Text Truncated. Only the first 1MB is shown below. Download the file for the complete contents.
[ winsystem.sys]
Number=7
Confirmed=X
Filename=smss.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.sober.k@mm.html" target=_blank>SOBER.K</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/smss/" target=_blank>smss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a msagent\win32 subfolder of the Winnt or Windows folder
Source=Paul Collins Startup list
[!1_pgaccount]
Number=8
Confirmed=Y
Filename=pgaccount.exe
Description=DiamondCS <a href="http://www.diamondcs.com.au/processguard/" target=_blank>ProcessGuard</a> security software - stops malicious worms and trojans from being executed silently in the background, as well as a variety of other attacks. You will see one instant of pgaccount.exe for every active account on your system, and this is essential for PG to work properly
Source=Paul Collins Startup list
[!1_ProcessGuard_Startup]
Number=9
Confirmed=Y
Filename=procguard.exe
Description=DiamondCS <a href="http://www.diamondcs.com.au/processguard/" target=_blank>ProcessGuard</a> security software - stops malicious worms and trojans from being executed silently in the background, as well as a variety of other attacks
Source=Paul Collins Startup list
[!NoLoad]
Number=10
Confirmed=N
Filename=winrecon.exe
Description=<a href="http://www.winrecon.com/" target="_blank">WinRecon</a> - surveillance software that creates records of everything people do on a computer, ie, spying or monitoring depending upon how you call it
Source=Paul Collins Startup list
[$EnterNet]
Number=11
Confirmed=?
Filename=Enternet.exe
Description=Connection manager for the EnterNet ISP. You can also use <a href="http://user.cs.tu-berlin.de/~normanb/" target="_blank">RASPPOE</a>
Source=Paul Collins Startup list
[$sys$cmp]
Number=12
Confirmed=X
Filename=$sys$xp.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.ryknos.b.html" target=_blank>RYKNOS.B</a> TROJAN! Attempts to utilize the Sony Rootkit A.K.A. SecurityRisk.First4DRM security risk to hide itself on the compromised computer
Source=Paul Collins Startup list
[$sys$drv]
Number=16
Confirmed=X
Filename=$sys$drv.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.ryknos.html" target=_blank>RYKNOS</a> TROJAN! Attempts to utilize the Sony Rootkit A.K.A. SecurityRisk.First4DRM security risk to hide itself on the compromised computer
Source=Paul Collins Startup list
[$WindowsRegKey%update]
Number=23
Confirmed=X
Filename=IEXPLORE.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotez.html" target=_blank>RBOT-EZ</a> WORM! Note - this is not the legitimate Internet Explorer <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/iexplore/" target=_blank>iexplore.exe</a> process which is always located in the Program Files\Internet Explorer folder and should not normally figure in Msconfig/Startup! This file is located in the System (9x/Me) or System32 (NT/2K/XP) folder
Source=Paul Collins Startup list
[%cmpmixtitle%]
Number=24
Confirmed=N
Filename=%cmpmixstr%
Description=<font color="#FF0000">Possibly related to C-Media Mixer Control panel?</font>
Source=Paul Collins Startup list
[%FP%012-L2TP fts.exe]
Number=25
Confirmed=?
Filename=fts.exe
Description=012.Net ISP software - <font color="#FF0000">what does it do and is it required?</font>
Source=Paul Collins Startup list
[%FP%012-L2TP FWPortal.exe]
Number=26
Confirmed=?
Filename=FWPortal.exe
Description=012.Net ISP software - <font color="#FF0000">what does it do and is it required?</font>
Source=Paul Collins Startup list
[%FP%1776 Internet fts.exe]
Number=27
Confirmed=?
Filename=fts.exe
Description=1776 Internet ISP software - <font color="#FF0000">what does it do and is it required?</font>
Source=Paul Collins Startup list
[%FP%1776 Internet FWPortal.exe]
Number=28
Confirmed=?
Filename=FWPortal.exe
Description=1776 Internet ISP software - <font color="#FF0000">what does it do and is it required?</font>
Source=Paul Collins Startup list
[%FP%Barak013 fts.exe]
Number=29
Confirmed=?
Filename=fts.exe
Description=Barak013 ISP software - <font color="#FF0000">what does it do and is it required?</font>
Source=Paul Collins Startup list
[%FP%Barak013 FWPortal.exe]
Number=30
Confirmed=?
Filename=FWPortal.exe
Description=Barak013 ISP software - <font color="#FF0000">what does it do and is it required?</font>
Source=Paul Collins Startup list
[%FP%Friendly fts.exe]
Number=31
Confirmed=?
Filename=fts.exe
Description=Friendly ISP software - <font color="#FF0000">what does it do and is it required?</font>
Source=Paul Collins Startup list
[(default)]
Filename=[random filename].exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.blackmal@mm.html" target="_blank">BLACKMAL</a> WORM!
[(l4r1$$4) (4nt1) (v1ruz)]
Filename=SP00Lsv32.pif
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.assiral.b@mm.html" target=_blank>ASSIRAL.B</a> WORM!
[)start service]
Filename=upssrv.exe
Confirmed=U
Description=Cyber Power <a href="http://www.cyberpowersystems.com/" target=_blank>PowerPanelPlus</a> software. "In the event of a power outage, PowerPanelPlus Software automatically saves and closes all open files, and then shuts down the computer system in an intelligent and orderly manner"
[,main drive loader]
Filename=wininfo.exe
Confirmed=X
Description=Suspected malware as it appears in 3 different registry locations - see <a href="http://forums.techguy.org/t151017/s.html" target="_blank"> here</a>
[.mscdsr]
Filename=lsvchost.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbdoorcr.html" target=_blank>CR</a> TROJAN!
[.mscsbl]
Filename=svhost.exe
Confirmed=X
Description=Added by the <a href="http://vil.mcafeesecurity.com/vil/content/v_130850.htm" target=_blank>CMQ</a> TROJAN!
[.msfupdate]
Filename=msveup.exe
Confirmed=X
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/w32.allocup.a.html" target=_blank>ALLOCUP.A</a> WORM!
[.mssecure]
Filename=mssecure.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=DDOS_BOXED.X&VSect=P" target=_blank>DDOS_BOXED.X</a> TROJAN!
[.net config]
Filename=sysmon32.exe
Confirmed=?
Description=<font color="#FF0000">??</font>
[.norton]
Filename=rchost.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojboxeda.html" target=_blank>BOXED-A</a> TROJAN!
[.svchost]
Filename=CSRSS.EXE
Confirmed=X
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/trojan.webus.f.html" target=_blank>WEBUS.F</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target=_blank>csrss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the System folder
[/l:eng]
Filename=N/A
Confirmed=N
Description=Related to the Dell OEM version of the Sound Blaster Audigy 2 sound card. If this item is listed and checked in startup, the System32 Folder will appear on every startup. A patch is available - filename R75304.EXE - that fixes the issue. You can find that file at support.dell.com by typing that name in the 'Search' box available there. It addresses the root of the problem in Creative's software and corrects it. Unfortunately there is no direct link to the file, but it's easily available using the search function
[000]
Filename=pit.exe
Confirmed=U
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/spyware.privateeye.html" target=_blank>PrivateEye</a> surveillance software! Note - If you did not intentionally install this remove it
Description=Toshiba Hot key functionality for the function keys (Fn-Esc, Fn-F1 (lock), Fn-F2, Fn-F3, Fn-F4, Fn-F5 (switching between laptop and CRT display output), etc...)
[0050726-007-i32-1]
Filename=0050726-007-i32-1.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancbanec.html" target=_blank>BANCBAN-EC</a> TROJAN!
[00dsksvr00]
Filename=desksaver.exe
Confirmed=?
Description=Related to <a href="http://www.softstack.com/deskshield.html" target=_blank>Advanced Desktop Shield</a>
[00dsksvr01]
Filename=desksaver.exe
Confirmed=?
Description=Related to <a href="http://www.softstack.com/deskshield.html" target=_blank>Advanced Desktop Shield</a>
[00thotkey]
Filename=00THotKey.exe
Confirmed=U
Description=For Toshiba Satellite notebook series to use the front buttons, play, stop, next, prev.
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotcc.html" target=_blank>RBOT-CC</a> WORM! Note the first letter is actually the digit "0" and not a capital "o"
[1]
Filename=1.exe
Confirmed=X
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/trojan.esteems.html" target=_blank>ESTEEMS</a> TROJAN!
[1111swapmgr.exe]
Filename=1111swapmgr.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbdooric.html" target=_blank>IC</a> TROJAN!
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.kitro.c.worm.html" target="_blank">KITRO.C</a> (or <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_DANDI.A&VSect=T" target="_blank">DANDI.A</a>) WORM! 123456 can be any random 3 to 6 digit number
Description=HP utility for monitoring when and how many recoveries have been done
[1a:macvisiontraymonitor]
Filename=TrayMonitor.exe
Confirmed=N
Description=Comes with the MacVision program for monitoring tray icons (Note : program is by Stardock)
[1a:stardock mcp]
Filename=mcpserver.exe
Confirmed=Y
Description=Master Control Program for Stardock apps, in development. People should leave it running if they're using any of the Stardock applications
[1a:stardock traymonitor]
Filename=TrayServer.exe
Confirmed=Y
Description=For monitoring tray icons - if disabled icons will not be displayed in ObjectBar or DesktopX
[1cmails]
Filename=NETMAIL.EXE
Confirmed=?
Description=<font color="#FF0000">??</font>
[1on1]
Filename=1on1.exe
Confirmed=X
Description=Adult content dialler
[1srv32]
Filename=SpyAgent4.exe
Confirmed=U
Description=SpyTech <a href="http://www.spytech-web.com/spyagent.shtml" target="_blank">SpyAgent</a> monitoring software. "Spy software that allows you to monitor EVERYTHING users do on your PC."
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlegmirat.html" target=_blank>LEGMIR-AT</a> TROJAN!
[2thousandbuck]
Filename=[path to file]
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.ranky.l.html" target=_blank>RANKY.L</a> TROJAN!
[2wsystray]
Filename=2portalmon.exe
Confirmed=U
Description=<a target="_blank" href="http://www.2wire.com/home/index.html">2Wire Homeportal</a> user interface
[32-bit thunking service]
Filename=thunk32.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.derdero.a@mm.html" target=_blank>DERDERO.A</a> WORM!
[357aa41a-b7a8-4632-a27d-5b980b25cf43]
Filename=services.exe
Confirmed=X
Description=Added by <a href="http://www.symantec.com/avcenter/venc/data/adware.fakemessage.html" target=_blank>FakeMessage/AdRotator</a> adware. Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in an "Inetsrv" subfolder
[39eltfh25z8skf]
Filename=Ezg1q5.exe
Confirmed=?
Description=<font color="#FF0000">Seems to be associated with software by <a href="http://www.resplendence.com/docs/" target="_blank">Resplendence SP</a> ?</font>
[3c1807pd]
Filename=3cmlink.exe 3cpipe-3c1807pd
Confirmed=Y
Description=3Com WinModem driver. See <a href="http://808hi.com/56k/winmodems.asp" target="_blank">here</a> for more WinModem information
Description=Required for a US Robotics WinModem as it provides the link to Windows - won't work without it
[3cmlink]
Filename=3CmlinkW.exe
Confirmed=Y
Description=For a US Robotics WinModem. Provides the link to Windows as the CPU does the processing on WinModems - won't work without it. See <a href="http://808hi.com/56k/winmodems.asp" target="_blank">here</a> for more WinModem information
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.jermy.a.html" target="_blank"> JERMY.A</a> WORM!
[3deep control panel]
Filename=3DeepCTL.EXE
Confirmed=U
Description=From <a href="http://www.colorific.com/index.htm" target="_blank">LightSurf Technologies</a> (nee E-Color) - <a href="http://www.colorific.com/d1.htm" target="_blank">3Deep</a> corrects lighting, shading and color for all your 2D and 3D games
[3dfx acc]
Filename=GFXACC.EXE
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.gibe@mm.html" target="_blank">GIBE</a> WORM!
[3dfx task manager]
Filename=3dfxMan.exe
Confirmed=N
Description=System Tray application for 3dfx Voodoo 3/4/5 functions. Available via Start -> Programs
[3dfx tools]
Filename=3dfxCmn.dll
Confirmed=Y
Description=Updates the registry with information that can't be held for Voodoo 3/4/5 series graphics cards. Important for owners of these cards
[3dfxv2ps.dll]
Filename=3dfxv2ps.dll
Confirmed=Y
Description=Updates the registry with info that can't be held for 3dfx Voodoo 2 video cards. Important for owners of these cards
[3dlabs taskbar display manager]
Filename=3DLman.exe
Confirmed=?
Description=3DLabs graphics driver related. <font color="#FF0000"> System Tray access to display settings?</font>
[3dlabshelperdemon]
Filename=3dldemon.exe
Confirmed=U
Description=Directly from the programs author "It is a tiny program that is installed by the Permedia2/3 and probably other Oxygen-series cards. Normally it sits in the background doing nothing at all (sleeping on a semaphore), so it should take zero CPU time and virtually zero memory, since it will all be paged out to the hard drive." In most cases it can be safely disabled
[3dmouse.exe]
Filename=3DMouse.EXE
Confirmed=Y
Description=Dritek System Inc. 3D Mouse driver
[3d_sound]
Filename=3d_sound.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojriadosa.html" target=_blank>RIADOS-A</a> TROJAN!
[3qdctl.exe]
Filename=3qdctl.exe
Confirmed=U
Description=Provided with Terratec 128i PCI and similar sound cards. Loads a sound profile at bootup, restoring volume and other audio settings to a pre-determined default. Similar to Creative Lab's AudioHQ
[3ware 3dm]
Filename=3dm.exe
Confirmed=Y
Description=Monitors status of the disk array on 3ware IDE RAID controllers
[4wd!!!]
Filename=Natal!.pif
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.AI" target="_blank">OPASERV.AI</a> WORM!
Description=<a href="http://www.alliedtelesyn.co.uk/en-gb/" target=_blank>Allied Telesyn</a> AT series router/modem related - apparently required
[9xhtprotect]
Filename=AVprotect9x.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.m@mm.html" target="_blank">NETSKY.M</a> WORM!
[;rundll]
Filename=[filename]
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_PWSLEGMIR.E" target="_blank">PWSLEGMIR.E</a> TROJAN!
[@]
Filename=regedit -s ..win.dll
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/js.seeker.k.html" target="_blank">SEEKER.K</a> TROJAN!
[@hoc toolbar]
Filename=AtHoc.exe
Confirmed=N
Description=One-click activated browsing toolbar used by various web-sites. See <a href="http://siliconvalley.internet.com/news/article.php/3531_479951" target="_blank">here</a> for more info
[@loha]
Filename=reminder.exe
Confirmed=N
Description=Registration reminder for <a href="http://www.pcworld.com/downloads/file_description/0,fid,6581,00.asp" target="_blank">@loha@home</a> E-mail utility
[@tour_ww]
Filename=@tour_ww[1].exe
Confirmed=X
Description=Adult content dialler
[a new windows updater]
Filename=w32NTupdt.exe
Confirmed=X
Description=Added by <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.mytob.bm@mm.html" target= blank>MYTOB.BM</a> WORM!
[a-squared]
Filename=a2guard.exe
Confirmed=U
Description=<a href="http://www.emsisoft.com/en/" target=_blank>a-Squared</a> antitrojan - can be run on demand but necessary in Startup if you prefer the a?'Background Guard' real time protection feature
[a-winpoet-service]
Filename=winpppoverethernet.exe
Confirmed=Y
Description=WinPoET is the industry's first Windows-based PPP over Ethernet client. Developed by iVasion, WinPoET is attractive to equipment providers, modem suppliers, RBOCs and ISPs. For more info read <a href="http://www.finepoint.com/products/winpoet/index.html" target="_blank">here</a>. It uses dial-up networking for new high-speed internet customers who are more familiar with analogue modems. If unchecked in MSCONFIG it reports Error 360 - Hardware Error in dial-up networking
[a1000 settings utility]
Filename=cpqa1000.exe
Confirmed=U
Description=Compaq A1000 Print Fax All-in-One copy scan printer software. Required in the Startup in order to scan, print, copy and fax. Only required if you use these features
[a4proxy]
Filename=A4Proxy.exe
Confirmed=U
Description=<a href="http://www.findincontext.com/a4proxy/review.htm" target="_blank">Anonymity 4 Proxy</a> - local proxy server that makes you anonymous when visiting web sites
[aaaclean]
Filename=AAACLEAN.INF
Confirmed=?
Description=<font color="#FF0000">??</font>
[aaakeyboard]
Filename=??
Confirmed=?
Description=<font color="#FF0000">??</font>
[aaatraysaver]
Filename=TraySaver.exe
Confirmed=N
Description=System Tray management utility from <a href="http://www.mlin.net/" target="_blank">Mike Lin</a> which allows you to hide, show, restore icons that are lost in an Explorer crash, remove dead tray icons, minimize any window to the System Tray
[aak]
Filename=aak.exe
Confirmed=U
Description=<a href="http://www.anti-keylogger.net/" target="_blank">Advanced Anti-Keylogger</a> - "Anti-spy software to prohibit operation of any keyloggers currently in use or presently being developed anywhere"
Description=Appears to be related to software from <a href="http://www.accenture.com/xd/xd.asp?it=enweb&xd=index.xml" target=_blank>Accenture.com</a>F1527
[ab eazyscheduler]
Filename=ezsched.exe
Confirmed=?
Description=<font color="#FF0000">??</font>
[abbyy community agent]
Filename=CAGENT.EXE
Confirmed=N
Description=Installed with the Optical Character Recognition (OCR) software that comes bundled with a Compaq A3000 all-in-one printer/scanner. Its function appears to be to link you to the internet in an attempt to buy the 5.0 version of the software
[abc]
Filename=keylogger.exe
Confirmed=U
Description=Keystroke logger/monitoring program. Given a "U" recommendation because it depends if you intentionally installed it. If you didn't treat it as "X" and uninstall or remove
[abcdefgh]
Filename=abcdefgh.exe
Confirmed=X
Description=Malware - detected by <a href="http://www.pandasoftware.com/products/titanium2005/" target=_blank>Panda</a> antivirus as the DOWNLOADER.EPJ TROJAN!
[abit uguru]
Filename=uGuru.exe
Confirmed=U
Description=Provides quick access to several Abit motherboard utilities - such as monitoring cpu temperature, fan speeds, overclocking, flashing of BIOS
[abiteq]
Filename=abiteq.exe
Confirmed=N
Description=Monitoring utility for ABIT Motherboards. Displays system voltages, temperatures and fan speeds
[absolute shield]
Filename=dseraser.exe
Confirmed=U
Description=<a href="http://www.absoluteshielderaserinternet.com/" target="_blank">Absolute Shield/Evidence Eliminator</a> - iternet history eraser
[absolute startup monitor]
Filename=ASMon.exe
Confirmed=U
Description=<a href="http://www.fgroupsoft.com/Absolutestartup/" target="_blank">Absolute Startup</a> - startup monitor from F-Group Software
[abysswebserver]
Filename=abyssws.exe
Confirmed=U
Description=<a href="http://abyss.sourceforge.net/" target="_blank">Abyss</a> web server
[acbtnmgr_xxx]
Filename=AcBtnMgr_Xxx.exe
Confirmed=Y
Description=Associated with the Lexmark Xxx (where "xx" is the model) all-in-one printer/scanner/copier. Required for correct operation
[acc]
Filename=acc.exe
Confirmed=U
Description=<a href="http://www.voicecallcentral.com/#advanced_call_center" target="_blank">Advanced Call Center</a> - "full-featured yet easy-to-use answering machine software for your voice modem"
[accdefraginfo]
Filename=[path to worm]
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32darbyo.html" target=_blank>DARBY-O</a> WORM!
[accelerate]
Filename=accelerate.exe
Confirmed=U
Description=Webroot <a href="http://www.webroot.com/wb/products/accelerate/index.php" target="_blank">Accelerate</a> - allows you to optimize Windows network registry settings in order to boost surfing speeds. Leave this enabled if you find it improves your connection
[access ramp monitor]
Filename=armon32.exe
Confirmed=N
Description=Monitors your progress on the internet; hang-ups, connection speeds, internet congestion and traffic flow. It prevents some games from running also. To disable the Access Ramp Monitor (1) Open Windows Explorer (2) Open the Program Files folder (3) Open the MindSpring folder (4) Open the AccessRamp folder (5) Double-click on the ARMCfg32.exe file (6) Uncheck Enable Dialup Monitor and click OK (7) Restart the computer and try again
[access webcontrol]
Filename=[path to file]
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojppdoorm.html" target=_blank>PPDOOR-M</a> TROJAN!
[accessmanager]
Filename=AccessMgr.exe
Confirmed=U
Description=Part of SmartPipes <a href="http://www.smartpipes.com/SecureSite.htm" target=_blank>SecureSite</a> software. "SecureSite enables rapid turnup and enhanced administration of VPNs. It automates and simplifies tasks for VPN design and policy management, access control management, and key management"
Description=Clock Plus, part of <a href="http://simplypowerful.com/software/accessoriesplus.html" target=_blank>Accessories Plus</a> allows you to select from dozens of alternatives for the Windows clock
[accessramp monitor01]
Filename=ARMon32a.exe
Confirmed=N
Description=From a visitor "Just wanted to provide you with some info on Access Ramp software installed with Verizon DSL accounts in those areas that use the Winpoet PPPoE software. The Access Ramp TSRs are installed as part of IP Insight software (can't remember the software maker). You can decline to install IP Insight during Winpoet setup, or go into Add/Remove programs uninstall IP Insight by hand if it's already installed. It really doesn't do a darn thing for you. It was intended to help DSL techs monitor QoS, but the backend part was never implemented (at least as of earlier this year). This will not affect the user's ability or inability to access their DSL service."
[accessramplan01]
Filename=ARUpld32.exe
Confirmed=N
Description=Version of the AccessRamp Monitor01 entry for LAN connections - a history uploader. The key in turning it off is a file named ARUCfg32.exe. This file (ARUCfg32.exe) does not show up in the startup process. If you have this file, you can execute it and remove all the monitoring activities it does. Removing all the checks in all the boxes (both tabs) still calls ARUpld32.exe to start when you start the dial up. You can block it from sending info if you have Zone Alarm installed. Renaming the extension of ARUCfg32.exe to ARUCfg32.exe1 works. The ARUpld32.exe is not loaded when launching the dial up client. Written by IP Insight and also included with Earthlink Total Access 2003
[acctmgr]
Filename=AcctMgr.exe
Confirmed=U
Description=Norton?Password Manager - part of <a href="http://www.symantec.com/sabu/sysworks/basic/" target="_blank">Norton SystemWorks 2004</a> - stores passwords and other personal information, and retrieves the data needed for email logins, shopping orders, banking, and other online activitiesùall from the safety of your own PC
[accuweather.com?desktop]
Filename=??
Confirmed=N
Description=Desktop weather from <a href="http://wwwa.accuweather.com/adcbin/public/index.asp?partner=accuweather" target="_blank">AccuWeather.com</a>
[accwizz.exe]
Filename=accwizz.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.ruland.a@mm.html" target=_blank>RULAND.A</a> WORM!
[accwizzz.exe]
Filename=accwizzz.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.ruland.a@mm.html" target=_blank>RULAND.A</a> WORM!
