| N | LogitechQuickCamRibbon | QuickCam10.exe | "Loads versions of the Logitech QuickCam webcam software and is required to support features such as face tracking. If enabled |
| X | Logonrepclient1 | CSRSS.EXE | "Added by the BRONTOK-BT WORM and variants! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in Documents and Settings\<User>\Local Settings\Application Data\WINDOWS"
|
| X | Lpr | Lpr123.exe | "Added by the REMPSTEAL password stealer TROJAN!"
|
| X | Lpr123 | Lpr123.exe | "Added by the REMPSTEAL password stealer TROJAN!"
|
| N | LS120 Superdisk | ?? | "Supposed to accelerate transfer rate on LS-120 |
| X | lsass16 | lsass16.exe | "Added by the BANKER-BXX TROJAN!"
|
| X | LTM2 | winvers16.exe | "Added by the SMALL.ND TROJAN!"
|
| Y | LTWinModem1 | ltmsg.exe | "Lucent Technologies (now Alcatel-Lucent) WinModem - which uses software rather than hardware |
| X | M1cr0s0ft S3rcurity | systemconfig.exe | "Added by the RBOT.BKB WORM!"
|
| X | M1cr0s0ft Upd4t4zS | update32.exe | "Added by the RBOT-MI WORM!"
|
| X | main16 | main16.exe | "Added by the CRYPTER.A TROJAN!"
|
| X | MalwareBurn 7.1 | MalwareBurn 7.1.exe | "MalwareBurn rogue security software - not recommended |
| X | MalwareWiped 6.1 | MalwareWiped 6.1.exe | "MalwareWipe rogue security software variant - not recommended |
| X | maskrider | maskrider2001.vbs | "Added by the SOLOW-G WORM!"
|
| X | MedGS | MEDGS1.exe | "PacerD_Media/Pacimedia.com adware"
|
| X | Media Player Update | xpsp1mfh.exe | "Added by a variant of the RBOT WORM!"
|
| X | Media Plug x.1.2 | msdm.exe | Added by the MULDROP.352 VIRUS!
|
| N | MediaMonitor | Mediam~1.exe | Installed by Smartdisk MVP CD burning software. Software will work fine without it
|
| X | MediaPath | Proyecto1.exe | "Added by the GRUEL WORM!"
|
| X | Messenger Explorer | m41n.exe | "Added by the SDBOT-SA BACKDOOR!"
|
| X | Messenger91 | messengersystem.exe | "Added by the RBOT-FPF WORM!"
|
| U | MFP1815_S2P | Scan2pc.exe | Scan to PC application for the scanning function of the Dell Laser MFP 1815 multifunction printer
|
| U | MicroDialler | atdialler1.exe | "Part of the Freeserve Connection Kit - changes the dial-up for Freeserve AnyTime if access problems are encountered"
|
| X | Microfinder lptt01 | mcf.exe | "RapidBlaster variant (in a ""mcf"" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here"
|
| X | MICROSFT ANTIVIRUS UPDATE SUPPORT | [random 10-letter filename].EXE | "Added by the RBOT-AQA WORM!"
|
| X | Microsft Corporation Version 2001.12.4414 | comrel.exe | "Added by a variant of the SDBOT TROJAN!"
|
| X | Microsft Corporation Version 2002.12.2414 | comserv.exe | "Added by a variant of the SLAPER TROJAN!"
|
| X | Microsft Windows Adapter 5.1.3013 | [random filename] | "Added by the SMALL.HIT TROJAN!"
|
| X | Microsoft (R) Windows Network Latency Controller | 1.tmp | "Added by a generic password stealer TROJAN - see here"
|
| X | Microsoft 16Bit Update | wuapdate16.exe | "Added by the RBOT.CZ WORM!"
|
| X | Microsoft AUT Update | MSlti16.exe | "Added by the RBOT.EB WORM!"
|
| X | Microsoft Auto Update | WINHLP16.EXE | "Added by the RBOT.GY WORM!"
|
| X | Microsoft Configuration 35 | microsot1.exe | "Added by an unidentified TROJAN!"
|
| X | Microsoft DirectX | time123.exe | "Added by the SDBOT.MD WORM!"
|
| X | MicroSoft Getway mqbol | [12 random letters].exe | "Added by the RBOT.GBA WORM!"
|
| X | Microsoft hren1 | mmhren1.exe | Added by a variant of the AGENT.IWW TROJAN!
|
| X | Microsoft IDCN | mshe1p.exe | Added by an unidentified TROJAN!
|
| X | Microsoft Internet | wincfg16.exe | "Added by a variant of the SDBOT WORM!"
|
| X | Microsoft Internet Firewall Manager | GMT16.exe | "Added by the RANDEX.AT WORM!"
|
| X | Microsoft Management Console | lssas1.exe | "Added by the DLOADR-AWD TROJAN!"
|
| X | Microsoft Netview Component v5.1 | msnv32.exe | "Added by the RANDEX.F WORM!"
|
| U | Microsoft Office 2010 | BCSSync.exe | "Part of SharePoint Server 2010 which is part of the Microsoft Office 2010 suite. ""Business Connectivity Services (BCS) uses a cache to store a copy of the external data required by the BCS solutions deployed on the Office client. A process called BCSSync.EXE runs on the client and provides automatic cache refresh and data synchronization of the entity instances."" For more information - see here"
|
| X | Microsoft Office Quick Launcher | iau1.exe | "Added by the DLOADR-AWD TROJAN!"
|
| X | Microsoft Problem Doctor | windr128.exe | "Added by the SMALLTRO.EF TROJAN!"
|
| X | Microsoft Security Management | wuauct1.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Server Applacations | wuauct1.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Service Pack2.1 | svchost2.exe | "Added by the RBOT.ASN BACKDOOR!"
|
| X | Microsoft Service Tools | MStools1.exe | "Added by the RBOT-BHT WORM!"
|
| X | MicroSoft ssadsadas3s1 | eXtream.exe | "Added by the SPYBOT.ZK TROJAN!"
|
| X | MicroSoft ssadssjdhasjadas3s1 | kdjfsdklfjsl.exe | "Added by the SDBOT.AEX WORM!"
|
| X | MicroSoft ssas3s1 | SADASDA.exe | "Added by the RBOT.URF WORM!"
|
| X | MicroSoft sys3s1 | h4ckn3t.exe | "Added by the RBOT.QTY WORM!"
|
| X | Microsoft System | winamp1.exe | "Added by the SDBOT-UF WORM!"
|
| X | Microsoft System Service | taskmgr1.exe | "Added by a variant of the SPYBOT WORM! See here"
|
| X | Microsoft Update | wuamgrd16.exe | "Added by the RBOT-BQ WORM!"
|
| X | Microsoft Windows 128bit Subsystem | system12.exe | "Added by the RANCK-CZ TROJAN!"
|
| X | Microsoft Windows 16Bit | mswinn16.exe | "Added by a variant of the SPYBOT WORM!"
|
| X | Microsoft Windows Adapter 5.1.3214 | [worm filename].exe | "Added by the STRAT.GEN-3 WORM!"
|
| X | Microsoft WinUpdate | Winamp61.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsofts Service | lcsrv16.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsong | svchosts11.exe | "Added by the SDBOT-EV WORM!"
|
| X | Microszoft Update Mach1nezs | svchst.exe | "Added by the RBOT-ED WORM!"
|
| U | ML1HelperStartUp | ML1HEL~1.EXE | "ScreenScenes ""Midnight Lake"" screensaver. The freeware version comes with GAIN branded ads (pop-ups and others). ScreenScenes do however offer you the option of doing away with the ads by purchasing the screensaver for a whopping $30. Please note that Claria Corporation no longer support GAIN-Supported software - see here"
|
| U | ML1HelperStartUp | ML1Helper.exe | "ScreenScenes ""Midnight Lake"" screensaver. The freeware version comes with GAIN branded ads (pop-ups and others). ScreenScenes do however offer you the option of doing away with the ads by purchasing the screensaver for a whopping $30. Please note that Claria Corporation no longer support GAIN-Supported software - see here"
|
| N | mmpti | m1mmpti.exe | Mpact Mediaware Properties Taskbar Icon - multimedia software icon for Chromatic Research Mpact video cards
|
| X | Modulo 00FE0F01 Host Internet | syschost.exe | "Added by the DELF-KW TROJAN!"
|
| N | MoneyStartUp10.0 | Activation.exe | Part of MS Money 2002. Available via Start -> Programs
|
| X | Monitor calibration | AV1i.exe | "Anti-Virus-1 rogue security software - not recommended |
| X | monitor1a | monitor1a.exe | "Added by the MSNAGEN-A TROJAN!"
|
| X | motoin | mm15201518.Stub.exe | "Delfin Promulgate adware variant"
|
| X | Mozilla Firefox | F1REF0X.EXE | "Added by the SDBOT-UP BACKDOOR! Note that the filename has the numbers ""1"" and ""0"" in place of upper case ""i"" and ""o"" respectively"
|
| X | MS Agent Protection | ag1.exe | "Added by the IRCBOT.AZ BACKDOOR!"
|
| X | MS Config Loader | svchos1.exe | "Added by the AGOBOT.R WORM!"
|
| X | MS Config v12 | mscfg12.exe | "Added by the AGOBOT.YP WORM!"
|
| X | MS Config v13 | lrbz32.exe | "Added by the GAOBOT.AOL WORM!"
|
| X | MS Config v13 | mscfg13.exe | "Added by the AGOBOT.YQ WORM!"
|
| X | MS lsass Startup | lsass135.exe | "Added by the RBOT.WM WORM!"
|
| X | MS Office | Office10.exe | "Added by the VB.DT TROJAN!"
|
| X | MS Sound Config 16bit | sndcfg16.exe | "Added by the SDBOT.MB TROJAN!"
|
| X | MS-Connect | msite18.exe | "Adult content dialler - see here"
|
| X | MS7531 | ms7531.exe | Homepage hijacker
|
| X | mscheck | rundll32.exe wincheck071008.dll mymain | "Added by the AGENT.ADXI TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""wincheck071008.dll"" file is located in %System%"
|
| X | Msconfig lptt01 | msconfig.exe | "RapidBlaster variant (in a ""msconfig"" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here. Note - this is not the valid Windows Msconfig which has the same executable name"
|
| X | MSControl31 | winnsyst.exe | "Added by the RBOT.CFY WORM!"
|
| X | MSControl3d1 | isasse.exe | "Added by the RBOT.CGU WORM!"
|
| X | msgb1 | msgb1.exe | Added by the DLUCA.GEN TROJAN!
|
| X | Msgsrv16 | Msgsrv16.exe | "Added by the DELF family of TROJANS!"
|
| X | Msgtray | sys16.exe | Added by an unknown VIRUS!
|
| X | msig | disk10.exe | "Added by the BANBRA-KF TROJAN!"
|
| X | Mslogon lptt01 | mslogon.exe | "RapidBlaster variant (in a ""Mslogon"" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here"
|
| X | MSN | msn16.exe | "Added by the SDBOT-VN WORM!"
|
| X | MSN | services51651.exe | "Added by the IRCBOT-AAL TROJAN!"
|
| X | MSN Messenger | PIC1324.exe | "Added by the CHOKE.C WORM!"
|
| X | MSN service | msnmgr16.exe | "Added by a variant of the RBOT WORM!"
|
| X | MSN service | msnmsgr16.exe | "Added by the RBOT-RZ WORM!"
|
| X | MSN6.1 Auto-Updater | v6msn.exe | "Added by the AUTORUN-MM WORM!"
|
| X | MSNMSGRS1 | swed.bat | IRC backdoor TROJAN or WORM!
|
| X | msrundll | msrund1l32.exe | "Added by the BINGHE TROJAN!"
|
| X | MSService_v1.0 | realsched.exe | "EHU adware. Note - this is not the legitimate RealOne Player (realsched.exe) application of the same name"
|
| X | MSService_v1.0 | vfp02.exe | "NewWeb adware"
|
| X | mssurfer lptt01 | mssurfer.exe | "RapidBlaster variant (in a ""surfer"" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here"
|
| X | mswspl | plugin1.exe | "Added by the SMALL.IQ TROJAN!"
