12UsrPrmpt.exe1 00 42Part of Symantec (Norton) Security Centre. 01
243USRobotics 802.11g Wireless Network Utility1 12USRWLANG.exe1 00449USRobotics Wireless Network Utility - used to configure security settings for connecting to WEP encrypted Access Point through the USR Wireless adapter. You must uncheck "Use Windows to configure my wireless settings" for the program to work properly. Has Site Survey capabilities, and reports link quality and signal strength. Not required for proper operation of the device as the features given are accessible in the network connection properties 01
2 8USSShReg1 12USSSHREG.EXE1 00 90Registration reminder for Ulead SmartSaver Pro - compacts large graphics for web designers 01
210UtilityPro1 14UtilityPro.exe1 00120IE search toolbars as supplied by people such as Yellow Internet and SearchBoss and written by Rawhide Search Solutions35http://www.buildyourowntoolbar.com/0
012Utility Ping1 12UTILIT~1.EXE1 00 2?? 01
1 6uwanah1 10uwanah.exe1 00 80Added by the W32/Sdbot-VL infection! File is found in the Windows system folder.56http://www.sophos.com/virusinfo/analyses/w32sdbotvl.html0
1 5uwyrl1 9uwyrl.exe1 00 27Added by the PHEL.A TROJAN!61http://www.symantec.com/avcenter/venc/data/trojan.phel.a.html0
1 6asejet1 12uyohuvax.exe1 00 67Added by the W32/Sdbot-VE WORM! Found in the Windows system folder.56http://www.sophos.com/virusinfo/analyses/w32sdbotve.html0
1 7uFnV32i1 8[random]1 00 45Added by the Adware.Envolo Adware downloader.57http://www.sarc.com/avcenter/venc/data/adware.envolo.html0
2 7ASUSKey1 12V38SHELL.EXE1 00 49System tray Icon for quickly changing video modes 01
0 8V66SHELL1 12V66SHELL.EXE1 00140It looks to be part of the display driver set for ASUS V3800, V6600 and V6800 display adapters. Probably a system tray quick access control? 01
3 7va10key1 11va10key.exe1 00 68Only required if you use the 10 kay bay unit with a Sony Vaio laptop 01
111wscript.exe1 10vabian.vbs1 00 24Added by the VABI VIRUS!72http://securityresponse.symantec.com/avcenter/venc/data/vbs.vabi@mm.html0
4 7VAGCtrl1 11VAGCTRL.EXE1 00 53Vexira Antivirus - virus scanner from Central Command51http://www.centralcommand.com/windows_products.html0
4 7VAGuard1 9VAGNT.exe1 00 53Vexira Antivirus - virus scanner from Central Command51http://www.centralcommand.com/windows_products.html0
3 6Appcon1 11vAppCon.exe1 00235Vital Application Console - part of POS-partner 2000 point-of-sale software from Vital. This is the taskbar icon and is enabled at startup by the "Auto-start when OS starts" option. Required for a connection to be established38http://www.pos-partner.com/Product.htm0
1 7SVCHOST1 11var.txt.exe1 00 30Added by the LDPINCH.C TROJAN!65http://www.symantec.com/avcenter/venc/data/pwsteal.ldpinch.c.html0
127Microsoft Visual Studio VSA1 11varpc32.exe1 00 38Added by a variant of the SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
324Virtual Access Scheduler1 12VASCHD32.EXE1 00 38The scheduler for mail and usenet tool 01
326VAIO Action Setup (Server)1 10VAServ.exe1 00154Sony Vaio utility that auto-launches selected applications when you plug in a digital video camera, digital still camera, etc. via iLink (FireWire) or USB 01
1 3vb61 7vb6.exe1 00 26Added by the MUGLY.D WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.mugly.d@mm.html0
110sdchosts321 8vbdd.exe1 00 29Added by the RANKY.AG TROJAN! 01
0 9WebServer1 12VBI_SE~1.EXE1 00 67Related to a Pinnacle sound card. What does it do and is it needed? 01
110VbouncerDL1 39VbouncerInner****.exe [* = random char]2 00417Virtual Bouncer - malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove, so definitely qualifies as unsolicited commercial software in itself. It also has an update feature that can download and execute arbitrary code. Warning - choose "custom" uninstall as "automatic" may remove other programs - see here and here32http://www.doxdesk.com/parasite/0
110VbouncerDL1 17VBouncerInner.exe1 00223Virtual Bouncer - malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove, so definitely qualifies as unsolicited commercial software in itself32http://www.doxdesk.com/parasite/0
410RestoreIT!1 11VBPTASK.EXE1 00197RestoreIT! from FarStone "allows you to recover instantly your files, system configuration, and even your operating system, to any point in time prior to the data loss or system failure."52http://www.farstone.com/home/en/html/productsvbp.htm0
113winupdate28461 26vbsystem35.exe msvbrun.exe2 00 41Added by a variant of the MUTIN-C TROJAN!56http://www.sophos.com/virusinfo/analyses/trojmutinc.html0
114winphonics75361 31vbsystem35.exe setups.exe vb.vb2 00 41Added by a variant of the MUTIN-C TROJAN!56http://www.sophos.com/virusinfo/analyses/trojmutinc.html0
115VBS_AUTO_UPDATE1 23VBS_Update-0548656X.vbs1 00 74Added by the VBS.Gormlez@mm infection! Found in the Windows system folder.75http://www.sarc.com/avcenter/venc/data/vbs.gormlez@mm.html#technicaldetails0
2 7VC5Play1 11VC5Play.exe1 00 69Virtual CD drive emulator - version 5. Available via Start - Programs32http://www.virtualcd-online.com/0
114VCatch Premium1 13VCatchpre.exe1 00 54VCatch antivirus. Considered spyware itself - see here64http://research.pestpatrol.com/PestInfo/Pest_Detail.asp?id=576840
1 7MonTest1 10vccxzq.exe1 00 27Added by the SDBOT-EA WORM!56http://www.sophos.com/virusinfo/analyses/w32sdbotea.html0
217VirtualCloneDrive1 13VCDDaemon.exe1 00 73Virtual Clone Drive, part of CloneCD CD/DVD copying sofware. Discontinued37http://www.elby.ch/products/clone_cd/0
212DLF_00000B001 9Vcdlf.exe1 00108Known to cause problems with "Out of memory" errors (see here). Otherwise, it's purpose is unknown63http://support.microsoft.com/default.aspx?scid=kb;EN-US;q3030450
2 9VCDPlayer1 13VCDPlayer.exe1 00 57Virtual CD drive emulator. Available via Start - Programs32http://www.virtualcd-online.com/0
2 8vcdplayx1 12vcdplayx.exe1 00134CD emulation part of GameDrive & VirtualDrive from Farstone. Not required as starting these programs load this automatically 55http://www.farstone.com/home/en/shtml/gamedovview.shtml0
3 8VCDTower1 12VCDTower.exe1 00216Goldensoft CD Ghost related - turns a computer into a 200X-speed CD-ROM tower. Working from the hard drive, users can simultaneously access as many as 23 virtual CD-ROM drives at a speed of 200X for true multitasking 01
0 8VCDWATCH1 12VCDWATCH.EXE1 00102Confirmed as Voyetra CD Watcher as it was found in a Compaq/Voyetra/AS2 directory but what does it do? 01
417CSAV_CheckViruses1 12vchk.exe.exe1 00 25Part of Command AntiVirus65http://www.authentium.com/solutions/products/commandantivirus.cfm0
1 7cmsound1 10vcpdll.exe1 00 41Added by the TCXMEDI-D downloader TROJAN!58http://www.sophos.com/virusinfo/analyses/trojtcxmedid.html0
2 9VCSPlayer1 11vcsplay.exe1 00 57Virtual CD drive emulator. Available via Start - Programs32http://www.virtualcd-online.com/0
1 7cmsound1 12vcsystem.exe1 00 41Added by the TCXMEDI-D downloader TROJAN!58http://www.sophos.com/virusinfo/analyses/trojtcxmedid.html0
2 6vdtask1 10vdtask.exe1 00129Program part of GameDrive & VirtualDrive from Farstone. Not required as starting these programs load this automatically 55http://www.farstone.com/home/en/shtml/gamedovview.shtml0
212VirtualDrive1 10VDTask.exe1 00 86VirtualDrive from Farstone - virtual CD drive emulator. Available via Start - Programs52http://www.farstone.com/home/en/html/productsvdp.htm0
020Verbatim Store 'n' G1 25verbatim store 'n' go.exe2 00 57Used by the Verbatim Store 'n' Go USB Flash memory cards.63http://www.verbatim.com.au/products/digital_media_USB_flash.cfm0
113Veritas Patch1 11veritas.exe1 00164An SDBot variant.. This infection spreads through port 139 and 445, probably looking for unprotected shares, and connects to a remote IRC server to await commands.33http://www.malwareblog.com/?p=1010
3 7versato1 11versato.exe1 00153"Hot" button (such as volume and browser control) management and a CD player as supplied with QTronix (as possibly Micro Innovations) keyboards59http://www.mic-innovations.com/keyboards_keypads_notes.html0
215AdobeVersionCue1 18VersionCueTray.exe1 00179"An exclusive feature of the Adobe« Creative Suite, Version CueÖ helps you find files fast, track multiple versions of your files, and share your files for creative collaboration"59http://www.adobe.com/products/creativesuite/versioncue.html0
221Windows Version Check1 11ver_chk.exe1 00106Version checker for CyberAudioLibrary ("A new way to exchange information through the Internet")33http://www.cyberaudiolibrary.com/0
412Vet Start Up1 9vet32.exe1 00244Computer Associates "InnoculateIT" and Vet Anti-Virus virus software. This option will slow down your system, if set too aggressively. There is no need to scan every file when opened, closed, etc. Check in InoculateIT PE options22http://www.vet.com.au/0
412Vet Start Up1 9vet98.exe1 00244Computer Associates "InnoculateIT" and Vet Anti-Virus virus software. This option will slow down your system, if set too aggressively. There is no need to scan every file when opened, closed, etc. Check in InoculateIT PE options22http://www.vet.com.au/0
4 9Vet Alert1 12vetmsg9x.exe1 00 78Computer Associates "InnoculateIT" and Vet Anti-Virus virus software22http://www.vet.com.au/0
3 7VetTray1 11vettray.exe1 00170Computer Associates "InnoculateIT" and Vet Anti-Virus virus software. System Tray quicklaunch access, not really necessary but only occupies 36k resources22http://www.vet.com.au/0
310VirtuaGirl1 6Vg.exe1 00175VirtuaGirl is a shareware program featuring scantily dressed girls on your desktop. They say hi in the morning, remind you of your appointments and dance for you on request... 01
316ASUS SmartDoctor1 12VGAProbe.exe1 00 35ASUS video card fan/thermal monitor 01
123Default System Research1 11vhchost.exe1 00 28Added by the TARNO.I TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.tarno.i.html0
1 5smsys1 6vi.exe1 00 21Adult content dialler 01
1 9vid32cntl1 13vid32cntl.Exe1 00 30Added by the CRYPTER.A TROJAN!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A0
1 7vidcntl1 11vidcntl.Exe1 00 30Added by the CRYPTER.A TROJAN!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A0
1 9Vidcompat1 13Vidcompat.exe1 00 25Added by the GEMA TROJAN!72http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html0
1 9Videocntl1 13Videocntl.exe1 00 40Added by a variant of the GEMA.D TROJAN!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=404930
111VideoDriver1 12videodrv.exe1 00 27Added by the MIMAIL.A WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.mimail.a@mm.html0
1 9Videool321 12VIDEOL32.EXE1 00 28Added by the AGOBOT.EC WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.EC0
116Video Lan Player1 18VideoLanPlayer.exe1 00 26Added by the RBOT-MY WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotmy.html0
114Video Services1 13videol_32.exe1 00 28Added by the AGOBOT-DM WORM!57http://www.sophos.com/virusinfo/analyses/w32agobotdm.html0
113Video Manager1 12videomgr.exe1 00 27Added by the PANDEM.C WORM!78http://securityresponse.symantec.com/avcenter/venc/data/w32.pandem.c.worm.html0
121Windows Video Drivers1 13videons32.exe1 00 29Added by the GAOBOT.AZT WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.azt.html0
119Win32 Configuration1 13videosd32.exe1 00 27Added by the SDBOT.TT WORM!98http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?VName=WORM_SDBOT.TT&VSect=T0
1 7MSVSync1 13videosync.exe1 00 38Added by a variant of the SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
120NVIDIA Video drivers1 13video_32D.exe1 00 28Added by the AGOBOT.KV WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.KV0
113Windows video1 11vide_32.exe1 00 45Added by a variant of the AGOBOT/GAOBOT WORM!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN0
2 6VidSvr1 10vidsvr.exe1 00177MS WebTV for Windows Channel Guide. Used to display TV on your PC via a compatible video card with in-built tuner (such as ATI All-In-Wonder). If you don't use it - uninstall it 01
1 8runreper1 10viewer.exe1 00 27Added by the REPER.A VIRUS!59http://www.symantec.com/avcenter/venc/data/w32.reper.a.html0
2 7ViewMgr1 11ViewMgr.exe1 00285Viewpoint Manager - automatic updates for ViewPoint products such as ViewPoint Media Player (as bundled with AOL, AOL Instant Messenger, Compuserve, etc). Can be run manually via Start - Settings - Control Panel by enabling auto-updates temporarily, re-booting and then disabling again50http://www.viewpoint.com/pub/products/manager.html0
319HydraVisionViewport1 12viewport.exe1 00167ATI/Appian HydraVision Desktop Manager software - monitors and regulates window and dialog box placement according to user preferences when using a multi monitor setup 01
010Restart_VS1 13Viewsonic.exe1 00 76Could be a left-over from the installation of a Viewsonic flat panel display 01
110Virus Scan1 12virscana.exe1 00 47Added by an unidentified VIRUS, WORM or TROJAN! 01
1 8Virt.exe1 8Virt.exe1 00 29Added by the REMADM-C TROJAN!57http://www.sophos.com/virusinfo/analyses/trojremadmc.html0
311VirtuaGirl21 11VirtuaGirl21 00175VirtuaGirl is a shareware program featuring scantily dressed girls on your desktop. They say hi in the morning, remind you of your appointments and dance for you on request... 01
1 8VBouncer1 18VirtualBouncer.exe1 00397Virtual Bouncer - malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove, so definitely qualifies as unsolicited commercial software in itself. It also has an update feature that can download and execute arbitrary code. Warning - choose "custom" uninstall as "automatic" may remove other programs - see here and here59http://www.pestpatrol.com/PestInfo/v/virtualbouncer_2_0.asp0
115Virtual Bouncer1 18VirtualBouncer.exe1 00417Virtual Bouncer - malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove, so definitely qualifies as unsolicited commercial software in itself. It also has an update feature that can download and execute arbitrary code. Warning - choose "custom" uninstall as "automatic" may remove other programs - see here and here32http://www.doxdesk.com/parasite/0
112MSN UPDATERS1 17virtualmemory.exe1 00 26Added by the RBOT-JK WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotjk.html0
314VirtuaReminder1 18VirtuaReminder.exe1 00120VirtuaReminder is a tool allowing the user to create reminders for such things as important appointments, birthdays, etc29http://hus7.rsn.bth.se/~nopo/0
113Virus_Scanner1 17Virus_Cleaner.exe1 00 24Added by the PANOL WORM!73http://securityresponse.symantec.com/avcenter/venc/data/w32.panol@mm.html0
2 9Vistascan1 13vistascan.exe1 00260Included in VistaScan are VistaAccess and VistaShuttle. VistaAccess gives you quick and easy access to scanning functions right from your desktop. For Windows users, you'll see a scanner icon in the Windows Tray of the Taskbar. Click this icon and a menu opens 01
1 5NetDy1 15VisualGuard.exe1 00 40Added by the NETSKY.N or NETSKY.W WORMS!76http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.n@mm.html0
110VividGalut1 14VividGalut.exe1 00 36Adult content related web downloader 01
2 5load=1 10vi_grm.exe1 00109Monitor drivers for Trio2x/3x based video cards - displays control panel for quick access to display settings 01
4 5VMDFW1 9vmdfw.exe1 00 25VirusMD Personal Firewall44http://www.virusmd.com/products/firewall.php0
110vmsnGraber1 14VMSNGRABER.EXE1 00 26Added by the ENVID.B WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.envid.b@mm.html0
1 4vmss1 8vmss.exe1 00 50Delfin Media Viewer or "Promulgate" adware variant51http://www.spywareguide.com/product_show.php?id=7270
411VOBRegCheck1 15VOBRegCheck.exe1 00177Part of Pinnacle Systems InstantCD/DVD and InstantCopy CD/DVD copying software that verifies drive settings. Once loaded it doesn't use any resources so you can leave it enabled27http://www.pinnaclesys.com/0
114System Startup1 10Voltio.exe1 00 26Added by the RBOT.NJ WORM!76http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.NJ0
116Microsoft Update1 9VPC32.EXE1 00 28Added by the AGOBOT.XM WORM!89http://it.trendmicro-europe.com/consumer/security_info/ve_detail.php?Vname=WORM_AGOBOT.XM0
0 5a_vpd1 7vpd.exe1 00 44Located in the IBMTOOLS\VPD sub-directory. " 01
2 8ICQ Plus1 9vplus.exe1 00109ICQ Plus is a freeware utility makes your ICQ skinnable (change the look). Available via Start -> Programs22http://www.icqplus.org0
224Cisco Systems VPN Client1 10vpngui.exe1 00 51Sets up IPSec communications for Cisco's VPN Client54http://www.cisco.com/en/US/products/sw/secursw/ps2308/0
413Raptor Mobile1 15vpnservices.exe1 00159Symantec VPN Client used to connect to corporate networks. If unchecked, must be uninstalled using Add/Remove Programs as it tightly integrates into networking24http://www.symantec.com/0
317Vpop3 Mail Server1 9vpop3.exe1 00164Mail server from Paul Smith Computer Services. Runs in system tray to collect mail. Can be run from a shortcut and if it isn't running then it won't get your email!22http://www.vpop3.co.uk0
3 6vptray1 10vptray.exe1 00162System Tray icon for Norton Anti-Virus Corporate Edition. Gives access to the options available and may not be required. Some users may have problems - refer here127http://groups.google.com/groups?q=vptray.exe%2BNorton&hl=en&safe=off&rnum=1&ic=1&selm=3A9D3F14.64A4B969%40birminghamchamber.com0
217Sonic A3D Control1 12vrtxctrl.exe1 00 21Sound related options 01
216UMAX VistaAccess1 12vsaccess.exe1 00 89VistaAccess gives you quick and easy access to scanning functions right from your desktop 01
210VsEcomrEXE1 11VSECOMR.EXE1 00115From McAfee VirusScan up to version 4.x. This executable is responsible for the periodic "update" prompts 01
1 9SystemFTP1 10VSENMB.exe1 00161Malware (ie, umal/uicious softuware/u). Also changes the system.ini Shell line to read Shell=Explorer.exe VSENMB.exe, and it hacks the Winstart.bat as well 01
411Vshwin32EXE1 12VSHWIN32.EXE1 00198From McAfee VirusScan up to version 4.x and Dr Solomon's VirusScan. Communicates between VSSTAT.EXE and the VShield System Scan module. Can be started automatically or available via Start - Programs 01
410TrueVector1 9VSMON.EXE1 00 82Even if you don't have ZoneAlarm or ZoneAlarm Pro run at start-up you do need this 01
110Zone Alarm1 9vsmon.exe1 00 97Added by the RBOT.BO WORM! If this was the ZoneAlarm firewall the name column would be TrueVector76http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BO0
2 3VSN1 7VSN.exe1 00 49Software to share photographs across the internet 01
0 7SNPSTD21 12vsnpstd2.exe1 00 94CameraMonitor MFC Application. Appears to be related to a USB connection to a digital camera. 01
214vspdfprsrv.exe1 14vspdfprsrv.exe1 00 18Visage PDF Printer37http://www.visagesoft.com/pdfprinter/0
012VirusScanMSC1 10VsStat.exe1 00152Part of McAfee VirusScan. System Tray application as with previous versions (were also VsStat.exe), McAfee SecurityCenter integration or something else? 01
4 9VsStatEXE1 10VSSTAT.EXE1 00198From McAfee VirusScan up to version 4.x and Dr Solomon's VirusScan. Communicates between VSSTAT.EXE and the VShield System Scan module. Can be started automatically or available via Start - Programs 01
138Mcafee Antivirus Monitoring System32mn1 14VSStatmn32.exe1 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
312MyVitalAgent1 12VtlAgent.exe1 00203MyVitalAgent from Lucent Technologies. Replacement for Net.Medic, monitoring all popular internet transactions and alerting the user of the loaction of connection problems. Available via Start - Programs115http://www.qip.lucent.com/qip/spectra/invoke.cfm?id=FBAD6307%2D6CCA%2D4CC3%2D851F5D42DB652AB2&Method=DisplayDetails0