[ace bows]
Filename=Ace bows.exe
Confirmed=?
Description=<font color="#FF0000">??</font>
[acegain liveupdate]
Filename=LiveUpdate.exe
Confirmed=N
Description=<a href="http://gameone.acegain.com/" target="_blank">AceGain_LiveUpdate</a>. "AceGain LiveUpdate provides a fully managed and customizable LiveUpdate platform that seamlessly integrates with a game. As soon as an update is made available, AceGain manages the alert, download and installation as well as version control and user network preferences."
[acernotebookmanager]
Filename=almxptray.exe
Confirmed=U
Description=System Tray access on some Acer Notebooks to give faster access to system settings
[acerpowerkey]
Filename=Powerkey.exe
Confirmed=U
Description=PowerKey utility for Acer TravelMate notebook PCs. Allows the user to quickly switch between different power schemes by pressing Fn+F3
Description=Associated with the Lexmark Xxx (where "xx" is the model) all-in-one printer/scanner/copier. Required for correct operation
[acombo3dmouse]
Filename=Acombo3d.exe
Confirmed=U
Description=Mouse driver - required if you use non-standard Windows driver features
[aconti]
Filename=aconti.exe
Confirmed=X
Description=Adult content dialler
[acoustic]
Filename=acoustic.exe
Confirmed=U
Description=Control panel program for Philips <a href="http://www.consumer.philips.com/global/b2c/ce/catalog/product.jhtml;jsessionid=5ZTUCSVZIGCWUCRQNFJRX1YKGBUEWHAW?divId=0&groupId=PCSTUFF&catId=&subCatId=SOUNDCARDS&productId=PSC706_05" target="_blank"> Acoustic Edge</a> soundcard. Not required unless changed settings aren't retained
[acpart]
Filename=agpart11.exe
Confirmed=N
Description=Program for finding trucks on-line
[acronis scheduler2 service]
Filename=schedhlp.exe
Confirmed=U
Description=Part of <a href="http://www.acronis.com/products/trueimage/" target="_blank">Acronis True Image</a> - backup software. Co-operates with the "schedul2.exe" servuce to perform backup/restore tasks correctly. Required if you want to use TrueImage to do some real backup/restore tasks - not if you only want to explore/mount images
[acronis trueimage monitor]
Filename=TrueImageMonitor.exe
Confirmed=N
Description=Part of <a href="http://www.acronis.com/products/trueimage/" target="_blank">Acronis True Image</a> - backup software. Can be disabled without affecting TrueImage
[acronistrueimage monitor]
Filename=TrueImageMonitor.exe
Confirmed=N
Description=Part of <a href="http://www.acronis.com/products/trueimage/" target="_blank">Acronis True Image</a> - backup software. Can be disabled without affecting TrueImage
[acronisáTrueáImage monitor]
Filename=TrueImageMonitor.exe
Confirmed=N
Description=Part of <a href="http://www.acronis.com/products/trueimage/" target="_blank">Acronis True Image</a> - backup software. Can be disabled without affecting TrueImage
[action manager 32]
Filename=am32.exe
Confirmed=N
Description=Associated with a Plustech scanner. Small utility that runs in the background for doing fax/copy/etc. Available via Start -> Programs
[actionagent]
Filename=actionagent.exe
Confirmed=?
Description="A COM server that runs on the client as part of the Dell OpenManage Client Instrumentation 6.x package; provides a simple method for a remote administrator to perform actions on the instrumented client". <font color="#FF0000">Is it required?</font>
[activation]
Filename=Activation.exe
Confirmed=N
Description=Part of Microsoft Money
[activboard]
Filename=MMKeybd.exe
Confirmed=U
Description=Packard Bell ActiveBoard keyboard - multimedia keyboard manager. Required if you use the additional keys and want to see the status of the Num Lock, Caps Lock, Scroll Lock keys
[active bit station]
Filename=abs.exe
Confirmed=X
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/w32.mytob.bz@mm.html" target= blank>MYTOB.BZ</a> WORM!
[active shield]
Filename=Activeshield.exe
Confirmed=U
Description=<a href="http://www.securitystronghold.com/" target=_blank>Active Shield</a> is "an heuristic screen that actively protects your computer from trojans, spyware, adware, trackware, dialers, keyloggers, and even some special kinds of viruses"
[activedesktop]
Filename=systray32.exe
Confirmed=X
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/w32.hllw.daboom@mm.html" target="_blank">DABOOM</a> WORM!
[activeds]
Filename=ACTIVEDS.EXE
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.T" target="_blank">OPASERV.T</a> WORM!
[activeeyes]
Filename=ActiveEyes.exe
Confirmed=N
Description=<a href="http://www.tfi-technology.com/products.htm#ActiveEyes" target="_blank">ActiveEyes</a> from TFI Technology
[activemenu]
Filename=ActiveMenu.exe
Confirmed=U
Description=Wild Tangent demo games that come with some HP computers. Unchecking it can prevent the games from running occasionally. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case
Description=McAfee VirusScan On-line. See also the McAgentExe entry
[activespeed]
Filename=AS.exe
Confirmed=U
Description=Ascentive <a href="http://www.barelyaverage.com/portfolio/html_emails/ascentive/activespeed_biplane/biplane_anim.html" target=_blank>ActiveSpeed</a> Internet Optimizer
[activexupdate]
Filename=svcss.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojdedlerc.html" target=_blank>DEDLER.C</a> TROJAN!
[activity]
Filename=actik.exe
Confirmed=U
Description=<a href="http://www.symantec.com/avcenter/venc/data/spyware.activitykey.html" target= blank>ActivityKey</a> Keystroke logger/monitoring program - remove unless you installed it yourself!
[activsurf]
Filename=backweb*****.exe
Confirmed=N
Description=Packard Bell ActivSurf - automatically detects an internet connection and downloads any available updates
[actmaker]
Filename=ActMak25.exe
Confirmed=U
Description=<a href="http://www.789987.com/products.htm" target=_blank>ActMaker</a> mouse and keyboard toolkit can record the daily operation of your computer and reduce your workload. You don't need to do any coding, nor are you required to know a lot about the computer
[acu]
Filename=ACU.exe
Confirmed=U
Description=<a href="http://www.nus.edu.sg/winzone/atheros/" target=_blank>Atheros</a> wireless Client Utility For HP Compaq
[acu_qsb]
Filename=ACU.exe
Confirmed=U
Description=<a href="http://www.nus.edu.sg/winzone/atheros/" target=_blank>Atheros</a> wireless Client Utility For HP Compaq
[ad blocker]
Filename=blocker.exe
Confirmed=U
Description=<a href="http://www.cdkm.com/" target="_blank">Ad Blocker</a> - blocks popups, and also removes banners, image ads and flash ads
[ad blocker pro]
Filename=Ad Blocker Pro.exe
Confirmed=U
Description=Ad Away popup and banner remover
[ad muncher]
Filename=AdMunch.exe
Confirmed=U
Description=<a href="http://www.admuncher.com/" target="_blank">Ad Muncher</a> removes adverts, pop-ups and general annoyances in your browser, file-sharing and messenger programs. Causes conflicts with Outlook, game sites and web-building applications
[ad online guide]
Filename=adonlineguide.exe
Confirmed=?
Description=<font color="#FF0000">??</font>
[ad-eliminator]
Filename=ad-eliminator.exe
Confirmed=X
Description=Spyware remover - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target=_blank>here</a>
[ad-muncher]
Filename=ADMUNCH.EXE
Confirmed=U
Description=<a href="http://www.admuncher.com/" target="_blank">Ad Muncher</a> removes adverts, pop-ups and general annoyances in your browser, file-sharing and messenger programs. Causes conflicts with Outlook, game sites and web-building applications
[ad-watch]
Filename=Ad-watch.exe
Confirmed=U
Description=Part of Lavasoft <a href="http://www.lavasoft.de/software/adaware/" target="_blank">Ad-aware Plus</a> - realtime spyware-monitor watching your memory and registry for spyware that tries to install or change your system
[ad2kclient]
Filename=AD2KClient.exe
Confirmed=U
Description=Executable for <a href="http://www.iomega-activedisk.com/index.jsp" target="_blank">Active Disk</a> from Iomega disk - allows software applications to be run directly from an Iomega Zip?disk. Required if you wish the applications to launch on insertion of a disk
[adaptec directcd]
Filename=Directcd.exe
Confirmed=N
Description=DirectCD primarily allows you to drag and drop files onto a suitably formatted CD-RW disc. Unless you use this on a frequent basis it isn't required and is available via Start -> Programs. Start the program before inserting a DirectCD formatted CD-RW in the drive. A re-boot is recommended if you close Adaptec DirectCD before re-opening it again later
[adaptecdirectcd]
Filename=Directcd.exe
Confirmed=N
Description=DirectCD primarily allows you to drag and drop files onto a suitably formatted CD-RW disc. Unless you use this on a frequent basis it isn't required and is available via Start -> Programs. Start the program before inserting a DirectCD formatted CD-RW in the drive. A re-boot is recommended if you close Adaptec DirectCD before re-opening it again later
[adaware]
Filename=wini.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotxn.html" target= blank>RBOT-XN</a> WORM!
[adaware bootup]
Filename=ad-aware.exe
Confirmed=N
Description=<a href="http://www.lavasoft.de/software/adaware/" target="_blank">Ad-aware</a> from Lavasoft. Checks your PC for "Spyware" which reports back your internet activities to "base". Available via Start -> Programs
[adaware lptt01]
Filename=adaware.exe
Confirmed=X
Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "Adaware" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html#removal" target="_blank"> here</a>. Note - this is not the valid Lavasoft Adaware
[adaware ml097e]
Filename=adaware.exe
Confirmed=X
Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "Adaware" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html#removal" target="_blank"> here</a>. Note - this is not the valid Lavasoft Adaware
[addelete]
Filename=AdDelete.exe
Confirmed=U
Description=Banner advertisment blocker
[addestroyer]
Filename=AdDestroyer.exe
Confirmed=X
Description=Like VirtualBouncer, malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the malware it claims to remove/prevent, so definitely qualifies as unsolicited commercial software in itself. It also has an update feature that can download and execute arbitrary code
Description=Added with SoundBlaster Live! or Audigy soundcards for headphone autodetection
[adiras]
Filename=Adiras.exe
Confirmed=Y
Description=ADSL USB modem related
[adm library loader]
Filename=admlib32.exe
Confirmed=X
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.html" target="_blank">SDBOT</a> TROJAN!
[admanager controller]
Filename=AdManCtl.exe
Confirmed=X
Description=Adware, probably a Windupdates variant
[admilli service]
Filename=AdmilliServ.exe
Confirmed=X
Description=Windupdates adware variant
[administrator]
Filename=svchost.scr
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.novacal.html" target=_blank>NOVACAL</a> TROJAN!
[adminsoft]
Filename=sysfile.vbs
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/vbsstargruba.html" target= blank>STARGRUB-A</a> WORM!
[admtray.exe]
Filename=admtray.exe
Confirmed=U
Description=Related to <a href="http://global.acer.com/" target=_blank>Acer</a> Inc. destop tray
[adobe acrobat distiller application]
Filename=acrotray.exe
Confirmed=X
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/w32.randex.dfj.html" target=_blank>RANDEX.DFJ</a> WORM!
[adobe acrobat reader cfg]
Filename=[random filename]
Confirmed=X
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
[adobe filter platform]
Filename=afilterplatform.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotop.html" target=_blank>RBOT-OP</a> WORM!
[adobe gamma loader]
Filename=Adobe Gamma Loader.exe
Confirmed=U
Description=Adjusts monitor colours across all programs, including Photoshop. It is needed by some graphics professionals who want their monitor calibrated. Most home users will not need it. In my case I can verify this as Photoshop loads fine
[adobe photo downloader]
Filename=apdproxy.exe
Confirmed=N
Description=Part of <a href="http://www.adobe.com/" target=_blank>Adobe's</a> Photoshop Album or Photoshop Elements packages - starts each time you connect an external image device to your PC (see <a href="http://www.adobe.com/support/techdocs/332361.html" target=_blank>here</a>)
[adobe reader speed launch]
Filename=reader_sl.exe
Confirmed=N
Description=Speeds up the time it takes to load the <a href="http://www.adobe.com/products/acrobat/readermain.html" target=_blank>Adobe Reader</a> application. Your choice, but not required for Adobe Reader to function properly
[adobe version cue cs2]
Filename=VersionCueCS2Tray.exe
Confirmed=U
Description=File manager that's part of <a href="http://www.adobe.com/products/creativesuite/main.html?c=us" target="_blank">Adobe Creative Suite 2</a> - "find files fast, track versions across applications, link files together, and share them in creative collaboration without fear of overwriting someone else's work"
[adobea]
Filename=adobes.exe
Confirmed=X
Description=Added by the <a href="http://vil.nai.com/vil/content/v_100373.htm" target="_blank">FLOOD.BA</a> TROJAN!
[adobefonts]
Filename=fonts.hta
Confirmed=X
Description=Browser hijacker - redirecting to Hugesearch.net
[adobemgr]
Filename=adobemgr.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.a.d.clicker.html" target=_blank>ADCLICKER</a> TROJAN!
[adobeversioncue]
Filename=VersionCueTray.exe
Confirmed=N
Description=An exclusive feature of the Adobe?Creative Suite, <a href="http://www.adobe.com/products/creativesuite/versioncue.html" target=_blank>Version Cue?/a> helps you find files fast, track multiple versions of your files, and share your files for creative collaboration
[adope file manager]
Filename=lsasv.exe
Confirmed=X
Description=Added by an unidentified WORM or TROJAN!
[adp]
Filename=adp.exe
Confirmed=X
Description=Spyware installed by Net2Phone, Limewire, Cydoor, Grokster, KaZaa, etc
[adpopup]
Filename=dcf5678.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagentfz.html" target=_blank>AGENT-FZ</a> TROJAN!
Description=Reported as DILAER.DW by <a href="http://www.nod32.com/home/home.htm" target=_blank>NOD32</a>
[adservice]
Filename=ADService.exe
Confirmed=U
Description=Part of Iomega's <a href="http://www.iomega-activedisk.com/index.jsp" target="_blank">Active Disk</a> - allows software applications to be run directly from an Iomega Zip?disk. Required if you wish the applications to launch on insertion of a disk
Description=System tray access to ADSL modem diagnostic tools. Available via Start -> Programs
[adslsystemtray]
Filename=SystemtrayV100B.exe
Confirmed=?
Description=Apparently Annex A ADSL modem related. <font color="#FF0000">What does it do and is it required?</font>
[adsltaskbar]
Filename=rundll32.exe stmctrl.dll, TaskBar
Confirmed=Y
Description=ISP software, initializes DSL modem
[adsltaskbars]
Filename=taskmng.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaxz.html" target=_blank>RBOT-AXZ</a> WORM!
[adsl_a2]
Filename=A2Installed
Confirmed=?
Description=Associated with an Integrated Telecom Express (ITeX) ADSL driver installation. <font color="#FF0000">What does it do and is it required?</font>
[adss]
Filename=ADSS.exe
Confirmed=Y
Description=ADSS is part of <a href="http://www.johnru.com/" target="_blank">Access Denied</a> security and privacy software (Access Denied Security Server) that monitors power status and provides some other services for Screen Guard. Important to keep its running while using Access Denied
Description=<a href="http://www.adsubtract.com/" target="_blank">AdSubtract</a> blocks ads, cookies, pop-up windows, animations, music, and more. Can be disabled from within AdSubtract. Available via Start -> Programs
[adtech2005]
Filename=adtech2005.exe
Confirmed=X
Description=Reported as Trojan.Win32.StartPage.aw by Kaspersky Anti-Virus
[adtech2006]
Filename=adtech2006.exe
Confirmed=X
Description=Detected as Clicker.Win32.VB.kc by Kaspersky Anti-Virus
Description=Part of Iomega's <a href="http://www.iomega-activedisk.com/index.jsp" target="_blank">Active Disk</a> - allows software applications to be run directly from an Iomega Zip?disk. Required if you wish the applications to launch on insertion of a disk
[advanced internet protocol]
Filename=cerf.exe
Confirmed=X
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html" target="_blank">SPYBOT</a> WORM!
[advanced protection system]
Filename=advpsys.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
[advanced tool checks]
Filename=advchks.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
[advanced tools check]
Filename=ADVCHK.EXE
Confirmed=N
Description=Checks when you install a new version of a Norton product that you have uninstalled all previous versions. Serves as a reminder if you forget
[advanced uninstaller pro installation monitor]
Filename=monitor.exe
Confirmed=U
Description=Innovative Solutions <a href="http://www.innovative-sol.com/products.htm#uninstaller" target=_blank>Advanced Uninstaller PRO</a> - "easy-to-use suite for uninstalling applications and keeping your computer fast, clean, and in its best shape"
[advapi]
Filename=Advapi.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_NETDEVIL.12" target="_blank">NETDEVIL.12</a> WORM!
[advchk]
Filename=ADVCHK.EXE
Confirmed=N
Description=Checks when you install a new version of a Norton product that you have uninstalled all previous versions. Serves as a reminder if you forget
Description=Adware remover - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target="_blank">here</a>
[adwarealert]
Filename=AdwareAlert.Exe
Confirmed=X
Description=Adware remover - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target=_blank>here</a>
[adwaredelete]
Filename=adwaredelete.exe
Confirmed=X
Description=Adware remover - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target=_blank>here</a>
[aeiwlsta.exe]
Filename=Aeiwlsta.exe
Confirmed=?
Description=IBM High Rate Wireless LAN Adapter driver.<font color="#FF0000"> Is it required?</font>
[aelaunch]
Filename=AELaunch.exe
Confirmed=N
Description=Audio Applications Launcher for the Philips <a href="http://www.consumer.philips.com/global/b2c/ce/catalog/product.jhtml;jsessionid=5ZTUCSVZIGCWUCRQNFJRX1YKGBUEWHAW?divId=0&groupId=PCSTUFF&catId=&subCatId=SOUNDCARDS&productId=PSC706_05" target="_blank"> Acoustic Edge</a> soundcard
[aervicesn]
Filename=AERVICESN.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32randonao.html" target=_blank>RANDON-AO</a> WORM!
[aexagentlogon]
Filename=AeXAgentActivate.exe
Confirmed=N
Description=<a href="http://www.altiris.com" target=_blank>Altiris</a> Agent transmits information about your machine for the purpose of asset management and deployment
[aexswdusr]
Filename=AeXSWDUsr.exe
Confirmed=?
Description=<a href="http://www.altiris.com/" target="_blank">Altiris</a> Express NS Client Manager software. <font color="#FF0000"> Is it required?</font>
[aezbproc]
Filename=aptezbp.exe
Confirmed=U
Description=IBM Aptiva keyboard customizer - enables certain special buttons on keyboard for CD operation, volume control, and few quickstart buttons. Keyboard will work without it but you lose the special functions
[afafilter]
Filename=windefault.exe
Confirmed=U
Description=<a href="http://www.afafilter.com/" target="_blank">AFAFilter</a> - internet filter software
[agent]
Filename=Agent.exe
Confirmed=N
Description=<a href="http://www.cyberlink.com" target="_blank">Cyberlink Power VCR II 3.0</a> is a TV tuner recording utility. If you want to schedule recordings you'll need this, otherwise can be disabled. Available via Start -> Programs
[agent browser]
Filename=[random filename]
Confirmed=X
Description=Added by the PPdoor.M-bdr backdoor TROJAN!
[agent explorer]
Filename=[random filename]
Confirmed=X
Description=Unidentified adware
[agente]
Filename=Remupd.exe
Confirmed=?
Description=Part of <a href="http://www.pandasoftware.com/products/titanium/" target="_blank">Panda Antivirus Titanium</a>. <font color="#FF0000">Is this an update reminder (guess because of the name), virus definition update reminder or something similar?</font>
[agfaclnk]
Filename=AgfaCLnk.exe
Confirmed=U
Description=For Agfa digital cameras connected via USB. Enables Windows to access the contents of the memory stick (while the stick's still on the camera) via a virtual drive
[agp]
Filename=agp32.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.sy.html" target="_blank">GAOBOT.SY</a> WORM!
[agrsmmsg]
Filename=AGRSMMSG.exe
Confirmed=Y
Description=IBM AMR modem driver
[agsatellite]
Filename=AGSatellite.exe
Confirmed=N
Description=Program from AudioGalaxy that lets you download some MP3s from their server. Available via Start -> Programs
[ahfp]
Filename=ahfp.exe
Confirmed=U
Description=<a href="http://www.softbe.com/" target="_blank">Advanced Hide Folders</a> - "is powerful file security program. It allows to hide folders or hide files. Advanced Hide Folders is very useful to keep your personal data away from others. Others will not know where your personal files exist and they will not be able to accidentally view, delete or modify them either"
[ahfprog]
Filename=ahfp.exe
Confirmed=U
Description=<a href="http://www.softbe.com/" target="_blank">Advanced Hide Folders</a> - "is powerful file security program. It allows to hide folders or hide files. Advanced Hide Folders is very useful to keep your personal data away from others. Others will not know where your personal files exist and they will not be able to accidentally view, delete or modify them either"
[ahnsd]
Filename=AhnSD.exe
Confirmed=U
Description=<a href="http://home.ahnlab.com/english/product/01_1.html" target="_blank">AhnLab</a> V3 antivirus updater - leave enabled unless you manually update on a regular basis
[ahnue]
Filename=AHNUE.exe
Confirmed=?
Description=<font color="#FF0000">??</font>
[ahqinit]
Filename=ahqinit.exe
Confirmed=N
Description=Part of <a href="#AudioHQ">AudioHQ</a> for the Soundblaster Live!. Appears as though it makes the AudioHW toolbar drop down from the top of the desktop and isn't required
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotafv.html" target=_blank>RBOT-AFV</a> WORM!
[aim plugin]
Filename=aimplugin.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32guapf.html" target=_blank>GUAP-F</a> WORM!
[aim reminder]
Filename=AIM reminder.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_BUDDY.E" target="_blank">BUDDY</a> TROJAN!
[aim95 startup]
Filename=aim95.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.AEE" target=_blank>AGOBOT.AEE</a> WORM!
[aimaol lptt01]
Filename=aimaol.exe
Confirmed=X
Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a
[aimaol ml097e]
Filename=aimaol.exe
Confirmed=X
Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a
[aimb.exe]
Filename=aimb.exe
Confirmed=U
Description=<a href="http://sarc.com/avcenter/venc/data/spyware.imsurfsentinel.html" target=_blank>IMSufSentinel</a> is a spy program which can record IM conversations, log keystrokes, record URLs visited, and take screenshots. If you didn't install this yourself remove it
[aimingclick]
Filename=AimingClick.exe
Confirmed=N
Description=<a href="http://www.aimingtech.com/aimingclick/home.htm" target="_blank">AimingClick</a> from AimingTech. Web searching tool. Available via Start -> Programs
[aimster]
Filename=??
