Page provided by Network Chico. Hosting provided by Host Chico. Domain name registration via Network Chico Domains. TNCC | 419585
This page presents a comprehensive list of the programs you may find that run when you switch on your PC as typically identified by MSCONFIG or the registry "Run" keys - and whether you need them.
This is NOT a database of tasks/processes taken from Task Manager or the Close Program window (CTRL+ALT+DEL) but a database of startup applications, although you will find some of them listed via this method. Pressing CTRL+ALT+DEL identifies programs that are currently running - not necessarily at startup. For a list of tasks/processes you should try the Process Library from Uniblue, the list at PC Pitstop or one of the many others now available. Therefore, before ending a task/process via CTRL+ALT+DEL just because it has an "X" recommendation, please check whether it's in MSConfig or the registry first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+ALT+DEL. If in doubt, don't do anything.
A number of entries are repeated due to the way that different operating systems display startup items. For example, WinMe lists "POPROXY.EXE" as "Norton eMail Protect" in both MSCONFIG and the registry whereas WinXP lists it as "Poproxy" in MSCONFIG and "Noeton eMail Protect" in the registry.
To avoid the list becoming too large, all VIRUSES are shown using the registry version which is common to all Windows versions.
There are viruses and other pests that can add any number of different entries to the startups. They make additional entries under the registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Run and RunOnce keys, allowing them to run at startup.
If you want to know more about these types of programs why not start with a search at Wikipedia - the free, community maintained online encyclopedia. Then visit the Safer Networking and BleepingComputer malware forums.
o-----------------------------o
Key:
Variables:
| Status | Name/Startup Item | Command | Comments | Tested |
|---|---|---|---|---|
| X | system32.exe | Added by the AGOBOT-KU WORM! Note - has a blank entry under the Startup Item/Name field | No | |
| X | pathex.exe | Added by the MKMOOSE-A WORM! Note - has a blank entry under the Startup Item/Name field | No | |
| X | svchost.exe | Added by the DELF-UX TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%. Note - has a blank entry under the Startup Item/Name field | No | |
| X | MSPF.EXE | Added by a variant of the SDBOT WORM! This file is located in the Winnt or Windows folder. Note - has a blank entry under the Startup Item/Name field | No | |
| X | dllvirtual.exe | Added by the DADOBRA-IW TROJAN! Note - has a blank entry under the Startup Item/Name field | No | |
| X | dllvirtual.dll | Added by the DADOBRA-IW TROJAN! Note - has a blank entry under the Startup Item/Name field | No | |
| X | dllvirtual.js | Added by the DADOBRA-IW TROJAN! Note - has a blank entry under the Startup Item/Name field | No | |
| X | ajsha5.exe | Added by the SPYBOT-NX WORM! Note - has a blank entry under the Startup Item/Name field | No | |
| X | ne.exe | Added by the IRCBOT-ZL TROJAN! Note - has a blank entry under the Startup Item/Name field | No | |
| X | iexpl0re.exe | Added by the RBOT-SD WORM! Note - has a blank entry under the Startup Item/Name field | No | |
| X | gbpm.exe | Added by the DLOADR.ZZD WORM! Note - has a blank entry under the Startup Item/Name field | No | |
| X | regedit.exe /s appboost.reg | Added by the APPIX.D WORM! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run and HKCU\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blank. The Windows registry editor (regedit.exe) is a legitimate Microsoft file located in %Windir% and shouldn't be deleted. The file "appboost.reg" is located in %Windir% | No | |
| Y | !1_pgaccount | pgaccount.exe | DiamondCS ProcessGuard security software - stops malicious worms and trojans from being executed silently in the background, as well as a variety of other attacks. You will see one instant of pgaccount.exe for every active account on your system, and this is essential for PG to work properly | No |
| Y | !1_ProcessGuard_Startup | procguard.exe | DiamondCS ProcessGuard security software - stops malicious worms and trojans from being executed silently in the background, as well as a variety of other attacks | No |
| Y | !AVG Anti-Spyware | avgas.exe | System Tray access to and notifications for AVG Anti-Spyware 7.5. This has now been superseded by AVG Anti-Virus which includes Anti-Spyware | Yes |
| Y | !ewido | ewido.exe | System Tray access to and notifications for Ewido Anti-Spyware 4.0. Ewido is now part of AVG Technologies so this has been superseded by AVG Anti-Virus which includes Anti-Spyware | Yes |
| N | !NoLoad | winrecon.exe | WinRecon keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| U | $EnterNet | Enternet.exe | Connection manager for the EnterNet ISP. You can also use RASPPOE | No |
| X | $sys$cmp | $sys$xp.exe | Added by the RYKNOS.B TROJAN! Attempts to utilize the Sony Rootkit A.K.A. SecurityRisk.First4DRM security risk to hide itself on the compromised computer | No |
| X | $sys$crash | $sys$sonyTimer.exe | Added by the WELOMOCH TROJAN! | No |
| X | $sys$crash | $sys$sos$sys$.exe | Added by the WELOMOCH TROJAN! | No |
| X | $sys$crash | $sys$WeLoveMcCOL.exe | Added by the WELOMOCH TROJAN! | No |
| X | $sys$drv | $sys$drv.exe | Added by the RYKNOS TROJAN! Attempts to utilize the Sony Rootkit A.K.A. SecurityRisk.First4DRM security risk to hide itself on the compromised computer | No |
| X | $sys$momomomochin | $sys$sonyTimer.exe | Added by the WELOMOCH TROJAN! | No |
| X | $sys$momomomochin | $sys$sos$sys$.exe | Added by the WELOMOCH TROJAN! | No |
| X | $sys$momomomochin | $sys$WeLoveMcCOL.exe | Added by the WELOMOCH TROJAN! | No |
| X | $sys$umaiyo | $sys$sonyTimer.exe | Added by the WELOMOCH TROJAN! | No |
| X | $sys$umaiyo | $sys$sos$sys$.exe | Added by the WELOMOCH TROJAN! | No |
| X | $sys$umaiyo | $sys$WeLoveMcCOL.exe | Added by the WELOMOCH TROJAN! | No |
| U | $Volumouse$ | volumouse.exe | Volumouse from Nirsoft. "Provides you a quick and easy way to control the sound volume on your system - simply by rolling the wheel of your wheel mouse" | No |
| X | $WindowsRegKey%update | IEXPLORE.EXE | Added by the RBOT-EZ WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System% | No |
| ? | %cmpmixtitle% | %cmpmixstr% | Possibly related to C-Media Mixer Control panel? | No |
| N | %FP%012-L2TP fts.exe | fts.exe | 012.Net.il Israeli ISP software front-end | No |
| U | %FP%012-L2TP FWPortal.exe | FWPortal.exe | 012.Net.il Israeli ISP dial-up software | No |
| N | %FP%1776 Internet fts.exe | fts.exe | 1776 Internet US ISP software ISP software front-end | No |
| U | %FP%1776 Internet FWPortal.exe | FWPortal.exe | 1776 Internet US ISP dial-up software | No |
| N | %FP%AIRTEL fts.exe | fts.exe | Bharti Airtel Broadband - Indian ISP software front-end | No |
| N | %FP%Barak013 fts.exe | fts.exe | Barak013 Israeli ISP software front-end | No |
| U | %FP%Barak013 FWPortal.exe | FWPortal.exe | Barak013 Israeli ISP dial-up software | No |
| N | %FP%Friendly fts.exe | fts.exe | Friendly ISP software front-end | No |
| X | %Temp% | %Temp%\delwdef2008.bat | WinDefender 2008 rogue privacy program - not recommended, removal instructions here | No |
| X | %Windir%\winnl.exe | winnl.exe | Added by the KIDKITI TROJAN! | No |
| X | %Windir%\winnm.exe | winnm.exe | Added by the KIDKITI TROJAN! | No |
| X | WinData | services.exe | Added by the SOBER-AD WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\PoolData and note the space at the beginning of the "Startup Item" field | No |
| X | WinINet | services.exe | Added by the SOBER.R WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\ConnectionStatus and note the space at the beginning of the "Startup Item" field | No |
| X | ϵͳע�ï½ï¿½ï¿½ | zhuruqi.exe | Added by the QHOST.V TROJAN! | No |
| X | 'AdwarePro' | 'AdwarePro'.exe | AdWarePro rogue security software - not recommended | No |
| X | \SysInit | svchost.exe | Added by the STARTPA-BD TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %ProgramFiles%\Common Files | No |
| X | Services.dll | smss.exe | Added by the SOBER-L WORM! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\msagent\system and note the space at the beginning of the "Startup Item" field | No |
| X | WinCheck | services.exe | Added by the SOBER.V WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\ConnectionStatus\Microsoft and note the space at the beginning of the "Startup Item" field | No |
| X | Windows | services.exe | Added by the SOBER.X WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\WinSecurity and note the space at the beginning of the "Startup Item" field | No |
| X | WinStart | services.exe | Added by the SOBER.O WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\Connection Wizard\Status and note the space at the beginning of the "Startup Item" field | No |
| X | winsystem.sys | smss.exe | Added by the SOBER.K WORM! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\msagent\win32 and note the space at the beginning of the "Startup Item" field | No |
| Y | 'Ashampoo AntiSpyWare 2 Guard' | AntiSpyWare2Guard.exe | Part of Ashampoo® AntiSpyWare 2 from Ashampoo GmbH & Co. KG. This part is the realtime monitor that looks for changes on the users system such as BHO, Winsock LSPs, Windows Hosts file, Autostart entries, etc | Yes |
| X | (*)API Machine | winSOCKS.exe | Homepage hijacker, see here (* = any digit) | No |
| X | (*)Run | win32API.exe | Homepage hijacker, see here (* = any digit) | No |
| X | (Default) | media_driver.exe | Added by the TUPEG VIRUS! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank | No |
| X | (Default) | Shania.vbs | Added by the SHANIA BACKDOOR! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank | No |
| X | (Default) | NOTEPAD.exe | Added by the RUSTY WORM! Note - not to be confused with the valid Windows "NOTEPAD" text editor! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank | No |
| X | (Default) | [random filename].exe | Added by the BLACKMAL WORM! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run and HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blank | No |
| X | (Default) | twunk_32.exe | Added by the BLACKMAL.C WORM! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank | No |
| X | (Default) | winhelp.exe | Added by the BLACKMAL.C WORM! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank | No |
| X | (Default) | spolsvr2.exe | Added by the EVILSOCK.10 TROJAN! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank | No |
| X | (Default) | winbas12.exe | Adware, CoolWebSearch parasite related - detected by Kaspersky as the VB.DU TROJAN! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank | No |
| X | (Default) | Systrsy.exe | Added by the CDTRAY TROJAN! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank | No |
| X | (Default) | llsass.exe | Added by the PROXY-GG TROJAN! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank | No |
| X | (Default) | syspol.exe | Added by the DREMN-B TROJAN! Note - this malware actually changes the value data of the "(Default)" key in HKCU\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank | No |
| X | (Default) | winlog.exe | Unidentified adware. Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run and HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blank | No |
| X | (default) | rundll32.exe [path to DLL file],Do98Work | Added by the HESIVE.B TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. Note - this malware actually changes the value data of the "(Default)" key in HKCU\Run, HKLM\Run and HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blank | No |
| X | (Default) | winligom.exe | Added by the RBOT-GAI WORM! Note - this malware actually changes the value data of the "(Default)" key in HKCU\Run, HKLM\Run and HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blank | No |
| X | (Default) | 5640.exe | Added by the DOWNLD-ABF TROJAN! Note - this malware actually changes the value data of the "(Default)" key in HKCU\Run, HKLM\Run and HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blank | No |
| X | (Default) | QQUpdate.exe | Added by the QUADRULE.A WORM! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank | No |
| X | (Default) | Mcafee.exe | Added by the AGENT.AY TROJAN! Note - this is not a valid McAfee program and is located in %System%. This malware actually changes the value data of the "(Default)" key in HKCU\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank | No |
| X | (Default) | fada.exe | Added by the VB.HEI TROJAN! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run, HKLM\RunServices and HKCU\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank | No |
| X | (Default) | Default.exe | Added by the AUTORUN.BUK WORM! Note - this malware actually changes the value data of the "(Default)" key in HKLM\RunOnce & HKCU\RunOnce in order to force Windows to launch it at boot. The name field in MSConfig may be blank | No |
| X | (Default) | KEYBOARD.exe | Added by the AUTORUN.BUK WORM! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank | No |
| X | (Default) | msarti.com | Added by the SILLYFDC.CJ WORM! Note - this malware actually changes the value data of the "(Default)" key in HKLM\..\Policies\Explorer\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank | No |
| X | (Default) | msnupdate.exe | Added by the RBOT-GWT BACKDOOR! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run & HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blank | No |
| X | (L4r1$$4) (4nt1) (V1ruz) | SP00Lsv32.pif | Added by the ASSIRAL.B WORM! | No |
| X | *Bandook | msdll.exe | Added by an unidentified TROJAN - see here | No |
| X | *Intelli Mouse Pro Version 2.0B* | ncsjapi32.exe | Added by the BUZUS-O WORM! | No |
| X | *JanisRuckenbrodII | janis.com | Added by the POPS WORM! | No |
| X | *Microsoft Update | ctxma.exe | Added by the STMU TROJAN! | No |
| X | *Microsoft Update | cxma.exe | Added by the STMU TROJAN! | No |
| X | *Microsoft Update | wstcl.exe | Added by the STMU TROJAN! | No |
| X | *Microsoft Update | wucxt.exe | Added by the STMU TROJAN! | No |
| X | *Microsoft Update | wuytc.exe | Added by the STMU TROJAN! | No |
| X | *MS Setup | [random filename] | Virtumondo adware, also known as the VUNDO TROJAN! | No |
| X | *MSConfig32 | aecache.exe | Detected by F-Secure as the OBFUSCATED.GP TROJAN! | No |
| Y | *Restore | rstrui.exe | Part of Windows System Restore and added as a RunOnce registry entry. Leave alone | No |
| X | *Security Center | secctr.exe | Added by the SDBOT.BRO WORM! | No |
| Y | *StateMgr | statemgr.exe | Windows ME default for System Restore. Do NOT disable! | No |
| N | *WerKernelReporting | WerFault.exe | Part of Windows Error Reporting technology (WER) for Vista. WER captures software crash and hang data from end-users who agree to report it - see here | No |
| X | *windows update | wrauclt.exe | Added by the RBOT-QU WORM! | No |
| X | *windows update | wuanclt.exe | Added by the RBOT-PG WORM! | No |
| X | *windows update | wuaucrlt.exe | Added by the SPYBOT.HUR WORM! | No |
| X | *windows update | wuraclt.exe | Added by the RBOT-PO WORM! | No |
| X | *windows update | wurauclt.exe | Added by the RBOT-SY WORM! | No |
| X | *windows update | wsctl.exe | Added by the SPYBOT.PR WORM! | No |
| X | *windows update | wkmst.exe | Added by the SDBOT.AVD WORM! | No |
| X | *windows update | wscxt.exe | Added by the RBOT.AOS WORM! | No |
| X | *windows update | waurclt.exe | Added by a variant of the RBOT WORM! | No |
| X | *windows update | wuaruclt.exe | Added by the RBOT-TF WORM! | No |
| X | *Windows [filename] Checker | [filename] | Added by the KEDEBE-B WORM! | No |
| X | *WindowsAudio | systemupd.exe | Added by the AGENT-TH WORM! | No |
| X | *WinLogon | [trojan path] ren time:[random number] | Added by the VUNDO TROJAN! | No |
| X | *winstats | winstats.exe | Added by the GARGAFX TROJAN! | No |
| X | *wuauclt.exe | w****.exe [* = random char] | Added by a variant of the RBOT-UG WORM! Note - * in the filename represents a random char; variants spotted: wxmct.exe, wtmsv.exe, wxmst.exe, wmsvc.exe and so on... | No |
| X | *zggjmyd | zggjmyd.exe | Added by the AFCORE.O BACKDOOR! | No |
| X | ,main drive Loader | wininfo.exe | Suspected malware as it appears in 3 different registry locations - see here | No |
| X | -=+(L4r1$$4)+=-(4nt1)-=+(V1ru$)=-+ | ISASS.exe | Added by the ASSIRAL.B WORM! | No |
| Y | -FreedomNeedsReboot | ZkRunOnceR.exe | Internet Security Suite used by ISPs to protect customers against many attacks | No |
| X | .. | ABC2007.exe | Added by the DLOADR-ASH TROJAN! | No |
| X | .mscdr | lassa.exe | Added by the WEBUS.C TROJAN! | No |
| X | .mscdr | lsvchost.exe | Added by the WEBUS.D TROJAN! | No |
| X | .mscdsr | lsvchost.exe | Added by the BDOOR-CR BACKDOOR! | No |
| X | .mscsbl | svhost.exe | Added by the CMQ TROJAN! | No |
| X | .msfupdate | msveup.exe | Added by the ALLOCUP.A WORM! | No |
| X | .mssecure | mssecure.exe | Added by the DDOS_BOXED.X TROJAN! | No |
| ? | .NET config | sysmon32.exe | ?? | No |
| X | .NET. | msnmgnr.exe | Added by the DELF.AYF WORM! | No |
| X | .norton | rchost.exe | Added by the BOXED-H TROJAN! | No |
| X | .nvsvc | smss.exe | Added by the IRCBOT-FP TROJAN! Note - this is not the legitimate smss.exe process which should not normally figure in Msconfig/Startup! | No |
| X | .nvsvcb | smssb.exe | Added by the BOXED.CG TROJAN! | No |
| X | .Prog | services.exe | Added by the NEVEG.B or NEVEG.C WORMS! Note - this is not the legitimate services.exe process, which should not appear in Msconfig/Startup! | No |
| X | .Prog | winlogon.exe | Added by the NEVEG.A WORM! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup! | No |
| X | .protected | N/A | Smitfraud variant | No |
| X | .svchost | CSRSS.EXE | Added by the WEBUS.F TROJAN! Note - this worm replaces the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! | No |
| X | .TEXTCONV | csrss.exe | Added by the WEBUS TROJAN! Note - this is not the legitimate csrss.exe process which should not normally figure in Msconfig/Startup! | No |
| X | .TEXTCONV | lsass.exe | Added by the WEBUS.B TROJAN! Note - this is not the legitimate lsass.exe process which should not normally figure in Msconfig/Startup! | No |
| X | .WMAudio | csrss.exe | Added by the WEBUS TROJAN! Note - this is not the legitimate csrss.exe process which should not normally figure in Msconfig/Startup! | No |
| X | .WMAudio | lsass.exe | Added by the WEBUS.B TROJAN! Note - this is not the legitimate lsass.exe process which should not normally figure in Msconfig/Startup! | No |
| N | /l:eng | N/A | Related to the Dell OEM version of the Sound Blaster Audigy 2 sound card. If this item is listed and checked in startup, the System32 Folder will appear on every startup. A patch is available - filename R75304.EXE - that fixes the issue. You can find that file at support.dell.com by typing that name in the 'Search' box available there. It addresses the root of the problem in Creative's software and corrects it. Unfortunately there is no direct link to the file, but it's easily available using the search function | No |
| N | /s | N/A | Related to the Dell OEM version of the Sound Blaster Audigy 2 sound card. If this item is listed and checked in startup, the System32 Folder will appear on every startup. A patch is available - filename R75304.EXE - that fixes the issue. You can find that file at support.dell.com by typing that name in the 'Search' box available there. It addresses the root of the problem in Creative's software and corrects it. Unfortunately there is no direct link to the file, but it's easily available using the search function | No |
| U | 000 | pit.exe | PrivateEye surveillance software. Uninstall this software unless you put it there yourself | No |
| X | 000hpdllhos | hpdllhost.exe | LZIO.com adware downloader | No |
| U | 000StTHK | 000StTHK.exe | Toshiba Hot key functionality for the function keys (Fn-Esc, Fn-F1 (lock), Fn-F2, Fn-F3, Fn-F4, Fn-F5 (switching between laptop and CRT display output), etc...) | No |
| X | 0050726-007-i32-1 | 0050726-007-i32-1.exe | Added by the BANCBAN-EC TROJAN! | No |
| X | 007-Anti-Spyware.exe | 007-Anti-Spyware.exe | 007 Anti-Spyware rogue security software - not recommended | No |
| ? | 00DSKSVR00 | desksaver.exe saskda | Part of Advanced Desktop Shield, Easy Desktop Keeper, 1st Desktop Guard and Desktop Layout Keeper (and maybe others) - which give you the ability to save, restore, manage and lock your desktop layout that includes files and folders located on your desktop, placement of desktop icons, desired wallpaper and screen saver. The exact purpose of this startup entry is unknown at present | Yes |
| U | 00DSKSVR01 | desksaver.exe tray | System Tray access to Advanced Desktop Shield, Easy Desktop Keeper, 1st Desktop Guard and Desktop Layout Keeper (and maybe others) - which give you the ability to save, restore, manage and lock your desktop layout that includes files and folders located on your desktop, placement of desktop icons, desired wallpaper and screen saver. Disabling via the program's own options will leave this startup entry but it will not run - "desksaver.exe" does however run as it's also used as a service | Yes |
| U | 00ERSRRRNKY | eraser.exe | Part of Evidence Exterminator, 1st Evidence Remover and Evidence Destructor (and maybe others) - the same file for the same version being used by all programs. Security tools that ensure your security and privacy by destroying all hidden activity information on demand, according to a schedule or on each boot/shutdown. This entry provides System Tray access to the main program for on demand cleaning and is required if any automatic cleaning has been scheduled. Located in %ProgramFiles%\Evidence Exterminator, %ProgramFiles%\1st Evidence Remover, %ProgramFiles%\Evidence Destructor or maybe others | Yes |
| ? | 00notify33 | NetBrowser.exe | Part of Best Network Security, 1st Network Admin and Corporate Network Security (and maybe others) - network-based password-protected security software that lets you impose access restrictions to all your PC workstations you have in your corporate network to stop users from tampering with them. The exact purpose of this startup entry is unknown at present | Yes |
| Y | 00PCTFW | FirewallGUI.exe | System Tray access to PC Tools Firewall Plus from PC Tools - which "is a powerful personal firewall for Windows that protects your computer from intruders and controls the network traffic in and out of your PC" | Yes |
| ? | 00saskda | newlock.exe saskda | Part of Access Manager, 1st Security Agent, Security Administrator and PC Security Tweaker (and maybe others) - which let you control which users are allowed to access your PC and the level of access each user may have. You can choose to tweak access to lots of Control Panel applet functions, including Display, Network, Passwords, Printers, System, Add/Remove Programs, etc. The exact purpose of this startup entry is unknown at present but it appears to be related to the "Screen Lock" feature | Yes |
| Y | 00TCrdMain | TCrdMain.exe | Related to the flash card slot on a Toshiba laptop. Ending this process will disable access to the flash cards | No |
| U | 00THotkey | 00THotKey.exe | For Toshiba Satellite notebook series to use the front buttons, play, stop, next, prev. | No |
| U | 00THotkey | system32THotkey.exe | For Toshiba Satellite notebook series to use the front buttons, play, stop, next, prev | No |
| U | 0190 Warner | WARN0190.EXE | Anti-dialer program (Germany) | No |
| U | 0900 Warner | WARN0900.EXE | Anti-dialer program (Germany) | No |
| X | 0mcamcap | 0mcamcap.exe | Added by the COSIAM-H TROJAN! | No |
| X | 0utlook Express | *****.exe [* = random char] | Added by the RBOT-CC WORM! Note the first letter is actually the digit "0" and not a capital "o" | No |
| X | 0_AVD32 | xzboot.exe | Added by the AGENT-IWI TROJAN! | No |
| X | 1 | 1.exe | Added by the ESTEEMS TROJAN! | No |
| X | 1 | lsass.scr | Added by the BANCOS.V TROJAN! | No |
| X | 1 | svchost.scr | Added by the BANCOS.X TROJAN! | No |
| X | 1 | mrcmgr.exe | Added by the BANKER.RQK TROJAN! | No |
| X | 1 | KHATRA.exe | Added by the AUTOIT-BP WORM! | No |
| X | 1 | addit.exe | Added by the SDBOT-RI WORM! | No |
| N | 1&1 EasyLogin | EasyLogin.exe | 1&1 EasyLogin - quick access to webhost 1&1's Control Panel, Web-Mail and other applications via the System Tray | No |
| X | 1-sukarno | sukarno.exe | Added by the BRONTOK-CR WORM! | No |
| U | 101Clips | 101Clips.exe | 101Clips - "the simplest of all multi-clipboard programs. Just have it running minimized and it captures everything you cut or copy from other programs. It keeps the last 25" | No |
| X | 1029BB4B-16A9-4E77-AA3D-96930BD68EEC | sysockeu.exe | Added by the FAKEALERT-AH TROJAN! | No |
| X | 10Base-T | explore.exe | Added by the AGOBOT-IJ WORM! | No |
| X | 1111swapmgr.exe | 1111swapmgr.exe | Added by the BDOOR-IC BACKDOOR! | No |
| X | 1234klsjdc uiar924c af | sxgnsvuxct.exe | Added by the FAKEALERT-AM TROJAN! | No |
| X | 1234klsjdc uiar924c af | sysvtypkbjx.exe | Added by the FAKEALERT-AM TROJAN! | No |
| X | 123Monitor | SpywareFreeMonitor.exe | 1-2-3 Spyware Free rogue spyware remover - not recommended, see here | No |
| U | 12Ghosts Backup | 12backup.exe | 12Ghosts Backup - "Automatic Backups, HyperBackup for Multiple Versions, Registry Backup" | No |
| U | 12Ghosts Clip | 12clip.exe | 12Ghosts Clip - "Screen shots made easy" | No |
| U | 12Ghosts JustAWindow | 12window.exe | 12Ghosts JustAWindow - "Cover annoying ads, animated gifs, things you don't want to see" | No |
| U | 12Ghosts Popup-Killer | 12popup.exe | 12Ghosts Popup-Killer | No |
| U | 12Ghosts SaveLayout | 12autosl.exe | 12Ghosts SaveLayout - "Always (always!) keep the layout of your desktop icons" | No |
| U | 12Ghosts SetColor | 12color.exe | 12Ghosts SetColor - "Change your desktop icon text colors, also to transparent" | No |
| U | 12Ghosts ShowTime | 12showtime.exe | 12Ghosts Showtime - "Enhance the clock in your tray with font formatting, colors, date, time zones" | No |
| U | 12Ghosts Synchronize | 12sync.exe | 12Ghosts Synchronize - "Sync PC clock with an atomic clock over the Internet" | No |
| U | 12Ghosts Tower | 12tower.exe | 12Ghosts Tower - "Quickly access and manage all Ghosts (included in all packages)" | No |
| U | 12Ghosts TrayProtect | 12srvc.exe | 12Ghosts TrayProtect - "Hide tray icons, restore after a crash" | No |
| U | 12Ghosts Wash | 12wash.exe | 12Ghosts Wash - "Protect your privacy, clear browser history, delete and overwrite cache files" | No |
| N | 12Voip | 12Voip.exe | 12Voip - free internet telephony utility using the VoIP (Voice over Internet Protocol). Call online friends for free and regular phones either for free (limited use) or low rates. One of a number provided by Betamax - the others generally have different rate plans. Similar to the more popular Skype | Yes |
| ? | 17779Proj2002 | N/A | ?? | No |
| X | 180adsolution | 180adsolution.exe | 180solutions adware | No |
| X | 180ax | 180ax.exe | 180Search adware | No |
| X | 180ClientStubInstall | stubinstaller****.exe [* = digit] | 180Solutions adware related | No |
| X | 180ClientStubInstall | [path to trojan] | 180Solutions adware related | No |
| X | 180ClientStubInstall | ******.tmp [* = random digit/char] | 180Solutions adware related | No |
| X | 180sa | 180sa.exe | 180Search adware | No |
| X | 1916435341.exe | 1916435341.exe | Added by the DLOADR-AXU TROJAN! | No |
| X | 196_150_ni | 196_150_ni.exe | WinFixer web installer. Winfixer is "Foistware", pretending to be system optimization, protection and recovery software - stealth installed, see here | No |
| X | 197_150_ni_3 | 197_150_ni_3.exe | WinFixer web installer. Winfixer is "Foistware", pretending to be system optimization, protection and recovery software - stealth installed, see here | No |
| N | 1: | hpdrv.exe | HP utility for monitoring when and how many recoveries have been done | No |
| U | 1A:MacVisionTrayMonitor | TrayMonitor.exe | Part of MacVision by Jeff Bargmann - an discontinued program that makes your PC's desktop look and feel incredibly like that of a Macintosh OS8 computer. Handler that puts the icons that are in your system tray into the MacVision taskbar, beside the clock | No |
| Y | 1A:Stardock MCP | mcpserver.exe | Master Control Program for Stardock apps, in development. People should leave it running if they're using any of the Stardock applications | No |
| Y | 1A:Stardock TrayMonitor | TrayServer.exe | For monitoring tray icons - if disabled icons will not be displayed in ObjectBar or DesktopX | No |
| U | 1cla | 1cla.exe | 1 Click & Lock from Softstack.com - "a system tray security utility you can use to secure your desktop when you step away from your PC. It's secure and very easy-to-use. Just define a password, and select Lock to hide and deny access to your desktop to anyone without the proper password." The same program as Access Lock and Access Controller (and maybe others) - the same file for the same version is used by all programs but the filename is different in each case | Yes |
| U | 1cla.exe | 1cla.exe | 1 Click & Lock from Softstack.com - "a system tray security utility you can use to secure your desktop when you step away from your PC. It's secure and very easy-to-use. Just define a password, and select Lock to hide and deny access to your desktop to anyone without the proper password." The same program as Access Lock and Access Controller (and maybe others) - the same file for the same version is used by all programs but the filename is different in each case | Yes |
| ? | 1CmailS | NETMAIL.EXE | ?? | No |
| X | 1on1 | 1on1.exe | Adult content dialler | No |
| U | 1Srv32 | SpyAgent4.exe | SpyTech SpyAgent monitoring software. "Spy software that allows you to monitor EVERYTHING users do on your PC." | No |
| X | 1u7 | 1u7.exe | Added by the MURBAC-A TROJAN! | No |
| U | 1Win32Cfg | SpyBuddy.exe | SpyBuddy from ExploreAnywhere, Inc - is the "dependable computer monitoring solution that will reveal what your child or employee is really doing on the computer" | No |
| U | 1Win32Cfg | Keyloggerpro.exe | Keyloggerpro keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| X | 1WinCfg32 | WebMailSpy.exe | WebMailSpy spyware | No |
| X | 2-suharto | suharto.exe | Added by the BRONTOK-CR WORM! | No |
| X | 2020Downloader | mssvr.exe | 2020Search Toolbar | No |
| X | 2177F056-0AA6-4D6C-A944-13F71F341C29 | sysokuaw.exe | Added by the FAKEALERT-AH TROJAN! | No |
| U | 24Online Client | CyberoamClient.exe | Related to Cyberroam from Elitecore Technologies Ltd | No |
| X | 250kg | 250kg.exe | Added by the AUTORUN-TI WORM! | No |
| X | 252 | winmgr.exe | Added by the LEGMIR-AT TROJAN! | No |
| X | 27 | slsorve.exe | Added by the SLSORVE-A TROJAN! | No |
| X | 27 | csrss32.exe | Added by the SLSORVE-D TROJAN! | No |
| X | 27 | msm32.exe | Added by the SLSORVE-E TROJAN! | No |
| X | 2Search | main.exe | 2Search adware | No |
| X | 2thousandbuck | [path to file] | Added by the RANKY.L TROJAN! | No |
| U | 2wSysTray | 2portalmon.exe | 2Wire Homeportal user interface | No |
| X | 3-habibie | habibie.exe | Added by the BRONTOK-CR WORM! | No |
| X | 32-bit Thunking service | thunk32.exe | Added by the DERDERO.A WORM! | No |
| X | 32.exe | nvscv32.exe | Added by the AGENT-LOL TROJAN! | No |
| X | 333 | svchost.exe | Added by the JD-A TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "Syswm1i" directory | No |
| X | 360antiarp | [path to trojan] | Added by the PASTA.AIB TROJAN! | No |
| Y | 36X Raid Configurer | JMRaidSetup.exe | JMB36x series RAID configuration utility from JMicron Technology for their PCI Express to SATA II and PATA Host Controllers | No |
| X | 388529725448 | AutomaticUpdates.exe | Added by the SDBOT-DEN WORM! | No |
| ? | 39ELTFH25Z8SKF | Ezg1q5.exe | Seems to be associated with software by Resplendence SP ? | No |
| Y | 3c1807pd | 3cmlink.exe 3cpipe-3c1807pd | 3Com WinModem driver. See here for more WinModem information | No |
| Y | 3capplnk | 3capplnk.exe | US Robotics Modem driver | No |
| N | 3cdminic | 3CDMINIC.EXE | 3Com DMI (DynamicAccess Desktop Management Interface) Agent associated with 3Com network cards | No |
| Y | 3CM Link | 3cmcnkw.exe | Required for a US Robotics WinModem as it provides the link to Windows - won't work without it | No |
| Y | 3Cmlink | 3CmlinkW.exe | For a US Robotics WinModem. Provides the link to Windows as the CPU does the processing on WinModems - won't work without it. See here for more WinModem information | No |
| ? | 3Com Launcher | Launcher.exe | Related to networking products from 3Com Corporation. What does it do and is it required? | No |
| N | 3ComDMIAgent | 3CDMINIC.EXE | 3Com DMI (DynamicAccess Desktop Management Interface) Agent associated with 3Com network cards | No |
| Y | 3cpipe-USRpdA | USRmlnkA.exe | Modem driver files from US Robotics | No |
| X | 3D Text | 3D Text.scr | Added by the JERMY.A WORM! | No |
| U | 3Deep Control Panel | 3DeepCTL.EXE | 3Deep® from E-Color corrects lighting, shading and color for all your 2D and 3D games. Now superseded by 3DxWizzard™ | No |
| X | 3Dfx Acc | GFXACC.EXE | Added by the GIBE WORM! | No |
| N | 3dfx Task Manager | 3dfxMan.exe | System Tray application for 3dfx Voodoo 3/4/5 functions. Available via Start -> Programs | No |
| Y | 3dfx Tools | 3dfxCmn.dll | Updates the registry with information that can't be held for Voodoo 3/4/5 series graphics cards. Important for owners of these cards | No |
| Y | 3dfxv2ps.dll | 3dfxv2ps.dll | Updates the registry with info that can't be held for 3dfx Voodoo 2 video cards. Important for owners of these cards | No |
| ? | 3Dlabs Taskbar Display Manager | 3DLman.exe | 3DLabs graphics driver related. System Tray access to display settings? | No |
| U | 3DLabsHelperDemon | 3dldemon.exe | Directly from the programs author "It is a tiny program that is installed by the Permedia2/3 and probably other Oxygen-series cards. Normally it sits in the background doing nothing at all (sleeping on a semaphore), so it should take zero CPU time and virtually zero memory, since it will all be paged out to the hard drive." In most cases it can be safely disabled | No |
| Y | 3DMouse.EXE | 3DMouse.EXE | Dritek System Inc. 3D Mouse driver | No |
| X | 3d_sound | 3d_sound.exe | Added by the RIADOS-A TROJAN! | No |
| X | 3P_UDEC_IA | IAInstall.exe | Installer for the Internet Antivirus and Internet Antivirus Pro rogue security software - not recommended, removal instructions here | No |
| U | 3qdctl.exe | 3qdctl.exe | Provided with Terratec 128i PCI and similar sound cards. Loads a sound profile at bootup, restoring volume and other audio settings to a pre-determined default. Similar to Creative Lab's AudioHQ | No |
| Y | 3ware 3DM | 3dm.exe | Monitors status of the disk array on 3ware IDE RAID controllers | No |
| X | 4-gusdur | gusdur.exe | Added by the BRONTOK-CR WORM! | No |
| X | 456655 | explorer.exe | Added by the BIFROSE-DE TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System% | No |
| X | 4684735485910 | netdll32.exe | Added by the SDBOT-DEV WORM! | No |
| X | 49U5T1N4 | 49U5T1N4.exe | Added by the KORRON.B WORM! | No |
| X | 4da92ad5.exe | 4da92ad5.exe | Added by the DLOADR-WZ TROJAN! | No |
| X | 4k51k4 | 4k51k4.exe | Added by the BRONTOK-BH WORM! | No |
| U | 4oD | KHost.exe | Verisign Kontiki Delivery Management System - Windows-based client software that enables secure delivery of content to users' desktops | No |
| X | 4wd!!! | Natal!.pif | Added by the OPASERV.AI WORM! | No |
| X | 5-1-61-96 | members-area.exe | Adult content dialler | No |
| X | 5-2-46-112 | 5-2-46-112.exe | Adult content pop-up dialler. Removal instructions here | No |
| X | 5-megawati | megawati.exe | Added by the BRONTOK-CR WORM! | No |
| X | 55278 | grepclient1.exe | Added by the LINEAGE-S TROJAN! | No |
| X | 5p4m | [path to trojan] | Added by the LITEBOT-C TROJAN! | No |
| X | 5whgue21 | 5whgue21.exe | ClearSearch adware | No |
| X | 6-susilo b | sby.exe | Added by the BRONTOK-CR WORM! | No |
| X | 65438761234587528 | rkgnd.exe | ANG AntiVirus 09 rogue security software - not recommended, removal instructions here | No |
| X | 666 | Ska.exe | Added by the PIPES TROJAN! | No |
| X | 678 | lsas32.exe | Added by the SLSORVE-B TROJAN! | No |
| X | 756349DC-6D9E-4F2A-9B24-269661F073C3 | sysoghcx.exe | Added by the FAKEALERT-AH TROJAN! | No |
| X | 76112549345328287 | angpd.exe | ANG AntiVirus 09 rogue security software - not recommended, removal instructions here | No |
| X | 7f8e | z****.exe 9idf | Detected by NOD32 as the SMALL.ALI TROJAN! Note - it creates a number of extra z****.dll files in the %System% folder | No |
| U | 802.11b+g USB Wireless LAN Utility | ZDWlan.exe | 802.11b+g USB Wireless LAN Utility | No |
| U | 802.11g MIMO Wireless Utility | RaUI.exe | Wireless configuration utility for Railink 802.11g MIMO based products | No |
| U | 802.11g Wireless Adatper | Monitor.exe | Related to wireless card (802.11) adapter/standard. System Tray icon that provides a shortcut to "Wireless Connection Status" and allows to turn WL on and off. Supplier unknown. Adapter is miss-spelled | No |
| X | 852EBF20-A95D-4F1F-B9C2-B2CD24350F3E | sysodkcs.exe | Added by the FAKEALERT-AH TROJAN! | No |
| X | 98D0CE0C16B1 | rundll32.exe D0CE0C16B1, D0CE0C16B1 | BrowserAid/BrowserPal foistware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| X | 9m | winlog0n.exe | Added by the LEGMIR-AQK TROJAN! | No |
| X | 9UmxQPSiTJMbA | NVUKZ.exe | Added by the AGENT-LMN TROJAN! | No |
| Y | 9xadiras | 9xadiras.exe | Allied Telesyn AT series router/modem related - apparently required | No |
| X | 9xHtProtect | AVprotect9x.exe | Added by the NETSKY.M WORM! | No |
| X | ;Rundll | [filename] | Added by the PWSLEGMIR.E TROJAN! | No |
| X | ?ekio Startups | ?nksvc32.exe | Added by the AGOBOT-OV WORM where ? is a random character | No |
| X | @ | regedit -s win.dll | Added by the SEEKER.K TROJAN! Note that regedit is the the legitimate Windows Registry Editor and shouldn't be deleted. The "win.dll" file is located in %Windir% | No |
| X | @ | iexpl0res.exe | Added by the RBOT.AEX WORM! | No |
| X | @ | wincms.exe | Added by the RBOT.CBR WORM! | No |
| X | @ | winsys32.exe | Added by the DELF.CP BACKDOOR! Note that the entry under the Startup Item/Name field my be blank | No |
| N | @Hoc Toolbar | AtHoc.exe | One-click activated browsing toolbar used by various web-sites. See here for more info | No |
| N | @loha | reminder.exe | Registration reminder for @loha@home E-mail utility | No |
| X | @tour_ww | @tour_ww[1].exe | Adult content dialler | No |
| X | a | a.exe | Commercials file that registers itself in the system registry and redirects IE to a certain commercial website | No |
| X | a | jesse.exe | Added by the MELO-A WORM! | No |
| X | a | MsSvrdll.vbs | Added by the MUTAFROG!INF WORM! | No |
| X | A New Windows Updater | w32NTupdt.exe | Added by the MYTOB.BM WORM! | No |
| N | A Note | A Note.exe | "A Note is a program that lets you create post-it like notes on your Microsoft Windows desktop" | No |
| U | A Verizon App | VERIZO~1.EXE | Part of Verizon Online Support Manager | No |
| U | a² | a2guard.exe | a-Squared antitrojan - can be run on demand but necessary in Startup if you prefer the a² 'Background Guard' real time protection feature | No |
| U | a-squared | a2guard.exe | a-squared antitrojan - can be run on demand but necessary in Startup if you prefer the a² 'Background Guard' real time protection feature | No |
| Y | a-squared Anti-Dialer | a2adguard.exe | a-squared Anti-Dialer | No |
| Y | a-winpoet-service | winpppoverethernet.exe | WinPoET is the industry's first Windows-based PPP over Ethernet client. Developed by iVasion, WinPoET is attractive to equipment providers, modem suppliers, RBOCs and ISPs. For more info read here. It uses dial-up networking for new high-speed internet customers who are more familiar with analogue modems. If unchecked in MSCONFIG it reports Error 360 - Hardware Error in dial-up networking | No |
| U | A1000 Settings Utility | cpqa1000.exe | Compaq A1000 Print Fax All-in-One copy scan printer software. Required in the Startup in order to scan, print, copy and fax. Only required if you use these features | No |
| U | A4Proxy | A4Proxy.exe | Anonymity 4 Proxy - local proxy server that makes you anonymous when visiting web sites | No |
| X | A5118r | _default32142.pif | Added by the BRONTOK-AK WORM and variants! | No |
| X | A5118r | j6321422.exe | Added by the BRONTOK-AK WORM and variants! | No |
| X | A70F6A1D-0195-42a2-934C-D8AC0F7C08EB | rundll32.exe E6F1873B.DLL, D9EBC318C | BrowserAid/BrowserPal foistware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| X | aa bbcc dde effgghh jj | update.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| ? | AAACLEAN | AAACLEAN.INF | ?? | No |
| ? | AAAKeyboard | ?? | ?? | No |
| N | AAATraySaver | TraySaver.exe | System Tray management utility from Mike Lin which allows you to hide, show, restore icons that are lost in an Explorer crash, remove dead tray icons, minimize any window to the System Tray | No |
| X | aacmeyf | aacmeyf.exe | Added by the AF.20 TROJAN! | No |
| X | Aaep | opar.exe | PurityScan/Clickspring adware | No |
| U | AAK | aak.exe | Advanced Anti-Keylogger - "Anti-spy software to prohibit operation of any keyloggers currently in use or presently being developed anywhere" | No |
| U | aaLDISCN32 | LDISCN32.EXE | LANDesk® Management Suite software component | No |
| U | aaLDTaskCompletion | amclient.EXE | LANDesk® Management Suite software component | No |
| X | AAMSFree702 | Avengine.com | Added by the DELF.LJ TROJAN! | No |
| X | AAMSFree702 | sys.exe | Added by the BACKDOOR-CPC TROJAN! | No |
| X | Aaou | amee.exe | PurityScan adware | No |
| X | Aapp | adprot.exe | AdBlaster adware | No |
| X | aaprotect | [path to trojan] | Added by the BANCBAN-MJ TROJAN! | No |
| X | AASSKK2 | LSASS.EXE | Added by the SILLYFDC.BDB WORM! Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %AppData% | No |
| ? | aauclient | ACNUpdater.exe | Appears to be related to software from Accenture.com | No |
| U | AAW | Ad-Aware.exe | Ad-Aware SE Personal from Lavasoft - popular spyware/adware removal tool. Now superseded by Ad-Aware 2008 Free | No |
| U | AAWTray | AAWTray.exe | System Tray access to Ad-aware from Lavasoft - popular spyware/adware removal tool | No |
| ? | ab EazyScheduler | ezsched.exe | ?? | No |
| X | abass | abass.exe | Added by a variant of the Storm/Nuwar/Zhelatin WORM! See here for an example | No |
| N | ABBYY Community Agent | CAGENT.EXE | Installed with the Optical Character Recognition (OCR) software that comes bundled with a Compaq A3000 all-in-one printer/scanner. Its function appears to be to link you to the internet in an attempt to buy the 5.0 version of the software | No |
| U | ABC | keylogger.exe | Keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| X | abcdefgh | abcdefgh.exe | EPJ TROJAN! | No |
| U | ABIT uGuru | uGuru.exe | ABIT µGuru - on motherboards incorporating the µGuru processor this provides quick access to "hardware monitoring, overclocking, BIOS flashing and audio tweaking" | No |
| N | ABITEQ | abiteq.exe | Monitoring utility for ABIT Motherboards. Displays system voltages, temperatures and fan speeds | No |
| X | Abrada WIN32 | abrada.exe | Added by the DERMON-G TROJAN! | No |
| Y | ABRegmon | ABregmon.exe | Part of the ArcaVir antivirus suite from Polish company Arcabit. What does this part do? | No |
| U | Absolute Shield | dseraser.exe | Absolute Shield Evidence Eliminator - internet history eraser | No |
| U | Absolute StartUp monitor | ASMon.exe | Absolute Startup - startup monitor from F-Group Software | No |
| U | AbsoluteShield Internet Eraser | cseraser.exe | AbsoluteShield Internet Eraser - "protects your privacy by cleaning up all the tracks of your Internet and computer activities" | No |
| X | ABsr | absr.exe | Added by the AUTOUPDER TROJAN! | No |
| X | absr | mwsvm.exe | SeekSeek search hijacker related - see here | No |
| X | abtu | mp3serch.exe | Loads the executable for Lop.com - final version | No |
| X | abtu | lopsearch.exe | Loads the executable for Lop.com - beta version | No |
| U | AbyssWebServer | abyssws.exe | Abyss web server | No |
| X | Ac97Sound | snddrv.exe | Added by the VB.AXG TROJAN! | No |
| U | aca | aca.exe | Access Controller - "a desktop locking security utility you can use to protect your desktop when you are not near your PC. To activate protection, define a password in Options, and select the Lock command. Password protection can be automatically activated on boot or with a click of an icon in the system tray." The same program as 1 Click & Lock and Access Lock (and maybe others) - the same file for the same version is used by all programs but the filename is different in each case | Yes |
| U | aca.exe | aca.exe | Access Controller - "a desktop locking security utility you can use to protect your desktop when you are not near your PC. To activate protection, define a password in Options, and select the Lock command. Password protection can be automatically activated on boot or with a click of an icon in the system tray." The same program as 1 Click & Lock and Access Lock (and maybe others) - the same file for the same version is used by all programs but the filename is different in each case | Yes |
| U | AcBtnMgr_X63 | AcBtnMgr_X63.exe | "Lexmark Scan & Copy Control Program" for the Lexmark X63 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc | No |
| U | AcBtnMgr_X63.exe | AcBtnMgr_X63.exe | "Lexmark Scan & Copy Control Program" for the Lexmark X63 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc | No |
| U | AcBtnMgr_X73 | AcBtnMgr_X73.exe | "Lexmark Scan & Copy Control Program" for the Lexmark X73 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc | No |
| U | AcBtnMgr_X83 | AcBtnMgr_X83.exe | "Lexmark Scan & Copy Control Program" for the Lexmark X83 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc | No |
| U | AcBtnMgr_X84-X85 | AcBtnMgr_X84-X85.exe | "Lexmark Scan & Copy Control Program" for the Lexmark X84-X85 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc | No |
| U | acc | acc.exe | Advanced Call Center - "full-featured yet easy-to-use answering machine software for your voice modem" | No |
| X | ACCDEFRAGINFO | [path to worm] | Added by the DARBY-O WORM! | No |
| U | Accelerate | accelerate.exe | Webroot Accelerate - allows you to optimize Windows network registry settings in order to boost surfing speeds. Leave this enabled if you find it improves your connection | No |
| Y | AccelerometerSt | AccelerometerSt.exe | HP 3D DriveGuard uses a digital accelerometer protects your disk drive by parking and halting I/O requests if you drop your PC or if you move your PC with the display lid closed | No |
| Y | AccelerometerSysTrayApplet | AccelerometerSt.exe | HP 3D DriveGuard uses a digital accelerometer protects your disk drive by parking and halting I/O requests if you drop your PC or if you move your PC with the display lid closed | No |
| U | Access Connections | ACTray.exe | System Tray access to the ThinkVantage Access Connections connectivity-assistant program for IBM/Lenovo ThinkPad or 3000 Family notebook computers - "allowing users to seamlessly switch between wired and wireless environments, managing security settings, printers, home page and other location-specific settings automatically" | Yes |
| X | Access Control App | winsto.exe | Added by the AGENT.DGO TROJAN! | No |
| N | Access IBM Message Center | ibmmessages.exe | "The Access IBM Message Center displays messages to inform you about helpful software that may be pre-installed on your PC. The Message Center can also provide messages about new updates available from the IBM Support Center to keep your computer current" | Yes |
| N | Access Ramp Monitor | armon32.exe | Monitors your progress on the internet; hang-ups, connection speeds, internet congestion and traffic flow. It prevents some games from running also. To disable the Access Ramp Monitor (1) Open Windows Explorer (2) Open the Program Files folder (3) Open the MindSpring folder (4) Open the AccessRamp folder (5) Double-click on the ARMCfg32.exe file (6) Uncheck Enable Dialup Monitor and click OK (7) Restart the computer and try again | No |
| X | Access WebControl | [path to file] | Added by the PPDOOR-M TROJAN! | No |
| U | AccessManager | AccessMgr.exe | Part of SmartPipes SecureSite software. "SecureSite enables rapid turnup and enhanced administration of VPNs. It automates and simplifies tasks for VPN design and policy management, access control management, and key management" | No |
| X | AccessMedia P2P Loader | amp2pl.exe | My AccessMedia toolbar related, stealth installed! | No |
| U | AccessoriesPlus | clockplus.exe | Clock Plus, part of Accessories Plus allows you to select from dozens of alternatives for the Windows clock | No |
| N | AccessRamp Monitor01 | ARMon32a.exe | From a visitor "Just wanted to provide you with some info on Access Ramp software installed with Verizon DSL accounts in those areas that use the Winpoet PPPoE software. The Access Ramp TSRs are installed as part of IP Insight software (can't remember the software maker). You can decline to install IP Insight during Winpoet setup, or go into Add/Remove programs uninstall IP Insight by hand if it's already installed. It really doesn't do a darn thing for you. It was intended to help DSL techs monitor QoS, but the backend part was never implemented (at least as of earlier this year). This will not affect the user's ability or inability to access their DSL service." | No |
| N | AccessRampLAN01 | ARUpld32.exe | Version of the AccessRamp Monitor01 entry for LAN connections - a history uploader. The key in turning it off is a file named ARUCfg32.exe. This file (ARUCfg32.exe) does not show up in the startup process. If you have this file, you can execute it and remove all the monitoring activities it does. Removing all the checks in all the boxes (both tabs) still calls ARUpld32.exe to start when you start the dial up. You can block it from sending info if you have Zone Alarm installed. Renaming the extension of ARUCfg32.exe to ARUCfg32.exe1 works. The ARUpld32.exe is not loaded when launching the dial up client. Written by IP Insight and also included with Earthlink Total Access 2003 | No |
| Y | accrdsub | accrdsub.exe | ActivIdentity ActivClient - security software from ActivIdentity Corporation which "enables organizations to secure workstations with smart cards and smart USB tokens while enforcing strong authentication for desktop access and network login" | No |
| U | AcctMgr | AcctMgr.exe | Norton™ Password Manager - part of Norton SystemWorks 2004 - stores passwords and other personal information, and retrieves the data needed for email logins, shopping orders, banking, and other online activities - all from the safety of your own PC | No |
| N | AccuWeather.com® Desktop | AccuWeatherDesktop.exe | Desktop weather from AccuWeather | No |
| N | AccuWeatherDesktopAlerts | AccuWeatherDesktopAlerts.exe | Weather alerts for AccuWeather.com Desktop which "provides you with the most accurate, late-breaking weather conditions for the United States" | No |
| X | accwizz.exe | accwizz.exe | Added by the RULAND.A WORM! | No |
| X | accwizzz.exe | accwizzz.exe | Added by the RULAND.A WORM! | No |
| N | ACDaemon | ACDaemon.exe | Used to serve notice of product information and updates when running ArcSoft products such as TotalMedia, PhotoStudio 6 and Print Creations. Set the associated ArcSoft Connect Daemon (ACService.exe) service to Manual (via Start → Control Panel → Administrative Tools → Services) and run this entry manually via the Start menu when required | Yes |
| X | acdllib3 | bcdlmem.exe | Added by the MAILBOT-BA TROJAN! | No |
| N | ACDSee | ACDSee8Pro.exe | ACDSee 8 photo software. Organize, manage, enhance, and share all your valued photo memories | No |
| ? | Ace bows | Ace bows.exe | ?? | No |
| N | AceGain LiveUpdate | LiveUpdate.exe | "AceGain LiveUpdate can help to automate and optimize product updates. AceGain LiveUpdate will automatically detect new patch updates, driver updates or full product updates and automatically download and install them according to user configuration" | No |
| U | Acer Assist Launcher | launcher.exe | Acer Assist - program that provides information about new updates or notices from Acer | No |
| U | Acer eAP Launch Tool | EAPLAU~1.EXE | Empowering Technology Launcher, installed on Acer computer | No |
| ? | Acer Empowering Technology Monitor | SysMonitor.exe | Part of Acer Empowering Technology. What does it do and is it required? | No |
| U | Acer ePower Management | Acer ePower Management.exe | Part of Acer Empowering Technology. "Acer ePower Management is a straightforward interface that allows users to select from pre-configured power usage profiles, or to create their own customized profiles" | No |
| U | Acer ePower Management | ePowerTray.exe | Acer® PowerSmart Manager power management utility included on some models in the Aspire range of notebooks. Also appears as the Packard Bell PowerSave power management utility included on some of their notebook models - as Packard Bell is now owned by Acer | No |
| U | Acer ePower Management | ePowerTrayLauncher.exe | Launcher for the Acer® PowerSmart Manager power management utility included on some models in the Aspire range of notebooks | No |
| U | Acer ePresentation HPD | ePresentation.exe | Part of Acer Empowering Technology. Allows you to manage both internal and external displays | No |
| Y | Acer Launch Tool | Alaunch | Part of Acer eRecovery - "a powerful utility that does away with the need for recovery disks provided by the manufacturer, and also acts as a versatile standalone backup and recovery manager". This entry isn't normally running but once eRecovery starts it's used to re-install the software included with the system | Yes |
| N | Acer Product Registration | ACE1.exe | Acer Product Registration - remove when registration is completed | No |
| N | Acer Tour Reminder | Reminder.exe | Popup reminder to take the tour of your new Acer laptop | No |
| U | AcerGoto | AcerGoto.exe | Acer Computer "Goto Drive" Cold Swap Driver - a swappable second disk drive provides convenient backup of large files, or easy importation of data from user's previous computer | No |
| U | AcerNotebookManager | almxptray.exe | System Tray access on some Acer Notebooks to give faster access to system settings | No |
| U | AcerPowerkey | Powerkey.exe | PowerKey utility for Acer TravelMate notebook PCs. Allows the user to quickly switch between different power schemes by pressing Fn+F3 | No |
| X | Acess2007a | access2007a.exe | Added by the GAOBOT.PQA WORM! | No |
| X | Aceu | [random filename] | PurityScan adware | No |
| Y | acEventServ | acevtsrv.exe | ActivCard Gold from ActivIdentity, Inc. Smart card-based strong authentication software - for photo IDs, proximity badges for facility access and as digital identification and authentication | No |
| U | AClntUsr | AClntUsr.exe | Altiris AClient Service Windows Tray Icon | No |
| N | Acme.PCHButton | pchbutton.exe | Used by HP Instant Support | No |
| U | ACMonitor_X63 | ACMonitor_X63.exe | Button monitor for the Lexmark X63 all-in-one multifunction printer/copier/scanner. Works in conjunction with the "Lexmark Scan & Copy Control Program" button manager whose filename is "AcBtnMgr_X63.exe" | No |
| U | ACMonitor_X63.exe | ACMonitor_X63.exe | Button monitor for the Lexmark X63 all-in-one multifunction printer/copier/scanner. Works in conjunction with the "Lexmark Scan & Copy Control Program" button manager whose filename is "AcBtnMgr_X63.exe" | No |
| U | ACMonitor_X73 | ACMonitor_X73.exe | Button monitor for the Lexmark X73 all-in-one multifunction printer/copier/scanner. Works in conjunction with the "Lexmark Scan & Copy Control Program" button manager whose filename is "AcBtnMgr_X73.exe" | No |
| U | ACMonitor_X83 | ACMonitor_X83.exe | Button monitor for the Lexmark X83 all-in-one multifunction printer/copier/scanner. Works in conjunction with the "Lexmark Scan & Copy Control Program" button manager whose filename is "AcBtnMgr_X83.exe" | No |
| U | ACMonitor_X84-X85 | ACMonitor_X84-X85.exe | Button monitor for the Lexmark X84-X85 all-in-one multifunction printer/copier/scanner. Works in conjunction with the "Lexmark Scan & Copy Control Program" button manager whose filename is "AcBtnMgr_X84-X85.exe" | No |
| X | acocash | fastdown.exe | Adult content dialler | No |
| X | acocash | FASTFOWN.EXE | Adult content dialler | No |
| U | Acombo3dmouse | Acombo3d.exe | Mouse driver - required if you use non-standard Windows driver features | No |
| X | Aconti | aconti.exe | Adult content dialler | No |
| U | acoustic | acoustic.exe | Control panel program for Philips Acoustic Edge soundcard. Not required unless changed settings aren't retained | No |
| N | acpart | agpart11.exe | Program for finding trucks on-line | No |
| X | Acrobat | acrmon32.exe | Added by the SMALL-ECT TROJAN! | No |
| U | Acrobat Assistant | AcroTray.exe | Essential for creating PDF files with Adobe Acrobat and Acrobat Distiller. For Win9x/Me systems you can run this file manually beforehand. For WinXP systems this file must run at startup. Hence the "U" recommendation | No |
| U | Acrobat Assistant 7.0 | Acrotray.exe | Essential for creating PDF files with Adobe Acrobat and Acrobat Distiller. For Win9x/Me systems you can run this file manually beforehand. For WinXP systems this file must run at startup. Hence the "U" recommendation | No |
| U | Acrobat Assistant 8.0 | Acrotray.exe | Essential for creating PDF files with Adobe Acrobat and Acrobat Distiller. For Win9x/Me systems you can run this file manually beforehand. For WinXP systems this file must run at startup. Hence the "U" recommendation | No |
| X | Acrobat Read | acroup32.exe | Added by the VANBOT-BQ TROJAN! | No |
| N | Acrobat Speed Launch | acrobat_sl.exe | Speeds up the time it takes to load Adobe's Acrobat PDF creation and management tool. From version 7.0 onwards | No |
| U | ACROMOUSE | ACROMAPP.exe | Related to ACROMOUSE Laser mouse control | No |
| U | Acronis Popup Blocker | RunDll32.exe [path] Blocker.dll, Run | Part of Acronis Privacy Expert - anti-spyware and security suite | No |
| U | Acronis Scheduler Helper | schedhlp.exe | Part of Acronis True Image backup software. Co-operates with the "schedul2.exe" service to perform backup/restore tasks correctly. Required if you want to use True Image to do some real backup/restore tasks - not if you only want to explore/mount images | No |
| U | Acronis Scheduler2 Service | schedhlp.exe | Part of Acronis True Image - backup software. Co-operates with the "schedul2.exe" service to perform backup/restore tasks correctly. Required if you want to use True Image to do some real backup/restore tasks - not if you only want to explore/mount images | No |
| U | Acronis True Image | TimounterMonitor.exe | Part of Acronis True Image backup software. Monitor for the backup archive explorer for moving and viewing files within an archive | No |
| N | Acronis True Image Monitor | TrueImageMonitor.exe | Part of Acronis True Image - backup software. Can be disabled without affecting TrueImage | No |
| N | Acronis TrueImage Monitor | TrueImageMonitor.exe | Part of Acronis True Image - backup software. Can be disabled without affecting TrueImage | No |
| N | Acronis*True*Image Monitor | TrueImageMonitor.exe | Part of Acronis True Image - backup software. Can be disabled without affecting TrueImage | No |
| U | AcronisTimounterMonitor | TimounterMonitor.exe | Part of Acronis True Image backup software. Monitor for the backup archive explorer for moving and viewing files within an archive | No |
| N | AcronisTrueImage Monitor | TrueImageMonitor.exe | Part of Acronis True Image - backup software. Can be disabled without affecting TrueImage | No |
| X | Acroread | AcroRD32.exe | Added by the DLOADR-BDK TROJAN! Note - this is not the popular Adobe Reader | No |
| X | Acroread | GoogleUpdate.exe | Added by the AGENT-JGI TROJAN! Note - this is not a valid Google progam | No |
| U | Act! Preloader | Act8.exe | Sage Software's ACT! "enables individuals and small business customers to instantly access key contact and customer information, manage and prioritize activities, and track all contact-related communications so you can grow productive business relationships" | No |
| N | Action Manager 32 | am32.exe | Associated with a Plustech scanner. Small utility that runs in the background for doing fax/copy/etc. Available via Start -> Programs | No |
| ? | ActionAgent | actionagent.exe | "A COM server that runs on the client as part of the Dell OpenManage Client Instrumentation 6.x package; provides a simple method for a remote administrator to perform actions on the instrumented client". Is it required? | No |
| N | Activation | Activation.exe | Part of Microsoft Money | No |
| U | Activboard | MMKeybd.exe | Packard Bell ActiveBoard keyboard - multimedia keyboard manager. Required if you use the additional keys and want to see the status of the Num Lock, Caps Lock, Scroll Lock keys | No |
| U | ACTIVBOARD | ABoard.exe | Packard Bell ActiveBoard keyboard - multimedia keyboard manager. Required if you use the additional keys and want to see the status of the Num Lock, Caps Lock, Scroll Lock keys | No |
| X | Active Bit Station | abs.exe | Added by the MYTOB.BZ WORM! | No |
| N | Active CPU | acpu.exe | Active CPU - "easy to use tool for Windows 95/98/ME/NT/2000 that enables you to watch a graphical representation of your CPU's activity" | No |
| U | Active Desktop Calendar | ADC.EXE | XemiComputers Active Desktop Calendar | No |
| U | Active Email Monitor | aem25.exe | Active Email Monitor checks multiple accounts for email, serves as a SPAM filter and can also protect you from harmful items that can be sent via email | No |
| X | Active Security | asecurity.exe | Active Security rogue security software - not recommended, removal instructions here | No |
| U | Active shield | Activeshield.exe | Active Shield is "an heuristic screen that actively protects your computer from trojans, spyware, adware, trackware, dialers, keyloggers, and even some special kinds of viruses" | No |
| X | ActiveDesktop | systray32.exe | Added by the DABOOM WORM! | No |
| X | ACTIVEDS | ACTIVEDS.EXE | Added by the OPASERV.T WORM! | No |
| N | ActiveEyes | ActiveEyes.exe | ActiveEyes from TFI Technology is a small utility that you can use to liven up your desktop. It follows your mouse around and can tell you how far your cursor has travelled or point out where the cursor is. It's small, it's free and comes with a range of options and animations. Not needed - if unavailable via Start -> Programs, create your own shortcut | No |
| U | ActiveKeys.AAB635BD7D054a37A576 | akeys.exe | "Active Keys is a powerful yet easy-to-use tool for creating and managing keyboard shortcuts for any system action" | No |
| U | ActiveMenu | ActiveMenu.exe | Wild Tangent demo games that come with some HP computers. Unchecking it can prevent the games from running occasionally. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case | No |
| U | ActivePlus | activeplus.exe | Interactive Agents Plugin for Messenger Plus! (MSN Messenger add-on) | No |
| X | ActiveScan Antivirus | ActiveScan.exe | Added by the RBOT-FKQ WORM! | No |
| X | ActiveScript32 | nod.exe | Added by the SOHANA-AJ WORM! | No |
| Y | ActiveShield | mcvsshld.exe | ActiveShield - background scanner for older versions of McAfee VirusScan and the now obsolete McAfee VirusScan Online which scans files in the background as and when they are accessed, including scanning E-mails via the McAfee VirusScan E-mail Scan Module (McVSEscn.exe) | Yes |
| N | ActiveSpeed | AS.exe | Ascentive ActiveSpeed internet optimizer - not recommended, see here and here | No |
| X | ActiveSync | wcescom32.exe | Added by the MANCSYN-E TROJAN! | No |
| N | ActiveWords | AWMonitor.exe | ActiveWords from ActiveWord Systems, Inc. Like macro programs, ActiveWords sits in the background and watches as you type. When it recognizes that you've typed an ActiveWord, it takes the associated action, such as replacing your keystrokes with the text you've defined | No |
| X | ActiveX File Registration Service | filereg.exe | Added by the RBOT-DVD WORM! | No |
| X | ActiveX Streamer | msgfix.exe | Added by the SDBOT.NQ WORM! | No |
| X | ActiveXUpdate | svcss.exe | Added by a variant of the DEDLER.C TROJAN! | No |
| U | Activity | actik.exe | ActivityKey keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| N | ActivSurf | backweb*****.exe | Packard Bell ActivSurf - automatically detects an internet connection and downloads any available updates | No |
| U | ActMaker | ActMak25.exe | "ActMaker mouse and keyboard toolkit can record the daily operation of your computer and reduce your workload. You don't need to do any coding, nor are you required to know a lot about the computer" | No |
| U | ActMaker | ActMaker25.exe | ActMaker mouse and keyboard toolkit can record the daily operation of your computer and reduce your workload | No |
| U | ACTray | ACTray.exe | System Tray access to the ThinkVantage Access Connections connectivity-assistant program for IBM/Lenovo ThinkPad or 3000 Family notebook computers - "allowing users to seamlessly switch between wired and wireless environments, managing security settings, printers, home page and other location-specific settings automatically" | Yes |
| U | Actual Window Manager | ActualWindowManagerCenter.exe | Actual Window Manager from Actual Tools - "an innovative desktop organization application which introduces unconventional window controls and also automatic general window operations making your work more productive, convenient and enjoyable" | No |
| U | Actual Window Minimizer | ActualWindowMinimizerCenter.exe | Actual Window Minimizer - "allows minimizing any window to task tray notification area or to the edge of the screen" | No |
| X | ACTX1 | v1201.exe | Added by the VB.IS TROJAN! | No |
| U | ACU | ACU.exe | Atheros wireless Client Utility | No |
| U | ACU_QSB | ACU.exe | Atheros wireless Client Utility | No |
| U | ACWLIcon | ACWLIcon.exe | Part of the ThinkVantage Access Connections connectivity-assistant program for IBM/Lenovo ThinkPad or 3000 Family notebook computers - "allowing users to seamlessly switch between wired and wireless environments, managing security settings, printers, home page and other location-specific settings automatically." This is the System Tray icon giving notifications of and access to the Wireless Connection Status | Yes |
| U | Ad Arrest | adarrest.exe | Ad Arrest IE popup killer from GameFools | No |
| U | Ad Blocker | blocker.exe | Ad Blocker - blocks popups, and also removes banners, image ads and flash ads | No |
| U | Ad Blocker Pro | Ad Blocker Pro.exe | Ad Away popup and banner remover | No |
| U | Ad Muncher | AdMunch.exe | Ad Muncher removes adverts, pop-ups and general annoyances in your browser, file-sharing and messenger programs. Causes conflicts with Outlook, game sites and web-building applications | No |
| ? | Ad Online Guide | adonlineguide.exe | ?? | No |
| U | Ad-Aware | Ad-Aware.exe | Ad-Aware from Lavasoft - popular spyware/adware removal tool | No |
| X | Ad-Aware | Ad-Aware.exe | Added by the RBOT-ADJ WORM! Note - this is not the popular Ad-Aware spware/adware removal tool and is located in %System% | No |
| X | Ad-Eliminator | ad-eliminator.exe | Ad-Eliminator rogue spyware remover - not recommended, see here | No |
| U | Ad-Muncher | ADMUNCH.EXE | Ad Muncher removes adverts, pop-ups and general annoyances in your browser, file-sharing and messenger programs. Causes conflicts with Outlook, game sites and web-building applications | No |
| U | Ad-Protect | ad-protect.exe | Ad-Protect spyware and spam monitoring tool | No |
| U | Ad-watch | Ad-watch.exe | Part of Lavasoft Ad-aware Plus - realtime spyware-monitor watching your memory and registry for spyware that tries to install or change your system | No |
| U | AD2KClient | AD2KClient.exe | Executable for Active Disk from Iomega - allows software applications to be run directly from an Iomega Zip® disk. Required if you wish the applications to launch on insertion of a disk | No |
| N | Adaptec DirectCD | Directcd.exe | DirectCD primarily allows you to drag and drop files onto a suitably formatted CD-RW disc. Unless you use this on a frequent basis it isn't required and is available via Start -> Programs. Start the program before inserting a DirectCD formatted CD-RW in the drive. A re-boot is recommended if you close Adaptec DirectCD before re-opening it again later | No |
| N | AdaptecDirectCD | Directcd.exe | DirectCD primarily allows you to drag and drop files onto a suitably formatted CD-RW disc. Unless you use this on a frequent basis it isn't required and is available via Start -> Programs. Start the program before inserting a DirectCD formatted CD-RW in the drive. A re-boot is recommended if you close Adaptec DirectCD before re-opening it again later | No |
| X | AdAware | wini.exe | Added by the RBOT-XN WORM! | No |
| U | Adaware Bootup | Ad-aware.exe | Ad-Aware from Lavasoft - popular spyware/adware removal tool | No |
| X | Adaware lptt01 | adaware.exe | RapidBlaster variant (in a "Adaware" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here. Note - this is not the valid Lavasoft Adaware | No |
| X | Adaware ml097e | adaware.exe | RapidBlaster variant (in a "Adaware" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here. Note - this is not the valid Lavasoft Adaware | No |
| U | AdBin | AdBin.exe | AdBin - "Free and easy solution to managing your Window's hosts file. A fun way to block ads" | No |
| X | Add**.exe [* = random char] | Add**.exe [* = random char] | CoolWebSearch/HomeSearch adware - for examples, see this log | No |
| X | Add**32.exe [* = random char] | Add**32.exe [* = random char] | CoolWebSearch/HomeSearch adware - for examples, see this log | No |
| X | AddClass | AddClass.exe | CoolWebSearch Addclass parasite variant | No |
| X | AddClass | [Installation_Path] | Added by the STARTPAGE.F hijacker | No |
| X | AddClass | [path to trojan] | Added by the SECDL-A TROJAN! | No |
| U | AdDelete | AdDelete.exe | Banner advertisment blocker | No |
| X | AdDestroyer | AdDestroyer.exe | Virtual Bouncer - malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove, so definitely qualifies as unsolicited commercial software in itself. It also has an update feature that can download and execute arbitrary code. Warning - choose "custom" uninstall as "automatic" may remove other programs - see here | No |
| X | Additional Guard | WI[random characters].exe | Additional Guard rogue security software - not recommended, removal instructions here | No |
| X | ADDITIONAL Services | pkgadd.exe | Added by a variant of the IRCBOT TROJAN! | No |
| ? | addproxy | addproxy.exe | Related to Adobe Photoshop | No |
| ? | ADG | ADG.exe | SoundBlaster Audigy related? | No |
| N | ADGJdet | ADGJDet.exe | Added with SoundBlaster Live! or Audigy soundcards for headphone autodetection | No |
| Y | adi CleanUp | CleanUp.exe | Utility that only runs once after installing the drivers for Analog Devices SoundMax integrated soundcards to clean-up the files no longer required once the installation is complete. Other programs/drivers may use the same filename for the same purpose. In this case, the file is located in %System% and is listed under the HKLM\RunOnce registry key | Yes |
| Y | adi DSndUp | DSndUp.exe | Utility that only runs once after installing the drivers for Analog Devices SoundMax integrated soundcards. It's exact purpose is unknown at the present time but from the filename it's probably used to configure the default or generic speaker arrangement for the system it's used on | Yes |
| X | aDir | adirss.exe | Added by the SPAMSRV-E TROJAN! | No |
| Y | Adiras | Adiras.exe | ADSL USB modem related | No |
| X | adirka | adirka.exe | Added by the TIBS-QT TROJAN! | No |
| X | AdKiller | AD Defender.exe | Part of the Advanced Spyware Remover rogue spyware remover - not recommended, see here | No |
| X | adlhidp | psncc32.exe | Added by the SLAPER.AI TROJAN! | No |
| X | ADM Library Loader | admlib32.exe | Added by a variant of the SDBOT TROJAN! | No |
| X | Admanager Controller | AdManCtl.exe | Adware, probably a Windupdates variant | No |
| X | Admilli Service | AdmilliServ.exe | Windupdates adware variant | No |
| X | Administrator | svchost.scr | Added by the NOVACAL TROJAN! | No |
| X | Administrator | winlogon.exe | Added by the RUBBLE-C WORM! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup! | No |
| X | Administrator di Dago | Dago.exe | Added by the PUNYA-B WORM! | No |
| X | AdminSoft | sysfile.vbs | Added by the STARGRUB-A WORM! | No |
| ? | ADMTray.exe | admtray.exe | Part of Acer Empowering Technology. What does it do and is it required? | No |
| X | Adobe | Adobe.exe | Added by an unidentified VIRUS, WORM or TROJAN! | No |
| X | Adobe | sysconfig.exe | Added by an unidentified WORM or TROJAN! | No |
| X | adobe | gam.exe | Added by an unidentified WORM or TROJAN! | No |
| X | Adobe | sysbat32.exe | Added by the LOWZONES.T TROJAN! | No |
| X | Adobe | zteam.exe | Added by an unidentified TROJAN! | No |
| N | Adobe Acrobat | READER~1.EXE | Speeds up the time it takes to load the Adobe Reader PDF document reader. "The Speed Launcher quickly opens and closes all of the files that Acrobat or Adobe Reader will use when the application starts. Opening and closing the files allows your virus protection software to check these programs and add them to its list of safe files" - see here. Not required for Adobe Reader to function properly | No |
| N | Adobe Acrobat | Reader_sl.exe | Speeds up the time it takes to load the Adobe Reader PDF document reader. "The Speed Launcher quickly opens and closes all of the files that Acrobat or Adobe Reader will use when the application starts. Opening and closing the files allows your virus protection software to check these programs and add them to its list of safe files" - see here. Not required for Adobe Reader to function properly | Yes |
| X | Adobe Acrobat Distiller Application | acrotray.exe | Added by the RANDEX.DFJ WORM! | No |
| X | Adobe Acrobat Reader CFG | [random filename] | Added by a variant of the RBOT WORM! | No |
| N | Adobe Acrobat Speed Launcher | acrobat_sl.exe | Speeds up the time it takes to load Adobe's Acrobat PDF creation and management tool. From version 7.0 onwards | No |
| N | Adobe ARM | AdobeARM.exe | Adobe Reader Manager (ARM) - update/download manager added with Adobe Reader from version 9.2. Taken from the Adobe user forums - "AdobeARM.exe is a part of new Adobe AcrobatReader updater. If you manage updates yourself, it is absolutely safe to remove it from Run registry" - see here | No |
| X | Adobe Filter Platform | afilterplatform.exe | Added by the RBOT-OP WORM! | No |
| U | Adobe Gamma Loader | Adobe Gamma Loader.exe | Adjusts monitor colours across all programs, including Photoshop. It is needed by some graphics professionals who want their monitor calibrated. Most home users will not need it. In my case I can verify this as Photoshop loads fine | Yes |
| U | Adobe Gamma Loader.exe | Adobe Gamma Loader.exe | Adjusts monitor colours across all programs, including Photoshop. It is needed by some graphics professionals who want their monitor calibrated. Most home users will not need it. In my case I can verify this as Photoshop loads fine | No |
| N | Adobe Photo Downloader | apdproxy.exe | Part of Adobe's Photoshop Album or Photoshop Elements packages - starts each time you connect an external image device to your PC (see here) | No |
| N | Adobe Reader Speed Launch | Reader_sl.exe | Speeds up the time it takes to load the Adobe Reader PDF document reader. "The Speed Launcher quickly opens and closes all of the files that Acrobat or Adobe Reader will use when the application starts. Opening and closing the files allows your virus protection software to check these programs and add them to its list of safe files" - see here. Not required for Adobe Reader to function properly | Yes |
| N | Adobe Reader Speed Launch | READER~1.EXE | Speeds up the time it takes to load the Adobe Reader PDF document reader. "The Speed Launcher quickly opens and closes all of the files that Acrobat or Adobe Reader will use when the application starts. Opening and closing the files allows your virus protection software to check these programs and add them to its list of safe files" - see here. Not required for Adobe Reader to function properly | No |
| N | Adobe Reader Speed Launcher | Reader_sl.exe | Speeds up the time it takes to load the Adobe Reader PDF document reader. "The Speed Launcher quickly opens and closes all of the files that Acrobat or Adobe Reader will use when the application starts. Opening and closing the files allows your virus protection software to check these programs and add them to its list of safe files" - see here. Not required for Adobe Reader to function properly | Yes |
| U | Adobe Reader Synchronizer | AdobeCollabSync.exe | Adobe Synchronizer - installed along with Adobe Reader 8.x. "Synchronizer is a small application that runs in the background, providing synchronization of document reviews and Tracker subscriptions so that your data is available when you need it." See the link for more information | No |
| X | Adobe Reader32 | Acrord32.exe | Added by the RBOT-BLC WORM! Note - this is not the popular Adobe Reader | No |
| U | Adobe Version Cue CS2 | VersionCueCS2Tray.exe | File manager that's part of Adobe Creative Suite 2 - "find files fast, track versions across applications, link files together, and share them in creative collaboration without fear of overwriting someone else's work" | No |
| X | AdobeA | adobes.exe | Added by the FLOOD.BA TROJAN! | No |
| N | AdobeARM | AdobeARM.exe | Adobe Reader Manager (ARM) - update/download manager added with Adobe Reader from version 9.2. Taken from the Adobe user forums - "AdobeARM.exe is a part of new Adobe AcrobatReader updater. If you manage updates yourself, it is absolutely safe to remove it from Run registry" - see here | No |
| X | AdobeFonts | fonts.hta | Browser hijacker - redirecting to Hugesearch.net | No |
| X | AdobeManager | rundtl.exe | Added by the INJECT.IB TROJAN! | No |
| X | adobemgr | adobemgr.exe | Added by the ADCLICKER TROJAN! | No |
| X | AdobeReader | msni.exe | Added by the RBOT.DAO TROJAN! | No |
| X | AdobeReaderPro | msnxpsp.exe | Added by the RBOT-ASK or RBOT-AUS WORMS! | No |
| X | AdobeReaderPro | ntkernell32.exe | Added by the RBOT-ATY WORM! | No |
| X | AdobeReaderPro | msnserve.exe | Added by the SDBOT-AKH WORM! | No |
| X | AdobeReaderPro | updt.exe | Added by the IRCBOT-VQ WORM! | No |
| X | AdobeReaderPro | rruxdkf.exe | Added by the RBOT.ADF BACKDOOR! | No |
| X | AdobeReaderPro | svxhost.exe | Added by a variant of the RBOT WORM - see here | No |
| X | AdobeReaderPro | winslog.exe | Added by a variant of the RBOT WORM! | No |
| X | AdobeReaderPro | lxlfsprrj.exe | Added by the RBOT.BDZ BACKDOOR! | No |
| X | AdobeReaderPro | cbdzfrsl.exe | Added by the RBOT.AZQ BACKDOOR! | No |
| X | AdobeReaderPro | subset.exe | Added by the RBOT.OCU WORM! | No |
| X | AdobeReaderPro | winini.exe | Added by a variant of the RBOT WORM! | No |
| X | AdobeReaderPro | rvdjlefr.exe | Added by the RBOT-CQZ WORM! | No |
| X | AdobeReaderPro | spoolss.exe | Added by the SDBOT-AKZ WORM! | No |
| X | AdobeReaderPro | lssas.exe | Added by the RBOT-CLB WORM! | No |
| X | AdobeReaderPro | msnservex.exe | Added by the RBOT.AKM BACKDOOR! | No |
| X | AdobeReaderPro | msnsrcdv.exe | Added by the INJECT-H WORM! | No |
| X | AdobeReaderPro | chkdisk.exe | Added by the RBOT-BDV WORM! | No |
| X | AdobeReaderPro | service.exe | Added by the RBOT-BCA WORM! | No |
| X | AdobeReaderProfessional | msx64.exe | Added by the RBOT-GAT WORM! | No |
| X | AdobeReaderPros | sysmsn.exe | Added by the RBOT-BGH WORM! | No |
| N | AdobeUpdater | AdobeUpdater.exe | Automatic updater for Adobe software - run manually | No |
| N | AdobeVersionCue | VersionCueTray.exe | "An exclusive feature of the Adobe® Creative Suite, Version Cue™ helps you find files fast, track multiple versions of your files, and share your files for creative collaboration" | No |
| ? | Adobe_ID0EYTHM | VERSIO~2.EXE | Part of an Adobe product. What does it do and is it required? | No |
| X | Adobe_Reader | acrotray.exe | Added by the AGENT-LNS TROJAN! Note that the legitimate Adobe file (if installed) would normally be found in %ProgramFiles%\Adobe%\%ProgramName% (where %ProgramName% is Acrobat 9.0\Acrobat or Acrobat 7.0\Distillr for example) whereas this one is located in %ProgramFiles%\Adobe | No |
| X | adodemaster | adodemaster.exe | Downloader of Korean origin, detected as ADOD.28672 | No |
| X | Adope File Manager | lsasv.exe | Added by an unidentified WORM or TROJAN! | No |
| X | adp | adp.exe | Spyware installed by Net2Phone, Limewire, Cydoor, Grokster, KaZaa, etc | No |
| X | AdPopup | dcf5678.exe | Added by the AGENT-FZ TROJAN! | No |
| X | adprot | adprot.exe | AdBlaster adware | No |
| N | ADQuickAccess | Adtray.exe | After Dark for Windows. Screen saver creation program produced before screen savers became integrated into Win95 | No |
| X | ADriver | windrv.exe | Added by the DELF.WG TROJAN! | No |
| X | AdRoarUpdate | ARUpdate.exe | AdRoar adware updater | No |
| X | AdRotator.Application | [path to csrss.exe] | Added by the SMALL-AQ TROJAN! Note - this worm replaces the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! | No |
| X | AdRotator.Application | services.exe | FakeMessage/AdRotator adware. Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in an "Inetsrv" subfolder | No |
| X | ADS Adware Remover | ADS Adware Remover.exe | ADS Adware Remover, rogue adware remover - not recommended, see here | No |
| X | AdsBlocker | stopAds.exe | AdsBlocker - detected by NOD32 as DIALER.DW! | No |
| U | AdsCleaner | AdsCleaner.exe | "AdsCleaner is a powerful ad blocking software designed to stop ads (block banners ad, kill popup), guard your online privacy" | No |
| U | ADService | ADService.exe | Part of Active Disk from Iomega - allows software applications to be run directly from an Iomega Zip® disk. Required if you wish the applications to launch on insertion of a disk. Appears as a service in XP/Vista and under the "RunServices" registry key in Win98/ME | No |
| U | AdsGone | Adsgone.exe | AdsGone - pop-up stopper | No |
| N | ADSL Diagnostic Tools | mapiicon.exe | System tray access to ADSL modem diagnostic tools. Available via Start -> Programs | No |
| ? | ADSLSYSTEMTRAY | SystemtrayV100B.exe | Apparently Annex A ADSL modem related. What does it do and is it required? | No |
| Y | AdslTaskBar | rundll32.exe stmctrl.dll, TaskBar | ISP software, initializes DSL modem | No |
| X | AdslTaskBars | taskmng.exe | Added by the RBOT-AXZ WORM! | No |
| ? | ADSL_A2 | A2Installed | Associated with an Integrated Telecom Express (ITeX) ADSL driver installation. What does it do and is it required? | No |
| U | adsnwe | adsnwe.exe | EmailSpyMonitor E-mail surveillance software. Uninstall this software unless you put it there yourself | No |
| U | adsnwk | adsnwk.exe | Keylogger Spy Monitor keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| U | adsnws | adsnws.exe | ScreenSpyMonitor surveillance software. Uninstall this software unless you put it there yourself | No |
| U | aDSProcMngr | aDSProcMngr.exe | Part of PC Tools Disk Suite from PC Tools - which "is an all-in-one hard-disk management utility that integrates disk optimization, defragmentation and backup tools in one easy to use package". Proxy (or agent) for the Disk Suite Service. Based upon my experience, if this is disabled it does not appear to adversely affect on-demand or scheduled tasks but has a "U" recommendation as it's function isn't fully known | Yes |
| Y | ADSS | ADSS.exe | ADSS is part of Access Denied security and privacy software (Access Denied Security Server) that monitors power status and provides some other services for Screen Guard. Important to keep its running while using Access Denied | No |
| X | adstartup | automove.exe | Adlogix adware variant | No |
| X | Adstartup | Adstartup.exe | Adlogix adware | No |
| X | AdStatus Service | AdStatServ.exe | WindUpdates AdStatus Service adware | No |
| U | AdSubtract | adsub.exe | AdSubtract blocks ads, cookies, pop-up windows, animations, music, and more. Can be disabled from within AdSubtract. Available via the Start menu. Superseded by Trend Micro AntiSpyware which was subsequently discontinued | No |
| X | adtech2005 | adtech2005.exe | Detected by Kaspersky as the STARTPAGE.AW TROJAN! | No |
| X | adtech2006 | adtech2006.exe | Detected by Kaspersky as the VB.KC WORM! | No |
| X | Adtools Service | AdTools.exe | Windupdates Adware | No |
| ? | ADU | adu.exe | Related to Cisco Aironet wireless products. What does it do and is it required? | No |
| X | AdultX | AdultX.exe | Adult content dialler and hijacker | No |
| X | Adult_Chat | Adult_Chat.exe | Adult content dialler | No |
| X | Adult_Chat1 | Adult_Chat1.exe | Adult content dialler | No |
| X | AdUpdater | sysupudt.exe | Unidentified adware downloader/updater | No |
| U | ADUserMon | ADUserMon.exe | Part of Active Disk from Iomega - allows software applications to be run directly from an Iomega Zip® disk. Required if you wish the applications to launch on insertion of a disk | No |
| X | Advanced DHTML Enable | exo32.exe | Added by the RANCK-FI TROJAN! | No |
| X | Advanced DHTML Enable | [path to trojan] | Added by the AGENT.GLQ TROJAN! | No |
| X | Advanced Internet Protocol | cerf.exe | Added by a variant of the SPYBOT WORM! | No |
| X | Advanced Protection System | advpsys.exe | Added by a variant of the RBOT WORM! | No |
| X | Advanced Spyware Remover | Asr.exe | Advanced Spyware Remover rogue spyware remover - not recommended, see here | No |
| X | Advanced Spyware Remover Pro | Asr.exe | Advanced Spyware Remover rogue spyware remover - not recommended, see here | No |
| U | Advanced SystemCare 3 | AWC.exe | Advanced SystemCare from IObit - "helps protect, optimize, clean, and repair your computer and Registry." The PRO version adds automation, anti-spyware, privacy protection and performance tune-ups | No |
| X | Advanced Tool Checks | advchks.exe | Added by a variant of the RBOT WORM! | No |
| N | Advanced Tools Check | ADVCHK.EXE | Checks when you install a new version of a Norton product that you have uninstalled all previous versions. Serves as a reminder if you forget | No |
| U | Advanced Uninstaller PRO Installation Monitor | monitor.exe | Innovative Solutions Advanced Uninstaller PRO - "easy-to-use suite for uninstalling applications and keeping your computer fast, clean, and in its best shape" | No |
| X | AdvancedCleaner Free | UADC.exe | AdvancedCleaner rogue security software - not recommended | No |
| X | AdVantage | AdVantage.exe | MediaAdVantage adware | No |
| X | advap32 | [path to trojan] | Added by the MUTANT.AT TROJAN! | No |
| X | Advapi | Advapi.exe | Added by the NETDEVIL.12 WORM! | No |
| N | ADVCHK | ADVCHK.EXE | Checks when you install a new version of a Norton product that you have uninstalled all previous versions. Serves as a reminder if you forget | No |
| U | Advertising Killer | Akiller.exe | Advertising Killer - popup stopper | No |
| X | advmon32 | advmon32.exe | Added by a variant of the CRYPTER.C TROJAN! | No |
| U | Adware Agent | adware agent.exe | Adware Agent popup blocker | No |
| X | Adware Spy | AdwareSpy.exe | AdwareSpy rogue adware remover - not recommended | No |
| U | AdwareAlert | AdwareAlert.Exe | Adware program, previously not recommended (see here). It has now been delisted, so make sure you have the latest version | No |
| X | AdwareDelete | adwaredelete.exe | AdwareDelete rogue adware remover - not recommended, removal instructions here | No |
| X | AdwareKiller_schedules | schedules.exe | EAdwareKiller rogue spyware remover - not recommended, see here | No |
| X | AdwareKiller_tray | tray.exe | EAdwareKiller rogue spyware remover - not recommended, see here | No |
| X | AdwareProMFC | Ad-Ware Pro.exe | Ad-Ware Pro rogue security software - not recommended | No |
| X | AdwareProMFC | AntiTrojan Pro.exe | AntiTrojan Pro rogue security software - not recommended. Variant of Ad-Ware Pro | No |
| X | AdwareProtector | AdwareProtector.exe | Part of rogue security tools, including SystemDoctor, ErrorSafe and WinFixer | No |
| X | AdwareRemover2007 | AdwareRemover2007.exe | AdwareRemover2007 rogue security software - not recommended | No |
| X | AdwareSpy | AdwareSpy4.exe | AdwareSpy rogue adware remover - not recommended | No |
| X | Adware_ProNET | Adware_Pro.exe | Adware Pro rogue security software - not recommended, removal instructions here | No |
| X | Adwarz Spy Remover | ADWARZ.EXE | Added by the SPYBOT-EV WORM! | No |
| U | AEFltrs Application | AESTFltr.exe | Part of the XP installation of the AudioCommander user interface for Andrea USB devices - including features such as noise cancellation, graphic equalizer, echo Cancellation and beam forming. The exact purpose of this entry is unknown at present - hence the "U" recommendation | Yes |
| ? | Aeiwlsta.exe | Aeiwlsta.exe | IBM High Rate Wireless LAN Adapter driver. Is it required? | No |
| N | AELaunch | AELaunch.exe | Audio Applications Launcher for the Philips Acoustic Edge soundcard | No |
| X | AERVICESN | AERVICESN.exe | Added by the RANDON-AO WORM! | No |
| U | AESTFltr | AESTFltr.exe | Part of the XP installation of the AudioCommander user interface for Andrea USB devices - including features such as noise cancellation, graphic equalizer, echo Cancellation and beam forming. The exact purpose of this entry is unknown at present - hence the "U" recommendation | Yes |
| N | AeXAgentLogon | AeXAgentActivate.exe | Altiris Agent transmits information about your machine for the purpose of asset management and deployment | No |
| ? | AeXSWDUsr | AeXSWDUsr.exe | Altiris Express NS Client Manager software. Is it required? | No |
| U | AEZBProc | aptezbp.exe | IBM Aptiva keyboard customizer - enables certain special buttons on keyboard for CD operation, volume control, and few quickstart buttons. Keyboard will work without it but you lose the special functions | No |
| U | AFAFilter | windefault.exe | AFAFilter - internet filter software | No |
| X | afmsmsgs | afmsmsgs.exe | Added by the DLOADR-CUX TROJAN! | No |
| X | afskfask8 | fsfjasj8.exe | Added by the ONLINEG-L TROJAN! | No |
| N | AGEIA PhysX SysTray | TrayIcon.exe | System Tray access to display properties for AGEIA PhysX graphics cards. Unless you change your desktop resolution, etc, regularily use Control Panel -> Display Properties or right-click on the desktop | No |
| N | Agent | Agent.exe | Cyberlink's Power VCR II 3.0 is a TV tuner recording utility. If you want to schedule recordings you'll need this, otherwise can be disabled. Available via Start -> Programs | No |
| X | Agent | alsys.exe | Added by the DREF-V VIRUS! | No |
| X | agent | ppl.exe | Added by the DREF-U VIRUS! | No |
| X | Agent Browser | [random filename] | Added by the PPdoor.M-bdr backdoor TROJAN! | No |
| X | Agent Explorer | [random filename] | Unidentified adware | No |
| X | agent.exe | agent.exe | Part of rogue security tools, including Privacy Center, Privacy Components and Control Center | No |
| ? | Agente | Remupd.exe | Part of an older version of Panda Antivirus. Is this an update reminder (guess because of the name), virus definition update reminder or something similar? | No |
| X | agentsvr | agentsvr.exe | Detected by Kaspersky as Monker.A adware. Note - do not confuse with the Microsoft Agent Server application of the same name as described here - the legitimate file will always be located in the Windows\Msagent folder | No |
| U | Agere SoftModem Messaging Applet | AGRSMMSG.exe | Installed with the drivers for internal software modems based upon Lucent/Agere Systems chipsets - required if you use the SoftModem Assistant to configure the modem | Yes |
| U | AgfaCLnk | AgfaCLnk.exe | For Agfa digital cameras connected via USB. Enables Windows to access the contents of the memory stick (while the stick's still on the camera) via a virtual drive | No |
| X | agp | agp32.exe | Added by the GAOBOT.SY WORM! | No |
| U | AGRSMMSG | AGRSMMSG.exe | Installed with the drivers for internal software modems based upon Lucent/Agere Systems chipsets - required if you use the SoftModem Assistant to configure the modem | Yes |
| N | AGSatellite | AGSatellite.exe | Program from AudioGalaxy that lets you download some MP3s from their server. Available via Start -> Programs | No |
| U | ahfp | ahfp.exe | Advanced Hide Folders - "is powerful file security program. It allows to hide folders or hide files. Advanced Hide Folders is very useful to keep your personal data away from others. Others will not know where your personal files exist and they will not be able to accidentally view, delete or modify them either" | No |
| U | ahfprog | ahfp.exe | Advanced Hide Folders - "is powerful file security program. It allows to hide folders or hide files. Advanced Hide Folders is very useful to keep your personal data away from others. Others will not know where your personal files exist and they will not be able to accidentally view, delete or modify them either" | No |
| Y | AHNSD | AhnSD.exe | AhnLab V3 antivirus updater - leave enabled unless you manually update on a regular basis | No |
| ? | AHNUE | AHNUE.exe | ?? | No |
| X | AhorreMemoria | SysRep.exe | AhorreMemoria rogue system error and cleaning utility - not recommended. A member of the ErrClean family | No |
| X | ahost | ahost.exe | Added by a variant of the SDBOT WORM! | No |
| N | AHQInit | ahqinit.exe | Part of AudioHQ for the Soundblaster Live!. Appears as though it makes the AudioHW toolbar drop down from the top of the desktop and isn't required | No |
| X | Ahst | iebs.exe | PurityScan adware | No |
| X | AHU | [path to worm] | Added by the ANACON-B WORM! | No |
| X | AHU | ANACON.EXE | Added by the NACO.A WORM! | No |
| X | ahui32.exe | ahui32.exe | Added by the CERTIF-M TROJAN! | No |
| U | Ai Gear Help | GearHelp.exe | Included with some ASUS motherboards (such as the Maximus Extreme & Striker II Extreme), AI Gear "is a utility designed to configure and support all ASUS EPU (Energy Processing Unit) features." Provides system performance profiles to adjust CPU frequency and voltage for different computing needs. Part of AI Suite | No |
| U | Ai Nap | AiNap.exe | Included with some ASUS motherboards (such as the Maximus Extreme & Striker II Extreme), "AI Nap allows you to minimize the power consumption of your computer whenever you are away. Enable this feature for minimum power consumption and quieter system opearation." Part of AI Suite | No |
| U | Ai Quicker Help | AsRc.exe | ASUS DH Remote media portal launcher for their Digital Home range of motherboards that are designed for users to control the computer at a distance away, such as the M2N DH. "ASUS DH Remote is a convenient PC remote controller that gives users unprecedented control over their PCs from the comfort of their couches" | No |
| X | Aica | tuaa.exe | PurityScan adware | No |
| X | Aida | ttuh.exe | PurityScan adware | No |
| X | Aida | eetu.exe | PurityScan adware | No |
| ? | AidemHotKey | DVMAIN.EXE | Keyboard related | No |
| ? | AidemHotKey | KEYAPP.EXE | Keyboard related | No |
| U | aiepk | aiepk2.exe | Another IE Popup Killer - pop-up stopper | No |
| N | AIM | aim.exe | AOL Instant Messenger. If connected to the internet, automatically runs up AIM. Convenience more than anything. Available via Start -> Programs | No |
| U | AIM | AIM+.exe | AIM plus - a free add-on to AOL's Instant Messenger for Windows from Big-O Software | No |
| X | AIM Instant Message Cookies | [random filename] | Added by the RBOT-AFV WORM! | No |
| N | AIM Logger | AIMLogger.exe | AIM Logger - saves AIM (AOL Instant Messenger) conversations to log files. Can be started when you are using AIM | No |
| X | Aim Plugin | aimplugin.exe | Added by the GUAP-F WORM! | No |
| X | AIM reminder | AIM reminder.exe | Added by the BUDDY.E TROJAN! | No |
| N | Aim6 | AOLLaunch.exe | AOL Instant Messenger - start it when you want to use it | No |
| N | Aim6 | aim6.exe | AOL Instant Messenger - start it when you want to use it | No |
| X | AIM95 Startup | aim95.exe | Added by the AGOBOT.AEE WORM! | No |
| X | aimaol lptt01 | aimaol.exe | RapidBlaster variant (in a "Aimaol" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here | No |
| X | aimaol ml097e | aimaol.exe | RapidBlaster variant (in a "Aimaol" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here | No |
| U | aimb.exe" -h | aimb.exe | IMSufSentinel is a spy program which can record IM conversations, log keystrokes, record URLs visited, and take screenshots. If you didn't install this yourself remove it | No |
| N | AimingClick | AimingClick.exe | AimingClick from AimingTech. Web searching tool. Available via Start -> Programs | No |
| U | AimMonitor | AimMonitor.exe | AIM Monitor Sniffer surveillance software for the AIM instant messenger. Uninstall this software unless you put it there yourself | No |
| U | AIMPro | aimpro.exe | AIM Pro - secure instant messaging, video conferencing, on-line meetings and desktop and file sharing | No |
| N | AIMster | ?? | Peer to Peer (P2P) file sharing client that runs over the AOL Instant Messenger network. Available via Start -> Programs | No |
| N | AIMWDInstall | AIMWDInstall.exe | Version of the WildTangent on-line games installer that came with versions of AOL Instant Messenger. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case | No |
| Y | Aiptek Graphics Tablet (USB) | atwtusb.exe | USB interface for Aiptek Graphics Tablet (USB) | No |
| X | aircity | aircity.exe | Related to "Prutect" malware from e2Give | No |
| U | AirPort Base Station Agent | APAgent.exe | Airport Base Station Agent utility for Apple's AirPort wi-fi basestations. "Wireless solution for home, school, and business. As it blankets your space with a blazing-fast, secure wireless network, it opens up a world of possibilities for home entertainment, backups, printing, and more" | No |
| U | AJC Active Backup | AJCActBk.exe | AJC Active Backup from AJC Software - "Instantly backup files you change on your PC and keep multiple versions to undo" | No |
| X | AKEYNAME | WinServ.exe | Added by the EVILBOT.C TROJAN! | No |
| U | akeys | akeys.exe | "Active Keys is a powerful yet easy-to-use tool for creating and managing keyboard shortcuts for any system action" | No |
| X | akgkagaksad9 | fsakfask9.exe | Added by the ONLINEG-M TROJAN! | No |
| U | AKiller | akiller.exe | Advertising Killer - popup stopper | No |
| U | ala | ala.exe | Access Lock - "an easy-to-use system-tray security utility you can use to secure your desktop when you are away from your computer. Just configure the program, define a password and double click the Access Lock system-tray icon every time you need to disable and hide your desktop." The same program as 1 Click & Lock and Access Controller (and maybe others) - the same file for the same version is used by all programs but the filename is different in each case | Yes |
| U | ala.exe | ala.exe | Access Lock - "an easy-to-use system-tray security utility you can use to secure your desktop when you are away from your computer. Just configure the program, define a password and double click the Access Lock system-tray icon every time you need to disable and hide your desktop." The same program as 1 Click & Lock and Access Controller (and maybe others) - the same file for the same version is used by all programs but the filename is different in each case | Yes |
| U | Alarm Manager | Alarmapp.exe | Palm alarm event reminder that coordinates what is on your Palm with settings on your desktop | No |
| ? | AlarmWatcher | AlarmWatcher.exe | Associated with SynTPEnh and SynTPLpr which are from Synaptics for touchpads on laptops. What does it do and is it required? | No |
| Y | Alaunch | Alaunch | Part of Acer eRecovery - "a powerful utility that does away with the need for recovery disks provided by the manufacturer, and also acts as a versatile standalone backup and recovery manager". This entry isn't normally running but once eRecovery starts it's used to re-install the software included with the system | Yes |
| N | Album Fast Start | ABMTSR.EXE | Scanner software, not required for scanner to work | No |
| ? | AlcFDMonitor | ALCFDRTM.EXE | RealTek related - Real-Time SPDIF-in Monitor for nVidia chipset - is it required in startup? | No |
| ? | ALCFDRTM16 | ALCFDRTM16.com | RealTek related - Real-Time SPDIF-in Monitor for nVidia chipset - is it required in startup? | No |
| X | Alchem | Alchem.exe | ClickAlchemy adware | No |
| U | Alcmtr | ALCMTR.EXE | Realtek Azalia Audio - Event Monitor, installed with the XP/2K drivers for on-board Realtek HD audio codecs. Some users believe that Realtek uses this file in order to gather data about the customer but it's exact purpose is unknown and it doesn't run on an ALC885 based test system or try to access the internet. Some users report problems with their on-board sound if this is disabled - hence the "U" recommendation | Yes |
| X | Alcmtr | Malware Doctor.exe | MalwareDoc rogue security software - not recommended, removal instructions here | No |
| N | Alcohol | Alcohol.exe | Alcohol 120% - "a powerful Windows CD and DVD burning software that makes it easy to create backups of DVDs and CDs. In addition, the program lets you store your most used CDs as images on your computer, so you can call them up at the click of a button". The original can be stored in a safe place and the loading times are significantly reduced as the virtual drive is much faster | No |
| N | Alcohol 120% | Alcohol.exe | Alcohol 120% - "a powerful Windows CD and DVD burning software that makes it easy to create backups of DVDs and CDs. In addition, the program lets you store your most used CDs as images on your computer, so you can call them up at the click of a button". The original can be stored in a safe place and the loading times are significantly reduced as the virtual drive is much faster | Yes |
| N | Alcohol Soft Development Team | axcmd.exe | Part of Alcohol 120% - "a powerful Windows CD and DVD burning software that makes it easy to create backups of DVDs and CDs. In addition, the program lets you store your most used CDs as images on your computer, so you can call them up at the click of a button". This entry automatically re-loads a disk image in the virtual CD/DVD drive on a system reboot | Yes |
| N | Alcohol.exe Autorun | Alcohol.exe | Alcohol 120% - "a powerful Windows CD and DVD burning software that makes it easy to create backups of DVDs and CDs. In addition, the program lets you store your most used CDs as images on your computer, so you can call them up at the click of a button". The original can be stored in a safe place and the loading times are significantly reduced as the virtual drive is much faster | No |
| N | AlcoholAutomount | axcmd.exe | Part of Alcohol 120% - "a powerful Windows CD and DVD burning software that makes it easy to create backups of DVDs and CDs. In addition, the program lets you store your most used CDs as images on your computer, so you can call them up at the click of a button". This entry automatically re-loads a disk image in the virtual CD/DVD drive on a system reboot | No |
| ? | Alcom PCL Capture | FMW_PCAP.EXE | ?? | No |
| U | AlcWzrd | ALCWZRD.EXE | RealTek AlcWzrd Application, installed with the drivers for on-board Realtek HD audio codecs. On an ALC885 based test system it runs only once after the drivers have been installed and the startup entry is then removed. Disabling it appears to have no ill effects but it's exact purpose is unknown - hence the "U" recommendation | Yes |
| U | AlcxMonitor | Alcxmntr.exe | Installed with hardware drivers for a Realtek AC97 audio device. It's believed that Realtek uses this file in order to gather data about the customer. Some users report problems with their on-board sound if this is disabled - hence the "U" recommendation | No |
| X | aldefr ere service | tay0x.exe | Added by the RBOT-XS WORM! | No |
| X | alerter | alerter.exe | MAHA.F spyware | No |
| X | Alevir | Alevir.exe | Added by the OPASERV-A WORM! | No |
| X | AlevirOld | [worm filename] | Added by the OPASERV WORM! | No |
| N | Alexa | alexa.exe | Related to Alexa. Note - collects and stores information about the web pages you view, the data you enter in online forms and search programs and, with versions 5.0 and higher, the products you purchase online whilst using the toolbar. Although Alexa state's they do not attempt to analyze the data it may collect about you to determine who you are, some of your information collected by the software is personally identifiable. Please read the Privacy Policy. Not Recommended | No |
| X | AlexaToolbar | alt.exe | Identified by Ewido Security Suite (Ewido is now part of AVG Technologies) as the DELF.EB TROJAN! | No |
| X | AlfaCleaner | AlfaCleaner.exe | AlphaCleaner is now a stealth install using exploits on unpatched systems. Seen alongside RazeSpyware | No |
| U | AlfaClock Classic | AlfaClock.exe | AlfaClock Free Edition from AlfaSoft Research Labs - "enhances your taskbar clock (tray clock) with fully customizable clock display, alarms, time synchronization and more" | No |
| U | AlfaClock2 | AlfaClock2.exe | AlfaClock2 from AlfaSoft Research Labs -"enhances your tray clock functionality. Of course, you can customize the look, adjusting fonts, colors, backgrounds and more. But, the main goal of this program is to extend your tray clock functionality" | No |
| ? | ALFY Accellerator | AlfyAC~1.exe | ?? | No |
| X | ALG.EXE | iexplorer .exe | Added by the DEMOTRY-B WORM! | No |
| X | ALG32 | ALG32.EXE | Added by the STARTPAGE.K hijacker | No |
| X | algchk.exe | algchk.exe | Detected by Kaspersky as the VB.ATE TROJAN! | No |
| X | ALGU | ALGU.EXE | Added by the CWS-I TROJAN! | No |
| X | ALGU.exe | ALGU.exe | Added by the STARTPAGE.O TROJAN! | No |
| U | ALi5289 | ALi5289.exe | Related to Uli Integrated Drivers from Uli Electronics Inc | No |
| N | Alias SketchBook Snapshot | ALIASS~2.EXE | Screen-capture utility for Alias Sketchbook | No |
| N | AlienAutopsy | Test_BS.exe | Alienware computer technical support software | No |
| Y | ALiSndMgr | ALiSndMg.exe | ALi AC97 Sound driver | No |
| ? | AliUSBfix | GREENMK.exe | May be realted to a USB 2.0 PCI card - the IOgear GIC220OU? | No |
| X | Alive SYstem | scchost.exe | Added by the TOFDROP-B TROJAN! | No |
| X | Alive SYstem | scchostc.exe | Added by the TOFDROP-B TROJAN! | No |
| X | alkasr | ?????.exe | Added by the BALKART TROJAN! | No |
| U | All Aboard Status | stswin.exe | All Aboard! Internet Connection Sharing status icon | No |
| X | All Sea screen saver | TaskTray.exe | Free screensaver, installs lots of foistware - remove it | No |
| X | All Sea web link | FWLink.exe | Free screensaver, installs lots of foistware - remove it | No |
| N | AllerCalc | AllerCalc.exe | AllerCalc is an expression calculator which allows you to directly enter an expression to be evaluated. Can be started manually | No |
| X | Allopassw | [path to trojan] | Added by the RANKY.CU TROJAN! | No |
| U | AllSeeingEye | ase.exe | All-Seeing_Eye security software - "monitors everything that takes place on your computer, and alerts the user as soon as anything suspicious or out-of-the-ordinary is happening, providing the user with alternatives for possible actions" | No |
| U | allSnap | allSnap.exe | "allSnap is a small system tray app that makes all top level windows automatically align like they do in programs such as Winamp or Photoshop" | No |
| U | ALLTEL DSL Check-up Center | matcli.exe | "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". ALLTEL DSL Check-up Center is required to run with the Help and Support program. If you uncheck ALLTEL DSL Check-up Center and then run Help and Support it will add another ALLTEL DSL Check-up Center in the startup menu. If you remove this software in "add/remove programs" some help menus in help and support will not be available. You decide | No |
| U | AllToTray | ALLTOTRAY.EXE | AlltoTray from DNTSoft - minimize any program to your System Tray | No |
| X | ALM | csrss32.exe | Added by the ANACON-D VIRUS! | No |
| X | Alogrithm Link Queue | alq.exe | Added by a variant of the SDBOT WORM! | No |
| U | Alogserv | Alogserv.exe | From McAfee VirusScan for logging scanning activities. In some cases, if left running it can cause CPU % usage to go between 5-95% or go to and stay at 100%. Disabling it impacts on the reported last scan date. It is reported to cause jerky graphics response in many games. As of version 6, this is a critical component of McAfee and disabling it can cause a PC to lock up | No |
| U | ALPass | ALPass.exe | ALPass password manager | No |
| X | alpha | svchost.exe | Added by a variant of the DELF.IT TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! The location of this file varies | No |
| X | AlphaAnt | alpha.exe | Alpha Antivirus rogue security software - not recommended, removal instructions here | No |
| X | AlphaAV | AlphaAV.exe | Alpha Antivirus rogue security software - not recommended, removal instructions here | No |
| Y | Alps Electric USB Server | Monserv.exe | Alps Electric USB Server - required according to this article | No |
| U | AlpsPoint | Apoint.exe | Touchpad software for laptop PC's. For instance it is found on the Panasonic and Sony Vaio machines and allows part of the touchpad to be used for document or Web-page scrolling. Required for proper functioning of the pointing software but not required for the laptop to work | No |
| ? | ALServ | ALServ.exe | Altec Lansing AMS speaker related. What does it do and is it required? | No |
| X | ALTER DATA | [path] repcale.exe [path] beird.exe | Added by the IRCFLOOD.CD TROJAN! Both files are located in %System%\ccdew | No |
| X | Altnet | points manager.exe | Altnet TopSearch adware | No |
| X | AltnetPointsManager | points manager.exe | Altnet TopSearch adware | No |
| U | AltoMB_service | AltoMBsrv.exe | Alto Memory Booster from Alto Software - boost the computers performance via more intelligent and efficient memory management. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mind | No |
| U | ALTOOLS | AccessL.exe | ALTools family of PC utilities | No |
| X | AltPayments | AltPayments.exe | WeirdOnTheWeb adware | No |
| N | ALU Scheduler Service | ALUSchedulerSvc.exe | Symantec LiveUpdate scheduler for programs such as Norton AV or Internet Security | No |
| U | ALUAlert | ALUNotify.exe | Notification reminder for Symantec's LiveUpdate. Leave enabled unless you manually run LiveUpdate on a regular basis | No |
| N | Aluria Security Center | SecurityCenter.exe | Aluria Software's spyware removal tool - we can't really recommend this product as Aluria have recently partnered with WhenU, the well known adware company, see here | No |
| U | Aluria's Pop-Up Stopper | eps.exe | Aluria Pop-Stopper | No |
| N | Aluria's Spyware Eliminator | ASE.exe | Aluria Software's spyware removal tool - we can't really recommend this product as Aluria have recently partnered with WhenU, the well known adware company, see here | No |
| U | AlwaysOnTopMaker | AlwaysOnTopMaker.exe | Always On Top Maker - utilty to enable an application to always be displayed "on top" of others on the desktop | No |
| U | AlwaysReady Power Message APP | ARPWRMSG.EXE | "Away Mode" feature added with Update Rollup 2 for Windows XP Media Center Edition 2005 that allows the computer to appear off to the user while it continues to perform tasks that do not require user input, such as recording television and viewing Media Center Extender sessions. For more information see here | No |
| X | AmazingTens | AmazingTens.exe | Premium rate adult content dialler | No |
| U | AMD PowerNow! | GemBack.exe | AMD PowerNow! - "an innovative solution available on all AMD mobile processor-based notebooks that can effectively increase notebook battery life, while delivering performance on demand" | No |
| Y | amd_dc_opt | amd_dc_opt.exe | AMD Dual-Core Optimizer - "can help improve some PC gaming video performance by compensating for those applications that bypass the Windows API for timing by directly using the RDTSC (Read Time Stamp Counter) instruction" | No |
| N | America Online | aoltray.exe | Adds the AOL icon in the System Tray (*.* denotes version if present) for versions of AOL up to and including 9.0. Start AOL via the desktop or quick launch shortcuts or via Start → All Programs | Yes |
| N | America Online *.* Tray Icon | aoltray.exe | Adds the AOL icon in the System Tray (*.* denotes version if present) for versions of AOL up to and including 9.0. Start AOL via the desktop or quick launch shortcuts or via Start → All Programs | Yes |
| N | AME_CSA | rundll32 amecsa.cpl, RUN_DLL | Loads ADSL modem Control Panel applet | No |
| X | amircivil | svchost.exe… | Added by the AMIRECIVEL WORM! | No |
| U | AModemLockDown | ModemLockDown.exe | ModemLockDown - allows you to supervise internet access by disabling the modem, protects againt dialers accessing dial-up connections, etc | No |
