| Name | Status | Filename | Description |
| WinCheck | X | services.exe | Added by the W32.Sober.V
WORM!
Note: This worm file is found in the Windows\ConnectionStatus\Microsoft or Winnt\ConnectionStatus\Microsoft folder. |
| Windows | X | services.exe | Added by the W32.Sober.X
WORM!
Note: This is not the legitimate Windows process services.exe (Which is always found in the System32 folder.) This worm file is found in the Windows\WinSecurity or Winnt\WinSecurity folder.
|
| !1_pgaccount | Y | pgaccount.exe | DiamondCS ProcessGuard security software - stops malicious worms and trojans from being executed silently in the background, as well as a variety of other attacks. You will see one instant of pgaccount.exe for every active account on your system, and this is essential for PG to work properly |
| !1_ProcessGuard_Startup | Y | procguard.exe | DiamondCS ProcessGuard security software - stops malicious worms and trojans from being executed silently in the background, as well as a variety of other attacks. |
| !NoLoad | U | winrecon.exe | WinRecon - surveillance software that creates records of everything people do on a computer, ie, spying or monitoring depending upon how you call it |
| $EnterNet | U | Enternet.exe | Connection manager for the EnterNet ISP. You can also use RASPPOE |
| $sys$cmp | X | $sys$xp.exe | Added by the Backdoor.Ryknos.B
TROJAN!
Note: This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder. Attempts to utilize the Sony Rootkit A.K.A. SecurityRisk.First4DRM security risk to hide itself on the compromised computer.
|
| $sys$drv | X | $sys$drv.exe | Added by the Backdoor.Ryknos
TROJAN!
Attempts to utilize the Sony Rootkit A.K.A. SecurityRisk.First4DRM security risk to hide itself on the compromised computer. |
| $WindowsRegKey%update | X | IEXPLORE.EXE | Added by a W32/Rbot-EZ WORM! Note - this is not the legitimate Internet Explorer iexplorer.exe process, it should not appear in Msconfig/Startup unless you add it manually! |
| %cmpmixtitle% | ? | %cmpmixstr% | Possibly related to C-Media Mixer Control panel? |
| %FP%012-L2TP fts.exe | ? | fts.exe | 012.Net ISP software - what does it do and is it required? |
| %FP%012-L2TP FWPortal.exe | ? | FWPortal.exe | 012.Net ISP software - what does it do and is it required? |
| %FP%1776 Internet fts.exe | ? | fts.exe | 1776 Internet ISP software - what does it do and is it required? |
| %FP%1776 Internet FWPortal.exe | ? | FWPortal.exe | 1776 Internet ISP software - what does it do and is it required? |
| %FP%Barak013 fts.exe | ? | fts.exe | Barak013 ISP software - what does it do and is it required? |
| %FP%Barak013 FWPortal.exe | ? | FWPortal.exe | Barak013 ISP software - what does it do and is it required? |
| %FP%Friendly fts.exe | ? | fts.exe | Friendly ISP software - what does it do and is it required?
|
| (*)API Machine | X | winSOCKS.exe | Homepage hijacker, see here (* = any digit) |
| (*)Run | X | win32API.exe | Homepage hijacker, see here (* = any digit) |
| (default) | X | (random filename).exe | Added by the BLACKMAL VIRUS! |
| (Default) | X | Systrsy.exe
| Added by the Trojan.Cdtray
TROJAN!
Note: This trojan file is found in the Internet Explorer folder. |
| (default) | X | llsass.exe | Added by the TROJ/PROXY-GG TROJAN! |
| (Default) | X | webcam.exe | Added by the Troj/Monad-A
TROJAN!
Note: This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
|
| (Entry name) | X | System.exe | Added by the Troj/Nethief-N
Trojan!
|
| (L4r1$$4) (4nt1) (V1ruz) | X | SP00Lsv32.pif | Added by the ASSIRAL.B WORM! |
| (no name) | X | pathex.exe | Added by the TROJ/MKMOOSE-A WORM! |
| (Original file name) | X | svchost.scr | Added by Troj/Bancban-CX
and Troj/Bancban-DA
TROJANS!
|
| (Original filename) | X | xphost.scr | Added by the Troj/Bancban-HM
TROJAN!
Note: This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
|
| (Original Trojan filename) | X | Install.exe | Added by the Troj/Bancban-FS
TROJAN!
Note: This trojan file is found in the Windows or Winnt folder. |
| (random 12 digit number) | X | actxprxy.exe | Adsrv.com/IeDriver adware variant |
| (random 12 digit number) | X | avicap32.exe | Adsrv.com/IeDriver adware variant |
| (random 12 digit number) | X | browser8.exe | Adsrv.com/IeDriver adware variant |
| (random 12 digit number) | X | avifile5.exe | Adsrv.com/IeDriver adware variant |
| (random 12 digit number) | X | bootvid4.exe | Adsrv.com/IeDriver adware variant |
| (random 12 digit number) | X | cdmodem4.exe | Adsrv.com/IeDriver adware variant |
| (random 12 digit number) | X | acctres8.exe | Adsrv.com/IeDriver adware variant |
| (random 12 digit number) | X | autodisc.exe | Adsrv.com/IeDriver adware variant |
| (random 12 digit number) | X | cabview1.exe | Adsrv.com/IeDriver adware variant |
| (random 12 digit number) | X | atitvo32.exe | Adsrv.com/IeDriver adware variant |
| (random 12 digit number) | X | advpack1.exe | Adsrv.com/IeDriver adware variant |
| (random 12 digit number) | X | batmeter.exe | Adsrv.com/IeDriver adware variant
|
| (random 12 digit number) | X | bidispl2.exe | Adsrv.com/IeDriver adware variant
|
| (random 12 digit number) | X | asferror.exe | Adsrv.com/IeDriver adware variant |
| (random 12 digit number) | X | catsrvps.exe | Adsrv.com/IeDriver adware variant |
| (random 12 digit number) | X | audiosrv.exe | Adsrv.com/IeDriver adware variant |
| (random 12 digit number) | X | admparse.exe | Adsrv.com/IeDriver adware variant
|
| (random 12 digit number) | X | bootvid2.exe | Adsrv.com/IeDriver adware variant
|
| (random 12 digit number) | X | cmpbk321.exe | Adsrv.com/IeDriver adware variant
|
| (Random characters) | X | securewinload32x.exe | Added by the Troj/OptixP-N
TROJAN!
Note: This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder. The file system32dir2a.exe will also be found in the same folder and should be deleted.
|
| (random name) | X | (random filename) | Added by the Troj/StartPa-GL
Trojan!
Found in the WINDOWS or Winnt directory.
|
| (Random number) | X | explorer.exe | Added by the Troj/Keylog-AN
TROJAN!
Note: This trojan file is found in the Windows\service or Winnt\service folder, be sure to check the link for this one, It copies it's self under 9 additional file names, all in the Windows\service or Winnt\service folder. |
| (random) | X | lsass.scr | Added by Troj/Bancban-CW
Trojan! |
| (random) | X | svchost.scr | Added by Troj/Bancban-CY
Trojan!
|
| (Random) | X | svshost.exe | Added by the W32/Kelvir-AX
WORM!
Note: This worm\trojan file is found in the System\(random folder name) (95/98/ME) or System32\(random folder name) (NT/2000/XP) folder. |
| (Randomly chosen existing folder name) | X | _cfg.exe | Added by the W32/Antinny-L
WORM!
|
| (Randomly chosen existing folder name) | X | _login.exe | Added by the W32/Antinny-L
WORM!
|
| (Randomly chosen existing folder name) | X | _start.exe | Added by the W32/Antinny-L
WORM!
|
| (Randomly chosen existing folder name) | X | _config.exe | Added by the W32/Antinny-L
WORM!
|
| (Randomly chosen existing folder name) | X | _autorun.exe | Added by the W32/Antinny-L
WORM!
|
| (Randomly chosen existing folder name) | X | _loader.exe | Added by the W32/Antinny-L
WORM!
|
| (Randomly chosen existing folder name) | X | _env.exe | Added by the W32/Antinny-L
WORM!
|
| (Randomly chosen existing folder name) | X | _setup.exe | Added by the W32/Antinny-L
WORM!
|
| (Registry Value Name) | X | roses.exe | Added by the W32/Rbot-AFT
Worm!
|
| (Unknown) | X | charmapnt.exe | Added by the Troj/Bancos-DR
TROJAN!
|
| (User name) config | X | (Path to Trojan exe) | Added by the Troj/Mosuck-H
TROJAN!
|
| (various file names) | X | mediaplayer32.exe | Added by a variant of the WIN32.RBOT WORM!
|
| (various file names) | X | bling.exe | Added by the W32/RBOT-NI WORM! |
| (various names) | X | win32snd.exe | Added by the W32/RBOT-DQ WORM! |
| (various names) | X | svchostss.exe | Added by a variant of the WIN32.RBOT WORM!
|
| (various names) | X | PasswdMon.exe | TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here |
| (various names) | X | runload32.exe | TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here |
| *JanisRuckenbrodII | X | janis.com | Added by the POPS VIRUS! |
| *Microsoft Update | X | wucxt.exe | Added by the W32.HLLW.STMU TROJAN! |
| *Microsoft Update | X | wuytc.exe | Added by the W32.HLLW.STMU TROJAN! |
| *Microsoft Update | X | ctxma.exe | Added by the W32.HLLW.STMU TROJAN! |
| *Microsoft Update | X | wstcl.exe | Added by the W32.HLLW.STMU TROJAN! |
| *Microsoft Update | X | cxma.exe | Added by the W32.HLLW.STMU TROJAN! |
| *microsoft update | X | cxma.exe | Added by the W32.HLLW.STMU TROJAN |
| *MS Setup | X | [random file name] | Virtumondo adware, also known as the VUNDO TROJAN! |
| *Security Center | X | secctr.exe | Added by the SDBOT.BRO WORM! |
| *StateMgr | Y | statemgr.exe | Windows ME default for System Restore. Do NOT disable! |
| *windows update | X | wurauclt.exe | Added by the W32/RBOT-SY WORM! |
| *windows update | X | wsctl.exe | Added by the SPYBOT.PR WORM! |
| *windows update | X | wscxt.exe | Added by the RBOT.AOS WORM! |
| *windows update | X | wkmst.exe | Added by the SDBOT.AVD WORM! |
| *windows update | X | wuaucrlt.exe | Added by the SPYBOT.HUR WORM! |
| *windows update | X | waurclt.exe | Added by a variant of the WIN32.RBOT WORM! |
| *WinLogon | X | [trojan path] ren time:[random number] | Added by the VUNDO TROJAN!
|
| *winstats | X | winstats.exe | Added by the Trojan.Gargafx
TROJAN! Note: This trojan file (winstats.exe) is found in the Windows or Winnt folder. |
| *wuauclt.exe | X | w****.exe (* = random char) | Added by a variant of the W32/RBOT-UG WORM! - NOTE: * in the file name represents a random char; variants spotted: wxmct.exe, wtmsv.exe, wxmst.exe, wmsvc.exe and so on... |
| *wuauclt.exe | X | wmsvc.exe | Added by the W32/RBOT-UG WORM! |
| ,main drive Loader | X | wininfo.exe | Suspected malware as it appears in 3 different registry locations - see here |
| .mscdr | X | lassa.exe | Added by the WEBUS.C TROJAN! |
| .mscdr | X | lsvchost.exe | Added by the WEBUS.D TROJAN! |
| .mscdsr | X | lsvchost.exe | Added by the Troj/Bdoor-CR
Trojan!
|
| .mscsbl | X | svhost.exe | Added by the BACKDOOR-CMQ TROJAN! |
| .msfupdate | X | msveup.exe | Added by the W32.ALLOCUP.A WORM! |
| .mssecure | X | mssecure.exe | Added by the DDOS_BOXED.X TROJAN! |
| .mssecure | X | mssecure.exe | Added by the Troj/Borobot-B
Trojan!
|
| .NET config | ? | sysmon32.exe | ?? |
| .norton | X | rchost.exe | Added by a variant of the BOXED-A
TROJAN! |
| .Prog | X | services.exe | Added by the NEVEG.B or NEVEG.C WORMS! Note - this is not the valid Windows Service Controller (services.exe ) process |
| .Prog | X | winlogon.exe | Added by NEVEG.A WORM! Note - this is not the valid Windows Logon winlogon.exe process |
| .svchost | X | CSRSS.EXE | Added by the WEBUS.F TROJAN! - NOTE - this file is placed in the Winnt\System or Windows\System folder, and should NOT be confused with the legitimate Windows Client Server Runtime Subsystem csrss.exe process, which provides text window support, shutdown, and hard-error handling, always located in the Winnt\System32 or Windows\System32 folder, and which moreover should NOT figure in Msconfig/Startup!
|
| .TEXTCONV | X | csrss.exe | Added by the WEBUS TROJAN! Note - this is not the valid Client Server Runtime Subsystem csrss.exe process, which provides text window support, shutdown, and hard-error handling |
| .WMAudio | X | csrss.exe | Added by the WEBUS TROJAN! Note - this is not the valid Client Server Runtime Subsystem csrss.exe process" which provides text window support, shutdown, and hard-error handling |
| .WMAudio | X | lsass.exe | Added by a Webus.B trojan infection. Note - this is not the legitimate Lsass.exe system file, which should normally NOT figure in Msconfig/Startup |
| /l:eng | N | N/A | Related to the Dell OEM version of the Sound Blaster Audigy 2 sound card. If this item is listed and checked in startup, the System32 Folder will appear on every startup |
| 000 | U | pit.exe | Added by the PrivateEye SPYWARE! **Note - If you did not intentionally install this remove it. |
| 000hpdllhos | X | hpdllhost.exe | LZIO.com adware downloader |
| 000StTHK | U | 000StTHK.exe | Toshiba Hot key functionality for the function keys (Fn-Esc, Fn-F1 (lock), Fn-F2, Fn-F3, Fn-F4, Fn-F5 (switching between laptop and CRT display output), etc...) |
| 0050726-007-i32-1 | X | 0050726-007-i32-1.exe | Added by the Troj/Bancban-EC
TROJAN!
|
| 00DSKSVR00 | N | desksaver.exe | Related to Advanced_Desktop_Shield |
| 00DSKSVR01 | N | desksaver.exe | Related to Advanced_Desktop_Shield |
| 00THotkey | U | 00THotKey.exe | For Toshiba Satellite notebook series to use the front buttons, play, stop, next, prev. |
| 0190 Warner | U | WARN0190.EXE | Anti-dialer program (Germany) |
| 0900 Warner | U | WARN0900.EXE | Anti-dialer program (Germany) |
| 0utlook Express | X | *****.exe (where * = random char) | Added by the W32/RBOT-CC WORM! |
| 1 | X | 1.exe | Added by the ESTEEMS TROJAN! |
| 1 | X | svchost.scr | Added by PWSteal.Bancos.X Trojan.
|
| 1 | X | lsass.scr | Added by the PWSteal.Bancos.V TROJAN! |
| 11 | X | faxcomdos.exe | Added by the Tuimer TROJAN! |
| 1111swapmgr.exe | X | 1111swapmgr.exe | Added by the BDOOR-IC TROJAN! |
| 123456 | X | rundll32.exe shell32.dll, Control_RunDLL ...123456.cpl | Added by the KITRO.C (or DANDI.A) VIRUS! 123456 can be any random 3 to 6 digit number |
| 12Ghosts Popup-Killer | U | 12popup.exe | 12Ghosts Popup-Killer |
| 17779Proj2002 | ? | N/A | ?? |
| 180adsolution | X | 180adsolution.exe | 180Solutions/N-Case adware variant
|
| 180ax | X | 180ax.exe | 180Solutions/N-Case adware variant
|
| 180ClientStubInstall | X | stubinstaller****.exe (* = digit) | 180Solutions adware related |
| 180ClientStubInstall | X | ******.exe (* = random digit/character) | 180Solutions adware related |
| 180ClientStubInstall | X | ******.tmp (* = random digit/character) | 180Solutions adware related |
| 1: | N | hpdrv.exe | HP utility for monitoring when and how many recoveries have been done |
| 1A:MacVisionTrayMonitor | N | TrayMonitor.exe | Comes with the MacVision program for monitoring tray icons (Note : program is by Stardock) |
| 1A:Stardock MCP | Y | mcpserver.exe | Master Control Program for Stardock apps, in development. People should leave it running if they're using any of the Stardock applications |
| 1A:Stardock TrayMonitor | Y | TrayServer.exe | For monitoring tray icons - if disabled icons will not be displayed in ObjectBar or DesktopX |
| 1CmailS | ? | NETMAIL.EXE | ?? |
| 1on1 | X | 1on1.exe | Adult content dialler |
| 1Srv32 | U | SpyAgent4.exe | SpyTech SpyAgent monitoring software. "Spy software that allows you to monitor EVERYTHING users do on your PC." |
| 1Win32Cfg | U | SpyBuddy.exe | SpyBuddy monitoring software |
| 1Win32Cfg | U | Keyloggerpro.exe | KeyloggerPro - monitoring software |
| 1WinCfg32 | X | "\WebMailSpy.exe | Added by WebMailSpy SPYWARE! |
| 2020Downloader | X | mssvr.exe | 2020Search Toolbar related. Reported to be auto-installed |
| 252 | X | winmgr.exe | Added by the Troj/LegMir-AT
TROJAN!
|
| 27 | X | slsorve.exe | Added by the SLSORVE-A TROJAN! |
| 27 | X | csrss32.exe | Added by the TROJ/SLSORVE-D TROJAN! |
| 27 | X | msm32.exe | Added by the TROJ/SLSORVE-E TROJAN! |
| 2kadiras | Y | 2kadiras.exe | Allied_Telesyn AT series router/modem related - apparently required
|
| 2thousandbuck | X | (path to file) | Added by the RANKY.L TROJAN!
|
| 2wSysTray | U | 2portalmon.exe | 2Wire Homeportal user interface |
| 32-bit Thunking service | X | thunk32.exe | Added by the W32.Derdero.A WORM! |
| 357AA41A-B7A8-4632-A27D-5B980B25CF43 | X | [path to svchost.exe] | Added by the SMALL-AQ TROJAN! |
| 357AA41A-B7A8-4632-A27D-5B980B25CF43 | X | services.exe | Added by FakeMessage/AdRotator adware - NOTE - this file is placed in a Winnt\System32\Inetserv or Windows\System32\Inetsrv folder, and should NOT be confused with the legitimate Windows services.exe process, always located in the Winnt\System32 or Windows\System32 folder, and which moreover should NOT figure in Msconfig/Startup!
|
| 3c1807pd | Y | 3cmlink.exe 3cpipe-3c1807pd | 3Com WinModem driver. See here for more WinModem information |
| 3capplnk | Y | 3capplnk.exe | US Robotics Modem driver |
| 3cdminic | N | 3CDMINIC.EXE | 3Com DMI (DynamicAccess Desktop Management Interface) Agent associated with 3Com network cards |
| 3CM Link | Y | 3cmcnkw.exe | Required for a US Robotics WinModem as it provides the link to Windows - won't work without it. |
| 3Cmlink | Y | 3CmlinkW.exe | For a US Robotics WinModem. Provides the link to Windows as the CPU does the processing on WinModems - won't work without it. See here for more WinModem information |
| 3ComDMIAgent | N | 3CDMINIC.EXE | 3Com DMI (DynamicAccess Desktop Management Interface) Agent associated with 3Com network cards |
| 3D Text | N | 3D Text.scr | Added by the JERMY.A VIRUS! |
| 3Deep Control Panel | U | 3DeepCTL.EXE | From LightSurf Technologies (nee E-Color) - 3Deep corrects lighting, shading and color for all your 2D and 3D games |
| 3Dfx Acc | X | GFXACC.EXE | Added by the GIBE VIRUS! |
| 3dfx Task Manager | N | 3dfxMan.exe | System Tray application for 3dfx Voodoo 3/4/5 functions. Available via Start -> Programs |
| 3dfx Tools | Y | 3dfxCmn.dll | Updates the registry with information that can't be held for Voodoo 3/4/5 series graphics cards. Important for owners of these cards |
| 3dfxv2ps.dll | Y | 3dfxv2ps.dll | Updates the registry with info that can't be held for 3dfx Voodoo 2 video cards. Important for owners of these cards |
| 3Dlabs Taskbar Display Manager | ? | 3DLman.exe | 3DLabs graphics driver related. System Tray access to display settings? |
| 3DLabsHelperDemon | U | 3dldemon.exe | Directly from the programs author "It is a tiny program that is installed by the Permedia2/3 and probably other Oxygen-series cards. Normally it sits in the background doing nothing at all (sleeping on a semaphore), so it should take zero CPU time and virtually zero memory, since it will all be paged out to the hard drive." In most cases it can be safely disabled |
| 3DMouse.EXE | Y | 3DMouse.EXE | Dritek System Inc. 3D Mouse driver |
| 3d_sound | X | 3d_sound.exe | Added by the Troj/Riados-A
TROJAN!