Confirmed=N
Description=Peer to Peer (P2P) file sharing client that runs over the AOL Instant Messenger network. Available via Start -> Programs
[aimwdinstall]
Filename=AIMWDInstall.exe
Confirmed=N
Description=Version of the <a href="http://www.wildtangent.com/default.asp" target="_blank">WildTangent</a> on-line games installer that came with versions of AOL Instant Messenger. Note that WildTanget's <a href="http://www.wildtangent.com/default.asp?pageID=company_art&artid=art20030925_A" target="_blank">privacy policy</a> used to state that they also collect and share individuals information but this is no longer the case
[aiptek graphics tablet (usb)]
Filename=atwtusb.exe
Confirmed=Y
Description=USB interface for Aiptek Graphics Tablet (USB)
[aircity]
Filename=aircity.exe
Confirmed=X
Description=Related to "Prutect" malware from <a href="http://securityresponse.symantec.com/avcenter/venc/data/spyware.e2give.html" target=_blank>e2Give</a>
[akeyname]
Filename=WinServ.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.evilbot.c.html" target="_blank">EVILBOT.C</a> TROJAN!
Description=<a href="http://www.softheap.com/lock.html" target=_blank>Access Lock</a> is a system-tray security utility you can use to secure your desktop when you are away from your computer
[alarm manager]
Filename=Alarm.app.exe
Confirmed=U
Description=Palm alarm event reminder that coordinates what is on your Palm with settings on your desktop
[alarmwatcher]
Filename=AlarmWatcher.exe
Confirmed=?
Description=<font color="#FF0000">Associated with SynTPEnh and SynTPLpr which are from Synaptics for touchpads on laptops. What does it do and is it required?</font>
[album fast start]
Filename=ABMTSR.EXE
Confirmed=N
Description=Scanner software, not required for scanner to work
[alcfdmonitor]
Filename=ALCFDRTM.EXE
Confirmed=?
Description=RealTek related - Real-Time SPDIF-in Monitor for nVidia chipset - <font color="#FF0000">is it required in startup?</font>
[alcfdrtm16]
Filename=ALCFDRTM16.com
Confirmed=?
Description=RealTek related - Real-Time SPDIF-in Monitor for nVidia chipset - <font color="#FF0000">is it required in startup?</font>
[alchem]
Filename=Alchem.exe
Confirmed=X
Description=<a href="http://research.sunbelt-software.com/threat_display.cfm?name=VX2.Transponder&threatid=12517&search=vx2" target=_blank>VX2.Transponder</a> parasite updater/installer related
[alcmtr]
Filename=ALCMTR.EXE
Confirmed=X
Description=Realtek AC97 Audio - Event Monitor. "Sypware" file used surreptitiously monitor one's actions. It is not a sinister one, like remote control programs, but it is being used by Realtek to gather data about customers
Description=RealTek High Definition audio driver related - detects new devices when plugged in, then pops up a dialog box. If everything works as expected you should be able to disable this one
[alcxmonitor]
Filename=Alcxmntr.exe
Confirmed=X
Description=Realtek AC97 Audio - Event Monitor. Sypware file used surreptitiously monitor one's actions. It is not a sinister one, like remote control programs, but is being used by Realtek to gather data about customers
[aldefr ere service]
Filename=tay0x.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotxs.html" target=_blank>RBOT-XS</a> WORM!
[alevir]
Filename=Alevir.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32opaserva.html" target="_blank">OPASERV.A</a> or <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.F" target="_blank">OPASERV.F</a> or <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.G" target="_blank">OPASERV.G</a> WORMS!
[alevirold]
Filename=[worm filename]
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.G" target="_blank">OPASERV.G</a> WORM!
[alexa]
Filename=alexa.exe
Confirmed=N
Description=Related to Alexa. Note - collects and stores information about the web pages you view, the data you enter in online forms and search programs and, with versions 5.0 and higher, the products you purchase online whilst using the toolbar. Although Alexa state's they do not attempt to analyze the data it may collect about you to determine who you are, some of your information collected by the software is personally identifiable. Please read the <a href="http://pages.alexa.com/help/privacy.html" target=_blank>Privacy Policy</a>. Not Recommended
[alexatoolbar]
Filename=alt.exe
Confirmed=X
Description=Reported as the DELF.EB hijacker by <a href="http://www.ewido.net/en/" target=_blank>Ewido Security Suite</a>
[alfacleaner]
Filename=AlfaCleaner.exe
Confirmed=X
Description=<a href="http://research.sunbelt-software.com/threat_display.cfm?name=AlfaCleaner&threatid=43730&search=Alfacleaner" target=_blank>AlphaCleaner</a> is now a stealth install using exploits on unpatched systems. Seen alongside RazeSpyware
[alfy accellerator]
Filename=AlfyAC~1.exe
Confirmed=?
Description=<font color="#FF0000">??</font>
[alg.exe]
Filename=iexplorer .exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32demotryb.html" target=_blank>DEMOTRY-B</a> WORM!
[alg32]
Filename=ALG32.EXE
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.startpage.k.html" target=_blank>Startpage.K</a> hijacker
[algu]
Filename=ALGU.EXE
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojcwsi.html" target=_blank>CWS-I</a> TROJAN!
[alias sketchbook snapshot]
Filename=ALIASS~2.EXE
Confirmed=N
Description=Screen-capture utility for Alias Sketchbook
[alienautopsy]
Filename=Test_BS.exe
Confirmed=N
Description=<a href="http://www.alienware.com/" target="_blank">Alienware</a> computer technical support software
[alisndmgr]
Filename=ALiSndMg.exe
Confirmed=Y
Description=ALi AC97 Sound driver
[aliusbfix]
Filename=GREENMK.exe
Confirmed=?
Description=<font color="#FF0000">May be realted to a USB 2.0 PCI card - the IOgear GIC220OU?</font>
[alkasr]
Filename=╬Σ╥φ?exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.balkart.html" target="_blank">BALKART</a> TROJAN!
[all aboard status]
Filename=stswin.exe
Confirmed=U
Description=<a target="_blank" href="http://yippee.i4free.co.nz/html/win/internet/title6724.htm">All Aboard! Internet Connection Sharing</a> status icon
[all sea screen saver]
Filename=TaskTray.exe
Confirmed=X
Description="Free screensaver", installs lots of foistware. See <a href="http://www.spywareinfo.com/forums/index.php?act=ST&f=10&t=5833&hl=&s=" target="_blank">here</a>. Get rid of it
[all sea web link]
Filename=FWLink.exe
Confirmed=X
Description="Free screensaver", installs lots of foistware. See <a href="http://www.spywareinfo.com/forums/index.php?act=ST&f=10&t=5833&hl=&s=" target="_blank">here</a>. Get rid of it
[allercalc]
Filename=AllerCalc.exe
Confirmed=N
Description=<a href="http://www.allersoft.com/allercalc.htm" target=_blank>AllerCalc</a> is an expression calculator which allows you to directly enter an expression to be evaluated. Can be started manually
[allsnap]
Filename=allSnap.exe
Confirmed=U
Description="<a href="http://members.rogers.com/ivanheckman/index.html" target="_blank">allSnap</a> is a small system tray app that makes all top level windows automatically align like they do in programs such as Winamp or Photoshop"
[alogrithm link queue]
Filename=alq.exe
Confirmed=X
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
[alogserv]
Filename=Alogserv.exe
Confirmed=U
Description=From McAfee VirusScan for logging scanning activities. In some cases, if left running it can cause CPU % usage to go between 5-95% or go to and stay at 100%. Disabling it impacts on the reported last scan date. It is reported to cause jerky graphics response in many games. As of version 6, this is a critical component of McAfee and disabling it can cause a PC to lock up
Description=Alps Electric USB Server - required according to <a href="http://support.microsoft.com/default.aspx?scid=kb;en-us;200692" target="_blank">this</a> article
[alpspoint]
Filename=Apoint.exe
Confirmed=U
Description=Touchpad software for laptop PC's. For instance it is found on the Panasonic machines and allows part of the touchpad to be used for document or Web-page scrolling. Required for proper functioning of the pointing software but not required for the laptop to work
[alserv]
Filename=ALServ.exe
Confirmed=?
Description=Altec Lansing AMS speaker related.<font color="#FF0000"> What does it do and is it required?</font>
Description=Alto Memory Booster from <a href="http://www.altosoftware.com/" target="_blank">Alto Software</a> - boost the computers performance via more intelligent and efficient memory management. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See <a href="http://www.aumha.org/a/memmgmt.htm" target="_blank">this</a> article and make up your own mind
Description=Notification reminder for Symantec's LiveUpdate. Leave enabled unless you manually run LiveUpdate on a regular basis
[aluria security center]
Filename=SecurityCenter.exe
Confirmed=N
Description=Aluria Software's spyware removal tool - we can't really recommend this product as Aluria have recently partnered with WhenU, the well known adware company, see <a href="http://www.boston.com/business/technology/articles/2004/11/06/spyware killer displays its own ads/" target= blank>here</a> and <a href="http://netrn.net/spywareblog/archives/2004/11/06/aluria-confused/" target= blank>here</a>
Description=Aluria Software's spyware removal tool - we can't really recommend this product as Aluria have recently partnered with WhenU, the well known adware company, see <a href="http://www.boston.com/business/technology/articles/2004/11/06/spyware killer displays its own ads/" target= blank>here</a> and <a href="http://netrn.net/spywareblog/archives/2004/11/06/aluria-confused/" target= blank>here</a>
[alwaysontopmaker]
Filename=AlwaysOnTopMaker.exe
Confirmed=U
Description=<a href="http://www.fadsoft.com/AlwaysOnTopMaker.htm" target="_blank">Always On Top Maker</a> - utilty to enable an application to always be displayed "on top" of others on the desktop
[amazingtens]
Filename=AmazingTens.exe
Confirmed=X
Description=Premium rate adult content dialler
[ame_csa]
Filename=rundll32 amecsa.cpl, RUN_DLL
Confirmed=N
Description=Loads ADSL modem Control Panel applet
[amodemlockdown]
Filename=ModemLockDown.exe
Confirmed=U
Description=<a href="http://modemlockdown.techconz.com/index.html" target=_blank>ModemLockDown</a> - allows you to supervise internet access by disabling the modem, protects againt dialers accessing dial-up connections, etc
[amon]
Filename=AMON.EXE
Confirmed=Y
Description=Monitoring part of Eset's <a href="http://www.nod32.com/home/home.htm" target="_blank">NOD32</a> virus-scanner
[amonitor]
Filename=amon.exe
Confirmed=Y
Description=<a href="http://www.tinysoftware.com/home/tiny2?la=EN" target="_blank">Tiny Personal Firewall</a>
[amp winoff]
Filename=winoff.exe
Confirmed=U
Description=<a href="http://www.ampsoft.net/utilities/WinOFF.php" target=_blank>WinOFF</a> is " a utility designed to shut down Windows computers automatically, in a fully configurable way"
[amsn]
Filename=amsn.exe
Confirmed=U
Description=<a href="http://amsn.sourceforge.net/modules.php?name=About_Amsn" target=_blank>aMSN</a> P2P client - can be started manually
[anbv32]
Filename=nabv32.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.titog.c.worm.html" target="_blank">TITOG.C</a> WORM!
Description=D-Link wireless PCI adapter related. In some cases reported to cause excessive CPU activity
[annotatecheck]
Filename=AnnCheck.exe
Confirmed=?
Description=Genius Wizard Pen Tablet driver related. <font color="#FF0000">Is it required?</font>
[announcements]
Filename=Annclist.exe
Confirmed=N
Description=MS WebTV for Windows. Used to display TV on your PC via a compatible video card with in-built tuner (such as ATI All-In-Wonder). If you don't use it - uninstall it
[anntext]
Filename=Anntext.exe
Confirmed=N
Description=Caere Pagekeeper text annotation server
[anonymizer total net shield]
Filename=AnonTns.exe
Confirmed=U
Description=Anonymizer <a href="http://www.anonymizer.com/totalnetshield/1.5/?&utm_source=site_home_20050511&utm_medium=site&utm_content=TNS_moreinfo" target=_blank>Total Net Shield</a>
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.kedebe.d@mm.html" target=_blank>KEDEBE.D</a> WORM!
[anti-virus update scheduler v1.39.12r]
Filename=[various filenames]
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.heplane.html" target= blank>HEPLANE</a> or <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.staprew.b.html" target= blank>STAPREW.B</a> TROJANS! - different filenames have been spotted; examples: msvc.exe, kaspersky.exe, nrton.exe, wins.exe, gah32.exe, 1.tmp, syste.exe, alg.exe, socks.exe, winxpsp2.exe, tek9.exe, sks.exe, hihi.exe, s.exe, xps2.exe, dns2.exe, ikav32.exe and more...
[antidialer.co.uk]
Filename=Dialer_Watcher.exe
Confirmed=U
Description=<a href="http://antidialer.co.uk/" target=_blank>Dialer_Watcher</a> is an application that allows you to detect <a href="http://www.mcgill.ca/ncs/products/security/dialers/" target=_blank>Dialers</a> on your computer
[antipopup]
Filename=AntiPopUp.exe
Confirmed=U
Description=<a href="http://www.webknacks.com/antipopup.htm" target="_blank">AntiPopUp for IE</a> - pop-up stopper
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbadgenta.html" target=_blank>BADGENT-A</a> TROJAN!
[antivirus32]
Filename=antivirus.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.kai.html" target=_blank>SPYBOT.KAI</a> WORM!
[antivirusgold]
Filename=AntivirusGold.exe
Confirmed=X
Description=Malware masquerading as an antivirus - also installs the <a href="http://castlecops.com/s9193-Intel_system_tool.html" target=_blank>Winnook</a> TROJAN!
[antivirusprotection]
Filename=qumk.exe
Confirmed=?
Description=<font color="#FF0000">??</font>
[antiware]
Filename=elite***32.exe [*** = random char]
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderhw.html" target=_blank>DLOADER-HW</a> TROJAN!
[antiwindowsmessenger]
Filename=AntiMsMsg.exe
Confirmed=U
Description=<a href="http://fileforum.betanews.com/detail/1069500643/1" target="_blank">Anti-Windows_Messenger</a> is a small application that prevents Windows Messenger from remaining resident in memory
[anti_troj]
Filename=anti_troj.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.lodear.d.html" target=_blank>LODEAR.D</a> TROJAN!
[anvir]
Filename=AnVir.exe
Confirmed=Y
Description=<a href="http://anvir.com/taskmanager/" target="_blank">AnVir Task Manager</a> - protects computer against viruses and manages running processes and startup files
[anvir task manager]
Filename=AnVir.exe
Confirmed=Y
Description=<a href="http://anvir.com/taskmanager/" target="_blank">AnVir Task Manager</a> - protects computer against viruses and manages running processes and startup files
[anvshell]
Filename=anvshell.exe
Confirmed=U
Description=System Tray tool for ASUS video cards. If disabled you lose all the ASUS specific video card options in Control Panel -> Display Properties -> Advanced as well as the System Tray shortcuts toolbar
[anycom bluetooth]
Filename=ftflauncher.exe
Confirmed=?
Description=Associated with an Anycom bluetooth wireless card. <font color="#FF0000">What does it do and is it required?</font>
[anydvd]
Filename=AnyDVD.exe
Confirmed=U
Description=<a href="http://www.slysoft.com/en/anydvd.html" target="_blank">AnyDVD</a> - descrambles DVD-Movies automatically in the background and the DVD appears unprotected and region code free. Also removes prohibited operations from the DVD such as skipping adverts - hence the "U" recommendation
[ao tray]
Filename=AOTray.Exe
Confirmed=N
Description=System Tray application for AOpen soundcards. Can be run manually via Start -> Settings -> Control Panel
[aol 9.0 optimized]
Filename=AOLClient.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.spyboter.a.html" target=_blank>SPYBOTER.A</a> TROJAN!
[aol broadband check-up]
Filename=matcli.exe
Confirmed=U
Description="matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". The AOL Self Support Tool is required to run with the Help and Support program. If you uncheck AOL and and then run Help and Support it will add another AOL entry in the startup menu. If you remove this software in "add/remove programs" some help menus in help and support will not be available. You decide
[aol companion]
Filename=companion.exe
Confirmed=N
Description=Part of the AOL Connection Suite and installs an icon on the system tray offering easy access to AOL's additional utilities and functions. This program is a non-essential process, and is installed for ease of use
[aol configuration loader]
Filename=aimsng.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotxe.html" target=_blank>SDBOT-XE</a> WORM!
[aol fast start]
Filename=AOL.exe
Confirmed=?
Description=AOL ISP software related. <font color="#FF0000">What does it do and is it required?</font>
[aol instant messanger]
Filename=aim.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotyt.html" target=_blank>SDBOT-YT</a> WORM!
[aol instant messengar]
Filename=aol.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotfn.html" target= blank>AGOBOT-FN</a> WORM!
[aol instant messenger 7.213]
Filename=aim9283.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotzf.html" target=_blank>SDBOT-ZF</a> WORM!
[aol instant messenger fix]
Filename=aolfix.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotabj.html" target=_blank>SDBOT-ABJ</a> WORM!
[aol services hosts]
Filename=aolserviceshosts.exe
Confirmed=X
Description=Added by an unidentified WORM or TROJAN!
[aol spyware protection]
Filename=AOLSP Scheduler.exe
Confirmed=U
Description=AOL's spyware protection program
[aol topspeedmonitor]
Filename=aoltsmon.exe
Confirmed=U
Description=AOL's <a href="http://site.aol.com/price_plans/bfsdialup.adp" target=_blank>TopSpeed</a> web acceleration technology supposedly helps to make web browsing faster. Most important for those users who still access AOL via dial-up
[aolcc]
Filename=ACCAgnt.exe
Confirmed=?
Description=AOL ISP software related, file located in a "AOL Computer Check-Up" folder. <font color="#FF0000">What does it do and is it required?</font>
[aolcon]
Filename=config.com
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.taplak.html" target="_blank">TAPLAK</a> WORM!
[aoldialer]
Filename=AOLDial.exe
Confirmed=N
Description=AOL ISP software dialer - can be activated through a desktop shortcut
[aolfix]
Filename=AolFix.exe
Confirmed=N
Description=Run on Gateway Astra computers, and maybe a few others. Designed to repair a bad registry key in Gateway computers that would not allow AOL to run correctly. Not seen much any more and should only run once
[aornum]
Filename=aornum.exe
Confirmed=X
Description=Installed along with <a href="http://www.iwon.com/home/prizes/pm3_overview/0,21311,,00.html?PG=home?SEC=fnstf">iWon Prize Machine</a>. Based upon their <a href="http://www.iwon.com/home/companyinfo/privacy/privacy_overview/0,11882,,00.html#1">privacy</a> statement this can be regarded as spyware
[aotray]
Filename=AOTray.Exe
Confirmed=N
Description=System Tray application for AOpen soundcards. Can be run manually via Start -> Settings -> Control Panel
[apc ups status]
Filename=Display.exe
Confirmed=Y
Description=<a href="http://www.apcc.com/products/family/index.cfm?id=129&web_displayed=" target="_blank">APC PowerChute Personal Edition</a> status icon
[apc_service]
Filename=mainserv.exe
Confirmed=U
Description=<a href="http://www.apcc.com/tools/download/software_comp.cfm?sw_sku=SDW75" target="_blank">PowerChute?Personal Edition</a> - "safe system shutdown software with sophisticated power management functions"
[apc_tray]
Filename=apc_tray.exe
Confirmed=Y
Description=Part of the APC UPS software loaded with the BACK-UPS CS 350 unit. Required to monitor the APC unit in case of power failure
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojircbotb.html" target=_blank>IRCBOT-B</a> TROJAN!
[apiclass]
Filename=lexplore_.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojmsnopta.html" target=_blank>MSNOPT-A</a> TROJAN!
[apisvc.exe]
Filename=apisvc.exe
Confirmed=X
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_116121.htm" target=_blank>LAMEBOT</a> TROJAN!
[apl]
Filename=APL.exe
Confirmed=U
Description=Sage Software's <a href="http://itdomino.act.com/act.nsf/docid/2004129101128" target=_blank>ACT!</a> The application pre-loader (apl.exe) is a self contained executable that pre-loads the necessary .NET framework and ACT! 2005 assemblies. This pre-loading of assemblies enhances ACT! startup, view load and dialog load times in some areas of the application
[apmsrv9x]
Filename=APMSRV9X.EXE
Confirmed=?
Description=Intel AnyPoint Wireless II Home Network related. <font color="#FF0000"> What does it do and is it required?</font>
[apoint]
Filename=Apoint.exe
Confirmed=U
Description=Touchpad software for laptop PC's. For instance it is found on the Panasonic machines and allows part of the touchpad to be used for document or Web-page scrolling. Required for proper functioning of the pointing software but not required for the laptop to work
[app.exename]
Filename=[path to worm]\.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.bodiru.html" target="_blank">BODIRU</a> WORM!
[appcon]
Filename=vAppCon.exe
Confirmed=U
Description=Vital Application Console - part of <a href="http://www.pos-partner.com/Product.htm" target="_blank">POS-partner 2000</a> point-of-sale software from Vital. This is the taskbar icon and is enabled at startup by the "Auto-start when OS starts" option. Required for a connection to be established
[appconn]
Filename=appconn.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.cargao.html" target="_blank">CARGAO</a> WORM!
[appextender]
Filename=AppExtCB.exe
Confirmed=U
Description=Loads the <a href="http://www.confimax.com/?PHPSESSID=aefc68296846f048b5b7ae96e48d854f" target="_blank">Confimax</a> add-in for popular E-mail programs to confirm E-mails have been sent and received
[appis.exe]
Filename=appis.exe
Confirmed=X
Description=Added by the <a href="http://pestpatrol.com/PestInfo/t/trojandownloader_win32_agent_bc.asp" target=_blank>AGENT-BC</a> TROJAN!
[application]
Filename=mdmsetsp.exe
Confirmed=Y
Description=Aztech Labs modem driver
[application explorer]
Filename=Naldesk.exe
Confirmed=U
Description=Novell Zenworks Application Explorer Executable. "For almost all users the Novell ZENworks agent (either Application Launcher or Application Explorer) will be run via the user's login script on each successful login. ZENworks is used to periodically deliver software updates and is also used to install the remote management components."
[application layer gateway service]
Filename=algs.exe
Confirmed=X
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/w32.linkbot.m.html" target=_blank>LINKBOT.M</a> WORM!
[appplus]
Filename=AppPlus.exe
Confirmed=U
Description=<a href="http://www.appplusonline.com/" target="_blank">AppPlus</a> - "menu bar or tray launcher that docks to your desktop, floats or sits in your System Tray. Create graphic/text-based buttons that launch any number of programs, Websites, e-mail addresses or folders (which open in the AppPlus Menu System)"
[apvxd]
Filename=APVXDWIN.EXE
Confirmed=Y
Description=Part of <a href="http://www.pandasoftware.com/" target="_blank">Panda Anti-Virus</a>. Required to enable permanent virus protection
[apvxdwin]
Filename=APVXDWIN.EXE
Confirmed=Y
Description=Part of <a href="http://www.pandasoftware.com/" target="_blank">Panda Anti-Virus</a>. Required to enable permanent virus protection
[apwheel]
Filename=Apwheel.exe
Confirmed=Y
Description=Wheel support for an Alps mouse
[apyginapygin]
Filename=simenu.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.BTR&VSect=P" target=_blank>SDBOT.BTR</a> WORM!
[aqadcup.exe]
Filename=aqadcup.exe
Confirmed=X
Description=Added by the <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/aqadcup/" target="_blank">AGENT.BG</a> WORM!
[ara-key]
Filename=[random filename]
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.antinny.html" target="_blank">ANTINNY</a> WORM!