| Y | Amon | AMON.EXE | Monitoring part of Eset's NOD32 virus-scanner | No |
| Y | Amonitor | amon.exe | Tiny Personal Firewall | No |
| U | AMO_Taskplaner.exe | AMO_Taskplaner.exe | Part of Ashampoo® Magical Optimizer from Ashampoo GmbH & Co. KG - which removes stagnant and unnecessary hard drive files, deletes Internet tracks and streamlines the registry by erasing invalid and orphaned entries. The Taskplaner automates this system optimization according to the user defined schedule and gives System Tray access to the main program | Yes |
| U | AMO_TA~1 | AMO_TA~1.EXE | Part of Ashampoo® Magical Optimizer from Ashampoo GmbH & Co. KG - which removes stagnant and unnecessary hard drive files, deletes Internet tracks and streamlines the registry by erasing invalid and orphaned entries. The Taskplaner automates this system optimization according to the user defined schedule and gives System Tray access to the main program | Yes |
| U | AMO_TA~1.EXE | AMO_TA~1.EXE | Part of Ashampoo® Magical Optimizer from Ashampoo GmbH & Co. KG - which removes stagnant and unnecessary hard drive files, deletes Internet tracks and streamlines the registry by erasing invalid and orphaned entries. The Taskplaner automates this system optimization according to the user defined schedule and gives System Tray access to the main program | Yes |
| U | AMP WinOFF | winoff.exe | WinOFF is " a utility designed to shut down Windows computers automatically, in a fully configurable way" | No |
| U | AMSG | Amsg.exe | Part of the IBM ThinkVantage Productivity Center. "The Message Center sends automatic notification on ThinkVantage Technologies integrated with your system. Once you're online" | No |
| X | amsgupdate | ams.exe | Added by a variant of the MAILBOT TROJAN! | No |
| N | AMSN | amsn.exe | aMSN Messenger is a multiplatform MSN messenger clone | No |
| X | amsn | amsn.exe | Added by the BANKER-BNZ TROJAN! | No |
| X | amva | amvo.exe | Added by the SILLYFDC-BR WORM! | No |
| N | Anapod Manager | anamgr.exe | Anapod Explorer from Red Chair Software "is the most advanced Windows iPod® software available, offering iPod® management through full Windows Explorer integration under My Computer" | No |
| X | anbv32 | nabv32.exe | Added by the TITOG.C WORM! | No |
| X | Andware Defence | Zsoft32.exe | Added by the GAOBOT.OO WORM! | No |
| X | angeleyes | msdll.exe | Added by the VB.PI TROJAN! | No |
| Y | ANIWZCS2Service | WZCSLDR2.exe | ALPHA Networks wireless driver | No |
| ? | ANIWZCSService | WZCSLDR.exe | D-Link wireless PCI adapter related. In some cases reported to cause excessive CPU activity | No |
| ? | AnnotateCheck | AnnCheck.exe | Genius Wizard Pen Tablet driver related. Is it required? | No |
| N | Announcements | Annclist.exe | MS WebTV for Windows. Used to display TV on your PC via a compatible video card with in-built tuner (such as ATI All-In-Wonder). If you don't use it - uninstall it | No |
| N | Anntext | Anntext.exe | Caere Pagekeeper text annotation server | No |
| U | AnonymityGateway | Anonymity Gateway.exe | Anonymity Gateway - privacy protection tool that conceals IP address preventing your surfing habits and your internet activity form being tracked by websites or Internet Service Providers | No |
| U | Anonymizer Total Net Shield | AnonTns.exe | Anonymizer Total Net Shield - ID protection and privacy software | No |
| Y | ANONYMIZER_SPYWAREKILLER | SpyWareKiller.exe | Anonymizer Spyware Killer, which was superseded by Anti-Spyware but is now discontinued | No |
| Y | ANONYMIZER_SPYWAREKILLER | AnonAntiSpyware.exe | Anonymizer Anti-Spyware - now discontinued | No |
| U | Another Internet Explorer Popup Killer | aiepk2.exe | Another IE Popup Killer - pop-up stopper | No |
| X | ansjava | [path to worm] | Added by the RANDON-AN WORM! | No |
| X | Anskya | PYSKY.NET.exe | Added by the DLOADER-MW TROJAN! | No |
| X | Answer Problem | dSAFsqs.exe | Added by the SDBOT-SC WORM! | No |
| U | AnswerTool | AnswerTool.exe | AnswerTool - save your E-mail replies in AnswerTool, then reuse them again and again | No |
| X | Anti | Isass.exe | Added by the BROPIA.K WORM! | No |
| X | Anti Spam Service | spamsvc.exe | Added by the MYTOB-BK WORM! | No |
| N | Anti-Blaxx Manager | Anti-Blaxx.exe | Anti-Blaxx - bypass blacklistings from different copy protections bypassing methods like virtual CD or DVD drives | No |
| U | Anti-keylogger check | antikey.exe | Anti-keylogger - protects against keylogger programs monitoring your keystrokes | No |
| U | Anti-Trojan-Watch | ATWatch.exe | Anti-Trojan Watch - trojan detector | No |
| X | Anti-Virus | vpms.exe | Added by a variant of the SLAPER TROJAN! | No |
| X | Anti-Virus | [random filename].exe | Added by the CAPROBAD-A TROJAN! | No |
| X | Anti-Virus Product Sync | [unprintable character][3 characters]log.exe | Added by the KEDEBE.D WORM! | No |
| X | Anti-Virus Update Scheduler | [path to trojan] | Added by the SPAMMIT-A TROJAN! | No |
| X | Anti-Virus Update Scheduler | winsp3.exe | Malware - detected by Kaspersky as the AGENT.FP TROJAN! | No |
| X | Anti-Virus Update Scheduler V1.39.12R | [path to trojan] | Added by the HEPLANE or STAPREW.B TROJANS! - different filenames have been spotted; examples: msvc.exe, kaspersky.exe, nrton.exe, wins.exe, gah32.exe, 1.tmp, syste.exe, alg.exe, socks.exe, winxpsp2.exe, tek9.exe, sks.exe, hihi.exe, s.exe, xps2.exe, dns2.exe, ikav32.exe and more... | No |
| X | AntiAdd.exe | AntiAdd.exe | AntiAdd rogue security software - not recommended, removal instructions here. A member of the AntiAID family | No |
| X | AntiAID | AntiAID.exe | AntiAID rogue security software - not recommended, removal instructions here. There are number of variants in this family sharing the same user interface - see here | No |
| X | AntiClicker | SVCHST32.EXE | Added by the CBH TROJAN! | No |
| U | antidialer.co.uk | Dialer_Watcher.exe | Dialer_Watcher is an application that allows you to detect dialers on your computer | No |
| Y | AntiFreeze | AntiFreeze.exe | AntiFreeze from Resplendence Software Projects - "offers a last recourse when you find your computer in a hung state". If your system has hung and AntiFreeze is running, a hotkey combination will suspend all but critical processes and allow you to save or recover your work | Yes |
| X | antihost | ahr.exe | Added by the BANCBAN-QJ TROJAN! | No |
| X | AntiKeep | AntiKeep.exe | AntiKeep rogue security software - not recommended, removal instructions here. A member of the AntiAID family | No |
| X | AntiKeep.exe | AntiKeep.exe | AntiKeep rogue security software - not recommended, removal instructions here. A member of the AntiAID family | No |
| X | AntiMalware | AntiMalware.exe | AntiMalware rogue security software - not recommended, removal instructions here | No |
| X | AntiMalwareGuard | amg.exe | AntiMalwareGuard rogue security software - not recommended, removal instructions here | No |
| X | AntiMalwareSuite | AMS.exe | AntiMalwareSuite rogue security software - not recommended, removal instructions here | No |
| X | AntiMalware_ProNET | AntiMalware_Pro.exe | AntiMalware Pro rogue security software - not recommended, removal instructions here | No |
| U | AntiPopUp | AntiPopUp.exe | AntiPopUp for IE - pop-up stopper | No |
| X | AntiSpionage | pgs.exe | AntiSpionage, German rogue security software - not recommended. A member of the AVSystemCare family | No |
| X | AntiSpionagePro | pgs.exe | AntiSpionagePro, German rogue security software - not recommended. A member of the AVSystemCare family | No |
| X | antispy | ANTIVIR.exe | IE AntiVirus rogue security software - not recommended, removal instructions here | No |
| X | antispy | ANTIVIRUS.exe | IE AntiVirus rogue security software - not recommended, removal instructions here | No |
| X | antispy | ieav.exe | IE AntiVirus rogue security software - not recommended, removal instructions here | No |
| X | antispy | scan.exe | IE AntiVirus rogue security software - not recommended, removal instructions here | No |
| X | AntiSpy2008 | AntiSpy2008.exe | Antispy 2008 rogue spyware remover - not recommended, removal instructions here | No |
| X | AntiSpyBoss | asb32.exe | AntiSpyBoss rogue security software - not recommended, removal instructions here | No |
| X | AntiSpyCheck | AntiSpyCheck.exe | AntiSpyCheck rogue spyware remover - not recommended, removal instructions here | No |
| X | AntiSpyCheck 2.1 | AntiSpyCheck 2.1.exe | AntiSpyCheck rogue spyware remover - not recommended, removal instructions here | No |
| X | AntiSpyCheck 2.1.0 | AntiSpyCheck.exe | AntiSpyCheck rogue spyware remover - not recommended, removal instructions here | No |
| X | AntiSpyGuard | AntiSpyGuard.exe | AntiSpyGuard rogue security software - not recommended, removal instructions here | No |
| X | AntiSpyKit | AntiSpyKit 5.3.exe | AntiSpyKit rogue spyware remover - not recommended, removal instructions here | No |
| X | AntiSpyKit 5.2 | AntiSpyKit 5.2.exe | AntiSpyKit rogue spyware remover - not recommended, removal instructions here | No |
| X | AntiSpyKit 5.3 | AntiSpyKit 5.3.exe | AntiSpyKit rogue spyware remover - not recommended, removal instructions here | No |
| X | AntiSpyMon | AntiSpyMon.exe | Antispyware Protector rogue security software - not recommended | No |
| X | antispysoldier | antispysoldier.exe | AntiSpyware Soldier rogue spyware remover - not recommended, removal instructions here | No |
| X | AntispySpider | antispyspider.exe | AntiSpySpider rogue spyware remover - not recommended, removal instructions here | No |
| X | AntispyStorm | AntispyStorm.exe | AntispyStorm rogue security software - not recommended, removal instructions here | No |
| X | AntiSpyware | AntiSpyware.exe | AntiSpywareApp rogue spyware remover - not recommended, see here | No |
| X | AntiSpyware Pro | AntiSpyware Pro.exe | AntiSpyware Pro 2009 rogue spyware remover - not recommended, removal instructions here | No |
| X | Antispyware PRO XP | asproxp.exe | AntiSpyware Pro XP rogue spyware remover - not recommended, removal instructions here | No |
| Y | AntiSpyWare2Guard | AntiSpyWare2Guard.exe | Part of Ashampoo® AntiSpyWare 2 from Ashampoo GmbH & Co. KG. This part is the realtime monitor that looks for changes on the users system such as BHO, Winsock LSPs, Windows Hosts file, Autostart entries, etc | Yes |
| X | AntiSpyware3000.exe | antispyware.exe | AntiSpyware 3000 rogue spyware remover - not recommended, removal instructions here | No |
| X | AntiSpywareBot | AntiSpywareBot.exe | AntiSpywareBot rogue spyware remover - not recommended | No |
| X | AntiSpywareControl | pgs.exe | AntiSpywareControl rogue security software - not recommended. A member of the AVSystemCare family | No |
| X | AntispywareD | AntispywareD.exe | AntiSpywareDeluxe rogue security software - not recommended, removal instructions here | No |
| X | AntiSpywareExpert | ase.exe | AntiSpywareExpert rogue security software - not recommended, removal instructions here | No |
| X | AntiSpywareGuard | asg.exe | AntiSpywareGuard rogue spyware remover - not recommended, removal instructions here | No |
| X | AntiSpywareMaster | asm.exe | AntiSpywareMaster rogue security software - not recommended, removal instructions here | No |
| X | AntiSpywareShield | AntiSpywareShield.exe | AntiSpywareShield rogue security software - not recommended, removal instructions here | No |
| X | AntiSpywareSuite | pgs.exe | AntiSpywareSuite rogue security software - not recommended. A member of the AVSystemCare family | No |
| X | AntiSpywareXP 2009 | AntiSpywareXP2009.exe | AntiSpywareXP 2009 rogue spyware remover - not recommended, removal instructions here | No |
| X | AntiTroy | AntiTroy.exe | AntiTroy rogue security software - not recommended, removal instructions here. A member of the AntiAID family | No |
| X | AntiTroy.exe | AntiTroy.exe | AntiTroy rogue security software - not recommended, removal instructions here. A member of the AntiAID family | No |
| X | AntiVer2008 | pgs.exe | AntiVer2008, French rogue security software - not recommended. A member of the AVSystemCare family | No |
| X | AntiVermeans | AntiVermeans.exe | Variant of the Antivermins rogue security software - not recommended, removal instructions here | No |
| X | AntiVermins | AntiVermins.exe | Antivermins rogue security software - not recommended, removal instructions here | No |
| X | AntiVermins 3.0 | AntiVermins 3.0.exe | Antivermins rogue security software - not recommended, removal instructions here | No |
| X | AntiVermins 3.3 | AntiVermins 3.3.exe | Antivermins rogue security software - not recommended, removal instructions here | No |
| X | AntiVerminser | AntiVerminser.exe | Variant of the Antivermins rogue security software - not recommended, removal instructions here | No |
| X | AntiVerminsPro | AntiVerminspro.exe | Antivermins rogue security software - not recommended, removal instructions here | No |
| X | antiviirus | antiviirus.exe | Added by a variant of the AGENT.KEU TROJAN! | No |
| X | Antivir | svchst.exe | Added by the RAGRUK-A TROJAN! | No |
| X | AntiVir | scvhost.exe | Added by the AGENT-DSF TROJAN! | No |
| X | AntiVir | winlog.exe | Added by the IRCBOT-TJ TROJAN! | No |
| X | AntiVir | smss.exe | Added by the DWNLDR-GWE TROJAN! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %ProgramFiles% | No |
| Y | AntiVir XP | AVwin.exe | AntiVir® PersonalEdition Classic - antivirus | No |
| X | Antivir64 | Antivir64.exe | Antivir64 rogue spyware remover - not recommended, removal instructions here | No |
| X | AntiviralGolden | AntiviralGolden.exe | AntiviralGolden rogue security software - not recommended, removal instructions here | No |
| X | AntiVirGear 3.7 | AntiVirGear 3.7.exe | AntiVirGear rogue security software - not recommended, removal instructions here | No |
| X | AntiVirGear 3.8 | AntiVirGear 3.8.exe | AntiVirGear rogue security software - not recommended, removal instructions here | No |
| X | AntiVirProtect | AntiVirProtect.exe | AntiVirProtect rogue security software - not recommended, removal instructions here | No |
| X | Antivirus | av.exe | Added by the SINKIN TROJAN! Resets IE start page to realphx.com | No |
| X | Antivirus | maja.exe | Added by the NETSKY.H WORM! | No |
| X | Antivirus | iexpl0res.exe | Added by an unidentified WORM or TROJAN! | No |
| X | AntiVirus | kaspery.exe | Added by a variant of the RBOT WORM! | No |
| X | AntiVirus | AntiVirus.exe | Added by the BANKER-EHB TROJAN! | No |
| X | Antivirus | Antvrs.exe | AntiVirus 2008 rogue security software - not recommended, removal instructions here | No |
| X | Antivirus | avm.exe | Antivirus Master rogue security software - not recommended, removal instructions here | No |
| X | Antivirus | vav.exe | Vista Antivirus 2008 rogue security software - not recommended, removal instructions here | No |
| X | Antivirus | aav.exe | Advanced Antivirus rogue security software - not recommended, removal instructions here | No |
| X | ANTIVIRUS | AVS.exe | Antivirus Sentry rogue security software - not recommended, removal instructions here | No |
| X | ANTIVIRUS | microAV.exe | Micro Antivirus 2009 rogue security software - not recommended, removal instructions here | No |
| X | Antivirus | MSA.exe | MS Antivirus rogue security software - not recommended, removal instructions here | No |
| X | ANTIVIRUS | UltraAV.exe | Ultra Antivirus 2009 rogue security software - not recommended, removal instructions here | No |
| X | Antivirus | xpa.exe | Xpert Antivirus Enterprise rogue security software - not recommended, removal instructions here | No |
| X | Antivirus | SPP.exe | Spyware Preventer rogue security software - not recommended, removal instructions here | No |
| X | Antivirus 2009 | av2009.exe | AntiVirus'09 rogue security software - not recommended, removal instructions here | No |
| X | Antivirus 2009 plus | Antivirus 2009 plus.exe | AntiVirus Plus rogue security software - not recommended, removal instructions here | No |
| X | Antivirus Agent Pro | aap.exe | Antivirus Agent Pro rogue security software - not recommended, removal instructions here | No |
| X | Antivirus Installer | [path to trojan] | Added by the BADGENT-A TROJAN! | No |
| X | Antivirus PC 2009 | avpc2009.exe | Antivirus PC 2009 rogue security software - not recommended, removal instructions here | No |
| X | Antivirus Pro 2009 | AntivirusPro2009.exe | AntiVirus Plus rogue security software - not recommended, removal instructions here | No |
| X | Antivirus Pro 2010 | AntivirusPro_2010.exe | Antivirus Pro 2010 rogue security software - not recommended, removal instructions here | No |
| X | AntiVirus Process | virprot.exe | Added by a variant of the SDBOT WORM! | No |
| X | Antivirus Protection Services | ccapp2.exe | Added by the RBOT.EXI WORM! | No |
| X | AntiVirus Update | updates.exe | Added by the RBOT-JF WORM! | No |
| X | AntiVirus Update | antivirus.exe | Added by the RBOT-IF WORM! | No |
| X | Antivirus Updates | avupdchk.exe | Added by the AGOBOT-IP WORM! | No |
| X | Antivirus-2008.exe | Antivirus-2008.exe | Antivirus 2008 rogue security software - not recommended. Detected by Sophos as the FAKEAV-BK TROJAN! | No |
| X | antivirus-2008pro.exe | antivirus-2008pro.exe | Antivirus 2008 PRO rogue security software - not recommended. Detected by Sophos as the FAKEAV-AW TROJAN! | No |
| X | Antivirus-Golden | Antivirus-Golden.exe | Antivirus-Golden rogue security software - not recommended | No |
| X | Antivirus.exe | Antivirus.exe | Antivirus rogue security software - not recommended, removal instructions here | No |
| X | Antivirus2008y | antvrs.exe | AntiVirus 2008 rogue security software - not recommended, removal instructions here | No |
| X | antivirus32 | antivirus.exe | Added by the SPYBOT.KAI WORM! | No |
| X | AntivirusBEST | Installer.exe | Installer for the AntivirusBEST rogue security software - not recommended. Removal instructions here | No |
| X | AntivirusBEST | abest.exe | AntivirusBEST rogue security software - not recommended, removal instructions here | No |
| X | AntivirusFiable | pgs.exe | AntivirusFiable, French rogue security software - not recommended. A member of the AVSystemCare family | No |
| X | AntivirusForAll | pgs.exe | AntivirusForAll rogue security software - not recommended. A member of the AVSystemCare family | No |
| X | AntivirusGold | AntivirusGold.exe | AntivirusGold rogue security software - not recommended, removal instructions here | No |
| X | AntivirusGold 5.1 | AntivirusGold 5.1.exe | AntivirusGold rogue security software - not recommended, removal instructions here | No |
| X | AntiVirusLab2009 | AntiVirusLab2009.exe | Antivirus Lab 2009 rogue security software - not recommended, removal instructions here | No |
| X | AntivirusOrdi | pgs.exe | AntivirusOrdi, French rogue security software - not recommended. A member of the AVSystemCare family | No |
| X | AntivirusPCPakke | pgs.exe | AntivirusPCPakke, Danish rogue security software - not recommended. A member of the AVSystemCare family | No |
| X | AntivirusPCSuite | pgs.exe | AntivirusPCSuite rogue security software - not recommended. A member of the AVSystemCare family | No |
| X | Antiviruspertutti | pgs.exe | Antiviruspertutti rogue security software - not recommended. A member of the AVSystemCare family | No |
| X | AntiVirusPro | AntiVirusPro.exe | Anti Virus Pro rogue security software - not recommended | No |
| X | AntiVirusProMFC | Antivirus Pro.exe | AntiVirus Pro rogue security software - not recommended | No |
| ? | AntiVirusProtection | qumk.exe | ?? | No |
| X | AntivirusProtection | antivirusprotection.exe | Antivirus Protection rogue security software - not recommended, removal instructions here | No |
| X | Antivirusscherm | pgs.exe | Antivirusscherm, Dutch rogue security software - not recommended. A member of the AVSystemCare family | No |
| X | AntivirusXP.exe | AntivirusXP.exe | Antivirus XP Pro rogue security software - not recommended, removal instructions here | No |
| X | AntiVirus_ProNET | AntiVirus_Pro.exe | AntiVirusPro rogue security software - not recommended, removal instructions here | No |
| X | AntiVituS | Base.exe | Added by the BAS.A WORM! | No |
| X | antiware | elite***32.exe [*** = random char] | Added by the DLOADER-HW TROJAN! | No |
| U | AntiWindowsMessenger | AntiMsMsg.exe | Anti-Windows_Messenger is a small application that prevents Windows Messenger from remaining resident in memory | No |
| X | AntiWorm2008 | pgs.exe | AntiWorm2008 rogue security software - not recommended. A member of the AVSystemCare family | No |
| X | anti_troj | anti_troj.exe | Malware installed by different rogue security software including SpyKillerPro. Also detected as the LODEAR.D TROJAN! | No |
| U | AnVir | AnVir.exe | AnVir Task Manager - "is a tool that controls everything running on computer and provides Windows enhancements that help in every-day work". Monitors and manages startup programs, processes and services. Also includes system tweaks, security risks, tray icons for monitoring CPU/memory/HDD and other utilities | Yes |
| U | AnVir Security Suite | AnVir.exe | AnVir Security Suite - "is a tool that controls everything running on computer and provides Windows enhancements that help in every-day work". Monitors and manages startup programs, processes and services. Also includes system tweaks, security risks, tray icons for monitoring CPU/memory/HDD and other utilities. This version includes an antivirus scanner and anti-rootkit tool | Yes |
| U | AnVir Task Manager | AnVir.exe | AnVir Task Manager - "is a tool that controls everything running on computer and provides Windows enhancements that help in every-day work". Monitors and manages startup programs, processes and services. Also includes system tweaks, security risks, tray icons for monitoring CPU/memory/HDD and other utilities | Yes |
| U | AnVir Task Manager Free | AnVir.exe | AnVir Task Manager Free - "is a tool that controls everything running on computer and provides Windows enhancements that help in every-day work". Monitors and manages startup programs, processes and services. Also includes system tweaks, security risks, tray icons for monitoring CPU/HDD and other utilities | Yes |
| U | AnVir Task Manager Pro | AnVir.exe | AnVir Task Manager Pro - "is a tool that controls everything running on computer and provides Windows enhancements that help in every-day work". Monitors and manages startup programs, processes and services. Also includes system tweaks, security risks, tray icons for monitoring CPU/memory/HDD and other utilities | Yes |
| U | anvshell | anvshell.exe | System Tray tool for ASUS video cards. If disabled you lose all the ASUS specific video card options in Control Panel -> Display Properties -> Advanced as well as the System Tray shortcuts toolbar | No |
| X | AnvTrgr | AnvTrgr.exe | AntivirusTrigger rogue security software - not recommended, removal instructions here | No |
| U | Any To-Do List | anytodo.exe | Any To-Do List "the ultimate software solution to keep yourself organized and reminded" | No |
| ? | anycom bluetooth | ftflauncher.exe | Associated with an Anycom bluetooth wireless card. What does it do and is it required? | No |
| U | AnyDVD | AnyDVD.exe | AnyDVD - descrambles DVD-Movies automatically in the background and the DVD appears unprotected and region code free. Also removes prohibited operations from the DVD such as skipping adverts - hence the "U" recommendation | No |
| U | AnyDVD | AnyDVDtray.exe | System Tray access to AnyDVD from SlySoft - which descrambles DVD-Movies automatically in the background and the DVD appears unprotected and region code free. Also removes prohibited operations from the DVD such as skipping adverts | No |
| X | anything | ATITAX.exe | Added by the FORBOT-DP WORM! | No |
| U | AnyTime | Atw.exe | AnyTime Organizer Deluxe from Individual Software Inc - "all the tools you need to organize your calendar, to-do list, and address book are combined in a familiar interface with hundreds of printable calendars, detailed expense reports, and a full range of programmable alarms" | No |
| U | AnyTime Organizer | AtDem.exe | AnyTime Organizer Deluxe from Individual Software Inc - "all the tools you need to organize your calendar, to-do list, and address book are combined in a familiar interface with hundreds of printable calendars, detailed expense reports, and a full range of programmable alarms" | No |
| U | AnyTime Organizer | Atw.exe | AnyTime Organizer Deluxe from Individual Software Inc - "all the tools you need to organize your calendar, to-do list, and address book are combined in a familiar interface with hundreds of printable calendars, detailed expense reports, and a full range of programmable alarms" | No |
| N | AO Tray | AOTray.Exe | System Tray application for AOpen soundcards. Can be run manually via Start -> Settings -> Control Panel | No |
| Y | aol | avp.exe | AOL's Active Virus Shield (by Kaspersky) - found in an AOLActive Virus Shield sub-directory | No |
| N | AOL | AOL.exe | Fast Start loads the AOL integrated email, instant messenger and web browser software in the background when you turn on your computer. This feature lets you quickly open AOL | Yes |
| X | AOL 9.0 Optimized | AOLClient.exe | Added by the SPYBOTER.A TROJAN! | No |
| U | AOL Broadband Check-Up | matcli.exe | "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". The AOL Self Support Tool is required to run with the Help and Support program. If you uncheck AOL and and then run Help and Support it will add another AOL entry in the startup menu. If you remove this software in "add/remove programs" some help menus in help and support will not be available. You decide | No |
| U | AOL Companion | companion.exe | The AOL Companion is a small window that appears when you connect to the service using verison 8.0 and early builds of version 9.0. "Use the Companion to quickly get to your favourite features, including your Buddy List, Favourite Places, Address Book, and more!" | Yes |
| X | Aol Configuration Loader | aimsng.exe | Added by the SDBOT-XE WORM! | No |
| N | AOL Fast Start | AOL.exe | Fast Start loads the AOL integrated email, instant messenger and web browser software in the background when you turn on your computer. This feature lets you quickly open AOL | Yes |
| X | AOL Instant Messanger | aim.exe | Added by the SDBOT-YT WORM! Note - this is not the popular AOL Instant Messenger utility | No |
| X | AOL Instant Messengar | aol.exe | Added by the AGOBOT-FN WORM! | No |
| X | AOL Instant Messenger | AlM.EXE | Added by unidentified malware. Note - there ia a lower case "L" between the A and M in the filename | No |
| X | Aol Instant Messenger | aolmsg.exe | Added by the KELVIR.AL WORM! | No |
| X | AOL Instant Messenger | aimsgr.exe | Added by the IRCBOT.N TROJAN! | No |
| X | AOL Instant Messenger 7.213 | aim9283.exe | Added by the SDBOT-ZF WORM! | No |
| X | AOL Instant Messenger dll runtime | MSAOL32dll.exe | Added by the RBOT-ATA WORM! | No |
| X | Aol Instant Messenger Fix | aolfix.exe | Added by the SDBOT-ABJ WORM! | No |
| X | AOL Messenger | [random filename] | Added by an unidentified VIRUS, WORM or TROJAN! | No |
| X | AOL Messenger | aolmsngr.exe | Added by the SDBOT-JF WORM! | No |
| X | AOL Messenger Optimized | AOLOpt.exe | Added by the AOLOPT TROJAN! | No |
| N | AOL Service Libraries | AOLSoftware.exe | Quoted from AOL Beta Team, "Manages a component essential to the operation of most current AOL software, client or not. You should be able to remove it from Startup (it'll just load when Explorer is launched, which will extend load time a bit), but do leave it on your system" | No |
| X | AOL Services Hosts | aolserviceshosts.exe | Added by an unidentified WORM or TROJAN! | No |
| U | AOL Spyware Protection | AOLSP Scheduler.exe | AOL's spyware protection program | No |
| U | AOL TopSpeedMonitor | aoltsmon.exe | AOL's TopSpeed "web-acceleration technology speeds up your web-browsing experience by storing and reusing elements of web pages that you visit, so pages appear much quicker on your next visit". Most important for those users who still access AOL via dial-up. Starts via a registry "RunServices" key on Windows 98/Me and as a service on Windows 2K/XP/Vista | No |
| Y | AolAcsDaemon1 | Acsd.exe | AOL Connectivity Service - automatically restores the connection to AOL should you lose it while online. Negates having to go through the procedure of signing back on manually. This version is obsolete and has been replaced by AOLACSD.EXE so update your version of AOL. Starts via a registry "RunServices" key on Windows 98/Me and as a service on Windows 2K/XP/Vista | No |
| Y | AolAcsDaemon1 | AOLACSD.EXE | AOL Connectivity Service - automatically restores the connection to AOL should you lose it while online. Negates having to go through the procedure of signing back on manually. Starts via a registry "RunServices" key on Windows 98/Me and as a service on Windows 2K/XP/Vista | No |
| ? | AOLCC | ACCAgnt.exe | AOL ISP software related, file located in a "AOL Computer Check-Up" folder. What does it do and is it required? | No |
| X | AolCon | config.com | Added by the TAPLAK WORM! | No |
| N | AOLDialer | AOLDial.exe | AOL ISP software dialer - can be activated through a desktop shortcut | No |
| N | AolFix | AolFix.exe | Run on Gateway Astra computers, and maybe a few others. Designed to repair a bad registry key in Gateway computers that would not allow AOL to run correctly. Not seen much any more and should only run once | No |
| X | AOLRegKey32 | AOREGSVR512.EXE | Unidentified malware - see here | No |
| ? | AOLSAV | AOLAgent.exe | AOL ISP related. What does it do and is it required? | No |
| N | AOLSoftware | AOLSoftware.exe | Quoted from AOL Beta Team, "Manages a component essential to the operation of most current AOL software, client or not. You should be able to remove it from Startup (it'll just load when Explorer is launched, which will extend load time a bit), but do leave it on your system" | No |
| X | AOLStart | AOLStart.exe | Added by the KRAIMER.12 TROJAN! | No |
| X | aolupdater.exe | aolupdater.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | Aornum | aornum.exe | Installed along with iWon Prize Machine. Based upon their privacy statement this can be regarded as spyware | No |
| N | AOTray | AOTray.Exe | System Tray application for AOpen soundcards. Can be run manually via Start -> Settings -> Control Panel | No |
| X | aouei | sysrtmvs.exe | Chivio dialer | No |
| Y | APC UPS Status | Display.exe | APC PowerChute® Personal Edition status icon | No |
| X | APCProtect.exe | APCProtect.exe | APCProtect rogue security software - not recommended, removal instructions here. A member of the AntiAID family | No |
| U | APC_SERVICE | mainserv.exe | APC PowerChute® Personal Edition - "safe system shutdown software with sophisticated power management functions." Appears as a service in XP/Vista and under the "RunServices" registry key in Win98 | No |
| Y | apc_tray | apc_tray.exe | Part of the APC UPS software loaded with the BACK-UPS CS 350 unit. Required to monitor the APC unit in case of power failure | No |
| X | APD123 | APD123.exe | PacerD Media/Pacimedia.com adware | No |
| X | aphex | aphex.exe | Added by the IRCBOT-OH TROJAN! | No |
| X | Api**.exe [* = random char] | Api**.exe [* = random char] | CoolWebSearch/HomeSearch adware - for examples, see this log | No |
| X | Api**32.exe [* = random char] | Api**32.exe [* = random char] | CoolWebSearch/HomeSearch adware - for examples, see this log | No |
| X | API32 | api32.exe | Added by the IRCBOT-B TROJAN! | No |
| X | APIClass | lexplore_.exe | Added by the MSNOPT-A TROJAN! | No |
| X | APIMon | apimonx.exe | Added by the TIBSER.A downloader TROJAN! | No |
| X | APIMon | winapix.exe | Added by a variant of the TIBSER.A downloader TROJAN! | No |
| X | APIMon | msreg.exe | Added by the DROPPER.Z TROJAN! | No |
| X | apisvc.exe | apisvc.exe | Added by a variant of the LAMEBOT TROJAN! | No |
| U | APL | APL.exe | Sage Software's ACT! The application pre-loader (apl.exe) is a self contained executable that pre-loads the necessary .NET framework and ACT! 2005 assemblies. This pre-loading of assemblies enhances ACT! startup, view load and dialog load times in some areas of the application | No |
| ? | Apmsrv9x | APMSRV9X.EXE | Intel AnyPoint Wireless II Home Network related. Now discontinued. What does it do and is it required? | No |
| U | Apoint | Apoint.exe | Touchpad software for laptop PC's. For instance it is found on the Panasonic and Sony Vaio machines and allows part of the touchpad to be used for document or Web-page scrolling. Required for proper functioning of the pointing software but not required for the laptop to work | No |
| X | App**32.exe [* = random char] | App**32.exe [* = random char] | CoolWebSearch/HomeSearch adware - for examples, see this log | No |
| X | App.EXEName | [path to worm] | Added by the BODIRU WORM! | No |
| U | Appcon | vAppCon.exe | Vital Application Console - part of POS-partner 2000 point-of-sale software from Vital. This is the taskbar icon and is enabled at startup by the "Auto-start when OS starts" option. Required for a connection to be established | No |
| X | appconn | appconn.exe | Added by the CARGAO WORM! | No |
| U | AppExtender | AppExtCB.exe | Loads the Confimax add-in for popular E-mail programs to confirm E-mails have been sent and received | No |
| X | appis.exe | appis.exe | Added by the AGENT-BC TROJAN! | No |
| N | AppleSyncNotifier | AppleSyncNotifier.exe | From WinPatrol PLUS by BillP Studios - "This file installs with iTunes and is used when syncing your iPhone, iTouch, iPod, etc." See here for more information | No |
| X | AppletINIT | INITIATE.EXE | Added by the AGOBOT.XV TROJAN! | No |
| Y | Application | mdmsetsp.exe | Aztech Labs modem driver | No |
| X | Application | csrss.exe | Added by the BEAGLE.EG WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | Application Adapter | abvsvc.exe | Added by the CHECKOUT WORM! | No |
| U | Application Explorer | Naldesk.exe | Novell Zenworks Application Explorer Executable. "For almost all users the Novell ZENworks agent (either Application Launcher or Application Explorer) will be run via the user's login script on each successful login. ZENworks is used to periodically deliver software updates and is also used to install the remote management components." | No |
| U | Application Explorer | NalView.exe | Application Explorer - file manager type access to Novell Application Launcher for installing and updating network residing applications | No |
| X | Application In System | Snxmsh.exe | Added by the AGENT-LNV TROJAN! | No |
| N | Application Launcher | Application Launcher.exe | System Tray accesss to Sony Ericsson PC Suite which "connects your phone to your computer and expands the capabilities of your phone". Start manually via the Start Menu (or optional desktop shortcut) before connecting the phone | Yes |
| X | Application Layer Browser | abgsvc.exe | Added by the ULPM.FX TROJAN! | No |
| X | Application Layer Gateway Service | algs.exe | Added by the LINKBOT.M WORM! | No |
| X | Application Layer Scheduler | agtsvc.exe | Added by the IRCBOT.BJJ BACKDOOR! | No |
| X | Application Layer Services | avrsvc.exe | Added by the IRCBOT.BJM BACKDOOR! | No |
| X | Application Manager | acnsvc.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | Application Manager | apnsvc.exe | Added by the SMALLTRO.FN TROJAN! | No |
| X | ApplicationProtocolRun | smsbvl32.exe | Added by the IRCBOT-CX TROJAN! | No |
| U | AppPlus | AppPlus.exe | AppPlus - "menu bar or tray launcher that docks to your desktop, floats or sits in your System Tray. Create graphic/text-based buttons that launch any number of programs, Websites, e-mail addresses or folders (which open in the AppPlus Menu System)" | No |
| Y | Apvxd | APVXDWIN.EXE | Part of Panda Antivirus and Internet Security. Required to enable permanent virus protection | No |
| Y | Apvxdwin | APVXDWIN.EXE | Part of Panda Antivirus and Internet Security. Required to enable permanent virus protection | No |
| Y | APVXDWIN | ClShield.exe | "Panda ClientShield with TruPrevent is designed for companies that want the best protection for their workstations. It protects against viruses and other known and unknown threats including spam, spyware, dangerous or time-wasting content, phishing scams, hackers and intruders" | No |
| Y | Apwheel | Apwheel.exe | Wheel support for an Alps mouse | No |
| X | apyginapygin | simenu.exe | Added by the SDBOT.BTR WORM! | No |
| U | AQ3HelperStartUp | AQ3HEL~1.EXE | ScreenScenes "Aquatica Water Worlds" screensaver. The freeware version comes with GAIN branded ads (pop-ups and others). ScreenScenes do however offer you the option of doing away with the ads by purchasing the screensaver for a whopping $30. Please note that Claria Corporation no longer support GAIN-Supported software - see here | No |
| X | aqadcup.exe | aqadcup.exe | Added by the AGENT.BG WORM! | No |
| Y | Aqua Dock | Aqua Dock.exe | Aqua Dock - 'free program that allows you to have an "OS X" style, nice animated launchbar/taskbar on your screen that reacts to your mouse when you mouse over it. Users can customize the look of each item on the dock and set various animation options for when the mouse is over an item on the dock. It is very easy to configure' | No |
| X | Aqujyjax | [path to file] | Added by the RANCK-CQ TROJAN! | No |
| X | Aqujyjax | aqujyjax.exe | Added by the SDBOT-YC WORM! | No |
| X | ara-key | [random filename] | Added by the ANTINNY WORM! | No |
| ? | ArabLionZ Drive | ArabLionZ.Drive.exe | ArabLionZ Drive - part of ArabLionZ XP Tools. What does it do and is it required? | No |
| Y | ArcaCheck | ArcaCheck.exe | Part of the ArcaVir antivirus suite from Polish company Arcabit. What does this part do? | No |
| X | arcaderockstar | arcaderockstar32.exe | Arcade Rockstar (now Gamevance) - free arcade games and prize tournaments. The program itself is clean, but the TOS and privacy statement say that you agree to allow the program to track/report your surfing and put popup advertising on your computer | No |
| X | Archive | archive.exe | Adware - detected by Kaspersky as the CENTIM.A TROJAN! | No |
| X | ARCHIVE CONTROL | fixupdattr.exe | Added by the MYTOB.GU WORM! | No |
| N | ArcSoft Connect | ACDaemon.exe | Used to serve notice of product information and updates when running ArcSoft products such as TotalMedia, PhotoStudio 6 and Print Creations. Set the associated ArcSoft Connect Daemon (ACService.exe) service to Manual (via Start → Control Panel → Administrative Tools → Services) and run this entry manually via the Start menu when required | Yes |
| N | ArcSoft Connection Service | ACDaemon.exe | Used to serve notice of product information and updates when running ArcSoft products such as TotalMedia, PhotoStudio 6 and Print Creations. Set the associated ArcSoft Connect Daemon (ACService.exe) service to Manual (via Start → Control Panel → Administrative Tools → Services) and run this entry manually via the Start menu when required | Yes |
| N | ARCSolo Recovery | N/A | Backup software by Computer Associates - no longer supported | No |
| U | Ardamax Keylogger | akl.exe | Ardakey keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| N | ares | ares.exe | "Ares is a free open source file sharing program that enables users to share any digital file including images, audio, video, software, documents, etc" | No |
| N | areslite | AresLite.exe | "Ares is a free open source file sharing program that enables users to share any digital file including images, audio, video, software, documents, etc" | No |
| U | Argentum Backup | ab.exe | Argentum Backup - a small backup program that lets you easily back up your documents and folders | No |
| X | Aritima | aritima.exe | Added by the ARITIM WORM! | No |
| X | Arman | [path to worm] | Added by the IRCBOT-TG WORM! | No |
| U | ARMOR2NET | Armor2net.exe | Related to Armor2net personal firewall (possibly contains or is related to a product known as ArmorWall - which is a known rogue, see here - hence the "U" recommendation) | No |
| X | aromis | aromis.exe | Added by the NUWAR.JQ WORM! | No |
| N | AROReminder | aro.exe | Advanced Registry Optimizer - "scan, identify, clean and repair errors in your Windows registry with a single click". Reminder that states that you are in trial mode | No |
| U | Arovax AntiSpyware | arovaxantispyware.exe | Part of Arovax AntiSpyware from Arovax, LLC - that offers an "innovating, powerful, speedy and extremely easy to use Spyware protection program". Runs a system scan when Windows starts and adds a System Tray icon | Yes |
| Y | Arovax Shield | ArovaxShield.exe | Part of Arovax Shield from Arovax, LLC - that "detects and notifies you about all major online threats trying to penetrate your system, isolates & blocks them". Runs the main program in the background and adds a System Tray icon | Yes |
| U | arovaxantispyware | arovaxantispyware.exe | Part of Arovax AntiSpyware from Arovax, LLC - that offers an "innovating, powerful, speedy and extremely easy to use Spyware protection program". Runs a system scan when Windows starts and adds a System Tray icon | Yes |
| Y | ArovaxShield | ArovaxShield.exe | Part of Arovax Shield from Arovax, LLC - that "detects and notifies you about all major online threats trying to penetrate your system, isolates & blocks them". Runs the main program in the background and adds a System Tray icon | Yes |
| U | ARPWRMSG | ARPWRMSG.EXE | "Away Mode" feature added with Update Rollup 2 for Windows XP Media Center Edition 2005 that allows the computer to appear off to the user while it continues to perform tasks that do not require user input, such as recording television and viewing Media Center Extender sessions. For more information see here | No |
| U | Artera | arteraui.exe | Artera Turbo Internet Accelerator - "surf faster, boost download speed". Only required if you find it helps improve your performance | No |
| N | Arucer | rundll32 Arucer.dll,Arucer | Provides support for the Energizer UsbCharger (Energizer UsbCharger.exe) utility that detects and shows the charging status for the Energizer® Duo USB/mains battery charger. This entry will be re-instated the next time you run the main program and is not disabled by deselecting "Launch program automatically" from the program's options | Yes |
| N | Arucer Dynamic Link Library | rundll32 Arucer.dll,Arucer | Provides support for the Energizer UsbCharger (Energizer UsbCharger.exe) utility that detects and shows the charging status for the Energizer® Duo USB/mains battery charger. This entry will be re-instated the next time you run the main program and is not disabled by deselecting "Launch program automatically" from the program's options | Yes |
| ? | AS00 Gear511 | Gear511.exe | Software for Netgear wireless network cards. Unknown whether it is required for the wireless card to run but does not seem to be a resource hog. Not required for laptop to run if the wireless network card will not be used. Is it at all required? | No |
| N | AS00_Gear511 | Gear511.exe | Netgear wireless LAN configuration utility | No |
| U | AS00_WN511B | WN511B.exe | Netgear RangeMax NEXT wireless adapter configuration utility | No |
| ? | AS00_WPN511 | WPN511.exe | NetgearRev MFC Application - software for Netgear wireless network cards - what does it do and is it required in startup? | No |
| X | ASC-AntiSpyware | WinCleaner.exe | WinCleaner 2009 rogue security software - not recommended, removal instructions here | No |
| X | ASC-AntiSpyware | WinAntivirus.exe | Win Antivirus Vista/XP rogue security software - not recommended, removal instructions here | No |
| X | asc32 | asc 2.1.exe | AntiSpyCheck rogue spyware remover - not recommended, removal instructions here | No |
| X | asccacA | asacsqgl.exe | Added by the MULTIDRP.AA TROJAN! | No |
| X | ASDd | ASDd.exe | AntiSpywareDeluxe rogue security software - not recommended, removal instructions here | No |
| X | ASDPLUGIN | dsldbaccess.exe | AsdPlug premium rate adult content dialer | No |
| X | ASDPLUGIN | canada.exe | AsdPlug premium rate adult content dialer | No |
| X | ASDPLUGIN | france.exe | AsdPlug premium rate adult content dialer | No |
| X | ASDPLUGIN | fullgames.exe | AsdPlug premium rate adult content dialer | No |
| X | ASDPLUGIN | 100171be.exe | AsdPlug premium rate adult content dialer | No |
| X | ASDPLUGIN | 100176br.exe | AsdPlug premium rate adult content dialer | No |
| X | ASDPLUGIN | adult1.exe | AsdPlug premium rate adult content dialer | No |
| X | ASDPLUGIN | Austria.exe | AsdPlug premium rate adult content dialer | No |
| X | ASDPLUGIN | belgium_nm.exe | AsdPlug premium rate adult content dialer | No |
| X | ASDPLUGIN | czech.exe | AsdPlug premium rate adult content dialer | No |
| X | ASDPLUGIN | dbaccess.exe | AsdPlug premium rate adult content dialer | No |
| X | ASDPLUGIN | dslgeaccess.exe | AsdPlug premium rate adult content dialer | No |
| X | ASDPLUGIN | Finland.exe | AsdPlug premium rate adult content dialer | No |
| X | ASDPLUGIN | geaccess.exe | AsdPlug premium rate adult content dialer | No |
| X | ASDPLUGIN | mexico.exe | AsdPlug premium rate adult content dialer | No |
| X | ASDPLUGIN | netherlands.exe | AsdPlug premium rate adult content dialer | No |
| X | ASDPLUGIN | turkey.exe | AsdPlug premium rate adult content dialer | No |
| X | ASDPLUGIN | uk_nm.exe | AsdPlug premium rate adult content dialer | No |
| X | ASDPLUGIN | Xadult1.exe | AsdPlug premium rate adult content dialer | No |
| X | ASDPLUGIN | temp532.exe | AsdPlug premium rate adult content dialer | No |
| X | asdsaxcxz13 | dasxcsx13.exe | Added by the LEGMIR-ARF TROJAN! | No |
| X | asdx | xwinrpc32.exe | Added by the AGOBOT.VO WORM! | No |
| N | ASE Scheduler | ASE Scheduler.exe | Aluria Software's spyware removal tool - we can't really recommend this product as Aluria have recently partnered with WhenU, the well known adware company, see here and here | No |
| Y | Ashampoo AntiSpyWare 2 | AntiSpyWare2Guard.exe | Part of Ashampoo® AntiSpyWare 2 from Ashampoo GmbH & Co. KG. This part is the realtime monitor that looks for changes on the users system such as BHO, Winsock LSPs, Windows Hosts file, Autostart entries, etc | Yes |
| Y | Ashampoo AntiSpyWare 2 Guard | AntiSpyWare2Guard.exe | Part of Ashampoo® AntiSpyWare 2 from Ashampoo GmbH & Co. KG. This part is the realtime monitor that looks for changes on the users system such as BHO, Winsock LSPs, Windows Hosts file, Autostart entries, etc | Yes |
| Y | Ashampoo AntiVirus Service | GuardGui.exe | System Tray access to the main user interface for Ashampoo® AntiVirus from Ashampoo GmbH & Co. KG. | Yes |
| U | Ashampoo Core Tuner | ct.exe | Ashampoo® Core Tuner from Ashampoo GmbH & Co. KG - a utility which helps you to get the most out of a multi-processor (or dual core) computer. "For instant results you just need to select Auto-Optimize to optimize all the programs you are running or Boost to give more power to a single program". This entry loads Core Tuner with Windows (required if you use any optimized profiles) and gives System Tray access | Yes |
| Y | Ashampoo FireWall | FireWall.exe | Ashampoo® Firewall FREE from Ashampoo GmbH & Co. KG | Yes |
| Y | Ashampoo FireWall PRO | FireWall.exe | Ashampoo® Firewall PRO from Ashampoo GmbH & Co. KG | Yes |
| U | Ashampoo HDD Control Guard | HDDControlGuard.exe | Part of Ashampoo® HDD Control from Ashampoo GmbH & Co. KG - a hard drive monitoring utility which also incorporates defragmentation and cleaners for browsing history and unnecessary files. This entry loads the Ashampoo HDD Control Guard component on startup which runs in the background and monitors the hard drives and provides System Tray access | Yes |
| U | Ashampoo Magical Defrag | aDefragCtrl.exe | System Tray access to the main user interface for Ashampoo® Magical Defrag from Ashampoo GmbH & Co. KG - which "runs in the background as a service, defragmenting when necessary to keep the hard disk tidy" | Yes |
| U | Ashampoo Magical Optimizer Taskplaner | AMO_TA~1.EXE | Part of Ashampoo® Magical Optimizer from Ashampoo GmbH & Co. KG - which removes stagnant and unnecessary hard drive files, deletes Internet tracks and streamlines the registry by erasing invalid and orphaned entries. The Taskplaner automates this system optimization according to the user defined schedule and gives System Tray access to the main program | Yes |
| U | Ashampoo Magical Optimizer Taskplaner | AMO_Taskplaner.exe | Part of Ashampoo® Magical Optimizer from Ashampoo GmbH & Co. KG - which removes stagnant and unnecessary hard drive files, deletes Internet tracks and streamlines the registry by erasing invalid and orphaned entries. The Taskplaner automates this system optimization according to the user defined schedule and gives System Tray access to the main program | Yes |
| N | ashampoo Magical UnInstall | MagicalUnInstall.exe | Ashampoo® Magical UnInstall from Ashampoo GmbH & Co. KG - which monitors each new program installation, saving a log of the current configuration and using this as a reference to completely uninstall it if you chose to do so at a later date | Yes |
| U | Ashampoo PopUpBlocker | PopUpKiller.exe | Ashampoo popup blocker, part of Magical Security (was Privacy Protector Plus) | No |
| N | ashampoo UnInstaller Watcher | UIWatcher.exe | Part of the Ashampoo® UnInstaller series from Ashampoo GmbH & Co. KG - including UnInstaller Platinum 2, UnInstaller 3 and UnInstaller 4. These monitor and record program installations and allows you to remove them completely, so that no trace is left. This is the installion monitor that sits in the System Tray and detects the launch of installation programs | Yes |
| Y | ashAvast | ashAvast.exe | Part of Avast antivirus | No |
| X | ashcap | servirsess.exe | SpySure spyware | No |
| Y | ashDisp | ashDisp.exe | System Tray access to and notifications for avast! Antivirus - giving left-click access to the On-Access Scanner, right-click access to other options and event notifications | Yes |
| X | ashDsp.exe | ashDsp.exe | Added by a variant of the SDBOT WORM! | No |
| X | ASHLT | Ashlt.exe | Ashlt adware | No |
| Y | ashMaiSv | ashmaisv.exe | E-mail scanning part of avast! Antivirus. Starts via a registry "Run" key on Windows 98/Me and as a service on Windows 2K/XP/Vista | No |
| X | Asia | easm.exe | PurityScan adware | No |
| X | Asicfc | icfca.exe | Added by the AGENT.AAJE WORM! | No |
| U | AsioReg | regsvr32.exe ctasio.dll | ASIO (Audio Stream In/Out) drivers for the SoundBlaster Audigy 2 series soundcards - for recording and home project studios. Required if you use this functionality | No |
| U | AsioThk32Reg | rregsvr32.exe ctasio.dll | ASIO (Audio Stream In/Out) drivers for the SoundBlaster Audigy 2 series soundcards - for recording and home project studios. Required if you use this functionality | No |
| U | ASK | rundll32.exe [path] ASK.dll rdl | Stealth Keylogger keystroke logger/monitoring program - remove unless you installed it yourself! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| X | asl | Aslru.exe | Added by the BANCOS-CU TROJAN! | No |
| U | ASM | ASMonitor.exe | Active Security Monitor from AOL - helps you determine how vulnerable your PC is to computer viruses, spyware and other dangers and learn what steps you can take to improve your protection | No |
| U | Asmw Soft Popups Burner | popups burner.exe | Popup blocker, part of Asmw Soft PC Optimizer | No |
| X | asnconsole | msasn.exe | Added by the RBOT.EVU TROJAN! | No |
| X | ASocksrv | SocksA.exe | Added by the VB.CBW WORM! | No |
| X | asp-srvc | asp-srvc.exe | Added by the AGOBOT-KG WORM! | No |
| X | ASP.NET State Service | csrss.exe | Added by the DLOADER-QI TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | ASP.NET State Service | crsass.exe | Added by the BANLOAD-M TROJAN! | No |
| X | ASP.NET State Service | servicos..exe | Added by the DADOBRA-I TROJAN! | No |
| N | asp4tray | asp4tray.exe | System Tray application for Aureal Vortex based soundcards. Can be run manually via Start -> Settings -> Control Panel | No |
| Y | AspireTimeMachine | acertmb.exe | System recovery software supplied with some Acer notebook PCs. Similar to GoBack and the restore program in WinXP, allowing you to restore a PC back to a working state with minimal re-entry | No |
| X | ASpyC | ASpyC.exe | AntiSpyCheck rogue spyware remover - not recommended, removal instructions here | No |
| X | asrupdate.exe | asrupdate.exe | Added by the VB.ATZ TROJAN! | No |
| X | Ass and titties | CMD32.EXE | Added by the SDBOT-GG BACKDOOR! | No |
| X | assistse | ASSISTSE.EXE | CnsMin (Chinese Keywords) hijacker related | No |
| X | AST | AST | Added by the VB.AH TROJAN! | No |
| X | AST | AST.exe | AutoStarter parasite | No |
| U | ASTART | astart.exe | ASUS TweakEnable - restores manually changed settings for ASUS based video cards such as overclocking. Only required if you use non-standard settings | No |
| X | AStart | AStart | Added by the VB.AH TROJAN! | No |
| N | asTray | Astray.exe | Voyetra Audio Station - part of Voyetra's Ultimate MP3 & CD Manager. MP3 and digital music jukebox/organizer | No |
| N | Astro | Astro.exe | Checks for updates to Quicken on a system reboot | No |
| X | Astrum | Astrum.exe | Astrum Antivirus Pro rogue security software - not recommended, removal instructions here | No |
| X | asus | asus.exe | Added by the RBOT-OC WORM! | No |
| ? | ASUS Camera ScreenSaver | ASScrProlog.exe | Either a valid program on some ASUS laptops - such as the F3 and F5 series or unsafe, according to PREVX and InCode Solutions. Can any ASUS owners with this file confirm? File is located in %Windir% | No |
| N | ASUS Live Update | ALU.exe | ASUS Live Update utility for their motherboards | No |
| N | ASUS Probe | AsusProb.exe | ASUS video card fan/thermal monitor - only required if you overclock your card or live in a hot area | No |
| ? | ASUS Screen Saver Protector | ASScrPro.exe | Either a valid program on some ASUS laptops - such as the F3 and F5 series or unsafe, according to PREVX and InCode Solutions. Can any ASUS owners with this file confirm? File is located in %Windir% | No |
| U | ASUS SmartDoctor | VGAProbe.exe | ASUS video card fan/thermal monitor | No |
| U | ASUS TweakEnable | astart.exe | ASUS TweakEnable - restores manually changed settings for ASUS based video cards such as overclocking. Only required if you use non-standard settings | No |
| N | ASUSGamerOSD | GamerOSD.exe | GamerOSD by ASUSTek - for "real-time overclocking, benchmarking and video capturing in any PC game". Free for ASUS graphics cards, 30-day trial for non-ASUS graphics cards | No |
| N | ASUSKey | V38SHELL.EXE | System tray Icon for quickly changing video modes | No |
| ? | AsusStartupHelp | AsRunHelp.exe | Unknown ASUS motherboard utility. What does it do and is it required? | No |
| X | asussvc | asussvc.exe | Added by the AGENT-FPB TROJAN! | No |
| U | asustweakenable | ATweak.exe | ASUS TweakEnable - restores manually changed settings for ASUS based video cards such as overclocking. Only required if you use non-standard settings | No |
| N | ASUSWebStorage | ASUSWSDashBoard.exe | System Tray access to ASUS Webstorage online backup and sharing utility which is pre-installed on some ASUS systems or available for free (with 1GB available) for others. Disable unless you want to automatically backup and sync your files every time your system starts | Yes |
| N | AsusWSDashBoard | ASUSWSDashBoard.exe | System Tray access to ASUS Webstorage online backup and sharing utility which is pre-installed on some ASUS systems or available for free (with 1GB available) for others. Disable unless you want to automatically backup and sync your files every time your system starts | Yes |
| N | ASWDP | ASWDP.exe | MLS Pulse - real estate software. Keeps the home buyer/seller continually informed on the status of his/her local/regional real estate market | No |
| X | ASWnk | aswnk.exe | Adult content dialler | No |
| U | AT&T Self Support Tool | matcli.exe | AT&T Resolution Assistant. "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, state, etc and gets written to a log file". Resolution Assistant is required to run with the Help and Support program. If you uncheck AT&T Self Support Tool and then run Help and Support it will add another in the startup menu. If you remove Resolution Assistant via add/remove programs some menus in help and support will not be available. You decide | No |
| U | AT-Watch | ATWatch.exe | Anti-Trojan Watch - trojan detector | No |
| X | atapidrv | atapidrv.exe | Added by the AGOBOT-SL WORM! | No |
| U | atchk | atchk.exe | AMT Status Message from Intel. Users can manage this, read the article. See here for more information on Intel AMT | No |
| X | atf.exe | pgs.exe | Part of the PCSecureSystem rogue security software - not recommended. A member of the AVSystemCare family | No |
| X | atf_reinstall | atf.exe | Part of the AVSystemCare rogue security software - not recommended. See here | No |
| U | Athan | Athan.exe | Athan - an application that calculates and reminds the five daily Islamic prayer times for anywhere in the world | No |
| U | ATI 2D Component | Ati2mdxx.exe | Installed with the drivers for some ATI based discrete graphics cards and on-board/mobile chipsets. After testing it's exact function isn't known at this time and it doesn't appear to be running even with the startup entry enabled - hence the "U" recommendation | Yes |
| X | ATI Active Graphics Card Monitor | atievx.exe | Added by the IRCBOT-TL WORM! | No |
| X | ATI AS Filter | msnse.exe | Added by the RBOT-CCY WORM! Note - modifies the HOSTS file by appending numerous lines, preventing access to the virus cleaning websites | No |
| N | ATI CATALYST System Tray | CLI.exe SystemTray | System Tray access to ATI's Catalyst™ Control Center. Note that this has "SystemTray" appended to CLI.exe in the "Command" column of MSCONFIG. Not required to run the control center - which is available via a right-click on the desktop | No |
| U | ATI Desktop Component | ATIPTAXX.EXE | Installed with the drivers for some ATI based discrete graphics cards and on-board/mobile chipsets. Provides System Tray access to display settings (including desktop resolution, color depth and multi-display schemes), help and troubleshooting. Unless you often change your display settings this isn't really required as all the settings are available via the system Control Panel under "Display" | Yes |
| N | ATI DeviceDetect | ATIDtct.EXE | Utility meant for future use of the ATI TV WONDER USB 2.0 video driver and can be disabled | No |
| X | ATI Display | ATIDisplay.exe | Added by the BDOOR-AFH BACKDOOR! | No |
| X | ATI Display Driver | atixd.exe | Added by the RBOT-FOV WORM! | No |
| X | Ati Display Settings | atividx.exe | Added by the RBOT-GAS WORM! | No |
| N | ATI GART Set-up Utility | Atigart.exe | Program that checks the motherboard chipset and determines which GART driver bundle to install on ATI video cards. If you have one, once installed it shouldn't be needed | No |
| U | ATI Launchpad | launchpd.exe | Convenient way to start all your Multimedia Center applications (DVD, Video CD, CD Audio, File Player). You can right-click LaunchPad, and uncheck Load on Startup in the menu | No |
| X | ATI Rage3d Pro | AtiRage4dPro.exe | Added by the AGOBOT-OG WORM! | No |
| Y | ATI Remote Control | ATIRW.exe | ATI Remote Wonder™ - PC wireless remote control driver. Required if you use it | No |
| Y | ATI Remote Control | ATIX10.exe | ATI Remote Wonder™ - PC wireless remote control driver. Required if you use it | No |
| N | ATI Scheduler | Atisched.exe | Component that remains resident in memory and automatically launches the ATI VIDEO PLAYER at a user selected time and date. Delete the shortcut in the Start -> Programs -> Startup folder as well. Functions could re-enable the program to load at start-up and re-introduce the shortcut. Try it and see | No |
| N | ATI Task Application | Atitkad.exe | System Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Start -> Settings -> Control Panel -> Display | No |
| N | ATI Task Application (Atikey) | Atitask.exe | System Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Start -> Settings -> Control Panel -> Display | No |
| U | ATI Technologies Inc. HydraVision Desktop Manager | HydraDM.exe | Part of HYDRAVISION - ATI's software for managing mutliple displays and virtual desktops. This is the HYDRAVISION Desktop Manager - which "customizes the behaviour of windows and dialog boxes, allows you to set up Hotkeys for navigation in multiple display configurations and applies special effects like transparency and shadows to you desktop" | Yes |
| U | ATI Technologies Inc. HydraVision Viewport | HydraMD.exe | Part of HYDRAVISION - ATI's software for managing mutliple displays and virtual desktops. This is HYDRAVISION MultiDesk - which "creates, organizes and arranges up to nine active multi-monitor desktop combinations and allows you to cycle between them with a mouse." There is an optional System Tray icon or a hotkey can be configured to cycle through the desktops | Yes |
| X | ATI Technology Startup | techstart.exe | Added by the RBOT-AEU WORM! | No |
| X | ATI Video Driver Control | atigfx.exe | Added by the RBOT-FWL WORM! | No |
| X | ATI Video Driver Control | btorrent.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | ATI Video Driver Controls | [path to worm] | Added by the SDBOT-DDS WORM! | No |
| X | ATI VIDEO REGKEY | ati2vid.exe | Added by the SDBOT.UR WORM! | No |
| ? | Ati2cwxx | Ati2cwxx.exe | For some ATI video cards. Probably used to access features and may not be required - for example the ATI Radeon works fine without it | No |
| X | Ati2evxx | Ati2evxx.com | Added by the BACKDOOR-CPC TROJAN! | No |
| X | ati2f104 | ati2f104.exe | Added by the DLOADR-BBW TROJAN! | No |
| U | Ati2mdxx | Ati2mdxx.exe | Installed with the drivers for some ATI based discrete graphics cards and on-board/mobile chipsets. After testing it's exact function isn't known at this time and it doesn't appear to be running even with the startup entry enabled - hence the "U" recommendation | Yes |
| N | ATICCC | cli.exe runtime | ATI's Catalyst™ CONTROL CENTER. Required if you want to change graphics settings on a regular basis but you must have internet access and Microsoft's .NET framework installed. Note that this has "runtime" appended to cli.exe in the "Command" column of MSCONFIG. Recommend that start the program manually via Start → Programs → ATI Catalyst Control Center → Advanced → Restart Runtime as it can cause problems when starting Windows | No |
| N | ATICCC | CLIStart.exe | Puts the ATI Catalyst™ Control Center Icon/Shortcut on the System Tray - available via Start → Programs | No |
| X | aticpaxx.exe | aticpaxx.exe | Added by the RBOT-XP WORM! | No |
| U | AtiCwd | AtiCwd.exe | This utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video card | No |
| U | AtiCwd | AtiCwd32.exe | This utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video card | No |
| U | AtiCwd | Ati2cwad.exe | This utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video card | No |
| U | AtiCwd32 | AtiCwd.exe | This utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video card | No |
| U | AtiCwd32 | AtiCwd32.exe | This utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video card | No |
| U | AtiCwd32 | Ati2cwad.exe | This utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video card | No |
| X | AtiDisplayDrv | atidrvxx.exe | Added by the RBOT-VZ WORM! | No |
| X | atidriver | reaIplayer.exe | Added by the WARPIGS-E WORM! Note the uppercase "I" in the filename, rather than a lower case "L" | No |
| N | AtiGart | Atigart.exe | Program that checks the motherboard chipset and determines which GART driver bundle to install on ATI video cards. If you have one, once installed it shouldn't be needed | No |
| N | AtiKey | AtiKey32.exe | System Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Start -> Settings -> Control Panel -> Display | No |
| N | AtiKey | atiptkad.exe | System Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Control Panel → Display | No |
| N | Atikey | Atitask.exe | System Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Start -> Settings -> Control Panel -> Display | No |
| U | ATIMACE | MACE.exe | ATI Technologies Control Centre - installed alongside ATI graphics hardware and provides additional configuration options for these devices in the Managed Access to Catalyst™ Environment (MACE) component | No |
| U | ATIModeChange | Ati2mdxx.exe | Installed with the drivers for some ATI based discrete graphics cards and on-board/mobile chipsets. After testing it's exact function isn't known at this time and it doesn't appear to be running even with the startup entry enabled - hence the "U" recommendation | Yes |
| X | AtiPanel | atip.exe | Added by the TACTSLAY.U TROJAN! | No |
| X | atipatxx | atipatxx.exe | Added by the SMALL-ED TROJAN! | No |
| N | ATIPOLAB | ati2evxx.exe | Hotkey handler for ATI desktop and mobile graphics chipsets. Users report that most of the hotkeys aren't well documented, they aren't therefore used and it can consume lots of CPU resources on some computers. Unless you use the hotkeys leave it disabled. Starts via a registry "Run" key on Windows 98/Me and as a service on Windows 2K/XP/Vista | No |
| U | ATIPOLAB | ati2evae.exe | ATI Polling Program - part of the ATI graphics driver e.g. on some Fujitsu-Siemens Notebooks | No |
| N | ATIPOLL | ati2evxx.exe | Hotkey handler for ATI desktop and mobile graphics chipsets. Users report that most of the hotkeys aren't well documented, they aren't therefore used and it can consume lots of CPU resources on some computers. Unless you use the hotkeys leave it disabled. Starts via a registry "Run" key on Windows 98/Me and as a service on Windows 2K/XP/Vista | No |
| U | AtiPTA | Ati2ptxx.exe | Control panel for the ATI series of video cards allowing access to such features as display resolution, colour depth, etc. Available via Start -> Settings -> Control Panel -> Display. Some users may need it if they have optimised their settings | No |
| U | ATIPTA | ATIPTAXX.EXE | Installed with the drivers for some ATI based discrete graphics cards and on-board/mobile chipsets. Provides System Tray access to display settings (including desktop resolution, color depth and multi-display schemes), help and troubleshooting. Unless you often change your display settings this isn't really required as all the settings are available via the system Control Panel under "Display" | Yes |
| U | AtiPTA | Atiptaab.exe | Control panel for the ATI series of video cards allowing access to such features as display resolution, colour depth, etc. Available via Start → Settings → Control Panel → Display. Some users may need it if they have optimised their settings | No |
| U | AtiPTAAA | Ati2ptxx.exe | Control panel for the ATI series of video cards allowing access to such features as display resolution, colour depth, etc. Available via Start -> Settings -> Control Panel -> Display. Some users may need it if they have optimised their settings | No |
| U | AtiPTAAA | ATIPTAXX.EXE | Installed with the drivers for some ATI based discrete graphics cards and on-board/mobile chipsets. Provides System Tray access to display settings (including desktop resolution, color depth and multi-display schemes), help and troubleshooting. Unless you often change your display settings this isn't really required as all the settings are available via the system Control Panel under "Display" | No |
| U | atiptaxx | Ati2ptxx.exe | Control panel for the ATI series of video cards allowing access to such features as display resolution, colour depth, etc. Available via Start -> Settings -> Control Panel -> Display. Some users may need it if they have optimised their settings | No |
| U | ATIPTAXX | ATIPTAXX.EXE | Installed with the drivers for some ATI based discrete graphics cards and on-board/mobile chipsets. Provides System Tray access to display settings (including desktop resolution, color depth and multi-display schemes), help and troubleshooting. Unless you often change your display settings this isn't really required as all the settings are available via the system Control Panel under "Display" | Yes |
| X | atiptext | atiptext.exe | Added by the COSIAM-A TROJAN! | No |
| U | AtiQiPcl | AtiQiPcl.exe | Used for hardware DVD decoding on ATI video cards supporting this feature. Not required unless you regularly play DVD's | No |
| Y | ATIRmtWndr | ATIX10.exe | ATI Remote Wonder™ - PC wireless remote control driver. Required if you use it | No |
| U | ATISmart | ati2s9ag.exe | ATI's "SMARTGART", which is included with the Catalyst™ drivers. When the system boots, it runs a couple of bus tests & tries to apply the most stable settings | No |
| U | AtiSound | csrss.exe | WinSpy surveillance software. Uninstall this software unless you put it there yourself. Note - this is not the same file as the csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "ComRoot" subfolder | No |
| X | atisrc2 | windfind.exe | Added by the WINDFIND-A TROJAN! | No |
| X | ATITech | Active.exe | Added by the ROAMER-A TROJAN! | No |
| U | atitray | atitray.exe | ATI Tray Tools - allows quick access to ATI graphics card settings | No |
| U | AtiTrayTools | atitray.exe | ATI Tray Tools - allows quick access to ATI graphics card settings | No |
| X | atiupdate | ATIUPDATE5.EXE | Added by the DEBESKI.A TROJAN! | No |
| X | atiupdate | msshed32.exe | Added by the DELF.EP downloader TROJAN! | No |
| X | ATIUpdater | atiupdxx.exe | Added by the RBOT-ABX WORM! | No |
| X | Atiupdpl | atiupdpl.exe | Added by the SMALL.AOS TROJAN! | No |
| X | ativopen | ativopen.exe | Premium rate adult content dialler | No |
| Y | ATIX10 | atix10.exe | ATI Remote Wonder™ - PC wireless remote control driver. Required if you use it | No |
| U | ATKMEDIA | DMEDIA.EXE | Driver for the media buttons on the front of some Asus laptops, such as Forward,back,stop,pause etc | No |
| X | Atl**.exe [* = random char] | Atl**.exe [* = random char] | CoolWebSearch/HomeSearch adware - for examples, see this log | No |
| X | Atl**32.exe [* = random char] | Atl**32.exe [* = random char] | CoolWebSearch/HomeSearch adware - for examples, see this log | No |
| X | ATM Control | adpn.exe | Added by the MMS.A WORM! | No |
| N | ATnotes | atnotes.exe | Loads the ATnotes program for virtual sticky notes for your desktop. Available via Start -> Programs | No |
| U | Atomic Time Synchronizer | TimeSync.exe | TimeSync - lets you synchronize your computer's clock with any internet atomic clock | No |
| X | Atomic-x27 | Atomic-x27.exe | Added by the KATOMIK-A WORM! | No |
| X | Atomic-x27C | AtomicpartC.exe | Added by the KATOMIK-A WORM! | No |
| U | Atomic.exe | Atomic.exe | Atomic Clock Sync - synchronizes your computer's time with the NIST time server | No |
| N | Atomica | atomica.exe | Atomica runs from the System Tray and allows the user to find out more about a word or phrase on any screen by pointing at it with the mouse and clicking button one while holding down the Alt key | No |
| U | AtomicTime | ATOMICTIME.EXE | AtomicTime - utility that synchronizes your PC clock to an atomic clock | No |
| U | Atrack | atrack.exe | New feature of Norton Internet Security (NIS) and Norton Personal Firewall (NPF) 3.0 is the Alert Tracker, an instant notification feature. The Alert Tracker displays information about events as they happen. This way, when a rule has been triggered or an access to the Internet made, you know about it immediately rather than finding out about it when you check your logs or notice that the NIS icon indicates a security alert | No |
| U | Atray | Atray.exe | Active Tray is a utility which lets you configure the system tray. You can also create your own tray icons | No |
| U | ATSpooler | AppsTraka.exe | DeskTopScout keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| U | ATTBroadbandUpdate | SAUpdate.exe | Big Brother from Quest Software. System and network monitor | No |
| U | ATTRedUpdate | AutoUpdate.exe | Additional item added to start-ups after AT&T took over the now bankrupt Excite@home high-speed internet service. Included for automatically downloading and installing updates. Leave it unless you plan to regularly run it to check for updates | No |
| X | AttuneClientEngine | attune_ce.exe | Aveo Attune automated helpdesk software - adware/spyware | No |
| X | AttuneContentUpdater | attune_cu.exe | Aveo Attune automated helpdesk software - adware/spyware | No |
| X | AttuneDiscovery | attune_di.exe | Aveo Attune automated helpdesk software - adware/spyware | No |
| X | Attunel | Attunel.exe | Aveo Attune automated helpdesk software - adware/spyware | No |
| X | AttuneSystray | attune_st.exe | Aveo Attune automated helpdesk software - adware/spyware | No |
| N | aTuner | atuner.exe | aTuner - tweak tool for GeForce based graphics cards | No |
| Y | atwtusb | atwtusb.exe | USB interface for Aiptek Graphics Tablet (USB) | No |
| X | AtxBrw | Iexplor.exe | "Pop Marketing" adware | No |
| U | au | DealioAu.exe | Dealio Toolbar is a free shopping comparison toolbar that allows users to search for a wide range of consumer products | No |
| U | AU Agent | AUagent.exe | Au Agent from Zilab Software. Win2K/NT enhancement tool. Allows you to run applications under any security context without closing the whole logon session to process a new logon | No |
| X | au.exe | au.exe | Added by the BEAGLE.B WORM! | No |
| Y | AUCBPNP | aucbnpn.exe | Adaptec USB CardBus Safe-Eject - driver for the Adaptec USB 2.0 CardBus which provides USB 2.0 ports for laptop users via a PCMCIA card slot | No |
| X | Aucompat | Aucompat.exe | Added by the GEMA TROJAN! | No |
| X | Audcntr | audcntr.exe | Added by the GEMA TROJAN! | No |
| ? | AudCtrl | RunDll32 AudCtrl.dll, RCMonitor | Audio control panel? | No |
| X | audi32 | audi32.exe | Added by the RANCK-FL TROJAN! | No |
| X | AUDIO | SOUND.exe | Added by the PLOYB-A TROJAN! | No |
| X | Audio Device Manager | winfp.exe | Added by the IRCBOT-XS WORM! | No |
| X | Audio Device Manager | WinNT.exe | Added by the IRCBOT.USP BACKDOOR! | No |
| X | Audio Device Manager | WNDXP.exe | Added by the IRCBOT.AJL BACKDOOR! | No |
| X | Audio Device Manager | sfhgj.exe | Added by the IRCBOT-ZA BACKDOOR! | No |
| X | audiocfg.exe | audiocfg.exe | Added by the VB.ATE WORM! | No |
| X | Audiocntl | audiocntl.exe | Added by a variant of the CRYPTER.C TROJAN! | No |
| N | AudioCommander | AudioCommander.exe | System Tray access to the AudioCommander user interface for Andrea USB devices - including features such as noise cancellation, graphic equalizer, echo Cancellation and beam forming | Yes |
| N | AudioCommander Application | AudioCommander.exe | System Tray access to the AudioCommander user interface for Andrea USB devices - including features such as noise cancellation, graphic equalizer, echo Cancellation and beam forming. This entry is taken from the XP version of Windows Defender | Yes |
| N | AudioCommanderVista | AudioCommander.exe | System Tray access to the AudioCommander user interface for Andrea USB devices - including features such as noise cancellation, graphic equalizer, echo Cancellation and beam forming. This entry is taken from the registry "Run" key in the Vista version | Yes |
| N | AudioDeck | ADeck.exe | ADeck.exe is a system tray application for VIA's sound cards which offers quick access to a number of sound card related items | No |
| X | Audiodrv | audiodrv.exe | Added by the CRYPTER-C TROJAN! | No |
| U | AudioDrvEmulator | DLLML.exe AudDrvEm.dll | Related to Creative DLL Module Loader for the Sound Blaster X-Fi (and maybe others). This program is non-essential process to the running of the system, but should not be terminated unless suspected to be causing problems | No |
| N | AudioHQ | Ahqtb.exe | For Creative Soundblaster Live! series soundcards. System tray application for SB Live! functions. Available via Start -> Programs | No |
| X | AudioHQ | audiohq.exe | Added by the BANKER-EHK TROJAN! | No |
| N | AudioHQU | AHQTBU.EXE | System Tray application installed with the drivers for Creative Labs SoundBlaster Live! Can be run from Start -> Programs | No |
| X | audioinf | audioinf.exe | Added by a variant of the CRYPTER.C TROJAN! | No |
| X | AudioMan | Explorer.sm1 | Added by the HUPIGON.IFZ BACKDOOR! | No |
| X | audlmne32 | dcmsxe.exe | Added by the MAILBOT-CF TROJAN! | No |
| X | Audoi Device Loader | smssv.exe | Added by the AGOBOT-ZY WORM! | No |
| X | augmsg | AUGMSG.EXE | Added by the SPYBOT-CO WORM! | No |
| X | auloadplx | mplprogsm.exe | Added by the SLAPER.K TROJAN! | No |
| X | AUNPS2 | RUNDLL32 AUNPS2.DLL, _Run@16 | AUNPS adware | No |
| X | aupd | symcsvc.exe | Added by the ABWIZ.D TROJAN! | No |
| X | aupd | sysvcs.exe | Added by the ABWIZ.C TROJAN! | No |
| X | aupd | sywsvcs.exe | Added by the ORSE-M TROJAN! | No |
| Y | Aureal A3D Interactive Audio | sa3dsrv.exe | For Aureal based 3D soundcards. A3D sound features won't work with this disabled | No |
| Y | Aureal A3D Interactive Audio Init | A3dInit.exe | For Aureal based 3D soundcards. A3D sound features won't work with this disabled | No |
| U | Auslogics BoostSpeed | boostspeed.exe | System Tray access to Auslogics BoostSpeed system optimization utility - which allows you to "Start programs faster. Speed up computer start time. Increase Internet speed, optimize your Internet Explorer, Firefox and E-mail programs" | Yes |
| U | Auslogics BoostSpeed 4 | boostspeed.exe | System Tray accesss to Auslogics BoostSpeed 4 system optimization utility - which "Start programs faster. Speed up computer start time. Increase Internet speed, optimize your Internet Explorer, Firefox and E-mail programs" | Yes |
| X | ausvc | ausvc.exe | Added by the AUTOUPDER TROJAN! | No |
| X | Auth Starter Ident | startauth.exe | Added by the RBOT-WP WORM! | No |
| Y | Authentic-ID Toolbar | wintmr.exe | System Tray access to Child Control parental control software by Salfield | No |
| Y | Authentic-ID Toolbar | rundll32.exe [path] ToolbarATL.dll, LoadTrayIcon | Authentic-ID Toolbar - website authentication utility. Warns you when a site is recognized for phishing or isn't authentic, for example | No |
| X | authz | authz.exe | Added by an unidentified VIRUS, WORM or TROJAN! | No |
| X | auto | win32.exe | Added by the SMALL!SD5 TROJAN! | No |
| X | auto | auto.exe | Added by the DOQ.GEN.Y BACKDOOR! | No |
| X | Auto CD-ROM Startup | cdaccess.exe | Added by the SPYBOT.BLA WORM! | No |
| U | Auto EPSON PictureMate Deluxe on X | E_FATI9TA.EXE | Epson Status Monitor 3 for the PictureMate Deluxe compact photo printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus C45 Series on X | E_S4I3T1.EXE | Epson Status Monitor 3 for the Stylus C45 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus C48 Series on X | E_S10IC2.EXE | Epson Status Monitor 3 for the Stylus C48 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus C48 Series on X | E_S4I091.EXE | Epson Status Monitor 3 for the Stylus C48 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus C60 Series on X | E_S10IC2.EXE | Epson Status Monitor 3 for the Stylus C60 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus C62 Series on X | E_S10IC2.EXE | Epson Status Monitor 3 for the Stylus C62 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus C64 Series on X | E_S4I2C1.EXE | Epson Status Monitor 3 for the Stylus C64 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus C82 Series on X | E_S0HIC1.EXE | Epson Status Monitor 3 for the Stylus C82 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus C84 Series on X | E_S4I2D1.EXE | Epson Status Monitor 3 for the Stylus C84 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus C87 Series on X | E_FATIABL.EXE | Epson Status Monitor 3 for the Stylus C87 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus CX3200 on X | E_S10IC2.EXE | Epson Status Monitor 3 for the Stylus CX3200 printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus CX3600 Series on X | E_FATI9BE.EXE | Epson Status Monitor 3 for the Stylus CX3600 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus CX3700 Series on X | E_FATIACP.EXE | Epson Status Monitor 3 for the Stylus CX3700 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus CX3800 Series on X | E_FATIACA.EXE | Epson Status Monitor 3 for the Stylus CX3800 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus CX4200 Series on X | E_FATIAEA.EXE | Epson Status Monitor 3 for the Stylus CX4200 Series printer - for monitoring printer status, checking ink levels, etc, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus CX4500 Series on X | E_FATI9AP.EXE | Epson Status Monitor 3 for the Stylus CX4500 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus CX4600 Series on X | E_FATI9AA.EXE | Epson Status Monitor 3 for the Stylus CX4600 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus CX4800 Series on X | E_FATIADA.EXE | Epson Status Monitor 3 for the Stylus CX4800 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus CX5000 Series on X | E_FATIBVA.EXE | Epson Status Monitor 3 for the Stylus CX5000 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus CX5400 on X | E_S4I2G1.EXE | Epson Status Monitor 3 for the Stylus CX5400 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus CX5500 Series on X | E_FATICAP.EXE | Epson Status Monitor 3 for the Stylus CX5500 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus CX6000 Series on X | E_FATIBIA.EXE | Epson Status Monitor 3 for the Stylus CX6000 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus CX6400 on X | E_S4I2L1.EXE | Epson Status Monitor 3 for the Stylus CX6400 printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus CX6600 Series on X | E_FATI9EE.EXE | Epson Status Monitor 3 for the Stylus CX6600 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus CX6600 Series on X | E_FATI9EA.EXE | Epson Status Monitor 3 for the Stylus CX6600 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus CX7400 Series on X | E_FATICDA.EXE | Epson Status Monitor 3 for the Stylus CX7400 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus CX7800 Series on X | E_FATIAFA.EXE | Epson Status Monitor 3 for the Stylus CX7800 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus CX9400Fax Series on X | E_FATICFA.EXE | Epson Status Monitor 3 for the Stylus CX9400Fax Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus D78 Series on X | E_FATIBGE.EXE | Epson Status Monitor 3 for the Stylus D78 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus D88 Series on X | E_FATIABE.EXE | Epson Status Monitor 3 for the Stylus D88 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus DX3800 Series on X | E_FATIACE.EXE | Epson Status Monitor 3 for the Stylus DX3800 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus DX4800 Series on X | E_FATIADE.EXE | Epson Status Monitor 3 for the Stylus DX4800 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus DX6000 Series on X | E_FATIBIE.EXE | Epson Status Monitor 3 for the Stylus DX6000 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus Photo 1400 Series on X | E_FATIBUA.EXE | Epson Status Monitor 3 for the Stylus Photo 1400 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus Photo 820 Series on X | E_S10IC2.EXE | Epson Status Monitor 3 for the Stylus Photo 820 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus Photo R1800 on X | E_FATI9LA.EXE | Epson Status Monitor 3 for the Stylus Photo R1800 printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus Photo R200 Series on X | E_S4I2H1.EXE | Epson Status Monitor 3 for the Stylus Photo R200 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus Photo R200 Series on X | E_S4I0H2.EXE | Epson Status Monitor 3 for the Stylus Photo R200 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus Photo R220 Series on X | E_FATIAIE.EXE | Epson Status Monitor 3 for the Stylus Photo R220 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus Photo R2400 on X | E_FATI9SA.EXE | Epson Status Monitor 3 for the Stylus Photo R2400 printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus Photo R2400 on X | E_FATI9SE.EXE | Epson Status Monitor 3 for the Stylus Photo R2400 printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus Photo R260 Series on X | E_FATIBNA.EXE | Epson Status Monitor 3 for the Stylus Photo R260 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus Photo R280 Series on X | E_FATICKA.EXE | Epson Status Monitor 3 for the Stylus Photo R280 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus Photo R300 Series on X | E_S4I2F1.EXE | Epson Status Monitor 3 for the Stylus Photo R300 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus Photo R300 Series on X | E_S4I0F2.EXE | Epson Status Monitor 3 for the Stylus Photo R300 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus Photo R320 Series on X | E_FATI9FA.EXE | Epson Status Monitor 3 for the Stylus Photo R320 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus Photo R340 Series on X | E_FATIAJE.EXE | Epson Status Monitor 3 for the Stylus Photo R340 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus Photo R800 on X | E_FATI9YE.EXE | Epson Status Monitor 3 for the Stylus Photo R800 printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus Photo RX420 Series on X | E_FATI9CE.EXE | Epson Status Monitor 3 for the Stylus Photo RX420 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus Photo RX500 on X | E_S4I2K1.EXE | Epson Status Monitor 3 for the Stylus Photo RX500 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus Photo RX600 on X | E_S4I2M1.EXE | Epson Status Monitor 3 for the Stylus Photo RX600 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus Photo RX680 Series on X | E_FATICJA.EXE | Epson Status Monitor 3 for the Stylus Photo RX680 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus Photo RX700 Series on X | E_FATI9IA.EXE | Epson Status Monitor 3 for the Stylus Photo RX700 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| U | Auto EPSON Stylus Pro 7600 on X | E_S10IC2.EXE | Epson Status Monitor 3 for the Stylus Pro 7600 printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc | No |
| X | Auto File System Conversion Utility | scricon.exe | Added by the SDBOT.EYB WORM! | No |
| X | auto repair system | qualityx.exe | Added by an unidentified WORM or TROJAN - probably a SPYBOT variant | No |
| U | Auto Run Software for Photo Frame | PhotoManager.exe | Management software for Philips digital PhotoFrame range. Used to edit photos and transfer them directly from a PC via a USB cable. Start manually when you connect the device | Yes |
| X | Auto Start | dosin.exe | Added by the SDBOT-GO BACKDOOR! | No |
| X | Auto Start | sndvol32.exe | Added by the SLINBOT.AX BACKDOOR! | No |
| X | Auto Start | windos.exe | Added by the SLINBOT.BO BACKDOOR! | No |
| U | Auto Switch | TASKBAR.exe | Related to 2-port Bitronics AutoSwitch kit from Belkin | No |
| N | Auto T Bar | autotbar.exe | If you disable the HP VIEW toolbar in IE and rearrange the toolbars on a reboot they will be back as they were before if this is left enabled | No |
| X | Auto Updat | WindowsSys32.exe | Added by a variant of the FORBOT WORM! | No |
| X | Auto updat | crcss.exe | Added by the SDBOT.AAG WORM! | No |
| X | Auto updat | SysDebug.exe | Added by the FORBOT-BA WORM! | No |
| X | Auto Update | AUP.exe | Added by an unididentified WORM or TROJAN! | No |
| X | Auto Update | dma.exe | Added by the RBOT-AVO WORM! | No |
| X | Auto Update | svchost.exe | Added by the DUMARDI-A TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | Auto Updater | asclt.exe | Added by the SLINBOT.CJ BACKDOOR! | No |
| X | Auto Updates | svchost.exe | Added by the CHEUKO-A TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | Auto WinUpdate | taskmrg.exe | Added by the RBOT-AFA WORM! | No |
| X | AutoAdministrator | SERVICES.EXE | Added by the PUNYA-A WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Root%\Application Data\WINDOWS | No |
| U | Autobar | autobar.exe | Connect buttons on the keyboard for internet direct access, etc. on HP computers | No |
| N | AutoCAD | acstart17.exe | Preloads part of AutoCAD into disk cache at startup to speed up the launch of the main program when needed. Not required as most AutoCAD users tend to either open the program once and leave it open or open it occasionally to check drawings | Yes |
| N | AutoCAD Startup Accelerator | acstart16.exe | Preloads part of AutoCAD into disk cache at startup to speed up the launch of the main program when needed. Not required as most AutoCAD users tend to either open the program once and leave it open or open it occasionally to check drawings | No |
| N | AutoCAD Startup Accelerator | acstart17.exe | Preloads part of AutoCAD into disk cache at startup to speed up the launch of the main program when needed. Not required as most AutoCAD users tend to either open the program once and leave it open or open it occasionally to check drawings | Yes |
| X | autochk | rundll32.exe autochk.dll,_IWMPEvents@16 | Added by the OPACHKI.A TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "autochk.dll" file is found in %System% | No |
| X | autochk | rundll32.exe protect.dll,_IWMPEvents@16 | Added by the OPACHKI.A TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "protect.dll" file is found in %UserProfile% | No |
| U | autoclk | autoclk.exe | Autoclik is a Windows utility "that allows you to perform all mouse activity with absolutely no clicking" | No |
| X | AutoDiscovery/AutoPurge (ADAP) Service | wmiadapi.exe | Added by the RBOT.FLT WORM! | No |
| N | AutoEA | Ahqrun.exe | For Creative Soundblaster Live! series soundcards. Specify for any audio application what audio preset to automatically associate with currently active speaker output. Available via AudioHQ | No |
| X | AUTOEXE | AUTOEXE.exe | Added by the SEMAPI-A WORM! | No |
| X | autoload | cftmon.exe | Added by the SOCKS-E WORM! | No |
| X | autoload | spooll.exe | Added by the SILLYFDC WORM! | No |
| X | autoload | windowsupdate.exe | Added by the POLYCRYP.DY TROJAN! | No |
| X | autoload | spool.exe | Added by the AGENT-GSG TROJAN! | No |
| X | Autoloaderaproposclient | Apropos_Client_Loader.exe | AproposMedia adware | No |
| X | Autoloaderaproposclient | cxtpls_loader.exe | AproposMedia adware | No |
| X | AutoLoaderEnvoloAutoUpdater | auto_update_loader.exe | Envolo/AproposMedia adware updater | No |
| N | AutoMate Task Service | automate.exe | Task scheduler for Unisyn Automate 4 task automation/macro running software. Available via a desktop shortcut or Start → Programs | No |
| U | AutoMate5 | Am5HkWnd.exe | "Automate is the Leading Software for Automation of front and back-office business processes.It provides all the tools necessary to completely automate business processes, regardless of their complexity" | No |
| U | AutoMate6 | AMEM.exe | AutoMate 6 for automating repetitive tasks | No |
| X | Automated Windows Updates | wauclt.exe | Added by the GAOBOT.AJD WORM! | No |
| X | Automatic Defrag Manager | defrag.exe | Added by the RBOT-AKE WORM! | No |
| X | Automatic Media Update | CACHE.RVD | Added by an unidentified WORM/TROJAN! | No |
| X | Automatic Media Update | HPLNT32.RVD | Added by an unidentified WORM/TROJAN! | No |
| X | Automatic Microsoft Windows Updater | suchost.exe | Added by the RBOT-EQ WORM! | No |
| X | Automatic Updates | algs.exe | Added by the IRCBOT-AAM TROJAN! | No |
| X | Automatic Windows Updater | Update.exe | Added by the GAOBOT.AO WORM! | No |
| N | Automatically launches the United Devices Agent when you start your computer | UD.EXE | The United Devices Agent can recycle your PC's unused resources and use them to perform valuable scientific and medical research without disturbing your usual computer use - similar to SETI@home but for medical research. Available via Start > Programs | No |
| X | autoMe | wscript.exe solution.vbs | Added by the VBS.SASAN WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted. The "solution.vbs" file is found in %Windir% | No |
| X | Autopdate | Autopdate.exe | Added by the RBOT-AGL WORM! | No |
| N | AUTOPROP | REGPROP.EXE WMPADDIN.DLL | Both the files are in the MS Office/Bots/FP_WMP directory. Apparently, it registers the FrontPage WiMP extension | No |
| X | AutoProtect | AutoProtect.vbs | Added by the KILLBAT-C WORM! | No |
| X | AUTOPROTECTU | navapq32.exe | Added by an unidentified WORM or TROJAN! | No |
| X | autorepair | dexs.exe | Added by a variant of the SDBOT WORM! | No |
| X | autorn | autorn.exe | Added by the SILLYFDC.BCY WORM! | No |
| U | Autoroute SMTP | AutoSmtp.exe | Autoroute SMTP - "automatic switching between SMTP servers depending on what network you are currently working in." You need to have two Internet service providers | No |
| X | autorun | autorun.exe | Added by the AUTOM-B WORM! | No |
| X | autorun | sxs.exe | Added by the SMALLVBS-A WORM! | No |
| X | autorun | winmain.exe | Added by a variant of the DELF.CNS TROJAN! | No |
| X | AutoRun | allrs.exe | Added by the MUDROP.LJ TROJAN! | No |
| X | autorundemo | [path to trojan] | Added by the AGENT-FPX TROJAN! | No |
| X | AUTORUN_VAL | AntiSpyCheck 2.1.exe | AntiSpyCheck rogue spyware remover - not recommended, removal instructions here | No |
| X | AUTORUN_VAL | asc 2.1.exe | AntiSpyCheck rogue spyware remover - not recommended, removal instructions here | No |
| ? | AutoShutdown | pssvc.exe | Utility to fix vCard Export in MS Outlook 2000 - although why are these together? | No |
| U | AutoSizer | AUTOSIZER.EXE | AutoSizer - utility that automatically maximizes windows when they're opened | No |
| N | AutoSpell | autospel.exe | AutoSpell - spell checker (version 6.*) | No |
| N | AutoSpell 5 | ASWATC32.EXE | AutoSpell - spell checker | No |
| U | AutoSys | autosys.exe | Winguardian surveillance software. Uninstall this software unless you put it there yourself | No |
| N | autotbar | autotbar.exe | If you disable the HP VIEW toolbar in IE and rearrange the toolbars on a reboot they will be back as they were before if this is left enabled | No |
| N | AutoTKit | AUTOTKIT.EXE | On HP PC's. Unclear what purpose it serves - but there's a known issue with Internet Explorer Toolbar settings not being saved with it enabled | No |
| N | autoupd | autoupd.exe | Raxco Software Auto Update utility."Used to keep your software up-to-date" | No |
| X | autoupd | autoupd.exe | Added by an unidentified VIRUS, WORM or TROJAN! - found in a folder of the same name | No |
| X | autoupdate | rundll32 DATADX.DLL,SHStart | Added by a variant of the QOOLOGIC TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "DATADX.DLL" file is found in %System% | No |
| X | autoupdate | rundll32 SUPDATE.DLL,SHStart | Added by a variant of the QOOLOGIC TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "SUPDATE.DLL" file is found in %System% | No |
| X | AutoUpdate | smss.exe | Added by WINSPY.88! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\debug64 | No |
| X | Autoupdate Service | kaka.exe | Added by the SYMPE-B TROJAN! | No |
| X | Autoupdate Service | [path to trojan] | Added by the AGENT-CB TROJAN! | No |
| X | AutoUpdate32 | services.exe | Added by WINSPY.88! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\debug64 | No |
| X | AutoUpdater | aupdate.exe | Tinybar variant | No |
| X | AutoUpdater | AutoUpdate.exe | PeopleonPage foistware | No |
| X | autoupdatev2 | [path to file] | Added by the DROPPER-BM TROJAN! | No |
| X | autoupdatev2 | autoupdatev2.exe | Detected by Kaspersky as the AGENT.FQ TROJAN! | No |
| X | AutoVirusProtection | ciscv.exe | Added by a variant of the RBOT WORM! | No |
| X | auto__antiav__key | antiav_exe.exe | Added by the BAGLEDI-AA TROJAN! | No |
| X | auto__hloader__key | hloader_exe.exe | Added by the BAGLE.AB TROJAN! | No |
| X | aux.exe | aux.exe | Added by the ZINS TROJAN! | No |
| X | auxAudioDevice | aux32.exe | Added by the AIZU WORM! | No |
| N | AUXXTRAY | au30setp.exe | System Tray application for Aureal Vortex based soundcards. Can be run manually via Start -> Settings -> Control Panel | No |
| X | AV | UPDATE-28062004.exe[25 blank spaces].vbs | Added by the MIDFIN WORM! | No |
| X | AV | Antivir.exe | Antivir rogue security software - not recommended, removal instructions here | No |
| X | av | expressav.exe | Express Antivirus 2009 rogue security software - not recommended, removal instructions here | No |
| X | AV AntiSpyware | ava.exe | AV AntiSpyware rogue security software - not recommended, removal instructions here | No |
| X | AV Care | AvCare.exe | AvCare rogue security software - not recommended, removal instructions here | No |
| X | AV Client | patch31345.exe | Added by the MYDOOM.AD WORM! | No |
| X | AV Industry | patch31345.exe | Added by the MYDOOM.AD WORM! | No |
| X | AV UpDate | Update.exe | Added by the FUROOT-A TROJAN! | No |
| N | AvaFind | AvaFind.exe | AvaFind file search utility | No |
| X | AVantivirus | Avconsol.exe | Added by the MSNVB-D WORM! | No |
| X | avast | troyan.exe | Added by the SMALL.CZ TROJAN! | No |
| Y | Avast! | ashServ.exe | Main part of avast! Antivirus - including the resident protection, virus chest and scheduler. Starts via a registry "Run" key on Windows 98/Me and as a service on Windows 2K/XP/Vista | No |
| Y | avast! | ashDisp.exe | System Tray access to and notifications for avast! Antivirus - giving left-click access to the On-Access Scanner, right-click access to other options and event notifications | Yes |
| Y | avast! Antivirus | ashDisp.exe | System Tray access to and notifications for avast! Antivirus - giving left-click access to the On-Access Scanner, right-click access to other options and event notifications | Yes |
| Y | avast! Web Scanner | Ashwebsv.exe | Web scanning part of avast! Antivirus. Starts via a registry "Run" key on Windows 98/Me and as a service on Windows 2K/XP/Vista | No |
| Y | Avast32 | Astart32.exe | Part of Avast! anti-virus software | No |
| X | avc | avmon.exe | Added by an unidentified TROJAN! | No |
| U | AvconsoleEXE | Avconsol.exe | From McAfee VirusScan up to version 4.x and Dr Solomon's VirusScan. Used to schedule regular scans. If you don't have scans scheduled you don't need it | No |
| X | Avengine | Avengine.com | Added by the DELF.LJ TROJAN! | No |
| X | AveoAttune | atmdlusr.exe | Aveo Attune automated helpdesk software - adware/spyware | No |
| U | AVFX Engine | StartFX.exe | Advanced Video FX - supported by a number of Creative Web Cameras. "Have more fun by adding a wide range of special effects and backgrounds to your video chat with Advanced Video FX" | No |
| X | AvG | svchost323.exe | Added by the RBOT-ZA WORM! | No |
| Y | AVG Anti-Spyware | avgas.exe | System Tray access to and notifications for AVG Anti-Spyware 7.5. This has now been superseded by AVG Anti-Virus which includes Anti-Spyware | Yes |
| Y | AVG Anti-Virus system | avgcc.exe | System Tray access to and notifications for the 7.* series of anti-virus products from AVG Technologies. If this entry is disabled, the core product functions will work properly but you will lose quick access to the Control Center and miss notifications of potential problems and updates | Yes |
| Y | AVG Anti-Virus System | avgemc.exe | E-mail scanner for the 7.* series of anti-virus products from AVG Technologies. This process scans incoming and outgoing E-mails for viruses and other malware. From version 7.1 onwards this entry only appears in 9x/Me as a startup entry, it loads as a service in 2K and higher | Yes |
| Y | AVG Anti-Virus System | avgw.exe | This entry is included with the 7.* series of anti-virus products from AVG Technologies. Once installed (or on first run for a different user) it runs the configuration sequence to set up the product and doesn't run on subsequent restarts | Yes |
| X | Avg Antivirus | icpldrvx.exe | Added by the BANKER.BYU TROJAN! | No |
| X | AVG AntiVirus Scanner | avgscnx.exe | Added by the SILLYFDC.BBE WORM! Note - this is not a legitimate AVG entry | No |
| X | AVG AntiVirus Updater | avgwusv.exe | Added by the SILLYFDC.BAX WORM! Note - this is not a legitimare AVG entry | No |
| X | AVG Grisoft Updater | updater.exe | Added by the AGOBOT-OT WORM! | No |
| Y | AVG IDS | AVGIDSUI.exe | System Tray access to and notifications for AVG Identity Protection - identity theft prevention which is available as a stand-alone product or included with AVG Internet Security. "Always-on identity theft prevention for Windows from one of the world's most trusted security companies. Shop and ensure safe surfing of the web, make yourself secure in the knowledge that your passwords, account information, credit card numbers, social security numbers and other valuables are safe from identity thieves." It also loads the background activity monitoring process (AVGIDSMonitor.exe) | Yes |
| U | AVG Internet Security | avgtray.exe | System Tray access to and notifications for the range of internet security products from AVG Technologies - including Internet Security, Anti-Virus and their free products such as Anti-Virus Free and LinkScanner®. If this entry is disabled, the core product functions will work properly but you will lose quick access to the main window and miss notifications of potential problems and updates | Yes |
| Y | AVG7_AMSVR | AVGAMSVR.EXE | This is the AVG7 Alert Manager for the 7.* series of anti-virus products from AVG Technologies. It is essential for both scheduled activities (such as automatic updates and scans) and for displaying alerts and reports via the Control Center (avgcc.exe). Appears in 9x/Me as a startup entry and as a service in 2K and higher | No |
| Y | AVG7_CC | avgcc.exe | System Tray access to and notifications for the 7.* series of anti-virus products from AVG Technologies. If this entry is disabled, the core product functions will work properly but you will lose quick access to the Control Center and miss notifications of potential problems and updates | Yes |
| Y | AVG7_EMC | avgemc.exe | E-mail scanner for the 7.* series of anti-virus products from AVG Technologies. This process scans incoming and outgoing E-mails for viruses and other malware. From version 7.1 onwards this entry only appears in 9x/Me as a startup entry, it loads as a service in 2K and higher | Yes |
| Y | AVG7_Run | avgw.exe | This entry is included with the 7.* series of anti-virus products from AVG Technologies. Once installed (or on first run for a different user) it runs the configuration sequence to set up the product and doesn't run on subsequent restarts | Yes |
| U | AVG8_TRAY | avgtray.exe | System Tray access to and notifications for the 8.* series of internet security products from AVG Technologies - including Internet Security, Anti-Virus and their free products such as Anti-Virus Free and LinkScanner®. If this entry is disabled, the core product functions will work properly but you will lose quick access to the main window and miss notifications of potential problems and updates | Yes |
| U | AVG9_TRAY | avgtray.exe | System Tray access to and notifications for the 9.* series of internet security products from AVG Technologies - including Internet Security, Anti-Virus and their free products such as Anti-Virus Free and LinkScanner®. If this entry is disabled, the core product functions will work properly but you will lose quick access to the main window and miss notifications of potential problems and updates | Yes |
| Y | avgamsvr.exe | Avgamsvr.exe | This is the AVG7 Alert Manager for the 7.* series of anti-virus products from AVG Technologies. It is essential for both scheduled activities (such as automatic updates and scans) and for displaying alerts and reports via the Control Center (avgcc.exe). Appears in 9x/Me as a startup entry and as a service in 2K and higher | No |
| Y | avgas | avgas.exe | System Tray access to and notifications for AVG Anti-Spyware 7.5. This has now been superseded by AVG Anti-Virus which includes Anti-Spyware | Yes |
| Y | avgcc | avgcc.exe | System Tray access to and notifications for the 7.* series of anti-virus products from AVG Technologies. If this entry is disabled, the core product functions will work properly but you will lose quick access to the Control Center and miss notifications of potential problems and updates | Yes |
| Y | avgcc32 | avgcc32.exe | System Tray access to and notifications for the 6.* (and maybe earlier) series of anti-virus products from AVG Technologies. Also enables scheduled tests, Outlook E-mail plug-in and automatic updates | No |
| Y | AVGCtrl | AVGCtrl.exe | Part of AntiVir® PersonalEdition Classic antivirus | No |
| Y | avgemc | avgemc.exe | E-mail scanner for the 7.* series of anti-virus products from AVG Technologies. This process scans incoming and outgoing E-mails for viruses and other malware. From version 7.1 onwards this entry only appears in 9x/Me as a startup entry, it loads as a service in 2K and higher | Yes |
| Y | avgfwsrv | AVGFWSRV.EXE | Integrated firewall for the 7.* series of anti-virus products from AVG Technologies. Protects the users computer from outside attacks, typically from the internet. Starts via a registry "RunServices" key on Windows 98/Me and as a service on Windows 2K/XP/Vista | No |
| Y | AVGIDS | AVGIDSUI.exe | System Tray access to and notifications for AVG Identity Protection - identity theft prevention which is available as a stand-alone product or included with AVG Internet Security. "Always-on identity theft prevention for Windows from one of the world's most trusted security companies. Shop and ensure safe surfing of the web, make yourself secure in the knowledge that your passwords, account information, credit card numbers, social security numbers and other valuables are safe from identity thieves." It also loads the background activity monitoring process (AVGIDSMonitor.exe) | Yes |
| Y | AVGIDSUI | AVGIDSUI.exe | System Tray access to and notifications for AVG Identity Protection - identity theft prevention which is available as a stand-alone product or included with AVG Internet Security. "Always-on identity theft prevention for Windows from one of the world's most trusted security companies. Shop and ensure safe surfing of the web, make yourself secure in the knowledge that your passwords, account information, credit card numbers, social security numbers and other valuables are safe from identity thieves." It also loads the background activity monitoring process (AVGIDSMonitor.exe) | Yes |
| Y | avgmsvr.exe | avgmsvr.exe | AVG Anti-Virus 7.0 related | No |
| Y | AVGnt | AVGnt.exe | AntiVir® PersonalEdition Classic antivirus. System Tray icon and control program | No |
| Y | Avgserv9.exe | Avgserv9.exe | Background monitoring and scanning for the 6.* (and maybe earlier) series of anti-virus products from AVG Technologies when running on 9x/Me. Loaded from the "RunServices" registry key | No |
| U | avgtray | avgtray.exe | System Tray access to and notifications for the range of internet security products from AVG Technologies - including Internet Security, Anti-Virus and their free products such as Anti-Virus Free and LinkScanner®. If this entry is disabled, the core product functions will work properly but you will lose quick access to the main window and miss notifications of potential problems and updates | Yes |
| Y | AVGuard | AVGuard.exe | AntiVir® PersonalEdition Classic antivirus. Background task which scans files transparently | No |
| Y | AVG_CC | avgcc32.exe | System Tray access to and notifications for the 6.* (and maybe earlier) series of anti-virus products from AVG Technologies. Also enables scheduled tests, Outlook E-mail plug-in and automatic updates | No |
| Y | AVG_EMC | AVGEMC.exe | AVG Anti-Virus 7.0 Email Cleaner. Scans incoming and outgoing email for viruses | No |
| Y | AVG_RegCleaner | AVGREGCL.exe | Boot time registry cleaner for the 7.* series of anti-virus products from AVG Technologies - for checking the registry for virus additions and other security problems | No |
| X | avidrv | drvsc.exe | Detected by Kaspersky as the AGENT.PH TROJAN! | No |
| X | Avimgt | Avimgt.exe | Added by the GEMA TROJAN! | No |
| X | Avimgt32 | Avimgt32.exe | Added by the GEMA TROJAN! | No |
| Y | avinit | AVINIT9X.EXE | Command Antivirus related | No |
| X | Avira Anti-Virus Pro 2008 | explorear.exe | Added by an unidentified WORM or TROJAN! | No |
| X | AvirTr | AvirTr.exe | AntivirusTrigger rogue security software - not recommended, removal instructions here | No |
| Y | AVK Mail Checker | AVKPop.exe | eXtendia AVK AntiVirus email checker | No |
| Y | AVKBar | AVKBar.exe | GData AntiVirusKit Anti-virus | No |
| Y | AVKTray | AVKTray.exe | System Tray access to the antivirus part of G Data range of internet security products | No |
| Y | AvMaiSrv | Avmaisrv.exe | Part of Avast! anti-virus software - E-mail scanner | No |
| X | AVManager | csrss.exe | Added by the AUTORUN-DV WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ~A~m~B~u~R~a~D~u~L~ subfolder | No |
| ? | AvMenu | AVMenu.exe | Part of the ArcaVir antivirus suite from Polish company Arcabit. What does this part do and is it required? | No |
| Y | AVMWlanClient | wlangui.exe | Related to broadband products from avm.de | No |
| X | avnort | formatsys.exe | Added by the SERFLOG.A WORM! | No |
| X | avnort | msmbw.exe | Added by the SERFLOG.A WORM! | No |
| X | avnort | serbw.exe | Added by the SERFLOG.A WORM! | No |
| Y | avp | avp.exe | Kaspersky anti-virus and AOL's Active Virus Shield (by Kaspersky) - found in either a Kaspersky or AOL sub-directory | No |
| X | AVP | [path to trojan] | Added by the MUTBO-A TROJAN! | No |
| X | avp | avp.exe | Detected by Kaspersky as the ALPHABET.B TROJAN! | No |
| X | avp | win*.tmp.exe [* is a number] | Added by a variant of the ALPHABET TROJAN! | No |
| X | avp | xar6000v7.exe | Detected by Kaspersky as the ALPHABET.B TROJAN! | No |
| X | AVP-SE | avp-32.exe | Added by the AGOBOT.FS WORM! | No |
| X | avpa | avpo.exe | Added by the LEGMIR-ARK TROJAN! | No |
| Y | avpcc | avpcc.exe | Kaspersky Labs anti-virus | No |
| X | avpl | Antivirus.exe | AntiVirus Plasma rogue security software - not recommended, removal instructions here | No |
| X | AvpM | AvpM.exe | Added by the STARTPAGE-ID TROJAN! Note - this is not the popular Kaspersky antivirus and this file is located in %Windir%\pchealth\UploadLB\Config | No |
| X | avpms | avpms.exe | Added by the ONLINEGAMES.CPV TROJAN! | No |
| X | Avpr | avpr.exe | Added by the MYDOOM.AF WORM! | No |
| X | AVPSrv | AVPSrv.exe | Added by the ONLINE-GEN TROJAN! | No |
| X | avptask | [path to trojan] | Added by the NOFERE-G TROJAN! | No |
| X | avptask | expl0rer.exe | Added by the AGENT.JJO TROJAN! | No |
| X | Avptask | rund1132.exe | Added by the AGENT.PKZ TROJAN! | No |
| X | AvpWx | WErcx.exe | Detected by Kaspersky as a variant of the AGENT.A TROJAN! | No |
| X | Avril Lavigne - Muse | [random filename] | Added by the AVRIL-A WORM! | No |
| X | avrlabs | avrlabs.exe | VirusResponse Lab 2009 rogue security software - not recommended | No |
| X | avscan | avscan.exe | Added by the SILLYFDC.BCR WORM! The file is in the users %Temp% directory | No |
| X | AVScan | winav.exe | Unidentfied rogue security software | No |
| X | AvScan | avscan.exe | Antivirus System PRO and Spyware Protect 2009 rogue security software. The file is located in %ProgramFiles%\<rogue name> | No |
| Y | AVSCHED32 | AVSched32.exe | AntiVir® PersonalEdition Classic - antivirus | No |
| Y | AVSchedScan | SCHSC9X.EXE | Command Antivirus related | No |
| X | AVSeguro | pgs.exe | AVSeguro, Spanish rogue security software - not recommended. A member of the AVSystemCare family | No |
| X | AvSer | dsm.exe | Added by the SERFLOG.B WORM! | No |
| X | AvSer | msmpatch.exe | Added by the SERFLOG.B WORM! | No |
| X | AvSer | svosm.exe | Added by the SERFLOG.B WORM! | No |
| X | AvSer | sysup.exe | Added by the SERFLOG.B WORM! | No |
| X | avserve.exe | avserve.exe | Added by the SASSER WORM! | No |
| X | avserve2.exe | avserve2.exe | Added by the SASSER.B or SASSER.C WORMS! | No |
| X | avserve3.exe | avserve3.exe | Added by the SASSER.G WORM! | No |
| U | AVStation premium | AVStation agent.exe | Related to Samsung AV Station - instant playback of music, photos, videos | No |
| X | AVSTRT | navpsrvc.exe | Added by the FORBOT-EF WORM! | No |
| X | AVSystemCare | pgs.exe | AVSystemCare rogue security software - not recommended. There are number of variants in this family sharing the same filename and user interface - see here | No |
| X | avtapi | avtapi.exe | Added by the AGENT.AM TROJAN! Note - example names include "XviD", "Winamp Remote", "Windows Media Player" and "Futuremark" | No |
| N | Avtray | Avtray.exe | Command Antivirus tray icon | No |
| X | AVupdate32 Update | AVupdate32.exe | Added by the RBOT.CNI TROJAN! | No |
| ? | AVWLPSTA | AVWLPSTA.exe | PRISM Status Tray Applet - but what is it for and is it required? | No |
| Y | AVWUpd32 | AVWUPD32.EXE | AntiVir® PersonalEdition Classic - updater | No |
| Y | avx communicator | xcommsur.exe | Anti-virus part of BitDefender virus scanner/firewall | No |
| Y | Avxlive | avxlive.exe | Bullguard or BitDefender antivirus | No |
| Y | avxlni | avxinit.exe | Anti-virus part of BitDefender virus scanner/firewall | No |
| ? | Avxnews | ?? | ?? | No |
| U | Awatch | Awatch.exe | Diagnosis tool that monitors DSL connections, installed alongside DSL drivers from AVM Fritz's range of modem products | No |
| U | AwaySch | AwaySch.EXE | Part of the IBM ThinkVantage Productivity Center. "The Away Manager application allows you preselect and run routine tasks to maintain your system's performance" | No |