Note: This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
|
| 3qdctl.exe | U | 3qdctl.exe | Provided with Terratec 128i PCI and similar sound cards. Loads a sound profile at bootup, restoring volume and other audio settings to a pre-determined default. Similar to Creative Lab's AudioHQ |
| 3ware 3DM | Y | 3dm.exe | Monitors status of the disk array on 3ware IDE RAID controllers |
| 4wd!!! | X | Natal!.pif | Added by the OPASERV.AI VIRUS! |
| 5-1-61-96 | X | members-area.exe | Adult content dialler |
| 5-2-46-112 | X | 5-2-46-112.exe | Adult content pop-up dialler. Removal instructions here |
| 55278 | X | grepclient1.exe | Added by the Troj/Lineage-S
Trojan! |
| 5p4m | X | (Path to Trojan) | Added by the Troj/Litebot-C
TROJAN!
|
| 666 | X | Ska.exe | Added by the Troj/Pipes TROJAN! |
| 678 | X | lsas32.exe | Added by the Troj/Slsorve-C
TROJAN!
|
| 98D0CE0C16B1 | X | rundll32.exe D0CE0C16B1,D0CE0C16B1 | BrowserAid/Startium parasite related |
| 9xadiras | Y | 9xadiras.exe | Allied_Telesyn AT series router/modem related - apparently required
|
| 9xHtProtect | X | AVprotect9x.exe | Added by the W32.NETSKY.M WORM! |
| ;Rundll | X | (random filename) | Added by the PWSLEGMIR.E VIRUS! |
| X | Regsrv32.com | Added by the SOUTHGHOST VIRUS! |
| X | App.exe | Added by the WAXPOW VIRUS! where <filename> is the executed filename |
| X | wincpu.exe | Added by an unidentified VIRUS! |
| X | elf.exe | Elf is a hacker program, tied to a trojan server |
| ?ekio Startups | X | ?nksvc32.exe | Added by the W32/AGOBOT-OV WORM! |
| @ | X | regedit -s ..win.dll | Added by the SEEKER.K VIRUS! |
| @Hoc Toolbar | N | AtHoc.exe | One-click activated browsing toolbar used by various web-sites. See here for more info |
| @loha | N | reminder.exe | Registration reminder for @loha@home E-mail utility |
| @tour_ww | X | @tour_ww[1].exe | Adult content dialler |
| a | X | a.exe | Commercials file that registers itself in the system registry and redirects IE to a certain commercial website |
| a | X | jesse.exe | Added by the W32/Melo-A
WORM!
Note: This worm file is found in the system32\drivers\etc folder.
|
| A New Windows Updater | X | w32NTupdt.exe | Added by W32.Mytob.BM WORM! |
| a-squared | U | a2guard.exe | a-Squared antitrojan - can be run on demand, but necessary in Startup, if you prefer the a² 'Background Guard' real time protection feature |
| a-winpoet-service | Y | winpppoverethernet.exe | WinPoET is the industry's first Windows-based PPP over Ethernet client. Developed by iVasion, WinPoET is attractive to equipment providers, modem suppliers, RBOCs and ISPs. For more info read here. It uses dial-up networking for new high-speed internet customers who are more familiar with analogue modems. If unchecked in MSCONFIG it reports Error 360 - Hardware Error in dial-up networking |
| A1000 Settings Utility | U | cpqa1000.exe | Compaq A1000 Print Fax All-in-One copy scan printer software. Required in the Startup in order to scan, print, copy and fax. Only required if you use these features |
| A4Proxy | U | A4Proxy.exe | Anonymity 4 Proxy - local proxy server that makes you anonymous when visiting web sites |
| A70F6A1D-0195-42a2-934C-D8AC0F7C08EB | X | rundll32.exe E6F1873B.DLL,D9EBC318C | BrowserAid/Startium parasite related |
| AAACLEAN | ? | AAACLEAN.INF | ?? |
| AAAKeyboard | ? | ?? | ?? |
| AAATraySaver | N | TraySaver.exe | System Tray management utility from Mike Lin which allows you to hide, show, restore icons that are lost in an Explorer crash, remove dead tray icons, minimize any window to the System Tray |
| AAK | U | aak.exe | Advanced Anti-Keylogger - "Anti-spy software to prohibit operation of any keyloggers currently in use or presently being developed anywhere" |
| Aaou | X | amee.exe | PurityScan/Clickspring adware |
| Aapp | X | adprot | AdBlaster adware |
| aauclient | ? | ACNUpdater.exe | Appears to be related to software from Accenture.com - what does it do and is it required? |
| ab EazyScheduler | ? | ezsched.exe | ?? |
| ABBYY Community Agent | N | CAGENT.EXE | Installed with the Optical Character Recognition (OCR) software that comes bundled with a Compaq A3000 all-in-one printer/scanner. Its function appears to be to link you to the internet in an attempt to buy the 5.0 version of the software |
| ABC | X | keylogger.exe | Monitors keystrokes so you can check if someone has typed anything while your away from your PC. Reported as spyware by SpyCop in their FAQ |
| abcdefgh | X | abcdefgh.exe | Malware - detected by Panda antivirus as the DOWNLOADER.EPJ TROJAN!
|
| ABITEQ | N | abiteq.exe | Monitoring utility for ABIT Motherboards. Displays system voltages, temperatures and fan speeds. |
| Absolute Shield | U | dseraser.exe | Absolute Shield/Evidence Eliminator - iternet history eraser |
| Absolute StartUp monitor | U | ASMon.exe | Absolute Startup - startup monitor from F-Group Software |
| ABsr | X | absr.exe | Added by the AUTOUPDER VIRUS! |
| absr | X | mwsvm.exe | SeekSeek search hijacker related - as seen here |
| abtu | X | mp3serch.exe | Loads the executable for Lop.com. mp3serch.exe is the final version whilst lopsearch.exe is the beta version |
| abtu | X | lopsearch.exe | Loads the executable for LOP adware - mp3serch.exe is the final version whilst lopsearch.exe is the beta version |
| AbyssWebServer | U | abyssws.exe | Abyss web server |
| AcBtnMgr_Xxx | Y | AcBtnMgr_Xxx.exe | Associated with the Lexmark Xxx (where "xx" is the model) all-in-one printer/scanner/copier. Required for correct operation |
| acc | U | acc.exe | Advanced Call Center - "full-featured yet easy-to-use answering machine software for your voice modem" |
| ACCDEFRAGINFO | X | (path to file) | Added by the W32/Darby-O WORM! |
| Accelerate | U | accelerate.exe | Webroot Accelerate - allows you to optimize Windows network registry settings in order to boost surfing speeds. Leave this enabled if you find it improves your connection |
| Access Ramp Monitor | N | armon32.exe | Monitors your progress on the internet; hang-ups, connection speeds, internet congestion and traffic flow. It prevents some games from running also. To disable the Access Ramp Monitor (1) Open Windows Explorer (2) Open the Program Files folder (3) Open the MindSpring folder (4) Open the AccessRamp folder (5) Double-click on the ARMCfg32.exe file (6) Uncheck Enable Dialup Monitor and click OK (7) Restart the computer and try again |
| Access WebControl | X | [path to file] | Added by the TROJ/PPDOOR-M TROJAN!
|
| AccessManager | U | AccessMgr.exe | Part of SmartPipes SecureSite software - "SecureSite enables rapid turnup and enhanced administration of VPNs. It automates and simplifies tasks for VPN design and policy management, access control management, and key management"
|
| AccessMedia P2P Loader | X | amp2pl.exe | My AccessMedia toolbar related, stealth installed! |
| AccessoriesPlus | U | clockplus.exe | "Clock Plus", part of Accessories_Plus allows you to select from dozens of alternatives for the Windows clock. |
| AccessRamp Monitor01 | N | ARMon32a.exe | From a visitor "Just wanted to provide you with some info on Access Ramp software installed with Verizon DSL accounts in those areas that use the Winpoet PPPoE software. The Access Ramp TSRs are installed as part of IP Insight software (can't remember the software maker). You can decline to install IP Insight during Winpoet setup, or go into Add/Remove programs uninstall IP Insight by hand if it's already installed. It really doesn't do a darn thing for you. It was intended to help DSL techs monitor QoS, but the backend part was never implemented (at least as of earlier this year). This will not affect the user's ability or inability to access their DSL service." |
| AccessRampLAN01 | N | ARUpld32.exe | Version of the above for LAN connections - a history uploader. The key in turning it off is a file named ARUCfg32.exe. This file (ARUCfg32.exe) does not show up in the startup process. If you have this file, you can execute it and remove all the monitoring activities it does. Removing all the checks in all the boxes (both tabs) still calls ARUpld32.exe to start when you start the dial up. You can block it from sending info if you have Zone Alarm installed. Renaming the extension of ARUCfg32.exe to ARUCfg32.exe1 works. The ARUpld32.exe is not loaded when launching the dial up client. Written by IP Insight and also included with Earthlink Total Access 2003 |
| AcctMgr | U | AcctMgr.exe | Norton™ Password Manager - part of Norton SystemWorks 2004 - stores passwords and other personal information, and retrieves the data needed for email logins, shopping orders, banking, and other online activities—all from the safety of your own PC |
| AccuWeather.com® Desktop | N | ?? | Desktop weather from AccuWeather.com |
| accwizz.exe | X | accwizz.exe | Added by the W32.Ruland.A
WORM!
|
| accwizzz.exe | X | accwizzz.exe | Added by the W32.Ruland.A
WORM!
|
| Acecad.Wtxpload | Y | Wtxpload.exe Acecad | driver for an AceCad USB Graphics Tablet |
| AceGain LiveUpdate | N | LiveUpdate.exe | AceGain_LiveUpdate . "AceGain LiveUpdate provides a fully managed and customizable LiveUpdate platform that seamlessly integrates with a game. As soon as an update is made available, AceGain manages the alert, download and installation as well as version control and user network preferences." |
| AcerGoto | U | AcerGoto.exe | Acer Computer "Goto Drive" Cold Swap Driver - a swappable second disk drive provides convenient backup of large files, or easy importation of data from user's previous computer. |
| AcerNotebookManager | U | almxptray.exe | System Tray access on some Acer Notebooks to give faster access to system settings |
| AcerPowerkey | U | Powerkey.exe | PowerKey utility for Acer TravelMate notebook PCs. Allows the user to quickly switch between different power schemes by pressing Fn F3 |
| Aceu | X | [random file name] | PurityScan/Clickspring adware |
| AceUtils | N | au.exe | Related to Ace Utilities from Acelogix_Software
Note: this is NOT to be confused with the au.exe used by the BEAGLE.B worm! |
| AClntUsr | U | AClntUsr.exe | Altiris AClient Service Windows Tray Icon |
| Acme.PCHButton | N | pchbutton.exe | Used by HP Instant Support |
| ACMonitor_Xxx | Y | ACMonitor_Xxx.exe | Associated with the Lexmark Xxx (where "xx" is the model) all-in-one printer/scanner/copier. Required for correct operation |
| acocash | X | fastdown.exe, fastfown.exe | Adult content dialler |
| Acombo3dmouse | U | Acombo3d.exe | Mouse driver - required if you use non-standard Windows driver features |
| Aconti | X | aconti.exe | Adult content dialler |
| acoustic | U | acoustic.exe | Control panel program for Philips Acoustic Edge soundcard. Not required unless changed settings aren't retained |
| acpart | N | agpart11.exe | Program for finding trucks on-line |
| Acrobat Assistant | U | ACROTRAY.EXE | Used to create PDF files with Acrobat Distiller. For Win9x/Me systems you can run this file manually beforehand. For WinXP systems this file must run at startup. Hence the "U" recommendation |
| Acronis Scheduler2 Service | U | schedhlp.exe | Part of Acronis True Image - backup software. Co-operates with the "schedul2.exe" servuce to perform backup/restore tasks correctly. Required if you want to use TrueImage to do some real backup/restore tasks - not if you only want to explore/mount images |
| Acronis True Image Monitor | N | TrueImageMonitor.exe | Part of Acronis_True_Image - backup software. Can be disabled without affecting TrueImage |
| Acronis TrueImage Monitor | N | TrueImageMonitor.exe | Part of Acronis True Image - backup software. Can be disabled without affecting TrueImage |
| AcronisTrueImage Monitor | N | TrueImageMonitor.exe | Part of Acronis_True_Image - backup software. Can be disabled without affecting TrueImage |
| Action Manager 32 | N | am32.exe | Associated with a Plustech scanner. Small utility that runs in the background for doing fax/copy/etc. Available via Start -> Programs |
| ActionAgent | ? | actionagent.exe | "A COM server that runs on the client as part of the Dell OpenManage Client Instrumentation 6.x package; provides a simple method for a remote administrator to perform actions on the instrumented client". Is it required? |
| Activation | N | Activation.exe | Part of Microsoft Money |
| Activboard | U | MMKeybd.exe | Packard Bell ActiveBoard keyboard - multimedia keyboard manager. Required if you use the additional keys and want to see the status of the Num Lock, Caps Lock, Scroll Lock keys |
| Active Bit Station | X | abs.exe | Added by the W32.MYTOB.BZ WORM! |
| Active Email Monitor | U | aem25.exe | Active_Email_Monitor checks multiple accounts for email, serves as a SPAM filter and can also protect you from harmful items that can be sent via email.
|
| Active shield | U | Activeshield.exe | Active_Shield is "an heuristic screen that actively protects your computer from trojans, spyware, adware, trackware, dialers, keyloggers, and even some special kinds of viruses["
|
| ActiveDesktop | X | systray32.exe | Added by the DABOOM VIRUS! |
| ACTIVEDS | X | ACTIVEDS.EXE | Added by the OPASERV.T VIRUS! |
| ActiveEyes | N | ActiveEyes.exe | ActiveEyes from TFI Technology |
| ActiveMenu | U | ActiveMenu.exe | Wild Tangent demo games that come with some HP computers. Unchecking it can prevent the games from running occasionally. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case |
| ActivePlus | U | activeplus.exe | Interactive Agents Plugin for Messenger Plus! (MSN Messenger add-on) |
| ActiveShield | Y | MCVSSHLD.EXE | McAfee VirusScan On-line. See also McAgentExe entry. |
| ActiveSpeed | U | AS.exe | Ascentive ActiveSpeed Internet Optimizer |
| ActiveX Streamer | X | msgfix.exe | Added by the SDBOT.NQ WORM! |
| ActiveXUpdate | X | svcss.exe | Added by a variant of the DEDLER.C TROJAN! |
| Activity | U | actik.exe | ActivityKey Keystroke logger/monitoring program - remove unless you installed it yourself! |
| ActivSurf | N | backweb*****.exe | Packard Bell ActivSurf - automatically detects an internet connection and downloads any available updates |
| ActMaker | U | ActMak25.exe | The ActMaker mouse and keyboard toolkit can record the daily operation of your computer and reduce your workload. You don't need to do any coding, nor are you required to know a lot about the computer.
|
| ACU | U | ACU.exe | Atheros wireless Client Utility For HP Compaq |
| ACU_QSB | U | ACU.exe | Atheros wireless Client Utility For HP Compaq |
| Ad Blocker | U | blocker.exe | Ad Blocker - blocks popups, and also removes banners, image ads and flash ads |
| Ad Blocker Pro | U | Ad Blocker Pro.exe | "Ad Away" popup and banner remover |
| Ad Muncher | U | AdMunch.exe | Ad Muncher removes adverts, pop-ups and general annoyances in your browser, file-sharing and
messenger programs. Causes conflicts with Outlook, game sites and web-building applications |
| Ad Online Guide | ? | adonlineguide.exe | ?? |
| Ad-aware | N | Ad-aware.exe | Ad-aware from Lavasoft. Checks your PC for "Spyware" which reports back your internet activities to "base". Available via Start -> Programs |
| Ad-Aware | X | Ad-Aware.exe | Added by the W32/Rbot-ADJ
Worm!
|
| Ad-Aware-6 | X | WINDOWSUPDATER.EXE | Added by an unidentified WORM or TROJAN! |
| Ad-Muncher | U | ADMUNCH.EXE | Ad Muncher removes adverts, pop-ups and general annoyances in your browser, file-sharing and messenger programs. Causes conflicts with Outlook, game sites and web-building applications |
| Ad-watch | U | Ad-watch.exe | Part of Lavasoft Ad-aware Plus - realtime spyware-monitor watching your memory and registry for spyware that tries to install or change your system |
| AD2KClient | U | AD2KClient.exe | Executable for Active Disk from Iomega disk - allows software applications to be run directly from an Iomega Zip® disk. Required if you wish the applications to launch on insertion of a disk |
| Adaptec DirectCD | N | Directcd.exe | DirectCD primarily allows you to drag and drop files onto a suitably formatted CD-RW disc. Unless you use this on a frequent basis it isn't required and is available via Start -> Programs. Start the program before inserting a DirectCD formatted CD-RW in the drive. A re-boot is recommended if you close Adaptec DirectCD before re-opening it again later |
| AdaptecDirectCD | N | Directcd.exe | DirectCD primarily allows you to drag and drop files onto a suitably formatted CD-RW disc. Unless you use this on a frequent basis it isn't required and is available via Start -> Programs. Start the program before inserting a DirectCD formatted CD-RW in the drive. A re-boot is recommended if you close Adaptec DirectCD before re-opening it again later |
| AdAware | X | wini.exe | Added by the W32/RBOT-XN WORM! |
| Adaware Bootup | N | ad-aware.exe | Ad-aware from Lavasoft. Checks your PC for "Spyware" which reports back your internet activities to "base". Available via Start -> Programs |
| Adaware lptt01 or Adaware ml097e | X | adaware.exe | Variant of the RapidBlaster parasite (in a "Adaware" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here. Note - this is not the valid Lavasoft Adaware |
| Add**.exe (* = random char) | X | Add**.exe (* = random char) | CoolWebSearch/HomeSearch adware component - for examples, see this log
|
| Add**32.exe (* = random char) | X | Add**32.exe (* = random char) | CoolWebSearch/HomeSearch adware component - for examples, see this log.
|
| AddClass | X | (Path to Trojan) | Added by the Troj/SecDl-A
TROJAN!
|
| AdDelete | U | AdDelete.exe | Banner advertisment blocker |
| AdDestroyer | X | AdDestroyer.exe | Like VirtualBouncer, malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the malware it claims to remove/prevent, so definitely qualifies as unsolicited commercial software in itself. It also has an update feature that can download and execute arbitrary code |
| ADG | ? | ADG.exe | SoundBlaster Audigy related? |
| ADGJdet | N | ADGJDet.exe | Added with SoundBlaster Live! or Audigy soundcards for headphone autodetection |
| Adiras | Y | Adiras.exe | ADSL USB modem related |
| ADM Library Loader | X | admlib32.exe | Added by a variant of the SDBOT WORM! |
| Admanager Controller | X | AdManCtl.exe | WindUpdates ADW_WINAD.M adware |
| Admilli Service | X | AdmilliServ.exe | WindUpdates AdmilliServ adware |
| Administrator | X | svchost.scr | Added by the Backdoor.Novacal
TROJAN!
Note: This trojan file is found in the Windows\Fonts or Winnt\Fonts folder. |
| AdminSoft | X | sysfile.vbs | Added by the VBS/STARGRUB-A WORM! |
| Adobe | X | Adobe.exe | Added by an unidentified VIRUS! |
| Adobe | X | sysconfig.exe | Added by an unidentified WORM or TROJAN! |
| Adobe | X | sysbat32.exe | Added by the TROJ_LOWZONES.T TROJAN! |
| adobe | X | gam.exe | Added by an unidentified WORM or TROJAN! |
| Adobe | X | zteam.exe | Added by an unidentified TROJAN! |
| Adobe Acrobat Distiller Application | X | acrotray.exe | Added by the W32.RANDEX.DFJ WORM! |
| Adobe Acrobat Reader CFG | X | [random file name] | Added by a variant of the WIN32.RBOT WORM!
|
| Adobe Gamma Loader | U | Adobe Gamma Loader.exe | Adjusts monitor colours across all programs, including Photoshop. It is needed by some graphics professionals who want their monitor calibrated. Most home users will not need it. In my case I can verify this as Photoshop loads fine |
| Adobe Photoshop 7.0 | X | AdobePhotoshop.exe | Added by a variant of the W32/SDBOT WORM! - NOTE: Do NOT confuse with the Adobe photo editing software of the same name! |
| Adobe Reader Speed Lauch | N | reader_sl.exe | Speeds up the lauch of Adobe (Acrobat) Reader 7 |
| Adobe Reader Speed Lauch | N | READER~1.EXE | Speeds up the lauch of Adobe (Acrobat) Reader 7 |
| Adobe Reader Speed Launch | N | reader_sl.exe | Speeds up the time it takes to load the Adobe_Reader application. Your choice, but not required for Adobe Reader to function properly |
| AdobeA | X | adobes.exe | Added by the FLOOD.BA VIRUS! |
| AdobeFonts | X | fonts.hta | Browser hijacker - redirecting to Hugesearch.net |
| AdobeReaderPro | X | msnxpsp.exe | Added by the W32/Rbot-ASK or W32/Rbot-AUS WORM! Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder |
| AdobeReaderPro | X | ntkernell32.exe | Added by W32/RBOT-ATY WORM! |
| AdobeVersionCue | N | VersionCueTray.exe | "An exclusive feature of the Adobe(r) Creative Suite, Version_ Cue(tm) helps you find files fast, track multiple versions of your files, and share your files for creative collaboration"
|
| Adope File Manager | X | lsasv.exe | Added by an unidentified WORM or TROJAN! |
| adp | X | adp.exe | Spyware installed by Net2Phone, Limewire, Cydoor, Grokster, KaZaa, etc |
| AdPopup | X | dcf5678.exe | Added by the Troj/Agent-FZ
TROJAN!