2 6vTPass1 12vtpassld.exe1 00201Part of vTrails - a live media delivery solution. vTPass is the driver enabling the system to work. If unavailable via Start -> Programs, create your own shortcut for the "vtpass.exe" file37http://www.vtrails.com/about/FAQ.html0
3 8VTPreset1 12VTPreset.exe1 00 31Savage Pro S3 graphics software 01
211VoyetraTray1 9vtray.exe1 00128This provides an abbreviated Control Group for the Turtle Beach Montego II sound functions/associated with AudioStation 3 and 32 01
3 7VTTimer1 11VTTimer.exe1 00 95Driver file for the on-board VIA/S3G KM400/KN400 graphics which enables TV in/out communication 01
213vTunerStartUp1 10vTuner.exe1 00 96vTuner - "an easy way to find and listen to radio and TV broadcasts over the Internet"22http://www.vtuner.com/0
1 8reg1.reg1 12vuamgard.exe1 00 41Added by a variant of the IRC.BOT TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.bot.html0
110[not used]1 10vxd32v.exe1 00105Added by the W32.Dumaru.Y@mm Worm! It is a mass-mailing worm with backdoor and keylogging capabilities.93http://securityresponse.symantec.com/avcenter/venc/data/w32.dumaru.y@mm.html#technicaldetails0
2 3SFP1 12vzSFPWin.EXE1 00 58Verizon Online Support Center - prompts for online updates 01
3 7xv_ctrl1 10v_ctrl.exe1 00 973dfx Underground Tools - "Gives direct hardware control to your video graphics adapter" 01
1 3w321 7w32.exe1 00 28Added by the SOKEVEN TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sokeven.html0
1 7Secboot1 9w32tm.exe1 00 69"Backdoor.Haxdoor.D backdoor. Found in the Windows system directory. 01
119Win32 USB2.0 Driver1 11w32usb2.exe1 00 28Added by the SPYBOT.DN WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.DN0
330Pervasive.SQL Workgroup Engine1 12W3dbsmgr.exe1 00241Database Service Manager for Pervasive SQL 2000 Workgroup edition. Required if you use Pervasive SQL but it's recommended you start it manually before using it as it has a tendancy to crash/freeze if loaded with other applications at startup 01
412W75P2PSERVER1 11W75P2PS.EXE1 00 77Printer utility which is required in order to make the printer work correctly 01
0 6W815DM1 10W815DM.exe1 00 2?? 01
025Client agent for ARCserve1 12W95AGENT.EXE1 00 60Part of Brightstor ARCserve Backup from Computer Associates.53http://www3.ca.com/Solutions/ProductFamily.asp?ID=1150
1 4drmu1 9W95Mm.exe1 00 94Homepage hijacker installing a toolbar: http://tdko.com/. Lop.com in disguise. See this thread93http://www.lavasoft.nu/cgi-bin/forums/ikonboard.cgi?s=3d69d34f399dffff;act=ST;f=14;t=304;st=00
212WebArmyKnife1 7WAK.exe1 00 54Web Army Knife - a suite of web site developer's tools36http://www.webarmyknife.com/home.php0
4 8WanMPSvc1 12WanMPSvc.exe1 00166An AOL component, the Wan miniport (ATW) service. If you delete this and logon, AOL reports a problem with your internet connection, and reinstalling AOL doesnÆt help 01
212war-ftpd.exe1 12WAR-FTPD.EXE1 00 48War FTP Daemon from JGAA's Internet - FTP client38http://www.jgaa.com/index.php?menu=1540
2 6WARSVR1 12war-ftpd.exe1 00 64"War FTP Daemon - the original free FTP server for windows"85http://www.jgaa.com/index.php?menu=154&PHPSESSID=5e40946a3f777b0446aa51537bf27f9f0
1 7WareOut1 11WareOut.exe1 00 62Malware masquerading as a spyware and dialer remover, see here47http://www.easydesksoftware.com/news/news29.htm0
1 9ExeName321 8Warm.scr1 00 24Added by the SCOLD WORM!73http://securityresponse.symantec.com/avcenter/venc/data/w32.scold@mm.html0
3 6Warner1 10warner.exe1 00130Also known as "CyberWarner". From G-Tek Technologies and pre-installed on some Packard Bell PCs. Protects critical files 01
3 6Warnet1 10warnet.exe1 00 32Warnet - system cleanup software35http://www.warnet.com/download.html0
3 6Washer1 10washer.exe1 00236Windows Washer from Webroot Software. Useful utility that deletes safe to remove files, cookies, browsing history, etc. Available via from Start -> Programs. Disable within the program options - otherwise it is re-enabled in MSCONFIG45http://www.webroot.com/products/windowwasher/0
212Washerie.exe1 12washerie.exe1 00174Cookie Washer for Internet Explorer from Webroot Software. Light version of Windows Washer, specific for cleaning the IE cache and cookies. Available via Start -> Programs 01
3 9washindex1 11washidx.exe1 00236Windows Washer from Webroot Software. Useful utility that deletes safe to remove files, cookies, browsing history, etc. Available via from Start -> Programs. Disable within the program options - otherwise it is re-enabled in MSCONFIG45http://www.webroot.com/products/windowwasher/0
1 4Wast1 8wast.exe1 00 20Grokster ads updater 01
211DLHelperEXE1 9WATCH.exe1 00163Download helper distributed with some software that allows the software installation to redirect download locations. Not required once the installation is finished 01
324Eicon NetworksLAN_DAEMON1 9watch.exe1 00325Associated with an Eicon Networks ISDN or ADSL modem. Watch protocols your connection with numbers and duration. You need callvu.exe (from Start Menu) to see your connection statistics. You can manually start watch.exe before you go online. Needs diinfo.exe (started by DiTask) to work correctly which can be started manually42http://www.eicon.com/worldwide/default.htm0
326Eicon TechnologyLAN_DAEMON1 9watch.exe1 00325Associated with an Eicon Networks ISDN or ADSL modem. Watch protocols your connection with numbers and duration. You need callvu.exe (from Start Menu) to see your connection statistics. You can manually start watch.exe before you go online. Needs diinfo.exe (started by DiTask) to work correctly which can be started manually42http://www.eicon.com/worldwide/default.htm0
013Restart Watch1 9Watch.exe1 00 58Associated with an Eicon Networks Diva ISDN or ADSL modem.42http://www.eicon.com/worldwide/default.htm0
2 5Watch1 9watch.exe1 00102Found to be used by a Trust USB scanner for auto starting the scanning software when the lid is lifted 01
4 7Regrun21 12WatchDog.exe1 00167Greatis Software's RegRun 3 Security Suite which amongst other things replaces MSCONFIG. The WatchDog check for registry changes caused by trojan's, viruses, etc 34http://www.greatis.com/regrun3.htm0
217Watch Dog Program1 12watchdog.exe1 00155For Compaq PC's. Associated with Compaq's internet services. Not required if you don't use services provided by them and may not be required even if you do 01
2 8Watchdog1 12Watchdog.exe1 00225Definitely part of the Mustek scanner drivers and software (for 600 III EP Plus and maybe others), launches from the Startup folder in the Start Menu, but not required as they give instructions on removing it on their webpage 01
0 8WatchDog1 12watchdog.exe1 00100Part of Motorola "Mobile Phone Tools" v3 - in a "Mobiile Phone Tools" sub-directory of Program Files 01
0 9YOW tuner1 12WatchPNM.exe1 00 2?? 01
116Microsoft Update1 12wauguard.exe1 00 27Added by the RBOT.AEE WORM!90http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?VName=WORM_RBOT.AEE0
220Bose Wave/PC Monitor1 17wavepcmonitor.exe1 00101System Tray access for this system (more info on the system here). Available via Start -> Programs70http://www.bose.com/home_audio/interactive_systems/wave_pc/index.shtml0
216WaveTop Launcher1 11WaveTop.exe1 00166WaveTop - "Get push content from TV without an Internet connection" - now possibly a defunct system in the US included as an optional part of WebTV in Win9855http://www.zdnet.com/pcmag/firstlooks/9804/f980406a.htm0
033Webcam Go Sti Service Application1 12wbcgosvc.exe1 00 93Control software for the portable Creative Video Blaster Webcam Go digital camera/PC web cam.99http://www.americas.creative.com/products/product.asp?maincategory=6&category=61&product=560
2 5Wbiff1 9Wbiff.exe1 00109Wbiff! E-mail checker - automatically checks your e-mail and notifies you if any new e-mail has been received58http://shareware.lycos.com/tucows/winnt/preview/6187.shtml0
312WindowBlinds1 10wbload.exe1 00270WindowBlinds from Stardock. Skin application to change the appearence on Windows desktops. Available as an individual download or as part of Object Desktop. Required to restore settings if you use it. Available via right-click on the Desktop -> Properties -> Skins28http://www.windowblinds.net/0
1 4twhe1 8wbta.exe1 00 52PurityScan delivers advertisements to your computer.63http://www.sarc.com/avcenter/venc/data/adware.purityscan.b.html0
0 7Wbutton1 11Wbutton.exe1 00 56Related to the Wacom Penabled driver on Acer Tablet PCs. 01
311OWCWebCamDV1 12wcdvtray.exe1 00104WebCamDV from Orange Micro, Inc - enables the user to use a DV camera connected via Firewire as a Webcam40http://www.orangemicro.com/webcamdv.html0
321H/PC Connection Agent1 12WCESCOMM.EXE1 00 49Active sync for use with Windows CE based palm PC 01
2 8WCESCOMM1 12WCESCOMM.EXE1 00 49Active sync for use with Windows CE based palm PC 01
211wcmdmgr.exe1 11wcmdmgr.exe1 00282Web Driver delivery system for WildTangent on-line games. Periodically checks for updates - can be disabled within the programs control panel. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case64http://www.wildtangent.com/default.asp?pageID=webdriver_download0
3 7wcmdmgr1 12wcmdmgrl.exe1 00282Web Driver delivery system for WildTangent on-line games. Periodically checks for updates - can be disabled within the programs control panel. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case64http://www.wildtangent.com/default.asp?pageID=webdriver_download0
3 8wcmdmgrl1 12wcmdmgrl.exe1 00282Web Driver delivery system for WildTangent on-line games. Periodically checks for updates - can be disabled within the programs control panel. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case64http://www.wildtangent.com/default.asp?pageID=webdriver_download0
330WildTangent Web Driver updater1 12wcmdmgrl.exe1 00282Web Driver delivery system for WildTangent on-line games. Periodically checks for updates - can be disabled within the programs control panel. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case64http://www.wildtangent.com/default.asp?pageID=webdriver_download0
1 4WINT1 29wcp****.exe [* = random char]2 00 29PurityScan/Clickspring adware47http://www.doxdesk.com/parasite/PurityScan.html0
313Worm Detector1 6wd.exe1 00 81Worm Detector - antivirus add-on for Outlook 2K or XP for handling worms and spam29http://www.kl-soft.com/wd.php0
317WD Button Manager1 12WDBtnMgr.exe1 00117Button manager installed with a western digital external disk drive. Allows you to back up your system with one click 01
116Win32 DRK Driver1 10wdrk32.exe1 00 29Added by the WOOTBOT.CY WORM!90http://it.trendmicro-europe.com/consumer/security_info/ve_detail.php?Vname=WORM_WOOTBOT.CY0
115Windows Startup1 11Wdrun32.exe1 00 28Added by the GAOBOT.AO WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.ao.html0
1 7wdwctrl1 11wdwctrl.exe1 00 28Added by the DLUCA.E TROJAN!79http://securityresponse.symantec.com/avcenter/venc/data/downloader.dluca.e.html0
2 7WEATHER1 11WEATHER.EXE1 00119Weatherbug provides current outdoor temperature in the System Tray, also weather alerts. Available via Start - Programs 01
211WeatherCast1 11Weather.exe1 00 92Weather reporting in the System Tray. Available via Start - Programs. Installed via Radlight 01
122Daily Weather Forecast1 11WEATHER.EXE1 00 62Added by Troj/Dloader-IP TROJAN to the Windows program folder.59http://www.sophos.com/virusinfo/analyses/trojdloaderip.html0
216Tray Temperature1 14Weatherbug.exe1 00119Weatherbug provides current outdoor temperature in the System Tray, also weather alerts. Available via Start - Programs 01
113WeatherOnTray1 17WeatherOnTray.exe1 00 56Hotbar's Weather Forecast tool for your desktop - adware53http://sarc.com/avcenter/venc/data/adware.hotbar.html0
110MS-Connect1 7web.exe1 00 32Adult content dialler - see here49http://vil.mcafee.com/dispVirus.asp?virus_k=999720
126Website Administrator Info1 12webadmin.exe1 00149W32/Forbot-FY will connect to an IRC server and establish a new service named "Connection Reset", with the display name "Website Administrator Info".57http://www.sophos.com/virusinfo/analyses/w32forbotfy.html0
116Connection Reset1 12webadmin.exe1 00 89A new service is set by W32/Forbot-FY with a display name of "Website Administrator Info"57http://www.sophos.com/virusinfo/analyses/w32forbotfy.html0
212WebcamRT.exe1 12WEBCAMRT.exe1 00 66For Logitech Web Cams. Not required - camera works fine without it 01
112Webcelerator1 10webcel.exe1 00217Webcelerator from eAcceleration speeds your Web browsing by both remembering where you have been and anticipating where you will go. Only needed if you find it improves web browsing. Spyware and troublesome - see here28http://www.webcelerator.com/0
114System Update21 12webcheck.exe1 00 31Added by the AUTOTROJ-C TROJAN!59http://www.sophos.com/virusinfo/analyses/trojautotrojc.html0
1 8WebCheck1 12WebCheck.pif1 00 36Added by the CONE.C or CONE.F WORMS!74http://securityresponse.symantec.com/avcenter/venc/data/w32.cone.d@mm.html0
2 6WebKey1 10WebKey.exe1 00 97WebKey from JB Utilities. Utility to keep track of login data required when browsing the internet33http://variagate.com/webkeydl.htm0
116Microsoft Update1 8webm.exe1 00 27Added by the SDBOT.WK WORM!90http://it.trendmicro-europe.com/enterprise/security_info/ve_detail.php?VName=WORM_SDBOT.WK0
115Printer Monitor1 14webprinter.exe1 00 68A TROJAN, Troj/IRCBot-Z adds this file to the Windows system folder.57http://www.sophos.com/virusinfo/analyses/trojircbotz.html0
312websaverlive1 16websaverlive.exe1 00166WebSaver Live! is a companion program to Websaver that retrieves information from the Internet on a schedule and displays it on your screen when your computer is idle38http://12.47.194.20/help/channels.html0
121WebSavingsFromEbates01 25WebSavingsFromEbates0.exe1 00 75Web Savings From Ebates Software, a shopping tool that opens pop-up windows 01
120WebSavingsfromEbates1 27WebSavingsfromEbatesrun.exe1 00 75Web Savings From Ebates Software, a shopping tool that opens pop-up windows 01
414McAfeeWebscanX1 12WebScanX.exe1 00192From McAfee VirusScan up to version 4.x. Provides functionality for VShield Download Scan and Internet Filter modules. Enables internet scanning. Guards against malicious ActiveX programs, etc 01
4 8WebScanX1 12WebScanX.exe1 00192From McAfee VirusScan up to version 4.x. Provides functionality for VShield Download Scan and Internet Filter modules. Enables internet scanning. Guards against malicious ActiveX programs, etc 01
114WebSecureAlert1 18WebSecureAlert.exe1 00197WebSecureAlert. "Can help protect your browser security and privacy". However, it's by GAIN Publishing, and will display pop up ads on your computer screen based on your online Web surfing behavior 01
2 8Webshots1 17Webshots Tray.exe2 00 75Screensaver program that automatically downloads from the webshots web site 01
2 8Webshots1 12websho~1.exe1 00 75Screensaver program that automatically downloads from the webshots web site 01
4 7Webtrap1 11webtrap.exe1 00164Part of PC-Cillin anti-virus software. Checks web-sites for malicious Java and ActiveX elements in a similar way to McAfee WebScanX. A few users find it infuriating 01
413WebTrapNT.exe1 13WebTrapNT.exe1 00103Part of PC-Cillin Anti-Virus software. Checks visited web-sites for malicious Java and ActiveX elements 01
2 7Welcome1 11Welcome.exe1 00 51Launches the Welcome to Windows tutorial on boot up 01
0 7WEPstat1 11Wepstat.exe1 00204Cisco Aironet 340 Series PC Card driver. If it can be started manually it shouldn't be required if you don't use the PC card facility regularily - hence the status could be "U". Can anybody confirm this? 01
2 7WetSock1 11wetsock.exe1 00 56RoboMagic Wetsock - weather reporting in the System Tray36http://www.robomagic.com/wetsock.htm0
310Winfast_2K1 8WF2k.exe1 00280System Tray application that starts up the Winfox utility for a Leadtek Winfast grpahics card to restore settings. Can be started manually from Start -> Settings -> Control Panel Display. Only needed if you wish to run things like the hardware monitor or overclock your card 01
3 8WinFoxV21 8WF2k.exe1 00280System Tray application that starts up the Winfox utility for a Leadtek Winfast grpahics card to restore settings. Can be started manually from Start -> Settings -> Control Panel Display. Only needed if you wish to run things like the hardware monitor or overclock your card 01
1 3LSA1 10wfdmgr.exe1 00 77Added by the W32/MyDoom-BG WORM! File is found in the Windows system folder.57http://www.sophos.com/virusinfo/analyses/w32mydoombg.html0
210WFGStartup1 14WFGStartup.exe1 00162World Weather. "This midlet displays the current weather conditions for major cities around the world. This version is for memory limited mobile phones"74http://asia.cnet.com/downloads/handheld/swinfo/0,39001949,39022960s,00.htm0
316WinFast Schedule1 9Wfwiz.exe1 00 34Leadtek WinFast TV tuner scheduler 01
210Controller1 12WFXCTL32.EXE1 00215From Symantec's TalkWorks Pro and WinFax. Appears if you chose to have the program appear in the taskbar (System Tray) during installation and displays a yellow fax/telephone icon. Available via Start -> Programs 01
212WFXCTL32.EXE1 12WFXCTL32.EXE1 00212From WinFax 10.0 and possibly earlier versions. Appears if you chose to have WinFax appear in the taskbar (System Tray) during installation and displays a yellow fax/telephone icon. Available via Start - Programs 01
221WinFax PRO Controller1 12WFXCTL32.EXE1 00212From WinFax 10.0 and possibly earlier versions. Appears if you chose to have WinFax appear in the taskbar (System Tray) during installation and displays a yellow fax/telephone icon. Available via Start - Programs 01
3 8WindowFX1 11wfxload.exe1 00 94Stardock WindowFX - "Allows you to add an unprecedented number of special effects to windows"42http://www.stardock.com/products/windowfx/0
4 8wfxsnt401 12wfxsnt40.exe1 00151WinFax 10.0 and maybe earlier versions. The program that opens the port for WinFax and not normally in the start menu. Needed if you want to run WinFax 01
420WinFaxAppPortStarter1 12wfxsnt40.exe1 00148WinFax 10.0 and maybe earlier versions. Used to initiate the WinFax port to enable printing to the WinFax printer (send a fax) from any application. 01
0 8WFXSwtch1 12WFXSWTCH.exe1 00 18Related to WinFax. 01
4 8WG511WLU1 12WG511WLU.exe1 00107Netgear configuration programme for the 54g wireless lan card - required to monitor and manage the lan card 01
322WinGate Engine Monitor1 12wgengmon.exe1 00278WinGate Internet Client Dialup Monitor - component of WinGate proxy server software. Displays the status of the WinGate engine, and appears in the system tray of each workstation on the network reassuring clients that their workstations have connectivity with the WinGate Server 01
212WinGuage Pro1 11WGPRO32.EXE1 00257Part of McAfee Nuts & Bolts. "WinGauge is a dynamic reporting tool that constantly monitors your use of Windows and your applications, to alert you to potential problems before they become serious". Resource hog. Available via Start - Programs 01
315WGWLocalManager1 19WGWLocalManager.exe1 00615Part of Flash-Networks NettGain2000 product. NettGain 2000 is a combined hardware/software networking solution, which is designed to improve performance of satellite networks by increasing data transmission speeds and maximizing the existing bandwidth for complete utilization when sending TCP/IP applications over a satellite. It is needed when connecting to the internet via satellite to provide speed faster than 60k or so. It could be started by creating a shortcut, running it only when connecting to the internet. If internet is used often, it's recommended to leave it in startup so it starts with the system57http://www.flash-networks.com/Product.asp?table=Providers0
