"Description": "Acrobat Reader, which is used to view PDF documents.",
"Company": "Adobe Systems",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "acrotray",
"PAltName": "acrotray.exe",
"Name": "Acrobat Assistant",
"Description": "Acrobat Distiller, which is used to print PDF documents.",
"Company": "Adobe Systems",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "acsd",
"PAltName": "acsd.exe",
"Name": "Aol Connectivity Service",
"Description": "Application that helps to save time when the users signs back on manually after loosing connectivity with AOL. The application starts an automatic function that restores the connection.",
"Description": "Variant of the RapidBlaster parasite that gets a new folder and file name from its controlling server. After that it creates a named folder, copies itself to that directory, deletes the original process, and runs a new file.",
"Company": "N/A",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "agentsvr",
"PAltName": "agentsvr.exe",
"Name": "Microsoft Agent Server",
"Description": "ActiveX control that helps software developers to add character animation to their software or web pages, text to speech facilities, or end-user voice commands capability.",
"Company": "Microsoft Corp.",
"SysProcess": "Yes",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "agrsmmsg",
"PAltName": "agrsmmsg.exe",
"Name": "SoftModem Messaging Applet",
"Description": "It is a part of the AMR modem driver.",
"Company": "Agere Systems Inc.",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "aim",
"PAltName": "aim.exe",
"Name": "AOL Instant Messenger",
"Description": "AOL Instant Messenger, which is an online chat and instant messaging client.",
"Company": "America Online, Inc.",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "alevir",
"PAltName": "alevir.exe",
"Name": "Opaserv-A Worm",
"Description": "Added to the system as a result of Opaserv-A WORM that spreads with network shares.",
"Company": "N/A",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "alg",
"PAltName": "alg.exe",
"Name": "Application Layer Gateway Service",
"Description": "Part of Internet Connection Sharing application and Internet Connection Firewall for Windows XP. This service provides support for third party protocol plug-ins for the Internet Connection Sharing application and Internet Connection Firewall.",
"Company": "Microsoft Corp.",
"SysProcess": "Yes",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "alg",
"PAltName": "alg.exe",
"Name": "Application Layer Gateway Service",
"Description": "Part of Internet Connection Sharing application and Internet Connection Firewall for Windows XP. This service provides support for third party protocol plug-ins for the Internet Connection Sharing application and Internet Connection Firewall.",
"Company": "Microsoft Corp.",
"SysProcess": "Yes",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "apoint",
"PAltName": "apoint.exe",
"Name": "Alps Pointing-device Driver",
"Description": "Pointing-device driver for touchpads manufactured by Alps.",
"Company": "Alps Electric Co",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "apoint",
"PAltName": "apoint.exe",
"Name": "Alps Pointing-device Driver",
"Description": "Pointing-device driver for touchpads manufactured by Alps.",
"Company": "Alps Electric Co",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "arr",
"PAltName": "arr.exe",
"Name": "Dialer.Lohan",
"Description": "Adult content dialer application that can be used to access pornographic material by dialing high-cost numbers using a modem.",
"Company": "N/A",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "ati2evxx",
"PAltName": "ati2evxx.exe",
"Name": "ATI External Event Utility EXE Module",
"Description": "ATI External Event Utility EXE module working in the background.",
"Company": "ATI Technologies Inc.",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "atiptaxx",
"PAltName": "atiptaxx.exe",
"Name": "ATI Utilitiy",
"Description": "ATI video card utility.",
"Company": "ATI Technologies Inc.",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "atrack",
"PAltName": "atrack.exe",
"Name": "Alert Tracker task",
"Description": "Newly added feature of Norton Internet Security (NIS) and Norton Personal Firewall (NPF) that provides instant notification of events as they happen.",
"Company": "Symantec Corporation",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "autorun",
"PAltName": "autorun.exe",
"Name": "Autorun",
"Description": "AutoRun facility for Windows 95, 98, ME, NT4, 2000, and XP. This facility will automatically run an executable as soon as a CD-ROM is inserted into the CD drive of the computer.",
"Description": "Service that synchronizes the workstation virus definitions with those collected from the McAfee site by the central file server on network versions of McAfee VirusScan.",
"Company": "Network Associates, Inc.",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "backWeb",
"PAltName": "backWeb.exe",
"Name": "Backweb Adware",
"Description": "Adware by Backweb Technologies.",
"Company": "Backweb Technologies",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "backweb-8876480",
"PAltName": "backweb-8876480.exe",
"Name": "Logitech Desktop Messenger",
"Description": "Comes with the software for Logitech products. Automatically checks for software upgrades and new products, services, and special offerings from Logitech.",
"Company": "Logitech",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "bargains",
"PAltName": "bargains.exe",
"Name": "Bargains Spyware",
"Description": "Advertising spyware that comes with some free software.",
"Company": "Exact Advertising",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "bcmsmmsg",
"PAltName": "bcmsmmsg.exe",
"Name": "BCMSMMSG",
"Description": "Background task used as a BCM voice modem driver and required for dial-up modems.",
"Company": "Broadcom Corporation.",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "blss",
"PAltName": "blss.exe",
"Name": "blss",
"Description": "CBlaster Trojan/dialer/downloader that dials pay numbers to adult sites.",
"Company": "N/A",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "bootconf",
"PAltName": "bootconf.exe",
"Name": "Internat Conf",
"Description": "Homepage hijacker, redirecting to coolwebsearch.com.",
"Company": "N/A",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "bpc",
"PAltName": "bpc.exe",
"Name": "RVP",
"Description": "Spyware included with the latest version of Grokster.",
"Company": "N/A",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "brasil",
"PAltName": "brasil.exe",
"Name": "Brasil",
"Description": "Added to the system as a result of the OPASERV.E virus.",
"Company": "N/A",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "bundle",
"PAltName": "bundle.exe",
"Name": "Adware.SAHAgent",
"Description": "An adware program that downloads and displays advertisements from shopathomeselect.com.",
"Company": "N/A",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "bvt",
"PAltName": "bvt.exe",
"Name": "BVT",
"Description": "Process added to the system as a result of AUTOUPDER virus that can be used as a distribution mechanism by worms or other malicious programs.",
"Company": "N/A",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "carpserv",
"PAltName": "carpserv.exe",
"Name": "CARPService",
"Description": "Background application that allows the internal modem speaker and allows you to listen to the dial-up sounds. It is related with Zoltrix modems.",
"Company": "Zoltrix International limited",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "ccapp",
"PAltName": "ccapp.exe",
"Name": "Common Client CC App",
"Description": "Associated with Norton AntiVirus 2003, which runs auto-protect and email checking facilities. Without this service, both facilities cannot function correctly.",
"Company": "Symantec Corporation",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "ccevtmgr",
"PAltName": "ccevtmgr.exe",
"Name": "Symantec Event Manager Service",
"Description": "Program associated with Norton AntiVirus 2003/4. The program is responsible for keeping track of all events that occur within the previously-mentioned products and then writing the details of those events to the Activity Log.",
"Company": "Symantec Corporation",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "cconnect",
"PAltName": "cconnect.exe",
"Name": "CorrectConnect",
"Description": "Background application that is included with the Windows 2000 Resource Kit and monitors user connections to servers and the system they are logging on to.",
"Company": "Microsoft Corp.",
"SysProcess": "Yes",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "ccpxysvc",
"PAltName": "ccpxysvc.exe",
"Name": "Common Client Proxy Service.",
"Description": "Background task associated with Norton Personal Firewall 2003/4 and Norton Internet Security 2003/4 in Windows 2000/XP.",
"Description": "Service that checks the integrity of the Windows registry entries for Norton AntiVirus 2003/4 and Norton Internet Security 2003/4 in case they may have been modified by a hacker or an unknown virus. Once complete, this task terminates.",
"Company": "Symantec Corporation",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "cdac11ba",
"PAltName": "cdac11ba.exe",
"Name": "cdac11ba",
"Description": "Associated with MacroVision SafeCast copy protection software that allows other software manufacturers to protect their products from illegal copying.",
"Company": "MacroVision",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "cdplayer",
"PAltName": "cdplayer.exe",
"Name": "CD Player",
"Description": "Microsoft Windows audio CD player, which comes with the Windows operating system.",
"Company": "Microsoft Corp.",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "cfd",
"PAltName": "cfd.exe",
"Name": "Application Client Foundation",
"Description": "Newer name for BroadJump Foundation Client (BJCFD) from BroadJump.com, now Motive. The software collects information on your Internet activity and sends it to your ISP so that your ISP can serve you advertisements related to the type of sites you visit.",
"Company": "Motive Communications",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "cidaemon",
"PAltName": "cidaemon.exe",
"Name": "Microsoft Indexing Service",
"Description": "Indexing Service that runs in the background and catalogs files so that you can search for files containing a specific text string.",
"Company": "Microsoft Corp.",
"SysProcess": "Yes",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "cisvc",
"PAltName": "cisvc.exe",
"Name": "Microsoft Index Service Helper",
"Description": "Microsoft Index Service Helper, a service that monitors the memory usage of Microsoft Indexing Service (cidaemon.exe) and automatically re-starts cidaemon.exe if it uses more than 40 MB of memory.",
"Company": "Microsoft Corp.",
"SysProcess": "Yes",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "clisvcl",
"PAltName": "clisvcl.exe",
"Name": "SMS Client Service",
"Description": "SMS Client Service (Clisvcl.exe) that starts the Microsoft Systems Management Server Software Inventory process. Microsoft Systems Management Server Software Inventory provides a comprehensive scan of the software installed on the computer.",
"Company": "Microsoft Corp.",
"SysProcess": "Yes",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "cmd",
"PAltName": "cmd.exe",
"Name": "Windows Command Prompt",
"Description": "Microsoft Windows command prompt. Cmd.exe is a 32-bit command prompt used in Windows NT, 2000, and XP.",
"Company": "Microsoft Corp.",
"SysProcess": "Yes",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "cmd32",
"PAltName": "cmd32.exe",
"Name": "CMD",
"Description": "Added to the system as a result of the P2P.TANKED virus",
"Company": "N/A",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "cmesys",
"PAltName": "cmesys.exe",
"Name": "Gator GAIN Adware",
"Description": "Gator GAIN, adware that is installed by certain free software and is advertising spyware that runs in the background and displays advertisements.",
"Company": "ThiefWare.com",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "cmmpu",
"PAltName": "cmmpu.exe",
"Name": "cmmpu",
"Description": "Background task that works as a MIDI emulator for the integrated sound chip by C-Media based on the CMI-8330 chip set found in cheap motherboards.",
"Company": "C-Media Electronics Inc",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "cpd",
"PAltName": "cpd.exe",
"Name": "CPD",
"Description": "Background task from McAfee Personal Firewall. The application implements the firewall security features. In older versions, the task was named CPDCLNT.exe.",
"Company": "Network Associates, Inc.",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "csrss",
"PAltName": "csrss.exe",
"Name": "Client/Server Runtime Server Subsystem",
"Description": "Windows client server run-time subsystem handles Windows and graphics functions for all subsystems.",
"Company": "Microsoft Corp",
"SysProcess": "Yes",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "ctfmon",
"PAltName": "ctfmon.exe",
"Name": "Alternative User Input Services",
"Description": "A service that handles the Alternative User Input Text Processor (TIP) and the Microsoft Office Language Bar. It provides text input support for speech recognition, handwriting recognition, keyboard, translation, and other alternative user input technologies.",
"Company": "Microsoft Corp.",
"SysProcess": "Yes",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "cthelper",
"PAltName": "cthelper.exe",
"Name": "Plug-in manager",
"Description": "Background task that works as a plug-in manager for Creative drivers. It helps the third party manufacturers to produce drivers, add-on features, and fixes that will integrate with a tighter fit with Creative sound drivers and utilities.",
"Company": "Creative Technology Ltd",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "ctsvccda",
"PAltName": "ctsvccda.exe",
"Name": "Creative CD-ROM Services",
"Description": "Background task for CD-ROM access that gets installed by the Windows 95, 98, or ME drivers of some Creative SoundBlaster soundcards. It also sometimes gets installed on Windows 2000 by non-driver related Creative software suites, such as Creative Jukebox.",
"Company": "Creative Technology Ltd",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "cvpnd",
"PAltName": "cvpnd.exe",
"Name": "Cisco Systems, Inc. VPN Service",
"Description": "Background application used by Cisco VPN client for making a connection to a remote IPSec server.",