| U | AWC | AWC.exe | Advanced SystemCare from IObit - "helps protect, optimize, clean, and repair your computer and Registry." The PRO version adds automation, anti-spyware, privacy protection and performance tune-ups | No |
| N | awhost32 | awhost32.exe | Part of Symantec's pcAnywhere remote PC management software. Provides an automatic startup of the client PC in host mode in conjuction with a host-definition file, so system administrators can access the machine. Can cause a 10% reduction in speed and not recommended | No |
| U | AWMON | Ad-Watch.exe | Part of Lavasoft Ad-aware Plus - realtime spyware-monitor watching your memory and registry for spyware that tries to install or change your system | No |
| U | AWMON | Ad-Monitor.exe | F-Secure Anti-Spyware | No |
| X | Awoa | smmo.exe | PurityScan adware | No |
| U | awplite | awplite.exe | AllWallpapers Lite desktop wallpaper changer | No |
| ? | AWUSGSTA | AWUSGSTA.exe | Reportedly related to a USB Wifi Adapter - is it required at startup? | No |
| U | awxDTools | awxDTools.dll, awxRegisterDll | AwxDTools related - a Windows Shell-Extension for the Daemon-Tools. It extends the context-menu of ImageFiles supported by Daemon-Tools (i.e.: *.cue, *.iso, *.ccd ...) | No |
| N | axcmd | axcmd.exe | Part of Alcohol 120% - "a powerful Windows CD and DVD burning software that makes it easy to create backups of DVDs and CDs. In addition, the program lets you store your most used CDs as images on your computer, so you can call them up at the click of a button". This entry automatically re-loads a disk image in the virtual CD/DVD drive on a system reboot | Yes |
| ? | AxFilter | Rundll32 AXFILTER.DLL, Rundll32 | ?? | No |
| U | AXIS Print System DriverScanner | DriverScanner.exe | Part of AXIS Print System from AXIS Communications - "adds printer discovery, printer driver installation printing on Windows platforms. Printing is enabled by AXIS Print Monitor, which is one of the components. Another component in AXIS Print System is AXIS IP Installer." Now discontinued | No |
| U | AXIS Print System DriverServer | DriverServer.exe | Part of AXIS Print System from AXIS Communications - "adds printer discovery, printer driver installation printing on Windows platforms. Printing is enabled by AXIS Print Monitor, which is one of the components. Another component in AXIS Print System is AXIS IP Installer." Now discontinued | No |
| U | AXIS Print System TrayIcon | TrayIcon.exe | System Tray access to AXIS Print System from AXIS Communications - "adds printer discovery, printer driver installation printing on Windows platforms. Printing is enabled by AXIS Print Monitor, which is one of the components. Another component in AXIS Print System is AXIS IP Installer." Now discontinued | No |
| X | AXPDefender | AXPDefender.exe | Advanced XP Defender rogue security software - not recommended, removal instructions here | No |
| X | AXPFixer | AXPFixer.exe | AdvancedXPFixer rogue security software - not recommended, removal instructions here | No |
| X | AXVenore | AXVenore.exe | Added by an unidentified TROJAN - see here | No |
| U | AzMixerSel | AzMixerSel.exe | Related to Realtek_Azalia Mixer Selector | No |
| Y | azmodem | azexe.exe | Aztech Labs modem driver | No |
| ? | a_vpd | vpd.exe | Located in an IBMTOOLS\VPD sub-directory. What does it do and is it required? | No |
| N | B'sCLiP | BSCLIP.exe | CD recording utility that comes with a lot of CDR/CDRW drives and isn't required | No |
| X | b.exe | b.exe | Added by the SDBOT.BND WORM! | No |
| N | B.Reader | remin.exe | Birthday Reminder 5.0 - as the name implies | No |
| X | b3d | BDEsecureinstall.exe | B3d Projector foistware - periodically trys to access the internet. (1) Uninstall it via Start -> Settings -> Control Panel -> Add/Remove Programs. (2) Remove the BDEsecureinstall.exe if still present in the "System" directory. (3) Disable and ideally delete it from the registry. (4) Remove the "BDE" directory and all its contents | No |
| X | b3dUpdate | Zupdate.exe | Associated with B3d Projector foistware - see here | No |
| U | b9 | B9.exe | FireTrust Benign - allows you to receive e-mail which is safe from viruses, worms, scripts, web bugs, privacy threats and other security risks, without affecting your e-mail. "Benign neutralizes or strips out the code that makes viruses, worms, scripts and other potentially harmful things run" | No |
| X | b99 | msmm.exe | ClientMan parasite variant | No |
| X | bab | svchst32.exe | Added by the AGENT.Q TROJAN! | No |
| X | babeie | rundll32 cnbabe.dll, dllstartup | CommonName Toolbar spyware. To uninstall see here | No |
| N | Babylon Client | Babylon.exe | Babylon-Pro is a powerful information tool that instantly provides relevant information, translations & conversions for any word or value you click on" | No |
| N | Babylon Translator | Babylon.exe | "Babylon-Pro is a powerful information tool that instantly provides relevant information, translations & conversions for any word or value you click on" | No |
| X | Back Updates | Uninstall.log.vbs | Added by the YPSAN.D WORM! | No |
| U | Back2zip | Back2zip.exe | Back2zip is a simple and elegant backup solution which uses the industry's most powerful ZIP and ZIP-64 technologies to constantly monitor your documents and make sure that they are always properly backed up | No |
| X | Backdoor.NuAgent | agent.exe | Added by the AGENT-DP TROJAN! | No |
| X | Background Intelligent Transfer Service | [path] rundll32.exe | Added by the VB-ZD TROJAN! Note - this is not the legitimate rundll32.exe process, which is found in %Windir% (98/ME) or %System% (NT/2K/XP) | No |
| U | BackgroundSwitcher | bgswitch.exe | Originally included with Microsoft's XP PowerToys (but now withdrawn - see here, Background Switcher allows your desktop background to periodically change | No |
| U | BackgroundSwitcher | BackgroundSwitcher.exe | John's Background Switcher (or JBS for short) periodically changes the background image on your computer (like every hour or every day) to something interesting | No |
| N | Backpack UDF | bpudfmon.exe | Backpack UDF packet writing software for Microssolutions' Back Pack external CD-RW drive. Similar to DirectCD. Run manually before insert an appropriately formatted CD-RW disk | No |
| X | backup | [path to worm] | Added by the AGOBOT-H WORM! | No |
| U | Backup NOW! Scheduler | Schdlr32.exe | Scheduled backups for the NTI Backup Now archiving utility. If a backup job has been scheduled, this entry places an icon in the System Tray and will automatically load the main program and execute the backup at the set time - as long as the backup media is present | Yes |
| X | Backup One | smbguard.exe | Added by the SDBOT-MI WORM! | No |
| X | Backup Service | backup.svc | Unidentified adware | No |
| X | BackUp Windows 2009 | [random].exe | Added by the AGENT-LUJ TROJAN! | No |
| U | Backup4all OTB Agent | B4AOTB.exe | "Backup4all is an award-winning data backup software for Windows. This backup utility was designed to protect your valuable data from partial or total loss by automating backup tasks, password protecting and compressing it to save storage space" | No |
| U | BackupExecScheduler | besch.exe | Veritas "Back Up My PC" software | No |
| ? | BackupNotify | backupnotify.exe | HP Digital Imaging related. What does it do and is it required? | No |
| N | BackWeb | backweb.exe | Automatically detects an internet connection and downloads any available updates. Typical on Compaq and HP PC's but not restricted to those OEM's. Resource hog and often causes malfunctions. Available via Start -> Programs | No |
| N | Backwork | Backwork.exe | Backwork trojan detector | No |
| U | BACPI10 | bacpi10a.exe | Known as "PowerKey" - a minimalistic keyboard driver that allows power management keys on BTC keyboards to function properly in older OS's (i.e. Win95/98/NT4). Also adds an icon to the system tray | No |
| N | BacsTray | BacsTray.exe | Broadcom Advanced Control Suite - for modems and set top boxes based upon Broadcom chipsets. Not required unless you have networking problems | No |
| X | BADDATE | BADDATE.EXE | Added by an unidentified VIRUS, WORM or TROJAN! | No |
| X | Badx | HELLRAIDER.EXE | Added by the MINDCTRL.A BACKDOOR! | No |
| X | BagleAV | csrss.exe | Added by the NETSKY.AB WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | Bakra | IEHost.EXE | Added by the MULTIDR-AH TROJAN! | No |
| X | bal | SYSMONMS.EXE | Added by the FAKEALERT TROJAN! | No |
| X | Band-Aid | [path to file] | Added by the RANKY.O TROJAN! | No |
| U | bandmon | bandmon.exe | Rokario Bandwidth Monitor | No |
| X | Bandook | ali.exe | Added by the EXEMAS-B TROJAN! | No |
| N | Bandwidth Meter Pro | BandwidthMeterPro.exe | System Tray access to Bandwidth Meter Pro - "an easy-to-use network software for bandwidth usage monitoring and reporting. It monitors traffic of all network connections on your computer and displays graphical and numerical download and upload speeds in real-time" | Yes |
| U | Bandwidth Monitor Pro | Bandwidth Monitor Pro.exe | Bandwidth Monitor Pro - utililty to track your current download/upload limit that may be set by your ISP | No |
| N | BandwidthMeterPro | BandwidthMeterPro.exe | System Tray access to Bandwidth Meter Pro - "an easy-to-use network software for bandwidth usage monitoring and reporting. It monitors traffic of all network connections on your computer and displays graphical and numerical download and upload speeds in real-time" | Yes |
| U | Banpopup by Pratik | Banpopup.exe | Banpopup - popup killer | No |
| X | bantool | bantool.exe | Malware installed by different rogue security software including SpyKillerPro | No |
| X | bantool | ie_ban.exe | Detected as the VB.PO TROJAN! | No |
| X | Bar Ding lolt | Analiz.exe | Added by the RBOT-RP WORM! | No |
| X | bargains | bargains.exe | BargainBuddy adware | No |
| X | bargains | bargainbuddy.exe | BargainBuddy adware | No |
| X | BaRloNdDiLhep | services.exe | Added by the AUTORUN.DIB WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ~A~m~B~u~R~a~D~u~L~� subfolder | No |
| ? | Bart Station | station.sbrt | Related to PeoplePC ISP. May be a dialler for dial-up accounts? | No |
| U | Bart Station | PPCOLink.exe | Dialer for PeoplePC ISP | No |
| X | BarTheme | bartent32.exe | Added by the AGOBOT-UG WORM! | No |
| N | bascstray | BascsTray.exe | Broadcom Advanced Control Suite - for modems and set top boxes based upon Broadcom chipsets. Not required unless you have networking problems | No |
| X | Bat | secure2.bat | Added by the ZCREW.C TROJAN! | No |
| N | Batchreg1 | N/A | Part of the Windows System Recovery process. Added to the registry via Msbatch.inf. The existence of this key or process after the last reboot during installation indicates an unsuccessful installation, as that key should be deleted automatically. See here | No |
| U | BatInfEx | rundll32.exe [path] BatInfEx.dll,BMMAutonomicMonitor | Part of the Battery MaxiMiser and Power Management Features set for some IBM/Lenovo Thinkpad notebooks. This entry is needed for the battery information and monitoring program as well as the Battery Maximizer Wizard | Yes |
| U | BatLogEx | rundll32.exe [path] BatLogEx.DLL,StartBattLog | Part of the Battery MaxiMiser and Power Management Features set for some IBM/Lenovo Thinkpad notebooks. This entry logs changes in battery conditions such as charging, discharging, life, etc | Yes |
| X | BatSrv | batserv2.exe | Detected by Kaspersky as the LOCKSY.M WORM! | No |
| U | Battery Scope | batmgr.exe | Monitors battery levels on a notebook/laptop PC | No |
| U | BatteryBar | batterybar.exe | BatteryBar - displays battery usage, and the current percentage of battery power left | No |
| Y | batterymiser | batterymiser.exe | Battery Miser power management utility for LG Notebooks | No |
| Y | BatteryMiser 5 | BatteryMiser5.exe | Battery Miser 5 power management utility for LG Notebooks | No |
| X | BatzBack | BatzBack.scr | Added by the BACKZAT WORM! | No |
| U | BAUSB | BAUSB.exe | Boston Acoustics Audio, USB driver | No |
| X | bawindo | bawindo.exe | Added by the BEAGLE.AR or BEAGLE.AU WORMS! | No |
| U | Bayden SlickRun | sr.exe | "SlickRun is a floating command line utility for Windows. It gives you almost instant access to any program or website. SlickRun allows you to create command aliases (known as MagicWords), so C:\Program Files\Outlook Express\msimn.exe becomes MAIL" | Yes |
| U | BayMgr | DockApp.exe | Hot-swappable drive management on laptops allowing you to change drives without closing down Windows. Only required if you frequently swap bay devices | No |
| U | Bayswap | bayswap.exe | Hot-swappable drive management on Compaq Notebooks which allows you to swap drives without closing down Windows. Only required if you frequently swap bay devices | No |
| U | Bayswap2 | TbUpdate.exe | Hot-swappable drive management on Compaq Notebooks which allows you to swap drives without closing down Windows. Only required if you frequently swap bay devices | No |
| N | BBC Alerts | BBC_Alerts.exe | BBC Alerts - "You can now have all the latest news and sports headlines delivered straight to your desktop with the new BBC Alerts service" | No |
| U | BBC News alerts | skinkers.exe | BBC News Desktop Alerts service - see here. Desktop alert and breaking news e-mail services let you find out about all the latest news as it happens | No |
| ? | BBDial | BT Broadband.exe | Part of BT Broandband - is it required? | No |
| N | BBLauncher.exe | BBLauncher.exe | BounceBack Professional - back-up software | No |
| N | bbSysTray | bbSysTray.exe | Philips CD-RW related - "the 'Blue Button' feature gives users the chance to receive convenient online support for their possible device problems or questions" | No |
| U | bbui | bbui.exe | AOL DSL status monitor displaying a red/green icon indicating if you have a connection | No |
| U | bca | bca.exe | BeClean Agent - registry, history, temp files, etc cleaner | No |
| U | BCDetect | bcdetect.exe | Bcdetect.exe searches the system to make sure Creative drivers are installed for the video card. It loads the BlasterControl when the drivers are detected. Your choice - try it and see | No |
| Y | BCMDMMSG | bcmdmmsg.exe | BCM voicemodem driver. Required for dial-up if you have one of these modems | No |
| U | BCMHal | rundll32.exe bcmhal9x.dll, bcinit | BlasterControl for Creative video cards - controls for desktop settings, monitor configuration, colour adjustments and performance tuning. May be needed to retain settings | No |
| Y | BCMSMMSG | BCMSMMSG.exe | BCM voicemodem driver. Required for dial-up if you have one of these modems | No |
| ? | bcmwltry | bcmwltry.exe | Broadcom Corporation Wireless Network Tray Applet. Is it required? | No |
| N | BCNT | bcnt.exe | AWS Weatherbug related. What does it do? | No |
| X | BCPC | bcpc.exe | BroadcastPC adware variant | No |
| X | bcpc_c | bcpc_c.exe | BroadcastPC adware variant | No |
| U | BCTweak | bctweak.exe | BlasterControl for Creative video cards - controls for desktop settings, monitor configuration, colour adjustments and performance tuning. May be needed to retain settings | No |
| X | Bcvsrv32 | bcvsrv32.exe | Added by the GAOBOT.BQJ WORM! | No |
| X | Bcvsrv32 | he3.exe | Added by the AGOBOT.AKB WORM! | No |
| X | Bcvsrv32 | msxml22.exe | Added by the AGOBOT.AKH WORM! | No |
| X | Bcvsrv32 | msc32.exe | Added by the AGOBOT.AKD WORM! | No |
| X | Bcvsrv32 | msbvd32.exe | Added by the AGOBOT-SR WORM! | No |
| X | Bcvsrv32 | system2.exe | Added by the AGOBOT-PU BACKDOOR! | No |
| N | BCWipeTM | bcwipetm.exe | BCWipe Task Manager - scheduler for BCWipe so that it runs at convenient times. You can set a time for running the task, as well as special options for the task. Run manually when needed | No |
| X | BD | dc.exe | Added by the RASDOOR-A TROJAN! | No |
| Y | BDAgent | bdagent.exe | BitDefender Agent - for BitDefender internet security products. Maintains settings (for all users) and provides alerts and System Tray access to the main program. Note - for the System Tray icon to be displayed the Terminal Services service must be set to either "Manual" or "Automatic". It can also be licensed by other products such as versions of The Shield Deluxe from PCSecurityShield (see here) - who's reputation is poor | No |
| X | bdfger | gggasw.exe | Added by the SDBOT-RT WORM! | No |
| Y | BDMCon | Bdmcon.exe | BitDefender antivirus | No |
| Y | BDNewsAgent | bdnagent.exe | BitDefender antivirus - updater | No |
| Y | BDOESRV | bdoesrv.exe | Bitdefender 8 antivirus and firewall | No |
| U | BDRegion | brs.exe | Part of Cyberlink's PowerDVD version 8 - removes the Blu-ray region on a DVD | No |
| Y | BDSwitchAgent | bdswitch.exe | Bitdefender 8 antivirus and firewall | No |
| Y | BDWizReg | bdwizreg.exe | Configuration wizard for BitDefender internet security products. Only runs once the product has been installed. Guides you through the steps necessary to configure the BitDefender modules, applies settings to cover your requirements and security needs and takes the first actions to making your computer virus-free | Yes |
| U | BearFlix | BearFlix.exe | BearFlix is optimized for the fast download of video files | No |
| N | BearShare | bearshare.exe | BearShare file sharing client. Versions known to include spyware - see here | No |
| U | BeatNik Internet Clock | BeatNik.exe | BeatNik Internet Clock is a Windows clock add-on that supports 'skins'. It can also synchronize your computer's clock with an atomic clock | No |
| X | Beawver | saqevre.exe | Added by a variant of the RANKY TROJAN! | No |
| X | BedreigingsMonitoor | pgs.exe | BedreigingsMonitoor rogue security software - not recommended. A member of the AVSystemCare family | No |
| X | Beegees Update | beegees.exe | Added by the SDBOT-ADK WORM! | No |
| ? | BEEI | beei.exe | ?? | No |
| U | BeFaster | befaster3.exe | BeFaster internet connection optimization tool | No |
| X | begins | 0.exe | Added by the MYTOB-HE WORM! | No |
| ? | BEHL | BEHL.exe | ?? | No |
| ? | BEHLO | BEHLO.exe | ?? | No |
| U | beidsystemtray | beidsystemtray.exe | Related to Belgium Identity Card card reader | No |
| U | Belgacom | sprtcmd.exe /P Belgacom | Self-help support tool for Belgacom broadband users (provided by SupportSoft, Inc). Identifies and automatically fixes typical problems that may occur with your high-speed internet service | No |
| U | Belkin F5D8013 N Wireless Notebook Card Utility | Belkinwcui.exe | Wireless configuration utility for the Belkin F5D8013 N Wireless Notebook Card | No |
| U | Belkin F5D8053 N Wireless USB Adapter Utility | Belkinwcui.exe | Wireless configuration utility for the Belkin F5D8053 N Wireless USB Adapter | No |
| U | Belkin F5D8073 N Wireless ExpressCard Adapter Utility | Belkinwcui.exe | Wireless configuration utility for the Belkin F5D8073 N Wireless ExpressCard Adapter | No |
| N | Belkin PCMCIA WLAN Monitor | monitorbk.exe | Belkin USB Network Adapter Management utility - can be started manually | No |
| U | Belkin Wireless G Notebook Card Client Utility | Belkinwcui.exe | Wireless configuration utility for the Belkin F5D701F Wireless G Notebook Card | No |
| U | Belkin Wireless USB Utility | Belkinwcui.exe | Wireless configuration utility for the Belkin F5D7050 Wireless G USB Adapter | No |
| U | Belkin Wireless Utility | Belkinwcui.exe | Wireless configuration utility for some Belkin cards such as the F5D7000 Wireless G Desktop Card | No |
| U | BellSouthAlertManager.exe | BellSouthAlertManager.exe | Related to BellSouth Alert Manager | No |
| U | BelNotify | rundll32.exe [path] NPBelv32.dll, RunDll32_BelNotify | "BelTech from Belarc enables licensees to offer automated, Web-based problem resolution to their end-users. BelTech allows the end-user to simply go to a web page and automatically resolve their problem or point them to the right solution. BelTech Manager allows non-programmers to rapidly and easily deploy and maintain this service" | No |
| ? | BELORVBI | BELORVBI.exe | ?? | No |
| ? | Belsta.exe | Belsta.exe | Configuration tool for Belkin wireless network cards. Required to change the card's configuration. Is it required for correct operation once the confuiguration is changed? | No |
| X | Belt | Belt.exe | VX2.Transponder parasite updater/installer related | No |
| X | Benadril Alert Tool | benadrilalert.exe | Plug-in for WeatherBug advising when pollen count in your area is high - prompting you to buy Benadril | No |
| X | BeschermingsTool | SysRep.exe | BeschermingsTool, Dutch rogue system error and cleaning utility - not recommended. A member of the ErrClean family | No |
| U | BestCrypt Auto Open | BestCrypt.exe | BestCrypt from Jetico, Inc. "Keeps your confidential data in a strongly encrypted form on your disk and provides you with transparent access" | No |
| X | BestPopUpKiller | BestPopupKiller.exe | Popup killer by Swanksoft - not recommended, see here | No |
| X | BestsellerAntivirus | pgs.exe | BestsellerAntivirus rogue security software - not recommended. A member of the AVSystemCare family | No |
| U | BestSync 2008 | BestSyncApp.exe | System Tray access to BestSync® 2008 from Risefly Software - "a professional utility for synchronizing files between your local folders and Network Drives, FTP servers, Removable Media (such as an USB disk)" | No |
| X | BeSys | [path to file] | BeSys adware | No |
| X | beta | svchost.exe | Added by a variant of the DELF.IT TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! The location of this file varies | No |
| X | BF4P | bf4p.exe | Added by the IRCBOT.GEN WORM! | No |
| X | bfxtray | [path to trojan] | Added by the AGENT-GEB TROJAN! | No |
| Y | bg | bullguard.exe | Bullguard antivirus and firewall. The P2P version is free with KaZaA Media Desktop and Grokster | No |
| U | BGInfo | Bginfo.exe | BGinfo automatically displays relevant information about a Windows computer on the desktop's background, such as the computer name, IP address, service pack version, and more | No |
| U | BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} | NMBgMonitor.exe | Associated with Nero Scout, added by version 7 of the Nero digital media suite (CD & DVD burning, authoring, etc). Thanks to Help2Go.com, if you feel this is draining more resources that necessary you can disable it by clicking here | No |
| Y | BGNewsAgent | bgnewsag.exe | BullGuard antivirus updater | No |
| N | bgsmsnd | bgsmsnd.exe | Printer driver to generate PDF files from any program | No |
| X | Bharatayuda | GNB.exe | Added by the BHARAT.A WORM! | No |
| N | BHOCop | BHOCop.exe | PC Magazine's BHO Cop that lets you see what browser helper objects are installed. Useful for detecting spyware | No |
| U | BHODemon 2.0 | BHODemon.exe | BHODemon "protects you from unknown Browser Helper Objects (BHOs), by letting you enable/disable them individually. When running, it also monitors your Registry and alerts you when a BHO is installed. Best of all, BHODemon knows about the most common BHOs - the good ones, and the not-so-good ones!". If you prefer forgoing resident protection, the application can also be run on demand | No |
| U | BHR | BHR.exe | Browser Hijack Retaliator - recovers your browser after it has been hijacked by spyware, adware, etc | No |
| U | BI1HelperStartUp | BI1HEL~1.EXE | ScreenScenes "Beach Islands" screensaver. The freeware version comes with GAIN branded ads (pop-ups and others). ScreenScenes do however offer you the option of doing away with the ads by purchasing the screensaver for a whopping $30. Please note that Claria Corporation no longer support GAIN-Supported software - see here | No |
| X | BIE | Rundll32.exe [path] BDSrHook.dll, Rundll32 | BDplugin parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| X | BIG | biggy.exe | Added by the DELBOT-AG WORM! | No |
| N | BigDog303 | VM303_STI.EXE | Vmicro webcam USB utility - allows the webcam to initiate data transfer to a program. Create a shortcut and start it manually when needed | No |
| N | BigDog305 | VM305_STI.EXE | Vmicro webcam USB utility - allows the webcam to initiate data transfer to a program. Create a shortcut and start it manually when needed | No |
| ? | BigDogPath | VM_STI.EXE | Bundled with some software for digital cameras that use a USB connection - what does it do and is it required? | No |
| N | bigfix | BIGFIX.EXE | BigFix can automatically download and read technical support information provided by computer and software manufacturers and other technical support experts (published in the form of Fixlet® Messages) and can automatically check your computer for bugs, configuration conflicts, and security holes. Should only be started manually as it's a resource hog | Yes |
| X | biglow | biglow.exe | Added by a variant of the Storm/Nuwar/Zhelatin WORM! See here for an example | No |
| X | bigoris | bigoris.exe | Added by the DORF-AZ TROJAN! | No |
| U | BigPond Toolbar | bpumTray.exe | Telstra BigPond Toolbar - "Introducing the free and easy to use BigPond Toolbar that is designed to make your internet experience and managing your Telstra internet account a whole lot easier" | No |
| N | BigPondCable | bpcable.exe | Telstra Bigpond Cable login software - can be started manually | No |
| Y | BigPondWirelessBroadbandCM | BigPond_CM.exe | Related to BigPond_Wireless_Broadband Service by Telstra | No |
| X | bikini | bikini.exe | Added by the LOWZONE-CX TROJAN! | No |
| X | BillGatesLoh.exe | BillGatesLoh.exe | Added by the AGENT-FZO TROJAN! | No |
| N | Billminder | Billmind.exe | Can be setup in Quicken to remind user of due payments. Available via Start -> Programs | No |
| X | bin32hpu | ppstub.exe | PrecisionPop adware | No |
| X | bingdian | Bingdian.vbs | Added by the BINGD WORM! | No |
| ? | Bingo Charm | charms.exe | Some kind of screen icon kind of like desk flag, but it gives you a choice of icons? | No |
| U | Biomenu | menusw.exe | Related to Sony VAIO - passwords, encryption, and a biometric fingerprint sensor | No |
| U | Bionix Wallpaper 5 | Bionix Wallpaper 5.exe | BioniX Wallpaper Changer - "the most advanced wallpaper changer/wallpaper manager software in the world" | No |
| U | BioniXWallpaper | Bionix Wallpaper 5beta.exe | BioniX Wallpaper Changer - "the most advanced wallpaper changer/wallpaper manager software in the world" | No |
| U | BioniXWallpaper | BioniX Wallper.exe | BioniX Wallpaper Changer - "the most advanced wallpaper changer/wallpaper manager software in the world" | No |
| U | BioniXWallpaper | BionixWallpaper5.exe | BioniX Wallpaper Changer - "the most advanced wallpaper changer/wallpaper manager software in the world" | No |
| X | Bios | Bios32.exe | Added by an unidentified VIRUS, WORM or TROJAN! | No |
| X | bios | bios.exe | Added by the BANCBAN-PW TROJAN! | No |
| X | BIOS XP Loader | [random filename] | Added by the RBOT-IC WORM! | No |
| X | BIOS1 | BIOS1.EXE | Added by the OPASERV.T WORM! | No |
| ? | BIOVCIP | BIOVCIP.exe | ?? | No |
| ? | BisonHK | BisonHK.exe | Related to a Bison webcam - which is used on notebooks from a number of manufacturers including Acer, Asus, Lenovo & Samsung. What does it do and is it required? | No |
| Y | BisonInst0402 | BR040286.exe | Driver for integrated notebook webcams from Bison Electronics Inc - such as the Acer Crystal Eye | No |
| N | BitComet | BitComet.exe | BitComet P2P client - can be launched from Start -> Programs | No |
| Y | BitDefender 12 | bdwizreg.exe | Configuration wizard for BitDefender internet security products. Only runs once the product has been installed. Guides you through the steps necessary to configure the BitDefender modules, applies settings to cover your requirements and security needs and takes the first actions to making your computer virus-free | Yes |
| Y | BitDefender 2009 | IEShow.exe | Anti-phishing component of BitDefender internet security products. Anti-phishing prevents sensitive data such as usernames, passwords and credit card details being acquired by web-sites and E-mails masquerading as a trustworthy sources. This entry is from the 2009 versions. It can also be licensed by other products such as versions of The Shield Deluxe from PCSecurityShield (see here) - who's reputation is poor | No |
| Y | BitDefender 2009 | bdagent.exe | BitDefender Agent - for BitDefender internet security products. Maintains settings (for all users) and provides alerts and System Tray access to the main program. Note - for the System Tray icon to be displayed the Terminal Services service must be set to either "Manual" or "Automatic". It can also be licensed by other products such as versions of The Shield Deluxe from PCSecurityShield (see here) - who's reputation is poor | No |
| Y | BitDefender Antiphishing Helper | IEShow.exe | Anti-phishing component of BitDefender internet security products. Anti-phishing prevents sensitive data such as usernames, passwords and credit card details being acquired by web-sites and E-mails masquerading as a trustworthy sources. It can also be licensed by other products such as versions of The Shield Deluxe from PCSecurityShield (see here) - who's reputation is poor | No |
| X | BitDefender Antivirus | BITDEFENDERX.EXE | Added by a variant of the SPYBOT WORM! | No |
| Y | BitDefender Communicator | xcommsvr.exe | BitDefender antivirus | No |
| U | BitDefender for MSN Messenger | msnmon.exe | Bitdefender anti-virus for MSN Messenger - no longer supported at the BitDefender website | No |
| U | BitDefender for Yahoo! Messenger | yahmon.exe | Bitdefender anti-virus for Yahoo! Messenger - no longer supported at the BitDefender website | No |
| Y | BitDefender Live! Init | bdinit.exe | BitDefender antivirus | No |
| Y | BitDefender Scan Server | bdss.exe | BitDefender antivirus | No |
| Y | BitDefender Virus Shield | vsserv.exe | BitDefender antivirus | No |
| Y | bitdefenderlive | avxlive.exe | Main program of BitDefender virus scanner/firewall | No |
| U | BitDefender_P2P_Startup | BitDefender_P2P_Startup.exe | Bitdefender anti-virus for P2P clients - no longer supported at the BitDefender website | No |
| X | Bittorrent | bittorrent.exe | Added by the RJUMP-D WORM! Note - do not confuse with the legitimate BitTorrent file-sharing client which is normally located in %ProgramFiles%\BitTorrent. This one is located in %Windir% | No |
| N | BitTorrent | bittorrent.exe | BitTorrent file sharing client - from BitTorrent, Inc. For more information about the protocol see here. As BitTorrent is a peer-to-peer (P2P) file-sharing client used to distribute large amounts of data between multiple users make sure you have good, up-to-date virus protection and check any downloads | Yes |
| N | BitTorrent DNA | btdna.exe | "BitTorrent DNA is a FREE content delivery service based on the BitTorrent protocol which brings the power of user-contributed bandwidth to traditional content publishers while leaving publishers in full control of their files". Now a stand-alone product where the user creates the download, DNA used to be included with and used by earlier versions of the main BitTorrent client. As files are downloaded via a file-sharing network make sure you have good, up-to-date virus protection and check any downloads. Start manually via Control Panel → DNA | Yes |
| N | bittorrent.exe | bittorrent.exe | BitTorrent file sharing client - from BitTorrent, Inc. For more information about the protocol see here. As BitTorrent is a peer-to-peer (P2P) file-sharing client used to distribute large amounts of data between multiple users make sure you have good, up-to-date virus protection and check any downloads | Yes |
| N | BitWare Print Monitor | bwprnmon.exe | FaxServe network fax software | No |
| N | BJ Printer Status Monitor | Cjstsr.exe | Canon BJ printer status monitor | No |
| N | BJ Status Monitor 5xx | CJSTRxx.EXE | Canon printer status monitor - where "xx" is different depending upon the version. Not required as you can check the printer status via My Computer -> Printers | No |
| N | bjcfd | cdf.exe | BroadJump Client Foundation. Broadband troubleshooting software installed by various companies. Not required and you can remove it via Add/Remove programs | No |
| U | BJLaunchEXE | BJLaunch.exe | Memory Card Utility for the Canon i470D, i475D and i905D photo printers - which allows "your computer to access the memory card reader feature of your printer" | No |
| U | BJPD HID Control | TVMon.exe | Related to Canon Photo viewer | No |
| N | BlackBerryAutoUpdate | RIMAutoUpdate.exe | Automatic updates for BlackBerry smartphones, provided by Research In Motion. Run manually when required | No |
| N | BlackICE PC Protection | blackice.exe | Loads the user interface for the BlackICE PC Protection (was Defender) firewall program. From the parent site - '(the user interface) starts in the "Startup" menu and adds itself to the taskbar. The user interface is independent from the rest of the system and only displays the output or reconfigures the system. It does not need to be running for the rest of the system to run.' See also LoadBlackD | No |
| N | BlackIce Utility | blackice.exe | Loads the user interface for the BlackICE PC Protection (was Defender) firewall program. From the parent site - '(the user interface) starts in the "Startup" menu and adds itself to the taskbar. The user interface is independent from the rest of the system and only displays the output or reconfigures the system. It does not need to be running for the rest of the system to run.' See also LoadBlackD | No |
| U | blads | blads.exe | A Tweak-XP component, blocks advertisement banners in Internet Explorer. Can be enabled/disabled via Tweak-XP / Internet Tweaks | No |
| X | blah service | winupdate.exe | Added by the GAOBOT.BIA WORM! | No |
| X | blah service | winsysengine.exe | Added by the RBOT-KI WORM! | No |
| X | blah service | internet.exe | Added by a variant of the RBOT WORM! | No |
| X | blah service | smnp.exe | Added by the RBOT.IZ WORM! | No |
| X | blah service | msnmsgrr.exe | Added by the RBOT.PZ WORM! | No |
| X | blah service | tazkmgr.exe | Added by the RBOT.UA WORM! | No |
| X | blah service | FaLeH.exe | Added by the RBOT-AES WORM! | No |
| X | blah service | microsoft.exe | Added by a variant of the RBOT WORM! | No |
| X | blah service | evosys.exe | Added by a variant of the RBOT WORM! | No |
| X | blah service | win32.exe | Added by the RBOT-AXO WORM! | No |
| X | Blah service | CCAPPS32.EXE | Added by the RBOT.TV WORM! | No |
| X | blah services | iczw.exe | Added by the RBOT-GMP WORM! | No |
| X | blahh service | msengine.exe | Added by a variant of the RBOT WORM! | No |
| X | blahx service | msnjompa.exe | Added by the SDBOT.AML WORM! | No |
| X | Blank AntiViri | AUT0EXEC.BAT StartUp | Added by the BRONTOK-CJ WORM! | No |
| N | BlazeChanger | FBZPaper.exe | Ember graphic file viewer, manager, and touch-up system | No |
| ? | BlazeServoTool | MediaDetector.exe | Related to BlazeDVD from BlazeVideo - which "is leading powerful and easy-to-use DVD player software." What does it do and is it required? | No |
| N | bldbubg | bldbubg.exe | Part of Dell Alerts which provides customers with an update on latest updates for his/her system | No |
| X | BLF | blf.exe | Added by the DELBOT-M WORM! | No |
| U | blinkx | blinkx.exe | Blinkx Desktop "Smart Folders" software | No |
| N | Blitzz BWI715 | WLANmon.exe | Blitzz Technology BWI715 Wireless PC modem connection monitor | No |
| X | BLMessagingIntegration | blengine.exe | BuddyLinks adware | No |
| U | BlockAds | blads.exe | A Tweak-XP component, blocks advertisement banners in Internet Explorer. Can be enabled/disabled via Tweak-XP / Internet Tweaks | No |
| X | BlockChecker | Block-checker.exe | BlockChecker adware | No |
| X | BlockDefense | BlockDefense.exe | BlockDefense rogue security software - not recommended, removal instructions here. A member of the WiniGuard family | No |
| X | Blocker System611 Monitoring | PopUpBlocker611.exe | Added by the RBOT.BLJ WORM! | No |
| X | BlockKeeper | BlockKeeper.exe | BlockKeeper rogue security software - not recommended, removal instructions here. A member of the WiniGuard family | No |
| X | BlockProtector.exe | BlockProtector.exe | BlockProtector rogue security software - not recommended, removal instructions here. A member of the WiniGuard family | No |
| X | BlockScanner | BlockScanner.exe | BlockScanner rogue security software - not recommended. A member of the WiniGuard family | No |
| N | BlockTracker | BlockTracker.exe | If present on a HP machine it tracks all the processes and logs them to a blocklog.txt file | No |
| X | BlockWatcher | BlockWatcher.exe | BlockWatcher rogue security software - not recommended, removal instructions here. A member of the WiniGuard family | No |
| U | BLOG | rundll32.exe [path] BatLogEx.DLL,StartBattLog | Part of the Battery MaxiMiser and Power Management Features set for some IBM/Lenovo Thinkpad notebooks. This entry logs changes in battery conditions such as charging, discharging, life, etc | Yes |
| U | blsloader | blsloader.exe | BellSouth ISP Internet Tools | No |
| X | blss | blss.exe | Added by the BLARUL TROJAN! | No |
| N | BLSTAPP | blstapp.exe | Puts access to Creative's BlasterControl in the System Tray | No |
| N | Blubster | Blubster.exe | Related to Blubster Music sharing service | No |
| U | Blue Frog | bluefrog.exe | Blue Frog by Blue Security Inc. - actively fights spam by posting complaints on the sites advertised by the spam you receive | No |
| X | Blue Service | [path to trojan] | Added by the BANCOS-BCW TROJAN! | No |
| ? | BlueLight_uoltray | exec.exe | Related to BlueLight Internet. What does it do and is it required? | No |
| U | BlueSoleil | BLUESO~1.EXE | BlueSoleil Bluetooth wireless manager from IVT Corporation | No |
| U | BlueSpace NE | BlueSpaceNE.exe | "BlueSpace NE is a utility program used to run the Bluetooth function on VAIO computers that support the Bluetooth function or on VAIO computers connected to the Bluetooth USB adapter". Shortcut available via Start -> Programs | No |
| X | Bluetooth Config | btwindin32.exe | Added by the SDBOT-DFN WORM! | No |
| U | Bluetooth Connection Assistant | LBTWiz.exe | Bluetooth connection manager for Logitech based bluetooth wireless products | No |
| ? | Bluetooth HCI Monitor | RunDll32 HCIMNTR.DLL,RunCheckHCIMode | Related to the Bluetooth short-range wireless communications technology. For more information on Bluetooth see here. What does it do and is it required? | No |
| U | BluetoothAuthenticationAgent | rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent | If your system has Bluetooth (either integrated or via an adapter) and use's Microsoft's support software/drivers, this entry is required in order to successfully "pair" your system with a Bluetooth device (such as a mobile phone, PDA, headset) using this wireless protocol (via a PIN). Should you get the error message, "Rundll irprops.cpl missing entry Bluetooth authentication agent", click here for more information | Yes |
| U | BluetoothAuthenticationAgent | rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent | If your system has Bluetooth (either integrated or via an adapter) and use's Microsoft's support software/drivers, this entry is required in order to successfully "pair" your system with a Bluetooth device (such as a mobile phone, PDA, headset) using this wireless protocol (via a PIN) | Yes |
| U | blueyonder Instant Support Tool | matcli.exe | Blueyonder Instant Support Tool. "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, state, etc and gets written to a log file". Blueyonder Instant Support Tool is required to run with the Help and Support program. If you uncheck it and then run Help and Support it will add another in the startup menu. If you remove Blueyonder Instant Support Tool via add/remove programs some menus in help and support will not be available. You decide | No |
| X | bm | bm.exe | Part of the AVSystemCare rogue security software and other members of this family. See here for more examples | No |
| N | BMail Installation | FTP_back.exe | Part of iMesh - a file sharing system. Reported by Norton AntiVirus as a trojan. Once deleted does not prevent file sharing working. Older versions of iMesh re-instate this but the newer versions do not | No |
| X | Bman | BMan1.exe | Abcsearch.com/DealHelper adware variant | No |
| U | BMMGAG | RunDll32 [path] pwrmonit.dll,StartPwrMonitor | Part of the Battery MaxiMiser and Power Management Features set for some IBM/Lenovo Thinkpad notebooks. This entry displays the battery gauge icon in the Taskbar (not the System Tray). Provides shortcuts to the proprietary power saving settings and to a battery information window | Yes |
| N | BMMLREF | BMMLREF.EXE | Part of the Battery MaxiMiser and Power Management Features set for some IBM/Lenovo Thinkpad notebooks. The purpose of this entry is unknown at present. It doesn't normally appear to be running if left enabled at startup and it doesn't run if the Battery MaxiMiser Wizard is open - hence the "N" status | Yes |
| N | BMMLREF.EXE | BMMLREF.EXE | Part of the Battery MaxiMiser and Power Management Features set for some IBM/Lenovo Thinkpad notebooks. The purpose of this entry is unknown at present. It doesn't normally appear to be running if left enabled at startup and it doesn't run if the Battery MaxiMiser Wizard is open - hence the "N" status | Yes |
| U | BMMMONWND | rundll32.exe [path] BatInfEx.dll,BMMAutonomicMonitor | Part of the Battery MaxiMiser and Power Management Features set for some IBM/Lenovo Thinkpad notebooks. This entry is needed for the battery information and monitoring program as well as the Battery Maximizer Wizard | Yes |
| X | BMN | bm.exe | Part of VirtualPCGuard, VirusGuardPlus and other members of the AVSystemCare family of rogue security software suites. See here for more examples | No |
| X | BMN | strpmon.exe | Part of CleanPCTool, CleanupTool and other members of the ErrClean rogue system error and cleaning utility and other members of this family. See here for more examples | No |
| X | BMN | dcmon.exe | SystemDoctor rogue security software - not recommended, removal instructions here | No |
| U | BMO MasterCard Wallet | EWALLET.EXE | The wallet conveniently stores billing, shipping and payment information on your PC | No |
| X | Bmonq | bmonq.exe | Added by the CLICKER.HZ TROJAN! | No |
| N | BMupdate | BMupdate.exe | Related to the BookmarkCentral entry. Typically added after downloading drivers for Visioneer scanners for example, and you install the driver self-install | No |
| X | bmw | bmw.exe | Added by the AGOBOT.BBV BACKDOOR! | No |
| X | bmz | bmz.exe | 180Search adware | No |
| X | Bndt32 | Bndt32.exe | Added by the LACON WORM! | No |
| X | Bnexe | [random filename] | Added by the KITRO.D (or ARGEN.A) WORM! | No |
| U | BO1HelperStartUp | BO1HEL~1.EXE | ScreenScenes "Butterfly Oasis" screensaver. The freeware version comes with GAIN branded ads (pop-ups and others). ScreenScenes do however offer you the option of doing away with the ads by purchasing the screensaver for a whopping $30. Please note that Claria Corporation no longer support GAIN-Supported software - see here | No |
| U | BO1HelperStartUp | Bo1helper.exe | ScreenScenes "Butterfly Oasis" screensaver. The freeware version comes with GAIN branded ads (pop-ups and others). ScreenScenes do however offer you the option of doing away with the ads by purchasing the screensaver for a whopping $30. Please note that Claria Corporation no longer support GAIN-Supported software - see here | No |
| X | Boarddata | [path] repcale.exe [path] palsp.exe | Added by a variant of the RANDON.AN WORM! Both files are often located in %System% | No |
| X | boat32 | boat32.exe | Added by a variant of the RBOT WORM! | No |
| X | boby | csrs.scr | Added by the BANCBAN-PC TROJAN! | No |
| X | boby | netburn.scr | Added by the BANCBAN-OX TROJAN! | No |
| X | boby. | Isass.scr | Added by the BANCBAN-OH TROJAN! | No |
| Y | BOC-412 | BOC412.exe | NSClean (now Comodo) BOClean anti-malware software - "Protect yourself from online identity theft. The greatest threat on the Internet today is having your personal information hijacked remotely". Version 4.12 | No |
| Y | BOC-420 | BOC420.exe | NSClean (now Comodo) BOClean anti-malware software - "Protect yourself from online identity theft. The greatest threat on the Internet today is having your personal information hijacked remotely". Version 4.20 | No |
| Y | BOC-421 | BOC421.exe | NSClean (now Comodo) BOClean anti-malware software - "Protect yourself from online identity theft. The greatest threat on the Internet today is having your personal information hijacked remotely". Version 4.21 | No |
| Y | BOC-422 | BOC422.exe | NSClean (now Comodo) BOClean anti-malware software - "Protect yourself from online identity theft. The greatest threat on the Internet today is having your personal information hijacked remotely". Version 4.22 | No |
| Y | BOC-423 | BOC423.exe | Comodo BOClean anti-malware software - "Protect yourself from online identity theft. The greatest threat on the Internet today is having your personal information hijacked remotely". Version 4.23 | No |
| Y | BOC-424 | BOC424.exe | Comodo BOClean anti-malware software - "Protect yourself from online identity theft. The greatest threat on the Internet today is having your personal information hijacked remotely". Version 4.24 | No |
| Y | BOC-425 | BOC425.exe | Comodo BOClean anti-malware software - "Protect yourself from online identity theft. The greatest threat on the Internet today is having your personal information hijacked remotely". Version 4.25 | No |
| Y | BOC-426 | BOC426.exe | Comodo BOClean anti-malware software - "Protect yourself from online identity theft. The greatest threat on the Internet today is having your personal information hijacked remotely". Version 4.26 | No |
| Y | BOC-427 | BOC427.exe | Comodo BOClean anti-malware software - "Protect yourself from online identity theft. The greatest threat on the Internet today is having your personal information hijacked remotely". Version 4.27 | No |
| Y | BOCleanautostart | Boclean.exe | NSClean's BOClean anti-trojan software | No |
| U | BOINC Manager | boincmgr.exe | BOINC manager - "controls the use of your computer's disk, network, and processor resources" | No |
| U | Boingo Wireless Utility | Icon###XXX#X#.exe | Starts the Boingo Wireless utility, used to detect and login into Boingo wireless hotspots. The filename may be autogenerated when installing, two different variations along the lines listed here, where # is a number and X is a letter. Shortcut available via Start -> Programs | No |
| X | bolenja | bolenja.exe | Added by the WANTVI.BF TROJAN! | No |
| X | bolenjx | bolenjx.exe | Added by the ELDYCOW.O TROJAN! | No |
| X | boler.exe | syser.exe | Added by the RBOT-AYS WORM! | No |
| U | bombshel | BOMB32.EXE | Part of McAfee Nuts & Bolts. Protects your Windows system from application failure and crashes - similar to Norton Crashguard. Your choice - may cause problems | No |
| X | Bonzi Buddy | ?? | Bonzi Buddy adware - see here for removal instructions | No |
| X | BONZI Task Switcher | Taskswitch.exe | Added by the SPYBOT.DTR WORM! | No |
| X | boo | boo.exe | Adware downloader - detected by Kaspersky as the FAVADD.O TROJAN! | No |
| X | BookedSpace | RunDLL32.EXE bs2.dll,DllRun | BookedSpace parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "bs2.dll" file is located in %Windir% | No |
| N | BookmarkCentral | BMLauncher.exe | Bookmark Express - "offers a more flexible way to manage Web site bookmarks, regardless of which browser you use" | No |
| N | BookMarkSink | syncit.exe | Bookmark synchronization utility | No |
| N | BookMarkSync | syncit.exe | Sync2IT BookMarkSync - "real-time automatic synchronization service that allows you to access your bookmarks, favorites and favorite files from any computer or any browser". Only installed with the users explicit permission and generally only remains running if the user decides to subscribe to the service. If it is no longer required it should be uninstalled to prevent a large number of clients 'checking in' to the server that have no chance of synchronizing | No |
| N | BookMarkSync2It | sync2it.exe | Sync2IT BookMarkSync - "real-time automatic synchronization service that allows you to access your bookmarks, favorites and favorite files from any computer or any browser". Only installed with the users explicit permission and generally only remains running if the user decides to subscribe to the service. If it is no longer required it should be uninstalled to prevent a large number of clients 'checking in' to the server that have no chance of synchronizing | No |
| U | Boost XP Service | bxservice.exe | Boost XP from Systweak - WinXP tweaking utility | No |
| U | BoostSpeed | boostspeed.exe | System Tray accesss to Auslogics BoostSpeed 4 system optimization utility - which "Start programs faster. Speed up computer start time. Increase Internet speed, optimize your Internet Explorer, Firefox and E-mail programs" | Yes |
| X | boot | boot.exe | Added by the PUPPET-A TROJAN! Located in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| U | Boot | Boot.exe | Part of Acer Empowering Technology. "Acer ePower Management is a straightforward interface that allows users to select from pre-configured power usage profiles, or to create their own customized profiles". Located in Acer\Empowering Technology\ePower | No |
| X | Boot Check | bootchk.exe | Added by the DELBOT-AB WORM! | No |
| X | Boot Client | bootcli.exe | Added by the IRCBOT-ACF BACKDOOR! | No |
| X | Boot Config | bootconfig.exe | Added by the FLOOD-EV TROJAN! | No |
| X | Boot K | bootk.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Boot Manager | Njgal.exe | Added by the KILO TROJAN! | No |
| X | Boot Manager | bootmng.exe | Added by a variant of the SPYBOT WORM! | No |
| X | Boot Server | bootserver.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Boot Service | bootservice.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Boot Service | bootsv.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Boot Verify | bootvfy.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | BootCfg | Install.log.vbs | Added by the YPSAN.D WORM! | No |
| X | BootCTRL | bootctrl.exe | Added by an unidentified WORM or TROJAN! | No |
| X | BootLoader | BootLoader.exe.vbs | Added by the WATERWORKS WORM! | No |
| X | bootpd.exe | bootpd.exe | Added by the AGENT-DT TROJAN! | No |
| ? | Boots Insert Detect | InsDetect.exe | Part of Boots Picture Suite. Detects a digital camera is plugged into a USB port or when a memory card with photos is inserted? | No |
| X | BootsCfg | wscript.exe [path] Date.POP.vbs | Added by the KUULLIO WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted | No |
| X | BootsCfg | wscript.exe [path] All Users.vbs | Added by the SPILTRON WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted | No |
| X | BootsCfg | wscript.exe [path] All Users.vbe | Added by the SPILTRON WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted | No |
| X | BootsCfg | wscript.exe Install.log.vbs | Added by the YPSAN.E WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted. The "Install.log.vbs" file is located in %System% | No |
| X | bootsec | NAVSSE.exe | Added by the FORBOT-CY WORM! | No |
| Y | BootSkin Startup Jobs | BootSkin.exe | Stardock BootSkin is a program that allows users to change their Windows 2000 and Windows XP boot screens | No |
| U | BootStatus | BOOTST~1.EXE | Visual Basic program that pops up a small window on startup telling you how many times the machine has been booted that day. Once you exit it, it has no more effect on resources | No |
| U | BootWarn | BootWarn.exe | From here: "Norton AntiVirus Boot Warning. This program is installed as a startup item when you install Norton AntiVirus, and also sometimes when you do a LiveUpdate which updates Norton AntiVirus significantly enough that a reboot is needed to complete the installation. We believe its purpose to be to warn the end-user that he must reboot his PC before using Norton AntiVirus in those cases when a reboot did not happen with the result that Norton AntiVirus did not fully complete its installation or software updating. Recommendation : Start Norton AntiVirus from "Start → Programs → Norton AntiVirus". If Norton AntiVirus comes up without problems, then fix this entry from the Msconfig Startup tab - it was left behind by mistake and is no longer needed now that Norton AntiVirus is fully installed and opens without error messages" | No |
| X | boot_reg | [path to file] | Added by the BANCBAN-CA TROJAN! | No |
| X | boot_reg | svchot.exe | Added by the BANCBAN-BQ TROJAN! | No |
| X | BortMedVirus | pgs.exe | BortMedVirus rogue security software - not recommended. A member of the AVSystemCare family | No |
| U | borzoi | blg.exe | Borzoi surveillance software. Uninstall this software unless you put it there yourself | No |
| N | Bose Wave/PC Monitor | wavepcmonitor.exe | System Tray access for this system (more info on the system here). Available via Start -> Programs | No |
| X | BossIdea | winlogin.exe | Added by the LINEAGE-I TROJAN! | No |
| ? | Boston | Boston.exe | Part of the Boston Acoustics USB speaker systems. What does it do and is it required? | No |
| X | Bot Loader | svchostt.exe | Added by the GAOBOT.ALV WORM! | No |
| X | Bouncer RunStartup | bouncer.exe | Virtual Bouncer - malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove, so definitely qualifies as unsolicited commercial software in itself. It also has an update feature that can download and execute arbitrary code. Warning - choose "custom" uninstall as "automatic" may remove other programs - see here | No |
| X | Bouncer RunStartup | LiveUpdate.exe | Virtual Bouncer - malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove, so definitely qualifies as unsolicited commercial software in itself. It also has an update feature that can download and execute arbitrary code. Warning - choose "custom" uninstall as "automatic" may remove other programs - see here | No |
| X | boy lovers of bsd | ilikeboys.exe | Added by the MYTOB.LY WORM! | No |
| U | bpcpost.exe | bpcpost.exe | MS TV Viewer Post Setup Program. Part of MS WebTV for Windows. Used to display TV on your PC via a compatible video card with in-built tuner (such as ATI All-In-Wonder). If you don't use it - uninstall it | No |
| X | BPCV2 | BPCV2.exe | BroadcastPC adware | No |
| X | BPCv2 re | bpc2 re inst.exe | BroadcastPC adware variant | No |
| U | BPK | bpk.exe | Blazing Tools Perfect Keylogger keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| N | BPServer | G6FTPSrv.exe | BulletProof FTP Server | No |
| U | BQTray.exe | BQTray.exe | System Tray access to BurnQuick CD burning software. Only required if you use the queueing facility, hence the U recommendation. Create your own desktop shortcut to start manually | No |
| X | Brasil | Brasil.exe | Added by the OPASERV.E WORM! | No |
| X | Brasil | BRASIL.PIF | Added by the OPASERV.E WORM! | No |
| X | BrasilOld | [worm filename] | Added by the OPASERV.P WORM! | No |
| X | brastk | brastk.exe | Added by the DORF-BV TROJAN! | No |
| X | Brave-Sentry | BraveSentry.exe | BraveSentry rogue security software - not recommended, removal instructions here | No |
| X | BraveSentry | BraveSentry.exe | BraveSentry rogue security software - not recommended, removal instructions here | No |
| X | braviax | braviax.exe | Added by the FAKEALER.LE TROJAN! | No |
| X | Brct | trdb.exe | Detected by Kaspersky as the PURITYSCAN.Y TROJAN! | No |
| U | Break_Reminder | BREAK REMINDER.exe | Break Reminder - Remind yourself to take breaks to prevent computer related injuries. See here | No |
| Y | Bredbandsbolaget | servicecenter.exe | Related to the Brebband Swedish Broadband provider | No |
| X | Breg | bcre.exe | BroadcastPC adware variant | No |
| X | Breg | bptre.exe | BroadcastPC adware variant | No |
| X | Breg | breg.exe | BroadcastPC adware | No |
| X | Bridge | rundll32.exe [path] Bridge.dll,Load | Flingstone.com browser hijacker. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| Y | Brindys BriTray | BRITRAY.EXE | Main process for the following applications: GEDEX, SICARIO, BRINOTES, BRIRESPA, SICURE, TRASGO, UNDOCS, FRESH & BRIFAME (all of them from Brindys Software). Performs the following tasks [un]installation, web software autoupdate, notification windows, interprocess communication, tray bar icons & menus, alarms (brinotes), and common web launching from the mentioned applications. Can be stopped safely once run if so desired | No |
| U | BrmfRmPA | BrmfRmPA.exe | Brother resource manager - needed for a Brother MFC printer/copiert/scanner and PC to properly communicate | No |
| U | broadband medic | matcli.exe | NTL's Broadband Medic. "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". Broadband Medic is required to run with the Help and Support program. If you uncheck Broadband Medic and then run Help and Support it will add another in the startup menu. If you remove Broadband Medic via add/remove program some menus in Help and Support will not be available. You decide | No |
| N | Broadband Wizard | bbwiz.exe | Starts Broadband Wizard so it runs in the System Tray. This application tests and optimizes your Cable or DSL connection. Available via Start -> Programs | No |
| N | BroadCamRun | broadCam.exe | BroadCam is an easy to use video streamer designed to broadcast live video using a webcam (or other camera) and microphone | No |
| U | Broadcom Wireless Manager UI | bcmntray.exe | Related to Broadcom Network Adapters for additional configuration options for these devices. Should not be terminated unless suspected to be causing problems | No |
| N | Broadcom Wireless Manager UI | wltray.exe | System tray access to wireless LAN card configuration options | No |
| X | Bron-Spizaetus | CVT.exe | Added by the RONTOKBRO WORM! | No |
| X | Bron-Spizaetus | norBtok.exe | Added by the RONTOKBRO.B WORM! | No |
| X | Bron-Spizaetus | [path to file] | Added by the BRONTOK-F WORM! | No |
| X | Bron-Spizaetus | bronstab.exe | Added by the RONTOKBRO.C WORM! | No |
| X | Bron-Spizaetus | eksplorasi.exe | Added by the RONTOKBRO.J WORM! | No |
| X | Bron-Spizaetus | ElnorB.exe | Added by the RONTOKBRO.D WORM! | No |
| X | Bron-Spizaetus | sempalong.exe | Added by the BRONTOK-E WORM! | No |
| X | Bron-Spizaetus | RakyatKelaparan.exe | Added by the BRONTOK-J or BRONTOK-L WORMS! | No |
| X | Bron-Spizaetus-5118REPM | komodo-6321422.exe | Added by the BRONTOK-R WORM! | No |
| X | Bron-Spizaetus-cfgmktoq | bbm-qotkmgfc.exe | Added by the BRONTOK-M WORM! | No |
| X | Bron-Spizaetus-cfgmmnru | bbm-urnmmgfc.exe | Added by the BRONTOK-N WORM! | No |
| X | BRoNToK | BRoNToK.exe | Added by the BRONTOK-CG WORM! | No |
| X | BrowseProxy | FindService.exe | Actual Names (AdvSearch) Internet Keywords parasite | No |
| X | browser | msgaol.exe | Added by the TACTSLAY.C TROJAN! | No |
| X | browser | s_menu.exe | Added by the TACTSLAY.C TROJAN! | No |
| X | browser | browse.exe | Added by the TACTSLAY.C TROJAN! | No |
| X | browser | deamon.exe | Added by the TACTSLAY.C TROJAN! | No |
| X | browser aid | browseraid.exe | BrowserAid/BrowserPal foistware | No |
| X | Browser Help Svc | BHSV.EXE | Added by the RBOT-AVQ WORM! | No |
| Y | Browser Hijack Blaster | bhblaster.exe | Browser Hijack Blaster - protects your system from browser hijackers and spyware that alters your IE settings. Now replaced by SpywareGuard | No |
| U | Browser Launcher | Commandr.exe | Logitech internet keyboard "Commander" software - loads the software for the shortcut keys on the keyboard. Not required unless you want to use the short cut keys | No |
| X | Browser Pal | adblck.exe | BrowserAid/BrowserPal foistware | No |
| U | Browser Sentinel | BrowserSentinel.exe | Browser Sentinel - notifies you if a program wants to penetrate into Internet explorer, add itself to the Windows auto-run list or change your home page | No |
| X | BrowserUpdateSched | [random filename] | ZenoSearch adware | No |
| N | BrowserWebCheck | loadwc.exe | Checks to make sure that IE is still your default browser | No |
| X | BrO_AcT | BrO-AcT.exe | Added by the SILLYFDC-D WORM! | No |
| X | brwdiag | [path to worm] | Added by the STRATIO-BN WORM! | No |
| X | BS Mediaplayer | bsplyr.exe | Added by the RBOT-OU WORM! | No |
| N | BS Player | bsplayer.exe | BSplayer - A video player used to play avi, mpg, wmv and other multimedia files | No |
| N | BsCLiP | BSCLIP.exe | CD recording utility that comes with a lot of CDR/CDRW drives and isn't required | No |
| ? | BsMnt | BsMnt.exe | Related to a Bison webcam - which is used on notebooks from a number of manufacturers including Acer, Asus, Lenovo & Samsung. What does it do and is it required? | No |
| X | Bsoft lppt01 | Bsoft.exe | RapidBlaster variant (in a "BelmontSoft" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here | No |
| N | bsplayer | bsplayer.exe | BSplayer - a video player used to play avi, mpg, wmv and other multimedia files | No |
| X | BsRte | MemoteXZZ.exe | Added by the AUTORUN-AJU WORM! | No |
| X | BSserver | FileKan.exe | Added by the VB.CBW WORM! | No |
| X | BSVCHOST | SVCH0ST.EXE | Added by the VOXOM TROJAN! Notice the digit "0" in the filename rather than the upper case "o" | No |
| X | Bsx3 | RunDLL32.EXE bs3.dll,DllRun | BookedSpace parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "bs3.dll" file is located in %Windir% | No |
| X | BT | [path to trojan] | Added by the LITEBOT-B TROJAN! | No |
| U | BT Broadband Basic Help | matcli.exe | "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". BT Broadband Help is required to run with the Help and Support program. If you uncheck BT Broadband Help and and then run Help and Support it will add another BT Broadband Help in the startup menu. If you remove this software in "add/remove programs" some help menus in help and support will not be available. You decide | No |
| U | BT Broadband Desktop Help | matcli.exe | "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". BT Broadband Help is required to run with the Help and Support program. If you uncheck BT Broadband Help and and then run Help and Support it will add another BT Broadband Help in the startup menu. If you remove the BT Broadband Help in the add/remove program some help menus in help and support will not be available. You decide | No |
| U | BT Broadband Help | matcli.exe | "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". BT Broadband Help is required to run with the Help and Support program. If you uncheck BT Broadband Help and and then run Help and Support it will add another BT Broadband Help in the startup menu. If you remove the BT Broadband Help in the add/remove program some help menus in help and support will not be available. You decide | No |
| X | BT00003* | abcdefg23.exe | Added by the VB-VT TROJAN where * = 5,6 or 7! | No |
| X | BT00003* | hiklmnop27.exe | Added by the VB-VT TROJAN where * = 2,3 or 4! | No |
| U | btbb_wcm_McciTrayApp | McciTrayApp.exe | System tray access to Motive's Broadband 2.0 configuration and repair utility | No |
| U | BtcMaestro | KMaestro.exe | Multimedia keyboard manager. Required if you use the multimedia keys | No |
| N | btdna | btdna.exe | "BitTorrent DNA is a FREE content delivery service based on the BitTorrent protocol which brings the power of user-contributed bandwidth to traditional content publishers while leaving publishers in full control of their files". Now a stand-alone product where the user creates the download, DNA used to be included with and used by earlier versions of the main BitTorrent client. As files are downloaded via a file-sharing network make sure you have good, up-to-date virus protection and check any downloads. Start manually via Control Panel → DNA | Yes |
| N | btdna.exe | btdna.exe | "BitTorrent DNA is a FREE content delivery service based on the BitTorrent protocol which brings the power of user-contributed bandwidth to traditional content publishers while leaving publishers in full control of their files". Now a stand-alone product where the user creates the download, DNA used to be included with and used by earlier versions of the main BitTorrent client. As files are downloaded via a file-sharing network make sure you have good, up-to-date virus protection and check any downloads. Start manually via Control Panel → DNA | Yes |
| ? | btinst | btinst.exe | Associated with an Anycom bluetooth wireless card. What does it do and is it required? | No |
| U | BTModemProtection | BTModemProtection.exe | BT Privacy Online modem protection software, see here | No |
| X | btmsre.exe | btmsre.exe | Added by the SDBOT.AM WORM! | No |
| U | BTopenworld | DialBTYahoo.exe | BT Yahoo! internet connection manager | No |
| ? | BTSETBOOTKEY | BTSetBootKey.exe | Related to a USB Bluetooth adaptor. What does it do and is it required? | No |
| U | BtStart | btstart.exe | Broadcom (formerly WIDCOMM) Bluetooth Connectivity Software | No |
| U | BTTray | BTTray.exe | System tray icon which shows the status of a Bluetooth wireless module (either integrated or via an adapter). Most systems with such a module installed can enable/disable the module and the icon changes from blue/white to blue/red when the module is turned off. Also allows access to explore bluetooth places, setup wizard, advanced configuration, quick connect and shutdown device. This entry is required in order to successfully "pair" your system with a Bluetooth device (such as a mobile phone, PDA, headset) using this wireless protocol (via a PIN) | Yes |
| Y | BTUSRBDG | BtUsrBdg.exe | Used with a Mitsumi USB Bluetooth adaptor (and maybe others) | No |
| Y | BTUSRBDGF | BtUsrBdg.exe | Used with a Mitsumi USB Bluetooth adaptor (and maybe others) | No |
| X | BTV | btv.exe | BroadcastPC adware | No |
| X | BtvC | btvclean.exe | BroadcastPC adware | No |
| Y | Bubble | Bubble.exe | Part of Windows SteadyState, which is designed to make life easier for people who set up and maintain shared computers - enabling the system administrator to prevent users from making changes to the system configuration, windows desktop, restricting program access, etc. It's intended for shared user environments such as internet cafés, libraries and schools but can be used in any environment. Bubble allows notification messages to appear on a computer managed by Windows SteadyState | Yes |
| N | Buddyizer | Buddyizer.exe | Part of the AIMster Peer to Peer (P2P) file sharing application that runs over the AOL Instant Messenger network | No |
| U | BUFFALO Power Save Utility for HD | HDManage.exe | Power Save utility for Buffalo backup hard discs | No |
| N | Bug Eliminator | Bug_Elim.exe | Bug Eliminator - "performs a complete health check on your computer safely, securely, and silently!" | No |
| X | BugsDestroyer | SysRep.exe | BugsDestroyer rogue system error and cleaning utility - not recommended. A member of the ErrClean family | No |
| U | bugwatcher service | bugwatcher.exe | Bugtoaster is a service that sends reports on system/program crashes (certain types) back to Bugtoaster. They relay information to program authors and provide, if available, any known solutions to the crashes. It doesn't take up any room in memory, just activates in the event of certain program failures | No |
| N | BuildBU | bldbubg.exe | Part of Dell Alerts which provides customers with an update on latest updates for his/her system | No |
| X | BuildLab | services.exe | Added by the NEVEG.B or NEVEG.C WORMS! Note - this is not the legitimate services.exe process, which should not appear in Msconfig/Startup! | No |
| X | BuildLab | winlogon.exe | Added by the NEVEG.A WORM! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup! | No |
| X | BuildLabs | csrss.exe | Added by the WEBUS TROJAN! Note - this is not the legitimate csrss.exe process which should not normally figure in Msconfig/Startup! | No |
| X | BuildLabs | lsass.exe | Added by the WEBUS.B TROJAN! Note - this is not the legitimate lsass.exe process which should not normally figure in Msconfig/Startup! | No |
| X | bulk | bulk.exe | Added by the AGOBOT-ACR WORM! | No |
| U | Bulldog Service | upsd.exe | Belkin's Bulldog Plus control software which runs under Windows 95 or later and monitors the UPS (Uninterrupted Power Supply) via a serial or USB link | No |
| N | BulletProof FTP Server | bpftpserver.exe | BulletProof FTP Server | No |
| Y | BullGuard | mgui.exe | Part of Bullguard antivirus | No |
| Y | BullGuard | BullGuard.exe | Part of BullGuard antivirus | No |
| U | BullGuard Update | avxlive.exe | Part of Bullguard antivirus. Leave enabled unless you manually update virus definitions | No |
| Y | BullGuard XComm | XCOMMSVR.EXE | Part of Bullguard antivirus | No |
| Y | BullGuardInit | AVXINIT.EXE | Part of Bullguard antivirus | No |
| Y | BullguardoptIn | bulldownload.exe | Part of Bullguard antivirus | No |
| X | BullsEye | bargains.exe | BargainBuddy adware | No |
| X | BullsEye Network | bargains.exe | BargainBuddy adware | No |
| ? | BullsEye Tracker | BeTrack.exe | Bullseye - intelligent research assistant | No |
| X | Bunx | beagle.exe | Added by the LEBREAT-E WORM! | No |
| X | buritos | buritos.exe | Identified as a variant of the Downloader.FraudLoad.C malware | No |
| N | BurnQuick Queue | BQTray.exe | System Tray access to BurnQuick CD burning software. Only required if you use the queueing facility, hence the U recommendation. Create your own desktop shortcut to start manually | No |
| U | Button Server | bttnserv.exe | Found on a Compaq PC, for the extra buttons on the keyboard for the speaker volume, media player, sleep and internet buttons. If the buttons aren't used on the keyboard or your's doesn't have them, then it isn't required | No |
| N | ButtonKey | ButtonKey.exe | CyberView TWAIN driver for the Pacific Image range of 35mm film scanners. Enables the one touch scanning button and places an icon an the System Tray. Use your scanners software or run it manually by creating a shortcut | No |
| N | Buzme | Bmui.exe | Buzme by RingCentral, Inc - internet call waiting. Intercepts telephone calls like an answering machine and plays the voice message on your PC. Only required when you're on-line and via dial-up modem | No |
| U | BuzMe | RCUI.exe | Display Client for the BuzMe Internet Call Waiting Service | No |
| U | Buzof.exe | buzof.exe | Buzof from Basta Computing "enables you to automatically answer, close or minimize virtually any recurring window including messages, prompts, and dialog boxes" | No |
| X | BVWORSFM | bvworsfm.exe | Added by the DLUCA-AD TROJAN! | No |
| X | Bwddwss | [path to trojan] | Added by the RANKY.BD TROJAN! | No |
| N | bwprnmon.exe | bwprnmon.exe | FaxServe network fax software | No |
| X | bxproxy | bxproxy.exe | Added by the BXPROXY TROJAN! | No |
| X | bxproxy | [random].dll | SoftStop rogue security software - not recommended | No |
| X | bxsx5 | RunDLL32.EXE bsx5.dll,DllRun | BookedSpace parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "bsx5.dll" file is located in %Windir% | No |
| X | bxxs5 | RunDLL32.EXE bxxs5.dll,dllrun | BookedSpace parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "bxxs5.dll" file is located in %Windir% | No |
| X | Bymer.Scanner | Wininit.exe | Added by the BYMER WORM! | No |
| X | Bymer.Scanner | Msinit.exe | Added by the BYMER WORM! | No |
| U | BySoft FreeRAM | FreeRAM.exe | "Bysoft FreeRAM is a program that frees up ram manually or automatically. It shows current memory status , memory load and CPU usage graphically". MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mind | No |
| X | c | c:\archiv~1\win.com | Added by the CUYDOC TROJAN! | No |
| U | C-Media Echo Control | EchoCtrl.exe | C-Media produce audio chipsets that are often found on popular motherboards with on-board audio. You may need it if you use the echo control feature of C-Media Mixer | No |
| N | C-Media Mixer | Mixer.exe | C-Media produce audio chipsets that are often found on popular motherboards with on-board audio. Provides System Tray access to change audio settings. Available via Start -> Settings -> Control Panel or Start -> Programs | No |
| U | C2K | CYB2K.EXE | CYBERsitter 2000 or 2001 - anti-adult content filter primarily. Required if you want the sites you visit filtered without having to load the software every time you launch your browser | No |
| U | c32cs2 | c32cs2.exe | Cyber Sentinel - internet filtering software | No |
| X | C7 | [path to worm] | Added by the MEDIAKILL.A WORM! | No |
| U | C:\Program Files\dfjdkjfdkjfldjf\dfjdkjfdkjfldjf\winlogin.exe | CritProc.exe | KeyProwler keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| U | C:\Program Files\NetMeter\NetMeter.exe | NetMeter.exe | "Net Meter is a small, customizable network bandwidth monitoring program for Win9x/Me/NT4/2K/XP. NetMeter is and will always stay freeware. The program has been tested extensively on Win2K/XP, but it should work just as well on all other Win32 operating systems" | No |
| X | C:\WINDOWS\IEXPLOR.EXE | IEXPLOR.EXE | "Pop Marketing" adware | No |
| X | C:\WINDOWS\system32\SetupCmd.exe | SetupCmd.exe | Detected by Kaspersky as the AGENT.AAW TROJAN! | No |
| X | C:\WINDOWS\WinTask.exe | WinTask.exe | "Pop Marketing" adware | No |
| U | CA-AMAgent | amagent.exe | Unicenter Asset Management is a solution for proactively managing IT assets in a business environment. It provides full-featured asset tracking capabilities through automated discovery, hardware inventory, network inventory, software inventory, configuration management, software usage monitoring, license management and extensive cross-platform reporting | No |
| Y | CaAvTray | CAVTray.exe | eTrust™ EZ Antivirus system tray application from Computer Associates | No |
| X | Cabchk | Cabchk.exe | Added by the GEMA TROJAN! | No |
| X | Cabchk32 | Cabchk32.exe | Added by the GEMA TROJAN! | No |
| X | CABCInstall | CABCInstall.exe | Ignite Technologies (was CABC) content delivery software | No |
| X | Cable Modem Adapter | WindowsSec.exe | Added by the WOOTBOT.A WORM! | No |
| U | CacheBoost | trayicon.exe | CacheBoost "optimizes the System Cache-Management of Windows XP/2000/NT and Windows .Net Servers, resulting in a performance boost" | No |
| X | CacheLoader | [path to trojan] | Added by the DLOADER-NZ TROJAN! | No |
| N | Cacheman | Cacheman.exe | Freeware disk cache tweaker from Outer Technologies. Should only be run once and not loaded at start-up | No |
| Y | CacheMgr | CacheMgr.exe | Sophos Antivirus Remote Update | No |
| U | CacheSentry Pro | CacheSentry Pro.exe | "CacheSentry Pro is a program that takes over the management of the Internet Explorer (and AOL) web browser cache" | No |
| N | CACStarter | cacstart.exe | Cash A Check - check writing software | No |
| U | Caddais BackupOnDemand | BODMon.exe | Caddais BackupOnDemand - "runs in the background and monitors your important files for changes. Within seconds of changing, modified files are automatically backed up to an archive location" | No |
| U | Cadenza | CdzSvc.exe | Cadenza mNotes for Palm and Pocket PC enables users to access Lotus Notes on their mobile devices | No |
| U | CADS | cads.exe | Cyber Sentinel - internet filtering software | No |
| U | CafeStation | CafeStation.exe | "CafeSuite is the solution for your internet cafe. Our software provides you with ameans to control the workstations, manage customer database, sell products and generate detailed reports and statistics" | No |
| Y | cafwc | cafw.exe | CA Personal Firewall - part of the CA Internet Security Suite | No |
| N | CAgent | CAgent.exe | Abbyy Fine Reader OCR (Optical Character Recognition) software for scanning and converting documents | No |
| X | cAgOu | [filename].hta | Added by the KAKWORM WORM! | No |
| N | CahootWebcard | CahootWebcard.exe | "The Cahoot Webcard is a virtual card that allows you to use your Cahoot credit card online without ever having to expose your real card numbers over the web. It works by generating one-off transaction numbers as a substitute for your real cahoot credit card details". Run manually when needed | No |
| X | caidiysetup | diynetsetupuni.exe | DIYNet adware | No |
| Y | CAISafe | isafe.exe | Part of Computer Associates eTrust EZ Antivirus | No |
| U | CaISSDT | caissdt.exe | Computer Associates Dashboard Tray applet | No |
| N | Cal Reminder Shortcut | calrem.exe | Produces a pop-up reminder of events scheduled using the MS Office Calendar | No |
| X | calc | rundll32.exe [path] ntuser.dll,_IWMPEvents@0 | Added by the OPACHKI.A TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "ntuser.dll" file is located in %UserProfile% | No |
| X | calc | rundll32.exe calc.dll,_IWMPEvents@0 | Added by the OPACHKI.A TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "calc.dll" file is located in %System% | No |
| X | Calc Microsoft Windows | wincalc.exe | Added by an unidentied WORM or TROJAN! | No |
| X | CALC32 | CALC32.EXE | Added by the SPYBOT-EC WORM! | No |
| N | Calendar 200X Reminder | calendar.exe | Calendar 200X - shows holidays, reminders of various anniversaries,tasks etc | No |
| U | Calendarscope | cs.exe | Calendarscope calendar software | No |
| X | calk | calk.exe | Added by the STARTPA-FH TROJAN! | No |
| X | Call Function System32 | sddriver.exe | Added by a variant of the SDBOT TROJAN! | No |
| X | Call32 | Call32.exe | Added by the SPAMMIT-H TROJAN! | No |
| Y | CallBumping | cbpopw.exe | Related to the Gazel 128 PCI ISDN adapter. Required if you use it | No |
| U | CallCenter Main Application | V3calmcp.exe | "V3 Inc. CallCenter is a free 32-bit, integrated fax, voicemail and data communications application with a simple to use interface providing fax send and receive functionality, basic (single mailbox) answering machine capability, and sophistcated data communications." Main application | No |
| U | CallCenter Printer Interface | V3faxecp.exe | "V3 Inc. CallCenter is a free 32-bit, integrated fax, voicemail and data communications application with a simple to use interface providing fax send and receive functionality, basic (single mailbox) answering machine capability, and sophistcated data communications." Fax printer | No |
| N | CallControl | ftctrl32.exe | FaxTalk Messenger Pro is a Windows TAPI based 32-bit application. When installed, the software automatically loads FaxTalk CallControl when you start Windows. When FaxTalk CallControl is running, any TAPI compliant application can request to use the modem from Windows | No |
| N | CamCheck | CamCheck.exe | NuCam camera software related | No |
| U | Cameno | Cameno.exe | Cameno is a program which brings tabbed windows to MSN Messenger 6.0 and above | No |
| U | Camera Assistant Software | traybar.exe | Camera Assistant Software utility for Toshiba laptops - allows you to take pictures with and control the integrated WebCam | No |
| U | Camera Detector | CAMDET~*.EXE | ACDSee Auto Device Detector detects when a device is connected to your PC and gives you the option to acquire images from it automatically | No |
| U | Camera Detector | Camdetect.exe | ACDSee Auto Device Detector detects when a device is connected to your PC and gives you the option to acquire images from it automatically | No |
| U | Camera Detector | DEVDET~*.EXE | ACDSee Auto Device Detector detects when a device is connected to your PC and gives you the option to acquire images from it automatically | No |
| ? | CameraApplicationLauncher | CameraApplicationLaunchpadLauncher.exe | Supports the integrated webcam on IBM/Lenovo Thinkpad notebooks. What does it do and is it required? | No |
| N | Camio Viewer x | IXApplet.exe | Image viewing program that comes with digital cameras. Shows pictures that are in the camera before downloading them. "x" in the name is the version | No |
| ? | CamMonitor | hpqcmon.exe | From HP and related to digital imaging | No |
| N | Canada | Canada.exe | Known to be a dialler - but is it maliscous or clean? | No |
| U | Canary | canary-std.exe | Canary keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| X | candy | command32.exe | Added by the RBOT-LV WORM! | No |
| X | candynet | Taskmsg.exe | Added by the RBOT-NA WORM! | No |
| U | CANoe | CANoe32.exe | CANoe from Vector Informatik. Development and test tool for Engine Control Units (ECU) based upon the CAN, LIN, MOST, FlexRay, Ethernet and J1708 bus systems | No |
| U | Canon MultiPASS Status Monitor | monitr32.exe | Cannon Multi-Pass status monitor - your choice | No |
| ? | Canon PC1200 iC D600 iR1200G Status Window | CAPM1LAK.EXE | Cannon printer related - is it required in startup? | No |
| N | Canon Printer Monitor BJCxxx | Cjstlst.exe | Trayicon for Canon printer. xxx denotes model. Available via Start -> Programs | No |
| U | CanonMyPrinter | BJMyPrt.exe | Printer software for Canon Bubblejet printers | No |
| U | CanonSolutionMenu | CNSLMAIN.exe | Canon's Solution Menu dialog box leads you quickly toward documentation, utilities, and help files | No |
| ? | CAP3ON | CAP3ONN.EXE | Canon driver, purpose unknown. Is it required in startup? | No |
| Y | capfasem | capfasem.exe | CA Personal Firewall - part of the CA Internet Security Suite | No |
| N | Capfax | capfax.exe | PhoneTools fax software | No |
| U | capfupgrade | capfupgrade.exe | CA Personal Firewall - part of the CA Internet Security Suite | No |
| U | CAPing | CAPing.exe | Citibank Citianywhere software | No |
| Y | Capon | Capon.exe | Canon printer driver | No |
| Y | Capon | Caponn.exe | Canon printer driver | No |
| X | Captcha7 | rundll captcha.dll | Added by the TINY.WRE TROJAN! | No |
| X | CaptionMgr32 | crssr.exe | Added by the ZAR.A WORM! | No |
| X | capture | capture.exe | Added by the THEEF-B TROJAN! | No |
| N | Capture Express 2000 | capexp.exe | Capture Express - screen capture utility | No |
| N | CaptureBat | Capture.exe | !Quick Screen Capture from EtruSoft Inc. - "allows you to take screenshots from any part of your screen in more than 10 ways, and save images in BMP/JPG/GIF formats" | No |
| N | Carbonite Backup | CarboniteUI.exe | "Carbonite's online backup service starts automatically and works quietly and continuously in the background protecting your data" | No |
| N | Card Monitor | REGCNT09.exe | For the USB connection on a Panasonic PV-DV701 Digital Camcorder. Available via Start -> Programs | No |
| ? | CardScan AutoSync | CSyncCfg.exe | Related to the CardScan business card reader range of products. May be related to synchronization with E-mail software and mobile devices (see here)? | No |
| X | Care20 | Care20.exe | TopMoxie adware | No |
| U | Care2GTU | Care2GTU.exe | Care2 Green Thumbs-Up (from the Care2 site). Every online purchase helps environmental causes; tells you how eco-friendly a company really is, thanks to over 200 company profiles from Coop America. Saves 1 square foot of rainforest every day you use it. If it works and you like it, keep it | No |
| U | carpserv | carpserv.exe | Associated with Zoltrix and Conexant modems - enables the internal modem speaker, allowing you to listen to the dial-up sounds for example | No |
| X | CARPserver | CARPserver.exe | Added by the BANKER-AN TROJAN! | No |
| U | CARPservice | carpserv.exe | Associated with Zoltrix and Conexant modems - enables the internal modem speaker, allowing you to listen to the dial-up sounds for example | No |
| X | cartao | [path to file] | Added by the DLOADER-QD TROJAN! | No |
| X | cartao | conflicted.exe | Added by the DADOBRA-DV TROJAN! | No |
| X | cartao | killing.exe | Added by the DLOADER-QN TROJAN! | No |
| X | cartao | cartao.exe | Added by the BANKER-FA TROJAN! | No |
| X | CAS Client | casclient.exe | CasinoClient adware | No |
| X | Cas2Stub | cas2stub.exe | CasinoClient adware | No |
| U | CasAgnt | CasAgnt.exe | Program by Extended Systems which allows you to sync your Casio PDA with your PC | No |
| X | Casdvqwa | bmqnzkg.exe | Added by the RANDEX.BE WORM! | No |
| X | caseyvideo | caseyvideo.exe | Malware causing adult content popups | No |
| X | caseyvideo[*] [* = digit] | caseyvideo[*].exe [* = digit] | Malware causing adult content popups | No |
| X | CashBack | cashback.exe | Part of eXact Advertising Software, consisting of "CashBack by BargainBuddy", BullsEye Network and NaviSearch | No |
| X | CashFiesta | Cashfiesta.exe | CASHFIESTA.A pay-per-surf adware | No |
| N | Cashsurfers Cashbar Navigator | Cashbar.Exe | Cashsurfers CashBar Navigator - "The CashBar rotates banner advertisements once per minute and provides you with access to up to date special offers and deals" | No |
| X | CashToolbar | MSCStat.exe | Added by the DOWNLOADER-MY TROJAN! | No |
| X | CashToolbar | svchost.exe | BrowserAid/CashToolbar adware! Note - this is not the legitimate svchost.exe process which should not normally figure in Msconfig/Startup! | No |
| X | Casino Royale | jamesbond.exe | Added by the RBOT-FZO WORM! | No |
| X | Cassandra | [10 to 14 random char]THD.EXE | Added by the KREPPER-AI TROJAN! | No |
| X | Cassandra | cassandra.exe | SuperSpider hijacker - a CoolWebSearch parasite variant. Also detected as a variant of the KREPPER TROJAN! | No |
| X | CasStub | casstub.exe | Added by the CASS-A TROJAN! | No |
| X | Catalyst Control Centre | atixvdm.exe | Added by the RBOT.DMW TROJAN! | No |
| X | catsrv | catsrv.exe | Added by the PAPLOK TROJAN! | No |
| Y | CAVRID | CAVRID.exe | eTrust™ EZ Antivirus Real Time Infection Report from Computer Associates | No |
| Y | CAVS | CAVS.exe | Cheyenne (now eTrust) antivirus | No |
| X | CAZNOVAS | CAZNOVAS.exe | Added by the CAZNO TROJAN! | No |
| X | CBACK.EXE | CBACK.EXE | Added by the PENTA-A TROJAN! | No |
| U | cbInterface | cbInterface.exe | System Tray access to Cobian Backup versions 8 thru 10 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program using the default settings as service on an NT based OS (NT/2K/XP/Vista). If you don't have regularly scheduled backups then choose the startup installation option and run it manually when required | Yes |
| X | cbvcs | urretnd.exe | Added by the FRETHOG-C WORM! | No |
| U | CBWAttn | CBWAttn.exe | Required for Bitware to answer incoming faxes, can cause sleep mode problems | No |
| U | CBWHost | CBWHost.exe | Required for Bitware to answer incoming faxes, can cause sleep mode problems | No |
| ? | CBWUser | CBWDial.exe | Associated with Bitware that integrates fax, voice, pager, and data communications on your desktop | No |
| X | CC2KUI | comet.exe | Comet Cursor adware | No |
| X | ccagent.exe | ccagent.exe | Control Center rogue security software - not recommended, removal instructions here | No |
| X | Ccao | regedit.exe | Probably a variant of MediaTickets adware. Note - this is not the valid Windows registry editor which resides in %Windir% and will not figure in Msconfig/Startup! This version resides in a "mduu" subfolder, which may change | No |
| Y | ccApp | ccApp.exe | Part of earlier versions of Norton AntiVirus - Auto-protect and E-mail check will not function without this | Yes |
| X | ccApp | [random filename] | Added by the OBSORB TROJAN! Note the random filename compared to the valid Norton AntiVirus | No |
| X | ccApp | WMADZ.EXE | Added by the RBOT-LJ WORM! | No |
| X | ccApp | .EXE | Added by the RBOT-LJ WORM! | No |
| X | ccApp | gcasServ.exe | Added by a variant of the RBOT WORM! Do not confuse with the Microsoft AntiSpyware executable of the same name | No |
| X | ccApp | example.exe | TwoSeven spyware | No |
| X | ccAppr | svcrhost.exe | Added by the TACTSLAY.A TROJAN! | No |
| X | ccAppr | expIorer.exe | Added by the TACTSLAY.A TROJAN! | No |
| X | ccAppr | outIook.exe | Added by the TACTSLAY.A TROJAN! | No |
| X | ccAppr | svcshost.exe | Added by the TACTSLAY.A TROJAN! | No |
| X | ccApps | services.exe | Added by the NEVEG.B or NEVEG.C WORMS! Note - this is not the legitimate services.exe process, which should not appear in Msconfig/Startup! | No |
| X | ccApps | winlogon.exe | Added by the NEVEG.A WORM! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup! | No |
| X | ccApps | N/A | Added by the KANGAROO-A TROJAN! | No |
| X | ccApps | ccApps.exe | Added by the KANGAROO-B WORM! | No |
| X | ccctp | HistoryJMTi.exe | Added by the GANBATE.A WORM! | No |
| U | CCD Manager | DDS.EXE | Project Labs Century CD manager for their CD/DVD storage device | No |
| N | Ccdecode | rundll32.exe streamci, StreamingDeviceSetup | Part of the closed caption decdoder/MS VBI codec. Should only run once | No |
| X | ccDHCP32 | ccDHCP32.exe | Added by the AGOBOT-HJ WORM! | No |
| Y | CCDoctorLogonTesting | ccdoctor.exe | Checks your system to make sure it's configured properly for running IBM Rational ClearCase, a source code management tool. ClearCase is fairly sophisticated so there are a lot of system-related things that can cause it grief. If you run ClearCase you should not disable this as it provides a valuable service, but technically it isn't required to use the ClearCase product | No |
| Y | ccenter | CCenter.exe | RAV AntiVirus | No |
| Y | CcEvtMgr | ccEvtMgr.exe | Part of Norton AntiVirus 2003. Event manager for scheduling weekly scans and or automatic virus updates. Used to start automatically via "ccApp" and was not required as a seperate entry but a recent update changed this | No |
| X | ccEvtMrg.exe | ccEvtMrg.exe | Added by the RBOT.GZ WORM! | No |
| X | ccExecute | bootcfg1.exe | Added by the NEMSI-B VIRUS! | No |
| X | ccHelp | ccHelp.hta | Searchq adware | No |
| U | CCleaner | CCleaner.exe | CCleaner from Piriform Ltd. - "is a freeware system optimization, privacy and cleaning tool." Features include removing unused files, cleaning internet history cleaning, managing startup programs and a fully featured registry cleaner | Yes |
| X | ccpApps | csrss.exe | Added by the WEBUS TROJAN! Note - this is not the legitimate csrss.exe process which should not normally figure in Msconfig/Startup! | No |
| X | ccpApps | lsass.exe | Added by the WEBUS.B TROJAN! Note - this is not the legitimate lsass.exe process which should not normally figure in Msconfig/Startup! | No |
| U | ccProxy | CCPROXY.EXE | Part of Norton Internet Security, proxy server that is used to support the parental controls. If you turn parental controls off at user level the process is not loaded. Reported to cause excessive CPU usage | No |
| X | ccPrxy.exe | ccPrxy.exe | Added by the SHIPUP-H WORM! | No |
| Y | CcPxySvc | CCPXYSVC.exe | Part of Norton's AntiVirus 2003, Internet Security and Firewall products. E-mail proxy service - required for E-mail scanning and the firewall | No |
| X | ccreg | explorer.exe | Added by the ZCREW BACKDOOR! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System% | No |
| Y | ccRegVfy | ccRegVfy.exe | Part of earlier versions of Norton AntiVirus - "ccRegVfy.exe is responsible for checking the integrity of the NAV registry entries to make sure that the information has not been changed by a malicious threat or a hack" | Yes |
| X | ccRegVfY | expIorer.exe | Added by the TACTSLAY.A TROJAN! | No |
| X | ccRegVfY | svcrhost.exe | Added by the TACTSLAY.A TROJAN! | No |
| X | ccRegVfY | svcshost.exe | Added by the TACTSLAY.A TROJAN! | No |
| X | ccRegVfY | outIook.exe | Added by the TACTSLAY.A TROJAN! | No |
| X | ccrss | msdtc.exe | Added by the STAP-C WORM! | No |
| Y | ccSetMgr | ccSetMgr.exe | Part of Norton AntiVirus 2004. What does it do? | No |
| X | ccStart | ccStart.exe | Added by the AGOBOT-IR WORM! | No |
| X | ccSvcHst.exe | ccSvcHst.exe | Added by the SDBOT-DIW WORM! | No |
| X | ccsvit.exe | ccsvit.exe | Added by the STARTPA-HP TROJAN! | No |
| U | cctray | cctray.exe | Part of CA Internet Security Suite | No |
| X | ccUpdate | ccUpdate.exe | Added by the AGOBOT.YS WORM! | No |
| U | ccUpdMgr | ccUpdMgr.exe | In Loco Parentis remote surveillance software. Uninstall this software unless you put it there yourself! | No |
| U | CCUTRAYICON | CCU_TrayIcon.exe | Related to Traybar Launcher from Intel Corporation belonging to Intel® Viiv® | No |
| U | ccWasher | aolwasher.exe | Webroot Cache & Cookie Washer - cleaning browser tracks, including cache, cookies, history, mail trash, drop-down address bar, auto-complete forms and downloaded program files for IE, Netscape and AOL | No |
| U | CCWC7a | ac.exe | Moleculesoft Cache, Cookie & Windows Cleaner. No longer supported but available for free | No |
| U | CCWC7I | idxl.exe | Moleculesoft Cache, Cookie & Windows Cleaner. No longer supported but available for free | No |
| U | CCWC7s | stealth.exe | Moleculesoft Cache, Cookie & Windows Cleaner. No longer supported but available for free | No |
| Y | CCWinTray | wintmr.exe | System Tray access to Child Control parental control software by Salfield | No |
| N | CD Storage Master | cdstorager.exe | CD Storage Master - a program designed to catalog CD information, boasts a number of handy features for organizing your collection | No |
| U | CD-DVD Lock for Win95/98/Me/2k/XP | CDVAgent.exe | Loads CD-DVD Lock from Ixis Research, Ltd - which is "intended for restricting read or write access to removable media devices such as CD, DVD, floppy and flash, as well as for restricting access to certain partitions of hard disk drives. You can restrict access by two ways: hide your devices from viewing or lock access to them". If disabled, hidden and locked drives still retain their original status so the user will only be able to change their status them via the main UI | Yes |
| X | cd1 | cd1.exe | Premium rate adult content dialler | No |
| N | CDANTSRV | CDANTSRV.exe | C-Dilla License Management software. Used for any program that uses C-dilla Protection, example: 3D Studio Max 4.x. It loads as a service automatically but is not needed unless you run said program. Can be started and stopped manually | No |
| X | Cdcompat | Cdcompat.exe | Added by the GEMA TROJAN! | No |
| X | cddrv32 | cddrv32.exe | Added by a variant of the CRYPTER.C TROJAN! | No |
| N | CDInterceptor | cdi.exe | CD indexer for measuring the speed of CD players | No |
| Y | cdloader | cdloader2.exe | From MagicJack - "A softphone device that allows you to attach an analog phone into the PC so you can have a traditional-style phone system in your house without any monthly charge" | No |
| U | CDLoader | sb32mon.exe | Part of the SpyBuddy keystroke logger/monitoring program - see here. Remove unless you installed it yourself! | No |
| X | CdnCtr | cdnup.exe | CNNIC Update pest | No |
| X | cdoosoft | herss.exe | Added by the SILLYFDC.BCT WORM! | No |
| X | cdoosoft | olhrwef.exe | Added by the AUTORUN-AAG WORM! | No |
| X | CDriver | windrv.exe | Added by the DELF.WG TROJAN! | No |
| X | CDriver | svchost.exe | Added by a variant of the DELF.IT TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! The location of this file varies | No |
| X | Cdrom Controller | cdromcntrl.exe | Added by the BATTRY-A TROJAN! | No |
| X | cds | cds.exe | Added by the SPYMON TROJAN! | No |
| X | CDSpeed.exe | CDSpeed.exe | Added by the IRCBOT.AEX BACKDOOR! | No |
| N | CDTray | CDTray.exe | On HP PCs, this is the small CD icon next to the time | No |
| U | CDVAgent | CDVAgent.exe | Loads CD-DVD Lock from Ixis Research, Ltd - which is "intended for restricting read or write access to removable media devices such as CD, DVD, floppy and flash, as well as for restricting access to certain partitions of hard disk drives. You can restrict access by two ways: hide your devices from viewing or lock access to them". If disabled, hidden and locked drives still retain their original status so the user will only be able to change their status them via the main UI | Yes |
| U | CeEKEY | CeEKey.exe | Hot Key utility included on Toshiba Satellite laptops | No |
| U | CeEPOWER | cepmtray.exe | Toshiba's Power Management Utility - allows the user to setup different profiles for both AC power and Battery Power on laptops. Contols CPU speed, Monitor Shut Off, Hard Drive Shut-Off, Monitor Brightness, System Stand-by and System Hibernate times | No |
| ? | Ceic | Ceic.exe | ?? | No |
| X | Cekirge | [path to worm] | Added by the KERGEZ.A WORM! | No |
| X | center | [random name]32.exe | Added by the BOFRA.A WORM! | No |
| X | CentralProcessor | taskimgr.exe | Added by the BANCOS.J TROJAN! | No |
| ? | CEPA | wsot.exe | ?? | No |
| X | Cerb | DivXx.exe | Added by the KEYLOG-LV TROJAN! | No |
| U | CertificateRegistration | SafeSignCertReg.exe | SafeSign Certificate Registration Utility for Microsoft Crypto applications | No |
| U | CertReg | certreg.exe | Related to Gemplus Card Reader | No |
| Y | CertStoreInit | CertStoreInit | Aladdin eToken authentication and password management | No |
| Y | certtool | certtool.exe | Part of Client Security Software for IBM\Lenovo notebooks. If you have configured the software via the associated wizard this will need to be running if you want to mount password protected areas of the disk (created with SafeGuard PrivateDisk), use the password manager or file/folder encryption options | No |
| N | CesarFTP FTP Server | server.exe | CesarFTPd - FTP server | No |
| X | cesmain.dll | Rundll32.exe [path] cmail.dll, Rundll32 | CnsMin (Chinese Keywords) hijacker related. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| X | CEventMgr | Cell.exe | Added by the BIFROSE-AK TROJAN! | No |
| N | CFD | CFD.exe | BroadJump Client Foundation. Broadband troubleshooting software installed by various companies. Not required and you can remove it via Add/Remove programs | No |
| X | CFDStart | WinMuschi.exe | WINMUSCHI dialler | No |
| X | cfgboost | cfgboot.exe | Added by an unidentified WORM or TROJAN! | No |
| Y | cfgintpr | cfgintpr.exe | Configuration Interpreter - part of Tiny Personal Firewall V4 | No |
| X | cfgmgr51 | RunDLL32.EXE cfgmgr51.dll,DllRun | BookedSpace parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "cfgmgr51.dll" file is located in %Windir% | No |
| X | cfgmgr52 | RunDLL32.EXE cfgmgr52.dll,DllRun | BookedSpace parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "cfgmgr52.dll" file is located in %Windir% | No |
| N | cfgwiz | cfgwiz.exe | Introduced with Norton Anti-Virus 2002, this is a real resource hog. Many NAV users will find they can live without loading it | No |
| U | CFi ShellToys Utility Manager | CFiShlMan.exe | Manager for CFi ShellToys from Cool Focus International Ltd - which "puts all the tools you need right where you need them - just a click away on your context menu. Right-click one or more files or folders, the desktop or the window background for instant access to 50 context-sensitive shell extensions" | No |
| ? | cFosDNT | cFosDNT.exe | cFos DSL Modem driver related. What does it do and is it required? | No |
| ? | cFosInst_Check | cfosinst.exe | cFos DSL Modem driver related. What does it do and is it required? | No |
| U | cFosSpeed | cFosSpeed.exe | cFos Software Internet acceleration program related. Note - may be necessary for the software to work properly | No |
| U | CFSServ.exe | CFSServ.exe | Belongs to Toshiba's configfree utility and searches for Wireless Devices | No |
| X | cftmon | sfcmonit.exe | Added by a variant of the AGENT.ERG TROJAN! | No |
| X | cftmon | WindowsUpdate.exe | Added by the AGENT.AQK BACKDOOR! | No |
| X | cftmon32 | taskmgr*.exe [* = number] | Added by the SOWSAT.C and SOWSAT.J WORMS! | No |
| X | cfy | cfy.exe | Surfenhance.com SearchForIt adware variant | No |
| X | CGI Firewall Script | CGIAGENT.EXE | Added by the BROPIA-U WORM! | No |
| U | CGServer | cgserver.exe | Associated with an Eicon Networks ISDN or ADSL modem. Call Guard Server (CGserver) watches your modem and blocks incoming or outgoing calls. You need cgard.exe (from Startmenu) to configure cgserver with rules and telephone numbers. Good against unwanted dialer programs | No |
| X | Cgtask Services | cgtask.exe | Added by the LALA.B TROJAN! | No |
| X | Cgywin | cgywin32.exe | Added by the RBOT-AEI WORM! | No |
| U | ChamClock | ChamClock.exe | Chameleon Clock - system tray clock replacement | No |
| X | change-me-now | msgfix1.exe | Added by the SDBOT.ZD WORM! | No |
| U | ChangeICON | SPMSMON.EXE | Card reader related program. Note - may cause problems with My Computer loading at startup. Disabling through MsConfig seems to solve the problem | No |
| ? | ChangeLines | chngline.exe | ?? | No |
| X | ChansonsMP3 | rundll32.exe MSA64CHK.dll,DllMostrar | MatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System% | No |
| Y | Charter High-Speed Security Suite | fspex.exe | Charter High-Speed Security Suite - security software in collaboration with F-Secure | No |
| X | Chat login | chatlogin.exe | Added by the ANTINNY.F WORM! | No |
| N | Chatango | Chatango.exe | Chatango - "allows people to be connected in real time through their Web browsers. Include your Chatango contact link or button when you create eBay auctions, blogs, personal websites, Friendster profiles, and your visitors will be able to contact you instantly, without downloading anything, or registering. Alo use it to send email to your friends, allowing them to respond to you in real time!." The 'MessageCatcher' icon in the System Tray notifies you when you get a message. When you get a message, a little alert pops up, which you can click on and start chatting immediately | No |
| U | ChatStat | ChatStat.exe | ChatStat from ChatStat Technologies, Inc. Provides live chat assistance in up to 16 languages allows your operators to be more productive | No |
| N | Chcenter | chcenter.exe | IMSI HiJaak - "the easiest way to convert, capture, and manage all your graphic files" | No |
| X | Chckup | Netverchk.exe | Covert Sys Exec malware variant | No |
| X | chcp.exe | chcp.exe | Added by the SDBOT.BMH BACKDOOR! | No |
| X | che32 | che.ocx.vbs | Added by the ADENU-B VIRUS! | No |
| X | Cheatle | GigaByte.exe | Added by the SHODI.B VIRUS! | No |
| U | cheatmonitor | start.exe | CheatMonitor surveillance software. Uninstall this software unless you put it there yourself | No |
| X | Check | Check.exe | Added by the VB-DRN WORM! | No |
| N | Check for One Touch Update | wiseupdt.exe | Checks for updates for Visioneer OneTouch scanners | No |
| N | Check for TWS Updates | WiseUpdt.exe | Interactive Brokers - check for update to their standalone Java-based trading platform | No |
| U | Check Messenger | cmesseng.exe | Check Messenger from Qchex.com - program that helps you manage the activity of your Qchex account. Qchex appear to be no longer in buisness | No |
| U | Check&Get | Check&Get.exe | Check&Get from ActiveURLs. Manages your browser bookmarks and favorites. Monitors Web sites for changes and updates, captures and highlights the changed contents | No |
| N | CheckCustomWorksUpdate | CheckCWupdate.exe | Update checker, part of CustomWorks - "customize any embroidery designs to design your own unique creations" | No |
| U | CheckDialer | ChkDial.exe | Added by the CheckDialer modem connection monitoring tool | No |
| X | Checkdisk | mscas.exe | Added by the VAGON-A TROJAN! | No |
| X | CheckFaultKernel | mswdm.exe | Added by the SMALL-CSK TROJAN! | No |
| U | CheckIt | ToolBox.exe | CheckIt Toolbox from WinCheckIt Diagnostic Software. Toolbox automatically backs up critical system files (such as .ini files and the Windows Registry), and performs a check on various system parameters at intervals you specify | No |
| U | CheckIt 86 | CheckIt86.exe | CheckIt 86 popup blocker | No |
| Y | CheckMsgPlus | MsgPlusH.dll, VerifyInstallation | Added by MSN Messenger Plus, a third party extension to MSN Messenger. This is the auto-update feature - see here for more info. | No |
| X | checkrun | elite***32.exe [* = random char] | EliteBar adware | No |
| X | checkrun | elitelsj32.exe | Added by the MULTIDR-ER TROJAN! | No |
| X | CheckScan32 | regload16.exe | Added by the AEBOT.K WORM! | No |
| ? | checktime | ct.exe | Found in the HPSelectFrontend directory on a HP machine. What is it's purpose and is it required? | No |
| Y | CheckVCR | IOMagic.exe | Driver for the I/OMagic Personal Video Recorder (DR-PCTV100) | No |
| X | CheckWinPerf | perfinfo.exe | Added by a variant of the IRCBOT TROJAN! | No |
| U | CherryKeyMan | KeyMan.exe | Multimedia keyboard manager for the Cherry keyboard series. Only required if you use any of the special keys | No |
| X | chiCkie | chiCkie.exe | Added by the CHIKO WORM! | No |
| U | ChicoSys | webtmr.exe | Child Control parental control software | No |
| U | ChikkaDefault | ChikkaLauncher.exe | Chikka PC text messanger and IM client | No |
| U | ChilyClient | ChilyClient.exe | Chily Employee Activity Monitoring surveillance software. Uninstall this software unless you put it there yourself | No |
| X | china11msn | CHINA11MSN.EXE | Added by the ENVID.O WORM! | No |
| U | ChineseStar | cstar.exe | Chinese language support software | No |
| U | CHIPDRIVEPinManager | sokscmpn.exe | ChipDrive Smartcard software | No |
| U | CHIPDRIVESmartcardManager | SCMgr.exe | ChipDrive Smartcard software | No |
| X | CHK Disker | chkdsker.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | CHK NT | chkntf.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| N | CHKADMIN | CHKADMIN.EXE | Compaq Network Management System. When running, it places an icon in the system tray titled "Intelligent Manageability" | No |
| X | ChkDisk | chk_disk.exe | Added by an unidentified WORM or TROJAN! | No |
| X | chkdrv | iemon.exe | Detected by Symantec as the ADCLICKER TROJAN! | No |
| X | chkdsk | autoexec.bat | Added by the ANPES WORM! | No |
| U | ChkMail | ChkMail.exe | Mail-checking program supplied with Acer notebooks | No |
| U | ChoiceMail | CHOICEMAIL.EXE | ChoiceMail from DigiPortal Software. Block spam with an Email firewall | No |
| X | Choke | Choke.exe -blahhh | Added by the CHOKE WORM! | No |
| X | chope | runlli32.exe | Added by the QQPASS-U TROJAN! | No |
| X | chostsv | chostsv.exe | Added by the BANPAES.C TROJAN! | No |
| U | CHotKey | mhotkey.exe | Enables special keys on Chicony keyboards. Special combinations include Internet, E-mail, vol+, vol-, mute, etc. Only required for extended features | No |
| U | CHotKey | MK9805.EXE | Enables special keys on Chicony keyboards. Special combinations include Internet, E-mail, vol+, vol-, mute, etc. Only required for extended features | No |
| U | CHotKey | zHotkey.exe | Enables special keys on Chicony keyboards. Special combinations include Internet, E-mail, vol , vol-, mute, etc. Only required for extended features | No |
| N | Christmas Music Player | TTEST6.EXE | "Christmas Music Player brings the music of the Christmas Holiday to your desktop" | No |
| ? | ChromeMark | keysh.exe | Related to this. Don't know what keysh.exe does though and if it's required | No |
| ? | ChronitelInitTV | CHTVINIT.EXE | ?? | No |
| U | chrono | chrono.exe | Chronograph is a simple utility that synchronizes internal computer clock to the atomic time. Chronograph automatically maintains correct time using atomic clock servers of the National Institute of Standards and Technology (NIST)." Shows seconds and shows the date without having to hover the mouse. Shows a calendar when hovered over | No |
| X | Ci Svr | cisvr.exe | Added by the IRCBOT.AWN BACKDOOR! | No |
| X | ci1gnt | ci1gnt.exe | Detected by Kaspersky as the AGENT.DHU TROJAN! | No |
| X | CiaBackdoor | msldr.com | Added by a VIRUS! | No |
| X | cihost.exe | cihost.exe | Added by the LINST TROJAN! | No |
| N | CIJxP2PSERVER | CIJxP2PS.EXE | Compaq printer utility which is required in order to make the printer work correctly - "x" depends upon the model, ie, for IJ300 x=3, for IJ700 x=7 | No |
| Y | Cingular Communication Manager | CingularCCM.exe | Cingular Communication Manager - now taken over by AT&T. "provides a robust set of wireless communication tools for businesses and individuals. With wireless access to email, the Internet, business applications and corporate intranets, mobile users can be more productive while they're out of the office" | No |
| X | Cinnabd Prompt32 | CmdPrompt32.pif | Added by the ASSIRAL-B WORM! | No |
| N | CIO | che7e1~1.exe | ChatItOut webcam chat program | No |
| X | Ciodiag | DECCONF.EXE | Added by the STRAT.EL TROJAN! | No |
| X | CirebonPunya | XXrocks.exe | Added by the BHARAT.A WORM! | No |
| X | Cisco Systems | [path to worm] | Added by the AUTORUN.UHR WORM! | No |
| U | Cisco Systems VPN Client | ipsecdialer.exe | Cisco VPN Client - lets local users gain Administrator privileges on the operating system | No |
| U | Cisco Systems VPN Client | vpngui.exe | Sets up IPSec communications for Cisco's VPN Client | No |
| N | CISrvr Program | CISRVR.EXE | Related to internet setup on Compaq PC's | No |
| X | Cissi | Cissi.exe | Added by the CISSI.A WORM! | No |
| U | CitiUCS | CitiUCS.exe | Citibank Virtual Account Numbers - "With this free service for Citi cardmembers, you never have to give out your real credit card number online" | No |
| N | CitiVAN | CitiVAN.exe | Option from Citibank to change a credit card number in a random fashion for each purchase. The number will only be used once and never again | No |
| X | cjb | cjb.exe | Added by the AGENT.ALZE TROJAN! | No |
| X | cjb | cjb*.exe | Added by a variant of the AGENT.ALZE TROJAN - where * is a random digit and the file is located in %ProgramFiles%\cjb | No |
| X | CJET | CJet.exe | FFToolBar adware toolbar | No |
| Y | Cjstcom | Cjstcom.exe | Canon printer BJ status language monitor | No |
| Y | ClamWin | ClamTray.exe | ClamWin antivirus | No |
| X | Classes | int1.exe | "Switch" premium rate adult content dialler variant | No |
| X | Classes | intl.exe | "Switch" premium rate adult content dialler variant | No |
| X | Classes | run_21.exe | "Switch" premium rate adult content dialler variant | No |
| X | Classes | srv.exe | "Switch" premium rate adult content dialler variant | No |
| X | Classes | srv2.exe | "Switch" premium rate adult content dialler variant | No |
| X | Classes | MSTAR2.EXE | "Switch" premium rate adult content dialler variant | No |
| X | Classes | mstart.exe | "Switch" premium rate adult content dialler variant | No |
| U | ClauerUpdate | ClUpdate.exe | Automatic updates for the software supporting the Clau-ACCV and Clauer-idCAT digital certificate USB keys | No |
| X | clcbt.exe | clcbt.exe | Added by the AGENT.CBA TROJAN! | No |
| X | clcl3 | clcl3.exe | Added by the AGENT.ES TROJAN! | No |
| X | clcl7 | clcl7.exe | Added by a variant of the Covert Sys Exec TROJAN! | No |
| U | CLCLSet | CLCL.exe | CLCL clipboard caching utility | No |
| N | Clean Access Agent | CCAAgent.exe | Cisco Clean Access Agent from Cisco Systems, Inc | No |
| X | Clean Mgr | cleanmg.exe | Added by the IRCBOT.BBO BACKDOOR! | No |
| X | Clean up | service.exe | Added by the AGENT-FPY TROJAN! | No |
| X | Cleanator | Cleanator.exe | Cleanator rogue privacy program - not recommended, removal instructions here | No |
| ? | CleanEasyImg | cleanall.exe | ?? | No |
| X | Cleaner2009 Freeware | UCLN.exe | Cleaner2009 rogue privacy program - not recommended, removal instructions here | No |
| X | CleanPCTool | SysRep.exe | CleanPCTool rogue system error and cleaning utility - not recommended. A member of the ErrClean family | No |
| ? | CleanRegPath | CleanReg.exe | Apparently Annex A ADSL modem related. What does it do and is it required? | No |
| U | CleanSweep Smart Sweep- Internet Sweep | Csinsm32.exe | Automatic logging of installs from Norton CleanSweep - available via Start -> Programs | No |
| N | CleanSweep Useage Watch | CSUSEM32.EXE | Quarterdeck/Norton CleanSweep component - tracks how often you use files and alerts you to files that have not been used for a specified period of time | No |
| U | CleanTemp | CLEANT~1.EXE | CleanTemp - deletes the contents of the TEMP directory when Windows starts and then closes - using no memory | No |
| U | CleanTemp | CleanTemp.exe | CleanTemp - deletes the contents of the TEMP directory when Windows starts and then closes - using no memory | No |
| N | Cleanup | ONICTASK.EXE | Internet Cleanup from Allume Systems (used to be by OnTrack) - cleans up tracks left by browsing the internet | No |
| Y | CleanUp | mcappins.exe | Used by older versions of McAfee internet security related products to clean up installation files that are no longer required once the product is installed. This entry will normally only appear once the product has been installed before the system is rebooted | Yes |
| Y | CleanUp | CleanUp.exe | Utility that only runs once after installing the drivers for Analog Devices SoundMax integrated soundcards to clean-up the files no longer required once the installation is complete. Other programs/drivers may use the same filename for the same purpose. In this case, the file is located in %System% and is listed under the HKLM\RunOnce registry key | Yes |
| ? | CleanupProgram | cleanup.exe | Sony Vaio related - what does it do and is it required? Located in a C:\Sonysys folder | No |
| X | CleanupTool | SysRep.exe | CleanupTool rogue system error and cleaning utility - not recommended. A member of the ErrClean family | No |
| X | clean_service | clean_service.cmd | Added by the REFAZ WORM! | No |
| U | CleverKeys | CK.exe | CleverKeys - "is free software that provides instant access to definitions at Dictionary.com, synonyms at Thesaurus.com, facts at Reference.com and more - from almost all Windows programs, including word processors, Web browsers and most e-mail programs" | No |
| X | clfmon | clfmon.exe | Added by the TACTSLAY.E TROJAN! | No |
| X | clfmon | nvsvca32.exe | Added by the TACTSLAY.E TROJAN! | No |
| X | clfmon.exe | clfmon.exe | Added by the AGENT-BJ TROJAN! | No |
| X | Cli Confg | cliconfig.exe | Added by a variant of the SPYBOT WORM! See here | No |