115WebHancer Agent1 11whagent.exe1 00164System Tray application that starts up Webhancer software. Software that optimizes your web browser and is also advertising spyware that you can find out about here30http://www.cexx.org/adware.htm0
1 7whagent1 11whagent.exe1 00164System Tray application that starts up Webhancer software. Software that optimizes your web browser and is also advertising spyware that you can find out about here30http://www.cexx.org/adware.htm0
126webHancer Survey Companion1 12whSurvey.exe1 00242WebHancer foistware - traffic measurement service that uses a client agent that is stealth installed on user machines, gathering detailed data about sites visited, their performance and, most important, what the user actually does while there42http://doxdesk.com/parasite/webHancer.html0
1 6Whvlxd1 10Whvlxd.exe1 00 34Added by the W32.LXD.MIRC TROJAN!73http://securityresponse.symantec.com/avcenter/venc/data/w32.lxd.mirc.html0
120Microsof Winlog Host1 13wilogon32.exe1 00 26Added by the RBOT.XC WORM!76http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.XC0
229iRiS AntiVirus Active Monitor1 12WIMMUN32.exe1 00 60Iris Antivirus - discontinued, replace with good alternative 01
130Microsoft Windows Media Player1 8wimp.exe1 00 26Added by the RBOT-FN WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotfn.html0
112Miosf Update1 12wimsqaad.exe1 00 29Added by the SDBOT.AG TROJAN!78http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.ag.html0
116WIN HOST PROCESS1 20WIN HOST PROCESS.EXE2 00 36Added by the KEYLOGGER.CLONE TROJAN!82http://securityresponse.symantec.com/avcenter/venc/data/keylogger.cone.trojan.html0
1 5Sys291 30win***32.exe [* = random char]2 00 15EliteBar adware76http://securityresponse.symantec.com/avcenter/venc/data/adware.elitebar.html0
1 4SysA1 30win***32.exe [* = random char]2 00 15EliteBar adware76http://securityresponse.symantec.com/avcenter/venc/data/adware.elitebar.html0
111WIN-BUGSFIX1 15WIN-BUGSFIX.EXE1 00 44Added by the LOVELETTER (I LOVE YOU) VIRUS!77http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=VBS_LOVELETTER0
1 9Sistray321 7win.bat1 00 91The W32/Jupir-A is spread via MIRC. The file can be found in the Windows system directory.55http://www.sophos.com/virusinfo/analyses/w32jupira.html0
133Microsoft Synchronization Manager1 7win.exe1 00 27Added by the SDBOT.AK WORM!78http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.ak.html0
122Remote Procedure Calls1 7win.exe1 00 27Added by the SDBOT-QI WORM!56http://www.sophos.com/virusinfo/analyses/w32sdbotqi.html0
1 7Winhost1 7win.exe1 00 31Added by the DLOADER-AP TROJAN!59http://www.sophos.com/virusinfo/analyses/trojdloaderap.html0
1 8Syscheck1 7win.hta1 00 16Browser hijacker 01
0 4run=1 7win.ini1 00 2?? 01
1 5WIN321 9WIN32.EXE1 00 27Added by the RATEGA TROJAN!63http://www.symantec.com/avcenter/venc/data/backdoor.ratega.html0
1 5Win321 9Win32.exe1 00 26Added by the ISRAZ.A WORM!76http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_ISRAZ.A0
1 9win32.exe1 9win32.exe1 00 30Added by the STARTPAGE TROJAN!59http://www.sophos.com/virusinfo/analyses/trojstartpagh.html0
110winprotect1 9win32.exe1 00 26Added by the MUGLY.E WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.mugly.e@mm.html0
121Microsoft SpA Service1 9win32.exe1 00103This is a SDBot variant backdoor infection. When run this infection connects to an IRC server, d-3.biz. 01
1 8win32clf1 12win32clf.exe1 00 47Added by an unidentified VIRUS, WORM or TROJAN! 01
1 8Win32dll1 12Win32dll.exe1 00 28Added by the BANPAES TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.banpaes.html0
1 8Win32DLL1 12Win32DLL.vbs1 00 44Added by the LOVELETTER (I LOVE YOU) VIRUS!77http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=VBS_LOVELETTER0
1 5load=1 13win32exec.exe1 00 25Added by the BITTER WORM!71http://securityresponse.symantec.com/avcenter/venc/data/w32.bitter.html0
119Win32 Device Loader1 12Win32ldr.exe1 00 45Added by a variant of the AGOBOT/GAOBOT WORM!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN0
1 6Winnup1 12win32nls.exe1 00 38Added by a variant of the SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
111Win32System1 10win32s.exe1 00 27Added by the MYDOOM.V WORM!68http://securityresponse.symantec.com/avcenter/venc/data/w32.mydoom.v0
115Winsock32driver1 15win32server.exe1 00 33Added by the BACKDOOR-AZV TROJAN!43http://vil.nai.com/vil/content/v_100723.htm0
115Winsock32driver1 15win32server.exe1 00 30Added by the HACARMY.F TROJAN!79http://securityresponse.symantec.com/avcenter/venc/data/backdoor.hacarmy.f.html0
115Winsock32driver1 15win32server.scr1 00 28Added by the HACARMY TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.hacarmy.html0
4 7WIN32SL1 11Win32sl.exe1 00461Part of Dell OpenManage Client Instrumentation - software that allows remote management application programs to access information about, monitor the status of or change the state of the client computer, such as shutting it down remotely. Uses the DMI and/or common information model (CIM) protocols, which are systems management protocols defined by industry standards. The specific function of this is to load MIF's in order for Dell OpenManage Client to work68http://docs.us.dell.com/docs/software/smcliins/cli60/en/ug/intro.htm0
130MICROSOFT UPDATE CONFIGURATION1 12WIN32SNC.EXE1 00 26Added by the RBOT-AI WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotai.html0
115[various names]1 12win32snd.exe1 00 26Added by the RBOT-DQ WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotdq.html0
1 6windef1 11Win32sp.vbs1 00 24Added by the ANPES WORM!60http://www.symantec.com/avcenter/venc/data/w32.anpes@mm.html0
117Win32 Src Service1 12win32src.exe1 00 26Added by the RBOT-SX WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotsx.html0
125Microsoft Windows Updater1 12win32upd.exe1 00 26Added by the RBOT-EC WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotec.html0
116WSAConfiguration1 12win32upd.exe1 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
110USB Device1 12win32usb.exe1 00 28Added by the FORBOT-BQ WORM!57http://www.sophos.com/virusinfo/analyses/w32forbotbq.html0
117Win32 USB2 Driver1 12win32usb.exe1 00 29Added by the SPYBOT.DHV WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.dhv.html0
124Sygate Personal Firewall1 10Win32x.exe1 00 26Added by the RBOT-KZ WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotkz.html0
114win32_i lptt011 11win32_i.exe1 00186Variant of the RapidBlaster parasite (in a "win32_i" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here49http://www.doxdesk.com/parasite/RapidBlaster.html0
114win32_i ml097e1 11win32_i.exe1 00186Variant of the RapidBlaster parasite (in a "win32_i" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here49http://www.doxdesk.com/parasite/RapidBlaster.html0
1 6Win3861 10Win386.exe1 00 27Added by the GOSUSUB VIRUS!77http://securityresponse.symantec.com/avcenter/venc/data/w32.hllp.gosusub.html0
119Microsoft IT Update1 9win43.exe1 00 26Added by the RBOT-SA WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotsa.html0
119Microsoft IT Update1 9win64.exe1 00 26Added by the RBOT.GA WORM!76http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.GA0
013Windows shell1 9win70.exe1 00 2?? 01
1 7WinDSNX1 11Win????.exe1 00 25Added by the DNSX TROJAN!61http://www.symantec.com/avcenter/venc/data/backdoor.dsnx.html0
110WIN3S2SNDS1 13winabsmod.exe1 00140Added by the AGENT.DN TROJAN - known to BOClean as "CWS/INDEX", "shuts down anything that wants to open and is used as a spam proxy as well"35http://www.nsclean.com/boclean.html0
1 9winactive1 13WINACTIVE.EXE1 00 46Active variant of LOP.com hijacker - see here40http://www.doxdesk.com/parasite/lop.html0
110WinActiveJ1 14WinActiveJ.exe1 00 28Added by the ROTARRAN VIRUS! 01
112Winad Client1 9Winad.exe1 00 33WinAd adware by eXact Advertising 01
1 6winadm1 10winadm.exe1 00 83Browser hijacker - redirecting to Search-World.net. Related to the SMALL.LR TROJAN!68http://castlecops.com/modules.php?name=Encyclopedia&op=content&tid=60
3 7_winadm1 10winadm.exe1 00312Parents Friend - "Log any activity and protect programs with a password. Further more you can lock the pc any hour in the week you want with the main password. You can also give users allowed programs in their program-lists and you can limit the maximal daily hours and maximal weekly hours user spend on the PC"49http://people.freenet.de/winadm/anleitung_eng.htm0
111MsnExplorer1 12winagent.exe1 00 70Added by Troj/Bdoor-EQ, a backdoor TROJAN found in the Windows folder.57http://www.sophos.com/virusinfo/analyses/trojbdooreq.html0
111Winahlp.exe1 11Winahlp.exe1 00 44Added by a variant of the VAGRNOCKER TROJAN!80http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_VAGRNOCK.120
1 8winallap1 12winallap.exe1 00 27Added by the DELF.E TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/backdoor.delf.e.html0
1 9winallapu1 13winallapu.exe1 00 27Added by the DELF.E TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/backdoor.delf.e.html0
1 6Winamp1 10winamp.exe1 00 85Added by the AGOBOT-MC WORM! Note - this is NOT the Winamp Media Player (WinAmpa.exe)57http://www.sophos.com/virusinfo/analyses/w32agobotmc.html0
112Winamp Agent1 10winamp.exe1 00 82Added by the W32/Poebot-I WORM! This file is found in the Windows system folder.56http://www.sophos.com/virusinfo/analyses/w32poeboti.html0
1 6Winamp1 10winamp.hta1 00 81Hijacker - re-directing to adult content sites. Note - this isn't the real Winamp 01
1 5Video1 12winamp32.exe1 00 28Added by the AGOBOT-NG WORM!57http://www.sophos.com/virusinfo/analyses/w32agobotng.html0
114Taskmon driver1 11winampa.exe1 00 28Added by the LOONY-I TROJAN!56http://www.sophos.com/virusinfo/analyses/trojloonyi.html0
112Win l5oahder1 11winampa.exe1 00177Added by the SPYBOTER.GEN VIRUS! Not the valid Winamp Agent which uses the same filename. This resides in the System32 sub-folder wheras real one is located in the winamp folder 01
3 7Winampa1 11WINAMPa.exe1 00228Loads the System Tray icon for the WinAmp media player. Can be used to mantain file associations so programs like QuickTime and RealPlayer don't take over as default player for various media types. Available via Start - Programs 01
1 7Winampa1 11winampa.exe1 00 28Added by the AGOBOT-GS WORM!57http://www.sophos.com/virusinfo/analyses/w32agobotgs.html0
113Winampa Agent1 11WINAMPA.EXE1 00 71Added by the SPYBOT-BR WORM! Note - this is NOT the Winamp Media Player57http://www.sophos.com/virusinfo/analyses/w32spybotbr.html0
311WinampAgent1 11WINAMPa.exe1 00228Loads the System Tray icon for the WinAmp media player. Can be used to mantain file associations so programs like QuickTime and RealPlayer don't take over as default player for various media types. Available via Start - Programs 01
119Winamp media player1 10winapa.exe1 00 47Added by an unidentified VIRUS, WORM or TROJAN! 01
1 6APIMon1 11winapix.exe1 00 53Added by a variant of the TIBSER.A downloader TROJAN! 01
1 6WinApi1 11winapix.exe1 00 53Added by a variant of the TIBSER.A downloader TROJAN! 01
112Video Proces1 10winaps.exe1 00 28Added by the AGOBOT.HD WORM!86http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.HD&VSect=T0
111RegistryChk1 13winbackup.exe1 00 26Added by the MERTIAN WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.mertian.worm.html0
3 6WinBar1 10WinBar.exe1 00135"WinBar is a free and compact program that lets you monitor your system and provides easy access to frequently used controls"21http://www.winbar.nl/0
1 8winbas121 12winbas12.exe1 00115Adware, probably CoolWebSearch parasite related - recognized by Kaspersky antivirus as TrojanDownloader.Win32.VB.du53http://www.spywareinfo.com/~merijn/cwschronicles.html0
1 2[]1 12winbas12.exe1 00115Adware, probably CoolWebSearch parasite related - recognized by Kaspersky antivirus as TrojanDownloader.Win32.VB.du53http://www.spywareinfo.com/~merijn/cwschronicles.html0
1 6Winbed1 10winbed.exe1 00 8Hijacker 01
112Reg Services1 13Winboot32.exe1 00 26Added by the RBOT.PB WORM!87http://fr.trendmicro-europe.com/consumer/security_info/ve_detail.php?Vname=WORM_RBOT.PB0
120Configuration Loader1 11wincffg.exe1 00 28Added by the AGOBOT.A3 WORM!86http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.A3&VSect=T0
115Winsock2 driver1 10WINCFG.SCR1 00 38Added by a variant of the SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
1 9SysConfig1 12wincfg32.exe1 00 27Added by the SDBOT.ZD WORM!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.ZD0
121Windows Config Loader1 12Wincfg32.exe1 00 30Added by the SILVERFTP TROJAN!66http://www.symantec.com/avcenter/venc/data/backdoor.silverftp.html0
1 8WinCheck1 12WinCheck.exe1 00 27Added by the PWS-CY TROJAN!42http://vil.nai.com/vil/content/v_98807.htm0
310Win Chimes1 12winchi~1.exe1 00 82WinChimes - enhancement software for the system clock that runs in the system tray64http://www.ddd.communitech.net/software/winchimes/winchimes.html0
229Intervideo Win Cinema Manager1 16WinCinemaMgr.exe1 00127WinCinema Manager is needed when using the WinDVD Remote Control for WinDVD from Intervideo. Available via Start -> Programs60http://www.intervideo.com/jsp/WinCinema_Manager_Download.jsp0
228Intervideo WinCinema Manager1 16WinCinemaMgr.exe1 00127WinCinema Manager is needed when using the WinDVD Remote Control for WinDVD from Intervideo. Available via Start -> Programs60http://www.intervideo.com/jsp/WinCinema_Manager_Download.jsp0
212WinCinemaMgr1 16WinCinemaMgr.exe1 00123WinCinema_Manager is needed when using the WinDVD Remote Control for WinDVD from Intervideo. Available via Start - Programs60http://www.intervideo.com/jsp/WinCinema_Manager_Download.jsp0
229Intervideo Win Cinema Manager1 12WINCIN~1.EXE1 00127WinCinema Manager is needed when using the WinDVD Remote Control for WinDVD from Intervideo. Available via Start -> Programs60http://www.intervideo.com/jsp/WinCinema_Manager_Download.jsp0
228Intervideo WinCinema Manager1 12WINCIN~1.EXE1 00127WinCinema Manager is needed when using the WinDVD Remote Control for WinDVD from Intervideo. Available via Start -> Programs60http://www.intervideo.com/jsp/WinCinema_Manager_Download.jsp0
212WINCINEMAMGR1 12WINCIN~1.EXE1 00123WinCinema_Manager is needed when using the WinDVD Remote Control for WinDVD from Intervideo. Available via Start - Programs60http://www.intervideo.com/jsp/WinCinema_Manager_Download.jsp0
124Windows Registry Cleaner1 12winclean.exe1 00 38Added by a variant of the SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
2 4Tour1 11wincool.exe1 00703Component of WinME that's annoying as hell. Pop's up a prompt to play the C:\WINDOWS\Application Data\Microsoft\INTROCONTENT.HTA that plays a full screen version of the WinME product preview Windows Media video file that cannot be stopped to my knowledge until it finishes. That prompt will keep popping up after an install/reinstall of WinME until you give in and watch the thing. It also puts a task scheduler entry to run that annoying thing every 30 minutes, and don't bother deleting that entry, Windows puts it right back. Not only should you disable it from running, you should delete the thing altogether, as it, somehow can re-enable itself. Apparently you can try setting the file to read only 01
216Wintercooler Pro1 11WINCOOL.EXE1 00 97Wintercooler Pro - utility that monitors CPU usage, RAM consumption and Internet connection speed45http://www.liveye.com/wintercooler/index.html0
113[random name]1 10wincpu.exe1 00 47Added by an unidentified VIRUS, WORM or TROJAN! 01
120Configuration Loader1 12wincrt32.exe1 00 28Added by the GAOBOT.BF WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.bh.html0
113Video Process1 12wincrt32.exe1 00 90Added by the W32/Agobot-GR WORM/IRC Backdoor. File is found in the Windows system folder.57http://www.sophos.com/virusinfo/analyses/w32abogotgr.html0
1 8wind.exe1 8wind.exe1 00 34Added by the MITGLIEDER.BD TROJAN!53http://www.viruslist.com/eng/viruslist.html?id=7968400
1 7WIND0WS1 11WIND0WS.exe1 00 28Added by the SPYBOT.DQ WORM!91http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_SPYBOT.DQ0
117Win32 USB2 Driver1 10wind32.exe1 00 28Added by the FORBOT-AH WORM!57http://www.sophos.com/virusinfo/analyses/w32forbotah.html0
124Windows Registry Startup1 10wind32.exe1 00 28Added by the AGOBOT-BZ WORM!57http://www.sophos.com/virusinfo/analyses/w32agobotbz.html0
116Windows Database1 10WinDat.exe1 00 40Added by an unidentified WORM or TROJAN! 01
2 8WinDates1 12windates.exe1 00 87WinDates is a calendar, date organizer and event reminder program from Rockin' Software 01
116Windows Debugger1 10windbg.exe1 00 47Added by an unidentified VIRUS, WORM or TROJAN! 01
219NB Windows Patterns1 13WINDBKGND.EXE1 00122Part of McAfee Nuts & Bolts. With Background Patterns, you can change background patterns of wizard and dialog windows 01
118Windows DDE Loader1 12windde32.exe1 00 68Added by the W32/Sdbot-UZ WORM! Found in the Windows system folder.56http://www.sophos.com/virusinfo/analyses/w32sdbotuz.html0
1 5Winde1 9winde.exe1 00 27Added by the DLUCA TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/downloader.dluca.html0
3 9AFAFilter1 14windefault.exe1 00 36AFAFilter - internet filter software25http://www.afafilter.com/0
120Configuration Loader1 10windex.exe1 00 28Added by the GAOBOT.BZ WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.bz.html0
1 7atisrc21 12windfind.exe1 00179Adult content dialler - see here. This has to be cleared at the same time as MSStartOptimizer (WINUPD.EXE), mmxrun (msosa.exe) and RegCompres (REGCPM32.EXE), otherwise they return85http://www.spywareinfo.com/forums/index.php?act=ST&f=11&t=7756&hl=&s=0
111win_upd.exe1 13WINdirect.exe1 00 33Added by the MITGLIEDER.M TROJAN!80http://securityresponse.symantec.com/avcenter/venc/data/trojan.mitglieder.m.html0
112win_upd2.exe1 13WINdirect.exe1 00 28Added by the BEAGLE.AO WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.ao@mm.html0
1 7erthgdr1 10windll.exe1 00 42Added by the BEAGLE.AO or BEAGLE.AQ WORMS!77http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.ao@mm.html0
1 7KavRuns1 10Windll.exe1 00 28Added by the TRYNOMA TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.trynoma.html0
124Microsoft Dll Management1 10windll.exe1 00 26Added by the RBOT-MT WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotmt.html0
1 6Windll1 10Windll.exe1 00 28Added by the TRYNOMA TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.trynoma.html0
110Windll.exe1 10Windll.exe1 00 28Added by the STEALER TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.stealer.html0
1 6Winlme1 10windll.exe1 00 24Added by the GOP.F WORM!74http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_GOP.F0
1 6windll1 12windll32.exe1 00 35Added by the ASTEF or RESPAN WORMS!75http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.astef.html0
1 8Windll321 12Windll32.exe1 00 27Added by the MSNPWS TROJAN!74http://securityresponse.symantec.com/avcenter/venc/data/msnpws.trojan.html0
123Microsoft Updaters Pros1 14WINDLL32XP.EXE1 00 33Added by the SPYBOTTER.GEN VIRUS! 01
115windllsys32.exe1 15windllsys32.exe1 00 47Added by a variant of the MITGLIEDER.BY TROJAN!68http://castlecops.com/modules.php?name=Encyclopedia&op=content&tid=50
127Windows Domain Name Drivers1 10windns.exe1 00186Added by the W32/Forbot-EP WORM/IRC backdoor Trojan to thee Windows system folder,and is as a new service called "IEXPLORER-Drivers" with a display name of "Windows Domain Name Drivers".57http://www.sophos.com/virusinfo/analyses/w32forbotep.html0
