| N | Cyber-shot Viewer Media Check Tool | SPUVolumeWatcher.exe | "Part of the Sony Picture Uility software supplied with Sony Cyber-shot digital cameras. Automatically invokes an import process if the camera is connected and has media on it"
|
| N | Cyber-shot Viewer Media Check Tool | SPUVOL~1.EXE | "Part of the Sony Picture Utility software supplied with Sony Cyber-shot digital cameras. Automatically invokes an import process if the camera is connected and has media on it"
|
| X | CydoorUpdate | CD_Load.exe | "Adware. Check here for information about Cy-Door and here for a program that can remove it"
|
| Y | D-Link Air USB Utility | AirCFG.exe | D-Link Air USB wireless driver and configuration utility
|
| Y | D-Link Air Utility | AirCFG.exe | D-Link Air PCI wireless driver and configuration utility
|
| N | D-Link AirPlus DWL-650+ Utility | WLANMON.exe | D-Link Air Plus Wireless PC modem connection monitor
|
| Y | D-Link AirPlus G | AirGCFG.exe | D-Link Airplus G wireless router driver and configuration utility
|
| Y | D-Link AirPlus G Wireless Utility | AirPlus.exe | "D-Link AirPlus G wireless configuration and monitoring utility"
|
| Y | D-Link AirPlus XtremeG | AirPlusCFG.exe | "D-Link AirPlus Xtreme G wireless access point driver and configuration utility"
|
| Y | D-Link D-Link Wireless 108G DWA-120 | AirPlusCFG.exe | D-Link DWA-120 Wireless 108G USB adapter driver and configuration utility
|
| Y | D-Link D-Link Wireless 108G DWA-520 | AirPlusCFG.exe | D-Link DWA-520 Wireless 108G desktop adapter driver and configuration utility
|
| Y | D-Link D-Link Wireless N Dual Band DWA-160 | AirNCFG.exe | "D-Link DWA-160 Xtreme N Dual Band USB adapter driver and configuration utility"
|
| Y | D-Link D-Link Xtreme N Dual Band DWA-160 | AirNCFG.exe | "D-Link DWA-160 Xtreme N Dual Band USB adapter driver and configuration utility"
|
| Y | D-Link RangeBooster G WDA-2320 | AirPlusCFG.exe | "D-Link WDA-2320 RangeBooster G desktop adapter driver and configuration utility"
|
| Y | D-Link RangeBooster G WUA-2340 | AirPlusCFG.exe | "D-Link WUA-2340 RangeBooster G USB adapter driver and configuration utility"
|
| Y | D-Link Wireless G WUA-1340 | AirGCFG.exe | "D-Link WUA-1340 Wireless G USB adapter driver and configuration utility"
|
| N | D066UUtility | D066UUTY.EXE | TWAIN driver for the CanoScan D660U flatbed scanner. Start scanning via your scanner management software
|
| X | d3dupdate.exe | bbeagle.exe | "Added by the BEAGLE.A WORM!"
|
| X | dabrun | "rundll32.exe dabapi.dll | Rundll32" |
| X | dago | fault.exe | "Added by the PUNYA-A WORM!"
|
| N | Data LifeGuard | BACKWE~1.EXE | Data LifeGuard diagnostic tools for Western Digital's series of hard drives
|
| N | Data LifeGuard LifeLine Lite installer | DLGLI.EXE | "Backweb installer - see here"
|
| X | DAupdate | DAupdate.exe | NavEnhance adware
|
| X | DC6 | dc6_startupmon.exe | "Part of the WinAntiVirus Pro 2006 rogue security software - not recommended |
| X | DC6_Check | uwasdc.exe | "Part of the WinAntiSpyware 2006 and WinAntiSpyware 2007 rogue spyware removers - not recommended"
|
| X | DC6_check | dc6_startupmon.exe | "Part of the WinAntiVirus Pro 2006 rogue security software - not recommended |
| N | DDCActiveMenu | DDCActiveMenu.exe | Digital Distribution Channel - formally part of the WildTangent on-line games delivery service. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case
|
| N | DeadAIM | "rundll32.exe DeadAIM.ocm | ExportedCheckODLs" |
| X | DealHelperUpdate | DHUpdt.exe | "DealHelper adware"
|
| X | Debug | DebugW32.exe | "Added by the GUBED TROJAN!"
|
| X | Debug | SMSS.exe | "DreamAd adware. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
|
| X | Debugger | dbg32.exe | "Added by the MYTOB-FW WORM!"
|
| X | Debugger | explorer32dbg.exe | "Added by the CWS-M TROJAN!"
|
| X | Debugger | iexplore_dbg.exe | "Added by the CWS-M TROJAN!"
|
| X | debugger | help.pif | "Added by the DELF-DRA WORM!"
|
| X | DebugMonitor | debugmonitor.exe | "Added by the MYDOOM.BG WORM!"
|
| X | Default | explore.vbs | "Added by the ALLEM WORM!"
|
| X | Default | mtask.vbe | "Added by the ALLEM WORM!"
|
| X | default | shell32.exe | "Added by the BINGHE TROJAN!"
|
| X | Default | _default.pif | "Added by the RUBBLE-C WORM!"
|
| U | default | mskbw.exe | "PC Surveillance PRO surveillance software. Uninstall this software unless you put it there yourself"
|
| U | Default Manager | DefMgr.exe | "Part of MSN Toolbar from version 4.* onwards (renamed ""Bing Bar"" from version 5.* onwards) which includes the Bing search engine. Via Start → All Programs → Microsoft Default Manager you can elect to keep Bing as the default search engine and set it to notify you of any changes to your browsers default settings. Not required if you choose not to use Bing"
|
| X | Default System Research | vhchost.exe | "Added by the TARNO.I TROJAN!"
|
| X | Default web browser | IexpIore.exe | "Added by the OBLIVION.B TROJAN! Note - do not confuse "IexpIore.exe" with "iexplore.exe" (Internet Explorer) |
| X | DefaultConfiguration | defaultconfh.exe | "Added by the AGOBOT-JC WORM!"
|
| X | Default_Page_URL | http://find.naupoint.com | "Naupoint browser hijacker"
|
| X | Default_Search_URL | http://find.naupoint.com | "Naupoint browser hijacker"
|
| X | DefenseNetSurfage | GDC.exe | "DefenseNetSurfage rogue privacy tool - not recommended. A member of the PCPrivacyTool family"
|
| ? | defergui | defergui.exe | "Related to IBM Standard Software Installer. What does it do and is it required?"
|
| U | Delay | delayrun.exe | On HP PCs this program is used to help prevent conflicts or timing issues on fast computers
|
| U | Delayrun | delayrun.exe | On HP PCs this program is used to help prevent conflicts or timing issues on fast computers
|
| U | Dell DataSafe Scheduler | DataSafeOnlineScheduler.exe | "Scheduler for Dell DataSafe™ Online which ""helps protect your music |
| U | Dell Photo AIO Printer 942 | dlbubmgr.exe | System Tray application for the Dell Photo AIO Printer 942 that enables scan or fax functions to run directly from the printer via the buttons
|
| N | Dell QuickSet | quickset.exe | Dell taskbar icon allowing you to quickly change settings
|
| N | Dell Wireless Manager UI | wltray.exe | System tray access to wireless LAN card configuration options
|
| Y | DellAutomatedPCTuneUp | PTAgnt.exe | "PC TuneUp from Dell - ""silently monitors your system |
| U | DellSupport | DSAgnt.exe | Dell Support Agent offers additional support and update features for your Dell computer or laptop
|
| U | DellSupportCenter | sprtcmd.exe /P DellSupportCenter | "Dell Support Center (provided by SupportSoft |
| U | DellTouch | MMKeybd.exe | Dell multimedia keyboard manager. Required if you use the additional keys
|
| U | DellTouch | DELLMMKB.EXE | Multimedia keyboard control for Dell based PCs - only required if you use the multimedia keys
|
| X | delol | hiquooc.exe | "Added by the BDOOR-AMP TROJAN!"
|
| X | delsubmit | "rundll32.exe advpack.dll | DelNodeRunDLL32 submit.exe" |
| X | DeluxeCommunications | Dxc.exe | "Deluxe Communications adware - successor to SurfSideKick"
|
| X | Deneca | Virus salvado | "Added by the DELUZ VIRUS!"
|
| X | deryheruxc | keepSafe.exe | "Added by the KILLAV.KAX TROJAN!"
|
| X | DescargaBromas | "rundll32.exe MSA64CHK.dll | DllMostrar" |
| ? | Description of Shortcuts | *.exe | "* seems to be a sequence of alphanumerics that can be different |
| X | DeskMateAutoUpdate | DeskMateAutoUpdate.exe | "DeskMates: Virtual scantily clad girls enhance your desktop. BargainBuddy adware related"
|
| X | Desktop | "rundll32.exe msconfd.dll | Restore ControlPanel" |
| X | Desktop Security 2010 | Desktop Security 2010.exe | "Desktop Security 2010 rogue security software - not recommended |
| X | DesktopUpdate | "rundll32.exe MSA64CHK.dll | DllMostrar" |
| N | deskup | deskup.exe | Adds Iomega Zip drive icons to the desktop
|
| ? | detect | turbodetect.exe | "??"
|
| X | Deus Cleaner | DCleaner.exe | "Deus Cleaner rogue system cleaner utility - not recommended"
|
| ? | DevconDefaultDB | READREG | "Appears to be related to older Creative Soundblaster soundcards"
|
| X | Device Configuration Loader | msdvc32.exe | "Added by a variant of the AGOBOT/GAOBOT WORM!"
|
| X | Device Security | dvcsecure.exe | "Added by a variant of the IRCBOT BACKDOOR! See here"
|
| X | Device Security Driver | devicesec.exe | "Added by a variant of the IRCBOT BACKDOOR! See here"
|
| X | Device Security Manager | dvcsecure.exe | "Added by a variant of the IRCBOT BACKDOOR! See here"
|
| U | dguard | dguard.exe | "eAcceleration Stop-Sign security software related. Previously not recommended |
| ? | DHNUXB | DHNUXB.exe | "??"
|
| X | Dialer | "rundll32.exe MSA32CHK.dll | Reg" |
| X | DialUp Network Application | Rnaap.exe | "Added by a variant of the SDBOT WORM!"
|
| X | Diesel | Recalculate.exe | "Added by the LAZAR TROJAN!"
|
| X | DigiD | DigitalSound.exe | Adware downloader
|
| N | DigiGuide | CLIENT.EXE | TV guide and reminder
|
| N | DigiGuide | client01.exe | TV guide and reminder
|
| N | Digital Dashboard | devgulp.exe | For Compaq PC's. Loads Digital Dashboard options
|
| Y | Digital Patrol Update 5 | update.exe | "Digital Patrol - ""a powerful anti trojan scanner |
| U | Direct Update | DUControl.exe | "DirectUpdate dynamic DNS updater"
|
| Y | Directory Opus Desktop Dblclk | dopusrt.exe | "Directory Opus - an advanced file manager. ""Directory Opus goes beyond the simple file manager metaphor |
| X | Directx Startup Drivers | direct.exe | "Added by the RBOT.UXL WORM!"
|
| ? | Disable EHCI | nousb20.exe | "??"
|
| X | DisableKeybaord | "Rundll32.exe Keyboard | Disable" |
| X | DisableMouse | "Rundll32.exe Mouse | Disable" |
| ? | disc detector | qnetquestnotifty.exe | "??"
|
| U | DiscUpdateManager | DiscUpdMgr.exe | "Disc Update Manager for Digital interactive's DISCover Console. Provider of on-demand video games"
|
| N | DiscUpdateManager | DiscUpdateMgr.exe | "DISCover from Digital Interactive Systems Corporation Inc. ""The company's patented Drop 'n' Play technology provides a simple |
| X | Disk Keeper | SECURITY.EXE | "Daosearch adware"
|
| X | Disk Panel Configuration | dpcsvc.exe | "Added by the IRCBOT.BSQ BACKDOOR!"
|
| X | Disk Panel Setup | npcsvc.exe | "Added by a variant of the IRCBOT TROJAN!"
|
| U | DiskSuite | aDSProcMngr.exe | "Part of PC Tools Disk Suite from PC Tools - which ""is an all-in-one hard-disk management utility that integrates disk optimization |
| X | Display | backup.exe | "Added by the BRONTOK-CR WORM!"
|
| U | DisplayFusion | DisplayFusion.exe | "DisplayFusion from Binary Fortress Software - ""is a fantastic application that can make your dual monitor (or triple monitor or more) life much |
| X | Distributed File System | Dfsvc.exe | "Added by the MYFIP.A or MYFIP.K WORMS!"
|
| X | Distributed File System | kernel32dll.exe | "Added by the MYFIP-C or MYFIP.K WORMS!"
|
| X | Distributed File System | blade.exe | "Added by the MYFIP.AC WORM!"
|
| X | Distributed File System | win.exe | "Added by the MYFIP.AB WORM!"
|
| X | Distributed Link Tracking | ascvt.exe | "Added by the AGOBOT-GH BACKDOOR!"
|
| U | distributed.net client | DNETC.EXE | "Dsitributed computing projects client from Distributed.net where numerous computers are used to share a projects workload - similar to SETI@Home and Folding@Home. Also prone to being distributed by viruses"
|
| X | DivX Updater | DivX.Exe | "Added by the NALDEM TROJAN or MASTAK VIRUS!"
|
| Y | DLBTCATS | "rundll32 [path] DLBTtime.dll | _RunDLLEntry@16" |
| Y | DLBUCATS | "rundll32 [path] DLBUtime.dll | _RunDLLEntry@16" |
| Y | DLBXCATS | "rundll32 [path] DLBXtime.dll | _RunDLLEntry@16" |
| Y | DLCCCATS | "rundll32 [path] DLCCtime.dll | _RunDLLEntry@16" |
| Y | DLCDCATS | "rundll32 [path] DLCDtime.dll | _RunDLLEntry@16" |
| Y | DLCFCATS | "rundll32 [path] DLCFtime.dll | _RunDLLEntry@16" |
| Y | DLCGCATS | "rundll32 [path] DLCGtime.dll | _RunDLLEntry@16" |
| Y | DLCICATS | "rundll32 [path] DLCItime.dll | _RunDLLEntry@16" |
| Y | DLCJCATS | "rundll32 [path] DLCJtime.dll | _RunDLLEntry@16" |
| Y | DLCQCATS | "rundll32 [path] DLCQtime.dll | _RunDLLEntry@16" |
| Y | DLCXCATS | "rundll32 [path] DLCXtime.dll | _RunDLLEntry@16" |
| X | Dll Boot Loader on Startup (do not remove this) | [various filenames] | Added by an unidentified TROJAN!
|
| X | DllExecutable | [path to file] | "Added by the VB-SP WORM!"
|
| X | DLLUPDATE32 | dllupdate32.exe | "Added by the AGOBOT.IA WORM!"
|
| Y | DLO Agent | DLOClientu.exe | "Part of the backup suites from VERITAS - Backup Exec and NetBackup. Both have now been replaced by their Symantec equivalents since they acquired VERITAS in 2005"
|
| X | dluca | dluca.exe | "Added by the DLUCA.C TROJAN!"
|
| X | dluxde | dluxde.exe | All-In-One-Telcom (adult content dialler) variant
|
| X | Dluxjp | Dluxjp.exe | "Added by the DLUCA.D TROJAN!"
|
| N | DMAScheduler | DMAScheduler.exe | "Related to DigitalMedia Plus Archiver. This program is non-essential process to the running of the program |
| U | DMXLauncher | DMXLauncher.exe | "Part of Dell's Media Experience |
| X | dnam | d140113.a.Stub.EXE | "Added by the STUB_A TROJAN!"