[archive]
Filename=archive.exe
Confirmed=X
Description=Adware, recognized by <a href="http://www.kaspersky.com/personalpro" target=_blank>Kaspersky</a> antivirus as Trojan-Downloader.Centim.a
[archive control]
Filename=fixupdattr.exe
Confirmed=X
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/w32.mytob.gu@mm.html" target=_blank>MYTOB.GU</a> WORM!
[arcsolo recovery]
Filename=N/A
Confirmed=N
Description=Backup software by Computer Associates - no longer supported
[ares]
Filename=ares.exe
Confirmed=N
Description=<a href="http://www.aresgalaxy.org/download.html" target="_blank">Ares</a> is "a Windows program that enables peer-to-peer file-sharing on the Ares P2P network. As a member of the P2P community you can search and download any file shared by other users. You can meet new friends in Ares chatrooms while you download"
[areslite]
Filename=AresLite.exe
Confirmed=N
Description=<a href="http://www.aresgalaxy.org/download.html" target="_blank">Ares</a> Lite Edition is "a Windows program that enables peer-to-peer file-sharing on the Ares P2P network. As a member of the P2P community you can search and download any file shared by other users. You can meet new friends in Ares chatrooms while you download"
[aritima]
Filename=aritima.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.aritim.html" target="_blank">ARITIM</a> WORM!
[armor2net]
Filename=Armor2net.exe
Confirmed=N
Description=Related to Armor2net personal firewall (possibly contains or is related to an anti-spyware product known as ArmorWall, which is a spyware remover - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target=_blank>here</a>
[artera]
Filename=arteraui.exe
Confirmed=U
Description=<a href="http://www.arteraturbo.com/" target="_blank">Artera Turbo Internet Accelerator</a> - "surf faster, boost download speed". Only required if you find it helps improve your performance
[as00 gear511]
Filename=Gear511.exe
Confirmed=?
Description=Software for Netgear wireless network cards. Unknown whether it is required for the wireless card to run but does not seem to be a resource hog. Not required for laptop to run if the wireless network card will not be used. <font color="#FF0000">Is it at all required?</font>
[as00_wpn511]
Filename=WPN511.exe
Confirmed=?
Description=NetgearRev MFC Application - software for Netgear wireless network cards - <font color="#FF0000">what does it do and is it required in startup?</font>
[asdx]
Filename=xwinrpc32.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.VO" target="_blank">AGOBOT.VO</a> WORM!
[ase scheduler]
Filename=ASE Scheduler.exe
Confirmed=N
Description=Aluria Software's spyware removal tool - we can't really recommend this product as Aluria have recently partnered with WhenU, the well known adware company, see <a href="http://www.boston.com/business/technology/articles/2004/11/06/spyware_killer_displays_its_own_ads/" target=_blank>here</a> and <a href="http://netrn.net/spywareblog/archives/2004/11/06/aluria-confused/" target=_blank>here</a>
[ashampoo popupblocker]
Filename=PopUpKiller.exe
Confirmed=U
Description=Ashampoo popup blocker, part of Privacy Protector Plus - see <a href="http://www.ashampoo.com/frontend/products/php/product.php?idstring=0204&session_langid=2ñcy_id=-1" target=_blank>here</a>
[ashavast]
Filename=ashAvast.exe
Confirmed=Y
Description=Part of <a href="http://www.avast.com/" target= blank>Avast</a> antivirus
Description=Part of <a href="http://www.alwil.com/en/default.asp" target=_blank>Avast!</a> anti-virus software - E-mail scanner
[asioreg]
Filename=regsvr32.exe ctasio.dll
Confirmed=U
Description=<a href="http://www.soundblaster.com/resources/read.asp?articleid=60&cat=2" target="_blank">ASIO</a> (Audio Stream In/Out) drivers for the SoundBlaster Audigy 2 series soundcards - for recording and home project studios. Required if you use this functionality
[asl]
Filename=Aslru.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancoscu.html" target=_blank>BANCOS-CU</a> TROJAN!
[asmw soft popups burner]
Filename=popups burner.exe
Confirmed=U
Description=Popup blocker, part of Asmw Soft <a href="http://www.asmwsoft.com/products/002.htm" target= blank>PC Optimizer</a>
[asp4tray]
Filename=asp4tray.exe
Confirmed=N
Description=System Tray application for Aureal Vortex based soundcards. Can be run manually via Start -> Settings -> Control Panel
[aspiretimemachine]
Filename=acertmb.exe
Confirmed=Y
Description=System recovery software supplied with some Acer notebook PCs. Similar to GoBack and the restore program in WinXP, allowing you to restore a PC back to a working state with minimal re-entry
[assistse]
Filename=ASSISTSE.EXE
Confirmed=X
Description=CnsMin (<a href="http://www.pestpatrol.com/PestInfo/C/CnsMin.asp" target="_blank">Chinese_Keywords</a>) related
[astray]
Filename=Astray.exe
Confirmed=N
Description=Voyetra Audio Station - part of Voyetra's <a href="http://www.voyetra.com/site/products/ump3/" target="_blank"> Ultimate MP3 & CD Manager</a>. MP3 and digital music jukebox/organizer
[astro]
Filename=Astro.exe
Confirmed=N
Description=Checks for updates to Quicken on a system reboot
[asus live update]
Filename=ALU.exe
Confirmed=N
Description=ASUS Live Update utility for their motherboards
[asus probe]
Filename=AsusProb.exe
Confirmed=N
Description=ASUS video card fan/thermal monitor - only required if you overclock your card or live in a hot area
[asus smartdoctor]
Filename=VGAProbe.exe
Confirmed=U
Description=ASUS video card fan/thermal monitor
[asus tweakenable]
Filename=astart.exe
Confirmed=U
Description=Restores manually changed settings for ASUS based video cards such as overclocking. Only required if you use non-standard settings
[asuskey]
Filename=V38SHELL.EXE
Confirmed=N
Description=System tray Icon for quickly changing video modes
[asustweakenable]
Filename=ATweak.exe
Confirmed=U
Description=Asus tweaking utility - for fine tuning the settings of your ASUS display card
[aswdp]
Filename=ASWDP.exe
Confirmed=N
Description=<a href="http://www.stevejacksonre.com/mls_pulse_sign_up.htm" target="_blank">MLS Pulse</a> - real estate software. Keeps the home buyer/seller continually informed on the status of his/her local/regional real estate market
[aswnk]
Filename=aswnk.exe
Confirmed=X
Description=Adult content dialler
[at-watch]
Filename=ATWatch.exe
Confirmed=U
Description=Anti-Trojan Watch - trojan detector
[atapidrv]
Filename=atapidrv.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotsl.html" target=_blank>AGOBOT-SL</a> WORM!
[athan]
Filename=Athan.exe
Confirmed=U
Description=<a href="http://www.islamasoft.co.uk/products/athan/athansoftware.html" target=_blank>Athan</a> - an application that calculates and reminds the five daily Islamic prayer times for anywhere in the world
[ati catalyst system tray]
Filename=CLI.exe SystemTray
Confirmed=N
Description=System Tray access to ATI's CATALYST?CONTROL CENTER. Note that this has "SystemTray" appended to CLI.exe in the "Command" column of MSCONFIG. Not required to run the control center - which is available via a right-click on the desktop
[ati devicedetect]
Filename=ATIDtct.EXE
Confirmed=N
Description=Utility meant for future use of the ATI TV WONDER?USB 2.0 video driver and can be disabled
[ati gart set-up utility]
Filename=Atigart.exe
Confirmed=N
Description=Program that checks the motherboard chipset and determines which GART driver bundle to install on ATI video cards. If you have one, once installed it shouldn't be needed
[ati launchpad]
Filename=launchpd.exe
Confirmed=U
Description=Convenient way to start all your Multimedia Center applications (DVD, Video CD, CD Audio, File Player). You can right-click LaunchPad, and uncheck Load on Startup in the menu
[ati rage3d pro]
Filename=AtiRage4dPro.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotog.html" target=_blank>AGOBOT-OG</a> WORM!
[ati scheduler]
Filename=Atisched.exe
Confirmed=N
Description=Component that remains resident in memory and automatically launches the ATI VIDEO PLAYER at a user selected time and date. Delete the shortcut in the Start -> Programs -> Startup folder as well. Functions could re-enable the program to load at start-up and re-introduce the shortcut. Try it and see
[ati task application]
Filename=Atitkad.exe
Confirmed=N
Description=System Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Start -> Settings -> Control Panel -> Display
[ati task application (atikey)]
Filename=Atitask.exe
Confirmed=N
Description=System Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Start -> Settings -> Control Panel -> Display
[ati technology startup]
Filename=techstart.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaeu.html" target=_blank>RBOT-AEU</a> WORM!
[ati video regkey]
Filename=ati2vid.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.UR" target="_blank">SDBOT.UR</a> WORM!
[ati2cwxx]
Filename=Ati2cwxx.exe
Confirmed=?
Description=<font color="#FF0000">For some ATI video cards. Probably used to access features and may not be required - for example the ATI Radeon works fine without it </font>
[ati2mdxx]
Filename=Ati2mdxx.exe
Confirmed=N
Description=For ATI video cards. System Tray access to display mode changing
[aticcc]
Filename=cli.exe runtime
Confirmed=N
Description=ATI's CATALYST?CONTROL CENTER. Required if you want to change graphics settings on a regular basis but you must have internet access and Microsoft's .NET framework installed. Note that this has "runtime" appended to cli.exe in the "Command" column of MSCONFIG. Recommend that start the program manually via Start -> Programs -> ATI Catalyst Control Center -> Advanced -> Restart Runtime as it can casue problems when starting Windows
[aticpaxx.exe]
Filename=aticpaxx.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotxp.html" target= blank>RBOT-XP</a> WORM!
[atidisplaydrv]
Filename=atidrvxx.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotvz.html" target= blank>RBOT-VZ</a> WORM!
[atidriver]
Filename=reaIplayer.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32warpigse.html" target=_blank>WARPIGS-E</a> WORM! Note the uppercase "I" in the filename, rather than a lower case "L"
[atimodechange]
Filename=Ati2mdxx.exe
Confirmed=U
Description=System Tray icon to access ATI graphics card settings and the Hydravision Desktop Manager
[atipatxx]
Filename=atipatxx.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsmalled.html" target=_blank>SMALL-ED</a> TROJAN!
[atipoll]
Filename=ati2evxx.exe
Confirmed=U
Description=ATI External Event Utility EXE Module. This task can comsume lots of CPU resournces on some computers, but it can help with graphics card problems. Leave enabled unless it consumes too many CPU resources
[atiptext]
Filename=atiptext.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojcosiama.html" target= blank>COSIAM-A</a> TROJAN!
[atiqipcl]
Filename=AtiQiPcl.exe
Confirmed=U
Description=Used for hardware DVD decoding on ATI video cards supporting this feature. Not required unless you regularly play DVD's
[atismart]
Filename=ati2s9ag.exe
Confirmed=U
Description=ATI's "SMARTGART", which is included with the "<a href="http://mirror.ati.com/products/pc/catalyst/index.html" target="_blank">Catalyst</a>" drivers. When the system boots, it runs a couple of bus tests & tries to apply the most stable settings
[atisound]
Filename=csrss.exe
Confirmed=U
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/spyware.winspy.html" target=_blank>WinSpy</a> surveillance software. Uninstall this software unless you put it there yourself. Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target=_blank>csrss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the "ComRoot" subfolder
[atisrc2]
Filename=windfind.exe
Confirmed=X
Description=Adult content dialler - see <a href="http://www.spywareinfo.com/forums/index.php?act=ST&f=11&t=7756&hl=&s=" target="_blank">here</a>. This has to be cleared at the same time as MSStartOptimizer (WINUPD.EXE), mmxrun (msosa.exe) and RegCompres (REGCPM32.EXE), otherwise they return
[atitech]
Filename=Active.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojroamera.html" target=_blank>ROAMER-A</a> TROJAN!
[atitray]
Filename=atitray.exe
Confirmed=U
Description=ATI Tray Tools - allows quick access to ATI graphics card settings
[atitraytools]
Filename=atitray.exe
Confirmed=U
Description=ATI Tray Tools - allows quick access to ATI graphics card settings
[atiupdater]
Filename=atiupdxx.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotabx.html" target= blank>RBOT-ABX</a> WORM!
[atiupdpl]
Filename=atiupdpl.exe
Confirmed=X
Description=Added by the <a href="http://ae.trendmicro-europe.com/consumer/vinfo/encyclopedia.php?LYstr=VMAINDATA&vNav=1&VName=TROJ SMALL.AOS" target= blank>SMALL.AOS</a> TROJAN!
[ativopen]
Filename=ativopen.exe
Confirmed=X
Description=Premium rate adult content dialler
[atix10]
Filename=atix10.exe
Confirmed=Y
Description=ATI <a href="http://www.ati.com/products/pc/remotewonder/" target="_blank">Remote Wonder?/a> - PC wireless remote control driver. Required if you use it
[atm control]
Filename=adpn.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MMS.A&VSect=T" target="_blank">MMS.A</a> WORM!
[atnotes]
Filename=atnotes.exe
Confirmed=N
Description=Loads the ATnotes program for virtual sticky notes for your desktop. Available via Start -> Programs
[atomic-x27]
Filename=Atomic-x27.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32katomika.html" target=_blank>KATOMIK-A</a> WORM!
[atomic-x27c]
Filename=AtomicpartC.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32katomika.html" target=_blank>KATOMIK-A</a> WORM!
[atomic.exe]
Filename=Atomic.exe
Confirmed=U
Description=<a href="http://www.worldtimeserver.com/atomic-clock/" target=_blank>Atomic Clock Sync</a> - synchronizes your computer's time with the NIST time server
[atomica]
Filename=atomica.exe
Confirmed=N
Description=<a href="http://www.atomica.com/" target="_blank">Atomica</a> runs from the System Tray and allows the user to find out more about a word or phrase on any screen by pointing at it with the mouse and clicking button one while holding down the Alt key
[atomictime]
Filename=ATOMICTIME.EXE
Confirmed=U
Description=<a href="http://schmail.com/atomictime/" target="_blank">AtomicTime</a> - utility that synchronizes your PC clock to an atomic clock
[atrack]
Filename=atrack.exe
Confirmed=U
Description=New feature of Norton Internet Security (NIS) and Norton Personal Firewall (NPF) 3.0 is the Alert Tracker, an instant notification feature. The Alert Tracker displays information about events as they happen. This way, when a rule has been triggered or an access to the Internet made, you know about it immediately rather than finding out about it when you check your logs or notice that the NIS icon indicates a security alert
[atray]
Filename=Atray.exe
Confirmed=U
Description=<a href="http://www.divcomsoft.com/atray/" target="_blank">Active Tray</a> is a utility which lets you configure the system tray. You can also create your own tray icons
[atspooler]
Filename=AppsTraka.exe
Confirmed=U
Description=<a href="http://www.symantec.com/avcenter/venc/data/spyware.desktopscout.html" target= blank>AppsTraka</a> keystroke logger/monitoring program - remove unless you installed it yourself!
[attbroadbandupdate]
Filename=SAUpdate.exe
Confirmed=U
Description=<a href="http://bb4.com/" target="_blank">Big Brother</a> from Quest Software. System and network monitor
[attredupdate]
Filename=AutoUpdate.exe
Confirmed=U
Description=Additional item added to start-ups after AT&T took over the now bankrupt Excite@home high-speed internet service. Included for automatically downloading and installing updates. Leave it unless you plan to regularly run it to check for updates
[attuneclientengine]
Filename=attune_ce.exe
Confirmed=X
Description=Spyware - part of an automated helpdesk software called Aveo Attune
[attunecontentupdater]
Filename=attune_cu.exe
Confirmed=X
Description=Spyware - part of an automated helpdesk software called Aveo Attune
[attunediscovery]
Filename=attune_di.exe
Confirmed=X
Description=Spyware - part of an automated helpdesk software called Aveo Attune
[attunel]
Filename=Attunel.exe
Confirmed=X
Description=Spyware - part of an automated helpdesk software called Aveo Attune
[attunesystray]
Filename=attune_st.exe
Confirmed=X
Description=Spyware - part of an automated helpdesk software called Aveo Attune
[atuner]
Filename=atuner.exe
Confirmed=N
Description=<a href="http://www.3dcenter.de/atuner/index_e.php" target="_blank">aTuner</a> - tweak tool for GeForce based graphics cards
[atwtusb]
Filename=atwtusb.exe
Confirmed=Y
Description=USB interface for Aiptek Graphics Tablet (USB)
[atxbrw]
Filename=Iexplor.exe
Confirmed=X
Description="Pop Marketing" adware
[au agent]
Filename=AUagent.exe
Confirmed=U
Description=<a href="http://www.zilab.com/Products/Au/index_2.shtml" target="_blank">Au Agent</a> from Zilab Software. Win2K/NT enhancement tool. Allows you to run applications under any security context without closing the whole logon session to process a new logon
[au.exe]
Filename=au.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.b@mm.html" target="_blank">BEAGLE.B</a> WORM!
[aucbpnp]
Filename=aucbnpn.exe
Confirmed=Y
Description=Adaptec USB CardBus Safe-Eject - driver for the <a href="http://www.adaptec.com/worldwide/product/proddetail.html?sess=no&language=English+US&prodkey=AUA-1420&cat=%2fTechnology%2fUSB%2fUSB+Adapters" target="_blank">Adaptec USB 2.0 CardBus</a> which provides USB 2.0 ports for laptop users via a PCMCIA card slot
[aucompat]
Filename=Aucompat.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html" target="_blank">GEMA</a> TROJAN!
[audcntr]
Filename=audcntr.exe
Confirmed=X
Description=Added by the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?ID=40574" target=_blank>GEMA</a> TROJAN!
[audctrl]
Filename=RunDll32 AudCtrl.dll, RCMonitor
Confirmed=?
Description=<font color="#FF0000">Audio control panel?</font>
[audio]
Filename=SOUND.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/dialployba.html" target=_blank>PLOYB-A</a> TROJAN!
[audiocntl]
Filename=audiocntl.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojcrypterc.html" target="_blank">CRYPTER.C</a> TROJAN!
[audiodeck]
Filename=ADeck.exe
Confirmed=N
Description=ADeck.exe is a system tray application for VIA's sound cards which offers quick access to a number of sound card related items
[audiodrv]
Filename=audiodrv.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojcrypterc.html" target= blank>CRYPTER-C</a> TROJAN!
[audiohq]
Filename=Ahqtb.exe
Confirmed=N
Description=For Creative Soundblaster Live! series soundcards. System tray application for SB Live! functions. Available via Start -> Programs
[audioinf]
Filename=audioinf.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojcrypterc.html" target="_blank">CRYPTER.C</a> TROJAN!
[aunps2]
Filename=RUNDLL32 AUNPS2.DLL, _Run@16
Confirmed=X
Description=AlwaysUpdatedNews.com parasite related - see <a href="http://securityresponse.symantec.com/avcenter/venc/data/adware.aunps.html" target=_blank>here</a>
[aureal a3d interactive audio]
Filename=sa3dsrv.exe
Confirmed=Y
Description=For Aureal based 3D soundcards. A3D sound features won't work with this disabled
[aureal a3d interactive audio init]
Filename=A3dInit.exe
Confirmed=Y
Description=For Aureal based 3D soundcards. A3D sound features won't work with this disabled
[ausvc]
Filename=ausvc.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.autoupder.html" target="_blank">AUTOUPDER</a> TROJAN!
[auth starter ident]
Filename=startauth.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotwp.html" target= blank>RBOT-WP</a> WORM!
[authz]
Filename=authz.exe
Confirmed=X
Description=Added by an unidentified VIRUS, WORM or TROJAN!
[auto cd-rom startup]
Filename=cdaccess.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.BLA&VSect=P" target=_blank>SPYBOT.BLA</a> WORM!
[auto repair system]
Filename=qualityx.exe
Confirmed=X
Description=Added by an unidentified WORM or TROJAN - probably a <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html" target="_blank">SPYBOT</a> variant
[auto switch]
Filename=TASKBAR.exe
Confirmed=U
Description=Related to 2-port Bitronics AutoSwitch kit from Belkin
[auto t bar]
Filename=autotbar.exe
Confirmed=N
Description=If you disable the HP VIEW toolbar in IE and rarrange the toolbars on a reboot they will be back as they were before if this is left enabled
[auto updates]
Filename=svchost.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojcheukoa.html" target=_blank>CHEUKO-A</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
[auto winupdate]
Filename=taskmrg.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotafa.html" target=_blank>RBOT-AFA</a> WORM!
[autobar]
Filename=autobar.exe
Confirmed=U
Description=Connect buttons on the keyboard for internet direct access, etc. on HP computers
[autocad startup accelerator]
Filename=acstart16.exe
Confirmed=U
Description=Preloads some libraries that are used by <a href="http://usa.autodesk.com/adsk/servlet/index?siteID=123112&id=5127213" target=_blank>AutoCAD</a> in order to make the software load faster
[autoclk]
Filename=autoclk.exe
Confirmed=U
Description=<a href="http://autoclik.8m.com/" target=_blank>Autoclik</a> is a Windows utility "that allows you to perform all mouse activity with absolutely no clicking"
[autoea]
Filename=Ahqrun.exe
Confirmed=N
Description=For Creative Soundblaster Live! series soundcards. Specify for any audio application what audio preset to automatically associate with currently active speaker output. Available via AudioHQ
[autoexe]
Filename=AUTOEXE.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32semapia.html" target= blank>SEMAPI-A</a> WORM!
Description=Task scheduler for <a href="http://www.unisyn.com/" target="_blank">Unisyn Automate 4</a> task automation/macro running software. Available via a desktop shortcut or Start -> Programs
[automatic defrag manager]
Filename=defrag.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotake.html" target=_blank>RBOT-AKE</a> WORM!
[automatic microsoft windows updater]
Filename=suchost.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rboteq.html" target=_blank>RBOT-EQ</a> WORM!
[automatic windows updater]
Filename=Update.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.ao.html" target="_blank">GAOBOT.AO</a> WORM!
[automatically launches the united devices agent when you start your computer]
Filename=UD.EXE
Confirmed=N
Description=The <a href="http://members.ud.com/download/gold/" target="_blank">United Devices Agent</a> can recycle your PC's unused resources and use them to perform valuable scientific and medical research without disturbing your usual computer use - similar to SETI@home but for medical research. Available via Start -> Programs
[autopdate]
Filename=Autopdate.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotagl.html" target=_blank>RBOT-AGL</a> WORM!
[autoprop]
Filename=REGPROP.EXE WMPADDIN.DLL
Confirmed=N
Description=Both the files are in the MS Office/Bots/FP_WMP directory. Apparently, it registers the FrontPage WiMP extension
[autoprotectu]
Filename=navapq32.exe
Confirmed=X
Description=Added by an unidentified WORM or TROJAN!
[autorepair]
Filename=dexs.exe
Confirmed=X
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
[autoshutdown]
Filename=pssvc.exe
Confirmed=?
Description=<font color="#FF0000">Utility to fix vCard Export in MS Outlook 2000 - although why are these together?</font>
[autosizer]
Filename=AUTOSIZER.EXE
Confirmed=U
Description=<a href="http://www.southbaypc.com/AutoSizer/" target="_blank">AutoSizer</a> - utility that automatically maximizes windows when they're opened
Description=If you disable the HP VIEW toolbar in IE and rarrange the toolbars on a reboot they will be back as they were before if this is left enabled
[autotkit]
Filename=AUTOTKIT.EXE
Confirmed=N
Description=On HP PC's. Unclear what purpose it serves - but there's a known issue with Internet Explorer Toolbar settings not being saved with it enabled
[autoupdate service]
Filename=kaka.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsympeb.html" target=_blank>SYMPE-B</a> TROJAN!