|
| X | MSxmlHpr | "RUNDLL32.EXE [path] msxm192z.dll | w" |
| X | Msy1 Startups | msyj32.exe | "Added by the AGOBOT-QQ WORM!"
|
| X | msys lptt01 | msys.exe | "RapidBlaster variant (in a ""Msyss"" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here"
|
| X | Multimedia extensions | mservice1.exe | "Added by the DLOADR-AWD TROJAN!"
|
| N | Music01 Server | Music01 Server.exe | "J River Media Jukebox"
|
| X | MusIRC (irc.music.com) client | musirc4.71.exe | "Added by the RANDEX.Q WORM!"
|
| U | MW1HelperStartUp | Mw1helper.exe | "ScreenScenes ""Magic Waterfall"" screensaver. The freeware version comes with GAIN branded ads (pop-ups and others). ScreenScenes do however offer you the option of doing away with the ads by purchasing the screensaver for a whopping $30. Please note that Claria Corporation no longer support GAIN-Supported software - see here"
|
| U | MW1HelperStartUp | MW1HEL~1.EXE | "ScreenScenes ""Magic Waterfall"" screensaver. The freeware version comes with GAIN branded ads (pop-ups and others). ScreenScenes do however offer you the option of doing away with the ads by purchasing the screensaver for a whopping $30. Please note that Claria Corporation no longer support GAIN-Supported software - see here"
|
| X | My Supervisor | MSup1bf7.exe | "My Supervisor rogue system suite - not recommended |
| X | MyCometCursor | MYCOME~1.EXE | "Comet Cursor adware"
|
| X | MyDailyHoroscope | MYDAIL~1.EXE | "MyDailyHoroscope foistware"
|
| X | NAV Auto Prot | navprot1.exe | "Added by the RBOT.ZAC WORM!"
|
| X | NAV Auto Protect | msfwe1.exe | "Added by a variant of the RBOT WORM!"
|
| X | NBInstall | MBDownloader_876919.exe | "Added by the MIRAR_D TROJAN!"
|
| ? | nbustrce1D | nbustrce1D.exe | "Device driver |
| X | NC1565 | winntsrv -l -p10001 -d -e cmd.exe -L | "Added by the NEWLEY-A WORM!"
|
| X | Nero Updater.6.12 | wmp9.exe | "Added by the AGOBOT-AAG WORM!"
|
| ? | NetFxUpdate_v1.0.3705 | netfxupdate.exe | "Would appear to be a valid Microsoft .NET file (see here) but other sources suggest it could be a trojan"
|
| U | NETGEAR WG111T Smart Wizard | wlan111t.exe | "Configuration utility for the Netgear WG111T multi-rate Wireless USB 2.0 Adapter that ""provides wireless access to your desktop or notebook PC through the computer's USB port"""
|
| X | New.net Startup | "rundll32 [path] NEWDOT~1.DLL | ClientStartup" |
| X | New.net Startup | "rundll32 [path] NEWDOT~1.DLL | NewDotNetStartup" |
| X | Newsgroup lptt01 | newsgroup.exe | "RapidBlaster variant (in a ""newsgroup"" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here"
|
| X | NI.ERS_9999_N91S3108 | [path to file] | "Installer for the ErrorSafe rogue system error and cleaning utility - see here"
|
| X | NI.GA6PU_0001_N108E1308 | [path to file] | "Installer for the VirusSchlacht German rogue security software - see here"
|
| X | NI.GA6PU_0001_N120C2910 | [path to file] | "Installer for the VirusSchlacht German rogue security software - see here"
|
| X | NI.GA6P_0001_N105E2704 | [path to file] | "Installer for the AVSystemCare rogue security software - see here"
|
| X | NI.GA6P_0001_N108E1606 | [path to file] | "Installer for the BestsellerAntivirus rogue security software - see here"
|
| X | NI.GA6P_0001_N111C1707 | [path to file] | "Installer for the AVSystemCare rogue security software - see here"
|
| X | NI.GA6P_0001_N115C0110 | [path to file] | "Installer for the AVSystemCare rogue security software - see here"
|
| X | NI.GA6P_0001_N115E0110 | [path to file] | "Installer for the AVSystemCare rogue security software - see here"
|
| X | NI.GA6P_0001_N122C0611 | [path to file] | "Installer for the AVSystemCare rogue security software - see here"
|
| X | NI.GA6P_0001_N122C2210 | [path to file] | "Installer for the AVSystemCare rogue security software - see here"
|
| X | NI.GA6P_0001_N122C2802 | [path to file] | "Installer for the AVSystemCare rogue security software - see here"
|
| X | NI.GA6P_0001_N122E0611 | [path to file] | "Installer for the AVSystemCare rogue security software - see here"
|
| X | NI.GA6P_2001_N108E1606 | [path to file] | "Installer for the BestsellerAntivirus rogue security software - see here"
|
| X | NI.GDCDE_0001_N122C1912 | [path to file] | "Installer for the FestplattenReiniger German rogue privacy tool - see here"
|
| X | NI.GDC_0001_N111C1909 | [path to file] | "Installer for the PCPrivacyTool rogue privacy tool - see here"
|
| X | NI.GDC_0001_N122C1912 | [path to file] | "Installer for the PCPrivacyTool rogue privacy tool - see here"
|
| X | NI.GES_0001_N122C2610 | [path to file] | "Installer for the ErrClean rogue system error and cleaning utility - see here"
|
| X | NI.UAVIFR_0001_N105M2404 | [path to file] | "Installer for the VirusGarde French rogue security software - see here"
|
| X | NI.UERSM_0001_N68M1602 | [path to file] | "Installer for the ErrorSafe rogue system error and cleaning utility - see here"
|
| X | NI.UGA6PH_0001_N122M2910 | [path to file] | "Installer for the AntiVirusAskeladd rogue security software - see here"
|
| X | NI.UGA6PK_0001_N122M1302 | [path to file] | "Installer for the VirusForsvar Danish rogue security software - see here"
|
| X | NI.UGA6PL_0001_N108M2808 | [path to file] | "Installer for the VirusSchlacht Swedish rogue security software - see here"
|
| X | NI.UGA6PL_0001_N120M1302 | [path to file] | "Installer for the VirusSchlacht Swedish rogue security software - see here"
|
| X | NI.UGA6PM_0001_N108M2108 | [path to file] | "Installer for the AntivirusScherm Dutch rogue security software - see here"
|
| X | NI.UGA6PM_0001_N122M1202 | [path to file] | "Installer for the AntivirusScherm Dutch rogue security software - see here"
|
| X | NI.UGA6PM_0001_N122M3010 | [path to file] | "Installer for the AntivirusScherm Dutch rogue security software - see here"
|
| X | NI.UGA6PT_0001_N108M2208 | [path to file] | "Installer for the VirusDifesa Italian rogue security software - see here"
|
| X | NI.UGA6PT_0001_N122M1202 | [path to file] | "Installer for the VirusDifesa Italian rogue security software - see here"
|
| X | NI.UGA6PT_0001_N122M2910 | [path to file] | "Installer for the VirusDifesa Italian rogue security software - see here"
|
| X | NI.UGA6PU_0001_N108M1308 | [path to file] | "Installer for the VirusSchlacht German rogue security software - see here"
|
| X | NI.UGA6PU_0001_N120M1202 | [path to file] | "Installer for the VirusSchlacht German rogue security software - see here"
|
| X | NI.UGA6PU_0001_N120M2910 | [path to file] | "Installer for the VirusSchlacht German rogue security software - see here"
|
| X | NI.UGA6PV_0001_N108M0207 | [path to file] | "Installer for the VirusGarde French rogue security software - see here"
|
| X | NI.UGA6PV_0001_N122M1202 | [path to file] | "Installer for the VirusGarde French rogue security software - see here"
|
| X | NI.UGA6PV_0001_N122M2910 | [path to file] | "Installer for the VirusGarde French rogue security software - see here"
|
| X | NI.UGA6P_0001_N105M2704 | [path to file] | "Installer for the AVSystemCare rogue security software - see here"
|
| X | NI.UGA6P_0001_N111M1707 | [path to file] | "Installer for the AVSystemCare rogue security software - see here"
|
| X | NI.UGA6P_0001_N115M0110 | [path to file] | "Installer for the AVSystemCare rogue security software - see here"
|
| X | NI.UGA6P_0001_N119M1510 | [path to file] | "Installer for the AVSystemCare rogue security software - see here"
|
| X | NI.UGA6P_0001_N120M1710 | [path to file] | "Installer for the AVSystemCare rogue security software - see here"
|
| X | NI.UGA6P_0001_N122M0611 | [path to file] | "Installer for the AVSystemCare rogue security software - see here"
|
| X | NI.UGA6P_0001_N122M2210 | [path to file] | "Installer for the AVSystemCare rogue security software - see here"
|
| X | NI.UGA6P_0001_N122M2802 | [path to file] | "Installer for the AVSystemCare rogue security software - see here"
|
| X | NI.UGA6P_0007_N125M2002 | [path to file] | "Installer for the BestsellerAntivirus rogue security software - see here"
|
| X | NI.UGA6P_1001_N122M0402 | [path to file] | "Installer for the AVSystemCare rogue security software - see here"
|
| X | NI.UGA6P_1002_N122M1402 | [path to file] | "Installer for the AVSystemCare rogue security software - see here"
|
| X | NI.UGA6P_4001_N122M2111 | [path to file] | "Installer for the AVSystemCare rogue security software - see here"
|
| X | NI.UGA6P_4444_N122M2811 | [path to file] | "Installer for the AVSystemCare rogue security software - see here"
|
| X | NI.UGA6P_5001_N122M1902 | [path to file] | "Installer for the AVSystemCare rogue security software - see here"
|
| X | NI.UGA6P_5555_N122M0312 | [path to file] | "Installer for the AVSystemCare rogue security software - see here"
|
| X | NI.UGDC1_0001_N119M0911 | [path to file] | "Installer for the FilterProgram rogue privacy tool - see here"
|
| X | NI.UGDCCZ_0001_N122M0307 | [path to file] | "Installer for the SuspenzorPC Czech rogue privacy tool - see here"
|
| X | NI.UGDCCZ_0001_N122M0511 | [path to file] | "Installer for the SuspenzorPC Czech rogue privacy tool - see here"
|
| X | NI.UGDCCZ_0001_N122M1712 | [path to file] | "Installer for the SuspenzorPC Czech rogue privacy tool - see here"
|
| X | NI.UGDCDE_0001_N111M3007 | [path to file] | "Installer for the FestplattenReiniger German rogue privacy tool - see here"
|
| X | NI.UGDCDE_0001_N122M1912 | [path to file] | "Installer for the FestplattenReiniger German rogue privacy tool - see here"
|
| X | NI.UGDCGR_0001_N122M0307 | [path to file] | "Installer for the FestplattenReiniger Greek rogue privacy tool - see here"
|
| X | NI.UGDCGR_0001_N122M1812 | [path to file] | "Installer for the FestplattenReiniger Greek rogue privacy tool - see here"
|
| X | NI.UGDCNL_0001_N111M3007 | [path to file] | "Installer for the NoCompromaat Dutch rogue privacy tool - see here"
|
| X | NI.UGDCNL_0001_N122M1912 | [path to file] | "Installer for the NoCompromaat Dutch rogue privacy tool - see here"
|
| X | NI.UGDCNL_0001_N122M3011 | [path to file] | "Installer for the NoCompromaat Dutch rogue privacy tool - see here"
|
| X | NI.UGDCPL_0001_N108M0207 | [path to file] | "Installer for the OczyszczaczKomputerza Polish rogue privacy tool - see here"
|
| X | NI.UGDCPL_0001_N122M2012 | [path to file] | "Installer for the OczyszczaczKomputerza Polish rogue privacy tool - see here"
|
| X | NI.UGDCRU_0001_N111M0208 | [path to file] | "Installer for the SanitarDiska Romanian rogue privacy tool - see here"
|
| X | NI.UGDCRU_0001_N122M2012 | [path to file] | "Installer for the SanitarDiska Romanian rogue privacy tool - see here"
|
| X | NI.UGDCTH_0001_N122M1712 | [path to file] | "Installer for the PC Drive Tool rogue privacy tool - see here"
|
| X | NI.UGDCTR_0001_N108M0407 | [path to file] | "Installer for the PC Drive Tool rogue privacy tool - see here"
|