|
| Y | DNE Binding Watchdog | "rundll dnes.dll | DnDneCheckBindings" |
| Y | DNE DUN Watchdog | "rundll dnes.dll | DnDneCheckDUN13" |
| X | Doctor Antivirus 2008 | antvr.exe | "Doctor Antivirus 2008 rogue security software - not recommended |
| N | DocuMagix Init | PWATCH.EXE | "PaperMaster is an application for the PC designed to automate the process of organizing |
| U | Document Manager | docmgr.exe | "Wave Systems Corp. Document Manager - ""provides secure storage and management capabilities for file and folder level encryption"""
|
| U | Don't Panic Pop-Up Stopper | dpps2.exe | "Pop-Up Stopper Companion from Panicware. Pop-up blocker integrated into the IE toolbar. Note that the Pro version doesn't load in startup as it is installed as an Internet Explorer toolbar. Can cause problems with IE if you use WinXP and uninstall Service Pack 1. Uninstalling the software leaves it in the startup group"
|
| U | Dopus | dopus.exe | "Directory Opus - a file manager from GPSoft"
|
| U | DoubleDesktop | dd.exe | """DoubleDesktop is a smart and elegant system tray utility that effectively doubles the width of your Windows desktop"""
|
| N | DoUWantIt | duwi.exe | DoUWantIt - online shopping assistant. Start it manually
|
| X | Dowmingzu | Dowmingzu.dll.vbs | "Added by the SOLOW-E WORM!"
|
| N | Download Accelerator Plus 5.0 | DAP.exe | "Download Accelerator Plus from Speedbit. Download manager for resuming downloads |
| X | Download Plus | DownloadPlus.exe | "DownloadPlus adware"
|
| X | DownloadLegalMusic | "rundll32.exe MSA64CHK.dll | DllMostrar" |
| X | DownloadMP3 | "rundll32.exe MSA64CHK.dll | DllMostrar" |
| X | DownloadsAndMP3 | "rundll32.exe MSA64CHK.dll | DllMostrar" |
| Y | DPASUpdate | DPASAutoUpdate.exe | "Automatic updates for DefenderPro AntiSpy spyware remover - now incorporated Defender Pro 15-in-1 and 5-in-1"
|
| Y | DPCProxyLoadOnStartup | dpcstart.exe | "DirecWay from DirectTV (now HughesNet) - satellite based high-speed internet access"
|
| U | DpUtil | TEDTray.exe | "Main executable for TOSHIBA DualPoint Utility Main Module. It is a system tray icon program that provides configuration options for dual pointing device"
|
| X | Dr. Guard | drguard.exe | "Dr. Guard rogue security software - not recommended |
| N | Drag'n'Drop_Autolaunch | Autolaunch.exe | "Iomega HotBurn - CD-RW burning software"
|
| N | DragnDrop_Autolaunch | Autolaunch.exe | "Iomega HotBurn - CD-RW burning software"
|
| X | DRam prosessor | WindowsUpdate.exe | "Added by the RBOT-BBZ WORM!"
|
| X | DRam prosessor | msupdate.exe | "Added by the DELF-FAW TROJAN!"
|
| X | DRam prosessor | winupl.exe | "Added by the RBOT-BCQ WORM!"
|
| X | DRam rar proc | winupdaterar.exe | "Added by a variant of the IRCBOT TROJAN!"
|
| X | DRam rare proc | updaterarwin.exe | "Added by the RBOT-GQW WORM!"
|
| X | DriveCleaner 2006 Free | UDC2006.exe | "DriveCleaner rogue security software - not recommended |
| X | DriveCleaner Free | UDC.exe | "DriveCleaner rogue security software - not recommended |
| U | DriverMagicLogon | dmschedule.exe | "Part of DriverMagic - ""the easiest way to locate device drivers"""
|
| X | DriverModule | csrnvrt.exe | "Added by the IRCBOT.I TROJAN!"
|
| U | drkly16j | "rundll32.exe drkly16j.dll | ServiceCheck" |
| X | DRM Upgrade | drmupgd.exe | "Added by the IRCBOT.AWU BACKDOOR!"
|
| X | drmu | W95Mm.exe | Homepage hijacker installing a toolbar: http://tdko.com/. Lop.com in disguise
|
| X | Drmupgds | Drmupgds.exe | "Maxfiles adware"
|
| X | drvrmanager | drvrquery32.exe | "Added by the BOOHOO WORM!"
|
| X | drvupd | rundll32 ..drvupd.inf | "Hijacker - drvupd.inf file installs a ""searchforge.com"" hijack"
|
| X | DrWeb Antivirus | DRWEBAV.EXE | Added by an unidentified WORM or TROJAN!
|
| Y | Drwebscheduler | Drwebscd.exe | "DrWeb antivirus related - scheduler that allows you to manage an automatic launch of applications |
| X | DsmSer | sysup.exe | "Added by the SERFLOG.B WORM!"
|
| Y | DSndUp | DSndUp.exe | "Utility that only runs once after installing the drivers for Analog Devices SoundMax integrated soundcards. It's exact purpose is unknown at the present time but from the filename it's probably used to configure the default or generic speaker arrangement for the system it's used on"
|
| U | DT 11Mbps WLAN USB Station | DTUSBMonitor.exe | 11Mbps USB based wireless LAN connection monitor - possibly from Deutsche Telekom
|
| N | DU Meter | DUMETER.EXE | "Hagel Technologies internet bandwidth monitor"
|
| U | DualCoreCenter | StartUpDualCoreCenter.exe | "Unified control center for overclocking both the graphics card and the CPU |
| ? | Duane Reade Insert Detect | InsDetect.exe | "Part of Duane Read Picture Suite & Digital Image Pack. Detects a digital camera is plugged into a USB port or when a memory card with photos is inserted?"
|
| X | duck | duck.exe | "Added by the AGOBOT-AVG WORM!"
|
| N | Dulux WeatherShield WeatherDesk | weather.exe | "Dulux WeatherShield WeatherDesk - latest weather information from across Australia"
|
| X | Dumeter Services | dumeter.exe | "Added by the SDBOT-AEQ WORM!"
|
| X | Dump | Dump.exe | "Added by the ZIMUSE WORM!"
|
| X | dumprep | spoolc.exe | "Detected by Kaspersky as a variant of the AGENT.CXF TROJAN!"
|
| X | dumprep | dump-k.exe | "Added by the BUZUS-U WORM!"
|
| X | dumprep | dump.exe | "Added by the CODOX-A WORM!"
|
| N | dumprep 0 -k | dumprep 0 -k | "Used in connection with memory dumps - you can disable these by - right clicking on My Computer |
| N | dumprep 0 -u | dumprep 0 -u | "Used in connection with memory dumps - you can disable these by - right clicking on My Computer |
| X | DUN_SERVICES3 | dun3.exe | "Added by the SOKIRON TROJAN!"
|
| X | Duweculey | yujixit.exe | "Added by the SDBOT.BRP WORM!"
|
| X | Duwee wong Cerbon | Cirebons.exe | "Added by the BHARAT.A WORM!"
|
| X | DVD Upgrade | dvdupgd.exe | "Added by a variant of the IRCBOT BACKDOOR!"
|
| N | DVDLauncher | DVDLauncher.exe | "Part of Cyberlink's Power Cinema - allows you to play DVDs upon insertion"
|
| N | DVDUpgrade | DVDUpgrd.exe | "Microsoft program to upgrade your DVD decoder program - see Q306331. Available via Start -> Programs"
|
| X | dvraudio | dvraudio.exe | "Added by a variant of the CRYPTER.C TROJAN!"
|
| N | DwlClient | support.exe | Download manager for Dell support alerts
|
| U | DWQueuedReporting | dwtrig20.exe | "Used to launch Microsoft Error Reporting (DW20.exe) - if |
| X | Dx | sys*.exe [* = random number] | "Added by the DEXTER.A WORM!"
|
| X | Dxupdate.exe | Dxupdate.exe | "Added by the MAFEG WORM!"
|
| X | DyFuCA | optimize.exe | "Adult content dialler - see here"
|
| X | DyFuCA Active Alert | actalert.exe | "Adult content dialler - see here"
|
| U | DynDNS Updater | DynDNS.exe | "Dynamic DNS IP address updater tool |
| N | DynDNS-Updater Traytool | ddutray.exe | "DynDNS updater tray icon - allows easy configuration of the Dynamic DNSSM service. Can be run manually"
|
| U | Dynu Basic Client | dynubas.exe | "Dynu online dynamic IP update client. Useful when using a dial up modem"
|
| X | E-nrgyPlus | E-nrgyPlus.exe | "Energyplus - tracks internet activity including websites visited and queries made at popular search engines. This information along with some system information is sent to a remote site"
|
| U | e-Surveiller Station | estation.exe | "ESurveiller - surveillance software. Uninstall this software unless you put it there yourself"
|
| ? | Eac_rnvdl | ANTIVIRUS_INSTALL.EXE | "??"
|
| U | eanth_critical_update_alert | sys_alert.exe | "eAcceleration Stop-Sign security software related. Previously not recommended |
| U | eanth_critical_update_alert | EANTHO~1.EXE | "eAcceleration Stop-Sign security software related - previously not recommended (see here). It has now been delisted |
| N | Eapcisetup | sbsetup.exe | Rockwell RipTide soundcard application software. Sound works without it
|
| N | EAPCISETUP | wizard.exe | Part of the Creative Sounblaster PIC Installation Wizard. Probably left as a result of a failed installation
|
| N | Easy Start Button | esb.exe | Provides functionality on certain laptops that have additional keys. Not required unless you use the extra keys
|
| N | EasyNetwork | McENUI.exe | "McAfee's EasyNetwork user interface - ""enables secure file sharing |
| X | EasySearchBar | ESBUpdate.exe | EasySearchBar adware downloader
|
| U | EasySync Pro | XCPCMenu.exe | """IBM® Lotus® EasySync® Pro is a personal productivity solution that provides data synchronization between your IBM Lotus Notes® desktop and handheld devices running PalmOS and Windows CE/Pocket PC operating systems"""
|
| U | EasySync Pro - 3CmPlm | AutoDet.exe | "3Com Palm PC specific translator for IBM® Lotus® EasySync® Pro - ""a personal productivity solution that provides data synchronization between your IBM Lotus Notes® desktop and handheld devices running PalmOS and Windows CE/Pocket PC operating systems"""
|
| U | EasySync Pro - PocketPC | AUTODE~1.EXE | "Windows Mobile Pocket PC specific translator for IBM® Lotus® EasySync® Pro - ""a personal productivity solution that provides data synchronization between your IBM Lotus Notes® desktop and handheld devices running PalmOS and Windows CE/Pocket PC operating systems"""
|
| U | EasySync Pro - PocketPC | AutoDetect.exe | "Windows Mobile Pocket PC specific translator for IBM® Lotus® EasySync® Pro - ""a personal productivity solution that provides data synchronization between your IBM Lotus Notes® desktop and handheld devices running PalmOS and Windows CE/Pocket PC operating systems"""
|
| U | EasyTuneIII | EasyTune.exe | Tuning (overclocking) utility for Gigabyte motherboards. Shortcut available
|
| U | EasyTuneIV | ET4Tray.exe | Tuning (overclocking) utility for Gigabyte motherboards. Shortcut available
|
| U | EasyTuneV | GUI.exe | Tuning (overclocking) utility for Gigabyte motherboards. Shortcut available
|
| U | eAudio | eAudio.exe | "Part of Acer Empowering Technology. Acer eAudio Management provides centralized control over notebook audio and specialized audio modes for movies |
| N | ECenter | EULALauncher.exe | End User License Agreement (EULA) launcher - related to Dell E-Center/Google Toolbar
|
| U | eDataSecurity Loader | eDSloader.exe | "Part of Acer Empowering Technology. ""Acer eDataSecurity Management is a handy file encryption utility that protects files from being accessed by unauthorized persons |
| X | educational writer | [random filename] | "Added by the RBOT-LZ WORM!"
|
| X | Edzy AntiVirus | dppsfa.exe | "Added by a variant of the RBOT WORM!"
|
| U | eFax Live Menu 3.3 | J2GDllCmd.exe | "DLL Command Utility for version 3.3 of eFax Messenger from j2 Global Communications |
| N | eFax Tray Menu | HotTray.exe | "eFax Messenger Tray Menu system tray icon for eFax Messenger Plus. Available via Start -> Programs. Disabling instructions available here"
|
| U | eFax Tray Menu | J2GTray.exe | "System Tray access to eFax Messenger from j2 Global Communications |
| U | eFax Tray Menu 3.3 | J2GTray.exe | "System Tray access to version 3.3 of eFax Messenger from j2 Global Communications |
| U | eFax Tray Menu 3.5 | J2GTray.exe | "System Tray access to version 3.5 of eFax Messenger from j2 Global Communications |
| U | eFax Tray Menu 4.0 | J2GTray.exe | "System Tray access to version 4.0 of eFax Messenger from j2 Global Communications |
| N | eFax.com Tray Menu | HotTray.exe | "eFax Messenger Tray Menu system tray icon for eFax Messenger Plus. Available via Start -> Programs. Disabling instructions available here"
|
| X | egikugu | napolecy.exe | "Added by the SDBOT.AOE WORM!"
|
| N | EgisTecLiveUpdate | EgisUpdate.exe | "Software updater for biometric and data encryption products from EgisTec Inc"
|
| Y | egui | egui.exe | "User interface for ESET NOD32 Antivirus and Smart Security"
|
| X | element furth | [path] repcale.exe [path] palsp.exe | "Added by a variant of the RANDON.AN WORM! Both files are often located in %System%\vert"
|
| U | ELSA WINman Suite | Winmsuit.exe | "Allows you to totally customize your ELSA graphics card settings |
| U | ELSAChipGuard | elsavect.exe | "ChipGuard for ELSA graphics cards - monitoring solution which monitors both the GPU temperature and fan speed |
| U | ELSBLaunch | ELSBLaunch.exe | "EarthLink SpamBlocker"
|
| U | EMBASSY Trust Suite Secure Update | AutoUpdate.exe | "Updates for Wave Systems Corp. Embassy Trust Suite - ""delivers advanced levels of security to the client PC using the TPM security chip found on most enterprise PCs today"""
|
| U | Emouse | Emouse.exe | "Genius mouse driver - required if you use non-standard Windows driver features"
|
| X | empin | e121307.Stub.exe | "Delfin Media Viewer adware related"
|
| ? | Empowering Technology Launcher | eAPLauncher.exe | "Part of Acer Empowering Technology. What does it do and is it required?"
|
| ? | EmpoweringTechnology | Framework.Launcher.exe | "Part of Acer Empowering Technology. What does it do and is it required?"
|
| Y | Emsisoft Anti-Malware | a2guard.exe | "System Tray access to and Anti-Malware Guard feature of Emsisoft Anti-Malware from Emsi Software GmbH - which provides ""comprehensive PC protection against viruses |
| X | emule | emule.exe | "Added by the RBOT-ALZ WORM! Note - do not confuse with the legitimate eMule peer-to-peer (P2P) file-sharing program which is normally located in %ProgramFiles%\eMule. This one is located in %System%"
|
| N | eMule | emule.exe | "eMule - ""one of the biggest and most reliable peer-to-peer file sharing clients around the world. Thanks to it's open source policy many developers are able to contribute to the project |
| N | eMuleAutoStart | emule.exe | "eMule - ""one of the biggest and most reliable peer-to-peer file sharing clients around the world. Thanks to it's open source policy many developers are able to contribute to the project |
| N | eMusicClient Systray | eMusicClient.exe | "eMusic MP3 download software"
|
| ? | encapsulated command tool | wintr.com | "??"
|
| N | Encarta Dictionary Quickshelf | QSHLFED.EXE | "Provides quick access to Encarta's Dictionary features?"
|
| ? | ENCSurf | surfboard.exe | "??"
|
| X | EnergyPlugIn | EnergyPlugin.exe | "EnergyPlugin adware variant"
|
| Y | EngUtil | EngUtil.exe | "Part of the Roxio Easy CD & DVD Creator and Easy Media Creator series of CD/DVD tools - corrects any modification made to the Roxio Engine |
| X | Enh Win Updt | enhupdt.exe | "Adware - detected by Kaspersky as the ONECLICKNETSEARCH.H TROJAN!"