[autovirusprotection]
Filename=ciscv.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
[auto__hloader__key]
Filename=hloader_exe.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_BAGLE.AB&VSect=P" target=_blank>BAGLE.AB</a> TROJAN!
[aux.exe]
Filename=aux.exe
Confirmed=X
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/backdoor.zins.html" target=_blank>ZINS</a> TROJAN!
[auxaudiodevice]
Filename=aux32.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.aizu.html" target="_blank">AIZU</a> WORM!
[auxxtray]
Filename=au30setp.exe
Confirmed=N
Description=System Tray application for Aureal Vortex based soundcards. Can be run manually via Start -> Settings -> Control Panel
[av]
Filename=UPDATE-28062004.exe[25 blank spaces].vbs
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/vbs.midfin@mm.html" target=_blank>MIDFIN</a> WORM!
[av client]
Filename=patch31345.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.mydoom.ad@mm.html" target=_blank>MYDOOM.AD</a> WORM!
[av industry]
Filename=patch31345.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.mydoom.ad@mm.html" target=_blank>MYDOOM.AD</a> WORM!
[av update]
Filename=Update.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojfuroota.html" target= blank>FUROOT-A</a> TROJAN!
Description=Part of <a href="http://www.alwil.com/en/default.asp" target=_blank>Avast!</a> anti-virus software
[avc]
Filename=avmon.exe
Confirmed=X
Description=Added by an unidentified TROJAN!
[avconsoleexe]
Filename=Avconsol.exe
Confirmed=U
Description=From McAfee VirusScan up to version 4.x and Dr Solomon's VirusScan. Used to schedule regular scans. If you don't have scans scheduled you don't need it
[aveoattune]
Filename=atmdlusr.exe
Confirmed=X
Description=Spyware - part of an automated helpdesk software
[avg]
Filename=svchost323.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotza.html" target= blank>RBOT-ZA</a> WORM!
[avg grisoft updater]
Filename=updater.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotot.html" target=_blank>AGOBOT-OT</a> WORM!
[avg7_amsvr]
Filename=Avgamsvr.exe
Confirmed=Y
Description=<a href="http://www.grisoft.com/" target=_blank>AVG</a> antivirus related
[avg7_cc]
Filename=AVGCC.exe
Confirmed=Y
Description=<a href="http://www.grisoft.com/" target=_blank>AVG</a> Anti-Virus 7.0 Control Center. Allows you to manage and control all AVG Anti-Virus components, settings and updates
[avg7_emc]
Filename=AVGEMC.exe
Confirmed=Y
Description=<a href="http://www.grisoft.com/" target=_blank>AVG</a> Anti-Virus 7.0 Email Cleaner. Scans incoming and outgoing email for viruses
[avg7_run]
Filename=avgw.exe
Confirmed=Y
Description=<a href="http://www.grisoft.com/" target=_blank>AVG</a> Anti-Virus 7.0 related
[avgamsvr.exe]
Filename=Avgamsvr.exe
Confirmed=Y
Description=<a href="http://www.grisoft.com/" target=_blank>AVG</a> antivirus related
[avgcc32]
Filename=avgcc32.exe
Confirmed=Y
Description=<a href="http://www.grisoft.com/" target=_blank>AVG</a> anti-virus control center. Also enables scheduled tests, Outlook E-mail plug-in and automatic updates
[avgctrl]
Filename=AVGCTRL.EXE
Confirmed=Y
Description=Background task of the <a target="_blank" href="http://www.hbedv.com/">AntiVir</a> antivirus program which scans files transparently in the background
[avgmsvr.exe]
Filename=avgmsvr.exe
Confirmed=Y
Description=<a href="http://www.grisoft.com/" target=_blank>AVG</a> Anti-Virus 7.0 related
Description=<a href="http://www.grisoft.com/" target=_blank>AVG</a> anti-virus control center. Also enables scheduled tests, Outlook E-mail plug-in and automatic updates
[avg_emc]
Filename=AVGEMC.exe
Confirmed=Y
Description=<a href="http://www.grisoft.com/" target=_blank>AVG</a> Anti-Virus 7.0 Email Cleaner. Scans incoming and outgoing email for viruses
[avg_regcleaner]
Filename=AVGREGCL.exe
Confirmed=Y
Description=<a href="http://www.grisoft.com/" target=_blank>AVG</a> Anti-Virus 7.0 Registry Cleaner - for checking the registry for virus additions and other security problems
[avidrv]
Filename=drvsc.exe
Confirmed=X
Description=Detected as the Trojan-Downloader.Win32.Agent.ph TROJAN! by Kaspersky Anti-Virus
[avimgt]
Filename=Avimgt.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html" target="_blank">GEMA</a> TROJAN!
[avimgt32]
Filename=Avimgt32.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html" target="_blank">GEMA</a> TROJAN!
[avinit]
Filename=AVINIT9X.EXE
Confirmed=Y
Description=<a href="http://www.authentium.com/products/avmatrix.htm" target= blank>Command</a> antivirus related
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/w32.mydoom.af@mm.html" target=_blank>MYDOOM.AF</a> WORM!
[avril lavigne - muse]
Filename=[random filename]
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32avrila.html" target="_blank">AVRIL-A</a> WORM!
[avsched32]
Filename=AVSched32.exe
Confirmed=Y
Description=<a href="http://www.hbedv.com/" target="_blank">AntiVir</a> anti-virus from H+BDEV
[avschedscan]
Filename=SCHSC9X.EXE
Confirmed=Y
Description=<a href="http://www.authentium.com/products/avmatrix.htm" target= blank>Command</a> antivirus related
[avserve.exe]
Filename=avserve.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.worm.html" target="_blank">SASSER</a> WORM!
[avserve2.exe]
Filename=avserve2.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.b.worm.html" target="_blank">SASSER.B</a> or <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.c.worm.html" target="_blank">SASSER.C</a> WORMS!
[avserve3.exe]
Filename=avserve3.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.g.html" target="_blank">SASSER.G</a> WORM!
Description=PRISM Status Tray Applet - <font color="#FF0000">but what is it for and is it required?</font>
[avwupd32]
Filename=AVWUPD32.EXE
Confirmed=U
Description=<a href="http://www.hbedv.com/" target="_blank">AntiVir</a> updater. Useful, but can be run manually
[avx communicator]
Filename=xcommsur.exe
Confirmed=Y
Description=Anti-virus part of <a href="http://www.bitdefender.com/" target="_blank">BitDefender</a> virus scanner/firewall
[avxlive]
Filename=avxlive.exe
Confirmed=Y
Description=<a href="http://www.bullguard.com/" target="_blank">Bullguard</a> or <a href="http://www.bitdefender.com/" target="_blank">BitDefender</a> antivirus
[avxlni]
Filename=avxinit.exe
Confirmed=Y
Description=Anti-virus part of <a href="http://www.bitdefender.com/" target="_blank">BitDefender</a> virus scanner/firewall
[avxnews]
Filename=??
Confirmed=?
Description=<font color="#FF0000">??</font>
[awatch]
Filename=Awatch.exe
Confirmed=U
Description=Diagnosis tool that monitors DSL connections, installed alongside DSL drivers from AVM Fritz's range of modem products
[awhost32]
Filename=awhost32.exe
Confirmed=N
Description=Part of Symantec's <a href="http://enterprisesecurity.symantec.com/products/products.cfm?productID=2">pcAnywhere</a> remote PC management software. Provides an automatic startup of the client PC in host mode in conjuction with a host-definition file, so system administrators can access the machine. Can cause a 10% reduction in speed and not recommended
[awusgsta]
Filename=AWUSGSTA.exe
Confirmed=?
Description=Reportedly related to a USB Wifi Adapter - <font color="#FF0000">is it required at startup?</font>
[awxdtools]
Filename=awxDTools.dll, awxRegisterDll
Confirmed=U
Description=<a href="http://www.hbreitner.de/awxdtools/" target= blank>AwxDTools</a> related - a Windows Shell-Extension for the Daemon-Tools. It extends the context-menu of ImageFiles supported by Daemon-Tools (i.e.: *.cue, *.iso, *.ccd ...)
Description=Located in the IBMTOOLS\VPD sub-directory. <font color="#FF0000">What does it do and is it required?"
[a▓]
Filename=
[a▓]
Confirmed=
[a▓]
Description=
[b'sclip]
Filename=BSCLIP.exe
Confirmed=N
Description=CD recording utility that comes with a lot of CDR/CDRW drives and isn't required
[b.exe]
Filename=b.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.BND&VSect=T" target=_blank>SDBOT.BND</a> WORM!
[b.reader]
Filename=remin.exe
Confirmed=N
Description=<a href="http://www.harshal.da.ru/" target="_blank">Birthday Reminder 5.0</a> - as the name implies
[b3d]
Filename=BDEsecureinstall.exe
Confirmed=X
Description=<a href="http://www.kazaa.com/en/privacy/bundles.htm" target="_blank">B3d Projector</a> foistware - periodically trys to access the internet. (1) Uninstall it via Start -> Settings -> Control Panel -> Add/Remove Programs. (2) Remove the BDEsecureinstall.exe if still present in C:\\Windows\\System. (3) Disable and ideally delete it from the registry. (4) Remove the "BDE" directory and all its contents
[b3dupdate]
Filename=Zupdate.exe
Confirmed=X
Description=<a href="http://www.kazaa.com/en/privacy/bundles.htm" target="_blank">B3d Projector</a> foistware - periodically trys to access the internet. (1) Uninstall it via Start -> Settings -> Control Panel -> Add/Remove Programs. (2) Remove the BDEsecureinstall.exe if still present in C:\\Windows\\System. (3) Disable and ideally delete it from the registry. (4) Remove the "BDE" directory and all its contents
[b9]
Filename=B9.exe
Confirmed=U
Description=<a href="http://www.firetrust.com/products/benign/?PHPSESSID=b60bb4b6eb22115639c465d6f606b788" target="_blank">FireTrust Benign</a> - allows you to receive e-mail which is safe from viruses, worms, scripts, web bugs, privacy threats and other security risks, without affecting your e-mail. "Benign neutralizes or strips out the code that makes viruses, worms, scripts and other potentially harmful things run"
Description=<a href="http://www.commonname.com/english/ug/toolbar/default.asp?idx=1" target="_blank">CommonName Toolbar</a> spyware. To uninstall see <a href="http://www.commonname.com/english/ug/toolbar/default.asp?idx=10#4">here</a>
[babylon client]
Filename=Babylon.exe
Confirmed=N
Description=<a href="http://www.babylon.com/" target="_blank">Babylon-Pro</a> is a powerful information tool that instantly provides relevant information, translations & conversions for any word or value you click on"
[babylon translator]
Filename=Babylon.exe
Confirmed=N
Description=<a href="http://www.babylon.com/" target="_blank">Babylon-Pro</a> is a powerful information tool that instantly provides relevant information, translations & conversions for any word or value you click on
[back updates]
Filename=Uninstall.log.vbs
Confirmed=X
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/vbs.ypsan.d@mm.html" target=_blank>YPSAN.D</a> WORM!
[backdoor.nuagent]
Filename=agent.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagentdp.html" target=_blank>AGENT-DP</a> TROJAN!
[background intelligent transfer service]
Filename=rundll32.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojvbzd.html" target=_blank>VB-ZD</a> TROJAN! Note - this file is located in the C:\Windows\help folder, and is not to be confused with the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/rundll32/" target=_blank>rundll32.exe</a> file!
[backgroundswitcher]
Filename=bgswitch.exe
Confirmed=U
Description=Background Switcher Powertoy. Included with the last beta version of the XP Powertoys. Whenever a user right clicked his desktop and chose properties he could see a new tab which allowed him to enable a "Desktop Slide Show." This would automatically change the Windows Desktop at an interval specified by the user. Available <a href="http://shellcity.net/content4.htm" target="_blank">here</a>
[backpack udf]
Filename=bpudfmon.exe
Confirmed=N
Description=<a href="http://www.nero.com/" target="_blank">Backpack UDF</a> packet writing software for Microssolutions' Back Pack external CD-RW drive. Similar to DirectCD. Run manually before insert an appropriately formatted CD-RW disk
[backup service]
Filename=backup.svc
Confirmed=X
Description=Unidentified adware
[backupexecscheduler]
Filename=besch.exe
Confirmed=U
Description=Veritas "Back Up My PC" software
[backupnotify]
Filename=backupnotify.exe
Confirmed=?
Description=HP Digital Imaging related. <font color="#FF0000">What does it do and is it required?</font>
[backweb]
Filename=backweb.exe
Confirmed=N
Description=Automatically detects an internet connection and downloads any available updates. Typical on Compaq and HP PC's but not restricted to those OEM's. Resource hog and often causes malfunctions. Available via Start -> Programs
Description=Known as "PowerKey" - a minimalistic keyboard driver that allows power management keys on BTC keyboards to function properly in older OS's (i.e. Win95/98/NT4). Also adds an icon to the system tray
[bacstray]
Filename=BacsTray.exe
Confirmed=N
Description=Broadcom Advanced Control Suite - for modems and set top boxes based upon Broadcom chipsets. Not required unless you have networking problems
[baddate]
Filename=BADDATE.EXE
Confirmed=X
Description=Added by an unidentified VIRUS, WORM or TROJAN!
[bagleav]
Filename=csrss.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.ab@mm.html" target=_blank>NETSKY.AB</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target=_blank>csrss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Windows or Winnt folder
[bakra]
Filename=IEHost.EXE
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojmultidrah.html" target=_blank>MULTIDR-AH</a> TROJAN!
[band-aid]
Filename=[path to file]
Confirmed=X
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/backdoor.ranky.o.html" target=_blank>RANKY.O</a> TROJAN!
[bandook]
Filename=ali.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojexemasb.html" target=_blank>EXEMAS-B</a> TROJAN!
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotrp.html" target=_blank>RBOT-RP</a> WORM!
[bartheme]
Filename=bartent32.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotug.html" target=_blank>AGOBOT-UG</a> WORM!
[bascstray]
Filename=BascsTray.exe
Confirmed=N
Description=Broadcom Advanced Control Suite - for modems and set top boxes based upon Broadcom chipsets. Not required unless you have networking problems
[bat]
Filename=secure2.bat
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.zcrew.c.html" target="_blank">ZCREW.C</a> TROJAN!
[batchreg1]
Filename=N/A
Confirmed=N
Description=Part of the Windows System Recovery process. Added to the registry via Msbatch.inf. The existence of this key or process after the last reboot during installation indicates an unsuccessful installation, as that key should be deleted automatically. See <a href="http://www.vanwijk.com/-=%20Bookz%20=-/Special%20Edition%20Using%20Windows%2098/ch10/ch10.htm#Heading24" target="_blank">here</a>
[batinfex]
Filename=rundll32.exe
Confirmed=U
Description=Displays battery status information on an IBM Thinkpad
[batsrv]
Filename=batserv2.exe
Confirmed=X
Description=Detected as Win32.Locksky.m WORM by Kaspersky Anti-Virus!
[battery scope]
Filename=batmgr.exe
Confirmed=U
Description=Monitors battery levels on a notebook/laptop PC
[batterybar]
Filename=batterybar.exe
Confirmed=U
Description=<a href="http://www.nistech.com/BatteryBar/Default.htm" target="_blank">BatteryBar</a> - displays battery usage, and the current percentage of battery power left
[batzback]
Filename=BatzBack.scr
Confirmed=X
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/w32.backzat.worm.html" target="_blank">BACKZAT</a> WORM!
[bausb]
Filename=BAUSB.exe
Confirmed=U
Description=Boston Acoustics Audio, USB driver
[bawindo]
Filename=bawindo.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.ar@mm.html" target="_blank">BEAGLE.AR</a> or <a href="http://www.symantec.com/avcenter/venc/data/w32.beagle.au@mm.html" target=_blank>BEAGLE.AU</a> WORMS!
[baymgr]
Filename=DockApp.exe
Confirmed=U
Description=Hot-swappable drive management on laptops allowing you to change drives without closing down Windows. Only required if you frequently swap bay devices
[bayswap]
Filename=bayswap.exe
Confirmed=U
Description=Hot-swappable drive management on Compaq Notebooks which allows you to swap drives without closing down Windows. Only required if you frequently swap bay devices
[bayswap2]
Filename=TbUpdate.exe
Confirmed=U
Description=Hot-swappable drive management on Compaq Notebooks which allows you to swap drives without closing down Windows. Only required if you frequently swap bay devices
[bbc news alerts]
Filename=skinkers.exe
Confirmed=U
Description=BBC News Desktop Alerts service - see <a href="http://news.bbc.co.uk/2/hi/help/3533099.stm" target= blank>here</a>. Desktop alert and breaking news e-mail services let you find out about all the latest news as it happens
[bbdial]
Filename=BT Broadband.exe
Confirmed=?
Description=<font color="#FF0000">Part of BT Broandband - is it required?</font>
[bbsystray]
Filename=bbSysTray.exe
Confirmed=N
Description=Philips CD-RW related - "the 'Blue Button' feature gives users the chance to receive convenient online support for their possible device problems or questions"
[bbui]
Filename=bbui.exe
Confirmed=U
Description=AOL DSL status monitor displaying a red/green icon indicating if you have a connection
Description=Bcdetect.exe searches the system to make sure Creative drivers are installed for the video card. It loads the BlasterControl when the drivers are detected. Your choice - try it and see
[bcmdmmsg]
Filename=bcmdmmsg.exe
Confirmed=Y
Description=BCM voicemodem driver. Required for dial-up if you have one of these modems
[bcmhal]
Filename=rundll32.exe bcmhal9x.dll, bcinit
Confirmed=U
Description=BlasterControl for Creative video cards - controls for desktop settings, monitor configuration, colour adjustments and performance tuning. May be needed to retain settings
[bcmsmmsg]
Filename=BCMSMMSG.exe
Confirmed=Y
Description=BCM voicemodem driver. Required for dial-up if you have one of these modems
Description=<a href="http://www.weatherbug.com/aws/index.asp" target="_blank">AWS Weatherbug</a> related. <font color="#FF0000">What does it do?</font>
Description=BlasterControl for Creative video cards - controls for desktop settings, monitor configuration, colour adjustments and performance tuning. May be needed to retain settings
[bcvsrv32]
Filename=bcvsrv32.exe
Confirmed=N
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.bqj.html" target=_blank>GAOBOT.BQJ</a> WORM!
[bcwipetm]
Filename=bcwipetm.exe
Confirmed=N
Description=<a href="http://www.jetico.com/" target="_blank">BCWipe</a> Task Manager - scheduler for BCWipe so that it runs at convenient times. You can set a time for running the task, as well as special options for the task. Run manually when needed
[bd]
Filename=dc.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojrasdoora.html" target=_blank>RASDOOR-A</a> TROJAN!
Description=<a href="http://www.bitdefender.com/bd/site/products.php?p_id=25" target="_blank">Bitdefender</a> 8 antivirus and firewall
[bdswitchagent]
Filename=bdswitch.exe
Confirmed=Y
Description=<a href="http://www.bitdefender.com/bd/site/products.php?p_id=25" target="_blank">Bitdefender</a> 8 antivirus and firewall
[bearshare]
Filename=bearshare.exe
Confirmed=N
Description=<a href="http://www.bearshare.com/" target="_blank">BearShare</a> file sharing client. Versions known to include spyware - see <a href="http://www.cexx.org/adware.htm" target="_blank">here</a>
[beatnik internet clock]
Filename=BeatNik.exe
Confirmed=U
Description=<a href="http://www.somedec.com/" target=_blank>BeatNik Internet Clock</a> is a Windows clock add-on that supports 'skins'. It can also synchronize your computer's clock with an atomic clock
[beegees update]
Filename=beegees.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotadk.html" target=_blank>SDBOT-ADK</a> WORM!
[beei]
Filename=beei.exe
Confirmed=?
Description=<font color="#FF0000">??</font>
[befaster]
Filename=befaster3.exe
Confirmed=U
Description=<a href="http://www.ekremdeniz.com/" target= blank>BeFaster</a> internet connection optimization tool
[behl]
Filename=BEHL.exe
Confirmed=?
Description=<font color="#FF0000">??</font>
[behlo]
Filename=BEHLO.exe
Confirmed=?
Description=<font color="#FF0000">??</font>
[belkin pcmcia wlan monitor]
Filename=monitorbk.exe
Confirmed=N
Description=Belkin USB Network Adapter Management utility - can be started manually
[belnotify]
Filename=[path] NPBelv32.dll, RunDll32_BelNotify
Confirmed=U
Description=<a href="http://www.belarc.com/BelTech.html" target=_blank>BelTech</a> enables licensees to offer automated, Web-based problem resolution to their end-users. BelTech allows the end-user to simply go to a web page and automatically resolve their problem or point them to the right solution. BelTech Manager allows non-programmers to rapidly and easily deploy and maintain this service
[belorvbi]
Filename=BELORVBI.exe
Confirmed=?
Description=<font color="#FF0000">??</font>
[belsta.exe]
Filename=Belsta.exe
Confirmed=?
Description=Configuration tool for Belkin wireless network cards. Required to change the cardÆs configuration.<font color="#FF0000"> Is it required for correct operation once the confuiguration is changed?</font>
[belt]
Filename=Belt.exe
Confirmed=X
Description=<a href="http://research.sunbelt-software.com/threat_display.cfm?name=VX2.Transponder&threatid=12517&search=vx2" target=_blank>VX2.Transponder</a> parasite updater/installer related
[benadril alert tool]
Filename=benadrilalert.exe
Confirmed=X
Description=Plug-in for WeatherBug advising when pollen count in your area is high - prompting you to buy Benadril
[bestpopupkiller]
Filename=BestPopupKiller.exe
Confirmed=N
Description=Popup killer by Swanksoft - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target="_blank">here</a>
[besys]
Filename=[path to file]
Confirmed=X
Description=Added by <a href="http://securityresponse.symantec.com/avcenter/venc/data/adware.besys.html" target=_blank>BeSys</a> ADWARE!
[bg]
Filename=bullguard.exe
Confirmed=Y
Description=<a href="http://www.bullguard.com/" target="_blank">Bullguard</a> antivirus and firewall. The P2P version is free with KaZaA Media Desktop and Grokster
[bginfo]
Filename=Bginfo.exe
Confirmed=U
Description=<a href="http://www.sysinternals.com/ntw2k/freeware/bginfo.shtml" target="_blank">BGinfo</a> automatically displays relevant information about a Windows computer on the desktop's background, such as the computer name, IP address, service pack version, and more
Description=Printer driver to generate PDF files from any program
[bhocop]
Filename=BHOCop.exe
Confirmed=N
Description=ZDNet's <a href="http://www.zdnet.com/products/stories/reviews/0,4161,2760348-9,00.html" target="_blank">BHO Cop</a> that lets you see what browser helper objects are installed. Useful for detecting spyware
[bhodemon 2.0]
Filename=BHODemon.exe
Confirmed=U
Description=BHODemon "protects you from unknown Browser Helper Objects (BHOs), by letting you enable/disable them individually. When running, it also monitors your Registry and alerts you when a BHO is installed. Best of all, BHODemon knows about the most common BHOs - the good ones, and the not-so-good ones!". If you prefer forgoing resident protection, the application can also be run on demand
[bi1helperstartup]
Filename=BI1HEL~1.EXE
Confirmed=U
Description=ScreenScenes <a href="http://www.screenscenes.com/product.html?screensaver=BeachIslands" target=_blank>Beach Islands</a> screensaver. The freeware version comes with <a href="http://www.cexx.org/gator.htm" target=_blank>Gator</a> branded ads (pop-ups and others). ScreenScenes do however offer you the option of doing away with the ads by purchasing the screensaver for a whopping $ 30...