Note: This trojan file is found in the Windows or Winnt folder. |
| adprot | X | adprot.exe | AdBlaster adware variant |
| ADQuickAccess | N | Adtray.exe | After Dark for Windows. Screen saver creation program produced before screen savers became integrated into Win95 |
| AdRoarUpdate | X | ARUpdate.exe | AdRoar adware updater |
| AdRotator.Application | X | csrss.exe | AdRotator adware variant - Note - do NOT be confuse with the legitimate Windows Client Server Runtime Subsystem csrss.exe process, which provides text window support, shutdown, and hard-error handling, located in the Winnt\System32 or Windows\System32 folder, and which should NOT figure in Msconfig/Startup!
|
| AdRotator.Application | X | services.exe | Added by FakeMessage/AdRotator adware - NOTE - this file is placed in a Winnt\System32\Inetserv or Windows\System32\Inetsrv folder, and should NOT be confused with the legitimate Windows services.exe process, always located in the Winnt\System32 or Windows\System32 folder, and which moreover should NOT figure in Msconfig/Startup!
|
| ADService | U | ADService.exe | Part of Iomega's Active Disk - allows software applications to be run directly from an Iomega Zip® disk. Required if you wish the applications to launch on insertion of a disk |
| AdsGone | U | Adsgone.exe | AdsGone - pop-up stopper |
| ADSL Diagnostic Tools | N | mapiicon.exe | System tray access to ADSL modem diagnostic tools. Available via Start -> Programs |
| ADSLSYSTEMTRAY | ? | SystemtrayV100B.exe | Apparently Annex A ADSL modem related - what does it do and is it required? |
| AdslTaskBar | Y | rundll32.exe stmctrl.dll, TaskBar | ISP software, initializes DSL modem |
| AdslTaskBars | X | taskmng.exe | Added by the W32/Rbot-AXZ
WORM!
Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
|
| ADSL_A2 | ? | A2Installed | Associated with an Integrated Telecom Express (ITeX) ADSL driver installation. What does it do and is it required? |
| ADSS | Y | ADSS.exe | ADSS is part of Access Denied security and privacy software (Access Denied Security Server) that monitors power status and provides some other services for Screen Guard. Important to keep its running while using Access Denied |
| adstartup | X | automove.exe | Adlogix adware variant |
| adstartup | X | Adstartup.exe | Adlogix adware
|
| AdStatus Service | X | AdStatServ.exe | WindUpdates AdStatus_Service adware
|
| AdSubtract | U | adsub.exe | AdSubtract blocks ads, cookies, pop-up windows, animations, music, and more. Can be disabled from within AdSubtract. Available via Start -> Programs |
| adtech2005 | X | adtech2005.exe | Reported as Trojan.Win32.StartPage.aw by Kaspersky Anti-Virus. |
| Adtools Service | X | AdTools.exe | Windupdates Adware |
| AdultX | X | AdultX.exe | Adult content dialler and hijacker |
| Adult_Chat | X | Adult_Chat.exe | Adult content dialler |
| Adult_Chat1 | X | Adult_Chat1.exe | Adult content dialler |
| AdUpdater | X | sysupudt.exe | Unidentified adware downloader/updater |
| ADUserMon | U | ADUserMon.exe | Part of Iomega's Active Disk - allows software applications to be run directly from an Iomega Zip® disk. Required if you wish the applications to launch on insertion of a disk |
| Advanced Internet Protocol | X | cerf.exe | W32.SpyBot worm variant
|
| Advanced Protection System | X | advpsys.exe | Added by a variant of the WIN32.RBOT WORM!
|
| Advanced Tool Checks | X | advchks.exe | Added by a variant of the WIN32.RBOT WORM!
|
| Advanced Tools Check or ADVCHK | N | ADVCHK.EXE | Checks when you install a new version of a Norton product that you have uninstalled all previous versions. Serves as a reminder if you forget |
| Advanced Uninstaller PRO Installation Monitor | U | monitor.exe | Innovative Solutions
The user can choose whether or not to monitor installs.
|
| Advapi | X | Advapi.exe | Added by the NETDEVIL.12 (NetDevil 1.2) VIRUS! |
| Advertising Killer | U | Akiller.exe | AKiller - pop-up stopper |
| advmon32 | X | advmon32.exe | Added by a Crypter.C trojan variant infection |
| Adware Agent | U | adware agent.exe | Adware Agent popup blocker |
| Adware Spy | N | AdwareSpy.exe | Adware remover - not recommended, see Rogue/Suspect_list |
| AdwareAlert | X | AdwareAlert.Exe | "Spyware remover" of dubious repute - see the SpywareWarrior_List of Rogue/Suspect Anti-Spyware Products & Web Sites
|
| Aeiwlsta.exe | ? | Aeiwlsta.exe | IBM High Rate Wireless LAN Adapter driver. Is it required? |
| AELaunch | N | AELaunch.exe | Audio Applications Launcher for the Philips Acoustic Edge soundcard |
| AERVICESN | X | AERVICESN.exe | Added by the W32/RANDON-AO WORM! |
| AeXAgentLogon | N | AeXAgentActivate.exe | Altiris Agent transmits information about your machine for the purpose of asset management and deployment |
| AeXSWDUsr | ? | AeXSWDUsr.exe | Altiris Express NS Client Manager software. Is it required? |
| AEZBProc | U | aptezbp.exe | IBM Aptiva keyboard customizer - enables certain special buttons on keyboard for CD operation, volume control, and few quickstart buttons. Keyboard will work without it but you lose the special functions |
| AFAFilter | U | windefault.exe | AFAFilter - internet filter software |
| Agent | N | Agent.exe | Cyberlink Power VCR II 3.0 is a TV tuner recording utility. If you want to schedule recordings you'll need this, otherwise can be disabled. Available via Start -> Programs |
| Agent Browser | X | [random file name] | Added by the PPdoor.M-bdr backdoor TROJAN! |
| Agent Explorer | X | [random file name] | Unidentified adware |
| Agente | ? | Remupd.exe | Part of Panda Antivirus Titanium. Is this an update reminder (guess because of the name), virus definition update reminder or something similar? |
| agentsvr | X | agentsvr.exe | Malware, detected by Kaspersky antivirus as AdWare.Monker.a - NOTE: do NOT confuse with the Microsoft Agent Server application of the same name as described here - the legitimate file will always be located in the Windows\Msagent folder. |
| AgfaCLnk | U | AgfaCLnk.exe | For Agfa digital cameras connected via USB. Enables Windows to access the contents of the memory stick (while the stick's still on the camera) via a virtual drive |
| agp | X | agp32.exe | Added by the W32.Gaobot.SY worm |
| AGRSMMSG | Y | AGRSMMSG.exe | IBM AMR modem driver |
| AGSatellite | N | AGSatellite.exe | Program from AudioGalaxy that lets you download some MP3s from their server. Available via Start -> Programs |
| AGSeyApp | X | AGSeyApp.exe | Added by the GoldenEye SPYWARE! |
| ahfpor and ahfprog | N | ahfp.exe | Advanced Hide Folders - "is powerful file security program. It allows to hide folders or hide files. Advanced Hide Folders is very useful to keep your personal data away from others. Others will not know where your personal files exist and they will not be able to accidentally view, delete or modify them either" |
| AHNSD | U | AhnSD.exe | AhnLab V3 antivirus updater - leave enabled unless you manually update on a regular basis |
| AHNUE | ? | AHNUE.exe | ?? |
| AHQInit | N | ahqinit.exe | Part of AudioHQ for the Soundblaster Live!. Appears as though it makes the AudioHW toolbar drop down from the top of the desktop and isn't required |
| Ahst | X | iebs.exe | PurityScan/Clickspring adware |
| Aica | X | tuaa.exe | PurityScan/Clickspring adware |
| Aida | X | ttuh.exe | PurityScan/Clickspring adware |
| Aida | X | eetu.exe | PurityScan/Clickspring adware |
| aiepk | U | aiepk2.exe | Another IE Popup Killer - pop-up stopper |
| AIM | N | aim.exe | AOL Instant Messenger. If connected to the internet, automatically runs up AIM. Convenience more than anything. Available via Start -> Programs |
| AIM Instant Message Cookies | X | (random filename) | Added by the W32/RBOT-AFV WORM! |
| Aim Plugin | X | aimplugin.exe | Added by the W32/Guap-F
WORM!
Note: This worm file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder. |
| Aim Quick Start | X | Aim.exe | Added by a W32/Forbot-BB worm infection |
| AIM reminder | X | AIM reminder.exe | Added by the BUDDY VIRUS! |
| AIM95 Startup | X | aim95.exe | Added by the AGOBOT.AEE WORM! |
| aimaol lptt01 or aimaol ml097e | X | aimaol.exe | Variant of the RapidBlaster parasite (in a "Aimaol" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here |
| aimb.exe | U | aimb.exe | IMSufSentinel is a Spyware program which can record IM conversations, log keystrokes, record URLs visited, and take screenshots. If you didn't install this yourself remove it. |
| AimingClick | N | AimingClick.exe | AimingClick from AimingTech. Web searching tool. Available via Start -> Programs |
| AIMster | N | ?? | Peer to Peer (P2P) file sharing client that runs over the AOL Instant Messenger network. Available via Start -> Programs |
| AIMWDInstall | N | AIMWDInstall.exe | WildTangent on-line games installer as part of AOL Instant Messenger. Note that Wild Tanget's privacy policy used to state they also collect and share individuals information, but that is no longer the case |
| Aiptek Graphics Tablet (USB) | Y | atwtusb.exe | USB interface for Aiptek Graphics Tablet (USB) |
| aircity | X | aircity.exe | Related to "Prutect" malware from e2Give |
| AKEYNAME | X | WinServ.exe | Added by the EVILBOT.C TROJAN! |
| AKiller | U | akiller.exe | BuyPin Advertising Killer - popup killer |
| ala.exe | U | ala.exe | Access_Lock is a system-tray security utility you can use to secure your desktop when you are away from your computer. |
| Alarm Manager | U | Alarm.app.exe | Palm alarm event reminder that coordinates what is on your Palm with settings on your desktop |
| AlarmWatcher | ? | AlarmWatcher.exe | Associated with SynTPEnh and SynTPLpr which are from Synaptics for touchpads on laptops. What does it do and is it required? |
| Album Fast Start | N | ABMTSR.EXE | Scanner software, not required for scanner to work |
| AlcFDMonitor | ? | ALCFDRTM.EXE | RealTek related - Real-Time SPDIF-in Monitor for nVidia chipset - is it required in startup? |
| ALCFDRTM16 | ? | ALCFDRTM16.com | RealTek related - Real-Time SPDIF-in Monitor for nVidia chipset - is it required in startup? |
| Alchem | X | Alchem.exe | Transponder parasite updater/installer |
| alcmtr | X | ALCMTR.EXE | Realtek AC97 Audio - Event Monitor. "Sypware" file used surreptitiously monitor one's actions. It is not a sinister one, like remote control programs, but it is being used by Realtek to gather data about customers |
| Alcohol or Alcohol Autorun | U | Alcohol.exe | Alcohol 120% - CD/DVD emulation/writing/copying software |
| Alcom PCL Capture | ? | FMW_PCAP.EXE | ?? |
| AlcWzrd | N | ALCWZRD.EXE | RealTek High Definition audio driver related - detects new devices when plugged in, then pops up a dialog box. If everything works as expected you should be able to disable this one. |
| AlcxMonitor | X | Alcxmntr.exe | Realtek AC97 Audio - Event Monitor. "Sypware" file used surreptitiously monitor one's actions. It is not a sinister one, like remote control programs, but it is being used by Realtek to gather data about customers |
| aldefr ere service | X | tay0x.exe | Added by the W32/RBOT-XS WORM! |
| Alevir | X | Alevir.exe | Added by the OPASERV.A VIRUS! |
| Alevir | X | Alevir.exe | Added by the OPASERV.F or OPASERV.G VIRUSES! |
| AlevirOld | X | (worm filename) | Added by the OPASERV.G VIRUS! |
| Alexa | N | Alexa.exe? | Alexa Toolbar"is a downloadable toolbar that helps you navigate the Internet as you surf, by instantly providing you with related information about the site you're viewing". Available via Start -> Programs |
| alexa | U | alexa.exe | Related to Alexa Note: COLLECTS AND STORES INFORMATION ABOUT THE WEB PAGES YOU VIEW, THE DATA YOU ENTER IN ONLINE FORMS AND SEARCH FIELDS, AND, WITH VERSIONS 5.0 AND HIGHER, THE PRODUCTS YOU PURCHASE ONLINE WHILE USING THE TOOLBAR SERVICE. Although Alexa state's they do not attempt to analyze the data it may collect about you to determine who you are, some of your information collected by the software is personally identifiable. Please read the Privacy_Policy
Not Recommended. |
| ALFY Accellerator | ? | AlfyAC~1.exe | ?? |
| ALG.EXE | X | iexplorer .exe | Added by the W32/DEMOTRY-B WORM! |
| ALG32 | X | ALG32.EXE | Added by the StartPage.K TROJAN! |
| ALGU | X | ALGU.EXE | Added by the TROJ/CWS-I TROJAN! |
| Alias SketchBook Snapshot | N | ALIASS~2.EXE | Screen-capture utility for Alias Sketchbook |
| AlienAutopsy | N | Test_BS.exe | Alienware computer technical support software |
| ALiSndMgr | Y | ALiSndMg.exe | ALi AC97 Sound driver |
| AliUSBfix | ? | GREENMK.exe | May be realted to a USB 2.0 PCI card - the IOgear GIC220OU? |
| Alive SYstem | X | scchost.exe | Added by the Troj/Tofdrop-B
TROJAN!
Note: This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
|
| Alive SYstem | X | scchostc.exe | Added by the Troj/Tofdrop-B
TROJAN!
Note: This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
|
| alkasr | X | Îä̉íÑ.exe | Added by the BALKART VIRUS |
| All Aboard Status | U | stswin.exe | All Aboard! Internet Connection Sharing status icon |
| All Sea screen saver | X | TaskTray.exe | "Free screensaver", installs lots of foistware. See here. Get rid of it |
| All Sea web link | X | FWLink.exe | "Free screensaver", installs lots of foistware. See here. Get rid of it |
| AllerCalc | N | AllerCalc.exe | AllerCalc is an expression calculator which allows you to directly enter an expression to be evaluated. Can be started manually. |
| AllSeeingEye | U | ase.exe | All-Seeing_Eye security software - "monitors everything that takes place on your computer, and alerts the user as soon as anything suspicious or out-of-the-ordinary is happening, providing the user with alternatives for possible actions." |
| allSnap | U | allSnap.exe | "allSnap is a small system tray app that makes all top level windows automatically align like they do in programs such as Winamp or Photoshop" |
| Alogrithm Link Queue | X | alq.exe | Added by a variant of the W32/SDBOT WORM!
|
| Alogserv | U | Alogserv.exe | From McAfee VirusScan for logging scanning activities. In some cases, if left running it can cause CPU % usage to go between 5-95% or go to and stay at 100%. Disabling it impacts on the reported last scan date. It is reported to cause jerky graphics response in many games. As of version 6, this is a critical component of McAfee and disabling it can cause a PC to lock up |
| ALPass | U | ALPass.exe | ALPass password manager
|
| Alps Electric USB Server | Y | Monserv.exe | Alps Electric USB Server - required according to this article |
| AlpsPoint | U | Apoint.exe | Touchpad software for laptop PC\'s. For instance it is found on the Panasonic machines and allows part of the touchpad to be used for document or Web-page scrolling. Required for proper functioning of the pointing software but not required for the laptop to work |
| ALServ | ? | ALServ.exe | Altec Lansing AMS speaker related. What does it do and is it required? |
| Altnet | N | points manager.exe | Altnet TopSearch adware |
| Altnet Points Manager | N | points manager.exe | Altnet TopSearch adware |
| AltnetPointsManager | X | points manager.exe | Altnet TopSearch adware |
| AltoMB_service | U | AltoMBsrv.exe | Alto Memory Booster from Alto Software - boost the computers performance via more intelligent and efficient memory management |
| ALUAlert | U | ALUNotify.exe | Notification reminder for Symantec's LiveUpdate. Leave enabled unless you manually run LiveUpdate on a regular basis |
| Aluria Security Center | N | SecurityCenter.exe | Aluria Software's spyware removal tool - we can't really recommend this product as Aluria have recently partnered with WhenU, the well known adware company, see here and here |
| Aluria's Pop-Up Stopper | U | eps.exe | Aluria Pop-Stopper |
| Aluria's Spyware Eliminator | N | ASE.exe | Aluria Software's spyware removal tool - we can't really recommend this product as Aluria have recently partnered with WhenU, the well known adware company, see here and here |
| AlwaysOnTopMaker | U | AlwaysOnTopMaker.exe | Always On Top Maker - utilty to enable an application to always be displayed "on top" of others on the desktop |
| AmazingTens | X | AmazingTens.exe | Premium rate adult content dialer |
| America Online *.* Tray Icon | N | aoltray.exe | Puts AOL icon in System Tray (*.* denotes version if present). Connect to AOL via the desktop shortcut or Start -> Programs |
| AME_CSA | N | rundll32 amecsa.cpl, RUN_DLL | Loads ADSL modem Control Panel applet |
| AModemLockDown | U | ModemLockDown.exe start | ModemLockDown allows you to supervise internet access by disabling the modem, protects againt dialers accessing dial-up connections, etc
|
| Amon | Y | AMON.EXE | Monitoring part of Eset's NOD32 virus-scanner |
| Amonitor | Y | amon.exe | Tiny Personal Firewall |
| AMP WinOFF | U | winoff.exe | WinOFF is " a utility designed to shut down Windows computers automatically, in a fully configurable way." |
| AMSN | U | amsn.exe | aMSN P2P client - can be started manually
|
| anbv32 | X | nabv32.exe | Added by the TITOG.C VIRUS! |
| ANIWZCS2Service | Y | WZCSLDR2.exe | ALPHA_Networks wireless driver |
| ANIWZCSService | ? | WZCSLDR.exe | D-Link wireless PCI adapter related. In some cases reported to cause excessive CPU activity |
| AnnotateCheck | ? | AnnCheck.exe | Genius Wizard Pen Tablet driver related. Is it required? |
| Announcements | N | Annclist.exe | MS WebTV for Windows. Used to display TV on your PC via a compatible video card with in-built tuner (such as ATI All-In-Wonder). If you don't use it - uninstall it |
| Anntext | N | Anntext.exe | Caere Pagekeeper text annotation server |
| Anonymizer Total Net Shield | U | AnonTns.exe | Anonymizer Total_Net_Shield |
| ANONYMIZER_SPYWAREKILLER | U | SpyWareKiller.exe | Anonymizer Spyware Killer; see here |
| ANONYMIZER_SPYWAREKILLER | U | AnonAntiSpyware.exe | Anonymizer Spyware Killer; see here |
| Another Internet Explorer Popup Killer | U | aiepk.exe | Another IE Popup Killer - pop-up stopper |
| ansjava | X | (Path to mIRC application) | Added by the W32/Randon-AN
Worm!
|
| Anskya | X | PYSKY.NET.exe | Added by the TROJ/DLOADER-MW TROJAN! |
| Answer Problem | X | dSAFsqs.exe | Added by the W32/SDBOT-SC WORM! |
| Anti | X | Isass.exe | Added by the WIN32.BROPIA.K WORM!
|
| Anti Spam Service | X | spamsvc.exe | Added by the W32/Mytob-BK
Worm!
|
| Anti Trojan Elite | U | TJEnder.exe | Anti_Trojan_Elite trojan remover |
| Anti-keylogger check | U | antikey.exe | Anti-keylogger - protects against keylogger programs monitoring your keystrokes |
| Anti-Spyware Blocker | X | Anti-Virus.exe | Anti-Spyware Blocker by Your-Soft , bogus "Spyware remover" - for more information, search the Spywarewarrior_List of non-Recommended anti parasite sites/software for "anti-spyware blocker" |
| Anti-Trojan-Watch | U | ATWatch.exe | Anti-Trojan Watch - trojan detector |
| Anti-Virus Product Sync | X | [AN UNPRINTABLE CHARACTER][3 CHARACTERS]log.exe | Added by the W32.Kedebe.D
WORM!
|
| Anti-Virus Update Scheduler | X | [various file names] | Added by a variant of the HEPLANE or STAPREW.B TROJANS! - different file names have been spotted; examples: msvc.exe, kaspersky.exe, nrton.exe, wins.exe, gah32.exe, 1.tmp, syste.exe, alg.exe, socks.exe, winxpsp2.exe, tek9.exe, sks.exe, hihi.exe, s.exe, xps2.exe, dns2.exe, ikav32.exe and more... |
| Anti-Virus Update Scheduler | X | winsp3.exe | Malware - detected by Kaspersky antivirus as TrojanProxy.Agent.fp - A Proxy Trojan is a backdoor which allows a remote hacker to connect to other systems via the compromised system.
|
| Anti-Virus Update Scheduler V1.39.12R | X | [various file names] | Added by the HEPLANE or STAPREW.B TROJANS! - different file names have been spotted; examples: msvc.exe, kaspersky.exe, nrton.exe, wins.exe, gah32.exe, 1.tmp, syste.exe, alg.exe, socks.exe, winxpsp2.exe, tek9.exe, sks.exe, hihi.exe, s.exe, xps2.exe, dns2.exe, ikav32.exe and more...
|
| antidialer.co.uk | U | Dialer_Watcher.exe | Dialer_Watcher is an application that allows you to detect Dialers on your computer. |
| AntiPopUp | U | AntiPopUp.exe | AntiPopUp for IE - pop-up stopper |
| AntiVir XP | Y | AVwin.exe | AntiVir antivirus |
| Antivirus | X | av.exe | Added by the SINKIN VIRUS! Resets IE start page to realphx.com |
| Antivirus | X | maja.exe | Added by the W32.NETSKY.H WORM! |
| Antivirus | X | iexpl0res.exe | Added by an unidentified WORM or TROJAN! |
| AntiVirus | X | kaspery.exe | Added by a variant of the WIN32.RBOT WORM!
|
| Antivirus Installer | X | (Pathname of the Trojan executable) | Added by the Troj/Badgent-A
Trojan!
|
| antivirus32 | X | antivirus.exe | Added by the W32.Spybot.KAI WORM! |
| AntivirusGold | X | AntivirusGold.exe | Malware masquerading as an antivirus - also installs the Winnook TROJAN! |
| AntiVirusProtection | ? | qumk.exe | ?? |
| antiware | X | elite***32.exe | Added by the Troj/Dloader-HW TROJAN! |
| AntiWindowsMessenger | U | AntiMsMsg.exe | Anti-Windows_Messenger is a small application that prevents Windows Messenger from remaining resident in memory. |
| anti_troj | X | anti_troj.exe | Added by the Lodear.D
TROJAN!