| X | CLI Services | clisrv.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| N | Click Radio Tuner | clickr~1.exe | ClickRadio - subscription service playing radio music via the internet | No |
| N | Click Tray Calendar | ClickT~1.EXE | ClickTray Calendar - shows holidays, reminders of various anniversaries,tasks etc | No |
| N | ClickMe | ClickMe.exe | ClickM "JOKE" program | No |
| U | Clickoff | Clickoff.exe | Clickoff automatically dismisses annoying dialog boxes | No |
| N | ClickSight Launcher | cs.exe | Launcher for the ClickSight® marketing tool from ClickStream Technologies - which "is a patented data-collection technology that helps independent software vendors understand the current and future usage of their product" | No |
| X | ClickTheButton | CTB.EXE | ClickTheButton adware | No |
| X | ClickTheButton | csrss.exe | ClickTheButton adware. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "drivers" subfolder | No |
| X | ClickTheButton | cd_load.exe | Added by the DOWNLOADER-MY TROJAN! | No |
| X | CLICONFG | CLICONFG.EXE | Added by the OPASERV.T WORM! | No |
| U | Client Access API Daemon | cwbappcd.exe | IBM iSeries Client Access, see here | No |
| N | Client Access Check Version | cwbckver.exe | Part of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. Checks the software version on your PC to that of the iSeries it is connected to. Not required - and can be turned off in the Client Access properties. It's a waste of resources | No |
| ? | Client Access Express Welcome | cwbwlwiz.exe | Welcome wizard launcher - Part of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. What does it do and is it required? | No |
| N | Client Access Help Update | cwbinhlp.exe | Client Access Help Registry Update Function - part of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. It only updates the help files on your PC to match the level of the attached iSeries | No |
| N | Client Access Service | CwbSvStr.Exe | Part of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. Useful if you are going to access the iSeries through Windows Explorer to move files back and forth between Windows folders and iSeries folders. This is a tool that is only used by Client Access administrators (usually) so it is not required - a waste of resources | No |
| U | Client Access Taskbar | cwbuitsk.exe | IBM iSeries Client Access taskbar, see here | No |
| X | Client Agent | ipxwping.exe | Added by the PPDOOR-N TROJAN! | No |
| X | Client Agent | photes.exe | Added by the PPDOOR-P TROJAN! | No |
| X | Client Agent | [path to file] | Added by the PPDOOR-J TROJAN! | No |
| ? | Client agent for ARCserve | W95AGENT.EXE | Part of Brightstor ARCserve Backup from Computer Associates. What does it do and is it required? | No |
| X | Client for Microsoft Networks | msclient32.exe | Added by the SDBOT-BXQ WORM! | No |
| N | Client Security Solution | cssauth.exe | Part of Thinkvantage Client Security Solution for Lenovo ThinkPad notebooks and ThinkCentre desktops. Once configured via the associated setup screens this loads via winlogon.exe (and loads the password manager) and therefore disabling this entry has no effect | Yes |
| X | Client Server Control Process | [path to trojan] | Added by the AGENT-HR TROJAN! | No |
| X | Client Server Run Time Proccess | csrsrv.exe | Added by a variant of the SDBOT WORM! | No |
| X | Client Server Runtime | [path to worm] | Added by the POEBOT-KR WORM! | No |
| X | Client Server Runtime Process | csrsss.exe | Added by the SDBOT-LD WORM! | No |
| X | Client Server Runtime Process | csrs.exe | Added by the LINKBOT.M WORM! | No |
| X | Client Server Runtime Process | smmss.exe | Backdoor TROJAN! Possible SDBOT-GEN variant | No |
| X | Client Update | wup.exe | Added by the OPANKI.O WORM! | No |
| Y | Cliente DLO | DLOClientu.exe | Part of the backup suites from VERITAS - Backup Exec and NetBackup. Both have now been replaced by their Symantec equivalents since they acquired VERITAS in 2005 | No |
| X | ClientMan1 | mscman.exe | ClientMan parasite variant | No |
| N | Clik Status Monitor | toolsclickstat.exe | Part of Iomega Tools to let you know whether an Iomega PocketZip (nee Clik) removable drive cartridge is installed | No |
| X | Clip Service Manager | clipmg.exe | Added by the DELF.DXJ TROJAN! | No |
| X | Clip Servicer | clipsrvc.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Clip Srv | clipsv.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | clipboard.exe | clipboard.exe | Added by an unidentified WORM or TROJAN! | No |
| N | Clipbook Service | Clipsrv.exe | Supports Windows XP ClipBook Viewer, which allows pages to be seen by remote ClipBooks | No |
| U | clipdiary | clipdiary.exe | Clipdiary from Softvoile - "Free Clipboard Manager for keeping the clipboard history" | No |
| N | ClipMate5x | ClipMt5x.exe | Clip Mate 5.x by Thornsoft. Utility that allows you to store more than one item in the clipboard. Available via Start -> Programs | No |
| N | Clipmate6 | CLIPMT60.EXE | Clip Mate 6 by Thornsoft. Utility that allows you to store more than one item in the clipboard. Available via Start -> Programs | No |
| N | ClipMate7 | ClipMate.exe | Clip Mate 7 by Thornsoft - utility that allows you to store more than one item in the clipboard | No |
| N | Clipomatic | Clipomatic.exe | Mike Lin's Clipomatic is a clipboard cache program - it remembers what was copied to the clipboard even after new data is copied, and allows you to retrieve the old data | No |
| N | Clipsrv | Clipsrv.exe | Supports Windows XP ClipBook Viewer, which allows pages to be seen by remote ClipBooks | No |
| X | ClipSrv | clipserv.exe | Added by the SDBOT-AAV and SDBOT-AFE WORMS! | No |
| X | ClipSrv | CLIPBRD3D.EXE | Added by the MOFEI-D WORM! | No |
| X | Clipsvc | clipsv.exe | Added by the BLACKHOLE.F BACKDOOR! | No |
| N | ClipTrak | ClipTrak.exe | ClipTrak - clipboard extender | No |
| N | ClipTrakker | ClipTrakker.exe | Cliptrakker - clipboard extender | No |
| N | CLISTART | CLIStart.exe | Puts the ATI Catalyst™ Control Center Icon/Shortcut on the System Tray - available via Start → Programs | No |
| X | clkhost | [path to trojan] | Added by the WIXUD-B TROJAN! | No |
| U | CLMFrontPanel | clmpanel.exe | System tray status/display/configuration utility for a number of modems. Can be disabled by right-clicking on the tray icon. If disabled, connection status is lost | No |
| ? | CLMLServer for HP TouchSmart | CLMLSvc.exe | Found on the HP Touchsmart range of desktops and notebooks. What does it do and is it required? | No |
| ? | clnwall | rundll.exe setupx.dll, InstallHinfSection ..delwall.inf | ?? | No |
| X | clock | [various filenames] | LiveChat Adware - known file names include: mssetup.exe, kstatus.exe, spoolsv.exe, sptsupd.exe, osk.exe, msswchx.exe, netdde.exe, msbkup.exe | No |
| X | Clock Manager | amsngr.exe | Added by the SDBOT-XM TROJAN! | No |
| X | ClockSync | Sync.exe | ClockSync - synchronizes your system clock with an internet time server. It's by WhenU, the makers of the Save Now spyware, and they're usually seen in tandem, so it's advised to replace it with one of may spyware free alternatives available | No |
| U | ClockWise | CLOCKWISE.EXE | ClockWise - produced by R J Software - a time utility. It is a schedueler not only for dates, but you can choose it to run programs at any time. It also updates the time by connecting to an atomic clock server. This is a spyware-free alternative to ClockSync | No |
| U | ClocX | ClocX.exe | ClocX - places a clock on the desktop that can be moved and then changed into a calendar plus you can set alarms etc? | No |
| U | CloneCD | CloneCDTray.exe | System tray for the now discontinued CloneCD. The only useful option is "Hide CDR Media" only available via this tray. Has additional unknown functions in later versions | No |
| U | CloneCDElbyCDFL | ElbyCheck.exe | From Elaborate Bytes who make CloneCD - monitors the installed filters of CD-ROMs/DVD-ROMs. Note - under Win2K removing this from startup causes the CD drive in the computer to not be recognized in the OS and after rechecking it prompts that the driver has been corrupted and asks you to restart the computer to fix it | No |
| U | CloneCDTray | CloneCDTray.exe | System tray for the now discontinued CloneCD. The only useful option is "Hide CDR Media" only available via this tray. Has additional unknown functions in later versions | No |
| ? | Clotusorgreg0 | prtStart.exe [path] Orgprt.exe | IBM Lotus SmartSuite related. In a LotusOrgReg folder. Unclear what exactly it does? | No |
| X | Clre | mmdc.exe | Added by the PURSCAN-AI TROJAN! | No |
| X | ClrSchLoader | [path to file] | ClearSearch adware | No |
| X | CLSID | com.exe | Adult content dialler | No |
| X | CLSID | dll.exe | Adult content dialler | No |
| X | CLSID | msgplus.exe | Adult content dialler | No |
| X | CLSID | plugin.exe | Adult content dialler | No |
| X | CLSID | sed.exe | Adult content dialler | No |
| X | CLSID | msgplus.exe | Premium rate adult content dialer. Note - this is NOT the MSN Messenger 'MessengerPlus' extension | No |
| X | CLSRSS | LSACS.EXE | Added by the SILLYFDC-X WORM! | No |
| U | ClUpdate | ClUpdate.exe | Automatic updates for the software supporting the Clau-ACCV and Clauer-idCAT digital certificate USB keys | No |
| ? | CM-SmWizard | SmWizard.exe | SmartWizard MFC Application - associated with C-Media who produce audio chipsets commonly used for on-board sound on motherboards. What does it do and is it required? | No |
| U | cma | cma.exe | DeskSite CMA siftware - "retrieves new content from the DeskSite Data Center" | No |
| X | CMAPP | cmappclient.exe | CasClient adware - also detected as the CMAPP TROJAN! | No |
| N | Cmaudio | Rundll32 cmicnfg.cpl, CMICtrlWnd | System tray control panel for C-Media based soundcards - often included on popular motherboards with in-built audio. Available via Start -> Settings -> Control Panel | No |
| X | Cmd | cmd32.exe | Added by the TANKED WORM! | No |
| X | cmd32 | configs.exe | Hijacker, also detected as the QURL-2 TROJAN! | No |
| X | cmd64 | cmd64.exe | CoolWebSearch Msconfd parasite variant | No |
| X | cmdbcs | cmdbcs.exe | Added by the LINEAG-GKW TROJAN! | No |
| X | cmdcon | cmdcon.exe | Added by the CRYPTER.A TROJAN! | No |
| X | cmds | vtsqn.dll | Added by a variant of the VUNDO TROJAN! | No |
| X | CmdShell.exe | CmdShell.exe | Added by the BCKDR-QHY BACKDOOR! | No |
| X | CME | cme.exe | Part of Gator advertising spyware - see here for removal instructions. Please note that Claria Corporation no longer support GAIN-Supported software - see here | No |
| X | CmeSYS | CMEsys.exe | Part of Gator advertising spyware - see here for removal instructions. Please note that Claria Corporation no longer support GAIN-Supported software - see here | No |
| X | CmeUPD | CMEupd.exe | Part of Gator advertising spyware - see here for removal instructions. Please note that Claria Corporation no longer support GAIN-Supported software - see here | No |
| X | CMFibula | CMFibula.exe | CASClient adware | No |
| N | CmFlywaveName | CmFlywav.exe | Driver for Linksys Wireless-G Music Bridge | No |
| U | CMGrdian | CMGrdian.exe | McAfee Guardian shortcut menu on the System Tray (looks like a castle) given access to Internet Security, Browser Buddy, File Guardian and help. Included with older versions of McAfee Internet Security and possibly others | No |
| U | CMGShieldUI | CMGShieldUI.exe | UI for CMG (CREDANT Mobile Guardian) Shield from Credant Technologies. "The CMG Shield resides on devices and external media to enforce security policies even if the device is disconnected from the network." Used to protect sensitive corporate on laptops, handhelds, smartphones, USB drives and CD-DVDs | No |
| X | CMMan | CMMan.exe | Added by the CMAPP TROJAN! | No |
| X | Cmmon32Sys | cmmon32.exe | Added by the SMALL.CL TROJAN! | No |
| X | cmonitor | startupmon.exe | SystemDoctor rogue security software - not recommended, removal instructions here | No |
| X | cmonitor | pasmon.exe | SystemDoctor rogue security software - not recommended, removal instructions here | No |
| U | CmPCIaudio | RunDll32 CMICNFG3.CPL, CMICtrlWnd | Registers the Control Panel applet for a C-Media PCI sound card | No |
| U | CMPDPSRV | CMPDPSRV.EXE | Printer Driver Plus from ViewAhead Technology (formerly DeviceGuys, Inc.). "Printer Driver Plus seamlessly integrates all the necessary components of a printer driver, plus more". Installed with some Compaq and Lexmark printers | No |
| X | Cmpnt | Devices2.exe | Added by the TOMPAI-D TROJAN! | No |
| X | Cmpnt | mainsv.exe | Added by the TOMPAI-C TROJAN! | No |
| X | cmrss | cmrss.exe | Added by the DELF.DU TROJAN! | No |
| X | cmrss | crmss.exe | Added by the DLOADER-EK TROJAN! | No |
| X | cmrss | [path to trojan] | Added by the DLOADER-QQ TROJAN! | No |
| X | cmrst | cmrst.exe | Added by the BANCOS.S TROJAN! | No |
| X | cmrst | cmrst.scr | Added by the DLOADER-FP TROJAN! | No |
| X | cms | iserver.exe | Added by the DLOADER-WK TROJAN! | No |
| X | CMSally | callmesally.exe | Added by the CASAL.A TROJAN! | No |
| U | CMSETTINGS | ctmn.exe | Part of NetNanny Chat Monitor | No |
| X | cmsound | vcpdll.exe | Added by the TCXMEDI-D downloader TROJAN! | No |
| X | cmsound | vcsystem.exe | Added by the TCXMEDI-D downloader TROJAN! | No |
| X | cmss | system.exe | Added by a variant of the RBOT WORM! | No |
| X | cmssapp | iexplore_.exe | Added by the BANCBAN-CQ TROJAN! | No |
| X | cmssapp | iexplore.exe | Added by the BANCBAN-GF TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | cmssSystemProcess | csmss.exe | Added by the AGENT-CO TROJAN! | No |
| X | cmssSystemProcess | mcsmss.exe | Added by the PROXYSER-F TROJAN! | No |
| X | cmssSystemProcess | csms.exe | Added by the AGENT-Y TROJAN! | No |
| X | CMSystem | CMSystem.exe | CASClient adware | No |
| X | cmt101 | cmt101.exe | Added by a variant of the CRYPTER.C TROJAN! | No |
| ? | CmUCRRun | CmUCReye.exe | Related to Medion Display Information. What does it do and is it required? | No |
| X | cmx32 | cmx32.exe | Added by the GEMA.D TROJAN! | No |
| X | Cn323 | cnfrm33.exe | Added by the MIMAIL.G WORM! | No |
| X | Cn911 | ODBCJET.exe | Added by the BIFROSE-PR TROJAN! | No |
| X | CNBABE | CNBABE.EXE | Appears to be spyware added by KAZAA (and maybe others) that displays pop-up ads whilst you're browsing | No |
| N | cnet | kontiki.exe | Kontiki Delivery Manager - Windows-based client software that enables secure delivery of content to users' desktops | No |
| Y | cnfgCav | CMain.exe | Part of Comodo Antivirus | No |
| X | Cnfrm32 | cnfrm.exe | Added by the MIMAIL.D WORM! | No |
| X | CnsMax | Internat.exe | Added by the POINTEX TROJAN! Note - the real internat.exe resides in %windir%\system (where %windir% is the Windows directory - C:\Windows or C:\Winnt) whereas this version resides in %windir% | No |
| X | CnsMin | Rundll32.exe [path] CNSMIN.DLL, Rundll32 | CnsMin (Chinese Keywords) hijacker related. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| Y | CnwiDeviceAgent | cnwida.exe | Part of the Canon imagePROGRAF W8400 printer management software | No |
| Y | CnxAdslL | CnxAdslL.exe | DLink, Zoom, or Conexant modem driver | No |
| N | CnxDslTaskBar | CnxDslTb.exe | Connexant DSL Taskbar as used on Acess Runner and Samsung AHT-E310 ADSL modems | No |
| U | CobBU | CobBU.exe | Cobian Backup versions 6 and 7 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (NT/2K/XP). If you don't have regularly scheduled backups then choose the startup option and run it manually when required | Yes |
| U | Cobian | Cobian.exe | Cobian Backup versions 8 thru 10 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (NT/2K/XP/Vista). If you don't have regularly scheduled backups then choose the startup option and run it manually when required | Yes |
| U | Cobian Backup | cbInterface.exe | System Tray access to Cobian Backup 10 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program using the default settings as service on an NT based OS (NT/2K/XP/Vista). If you don't have regularly scheduled backups then choose the startup installation option and run it manually when required | Yes |
| U | Cobian Backup | CobBU.exe | Cobian Backup 6 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (NT/2K/XP). If you don't have regularly scheduled backups then choose the startup option and run it manually when required | Yes |
| U | Cobian Backup 10 | Cobian.exe | Cobian Backup 10 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (XP/Vista/7). If you don't have regularly scheduled backups then choose the startup option and run it manually when required | Yes |
| U | Cobian Backup 10 Interface | cbInterface.exe | System Tray access to Cobian Backup 10 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program using the default settings as service on an NT based OS (NT/2K/XP/Vista). If you don't have regularly scheduled backups then choose the startup installation option and run it manually when required | Yes |
| U | Cobian Backup 6 | CobBU.exe | Cobian Backup 6 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (NT/2K/XP). If you don't have regularly scheduled backups then choose the startup option and run it manually when required | Yes |
| U | Cobian Backup 7 | CobBU.exe | Cobian Backup 7 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (NT/2K/XP). If you don't have regularly scheduled backups then choose the startup option and run it manually when required | Yes |
| U | Cobian Backup 7 Application | CobBU.exe | Cobian Backup 7 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (NT/2K/XP). If you don't have regularly scheduled backups then choose the startup option and run it manually when required | Yes |
| U | Cobian Backup 7 Interface | cobui.exe | System Tray access to Cobian Backup 7 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program using the default settings as service on an NT based OS (NT/2K/XP). If you don't have regularly scheduled backups then choose the startup installation option and run it manually when required | Yes |
| U | Cobian Backup 8 | Cobian.exe | Cobian Backup 8 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (NT/2K/XP/Vista). If you don't have regularly scheduled backups then choose the startup option and run it manually when required | Yes |
| U | Cobian Backup 8 interface | cbInterface.exe | System Tray access to Cobian Backup 8 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program using the default settings as service on an NT based OS (NT/2K/XP/Vista). If you don't have regularly scheduled backups then choose the startup installation option and run it manually when required | Yes |
| U | Cobian Backup 9 | Cobian.exe | Cobian Backup 9 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (NT/2K/XP/Vista). If you don't have regularly scheduled backups then choose the startup option and run it manually when required | Yes |
| U | Cobian Backup 9 interface | cbInterface.exe | System Tray access to Cobian Backup 9 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program using the default settings as service on an NT based OS (NT/2K/XP/Vista). If you don't have regularly scheduled backups then choose the startup installation option and run it manually when required | Yes |
| U | Cobian Backup Amanita | cbInterface.exe | System Tray access to Cobian Backup 9 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program using the default settings as service on an NT based OS (NT/2K/XP/Vista). If you don't have regularly scheduled backups then choose the startup installation option and run it manually when required | Yes |
| U | Cobian Backup Amanita | Cobian.exe | Cobian Backup 9 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (NT/2K/XP/Vista). If you don't have regularly scheduled backups then choose the startup option and run it manually when required | Yes |
| U | Cobian Backup Black Moon | cbInterface.exe | System Tray access to Cobian Backup 8 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program using the default settings as service on an NT based OS (NT/2K/XP/Vista). If you don't have regularly scheduled backups then choose the startup installation option and run it manually when required | Yes |
| U | Cobian Backup Black Moon | Cobian.exe | Cobian Backup 8 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (NT/2K/XP/Vista). If you don't have regularly scheduled backups then choose the startup option and run it manually when required | Yes |
| U | Cobian Backup Boletus | Cobian.exe | Cobian Backup 10 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (XP/Vista/7). If you don't have regularly scheduled backups then choose the startup option and run it manually when required | Yes |
| U | Cobian Backup Interface 6 | cobui.exe | System Tray access to Cobian Backup 6 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program using the default settings as service on an NT based OS (NT/2K/XP). If you don't have regularly scheduled backups then choose the startup installation option and run it manually when required | Yes |
| U | cobui | cobui.exe | System Tray access to Cobian Backup versions 6 and 7 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program using the default settings as service on an NT based OS (NT/2K/XP). If you don't have regularly scheduled backups then choose the startup installation option and run it manually when required | Yes |
| X | CodeClean | CCIntro.exe | CodeClean rogue security software - not recommended | No |
| U | Codename Dashboard | dashboard.exe | Codename: Dashboard - "an application that resides at the side of your screen. Built on the Microsoft .NET Framework, it is a host for interchangeable components through which C.D. allows you to have any information you want, on your desktop, all the time" | No |
| ? | COEMsgDisplay | COEMsgDisplay.exe | Part of HP's PC Common Operating Environment (PC COE) project. Located in %ProgramFiles%\Hewlett-Packard\PC COE. What does it do and is it required? | No |
| X | cof.updit | [random filename] | Added by a variant of the SDBOT WORM! | No |
| U | CognizanceTS | rundll32.exe [path] AsTsVcc.dll, RegisterModule | Cognizance Corp Identity And Access Management suite | No |
| X | Coldlife -icmp | Systray.exe | Added by the FLOOD.AV TROJAN! Note - this is not the legitimate systray.exe process | No |
| N | CollaborationHost | p2phost.exe | Signs a user into the People Near Me feature at login in Windows 7 and Vista. People Near Me enables you to use certain peer-to-peer (P2P) programs on a network - that "identifies people nearby who are using computers and allows those people to send you invitations for programs such as Windows Meeting Space. They can only invite you to participate in programs that are installed on your computer." Available via Start → Control Panel | Yes |
| U | coloreal | coloreal.exe | Makes colours sharper and brighter, but will only work with coloreal capable monitors | No |
| N | Colorific | Hgcctl95.exe | Colorific® from E-Color - "delivers accurate gamma and color temperature across your entire system - monitor to printer and digital camera to monitor." Now superseded by ColorWizzard™ | No |
| N | Colorific Control Panel | Hgcctl95.exe | Colorific® from E-Color - "delivers accurate gamma and color temperature across your entire system - monitor to printer and digital camera to monitor." Now superseded by ColorWizzard™ | No |
| X | COM Service | mscom32.com | Added by the BEASTY.H TROJAN! | No |
| X | COM Service | msynvr.com | Added by the BEASTY.G TROJAN! | No |
| X | COM Service | msjclh.com | Added by the BEASTY.E TROJAN! | No |
| X | COM Service | msdrce.com | Added by the BEASTY.I TROJAN! | No |
| X | COM Service | msflyx.com | Added by the BEASTDO-O TROJAN! | No |
| X | COM+ Event System | DRWTSN16.EXE | Added by the LOVGATE.AB WORM! | No |
| X | COM+ EventSystem Services | ECSERVER.EXE | Added by a variant of the SDBOT WORM! | No |
| X | Com+ Sys | csrs.exe | Added by the FORBOT-BT WORM! | No |
| X | COM+ System Applications | lsas.exe | Added by the AGOBOT.SE WORM! | No |
| X | COM++ System | exploier.exe | Added by the LOVGATE.Z WORM! | No |
| X | COM++ System | suchost.exe | Added by the LOVGATE-F WORM! | No |
| X | COM++ System | svchost.exe... | Added by a variant of the LOVGATE WORM! | No |
| N | COM-IP | COMIP.EXE | COM-IP Virtual Modem Driver (COM-IP Creates a Fake Serial Port that allows you to use older DOS Based Communications Programs over Telnet. Type atdt host.domain.com instead of atdt 5551212) | No |
| U | com.codeode.cactusspamfilter | cactusspamfilter.exe | Cactus Spam - free easy-to-use spam blocker | No |
| U | com.codeode.privacymantra | privacymantra.exe | "Privacy Mantra keeps your computer clean from online and offline tracks" | No |
| U | ComAgent | ComAgent.exe | ComAgent - MDaemon's instant messaging client | No |
| X | combo.exe | combo.exe | Added by the CHIMO-C TROJAN! | No |
| X | combop.exe | combop.exe | Added by the BOWFEED-A TROJAN! | No |
| X | Comcast Network | ribiva.exe | Added by a variant of the IRC TROJAN! | No |
| X | ComcastSUPPORT | tgkill.exe | Comcast (the cable folks who are replacing @home in some parts of the USA) have struck a deal with Tioga to provide an "enhanced" support and self-repairing tool. This is "beta" at present and was made available to download by mistake at present. Remove via Start -> Settings -> Add/Remove Programs | No |
| X | COMCFG | comcfg.exe | Added by the TOADCOM.A TROJAN! | No |
| X | comctl32 | comctl32.exe | Adware - detected by Kaspersky as the AGENT.AM TROJAN! | No |
| U | COMDRV32 | svdhost.exe | Orvell Monitoring 2003 surveillance software. Uninstall this software unless you put it there yourself. Note - asks for permission to contact the IP address of http://www.protectcom.com/ | No |
| U | Comm Driver | commh32.exe | G Data "PC Spion". PC monitoring and surveilling software, captures all users activity on the PC, see here. Disable/remove if you didn't install it yourself! | No |
| X | Command | system.exe | Added by the GATECRASH.A or GATECRASH.B TROJANS! | No |
| X | Command | Gotit.exe | Added by the TITOG WORM! | No |
| X | COMMAND | command.exe | Added by the QQPASS.E TROJAN! | No |
| X | command | javaw.exe | Added by the AGOBOT-LG WORM! | No |
| X | Command Prompt32 | CmdPrompt32.pif | Added by the ASSIRAL.B WORM! | No |
| U | Command WorkStation 4 | cws 4.exe | EFI's Command WorkStation makes "managing demanding workflows easier by centralizing job management. The software automatically identifies the Fiery servers on the network and offers customization options for displaying information" - for high-end print environments | No |
| X | command32 | command32.exe | Added by the LINEADI-A TROJAN! | No |
| N | CommCtr | commctr.exe | "Net2Phone CommCenter is the latest in Internet voice technology allowing you to place calls easily all over the world right from your PC!". Available via Start -> Programs | No |
| Y | Common Client | ccApp.exe | Part of earlier versions of Norton AntiVirus - Auto-protect and E-mail check will not function without this | Yes |
| Y | Common Client | ccRegVfy.exe | Part of earlier versions of Norton AntiVirus - "ccRegVfy.exe is responsible for checking the integrity of the NAV registry entries to make sure that the information has not been changed by a malicious threat or a hack" | Yes |
| X | Common Files | twain.exe | Added by the AGENT.BEA TROJAN! | No |
| X | CommonService | winup.exe | Added by the DLOADR-BJJ TROJAN! | No |
| Y | COMMUNICATOR | Communicator.exe | Part of Microsoft Office Communicator, which is an integrated communications client that allows information workers to communicate in real time using a range of different communication options, including instant messaging (IM), voice, and video | No |
| U | Comodo Firewall | CPF.exe | Comodo Firewall | No |
| Y | COMODO Firewall Pro | cfp.exe | Comodo Firewall Pro | No |
| U | Comodo Launch Pad Tray | CLPTray.exe | System Tray access to LaunchPad as bundled with Comodo's freebie offerings such as Comodo Anti-Virus. Some allege that LaunchPad is impossible-to-uninstall adware, or worse - see here | No |
| Y | COMODO Memory Firewall | cmf.exe | "Comodo Memory Firewall is a buffer overflow detection and prevention tool which provides the ultimate defence against one of the most serious and common attack types on the Internet - the buffer overflow attack" | No |
| U | Companion Module | companion.exe | The AOL Companion is a small window that appears when you connect to the service using verison 8.0 and early builds of version 9.0. "Use the Companion to quickly get to your favourite features, including your Buddy List, Favourite Places, Address Book, and more!" | Yes |
| X | CompanionWizard | compwiz.exe | Part of WinAntiVirusPro 2007 rogue security software (and possibly others) - not recommended, see here | No |
| U | Compaq Alerter | CPQAlert.exe | Compaq's Insight Manager Agent - a tool that allows for "fault, performance, and configuration management". Recommended for corporate users only. It's best removed if installed but not wanted, rather than disabled at startup. See here for more information | No |
| N | Compaq Computer Corp SCCenter Module | SCCENTER.EXE | For Compaq PC's. Part of Backweb | No |
| ? | Compaq Computer Security | Rundll32.exe SECURE32.CPL, Service | ?? | No |
| N | Compaq Connections | COMPAQ~1.EXE | See here - "messaging service that automatically sends you support information, tips, ideas, and special offers from HP and our partners, especially designed for HP and Compaq desktop computer owners" | No |
| N | Compaq Connections | BackWeb-1940576.exe | See here - "messaging service that automatically sends you support information, tips, ideas, and special offers from HP and our partners, especially designed for HP and Compaq desktop computer owners". * can be any digit | No |
| N | Compaq Connections | Compaq Connections.exe | See here - "messaging service that automatically sends you support information, tips, ideas, and special offers from HP and our partners, especially designed for HP and Compaq desktop computer owners" | No |
| N | Compaq DMI | cpqdmi.exe | Compaq version of the Desktop Management Interface | No |
| X | Compaq Drivers | F1rewalls.exe | Added by the SDBOT-WD WORM! | No |
| N | Compaq Internet Setup | inetwizard.exe | For Compaq PC's. Runs Compaq internet setup wizard and offers you to signup from ISP list | No |
| X | Compaq Jes Drivers | winjes.exe | Added by the SDBOT-XR WORM! | No |
| U | Compaq Knowledge Center | silent.exe & matcli.exe | "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, state, etc and gets written to a log file while silent.exe executes matcli.exe quietly in the background. Compaq Knowledge Center is required to run with the Help and Support program. If you uncheck Compaq Knowledge Center and and then run help and Support it will add another Compaq Knowledge Center in the startup menu. If you remove the Compaq Knowledge Center in the add/remove program some help menus in help and support will not be available like Fix my Presario, Preference, and Contact Technical Support". You decide | No |
| N | Compaq Message Server | COMPAQ-RBA.EXE | Applies to the CPQBootPerfDB entry as well. These files generate some kind of server or servlet that attempts to connect with Compaq online. They are like Trojans, but fairly harmless. They send information on the "Compaq Advisor/Compaq Message Screener" application that comes with every Compaq computer and provide feedback on how computer users use the Message Advisor. These messages appear occasionally and instruct and advise users on their computer and its use. They generally attempt to get you (these messages) to connect to Compaq's website. They may be safely disabled via (1) MSCONFIG or (2) Start -> Programs -> Compaq Advisor -> Advisor Settings under the "advanced" tab. Not required and can cause problems | No |
| U | Compaq PK Daemon | cpqkl.exe | For Compaq laptops for programming user configurable keys. Not required unless you use them | No |
| X | Compaq Print Fax | cpqa1000.exe | Added by the SDBOT.BCV WORM! Please take note of the difference between the legitimate Compaq Fax Utility Name (A1000 Settings Utility) and the name (Compaq Print Fax) used by this worm | No |
| X | Compaq Service Drivers | systeminfos.exe | Added by the SDBOT-XC WORM! | No |
| X | Compaq Service Drivers | compq.exe | Added by a variant of the SDBOT WORM! | No |
| X | Compaq Service Drivers | navapqwa.exe | Added by the SDBOT.BBQ WORM! | No |
| X | Compaq Service Drivers | amsn.exe | Added by a variant of the SDBOT WORM! | No |
| X | Compaq Service Drivers | compqs.exe | Added by a variant of the SDBOT WORM! | No |
| X | Compaq Service Drivers | msnt.exe | Added by the SDBOT.CQL WORM! | No |
| X | Compaq Service Drivers | NtKernelSystem.exe | Added by a variant of the SDBOT WORM! | No |
| X | Compaq Service Drivers | wincmd.exe | Added by the RBOT.ATV WORM! | No |
| X | Compaq Service Drivers | wind32.exe | Added by a variant of the SDBOT WORM! | No |
| X | Compaq Service Drivers | winmsn.exe | Added by a variant of the SDBOT WORM! | No |
| X | Compaq Service Drivers | compaq.exe | Added by the SDBOT-AFU WORM! | No |
| X | Compaq Service Drivers | msnsvc.exe | Added by the RBOT.BKT WORM! | No |
| X | Compaq Service Drivers | ntsys32.exe | Added by the RBOT.CIW WORM! | No |
| X | Compaq Service Drivers | winsvc.exe | Added by the SDBOT-AGD WORM! | No |
| X | Compaq Service Drivers 32 | compq32.exe | Added by a variant of the SDBOT WORM! | No |
| X | Compaq Service Drivrs | copq.exe | Added by a variant of the RBOT WORM! | No |
| X | Compaq Services Drivers | ndt32.exe | Added by the RBOT.CQZ WORM! | No |
| X | Compaq Sound Drivers For WINDOWS | sounddr.exe | Added by the SDBOT-XG WORM! | No |
| N | Compaq Video CD Watcher | ?? | For Compaq PC's. MPEG viewer | No |
| X | Compaq32 Service Drivers | ms32.exe | Added by the SDBOT.BWH WORM! | No |
| X | Compaq32 Service Drivers | msconfig32.exe | Added by the SDBOT-ADC WORM! | No |
| X | Compaq32 Service Drivers | msnt32.exe | Added by the RBOT.BVF WORM! | No |
| ? | CompaqHW Comp Manager | cpqhcm.exe | Running on a Compaq laptop - any ideas? | No |
| N | CompaqPrinTray | printray.exe | Puts printer icon in the System Tray. When this option is disabled you will no longer be able to access the Control Program or Printer Driver directly from your desktop | No |
| X | Compaqs Service Driver | copypad32.exe | Added by the SDBOT.CSO WORM! | No |
| X | Compaqs Service Drivers | compqs.exe | Added by a variant of the SDBOT WORM! | No |
| N | CompaqSystray | cpqpscp.exe | Compaq System Tray icon | No |
| X | Compatibility Service Process | regsvs.exe | Added by the GAOBOT.YN WORM! | No |
| X | Compd Service Drivrs | codq.exe | Added by a variant of the SDBOT WORM! | No |
| X | Compliant | [worm filename] | Added by the RBOT-LB WORM! | No |
| X | ComPlus Applications | twain.exe | Added by the AGENT.AQO TROJAN! | No |
| U | ComproRemote | ComproRemote.exe | VideoMate TV tuner and capture card - remote control driver | No |
| U | ComproSchedulerDTV | ComproSchedulerDTV.exe | VideoMate TV tuner and capture card - scheduler | No |
| U | CompuSpy | CompuSpy.exe | CompuSpy surveillance software. Uninstall this software unless you put it there yourself | No |
| U | CompuSpy KeyLogger | cswin2008.exe | CompuSpy surveillance software. Uninstall this software unless you put it there yourself | No |
| X | Computer Defender 2009 | cd2009.exe | Computer Defender 2009 rogue security software - not recommended, removal instructions here | No |
| X | Computing Technologie Firewall | lsauth.exe | Added by the SDBOT-WX WORM! | No |
| N | COMSMDEXE | comsmd.exe | 3Com tray icon | No |
| X | ComStart | Trojan Guarder.exe | TrojanGuarder rogue security software - not recommended | No |
| X | ComTry Web Searcher | wstray.exe | Comtry MP3 Downloader related - spyware | No |
| X | comxt | comxt.exe | Added by the COMXT TROJAN! | No |
| X | con | [path to trojan] | Added by the BRAVE-A TROJAN! | No |
| ? | Concurre | concurre.exe | ?? | No |
| X | ConducteurPrive | GDC.exe | ConducteurPrive rogue privacy tool - not recommended. A member of the PCPrivacyTool family | No |
| X | ConfidentSurf | GDC.exe | ConfidentSurf rogue privacy tool - not recommended. A member of the PCPrivacyTool family | No |
| X | ConfidentUser | SRP.exe | ConfidentUser rogue security software - the site's "online scanner" is detected by Kaspersky as WinFixer.ba | No |
| X | Config | service.exe | Added by the ISRAZ.B WORM! | No |
| X | Config | WinService32.exe | Added by the CRUTCHA-A TROJAN! | No |
| X | Config | winconfig.exe | Added by the GIP.113.B1 TROJAN! | No |
| X | Config | CONFIG.EXE | Added by the PSWGIP.B TROJAN! | No |
| X | Config | TaskUpdate.exe | Added by the MDROP-BRO TROJAN! | No |
| X | Config Loadation | iEEexplore.exe | Added by the SDBOT.H TROJAN! | No |
| X | Config Loadatiorin | I3Explorer.exe | Added by the SDBOT.H TROJAN! | No |
| X | Config Loader | svchosl.exe | Added by the GAOBOT.P WORM! | No |
| X | Config Loader | sysldr32.exe | Added by the GAOBOT WORM! | No |
| X | Config Loader | scvhost.exe | Added by the GAOBOT.AE or GAOBOT.AO WORMS! | No |
| X | Config Loader | svhost.exe | Added by a variant of the AGOBOT/GAOBOT WORM! | No |
| X | Config Loader | svchost2.exe | Added by the AGOBOT.XE WORM! | No |
| X | Config Loader | [worm filename] | Added by the AGOBOT-AE WORM! | No |
| X | Config Loader | SYSMGR.EXE | Added by the AGOBOT.C WORM! | No |
| X | Config Loader | wincrt32.exe | Added by the AGOBOT-AW WORM! | No |
| X | Config Loader for Microsoft Windows | mwincfg32.exe | Added by the AGOBOT.BD WORM! | No |
| X | Config Loader2 | explores.exe | Added by the GAOBOT.BT WORM! | No |
| X | Config Loadr | winsys32.exe | Added by the AGOBOT-HN WORM! | No |
| X | Config33.exe | Config33.exe | Added by the SDBOT.T TROJAN! | No |
| X | ConfiggLoader | cart322.exe | Added by the GAOBOT.DJ WORM! | No |
| U | ConfigSafe | CFGSAFE.EXE | ConfigSafe - lets you identify changes to the registry, INI files, System asset files, system hardware, network connections, and operating system versions -- provides a restore function. Your choice | No |
| U | ConfigSafe | AUTOCHK.EXE | ConfigSafe - lets you identify changes to the registry, INI files, System asset files, system hardware, network connections, and operating system versions -- provides a restore function. Your choice | No |
| N | ConfigServices | Config.exe | Part of initial setup on a Compaq PC | No |
| X | configsetup | configsetup32.exe | Added by the AGOBOT-AFP WORM! | No |
| X | Configuration | explorer32.exe | Added by the SDBOT-ML WORM! | No |
| X | configuration | apphost.exe | Added by the SDBOT-VP WORM! | No |
| X | Configuration | ntsys32.exe | Added by the SDBOT-LN WORM! | No |
| X | Configuration | msgfixs.exe | Added by the SDBOT-NN WORM! | No |
| X | Configuration Default | Wuxat.exe | Added by the SPYBOT-CA WORM! | No |
| X | Configuration Driver | scghost.exe | Added by the SDBOT-DLA WORM! | No |
| X | Configuration File | Winset32.exe | Added by the FLUX.101 TROJAN! | No |
| X | Configuration Loaded | wupdated.exe | Added by the MOEGA or MOEGA.AG or MOEGA.AP WORMS! | No |
| X | Configuration Loaded | lssas.exe | Added by a variant of the SDBOT WORM! | No |
| X | Configuration Loaded | iexploree.exe | Added by the SDBOT-KC WORM! | No |
| X | Configuration Loader | aim95.exe | Added by the LOADCFG or SDBOT TROJANS! | No |
| X | Configuration Loader | cmd32.exe | Added by the LOADCFG or SDBOT TROJANS! | No |
| X | Configuration Loader | syscfg32.exe | Added by the SDBOT.B BACKDOOR! | No |
| X | Configuration Loader | service5.exe | Added by the GAOBOT.AF WORM! | No |
| X | Configuration Loader | lfass.exe | Added by a variant of the AGOBOT/GAOBOT WORM! | No |
| X | Configuration Loader | sycfg34.exe | Added by the GAOBOT.AN WORM! | No |
| X | Configuration Loader | wincrt32.exe | Added by the GAOBOT.BF WORM! | No |
| X | Configuration Loader | windex.exe | Added by the GAOBOT.BZ WORM! | No |
| X | Configuration Loader | dosrun32.exe | Added by the GAOBOT.AO WORM! | No |
| X | Configuration Loader | Service.exe | Added by the GAOBOT.AO WORM! | No |
| X | Configuration Loader | Servicess.exe | Added by the GAOBOT.AO WORM! | No |
| X | Configuration Loader | sw32.exe | Added by the AGOBOT.BQ WORM! | No |
| X | Configuration Loader | System.exe | Added by the GAOBOT.AO WORM! | No |
| X | Configuration Loader | Winreg.exe | Added by the GAOBOT.AO WORM! | No |
| X | Configuration Loader | sysinfo.exe | Added by the GAOBOT.FQ WORM! | No |
| X | Configuration Loader | microsoft.exe | Added by the GAOBOT.JB WORM! | No |
| X | Configuration Loader | confgldr.exe | Added by the GAOBOT.GEN!POLY WORM! | No |
| X | configuration loader | winicfg32.exe | Added by the GAOBOT.RQ WORM! | No |
| X | Configuration Loader | svhst.exe | Added by the GAOBOT.YC WORM! | No |
| X | Configuration Loader | msgfix.exe | Added by the GAOBOT.AUS or SDBOT.J or SDBOT-QG WORMS! | No |
| X | Configuration Loader | msnss.exe | Added by the GAOBOT.AUS WORM! | No |
| X | Configuration Loader | IEXPL0RE.EXE | Added by the SDBOT BACKDOOR! Note the number "0" in the filename | No |
| X | Configuration Loader | loadcfg32.exe | Added by the SDBOT BACKDOOR! Note the number "0" in the filename | No |
| X | Configuration Loader | MSTasks.exe | Added by the LOADCFG or SDBOT TROJANS! | No |
| X | Configuration Loader | systemry.exe | Added by a variant of the AGOBOT/GAOBOT WORM! | No |
| X | Configuration Loader | ccSort.exe | Added by the AGOBOT.SR WORM! | No |
| X | Configuration Loader | smss32.exe | Added by the AGOBOT.MB WORM! | No |
| X | Configuration Loader | wincffg.exe | Added by the AGOBOT.A3 WORM! | No |
| X | Configuration Loader | seru32.exe | Added by the SDBOT-VR WORM! | No |
| X | Configuration Loader | botss.exe | Added by the SDBOT-XS WORM! | No |
| X | Configuration Loader | ldasp.exe | Added by the AGOBOT.BH WORM! | No |
| X | Configuration Loader | msgcfgsrv.exe | Added by a variant of the AGOBOT/GAOBOT WORM! | No |
| X | Configuration Loader | smsai.exe | Added by the SDBOT-YE WORM! | No |
| X | Configuration Loader | svupdate.exe | Added by the RANDEX.DXP WORM! | No |
| X | Configuration Loader | crcss.exe | Added by the AGOBOT.ADG WORM! | No |
| X | Configuration Loader | lexplore.exe | Added by the RBOT-AGX WORM! Note - the executable is spelt with a lower case "L" rather than an lower or upper case "i" which is the case with Internet Explorer | No |
| X | Configuration Loader | scvhost.exe | Added by the AGOBOT-AAE and SDBOT.AR WORMS! | No |
| X | Configuration Loader | svchost.exe | Added by the PARADROP-A WORM! Note - this is not the legitimate svchost.exe process which should not normally figure in Msconfig/Startup! | No |
| X | Configuration Loader | svchost2.exe | Added by the AGOBOT.JR WORM! | No |
| X | Configuration Loader | dezi.exe | Added by the SDBOT-OB WORM! | No |
| X | Configuration Loader | mouse.exe | Added by a variant of the AGOBOT/GAOBOT WORM! | No |
| X | Configuration Loader | msg.exe | Added by the SDBOT.BT WORM! | No |
| X | Configuration Loader | WinHelper.exe | Added by a variant of the AGOBOT/GAOBOT WORM! | No |
| X | Configuration Loader | extrac.exe | Added by the SDBOT-AFP WORM! | No |
| X | Configuration Loader | DVD-Player.exe | Added by a variant of the SDBOT WORM! | No |
| X | Configuration Loader | IEXPLORE.EXE | Added by the SDBOT-KW WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System% | No |
| X | Configuration Loader | svchost.exe | Added by the PARADROP-AI WORM! Note - this is not the legitimate svchost.exe process which should not normally figure in Msconfig/Startup! | No |
| X | Configuration Loader | wincore.exe | Added by the SDBOT.BHE WORM! | No |
| X | Configuration Loader | configldr.exe | Added by the AGOBOT-PP TROJAN! | No |
| X | Configuration Loader | ahnhst.exe | Added by the AGOBOT.MX WORM! | No |
| X | Configuration Loader | ntdm.exe | Added by the AGOBOT.RV WORM! | No |
| X | Configuration Loader | msnmsgr.exe | Added by the SDBOT-SO WORM! Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %System% | No |
| X | Configuration Loader | svschost.exe | Added by the SDBOT-NS WORM! | No |
| X | Configuration Loader | wump.exe | Added by the AGOBOT-BU BACKDOOR! | No |
| X | Configuration Loader | WinSys32ys.exe | Added by the SDBOT.BCS WORM! | No |
| X | Configuration Loader | cvcd.exe | Added by the AGOBOT-DH BACKDOOR! | No |
| X | Configuration Loader | asnclt32.exe | Added by the AGOBOT-EB BACKDOOR! | No |
| X | Configuration Loader | soundconf.exe | Added by the AGOBOT-MH WORM! | No |
| X | Configuration Loader | win32exec.exe | Added by the SDBOT-LA WORM! | No |
| X | Configuration Loader | mservs.exe | Added by the SDBOT-NM WORM! | No |
| X | Configuration Loader | update.exe | Added by the SDBOT-OS WORM! | No |
| X | Configuration Loader | FILENAME.EXE | Added by the AGOBOT-DQ WORM! | No |
| X | Configuration Loader | explore.exe | Added by the GAOBOT.GW WORM! | No |
| X | Configuration Loader | msgfixy.exe | Added by the SLINBOT.QW BACKDOOR! | No |
| X | Configuration Loader Service | Winsys32.exe | Added by the RBOT-YV WORM! | No |
| X | Configuration Loader Service | devl32.exe | Added by the SDBOT-XY WORM! | No |
| X | Configuration Loader10 | ip7.exe | Added by the AGOBOT-ANZ WORM! | No |
| X | Configuration Loading | svchos1.exe | Added by the GAOBOT.DK WORM! | No |
| X | Configuration Loading | configldr.exe | Added by the AGOBOT-EC WORM! | No |
| X | Configuration Loading Service | wscel.exe | Added by the SDBOT-WJ WORM! | No |
| X | Configuration Loadr | iexplore.exee | Added by an unidentified WORM or TROJAN! | No |
| X | Configuration Manager | CNFGLD32.EXE | Added by the SDBOT TROJAN! | No |
| X | Configuration Manager | Cnfgldr.exe | Added by the SDBOT TROJAN! | No |
| X | Configuration Manager | cfg32.exe | BookedSpace parasite. Note - the "cfg32.exe" file is located in %Windir% | No |
| X | Configuration Servecie | sewins.exe | Added by the SDBOT-COH WORM! | No |
| X | Configuration Service | suchost.exe | Added by the TREB TROJAN! | No |
| X | Configuration Services | mswords.exe | Added by the SDBOT-YM WORM! | No |
| N | Configuration Utility | CONFIG.EXE | Controls linksys wireless connection. Available from the Desktop | No |
| U | Configuration Utility | wlanutil.exe | NetGear Wireless LAN configuration utility for the MA311 802.11b (and maybe other cards) | No |
| X | Configuration Wizard | Cfgwiz32.exe | Added by a variant of the HACKTACK TROJAN! Not to be confused with the legitimate MS "ISDN Configuration Wizard" (Cfgwiz32.exe) | No |
| X | Configuration32 Loader32 | winamp32.exe | Added by the SDBOT-BIC WORM! | No |
| X | Configurations Asclt | asclt.exe | Added by the SDBOT-MX WORM! | No |
| U | ConfigUtility | ConfigUtility.exe | Wireless management utility for the HWC54G Hi-Speed Wireless-G CardBus Card from Hawking Technologies, Inc | No |
| X | ConfigVir | services.exe | Added by the AUTORUN-DV WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ~A~m~B~u~R~a~D~u~L~ subfolder | No |
| X | ConfLoader | sysconf16.exe | Added by the SDBOT-FB TROJAN! | No |
| N | Conmgr | conmgr.exe | Starts Winfax pro at startup | No |
| U | ConMgr.exe | conmgr.exe | Connection Manager as used by Earthlink and others. If you need this to ensure a proper connection but don't want to connect at startup try creating your own shortcut | No |
| X | conmswf | conrnbne.exe | Added by the SDBOT-DEX WORM! | No |
| U | Connect Kasamba | Kasamba.exe | "Finding the expert help that you need is easy on Kasamba. With more than 30,000 registered experts in over 600 categories to choose from, chances are, we`ll have just the right professional in the exact area of expertise that you need" | No |
| X | Connect2Party | connect2party.exe | Adult content dialler | No |
| U | Connection Keeper | ConKeepM.exe | "Connection Keeper is an invaluable time-saving tool for dial-up users. This free program simulates Internet browsing (at a random interval) to prevent your connection from appearing idle, thus preventing your ISP from dropping your connection due to inactivity" | No |
| N | Connection Manager | CManager.exe | SBC Yahoo DSL service connection manager. You can connect from the network connections. Users having problems with this have been advised to uninstall the connection manager via Add/Remove Programs and it won't affect the service | No |
| X | Connectivity Tool | [path to trojan] | Added by the LITEBOT-E TROJAN! | No |
| X | Connector | SYS.EXE | Nunci premium rate dialer | No |
| X | Connector | sms.EXE | Added by the ExDial-B premium rate adult content dialer | No |
| N | CONNECTScheduler | CONNECTScheduler.exe | Scheduler for updating Sony's CONNECT music download service | No |
| X | Cons | consol32.exe | Hijacker - redirects to an adult content portal, where foistware like ISTBar gets stealth installed | No |
| X | conscorr | conscorr.exe | VX2.Transponder parasite updater/installer related | No |
| X | Console de Gerenciamento Microsoft | csrss.exe | Unidentified malware! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "Level4" subfolder | No |
| X | Console de Gerenciamento Microsoft | csrss.exe | Added by the BANCBAN-ET TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "Central de Segurança" subfolder | No |
| U | Consumer Input | ConsumerInput.exe | Consumer Input Toolbar. Opt-in market research monitoring you browsing habits - see the FAQ | No |
| U | Consumer Input Rewarded with MyPoints, Consumer Input | ConsumerInputRewardedwithMyPoints, ConsumerInput.exe | Consumer Input Toolbar. Opt-in market research monitoring you browsing habits - see the FAQ | No |
| U | Consumer Input Rewarded with MyPoints, Consumer Input Update | ConsumerInputRewardedwithMyPoints, ConsumerInputUa.exe | Consumer Input Toolbar. Opt-in market research monitoring you browsing habits - see the FAQ | No |
| ? | Contacte | contacte.exe | Some kind of driver? | No |
| X | Content connector | [random filename].exe | Added by the DIALER-Y TROJAN! Note - uses a random filename and random folders. Usually the folder containing the file is a Temp folder | No |
| X | Content Service | winserv[LETTER].exe | PurityScan adware | No |
| X | ContentDownload | rundll32.exe MSA64CHK.dll,DllMostrar | MatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System% | No |
| X | ContentEraser | GDC.exe | ContentEraser rogue privacy tool - not recommended. A member of the PCPrivacyTool family | No |
| X | ContentService | winservn.exe | PurityScan adware - see here | No |
| X | ContinueInstall | bpsinstall.exe | BrowserAid/BrowserPal foistware | No |
| X | Contraviro | Contraviro.exe | Contraviro rogue security software - not recommended, removal instructions here | No |
| X | ContraVirus | ContraVirusPro.exe | ContraVirus rogue security software - not recommended, removal instructions here | No |
| X | ContraVirus | ContraVirus.exe | ContraVirus rogue security software - not recommended, removal instructions here | No |
| X | Control | rundll32.exe ctrlpan.dll, Restore ControlPanel | CoolWebSearch Msconfd parasite variant | No |
| U | Control Center | Center.exe | Associated with Hawking Technologies, Inc wireless products. Located in %Program Files%\Hawking\WLAN Card Utilities | No |
| X | Control handler | ***********.exe [* = random char] | CoolWebSearch parasite variant | No |
| X | Control handler | ahjinst.exe | CoolWebSearch parasite variant | No |
| X | Control handler | [10 to 14 random char]THD.EXE | Added by the KREPPER-AI TROJAN! | No |
| N | control panel | smctrlw.exe | System Tray icon for a Silicon Motion LynxEM based PCI Graphics Card | No |
| X | Control Panel | System.exe | Added by the DANI TROJAN! | No |
| X | control panel software service | cprs.exe | Added by the RBOT-FPI WORM! | No |
| X | Controladores | [path to trojan] | Added by the TELEFO-A TROJAN! | No |
| Y | ControlCenter | ctlcntr.exe | Part of Lenovo's (IBM) ThinkVantage Fingerprint Software - used on laptops and keyboards with integrated fingerprint readers | No |
| N | ControlCenter2.0 | brctrcen.exe | Brother scanner 'Control Center' application - can be started manually | No |
| N | ControlCentreTray | XWCTray.exe | System Tray access for the Xerox ControlCentre 2.0 software for their range of printers, copiers, faxes, etc | No |
| X | Controlled Resource System Service | crss.exe | Added by the AGOBOT.GH WORM! | No |
| N | Controller | WFXCTL32.EXE | From Symantec's TalkWorks Pro and WinFax. Appears if you chose to have the program appear in the taskbar (System Tray) during installation and displays a yellow fax/telephone icon. Available via Start -> Programs | No |
| X | ControlPanel | rundll32 internat.dll, LoadKeyboardProfile | CoolWebSearch parasite variant | No |
| X | ControlPanel | host32.exe internat.dll, LoadKeyboardProfile | Added by a vairant of the DELF.DW TROJAN! | No |
| X | ControlPanel | cmd32.exe internat.dll,LoadKeyboardProfile | Added by the DLOADER-HF TROJAN. Note - the "cmd32.exe" file is found in %System% | No |
| X | ControlPanel | systemctrl.exe internet.dll, LoadNetworkProfile | Browser hijacker, also detected as STARTPA-FX | No |
| X | ControlPanel | [path to executable] internat.dll,LoadKeyboardProfile | Added by the BIZVES-A TROJAN! | No |
| X | ControlPanel | popcorn.exe internat.dll, LoadKeyboardProfile | Added by the BIZVES-B TROJAN! | No |
| X | ControlPanel | popcorn64.exe rundll.dll, LoadMouseProfile | Added by the DLOADER-OI TROJAN! | No |
| X | ControlPanel | popcorn72.exe rundll.dll, LoadMouseProfile | Added by the DLOADER-RA TROJAN! | No |
| X | ControlPanel | svcc.exe internat.dll,LoadKeyboardProfile | WorldSearch adware - re-directing searches to "world-search.biz". Note - the "private.exe" file is found in %System% | No |
| X | ControlPanel | popcorn320.exe rundll.dll, LoadMouseProfile | Added by a variant of the DLOADER-RA TROJAN! | No |
| X | ControlPanel | private.exe internat.dll,LoadMouseCarpetProfile | Added by the CLICKER-AZ TROJAN! Creates the files sdfff, fdsf and zxczxc. In %System% creates the files d.exe, s.exe and r.exe. Note - the "private.exe" file is found in %System% | No |
| X | ControlPanel | twink64.exe internat.dll,LoadKeyboardProfile | Added by the DLOADER-BW TROJAN. Note - the "twink64.exe" file is found in %System% | No |
| X | ControlServiceMgr | csmsv.exe | Added by the AGENT-XC TROJAN! | No |
| U | Cookie Cop 2 | CookieCop.exe | Cookie Cop 2 from PC Magazine - cookie manager. Allows you to decide which internet sites can add "cookies" related to their sites for the next time you return | No |
| U | Cookie Pal | CPBRWTCH.EXE | Kookaburra Software's Cookie Pal cookie manager. Allows you to decide which internet sites can add "cookies" related to their sites for the next time you return | No |
| U | CookieJar | Cookiejar.exe | Cookie Jar cookie manager from Jason's Toolbox. Allows you to decide which internet sites can add "cookies" related to their sites for the next time you return. No longer being actively supported | No |
| U | CookiePatrol | CookiePatrol.exe | CookiePatrol - cookie interceptor stopping spyware cookies that used to be part of PestPatrol before CA's aquisition | No |
| U | CookieWall | cookie.exe | CookieWall from Analog X. Allows you to decide which internet sites can add "cookies" related to their sites for the next time you return | No |
| X | cookw | cookw.exe | Part of the ErrClean rogue system error and cleaning utility - not recommended. See here | No |
| U | Cool Desk | cdesk.exe | Cool Desk is a virtual desktops manager. "Ever you wished to have several screens on your computer? Cool Desk creates up to 9 virtual desktops and offers you to have different windows on each of them". Not required but may be of use to you | No |
| X | CoolDownloads | rundll32.exe MSA64CHK.dll,DllMostrar | MatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System% | No |
| U | CoolMon | CoolMon.exe | "CoolMon monitors vital system stats and almost anything else you wish to display on the desktop" | No |
| X | CoolMP3 | rundll32.exe MSA64CHK.dll,DllMostrar | MatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System% | No |
| U | CoolSwitch | taskswitch.exe | ALT+TAB replacement Powertoy for Windows XP - enhances the graphics displayed when you want to switch between programs running full-screen | No |
| N | Coolwallpaper | cwm_tray.exe | Cool Wallpaper software allows you to manage high quality photos as desktop wallpaper and screen savers | No |
| X | coolwebprogram | clrssn.exe | CoolWebSearch Smartsearch parasite variant | No |
| N | Copernic Desktop Search | DesktopSearch.exe | Copernic Desktop Search - "Easily search your entire hard drive in less than a second to pinpoint the right file, e-mail, music or pictures" | No |
| U | Copernic Desktop Search 2 | DesktopSearchService.exe | Copernic Desktop Search - search agent | No |
| U | CopernicPerUserTaskMgr | CopernicPerUserTaskMgr.exe | Automatic tasking feature of Copernic Pro multi-search engine tool | No |
| Y | Copperhead | razerhid.exe | Razer Copperhead mouse driver | No |
| U | Copy handler | Copy Handler.exe | Copy Handler lets you copy between hard disks, floppies, local networks, CDs, and many other storage media. Copy Handler gives you the power to pause, resume, restart, and cancel during the copying and moving processes | No |
| N | Copyright | mwcpyrt.exe | Displays copyright information on IBM ThinkPads | No |
| X | Core Process Aplication | ccapl.exe | Added by the QHOSTS.G TROJAN! | No |
| X | Core Process Aplication x16 | ccapl16.exe | Added by the SPYBOT.AFT WORM! | No |
| X | Core Process Aplication x32 | ccapl32.exe | Added by the SRAMLER.E TROJAN! | No |
| X | Core System Hardware | syscorehd.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| U | CoreCenter | CoreCenter.exe | MSI Core Center - motherboard utility for monitoring CPU speed, voltages, temperatures and fans speeds as well as overclocking | No |
| U | CoreCenter | CORECE~1.EXE | MSI Core Center - motherboard utility for monitoring CPU speed, voltages, temperatures and fans speeds as well as overclocking | No |
| X | Coreguard Antivirus 2009 | Coreguard 2009.exe | Coreguard Antivirus 2009 rogue security software - not recommended, removal instructions here | No |
| N | Corel Colleagues & Contacts Reminders | cffrem.exe | Corel Colleagues & Contracts - all-in-one organizer for scheduling meetings, maintaining addresses, etc. Part of the now defunct Corel Print Office | No |
| N | Corel Desktop Application Director | dadx.exe | The Desktop Application Director (DAD) gives you easy access to all Corel applications - x represents ther version number. Available via Start -> Programs | No |
| N | Corel Family & Friends reminders | CFFREM.EXE | Corel Family & Friends - all-in-one calender, address book and list manager. Part of the now defunct Corel Print House Magic | No |
| N | Corel Photo Downloader | MediaDetect.exe | Related to Corel Photo Album | No |
| N | Corel Registration | Remind32.exe | If you don't want to register Corel products and be reminded about it every 2 weeks disable it | No |
| N | Corel Registration Reminder | Remind32.exe | If you don't want to register Corel products and be reminded about it every 2 weeks disable it | No |
| N | Corel Reminder | NAVBROWSER.EXE | If you don't want to register Corel products and be reminded about it every 2 weeks disable it | No |
| N | Corel Reminder | NAVBrowser.exe | Registration reminder for CorelDRAW 10 | No |
| N | CorelCENTRAL 10 | I_26dadCC.exe | CorelCENTRAL 10 - personal information manager (PIM). Supplied as part of Corel WordPerfect Office 2002. Available via Start -> Programs | No |
| X | CorelDraw Toolbox | CorelDraw.exe | Added by the SDBOT-VZ WORM! | No |
| N | CorelMedia FoldersIndexer8 | MFindexer.exe | Part of CorelDraw bundles for indexing media files - similar to "fast find" in MS Office | No |
| N | CorelMedia FoldersIndexer8 | MFINDE~1.EXE | Part of CorelDraw bundles for indexing media files - similar to "fast find" in MS Office | No |
| X | CoreSrv | coresrv.exe | Some IRC trojans/worms use this - see here for more information | No |
| ? | CORESYS | coresys.exe | ?? | No |
| X | Corporate Microsoft Update | uptask.exe | Added by the RBOT-GVB WORM! | No |
| N | CorrectConnect | CConnect.exe | Broadband ISP diagnostic tool - as used by NTL and Cox Communications. Shortcut available | No |
| X | cosine | cosine.exe | Added by the RBOT-SW WORM! | No |
| U | CostAware | niIPCApp.exe | NetInternals CostAware - download quota measuring tool | No |
| X | Counterstrike Service Agent | czrzns.exe | Added by the MEDBOT.AR WORM! | No |
| N | Country Select | pctptt.exe | Country selection for a PCtel HSP56 based modem. Often found in OEM (Dell,Compaq, HP, etc) systems for their modems included on the motherboard or as a separate card. Once you've set the modem up to the chosen country it's not required | No |
| N | CountrySelection | pctptt.exe | Country selection for a PCtel HSP56 based modem. Often found in OEM (Dell,Compaq, HP, etc) systems for their modems included on the motherboard or as a separate card. Once you've set the modem up to the chosen country it's not required | No |
| ? | Coupon Offers | ?? | ?? | No |
| X | couponica | couponica.exe | Adware - see here | No |
| ? | CP | CopyProtectionNotifier.exe | Related to Emuzed Systems and Middleware. Comes included with Windows XP Media Edition | No |
| U | CP32NOT | CP32BTN.EXE | For the programmable "one-touch" buttons on HP laptops (and others?). Safe to disable if you don't use these buttons | No |
| U | CP4HPOT | OneTouch.EXE | One Touch keyboard driver. Required if you use the additional keys | No |
| N | CP888M1 | CP888M1.EXE | Related to EZbutton quick launcher for the Media player app that comes with certain laptops | No |
| ? | CPA9P2PSERVER | CPA9P2PS.exe | Found on a Compaq Presario but what is it? | No |
| X | cpanel | winlogin32.exe | Added by the RBOT-FOY WORM! | No |
| U | CPATR10 | CPATR10.EXE | Dritek/Compal ATR10 Easy Button driver. Used on certain laptops (e.g. Toshiba, Compaq) to translate special hotkeys such as Play/Pause and Constrast | No |
| U | CPBrWtch | CPBrWtch.exe | Kookaburra Software's Cookie Pal cookie manager. Allows you to decide which internet sites can add "cookies" related to their sites for the next time you return | No |
| X | CPCmscl0ck | CPCmsclock.ExE | Added by the IRCFLOOD.BF TROJAN! | No |
| Y | CPD_EXE | CPD.EXE | Firewall bundled with McAfee VirusScan 6.* | No |
| X | cpl | deamon.exe | Added by the TACTSLAY.C TROJAN! | No |
| X | cpl | msgaol.exe | Added by the TACTSLAY.C TROJAN! | No |
| X | cpl | s_menu.exe | Added by the TACTSLAY.C TROJAN! | No |
| X | cpl | browse.exe | Added by the TACTSLAY.C TROJAN! | No |
| N | CplBTQ00 | CplBTQ00.EXE | Related to EZbutton quick launcher for the Media player app that comes with certain laptops | No |
| N | CPLDBL10 | CPLDBL10.exe | Related to EZbutton quick launcher for the Media player app that comes with certain laptops | No |
| X | cpntmgc | wincomp.exe | Added by the WINTRIM.A TROJAN! | No |
| X | cpntmgc | simcss.exe | Added by the MAGICON.A TROJAN! | No |
| X | cpntmgc | navpmc.exe | Added by the SIMCSS TROJAN! | No |
| X | cpntmgc | winmgts.exe | Added by the WINTRIM-B TROJAN! | No |
| ? | CPortPatch | cppatch.exe | CPortPatch is a utility is required for Dell laptops that are using a docking station. Is it needed though? | No |
| Y | CPQAcDc | CPQAcDc.exe | Compaq PowerCon power management software for laptops | No |
| U | CPQAlert | CPQAlert.exe | Compaq's Insight Manager Agent - a tool that allows for "fault, performance, and configuration management". Recommended for corporate users only. It's best removed if installed but not wanted, rather than disabled at startup. See here for more information | No |
| N | CPQBootPerfDB | CPQBootPerfDB.EXE | See the entry for Compaq Message Server | No |
| Y | CPQCalib | CPQCalib.exe | Compaq PowerCon power management software for laptops | No |
| N | CPQDFWAG | CpqDfwAg.exe | For Compaq PC's. Runs Compaq diagnostics on every boot | No |
| U | CPQEASYACC | cpqeadm.exe | For Compaq PC's. Allows the use of programmable keys on mulimedia keyboards. Required if you use the additional keys | No |
| U | CPQEASYACC | StartEAK.exe | Easy Access Button Support for Compaq PCs. Allows the use of programmable keys on multimedia keyboards. Required if you use the additional keys | No |
| U | CPQEASYACC | STARTDRV.exe | For Compaq PC's. Allows the use of programmable keys on mulimedia keyboards. Required if you use the additional keys | No |
| U | cpqeaui | cpqeaui.exe | For Compaq PC's. Allows the use of programmable keys on mulimedia keyboards. Required if you use the additional keys | No |
| U | cpqek | kcpqek.exe | For Compaq PC's. Easy Access button support for the keyboard | No |
| X | CPQHotKeys | hotkeysvc.exe | Added by the RBOT-XA WORM! | No |
| U | CPQInet Runtime Service | CpqInet.exe | For Compaq PC's. Allows AOL and Compuserve to use the Easy Access buttons for the internet. Is not required if you don't use the ISP providers | No |
| N | CPQINKAGENT | cpqinkag.exe | That is the Compaq Ink Agent for some inkjet printers, it lets users know when their ink cartridges are getting close to empty (by how many pages they have printed) | No |
| U | cpqns | cpqnpcss.exe | Related to Compaq.Net - not required if you don't use that | No |
| N | Cpqset | Cpqset.exe | Default settings software in Hewlett Packard notebook | No |
| Y | CPQSTUTFIX | stutfix.exe | For Compaq PC's. Fixes audio stutter problems for ESS Maestro soundcards. You can download it here. This is a Compaq originated file and has been verified as free from viruses by McAfree/Norton | No |
| U | CPQTEAM | cpqteam.exe | This program is bundled with HP servers. When loaded a system tray icon will be available that launches the HP Network Configuration Tool | No |
| X | cpr | cpr | Adroar.com adware downloader | No |
| X | cprocsvc | cproc.exe | Added by MSIL.AGENT.C TROJAN! | No |
| U | Cpu Level Up help | CpuLevelUpHelp.exe | Included with some ASUS motherboards (such as the Maximus Extreme & Striker II Extreme), "the CPU Level Up application allows you to overclock immediately with OC profile presets in Windows without the hassle of booting the BIOS." Part of AI Suite | No |
| X | CPU Manager | cpumgr.exe | Added by the PANDEM.B WORM! | No |
| U | CPU Power Monitor | CpuPowerMonitor.exe | Included with some ASUS motherboards (such as the Maximus Extreme & Striker II Extreme). Associated with the "Energy Saving" feature of AI Gear - which "is a utility designed to configure and support all ASUS EPU (Energy Processing Unit) features." Part of AI Suite | No |
| X | CPU Temp Control | wuitgurd.exe | Added by the RBOT-AHV WORM! | No |
| X | CPU Watcher | rundll32.exe cpu.dll,load | Added by the DLOADER-LO TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "cpu.dll" file is located in %Windir% | No |
| X | CPU Windows Status | cpustats.exe | Added by a variant of the RBOT WORM! | No |
| U | CPUcool | Cpucool.exe | Program to keep the processor cool when idle in "overclocked" systems. Also available via Start -> Settings -> Control Panel | No |
| N | CPUMon | CPUMon.exe | "CPUMon continuously displays the updated system statistics in a floating window as well as in system tray area" | No |
| X | Cpusave | Cpusave.exe | Added by the GEMA TROJAN! | No |
| X | Cpusave32 | Cpusave32.exe | Added by the GEMA TROJAN! | No |
| X | CPVHOST Settings | cpvhost.exe | Added by a variant of the SDBOT TROJAN! | No |
| X | cpyt | hidep.exe | Added by the MIRJACK-A TROJAN! | No |
| X | cqlyg | world_cup_.bat | Added by the WCUP.A WORM! | No |
| ? | CQSCP2P SERVER | ?? | "Compaq printer utility which is required in the startup menu in order to make the printer work correctly". Personally I doubt whether it is actually needed | No |
| ? | CQSCP2PS | ?? | "Compaq printer utility which is required in the startup menu in order to make the printer work correctly". Personally I doubt whether it is actually needed | No |
| X | Cr**.exe [* = random char] | Cr**.exe [* = random char] | CoolWebSearch/HomeSearch adware - for examples, see this log | No |
| X | Cr**32.exe [* = random char] | Cr**32.exe [* = random char] | CoolWebSearch/HomeSearch adware - for examples, see this log | No |
| U | cracked_windows1 | cracked_windows1.exe | Cracked Windows popup killer | No |
| X | crash0001 | restorecrashwin32.bat | Added by the AGENT-ZC TROJAN! | No |
| X | CrashDump | [path to trojan] | Added by the DROPPER.EAT TROJAN! | No |
| N | CrazyTalk Serve | rundll32.exe CrazyTalk.dll, DIIServeMediaFile | CrazyTalk from Reallusion - "the worlds only facial animation tool that gives you the power to create talking animated images from a single photograph, complete with emotions." Can apparently be installed without your knowledge as well as being a legitimate download in it's own right from sites such as TUCOWS | No |
| U | CRBroadCasting | CRBroadCasting.exe | CardReader2 from On Track Inovations Ltd. USB Card Reader | No |
| X | CRC Value Verifier | crsss32.exe | Added by a variant of the RBOT WORM! | No |
| X | CRC Value Verifier | Crsss64.exe | Added by the RBOT-NY WORM! | No |
| X | CRC Value Verifier | svchost32.exe | Added by the RBOT-OA WORM! | No |
| X | CRC Value Verifier | crsss.exe | Added by the SPYBOT.UK WORM! | No |
| X | Crc32stats Dependencies | Crc32stats.exe | Added by the MYTOB.GT WORM! | No |
| X | CRCSS | crcss.exe | Added by the IRCBOT-TH WORM! | No |
| U | Creata Mail | JMSrvr.exe | Creata_Mail. Smileys, stationary and more for you email. Required if you want to access the program from Outlook or Outlook Express | No |
| X | Create A Monster | createAMonster.exe | Kudd.com CreateAMonster. Reportedly stealth installed and Look2Me adware related | No |
| N | CreateCD | Createcd.exe | Adaptec Easy CD Creator system tray application (pre version 5). Available via Start -> Programs | No |
| N | CreateCD50 | Createcd50.exe | Adaptec Easy CD Creator version 5 system tray application. Available via Start -> Programs | No |
| X | Creates stractures for system management | stacture.exe | Added by the SDBOT-DHS WORM! | No |
| N | Creative AGP Wizard | agpwiz.exe | Part of Creative's BlasterControl | No |
| X | Creative Audio Drivers | creative.exe | Added by the RBOT-FKR WORM! | No |
| N | Creative Detector | CTDetect.exe | Auto-detect and play a DVD when using a Creative Soundblaster Audigy2 soundcard. Uses about 2.2 MB of memory. Disable it by heading to the MediaSource DVD Audio Player, selecting Tools, then uncheck the Auto Start box. It should not start up automatically again | No |
| N | Creative Launcher | CTLauncher.exe | For Creative Soundblaster Live! series soundcards. Adds a quick-launch bar to the top of the display and a System Tray icon. Available via Start -> Programs | No |
| U | Creative Live! Cam Manager | CTLCMgr.exe | Creative Live! Cam Manager | No |
| U | Creative MediaSource Go | CTCMSGo.exe | Creative MediaSource Go! is a combination of a short-cut bar and launcher for the Creative MediaSource™ player/organizer - which "enables you to manage your entire digital music collection on both your computer and your Creative portable music player effortlessly" | No |
| U | Creative MediaSource Go | CTCMSGoU.exe | Creative MediaSource Go! is a combination of a short-cut bar and launcher for the Creative MediaSource™ player/organizer - which "enables you to manage your entire digital music collection on both your computer and your Creative portable music player effortlessly" | No |
| N | Creative PCI Audio Configuration Utility | starter.exe | System Tray icon to configure a Creative Soundblaster PCI soundcard. Not required and re-instates itself when un-checked. Try one of the solutions on this special page. Similar to EnsoniqMixer | No |
| N | Creative Software Update | AutoUpdate.exe | Auto-updater for Creative Labs software | No |
| N | Creative WebCam Tray | Camtray.exe | Creative WebCam tray control - can be started manually | No |
| X | Creative.exe | Creative.exe | Added by the PROLIN WORM! | No |
| N | CreativeDiscNotifier | CTNOTIFY.EXE | For Creative Soundblaster Live! series soundcards. Detects when you insert a CD-ROM, DVD-ROM, etc. Available via Start -> Settings -> Control Panel | No |
| U | CreativeMixer | CTMIX32.EXE | Creative soundcard System Tray access to, for example, volume slider controls as normally provided by the "speaker" icon. Not required unless you adjust any settings otherwise available via the standard icon | No |
| ? | CreativeTaskScheduler | CTSched.exe | Creative Task Scheduler. What does it do and is it required? | No |
| X | Critical Error Safe32 | GetWaylayer32.exe | Added by the RBOT.IAL WORM! | No |
| X | Critical Update Check | battlenet.exe | Added by the DELF-LB TROJAN! | No |
| N | CriticalUpdate | Wucrtupd.exe | MS Windows Critical Update Notification. If you want to keep Windows up-to-date, check the Windows Update site | No |
| X | CriticalUpdate | wucrtupd.exe | Added by the NOALA.B WORM! Note - this file is located in the Windows or Winnt folder, and must not be confused with the legitimate Windows process of the same name as described here | No |
| X | crmssrlt | [random filename] | Added by a variant of the SLAPER TROJAN! | No |
| X | Crnsava | scrnsave.pif | Added by the SDBOT-ZV WORM! | No |
| X | cronos | MARCO!.SCR | Added by the OPASERV.G WORM! | No |
| X | CrossMenu | CrossMenu | Toshiba CrossMenu Utility - allows the user to create their own menus | No |
| U | CrossMenu | CrossMenu.exe | Toshiba CrossMenu Utility - allows the user to create their own menus | No |
| X | CRP386 Networking | crp386.exe | Added by the IRCBOT.N TROJAN! | No |
| X | crs | crs.exe | Added by the AGOBOT-TJ WORM! | No |
| X | crsmons | iomssls.exe | Added by the BACKDR-AU TROJAN! | No |
| X | CRSS | CRSS.exe | Added by the AGOBOT-RM WORM! | No |
| X | CRSS | lssas.exe | Added by an unidentified WORM or TROJAN! | No |
| X | crsss | crsss.exe | Added by the AUTORUN.FM WORM! | No |
| X | CRSSXP SysInfo | crssxp.exe | Added by a variant of the SDBOT TROJAN! | No |
| X | Crusty | dmcpl.exe | Added by the RUSTY WORM! | No |
| X | cryptdlg | cryptdlg.exe | Added by an unidentified TROJAN! | No |
| U | cryptoexpert | cexpert.exe | CryptoExpert from SecureAction Research. Advanced on the fly encryption system | No |
| X | Cryptographic Service | ******.exe [* = random char] | Added by the KORGO.W or KORGO.X or KORGO.AB WORMS! | No |
| ? | Crystal 3D Audio Control | CWD3DSND.EXE | Crystal 3D Audio sound driver. Is it required? | No |
| X | CS | tsc.exe | Cyber Security rogue security software - not recommended, removal instructions here | No |
| X | CS Update | copy /Y [path] ActivationManager.dll.upd [path] ActivationManager.dll | Added by an unidentified malware | No |
| N | csaRem | spqmdmui.exe | Compaq modem country selection | No |
| Y | CSAV_CheckViruses | vchk.exe | Command Antivirus related | No |
| U | csc | csc.exe | Command line compiler for Microsoft C# it gets installed with the .NET SDK | No |
| X | cscripts | cscripts.exe | Added by the BDOOR-AAP BACKDOOR! | No |
| X | CSCRS Value | cscrs.exe | Added by the RBOT-AAA WORM! | No |
| X | CSCRS Value Check | MsPMSPSd.exe | Added by a variant of the SDBOT WORM! | No |
| X | Csec | cs.exe | Cyber Security rogue security software - not recommended, removal instructions here | No |
| N | csecwiz | csecwiz.exe | Setup wizard for the Client Security Software for IBM\Lenovo notebooks. This entry only runs once, after the software has been installed and the notebook rebooted for the first time. If the wizard isn't completed a shortcut is available via the Start menu until it is | No |
| X | cserv32 | cserv32.exe | Added by the STRATION.EC WORM! | No |
| X | CsimPlayer | CsimPlayer.exe | Added by the KOOBFACE-AD WORM! | No |
| U | CSINJECT.EXE | CSINJECT.EXE | Part of Quarterdeck/Norton CleanSweep. "Csinject must be loaded in order for Smart Sweep to automatically monitor installations and properly track registry changes" | No |
| X | csm Win Updates | csm.exe | Added by the ZOTOB.B WORM! | No |
| X | CSNetManagerXp | isass.exe | Added by the HIDER-O TROJAN! | No |
| X | csoftok | softok.exe | Added by the QQPASS.G TROJAN! | No |
| X | csos | csos.exe | Added by the SDBOT-DFE WORM! | No |
| X | csrcs | csrcs.exe | Added by the AGENT-HUA TROJAN! | No |
| X | csrs | csrs.exe | Added by the GAOBOT.GEN!POLY WORM! | No |
| X | csrsc | csrsc.exe | Added by an unidentified VIRUS, WORM or TROJAN! | No |
| X | CSRSS | CSRSS.EXE | Search page hijacker, redirecting to h**p://www.search-aide.com/. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! | No |
| X | Csrss | csrss.exe | Added by the CHOD WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a random subfolder | No |
| X | csrss | csrss.exe | Added by the KEYLOG-AQ KEYLOGGER! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | csrss | csrss.exe | Added by the CHODE-J WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a random subfolder | No |
| X | csrss | msmsgs.exe | Added by the CHODE-J BACKDOOR! Note - this malware uses MSN Messenger (which is located in %Program Files%\Messenger) in the background to propogate itself | No |
| X | csrss | nwiz.exe | Added by the CHODE-J WORM! | No |
| U | csrss | csrss.exe | BeyondKeylog surveillance software. Uninstall this software unless you put it there yourself. Note - this is not the same file as the csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %ProgramFiles%\Supremtec | No |
| X | Csrss | CSRSS.EXE | Added by the PUNYA-B WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in C:\Documents and Settings\Administrator\Local Settings\Application Data\WINDOWS | No |
| X | csrss | ssms.exe | Added by an unidentified malware | No |
| X | Csrss Host | csrhost.exe | Added by the IRCBOT.BIZ WORM! | No |
| X | CSRSS Loader | csrsss.exe | Added by the AGOBOT.TX WORM! | No |
| X | csrss.exe | csrss.exe | Added by the DALBUG WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | csrssLevel4 | csrss.exe | Unidentified malware! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "Level4" subfolder | No |
| X | CSRSSU | CSRSSU.exe | CoolWebSearch parasite variant - hijacking to Slawsearch.com. Also detected as the CWS-E TROJAN! | No |
| X | CSRSSW | CSRSSW.EXE | Added by the CWS-F TROJAN! | No |
| X | CSRSWIN | [trojan filename] | Added by the WINSHELL.50 TROJAN! | No |
| X | CSRSX | [trojan filename] | Added by the WINSHELL.50.B TROJAN! | No |
| X | csrvss | csrvss.exe | Added by a variant of the SDBOT TROJAN! | No |
| U | CSS Server | CSSServer.exe | ComSpySysSvr surveillance software. Uninstall this software unless you put it there yourself | No |
| N | cssauth | cssauth.exe | Part of Thinkvantage Client Security Solution for Lenovo ThinkPad notebooks and ThinkCentre desktops. Once configured via the associated setup screens this loads via winlogon.exe (and loads the password manager) and therefore disabling this entry has no effect | Yes |
| ? | cssauthe | cssauthe.exe | Part of the Client Security Solution on an IBM ThinkVantage (now Lenovo) PC - "a suite of ThinkVantage Technology tools designed to help protect access to your computer operating system and your sensitive data. The Client Security Solution integrates the hardware protection of its embedded chip with the protection afforded by its secure software." What does this do and is it required?" | No |
| Y | CSScheduleCheck | SCHWIZEX.EXE | Part of ConfigSafe - lets you identify changes to the registry, INI files, System asset files, system hardware, network connections, and operating system versions - provides a restore function. This part takes a snapshot of your system following a healthy re-boot | No |
| X | cssrs | cssrs.exe | Added by the BANCBAN-DW TROJAN! | No |
| X | cssrss.exe | cssrss.exe | Malware installed by different rogue security software including SpyKillerPro | No |
| X | csss | Csss.exe | Added by the BALICK TROJAN! | No |
| U | CSS_Central | CSS_1631.EXE | CSS Communication Agent (95 Host) from Command Software Systems (now Authentium). "CSS Central™ provides administrators with a powerfully proactive tool to effectively manage and maintain the anti-virus strategy from a centralized console" | No |
| X | CSV10P1 | CSP001.exe | ClearSearch adware | No |
| X | CSV10P70 | CSv10P070.exe | ClearSearch adware | No |
| X | CSV7P26 | CSV7P26.exe | ClearSearch adware | No |
| X | CSV7P70 | CSV7P070.exe | ClearSearch adware | No |
| X | CSV7P91 | CSV7P91.exe | ClearSearch adware | No |
| U | csvdea | csvdea.exe | SpyArsenalLog surveillance software. Uninstall this software unless you put it there yourself | No |
| X | csvhost.exe | csvhost.exe | Added by the CIMUZ-BD TROJAN! | No |
| Y | ct | ct.exe | ct.exe is a file is for the HP Learning Adventure software and if you use this software it is required to run it | No |
| X | CT Control Settings | CTSVCCD.EXE | Added by the RBOT-YS WORM! | No |
| U | CTAPR2 | CTAPR2.exe | Console Launcher for the Creative Sound Blaster X-Fi series | No |
| N | CTAVTray | CTAvTray.exe | For Creative Soundblaster Live! series soundcards. Plays the EAX animation on start-up and adds a System Tray icon for it. Available via AudioHQ | No |
| U | CTCheck | CTCheck.exe | Associated with the ZEN range of MP3 players from Creative Technology Ltd. A visitor recommended the "U" status but what does it do? | No |
| U | CTCMonitor | CTCMonitor.exe | Click-to-Convert - document-to-HTML or doc-to-PDF converter. Only required if you are going to use the File -> Print method of using Click-to-Convert. If converting directly from MS Office, it is not required | No |
| X | CTDrive | rundll32.exe drvmod.dll | Added by a variant of the OP DIALER! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "drvmod.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| N | CTDVDDet | CTDVDDet.exe | Auto-detect and play a DVD when using a Creative Soundblaster Audigy2 soundcard. Uses about 2.2 MB of memory. Disable it by heading to the MediaSource DVD Audio Player, selecting Tools, then uncheck the Auto Start box. It should not start up automatically again | No |
| X | CTF Device Loader | ctfmond.exe | Added by the AGOBOT-FO WORM! | No |
| X | ctf.exe | ctf.exe | Added by a variant of the BIFROSE TROJAN! | No |
| X | ctflog manager | ctflog.exe | Added by the DONBOMB.A TROJAN! | No |
| X | CTFM0N.exe | CTFM0N.exe | Added by the STARTPAGE.P TROJAN! Notice the digit "0" in both columns rather than the upper case "o" | No |
| X | ctfmom | ctfnom.exe | Added by the BCKDR-QTA BACKDOOR! | No |
| U | ctfmon | ctfmon.exe | Supports multiple languages and alternative method inputs in Windows and MS Office. The language bar is displayed alongside the System Tray if more than one keyboard layout is enabled (for switching input languages) or, for example, if speech is selected as an alternative input for MS Office or Notepad. Required to support advanced text services (such as right to left text) for East Asian users. Can be disabled via Start → Control Panel → Regional and Language Options → Languages → Text Services and Input Languages → Details → Advanced → System Configuration → Turn off advanced text services (which also turns off the language bar). See also here and here. Can also cause problems with some other programs if left enabled - see here for such an example | Yes |
| X | ctfmon | taskmgr32*.exe [* = number] | Added by the SOWSAT.B WORM! | No |
| X | ctfmon | cftmon.exe | Added by the DELIVE-A BACKDOOR! Note - this is not the legitimate ctfmon.exe process associated with alternate text inputs which is always located in %System%. This one is located in %Windir% | No |
| X | ctfmon | mIRC.dll | Added by the DELBOT-E TROJAN! | No |
| X | ctfmon | WinConst.exe | Added by the ASSASIN-G TROJAN! | No |
| U | CTFMon | ctfmon.exe | Family KeyLogger keystroke logger/monitoring program - remove unless you installed it yourself! Note - this is not the legitimate ctfmon.exe process associated with alternate text inputs which is always located in %System%. This one is located in a "CTF" sub-folder | No |
| X | ctfmon | msnmsgr.exe | Added by the BDOOR-JV BACKDOOR! Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %System% | No |
| X | CTFMON | wscript.exe /E:vbs winjpg.jpg | Added by the RUNAUTO.F WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted. The "winjpg.jpg" file is located in %System% | No |
| X | CTFMON | wscript.exe /E:vbs regedit.sys | Added by the VBSAUTO-A WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted. The "regedit.sys" file is located in %System% | No |
| X | CTFMON | win.exe | Added by the VBS.RUNAUTO.G WORM! | No |
| X | Ctfmon | wmisys.exe | Added by the IRCBOT-ADS WORM! | No |
| X | ctfmon | WinUP.exe | Added by the BANKER-VV TROJAN! | No |
| X | CTFMON.CPL | CTFM0N.CMD | Detected by Symantec as the SILLYFDC WORM! See here | No |
| X | Ctfmon.exe | ctfmon32.exe | CoolWebSearch Ctfmon32 parasite variant | No |
| X | ctfmon.exe | ctfmon.exe | Added by the RAIDYS TROJAN! Note - this overwrites the legitimate ctfmon.exe process associated with alternate text inputs which is located in %System% | No |
| X | ctfmon.exe | msupdate32.exe | Spy Sheriff/SpywareNO malware, also detected as the SPYHOAX-A TROJAN, pretends to be a spyware remover! - file names spotted sofar include VXH8JKDQ2.EXE, NS6281400.so, CVXH8JKDQ2.EXE, down3.exe, sefe.exe, winstall.exe, and tool2.exe | No |
| U | ctfmon.exe | ctfmon.exe | Supports multiple languages and alternative method inputs in Windows and MS Office. The language bar is displayed alongside the System Tray if more than one keyboard layout is enabled (for switching input languages) or, for example, if speech is selected as an alternative input for MS Office or Notepad. Required to support advanced text services (such as right to left text) for East Asian users. Can be disabled via Start → Control Panel → Regional and Language Options → Languages → Text Services and Input Languages → Details → Advanced → System Configuration → Turn off advanced text services (which also turns off the language bar). See also here and here. Can also cause problems with some other programs if left enabled - see here for such an example | Yes |
| X | ctfmon.exe | ctfmon.exe eminem.exe | Added by the BHARAT.A WORM! | No |
| X | CTFMON.EXE | svchost.exe | Added by the JUEGO-B WORM! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | CTFMON32 | CTFMON32.EXE | CoolWebSearch Ctfmon32 parasite variant - also detected as the CWS-E TROJAN! | No |
| X | ctfmon32 | [random filename].exe | Added by the RBOT-GSN WORM! | No |
| X | ctfmon32 | taskmgr32*.exe [* = digit] | Added by the SOWSAT.C WORM! | No |
| X | ctfmona | ctfmona.exe | Added by the DLOADR-BME TROJAN! | No |
| X | CTFMONSS | CTFMONSS.EXE | Added by the CWS-F TROJAN! | No |
| X | ctfmun | ctfmun.exe | Added by the AGENT.ACEZ TROJAN! | No |
| X | ctfnnon | ctfmon.exe | Added by the TURKOJAN.IL BACKDOOR! Note - this is not the legitimate ctfmon.exe process associated with alternate text inputs which is always located in %System%. This one is located in %Windir% | No |
| X | ctfnom | rundIl32.exe | Added by the LEGMIR-AW TROJAN! | No |
| X | ctfnom.exe | SVOHOST.exe | Added by the DIGIDOR-A TROJAN! | No |
| X | ctfnom.exe | OSRSS.exe | Added by the DLOADER-UQ TROJAN! | No |
| X | cthelp | cthelp.exe | Added by the SDBOT TROJAN! | No |
| U | CTHELPER | CTHELPER.EXE | CTHELPER is a background task that is a plug-in manager for Creative drivers. The theory is that 3rd party manufacturers can use the CTHELPER plug-in interface to produce drivers, add-on features, and fixes that will integrate with a tighter fit with Creative's sound drivers and utilities. Given its purpose CTHELPER would normally be classified as a "leave alone" background task. It also allows Creative speaker setup to be synchronized with Windows Control Panel speaker setting. Without it running that check box in Creative speaker setting is not functional (settings are not in sync). Unfortunately there are often problems with CTHELPER, most notably that it can use 100% of CPU time so it's best left disabled unless you need it | No |
| X | CTHelper | cthelper.exe | Added by the RBOT-XB WORM! Note - do not confuse with the Creative application of the same name described here | No |
| X | CTHELPER | svhost.exe | Added by the SDBOT-RZ WORM! | No |
| X | CTime | [path to trojan] | Added by the HTTPDOS TROJAN! | No |
| X | CTin10 | CTin10.exe | Added by the BANCOS.E TROJAN! | No |
| X | CtModule | CtModule.exe | Added by the CLICKER-EG TROJAN! | No |
| X | CTMON.EXE | cfmon.exe | Added by the CLCKR-AN TROJAN! | No |
| U | CTNMRUN | ctnmrun.exe | Detects the Creative NOMAD jukebox/MP3 player at the time it is attached to USB and starts the needed application (Creative PlayCentre 2) that you use to copy MP3 files to and from it. This is required if you want PlayCentre 2 to take control of the NOMAD once connected | No |
| ? | CTPDPSRV | CTPDPSRV.EXE | Compaq A3000 printer driver (in the %System%\spool\DRIVERS\W32\X86 folder). Is it required? | No |
| N | CTPerformanceUtility | CTPowUti.exe | Related to Creative PowerSysTrayApp. This program is a non-essential process, but should not be terminated unless suspected to be causing problems | No |
| X | ctpmon | ctpmon.exe | System Registry Cleaner - stealth installed foistware from sysregistry.com | No |
| N | CTRegRun | CTRegRun.exe | For Creative Soundblaster Live! series soundcards. Reminds you to register your card with Creative | No |
| U | CtrlVol | CtrlVol.exe | Volume control key on Acer, Fujitsu and other laptops | No |
| ? | CTSched | CTSched.exe | Creative Task Scheduler. What does it do and is it required? | No |
| N | CTStartup | CTEaxSpl.exe | Splash screen with sound on every boot up. Installed with a Sound Blaster Audigy soundcard | No |
| U | CTSVolFE | CTSVolFE.exe | Creative Labs Mixer applet for the Sound Blaster Audigy | No |
| U | CTSVolFE.exe | CTSVolFE.exe | Creative Labs Mixer applet for the Sound Blaster Audigy | No |
| N | CTSyncU.exe | CTSyncU.exe | Creative Sync Manager - synchronizes music tracks on your computer with your player | No |
| U | CTsysVol | CTSYSVOL.exe | Creative sound card volume controls | No |
| ? | cttdpsrv | cttdpsrv.exe | ?? | No |
| X | CTUpdate | ctupdclt.exe | Added by the RBOT-ABG WORM! | No |
| N | CTxfiHlp | CTXFIHLP.EXE | Added by the installation of a Creative Labs X-Fi sound card. This particular process provides the help functionality for your card | No |
| N | CTXFIREG | CTxfiReg.exe | Creative Labs sound card driver related. It appears that it isn't required and maybe registration related | No |
| X | Ctykd | [path to file] | SMALL.SN spyware | No |
| N | CTZDetec.exe | CTZDetec.exe | Auto-detect feature of Creative Media Lite which assists you in managing your music, ripping CDs and transferring other stored music to your Zen Stone MP3 player | No |
| X | CU1 | VCClient.exe | Associated with the Surf Sidekick adware and should be removed | No |
| X | CU2 | VCMain.exe | Associated with the Surf Sidekick adware and should be removed | No |
| Y | cuagentExe | Cuagent.exe | Command Antivirus related | No |
| X | CueX44 | Dago.exe | Added by the PUNYA-B WORM! | No |
| X | CueX44_stil_here | WINLOGON.EXE | Added by the PUNYA-A WORM! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup! | No |
| X | cuo | cuo.exe | Added by the BUGBEAR.A WORM! | No |
| X | Current Security Config | csecure.exe | Added by the RBOT-AMO WORM! | No |
| X | Current32 | msnpla.exe | Added by the SDBOT-DIS WORM! | No |
| N | CurseClient | CurseClient.exe | CurseClient add-on manager for World of Warcraft and Warhammer Online games | No |
| N | cursor | Screendragon_VS_Taskbar.exe | ScreenDragon video player | No |
| N | CursorXP | CursorXP.exe | CursorXP from Stardock - tool for creating mouse cursors | No |
| U | Curtain | Curtain.exe | Curtain (from Chaotic Visions) - "is a Windows utility which gives you the power to hide any window or group of windows to your system tray" | No |
| U | Customizer2000 | logon.exe | Automatic logon feature of Customizer 2000 - "a special utility which is designed to optimize Win9x/ME performance. The program lets you explore the many hidden settings in Windows, and make changes" | No |
| N | CuteMX | CuteMX.EXE | File sharing utility | No |
| X | Cvfjx | ANACON.EXE | Added by the NACO.A WORM! | No |
| X | cvhnykzx | keepSafe.exe | Added by the KILLAV.KAX TROJAN! | No |
| X | cvmonitor.exe | cvmonitor.exe | Added by the SDBOT.BV WORM! | No |
| X | cvmsyslpd | sdservss.exe | Added by the MAILBOT-BY TROJAN! | No |
| Y | CVPND | cvpnd.exe | Sub-system used by Cisco VPN client for making a connection to a remote IPSec server | No |
| U | CW | cw4.exe | Chat Watch "is a monitoring and logging software for online chat and instant messaging programs" | No |
| U | CWatch | cw.exe | ChatWatch - chat monitoring tool | No |
| N | cwbckver | cwbckver.exe | Part of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. Checks the software version on your PC to that of the iSeries it is connected to. Not required - and can be turned off in the Client Access properties. It's a waste of resources | No |
| N | cwbinhlp | cwbinhlp.exe | Client Access Help Registry Update Function - part of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. It only updates the help files on your PC to match the level of the attached iSeries | No |
| N | cwbsvstr | cwbsvstr.exe | Part of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. Useful if you are going to access the iSeries through Windows Explorer to move files back and forth between Windows folders and iSeries folders. This is a tool that is only used by Client Access administrators (usually) so it is not required - a waste of resources | No |
| ? | cwbwlwiz | cwbwlwiz.exe | Welcome wizard launcher - Part of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. What does it do and is it required? | No |
| ? | Cwcdschk.exe | Cwcdschk.exe | IBM Thinkpad related? | No |
| U | cwcptray | cwcptray.exe | Related to ContentWatch Parental Control internet filter | No |
| X | cwingllib | atllsimm.exe | Added by a variant of the SDBOT WORM! | No |
| X | cwriter | ucookw.exe | Part of the ErrClean rogue system error and cleaning utility and other members of this family. See here for more examples | No |
| U | cwupdate | cwupdate.exe | ContentProtect from ContentWatch - internet filter | No |
| X | cximddl | ldfrmmd.exe | Added by the BUZUS.CQMU TROJAN! | No |
| N | CXMon | Hpi_Monitor.exe | Autodetects when a HP camera is attached to the computer and launches the "HP Photoimaging Software". Available via Start -> Programs | No |
| N | Cyber | cyberchk.exe | Part of Belkins "Multimedia Cleaning Kit" and is automatically installed when you run their optical disk drive cleaning utility - to remind you to clean your drive after "x" amount of time has passed | No |
| U | Cyber Trio | showmode.exe | From G-Tek Technologies. Allows you to set the PC in one of three modes, Standard, Enhanced and Kiddo. Standard is full function, Enhanced prevents accidental damage and Kiddo is a play environment for kids. Pre-installed on some Packard Bell PCs | No |
| U | Cyber-Defender 2003 | uwcdsvr.exe | Cyber Defender 2003 | No |
| N | Cyber-shot Viewer Media Check Tool | SPUVolumeWatcher.exe | Part of the Sony Picture Uility software supplied with Sony Cyber-shot digital cameras. Automatically invokes an import process if the camera is connected and has media on it | No |
| X | cyberfree.exe | ****.dat [* = random char] | Unidentified adware | No |
| U | Cyberhawk | CHTray.exe | Cyberhawk from Novatix. Protects against viruses, spyware, identity theft | No |
| U | CyberLat Ram Cleaner | CLRamCleaner.exe | CyberLat RAM Cleaner - memory optimizer. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mind | No |
| U | CyberLat Ram Cleaner | CyberLat Ram Cleaner 1.1.exe | CyberLat RAM Cleaner - memory optimizer. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mind | No |
| N | Cyberlink PowerCinema 3.0 | PCMService.exe | Part of Cyberlink's PowerCinema - which can be used to watch movies, play music and even watch TV in a central location. Commonly, PC manufacturers will base their own multimedia player/organizer on PowerCinema (such as Dell's Media Experience and Acer's Arcade Deluxe). Disabling this entry will not prevent PowerCinema working and doing so can prevent problems such as the screensaver not starting or a laptop not entering standby/hibernation/sleep-mode | Yes |
| N | CyberMedia Agent | CMAGENT.EXE | Part of CyberMedia's Oil Change program. Not normally required. Note - if you have TextBridge, CyberMedia Agent may attach itself to TextBridge and cause TextBridge to crash everything if this is disabled | No |
| U | CyberPatrolNew | cphq.exe | "CyberPatrol is one of the most powerful and popular client-based, browser independent, Internet safety software solutions for Windows-based standalone PCs available today" | No |
| X | CyberWolf | CyberWolf.exe | Added by the KICKIN.A (or CYDOG.C) WORM! | No |
| X | CyDoor | CD_Load.exe | Adware. Check here for information about Cy-Door and here for a program that can remove it | No |
| X | CydoorUpdate | CD_Load.exe | Adware. Check here for information about Cy-Door and here for a program that can remove it | No |
| ? | CYNHKey | CYNHKey.exe | ?? | No |
| N | CyphTray | CyphTray.exe | Cypherus - encryption software | No |
| U | CypressLinkMon | CypressLinkMon.exe | Related to CypressViewer from Siemens that "allows ACUSON Cypress cardiovascular system PLUS users to store, view, and analyze Cypress system PLUS studies on a standard Windows PC" | No |
| X | D SYSTEM | dd.exe | Added by the MYTOB-FN WORM! | No |
| Y | D-Link Air USB Utility | AirCFG.exe | D-Link wireless PCI adapter related | No |
| Y | D-Link Air Utility | AirCFG.exe | D-Link wireless PCI adapter related | No |
| N | D-Link AirPlus DWL-650+ Utility | WLANMON.exe | D-Link Air Plus Wireless PC modem connection monitor | No |
| Y | D-Link AirPlus G | AirGCFG.exe | D-Link Airplus Wireless Router driver | No |
| Y | D-Link AirPlus G Wireless Utility | AirPlus.exe | D-Link AirPlus G wireless configuration and monitoring utility | No |
| U | D-Link AirPlus XtremeG | AirPlusCFG.exe | D-Link AirPlus XtremeG wireless configuration utility | No |
| N | D066UUtility | D066UUTY.EXE | TWAIN driver for the CanoScan D660U flatbed scanner. Start scanning via your scanner management software | No |
| X | D3**.exe [* = random char] | D3**.exe [* = random char] | CoolWebSearch/HomeSearch adware - for examples, see this log | No |
| X | D3**32.exe [* = random char] | D3**32.exe [* = random char] | CoolWebSearch/HomeSearch adware - for examples, see this log | No |
| X | d3dupdate.exe | bbeagle.exe | Added by the BEAGLE.A WORM! | No |
| U | D4 | D4.exe | Dimension 4 - network time synchronization freeware - starts-up, adjusts the system clock, then shuts down | No |
| X | d9fw5i91p | d9fw5i91p.exe | Added by the AGENT-GIW BACKDOOR! | No |
| X | dabrun | rundll32.exe dabapi.dll, Rundll32 | SinaUpdateCenter adware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "dabapi.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| N | DACONFIGEXE | daconfig.exe | 3Com NIC Diagnostics. Available via Start -> Programs | No |
| Y | DadApp | dadapp.exe | "DadApp is the SW utility that controls the programmable buttons on Dell Laptops. Not required, but should be left in because it can create a hassle and doesn't always restore functionality to those buttons once unchecked and rechecked" - direct from Dell | No |
| N | Daemon | DAEMON32.EXE | Pre-loads game profiles for MS Sidewinder game controllers prior to release 2.0 of the software. Recommend upgrade. Available via Start -> Programs | No |
| U | Daemon | Daemon.exe | Daemon Tools - used to map an image-file (.iso, .bin etc) to a virtual CD/DVD-drive | No |
| X | Daemon | daemon.exe c daemon2.exe | Added by the SELOTIMA.A WORM! | No |
| U | DAEMON Tools | daemon.exe | Daemon Tools - used to map an image-file (.iso, .bin etc) to a virtual CD/DVD-drive | No |
| U | DAEMON Tools Pro Agent | DTProAgent.exe | DAEMON Tools Pro converts your computer games CD/DVD discs into "virtual discs" or so called "disc image" files, which run directly on your hard drive' | No |
| U | DAEMON Tools-1033 | Daemon.exe | Daemon Tools - used to map an image-file (.iso, .bin etc) to a virtual CD/DVD-drive | No |
| X | dago | fault.exe | Added by the PUNYA-A WORM! | No |
| N | Daily Planner | dayplan.exe | Daily Planner - discontinued, and now part of KMCS Deluxe System Suite. Tool to plan your days, and check activities off as you complete them | No |
| X | Daily Weather Forecast | weather.exe | Added by the DLOADER-IP TROJAN! | No |
| X | DamedWare Services | dwdrce.exe | Added by the RBOT-AOJ WORM! | No |
| X | DanBtR270414 | DanBtR270414.exe | Added by the VB-NIB WORM! | No |
| U | Dancer | DncLE.exe | Part of Microsoft Plus! Digital Media Edition - see here | No |
| X | Danton* | [random filename] | Added by the DANTON TROJAN! where * = random number | No |
| N | Dap | DAP.exe | Download Accelerator Plus from Speedbit. Download manager for resuming downloads, amongst other features. Available via Start -> Programs. Note that the free version is adware based | No |
| X | dark | imgst.scr | Added by the BANCOS.U TROJAN! | No |
| X | dark | imgrt.scr | Added by the BANCBAN-FH TROJAN! | No |
| X | dark | csrs.scr | Added by the BANCBAN-GT or BANCBAN-GU TROJANS! | No |
| X | DarkDevil.Grasiele.BR | Grasiele.VBS | Added by the LEMBRA WORM! | No |
| X | DarKNesS LsasS | LsasS23.exe | Added by an unidentified WORM or TROJAN! | No |
| X | DASDS VSAVdjs | dsabdw.exe | Added by the SDBOT-RE WORM! | No |
| ? | DashBarState | dashIE | ?? | No |
| ? | DashIE | N/A | Could be related to "Dash Power Shopping" tool bar in IE? | No |
| X | daskaskfsak6 | dsfids6.exe | Added by the ONLINEG-J TROJAN! | No |
| X | daskgfkkcx15 | dasdsaads15.exe | Added by the ONLINEG-Q TROJAN! | No |
| X | dasxdads | fsdqd.exe | Added by the GAOBOT.BIQ WORM! | No |
| X | Data | System.dat.vbs | Added by the BISCUIT.A WORM! | No |
| X | data | msngs.exe | Added by the RBOT-ADQ WORM! | No |
| X | Data File | vdehost.exe | Added by the SDBOT-DOS TROJAN! | No |
| X | Data Layer 2 | datalayer.exe | Added by the RBOT-BNF WORM! Note - do not confuse with the legitimate Nokia file sharing the same filename - this one is located in %System% | No |
| N | Data LifeGuard | BACKWE~1.EXE | Data LifeGuard diagnostic tools for Western Digital's series of hard drives | No |
| N | Data LifeGuard LifeLine Lite installer | DLGLI.EXE | Backweb installer - see here | No |
| X | Data Restore Service | prq8.exe | Added by the KELVIR.AI WORM! | No |
| X | Data789 | Regedit.exe ....data789.tmp | Homepage hijacker | No |
| X | DATABASE MySql | [path] repcale.exe [path] beird.exe | Added by the RANDON-AL WORM! Both files are often located in %System%\qsws | No |
| N | DataCaching | FlashKsk.exe | SmartMedia Card management from the installation of a SanDisk reader for a camera's SmartMedia card and also adds the "Unplug and Eject Hardware" System Tray icon | No |
| U | DataKeeper | DataKeeper.exe | PowerQuest DataKeeper (now owned by Symantec) backup software | No |
| Y | DataLayer | DataLayer.exe | Part of Nokia PC Suite version 5 - which "is a free PC software product that allows you to connect your Nokia device to a PC and access mobile content as if the device and the PC were one." Required by the Nokia status/connection monitor (NclTray.exe) | Yes |
| Y | DataLayer | DATALA~1.EXE | Part of Nokia PC Suite version 5 - which "is a free PC software product that allows you to connect your Nokia device to a PC and access mobile content as if the device and the PC were one." Required by the Nokia status/connection monitor (NclTray.exe) | No |
| N | DataViz Inc Messenger | DvzIncMsgr.exe | Installed with DataViz "Documents to Go" software | No |
| N | DataViz Messenger | DvzMsgr.exe | DataViz Documents to Go - "allows you to use your Word, Excel and PowerPoint files on your handheld anywhere, anytime. In addition, it now synchronizes e-mail with attachments, PDF files, pictures and Excel-like charts" | No |
| X | Datcheck | datcheck.exe | Added by the KEYPANIC TROJAN! | No |
| X | Date Manager | datemanager.exe | Date Manager - calender program. Spyware/adware based provided by The Gator Corporation. Please note that Claria Corporation no longer support GAIN-Supported software - see here | No |
| ? | Datechecker | N/A | Could be related to this? | No |
| X | DateMakerIntl | DateMakerIntl.exe | Premium rate adult content dialler | No |
| X | DAupdate | DAupdate.exe | NavEnhance adware | No |
| ? | DAW9532.exe | DAW9532.EXE | Loaded during installation of some 3Com network cards. Enables their DynamicAccess desktop management software. Is it required? | No |
| U | DayToday | DAYTODAY.EXE | DayToday from RoboMagic Software Corp. Displays the date on the taskbar | No |
| U | DAZEL Delivery Agent | DcDaemon.exe | Control and send documents, etc, to any destination. The Dazel Corporation has now been taken over by HP | No |
| X | dbar_starter | starter.exe | Deskbar adware - adds a search bar to your Windows taskbar which performs searches on www.w-w-w-dot-com.com | No |
| X | DbgHlp32 | DbgHlp32.exe | Added by the WINKO.AO WORM! | No |
| U | DBISQL9 | dbisqlg.exe | Related to SQL Anywhere from Sybase. A comprehensive package providing data management and data exchange technologies | No |
| N | dbserv | dbserv.exe | Database Server for Norton Ghost on Win2k Pro. Ghost works fine when it is disabled | No |
| X | dc | dc.exe | Added by the COIDUNG-A WORM! | No |
| X | dc2k5 | SVIQ.EXE | Added by the COIDUNG-A WORM! | No |
| U | DC300 Monitor | cmonitor.exe | Monitor for a Acer DC300 digital camera | No |
| X | DC6 | dc6_startupmon.exe | Part of the WinAntiVirus Pro 2006 rogue security software - not recommended | No |
| X | DC6cw | DC6cw.exe | Part of the DriveCleaner rogue security software - not recommended, removal instructions here | No |
| X | DC6_Check | uwasdc.exe | Part of the WinAntiSpyware 2006 and WinAntiSpyware 2007 rogue spyware removers - not recommended | No |
| X | DC6_check | dc6_startupmon.exe | Part of the WinAntiVirus Pro 2006 rogue security software - not recommended | No |
| X | dc6_check | dcmon.exe | SystemDoctor rogue security software - not recommended, removal instructions here | No |
| X | DCE Manager | dcemgr.exe | Added by the TUMAG TROJAN! | No |
| U | DCfssvc | dcfssvc.exe | Associated with digital cameras and can cause problems which disappear if disabled. If this program is unchecked in startup, your camera will not cause your computer to open a pop-up window when you connect it. Leave enabled if you can't load pictures from your camera/dock - Kodak's dock is an example | No |
| U | dcfssve | dcfssvc.exe | Associated with digital cameras and can cause problems which disappear if disabled. If this program is unchecked in startup, your camera will not cause your computer to open a pop-up window when you connect it. Leave enabled if you can't load pictures from your camera/dock - Kodak's dock is an example | No |
| X | DCOM Server | [path to trojan] | Added by the AGENT-CCQ BACKDOOR! | No |
| X | Dcom System Patch | Microsoft.exe | Added by the RANDEX.MS WORM! | No |
| X | dcsm | dcsm.exe | Part of the PrivacyProtector and DriveCleaner rogue security tools | No |
| N | DDCActiveMenu | DDCActiveMenu.exe | Digital Distribution Channel - formally part of the WildTangent on-line games delivery service. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case | No |
| N | DDCM | DDCMan.exe | Digital Distribution Channel - formally part of the WildTangent on-line games delivery service. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case | No |
| N | DDCMan | DDCMan.exe | Digital Distribution Channel - formally part of the WildTangent on-line games delivery service. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case | No |
| X | ddeproc | ddeproc.exe | Webcelerator from eAcceleration speeds your Web browsing by both remembering where you have been and anticipating where you will go. Only needed if you find it improves web browsing. Now no longer available and supported and when available was classed as spyware - see here | No |
| U | ddhelper | W815DM.EXE | Enuff Parental Control Software by Akrontech | No |
| X | DDialler | DDialler.exe | Adult content dialler | No |
| X | ddivmwa | [random filename] | Added by a variant of the SLAPER TROJAN! | No |
| U | DDLAgent | DDLAgent.exe | Loads Hide and Protect any Drives - which "can be used to restrict read or write access to removable media devices such as CD, DVD, floppy, flash and USB drives. You can also restrict access to partitions of hard disk drives". If disabled, hidden and locked drives still retain their original status so the user will only be able to change their status them via the main UI | Yes |
| U | ddoctorv2 | sprtcmd.exe /P ddoctorv2 | Comcast Desktop Doctor (provided by SupportSoft, Inc) is a free self-help tool for Comcast broadband users. Identifies and automatically fixes typical problems that may occur with your high-speed internet service | No |
| X | DDriver | windrv.exe | Added by the DELF.WG TROJAN! | No |
| X | DDriver | svchost.exe | Added by a variant of the DELF.IT TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! The location of this file varies | No |
| ? | DDT | N/A | ?? | No |
| U | DDWMon | ddwmon.exe | Direct Disc Writer Event Monitor from TOSHIBA | No |
| X | de32gen | de32gen.exe | Added by a variant of the CRYPTER.C TROJAN! | No |
| N | DeadAIM | rundll32.exe DeadAIM.ocm, ExportedCheckODLs | DeadAIM - feature enhancing product for AOL's Instant Messenger program | No |
| X | DeadKitty | DeadKitty.exe | Added by the DEADCAT-A WORM! | No |
| X | DealHelperBrwsr | dhbrwsr.exe | DealHelper adware | No |
| X | DealHelperDown | download.exe | DealHelper adware | No |
| X | DealHelperUpdate | DHUpdt.exe | DealHelper adware | No |
| X | Death.exe | Death.exe | Added by the DELF-ERW TROJAN! | No |
| X | Debug | DebugW32.exe | Added by the GUBED TROJAN! | No |
| X | Debugger | dbg32.exe | Added by the MYTOB-FW WORM! | No |
| X | Debugger | explorer32dbg.exe | Added by the CWS-M TROJAN! | No |
| X | Debugger | iexplore_dbg.exe | Added by the CWS-M TROJAN! | No |
| X | debugger | help.pif | Added by the DELF-DRA WORM! | No |
| X | DebugMonitor | debugmonitor.exe | Added by the MYDOOM.BG WORM! | No |
| U | DeeEnEs | DeeEnEs.exe | DeeEnEs - automatically updates a dynamic IP address when it changes | No |
| X | deejay | forboo.exe | Added by the FORBOT-AY WORM! | No |
| X | Deewoo | ncntnkwd.exe | Identified as a variant of the AdWare.Win32.ZenoSearch.am malware | No |
| X | Default | explore.vbs | Added by the ALLEM WORM! | No |
| X | Default | mtask.vbe | Added by the ALLEM WORM! | No |
| X | default | shell32.exe | Added by the BINGHE TROJAN! | No |
| X | Default | _default.pif | Added by the RUBBLE-C WORM! | No |
| U | default | mskbw.exe | PC Surveillance PRO surveillance software. Uninstall this software unless you put it there yourself | No |
| U | Default Manager | DefMgr.exe | Part of MSN Toolbar from version 4.0 onwards which includes the Bing search engine. Via Start → All Programs → Microsoft Default Manager you can elect to keep Bing as the default search engine and set it to notify you of any changes to your browsers default settings. Not required if you choose not to use Bing | Yes |
| X | Default System Research | vhchost.exe | Added by the TARNO.I TROJAN! | No |
| X | Default web browser | IexpIore.exe | Added by the OBLIVION.B TROJAN! Note - do not confuse "IexpIore.exe" with "iexplore.exe" (Internet Explorer), the first has a captial "i" in place of lower case "L" | No |
| X | DefaultConfiguration | defaultconfh.exe | Added by the AGOBOT-JC WORM! | No |
| X | Default_Page_URL | http://find.naupoint.com | Naupoint browser hijacker | No |
| X | Default_Search_URL | http://find.naupoint.com | Naupoint browser hijacker | No |
| X | defender | defender25.exe | DollarRevenue adware | No |
| X | defender | dfndref_7.exe | DollarRevenue adware | No |
| X | DefensaAntiMalware | pgs.exe | DefensaAntiMalware, Spanish rogue security software - not recommended. A member of the AVSystemCare family | No |
| X | DefenseNetSurfage | GDC.exe | DefenseNetSurfage rogue privacy tool - not recommended. A member of the PCPrivacyTool family | No |
| ? | defergui | defergui.exe | Related to IBM Standard Software Installer. What does it do and is it required? | No |
| U | DefMgr | DefMgr.exe | Part of MSN Toolbar from version 4.0 onwards which includes the Bing search engine. Via Start → All Programs → Microsoft Default Manager you can elect to keep Bing as the default search engine and set it to notify you of any changes to your browsers default settings. Not required if you choose not to use Bing | Yes |
| X | defragm_check | defragment.exe | CoolWebSearch parasite variant | No |
| X | defragsys | svchost.exe | Added by the BIFROSE-TH TROJAN! Note - this is not the legitimate svchost.exe process which should normally figure in Msconfig/Startup! | No |
| U | DefragTaskBar | defragTaskBar.exe | System Tray access to Ashampoo® Magical Defrag 2 from Ashampoo GmbH & Co. KG - which "works is similar to a screensaver. Whenever the computer is idle the program cuts in automatically and starts cleaning up your hard disk" | Yes |