|
| N | EnigmaPopupStop | EnigmaPopupStop.exe | "Part of Enigma SpyHunter - not recommended |
| U | Enterprise Harmony | rsMenu.exe | "Enterprise Harmony 99 for CASIO - synchronization software for use with Microsoft® Outlook 97/98/2000"
|
| U | Enterprise Harmony '99 | rsMenu.exe | "Enterprise Harmony 99 for CASIO - synchronization software for use with Microsoft® Outlook 97/98/2000"
|
| X | Enterprise Suite | WE[random characters].exe | "Enterprise Suite rogue security software - not recommended |
| X | EntraOcio | "rundll32.exe MSA64CHK.dll | DllMostrar" |
| X | Enumerate Service | wsys.exe | "Added by the MANIFEST TROJAN!"
|
| U | EOUApp | EOUWiz.exe | Intel ProSET Wireless related - provides additional configuration options for these devices
|
| U | EOUWiz | EOUWiz.exe | Intel ProSET Wireless related - provides additional configuration options for these devices
|
| U | EPoXUSDM | USDM.EXE | "EPoX Universal Serial Data Monitor - a diagnostics tool that shows Temps |
| X | Epsilon Squared | vmmreg32.exe | "Added by the AGENT.MVC TROJAN!"
|
| N | EPSON Background Monitor | STMS.EXE | Supposed to keep an Epson printer ready for quick printing. Users report little difference whether it is on or not
|
| U | EPSON PictureMate Deluxe | E_FATI9TA.EXE | "Epson Status Monitor 3 for the PictureMate Deluxe compact photo printer - for monitoring printer status |
| U | EPSON Status Monitor 3 | E_[various].EXE | "Epson Status Monitor 3 for their range of printer and AIO devices - for monitoring printer status |
| N | EPSON Status Monitor 3 Environment Check | e_srcv03.exe | According to the Epson info: "Use this utility to automatically check for errors and also check the level of ink remaining." This utility can also be started on demand when about to print as follows: File menu > Print to bring up the print dialog box. Click on the Properties button which will bring up a display with 4 tabs. Click the Utility tab to get a list of utilities that can be executed including the Status Monitor 3 Environment Check
|
| N | EPSON Status Monitor 3 Environment Check | e_srcv02.exe | According to the Epson info: "Use this utility to automatically check for errors and also check the level of ink remaining." This utility can also be started on demand when about to print as follows: File menu > Print to bring up the print dialog box. Click on the Properties button which will bring up a display with 4 tabs. Click the Utility tab to get a list of utilities that can be executed including the Status Monitor 3 Environment Check
|
| N | EPSON Status Monitor 3 Environment Check 2 | e_srcv03.exe | According to the Epson info: "Use this utility to automatically check for errors and also check the level of ink remaining." This utility can also be started on demand when about to print as follows: File menu > Print to bring up the print dialog box. Click on the Properties button which will bring up a display with 4 tabs. Click the Utility tab to get a list of utilities that can be executed including the Status Monitor 3 Environment Check
|
| N | EPSON Status Monitor 3 Environment Check 2 | e_srcv02.exe | According to the Epson info: "Use this utility to automatically check for errors and also check the level of ink remaining." This utility can also be started on demand when about to print as follows: File menu > Print to bring up the print dialog box. Click on the Properties button which will bring up a display with 4 tabs. Click the Utility tab to get a list of utilities that can be executed including the Status Monitor 3 Environment Check
|
| U | EPSON Stylus C120 Series | E_FATICCA.EXE | "Epson Status Monitor 3 for the Stylus C120 Series printer - for monitoring printer status |
| U | EPSON Stylus C40 Series | E_S10IC2.EXE | "Epson Status Monitor 3 for the Stylus C40 Series printer - for monitoring printer status |
| U | EPSON Stylus C41 Series | E_S10IC2.EXE | "Epson Status Monitor 3 for the Stylus C41 Series printer - for monitoring printer status |
| U | EPSON Stylus C42 Series | E_S10IC2.EXE | "Epson Status Monitor 3 for the Stylus C42 Series printer - for monitoring printer status |
| U | EPSON Stylus C43 Series | E_S08IC1.EXE | "Epson Status Monitor 3 for the Stylus C43 Series printer - for monitoring printer status |
| U | EPSON Stylus C43 Series | E_S10IC2.EXE | "Epson Status Monitor 3 for the Stylus C43 Series printer - for monitoring printer status |
| U | EPSON Stylus C44 Series | E_S10IC2.EXE | "Epson Status Monitor 3 for the Stylus C44 Series printer - for monitoring printer status |
| U | EPSON Stylus C45 Series | E_S4I3T1.EXE | "Epson Status Monitor 3 for the Stylus C45 Series printer - for monitoring printer status |
| U | EPSON Stylus C46 Series | E_S4I0T1.EXE | "Epson Status Monitor 3 for the Stylus C46 Series printer - for monitoring printer status |
| U | EPSON Stylus C48 Series | E_S4I091.EXE | "Epson Status Monitor 3 for the Stylus C48 Series printer - for monitoring printer status |
| U | EPSON Stylus C60 Series | E_S10IC2.EXE | "Epson Status Monitor 3 for the Stylus C60 Series printer - for monitoring printer status |
| U | EPSON Stylus C61 Series | E_S10IC2.EXE | "Epson Status Monitor 3 for the Stylus C61 Series printer - for monitoring printer status |
| U | Epson Stylus C62 Series | E-S0BIC1.EXE | "Epson Status Monitor 3 for the Stylus C62 Series printer - for monitoring printer status |
| U | EPSON Stylus C62 Series | E_S10IC2.EXE | "Epson Status Monitor 3 for the Stylus C62 Series printer - for monitoring printer status |
| U | EPSON Stylus C63 Series | E_S10IC2.EXE | "Epson Status Monitor 3 for the Stylus C63 Series printer - for monitoring printer status |
| U | EPSON Stylus C64 Series | E_S10IC2.EXE | "Epson Status Monitor 3 for the Stylus C64 Series printer - for monitoring printer status |
| U | EPSON Stylus C64 Series | E_S4I2C1.EXE | "Epson Status Monitor 3 for the Stylus C64 Series printer - for monitoring printer status |
| U | EPSON Stylus C66 Series | E_S4I0S2.EXE | "Epson Status Monitor 3 for the Stylus C66 Series printer - for monitoring printer status |
| U | EPSON Stylus C67 Series | E_FATIAAL.EXE | "Epson Status Monitor 3 for the Stylus C67 Series printer - for monitoring printer status |
| U | Epson Stylus C82 Series | E_S0HIC1.EXE | "Epson Status Monitor 3 for the Stylus C82 Series printer - for monitoring printer status |
| U | EPSON Stylus C82 Series | E_S10IC2.EXE | "Epson Status Monitor 3 for the Stylus C82 Series printer - for monitoring printer status |
| U | EPSON Stylus C84 Series | E_S10IC2.EXE | "Epson Status Monitor 3 for the Stylus C84 Series printer - for monitoring printer status |
| U | EPSON Stylus C84 Series | E_S4I2D1.EXE | "Epson Status Monitor 3 for the Stylus C84 Series printer - for monitoring printer status |
| U | EPSON Stylus C87 Series | E_FATIABL.EXE | "Epson Status Monitor 3 for the Stylus C87 Series printer - for monitoring printer status |
| U | EPSON Stylus CX2900 Series | E_FATIBFP.EXE | "Epson Status Monitor 3 for the Stylus CX2900 Series printer - for monitoring printer status |
| U | EPSON Stylus CX3100 | E_S10IC2.EXE | "Epson Status Monitor 3 for the Stylus CX3100 printer - for monitoring printer status |
| U | EPSON Stylus CX3200 | E_S10IC2.EXE | "Epson Status Monitor 3 for the Stylus CX3200 printer - for monitoring printer status |
| U | EPSON Stylus CX3500 Series | E_FATI9 BL.EXE | "Epson Status Monitor 3 for the Stylus CX3500 Series printer - for monitoring printer status |
| U | EPSON Stylus CX3600 Series | E_FATI9BE.EXE | "Epson Status Monitor 3 for the Stylus CX3600 Series printer - for monitoring printer status |
| U | EPSON Stylus CX3700 Series | E_FATIACP.EXE | "Epson Status Monitor 3 for the Stylus CX3700 Series printer - for monitoring printer status |
| U | EPSON Stylus CX3800 Series | E_FATIACA.EXE | "Epson Status Monitor 3 for the Stylus CX3800 Series printer - for monitoring printer status |
| U | EPSON Stylus CX3900 Series | E_FATIBEP.EXE | "Epson Status Monitor 3 for the Stylus CX3900 Series printer - for monitoring printer status |
| U | EPSON Stylus CX4200 Series | E_FATIAEA.EXE | "Epson Status Monitor 3 for the Stylus CX4200 Series printer - for monitoring printer status |
| U | EPSON Stylus CX4500 Series | E_FATI9AP.EXE | "Epson Status Monitor 3 for the Stylus CX4500 Series printer - for monitoring printer status |
| U | EPSON Stylus CX4600 Series | E_FATI9AA.EXE | "Epson Status Monitor 3 for the Stylus CX4600 Series printer - for monitoring printer status |
| U | EPSON Stylus CX4700 Series | E_FATIADL.EXE | "Epson Status Monitor 3 for the Stylus CX4700 Series printer - for monitoring printer status |
| U | EPSON Stylus CX4800 Series | E_FATIADA.EXE | "Epson Status Monitor 3 for the Stylus CX4800 Series printer - for monitoring printer status |
| U | EPSON Stylus CX5000 Series | E_FATIBVA.EXE | "Epson Status Monitor 3 for the Stylus CX5000 Series printer - for monitoring printer status |
| U | EPSON Stylus CX5400 | E_S4I2G1.EXE | "Epson Status Monitor 3 for the Stylus CX5400 printer - for monitoring printer status |
| U | EPSON Stylus CX5500 Series | E_FATICAP.EXE | "Epson Status Monitor 3 for the Stylus CX5500 Series printer - for monitoring printer status |
| U | EPSON Stylus CX6000 Series | E_FATIBIA.EXE | "Epson Status Monitor 3 for the Stylus CX6000 Series printer - for monitoring printer status |
| U | EPSON Stylus CX6500 Series | E_FATI9EP.EXE | "Epson Status Monitor 3 for the Stylus CX6500 Series printer - for monitoring printer status |
| U | EPSON Stylus CX6600 Series | E_FATI9EE.EXE | "Epson Status Monitor 3 for the Stylus CX6600 Series printer - for monitoring printer status |
| U | EPSON Stylus CX6600 Series | E_FATI9EA.EXE | "Epson Status Monitor 3 for the Stylus CX6600 Series printer - for monitoring printer status |
| U | EPSON Stylus CX7000F Series | E_FATIBKA.EXE | "Epson Status Monitor 3 for the Stylus CX7000F Series printer - for monitoring printer status |
| U | EPSON Stylus CX7400 Series | E_FATICDA.EXE | "Epson Status Monitor 3 for the Stylus CX7400 Series printer - for monitoring printer status |
| U | EPSON Stylus CX7800 Series | E_FATIAFA.EXE | "Epson Status Monitor 3 for the Stylus CX7800 Series printer - for monitoring printer status |
| U | EPSON Stylus CX8300 Series | E_FATICEP.EXE | "Epson Status Monitor 3 for the Stylus CX8300 Series printer - for monitoring printer status |
| U | EPSON Stylus CX8400 Series | E_FATICEA.EXE | "Epson Status Monitor 3 for the Stylus CX8400 Series printer - for monitoring printer status |
| U | EPSON Stylus CX9300F Series | E_FATICFP.EXE | "Epson Status Monitor 3 for the Stylus CX9300F Series printer - for monitoring printer status |
| U | EPSON Stylus CX9400Fax Series | E_FATICFA.EXE | "Epson Status Monitor 3 for the Stylus CX9400Fax Series printer - for monitoring printer status |
| U | EPSON Stylus D68 Series | E_FATIAAE.EXE | "Epson Status Monitor 3 for the Stylus D68 Series printer - for monitoring printer status |
| U | EPSON Stylus D78 Series | E_FATIBGE.EXE | "Epson Status Monitor 3 for the Stylus D78 Series printer - for monitoring printer status |
| U | EPSON Stylus D88 Series | E_FATIABE.EXE | "Epson Status Monitor 3 for the Stylus D88 Series printer - for monitoring printer status |
| U | EPSON Stylus DX3800 Series | E_FATIACE.EXE | "Epson Status Monitor 3 for the Stylus DX3800 Series printer - for monitoring printer status |
| U | EPSON Stylus DX4000 Series | E_FATIBEE.EXE | "Epson Status Monitor 3 for the Stylus DX4000 Series printer - for monitoring printer status |
| U | EPSON Stylus DX4400 Series | E_FATICAE.EXE | "Epson Status Monitor 3 for the Stylus DX4400 Series printer - for monitoring printer status |
| U | EPSON Stylus DX4800 Series | E_FATIADE.EXE | "Epson Status Monitor 3 for the Stylus DX4800 Series printer - for monitoring printer status |
| U | EPSON Stylus DX5000 Series | E_FATIBVE.EXE | "Epson Status Monitor 3 for the Stylus DX5000 Series printer - for monitoring printer status |
| U | EPSON Stylus DX6000 Series | E_FATIBIE.EXE | "Epson Status Monitor 3 for the Stylus DX6000 Series printer - for monitoring printer status |
| U | EPSON Stylus DX7000F Series | E_FATIBKE.EXE | "Epson Status Monitor 3 for the Stylus DX7000F Series printer - for monitoring printer status |
| U | EPSON Stylus DX7400 Series | E_FATICDE.EXE | "Epson Status Monitor 3 for the Stylus DX7400 Series printer - for monitoring printer status |
| U | EPSON Stylus DX8400 Series | E_FATICEE.EXE | "Epson Status Monitor 3 for the Stylus DX8400 Series printer - for monitoring printer status |
| U | EPSON Stylus Photo 1400 Series | E_FATIBUA.EXE | "Epson Status Monitor 3 for the Stylus Photo 1400 Series printer - for monitoring printer status |
| U | EPSON Stylus Photo 2200 | E_S10IC2.EXE | "Epson Status Monitor 3 for the Stylus Photo 2200 printer - for monitoring printer status |
| U | EPSON Stylus Photo 825 | E_S10IC2.EXE | "Epson Status Monitor 3 for the Stylus Photo 825 printer - for monitoring printer status |
| U | EPSON Stylus Photo 925 | E_S10IC2.EXE | "Epson Status Monitor 3 for the Stylus Photo 925 printer - for monitoring printer status |
| U | EPSON Stylus Photo R1800 | E_FATI9LA.EXE | "Epson Status Monitor 3 for the Stylus Photo R1800 printer - for monitoring printer status |
| U | EPSON Stylus Photo R200 Series | E_S4I0H2.EXE | "Epson Status Monitor 3 for the Stylus Photo R200 Series printer - for monitoring printer status |
| U | EPSON Stylus Photo R220 Series | E_S6I2I1.EXE | "Epson Status Monitor 3 for the Stylus Photo R220 Series printer - for monitoring printer status |
| U | EPSON Stylus Photo R220 Series | E_FATIAIE.EXE | "Epson Status Monitor 3 for the Stylus Photo R220 Series printer - for monitoring printer status |
| U | EPSON Stylus Photo R240 Series | E_FATIAHE.EXE | "Epson Status Monitor 3 for the Stylus Photo R240 Series printer - for monitoring printer status |
| U | EPSON Stylus Photo R2400 | E_FATI9SA.EXE | "Epson Status Monitor 3 for the Stylus Photo R2400 printer - for monitoring printer status |
| U | EPSON Stylus Photo R2400 | E_FATI9SE.EXE | "Epson Status Monitor 3 for the Stylus Photo R2400 printer - for monitoring printer status |
| U | EPSON Stylus Photo R260 Series | E_FATIBNA.EXE | "Epson Status Monitor 3 for the Stylus Photo R260 Series printer - for monitoring printer status |
| U | EPSON Stylus Photo R280 Series | E_FATICKA.EXE | "Epson Status Monitor 3 for the Stylus Photo R280 Series printer - for monitoring printer status |
| U | EPSON Stylus Photo R285 Series | E_FATICKE.EXE | "Epson Status Monitor 3 for the Stylus Photo R285 Series printer - for monitoring printer status |
| U | EPSON Stylus Photo R300 Series | E_S4I2F1.EXE | "Epson Status Monitor 3 for the Stylus Photo R300 Series printer - for monitoring printer status |
| U | EPSON Stylus Photo R300 Series | E_S10IC2.EXE | "Epson Status Monitor 3 for the Stylus Photo R300 Series printer - for monitoring printer status |
| U | EPSON Stylus Photo R300 Series | E_S4I0F2.EXE | "Epson Status Monitor 3 for the Stylus Photo R300 Series printer - for monitoring printer status |
| U | EPSON Stylus Photo R320 Series | E_FATI9FA.EXE | "Epson Status Monitor 3 for the Stylus Photo R320 Series printer - for monitoring printer status |
| U | EPSON Stylus Photo R340 Series | E_FATIAJE.EXE | "Epson Status Monitor 3 for the Stylus Photo R340 Series printer - for monitoring printer status |
| U | EPSON Stylus Photo R380 Series | E_FATIBOA.EXE | "Epson Status Monitor 3 for the Stylus Photo R380 Series printer - for monitoring printer status |
| U | EPSON Stylus Photo R800 | E_FATI9YE.EXE | "Epson Status Monitor 3 for the Stylus Photo R800 printer - for monitoring printer status |
| U | EPSON Stylus Photo RX420 Series | E_FATI9CE.EXE | "Epson Status Monitor 3 for the Stylus Photo RX420 Series printer - for monitoring printer status |
| U | EPSON Stylus Photo RX430 Series | E_FATI9CP.EXE | "Epson Status Monitor 3 for the Stylus Photo RX430 Series printer - for monitoring printer status |
| U | EPSON Stylus Photo RX500 | E_S4I2K1.EXE | "Epson Status Monitor 3 for the Stylus Photo RX500 Series printer - for monitoring printer status |
| U | EPSON Stylus Photo RX530 Series | E_FATIAGP.EXE | "Epson Status Monitor 3 for the Stylus Photo RX530 Series printer - for monitoring printer status |
| U | EPSON Stylus Photo RX600 | E_S4I2M1.EXE | "Epson Status Monitor 3 for the Stylus Photo RX600 printer - for monitoring printer status |
| U | EPSON Stylus Photo RX640 Series | E_FATIAME.EXE | "Epson Status Monitor 3 for the Stylus Photo RX640 Series printer - for monitoring printer status |
| U | EPSON Stylus Photo RX680 Series | E_FATICJA.EXE | "Epson Status Monitor 3 for the Stylus Photo RX680 Series printer - for monitoring printer status |
| U | EPSON Stylus Photo RX700 Series | E_FATI9IA.EXE | "Epson Status Monitor 3 for the Stylus Photo RX700 Series printer - for monitoring printer status |
| U | EPSON Stylus Pro 4000 | E_S10IC2.EXE | "Epson Status Monitor 3 for the Stylus Pro 4000 printer - for monitoring printer status |
| U | EPSON Stylus Pro 7600 | E_S10IC2.EXE | "Epson Status Monitor 3 for the Stylus Pro 7600 printer - for monitoring printer status |
| U | EPSON Stylus SX200 Series | E_FATIEFE.EXE | "Epson Status Monitor 3 for the Stylus SX200 Series printer - for monitoring printer status |
| ? | Equipmen | Equipmen.exe | "??"