Note: This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
|
| AnVir | Y | AnVir.exe | AnVir Task Manager - protects computer against viruses and manages running processes and startup files |
| anvshell | U | anvshell.exe | System Tray tool for ASUS video cards. If disabled you lose all the ASUS specific video card options in Control Panel -> Display Properties -> Advanced as well as the System Tray shortcuts toolbar |
| anycom bluetooth | ? | ftflauncher.exe | Associated with an Anycom bluetooth wireless card. What does it do and is it required? |
| AnyDVD | N | AnyDVD.exe | AnyDVD is a driver, which descrambles DVD-Movies automatically in the background. This DVD appears unprotected and region code free for all applications and the Windows operating system as well |
| AO Tray or AOTray | N | AOTray.Exe | System Tray application for AOpen soundcards. Can be run manually via Start -> Settings -> Control Panel |
| AOL 9.0 Optimized | X | AOLClient.exe | Added by the Backdoor.Spyboter.A TROJAN! |
| AOL 9.0 Optimized | X | AOLClient.exe | Added by the Backdoor.Spyboter.gen TROJAN! |
| AOL Broadband Check-Up | U | matcli.exe | "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". The AOL Self Support Tool is required to run with the Help and Support program. If you uncheck AOL and and then run Help and Support it will add another AOL entry in the startup menu. If you remove this software in "add/remove programs" some help menus in help and support will not be available. You decide |
| AOL Companion | N | companion.exe | Part of the AOL Connection Suite and installs an icon on the system tray offering easy access to AOL's additional utilities and functions. This program is a non-essential process, and is installed for ease of use.
|
| Aol Configuration Loader | X | aimsng.exe | Added by the W32/SDBOT-XE WORM! |
| AOL Fast Start | ? | AOL.exe | AOL ISP software related - what does it do and is it required? |
| AOL Instant Messanger | X | aim.exe | Added by the W32/Sdbot-YT
Worm!
|
| AOL Instant Messengar | X | aol.exe | Added by the W32/AGOBOT-FN WORM! |
| AOL Instant Messenger | ? | AlM.EXE | That is an L between the A and M, the start up location is wrong for AIM. what does this relate to? |
| Aol Instant Messenger | X | aolmsg.exe | Added by W32.Kelvir.AL WORM! |
| AOL Instant Messenger 7.213 | X | aim9283.exe | Added by the W32/Sdbot-ZF
Worm!
|
| AOL Instant Messenger dll runtime | X | MSAOL32dll.exe | Added by the W32/Rbot-ATA
WORM!
Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder. |
| Aol Instant Messenger Fix | X | aolfix.exe | Added by the W32/Sdbot-ABJ
WORM!
|
| AOL Messenger | X | TGRCNLUD.EXE, random file names | Unidentified worm or trojan |
| AOL Messenger | X | aolmsngr.exe | Added by the W32/SDBOT-JF WORM! |
| AOL Services Hosts | X | aolserviceshosts.exe | Added by an unidentified WORM or TROJAN! |
| AOL Spyware Protection | U | AOLSP Scheduler.exe | AOL's spyware protection program |
| AOL TopSpeedMonitor | U | aoltsmon.exe | AOL's TopSpeed web acceleration technology supposedly helps to make web browsing faster. Most important for those users who still access AOL via dial-up. |
| AolAcsDaemon1 | U | Acsd.exe | AOL Connectivity Service - starts an automatic function that restores the connection should you lose it while online. Negates having to go through the procedure of signing back on manually |
| AolAcsDaemon1 | Y | AOLACSD.EXE | AOLacsd.exe is a part of the AOL Internet Software and relates to the connection driver, essential to Internet connection. This program is a non-essential system process, but should not be terminated unless suspected to be causing problems |
| AOLCC | ? | ACCAgnt.exe | AOL ISP software related, file located in a "AOL Computer Check-Up" folder - what does it do and is it required? |
| AolCon | X | config.com | Added by the TAPLAK VIRUS! |
| AOLDialer | N | AOLDial.exe | AOL ISP software dialer; can be activated through a desktop shortcut |
| AolFix | N | AolFix.exe | Run on Gateway Astra computers, and maybe a few others. Designed to repair a bad registry key in Gateway computers that would not allow AOL to run correctly. Not seen much any more and should only run once |
| Aornum | X | aornum.exe | Installed along with iWon Prize Machine. Based upon their privacy statement this can be regarded as spyware |
| APC UPS Status | Y | Display.exe | APC PowerChute Personal Edition status icon |
| APC_SERVICE | U | mainserv.exe | PowerChute® Personal Edition - "safe system shutdown software with sophisticated power management functions" |
| apc_tray | Y | apc_tray.exe | Part of the APC UPS software loaded with the BACK-UPS CS 350 unit. Required to monitor the APC unit in case of power failure |
| APD123 | X | APD123.exe | PacerD_Media/Pacimedia.com adware component |
| Api**.exe (* = random char) | X | Api**.exe (* = random char) | CoolWebSearch/HomeSearch adware component - for examples, see this log |
| Api**32.exe (* = random char) | X | Api**32.exe (* = random char) | CoolWebSearch/HomeSearch adware component - for examples, see this log |
| API32 | X | api32.exe | Added by the IRCBOT-B TROJAN! |
| APIClass | X | lexplore_.exe | Added by the Troj/MSNOpt-A
TROJAN!
Note: This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder. |
| APIMon | X | apimonx.exe | Added by the TIBSER.A downloader TROJAN! |
| APIMon | X | winapix.exe | Added by a variant of the TIBSER.A downloader TROJAN! |
| APIMon | X | msreg.exe | Added by the TROJ_DROPPER.Z TROJAN! |
| apisvc.exe | X | apisvc.exe | Added by a variant of the Lamebot TROJAN! |
| APL | U | APL.exe | Sage_Software's_ACT!
The application pre-loader (apl.exe) is a self contained executable that pre-loads the necessary .NET framework and ACT! 2005 assemblies. This pre-loading of assemblies enhances ACT! startup, view load and dialog load times in some areas of the application. |
| Apmsrv9x | ? | APMSRV9X.EXE | Intel AnyPoint Wireless II Home Network related. What does it do and is it required? |
| Apoint | U | Apoint.exe | Touchpad software for laptop PC\'s. For instance it is found on the Panasonic machines and allows part of the touchpad to be used for document or Web-page scrolling. Required for proper functioning of the pointing software but not required for the laptop to work |
| App**32.exe (* = random char) | X | App**32.exe (* = random char) | CoolWebSearch/HomeSearch adware component - for examples, see this log |
| App**exe (* = random char) | X | App**exe (* = random char) | CoolWebSearch/HomeSearch adware component - for examples, see this log |
| App.EXEName | X | (path to worm)\.exe | Added by the BODIRU VIRUS! |
| App32dll | X | msnavc32.exe | VX2 adware related |
| Appcon | U | vAppCon.exe | Vital Application Console - part of POS-partner 2000 point-of-sale software from Vital. This is the taskbar icon and is enabled at startup by the "Auto-start when OS starts" option. Required for a connection to be established |
| appconn | X | appconn.exe | Added by the CARGAO trojan |
| AppExtender | U | AppExtCB.exe | Loads the Confimax add-in for popular E-mail programs to confirm E-mails have been sent and received |
| appis.exe | X | appis.exe | Added by the AGENT-BC TROJAN!
|
| Application | Y | mdmsetsp.exe | Aztech Labs modem driver |
| Application Explorer | U | Naldesk.exe | Novell Zenworks Application Explorer Executable; "For almost all users the Novell ZENworks agent (either Application Launcher or Application Explorer) will be run via the user's login script on each successful login. ZENworks is used to periodically deliver software updates and is also used to install the remote management components."
|
| Application Layer Gateway Service | X | algs.exe | Added by the W32.LINKBOT.M WORM! |
| AppPlus | U | AppPlus.exe | AppPlus - "menu bar or tray launcher that docks to your desktop, floats or sits in your System Tray. Create graphic/text-based buttons that launch any number of programs, Websites, e-mail addresses or folders (which open in the AppPlus Menu System)" |
| Apvxd or Apvxdwin | Y | APVXDWIN.EXE | Part of Panda Anti-Virus. Required to enable permanent virus protection |
| Apwheel | Y | Apwheel.exe | Wheel support for an Alps mouse |
| apyginapygin | X | simenu.exe | Added by the SDBOT.BTR WORM! |
| AQ3HelperStartUp | X | AQ3HEL~1.EXE | ScreenScenes "Aquatica Water Worlds" screensaver. Comes with GAIN spyware |
| aqadcup | X | aqadcup.exe | Backdoor.Agent.bg worm |
| Aqujyjax | X | aqujyjax.exe | Added by the W32/SDBOT-YC WORM! |
| Aqujyjax | X | [path to file] | Added by the TROJ/RANCK-CQ TROJAN! |
| ara-key | X | | Added by the ANTINNY VIRUS! where <random> is a random program name with random characters |
| Archive | X | archive.exe | Adware - recognized by Kaspersky antivirus as Trojan-Downloader.Win32.Centim.a |
| ARCHIVE CONTROL | X | fixupdattr.exe | Added by the W32.MYTOB.GU WORM! |
| ARCSolo Recovery | N | N/A | Backup software by Computer Associates - no longer supported |
| ares | N | ares.exe | Ares is "a Windows program that enables peer-to-peer file-sharing on the Ares P2P network. As a member of the P2P community you can search and download any file shared by other users. You can meet new friends in Ares chatrooms while you download"
|
| areslite | N | AresLite.exe | Ares Lite Edition is "a Windows program that enables peer-to-peer file-sharing on the Ares P2P network. As a member of the P2P community you can search and download any file shared by other users. You can meet new friends in Ares chatrooms while you download"
|
| Aritima | X | aritima.exe | Added by the ARITIMA VIRUS! |
| Artera | U | arteraui.exe | Artera Turbo Internet Accelerator - "surf faster, boost download speed". Only required if you find it helps improve your performance |
| AS00_Gear511 | ? | Gear511.exe | Software for Netgear wireless network cards. Unknown whether it is required for the wireless card to run but does not seem to be a resource hog. Not required for laptop to run if the wireless network card will not be used. is it at all required? |
| AS00_WPN511 | ? | WPN511.exe | NetgearRev MFC Application - software for Netgear wireless network cards - what does it do and is it required in startup? |
| ASDPLUGIN | X | fullgames.exe | AsdPlug premium rate adult content dialer variant |
| ASDPLUGIN | X | canada.exe | AsdPlug premium rate adult content dialer variant |
| ASDPLUGIN | X | france.exe | AsdPlug premium rate adult content dialer variant |
| ASDPLUGIN | X | uk_nm.exe | AsdPlug premium rate adult content dialer variant |
| ASDPLUGIN | X | dbaccess.exe | AsdPlug premium rate adult content dialer variant |
| ASDPLUGIN | X | geaccess.exe | AsdPlug premium rate adult content dialer variant |
| ASDPLUGIN | X | netherlands.exe | AsdPlug premium rate adult content dialer variant |
| ASDPLUGIN | X | belgium_nm.exe | AsdPlug premium rate adult content dialer variant |
| ASDPLUGIN | X | dsldbaccess.exe | AsdPlug premium rate adult content dialer variant |
| ASDPLUGIN | X | adult1.exe | AsdPlug premium rate adult content dialer variant |
| ASDPLUGIN | X | Finland.exe | AsdPlug premium rate adult content dialer variant |
| ASDPLUGIN | X | Austria.exe | AsdPlug premium rate adult content dialer variant |
| ASDPLUGIN | X | 100171be.exe | AsdPlug premium rate adult content dialer variant |
| ASDPLUGIN | X | Xadult1.exe | AsdPlug premium rate adult content dialer variant |
| ASDPLUGIN | X | czech.exe | AsdPlug premium rate adult content dialer variant |
| ASDPLUGIN | X | 100176br.exe | AsdPlug premium rate adult content dialer variant |
| ASDPLUGIN | X | dslgeaccess.exe | AsdPlug premium rate adult content dialer variant |
| ASDPLUGIN | X | mexico.exe | AsdPlug premium rate adult content dialer variant |
| ASDPLUGIN | X | turkey.exe | AsdPlug premium rate adult content dialer variant |
| ASDPLUGIN | X | temp532.exe | AsdPlug premium rate adult content dialer variant |
| asdx | X | xwinrpc32.exe | Added by the AGOBOT.VO WORM! |
| ASE Scheduler | N | ASE Scheduler.exe | Aluria Software's spyware removal tool - we can't really recommend this product as Aluria have recently partnered with WhenU, the well known adware company, see here and here
|
| Ashampoo PopUpBlocker | U | PopUpKiller.exe | Ashampoo popup blocker, part of Privacy Protector Plus; see here |
| ashAvast | Y | ashAvast.exe | Part of Avast antivirus |
| ASHLT | X | Ashlt.exe | Ashlt adware |
| ashMaiSv | Y | ashmaisv.exe | Part of Avast! anti-virus software |
| AsioReg | U | regsvr32.exe ctasio.dll | ASIO (Audio Stream In/Out) drivers for the SoundBlaster Audigy 2 series soundcards - for recording and home project studios. Required if you use this functionality |
| ASK | U | rundll32.exe [path] ASK.dll rdl | Added by the StealthKeylog surveillance software. Uninstall this software unless you put it there yourself.
|
| asl | X | Aslru.exe | Added by the TROJ/BANCOS-CU TROJAN! |
| Asmw Soft Popups Burner | U | popups burner.exe | Popup blocker, part of Asmw Soft PC_Optimizer |
| ASP.NET State Service | X | csrss.exe | Added by the TROJ/DLOADER-QI TROJAN! NOTE - this file is placed in the Winnt or Windows folder, and should NOT be confused with the legitimate Windows Client Server Runtime Subsystem csrss.exe process, which provides text window support, shutdown, and hard-error handling, always located in the Winnt\System32 or Windows\System32 folder, and which moreover should NOT figure in Msconfig/Startup!
|
| ASP.NET State Service | X | crsass.exe | Added by the Troj/Banload-M
TROJAN!
Note: This is not the legitimate Windows process crss.exe (Notice the difference in the spelling.) This trojan file (crsass.exe) is found in the Windows or Winnt folder.
|
| ASP.NET State Service | X | servicos..exe | Added by the Troj/Dadobra-I
TROJAN!
Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
|
| asp4tray | N | asp4tray.exe | System Tray application for Aureal Vortex based soundcards. Can be run manually via Start -> Settings -> Control Panel |
| AspireTimeMachine | Y | acertmb.exe | System recovery software supplied with some Acer notebook PCs. Similar to GoBack and the restore program in WinXP, allowing you to restore a PC back to a working state with minimal re-entry |
| assistse | X | ASSISTSE.EXE | CnsMin (Chinese_Keywords) related |
| AST | X | AST | Added by the WIN32.VB.AH TROJAN! |
| AST | X | AST.exe | AutoStarter parasite |
| ASTART | U | astart.exe | ASUS TweakEnable - restores manually changed settings for ASUS based video cards such as overclocking. Only required if you use non-standard settings |
| AStart | X | AStart | Added by the WIN32.VB.AH TROJAN! |
| asTray | N | Astray.exe | Voyetra Audio Station - part of Voyetra's Ultimate MP3 & CD Manager. MP3 and digital music jukebox/organizer |
| Astro | N | Astro.exe | Checks for updates to Quicken on a system reboot |
| ASUS Live Update | N | ALU.exe | ASUS Live Update utility - reportedly not required |
| ASUS Probe | N | AsusProb.exe | ASUS video card fan/thermal monitor - only required if you overclock your card or live in a hot area |
| ASUS SmartDoctor | U | VGAProbe.exe | ASUS video card fan/thermal monitor |
| ASUS TweakEnable | U | astart.exe | Restores manually changed settings for ASUS based video cards such as overclocking. Only required if you use non-standard settings |
| ASUSKey | N | V38SHELL.EXE | System tray Icon for quickly changing video modes |
| asustweakenable | U | ATweak.exe | Asus Tweaking Utility - for fine tuning the settings of your ASUS display card |
| ASWDP | N | ASWDP.exe | MLS Pulse - real estate software. Keeps the home buyer/seller continually informed on the status of his/her local/regional real estate market |
| ASWnk | X | aswnk.exe | Adult content dialler |
| AT&T DSL Service PCA Program | ? | dslpca.exe | AT&T DSL related - what does it do and is it required? |
| AT-Watch | U | ATWatch.exe | Anti-Trojan Watch - trojan detector |
| atapidrv | X | atapidrv.exe | Added by the W32/AGOBOT-SL WORM! |
| Athan | U | Athan.exe | Athan - an application that calculates and reminds the five daily Islamic prayer times for anywhere in the world.
|
| ATI CATALYST | N | CLI.exe | System Tray access to ATI's CATALYST™ CONTROL CENTER. Note that this has "SystemTray" appended to CLE.exe in the "Command" column of MSCONFIG. Not required to run the control center - which is available via a right-click on the desktop |
| ATI CATALYST System Tray | N | CLI.exe SystemTray | System Tray access to ATI's CATALYST™ CONTROL CENTER. Note that this has "SystemTray" appended to CLI.exe in the "Command" column of MSCONFIG. Not required to run the control center - which is available via a right-click on the desktop |
| Ati Control Panel | X | atiphexx.exe | Added by a SDBOT.CC worm infection |
| ATI DeviceDetect | N | ATIDtct.EXE | This utility was meant for future use of the ATI TV WONDER™ USB 2.0 video driver and can be disabled. |
| ATI GART Set-up Utility | N | Atigart.exe | Program that checks the motherboard chipset and determines which GART driver bundle to install on ATI video cards. If you have one, once installed it shouldn't be needed |
| ATI Launchpad | U | launchpd.exe | Convenient way to start all your Multimedia Center applications (DVD, Video CD, CD Audio, File Player). You can right-click LaunchPad, and uncheck Load on Startup in the menu |
| ATI Rage3d Pro | X | AtiRage4dPro.exe | Added by the W32/AGOBOT-OG WORM! |
| ATI Remote Control | Y | ATIRW.exe | Driver for the ATI_REMOTE_WONDER_(tm) RF remote control for ATI's All-In-Wonder graphic cards and other products. Required if you use it |
| ATI Remote Control | Y | ATIX10.exe | Driver for the ATI_REMOTE_WONDER_(tm) RF remote control for ATI's All-In-Wonder graphic cards and other products. Required if you use it |
| ATI Scheduler | N | Atisched.exe | Component that remains resident in memory and automatically launches the ATI VIDEO PLAYER at a user selected time and date. Delete the shortcut in the Start -> Programs -> Startup folder as well. Functions could re-enable the program to load at start-up and re-introduce the shortcut. Try it and see |
| ATI Task Application | N | Atitkad.exe | System Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Start -> Settings -> Control Panel -> Display |
| ATI Task Application (Atikey) | N | Atitask.exe | System Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Start -> Settings -> Control Panel -> Display |
| ATI Technology Startup | X | techstart.exe | Added by the W32/Rbot-AEU
Worm!
|
| ATI VIDEO REGKEY | X | ati2vid.exe | Added by the SDBOT.UR WORM! |
| Ati2cwxx | ? | Ati2cwxx.exe | For some ATI video cards. Probably used to access features and may not be required - for example the ATI Radeon works fine without it |
| Ati2mdxx | N | Ati2mdxx.exe | For ATI video cards. System Tray access to display mode changing |
| ATICCC | N | CLI.exe | System Tray access to ATI's CATALYST™ CONTROL CENTER. Note that this has "SystemTray" appended to CLE.exe in the "Command" column of MSCONFIG. Not required to run the control center - which is available via a right-click on the desktop |
| ATICCC | U | cli.exe runtime | ATI's CATALYST(tm) CONTROL CENTER. Required if you want to change graphics settings on a regular basis but you must have internet access and Microsoft's .NET framework installed. Note that this has "runtime" appended to cli.exe in the "Command" column of MSCONFIG. If not you can start the program manually via Start -> Programs -> ATI Catalyst Control Center -> Advanced -> Restart Runtime
|
| AtiCpanel | X | atiphexx.exe | Added by a AGOBOT.IL worm infection |
| aticpaxx.exe | X | aticpaxx.exe | Added by the W32/RBOT-XP WORM! |
| AtiCwd or AtiCwd32 | U | AtiCwd.exe AtiCwd32.exe Ati2cwad.exe | This utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video card |
| AtiDisplayDrv | X | atidrvxx.exe | Added by the W32/RBOT-VZ WORM! |
| atidriver | X | reaIplayer.exe | Added by W32/WarPigs-E WORM! |
| AtiKey | N | Atikey32.exe | System Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Start -> Settings -> Control Panel -> Display |
| AtiKey | N | atiptkad.exe | System Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Start -> Settings -> Control Panel -> Display |
| Atikey | N | Atitask.exe | System Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Start -> Settings -> Control Panel -> Display |
| ATIModeChange | U | Ati2mdxx.exe | System Tray icon to access ATI graphics card settings and the Hydravision Desktop Manager |
| atipatxx | X | atipatxx.exe | Added by the TROJ/SMALL-ED TROJAN! |
| ATIPOLAB | U | ati2evae.exe | ATI Polling Program - part of the ATI graphics driver e.g. on some Fujitsu-Siemens Notebooks |
| ATIPOLAB or ATIPOLL | U | ati2evxx.exe | ATI External Event Utility EXE Module. This task can comsume lots of CPU resournces on some computers, but it can help with graphics card problems. Leave enabled unless it consumes too many CPU resources |
| AtiPTA or AtiPTAAA or atiptaxx | U | Ati2ptxx.exe, Atiptaxx.exe | Control panel for the ATI series of video cards allowing access to such features as display resolution, colour depth, etc. Available via Start -> Settings -> Control Panel -> Display. Some users may need it if they have optimised their settings |
| atiptext | X | atiptext.exe | Added by the COSIAM-A TROJAN! |
| AtiQiPcl | U | AtiQiPcl.exe | Used for hardware DVD decoding on ATI video cards supporting this feature. Not required unless you regularly play DVD's |
| ATISmart | U | ati2s9ag.exe | ATI's "SMARTGART", which is included with the "Catalyst" drivers. When the system boots, it runs a couple of bus tests & tries to apply the most stable settings |
| AtiSound | U | csrss.exe | Added by the WinSpy surveillance software. Uninstall this software unless you put it there yourself - NOTE - this file is placed in a %System%\ComRoot folder, and should NOT be confused with the legitimate Windows Client Server Runtime Subsystem csrss.exe process, which provides text window support, shutdown, and hard-error handling, always located in the Winnt\System32 or Windows\System32 folder, and which moreover should NOT figure in Msconfig/Startup!
|
| atisrc2 | X | windfind.exe | Adult content dialler - see here. This has to be cleared at the same time as MSStartOptimizer (WINUPD.EXE), mmxrun (msosa.exe) and RegCompres (REGCPM32.EXE), otherwise they return |
| ATITech | X | Active.exe | Added by the Troj/Roamer-A
TROJAN!