117IEXPLORER-Drivers1 10windns.exe1 00112A service is created by the W32/Forbot-EP WORM, and run using the display name of "Windows Domain Name Drivers".57http://www.sophos.com/virusinfo/analyses/w32forbotep.html0
1 6WinDNS1 12windns32.exe1 00 28Added by the GAOBOT.WX WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.wx.html0
118Windows DNS Daemon1 11windnsd.exe1 00 29Added by the WOOTBOT.AS WORM!92http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_WOOTBOT.AS0
110window.exe1 10window.exe1 00 50Added by the MITGLIEDER.H or MITGLIEDER.J TROJANS!80http://securityresponse.symantec.com/avcenter/venc/data/trojan.mitglieder.h.html0
122Windows Service Loader1 10window.exe1 00104An Rbot variant. This infections connects to an IRC server where it awaits commands from a remote user.33http://www.malwareblog.com/?p=1020
012Windows Load1 11windows.com1 00 2?? 01
119Microsoft IT Update1 11windows.exe1 00 26Added by the RBOT-GL WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotjm.html0
112NDIS Adapter1 11windows.exe1 00 28Added by the FORBOT-BR WORM!57http://www.sophos.com/virusinfo/analyses/w32forbotbr.html0
1 8Rundll321 11Windows.exe1 00 29Added by the QQPASS.E TROJAN!80http://securityresponse.symantec.com/avcenter/venc/data/trojan.pws.qqpass.e.html0
1 7Windows1 11Windows.exe1 00 55Added by the KAZMOR, BOBBINS & ALADINZ.D TROJANS!89http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_KAZMOR.A&VSect=T0
114Windows Update1 11windows.exe1 00 26Added by the RBOT-RB WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotrb.html0
118Microsoft Internet1 13windows32.exe1 00 26Added by the SDBOT-F WORM!55http://www.sophos.com/virusinfo/analyses/w32sdbotf.html0
115[various names]1 13Windows32.exe1 00 51Added by any of a number of WORM or TROJAN variants 01
112WindowsAgent1 16WindowsAgent.exe1 00 24Added by the GOP.G WORM!65http://www.symantec.com/avcenter/venc/data/w32.hllw.gop.g@mm.html0
110Auto Updat1 16WindowsSys32.exe1 00 38Added by a variant of the FORBOT WORM!57http://sophos.com.au/virusinfo/analyses/w32forbotgen.html0
124Microsoft Update Machine1 12windowsu.exe1 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 8HKLM\Run1 17windowsupdate.exe1 00121Added by the FORBOT-BJ WORM! (where HKLM\Run represents HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run)57http://www.sophos.com/virusinfo/analyses/w32forbotbj.html0
116WindowsXP Update1 19windowsxpupdate.exe1 00 26Added by the RBOT-PB WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotpb.html0
121WindowsCriticalUpdate1 27windows_critical_update.exe1 00 35Added by the ASTEF or RESPAN WORMS!75http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.astef.html0
116Microsoft Kernel1 20Windows_kernel32.exe1 00 28Added by the NETSKY.AE WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.ae@mm.html0
113WindowsUpdate1 18windows_update.exe1 00 24Added by the LOFNI WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.lofni.worm.html0
121Microsoft Windows GUI1 11Windowz.exe1 00 29Added by the RANDEX.AEV WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.aev.html0
1 9WinDriv321 13WinDriv32.exe1 00 29Added by the SMALL-BA TROJAN!57http://www.sophos.com/virusinfo/analyses/trojsmallba.html0
115Micrsoft Driver1 12windrive.exe1 00 29Added by the SDBOT.AF TROJAN!78http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.af.html0
110WinRunners1 14WinDrivers.exe1 00 27Added by the DULOAD.C WORM!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_DULOAD.C0
1 6InterU1 10WINDRV.EXE1 00 31Added by the IRCINTER.A TROJAN!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_IRCINTER.A0
1 6windrv1 12windrv32.exe1 00 89Added by an unidentified VIRUS, WORM or TROJAN! - possibly a strain of OBLIVION or BIONET 01
1 6WinSPF1 12windrv32.exe1 00 27Added by the MYDOOM.T WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.mydoom.t@mm.html0
123WinDriver Configuration1 14windrvconf.exe1 00 30Added by the AGOBOT-LX TROJAN!57http://www.sophos.com/virusinfo/analyses/w32agobotlx.html0
129Windows Update Client Service1 13windrvl32.exe1 00 30Added by the AGOBOT-MM TROJAN!57http://www.sophos.com/virusinfo/analyses/w32agobotmm.html0
1 6WinDrv1 11windrvx.exe1 00 53Added by a variant of the TIBSER.A downloader TROJAN! 01
317WinDSL MTU-Adjust1 14WinDSL_MTU.exe1 00114Adjusts the registry setting of the DUN-Adapters (MTU) and the TCP/IP-Protocol (RWIN) by ENGEL Technologieberatung 01
010WinDSL_MTU1 14WinDSL_MTU.exe1 00 35May be realted to Tiscali broadband 01
1 5dvd981 12windvd98.exe1 00 25Added by the CULT.P WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.cult.p@mm.html0
210WinDVRCtrl1 14WinDVRCtrl.exe1 00 57Control center software for an AOpen VA1000 TV tuner card 01
111ssgrate.exe1 12winerdir.exe1 00 33Added by the MITGLIEDER.O TROJAN!80http://securityresponse.symantec.com/avcenter/venc/data/trojan.mitglieder.o.html0
212Folding@home1 10WINFAH.EXE1 00235Folding@Home is a distributed computing project which studies protein folding, misfolding, aggregation, and related diseases - must be running in order to access the internet to upload to the servers. Available via Start -> Programs 01
1 8Rund1l321 13Winfi1e32.exe1 00 26Added by the MERTIAN WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.mertian.worm.html0
1 3FIX1 13WinFIX1.0.vbs1 00 70Added by the VBS.Gormlez@mm infection! Found in the Windows directory.75http://www.sarc.com/avcenter/venc/data/vbs.gormlez@mm.html#technicaldetails0
127Microsoft Updates Resources1 13WinFixIDs.exe1 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 7winfont1 11winfont.exe1 00 26Added by the DEATH TROJAN!75http://securityresponse.symantec.com/avcenter/venc/data/backdoor.death.html0
128Windows System Configuration1 10WINFRW.EXE1 00129Added by the W32/Domwis-H WORM/IRC backdoor Trojan, it will grant an attacker remote access to perform a widw variety of actions.56http://www.sophos.com/virusinfo/analyses/w32domwish.html0
113Patches Value1 12WinGamed.exe1 00 27Added by the SDBOT.BR WORM!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.BR0
1 7WinGate1 11WinGate.exe1 00 39Added by a variant of the LOVGATE WORM!80http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.lovgate@mm.html0
118WinGate initialize1 11WinGate.exe1 00 39Added by a variant of the LOVGATE WORM!80http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.lovgate@mm.html0
1 5wingo1 9wingo.exe1 00 42Added by the BEAGLE.AW or BEAGLE.AV WORMS!64http://www.symantec.com/avcenter/venc/data/w32.beagle.aw@mm.html0
124Windows Graphics Loaders1 15wingraphics.exe1 00 28Added by the SPYBOT.JG WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.JG0
110winusb.dll1 12winguard.exe1 00 28Added by the FORBOT-CN WORM!57http://www.sophos.com/virusinfo/analyses/w32forbotcn.html0
1 7Winhelp1 11winhe1p.exe1 00 29Added by the QQPASS.E TROJAN!80http://securityresponse.symantec.com/avcenter/venc/data/trojan.pws.qqpass.e.html0
1 9(default)1 11winhelp.exe1 00 29Added by the BLACKMAL.C WORM!78http://securityresponse.symantec.com/avcenter/venc/data/w32.blackmal.c@mm.html0
1 7WinHelp1 11WinHelp.exe1 00228Added by a variant of the LOVGATE WORM! Note - "winhelp.exe" resides in C:\Windows\System (Win9x/Me), C:\Winnt\System32 (WinNT/2K), or C:\Windows\System32 (WinXP) whereas the valid "winhelp.exe" resides in C:\Windows or C:\Winnt80http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.lovgate@mm.html0
117Windows Help File1 15winhelper32.exe1 00 29Added by the SDBOT-QK TROJAN!56http://www.sophos.com/virusinfo/analyses/w32sdbotqk.html0
120Windows Help Service1 13winhelpsv.exe1 00 26Added by the RBOT-LP WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotlp.html0
110winhlp.exe1 10winhlp.exe1 00 64"PWSteal.Formglieder Infection! Found in the Windows directory. 01
111winhlp3.exe1 11winhlp3.exe1 00 41Added by a variant of the EASTO.A TROJAN!78http://www.pestpatrol.com/pestinfo/w/win32_trojandownloader_easto_a_trojan.asp0
112winhlp32.exe1 12winhlp32.exe1 00 41Added by a variant of the EASTO.A TROJAN!78http://www.pestpatrol.com/pestinfo/w/win32_trojandownloader_easto_a_trojan.asp0
115Registry Loader1 13winhlpp32.exe1 00 28Added by the GAOBOT.AO WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.ao.html0
113winhlpp32.exe1 13winhlpp32.exe1 00 28Added by the GAOBOT.SY WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.sy.html0
124Microsoft Update Machine1 11winhost.exe1 00 26Added by the RBOT-GK WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotgk.html0
1 7Svchost1 11winhost.exe1 00129Added by the LOLAWEB.A TROJAN! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_LOLAWEB.A0
1 5win321 11winhost.exe1 00 27Added by the Bropia.F worm.46http://www.f-secure.com/v-descs/bropia_f.shtml0
113winhost32.exe1 13winhost32.exe1 00 27Added by the TABDIM TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/backdoor.tabdim.html0
1 7RunProg1 8wini.exe1 00 31Added by the OPTIX.04.D TROJAN!67http://www.symantec.com/avcenter/venc/data/backdoor.optix.04.d.html0
1 7AdAware1 8wini.exe1 00 43Added by the W32/Rbot-XN WORM/IRC backdoor.55http://www.sophos.com/virusinfo/analyses/w32rbotxn.html0
120configuration loader1 13winicfg32.exe1 00 34Added by the GAOBOT.GEN!POLY WORM!80http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.gen!poly.html0
114System Update21 11wininet.exe1 00 31Added by the AUTOTROJ-C TROJAN!59http://www.sophos.com/virusinfo/analyses/trojautotrojc.html0
1 9wininet321 13wininet32.exe1 00 29Added by the RAZNEW-A TROJAN!57http://www.sophos.com/virusinfo/analyses/trojraznewa.html0
1 8wininetd1 12wininetd.exe1 00 26Added by the WINET TROJAN!75http://securityresponse.symantec.com/avcenter/venc/data/backdoor.winet.html0
118,main drive Loader1 11wininfo.exe1 00 77Suspected malware as it appears in 3 different registry locations - see here40http://forums.techguy.org/t151017/s.html0
124Microsoft Update Machine1 10winini.exe1 00 26Added by the RBOT-KV WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotkv.html0
124Microsoft Update Machine1 12wininigo.exe1 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
113Bymer.Scanner1 11Wininit.exe1 00 24Added by the BYMER WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.bymer.html0
1 7wininit1 11wininit.exe1 00 29Added by the WOLLF.16 TROJAN!78http://securityresponse.symantec.com/avcenter/venc/data/backdoor.wollf.16.html0
1 7SysInit1 13wininit32.exe1 00 24Added by the XABOT WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.xabot.worm.html0
121IPTable Configuration1 13Winipcfgs.exe1 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
114WIP Config GUI1 13Winipcfgs.exe1 00 26Added by the RBOT-CN WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotcn.html0
110WIN3S2SNDS1 12winiprtx.exe1 00140Added by the AGENT.DN TROJAN - known to BOClean as "CWS/INDEX", "shuts down anything that wants to open and is used as a spam proxy as well"35http://www.nsclean.com/boclean.html0
1 6win-xp1 9winis.exe1 00 67Added by the W32/Rbot-BBD WORM! Found in the Windows system folder.56http://www.sophos.com/virusinfo/analyses/w32rbotbbd.html0
1 9upddateit1 9winit.exe1 00 26Added by the RBOT-MS WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotms.html0
1 7virtual1 9winit.exe1 00 38Added by the MUGLY.A or MUGLY.B WORMS!62http://www.symantec.com/avcenter/venc/data/w32.mugly.a@mm.html0
117Win32 Wmls Driver1 12winitr32.exe1 00 28Added by the WOOTBOT.B WORM!99http://es.trendmicro-europe.com/enterprise/security_info/ve_detail.php?VName=WORM_WOOTBOT.B&VSect=T0
125Microsoft Windows Updater1 15WINIUPDATES.EXE1 00 26Added by the RBOT-KK WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotkk.html0
125Windows JavaScript Daemon1 10Winjsd.exe1 00 29Added by the WOOTBOT.AF WORM!101http://es.trendmicro-europe.com/enterprise/security_info/virus_encyclopedia.php?VName=WORM_WOOTBOT.AF0
1 9Wink*.exe1 27Wink*.exe [* = random char]2 00 36Added by a variant of the KLEZ WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.h@mm.html0
3 6Winkb61 10winkb6.exe1 00124Part of We-Blocker, works in tandem with syswb6. Both files are needed to run WeBlocker. Required if We-Blocker is installed26http://www.we-blocker.com/0
1 9WinKernel1 10WinKer.exe1 00 39Added by the MIRAB or SERVIDOR TROJANS!75http://securityresponse.symantec.com/avcenter/venc/data/backdoor.mirab.html0
1 9systhread1 13winkernal.exe1 00 25Added by the LIAMED WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.liamed@mm.html0
3 6WinKey1 10winkey.exe1 00173Loads Copernic's WinKey. Used to map out Windows key hotkey combinations. Not required for the system, but is necessary for this to be running if you use these hotkey combos31http://www.copernic.com/winkey/0
133Microsoft Windows Kernel Services1 14winkrnl386.exe1 00 28Added by the ZEBROXY TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.zebroxy.html0
125Windows NT Update Manager1 12WINL0G0N.exe1 00 91Added by the AGOBOT-NU WORM! Note that those are zeroes in the filename and not capital "o"57http://www.sophos.com/virusinfo/analyses/w32agobotnu.html0
1 8WINLOGON1 12WINL0GON.exe1 00 90The Troj/Nethief-K TROJAN adds the file, which you'll note contains "zero" instead of "o".58http://www.sophos.com/virusinfo/analyses/trojnethiefk.html0
313Touch Manager1 10WinLED.exe1 00 97Dell keyboard utility. Disabling can result in loss of screen saver and power saver functionality 01
111winlibs.exe1 11winlibs.exe1 00 27Added by the EVAMAN.C WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.evaman.c@mm.html0
110winpsd.exe1 11winlibs.exe1 00 68Added by the Mydoom.S WORM! Located in the Windows system directory.46http://www.f-secure.com/v-descs/mydoom_s.shtml0
1 7Winlink1 13winlink32.exe1 00 29Added by the GAOBOT.AAY WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.aay.html0
1 8winltmpv1 9winln.exe1 00 30Added by the TCXMEDI-C TROJAN!58http://www.sophos.com/virusinfo/analyses/trojtcxmedic.html0
1 9updater321 13winload32.exe1 00 25Added by the CULT.M WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.cult.m@mm.html0
112Winsock2.dll1 11WINLODR.SCR1 00 47Added by an unidentified VIRUS, WORM or TROJAN! 01
3 5Login1 10winlog.exe1 00 54Salfeld Child Control 2003 - parental control software52http://www.salfeld.com/parental_control_overwiew.htm0
114Windows Logger1 10winlog.exe1 00 41added by the Backdoor.Netshadow backdoor.79http://www.sarc.com/avcenter/venc/data/backdoor.netshadow.html#technicaldetails0
122Windows Update Manager1 12Winlog0n.exe1 00 29Added by the AGENT-BO TROJAN!57http://www.sophos.com/virusinfo/analyses/trojagentbo.html0
115Windows logging1 11winlogd.exe1 00 26Added by the RBOT-ON WORM!55http://www.sophos.com/virusinfo/analyses/w32rboton.html0
121Windows debug logging1 11winlogg.exe1 00 26Added by the RBOT-OY WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotoy.html0
121Windows debug logging1 12winloggs.exe1 00 26Added by the RBOT-QN WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotqn.html0
110NDplDeamon1 12winlogin.exe1 00 27Added by the RANDEX.E WORM!73http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.e.html0
113Windows Logon1 12winlogin.exe1 00 29Added by the SPYBOT-C TROJAN!57http://www.sophos.com/virusinfo/analyses/trojspybotc.html0
1 8WinLogin1 12winlogin.exe1 00 28Added by the AGOBOT-IX WORM!57http://www.sophos.com/virusinfo/analyses/w32agobotix.html0
1 8winlogon1 12winlogin.exe1 00 27Added by the RANDEX.E WORM!73http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.e.html0
115virtual-machine1 12winlogin.exe1 00 20Added by W32/Rbot-VU55http://www.sophos.com/virusinfo/analyses/w32rbotvu.html0
133Microsoft Synchronization Manager1 14WinLoginnn.exe1 00 28Added by the SPYBOT.FO WORM!108http://fr.trendmicro-europe.com/enterprise/security_info/ve_detail.php?id=65624&VName=WORM_SPYBOT.FO&VSect=T0
1 5.Prog1 12winlogon.exe1 00127Added by the NEVEG.A WORM! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup!75http://securityresponse.symantec.com/avcenter/venc/data/w32.neveg.a@mm.html0
1 8BuildLab1 12winlogon.exe1 00127Added by the NEVEG.A WORM! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup!75http://securityresponse.symantec.com/avcenter/venc/data/w32.neveg.a@mm.html0
1 6ccApps1 12winlogon.exe1 00127Added by the NEVEG.A WORM! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup!75http://securityresponse.symantec.com/avcenter/venc/data/w32.neveg.a@mm.html0
116FriendlyTypeName1 12winlogon.exe1 00127Added by the NEVEG.A WORM! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup!75http://securityresponse.symantec.com/avcenter/venc/data/w32.neveg.a@mm.html0
1 7ICQ Net1 12winlogon.exe1 00138Added by variants of the NETSKY WORMS! Note - this is not the legitimate winlogon.exe process which should NOT appear in Msconfig/Startup!72http://www.liutilities.com/products/wintaskspro/processlibrary/winlogon/0
127Microsoft Visual SourceSafe1 12winlogon.exe1 00169Added by the NEVEG.A WORM! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup or the Microsoft Visual SourceSafe program75http://securityresponse.symantec.com/avcenter/venc/data/w32.neveg.a@mm.html0
1 7RegDone1 12winlogon.exe1 00127Added by the NEVEG.A WORM! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup!75http://securityresponse.symantec.com/avcenter/venc/data/w32.neveg.a@mm.html0
114System Update21 12winlogon.exe1 00 31Added by the AUTOTROJ-C TROJAN!59http://www.sophos.com/virusinfo/analyses/trojautotrojc.html0
1 8TEXTCONV1 12winlogon.exe1 00127Added by the NEVEG.A WORM! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup!75http://securityresponse.symantec.com/avcenter/venc/data/w32.neveg.a@mm.html0
1 7WinAuth1 12winlogon.exe1 00 97Added by an unidentified VIRUS, WORM or TROJAN! Note - this is not the valid winlogon.exe process72http://www.liutilities.com/products/wintaskspro/processlibrary/winlogon/0
4 8winlogon1 12winlogon.exe1 00 58Windows Logon Process - handles user logons described here72http://www.liutilities.com/products/wintaskspro/processlibrary/winlogon/0
1 8winlogon1 12winlogon.exe1 00199Hijacker or adult content dialler - file is located in C:\Windows or C:\Winnt, and not in it's System or System32 subdirectory, as is the case with the legitimate Windows Logon (winlogon.exe) process72http://www.liutilities.com/products/wintaskspro/processlibrary/winlogon/0
1 8winlogon1 12winlogon.exe1 00219Added by the TRODAL TROJAN! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup! File is located in C:\Windows or C:\Winnt, and not in it's System or System32 subdirectory76http://securityresponse.symantec.com/avcenter/venc/data/backdoor.trodal.html0
1 7WMAudio1 12winlogon.exe1 00127Added by the NEVEG.A WORM! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup!75http://securityresponse.symantec.com/avcenter/venc/data/w32.neveg.a@mm.html0
1 9xp_system1 12winlogon.exe1 00152KREPPER-G trojan, a CoolWebSearch parasite variant. Note - this is NOT the legitimate winlogon.exe process, which should NOT figure in Msconfig/Startup!58http://www.sophos.com/virusinfo/analyses/trojkrepperg.html0
113winsystem.sys1 12WINLOGON.EXE1 00 93Added by the W32/Sober-K infection! File will be found in the %WINDIR%\msagent\win32 folder.55http://www.sophos.com/virusinfo/analyses/w32soberk.html0
114_winsystem.sys1 12WINLOGON.EXE1 00 93Added by the W32/Sober-K infection! File will be found in the %WINDIR%\msagent\win32 folder.55http://www.sophos.com/virusinfo/analyses/w32soberk.html0
113SkynetRevenge1 12winlogon.scr1 00 28Added by the NETSKY.AA WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.aa@mm.html0
115[various names]1 14winlogon32.exe1 00 40Added by an unidentified WORM or TROJAN! 01