| U | defragTaskBar.exe | defragTaskBar.exe | System Tray access to Ashampoo® Magical Defrag 2 from Ashampoo GmbH & Co. KG - which "works is similar to a screensaver. Whenever the computer is idle the program cuts in automatically and starts cleaning up your hard disk" | Yes |
| U | defwatch | defwatch.exe | Detects out-of-date virus definitions for Norton Anti-Virus Corporate Edition and runs the Defwatch Wizard. Only required if you don't update the virus definitions manually on a regular basis | No |
| U | Deko550 | Deko550.exe | Associated with the Deko550 entry-level SD real-time graphics system from Avid Technology | No |
| U | Delay | delayrun.exe | On HP PCs this program is used to help prevent conflicts or timing issues on fast computers | No |
| X | DelayLoad | msprint.exe | Added by a variant of the Win32.Agent.ryo malware - see here | No |
| U | Delayrun | delayrun.exe | On HP PCs this program is used to help prevent conflicts or timing issues on fast computers | No |
| N | DelayShred | ShrCL.EXE | McAfee Shredder - not required at startup. You can run it manually via McAfee Security Center | No |
| ? | delcab | deltreew.exe C:\cabs | ?? | No |
| X | Delete Me | worm.exe | Added by the DOOMHUNTER WORM! | No |
| U | DeleteHistoryFree | dhf.exe | Delete History Free - "Privacy protection software for deleting Internet surfing and other computer activity tracks from your PC" | No |
| U | Dell AIO Printer A920 | dlbkbmgr.exe | System Tray application for the Dell Photo AIO Printer 920 that enables scan or fax functions to run directly from the printer via the buttons | No |
| U | Dell AIO Printer A940 | dlbabmgr.exe | System Tray application for the Dell Photo AIO Printer 940 that enables scan or fax functions to run directly from the printer via the buttons | No |
| U | Dell AIO Printer A960 | dlbfbmgr.exe | System Tray application for the Dell Photo AIO Printer 960 that enables scan or fax functions to run directly from the printer via the buttons | No |
| N | Dell Alert | DAMon.exe | "Dell Alert" utility, that's supposed to make interaction with Support easier | No |
| U | Dell DataSafe Scheduler | DataSafeOnlineScheduler.exe | Scheduler for Dell DataSafe™ Online which "helps protect your music, photos and other important files by placing backup copies on a secure storage site using your internet connection" | No |
| U | Dell Photo AIO Printer 922 | dlbtbmgr.exe | System Tray application for the Dell Photo AIO Printer 922 that enables scan or fax functions to run directly from the printer via the buttons | No |
| U | Dell Photo AIO Printer 942 | dlbubmgr.exe | System Tray application for the Dell Photo AIO Printer 942 that enables scan or fax functions to run directly from the printer via the buttons | No |
| U | Dell Photo AIO Printer 962 | dlbxmon.exe | DellPhoto AIO Printer 962 Device Monitor | No |
| N | Dell QuickSet | quickset.exe | Dell taskbar icon allowing you to quickly change settings | No |
| Y | Dell Webcam Central | WebcamDell.exe | Dell Webcam Central - webcam management software controlling aspects such as picture control, anti-motion blur and face tracking | No |
| N | DELL Webcam Manager | DellWMgr.exe | Dell Webcam Manager - Webcam management software provided on Dell PCs | No |
| N | Dell Wireless Manager UI | wltray.exe | System tray access to wireless LAN card configuration options | No |
| Y | DellAutomatedPCTuneUp | PTAgnt.exe | PC TuneUp from Dell - "silently monitors your system, automatically running needed maintenance during idle time to keep you at peak performance" | No |
| ? | DellDMI | delldmi.exe | Possibly part of Dell OpenManage Client Instrumentation - software that allows remote management application programs to access information about, monitor the status of or change the state of the client computer, such as shutting it down remotely. Uses the DMI and/or common information model (CIM) protocols, which are systems management protocols defined by industry standards? | No |
| U | DELLMMKB | DELLMMKB.EXE | Multimedia keyboard control for Dell based PCs - only required if you use the multimedia keys | No |
| N | DellSC | dellsc.exe | Dell Solution Center - web-based troubleshooting tools and educational offerings | No |
| U | DellSupport | DSAgnt.exe | Dell Support Agent offers additional support and update features for your Dell computer or laptop | No |
| U | DellSupportCenter | sprtcmd.exe /P DellSupportCenter | Dell Support Center (provided by SupportSoft, Inc) is a free self-help tool for Dell users. Identifies and automatically fixes typical problems that may occur with your high-speed internet service | No |
| U | DellTouch | MMKeybd.exe | Dell multimedia keyboard manager. Required if you use the additional keys | No |
| U | DellTouch | DELLMMKB.EXE | Multimedia keyboard control for Dell based PCs - only required if you use the multimedia keys | No |
| ? | DellTransferAgent | TransferAgent.exe | Found on Dell computers. What does it do and is it required? | No |
| X | delmsbb | delmsbb.exe | 180Search adware | No |
| X | delsaap | delsaap.exe | NCase adware | No |
| ? | delstart | delstart.exe | Reportedly part of BT ISP software - what does it do and is it required in startup? | No |
| X | delsubmit | rundll32.exe advpack.dll, DelNodeRunDLL32 submit.exe | CoolWebSearch parasite variant | No |
| U | DeltaIITaskbarApp | DeltaIITray.exe | System Tray access to the Delta Control Panel for the M-Audio Delta series of PCI audio cards | No |
| ? | DelTmp | DelTemp.exe | Added to the startup list after installing a Creative SoundBlaster Audigy soundcard. Deletes temporary files once an installation is complete? | No |
| N | DeltTray | deltray.exe | System Tray access to the control panel for the M-Audio Delta 44 PCI Analog Recording Interface. Available via a desktop shortcut, Start -> Programs or Start -> Settings -> Control Panel | No |
| X | DeluxeCommunications | Dxc.exe | Deluxe Communications adware - successor to SurfSideKick | No |
| X | DELXP Protocol | delxp.exe | Added by a variant of the SDBOT WORM! | No |
| ? | demon | demon.exe | Part of the French Wanadoo ADSL extense pack. What does it do and is it required? | No |
| X | Deneca | Virus salvado | Added by the DELUZ VIRUS! | No |
| X | Depassx | Xfsa.exe | Added by the SDBOT-SK WORM! | No |
| U | DepFrez | frzstate.exe | Deep Freeze from Faronics Coporation. "Freezes" the current software configuration so that an a re-boot all changes made refer back to their original settings. Not required for most users - more likely to be used by system administrators, for example | No |
| X | deryheruxc | keepSafe.exe | Added by the KILLAV.KAX TROJAN! | No |
| X | DescargaBromas | rundll32.exe MSA64CHK.dll,DllMostrar | MatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System% | No |
| ? | Description of Shortcuts | *.exe | * seems to be a sequence of alphanumerics that can be different, i.e., 1960F8A9, 4EBD23F5, etc. Each of these files would appear to be a shortcut, i.e., 4EBD23F5 is actually Works Calender Reminder (found via a registry search) | No |
| X | Desire | desires.exe | Adult content dialler | No |
| ? | desk-top-service | desk-top-service.exe | ?? | No |
| X | DeskAd Service | DeskAdServ.exe | DeskAd.Service adware | No |
| N | DeskColor | DESKCOLOR.EXE | Provides transparent icon text backgrounds and coloured icon text | No |
| N | Deskflag | Deskflag.exe | DeskFlag - animated USA flag on the desktop | No |
| X | DeskMateAutoUpdate | DeskMateAutoUpdate.exe | DeskMates: Virtual scantily clad girls enhance your desktop. BargainBuddy adware related | No |
| U | deskmech | deskmech.exe | Part of Desktop Maestro from PC Tools - which "combines the features of our award winning products, Registry Mechanic and Privacy Guardian to ensure that you have the range of tools at your fingertips to ensure optimal system performance, stability and user privacy". This entry is created when Desktop Maestro is installed on XP and loads the System Tray icon and runs a registry scan at startup - if either are enabled | Yes |
| U | desksaver | desksaver.exe | Part of Advanced Desktop Shield, Easy Desktop Keeper, 1st Desktop Guard and Desktop Layout Keeper (and maybe others) - which give you the ability to save, restore, manage and lock your desktop layout that includes files and folders located on your desktop, placement of desktop icons, desired wallpaper and screen saver. For more details please see the 00DSKSVR01 or 00DSKSVR00 entries | Yes |
| U | desksaver.exe | desksaver.exe | Part of Advanced Desktop Shield, Easy Desktop Keeper, 1st Desktop Guard and Desktop Layout Keeper (and maybe others) - which give you the ability to save, restore, manage and lock your desktop layout that includes files and folders located on your desktop, placement of desktop icons, desired wallpaper and screen saver. For more details please see the 00DSKSVR01 or 00DSKSVR00 entries | Yes |
| U | Desksite CMA | cma.exe | DeskSite CMA siftware - "retrieves new content from the DeskSite Data Center" | No |
| U | DeskSlide | DeskSlide.exe | "DeskSlide is utility for automating wallpaper changes on your desktop" | No |
| X | Desktop | rundll32.exe msconfd.dll, Restore ControlPanel | Added by the BOOKMARKER TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "msconfd.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| X | desktop | desktop.exe | Added by the SDBOT.MD WORM! | No |
| X | Desktop | Desktop.com | Added by the VB-DRN WORM! | No |
| X | desktop | desktop.ini.vbs | IE-Title malware | No |
| N | Desktop Architect | DATRAY.EXE | Desktop theme manager available here - for managing the desktop appearance, fonts, sounds, etc | No |
| U | Desktop Calendar | Desktop Calendar.exe | Desktop Calendar - "Desktop Calendar is a highly customizable calendar program that turns your desktop into a traditional wall calendar, by rotating the background image on a monthly basis" | No |
| X | Desktop Defender 2010 | Desktop Defender 2010.exe | Desktop Defender 2010 rogue security software - not recommended, removal instructions here | No |
| U | Desktop Maestro | deskmech.exe | Part of Desktop Maestro from PC Tools - which "combines the features of our award winning products, Registry Mechanic and Privacy Guardian to ensure that you have the range of tools at your fingertips to ensure optimal system performance, stability and user privacy". This entry is created when Desktop Maestro is installed on XP and loads the System Tray icon and runs a registry scan at startup - if either are enabled | Yes |
| U | Desktop Maestro Vista Tray | RMTray.exe | Part of Desktop Maestro from PC Tools - which "combines the features of our award winning products, Registry Mechanic and Privacy Guardian to ensure that you have the range of tools at your fingertips to ensure optimal system performance, stability and user privacy". This entry is created when Desktop Maestro is installed on Vista and loads the System Tray icon (deskmech.exe) on runs a registry scan at startup - if either are enabled | Yes |
| N | Desktop Plant | AZARE10S.PLT | Vritual plant from here - this version is an Azalea, there are others so the filename may be different | No |
| X | Desktop Search | desktop.exe | iSearch adware | No |
| N | Desktop Service Centre | DSC.exe | OptusNet DSL or Dial-Up connection software | No |
| N | Desktop Weather | THE WEATHER CHANNEL.exe | Desktop Weather by The Weather Channel - provides current temperature, conditions, alerts, etc | No |
| N | Desktop Weather 3 | THE WEATHER CHANNEL.exe | Desktop Weather 3 by The Weather Channel - provides current temperature, conditions, alerts, etc | No |
| N | Desktop Weather 3 | THEWEA~1.EXE | Desktop Weather 3 by The Weather Channel - provides current temperature, conditions, alerts, etc | No |
| U | DesktopIconToy | DesktopIconToy.exe | "Desktop Icon Toy is an easy to use desktop icon enhancement tool, which allows you to make many funny but useful patterns out of your windows desktop icons" | No |
| U | DesktopMaestro | deskmech.exe | Part of Desktop Maestro from PC Tools - which "combines the features of our award winning products, Registry Mechanic and Privacy Guardian to ensure that you have the range of tools at your fingertips to ensure optimal system performance, stability and user privacy". This entry is created when Desktop Maestro is installed on XP and loads the System Tray icon and runs a registry scan at startup - if either are enabled | Yes |
| U | DesktopMaestro | RMTray.exe | Part of Desktop Maestro from PC Tools - which "combines the features of our award winning products, Registry Mechanic and Privacy Guardian to ensure that you have the range of tools at your fingertips to ensure optimal system performance, stability and user privacy". This entry is created when Desktop Maestro is installed on Vista and loads the System Tray icon (deskmech.exe) on runs a registry scan at startup - if either are enabled | Yes |
| N | desktopmgr | desktopmgr.exe | Synchronisation manager for the cradles for the Research In Motion range of wireless handhelds, including the "Blackberry" | No |
| X | DesktopUpdate | rundll32.exe MSA64CHK.dll,DllMostrar | MatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System% | No |
| U | DesktopX | DESKTOPX.EXE | A program that replaces the regular Desktop and Taskbar, and can be changed to the user's liking | No |
| N | deskup | deskup.exe | Adds Iomega Zip drive icons to the desktop | No |
| U | desp2k | desp2k.exe | Part of the Turbo Analyzer tool from LightComm Brazil Telecom that analyzes and corrects ADSL configurations | No |
| X | destroyb11 | destroyb11.exe | Added by the DELF-KO TROJAN! | No |
| U | detect | idetect.exe | iNTERNET Turbo from Clasys Ltd. "It accelerates any Windows 95/98/Me/NT/2000/XP internet connection in seconds". If you find it helps your connectivity leave it enabled | No |
| ? | detect | turbodetect.exe | ?? | No |
| N | Detector | detector.exe | USB port detector for LG scanners. Sits in the System Tray, and when it detects the scanner through the USB port, you can run the scanner software from the tray. It is not required at all, since you can use the scan software from almost any photo editing software | No |
| U | DetectorApp | DetectorApp.exe | Related to Roxio MyDVD (was Sonic) DVD authoring software | No |
| ? | DevconDefaultDB | READREG | Appears to be related to older Creative Soundblaster soundcards | No |
| X | Development Environment | devenv.exe | Added by the DELBOT-AH WORM! | No |
| U | DEventAgent | eventagt.exe | DEvent Agent Module client - part of Dell OpenManage and used for server management. Only required if you use this | No |
| X | devenv | smvss.exe | Added by the DEDLER-G TROJAN! | No |
| X | Device Configuration Loader | msdvc32.exe | Added by a variant of the AGOBOT/GAOBOT WORM! | No |
| U | Device Detector | DevDetect.exe | ACDSee Auto Device Detector detects when a device is connected to your PC and gives you the option to acquire images from it automatically | No |
| N | Device Detector 2 | DevDtct2.exe | Installed by various Olympus products, this program detects the active connection of a speech device (voice recorder, etc) to a USB port then runs specific client software used to access that device. The DevDtct2 process has a "high" priority level which can negatively impact system resources | No |
| X | Device Hardware | devicehnd.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Device IO System | deviceio.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Device Management | wnsystem.exe | Added by the AGOBOT-LH WORM! | No |
| X | Device Manager | wfxmgr.exe | Added by the RBOT.AJU WORM! | No |
| X | Device Security | dvcsecure.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Device Security Driver | devicesec.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Device Security Manager | dvcsecure.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| U | DeviceDiscovery | hpotdd01.exe | Detection of new imaging, printing and other peripherals on HP machines such as USB printers, cameras and Bluetooth products | No |
| X | DevicePath | Proyecto1.exe | Added by the GRUEL WORM! | No |
| X | DevicePath | Root.exe | Added by the GRUEL WORM! | No |
| U | Devices | olesvr.exe | Salfeld Child Control - parental control software | No |
| X | Devicewin | [path to trojan] | Added by the BANKER-AEV TROJAN! | No |
| U | devldr16 | devldr16.exe | Associated with some Creative Labs sound cards. Provides audio support for DOS applications. Not needed if you don't have those. Required if you use "Sound Play Control" and "Sound Recorder". To disable: (1) Disable via MSCONFIG (2) Start → Settings → Control Panel → System → Device Manager then disable "Creative SB16 Emulation" under Creative Miscellaneous Devices | No |
| U | devldr16.exe | devldr16.exe | Associated with some Creative Labs sound cards. Provides audio support for DOS applications. Not needed if you don't have those. Required if you use "Sound Play Control" and "Sound Recorder". To disable: (1) Disable via MSCONFIG (2) Start -> Settings -> Control Panel -> System -> Device Manager then disable "Creative SB16 Emulation" under Creative Miscellaneous Devices | No |
| ? | Devlog | devlog.exe | Apparently mainboard/chipset related, by a French company called AS Media - what exactly is it, and is it required | No |
| X | dfgfdgrergd | [path to trojan] | Added by the RANKY.CK TROJAN! | No |
| ? | DGJM | DGJM.exe | ?? | No |
| X | dgtstart | dgtstart.exe | DigitalNames.g adware | No |
| U | dguard | dguard.exe | eAcceleration Stop-Sign security software related. Previously not recommended, see here | No |
| X | DHCP | smss.exe | Added by the WINSPY.AG TROJAN! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\display | No |
| X | DHCP Server | regsvr.exe | Added by the RBOT-PR WORM! | No |
| X | DHCP32 | services.exe | Added by the WINSPY.AG TROJAN! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\display | No |
| Y | dhcpagnt | dhcpagnt.exe | Intel DSL modem driver - leave enabled or you'll have to re-install the drivers | No |
| X | DhcpCep | PYJJKIME.exe | Added by the AGENT-BXQ TROJAN! | No |
| ? | DHNUXB | DHNUXB.exe | ?? | No |
| X | DI2 | [path to file] | BroadcastPC adware | No |
| N | diagent | diagent.exe | System Tray access for Creative Diagnostics for the Creative SoundBlaster series soundcards. Available via Start -> Programs | No |
| X | Diagnostic | diagnostic.exe | Added by the ALPHA-C TROJAN! | No |
| X | Diagnostic Agent | diagent.exe | Added by the AGOBOT-CW WORM! | No |
| X | Dial22 | dlm.exe | Adult content dialler | No |
| X | Dial33 | dlm.exe | Adult content dialler | No |
| X | Dialer | rundll32.exe MSA32CHK.dll,Reg | MatrixDialer/Lanzar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA32CHK.dll" file is located in %System% | No |
| U | Dialer Control | dc.exe | Dialer-Control. Detects and protects from premium rate adult content diallers | No |
| U | Dialer Detect | dd.exe | DialerDetect detects stealth installed premium rate diallers, and sounds the alarm when such a connection is being installed without you knowing it | No |
| U | Dialgo SDK | PhoneAnswer.exe | Dialgo Wave Modem ActiveX - "Telephone Answering Machine for scripting your own professional call center business scripts using a voice modem. Features Caller-ID, Wave Playback, Wave Recording, Digit Monitoring, POP3 e-mail Manipulation, Speech Recognition and Synthesis" | No |
| X | DialNet | mxt32.exe | Adult content dialler | No |
| N | Dialog Box Assistant | OSDEx.exe | Dialog Box Assistant from Duality Software. Helps with the standard Open and Save As dialog boxes by showing recently used files and folders | No |
| N | Dialog Helper | PDDLGHLP.EXE | Dialog Helper from PowerDesk Pro by Ontrack. Helps with the standard Open and Save As dialog boxes by showing recently used files and folders. Available via Start -> Programs | No |
| X | DialUp Network Application | Rnaap.exe | Added by a variant of the SDBOT WORM! | No |
| X | Diam prlaer | oqedrhg.exe | Added by the SDBOT-DEU WORM! | No |
| ? | Diamondview | Diamondview.exe | Manulife Financial Insurance program. Is it required at startup? | No |
| X | DIECOX | csrss.exe | Added by a variant of the ATM.GEN TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! | No |
| X | Diesel | Recalculate.exe | Added by the LAZAR TROJAN! | No |
| U | DietK | DietK.exe | Diet Kazaa add-on for Kazaa Media Desktop - "removes all adware and popups, built in Download Accelerator, makes searches faster and helps produce more results" | No |
| U | DigiCell | DigiCell.exe | MSI DigiCell - "the most useful and powerful utility that MSI has spent much research and efforts to develop, helps users to monitor and configure all the integrated peripherals of the system, such as audio program, power management, MP3 files management and communication / 802.11g WLAN settings. Moreover, with this unique utility, you will be able to activate the MSI well-known features, Live Update and Core Center" | No |
| X | DigiD | DigitalSound.exe | Adware downloader | No |
| N | DigiGuide | CLIENT.EXE | TV guide and reminder | No |
| N | DigiGuide | client01.exe | TV guide and reminder | No |
| U | Digisoft AntiDialer | AntiDialer.exe | Digisoft AntiDialer | No |
| U | DigiSrv | DigiSrv.exe | Related to camera software from DigitalDreams | No |
| N | Digital Dashboard | devgulp.exe | For Compaq PC's. Loads Digital Dashboard options | No |
| N | Digital Line Detect | DLG.exe | Detects whether your are plugged into a digital telephone line and displays the information graphically. Installed by Dell (and maybe others) and is included with all Connexant V.92 and Broadcom modems | No |
| Y | Digital Patrol Update 5 | update.exe | Digital Patrol - "a powerful anti trojan scanner, which detects and eliminates more than 180'000 Trojan Horses and Spywares. Digital Patrol detects viruses, trojans, worms, spyware, malicious ActiveX controls and Java applets" | No |
| N | Digital River eBot | downlo~1.exe | Digital River Systems EBOT for downloading software from their site. In some cases, if you purchase software online for a download from a software manufacturer, you will be sent to this online company's site for the download after the purchase is complete. Read more here | No |
| X | DigitalNames | DigitalNamesStart.exe | DigitalNames spyware variant | No |
| N | DigitalWizard | ISWizard.exe | InstallShield's DigitalWizard - free, complete Digital Content Management Solution that makes it easy to experience digital content | No |
| N | DigitalWizard Monitor | dwMon.exe | InstallShield's DigitalWizard - free, complete Digital Content Management Solution that makes it easy to experience digital content | No |
| U | DIGServices | DIGServices | Created by Disney but licensed to ESPN for watching videos | No |
| N | DIGServices | DIGServices.exe | Created by Disney but licensed to ESPN for watching videos | No |
| N | DIGStream | digstream.exe | DIGStream Cache Manager - part of ESPN Motion and Disney Motion that periodically check for new videos and indication they're available in the System Tray. Starting ESPN Motion/Disney Motion starts digstream automatically | No |
| U | Dimension | Dimension.exe | Dimension - a program which lets you customize MSN messenger such as adding animated and coloured nicknames, personal toast creator, war tools (login flooder), and allows viewing and interacting with the raw MSN protocol | No |
| U | Dimension4 | d4.exe | Dimension 4 - network time synchronization freeware - starts-up, adjusts the system clock, then shuts down | No |
| X | Dino3 | dino3.exe | Related to Jurassic Park III and enables a dinosaur to walk across the screen. Also generates adverts and classified as adware as a result | No |
| X | Dinst | dinst.exe | IMIServer/IEPlugin adware | No |
| X | Diomacd | fdafbfd.exe | Added by the MULDROP.F TROJAN! | No |
| X | Dir1 | caKe | Added by the CAKE WORM! | No |
| X | Direct settings | sdchost.exe | Added by the DAEMONI-I TROJAN! | No |
| U | Direct Update | DUControl.exe | DirectUpdate dynamic DNS updater | No |
| X | Direct X Direct3D | dxd3d.exe | Added by a variant of the SDBOT WORM! | No |
| X | Direct X Opengl | dxopengl.exe | Added by a variant of the RBOT-CJ WORM! | No |
| X | direct3d.exe | direct3d.exe | Added by the CERTIF-F TROJAN! | No |
| N | DirectCD | DirectCD.exe | DirectCD primarily allows you to drag and drop files onto a suitably formatted CD-RW disc. Unless you use this on a frequent basis it isn't required and is available via Start -> Programs. Start the program before inserting a DirectCD formatted CD-RW in the drive. A re-boot is recommended if you close Adaptec DirectCD before re-opening it again later | No |
| X | Director Video | btnmgern.exe | Added by the MYTOB-KL WORM! | No |
| Y | Directory Opus Desktop Dblclk | dopusrt.exe | Directory Opus - an advanced file manager. "Directory Opus goes beyond the simple file manager metaphor, and offers you a complete replacement for Windows Explorer and many other utility programs for handling FTP, ZIP, viewing files and images, running slideshows and more" | No |
| X | directs.exe | directs.exe | Added by the BEAGLE.O or BEAGLE.R or BEAGLE.S or BEAGLE.T WORMS! | No |
| U | DIRECTVDSL | Directvdsl.exe | Starts DirectTV DSL modem at boot up. Can also be started manually | No |
| X | DirectX | ddhelp32.exe | Added by the BIONET.318 TROJAN! Note - not the DirectX helper which is ddhelp.exe | No |
| X | directx | Directx.exe | Added by the SDBOT.D TROJAN! | No |
| X | directx | Sqlexploit.exe | Added by the SDBOT.D TROJAN! | No |
| X | DirectX | DirectX.exe | Added by the BLAXE or LOGPOLE WORMS! | No |
| X | directx | NTCmd.exe | Added by the SDBOT.D TROJAN! | No |
| X | directx | PipeCmd.exe | Added by the SDBOT.D TROJAN! | No |
| X | DirectX 32 | directx32.exe | Added by a variant of the AGOBOT/GAOBOT WORM! | No |
| X | DirectX Driver | stdhost.exe | Added by the SDBOT.GVJ BACKDOOR! | No |
| X | DirectX Driver | stdhost.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | DirectX For Microsoft Windows | dtxservice.exe | Added by the PROGENT TROJAN! | No |
| X | DirectX for Microsoft Windows | Fservice.exe | Added by the PRORAT TROJAN! | No |
| X | DirectX for Microsoft Windows | Sservice.exe | Added by the PRORAT TROJAN! | No |
| X | DirectX For Microsoft® Windows | fservice.exe | Added by the PRORAT-L TROJAN! | No |
| X | DirectX For Microsoft® Windows | fservice.exe | Added by the PRORAT-P TROJAN! | No |
| X | DirectX shell driver | [path to trojan] | Added by the MARKTMAN-B TROJAN! | No |
| X | Directx Startup Drivers | direct.exe | Added by the RBOT.UXL WORM! | No |
| X | DirectX Video Driver | dxterm5.exe | Added by the WILAB-A TROJAN! | No |
| X | DirectX64 | DirectXset.exe | Added by the BROWNEY.A WORM! | No |
| X | DirectX9 | direct3d.exe | Added by the AGENT.EAK TROJAN! | No |
| X | DirectX9 | svchost32.exe | Added by the RBOT.AQG WORM! | No |
| X | DirectX9 Diag | dx9diag.exe | Added by the RBOT-ALT WORM! | No |
| X | DirecX | DirecX.exe | Added by the AGOBOT-HU BACKDOOR! | No |
| U | Dirkey | Dirkey.exe | Dirkey - small utility that allows you to bookmark up to 9 folders by using the Ctrl+Alt+1..9 shortcut keys in an Open/Save File dialog or in Windows Explorer. After this the Ctrl+1..9 shortcut keys can be used in the same or another window to go to any of the 9 bookmarked folders | No |
| X | DirLocker | dirlock.exe | Added by the AUTORUN-AMS WORM! | No |
| ? | Disable EHCI | nousb20.exe | ?? | No |
| N | Disc Detector | CtNotify.exe | For Creative sound cards. Detects when you insert a CD, DVD, etc | No |
| ? | disc detector | qnetquestnotifty.exe | ?? | No |
| ? | discoveg | discoveg.exe | ?? | No |
| ? | DISCover | DISCover.exe | Related to DISCover Drop from Digital Interactive Systems Corporation. What does it do and is it required? | No |
| N | DiscoverDeskshop | Deskshop.exe | Discover Deskshop - single use "virtual" credit card | No |
| U | DiscUpdateManager | DiscUpdMgr.exe | Disc Update Manager for Digital interactive's DISCover Console. Provider of on-demand video games | No |
| N | DiscUpdateManager | DiscUpdateMgr.exe | DISCover from Digital Interactive Systems Corporation Inc. "The company's patented Drop 'n' Play technology provides a simple, console-like experience when playing PC titles allowing for seamless play of CD/DVD-based games while its unique Parental Control system incorporates ESRB ratings to help users limit access to younger players" | No |
| U | DiscWizardMonitor.exe | DiscWizardMonitor.exe | Seagate DiscWizard - hard disk utility for Seagate's SATA and PATA (IDE) drives | No |
| X | Disk Check | chkdsk32.exe | Added by the IM TROJAN! | No |
| U | Disk Cleaner | DiskCleaner.Exe | Hard disk management part of TuneUp Utilities from TuneUp Distribution GmbH | No |
| X | Disk Defragmentation Loader | pmsvcr.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | Disk Essensial Tools | detsvc.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | Disk Keeper | [path to trojan] | Added by the SMALL-VE TROJAN! | No |
| X | Disk Keeper | SECURITY.EXE | Daosearch adware | No |
| X | Disk Manager | diskver.exe | Added by the RBOT.AQT WORM! | No |
| X | Disk Master | [trojan name] | Added by the DISTER TROJAN! - a spam relayer | No |
| X | Disk Panel Configuration | dpcsvc.exe | Added by the IRCBOT.BSQ BACKDOOR! | No |
| X | Disk Panel Setup | npcsvc.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | DiskCheck | msdarkend.exe | Added by an unidentified WORM or TROJAN! | No |
| N | DiskeeperSystray | DkIcon.exe | DisKeeper defragmentation software - can be started manually | No |
| X | diskinf | diskinf.exe | Added by the CRYPTER.A TROJAN! | No |
| ? | DISKMON.EXE | DISKMON.EXE | ?? | No |
| N | Disknag | disknag.exe | Dell program that reminds you to make your backup diskettes | No |
| X | DiskRetter | SysRep.exe | DiskRetter, German rogue system error and cleaning utility - not recommended. A member of the ErrClean family | No |
| X | Diskstart | Code.exe | Adult content dialler | No |
| X | Diskstart | cat.exe | MS-Connect dialler | No |
| X | Diskstart | hit.exe | Adult content dialler | No |
| X | Diskstart | Snt.exe | Adult content dialler | No |
| U | DiskSuite | aDSProcMngr.exe | Part of PC Tools Disk Suite from PC Tools - which "is an all-in-one hard-disk management utility that integrates disk optimization, defragmentation and backup tools in one easy to use package". Proxy (or agent) for the Disk Suite Service. Based upon my experience, if this is disabled it does not appear to adversely affect on-demand or scheduled tasks but has a "U" recommendation as it's function isn't fully known | Yes |
| U | Disk_Monitor | Disk_Monitor.exe | Multi-media, Smartmedia, Compact Flash card reader for reading digital camera cards. Device is recognised as internal USB disk drive. Necessary if camera cards are to be recognised as soon as they are inserted into the reader | No |
| X | disnisa | disnisa.exe | Added by the DORF-AE WORM! | No |
| X | Dispatcher | dispatcher.exe | Added by the DLOADR-AS TROJAN! | No |
| U | display | The_Eye.exe | ComSpySysSvr surveillance software. Uninstall this software unless you put it there yourself | No |
| X | Display | backup.exe | Added by the BRONTOK-CR WORM! | No |
| X | Display Drivers | cssrs.exe | Added by the AGOBOT.FX WORM! | No |
| N | Display Settings | hptasks.exe | Allows for the adjustment of the display for LCD screen, CRT Monitor and TV output on HP computers | No |
| U | DisplayFusion | DisplayFusion.exe | DisplayFusion from Binary Fortress Software - "is a fantastic application that can make your dual monitor (or triple monitor or more) life much, much easier! From allowing you to use a different wallpaper on each monitor, to integrating with Flickr for image searching, to providing hotkeys for managing your application windows" | No |
| N | DisplayTrayIcon | TrayIcon.exe | System Tray access to display properties for ABIT graphics cards. Unless you change your desktop resolution, etc regularily use Control Panel -> Display | No |
| U | Disspy | disspy.exe | Disspy spyware detection and removal software | No |
| X | Dist-FBGeneve | GDC.exe | NettoyeurDePC French rogue privacy tool - not recommended. A member of the PCPrivacyTool family | No |
| N | Distiller Assistant 3.01 | DISTASST.EXE | From Adobe. Creates PDF universal files for Acrobat Reader. Available via Start -> Programs | No |
| X | Distributed File System | Dfsvc.exe | Added by the MYFIP.A or MYFIP.K WORMS! | No |
| X | Distributed File System | kernel32dll.exe | Added by the MYFIP-C or MYFIP.K WORMS! | No |
| X | Distributed File System | blade.exe | Added by the MYFIP.AC WORM! | No |
| X | Distributed File System | win.exe | Added by the MYFIP.AB WORM! | No |
| X | Distributed Link Tracking | ascvt.exe | Added by the AGOBOT-GH BACKDOOR! | No |
| U | distributed.net client | DNETC.EXE | Dsitributed computing projects client from Distributed.net where numerous computers are used to share a projects workload - similar to SETI@Home and Folding@Home. Also prone to being distributed by viruses | No |
| Y | Dit | dit.exe | "Drive Icon and Label Utility" - assigns drive icons and names to flash memory cards. Required, otherwise the drives aren't found | No |
| X | Dit | dit.exe | Added by the LAZAR-A TROJAN! Note - this is located in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| N | DiTask.exe | DiTask.exe | Associated with an Eicon Networks ISDN or ADSL modem. System Tray icon which shows you the status of your lines (free, occupied with incoming or outgoing call). Available via Start -> Programs | No |
| ? | Divamon.exe | Divamon.exe | Associated with an Eicon Networks Diva ISDN or ADSL modem - what does it do and is it required? | No |
| X | divx | divxenc.exe | Added by the SPBOT.B TROJAN! | No |
| X | Divx | codll.exe | Added by the GRAVEBOT-A TROJAN! | No |
| X | DivX MediaPlayer 7.0 | Dr.DivX.exe | Added by the ALADINZ.G TROJAN! | No |
| X | DivX Player | DivXPlayer.exe | Added by a variant of the RBOT WORM! | No |
| X | DivX Updater | DivX.Exe | Added by the NALDEM TROJAN or MASTAK VIRUS! | No |
| X | DIVX Video Player | DIVXPloyer.exe | Added by an unidentified WORM or TROJAN! | No |
| X | Divx4 codec | devldr32.exe | Added by an unidentfied VIRUS! Note - this is not the legitimate Creative Labs devldr32.exe file | No |
| ? | Dixons Insert Detect | InsDetect.exe | Part of Dixons Picture Suite. Detects a digital camera is plugged into a USB port or when a memory card with photos is inserted? | No |
| N | DJRegFix | regedit /s c:\hp\djregfix.reg | DJRegFix showed up first in WinME as a "clever" way to ensure that all Hewlett-Packard DeskJet printers actually worked with WinME - since most were having major problems. This "utility" adds the functionality and compatibility HP forgot to add in its WinME drivers | No |
| ? | DJSNetCN | DJSNetCN.exe | "Symantec Licensing Detect Internet Connection", part of Norton Antivirus. What does it do and is it required? | No |
| X | djtopr1150.exe | djtopr1150.exe | WebRebates adware | No |
| X | dKernel | dKernel.exe | Added by the DECOY-A WORM! | No |
| Y | DkService | DkService.exe | From Executive Software's Diskeeper defragmenting utility - a replacement for Windows Disk Defragmenter. It's recommended to leave this enabled, otherwise you could have problems starting it manually. | No |
| X | DKTime | dktime.exe | Added by the LUNII TROJAN! | No |
| X | Dkware lptt01 | dkware.exe | RapidBlaster variant (in a "DonkeySoft" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here | No |
| X | Dkware ml097e | dkware.exe | RapidBlaster variant (in a "DonkeySoft" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here | No |
| ? | dkzzixm | dkzzixm.exe | ?? | No |
| Y | dla | tfswctrl.exe | Drive letter access to a UDF packet writer for CD-RW - from HP, Veritas an others. Similar to Roxio's DirectCD and does the same thing. From HP - "This is a needed file as it controles the readability of the Combo drives. Without this file loading the end user will be able to burn CD's but wont be able to read them. The drive itself will be able to read store bought master Cd's without the file but not burnt ones" | Yes |
| Y | DLA | DLACTRLW.EXE | Drive letter access to a UDF packet writer for CD-RW - from HP, Veritas and others. Similar to Roxio's DirectCD and does the same thing. From HP - "This is a needed file as it controles the readability of the Combo drives. Without this file loading the end user will be able to burn CD's but wont be able to read them. The drive itself will be able to read store bought master Cd's without the file but not burnt ones" | Yes |
| Y | DLACTRLW | DLACTRLW.EXE | Drive letter access to a UDF packet writer for CD-RW - from HP, Veritas and others. Similar to Roxio's DirectCD and does the same thing. From HP - "This is a needed file as it controles the readability of the Combo drives. Without this file loading the end user will be able to burn CD's but wont be able to read them. The drive itself will be able to read store bought master Cd's without the file but not burnt ones" | Yes |
| Y | DLACTRLW.EXE | DLACTRLW.EXE | Drive letter access to a UDF packet writer for CD-RW - from HP, Veritas and others. Similar to Roxio's DirectCD and does the same thing. From HP - "This is a needed file as it controles the readability of the Combo drives. Without this file loading the end user will be able to burn CD's but wont be able to read them. The drive itself will be able to read store bought master Cd's without the file but not burnt ones" | Yes |
| N | DlaTray | Dlatray.exe | System Tray access to DLA - Drive letter access to HP's and Veritas' version of DirectCD. Does the same thing as DirectCD. From HP - "This is a needed file as it controles the readability of the Combo drives. Without this file loading the end user will be able to burn CD's but wont be able to read them. The drive itself will be able to read store bought master Cd's without the file but not burnt ones" | No |
| N | dlbcserv | dlbcserv.exe | Related to Dell Photo Printers and provides additional configuration options for these devices | No |
| Y | DLBTCATS | rundll32 [path] DLBTtime.dll, _RunDLLEntry@16 | Resolves a timing problem where a Dell service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll) | No |
| Y | DLBUCATS | rundll32 [path] DLBUtime.dll, _RunDLLEntry@16 | Resolves a timing problem where a Dell service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll) | No |
| Y | DLBXCATS | rundll32 [path] DLBXtime.dll, _RunDLLEntry@16 | Resolves a timing problem where a Dell service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll) | No |
| Y | DLCCCATS | rundll32 [path] DLCCtime.dll,_RunDLLEntry@16 | Resolves a timing problem where a Dell service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll). If you use the 964 printer, Dell recommends leaving dlcctime.dll in place as it fixes compatibility issues on some Dell systems. If you receive an error message on system startup that reads: "Error in C:\WINDOWS\System32\spool\drivers\W32\x86\3DLCCtime.dll Missing entry: RunDLLEntry" Dell offers help here | No |
| U | dlccmon.exe | dlccmon.exe | Dell Photo AIO Printer 924 device monitor | No |
| Y | DLCDCATS | rundll32 [path] DLCDtime.dll, _RunDLLEntry@16 | Resolves a timing problem where a Dell service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll) | No |
| U | dlcdmon.exe | dlcdmon.exe | Dell Photo AIO Printer 944 device monitor | No |
| Y | DLCFCATS | rundll32 [path] DLCFtime.dll, _RunDLLEntry@16 | Resolves a timing problem where a Dell service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll) | No |
| Y | DLCGCATS | rundll32 [path] DLCGtime.dll, _RunDLLEntry@16 | Resolves a timing problem where a Dell service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll) | No |
| U | dlcgmon.exe | dlcgmon.exe | Dell Photo AIO Printer 810 device monitor | No |
| Y | DLCICATS | rundll32 [path] DLCItime.dll, _RunDLLEntry@16 | Resolves a timing problem where a Dell service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll) | No |
| X | dlcipscl | dcpavss.exe | Added by the MAILBOT-CB TROJAN! | No |
| Y | DLCJCATS | rundll32 [path] DLCJtime.dll, _RunDLLEntry@16 | Resolves a timing problem where a Dell service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll) | No |
| U | dlcjmon.exe | dlcjmon.exe | Dell Photo AIO Printer 964 device monitor | No |
| Y | DLCQCATS | rundll32 [path] DLCQtime.dll, _RunDLLEntry@16 | Resolves a timing problem where a Dell service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll) | No |
| U | dlcqmon.exe | dlcqmon.exe | Dell Photo AIO Printer 966 device monitor | No |
| Y | DLCXCATS | rundll32 [path] DLCXtime.dll, _RunDLLEntry@16 | Resolves a timing problem where a Dell service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll) | No |
| U | dlcxmon.exe | dlcxmon.exe | Dell Photo AIO Printer 926 device monitor | No |
| X | dlder | dlder.exe | Dlder spyware. Also creates a fake "explorer.exe" file and can be installed via versions of Grokster, Lime Wire and KaZaA file-sharing utilities | No |
| X | DlDir1 | caKe | Added by the CAKE WORM! | No |
| U | dldtamon | dldtamon.exe | Dell AIO Printer V305 device monitor | No |
| U | dldtmon | dldtmon.exe | Dell AIO Printer V305 device monitor | No |
| U | dldtmon.exe | dldtmon.exe | Dell AIO Printer V305 device monitor | No |
| ? | DLForcerExe | DLForcerEXE.exe | ?? | No |
| N | DLF_00000B00 | Vcdlf.exe | Known to cause problems with "Out of memory" errors (see here). Otherwise, it's purpose is unknown | No |
| N | DLG | DLGCHBW.exe | Backweb part of Data LifeGuard - diagnostic tools for Western Digital's series of hard drives. Automatically detects an internet connection and downloads any available updates | No |
| N | DLHelperEXE | WATCH.exe | Download helper distributed with some software that allows the software installation to redirect download locations. Not required once the installation is finished | No |
| X | DLHelperEXE.exe | N/A | Downloader for Microgaming/Casino software - stealth installed | No |
| X | dlhost | dlhost.exe | Added by the EXPHOOK-A TROJAN! | No |
| X | DLINK dfe drivers for Windows NT | windfe.exe | Added by the RANDEX.AK WORM! | No |
| U | DLink System Tray | dlnetst.exe | Related to D-Link DGE-530T PCI card for servers and workstations | No |
| X | Dlite | dllmanager.exe | Added by the WOOTBOT.DN WORM! | No |
| X | Dll Boot Loader on Startup (do not remove this) | [various filenames] | Added by an unidentified TROJAN! | No |
| X | Dll Link | svchoist.exe | Added by the AUTOSKY WORM! | No |
| X | Dll Link | svchost.exe | Added by the AUTOSKY WORM! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in Documents and Settings\<User>\Favourites folder | No |
| X | DLL Manager | dllmngr32.exe | Added by a variant of the RBOT WORM! | No |
| X | DLL Service Manager | [path to worm] | Added by the RPCBOT.F TROJAN! | No |
| X | dll services | [random filename].exe | Added by a variant of the SDBOT WORM! | No |
| X | DLL32 | dllmem32.exe | Added by the KWBOT.E WORM! | No |
| X | DLL32 | dllhost.dll | Added by the SUCLOVE.A WORM! | No |
| X | dllcache.exe | dllcache.exe | Added by the VISPAT.A WORM! | No |
| X | DllCacherv2 | dllcachev2.exe | Added by the LATEDA TROJAN! | No |
| X | dllcvss | [random filename] | Added by a variant of the SLAPER TROJAN! | No |
| X | dlldmt | dlldmt.exe | Added by a variant of the CRYPTER.C TROJAN! | No |
| X | DllExecutable | [path to file] | Added by the VB-SP WORM! | No |
| X | dllhelp | dllhelp.exe | Added by the STARTPAGE.DQ hijacker | No |
| X | dllhelp | dllhlp.exe | Added by the Downloader-HI TROJAN! | No |
| X | DLLHost | dllhst.exe | Added by the DELBOT-AC WORM! | No |
| X | DllHost | dllhost.exe | Added by the PROSTI.AA BACKDOOR! Note - this is not the legitimate dllhost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\Inf | No |
| X | dllhostxp.exe | dllhostxp.exe | Browser hijacker and adware downloader | No |
| X | DllLoader | lssas.exe | Added by the BDOOR-JE BACKDOOR! | No |
| X | Dlload | killer.exe | Added by the KILLAV-FK TROJAN! | No |
| X | dllreg | dllreg.exe | Added by the CRYPTER.A TROJAN! | No |
| X | DLLService32 | dllsvc32.exe | Added by the AGOBOT.VX WORM! | No |
| X | DLLUPDATE32 | dllupdate32.exe | Added by the AGOBOT.IA WORM! | No |
| N | DLM.exe | DLM.exe | IGN Download Manager has become a requirement for downloading files through FilePlanet.com. It is based on Internet Explorer and it installs through an ActiveX-plugin, hence Internet Explorer must be installed beforehand and downloads has to be initialized through that browser | No |
| N | dlmMgr | AdobeDownloadManager.exe | Adobe Download Manager - "can prevent you from having to start from the beginning should your download process be interrupted, and it offers a level of service not possible | No |
| Y | DLO Agent | DLOClientu.exe | Part of the backup suites from VERITAS - Backup Exec and NetBackup. Both have now been replaced by their Symantec equivalents since they acquired VERITAS in 2005 | No |
| U | DLPSP | DLPSP.EXE | Dell laser printer status monitor | No |
| X | dlsp2mx | dlsp2mx.exe | Added by the MPB-B DIALER! An uninstall option can be accessed via the Add or Remove Programs dialog in the Windows Control Panel. The software is listed as "dlsp2mx" | No |
| ? | DLT | dlt.exe | ?? | No |
| X | dluca | dluca.exe | Added by the DLUCA.C TROJAN! | No |
| X | dluxde | dluxde.exe | All-In-One-Telcom (adult content dialler) variant | No |
| X | Dluxjp | Dluxjp.exe | Added by the DLUCA.D TROJAN! | No |
| X | Dm Hr | lpns.exe | Added by the IRCBOT.WORM.61673 WORM! | No |
| X | DM mgr | dm_mgr.exe | Added by the JITTAR TROJAN! | No |
| X | dm***.exe [* = random char] | dm***.exe [* = random char] | Wareout - malware masquerading as a spyware and dialer remover | No |
| N | DMAScheduler | DMAScheduler.exe | Related to DigitalMedia Plus Archiver. This program is non-essential process to the running of the program, but should not be terminated unless suspected to be causing problems | No |
| X | DMC | dmc.exe | Added by Trojan-Downloader.Win32.Dluca.bv TROJAN! | No |
| U | DMHotKey | DMLoader.exe | HotKey access to the Samsung Display Manager on laptops and ultra-mobiles that support it - such as the M55 and Q1 | No |
| N | DMILDR | dmildr.exe | Part of Dell OpenManage Client Instrumentation - software that allows remote management application programs to access information about, monitor the status of or change the state of the client computer, such as shutting it down remotely. Uses the DMI and/or common information model (CIM) protocols, which are systems management protocols defined by industry standards. Available via Start -> Programs | No |
| X | dmime | dmime.exe | Malware installed by different rogue security software including SpyKillerPro | No |
| N | DMISL | DMISL.EXE | DMI (Desktop Management Interface) Service Layer for Intel TokenExpress network card software. DMI support for the Intel network card managed through the Desktop Management Interface. See here for more information | No |
| N | DMISLAPP | DMISLAPP.exe | DMI (Desktop Management Interface) Service Layer for Intel TokenExpress network card software. DMI support for the Intel network card managed through the Desktop Management Interface. See here for more information | No |
| ? | dmjay | dmjay.exe | ?? | No |
| X | dmloader | dmloader.exe | Added by a variant of the RBOT WORM! | No |
| X | Dmsvc32 | Dmsvc32.exe | Added by the AGOBOT.ABU WORM! | No |
| X | dmtdll | dmtdll.exe | Added by a variant of the CRYPTER.C TROJAN! | No |
| U | DmwClient | dmwclient.exe | DMW "anti-cheating" software for online gaming | No |
| U | DMXLauncher | DMXLauncher.exe | Part of Dell's Media Experience, a multimedia suite which offers the user functionality to organise and play music and digital video files | No |
| X | dm[3 random letters].exe | dm[3 random letters].exe | Added by the RUINDEM TROJAN! | No |
| X | DM_server | dmserver.exe | Comet Cursor adware | No |
| X | dm_service | [path to file] | Added by the MITGLIEDER.P TROJAN! | No |
| N | DNA | btdna.exe | "BitTorrent DNA is a FREE content delivery service based on the BitTorrent protocol which brings the power of user-contributed bandwidth to traditional content publishers while leaving publishers in full control of their files". Now a stand-alone product where the user creates the download, DNA used to be included with and used by earlier versions of the main BitTorrent client. As files are downloaded via a file-sharing network make sure you have good, up-to-date virus protection and check any downloads. Start manually via Control Panel → DNA | Yes |
| X | dnam | d140113.a.Stub.EXE | Added by the STUB_A TROJAN! | No |
| N | Dnar | Dnar.exe | Installed on some Dell workstations and DMI related. Tries to access the internet and is known to not be required - but what does it do? | No |
| Y | DNE Binding Watchdog | rundll dnes.dll, DnDneCheckBindings | Deterministic NDIS Extender (DNE). DNE is an NDIS-compliant module which appears to be a network device driver to all protocol stacks and a protocol driver to all network device drivers. Part of Gilat Communications internet satellite systems. Required if you have this system. Also installed by Winproxy - a proxy program for sharing internet connections through one computer. Required if you want it to work | No |
| Y | DNE DUN Watchdog | rundll dnes.dll, DnDneCheckDUN13 | Deterministic NDIS Extender (DNE). DNE is an NDIS-compliant module which appears to be a network device driver to all protocol stacks and a protocol driver to all network device drivers. Part of Gilat Communications internet satellite systems. Required if you have this system. Also installed by Winproxy - a proxy program for sharing internet connections through one computer. Required if you want it to work | No |
| X | DNHelper32 | DNHlp32.exe | Added by an unidentified WORM or TROJAN! | No |
| X | DNS | mc-58-12-0000080.exe | Shorty adware - also detected as the AGENT.FD TROJAN! | No |
| X | DNS | mc-58-12-0000093.exe | Shorty adware - also detected as the AGENT.FD TROJAN! | No |
| X | DNS | mc-110-12-0000079.exe | Shorty adware - also detected as the AGENT.FD TROJAN! | No |
| X | DNS | mc-58-12-0000120.exe | Shorty adware - also detected as the AGENT.FD TROJAN! | No |
| X | DNS | mc-58-12-0000140.exe | Shorty adware - also detected as the AGENT.FD TROJAN! | No |
| X | DNS | [worm filename] | Added by the BCKDR-CQG BACKDOOR! | No |
| X | Dns Resolver | dnsrslve.exe | Added by the RBOT-WS WORM! | No |
| X | DNS Service | dnsresolver.exe | Added by the RBOT-PQ WORM! | No |
| X | DNS Service | dnssvc.exe | Added by the DELBOT-Z WORM! | No |
| ? | DNS2GoClient | dns2goclient.exe | DNS2Go is a Domain Name System that will make your computer accessible anytime, anywhere by associating a domain name of your choice to your currently assigned IP address. Is it required? | No |
| N | DNS7reminder | Ereg.exe Ereg.ini | ScanSoft (Nuance) Dragon NaturallySpeaking registration reminder. Version 7 | No |
| X | DnsCache | Wscript.exe dns_cache.vbs | Added by the AUTORUN-AWI WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted. The "dns_cache.vbs" file is located in %System% | No |
| X | DNSCacheBoost | dnsping.exe | Added by the DNSBUST-A TROJAN! | No |
| X | dnscleaner | dnscleaner.exe | CoolWebSearch parasite variant | No |
| X | DNSE | DNSE.exe | Part of rogue security tools, including WinAntiVirus Pro 2007, PcTurboPro and SystemDoctor | No |
| ? | DNXVC | dnxvc.exe | ?? | No |
| X | doc | doc.exe | Added by the AGOBOT-BJ WORM! | No |
| X | DocTor | Doctor.exe | Added by the DOTOR.A WORM! | No |
| X | Doctor Antivirus 2008 | antvr.exe | Doctor Antivirus 2008 rogue security software - not recommended, removal instructions here | No |
| N | DocuMagix Init | PWATCH.EXE | PaperMaster is an application for the PC designed to automate the process of organizing, archiving, and retrieving digital versions of files. Start manually if needed | No |
| U | Document Manager | docmgr.exe | Wave Systems Corp. Document Manager - "provides secure storage and management capabilities for file and folder level encryption" | No |
| X | Doggy Style | MsPMSPSd.exe | Added by the SDBOT-AAP WORM! | No |
| X | DOGStart | GSDOGST.EXE | Added by an unidentified VIRUS, WORM or TROJAN! A possibility is a trojan known as PENIS | No |
| ? | Doing | doing.exe | ?? | No |
| X | doit.exe | doit.exe | Added by the FORBOT-EK WORM! | No |
| X | DokterFix | SysRep.exe | DokterFix, Dutch rogue system error and cleaning utility - not recommended. A member of the ErrClean family | No |
| X | Domain Name Resolve Service | dnsresolver.exe | Added by the KIMAN.A WORM! | No |
| X | DomPlayer Service | wakeservice.exe | DomPlayer adware | No |
| U | Don't Panic | dontpanicdemodp.exe | 30-day trial version of Don't Panic privacy software from Panicware. "Clean up Internet tracks and quickly hide personal documents with this privacy suite." | No |
| U | Don't Panic Pop-Up Stopper | dpps2.exe | Pop-Up Stopper Companion from Panicware. Pop-up blocker integrated into the IE toolbar. Note that the Pro version doesn't load in startup as it is installed as an Internet Explorer toolbar. Can cause problems with IE if you use WinXP and uninstall Service Pack 1. Uninstalling the software leaves it in the startup group | No |
| U | Don't Panic! | DP.EXE | Don't Panic! privacy software from Panicware. "Clean up Internet tracks and quickly hide personal documents with this privacy suite" | No |
| X | Dontworry | mysaym.exe | Added by the SDBOT-RC WORM! | No |
| U | Dopus | dopus.exe | Directory Opus - a file manager from GPSoft | No |
| N | DoroServer | DoroServer.exe | Doro PDF Writer from The SZ Development. All what you need for creating pdf files | No |
| X | dos | dos64.exe | Adware downloader trojan | No |
| X | Dos Prompt Loader | cygwin.exe | Added by the SDBOT-VV WORM! | No |
| ? | Dosbat | ?? | ?? | No |
| X | Dot1XCfg | Dot1XCfg.exe | Added by the AGOBOT.EA TROJAN! | No |
| U | DoubleDesktop | dd.exe | "DoubleDesktop is a smart and elegant system tray utility that effectively doubles the width of your Windows desktop" | No |
| N | DoUWantIt | duwi.exe | DoUWantIt - online shopping assistant. Start it manually | No |
| X | Dowmingzu | Dowmingzu.dll.vbs | Added by the SOLOW-E WORM! | No |
| X | down | hlp32.exe | Added by the DLOADER.BG TROJAN! | No |
| X | down | [trojan filename] | Added by the SMALL-QJ TROJAN! | No |
| U | Down2Home | Down2Home.exe | Down2Home - "monitors your ADSL/Cablemodem/Dialup traffic and provides you with usefull statistics about the amount of data your PC has transferred" | No |
| N | Download Accelerator Manager Free Edition | dam.exe | Download Accelerator Manager Free Edition from Tensons Corp | No |
| N | Download Accelerator Plus 5.0 | DAP.exe | Download Accelerator Plus from Speedbit. Download manager for resuming downloads, amongst other features. Available via Start -> Programs. Note that the free version is adware based | No |
| X | Download Plus | DownloadPlus.exe | DownloadPlus adware | No |
| N | Download Wonder | DownloadWonder.exe | Download Wonder from Forty Software. Download manager for resuming downloads, amongst other features | No |
| N | DownloadAccelerator | DAP.EXE | Download Accelerator Plus from Speedbit. Download manager for resuming downloads, amongst other features. Available via Start -> Programs. Note that the free version is adware based | No |
| X | DownloadLegalMusic | rundll32.exe MSA64CHK.dll,DllMostrar | MatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System% | No |
| X | DownloadMP3 | rundll32.exe MSA64CHK.dll,DllMostrar | MatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System% | No |
| X | DownloadsAndMP3 | rundll32.exe MSA64CHK.dll,DllMostrar | MatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System% | No |
| X | DownloadWare | dw.exe | DownloadWare adware | No |
| X | DownloadWare Engine | Dwe.exe | DownloadWare adware | No |
| X | Downxz | Downxz.bat | Added by the MYDOOM.W WORM | No |
| Y | DpAgent | dpagent.exe | Part of the DigitalPersona range of fingerprint authentication applications - which are use to replace passwords with fingerprint recognition. Included on some Dell laptop models (such as the Vostro 1720) for example | No |
| N | DPAgnt | DPAgnt.exe | digitalPersona fingerprint scanner | No |
| Y | DPAS | DPASNT.exe | DefenderPro AntiSpy spyware remover - now incorporated Defender Pro 15-in-1 and 5-in-1 | No |
| Y | DPASUpdate | DPASAutoUpdate.exe | Automatic updates for DefenderPro AntiSpy spyware remover - now incorporated Defender Pro 15-in-1 and 5-in-1 | No |
| Y | Dpcnav | dpcnav.exe | DirecWay from DirectTV (now HughesNet) - satellite based high-speed internet access | No |
| N | DPConfig | DPConfig.exe | Compuware DevPartner Studio Configuration Utility, a tool for software developers - System Tray access to configure the utility's analysis. Not required at startup, can be launched from the Start Menu programs group when needed | No |
| X | dpcproxy | dpcproxy.exe | Added by the GOLDENP-A TROJAN! | No |
| Y | DPCProxyLoadOnStartup | dpcstart.exe | DirecWay from DirectTV (now HughesNet) - satellite based high-speed internet access | No |
| Y | Dpcstart | dpcstart.exe | DirecWay from DirectTV (now HughesNet) - satellite based high-speed internet access | No |
| X | dpi | dpi.exe | Delfin Media Viewer or "Promulgate" adware | No |
| X | dpnsvr32 | dpnsvr32.exe | Added by the AOLPASS-B TROJAN! | No |
| U | dpps2 | dpps2.exe | Pop-Up Stopper Companion from Panicware. Pop-up blocker integrated into the IE toolbar. Note that the Pro version doesn't load in startup as it is installed as an Internet Explorer toolbar. Can cause problems with IE if you use WinXP and uninstall Service Pack 1. Uninstalling the software leaves it in the startup group | No |
| X | dps | dps.exe | SmartestSearch parasite - poses as a foistware, bogus adware/spyware remover called "scumware-remover" | No |
| N | dptracker | dptracker.exe | CamTrack webcam software that enhances the way people video chat | No |
| U | DpUtil | TEDTray.exe | Main executable for TOSHIBA DualPoint Utility Main Module. It is a system tray icon program that provides configuration options for dual pointing device | No |
| X | DR service | [path to worm] | Added by the RBOT-CZT WORM! | No |
| N | Drag'n'Drop_Autolaunch | Autolaunch.exe | Iomega HotBurn - CD-RW burning software | No |
| ? | DragDrop | DragDrop.exe | ?? | No |
| N | DragnDrop_Autolaunch | Autolaunch.exe | Iomega HotBurn - CD-RW burning software | No |
| X | DRam Monitor 23 | tskman3.exe | Added by a variant of the RBOT WORM! | No |
| X | DRam prmaessor | [random filename] | Added by the RBOT.CSG WORM! | No |
| X | DRam prosesor | [random filename] | Added by the SPYBOT.EE WORM! | No |
| X | DRam prosessor | [random filename] | Added by the RBOT.CSG WORM! | No |
| X | DRam prosessor | plscd.exe | Added by the RBOT.CYA WORM! | No |
| X | DRam prosessor | HWAPI.exe | Added by a variant of the RBOT WORM! Note - this is not the McAfee HackerWatch process which has the same filename | No |
| X | DRam prosessor | WindowsUpdate.exe | Added by the RBOT-BBZ WORM! | No |
| X | DRam prosessor | msupdate.exe | Added by the DELF-FAW TROJAN! | No |
| X | DRam prosessor | winupl.exe | Added by the RBOT-BCQ WORM! | No |
| X | DRam rar proc | winupdaterar.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | DRam rare proc | updaterarwin.exe | Added by the RBOT-GQW WORM! | No |
| X | DRan posessor | DAP.exe | Added by a variant of the SDBOT WORM! | No |
| X | DrAntispy | DrAntispy.exe | DrAntiSpy rogue security software - not recommended | No |
| X | DrCache | MSTDC.EXE | Added by the BDOOR-JM BACKDOOR! | No |
| X | dreams | server.exe | Added by a variant of the SDBOT WORM! | No |
| X | DrefIW | SysDrefIWv2.exe | Added by the DREF-C WORM! | No |
| X | DrefIW | SysDref.exe | Added by the DREF-D WORM! | No |
| ? | dregfix | ph_finder.exe | ?? | No |
| N | DrgToDsc | DrgToDsc.exe | Part of Roxio EasyCD Creator 6.0 - places the Roxio Drag-to-Disc icon in you system tray. "Easily drag and drop files for burning to CD or DVD. Disc formatting and burning will happen automatically". Not required for Roxio to work properly | No |
| ? | dried.exe | dried.exe | ?? | No |
| X | drin | [path to trojan] | Added by the SMALL.DPB TROJAN! | No |
| X | DriveCleaner 2006 Free | UDC2006.exe | DriveCleaner rogue security software - not recommended, removal instructions here | No |
| X | DriveCleaner Free | UDC.exe | DriveCleaner rogue security software - not recommended, removal instructions here | No |
| X | DriveDefender | GDC.exe | DriveDefender rogue privacy tool - not recommended. A member of the PCPrivacyTool family | No |
| U | DriveIcons | DriveIcon.exe | Drive Icons from Realtek - shows a specific icon for each card type for their card reader controllers | No |
| U | DriveLED | OODLed.exe | O&O DriveLED - hard disk monitoring and crash prevention | No |
| X | Driver | gbot.exe | Added by the JUNTADOR.K TROJAN! | No |
| X | Driver32 | Scam32.exe | Added by the SIRCAM WORM! | No |
| X | DriverCheck | svchost.exe | Added by the DELF-KR TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "DriverLoad" sub-directory of the Root folder (C:\), (D:\), etc | No |
| X | DriverConf | dvrconf.exe | Added by the AGOBOT-IY WORM! | No |
| X | DriverDB | svcmdx32.exe | Added by the BERPI TROJAN! | No |
| X | DriverLoad | svchost.exe | Added by the DELF-KR TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "DriverLoad" sub-directory of the Root folder (C:\), (D:\), etc | No |
| U | DriverMagicLogon | dmschedule.exe | Part of DriverMagic - "the easiest way to locate device drivers" | No |
| N | DriverMax | devices.exe | DriverMax from Innovative Solutions - "a new tool that allows you to download the latest driver updates for your computer. No more searching for rare drivers on discs or on the web or inserting one installation CD after the other" | No |
| X | DriverModule | csrnvrt.exe | Added by the IRCBOT.I TROJAN! | No |
| X | DriverPath | system32.exe | Added by the PRORAT-S TROJAN! | No |
| X | Drivers for Internet Explorer | accesweb.exe | Added by the STARTPAGE.FW TROJAN! | No |
| X | Drives swap | AV1i.exe | Anti-Virus Number-1 rogue security software - not recommended, removal instructions here | No |
| N | DriveSelect | driveselect.exe | DVD X Copy XPress by 321 Studios. Creates a pop-up at Windows startup that asks for the DVD drive to be selected. Available via Start -> Programs | No |
| X | DriveSystem | maxpaynowti1.exe | Added by the TIBS.AZT TROJAN! | No |
| U | drkly16j | rundll32.exe drkly16j.dll, ServiceCheck | KidsWatch Time Control parental control software | No |
| X | DRM Upgrade | drmupgd.exe | Added by the IRCBOT.AWU BACKDOOR! | No |
| U | dRMON SmartAgent | SmartAgt.exe | Part of the network monitoring program group for 3Com NIC cards. See here for more info | No |
| X | drmsrv32 | stmhosts.exe | Added by the AGENT.AGWU TROJAN! | No |
| X | drmu | W95Mm.exe | Homepage hijacker installing a toolbar: http://tdko.com/. Lop.com in disguise | No |
| X | Drmupgds | Drmupgds.exe | Maxfiles adware | No |
| X | drocher | d.exe | Adult content dialler | No |
| X | DropSpam Lifestyle | dslifestyle.exe | Dropspam adware | No |
| X | DrProtection | DrProtection.exe | DrProtection rogue security software - not recommended | No |
| X | drvddll.exe | drvddll.exe | Added by the BEAGLE.AP WORM! | No |
| X | Drvddll_exe | drvddll.exe | Added by the BEAGLE.X WORM! | No |
| U | DrvIcon | DrvIcon.exe | "Vista Drive Icon changes the drive icons shown in Windows "My Computer", to a nearly Vista drive icon, showing the drive's free space with a smooth colored horizontal bar" | No |
| ? | DrvListnr | DrvListnr.exe | Analog Devices SoundMAX soundcard related. What does it do and is it required? | No |
| U | drvlsnr | drvlsnr.exe | Compaq/ADI SoundMAX integrated digital audio controller related. May solve a problem if your sound cuts out unexpectedly | No |
| U | DrvMon.exe | DrvMon.exe | Alcor drive monitor software | No |
| X | drvnetw | drvnetw.exe | Added by the BROGGER-B TROJAN! | No |
| X | drvr32h | drvr32h.exe | Added by an unidentified VIRUS, WORM or TROJAN! | No |
| X | drvrmanager | drvrquery32.exe | Added by the BOOHOO WORM! | No |
| X | DrvStart | HPMedia.exe | Added by the BANCBAN-QE TROJAN! | No |
| X | drvsys.exe | drvsys.exe | Added by the BEAGLE.W WORM! | No |
| X | drvsyskit | hidr.exe | Added by the BAGLE.HR WORM! | No |
| X | drvupd | rundll32 ..drvupd.inf | Hijacker - drvupd.inf file installs a "searchforge.com" hijack | No |
| X | drv_st_key | hidn.exe | Added by the BEAGLE.FF WORM! | No |
| X | DrWatson | drwatson_.exe | Added by the LOHAV-S TROJAN! | No |
| X | DrWatson | drwatson_32.exe | Added by the LOHAV-S TROJAN! | No |
| X | DrWeb Antivirus | DRWEBAV.EXE | Added by an unidentified WORM or TROJAN! | No |
| Y | Drwebscheduler | Drwebscd.exe | DrWeb antivirus related - scheduler that allows you to manage an automatic launch of applications, in particular the antivirus scanner or the update subsystem | No |
| X | DR_S | DR_S.exe | IstBar adware | No |
| X | ds | ds.exe | Added by the SPYMON TROJAN! | No |
| U | DS Clock | dsclock.exe | Digital desktop clock including synchronization with atomic servers - see here | No |
| X | dS35DLL | ffqca.exe | Added by the SDBOT-KV WORM! | No |
| X | dsa | dsa.exe | Homepage hijacker - redirecting to downseek.com | No |
| X | DSAcass | [path to file] | Added by the RANKY.M TROJAN! | No |
| X | dsadlsa14 | dsakfsak14.exe | Added by the ONLINEG-P TROJAN! | No |
| X | DSB | DSB.exe | EnergyPlugin adware | No |
| U | dscactivate | dsca.exe | Dell Support Agent offers additional support and update features for your Dell computer or laptop | No |
| X | dsd | zz.exe | Added by the RBOT-FOX WORM! | No |
| N | DSentry | DSentry.exe | Anti-spyware from Dell. Seems that after Dell found out certain applications being installed from DVD's would report back information about what customers were watching, they decided to implement an anti-spyware service. Run manually before installation starts | No |
| X | dsfghjgj | keepSafe.exe | Added by the KILLAV.KAX TROJAN! | No |
| X | Dsi | dp-******.exe | Added by an unidentified adware where ****** are random characters | No |
| X | Dsi | dp-him.exe | Added by the MULTIDR-AH TROJAN! | No |
| X | Dskcompat | Dskcompat.exe | Added by the GEMA TROJAN! | No |
| U | DSKEY | DsKey.exe | Part of PC PhoneHome - "secretly sends an invisible email message to an email address of your choice containing the physical location of your computer every time you get an Internet connection". Security software from Brigadoon Security Group for tracking down lost/stolen computers | No |
| X | DSKEY | [path to trojan] | Added by the STARTER-G TROJAN! | No |
| N | DSL Monitor | spdstrm.exe | Comes with Efficient Networks DSL Modems. Little red/green/yellow flashing icon in system tray | No |
| Y | DSLagentexe | DSLagent.exe | Used in conjunction with USB connected ADSL modems from Eicon Networks (as used by BT for its Broadband internet service for example). Required for a permanent ADSL connection | No |
| Y | dslmon | dslmon.exe | Sagem DSL modem related. Apparently needed to detect the modem | No |
| U | DSLSTATEXE | dslstat.exe | System tray connection status for ADSL modems from Eicon Networks (as used by BT Broadband for example) | No |
| X | DsmSer | dsm.exe | Added by the SERFLOG.B WORM! | No |
| X | DsmSer | msmpatch.exe | Added by the SERFLOG.B WORM! | No |
| X | DsmSer | svosm.exe | Added by the SERFLOG.B WORM! | No |
| X | DsmSer | sysup.exe | Added by the SERFLOG.B WORM! | No |
| Y | DSndUp | DSndUp.exe | Utility that only runs once after installing the drivers for Analog Devices SoundMax integrated soundcards. It's exact purpose is unknown at the present time but from the filename it's probably used to configure the default or generic speaker arrangement for the system it's used on | Yes |
| X | DsplObjects | windspl.exe | Added by the BEAGLE.DN WORM! | No |
| X | DSS | dssagent.exe | Registration reminder for Mattel Interactive (Broderbund) applications and games. Spyware as it sends encrypted emails about the system back to the originators of the program. Also a resource hog. See here for more info | No |
| X | DSS | [path to trojan] | Added by the DSSDOOR-C TROJAN! | No |
| X | DSService | dmrss.exe | Added by the AGOBOT-XX WORM! | No |
| ? | DSSSGENS | dssagens.exe | ?? | No |
| X | dstiosys | plsitctl.exe | Added by the MAILBOT-BX TROJAN! | No |
| X | DSystemDriver | windrv.exe | Added by the DELF.WG TROJAN! | No |
| U | DT 11Mbps WLAN PC Card Station | DTCARDMonitor.exe | 11Mbps PC Card based wireless LAN connection monitor - possibly from Deutsche Telekom | No |
| U | DT 11Mbps WLAN USB Station | DTUSBMonitor.exe | 11Mbps USB based wireless LAN connection monitor - possibly from Deutsche Telekom | No |
| U | DT HPW | DTHtml.exe | HP My Display from HP. Rebranded version of Display Tune from Portrait Displays, Inc. - which "is the perfect software utility to initially set-up and adjust your display to achieve its optimum performance. All adjustments are made through a simple graphical user interface" | No |
| U | DT Task | DTHtml.exe | Display Tune from Portrait Displays, Inc. - which "is the perfect software utility to initially set-up and adjust your display to achieve its optimum performance. All adjustments are made through a simple graphical user interface." Also licensed and renamed by manufacturers such as Gateway (EzTune), HP (HP My Display), Hyundai ImageQuest (ImageTune), LG (forteManager) and ViewSonic (PerfectSuite™ Plus) | No |
| N | DU Meter | DUMETER.EXE | Hagel Technologies internet bandwidth monitor | No |
| U | DualCoreCenter | StartUpDualCoreCenter.exe | Unified control center for overclocking both the graphics card and the CPU, but for the program to have its full functionality you must have an MSI mainboard with a CoreCell chip | No |
| ? | Duane Reade Insert Detect | InsDetect.exe | Part of Duane Read Picture Suite & Digital Image Pack. Detects a digital camera is plugged into a USB port or when a memory card with photos is inserted? | No |
| X | duck | duck.exe | Added by the AGOBOT-AVG WORM! | No |
| N | Dulux WeatherShield WeatherDesk | weather.exe | Dulux WeatherShield WeatherDesk - latest weather information from across Australia | No |
| X | Dumeter Services | dumeter.exe | Added by the SDBOT-AEQ WORM! | No |
| X | dumprep | spoolc.exe | Detected by Kaspersky as a variant of the AGENT.CXF TROJAN! | No |
| X | dumprep | dump-k.exe | Added by the BUZUS-U WORM! | No |
| N | dumprep 0 -k | dumprep 0 -k | Used in connection with memory dumps - you can disable these by - right clicking on My Computer, selecting Properties and then the Advanced tab. Click on the Settings button in 'Startup and Recovery'. In the bottom pane - under 'Write debugging information' - click on the down arrow and then select 'None' - OK your way out | No |
| N | dumprep 0 -u | dumprep 0 -u | Used in connection with memory dumps - you can disable these by - right clicking on My Computer, selecting Properties and then the Advanced tab. Click on the Settings button in 'Startup and Recovery'. In the bottom pane - under 'Write debugging information' - click on the down arrow and then select 'None' - OK your way out | No |
| X | DUN_SERVICES3 | dun3.exe | Added by the SOKIRON TROJAN! | No |
| X | Duweculey | yujixit.exe | Added by the SDBOT.BRP WORM! | No |
| X | Duwee wong Cerbon | Cirebons.exe | Added by the BHARAT.A WORM! | No |
| X | DVAScvssdfa | AsSDdwd.exe | Added by the LIOTEN.IP TROJAN! | No |
| U | DVD Device Lock for Win95/98/Me/2k/XP | DDLAgent.exe | Loads Hide and Protect any Drives - which "can be used to restrict read or write access to removable media devices such as CD, DVD, floppy, flash and USB drives. You can also restrict access to partitions of hard disk drives". If disabled, hidden and locked drives still retain their original status so the user will only be able to change their status them via the main UI | Yes |
| X | DVD Upgrade | dvdupgd.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| N | dvd43 | DVD43_Tray.exe | DVD43 is "a small tool that integrates into Windows and overrides CSS copy-protection found on DVD movies" | No |
| U | DVD43 | DVD43.exe | DVD43 is a small tool that overrides CSS copy-protection found on DVD movies | No |
| X | dvd98 | windvd98.exe | Added by the CULT.P WORM! | No |
| N | DVD@ccess | DVDAccess.exe | Part of DVD Studio Pro from Apple Inc. - "The DVD@CCESS feature allows you to add additional interactivity to your DVD title when it is played on a computer" | No |
| ? | DVDAgent | DVDAgent.exe | Found on the HP Touchsmart range of desktops and notebooks. What does it do and is it required? | No |
| U | DVDBitSet | DVDBitSet.exe | DVD+RW Drive/Disc Compatibility Setting. Installed with HP DVD+RW drives to enhance compatibility with existing readers. You can also set a DVD+RW default drive write mode which is always used | No |
| ? | DVDCheck | DVDCheck.exe | Related to an Intervideo program. What does it do and is it required in startup? | No |
| X | Dvdcompat | Dvdcompat.exe | Added by the GEMA TROJAN! | No |
| N | DVDLauncher | DVDLauncher.exe | Part of Cyberlink's Power Cinema - allows you to play DVDs upon insertion | No |
| N | DVDSentry | DSentry.exe | Anti-spyware from Dell. Seems that after Dell found out certain applications being installed from DVD's would report back information about what customers were watching, they decided to implement an anti-spyware service. Run manually before installation starts | No |
| N | DVDTray | DVDTray.exe | HP CD/DVD Tray icon installed with the DVD writer software. Periodically checks for new drive firmware | No |
| N | DVDUpgrade | DVDUpgrd.exe | Microsoft program to upgrade your DVD decoder program - see Q306331. Available via Start -> Programs | No |
| N | DVDXGhost | DVDGhost.EXE | DVD Ghost - "utility to make your software DVD players and DVD copy/backup softwares restriction-free, and copy/backup DVD to hard disk" | No |
| U | dvHighMem | cfgmng32.exe | Related to PureSight PC - designed to offer maximum flexibility and choice as families manage their internet use | No |
| Y | Dvp95 | Dvp95.exe | Scan engine for F-Secure and Command antivirus software based on the F-Prot AntiVirus engine | No |
| Y | dvpapi9x | DVPAPI9X.exe | Command AntiVirus for Windows 95/98/Me | No |
| Y | DvpInitExe | Dvpinit.exe | Command Antivirus related | No |
| Y | dvprpt | Dvprpt.exe | Command Antivirus related | No |
| X | dvraudio | dvraudio.exe | Added by a variant of the CRYPTER.C TROJAN! | No |
| X | dvsfss | fbsfsdrs.exe | Added by the SDBOT-QA WORM! | No |
| U | DVSync | dvsync.exe | DVSync is the program that allows you to synchronize your daVinci's PDA's data with your Personal Information Manager on the PC | No |
| X | DvVideo32 | dvvid32.exe | Added by the TINY.FD TROJAN! | No |
| X | Dvx | wsxsvc.exe | Delfin Media Viewer or "Promulgate" adware variant | No |
| X | dw | dw.exe | DownloadWare adware | No |
| N | DW4 | Weather.exe | Desktop Weather 4 by The Weather Channel - provides current temperature, conditions, alerts, etc | No |
| N | DW4 | DesktopWeather.exe | Desktop Weather 4 by The Weather Channel - provides current temperature, conditions, alerts, etc | No |
| N | DW6 | DesktopWeather.exe | Desktop Weather 6 by The Weather Channel - provides current temperature, conditions, alerts, etc | No |
| U | DWHeartbeatMonitor | DWHeartbeatMonitor.exe | DWHeartbeatMonitor.exe is installed alongside the Weather.com instant messaging utility. This is a non-essential process. Disabling or enabling this is down to user preference | No |
| N | DwlClient | support.exe | Download manager for Dell support alerts | No |
| X | dwqblwppx.exe | [random].exe | Okcashbackmall adware | No |
| X | dwqblwpvl.exe | [random].exe | Okcashbackmall adware | No |
| X | dwqblwrsq.exe | [random].exe | Okcashbackmall adware | No |
| U | DWQueuedReporting | dwtrig20.exe | Used to launch Microsoft Error Reporting (DW20.exe) - if, for example, there have been an error downloading malware definition updates for Windows Defender - which gives the user the chance to send the error report to Microsoft to improve their software | Yes |
| N | dwStart | FireWall.exe | The Shield firewall from pcsecurityshield.com. Not recommended by some (see here) and there are better free alternatives out there such as Zone Alarm. Located in %ProgramFiles%\PCSecurityShield\The Shield Firewall | No |
| U | dwtrig20 | dwtrig20.exe | Used to launch Microsoft Error Reporting (DW20.exe) - if, for example, there have been an error downloading malware definition updates for Windows Defender - which gives the user the chance to send the error report to Microsoft to improve their software | Yes |
| X | DW_Start | rwwnw64d.exe | Identified as a variant of the AdWare.Win32.ZenoSearch.am malware | No |
| X | Dx | sys*.exe [* = random number] | Added by the DEXTER.A WORM! | No |
| X | Dx8compat | Dx8compat.exe | Added by the GEMA TROJAN! | No |
| X | dxdiag diagnose | msidxdia.exe | Added by a variant of the RBOT WORM! | No |
| X | dxdiags.exe | dxdiags.exe | Added by the CERTIF-G TROJAN! | No |
| X | DxDialog | dxdlg32.exe | Added by the VB-CXT TROJAN! | No |
| X | dxdll32 | ntxdll.exe | Added by the GAOBOT.CPX WORM! | No |
| N | DXDllRegExe | dxdllreg.exe | Created when you select "Yes" to check the "WHQL Digital signatures" in the DirectX9 files at the first time you open it | No |
| X | DxLoad | DX3DRndr.exe | Added by the GIBE.B WORM! | No |
| N | DXM6Patch_981116 | p_981116.exe | Win32 cabinet self extractor. More info here | No |
| X | dxmsrv | dxmsrv.exe | Added by an unidentified WORM or TROJAN! | No |
| X | Dxsty | Dxsty.exe | Added by the GEMA TROJAN! | No |
| X | Dxupdate.exe | Dxupdate.exe | Added by the MAFEG WORM! | No |
| X | dxvid | dxvid.exe | Added by the DLUCA-Y TROJAN! | No |
| X | DyFuCA | optimize.exe | Adult content dialler - see here | No |
| X | DyFuCA Active Alert | actalert.exe | Adult content dialler - see here | No |
| X | Dynamic DHCP | dydhcp.exe | Added by the RINBOT.B TROJAN! | No |
| X | Dynamic Dns Binary | dynitora.exe | Added by the RBOT-WT WORM! | No |
| X | Dynamic Dns Binary | CMD16.EXE | Added by the RBOT-XM WORM! | No |
| X | Dynamic Dns Binary | winxp34.exe | Added by a variant of the RBOT WORM! | No |
| X | Dynamic Dns Binary | WinHelpcfn.exe | Added by a variant of the RBOT WORM! | No |
| X | Dynamic Link Library loader | Loader32.exe | Added by the KOL TROJAN! | No |
| U | DynDNS Updater | DynDNS.exe | Dynamic DNS IP address updater tool, used as a client for Dynamic DNS service providers such as http://www.DynDNS.org | No |
| N | DynDNS-Updater Traytool | ddutray.exe | DynDNS updater tray icon - allows easy configuration of the Dynamic DNSSM service. Can be run manually | No |
| X | DynHttp Dns Binary | dynizari.exe | Added by a variant of the RBOT WORM! | No |
| U | DynSite | DynSite.exe | DynSite - dynamic DNS client, also called an automatic IP updater | No |
| U | Dynu Basic Client | dynubas.exe | Dynu online dynamic IP update client. Useful when using a dial up modem | No |
| ? | DZKillMe | DZSAVEME.EXE | ?? | No |
| U | D_V_T | dvt.exe | DICOM Validation Tool - "DICOM is increasingly being used as the standard communication mechanism when integrating various medical products in a hospital environment" | No |
| ? | D_V_T | dvt.exe | Installation could be a crack/hack to NOD32 - see here. Seen and removed in many logs. Investigate it further and if the file C:\d_v_t.reg is present then it should be fixed. Not to be confused with the DICOM entry here | No |
| X | E-Card | ecard.exe | Added by the YODI WORM! | No |
| U | E-color | IconMgr.Exe | Sets the colour of your monitor when running games that recognise E-Color so that you get 'what the game designer intended' when you see the game. Also allows monitor callibration through a program called 3-Deep. If you play a lot of games it can be useful. Can be disabled from starting up from within the program | No |
| N | E-Color Registration | SonnReg.exe | Registration for Colorific® and 3Deep® monitor calibration sofware from E-Color. Now superseded by ColorWizzard™ and 3DxWizzard™ | No |
| X | E-nrgyPlus | E-nrgyPlus.exe | Energyplus - tracks internet activity including websites visited and queries made at popular search engines. This information along with some system information is sent to a remote site | No |
| U | e-Surveiller Station | estation.exe | ESurveiller - surveillance software. Uninstall this software unless you put it there yourself | No |
| U | E06DXLRD_7604703 | EDICT.EXE | Related to Microsoft Encarta dictionary functions | No |
| N | E6TaskPanel | TaskPanl.exe | Earthlink Task Panel - part of Earthlink TotalAccess 2003 internet access software. Quick access to internet, E-mail and web-space | No |
| N | EA Core | Core.exe | Electronic Arts EA Link software - "gives you a secure yet simple way to download EA PC games and patches, as well as other exclusive content" | No |
| U | eabconfg.cpl | EabServr.exe | Easy Access Buttons control panel on Compaq laptops. Only required if you use the extra keys | No |
| X | Eac Download | download.exe | Webcelerator from eAcceleration speeds your Web browsing by both remembering where you have been and anticipating where you will go. Only needed if you find it improves web browsing. Now no longer available and supported and when available was classed as spyware - see here | No |
| U | EACLEAN | eaclean.exe | For Compaq PC's. Easy Access button support for the keyboard | No |
| X | Eac_Cnry | canary.exe | Added by the CANARY TROJAN! | No |
| ? | Eac_rnvdl | ANTIVIRUS_INSTALL.EXE | ?? | No |
| U | EanthologyApp | EANTHO~1.EXE | eAcceleration Stop-Sign security software related. Previously not recommended, see here | No |
| U | EanthologyApp | eanthology.exe | eAcceleration Stop-Sign security software related. Previously not recommended, see here | No |
| U | eanthology_install.exe | eanthology_install.exe | eAcceleration Stop-Sign security software related. Previously not recommended, see here | No |
| U | eanth_critical_update_alert | sys_alert.exe | eAcceleration Stop-Sign security software related. Previously not recommended, see here | No |
| U | eanth_critical_update_alert | EANTHO~1.EXE | eAcceleration Stop-Sign security software related - previously not recommended (see here). It has now been delisted, so make sure you have the latest version | No |
| U | eanth_system_patcher | sys_alert.exe | eAcceleration Stop-Sign security software related. Previously not recommended, see here | No |
| N | Eapcisetup | sbsetup.exe | Rockwell RipTide soundcard application software. Sound works without it | No |
| N | EAPCISETUP | wizard.exe | Part of the Creative Sounblaster PIC Installation Wizard. Probably left as a result of a failed installation | No |
| Y | Earthlink Protection Control Center | elnk_pcc.exe | EarthLink Protection Control Center - "powerful, integrated security program makes it easier than ever to protect yourself against viruses, spyware, and hackers-all from one convenient location" | No |
| N | EarthLink ToolBar 5.0 | etoolbar.exe | EarthLink Toolbar is a tool to help you get to all of the resources of the internet. EarthLink 5.0 Setup adds a few basic buttons to the Toolbar, but you can delete these or add more buttons any time | No |
| U | Easy Key | easykey.exe | For programming of the built-in functions keys on some laptops (and maybe desktops). Required if these are used | No |
| N | Easy Start Button | esb.exe | Provides functionality on certain laptops that have additional keys. Not required unless you use the extra keys | No |
| U | Easy-PrintToolBox | BJPSMAIN.EXE | A utility to launch the applications that are bundled with a Canon bubblejet printer | No |
| X | EasyAV | EasyAV.exe | Added by the NETSKY.S or NETSKY.T WORMS! | No |
| X | EasyDates | EasyDates.exe | Premium rate adult content dialler | No |
| X | EasyDates_gb | EasyDates_gb.exe | "Edate-A" premium rate adult content dialler | No |
| X | EasyDates_nl | EasyDates_nl.exe | Adult content dialler | No |
| U | EasyKey | easykey.exe | For programming of the built-in functions keys on some laptops (and maybe desktops). Required if these are used | No |
| U | EasyKeyboardLogger | EasyKeyboardLogger.exe | EasyKeyLogger keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| U | EasyLinkAdvisor | LinksysAgent.exe | Linksys EasyLink Advisor - "the free application that provides and easy way to setup, view, manage, and repair your network" | No |
| X | EasyMessage | em2.exe | 180solutions adware | No |
| N | EasyNetwork | McENUI.exe | McAfee's EasyNetwork user interface - "enables secure file sharing, simplifies file transfers, and automates printer sharing among the computers in your home network." Part of McAfee's security products such as Total Protection and Internet Security | Yes |
| X | EasySearchBar | ESBUpdate.exe | EasySearchBar adware downloader | No |
| X | easyServ | Server.exe | Added by the EASYSERV TROJAN! | No |
| X | EasySpywareCleaner | EasySpywareCleaner.exe | EasySpywareCleaner rogue spyware remover - not recommended, removal instructions here | No |
| U | EasySync Pro | XCPCMenu.exe | "IBM® Lotus® EasySync® Pro is a personal productivity solution that provides data synchronization between your IBM Lotus Notes® desktop and handheld devices running PalmOS and Windows CE/Pocket PC operating systems" | No |
| U | EasySync Pro - 3CmPlm | AutoDet.exe | 3Com Palm PC specific translator for IBM® Lotus® EasySync® Pro - "a personal productivity solution that provides data synchronization between your IBM Lotus Notes® desktop and handheld devices running PalmOS and Windows CE/Pocket PC operating systems" | No |
| U | EasySync Pro - LtNts4 | NtsAgent.exe | Lotus Notes 4 specific translator for IBM® Lotus® EasySync® Pro - "a personal productivity solution that provides data synchronization between your IBM Lotus Notes® desktop and handheld devices running PalmOS and Windows CE/Pocket PC operating systems" | No |
| U | EasySync Pro - PocketPC | AUTODE~1.EXE | Windows Mobile Pocket PC specific translator for IBM® Lotus® EasySync® Pro - "a personal productivity solution that provides data synchronization between your IBM Lotus Notes® desktop and handheld devices running PalmOS and Windows CE/Pocket PC operating systems" | No |
| U | EasySync Pro - PocketPC | AutoDetect.exe | Windows Mobile Pocket PC specific translator for IBM® Lotus® EasySync® Pro - "a personal productivity solution that provides data synchronization between your IBM Lotus Notes® desktop and handheld devices running PalmOS and Windows CE/Pocket PC operating systems" | No |
| U | EasyTuneIII | EasyTune.exe | Tuning (overclocking) utility for Gigabyte motherboards. Shortcut available | No |
| U | EasyTuneIV | ET4Tray.exe | Tuning (overclocking) utility for Gigabyte motherboards. Shortcut available | No |
| U | EasyTuneV | GUI.exe | Tuning (overclocking) utility for Gigabyte motherboards. Shortcut available | No |
| X | easywww | easywww2.exe | Added by an unidentified VIRUS, WORM or TROJAN! | No |
| U | eAudio | eAudio.exe | Part of Acer Empowering Technology. Acer eAudio Management provides centralized control over notebook audio and specialized audio modes for movies, music and games | No |
| X | EbatesMoeMoneyMaker | wjview ...Code | Ebates adware | No |
| X | EbatesMoeMoneyMaker0 | EbatesMoeMoneyMaker0.exe | Ebates adware | No |
| X | eBay Toolbar | EBAYTBAR.EXE | eBay Toolbar - reportes as spyware as it "phones home" | No |
| U | eBayToolbar | eBayTBDaemon.exe | eBay toolabar related - also contains eBay account Guard which monitors for fraudulent eBay sites | No |
| X | ebmmm | ebatesmmmv.exe | Ebates adware | No |
| U | eBoard | Eboard.exe | eMachines multimedia keyboard manager. Required if you use the extra keys | No |
| N | eBot | DownloadWizard.exe | eBot from Digital River - "helps ensure your computer always has the latest technology, fixes, add-ons, upgrades and 'cool stuff'." Can optionally be installed with software such as Net Nanny internet filtering software. Available via Start -> Programs | No |
| U | EC21 | EZQ.EXE | Related to EC21 "the world's largest B2B marketplace to facilitate online trades between exporters and importers from all around the world" | No |
| U | ECenter | gtb.exe | Dell E-Center/Google Toolbar related | No |
| N | ECenter | EULALauncher.exe | End User License Agreement (EULA) launcher - related to Dell E-Center/Google Toolbar | No |
| X | ecko | claro.exe | Added by the DLOADR-AQJ TROJAN! | No |
| ? | ecpe | ECPE.EXE | ?? | No |
| U | eDataSecurity Loader | eDSloader.exe | Part of Acer Empowering Technology. "Acer eDataSecurity Management is a handy file encryption utility that protects files from being accessed by unauthorized persons, using passwords and advanced encryption algorithms" | No |
| N | edexter | edexter.exe | eDexter supplements internet filtering by substituting local images for filtered images in order to prevent browser stalls and other annoyances. Can be activated manually when starting the browser | No |
| X | editpad | editpad.exe | Added by the CONSPER-B TROJAN! | No |
| N | EDLoader | DTLoader.exe | Effective Desktop from MiniStars Software - desktop management software no longer being supported | No |
| U | eDonkey2000 | edonkey2000.exe | File sharing network - not recommended as the free version of this application should be avoided as it installs, without permission, New.Net, Webhancer, WebSearch Toolbar and WinTools | No |
| U | EDRestore | ?? | Set Point from Easy Desk Software - "small utility that automatically sets System Restore points for WinME/XP" | No |
| X | educational writer | [random filename] | Added by the RBOT-LZ WORM! | No |
| U | Edwizard | Edwizard.exe | SafeGuard Easy - "provides total company-wide protection for sensitive information on laptops and workstations. Boot protection, pre-boot user authentication and hard disk encryption using powerful algorithms guarantee against unauthorized access and hacker attacks" | No |
| X | EDxMC110 | Isass.exe | Added by the VB-NIA WORM! | No |
| X | Edzy AntiVirus | dppsfa.exe | Added by a variant of the RBOT WORM! | No |
| X | Eech | hoor.exe | PurityScan adware | No |
| N | EEventManager | EEventManager.exe | Part of the Epson Creativity Suite supplied with their multi-function printer/scanners, Event Manager launches File Manager or PageManager for EPSON automatically when you press the B&W Start or Color Start button on the control panel in Scan mode | No |
| X | Efata | [random 5 characters].exe | Added by the FLUKAN-D WORM! | No |
| U | eFax 4.1 | J2GDllCmd.exe | DLL Command Utility for version 4.1 of eFax Messenger from j2 Global Communications, Inc. - which "is powerful Internet fax software that makes it easy to create, annotate, sign, zoom and print faxes from any computer" | No |
| U | eFax 4.1 | J2GTray.exe | System Tray access to version 4.1 of eFax Messenger from j2 Global Communications, Inc. - which "is powerful Internet fax software that makes it easy to create, annotate, sign, zoom and print faxes from any computer" | No |
| U | eFax 4.2 | J2GDllCmd.exe | DLL Command Utility for version 4.2 of eFax Messenger from j2 Global Communications, Inc. - which "is powerful Internet fax software that makes it easy to create, annotate, sign, zoom and print faxes from any computer" | No |
| U | eFax 4.2 | J2GTray.exe | System Tray access to version 4.2 of eFax Messenger from j2 Global Communications, Inc. - which "is powerful Internet fax software that makes it easy to create, annotate, sign, zoom and print faxes from any computer" | No |
| U | eFax 4.3 | J2GDllCmd.exe | DLL Command Utility for version 4.3 of eFax Messenger from j2 Global Communications, Inc. - which "is powerful Internet fax software that makes it easy to create, annotate, sign, zoom and print faxes from any computer" | No |
| U | eFax 4.3 | J2GTray.exe | System Tray access to version 4.3 of eFax Messenger from j2 Global Communications, Inc. - which "is powerful Internet fax software that makes it easy to create, annotate, sign, zoom and print faxes from any computer" | No |
| U | eFax 4.4 | J2GDllCmd.exe | DLL Command Utility for version 4.4 of eFax Messenger from j2 Global Communications, Inc. - which "is powerful Internet fax software that makes it easy to create, annotate, sign, zoom and print faxes from any computer" | No |
| U | eFax 4.4 | J2GTray.exe | System Tray access to version 4.4 of eFax Messenger from j2 Global Communications, Inc. - which "is powerful Internet fax software that makes it easy to create, annotate, sign, zoom and print faxes from any computer" | No |
| U | eFax DllCmd | J2GDllCmd.exe | DLL Command Utility for eFax Messenger from j2 Global Communications, Inc. - which "is powerful Internet fax software that makes it easy to create, annotate, sign, zoom and print faxes from any computer" | No |
| U | eFax DllCmd 3.5 | J2GDllCmd.exe | DLL Command Utility for version 3.5 of eFax Messenger from j2 Global Communications, Inc. - which "is powerful Internet fax software that makes it easy to create, annotate, sign, zoom and print faxes from any computer" | No |
| U | eFax DllCmd 4.0 | J2GDllCmd.exe | DLL Command Utility for version 4.0 of eFax Messenger from j2 Global Communications, Inc. - which "is powerful Internet fax software that makes it easy to create, annotate, sign, zoom and print faxes from any computer" | No |
| U | eFax Live Menu 3.3 | J2GDllCmd.exe | DLL Command Utility for version 3.3 of eFax Messenger from j2 Global Communications, Inc. - which "is powerful Internet fax software that makes it easy to create, annotate, sign, zoom and print faxes from any computer" | No |
| N | eFax Tray Menu | HotTray.exe | eFax Messenger Tray Menu system tray icon for eFax Messenger Plus. Available via Start -> Programs. Disabling instructions available here | No |
| U | eFax Tray Menu | J2GTray.exe | System Tray access to eFax Messenger from j2 Global Communications, Inc. - which "is powerful Internet fax software that makes it easy to create, annotate, sign, zoom and print faxes from any computer" | No |
| U | eFax Tray Menu 3.3 | J2GTray.exe | System Tray access to version 3.3 of eFax Messenger from j2 Global Communications, Inc. - which "is powerful Internet fax software that makes it easy to create, annotate, sign, zoom and print faxes from any computer" | No |
| U | eFax Tray Menu 3.5 | J2GTray.exe | System Tray access to version 3.5 of eFax Messenger from j2 Global Communications, Inc. - which "is powerful Internet fax software that makes it easy to create, annotate, sign, zoom and print faxes from any computer" | No |
| U | eFax Tray Menu 4.0 | J2GTray.exe | System Tray access to version 4.0 of eFax Messenger from j2 Global Communications, Inc. - which "is powerful Internet fax software that makes it easy to create, annotate, sign, zoom and print faxes from any computer" | No |
| N | eFax.com Tray Menu | HotTray.exe | eFax Messenger Tray Menu system tray icon for eFax Messenger Plus. Available via Start -> Programs. Disabling instructions available here | No |
| X | efaxs lptt01 | efaxs.exe | RapidBlaster variant (in a "efaxs" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here | No |
| X | efaxs ml097e | efaxs.exe | RapidBlaster variant (in a "efaxs" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here | No |
| U | EFI Hot Folders | hffw.exe | "EFI Hot Folders improves productivity by simplifying the printing of PostScript and PDF files into a select, drag, and drop process. Once users create Hot Folders with different printing and finishing parameters, files are printed without opening an application or print driver menu." Part of EFI's high-end printing solutions | No |
| U | EFI Job Monitor | [path] efjm.dll,run | Ricoh Imagio Printer/Scanner driver status monitor | No |
| U | Efpap.exe | Efpap.exe | Easy File & Folder Protector. Deny access to certain files and folders, or to hide them securely from viewing and searching | No |
| X | egikugu | napolecy.exe | Added by the SDBOT.AOE WORM! | No |
| N | EgisTecLiveUpdate | EgisUpdate.exe | Software updater for biometric and data encryption products from EgisTec Inc | No |
| Y | egui | egui.exe | User interface for ESET NOD32 Antivirus and Smart Security | No |
| X | ehSched | ehSched.exe | Added by the SDBOT-DHF WORM! | No |
| U | ehTray | ehtray.exe | Media Center Tray Applet - part of Windows Media Center on XP MCE, Vista and Windows 7 (where it doesn't run as a startup). Allows Windows Media Center to be started by pressing the green button on a remote control and also displays System Tray notifications, such as recording status (successful or non-successful), EPG download notification, etc | Yes |
| U | ehTray.exe | ehTray.exe | Media Center Tray Applet - part of Windows Media Center on XP MCE, Vista and Windows 7 (where it doesn't run as a startup). Allows Windows Media Center to be started by pressing the green button on a remote control and also displays System Tray notifications, such as recording status (successful or non-successful), EPG download notification, etc | Yes |
| X | ei10.exe | ei10.exe | Added by the AGOBOT-NK WORM! | No |
| U | Eicon NetworksLAN_DAEMON | watch.exe | Associated with an Eicon Networks ISDN or ADSL modem. Watch protocols your connection with numbers and duration. You need callvu.exe (from Start Menu) to see your connection statistics. You can manually start watch.exe before you go online. Needs diinfo.exe (started by DiTask) to work correctly which can be started manually | No |
| U | Eicon TechnologyLAN_DAEMON | watch.exe | Associated with an Eicon Networks ISDN or ADSL modem. Watch protocols your connection with numbers and duration. You need callvu.exe (from Start Menu) to see your connection statistics. You can manually start watch.exe before you go online. Needs diinfo.exe (started by DiTask) to work correctly which can be started manually | No |
| X | eixfi | china.bat | Added by the WCUP.A WORM! | No |
| X | eKerberos | eKerberos.exe | eKerberos rogue security software - not recommended | No |
| U | Elbycheck | ElbyCheck.exe | From Elaborate Bytes who make CloneCD - monitors the installed filters of CD-ROMs/DVD-ROMs. Note - under Win2K removing this from startup causes the CD drive in the computer to not be recognized in the OS and after rechecking it prompts that the driver has been corrupted and asks you to restart the computer to fix it | No |
| U | Electron Microscope | EMIII.exe | Electron Microscope or EM - is a program used to track Stanford's distributed computing program client called Folding at Home, FAH. It will monitor up to 50 clients and give you the details about each client's progress as the FAH client runs. EM will also show you what each change in the protein looks like as the process continues | No |
| X | Element | Element.txt | Added by the ELEM TROJAN! | No |
| X | element furth | [path] repcale.exe [path] palsp.exe | Added by a variant of the RANDON.AN WORM! Both files are often located in %System%\vert | No |
| X | elitemedia | elitemediapop.exe | Added by the LOWZONE-BB TROJAN! Also known as Elitebar/EliteToolbar/EliteSidebar adware | No |
| X | EliteProtector | EliteProtector.exe | EliteProtector rogue spyware remover - not recommended, removal instructions here | No |
| N | elm | Elmenv.exe | ViaTech eLicense for securing, distributing and selling music online | No |
| X | ELNKProxy | smproxy.exe | Surfmonkey adware | No |
| U | ELSA WINman Suite | Winmsuit.exe | Allows you to totally customize your ELSA graphics card settings, including overclocking the GPU | No |
| Y | ElsaCapiCtl | Rcapi.exe | Assumed to stand for Remote Common Application Programming Interface (RCAPI), this was installed with an Elsa Microlink ISDN modem. If it is not there you can not bring up the dialog box which is sometimes needed to reset the modem | No |
| U | ELSAChipGuard | elsavect.exe | ChipGuard for ELSA graphics cards - monitoring solution which monitors both the GPU temperature and fan speed, and will halt the system if either are at dangerous levels and restore the default clock speeds upon reboot. Leave enabled if overclocking | No |
| U | ELSBLaunch | ELSBLaunch.exe | EarthLink SpamBlocker | No |
| N | EMA.exe | EMA.EXE | Time management system which helps you to manage your time and appointments | No |
| U | eMachines eBoard | Eboard.exe | eMachines multimedia keyboard manager. Required if you use the extra keys | No |
| Y | Email Protection | emlproxy.exe | AntiVirus Quick Heal - E-mail protection | No |
| Y | EmailScan | mcvsescn.exe | Related to McAfee AntiVirus suite - used to automatically scan incoming e-mails | No |
| X | eMakeSV | EMAKESV.EXE | "Switch" adult content dialer | No |
| X | eMakeSV | EMAKE2B.EXE | "Switch" adult content dialer | No |
| U | EMBASSY Trust Suite Secure Update | AutoUpdate.exe | Updates for Wave Systems Corp. Embassy Trust Suite - "delivers advanced levels of security to the client PC using the TPM security chip found on most enterprise PCs today" | No |
| X | eMCryT Sh3ars Panagers | [path to worm] | Added by the RBOT-AWI WORM! | No |
| X | eMessenger | emsn.exe | Added by the RBOT.AHO BACKDOOR! | No |
| U | EMMeter | EMMeter.exe | "Express Meter lets you track and manage software usage so you can avoid purchasing and supporting applications that aren't being used, and prevent the use of unauthorized programs" | No |
| X | emoc0re | emo.exe | Added by the AGOBOT-AGE WORM! | No |
| U | Emouse | Emouse.exe | Genius mouse driver - required if you use non-standard Windows driver features | No |
| U | emoze | emoze.exe | emoze pcConnector - "Push your personal & business emails, contacts & calendar directly to your mobile device!" | No |
| X | empin | e121307.exe | Delfin Media Viewer adware related | No |
| X | empin | e121307.Stub.exe | Delfin Media Viewer adware related | No |
| ? | Empowering Technology Launcher | eAPLauncher.exe | Part of Acer Empowering Technology. What does it do and is it required? | No |
| ? | EmpoweringTechnology | Framework.Launcher.exe | Part of Acer Empowering Technology. What does it do and is it required? | No |
| X | emre1 | emre1.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | emsw.exe | emsw.exe | Attune HelpExpress - spyware. Disable and uninstall - see here | No |
| X | emule | emule.exe | Added by the RBOT-ALZ WORM! Note - do not confuse with the legitimate eMule peer-to-peer (P2P) file-sharing program which is normally located in %ProgramFiles%\eMule. This one is located in %System% | No |
| N | eMule | emule.exe | eMule - "one of the biggest and most reliable peer-to-peer file sharing clients around the world. Thanks to it's open source policy many developers are able to contribute to the project, making the network more efficient with each release". As eMule is a is a peer-to-peer (P2P) file-sharing client used to distribute large amounts of data between multiple users make sure you have good, up-to-date virus protection and check any downloads | No |
| N | eMuleAutoStart | emule.exe | eMule - "one of the biggest and most reliable peer-to-peer file sharing clients around the world. Thanks to it's open source policy many developers are able to contribute to the project, making the network more efficient with each release". As eMule is a is a peer-to-peer (P2P) file-sharing client used to distribute large amounts of data between multiple users make sure you have good, up-to-date virus protection and check any downloads | No |
| N | eMusicClient Systray | eMusicClient.exe | eMusic MP3 download software | No |
| U | EM_EXEC | EM_EXEC.EXE | Logitech Mouseware driver. Needed to support some additional functionality of Logitech mice/trackballs such as "SmartMove". If you disable it and find you don't need it leave it disabled | No |
| N | EN4060C Taskbar | en4060ct.exe | Comes with Efficient Networks DSL Modems. Little red/green/yellow flashing icon in system tray | No |
| X | enBrowser | [name of file] | WINBO adware | No |
| ? | encapsulated command tool | wintr.com | ?? | No |
| N | Encarta Dictionary Quickshelf | QSHLFED.EXE | Provides quick access to Encarta's Dictionary features? | No |
| N | ENCMONITOR | monitor.exe | The Encompass Monitor. This program is the Connect Direct Program. It is more trouble than it is worth and few use it | No |
| N | Encoder Agent | WMENCAGT.EXE | MS Windows Media Encoder, which already has a shortcut in the Start Menu if installed | No |
| U | Encompass_ENCMONTR | ENCMONTR.EXE | Optional simple browser from Yahoo (Encompass) | No |
| ? | ENCSurf | surfboard.exe | ?? | No |
| N | Energizer FileSaver | Energizer FileSaver.exe | Energizer FileSaver - UPS back-up utility for Energizer UPS products. From their Tech Support staff this is known to have a memory leak since it's release - with no fix planned! It will grab 2-5 handles per second and crash the average system in less than 3 days - therefore not recommended | No |
| X | EnergyPlugIn | EnergyPlugin.exe | EnergyPlugin adware variant | No |
| U | enginecs2 | enginecs2.exe | Cyber Sentinel - internet filtering software | No |
| Y | EngUtil | EngUtil.exe | Part of Roxio EasyCD Creator 6.0 - corrects any modification made to the Roxio Engine, it exits after checking | No |
| X | Enh Win Updt | enhupdt.exe | Adware - detected by Kaspersky as the ONECLICKNETSEARCH.H TROJAN! | No |
| X | enhance32 | enhance32.exe | Added by the CRYPTER.A TROJAN! | No |
| N | EnigmaPopupStop | EnigmaPopupStop.exe | Part of Enigma SpyHunter - not recommended, see here | No |
| ? | ENSApServer2_0 | APSERVER.EXE | Intel AnyPoint Wireless II Home Network related. Now discontinued. What does it do and is it required? | No |
| ? | ENSMIX32.EXE | ENSMIX32.EXE | Sound card driver. Is it required? | No |
| U | EnsoniqMixer | starter.exe | Puts the Ensoniq mixer in system tray. From Ensoniq Technologies "Our mixer is a critical part of the soundcard as it fixes sound problems and replaces the MS mixer which can no longer be used". If you find you don't need it - try one of the solutions on this special page. Similar to Creative PCI Audio Configuration Utility | No |
| U | Entbloess 2 | Entbloess2.exe | Related to Window-Switcher (now Reflex Vision) - it allows you to see previews of all your open applications via a single keystroke in a manner similar to Apple's Exposé, for Windows 2K/XP | No |
| U | Enterprise Harmony | rsMenu.exe | Enterprise Harmony 99 for CASIO - synchronization software for use with Microsoft® Outlook 97/98/2000 | No |
| U | Enterprise Harmony '99 | rsMenu.exe | Enterprise Harmony 99 for CASIO - synchronization software for use with Microsoft® Outlook 97/98/2000 | No |
| X | Enterprise Suite | WE[random characters].exe | Enterprise Suite rogue security software - not recommended, removal instructions here | No |
| U | Enterra Icon Keeper | IcnKeepr.exe | Icon Keeper - "tool to save and restore icon positions on the desktop" | No |
| X | EntraOcio | rundll32.exe MSA64CHK.dll,DllMostrar | MatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System% | No |
| X | Enumerate Service | wsys.exe | Added by the MANIFEST TROJAN! | No |
| Y | EnvyHFCPL | EnMixCPL.exe | VIA Envy24 PCI Audio Controller driver | No |
| U | eonemng | eOneMng.exe | eOne Manager, provides access to the buttons on the keyboard and on the front of the console for the eMachines eOne PC | No |
| U | EOUApp | EOUWiz.exe | Intel ProSET Wireless related - provides additional configuration options for these devices | No |
| U | EOUWiz | EOUWiz.exe | Intel ProSET Wireless related - provides additional configuration options for these devices | No |
| U | EPGServiceTool | EPGClient.exe | Electronic Programme Guide (EPG) for the WinTV range of TV Tuners from Hauppauge | No |
| U | EPGServiceTool | EPGCLI~1.EXE | Electronic Programme Guide (EPG) for the WinTV range of TV Tuners from Hauppauge | No |
| U | EPM-DM | epm-dm.exe | Device Manager - part of Acer Empowering Technology. "Acer ePower Management is a straightforward interface that allows users to select from pre-configured power usage profiles, or to create their own customized profiles" | No |
| U | ePowerManagement | ePM.exe | Part of Acer Empowering Technology. "Acer ePower Management is a straightforward interface that allows users to select from pre-configured power usage profiles, or to create their own customized profiles" | No |
| U | ePower_DMC | ePower_DMC.exe | Part of Acer Empowering Technology. "Acer ePower Management is a straightforward interface that allows users to select from pre-configured power usage profiles, or to create their own customized profiles" | No |
| U | EPoXUSDM | USDM.EXE | EPoX Universal Serial Data Monitor - a diagnostics tool that shows Temps, Fan Speeds, Voltages...etc | No |
| N | ePrint 3.0 Service | EPRINT3.EXE | LEADTOOLS ePrint file conversion software - "convert any file to and from over 150 document and image formats including searchable PDF, DOC, HTML, TXT, Multi-page TIFF, JPG, GIF, PNG and many more!" Can be started manually | No |
| N | ePrint 4.0 Service | EPRINT4.EXE | A component of the "LEADTOOLS ePrint File Conversion Software - Convert ANY file to and from over 150 document and image formats including searchable PDF, DOC, HTML, TXT , Multi-page TIFF, JPG, GIF, PNG and many more!" Can be started manually | No |
| U | ePrompter | ePrompter.exe | ePrompter - E-mail notification software | No |
| N | EPS | e_srcv02.exe | According to the Epson info: "Use this utility to automatically check for errors and also check the level of ink remaining." This utility can also be started on demand when about to print as follows: File menu > Print to bring up the print dialog box. Click on the Properties button which will bring up a display with 4 tabs. Click the Utility tab to get a list of utilities that can be executed including the Status Monitor 3 Environment Check | No |
| N | EPS | e_srcv03.exe | According to the Epson info: "Use this utility to automatically check for errors and also check the level of ink remaining." This utility can also be started on demand when about to print as follows: File menu > Print to bring up the print dialog box. Click on the Properties button which will bring up a display with 4 tabs. Click the Utility tab to get a list of utilities that can be executed including the Status Monitor 3 Environment Check | No |
| X | Epsilon Squared | vmmreg32.exe | Added by the AGENT.MVC TROJAN! | No |
| N | EPSON Background Monitor | STMS.EXE | Supposed to keep an Epson printer ready for quick printing. Users report little difference whether it is on or not | No |
| U | EPSON CardMonitor | EPSON CardMonitor1.0.exe | Monitors the PCMCIA memory card slot on EPSON cameras and printers and launches PhotoStarter or PhotoPrint | No |
| U | EPSON PictureMate Deluxe | E_FATI9TA.EXE | Epson Status Monitor 3 for the PictureMate Deluxe compact photo printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Status Monitor 3 | E_[various].EXE | Epson Status Monitor 3 for their range of printer and AIO devices - for monitoring printer status, checking ink levels, etc | No |
| N | EPSON Status Monitor 3 Environment Check | e_srcv03.exe | According to the Epson info: "Use this utility to automatically check for errors and also check the level of ink remaining." This utility can also be started on demand when about to print as follows: File menu > Print to bring up the print dialog box. Click on the Properties button which will bring up a display with 4 tabs. Click the Utility tab to get a list of utilities that can be executed including the Status Monitor 3 Environment Check | No |
| N | EPSON Status Monitor 3 Environment Check | e_srcv02.exe | According to the Epson info: "Use this utility to automatically check for errors and also check the level of ink remaining." This utility can also be started on demand when about to print as follows: File menu > Print to bring up the print dialog box. Click on the Properties button which will bring up a display with 4 tabs. Click the Utility tab to get a list of utilities that can be executed including the Status Monitor 3 Environment Check | No |
| N | EPSON Status Monitor 3 Environment Check 2 | e_srcv03.exe | According to the Epson info: "Use this utility to automatically check for errors and also check the level of ink remaining." This utility can also be started on demand when about to print as follows: File menu > Print to bring up the print dialog box. Click on the Properties button which will bring up a display with 4 tabs. Click the Utility tab to get a list of utilities that can be executed including the Status Monitor 3 Environment Check | No |
| N | EPSON Status Monitor 3 Environment Check 2 | e_srcv02.exe | According to the Epson info: "Use this utility to automatically check for errors and also check the level of ink remaining." This utility can also be started on demand when about to print as follows: File menu > Print to bring up the print dialog box. Click on the Properties button which will bring up a display with 4 tabs. Click the Utility tab to get a list of utilities that can be executed including the Status Monitor 3 Environment Check | No |