"Company": "Cisco Systems, Inc.",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "dadapp",
"PAltName": "dadapp.exe",
"Name": "Dell AccessDirect Applet",
"Description": "Background task found on Dell laptop computers. The task implements the programmable buttons that you can set up for your laptop computer.",
"Company": "Dell",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "damon",
"PAltName": "damon.exe",
"Name": "Damon",
"Description": "Background task that is associated with the Dell support software suite.",
"Company": "Dell",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "datemanager",
"PAltName": "datemanager.exe",
"Name": "Date Manager",
"Description": "Date Manager is a well-designed system tray calendar with a reminder facility. It also installs some adware along with it. Adware software communicates back to an advertising server and displays advertisements as you are browsing the Internet.",
"Company": "The Gator Corporation",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "dcomx",
"PAltName": "dcomx.exe",
"Name": "Dcomx",
"Description": "Added to the system as a result of the CIREBOT virus",
"Company": "N/A",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "ddcman",
"PAltName": "ddcman.exe",
"Name": "Digital Distribution Channel Manager",
"Description": "Application that is associated with Wild Tangent GameChannel software.",
"Company": "Wild Tangent",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "ddhelp",
"PAltName": "ddhelp.exe",
"Name": "DirectDraw Helper",
"Description": "DirectDraw Helper, a part of DirectX and is used for graphics related services.",
"Company": "Microsoft Corp.",
"SysProcess": "Yes",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "acrord32",
"PAltName": "acrord32.exe",
"Name": "Acrobat Reader",
"Description": "Acrobat Reader, which is used to view PDF documents.",
"Company": "Adobe Systems",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "defwatch",
"PAltName": "defwatch.exe",
"Name": "NAV CE Server/Client - DefWatch",
"Description": "Background application that detects out-of-date virus definitions for Norton Anti-Virus software and runs the Defwatch Wizard. Required only if you don't update the virus definitions manually on a regular basis.",
"Company": "Symantec Corporation",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "devldr32",
"PAltName": "devldr32.exe",
"Name": "Creative Ring3 NT Interface",
"Description": "Process that runs solely on Windows 2000 and XP. It seems to be crucial to the audio input, the Creative Mixer, the PlayCenter, and the AudioHQ application.",
"Company": "Creative Technology Ltd",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "dfssvc",
"PAltName": "dfssvc.exe",
"Name": "Distributed File System (DFS)",
"Description": "Background task that implements a Distributed File System (DFS) that consists of logical volumes distributed across a local or wide area network.",
"Company": "Microsoft Corp.",
"SysProcess": "Yes",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "directcd",
"PAltName": "directcd.exe",
"Name": "DirectCD Packet Writing Software",
"Description": "Background task included with Easy CD Creator that allows you to use CDs and DVDs formatted with DirectCD.",
"Company": "Adaptec",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "dit",
"PAltName": "dit.exe",
"Name": "Drive Icon and Label Utility",
"Description": "Essential background task that is required to assign drive icons and names to flash memory cards.",
"Company": "N/A",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "divx",
"PAltName": "divx.exe",
"Name": "Divx",
"Description": "Added to the system as a result of the MASTAK virus",
"Company": "N/A",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "dlg",
"PAltName": "dlg.exe",
"Name": "Digital Line Detect",
"Description": "Application that comes with Connexant V.92 and Broadcom modems and is used to check whether you are connected with a digital telephone line or not. If you are connected, the application displays the information graphically.",
"Company": "Dell",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "dllhost",
"PAltName": "dllhost.exe",
"Name": "DCOM DLL Host Process",
"Description": "DCOM DLL host process that supports DLL-based COM objects and is used by many Windows programs.",
"Company": "Microsoft Corp.",
"SysProcess": "Yes",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "dllreg",
"PAltName": "dllreg.exe",
"Name": "Dumaru.c Virus",
"Description": "Added to the system as a result of Dumaru.c virus that is a new variant of the Dumaru Virus. The worm trawls the hard disk, looking for files with extensions .htm, .wab, .html, .dbx, .tbb, or .abd for email addresses to send itself to. These email addresses are written to the winload.log file.",
"Company": "N/A",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "dns",
"PAltName": "dns.exe",
"Name": "DNS Server",
"Description": "Manages Domain Name System Server (DNS).",
"Company": "Microsoft Corp.",
"SysProcess": "Yes",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "dpps2",
"PAltName": "dpps2.exe",
"Name": "DonÆt Panic!",
"Description": "Application that is used to control popups. It blocks those annoying popup advertisements from displaying while you are browsing the Internet.",
"Company": "Panicware",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "dsentry",
"PAltName": "dsentry.exe",
"Name": "Dsentry",
"Description": "Application provided by Dell that is anti-spyware. The application blocks other applications that send vital information to other computers.",
"Company": "Dell",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "dssagent",
"PAltName": "dssagent.exe",
"Name": "DSSAgent Spyware",
"Description": "Application that works in the background to send system information to the originators of the program by encrypted emails.",
"Company": "Broderbund",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "dumprep",
"PAltName": "dumprep.exe",
"Name": "Dump Reporting Tool",
"Description": "Microsoft provided Windows Error Dump Reporting Tool that creates memory dump reports that you can send back to Microsoft for further analysis. The tool is found on Windows XP/2003.",
"Company": "Microsoft Corp.",
"SysProcess": "Yes",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "dw",
"PAltName": "dw.exe",
"Name": "DownloadWare",
"Description": "Application that is used to accelerate the download process using intelligent multi-part downloading technology. It can create, add, and modify multiple connections for each download based on your current speed and available bandwidth.",
"Company": "DownloadWare.net",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "dxdllreg",
"PAltName": "dxdllreg.exe",
"Name": "DXDllRegExe",
"Description": "DirectX registration routine.",
"Company": "Microsoft Corp.",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "emsw",
"PAltName": "emsw.exe",
"Name": "emsw",
"Description": "Believed to be spyware by Alset and is also known as \"HelpExpress\". The spyware installs itself if you have previously had Attune by Aveo installed.",
"Company": "Alset, Inc.",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "em_exec",
"PAltName": "em_exec.exe",
"Name": "Logitech Mouse Settings",
"Description": "Logitech MouseWare tray icon from which you can access the Control Panel Mouse properties and the MouseWare help.",
"Company": "Logitech",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "evntsvc",
"PAltName": "evntsvc.exe",
"Name": "EVNTSVC",
"Description": "Application which works as a Scheduler for Real Networks .It is installed with RealOne Player.",
"Company": "Real Networks",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "explore",
"PAltName": "explore.exe",
"Name": "Explore.exe",
"Description": "Added to the system as a result of the GRAYBIRD.G virus.",
"Company": "N/A",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "explorer",
"PAltName": "explorer.exe",
"Name": "Program Manager",
"Description": "Windows Program Manager or Windows Explorer, which handles the Windows Graphical Shell including the Start menu, taskbar, desktop, and File Manager.",
"Company": "Microsoft Corp.",
"SysProcess": "Yes",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "ezsp_px",
"PAltName": "ezsp_px.exe",
"Name": "ezShieldProtector for Px",
"Description": "Application that is installed by the Easy Systems DragÆn Drop CD & DVD writing software found on most Japanese computers.",
"Company": "Easy Systems Japan Ltd.",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "findfast",
"PAltName": "findfast.exe",
"Name": "Microsoft Office Indexing",
"Description": "Microsoft Office Indexing process used by Microsoft Office applications to index Office documents to speed up search operations.",
"Company": "Microsoft Corp.",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "firedaemon",
"PAltName": "firedaemon.exe",
"Name": "Firedaemon",
"Description": "Application that works in the background and allows a user to install and run any other suitable application as a Windows NT or 2000 service.",
"Company": "Sublime Solutions",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "fsg_4104",
"PAltName": "fsg_4104.exe",
"Name": "Trickler",
"Description": "Application that is associated with the file sharing software iMesh. The application has many versions.",
"Company": "The Gator Corporation",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "gamechannel",
"PAltName": "gamechannel.exe",
"Name": "GAMECHANNEL",
"Description": "Application that notifies a user of new or updated Wild Tangent games. If the application finds updated versions of installed games, then the application automatically downloads the updated version in the background.",
"Company": "Wild Tangent",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "gator",
"PAltName": "gator.exe",
"Name": "Gator Spyware",
"Description": "Spyware application associated with the Gator advertising program.",
"Company": "The Gator Corporation",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "gmt",
"PAltName": "gmt.exe",
"Name": "Gator Spyware Component",
"Description": "Background program that is part of the Gator GAIN adware software.",
"Company": "The Gator Corporation",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "grpconv",
"PAltName": "grpconv.exe",
"Name": "Windows Program Group Converter",
"Description": "Application that is used to convert the Windows 3.1 groups to folders while upgrading from Windows 3.1.",
"Company": "Microsoft Corp.",
"SysProcess": "Yes",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "hbinst",
"PAltName": "hbinst.exe",
"Name": "HBINST",
"Description": "Installer for a program called \"HotBar\". Hotbar enhances the surfing experience offering a variety of innovative and fresh skins for the browser while providing users worldwide access to various services. These programs gather information on your browsing habits and transmit it back to HotBar.",
"Company": "Hotbar.com Inc",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "hbsrv",
"PAltName": "hbsrv.exe",
"Name": "Hbsrv",
"Description": "Part of Hotbar.com HotBar. HotBar is software that supposedly enhances and personalizes your Internet and email applications.",
"Company": "Hotbar.com Inc",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "helpctr",
"PAltName": "helpctr.exe",
"Name": "Microsoft Help and Support Center",
"Description": "Part of the Windows XP Help system. This application is started when you click Start > Help and Support from the Windows taskbar.",
"Company": "Microsoft Corp.",
"SysProcess": "Yes",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "hh",
"PAltName": "hh.exe",
"Name": "Windows Help",
"Description": "Windows Help program, which is used to open Help files and documentation included with many Windows programs.",
"Company": "Microsoft Corp.",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "hidserv",
"PAltName": "hidserv.exe",
"Name": "Microsoft Human Interface Device Audio Service",
"Description": "Background service that provides support for USB audio devices and USB multimedia keyboards",
"Company": "Microsoft Corp.",
"SysProcess": "Yes",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "hkcmd",
"PAltName": "hkcmd.exe",
"Name": "Hkcmd",
"Description": "Application that implements the Intel Hotkey command.",
"Company": "Intel Corporation",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "htpatch",
"PAltName": "htpatch.exe",
"Name": "Htpatch",
"Description": "Application that is a component for SiS AGP patch, which is useful only when the processor supports HyperThreading.",
"Company": "Silicon Integrated Systems Corporation.",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "hxdl",
"PAltName": "hxdl.exe",
"Name": "Hxdl",
"Description": "Adware that helps a user in purchasing items. For example, the application tells a user when to buy printer cartridges and where to buy them.",
"Company": "Alset Inc.",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "hxiul",
"PAltName": "hxiul.exe",
"Name": "Hxiul",
"Description": "Another adware application from Alset Inc. It has same functionality as others. For example, the application tells a user when to buy printer cartridges and where to buy them.",
"Company": "Alset Inc.",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "iamapp",
"PAltName": "iamapp.exe",
"Name": "iamapp",
"Description": "Essential component of the Norton Internet Security and Norton Personal Firewall security products.",
"Company": "Symantec Corporation",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "iedll",
"PAltName": "iedll.exe",
"Name": "iedll",
"Description": "Application that hijacks the browser home page and redirects all requests to coolwwwsearch.com.",
"Company": "N/A",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "iedriver",
"PAltName": "iedriver.exe",
"Name": "iedriver",
"Description": "Application that is installed by peer-to-peer file sharing software.",
"Company": "Urlblaze.com",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "iexplore",
"PAltName": "iexplore.exe",
"Name": "Internet Explorer",
"Description": "Microsoft Internet Explorer web browse used to browse the World Wide Web through HTTP.",
"Company": "Microsoft Corp.",
"SysProcess": "Yes",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "iexplorer",
"PAltName": "iexplorer.exe",
"Name": "iexplorer",
"Description": "Application that is a variant of the RapidBlaster parasite that downloads advertising from the Internet and displays it periodically.",