Description=<a href="http://www.bigfix.com/website/index.html" target="_blank">BigFix</a> can automatically download and read technical support information provided by computer and software manufacturers and other technical support experts (published in the form of Fixlet?Messages) and can automatically check your computer for bugs, configuration conflicts, and security holes. Should only be started manually as it's a resource hog
[bigpond toolbar]
Filename=bpumTray.exe
Confirmed=U
Description=<a href="http://www.bigpond.com/helpcentre/toolbar/" target="_blank">Telstra BigPond Toolbar</a> - "Introducing the free and easy to use BigPond Toolbar that is designed to make your internet experience and managing your Telstra internet account a whole lot easier"
[bigpondcable]
Filename=bpcable.exe
Confirmed=N
Description=Telstra Bigpond Cable login software - can be started manually
[billminder]
Filename=Billmind.exe
Confirmed=N
Description=Can be setup in Quicken to remind user of due payments. Available via Start -> Programs
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/vbs.bingd@mm.html" target="_blank">BINGD</a> WORM!
[bios]
Filename=Bios32.exe
Confirmed=X
Description=Added by an unidentified VIRUS, WORM or TROJAN!
[bios xp loader]
Filename=[random filename]
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotic.html" target=_blank>RBOT-IC</a> WORM!
[bios1]
Filename=BIOS1.EXE
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.T" target="_blank">OPASERV.T</a> WORM!
[biovcip]
Filename=BIOVCIP.exe
Confirmed=?
Description=<font color="#FF0000">??</font>
[bitcomet]
Filename=BitComet.exe
Confirmed=N
Description=<a href="http://www.bitcomet.com/index.htm" target=_blank>BitComet</a> P2P client - can be launched from Start -> Programs
[bitdefender antivirus]
Filename=BITDEFENDERX.EXE
Confirmed=X
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html" target=_blank>SPYBOT</a> WORM!
Description=<a href="http://www.bitdefender.com/html/bd_msn_messenger.php" target="_blank">Bitdefender</a> anti-virus for MSN Messenger. Unless you have MSN Messenger running all the time start it manually
[bitdefender for yahoo! messenger]
Filename=yahmon.exe
Confirmed=U
Description=<a href="http://www.bitdefender.com/bd/site/products.php?p_id=18" target="_blank">BitDefender Antivirus for Yahoo! Messenger</a> - free AV add-on for Yahoo! Messenger
Description=Main program of <a href="http://www.bitdefender.com/" target="_blank">BitDefender</a> virus scanner/firewall
[bitdefender_p2p_startup]
Filename=BitDefender_P2P_Startup.exe
Confirmed=U
Description=<a href="http://www.bitdefender.com/html/bd_msn_messenger.php" target="_blank">Bitdefender</a> anti-virus for file transfers via internet messaging clients such as ICQ and MSN Messenger. Unless you have these running all the time start it manually
Description=Canon printer status monitor - where "xx" is different depending upon the version. Not required as you can check the printer status via My Computer -> Printers
[bjcfd]
Filename=cdf.exe
Confirmed=N
Description=<a href="http://www.broadjump.com/" target="_blank">BroadJump</a> Client Foundation. Broadband troubleshooting software installed by various companies. Not required and you can remove it via Add/Remove programs
[blackice pc protection]
Filename=blackice.exe
Confirmed=N
Description=Loads the user interface for the <a href="http://blackice.iss.net/product_pc_protection.php" target="_blank">BlackICE PC Protection</a> (was Defender) firewall program. From the <a href="http://www.networkice.com/" target="_blank">parent site</a> - '(the user interface) starts in the "Startup" menu and adds itself to the taskbar. The user interface is independent from the rest of the system and only displays the output or reconfigures the system. It does not need to be running for the rest of the system to run.' See also LoadBlackD
[blackice utility]
Filename=blackice.exe
Confirmed=N
Description=Loads the user interface for the <a href="http://blackice.iss.net/product_pc_protection.php" target="_blank">BlackICE PC Protection</a> (was Defender) firewall program. From the <a href="http://www.networkice.com/" target="_blank">parent site</a> - '(the user interface) starts in the "Startup" menu and adds itself to the taskbar. The user interface is independent from the rest of the system and only displays the output or reconfigures the system. It does not need to be running for the rest of the system to run.' See also LoadBlackD
[blads]
Filename=blads.exe
Confirmed=U
Description=A <a href="http://www.totalidea.com/frameset-tweakxp.htm" target=_blank>Tweak-XP</a> component, blocks advertisement banners in Internet Explorer. Can be enabled/disabled via Tweak-XP / Internet Tweaks
[blahh service]
Filename=msengine.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target= blank>RBOT</a> WORM!
[blahx service]
Filename=msnjompa.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.AML" target=_blank>SDBOT.AML</a> WORM!
[blazechanger]
Filename=FBZPaper.exe
Confirmed=N
Description=<a href="http://www.firehand.com/Ember/" target="_blank">Ember</a> graphic file viewer, manager, and touch-up system
[bldbubg]
Filename=bldbubg.exe
Confirmed=N
Description=Part of Dell Alerts which provides customers with an update on latest updates for his/her system
Description=A <a href="http://www.totalidea.com/frameset-tweakxp.htm" target=_blank>Tweak-XP</a> component, blocks advertisement banners in Internet Explorer. Can be enabled/disabled via Tweak-XP / Internet Tweaks
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BLJ&VSect=P" target=_blank>RBOT.BLJ</a> WORM!
[blocktracker]
Filename=BlockTracker.exe
Confirmed=N
Description=If present on a HP machine it tracks all the processes and logs them to a blocklog.txt file
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.blarul.html" target=_blank>BLARUL</a> TROJAN!
[blstapp]
Filename=blstapp.exe
Confirmed=N
Description=Puts access to Creative's BlasterControl in the System Tray
[blubster]
Filename=Blubster.exe
Confirmed=N
Description=Related to <a href="http://www.blubster.com/" target=_blank>Blubster</a> Music sharing service
[bluespace ne]
Filename=BlueSpaceNE.exe
Confirmed=U
Description="BlueSpace NE is a utility program used to run the Bluetooth?function on VAIO computers that support the Bluetooth function or on VAIO computers connected to the Bluetooth USB adapter". Shortcut available via Start -> Programs
Description=Associated with BlueTooth software, designed to allow bluetooth mobile devices to authenticate to the computer, when connecting a PDA to your computer - necessary for the computer and the PDA to communicate. Should you get the error message, "Rundll irprops.cpl missing entry Bluetooth authentication agent", click <a href="http://www.winbookcorp.com/_technote/WBTA20000912.htm" target=_blank>here</a> for more information. In case you no longer have BlueTooth support installed, and don't need it, simply uncheck the entry in Msconfig > Startup
[blueyonder instant support tool]
Filename=matcli.exe
Confirmed=U
Description="matcli.exe is a motive Assistant Command line interface that gathers information about your system\'s identity like your name email address, city, state, etc and gets written to a log file". Blueyonder Instant Support is required to run with the Help and Support program. If you uncheck it and and then run Help and Support it will add another Blueyonder Instant Support in the startup menu. If you remove Blueyonder Instant Support in add/remove programs some help menus in help and support will not be available. You decide
[bmail installation]
Filename=FTP_back.exe
Confirmed=N
Description=Part of <a href="http://www.imesh.com" target="_blank">iMesh</a> - a file sharing system. Reported by Norton AntiVirus as a trojan. Once deleted does not prevent file sharing working. Older versions of iMesh re-instate this but the newer versions do not
Description=Displays a battery gauge icon in the Taskbar (not the System Tray). Provides shortcuts to IBM's proprietary power saving settings and to a battery information window
[bmmlref]
Filename=BMMLREF.EXE
Confirmed=U
Description=Battery Manager for IBM ThinkPad laptops
Description=IBM Thinkpad related. <font color="#FF0000">What does it do and is it required?</font>
[bmo mastercard wallet]
Filename=EWALLET.EXE
Confirmed=U
Description=The wallet conveniently stores billing, shipping and payment information on your PC
[bmupdate]
Filename=BMupdate.exe
Confirmed=N
Description=Related to the BookmarkCentral entry. Typically added after downloading drivers for Visioneer scanners for example, and you install the driver self-install
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.lacon@mm.html" target="_blank">LACON</a> WORM!
[bnexe]
Filename=[random filename]
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.kitro.d.worm.html" target="_blank"> KITRO.D</a> (or <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_ARGEN.A&VSect=T" target="_blank">ARGEN.A</a>) WORM!
[bo1helperstartup]
Filename=BO1HEL~1.EXE
Confirmed=U
Description=ScreenScenes <a href="http://www.screenscenes.com/product.html?screensaver=ButterflyOasis" target=_blank>Butterfly Oasis</a> screensaver. The freeware version comes with <a href="http://www.cexx.org/gator.htm" target=_blank>GAIN</a> branded ads (pop-ups and others). ScreenScenes do however offer you the option of doing away with the ads by purchasing the screensaver for a whopping $30...
[boarddata]
Filename=[path] repcale.exe [path] palsp.exe
Confirmed=X
Description=Added by a variant of the <a href="http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_RANDON.AN" target=_blank>RANDON.AN</a> WORM!
[boc412]
Filename=BOC412.exe
Confirmed=Y
Description=Version 4.12 of NSClean's <a href="http://www.nsclean.com/boclean.html" target=_blank>BOClean</a> anti-trojan software
Description=Starts the Boingo Wireless utility, used to detect and login into <a href="http://www.boingo.com/" target=blank>Boingo</a> wireless hotspots. The filename may be autogenerated when installing, two different variations along the lines listed here, where # is a number and X is a letter. Shortcut available via Start -> Programs
[boler.exe]
Filename=syser.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotays.html" target=_blank>RBOT-AYS</a> WORM!
[bombshel]
Filename=BOMB32.EXE
Confirmed=U
Description=Part of McAfee Nuts & Bolts. Protects your Windows system from application failure and crashes - similar to Norton Crashguard. Your choice - may cause problems
[bonzi buddy]
Filename=??
Confirmed=X
Description=Spyware - read <a href="http://www.safersite.com/pestinfo/B/BonziBuddy_Adware.asp" target="_blank">here</a> for information and <a href="http://www.pchell.com/support/bonzibuddy.shtml" target="_blank">here</a> for removal instructions
[boo]
Filename=boo.exe
Confirmed=X
Description=Adware downloader - detected by <a href="http://www.kaspersky.com/personalpro" target=_blank>Kaspersky</a> antivirus as the FAVADD.O TROJAN!
Description=<a href="http://www.bookmarkexpress.com/" target="_blank">Bookmark Express</a> - "offers a more flexible way to manage Web site bookmarks, regardless of which browser you use"
[bookmarksink]
Filename=syncit.exe
Confirmed=N
Description=Bookmark synchronization utility
[bookmarksync]
Filename=syncit.exe
Confirmed=N
Description=<a href="http://www.sync2it.com/" target=_blank>Sync2IT BookMarkSync</a> - "real-time automatic synchronization service that allows you to access your bookmarks, favorites and favorite files from any computer or any browser". Only installed with the users explicit permission and generally only remains running if the user decides to subscribe to the service. If it is no longer required it should be uninstalled to prevent a large number of clients æchecking in?to the server that have no chance of synchronizing
[bookmarksync2it]
Filename=sync2it.exe
Confirmed=N
Description=<a href="http://www.sync2it.com/" target=_blank>Sync2IT BookMarkSync</a> - "real-time automatic synchronization service that allows you to access your bookmarks, favorites and favorite files from any computer or any browser". Only installed with the users explicit permission and generally only remains running if the user decides to subscribe to the service. If it is no longer required it should be uninstalled to prevent a large number of clients æchecking in?to the server that have no chance of synchronizing
[boost xp service]
Filename=bxservice.exe
Confirmed=U
Description=<a href="http://www.systweak.com/boostxp/boostxp.htm" target="_blank">Boost XP</a> from Systweak - WinXP tweaking utility
[boot]
Filename=boot.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojpuppeta.html" target=_blank>PUPPET-A</a> TROJAN!
[bootcfg]
Filename=Install.log.vbs
Confirmed=X
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/vbs.ypsan.d@mm.html" target=_blank>YPSAN.D</a> WORM!
[bootctrl]
Filename=bootctrl.exe
Confirmed=X
Description=Added by an unidentified WORM or TROJAN!
[bootloader]
Filename=BootLoader.exe.vbs
Confirmed=X
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/vbs.waterworks.worm.html" target="_blank">WATERWORKS</a> WORM!
[bootpd.exe]
Filename=bootpd.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagentdt.html" target=_blank>AGENT-DT</a> TROJAN!
[bootstatus]
Filename=BOOTST~1.EXE
Confirmed=U
Description=Visual Basic program that pops up a small window on startup telling you how many times the machine has been booted that day. Once you exit it, it has no more effect on resources
[bootwarn]
Filename=BootWarn.exe
Confirmed=U
Description=From <a href="http://www.answersthatwork.com/Tasklist_pages/tasklist_b.htm" target=_blank>here</a>: "Norton AntiVirus Boot Warning. This program is installed as a startup item when you install Norton AntiVirus, and also sometimes when you do a LiveUpdate which updates Norton AntiVirus significantly enough that a reboot is needed to complete the installation. We believe its purpose to be to warn the end-user that he must reboot his PC before using Norton AntiVirus in those cases when a reboot did not happen with the result that Norton AntiVirus did not fully complete its installation or software updating. Recommendation : Start Norton AntiVirus from ôStart \ Programs \ Norton AntiVirus? If Norton AntiVirus comes up without problems, then fix this entry from the Msconfig Startup tab ?it was left behind by mistake and is no longer needed now that Norton AntiVirus is fully installed and opens without error messages"
[boot_reg]
Filename=[path to file]
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancbanca.html" target=_blank>BANCBAN-CA</a> TROJAN!
[bose wave/pc monitor]
Filename=wavepcmonitor.exe
Confirmed=N
Description=System Tray access for this system (more info on the system <a href="http://www.bose.com/home_audio/interactive_systems/wave_pc/index.shtml" target="_blank">here</a>). Available via Start -> Programs
[bossidea]
Filename=winlogin.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlineagei.html" target= blank>LINEAGE-I</a> TROJAN!
[boston]
Filename=Boston.exe
Confirmed=?
Description=Part of the Boston Acoustics USB speaker systems. <font color="#FF0000">What does it do and is it required?</font>
[bot loader]
Filename=svchostt.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.alv.html" target=_blank>GAOBOT.ALV</a> WORM!
[boy lovers of bsd]
Filename=ilikeboys.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MYTOB.LY&VSect=P" target=_blank>MYTOB.LY</a> WORM!
[bpcpost.exe]
Filename=bpcpost.exe
Confirmed=U
Description=MS TV Viewer Post Setup Program. Part of MS WebTV for Windows. Used to display TV on your PC via a compatible video card with in-built tuner (such as ATI All-In-Wonder). If you don't use it - uninstall it
Description=Blazing Tools <a href="http://www.blazingtools.com/bpk.html" target="_blank"> Perfect Keylogger</a> (monitoring program). Given a "U" recommendation because it depends if you intentionally installed it. If you didn't treat it as "X" and uninstall or remove
Description=System Tray access to <a href="http://www.burnquick.com/" target="_blank"> BurnQuick</a> CD burning software. Only required if you use the queueing facility, hence the U recommendation. Create your own desktop shortcut to start manually
[brasilold]
Filename=[worm filename]
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.P" target="_blank">OPASERV.P</a> WORM!
[brct]
Filename=trdb.exe
Confirmed=X
Description=Reported as PurityScan.y TROJAN! by Kaspersky Anti-Virus
[break_reminder]
Filename=BREAK REMINDER.exe
Confirmed=U
Description=Break Reminder - Remind yourself to take breaks to prevent computer related injuries. See <a href="http://www.cheqsoft.com/break.html" target="_blank">here</a>
[bridge]
Filename=rundll32.exe ...Bridge.dll
Confirmed=X
Description=Flingstone.com browser hijacker
[brindys britray]
Filename=BRITRAY.EXE
Confirmed=Y
Description=Main process for the following applications: GEDEX, SICARIO, BRINOTES, BRIRESPA, SICURE, TRASGO, UNDOCS, FRESH & BRIFAME (all of them from <a href="http://www.brindys.com/" target="_blank">Brindys Software</a>). Performs the following tasks [un]installation, web software autoupdate, notification windows, interprocess communication, tray bar icons & menus, alarms (brinotes), and common web launching from the mentioned applications. Can be stopped safely once run if so desired
[brmfrmpa]
Filename=BrmfRmPA.exe
Confirmed=U
Description=Brother resource manager - needed for a Brother MFC printer/copiert/scanner and PC to properly communicate
[broadband wizard]
Filename=bbwiz.exe
Confirmed=N
Description=Starts <a href="http://www.broadbandwizard.net/" target="_blank">Broadband Wizard</a> so it runs in the System Tray. This application tests and optimizes your Cable or DSL connection. Available via Start -> Programs
[browseproxy]
Filename=FindService.exe
Confirmed=N
Description=<a href="http://actualnames.com/index.php?cont=products" target="_blank">Actual Names</a> - "It is now possible to enter a particular word or keyword phrase that is associated with your business, and immediately be directed to YOUR WEBSITE! The Actual Names technology can do this for you"
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotavq.html" target=_blank>RBOT-AVQ</a> WORM!
[browser hijack blaster]
Filename=bhblaster.exe
Confirmed=Y
Description=<a href="http://www.wilderssecurity.com/bhblaster.html" target="_blank">Browser Hijack Blaster</a> - protects your system from browser hijackers and spyware that alters your IE settings
[browser launcher]
Filename=Commandr.exe
Confirmed=U
Description=Logitech internet keyboard "Commander" software - loads the software for the shortcut keys on the keyboard. Not required unless you want to use the short cut keys
Description=Browser Sentinel. Notifies you if a program wants to penetrate into Internet explorer, add itself to the Windows auto-run list or change your home page. See <a href="http://www.unhsolutions.net/Browser-Sentinel/index.shtml" target="_blank">here</a>
[browserwebcheck]
Filename=loadwc.exe
Confirmed=N
Description=Checks to make sure that IE is still your default browser
[bs player]
Filename=bsplayer.exe
Confirmed=N
Description=<a href="http://www.bsplayer.org/" target= blank>BSplayer</a> - A video player used to play avi, mpg, wmv and other multimedia files
[bsclip]
Filename=BSCLIP.exe
Confirmed=N
Description=CD recording utility that comes with a lot of CDR/CDRW drives and isn't required
[bsoft lppt01]
Filename=Bsoft.exe
Confirmed=X
Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "BelmontSoft" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a ref="http://www.wilderssecurity.net/specialinfo/rapidblaster.html#removal" target="_blank"> here</a>
[bsplayer]
Filename=bsplayer.exe
Confirmed=N
Description=<a href="http://www.bsplayer.org/" target=_blank>BSplayer</a> - a video player used to play avi, mpg, wmv and other multimedia files
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlitebotb.html" target=_blank>LITEBOT-B</a> TROJAN!
[bt broadband help]
Filename=matcli.exe
Confirmed=U
Description="matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". BT Broadband Help is required to run with the Help and Support program. If you uncheck BT Broadband Help and and then run Help and Support it will add another BT Broadband Help in the startup menu. If you remove the BT Broadband Help in the add/remove program some help menus in help and support will not be available. You decide
[btinst]
Filename=btinst.exe
Confirmed=?
Description=Associated with an Anycom bluetooth wireless card. <font color="#FF0000">What does it do and is it required?</font>
[btmodemprotection]
Filename=BTModemProtection.exe
Confirmed=U
Description=BT Privacy Online modem protection software, see <a href="http://www.btmodemprotection.com/" target=_blank>here</a>
[btsetbootkey]
Filename=BTSetBootKey.exe
Confirmed=?
Description=Related to a USB Bluetooth adaptor. <font color="#FF0000">What does it do and is it required?</font>
[btstart]
Filename=btstart.exe
Confirmed=U
Description=<a href="http://www.widcomm.com/Partners/index.asp" target="_blank">Broadcorp</a> (formerly WIDCOMM) Bluetooth Connectivity Software
[bttray]
Filename=bttray.exe
Confirmed=U
Description=System tray icon which shows the status of a BlueTooth wireless module. Most systems with such a module installed can enable/disable the module. The system tray icon changes from blue/white to blue/red when the module is turned off. Allows access to explore bluetooth places, setup wizard, advanced configuration, quick connect and shutdown device
[btusrbdg]
Filename=BtUsrBdg.exe
Confirmed=Y
Description=Used with a <a href="http://www.mitsumi.de/index4.html" target="_blank">Mitsumi USB Bluetooth</a> adaptor (and maybe others)
[btusrbdgf]
Filename=BtUsrBdg.exe
Confirmed=Y
Description=Used with a <a href="http://www.mitsumi.de/index4.html" target="_blank">Mitsumi USB Bluetooth</a> adaptor (and maybe others)
Description=Part of the <a href="#AIMster">AIMster</a> Peer to Peer (P2P) file sharing application that runs over the AOL Instant Messenger network
[bugwatcher service]
Filename=bugwatcher.exe
Confirmed=U
Description=<a href="http://www.bugtoaster.com/" target="_blank">Bugtoaster</a> is a service that sends reports on system/program crashes (certain types) back to Bugtoaster. They relay information to program authors and provide, if available, any known solutions to the crashes. It doesn't take up any room in memory, just activates in the event of certain program failures
[buildbu]
Filename=bldbubg.exe
Confirmed=N
Description=Part of Dell Alerts which provides customers with an update on latest updates for his/her system
[buildlabs]
Filename=csrss.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.webus.html" target="_blank">WEBUS</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target="_blank">csrss.exe</a> process, which should not appear in Msconfig/Startup!
[bulldog service]
Filename=upsd.exe
Confirmed=U
Description=Belkin's Bulldog Plus control software which runs under Windows 95 or later and monitors the UPS (Uninterrupted Power Supply) via a serial or USB link
[bullguard]
Filename=mgui.exe
Confirmed=Y
Description=Part of <a href="http://www.bullguard.com/" target="_blank"> Bullguard</a> antivirus
[bullguard update]
Filename=avxlive.exe
Confirmed=U
Description=Part of <a href="http://www.bullguard.com/" target="_blank"> Bullguard</a> antivirus. Leave enabled unless you manually update virus definitions
[bullguard xcomm]
Filename=XCOMMSVR.EXE
Confirmed=Y
Description=Part of <a href="http://www.bullguard.com/" target="_blank"> Bullguard</a> antivirus
[bullguardinit]
Filename=AVXINIT.EXE
Confirmed=Y
Description=Part of <a href="http://www.bullguard.com/" target="_blank"> Bullguard</a> antivirus
[bullguardoptin]
Filename=bulldownload.exe
Confirmed=Y
Description=Part of <a href="http://www.bullguard.com/" target="_blank"> Bullguard</a> antivirus
Description=<a href="http://www.intelliseek.com/prod/bullseye/bullseye.htm" target="_blank">Bullseye</a> - intelligent research assistant
[bunx]
Filename=beagle.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32lebreate.html" target=_blank>LEBREAT-E</a> WORM!