| U | EPSON Stylus C120 Series | E_FATICCA.EXE | Epson Status Monitor 3 for the Stylus C120 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus C40 Series | E_S10IC2.EXE | Epson Status Monitor 3 for the Stylus C40 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus C41 Series | E_S10IC2.EXE | Epson Status Monitor 3 for the Stylus C41 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus C42 Series | E_S10IC2.EXE | Epson Status Monitor 3 for the Stylus C42 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus C43 Series | E_S08IC1.EXE | Epson Status Monitor 3 for the Stylus C43 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus C43 Series | E_S10IC2.EXE | Epson Status Monitor 3 for the Stylus C43 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus C44 Series | E_S10IC2.EXE | Epson Status Monitor 3 for the Stylus C44 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus C45 Series | E_S4I3T1.EXE | Epson Status Monitor 3 for the Stylus C45 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus C46 Series | E_S4I0T1.EXE | Epson Status Monitor 3 for the Stylus C46 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus C48 Series | E_S4I091.EXE | Epson Status Monitor 3 for the Stylus C48 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus C60 Series | E_S10IC2.EXE | Epson Status Monitor 3 for the Stylus C60 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus C61 Series | E_S10IC2.EXE | Epson Status Monitor 3 for the Stylus C61 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | Epson Stylus C62 Series | E-S0BIC1.EXE | Epson Status Monitor 3 for the Stylus C62 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus C62 Series | E_S10IC2.EXE | Epson Status Monitor 3 for the Stylus C62 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus C63 Series | E_S10IC2.EXE | Epson Status Monitor 3 for the Stylus C63 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus C64 Series | E_S10IC2.EXE | Epson Status Monitor 3 for the Stylus C64 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus C64 Series | E_S4I2C1.EXE | Epson Status Monitor 3 for the Stylus C64 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus C66 Series | E_S4I0S2.EXE | Epson Status Monitor 3 for the Stylus C66 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus C67 Series | E_FATIAAL.EXE | Epson Status Monitor 3 for the Stylus C67 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | Epson Stylus C82 Series | E_S0HIC1.EXE | Epson Status Monitor 3 for the Stylus C82 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus C82 Series | E_S10IC2.EXE | Epson Status Monitor 3 for the Stylus C82 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus C84 Series | E_S10IC2.EXE | Epson Status Monitor 3 for the Stylus C84 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus C84 Series | E_S4I2D1.EXE | Epson Status Monitor 3 for the Stylus C84 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus C87 Series | E_FATIABL.EXE | Epson Status Monitor 3 for the Stylus C87 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus CX2900 Series | E_FATIBFP.EXE | Epson Status Monitor 3 for the Stylus CX2900 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus CX3100 | E_S10IC2.EXE | Epson Status Monitor 3 for the Stylus CX3100 printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus CX3200 | E_S10IC2.EXE | Epson Status Monitor 3 for the Stylus CX3200 printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus CX3600 Series | E_FATI9BE.EXE | Epson Status Monitor 3 for the Stylus CX3600 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus CX3700 Series | E_FATIACP.EXE | Epson Status Monitor 3 for the Stylus CX3700 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus CX3800 Series | E_FATIACA.EXE | Epson Status Monitor 3 for the Stylus CX3800 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus CX3900 Series | E_FATIBEP.EXE | Epson Status Monitor 3 for the Stylus CX3900 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus CX4200 Series | E_FATIAEA.EXE | Epson Status Monitor 3 for the Stylus CX4200 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus CX4500 Series | E_FATI9AP.EXE | Epson Status Monitor 3 for the Stylus CX4500 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus CX4600 Series | E_FATI9AA.EXE | Epson Status Monitor 3 for the Stylus CX4600 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus CX4700 Series | E_FATIADL.EXE | Epson Status Monitor 3 for the Stylus CX4700 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus CX4800 Series | E_FATIADA.EXE | Epson Status Monitor 3 for the Stylus CX4800 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus CX5000 Series | E_FATIBVA.EXE | Epson Status Monitor 3 for the Stylus CX5000 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus CX5400 | E_S4I2G1.EXE | Epson Status Monitor 3 for the Stylus CX5400 printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus CX5500 Series | E_FATICAP.EXE | Epson Status Monitor 3 for the Stylus CX5500 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus CX6000 Series | E_FATIBIA.EXE | Epson Status Monitor 3 for the Stylus CX6000 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus CX6500 Series | E_FATI9EP.EXE | Epson Status Monitor 3 for the Stylus CX6500 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus CX6600 Series | E_FATI9EE.EXE | Epson Status Monitor 3 for the Stylus CX6600 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus CX6600 Series | E_FATI9EA.EXE | Epson Status Monitor 3 for the Stylus CX6600 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus CX7000F Series | E_FATIBKA.EXE | Epson Status Monitor 3 for the Stylus CX7000F Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus CX7400 Series | E_FATICDA.EXE | Epson Status Monitor 3 for the Stylus CX7400 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus CX7800 Series | E_FATIAFA.EXE | Epson Status Monitor 3 for the Stylus CX7800 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus CX8300 Series | E_FATICEP.EXE | Epson Status Monitor 3 for the Stylus CX8300 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus CX8400 Series | E_FATICEA.EXE | Epson Status Monitor 3 for the Stylus CX8400 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus CX9300F Series | E_FATICFP.EXE | Epson Status Monitor 3 for the Stylus CX9300F Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus CX9400Fax Series | E_FATICFA.EXE | Epson Status Monitor 3 for the Stylus CX9400Fax Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus D68 Series | E_FATIAAE.EXE | Epson Status Monitor 3 for the Stylus D68 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus D78 Series | E_FATIBGE.EXE | Epson Status Monitor 3 for the Stylus D78 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus D88 Series | E_FATIABE.EXE | Epson Status Monitor 3 for the Stylus D88 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus DX3800 Series | E_FATIACE.EXE | Epson Status Monitor 3 for the Stylus DX3800 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus DX4000 Series | E_FATIBEE.EXE | Epson Status Monitor 3 for the Stylus DX4000 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus DX4400 Series | E_FATICAE.EXE | Epson Status Monitor 3 for the Stylus DX4400 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus DX4800 Series | E_FATIADE.EXE | Epson Status Monitor 3 for the Stylus DX4800 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus DX5000 Series | E_FATIBVE.EXE | Epson Status Monitor 3 for the Stylus DX5000 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus DX6000 Series | E_FATIBIE.EXE | Epson Status Monitor 3 for the Stylus DX6000 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus DX7000F Series | E_FATIBKE.EXE | Epson Status Monitor 3 for the Stylus DX7000F Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus DX7400 Series | E_FATICDE.EXE | Epson Status Monitor 3 for the Stylus DX7400 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus DX8400 Series | E_FATICEE.EXE | Epson Status Monitor 3 for the Stylus DX8400 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus Photo 1400 Series | E_FATIBUA.EXE | Epson Status Monitor 3 for the Stylus Photo 1400 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus Photo 2200 | E_S10IC2.EXE | Epson Status Monitor 3 for the Stylus Photo 2200 printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus Photo 825 | E_S10IC2.EXE | Epson Status Monitor 3 for the Stylus Photo 825 printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus Photo 925 | E_S10IC2.EXE | Epson Status Monitor 3 for the Stylus Photo 925 printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus Photo R1800 | E_FATI9LA.EXE | Epson Status Monitor 3 for the Stylus Photo R1800 printer - for monitoring printer status, checking ink levels, etc, etc | No |
| U | EPSON Stylus Photo R200 Series | E_S4I0H2.EXE | Epson Status Monitor 3 for the Stylus Photo R200 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus Photo R220 Series | E_S6I2I1.EXE | Epson Status Monitor 3 for the Stylus Photo R220 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus Photo R220 Series | E_FATIAIE.EXE | Epson Status Monitor 3 for the Stylus Photo R220 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus Photo R240 Series | E_FATIAHE.EXE | Epson Status Monitor 3 for the Stylus Photo R240 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus Photo R2400 | E_FATI9SA.EXE | Epson Status Monitor 3 for the Stylus Photo R2400 printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus Photo R2400 | E_FATI9SE.EXE | Epson Status Monitor 3 for the Stylus Photo R2400 printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus Photo R260 Series | E_FATIBNA.EXE | Epson Status Monitor 3 for the Stylus Photo R260 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus Photo R280 Series | E_FATICKA.EXE | Epson Status Monitor 3 for the Stylus Photo R280 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus Photo R285 Series | E_FATICKE.EXE | Epson Status Monitor 3 for the Stylus Photo R285 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus Photo R300 Series | E_S4I2F1.EXE | Epson Status Monitor 3 for the Stylus Photo R300 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus Photo R300 Series | E_S10IC2.EXE | Epson Status Monitor 3 for the Stylus Photo R300 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus Photo R300 Series | E_S4I0F2.EXE | Epson Status Monitor 3 for the Stylus Photo R300 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus Photo R320 Series | E_FATI9FA.EXE | Epson Status Monitor 3 for the Stylus Photo R320 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus Photo R340 Series | E_FATIAJE.EXE | Epson Status Monitor 3 for the Stylus Photo R340 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus Photo R380 Series | E_FATIBOA.EXE | Epson Status Monitor 3 for the Stylus Photo R380 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus Photo R800 | E_FATI9YE.EXE | Epson Status Monitor 3 for the Stylus Photo R800 printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus Photo RX420 Series | E_FATI9CE.EXE | Epson Status Monitor 3 for the Stylus Photo RX420 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus Photo RX430 Series | E_FATI9CP.EXE | Epson Status Monitor 3 for the Stylus Photo RX430 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus Photo RX500 | E_S4I2K1.EXE | Epson Status Monitor 3 for the Stylus Photo RX500 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus Photo RX530 Series | E_FATIAGP.EXE | Epson Status Monitor 3 for the Stylus Photo RX530 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus Photo RX600 | E_S4I2M1.EXE | Epson Status Monitor 3 for the Stylus Photo RX600 printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus Photo RX640 Series | E_FATIAME.EXE | Epson Status Monitor 3 for the Stylus Photo RX640 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus Photo RX680 Series | E_FATICJA.EXE | Epson Status Monitor 3 for the Stylus Photo RX680 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus Photo RX700 Series | E_FATI9IA.EXE | Epson Status Monitor 3 for the Stylus Photo RX700 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus Pro 4000 | E_S10IC2.EXE | Epson Status Monitor 3 for the Stylus Pro 4000 printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus Pro 7600 | E_S10IC2.EXE | Epson Status Monitor 3 for the Stylus Pro 7600 printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON Stylus SX200 Series | E_FATIEFE.EXE | Epson Status Monitor 3 for the Stylus SX200 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON SX100 Series | E_FATIEDE.EXE | Epson Status Monitor 3 for the SX100 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON TX100 Series | E_FATIEDP.EXE | Epson Status Monitor 3 for the TX100 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON WorkForce 30 Series | E_FATIEEA.EXE | Epson Status Monitor 3 for the WorkForce 30 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON WorkForce 500 Series | E_FATIEQA.EXE | Epson Status Monitor 3 for the WorkForce 500 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EPSON WorkForce 600 Series | E_FATIEKA.EXE | Epson Status Monitor 3 for the WorkForce 600 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | EpsonPhotoStarter | EPSON_PhotoStarter.exe | Only needed if you want to make full use of the capabilities of an Epson printer that included this | No |
| X | Eptr | nopdb.exe | Added by an unidentified WORM or TROJAN! | No |
| X | EQAdvice | EQAdvice.exe | NewAds1 adware | No |
| X | EQArticle | EQArticle.exe | EQArticle adware | No |
| ? | Equipmen | Equipmen.exe | ?? | No |
| U | Eraser | eraser.exe | Eraser - "an advanced security tool for Windows which allows you to completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns". This entry starts the Scheduler with Windows and provides a System Tray icon for on-demand access. Located in %ProgramFiles%\Eraser | Yes |
| U | eraser | eraser.exe | Part of Evidence Exterminator, 1st Evidence Remover and Evidence Destructor (and maybe others) - the same file for the same version being used by all programs. Security tools that ensure your security and privacy by destroying all hidden activity information on demand, according to a schedule or on each boot/shutdown. This entry provides System Tray access to the main program for on demand cleaning and is required if any automatic cleaning has been scheduled. Located in %ProgramFiles%\Evidence Exterminator, %ProgramFiles%\1st Evidence Remover, %ProgramFiles%\Evidence Destructor or maybe others | Yes |
| U | eraser.exe | eraser.exe | Part of Evidence Exterminator, 1st Evidence Remover and Evidence Destructor (and maybe others) - the same file for the same version being used by all programs. Security tools that ensure your security and privacy by destroying all hidden activity information on demand, according to a schedule or on each boot/shutdown. This entry provides System Tray access to the main program for on demand cleaning and is required if any automatic cleaning has been scheduled. Located in %ProgramFiles%\Evidence Exterminator, %ProgramFiles%\1st Evidence Remover, %ProgramFiles%\Evidence Destructor or maybe others | Yes |
| Y | eRecoveryService | check.exe | Now part of Acer Empowering Technology. "Acer eRecovery Management is a powerful utility that does away with the need for recovery disks provided by the manufacturer, and also acts as a versatile standalone backup and recovery manager". Whilst the exact purpose of this entry isn't known it runs and closes so leave it enabled in case it's required | Yes |
| U | eRecoveryService | Monitor.exe | Part of Acer Empowering Technology. "Acer eRecovery Management is a powerful utility that does away with the need for recovery disks provided by the manufacturer, and also acts as a versatile standalone backup and recovery manager" | No |
| U | eRecoveryService | eRAgent.exe | Part of Acer Empowering Technology. "Acer eRecovery Management is a powerful utility that does away with the need for recovery disks provided by the manufacturer, and also acts as a versatile standalone backup and recovery manager" | No |
| N | Ereg | reg32.exe | EReg is a software registration tool incorporated on products such as those by Broderbund, Connectix, Hewlett-Packard, The Learning Company, and Sierra. Needless to say you don't need it | No |
| X | erfgddfk | wind2ll2.exe | Added by the BEAGLE.CQ WORM! | No |
| X | erghgjhgdr | windlhhl.exe | Added by the BEAGLE.BG WORM! | No |
| X | erghgjhjgdr | windlhhl.exe | Added by the BEAGLE.BG or BEAGLE.BH or BEAGLE.BI or BEAGLE.BJ WORMS! | No |
| ? | erm | erm.exe | ?? | No |
| X | Eroca | Eroca.exe | Insider.i adware | No |
| X | eros.exe | eros.exe | Adult content dailler | No |
| X | ErrClean | SysRep.exe | ErrClean rogue system error and cleaning utility - not recommended. There are number of variants in this family sharing the same filename and user interface - see here | No |
| X | ErreurChasseur | SysRep.exe | ErreurChasseur, French rogue system error and cleaning utility - not recommended. A member of the ErrClean family | No |
| N | Error Nuker | ErrorNuker.exe | ErrorNuker registry cleaner - only required if you want the application to run a scan at startup. The program can be launched manually if required | No |
| X | Error Safe | ers.exe | ErrorSafe rogue system error and cleaning utility - not recommended | No |
| X | Error Safe Free | uers.exe | ErrorSafe rogue system error and cleaning utility - not recommended | No |
| X | ErrorFix | ErrorFix.exe | ErorrFix rogue system error and cleaning utility - not recommended, see here for a blog where a support person admits they lie in order to secure a sale | No |
| X | ErrorGuard | ErrorGuard.exe | ErrorGuard rogue spyware remover - not recommended, removal instructions here | No |
| X | errorhandler | errorhandler.exe | ErrorHandler adware | No |
| X | ErrorRepairTool | ErrorRepairTool.exe | ErrorRepairTool rogue system error and cleaning utility - not recommended | No |
| X | ErrorSafe | ers.exe | ErrorSafe rogue system error and cleaning utility - not recommended | No |
| X | ErrorSafeFree | UERS.exe | ErrorSafe rogue system error and cleaning utility - not recommended | No |
| X | ERS | ers_startupmon.exe | Part of the WinAntiVirus Pro 2006 rogue security software - not recommended | No |
| X | ERScw | ERScw.exe | Part of the ErrorSafe rogue system error and cleaning utility - not recommended | No |
| X | ERS_check | ers_startupmon.exe | Part of the WinAntiVirus Pro 2006 rogue security software - not recommended | No |
| X | ERS_Check | uwasers.exe | Part of the WinAntiSpyware 2006 and WinAntiSpyware 2007 rogue spyware removers - not recommended | No |
| X | erthegdr | windll2.exe | Added by the BEAGLE.CG WORM! | No |
| X | erthgdr | windll.exe | Added by the BEAGLE.AO or BEAGLE.AQ WORMS! | No |
| X | erthgdr | svc.exe | Added by the BEAGLE.BN or BEAGLE.BP WORM! | No |
| X | erthgdr2 | svc23.exe | Added by the BAGLE.CG WORM! | No |
| ? | ERTS0749 | ERTS0749.exe | IBM Warranty Notification - presumably it's a reminder to either register or that warranty is about to expire? | No |
| X | ertyuop | rttrwq.exe | Added by the AUTORUN-APA WORM! | No |
| U | ERUNT AutoBackup | AUTOBACK.EXE | ERUNT backup utility - when added to the user's startup folder automatically backs up the registry each time the system boots, resulting in numerous backups that can be restored | No |
| X | erwghjjrjt | ucbcg.exe | Added by the SMALL.CUL TROJAN! | No |
| U | ES Current Services | [FILE NAME].exe | 123Keylogger surveillance software. Uninstall this software unless you put it there yourself | No |
| Y | eSafe Protect | ESPWatch.exe | eSafe from Aladdin - internet security for gateway and E-mail servers | No |
| U | ESB | esb.exe | Easy Start Button - provides functionality on certain laptops that have additional keys. Not required unless you use the extra keys | No |
| Y | eScan Monitor | AVKWCTL9X.EXE | MicroWorld eScan antivirus | No |
| U | eScan Scheduler | avkserv.exe | MicroWorld eScan antivirus scheduler | No |
| U | eScan Updater | Trayicos.exe | MicroWorld eScan antivirus updater - allows users to automatically download updates and set the auto time interval for downloads | No |
| X | EScorcher | escorcher.exe | Part of eScorcher anti-virus software - responsible for performing virus checks and deletions. Used to collect information about the user and therefore treated as spyware - now the web-site is dead | No |
| N | ESFTP | esftp.exe | ESftp - FTP client for transfering files between a local PC and another remote computer | No |
| U | eSnips | ClientGW.exe | eSnips Client Gateway from eSnips | No |
| X | Esoh | Esoh123.exe | Added by the AGOBOT.FF WORM! | No |
| X | Especial | Deneca.bat | Added by the DELUZ VIRUS! | No |
| X | Esph | ortu.exe | PurityScan adware | No |
| N | ESPN BottomLine | bline.exe | ESPN BottomLine. "You can dock the BottomLine to the top or bottom of your screen or drag it around on your desktop, without even worrying about a browser. As long you keep the BottomLine running, you will continue to receive live scores and breaking news, and by clicking on any score or news item, you will be taken directly to the corresponding page on ESPN.com for a full break down." | No |
| ? | ESS Daemon | Essd.exe | Related to an ESS based soundacard. Is it required? | No |
| ? | essapm | essapm.exe | ESS Solo soundcard driver. Is it required? | No |
| Y | Essdc | essdc.exe | Related to an ESS Solo soundcard. Seems as though it's required | No |
| ? | ESSNDSYS | ESSNDSYS.EXE | Related to an ESS based soundacard. Is it required? | No |
| Y | ESSOLO | ESSOLO.exe | Sound card driver that re-instates itself every time it's removed | No |
| Y | esspk | esspk.exe | ESS Technology modem speaker driver file. Required to get on-line with this modem | No |
| U | EssSpkPhone | essspk.exe | ESS Technologies Call waiting, which gets installed by the drivers for V92 modems based on ESS Technologies chipsets | No |
| ? | eSupInit | eSupCmd.exe | Related to SupportSoft (aka Support.com) "Real-Time Service Management software". What does it do and is it required? | No |
| X | Esutityde | osutityde.exe | Added by the SDBOT.BQD WORM! | No |
| X | ETB Tester | etbtest.exe | Added by the RBOT-ABR WORM! | No |
| X | etbrun | elit***32.exe [* = random char] | EliteBar adware | No |
| U | eTCertManger | eTCrtMng.exe | eToken Certificate Manager from Aladdin Knowledge Systems, Inc. A USB-based authentication, providing strong user authentication and password management solutions | No |
| X | eth0 driver | exec.exe | Added by the SPYBOT-Z WORM! | No |
| N | Ethernet | tcaudiag.exe | 3Com NIC Installation/Diagnostic MFC application. Diagnostics may be run from the Start -> Programs | No |
| X | ethernet | airftp.exe | Added by a variant of the SDBOT WORM! | No |
| X | ethernet | msnger.exe | Added by a variant of the SDBOT WORM! | No |
| X | ethernet | msftp.exe | Added by the SDBOT.BXJ WORM! | No |
| X | ethernet adapter | csrmss.exe | Added by a variant of the RBOT WORM! | No |
| X | Ethernet Driver | cmsrrs.exe | Added by a variant of the RBOT WORM! | No |
| X | Ethernet Drivers | smrrs.exe | Added by the RBOT-AAK WORM! | No |
| X | Ethernet Drivers | ethernet.exe | Added by the GAOBOT.CEZ WORM! | No |
| X | Ethernet Linking | ethernet.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | Etraffic | JavaRun.exe | TopMoxie adware | No |
| Y | eTrust EZ Firewall | efpeadm.exe | eTrust EZ Firewall | No |
| U | eTrust PestPatrol Active Protection | PPActiveDetection.exe | PestPatrol real-time protection feature. "Stops spyware before it infects your system" | No |
| X | eTrust Realtime Monitor | realmon.exe | Added by the LAZAR.B TROJAN! | No |
| Y | eTrustCIPE | ezdsmain.exe | eTrust EZ Deskshield from Computer Associates. Protects against malicious email attachments and unauthorized use of email by detecting and blocking unusual behavior | No |
| X | eTunnel | winfw.exe | Added by an unidentified TROJAN! | No |
| U | Eudora | Eudora.exe | Eudora from Qualcomm allows you to receive and send Internet e-mails | No |
| X | EUP Service | eupsvc.exe | Added by the DELBOT-Q WORM! | No |
| U | EuroGlot | EuroGlot.exe | Euroglot - "multilanguage translating system, available in the languages Dutch, English, French, German, Spanish and Italian" | No |
| ? | Event Log | eventlog.exe | ?? | No |
| N | Event Planner Reminders | PLNRNote.exe | Part of Sierra/Hallmark Card Studio - System Tray notification of events such as birthdays and anniversaries that you've scheduled with the customizable Event Planner | No |
| N | Event Planner Reminders Tray Icon | PLNRnote.exe | Part of Sierra/Hallmark Card Studio - System Tray notification of events such as birthdays and anniversaries that you've scheduled with the customizable Event Planner | No |
| N | Event Reminder | pmremind.exe | Event reminder for calendar dates, etc from Broderbund PrintMaster. Disable using the program's own option (if available) or a startup manager as it will re-instate if disabled via MSConfig | No |
| X | EventApplicationCmd | smschk.exe | Added by the IRCBOT-AO TROJAN! | No |
| U | EVENTLISTENER | EvLstnr.exe | Used with a Nikon digital camera to recognize when the camera is plugged in | No |
| N | eventmgr | eventmgr.exe | Used with a Microtek scanner. Manages the scanner's button events. Available via Start -> Programs | No |
| X | eventwvr | eventwvr.exe | Added by the COSIAM_G TROJAN! | No |
| ? | EverioService | EverioService.exe | Related to the Cyberlink software supplied with JVC's Everio camcorders. What does it do and is it required? | No |
| U | EVGAPrecision | EVGAPrecision.exe | EVGA Precision overclocking utility - "allows you to fine tune your EVGA graphics card for the maximum performance possible, with Core/Shader/Memory clock tuning, real time monitoring support including in-game, Logitech Keyboard LCD Display support, and compatibility with almost all EVGA graphics cards." Also works with many other brands of NVIDIA GeForce based graphics cards | Yes |
| U | Evidence Cleaner | ecleaner.exe | Evidence Cleaner cleans up tracks left by your PC and Internet activities | No |
| N | Evidence Eliminator | ee.exe | Evidence Eliminator - cover the tracks of your browsing habits and E-mails if you think you need to. Run manually on a regular basis | No |
| X | Evil | Evil.exe | Added by the MYTOB.JM WORM! | No |
| N | evntsvc | evntsc.exe | Application Scheduler installed along with RealOne Player. Once installed, it runs independently of RealOne Player. See here for more information, including how to disable it. Also see evntsvc and Realsched. Note that eventsvc.exe no longer appears to be in a newer version. To disable "tkbell.exe" in the new version (1) Start RealOne Player (2) Tools -> Preferences (3) Automatic services in the Categories pane (4) Uncheck all options and then OK | No |
| U | EVOLOSTA | EVOLOSTA.EXE | Evolo Status Monitor for wireless network cards. Allows a user to enter a specific access-point mode SSID, peer-to-peer mode channel, link speed, WEP encryption options, and has enable/disable and rescan buttons. It is not needed if using Windows XP or higher, as they have this built-in to the control panel. Also, if the user is very sure that there is ONLY ONE network available to connect to, then they can remove this. If it is not in startup, and the user needs to run it, they can simply type EVOLOSTA in the Start -> Run dialog to run it | No |
| U | Evoluent Mouse Manager | EvoMouExec.exe | Mouse manager for Evoluent VertcialMouse | No |
| X | EvtHtm | evthtm.exe | Added by the DLUCA-EJ TROJAN! | No |
| U | EW Message Server | msg32.exe | Conexant (older versions are Brooktree) Wavestream Message Server - associated with Conexant based audio devices | No |
| N | eWare Startup | iWareStart.exe | eWare iWare task bar. Not required | No |
| Y | ewido | ewido.exe | System Tray access to and notifications for Ewido Anti-Spyware 4.0. Ewido is now part of AVG Technologies so this has been superseded by AVG Anti-Virus which includes Anti-Spyware | Yes |
| Y | ewido anti-spyware | ewido.exe | System Tray access to and notifications for Ewido Anti-Spyware 4.0. Ewido is now part of AVG Technologies so this has been superseded by AVG Anti-Virus which includes Anti-Spyware | Yes |
| X | Ewth | tasn.exe | PurityScan adware | No |
| X | ewupdater | ewupdater.exe | EasyWebSearch adware updater | No |
| X | example | [random filename].exe | Added by the NUCLEAR BACKDOOR! Note - this trojan file is located in %Windir%\NR | No |
| N | Excite Platform | Exlaunch.exe | Loads an Icon in the startup tray that allows you to receive service update notices for Excite@Home if you desire (note that since Excite@Home appears to be winding down this becomes irrelevant). May also allow you to kill the Excite Toolbar that automatically loads in Internet Explorer | No |
| ? | Excite Private Messenger Pipe | x8impipe.exe | ?? | No |
| N | ExciteAssistantEXE | ASSISTANT.EXE | With Excite Assistant, you can access a wide variety of online information, including email, news, and stock quotes without having to have a browser window open | No |
| X | exdl.exe | exdl.exe | BargainBuddy adware | No |
| X | exe lptt01 | exe.exe | RapidBlaster variant (in a "Exe" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here | No |
| X | exe ml097e | exe.exe | RapidBlaster variant (in a "Exe" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here | No |
| X | execfg4 | execfg4.exe | Added by the ELECTRON WORM! | No |
| X | ExecUser | ExecUser.exe | Added by a variant of the RBOT WORM! | No |
| ? | Execute | delfolders.exe | ?? | No |
| X | ExeName32 | Warm.scr | Added by the SCOLD WORM! | No |
| X | ExFilter | Rundll32.exe [path] cdnspie.dll, ExecFilter | CNNIC Update pest | No |
| ? | exgiwsl | exgiwsl.exe | ?? | No |
| U | Exif Launcher | Exiflaquickdcr.exe | USB mass storage driver used by some digital cameras such as the Fuji Finepix. Only required if you use it regularly | No |
| U | Exif Launcher | QuickDCF.exe | USB mass storage driver used by some digital cameras such as the Fuji Finepix. Only required if you use it regularly | No |
| U | ExitKiller | Ekiller.exe | Exit Killer - automatically closes pop-up windows in your browser | No |
| ? | exmon | hpimoniter.exe | Some kind of hp digital camera maybe or a photo smart connection probe? | No |
| X | Exn | exn.exe | Added by the IRCBOT.RJ WORM! | No |
| X | exo.exe | exo.exe | Added by the AGOBOT.ALD WORM! | No |
| X | exp1orer.exe | exp1orer.exe | Added by the DLOAD-FG TROJAN! Notice the digit "1" used in both the startup entry and filename, rather than a lower case "L" | No |
| X | Expatch | [random filename] | Added by the PWSLMIR-G TROJAN! | No |
| X | expcrt | [random filename] | Added by a variant of the SLAPER TROJAN! | No |
| X | ExpertAntivirus | ExpertAntivirus.exe | ExpertAntivirus rogue security software - not recommended, removal instructions here | No |
| X | EXPL0RE.EXE | EXPL0RE.EXE | Added by the POPNO-A TROJAN! Note that the filename is spelled using the digit "0" instead of the uppercase letter "o" | No |
| X | Expl0rer soft | expl0rer.pif | Added by the RBOT-AQR WORM! | No |
| X | expler | Updadv.exe | Added by the QQPASS-N TROJAN! | No |
| X | Explkw | expup.exe | Keywords hijacker | No |
| X | explord.exe | explord.exe | Added by the DLOADR-AYW TROJAN! | No |
| X | explore | explore.exe | Added by any number of VIRUSES, WORMS or TROJANS! | No |
| X | Explore | Explorer.exe | Added by the IRC.FLOOD.G BACKDOOR! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System% | No |
| X | Explore | explore.exe | Adult content dialler | No |
| X | explore manager | explore.exe | Added by the DONBOMB.A TROJAN! | No |
| X | explore.exe | Explore.exe | Added by the GRAYBIRD.G TROJAN! | No |
| X | exploreff.exe | exploreff.exe | Added by the FINFANSE TROJAN! | No |
| X | explorep.exe | explorep.exe | Added by the LINEAG-I TROJAN! | No |
| U | explorer | explorer.exe | Starts Windows Explorer. Unless this has been manually added to startups or added by another program it could be a virus such as PE_BISTRO or DVLDR or MYDOOM.C. Note that it is also not the explorer.exe task/service you'll see when via CTRL+ALT+DEL | No |
| X | explorer | wscript.exe [filename] | Sneaky way to start any VBS script. Many viruses use VBS files. Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted | No |
| X | Explorer | shellexpl.exe | Added by the SHELDOR TROJAN! | No |
| X | explorer | expl32.exe | Added by the RATSOU TROJAN! | No |
| X | Explorer | [path to worm] | Added by the AUTEX WORM! | No |
| X | Explorer | shellexp.exe | Added by the AGENT-ZY TROJAN! | No |
| X | EXPLORER | EXPL0RER.EXE | Added by the BEASTDO-Y TROJAN! Note the "0" in the filename rather than upper case "o" | No |
| X | EXPLORER | sys.exe | Added by the SILLYFDC-A TROJAN! | No |
| X | Explorer | config_.com | Added by the FLOPPY-D WORM! | No |
| X | Explorer | drv.exe | Added by the SMALL-FD TROJAN! | No |
| X | explorer | [path to trojan] | Added by the AGENT-EU TROJAN! | No |
| X | explorer | explorer.exe | Added by the KEYLOG-AK TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%\service | No |
| X | EXPLORER | EXPLORER.exe | Added by the NETHIEF-P TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%\ShellExt | No |
| X | explorer | explorer.exe | Added by the BLOCKEY-A TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%\config | No |
| X | explorer | Yinstall.exe | PurityScan/Clickspring adware | No |
| X | Explorer | Windows Explorer.exe | Added by the SILLYFDC-I WORM! | No |
| X | Explorer | explorar.vbs | Added by the DESKTO-A WORM! | No |
| X | Explorer | TXP1atform.exe | Added by the FUJACKS.CA VIRUS! | No |
| X | explorer | system.exe | Added by the AGENT-FI TROJAN! | No |
| X | Explorer | msrstart.exe | Added by the SOPICLICK TROJAN! | No |
| X | Explorer 2238 | [path to trojan] | Added by the AGENT-CPI TROJAN! | No |
| X | Explorer Loader | explr32.exe | Added by the AGOBOT.N WORM! | No |
| X | Explorer Loader | explorerl.exe | Added by the SDBOT-ADI WORM! | No |
| X | Explorer lptt01 | explorer.exe | RapidBlaster variant (in a "explorer" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here.Note - this is not the legitimate Windows Explorer (explorer.exe) which would not normally appear in Msconfig/Startup unless you added it manually! | No |
| X | EXPLORER MICROSOFT SYSTEM | explore.exe | Added by a variant of the RBOT WORM! | No |
| X | Explorer ml097e | explorer.exe | RapidBlaster variant (in a "explorer" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here.Note - this is not the legitimate Windows Explorer (explorer.exe) which would not normally appear in Msconfig/Startup unless you added it manually! | No |
| X | Explorer soft | explorer.pif | Added by the RBOT-APK WORM! | No |
| X | Explorer soft | explorer.com | Added by the RBOT-ARM WORM! | No |
| X | Explorer Updater | IEXPLORE.exe | Added by the SDBOT-WO WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System% | No |
| X | explorer.exe | explorer.exe | Added by the AGENT-EW or PWS-CY TROJANS! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System% | No |
| X | explorer.exe | explorer.exe | Added by the DELF-ACL TROJAN! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in the Program Files folder | No |
| X | Explorer.exe | csrss.exe | Added by the JUEGO-B WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %AppData%\Microsoft | No |
| X | Explorer32 | Expl32.exe | Added by the HACKTACK.B TROJAN! | No |
| X | Explorer32 | explorer6s4.exe | Added by the Downloader.Win32.Small.biq TROJAN! | No |
| X | Explorer32 | efsdfgxg.exe | Added by the CLICKER-Y TROJAN! | No |
| X | Explorer5 | config_.com | Added by the VB.CBG WORM! | No |
| X | Explorer6.1.EXE | Explorer.exe | Added by the MYDOOM.B WORM! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! | No |
| X | explorerf.exe | explorerf.exe | Added by the AGENT-GDZ TROJAN! | No |
| X | ExplorerRun | conime.exe | Added by the DLDR-G TROJAN! Note - this is not the legitimate Console IME process of the same filename which is located in %System%. This one is located in %Temp% | No |
| X | ExploreUpdSched | [random filename] | ZenoSearch adware | No |
| X | exporet | winset.exe | Added by the QQPASS-I TROJAN! | No |
| U | Express ClickYes | ClickYes.exe | "Express ClickYes is a handy tool that runs in the system tray automatically clicks the Yes button for the Outlook Security security prompt, that asks you to confirm mail sending from third party applications" | No |
| U | Exshow95 | EXSHOW95.exe | Support software for some of the Kensington mice. Provides access to extra features like those available with enhanced Logitech and MS devices | No |
| N | Extender Resource Monitor | RMSysTry.exe | Related to Windows Media Center from Microsoft | No |
| X | External Dependencies | External.exe | Added by the MYTOB.EC WORM! | No |
| U | ExtraDNS | ExtraDNS.exe | ExtraDNS - DNS configuration tool | No |
| N | ExtraFilmHemmaAgent | Agent.exe | ExtraFilm Photo Assistant | No |
| ? | Extranet AutoDial | AutoExt.exe | Nortel Networks Contivity Extranet Switching Software | No |
| ? | ExxtremeHelperDemon | exxdemon.exe | Creative Exxtreme graphics card related? | No |
| N | Eye Tide Launcher | oneeyetideone.exe | Nascar wallpaper | No |
| X | EYORE | Notepad.scr | Added by the GIMLET-A WORM! | No |
| Y | EZ Firewall | ca.exe | eTrust EZ Armor Internet Security | No |
| U | EZ-DUB Finder | EZ-DUB.exe | Support software for the Lite-On EZ-DUB external DVD writer from Lite-On IT Corporation | No |
| N | ezagent | ezagent.exe | EzVCR recording software for the ASUS TV FM card. Available via Start -> Programs | No |
| N | EzButton | EzButton.EXE | EZbutton is a quick launcher for the Media player app that comes with certain laptops | No |
| N | EZDesk | EZDESK.EXE | Utility that remembers icon locations for each user and resolution. Available here | No |
| U | EZEJMNAP | EzEjMnAp.Exe | EasyEject Utility for IBM/Lenovo Thinkpad notebooks. Quote: "The IBM ThinkPad EasyEject Utility makes removing multiple devices from your computer faster and easier by enabling you to stop more than one device at once, rather than stopping each device individually." Configuration and performing of EasyEject actions is available via Fn+F9 key combination on some models | Yes |
| N | EZEJTRAY | EZEJTRAY.EXE | System Tray access to the EasyEject Utility for IBM/Lenovo Thinkpad notebooks. Quote: "The IBM ThinkPad EasyEject Utility makes removing multiple devices from your computer faster and easier by enabling you to stop more than one device at once, rather than stopping each device individually." Configuration and performing of EasyEject actions is available via Fn+F9 key combination on some models | Yes |
| N | ezHelper | ezHelper.exe | Part of the ezPeer+ ezHelper music sharing program. | No |
| X | eZmmod | mmod.exe | eZula TopText adware | No |
| ? | EZNORUN | EZNORUN.EXE | Easy Internet related? | No |
| N | EzPrint | ezprint.exe | Lexmark Fast Pics - helps users of their printers to enhance, print and manage their photos quickly and easily | No |
| Y | ezPS_Px | ezSP_PxEngine.exe | Engine that allows PrimoDVD from Veritas (was Prassi) and Drag'n Drop CD from Easy Systems (and maybe others) to record and protects against other software overwriting the settings | No |
| Y | ezPS_Px | ezSP_Px.exe | Engine that allows PrimoDVD from Veritas (was Prassi) and Drag'n Drop CD from Easy Systems (and maybe others) to record and protects against other software overwriting the settings | No |
| Y | ezShieldProtector for Px | ezSP_Px.exe | Engine that allows PrimoDVD from Veritas (was Prassi) and Drag'n Drop CD from Easy Systems (and maybe others) to record and protects against other software overwriting the settings | No |
| Y | ezShieldProtector for Px | ezSP_PxEngine.exe | Engine that allows PrimoDVD from Veritas (was Prassi) and Drag'n Drop CD from Easy Systems (and maybe others) to record and protects against other software overwriting the settings | No |
| U | EZSMART App | ezsmart.exe | EZ-S.M.A.R.T. hard drive monitoring software from StorageSoft - appears to be no longer supported | No |
| U | EzTune | dthtml.exe | EzTune from Gateway. Rebranded version of Display Tune from Portrait Displays, Inc. - which "is the perfect software utility to initially set-up and adjust your display to achieve its optimum performance. All adjustments are made through a simple graphical user interface" | No |
| X | ezula | eZmmod.exe | eZula TopText adware | No |
| X | eZulaMain | eZulaMain.exe | eZula TopText adware | No |
| X | eZuluMain | eZuluMain.exe | Comes with "KaZaA" installation. Advertising Spyware. Not required but KaZaA won't work | No |
| X | eZWO | wo.exe | eZula TopText adware | No |
| U | E_S10IC2 | E_S10IC2.EXE | Epson Status Monitor 3 for the Stylus C44 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | E_S23 | E_SICN03.exe | Epson printer status monitor - for checking ink levels, etc. | No |
| U | E_S4I2F1 | E_S4I2F1.EXE | Epson Status Monitor 3 for the Stylus Photo R300 Series printer - for monitoring printer status, checking ink levels, etc | No |
| U | E_S4I2G1 | E_S4I2G1.EXE | Epson Status Monitor 3 for the Stylus CX5400 printer - for monitoring printer status, checking ink levels, etc | No |
| U | E_SOEIC1 | E_SOEIC1.exe | Epson Status Monitor 3 - for monitoring printer status, checking ink levels, etc | No |
| U | E_S[numbers] | [path] E_[various].EXE [path] E_S[numbers].tmp | Temporary entry related to Epson Status Monitor 3 for their range of printer and AIO devices - for monitoring printer status, checking ink levels, etc | No |
| X | f | ftkclean.exe | FlashEnhancer adware | No |
| U | F-PROT Antivirus Tray application | FProtTray.exe | System Tray access to F-PROT Antivirus | No |
| X | F-Secure 2005 | svchost.exe | Added by the BIFROSE-CH TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| Y | F-Secure 2006 | fspex.exe | F-Secure Anti-Virus automatic updater | No |
| X | F-Secure Gatekeeper | [malware name].exe | Added by the NUWAR.AXQ WORM! | No |
| U | F-Secure Management Agent | FSMA32.EXE | F-Secure antivirus - F-Secure Policy Manager provides tools for administering F-Secure software products | No |
| Y | F-Secure Manager | FSM32.EXE | F-Secure antivirus - carry out scheduled virus scans automatically | No |
| Y | F-Secure Startup Wizard | FSSW.EXE | F-Secure antivirus | No |
| Y | F-Secure TNB | TNBUtil.exe | F-Secure antivirus | No |
| Y | F-StopW | F-StopW.exe | F-Prot anti-virus background scanner by F-Risk Software | No |
| U | f1Tray.exe | F1TRAY.EXE | System Tray icon for FusionOne's MightyPhone software. "MightyPhone is a concept for wirelessly synchronizing the data on your mobile phone with your web-based or PC based organizer" | No |
| ? | f23mxins | f23mxins | Related to the now discontinued ATI Fire GL3 graphics card. What does it do and is it required? | No |
| X | f2install.exe | f2install.exe | Added by the IEFEAT-I TROJAN! | No |
| U | F5D7050v3 | Belkinwcui.exe | Wireless configuration utility for the Belkin F5D7050 Wireless G USB Adapter | No |
| U | F5D8001 | Belkinwcui.exe | Wireless configuration utility for the Belkin F5D8001 N1 Wireless Desktop Card | No |
| U | F5D8011 | Belkinwcui.exe | Wireless configuration utility for the Belkin F5D8011 N1 Wireless Notebook Card | No |
| U | F5D8055v1 | Belkinwcui.exe | Wireless configuration utility for the Belkin F5D8055 Wireless N+ USB Adapter | No |
| U | F5D8071 | Belkinwcui.exe | Wireless configuration utility for the Belkin F5D8071 N1 Wireless ExpressCard | No |
| U | F5D9010 | Belkinwcui.exe | Wireless configuration utility for the Belkin F5D9010 Wireless G+ MIMO USB Network Adapter | No |
| U | F5D9050 | Belkinwcui.exe | Wireless configuration utility for the Belkin F5D9050 Wireless G+ MIMO USB Network Adapter | No |
| X | f607 | f607.exe | Added by the URAT.B TROJAN! | No |
| X | f73cdc8ee94e | btsendto.exe | Associated with mysearchnow.com/searchbar.html | No |
| X | f94mggfhfghodftdf | [path to trojan] | Added by the SMALL.JHZ TROJAN! | No |
| U | Fabrik Ultimate Backup Status | fabrikhomestat.exe | Status monitor for Fabrik Ultimate Backup from Fabrik Inc. "No matter what happens to the drive on your desk - a spilled drink, a curious toddler, a theft or a natural disaster - you know your files are still safe and secure on Fabrik Ultimate Backup's off-site servers" | No |
| X | FaltCheck | allps.exe | Added by the AGENT.RAP TROJAN! | No |
| U | FamilyKeyLogger | cisvc.exe | Family Keylogger keystroke logger/monitoring program - remove unless you installed it yourself! Located in %ProgramFiles%\FamilyKeyLogger | No |
| X | Fantasia injector | wincfg.exe | Added by the AGOBOT.US WORM! | No |
| ? | fapmon | fapmon.exe | Fair Access Policy monitor for DirecPC/DirecWay internet access | No |
| X | farkrish | farkrish.exe | Added by a variant of the Storm/Nuwar/Zhelatin WORM! See here for an example | No |
| X | farmmext | farmmext.exe | VX2.Transponder parasite updater/installer related | No |
| X | Fash | Fash.exe | Unidentified adware | No |
| X | faslkakj11 | kjgagklj11.exe | Added by the LEGMIE-ARE TROJAN! | No |
| N | fast | fast.exe | Installs as part of Windows XP PowerToys as an option for very-fast user switching (allowing a keystoke to switch users instead of using the login screen). It is only used for the hot-key switch and yet it hogs 1.5 megs of memory in two separate processes (one run by the user & one by the system). Optional install in PowerToys | No |
| X | Fast Antivirus 2009 | FastAV.exe | Fast Antivirus rogue security software - not recommended, removal instructions here | No |
| N | FAST Defrag | FAST2.EXE | FastDefrag defragmenting software | No |
| X | Fast Home | svcnvt.exe | Detected by Kaspersky as the DELF.KS TROJAN! This file may be found in the System folder on 9x machines, however as of this writing it has only been seen in the System32 folder | No |
| X | Fast Search | svcnv.exe | Homepage, Startpage hijacker. Possible variant of Trojan-Downloader.Win32.Delf | No |
| X | Fast start | Ntut.exe | Adware - deteced by Kaspersky as the FAVADD.I TROJAN! | No |
| X | Fast start | svcnt.exe | Adware - detected by Kaspersky as a variant of the FAVADD TROJAN! | No |
| U | FastCache | fc.exe | FastCache from AnalogX - speeds up browsing by resolving DNS requests locally | No |
| X | FastDownloads | rundll32.exe MSA64CHK.dll,DllMostrar | MatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System% | No |
| X | fastsmell | fastsmell.exe | Added by a variant of the Storm/Nuwar/Zhelatin WORM! See here for an example | No |
| X | FastStart | ntnut32.exe | Added by the STARTPAGE.L TROJAN! | No |
| X | FastStart | svcnut.exe | Browser hijacker - a variant of the STARTPAGE.L TROJAN! | No |
| X | FastStart | svcnut32.exe | Browser hijacker - a variant of the STARTPAGE.L TROJAN! | No |
| N | FastTrack Accelerator | SPEED UP.EXE | FastTrack Accelerator - "speedup" utility for programs that use the FastTrack network such as KaZaA Media Desktop, Grokster and Morpheus | No |
| X | FASTTRACKNETVISION | NETVISION.exe | DialCar-Z premium rate dialer | No |
| U | FastTVSync | FastTVSync.exe | Part of InterVideo (now Corel) DVD Copy - "fast DVD copying and file conversion software. In just three steps, you can copy videos to most DVD formats, or convert them for smooth, flawless viewing on your PSP® or iPod®. With broad format support and unique CopyLater™ technology, DVD Copy saves you time and ensures high-quality output like no other copying software" | No |
| N | FastUser | fast.exe | Installs as part of Windows XP PowerToys as an option for very-fast user switching (allowing a keystoke to switch users instead of using the login screen). It is only used for the hot-key switch and yet it hogs 1.5 megs of memory in two separate processes (one run by the user & one by the system). Optional install in PowerToys | No |
| N | FastUsr | fast.exe | Installs as part of Windows XP PowerToys as an option for very-fast user switching (allowing a keystoke to switch users instead of using the login screen). It is only used for the hot-key switch and yet it hogs 1.5 megs of memory in two separate processes (one run by the user & one by the system). Optional install in PowerToys | No |
| X | Fat32 Microsoft | fat32.exe | Added by the RBOT-EL WORM! | No |
| U | FatPipe | DHCP | Software enabling high speed internet browsing (2-4 times faster) and internet connection sharing for up to 5 users | No |
| U | Fatpipe Dialer | fpdialer.exe | Dailler for Fatpipe - software enabling high speed internet browsing (2-4 times faster) and internet connection sharing for up to 5 users | No |
| U | fatrecov | fatrecov.exe | SCKeyLog.j keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| U | FavoriteSync | FavoriteSync.exe | FavoriteSync keeps the same set of Internet Explorer Favorites on several computers in sync | No |
| U | FaxCenterServer | fm3032.exe | FaxMan integrates complete fax send and receive support into Windows applications without requiring additional fax software. Incorporated into software by Lexmark, MCI, Lotus, My Software, Broderbund, Traffic Software and many others | No |
| U | FaxCenterServer4_in_1 | fm3032.exe | FaxMan integrates complete fax send and receive support into Windows applications without requiring additional fax software. Incorporated into software by Lexmark, MCI, Lotus, My Software, Broderbund, Traffic Software and many others | No |
| U | FaxCtrl.exe | ASMediaProxyServer.exe | Part of Avaya's Contact Center Express - "a multi-channel, high-volume software solution from Avaya designed specifically for the intelligent routing and computer telephony integration (CTI) needs of medium-sized contact centers" | No |
| N | FaxTalk CallControl 6.0 | FTClCtrl.EXE | This allows the software to handle incoming and outgoing communications without requiring the FaxTalk Communicator application to be loaded into memory. Can be started manually | No |
| U | FBDirect | FBDirect.exe | Software that monitors the status of a Visioneer OneTouch scanner button and allows you to scan, fax, copy, print, and easily communicate by simply dragging and dropping scans on your PaperPort Desktop! | No |
| ? | FBI | FBISM.exe | Compaq related but what does it do? | No |
| X | FBSearch | FastBrowserSearchProtection.exe | Fast Browser Search/Search Guard Plus parasite - installed with "Make the Web Better" applications such as My Web Tattoo, My Face LOL and Google Easy Money Kit. See here and here for more information | No |
| X | FBSearch | SearchGuardPlus.exe | Fast Browser Search/Search Guard Plus parasite - installed with "Make the Web Better" applications such as My Web Tattoo, My Face LOL and Google Easy Money Kit. See here and here for more information | No |
| X | fc | runfc.exe | Added by the CAMPURF WORM! | No |
| X | FCEngine | FCEngine.exe | CASClient adware | No |
| X | FCHelp | FCHelp.exe | Added by either FCHelp adware or a variant of it | No |
| X | FCMan | FCMan.exe | FCHelp adware | No |
| X | Fdaemon security | fsecur.exe | Added by the SDBOT.KXO WORM! | No |
| X | FDD SYSTEM | Fdd.exe | Added by the MYTOB-FO WORM! | No |
| X | fddddHOME | dxxatp.exe | Added by the RANKY.AA TROJAN! | No |
| X | Fdr Command Module | sp2.exe | Added by the SDBOT.WP WORM! | No |
| X | FDriver | windrv.exe | Added by the DELF.WG TROJAN! | No |
| U | FD_SAP | FD.exe | Reported to be the autopassword program from the Sony Microvault thumb drive | No |
| X | FeCPY | fecpy.exe | FlashEnhancer adware | No |
| U | feedreader.exe | feedreader.exe | "Feedreader is a freeware Windows application that reads and displays Internet newsfeeds aka ATOM and RSS feeds based on XML" | No |
| X | feelalright | mirc.exe | Added by the IRCFLOOD-M WORM! | No |
| U | FEELitDeviceManager | feelitdm.exe | Associated with Immersion TouchSense devices (Logitech Wingman Force Feedback Mouse and possibly other peripherals) | No |
| X | fegoze | SVCH0ST.EXE | Added by the GRAYBIRD.D VIRUS! Note - the filename has the digit 0 rather then the uppercase "o" | No |
| U | Fellowes Proxy | R3proxy.exe | Installed with Fellowes EasyPoint mouse software. Not necessary for normal functioning of Fellowes mice but it is necessary to use the extended features of all Fellowes mice | No |
| X | Fen Startups | fensvc32.exe | Added by the RANDEX.CCF WORM! | No |
| X | Fenio Startups | fnesvc32.exe | Added by the AGOBOT-OS BACKDOOR! | No |
| U | FerrariWallPaper | FerrariWP.exe | Calendar that replaces the default desktop background image. It comes with every Acer Ferrari 3000 laptop. Also downloadable for members of www.ferrari.com | No |
| X | FestPlattenCleaner | SysRep.exe | FestPlattenCleaner, German rogue system error and cleaning utility - not recommended. A member of the ErrClean family | No |
| X | FestplattenReiniger | GDC.exe | FestplattenReiniger, German rogue privacy tool - not recommended. A member of the PCPrivacyTool family | No |
| X | ff | [path to worm] | Added by the RBOT-XL WORM! | No |
| X | ff | svhost32.exe | Added by the LINEAG-AFF TROJAN! | No |
| X | ffeqfqs | dqddss.exe | Added by the SDBOT-SG WORM! | No |
| X | ffeqOME | vcvsav.exe | Added by the RANKY.AB TROJAN! | No |
| X | ffis | ffisearch.exe | iSearch adware | No |
| Y | ffprsrv | ffprsrv.exe | File and Folder Privacy - is a "system security utility you can use to password-protect or hide your files and folders with a click of mouse. The program will always prompt to enter your access password when protection is enabled and a user is trying to access a protected file or folder". If this entry is disabled, any files/folders that are protected/hidden will no longer be accessible without first accessing the main program | Yes |
| Y | ffprsrv.exe | ffprsrv.exe | File and Folder Privacy - is a "system security utility you can use to password-protect or hide your files and folders with a click of mouse. The program will always prompt to enter your access password when protection is enabled and a user is trying to access a protected file or folder". If this entry is disabled, any files/folders that are protected/hidden will no longer be accessible without first accessing the main program | Yes |
| Y | ffpsrv | ffpsrv.exe | File & Folder Protector - "great easy-to-use password-protected security utility lets you password-protect certain files and folders, or to hide them securely from viewing and searching just with a click of mouse". If this entry is disabled, any files/folders that are protected/hidden will no longer be accessible without first accessing the main program | Yes |
| Y | ffpsrv.exe | ffpsrv.exe | File & Folder Protector - "great easy-to-use password-protected security utility lets you password-protect certain files and folders, or to hide them securely from viewing and searching just with a click of mouse". If this entry is disabled, any files/folders that are protected/hidden will no longer be accessible without first accessing the main program | Yes |
| U | FG1_00 | frntgate.exe | FrontGate MX - e-mail spam blocker | No |
| ? | fgl23DoubleScreenHooks | f23happ.exe | Related to the now discontinued ATI Fire GL3 graphics card. What does it do and is it required? | No |
| X | fGQEGqHOME | gwwgtp.exe | Added by the RANKY.J TROJAN! | No |
| X | FHPage | shdochp.exe | Added by the WINHOUND TROJAN! | No |
| X | FHStart | shdocsvc.exe | Added by the WINHOUND TROJAN! | No |
| U | Fhtisxk | fhtisxk.exe | XtraKeys keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| X | Fhzepgyi | HELLRAIDER.EXE | Added by the MINDCTRL.A BACKDOOR! | No |
| U | FieldForms Sync | SyncService.exe | Resco FieldForms. A solution for building of mobile forms that can be viewed or filled in on the run, on a wide range of mobile devices. Supports Microsoft Access databases, and provides for synchronization of other data as well | No |
| X | FiendlyType | csrss.exe | Added by the WEBUS TROJAN! Note - this is not the legitimate csrss.exe process which should not normally figure in Msconfig/Startup! | No |
| X | FILE | abcdefg.exe | Added by the KELVIR.DD WORM! | No |
| ? | file indexing service | msfindfile.exe | New version of MS FindFast and still a resource hog? | No |
| X | file laoder configuration | rnd32.exe | Added by the RBOT.BQJ WORM! | No |
| X | File Mapping Services | hp-1003.exe | Added by the RBOT.FAN WORM! | No |
| X | File Protection Monitor | filemon.exe | Added by a variant of the RBOT WORM! | No |
| X | File System | taskmqrs.exe | Added by a variant of the TOXBOT/CODBOT WORM! | No |
| X | File System | taskmqr.exe | Added by the RBOT.BWQ WORM! | No |
| X | File System Service | wmiprvsc.exe | Added by the AGOBOT-HZ TROJAN! | No |
| X | File-Sharing Wizard | shwizard.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | File0_0 | MD1.exe | Added by the DLOADER-OR TROJAN! | No |
| X | File1 | Dia Claro.htm | Added by the DLOADER-OR TROJAN! | No |
| X | FileFreedom_Plugin | wtm.exe | FileFreedom peer-to-peer sharing program | No |
| N | filehippo.com | UpdateChecker.exe | Checks for new releases available in the popular FileHippo.com repository for any software you may already have installed on your computer. Run manually when required | Yes |
| N | FileHippo.com Update Checker | UpdateChecker.exe | Checks for new releases available in the popular FileHippo.com repository for any software you may already have installed on your computer. Run manually when required | Yes |
| X | FileManager32 | Wscript.exe ChkMgr32.vbs | Added by the NOTUP.A WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted. The "ChkMgr32.vbs" file is located in %System% | No |
| X | filen | filen.exe | Added by the VBNAM-A WORM! | No |
| X | filename | filename.exe | Added by the VB.FSY TROJAN! | No |
| X | filename process | kerneldll.exe | Added by the AGOBOT-PO WORM! | No |
| X | filename process | explore.exe | Added by the AGOBOT-QN WORM! | No |
| X | filename process | Rundil16.exe | Added by the GAOBOT.ZX WORM! | No |
| X | FileSoft | Wscript.exe UpdataFiles.vbs | Added by the SST.B WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted. The "UpdataFiles.vbs" file is located in %Windir% | No |
| U | FilmLoop | FilmLoopService.exe | Related to FilmLoop - a photocasting network. Share your pictures with your family and friends | No |
| U | FilterGate | filtergate.exe | Filtergate internet filtering software - filters sounds, popup ads, background sound and other unnecessary website items | No |
| U | Filterguard | Filtrgrd.exe | An icon located in the lower left of the screen and looks like a lifesaver. This icon is a "short-cut" to access the basic features of SOS-Guardian, SOS-KidProof Lite, SOS Best Defense and SOS Pro such as Internet filtering utility. You can access this menu by "right-clicking" on the icon | No |
| X | FilterProgram | GDC.exe | FilterProgram rogue privacy tool - not recommended. A member of the PCPrivacyTool family | No |
| X | Find | find.exe | Added by the OPANKI WORM! | No |
| N | Find Fast | Findfast.exe | From older versions of MS Office - searches disk drives for Office file types and creates an index to make opening them easier. When indexing is in progress it can use lots of CPU time and memory - especially on slower/older machines | Yes |
| Y | Find Virus Launch Program | fvlaunch.exe | Part of Dr. Solomon's Antivirus | No |
| X | findfast | findfast.exe | Added by the DLOADER.PFR TROJAN! Note - the is not the legitimate file of the same name installed with older versions of MS Office | No |
| X | findfast.exe | findfast.exe | Identified as the RUNDIS.A TROJAN! Note - the is not the legitimate file of the same name installed with older versions of MS Office | No |
| X | FindHack | [path to worm] | Added by the KELVIR-BA WORM! | No |
| U | FinePrint Dispatcher v4 | fpdisp4a.exe | FinePrint Dispatcher - handles the spooling of print jobs to the FinePrint printer. Version 4.x of the software. "FinePrint saves ink, paper, time and money by controlling and enhancing printed output" | No |
| U | FinePrint Dispatcher v4 | fpdisp4.exe | FinePrint Dispatcher - handles the spooling of print jobs to the FinePrint printer. Version 4.x of the software. "FinePrint saves ink, paper, time and money by controlling and enhancing printed output" | No |
| U | FinePrint Dispatcher v5 | fpdisp5a.exe | FinePrint Dispatcher - handles the spooling of print jobs to the FinePrint printer. Version 5.x of the software. "FinePrint saves ink, paper, time and money by controlling and enhancing printed output" | No |
| N | FineReader7NewsReaderPro | AbbyyNewsReader.exe | ABBYY FineReader OCR software - version 7 | No |
| U | FingerPrintSoftware | fpapp.exe | Supports the fingerprint reader on selected IBM/Lenovo Thinkpad notebooks | No |
| X | Fire Wall services | [random filename] | Added by the IRCBOT-QY WORM! | No |
| X | Fire Wall services | wnlmzsfhobi.exe | Added by the IRCBOT-QY WORM! | No |
| ? | FireBox Control Panel | FireBox.exe | Control panel for the Presonus FireBox firewire based music recording system. Is it required? | No |
| X | FireExplore Update | FireExplore.exe | Added by a variant of the RBOT WORM! | No |
| X | FireFox | firefox.exe | Added by the RBOT-ATP WORM! Note - this is not the popular FireFox web browser and is located in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| X | Firefox Plugin Manager | firefoxpgm.exe | Added by the MSNPHOTO.E WORM! | No |
| X | FireFox Service Drivers | ssmss.exe | Added by a variant of the SDBOT WORM! | No |
| X | FireFox Startup Drivers | wuaclt.exe | Added by the RBOT.BYX WORM! | No |
| X | firefox.exe | firefox.exe | Added by the BANKER-EBO TROJAN! Note - this is not the popular FireFox web browser and is located in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| Y | FirePod | FIREPOD.EXE | Driver for the PreSonus FP10 (formerly FirePod) Firewire recording system | No |
| X | FiresWallservices | [random].exe | Added by the RBOT-FJT WORM! | No |
| X | Firevall Administrating | rndll.exe | Added by the PUSHBOT-B WORM! | No |
| X | firewal | firewal.exe | Added by the BANCBAN-QY TROJAN! | No |
| X | Firewall | wmlaunch .exe | Added by the ELIPTER.A or ELIPTER.B WORMS! Note the space at the beginning of the filename | No |
| X | Firewall | wmlaunch .exe | Added by the ELIPTER.D WORM! | No |
| X | Firewall | SP2 UPDATE.exe | Added by the ELITPER.E WORM! | No |
| X | Firewall | Firewall.bat | Added by the YPSAN.G WORM! | No |
| X | firewall | fw_304.exe | Added by the BDOOR-JQ BACKDOOR! | No |
| X | Firewall | ctfmon.exe | Added by a variant of the IRCBOT BACKDOOR! Note - this is not the legitimate ctfmon.exe process associated with alternate text inputs which is always located in %System%. This one is located in %Windir% | No |
| X | firewall | spoolsv.exe | Added by the DIZAN.F VIRUS! | No |
| X | firewall 2008 | logoneui.exe | Added by the SILLYFDC WORM! | No |
| X | Firewall auto setup | winlogon.exe | Added by the AGENT-EDB TROJAN! Note - this is not the legitimate winlogon.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Temp% | No |
| X | Firewall auto setup | [path to trojan] | Added by the AGENT-GLY TROJAN! | No |
| X | Firewall config | ReadMe.exe | Added by the SILLYFDC.BBT WORM! | No |
| X | Firewall Controls | sys32.exe | Added by the SDBOT-DGI WORM! | No |
| X | Firewall Policy | MidiDef32.exe | Added by the PIEBOT-A TROJAN! | No |
| X | Firewall Sp2 system | sys32Conf.exe | Added by the RBOT-ABT WORM! | No |
| X | Firewall Update System1 | WinedowsUpdater1.exe | Added by the RBOT-ARU WORM! | No |
| X | Firewall Updater | msnupdateit.exe | Added by the RBOT-AAQ WORM! | No |
| X | Firewall.exe | Firewall.exe | Added by the AGENT.AGL BACKDOOR! Located in %System% | No |
| Y | FireWall.exe | FireWall.exe | Ashampoo® Firewall PRO and Ashampoo® Firewall FREE from Ashampoo GmbH & Co. KG. Located in an Ashampoo related sub-directory of %ProgramFiles% | Yes |
| X | FirewallActivies | csrss.exe | Added by the BANKER-AQ TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "3041" subfolder | No |
| Y | FirewallGUI | FirewallGUI.exe | System Tray access to PC Tools Firewall Plus from PC Tools - which "is a powerful personal firewall for Windows that protects your computer from intruders and controls the network traffic in and out of your PC" | Yes |
| U | FirewallStartup | Firewallstartup.exe | Innovative Startup Firewall - "designed to protect your computer from programs that install themselves in the StartUp area of your Windows without asking for your approval. Innovative StartUp Firewall will help you keep your computer clean, fast and in it's best shape" | No |
| X | FirewallSvr | FirewallSvr.exe | Added by the NETSKY.X or NETSKY.Y WORMS! | No |
| X | firewall_anti | firewall_anti.exe | Added by the NETDENY-B TROJAN! | No |
| X | FireWire Driver | samx.exe | Added by the SDBOT.AE WORM! | No |
| X | FireWire Service | nvscv32.exe | Added by a variant of the SDBOT WORM! | No |
| X | FireWire Services | nvcsv32.exe | Added by a variant of the SPYBOT WORM! | No |
| X | First Home Page | http://find.naupoint.com | Naupoint browser hijacker | No |
| ? | First Principle Group | fpg.exe | Related to the E-Players Card from First Principle Group | No |
| X | FIX | WinFIX1.0.vbs | Added by the GORMLEZ-A WORM! | No |
| X | Fix Tool | Fix-Tool.exe | Fix Tool rogue system error and cleaning utility - not recommended | No |
| Y | Fix-it | mxtask.exe | Part of Ontrack's Fix-it Utilities Suite. Loads a System Tray icon that lets you access the full program. Needed if you run the crash guard, intellicluster, anti-virus, or autoupdater. Otherwise not required | No |
| Y | Fix-it AV | memcheck.exe | Part of Ontrack's Fix-it Utilities Suite anti-virus. Performs a quick check of memory for signs of any virus. Exits afterward and returns all resources used in one user's experience. Not required but could be left without a drain on resources | No |
| X | Fixnice | vcvw.exe | Added by the SDBOT TROJAN! | No |
| X | fjdslssdfd | mat2.exe | Added by the SLAPEW.C TROJAN! | No |
| U | FjMenu | FjMenu.exe | From the "Fujitsu Menu" tray icon you have instant access to the Control Panel, Tablet pc keyboard, Tablet and pen settings, Fujitsu display controls, brightness control, sounds and audio devices, capture screen, capture window, organize favorites, power options, printers and faxes, LCD brightness MIN, LCD brightness MAX, Enable/disable Button Panel and the Fujitsu menu settings, which are customizable | No |
| U | FJTWAIN Setup | FjtwSetup.exe | Fujitsu scanner utility | No |
| N | FJUPDNV_Chitose | fjdvrupd.exe | Driver update for a Fujitsu Siemens Lifebook laptop | No |
| X | FKS v2.0 | msngr.exe | Added by an unidentified WORM or TROJAN! | No |
| N | fkSysMon | fksysmon.exe | fkWrae SysMon - system monitor - "displays the current memory consumption, CPU and resource usage, date, time, Windows uptime, IP address and a lot more" | No |
| X | FlaCPY | flacpy.exe | FlashEnhancer adware | No |
| X | Flash Driver | [path to trojan] | Added by the AGENT.CWVT TROJAN! | No |
| X | Flash Media | %%%%%.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Flash Media | %%%.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Flash Media | [path to trojan] | Added by the IRCBOT.AUR TROJAN! | No |
| X | Flash Media | ^ ^^^ %% % ^% ^%%^ %^ .exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| X | Flash Media | ^^% ^ %%% %^%%%^%%^%^% % ^^%% % %^^^^ ^%%^%% .exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| X | Flash Media | ^^^^^.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Flash Media | ^^^^^^.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Flash Media | services.exe | Added by a variant of the IRCBOT BACKDOOR! See here. Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Temp% | No |
| X | Flash Media | zrpk��'�'%''msn'�%'fix''.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| X | Flash Media | % ^% ^^^ %^% %% ^ ^ %%% ^% %^ % %^^.exe | Added by a variant of the IRCBOT BACKDOOR! Note the space at the beginning of the filename | No |
| X | Flash Media | ^%%^%%%^% %^ ^ .exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| X | Flash Media | %^^%^^% %^^^^ .exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| X | Flash Media | ^%^^^%% ^ ^ %^^^^^ %^ ^%^^ ^%^^^^^ %^ ^^^%^%%.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| X | Flash Media | %^% ^ %^%% ^ % ^%%^^ %^^%^%^ ^%% %^.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| X | Flash Media | %%%%%%^^ ^ .exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| X | Flash Media | skxs��'�'%''msn'�%'fix''.exe | Added by the AGENT.ZOY TROJAN! | No |
| X | Flash Media | ^ %%^%^%.exe | Added by the FLUSH.A TROJAN! Note the space at the beginning of the filename | No |
| X | Flash Media | %% % ^^ % %% ^%^^ ^^^ % ^%% ^ ^.exe | Added by a variant of the IRCBOT BACKDOOR! See here. Note the space at the beginning of the filename | No |
| X | Flash Media | ^ ^ % ^ % % ^ ^ ^%% ^% %%^^.exe | Added by the IRCBOT.BAW BACKDOOR! | No |
| X | Flash Player2 | [path to worm] | Added by the IRCBOT.PD WORM! | No |
| ? | FLASH32 | -flash32.exe | ?? | No |
| X | Flash32 | FLASH32.COM | Added by the STARTER-F TROJAN! | No |
| U | FlashEnc | FlashEnc.exe | Supplied with EasyDisk USB pen devices. The utility manages the encryption and compressed folders options. It will create these folders if running on the USB key without permission, which is a pain. No need for it if you do not want these features | No |
| N | Flashget | FlashGet.exe | FlashGet download manager | No |
| X | Flashget Download Manager | Flashget.exe | Added by the RBOT-AGZ WORM! | No |
| X | FlashGuard | FlashGuard.exe | Added by the AUTOIT.AL WORM! | No |
| U | FlashMute | FlashMute.exe | "FlashMute is a tool which allows you to mute/unmute Flash Movies loaded in a browser exclusively, or alternatively all sounds produced by the browser" | No |
| N | FlashPath Monitor | SDSTAT.EXE | System Tray icon that you can't get rid of - and does not need to run!. Tells you the battery status in the floppy disk adapter for the smartmedia cards. Available via Start -> Programs | No |
| N | FlashPath Monitor | FLSHSTAT.EXE | System Tray icon that you can't get rid of - and does not need to run!. Tells you the battery status in the floppy disk adapter for the smartmedia cards. Available via Start -> Programs | No |
| N | FlashPath Status | SDSTAT.EXE | System Tray icon that you can't get rid of - and does not need to run!. Tells you the battery status in the floppy disk adapter for the smartmedia cards. Available via Start -> Programs | No |
| N | FlashPath Status | FLSHSTAT.EXE | System Tray icon that you can't get rid of - and does not need to run!. Tells you the battery status in the floppy disk adapter for the smartmedia cards. Available via Start -> Programs | No |
| X | Flashy Bot | Flashy.exe | Added by the GLUPZY.A WORM! | No |
| X | Flash_Player_Install | ying.exe | Constructor VC2000 malware | No |
| X | FlenCPY | flencpy.exe | FlashEnhancer adware | No |
| U | Flexicd | Flexicd.exe | CD player - part of the Win95 Power Toys | No |
| U | FlingRun | fling.exe | Fling - free FTP software from NCH Software | No |
| U | FLMBROWSERMOUSE | mouse32A.exe | Mouse utility for a Trust brand (and possibly others) mouse. If you disable this entry you will not be able to use any of the non-standard functions of the mouse | No |
| U | FLMK08KB | MMKEYBD.EXE | Multimedia keyboard manager. Required if you use the additional keys | No |
| U | FLMK08KB | KbdAp32A.exe | Keyboard utility for a Medion brand (and possibly others) keyboard. If you disable this entry you will not be able to use any of the keyboard hotkeys or other non-standard functions on the keyboard | No |
| U | FLMLABTECMOUSE | mouse32A.exe | Mouse utility for a Labtec brand (and possibly others) mouse. If you disable this entry you will not be able to use any of the non-standard functions of the mouse | No |
| U | FLMMEDIONMOUSE | mouse32a.exe | Mouse utility for a Medion branded Fellowes mouse | No |
| U | FLMOFFICE4DMOUSE | moffice.exe | Mouse utility for a Labtec brand (and possibly others) mouse. If you disable this entry you will not be able to use any of the non-standard functions of the mouse | No |
| U | FLMOFFICE4DMOUSE | mouse32a.exe | Mouse utility for a Micro Innovations brand (and possibly others) mouse. If you disable this entry you will not be able to use any of the non-standard functions of the mouse | No |
| U | FLMTRUSTKB | KbdAp32A.exe | Keyboard utility for a Trust brand keyboard. If you disable this entry you will not be able to use any of the keyboard hotkeys or other non-standard functions on the keyboard | No |
| U | FLMTRUSTMOUSE | mouse32a.exe | Mouse utility for a Trust brand (and possibly others) mouse. If you disable this entry you will not be able to use any of the non-standard functions of the mouse | No |
| X | FlnCPY | flncpy.exe | FlashEnhancer adware | No |
| X | FLooDNeT | FLooDeR.exe | Added by the ENDOOL TROJAN! | No |
| X | Floppy Master | [path to trojan] | Added by the ZONIT-F TROJAN! | No |
| ? | Flow Go TV | flogotv.exe | ?? | No |
| X | flps | flps.vbs | Added by the BYRON WORM! | No |
| X | flpycntl | flpycntl.exe | Added by the CRYPTER.C TROJAN! | No |
| ? | FLSVCI | FLSVCI.exe | ?? | No |
| Y | FltProcess | msinet.exe | Part of Cyber Patrol internet filtering software to restrict access to certain types of material on the internet. It can be disabled but do not ask how it's done | No |
| X | FlyswatDesktop | flydesk.exe | Advertising spyware | No |
| U | FmctrlTray | Fmctrl.EXE | Genius SM-Live Control Panel. Enhances audio output through Genius sound cards (makes a big difference and worth the 3MB Ram used) | No |
| X | fmnwebassist | fmnwebassist.exe | Adware popup generator | No |
| U | FMStart | Fmstart.exe | GFI FAXmaker - native fax connector for Microsoft Exchange Server or for networks, allows all users to send and receive faxes right from their desktop | No |
| X | FMSZ | fmsz.exe | Added by the FMSZ TROJAN! | No |
| X | fnmwebassist | fnmwebassist.exe | WinPL adware | No |
| ? | Focus | Focus.exe | ISDN configuration wizard? | No |
| X | Folder Service | wssdtu.exe | Added by the MANIFEST TROJAN! | No |
| U | Folder View | folderview.exe | Folder View enhances the Windows file Explorer by making all folders you need available in a single click | No |
| U | FolderClone v*.*.* | folderclone.exe | Folderclone backup and synchronization software | No |
| X | FolderRaper | [path to worm] | Added by the VB.GOZ WORM! | No |
| U | FolderShare | FolderShare.exe | "FolderShare allows you to create a private peer-to-peer network that will help you to synchronize files across multiple devices and access or share files with colleagues and friends" | No |
| N | Folding@home | WINFAH.EXE | Folding@Home is a distributed computing project which studies protein folding, misfolding, aggregation, and related diseases - must be running in order to access the internet to upload to the servers. Available via Start -> Programs | No |
| N | FoneSyncSystemTray | FoneSyncSystemTray.exe | System Tray icon for Nokia FoneSync utility for the 7160/7190 mobiles. Useful to send data from/to the cell phone and the computer. You can use it to backup data or even to input data through the computer keyboard (which naturally is much more comfortable). Run manually when required | No |
| X | Font Viewer | fontviewer.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | FontFix | fontfix.exe | Added by an unidentified VIRUS, WORM or TROJAN! | No |
| N | fontnav | FontNav.exe | Font Navigator from Bitstream Inc. - a font management utility | No |
| X | FontsLoader | ldfnt32.hta | Unidentified malware | No |
| X | FONTVIEW | FONTVIEW.EXE | Added by the OPASERV.T WORM! | No |
| U | FooBar 1.0 | FooBar.exe | FooBar - "combines fifteen high-quality productivity tools in a single toolbar that floats on your desktop or runs in the Windows task bar" | No |
| X | foobin lptt01 | adaware.exe | RapidBlaster variant (in a "foo1" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here | No |
| X | foobin ml097e | adaware.exe | RapidBlaster variant (in a "foo1" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here | No |
| X | fool | fool.exe | Added by the SILLYFDC.BCV WORM! | No |
| Y | FoolProof | fpwinldr.exe | FoolProof Security PC security software from SmartStuff | No |
| Y | FoolProofSweep | ?? | Part of FoolProof Security PC security software from SmartStuff | No |
| N | Forbes | ForbesAlerts.exe | Forbes Business News Alerts - displays business news headlines in a little window on the screen | No |
| X | ForceShow | rundll32.exe QaBar.dll, ForceShowBar | AdultLinks.QBar parasite related! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "QaBar.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| N | Forget Me Not | AGRemind.exe | Calendar reminder part of Broderbund's American Greetings® CreataCard® | No |
| U | forteManager | dthtml.exe | forteManager from LG. Rebranded version of Display Tune from Portrait Displays, Inc. - which "is the perfect software utility to initially set-up and adjust your display to achieve its optimum performance. All adjustments are made through a simple graphical user interface" | No |
| Y | FortiClient | FortiClient.exe | Fortinet security systems are the new generation of real time network protection systems | No |
| U | Fortis Secure Layer Config | cseinst.exe | Fortis Bank Home Banking part. Installed during the installation of the software necessary to run the Home Banking. According to Fortis Bank this will not in any way be harmful to the system or relay system information | No |
| X | fotos | fotos.exe | Added by the BANKER-FP TROJAN! | No |
| N | FotoStation Easy AutoLaunch | FotoStation Easy AutoLaunch.exe | Installed with a Nikon digital camera. Used to collect photos uploaded from camera program NkVwMon.exe. If your camera is not connected (via USB port) you do not need this program loaded either | No |
| U | Foul PX | FoulPX.exe | Foul PX, Optusnet usage stat checker | No |
| U | FourthDay | FourthDay.exe | The Fourth Day - "astronomical clock and almanac for your system tray" | No |
| X | FoWilCo | fowilco.exe | Added by the WOOTBOT.CR WORM! | No |
| X | foxdh | foxdhend.exe | Added by the MENGHUAN TROJAN! | No |
| X | foxdh | foxdh.exe | Added by the GWGHOST-Q TROJAN! | No |
| X | foxrxjh | foxrxjh.exe | Added by the GWGHOST-T TROJAN! | No |
| X | foxwudy9912 | service.exe | Added by the BANCOS-BT TROJAN! | No |
| Y | FP Loader | loadfp.exe | FoolProof Security - PC security software from SmartStuff | No |
| N | fpassist | fpassist.exe | Part of FreePDF (was FreePDF XP) - a utility used to create Adobe compatible PDF files from virtually any Windows application. This executable needs to be running when you want to send a printer output to a PDF file via the FreePDF virtual printer | Yes |
| ? | FPWGMWZD | FPWGMWZD.exe | ?? | No |
| N | Fpx | mnmsrvc.exe | Remote Desktop Sharing service part of Microsoft's Netmeeting allowing users to share items on their screens across remote locations | No |
| X | fqor | stub_113_4_0_4_0.exe | TargetSaver adware | No |
| X | FrameWork 2.5 | FrameWork.exe | Added by the RBOT-FMW WORM! Note - can terminate AV related processes | No |
| X | Framework module library | infocard.exe | Added by the BUZUS.AYX TROJAN! | No |
| X | Framework Windows | frmwrk32.exe | Added by the FAKEAV-KS TROJAN! | No |
| X | France | svchost.exe | Added by the MIMAIL.L WORM! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| U | Fraps | fraps.exe | Fraps Real-Time Video Capture software | No |
| N | Free Download Manager | fdm.exe | "Free Download Manager" - see here | No |
| ? | Free Downloads Monitor | fdcmon.exe | ?? | No |
| N | Free DVD Direct | FreeDVDDirect.exe | Free DVD Direct - provides a program to access a peer-to-peer (P2P) file-sharing network (see here) | No |
| U | Free Key Logger | freekeylogger.exe | Free Key Logger keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| U | Free Ram Optimizer | fro.exe | Free Ram Optimizer monitors your memory, and frees up ram if it falls below a certain minimum. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/ME. See this article and make up your own mind | No |
| X | FreeAttention | eqsefeqe.exe | Added by an unidentified WORM or TROJAN! | No |
| N | Freebie Notes | FreebieNotes.exe | Freebie Notes by Power Soft - create electronic notes (stickers) | No |
| N | FreeCall | FreeCall.exe | FreeCall - free internet telephony utility using the VoIP (Voice over Internet Protocol). Call online friends for free and regular phones either for free (limited use) or low rates. One of a number provided by Betamax - the others generally have different rate plans. Similar to the more popular Skype | Yes |
| Y | Freedom | Freedom.exe | Freedom Internet Security & Privacy - anti-virus, personal firewall and parental control. It also blocks ads, safeguards your personal information, encrypts your passwords, and much more. No longer available for sale | No |
| U | FreeMem Pro | FMEMPRO.EXE | FreeMem Pro - memory optimizer. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mind | No |
| U | FreeMemVn2 | FreeMem.exe | FreeMem - memory optimizer. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mind | No |
| X | FreeMP3download | rundll32.exe MSA64CHK.dll,DllMostrar | MatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System% | No |
| N | FreePDF Assistant | fpassist.exe | Part of FreePDF (was FreePDF XP) - a utility used to create Adobe compatible PDF files from virtually any Windows application. This executable needs to be running when you want to send a printer output to a PDF file via the FreePDF virtual printer | No |
| N | FreePDF_Assistant | fpassist.exe | Part of FreePDF (was FreePDF XP) - a utility used to create Adobe compatible PDF files from virtually any Windows application. This executable needs to be running when you want to send a printer output to a PDF file via the FreePDF virtual printer | Yes |
| U | FreeRAM XP | FreeRAM XP Pro *.exe | FreeRAM XP Pro - memory optimizer where * represents the version. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mind | No |
| U | FreeRAM XP | FreeRAM XP Pro.exe | FreeRAM XP Pro - memory optimizer. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mind | No |
| X | freestyle | lockx.exe | Added by the RBOT-ATH WORM! | No |
| U | freesurfer | fs20.exe | EMS Free Surfer mk II - pop-up stopper | No |
| X | freexstyle | lockbar.exe | Added by the LOXBOT.D WORM! | No |
| X | freexstyle | lockbr.exe | Added by the LOXBOT.C WORM! | No |
| X | freinst | pgs.exe | Part of the AVSystemCare rogue security software and other members of this family. See here for more examples | No |
| U | Fresh Desktop | freshdesktop.exe | Fresh Desktop is a utility that lets you manage vast collections of wallpapers for your desktop with ease. When run on bootup it changes the desktop wallpaper at startup or at specified intervals | No |
| N | freshclam | freshclam.exe | Auto update agent of the open source Clamwin virus scanner | No |
| ? | frguk | shdrkmck.exe | ?? | No |
| ? | FridaysInHellInstaller | FridaysInHellInstaller.exe | ?? | No |
| X | FriendlyType | lsass.exe | Added by the WEBUS.B TROJAN! Note - this is not the legitimate lsass.exe process which should not normally figure in Msconfig/Startup! | No |
| X | FriendlyTypeName | services.exe | Added by the NEVEG.B or NEVEG.C WORMS! Note - this is not the legitimate services.exe process, which should not appear in Msconfig/Startup! | No |
| X | FriendlyTypeName | winlogon.exe | Added by the NEVEG.A WORM! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup! | No |
| N | FriendlyWebQuick-Launch | SELFCERT.EXE | selfcert.exe is a stand alone program for creating your own digital certificates for macros - the .exe is installed as an extra basically by clicking on MS Office in add/remove programs and selecting remove - also I would do away with the FriendlyWebQuickLaunchBar as well | No |
| U | FRISK FP-Scheduler | F-Sched.exe | Scheduler for F-Prot anitvirus software. Leave enabled unless you scan manually on a regular basis | No |
| ? | FRITZ!DSL Startcenter | StCenter.exe | FRITZ! ISP software "StartCenter" User interface that allows you to manage, tweak and diagnose many aspects of your internet connection - is it required? | No |
| U | FRITZ!webProtect | FwebProt.exe | Firewall included in FRITZ! ISP DSL software | No |
| N | Fromine WinPopup | winpopup.exe | Instant Messenger program | No |
| X | froody | timoty.exe | Added by an unidentified malware | No |
| X | Frsk | frsk.exe | Unidentified adware downloader trojan | No |
| X | frun | derc32xz.exe | Added by an unidentified TROJAN! | No |
| Y | FRW_EXE | FRW.EXE | ConSeal Signal9 firewall - now McAfee Personal firewall | No |
| Y | frxmxins | frxmxins.exe | ATI 3D Studio MAX/VIZ driver | No |
| X | FS Agent | fagent.exe | Added by the VOLVER-B TROJAN! | No |
| X | FS6519 | FS6519.dll.vbs | Added by the SOLOW.B WORM! | No |
| Y | fsaa | fsaa.exe | F-Secure antivirus Authentication Agent - creates and stores private keys used by a client to access servers | No |
| N | FSCBoss | FSCBoss.exe | Free Store Club shop online software | No |
| ? | FSDPSRV | FSDPSRV.exe | ?? | No |
| X | fsdsft | [path to backdoor] | Added by the RANKY.S BACKDOOR! | No |
| X | FSH | svcnva.exe | Identified by Ewido Security Suite (Ewido is now part of AVG Technologies) as the DELF.KA TROJAN! | No |
| U | fsp | fsp.exe | Folder Shield - hide entire directories and thus prevent access by anyone else to your personal files and documents | No |
| Y | fspr | FolderShield.exe | Folder Shield - hide personal files and folders | No |
| N | FSScrCtl | FSScrCtl.exe | Screen saver control applet used by the "Stardust Screen Saver Toolkit" and "SolidWorks Screen Saver" | No |
| U | fsserv | fserv.exe | Farsighter Server - monitors a remote computer invisibly by streaming video to a viewer on your computer. You will know exactly what is happening on the remote computer as you see it in real-time | No |
| U | fssui | fsui.exe | System Tray access to and notifications from Windows Live Family Safety - optionally installed as part of Windows Live Essentials. "With Family Safety, you decide how your kids experience the Internet. Limit searches, monitor and block or allow websites, and decide who your kids can communicate with in Windows Live Spaces, Messenger, or Hotmail". Note - disabling this entry does not disable Family Safety and prevent it monitoring a users activity or restricting access | Yes |
| U | fssui | fssui.exe | System Tray access to and notifications from Windows Live OneCare Family Safety - part of the Live OneCare range and now superseded by Windows Live Family Safety which is part of Windows Live Essentials. Allows you to decide how your kids experience the Internet by limiting searches, monitoring and blocking/allowing websites and deciding who your kids can communicate with in Messenger or Hotmail. Note - disabling this entry does not disable Family Safety and prevent it monitoring a users activity or restricting access | Yes |
| X | fstsvc | rundll32.exe fstsvc.dll,start | Added by the AKBOT-AA WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "fstsvc.dll" file is found in %System% | No |
| U | fsui | fsui.exe | System Tray access to and notifications from Windows Live Family Safety - optionally installed as part of Windows Live Essentials. "With Family Safety, you decide how your kids experience the Internet. Limit searches, monitor and block or allow websites, and decide who your kids can communicate with in Windows Live Spaces, Messenger, or Hotmail". Note - disabling this entry does not disable Family Safety and prevent it monitoring a users activity or restricting access | Yes |
| X | FSW | FSW.exe | FreeScratchAndWin parasite | No |
| U | FSWebServer | fsws.exe | Easy File Sharing Web Server is a Windows program that allows you to host a secure peer-to-peer and web-based file sharing system without any additional software or services | No |
| X | ftk | ftkclean.exe | FlashEnhancer adware | No |
| X | FtkCPY | ftkcpy.exe | FlashEnhancer adware | No |
| U | FtLnSOP_setup | FtLnSOP.exe | Fujitsu scanner utility | No |
| U | FTMSFLT(USB) | FTMSFLTU.EXE | Fujitsu's Touch Panel Message Notifier | No |
| X | FTP FOR WINDOWS | ftpwin32.exe | Added by a variant of the RBOT WORM! | No |
| X | FTPGraber | FTPGraber.exe | Added by the DLOADER-DT TROJAN! | No |
| N | FTPManager | FTPDM.exe | "Robust FTP is a Windows-based file transfer client application that transfers files between a user's local PC and another, remote computer system connected via a modem and telephone lines or by a local-area network (with upload transfer resume and download transfer resume)". Can be started manually | No |
| U | Ftpqueue | Ftpsched.exe | Part of WS_FTP Pro from Ipswitch. Queueing facility for scheduling FTP transfers | No |
| ? | FtpServer.exe | FtpServer.exe | Part of the Sharpdesk from Sharp Electronics. "A desktop-based, personal document management application that lets users browse, edit, search, compose, process, and forward both scanned and native electronic documents". What does it do and is it required? | No |
| U | ftutil2 | rundll32.exe ftutil2.dll, SetWriteCacheMode | Related to Promise Technology's FastTrak SX4030/4060 PCI ATA Raid 5 controller (and possibly others) | No |
| X | FU | FUvirus.exe | Added by the VB-EJC TROJAN! | No |
| X | FuckD3w4 | FuckD3w4.exe | Added by the BRONTOK-DI WORM! | No |
| X | Fucker | fucker.vbs | Added by the CATCHER-A WORM! | No |
| U | Fujitsu Hotkey Utility | IndicatorUty.exe | Fujitsu Hotkey Utility displays icons on the screen when you use hotkeys on a Fujitsu Siemens Lifebook, eg, when you press the hotkey for muting the sound, a loudspeaker icon with a cross on it is displayed | No |
| U | Fujitsu Menu | FjMnuIco.exe | From the "Fujitsu Menu" tray icon you have instant access to the Control Panel, Tablet pc keyboard, Tablet and pen settings, Fujitsu display controls, brightness control, sounds and audio devices, capture screen, capture window, organize favorites, power options, printers and faxes, LCD brightness MIN, LCD brightness MAX, Enable/disable Button Panel and the Fujitsu menu settings, which are customizable | No |
| X | fukerservice | fukerz.exe | Added by a variant of the RBOT WORM! | No |
| X | FUKLBAR | bar.exe | PurityScan adware | No |
| N | FullAudio | WMPImporter.exe | Used to import settings from Windows Media Player into Music Now software (from www.musicnow.com - which is no longer available) and possibly others | No |
| X | Fun | Fun.exe | Added by the COIDUNG-A WORM! | No |
| N | FusionHdtvTray | FusionHdtvTray.exe | FusionTrayAgent - main executable for DVICO FusionHDTV software. It adds an icon to system tray that allows you to easily access Fusion HDTV software | No |
| U | FusionRC | FusionRC.exe | Remote control manager for DVICO FusionHDTV | No |
| U | FusionRemote | FusionRc.exe | Remote control manager for DVICO FusionHDTV | No |
| N | FusionTrayAgent | FusionHdtvTray.exe | FusionTrayAgent - main executable for DVICO FusionHDTV software. It adds an icon to system tray that allows you to easily access Fusion HDTV software | No |
| X | fvek | fvek.exe | Added by the DRIVOL-A TROJAN! | No |
| Y | FveNotify | fveNotify.exe | Windows Vista - BitLocker Drive Encryption Notification Utility. Available with Enterprise and Ultimate versions of Vista, "BitLocker prevents a thief who boots another operating system or runs a software hacking tool from breaking Windows Vista file and system protections or performing offline viewing of the files stored on the protected drive" - see here | No |
| X | FW Manager | fwcheck.exe | Added by the DELBOT-H WORM! | No |
| X | FWDMON.EXE | fwdmon.exe | Added by the PROXY-S TROJAN! | No |
| Y | fwenc.exe | fwenc.exe | Check Point SecuRemote VPN client - "dynamic and fixed IP addressing for all ISP services - dial-up, cable modem, or DSL - the ideal solution for telecommuters and mobile workers" | No |
| X | Fwr Command Module | fwr.exe | Added by the SDBOT-PP WORM! | No |
| N | fwrastrc | fwrastrc.exe | Dial-up software for Friendly Technologies/1NationOnLine free ISP | No |
| U | fwservice | fwservice | eAcceleration Stop-Sign security software related. Previously not recommended, see here | No |
| X | FX | ieloader.exe | Added by the SMALL.RR TROJAN! | No |
| X | Fxoekm | miyhart.exe | Added by the SDBOT-CZQ WORM! | No |
| U | fxredir | fxredir.exe | Canon MultiPASS fax redirector | No |
| X | fzg | svhost32.exe | Added by the DLOADER.BDK TROJAN! | No |
| X | f~a | ra32.exe | Added by the CAY TROJAN! | No |
| X | g.exe | g.exe | Added by the GRAYBIRD.Q TROJAN! | No |
| X | G00123 | [worm filename] | Added by the BUGBROS WORM! | No |
| X | G0mez | G0mez.vbs | Added by the GORMLEZ-A WORM! | No |
| X | G3 | GSMedia3.exe | Malware downloader - detected by Kaspersky as the VB.UX TROJAN! | No |
| ? | g3dctl | g3dctl.exe | ?? | No |
| X | G4G | [random filename] | Detected as Trojan-Downloader.Win32.VB.fki | No |
| U | G6FTP Server Tray Monitor | G6FTPTray.exe | System Tray monitoring tool for Gene6 FTP Server - "an advanced FTP server software for Windows developed specifically for security and high performance requirements" | No |
| X | ga6pcw | ga6pcw.exe | Part of the AVSystemCare rogue security software and other members of this family. See here for more examples | No |
| X | gac | gac.exe | Part of VirusVakt, Swedish rogue security software - not recommended. A member of the AVSystemCare family | No |
| ? | GACService | GACService.exe | Related to a Gemplus product. What does it do and is it required? | No |
| X | gadkgak12 | fsafsakx12.exe | Added by the ONLINEG-N TROJAN! | No |
| N | Gadu-Gadu | gg.exe | Polish language Instant Messaging client | No |
| N | Gadwin PrintScreen | PrintScreen.exe | Gadwin PrintScreen - utility to capture, print or save the current window | No |
| X | GAELICUM.EXE | GAELICUM.EXE | Added by the PENTA-A TROJAN! | No |
| X | gah95on6 | gah95on6.exe | ShopAtHome/SAHagent adware | No |
| U | gaim | gaim.exe | Gaim is an instant messenger client with capability to connect to AIM, ICQ, MSN Messenger, Yahoo, IRC, Jabber, Gadu-Gadu and Zephyr networks | No |
| U | Gainward | TBPanel.exe | Configuration utility for Gainward graphics cards. Not required unless you use non-default settings. Available via Start -> Settings -> Control Panel | No |
| X | game | shit.exe | Added by the Netclap Gold backdoor TROJAN! | No |
| X | game | patcher.scr | Added by the PSW-ED TROJAN! | No |
| N | Game Device | JOYUPDRV.EXE | Genius game controller profile activator | No |
| X | Game House | GameHouse.exe | Added by the DELF-DRA WORM! | No |
| N | GameDrive | GDTask.exe | GameDrive from FarStone - virtual CD/DVD drive emulator that allows you to run your PC games without the disc. Available via Start → Programs | No |
| X | Games Acceleration | svshost.exe | EasySearch adware | No |
| X | Games Acceleration | [path to trojan] | Added by the SMUTSRCH-A TROJAN! | No |
| X | Games Acceleration | svshost1.exe | Added by the DLOADR-AWD TROJAN! | No |
| X | Games toolbar | rundll32.exe [path] tbGame.dll DllShowTB | Topconverting.com/180Search "Games Toolbar" adware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| N | GameSpot | kontiki.exe | Kontiki Delivery Manager - Windows-based client software that enables secure delivery of content to users' desktops | No |
| U | gameutil.exe | gameutil.exe | Part of Redline RegTweak as supplied with Sapphire ATI graphics cards. You can configure different overlclocking settings on a per game basis and this sets those conditions following a re-boot | No |
| X | gamma | svchost.exe | Added by a variant of the DELF.IT TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! The location of this file varies | No |
| U | GammaHotKeys | setgamma.exe | Part of the RadeonTweaker program for adjusting ATI Radeon graphics cards. Allows you to adjust the gamma (or brightness) when playing a full-screen game without switching back to the desktop | No |
| X | gangsta | gangsta.exe | Added by the RIMA.A BACKDOOR! | No |
| U | GARO Status Monitor | cnwism.exe | Print monitor for certain Canon printers | No |
| X | gaSrv | gaSrv.exe | Detected by Panda as the DOWNLOADER.ALQ TROJAN! Adware downloader | No |
| X | gaSrve | gaSrve.exe | Detected by Panda as the DOWNLOADER.ALQ TROJAN! Adware downloader | No |
| X | Gate Personal Firewall | Systpl.exe | Added by the RBOT.ADC WORM | No |
| N | Gateway Extended Warranty | GWCares.exe | Gateway Extended Warranty reminder | No |
| X | Gator | gator.exe | Gator eWallet adware. Please note that Claria Corporation no longer support GAIN-Supported software - see here | No |
| X | Gator eWallet | gator.exe | Gator eWallet adware. Please note that Claria Corporation no longer support GAIN-Supported software - see here | No |
| X | Gay_Sexy_** | Gay_Sexy_**.exe | Premium rate adult content dialler (where * is a random char) | No |
| U | GazelDisplay | gsyno.exe | BT Digital Access USB - Gazel ISDN installation System Tray icon | No |
| Y | GBMHome7Agent | GBMAgent.exe | Genie Backup Manager Home 7 - backup software | No |
| Y | GBMLite7Agent | GBMAgent.exe | Genie Backup Manager Lite 7 - backup software | No |
| Y | GBMPro7Agent | GBMAgent.exe | Genie Backup Manager Pro 7 - backup software | No |
| Y | GBSpaceMan | SpaceMan.exe | GreenBorder - secure your browsing activities on the internet | No |
| U | GBTray | GBTray.exe | System Tray icon access to Roxio's (nee Adaptec) GoBack software which allows you to revert back to a previously working state on you hard drive if you install a new program and your system goes faulty - performing the same functions with extra features as System Restore on WinMe/XP systems. Disable before running Scandisk or Defrag. Not required for WinMe/XP users, recommended for Win9x/NT/2K users | No |
| X | gCac | gcac.exe | Added by the TACTSLAY.U TROJAN! | No |
| X | gcasDtServ | gcasDtServ.exe | Added by an unidentified WORM or TROJAN. Note - this is not related to Microsoft Antispyware which has a process bearing the same name which doesn't appear as a startup | No |
| Y | gcasServ | gcasServ.exe | Giant Antipsyware - now superseded by Microsoft's Windows Defender | No |
| X | gcasServ | realsched.exe | Added by a variant of the TACTSLAY.A TROJAN! Note - this is not the legitimate RealOne Player (realsched.exe) application of the same name | No |
| ? | GCC Reminder | gccrem.exe | Associated with AcraMax Greeting Card Creator. Is it a registration reminder? | No |
| N | GCS | GrabClipSave.exe | GrabClipSave screen capture tool | No |
| X | gcw | gcw.exe | Part of BestsellerAntivirus, PCSecureSystem and other members of the AVSystemCare family of rogue security software suites. See here for more examples | No |
| X | gdagdgajs | bbsbw.exe | Added by the SDBOT-QX WORM! | No |
| X | GDAX | [path to backdoor] | Added by the RANKY.K TROJAN! | No |
| X | gdcw | GDCW.exe | Part of the PCPrivacyTool rogue privacy tool - not recommended. See here | No |
| X | Gddlib | rundll32.exe gddlib.dll,start | Added by the AKBOT.EG WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "gddlib.dll" file is found in %System% | No |
| Y | GDFirewallTray | GDFirewallTray.exe | System Tray access to the firewall part of G Data range of internet security products | No |
| X | gdien32 | gdien32.exe | Added by the SINGU-P TROJAN! | No |
| X | gdimx | gdimx.exe | MPB-D dialer. Note - provides an uninstall option which can be accessed via the Add or Remove Programs dialog in the Windows Control Panel. The software is listed as "gdimx" | No |
| U | GDMgr.exe | gdmgr.exe | GuardMon is a commercial surveillance software program designed to monitor all forms of user activity on a computer | No |
| N | GDrive | GDriver.exe | Found on IBM systems. All it does is set the CDROM drive letter to G:. Set your drive letter manually via Start -> Settings -> Control Panel -> System -> Device Manager | No |
| N | Gearbox | confsvr.exe | NTL's Gearbox software for configuring internet connections with their NTLWorld software - does a similar job to the Internet Connection Wizard which can be used instead using the dial-up details available here | No |
| N | GEARsec | gearsec.exe | Installed by Apple Quicktime package - iPod®/iTunes® CDRW support. Can be disabled if you only require Quicktime player | No |
| X | GEDZAC | GEDZAC.exe | Added by the GEMEL WORM! | No |
| X | Gekio Startups | gnksvc32.exe | Added by the AGOBOT.AFJ WORM! | No |
| N | GemStRmW | GemStRmW.exe | For a GemPlus smart card reader. If it doesn't start automatically when you insert the smart card, start it manually | No |
| X | gencroot | gencroot.exe | Added by the SDBOT-AED WORM! | No |
| U | Gene USB Monitor | USBMonit.exe | Monitors USB ports for insertion of Sandisk USB flashdrives | No |
| X | General Antivirus | GenAvir.exe | General Antivirus rogue security software - not recommended, removal instructions here | No |
| X | general lptt01 | general.exe | RapidBlaster variant (in a "General" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here | No |
| X | general ml097e | general.exe | RapidBlaster variant (in a "General" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here | No |
| X | Generic host proccess for windows | SVCHOSTS.EXE | Added by the SPYBOT-GQ WORM! | No |
| X | Generic Host Process | SCHOST.EXE | Added by the RBOT-NC WORM! | No |
| X | Generic Host Process | svchost.exe | Added by the DLOADER-NX TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | Generic Host Process | camacttiv.exe | Detected by AVG as the CIADOOR.13 TROJAN! | No |
| X | Generic Host Process | lsassw.exe | Added by the AGOBOT-N WORM! | No |
| X | Generic Host Process for Win Services | mscvs.exe | Added by a variant of the SDBOT WORM! | No |
| X | Generic Host Process for Win32 Service | svlhost.exe | Added by the WOOTBOT.EX WORM! | No |
| X | Generic Host Process for Win32 Service | rpchost.exe | Added by the IRCBOT.DCN WORM! | No |
| X | Generic Host Process for Win32 Services | ntspcv.exe | Added by the SDBOT.S TROJAN! | No |
| X | Generic Host Process for Win32 Services | intspvc.exe | Added by the DINFOR.D WORM! | No |
| X | Generic Host Process for Win32 Services | winsvc.exe | Added by the SDBOT-O WORM! | No |
| X | Generic Host Process for Win32 Services | bazzi.exe | Added by the AHKER.E WORM! | No |
| X | Generic Host Process for Win32 Services | winsvc32.exe | Added by the SDBOT-P WORM! | No |
| X | Generic Host Process for Win32 Services | lspsvc.exe | Added by the MUMU.C WORM! | No |
| X | Generic Host Process for Win32 Services | SPSVC.EXE | Added by the SDBOT.DA WORM! | No |
| X | Generic Host Process for Win32 Services | svchost32.exe | Added by the AGOBOT.ALH WORM! | No |
| X | Generic Host Process for Win32 Services | svñhîst.exe | Added by the DLOADER.AK TROJAN! | No |
| X | Generic Host Process for Win32 Services | winlogon.exe | Added by a variant of the IRCBOT BACKDOOR! See here. Note - this is not the legitimate winlogon.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! | No |
| X | Generic Host Process for WinXP Services | mshelp.exe | Added by the AGENT-GQP TROJAN! | No |
| X | Generic Host Process2 System Backup | scvhost2.exe | Added by the RBOT-BAH WORM! | No |
| X | Generic Host Process326a System Backup | scvhost326a.exe | Added by a variant of the SDBOT WORM! | No |
| X | Generic Host Service | lshost.exe | Added by the RBOT.LU WORM! | No |
| X | Generic Service Process | regsvc32.exe | Added by the GAOBOT.UJ or GAOBOT.UL WORMS! | No |
| X | Generic Service Process | serv1ces.exe | Added by the AGOBOT-JK WORM! | No |
| X | Generic Service Process | nvsvc.exe | Added by the AGOBOT.BY WORM! Note - this is not the valid NVIDIA Driver Helper Service and is located in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| X | Generic Service Process | srvhost.exe | Added by the AGOBOT-FX WORM! | No |
| X | Generic Services Process | regsvc32.exe | Added by the GAOBOT.SY WORM! | No |
| X | GenericHostXP | WinLoaderXP.exe | Added by the BDOOR-ACX BACKDOOR! | No |
| Y | Genie USB Monitor | USBmonitor.exe | Port monitor for an external USB hard drive. Required to enable access to the drive | No |
| X | Genius Mose Driver | svghost.exe | Added by a variant of the SPYBOT WORM! See here | No |
| X | genserv path | sdqdqg.exe | Added by the SDBOT-RF WORM! | No |
| X | Geography TX 1.0 NT | CompuSpeed.vbs | Added by the NEWLEY-A WORM! | No |
| X | Gerenciamento de arquivos do Windows | Winmod32.exe | Added by the DLOADER-WG TROJAN! | No |
| X | german.exe | winsystems.exe | Added by the BAGLEDl-AE TROJAN! | No |
| X | german.exe | wintems.exe | Added by the BAGLE-AS TROJAN! | No |
| X | gescw | gescw.exe | Part of BeschermingsTool, SysDepannage and other members of the ErrClean rogue system error and cleaning utility and other members of this family. See here for more examples | No |
| X | Gestionnaire de disques universel | sysoobe.exe | Added by the TOADER-A TROJAN! | No |
| N | Get Smile | getsmile.exe | Puts smilie faces in your E-mail. Run manually when required | No |
| X | Get-Torrent Service | wakeservice.exe | Get-Torrent bittorrent client - Installs LOP adware | No |
| Y | Getca | InfoMyCa.exe | Monitor for a Belkin USB Wireless adapter | No |
| U | GetIT | GetIT.exe | "HP GET-IT (Graduate Entrepreneurship Training through Information Technologies) empowers under- or unemployed young people with business and IT skills - helping them find a job or start their own businesses" | No |
| X | GetitAll | rundll32.exe MSA64CHK.dll,DllMostrar | MatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System% | No |
| X | GetModule18 | GetModule18.exe | Internet Speed Monitor adware related - see example here | No |
| X | GetModule19 | GetModule19.exe | Internet Speed Monitor adware related - see example here | No |
| X | GetModule20 | GetModule20.exe | Internet Speed Monitor adware related - see example here | No |
| X | GetModule21 | GetModule21.exe | Internet Speed Monitor adware related - see example here | No |
| X | GetModule23 | GetModule23.exe | Internet Speed Monitor adware related | No |
| X | GetModule24 | GetModule24.exe | Internet Speed Monitor adware related - see example here | No |
| X | GetModule25 | GetModule25.exe | Internet Speed Monitor adware related - see example here | No |
| X | GetModule27 | GetModule27.exe | Internet Speed Monitor adware related | No |
| X | GetModule29 | GetModule29.exe | Internet Speed Monitor adware related - see example here | No |
| X | GetModule30 | GetModule30.exe | Internet Speed Monitor adware related | No |
| X | GetMP3 | rundll32.exe MSA64CHK.dll,DllMostrar | MatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System% | No |
| X | GetPack18 | GetPack18.exe | Internet Speed Monitor adware related - see example here | No |
| X | GetPack19 | GetPack19.exe | Internet Speed Monitor adware related - see example here | No |
| X | GetPack20 | GetPack20.exe | Internet Speed Monitor adware related - see example here | No |
| X | GetPack21 | GetPack21.exe | Internet Speed Monitor adware related - see example here | No |
| X | GetPack22 | GetPack22.exe | Internet Speed Monitor adware related | No |
| X | GetPack23 | GetPack23.exe | Internet Speed Monitor adware related | No |
| X | GetPack24 | GetPack24.exe | Internet Speed Monitor adware related - see example here | No |
| X | GetPack25 | GetPack25.exe | Internet Speed Monitor adware related | No |
| N | GetRight Tray Icon | GETRIGHT.EXE | GetRight from Headlight Software - download manager for resuming downloads and choosing multiple download locations. The freeware version is/was spyware. The registered version isn't if you don't install the Aureate/Radiate software. Available via Start -> Programs | No |
| X | GetTheMusic | rundll32.exe MSA64CHK.dll,DllMostrar | MatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System% | No |
| U | Getting started with MacDrive | MDGetStarted.exe | MacDrive 7 from Mediafour Corporation - "enables anyone using Windows Vista, XP, and 2003 Server to seamlessly access Mac disks (HFS/HFS+) of all types, including CDs, DVDs, hard drives, floppy, Zip, Jaz, and more!" | No |
| X | getwin | winB_.exe | Added by the BANKER-HS TROJAN! | No |
| X | gf1.0.0.2 | ggf.exe | Added by the EDFON.A TROJAN! | No |
| X | gfxtray | rundll32 ctccw32.dll,findwnd | Added by the AGENT.AOU BACKDOOR! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted, The "ctccw32.dll" is located in %System% | No |
| X | Ghost Relay | [random filename] | Added by the DNSCHANG.EK TROJAN! | No |
| U | GhostSecuritySuite | gss.exe | Ghost Security Suite - protect the registry from unauthorized reading and modification and other tools | No |
| N | GhostStartService | GhostStartService.exe | Required to run the Windows based wizard in Norton Ghost - added from the 2003 version. Will start automatically when you run the wizard | No |
| N | GhostStartTrayApp | GhostStartTrayApp.exe | System Tray access to Norton Ghost - added from the 2003 version | No |
| Y | GhostSurfDelSatellite | DeleteSatellite.exe | Part of SpyCatcher spyware remover from Tenebril. Prevents rogue programs from sending personal information to a remote user via the Internet. If you use SpyCatcher with real time scanning, you'll want to leave this file in place | No |
| X | gigabit.exe | gigabit.exe | Added by the BEAGLE.U WORM! | No |
| X | GigaByte | Cheatle.exe | Added by the SHODI.B VIRUS! | No |
| U | Giganews Accelerator | GiganewsAccelerator.exe | Giganews Accelerator from Giganews, Inc. - "a software-based news proxy which will allow you to compress headers and enable 256-bit SSL encryption, regardless of whether or not SSL is supported natively by your news client" | No |
| Y | Gilat SOM Enumerator | dllhost.exe | For Gilat Communications internet satellite systems - associated with SkyBlaster modem. Required if you have this system | No |
| Y | GilatFTC | ftc.exe | For Gilat Communications internet satellite systems - associated with SkyBlaster modem. Required if you have this system | No |
| X | gimmygames | [path to trojan] | Added by the DLOADR-LN TROJAN! | No |
| X | gimmysmileys | gimmysmileys.exe | GimmySmileys adware | No |
| X | GinaDll | ntgina.dll | Added by the ANIG.A WORM! | No |
| ? | GisdnLog | gisdnlog.exe | BT Digital Access USB | No |
| U | Glass2k | Glass2k.exe | "Glass2k is a small little program that allows Win2K/XP users to make any window transparent" | No |
| X | GLF Network Lan Monitor | NPFMNTOR.exe | Added by the RBOT-AGY WORM! | No |
| Y | Glide | Glidew32.exe | Cirque touchpad driver | No |
| X | Global Startup | WinDash.EXE | Detected by Kaspersky as the VB.Q WORM! | No |
| X | GlobalFlagACER | ACER.exe | Added by the VB.BL WORM! | No |
| X | GlobalSCAPE | [random filename] | Added by the RBOT-AYM WORM! | No |
| X | Glock Suite 1.1 | glock32.exe | Added by the TINY.GV TROJAN! | No |
| X | GLSetIT32 | msiexec16.exe | Added by the OPTIX PRO TROJAN! | No |
| X | GLSetIT32 | isass.exe | Added by a variant of the OPTIX PRO TROJAN! | No |
| X | GLSetT32 | smsiexec.exe | Added by the OPTIX-D TROJAN! | No |
| ? | gluon | gluon.exe | In a gluon/bin sub-directory | No |
| X | glv | glv.exe | Added by the DLOADER-NG TROJAN! | No |
| X | GMedia2 | GSM2.exe | Malware downloader - detected by Kaspersky as the VB.UX TROJAN! | No |
| X | GMedia2 | GSMedia3.exe | Malware downloader - detected by Kaspersky as the VB.UX TROJAN! | No |
| Y | Gmouse | Gmouse.exe | Amouse mouse driver - required if you use non-standard Windows driver features | No |
| X | Gmsvc32 | gmsvc32.exe | Added by the AGOBOT.ABN WORM! | No |
| U | Gnetmous | gnetmous.exe | Genius mouse driver - required if you use non-standard Windows driver features | No |
| U | GNETMOUSE | gnetmouse.exe | Genius mouse driver - required if you use non-standard Windows driver features | No |
| X | GNP Generic Host Process | svchost.exe | Added by the ZAPCHAS-F BACKDOOR! Note - this is not the legitimate svchost.exe process which should not normally figure in Msconfig/Startup! | No |
| ? | gnub | gnub.exe | ?? | No |
| X | go | cvir.exe | Added by the SILOV-A WORM! | No |
| X | Go And Start | svdll32.exe | Added by the RBOT.AI BACKDOOR! | No |
| X | Go!Zilla | gozilla.exe | Download manager for resuming downloads and choosing multiple download locations. Advertising spyware | No |
| X | Go!Zilla Monster Downloads | Go.exe | Download manager for resuming downloads and choosing multiple download locations. Advertising spyware | No |
| U | GoBack | GBMenu.exe | Roxio's (nee Adaptec) GoBack software which allows you to revert back to a previously working state on you hard drive if you install a new program and your system goes faulty - performing the same functions with extra features as System Restore on WinMe/XP systems. Disable before running Scandisk or Defrag. Not required for WinMe/XP users, recommended for Win9x/NT/2K users | No |
| U | GoBack | GBTray.exe | System Tray icon access to Roxio's (nee Adaptec) GoBack software which allows you to revert back to a previously working state on you hard drive if you install a new program and your system goes faulty - performing the same functions with extra features as System Restore on WinMe/XP systems. Disable before running Scandisk or Defrag. Not required for WinMe/XP users, recommended for Win9x/NT/2K users | No |
| U | GoBack Polling Service | GBPoll.exe | Roxio's (nee Adaptec) GoBack software which allows you to revert back to a previously working state on you hard drive if you install a new program and your system goes faulty - performing the same functions with extra features as System Restore on WinMe/XP systems. Disable before running Scandisk or Defrag. Not required for WinMe/XP users, recommended for Win9x/NT/2K users | No |