117Windows mangement1 13winlogonn.exe1 00 28Added by the RANDEX.FC WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.fc.html0
1 8winltmpv1 12WINLTMPV.EXE1 00 30Added by the TCXMEDI-C TROJAN!58http://www.sophos.com/virusinfo/analyses/trojtcxmedic.html0
1 7Winmain1 11winmain.exe1 00508One of the first of a new breed of malware. When run it immediately loads MSHTA.EXE from the Windows folder, placing it on "hot standby", ready to accept HTA scripting within a web page and then EXECUTE what is embedded IN the page as a program! In other words, it's possible for a "rogue" website to actually embed trojans, worms and/or viruses directly into a web page. BOClean's HTA Stop offers an easy way to toggle this capabiltity, or rather vulnerability, on and off. I suggest you leave it disabled!11hot standby0
013Tweak Manager1 14WinManager.Exe1 00102WinGuides Tweak Manager. Is this required for the live updates feature and/or if settings are changed?31http://www.winguides.com/tweak/0
115Windows Manager1 12winmants.exe1 00 25Added by the MANTAS WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.mantas.html0
313winmatrix.exe1 15WinMatrixXP.exe1 00145WinMatrix XP - wallpaper replacement that shows different matrix effects (including flowing matrix codes from 'The Matrix' movie) on your desktop36http://www.emotionrays.com/wmxp.php40
111WinMenssage1 10winmax.exe1 00 29Added by the BANCOS.B TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.bancos.b.html0
3 6WinMem1 10WinMem.exe1 00160WinMem Cleaner - part of Ultra WinCleaner Utility Suite. Makes more memory available for your programs and the Operating System. It also defragments your system61http://www.wincleaner.com/pc/uti/utiste/uwc_utility_suite.htm0
110WindowsMGM1 12Winmgm32.exe1 00 42Added by the SOBIG WORM and LALA.C TROJAN!49http://vil.mcafee.com/dispVirus.asp?virus_k=999500
210MMCWINMGMT1 11winmgmt.exe1 00152Used for Enterprise Management. If you are not an IT Administrator you don't need it to be running. Also runs from the PCHealth "scheduler" - refer here 9scheduler0
2 7WinMgmt1 11WinMgmt.exe1 00162Used for Enterprise Management. If you are not an IT Administrator you don't need it to be running. Also runs from the PCHealth "scheduler" - refer here105http://groups.google.com/groups?q=PCHealth%2Bpchschd.exe&hl=en&selm=eeuEENQ6AHA.1484%40tkmsftngp03&rnum=10
124Microsoft Update Machine1 10winmgr.exe1 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
112Windows Time1 10winmgr.exe1 00108The W32/Rbot-XC WORM/backdoor Trojan adds this and allows malicious remote access by way of the IRC network.55http://www.sophos.com/virusinfo/analyses/w32rbotxc.html0
1 8WinMgr321 12winmgr32.exe1 00 27Added by the MIMAIL.P WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.mimail.p@mm.html0
126Windows Network Controller1 16winmms32.exe.exe1 00 65W32/Forbot-ED wORM! It is found in the Windows system directory. 01
115Windows Monitor1 10winmon.exe1 00 27Added by the SDBOT.VB WORM!90http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_SDBOT.VB0
126Windows Monitoring Service1 10winmon.exe1 00 37Added by a variant of the SDBOT WORM!43http://vil.nai.com/vil/content/v_100454.htm0
219iRis Active Monitor1 12winmon32.exe1 00 60Iris Antivirus - discontinued, replace with good alternative 01
114Window Monitor1 12winmon32.exe1 00 27Added by the SDBOT.RT WORM!85http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.RT&VSect=T0
1 6MSIdll1 9winmp.exe1 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
123Windows System Security1 9winmp.exe1 00 26Added by the RBOT.IV WORM!82http://ae.trendmicro-europe.com/smb/security_info/ve_detail.php?Vname=WORM_RBOT.IV0
116Microsofts media1 13winmplayd.exe1 00 41Added by an undidentified WORM or TROJAN! 01
124Microsoft media services1 14winmplayer.exe1 00 26Added by the RBOT.ZO WORM!89http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?VName=WORM_RBOT.ZO0
115Microsoft media1 15winmplayers.exe1 00 38Added by a variant of the SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
121Quicktime Mediaplayer1 15winmplyer32.exe1 00 26Added by the RBOT-PM WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotpm.html0
124Microsoft Update Machine1 14Winmsixp32.exe1 00 26Added by the RBOT.DN WORM!84http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.DN&VSect=T0
1 9WinMsrv321 13WinMsrv32.exe1 00 29Added by the GAOBOT.AFJ WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.afj.html0
317ELSA WINman Suite1 12Winmsuit.exe1 00 96Allows you to totally customize your ELSA graphics card settings, including overclocking the GPU 01
213winmysqladmin1 17winmysqladmin.exe1 00 36Starts the MySQL database admin tool 01
218WinMySQLadmin Tool1 17winmysqladmin.exe1 00 36Starts the MySQL database admin tool 01
119Microsoft IT Update1 10winn43.exe1 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
112Windows Nets1 10WinNET.exe1 00 26Added by the RBOT-MO WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotmo.html0
1 6winnet1 10winnet.exe1 00 49CommonName Toolbar spyware. To uninstall see here62http://www.commonname.com/english/ug/toolbar/default.asp?idx=10
129Microsoft Security Management1 9winnt.exe1 00 26Added by the RBOT-MQ WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotmq.html0
1 7WinNtBB1 11WinntBB.exe1 00 27Added by the DULOAD.C WORM!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_DULOAD.C0
1 8winocx321 12winocx32.exe1 00 30Added by the PROTORIDE.I WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=397550
012OEPowerPlugs1 13winoeinit.exe1 00 2?? 01
0 5load=1 12WINOSCFG.EXE1 00 86Could it be something to do with configuring Windows on a new PC from an OEM supplier? 01
1 7Winpack1 11winpack.exe1 00 89Adware downloader - recognized by Kaspersky antivirus as Trojan-Downloader.Win32.Agent.gg36http://www.kaspersky.com/personalpro0
3 9WinPatrol1 13WinPatrol.exe1 00173WinPatrol - "Manage Startup programs, tasks, cookies; will sniff out Worms, Trojan horses, Cookies, Adware, Spyware, Klez, Assumption and other malicious programs"25http://www.winpatrol.com/0
1 7winpipe1 11winpipe.exe1 00 46Browser hijacker redirecting to wow-access.com 01
216Fromine WinPopup1 12winpopup.exe1 00 25Instant Messenger program 01
2 8WinPopup1 12WINPOPUP.EXE1 00256Intranet chat software provided by windows for chat on small networks. Handy little LAN messaging utility. Has been included in Windows since 95, and maybe in WFWG 3.11. Normally it won't set itself up to run unless the user specifically adds it to startup 01
417a-winpoet-service1 22winpppoverethernet.exe1 00391WinPoET is the industry's first Windows-based PPP over Ethernet client. Developed by iVasion, WinPoET is attractive to equipment providers, modem suppliers, RBOCs and ISPs. For more info read here. It uses dial-up networking for new high-speed internet customers who are more familiar with analogue modems. If unchecked in MSCONFIG it reports Error 360 - Hardware Error in dial-up networking52http://www.finepoint.com/products/winpoet/index.html0
4 7WinPoet1 22WinPPPoverEthernet.exe1 00391WinPoET is the industry's first Windows-based PPP over Ethernet client. Developed by iVasion, WinPoET is attractive to equipment providers, modem suppliers, RBOCs and ISPs. For more info read here. It uses dial-up networking for new high-speed internet customers who are more familiar with analogue modems. If unchecked in MSCONFIG it reports Error 360 - Hardware Error in dial-up networking52http://www.finepoint.com/products/winpoet/index.html0
1 5TrayX1 12winppr32.exe1 00 26Added by the SOBIG.F WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.sobig.f@mm.html0
125Windows Internet Protocol1 13winproc32.exe1 00 30CoolWebSearch parasite variant53http://www.spywareinfo.com/~merijn/cwschronicles.html0
1 7WinProt1 11Winprot.exe1 00 31Added by the CHUPACABRA TROJAN!40http://www.hackfix.org/miscfix/cha.shtml0
1 7virtual1 14winprotect.exe1 00 26Added by the MUGLY.C WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.mugly.c@mm.html0
123Windows File Protection1 14winprotect.exe1 00 28Added by the AGOBOT.JB WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.JB0
110winprotect1 14winprotect.exe1 00 67Added by the W32/Sdbot-SB worm! Found in the Windows system folder. 01
3 8WinProxy1 12WinProxy.EXE1 00127"WinProxy is the world-first proxy server and a firewall with integrated mail server for Windows 95/98/ME/NT/2000/XP"24http://www.winproxy.net/0
1 6winpsd1 10winpsd.exe1 00 27Added by the MYDOOM.Q WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.mydoom.q@mm.html0
1 8win32app1 12Winpup32.exe1 00 80Added by the Troj/AdClick-N Trojan! File is found in the Windows system folder.58http://www.sophos.com/virusinfo/analyses/trojadclickn.html0
1 7quicken1 10Winrar.exe1 00 97CoolWebSearch parasite variant. Note - this is not the file zipping utility also known as WinRAR!53http://www.spywareinfo.com/~merijn/cwschronicles.html0
1 6winrar1 10winrar.exe1 00139CoolWebSearch parasite variant. Note - this is not the file zipping utility also known as WinRAR and it's located in C:\Winnt or C:\Windows53http://www.spywareinfo.com/~merijn/cwschronicles.html0
111winrarshell1 17winrarshell32.exe1 00 27Added by the SALIRA TROJAN!75http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.salira.html0
121Windows Explorer-32121 11WINRE16.EXE1 00 25Added by the HARDOC WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.hardoc@mm.html0
1 8Services1 11winread.exe1 00 47Added by an unidentified VIRUS, WORM or TROJAN! 01
2 7!NoLoad1 12winrecon.exe1 00148WinRecon - surveillance software that creates records of everything people do on a computer, ie, spying or monitoring depending upon how you call it24http://www.winrecon.com/0
120Configuration Loader1 10Winreg.exe1 00 28Added by the GAOBOT.AO WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.ao.html0
1 3Net1 10WINREG.EXE1 00 30Added by the ASSASIN.D TROJAN!79http://securityresponse.symantec.com/avcenter/venc/data/backdoor.assasin.d.html0
116Registry Checkup1 10winreg.exe1 00 40Added by an unidentified WORM or TROJAN! 01
1 9SystemReg1 10WINREG.EXE1 00 28Added by the DEWIN.A TROJAN!76http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_DEWIN.A0
1 6winReg1 10winReg.exe1 00 36Added by the YAHA.H or YAHA.J WORMS!74http://securityresponse.symantec.com/avcenter/venc/data/w32.yaha.h@mm.html0
124Microsoft Update Machine1 13Winregs32.exe1 00 26Added by the RBOT.DN WORM!84http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.DN&VSect=T0
1 9winregsrv1 13winregsrv.exe1 00 26Added by the SYNRG TROJAN!75http://securityresponse.symantec.com/avcenter/venc/data/backdoor.synrg.html0
117Windows OEM Tools1 12winres32.exe1 00 28Added by the SPYBOT.FD WORM!108http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?id=65276&VName=WORM_SPYBOT.FD&VSect=T0
124Microsoft Update Manager1 10WINRLS.EXE1 00 26Added by the RBOT-AF WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotaf.html0
2 8winroute1 12winroute.exe1 00315Win-Route 4.27. WinRoute Tray Icon for starting and stopping the WrCtrl.exe process, also to log in to the console to view logs and change settings. Can be unchecked and the engine still runs and functions normally. Can then use provided shortcuts for administration of the program. Loaded in SERVICES on Windows 2k 01
121Remote Procedure Call1 10winrpc.exe1 00 26Added by the RBOT-KM WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotkm.html0
1 6sysdir1 10winrun.exe1 00 27Added by the WINBUR.B WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.winur.b.html0
1 6windir1 10winrun.exe1 00 27Added by the WINBUR.B WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.winur.b.html0
1 6winrun1 10winrun.exe1 00 27Added by the WINBUR.B WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.winur.b.html0
1 5winur1 10winrun.exe1 00 27Added by the WINBUR.B WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.winur.b.html0
120Windows Runtime Help1 14WinRunHelp.wrh1 00 43Added by a variant of the AIMVISION TROJAN!50http://www.pestpatrol.com/pestinfo/a/aimvision.asp0
1 8msconfig1 8wins.exe1 00 68Added by an unidentified IRC WORM with backdoor trojan capabilities! 01
223Intervideo WinScheduler1 16WinScheduler.exe1 00193WinScheduler is installed with WinDVD Remote Control for WinDVD from Intervideo. If you want to schedule recordings from your TV tuner card, you will need it. Available via Start -> Programs25http://www.intervideo.com0
130Microsoft Java Virtual Machine1 12winscr32.exe1 00 39Added by a variant of the WOOTBOT WORM!80http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.GEN0
116Microsoft Update1 10winscv.exe1 00 26Added by the RBOT-BH WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotbh.html0
1 6WinSec1 12winsec16.exe1 00 28Added by the AGOBOT.ZF WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.ZF0
1 9winsecure1 13winsecure.exe1 00 53Browser hijacker, redirecting to specificsearches.com 01
1 8AKEYNAME1 11WinServ.exe1 00 30Added by the EVILBOT.C TROJAN!79http://securityresponse.symantec.com/avcenter/venc/data/backdoor.evilbot.c.html0
129Microsoft Security Management1 11winserv.exe1 00 26Added by the RBOT-MJ WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotmj.html0
1 6NetApp1 11winserv.exe1 00 32Added by the SHADOWTHIEF TROJAN!80http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SHADOWTHIEF0
110Win Server1 11winserv.exe1 00 30Added by the IMISERV.A TROJAN!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_IMISERV.A0
122Windows System Serivce1 11winserv.exe1 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 7Winserv1 11Winserv.ila1 00 70Added by the W32.Nodmin@mm infection!. Found in the Windows directory.74http://www.sarc.com/avcenter/venc/data/w32.nodmin@mm.html#technicaldetails0
111WinServices1 15WinServices.exe1 00 36Added by the YAHA.K or YAHA.M WORMS!74http://securityresponse.symantec.com/avcenter/venc/data/w32.yaha.k@mm.html0
114Norton Updater1 10winset.exe1 00 38Added by a variant of the SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
115Service Process1 10winset.exe1 00 38Added by a variant of the SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
118Configuration File1 12Winset32.exe1 00 29Added by the FLUX.101 TROJAN! 01
1 5win321 12WinSetup.exe1 00 30Added by the EVILBOT.B TROJAN!79http://securityresponse.symantec.com/avcenter/venc/data/backdoor.evilbot.b.html0
315SurfinGuard Pro1 11winsfcm.exe1 00 46SurfinGuard Pro - internet protection software46http://www.finjan.com/products/surfinguard.cfm0
123Windows NT Service Name1 12winshock.exe1 00 26Added by the RBOT-PK WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotpk.html0
112winshost.exe1 12winshost.exe1 00103Added by the Troj/BagleDl-K Trojan. The file for this infection is found in the Windows system folder.58http://www.sophos.com/virusinfo/analyses/trojbagledlk.html0
127Windows System Manager Proc1 10winsmc.exe1 00 26Added by the RBOT.JH WORM!76http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.JH0
125Windows Messenger Service1 12winsmsgr.exe1 00 57Added by W32/Rbot-VW. Found in the Windows system folder.55http://www.sophos.com/virusinfo/analyses/w32rbotvw.html0
1 9NAV Agent1 11winsnav.vbs1 00 24Added by the ANPES WORM!60http://www.symantec.com/avcenter/venc/data/w32.anpes@mm.html0
117Win32 USB2 Driver1 12winsnd32.exe1 00 37Added by a variant of the SDBOT WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.GEN0
122windows system service1 11winsock.exe1 00 26Added by the RBOT-MR WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotmr.html0
113winsockdriver1 14winsock2.2.exe1 00 38Added by a variant of the SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
1 8internct1 13WinSocks5.exe1 00 31Added by the GRAYBIRD.F TROJAN!80http://securityresponse.symantec.com/avcenter/venc/data/backdoor.graybird.f.html0
112Sound System1 13WinSound1.exe1 00 47Added by an unidentified VIRUS, WORM or TROJAN! 01
1 6WinSPF1 12winspf32.exe1 00 27Added by the MYDOOM.S WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.mydoom.s@mm.html0
1 6Winspl1 11winsplx.exe1 00 41Added by a variant of the TROLL-A TROJAN!56http://www.sophos.com/virusinfo/analyses/trojtrolla.html0
114System Update21 12winspool.exe1 00 31Added by the AUTOTROJ-C TROJAN!59http://www.sophos.com/virusinfo/analyses/trojautotrojc.html0
1 7smcserv1 10winsrv.exe1 00 28Added by the AGOBOT-OU WORM!57http://www.sophos.com/virusinfo/analyses/w32agobotou.html0
1 6Winsrv1 10winsrv.exe1 00 28Added by the OPASERV.T WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.T0
114System Manager1 12winsrv32.exe1 00 40Added by an unidentified WORM or TROJAN! 01
1 5win321 12winsrv32.exe1 00100Added by the ADUENT TROJAN! Acts as a hi-jacker redirecting to Surferbar.com and adult content sites74http://securityresponse.symantec.com/avcenter/venc/data/trojan.aduent.html0
1 6PMedia1 11winsrvc.exe1 00137Internet marketing sofware from PMedia as used in E-Card FriendGreetings foistware - see here. Treated by Trend as the FRIENDGRT.B WORM!24http://www.pmedia.co.uk/0
124Microsoft Update Machine1 9winss.exe1 00 26Added by the RBOT.JU WORM!76http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.JU0
110MSOleath321 9winss.exe1 00 27Added by the KATHER TROJAN!43http://vil.nai.com/vil/content/v_100491.htm0
111SSK Service1 12winssk32.exe1 00 26Added by the SOBIG.E WORM!62http://www.symantec.com/avcenter/venc/data/w32.sobig.e@mm.html0
116Win32 SSL Driver1 10winssv.exe1 00 28Added by the FORBOT-BH WORM!57http://www.sophos.com/virusinfo/analyses/w32forbotbh.html0
116Windows SSL File1 10winssv.exe1 00 29Added by the WOOTBOT.CA WORM!92http://it.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_WOOTBOT.CA0
1 8WinStart1 12WinStart.exe1 00264From IGetNet - turns the IE address bar into a keyword engine piped into IGetNet. In other words, with this installed, typing "car" in the IE address bar will point the browser to the Lexus web site. Foistware - installs components without your knowledge 7#FF00000
1 7wormexe1 12winstart.exe1 00 28Added by the EARLYBIRD WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.earlybird@mm.html0
1 8WinStart1 12WinStart.pif1 00 25Added by the CONE.E WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.cone.e@mm.html0
111WinStart0011 15WinStart001.exe1 00264From IGetNet - turns the IE address bar into a keyword engine piped into IGetNet. In other words, with this installed, typing "car" in the IE address bar will point the browser to the Lexus web site. Foistware - installs components without your knowledge39http://www.igetnet.com/iGetNet_Home.asp0
115WinStart001.EXE1 15WinStart001.exe1 00264From IGetNet - turns the IE address bar into a keyword engine piped into IGetNet. In other words, with this installed, typing "car" in the IE address bar will point the browser to the Lexus web site. Foistware - installs components without your knowledge39http://www.igetnet.com/iGetNet_Home.asp0
1 8WinStart1 14winstart32.exe1 00 24Added by the PUROL WORM!62http://www.symantec.com/avcenter/venc/data/w32.hllw.purol.html0
1 8WinSth161 12WinSth16.exe1 00 23Added by the CAKE WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.cake.html0
114Win32 exe file1 12winstr32.exe1 00 38Added by a variant of the SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
139Generic Host Process for Win32 Services1 10winsvc.exe1 00 26Added by the SDBOT-O WORM!55http://www.sophos.com/virusinfo/analyses/w32sdboto.html0
117Microsoft Service1 10winsvc.exe1 00 28Added by the SPYBOT-DB WORM!57http://www.sophos.com/virusinfo/analyses/w32spybotdb.html0