Note: This trojan file is found in the System (95/98/Me) or System32 (Nt/2000/XP) folder.
|
| atitray or AtiTrayTools | N | atitray.exe | ATI Tray Tool - allows quick access to ATI graphics card settings |
| atiupdate | X | ATIUPDATE5.EXE, msupdateQ********.exe (* = random digit) | Added by the DEBESKI.A VIRUS! |
| atiupdate | X | msshed32.exe | Added by the DELF.EP downloader TROJAN! |
| ATIUpdater | X | atiupdxx.exe | Added by the W32/RBOT-ABX WORM! |
| Atiupdpl | X | atiupdpl.exe | Added by the TROJ_SMALL.AOS TROJAN! |
| ativopen | X | ativopen.exe | Premium rate adult material dialer |
| ATIX10 | U | atix10.exe | ATI Remote Wonder - PC wireless remote control |
| Atl**.exe (* = random char) | X | Atl**.exe (* = random char) | CoolWebSearch/HomeSearch adware component - for examples, see this log |
| Atl**32.exe (* = random char) | X | Atl**32.exe (* = random char) | CoolWebSearch/HomeSearch adware component - for examples, see this log |
| ATM Control | X | adpn.exe | Added by the MMS.A VIRUS! |
| ATnotes | N | atnotes.exe | Loads the ATnotes program for virtual sticky notes for your desktop. Available via Start -> Programs |
| Atomic-x27 | X | Atomic-x27.exe | Added by the W32/Katomik-A
WORM!
|
| Atomic-x27C | X | AtomicpartC.exe | Added by the W32/Katomik-A
WORM!
|
| Atomic.exe | U | Atomic.exe | Atomic_Clock_Sync synchronizes your computer's time with the NIST time server. |
| Atomica | N | atomica.exe | Atomica runs from the System Tray and allows the user to find out more about a word or phrase on any screen by pointing at it with the mouse and clicking button one while holding down the Alt key |
| AtomicTime | U | ATOMICTIME.EXE | AtomicTime - utility that synchronizes your PC clock to an atomic clock |
| Atrack | U | atrack.exe | New feature of Norton Internet Security (NIS) and Norton Personal Firewall (NPF) 3.0 is the Alert Tracker, an instant notification feature. The Alert Tracker displays information about events as they happen. This way, when a rule has been triggered or an access to the Internet made, you know about it immediately rather than finding out about it when you check your logs or notice that the NIS icon indicates a security alert |
| Atray | U | Atray.exe | Active Tray is a utility which lets you configure the system tray. You can also create your own tray icons |
| ATSpooler | U | AppsTraka.exe | Added by the AppsTraka surveillance software. Uninstall this software unless you put it there yourself. |
| ATTBroadbandUpdate | U | SAUpdate.exe | Big Brother from Quest Software. System and network monitor |
| ATTRedUpdate | U | AutoUpdate.exe | Additional item added to start-ups after AT&T took over the now bankrupt Excite@home high-speed internet service. Included for automatically downloading and installing updates. Leave it unless you plan to regularly run it to check for updates |
| AttuneClientEngine | X | attune_ce.exe | "Attune is a revolutionary service that provides you with targeted Intelligram messages to help you avoid common computer problems. Attune may also let you know when you need a specific product, service, or upgrade to optimise the use of your computer". Not required - treated as adware |
| AttuneContentUpdater | X | attune_cu.exe | Related to the above. All needed for the program to do its job properly |
| AttuneDiscovery | X | attune_di.exe | Related to the above. All needed for the program to do its job properly |
| AttuneSystray | X | attune_st.exe | Related to the above. All needed for the program to do its job properly |
| aTuner | N | atuner.exe | aTuner - tweak tool for GeForce based graphics cards |
| atwtusb | Y | atwtusb.exe | USB interface for Aiptek Graphics Tablet (USB) |
| AtxBrw | X | Iexplor.exe | "Pop Marketing" adware |
| AU Agent | U | AUagent.exe | Au Agent from Zilab Software. Win2K/NT enhancement tool. Allows you to run applications under any security context without closing the whole logon session to process a new logon |
| au.exe | X | au.exe | Added as the result of the BEAGLE.B WORM! |
| AUCBPNP | Y | aucbnpn.exe | Adaptec USB CardBus Safe-Eject - driver for the Adaptec USB 2.0 CardBus which provides USB 2.0 ports for laptop users via a PCMCIA card slot |
| Aucompat | X | Aucompat.exe | Added by the GEMA TROJAN! |
| Audcntr | X | audcntr.exe | Added by the WIN32.GEMA TROJAN! |
| AudCtrl | ? | RunDll32 AudCtrl.dll, RCMonitor | Audio control panel? |
| AUDIO | X | SOUND.exe | Added by the Dial/Ployb-A
TROJAN!
|
| Audiocntl | X | audiocntl.exe | Added by a Crypter.C trojan variant infection |
| AudioDeck | N | ADeck.exe | ADeck.exe is a system tray application for VIA's sound cards which offers quick access to a number of sound card related items. |
| Audiodrv | X | audiodrv.exe | Added by the CRYPTER-C TROJAN! |
| AudioHQ | N | Ahqtb.exe | For Creative Soundblaster Live! series soundcards. System tray application for SB Live! functions. Available via Start -> Programs |
| audioinf | X | audioinf.exe | Added by a Crypter.C trojan variant infection |
| AUNPS2 | X | RUNDLL32 AUNPS2.DLL,_Run@16 | AlwaysUpdatedNews.com parasite related - More_information |
| aupd | X | symcsvc.exe | Added by the ABWIZ.D TROJAN! |
| aupd | X | sysvcs.exe | Added by the ABWIZ.C TROJAN! |
| aupd | X | symcsvc.exe | Added by the Troj/Orse-H
TROJAN!
Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
|
| Aureal A3D Interactive Audio | Y | sa3dsrv.exe | For Aureal based 3D soundcards. A3D sound features won't work with this disabled |
| Aureal A3D Interactive Audio Init | Y | A3dInit.exe | For Aureal based 3D soundcards. A3D sound features won't work with this disabled |
| ausvc | X | ausvc.exe | Added by the AUTOUPDER VIRUS! |
| Auth Starter Ident | X | startauth.exe | Added by the W32/RBOT-WP WORM! |
| AuthConsoleStart | U | AuthStart.exe | Security Manager - part of a ComCast Internet software suite that provides a variety of features (firewall, popup blocker, parental controls etcetera) to help ensure your computer is secure, and your information is kept private. |
| authz | X | authz.exe | unidentified virus |
| Auto CD-ROM Startup | X | cdaccess.exe | Added by the SPYBOT.BLA WORM! |
| auto repair system | X | qualityx.exe | Unidentified worm, probably a W32.SpyBot variant
|
| Auto Switch | U | TASKBAR.exe | Related to 2-port Bitronics AutoSwitch kit from Belkin |
| Auto T Bar or autotbar | N | autotbar.exe | If you disable the HP VIEW toolbar in IE and rarrange the toolbars on a reboot they will be back as they were before if this is left enabled |
| Auto updat | X | SysDebug.exe | Added by a W32/Forbot-BA worm infection |
| Auto updat | X | crsrs.exe | Added by the W32/FORBOT-BP WORM! |
| Auto Updat | X | WindowsSys32.exe | Added by a variant of the W32/FORBOT WORM!
|
| Auto updat | X | crsrs.exe | Added by the W32/FORBOT-BP WORM! |
| Auto updat | X | crcss.exe | Added by the SDBOT.AAG WORM! |
| Auto updat, various other names | X | crsrs.exe | Added by a W32/Forbot-AK worm infection |
| Auto Update | X | AUP.exe | Added by an unididentified WORM or TROJAN! |
| Auto Update | X | svchost.exe | Added by the TROJ/DUMARDL-A TROJAN! - NOTE - this file is placed in the Winnt or Windows folder, and should NOT be confused with the legitimate Windows svchost.exe process, always located in the Winnt\System32 or Windows\System32 folder, and which moreover should NOT figure in Msconfig/Startup! |
| Auto Update | X | dma.exe | Added by the W32/Rbot-AVO
WORM!
Note: This worm file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
|
| Auto Updates | X | svchost.exe | Added by the Troj/Cheuko-A
TROJAN!
|
| Auto WinUpdate | X | taskmrg.exe | Added by the W32/Rbot-AFA
Worm!
|
| Autobar | U | autobar.exe | Connect buttons on the keyboard for internet direct access, etc. on HP computers |
| AutoCAD Startup Accelerator | U | acstart16.exe | Preloads some libraries that are used by AutoCAD in order to make the software load faster |
| autoclk | Y | autoclk.exe | Sagem Modem driver. Installed and required on systems running Windows 98 or ME |
| AutoEA | N | Ahqrun.exe | For Creative Soundblaster Live! series soundcards. Specify for any audio application what audio preset to automatically associate with currently active speaker output. Available via AudioHQ |
| AUTOEXE | X | AUTOEXE.exe | Added by the W32/SEMAPI-A WORM |
| AutoInsQyule | X | QyuleInstall.exe | Added by the Troj/Dloader-ZM TROJAN! |
| Autoloaderaproposclient | X | Apropos_Client_Loader.exe | AproposMedia adware |
| Autoloaderaproposclient | X | cxtpls_loader.exe | AproposMedia adware |
| AutoLoaderEnvoloAutoUpdater | X | auto_update_loader.exe | Envolo/AproposMedia adware updater |
| AutoMate Task Service | N | automate.exe | Task scheduler for Unisyn Automate 4 task automation/macro running software. Available via a desktop shortcut or Start -> Programs |
| Automatic Defrag Manager | X | defrag.exe | Added by the W32/Rbot-AKE
WORM!
|
| Automatic Microsoft Windows Updater | X | suchost.exe | Added by the W32/RBOT-EQ WORM! |
| Automatic Windows Updater | X | Update.exe | Added by the GAOBOT.AO WORM! |
| Automatically launches the United Devices Age | N | UD.EXE | The United Devices Agent can recycle your PC's unused resources and use them to perform valuable scientific and medical research without disturbing your usual computer use - similar to SETI@home but for medical research. Available via Start -> Programs |
| Autopdate | X | Autopdate.exe | Added by the W32/Rbot-AGL
WORM!
|
| AUTOPROP | N | REGPROP.EXE, WMPADDIN.DLL | Both the files are in the MS Office/Bots/FP_WMP directory. Apparently, it registers the FrontPage WiMP extension |
| AUTOPROTECTU | X | navapq32.exe | Added by an unidentified WORM or TROJAN! |
| autorepair | X | dexs.exe | Added by a variant of the W32/SDBOT WORM!
|
| AutoShutdown | ? | pssvc.exe | Utility to fix vCard Export in MS Outlook 2000 - although why are these together? |
| AutoSizer | U | AUTOSIZER.EXE | AutoSizer - utility that automatically maximizes windows when they're opened |
| AutoSpell 5 | N | ASWATC32.EXE | AutoSpell - spell checker |
| AutoTKit | N | AUTOTKIT.EXE | On HP PC\'s. Unclear what purpose it serves - but there\'s a known issue with Internet Explorer Toolbar settings not being saved with it enabled |
| autoupd | N | autoupd.exe | Raxco Software Auto Update utility."Used to keep your software up-to-date" |
| autoupd | X | autoupd.exe | VIRUS! - found in a folder of the same name |
| autoupdate | X | WINUP2DATE.DLL,SHStart | Unidentified adware - detected by Panda antivirus as Trj/Clicker.CY |
| autoupdate | X | rundll32 [path] SUPDATE.DLL,SHStart | Added by a variant of the QOOLOGIC TROJAN! |
| autoupdate | X | rundll32 [path] DATADX.DLL,SHStart | Added by a variant of the QOOLOGIC TROJAN!
|
| Autoupdate Service | X | kaka.exe | Added by the TROJ/SYMPE-B TROJAN! |
| AutoUpdater | X | aupdate.exe | Aupdate, Tinybar variant. Spyware |
| AutoUpdater | X | AutoUpdate.exe | PeopleonPage foistware |
| autoupdatev2 | X | autoupdatev2.exe | Reported by Kaspersky Anti-Virus as Clicker.Win32.Agent.fq TROJAN! |
| autoupdatev2 | X | (Path of Executable) | Added by the Troj/Dropper-BM TROJAN! Note: This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder. |
| AutoVirusProtection | X | ciscv.exe | Added by a variant of the WIN32.RBOT WORM!
|
| auto__antiav__key | X | antiav_exe.exe | Added by the Lodav.A
TROJAN! |
| auto__hloader__key | X | hloader_exe.exe | Added by the following TROJANS: BAGLE.AB - Troj/BagleDL-W
- Troj/BagleDL-Y
- Troj/BagleDl-Z
|
| aux.exe | X | aux.exe | Added by the BACKDOOR.ZINS TROJAN! |
| auxAudioDevice | X | aux32.exe | Added by the W32/Zusha-C
WORM!
|
| AUXXTRAY | N | au30setp.exe | System Tray application for Aureal Vortex based soundcards. Can be run manually via Start -> Settings -> Control Panel |
| AV | X | UPDATE-28062004.exe(25 blank spaces).vbs | Added by the MIDFIN WORM!
|
| AV UpDate | X | Update.exe | Added by theTROJ/FUROOT-A TROJAN! |
| Avast! | Y | ashserv.exe | Avast! anti-virus software |
| avast! | Y | ashDisp.exe | Part of Avast! anti-virus software |
| avast! Web Scanner | Y | Ashwebsv.exe | Avast! antivirus |
| Avast32 | Y | Astart32.exe | Part of Avast! anti-virus software |
| avc | X | avmon.exe | Added by an unidentified TROJAN! |
| AvconsoleEXE | U | Avconsol.exe | From McAfee VirusScan up to version 4.x and Dr Solomon's VirusScan. Used to schedule regular scans. If you don't have scans scheduled you don't need it |
| AveoAttune | X | atmdlusr.exe | Related to AttuneClientEngine above |
| AvG | X | svchost323.exe | Added by the W32/RBOT-ZA WORM!
|
| AVG Grisoft Updater | X | updater.exe | Added by the W32/AGOBOT-OT WORM! |
| AVG7_AMSVR | Y | Avgamsvr.exe | AVG antivirus related |
| AVG7_CC | Y | AVGCC.exe | AVG Anti-Virus 7.0 Control Center. Allows you to manage and control all AVG Anti-Virus components, settings and updates |
| AVG7_EMC | Y | AVGEMC.exe | AVG Anti-Virus 7.0 Email Cleaner. Scans incoming and outgoing email for viruses |
| AVG7_Run | Y | avgw.exe | Part of AVG Anti-Virus 7.0 |
| avgamsvr.exe | Y | Avgamsvr.exe | AVG antivirus related |
| AVGCtrl | Y | AVGCTRL.EXE | Background task of the AntiVir antivirus program which scans files transparently in the background |
| AVGCtrl | Y | AVGNT.EXE | Background task of the AntiVir antivirus program which scans files transparently in the background |
| avgmsvr.exe | Y | avgmsvr.exe | Required for AVG Anti-Virus 7.0 to function |
| Avgserv9.exe | Y | Avgserv9.exe | Background monitoring program for AVG anti-virus |
| AVGuard | Y | AVGNT.EXE | Background task of the AntiVir antivirus program which scans files transparently in the background |
| AVGuard | Y | AVGUARD.EXE | Background task of the AntiVir antivirus program which scans files transparently in the background |
| AVG_CC or avgcc32 | Y | avgcc32.exe | AVG anti-virus control center. Also enables scheduled tests, Outlook E-mail plug-in and automatic updates |
| AVG_EMC | Y | AVGEMC.exe | AVG Anti-Virus 7.0 Email Cleaner. Scans incoming and outgoing email for viruses |
| AVG_RegCleaner | Y | AVGREGCL.exe | AVG Anti-Virus 7.0 Registry Cleaner - for checking the registry for virus additions and other security problems |
| avidrv | X | drvsc.exe | Detected as the Trojan-Downloader.Win32.Agent.ph TROJAN! by Kaspersky Anti-Virus. Note: No URL available at this time. |
| Avimgt | X | Avimgt.exe | Added by the GEMA TROJAN! |
| Avimgt32 | X | Avimgt32.exe | Added by the GEMA TROJAN! |
| avinit | Y | AVINIT9X.EXE | Command antivirus related |
| AVK Mail Checker | Y | AVKPop.exe | eXtendia AVK AntiVirus email checker |
| AVKBar | Y | AVKBar.exe | GData AntiVirusKit Anti-virus |
| AvMaiSrv | Y | Avmaisrv.exe | Avast32 anti-virus - E-mail scanner |
| avnort | X | msmbw.exe | Added by the W32.Serflog.A WORM! |
| avnort | X | formatsys.exe | Added by the W32.Serflog.A WORM! |
| avnort | X | serbw.exe | Added by the W32.Serflog.A WORM! |
| AVP | X | (Path to trojan EXE) | Added by the Troj/Mutbo-A
TROJAN!
|
| avpcc | Y | avpcc.exe | Kaspersky Labs anti-virus |
| avpm | Y | avpm.exe | Kaspersky antivirus |
| Avpr | X | avpr.exe | Added by the W32.Mydoom.AF WORM! |
| Avril Lavigne - Muse | X | (random filename) | Added by the AVRIL-A VIRUS! |
| AVSCHED32 | Y | AVSched32.exe | AntiVir anti-virus from H BDEV |
| AVSchedScan | Y | SCHSC9X.EXE | Command antivirus related |
| AvSer | X | sysup.exe | Added by the W32.Serflog.B WORM! |
| AvSer | X | svosm.exe | Added by the W32.Serflog.B WORM! |
| AvSer | X | msmpatch.exe | Added by the W32.Serflog.B WORM! |
| AvSer | X | dsm.exe | Added by the W32.Serflog.B WORM |
| avserve.exe | X | avserve.exe | Added by the SASSER VIRUS! |
| avserve2.exe | X | avserve2.exe | Added by the SASSER.B or SASSER.C VIRUSES! |
| avserve3.exe | X | avserve3.exe | Added by the SASSER.G worm |
| Avtray | U | Avtray.exe | Command_Antivirus tray icon - NOTE: do NOT confuse with the rogue WinAntivirus startup/process as described here |
| AVTray | X | AVTray.exe | WinAntivirus : a bogus, stealth installed "Spyware remover" - see the SpywareWarrior_List of Rogue/Suspect Anti-Spyware Products & Web Sites - NOTE: do NOT confuse with the legitimate Command Antivirus startup/process as described here |
| AVWUpd32 | U | AVWUPD32.EXE | AntiVir updater. Useful, but can be run manually |
| avx communicator | Y | xcommsur.exe | Anti-virus part of BitDefender virus scanner/firewall |
| Avxlive | Y | avxlive.exe | Bullguard or BitDefender antivirus |
| avxlni | Y | avxinit.exe | Anti-virus part of BitDefender virus scanner/firewall |
| AWatch | U | Awatch.exe | Diagnosis tool that monitors DSL connections, installed alongside DSL drivers from AVM Fritz's range of modem products. |
| awhost32 | N | awhost32.exe | Part of Symantec's pcAnywhere remote PC management software. Provides an automatic startup of the client PC in host mode in conjuction with a host-definition file, so system administrators can access the machine. Can cause a 10% reduction in speed and not recommended |
| AWMON | U | Ad-Watch.exe | Part of Lavasoft Ad-aware SE Plus and Pro - realtime spyware-monitor watching your memory and registry for spyware that tries to install or change your system |
| AWMON | U | Ad-Monitor.exe | F-Secure_Anti-Spyware |
| AWUSGSTA.exe | ? | AWUSGSTA.exe | Reportedly related to a USB Wifi Adapter - is it required at startup? |
| awxDTools | U | awxDTools.dll,awxRegisterDll | AwxDTools related - a Windows Shell-Extension for the Daemon-Tools. It extends the context-menu of ImageFiles supported by Daemon-Tools. (i.e.: *.cue, *.iso, *.ccd ...)