|
| X | ErreurChasseur | SysRep.exe | "ErreurChasseur |
| N | Error Nuker | ErrorNuker.exe | "ErrorNuker registry cleaner - only required if you want the application to run a scan at startup. The program can be launched manually if required"
|
| X | Error Safe Free | uers.exe | "ErrorSafe rogue system error and cleaning utility - not recommended"
|
| X | ErrorGuard | ErrorGuard.exe | "ErrorGuard rogue spyware remover - not recommended |
| X | ErrorSafeFree | UERS.exe | "ErrorSafe rogue system error and cleaning utility - not recommended"
|
| X | ERS | ers_startupmon.exe | "Part of the WinAntiVirus Pro 2006 rogue security software - not recommended |
| X | ERS_check | ers_startupmon.exe | "Part of the WinAntiVirus Pro 2006 rogue security software - not recommended |
| X | ERS_Check | uwasers.exe | "Part of the WinAntiSpyware 2006 and WinAntiSpyware 2007 rogue spyware removers - not recommended"
|
| X | ertyuop | rttrwq.exe | "Added by the AUTORUN-APA WORM!"
|
| U | ERUNT AutoBackup | AUTOBACK.EXE | "ERUNT backup utility - when added to the user's startup folder automatically backs up the registry each time the system boots |
| X | erwghjjrjt | ucbcg.exe | "Added by the SMALL.CUL TROJAN!"
|
| U | ES Current Services | [FILE NAME].exe | "123Keylogger surveillance software. Uninstall this software unless you put it there yourself"
|
| U | eScan Scheduler | avkserv.exe | "MicroWorld eScan antivirus scheduler"
|
| U | eScan Updater | Trayicos.exe | "MicroWorld eScan antivirus updater - allows users to automatically download updates and set the auto time interval for downloads"
|
| X | Esph | ortu.exe | "PurityScan adware"
|
| ? | eSupInit | eSupCmd.exe | "Related to SupportSoft (aka Support.com) ""Real-Time Service Management software"". What does it do and is it required?"
|
| X | Esutityde | osutityde.exe | "Added by the SDBOT.BQD WORM!"
|
| X | etbrun | elit***32.exe [* = random char] | "EliteBar adware"
|
| N | Ethernet | tcaudiag.exe | 3Com NIC Installation/Diagnostic MFC application. Diagnostics may be run from the Start -> Programs
|
| X | Etraffic | JavaRun.exe | "TopMoxie adware"
|
| Y | eTrust EZ Firewall | efpeadm.exe | "eTrust EZ Firewall"
|
| U | eTrust PestPatrol Active Protection | PPActiveDetection.exe | "PestPatrol real-time protection feature. ""Stops spyware before it infects your system"""
|
| X | eTrust Realtime Monitor | realmon.exe | "Added by the LAZAR.B TROJAN!"
|
| Y | eTrustCIPE | ezdsmain.exe | eTrust EZ Deskshield from Computer Associates. Protects against malicious email attachments and unauthorized use of email by detecting and blocking unusual behavior
|
| X | eTunnel | winfw.exe | Added by an unidentified TROJAN!
|
| U | Eudora | Eudora.exe | "Eudora from Qualcomm allows you to receive and send Internet e-mails"
|
| X | EUP Service | eupsvc.exe | "Added by the DELBOT-Q WORM!"
|
| U | EuroGlot | EuroGlot.exe | "Euroglot - ""multilanguage translating system |
| U | Evoluent Mouse Manager | EvoMouExec.exe | "Mouse manager for Evoluent VertcialMouse"
|
| N | eWare Startup | iWareStart.exe | "eWare iWare task bar. Not required"
|
| X | ewrgetuj | geurge.exe | "Added by the AUTOINF-AK WORM!"
|
| X | ewupdater | ewupdater.exe | "EasyWebSearch adware updater"
|
| N | Excite Platform | Exlaunch.exe | Loads an Icon in the startup tray that allows you to receive service update notices for Excite@Home if you desire (note that since Excite@Home appears to be winding down this becomes irrelevant). May also allow you to kill the Excite Toolbar that automatically loads in Internet Explorer
|
| X | ExecUser | ExecUser.exe | "Added by a variant of the RBOT WORM!"
|
| ? | Execute | delfolders.exe | "??"
|
| X | ExFilter | "Rundll32.exe [path] cdnspie.dll | ExecFilter" |
| U | Exif Launcher | Exiflaquickdcr.exe | USB mass storage driver used by some digital cameras such as the Fuji Finepix. Only required if you use it regularly
|
| U | Exif Launcher | QuickDCF.exe | USB mass storage driver used by some digital cameras such as the Fuji Finepix. Only required if you use it regularly
|
| X | ExpertAntivirus | ExpertAntivirus.exe | "ExpertAntivirus rogue security software - not recommended |
| X | expler | Updadv.exe | "Added by the QQPASS-N TROJAN!"
|
| X | Explkw | expup.exe | Keywords hijacker
|
| X | Explorer Updater | IEXPLORE.exe | "Added by the SDBOT-WO WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System%"
|
| X | ExplorerRun | conime.exe | "Added by the DLDR-G TROJAN! Note - this is not the legitimate Console IME process of the same filename which is located in %System%. This one is located in %Temp%"
|
| X | ExploreUpdSched | [random filename] | "ZenoSearch adware"
|
| N | Extender Resource Monitor | RMSysTry.exe | "Related to Windows Media Center from Microsoft"
|
| X | Extra Antivirus | ExtraAV.exe | "Extra Antivirus rogue security software - not recommended |
| ? | Extranet AutoDial | AutoExt.exe | Nortel Networks Contivity Extranet Switching Software
|
| N | Eye Tide Launcher | oneeyetideone.exe | Nascar wallpaper
|
| U | EZ-DUB Finder | EZ-DUB.exe | "Support software for the Lite-On EZ-DUB external DVD writer from Lite-On IT Corporation"
|
| N | EzButton | EzButton.EXE | EZbutton is a quick launcher for the Media player app that comes with certain laptops
|
| ? | EZNORUN | EZNORUN.EXE | "Easy Internet related?"
|
| U | EzTune | dthtml.exe | "EzTune from Gateway. Rebranded version of Display Tune from Portrait Displays |
| X | ezula | eZmmod.exe | "eZula TopText adware"
|
| X | eZulaMain | eZulaMain.exe | "eZula TopText adware"
|
| X | eZuluMain | eZuluMain.exe | Comes with "KaZaA" installation. Advertising Spyware. Not required but KaZaA won't work
|
| U | E_S[numbers] | [path] E_[various].EXE [path] E_S[numbers].tmp | "Temporary entry related to Epson Status Monitor 3 for their range of printer and AIO devices - for monitoring printer status |
| U | F-PROT Antivirus Tray application | FProtTray.exe | "System Tray access to F-PROT Antivirus"
|
| X | F-Secure 2005 | svchost.exe | "Added by the BIFROSE-CH TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
|
| Y | F-Secure 2006 | fspex.exe | "F-Secure Anti-Virus automatic updater"
|
| X | F-Secure Gatekeeper | [malware name].exe | "Added by the NUWAR.AXQ WORM!"
|
| U | F-Secure Management Agent | FSMA32.EXE | "F-Secure antivirus - F-Secure Policy Manager provides tools for administering F-Secure software products"
|
| Y | F-Secure Manager | FSM32.EXE | "F-Secure antivirus - carry out scheduled virus scans automatically"
|
| Y | F-Secure Startup Wizard | FSSW.EXE | "F-Secure antivirus"
|
| Y | F-Secure TNB | TNBUtil.exe | "F-Secure antivirus"
|
| U | F5D7050v3 | Belkinwcui.exe | "Wireless configuration utility for the Belkin F5D7050 Wireless G USB Adapter"
|
| U | F5D8001 | Belkinwcui.exe | "Wireless configuration utility for the Belkin F5D8001 N1 Wireless Desktop Card"
|
| U | F5D8011 | Belkinwcui.exe | "Wireless configuration utility for the Belkin F5D8011 N1 Wireless Notebook Card"
|
| U | F5D8055v1 | Belkinwcui.exe | "Wireless configuration utility for the Belkin F5D8055 Wireless N+ USB Adapter"
|
| U | F5D8071 | Belkinwcui.exe | "Wireless configuration utility for the Belkin F5D8071 N1 Wireless ExpressCard"
|
| U | F5D9010 | Belkinwcui.exe | "Wireless configuration utility for the Belkin F5D9010 Wireless G+ MIMO USB Network Adapter"
|
| U | F5D9050 | Belkinwcui.exe | "Wireless configuration utility for the Belkin F5D9050 Wireless G+ MIMO USB Network Adapter"
|
| U | Fabrik Ultimate Backup Status | fabrikhomestat.exe | "Status monitor for Fabrik Ultimate Backup from Fabrik Inc. ""No matter what happens to the drive on your desk - a spilled drink |
| X | Fast Antivirus 2009 | FastAV.exe | "Fast Antivirus rogue security software - not recommended |
| X | Fast start | Ntut.exe | "Adware - deteced by Kaspersky as the FAVADD.I TROJAN!"
|
| X | FastDownloads | "rundll32.exe MSA64CHK.dll | DllMostrar" |
| X | FastStart | ntnut32.exe | "Added by the STARTPAGE.L TROJAN!"
|
| X | FastStart | svcnut.exe | "Browser hijacker - a variant of the STARTPAGE.L TROJAN!"
|
| X | FastStart | svcnut32.exe | "Browser hijacker - a variant of the STARTPAGE.L TROJAN!"
|
| N | FastTrack Accelerator | SPEED UP.EXE | "FastTrack Accelerator - ""speedup"" utility for programs that use the FastTrack network such as KaZaA Media Desktop |
| N | FastUser | fast.exe | Installs as part of Windows XP PowerToys as an option for very-fast user switching (allowing a keystoke to switch users instead of using the login screen). It is only used for the hot-key switch and yet it hogs 1.5 megs of memory in two separate processes (one run by the user & one by the system). Optional install in PowerToys
|
| N | FastUsr | fast.exe | Installs as part of Windows XP PowerToys as an option for very-fast user switching (allowing a keystoke to switch users instead of using the login screen). It is only used for the hot-key switch and yet it hogs 1.5 megs of memory in two separate processes (one run by the user & one by the system). Optional install in PowerToys
|
| X | FBSearch | SearchGuardPlus.exe | "Fast Browser Search/Search Guard Plus parasite - installed with ""Make the Web Better"" applications such as My Web Tattoo |
| X | fc | runfc.exe | "Added by the CAMPURF WORM!"
|
| X | Fdaemon security | fsecur.exe | "Added by the SDBOT.KXO WORM!"
|
| X | Fdr Command Module | sp2.exe | "Added by the SDBOT.WP WORM!"
|
| X | Fen Startups | fensvc32.exe | "Added by the RANDEX.CCF WORM!"
|
| X | Fenio Startups | fnesvc32.exe | "Added by the AGOBOT-OS BACKDOOR!"
|
| ? | fgl23DoubleScreenHooks | f23happ.exe | "Related to the now discontinued ATI Fire GL3 graphics card. What does it do and is it required?"
|
| X | file laoder configuration | rnd32.exe | "Added by the RBOT.BQJ WORM!"
|
| X | FileFreedom_Plugin | wtm.exe | "FileFreedom peer-to-peer sharing program"
|
| N | filehippo.com | UpdateChecker.exe | "Checks for new releases available in the popular FileHippo.com repository for any software you may already have installed on your computer. Run manually when required"
|
| N | FileHippo.com Update Checker | UpdateChecker.exe | "Checks for new releases available in the popular FileHippo.com repository for any software you may already have installed on your computer. Run manually when required"
|
| X | filename process | Rundil16.exe | "Added by the GAOBOT.ZX WORM!"
|
| X | FileSoft | Wscript.exe UpdataFiles.vbs | "Added by the SST.B WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted. The ""UpdataFiles.vbs"" file is located in %Windir%"
|
| U | Filterguard | Filtrgrd.exe | "An icon located in the lower left of the screen and looks like a lifesaver. This icon is a ""short-cut"" to access the basic features of SOS-Guardian |
| Y | Find Virus Launch Program | fvlaunch.exe | "Part of Dr. Solomon's Antivirus"
|
| X | FireExplore Update | FireExplore.exe | "Added by a variant of the RBOT WORM!"
|
| X | Firefox Plugin Manager | firefoxpgm.exe | Added by the MSNPHOTO.E WORM!
|
| X | FireFox Startup Drivers | wuaclt.exe | "Added by the RBOT.BYX WORM!"
|
| X | Firewall | wmlaunch .exe | "Added by the ELIPTER.A or ELIPTER.B WORMS! Note the space at the beginning of the filename"
|
| X | Firewall | wmlaunch .exe | "Added by the ELIPTER.D WORM!"
|
| X | Firewall | SP2 UPDATE.exe | "Added by the ELITPER.E WORM!"
|
| X | firewall 2008 | logoneui.exe | "Added by the SILLYFDC WORM!"