| X | NI.UGDC_0001_N108M0407 | [path to file] | "Installer for the PC Drive Tool rogue privacy tool - see here"
|
| X | NI.UGDC_0001_N111M1909 | [path to file] | "Installer for the PCPrivacyTool rogue privacy tool - see here"
|
| X | NI.UGDC_0001_N122M0502 | [path to file] | "Installer for the PCPrivacyTool rogue privacy tool - see here"
|
| X | NI.UGDC_0001_N122M1912 | [path to file] | "Installer for the PCPrivacyTool rogue privacy tool - see here"
|
| X | NI.UGDC_0001_N122M2603 | [path to file] | "Installer for the PCPrivacyTool rogue privacy tool - see here"
|
| X | NI.UGDC_0001_N122M2610 | [path to file] | "Installer for the PCPrivacyTool rogue privacy tool - see here"
|
| X | NI.UGDC_0001_N122M2802 | [path to file] | "Installer for the PCPrivacyTool rogue privacy tool - see here"
|
| X | NI.UGDC_0001_N122M2811 | [path to file] | "Installer for the PCPrivacyTool rogue privacy tool - see here"
|
| X | NI.UGDC_0002_N108M1007 | [path to file] | "Installer for the PC Drive Tool rogue privacy tool - see here"
|
| X | NI.UGDC_0003_N108M2407 | [path to file] | "Installer for the PCPrivacyTool rogue privacy tool - see here"
|
| X | NI.UGESF_0001_N122M0201 | [path to file] | "Installer for the HataDuzelticisi Turkish rogue system error and cleaning utility - see here"
|
| X | NI.UGESL_0001_N105M0405 | [path to file] | "Installer for the SystemOrdnare Swedish rogue system error and cleaning utility - see here"
|
| X | NI.UGESL_0001_N122M0303 | [path to file] | "Installer for the SystemOrdnare Swedish rogue system error and cleaning utility - see here"
|
| X | NI.UGESL_0001_N122M2911 | [path to file] | "Installer for the SystemOrdnare Swedish rogue system error and cleaning utility - see here"
|
| X | NI.UGESM_0001_N122M0303 | [path to file] | "Installer for the DokterFix Dutch rogue system error and cleaning utility - see here"
|
| X | NI.UGESV_0001_N108M2006 | [path to file] | "Installer for the SysDepannage French rogue system error and cleaning utility - see here"
|
| X | NI.UGESV_0001_N122M0303 | [path to file] | "Installer for the SysDepannage French rogue system error and cleaning utility - see here"
|
| X | NI.UGESV_0001_N122M2811 | [path to file] | "Installer for the SysDepannage French rogue system error and cleaning utility - see here"
|
| X | NI.UGESV_0001_N122M3010 | [path to file] | "Installer for the SysDepannage French rogue system error and cleaning utility - see here"
|
| X | NI.UGES_0001_N108M2006 | setup_en.exe | "Installer for the MyContentAssistant rogue privacy tool"
|
| X | NI.UGES_0001_N122M0502 | [path to file] | "Installer for the ErrClean rogue system error and cleaning utility - see here"
|
| X | NI.UGES_0001_N122M2111 | [path to file] | "Installer for the ErrClean rogue system error and cleaning utility - see here"
|
| X | NI.UGES_0001_N122M2602 | [path to file] | "Installer for the ErrClean rogue system error and cleaning utility - see here"
|
| X | NI.UGES_0001_N122M2603 | [path to file] | "Installer for the ErrClean rogue system error and cleaning utility - see here"
|
| X | NI.UGES_0001_N122M2610 | [path to file] | "Installer for the ErrClean rogue system error and cleaning utility - see here"
|
| X | NI.UGES_0002_N108M1607 | [path to file] | "Installer for the ErrClean rogue system error and cleaning utility - see here"
|
| X | NI.UWA6P_0001_N56M1001 | WinAntiVirusPro2006Installer.exe | "Installer for the WinAntiVirus Pro 2006 rogue security software"
|
| X | NI.UWA6P_0001_N69M0303 | WinAntiVirusPro2006Installer[1].exe | "Installer for the WinAntiVirus Pro 2006 rogue security software"
|
| X | NI.UWA6P_0001_N73M1004 | WinAntiVirusPro2006FreeInstall.exe | "Installer for the WinAntiVirus Pro 2006 rogue security software"
|
| X | NI.UWA6P_0001_N91M1807 | WinAntiVirusPro2006FreeInstall[1].exe | "Installer for the WinAntiVirus Pro 2006 rogue security software"
|
| X | NI.UWA7P_0001_N91M0809 | WinAntiVirusPro2007FreeInstall.exe | "Installer for the WinAntiVirus Pro 2007 rogue security software - see here"
|
| X | NI.UWAS5LP_0001_0811 | UWAS5LP_0001_0811NetInstaller.exe | "Installer for the WinAntiSpyware 2005 rogue spyware remover - not recommended |
| X | NI.UWAS6_0001_N57M1312 | WinAntiSpyware2006FreeInstall.exe | "Installer for the WinAntiSpyware 2006 rogue spyware remover - not recommended |
| X | NI.UWAS6_0001_N68M2301 | UWAS6_0001_N68M2301NetInstaller.exe | "Installer for the WinAntiSpyware 2006 rogue spyware remover - not recommended |
| X | NI.UWFX5LP_0001_0614 | UWFX5LP_0001_0614NetInstaller.exe | "WinFixer 2005 web installer - ""foistware"" |
| X | NI.UWFX5LP_0001_0715 | UWFX5LP_0001_0715NetInstaller.exe | "WinFixer 2005 web installer - ""foistware"" |
| X | NI.UWFX5LP_0001_0802 | UWFX5LP_0001_0802NetInstaller.exe | "WinFixer 2005 web installer - ""foistware"" |
| X | NI.UWFX5LP_0001_0803 | UWFX5LP_0001_0803NetInstaller.exe | "WinFixer 2005 web installer - ""foistware"" |
| X | NI.UWFX5V_0001_0802 | UWFX5V_0001_0802NetInstaller.exe | "WinFixer 2005 web installer - ""foistware"" |
| X | NI.UWFX6_0001_N68M2301 | UWFX6_0001_N68M2301NetInstaller.exe | "WinFixer 2006 web installer - ""foistware"" |
| N | Norton Ghost 10.0 | GhostTray.exe | "Norton Ghost tray icon - the application can be launched manually"
|
| X | Notepad lptt01 | notepad.exe | "RapidBlaster variant (in a ""Notepad"" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here. Note - this is not Windows Notepad which has the same executable name"
|
| X | NTFS16 | ntfs16.exe | "Added by the RBOT-LY WORM!"
|
| N | Nuance OmniPage 17-reminder | Ereg.exe Ereg.ini | "Registration reminder for Ominpage version 17 from Nuance"
|
| X | Numerical Xtermz Agent | 1x32.exe | "Added by the RBOT-FWX WORM!"
|
| X | NvCp1Do | [path to trojan] | "Added by the DWNLDR-GWE TROJAN! The most common filename seen is ""smss.exe"" - which is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup!"
|
| X | nvd32 lptt01 | nvd32.exe | "RapidBlaster variant (in a ""nvd32"" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here"
|
| N | NVIDIA nForce APU1 Utilities | NVATray.exe | "nVidia's nForce Audio Processing Unit (APU)- ""provides 3D positional audio and DirectX 8.0 compatibility |
| U | nvsvc16 | nvsvc16.exe | "MySuperSPy surveillance software. Uninstall this software unless you put it there yourself"
|
| X | Nvt32 | complaint_7251.exe | "Added by the ARTIEF.B TROJAN!"
|
| X | NZ01 | NZ01.exe | "Added by the SCAR-K TROJAN!"
|
| ? | officejet 6100 | hposol08.exe | Associated with a HP PSC2110 (and maybe others) all-in-one machine
|
| X | Olympic | IE4321.exe | Adult content premium rate dialer - also detected as SMALL.CZ
|
| N | One Touch Monitor | 1tou~2.exe | For Visioneer OneTouch scanners. System tray access to the control panel for the scanner
|
| N | OneTouchMonitor | 1tou~2.exe | For Visioneer OneTouch scanners. System tray access to the control panel for the scanner
|
| N | ONETOU~2 | 1tou~2.exe | For Visioneer OneTouch scanners. System tray access to the control panel for the scanner
|
| N | OP12 Reminder | Ereg.exe ereg.ini | "Registration reminder for OmniPage from Nuance (was ScanSoft)"
|
| N | OpenOffice.org x | QUICKS~1.EXE | "Displays OpenOffice quick start applet in System tray. Right clicking on the icon allows rapid starting up of components of the OpenOffice suite. Available via Start -> Programs. Will automatically be started when any OpenOffice component is started from Start -> Programs. A resource hog (takes > 16 MB of memory). "x" represents the version number"
|
| X | Optim1 | regdtopt.exe | "Added by the RAMVICRYPE TROJAN!"
|
| N | Opware12 | Opware12.exe | "OmniPage from Nuance (was Scansoft) - version 12. If running |
| N | Opware14 | Opware14.exe | "OmniPage from Nuance (was Scansoft) - version 14. If running |
| N | Opware15 | Opware15.exe | "OmniPage from Nuance (was Scansoft) - version 15. If running |
| Y | Orange Connection Kit | atdialler1.exe | "Part of the Orange Connection Kit - changes the dial-up for Orange Any Time if access problems are encountered"
|
| U | OrigRage128Tweaker | RAGE128TWEAK.EXE | Third party tweaker for ATI Rage 128 Video cards from http://www.rageunderground.com
|
| X | P0w3rF1Y | svchost.exe | "Added by the BDOOR-MM BACKDOOR! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
|
| U | P17Helper | "Rundll32 P17.dll | P17Helper" |
| ? | P17Helper | "Rundll32 SPIRun.dll | RunDLLEntry" |
| ? | P17RunE | "RunDll32 P17RunE.dll | RunDLLEntry" |
| N | PaltalkNetaware.exe | PALNETAW~1.EXE | Voice chat program. This program stores all buddy list info apparently on the server itself so you never lose your buddy list should you need to reinstall the program due for whatever reason or even reformat. Available via Start → Programs. Delete the shortcut in Start → Programs → StartUp as well otherwise it will be reinstated
|
| X | PC Antispyware 2010 | PC_Antispyware2010.exe | "PC Antispyware 2010 rogue security software - not recommended |
| U | PC Doc Pro - 3.1 | pcdocpro.exe | "PC Doc Pro (now Win Doc Pro) - system health check and fix utility"
|
| N | PCSuiteTrayApplication | TRAYAP~1.EXE | "System Tray access to Nokia PC Suite - which ""is a free PC software product that allows you to connect your Nokia device to a PC and access mobile content as if the device and the PC were one."" This allows you (amongst other options) to backup your devices contents to your PC |
| N | PCSuiteTrayApplication | LAUNCH~1.EXE | "System Tray access to Nokia PC Suite - which ""is a free PC software product that allows you to connect your Nokia device to a PC and access mobile content as if the device and the PC were one."" This allows you (amongst other options) to backup your devices contents to your PC |
| U | Pd71Pan | Pd71Pan.Exe | "Audiotrak Prodigy 7.1 sound card control panel"
|
| U | pdfFactory Dispatcher v1 | fppdis1a.exe | "FinePrint pdfFactory Dispatcher - background task which handles the creation of PDF files when you print to the FinePrint pdfFactory printer. Version 1.x of the software. ""pdfFactory products offer a unique approach to PDF creation that is simpler |
| U | pdfFactory Pro Dispatcher v1 | fppdis1.exe | "FinePrint pdfFactory Pro Dispatcher - background task which handles the creation of PDF files when you print to the FinePrint pdfFactory PRO printer. Version 1.x of the software. ""pdfFactory products offer a unique approach to PDF creation that is simpler |
| U | PDUiP6210DMon | PDUiP6210DMon.exe | "Memory Card Utility for the Canon PIXMA iP6210D photo printer - which allows ""your computer to access the memory card reader feature of your printer"""
|
| U | PeerGuardian | PeerGuardian_1.99b_pr14.exe | "PeerGuardian - IP blocker for Windows. Used to protect privacy on P2P networks by blocking IP addresses specified in blocklists. Features support for multiple lists |
| X | PeqBL100 | PEQBL100.exe | "Added by the ENVID.D WORM!"