| U | GoBack Tray Icon | GBTray.exe | Roxio's (nee Adaptec) GoBack software which allows you to revert back to a previously working state on you hard drive if you install a new program and your system goes faulty - performing the same functions with extra features as System Restore on WinMe/XP systems. Disable before running Scandisk or Defrag. Not required for WinMe/XP users, recommended for Win9x/NT/2K users | No |
| X | GOG | GOG.exe | Added by the PHILIS.B VIRUS! | No |
| X | goidr | goidr.exe | Goidr adware | No |
| X | GoldenAntiSpy | pgs.exe | GoldenAntiSpy rogue security software - not recommended. A member of the AVSystemCare family | No |
| U | Goldensoft_MndlSvr | MndlSvr.exe | Goldensoft CD Ghost related - turns a computer into a 200X-speed CD-ROM tower. Working from the hard drive, users can simultaneously access as many as 23 virtual CD-ROM drives at a speed of 200X for true multitasking | No |
| X | Golum | services.exe | Added by the GOLUM.A TROJAN! Note - this is not the legitimate services.exe process, which should not appear in Msconfig/Startup! | No |
| X | golumm | services.exe | Added by the DLOADER-ET TROJAN! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "golumm" subfolder | No |
| X | good | badvir.exe | Added by the SILOV-B WORM! | No |
| X | google.exe | Added by the RBOT-AMW WORM! | No | |
| U | Google Desktop | GoogleDesktop.exe | Google Desktop - "a desktop search application that provides full text search over your email, files, music, photos, chats, Google Mail, web pages that you've viewed and more. By making your computer searchable, Google Desktop puts your information easily within your reach and frees you from having to manually organise your files, emails and bookmarks" | Yes |
| U | Google Desktop Search | GoogleDesktop.exe | Google Desktop - "a desktop search application that provides full text search over your email, files, music, photos, chats, Google Mail, web pages that you've viewed and more. By making your computer searchable, Google Desktop puts your information easily within your reach and frees you from having to manually organise your files, emails and bookmarks" | Yes |
| X | Google Earth | [random filename] | Added by the RBOT-AXK TROJAN! | No |
| N | Google Earth Viewer | GOOGLEMAPS.EXE | Google Earth "combines satellite imagery, maps and the power of Google Search to put the world's geographic information at your fingertips" | No |
| U | Google IME Autoupdater | GooglePinyinDaemon.exe | Google Pinyin Input Method Editor (IME) - allows a user to input Chinese characters by entering the pinyin of a Chinese character (with or without tone, depending on the system) and then presenting the user with a list of possible characters with that pronunciation | No |
| X | google Intrenet Explorer | google.pif | Added by the RBOT-ARA WORM! | No |
| U | Google Quick Search Box | GoogleQuickSearchBox.exe | Part of Google Toolbar (from version 6 onwards) for IE. The Quick Search Box sits between the "Start" button and Quick Launch toolbar and "lets you easily search both your computer and the Web from a slick-looking search box that comes up only when you need it" | Yes |
| X | Google service | Googlesetup.exe | Added by the IRCBOT-RJ WORM! | No |
| X | Google Service FR | GO0GLEFREE.EXE | Added by a variant of the SPYBOT WORM! | No |
| X | google toolbar | ggtb32.exe | Added by the AGOBOT-RR WORM! | No |
| N | Google Update | GoogleUpdate.exe | Update manager for the range of tools available from Google - such as the Chrome web browser and Picasa photo manager | No |
| N | Google Updater | GOOGLE~1.EXE | Downloads and installs updates for Google applications (Google Earth, Google Desktop, etc.) | No |
| N | Google Updater | GoogleUpdater.exe | Downloads and installs updates for Google applications (Google Earth, Google Desktop, etc.) | No |
| X | GoogleBot.exe | GoogleBot.exe | Added by the GB TROJAN! | No |
| N | GoogleDCClient | GoogleDCC.exe | Google Compute Client - only present if you installed the Google Toolbar with "Google Compute" client active. Does complex calculations in the background when idle. If you want to turn it off go to your browser, click on the little double-helix on the Google Toolbar, and click "Stop Computing". No longer supported | No |
| U | GoogleDesktop | GoogleDesktop.exe | Google Desktop - "a desktop search application that provides full text search over your email, files, music, photos, chats, Google Mail, web pages that you've viewed and more. By making your computer searchable, Google Desktop puts your information easily within your reach and frees you from having to manually organise your files, emails and bookmarks" | Yes |
| U | GoogleQuickSearchBox | GoogleQuickSearchBox.exe | Part of Google Toolbar (from version 6 onwards) for IE. The Quick Search Box sits between the "Start" button and Quick Launch toolbar and "lets you easily search both your computer and the Web from a slick-looking search box that comes up only when you need it" | Yes |
| U | googletalk | googletalk.exe | Google Talk "enables you to call or send instant messages to your friends for free-anytime, anywhere in the world". Can be launched manually | No |
| U | GoogleToolbarNotifier | GoogleToolbarNotifier.exe | Part of Google Toolbar (from version 4 onwards) for IE. "Google Toolbar Notifier allows you to set Google as your default search engine and prevents your search settings from being changed without your consent. An icon in your system tray blinks if the Notifier identifies an attempt to change your default search engine. You can click the icon to get more details and allow the change". There was a bug in earlier versions where disabling the option resulted in the entry still running at startup but this has now been resolved | Yes |
| U | GoToMyPC | g2svc.exe | ExpertCity GoToMyPc logon - web-based remote-access solution that allows individuals and companies to register their computers online and then securely access those computers from any web browser | No |
| U | GoTrusted | GoTrusted Secure Tunnel.exe | "GoTrusted is the fast, easy way to secure your PC's Internet data and protect your privacy" | No |
| X | GotSmiley | GotSmiley.exe | GotSmiley - ad supported program that provides the user with smileys for use in emails. Not recommended. Please note that Claria Corporation no longer support GAIN-Supported software - see here | No |
| X | gouday.exe | readme.exe | Added by the BEAGLE.C WORM! | No |
| X | govurarope | Rundll32.exe retasevo.dll,s | Added by the BHO-HG TROJAN! The "retasevo.dll" file is found in %System% | No |
| X | GP Updater | gpupdater.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | GPLv3 | [random name].dll | Vundo adware | No |
| X | gpmce | window.exe | Added by the VB.CK WORM! | No |
| X | gqgqqger | gqgeqegl.exe | Added by the SDBOT-CLJ WORM! | No |
| N | GRA | gra.exe | Looks at system resources at startup and warns you if they have dropped. Contains links to the Disk Clean Up, Defrag and Start Up Menu. It does have a link to a startup configuration utility. Similar to msconfig but can keep a list of disabled apps. Not really necessary. Only appears if you load the Gateway Startup Utility | No |
| ? | gramdate | 2Stop.exe | ?? | No |
| X | Graphic Driver | smss32.exe | Added by a variant of the RBOT WORM! | No |
| X | Graphic Loader | ntvdm32.exe | Added by a variant of the RBOT WORM! | No |
| X | Graphic Update | openglx.exe | Added by the IRCBOT.AMU WORM! | No |
| X | Graphics | _default.pif | Added by the AUTOSKY WORM! | No |
| X | Graphics adapter service | windll.exe | Added by the ATNAS.A WORM! | No |
| U | Gravis Appawareloader | dbserver.exe | Looks like it's associated with Gravis game controllers and the Keyset Manager, allowing the user to program the buttons for games that don't support them | No |
| U | Gravis Xperience Driver Support | Grxp4exe.exe | Driver for Gravis game controllers such as the Eliminator Aftershock. Must be loaded if you run the supplied application software for the controller to be recognized. Start it manually via a shortcut if not used | No |
| ? | GrdSys32 | GrdSys32.exe | X-Stream ISP software. Offers free Net access funded by on-screen ads. Is it required or can you create your own dial-up networking connection to use on demand? | No |
| X | GreasyPalmUpdate | GreasyPalmUpdate.exe | SearchFast adware | No |
| X | GreatDefender | GreatDefender.exe | GreatDefender rogue security software - not recommended, removal instructions here. A member of the AntiAID family | No |
| X | GreatDefender.exe | GreatDefender.exe | GreatDefender rogue security software - not recommended, removal instructions here. A member of the AntiAID family | No |
| X | GreatDownloads | rundll32.exe MSA64CHK.dll,DllMostrar | MatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System% | No |
| N | Greetings Workshop | GWREMIND.EXE | You really want to be reminded about somebody's birthday at the expense of resources? | No |
| X | gremier | wscript.exe gpremier.vbs | Added by the GPREMIER WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted. The "gpremier.vbs" file is located in %System% | No |
| X | Gremlin | intrenat.exe | Added by the DOOMJUICE WORM! | No |
| X | grinders | grinders.exe | Added by a variant of the Storm/Nuwar/Zhelatin WORM! See here for an example | No |
| N | Grokster | Grokster.exe | Grokster Peer-To-Peer File Sharing program | No |
| Y | Groove Virtual Office | Groove.exe | "Groove Virtual Office uses a peer-to-peer networking model to connect users in Groove Workspaces. In these workspaces geographically dispersed coworkers can do almost everything they could do in the same office. They can hold online meetings, store files and folders, save threaded discussions, scribble on whiteboards, share calendars, and track project information and timelines." Formerly by Groove Networks - now owned by Microsoft and part of MS Office | No |
| U | GrooveMonitor | GrooveMonitor.exe | Part of MS Office Groove - a stand-alone product or included with the Enterprise/Ultimate versions of MS Office 2007. "A collaboration software program that helps teams work together dynamically and effectively, even if team members work for different organizations, work remotely, or work offline". GrooveMonitor is responsible for synchronizing the Groove workspaces between the users PC and those of other workspace participants. If you don't use Groove to collaborate with co-workers you can safely disable this entry | Yes |
| U | GrooveMonitor Utility | GrooveMonitor.exe | Part of MS Office Groove - a stand-alone product or included with the Enterprise/Ultimate versions of MS Office 2007. "A collaboration software program that helps teams work together dynamically and effectively, even if team members work for different organizations, work remotely, or work offline". GrooveMonitor is responsible for synchronizing the Groove workspaces between the users PC and those of other workspace participants. If you don't use Groove to collaborate with co-workers you can safely disable this entry | Yes |
| U | GroupWise PDA Connect - 3CmPlm | AutoDet.exe | 3Com Palm PC specific translator for the GroupWise PDA Connect PDA synchronisation utility from Novell | No |
| U | GroupWise PDA Connect - GrpWse | Agnt.exe | GroupWise PDA Connect PDA synchronisation utility - from Novell | No |
| U | GroupWise PDA Connect - PocketPC | AUTODE~1.EXE | Windows Mobile Pocket PC specific translator for the GroupWise PDA Connect PDA synchronisation utility from Novell | No |
| U | GroupWise PDA Connect - ScheduleSync | SCHEDU~1.EXE | ScheduleSync specific translator for the GroupWise PDA Connect PDA synchronisation utility from Novell | No |
| N | GrpConv | grpconv.exe | Microsoft Windows Program Group Converter - used by installers (ONLY in the RunOnce keys) - provides the translation of groups and group items to folders and links. Also see this MS Knowledge Base article | No |
| X | GsAds | gms2.exe | PacerD_Media/Pacimedia.com adware | No |
| ? | Gscbc | Gscbc.exe | ?? | No |
| X | gshp | zzgshp.vbs | Homepage hi-jacker | No |
| N | Gsiconexe | Gsicon.exe | ADSL modem monitor from Eicon Networks (as used by BT for its Broadband internet service for example). Can safely be disabled without affecting the connection - all this does is give an indication of connectivity and access to the diagnostic facilities | No |
| ? | GsiFinal | rundll32 gspndll.dll,postInstall final | USB DSL modem related. What does it do and is it required? | No |
| ? | GSISETUP | [path] GsiInst.exe INSTALL [path] V205Res 13 | BT Voyager ADSL modem related - what does it do and is it required? | No |
| N | GSOrganizer | GSOrganizer.exe | GoldenSection Organizer (now WinOrganizer - personal information manager) | No |
| X | gssomatic | gssomatic.exe | Searchcentrix hijacker | No |
| Y | gStart | gStart.exe | gStart GPS software from Garmin | No |
| X | GStartup | GMT.exe | Gator spyware component - see here. Please note that Claria Corporation no longer support GAIN-Supported software - see here | No |
| X | gsv | gsv.exe | Added by the ROBAL 1.0 backdoor TROJAN! | No |
| X | GT | GT.EXE | Added by the SDBOT-AJ WORM! | No |
| X | GT15J4R49V | cpuserv.exe | Identified as a variant of the Trojan.Win32.Radi.gu malware | No |
| U | GTVEpg | GTVEpg.exe | Part of Got All Media - control your TV tuner and other utilities from your PC | No |
| U | GTVRec | GTVRec.exe | Part of Got All Media - control your TV tuner and other utilities from your PC | No |
| N | Gtwatch | gtwatch.exe | Associated with a Mustec scanner and not required | No |
| X | gtydf | iisca.exe | Added by the CLAGGER-BB TROJAN! | No |
| X | gtydf | iscca.exe | Added by the DWNLDR-GTK TROJAN! | No |
| X | gtydf | ggrrgg.exe | Added by the DLOADR-AZK TROJAN! | No |
| U | Guard | Guard.exe | Related to Phoenix Technologies Core Managed Environment (cME) Integration and Certification program | No |
| Y | GuardGui Application | GuardGui.exe | System Tray access to the main user interface for Ashampoo® AntiVirus from Ashampoo GmbH & Co. KG. | Yes |
| U | Guardian | CMGrdian.exe | McAfee Guardian shortcut menu on the System Tray (looks like a castle) given access to Internet Security, Browser Buddy, File Guardian and help. Included with older versions of McAfee Internet Security and possibly others | No |
| U | Guardian PC Security Tools | Pfft.exe | Boomerang Software's Guardian PC Security Tools - now rebranded as the eXtendia Security Suite | No |
| X | GuardPcs.exe | GuardPcs.exe | GuardPcs rogue security software - not recommended, removal instructions here. A member of the AntiAID family | No |
| X | guarnset | guarnset.exe | Adlogix adware | No |
| X | gummy | gummy.exe | Added by the VANEBOT-AQ WORM! | No |
| X | GURL | gurl.exe | GURLWatcher spyware | No |
| U | GuruNet | GuruNet.exe | GuruNet lets you click on any word on your screen to get the relevant information you want | No |
| X | GustavVED | [filename].exe | Added by the OPASERV.H WORM! | No |
| X | gvagfxj | rundll32 ...gvagfxj.dll | Unidentified adware, spyware or virus | No |
| Y | gw port controller | PORTCT95.EXE | From a visitor - "I must keep it active in start up or my Lexmark printer and RCA Cam program cannot discover a working port to work". From the file properties, the file is known as "Smart Thru Fax Drive Spy" and is supplied by Samsung | No |
| N | GWInkMonitor | GWInkMonitor.exe | Gateway ink monitor - makes an annoying popup that says your printer may be running out of ink, do you want to buy some! | No |
| X | gwiz | ntsystem.exe | Added by the NITWIZ.A TROJAN! | No |
| X | gwiz | arpl.exe | Detected by F-Prot as W32/Downloader-Sml-based | No |
| N | GWMDMMSG | GWMDMMSG.exe | Used with internal modems on Gateway and vprMatrix PCs. This is the "GTW modem messaging applet" and is not required for the modem to work correctly | No |
| U | GWMDMpi | GWMDMpi.exe | Used with internal modems on Gateway PCs such as the 450SX Notebook. Required for audio settings to be maintained and does not remain in memory once run. See here for more information | No |
| U | gwum | gwum.exe | Gigabyte utility manager. Loads if you have a Gigabyte motherboard and got a full bundle of utilities installed. Monitors CPU, fans, BIOS etc. Only used by system "tweakers" | No |
| ? | gyy | gyy.exe | Possibly Gator (and therefore spyware) related? | No |
| X | G_Host | gHost.exe | Added by the AUTOIT-BP WORM! | No |
| X | G_Server.exe | G_Server.exe | Added by the FEUTEL-C TROJAN! | No |
| X | G_Server1.2.exe | G_Server1.2.exe | Added by the GRAYBIRD-Z TROJAN! | No |
| U | H/PC Connection Agent | WCESCOMM.EXE | Connection manager for Microsoft ActiveSync - mobile device synchronization software for Windows XP (and earlier), supporting mobile deivces based upon the Windows CE OS (such as Pocket PC, Handheld PC and Windows Mobile). Automatically launches ActiveSync (if enabled) when the mobile device is connected. If disabled it will re-instate the next time ActiveSync runs - hence the reluctant "U" recommendation | Yes |
| Y | H2O | cledx.exe | Related to copyright protection products by SyncroSoft | No |
| U | H2OWIBU | CXWibu.exe | Related to CodeMeter from WIBU-SYSTEMS AG. Software protection hardware | No |
| X | h4te Service Drivers | h4te.exe | Added by a variant of the RBOT WORM! | No |
| X | hachimitsu-lemon | hachimitsu-lemon.exe | Added by the HACHILEM TROJAN! | No |
| X | HackMuFpt | HackMuFpt.exe | Added by the SCLOG-AG TROJAN! | No |
| X | hagent | avp.exe | Added by the "Herman Agent" remote access TROJAN! | No |
| X | Halflife | halflife2.exe | Added by the AGOBOT-OC BACKDOOR! Note - this file is not associated with Valve Corporation's Half-Life 2 game | No |
| U | HalifaxHowardCluster | skinkers.exe | "Howard the Weatherman" desktop client from Halifax by Skinkers - marketing/messaging tool. Leave enabled if you want to receive messages | No |
| Y | Hamachi | hamachi.exe | LogMeIn Hamachi remote control and VPN software | No |
| U | HaMFrontPanel | hampanel.exe | Displays a panel simulating modem lights for the Intel HaM internal modem. The lights are useful as a reminder to disconnect from the net if you are likely to forget, but otherwise pointless | No |
| U | Handy Backup 3.9 | hbagent.exe | Handy Backup - automatic backup of your critical data to virtually any type of storage media including CD-RW devices and remote FTP servers | No |
| X | HanUpdate | hanz.exe | Added by the RBOT-GLJ WORM! | No |
| N | Hard Disk Sentinel | HDSentinel.exe | Hard Disk Sentinel - a multi-OS hard disk drive monitoring application. Its goal is to find, test, diagnose and repair hard disk drive problems, display hard disk health, performance degradations and failures | No |
| X | Hard drive Controller | hdcontroller.exe | Added by the KIMAN.B WORM! | No |
| X | HardDriveGuard | SysRep.exe | HardDriveGuard rogue system error and cleaning utility - not recommended. A member of the ErrClean family | No |
| U | Hardware Doctor | Hwdoctor.exe | Winbond Hardware Doctor - as included on some motherboard using Winbond's hardware monitoring chips. Displays fan speeds, voltages, temperatures. Only required if you're concerned about your system temperature - typically for "overclocked" systems | No |
| X | Hardware Monitor Service | mshms.exe | Added by the WOLLF-A TROJAN! | No |
| X | Hardware Profile | hxdef.exe | Added by the LOVGATE.AB WORM! | No |
| X | Hardware Profile | hxdef.exe... | Added by the LOVGATE.Z WORM! | No |
| U | Hardware Sensors Monitor | hmonitor.exe | Utility to monitor fan speed and temperatures - similar to Motherboard Monitor. Only required if you're concerned about your system temperature - typically for "overclocked" systems | No |
| X | Hardware Shell Detection | WinHSD.exe | Added by a variant of the RBOT WORM! | No |
| U | Hare | hare.exe | Hare - improve and optimize performance of desktop/laptop PCs | No |
| U | Harmony 98 - CasioOrg | CasAgnt.exe | Enterprise Harmony 98 for CASIO - synchronization software for use with Microsoft® Outlook 97/98/2000 | No |
| X | HataDuzelticisi | SysRep.exe | HataDuzelticisi, Turkish rogue system error and cleaning utility - not recommended. A member of the ErrClean family | No |
| X | HATAPE | [path to trojan] | Added by the BANKER-QF TROJAN! | No |
| U | HawkEye | HAWK_95.EXE | Control Panel application for the old Number Nine graphics cards to change resolution, colour depth, etc. Available via Start -> Programs | No |
| U | HawkEye IV Control Panel | HAWK_32.EXE | Control Panel application for the old Number Nine graphics cards to change resolution, colour depth, etc. Available via Start -> Programs | No |
| U | Hawking HWU54G Utility | HWU54G.exe | Wireless management utility for the HWU54G Mini Wireless-G USB Adapter from Hawking Technologies, Inc | No |
| U | Hawking Wireless Utility | HWU8DD.exe | Wireless management utility for the HWU8DD Hi-Gain™ USB Wireless-G Dish Adapter from Hawking Technologies, Inc | No |
| X | Hbinst | Hbinst.exe | Hotbar adware | No |
| N | HC Reminder | hc.exe | For Compaq PC's. Help Compiler, crunches help database, will run without being in startup when needed | No |
| N | HCDetect | HCDetect.exe | MS HomeClick Network - simple home network setup and configuration program included with 3Com HomeConnect home networking products. Runs in the background for network printer notification, detection, and Internet Connection Sharing (ICS) taskbar icon. Not required - network can be set-up manually, also has a known memory leak problem | No |
| X | hcen | hcen.exe | Added by the SMALL.LR TROJAN! | No |
| U | hcenter | tgcmd.exe | Part of software from SupportSoft (aka Support.com) provided to manufacturers and ISPs that allows them to offer on-line support - to update drivers, fix faults, etc. Also see the TgAddServer entry. This part ensures the software is installed correctly (similar to an installation wizard) as reported by Cox. Regarded as spyware by some as it has the ability to retrieve user information. Whether it does so depends upon the provider. One Toshiba user reports problems with hibernate on his laptop if disabled - hence the "U" recommendation" | No |
| U | hcenter | hcenter.exe | Bellsouth help center. Part of software from SupportSoft (aka Support.com) provided to manufacturers and ISPs that allows them to offer on-line support - to update drivers, fix faults, etc. Also see the TgAddServer entry. This part ensures the software is installed correctly (similar to an installation wizard) as reported by Cox. Regarded as spyware by some as it has the ability to retrieve user information. Whether it does so depends upon the provider. One Toshiba user reports problems with hibernate on his laptop if disabled - hence the "U" recommendation" | No |
| X | hclean32.exe | hclean32.exe | Wareout - malware masquerading as a spyware and dialer remover | No |
| U | Hcontrol | hcontrol.exe | Hotkeys on an ASUS Notebook. Only required if you use the additional keys | No |
| N | hcsystray | hc_tray.exe | Kuma Notifier for the Shootout! game from the History Channel. "It lets you know whenever there's a new episode that's been released or an announcement from the Kuma team. Just click it to get up-to-the-minute game and event information" | No |
| N | HD Audio Control Panel | RtHDVCpl.exe | Realtek HD Audio Manager, installed with the Vista drivers for on-board Realtek HD audio codecs. Unless you have the default (but optional) System Tray icon enabled, the only purpose this entry serves is to detect and allow you to configure any devices plugged into the jacks - such as headphones and a microphone. With the System Tray icon enabled it will also inform you when devices are removed and give you access to the Sound Manager and other multimedia functions. The Sound Manager is also available via the Control Panel and this entry is therefore only required if you regularly change sound schemes | Yes |
| N | HDAShCut | HDAShCut.exe | High definition audio page shortcut for Realtek audio devices - not required | No |
| U | HDAudDeck | HDAudioCPL.exe | Vista control panel for VIA Vinyl HD Audio Codecs from VIA Technologies, Inc - such as the VT1708B | No |
| U | HDAudDeck | HDeck.exe | XP control panel for VIA Vinyl HD Audio Codecs from VIA Technologies, Inc - such as the VT1708B | No |
| X | HDAudio | hda.exe | Added by the TACTSLAY.U TROJAN! | No |
| X | HDAudio Driver 1.0 | [random filename].exe | Added by the TEADOOR-D TROJAN! | No |
| X | HDAudio Driver 2.0 | [random filename].exe | Added by the TEADOOR-E TROJAN! | No |
| U | HDDControlGuard | HDDControlGuard.exe | Part of Ashampoo® HDD Control from Ashampoo GmbH & Co. KG - a hard drive monitoring utility which also incorporates defragmentation and cleaners for browsing history and unnecessary files. This entry loads the Ashampoo HDD Control Guard component on startup which runs in the background and monitors the hard drives and provides System Tray access | Yes |
| U | HDDControlGuard.exe | HDDControlGuard.exe | Part of Ashampoo® HDD Control from Ashampoo GmbH & Co. KG - a hard drive monitoring utility which also incorporates defragmentation and cleaners for browsing history and unnecessary files. This entry loads the Ashampoo HDD Control Guard component on startup which runs in the background and monitors the hard drives and provides System Tray access | Yes |
| U | HDDHealth | hddhealth.exe | HDD Health is a "full-featured failure-prediction agent for machines using Windows 95, 98, NT, Me, 2000 and XP. Sitting in the system tray, it monitors hard disks and alerts you to impending failure" | No |
| U | HDDlife | HDDlife.exe | HDDlife checks the health of your hard drives at regular intervals and informs you about the results of these checks | No |
| ? | HDhelp | tbhdhelp.exe | Associated with Philips Edge series soundcards. Is it required? | No |
| X | hdlfoe df98ndf | svchots.exe | Added by a variant of the RBOT WORM! | No |
| X | hdlpscom | [8 random letters].exe | Added by the RBOT-FUL WORM! | No |
| X | HDriveSweeper | HDriveSweeper.exe | HDriveSweeper rogue privacy program - not recommended, removal instructions here | No |
| N | HDtray | HDtray.exe | Philips Edge Series Control Panel Tray Utility - system tray icon for a Philips Edge series soundcards. Available via Start -> Settings -> Control Panel | No |
| X | he3bbcff | rundll32.exe he3bbcff.dll, EnableRunDLL32 | LZIO.com adware downloader. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "he3bbcff.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| X | he3e3fc4 | rundll32.exe he3e3fc4.dll, EnableRunDLL32 | LZIO.com adware downloader. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "he3e3fc4.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| X | Hekio Startups | Hnksvc32.exe | Added by the AGOBOT-QE WORM! | No |
| X | HELLBOT TEST | 1hellbot.exe | Added by the MYDOOM.BO WORM! | No |
| X | HELLBOT3 | coolbot.exe | Added by the MYTOB.AB WORM! | No |
| X | hellfire | svchost.exe | Added by the LEOX.D TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | hellodolly | shost.exe | Added by the YODO WORM! | No |
| X | HelloInt | hello3.exe | Added by the CASAL.A TROJAN! | No |
| X | helloserv | helloserv.exe | Added by the ZHELATI.BHA WORM! | No |
| X | helloworld | nb32ext2.exe | Added by the MYDOOM.BV WORM! | No |
| X | helloworld | nb32ext3.exe | Added by the MYTOB.JT WORM! | No |
| X | helloworld3 | nb32ext4.exe | Added by the RITDOOR.A WORM! | No |
| ? | Help | helpext.exe | ?? | No |
| X | help | help.scr | Added by the BANCOS-BBU TROJAN! | No |
| X | Help | Wizardnil.exe | Added by the BANCOS-BCZ TROJAN! | No |
| X | Help | lshost.exe | Identified as a variant of the Trojan-Clicker.Win32.Delf.aro malware | No |
| X | Help Temp Files | netreg.exe | Added by the FORBOT-EM WORM! | No |
| X | Help Temp Files | emp32.exe | Added by the FORBOT-EC WORM! | No |
| U | HelpCenter | sprtcmd.exe /P HelpCenter | Self-help support tool for BellSouth's FastAccess® DSL (now owned by AT&T) broadband service (provided by SupportSoft, Inc). Identifies and automatically fixes typical problems that may occur with your high-speed internet service | No |
| U | HelpCenter4.1 | sprtcmd.exe /P HelpCenter4.1 | Self-help support tool for BellSouth's FastAccess® DSL (now owned by AT&T) broadband service (provided by SupportSoft, Inc). Identifies and automatically fixes typical problems that may occur with your high-speed internet service | No |
| X | helpctl.exe | helpctl.exe | Added by the GASLIDE TROJAN! | No |
| X | Helper | eschlp.exe | Added by the BLASTER.T WORM! | No |
| X | HELPER | greece_nm.exe | AsdPlug premium rate adult content dialer variant | No |
| X | HELPER | Netherlands.exe | AsdPlug premium rate adult content dialer variant | No |
| X | HELPER | new_zealand.exe | AsdPlug premium rate adult content dialer variant | No |
| X | HELPER | sweden.exe | AsdPlug premium rate adult content dialer variant | No |
| X | HELPER | canada.exe | AsdPlug premium rate adult content dialer variant | No |
| X | HELPER | france.exe | AsdPlug premium rate adult content dialer variant | No |
| X | HELPER | temp532.exe | AsdPlug premium rate adult content dialer variant | No |
| X | helper.dll | rundll32.exe [path] helper.dll | CnsMin (Chinese Keywords) hijacker related. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| X | HelpExp.exe | HelpExp.exe | Attune HelpExpress - spyware. Disable and uninstall - see here | No |
| X | helpmanager | spoler.exe | Added by the RANDEX.J WORM! | No |
| X | helpo | helpo.exe | Added by the BANLOA-BU TROJAN! | No |
| X | helpw | helpw.exe | Adware downloader | No |
| X | hen | [filename].exe | Added by the TARNO.G TROJAN! | No |
| X | heomstool | heomstool.exe | Added by the HEOMS TROJAN! | No |
| Y | HEProtect | HSockPE.exe | Part of the AntiSpam function of the HAURI ViRobot Desktop internet security suite | No |
| ? | HerculesCamService | CamService.exe | Related to the Hercules Dualpix HD Webcam. What does it do and is it required? | No |
| X | hErcUnes | softhost.exe | Added by the GARROCH WORM! | No |
| X | herjek | herjek.exe | Added by the NUWAR.APJ WORM! | No |
| U | Hermes Messenger | DGDRHE~1.EXE | A LAN messenger alternative to WinPopUp - Digital Dreams Software | No |
| X | Hewlett Packard Manager | hpmanager.exe | Added by the MYTOB.KE WORM! Note - this is not a valid Hewlett-Packard program | No |
| N | Hewlett Packard Recorder | Remind32.exe | HP multifunction registration | No |
| U | Hf | Hf.exe | Hide Folders - hide your folders so only you can view them | No |
| X | HF Security | hfsecure.exe | Added by the AGOBOT-TI WORM! | No |
| X | hfdtubvnx | keepSafe.exe | Added by the KILLAV.KAX TROJAN! | No |
| Y | hffsrv | hffsrv.exe | Hide Files & Folders - "great easy-to-use password-protected security utility working at Windows kernel level you can use to password-protect certain files and folders, or to hide them securely from viewing and searching just with a click of mouse". If this entry is disabled, any files/folders that are protected/hidden will no longer be accessible without first accessing the main program | Yes |
| Y | hffsrv.exe | hffsrv.exe | Hide Files & Folders - "great easy-to-use password-protected security utility working at Windows kernel level you can use to password-protect certain files and folders, or to hide them securely from viewing and searching just with a click of mouse". If this entry is disabled, any files/folders that are protected/hidden will no longer be accessible without first accessing the main program | Yes |
| U | hfxp | hfxp.exe | Hide Folders XP - hide your folders so only you can view them | No |
| X | hgkytwe | keepSafe.exe | Added by the KILLAV.KAX TROJAN! | No |
| X | hgqhp.exe | hgqhp.exe | Added by the FLUSH.F TROJAN! | No |
| N | HGTXPEI | FirstReboot.exe | Herucles Audio tool for the Hercules Game Theater XP soundcard. Available via Start -> Settings -> Control Panel | No |
| X | hhtnsn | rnxntup.exe | Added by a variant of the ORCU.B TROJAN! | No |
| ? | HiberMonitor | HCount.exe | ?? | No |
| U | Hibernation | hib32.exe | Reduces the power consumption when the laptop isn't being used to preserve battery power. Similar programs on other laptops reduce the processor clock rate, etc. Required if you run of battery regularly | No |
| X | Hid.exe | hid.exe | Added by the RATSOU.B TROJAN! | No |
| U | Hide and Protect any Drives for Win95/98/Me/2k/XP | HPDAgent.exe | Loads Hide and Protect any Drives - which allows you to "Protect Hard drive, CD, DVD, floppy and flash, and deny access to partitions of your hard drives. Stop unauthorized software installations and data leak by removable media". If disabled, hidden and locked drives still retain their original status so the user will only be able to change their status them via the main UI | Yes |
| X | hiden | hiden.exe | Added by the AGENT-IW TROJAN! | No |
| U | HideOE | HideOE.exe | HideOE - allows you to 'hide' Outlook Express or minimize it to the System Tray | No |
| X | HideRun.exe | Hiderun.exe and svhost.exe and pro.gif | Added by the BOOHOO WORM! | No |
| X | HideStyle | Ante Browse Trust.exe | IE toolbar taking you to Lop.com. If the exe is running, close it and remove the %ProgramFiles%\Stupidmore directory | No |
| U | Hidetools Spy Monitor | wmispe.exe | HideTools Spy Monitor surveillance software. Uninstall this software unless you put it there yourself | No |
| U | hidserv | hidserv.exe | This is the Human Interface Device Server for Win98SE/2000/Me/XP, it is required only if you are using USB Audio Devices you can disable via Msconfig. See here. Typical examples are USB multimedia keyboards with volume control and web-ready keyboards. For example - loaded by default with MS DSS80 Speakers because they have Volume, Mute and Bass controls on the speaker. Some users may experience problems disabling this - if this is the case then re-enable it. Equivalent to MMHid in Win98. On HP Computers, HIDSERV is the controller for the keyboard sound controls on the USB and PS/2 keyboards | No |
| X | hid_start | gzmrotate.dll | AdRotator/IconAds adware | No |
| U | High Definition Audio Property Page Shortcut | CHDAudPropShortcut.exe | Realtek audio card related. Probably adds the odd feature to one of the "Sounds" Control Panel applet tabs - doesn't appear to be required | No |
| N | High Definition Audio Property Page Shortcut | HDAShCut.exe | High definition audio page shortcut for Realtek audio devices - not required | No |
| U | High Definition Audio Property Page Shortcut | CHDAudPropShortcut.exe | Realtek audio card related. Probably adds the odd feature to one of the "Sounds" Control Panel applet tabs - doesn't appear to be required | No |
| X | HighKey1 | HighKey1.exe | Detected by AVG as GENERIC12.LHE - see here | No |
| Y | HighPoint ATA RAID Management Software | raidman.exe | HighPoint RAID management - hard disk striping/mirroring utility for increased performance and reliability. See here for more information on RAID | No |
| X | Highspeeddownloader | SetupClickHere.EXE | Homepage hijacker, redirecting to "turbo-search101.com" - see here | No |
| U | HijackThis | HijackThis.exe | "HijackThis is a free utility which quickly scans your Windows computer to find settings that may have been changed by spyware, malware or other unwanted programs". This option is added when you select Config → "Run HijackThis scan at startup..." once a scan has been performed | No |
| U | HijackThis startup scan | HijackThis.exe | "HijackThis is a free utility which quickly scans your Windows computer to find settings that may have been changed by spyware, malware or other unwanted programs". This option is added when you select Config → "Run HijackThis scan at startup..." once a scan has been performed | No |
| X | HijSrv32 | hijsrv.exe | Added by the BANKGERM-D TROJAN! | No |
| X | himem.exe | [path to worm] | Added by the STRATION-FW WORM! | No |
| X | HistoriaLout. | GDC.exe | HistoriaLout. rogue privacy tool - not recommended. A member of the PCPrivacyTool family | No |
| N | HistoryKill | histkill.exe | HistoryKill removes your web surfing path by removing the URL drop-list history, detailed history file, cache, and cookies in both IE and Netscape Navigator browsers. Available via Start -> Programs | No |
| U | Hitman Pro SurfRight Helper | srhelper.exe | Hitman Pro - a utility to start a number of Security Protection software. They can be started individualy | No |
| X | HitQ | HitQ.exe | Hijacker, for more information see here | No |
| U | HitwarePKLite | HITWAR~1.EXE | Hitware Popup Killer Lite | No |
| X | HIV | HIV.exe | Added by the HIVA TROJAN! | No |
| U | hk | hk.exe | KeyLoggerExp keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| U | hkcmd | hkcmd.exe | Hot Key handler for Intel desktop and mobile motherboard chipsets with integrated graphics. With this enabled, you can access settings like graphics properties and screen rotation via pre-programmed key combinations - such as CTRL+ALT+F12 which displays the graphics properties (otherwise available via a right-click on the desktop or the Control Panel). Different chipset versions may have different pre-programmed settings and in some cases these may be programmable | Yes |
| X | HKEYok | runlli32.exe | Added by the QQPASS-U TROJAN! | No |
| X | HKLM\\Run | svhost.exe | Added by the FORBOT-AO BACKDOOR (where HKLM\\Run represents HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run)! | No |
| X | HKLM\Run | windowsupdate.exe | Added by the FORBOT-BJ WORM (where HKLM\Run represents HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run)! | No |
| U | hkserv | HKserv.exe | Keyboard manager program required to use programmable power and function keys on some laptops such as the Sony PCG R505TS | No |
| U | hkss | hkss.exe | Compaq HotKey Support - multimedia keyboard support | No |
| X | HLcleanup | hlsetup2.exe | LinkReplacer/FFinder adware | No |
| X | hldrrr | hldrrr.exe | Added by the BAGLE-KF WORM! | No |
| X | hlhtxo.exe | hlhtxo.exe | Added by the QLOWZONES-27 TROJAN! | No |
| X | HLL Data Parameter | hllcxpa.exe | Added by the RBOT.AFG WORM! | No |
| X | HMI PowerSystem | hmisvc32.exe | Added by the RANDEX.CZZ WORM! | No |
| X | HML PowerSource | hmlsvc32.exe | Added by the SDBOT-XL WORM! | No |
| U | Hmonitor | Hmonitor.exe | Hardware sensor monitoring program. Only required if you overclock your system and want to check on the status | No |
| X | HMV PowerSource | hmusvc32.exe | Added by the SDBOT-YW WORM! | No |
| X | ho2stdll.exe | ho2stdll.exe | Added by the BANKER-HO TROJAN! | No |
| X | hohohhaha | ournik.com | Added by the IRCFLOOD.AL BACKDOOR! | No |
| X | HOI Services | holsvc32.exe | Added by the AGOBOT-SF WORM! | No |
| N | Holiday Lights | Holiday Lights.exe | Holiday Lights from Tiger Technologies. Festive desktop enhancement that adds lights. Available via Start -> Programs | No |
| X | Hollaback | slvhosts.exe | Added by the SDBOT.BMO WORM! | No |
| X | Home Antivirus 2010 | HomeAntivirus2010.exe | Home Antivirus 2010 rogue security software - not recommended, removal instructions here | No |
| N | Home Theater SchSvr | SchSvr.exe | WinScheduler is installed with Home Theater Remote Control for WinDVD from Intervideo. If you want to schedule recordings from your TV tuner card, you will need it. Available via Start -> Programs | No |
| U | HomeAlarm | HomeAlarm.exe | Chameleon Clock - system tray clock replacement | No |
| X | HomeAntivirus 2009 | HomeAntivirus2009.exe | HomeAntivirus 2009 rogue security software - not recommended, removal instructions here | No |
| X | HomeAV | homeav.exe | Home Personal Antivirus rogue security software - not recommended, removal instructions here | No |
| ? | HomeCentre WakeUp | LGWAKEUP.EXE | Associated with the no longer supported Xerox HomeCentre printer/scanner | No |
| U | HomeKeyLogger | KeyLogger.exe | SpyKeySpy surveillance software. Uninstall this software unless you put it there yourself | No |
| X | Homeland Network | HomelandNetwork.exe | Homeland Network Notifier - pops ads | No |
| X | homepage.monitor.exe | isamonitor.exe | Added by the ZLOB.MEDIA-CODEC TROJAN! This purports to be a Windows Media Player upgrade (with names such as "iCodecPack", "X Password Manager" and "Media-Codec") to allow the user to view adult oriented videos on certain websites - but actually downloads and installs additional malware on the user's machine. Various directories and filenames are used - see the link for details | No |
| U | HondaHelper | HondaHelper.exe | Part of Honda Music Link which allows you to use your Honda's audio system's controls to play and search for music on your iPod® in you car | No |
| ? | Honor | honor.exe | ?? | No |
| U | Hook99startup | hk2re.exe | "Hook99 enables the user to customize the start button. You can change or remove the text and replace the Windows flag on button with icon of your choice. Supports Windows icons, bitmaps and can extract icons from executables and libraries. Hook99 can also make the background of desktop icons captions transparent" | No |
| U | HookSys | HookSys.exe | SurfinGuard Pro from Finjan - internet protection software, protects against all malicious code delivered through executables, scripting files, ActiveX and Java | No |
| U | HornetMonitor | MntrHrnt.exe | Hornet Monitor - monitoring system that detects and responds to unauthorized access attempts and sources of channel interference on any local DSSS network | No |
| Y | HorngTech4D | bally4d.exe | HorngTech 4D mouse driver | No |
| X | Host | N/A | Added by the POPDIS or STARTPAGE.F TROJANS! | No |
| X | host | help.exe | IESearchToolbar parasite. Identified by Ewido Security Suite (Ewido is now part of AVG Technologies) as the DELF.LF TROJAN! | No |
| X | Host Process | mame.exe | Added by the RBOT-APO WORM! | No |
| X | Host Process | svchost.exe | Added by the IRCBOT.AGF BACKDOOR! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in the Fonts directory | No |
| X | hostdll.exe | hostdll.exe | Added by the BANKER-BO TROJAN! | No |
| U | HostManager | AOLHostManager.exe | Manages a component essential to the operation of most current AOL software. If you remove it from startup it will load when IE is launched, increasing launching time | No |
| N | HostManager | AOLSoftware.exe | Quoted from AOL Beta Team, "Manages a component essential to the operation of most current AOL software, client or not. You should be able to remove it from Startup (it'll just load when Explorer is launched, which will extend load time a bit), but do leave it on your system" | No |
| X | Hostname Manager Server | host32srv.exe | Added by a variant of the RBOT WORM! | No |
| X | Hostren.exe | Hostren.exe | Added by PWS.BANKER.F, a variant of the BANKER-BO TROJAN! | No |
| X | hostserv | hostserv.exe | Added by the RBOT.BPZ WORM! | No |
| X | hostserv | wiz98.exe | Added by a variant of the SDBOT WORM! | No |
| U | HostsFileMgr | winHostsEdit.exe | AdBin from Gilmore Software Development. An easy solution to managing your Window's hosts file | No |
| U | HostsMan | hm.exe | "HostsMan is a freeware application that lets you manage your Hosts file with ease". It is mainly intended to block specific domains (mostly advertising servers) by redirecting them to localhost, but can also be used to add any other domain/Ip combination that you want to be included in the HOSTS file | No |
| X | HostSrv | sachostx.exe | Added by the LOOKSKY.H WORM! Drops multiple files in the System (9x/ME) or System32 (NT/2K/XP) folders | No |
| X | HostSrv | sachostx.exe | Added by the LOOKSKY.A or LOOKSKY.F or LOOKSKY.G WORMS! | No |
| X | HostSrv | sachostx.exe... | Added by the LOOKSKY.E WORM! | No |
| X | HostSVC syse | HostSVC.exe | Added by the RBOT-ANZ WORM! | No |
| X | Hot 8.0 Live | hot.exe | Added by the BANKER.EIE TROJAN! | No |
| U | Hot Corners | Hotc.exe | Hot Corners - "lets you quickly activate or disable your screen saver by moving the mouse into a given corner of the screen" | No |
| X | HOT FIX | Gothic.exe | Added by the SDBOT.FIR WORM! | No |
| X | HOT FIX | filename.exe | Added by the SDBOT-DKM WORM! | No |
| X | Hot Inside | Hottest Story Ever.exe | Added by the BHARAT.A WORM! | No |
| U | Hot Key Kbd 2690 Daemon | SK2690DM.EXE | Multi-function keyboard driver. Allows the use of programmable keys on mulimedia keyboards. Required if you use the additional keys | No |
| U | Hot Key Kbd 9910 Daemon | SK9910DM.exe | Multi-function keyboard driver. Allows the use of programmable keys on mulimedia keyboards. Required if you use the additional keys | No |
| ? | Hot Party 22 | hotpart22.exe | ?? | No |
| X | HotAction_hr | hotaction_hr.exe | Added by the SITEICON-B DIALER! An uninstall option can be accessed via the Add or Remove Programs dialog in the Windows Control Panel. The software is listed as "HotAction_hr" | No |
| X | Hotbar | Hbinst.exe | Hotbar adware | No |
| X | Hotbar | HbOEAddOn.exe | Hotbar adware | No |
| X | HotbarOE | OEAddOn.exe | Hotbar adware | No |
| X | HotbarSA | HotbarSA.exe | Hotbar adware | No |
| X | hotdlll | remote.cmd | Added by the BANKER-EHG TROJAN! | No |
| X | hotdlll | vmmreg32.exe | BANKER.DX spyware | No |
| X | hotefix | msnmanegers.exe | Added by the IRCBRUTE.AS TROJAN! | No |
| X | hotfix | msnnmaneger.exe | Added by the WOOTBOT.AF WORM! | No |
| X | Hotfix Updat | svdhost32.exe | Added by the GAOBOT.ZW WORM! | No |
| U | HOTFOON2 | hotfoon4.exe | Related to Hotfoon - a developer and provider of Internet Telephony technology based on LTP (Lightweight Telephony Protocol) | No |
| U | HotIDE | hotide.exe | HotIDE allows Acer TravelMate owners to hot-swap external drives without switching of their notebooks | No |
| U | HotkeyApp | HotkeyApp.exe | Programmable keys on Acer, Fujitsu and other laptops | No |
| U | HotKeysCmds | hkcmd.exe | Hot Key handler for Intel desktop and mobile motherboard chipsets with integrated graphics. With this enabled, you can access settings like graphics properties and screen rotation via pre-programmed key combinations - such as CTRL+ALT+F12 which displays the graphics properties (otherwise available via a right-click on the desktop or the Control Panel). Different chipset versions may have different pre-programmed settings and in some cases these may be programmable | Yes |
| X | HotKeysCmds | [path to worm] | Added by the PAHATIA-A WORM! | No |
| X | HotPix | hotpix.exe | Adult content dialler | No |
| X | hotplug | hotplug.exe | Added by the SILLYDL TROJAN! | No |
| U | Hotplug | hot_plug.exe | Related to the SiS_Hot_Plug_Application. Enables automated driver loading for hotpluggable devices. If this service is stopped, hotplug devices will no longer function | No |
| N | HotSync Manager | hotsync.exe | Installed when connecting a Palm HotSync cradle up to a USB port. The Blue and Red Arrow Icon that enables Palm / Handspring Synchronizing. Available via Start → Programs | No |
| X | hotwetlove | hotwetlove.exe | Adult content dialler. Will not uninstall - components have to be manually deleted | No |
| X | Hot_Kiss | Hot_Kiss.exe | Adult content dialler | No |
| X | Hot_Tarts | Hot_Tarts.exe | Adult content dialler | No |
| X | Hot_Tarts_** | Hot_Tarts_**.exe | Premium rate adult content dialer (where * is a random char) | No |
| X | Hot_Tarts_Au | Hot_Tarts_Au.exe | Premium rate adult content dialler | No |
| X | Hot_Tarts_mc | Hot_Tarts_mc.exe | HotTarts adult content dialer | No |
| U | HoverDesk | HoverDesk.exe | HoverDesk - desktop replacement software | No |
| X | HP | mon.exe | Added by the SILLYFDC WORM! | No |
| ? | hp 1000 firmware | fwdl.exe | HP LaserJet 1000 related. Is it a driver or automatic firmware update (based upon the filename)? | No |
| U | HP AutoIndexer | hppautoindexer.exe | Installed by HP multi-function printer driver software, related to PC faxing. If you are not using the PC faxing feature you can go ahead and disable these services from the startup | No |
| N | HP CD Writer | hpcdtray.exe | System Tray access to a HP CD-Writer's functions. Available via Start -> Programs | No |
| N | HP CD-DVD | hpcdtray.exe | System Tray access to a HP CD-Writer's functions. Available via Start -> Programs | No |
| N | HP CD-Writer | hpcdtray.exe | System Tray access to a HP CD-Writer's functions. Available via Start -> Programs | No |
| X | hp center | BACKWEB-*****.exe | See here - "messaging service that automatically sends you support information, tips, ideas, and special offers from HP and our partners, especially designed for HP and Compaq desktop computer owners". Applies to certain HP Pavilion desktop computers between Fall 2001 and Spring 2003. * can be any digit | No |
| N | hp center UI | ShadowBar.exe | User Interface for HP Center - see here | No |
| N | HP Component Manager | hpcmpmgr.exe | Checks the internet for updated drivers/utilities for your HP product - update manually. Disabling will remove the error "Windows can't shutdown the computer because hpcmpmgr.exe can't be ended" | No |
| X | HP Deskjet | HP_DeskJet_500.exe | Added by the FORBOT-DA WORM! | No |
| X | HP Desktop | ccappms.exe | Added by the SDBOT-TG WORM! | No |
| U | HP Digital Imaging Monitor | hpqtra08.exe | System Tray access to HP Director. Required if you prefer to use the all-in-one buttons to manually scan documents or transfer photos froma camera, for example | No |
| U | HP Display Settings | hpdisply.exe | Sets default display settings. Unchecking this item has been reported to cure a "Problem sending command to keyboard" error message | No |
| U | HP Health Check Schedule | HPHC_Scheduler.exe | HP Health Check Scheduler from Hewlett-Packard | No |
| ? | HP IDScheduler | HPIDSCHD.exe | HP Instant Delivery Scheduler | No |
| N | HP Image Zone Fast Start | hpqthb08.exe | Improves the startup time of HP Image Zone. If you disable it, HP Image Zone takes a long time to start up only the first time you run it. Subsequent startups are much faster than the first time | No |
| N | HP Info Express | ?? | On HP PCs, allows the computer to automatically receive notifications from HP over the Internet. Associated with BackWeb | No |
| U | HP Instant Support | matcli.exe | "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, state, etc and gets written to a log file". HP Instant Support is required to run with the Help and Support program. If you uncheck HP Instant Support and and then run Help and Support it will add another HP Instant Support in the startup menu. If you remove the HP Instant Support in the add/remove program some help menus in help and support will not be available. You decide | No |
| N | HP Internet Center | SURFBRD.EXE | Loads the HP Internet center surfboard on startup. HP Internet Center allows you to customize the multimedia keys on the fly without having to go the Control Panel --> Keyboards to change them | No |
| N | HP JetDiscovery | HPJETDSC.EXE | HP JetAdmin software which monitors printing jobs on a network environment | No |
| N | HP JetSpeed Autostart | AUTOSTART.EXE | Autostart executable for the old multiplayer game HP Jetspeed | No |
| U | HP Laser Jet Director | hppdirector.exe | System Tray icon that opens various functions such as copy, fax, email, scan, copy plus, etc. Right-click on it and you see a few options such as the preceding bar plus About, Help, ToolBox, Exit, etc | No |
| ? | HP Network Registry Agent | hpnra.exe | ?? | No |
| ? | HP OfficeJet Series xxx Startup | HPOSTR03.EXE | xxx represents the series number - such as 700. What does it do and it it required? | No |
| ? | HP OfficeJet Series xxx Startup | HPOstr05.exe | xxx represents the series number - such as 700. What does it do and it it required? | No |
| N | HP Parallel Port Test | hppt.exe | Associated with a HP ScanJet scanner | No |
| X | HP Photo Manager | HPPhotoManager.exe | Added by the SDBOT.AXU WORM! | No |
| N | HP Photosmart Premier Fast Start | hpqthb08.exe | Improves the startup time of HP Image Zone. If you disable it, HP Image Zone takes a long time to start up only the first time you run it. Subsequent startups are much faster than the first time | No |
| ? | HP Port Resolver | hpbpro.exe | ?? | No |
| N | HP Precision Scan | hpmdlbwx.exe | HP multifunction scanner software. Available from HP Office Jet R Toolbox so not required | No |
| N | HP Presentation Ready | PresRdy.exe | HP Omnibook related: "Press a dedicated button above the keyboard and the system will instantly load your presentation software and change the screen resolution to match your display device" | No |
| U | hp psc 2000 Series | hpobnz08.exe | System Tray icon indicating when the printer is ready. Can be started manually with HP Director but takes time to start | No |
| U | HP RecordNow | ?? | From HP "Software for the CD writer. Do not prevent from starting unless the CD writer is never going to be used." | No |
| U | HP ScanPatch | HPScanFix.exe | Program that starts up and automatically fixes earlier versions of the Scanjet 5100c software. If a Scanjet 5100C scanner is not going to be used, then it is safe to remove or prevent from starting | No |
| N | HP ScanPicture | hpsplmwa.exe | HP multifunction scanner software. Available from HP Office Jet R Toolbox so not required | No |
| U | HP SchedIndexer | hppschedindexer.exe | Installed by HP multi-function printer driver software, related to PC faxing. If you are not using the PC faxing feature you can go ahead and disable these services from the startup | No |
| X | HP Service Drivers | hdsys.exe | Added by the SDBOT-ZE WORM! | No |
| ? | hp Silent Service | HpSrvUI.exe | HP related | No |
| N | HP Simple Trax | Hpcron.exe | Supplied with HP CD-RW drives - stores information about CD contents on your hard drive. Available via Start -> Programs or Desktop Icon | No |
| N | HP software update | HPWuSchd2.exe | HP software updates. If a shortcut doesn't exist create your own and run it manually | No |
| N | HP software update | HPWuSchd.exe | HP software updates. If a shortcut doesn't exist, create your own and run it manually | No |
| N | HP Status | hpstatus.exe | HP Printer Status and Alerts | No |
| ? | HP Status Server | hpboid.exe | Copied during installation of HP Inkjet Printer Drivers in Win2K/XP. What does it do and is it required? | No |
| U | HP TV Now | HpTvNow.exe | Application supplied with HP notebooks. It activates the S-Video port and is said to improve the quality of the output signal (resolution/timeouts) | No |
| X | HP Update Assistant | HPAware.exe | Added by the MRO TROJAN! | No |
| N | HP Updates | ?? | On HP PCs, allows the computer to automatically receive notifications from HP over the Internet. Associated with BackWeb | No |
| ? | HP Visualize Init | HpVisIni.exe | HP Visualize software related. What does it do and is it required? | No |
| N | HP-Aio Flight | Remind32.exe | HP multifunction registration | No |
| U | HPADVISOR | HPAdvisor.exe | HP Total Care Advisor - a suite of help and hardware check programs to help you check the health of your PCs | No |
| N | hpaiodevice | hpodev07.exe | Direct from HP - "Device Objects Server - detects all device events and handles all ongoing communication on the device. Loads in the Startup group (except when "portable" is chosen during installation)". Related to various HP all-in-one printer/scanner/copier devices. They print and copy fine with those files disabled, and the icon installed on the desktop that points to "hpodir07.exe" works just fine if you need to use the scanner | No |
| ? | HPAiODevice(hp officejet g series) | hpoavn07.exe | HP Printer related, reportedly lets file transfers from an HP device pass files through Windows firewall. Is it required? | No |
| N | HPAiODevice(hp psc 900 series) -1 | hpobrt07.exe | Installed with a Hewlett Packard 900 series colour printer, scanner, fax, photo card slot printer, copier. Assumed to perform an identical function to the hpaiodevice entry | No |
| N | HPAIO_PrintFolderMgr | hpoopm07.exe | Directly from HP: "This process has one purpose - detects if the device moves to a different port, and notifies other processes to look on the new port." For various HP all-in-one printer/scanner/copier devices. They print and copy fine with those files disabled, and the HP icon installed on the desktop that points to "hpodir07.exe" works just fine if you need to use the scanner | No |
| U | HPBootOp | HPBootOp.exe | "HP Boot Optimizer intelligently and dynamically launches software during startup, based on available resources, to improve startup performance" | No |
| X | hpcmd | cmd.exe | Added by the ADCLICK-DS TROJAN! | No |
| N | hpcmpmgr | hpcmpmgr.exe | Checks the internet for updated drivers/utilities for your HP product - update manually. Disabling will remove the error "Windows can't shutdown the computer because hpcmpmgr.exe can't be ended" | No |
| U | HPDAgent | HPDAgent.exe | Loads Hide and Protect any Drives - which allows you to "Protect Hard drive, CD, DVD, floppy and flash, and deny access to partitions of your hard drives. Stop unauthorized software installations and data leak by removable media". If disabled, hidden and locked drives still retain their original status so the user will only be able to change their status them via the main UI | Yes |
| U | HPDJ Taskbar Utility | hpztsb01.exe | HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer | No |
| U | HPDJ Taskbar Utility | hpztsb02.exe | HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer | No |
| U | HPDJ Taskbar Utility | hpztsb04.exe | HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer | No |
| U | HPDJ Taskbar Utility | hpztsb05.exe | HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer | No |
| U | HPDJ Taskbar Utility | hpztsb07.exe | HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer | No |
| U | HPDJ Taskbar Utility | hpztsb09.exe | HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer | No |
| U | HPDJ Taskbar Utility | hpztsb06.exe | HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer | No |
| U | HPDJ Taskbar Utility | hpztsb08.exe | HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer | No |
| U | HPDJ Taskbar Utility | hpztsb03.exe | HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer | No |
| U | HPDJ Taskbar Utility | hpztsb10.exe | HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer | No |
| U | HPDJ Taskbar Utility | hpztsb11.exe | HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer | No |
| U | HPDJ Taskbar Utility | hpztsb12.exe | HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer | No |
| U | HPDJ Taskbar Utility | hpztsb13.exe | HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer | No |
| N | hpfsched | hpfsched.exe | HPFSCHED is a small TSR that will remind you to clean the cartridges in your DeskJet from time to time in order to keep print quality high. It can be removed from the run line in win.ini if you do not want that feature | No |
| U | HPGamesActiveMenu | ActiveMenu.exe | Wild Tangent demo games that come with some HP computers. Unchecking it can prevent the games from running occasionally. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case | No |
| N | hpgs2wnd | hpgs2wnd.exe | Share-to-Web - HP-created software and Internet-based application that enables easy uploading and sharing of photos via affiliated photo-sharing Web sites. Available via Start → Programs | No |
| U | Hpha1mon | Hpha1mon.exe | Supports the memory card reader on some HP Photosmart and AIO (all-in-one) printers - displaying a System Tray icon for the drive and allowing you to transfer files directly via the SAVE button. This verison is applicable for version 2.0 to 2.3 drivers - see here. Known to cause 100% CPU load in some cases. Only needed if you use this feature | No |
| U | Hpha2mon | Hpha2mon.exe | Supports the memory card reader on some HP Photosmart and AIO (all-in-one) printers - displaying a System Tray icon for the drive and allowing you to transfer files directly via the SAVE button. This verison is applicable for version 3.1 to 3.2 drivers - see here. Known to cause 100% CPU load in some cases. Only needed if you use this feature | No |
| U | Hpha3mon | Hpha3mon.exe | Supports the memory card reader on some HP Photosmart and AIO (all-in-one) printers - displaying a System Tray icon for the drive and allowing you to transfer files directly via the SAVE button. This verison is applicable for version 3.3.138 to 3.4.13 drivers - see here. Known to cause 100% CPU load in some cases. Only needed if you use this feature | No |
| U | HPHmon03 | hphmon03.exe | Supports the memory card reader on some HP Photosmart and AIO (all-in-one) printers - displaying a System Tray icon for the drive and allowing you to transfer files directly via the SAVE button. Known to cause 100% CPU load in some cases. Only needed if you use this feature | No |
| U | HPHmon04 | hphmon04.exe | Supports the memory card reader on some HP Photosmart and AIO (all-in-one) printers - displaying a System Tray icon for the drive and allowing you to transfer files directly via the SAVE button. This verison is applicable for version 4.0 to 4.2 drivers - see here. Known to cause 100% CPU load in some cases. Only needed if you use this feature | No |
| U | hphmon05 | hphmon05.exe | Supports the memory card reader on some HP Photosmart and AIO (all-in-one) printers - displaying a System Tray icon for the drive and allowing you to transfer files directly via the SAVE button. This verison is applicable for version 5.0 to 5.3 drivers - see here. Known to cause 100% CPU load in some cases. Only needed if you use this feature | No |
| U | HPHmon06 | hphmon06.exe | Supports the memory card reader on some HP Photosmart and AIO (all-in-one) printers - displaying a System Tray icon for the drive and allowing you to transfer files directly via the SAVE button. This verison is applicable for version 6.0 drivers - see here. Known to cause 100% CPU load in some cases. Only needed if you use this feature | No |
| X | Hphome | hphome.js | Homepage hijacker | No |
| N | HPHUPD04 | hphupd04.exe | HP software update checker and wizard launcher. Available via Start -> Programs | No |
| N | HPHUPD05 | hphupd05.exe | HP software update checker and wizard launcher. Available via Start -> Programs | No |
| N | HPHUPD06 | hphupd06.exe | HP software update checker and wizard launcher. Available via the Start menu | No |
| N | HPHUPD07 | hphupd07.exe | HP software update checker and wizard launcher. Available via Start -> Programs | No |
| N | HPHUPD08 | hphupd08.exe | HP software update checker and wizard launcher. Available via Start -> Programs | No |
| ? | hpjsiroute | hpjsira.exe | Related to HP laserjet printers and IP addresses. An IP address is appended to the name field - ie "hpjsiroute192.168.1.2" | No |
| X | HPl Services | hmlsvc32.exe | Added by the AGOBOT-SI WORM and variants! | No |
| Y | HpLamp | HPLAMP.EXE | HP Scanner Utility that controls your scanners light bulb. Needed if it's switched on | No |
| U | hplampc | hplampc.exe | HP Scanner Lamp Utility - fixes an issue with the scanner lamp not going off | No |
| U | HPLaptopGamesActiveMenu | ActiveMenu.exe | Wild Tangent demo games that come with some HP computers. Unchecking it can prevent the games from running occasionally. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case | No |
| Y | HPLJ Config | SetConfig.exe | Connects system to networked HP printer. | No |
| U | HPLogiFinder | hp_finder.exe | HP LogiFinder helps detect and allows the use of the centre button for the Logitech mouse. Can be disabled if not used | No |
| U | HpMmKbd | HpMmKbd.exe | HP's multimedia keyboard driver which enables the end-user to use the automation features of the HP multimedia keyboard | No |
| U | HPMVTray | HPMVTray.exe | HP Media Vault Networked Storage Device - System Tray management utility | No |
| X | HPNT | hpdll.exe | Malware downloader - detected by Kaspersky as the VB.KU TROJAN! | No |
| N | hpodblia | hpodblia.exe | HP OfficeJet Scan Button Monitor on a multi-function printer/copier/scanner. Start your scanning software manually | No |
| N | hpoddt01.exe | N/A | Installed by the "HP Photo and Imaging Director" software. If you ask for the imaging software, this program will be started | No |
| U | hpoddt01.exe | hpotdd01.exe | Detection of new imaging, printing and other peripherals on HP machines such as USB printers, cameras and Bluetooth products | No |
| N | hpodlb08 | hpodlb08.exe | HP OfficeJet Scan Button Monitor on a multi-function printer/copier/scanner. Start your scanning software manually | No |
| Y | hpppt | hpppt.exe | Related to the drivers for HP ScanJet scanners | No |
| Y | hpppta | HPPPTA.exe | HP parallel port driver for certain hardware | No |
| X | HpPrinter | hpserver.exe | Added by the CMJSPY-W TROJAN! | No |
| N | HPPROPTY | HPPROPTY.EXE | HP LaserJet Toolbox | No |
| U | HPPWRSAV | HPPWRSAV.EXE | Power save related for HP Scanners. Many users have complained of system freezes with it running but it stops the light from remaining on all the time. Try www.hp.com, pick your OS option under the SUPPORT tab, follow the instructions and you will find an updated lamp control patch | No |
| ? | hpqcmon | hpqcmon.exe | From HP and related to digital imaging | No |
| ? | hpqSRMon | hpqSRMon.exe | Related to HP Digital Imaging products. What does it do and is it required? | No |
| U | HPSCANMonitor | hpsjvxd.exe | HP scanning software that enables you to scan images from your scanner. Needed if you're using the scanner | No |
| ? | hpScannerFirstBoot | scannerfb.exe | HP scanner related | No |
| X | hpSdwxmark | Gaddw.exe | Added by the SDBOT-RB WORM! | No |
| N | hpsjbmgr | hpsjbmgr.exe | HP ScanJet Button Manager. It allows users of the HPScanJet scanners to indicate what the buttons on the scanner will do automatically if pushed. Not required at startup, unless the scanner is used every day, such as in a business environment | No |
| N | HPStart | hpstart.wsf | This a script used by HP that runs the first time one of their computers is started. Can't imagine why it would be starting up after the first boot | No |
| X | hpsysconf1 | [random filename] | Added by a variant of the VIVIA.A TROJAN! | No |
| U | hpsysdrv | hpsysdrv.exe | This item keeps track of how many times the system has been recovered and the times of the first and last recoveries done on the system. Leaving unchecked will sometimes prevent the Keyboard Manager program from detecting that the computer is an HP. Since this program/driver was only made to run on HP, if it can't tell that it is an HP it will not run. If unchecked, it can prevent the running of the Application Recovery CDs, the use of the multimedia keys, and the HP Instant Support. Also seen that without it running, the Riptide Sound card that was installed on some older HP computers stops working | No |
| X | hptools | hptools.exe | Added by a variant of the SDBOT WORM! | No |
| X | hptools | microsoft.exe | Added by a variant of the SDBOT WORM! | No |
| N | HPU | ProvenTactics.exe | Proven Internet Marketing software | No |
| U | hpWirelessAssistant | HP Wireless Assistant.exe | The HP Wireless Assistant is a user application that provides a way to control the enablement of individual wireless devices (such as Bluetooth or WLAN devices) and that shows the state of the radios for these wireless devices | No |
| U | hpWirelessAssistant | HPWAMain.exe | Wireless application bundled with HP computers that allows you to control different settings on the computer's wireless devices such as Bluetooth and WLAN | No |
| N | HPZTS04 | hpzts04.exe | Hewlett Packard printer toolbox shortcut that resides in the system tray | No |
| U | hpztsb02 | hpztsb02.exe | HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer | No |
| U | hpztsb04 | hpztsb04.exe | HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer | No |
| U | hpztsb05 | hpztsb05.exe | HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer | No |
| U | hpztsb07 | hpztsb07.exe | HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer | No |
| U | hpztsb09 | hpztsb09.exe | HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer | No |
| U | hpztsbol | hpztsbol.exe | HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer | No |
| N | HP_dla | dlatray.exe | On HP PCs, tray icon for dla - which provides drive letter access to HP's and Veritas' version of DirectCD | No |
| X | HP_runner | front.exe | Added by the SILLYFDC WORM! | No |
| X | HQI Services | hqisvc32.exe | Added by the AGOBOT-RO WORM! | No |
| X | HQI Services | hqlsvc32.exe | Added by the AGOBOT-RP WORM! | No |
| N | hqtray | hqtray.exe | VMware Host Network Access Status Tray Application - part of both VMware Player (from version 2.0) and Workstation (until version 6.5) - which allow you to "run multiple operating systems simultaneously on a single PC." It's function is uknown at present and it displays no tray icon as the name suggests. Can be disabled without affecting the operation of either product | Yes |
| U | HR | Hr.exe | HiddenRecorder periodically takes screenshots of the computer. If you didn't install this yourself remove it | No |
| U | HREF.OCX | regsvr32.exe ....HREF.OCX | HREF.OCX is an ActiveX control developed by xFX JumpStart and used to provide HTML-alike clickable links on Windows-based programs such as PopUpKiller | No |
| X | hri | iexpl0re.exe | Added by the DLOADER.MAQ TROJAN! Note the number "0" in the filename | No |
| X | Hrn_qtv | hrnsvc32.exe | Added by the SDBOT-AET WORM! | No |
| X | Hservice | msservice.exe | Added by the AUTORUN-KL WORM! | No |
| X | hsim | isearch.exe | Unidentified malware | No |
| X | hsim | sexgame.exe | Unidentified malware | No |
| X | hsim | toolbar.exe | Unidentified malware | No |
| U | HSLAB Logger | logger.exe | HSLABLogger logs user activity and Internet activity. The gathered information can be sent to a predetermined email address. If you didn't install this yourself uninstall it | No |
| U | HSON | HSON.exe | Toshiba HotStart button support for instant-on entertainment on their laptops | No |
| U | HSTrans | hstrans.exe | Homescan Internet Transporter - part of ACNielson Homescan. Recognizes when the ACNielsen Homescan Scanner is attached to the computer and allows it to transmit scanner information to ACNielsen | No |
| ? | HsuGuiControl | HsuGuiControl.exe | Part of the Starband Internet satellite client. What does it do and is it required? | No |
| U | hsys | HSYS.EXE | Keylogger Express keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| U | Hti | npdor.exe | Appears in startup if you have chosen to participate in on survey by NPD Online Research. Required for the survey to work correctly. Otherwise not required | No |
| X | HTML Help System | hhs.pif | Added by the RBOT-ATB WORM! | No |
| X | HTML32 Help System | hhs32.pif | Added by the RBOT-ATE WORM! | No |
| U | HTpatch | htpatch.exe | HTpatch.exe is part of the SiS AGP patch - BUT unless your processor (and motherboard) supports HyperThreading (HT) and this feature is enabled it will actually SLOW your graphics card by around 6% | No |
| X | HtProtect | AVprotect.exe | Added by the NETSKY.L WORM! | No |
| X | htssv32.exe | htssv32.exe | Added by a variant of the SDBOT TROJAN! | No |
| X | HTTP Tunneling Server | mstunnel.exe | Added by the RBOT.EDL WORM! | No |
| X | http://www.lienvandekelder.be | LienVandeKelder.exe | Added by the MYTOB-AZ WORM! | No |
| X | http://www.lienvandekelder.be | Lien Van de Kelder.exe | Added by the MYTOB-AP WORM and variants! | No |
| X | http://www.lienvandekelder.be | Lien Vande Kelder.exe | Added by the MYTOB-AQ WORM! | No |
| X | http://www.lienvandekelder.be | Lien vd Kelder.exe | Added by the MYTOB-M WORM! | No |
| X | http://www.lienvandekelder.be | Lien.exe | Added by the MYTOB-CZ WORM! | No |
| X | http://www.lienvandekelder.be | Lientjeuh.exe | Added by the MYTOB-P WORM! | No |
| X | http://www.lienvandekelder.be | LienVdK.exe | Added by the MYTOB-U WORM! | No |
| X | http://www.lienvandekelder.be | Van de Kelder Lien.exe | Added by the MYTOB-BF WORM! | No |
| X | http://www.lienvandekelder.be | We Love Lien Van de Kelder.exe | Added by the MYTOB-CV WORM! | No |
| X | http://www.lienvandekelder.com | Lien Van de Kelder.exe | Added by the MYTOB-EQ WORM! | No |
| X | http://www.lienvandekelder.com/ | LienVandeKelder.exe | Added by the MYTOB-EO WORM! | No |
| X | httpd | c_pan.exe | Added by a variant of the DELF-A TROJAN! | No |
| X | httpd | deamon.exe | Added by the TACTSLAY.C TROJAN! | No |
| X | httpd | msgaol.exe | Added by the TACTSLAY.C TROJAN! | No |
| X | httpd | s_menu.exe | Added by the TACTSLAY.C TROJAN! | No |
| X | httpd | browse.exe | Added by the TACTSLAY.C TROJAN! | No |
| X | httpd | deamon.exe | Added by the TACTSLAY.C TROJAN! | No |
| X | https-ssl | https.exe | Added by the MOEGA.D WORM! | No |
| U | HughesNet Tools | matcli.exe | "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". HughesNet Tools is required to run with the Help and Support program. If you uncheck HughesNet Tools and then run Help and Support it will add another HughesNet Tools in the startup menu. If you remove the HughesNet Tools in the add/remove program some help menus in help and support will not be available. You decide | No |
| ? | huhdir | huhdir.exe | ?? | No |
| X | huigezi | HgzServer.exe | Added by the GRAYBIRD.C TROJAN! | No |
| X | huigezi | SP00LSV.EXE | Added by the GRAYBIRD.J BACKDOOR! Note the digit "0" in the command | No |
| X | Hvewsveqmg | ANACON.EXE | Added by the NACO.A WORM! | No |
| X | Hvid | Hvid.exe | Added by the GEMA TROJAN! | No |
| X | HWINFO* | HWINFO* | Added by the PUROL WORM! where * is a random character | No |
| Y | HWinst | N/A | For Gilat Communications internet satellite systems. Gilat rescue (Satellite system restore). Required if you have this system. Can cause a BSOD (blue screen of death) if left out | No |
| X | Hwp | system_wc.exe | Eziin adware | No |
| X | hws | hws.exe | Added by the STARTPA-CT TROJAN! | No |
| U | HWSetup | HWSetup.exe hwSetUP | "Toshiba Hardware Setup is the Toshiba configuration management tool available through Windows." Allows the user to change BIOS, hard disk, memory, boot disk priority and other settings | No |
| X | hxadsec | [path to trojan] | Added by the ADCLICK-AP TROJAN! | No |
| X | HXDL.EXE | HXDL.EXE | Attune HelpExpress - spyware. Disable and uninstall - see here | No |
| X | HXIUL.EXE | HXIUL.EXE | Attune HelpExpress - spyware. Disable and uninstall - see here | No |
| U | HydarVisionDesktopManager | desk95.exe | ATI's HydraVision desktop management software, allowing for multi-monitor support, as included in ATI HydraVision versions 2.5 and earlier. Has been reported to cause problems, such as this one. HydraVision can be uninstalled through Add/Remove Programs | No |
| U | HydraDM | HydraDM.exe | Part of HYDRAVISION - ATI's software for managing mutliple displays and virtual desktops. This is the HYDRAVISION Desktop Manager - which "customizes the behaviour of windows and dialog boxes, allows you to set up Hotkeys for navigation in multiple display configurations and applies special effects like transparency and shadows to you desktop" | Yes |
| U | HydraMD | HydraMD.exe | Part of HYDRAVISION - ATI's software for managing mutliple displays and virtual desktops. This is HYDRAVISION MultiDesk - which "creates, organizes and arranges up to nine active multi-monitor desktop combinations and allows you to cycle between them with a mouse." There is an optional System Tray icon or a hotkey can be configured to cycle through the desktops | Yes |
| U | HydraVisionDesktopManager | desk98.exe | ATI/Appian HydraVision Desktop Manager software - monitors and regulates window and dialog box placement according to user preferences when using a multi monitor setup | No |
| U | HydraVisionDesktopManager | HydraDM.exe | Part of HYDRAVISION - ATI's software for managing mutliple displays and virtual desktops. This is the HYDRAVISION Desktop Manager - which "customizes the behaviour of windows and dialog boxes, allows you to set up Hotkeys for navigation in multiple display configurations and applies special effects like transparency and shadows to you desktop" | Yes |
| U | HydraVisionViewport | viewport.exe | ATI/Appian HydraVision Desktop Manager software - monitors and regulates window and dialog box placement according to user preferences when using a multi monitor setup | No |
| U | HydraVisionViewPort | HydraMD.exe | Part of HYDRAVISION - ATI's software for managing mutliple displays and virtual desktops. This is HYDRAVISION MultiDesk - which "creates, organizes and arranges up to nine active multi-monitor desktop combinations and allows you to cycle between them with a mouse." There is an optional System Tray icon or a hotkey can be configured to cycle through the desktops | Yes |
| X | Hyper Files | phfhost.exe | Added by the AGENT-JQO TROJAN! | No |
| X | Hyper Start | instantmsgrs.exe | Added by the RBOT-NH WORM! | No |
| X | I am not Ranky. I am eTunnel! | msyervice.exe | Added by an unidentified WORM or TROJAN! | No |
| X | I am not Ranky. I am eTunnel! | winsys.exe | Added by an unidentified WORM or TROJAN! | No |
| X | I am not Ranky. I am eTunnel! | disney.exe | Added by an unidentified WORM or TROJAN! | No |
| X | I just want to say I love Milko and I need a drink | svchost.exe | Added by the CHIKO WORM! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in Documents and Settings\Administrator\Local Settings\Application Data | No |
| X | I-Worm.GiGu | uGiG.eXe | Added by the GINK WORM! | No |
| X | I/O Controllers | svcnet.exe | Added by the TIBIK-B TROJAN! | No |
| X | I386 | I386.exe | Added by the MYPOWER WORM! | No |
| ? | I81SHELL | I81SHELL.exe | Appears to be related to drivers for an Intel 810 graphics chipset on an ASUS motherboard | No |
| U | i8kfangui | i8kfangui.exe | Graphical interface for fan speed control | No |
| U | IAAnotif | Iaanotif.exe | Part of Intel® Matrix Storage Manager (formally known as Intel® Application Accelerator and Intel® Application Accelerator RAID Edition). Used in conjunction with the event monitor service (IAANTMON - Iaantmon.exe) to display event notifications (such as RAID volume status changes, HDD I/O errors or HDD SMART event) via a System Tray icon when an event occurs. Via this icon you can then choose to launch the Intel Matrix Storage Console or ignore the current alert | Yes |
| Y | iamapp | iamapp.exe | AtGuard personal firewall engine. As Atguard was bought by Symantec some time ago, it's now the Norton Personal Firewall executable as well | No |
| X | Iamnacho On Irc.MusIrc.com Is a Homosexual! | XBox64.exe | Added by the RANDEX.Y WORM! | No |
| ? | IaNvSrv | IaNvSrv.exe | Related to the option ROM part of the Intel® Matrix Storage Manager. Located in %ProgramFiles%\Intel\Intel Matrix Storage Manager\OROM\aNvSrv. What does it do and is it required? | No |
| ? | Iap | iap.exe | Possibly part of Dell OpenManage Client Instrumentation - software that allows remote management application programs to access information about, monitor the status of or change the state of the client computer, such as shutting it down remotely? | No |
| U | ias | ias.exe | InvisibleASpy keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| X | IASHLPR | IASHLPR.EXE | Added by the OPASERV.T WORM! | No |
| X | ibin | [path to trojan] | Added by the PERDA-C TROJAN! | No |
| X | ibm | ibm.exe | Added by the LEGMIR-AH TROJAN! | No |
| Y | IBM Client Security | certtool.exe | Part of Client Security Software for IBM\Lenovo notebooks. If you have configured the software via the associated wizard this will need to be running if you want to mount password protected areas of the disk (created with SafeGuard PrivateDisk), use the password manager or file/folder encryption options | No |
| N | IBM Client Security Software | csecwiz.exe | Setup wizard for the Client Security Software for IBM\Lenovo notebooks. This entry only runs once, after the software has been installed and the notebook rebooted for the first time. If the wizard isn't completed a shortcut is available via the Start menu until it is | No |
| X | IBM Keyboard Driver | ikeybdrv.exe | Added by the SDBOT.IC TROJAN! | No |
| Y | IBM Password Manager | pwmgr.exe | Part of Client Security Software for IBM\Lenovo notebooks - IBM® Client Security Password Manager "enables you to manage your sensitive and easy-to-forget login information, such as user IDs, passwords, and other personal information, with IBM Client Security. The IBM Client Security Password Manager stores all information through the IBM Security Chip so that your UVM user authentication policy controls access to your secure applications and Web sites." Can also be used with or without the Fingerprint Reader on select models | No |
| N | IBM RecordNow! | RecordNow.exe | IBM customized version of the RecordNow! CD-writing utility from Sonic Solutions | Yes |
| U | IBM ThinkPad EasyEject Support Application | EzEjMnAp.Exe | EasyEject Utility for IBM/Lenovo Thinkpad notebooks. Quote: "The IBM ThinkPad EasyEject Utility makes removing multiple devices from your computer faster and easier by enabling you to stop more than one device at once, rather than stopping each device individually." Configuration and performing of EasyEject actions is available via Fn+F9 key combination on some models | Yes |
| N | IBM ThinkPad EasyEject Tray Utility | EZEJTRAY.EXE | System Tray access to the EasyEject Utility for IBM/Lenovo Thinkpad notebooks. Quote: "The IBM ThinkPad EasyEject Utility makes removing multiple devices from your computer faster and easier by enabling you to stop more than one device at once, rather than stopping each device individually." Configuration and performing of EasyEject actions is available via Fn+F9 key combination on some models | Yes |
| N | IBM ThinkPad Tray Utility | TP98TRAY.EXE | System Tray access to the ThinkPad Configuration utility for IBM/Lenovo ThinkPad notebooks. "The ThinkPad Configuration utility is a control center to configure your ThinkPad hardware. With this utility, you can setup or change your device configurations for ThinkPad hardware and options" | Yes |
| U | IBM ThinkPad Utility | NPDTray.exe | System Tray access to Presentation Director for IBM/Lenovo Thinkpad notebooks - which allows you to create and quickly select between various single and mulitple display options. Scheme selection and settings are also available via Fn+F7 key combination on some models | Yes |
| U | IBM TrackPoint Accessibility Features | tp4ex.exe | Supports accessibility features for the TrackPoint stick and associated buttons on IBM/Lenovo ThinkPad notebooks. If features such as "Click Sound", "Button Lock" and "Cross Hair cursor" are enabled this entry will run at startup. If none of the accessibility features are used it remains as a startup entry but doesn't run | Yes |
| ? | IBM Warranty Notification | ERTS0749.exe | IBM Warranty Notification - presumably it's a reminder to either register or that warranty is about to expire? | No |
| N | ibmmessages | ibmmessages.exe | "The Access IBM Message Center displays messages to inform you about helpful software that may be pre-installed on your PC. The Message Center can also provide messages about new updates available from the IBM Support Center to keep your computer current" | Yes |
| ? | Ibmmon.exe | Ibmmon.exe | ?? | No |
| U | Ibmpmsvc | ibmpmsvc.exe | Power management driver for IBM laptops. Provides support for the use of four keys on the thinkpad keyboard with blue key tops - Fn, F3, F4 & F12 - which have specific functions to control the standby and hibernate buttons. Not required if you don't plan to go into standy or hibernate modes | No |
| ? | IBMPRC | ibmprc.exe | IBM application - what does it do and is it required? | No |
| U | IBMUltraBayHotSwapCPLLoader | IBMBAY2N.EXE | Supports hot swapping in Thinkpad UltraBay Option on IBM ThinkPad laptops | No |
| ? | IBMUltraBayHotSwapSound | IBMBAYSN.EXE | Supports hot swapping in Thinkpad UltraBay Option on IBM ThinkPad laptops. Is it needed though - does it just play a sound? | No |
| Y | IBM_PWMGR | pwmgr.exe | Part of Client Security Software for IBM\Lenovo notebooks - IBM® Client Security Password Manager "enables you to manage your sensitive and easy-to-forget login information, such as user IDs, passwords, and other personal information, with IBM Client Security. The IBM Client Security Password Manager stores all information through the IBM Security Chip so that your UVM user authentication policy controls access to your secure applications and Web sites." Can also be used with or without the Fingerprint Reader on select models | No |
| X | Ibs | ibs.exe | Added by the HIDEDIAL-B TROJAN! | No |
| U | IBWin Background process | IBackground.exe | IBackup for Windows | No |
| U | IBWin Monitor | IBMonitor.exe | IBackup for Windows | No |
| Y | IcaBar | icabar.exe | Related to Citrix MetaFrame | No |
| X | icasServ | icasServ.exe | Browser hijacker, redirecting to Searchforfree.info. Also detected as the ICASERV-A TROJAN! | No |
| X | icccomp | [8 random letters].exe | Added by the ZHELATIN.EQ WORM! | No |
| X | ICcontrol | iccontrol.exe | ICcontrol premium rate adult content dialer | No |
| X | icdd7ee6 | rundll32.exe icdd7ee6.dll, EnableRunDLL32 | LZIO.com adware downloader. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "icdd7ee6.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| X | icddefff | rundll32.exe icddefff.dll, EnableRunDLL32 | LZIO.com adware downloader. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "icddefff.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| Y | ICF | mfp.exe | McAfee Family Protection - which 'is easy-to-use and built to empower parents to say "yes" to their children's online interests while protecting them as they learn and explore' and "protects children of all ages from exposure to inappropriate content, social networking risks, strangers, and other threats" | Yes |
| N | ICH Synth | eusexe.exe | Sound related and can be disabled without affecting performance although advanced sound features may be sacrificed. May be related to Compaq PC's with "SoundMAX integrated Digital Audio" (Analog Devices Inc.) devices | No |
| X | icifati | yujixit.exe | Added by the SDBOT.ZZH WORM! | No |
| U | iClean | iClean.exe | IEClean - "advanced, comprehensive package of tools which perform a number of functions to allow you to control your online privacy" | No |
| U | ICM | ICM.EXE | Starts Internet Call Manager dialog box and/or taskbar icons at bootup. This is a subscription program from internetcallmanager.com that monitors a dialup phone line for incoming calls and handles voicemail | No |
| X | ICManagement | msic32.exe | Added by the MSIC BACKDOOR! | No |
| N | iCn | NAG.EXE | iChoose - shopping browser enhancement that alerts you to cheaper deals for goods you want to buy, if they exist. Not related to the Mac icon program of the same name | No |
| U | ICO | ICO.EXE | Found on some Sony Vaio, IBM Thinkpad and Dell (and possibly other) laptops and seems to be related to Mouse Suite 98 Daemon according to the properties. Required on the Dell Inspirion 530 as without it the Dell mouse suite does not load and mouse settings are not retained on a reboot. Appears to cause a behaviour where the desktop suddenly flips back up when playing DirectX associated games | No |
| N | Icon Animation | HDE.EXE | Part of McAfee Nuts & Bolts. Provides entertaining animation of your desktop icons | No |
| N | Icon Hearit 95 | hearit95.exe | Audio desktop customization utility from Moon Valley Software. Resource hog | No |
| N | Icon Hearit 98 | hearit98.exe | Audio desktop customization utility from Moon Valley Software. Resource hog | No |
| X | Icon lptt01 | icon.exe | RapidBlaster variant (in a "Icon" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here | No |
| X | Icon ml097e | icon.exe | RapidBlaster variant (in a "Icon" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here | No |
| Y | iconcache | icon.bat | Related to the Vista Customization Pack | No |
| Y | ICONCLNT | iconclnt.exe | APC PowerChute® Personal Edition tray icon | No |
| U | ICONDESK | ICONDESK.EXE | Small utility which will allow you the option of hiding or showing your desktop icons | No |
| N | Iconfig.exe | Iconfig.exe | Icon for LS-120 "Superdisk" | No |
| X | iConfigLoader | DIIhost.exe | Added by the GAOBOT.AO WORM! | No |
| N | Iconoid | Iconoid.exe | Iconoid is a desktop icon manager | No |
| N | Iconsaver | Iconsaver.exe | IconSaver is a desktop icon manager | No |
| X | ICQ | ICQNET.vbs | Added by the GORMLEZ-A WORM! | No |
| X | ICQ Agent | icq6.exe | Added by the AGENT-FZJ TROJAN! | No |
| X | ICQ Center | [path to worm] | Added by the RANDIN WORM! | No |
| X | ICQ Chat Service | icqjdhs.exe | Added by a variant of the RBOT WORM! | No |
| X | ICQ Hacking Pro | ICQpro.exe | Added by a variant of the NETSPY TROJAN! | No |
| N | ICQ Lite | ICQLite.exe | ICQ Lite - compact version of the popular messaging program | No |
| X | icq lite | scvhost.exe | Added by the AGENT-DSF TROJAN! | No |
| X | icq lite | winlog.exe | Added by the IRCBOT-TJ TROJAN! | No |
| X | ICQ Lite Messenger | ICQLITE.EXE | Added by an unidentified VIRUS, WORM or TROJAN! The legitimate ICQ Lite executable is located in %ProgramFiles%\ICQLITE whereas this one is located in %System% | No |
| X | ICQ Messenger 2002 | ICQ2002.exe | Added by the SDBOT-ABL WORM! | No |
| X | ICQ Net | winlogon.exe | Added by variants of the NETSKY WORMS! Note - this is not the legitimate winlogon.exe process which should not appear in Msconfig/Startup! | No |
| N | ICQ Plus | vplus.exe | ICQ Plus is a freeware utility makes your ICQ skinnable (change the look). Available via Start -> Programs | No |
| X | IcqBeta | webcamupdate.exe | Added by an unidentified TROJAN! | No |
| U | ICQMonitor | ICQMonitor.exe | ICQ Monitor Sniffer surveillance software for the ICQ instant messenger. Uninstall this software unless you put it there yourself | No |
| X | ICQMsn | [path to trojan] | Added by the RANCK-AH TROJAN! The most common example is "cbfks.exe" located in %System% | No |
| X | ICQNet | winlogon.exe | Added by the NETSKY-C WORM! Note - this is not the legitimate winlogon.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | icrosof Avps32 Control | av32.pif | Added by the RBOT-AVC WORM! | No |
| X | icrosoft Visual | plscx.exe | Added by the RBOT-AYO WORM! | No |
| X | icrosoft Visual InterDevc | zvslmqb.exe | Added by the RBOT-AYP WORM! | No |
| X | icrosoft Windows DLL Services Configuration | poker3.exe | Added by the SDBOT-AER WORM! | No |
| X | icrosoftf Avpx Control | avpx.exe | Added by the RBOT-AYN WORM! | No |
| U | ICSDCLT | rundll32.exe Icsdclt.dll, ICSClient | Internet Connection Sharing allows more than one computer to simultaneously access the internet with a single connection. Also required when networking two machines | No |
| N | ICServer | Icserver.exe | Intel Intercast viewer software. Gives access to selected internet pages which are broadcasted by several TV stations | No |
| Y | ICSMGR | ICSMGR.EXE | Monitors DNS and DHCP requests for ICS (Internet Connection Sharing). Needed if you're sharing the internet on various computers | No |
| X | ICU-Sucker | Service32.exe | Added by the ILLNOTIFIER.D TROJAN! | No |
| N | IC_KEY_3 | spvic.exe | Instant Chess related | No |
| N | ID Commander | IDCom.exe | Caller ID utility for identifying incoming telephone numbers | No |
| X | ID8525 | ID8525.exe | Added by the ID8525.A TROJAN! | No |
| X | ID8525 | id85255.exe | Added by the ID8525.A TROJAN! | No |
| ? | IDA | IDA.EXE | Part of HP's PC Common Operating Environment (PC COE) project. Located in %ProgramFiles%\Hewlett-Packard\PC COE. What does it do and is it required? | No |
| X | IDE | ide.exe | Added by the ASSASIN.F TROJAN! | No |
| X | IDE Loader | IDElibr32.exe | Added by the XILON TROJAN! Related to the game "Diablo II" | No |
| X | idecntl | idecntl.exe | Added by a variant of the CRYPTER.C TROJAN! | No |
| U | iDesktop | idesktop.exe | Immersion TouchWare Desktop software for devices such as the Logitech iFeel Mouse | No |
| X | idlesam | [8 random letters].exe | Added by the ZHELATIN.EQ WORM! | No |
| N | IDMan | IDMan.exe | Internet Download Manager - download files faster, schedule and resume | No |
| X | idmlssp | [random filename] | Added by a variant of the SLAPER TROJAN! | No |
| U | IDriveE Startup | IDrvieEStartup.exe | IDrive from Pro Softnet Corporation - free full featured online backup up to 2GB with the option of paying for more storage space and managing multiple accounts | No |
| X | IDTemplates | IDTemplate.exe | Added by the BRONTOK-H WORM! | No |
| N | IDW Logging Tool | idwlog.exe | Added with WinXP SP1. Usually only found in internal builds only to indicate the current build being used. Can cause slow network logon problems | No |
| X | IE configure | explorer.exe | Added by the LINEAGE-C TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! | No |
| U | IE Doctor | IEDoctor.exe | IE Doctor Toolbar - "IE Doctor can help you to Repair IE easily, protect IE and OE from all malicious changes. It can Repair the HomePage, context menu, IE toolbar button, startup items, Favorites, typed URLs and the entire Internet Options" | No |
| X | IE Java Update | iejava.exe | Added by the AGENT-HD TROJAN! | No |
| X | IE Menu Extension toolbar | rundll32.exe [path] tbextn.dll DllShowTB | Topconverting.com/180Search "IEMenuExtension" toolbar. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| U | IE New Window Maximizer | iemaximizer.exe | IE New Window Maximizer - automatically maximize new Internet Explorer and Outlook Express windows | No |
| X | IE Runtime | wini.exe | Added by the PICRATE.B WORM! | No |
| X | IE Runtimes | winis.exe | Added by the RBOT-ADZ TROJAN! | No |
| X | IE**.exe [* = random char] | IE**.exe [* = random char] | CoolWebSearch/HomeSearch adware - for examples, see this log | No |
| X | IE**32.exe [* = random char] | IE**32.exe [* = random char] | CoolWebSearch/HomeSearch adware - for examples, see this log | No |
| X | IE-Bar | iebar.exe | DesktopMedia adware | No |
| X | IE-Security | iescan.exe | IE-Security rogue spyware remover - not recommended, removal instructions here | No |
| X | IE-Security | wdscan.exe | IE-Security rogue spyware remover - not recommended, removal instructions here | No |
| X | IE6 | wkstmg.exe | Added by a variant of the SDBOT WORM! | No |
| X | IE6 | ssmss.exe | Added by the GAOBOT.DXO WORM! | No |
| X | IE6 | porn.pif | Added by the RBOT-ATF WORM! | No |
| X | IE6 | winsnt.exe | Added by the RBOT-GOV WORM! | No |
| X | IEACCESS | temp532.exe | AsdPlug premium rate adult content dialer variant | No |
| X | IEACCESS | surfya.exe | IEAccess premium rate adult content dialer variant | No |
| X | IEAgent update check | iewatch.exe | Added by the BOMKA TROJAN! | No |
| X | IECache | IECache.exe | Detected by Bitdefender as the DELF.OFC TROJAN! See here | No |
| N | iecheck | iecheck.exe | Integrity checker for IconEdit2 icon editor. It serves for IconEdit2 internal tasks only and can be safely deleted from the system if you are running the latest version of IconEdit2 | No |
| X | IECheck | MSDTCs.exe | Added by the TIRBOT-D WORM! | No |
| X | IECheck | xpssl.exe | Added by the TIRBOT-E WORM! | No |
| X | IECheck | mssvp.exe | Added by the TIRBOT-G WORM! | No |
| U | IECleanAux | Ieboot6.exe | IEClean by Kevin McAleavy - cookie manager, cache cleaner, history cleaner, etc. Performs cleaning tasks at startup | No |
| X | iedll | iedll.exe | Homepage hijacker, redirecting to coolwwwsearch.com | No |
| X | IEDriver | IEDriver.exe | IEDriver adware. Can be installed as part of peer-to-peer file sharing software called URLBlaze | No |
| X | IEDriver | xplore.exe | IeDriver adware variant | No |
| X | IEDriver | TD.exe | IeDriver adware variant | No |
| X | iedwa104 | iedwa104.exe | Added by the DLOADR-BBW TROJAN! | No |
| X | IEengine | IEeng.exe | STARTPAG.AI hijacker | No |
| X | IEexplorer AUpdate | IEexplore32.exe | Added by the RBOT-GRE WORM! | No |
| X | IEFeatures | IEFeatures.exe | Added by the POPMON.A TROJAN! - also known as PopMonster adware | No |
| X | IEFeatures | Internetfeatures.exe | Added by the POPMON.A TROJAN! - also known as PopMonster adware | No |
| X | IefxTray | IefxTray.exe | Added by the RILER-H TROJAN! | No |
| X | ieharv.exe | ieharv.exe | Added by the BANKER-HH TROJAN! | No |
| X | Iehelper | syslaunch.exe | Outwar adware downloader | No |
| X | iel2cde8 | rundll32.exe iel2cde8.dll, EnableRunDLL32 | LZIO.com adware downloader. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "iel2cde8.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| X | ielcaabe | rundll32.exe ielcaabe.dll, EnableRunDLL32 | LZIO.com adware downloader. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "ielcaabe.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| X | IELoader32 | iexplore32.exe | Added by the SPEX or SPEX.B WORMS! | No |
| X | Iesar | Iesar.exe | Browser hijacker - redirecting to an adult web page | No |
| X | Iesearch.exe | Iesearch.exe | LookNSearch adware | No |
| U | IEServer | IEServer.exe | HB Screen Spy surveillance software. Uninstall this software unless you put it there yourself | No |
| X | IESet | IExplorer.dll | Added by the PWS-BLUEDIT TROJAN! | No |
| X | iesetupi.exe | iesetupi.exe | Added by a variant of the RBOT WORM! | No |
| Y | IEShow | IEShow.exe | Anti-phishing component of BitDefender internet security products. Anti-phishing prevents sensitive data such as usernames, passwords and credit card details being acquired by web-sites and E-mails masquerading as a trustworthy sources. It can also be licensed by other products such as versions of The Shield Deluxe from PCSecurityShield (see here) - who's reputation is poor | No |
| X | iestart | iexp1orer.exe | Added by the NEMOG.C TROJAN! | No |
| N | ietsr | ietsr.exe | IEClean by Kevin McAleavy - cookie manager, cache cleaner, history cleaner, etc | No |
| X | ieupdate | MCP****.exe [**** = random char] | Added by the ASOXY TROJAN! | No |
| X | ieupdate | mcpdll32.exe | Adware downloader trojan | No |
| X | ieupdate | [random filename] | Added by the AGENT-C BACKDOOR! | No |
| X | ieupdates | ieupdates.exe | Added by a number of TROJANS such as DWNLDR-HGI and AGENT-HGA and the Antivirus 2009 rogue security software - see here | No |
| X | IEWinserv | winserv.exe | Added by the BANKER-MY TROJAN! | No |
| X | IEXPL0RER | IEXPL0RER.EXE | Added by the AGOBOT-QL WORM! Note the filename has a "0" rather than an upper case "o" | No |
| X | iexplo | iexplor.exe | Added by the SIDEA TROJAN! | No |
| X | IExploer | svshosts.exe | Added by the IRCBOT.BT TROJAN! | No |
| X | Iexploit | Iexploit.html | Added by the INKER.B WORM! | No |
| X | iexplor.exe | iexplor.exe | Added by an unidentified WORM or TROJAN! See here | No |
| X | Iexplore | iexplore.exe | Added by the BOXER TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System% | No |
| X | IEXPLORE | iexplore.exe | Added by the APHEXDOOR TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | IExplore | IEXPLORE.EXE | Added by the DLOADER-YZ TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in a "Custom" subfolder | No |
| X | IEXPLORE | IEXPLORE.EXE | Added by the BANKER-BWE TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System% | No |
| X | iExplore Ini | ie4uini.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | Iexplore Services | iexplore.exe | Added by the LITHIUM BACKDOOR! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! | No |
| X | IEXPLORE.EXE | [path to trojan] | Added by the BANCOS-CJ TROJAN! | No |
| X | IEXPLORE.EXE | goot.exe | Added by the BIFROSE-C TROJAN! | No |
| X | IExplorer | Iexplor32.exe | Added by the BDOOR-BY BACKDOOR! | No |
| X | IExplorer | IExplorer.EXE | Added by the BANCOS-CH TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe) | No |
| X | IEXPLORER | msiecfg.exe | Added by the BDOOR-JU BACKDOOR or BANCBAN-IP TROJAN! | No |
| X | Iexplorer | explorer.exe | Added by the ZAPCHAS-AC TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System% | No |
| X | iexplorer lptt01 | iexplorer.exe | RapidBlaster variant (in a "iexplorer" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here | No |
| X | iexplorer ml097e | iexplorer.exe | RapidBlaster variant (in a "iexplorer" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here | No |
| X | Iexplorer.exe | Iexplorer.exe | Added by the BANCBAN-EN TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe) | No |
| X | IExplorer32 Java Scripting | IExplore32b.exe | Added by the RBOT.ABO WORM! | No |
| X | IExplorer32c Java Scripting | IExplore32cb.exe | Added by the RBOT.ABN WORM! | No |
| X | IExplorer6 Java Scripting | IExplore326.exe | Added by a variant of the SDBOT WORM! | No |
| X | IExplorer7 Java Scripting | IExplore327.exe | Added by a variant of the SDBOT WORM! | No |
| X | Iexplorerr.exe | Iexplorerr.exe | Added by the BANKER-EUT TROJAN! The file is located in %Windir%\Sun\Java\Deployment\logs | No |
| X | Iexplorerr.exe | Iexplorerr.exe | Added by the BANKER.AOVZ TROJAN! The file is located in %Windir%\msagent\gf | No |
| X | IExplorerService | WinSock.exe | Added by the AGENT.KIU TROJAN! | No |
| X | iExpresser | iexpresser.exe | Added by the SLENFBOT.AP WORM! | No |
| X | ifp | ipf.exe | Added by the CLAGGER-AG TROJAN! | No |
| X | ifperx | [random filename] | Added by a variant of the SLAPER TROJAN! | No |
| X | ifperx | xmliwvug.exe | Added by the SLAPER.U TROJAN! | No |
| U | IFSplash.exe | IFSplash.exe | I-FORCE driver for force feedback steering wheel | No |
| U | IFXSPMGT | ifxspmgt.exe | Part of the Infineon Security Platform Software - which supports the on-board TPM security device included with some laptops from suppliers such as Acer, ASUS, HP and Sony | No |
| X | igamatu | ekor.exe | Added by the SDBOT.AQ TROJAN! | No |
| X | igamatu | atecaca.exe | Added by the IRCBOT.R WORM! | No |
| U | igfxhkcmd | hkcmd.exe | Hot Key handler for Intel desktop and mobile motherboard chipsets with integrated graphics. With this enabled, you can access settings like graphics properties and screen rotation via pre-programmed key combinations - such as CTRL+ALT+F12 which displays the graphics properties (otherwise available via a right-click on the desktop or the Control Panel). Different chipset versions may have different pre-programmed settings and in some cases these may be programmable | Yes |
| U | igfxpers | igfxpers.exe | Installed with the graphics drivers for Intel desktop and mobile motherboard chipsets with integrated graphics. It's purpose or function isn't known at present but testing with it disabled would appear to indicate it isn't required - hence the recommended "U" status | Yes |
| X | igfxtras | svchots.exe | Added by the AUTORUN-AIW WORM! | No |
| U | IgfxTray | igfxtray.exe | System Tray access to display settings for Intel desktop and mobile motherboard chipsets with integrated graphics. With this enabled, you can access settings like graphics properties and hot key settings via the icon on the System Tray. Different chipset versions may have different options available. These options are normally also available via the system Control Panel - under Display (XP) or Personalization and Appearance (Vista) | Yes |
| ? | Iglpbv | Iglpbv.exe | ?? | No |
| N | igndlm.exe | DLM.exe | IGN Download Manager has become a requirement for downloading files through FilePlanet.com. It is based on Internet Explorer and it installs through an ActiveX-plugin, hence Internet Explorer must be installed beforehand and downloads has to be initialized through that browser | No |
| X | igsex2x | igsex2x.exe | NewDial premium rate adult content dialler | No |
| X | IGuardPc.exe | IGuardPc.exe | IGuardPc rogue security software - not recommended, removal instructions here. A member of the AntiAID family | No |
| ? | iHP-100 | iHPDetect.exe | Drive Letter Searcher, iRiver iHP-100 iHP and H Series player related - does it need to start with Windows every time? | No |
| X | iilc | IILC.EXE | Homepage hijacker | No |
| X | Iinl | iptl.exe | PurityScan adware | No |
| X | IISADMINS | systems.exe | Added by the AGOBOT.U WORM! | No |
| X | iisvers | iisvers.exe | Added by an unidentified TROJAN or adware | No |
| X | iiuyvyu | uzcx.exe | Added by the AGENT-EOF TROJAN! | No |
| N | iIWiper | Systemwiper.exe | System Wiper from iI Software - allows you to clear the history of your activites from you computer. Run manually on a regular basis | No |
| Y | IJ75P2PSERVER | IJ75P2PS.EXE | Printer utility which is required in order to make the printer work correctly | No |
| U | IJNetworkScanUtility | CNMNSUT.EXE | Network utility available for some Cannon scanners and multifunction devices. Allows the device to see computers on a network and those computers running the utility to control scanning via the Control Panel on the scanner - which saves you having to run back and forth between the scanner and your computer | No |
| Y | IKE Service 95 | IKEService.exe | Associated with PGP. The PGP Tray can be disabled, but without IKESERVICE you won't be able to de- or encrypt anything | No |
| U | iKeyWorks | IKEYMAIN.EXE | A4Tech wireless keyboard driver and utility | No |
| U | IKL | rundll32.exe [path] IKL.dll | IKL surveillance software. Uninstall this software unless you put it there yourself | No |
| X | ilasss | lsass.exe | Added by the INJECT-GZ TROJAN! Note - the legitimate lsass.exe process should not normally figure in Msconfig/Startup! | No |
| N | iLike | ilikesidebar.exe | iLike Sidebar for iTunes and Windows Media Player | No |
| X | iLLeGaL | Mplayer.exe | Added by the HOLAR.C (or GALIL) WORM! Note - this should not be comfused with Windows Media Player which has the same filename | No |
| X | iLLeGaL.exe | Mplayer.exe | Added by the HOLAR.C (or GALIL) WORM! Note - this should not be comfused with Windows Media Player which has the same filename | No |
| X | ilortgdg | keepSafe.exe | Added by the KILLAV.KAX TROJAN! | No |
| ? | ILO_Office_Manager | IntEdReg.exe /OFFMAN | Intense Educational Ltd - Language Office Software. Is it required? | No |
| U | iLyric | iLyric.exe | iLyric plugin for Winamp media player. Allows you to retrieve the lyrics for your songs with the press of a button | No |
| N | iM Start Center | iM_Tray.exe | Installed with the Sound Blaster Audigy range of soundcards. A radio tuner installed if the user chooses during installation. Available via Start -> Programs -> iM Networks -> iM Radio Tuner | No |
| X | Image | rundll32 [path] [trojan filename],Install | Added by the WINSHOW.Y TROJAN! | No |
| Y | Image & Restore | IMAGE32.exe | Part of McAfee Nuts & Bolts. Image/Restore can recover from drives that have been accidentally formatted or completely erased, if Image was recently run | No |
| X | Image Remote Players | sysvn.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| N | Image Transfer | SonyTray.exe | Sony Image Transfer software provides direct image transfer from your digital camera to a PC - can be started manually | No |
| U | ImageDrive-{hex numbers} | ImageDrive.exe | Nero ImageDrive from Ahead - virtual CD/DVD drive software | No |
| U | Imagefox | imagefox.exe | ImageFox 2.0 (formerly available from ACDSee) is an "add-on" graphics previewer for most Windows Open/Save As dialog boxes | No |
| X | Imagemgt32 | Imagemgt32.exe | Added by the GEMA TROJAN! | No |
| X | ImagePath | taskbarmngr.exe | Added by the SDBOT-XB WORM! | No |
| U | ImageTune | dthtml.exe | ImageTune from Hyundai ImageQuest. Rebranded version of Display Tune from Portrait Displays, Inc. - which "is the perfect software utility to initially set-up and adjust your display to achieve its optimum performance. All adjustments are made through a simple graphical user interface" | No |
| X | IMAPI | load.exe | Added by the DOWNDEL-A TROJAN! | No |
| N | iMarkup Client | iUtil.exe | Enables the iMarkup Client web page annotation utility to run in the background and be available in systray. Shortcut available via Start -> Programs | No |
| U | Imatio | imation.exe | Imation Disk Manager - enables you to create a password protected area on your Imation USB flash drive | No |
| X | imchat | imchat.exe | Added by a variant of the IRCBOT TROJAN! | No |
| X | IMClass | Svhosl.exe | Added by an unidentified WORM or TROJAN! | No |
| X | imcssl | xmliwvug.exe | Added by the SLAPER.U TROJAN! | No |
| X | IME | conime.exe | Added by the DLDR-G TROJAN! Note - this is not the legitimate Console IME process of the same filename which is located in %System%. This one is located in %Windir% | No |
| N | imekrmig | imekrmig.exe | Part of MS Input Method Editor which is used to ease the input of Asian characters in MS Office (Chinese, Japanese and this one is Korean) | No |
| N | IMEKRMIG6.1 | IMEKRMIG.EXE | Part of MS Input Method Editor which is used to ease the input of Asian characters in MS Office (Chinese, Japanese and this one is Korean) | No |
| N | Imesh | ?? | Imesh is a file sharing system | No |
| N | Imesh Auto Update | ?? | Update check for the Imesh file sharing system. Turn the update off under "options" | No |
| X | IMEvtMgr.exe | IMEvtMgr.exe | Added by the KEYLOG-AR TROJAN! | No |
| U | ImgIcon | ImgIcon.exe | Displays Iomega icons in Explorer/My Computer, ejects Zip disks on shutdown and displays a special delete confirmation box when deleting files on an Iomega drive. Available via Start -> Programs. If you disable it remember to eject disks first before powering the drive down - hence the "U" recommendation. Note - FreeCell may not run with ImgIcon running | No |
| X | imgit | [path to file] | Added by the BANKER-EM TROJAN! | No |
| N | ImgStart | ImgStart.exe | Used by Iomega drives. Details of its purpose can be found here. Available via Start -> Programs | No |
| N | ImgTask | Imgtask.exe | Related to WalletPix digital photo album. "On some computers, the Wallet Pix device will leave behind a memory-resident file called ImgTask.exe. This file will be located in the operating system directory on your computer (typically C:\windows or C:\winnt). You can remove this file at any time and it will not impact your computer's performance or functionality. The file will be restored each time you plug in the Wallet Pix though" | No |
| U | IMJPMIG | IMJPMIG.EXE | Microsoft's Input Method Editor for the Japanese language which is used to both display and enable the input of characters in e-mails, documents, web forms and other files - should you need to. Found on PCs where East Asian languages have been installed through the Regional and Language options icon in the Control Panel | Yes |
| X | IMJPMIG6.1 | HelpCat.exe | Added by the BESVERIT WORM! | No |
| U | IMJPMIG8.1 | IMJPMIG.EXE | Microsoft's Input Method Editor for the Japanese language which is used to both display and enable the input of characters in e-mails, documents, web forms and other files - should you need to. Found on PCs where East Asian languages have been installed through the Regional and Language options icon in the Control Panel | Yes |
| X | IMJPMIG8.2 | msime82.exe | Added by the VB-CYG WORM! | No |
| ? | immcheck.exe | immcheck.exe | Related to I-FORCE driver for force feedback steering wheel? | No |
| X | ImMsn | timed.exe | Added by the WEBDOR.AK TROJAN! | No |
| U | IMOL | IMOLApp.exe | IncrediMail for Office Outlook Add-On | No |
| U | Imonitor | Plguni.exe | Part of McAfee's QuickClean - which removes internet clutter and unwanted programs. This entry monitor changes made to the registry so that they can be undone later using QuickClean - such as removing programs. QuickClean is now integrated into their Total Protection, Internet Security and AntiVirus Plus products primarily as a file cleaner/shredder and no longer supports program removal | No |
| X | imonitor | [path to trojan] | Added by the IMONI-A TROJAN! | No |
| U | IMONTRAY | imontray.exe | System tray monitoring of fans, temperature, voltage, etc for Intel motherboards. Only needed if you "overclock" or live in hot environment. Can also cause problems when running on a laptop if you change PCMCIA cards | No |
| X | IMprocess | IM-svr.EXE | IMNames adware | No |
| U | ImScInst | ImScInst.exe | Microsoft's Input Method Editor which is used to both display and enable the input of characters from East Asian and Right-to-left (e.g. Arabic) languages in e-mails, documents and other files - should you need to. Found on PCs where these languages have been installed through the Regional and Language options icon in the Control Panel | Yes |
| U | ImScInst.exe | ImScInst.exe | Microsoft's Input Method Editor which is used to both display and enable the input of characters from East Asian and Right-to-left (e.g. Arabic) languages in e-mails, documents and other files - should you need to. Found on PCs where these languages have been installed through the Regional and Language options icon in the Control Panel | Yes |
| U | IMStart | IMStart.exe | InterMute security software related | No |
| U | IMVU | IMVUClient.exe | IMVU chat client that allows you to create "your own avatars who chat in animated 3D scenes" | No |
| X | imwinsrvc | acpmonsrv.exe | Added by the SLAPER.E TROJAN! | No |
| X | IMwire | imwireup.exe | SafeSurfing adware variant | No |
| X | imxecs | vbrun70sp4.exe | Added by the AGOBOT.ALA WORM! | No |
| X | im_autorn | im_1.exe | Added by the IMAV.A WORM! | No |
| X | im_autorn | im_2.exe | Added by the BAGLEDL-BO TROJAN! | No |