|
| X | Firewall auto setup | winlogon.exe | "Added by the AGENT-EDB TROJAN! Note - this is not the legitimate winlogon.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Temp%"
|
| X | Firewall auto setup | [path to trojan] | "Added by the AGENT-GLY TROJAN!"
|
| X | Firewall Update System1 | WinedowsUpdater1.exe | "Added by the RBOT-ARU WORM!"
|
| X | Firewall Updater | msnupdateit.exe | "Added by the RBOT-AAQ WORM!"
|
| Y | FirewallGUI | FirewallGUI.exe | "System Tray access to PC Tools Firewall Plus from PC Tools - which ""is a powerful personal firewall for Windows that protects your computer from intruders and controls the network traffic in and out of your PC"""
|
| U | FirewallStartup | Firewallstartup.exe | "Innovative Startup Firewall - ""designed to protect your computer from programs that install themselves in the StartUp area of your Windows without asking for your approval. Innovative StartUp Firewall will help you keep your computer clean |
| X | First Home Page | http://find.naupoint.com | "Naupoint browser hijacker"
|
| ? | First Principle Group | fpg.exe | "Related to the E-Players Card from First Principle Group"
|
| U | FjMenu | FjMenu.exe | "From the ""Fujitsu Menu"" tray icon you have instant access to the Control Panel |
| U | FJTWAIN Setup | FjtwSetup.exe | Fujitsu scanner utility
|
| N | FJUPDNV_Chitose | fjdvrupd.exe | Driver update for a Fujitsu Siemens Lifebook laptop
|
| X | FlashGuard | FlashGuard.exe | "Added by the AUTOIT.AL WORM!"
|
| U | FlashMute | FlashMute.exe | """FlashMute is a tool which allows you to mute/unmute Flash Movies loaded in a browser exclusively |
| N | FlashPath Status | SDSTAT.EXE | System Tray icon that you can't get rid of - and does not need to run!. Tells you the battery status in the floppy disk adapter for the smartmedia cards. Available via Start -> Programs
|
| N | FlashPath Status | FLSHSTAT.EXE | System Tray icon that you can't get rid of - and does not need to run!. Tells you the battery status in the floppy disk adapter for the smartmedia cards. Available via Start -> Programs
|
| U | FlingRun | fling.exe | "Fling - free FTP software from NCH Software"
|
| U | FLMBROWSERMOUSE | mouse32A.exe | Mouse utility for a Trust brand (and possibly others) mouse. If you disable this entry you will not be able to use any of the non-standard functions of the mouse
|
| U | FLMLABTECMOUSE | mouse32A.exe | Mouse utility for a Labtec brand (and possibly others) mouse. If you disable this entry you will not be able to use any of the non-standard functions of the mouse
|
| U | FLMMEDIONMOUSE | mouse32a.exe | Mouse utility for a Medion branded Fellowes mouse
|
| U | FLMOFFICE4DMOUSE | moffice.exe | Mouse utility for a Labtec brand (and possibly others) mouse. If you disable this entry you will not be able to use any of the non-standard functions of the mouse
|
| U | FLMOFFICE4DMOUSE | mouse32a.exe | Mouse utility for a Micro Innovations brand (and possibly others) mouse. If you disable this entry you will not be able to use any of the non-standard functions of the mouse
|
| U | FLMTRUSTKB | KbdAp32A.exe | Keyboard utility for a Trust brand keyboard. If you disable this entry you will not be able to use any of the keyboard hotkeys or other non-standard functions on the keyboard
|
| U | FLMTRUSTMOUSE | mouse32a.exe | Mouse utility for a Trust brand (and possibly others) mouse. If you disable this entry you will not be able to use any of the non-standard functions of the mouse
|
| ? | Focus | Focus.exe | "ISDN configuration wizard?"
|
| X | Folder Service | wssdtu.exe | "Added by the MANIFEST TROJAN!"
|
| X | ForceShow | "rundll32.exe QaBar.dll | ForceShowBar" |
| U | Fortis Secure Layer Config | cseinst.exe | Fortis Bank Home Banking part. Installed during the installation of the software necessary to run the Home Banking. According to Fortis Bank this will not in any way be harmful to the system or relay system information
|
| N | FotoStation Easy AutoLaunch | FotoStation Easy AutoLaunch.exe | Installed with a Nikon digital camera. Used to collect photos uploaded from camera program NkVwMon.exe. If your camera is not connected (via USB port) you do not need this program loaded either
|
| U | Foul PX | FoulPX.exe | "Foul PX |
| U | FourthDay | FourthDay.exe | "The Fourth Day - ""astronomical clock and almanac for your system tray"""
|
| X | foxwudy9912 | service.exe | "Added by the BANCOS-BT TROJAN!"
|
| X | fqor | stub_113_4_0_4_0.exe | "TargetSaver adware"
|
| X | Framework module library | infocard.exe | "Added by the BUZUS.AYX TROJAN!"
|
| X | FreeMP3download | "rundll32.exe MSA64CHK.dll | DllMostrar" |
| U | freesurfer | fs20.exe | "EMS Free Surfer mk II - pop-up stopper"
|
| ? | frguk | shdrkmck.exe | "??"
|
| N | FriendlyWebQuick-Launch | SELFCERT.EXE | selfcert.exe is a stand alone program for creating your own digital certificates for macros - the .exe is installed as an extra basically by clicking on MS Office in add/remove programs and selecting remove - also I would do away with the FriendlyWebQuickLaunchBar as well
|
| U | FRISK FP-Scheduler | F-Sched.exe | "Scheduler for F-Prot anitvirus software. Leave enabled unless you scan manually on a regular basis"
|
| N | Fromine WinPopup | winpopup.exe | Instant Messenger program
|
| X | frun | derc32xz.exe | Added by an unidentified TROJAN!
|
| U | fssui | fsui.exe | "System Tray access to and notifications from Windows Live Family Safety - optionally installed as part of Windows Live Essentials. ""With Family Safety |
| U | fssui | fssui.exe | "System Tray access to and notifications from Windows Live OneCare Family Safety - part of the Live OneCare range and now superseded by Windows Live Family Safety which is part of Windows Live Essentials. Allows you to decide how your kids experience the Internet by limiting searches |
| X | fstsvc | "rundll32.exe fstsvc.dll | start" |
| U | fsui | fsui.exe | "System Tray access to and notifications from Windows Live Family Safety - optionally installed as part of Windows Live Essentials. ""With Family Safety |
| U | FtLnSOP_setup | FtLnSOP.exe | Fujitsu scanner utility
|
| U | FTMSFLT(USB) | FTMSFLTU.EXE | Fujitsu's Touch Panel Message Notifier
|
| U | Ftpqueue | Ftpsched.exe | "Part of WS_FTP Pro from Ipswitch. Queueing facility for scheduling FTP transfers"
|
| U | ftutil2 | "rundll32.exe ftutil2.dll | SetWriteCacheMode" |
| X | FU | FUvirus.exe | "Added by the VB-EJC TROJAN!"
|
| X | FuckD3w4 | FuckD3w4.exe | "Added by the BRONTOK-DI WORM!"
|
| X | Fucker | fucker.vbs | "Added by the CATCHER-A WORM!"
|
| U | Fujitsu Hotkey Utility | IndicatorUty.exe | "Fujitsu Hotkey Utility displays icons on the screen when you use hotkeys on a Fujitsu Siemens Lifebook |
| U | Fujitsu Menu | FjMnuIco.exe | "From the ""Fujitsu Menu"" tray icon you have instant access to the Control Panel |
| X | fukerservice | fukerz.exe | "Added by a variant of the RBOT WORM!"
|
| X | FUKLBAR | bar.exe | "PurityScan adware"
|
| N | FullAudio | WMPImporter.exe | Used to import settings from Windows Media Player into Music Now software (from www.musicnow.com - which is no longer available) and possibly others
|
| X | Fun | Fun.exe | "Added by the COIDUNG-A WORM!"
|
| N | FusionHdtvTray | FusionHdtvTray.exe | "FusionTrayAgent - main executable for DVICO FusionHDTV software. It adds an icon to system tray that allows you to easily access Fusion HDTV software"
|
| U | FusionRC | FusionRC.exe | "Remote control manager for DVICO FusionHDTV"
|
| U | FusionRemote | FusionRc.exe | "Remote control manager for DVICO FusionHDTV"
|
| N | FusionTrayAgent | FusionHdtvTray.exe | "FusionTrayAgent - main executable for DVICO FusionHDTV software. It adds an icon to system tray that allows you to easily access Fusion HDTV software"
|
| X | Fwr Command Module | fwr.exe | "Added by the SDBOT-PP WORM!"
|
| X | gabougool | nounina.exe | "Added by the AGENT-JVX TROJAN!"
|
| N | Gadu-Gadu | gg.exe | Polish language Instant Messaging client
|
| X | GAELICUM.EXE | GAELICUM.EXE | "Added by the PENTA-A TROJAN!"
|
| N | Game Device | JOYUPDRV.EXE | Genius game controller profile activator
|
| X | Game House | GameHouse.exe | "Added by the DELF-DRA WORM!"
|
| X | Games toolbar | rundll32.exe [path] tbGame.dll DllShowTB | "Topconverting.com/180Search ""Games Toolbar"" adware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted"
|
| U | gameutil.exe | gameutil.exe | Part of Redline RegTweak as supplied with Sapphire ATI graphics cards. You can configure different overlclocking settings on a per game basis and this sets those conditions following a re-boot
|
| U | GARO Status Monitor | cnwism.exe | Print monitor for certain Canon printers
|
| X | Gddlib | "rundll32.exe gddlib.dll | start" |
| X | Gekio Startups | gnksvc32.exe | "Added by the AGOBOT.AFJ WORM!"
|
| U | Gene USB Monitor | USBMonit.exe | Monitors USB ports for insertion of Sandisk USB flashdrives
|
| X | General Antivirus | GenAvir.exe | "General Antivirus rogue security software - not recommended |
| X | Generic Host Process2 System Backup | scvhost2.exe | "Added by the RBOT-BAH WORM!"
|
| X | Generic Host Process326a System Backup | scvhost326a.exe | "Added by a variant of the SDBOT WORM!"
|
| Y | Genie USB Monitor | USBmonitor.exe | Port monitor for an external USB hard drive. Required to enable access to the drive
|
| X | Genius Mose Driver | svghost.exe | "Added by a variant of the SPYBOT WORM! See here"
|
| X | Geography TX 1.0 NT | CompuSpeed.vbs | "Added by the NEWLEY-A WORM!"
|
| X | Gerenciamento de arquivos do Windows | Winmod32.exe | "Added by the DLOADER-WG TROJAN!"
|
| X | Gestionnaire de disques universel | sysoobe.exe | "Added by the TOADER-A TROJAN!"
|
| X | GetitAll | "rundll32.exe MSA64CHK.dll | DllMostrar" |
| X | GetModule18 | GetModule18.exe | "Internet Speed Monitor adware related - see example here"
|
| X | GetModule19 | GetModule19.exe | "Internet Speed Monitor adware related - see example here"
|
| X | GetModule20 | GetModule20.exe | "Internet Speed Monitor adware related - see example here"
|
| X | GetModule21 | GetModule21.exe | "Internet Speed Monitor adware related - see example here"
|
| X | GetModule23 | GetModule23.exe | "Internet Speed Monitor adware related"
|
| X | GetModule24 | GetModule24.exe | "Internet Speed Monitor adware related - see example here"
|
| X | GetModule25 | GetModule25.exe | "Internet Speed Monitor adware related - see example here"
|
| X | GetModule27 | GetModule27.exe | "Internet Speed Monitor adware related"
|
| X | GetModule29 | GetModule29.exe | "Internet Speed Monitor adware related - see example here"
|
| X | GetModule30 | GetModule30.exe | "Internet Speed Monitor adware related"
|
| X | GetMP3 | "rundll32.exe MSA64CHK.dll | DllMostrar" |
| X | GetTheMusic | "rundll32.exe MSA64CHK.dll | DllMostrar" |
| X | gfxtray | "rundll32 ctccw32.dll | findwnd" |
| X | Ghost Antivirus | GhostAV.exe | "Ghost Antivirus rogue security software - not recommended |
| U | GhostSecuritySuite | gss.exe | "Ghost Security Suite - protect the registry from unauthorized reading and modification and other tools"
|
| Y | GhostSurfDelSatellite | DeleteSatellite.exe | "Part of SpyCatcher spyware remover from Tenebril. Prevents rogue programs from sending personal information to a remote user via the Internet. If you use SpyCatcher with real time scanning |
| Y | Gilat SOM Enumerator | dllhost.exe | For Gilat Communications internet satellite systems - associated with SkyBlaster modem. Required if you have this system
|
| X | Global Startup | WinDash.EXE | "Detected by Kaspersky as the VB.Q WORM!"
|
| X | Glock Suite 1.1 | glock32.exe | "Added by the TINY.GV TROJAN!"
|
| ? | gluon | gluon.exe | "In a gluon/bin sub-directory"
|
| Y | Gmouse | Gmouse.exe | Amouse mouse driver - required if you use non-standard Windows driver features
|
| U | Gnetmous | gnetmous.exe | "Genius mouse driver - required if you use non-standard Windows driver features"
|
| U | GNETMOUSE | gnetmouse.exe | "Genius mouse driver - required if you use non-standard Windows driver features"
|
| ? | gnub | gnub.exe | "??"
|
| U | GoBack | GBMenu.exe | "Roxio's (nee Adaptec) GoBack software which allows you to revert back to a previously working state on you hard drive if you install a new program and your system goes faulty - performing the same functions with extra features as System Restore on WinMe/XP systems. Disable before running Scandisk or Defrag. Not required for WinMe/XP users |
| X | Golum | services.exe | "Added by the GOLUM.A TROJAN! Note - this is not the legitimate services.exe process |
| X | golumm | services.exe | "Added by the DLOADER-ET TROJAN! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ""golumm"" subfolder"
|
| U | Google IME Autoupdater | GooglePinyinDaemon.exe | "Google Pinyin Input Method Editor (IME) - allows a user to input Chinese characters by entering the pinyin of a Chinese character (with or without tone |
| U | Google Quick Search Box | GoogleQuickSearchBox.exe | "Part of Google Toolbar (from version 6 onwards) for IE. The Quick Search Box sits between the ""Start"" button and Quick Launch toolbar and ""lets you easily search both your computer and the Web from a slick-looking search box that comes up only when you need it"""
|
| X | Google service | Googlesetup.exe | "Added by the IRCBOT-RJ WORM!"
|
| N | Google Update | GoogleUpdate.exe | "Update manager for the range of tools available from Google - such as the Chrome web browser and Picasa photo manager. Located in %AppData%\Google\Update"
|
| X | Google Update | GoogleUpdate.exe | "Added by the BUZUS.DBFM TROJAN! Note - this is not the valid Google program which is normally located in %AppData%\Google\Update. This version resides in %System%"
|
| N | Google Updater | GOOGLE~1.EXE | "Downloads and installs updates for Google applications (Google Earth |
| N | Google Updater | GoogleUpdater.exe | "Downloads and installs updates for Google applications (Google Earth |
| U | GoogleQuickSearchBox | GoogleQuickSearchBox.exe | "Part of Google Toolbar (from version 6 onwards) for IE. The Quick Search Box sits between the ""Start"" button and Quick Launch toolbar and ""lets you easily search both your computer and the Web from a slick-looking search box that comes up only when you need it"""
|
| X | GoogleUpdater3 | GoogleMapper.exe | "Added by the ROUTROBOT WORM!"
|
| X | gotnewupdate000.exe | gotnewupdate000.exe | "Added by the FAKEAV-BGA TROJAN!"
|
| U | GoTrusted | GoTrusted Secure Tunnel.exe | """GoTrusted is the fast |
| X | gouday.exe | readme.exe | "Added by the BEAGLE.C WORM!"
|
| X | govurarope | "Rundll32.exe retasevo.dll | s" |
| X | GP Updater | gpupdater.exe | "Added by a variant of the IRCBOT BACKDOOR! See here"
|
| X | Graphic Update | openglx.exe | "Added by the IRCBOT.AMU WORM!"