|
| X | Pest-Patrol 2.1.0 | Pest-Patrol.exe | "Pest-Patrol rogue security software - not recommended |
| U | Petit Larousse 2001 | HIPL2000Popup.exe | Popup dictionary tool
|
| ? | PFW_CfgEngine | PFWCFG~1.EXE | "Personal Firewall related?"
|
| X | plite731 | plite731.exe | "Poplite A adware"
|
| X | popsrv146 | popsrv146.exe | "AproposMedia adware"
|
| X | PowerPrifile | "rundl132 kenel.dll | PowerProfileEnable" |
| ? | POWERR~1 | POWERR~1.exe | "Power monitoring?"
|
| ? | PowerSet | Regedit.exe /s ...PowerSet_8100_CU.REG | "Appears to be Toshiba power management related"
|
| X | pp | pp12.exe | "Added by the DWNLDR-HXV TROJAN!"
|
| N | PP3100b | flatbed.exe | "Twain driver for the Visioneer PaperPort 3100b scanner that allows you to scan |
| N | PPort10reminder | Ereg.exe ereg.ini | "Registration reminder for PaperPort version 10 from Scansoft (now Nuance)"
|
| N | PPort11reminder | Ereg.exe Ereg.ini | "Registration reminder for PaperPort version 11 from Scansoft (now Nuance)"
|
| N | PPort12reminder | Ereg.exe Ereg.ini | "Registration reminder for PaperPort version 12 from Nuance"
|
| X | Program Access Service | [10 random letters].exe | "Added by the RBOT.GJJ WORM!"
|
| Y | proxim_orinoco_11abg | orinoco.exe | "Proxim ORiNOCO 11a/b/g PCI Card wireless configuration utility"
|
| N | PROXOMITRON | PROXOM~1.EXE | "A free |
| X | ps1 | ps1.exe | "PacerD Media/Pacimedia.com adware"
|
| X | PSof1 | PSof1.exe | "PacerD Media/Pacimedia.com adware installer"
|
| X | PSoft1 | psoft1.exe | "PacerD Media/Pacimedia.com adware installer"
|
| X | psybnc server 3.1 | psybnc321.exe | "Added by the RBOT.ENI BACKDOOR!"
|
| X | psyBNC-2.1.4 Client Server | psyBNC215.exe | "Added by a variant of the RBOT WORM!"
|
| X | PTRGMYGK | "rundll32.exe ptmg1v.dll | DllRunMain" |
| U | Purgative | PURGATIVE100.EXE | AIM (AOL Instant Messenger) Ad Remover Using Active Memory Edits instead of a patch/crack
|
| U | PVUnInst1 | PVUnInst1.exe | "Privacy View - privacy software that ensures that all your private computer files |
| N | p_981116 | p_981116.exe | "Win32 cabinet self extractor. More info here"
|
| N | Q152404 | wsript.exe Q152404.VBS | Appears to run Scandisk at bootup on NEC PCs
|
| X | QdrModule10 | QdrModule10.exe | "Internet Speed Monitor adware"
|
| X | QdrModule11 | QdrModule11.exe | "Internet Speed Monitor adware related - see example here"
|
| X | QdrModule12 | QdrModule12.exe | "Internet Speed Monitor adware related - see example here"
|
| X | QdrModule13 | QdrModule13.exe | "Internet Speed Monitor adware related - see example here"
|
| X | QdrModule15 | QdrModule15.exe | "Internet Speed Monitor I adware"
|
| X | QdrModule16 | QdrModule16.exe | "Internet Speed Monitor adware related - see example here"
|
| X | QdrModule17 | QdrModule17.exe | "Internet Speed Monitor I adware"
|
| X | QdrPack10 | QdrPack10.exe | "Internet Speed Monitor H adware"
|
| X | QdrPack11 | QdrPack11.exe | "Internet Speed Monitor adware related - see example here"
|
| X | QdrPack12 | QdrPack12.exe | "Internet Speed Monitor adware related - see example here"
|
| X | QdrPack13 | QdrPack13.exe | "Internet Speed Monitor adware related - see example here"
|
| X | QdrPack14 | QdrPack14.exe | "Internet Speed Monitor adware related - see example here"
|
| X | QdrPack15 | QdrPack15.exe | "Internet Speed Monitor adware related - see example here"
|
| X | QdrPack16 | QdrPack16.exe | "Internet Speed Monitor adware related - see example here"
|
| X | QdrPack17 | QdrPack17.exe | "Internet Speed Monitor adware related - see example here"
|
| N | QuickCam10 | QuickCam10.exe | "Loads versions of the Logitech QuickCam webcam software and is required to support features such as face tracking. If enabled |
| N | QuickCam10.exe | QuickCam10.exe | "Loads versions of the Logitech QuickCam webcam software and is required to support features such as face tracking. If enabled |
| N | QuickFinder Scheduler | QFSCHD100.exe | Used in Corel 2002 & Corel Suite 7 - finds files faster by indexing your files (similar to Microsoft's Find Fast or Fast Search for its Office products)
|
| N | QuickFinder Scheduler | QFSCHD110.EXE | "Used in Corel WordPerfect Office 11 - finds files faster by indexing your files (similar to Microsoft's Find Fast or Fast Search for its Office products). See here"
|
| N | QuickFinder Scheduler | QFSCHD130.EXE | "Used in Corel WordPerfect Office X3 - finds files faster by indexing your files (similar to Microsoft's Find Fast or Fast Search for its Office products). See here"
|
| U | Qwest 11n Wireless WPS Tool | WpsCenter.exe | Wireless configuration utility for the Qwest 11N 150MB USB wireless adapter
|
| X | rate.exe | i11r54n4.exe | "Added by the BEAGLE-I WORM!"
|
| X | rate.exe | i1ru74n4.exe | "Added by the BEAGLE.E WORM and variants!"
|
| X | Ravshell | rund1132.exe | "Added by the AGENT.OKZ TROJAN!"
|
| X | ravshell | 1explore.exe | "Added by the DLOADER.MJF TROJAN!"
|
| X | ravtask | rund1132.exe | "Added by the DLOADER.IYT TROJAN!"
|
| X | rb32 lptt01 | rb32.exe | "RapidBlaster variant (in a ""RapidBlaster"" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here"
|
| X | RDLL | RunDll16.exe | "Added by the SDBOT.F TROJAN!"
|
| ? | readericon10 | readericon10.exe | "Related to a multimedia card reader - possibly based upon an Alcor Micro chipset. What does it do and is it required?"
|
| X | RealP1ayer | [path to file] | "Added by the RPLAY.A TROJAN! Note that the name has a number ""1"" in place of the second lower case ""L"""
|
| X | realplay lptt01 | realplay.exe | "RapidBlaster variant (in a ""RealPlay"" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here. Note - this is not RealPlayer which can have the same executable name"
|
| X | Recommended Hotfix - {0421701D-CF13-4E70-ADF0-45A953E7CB8B} | RH.DLL | "SmartPops search hijacker"
|
| N | RecoverFromReboo | RECOVE~1.EXE | "Part of a DSL installer package from SBC (probably SBC/Yahoo DSL). If the installation is botched |
| N | RecoverFromReboot | RECOVE~1.EXE | "Part of a DSL installer package from SBC (probably SBC/Yahoo DSL). If the installation is botched |
| X | reg1.reg | vuamgard.exe | "Added by a variant of the IRCBOT TROJAN!"
|
| X | Regcheck | ~CAB001.EXE | "Added by the CYBRSPY.13A or CYBRSPY.13B TROJANS!"
|
| U | RegisterDropHandler | REGIST~1.EXE | "Part of the OCR software TextBridge Pro 9.0 (and possibly earlier versions). Typically used with imaging devices such as scanners and digital cameras for creating text documents from images. This item will probably be displayed twice and will re-instate itself whenever you start the main program so leave it - once started it frees the memory it used. Its purpose and an explanation of how to correct a problem it creates for ""Send To"" can be found here. Note that you don't have to uninstall TextBridge for this fix to work and the program works fine afterwards. Not used on later versions of the software - hence the 'U' recommendation"
|
| U | Registry | class0117[random].exe | "Blackbox captures emails and chat logs |
| X | Registry System16 Checkup Monitor | SystemReg16.exe | "Added by a variant of the RBOT WORM!"
|
| X | Registry System166 Checkup Monitor | SystemReg166.exe | "Added by a variant of the RBOT WORM!"
|
| X | RegistryMonitor1 | mljul1.exe | "Added by the SPAMBOT TROJAN!"
|
| X | RegistryMonitor1 | qtplugin.exe | "Added by the DELF-EZY TROJAN!"
|
| X | RegistryMonitor1 | igfxpers.exe | "Added by the DELF-EZZ TROJAN! Note - this is not the legitimate Intel graphics driver which has the same filename"
|
| X | RegistryMonitor1 | incognito.exe | "Added by the BUZUS.DAHY TROJAN!"
|
| U | REGIST~1 | REGIST~1.EXE | "Part of the OCR software TextBridge Pro 9.0 (and possibly earlier versions). Typically used with imaging devices such as scanners and digital cameras for creating text documents from images. This item will probably be displayed twice and will re-instate itself whenever you start the main program so leave it - once started it frees the memory it used. Its purpose and an explanation of how to correct a problem it creates for ""Send To"" can be found here. Note that you don't have to uninstall TextBridge for this fix to work and the program works fine afterwards. Not used on later versions of the software - hence the 'U' recommendation"
|
| X | Regro | rundll132.exe | "Added by the OKARAG TROJAN!"
|
| Y | Regx10EXE | ATIX10.exe | ATI Remote Wonder™ - PC wireless remote control driver. Required if you use it
|
| X | Remove 54tr10 | smss.exe | "Added by the BRONTOK-CH WORM! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in Documents and Settings\<User>\Local Settings\Application Data"
|
| X | Requester | requester.11.exe | "Added by the MUQUEST TROJAN!"
|
| X | rforce | EXP1ORER.EXE | "Added by the DROPPER.KN TROJAN! Note the number ""1"" in the filename rather than letter ""L"". It also drops another file named DEVICEMAP.SYS which is the ROOTKIT.O TROJAN!"
|
| N | RoxWatchTray | RoxWatchTray10.exe | "System Tray access to managing the ""Watched Folders"" |
| N | RoxWatchTray10 | RoxWatchTray10.exe | "System Tray access to managing the ""Watched Folders"" |
| X | RPCser32g1 | services.exe | "Added by the PREX.D WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
|
| X | Ruby13 | Ruby13.exe | "Added by the MEXER.E WORM!"
|
| X | Ruby14 | Ruby14.exe | "Added by the FIGHTRUB-A WORM!"
|
| Y | run= | smsrun16.exe | "Microsoft Systems Management Server (SMS) related - program that reads SMSRUN16.INI on clients running Win 3.1 |
| X | Rund11 | Rund11.EXE | "Added by the MARIO-C WORM!"
|
| X | rund1132 | rund1132.exe | "Added by the DOPBOT-A WORM!"
|
| X | Rund1132.exe | Rund1132.exe | "Added by the STARTPA-HS TROJAN!"