|
| AxFilter | X | Rundll32 AXFILTER.DLL, Rundll32 | CnsMin (Chinese_Keywords) related |
| azmodem | Y | azexe.exe | Aztech_Labs modem driver |
| a² | U | a2guard.exe | a-Squared antitrojan - can be run on demand, but necessary in Startup, if you prefer the a² 'Background Guard' real time protection feature |
| B'sCLiP | N | BSCLIP.exe | CD recording utility that comes with a lot of CDR/CDRW drives and isn't required |
| B.Reader | N | remin.exe | Birthday Reminder 5.0 - as the name implies |
| b3d | X | BDEsecureinstall.exe | B3d Projector - installed along with the KaZaA file sharing utility. Causes a program called "ZUPDATE.EXE" to periodically try to access the internet. (1) Uninstall it via Start -> Settings -> Control Panel -> Add/Remove Programs. (2) Remove the BDEsecureinstall.exe if still present in C:\Windows\System. (3) Disable and ideally delete it from the registry. (4) Remove the "BDE" directory and all its contents |
| b3dUpdate | X | Zupdate.exe | Same as above but not installed via KaZaA |
| b9 | U | B9.exe | FireTrust Benign - allows you to receive e-mail which is safe from viruses, worms, scripts, web bugs, privacy threats and other security risks, without affecting your e-mail. "Benign neutralizes or strips out the code that makes viruses, worms, scripts and other potentially harmful things run" |
| b99 | X | msmm.exe | ClientMan parasite variant |
| babeie | X | rundll32 cnbabe.dll, dllstartup | CommonName Toolbar spyware. To uninstall see here |
| Babylon Client | N | Babylon.exe | Babylon-Pro is a powerful information tool that instantly provides relevant information, translations
& conversions for any word or value you click on" |
| Babylon Translator | N | Babylon.exe | "Babylon-Pro is a powerful information tool that instantly provides relevant information, translations & conversions for any word or value you click on" |
| Back Updates | X | Uninstall.log.vbs | Added by the VBS.YPSAN.D WORM! |
| Backdoor.NuAgent | X | agent.exe | Added by the AGENT-DP TROJAN! |
| Background Intelligent Transfer Service | X | rundll32.exe | Added by the TROJ/VB-ZD TROJAN! - Note: this file is located in the C:\Windows\help folder, and is not to be confused with the legitimate rundll32.exe file! |
| BackgroundSwitcher | U | bgswitch.exe | Background Switcher Powertoy. Included with the last beta version of the XP Powertoys. Whenever a user right clicked his desktop and chose properties he could see a new tab which allowed him to enable a "Desktop Slide Show." This would automatically change the Windows Desktop at an interval specified by the user. Available here |
| Backpack UDF | N | bpudfmon.exe | Backpack UDF packet writing software for Microssolutions' Back Pack external CD-RW drive. Similar to DirectCD. Run manually before insert an appropriately formatted CD-RW disk |
| Backup Service | X | backup.svc | Unidentified adware |
| BackupExecScheduler | U | besch.exe | Veritas "Back Up My PC" software |
| BackupNotify | ? | backupnotify.exe | HP Digital Imaging related. What does it do and is it required? |
| BackWeb | N | backweb.exe | Automatically detects an internet connection and downloads any available updates. Typical on Compaq and HP PC's but not restricted to those OEM's. Resource hog and often causes malfunctions. Available via Start -> Programs |
| Backwork | N | Backwork.exe | Backwork trojan detector |
| BACPI10 | U | bacpi10a.exe | Known as "PowerKey" - a minimalistic keyboard driver that allows power management keys on BTC keyboards to function properly in older OS's (i.e. Win95/98/NT4). Also adds an icon to the system tray |
| BacsTray | N | BacsTray.exe | Broadcom Advanced Control Suite - for modems and set top boxes based upon Broadcom chipsets. Not required unless you have networking problems |
| BADDATE | X | BADDATE.EXE | Added by an unidentified VIRUS! |
| BagleAV | X | csrss.exe | Added by the W32.NETSKY.AB WORM! Note - this is not the valid Client Server Runtime Subsystem csrss.exe process, which provides text window support, shutdown, and hard-error handling |
| Bakra | X | IEHost.EXE | IEDriver adware variant |
| Bakra | X | IEHost.exe | Added by the Troj/Multidr-AH TROJAN! |
| Band-Aid | X | (path to file) | Added by the BACKDOOR.RANKY.O TROJAN! |
| Bandook | X | ali.exe | Added by the TROJ/EXEMAS-B TROJAN! |
| Banpopup by Pratik | U | Banpopup.exe | Banpopup - popup killer |
| Bar Ding lolt | X | Analiz.exe | Added by the RBOT-RP WORM!
|
| bargains | X | bargains.exe, bargainbuddy.exe | Bargain Buddy - advertising spyware installed with Net2Phone & LimeWire amongst others. Some further information here |
| Bart Station | ? | station.sbrt | Related to PeoplePC ISP. May be a dialler for dial-up accounts? |
| bascstray | N | BascsTray.exe | Broadcom Advanced Control Suite - for modems and set top boxes based upon Broadcom chipsets. Not required unless you have networking problems |
| Bat | X | secure2.bat | Added by the ZCREW.C VIRUS! |
| Batchreg1 | N | N/A | Part of the Windows System Recovery process. Added to the registry via Msbatch.inf. The existence of this key or process after the last reboot during installation indicates an unsuccessful installation, as that key should be deleted automatically. See here |
| BatInfEx | U | rundll32.exe | Displays battery status information on an IBM Thinkpad |
| Battery Scope | U | batmgr.exe | Monitors battery levels on a notebook/laptop PC |
| BatteryBar | U | batterybar.exe | BatteryBar - displays battery usage, and the current percentage of battery power left |
| BatzBack | X | BatzBack.scr | Added by the BACKZAT VIRUS! |
| BAUSB | U | BAUSB.exe | Boston Acoustics Audio, USB driver |
| bawindo | X | bawindo.exe | Added by the BEAGLE.AR WORM! |
| bawindo | X | bawindo.exe | Added by the W32.BEAGLE.AU WORM! |
| BayMgr | U | DockApp.exe | Hot-swappable drive management on laptops allowing you to change drives without closing down Windows. Only required if you frequently swap bay devices |
| Bayswap | U | bayswap.exe | Hot-swappable drive management on Compaq Notebooks which allows you to swap drives without closing down Windows. Only required if you frequently swap bay devices |
| Bayswap2 | U | TbUpdate.exe | Hot-swappable drive management on Compaq Notebooks which allows you to swap drives without closing down Windows. Only required if you frequently swap bay devices |
| BBC News alerts | U | skinkers.exe | BBC News Desktop Alerts service; see here - The BBC News desktop alert and breaking news e-mail services let you find out about all the latest news as it happens.
|
| bbSysTray | N | bbSysTray.exe | Philips CD-RW related - "the 'Blue Button' feature gives users the chance to receive convenient online support for their possible device problems or questions" |
| bbui | U | bbui.exe | AOL DSL status monitor displaying a red/green icon indicating if you have a connection |
| bca | U | bca.exe | BeClean Agent - registry, history, temp files, etc cleaner |
| BCDetect | U | bcdetect.exe | Bcdetect.exe searches the system to make sure Creative drivers are installed for the video card. It loads the BlasterControl when the drivers are detected. Your choice - try it and see |
| BCMDMMSG | Y | bcmdmmsg.exe | BCM voicemodem driver. Required for dial-up if you have one of these modems |
| BCMHal | U | rundll32.exe bcmhal9x.dll, bcinit | BlasterControl for Creative video cards - controls for desktop settings, monitor configuration, colour adjustments and performance tuning. May be needed to retain settings |
| BCMSMMSG | Y | BCMSMMSG.exe | BCM voicemodem driver. Required for dial-up if you have one of these modems |
| bcmwltry | ? | bcmwltry.exe | Broadcom Corporation Wireless Network Tray Applet.Is it required? |
| bcnswSX | X | (path to file) | Added by a Ranck-AJ trojan infection |
| BCNT | N | bcnt.exe | AWS Weatherbug related. What does it do? |
| BCPC | X | bcpc.exe | BroadcastPC adware variant |
| bcpc_c | X | bcpc_c.exe | BroadcastPC adware variant |
| BCTweak | U | bctweak.exe | BlasterControl for Creative video cards - controls for desktop settings, monitor configuration, colour adjustments and performance tuning. May be needed to retain settings |
| Bcvsrv32 | X | bcvsrv32.exe | Added by the W32/AGOBOT-TD WORM! |
| BCWipeTM | N | bcwipetm.exe | BCWipe Task Manager - scheduler for BCWipe so that it runs at convenient times. You can set a time for running the task, as well as special options for the task. Run manually when needed |
| BD | X | dc.exe | Added by the Troj/Rasdoor-A
TROJAN!
|
| BDMCon | Y | Bdmcon.exe | Either BitDefender or BullGuard antivirus |
| BDNewsAgent | Y | bdnagent.exe | BitDefender antivirus - updater |
| BDOESRV | Y | bdoesrv.exe | Bitdefender 8 antivirus and firewall |
| BDSwitchAgent | Y | bdswitch.exe | Bitdefender 8 antivirus and firewall |
| BearShare | N | bearshare.exe | BearShare file sharing client. Versions known to include spyware - see here |
| BeatNik Internet Clock | U | BeatNik.exe | BeatNik_Internet_Clock is a Windows clock add-on that supports 'skins'. It can also synchronize your computer's clock with the atomic clock. |
| Beegees Update | X | beegees.exe | Added by the W32/Sdbot-ADK
WORM!
Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
|
| BeFaster | U | befaster3.exe | BeFaster internet connection optimization tool |
| Belkin PCMCIA WLAN Monitor | N | monitorbk.exe | Belkin USB Network Adapter Management utility - can be started manually |
| BelNotify | U | [path] NPBelv32.dll,RunDll32_BelNotify | BelTech enables licensees to offer automated, Web-based problem resolution to their end-users. BelTech allows the end-user to simply go to a web page and automatically resolve their problem or point them to the right solution. BelTech Manager allows non-programmers to rapidly and easily deploy and maintain this service.
|
| Belsta.exe | ? | Belsta.exe | Configuration tool for Belkin wireless network cards. Required to change the card’s configuration. Is it required for correct operation once the confuiguration is changed? |
| Belt | X | Belt.exe | Transponder parasite updater/installer |
| Benadril Alert Tool | X | benadrilalert.exe | Plug-in for WeatherBug advising when pollen count in your area is high - prompting you to buy Benadril |
| BestPopUpKiller | N | BestPopupKiller.exe | Popup killer by Swanksoft - not recommended, see Rouge/Suspect_list |
| BeSys | X | [path to the adware program] | Added by BeSys ADWARE! |
| bg | Y | bullguard.exe | Bullguard antivirus and firewall. The P2P version is free with KaZaA Media Desktop and Grokster |
| BGInfo | U | Bginfo.exe | BGinfo automatically displays relevant information about a Windows computer on the desktop's background, such as the computer name, IP address, service pack version, and more. |
| BGNewsAgent | Y | bgnewsag.exe | BullGuard antivirus updater |
| bgsmsnd | N | bgsmsnd.exe | Printer driver to generate PDF files from any program |
| BHOCop | N | BHOCop.exe | ZDNet's BHO Cop that lets you see what browser helper objects are installed. Useful for detecting spyware |
| BHODemon 2.0 | U | BHODemon.exe | BHODemon "protects you from unknown Browser Helper Objects (BHOs), by letting you enable/disable them individually. When running, it also monitors your Registry and alerts you when a BHO is installed. Best of all, BHODemon knows about the most common BHOs - the good ones, and the not-so-good ones!"
If you prefer forgoing resident protection, the application can also be run on demand. |
| BI1HelperStartUp | U | BI1HEL~1.EXE | Beach_Islands Screensaver. The freeware version comes with GAIN branded ads (pop-ups and others). ScreenScenes do however offer you the option of doing away with the ads by purchasing the screensaver for a whopping $ 30... |
| BIE | X | Rundll32.exe BDSrHook.dll, Rundll32 | BDplugin parasite |
| BigDogPath | ? | VM_STI.EXE | Bundled with some software for digital cameras that use a USB connection. - what does it do and is it required? |
| bigfix | N | BIGFIX.EXE | BigFix can automatically download and read technical support information provided by computer and software manufacturers and other technical support experts (published in the form of Fixlet® Messages) and can automatically check your computer for bugs, configuration conflicts, and security holes. Should only be started manually as it's a resource hog |
| BigPond Toolbar | U | bpumTray.exe | Telstra BigPond Toolbar - "Introducing the free and easy to use BigPond Toolbar that is designed to make your internet experience and managing your Telstra internet account a whole lot easier" |
| BigPondCable | N | bpcable.exe | Telstra Bigpond Cable login software. Can be started manually. |
| Billminder | N | Billmind.exe | Can be setup in Quicken to remind user of due payments. Available via Start -> Programs |
| bin32hpu | X | ppstub.exe | PrecisionPop adware |
| bingdian | X | Bingdian.vbs | Added by the BINGD VIRUS! |
| Bingo Charm | ? | charms.exe | Some kind of screen icon kind of like desk flag, but it gives you a choice of icons? |
| Bios | X | Bios32.exe | Added by an unidentified VIURS! |
| BIOS XP Loader | X | [random file name] | Added by the W32/RBOT-IC, ~http://www.sophos.com/virusinfo/analyses/w32rbotic.html WORM! |
| BIOS1 | X | BIOS1.EXE | Added by the OPASERV.T VIRUS! |
| BIOVCIP | ? | BIOVCIP.exe | ?? |
| BitComet | N | BitComet.exe | BitComet P2P client - can be launched from Start Menu > Programs |
| BitDefender Antivirus | X | BITDEFENDERX.EXE | Added by a variant of the W32.SPYBOT WORM!
|
| BitDefender Communicator | Y | xcommsvr.exe | BitDefender antivirus |
| BitDefender for MSN Messenger | U | msnmon.exe | Bitdefender anti-virus for MSN Messenger. Unless you have MSN Messenger running all the time start it manually |
| BitDefender for Yahoo! Messenger | U | yahmon.exe | BitDefender Antivirus for Yahoo! Messenger - free AV add-on for Yahoo! Messenger |
| BitDefender Live! Init | Y | bdinit.exe | BitDefender antivirus |
| BitDefender Scan Server | Y | bdss.exe | BitDefender antivirus |
| BitDefender Virus Shield | Y | vsserv.exe | BitDefender antivirus |
| bitdefenderlive | Y | avxlive.exe | Main program of BitDefender virus scanner/firewall |
| BitDefender_P2P_Startup | U | BitDefender_P2P_Startup.exe | Bitdefender anti-virus for file transfers via internet messaging clients such as ICQ and MSN Messenger. Unless you have these running all the time start it manually |
| BitWare Print Monitor | N | bwprnmon.exe | FaxServe network fax software |
| BJ Printer Status Monitor | N | Cjstsr.exe | Canon BJ printer status monitor |
| BJ Status Monitor 5xx | N | CJSTRxx.EXE | Canon printer status monitor - where "xx" is different depending upon the version. Not required as you can check the printer status via My Computer -> Printers |
| bjcfd | N | CFD.exe | BroadJump Client Foundation. Broadband troubleshooting software installed by various companies. Not required and you can remove it via Add/Remove programs |
| BlackICE PC Protection or BlackIce Utility | N | blackice.exe | Loads the user interface for the BlackICE PC Protection (was Defender) firewall program. From the parent site - \'(the user interface) starts in the "Startup" menu and adds itself to the taskbar. The user interface is independent from the rest of the system and only displays the output or reconfigures the system. It does not need to be running for the rest of the system to run.\' See also LoadBlackD |
| blah service | X | winupdate.exe | Add by the GAOBOT.BIA WORM! |
| blah service | X | winsysengine.exe | Added by a W32/Rbot-KI worm infection |
| blah service | X | smnp.exe | Added by the RBOT.IZ WORM! |
| blah service | X | internet.exe | Added by a variant of the WIN32.RBOT WORM!
|
| blah service | X | msnmsgrr.exe | Added by the RBOT.PZ WORM! |
| blah service | X | tazkmgr.exe | Added by the RBOT.UA WORM! |
| blah service | X | FaLeH.exe | Added by the W32/Rbot-AES
Worm!
|
| blah service | X | microsoft.exe | Added by a variant of the WIN32.RBOT WORM!
|
| Blah service | X | CCAPPS32.EXE | Added by the RBOT.TV WORM! |
| blah service | X | evosys.exe | Added by a variant of the WIN32.RBOT WORM!
|
| blah service | X | win32.exe | Added by the W32/Rbot-AXO
WORM!
Note: This worm file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
|
| blahh service | X | msengine.exe | Added by a variant of the WIN32.RBOT WORM!
|
| blahx service | X | msnjompa.exe | Added by the SDBOT.AML WORM! |
| BlazeChanger | N | FBZPaper.exe | Ember graphic file viewer, manager, and touch-up system |
| bldbubg | N | bldbubg.exe | Part of Dell Alerts which provides customers with an update on latest updates for his/her system |
| Bles | X | bles.exe | Added by the TROJ/BLESH-A TROJAN!
|
| blinkx | U | blinkx.exe | Blinkx_Desktop "Smart Folders" software |
| BLMessagingIntegration | X | blengine.exe | BuddyLinks adware |
| BlockAds | U | blads.exe | A Tweak-XP component, blocks advertisement banners in Internet Explorer. Can be enabled/disabled via Tweak-XP / Internet Tweaks |
| BlockChecker | X | Block-checker.exe | BlockChecker adware
|
| Blocker System611 Monitoring | X | PopUpBlocker611.exe | Added by the RBOT.BLJ WORM! |
| BlockTracker | N | BlockTracker.exe | If present on a HP machine it tracks all the processes and logs them to a blocklog.txt file |
| blsloader | U | blsloader.exe | BellSouth ISP Internet_Tools |
| blss | X | blss.exe | Added by the Backdoor.Blarul TROJAN! |
| BLSTAPP | N | blstapp.exe | Puts access to Creative's BlasterControl in the System Tray |
| Blubster | N | Blubster.exe | Related to Blubster
Music sharing service. |
| bluestart | X | rraut.exe | Added by the VB.GY.2 downloader TROJAN! |
| BlueToothAuthentication Agent | U | rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent | Associated with BlueTooth software, designed to allow bluetooth mobile devices to authenticate to the computer, when connecting a PDA to your computer - necessary for the computer and the PDA to communicate. Should you get the error message, "Rundll irprops.cpl missing entry Bluetooth authentication agent", click here for more information. In case you no longer have BlueTooth support installed, and don't need it, simply uncheck the entry in Msconfig > Startup. |
| BluetoothAuthenticationAgent | U | rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent | Associated with BlueTooth software, designed to allow bluetooth mobile devices to authenticate to the computer, when connecting a PDA to your computer - necessary for the computer and the PDA to communicate.
|
| Blueyonder Instant Support Tool | U | matcli.exe | "matcli.exe is a motive Assistant Command line interface that gathers information about your system\'s identity like your name email address, city, state, etc and gets written to a log file". Blueyonder Instant Support is required to run with the Help and Support program. If you uncheck it and and then run Help and Support it will add another Blueyonder Instant Support in the startup menu. If you remove Blueyonder Instant Support in add/remove programs some help menus in help and support will not be available. You decide |
| BMail Installation | N | FTP_back.exe | Part of iMesh - a file sharing system. Reported by Norton AntiVirus as a trojan. Once deleted does not prevent file sharing working. Older versions of iMesh re-instate this but the newer versions do not |
| BMan | X | BMan1.exe | Abcsearch.com/DealHelper adware variant |
| BMMGAG | U | Rundll32 PWRMONIT.DLL, StartPwrMonitor | Displays a battery gauge icon in the Taskbar (not the System Tray). Provides shortcuts to IBM's proprietary power saving settings and to a battery information window |
| BMMLREF | U | BMMLREF.EXE | Battery Manager for IBM ThinkPad laptops |
| BMO MasterCard Wallet | U | EWALLET.EXE | The wallet conveniently stores billing, shipping and payment information on your PC |
| BMupdate | N | BMupdate.exe | Related to BookmarkCentral entry. Typically added after downloading drivers for Visioneer scanners for example, and you install the driver self-install |
| BMZ | X | bmz.exe | nCase adware |
| Bndt32 | X | Bndt32.exe | Added by the LACON VIRUS! |
| Bnexe | X | (random filename) | Added by the KITRO.D (or ARGEN.A) VIRUS! |
| BO1HelperStartUp | U | BO1HEL~1.EXE | ScreenScenes Butterfly_Oasis screensaver. The freeware version comes with GAIN branded ads (pop-ups and others).