|
| X | Graphics | _default.pif | "Added by the AUTOSKY WORM!"
|
| U | Gravis Xperience Driver Support | Grxp4exe.exe | "Driver for Gravis game controllers such as the Eliminator Aftershock. Must be loaded if you run the supplied application software for the controller to be recognized. Start it manually via a shortcut if not used"
|
| X | GreasyPalmUpdate | GreasyPalmUpdate.exe | "SearchFast adware"
|
| X | GreatDownloads | "rundll32.exe MSA64CHK.dll | DllMostrar" |
| Y | Groove Virtual Office | Groove.exe | """Groove Virtual Office uses a peer-to-peer networking model to connect users in Groove Workspaces. In these workspaces geographically dispersed coworkers can do almost everything they could do in the same office. They can hold online meetings |
| U | GrooveMonitor Utility | GrooveMonitor.exe | "Part of MS Office Groove - a stand-alone product or included with the Enterprise/Ultimate versions of MS Office 2007. ""A collaboration software program that helps teams work together dynamically and effectively |
| U | GroupWise PDA Connect - 3CmPlm | AutoDet.exe | "3Com Palm PC specific translator for the GroupWise PDA Connect PDA synchronisation utility from Novell"
|
| U | GroupWise PDA Connect - GrpWse | Agnt.exe | "GroupWise PDA Connect PDA synchronisation utility - from Novell"
|
| U | GroupWise PDA Connect - PocketPC | AUTODE~1.EXE | "Windows Mobile Pocket PC specific translator for the GroupWise PDA Connect PDA synchronisation utility from Novell"
|
| U | GroupWise PDA Connect - ScheduleSync | SCHEDU~1.EXE | "ScheduleSync specific translator for the GroupWise PDA Connect PDA synchronisation utility from Novell"
|
| ? | GsiFinal | "rundll32 gspndll.dll | postInstall final" |
| ? | GSISETUP | [path] GsiInst.exe INSTALL [path] V205Res 13 | "BT Voyager ADSL modem related - what does it do and is it required?"
|
| X | GStartup | GMT.exe | "Gator spyware component - see here. Please note that Claria Corporation no longer support GAIN-Supported software - see here"
|
| X | GT15J4R49V | cpuserv.exe | Identified as a variant of the Trojan.Win32.Radi.gu malware
|
| U | Guard | Guard.exe | "Related to Phoenix Technologies Core Managed Environment (cME) Integration and Certification program"
|
| X | Guard Pro | VH339.exe | "Guard Pro rogue security software - not recommended |
| X | GuardCenter | GuardCenter.exe | "GuardCenter rogue security software - not recommended"
|
| Y | GuardGui Application | GuardGui.exe | "System Tray access to the main user interface for Ashampoo® AntiVirus from Ashampoo GmbH & Co. KG."
|
| U | Guardian | CMGrdian.exe | "McAfee Guardian shortcut menu on the System Tray (looks like a castle) given access to Internet Security |
| U | Guardian PC Security Tools | Pfft.exe | "Boomerang Software's Guardian PC Security Tools - now rebranded as the eXtendia Security Suite"
|
| X | GuardPcs.exe | GuardPcs.exe | "GuardPcs rogue security software - not recommended |
| X | GuardWWW | GuardWWW.exe | "GuardWWW rogue security software - not recommended |
| X | guarnset | guarnset.exe | "Adlogix adware"
|
| X | gummy | gummy.exe | "Added by the VANEBOT-AQ WORM!"
|
| X | GURL | gurl.exe | "GURLWatcher spyware"
|
| U | GuruNet | GuruNet.exe | "GuruNet lets you click on any word on your screen to get the relevant information you want"
|
| X | GustavVED | [filename].exe | "Added by the OPASERV.H WORM!"
|
| X | gvagfxj | rundll32 ...gvagfxj.dll | "Unidentified adware |
| U | gwum | gwum.exe | "Gigabyte utility manager. Loads if you have a Gigabyte motherboard and got a full bundle of utilities installed. Monitors CPU |
| U | H2OWIBU | CXWibu.exe | "Related to CodeMeter from WIBU-SYSTEMS AG. Software protection hardware"
|
| U | Habu | razerhid.exe | "Microsoft Habu (by Razer) gaming mouse driver - required if you use the additional features and programmed keys/macros"
|
| X | hachimitsu-lemon | hachimitsu-lemon.exe | "Added by the HACHILEM TROJAN!"
|
| X | HackMuFpt | HackMuFpt.exe | "Added by the SCLOG-AG TROJAN!"
|
| U | HalifaxHowardCluster | skinkers.exe | """Howard the Weatherman"" desktop client from Halifax by Skinkers - marketing/messaging tool. Leave enabled if you want to receive messages"
|
| U | Handy Backup 3.9 | hbagent.exe | "Handy Backup - automatic backup of your critical data to virtually any type of storage media including CD-RW devices and remote FTP servers"
|
| X | HanUpdate | hanz.exe | "Added by the RBOT-GLJ WORM!"
|
| X | HardDriveGuard | SysRep.exe | "HardDriveGuard rogue system error and cleaning utility - not recommended |
| X | HataDuzelticisi | SysRep.exe | "HataDuzelticisi |
| U | Hawking HWU54G Utility | HWU54G.exe | "Wireless management utility for the HWU54G Mini Wireless-G USB Adapter from Hawking Technologies |
| U | Hawking Wireless Utility | HWU8DD.exe | "Wireless management utility for the HWU8DD Hi-Gain™ USB Wireless-G Dish Adapter from Hawking Technologies |
| U | HControlUser | HControlUser.exe | Hotkeys on an ASUS Notebook. Only required if you use the additional keys
|
| N | HD Audio Control Panel | RtHDVCpl.exe | "Realtek HD Audio Manager |
| N | HDAShCut | HDAShCut.exe | High definition audio page shortcut for Realtek audio devices - not required
|
| U | HDAudDeck | HDAudioCPL.exe | "Vista control panel for VIA Vinyl HD Audio Codecs from VIA Technologies |
| U | HDAudDeck | HDeck.exe | "XP control panel for VIA Vinyl HD Audio Codecs from VIA Technologies |
| X | HDAudio | hda.exe | "Added by the TACTSLAY.U TROJAN!"
|
| X | HDAudio Driver 1.0 | [random filename].exe | "Added by the TEADOOR-D TROJAN!"
|
| X | HDAudio Driver 2.0 | [random filename].exe | "Added by the TEADOOR-E TROJAN!"
|
| U | HDDControlGuard | HDDControlGuard.exe | "Part of Ashampoo® HDD Control from Ashampoo GmbH & Co. KG - a hard drive monitoring utility which also incorporates defragmentation and cleaners for browsing history and unnecessary files. This entry loads the Ashampoo HDD Control Guard component on startup which runs in the background and monitors the hard drives and provides System Tray access"
|
| U | HDDControlGuard.exe | HDDControlGuard.exe | "Part of Ashampoo® HDD Control from Ashampoo GmbH & Co. KG - a hard drive monitoring utility which also incorporates defragmentation and cleaners for browsing history and unnecessary files. This entry loads the Ashampoo HDD Control Guard component on startup which runs in the background and monitors the hard drives and provides System Tray access"
|
| X | he3bbcff | "rundll32.exe he3bbcff.dll | EnableRunDLL32" |
| X | he3e3fc4 | "rundll32.exe he3e3fc4.dll | EnableRunDLL32" |
| X | Hekio Startups | Hnksvc32.exe | "Added by the AGOBOT-QE WORM!"
|
| X | helper.dll | rundll32.exe [path] helper.dll | "CnsMin (Chinese Keywords) hijacker related. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted"
|
| ? | HerculesCamService | CamService.exe | "Related to the Hercules Dualpix HD Webcam. What does it do and is it required?"
|
| X | hErcUnes | softhost.exe | "Added by the GARROCH WORM!"
|
| X | HF Security | hfsecure.exe | "Added by the AGOBOT-TI WORM!"
|
| X | hfdtubvnx | keepSafe.exe | "Added by the KILLAV.KAX TROJAN!"
|
| X | hhtnsn | rnxntup.exe | "Added by a variant of the ORCU.B TROJAN!"
|
| ? | HiberMonitor | HCount.exe | "??"
|
| X | HideRun.exe | Hiderun.exe and svhost.exe and pro.gif | "Added by the BOOHOO WORM!"
|
| X | HideStyle | Ante Browse Trust.exe | "IE toolbar taking you to Lop.com. If the exe is running |
| X | Hidup_Susah | Pembantu.exe | "Added by the SILLYFDC.BDM WORM!"
|
| U | High Definition Audio Property Page Shortcut | CHDAudPropShortcut.exe | "Realtek audio card related. Probably adds the odd feature to one of the ""Sounds"" Control Panel applet tabs - doesn't appear to be required"
|
| N | High Definition Audio Property Page Shortcut | HDAShCut.exe | High definition audio page shortcut for Realtek audio devices - not required
|
| U | High Definition Audio Property Page Shortcut | CHDAudPropShortcut.exe | "Realtek audio card related. Probably adds the odd feature to one of the ""Sounds"" Control Panel applet tabs - doesn't appear to be required"
|
| X | Highspeeddownloader | SetupClickHere.EXE | "Homepage hijacker |
| U | HijackThis startup scan | HijackThis.exe | """HijackThis is a free utility which quickly scans your Windows computer to find settings that may have been changed by spyware |
| X | HistoriaLout. | GDC.exe | "HistoriaLout. rogue privacy tool - not recommended. A member of the PCPrivacyTool family"
|
| U | Hitman Pro SurfRight Helper | srhelper.exe | "Hitman Pro - a utility to start a number of Security Protection software. They can be started individualy"
|
| X | HKCU | server.exe | "Added by the AGENT-NLT TROJAN!"
|
| X | HKEYok | runlli32.exe | "Added by the QQPASS-U TROJAN!"
|
| X | HKLMRun | windowsupdate.exe | "Added by the FORBOT-BJ WORM (where HKLM\Run represents HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run)!"
|
| X | HKLM\Run | svhost.exe | "Added by the FORBOT-AO BACKDOOR (where HKLM\\Run represents HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run)!"
|
| X | HLcleanup | hlsetup2.exe | "LinkReplacer/FFinder adware"
|
| X | HML PowerSource | hmlsvc32.exe | "Added by the SDBOT-XL WORM!"
|
| X | HMV PowerSource | hmusvc32.exe | "Added by the SDBOT-YW WORM!"
|
| X | hohohhaha | ournik.com | "Added by the IRCFLOOD.AL BACKDOOR!"
|
| X | Home Antivirus 2010 | HomeAntivirus2010.exe | "Home Antivirus 2010 rogue security software - not recommended |
| X | HomeAntivirus 2009 | HomeAntivirus2009.exe | "HomeAntivirus 2009 rogue security software - not recommended |
| ? | HomeCentre WakeUp | LGWAKEUP.EXE | "Associated with the no longer supported Xerox HomeCentre printer/scanner"
|
| U | Hook99startup | hk2re.exe | ""Hook99 enables the user to customize the start button. You can change or remove the text and replace the Windows flag on button with icon of your choice. Supports Windows icons |
| X | Hotfix Updat | svdhost32.exe | "Added by the GAOBOT.ZW WORM!"
|
| X | hotplug | hotplug.exe | "Added by the SILLYDL TROJAN!"
|
| U | Hotplug | hot_plug.exe | "Related to the SiS_Hot_Plug_Application. Enables automated driver loading for hotpluggable devices. If this service is stopped |
| X | Hot_Tarts_Au | Hot_Tarts_Au.exe | Premium rate adult content dialler
|
| U | HP AutoIndexer | hppautoindexer.exe | "Installed by HP multi-function printer driver software |
| N | hp center UI | ShadowBar.exe | "User Interface for HP Center - see here"
|
| U | HP Health Check Schedule | HPHC_Scheduler.exe | HP Health Check Scheduler from Hewlett-Packard
|
| ? | HP IDScheduler | HPIDSCHD.exe | "HP Instant Delivery Scheduler"
|
| U | HP Instant Support | matcli.exe | ""matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address |
| N | HP Internet Center | SURFBRD.EXE | Loads the HP Internet center surfboard on startup. HP Internet Center allows you to customize the multimedia keys on the fly without having to go the Control Panel --> Keyboards to change them
|
| N | HP JetSpeed Autostart | AUTOSTART.EXE | Autostart executable for the old multiplayer game HP Jetspeed
|
| ? | HP OfficeJet Series xxx Startup | HPOSTR03.EXE | "xxx represents the series number - such as 700. What does it do and it it required?"
|
| ? | HP OfficeJet Series xxx Startup | HPOstr05.exe | "xxx represents the series number - such as 700. What does it do and it it required?"
|
| N | HP ScanPicture | hpsplmwa.exe | HP multifunction scanner software. Available from HP Office Jet R Toolbox so not required
|
| ? | hp Silent Service | HpSrvUI.exe | "HP related"
|
| N | HP software update | HPWuSchd2.exe | HP software updates. If a shortcut doesn't exist create your own and run it manually
|
| N | HP software update | HPWuSchd.exe | "HP software updates. If a shortcut doesn't exist |
| N | HP Status | hpstatus.exe | HP Printer Status and Alerts
|
| ? | HP Status Server | hpboid.exe | "Copied during installation of HP Inkjet Printer Drivers in Win2K/XP. What does it do and is it required?"
|
| X | HP Update Assistant | HPAware.exe | Added by the MRO TROJAN!
|
| N | HP Updates | ?? | "On HP PCs |
| ? | HP Visualize Init | HpVisIni.exe | "HP Visualize software related. What does it do and is it required?"
|
| U | HPDJ Taskbar Utility | hpztsb01.exe | HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer
|
| U | HPDJ Taskbar Utility | hpztsb02.exe | HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer
|
| U | HPDJ Taskbar Utility | hpztsb04.exe | HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer
|
| U | HPDJ Taskbar Utility | hpztsb05.exe | HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer
|
| U | HPDJ Taskbar Utility | hpztsb07.exe | HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer
|
| U | HPDJ Taskbar Utility | hpztsb09.exe | HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer
|
| U | HPDJ Taskbar Utility | hpztsb06.exe | HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer
|
| U | HPDJ Taskbar Utility | hpztsb08.exe | HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer
|
| U | HPDJ Taskbar Utility | hpztsb03.exe | HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer
|
| U | HPDJ Taskbar Utility | hpztsb10.exe | HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer
|
| U | HPDJ Taskbar Utility | hpztsb11.exe | HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer
|
| U | HPDJ Taskbar Utility | hpztsb12.exe | HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer
|
| U | HPDJ Taskbar Utility | hpztsb13.exe | HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer
|
| U | HPGamesActiveMenu | ActiveMenu.exe | Wild Tangent demo games that come with some HP computers. Unchecking it can prevent the games from running occasionally. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case
|
| N | HPHUPD04 | hphupd04.exe | HP software update checker and wizard launcher. Available via Start -> Programs
|
| N | HPHUPD05 | hphupd05.exe | HP software update checker and wizard launcher. Available via Start -> Programs
|
| N | HPHUPD06 | hphupd06.exe | HP software update checker and wizard launcher. Available via the Start menu
|
| N | HPHUPD07 | hphupd07.exe | HP software update checker and wizard launcher. Available via Start -> Programs
|
| N | HPHUPD08 | hphupd08.exe | HP software update checker and wizard launcher. Available via Start -> Programs
|
| ? | hpjsiroute | hpjsira.exe | "Related to HP laserjet printers and IP addresses. An IP address is appended to the name field - ie "hpjsiroute192.168.1.2""
|
| U | HPLaptopGamesActiveMenu | ActiveMenu.exe | Wild Tangent demo games that come with some HP computers. Unchecking it can prevent the games from running occasionally. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case
|
| N | HPU | ProvenTactics.exe | "Proven Internet Marketing software"
|
| X | HP_runner | front.exe | "Added by the SILLYFDC WORM!"
|
| ? | HsuGuiControl | HsuGuiControl.exe | "Part of the Starband Internet satellite client. What does it do and is it required?"
|
| X | HTTP Tunneling Server | mstunnel.exe | "Added by the RBOT.EDL WORM!"