|
| X | Rund1l32 | Winfi1e32.exe | "Added by the MERTIAN WORM!"
|
| X | Rundll16 | Rundll16.exe | "Added by a number of VIRUSES |
| U | Rundll32 P17 | "Rundll32 P17.dll | P17Helper" |
| X | Rundll32.exe | Proyecto1.exe | "Added by the GRUEL WORM!"
|
| X | Rundll32_8 | "rundll32.exe 1.dll | DllRunServer" |
| X | runner1 | updater.exe | Added by the CRYPT.ULPM.GEN TROJAN!
|
| X | runner1 | retadpu.exe | "Added by the AGENT.SLZ TROJAN!"
|
| X | runner1 | mrofinu.exe | "Added by the AGENT.CZC TROJAN!"
|
| X | runner1 | retadpu[random digits].exe | "Added by the SMALL.CTV TROJAN!"
|
| X | runner1 | tsitra.exe | "Added by the AGENT.ABFQ TROJAN!"
|
| X | runner1 | faceback.exe | "Added by the DLOADR-BSX TROJAN!"
|
| X | Runtt1 | Internat.exe | "Added by the LINEAGE-R TROJAN!"
|
| X | Runtt1 | Internet.exe | "Added by the LINEAGE-Q TROJAN!"
|
| X | ryan1918 | servidevice.exe | "Added by the RBOT-GVR WORM!"
|
| X | ryy | rundl132.exe | "Added by the PWS-ANA TROJAN!"
|
| X | s9201 | av2008xp.exe | "Antivirus 2008 XP rogue security software - not recommended |
| X | s9201 | as2008xp.exe | "AntiSpyware XP 2008 rogue spyware remover - not recommended |
| X | s9201 | asproxp.exe | "AntiSpyware Pro XP rogue spyware remover - not recommended |
| N | SafeInstall.exe | SAFEIN~1.EXE | Monitors a download and ensures an newer version of a file isn't replaced by an older one
|
| X | SAHBundle | shop1003.exe | "ShopAtHomeSelect parasite"
|
| X | SB13mini | RYZO32.EXE | "Added by the SPYBOT-EJ WORM!"
|
| X | scain | s030109.Stub.exe | "Delfin Media Viewer adware related"
|
| X | sck121 | helpsyss.exe | Added by a variant of the MAILBOT TROJAN!
|
| X | SearchSetter | searchsetter[1].exe | Browser hijacker - redirecting to FindWhateverNow.com
|
| X | secboot | vtd 16.exe | "Added by the HAXDOOR-AE TROJAN!"
|
| X | Security Antivirus Xp 1 | inetfor.exe | "Added by the SDBOT.BAV WORM!"
|
| X | Security essentials 2010 | SE2010.exe | "Security Essentials 2010 rogue security software - not recommended |
| X | Service Pack 1 | [random filename] | "Added by the VXGAME.Z TROJAN! Note - the filename is random - see the link. Typical examples are vexg6ame4.exe |
| X | Servicerepclient1 | SERVICES.EXE | "Added by the BRONTOK-BT WORM and variants! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in Documents and Settings\<User>\Local Settings\Application Data\WINDOWS"
|
| X | services32 | mc-110-12-0000079.exe | Added by the TrojanDownloader.Agent.rv TROJAN!
|
| X | services32 | mc-58-12-0000120.exe | """Shorty"" adware - also detected as the AGENT.FD TROJAN!"
|
| X | services32 | mc-58-12-0000140.exe | """Shorty"" adware - also detected as the AGENT.FD TROJAN!"
|
| N | SetiQueue | Setiqu~1.exe | "Provides work unit buffering for Seti@Home clients - see here for more details"
|
| N | SetupICWDesktop | icwconn1.exe | Appears to be the "Internet Connection Wizard" from Internet Explorer being set-up as a desktop shortcut. Appears under the RunOnce registry key but is available under Start -> Programs -> Accessories -> Communication (or similar) anyway
|
| X | Sex Teris | st01b.exe | "Added by the REPAD WORM!"
|
| X | Shedule Connection | arpo412.exe | "Added by the PPDOOR-R WORM!"
|
| X | Shell | wmedia16.exe | "Added by the GOLDUN TROJAN!"
|
| X | Shell | Explorer.exe sound_drive16.exe | "Added by the GP BACKDOOR! Note - do not delete the legitimate Windows Explorer (explorer.exe) which is located in %Windir% and can be used to launch other files. The ""sound_drive16.exe"" file is located in %System%"
|
| X | Shell | ibm00001.dll | "Added by the TORPIG-Q TROJAN!"
|
| ? | ShowIcon_Justrams_USB Product Driver v2.12r012 | shwicon.exe | "Related to Just Rams USB product driver. Is it required?"
|
| ? | ShowIcon_SmartDisk Corporation_USB Card Reader v1.14e051 | shwicon.exe | "Card reader for memory cards from digital cameras. Is it required? "
|
| X | si91e44b | "rundll32.exe si91e44b.dll | EnableRunDLL32" |
| U | Sinus 1054 data WLAN Manager | Wifiusb.exe | Wireless management utility for the T-Com Sinus 1054 Data WLAN adapter
|
| Y | SiS7012Utility | SiSAudUt.exe | SiS Corporation sound card driver
|
| ? | SISAM10M | SISAM10M.exe | "??"
|
| U | SK51 | SK51.EXE | "SaveKeys keystroke logger/monitoring program - remove unless you installed it yourself!"
|
| U | SK9910DM | SK9910DM.EXE | Multi-function keyboard driver. Allows the use of programmable keys on mulimedia keyboards. Required if you use the additional keys
|
| U | sks-32 | SKS32P~1.EXE | "SpyKeySpy surveillance software. Uninstall this software unless you put it there yourself"
|
| X | slack12 | mfcee.exe | "Added by a variant of the SDBOT WORM!"
|
| N | Slingshot | SLINGS~1.EXE | "Atomica Slingshot - ""reference tool with access to dictionary and encyclopedia terms |
| N | SM1BG | SM1BG.EXE | USB driver for downloading from within Napster and iTunes to portable MP3 players. Only required at startup if you use it all the time - otherwise start it manually when required
|
| N | SM1NINT | SM1NINT.exe | Cypress USB Mass Storage Driver Notification Icon Application - tray notification for Cypress base memory sticks and external storage devices for Win98
|
| N | sMaRTcaPs | SMARTC~1.EXE | "sMaRTcaPs from Phoebus LLC - enables you to configure the time needed to depress Caps Lock |
| ? | SNCT511 | vsnct511.exe | "Unidentified ""Snapshot Viewer""- what does it do and is it required?"
|
| U | sndmi13 | vsndmi13.exe | "Driver for DualCam cameras - that combine the best features of a digital still camera and a webcam"
|
| X | Sound System | WinSound1.exe | "Added by an unidentified VIRUS |
| X | sounddrv | sndbdrv3104.exe | "CoolWebSearch parasite variant"
|
| ? | SPC610NC_Monitor | Monitor.exe | "Related to the Philips SPC610NC webcam. What does it do and is it required?"
|
| U | Speedport W 100 Stick WLAN Manager | Wifiusb.exe | Wireless management utility for the Speedport W 100 Stick WLAN USB stick
|
| X | Spees1 | speedy.scr | "Added by the OPASERV.Y WORM!"
|
| X | spoo1sv | spoo1sv.exe | "Added by the SOULJET TROJAN!"
|
| X | Spool lptt01 | spool.exe | "RapidBlaster variant (in a ""spool"" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here"
|
| X | Spybott lptt01 | spybott.exe | "RapidBlaster variant (in a ""Spybott"" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here"
|
| X | SpyClean | 1ClickSpyClean.exe | "1 Click Spy Clean uses a database that was stolen from SpybotS&D. Not recommended |
| X | SpyCrush 3.1 | SpyCrush 3.1.exe | "SpyCrush rogue spyware remover - not recommended |
| X | SpyLocked 4.1 | SpyLocked 4.1.exe | "Spylocked rogue spyware remover - not recommended |
| X | SpywareGuard | deinst_qfe001.exe | "Added by a variant of the Win32.Small TROJAN! - Do NOT confuse with the legitimate SpywareGuard application"
|
| X | Spywareguard lptt01 | Spywareguard.exe | "RapidBlaster variant (in a ""Spyguard"" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here"
|
| ? | sr1exe | updtSup3.exe | "Found on a Dell computer in Documents and Settings\All Users\Application Data\DellAlert2"
|
| U | srv32win | win16dll.exe | "Screenspy captures screenshots silently. If you didn't install this yourself remove it"
|
| X | staeck12 | mfcee.exe | Added by an unidentified WORM or TROJAN!
|
| X | staeck122 | mfceee.exe | Added by an unidentified WORM or TROJAN!
|
| U | STARTPAGE | start1.exe | "NoSpy.org - prevents spyware from changing your startpage and other browser properties. The start1.exe file is located in a NOSPY.ORG folder"
|
| X | Startwd | "rundll32.exe wd081025.dll | Hook" |
| U | Status Monitor CLJ1500 | HPPOUMUI.exe | "Status monitor for the HP Color LaserJet 1500 printer from Hewlett-Packard - for monitoring printer status |
| X | STCLOA~1 | STCLOA~1.EXE | "SecondThought adware"
|
| X | StreamAppliance | wuauclt14.exe | "Added by the RBOT-GMB WORM!"
|
| X | StreamAppliance | wuauclt16.exe | "Added by the RBOT-GME WORM!"
|
| X | strtas | lock1.exe | "Added by the SDBOT-ADQ WORM!"
|
| X | strtas | loc1.exe | "Added by the RBOT-AZU TROJAN!"
|
| X | stup | 138762763.exe | "Added by the FIRESPY-A TROJAN! It will attempt to register the dropped component as a Firefox plugin and begin monitoring the user's browsing habits |
| X | stup1db0t | _win.exe | "Added by a variant of the IRCBOT BACKDOOR!"
|
| X | SunJavaUpdaterv13 | javaupdater.exe | "Added by the ROUTROBOT WORM!"
|
| X | SunJavaUpdateSched10 | jushed.exe | "Added by the ACKANTTA.F WORM!"
|
| X | SunJavaUpdateSched132 | jschd.exe | "Added by the AUTORUN-AQY WORM!"
|
| X | SunJavaUpdateSched16 | jvshed.exe | "Added by the ACKANTTA.G WORM!"
|
| X | supernews12 | newsd32.exe | "Adware |
| X | Surfer lptt01 | surfer.exe | "RapidBlaster variant (in a ""mssurfer"" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here"
|
| X | SVCH0ST | spoo1sv.exe | "Added by the VB-HF TROJAN!"
|
| X | svchost | rundll16.exe | "Added by the STARTPA-PB TROJAN!"
|
| X | svchost1 | svchost1.exe | "Added by the AGOBOT.ZZ WORM!"
|
| X | SvcHosto | v1rg1n.exe | "Added by the AGOBOT-TK WORM!"
|
| X | svhost1 | mdsn.exe | "Added by the VB-EPK TROJAN!"
|
| X | SyBot v2.1 By Sky-Dancer | HPSV.exe | "Added by the ZOTOB.I WORM!"
|
| X | Sygate Personal Firewall | t1ktik.exe | "Added by the RBOT-VP WORM!"
|
| X | Sygate Personal Firewall | win31243.exe | "Added by a variant of the IRCBOT TROJAN!"
|
| X | SYS1 | system.exe | "Added by the SILLYFDC-AP WORM!"
|
| X | SYS1 | explorar.exe | "Added by the SILLYFDC.BDJ WORM!"
|
| X | SYS2 | bad1.exe | "Added by the SILLYFDC-AP WORM!"
|
| X | sys201 | sys209.exe | "Added by the STARTPA-ZY TROJAN!"
|
| X | syscon lptt01 | syscon.exe | "RapidBlaster variant (in a ""Syscon"" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here"
|
| X | sysfbtray | bill102.exe | "Added by the VB-ENI TROJAN!"
|
| X | sysfbtray | bill106.exe | "Added by the MDROP-CLV TROJAN!"