ScreenScenes do however offer you the option of doing away with the ads by purchasing the screensaver for a whopping $ 30... |
| BO1HelperStartUp | U | Bo1helper.exe | ScreenScenes Butterfly_Oasis screen saver. The freeware version comes with GAIN branded ads (pop-ups and others). ScreenScenes do however offer you the option of doing away with the ads by purchasing the screensaver for a whopping $ 30... |
| Boarddata | X | [path] repcale.exe [path] palsp.exe | Added by a variant of the RANDON.AN WORM! |
| BOC412 | Y | BOC412.exe | Version 4.12 of NSClean's BOClean anti-trojan software |
| BOCleanautostart | Y | Boclean.exe | NSClean's BOClean anti-trojan software |
| bombshel | U | BOMB32.EXE | Part of McAfee Nuts & Bolts. Protects your Windows system from application failure and crashes - similar to Norton Crashguard. Your choice - may cause problems |
| Bonzi Buddy | X | ?? | Spyware - read here for information and here for removal instructions |
| boo | X | boo.exe | Adware downloader - detected by Kaspersky antivirus as Trojan.Win32.Favadd.o |
| BookedSpace | X | bs2.dll,DllRun | Adware, related to the Remanent parasite |
| BookmarkCentral | N | BMLauncher.exe | Bookmark Express - "offers a more flexible way to manage Web site bookmarks, regardless of which browser you use" |
| Boost XP Service | U | bxservice.exe | Boost XP from Systweak - WinXP tweaking utility |
| boot | X | boot.exe | Added by the Troj/Puppet-A
Trojan!
|
| Boot Manager | X | Njgal.exe | Added by the KILO VIRUS! |
| Boot Manager | X | bootmng.exe | Added by a variant of the W32.SPYBOT WORM!
|
| BootCfg | X | Install.log.vbs | Added by the VBS.YPSAN.D WORM! |
| BootCTRL | X | bootctrl.exe | Added by an unidentified WORM or TROJAN! |
| BootLoader | X | BootLoader.exe.vbs | Added by the WATERWORKS VIRUS! |
| bootpd.exe | X | bootpd.exe | Hijacker - recognized by Kaspersky antivirus as Trojan.Win32.StartPage.vk
|
| bootpd.exe | X | bootpd.exe | Added by the Troj/Agent-DT
Trojan!
|
| BootsCfg | X | Date.POP.vbs | Added by the VBS.KUULLIO WORM! |
| BootsCfg | X | wscript.exe [path] All Users.vbs | Added by the VBS.SPILTRON WORM! |
| BootsCfg | X | wscript.exe [path] All Users.vbe | Added by the VBS.SPILTRON WORM! |
| BootsCfg | X | wscript.exe[path] Install.log.vbs | Added by the VBS.YPSAN.E WORM! |
| BootSkin Startup Jobs | U | BootSkin.exe | Stardock_BootSkin
is a program that allows users to change their Windows 2000 and Windows XP boot screens, free for non-commercial use. |
| BootStatus | U | BOOTST~1.EXE | Visual Basic program that pops up a small window on startup telling you how many times the machine has been booted that day. Once you exit it, it has no more effect on resources |
| BootWarn | U | BootWarn.exe | From here : "Norton AntiVirus Boot Warning. This program is installed as a startup item when you install Norton AntiVirus, and also sometimes when you do a LiveUpdate which updates Norton AntiVirus significantly enough that a reboot is needed to complete the installation. We believe its purpose to be to warn the end-user that he must reboot his PC before using Norton AntiVirus in those cases when a reboot did not happen with the result that Norton AntiVirus did not fully complete its installation or software updating.
Recommendation : Start Norton AntiVirus from “Start \ Programs \ Norton AntiVirus”. If Norton AntiVirus comes up without problems, then fix this entry from the Msconfig Startup tab – it was left behind by mistake and is no longer needed now that Norton AntiVirus is fully installed and opens without error messages."
|
| boot_reg | X | [path to file] | Added by the TROJ/BANCBAN-CA TROJAN! |
| Bose Wave/PC Monitor | N | wavepcmonitor.exe | System Tray access for this system (more info on the system here). Available via Start -> Programs |
| BossIdea | X | winlogin.exe | Added by the TROJ/LINEAGE-I TROJAN! |
| Boston | ? | Boston.exe | Part of the Boston Acoustics USB speaker systems. - What does it do and is it required? |
| Bot Loader | X | svchostt.exe | Added by the W32.GAOBOT.ALV WORM! |
| Bouncer RunStartup | X | bouncer.exe | VIrtualBouncer malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove, so definitely qualifies as unsolicited commercial software in itself. It also has an update feature that can download and execute arbitrary code. Warning - choose "custom" uninstall as "automatic" may remove other programs |
| Bouncer RunStartup | X | LiveUpdate.exe | VIrtualBouncer malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove, so definitely qualifies as unsolicited commercial software in itself. It also has an update feature that can download and execute arbitrary code. Warning - choose "custom" uninstall as "automatic" may remove other programs |
| boy lovers of bsd | X | ilikeboys.exe | Added by the MYTOB.LY WORM! |
| bpcpost.exe | U | bpcpost.exe | MS TV Viewer Post Setup Program. Part of MS WebTV for Windows. Used to display TV on your PC via a compatible video card with in-built tuner (such as ATI All-In-Wonder). If you don't use it - uninstall it |
| BPCv2 | X | BPCv2.exe | BroadcastPC adware
|
| BPCv2_re | X | bpc2_re_inst.exe | BroadcastPC adware variant |
| BPK | U | bpk.exe, nvsr32.exe | Blazing Tools Perfect Keylogger (monitoring program). Given a "U" recommendation because it depends if you intentionally installed it. If you didn't treat it as "X" and uninstall or remove |
| BPServer | N | G6FTPSrv.exe | BulletProof FTP Server |
| BPT | X | bpt.exe | BroadcastPC adware
|
| BQTray.exe | U | BQTray.exe | System Tray access to BurnQuick CD burning software. Only required if you use the queueing facility, hence the U recommendation. Create your own desktop shortcut to start manually |
| Brasil | X | Brasil.exe | Added by the OPASERV.E VIRUS! |
| Brasil | X | BRASIL.PIF | Added by the OPASERV.E VIRUS! |
| BrasilOld | X | (worm filename) | Added by the OPASERV.P VIRUS! |
| Brct | X | trdb.exe | Reported as Win32.PurityScan.y TROJAN! by Kaspersky Anti-Virus. Class: Trojan-Downloader.
Note: Lowers Internet Explorer security settings and downloads unwanted files. |
| Break_Reminder | U | BREAK REMINDER.exe | Break Reminder - Remind yourself to take breaks to prevent computer related injuries. See here |
| Breg | X | bcre.exe | BroadcastPC adware variant |
| Breg | X | breg.exe | BroadcastPC adware variant |
| Breg | X | bptre.exe | BroadcastPC adware variant |
| Bridge | X | rundll32.exe ...Bridge.dll | Flingstone.com browser hijacker |
| Brindys BriTray | Y | BRITRAY.EXE | Main process for the following applications: GEDEX, SICARIO, BRINOTES, BRIRESPA, SICURE, TRASGO, UNDOCS, FRESH & BRIFAME (all of them from Brindys Software). Performs the following tasks [un]installation, web software autoupdate, notification windows, interprocess communication, tray bar icons & menus, alarms (brinotes), and common web launching from the mentioned applications. Can be stopped safely once run if so desired |
| BrmfRmPA | U | BrmfRmPA.exe | Brother resource manager - needed for a Brother MFC printer/copier/scanner and PC to properly communicate |
| Broadband Wizard | N | bbwiz.exe | Starts Broadband Wizard so it runs in the System Tray. This application tests and optimizes your Cable or DSL connection. Available via Start -> Programs |
| Bron-Spizaetus | X | CVT.exe | Added by the W32.Rontokbro
WORM!
Note: This worm\trojan file is found in the Windows\PIF or Winnt\PIF folder.
|
| Bron-Spizaetus | X | norBtok.exe | Added by the RONTOKBRO.B WORM! |
| Bron-Spizaetus | X | ElnorB.exe | Added by the RONTOKBRO.D WORM! |
| Bron-Spizaetus | X | bronstab.exe | Added by the RONTOKBRO.C WORM! |
| Bron-Spizaetus | X | sempalong.exe | Added by the W32/Brontok-E
WORM!
Note: This worm\trojan file is found in the Windows\ShellNew or Winnt\ShellNew folder.
|
| Bron-Spizaetus | X | eksplorasi.exe | Added by the RONTOKBRO.J WORM! |
| Bron-Spizaetus | X | [path to file] | Added by W32/Brontok-F WORM! |
| BrowseProxy | N | FindService.exe | Actual Names - "It is now possible to enter a particular word or keyword phrase that is associated with your business, and immediately be directed to YOUR WEBSITE! The Actual Names technology can do this for you" |
| browser | X | msgaol.exe | Added by the WIN32.TACTSLAY.C TROJAN! |
| browser | X | s_menu.exe | Added by the WIN32.TACTSLAY.C TROJAN! |
| browser aid | X | browseraid.exe | BrowserAid/BrowserPal foistware |
| Browser Help Svc | X | BHSV.EXE | Added by the W32/Rbot-AVQ WORM! Note: This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder. |
| Browser Hijack Blaster | Y | bhblaster.exe | Browser Hijack Blaster - protects your system from browser hijackers and spyware that alters your IE settings |
| Browser Launcher | U | Commandr.exe | Logitech internet keyboard "Commander" software - loads the software for the shortcut keys on the keyboard. Not required unless you want to use the short cut keys |
| Browser Pal | X | adblck.exe | BrowserAid/BrowserPal foistware |
| Browser Sentinel | U | BrowserSentinel.exe | Browser Sentinel. Notifies you if a program wants to penetrate into Internet explorer, add itself to the Windows auto-run list or change your home page.
See here |
| BrowserWebCheck | N | loadwc.exe | Checks to make sure that IE is still your default browser |
| BS Player | N | bsplayer.exe | BSplayer - A video player used to play avi, mpg, wmv and other multimedia files.
|
| BsCLiP | N | BSCLIP.exe | CD recording utility that comes with a lot of CDR/CDRW drives and isn't required |
| Bsoft lppt01 | X | Bsoft.exe | New variant of the RapidBlaster parasite (in a "BelmontSoft" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here |
| Bsx3 | X | Rundll32.exe bs3.dll, DllRun | BookedSpace parasite variant |
| BT | X | (Original Trojan filename) | Added by the Troj/Litebot-B
TROJAN!
|
| BT Broadband Help | U | matcli.exe | "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". BT Broadband Help is required to run with the Help and Support program. If you uncheck BT Broadband Help and and then run Help and Support it will add another BT Broadband Help in the startup menu. If you remove the BT Broadband Help in the add/remove program some help menus in help and support will not be available. You decide |
| BT00003(2 or 3 or 4) | X | hiklmnop27.exe | Added by the Troj/VB-VT
TROJAN!
Note: This trojan file is found in the Windows or Winnt folder. |
| BT00003(5 or 6 or 7) | X | abcdefg23.exe | Added by the Troj/VB-VT
TROJAN!
Note: This trojan file is found in the Windows or Winnt folder. |
| btinst | ? | btinst.exe | Associated with an Anycom bluetooth wireless card. What does it do and is it required? |
| BTModemProtection | U | BTModemProtection.lnk | BT Privacy Online modem protection software, see here |
| BTSETBOOTKEY | ? | BTSetBootKey.exe | Related to a USB Bluetooth adaptor - what does it do and is it required? |
| BtStart | U | btstart.exe | Broadcorp (formerly WIDCOMM) Bluetooth Connectivity Software |
| bttray | U | bttray.exe | System tray icon which shows the status of a BlueTooth wireless module. Most systems with such a module installed can enable/disable the module. The system tray icon changes from blue/white to blue/red when the module is turned off. Allows access to explore bluetooth places, setup wizard, advanced configuration, quick connect and shutdown device |
| BTUSRBDG | Y | BtUsrBdg.exe | Used with a Mitsumi_USB_Bluetooth adaptor (and maybe others) |
| BTUSRBDGF | Y | BtUsrBdg.exe | Used with a Mitsumi USB Bluetooth adaptor |
| BTV | X | btv.exe | BroadcastPC adware |
| Buddyizer | N | Buddyizer.exe | Part of the AIMster Peer to Peer (P2P) file sharing application that runs over the AOL Instant Messenger network |
| bugwatcher service | U | bugwatcher.exe | Bugtoaster is a service that sends reports on system/program crashes (certain types) back to Bugtoaster. They relay information to program authors and provide, if available, any known solutions to the crashes. It doesn't take up any room in memory, just activates in the event of certain program failures |
| BuildBU | N | bldbubg.exe | Part of Dell Alerts which provides customers with an update on latest updates for his/her system |
| BuildLab | X | winlogon.exe | Added by NEVEG.A WORM! Note - this is not the valid Windows Logon winlogon.exe process |
| BuildLabs | X | csrss.exe | Added by the WEBUS TROJAN! Note - this is not the valid Client Server Runtime Subsystem csrss.exe process, which provides text window support, shutdown, and hard-error handling |
| BuildLabs | X | lsass.exe | Added by a Webus.B trojan infection. Note - this is not the legitimate Lsass.exe system file, which should normally NOT figure in Msconfig/Startup |
| Bulldog Service | U | upsd.exe | Belkin's Bulldog Plus control software which runs under Windows 95 or later and monitors the UPS (Uninterrupted Power Supply) via a serial or USB link |
| BullGuard | Y | mgui.exe | Part of Bullguard antivirus |
| BullGuard Update | U | avxlive.exe | Part of Bullguard antivirus. Leave enabled unless you manually update virus definitions |
| BullGuard XComm | Y | XCOMMSVR.EXE | Part of Bullguard antivirus |
| BullGuardInit | Y | AVXINIT.EXE | Part of Bullguard antivirus |
| BullguardoptIn | Y | bulldownload.exe | Part of Bullguard antivirus |
| BullsEye | X | bargains.exe | eXact Advertising BargainBuddy/Bullseye adware
|
| BullsEye Network | X | bargains.exe | eXact Advertising BargainBuddy/Bullseye adware
|
| BullsEye Tracker | ? | BeTrack.exe | Bullseye - intelligent research assistant |
| Bunx | X | beagle.exe | Added by the W32/Lebreat-E
WORM!
|
| BurnQuick Queue | N | BQTray.exe | System Tray access to BurnQuick CD burning software. Only required if you use the queueing facility, hence the U recommendation. Create your own desktop shortcut to start manually |
| Button Server | U | bttnserv.exe | Found on a Compaq PC, for the extra buttons on the keyboard for the speaker volume, media player, sleep and internet buttons. If the buttons aren't used on the keyboard or your's doesn't have them, then it isn't required |
| ButtonKey | N | ButtonKey.exe | CyberView TWAIN driver for the Pacific Image range of 35mm film scanners. Enables the one touch scanning button and places an icon an the System Tray. Use your scanners software or run it manually by creating a shortcut |
| Buzme | N | Bmui.exe | Buzme by RingCentral, Inc - internet call waiting. Intercepts telephone calls like an answering machine and plays the voice message on your PC. Only required when you're on-line and via dial-up modem |
| BuzMe | U | RCUI.exe | Display Client for the BuzMe Internet Call Waiting Service. |
| Buzof.exe | U | buzof.exe | Buzof from Basta Computing "enables you to automatically answer, close or minimize virtually any recurring window including messages, prompts, and dialog boxes" |
| bxsx5 | X | RunDLL32.EXE bsx5.dll | BookedSpace parasite variant |
| bxxs5 | X | RunDLL32.EXE bxxs5.dll, dllrun | BookedSpace parasite |
| Bymer.Scanner | X | Wininit.exe | Added by the BYMER WORM! |
| Bymer.Scanner | X | Msinit.exe | Added by the BYMER WORM! |
| c | X | c:\archiv~1\win.com | Added by the CUYDOC VIRUS! |
| C-Media Echo Control | U | EchoCtrl.exe | C-Media produce audio chipsets that are often found on popular motherboards with on-board audio. You may need it if you use the echo control feature of C-Media Mixer |
| C-Media Mixer | N | Mixer.exe | C-Media produce audio chipsets that are often found on popular motherboards with on-board audio. Provides System Tray access to change audio settings. Available via Start -> Settings -> Control Panel or Start -> Programs |
| C2K | U | CYB2K.EXE | CYBERsitter 2000 or 2001 - anti-porn filter primarily. Required if you want the sites you visit filtered without having to load the software every time you launch your browser |
| c32cs2 | U | c32cs2.exe | Cyber_Sentinel Internet filtering software
|
| C7 | X | [name of worm] | Added by the W32.MEDIAKILL.A WORM! |
| C:\WINDOWS\IEXPLOR.EXE | X | IEXPLOR.EXE | "Pop Marketing" adware |
| C:\WINDOWS\VCMnet11.exe | X | VCMnet11.exe | "Windows AFA Internet Enhancement" - a browser hijacker, redirecting to adsourcecorp.com - see here |
| C:\WINDOWS\WinTask.exe | X | WinTask.exe | "Pop Marketing" adware |
| CA-AMAgent | U | amagent.exe | Unicenter_Asset_Management is a solution for proactively managing IT assets in a business environment. It provides full-featured asset tracking capabilities through automated discovery, hardware inventory, network inventory, software inventory, configuration management, software usage monitoring, license management and extensive cross-platform reporting.
|
| CaAvTray | Y | CAVTray.exe | eTrust™ EZ_Antivirus system tray application from Computer Associates |
| Cabchk | X | Cabchk.exe | Added by the GEMA TROJAN! |
| Cabchk32 | X | Cabchk32.exe | Added by the GEMA TROJAN! |
| CABCInstall | X | CABCInstall.exe | CABC content delivery software |
| CacheBoost | U | trayicon.exe | CacheBoost "optimizes the System Cache-Management of Windows XP/2000/NT and Windows .Net Servers, resulting in a performance boost" |
| CacheLoader | X | (path of filename) | Added by the Troj/Dloader-NZ
TROJAN!
|
| Cacheman | N | Cacheman.exe | Freeware disk cache tweaker from Outer Technologies. Should only be run once and not loaded at start-up |
| CacheMgr | Y | CacheMgr.exe | Sophos Antivirus Remote Update |
| CACStarter | N | cacstart.exe | Cash A Check - check writing software |
| Caddais BackupOnDemand | U | BODMon.exe | Caddais BackupOnDemand - "runs in the background and monitors your important files for changes. Within seconds of changing, modified files are automatically backed up to an archive location" |
| Cadenza | U | CdzSvc.exe | Cadenza mNotes for Palm and Pocket PC enables users to access Lotus Notes on their mobile devices |
| CADS | U | cads.exe | Cyber Sentinel internet filtering software |
| CAgent | N | CAgent.exe | Abbyy Fine Reader OCR (Optical Character Recognition) software for scanning and converting documents |
| cAgOu | X | (filename).hta | Added by the KAKWORM VIRUS! |
| CahootWebcard | N | CahootWebcard.exe | "The Cahoot Webcard is a virtual card that allows you to use your Cahoot credit card online without ever having to expose your real card numbers over the web. It works by generating one-off transaction numbers as a substitute for your real cahoot credit card details". Run manually when needed |
| CAISafe | Y | isafe.exe | Part of Computer Associates eTrust EZAntivirus |
| Cal Reminder Shortcut | N | calrem.exe | Produces a pop-up reminder of events scheduled using the MS Office Calendar |
| Calc Microsoft Windows | X | wincalc.exe | Added by an unidentied WORM or TROJAN! |
| CALC32 | X | CALC32.EXE | Added by the W32/Spybot-EC
WORM!
Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
|
| Calendar 200X Reminder | N | calendar.exe | Calendar200X - shows holidays, reminders of various anniversaries,tasks etc |
| Calendarscope | U | cs.exe | Calendarscope calendar software |
| calk | X | calk.exe | Added by the TROJ/STARTPA-FH TROJAN! |
| CallBumping | ? | cbpopw.exe | ?? |
| CallCenter Main Application | U | V3calmcp.exe | "V3 Inc. CallCenter is a free 32-bit,
integrated fax, voicemail and data communications application with a simple to use interface providing fax send and receive functionality, basic (single
mailbox) answering machine capability, and sophistcated data communications." Main application |
| CallCenter Printer Interface | U | V3faxecp.exe | "V3 Inc. CallCenter is a free 32-bit,
integrated fax, voicemail and data communications application with a simple to use interface providing fax send and receive functionality, basic (single
mailbox) answering machine capability, and sophistcated data communications." Fax printer |
| CallControl | N | ftctrl32.exe | FaxTalk Messenger Pro is a Windows TAPI based 32-bit application. When installed, the software automatically loads FaxTalk CallControl when you start Windows. When FaxTalk CallControl is running, any TAPI compliant application can request to use the modem from Windows |
| CamCheck | N | CamCheck.exe | NuCam camera software related |
| Cameno | U | Cameno.exe | Cameno is a program which brings tabbed windows to MSN Messenger 6.0 and above
|
| Camera Detector | N | Camdetect.exe | ACDSee Auto Device Detector detects when a device is connected to your PC and gives you the option to acquire images from it automatically. |
| Camera Detector | N | CAMDET~*.EXE | ACDSee Auto Device Detector detects when a device is connected to your PC and gives you the option to acquire images from it automatically. |
| Camera Detector | N | DEVDET~*.EXE | ACDSee Auto Device Detector detects when a device is connected to your PC and gives you the option to acquire images from it automatically. |
| Camio Viewer x | N | IXApplet.exe | Image viewing program that comes with digital cameras. Shows pictures that are in the camera before downloading them. "x" in the name is the version |
| CamMonitor | ? | hpqcmon.exe | From HP and related to digital imaging |
| Canada | N | Canada.exe | Known to be a dialler - but is it maliscous or clean? |
| Canary | N | canary-std.exe | Canary monitoring program. Keylogger, monitors all computer activity |
| candy | X | command32.exe | Added by the W32/Rbot-LV
WORM!