"Company": "N/A",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "igfxtray",
"PAltName": "igfxtray.exe",
"Name": "igfxtray",
"Description": "Intel graphics system tray icon that gets installed with the drivers for onboard VGA cards based on the Intel 81x graphics chip set. Double-clicking the icon allows you to quickly change the display resolution, save your current display scheme, or configure your onboard graphics card. You can also configure keyboard hotkeys; shortcuts are handled by another background task called HKCMD. You can access the same features through the \"Intel Graphics Technology\" icon in the Control Panel.",
"Company": "Intel Corporation.",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "inetinfo",
"PAltName": "inetinfo.exe",
"Name": "IIS Admin Service Helper",
"Description": "InetInfo, which is part of Microsoft Internet Information Services (IIS) and is used for debugging. The service is seen primarily on Windows NT 4 or 2000 Server where InetInfo provides Internet proxy and web server services.",
"Company": "Microsoft Corp.",
"SysProcess": "Yes",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "infus",
"PAltName": "infus.exe",
"Name": "Infus Dialer",
"Description": "Adult content dialer that is specific to porn related material.",
"Company": "N/A",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "infwin",
"PAltName": "infwin.exe",
"Name": "Infwin",
"Description": "Variant of Msview parasite that monitors web pages requested and data entered into forms. The parasite sends this information to its home server and opens pop-up advertisement windows.",
"Company": "N/A",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "intdel",
"PAltName": "intdel.exe",
"Name": "Inet Delivery",
"Description": "Adware application that provides offers to users through popups.",
"Company": "Inet-Traffic Inc.",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "internat",
"PAltName": "internat.exe",
"Name": "Input Locales",
"Description": "Application that provides multi-language support on keyboards for Microsoft Windows programs.",
"Company": "Microsoft Corp.",
"SysProcess": "Yes",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "ireike",
"PAltName": "ireike.exe",
"Name": "ireike",
"Description": "Microsoft virtual private network client that provide remotes access connections across public networks, such as the Internet.",
"Company": "Microsoft Corp.",
"SysProcess": "Yes",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "isass",
"PAltName": "isass.exe",
"Name": "isass",
"Description": "Virus added to the system as a result of variant of the OPTIX PRO TROJAN that opens TCP port 3410 and allows a hacker to control an infected computer.",
"Company": "N/A",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "ismserv",
"PAltName": "ismserv.exe",
"Name": "Intersite Messaging",
"Description": "Application that allows a user to send and receive messages between Windows Advanced Server sites.",
"Company": "Microsoft Corp.",
"SysProcess": "Yes",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "istsvc",
"PAltName": "istsvc.exe",
"Name": "IST Service",
"Description": "Application that is an Internet Explorer toolbar that helps a user to find adult material on the net. The application also displays advertisements.",
"Company": "Integrated Search Technologies",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "javaw",
"PAltName": "javaw.exe",
"Name": "javaw.exe",
"Description": "Application that is associated with Sun Java for Windows.",
"Company": "Sun Corporation",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "jdbgmrg",
"PAltName": "jdbgmrg.exe",
"Name": "TROJ_DASMIN.B VIRUS!",
"Description": "Added to the system as a result of the TROJ_DASMIN.B virus that creates auto-run registry entries that enable the automatic execution of its copy, JDBGMRG.EXE.",
"Company": "N/A",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "jusched",
"PAltName": "jusched.exe",
"Name": "Sun Java Update Scheduler",
"Description": "Application that is an update scheduler. The application checks the Sun site to see if newer Java versions are available.",
"Company": "Sun Corporation",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "kazaa",
"PAltName": "kazaa.exe",
"Name": "Kazaa",
"Description": "Application that is a file sharing program used by adware programs.",
"Company": "Sharman Networks Ltd",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "kazza",
"PAltName": "kazza.exe",
"Name": "Kazza.exe",
"Description": "Indication of a possible infection of OPTIXPRO.12.C. Backdoor.OptixPro.12.c is a variant of the Backdoor.OptixPro.12 Trojan Horse and allows unauthorized remote access to an infected computer on port 3410.",
"Company": "N/A",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "kbd",
"PAltName": "kbd.exe",
"Name": "Kbd",
"Description": "Multimedia keyboard manager for Logitech keyboards and is required if you use the multimedia keys.",
"Company": "Logitech",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "keenvalue",
"PAltName": "keenvalue.exe",
"Name": "Keenvalue",
"Description": "Application that monitors the web pages a user visits and displays advertisements based on keyword searches from the user.",
"Company": "EUNIVERSE INC",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "kernel32",
"PAltName": "kernel32.dll",
"Name": "Windows Kernel Process",
"Description": "Windows Kernel, which provides system services for managing threads, memory, and resources.",
"Company": "Microsoft Corp.",
"SysProcess": "Yes",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "kernel32",
"PAltName": "kernel32.exe",
"Name": "kernel32",
"Description": "Virus added to the system as a result of Floodnet virus that attempts to send a message to the alias\"All Users\" using Microsoft Outlook. If this address is not present in a local or global address book, or not an alias on the specified SMTP server, then the message is not sent.",
"Company": "N/A",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "launch32",
"PAltName": "launch32.exe",
"Name": "launch32",
"Description": "Application that is a Microsoft Systems Management Server that provides application deployment, asset management, security patch management, Windows Management Services integration, and other facilities.",
"Company": "Microsoft Corp.",
"SysProcess": "Yes",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "launcher",
"PAltName": "launcher.exe",
"Name": "Launcher",
"Description": "Spyware application associated with DownloadWare.",
"Company": "Intercort Systems (DownloadWare)",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "lexbces",
"PAltName": "lexbces.exe",
"Name": "LexBce Service",
"Description": "Application that is associated with Lexmark MarkVision software that is used to configure the internal network card that comes with a Lexmark printer.",
"Company": "Lexmark International Inc",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "lexpps",
"PAltName": "lexpps.exe",
"Name": "Lexpps",
"Description": "Background application used for the Lexmark Printer Port Scanner. The application allows a user to share a printer over a Windows network. Without this application, users cannot share printers. The application is installed with other printer drivers.",
"Company": "Lexmark International Inc",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "lights",
"PAltName": "lights.exe",
"Name": "Lights",
"Description": "System tray bar application that is used to show the modem status. The application contains two red/green activity lights that help users to get the modem status.",
"Company": "Microsoft Corp.",
"SysProcess": "Yes",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "livenote",
"PAltName": "livenote.exe",
"Name": "Livenote",
"Description": "Application that is used to update the Asus graphics card drivers.",
"Company": "ASUSTeK Computer Inc.",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "loader",
"PAltName": "loader.exe",
"Name": "Loader",
"Description": "Application that hijacks a userÆs home page and redirects the browser to coolwwwsearch.com.",
"Company": "N/A",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "loadqm",
"PAltName": "loadqm.exe",
"Name": "MSN Queue Manager Loader",
"Description": "MSN Queue Manager Loader, a service that is installed with MSN Explorer and MSN Messenger. It can use a lot of system resources.",
"Company": "Microsoft Corp.",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "loadwc",
"PAltName": "loadwc.exe",
"Name": "Load WebCheck",
"Description": "Load WebCheck does the following: (1) customizes some of the settings in Internet Explorer, (2) adds, removes, and updates subscriptions and (3) propagates settings for user profiles.",
"Company": "Microsoft Corp.",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "locator",
"PAltName": "locator.exe",
"Name": "RPC Locator",
"Description": "Background task that runs on Windows NT 4, 2000, and XP platforms, and maintains the database of currently publicly-declared procedures. Server processes and applications register all their publicly declared procedures with Locator. Thus, client processes can query Locator for specific publicly-declared procedures.",
"Company": "Microsoft Corp.",
"SysProcess": "Yes",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "lsass",
"PAltName": "lsass.exe",
"Name": "Local Security Authority Service",
"Description": "Windows Local Security Authority Server Process handles Windows security mechanisms. It verifies the validity of user logons to your computer or server. Technically, the software generates the process that is responsible for authenticating users for the Winlogon service.",
"Company": "Microsoft Corp.",
"SysProcess": "Yes",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "lucomserver",
"PAltName": "lucomserver.exe",
"Name": "Lucomserver",
"Description": "Application that is associated with Norton LiveUpdate, which updates the software and virus definitions.",
"Company": "Symantec Corporation",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "lvcoms",
"PAltName": "lvcoms.exe",
"Name": "Lvcoms",
"Description": "Application that is used for Logitech QuickCam home cameras. The application allows the camera to be accessed by NetMeeting, Windows Movie Maker, and the QuickCam software.",
"Company": "Logitech",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "mad",
"PAltName": "mad.exe",
"Name": "System Attendant Service",
"Description": "System Attendant Service for Microsoft Exchange Server that runs in the background and is needed by Microsoft Exchange Server. The service loads DLLs for Microsoft Exchange, writes log messages, and generates the offline address books",
"Company": "Microsoft Corp.",
"SysProcess": "Yes",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "mapisp32",
"PAltName": "mapisp32.exe",
"Name": "Mapisp32",
"Description": "Also known as MAPI Spooler. The application dispatches the messages waiting in Microsoft Exchange, Windows Messaging, or the Microsoft Outlook outbox.",
"Company": "Microsoft Corp.",
"SysProcess": "Yes",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "mapisvc32",
"PAltName": "mapisvc32.exe",
"Name": "mapisvc32",
"Description": "Added to the system as a result of the KX virus and also recognized by Symantec as FPAI adware.",
"Company": "N/A",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "mcshield",
"PAltName": "mcshield.exe",
"Name": "McAfee VirusScan",
"Description": "Application that is associated with McAfee antivirus software that scans files in the background when you access them.",
"Company": "Network Associates, Inc.",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "md",
"PAltName": "md.exe",
"Name": "SystemMD",
"Description": "Home page hijacker application that redirects the browser to a pornographic web site.",
"Company": "N/A",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "mdm",
"PAltName": "mdm.exe",
"Name": "Machine Debug Manager",
"Description": "Machine Debug Manager is used for debugging applications by technically advanced users and developers and is installed by the Microsoft Script Editor that is included in Microsoft Office.",
"Company": "Microsoft Corp.",
"SysProcess": "Yes",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "mfin32",
"PAltName": "mfin32.exe",
"Name": "MyFreeInternetUpdate",
"Description": "MyFreeInternetUpdate is an adware program and downloader.",
"Company": "N/A",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "mgabg",
"PAltName": "mgabg.exe",
"Name": "Matrox BIOS Guard",
"Description": "Matrox BIOS guard process. Disabling this will impact the operation of your Matrox graphics card.",
"Company": "Matrox",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "mmc",
"PAltName": "mmc.exe",
"Name": "Microsoft Management Console",
"Description": "Microsoft Management Console application is used to display various management plug-ins accessed from the Control Panel, such as the Device Manager or the Computer Management console. The Microsoft Management Console manages most of the Microsoft system products such as SQL Server, Exchange server, and more.",
"Company": "Microsoft Corp.",
"SysProcess": "Yes",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "mmod",
"PAltName": "mmod.exe",
"Name": "Mmod",
"Description": "Spyware application that is packed with the popular iMesh and KaZaA file-sharing programs.",
"Company": "Ezula Inc.",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "mmtask",
"PAltName": "mmtask.tsk",
"Name": "Multimedia Support Task",
"Description": "Windows Multimedia Background Task Support Module that handles multimedia services. The software provides simulated multitasking for multimedia applications; for example, you could be playing more than one AVI movie at the same time. This task does not exist in Windows NT 4, 2000, or XP operating systems, which are true multitasking operating systems.",
"Company": "Microsoft Corp.",
"SysProcess": "Yes",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "mmtask",
"PAltName": "mmtask.exe",
"Name": "Mmtask",
"Description": "Part of MusicMatch Jukebox that is digital music player, CD burner and ripper, music organizer, and play list creator.",
"Company": "Musicmatch, Inc",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "mobsync",
"PAltName": "mobsync.exe",
"Name": "Microsoft Synchronization Manager",
"Description": "Application that is associated with Internet Explorer and used to update the network copy of materials that are edited offline, such as documents, calendars, and email messages.",
"Company": "Microsoft Corp.",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "monitor",