| Y | InCD | incd.exe | Ahead InCD packet writing software - similar to DirectCD. For Nero 5.0 or 5.5 (InCD3), it does not need to start with Windows. You can run InCD.exe manually before inserting an appropriately formatted CD-RW (CD-MRW) disk. For Nero 6.0, 6.3 or 6.6 (InCD4), it does need to start with Windows. It does not function correctly when you try to run it manually, and you will not have write access to MRW (Mount Rainier) formatted CD-RW (CD-MRW) or DVD-MRW disks. To regain write access and other features, InCD 4 must start with Windows | No |
| N | IncMail | IncMail.exe | "IncrediMail is an advanced, feature-rich email program that offers you an unprecedented interactive experience. Unique multimedia features will enable you to tailor your email experience so that it fits your mood and personality" | No |
| N | InControl Desktop Manager | DMHKEY.EXE | For Diamond Multimedia video cards. Allows System Tray access to desktop utilities such as screen resolution. Available via Start -> Programs | No |
| X | Incredible Keylogger | AdvKeylog.exe | IncredibleKeylogger spyware | No |
| N | Incredimail | incredimail.exe | "IncrediMail is an advanced, feature-rich email program that offers you an unprecedented interactive experience. Unique multimedia features will enable you to tailor your email experience so that it fits your mood and personality" | No |
| N | Incredimail | IncMail.exe | "IncrediMail is an advanced, feature-rich email program that offers you an unprecedented interactive experience. Unique multimedia features will enable you to tailor your email experience so that it fits your mood and personality" | No |
| X | Index Service | dllhost32.exe | Added by the AGOBOT.CH WORM! | No |
| U | Index Washer | WashIdx.exe | Window Washer from Webroot Software. Useful utility that deletes safe to remove files, cookies, browsing history, etc. Available via from Start -> Programs. Disable within the program options - otherwise it is re-enabled in MSCONFIG | No |
| ? | Indexer | Indexer.exe | Part of the Sharpdesk from Sharp Electronics. "A desktop-based, personal document management application that lets users browse, edit, search, compose, process, and forward both scanned and native electronic documents". What does it do and is it required? | No |
| X | Indexindicator | Indexindicator.exe | Added by the LAZAR TROJAN! | No |
| N | IndexSearch | IndexSearch.exe | Associated with PaperPort scanner software from ScanSoft | No |
| U | IndexTray | IndexTray.exe | Part of Sharpdesk from Sharp Electronics. "A desktop-based, personal document management application that lets users browse, edit, search, compose, process, and forward both scanned and native electronic documents" | No |
| U | IndicatorUty | IndicatorUty.exe | Fujitsu Hotkey Utility displays icons on the screen when you use hotkeys on a Fujitsu Siemens Lifebook, eg, when you press the hotkey for muting the sound, a loudspeaker icon with a cross on it is displayed | No |
| U | IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} | NMIndexStoreSvr.exe | Indexing service that catalogs all the media on your computer so that the files are available to all of the programs in the Nero suite of applications | No |
| X | ine | svchosts.exe | Added by the RBOT.BNL WORM! | No |
| X | INET | inetsync.exe | Meplex adware | No |
| X | Inet DataBase | Inetdbs.exe | Added by the QEDS WORM! | No |
| X | Inet Delivery | inetdl.exe | Inet Delivery adware | No |
| X | Inet Delivery | inetdl_2.exe | Inet Delivery adware | No |
| X | Inetapi | Netapi.exe | Added by the NETDEVIL.14 TROJAN! | No |
| U | inetcntrl | inetcntrl.exe | Bsafe Online - internet filter | No |
| ? | InetConf | inetconf.exe | ?? | No |
| U | Inetd | INETD32.EXE | Windows Inet Daemon from Hummingbird Communications. "Hummingbird Inetd has the advanced ability to conserve PC resources by listening for connection requests and launching server daemons". Provides PCs with the full functionality of a UNIX workstation | No |
| U | inetinfo.exe | inetinfo.exe | Executable used by MS Internet Information Server (IIS). If it's running, then so is IIS. Useful in knowing whether you require the patch for the Code Red worm. Comes with PWS (Personal Web Server) or NT4 and handles ASP-, PHP code (+ more) | No |
| X | inetinfomon manager | inetinfomon.exe | Added by the DONBOMB.A TROJAN! | No |
| X | inetmgr | inetmgr.exe | Actual Names (AdvSearch) Internet Keywords parasite | No |
| X | InetMSN | msnet.exe | Added by a variant of the SDBOT TROJAN! | No |
| X | InetServices | wsock32.exe | Added by the WOCK32-A TROJAN! | No |
| X | infamous.exe | wmplayer.exe | Added by unknown malware. WMPLAYER.EXE is stored in the location and uses the same name as Windows Media Player but that valid Windows program doesn't load at startup | No |
| X | InfeStop | InfeStopRemover.exe | InfeStop rogue spyware remover - not recommended, removal instructions here | No |
| X | info | smss.exe | Added by the VB.EIW WORM! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %System%\inetsrv | No |
| X | INFO DATA | apc.exe | Added by the RANDON.B WORM! | No |
| U | Info Select | is.exe | Info Select from Micro Logic - personal information manager | No |
| X | Info32x | Info32x.exe | Added by the GEMA TROJAN! | No |
| X | InfoData | rundll32.exe ********.dll, realset [* = random char] | Added by the VUNDO TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The random DLL file is found in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| U | InfoPenMSN | InfoPenIM.exe | InfoPenMSN is a MSN Messenger plugin that allows you to send data written/drawn by hand | No |
| ? | Infoplay.exe | Infoplay.exe | Written by New Media Properties, LLC and you're asked if you want to download and install it if you visit one of their search engine websites (which I chose not to). What does it do and is it needed? | No |
| X | Information Update | iu.exe | Detected by Kaspersky as the CENTIM.CH TROJAN! | No |
| U | Infra-red Monitor | IRMON.EXE | System Tray access to infra-red devices. Not required unless you use infra-red devices | No |
| X | infus | infus.exe | Adult content dialler | No |
| U | Infuzer | Infuzer.exe | Infuzer - "is a service that copies dates from the web or an email straight to your electronic calendar". Beware of the following adware trait - "Infuzer provides web site owners with a unique opportunity to communicate with their visitors in a way that is useful and relevant to them, as well as increasing return visits and brand awareness, and providing new e-commerce opportunities" | No |
| X | infwin | infwin.exe | VX2.Transponder parasite updater/installer related | No |
| X | Init | [path to trojan] | Added by the DROPPER.EAT TROJAN! | No |
| X | Init32 | Init32.exe | Added by the WINEX.A TROJAN! | No |
| X | Initial Page | install.exe | EasySearch browser hijack installer | No |
| Y | Initialize8x8 | 8x8_init.exe | Tool that initializes a Pinnacle PCTV card - maybe in capture or in showing overlay | No |
| X | inixs | minix32.exe | Added by the AGENT.CKQX TROJAN! | No |
| X | injob | injobs.exe | Added by the BINJO TROJAN! | No |
| N | Ink Monitor | InkMonitor.exe | Associated with Epson (and maybe other) printers. Tells you when the ink's running low and asks if you want to buy another cartridge on-line | No |
| N | InkWatch | InkWatch.exe | Associated with Canon (and maybe other) printers. Tells you when the ink's running low and asks if you want to buy another cartridge on-line | No |
| Y | InoRPC | InoRpc.exe | Associated with eTrust Antivirus/InoculateIT | No |
| Y | InoRT | InoRT9x.exe | Associated with the Realtime Monitor of eTrust Antivirus/InoculateIT version 6 virus scanners from Computer Associates. For NT/2K/XP users you may need a patch if seeing high CPU useage | No |
| U | InoTask | InoTask.exe | Scheduled scans and signature updates for eTrust Antivirus/InoculateIT version 6 virus scanners from Computer Associates. Leave enabled unless you manually update signatures or perform routine scans. If enabled it can result in high CPU useage when performing updates | No |
| X | iNotice | iservice.exe | Added by a variant of an MSN worm that tries to lure people to an infected site by using nude pictures and videos | No |
| ? | insCOA5 | insCOA5.exe | ?? | No |
| X | Insider | Insider.exe | Added by the AGENT.KMC TROJAN! | No |
| U | InstaAlert | InstaAlert.exe | "Kayako InstaAlert allows you to receive realtime alerts whenever a ticket gets updated under the assigned departments. The application displays popups as and when the tickets are created or replied to allowing you to answer your customer requests and issues promptly" | No |
| X | Instafinder | instafinder.exe | TopSearch.D adware | No |
| X | InstaFinderK | InstaFinderK inst.exe | InstaFinder adware | No |
| X | Install | Install.exe | Added by the BANCBAN-HG TROJAN! | No |
| X | Install part II | updates.exe | Added by the RELFEERWORM! | No |
| ? | Install Pending Files | sifxinst.exe | Uninstall program for Lanovation's Prism Deploy and Prism Pack adminstrators software deployement tools. For specific information see here. Is it required? | No |
| x | install32 | install32.exe | Added by the NUCLEAR.DG BACKDOOR! | No |
| N | InstallAurealDemos | InstallAurealDemos.js | Used to initialize the Aureal A3D demos InstallShield wizard | No |
| U | InstallBuddy | Ibtna.exe | InstallBuddy - automatically translates and installs your desktop documents, such as Adobe PDF, HTML, Microsoft Word, Excel and PowerPoint files, to your Palm organizer when you HotSync | No |
| X | InstallCleaner | InstallCleaner.exe | Added by the ANYHOMB.F TROJAN! | No |
| X | Installed shell32.dll | Office.exe... | Added by the LOVGATE.AO WORM! | No |
| X | Installed shell32.dll | Office.exe | Added by the LOVGATE.E WORM! | No |
| X | Installer | dial.exe | Malware - detected by Kaspersky as the AGENT.MM TROJAN! | No |
| ? | InstallNAIProduct | SETUP.EXE | Could be related to Network Associates Inc who own the McAfee VirusScan product amongst others. This was found in a directory called "VSC". Could it be an installation that failed and "SETUP.EXE" was left to run at startup as an error? | No |
| X | InstallProgram | [path to trojan] | Added by the AGENT-HHU TROJAN! | No |
| X | InstallProvider | newsoftware2007install.exe | Part of WinAntiVirusPro 2007 and Privacy Protector rogue security software (and possibly others) - not recommended | No |
| X | Installs SP2 | [path] repcale.exe [path] palsp.exe | Added by a variant of the RANDON.AN WORM! Both files are located in %System%\qpalsp | No |
| X | Installs SP4 | [path] repcale.exe [path] p0rd.exe | Added by the RANDON-AK WORM! Both files are located in %System%\ekrlgc | No |
| U | Installstub | installstub.exe | Tool for Outlook and Outlook Express from Plaxo for organising and keeping contacts organised and updated and providing online access to your contacts and access from PDA or mobile phone | No |
| X | Instance 001 | [path to worm] | Added by the ALASROU-A WORM! | No |
| X | Instant Access | rundll32.exe EGDHTML_1023.dll, InstantAccess | InstantAccess premium rate adult content dialler variant. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| X | Instant Access | rundll32.exe eg_auth_****.dll, InstantAccess [**** = digits] | InstantAccess premium rate adult content dialler variant. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| X | Instant Access | rundll32.exe EGCOMLIB_****.dll, InstantAccess [**** = digits] | InstantAccess premium rate adult content dialler variant. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| X | Instant Access | rundll32.exe EGCOMSERVICE_****.dll, InstantAccess [**** = digits] | InstantAccess premium rate adult content dialler variant. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| X | Instant Access | rundll32.exe p2esocks_****.dll, InstantAccess [**** = digits] | InstantAccess premium rate adult content dialler variant. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| X | Instant Access | mwsrvacc.exe | InstantAccess premium rate adult content dialer | No |
| X | Instant Access | linewsrv.exe | InstantAccess premium rate adult content dialer variant | No |
| X | Instant Buzz Daemon | IBDaemon.exe | Instant Buzz adware | No |
| X | Instant Messenger Service | imservice.exe | Detected by Kaspersky as the HEUR TROJAN! | No |
| X | instant messengers | instantmsgtr.exe | Added by the AGOBOT-PC BACKDOOR! | No |
| N | Instant Update Center | reminder.exe | Event reminder for calendar dates, etc from Broderbund PrintMaster. Disable using the program's own option (if available) or a startup manager as it will re-instate if disabled via MSConfig | No |
| U | Instant Wireless Configuration Utility | WUSB11cfg.exe | Utility used by the LINKSYS LINKSYS wireless USB Adapter (WUSB11) and indicates when a wireless access connection is made by a screen colour change. Also used for configuration | No |
| U | Instant Wireless Configuration Utility | WPC11Cfg.exe | Utility used by the LINKSYS wireless USB Adapter (WUSB11) and indicates when a wireless access connection is made by a screen colour change. Also used for configuration | No |
| N | InstantAccess | INSTAN~1.EXE | From TextBridge Pro 9.0 OCR scanner software. Available via Start -> Programs | No |
| U | InstantDrive | InstantDrive.exe | Pinnacle Systems (ex VOB) InstantDrive - creates a virtual CD-ROM drive on the computer's hard drive. Part of InstantCD/DVD burning software | No |
| X | InstantPleasure | instantpleasure.exe | Adult content dialler | No |
| X | InstantPleasureXXX | instantpleasurexxx.exe | Adult content dialler | No |
| N | InstantTray | PCLETray.exe | Pinnacle InstantCD/DVD disc creation software. Tray icon enabling a pop-up menu that lets you call up any of Instant CD/DVD's tools with one click. Can be started manually | No |
| X | instit | instit.bat | Added by the OPASERV.H WORM! | No |
| X | instit | INSTIT.BAT | Added by the OPASERV.K WORM! | No |
| ? | InstUtlR.exe | InstUtlR.exe | ?? | No |
| X | intdctrr | idctup20.exe | SafeSurfing adware variant | No |
| X | Intec Service Drivers | msmsgrs.exe | Added by the SDBOT-ADN WORM! | No |
| X | Intec Service Drivers | [path to worm] | Added by the RBOT-GLU WORM! | No |
| X | Intec Service Drivers | wing32.exe | Added by the RBOT.HAZ WORM! | No |
| X | Intec Service Drivers | msmsgredss.exe | Added by the SDBOT-AGL WORM! | No |
| X | Intec Services Driverrs | winrvc.exe | Added by a variant of the SDBOT WORM! | No |
| X | Intec Services Drivers | msupdate22e.exe | Added by the RBOT-CGC WORM! | No |
| U | IntegardTray | IntegardTray.exe | System Tray access to Integardparental control software from Race River Corp | No |
| U | Intel Active Monitor | imontray.exe | System tray monitoring of fans, temperature, voltage, etc for Intel motherboards. Only needed if you "overclock" or live in hot environment. Can also cause problems when running on a laptop if you change PCMCIA cards | No |
| X | Intel Audio Studio V2.0 | fmideploy.exe | Detected by VBA32 as the BIFROSE.ADR TROJAN! | No |
| X | Intel Driver | csrs.exe | Added by a variant of the SDBOT WORM! | No |
| U | Intel File Transfer | xfr.exe | Part of Intel's LANDesk Management Suite 6 and the Common Base Agent (CBA) - used for communicating between the core server and managed clients | No |
| U | Intel PDS | pds.exe | Intel Ping Discovery Service (PDS). Part of Intel's LANDesk Management Suite 6 and the Common Base Agent (CBA) - used for communicating between the core server and managed clients. Will start the dial-up if installed and enabled | No |
| X | Intel Physical Routine 1.2A | stnetlib.exe | Added by the BACKDR-AS BACKDOOR! | No |
| U | Intel Product Number Utility | IntelProcNumUtility.exe | Intel Processor Serial Number Control Utility allows you to enable and disable the processor serial number capability of an Intel PIII processor. You can find more information here. System Tray icon providing the user with a visual state indication. You can find more information here | No |
| N | Intel PROSet Tray Icon | promon.exe | System Tray icon for Intel PRO series ethernet adapters giving access to the diagnostic features | No |
| X | Intel Service Drivers | msconfig16.exe | Added by the MSCONFIG16 TROJAN! | No |
| X | Intel system tool | hookdump.exe | Added by the SPYRE-H TROJAN! | No |
| X | Intel system tool | winnook.exe | Added by the SPYRE-C TROJAN! | No |
| X | Intel system tool | svehost.exe | Added by the AGENT-EBT TROJAN! | No |
| X | Intel system works | iis.exe | Added by the RBOT.QGA WORM! | No |
| U | Intel(R) Common User Interface | igfxtray.exe | System Tray access to display settings for Intel desktop and mobile motherboard chipsets with integrated graphics. With this enabled, you can access settings like graphics properties and hot key settings via the icon on the System Tray. Different chipset versions may have different options available. These options are normally also available via the system Control Panel - under Display (XP) or Personalization and Appearance (Vista) | Yes |
| U | Intel(R) Common User Interface | hkcmd.exe | Hot Key handler for Intel desktop and mobile motherboard chipsets with integrated graphics. With this enabled, you can access settings like graphics properties and screen rotation via pre-programmed key combinations - such as CTRL+ALT+F12 which displays the graphics properties (otherwise available via a right-click on the desktop or the Control Panel). Different chipset versions may have different pre-programmed settings and in some cases these may be programmable | Yes |
| U | Intel(R) Common User Interface | igfxpers.exe | Installed with the graphics drivers for Intel desktop and mobile motherboard chipsets with integrated graphics. It's purpose or function isn't known at present but testing with it disabled would appear to indicate it isn't required - hence the recommended "U" status | Yes |
| X | intel32.exe | intel32.exe | Added by the SmitFraud alias SPYJACK-B TROJAN! | No |
| U | IntelAPMClient | amclient.exe | LANDesk® Management Suite software component | No |
| N | IntelAudioStudio | IntelAudioStudio.exe | "Intel Audio Studio combines Intel® High Definition audio hardware features with Sonic Focus* Audio Refinement and Dolby* technologies to provide you with a comprehensive tool that puts you in control of your audio experience". Audio utility supplied with some Intel motherboards | No |
| X | InteliSys | smss.exe | Advertisingvision adware. Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | intell32.exe | intell32.exe | Added by the SmitFraud alias Desktophijack.C TROJAN! | No |
| X | intell321.exe | intell321.exe | Added by the SPYJACK-B TROJAN! | No |
| X | Intelli Mouse Pro Version 2.0B | ncsjapi32.exe | Added by the BUZUS-O WORM! | No |
| X | Intelliflag_be.exe | Intelliflag_be.exe | Intelliflag spyware | No |
| U | IntelliPoint | point32.exe | Microsoft IntelliPoint utility (up to version 5.4) - required to support the programmable buttons and additional features and on Microsoft's range of mice, If this entry is disabled, any programmed buttons or program-specific settings will not be supported | Yes |
| U | IntelliPoint | ipoint.exe | Microsoft IntelliPoint utility (from version 5.5) - required to support the programmable buttons and additional features and on Microsoft's range of mice, If this entry is disabled, any programmed buttons or program-specific settings will not be supported | Yes |
| U | Intellitype | type32.exe | Microsoft IntelliType Pro utility (up to version 5.4) - required to support the multimedia keys, programmed keys and key macros on Microsoft's range of keyboards. If this entry is disabled, any programmed keys or actions will not be supported and keys will not function as expected in applications with advanced text services enabled | No |
| U | IntelMEM | IntelMEM.exe | Related to connection events on an Intel chipset based modem. It can alert you if the telephone line is being used when you're trying to get online (when you're using dial-up). It can also alert you if your modem line is disconnected. Furthermore, it can alert you if you have made a wrong connection with your modem line | No |
| X | Intelprc | Aas3lovu.exe | Added by the SILLYFDC-CG WORM! | No |
| U | IntelProcNumUtility | cpunumber.exe | Intel Processor Serial Number Control Utility allows you to enable and disable the processor serial number capability of an Intel PIII processor. You can find more information here. System Tray icon providing the user with a visual state indication. You can find more information here | No |
| Y | IntelWireless | ifrmewrk.exe | Associated with the Intel PRO/Set Wireless software | No |
| U | IntelZeroConfig | ZCfgSvc.exe | Zero Config MFC Application, part of Intel's ProSET utilities and installed by the drivers for many of Intel wireless network cards - essential to the proper functioning of many of the Intel ProSET utilities (but not all) and these System Tray ProSET utilities are a must if you are using your wireless connection, if only so you know when the signal is fading or dropping. The problem is that, in some PCs, ZCFGSVC can be incredibly badly behaved : taking up to 100% of CPU time and therefore resulting in an extremely slow PC, preventing the installation of software or Windows updates, or causing "Not Responding" or "End this Program" shutdown problems. If you experience this, try first the very latest drivers from Intel or your laptop manufacturer. If that still does not solve the problem and you have WinXP/2003, try setting the "Wireless Zero Configuration" service to disabled | No |
| ? | Intense Registry Service | IntEdReg.exe /CHECK | Intense Educational Ltd - Language Office Software. Is it required? | No |
| X | InterceptedSystem | [path to worm] | Added by the ANACON-B WORM! | No |
| Y | InterCheck Monitor | Icmon.exe | Part of Sophos ant-virus sofware | No |
| Y | InterCheckMonitor | ICMON.EXE | Part of Sophos anti-virus sofware | No |
| X | Interdll | Interdll.exe | Added by the DELF family of TROJANS! | No |
| X | Internal | [trojan filename] | Added by the SMOTHER and TRANSLAT TROJANS! | No |
| X | Internal | regedit.exe /s c[month number] | Added by the FORTNIGHT.D TROJAN! Note that the Windows registry editor (regedit.exe) is a legitimate Microsoft file located in %Windir% and shouldn't be deleted. The file "c[month number]" is located in %Windir%, ie, C:\Windows\c10 | No |
| X | Internal Memory File | sysintmemory.exe | Added by the RBOT-GKT WORM! | No |
| X | InternalSystray | Kazza.exe | Added by the OPTIXPRO.12.C BACKDOOR! Note - unlike the valid KaZaA executable, this is located in %System% | No |
| X | internat | internat.exe | Added by the LYDRA-F TROJAN! Note - the real internat.exe resides in %windir%\system (where %windir% is the Windows directory - C:\Windows or C:\Winnt) whereas this version resides in %windir% | No |
| X | Internat | systray.exe | Added by the ALADINZ.P TROJAN! Note - this is not the legitimate systray.exe process. If you right-click on the real systray.exe the "Properties" reveal it to be a Microsoft file | No |
| X | Internat | msgsrv32.exe | Added by the NYRUBOT-A BACKDOOR! Note - this is not the legitimate msgsvr32.exe process on a Win9x/Me system which should not appear in MSConfig/startup! | No |
| X | Internat | [trojan filename] | Added by the CMJSPY-Y TROJAN! | No |
| X | Internat Conf | bootconf.exe | Homepage hijacker, redirecting to coolwwwsearch.com; see for example here | No |
| N | internat.exe | internat.exe | Microsoft language selection icon in system tray, located in the System (Win98/Me) or System32 (WinNT/2K/XP) folder | No |
| X | Internat.exe | internat.exe | Added by the NETSNAKE TROJAN! Note - the real internat.exe resides in %windir%system (Win98/Me) or %windir%System32 (WinNT/2K/XP) (where %windir% is the Windows directory - C:\Windows or C:\Winnt) and has a "?" icon wheras this version resides in %windir% and has a ZIP icon | No |
| X | internct | WinSocks5.exe | Added by the GRAYBIRD.F TROJAN! | No |
| X | internet | smss.exe | Added by the MIFENG-K TROJAN! Note - this is not the legitimate smss.exe process which should NOT appear in Msconfig/Startup! | No |
| X | Internet | Internet.exe | Added by the PWS-CS TROJAN! | No |
| X | Internet | recruit.exe | Added by the RBOT-AJG WORM! | No |
| X | internet | [trojan filename].exe | Added by the MIFENG-D TROJAN! | No |
| X | Internet | winlogom.exe | Added by a variant of the SDBOT WORM! | No |
| X | Internet | nteusodp.exe | Added by the RBOT-GFJ WORM! | No |
| X | internet | winsas32.exe | Added by a variant of the SDBOT WORM! | No |
| X | internet | lsass.exe | Added by the DSPY-A TROJAN! Note - this is not the legitimate lsass.exe process which should not normally figure in Msconfig/Startup! | No |
| X | Internet | alm7tas.exe | Added by a variant of the RBOT WORM! | No |
| X | Internet | wins.exe | Added by the RBOT.AAYF WORM! | No |
| U | Internet Answering Machine | IAMNET~1.EXE | From Callwave. It offers a free utility to monitor your incoming phonecalls if you only have a single telephone line for internet access | No |
| U | Internet Answering Machine | IAM.exe | From Callwave - offers a free utility to monitor your incoming phonecalls if you only have a single telephone line for internet access | No |
| X | Internet Antivirus | IAvir.exe | Internet Antivirus rogue security software - not recommended, removal instructions here | No |
| X | Internet Antivirus Pro | IAPro.exe | Internet Antivirus Pro rogue security software - not recommended, removal instructions here | No |
| X | Internet Application Driver | expIorer.exe | Added by the IRCBOT-WK TROJAN! | No |
| U | Internet Call Director | ICD.EXE | TELUS Internet Call Director (ICD) provides Internet users with real-time call notification while connected to the Internet | No |
| U | Internet Call Manager | ICM.EXE | Starts Internet Call Manager dialog box and/or taskbar icons at bootup. This is a subscription program from internetcallmanager.com that monitors a dialup phone line for incoming calls and handles voicemail | No |
| X | Internet Config | svchosts.exe | Added by the SDBOT TROJAN! | No |
| X | Internet Connection Wizard | stisvsq.exe | EasySearch adware | No |
| X | Internet Connection Wizard | [path to trojan] | Added by the SMUTSRCH-A TROJAN! | No |
| X | Internet Connection Wizard | stisvsq1.exe | Added by the DLOADR-AWD TROJAN! | No |
| X | Internet Content Publisher | ICP.EXE | Added by the RBOT-UD WORM! | No |
| U | Internet Disk Cleaner | CLEARH~1.EXE | "Internet Disk Cleaner from Elongsoft "protects your privacy by cleaning up all Internet tracks and past computer activities" | No |
| U | Internet Download Accelerator | ida.exe | Internet Download Accelerator download manager | No |
| X | Internet download manager service | idman.exe | Added by the RBOT-BMS WORM! | No |
| X | Internet Exploere Services | urlmon32.dll.exe | Added by the EVIAN.C WORM! | No |
| X | Internet Explore Microsoft | lEXPLORE.EXE | Added by the RBOT-AOF WORM! Note - the executable is spelt with a lower case "L" rather than an lower or upper case "i" which is the case with Internet Explorer | No |
| X | Internet Explorer | iexplorer.exe | Added by the LORSIS WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) | No |
| X | Internet Explorer | IEXPLORE.EXE | Added by the RBOT-EY WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System% | No |
| X | Internet Explorer | IExplorer.exe | Added by the NETHIEF-O BACKDOOR! Note - this is not the legitimate Internet Explorer (iexplore.exe) | No |
| X | Internet Explorer | http.exe | Added as part of a new potential CWS infection, and part of a suite of programs that installs a web server, php, ftp server, socks, and mail server on your computer without your knowledge. These files are known to be part of an infection that transmits information about your bank accounts, passwords, and other financial information. It should be deleted immediately, you should enable your firewall, and you should contact your financial services in order to report the issue and to have your passwords changed | No |
| X | Internet Explorer | iexpiore.exe | Added by the RBOT-AZC WORM! | No |
| X | Internet Explorer | IEPLORE32.EXE | Added by the AGOBOT-CU WORM! | No |
| X | Internet Explorer | twain.exe | Added by the AGENT.BEA TROJAN! | No |
| X | Internet Explorer Agent | iexplorer.exe | Added by the AGENT-BH TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe) | No |
| X | Internet Explorer Configuration | IEXPLORE.EXE | Added by the SDBOT-UL WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System% | No |
| X | Internet Explorer Security | iexplore.pif | Added by the RBOT-ALQ WORM! | No |
| X | Internet Explorer Sys32 | isys32.exe | Added by the IRCBOT-ADA WORM! | No |
| X | Internet Explorer Updater | lexbac.exe | Added by the DOWNLOAD TROJAN! | No |
| X | Internet Explorer Updater | iexplorer.exe | Added by the REUR.B WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) | No |
| X | Internet Explorer6 | IEexplore.exe | Added by the RBOT.AGC WORM. Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System% | No |
| X | Internet Explorer6.0 | IEXPLORE.EXE | Added by the RBOT.ENZ WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System% | No |
| X | Internet Firewall Layer | tsqla.exe | Added by a variant of the SPYBOT WORM! | No |
| U | Internet History Eraser | HERASER.exe | Internet History Eraser - deletes your browsing tracks | No |
| X | Internet Loader1 | MSInstall61.exe | Added by the KWBOT.B WORM! | No |
| X | Internet Mail and News | msqdevl.exe | EasySearch adware | No |
| X | Internet Mail and News | [path to trojan] | Added by the SMUTSRCH-A TROJAN! | No |
| X | Internet Mail and News | msqdevl1.exe | Added by the DLOADR-AWD TROJAN! | No |
| X | Internet Optimizer | optimize.exe | Internet Optimizer parasite - detected by Sophos as the DLUCA-G TROJAN and variants | No |
| X | Internet Protocol Configuration Loader | ipcl32.exe | Added by the SDBOT TROJAN! | No |
| X | Internet Security 2010 | IS2010.exe | Internet Security 2010 rogue security software - not recommended, removal instructions here | No |
| X | Internet Security Service | msq32.exe | Added by the RBOT-GFP WORM! | No |
| X | Internet Security Service | msq23.exe | Added by the RBOT-GQL WORM! | No |
| X | Internet Security Service | msql23.exe | Added by the RBOT-GML WORM! | No |
| X | Internet Security Service | mysqlwin32.exe | Added by the RBOT.UX TROJAN! | No |
| X | Internet Send | More log.exe | Unidentfied adware | No |
| X | Internet Server | inetsrv.exe | Added by the STARTPA-EM TROJAN! | No |
| X | Internet Service | intersvc.exe | Added by the SPYBOT-DE WORM! | No |
| X | internet service | syscfg32.exe | Added by the RBOT-QS WORM! | No |
| X | internet service | ssvhost.exe | Added by a variant of the RBOT WORM! | No |
| X | internet service | svho0st98.exe | Added by the RBOT.EAT WORM! | No |
| X | Internet Services | systemdev.exe | Added by the SDBOT-PW WORM! | No |
| X | Internet Services | internet.exe | Added by the MYTOB.BT WORM! | No |
| X | Internet Services | interserv.exe | Added by the RBOT.BNT WORM! | No |
| X | Internet Services | Netsvc.exe | Added by the MYTOB.MN WORM! | No |
| X | INTERNET SERVISES | winz32.exe | Added by the KWBOT.Z WORM! | No |
| Y | Internet Sharing Server | iss_srvr.exe | Intel AnyPoint internet sharing software. Now discontinued | No |
| X | Internet Suspention | story.exe | Added by the WOOTBOT.HV WORM! | No |
| N | Internet Sweeper | Sweeper.exe | Internet Sweeper - removes unnecessart left over files after browsing the internet | No |
| U | Internet Timer | ITIMER.exe | Shareware dial-up connection call cost calculator from Ratsoft | No |
| X | Internet Washer Pro | iw.exe | Internet Washer manages temporary browser files, cookies, etc - a 'trial' Internet Washer Pro seems to have been widely stealth-installed around March 2003 | No |
| X | Internet.exe | Internet.exe | Added by the MAGICCALL VIRUS! | No |
| X | internet.exe | yinyin3345.vbs | Added by the YINI MACRO! | No |
| X | Internet2 Optimizer | wkfix.exe | Added by a variant of the RBOT WORM! | No |
| N | InternetCalls | InternetCalls.exe | InternetCalls - free internet telephony utility using the VoIP (Voice over Internet Protocol). Call online friends for free and regular phones either for free (limited use) or low rates. One of a number provided by Betamax - the others generally have different rate plans. Similar to the more popular Skype | Yes |
| X | InternetExplorer2 | windows.exe | Added by the SDBOT-CZP WORM! | No |
| X | InternetExplorer32 | iexplore32.exe | Added by the RBOT-GRA WORM! | No |
| X | InternetGetConnectedState | winupdate.exe | Added by the SDBOT-JN WORM! | No |
| X | InternetGetConnectedStateEx | winupdate.exe | Added by the SDBOT-JN WORM! | No |
| X | InternetShield | INTERN~1.EXE | InternetShield rogue security software - not recommended, see here | No |
| X | InternetShield | InternetShield.exe | InternetShield rogue security software - not recommended, see here | No |
| U | InternetSpy | InternetSpy.exe | Internet Spy - freeware keylogger that tracks all visited websites including the date and exact time these sites were visited. The information is stored in a file that may be accessed by the person who knows where it is saved. Remove unless you installed it yourself! | No |
| X | InternetWasherPro | iw.exe | Internet Washer manages temporary browser files, cookies, etc - a 'trial' Internet Washer Pro seems to have been widely stealth-installed around March 2003 | No |
| X | INTERNET_SERVISES | winz32.exe | Added by the SDBOT.Q TROJAN! | No |
| U | InternodeUsage | mum.exe | Australian ISP's free monthly download meter | No |
| X | Internt | Internt.exe | Added by the PEEPER or CARUFAX.A TROJANS! | No |
| X | Inters Configuration Loader | RCL0ADERS.exe | Added by the SDBOT-KX WORM! | No |
| X | Intersoft Msngr | intersoftmsngr.exe | Added by the AGOBOT-NW WORM! | No |
| N | InterTrust Quick Start | it_cpq~1.exe | InterTrust offers something known as Digital Rights Management to control legal software download and other E-commerce related business | No |
| X | InterU | WINDRV.EXE | Added by the IRCINTER.A TROJAN! | No |
| N | Intervideo Win Cinema Manager | WinCinemaMgr.exe | WinCinema Manager is needed when using the WinDVD Remote Control for WinDVD from Intervideo. Available via Start -> Programs | No |
| N | Intervideo Win Cinema Manager | WINCIN~1.EXE | WinCinema Manager is needed when using the WinDVD Remote Control for WinDVD from Intervideo. Available via Start -> Programs | No |
| N | Intervideo WinCinema Manager | WinCinemaMgr.exe | WinCinema Manager is needed when using the WinDVD Remote Control for WinDVD from Intervideo. Available via Start -> Programs | No |
| N | Intervideo WinCinema Manager | WINCIN~1.EXE | WinCinema Manager is needed when using the WinDVD Remote Control for WinDVD from Intervideo. Available via Start -> Programs | No |
| N | Intervideo WinScheduler | WinScheduler.exe | WinScheduler is installed with WinDVD Remote Control for WinDVD from Intervideo. If you want to schedule recordings from your TV tuner card, you will need it. Available via Start -> Programs | No |
| N | Intervideo WinScheduler | SchSvr.exe | WinScheduler is installed with WinDVD Remote Control for WinDVD from Intervideo. If you want to schedule recordings from your TV tuner card, you will need it. Available via Start -> Programs | No |
| N | InterVoip | InterVoip.exe | InterVoip - free internet telephony utility using the VoIP (Voice over Internet Protocol). Call online friends for free and regular phones either for free (limited use) or low rates. One of a number provided by Betamax - the others generally have different rate plans. Similar to the more popular Skype | Yes |
| U | InterWARN | interwarn.exe | InterWARN by Storm Alert Inc. Provides customized, automated access to critical weather and civil emergency information from the US National Weather Service. Required if audio and screen crawler alerts are desired. Also available via Start -> Programs | No |
| X | Intespention | IEXPLORE.exe | Added by the FORBOT-FL WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System% | No |
| X | Intmgr | Intmgr.exe | Added by the GEMA TROJAN! | No |
| X | intranet | SYS32CFG.EXE | Added by the SPYBOT-DW WORM! | No |
| X | Intranet | intranet.exe | Added by the CHIMOZ.AC TROJAN! | No |
| X | Intranet | schost.exe | Added by the RBOT.SV BACKDOOR! | No |
| X | Intranet Explorer | [random filename] | Added by the POEBOT.DK BACKDOOR! | No |
| X | Intrenat | Intrenat.exe | Added by the LEMIR.E TROJAN! | No |
| N | Introducing Media Manager | SPLASHA.EXE | MS Media Manager tour. Not required | No |
| N | Introduction-Registration | ?? | For Compaq PC's. Should only run first time, PC Introduction & Compaq registration | No |
| X | IntruderAlert | ia99.exe | Intruder Alert '99 from Bonzi - spyware | No |
| X | IntSys1 | [path to trojan] | Added by the BANLOA-ASE TROJAN! | No |
| U | Inventory Scan | LDISCN32.EXE | LANDesk® Management Suite software component | No |
| X | Ioadqm | Media Player.exe | Added by the HAWAWI WORM! | No |
| N | iobi | iobiClient.exe | iobi Home - a mail/voice service by Verizon | No |
| Y | iolo AntiVirus | ioloAV.exe | iolo AntiVirus | No |
| Y | iolo Personal Firewall | ioloFW.exe | iolo Personal Firewall | No |
| U | Iolo Task Agent | Task_Agent.exe | Iolo System Mechanic Task Agent. Scheduled maintenance | No |
| N | iolo Utility Bar | SMUtilityBar.exe | Iolo System Mechanic Utility Bar - can be launched manually | No |
| U | ioloDelayModule | delay.exe | Part of Iolo System Mechanic. Used to delay the start of an application which loads automatically as Windows loads | No |
| U | Iomega Automatic Backup | ibackup.exe | Iomega Automatic Backup - automatic backups for use with Iomega portable HDD | No |
| U | Iomega Automatic Backup 1.0.1 | ibackup.exe | Iomega Automatic Backup - automatic backups for use with Iomega portable HDD | No |
| N | Iomega Backup Scheduler | dtiom98.exe | Used by Iomega drives. Details of its purpose can be found here. Available via Start -> Programs | No |
| U | Iomega Disk Icons | IMGICON.EXE | Displays Iomega icons in Explorer/My Computer, ejects Zip disks on shutdown and displays a special delete confirmation box when deleting files on an Iomega drive. Available via Start -> Programs. If you disable it remember to eject disks first before powering the drive down - hence the "U" recommendation. Note - FreeCell may not run with ImgIcon running | No |
| U | Iomega Drive Icons | IMGICON.EXE | Displays Iomega icons in Explorer/My Computer, ejects Zip disks on shutdown and displays a special delete confirmation box when deleting files on an Iomega drive. Available via Start -> Programs. If you disable it remember to eject disks first before powering the drive down - hence the "U" recommendation. Note - FreeCell may not run with ImgIcon running | No |
| U | Iomega ImIconXP | imiconxp.exe | Iomega REV System Software - allows your Iomega REV drive to interact with the operating system via the Iomega REV UDF file system, and provides drag-and-drop file access, access and write protection, and formatting of the disks | No |
| ? | Iomega QuickSync | Quicksync.exe | ?? | No |
| N | Iomega Startup Options | IMGSTART.EXE | Used by Iomega drives. Details of its purpose can be found here. Available via Start -> Programs | No |
| N | Iomega Watch | IOWATCH.EXE | Used by Iomega drives. Available via Start -> Programs | No |
| N | IomegaWare | COMMANDER.EXE | Used by Iomega drives. Details of its purpose can be found here. Available via Start -> Programs | No |
| X | Iomega_loader | Iomega_loader.exe | Added by the ANTINNY.F WORM! | No |
| U | Iomon98.exe | Iomon98.exe | PC-Cillin 98 real time virus check. Can cause floppy disk accesses to hang | No |
| X | ioroxxo microsoft sux | system32.exe | Added by a variant of the RBOT WORM! | No |
| X | IP | IP.EXE | Added by the AGOBOT-QO WORM! | No |
| U | IP Changer 2.0 | IPChanger.exe | IP Changer 2.0 from Plustech Inc - network configuration management tool | No |
| X | IP Packet Redirect Service | ipredirect.exe | Added by the FORBOT.SM WORM! | No |
| X | IP Stack | ipstack.exe | Added by the AGOBOT.CW WORM! | No |
| X | IP**.exe [* = random char] | IP**.exe [* = random char] | CoolWebSearch/HomeSearch adware - for examples, see this log | No |
| X | IP**32.exe [* = random char] | IP**32.exe [* = random char] | CoolWebSearch/HomeSearch adware - for examples, see this log | No |
| N | iPalm | mon.exe | Installed with a Panasonic iPalm digital camera. Used to upload photos from the camera. If your camera is not connected (via USB port) you do not need this program loaded | No |
| X | IPC Connection | ipcconn.exe | Added by the RBOT-AEG WORM! | No |
| X | IPC Spool Manager | wnmgre.exe | Added by the SDBOT-ZC WORM! | No |
| X | IPC Spool Manager | winspec.exe | Added by the SDBOT-BLU WORM! | No |
| X | ipcfg.exe | ipcfg.exe | Adware - detected by McAfee as a variant of the ADCLICKER-BM TROJAN! | No |
| X | IPConfig | svcxnv32.exe | Added by the HACARMY.E TROJAN! | No |
| X | IPConfig | svcxnw32.exe | Added by a variant of the HACARMY.E TROJAN! | No |
| X | IPConfig | ipconfigs.exe | Added by the HACARMY.C BACKDOOR! | No |
| X | IpCtrl | ipcon32.exe | Added by an unidentified VIRUS, WORM or TROJAN! | No |
| X | IPFW | ipwf.exe | Added by the DLOADER-YF TROJAN! | No |
| ? | IPHSend | IPHSend.exe | AOL related. What does it do and is it required? | No |
| N | IPInSightLAN 01 | IPClient.exe | IP Insight is a Quality of Service monitor and diagnostic tool that isn't required - see here for more information. Included with services from BellSouth, Visual Networks and others. If you have more that one such service installed there may be two or more entries - i.e., IPInSightLAN 02, etc | No |
| N | IPInSightMonitor 01 | IPMon32.exe | IP Insight is a Quality of Service monitor and diagnostic tool that isn't required - see here for more information. Included with services from BellSouth, Visual Networks and others. If you have more that one such service installed there may be two or more entries - i.e., IPInSightMonitor 02, etc | No |
| Y | IPinst | N/A | For Gilat Communications internet satellite systems. Gilat rescue (Satellite system restore). Required if you have this system. Can cause a BSOD (blue screen of death) if left out | No |
| X | IPLog Security | iplogsec.exe | Added by the IRCBOT.GP BACKDOOR! | No |
| ? | iPlusAgent2 | iAgent2.exe | Related to iriver portable media products. What does it do and is it required? | No |
| X | ipmon.exe | ipmon.exe | Added by the RECERV or R3C.B TROJANS! | No |
| X | IpNetwork | ipnetwork.exe | Maxifiles adware | No |
| X | Ipnuker | Ipnuker.vbs | Added by the INKER.B WORM! | No |
| N | IPO3 | IP Operator 2005.exe | IP Operator 2005 - found on LG Electronics Notebook. The applet makes network connections easier to view and manage than does the standard Windows Network Connections tool. The WLAN module is easy to turn on or off with the press of a single button | No |
| X | Ipod Help | [9 random letters].exe | Added by a variant of the RBOT WORM! | No |
| X | iPOD USB Driver | IPODUSB.EXE | Added by a variant of the RBOT WORM! | No |
| X | iPod USB Service | iPODService.exe | Added by a variant of the RBOT WORM! Do not confuse with the Apple iPod process of the same name. The legitimate iPod file will always be located in the %ProgramFiles%\iPod\bin folder and is implemented as a system service, thus not listed in Msconfig/Startup! | No |
| U | iPodManager | iPodManager.exe | Apple iPod® management software for the iPod® player - updates, formating, restoring and other functions associated with the iPod® | No |
| ? | iPodWatcher | iPodWatcher.exe | Associated with Apple's iPod® player. Detects when the iPod® is connected? | No |
| U | ipoint | ipoint.exe | Microsoft IntelliPoint utility (from version 5.5) - required to support the programmable buttons and additional features and on Microsoft's range of mice, If this entry is disabled, any programmed buttons or program-specific settings will not be supported | Yes |
| X | IPOT Service Drivers | compaq.exe | Added by a variant of the FUROOTKIT TROJAN! | No |
| X | IPOT USB Service DRIVER | hpsebc087.exe | Added by the SDBOT-WA WORM! | No |
| X | IPOT USB Service DRV32 | hpsebc08.exe | Added by the SDBOT-WH WORM! | No |
| N | IPPDetect | IPP4Detect.exe | Part of Presto! Mr.Photo - "an ideal program for creating, sharing, and manag-ing digital images and videos" | No |
| X | ipreg | ipreg.exe | Added by the ZAGABAN-H TROJAN! | No |
| ? | iPrint LPT Redirector | nipplpte.exe | Related to Novell iPrint - "a printing solution that enables you to send documents to printers located throughout the Net." Is it required? | No |
| N | iPrint Tray | iprntctl.exe | Novell® iPrint - based on Novell Distributed Print Services - enables you to send documents to printers located throughout the Net | No |
| U | iProtectYou | ip.exe | iProtectYou - internet filtering/parental control and network monitoring software | No |
| X | iprun | iPY.exe | iProtectYou spyware | No |
| X | IPSEC Configuration | wsupdate.exe | Added by the AGOBOT-IQ WORM! | No |
| X | iPSec7 | ipsec7.exe | Added by the AGENT.AHVR TROJAN! | No |
| U | ipsecdialer | IPSECD~1.EXE | Cisco VPN Client - lets local users gain Administrator privileges on the operating system | No |
| U | ipsecdialer | ipsecdialer.exe | Cisco VPN Client - lets local users gain Administrator privileges on the operating system | No |
| Y | IPSecMon | IPSecMon.exe | Microsoft L2TP/IPSec VPN Client for Win98/Me/NT. Secure technology for making remote access virtual private network (VPN) connections across public networks such as the Internet | No |
| X | IPTable Configuration | Winipcfgs.exe | Added by a variant of the RBOT WORM! | No |
| N | iptray | iptray.exe | System Tray access to Intel Desktop Utilities - "provides you with the means to monitor system temperatures, voltages, fan speeds, and hard drive health; view detailed system information, and test your system hardware for common errors" | No |
| X | IPv6 Helper Driver | csass.exe | Added by the AGOBOT.TC WORM! | No |
| X | IPv6 STUN Service | netstun.exe | Added by a variant of the SDBOT WORM! | No |
| N | IPW | IPW.exe | Internet Phone Wizard from Actiontec - Voice over IP (VoIP) that allows you to "make and receive free Internet calls on your regular phone" whilst "at the same time, make and receive regular (landline) calls on your phone" | No |
| N | ipw | usbipw.exe | Related to Internet Phone Wizard from Actiontec - Voice over IP (VoIP) that allows you to "make and receive free Internet calls on your regular phone" whilst "at the same time, make and receive regular (landline) calls on your phone" | No |
| X | ipwf | ipwf.exe | Added by the SCHOEBERL TROJAN! | No |
| X | IpWins | ipwins.exe | IPWins adware | No |
| X | ipxwshel | ipxwshel.exe | Added by the WAREZOV.DG WORM! | No |
| X | ipyjy | woniz.exe | Added by the SDBOT.BQD WORM! | No |
| ? | IQES.exe | iqes.exe | ?? | No |
| U | Ir41_32.ax | regsvr32.exe Ir41_32.ax | Intel® Indeo® video 4.4 Decompression Filter related. The "Ir41_32.ax" file is located in %System% | No |
| X | irassync | irasyncd.exe | IRASSync adware | No |
| X | irc session | sessionmgr.exe | Added by the SDBOT-ACE WORM! | No |
| Y | IREIKE | IreIKE.exe | Microsoft L2TP/IPSec VPN Client for Win98/Me/NT. Secure technology for making remote access virtual private network (VPN) connections across public networks such as the Internet | No |
| N | iRis Active Monitor | winmon32.exe | Iris Antivirus - discontinued, replace with good alternative | No |
| N | iRiS AntiVirus Active Monitor | WIMMUN32.exe | Iris Antivirus - discontinued, replace with good alternative | No |
| U | iRiver AutoDB | MLService.exe | Associated with the iRiver Music Manager | No |
| N | iRiver Updater | Updater.exe | Updates for the iRiver Music Manager - used with their digital music players | No |
| U | IrMon | IRMON.EXE | System Tray access to infra-red devices. Not required unless you use infra-red devices | No |
| ? | IRPMonitor | itcnmon.exe | ?? | No |
| X | irssyncd | irssyncd.exe | SafeSurfing adware variant | No |
| X | Irwftp | [path to trojan] | Added by the BANCOS-AP TROJAN! | No |
| X | irwftp | iexplorer.exe | Added by the BANKER-AN TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe) | No |
| X | irwftp | ftpmon.exe | Added by the BANCBAN-BO TROJAN! | No |
| U | IrXfer | IrXfer.exe | Microsoft Infrared Transfer application | No |
| X | ir_ftp | ir_ftp.exe | Added by the IRFTP TROJAN! | No |
| X | ir_ftp | irwftp.exe | Added by the BANCOS.H TROJAN! | No |
| N | IS CfgWiz | cfgwiz.exe | Norton Internet Security configuration wizard | No |
| X | iSafeAV | iSafeAV.exe | iSafe AntiVirus rogue security software - not recommended, removal instructions here | No |
| X | isamini.exe | isamonitor.exe | Added by the ZLOB.MEDIA-CODEC TROJAN! This purports to be a Windows Media Player upgrade (with names such as "iCodecPack", "X Password Manager" and "Media-Codec") to allow the user to view adult oriented videos on certain websites - but actually downloads and installs additional malware on the user's machine. Various directories and filenames are used - see the link for details. The most popular for this example appears to be "Video ActiveX Object" | No |
| X | isamonitor.exe | isamonitor.exe | Added by the ZLOB.MEDIA-CODEC TROJAN! This purports to be a Windows Media Player upgrade (with names such as "iCodecPack", "X Password Manager" and "Media-Codec") to allow the user to view adult oriented videos on certain websites - but actually downloads and installs additional malware on the user's machine. Various directories and filenames are used - see the link for details | No |
| X | Isass | Isass.exe | Added by the FUTRO TROJAN! | No |
| X | IsassRenascimento | Issas.exe | Added by the BANKER.GAX TROJAN! | No |
| U | ISBMgr.exe | ISBMgr.exe | Related to Sony ISB Utility | No |
| X | iscch | iscch.exe | Added by the LCPRANK-A WORM! | No |
| N | isdbdc | isdbdc.exe | For Compaq PC's. May install properties in dial-up networking when you register with an ISP | No |
| U | isDeleteMe | isDel.bat | Used by Norton Internet Security to remove certain files and directories on reboot when uninstalling their product | No |
| N | ISDN Monitor | Linksts.exe | Tray icon which gets installed when you install the drivers for Asuscom internal ISDN modem cards (or rebadged Asuscom ISDN cards, such as MRi). This icon enables you to monitor or configure your ISDN card. Once you have configured your ISDN card correctly, you will never need to use this icon | No |
| U | ISDNwatch | IWatch.exe | FRITZ!X ISDNWatch - "dialing filter for more security and control on the ISDN PC. The PC is doubly protected against dialer programs and premium-service numbers: ISDNWatch allows the user to block calls to and from both individual numbers and whole number blocks" | No |
| X | iSecurity applet | rundll32.exe iSecurity.cpl,SecurityMonitor | Added by the DLOADER.UZO TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | No |
| X | ish-b.exe | ish-b.exe | Added by the IRCBOT-ACZ TROJAN! | No |
| U | ISHelp | help.exe | ISpy is a security risk that logs keystrokes and captures screenshots. If you didn't install this yourself uninstall it | No |
| U | iShield | iShield.exe | "GuardWare iShield blocks pornographic images when you surf the Internet on your computer using a web browser" | No |
| X | ishost.exe | ishost.exe | Added by the DLOADR-XJ TROJAN! | No |
| Y | ISLP2STA | ISLP2STA.EXE | A process from Cisco Systems Inc associated with Windows Update for wireless NIC drivers | No |
| X | ISMModule | ISMModule.exe | Internet Speed Monitor C adware related - see example here | No |
| X | ISMModule2 | ISMModule2.exe | Internet Speed Monitor C adware related - see example here | No |
| X | ISMModule3 | ISMModule3.exe | Internet Speed Monitor C adware | No |
| X | ISMModule4 | ISMModule4.exe | Internet Speed Monitor A adware related | No |
| X | ISMModule6 | ISMModule6.exe | Internet Speed Monitor C adware related - see example here | No |
| X | ISMModule7 | ISMModule7.exe | Internet Speed Monitor C adware related - see example here | No |
| X | ISMModule8 | ISMModule8.exe | Internet Speed Monitor C adware related | No |
| X | ISMPack5 | ISMPack5.exe | Internet Speed Monitor C adware related - see example here | No |
| X | ISMPack6 | ISMPack6.exe | Internet Speed Monitor C adware related - see example here | No |
| X | ISMPack7 | ISMPack7.exe | Internet Speed Monitor C adware | No |
| X | ISMPack8 | ISMPack8.exe | Internet Speed Monitor C adware related - see example here | No |
| Y | ISP.COM High Speed | slipgui.exe | User interface for Slipstream - internet acceleration through compression/decompression techniques, intelligent cacheing on the server side, and real-time conversion of large/high-bandwidth images to less bulky pix. Used by popular ISPs such as IceNet, Wanadoo, Terra, OnSpeed, United Online and AOL Canada. Required if the user's account is locked in to that proxy server | No |
| X | ISPSERVICE | psycho.exe | Added by the IRCFLOOD-O TROJAN! | No |
| X | ISPSERVICE | wintmp.exe | Added by the IRCBOT.GP BACKDOOR! | No |
| U | iSpyNOW | ispynow.exe | iSpyNOW - remote monitoring and surveillance software | No |
| X | Israfel | Israfel.vbs | Added by the GAGGLE.D or GAGGLE.E WORMS! | No |
| N | IsReminder | ISPopup.exe | Related to GuardWare iShield - this is the registration reminder for the trial version, so not required in startup | No |
| X | ISS | inet.exe | Meplex adware | No |
| X | issearch.exe | issearch.exe | Added by the ZLOB-QF TROJAN! | No |
| X | issEnc32Svr | issEnc32.exe | Added by a variant of the RBOT WORM! | No |
| N | ISSI EZUpdate Service | issimsvc.exe | Part of IBM Global Services - used internally by IBM for automatic updating of software and Microsoft patching | No |
| U | ISStart | ISStart.exe | LogitechGalleryRepair/LogitechVideoRepair - part of Logitech Image Studio - installed with Logitech QuickCam cameras. Required from version 8.11 onwards if you use the software to take pictures and capture videos, not if you don't. Also not required for versions up to and including 7.30 and after version 8.30 - hence the "U" rather than "Y" recommendation | No |
| Y | ISSVC | ISSVC.exe | Part of Norton Internet Security Suite | No |
| Y | ISS_Certtool | certtool.exe | Part of Client Security Software for IBM\Lenovo notebooks. If you have configured the software via the associated wizard this will need to be running if you want to mount password protected areas of the disk (created with SafeGuard PrivateDisk), use the password manager or file/folder encryption options | No |
| X | IST Service | istsvc.exe | ISTBar adware | No |
| X | ist service uninstall | [random filename] | ISTBar adware related | No |
| X | istinstall zazzer.exe | istinstall zazzer.exe | Unidentified adware downloader/installer | No |
| Y | ISTray | pctsTray.exe | System Tray access to both PC Tools Internet Security suite and Spyware Doctor antispyware from PC Tools | Yes |
| N | ISUSPM | isuspm.exe | InstallShield Update Service Scheduler. Automatically searches for and performs any updates to the software so you're always working with the most current version | No |
| N | ISUSPM Startup | ISUSPM.exe | InstallShield Update Service Scheduler. Automatically searches for and performs any updates to the software so you're always working with the most current version | No |
| N | ISUSScheduler | issch.exe | InstallShield Update Service Scheduler. Automatically searches for and performs any updates to the software so you're always working with the most current version | No |
| U | ISW.exe | ISW.exe | Related to Internet Security Wizard from AT&T (formerly BellSouth Premium Internet Security) alerts users about any potential security threats. It should not be uninstalled unless the user wants to completely remove all traces of AT&T Internet Security Suite | No |
| X | isxa | isxa.exe | Added by the SMALL-EIV TROJAN! | No |
| N | iSysCleaner | iSysCleaner.exe | iSysCleaner - a simple tool that searches for junk files on your computer and allows you to delete them. Simple cleaning maintenance can be done by the user | No |
| X | isystem | isystem.exe | Added by the CHORUS-A TROJAN! Searchforfree browser hijacker | No |
| X | ItalU | italfds.exe | Added by a TROJAN - see here | No |
| U | Itk | Itk.exe | In The Know - surveillance software that creates records of everything people do on a computer, ie, spying or monitoring depending upon how you call it | No |
| U | itk.exe | itk.exe | Insert ToggleKey by Mike Lin. ITK sounds a tone whenever you press Insert | No |
| U | iTouch | iTouch.exe | Loads the iTouch configuration program for Logitech keyboards. It's needed if your keyboard has shortcut buttons and if you use them. It's also needed if your keyboard does not have the num lock, caps lock, and scroll lock lights on it and you use the on-screen displays for num lock, caps lock, and scroll lock | No |
| N | ItsDeductiblePopUp | ItsDeductible.exe | ItsDeductible from Income Dynamics. Calculates your noncash donations quickly and easily. This startup entry checks a registry entry for the next 'PopUp' date and if it is a past or current date displays a program related tip | No |
| X | ITUNES | itune.exe | Added by the RBOT-ZU WORM! | No |
| X | ITUNES | itunes.exe | Added by a variant of the RBOT WORM! Note - do not confuse with the legitimate Apple iTunes process with the same filename which is always located in %ProgramFiles%\iTunes. This one is located in %System% | No |
| X | Itunes | dials.exe | Detected by Kaspersky as the AGENT.MM TROJAN! | No |
| X | Itunes | itunes.exe | Added by the OSCABOT-L WORM! Note - do not confuse with the legitimate Apple iTunes process with the same filename which is always located in %ProgramFiles%\iTunes. This one is located in %Windir% | No |
| Y | iTunes Helper | iTunesHelper.exe | Installed with Apple's iTunes for Windows. Uses ~3-4MB of memory and if disabled in MSCONFIG or deleted from the registry it will re-instate itself after running iTunes a few times - hence the reluctant Y recommendation | No |
| X | iTunes Music | iTunesHelper32.exe | Added by the SDBOT.CHK WORM! | No |
| X | iTunesAgent | ita.exe | Added by the TACTSLAY.U TROJAN! | No |
| X | itunesff | itunesff.exe | Added by the EB adult premium dialer | No |
| Y | iTunesHelper | iTunesHelper.exe | Installed with Apple's iTunes for Windows. Uses ~3-4MB of memory and if disabled in MSCONFIG or deleted from the registry it will re-instate itself after running iTunes a few times - hence the reluctant Y recommendation | No |
| U | itype | itype.exe | Microsoft IntelliType Pro utility (from version 5.5) - required to support the multimedia keys, programmed keys and key macros on Microsoft's range of keyboards. If this entry is disabled, any keys or key combinations that are changed by the user to perform functions other than default settings, defer back to their default settings and supported keys will not function in applications with advanced text services enabled | Yes |
| N | Iusage | netdet.exe | Internet Usage Monitor - utility to calculate the cost and time on the internet via dial-up | No |
| X | iut75 | uzcx.exe | Added by the DLOADER-AXV TROJAN! | No |
| X | iv | iv.exe | Part of the Internet Antivirus and Internet Antivirus Pro rogue security software - not recommended, removal instructions here | No |
| X | ivHost | taskManager.exe | Added by a variant of the SPYBOT WORM! See here | No |
| X | ivHost | [6 random letters].exe | Added by a variant of the SPYBOT WORM! See examples here and here | No |
| N | IVPServiceMgr | ivpsvmgr.exe | Toshiba IVP Service Manager application which appears as a red satellite dish icon in the System Tray. This is Toshiba's equivalent to the Windows Automatic Update feature as, whenever you are connected to the Internet, it will check for Windows updates and Toshiba updates | No |
| X | ivy.exe | ivy.exe | Added by the AGENT-ENZ TROJAN! | No |
| N | IW ControlCenter | iwctrl.exe | Pinnacle Systems InstantWrite enables you to use your CD-R, CD-RW and DVD-RAM drive just like a hard disk or floppy disk. You can drag and drop files, create new directories right on your CD-R, CD-RW or DVD-RAM. Maybe required if you use this feature on a regular basis | No |
| U | iwctrl | iwctrl.exe | Pinnacle Systems InstantWrite enables you to use your CD-R, CD-RW and DVD-RAM drive just like a hard disk or floppy disk. You can drag and drop files, create new directories right on your CD-R, CD-RW or DVD-RAM. Maybe required if you use this feature on a regular basis | No |
| U | IW_Drop_Icon | iwctrl.exe | Pinnacle Systems InstantWrite enables you to use your CD-R, CD-RW and DVD-RAM drive just like a hard disk or floppy disk. You can drag and drop files, create new directories right on your CD-R, CD-RW or DVD-RAM. Maybe required if you use this feature on a regular basis | No |
| X | ixplore | ixplore.exe | Added by the SDBOT-CY TROJAN! | No |
| X | ixproxy | [path to trojan] | Added by the XORPIX-A TROJAN! | No |
| X | ixsso | ixsso.exe | Added by the AGENT.AM TROJAN! Note - example names include "XviD", "Winamp Remote", "Windows Media Player" and "Futuremark" | No |
| X | iyelejiv | yujixit.exe | Added by the SDBOT.BJK WORM! | No |
| ? | IZE | N/A | ?? | No |
| N | j2 Tray Menu | HotTray.exe | eFax Messenger Tray Menu system tray icon for eFax Messenger Plus. Available via Start -> Programs. Disabling instructions available here | No |
| X | JA Cfg Util v2 | jacfg2.exe | Added by the RBOT-AL WORM! | No |
| X | JA Config 32 | Awesome32.exe | Added by a variant of the SDBOT WORM! | No |
| U | Jammer | jammer.exe | Jammer by Agnitum - "Jammer is the last word in Internet security. It combines a user-friendly interface with very sophisticated and powerful security measures that protect your Windows system while you are surfing the web" | No |
| X | Jammer2nd | Jammer2nd.exe | Added by the NETSKY.Z WORM! | No |
| X | java | remote.cmd | Added by the BANKER-EHG TROJAN! | No |
| X | java | system.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| X | Java applet | javaup.exe | Added by the SDBOT-ACF WORM! | No |
| X | Java Auto Update | ujm.exe | Added by the SDBOT-ADH WORM! | No |
| X | Java Runtime Environment | jbuild.exe | Added by the DELBOT-J WORM! | No |
| X | Java Runtime Value | runjava.exe | Added by the RBOT-DDJ WORM! | No |
| X | Java Runtimes | iexplore.exe | Added by the KILLAV.B WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This file is located in a %Windir%\Java\Java folder | No |
| X | Java Softe | Java32.com | Added by the RBOT.ECN WORM! | No |
| X | Java update | javaqs.exe | Added by the SWARLEY.A WORM! | No |
| X | Java Update | keeper.exe | Added by the AGENT-DIS TROJAN! | No |
| X | Java Update | svchost.exe.exe | Added by the AGENT-LBS TROJAN! | No |
| X | Java Virtual Machine | javaw.exe | Added by a variant of the RBOT WORM! | No |
| N | Java(TM) Platform SE 6 | jusched.exe | Checks with Sun's Java updates site to see if newer Java versions are available. Either visit the Java download page or click on Start → Control Panel → Java → Update → Update Now | Yes |
| N | Java(TM) Platform SE 6 U* | jusched.exe | Checks with Sun's Java updates site to see if newer Java versions are available. Either visit the Java download page or click on Start → Control Panel → Java → Update → Update Now. U* represents the update version, i.e., 6.0 Update 11 | Yes |
| N | Java(TM) Platform SE Auto Updater 2 0 | jusched.exe | Checks with Sun's Java updates site to see if newer Java versions are available. Either visit the Java download page or click on Start → Control Panel → Java → Update → Update Now | Yes |
| X | Java**.exe [* = random char] | Java**.exe [* = random char] | CoolWebSearch/HomeSearch adware - for examples, see this log | No |
| X | Java**32.exe [* = random char] | Java**32.exe [* = random char] | CoolWebSearch/HomeSearch adware - for examples, see this log | No |
| X | java-plugin | javasctp.exe | Added by the VB.AMX TROJAN! | No |
| X | Java32 Configuration Loader | msnmesgr.exe | Added by a variant of the RBOT WORM! | No |
| X | JavaCore | JavaCore.exe | Added by the MATCASH TROJAN! | No |
| X | Javascript | jscript.exe | Added by the DELBOT-AD WORM! | No |
| X | JavaScript Debugging Service | JsDbgMan.exe | Added by the DERDERO.E WORM! | No |
| X | JavaScriptMsxrs | Msxrs.exe | Added by the VB.BL WORM! | No |
| X | JavaTray | traymgr.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| X | JavaUpdate0.07 | [filename] | Added by the JUPDATE TROJAN! | No |
| X | JavaUpdateSched | jusched32.exe | Added by the BCKDR-CKB BACKDOOR! | No |
| X | JavaVM | java.exe | Added by the MYDOOM.M WORM and variants! Note - not to be confused with the valid Windows "java.exe" which is located in %System% as this is located in %Windir% | No |
| X | javawsa.exe | javawsa.exe | Added by the BANK-Y TROJAN! | No |
| X | jawa32 | jawa32.exe | Added by the AGENT.BG WORM! | No |
| X | Jawa322 | jawa32.exe | Added by a variant of the AGENT.BG trojan | No |
| N | JB | Jiffybar.exe | "Get Paid As You surf" application | No |
| X | jcidls | [random filename] | Added by a variant of the SLAPER TROJAN! | No |
| ? | Jessops Insert Detect | InsDetect.exe | Part of Jessops Picture Suite. Detects a digital camera is plugged into a USB port or when a memory card with photos is inserted? | No |
| N | Jet Detection | ADGJDet.exe | Added with SoundBlaster Live! or Audigy soundcards for headphone autodetection | No |
| Y | JetAdmin Discovery Indicator | HPJETDSC.EXE | HP JetAdmin software for HP JetDirect Print Servers. HPJETDSC.EXE is the file necessary for the JetAdmin Discovery Indicator (paper airplane in the taskbar). It gets launched automatically through the registry, and remains active to control the Discovery Indicator | No |
| X | jete | yujixit.exe | Added by the SDBOT.BRT WORM! | No |
| X | Jfwehnrt | ghgfjrs.exe | Added by the SDBOT-IJ WORM! | No |
| X | jiahus | svchqs.exe | Added by the WOWPWS-AL TROJAN! | No |
| X | jijbl | ezlwy.bat | Added by the REDDW WORM! | No |
| X | jkdfj94kgdftdf | winlogan.exe | Added by the ZLOB.BZ TROJAN! | No |
| U | JMB36X Configure | JMRaidTool.exe | JMB36x series RAID configuration utility from JMicron Technology for their PCI Express to SATA II and PATA Host Controllers | No |
| Y | JMB36X Configure | JMRaidSetup.exe | JMB36x series RAID configuration utility from JMicron Technology for their PCI Express to SATA II and PATA Host Controllers | No |
| U | JMB36X IDE Setup | JMInsIDE.exe | JMB36x series IDE (or Parallel ATA) configuration utility from JMicron Technology for their PCI Express to SATA II and PATA Host Controllers | No |
| U | JMB36X IDE Setup | xInsIDE.exe | JMB36x series IDE (or Parallel ATA) configuration utility from JMicron Technology for their PCI Express to SATA II and PATA Host Controllers. This is normally located in %Windir%\RaidTool | No |
| X | jmudkve.dll | rundll32.exe jmudkve.dll,mzrwkwf | Added by the AGENT-DJD TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "jmudkve.dll" file is found in %System% | No |
| X | Jnskdfmf9eldfd | csrssc.exe | Added by the AGENT.EBC TROJAN! | No |
| U | Job-oversigt | taskmon.exe | Task Monitor (on Danish language versions of Windows) - checks the disk-access patterns of programs when they are started and stores this information in log files in the Applog folder. Task Monitor also records the number of times you use a program. Task Monitor also records the number of times you use a program. The Disk Defragmenter tool uses this information to optimize your hard disk so that programs that you use frequently are loaded faster. Not required - but can be useful. Note: for Norton Anti-Virus 2002 users, loading TaskMonitor will typically solve many, if not most, of those annoying IE scripting errors (per Symantec's Knowledgebase) | No |
| U | JobHisInit | JobHisInit.exe | Used by Ricoh network printers to enable network printing from the client | No |
| U | Jog Serve | JogServ2.exe | "Jog Dial" on a Sony Vaio laptop. The dial can select various functions such as control audio. Needed if you use its features | No |
| U | JogServ2 | JogServ2.exe | "Jog Dial" on a Sony Vaio laptop. The dial can select various functions such as control audio. Needed if you use its features | No |
| X | johkjh | srvd.exe | Added by a variant of the SLAPER TROJAN! | No |
| X | john315 | srrvc.exe | Added by a variant of the MAILBOT-BI TROJAN! | No |
| X | johnj315 | srvc.exe | Added by a variant of the MAILBOT-BI TROJAN! | No |
| X | johnj3155 | srvcc.exe | Added by a variant of the MAILBOT-BI TROJAN! | No |
| X | johnj3cd | srvdc.exe | Added by a variant of the SLAPER TROJAN! | No |
| X | jon315 | [path to trojan] | Added by the MAILBOT-BI TROJAN! | No |
| ? | jotl | millenzje.exe | ?? | No |
| U | JOYTECH USB Neo S Controller | JoytechNeoSTrayIcon.exe | System Tray access to Joytech Neo S PC gamepad controller software | No |
| X | jpgdiag | [path to worm] | Added by the STRATION-AN WORM! | No |
| X | jpupd | jpupd.exe | Added by the DIALER.CM TROJAN! | No |
| X | Jreg | Jreg2b.exe | FlashEnhancer adware | No |
| X | jucheck | jucheck.exe | Added by the SCRIMGE.O WORM! | No |
| X | Jufualt | winxp2.exe | Added by the SDBOT-AAB WORM! | No |
| X | Jufualt | svhost.exe | Added by the SDBOT-ADJ WORM! | No |
| X | Jufualt | java2.exe | Added by the SDBOT.AOE WORM! | No |
| N | Juno_uoltray | exec.exe | Juno ISP software - not required | No |
| N | jusched | jusched.exe | Checks with Sun's Java updates site to see if newer Java versions are available. Either visit the Java download page or click on Start → Control Panel → Java → Update → Update Now | Yes |
| X | jusched | [path to trojan] | Added by the BANKER-BWR TROJAN! | No |
| X | jusched | jusched.exe | Added by the BANKER-BOV TROJAN! Note that this is not the legitimate Sun Microsystems file (of the same name) which is usually located in %Program Files%\Java\version number\bin. This one is located in %System% | No |
| X | jushed32.exe | jushed32.exe | CoolWebSearch parasite variant - also detected as the BIZTEN-L TROJAN! | No |
| X | jusodl | severe.exe | Added by the QQPASS.48436 TROJAN! | No |
| U | JussDropUtility | JussDrop.exe | Related to DropShots Inc. A subscription based service for family to connect, converse and share photos and videos | No |
| N | JustVoip | JustVoip.exe | JustVoip - free internet telephony utility using the VoIP (Voice over Internet Protocol). Call online friends for free and regular phones either for free (limited use) or low rates. One of a number provided by Betamax - the others generally have different rate plans. Similar to the more popular Skype | Yes |
| X | jutsu | jutsu.exe | Added by the RBOT-LS WORM! | No |
| U | jv16 PT TempFileTool | TempTool.exe | jv16 PowerTools File Cleaner - "allows you to find obsolete and left-over temporary files" | No |
| U | jv16PT - Privacy Protector | Task.jvb | jv16 PowerTools Privacy Protector - "allows you to protect your privacy by automatically clearing out all the unwanted history items and cookies from you computer, every time you start your computer" | No |
| U | Jv16pt Network Resident | jv16pt_network.exe | jv16 PowerTools network resident program. Only needed if you are using the program's network features | No |
| X | JvcHost | jvcsvc32.exe | Added by the AGOBOT-AIU WORM! | No |
| X | jvdnlssn | fljzsshc.exe | Flingstone.com adware - and its Golden Palace Casino program | No |
| X | JVM0 | JVM0.exe | Added by the BANLOA-AX TROJAN! | No |
| X | JVM0.12 | [random filename] | Added by the TEADOOR-A TROJAN! | No |
| X | JVM0.14 | [random filename] | Added by the TEADOOR-B TROJAN! | No |
| X | jvms.exe | jvms.exe | Added by the ORCU.B TROJAN! | No |
| X | JW Manager | jwmngr.exe | Added by the DELBOT-G WORM! | No |
| X | jxef1104 | jxef1104.exe | Added by the XIPI-A WORM! | No |
| X | JXL Radio | jxl.exe | Added by the RBOT-EBE WORM! | No |
| U | jx_Key | Rundll32 JXKey.dll,Rundll32Main | Boolospy keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| X | jysyqm | [random filename] | ZenoSearch adware | No |
| ? | Jzi16 | jzi16.exe | ?? | No |
| X | jzvfvsqpc | jzvfvsqpc.exe | Added by the AGENT-GWP BACKDOOR! | No |
| X | K2ps_full.task | K2ps_full.exe | Added by the JUNTADOR.K TROJAN! | No |
| N | K6CPU.EXE | K6CPU.EXE | Authenticates CPU as K6 in system properties | No |
| X | Kadoc | [random filename].exe | Added by the STAPREW TROJAN! | No |
| U | KADxMain | KADxMain.exe | System Tray access to IntelliSonic Speech Enhancement - by Knowles Acoustics. Designed to render speech from a user selectable direction, while canceling interfering speech from other directions, thus minimizing the effects of environmental noise and eliminating acoustic echo feedback. Found on some Dell and Fujitsu Seimens laptops | No |
| X | kak | kak.hta | Added by the KAKWORM WORM! | No |
| U | Kalender | Kalender.exe | UK's Kalender "helps you organizing your dates and tasks and reminds you of upcoming events" | No |
| U | Kalibump | Kalibump.exe | Used with the now unsupported Kali software for on-line gaming. This is used to automatically bump up the priority of WinProxy to GREATLY improve game speed when using a SOCKS proxy | No |
| X | kalvsys | kalv****.exe [* = random char] | EliteBar adware | No |
| X | kalvsys | kalv***32.exe [* = random char] | EliteBar adware | No |
| X | kamsoft | ckvo.exe | Added by the GAMANIA-BW TROJAN! | No |
| N | Kana Reminder | Reminder.exe | Kana Reminder is a program which can be used to set a reminder to be triggered at a specified time | No |
| U | Karen's Once-A-Day II | PTOAD.exe | "Have a job that should be run exactly once each day? Karen's Once-A-Day II is just what you need!" Scheduler that lets you specify progams, web pages and files that be run or opened automatically, the first time | No |
| U | KASP | OESpamTest.exe | Kaspersky Anti-Spam | No |
| X | Kasper Antivirus | KASPERANTIVIRUS.EXE | Added by a variant of the SPYBOT WORM! | No |
| Y | Kaspersky Anti-Hacker | KAVPF.exe | Kaspersky Anti-Hacker personal firewall - no longer available | No |
| Y | Kaspersky Anti-Virus Monitor | AvpM.exe | Kaspersky Anti-Virus Lite - no longer available | No |
| X | Kaspersky Antivirus | KasperskyAV.exe | Added by a variant of the RBOT WORM! | No |
| X | Kaspersky Email Security | javaupd.exe | Added by the SWARLEY.A WORM! | No |
| X | kaspersky32 | kasperskyLabs32.exe | Added by the RBOT-GOT WORM! | No |
| X | KasperskyAv | kaspersky.exe | Added by the MIMAIL.T WORM! Note - this has nothing to do with the real Kaspersky anti-virus | No |
| X | KasperskyAVEng | Kasperskyaveng.exe | Added by the NETSKY.V WORM! | No |
| X | KAT | KAT.vbs | Added by the SOAD-D WORM! | No |
| U | KatMouse | KatMouse.exe | KatMouse - utility to enhance the functionality of mice with a scroll wheel, offering 'universal' scrolling, etc | No |
| Y | kav | avp.exe | Kaspersky anti-virus and AOL's Active Virus Shield (by Kaspersky) - found in either a Kaspersky or AOL sub-directory | No |
| X | kava | kavo.exe | Added by the LINEAG-GLG TROJAN! | No |
| X | KAVFOX | win1ogoin.exe | Added by the GWGHOST-M TROJAN! | No |
| X | kavir | kavir.exe | Added by a variant of the Storm/Nuwar/Zhelatin WORM! See here for an example | No |
| X | KAVPersonal | svchost.exe | Added by the LINEAGE-V TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| Y | KAVPersonal50 | Kav.exe | Kaspersky Anti-Virus Personal 5.0 | No |
| X | KAVPersonal90 | wscntfy.exe | Added by the BANKER-FZ TROJAN! | No |
| Y | KavPFW | KavPFW.exe | KingSoft Personal Firewall | No |
| X | KavRuns | Windll.exe | Added by the TRYNOMA TROJAN! | No |
| Y | KavStart | KAVStart.exe | KingSoft Personal Firewall | No |
| Y | kavsvc | kavsvc.exe | Kaspersky antivirus | No |
| X | KavSvc | ******.exe reg_run [* = random char] | Added by the QOOLOGIC TROJAN! | No |
| X | kavsvc | [random 6 char filename] | Added by the QOOLOGIC TROJAN! Uses random file names (examples: nzkklz.exe, rzazzi.exe, ivpaan.exe) | No |
| X | KAVutil | [worm filename] | Added by the WINTOO.B WORM! | No |
| N | KAZAA | kazaa.exe | KAZAA is a file-sharing program which unfortunately being ad-based includes "Cy-door" adware. Check here for information about "Cy-door" and here for a program that can remove it | No |
| N | KAZAA | [path] kpp.exe [path] kazaalite.kpp | System Tray access to later versions of the Kazaa Lite P2P file sharing utility - namely the K++ and Resurrection variants. Kazaa Lite is the unauthorized modification of the original Kazaa Media Desktop - with the malware removed | No |
| X | Kazaa Download Accelerator Updater (required) | regsvr32 kdp****.dll [* = random char] | SafeguardProtect/Veevo hijacker. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The random DLL file is found in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| X | Kazaa lptt01 | kazaa.exe | RapidBlaster variant (in a "kazaa" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here. Note - this is not the valid KaZaA file sharing program which has the same executable name | No |
| X | Kazaa ml097e | kazaa.exe | RapidBlaster variant (in a "kazaa" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here. Note - this is not the valid KaZaA file sharing program which has the same executable name | No |
| X | KAZAACuf | 9 | Added by the KITRO.D (or ARGEN.A) WORM! | No |
| N | kazaalite | kazaalite.exe | Kazaalite is a file sharing client - not to be confused with the original Kazaa program. Unlike the original, this one does not contain any advertising or tracking mechanisms | No |
| N | KaZooM | KaZooM.Exe | KaZoom from Blue Haven Media - "add-on application that automatically speeds up the download process and finds the files you want with far more power than regular KaZaA searches" | No |
| X | kb | AUTO.txt | Added by the BRONTOK-CV WORM! | No |
| Y | KB891711 | KB891711.exe | Installed by the Windows KB891711 critical update, see this security bulletin - this file reportedly needs to continue running in order to patch the vulnerability, at least until a more practical solution is found. There have however been reports of fatal exception errors in systems running Windows 98, and in such a case Microsoft advises to either uninstall the patch (Add/Remove Programs) or prevent it from running at startup | No |
| Y | KB918547 | KB918547.EXE | Bug-fix for a Microsoft graphics rendering engine vulnerability - see here. Windows 98/Me only | No |
| Y | KB926239 | rundll32.exe apphelp.dll, ShimFlushCache | Microsoft KB926239 fix. Windows Media Player 10 may close unexpectedly on a Windows XP-based computer | No |
| U | KBD | KBD.EXE | Multimedia keyboard manager. Required if you use the multimedia keys | No |
| U | KBD | KbdStub.EXE | Key Watcher from HP - watches for Multimedia Keys on HP keyboards | No |
| U | KBD MediaCenter | MEDIACTR.EXE | Multimedia keyboard manager. Required if you use the multimedia keys | No |
| X | kbddrv32 | kbddrv32.exe | Added by the CRYPTER.A TROJAN! | No |
| X | kbddrvinf | kbddrvinf.exe | Added by the CRYPTER.A TROJAN! | No |
| N | KCeasy | KCeasy.exe | KCeasy - a Windows peer-to-peer filesharing application which uses giFT as its 'back end' foundation. The networks currently supported are OpenFT and Gnutella | No |
| U | KClient | kstatus.exe | KClient Kerberos client software for Win32 systems. It provides the libraries and utilities needed to use Kerberos-based PC applications developed by Computing Services such as KWeb and NiftyTelnet | No |
| X | Kcrner | Kcrner.exe | Added by the LINEAG-AIL TROJAN! | No |
| X | kdmsx | [8 random letters].exe | Added by the SDBOT.AIJ BACKDOOR! | No |
| N | kdx | KHost.exe | Verisign Kontiki Delivery Management System - Windows-based client software that enables secure delivery of content to users' desktops | No |
| U | KE9801 | DriBat32.exe | KE9801 multimedia keyboard driver - required if you use the multimedia keys | No |
| X | Keenvalue | Keenvalue.exe | KeenVal adware | No |
| X | KeepCop | KeepCop.exe | KeepCop rogue security software - not recommended, removal instructions here. A member of the AntiAID family | No |
| X | KeepCop.exe | KeepCop.exe | KeepCop rogue security software - not recommended, removal instructions here. A member of the AntiAID family | No |
| X | kell | liser.exe | Added by the AGENT.AUTP TROJAN! | No |
| U | KEMailKb | KEMailKb.EXE | Controls the buttons at the top of the Micro Innovations 650i Internet Access Keyboard. If you disable it you cannot use the buttons - like volume control or shut down | No |
| ? | Kemet | kemet.exe | ?? | No |
| U | KeNotify | KeNotify.exe | Toshiba utility found on their laptops. This program is responsible for the Toshiba LapTop Help 'FlashCards' utility that sits at the top of the screen giving easy access to the 'F keys' alternative functions such as Lock,Power Mode,Sleep etc | No |
| X | kERe | kERe.exe | Added by the BRONTOK-BT WORM! | No |
| U | Kerio VPN Client | kvpnclient.exe | Kerio VPN Client | No |
| X | kern64dll | [random filename] | Added by the TARNO.J TROJAN! | No |
| X | Kernal Fault Check | ntosrkl.exe | Added by a variant of the SDBOT WORM! | No |
| X | kernctl32 | rundll32 kctl32.dll, initialize | Added by the AGENT.AT TROJAN! | No |
| X | Kerne0223 | Kerne0223.exe | Added by the LEGMIR-ZA TROJAN! | No |
| X | Kernel | bboy.exe | Added by the MUMU.B WORM! | No |
| X | Kernel | services.exe | Added by the FOOZ-A TROJAN! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | kernel | kernel.exe | Added by the MATCASH.CF TROJAN! | No |
| X | KERNEL 32 | SKERNEL32.com | Added by the SEMAPI-A WORM | No |
| U | Kernel and Hardware Abstraction Layer | KHALMNPR.EXE | Part of the Logitech Setpoint software for their wired and wireless mice and trackballs. Sets the Windows mouse sensitivity to minimum. The idea is that you will use the SetPoint Control Panel to adjust your mouse sensitivity. This setting is maintained separately from the Windows setting, but is combined with the Windows setting to determine the final sensitivity. For this reason, KHALMNPR sets the Windows setting to 0 so it doesn't alter the one you set in SetPoint | No |
| X | Kernel Faults | ftphost.exe | Added by the RBOT.BHU WORM! | No |
| X | Kernel Loader | ntkrnl.exe | Added by the CERVIVEC.A WORM! | No |
| X | Kernel Manager | krnlmgr.exe | Added by the JUNY.A TROJAN! | No |
| X | Kernel Safe Mode | smss.exe | Added by the 78CRACK-A TROJAN! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| X | Kernel Services | service32.exe | Added by the PRX-B TROJAN! | No |
| X | kernel system daemon | ACTIVAT0R.exe | Added by the RANDEX.AW WORM! | No |
| X | kernel12.exe | kernel12.exe | Added by an unidentified WORM or TROJAN! | No |
| X | kernel32 | kern32.exe | Added by the BADTRANS.A WORM! | No |
| X | Kernel32 | Kernel32.exe | Added by a number of VIRUSES, WORMS and TROJANS! | No |
| X | kernel32 | kernel.dli | Added by the NETDEVIL.B TROJAN! | No |
| X | Kernel32 | Kernel.dll | Added by the REDLOF.M VIRUS! | No |
| X | kernel32 | kernel32.dlI | Added by the NETDEVIL.15 TROJAN! | No |
| X | Kernel32 | krnl32.exe | Added by the EPON WORM! | No |
| X | Kernel32 | Kernel32.win | Added by the GAGGLE.D or GAGGLE.E WORMS! | No |
| X | Kernel32 | kernel32s.exe | Added by the BCKDR-CIC BACKDOOR! | No |
| X | kernel32 | kernel32.dll.vbs | Added by the WEKODE-A WORM! | No |
| X | Kernel32 | svchosts.exe | Added by an unidentified WORM or TROJAN! | No |
| X | kernel32dll | guardpc.exe | Added by the FORBOT-CU WORM! | No |
| X | kernel44.dll | taskkill /f /fi "PID ge 0" /im * | Added by the VBS.LIDO WORM! | No |
| X | KernelCheck | sys****.exe [* = digit] | Added by an unidentified TROJAN! | No |
| X | KernelCheck | winser.exe | Added by the TSPY_LMIR.SL TROJAN! | No |
| X | KernelConfig | destiny32.exe | Added by the AGOBOT.AMB WORM! | No |
| N | kernelfaultcheck | dumprep 0 -k | Used in connection with memory dumps - you can disable these by - right clicking on My Computer, selecting Properties and then the Advanced tab. Click on the Settings button in 'Startup and Recovery'. In the bottom pane - under 'Write debugging information' - click on the down arrow and then select 'None' - OK your way out | No |
| N | kernelfaultcheck | dumprep 0 -u | Used in connection with memory dumps - you can disable these by - right clicking on My Computer, selecting Properties and then the Advanced tab. Click on the Settings button in 'Startup and Recovery'. In the bottom pane - under 'Write debugging information' - click on the down arrow and then select 'None' - OK your way out | No |
| X | KernelFaultCheck | ptool32.exe | Added by the LEGMIR-BN TROJAN! | No |
| X | KernelFaultCheck | msime.exe | Added by the TINY-P TROJAN! | No |
| X | KernelFaultCheck | tell32.exe | Added by the LEGMIR-BF TROJAN! | No |
| X | KernelFaultCheck | winabc3.exe | Added by the NUBYS-A VIRUS! | No |
| X | KernelFaultCheck | winbin.exe | Added by the DLOADR-AAX TROJAN! | No |
| X | KernelFaultChk | sms.exe | Added by the DEADHAT WORM! Do not confuse with the valid "kernelfaultcheck" which runs "dumprep 0 -k" or "dumprep 0 -u" | No |
| X | Kernell | systems.exe | Added by the TARNO.C TROJAN! | No |
| X | Kernell32 | Kernell.dll | Added by the DESTINY.A TROJAN! | No |
| X | KernellApps | csrss.exe | Added by the BANCBAN-AC TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "System" subfolder | No |
| X | KernellApps | lexplore.exe | Added by the BANCBAN-BS TROJAN! Note - the executable is spelt with a lower case "L" rather than an lower or upper case "i" which is the case with Internet Explorer | No |
| X | KernellApps | svshosti.exe | Added by the BANCBAN-V TROJAN! | No |
| X | KernellApps32 | smss.exe | Added by the BANCBAN-AN TROJAN! Note - this is not the legitimate smss.exe process which should not normally figure in Msconfig/Startup! | No |
| X | KernelRuntime | [path to worm] | Added by the MYTOB-JO WORM! | No |
| X | Kernelw | Kernelw32.exe | Added by the INDOR.E WORM! | No |
| X | Kernel_check | wmiprvse.exe | Added by the SONEBOT-B WORM! Note - this is not the legitimate wmiprvse.exe process which is always located in the %System%\wbem folder and should not normally figure in Msconfig/Startup! | No |
| X | key | sysxp.exe | Added by the BEAGLE.AB WORM! | No |
| X | key | sys_xp.exe | Added by the BEAGLE.AC WORM! | No |
| X | key | winxp.exe | Added by the BEAGLE.AG WORM! | No |
| X | Key Logger | csrss.exe | Added by the BUCHON.A WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in the root folder (ie, C:\) | No |
| N | Key Text | KeyText.exe | Key Text 2000 from MJMSoft Design - utility to automate repetitive keyboard tasks. Available via Start -> Programs | No |
| X | Key1 | Rlid.exe | Added by the LIXY TROJAN! | No |
| ? | Key2 | serve.exe | ?? | No |
| X | key2 | winlog.exe | Added by the BAGLEDI-AL TROJAN! | No |
| Y | KeyAccess | keyacc32.exe | KeyServer KeyAccess client software - "when the KeyServer program is launched, the KeyServer process becomes active so license requests from client computers can be serviced. Without KeyAccess, a keyed program cannot run, so license control is very secure" | No |
| X | Keybdcntl | keybdcntl.exe | Added by a variant of the CRYPTER.C TROJAN! | No |
| U | KeyBoard | Keyboard.exe | Labtec keyboard utility | No |
| X | keyboard | keyboard*.exe [* = number] | Detected by Kaspersky as the VB.ZG TROJAN! | No |
| X | keyboard | kybrdef_7.exe | DollarRevenue adware | No |
| X | keyboard | [path to trojan] | Added by the DLOADR-AOZ TROJAN! | No |
| X | Keyboard | lsass.exe | Added by the AGENT.US WORM! Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %CommonAppData%\Fearghus | No |
| N | Keyboard Customizer | TpKmapAp.exe | Part of the Keyboard Customizer Utility for IBM/Lenovo Thinkpad notebooks. This is the main user interface for the utility but it doesn't normally seem to be running if enabled at startup. Also, it doesn't appear to need to be running for custom key combinations to work (via TpKmapMn.exe) | Yes |
| U | Keyboard Manager | MMKeybd.exe | Multimedia keyboard manager. Required if you use the additional keys | No |
| Y | Keyboard Preload Check | Preload.exe | Millenium Multi-Function Keyboard driver | No |
| ? | Keyboard Status | KeyStat.exe | Multimedia keyboard manager for Medion desktop and notebook PCs? Located in %ProgramFiles%\Medion\KeyStat | No |
| X | keyboard_enum | keyboard_enum.exe | Added by the BDOOR-GP BACKDOOR! | No |
| U | keyhook | keyhook.exe | Hotkey manager for Silicon Integrated Systems (SiS) based graphics chipsets - disable unless you use hotkeys | Yes |
| U | KeyMaestro | kmaestro.exe | Multimedia keyboard manager. Required if you use the multimedia keys | No |
| U | keymap | keymap.exe | System Tray utility and background task used by games produced by Kesmai (published by Interactive Magic) and which enables you to program keys to do specific actions during the game | No |
| X | keymgrldr | rundll32 setupapi, InstallHinfSection... keymgr3.inf | CoolWebSearch Oemsyspnp parasite variant | No |
| U | KeyPatrol | KeyPatrol.exe | KeyPatrol - key logger detector using both behavioral and pattern-matching algorithms that used to be part of PestPatrol before CA's aquisition | No |
| U | keyplusplus | startk.exe | Key++ Invisible Spy Keylogger keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| X | keyserv | keyserv.exe | KeyThief spyware | No |
| U | Keyspan Digital Media Remote | KDMRdmn.exe | Remote control driver for Keyspan Digital Media Remote devices | No |
| U | keystroke | keystroke.exe | QuickLaunch surveillance software. Uninstall this software unless you put it there yourself | No |
| U | KeyWallet | KWallet.exe | "KeyWallet is a useful and convenient desktop utility that spares you the trouble of filling in your logins, passwords and other personal data manually" | No |
| X | kfienq | masbl.bat | Added by the KIFER TROJAN! | No |
| X | kgjdi27 | kgjdie27.exe | Added by the SDBOT.AP BACKDOOR! | No |
| X | Kgjg | rnnypbw.exe | Added by the QuickLinks/Forethought adware | No |
| X | KHATARNAK Loader | KHATARNAK.exe | Added by the AUTORUN.ACO WORM! | No |
| N | khooker | khooker.exe | SiS Keyboard Daemon. System Tray utility which gets installed by the drivers of the latter day SiS VGA cards. Can cause errors at startup and isn't required | No |
| X | Kiamat Sudah Dekat_16_04 | ISASS.exe | Added by the PAHATIA.B WORM! | No |
| U | KICKMON.EXE | KICKMON.EXE | KeepItClean - utility that deletes safe to remove files, cookies, browsing history, etc. This is the scheduler - if you don't schedule clean-ups it isn't required | No |
| U | Kill Popup | KillPopup.exe | KillPopup - pop-up stopper | No |
| X | KillAndClean | KillAndClean.exe | KillAndClean rogue spyware remover - not recommended, removal instructions here | No |
| X | kimochiz.exe | kimochiz.exe | Added by the MDROP-BB TROJAN! | No |
| N | Kinberlink | Kinberlink.exe | Kinberlink network messaging. Available via Start -> Programs | No |
| X | kiss | pingy.exe | Added by a variant of the IRCBOT BACKDOOR! The file is located in a random subfolder of %ProgramFiles% | No |
| X | KIT3 | hpprintqueue.exe | Added by the ADCLICK-DS TROJAN! | No |
| U | KK Loader | loadkk.exe | KeyKey XP Professional from KeyKey.com. "Monitor Instant Messages, Chats, Emails, Web Site URLs, Passwords, Computer Programs, Start Up and Shut Down time and much more completely undetected to the user." | No |
| X | KKM Service | kkm.exe | Added by the NANPY-I WORM! | No |
| X | KL AntiFunLove | flcss.exe | Added by the FUNLOVE.4099 VIRUS! | No |
| U | KLog | Keyspy.exe | KeyLoggPro.B keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| X | klop | [path to file] | Added by the AGENT-WQ TROJAN! | No |
| X | klop | [random].tmp | Found with Trojan.Win32.StartPage.aw. Possibly a variant of the AGENT-WQ TROJAN! | No |
| U | klp | run32dll.exe | PAL PC Spy - key recorder and screen capture utility which controls and monitors everything that happens on your pc and online | No |
| U | klp | explorer.exe | ComSurveilSys keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| U | KM9801U | MMHotKey.exe | Multimedia key handling for the relevant type of Turbo-Media keyboard. Shortcut available. Note that with this running it can crash DirectX8/9 under WinXP when a game switches to full-screen | No |
| U | kmw_run.exe | kmw_run.exe | Kensington MouseWorks - mouse/trackball software. Not required unles you use any special features | No |
| U | kmw_show.exe | kmw_show.exe | Kensington MouseWorks - mouse/trackball software. Not required unles you use any special features | No |
| X | KnowledgeBase GUI | wppewafaj.exe | Added by the RBOT-GRZ WORM! | No |
| U | KN_PanelApp | PanelApp.exe | KnowledgePanel online survey software | No |
| N | Kodak Batch Transfer | pezdow1.exe | Part of "Kodak Picture Easy" software for digital cameras. Includes the display of an icon in the System Tray to quickly transfer photos to a PC | No |
| U | Kodak EasyShare software | EasyShare.exe | Software bundled with Kodak digital cameras to manage the connection between the PC and the Camera. Can be started manually | No |
| N | Kodak Picture Easy *.* Batch Transfer | PezDownload.exe | Part of "Kodak Picture Easy" software for digital cameras. Includes the display of an icon in the System Tray to quickly transfer photos to a PC. *.* represents the version | No |
| N | Kodak Picture Transfer Software | pts.exe | Looks for Kodak camera connection and media insertion. Available via Start -> Programs | No |
| N | Kodak Software Updater | backweb*****.exe | Software updater for Kodak Easyshare digital cameras | No |
| N | KODAK Software Updater | Kodak Software Updater.exe | Software updater for Kodak Easyshare digital cameras | No |
| Y | KodakCCS | KodakCCS.exe | Kodak DC File System Driver | No |
| U | Komunikator | tlen.exe | Tlen - a Polish language instant messaging client | No |
| U | KONICA MINOLTA magicolor 2400W STD | MSTMON_S.EXE | Konica Minolta Magicolor 2400W colour printer monitor | No |
| N | Konni Symbol Autostart | KonniSymbol.exe | Gives configuration access to RagTime Solo professional business publishing software. RagTime Solo is the private user version of RagTime 5 | No |
| N | kontiki | kontiki.exe | Kontiki Delivery Manager - Windows-based client software that enables secure delivery of content to users' desktops | No |
| Y | KPDrv4XP | KPDrv4XP.exe | MediaKey USB Keypad Driver | No |
| Y | KPFW32.EXE | KPFW32.EXE | KingSoft Personal Firewall | No |
| Y | KPFWSvc.EXE | KPFWSvc.EXE | KingSoft Personal Firewall | No |
| X | Kr0n1C | Kr0n1C.exe | Added by the BRONTOK-BO WORM! | No |
| X | krag | krag.exe | Added by the AGENT-FOW WORM! | No |
| U | Kraidman | Kraidman.exe | "Toshiba RAID Support is a Toshiba EasyGuard feature that uses RAID Level 1 technology to minimise downtime by protecting against data loss and ensuring quick data recovery" - for Toshiba laptops | No |
| Y | Krait | razerhid.exe | Razer Krait mouse driver | No |
| U | KREC32 | krec32.exe | StarrCommander Pro Keystroke logging software | No |
| X | KRNL | Kernl32.exe | Added by the ZOMBY.B TROJAN! | No |
| X | Krnlcheck | csrss.exe | Added by the BOTNACHALA TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% | No |
| U | Krnlmod | Krnlmod.exe | Keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| U | Kryptel Component Start | Kicker.exe | Kryptel encryption software | No |
| X | ksrlnhm | zxatgso.exe | Added by the DLOADER-LI TROJAN! | No |
| X | Ksrv32 | Ksrv32.exe | Added by the AGOBOT-PI WORM! | No |
| X | KTAX Auto Loader | ktax.exe | Added by the SDBOT-MZ WORM! | No |
| U | ktchnsnk | ktchnsnk.exe | HP program found with the Office Jet 500/600/700 series which initializes the Office Jet manager each time the computer is booted up or rebooted | No |
| Y | KTPWare | ktp.exe | Related to KTP Ware TSR Enhancements from ELANTECH | No |
| X | KV2005 | word.EXE | Added by the IW TROJAN! | No |
| X | kv3000 | lover.vbe | Added by the ZSYANG.B WORM! | No |
| X | kvasoft | kva8wr.exe | Added by the ONLINEG.ICC WORM! | No |
| X | kvern16.dll | regsvr32.exe kvern16.dll | DailyWinner adware. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The "kvern16.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| X | kviurs | kav.exe | Added by the SILLYFDC.BBJ WORM! | No |
| X | KvmSecure.exe | KvmSecure.exe | KvmSecure rogue security software - not recommended, removal instructions here | No |
| X | Kvsc3 | Kvsc3.exe | Added by the PWS-ANM TROJAN! | No |
| X | KV_HOST | cxjx.exe | Added by the LEGMIR-BB TROJAN! | No |
| X | kw3eef76 | rundll32.exe kw3eef76.dll, EnableRunDLL32 | LZIO.com adware downloader. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "kw3eef76.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder | No |
| N | kX Mixer | kxmixer.exe | Provides Mixer and Control functionality to KxProject Audio driver for EMU10k based soundcards | No |
| U | KX509 | kx509_kfwk5.exe | Kerberos Secure Authentication for Windows | No |
| ? | KYE_Showicon | shwicon.exe | Card reader for memory cards from digital cameras. Is it required? | No |
| X | KYK Control Settings | KYSVCXD.EXE | Added by a variant of the RBOT WORM! | No |
| X | KYM Control Settings | phqghum.exe | Added by the RBOT.BQD WORM! | No |
| X | L0aders | faxneti.exe | Added by a variant of the SDBOT TROJAN! | No |
| X | l44sys** | freecell | Added by the VBS.LIDO WORM - where ** is a number between 1 and 12 | No |
| X | l44sys** | iexplore | Added by the VBS.LIDO WORM - where ** is a number between 65 and 76 | No |
| X | l44sys** | winmine | Added by the VBS.LIDO WORM - where ** is a number between 33 and 44 | No |
| X | L4r1$$a | L4r1$$a.pif | Added by the ASSIRAL-C WORM! | No |
| Y | Lachesis | razerhid.exe | Razer Lachesis mouse driver | No |
| U | LaCie Backup | LaCieBackup.exe | LaCie '1-Click' backup software for their range of mobile hard drives | No |
| U | laim | aimlite.exe | "AIM Lite is a reference application for testing some new client technology developed here at AOL®, with the goal of being a simple, fun, light IM client" | No |
| X | laltin | L90112201.Stub.exe | Delfin Media Viewer adware related | No |
| X | lameshit | [path to trojan] | Added by the LOWZONE-H TROJAN! | No |
| X | LAN Driver | landriver32.exe | Added by the RBOT.BT WORM! | No |
| X | lanbrup | lanbrup.exe | SafeSurfing adware | No |
| N | Lancement rapide d'Adobe Reader | reader_sl.exe | Speeds up the time it takes to load the Adobe Reader PDF document reader. "The Speed Launcher quickly opens and closes all of the files that Acrobat or Adobe Reader will use when the application starts. Opening and closing the files allows your virus protection software to check these programs and add them to its list of safe files" - see here. Not required for Adobe Reader to function properly. French version | No |
| U | LANDeskInventoryClient | LDIScn32.exe | LANDesk® Management Suite software component | No |
| U | LanguageMonitor | Oplmsb01.exe | OKI Printer language support monitor | No |
| ? | LanguageShortcut | Language.exe | Part of Cyberlink's PowerDVD prior to version 8. Language settings? | No |
| X | LanGuard | languard.exe | Adware downloader - also detected as the SECONDT-C TROJAN! | No |
| X | LanGuard | [path to trojan] | Added by the DLOADER-VO TROJAN! | No |
| X | lanmanwrk.exe | lanmanwrk.exe | Added by the AGENT.AIA TROJAN! | No |
| U | LANMessage Pro | LANMES~1.exe | LANMessage Pro - "a powerful tool for communicating with other people on your office/home network" | No |
| U | LanSpeed2 | LanSpeed2.exe | Monitors any traffic that is using a LAN adapter (Ethernet or Token ring network card) | No |
| ? | LanzarL2007 | [path] setup.exe | ?? | No |
| U | LaoKey | LaoKey.exe | Lao Script for Windows (LSWin) is an extension to the Windows operating system to allow Lao language to be used with many different Windows-based applications | No |
| U | Laplink PDASync 3.0 - LtNts4 | NtsAgnt.exe | Laplink PDASync for (IBM) Lotus Notes 4 - PDA synchronisation utility | No |
| U | Laplink PDASync 3.1 - PocketPC | AUTODE~1.EXE | Laplink PDASync for Windows Mobile Pocket PC - PDA synchronisation utility | No |
| U | Laplink PDASync 3.1 - ScheduleSync | ScheduleSync.exe | Laplink PDASync for ScheduleSync - PDA synchronisation utility | No |
| U | LapLink scheduler | Llsched.exe | Utility that automatically performs file transfers as unattended background operations | No |
| X | Laptop Access | Sage.exe | Added by the SDBOT-NB WORM! | No |
| X | Lar | Llass.exe | Added by the INOR-A TROJAN! | No |
| X | lar | [trojan filename] | Added by the ROXY.C TROJAN! | No |
| X | LARISSA ANTI VIRUS | LARISSA_ANTI_VIRUS.exe | Added by the KLASSIR TROJAN! | No |
| ? | Lasb | ewat.exe | ?? | No |
| X | LaserJet | spoolvs.exe | Added by the DLOADER.PFR TROJAN! This is not the file of the same name from older versions of MS Office - see the link for the location | No |
| X | LasErma | Ermasys32.exe | Added by the LERMA-A WORM! | No |
| X | LAsIAf32 | RePEAtLD.exe | Added by the REPEATLD WORM! | No |
| X | lasse | lasse.exe | Added by the NTOS TROJAN! | No |
| Y | LASTinst | N/A | For Gilat Communications internet satellite systems. Gilat rescue (Satellite system restore). Required if you have this system. Can cause a BSOD (blue screen of death) if left out | No |
| ? | Later | later.exe | ?? | No |
| U | LaunApp | LaunApp.exe | Part of Acer Launch Manager - programmable keys on such laptops as the TravelMate 610 | No |
| ? | Launcg | launcg.exe | ?? | No |
| U | Launch Ai Booster | OverClk.exe | Included with some ASUS motherboards (such as the Maximus Extreme & Striker II Extreme), "AI Booster allows you to overclock the CPU speed in Windows without the hassle of booting the BIOS." Part of AI Suite | No |
| N | Launch Application | LaunchApplication.exe | System Tray access to Nokia PC Suite - which "is a free PC software product that allows you to connect your Nokia device to a PC and access mobile content as if the device and the PC were one." This allows you (amongst other options) to backup your devices contents to your PC, use it to connect to the internet, transfer files and synchronize contacts, etc. Available from the start menu | Yes |
| N | Launch Context 5.0 | Launch.exe | Context - electronic dictionary | No |
| U | Launch K9 | K9.exe | K9 by Robert Keir - "an email filtering application that works in conjunction with your regular POP3 email program and automatically classifies incoming emails as spam (junk email) or non-spam without the need for maintaining dozens of rules or constant updates to be downloaded. It uses intelligent statistical analysis that can result in extremely high accuracy over time" | No |
| U | Launch LCDMon | LCDMon.exe | Driver/utility for Logitech G-Series gaming keyboards and mice | No |
| U | Launch LGDCore | LGDCore.exe | Driver/utility for Logitech G-Series gaming keyboards and mice | No |
| X | Launch Norton AntiVirus 2000 | jorgf.exe | Added by the RBOT-AUI WORM! | No |
| U | Launch PC Probe II | Probe2.exe | Included with some ASUS motherboards (such as the Maximus Extreme & Striker II Extreme), PC Probe II monitors, detects and alerts you if there are any problems with fan rotation, CPU temperature, system volatages and others | No |
| N | Launch YahooPOPs! at Windows startup | YAHOOPOPS.EXE | YahooPOPs - enables free POP3/SMTP access to Yahoo! Mail through a service on localhost that emulates the web interface. Available via Start -> Programs | No |
| U | LaunchAp | LaunchAp.exe | Programmable keys on Acer, Fujitsu and other laptops | No |
| Y | LaunchApp | Alaunch | Part of Acer eRecovery - "a powerful utility that does away with the need for recovery disks provided by the manufacturer, and also acts as a versatile standalone backup and recovery manager". This entry isn't normally running but once eRecovery starts it's used to re-install the software included with the system | Yes |
| N | LaunchApplication | LaunchApplication.exe | System Tray access to Nokia PC Suite - which "is a free PC software product that allows you to connect your Nokia device to a PC and access mobile content as if the device and the PC were one." This allows you (amongst other options) to backup your devices contents to your PC, use it to connect to the internet, transfer files and synchronize contacts, etc. Available from the start menu | Yes |
| U | Launchboard | lnchbrd.exe | "LaunchBoard software from Darwin turns your keyboard into a remote control for the Internet and your computer! With LaunchBoard 2.0, you can customize up to 38 keys on your PC keyboard to instantly launch Web Sites, start applications, perform custom macros, handle Windows shortcuts, store passwords, and perform loads of other customizable functions" | No |
| X | Launcher | launcher.exe | Spyware component related to DownloadWare and found in %ProgramFiles%\KFH | No |
| N | Launcher | relaunch.exe | Audio Applications Launcher for the Philips Rythmic Edge soundcard (the Philips Rhythmic Edge is the same as the Thunderbird PCI soundcard - see TBtray). Available via Start -> Programs | No |
| U | Launcher | launcher.exe | PC Angel recovery program from SoftThinks. Located in a "SMINST" sub-folder of the Windows or Winnt directory | No |
| U | Launcher | Launcher.exe | SpeedUpMyPC 2009 from Uniblue - which "lets you monitor and control all your PC resources with easy, one click instructions. System settings, internet usage, disk clutter, RAM and CPU are all automatically scanned, cleaned and optimized for peak performance." Located in %ProgramFiles%\Uniblue\SpeedUpMyPC | Yes |
| ? | LaunchList | LaunchList2.exe | Part of Pinnacle Studio video editing suite. What does it do and is it required? | No |
| U | LaunchU3 | LaunchU3.exe | U3 LaunchPad system software for U3 smart flash drives. Provides password protected access to applications and personal settings installed and saved on a U3 enabled drive - allowing the user to effectively treat any Windows Vista/XP/2000 PC as though it's their own PC | No |
| X | Lavasoft Ad-Aware | Ad-Aware.exe | Added by the RBOT-SO WORM! Note - this is not the popular Ad-Aware spware/adware removal tool and is located in %System% | No |
| U | Lavasoft Adwatch | Ad-watch.exe | Part of Lavasoft Ad-aware Plus - realtime spyware-monitor watching your memory and registry for spyware that tries to install or change your system | No |
| X | Layersecurity Servicemonitor | LSSMON.EXE | Added by the BANKER.ZAQ TROJAN! | No |
| X | layersldm | hostplsrvc.exe | Added by a variant of the SDBOT WORM! | No |
| X | Laz | Kernn.exe | Added by the BANCOS-LN WORM! | No |
| X | LBTWiz.exe | LBTWiz.exe | Added by the SDBOT-DHY WORM! Note - this is not the legitimate Logitech file which is normally located in %Program Files%\Logitech\SetPoint or %Program Files%\SetPoint. This one is located in %Windir% | No |
| X | Lcass | Lcass.exe | Added by the SILLYFDC-W WORM! | No |
| U | LCD Smartie | LCDSmartie.exe | "LCD Smartie is software for Windows that you can use to show lots of different types of information on your LCD/VFD." Typically used by the PC modding community to display statistics such as CPU temp, fan/cooler speed, etc on an LCD display | No |
| U | LCDC | LCDC.exe | LCDC is an application that displays various information on your LCD or VFD screen. The number of things that LCDC can do is expandable by Plugins | No |
| U | LCDMon | LCDMon.exe | Driver/utility for Logitech G-Series gaming keyboards and mice | No |
| Y | LCDPlayer | LCDPlyer.exe | Related to SuperAdBlocker | No |
| N | lcfep | lcfep.exe | Tivoli 'TME' System Tray icon - "'lcfep' is the program that displays statistics about the Endpoint. Apparently stopping/removing this process has no impact on the Endpoint itself which will continue to function normally" | No |
| ? | LCIDConfig | lcidchng.exe | ?? | No |
| U | LClock | lclock.exe | LClock is a program that makes the Windows' clock look like a Windows Longhorn Clock | No |
| X | lcvga | lcvga.exe | Added by the HOSTOL-A TROJAN! | No |
| X | ld | ld.exe | CoolWebSearch Tooncomics parasite affiliate variant - redirects to fastwebfinder.com | No |
| N | LDM | backweb-8876480.exe | Installed with the software for Logitech products. Automatically checks for software upgrades AND new products, services and special offerings from Logitech | No |
| N | LDM | ldmconf.exe | Installed with the software for Logitech products. Automatically checks for software upgrades AND new products, services and special offerings from Logitech | No |
| N | LDM | LogitechDesktopMessenger.exe | Installed with the software for Logitech products. Automatically checks for software upgrades AND new products, services and special offerings from Logitech | No |
| X | ldriver | ldriver.exe | Added by the CHORUS-A TROJAN! Searchforfree browser hijacker | No |
| U | LED TRAY | LEDTRAY.EXE | Installs a USB compact flash card reader or drive on start-up. The device is distributed by Microtech and is made by a company called SnapShot. Required if you want the reader to work | No |
| U | ledpointer | CNYHKey.exe | Chicony Electronics Multimedia Keyboard Hotkey Driver | No |
| N | LeechGet | LeechGet.exe | LeechGet download manager | No |
| X | leeman | leeman.exe | Added by the COSIAM-D TROJAN! | No |
| U | LELA | Linksys EasyLink Advisor.exe | System Tray access to Linksys EaasyLink Advisor - which "is designed to set up your home network. LELA can locate computers, routers, storage, cameras and printers as well as other devices connected to your network". Included with their newest routers | No |
| X | LEMSRV | lemsrv.exe | Added by the IRCBOT-TC TROJAN! | No |
| U | LENOVO.TPFNF6R | TPFNF6R.exe | Supports the Fn+F6 hotkey combination on IBM/Lenovo Thinkpad notebooks which mutes the microphone | No |
| N | LenovoOobeOffers | LenovoOobeOffers.exe | Displays product upgrades/offers from Lenovo on the first run of a new notebook/desktop. "Oobe" refers to the "Out of box experience" | No |
| X | LetsRock | [path to trojan] | Added by the RANKY.Y BACKDOOR! | No |
| X | LetsSearch | LetsSearch.exe | BrowserAid/BrowserPal foistware | No |
| X | Letum | [path to worm] | Added by the LETUM.A WORM! | No |
| U | Lexmark 1200 Series | lxczbmgr.exe | "Lexmark Scan & Copy Control Program" for the Lexmark 1200 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc | No |
| U | Lexmark 2200 Series | lxbvbmgr.exe | "Lexmark Scan & Copy Control Program" for the Lexmark 2200 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc | No |
| U | Lexmark 3100 Series | lxbrbmgr.exe | "Lexmark Scan & Copy Control Program" for the Lexmark 3100 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc | No |
| U | Lexmark 4200 Series | lxbmbmgr.exe | "Lexmark Scan & Copy Control Program" for the Lexmark 4200 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc | No |
| U | Lexmark 5000 Series Fax Server | fm3032.exe | FaxMan integrates complete fax send and receive support into Windows applications without requiring additional fax software | No |
| U | Lexmark 5200 series | lxbtbmgr.exe | "Lexmark Scan & Copy Control Program" for the Lexmark 5200 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc | No |
| U | Lexmark 5400 Series Fax Server | fm3032.exe | FaxMan integrates complete fax send and receive support into Windows applications without requiring additional fax software | No |
| U | Lexmark 6500 Series Fax Server | fm3032.exe | FaxMan integrates complete fax send and receive support into Windows applications without requiring additional fax software | No |
| U | Lexmark 7600 Series Fax Server | fm3032.exe | FaxMan integrates complete fax send and receive support into Windows applications without requiring additional fax software | No |
| U | Lexmark 9300 Series Fax Server | fm3032.exe | FaxMan integrates complete fax send and receive support into Windows applications without requiring additional fax software | No |
| X | Lexmark Print | lexmark.exe | Added by a variant of the SPYBOT WORM! See here | No |
| U | Lexmark X1100 Series | lxbkbmgr.exe | "Lexmark Scan & Copy Control Program" for the Lexmark X1100 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc | No |
| U | Lexmark X125 Settings Utility | LEX125SU.exe | Settings utility for the Lexmark X125 printer | No |
| U | Lexmark X5100 Series | lxbabmgr.exe | "Lexmark Scan & Copy Control Program" for the Lexmark X5100 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc | No |
| U | Lexmark X5400 Series Fax Server | fm3032.exe | FaxMan integrates complete fax send and receive support into Windows applications without requiring additional fax software | No |
| U | Lexmark X6100 Series | lxbfbmgr.exe | "Lexmark Scan & Copy Control Program" for the Lexmark X6100 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc | No |
| U | Lexmark X63 Button Manager | AcBtnMgr_X63.exe | "Lexmark Scan & Copy Control Program" for the Lexmark X63 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc | No |
| U | Lexmark X63 Button Monitor | ACMonitor_X63.exe | Button monitor for the Lexmark X63 all-in-one multifunction printer/copier/scanner. Works in conjunction with the "Lexmark Scan & Copy Control Program" button manager whose filename is "AcBtnMgr_X63.exe" | No |
| U | Lexmark X73 Button Manager | AcBtnMgr_X73.exe | "Lexmark Scan & Copy Control Program" for the Lexmark X73 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc | No |
| U | Lexmark X73 Button Monitor | ACMonitor_X73.exe | Button monitor for the Lexmark X73 al |