| U | Intel(R) Common User Interface | igfxtray.exe | "System Tray access to display settings for Intel desktop and mobile motherboard chipsets with integrated graphics. With this enabled |
| U | Intel(R) Common User Interface | hkcmd.exe | "Hot Key handler for Intel desktop and mobile motherboard chipsets with integrated graphics. With this enabled |
| U | Intel(R) Common User Interface | igfxpers.exe | "Installed with the graphics drivers for Intel desktop and mobile motherboard chipsets with integrated graphics. It's purpose or function isn't known at present but testing with it disabled would appear to indicate it isn't required - hence the recommended ""U"" status"
|
| U | Mailbox Verifier | mboxvrfy.exe | "Mailbox Verifier (MV) is free software that will notify you about new messages arrived to your mailbox. Only works with POP3 mailboxes (not web-mail based systems). You should be able to set your mail system to check all accounts at regular intervals anyway if you prefer (in Outlook for instance)"
|
| X | Microsoft | msngerf.exe | "Added by the RBOT-GLW WORM!"
|
| X | Microsoft Logon User Interface | logonnui.exe | "Added by the RBOT-BCC WORM!"
|
| U | Microtek Scanner Finder | ScannerFinder.exe | Monitors whether a scanner is present. Provided with Microtek scanners
|
| U | MirrorFolderShell | mrfshl.exe | "MirrorFolder backup software"
|
| X | mssurfer lptt01 | mssurfer.exe | "RapidBlaster variant (in a ""surfer"" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here"
|
| X | mssurfer ml097e | mssurfer.exe | "RapidBlaster variant (in a ""surfer"" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here"
|
| X | Msys32 | morfitwebentrance.exe | "Morfit ADjectPager - ""uses home page rental technology for generating revenues"". Homepage hi-jacker that re-defines your IE or Netscape start page as http://www.web-entrance.com/. Any installed application including this must be un-installed before you can reset your homepage"
|
| X | NetSurfageAssure | GDC.exe | "NetSurfageAssure French rogue privacy tool - not recommended. A member of the PCPrivacyTool family"
|
| X | Norton GProtect | ngrfn.exe | "Added by a variant of the RBOT WORM!"
|
| X | NvGraphicsInterface | [path to trojan] | "Added by the BCKDR-QKI BACKDOOR!"
|
| U | OnlinePCfix SmoothSurfer | SS.exe | "Smooth-Surfer - blocks banners |
| X | Optimum Online | Netsurf.exe | OptimumOnline ISP software related spyware - displays advertising popups and collects information about user activity
|
| X | P0w3rF1Y | svchost.exe | "Added by the BDOOR-MM BACKDOOR! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
|
| U | PCPerf | pcperf.exe | "PC Accelerator 2007 from DefendGate Inc. ""Powerful all-in-one PC performance and Internet acceleration solution designed to help increase your system and online performance and security"""
|
| X | Perfect Defender 2009 | pdfndr.exe | "Perfect Defender 2009 rogue security software - not recommended |
| N | PerfectPrint | pfppop70.exe | Print engine used by Corel WordPerfect 7 and Presentations 7
|
| U | PerfectSuite | dthtml.exe | "PerfectSuite™ from ViewSonic. Rebranded version of Display Tune from Portrait Displays |
| X | PerfFont (Performance True Type Font) | perfont.exe | "Added by the MUTECH-E TROJAN!"
|
| U | perfmon | perfmon.vbs | "MindStorm AnalyzerPro from Secure Associates. ""A security management tool for customers easy to manage report and analyze security events across heterogeneous security devices"""
|
| X | Perfomance Monitor | davcsync.exe | "Added by the LAMUD-A WORM!"
|
| X | Perfomance Settings | svchost.exe | "Added by the TOFGER-AP TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
|
| X | Performance | MyHeart.exe | "Added by the PESIN-D WORM!"
|
| N | Performance Center | ApcMain.exe | "Ascentive Performance Center - not recommended |
| X | Performs peer to peer connection | WinPTTP.exe | "Added by the RBOT-GMI WORM!"