"PAltName": "monitor.exe",
"Name": "Monitor",
"Description": "Application that helps in monitoring Windows NT Server Performance. Monitor.exe runs from the command line on your local workstation. You use this service to start, stop, and set up the Datalog service on the target server.",
"Company": "Microsoft Corp.",
"SysProcess": "Yes",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "mostat",
"PAltName": "mostat.exe",
"Name": "Mostat",
"Description": "Application that is used to collect information and statistics about user browsing habits and transmit them back to the World Media center. The application takes the browser to a site that is part of the advertising network and then redirects back the browser to the original target site.",
"Company": "Wurld Media Inc",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "mplayer2",
"PAltName": "mplayer2.exe",
"Name": "Windows Media Player",
"Description": "Newer version of Windows Media Player, which is used to open and play music, sound and video files.",
"Company": "Microsoft Corp.",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "mprexe",
"PAltName": "mprexe.exe",
"Name": "Windows Routing Process",
"Description": "Application that allows Windows 95, 98, or ME to have more than one network client, protocol, or adapter. The software routes network requests between the different adapters and clients.",
"Company": "Microsoft Corp.",
"SysProcess": "Yes",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "msapp",
"PAltName": "msapp.exe",
"Name": "Msapp",
"Description": "Added to the system as a result of the RSBOT virus.",
"Company": "N/A",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "msbb",
"PAltName": "msbb.exe",
"Name": "MSBB Web3000 Spyware Application",
"Description": "MSBB Web3000 spyware application that is included with some adware products and is started from the registry when Windows is loaded.",
"Company": "180Solutions.com",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "msblast",
"PAltName": "msblast.exe",
"Name": "MSBlast Worm",
"Description": "Internet worm that uses a vulnerability in DCOM/RPC (port 135) to infect 2000/XP systems. The worm allows TFTP that is used to transfer the worm.",
"Company": "N/A",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "mscache",
"PAltName": "mscache.exe",
"Name": "Mscache",
"Description": "Spyware web downloader. The application is installed by a spyware ISTbar that is an Internet Explorer toolbar. The spyware is a home page and search hijacker.",
"Description": "Added to the system as a result of Win32.Sobig.B@mm (Palyh) virus that is a mass mailer and spreads with email, as an attached file.",
"Company": "N/A",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "mscman",
"PAltName": "mscman.exe",
"Name": "Mscman",
"Description": "Application that loads into the system as an Internet Explorer Helper add-on and changes the browser behavior. When the user browses the Internet, specific words are highlighted in yellow to attract the user and re-direct the user to advertiser related pages when the user clicks on the words.",
"Company": "Odysseus Marketing Inc",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "msconfig",
"PAltName": "msconfig.exe",
"Name": "Windows System Configuration Utility.",
"Description": "A file that helps to manage startup and configure system files like autoexec.bat and win.ini. This file also changes the display of printer properties.",
"Company": "Microsoft Corp.",
"SysProcess": "Yes",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "msdm",
"PAltName": "msdm.exe",
"Name": "Media Plug x.1.2",
"Description": "Added as to the system as a result of the MULDROP.352 virus.",
"Company": "N/A",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "msdtc",
"PAltName": "msdtc.exe",
"Name": "Distributed Transaction Coordinator",
"Description": "Application that is loaded into the system by Microsoft Personal Web Server and Microsoft SQL Server. The service is used to manage transactions across multiple servers.",
"Company": "Microsoft Corp.",
"SysProcess": "Yes",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "msgsrv32",
"PAltName": "msgsrv32.exe",
"Name": "Windows Message Server",
"Description": "Windows Message Server, which loads Windows drivers and the Program Manager at start-up. The software runs invisibly in the background performing a variety of essential services, most of which concern on-screen messages and notifications.",
"Company": "Microsoft Corp.",
"SysProcess": "Yes",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "msgsys",
"PAltName": "msgsys.exe",
"Name": "Msgsys",
"Description": "Application that belongs to Intel LANDesk client Manager v6.0.",
"Company": "Intel Corporation",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "mshta",
"PAltName": "mshta.exe",
"Name": "Microsoft HTML Application Host",
"Description": "Application that is used to run HTA files in Windows. The application is loaded as soon as an .HTA application needs to run and then terminates when the application completes.",
"Company": "Microsoft Corp.",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "msiexec",
"PAltName": "msiexec.exe",
"Name": "Windows Installer Component",
"Description": "Windows Installer Component that is used to install new programs that use Windows Installer package files (MSI).",
"Company": "Microsoft Corp.",
"SysProcess": "Yes",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "msiexec16",
"PAltName": "msiexec16.exe",
"Name": "Troj/OptixP-13 Trojan",
"Description": "Added to the system as a result of the Troj/OptixP-13 Trojan. This Trojan is a backdoor virus that can be used to gain unauthorized remote access to the computer over a network.",
"Company": "N/A",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "msimn",
"PAltName": "msimn.exe",
"Name": "Microsoft Outlook Express",
"Description": "Microsoft Outlook Express, an email and newsgroup client included with Microsoft Windows.",
"Company": "Microsoft Corp.",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "mslaugh",
"PAltName": "mslaugh.exe",
"Name": "Windows automation",
"Description": "Added to the system as a result of as a result of the BLASTER.E WORM that exploits the DCOM Rcomputer vulnerability using TCP port 135. The worm targets only Windows 2000 and Windows XP computers.",
"Company": "N/A",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "msmgt",
"PAltName": "msmgt.exe",
"Name": "Msmgt",
"Description": "Adware and home page hijacker.",
"Company": "Total Velocity",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "msmsgri32",
"PAltName": "msmsgri32.exe",
"Name": "Msmsgri32",
"Description": "Added to the system as a result of the RANDEX.D virus.",
"Company": "N/A",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "msmsgs",
"PAltName": "msmsgs.exe",
"Name": "MSN Messenger Traybar Process",
"Description": "Tray bar icon for MSN Messenger that is an online chat and instant messaging client.",
"Company": "Microsoft Corp.",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "msnmsgr",
"PAltName": "msnmsgr.exe",
"Name": "MSN Messenger",
"Description": "MSN Messenger, an online chat and instant messaging client.",
"Company": "Microsoft Corp.",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "msoobe",
"PAltName": "msoobe.exe",
"Name": "Windows Product Activation",
"Description": "Windows Product Activation, which is used to activate an Windows XP license.",
"Company": "Microsoft Corp.",
"SysProcess": "Yes",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "mspaint",
"PAltName": "mspaint.exe",
"Name": "Microsoft Paint",
"Description": "Microsoft Paint, which is an image editor included with Microsoft Windows that can be used to edit bitmap images.",
"Company": "Microsoft Corp.",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "mspmspsv",
"PAltName": "mspmspsv.exe",
"Name": "WMDM PMSP Service",
"Description": "Helper service installed by Windows Media Player 7. The service allows Windows Media Player to support the SDMI (Secure Digital Music Initiative) protocol when copying CDs or packaging copyrighted downloaded music to SDMI-compliant music players and storage devices.",
"Description": "Added to the system as a result of an ICQ Trojan that alters Win.ini and System.ini files and generates several. .exe-files with randomly chosen names.",
"Company": "N/A",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "mssearch",
"PAltName": "mssearch.exe",
"Name": "MS Index Service",
"Description": "Application that generates full-text indexes on content and properties of structured and semi-structured data to allow fast linguistic searches on this data that is used for IIS.",
"Company": "Microsoft Corp.",
"SysProcess": "Yes",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "mssvc",
"PAltName": "mssvc.exe",
"Name": "StealthDisk",
"Description": "Application that is used to hide folders, files, and applications. The application can also encrypt them for better protection. Folders and files are hidden even when this application and the operating system are not running.",
"Company": "Tucows Inc.",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "mssys",
"PAltName": "mssys.exe",
"Name": "Mssys",
"Description": "Added to the system as a result of the MYSS.B virus.",
"Company": "N/A",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "mstask",
"PAltName": "mstask.exe",
"Name": "Windows Task Scheduler",
"Description": "Windows Task Scheduler, a service that schedules tasks, such as backups or updates, to run at certain times or dates.",
"Company": "Microsoft Corp.",
"SysProcess": "Yes",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "msvxd",
"PAltName": "msvxd.exe",
"Name": "W32/Datom-A",
"Description": "Msvxd.exe, the executable component of a Win32 worm called W32/Datom-A that uses Windows network shares to spread. The worm consists of three files: msvxd.exe, msvxd16.dll and msvxd32.dll. Msvxd.exe loads two other DLL files.",
"Company": "N/A",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "mtx",
"PAltName": "mtx.exe",
"Name": "Microsoft Transaction Server (MTS)",
"Description": "Application that is used to load a specific MTS package by generating MTS objects on behalf of client applications.",
"Company": "Microsoft Corp.",
"SysProcess": "Yes",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "navapsvc",
"PAltName": "navapsvc.exe",
"Name": "Norton AntiVirus Auto-Protect Service",
"Description": "Background application for Norton AntiVirus that provides auto-protection features to the system. It runs on Windows NT/2000/XP.",
"Company": "Symantec Corporation",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "navapw32",
"PAltName": "navapw32.exe",
"Name": "Norton AntiVirus Agent",
"Description": "Background application for Norton AntiVirus that provides auto-protection to the system. It runs on Windows 95/98/ME.",
"Company": "Symantec Corporation",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "nerocheck",
"PAltName": "nerocheck.exe",
"Name": "Nero Driver Monitor",
"Description": "Application that is used to install or control Nero driver nerocd2k.sys application. It is associated with Nero CD writing software.",
"Company": "Ahead Software",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "netd32",
"PAltName": "netd32.exe",
"Name": "MicrosoftNetwork Daemon for Win32",
"Description": "Added to the system as a result of the RANDEX.F virus that is a network aware worm.",
"Company": "N/A",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "netdde",
"PAltName": "netdde.exe",
"Name": "Microsoft Windows Network DDE server",
"Description": "Application that is the Network DDE server for Microsoft Windows. The software allows applications that use the DDE transport to transparently exchange data over a network.",
"Company": "Microsoft Corp.",
"SysProcess": "Yes",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "netscape",
"PAltName": "netscape.exe",
"Name": "Netscape Messenger",
"Description": "Application that is the principal file called by Netscape Navigator, Netscape Mail and News, and Netscape Messenger.",
"Company": "Netscape",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "netscp6",
"PAltName": "netscp6.exe",
"Name": "Netscape 6",
"Description": "Executable for Netscape 6.",
"Company": "Netscape",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "nisum",
"PAltName": "nisum.exe",
"Name": "Norton Internet Security Stats",
"Description": "Application that collects all information about the traffic that passes through the Norton firewall.",
"Company": "Symantec Corporation",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "nopdb",
"PAltName": "nopdb.exe",
"Name": "Nopdb",
"Description": "Application that is associated with Norton Speed Disk. The application is installed only to start the Speed Disk automatically by default on Windows start-up.",
"Company": "Symantec Corporation",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "notepad",
"PAltName": "notepad.exe",
"Name": "Notepad",
"Description": "Notepad, text editor that is used to open text documents and is included with Windows.",
"Company": "Microsoft Corp.",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "nssys32",
"PAltName": "nssys32.exe",
"Name": "nsdriver",
"Description": "Added to the system as a result of an unidentified virus.",
"Company": "N/A",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "nstask32",
"PAltName": "nstask32.exe",
"Name": "NDplDeamon",
"Description": "Added to the system as a result of the RANDEX.E virus.",
"Company": "N/A",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "nsupdate",
"PAltName": "nsupdate.exe",
"Name": "Nsupdate",
"Description": "A dialer program that dials to a site specific to adult or pornographic content.",
"Company": "N/A",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "ntfrs",
"PAltName": "ntfrs.exe",
"Name": "File Replication Service",
"Description": "Application that is used to maintain file synchronization of file directory contents among multiple servers.",
"Company": "Microsoft Corp.",
"SysProcess": "Yes",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "ntvdm",
"PAltName": "ntvdm.exe",
"Name": "Windows 16-bit Virtual Machine",
"Description": "Application that provides an environment for a 16-bit process to execute on a 32-bit platform.",
"Company": "Microsoft Corp.",
"SysProcess": "Yes",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "nvsvc32",
"PAltName": "nvsvc32.exe",
"Name": "NVIDIA Driver Helper Service",