127System Document Application1 12winsvc32.exe1 00 67Added by the W32/Sdbot-VA WORM! Found in the Windows system folder.56http://www.sophos.com/virusinfo/analyses/w32sdbotva.html0
111UPNPService1 17WinSVCservice.exe1 00 28Added by the AGOBOT.UN WORM!91http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?VName=WORM_AGOBOT.UN0
111Reg Service1 9winsy.exe1 00 38Added by a variant of the SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
116Microsoft Update1 10winsys.exe1 00 26Added by the RBOT-GV WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotgv.html0
1 9ssate.exe1 10winsys.exe1 00 27Added by the BEAGLE.K WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.k@mm.html0
3 6Winsys1 10Winsys.exe1 00153Win-Spy - surveillance software that creates records of everything people do on a computer, ie, spying or monitoring depending upon how you call it 43http://www.bc-technologies.com/products.htm0
112Config Loadr1 12winsys32.exe1 00 28Added by the AGOBOT-HN WORM!57http://www.sophos.com/virusinfo/analyses/w32agobothn.html0
116Microsoft Update1 12winsys32.exe1 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
118Windows Networking1 12winsys32.exe1 00 28Added by the GAOBOT.FL WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.fl.html0
1 8WinSys321 12Winsys32.exe1 00 44Added by the CIGIVIP TROJAN or RECKUS WORM!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.cigivip.html0
115winsys32 Driver1 12winsys32.exe1 00 28Added by the LOONY-O TROJAN!56http://www.sophos.com/virusinfo/analyses/trojloonyo.html0
114USB 2.0 Driver1 12Winsys32.exe1 00118W32/Agobot-QM WORM will add this file, resulting in unauthorised access, by way of an IRC channel, through a backdoor.57http://www.sophos.com/virusinfo/analyses/w32agobotqm.html0
112blah service1 16winsysengine.exe1 00 26Added by the RBOT-KI WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotki.html0
121WindowsRegKeys update1 11winsysi.exe1 00 27Added by the SDBOT.WE WORM!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.WE0
116winsyslog lptt011 13winsyslog.exe1 00189Variant of the RapidBlaster parasite (in a "Winsyslog" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here49http://www.doxdesk.com/parasite/RapidBlaster.html0
312WinSysAppMon1 12WinSysRM.exe1 00 46Home & Family Content Filter related. See here60http://s.planetgood.net/Users/TechSupportFAQ.htm#_Toc99254570
121Remote Procedure Call1 13winsysrpc.exe1 00 27Added by the SDBOT-PS WORM!56http://www.sophos.com/virusinfo/analyses/w32sdbotps.html0
1 9WinSyst321 13winsyst32.exe1 00 23Added by the MORB WORM!64http://www.symantec.com/avcenter/venc/data/w32.hllw.morb@mm.html0
122Windows System Manager1 13winsystem.exe1 00 26Added by the RBOT-AN WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotan.html0
1 9WinSystem1 13winsystem.exe1 00 29Added by the WHITEBAIT WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.whitebait@mm.html0
1 9Winsystem1 13winsystem.exe1 00 30Added by the BANCOS.CR TROJAN!108http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?id=65604&VName=TROJ_BANCOS.CR&VSect=T0
114USB 2.0 Driver1 13winsystem.exe1 00131Added by the W32/Agobot-QS WORM/IRC backdoor, it kills a variety of processes relating to anti-virus and security related programs.57http://www.sophos.com/virusinfo/analyses/w32agobotqs.html0
1 4WCPS1 28Wint**.exe [* = random char]2 00 29PurityScan/Clickspring adware47http://www.doxdesk.com/parasite/PurityScan.html0
119Win32BaseServiceMOD1 11Wintask.exe1 00 26Added by the NAVIDAD WORM!78http://securityresponse.symantec.com/avcenter/venc/data/w32.navidad.16896.html0
1 7WinTask1 11Wintask.exe1 00 37Added by the HIPO or LEMIR.F TROJANS!74http://securityresponse.symantec.com/avcenter/venc/data/backdoor.hipo.html0
114WinTask driver1 11wintask.exe1 00 41Added by the SMALL.ABD downloader TROJAN! 01
316WinTasks Traybar1 12wintasks.exe1 00279WinTasks - "Efficient Resource and Task Management is absolutely critical if you want to achieve the highest system performance levels possible. WinTasks 4 will not only help you achieve this task, but will actually make your system run faster and more smoothly than ever before"48http://www.liutilities.com/products/wintasksstd/0
112wintasks.exe1 12wintasks.exe1 00 25Added by the EVAMAN WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.evaman@mm.html0
124Network protocol service1 10wintcp.exe1 00 45Added by a variant of the AGOBOT/GAOBOT WORM!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN0
114Windows TCP/IP1 10wintcp.exe1 00 28Added by the AGOBOT-ZH WORM!57http://www.sophos.com/virusinfo/analyses/w32agobotzh.html0
121Windows Telnet Server1 10wintel.exe1 00 28Added by the AGOBOT-MW WORM!53http://sophos.com/virusinfo/analyses/w32agobotmw.html0
2 7WinTidy1 11WinTidy.exe1 00 92Desktop icon manager from PC Magazine (Ziff-Davis) for Win95. Available via Start - Programs65http://downloads-zdnet.com.com/3000-2094-5933571.html?tag=lst-0-10
1 7Wintime1 11Wintime.exe1 00 27Added by the HARNIG TROJAN!78http://securityresponse.symantec.com/avcenter/venc/data/downloader.harnig.html0
1 7Winhost1 9wintt.exe1 00 30Added by the LOLAWEB.B TROJAN!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_LOLAWEB.B0
117Quicktime Pro 3.01 12winuodps.exe1 00 28Added by the GAOBOT.BH WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.bh.html0
115MicrosoftUpdate1 11WinUp32.exe1 00 47Added by an unidentified VIRUS, WORM or TROJAN! 01
113winupated.exe1 13winupated.exe1 00 37Added by a variant of the SDBOT WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.GEN0
116MSStartOptimizer1 10WINUPD.EXE1 00172Adult content dialler - see here. This has to be cleared at the same time as RegCompres (REGCPM32.EXE), atisrc2 (windfind.exe) and mmxrun (msosa.exe), otherwise they return85http://www.spywareinfo.com/forums/index.php?act=ST&f=11&t=7756&hl=&s=0
110winupd.exe1 10winupd.exe1 00 40Added by the BEAGLE.M or BEAGLE.N WORMS!76http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.m@mm.html0
1 8winupdat1 12winupdat.exe1 00 27Added by the CANBOT.A WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=400330
112blah service1 13winupdate.exe1 00 29Added by the GAOBOT.BIA WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.bia.html0
1 4LTM21 13winupdate.exe1 00 31Added by the LITMUS.203 TROJAN!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_LITMUS.2030
121Microsoft auto update1 13winupdate.exe1 00 26Added by the BMBOT TROJAN!62http://www.symantec.com/avcenter/venc/data/backdoor.bmbot.html0
133Microsoft Synchronization Manager1 13winupdate.exe1 00 27Added by the SDBOT.ER WORM!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.ER0
125Microsoft Windows Updater1 13WINUPDATE.EXE1 00 27Added by the SDBOT-PU WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotli.html0
1 8RunDLL321 13winupdate.exe1 00 59Added by an unidentified TROJAN! - possibly a BMBOT variant62http://www.symantec.com/avcenter/venc/data/backdoor.bmbot.html0
117Win32 USB2 Driver1 13winupdate.exe1 00 28Added by the AGOBOT.YE WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.YE0
120WindowsRegKey update1 13winupdate.exe1 00 26Added by the RBOT-QJ WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotqj.html0
115Winsock2 driver1 13winupdate.exe1 00 28Added by the SPYBOT-BX WORM!57http://www.sophos.com/virusinfo/analyses/w32spybotbx.html0
113winupdate.exe1 13winupdate.exe1 00 25Added by the RADO TROJAN!74http://securityresponse.symantec.com/avcenter/venc/data/backdoor.rado.html0
113winupdate.reg1 13winupdate.exe1 00 29Added by the SPYBOT.EAS WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.eas.html0
114USB 2.1 Driver1 14winupdate1.exe1 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
123Microsoft Update Win32a1 16winupdate32a.exe1 00 26Added by the RBOT-LO WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotlo.html0
119Windows Auto Update1 14winupdater.exe1 00 27Added by the SDBOT.TF WORM!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.TF0
1 6UPDATE1 17WinUpdater5.0.vbs1 00 69Added by the VBS.Gormlez@mm infection! Found in the Windows directory75http://www.sarc.com/avcenter/venc/data/vbs.gormlez@mm.html#technicaldetails0
122Microsoft Office Start1 14winupdates.exe1 00 28Added by the GAOBOT.BC WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.bc.html0
125Microsoft Windows Updater1 12winupdgm.exe1 00 28Added by the GAOBOT.BI WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.bi.html0
122Microsoft Windows 20001 14Winupdsdgm.exe1 00 28Added by the GAOBOT.AO WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.ao.html0
124Microsoft Update Machine1 11winupdt.exe1 00 26Added by the RBOT-FP WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotfp.html0
133Windows Update Monitoring Service1 11winupdt.exe1 00 26Added by the RBOT-PL WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotpl.html0
1 8winpopup1 11winupie.exe1 00 23Adware by Tradeexit.com 01
110Wlan Drier1 11Winusb2.exe1 00 29Added by the WOOTBOT.DC WORM!109http://ae.trendmicro-europe.com/enterprise/security_info/ve_detail.php?id=66546&VName=WORM_WOOTBOT.DC&VSect=T0
123Windows Network Service1 11winvc32.exe1 00 26Added by the RBOT.RY WORM!76http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.RY0
110winversion1 14winversion.exe1 00 53Browser hijacker, redirecting to specificsearches.com 01
3 6WinVNC1 10WinVNC.exe1 00108WinVNC is an application that allows you to remote control your PC from another PC somewhere on the internet46http://www.uk.research.att.com/vnc/winvnc.html0
113winwan lptt011 10winwan.exe1 00185Variant of the RapidBlaster parasite (in a "Winwan" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here49http://www.doxdesk.com/parasite/RapidBlaster.html0
113winwan ml097e1 10winwan.exe1 00185Variant of the RapidBlaster parasite (in a "Winwan" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here49http://www.doxdesk.com/parasite/RapidBlaster.html0
123Microsoft World Service1 12winworld.exe1 00 59Added by an unidentified IRC worm with backdoor capability! 01
1 3key1 9winxp.exe1 00 28Added by the BEAGLE.AG WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.ag@mm.html0
114winxpdll32.exe1 14winxpdll32.exe1 00 50Added by a variant of the SMALL downloader TROJAN! 01
124Microsoft Update Machine1 12winxpini.exe1 00 26Added by the RBOT-OB WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotob.html0
116Win32 USB Driver1 13winxpinit.exe1 00 29Added by the SDBOT.AA TROJAN!78http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.aa.html0
115Winsock32driver1 15winXPupdate.exe1 00 34Added by the HACKARMY.9728 TROJAN!70http://info.ahnlab.com/securityinfo/virus_view_eng_new.jsp?SEQ_NO=15740
1 6windbs1 10winxtc.exe1 00 28Added by the AGOBOT-WD WORM!57http://www.sophos.com/virusinfo/analyses/w32agobotwd.html0
112MD IE Plugin1 8winy.exe1 00 6Adware 01
117INTERNET SERVISES1 10winz32.exe1 00 26Added by the KWBOT.Z WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.kwbotz.worm.html0
117INTERNET_SERVISES1 10winz32.exe1 00 28Added by the SDBOT.Q TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.q.html0
110win_spool21 14win_spool2.exe1 00 31Added by the SCKEYLOG.B TROJAN!101http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?id=57618&VName=TROJ_SCKEYLOG.B0
1 9Win_vader1 13Win_vader.vbs1 00 30Added by the INVASION.A VIRUS!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=VBS_INVASION.A0
120Windows IPv6 Drivers1 9wipv6.exe1 00 68Added by the W32/Sdbot-VJ WORM! Found in the Windows system folder.56http://www.sophos.com/virusinfo/analyses/w32sdbotvj.html0
119Wireless Conections1 15WireConnect.exe1 00 67Added by the W32/Sdbot-VF WORM! Found in the Windows system folder.56http://www.sophos.com/virusinfo/analyses/w32sdbotvf.html0
226Check for One Touch Update1 12wiseupdt.exe1 00 50Checks for updates for Visioneer OneTouch scanners 01
215Update Grokster1 12WiseUpdt.exe1 00158Automatically updates the Grokster file sharing software. Beware of adware and spyware when using this type of program, for instance, Grokster contains CyDoor 01
010Update TUT1 12WiseUpdt.exe1 00 2?? 01
210EAPCISETUP1 10wizard.exe1 00108Part of the Creative Sounblaster PIC Installation Wizard. Probably left as a result of a failed installation 01
118MyPointsPointAlert1 35wjview ...MyPointsPointAlertrun.exe2 00140"With MyPoints you can earn rewards from name-brand merchants. You can even earn vacations and frequent flyer miles". Dubious privacy policy 01
1 9websearch1 23wjview ...websearch.exe2 00 77"Web Savings" From Ebates Software, a shopping tool that opens pop-up windows 01
2 6wjview1 10wjview.exe1 00 73MS tool used to view window-based Java applications from the command line 01
234Microsoft Works Calendar Reminders1 12wkcalrem.exe1 00 74Produces a pop-up reminder of events scheduled using the MS Works Calendar 01
2 8wkcalrem1 12wkcalrem.exe1 00 74Produces a pop-up reminder of events scheduled using the MS Works Calendar 01
223Works Calendar Reminder1 12wkcalrem.exe1 00 74Produces a pop-up reminder of events scheduled using the MS Works Calendar 01
232Microsoft Works Update Detection1 12wkdetect.exe1 00 30Checks for updates to MS Works 01
2 8WkDetect1 12WkDetect.exe1 00 30Checks for updates to MS Works 01
2 5wkfud1 9wkfud.exe1 00 32A marketing program for MS Works 01
2 8WorksFUD1 9wkfud.exe1 00 32A marketing program for MS Works 01
1 5stmha1 8wkfxi.js1 00 24Added by the SPETH WORM!74http://securityresponse.symantec.com/avcenter/venc/data/js.speth.worm.html0
225Microsoft Works Portfolio1 9WksSb.exe1 00173The Works Portfolio tool lets you collect and organize text and pictures from the Web or your favorite program.Can be prevented from starting from a setting within Portfolio 01
2 5WksSb1 9WksSb.exe1 00229The Works Portfolio tool lets you collect and organize text and pictures from the Web or your favorite program. The Works Portfolio provides a location where you can store items you want to later put into a document or other file 01
2 7WkUFind1 11WkUFind.exe1 00371MS Works Update Detection. MS Picture It! (versions 7 to current) use this automatic update feature during the log on process. It can also cause your system to automatically dial into your ISP as it tries to access the internet, if you have your system set to automatically dial when the internet is invoked. To manually update, go to Microsoft's Office/Works update site55http://www.officeupdate.com/ProductUpdates/default.aspx0
231D-Link AirPlus DWL-650+ Utility1 11WLANMON.exe1 00 52D-Link Air Plus Wireless PC modem connection monitor 01
223WLAN Status Tray Applet1 11WLANSTA.EXE1 00 58System Tray icon for checking the status of a Wireless LAN 01
321Configuration Utility1 12wlanutil.exe1 00 88NetGear Wireless LAN configuration utility for the MA311 802.11b (and maybe other cards)32http://www.netgear.com/index.php0
124Microsoft Windows Loader1 11wloader.exe1 00 45Added by a variant of the AGOBOT/GAOBOT WORM!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN0
4 8WLTRYSVC1 12WLTRYSVC.EXE1 00123Part of the Broadcom Corporation Wireless Network Tray Applet which allows you to change and see settings for the hardware. 01
419Workstation Manager1 6wm.exe1 00 90Part of the Novell Windows client. Found in the C:\Program Files\Novell\ZENworks\ folder. 01
125WINDOWS MANAGEMENT SYSTEM1 10wm1exe.exe1 00102W32/Rbot-VT is a network worm that has backdoor functionality. Located in the Window system directory.55http://www.sophos.com/virusinfo/analyses/w32rbotvt.html0
321Workstation Scheduler1 8wm95.exe1 00175Desktop Management Scheduler. Part of Novell's Netware Client. Schedueles NDS events. If events have been schedueled, it is required, otherwise, it is useless and a memory hog39http://www.novell.com/products/netware/0
1 5ccApp1 9WMADZ.EXE1 00 26Added by the RBOT-LJ WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotlj.html0
1 9WinUpdate1 9wmbem.exe1 00 30Added by the REVCUSS.B TROJAN!78http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.revcuss.b.html0
1 5Shell1 12wmedia16.exe1 00 27Added by the GOLDUN TROJAN!61http://www.symantec.com/avcenter/venc/data/trojan.goldun.html0
120Windows Media Player1 16wmediaplayer.exe1 00 28Added by the AGOBOT-NQ WORM!57http://www.sophos.com/virusinfo/analyses/w32agobotnq.html0
213Encoder Agent1 12WMENCAGT.EXE1 00 95MS Windows Media Encoder, which already has a shortcut in the Start Menu if installed 01
4 8winmodem1 9wmexe.exe1 00235Software for software based modems. Required if you have one of these. WinModems use software rather than hardware - hence putting a load on the CPU. Needed if you have it for loading the drivers. See here for more WinModem information34http://808hi.com/56k/winmodems.asp0
310WMIEXE.exe1 10wmiexe.exe1 00367NT component, used by Windows Millennium to detect Plug and Play-compliant IEEE 1394 devices during the startup process. Since this is important for the computer to work properly if you have these, Windows Millennium protects wmiexe.exe and will restore the file even if it's deleted or renamed. Check here for some details on what to do to stop it loading49http://www.bits.bris.ac.uk/mxcl/tweaks/wmiexe.php0
1 5Wminf1 9Wminf.exe1 00 25Added by the GEMA TROJAN!72http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html0
1 6Wminfo1 10Wminfo.exe1 00 25Added by the GEMA TROJAN!72http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html0
1 6wmiprv1 10wmiprv.exe1 00 26Added by the RBOT-WM WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotwm.html0
121System Update Service1 12wmiprvsa.exe1 00 30Added by the AGOBOT-RG TROJAN!57http://www.sophos.com/virusinfo/analyses/w32agobotrg.html0
119File System Service1 12wmiprvsc.exe1 00 30Added by the AGOBOT-HZ TROJAN!58http://www.sophos.com/virusinfo/analyses/trojagobothz.html0
122Windows Update Process1 12wmiprvsc.exe1 00 27Added by the SDBOT-CB WORM!56http://www.sophos.com/virusinfo/analyses/w32sdbotcb.html0
112Kernel_check1 12wmiprvse.exe1 00 28Added by the SONEBOT-B WORM!57http://www.sophos.com/virusinfo/analyses/w32sonebotb.html0
122System Updater Service1 12wmiprvsw.exe1 00 29Added by the GAOBOT.AFC WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.afc.html0
1 8Firewall1 13wmlaunch .exe2 00 53It will be found in the Windows Program Files folder. 01
117WSSAConfiguration1 11wmmon32.exe1 00 28Added by the AGOBOT-KC WORM!57http://www.sophos.com/virusinfo/analyses/w32agobotkc.html0
116WSAConfiguration1 10wmon32.exe1 00 29Added by the GAOBOT.BAJ WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.baj.html0
339Wireless PCI Card Configuration Utility1 12WMP11Cfg.exe1 00164Utility used by the LINKSYS wireless PCI card (WMP11) and indicates when a wireless access connection is made by a screen colour change. Also used for configuration34http://www.linksys.com/default.asp0
125Windows Media Player 3.6b1 11WMPA36B.EXE1 00 46Added by . Found in the Windows system folder.55http://www.sophos.com/virusinfo/analyses/w32rbotvv.html0
1 6loader1 12WMPLAYER.EXE1 00157Unknown baddie - WMPLAYER.EXE is stored in the location and uses the same name as Windows Media Player but that valid Windows program doesn't load at startup 01
112Media Player1 12wmplayer.exe1 00 28Added by the AGOBOT-BM WORM!57http://www.sophos.com/virusinfo/analyses/w32agobotbm.html0
1 4run=1 12wmplayer.exe1 00 87CoolWebSearch parasite variant - Note: this is not the Windows Media Player executable!53http://www.spywareinfo.com/~merijn/cwschronicles.html0
1 7wmsys321 11wmsys32.exe1 00 30Added by the BANPAES.B TROJAN!78http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.banpaes.b.html0