|
| X | sysftray2 | bolivar19.exe | "Added by the KOOBFACE.I WORM!"
|
| X | sysint16 | sysint16.exe | "Added by the CRYPTER.A TROJAN!"
|
| X | sysldtray | ld11.exe | "Added by the KOOBFACE.JG WORM!"
|
| X | sysldtray | ld10.exe | "Added by the FAKEAV-UD TROJAN!"
|
| X | sysldtray | ld12.exe | "Added by the KOOBFACE.V WORM!"
|
| X | sysldtray | ld01.exe | "Added by the KOOBFACE.I WORM!"
|
| X | sysldtray | ld15.exe | "Added by the AGENT-LNH TROJAN!"
|
| X | sysldtray | ld14.exe | "Added by the VIRUT.CE VIRUS!"
|
| X | sysldtray | ld16.exe | "Added by the AGENT-MMO TROJAN!"
|
| X | Syslog lptt01 | Syslog.exe | "RapidBlaster variant (in a ""Syslog"" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here"
|
| X | sysMett1 | explorer.exe | "Added by the LEGMIR-Y TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %ProgramFiles%"
|
| X | sysmon12 | [various filenames] | "Wareout - malware masquerading as a spyware and dialer remover"
|
| X | SysStart | syswin.exe 1 | "Added by the AUTORUN-EY WORM!"
|
| X | Systam13 | f1r5st83.exe | "Added by the IRCBOT-YM WORM!"
|
| X | Systam13 | exp.exe | "Added by the RBOT.ESD BACKDOOR!"
|
| X | Systam13 | first.exe | "Added by the RBOT.GND BACKDOOR!"
|
| X | Systam13 | resx.exe | "Added by a variant of the IRCBOT BACKDOOR! See here"
|
| X | Systam13 | speedwin.exe | "Added by the RBOT.GVH BACKDOOR!"
|
| X | System | kernels1118.exe | "Added by a variant of the SDBOT WORM!"
|
| X | SYSTEM | RUNDLL16.exe | "Added by the DELF-EW BACKDOOR!"
|
| X | System Loaderap | syst19b.exe | "Added by the AGOBOT-AT BACKDOOR!"
|
| X | System Monitor | Sysmon16.exe | "Added by the SDBOT TROJAN!"
|
| X | System132 | Csrtss.exe | "Added by the LANFILT-I TROJAN!"
|
| X | system16 | system16.exe | "Added by the BANCBAN-OB BACKDOOR!"
|
| X | System4224411 | Virus | "Added by the CAGER.A WORM!"
|
| X | System4224411 | Systemdll.exe | "Added by the YUSUFALI-B WORM!"
|
| X | System51616 | msnmsgesser.exe | "Added by a variant of the PUSHBOT WORM! A family of worms that spread using MSN Messenger"
|
| X | SystemDrive | maxpaynow1.exe | "Added by the TIBS.BKU TROJAN!"
|
| X | systemr | d11host.exe | "Added by the VB-GX TROJAN!"
|
| X | SystemSv12 | newmaxxsv234.exe | "Added by the TIBS-TS TROJAN!"
|
| X | SystemSv121 | n2ewma1xxsv234.exe | "Added by the TIBS.TJ TROJAN!"
|
| X | SystemTools | kernels1118.exe | "Added by the SMALL.DGK TROJAN!"
|
| X | SysteZ | d1.exe | "Added by the MSNDIABLO.A WORM!"
|
| X | sys_Runtt1 | explorer.exe | "Added by the LINEAGE-M TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %ProgramFiles%"
|
| X | sys_up1 | svchostsys.exe | "Added by the MULTIDR-FL TROJAN!"
|
| X | SyZ | f1.exe | "Added by the MSNDIABLO.A WORM!"
|
| X | Syzmy3 | exp1orer.exe | "Added by the LINEAG-AIO TROJAN! Note the number ""1"" in the filename"
|
| U | T-Com WLAN Manager | TS154USB.exe | Wireless management utility for the T-Com Sinus 154 Data II WLAN adapter
|
| N | Taskbar Display Controls | "RunDLL deskcp16.dll | QUICKRES_RUNDLLENTRY" |
| X | Taskbell.exe | Rund1.exe | "Added by the YIPID TROJAN!"
|
| X | taskmngr lptt01 | taskmngr.exe | "RapidBlaster variant (in a ""Taskmngr"" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here"
|
| N | TaskPlus | TASKPL~1.EXE | Task and calendar management software available as freeware or as a "Professional" version for sharing over a LAN
|
| ? | TB_setup | TB_ANI~1.EXE | "??"
|
| X | Tencent QQ | "Rund1132.exe qq.dll | Rundll32" |
| X | Testing 123 | msdata.dat | "Added by the NITS.A WORM!"
|
| X | tlc | update911.js | Hijacker installer
|
| X | tlz | 47681727.exe | Added by an unidentified TROJAN!
|
| U | TMESBS | TMESBS21.EXE | Utility related to inserting and removing the slim bay device (such as a DVD/CD-writer) on Toshiba laptops. You can disable this task if you have no intention of ever taking the device out while the laptop is turned on
|
| U | TMESBS.EXE | TMESBS21.EXE | Utility related to inserting and removing the slim bay device (such as a DVD/CD-writer) on Toshiba laptops. You can disable this task if you have no intention of ever taking the device out while the laptop is turned on
|
| U | TMESBS.EXE | TMESBS31.EXE | Utility related to inserting and removing the slim bay device (such as a DVD/CD-writer) on Toshiba laptops. You can disable this task if you have no intention of ever taking the device out while the laptop is turned on
|
| U | TMESRV.EXE | TMESRV11.EXE | Toshiba utility related to inserting and removing a laptop from a docking station. Not required if you don't use a docking station
|
| U | TMESRV.EXE | TMESRV21.EXE | Toshiba utility related to inserting and removing a laptop from a docking station. Not required if you don't use a docking station
|
| U | TMESRV.EXE | TMESRV31.EXE | Toshiba utility related to inserting and removing a laptop from a docking station. Not required if you don't use a docking station
|
| U | TMESRV31 | TMESRV31.EXE | Toshiba utility related to inserting and removing a laptop from a docking station. Not required if you don't use a docking station
|
| X | Tok-Cirrhatus-1464 | br3951on.exe | "Added by the BRONTOK.AD WORM!"
|
| X | Tok-Cirrhatus-1959 | br4941on.exe | "Added by the BRONTOK-J WORM!"
|
| X | Tok-Cirrhatus-1959 | [random].exe | "Added by the BRONTOK-CF WORM!"
|
| X | Tok-Cirrhatus-1959sarc | sv711224030r.exe | "Added by the BRONTOK-R WORM!"
|
| X | Tok-Cirrhatus-1959sarc | yesbron.com | "Added by the BRONTOK-R WORM!"
|
| X | Tok-Cirrhatus-2454 | br5931on.exe | "Added by the BRONTOK.AD WORM!"
|
| X | Tok-Cirrhatus-2784 | br6591on.exe | "Added by the BRONTOK-L WORM!"
|
| X | Total PC Defender 2010 | Total PC Defender 2010.exe | "Total PC Defender rogue security software - not recommended |
| Y | TrueMobile 1150 Client Manager | cmdel.exe | "Client Manager for the Dell TrueMobile 1150 Series PC Card - ""a wireless network PC Card that fits into any standard PC Card Type II slot. It has two LED indicators and an integrated antenna"""
|
| U | Tweak UI 1.33 deutsch | "RUNDLL32.EXE TWEAKUI.CPL | TweakMeUp" |
| X | twunk service | twunk16.exe | "Added by the RBOT.BAT WORM!"
|
| X | UADC_104911963 | UADCcw.exe | "AdvancedCleaner rogue security software - not recommended |
| X | UADC_599141581 | UADCcw.exe | "AdvancedCleaner rogue security software - not recommended |
| X | UADC_815790765 | UADCcw.exe | "AdvancedCleaner rogue security software - not recommended |
| X | Ultra Edit v5.1 | ultraedit.exe | "Added by the SDBOT-RK WORM!"
|
| X | unldr16 | unldr16.exe | "Added by a variant of the CRYPTER.C TROJAN!"
|
| X | Update ver 1.0 | Swap.exe | "Added by the SWAP-C WORM!"
|
| N | updatev01 | updatev01.exe | Ultra-networks.com software updater/downloader
|
| N | UPDATE~1 | updatemgr.exe | "Once a month |
| X | USB 2.1 Driver | winupdate1.exe | "Added by a variant of the RBOT WORM!"
|
| X | USB Drivers1 | msupdate.exe | "Added by a variant of the RBOT WORM!"
|
| X | USB Driverz2 | msnplus1.exe | "Added by the SDBOT-XQ WORM!"
|
| X | USB Fix 1.1 | wuservices.exe | "Added by a variant of the SDBOT WORM!"
|
| N | USRobotics 802.11g Wireless Network Utility | USRWLANG.exe | "USRobotics Wireless Network Utility - used to configure security settings for connecting to WEP encrypted Access Point through the USR Wireless adapter. You must uncheck ""Use Windows to configure my wireless settings"" for the program to work properly. Has Site Survey capabilities |
| ? | Utility Ping | UTILIT~1.EXE | "??"
|
| N | UVS10 Preload | uvPL.exe | Part of older versions of the Ulead (now Corel) VideoStudio video editing and DVD authoring software. Unless you use VideoStudio daily and find this speeds up the time it takes to open files associated with the program you shouldn't need this
|
| N | UVS11 Preload | uvPL.exe | Part of older versions of the Ulead (now Corel) VideoStudio video editing and DVD authoring software. Unless you use VideoStudio daily and find this speeds up the time it takes to open files associated with the program you shouldn't need this
|
| N | UVS12 Preload | uvPL.exe | Part of older versions of the Ulead (now Corel) VideoStudio video editing and DVD authoring software. Unless you use VideoStudio daily and find this speeds up the time it takes to open files associated with the program you shouldn't need this
|
| Y | V128IID | "Rundll32.exe v128iitw.dll | STB_InitTweak" |
| ? | V128IITV | ?? | "Loads drivers for some STB graphics cards. May be related to such a card with a TV out option?"
|
| U | va10key | va10key.exe | Only required if you use the 10 kay bay unit with a Sony Vaio laptop
|
| X | VCMnet11 | VCMnet11.exe | "Windows AFA Internet Enhancement - a browser hijacker |
| U | Veo Velocity Connect | stim11.exe | Support software for the Veo Velocity Connect webcam
|
| X | vern16.dll | regsvr32.exe vernn16.dll | "DailyWinner adware. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The ""vernn16.dll"" file is found in %System%"
|
| X | Video Process | MS32x16.exe | "Added by the RBOT.RH WORM!"
|
| X | Video Process | Avg123.exe | "Added by the AGOBOT-MS WORM!"
|
| X | VirusHeal 4.1 | VirusHeal 4.1.exe | "VirusHeal rogue security software - not recommended |
| X | VnrBlock21 | VnrBlock21.exe | "Internet Speed Monitor adware"
|
| X | VnrPack15 | VnrPack15.exe | "Zeno Search Assistant adware"
|
| X | VnrPack16 | VnrPack16.exe | "Zeno Search Assistant adware"
|
| X | VnrPack17 | VnrPack17.exe | "Internet Speed Monitor adware related - see example here"
|
| X | VRT1 | VRT1.EXE | "Added by the VIRUT.CE VIRUS!"
|
| ? | VX1000 | vVX1000.exe | "Associated with Microsoft's VX-1000 LifeCam webcams. What does it do and is it required?"
|
| X | W1N32.DLL | WINLOGON .exe | "Added by the DROPPERFL.A TROJAN!"
|
| U | W815DM | W815DM.exe | "Enuff Parental Control Software by Akrontech"
|
| U | WallPaper | WALLPA~1.EXE | "Wallpaper Changer - wallpaper manager that can change your background images on every startup"
|
| U | Watch | 1200UBWATCH.EXE | Button press monitor for the Mustek 1200 UB Scanner
|
| N | WaveTop Receiver 1 | N/A | "WaveTop - ""Get push content from TV without an Internet connection"" - now possibly a defunct system in the US included as an optional part of WebTV in Win98"
|
| X | wblogon | ubpr01.exe | "Added by the AGENT-HFI TROJAN!"