"Description": "Application that is loaded to the system by NVIDIA graphics card drivers.",
"Company": "NVIDIA Corporation",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "nwiz",
"PAltName": "nwiz.exe",
"Name": "NVIDIA nView Wizard",
"Description": "Application that allows a users to have 32 virtual desktops, get a desktop larger than the viewable area of the monitor, divide the display across more than one monitor, manage applications, and many more features.",
"Company": "NVIDIA Corporation",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "onsrvr",
"PAltName": "onsrvr.exe",
"Name": "OnSrvr",
"Description": "Adware from OnWebMedia.",
"Company": "OnWebMedia.Com",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "optimize",
"PAltName": "optimize.exe",
"Name": "Optimize",
"Description": "Adult content dialer that dials numbers specific to porn related sites.",
"Company": "N/A",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "osa",
"PAltName": "osa.exe",
"Name": "Office Startup Assistant",
"Description": "Microsoft Office Startup Assistant that is loaded at start-up and improves performance by handling automation, Office fonts, certain Office commands, and Outlook notification.",
"Company": "Microsoft Corp.",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "osd",
"PAltName": "osd.exe",
"Name": "OnScreen Display System Tray icon",
"Description": "System tray bar application that allows a user to change the color or font of display. The user can also modify other display settings.",
"Company": "Netropa Corporation",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "patch",
"PAltName": "patch.exe",
"Name": "Patch",
"Description": "Added to the system as a result of the NETBUS virus. The program is a remote administration hack tool that can be used to control other computers, with Netbus Server installed, through the Internet or the network. The hacker must have the Netbus Client installed. PATCH.EXE is the server part of the program.",
"Company": "N/A",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "pctspk",
"PAltName": "pctspk.exe",
"Name": "Pctspk",
"Description": "Application that is loaded to the system by the drivers for the PCTEL 2304WT V.92 MDC modems.",
"Company": "PCTEL",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "pds",
"PAltName": "pds.exe",
"Name": "Intel Ping Discovery Service",
"Description": "Application that is associated with Intel LANDesk Management Suite software. The application helps to find registered products on a computer.",
"Company": "Intel Corporation.",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "pgmonitr",
"PAltName": "pgmonitr.exe",
"Name": "Pgmonitr",
"Description": "Application that is associated with the advertising product from The Delfin Project. The application is loaded to the system by the file sharing application kazaa.",
"Company": "Delfin Project Inc",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "pinger",
"PAltName": "pinger.exe",
"Name": "Pinger",
"Description": "Background task for Toshiba that regularly checks for software and driver updates.",
"Company": "TOSHIBA Corp.",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "point32",
"PAltName": "point32.exe",
"Name": "Microsoft Intellimouse Monitor",
"Description": "Microsoft Intellimouse Monitor adds a mouse settings icon to the tray bar.",
"Company": "Microsoft Corp.",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "powerscan",
"PAltName": "powerscan.exe",
"Name": "Powerscan",
"Description": "Foistware by Integrated Search Technologies that is behind the ISTbar parasite. ISTbar is an Internet Explorer toolbar, home page, and search hijacker.",
"Company": "Integrated Search Technologies",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "prizesurfer",
"PAltName": "prizesurfer.exe",
"Name": "Prizesurfer",
"Description": "Application that allows users to win cash and prizes just for surfing the Internet and shopping online.",
"Company": "prizesurfer.com",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "prmt",
"PAltName": "prmt.exe",
"Name": "NetRatings software",
"Description": "NetRatings software that measures Internet usage anonymously and surveys participants according to their profiles and online habits. This software has been reported to be installed automatically after a Grokster install. The application anonymously collects your use of the Internet protocols, such as sites visited, web pages, advertisements seen, electronic commerce, and streaming data.",
"Company": "OpiStat",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "prmvr",
"PAltName": "prmvr.exe",
"Name": "YahooStock",
"Description": "Adware software Adtomi that offers banner advertising services and ad hosting for web masters.",
"Company": "Adtomi",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "promon",
"PAltName": "promon.exe",
"Name": "Promon",
"Description": "System tray bar application that shows LEDs that give information on the network traffic going through an Intel Pro network card. The application also allows users to call diagnostic features, configuration data, and setup screens.",
"Company": "Intel Corporation.",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "prpcui",
"PAltName": "prpcui.exe",
"Name": "PRPCMonitor",
"Description": "Application that detects whether the laptop computer is getting its power from the battery or from the adaptor. If the laptop computer is running on a battery, the application scales down the frequency and voltage of the CPU to reduce power consumption.",
"Company": "Intel Corporation.",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "ps2",
"PAltName": "ps2.exe",
"Name": "Ps2",
"Description": "Application that provides functionality to keyboard on Hewlett Packard computers.",
"Company": "Hewlett-Packard",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "psfree",
"PAltName": "psfree.exe",
"Name": "Psfree",
"Description": "Application that allows a user to block advertising popups while browsing the Internet.",
"Company": "Panicware, Inc",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "pstores",
"PAltName": "pstores.exe",
"Name": "Protected Storage Service",
"Description": "Microsoft Protected Storage Server, in Win95/98/ME, or Protected Storage Service, in WinNT/2000/XP. Protected Storage, in the form of PSTORES, was introduced with Internet Explorer 4. It is invoked by Microsoft Internet programs, such as Outlook Express and Internet Explorer, to securely store a variety of secure and confidential data into the registry, such as Outlook Express passwords, SSL certificates, auto-complete fields, such as usernames and passwords to enter web sites, and so forth, and web forms data.",
"Company": "Microsoft Corp.",
"SysProcess": "Yes",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "ptsnoop",
"PAltName": "ptsnoop.exe",
"Name": "Ptsnoop",
"Description": "Application that is associated with PCTEL modems and is needed for the functioning of those modems.",
"Company": "PCTEL",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "qserver",
"PAltName": "qserver.exe",
"Name": "NAV CE Server/Client - Symantec Central Quarantine",
"Description": "Application that is associated with Norton and is used to accept infected files from servers and clients and communicates with Quarantine Console.",
"Company": "Symantec Corporation",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "qttask",
"PAltName": "qttask.exe",
"Name": "Quick Time Tray Icon",
"Description": "System tray bar application for Apple QuickTime software that allows a user to access software from the system tray.",
"Company": "Apple Computer, Inc.",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "ramsys",
"PAltName": "ramsys.exe",
"Name": "Advanced StartUp Manager",
"Description": "Application that allows a user to control system startup programs. By using the registry, Startup folders in the Start menu and Win.ini file, the application gives list of all programs that are configured to start on boot up. A user can enable, disable, or delete an application from that list.",
"Company": "Rayslab, Inc.",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "ray",
"PAltName": "ray.exe",
"Name": "Ray",
"Description": "Application that hijacks the browser home page and re-directs browsers to adult content web sites.",
"Company": "N/A",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "rb32",
"PAltName": "rb32.exe",
"Name": "Rrb32",
"Description": "Variant of the RapidBlaster parasite that runs as a task at Windows start-up. The application downloads advertising from the Internet and displays it periodically.",
"Company": "N/A",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "rcsync",
"PAltName": "rcsync.exe",
"Name": "Rcsync",
"Description": "Related to PrizeSurfer. PrizeSurfer is stealth-installed malware that automatically enters you to win cash and prizes when you surf and shop on the web. This program can show different popup windows and can redirect you to different web sites. This may cause a problem with your security and privacy.",
"Company": "N/A",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "realplay",
"PAltName": "realplay.exe",
"Name": "Real Player",
"Description": "System tray icon for RealPlayer. Real Player is a media player used to open and play music, sound and video files in Real Media Format. If you subsequently start RealPlayer manually it adds itself back to the start-up list. You can stop this from happening by right-clicking on the tray icon and disabling SmartCenter with Preferences",
"Company": "Real Networks",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "realsched",
"PAltName": "realsched.exe",
"Name": "RealNetworks Scheduler",
"Description": "Application that is a scheduler program for the RealOne player that prompts for update.",
"Company": "Real Networks",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "reboot",
"PAltName": "reboot.exe",
"Name": "REBOOT",
"Description": "Small Dos based application used to reboot the computer. Users can set delays for reboots through the command line switch.",
"Company": "Top Cat Computing",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "regedit",
"PAltName": "regedit.exe",
"Name": "Registry Editor",
"Description": "Application that is used to change settings in the system registry. This application contains information about how your computer runs and what software is installed on the computer.",
"Company": "Microsoft Corp.",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "regsvc",
"PAltName": "regsvc.exe",
"Name": "Remote Registry Service",
"Description": "A service that allows access to the Windows registry from remote computers. The service runs on Windows 2000 Server and Advanced Server. Whenever you install Microsoft software, such as SQL on Windows 2000 Server, and your setup program needs to write keys to the registry, the setup program interacts with the Remote registry Service (REGSVC.EXE) and the Remote registry Service does the actual writing of the registry keys. This background service is also required if you intend to edit the registry from a remote computer using Windows 2000 Remote Administration facilities.",
"Company": "Microsoft Corp.",
"SysProcess": "Yes",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "regsvr32",
"PAltName": "regsvr32.exe",
"Name": "Regsvr32",
"Description": "Application that is used to register dynamic-link libraries and ActiveX controls in the registry.",
"Company": "Microsoft Corp.",
"SysProcess": "Yes",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "rnaapp",
"PAltName": "rnaapp.exe",
"Name": "Windows Modem Connection",
"Description": "Windows Dial-Up Networking application that handles dial-up modem connections. RNAAPP only appears in your Task List if your computer tries or tried to dial out at some stage or if the computer is waiting for an in-bound connection using Dial-Up Networking.",
"Company": "Microsoft Corp.",
"SysProcess": "Yes",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "rnathchk",
"PAltName": "rnathchk.exe",
"Name": "Rnathchk",
"Description": "Part of Real Networks RealOne Player.",
"Company": "Real Networks",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "rndal",
"PAltName": "rndal.exe",
"Name": "Rndal",
"Description": "Background application associated with Real Networks RealOne Player.",
"Company": "Real Networks",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "rpcss",
"PAltName": "rpcss.exe",
"Name": "Remote Procedure Call Services",
"Description": "Application that allows other programs to call publicly declared procedures over a network. This application becomes a crucial component for other network related Microsoft software.",
"Company": "Microsoft Corp.",
"SysProcess": "Yes",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "rtvscan",
"PAltName": "rtvscan.exe",
"Name": "Real Time Virus Scan service",
"Description": "Application that is associated with Norton Anti-Virus that provides a real-time virus scan service. It also helps to keep in touch with the Symantec System Center.",
"Company": "Symantec Corporation",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "rulaunch",
"PAltName": "rulaunch.exe",
"Name": "Rulaunch",
"Description": "Background application used to download Instant Updater for McAfee VirusScan, Internet Security, Quick Clean, Uninstaller and Firewall products whenever a user connects to the Internet.",
"Company": "Network Associates, Inc.",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "run32dll",
"PAltName": "run32dll.exe",
"Name": "PAL PC Spy",
"Description": "A key recorder and screen capture utility that controls and monitors everything that happens on your computer and online.",
"Company": "RF1 Systems",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "rundll",
"PAltName": "rundll.exe",
"Name": "Rundll",
"Description": "Added to the system as a result of the LOXOSCAM virus that is a backdoor Trojan that allows a hacker to gain access to the computer. The application is written in the Delphi programming language.",
"Company": "N/A",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "rundll16",
"PAltName": "rundll16.exe",
"Name": "Rundll16",
"Description": "Added to the system as a result of the Sdbot.F virus that is a Backdoor Trojan that is a variant of Backdoor.Sdbot. The application allows a hacker to control your computer by using the Internet Relay Chat (IRC).",
"Company": "N/A",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "rundll32",
"PAltName": "rundll32.exe",
"Name": "Rundll32",