1 4WNAD1 8WNAD.EXE1 00315Spyware added as a result of running a program called "Yo Mama Osama" (osama.exe). See here for more and how to get rid of it. There are other ways this can show up on your system, and it will manifest itself by periodically opening a new browser window with advertising for copy DVD software and the like29http://www.cexx.org/osama.htm0
124Microsoft System Checkup1 11Wnetlib.exe1 00 25Added by the DONK.C WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.donk.c.html0
116Microsoft-Update1 10wngard.exe1 00 26Added by the RBOT-JV WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotjv.html0
1 4WNSC1 30wns*****.exe [* = random char]2 00 29PurityScan/Clickspring adware47http://www.doxdesk.com/parasite/PurityScan.html0
1 4WNST1 30wns*****.exe [* = random char]2 00 29PurityScan/Clickspring adware47http://www.doxdesk.com/parasite/PurityScan.html0
1 4WNSI1 29wnscp**.exe [* = random char]2 00 29PurityScan/Clickspring adware47http://www.doxdesk.com/parasite/PurityScan.html0
121NTSF MICROSOFT SYSTEM1 9wntsf.exe1 00107An Rbot variant. This infection connects to an IRC server where it will await commands from a remote user. 01
011Winnov Menu1 11WnvMenu.Exe1 00 34Winnov Video Capture Card related.22http://www.winnov.com/0
013Winnov Remote1 11WnvRsvr.Exe1 00 34Winnov Video Capture Card related.22http://www.winnov.com/0
435Novell ZfD Wake on LAN Status Agent1 12WolSerNT.exe1 00177Part of the Novell Windows Client. The service name is Prometheus Wake-On-LAN Status Agent. It is found in the C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ folder. 01
0 7Workflo1 12workflow.exe1 00107Related to BroadJump Client Foundation - broadband troubleshooting software installed by various companies.25http://www.broadjump.com/0
1 5cqlyg1 14world_cup_.bat1 00 25Added by the WCUP.A WORM!74http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BAT_WCUP.A0
1 9Delete Me1 8worm.exe1 00 29Added by the DOOMHUNTER WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.doomhunter.html0
1 5wovax1 9wovax.exe1 00 27Added by the DAQA.A TROJAN!69http://www.liutilities.com/products/wintaskspro/processlibrary/wovax/0
335Wireless-G Notebook Adapter Utility1 12WPC54CFG.EXE1 00 64Utility used by the LINKSYS Wireless-G Notebook Adapter (WPC54G)34http://www.linksys.com/default.asp0
213PivotSoftware1 10wpctrl.exe1 00149PivotPro from Portrait Studios - allows a screen to be rotated to match rotated LCD screens, for example). Shortcut available via Display Properties24http://www.portrait.com/0
2 6Wpctrl1 12wpctrl95.exe1 00173WinPortrait plug-in for PivotPro from Portrait Studios - allows a screen to be rotated to match rotated LCD screens, for example). Shortcut available via Display Properties24http://www.portrait.com/0
2 8wpctrl951 12wpctrl95.exe1 00173WinPortrait plug-in for PivotPro from Portrait Studios - allows a screen to be rotated to match rotated LCD screens, for example). Shortcut available via Display Properties24http://www.portrait.com/0
2 6Wpctrl1 12wpctrlnt.exe1 00173WinPortrait plug-in for PivotPro from Portrait Studios - allows a screen to be rotated to match rotated LCD screens, for example). Shortcut available via Display Properties24http://www.portrait.com/0
2 8wpctrl951 12wpctrlnt.exe1 00173WinPortrait plug-in for PivotPro from Portrait Studios - allows a screen to be rotated to match rotated LCD screens, for example). Shortcut available via Display Properties24http://www.portrait.com/0
411WPCycle.exe1 14WpCycleWin.exe1 00157Added when selecting Mplayer2 to open media files. Forces other codes to Wait for Previous instructions to end, preventing instability of your CPU (freezing) 01
218Webposition Gold 21 12wpsche~1.exe1 00103Scheduler for Web Position Gold - utility to help optimize the position of web-sites in search engines32http://www.web-positiongold.com/0
4 5load=1 10wpshrc.exe1 00107Required to prevent configuration errors on a Compaq LBP-660 parallel port laser printer (and maybe others) 01
0 5load=1 11WPSLOAD.EXE1 00 97Windows printing system that comes with the setup for Canon BJC series on the manufacturer's disk 01
124Wireless Provider Server1 9wpsvr.exe1 00 28Added by the FORBOT-AD WORM!57http://www.sophos.com/virusinfo/analyses/w32forbotad.html0
1 3WQK1 7WQK.exe1 00 36Added by a variant of the KLEZ WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.h@mm.html0
0 2wr1 6WR.EXE1 00 2?? 01
010WR Command1 6wr.exe1 00 2?? 01
115*windows update1 11wrauclt.exe1 00 26Added by the RBOT-QU WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotqu.html0
2 6WrCtrl1 10WrCtrl.exe1 00294Win-Route 4.27 NAT engine on Win2k Pro for connection sharing and security using Win-Route by Tiny Software. A connection sharing/Firewall Application. If service is disabled the program does not work, but you can manually start/stop the service with a shortcut the program installs at any time 01
3 6wrexec1 10wrexec.exe1 00350Watch Right - monitoring program, part of the PowerTools add-on for AOL. Records instant messages, E-mail, chat. Watch Right appears to be, and functions as an online clock updater which connects with the U.S. National Institute of Standards and Technology. It was designed for parents who wish to keep an eye on what their children are doing online43http://www.bpssoft.com/PowerTools/index.htm0
0 6wriste1 10wriste.exe1 00 2?? 01
120Workstation Services1 10wrkstn.exe1 00 26Added by the RBOT-OJ WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotoj.html0
1 7ws2help1 11ws2help.exe1 00 42Added by a variant of the SMALL.AN TROJAN!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_SMALL.AN0
125Microsoft Winsock Wrapper1 11ws2_32s.exe1 00 38Added by a variant of the SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
0 8wsbklite1 12wsbklite.exe1 00 51Related to the Acer Soft Button on Acer Tablet PCs. 01
310WScheduler1 14WScheduler.exe1 00209Windows Scheduler - "schedule unattended running of applications, batch files, scripts and much more. Also, you can schedule popup reminders so you'll never forget reminders, tasks and other events."48http://www.splinterware.com/products/wincron.htm0
117Microsoft Drivers1 10WSconf.exe1 00 37Added by a variant of the SDBOT WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.GEN0
114Wsdata service1 10WSconf.exe1 00 27Added by the SDBOT.ZU WORM!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.ZU0
110WindowsCRC1 9wscrc.exe1 00 30Added by W32/Sdbot-VU, a WORM!56http://www.sophos.com/virusinfo/analyses/w32sdbotvu.html0
319Restart WSC Setting1 12wscrestp.exe1 00174WinStart Commander - part of Ultra WinCleaner Utility Suite. Starts Windows faster and controls hidden programs to boost performance and prevent system slow downs and crashes61http://www.wincleaner.com/pc/uti/utiste/uwc_utility_suite.htm0
112Run MSupdt321 20wscript MSupdt32.vbs2 00 24Added by the CASER WORM!60http://www.symantec.com/avcenter/venc/data/vbs.caser@mm.html0
125Time Zone Synchronization1 17wscript zshell.js2 00 29Added by the NETDEX-A TROJAN!57http://www.sophos.com/virusinfo/analyses/trojnetdexa.html0
1 8Registry1 11wscript.exe1 00 27Added by the VBSWG.AQ WORM!75http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=VBS_VBSWG.AQ0
113FileManager321 26Wscript.exe ..ChkMgr32.vbs2 00 26Added by the NOTUP.A WORM!75http://securityresponse.symantec.com/avcenter/venc/data/vbs.notup.a@mm.html0
1 8Winhlp321 26Wscript.exe ..Msexec32.vbs2 00 25Added by the GANT.B WORM!75http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_GANT.B0
1 7gremier1 24wscript.exe gpremier.vbs2 00 27Added by the GPREMIER WORM!63http://www.symantec.com/avcenter/venc/data/vbs.gpremier@mm.html0
110Load-Guard1 26Wscript.exe LGuarg.exe.vbs2 00 37Added by the YENO.B and YENO.C WORMS!74http://securityresponse.symantec.com/avcenter/venc/data/vbs.yeno.b@mm.html0
1 5SPINX1 23Wscript.exe OXNEY.B.VBS2 00 37Added by the YENO.B and YENO.C WORMS!74http://securityresponse.symantec.com/avcenter/venc/data/vbs.yeno.b@mm.html0
1 8FileSoft1 27Wscript.exe UpdataFiles.vbs2 00 24Added by the SST.B WORM!60http://www.symantec.com/avcenter/venc/data/vbs.sst.b@mm.html0
1 8WinStart1 24Wscript.exe WinStart.vbs2 00 25Added by the CIAN.C WORM!58http://www.symantec.com/avcenter/venc/data/vbs.cian.c.html0
1 8explorer1 22wscript.exe [filename]2 00 62Sneaky way to start any VBS script. Many viruses use VBS files 01
118Microsoft ErgoPack1 11wserb32.exe1 00 26Added by the RBOT-RI WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotri.html0
116Microsoft Update1 11wserv32.exe1 00 26Added by the RBOT.AF WORM!84http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.AF&VSect=T0
1 7wserver1 11wserver.exe1 00 41Added by the NETSKY.AC or SASSER.G WORMS!77http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.ac@mm.html0
2 7Q1524041 22wsript.exe Q152404.VBS2 00 44Appears to run Scandisk at bootup on NEC PCs 01
1 6Serv-U1 10wssdsu.exe1 00 29Added by the MANIFEST TROJAN!80http://securityresponse.symantec.com/avcenter/venc/data/w32.manifest.trojan.html0
114Folder Service1 10wssdtu.exe1 00 29Added by the MANIFEST TROJAN!80http://securityresponse.symantec.com/avcenter/venc/data/w32.manifest.trojan.html0
114Windows Loader1 12wstart32.exe1 00 28Added by the GAOBOT.CA WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.ca.html0
114Wstat32 driver1 11Wstat32.exe1 00 28Added by the LOONBOT TROJAN!81http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.loonbot.html0
4 7wstimeb1 11wstimeb.exe1 00123Used with NEC printers. You can disable it before printing but it re-loads itself when printing so you may as well leave it 01
119ComTry Web Searcher1 10wstray.exe1 00 39Comtry MP3 Downloader related - spyware 01
4 4run=1 9wswpd.exe1 00 89Used with some models of Panasonic, Epson and NEC printers - required for printer to work 01
4 5wswpd1 9wswpd.exe1 00153Used with some models of Panasonic, Epson and NEC printers. Some older drivers known to have a "memory leak". Needed for printing to work 01
1 3Dvx1 10wsxsvc.exe1 00 50Delfin Media Viewer or "Promulgate" adware variant51http://www.spywareguide.com/product_show.php?id=7270
117Enumerate Service1 8wsys.exe1 00 29Added by the MANIFEST TROJAN!80http://securityresponse.symantec.com/avcenter/venc/data/w32.manifest.trojan.html0
3 6WINDLL1 8WSYS.EXE1 00254STARR key logger. "It logs almost everything that goes through the box. It logs all key strokes, all passwords transacted even if they weren't keyed in, all web sites visited, every program launched including the path to that program, and more" 01
121Windows Configuration1 10wsys32.exe1 00 28Added by the GAOBOT.FB WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.fb.html0
1 5W32Tc1 9WTC32.scr1 00 37Added by the VOTE.D or VOTE.K WORMS!61http://www.symantec.com/avcenter/venc/data/w32.vote.d@mm.html0
0 5Load=1 10wtfeat.exe1 00 36Associated with the Wintab Digitizer 01
215WT Game Channel1 17wtgamechannel.exe1 00248WildTangent GameChannel - notification of new games, quick access to games and fast and easy game downloads. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case64http://www.wildtangent.com/default.asp?pageID=webdriver_download0
214WT GameChannel1 17wtgamechannel.exe1 00248WildTangent GameChannel - notification of new games, quick access to games and fast and easy game downloads. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case64http://www.wildtangent.com/default.asp?pageID=webdriver_download0
1 7X10Weax1 12WTHRTRAY.EXE1 00135WeatherCheck - "bring the latest local weather to your desktop". Not recommended as it reportedly pops ads, and contains no uninstaller62http://www.download.com/WeatherCheck/3000-2381_4-10284439.html0
1 4WAPI1 27wts**.exe [* = random char]2 00 29PurityScan/Clickspring adware47http://www.doxdesk.com/parasite/PurityScan.html0
0 7Winshoe1 12wuadfdqr.exe1 00187Probably an unidentified VIRUS! Adds itself to 3 registry "Run" keys and prevents Task Manager being displayed. This is not the Winshoe IRC Client as the visitor did not have it installed 01
116Microsoft Update1 10wuagrd.exe1 00 26Added by the RBOT-FK WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotfk.html0
124Microsoft Update Machine1 10wuagrd.exe1 00 26Added by the RBOT-GF WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotgf.html0
121Microsoft Update Time1 8wuam.exe1 00 25Added by the RBOT-M WORM!54http://www.sophos.com/virusinfo/analyses/w32rbotm.html0
124Microsoft Update Machine1 10wuamgd.exe1 00 27Added by the SDBOT.HQ WORM!90http://tr.trendmicro-europe.com/enterprise/security_info/ve_detail.php?VName=WORM_SDBOT.HQ0
117Microsoft DirectX1 11wuamgrd.exe1 00 27Added by the SDBOT.MY WORM!85http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.MY&VSect=T0
116Microsoft Update1 11wuamgrd.exe1 00 26Added by the RBOT-LK WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotlk.html0
124Microsoft Update Machine1 11wuamgrd.exe1 00 26Added by the RBOT-HE WORM!55http://www.sophos.com/virusinfo/analyses/w32rbothe.html0
124Network Protocol Service1 11wuamgrd.exe1 00 26Added by the RBOT.EA WORM!106http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?id=60289&VName=WORM_RBOT.EA&VSect=T0
115Windows service1 11wuamgrd.exe1 00 26Added by the RBOT-QW WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotqw.html0
114Windows Update1 11Wuamgrd.exe1 00 38Added by a variant of the SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
116Microsoft Update1 13wuamgrd32.exe1 00 26Added by the RBOT.ZB WORM!76http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.ZB0
124Windows Automatic Update1 13wuamgrder.exe1 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
124Microsoft Update Machine1 13WUAMGRDXS.EXE1 00 26Added by the RBOT-GL WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotgl.html0
1 6SYSTEM1 11wuamgre.exe1 00 75Added by the W32/Rbot-WA Backdoor/WORM! Found in the Windows system folder.55http://www.sophos.com/virusinfo/analyses/w32rbotwa.html0
116Microsoft Update1 13wuammgr32.exe1 00 26Added by the RBOT-AW WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotaw.html0
115Win32 Services11 12wuamngr1.exe1 00 27Added by the SDBOT-PV WORM!56http://www.sophos.com/virusinfo/analyses/w32sdbotpv.html0
115Win32 Services11 16wuamngr1.exe.exe1 00 66Backdoor.Sdbot.AN Backdoor! Found in the Windows system directory. 01
116Microsoft Excell1 13wuamngr32.exe1 00 26Added by the RBOT-QH WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotqh.html0
114Windows Update1 10wuampd.exe1 00 26Added by the RBOT.UM WORM!76http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.UM0
115*windows update1 11wuanclt.exe1 00 26Added by the RBOT-PG WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotpg.html0
114windows update1 11Wuanclt.exe1 00 26Added by the RBOT.XZ WORM!89http://es.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_RBOT.XZ0
122Microsoft 16Bit Update1 14wuapdate16.exe1 00 26Added by the RBOT.CZ WORM!76http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.CZ0
114windows update1 11wuarclt.exe1 00 26Added by the RBOT-OF WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotof.html0
114windows update1 12wuaruclt.exe1 00 68Added by W32/Rbot-TF. File is found in the Windows system directory.55http://www.sophos.com/virusinfo/analyses/w32rbottf.html0
115*windows update1 12wuaucrlt.exe1 00 29Added by the SPYBOT.HUR WORM!62http://www.symantec.com/avcenter/venc/data/w32.spybot.hur.html0
140Windows Update AutoUpdate Client Product1 10wuauct.exe1 00 29Added by the AGOBOT.ACL WORM!109http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?id=66904&VName=WORM_AGOBOT.ACL&VSect=O0
114windows update1 11wuaurlt.exe1 00 27Added by the RBOT.ADG WORM!85http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.ADG&VSect=T0
121WindowsUpdate Service1 11wuautlc.exe1 00 26Added by the RBOT-NR WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotnr.html0
124Microsoft Update Machine1 9wuawx.exe1 00 26Added by the RBOT-CE WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotce.html0
121Windows Update Client1 12wuclient.exe1 00 29Added by the SMALL-RN TROJAN!57http://www.sophos.com/virusinfo/analyses/trojsmallrn.html0
214CriticalUpdate1 12Wucrtupd.exe1 00110MS Windows Critical Update Notification. If you want to keep Windows up-to-date, check the Windows Update site 01
114Windows Update1 10wudate.exe1 00 28Added by the AGOBOT.ML WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.ML0
116Microsoft Update1 11wudmate.exe1 00 26Added by the RBOT.AP WORM!76http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.AP0
123Microsoft Update Engine1 11wumgpds.exe1 00 62W32/Rbot-WK WORM! File is found in the Windows system folder.55http://www.sophos.com/virusinfo/analyses/w32rbotwk.html0
116Microsoft Update1 10wumgrd.exe1 00 27Added by the SDBOT-KY WORM!56http://www.sophos.com/virusinfo/analyses/w32sdbotky.html0
1 9Netunit321 11wunit32.exe1 00 40Added by an unidentified WORM or TROJAN! 01
411WUOLService1 17WUOLService9x.exe1 00125Remote wakeup status agent. Part of Novell's ZenWorks. Processes Wake-up on LAN requests (turn on a computer remotely on LAN)40http://www.novell.com/products/zenworks/0
1 8MSUpdate1 8wupd.exe1 00 30Added by the ALADINZ.M TROJAN!83http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.aladinz.m.html0
110win update1 11wupda32.exe1 00 26Added by the SDBOT.J WORM!76http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.J0
120Configuration Loaded1 12wupdated.exe1 00 49Added by the MOEGA or MOEGA.AG or MOEGA.AP WORMS!75http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.moega.html0
113WindowsUpdate1 20WUpdate_35253825.vbs1 00 88Added by VBS/Ediboy-C. File is located in the Windows directory. Also see bSysReg.vbs/b56http://www.sophos.com/virusinfo/analyses/vbsediboyc.html0
113System Update1 11wupdmgr.exe1 00 29Added by the SOROMO-A TROJAN!57http://www.sophos.com/virusinfo/analyses/trojsoromoa.html0
114System Update21 11wupdmgr.exe1 00 31Added by the AUTOTROJ-C TROJAN!59http://www.sophos.com/virusinfo/analyses/trojautotrojc.html0
132Microsoft Windows Update Service1 13wupdmgr32.exe1 00 32Added by the DOS.AUTOCAT TROJAN!59http://www.symantec.com/avcenter/venc/data/dos.autocat.html0
129Windows Update Manager for NT1 13wupdmgr32.exe1 00 27Added by the SDBOT.AH WORM!78http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.ah.html0
115Windows Updater1 13wupdmgr32.exe1 00 45Added by a variant of the DOS.AUTOCAT TROJAN!59http://www.symantec.com/avcenter/venc/data/dos.autocat.html0
122Windows Update Manager1 12wupdmngr.exe1 00 29Added by the RANDEX.BTB WORM!62http://www.symantec.com/avcenter/venc/data/w32.randex.btb.html0
115Win Server Updt1 9wupdt.exe1 00 30Added by the IMISERV.A TROJAN!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_IMISERV.A0
1 5wupdt1 9wupdt.exe1 00 30Added by the IMISERV.A TROJAN!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_IMISERV.A0
124Microsoft Update Machine1 12wupdt32x.exe1 00 37Added by a variant of the SDBOT WORM!43http://vil.nai.com/vil/content/v_100454.htm0
115*windows update1 11wuraclt.exe1 00 26Added by the RBOT-PO WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotpo.html0
114windows update1 11wuraclt.exe1 00 26Added by the RBOT-PO WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotpo.html0
126Microsoft Windows Securety1 11wurguar.exe1 00 26Added by the RBOT-KY WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotky.html0
411WUSB11B.exe1 11WUSB11B.exe1 00 31Linksys WUSB11 WLAN USB adapter 01
338Instant Wireless Configuration Utility1 13WUSB11cfg.exe1 00176Utility used by the LINKSYS LINKSYS wireless USB Adapter (WUSB11) and indicates when a wireless access connection is made by a screen colour change. Also used for configuration34http://www.linksys.com/default.asp0