|
| X | http://www.lienvandekelder.be | Lientjeuh.exe | "Added by the MYTOB-P WORM!"
|
| X | httpd | s_menu.exe | "Added by the TACTSLAY.C TROJAN!"
|
| U | HughesNet Tools | matcli.exe | """matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address |
| ? | huhdir | huhdir.exe | "??"
|
| X | huigezi | HgzServer.exe | "Added by the GRAYBIRD.C TROJAN!"
|
| X | huigezi | SP00LSV.EXE | "Added by the GRAYBIRD.J BACKDOOR! Note the digit ""0"" in the command"
|
| U | HWSetup | HWSetup.exe hwSetUP | """Toshiba Hardware Setup is the Toshiba configuration management tool available through Windows."" Allows the user to change BIOS |
| X | HXIUL.EXE | HXIUL.EXE | "Attune HelpExpress - spyware. Disable and uninstall - see here"
|
| X | I am not Ranky. I am eTunnel! | msyervice.exe | Added by an unidentified WORM or TROJAN!
|
| X | I am not Ranky. I am eTunnel! | winsys.exe | Added by an unidentified WORM or TROJAN!
|
| X | I am not Ranky. I am eTunnel! | disney.exe | Added by an unidentified WORM or TROJAN!
|
| X | I just want to say I love Milko and I need a drink | svchost.exe | "Added by the CHIKO WORM! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in Documents and Settings\Administrator\Local Settings\Application Data"
|
| X | I-Worm.GiGu | uGiG.eXe | "Added by the GINK WORM!"
|
| U | i8kfangui | i8kfangui.exe | Graphical interface for fan speed control
|
| X | Iamnacho On Irc.MusIrc.com Is a Homosexual! | XBox64.exe | "Added by the RANDEX.Y WORM!"
|
| Y | IBM Client Security | certtool.exe | "Part of Client Security Software for IBM\Lenovo notebooks. If you have configured the software via the associated wizard this will need to be running if you want to mount password protected areas of the disk (created with SafeGuard PrivateDisk) |
| N | IBM Client Security Software | csecwiz.exe | "Setup wizard for the Client Security Software for IBM\Lenovo notebooks. This entry only runs once |
| U | IBM ThinkPad EasyEject Support Application | EzEjMnAp.Exe | "EasyEject Utility for IBM/Lenovo Thinkpad notebooks. Quote: ""The IBM ThinkPad EasyEject Utility makes removing multiple devices from your computer faster and easier by enabling you to stop more than one device at once |
| N | IBM ThinkPad EasyEject Tray Utility | EZEJTRAY.EXE | "System Tray access to the EasyEject Utility for IBM/Lenovo Thinkpad notebooks. Quote: ""The IBM ThinkPad EasyEject Utility makes removing multiple devices from your computer faster and easier by enabling you to stop more than one device at once |
| N | IBM ThinkPad Tray Utility | TP98TRAY.EXE | "System Tray access to the ThinkPad Configuration utility for IBM/Lenovo ThinkPad notebooks. ""The ThinkPad Configuration utility is a control center to configure your ThinkPad hardware. With this utility |
| U | IBM ThinkPad Utility | NPDTray.exe | System Tray access to Presentation Director for IBM/Lenovo Thinkpad notebooks - which allows you to create and quickly select between various single and mulitple display options. Scheme selection and settings are also available via Fn+F7 key combination on some models
|
| U | IBM TrackPoint Accessibility Features | tp4ex.exe | "Supports accessibility features for the TrackPoint stick and associated buttons on IBM/Lenovo ThinkPad notebooks. If features such as ""Click Sound"" |
| U | IBMUltraBayHotSwapCPLLoader | IBMBAY2N.EXE | Supports hot swapping in Thinkpad UltraBay Option on IBM ThinkPad laptops
|
| ? | IBMUltraBayHotSwapSound | IBMBAYSN.EXE | "Supports hot swapping in Thinkpad UltraBay Option on IBM ThinkPad laptops. Is it needed though - does it just play a sound?"
|
| U | IBWin Background process | IBackground.exe | "IBackup for Windows"
|
| X | icdd7ee6 | "rundll32.exe icdd7ee6.dll | EnableRunDLL32" |
| X | icddefff | "rundll32.exe icddefff.dll | EnableRunDLL32" |
| N | ICH Synth | eusexe.exe | "Sound related and can be disabled without affecting performance although advanced sound features may be sacrificed. May be related to Compaq PC's with "SoundMAX integrated Digital Audio" (Analog Devices Inc.) devices"
|
| X | icifati | yujixit.exe | "Added by the SDBOT.ZZH WORM!"
|
| N | ICQ Plus | vplus.exe | "ICQ Plus is a freeware utility makes your ICQ skinnable (change the look). Available via Start -> Programs"
|
| X | IcqBeta | webcamupdate.exe | Added by an unidentified TROJAN!
|
| X | icrosoft Visual | plscx.exe | "Added by the RBOT-AYO WORM!"
|
| X | icrosoft Visual InterDevc | zvslmqb.exe | "Added by the RBOT-AYP WORM!"
|
| X | icrosoft Windows DLL Services Configuration | poker3.exe | "Added by the SDBOT-AER WORM!"
|
| U | ICSDCLT | "rundll32.exe Icsdclt.dll | ICSClient" |
| X | ICU-Sucker | Service32.exe | "Added by the ILLNOTIFIER.D TROJAN!"
|
| U | IDriveE Startup | IDrvieEStartup.exe | "IDrive from Pro Softnet Corporation - free full featured online backup up to 2GB with the option of paying for more storage space and managing multiple accounts"
|
| X | IE configure | explorer.exe | "Added by the LINEAGE-C TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually!"
|
| X | IE Java Update | iejava.exe | "Added by the AGENT-HD TROJAN!"
|
| X | IE Menu Extension toolbar | rundll32.exe [path] tbextn.dll DllShowTB | "Topconverting.com/180Search ""IEMenuExtension"" toolbar. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted"
|
| X | IE Runtime | wini.exe | "Added by the PICRATE.B WORM!"
|
| X | IE Runtimes | winis.exe | "Added by the RBOT-ADZ TROJAN!"
|
| X | IE-Security | iescan.exe | "IE-Security rogue spyware remover - not recommended |
| X | IE-Security | wdscan.exe | "IE-Security rogue spyware remover - not recommended |
| X | IEACCESS | surfya.exe | "
| X | IEAgent update check | iewatch.exe | "Added by the BOMKA TROJAN!"
|
| U | IECleanAux | Ieboot6.exe | "IEClean by Kevin McAleavy - cookie manager |
| X | IEexplorer AUpdate | IEexplore32.exe | "Added by the RBOT-GRE WORM!"
|
| X | IEFeatures | IEFeatures.exe | "Added by the POPMON.A TROJAN! - also known as PopMonster adware"
|
| X | IEFeatures | Internetfeatures.exe | "Added by the POPMON.A TROJAN! - also known as PopMonster adware"
|
| X | Iehelper | syslaunch.exe | Outwar adware downloader
|
| X | iel2cde8 | "rundll32.exe iel2cde8.dll | EnableRunDLL32" |
| X | ielcaabe | "rundll32.exe ielcaabe.dll | EnableRunDLL32" |
| X | iesetupi.exe | iesetupi.exe | "Added by a variant of the RBOT WORM!"
|
| X | ieupdate | MCP****.exe [**** = random char] | "Added by the ASOXY TROJAN!"
|
| X | ieupdate | mcpdll32.exe | Adware downloader trojan
|
| X | ieupdate | [random filename] | "Added by the AGENT-C BACKDOOR!"
|
| X | ieupdates | ieupdates.exe | "Added by a number of TROJANS such as DWNLDR-HGI and AGENT-HGA and the Antivirus 2009 rogue security software - see here"
|
| X | iExplore Ini | ie4uini.exe | "Added by a variant of the IRCBOT BACKDOOR! See here"
|
| X | ifperx | xmliwvug.exe | "Added by the SLAPER.U TROJAN!"
|
| X | igamatu | ekor.exe | "Added by the SDBOT.AQ TROJAN!"
|
| X | igamatu | atecaca.exe | "Added by the IRCBOT.R WORM!"
|
| X | IGuardPc.exe | IGuardPc.exe | "IGuardPc rogue security software - not recommended |
| X | iiuyvyu | uzcx.exe | "Added by the AGENT-EOF TROJAN!"
|
| U | IJNetworkScanUtility | CNMNSUT.EXE | Network utility available for some Canon scanners and multifunction devices. Allows the device to see computers on a network and those computers running the utility to control scanning via the Control Panel on the scanner - which saves you having to run back and forth between the scanner and your computer
|
| U | IKL | rundll32.exe [path] IKL.dll | "IKL surveillance software. Uninstall this software unless you put it there yourself"
|
| X | Image | "rundll32 [path] [trojan filename] | Install" |
| U | ImageDrive-{hex numbers} | ImageDrive.exe | "Nero ImageDrive from Ahead - virtual CD/DVD drive software"
|
| U | ImageTune | dthtml.exe | "ImageTune from Hyundai ImageQuest. Rebranded version of Display Tune from Portrait Displays |
| N | iMarkup Client | iUtil.exe | "Enables the iMarkup Client web page annotation utility to run in the background and be available in systray. Shortcut available via Start -> Programs"
|
| X | imcssl | xmliwvug.exe | "Added by the SLAPER.U TROJAN!"
|
| N | Imesh Auto Update | ?? | "Update check for the Imesh file sharing system. Turn the update off under ""options"""
|
| U | Imonitor | Plguni.exe | "Part of McAfee's QuickClean - which removes internet clutter and unwanted programs. This entry monitor changes made to the registry so that they can be undone later using QuickClean - such as removing programs. QuickClean is now integrated into their Total Protection |
| U | IMVU | IMVUClient.exe | "IMVU chat client that allows you to create ""your own avatars who chat in animated 3D scenes"""
|
| X | IMwire | imwireup.exe | "SafeSurfing adware variant"
|
| X | imxecs | vbrun70sp4.exe | "Added by the AGOBOT.ALA WORM!"
|
| X | im_autorn | im_1.exe | "Added by the IMAV.A WORM!"
|
| X | im_autorn | im_2.exe | "Added by the BAGLEDL-BO TROJAN!"
|
| U | IndicatorUty | IndicatorUty.exe | "Fujitsu Hotkey Utility displays icons on the screen when you use hotkeys on a Fujitsu Siemens Lifebook |
| X | InetChk | ms[random value].exe | "Added by the AGENT-IRL TROJAN!"
|
| X | infamous.exe | wmplayer.exe | Added by unknown malware. WMPLAYER.EXE is stored in the location and uses the same name as Windows Media Player but that valid Windows program doesn't load at startup
|
| X | InfoData | "rundll32.exe ********.dll | realset [* = random char]" |
| X | Information Update | iu.exe | "Detected by Kaspersky as the CENTIM.CH TROJAN!"
|
| X | infus | infus.exe | Adult content dialler
|
| U | Infuzer | Infuzer.exe | "Infuzer - ""is a service that copies dates from the web or an email straight to your electronic calendar"". Beware of the following adware trait - ""Infuzer provides web site owners with a unique opportunity to communicate with their visitors in a way that is useful and relevant to them |
| X | Install part II | updates.exe | "Added by the RELFEERWORM!"
|
| N | InstallAurealDemos | InstallAurealDemos.js | Used to initialize the Aureal A3D demos InstallShield wizard
|
| U | InstallBuddy | Ibtna.exe | "InstallBuddy - automatically translates and installs your desktop documents |
| ? | InstallNAIProduct | SETUP.EXE | "Could be related to Network Associates Inc who own the McAfee VirusScan product amongst others. This was found in a directory called "VSC". Could it be an installation that failed and "SETUP.EXE" was left to run at startup as an error?"
|
| U | Installstub | installstub.exe | "Tool for Outlook and Outlook Express from Plaxo for organising and keeping contacts organised and updated and providing online access to your contacts and access from PDA or mobile phone"
|
| X | Instant Access | "rundll32.exe EGDHTML_1023.dll | InstantAccess" |
| X | Instant Access | "rundll32.exe eg_auth_****.dll | InstantAccess [**** = digits]" |
| X | Instant Access | "rundll32.exe EGCOMLIB_****.dll | InstantAccess [**** = digits]" |
| X | Instant Access | "rundll32.exe EGCOMSERVICE_****.dll | InstantAccess [**** = digits]" |
| X | Instant Access | "rundll32.exe p2esocks_****.dll | InstantAccess [**** = digits]" |
| X | Instant Buzz Daemon | IBDaemon.exe | "Instant Buzz adware"
|
| N | Instant Update Center | reminder.exe | "Event reminder for calendar dates |
| U | Instant Wireless Configuration Utility | WUSB11cfg.exe | "Utility used by the LINKSYS LINKSYS wireless USB Adapter (WUSB11) and indicates when a wireless access connection is made by a screen colour change. Also used for configuration"
|
| U | Instant Wireless Configuration Utility | WPC11Cfg.exe | "Utility used by the LINKSYS wireless USB Adapter (WUSB11) and indicates when a wireless access connection is made by a screen colour change. Also used for configuration"
|
| X | InstantPleasure | instantpleasure.exe | Adult content dialler
|
| X | InstantPleasureXXX | instantpleasurexxx.exe | Adult content dialler
|
| ? | InstUtlR.exe | InstUtlR.exe | "??"
|
| X | InSysSecure | InSysSecure.exe | "InSysSecure rogue security software - not recommended |
| X | intdctrr | idctup20.exe | "SafeSurfing adware variant"
|
| X | Intec Services Drivers | msupdate22e.exe | "Added by the RBOT-CGC WORM!"
|
| X | Intel Audio Studio V2.0 | fmideploy.exe | Detected by VBA32 as the BIFROSE.ADR TROJAN!
|
| X | Intel Physical Routine 1.2A | stnetlib.exe | "Added by the BACKDR-AS BACKDOOR!"
|
| U | Intel Product Number Utility | IntelProcNumUtility.exe | "Intel Processor Serial Number Control Utility allows you to enable and disable the processor serial number capability of an Intel PIII processor. You can find more information here. System Tray icon providing the user with a visual state indication. You can find more information here"
|
| X | Intel system tool | hookdump.exe | "Added by the SPYRE-H TROJAN!"
|
| U | Intel(R) Common User Interface | igfxtray.exe | "System Tray access to display settings for Intel desktop and mobile motherboard chipsets with integrated graphics. With this enabled |
| U | Intel(R) Common User Interface | hkcmd.exe | "Hot Key handler for Intel desktop and mobile motherboard chipsets with integrated graphics. With this enabled |
| U | Intel(R) Common User Interface | igfxpers.exe | "Installed with the graphics drivers for Intel desktop and mobile motherboard chipsets with integrated graphics. It's purpose or function isn't known at present but testing with it disabled would appear to indicate it isn't required - hence the recommended ""U"" status"
|
| N | IntelAudioStudio | IntelAudioStudio.exe | """Intel Audio Studio combines Intel® High Definition audio hardware features with Sonic Focus* Audio Refinement and Dolby* technologies to provide you with a comprehensive tool that puts you in control of your audio experience"". Audio utility supplied with some Intel motherboards"
|
| X | Intelli Mouse Pro Version 2.0B | ncsjapi32.exe | "Added by the BUZUS-O WORM!"
|
| X | Intelprc | Aas3lovu.exe | "Added by the SILLYFDC-CG WORM!"
|
| U | IntelProcNumUtility | cpunumber.exe | "Intel Processor Serial Number Control Utility allows you to enable and disable the processor serial number capability of an Intel PIII processor. You can find more information here. System Tray icon providing the user with a visual state indication. You can find more information here"
|
| X | Internal | regedit.exe /s c[month number] | "Added by the FORTNIGHT.D TROJAN! Note that the Windows registry editor (regedit.exe) is a legitimate Microsoft file located in %Windir% and shouldn't be deleted. The file ""c[month number]"" is located in %Windir% |
| X | Internet | recruit.exe | "Added by the RBOT-AJG WORM!"
|
| X | Internet | nteusodp.exe | "Added by the RBOT-GFJ WORM!"