|
| N | Webposition Gold 2 | wpsche~1.exe | "Scheduler for Web Position Gold - utility to help optimize the position of web-sites in search engines"
|
| ? | WebServer | VBI_SE~1.EXE | "Related to a Pinnacle sound card. What does it do and is it needed?"
|
| U | Webshots | websho~1.exe | "Webshots - software that displays photos as your screensaver and wallpaper |
| U | WG111v2 Smart Wizard Wireless Setting | RtlWake.exe | "Configuration utility for the Netgear WG111 54 Mbps Wireless USB 2.0 Adapter that ""provides wireless access to your desktop or notebook PC through the computer's USB port"""
|
| Y | WG511WLU | WG511WLU.exe | Netgear configuration programme for the 54g wireless lan card - required to monitor and manage the lan card
|
| U | WhatPulse | WHATPU~1.EXE | "WhatPulse keeps track of your keystrokes |
| U | Win Chimes | winchi~1.exe | "WinChimes - enhancement software for the system clock that runs in the system tray"
|
| X | Win Microsoft 98 | win14.exe | "Added by the RBOT-AKX WORM!"
|
| X | WIN prosessor16 | [random filename].exe | "Added by a variant of the SDBOT WORM!"
|
| U | win16.dll | win16dll.exe | "Screenspy captures screenshots silently. If you didn't install this yourself |
| X | win32 | Shakira_1997_Part_1_.Mpeg_.scr | "Added by the MYLIFE.N WORM!"
|
| X | Win32 Services1 | wuamngr1.exe | "Added by the SDBOT-PV WORM!"
|
| X | Win32 USB2.0 Driver | rundll16.exe | "Added by the WOOTBOT.H WORM!"
|
| X | win3208022-1336687 | win3208022-1336687.exe | "Added by the VB-CFG TROJAN!"
|
| X | win32servv | ms1.exe | "iSearch adware"
|
| X | win32_i lptt01 | win32_i.exe | "RapidBlaster variant (in a ""win32_i"" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here"
|
| N | WINCINEMAMGR | WINCIN~1.EXE | "WinCinema_Manager is needed when using the WinDVD Remote Control for WinDVD from Intervideo. Available via Start -> Programs"
|
| X | Windir Working | wuaumqr1.exe | "Added by a variant of the IRCBOT TROJAN!"
|
| X | Windows 128 Module | win128.exe | "Added by the FORBOT-ES WORM!"
|
| X | Windows Browser Services | browser128.exe | "Added by a variant of the IRCBOT TROJAN! See here"
|
| X | Windows DLL Loader | RUNDLL16.EXE | "Added by the DOMWIS TROJAN!"
|
| X | Windows DLL Loader | SYSCFG16.EXE | "Added by the DOMWIS-N WORM!"
|
| X | Windows Explorer Update Build 1142 | EXPLORER32.EXE | "Added by the KaZaA based KWBOT or KWBOT.Y WORMS!"
|
| X | Windows Explorer-3212 | WINRE16.EXE | "Added by the HARDOC WORM!"
|
| U | Windows Guardian | thehel1iawgrd32.exe | Part of First Aid by Cybermedia who were subsequently bought by McAfee (Network Associates). Protects your Windows system from application failure and crashes
|
| X | Windows Installer 1 | msnconfig.exe | "Added by the PURITYSCN.B TROJAN!"
|
| X | Windows Internet Browser Services | internet128.exe | "Added by a variant of the IRCBOT TROJAN! See here"
|
| X | Windows Internet Protocol | deinst_qfe001.exe | Added by a variant of the Win32.Small TROJAN!
|
| X | Windows Live Messenger 8.12 | ctfmon.exe | "Added by the LIPARK-A WORM! Note - this is not the legitimate ctfmon.exe process associated with alternate text inputs which is always located in %System%. This one is located in %UserProfile%"
|
| X | WINDOWS MANAGEMENT SYSTEM | wm1exe.exe | "Added by the RBOT-VT WORM!"
|
| X | Windows Media Player 6.1.2 | wmplayer612.exe | "Added by the RBOT.AIB BACKDOOR!"
|
| X | Windows Messenger 4.14 | landisc.exe | "Added by the SDBOT-KR WORM!"
|
| X | Windows modez Verifier | w1nz0zz0.exe | "Added by a variant of the SDBOT WORM!"
|
| X | Windows Network Services | winnetwork128.exe | "Added by the SLENFBOT.J WORM!"
|
| X | Windows Running DLL Service | rundll128.exe | "Added by the IRCBOT.XDH BACKDOOR!"
|
| X | Windows Service | pd14.exe | "Adware - detected by DiamondCS TDS-3 anti-trojan as the DELF.DG TROJAN!"
|
| X | Windows Service Ajav | java128.exe | "Added by the RBOT.BNG WORM!"
|
| X | Windows Services Aganters | [10 random letters].exe | "Added by the RBOT.CUN WORM!"
|
| X | Windows Sound Manager | SndMon16.exe | "Added by a variant of the FORBOT WORM!"
|
| X | Windows SQL management 1.33 | scvhost.exe | "Added by the SPYBOT-OB WORM!"
|
| X | Windows Startup | winsta~1.exe | "GoHip foistware"
|
| X | Windows Startup | services21.exe | "Added by the AGOBOT-MX WORM!"
|
| X | Windows System Configuration | SYSCFG16.EXE | "Added by the WISDOOR-K TROJAN!"
|
| X | Windows System Configuration | Passcfg16.exe | "Added by the DOMWIS-E TROJAN!"
|
| X | WINDOWS SYSTEM SCALPE | scalpe91.exe | "Added by the MYTOB-HI WORM!"
|
| X | Windows Systems16 | winjews16.exe | "Added by the SDBOT-CXT WORM!"
|
| X | Windows Update | winupupdate1.exe | "Added by the RBOT-UV WORM!"
|
| X | Windows Update Checker | deinst_qfe001.exe | Added by a variant of the Win32.Small TROJAN!
|
| X | Windows Updtee Mgnr | W1NT45K.exe | "Added by the MYTOB.DC WORM!"
|
| X | Windows WKS Services | wkssvr1.exe | "Added by a variant of the IRCBOT BACKDOOR! See here"
|
| X | Windows Workstation Service [5.1-2600] | windrm.exe | "Added by the RBOT-CNY WORM!"
|
| X | windows16 | windows16.exe | "Added by the VB-XU TROJAN!"
|
| X | WindowsD | s1.exe | "Added by the MSNDIABLO.A WORM!"
|
| X | WINDOWSflashbrg | sqldata1.exe | "Added by a variant of the AGENT-IC TROJAN!"
|
| X | WindowsFZ | A5281300.so | "Variant of the SmitFraud alias FAKEALE-C TROJAN!"
|
| X | WindowsK | a1.exe | "Added by the MSNDIABLO.A WORM!"
|
| X | WindowsRegKey update XP | windexv1.exe | "Added by the RBOT-ABM WORM!"
|
| X | WindowsUpd1 | WindowsUpd1.exe | "VirtuMonde adware"
|
| X | WindowsUpdatem1 | [path to file] | "Added by the AGENT-AAJ TROJAN!"
|
| X | WinFavorites | WinFavorites.exe1 | Loudmarketing.com adware downloader
|
| X | Winhelp | winhe1p.exe | "Added by the QQPASS.E TROJAN!"
|
| X | winntR1 | winntR1.exe | "Added by the AGENT.CJZO TROJAN and variants"
|
| X | WinProfile | sndcfg16.exe | "Added by the SNDC.A WORM!"
|
| X | winrestore1 | winrestore.exe | "Added by the KILLFIL-Q TROJAN!"
|
| X | WINRUN z | W1NT45K.exe | "Added by the MYTOB.BL WORM!"
|
| X | WinSec | winsec16.exe | "Added by the AGOBOT.ZF WORM!"
|
| X | Winsock2 wqr1s | WUAUMQR1.EXE | "Added by the SPYBOT.KD WORM!"
|
| X | winsockdriver | winsock4.1.exe | "Added by a variant of the IRCBOT TROJAN! See here"
|
| X | WinSpywareProtect (ver. 5.1) | WinSpywareProtect.exe | "WinSpywareProtect rogue security software - not recommended |
| X | WinStart001 | WinStart001.exe | "From IGetNet - turns the IE address bar into a keyword engine piped into IGetNet. In other words |
| X | WinStart001.EXE | WinStart001.exe | "From IGetNet - turns the IE address bar into a keyword engine piped into IGetNet. In other words |
| X | Winsta~1 | winsta~1.exe | "GoHip foistware"
|
| X | WinSth16 | WinSth16.exe | "Added by the CAKE WORM!"
|
| X | WinSvc16.exe | WinSvc16.exe | "Added by the SDBOT.FQ TROJAN!"
|
| X | winsyslog lptt01 | winsyslog.exe | "RapidBlaster variant (in a ""Winsyslog"" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here"
|
| X | WinSysM | 371662M.exe | "Added by the WINKO.AO WORM!"
|
| X | WinSystems | winsystems16.exe | "Added by the SDBOT-CZT WORM!"
|
| X | WinSysW | 371662L.exe | "Added by the WINKO.AO WORM!"
|
| X | WinUsr | WinUsr.exe K1S2 | "Added by the CLUNK.A WORM!"
|
| X | winwan lptt01 | winwan.exe | "RapidBlaster variant (in a ""Winwan"" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here"
|
| X | WINX16 | winx16.exe | "Added by the AGOBOT-LS WORM!"
|
| X | WinXP | plugin1.exe | Added by the Downloader-JW TROJAN!
|
| X | WinXP Processor Generator v1.2 | intspnsr32.exe | "Added by the SDBOT.LP WORM!"
|
| X | Winzip Application | winzip81.exe | "Added by the RBOT-BKZ WORM!"
|
| U | Wireless PCI Card Configuration Utility | WMP11Cfg.exe | "Utility used by the LINKSYS wireless PCI card (WMP11) and indicates when a wireless access connection is made by a screen colour change. Also used for configuration"
|
| X | wm41a398 | "rundll32.exe wm41a398.dll | EnableRunDLL32" |
| X | wmplayer | vergon1885.exe | "Added by the BRONTOK-DG WORM!"
|
| N | WordPerfect Office 1215 | Registration.exe | "Corel WordPerfect Office 12 registration wizard"
|
| X | worknote1 | [filename].exe | "Added by the MEETOT WORM!"
|
| X | WSAConfiguration1 | csass.exe | "Added by the AGOBOT.WH WORM!"
|
| Y | WU713STA.EXE | WU713STA.EXE | Blitzz Technology wireless NIC adapter driver
|
| X | WUpdate | 1037v.exe | "Added by the CLAGGER-AR TROJAN!"
|
| Y | WUSB11B.exe | WUSB11B.exe | Linksys WUSB11 WLAN USB adapter
|
| X | www.symantec.com | oz11111.exe | "Added by the MYDOOM.W WORM"
|
| U | X-Cleaner Freeware | XCLEAN~1.EXE | "X-Cleaner Freeware - ""cookie cleaning |
| U | X1 | X1.exe | "Part of X1's Enterprise Desktop Search Resource Center. An enterprise desktop search engine"
|
| U | X1 System Tray | X1Systray.exe | "Part of X1's Enterprise Desktop Search Resource Center. An enterprise desktop search engine"
|
| U | X10 Device Network Service | x10nets.exe | Belongs to X10 video streaming device(s)
|
| X | X10Weax | WTHRTRAY.EXE | "WeatherCheck - ""bring the latest local weather to your desktop"". Not recommended as it reportedly pops ads |
| U | X1FileMonitor.exe | X1FileMonitor.exe | "Part of X1's Enterprise Desktop Search Resource Center. An enterprise desktop search engine"
|
| X | xccinit | rundll33.exe xccdf16_090131a.dll | "Added by the BUZUS-AD TROJAN! Note - the ""rundll33.exe"" file is located in %System%\inf and the ""xccdf16_090131a.dll"" file is located in %Windir%"
|
| X | xccinit | rundll33.exe xccdf16_090305a.dll | "Added by the BUZUS-AF TROJAN! Note - the ""rundll33.exe"" file is located in %System%\inf and the ""xccdf16_090305a.dll"" file is located in %Windir%"
|
| X | Xcpy1 | Xcpy1.exe | "FlashEnhancer adware"
|
| X | XMLmedia 10.0 | wmsdkns.exe | "Added by the FAKEALERT TROJAN!"