|
| U | PopUpStopperFreeEdition | PSFREE.EXE | "Panicware's Pop-Up Stopper - free limited features version"
|
| U | PowerForPhone | PowerForPhone.exe | """ASUS Power 4 Phone is a telephone terminal emulation utility which can use hotkeys to handle a phone call from Skype or Modem in your notebook system."" For more information you can find a user's manual here"
|
| X | PrizeSurfer | prizesurfer.exe | """PrizeSurfer is the free software that automatically enters you to win cash and prizes just for surfing the web and shopping online!"" Stealth installed malware"
|
| N | QBReminderFlash | QBReminder.exe | "Upgrade reminder for Intuit's QuickBooks"
|
| X | Random Interface Network | rst.exe | "Added by the DELBOT-P WORM!"
|
| X | Random Interface Network Manager | rinsv.exe | "Added by the DELBOT-L WORM!"
|
| N | Reality Fusion GameCam SE | RFTRay.exe | Reality Fusion GameCam Video Interaction Technology Software that comes with the Logitech QuickCam PC video camera and other USB cameras. It's only an icon that appears on your System Tray. Available via Start -> Programs
|
| N | RecoverFromReboo | RECOVE~1.EXE | "Part of a DSL installer package from SBC (probably SBC/Yahoo DSL). If the installation is botched |
| N | RecoverFromReboo | RecoverFromReboot.exe | "Part of a DSL installer package from SBC (probably SBC/Yahoo DSL). If the installation is botched |
| N | RecoverFromReboot | RECOVE~1.EXE | "Part of a DSL installer package from SBC (probably SBC/Yahoo DSL). If the installation is botched |
| N | RecoverFromReboot | RecoverFromReboot.exe | "Part of a DSL installer package from SBC (probably SBC/Yahoo DSL). If the installation is botched |
| X | RF | EC.exe | "Added by the LINEAGE-U TROJAN!"
|
| U | rfagent | rfagent.exe | "Registry First Aid - scans the Windows registry for orphan file/folder references |
| X | rforce | EXP1ORER.EXE | "Added by the DROPPER.KN TROJAN! Note the number ""1"" in the filename rather than letter ""L"". It also drops another file named DEVICEMAP.SYS which is the ROOTKIT.O TROJAN!"
|
| N | RFTray | RFTRay.exe | Reality Fusion GameCam Video Interaction Technology Software that comes with the Logitech QuickCam PC video camera and other USB cameras. It's only an icon that appears on your System Tray. Available via Start -> Programs
|
| Y | rfw | Rfw.exe | "RAV AntiVirus"
|
| Y | RfwMain | rfwmain.exe | "Rising antivirus"
|
| ? | rfwydg | rfwydg.exe | "??"
|
| N | RFX_auto_upgrade | rundll32.exe npvpg005.dll | "A browser plugin called the RichFX player. Here is a link to download RichFX's solution to removing the auto upgrade"
|
| X | rmdrfje.dll | "rundll32.exe rmdrfje.dll | [random characters]" |
| X | SafeSurfingUpdate | SSUpdate.exe | "MoneyTree parasite - ActiveX control used to download premium-rate dialers"
|
| X | sasserfix | package.exe | "Added by the DABBER.B WORM!"