1 8winltmpv1 9wutop.exe1 00 30Added by the TCXMEDI-C TROJAN!58http://www.sophos.com/virusinfo/analyses/trojtcxmedic.html0
121Configuration Default1 9Wuxat.exe1 00 28Added by the SPYBOT-CA WORM!57http://www.sophos.com/virusinfo/analyses/w32spybotca.html0
013Winnov Status1 12WvStatus.Exe1 00 34Winnov Video Capture Card related.22http://www.winnov.com/0
131Windows Video Acquisition (WVA)1 9wvsvc.exe1 00 28Added by the AGOBOT.YM WORM!100http://fr.trendmicro-europe.com/enterprise/security_info/ve_detail.php?id=59309&VName=WORM_AGOBOT.YM0
1 5wvsvc1 9wvsvc.exe1 00 28Added by the AGOBOT.YM WORM!100http://fr.trendmicro-europe.com/enterprise/security_info/ve_detail.php?id=59309&VName=WORM_AGOBOT.YM0
214WeatherWatcher1 6ww.exe1 00 53WeatherWatcher - weather reporting in the System Tray56http://www.singerscreations.com/AboutWeatherWatcher.html0
3 9WebWasher1 11wwasher.exe1 00161Free Pop-up/ad/javascript filter program from Siemens. If not running then browsers will not be protected but will still work. Available via Start -> Programs24http://www.webwasher.com0
313Window Washer1 10wwDisp.exe1 00236Windows Washer from Webroot Software. Useful utility that deletes safe to remove files, cookies, browsing history, etc. Available via from Start -> Programs. Disable within the program options - otherwise it is re-enabled in MSCONFIG45http://www.webroot.com/products/windowwasher/0
111winkernel321 10wWin32.com1 00 27Added by the BANSAP TROJAN!74http://securityresponse.symantec.com/avcenter/venc/data/trojan.bansap.html0
216Wildwire Monitor1 9WWMon.exe1 00143This places a status icon on the taskbar for the DSL WildWire Tiger Modem. This is also a shortcut to the diagnostics utility for the DSL modem 01
216Wintime Wtxpload1 19Wxpload.exe Wintime2 00637Part of the software to support a Dexxa USB graphics tablet. From a visitor - "This gets started anyway when you plug in the USB connector for the graphics tablet, if it's not already running. It then starts an application which manages the tablet messages. Since I leave the tablet unplugged unless I need to use it, I don't need this running at startup. I suspect that this program monitors a number of windows messages, so that when it's loaded, my regular mouse slows down - it acts like it 'sticks' entering and leaving windows. Certainly my performance returned to what I expected when I removed this item using MSCONFIG" 01
216WXProcMgr Module1 13WXprocMgr.exe1 00154TVTonic from Wavexpress - "enjoy 3 full-screen, DVD-quality video channels for FREE". Allows data content to be downloaded and synchronized on your system23http://www.tvtonic.com/0
014ANIWZCSService1 11WZCSLDR.exe1 00 91D-Link wireless PCI adapter related. In some cases reported to cause excessive CPU activity 01
1 6WZDSVC1 10wzdsvc.exe1 00 45How remove the W32/Codbot-E Worm (wzdsvc.exe)55http://www.bleepingcomputer.com/forums/topict12788.html0
217WinZip Quick Pick1 12WZQKPICK.EXE1 00396Added with WinZip version 8.1. "The new WinZip Quick Pick taskbar tray icon gives you instant access to WinZip and your Zip files. Just left click the icon to open WinZip, or right click it to instantly reopen recently used Zip files, access your Favorite Zip Folders, open WinZip Help, or start WinZip itself.". You can right-click and close it - choosing to not re-load it at start-up 01
111Web Service1 17[random filename]2 00 40Added by the Trojan.Admincash infection!60http://www.sarc.com/avcenter/venc/data/trojan.admincash.html0
110[not used]1 11svchost.exe1 00256A WORM/backdoor, W32/Kipis-J, opens notepad.exe and copies itself to the Windows folder as regedit.com and installs to it's newly created folder. A variety of anti-virus and security related processes may be terminated and backdoor opened on port TCP/9413.55http://www.sophos.com/virusinfo/analyses/w32kipisj.html0
3 8X Server1 5X.exe1 00271"XoftWare for Windows" enables you to run network-based UNIX programs ("X programs" or "clients") side-by-side with Windows applications on your personal computer. You can also share programs and computing resources with host computers connected to your PC over a network 01
3 7x3watch1 11x3watch.exe1 00497"program helping with online integrity. Whenever you browse the internet and accesses a site which may contain questionable material, the program will save the site name on your computer. Approximately every 30 days, a person of your choice (an accountabiltiy partner) will receive an e-mail containing all possible questionable sites you may have visited within the month. This information is meant to encourage an open and honest conversation between friends and help us all be more accountable" 01
2 6Xanadu1 10Xanadu.exe1 00 62Xanadu - free language and translation wizard from Foreignword43http://www.foreignword.biz/software/xanadu/0
143Iamnacho On Irc.MusIrc.com Is a Homosexual!1 10XBox64.exe1 00 27Added by the RANDEX.Y WORM!73http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.y.html0
415BullGuard XComm1 12XCOMMSVR.EXE1 00 28Part of Bullguard antivirus25http://www.bullguard.com/0
312EasySync Pro1 12XCPCMenu.exe1 00 72EasySync Pro is a Lotus program for synchronizing a PDA with Lotus Notes45http://www.lotus.com/products/easysyncpro.nsf0
121microsoft xdaemon 2.01 11xdaemon.exe1 00 27Added by the DELF.D TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/backdoor.delf.d.html0
319Intel File Transfer1 7xfr.exe1 00143Part of Intel's LANDesk Management Suite 6 and the Common Base Agent (CBA) - used for communicating between the core server and managed clients 01
110xftpGraber1 14Xftpgraber.exe1 00 26Added by the ENVID.C WORM!62http://www.symantec.com/avcenter/venc/data/w32.envid.c@mm.html0
0 5xicon1 9xicon.exe1 00 45Part of the IBM/XPoint Rapid Restore utility. 01
3 6xitami1 11Xiwin32.exe1 00 43Xitami Multiplatform Open Source web server22http://www.xitami.com/0
325XtreamLok License Manager1 6xl.exe1 00 81License manager for xLok (XtreamLok) - prevents software being reverse engineered25http://www.xtreamlok.com/0
4 7XoftSpy1 11XoftSpy.exe1 00 92XoftSpy is a Spyware Removal tool. Normally located in C:\Program Files\XoftSpy\XoftSpy.exe.27http://www.paretologic.com/0
0 7Xpagent1 11xpagent.exe1 00 45Part of the IBM/XPoint Rapid Restore utility. 01
114msjava service1 8xpcd.exe1 00 27Added by the SDBOT.VM WORM!96http://de.trendmicro-europe.com/consumer/security_info/ve_detail.php?VName=WORM_SDBOT.VM&VSect=T0
0 5xpcfg1 9xpcfg.exe1 00 2?? 01
0 8Xpclient1 12xpclient.exe1 00 45Part of the IBM/XPoint Rapid Restore utility. 01
314xPlanetControl1 18xPlanetControl.exe1 00 84Tool that displays a globe with current day/night zones and clouds on users desktop.41http://www.xplanetcontrol.de/download.php0
119Run XP Service Pack1 17xpservicepack.exe1 00 28Added by the SDBOT.AQA WORM!88http://www.pandasoftware.com/virus_info/encyclopedia/overview.aspx?lst=det&idvirus=518150
117xp service pack 21 9xpsp2.exe1 00 26Added by the RBOT-KW WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotkw.html0
114XPSP2 Firewall1 11xpsp2fw.exe1 00 29Added by the SMALL-RN TROJAN!57http://www.sophos.com/virusinfo/analyses/trojsmallrn.html0
338Mediafour XPlay Tray Notification Icon1 12Xptryicn.exe1 00162Mediafour Xplay - allows you to use an Apple iPod digital music player with a PC running Windows. If not used regularily start manually before connecting the iPod40http://www.mediafour.com/products/xplay/0
116Microsoft Update1 12xpupdate.exe1 00 26Added by the RBOT-QE WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotqe.html0
3 7XStop951 11XStop95.exe1 00 23XStop - internet filter21http://www.xstop.com/0
111NvXplDeamon1 11xstyles.exe1 00 28Added by the SMALL.AJ VIRUS! 01
2 5xswin1 9xswin.exe1 00 97Installed with a Xerox Work Centre Pro 555. Unchecking it removes an "out of system memory" error 01
116XupiterCfgLoader1 15XTCfgLoader.exe1 00120Xupiter - adware and homepage hijacker. To remove Xupiter go here and to prevent it re-installing in the future see here44http://www.doxdesk.com/parasite/Xupiter.html0
3 8Operator1 9xtmop.exe1 00124Fax/Phone answering facility for Extreem Machine - as supplied with the old Diamond SupraExpress modems. No longer supported 01
1 5Xtray1 14xtray_link.exe1 00 26Added by the VB.JL TROJAN!74http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_VB.JL0
115Xupiter Startup1 18XupiterStartup.exe1 00120Xupiter - adware and homepage hijacker. To remove Xupiter go here and to prevent it re-installing in the future see here44http://www.doxdesk.com/parasite/Xupiter.html0
118xupiterstartup20031 22xupiterstartup2003.exe1 00120Xupiter - adware and homepage hijacker. To remove Xupiter go here and to prevent it re-installing in the future see here44http://www.doxdesk.com/parasite/Xupiter.html0
120XupiterToolbarLoader1 24XupiterToolbarLoader.exe1 00120Xupiter - adware and homepage hijacker. To remove Xupiter go here and to prevent it re-installing in the future see here44http://www.doxdesk.com/parasite/Xupiter.html0
124Microsoft Update Machine1 11xvshost.exe1 00 26Added by the RBOT.QP WORM!106http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?id=65722&VName=WORM_RBOT.QP&VSect=O0
217ControlCentreTray1 11XWCTray.exe1 00108System Tray access for the Xerox ControlCentre 2.0 software for their range of printers, copiers, faxes, etc 01
1 4asdx1 13xwinrpc32.exe1 00 28Added by the AGOBOT.VO WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.VO0
1 3win1 12xwinxrpc.exe1 00 28Added by the AGOBOT-MV WORM!57http://www.sophos.com/virusinfo/analyses/w32agobotmv.html0
1 3win1 14xwinxrpc32.exe1 00 28Added by the AGOBOT-MV WORM!57http://www.sophos.com/virusinfo/analyses/w32agobotmv.html0
010XWMSUSBAPI1 11XWMSAPI.EXE1 00 63Part of the installation of a Xerox WorkCentre printer/scanner. 01
116mark the service1 11xxtra32.exe1 00 67Added by the W32/Rbot-WD WORM! Found in the Windows system folder.55http://www.sophos.com/virusinfo/analyses/w32rbotwd.html0
1 8[random]1 10xxvyaj.exe1 00 92Added by the Adware.Binet.DL Adware downloader. File is found in the Windows system folder.59http://www.sarc.com/avcenter/venc/data/adware.binet.dl.html0
133Microsoft Synchronization Manager1 7xXx.exe1 00 27Added by the SDBOT-KZ WORM!56http://www.sophos.com/virusinfo/analyses/w32sdbotkz.html0
332BitDefender for Yahoo! Messenger1 10yahmon.exe1 00 80BitDefender Antivirus for Yahoo! Messenger - free AV add-on for Yahoo! Messenger55http://www.bitdefender.com/bd/site/products.php?p_id=180
112Yahoo Update1 9Yahoo.exe1 00 27Added by the YAHOO! TROJAN!54http://www.pestpatrol.com/pestinfo/y/yahoo__trojan.asp0
115Yahoo Messenger1 12Yahoomsg.exe1 00 40Added by an unidentified WORM or TROJAN! 01
123Yahoo Instant Messengar1 13YahooMsgr.exe1 00 30Added by the SDBOT.GEN TROJAN!65http://www.pestpatrol.com/pestinfo/b/backdoor_win32_sdbot_gen.asp0
236Launch YahooPOPs! at Windows startup1 13YAHOOPOPS.EXE1 00154YahooPOPs - enables free POP3/SMTP access to Yahoo! Mail through a service on localhost that emulates the web interface. Available via Start -> Programs33http://yahoopops.sourceforge.net/0
120yahoo_toolbar lptt011 17yahoo_toolbar.exe1 00193Variant of the RapidBlaster parasite (in a "yahoo_toolbar" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here49http://www.doxdesk.com/parasite/RapidBlaster.html0
120yahoo_toolbar ml097e1 17yahoo_toolbar.exe1 00193Variant of the RapidBlaster parasite (in a "yahoo_toolbar" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here49http://www.doxdesk.com/parasite/RapidBlaster.html0
218Yankee Clipper III1 12YankClip.exe1 00278Yankee Clipper III - 'A super powerful Windows clipboard extender/memory - now in its third generation. Handles Pictures, Richtext, URLS, etc - any size. Features printing, drag and drop, optional permanent storage of clippings. Familiar "Outlook" interface'. Freeware39http://www.yankee-clipper.net/index.htm0
2 8YBrowser1 12ybrwicon.exe1 00 35SBC Yahoo! Browser system tray icon42http://help.yahoo.com/help/us/sbc/browser/0
1 6System1 10YPager.exe1 00 67Added by the JUNTADOR.K TROJAN! Note - this is not Yahoo! Messenger79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_JUNTADOR.K0
115Yahoo Messenger1 10YPager.exe1 00 26Added by the RBOT-QO WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotqo.html0
212Yahoo! Pager1 10ypager.exe1 00 88Yahoo! Messenger allows you to send instant messages. Available via Start -> Programs 01
2 6ypager1 10ypager.exe1 00 88Yahoo! Messenger allows you to send instant messages. Available via Start -> Programs 01
3 3YPC1 7ypc.exe1 00102Yahoo Parental controls - "Let you decide what type of sites and Yahoo! services your kids can access" 01
311Y!TunnelPro1 9YTPro.exe1 00 67Spam, bot and ad blocker for Yahoo! Messenger from Digital Asphyxia 01
417YTrayMagic Lite 11 14YTRAYMAGIC.EXE1 00229YTrayMagic from YoconSoft automatically restores your tray icons after an Explorer(the windows shell) crash. Leave to run at startup since only those icons that are in the taskbar after YTrayMagic has initialized will be restored55http://yoconsoft.hypermart.net/products.html#ytraymagic0
311Y!TunnelPro1 14YTunnelPro.exe1 00 67Spam, bot and ad blocker for Yahoo! Messenger from Digital Asphyxia 01
414ZoneAlarm Plus1 10zaplus.exe1 00 49Firewall program from Zonelabs - paid for version46http://www.zonelabs.com/store/content/home.jsp0
4 5Zapro1 9Zapro.exe1 00 49Firewall program from Zonelabs - paid for version43http://www.zonelabs.com/download/index.html0
413ZoneAlarm Pro1 9Zapro.exe1 00 49Firewall program from Zonelabs - paid for version46http://www.zonelabs.com/store/content/home.jsp0
0 3zcb1 7zcb.exe1 00 2?? 01
2 9Zinio DLM1 8ZDLM.EXE1 00 66Zinio - used to read magazines in digital rather than paper format25http://www.zinio.com/main0
323Remote Management Agent1 11zenrc32.exe1 00232Part of Novell's ZENworks - "Complete End-to-End Directory-enabled Network Management". Installed on a managed workstation fo an administrator to remotely manage the workstation. Required if the PC is a managed workstation40http://www.novell.com/products/zenworks/0
4 5ZENRC1 11zenrc32.exe1 00128The main component of Novell's ZenWorks - "Complete End-to-End Directory-enabled Network Management". Leave well alone40http://www.novell.com/products/zenworks/0
428Novell ZfD Remote Management1 12ZenRem32.exe1 00171Part of the Novell Windows client. It has a service name of Remote Management Agent and is found in the C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ folder. 01
415ZENRC Tray Icon1 11zentray.exe1 00113Part of Novell's ZenWorks - "Complete End-to-End Directory-enabled Network Management". Best left alone40http://www.novell.com/products/zenworks/0
3 7CHotKey1 11zHotkey.exe1 00148Enables special keys on Chicony keyboards. Special combinations include Internet, E-mail, vol , vol-, mute, etc. Only required for extended features 01
311ZingSpooler1 15ZingSpooler.exe1 00170Was used for a drag and drop program to upload pictures to www.zing.com but Zing has gone out of business. Now used for Sony ImageStation's upload photos to online albums 01
112LoadingAgent1 15ZipLoader32.exe1 00 90Added by the OBLIVION TROJAN! This executable is one of the most common but there are more78http://securityresponse.symantec.com/avcenter/venc/data/backdoor.oblivion.html0
117Zip Driver Loader1 15ZipLoader32.exe1 00 90Added by the OBLIVION TROJAN! This executable is one of the most common but there are more78http://securityresponse.symantec.com/avcenter/venc/data/backdoor.oblivion.html0
424ZENworks Imaging Service1 10ZISWin.exe1 00111Imaging Agent. Part of Novell's ZenWorks - "Complete End-to-End Directory-enabled Network Management"40http://www.novell.com/products/zenworks/0
4 8zlclient1 12zlclient.exe1 00 82Firewall program from Zonelabs. Pro version inlcudes other online security options43http://www.zonelabs.com/download/index.html0
416Zone Labs Client1 12zlclient.exe1 00 82Firewall program from Zonelabs. Pro version inlcudes other online security options43http://www.zonelabs.com/download/index.html0
312Norman ZANDA1 7ZLH.EXE1 00 37System Tray icon for Norman Antivirus22http://www.norman.com/0
3 3ZLH1 7ZLH.EXE1 00 37System Tray icon for Norman Antivirus22http://www.norman.com/0
2 8ZipMagic1 8zm32.exe1 00120Zip utility by Ontrack. Preloading ZipMagic allows you to access files within a zip archive without unzipping them first32http://www.ontrack.com/zipmagic/0
114Zekio Startups1 12znksvc32.exe1 00 24Added by WORM_AGOBOT.AFN109http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?id=83538&VName=WORM_AGOBOT.AFN&VSect=T0
124Microsoft Update Machine1 13zonealarm.exe1 00 83Added by the RBOT-BZ WORM! Note - this is not the valid Zone Labs firewall program!55http://www.sophos.com/virusinfo/analyses/w32rbotbz.html0
115Winsock2 driver1 13ZONEALARM.EXE1 00 93Added by the SDBOT.T TROJAN! Note - ZONEALARM.EXE is not the valid Zone Labs firewall program77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.t.html0
4 9ZoneAlarm1 13zonealarm.exe1 00 45Firewall program from Zonelabs - free version46http://www.zonelabs.com/store/content/home.jsp0
115Winsock32driver1 16ZoneAlarmPr0.exe1 00 31Added by the HACKARMY-B TROJAN!59http://www.sophos.com/virusinfo/analyses/trojhackarmyb.html0
115Winsock2 driver1 19Zonealarmupdate.exe1 00 38Added by a variant of the SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
115Winsock32driver1 14ZoneLockup.exe1 00 30Added by the HACARMY.D TROJAN!79http://securityresponse.symantec.com/avcenter/venc/data/backdoor.hacarmy.d.html0
3 4Zoom1 8zoom.exe1 00 65Zoom - speeds up Windows startup and manages startup applications51http://www.foxpop.ndirect.co.uk/pc/dachshund_04.htm0
011ZoomingHook1 15ZoomingHook.exe1 00 53Related to the Toshiba Zooming Utility for Tablet PC. 01
115Terminate Popup1 7ZPU.exe1 00257a target="_blank" href="http://www.free-popup-killer.com/"Free Popup Killer - foistware proven to install the Regsvc32 homepage hijacker. Also see a target="_blank" href="http://www.spywareinfo.com/yabbse/index.php?board=21;action=display;threadid=2411"here 01
1 9b3dUpdate1 11Zupdate.exe1 00348B3d Projector foistware - periodically trys to access the internet. (1) Uninstall it via Start -> Settings -> Control Panel -> Add/Remove Programs. (2) Remove the BDEsecureinstall.exe if still present in C:\\Windows\\System. (3) Disable and ideally delete it from the registry. (4) Remove the "BDE" directory and all its contents43http://www.kazaa.com/en/privacy/bundles.htm0
1 6Update1 11Zupdate.exe1 00348B3d Projector foistware - periodically trys to access the internet. (1) Uninstall it via Start -> Settings -> Control Panel -> Add/Remove Programs. (2) Remove the BDEsecureinstall.exe if still present in C:\\Windows\\System. (3) Disable and ideally delete it from the registry. (4) Remove the "BDE" directory and all its contents43http://www.kazaa.com/en/privacy/bundles.htm0
1 7Zupdate1 11Zupdate.exe1 00348B3d Projector foistware - periodically trys to access the internet. (1) Uninstall it via Start -> Settings -> Control Panel -> Add/Remove Programs. (2) Remove the BDEsecureinstall.exe if still present in C:\\Windows\\System. (3) Disable and ideally delete it from the registry. (4) Remove the "BDE" directory and all its contents43http://www.kazaa.com/en/privacy/bundles.htm0
1 8VasddwDg1 10zxXZwd.exe1 00158Added by the W32/Sdbot-SN WORM/IRC backdoor Trojan. Running in the background as a service, it will allow unauthorised remote access to the infected computer.56http://www.sophos.com/virusinfo/analyses/w32sdbotsn.html0