"Description": "Microsoft \"Run a DLL as an App\". RUNDLL32 is the Microsoft Windows program that loads DLLs into memory so that they can be used by specific programs or by Windows.",
"Company": "Microsoft Corp.",
"SysProcess": "Yes",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "runonce",
"PAltName": "runonce.exe",
"Name": "Runonce",
"Description": "Known as the Microsoft \"Run Once\" wrapper. The application is a program that developers can use as part of their installation procedures to ensure, for example, that after the first reboot after the software installation, some additional configuration program runs once, and once only, to complete the installation.",
"Company": "Microsoft Corp.",
"SysProcess": "Yes",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "ruxdll32",
"PAltName": "ruxdll32.exe",
"Name": "Ruxdll32",
"Description": "Added to the system as a result of the MAPSON.D virus. W32.Mapson.D.Worm is a mass-mailing worm that sends itself to all the contacts in the MSN Messenger contact list and also attempts to spread through file-sharing networks and ICQ. The worm also attempts to terminate some popular antivirus, firewall, and system-monitoring programs.",
"Company": "N/A",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "sage",
"PAltName": "sage.exe",
"Name": "SystemAgent",
"Description": "Application that automatically performs system tuning tasks like disk optimization and error correction. The application can also run any application at prescheduled times.",
"Company": "Microsoft Corp.",
"SysProcess": "Yes",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "sagent2",
"PAltName": "sagent2.exe",
"Name": "Sagent2",
"Description": "Application that is used to detect the presence of a printer port and whether it is set to ECP or EPP. After detection, the application sets options in the printer software.",
"Company": "Epson",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "sahagent",
"PAltName": "sahagent.exe",
"Name": "Sahagent",
"Description": "Application that collects and combines user Internet browsing behavior and sends it to ShopAtHomeSelect servers.",
"Company": "ShopAtHomeSelect.com",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "save",
"PAltName": "save.exe",
"Name": "Save",
"Description": "Application that provides users with coupons and offers while browsing the Internet. The application captures the web site addresses and search words and displays popup advertising related to sites that the user visited.",
"Company": "WhenU.com",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "savenow",
"PAltName": "savenow.exe",
"Name": "Savenow",
"Description": "Application that provides users with crucial coupons and offers while browsing the Internet. The application captures the web site addresses and search words and displays popup advertising related to sites that the user visited.",
"Company": "WhenU.com",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "sbhc",
"PAltName": "sbhc.exe",
"Name": "Sbhc",
"Description": "Application that is an Internet Explorer plug-in and claims to enhance user web browser functionality.",
"Company": "Gigatech Software, Inc.",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "sc",
"PAltName": "sc.exe",
"Name": "Watchdog 2.0 Software",
"Description": "Main executable for Watchdog 2.0 Software that is a monitoring program. The application has many features like Key Log Capture., Instant Messenger Capture, for MSN, AOL, and Yahoo, and Application Log Capture.",
"Company": "Rhombus Technologies.",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "scam32",
"PAltName": "scam32.exe",
"Name": "Scam32",
"Description": "Added to the system as a result of the SIRCAM virus that contains its own SMTP engine and propagates in a manner similar to the W32.Magistr worm.",
"Company": "N/A",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "scanregw",
"PAltName": "scanregw.exe",
"Name": "MicrosoftÆs Registry Checker.",
"Description": "Application that is used to check the integrity of the Windows registry. The application starts on boot up and checks the registry for errors. On finding major errors, the application informs the user to restore from backup; otherwise, the application fixes minor errors.",
"Company": "Microsoft Corp.",
"SysProcess": "Yes",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "scardsvr",
"PAltName": "scardsvr.exe",
"Name": "Smartcard-Ressource server",
"Description": "Application that provides a facility for Smart Card authentication on local or network computers.",
"Company": "Microsoft Corp.",
"SysProcess": "Yes",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "schwizex",
"PAltName": "schwizex.exe",
"Name": "SCHWIZEX",
"Description": "Application that is used to track the changes to the registry, INI files, system files, hardware, network connections, and operating system versions. The application also offers a restore function.",
"Company": "Imagine LAN, Inc",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "scm",
"PAltName": "scm.exe",
"Name": "Service Control Manager",
"Description": "Application that is used to manage all services running on windows. The application provides functionality to stop start, pause, and restart the service. Also offers to change and set the startup type, both automatic and manual, for the service.",
"Company": "Microsoft Corp.",
"SysProcess": "Yes",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "scrsvr",
"PAltName": "scrsvr.exe",
"Name": "Scrsvr",
"Description": "Application that is the OPASERV virus. The worm attempts to spread over network shares by copying itself to the Windows directory of remotely accessible computers as SCRSVR.EXE.",
"Company": "N/A",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "scvhost",
"PAltName": "scvhost.exe",
"Name": "Scvhost",
"Description": "Added to the system as a result of the W32/Agobot-S virus that is an IRC backdoor Trojan and network worm. W32/Agobot-S copies itself to network shares with weak passwords and attempts to spread to computers using the DCOM Rcomputer and the Rcomputer locator vulnerabilities.",
"Company": "N/A",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "scvhost",
"PAltName": "scvhost.exe",
"Name": "Scvhost",
"Description": "Added to the system as a result of the W32/Agobot-S virus that is an IRC backdoor Trojan and network worm. W32/Agobot-S copies itself to network shares with weak passwords and attempts to spread to computers using the DCOM Rcomputer and the Rcomputer locator vulnerabilities.",
"Company": "N/A",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "sentry",
"PAltName": "sentry.exe",
"Name": "SENTRY",
"Description": "Application that allows web site owners to determine the geographic location, connection speed and detailed demographics of every visitor to a web site.",
"Company": "ipinsight.com",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "service",
"PAltName": "service.exe",
"Name": "Service",
"Description": "Added to the system as a result of the Worm.Win32.Raleka virus.",
"Company": "N/A",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "services",
"PAltName": "services.exe",
"Name": "Windows Service Controller",
"Description": "Application that is used only in Windows NT 4, 2000, and XP for starting, stopping, and interacting with system services.",
"Company": "Microsoft Corp.",
"SysProcess": "Yes",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "setup",
"PAltName": "setup.exe",
"Name": "Setup",
"Description": "Common setup application for software.",
"Company": "N/A",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "sgtray",
"PAltName": "sgtray.exe",
"Name": "StorageGuard Tray Application",
"Description": "System tray bar application that is used to remind the user to back up files. This free utility works with BackupMyPC, Simple Backup, and MS Backup software.",
"Company": "VERITAS Software Corporation.",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "showbehind",
"PAltName": "showbehind.exe",
"Name": "Showbehind",
"Description": "Application that displays advertisements.",
"Company": "MicroSmarts Enterprise",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "smc",
"PAltName": "smc.exe",
"Name": "Sygate Firewall",
"Description": "Sygate Secure Enterprise that extends the traditional network security solutions, such as firewall and IDS to the endpoint, and enforces the fact that each device on the network is running the correct security policy.",
"Company": "Sygate, Inc",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "smss",
"PAltName": "smss.exe",
"Name": "Session Manager Subsystem",
"Description": "Application that is used to start, manage, and delete user sessions or client sessions under Terminal Server.",
"Company": "Microsoft Corp.",
"SysProcess": "Yes",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "sndvol32",
"PAltName": "sndvol32.exe",
"Name": "Windows Volume Control",
"Description": "Windows Volume Control process, which is used to control the volume of the sound card and can usually be access from the system tray bar.",
"Company": "Microsoft Corp.",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "snmp",
"PAltName": "snmp.exe",
"Name": "Microsoft SNMP Agent",
"Description": "Windows Simple Network Managment Protocol (SNMP) agent, a proxy that listens for requests and hands them off to the appropriate network provider.",
"Company": "Microsoft Corp.",
"SysProcess": "Yes",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "snmptrap",
"PAltName": "snmptrap.exe",
"Name": "SNMP Trap Service",
"Description": "A trap message that was generated by local or remote MP agents. The service receives and passes these on to SNMP management programs on the computer.",
"Company": "Microsoft Corp.",
"SysProcess": "Yes",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "soap",
"PAltName": "soap.exe",
"Name": "System Soap Pro",
"Description": "System Soap Pro Internet cleaning software that bundles foistware like HTTPER and Zipclix.",
"Company": "System Soap",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "soundman",
"PAltName": "soundman.exe",
"Name": "Avance Sound Effect Manager",
"Description": "System tray bar application that provides support to control the Sony/Philips Digital Interface input and output. The application also allows a user to change the function of the input and output ports of a soundcard from Line-In, Line-Out, and MIC to Front, Rear, and Centre speakers.",
"Company": "Realtek Avance Logic Inc.",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "spoler",
"PAltName": "spoler.exe",
"Name": "Spoler",
"Description": "Added to the system as a result of the RANDEX.J virus, a network-aware worm. This worm receives instructions from an IRC channel on a specific IRC server. One of these commands starts the spread of the worm across the network.",
"Company": "N/A",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "spool32",
"PAltName": "spool32.exe",
"Name": "Printer Spooler",
"Description": "Application that handles the spooling of print jobs transparently. It works only when the user configures the printer to spool print jobs.",
"Company": "Microsoft Corp.",
"SysProcess": "Yes",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "spoolss",
"PAltName": "spoolss.exe",
"Name": "Printer Spooler Subsystem",
"Description": "Windows Printer Spooler Subsystem, a service that controls de-spooling of printer data from disk to printer.",
"Company": "Microsoft Corp.",
"SysProcess": "Yes",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "spoolsv",
"PAltName": "spoolsv.exe",
"Name": "Printer Spooler Service",
"Description": "Windows Printer Spooler, a service that stores printer jobs and forwards them to the printer when it is ready.",
"Company": "Microsoft Corp.",
"SysProcess": "Yes",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "srng",
"PAltName": "srng.exe",
"Name": "Search hijacker",
"Description": "Also called ShopNav. This application is a search hijacker implemented as an Internet Explorer Browser Helper Object, with an updater process run at startup. The application tracks and hijacks the following: Address bar searches, the Search explorer bar, unknown domains, and, in some variants, non-www server names entered into the address bar without the preceding 'http://' will be sent to Srng controlling server www.srng.net, that redirects to a search service at apps.webservicehost.com.",
"Company": "ShopNav",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "srvany",
"PAltName": "srvany.exe",
"Name": "Srvany",
"Description": "Application that is associated with Microsoft Windows NT 4, 2000, and XP Resource Kits and is used to run normal Windows applications as services.",
"Company": "Microsoft Corp.",
"SysProcess": "Yes",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "ssdpsrv",
"PAltName": "ssdpsrv.exe",
"Name": "Ssdpsrv",
"Description": "Application that provides Simple Service Discovery Protocol and General Event Notification Architecture services for the Universal Plug and Play functionality and is a component designed for the future generation of plug and play devices.",
"Company": "Microsoft Corp.",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "start",
"PAltName": "start.exe",
"Name": "Secret-Crush",
"Description": "Hijacker application that may reset your browser home page and/or search settings to point to sites that you do not want.",
"Company": "N/A",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "starteak",
"PAltName": "starteak.exe",
"Name": "Starteak",
"Description": "Application that provides easy access features for Compaq Easy Access Keyboard. A user can program those keyboard keys to perform specific tasks.",
"Company": "Compaq",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "stcloader",
"PAltName": "stcloader.exe",
"Name": "Stcloader",
"Description": "Popup adware by 2ndThought software.",
"Company": "2nd-Thought.com",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "steam",
"PAltName": "steam.exe",
"Name": "Steam",
"Description": "Program used to test update and patches for Half-Life Valve game.",
"Company": "GameSpy Industries",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "stimon",
"PAltName": "stimon.exe",
"Name": "Windows 98/MEÆs Still Image Monitor.",
"Description": "Application that provides one-touch scanning for a scanner. The application is automatically started through registry settings.",
"Company": "Microsoft Corp.",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "stisvc",
"PAltName": "stisvc.exe",
"Name": "Still Image Service",