|
| X | Internet Antivirus | IAvir.exe | "Internet Antivirus rogue security software - not recommended |
| X | Internet Antivirus Pro | IAPro.exe | "Internet Antivirus Pro rogue security software - not recommended |
| X | Internet Content Publisher | ICP.EXE | "Added by the RBOT-UD WORM!"
|
| X | Internet Exploere Services | urlmon32.dll.exe | "Added by the EVIAN.C WORM!"
|
| X | Internet Explorer Auto-Update | updt32v5.exe | "Added by the SPYBOT-AB BACKDOOR!"
|
| X | Internet Explorer Configuration | IEXPLORE.EXE | "Added by the SDBOT-UL WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System%"
|
| X | Internet Explorer Security | iexplore.pif | "Added by the RBOT-ALQ WORM!"
|
| X | Internet Explorer Updater | lexbac.exe | "Added by the DOWNLOAD TROJAN!"
|
| X | Internet Explorer Updater | iexplorer.exe | "Added by the REUR.B WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe)"
|
| X | Internet Protocol Configuration Loader | ipcl32.exe | "Added by the SDBOT TROJAN!"
|
| X | Internet Security 2010 | IS2010.exe | "Internet Security 2010 rogue security software - not recommended |
| X | Internet Security Service | msq32.exe | "Added by the RBOT-GFP WORM!"
|
| X | Internet Security Service | msq23.exe | "Added by the RBOT-GQL WORM!"
|
| X | Internet Security Service | msql23.exe | "Added by the RBOT-GML WORM!"
|
| X | Internet Security Service | mysqlwin32.exe | "Added by the RBOT.UX TROJAN!"
|
| X | Internet Security Service | expllorer.exe | "Added by the REFROSO.AFF TROJAN!"
|
| X | Internet Suspention | story.exe | "Added by the WOOTBOT.HV WORM!"
|
| X | InternetGetConnectedState | winupdate.exe | "Added by the SDBOT-JN WORM!"
|
| X | InternetGetConnectedStateEx | winupdate.exe | "Added by the SDBOT-JN WORM!"
|
| U | InternodeUsage | mum.exe | Australian ISP's free monthly download meter
|
| X | Inters Configuration Loader | RCL0ADERS.exe | "Added by the SDBOT-KX WORM!"
|
| N | InterTrust Quick Start | it_cpq~1.exe | "InterTrust offers something known as Digital Rights Management to control legal software download and other E-commerce related business"
|
| X | InterU | WINDRV.EXE | "Added by the IRCINTER.A TROJAN!"
|
| N | Intervideo WinScheduler | WinScheduler.exe | "WinScheduler is installed with WinDVD Remote Control for WinDVD from Intervideo. If you want to schedule recordings from your TV tuner card |
| N | Intervideo WinScheduler | SchSvr.exe | "WinScheduler is installed with WinDVD Remote Control for WinDVD from Intervideo. If you want to schedule recordings from your TV tuner card |
| N | Introducing Media Manager | SPLASHA.EXE | "MS Media Manager tour. Not required"
|
| N | Introduction-Registration | ?? | "For Compaq PC's. Should only run first time |
| X | IntruderAlert | ia99.exe | "Intruder Alert '99 from Bonzi - spyware"
|
| Y | Intuit SyncManager | IntuitSyncManager.exe | "Synchronizes local Intuit Quickbooks data with online data - ""Use the Intuit Sync Manager to find the status of your latest QuickBooks data sync |
| Y | iolo AntiVirus | ioloAV.exe | "iolo AntiVirus"
|
| N | iolo Utility Bar | SMUtilityBar.exe | "Iolo System Mechanic Utility Bar - can be launched manually"
|
| U | ioloDelayModule | delay.exe | "Part of Iolo System Mechanic. Used to delay the start of an application which loads automatically as Windows loads"
|
| U | Iomega Automatic Backup | ibackup.exe | "Iomega Automatic Backup - automatic backups for use with Iomega portable HDD"
|
| U | Iomega Automatic Backup 1.0.1 | ibackup.exe | "Iomega Automatic Backup - automatic backups for use with Iomega portable HDD"
|
| N | Iomega Backup Scheduler | dtiom98.exe | "Used by Iomega drives. Details of its purpose can be found here. Available via Start -> Programs"
|
| ? | Iomega QuickSync | Quicksync.exe | "??"
|
| N | Iomega Startup Options | IMGSTART.EXE | "Used by Iomega drives. Details of its purpose can be found here. Available via Start -> Programs"
|
| X | ioroxxo microsoft sux | system32.exe | "Added by a variant of the RBOT WORM!"
|
| X | IPLog Security | iplogsec.exe | "Added by the IRCBOT.GP BACKDOOR!"
|
| ? | iPlusAgent2 | iAgent2.exe | "Related to iriver portable media products. What does it do and is it required?"
|
| X | Ipnuker | Ipnuker.vbs | "Added by the INKER.B WORM!"
|
| X | iPOD USB Driver | IPODUSB.EXE | "Added by a variant of the RBOT WORM!"
|
| X | iPod USB Service | iPODService.exe | "Added by a variant of the RBOT WORM! Do not confuse with the Apple iPod process of the same name. The legitimate iPod file will always be located in the %ProgramFiles%\iPod\bin folder and is implemented as a system service |
| X | IPOT USB Service DRIVER | hpsebc087.exe | "Added by the SDBOT-WA WORM!"
|
| X | IPOT USB Service DRV32 | hpsebc08.exe | "Added by the SDBOT-WH WORM!"
|
| U | iProtectYou | ip.exe | "iProtectYou - internet filtering/parental control and network monitoring software"
|
| X | iprun | iPY.exe | "iProtectYou spyware"
|
| X | IPSEC Configuration | wsupdate.exe | "Added by the AGOBOT-IQ WORM!"
|
| X | IPTable Configuration | Winipcfgs.exe | "Added by a variant of the RBOT WORM!"
|
| X | IPv6 STUN Service | netstun.exe | "Added by a variant of the SDBOT WORM!"
|
| N | ipw | usbipw.exe | "Related to Internet Phone Wizard from Actiontec - Voice over IP (VoIP) that allows you to ""make and receive free Internet calls on your regular phone"" whilst ""at the same time |
| N | iRiS AntiVirus Active Monitor | WIMMUN32.exe | "Iris Antivirus - discontinued |
| U | iRiver AutoDB | MLService.exe | "Associated with the iRiver Music Manager"
|
| N | iRiver Updater | Updater.exe | "Updates for the iRiver Music Manager - used with their digital music players"
|
| X | iSecurity applet | "rundll32.exe iSecurity.cpl | SecurityMonitor" |
| X | ISMModule | ISMModule.exe | "Internet Speed Monitor C adware related - see example here"
|
| X | ISMModule2 | ISMModule2.exe | "Internet Speed Monitor C adware related - see example here"
|
| X | ISMModule3 | ISMModule3.exe | "Internet Speed Monitor C adware"
|
| X | ISMModule4 | ISMModule4.exe | "Internet Speed Monitor A adware related"
|
| X | ISMModule6 | ISMModule6.exe | "Internet Speed Monitor C adware related - see example here"
|
| X | ISMModule7 | ISMModule7.exe | "Internet Speed Monitor C adware related - see example here"
|
| X | ISMModule8 | ISMModule8.exe | "Internet Speed Monitor C adware related"
|
| Y | ISP.COM High Speed | slipgui.exe | "User interface for Slipstream - internet acceleration through compression/decompression techniques |
| N | IsReminder | ISPopup.exe | "Related to GuardWare iShield - this is the registration reminder for the trial version |
| N | ISSI EZUpdate Service | issimsvc.exe | Part of IBM Global Services - used internally by IBM for automatic updating of software and Microsoft patching
|
| X | ist service uninstall | [random filename] | "ISTBar adware related"
|
| N | ISUSPM | ISUSPM.exe | "InstallShield is used by a number of software producers to install their programs and manage software updates. This entry searches for and performs any updates to supported installed software so you're always working with the most current version. Manually check for software updates for installed programs on a regular basis"
|
| N | ISUSPM Startup | ISUSPM.exe | "InstallShield is used by a number of software producers to install their programs and manage software updates. This entry searches for and performs any updates to supported installed software so you're always working with the most current version. Manually check for software updates for installed programs on a regular basis"
|
| N | ISUSScheduler | issch.exe | "InstallShield is used by a number of software producers to install their programs and manage software updates. This entry runs scheduled searches for and performs any updates to supported installed software so you're always working with the most current version. Manually check for software updates for installed programs on a regular basis"
|
| X | ItalU | italfds.exe | "Added by a TROJAN - see here"
|
| U | iTouch | iTouch.exe | "Loads the iTouch configuration settings for supported Logitech keyboards. It's required if your keyboard has shortcut buttons and you use them or have reconfigured them for different functions. It's also required if your keyboard does not have the num lock |
| N | ItsDeductiblePopUp | ItsDeductible.exe | "ItsDeductible from Income Dynamics. Calculates your noncash donations quickly and easily. This startup entry checks a registry entry for the next 'PopUp' date and if it is a past or current date displays a program related tip"
|
| X | ITUNES | itune.exe | "Added by the RBOT-ZU WORM!"
|
| X | ITUNES | itunes.exe | "Added by a variant of the RBOT WORM! Note - do not confuse with the legitimate Apple iTunes process with the same filename which is always located in %ProgramFiles%\iTunes. This one is located in %System%"
|
| X | Itunes | dials.exe | "Detected by Kaspersky as the AGENT.MM TROJAN!"
|
| X | Itunes | itunes.exe | "Added by the OSCABOT-L WORM! Note - do not confuse with the legitimate Apple iTunes process with the same filename which is always located in %ProgramFiles%\iTunes. This one is located in %Windir%"
|
| Y | iTunes Helper | iTunesHelper.exe | Installed with Apple's iTunes for Windows. Uses ~3-4MB of memory and if disabled in MSCONFIG or deleted from the registry it will re-instate itself after running iTunes a few times - hence the reluctant Y recommendation
|
| X | iTunes Music | iTunesHelper32.exe | "Added by the SDBOT.CHK WORM!"
|
| X | iTunesAgent | ita.exe | "Added by the TACTSLAY.U TROJAN!"
|
| X | itunesff | itunesff.exe | "Added by the EB adult premium dialer"
|
| Y | iTunesHelper | iTunesHelper.exe | Installed with Apple's iTunes for Windows. Uses ~3-4MB of memory and if disabled in MSCONFIG or deleted from the registry it will re-instate itself after running iTunes a few times - hence the reluctant Y recommendation
|
| N | Iusage | netdet.exe | "Internet Usage Monitor - utility to calculate the cost and time on the internet via dial-up"
|
| X | iut75 | uzcx.exe | "Added by the DLOADER-AXV TROJAN!"
|
| X | iyelejiv | yujixit.exe | "Added by the SDBOT.BJK WORM!"
|
| X | ϵͳע�ï½ï¿½ï¿½ | zhuruqi.exe | "Added by the QHOST.V TROJAN!"
|
| N | j2 Tray Menu | HotTray.exe | "eFax Messenger Tray Menu system tray icon for eFax Messenger Plus. Available via Start -> Programs. Disabling instructions available here"
|
| X | JA Cfg Util v2 | jacfg2.exe | "Added by the RBOT-AL WORM!"
|
| X | Java applet | javaup.exe | "Added by the SDBOT-ACF WORM!"
|
| X | Java Auto Update | ujm.exe | "Added by the SDBOT-ADH WORM!"
|
| X | Java Runtime Environment | jbuild.exe | "Added by the DELBOT-J WORM!"
|
| X | Java Runtime Value | runjava.exe | "Added by the RBOT-DDJ WORM!"
|
| X | Java Runtimes | iexplore.exe | "Added by the KILLAV.B WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This file is located in a %Windir%\Java\Java folder"
|
| X | Java update | javaqs.exe | "Added by the SWARLEY.A WORM!"
|
| X | Java Update | keeper.exe | "Added by the AGENT-DIS TROJAN!"
|
| X | Java Update | svchost.exe.exe | "Added by the AGENT-LBS TROJAN!"
|
| X | Java Update | hostwww.exe.exe | "Added by the AGENT-MFH TROJAN!"
|
| X | Java Virtual Machine | javaw.exe | "Added by a variant of the RBOT WORM!"
|
| N | Java(TM) Platform SE 6 | jusched.exe | "Checks with Sun's Java updates site to see if newer Java versions are available. Either visit the Java download page or click on Start → Control Panel → Java → Update → Update Now"
|
| N | Java(TM) Platform SE 6 U* | jusched.exe | "Checks with Sun's Java updates site to see if newer Java versions are available. Either visit the Java download page or click on Start → Control Panel → Java → Update → Update Now. U* represents the update version |
| N | Java(TM) Platform SE Auto Updater 2 0 | jusched.exe | "Checks with Sun's Java updates site to see if newer Java versions are available. Either visit the Java download page or click on Start → Control Panel → Java → Update → Update Now"
|
| X | java-plugin | javasctp.exe | "Added by the VB.AMX TROJAN!"
|
| X | Java32 Configuration Loader | msnmesgr.exe | "Added by a variant of the RBOT WORM!"
|
| X | JavaScript Debugging Service | JsDbgMan.exe | "Added by the DERDERO.E WORM!"
|
| X | JavaUpdate0.07 | [filename] | "Added by the JUPDATE TROJAN!"
|
| X | JavaUpdateSched | jusched32.exe | "Added by the BCKDR-CKB BACKDOOR!"
|
| X | jete | yujixit.exe | "Added by the SDBOT.BRT WORM!"
|
| X | jiahus | svchqs.exe | "Added by the WOWPWS-AL TROJAN!"
|
| U | JMB36X Configure | JMRaidTool.exe | "JMB36x series RAID configuration utility from JMicron Technology for their PCI Express to SATA II and PATA Host Controllers"
|
| Y | JMB36X Configure | JMRaidSetup.exe | "JMB36x series RAID configuration utility from JMicron Technology for their PCI Express to SATA II and PATA Host Controllers"
|
| U | JMB36X IDE Setup | JMInsIDE.exe | "JMB36x series IDE (or Parallel ATA) configuration utility from JMicron Technology for their PCI Express to SATA II and PATA Host Controllers"
|
| U | JMB36X IDE Setup | xInsIDE.exe | "JMB36x series IDE (or Parallel ATA) configuration utility from JMicron Technology for their PCI Express to SATA II and PATA Host Controllers. This is normally located in %Windir%\RaidTool"
|
| X | jmudkve.dll | "rundll32.exe jmudkve.dll | mzrwkwf" |
| U | JOYTECH USB Neo S Controller | JoytechNeoSTrayIcon.exe | "System Tray access to Joytech Neo S PC gamepad controller software"
|
| X | jpupd | jpupd.exe | "Added by the DIALER.CM TROJAN!"
|
| X | jucheck | jucheck.exe | "Added by the SCRIMGE.O WORM!"
|
| X | Jufualt | winxp2.exe | "Added by the SDBOT-AAB WORM!"
|
| X | Jufualt | svhost.exe | "Added by the SDBOT-ADJ WORM!"
|
| X | Jufualt | java2.exe | "Added by the SDBOT.AOE WORM!"
|
| N | Juice | Juice.exe | "Juice - a free utility that ""allows you to select and download audio files from anywhere on the Internet to your desktop"". This entry is present if you choose the option to add it to the startup group during installation"
|
| N | Juno_uoltray | exec.exe | Juno ISP software - not required
|
| X | JuPo | jupos.exe | "Added by the SDBOT-CAG WORM!"
|
| N | jusched | jusched.exe | "Checks with Sun's Java updates site to see if newer Java versions are available. Either visit the Java download page or click on Start → Control Panel → Java → Update → Update Now"
|
| X | jusched | [path to trojan] | "Added by the BANKER-BWR TROJAN!"
|
| X | jusched | jusched.exe | "Added by the BANKER-BOV TROJAN! Note that this is not the legitimate Sun Microsystems file (of the same name) which is usually located in %Program Files%\Java\version number\bin. This one is located in %System%"
|
| X | jushed32.exe | jushed32.exe | " | |