[burnquick queue]
Filename=BQTray.exe
Confirmed=N
Description=System Tray access to <a href="http://www.burnquick.com/" target="_blank">BurnQuick</a> CD burning software. Only required if you use the queueing facility, hence the U recommendation. Create your own desktop shortcut to start manually
[button server]
Filename=bttnserv.exe
Confirmed=U
Description=Found on a Compaq PC, for the extra buttons on the keyboard for the speaker volume, media player, sleep and internet buttons. If the buttons aren't used on the keyboard or your's doesn't have them, then it isn't required
[buttonkey]
Filename=ButtonKey.exe
Confirmed=N
Description=CyberView TWAIN driver for the <a href="http://www.scanace.com/en/product/product.php" target="_blank">Pacific Image</a> range of 35mm film scanners. Enables the one touch scanning button and places an icon an the System Tray. Use your scanners software or run it manually by creating a shortcut
[buzme]
Filename=Bmui.exe
Confirmed=N
Description=<a href="http://www.buzme.com/buzme/default.asp" target="_blank">Buzme</a> by RingCentral, Inc - internet call waiting. Intercepts telephone calls like an answering machine and plays the voice message on your PC. Only required when you're on-line and via dial-up modem
[buzof.exe]
Filename=buzof.exe
Confirmed=U
Description=<a href="http://www.basta.com/ProdBuzof.htm" target="_blank">Buzof</a> from Basta Computing "enables you to automatically answer, close or minimize virtually any recurring window including messages, prompts, and dialog boxes"
[bxproxy]
Filename=bxproxy.exe
Confirmed=X
Description=Added by the <a href="http://www.superadblocker.com/definition/bxproxy/" target=_blank>BXPROXY</a> TROJAN!
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.cuydoc.html" target="_blank">CUYDOC</a> TROJAN!
[c-media echo control]
Filename=EchoCtrl.exe
Confirmed=U
Description=C-Media produce audio chipsets that are often found on popular motherboards with on-board audio. You may need it if you use the echo control feature of C-Media Mixer
[c-media mixer]
Filename=Mixer.exe
Confirmed=N
Description=C-Media produce audio chipsets that are often found on popular motherboards with on-board audio. Provides System Tray access to change audio settings. Available via Start -> Settings -> Control Panel or Start -> Programs
[c2k]
Filename=CYB2K.EXE
Confirmed=U
Description=CYBERsitter 2000 or 2001 - anti-adult content filter primarily. Required if you want the sites you visit filtered without having to load the software every time you launch your browser
[c32cs2]
Filename=c32cs2.exe
Confirmed=U
Description=<a href="http://www.securitysoft.com/new601/cs_home.htm" target=_blank>Cyber Sentinel</a> - internet filtering software
[c7]
Filename=[path to worm]
Confirmed=X
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/w32.mediakill.a@mm.html" target= blank>MEDIAKILL.A</a> WORM!
[c:\windows\iexplor.exe]
Filename=IEXPLOR.EXE
Confirmed=X
Description="Pop Marketing" adware
[c:\windows\vcmnet11.exe]
Filename=VCMnet11.exe
Confirmed=X
Description=Windows AFA Internet Enhancement - a browser hijacker, redirecting to adsourcecorp.com. See <a href="http://www.bleepingcomputer.com/forums/How_to_remove_AFA_Internet_Enhancement_or_Vcmnet11exe-t19277.html" target=_blank>here</a>
[c:\windows\wintask.exe]
Filename=WinTask.exe
Confirmed=X
Description="Pop Marketing" adware
[ca-amagent]
Filename=amagent.exe
Confirmed=U
Description=<a href="http://www3.ca.com/Solutions/Product.asp?ID=194" target=_blank>Unicenter Asset Management</a> is a solution for proactively managing IT assets in a business environment. It provides full-featured asset tracking capabilities through automated discovery, hardware inventory, network inventory, software inventory, configuration management, software usage monitoring, license management and extensive cross-platform reporting
[caavtray]
Filename=CAVTray.exe
Confirmed=Y
Description=eTrust?<a href="http://home.ca.com/dr/sat5/ec_Main.Entry17c?SID=35715&SP=10023&PN=1&PID=671589&V1=671589&CID=179788&api1=78&api2=1&api3=&DSP=&CUR=840&PGRP=0&CACHE_ID=179788" target=_blank>EZ Antivirus</a> system tray application from Computer Associates
[cabchk]
Filename=Cabchk.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html" target="_blank">GEMA</a> TROJAN!
[cabchk32]
Filename=Cabchk32.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html" target="_blank">GEMA</a> TROJAN!
Description=<a href="http://www.systweak.com/cacheboost/" target="_blank">CacheBoost</a> "optimizes the System Cache-Management of Windows XP/2000/NT and Windows .Net Servers, resulting in a performance boost"
[cacheloader]
Filename=[path to trojan]
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloadernz.html" target=_blank>DLOADER-NZ</a> TROJAN!
[cacheman]
Filename=Cacheman.exe
Confirmed=N
Description=Freeware disk cache tweaker from <a href="http://www.outertech.com/">Outer Technologies</a>. Should only be run once and not loaded at start-up
Description=<a href="http://www.caddais.com/BackupOnDemand.shtml" target="_blank">Caddais BackupOnDemand</a> - "runs in the background and monitors your important files for changes. Within seconds of changing, modified files are automatically backed up to an archive location"
[cadenza]
Filename=CdzSvc.exe
Confirmed=U
Description=Cadenza <a href="http://www.sofotex.com/Cadenza-mNotes-Pocket-PC-download_L8061.html" target=_blank>mNotes</a> for Palm and Pocket PC enables users to access Lotus Notes on their mobile devices
[cads]
Filename=cads.exe
Confirmed=U
Description=<a href="http://www.securitysoft.com/new601/cs_home.htm" target="_blank">Cyber Sentinel</a> internet filtering software
[cagent]
Filename=CAgent.exe
Confirmed=N
Description=<a href="http://www.fine-reader.com/" target="_blank">Abbyy Fine Reader</a> OCR (Optical Character Recognition) software for scanning and converting documents
[cagou]
Filename=[filename].hta
Confirmed=X
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/wscript.kakworm.html" target="_blank">KAKWORM</a> WORM!
[cahootwebcard]
Filename=CahootWebcard.exe
Confirmed=N
Description="The Cahoot Webcard is a virtual card that allows you to use your Cahoot credit card online without ever having to expose your real card numbers over the web. It works by generating one-off transaction numbers as a substitute for your real cahoot credit card details". Run manually when needed
[caisafe]
Filename=isafe.exe
Confirmed=Y
Description=Part of Computer Associates <a href="http://www1.my-etrust.com/products/Antivirus.cfm?" target="_blank">eTrus EZ Antivirus</a>
[cal reminder shortcut]
Filename=calrem.exe
Confirmed=N
Description=Produces a pop-up reminder of events scheduled using the MS Office Calendar
[calc microsoft windows]
Filename=wincalc.exe
Confirmed=X
Description=Added by an unidentied WORM or TROJAN!
[calc32]
Filename=CALC32.EXE
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32spybotec.html" target=_blank>SPYBOT-EC</a> WORM!
[calendar 200x reminder]
Filename=calendar.exe
Confirmed=N
Description=<a href="http://www.jgraff.addr.com/cal.htm" target="_blank">Calendar 200X</a> - shows holidays, reminders of various anniversaries,tasks etc
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojstartpafh.html" target= blank>STARTPA-FH</a> TROJAN!
[callbumping]
Filename=cbpopw.exe
Confirmed=?
Description=<font color="#FF0000">??</font>
[callcenter main application]
Filename=V3calmcp.exe
Confirmed=U
Description="V3 Inc. <a href="http://www.v3inc.com/freecc.htm" target=_blank>CallCenter</a> is a free 32-bit, integrated fax, voicemail and data communications application with a simple to use interface providing fax send and receive functionality, basic (single mailbox) answering machine capability, and sophistcated data communications." Main application
[callcenter printer interface]
Filename=V3faxecp.exe
Confirmed=U
Description="V3 Inc. <a href="http://www.v3inc.com/freecc.htm" target=_blank>CallCenter</a> is a free 32-bit, integrated fax, voicemail and data communications application with a simple to use interface providing fax send and receive functionality, basic (single mailbox) answering machine capability, and sophistcated data communications." Fax printer
[callcontrol]
Filename=ftctrl32.exe
Confirmed=N
Description=FaxTalk Messenger Pro is a Windows TAPI based 32-bit application. When installed, the software automatically loads FaxTalk CallControl when you start Windows. When FaxTalk CallControl is running, any TAPI compliant application can request to use the modem from Windows
[camcheck]
Filename=CamCheck.exe
Confirmed=N
Description=<a href="http://www.nucam.com.tw/index1.htm" target="_blank">NuCam</a> camera software related
[cameno]
Filename=Cameno.exe
Confirmed=U
Description=<a href="http://www.spadeapps.com/cameno/" target=_blank>Cameno</a> is a program which brings tabbed windows to MSN Messenger 6.0 and above
[camio viewer x]
Filename=IXApplet.exe
Confirmed=N
Description=Image viewing program that comes with digital cameras. Shows pictures that are in the camera before downloading them. "x" in the name is the version
[cammonitor]
Filename=hpqcmon.exe
Confirmed=?
Description=<font color="#FF0000">From HP and related to digital imaging</font>
[canada]
Filename=Canada.exe
Confirmed=N
Description=<font color="#FF0000">Known to be a dialler - but is it maliscous or clean?</font>
[canary]
Filename=canary-std.exe
Confirmed=U
Description=Canary ?keystroke logger/monitoring program. Given a "U" recommendation because it depends if you intentionally installed it. If you didn't treat it as "X" and uninstall or remove
[candy]
Filename=command32.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotlv.html" target="_blank">RBOT-LV</a> WORM!
[candynet]
Filename=Taskmsg.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotna.html" target=_blank>RBOT-NA</a> WORM!
[canon multipass status monitor]
Filename=monitr32.exe
Confirmed=U
Description=Cannon Multi-Pass status monitor - your choice
[canon pc1200 ic d600 ir1200g status window]
Filename=CAPM1LAK.EXE
Confirmed=?
Description=Cannon printer related - <font color="#FF0000">is it required in startup?</font>
[canon printer monitor bjcxxx]
Filename=Cjstlst.exe
Confirmed=N
Description=Trayicon for Canon printer. xxx denotes model. Available via Start -> Programs
[cap3on]
Filename=CAP3ONN.EXE
Confirmed=?
Description=Canon driver, purpose unknown. <font color="#FF0000">Is it required in startup?</font>
Description=Care2 Green Thumbs-Up (from the Care2 site). Every online purchase helps environmental causes; tells you how eco-friendly a company really is, thanks to over 200 company profiles from Coop America. Saves 1 square foot of rainforest every day you use it. If it works and you like it, keep it
[carpserver]
Filename=CARPserver.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankeran.html" target=_blank>BANKER-AN</a> TROJAN!
[carpservice]
Filename=carpserv.exe
Confirmed=U
Description=Associated with <a href="http://www.zoltrix.com/" target="_blank"> Zoltrix</a> modems - enables the internal modem speaker, allowing you to listen to the dial-up sounds for example
[cartao]
Filename=[path to file]
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderqd.html" target=_blank>DLOADER-QD</a> TROJAN!
Description=Cashsurfers CashBar Navigator - "The CashBar rotates banner advertisements once per minute and provides you with access to up to date special offers and deals"
[casstub]
Filename=casstub.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojcassa.html" target=_blank>CASS-A</a> TROJAN!
[cavrid]
Filename=CAVRID.exe
Confirmed=Y
Description=eTrust?<a href="http://home.ca.com/dr/sat5/ec_Main.Entry17c?SID=35715&SP=10023&PN=1&PID=671589&V1=671589&CID=179788&api1=78&api2=1&api3=&DSP=&CUR=840&PGRP=0&CACHE_ID=179788" target=_blank>EZ Antivirus</a> Real Time Infection Report from Computer Associates
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.cazno.html" target="_blank">CAZNO</a> TROJAN!
[cback.exe]
Filename=CBACK.EXE
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojpentaa.html" target=_blank>PENTA-A</a> TROJAN!
[cbwattn]
Filename=CBWAttn.exe
Confirmed=U
Description=Required for <a href="http://www.accpac.com/products/communication/bitware/" target="_blank"> Bitware</a> to answer incoming faxes, can cause sleep mode problems
[cbwhost]
Filename=CBWHost.exe
Confirmed=U
Description=Required for <a href="http://www.accpac.com/products/communication/bitware/" target="_blank"> Bitware</a> to answer incoming faxes, can cause sleep mode problems
[cbwuser]
Filename=CBWDial.exe
Confirmed=?
Description=Associated with <a href="http://www.accpac.com/products/communication/bitware/" target="_blank"> Bitware</a> that integrates fax, voice, pager, and data communications on your desktop
Description=Part of the closed caption decdoder/MS VBI codec. Should only run once
[ccdoctorlogontesting]
Filename=ccdoctor.exe
Confirmed=Y
Description=Checks your system to make sure it's configured properly for running <a href="http://www.rational.com/products/clearcase/index.jsp" target="_blank">Rational ClearCase</a>, a source code management tool. ClearCase is fairly sophisticated so there are a lot of system-related things that can cause it grief. If you run ClearCase you should not disable this as it provides a valuable service, but technically it isn't required to use the ClearCase product
Description=Part of <a href="http://www.symantec.com/nav/nav_9xnt/" target="_blank"> Norton AntiVirus 2003</a>.<font color="#FF0000"> </font>Event manager for scheduling weekly scans and or automatic virus updates. Used to start automatically via "ccApp" and was not required as a seperate entry but a recent update changed this
[ccevtmrg.exe]
Filename=ccEvtMrg.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.GZ&VSect=T" target=_blank>RBOT.GZ</a> WORM!
[ccexecute]
Filename=bootcfg1.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32nemsib.html" target=_blank>NEMSI-B</a> VIRUS!
Description=Part of Norton Internet Security, proxy server that is used to support the parental controls. If you turn parental controls off at user level the process is not loaded. Reported to cause excessive CPU usage
[ccpxysvc]
Filename=CCPXYSVC.exe
Confirmed=Y
Description=Part of Norton's <a href="http://www.symantec.com/nav/nav_9xnt/" target="_blank"> AntiVirus 2003</a>, <a href="http://www.symantec.com/sabu/nis/nis_pe/" target="_blank"> Internet Security</a> and <a href="http://www.symantec.com/sabu/nis/npf/" target="_blank"> Firewall</a> products. E-mail proxy service - required for E-mail scanning and the firewall
[ccreg]
Filename=explorer.exe
Confirmed=X
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/backdoor.irc.zcrew.html" target="_blank">ZCREW</a> TROJAN! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would only be in startups if you added it manually. This one is located in the System subfolder
[ccsetmgr]
Filename=ccSetMgr.exe
Confirmed=Y
Description=Part of Norton AntiVirus 2004. <font color="#FF0000"> What does it do?</font>
[ccsvit.exe]
Filename=ccsvit.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojstartpahp.html" target=_blank>STARTPA-HP</a> TROJAN!
[ccupdate]
Filename=ccUpdate.exe
Confirmed=X
Description=Added by the <a href="http://es.trendmicro-europe.com/enterprise/security_info/ve_detail.php?VName=WORM_AGOBOT.YS&VSect=T" target=_blank>AGOBOT.YS</a> WORM!
[ccwasher]
Filename=aolwasher.exe
Confirmed=U
Description=Webroot Cache & Cookie Washer - cleaning browser tracks, including cache, cookies, history, mail trash, drop-down address bar, auto-complete forms and downloaded program files for IE, Netscape and AOL
[ccwc7a]
Filename=ac.exe
Confirmed=U
Description=<a href="http://www.moleculesoft.se/index2b.html" target=_blank>Moleculesoft</a> Cache, Cookie & Windows Cleaner Ver. 7 - auto clean
[ccwc7i]
Filename=idxl.exe
Confirmed=U
Description=<a href="http://www.moleculesoft.se/index2b.html" target=_blank>Moleculesoft</a> Cache, Cookie & Windows Cleaner Ver. 7 - auto clean
[ccwc7s]
Filename=stealth.exe
Confirmed=U
Description=<a href="http://www.moleculesoft.se/index2b.html" target=_blank>Moleculesoft</a> Cache, Cookie & Windows Cleaner Ver. 7
[cd storage master]
Filename=cdstorager.exe
Confirmed=N
Description=<a href="http://www.cdstorager.com/" target= blank>CD Storage Master</a> - a program designed to catalog CD information, boasts a number of handy features for organizing your collection
[cd1]
Filename=cd1.exe
Confirmed=X
Description=Premium rate adult content dialler
[cdantsrv]
Filename=CDANTSRV.exe
Confirmed=N
Description=C-Dilla License Management software. Used for any program that uses C-dilla Protection, example: 3D Studio Max 4.x. It loads as a service automatically but is not needed unless you run said program. Can be started and stopped manually
[cdcompat]
Filename=Cdcompat.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html" target="_blank">GEMA</a> TROJAN!
[cddrv32]
Filename=cddrv32.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojcrypterc.html" target="_blank">CRYPTER.C</a> TROJAN!
[cdinterceptor]
Filename=cdi.exe
Confirmed=N
Description=CD indexer for measuring the speed of CD players
[cdrom controller]
Filename=cdromcntrl.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbattrya.html" target=_blank>BATTRY-A</a> TROJAN!
[cds]
Filename=cds.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.spymon.html" target=_blank>SPYMON</a> TROJAN!
[cdtray]
Filename=CDTray.exe
Confirmed=N
Description=On HP PCs, this is the small CD icon next to the time
[ceekey]
Filename=CeEKey.exe
Confirmed=U
Description=Hot Key utility included on Toshiba Satellite laptops
[ceepower]
Filename=cepmtray.exe
Confirmed=U
Description=Toshiba's Power Management Utility - allows the user to setup different profiles for both AC power and Battery Power on laptops. Contols CPU speed, Monitor Shut Off, Hard Drive Shut-Off, Monitor Brightness, System Stand-by and System Hibernate times
[ceic]
Filename=Ceic.exe
Confirmed=?
Description=<font color="#FF0000">??</font>
[cekirge]
Filename=[path to worm]
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.kergez.a@mm.html" target="_blank">KERGEZ.A</a> WORM!
[center]
Filename=[random name]32.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.bofra.a@mm.html" target=_blank>BOFRA.A</a> WORM!
[centralprocessor]
Filename=taskimgr.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.bancos.j.html" target="_blank">BANCOS.J</a> TROJAN!
[cepa]
Filename=wsot.exe
Confirmed=?
Description=<font color="#FF0000">??</font>
[cesarftp ftp server]
Filename=server.exe
Confirmed=N
Description=<a href="http://www.aclogic.com/" target="_blank">CesarFTPd</a> - FTP server
[cesmain.dll]
Filename=cmail.dll, Rundll32
Confirmed=X
Description=CnsMin "<a href="http://217.115.153.73/parasite/CnsMin.html" target="_blank">Chinese Keywords</a>" hijacker related
[ceventmgr]
Filename=Cell.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbifroseak.html" target=_blank>BIFROSE-AK</a> TROJAN!
[cfd]
Filename=CFD.exe
Confirmed=N
Description=<a href="http://www.broadjump.com/" target="_blank">BroadJump</a> Client Foundation. Broadband troubleshooting software installed by various companies. Not required and you can remove it via Add/Remove programs
Description=Introduced with Norton Anti-Virus 2002, this is a real resource hog. Many NAV users will find they can live without loading it
[cfosdnt]
Filename=cFosDNT.exe
Confirmed=?
Description=<a href="http://www.cfos.de/index2_e.htm" target="_blank">cFos</a> DSL Modem driver related. <font color="#FF0000">What does it do and is it required?</font>
[cfosinst_check]
Filename=cfosinst.exe
Confirmed=?
Description=<a href="http://www.cfos.de/index2_e.htm" target="_blank">cFos</a> DSL Modem driver related. <font color="#FF0000">What does it do and is it required?</font>
[cfosspeed]
Filename=cFosSpeed.exe
Confirmed=U
Description=<a href="http://www.cfos.de/index2_e.htm" target=_blank>cFos Software</a> Internet acceleration program related. Note - may be necessary for the software to work properly
[cftmon32]
Filename=taskmgr*.exe [* = number]
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.sowsat.c@mm.html" target="_blank">SOWSAT.C</a> and <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.sowsat.j@mm.html" target="_blank">SOWSAT.J</a> WORMS!
Description=Associated with an <a href="http://www.eicon.com/worldwide/default.htm" target="_blank">Eicon Networks</a> ISDN or ADSL modem. Call Guard Server (CGserver) watches your modem and blocks incoming or outgoing calls. You need cgard.exe (from Startmenu) to configure cgserver with rules and telephone numbers. Good against unwanted dialer programs
[cgtask services]
Filename=cgtask.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.lala.b.html" target="_blank">LALA.B</a> TROJAN!
[cgywin]
Filename=cgywin32.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaei.html" target=_blank>RBOT-AEI</a> WORM!
[chamclock]
Filename=ChamClock.exe
Confirmed=U
Description=<a href="http://www.softshape.com/cham/" target="_blank">Chameleon Clock</a> - system tray clock replacement
[change-me-now]
Filename=msgfix1.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.ZD" target=_blank>SDBOT.ZD</a> WORM!
[changeicon]
Filename=SPMSMON.EXE
Confirmed=U
Description=Card reader related program. Note - may cause problems with My Computer loading at startup. Disabling through MsConfig seems to solve the problem
[changelines]
Filename=chngline.exe
Confirmed=?
Description=<font color="#FF0000">??</font>
[chatango]
Filename=Chatango.exe
Confirmed=N
Description=<a href="http://www.chatango.com/" target=_blank>Chatango</a> - "allows people to be connected in real time through their Web browsers. Include your Chatango contact link or button when you create eBay auctions, blogs, personal websites, Friendster profiles, and your visitors will be able to contact you instantly, without downloading anything, or registering. Alo use it to send email to your friends, allowing them to respond to you in real time!." The 'MessageCatcher' icon in the System Tray notifies you when you get a message. When you get a message, a little alert pops up, which you can click on and start chatting immediately
[chcenter]
Filename=chcenter.exe
Confirmed=N
Description=IMSI <a href="http://www.imsisoft.com/prodinfo.asp?t=1&mcid=100" target="_blank">HiJaak</a> - "the easiest way to convert, capture, and manage all your graphic files"
[che32]
Filename=che.ocx.vbs
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/wm97adenub.html" target=_blank>ADENU-B</a> VIRUS!
[cheatle]
Filename=GigaByte.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllp.shodi.b.html" target="_blank">SHODI.B</a> VIRUS!