"Description": "Still Image Service, which handles scanners and digital cameras and is installed by Windows if a scanner or camera is connected to the computer. This is the equivalent of STIMON.exe, but for Windows 2000 and XP.",
"Company": "Microsoft Corp.",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "studio",
"PAltName": "studio.exe",
"Name": "WinAmp",
"Description": "Application used to play all common sound files.",
"Company": "Nullsoft Inc.",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "support",
"PAltName": "support.exe",
"Name": "Support",
"Description": "Added to the system as a result of the W32.Akosw@mm virus. This virus is an email worm that spreads using its own SMTP engine. W32/Israz-A also targets the KaZaA file sharing utility. Upon execution, the worm creates copies of itself in the Windows system folder with the filenames vShell.exe and Win32.exe. The worm also creates copies of itself in the Windows temp folder using the filenames Fun.exe, FAQ.exe, Q322593.exe, Support.exe, ToolBar.exe, and Wizard.exe.",
"Company": "N/A",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "svc",
"PAltName": "svc.exe",
"Name": "Svc",
"Description": "Hijacker, Clientman parasite variant, redirecting to madfinder.com. Detected by Symantec as the MADFIND virus.",
"Company": "N/A",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "svchost",
"PAltName": "svchost.exe",
"Name": "Service Host Process",
"Description": "Application that works as a host process for services that run from dynamic link libraries.",
"Company": "Microsoft Corp.",
"SysProcess": "Yes",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "svchosts",
"PAltName": "svchosts.exe",
"Name": "Svchosts",
"Description": "Added to the system as a result of the Sdbot-N virus which is a backdoor Trojan that allows a remote user unauthorized access and control over the computer with IRC channels. The application runs in the background as a service process and attempts to connect to an IRC server and join a specific channel. The virus then listens on the IRC channel for specific commands and carries out the appropriate actions.",
"Company": "N/A",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "svshost",
"PAltName": "svshost.exe",
"Name": "Svshost",
"Description": "Added to the system as a result of Worm.P2P.Spybot.gen virus. This virus spreads through peer-to-peer (P2P) sharing, rather than through open Windows file shares. The infected systems are scanned for unprotected Windows file shares.",
"Company": "N/A",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "svshost",
"PAltName": "svshost.exe",
"Name": "Svshost",
"Description": "Added to the system as a result of Worm.P2P.Spybot.gen virus. This virus spreads through peer-to-peer (P2P) sharing, rather than through open Windows file shares. The infected systems are scanned for unprotected Windows file shares.",
"Company": "N/A",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "system32",
"PAltName": "system32.exe",
"Name": "System32",
"Description": "Added as a result of the MARI , SYSXXX and other viruses. Mari is an Internet worm spreading with emails as an attached .exe file. Whereas SysXXX is a backdoor Trojan program that was written in the Delphi language, Backdoor.SysXXX gives a hacker complete access to your computer. By default, the Trojan opens two TCP ports, 31,556 and 6,051, that it uses to communicate with the hacker. The application notifies the hacker through email or ICQ. Also, Backdoor.SysXXX attempts to terminate various security products and system monitoring tools.",
"Company": "N/A",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "system",
"PAltName": "system.exe",
"Name": "System",
"Description": "Net Controller 1.08 Trojan.",
"Company": "N/A",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "system",
"PAltName": "system",
"Name": "Windows System Process",
"Description": "Microsoft Windows System Process.",
"Company": "Microsoft Corp.",
"SysProcess": "Yes",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "system process",
"PAltName": "system process",
"Name": "Windows Memory Handler System Process",
"Description": "The Windows Memory Handler System Process zeroes any free pages of RAM and is the only process with priority 0",
"Company": "Microsoft Corp.",
"SysProcess": "Yes",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "systray",
"PAltName": "systray.exe",
"Name": "System Tray Services",
"Description": "Background application that runs the Windows system tray, which provides space to display the clock time and icons installed by other applications.",
"Company": "Microsoft Corp.",
"SysProcess": "Yes",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "tapisrv",
"PAltName": "tapisrv.exe",
"Name": "TAPI Service",
"Description": "Background service that provides Windows Telephony (TAPI) Support in Windows 98 and Windows NT 4. The service is an essential task used by all telephony services, such as dial-up networking through any type of modem, in these two operating systems.",
"Company": "Microsoft Corp.",
"SysProcess": "Yes",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "taskmgr",
"PAltName": "taskmgr.exe",
"Name": "The Windows Task Manager.",
"Description": "Application that displays all processes running on the system. The application is activated by pressing Ctrl+Alt+Del buttons on Windows NT 4, 2000, and XP.",
"Company": "Microsoft Corp.",
"SysProcess": "Yes",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "taskmon",
"PAltName": "taskmon.exe",
"Name": "Windows Task Optimizer",
"Description": "Application that is used to collect information from hard disksby monitoring the most frequently used programs. This information is used by the Disk Defragmenter program, so that the programs and files that the user accesses the most will load faster.",
"Company": "Microsoft Corp.",
"SysProcess": "Yes",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "taskswitch",
"PAltName": "taskswitch.exe",
"Name": "Microsoft TaskSwitch Utility",
"Description": "Application that displays a preview window of each program that the user can switch to by pressing Alt+Tab on the keyboard.",
"Company": "Microsoft Corp.",
"SysProcess": "Yes",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "tcpsvcs",
"PAltName": "tcpsvcs.exe",
"Name": "TCP/IP Services",
"Description": "Application that provides network and Internet communication through TCP/IP. Started only when the user configures special TCP/IP services, such as the DHCP Server.",
"Company": "Microsoft Corp.",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "teekids",
"PAltName": "teekids.exe",
"Name": "Teekids",
"Description": "Indication of the Lovesan worm. This worm scans several IP networks to get access to port 135 (COM). The worm sends a buffer overrun request to vulnerable computers. The newly infected computer then initiates the command shell on TCP port 4444. Lovesan runs the thread that opens the connection on port 4444 and waits for the FTP 'get' request from the victim computer. The worm then forces the victim computer to send the 'FTP get' request. Thus the victim computer downloads the worm from the infected computer and runs it. The victim computer is now infected.",
"Company": "N/A",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "tfswctrl",
"PAltName": "tfswctrl.exe",
"Name": "DLA Packet Writing Software",
"Description": "Application that is used to write data to CDs directly from Windows applications, without using the actual CD Writing software.",
"Company": "Hewlett-Packard",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "tgcmd",
"PAltName": "tgcmd.exe",
"Name": "Tgcmdprovidersbc",
"Description": "Spyware from SupportSoft provided to manufacturers, such as Sony (Vaio Support Agent) and Toshiba (Virtual Tech), and ISPs, such as Comcast, Cox and Charter (Pipeline Support Agent), that allows them to offer on-line support. This part ensures that software is installed correctly. Regarded as spyware as it has the ability to retrieve user information.",
"Company": "SupportSoft, Inc",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "tkbell",
"PAltName": "tkbell.exe",
"Name": "Tkbell",
"Description": "Application that works as a scheduler and is loaded into the system along with RealOne Player.",
"Company": "Real Networks",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "trickler",
"PAltName": "trickler.exe",
"Name": "GAIN Trickler",
"Description": "Gator Advertising and Informational Network (GAIN) that delivers online advertising and informational messages based on web sites that you view.",
"Company": "The Gator Corporation",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "tsadbot",
"PAltName": "tsadbot.exe",
"Name": "Tsadbot",
"Description": "Adware application that affects the performance of Internet connections seriously. The application comes with free software.",
"Company": "Conducent / TimeSink",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "tvmd",
"PAltName": "tvmd.exe",
"Name": "Tvmd",
"Description": "Allows the checkout process for customers in order to safely and securely purchase software. This spyware installs automatically.",
"Company": "Total Velocity",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "tvtmd",
"PAltName": "tvtmd.exe",
"Name": "Tvtmd",
"Description": "Allows the checkout process for customers in order to safely and securely purchase software. This spyware installs automatically.",
"Company": "Total Velocity",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "unwise",
"PAltName": "unwise.exe",
"Name": "PrintScreen",
"Description": "Utility program to capture, print or save the current window from Gadwin Systems, Inc.",
"Company": "Gadwin Systems, Inc.",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "updatestats",
"PAltName": "updatestats.exe",
"Name": "Updatestats",
"Description": "Application that allows live streaming statistics for each match of one league or across all leagues. The application is officially licensed MLB pitch-by-pitch real-time updates from every stadium around the league.",
"Company": "Wild Media, LLC",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "updreg",
"PAltName": "updreg.exe",
"Name": "Creative Register Reminder",
"Description": "Application that reminds users to register for their Creative Labs products.",
"Company": "Creative Technology Ltd",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "uptodate",
"PAltName": "uptodate.exe",
"Name": "Uptodate",
"Description": "BrowserPal, a free popup ad blocker. Browser",
"Company": "BrowserPal.com",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "urlmap",
"PAltName": "urlmap.exe",
"Name": "Urlmap",
"Description": "Program that gets installed with Microsoft Money 2002. The application runs in the background and works with Internet Explorer and the MoneySide applet from Microsoft Money. The application monitors the web pages you visit and, if you come to a page with financial information that may be relevant to financial information in Microsoft Money, the program displays the MoneySide toolbar in Internet Explorer.",
"Company": "Microsoft Corp.",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "userinit",
"PAltName": "userinit.exe",
"Name": "UserInit Process",
"Description": "Application used to run a program before a shell starts. The service runs logon scripts, reestablishes network connections and starts the shell.",
"Company": "Microsoft Corp.",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "vptray",
"PAltName": "vptray.exe",
"Name": "VirusProtect Shield System Tray icon",
"Description": "Tray bar icon application for Norton AntiVirus Corporate Edition 7.x. It helps you to start Norton AntiVirus in order to configure it, run a virus scan, do a LiveUpdate, and more.",
"Company": "Symantec Corporation",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "vshwin32",
"PAltName": "vshwin32.exe",
"Name": "McAfee On-access scanner",
"Description": "Real-time virus scanning task for McAfee VirusScan, which runs in the background and scans files as you use or create them.",
"Company": "Network Associates, Inc.",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "vsmon",
"PAltName": "vsmon.exe",
"Name": "True Vector Internet Monitor",
"Description": "Application that is associated with ZoneAlarm personal firewall, which monitors Internet traffic and generates alerts by following the security rules that users configure in Zone Alarm.",
"Company": "Zone Labs Inc.",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "wanmpsvc",
"PAltName": "wanmpsvc.exe",
"Name": "Wan miniport (ATW) service",
"Description": "Wan miniport (ATW) service provided by AOL. Deletion of this file creates problems with Internet connections. Re-installing AOL does not fix the problem.",
"Description": "Microsoft free synchronization manager that runs in the background in the system tray and allows you to synchronize your Windows CE-based handheld or Palm-size computer with your desktop computer. The manager helps to synchronize documents, email, and calendar items.",
"Company": "Microsoft Corp.",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "wcmdmgr",
"PAltName": "wcmdmgr.exe",
"Name": "Automated Support Engine",
"Description": "Web driver used in many applications, from games to MP3 players. The driver is provided by Wild Tangent to collect feedback about new hardware through an Internet connection.",
"Company": "Wild Tangent",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "webdav",
"PAltName": "webdav.exe",
"Name": "Webdav",
"Description": "Application that is used mainly by hacker to gain control of targeted system.",
"Company": "N/A",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "webscanx",
"PAltName": "webscanx.exe",
"Name": "McAfeeÆs Web and ActiveX Scanner",
"Description": "Component of McAfee antivirus products that run in the background and scan Internet downloads for viruses. The component also provides you with email protection by scanning email attachments. The component also watches out for malicious code in the Java and ActiveX applets on the web pages that you access.",
"Company": "Network Associates, Inc.",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "win-bugsfix",
"PAltName": "win-bugsfix.exe",
"Name": "Win-bugsfix",
"Description": "Added to the system as a result of the LOVELETTER (I Love You) virus.",
"Company": "N/A",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "win32",
"PAltName": "win32.exe",
"Name": "Win32",
"Description": "Added to the system as a result of the RATEGA virus that is a Trojan horse that gives a hacker complete access to your computer. By default, the Trojan listens on port 6969 and notifies the hacker through email. The Trojan notification message will contain the subject line \"Omega Help.\"",