|
| X | Xordate | wuauclt10.exe | "Added by the RBOT-GKN WORM!"
|
| X | Xordate | wuauclt11.exe | "Added by the RBOT-GLI WORM!"
|
| X | Xordate | wuauclt12.exe | "Added by the RBOT-GLQ WORM!"
|
| X | Xordate | wuauclt13.exe | "Added by the RBOT-GLM WORM!"
|
| U | XTNDConnect PC - ScheduleSync | SCHEDU~1.EXE | "ScheduleSync specific translator for XTNDConnect PC - ""award-winning desktop-sync application that enables you to easily synchronize your contacts |
| X | xzkadsfk10 | afslkfasl10.exe | "Added by the ONLINEG-R TROJAN!"
|
| X | x[Number from 1 to 7] | x[Number from 1 to 7].exe | "Added by the DADOBRA-A TROJAN!"
|
| X | y1959sar | sv711224030r.exe | "Added by the BRONTOK-AK WORM and variants!"
|
| X | y1959sar | yesbron.com | "Added by the BRONTOK-AK WORM and variants!"
|
| ? | Yahoo HP Reminder 1.1 | yr.exe | "??"
|
| N | Yahoo! Pager | YAHOOM~1.EXE | "System tray access to an older version of the Yahoo! Messenger instant messenger"
|
| X | yahoo_toolbar lptt01 | yahoo_toolbar.exe | "RapidBlaster variant (in a ""yahoo_toolbar"" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here"
|
| Y | YTrayMagic Lite 1 | YTRAYMAGIC.EXE | "YTrayMagic from YoconSoft automatically restores your tray icons after an Explorer(the windows shell) crash. Leave to run at startup since only those icons that are in the taskbar after YTrayMagic has initialized will be restored"
|
| U | Yumgo's Homepage Protector V1 | YumgoHomepageProtector.exe | "Yumgo's Homepage Protector"
|
| X | Zango TvTimes | ZANGOT~1.EXE | "ZangoSearch adware"
|
| X | zsmscc | rundll32.exe zsmscc071001.dll mymain | "Added by the GENETIK.KQ TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""zsmscc071001.dll"" file is found in %System%"
|
| X | zsmscc | rundll32.exe mycc071208.dll mymain | "Added by the AGENT.FZK TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""mycc071208.dll"" file is found in %System%"
|
| N | ZSSnp211 | ZSSnp211.exe | "Vmicro webcam USB utility - allows the webcam to initiate data transfer to a program. Create a shortcut and start it manually when needed"
|
| X | [12 random characters] | avifile5.exe | "IeDriver adware variant"
|
| X | [12 random characters] | bootvid4.exe | "IeDriver adware variant"
|
| X | [12 random characters] | browser8.exe | "IeDriver adware variant"
|
| X | [12 random characters] | atitvo32.exe | "IeDriver adware variant"
|
| X | [12 random characters] | autodisc.exe | "IeDriver adware variant"
|
| X | [12 random characters] | cabview1.exe | "IeDriver adware variant"
|
| X | [12 random characters] | advpack1.exe | "IeDriver adware variant"
|
| X | [12 random characters] | batmeter.exe | "IeDriver adware variant"
|
| X | [12 random characters] | bidispl2.exe | "IeDriver adware variant"
|
| X | [12 random characters] | asferror.exe | "IeDriver adware variant"
|
| X | [12 random characters] | catsrvps.exe | "IeDriver adware variant"
|
| X | [12 random characters] | admparse.exe | "IeDriver adware variant"
|
| X | [12 random characters] | audiosrv.exe | "IeDriver adware variant"
|
| X | [12 random characters] | bootvid2.exe | "IeDriver adware variant"
|
| X | [12 random characters] | cmpbk321.exe | "IeDriver adware variant"
|
| X | [12 random characters] | ADPTIF67.exe | "IeDriver adware variant"
|
| X | [12 random characters] | asycfilt.exe | "IeDriver adware variant"
|
| X | [12 random characters] | ati2dvag.exe | "IeDriver adware variant"
|
| X | [12 random characters] | atl91036.exe | "IeDriver adware variant"
|
| X | [12 random characters] | blackbox.exe | "IeDriver adware variant"
|
| X | [12 random characters] | browser5.exe | "IeDriver adware variant"
|
| X | [12 random characters] | bthserv1.exe | "IeDriver adware variant"
|
| X | [12 random characters] | camocx28.exe | "IeDriver adware variant"
|
| X | [12 random characters] | CAMOCX74.exe | "IeDriver adware variant"
|
| X | [12 random characters] | capesnpn.exe | "IeDriver adware variant"
|
| X | [14 random numbers] | mradll.exe | "Green AV rogue security software - not recommended |
| X | [14 random numbers] | rwg.exe | "Green AV rogue security software - not recommended |
| X | [random name] | rundl13a.exe | "Added by the GAMPASS-L TROJAN!"
|
| X | [various names] | 10010.exe | "Wareout - malware masquerading as a spyware and dialer remover"
|
| X | [various names] | 321102.exe | "Wareout - malware masquerading as a spyware and dialer remover"
|
| X | [various names] | cmon14.exe | "Wareout - malware masquerading as a spyware and dialer remover"
|
| X | [various names] | Shaitan1678.exe | "Wareout - malware masquerading as a spyware and dialer remover"
|
| X | [various names] | sysconf16.exe | "Wareout - malware masquerading as a spyware and dialer remover"
|
| X | [various names] | sysmon12.exe | "Wareout - malware masquerading as a spyware and dialer remover"
|
| X | [various names] | TForm1.exe | "Wareout - malware masquerading as a spyware and dialer remover"
|
| X | [various names] | UserSp1.exe | "Wareout - malware masquerading as a spyware and dialer remover"
|
| X | [various names] | exe81.exe | "MediaMotor adware"
|
| X | _Cat1 | nmmst.exe | "Added by the SMALL.SD TROJAN!"
|
| U | {0228e555-4f9c-4e35-a3ec-b109a192b4c2} | gnotify.exe | "Google Gmail Notifier. Alerts you when you have new Gmail messages"
|
| U | {1290A33C-85F5-4164-A1BE-7DD299D4986A} | PBKScheduler.exe | "Scheduler for CyberLink PowerBackup - archiving/backup utility"
|
| X | {12EE7A5E-0674-42f9-A76B-000000004D00} | "rundll32.exe stlb2.dll | DllRunMain" |
| X | {157627A6-2A10-4aa1-B97F-90B8DC6F24AC} | sysqkmwfedz.exe | "Added by the FAKEALERT-AH TROJAN!"
|
| X | {1C-CC-C5-54-ZN} | dwdsregt.exe | "ZenoSearch adware"
|
| X | {29123221-3AF8-488c-85DE-6B3EC59E8074} | netmedia.exe | "NetMedia adware"
|
| X | {2C70168B-97CE-4f31-B85D-1FEC5002721D} | sxpgknrwva.exe | "Added by the FAKEALERT-AM TROJAN!"
|
| X | {2C70168B-97CE-4f31-B85D-1FEC5002721D} | sysavxjgdu.exe | "Added by the FAKEALERT-AM TROJAN!"
|
| X | {2C70168B-97CE-4f31-B85D-1FEC5002721D} | sysawpbkvnq.exe | "Added by the FAKEALERT-AH TROJAN!"
|
| X | {2C70168B-97CE-4f31-B85D-1FEC5002721D} | sysxhtcwbse.exe | "Added by the FAKEALERT-AM TROJAN!"
|
| X | {2CF0B992-5EEB-4143-99C0-5297EF71F444} | "rundll32.exe stlbdist.dll | DllRunMain" |
| X | {2CF0B992-5EEB-4143-99C2-5297EF71F44B} | "rundll32.exe stlbupdt.DLL | DllRunMain" |
| X | {357AA41A-B7A8-4632-A27D-5B980B25CF43} | [path to svchost.exe] | "Added by the SMALL-AQ TROJAN!"
|
| X | {357AA41A-B7A8-4632-A27D-5B980B25CF43} | services.exe | "FakeMessage/AdRotator adware. Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in an ""Inetsrv"" subfolder"
|
| X | {357AA41A-B7A8-4632-A27D-5B980B25CF43} | [path to trojan] | "Added by the SMALL-EP TROJAN!"
|
| X | {42562052-EE17-4197-82C7-91CB2E4B0666} | sysrswva.exe | "Added by the FAKEALERT-AH TROJAN!"
|
| X | {78B578D7-BCE1-4d83-9CD4-195BC34D8CB3} | sxjecknqhu.exe | "Added by the FAKEALERT-AM TROJAN!"
|
| X | {78B578D7-BCE1-4d83-9CD4-195BC34D8CB3} | syspyukrazv.exe | "Added by the FAKEALERT-AH TROJAN!"
|
| X | {78B578D7-BCE1-4d83-9CD4-195BC34D8CB3} | syssfzvakqg.exe | "Added by the FAKEALERT-AM TROJAN!"
|
| X | {7DD4A7AC-A3F1-4495-884A-7947C5B89108} | sysahbecjh.exe | "Added by the FAKEALERT-AM TROJAN!"
|
| U | {914C5BF8-EEDD-4F3A-A8BE-34EE71CF1B29} | XPlay.exe | "Xplay 3 from Mediafour Corporation - ""expands what you can do with any iPod |
| X | {9754B85A-3B34-4969-BE1F-CD03227E9470} | syszweuas.exe | "Added by the FAKEALERT-AM TROJAN!"
|
| X | {9754B85A-3B34-4969-BE1F-CD03227E9470} | sysatjsicj.exe | "Added by the FAKEALERT-AM TROJAN!"
|
| X | {B081DB1F-4EE6-4021-9DD4-8B300F0D636D} | syssngbeh.exe | "Added by the FAKEALERT-AH TROJAN!"
|
| U | {B179023B-6238-4499-8F26-CD73E9D90E0A} | MacDrive.exe | "MacDrive 7 from Mediafour Corporation - ""enables anyone using Windows Vista |
| X | {B3B48B54-C0EC-4705-8EE8-1981AEF656A7} | sysjcyrq.exe | "Added by the FAKEALERT-AH TROJAN!"
|
| X | {C0FB7D08-056E-1033-0501-03020730002c} | Update.exe | "Added by the AGENT-EOG TROJAN!"
|
| X | {C2220120-1C24-4a79-BA7A-DDCBFC209DB3} | sysfbdgv.exe | "Added by the FAKEALERT-AM TROJAN!"
|
| X | {C599792D-C6D9-461d-93CA-B48BFF8E37B1} | sysfdyev.exe | "Added by the FAKEALERT-AM TROJAN!"
|
| X | {DD651081-A909-45ad-BD71-2335B0ADE043} | sysutrnez.exe | "Added by the FAKEALERT-AH TROJAN!"
|
| X | {DD651081-A909-45ad-BD71-2335B0ADE043} | sysabmpmfr.exe | "Added by the FAKEALERT-AH TROJAN!"
|
| X | {DD651081-A909-45ad-BD71-2335B0ADE043} | sysnxcphmgy.exe | "Added by the FAKEALERT-AH TROJAN!"
|
| X | {E4785213-3EFE-4c26-A9B4-332440E31F6F} | sysrxmfdksp.exe | "Added by the FAKEALERT-AH TROJAN!"
|