|
| Y | SkySurfer Management Service | SmaServ.exe | For Gilat Communications internet satellite systems - associated with SkyBlaster modem. Required if you have this system
|
| N | Smart Label RFViewer | SSLFVIEW.EXE | Part of the printer software for the smart-label printer made by Seiko. Can be disabled safely
|
| ? | SRFirstRun | "rundll32 srclient.dll | CreateFirstRunRp" |
| Y | Start RF Wireless Keyboard | ktrexe.exe | Yuanxun Electronics RF wireless keyboard driver
|
| Y | Start RF Wireless Mouse | cm20.exe | Yuanxun Electronics RF wireless mouse driver
|
| U | StartSurfing | STARTS.exe | "Start Surfing allows you to protect your privacy while surfing and searching the Internet by acting as a "filter" between you and the website you are visiting. Startsurfing acts as your shield from Pop Up Windows |
| N | Stat 'n' Perf | StatnPerf.exe | "Stat 'n' Perf monitors your internet connection and displays information about sent and received bytes"
|
| X | SurfAccuracy | sacc.exe | "SurfAccuracy adware"
|
| X | SurfBuddy | rundll32 [path] sbuddy.dll | "SurfBuddy adware - not to be confused with the legitimate SurfBuddy application by SurfApps!. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted"
|
| U | SurfChoice | SCMan.exe | "SCMan is a utility that can control services on WinNT from the command line. This utility can create |
| X | Surfer lptt01 | surfer.exe | "RapidBlaster variant (in a ""mssurfer"" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here"
|
| X | Surfer ml097e | surfer.exe | "RapidBlaster variant (in a ""mssurfer"" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here"
|
| U | SurfHelper | SurfHelp.exe | "Related to SurfHelper - a free tool to remove popup windows |
| U | SurfinGuard Pro | winsfcm.exe | "SurfinGuard Pro from Finjan - internet protection software |
| U | SurfSecret | ss2-full.exe | ""House-cleaning utility that enables you to keep your computer usage to yourself. Runs quietly from the system tray |
| X | SurfSideKick | Ssk.exe | "SurfSideKick adware"
|
| X | SurfSideKick 2 | Ssk.exe | "SurfSideKick adware"
|
| X | SurfSideKick 3 | Ssk.exe | "SurfSideKick adware"
|
| U | SurfStream | SurfStream.exe | "Conceiva ""SurfStream lets you surf the Web faster. It contains a fully featured proxy server that lets you surf the Web significantly faster. It also blocks all pop-up windows and banner ads from Web pages. An intelligent tune-up tool automatically analyzes and optimizes your computer's Internet connection and TCP/IP settings"""
|
| X | SystemErrorFixer | SysRep.exe | "SystemErrorFixer rogue system error and cleaning utility - not recommended. A member of the ErrClean family"
|
| ? | Thdetrf | thdetr32.exe | "Appears to be related to Lycos advertising"
|
| N | UserFaultCheck | dumprep 0 -u | "Used in connection with memory dumps - you can disable these by - right clicking on My Computer |
| X | Userfile Sharing Serv | usnsrv.exe | "Added by a variant of the IRCBOT TROJAN! See here"
|
| X | Userfile Sharing Server | usnserv.exe | "Added by a variant of the IRCBOT TROJAN!"
|
| X | USERINTERFACE REPORT3R | M0USE.exe | "Added by the MYTOB.HS WORM!"
|
| X | Userinterface Reporter | fuuuucktttttt.exe | "Added by the MYTOB-DK WORM!"
|
| X | Userinterface Reporter | srv32.exe | "ISTBar adware"
|
| X | Windows Performance Monitor | wmscupd.exe | "Added by the IRCBOT_GEN WORM!"
|
| X | Windows Relay Service | irfnga.exe | "Added by the DROPPER.ACO TROJAN!"
|
| X | Windows Service Find | wrfkuk.exe | "Added by the IRCBOT-XZ TROJAN!"
|
| X | Windows Spoolsurf Service | spoolsurf.exe | "Added by the SDBOT-ZZ WORM!"
|
| X | Windows-TCP-IP | rfkampig.exe | "Added by the GIPMA TROJAN!"
|
| X | Windows32 Configuration Loader | msrf32.exe | "Added by the SDBOT-ABX WORM!"
|
| X | Windoxs Update Center | W32RfSA.exe | "Added by a variant of the SDBOT WORM!"
|
| X | wininet.dll | regperf.exe | "Added by the ZLOB TROJAN and variants!"
|
| X | WinPerformance | WinPerformance.lnk | "Windows Performance rogue optimization utility - not recommended"
|
| X | WMI Application Interface | wmiapi.exe | "Added by the SPYBOT.RBY WORM!"
|
| X | WMI Performance Adapter Services | wmiapsrvs.exe | "Added by the RBOT.COU BACKDOOR!"
|
| U | WonderFrog | WonderFrog.exe | "Wonder Frog typing monitor"
|
| N | WordPerfect Office 1215 | Registration.exe | "Corel WordPerfect Office 12 registration wizard"
|