"Company": "N/A",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "win32us",
"PAltName": "win32us.exe",
"Name": "All-In-One-Telcom",
"Description": "Variant of adult content dialer program that dials toll numbers without user awareness or permission.",
"Company": "N/A",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "winactive",
"PAltName": "winactive.exe",
"Name": "Winactive",
"Description": "Active variant of LOP.com hijacker that sets your start page and Internet Explorer search features to use the site lop.com ('Live Online Portal') or one of its clone sites.",
"Company": "N/A",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "winamp",
"PAltName": "winamp.exe",
"Name": "WinAmp",
"Description": "Launches popular high fidelity music player for Windows 95, 98, and NT that plays MP3s, MP2s, WAVs, VOCs, and MIDIs. The utility also helps to organize these sound and video files.",
"Company": "Nullsoft Inc.",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "windows",
"PAltName": "windows.exe",
"Name": "Windows",
"Description": "Added to the system as a result of W32.HLLW.Nulut WORM that attempts to spread through file-sharing networks and email.",
"Company": "N/A",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "wininetd",
"PAltName": "wininetd.exe",
"Name": "Wininetd",
"Description": "Added to the system as a result of the WINET VIRUS! which is a Backdoor Trojan Horse that will install itself in the System directory. It receives instructions from a hard-coded URL.",
"Company": "N/A",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "wininit",
"PAltName": "wininit.exe",
"Name": "Wininit",
"Description": "Added to the system as a result of the WOLLF.16 VIRUS! which is a Backdoor Trojan Horse that installs itself as a server and allows unauthorized access to an infected computer. This Trojan is written in Microsoft Visual C++.",
"Company": "N/A",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "winlogin",
"PAltName": "winlogin.exe",
"Name": "Winlogin",
"Description": "Added to the system as a result of the RANDEX.E VIRUS! which is an Internet Relay Chat (IRC) Trojan Horse that allows its creator to control a computer by using IRC. It is also a worm that can use the DCOM RPC vulnerability to spread itself.",
"Company": "N/A",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "winlogon",
"PAltName": "winlogon.exe",
"Name": "Windows Logon Process",
"Description": "Windows NT logon utility that manages user logons and logoffs. The utility prompts you for the password when you log on and allows you to log off or shut down.",
"Company": "Microsoft Corp.",
"SysProcess": "Yes",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "winmain",
"PAltName": "winmain.exe",
"Name": "Winmain",
"Description": "New breed of malware which loads MSHTA.EXE.mshta.exe accept HTA scripting within a web page and then execute what is embedded IN the page as a program.",
"Company": "N/A",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "winmgmt",
"PAltName": "winmgmt.exe",
"Name": "Windows Management Service",
"Description": "Windows Management Instrumentation from Microsoft that allows you to write scripts for the management of devices, user accounts, services, networking, and other aspects of your Windows 98/ME/NT/2000 system.",
"Company": "Microsoft Corp.",
"SysProcess": "Yes",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "winnet",
"PAltName": "winnet.exe",
"Name": "CommonName Spyware",
"Description": "Internet Explorer Add-on toolbar from CommonName which enables you to enter keywords or short phrases which will take you straight to the website of the organisation that might have bought those keywords.",
"Company": "CommonName Ltd",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "winoa386",
"PAltName": "winoa386.mod",
"Name": "MS-DOS Console",
"Description": "Windows MS-DOS Console provides DOS console and script functions in Windows. It is the interface between the Windows mode and DOS mode in Windows.",
"Company": "Microsoft Corp.",
"SysProcess": "Yes",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "winppr32",
"PAltName": "winppr32.exe",
"Name": "SoBig Virus",
"Description": "Existance of this file shows that you have the W32.Sobig.F worm in your system.W32.Sobig.F is a mass-mailing, network-aware worm that sends itself to all the email addresses it finds on your system. The email message has a fake FROM address",
"Company": "N/A",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "wins",
"PAltName": "wins.exe",
"Name": "Windows Internet Name Service",
"Description": "Windows Internet name service that is based on DNS (Domain Name System).",
"Company": "Microsoft Corp.",
"SysProcess": "Yes",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "winservn",
"PAltName": "winservn.exe",
"Name": "Winservn",
"Description": "Added to the system by PurityScan which is distributed by an advertising company.winservn loads at start-up and spawn massive quantities of large popup ads when the user is online",
"Company": "ClickSpring",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "winssk32",
"PAltName": "winssk32.exe",
"Name": "Winssk32",
"Description": "new variant of Sobig, known as Sobig.E.The worm usually arrives in e-mails with body text \"Please see the attached zip file for details.\" and attachment \"your_details.zip\"",
"Company": "N/A",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "winstart",
"PAltName": "winstart.exe",
"Name": "Winstart",
"Description": "A Foistware from iGetNet which installs components without your knowledge.It turns the IE address bar into a keyword engine piped into IGetNet.",
"Company": "iGetNet",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "winstart001",
"PAltName": "winstart001.exe",
"Name": "Winstart001",
"Description": "Internet Explorer Helper plug-in from iGetNet which redirects the end-user to advertising clients of iGetNet. iGetNet sales keyword to his client.so whenever the user enters that words it connects the user to that client's site.",
"Company": "iGetNet",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "wintsk32",
"PAltName": "wintsk32.exe",
"Name": "Wintsk32",
"Description": "Addedto the system as a result of the YAHA.U VIRUS! which is a variant of W32.Yaha.J@mm.Terminates some antivirus and firewall processes and uses its own SMTP engine to email itself to all the contacts of the Windows Address Book, MSN Messenger, .NET Messenger, Yahoo Pager, and in all the files whose extensions contain the letters HT.",
"Company": "N/A",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "winupdate",
"PAltName": "winupdate.exe",
"Name": "Winupdate",
"Description": "Added to the system as a result of the RADO VIRUS! which is a Backdoor Trojan Horse.It gives its creator unauthorized remote access to your computer. When the Trojan is executed for the first time, it displays a fake error message with the text, \"Incompartible Windows Version.\" See the Technical Details section for an illustration.",
"Company": "N/A",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "winword",
"PAltName": "winword.exe",
"Name": "Microsoft Word",
"Description": "Microsoft Word, a word processing program included in Microsoft Office.",
"Company": "Microsoft Corp.",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "winzip32",
"PAltName": "winzip32.exe",
"Name": "WinZip",
"Description": "WinZip, which is a file compression utility used to create, open and extract zip files. WinZip zips up a document and attaches it to an email message without leaving Explorer. It can also extract and install from MIME and other encoded files. This tool makes working with .zip and other types of archive files easier.",
"Company": "Nico Mak Computing, Inc.",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "wjview",
"PAltName": "wjview.exe",
"Name": "Wjview",
"Description": "Command line utility tool from Microsoft (R) Corporation to view window-based Java applications.",
"Company": "Microsoft Corp.",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "wkcalrem",
"PAltName": "wkcalrem.exe",
"Name": "Microsoft Works Calendar Reminder",
"Description": "Application that is used to remind the user of scheduled events. It is associated with MS Works Calendar program.",
"Company": "Microsoft Corp.",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "wkdetect",
"PAltName": "wkdetect.exe",
"Name": "Wkdetect",
"Description": "A background process that checks automatically for Microsoft Works updates when you are connected to the Internet.",
"Company": "Microsoft Corp.",
"SysProcess": "Yes",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "wkufind",
"PAltName": "wkufind.exe",
"Name": "Wkufind",
"Description": "Update detector for Microsoft Works 2002 PictureIt. If the detector is enabled, it tries to dial your Internet service provider, connect to the Internet, and download any updates available.",
"Company": "Microsoft Corp.",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "wmiexe",
"PAltName": "wmiexe.exe",
"Name": "MicrosoftÆs Windows Management Instrumentation (WMI).",
"Description": "Application that gives a standard method of accessing system information, performance information, event monitors, and application monitors. The application works as a transparent task.",
"Company": "Microsoft Corp.",
"SysProcess": "Yes",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "wmplayer",
"PAltName": "wmplayer.exe",
"Name": "Windows Media Player",
"Description": "Windows Media Player, which is used to open and play music, sound, and video files. It is the default media player that comes with the Windows operating system.",
"Company": "Microsoft Corp.",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "wnad",
"PAltName": "wnad.exe",
"Name": "WinAd Client",
"Description": "This parasite added to the system as a result of running a program called \"Yo Mama Osama\" (osama.exe).There are other ways this can show up on your system, and it will manifest itself by periodically opening a new browser window with advertising for copy DVD software and the like.",
"Company": "Twistedhumor.com",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "wordpad",
"PAltName": "wordpad.exe",
"Name": "Wordpad",
"Description": "WordPad, a text editor used to open and edit.txt and .rtf documents. You can create and edit simple text as well as documents with complex formatting and graphics. You can link or embed information from other documents into a WordPad document.",
"Company": "Microsoft Corp.",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "wowexec",
"PAltName": "wowexec.exe",
"Name": "Windows On Windows Execution Process",
"Description": "Windows On Windows Execution Support Process that provides support for 16-bit Windows applications together with ntvdm.exe. The service is started by NTVDM, which starts every time you run a 16-bit program.",
"Company": "Microsoft Corp.",
"SysProcess": "Yes",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "wscript",
"PAltName": "wscript.exe",
"Name": "Windows Script Host",
"Description": "Application that allows users to run scripts from Windows. The application displays a dialog box for setting script properties.",
"Company": "Microsoft Corp.",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "wuauclt",
"PAltName": "wuauclt.exe",
"Name": "AutoUpdate for WindowsME",
"Description": "Background process responsible for updates to Windows ME. Whenever you connect to the Internet, Wuauclt checks the Microsoft web site for updates to Windows ME.",
"Company": "Microsoft Corp.",
"SysProcess": "Yes",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "wupdt",
"PAltName": "wupdt.exe",
"Name": "Wupdt",
"Description": "Added to the system as a result of the IMISERV VIRUS! which is a backdoor Trojan used to control a target computer from a remote location.It consists of a Server and a Client part. It distributes the Server part to target computers and uses the Client part to control the system running the Server part.",
"Company": "N/A",
"SysProcess": "No",
"SecurityRisk": "Yes",
"Errors": "N/A",
"Status": 0
},
{
"PName": "wuser32",
"PAltName": "wuser32.exe",
"Name": "Wuser32",
"Description": "Application that is used to solve a problem of remote control service starting.",
"Company": "Novell Inc.",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "wzqkpick",
"PAltName": "wzqkpick.exe",
"Name": "WinZip System Tray Application",
"Description": "System tray bar application that allows a user to start WinZip software from the system tray.",
"Company": "Nico Mak Computing, Inc.",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "xfr",
"PAltName": "xfr.exe",
"Name": "Intel File Transfer",
"Description": "Application that is associated with Intel LANDesk Management Suite and used for communicating between the core server and managed clients.",
"Company": "Intel Corporation",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "xl",
"PAltName": "xl.exe",
"Name": "License manager",
"Description": "Software that prevents software from being reverse engineered.",
"Company": "XtreamLok.com",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "ypager",
"PAltName": "ypager.exe",
"Name": "Yahoo Messenger Helper",
"Description": "System tray application for Yahoo Messenger, which is one of the most popular instant messaging programs.",
"Company": "Yahoo! Inc.",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 0
},
{
"PName": "BHOZapper.exe",
"Name": "BHOZapper Application",
"Description": "This application protects your computer against malicious BHOs and does registry optimization.",
"Company": "Powerhouse Programming",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 1
},
{
"PName": "Port Monitor Standalone.exe",
"Name": "Port Monitor Application",
"Description": "Port Monitor is an application that monitors and protects all access ports.",
"Company": "Powerhouse Programming",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 1
},
{
"PName": "daemon.exe",
"Name": "DAEMON Tools",
"Description": "Application for mounting CD images",
"Company": "VeNoM386 and SwENSkE",
"SysProcess": "unknown",
"SecurityRisk": "unknown",
"Errors": "N/A",
"Status": 1
},
{
"PName": "avpcc.exe",
"Name": "Kaspersky Anti-Virus",
"Description": "Kaspersky Anti-Virus",
"Company": "Kaspersky Labs.",
"SysProcess": "No",
"SecurityRisk": "No",
"Errors": "N/A",
"Status": 1
},
{
"PName": "RadLight.exe",
"Name": "RadLight",
"Description": "Application for playing media files",