Note: This worm file is found in the System (95/98/Me) or System32 (Nt/2000/XP) folder. |
| candynet | X | Taskmsg.exe | Added by the W32/Rbot-NA WORM!
|
| Canon MultiPASS Status Monitor | U | monitr32.exe | Cannon Multi-Pass status monitor - your choice. |
| Canon PC1200 iC D600 iR1200G Status Window | ? | CAPM1LAK.EXE | Cannon printer related - is it required in startup? |
| Canon Printer Monitor BJCxxx | N | Cjstlst.exe | Trayicon for Canon printer. xxx denotes model. Available via Start -> Programs |
| CAP3ON | ? | CAP3ONN.EXE | Canon driver, purpose unknown - is it required in startup? |
| Capfax | N | capfax.exe | PhoneTools fax software |
| Capon | Y | Capon.exe | Canon printer driver |
| Capon | Y | Caponn.exe | Canon printer driver |
| CaptionMgr32 | X | crssr.exe | Added by the W32.ZAR.A WORM! |
| Capture Express 2000 | N | capexp.exe | Capture Express - screen capture utility |
| Card Monitor | N | REGCNT09.exe | For the USB connection on a Panasonic PV-DV701 Digital Camcorder. Available via Start -> Programs |
| Care20 | X | Care20.exe | TopMoxie adware |
| Care2GTU | U | Care2GTU.exe | Care2 Green Thumbs-Up (from the Care2 site). Every online purchase helps environmental causes; tells you how eco-friendly a company really is, thanks to over 200 company profiles from Coop America. Saves 1 square foot of rainforest every day you use it. If it works and you like it keep it |
| CARPserver | X | CARPserver.exe | Added by the TROJ/BANKER-AN TROJAN! |
| CARPservice | U | carpserv.exe | Associated with Zoltrix modems - enables the internal modem speaker, allowing you to listen to the dial-up sounds for example |
| cartao | X | [path to file] | Added by the TROJ/DLOADER-QD TROJAN! |
| cartao | X | conflicted.exe | Added by the TROJ/DADOBRA-DV TROJAN! |
| cartao | X | killing.exe | Added by the TROJ/DLOADER-QN TROJAN! |
| CAS Client | X | casclient.exe | CasinoClient adware |
| CasAgnt | U | CasAgnt.exe | Program by Extended Systems which allows you to sync your Casio PDA with your PC |
| Casdvqwa | X | bmqnzkg.exe | Added by the RANDEX.BE VIRUS! |
| caseyvideo | X | CaseyVideo.exe | malware causing p0rn popups |
| caseyvideo[*] (* = digit) | X | caseyvideo[*].exe (* = digit) | malware causing p0rn popups |
| CashBack | X | cashback.exe | eXact Advertising BargainBuddy/CashBack adware
|
| CashFiesta | X | Cashfiesta.exe | CASHFIESTA.A pay-per-surf adware |
| Cashsurfers Cashbar Navigator | N | Cashbar.Exe | Cashsurfers CashBar Navigator - "The CashBar rotates banner advertisements once per minute and provides you with access to up to date special offers and deals" |
| CashToolbar | X | CD_Load.exe | "CashToolbar" Downloader-MY TROJAN! |
| CashToolbar | X | svchost.exe | "CashToolbar" Downloader-MY TROJAN! - Note - this is NOT the legitimate Windows svchost.exe process, which should NOT figure in Msconfig/Startup!
|
| Cassandra | X | cassandra.exe | Melkosoft_Cassandra adware - also detected as a variant of the WIN32.KREPPER TROJAN! |
| Cassandra and or Control handler | X | (10 to 14 random)THD.EXE | Added by the Troj/Krepper-AI
Trojan!
|
| CasStub | X | casstub.exe | Added by the Troj/Cass-A
TROJAN!
|
| CAVRID | Y | CAVRID.exe | eTrust™ EZ_Antivirus Real Time Infection Report from Computer Associates |
| CAVS | Y | CAVS.exe | Cheyenne, ( now eTrust ) antivirus |
| CAZNOVAS | X | CAZNOVAS.exe | Added by the CAZNO VIRUS! |
| CBACK.EXE | X | CBACK.EXE | Added by the Troj/Penta-A
TROJAN!
|
| CBWAttn | U | CBWAttn.exe | Required for Bitware to answer incoming faxes, can cause sleep mode problems |
| CBWHost | U | CBWHost.exe | Required for Bitware to answer incoming faxes, can cause sleep mode problems |
| CBWUser | ? | CBWDial.exe | Associated with Bitware that integrates fax, voice, pager, and data communications on your desktop |
| CC2KUI | X | comet.exe | Comet Cursor - displays different mouse pointers dependent upon the site your visiting. Malware because it automatically installs. See here for more information and for the uninstall procedure |
| ccApp | Y | ccApp.exe | Part of Norton AntiVirus 2003. Auto-protect and E-mail check will not function without this |
| ccApp | X | (random filename) | Added by the OBSORB VIRUS! Note the random filename compared to the valid Norton AntiVirus entry above |
| ccApp | X | WMADZ.EXE | Added by the W32/RBOT-LJ WORM! |
| ccApp | X | .EXE | Added by the W32/RBOT-LJ WORM! |
| ccApp | X | gcasServ.exe | Added by a variant of the WIN32.RBOT WORM!
- do NOT confuse with the Microsoft AntiSpyware executable of the same name as described here |
| ccAppr | X | svcrhost.exe | Added by the WIN32.TACTSLAY.A TROJAN! |
| ccAppr | X | outIook.exe | Added by the WIN32.TACTSLAY.A TROJAN! |
| ccAppr | X | expIorer.exe | Added by the WIN32.TACTSLAY.A TROJAN! |
| ccAppr | X | svcshost.exe | Added by the WIN32.TACTSLAY.A TROJAN! |
| ccApps | X | services.exe | Added by the NEVEG.B or NEVEG.C WORMS! Note - this is not the valid Windows Service Controller (services.exe) process |
| ccApps | X | winlogon.exe | Added by NEVEG.A WORM! Note - this is not the valid Windows Logon winlogon.exe process |
| ccApps | X | ccApps.exe | Added by the W32/KANGAROO-B WORM!
|
| CCD Manager | U | DDS.EXE | Project Labs Century CD manager for their CD/DVD storage device |
| Ccdecode | N | rundll32.exe streamci, StreamingDeviceSetup | Part of the closed caption decdoder/MS VBI codec. Should only run once |
| CCDoctorLogonTesting | Y | ccdoctor.exe | Checks your system to make sure it's configured properly for running Rational ClearCase, a source code management tool. ClearCase is fairly sophisticated so there are a lot of system-related things that can cause it grief. If you run ClearCase you should not disable this as it provides a valuable service, but technically it isn't required to use the ClearCase product |
| ccenter | Y | CCenter.exe | RAV AntiVirus |
| CcEvtMgr | Y | ccEvtMgr.exe | Part of Norton AntiVirus 2003.Event manager for scheduling weekly scans and or automatic virus updates. Used to start automatically via "ccApp" and was not required as a seperate entry but a recent update changed this |
| ccEvtMrg.exe | X | ccEvtMrg.exe | Added by the RBOT.GZ WORM! |
| ccExecute | X | bootcfg1.exe | Added by the W32/NEMSI-B VIRUS! |
| ccHelp | X | ccHelp.hta | "Searchq" adware |
| ccpApps | X | csrss.exe | Added by the WEBUS TROJAN! Note - this is not the valid Client Server Runtime Subsystem csrss.exe process, which provides text window support, shutdown, and hard-error handling |
| ccpApps | X | lsass.exe | Added by a Webus.B trojan infection. Note - this is not the legitimate Lsass.exe system file, which should normally NOT figure in Msconfig/Startup |
| ccProxy | U | CCPROXY.EXE | Part of Norton Internet Security, proxy server that is used to support the parental controls. If you turn parental controls off at user level the process is not loaded.
Reported to cause excessive CPU usage. |
| CcPxySvc | Y | CCPXYSVC.exe | Part of Norton's AntiVirus 2003, Internet Security and Firewall products. E-mail proxy service - required for E-mail scanning and the firewall |
| ccreg | X | explorer.exe | Added by the ZCREW VIRUS! Note - this is not the valid explorer.exe |
| CcRegVfy | Y | ccRegVfy.exe | Part of Norton AntiVirus 2003. "ccRegVfy.exe is responsible for checking the integrity of the NAV registry entries to make sure that the information has not been changed by a malicious threat or a hack" |
| ccRegVfY | X | svcrhost.exe | Added by the WIN32.TACTSLAY.A TROJAN! |
| ccRegVfY | X | outIook.exe | Added by the WIN32.TACTSLAY.A TROJAN! |
| ccRegVfY | X | expIorer.exe | Added by the WIN32.TACTSLAY.A TROJAN! |
| ccRegVfY | X | svcshost.exe | Added by the WIN32.TACTSLAY.A TROJAN! |
| ccSetMgr | Y | ccSetMgr.exe | Part of Norton AntiVirus 2004. What does it do? |
| ccsvit.exe | X | ccsvit.exe | Added by the Troj/StartPa-HP
TROJAN!
Note: This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
|
| ccUpdate | X | ccUpdate.exe | Added by the AGOBOT.YS WORM! |
| ccWasher | U | aolwasher.exe | Webroot Cache & Cookie Washer - cleaning browser tracks, including cache, cookies, history, mail trash, drop-down address bar, auto-complete forms and downloaded program files for IE, Netscape and AOL |
| CCWC7a | U | ac.exe | Cache, Cookie & Windows Cleaner Ver. 7, Auto clean. Created by moleculesoft |
| CCWC7I | U | idxl.exe | Cache, Cookie & Windows Cleaner 7 created by moleculesoft.com |
| CCWC7s | U | stealth.exe | Cache, Cookie & Windows Cleaner 7, stealth mode. Created by moleculesoft |
| CD Storage Master | N | cdstorager.exe | CD_Storage_Master - a program designed to catalog CD information, boasts a number of handy features for organizing your collection.
|
| cd1 | X | cd1.exe | Premium rate adult content dialer |
| CDANTSRV | N | CDANTSRV.exe | C-Dilla License Management software. Used for any program that uses C-dilla Protection, example: 3D Studio Max 4.x. It loads as a service automatically but is not needed unless you run said program. Can be started and stopped manually |
| Cdcompat | X | Cdcompat.exe | Added by the GEMA TROJAN! |
| cddrv32 | X | cddrv32.exe | Added by a Crypter.C trojan variant infection |
| CDInterceptor | N | cdi.exe | CD indexer for measuring the speed of CD players |
| Cdrom Controller | X | cdromcntrl.exe | Added by the TROJ/BATTRY-A TROJAN! |
| cds | X | cds.exe | Added by the Backdoor.Spymon
TROJAN!
Note: This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
|
| CDTray | N | CDTray.exe | On HP PCs, this is the small CD icon next to the time |
| CeEKEY | ? | CeEKey.exe | Toshiba Satellite E-Key related. Is it required? |
| CeEPOWER | U | cepmtray.exe | Toshiba\'s Power Management Utility - allows the user to setup different profiles for both AC power and Battery Power on laptops. Contols CPU speed, Monitor Shut Off, Hard Drive Shut-Off, Monitor Brightness, System Stand-by and System Hibernate times |
| Ceic | ? | Ceic.exe | ?? |
| Cekirge | X | (path to worm) | Added by the KERGEZ.A VIRUS! |
| center | X | [random name]32.exe | Added by the W32.BOFRA.A WORM! |
| CentralProcessor | X | taskimgr.exe | Added by the BANCOS.J VIRUS! |
| CEPA | ? | wsot.exe | ?? |
| cesmain.dll | X | cmail.dll, Rundll32 | CnsMin (Chinese_Keywords) related |
| CEventMgr | X | Cell.exe | Added by the Troj/Bifrose-AK
TROJAN!
|
| CFD | N | CFD.exe | BroadJump Client Foundation. Broadband troubleshooting software installed by various companies. Not required and you can remove it via Add/Remove programs |
| CFDStart | X | WinMuschi.exe | WINMUSCHI dialler |
| cfgboost | X | cfgboot.exe | Added by an unidentified WORM or TROJAN! |
| cfgintpr | Y | cfgintpr.exe | Configuration Interpreter - part of Tiny Personal Firewall V4 |
| cfgmgr51 | X | RunDLL32.EXE [path] cfgmgr51.dll,DllRun | BookedSpace adware variant |
| cfgmgr52 | X | RunDLL32.EXE [path] cfgmgr52.dll,DllRun | BookedSpace adware variant |
| cfgwiz | N | cfgwiz.exe | Introduced with Norton Anti-Virus 2002, this is a real resource hog. Many NAV users will find they can live without loading it |
| cFosDNT | ? | cFosDNT.exe | cFos DSL Modem driver related. What does it do and is it required? |
| cFosInst_Check | ? | cfosinst.exe | cFos DSL Modem driver related. What does it do and is it required? |
| cFosSpeed | U | cFosSpeed.exe | cFos_Software
Internet acceleration program related. Note: May be necessary for the software to work properly.
|
| cftmon32 | X | taskmgr#.exe | Added by the SOWSAT.C and SOWSAT.J VIRUSES! where # is a number greater than or equal to zero |
| cfy | X | cfy.exe | Surfenhance.com SearchForIt adware variant |
| CGServer | U | cgserver.exe | Associated with an Eicon Networks ISDN or ADSL modem. Call Guard Server (CGserver) watches your modem and blocks incoming or outgoing calls. You need cgard.exe (from Startmenu) to configure cgserver with rules and telephone numbers. Good against unwanted dialer programs |
| Cgtask Services | X | cgtask.exe | Added by the LALA.B VIRUS! |
| Cgywin | X | cgywin32.exe | Added by the W32/Rbot-AEI
Worm! |
| ChamClock | U | ChamClock.exe | Chameleon Clock - system tray clock replacement |
| change-me-now | X | msgfix1.exe | Added by the SDBOT.ZD WORM! |
| ChangeICON | U | SPMSMON.EXE | Card reader related program. Note: May cause problems with My Computer loading at startup. Disabling through MsConfig seems to solve the problem.
|
| ChangeLines | ? | chngline.exe | ?? |
| Chatango | N | Chatango.exe | Chatango "allows people to be connected in real time through their Web browsers. Include your Chatango contact link or button when you create eBay auctions, blogs, personal websites, Friendster profiles, and your visitors will be able to contact you instantly, without downloading anything, or registering. Alo use it to send email to your friends, allowing them to respond to you in real time!."
The 'MessageCatcher' icon in the System Tray notifies you when you get a message. When you get a message, a little alert pops up, which you can click on and start chatting immediately. |
| Chcenter | N | chcenter.exe | IMSI HiJaak - "the easiest way to convert, capture, and manage all your graphic files" |
| che32 | X | che.ocx.vbs | Added by the WM97/Adenu-B
VIRUS! |
| Cheatle | X | GigaByte.exe | Added by the SHODI.B VIRUS! |
| Check for One Touch Update | N | wiseupdt.exe | Checks for updates for Visioneer OneTouch scanners |
| Check for TWS Updates | N | WiseUpdt.exe | Interactive Brokers - check for update to their standalone Java-based trading platform
|
| Check Messenger | U | cmesseng.exe | Check Messenger from Qchex.com - program that helps you manage the activity of your Qchex account |
| CheckCustomWorksUpdate | N | CheckCWupdate.exe | Update checker, part of CustomWorks - "customize any embroidery designs to design your own unique creations" |
| Checkdisk | X | mscas.exe | Added by the Troj/Vagon-A
TROJAN!
Note: This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
|
| Checkdisk | X | mscas.exe | Added by the W32/VAGON.A-TR downloader TROJAN!
|
| CheckIt | U | ToolBox.exe | CheckIt Toolbox from WinCheckIt Diagnostic Software. Toolbox automatically backs up critical system files (such as .ini files and the Windows Registry), and performs a check on various system parameters at intervals you specify |
| CheckIt 86 | U | CheckIt86.exe | CheckIt_86 popup blocker |
| CheckMsgPlus | Y | MsgPlusH.dll, VerifyInstallation | Added by MSN Messenger Plus, a third party extension to MSN Messenger. This is the auto-update feature - see here for more info. |
| checkrun | X | elite***32.exe (* = random char) | EliteBar adware |
| checkrun | X | elitelsj32.exe | Added by the Troj/Multidr-ER
TROJAN!
Note: This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
|
| CheckScan32 | X | regload16.exe | Added by the AEBOT.K WORM! |
| checktime | ? | ct.exe | Found in the \HPSelect\Frontend\ directory on a HP machine. What is it's purpose and is it required? |
| CheckVCR | Y | IOMagic.exe | Driver for the I/OMagic Personal Video Recorder (DR-PCTV100) |
| CherryKeyMan | U | KeyMan.exe | Multimedia keyboard manager for the Cherry keyboard series. Only required if you use any of the special keys |
| china11msn | X | CHINA11MSN.EXE | Added by the W32.ENVID.O WORM! |
| ChineseStar | U | cstar.exe | Chinese language support software |
| CHIPDRIVEPinManager | U | sokscmpn.exe | ChipDrive Smartcard software |
| CHIPDRIVESmartcardManager | U | SCMgr.exe | ChipDrive Smartcard software |
| CHKADMIN | N | CHKADMIN.EXE | Compaq Network Management System. When running, it places an icon in the system tray titled "Intelligent Manageability" |
| chkhbci | N | chkhbci.exe | Smart Card reader software for Omnikey readers
|
| Choke | X | Choke.exe-blahh | Added by the CHOKE VIRUS! |
| chope | X | runlli32.exe | Added by the Troj/QQPass-U
TROJAN!
Note: This trojan file is found in the System (95/98/Me) or System32 (Nt/2000/XP) folder. |
| chostsv | X | chostsv.exe | Added by the BANPAES.C VIRUS! |
| CHotKey | U | mhotkey.exe | Enables special keys on Chicony keyboards. Special combinations include Internet, E-mail, vol , vol-, mute, etc. Only required for extended features |
| CHotKey | U | zHotkey.exe | Enables special keys on Chicony keyboards. Special combinations include Internet, E-mail, vol , vol-, mute, etc. Only required for extended features |
| CHotKey | U | MK9805.EXE | Enables special keys on Chicony keyboards. Special combinations include Internet, E-mail, vol , vol-, mute, etc. Only required for extended features |
| Christmas Music Player | N | TTEST6.EXE | "Christmas Music Playerbrings the music of the Christmas Holiday to your desktop" |
| ChromeMark | ? | keysh.exe | Related to this. Don't know what keysh.exe does though and if it's required |
| ChronitelInitTV | ? | CHTVINIT.EXE | ?? |
| CiaBackdoor | X | msldr.com | Added by a VIRUS! |
| cihost.exe | X | cihost.exe | Added by the LINST VIRUS! |
| CIJxP2PSERVER | N | CIJxP2PS.EXE | Compaq printer utility which is required in order to make the printer work correctly - "x" depends upon the model, ie, for IJ300 x=3, for IJ700 x=7 |
| Cisco Systems VPN Client | U | ipsecdialer.exe | The Cisco VPN_Client Lets local users gain Administrator privileges on the operating system |
| Cisco Systems VPN Client | U | vpngui.exe | Sets up IPSec communications for Cisco's VPN_Client |
| CISrvr Program | N | CISRVR.EXE | Related to internet setup on Compaq PC's |
| Cissi | X | Cissi.exe | Added by the CISSI.A VIRUS! |
| CitiUCS | U | CitiUCS.exe | Citibank Virtual_Account_Numbers |
| CitiVAN | N | CitiVAN.exe | Option from Citibank to change a credit card number in a random fashion for each purchase. The number will only be used once and never again |
| CJET | X | CJet.exe | Added by the Adware.FFToolBar adware toolbar. |
| Cjstcom | Y | Cjstcom.exe | Canon printer BJ status language monitor |
| ClamWin | Y | ClamTray.exe | ClamWin antivirus |
| Classes | X | intl.exe | "Switch" adult content dialler
|
| Classes | X | run_21.exe | "Switch" adult content dialler |
| Classes | X | int1.exe | "Switch" adult content dialler |
| Classes | X | srv.exe | "Switch" adult content dialler |
| Classes | X | srv2.exe | "Switch" adult content dialler |
| Classes | X | mstart.exe | "Switch" adult content dialer |
| Classes | X | MSTAR2.EXE | "Switch" adult content dialer |
| CLBOOT32 | U | CLBOOT32.EXE | PC-Duo_Remote_Control from Vector. "System Snapshot provides a detailed
inventory of a Client's hardware configuration. It includes information on CPUs, memory, operating systems, printers, display drivers, disk size and free
space, network details and much more!". For tech support users to provide remote assistance |
| CLCLSet | U | CLCL.exe | CLCL clipboard caching utility |
| CleanEasyImg | ? | cleanall.exe | ?? |
| CleanRegPath | ? | CleanReg.exe | Apparently Annex A ADSL modem related - what does it do and is it required? |
| CleanSweep Smart Sweep- Internet Sweep | U | Csinsm32.exe | Automatic logging of installs from Norton CleanSweep - available via Start -> Programs |
| CleanSweep Useage Watch | N | CSUSEM32.EXE | Quarterdeck/Norton CleanSweep component - tracks how often you use files and alerts you to files that have not been used for a specified period of time |
| CleanTemp | U | CLEANT~1.EXEBCleanTemp.exe | CleanTemp - deletes the contents of the TEMP directory when Windows starts and then closes - using no memory |
| Cleanup | N | ONICTASK.EXE | Internet Cleanup from Aladdin Systems (used to be by OnTrack) - cleans up tracks left by browsing the internet |
| CleanUp | Y | |