[check for one touch update]
Filename=wiseupdt.exe
Confirmed=N
Description=Checks for updates for Visioneer OneTouch scanners
[check for tws updates]
Filename=WiseUpdt.exe
Confirmed=N
Description=Interactive Brokers - check for update to their standalone Java-based trading platform
[check messenger]
Filename=cmesseng.exe
Confirmed=U
Description=<a href="http://www.qchex.com/messenger.asp" target="_blank">Check Messenger</a> from Qchex.com - program that helps you manage the activity of your Qchex account
[checkcustomworksupdate]
Filename=CheckCWupdate.exe
Confirmed=N
Description=Update checker, part of <a href="http://www.designersgallerysoftware.com/products/product.asp?Product_ID=EDG-CW" target=_blank>CustomWorks</a> - "customize any embroidery designs to design your own unique creations"
[checkdisk]
Filename=mscas.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojvagona.html" target=_blank>VAGON-A</a> TROJAN!
[checkit]
Filename=ToolBox.exe
Confirmed=U
Description=CheckIt Toolbox from <a href="http://cssvc.pcworld.compuserve.com/computing/cis/article/0,aid,15497,00.asp" target="_blank">WinCheckIt Diagnostic Software</a>. Toolbox automatically backs up critical system files (such as .ini files and the Windows Registry), and performs a check on various system parameters at intervals you specify
Description=Added by MSN Messenger Plus, a third party extension to MSN Messenger. This is the auto-update feature - see <a href="http://www.patchou.com/msgplus/faq.htm#stopconnect" target="_blank">here</a> for more info.
[checkscan32]
Filename=regload16.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AEBOT.K&VSect=P" target=_blank>AEBOT.K</a> WORM!
[checktime]
Filename=ct.exe
Confirmed=?
Description=<font color="#FF0000">Found in the HPSelectFrontend directory on a HP machine. What is it's purpose and is it required?</font>
[checkvcr]
Filename=IOMagic.exe
Confirmed=Y
Description=Driver for the <a href="http://www.iomagic.com/" target=_blank>I/OMagic</a> Personal Video Recorder (DR-PCTV100)
[cherrykeyman]
Filename=KeyMan.exe
Confirmed=U
Description=Multimedia keyboard manager for the <a href="http://www.cherrycorp.com/english/" target="_blank">Cherry</a> keyboard series. Only required if you use any of the special keys
[china11msn]
Filename=CHINA11MSN.EXE
Confirmed=X
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/w32.envid.o@mm.html" target=_blank>ENVID.O</a> WORM!
Description=Compaq Network Management System. When running, it places an icon in the system tray titled "Intelligent Manageability"
[chkdsk]
Filename=c:\autoexec.bat
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.anpes@mm.html" target=_blank>ANPES</a> WORM!
[choke]
Filename=Choke.exe-blahh
Confirmed=X
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/w32.choke.worm.html" target="_blank">CHOKE</a> WORM!
[chope]
Filename=runlli32.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojqqpassu.html" target=_blank>QQPASS-U</a> TROJAN!
[chostsv]
Filename=chostsv.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.banpaes.c.html" target="_blank">BANPAES.C</a> TROJAN!
[christmas music player]
Filename=TTEST6.EXE
Confirmed=N
Description=<I>"</I>Christmas Music Player<I> </I>brings the music of the Christmas Holiday to your desktop"
[chromemark]
Filename=keysh.exe
Confirmed=?
Description=<font color="#FF0000">Related to <a href="http://chromium.com/chromemark.html" target="_blank">this</a>. Don't know what keysh.exe does though and if it's required</font>
[chronitelinittv]
Filename=CHTVINIT.EXE
Confirmed=?
Description=<font color="#FF0000">??</font>
[ciabackdoor]
Filename=msldr.com
Confirmed=X
Description=Added by a VIRUS!
[cihost.exe]
Filename=cihost.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.linst.html" target="_blank">LINST</a> TROJAN!
[cijxp2pserver]
Filename=CIJxP2PS.EXE
Confirmed=N
Description=Compaq printer utility which is required in order to make the printer work correctly - "x" depends upon the model, ie, for IJ300 x=3, for IJ700 x=7
[cisrvr program]
Filename=CISRVR.EXE
Confirmed=N
Description=Related to internet setup on Compaq PC's
[cissi]
Filename=Cissi.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.cissi.a@mm.html" target="_blank">CISSI.A</a> WORM!
[citiucs]
Filename=CitiUCS.exe
Confirmed=U
Description=Citibank <a href="http://www.citibank.com/us/cards/tour/cb/shp_van.htm" target=_blank>Virtual Account Numbers</a> - "With this free service for Citi cardmembers, you never have to give out your real credit card number online"
[citivan]
Filename=CitiVAN.exe
Confirmed=N
Description=Option from <a href="http://www.citibank.com/" target="_blank">Citibank</a> to change a credit card number in a random fashion for each purchase. The number will only be used once and never again
[cjet]
Filename=CJet.exe
Confirmed=X
Description=Added by the <a href="http://www.sarc.com/avcenter/venc/data/adware.fftoolbar.html" target=_blank>Adware.FFToolBar</a> adware toolbar
[cjstcom]
Filename=Cjstcom.exe
Confirmed=Y
Description=Canon printer BJ status language monitor
Description=Apparently Annex A ADSL modem related. <font color="#FF0000">What does it do and is it required?</font>
[cleansweep smart sweep- internet sweep]
Filename=Csinsm32.exe
Confirmed=U
Description=Automatic logging of installs from Norton CleanSweep - available via Start -> Programs
[cleansweep useage watch]
Filename=CSUSEM32.EXE
Confirmed=N
Description=Quarterdeck/Norton CleanSweep component - tracks how often you use files and alerts you to files that have not been used for a specified period of time
[cleanup]
Filename=ONICTASK.EXE
Confirmed=N
Description=<a href="http://www.aladdinsys.com/internetcleanup/" target="_blank">Internet Cleanup</a> from Aladdin Systems (used to be by OnTrack) - cleans up tracks left by browsing the internet
[cleanupprogram]
Filename=cleanup.exe
Confirmed=?
Description=<font color="#FF0000">In a C:\Sony\sys folder - Sony Vaio related?</font>
[clean_service]
Filename=clean_service.cmd
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.refaz.html" target=_blank>REFAZ</a> WORM!
[clfmon.exe]
Filename=clfmon.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagentbj.html" target=_blank>AGENT-BJ</a> TROJAN!
[click radio tuner]
Filename=clickr~1.exe
Confirmed=N
Description=<a href="http://www.clickradio.com/home.html" target="_blank">ClickRadio</a> - subscription service playing radio music via the internet
[click tray calendar]
Filename=ClickT~1.EXE
Confirmed=N
Description=<a href="http://waseo.de/en/Freeware2/ClickTrayE/clicktraye.html" target="_blank">ClickTray Calendar</a> - shows holidays, reminders of various anniversaries,tasks etc
[clickme]
Filename=ClickMe.exe
Confirmed=N
Description=<a href="http://www.trendmicro.com/vinfo/jokes/jokesDetails.asp?JNAME=JOKE_CLICKME.A" target=_blank>ClickM</a> "JOKE" program
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.T" target="_blank">OPASERV.T</a> WORM!
[client access api daemon]
Filename=cwbappcd.exe
Confirmed=U
Description=IBM iSeries Client Access, see <a href="http://www-1.ibm.com/servers/eserver/iseries/access/" target=_blank>here</a>
[client access check version]
Filename=cwbckver.exe
Confirmed=N
Description=Part of IBM's <a href="http://www-1.ibm.com/servers/eserver/iseries/access/" target="_blank">iSeries</a> (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. Checks the software version on your PC to that of the iSeries it is connected to. Not required - and can be turned off in the Client Access properties. It's a waste of resources
[client access express welcome]
Filename=cwbwlwiz.exe
Confirmed=?
Description=Welcome wizard launcher - Part of IBM's <a href="http://www-1.ibm.com/servers/eserver/iseries/access/" target="_blank">iSeries</a> (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. <font color="#FF0000">What does it do and is it required?</font>
[client access help update]
Filename=cwbinhlp.exe
Confirmed=N
Description=Client Access Help Registry Update Function - part of IBM's <a href="http://www-1.ibm.com/servers/eserver/iseries/access/" target="_blank">iSeries</a> (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. It only updates the help files on your PC to match the level of the attached iSeries
[client access service]
Filename=CwbSvStr.Exe
Confirmed=N
Description=Part of IBM's <a href="http://www-1.ibm.com/servers/eserver/iseries/access/" target="_blank">iSeries</a> (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. Useful if you are going to access the iSeries through Windows Explorer to move files back and forth between Windows folders and iSeries folders. This is a tool that is only used by Client Access administrators (usually) so it is not required - a waste of resources
[client access taskbar]
Filename=cwbuitsk.exe
Confirmed=U
Description=IBM iSeries Client Access taskbar, see <a href="http://www-1.ibm.com/servers/eserver/iseries/access/" target=_blank>here</a>
[client agent for arcserve]
Filename=W95AGENT.EXE
Confirmed=?
Description=Part of <a href="http://www3.ca.com/Solutions/ProductFamily.asp?ID=115" target="_blank">Brightstor ARCserve Backup</a> from Computer Associates. <font color="#FF0000">What does it do and is it required?</font>
[client for microsoft networks]
Filename=msclient32.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotbxq.html" target=_blank>SDBOT-BXQ</a> WORM!
[client server control process]
Filename=[path to trojan]
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagenthr.html" target=_blank>AGENT-HR</a> TROJAN!
[client update]
Filename=wup.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www.sophos.com.au/virusinfo/analyses/w32opankia.html" target=_blank>OPANKI-A</a> WORM!
Description=Part of Iomega Tools to let you know whether an Iomega PocketZip (nee Clik) removable drive cartridge is installed
[clipbook service]
Filename=Clipsrv.exe
Confirmed=N
Description=Supports Windows XP ClipBook Viewer, which allows pages to be seen by remote ClipBooks
[clipmate5x]
Filename=ClipMt5x.exe
Confirmed=N
Description=<a href="http://www.thornsoft.com/ProductOverview.asp" target="_blank">Clip Mate 5.x</a> by Thornsoft. Utility that allows you to store more than one item in the clipboard. Available via Start -> Programs
[clipmate6]
Filename=CLIPMT60.EXE
Confirmed=N
Description=<a href="http://www.thornsoft.com/new_60.htm" target="_blank">Clip Mate 6</a> by Thornsoft. Utility that allows you to store more than one item in the clipboard. Available via Start -> Programs
[clipomatic]
Filename=Clipomatic.exe
Confirmed=N
Description=Mike Lin's <a href="http://www.mlin.net/Clipomatic.shtml" target="_blank">Clipomatic</a> is a clipboard cache program - it remembers what was copied to the clipboard even after new data is copied, and allows you to retrieve the old data
Description=System tray status/display/configuration utility for a number of modems. Can be disabled by right-clicking on the tray icon. If disabled, connection status is lost
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsdbotxm.html" target= blank>SDBOT-XM</a> TROJAN!
[clocksync]
Filename=Sync.exe
Confirmed=X
Description=<a href="http://www.clock-sync.com/" target="_blank">ClockSync</a> - synchronizes your system clock with an internet time server. It's by WhenU, the makers of the Save Now spyware, and they're usually seen in tandem, so it's advised to replace it with one of may spyware free alternatives available
[clockwise]
Filename=CLOCKWISE.EXE
Confirmed=U
Description=<a href="http://www.rjsoftware.com/ClockWise/" target="_blank">ClockWise</a> - produced by R J Software - a time utility. It is a schedueler not only for dates, but you can choose it to run programs at any time. It also updates the time by connecting to an atomic clock server. This is a spyware-free alternative to ClockSync
[clonecd]
Filename=CloneCDTray.exe
Confirmed=U
Description=System tray for <a href="http://www.elby.org/CloneCD/english/" target="_blank">CloneCD</a> - the only useful option is "Hide CDR Media" only available via this tray. Has additional unknown functions in later versions
[clonecdelbycdfl]
Filename=ElbyCheck.exe
Confirmed=U
Description=From <a href="http://www.elby.org/english/corp/index.htm" target="_blank">Elaborate Bytes</a> who make CloneCD - monitors the installed filters of CD-ROMs/DVD-ROMs. Note - under Win2K removing this from startup causes the CD drive in the computer to not be recognized in the OS and after rechecking it prompts that the driver has been corrupted and asks you to restart the computer to fix it
[clonecdtray]
Filename=CloneCDTray.exe
Confirmed=U
Description=System tray for <a href="http://www.elby.org/CloneCD/english/" target="_blank">CloneCD</a> - the only useful option is "Hide CDR Media" only available via this tray. Has additional unknown functions in later versions
[clotusorgreg0]
Filename=prtStart.exe Orgprt.exe
Confirmed=?
Description=Lotus <a href="http://www.lotus.com/products/smrtsuite.nsf/wPages/smartsuite?OpenDocument" target="_blank"> SmartSuite</a> related. In a LotusOrgReg folder. <font color="#FF0000"> Unclear what exactly it does?</font>
[clre]
Filename=mmdc.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojpurscanai.html" target=_blank>PURSCAN-AI</a> TROJAN!
[clrschloader]
Filename=Loader.exe
Confirmed=X
Description=Clearsearch variant of <a href="http://www.igetnet.com/iGetNet_Home.asp" target="_blank"> IGetNet</a>
[cm-smwizard]
Filename=SmWizard.exe
Confirmed=?
Description=SmartWizard MFC Application - associated with C-Media who produce audio chipsets commonly used for on-board sound on motherboards. <font color="#FF0000">What does it do and is it required?</font>
[cma]
Filename=cma.exe
Confirmed=U
Description=<a href="http://www.desksitemusic.com/" target="_blank">DeskSite CMA siftware</a> - "retrieves new content from the DeskSite Data Center"
[cmapp]
Filename=cmappclient.exe
Confirmed=X
Description=CasClient adware - also detected as the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.cmapp.html" target=_blank>CMAPP</a> TROJAN!
[cmaudio]
Filename=Rundll32 cmicnfg.cpl, CMICtrlWnd
Confirmed=N
Description=System tray control panel for C-Media based soundcards - often included on popular motherboards with in-built audio. Available via Start -> Settings -> Control Panel
[cmd]
Filename=cmd32.exe
Confirmed=X
Description=Added by the <a href="http://www.viruslibrary.com/virusinfo/Worm.P2P.Tanked.htm" target="_blank">TANKED</a> WORM!
[cmd32]
Filename=configs.exe
Confirmed=X
Description=Hijacker, also detected as the <a href="http://vil.nai.com/vil/content/v 126408.htm" target= blank>QURL-2</a> TROJAN!
[cmdcon]
Filename=cmdcon.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A" target="_blank">CRYPTER.A</a> TROJAN!
[cme]
Filename=cme.exe
Confirmed=X
Description=Part of <a href="http://www.thiefware.com/info/data.gator.shtml" target="_blank"> Gator</a> advertising spyware - see <a href="http://www.pchell.com/support/gator.shtml" target="_blank">here</a> for removal instructions
[cmesys]
Filename=CMEsys.exe
Confirmed=X
Description=Part of <a href="http://www.thiefware.com/info/data.gator.shtml" target="_blank"> Gator</a> advertising spyware - see <a href="http://www.pchell.com/support/gator.shtml" target="_blank">here</a> for removal instructions
[cmeupd]
Filename=CMEupd.exe
Confirmed=X
Description=Part of <a href="http://www.thiefware.com/info/data.gator.shtml" target="_blank"> Gator</a> advertising spyware - see <a href="http://www.pchell.com/support/gator.shtml" target="_blank">here</a> for removal instructions
[cmgrdian]
Filename=CMGrdian.exe
Confirmed=?
Description=One of the McAfee shared components. <font color="#FF0000"> What does it do and is it required?</font>
[cmman]
Filename=CMMan.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.cmapp.html" target=_blank>CMAPP</a> TROJAN!
[cmmon32sys]
Filename=cmmon32.exe
Confirmed=X
Description=Added by the SMALL.CL TROJAN!
[cmpciaudio]
Filename=RunDll32 CMICNFG3.CPL, CMICtrlWnd
Confirmed=U
Description=Registers the Control Panel applet for a C-Media PCI sound card
[cmpdpsrv]
Filename=CMPDPSRV.EXE
Confirmed=U
Description=<a href="http://www.viewahead.com/PDP.htm" target="_blank">Printer Driver Plus</a> from ViewAhead Technology (formerly DeviceGuys, Inc.). "Printer Driver Plus seamlessly integrates all the necessary components of a printer driver, plus more." Installed with some Compaq and Lexmark printers
[cms]
Filename=iserver.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderwk.html" target=_blank>DLOADER-WK</a> TROJAN!
[cmss]
Filename=system.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojcrypterc.html" target="_blank">CRYPTER.C</a> TROJAN!
[cmx32]
Filename=cmx32.exe
Confirmed=X
Description=Added by the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=40493" target=_blank>GEMA.D</a> TROJAN!
[cn323]
Filename=cnfrm33.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.mimail.g@mm.html" target=_blank>MIMAIL.G</a> WORM!
[cnbabe]
Filename=CNBABE.EXE
Confirmed=X
Description=Appears to be spyware added by KAZAA (and maybe others) that displays pop-up ads whilst you're browsing
[cnet]
Filename=kontiki.exe
Confirmed=N
Description=<a href="http://help.kontiki.com/enduser/group.jsp;jsessionid=2C47C896EA1784C5321FD3E6845E8157?node=2846" target="_blank">Kontiki Delivery Manager</a> - Windows-based client software that enables secure delivery of content to users' desktops
[cnfrm32]
Filename=cnfrm.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.mimail.d@mm.html" target=_blank>MIMAIL.D</a> WORM!
[cnsmax]
Filename=Internat.exe
Confirmed=X
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/backdoor.pointex.html" target="_blank">POINTEX</a> TROJAN! Note - the real internat.exe resides in %windir%\system (where %windir% is the Windows directory - C:\Windows or C:\Winnt) whereas this version resides in %windir%
[cnsmin]
Filename=Rundll32.exe CNSMIN.DLL, Rundll32
Confirmed=X
Description=CnsMin "<a href="http://217.115.153.73/parasite/CnsMin.html" target="_blank">Chinese Keywords</a>" hijacker related
[cnxadsll]
Filename=CnxAdslL.exe
Confirmed=Y
Description=DLink, Zoom, or Conexant modem driver
[cnxdsltaskbar]
Filename=CnxDslTb.exe
Confirmed=N
Description=Connexant DSL Taskbar as used on Acess Runner and Samsung AHT-E310 ADSL modems
[codename dashboard]
Filename=dashboard.exe
Confirmed=U
Description=<a href="http://www.downlinx.com/proghtml/415/41557.htm" target="_blank">Codename: Dashboard</a> - "an application that resides at the side of your screen. Built on the Microsoft .NET Framework, it is a host for interchangeable components through which C.D. allows you to have any information you want, on your desktop, all the time"
[coldlife -icmp]
Filename=Systray.exe
Confirmed=X
Description=Added by the <a href="http://vil.nai.com/vil/content/Print100363.htm" target="_blank">FLOOD.AV</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/systray/" target="_blank">systray.exe</a> process
[coloreal]
Filename=coloreal.exe
Confirmed=U
Description=Makes colours sharper and brighter, but will only work with coloreal capable monitors
[colorific control panel]
Filename=Hgcctl95.exe
Confirmed=N
Description=From E_Color. Colorific delivers accurate gamma and color temperature across your entire system - monitor to printer and digital camera to monitor
[com+ event system]
Filename=DRWTSN16.EXE
Confirmed=X
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.lovgate@mm.html" target="_blank">LOVGATE</a> WORM!
[com+ eventsystem services]
Filename=ECSERVER.EXE
Confirmed=X
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
[com+ sys]
Filename=csrs.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotbt.html" target=_blank>FORBOT-BT</a> WORM!
[com+ system applications]
Filename=lsas.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.SE" target=_blank>AGOBOT.SE</a> WORM!
[com-ip]
Filename=COMIP.EXE
Confirmed=N
Description=COM-IP Virtual Modem Driver (COM-IP Creates a Fake Serial Port that allows you to use older DOS Based Communications Programs over Telnet. Type atdt host.domain.com instead of atdt 5551212)
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojchimoc.html" target=_blank>CHIMO-C</a> TROJAN!
[combop.exe]
Filename=combop.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbowfeeda.html" target=_blank>BOWFEED-A</a> TROJAN!
[comcast network]
Filename=ribiva.exe
Confirmed=X
Description=Added by an <a href="http://securityresponse.symantec.com/avcenter/venc/data/irc.trojan.html" target= blank>IRC TROJAN</a> variant!
[comcastsupport]
Filename=tgkill.exe
Confirmed=X
Description=Comcast (the cable folks who are replacing @home in some parts of the USA) have struck a deal with Tioga to provide an "enhanced" support and self-repairing tool. This is "beta" at present and was made available to download by mistake at present. Remove via Start -> Settings -> Add/Remove Programs
[comcfg]
Filename=comcfg.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_TOADCOM.A" target="_blank">TOADCOM.A</a> TROJAN!
[comctl32]
Filename=comctl32.exe
Confirmed=X
Description=Adware - recognized by <a href="http://www.kaspersky.com/personalpro" target=_blank>Kaspersky</a> antivirus and others as TrojanDownloader.Win32.Agent.am
[comdrv32]
Filename=svdhost.exe
Confirmed=U
Description=<a href="http://www.protectcom.com/" target="_blank">Orvell Monitoring 2003</a> - surveillance software that creates records of everything people do on a computer, ie, spying or monitoring depending upon how you call it. Note - asks for permission to contact the IP address of http://www.protectcom.com/
[comm driver]
Filename=commh32.exe
Confirmed=U
Description=G Data "PC Spion". PC monitoring and surveilling software, captures all users activity on the PC, see <a href="http://www.chip.de/artikel/c_artikel_8806643.html" target=_blank>here</a>. Disable/remove if you didn't install it yourself!
[command prompt32]
Filename=CmdPrompt32.pif
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.assiral.b@mm.html" target=_blank>ASSIRAL.B</a> WORM!
[commctr]
Filename=commctr.exe
Confirmed=N
Description="<a href="http://commcenter.net2phone.com/GLPPublish.asp?idpage=features" target="_blank">Net2Phone CommCenter</a> is the latest in Internet voice technology allowing you to place calls easily all over the world right from your PC!". Available via Start -> Programs
[compaq alerter]
Filename=CPQAlert.exe
Confirmed=U
Description=Compaq's Insight Manager Agent - a tool that allows for "fault, performance, and configuration management". Recommended for corporate users only. It's best removed if installed but not wanted, rather than disabled at startup. See <a href="http://www.compaq.com/products/servers/management/cim-description.html" target="_blank">here</a> for more information
[compaq computer corp sccenter module]
Filename=SCCENTER.EXE
Confirmed=N
Description=For Compaq PC's. Part of Backweb
[compaq computer security]
Filename=Rundll32.exe SECURE32.CPL, Service
Confirmed=?
Description=<font color="#FF0000">??</font>
[compaq dmi]
Filename=cpqdmi.exe
Confirmed=N
Description=Compaq version of the Desktop Management Interface
[compaq drivers]
Filename=F1rewalls.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotwd.html" target= blank>SDBOT-WD</a> WORM!
[compaq internet setup]
Filename=inetwizard.exe
Confirmed=N
Description=For Compaq PC's. Runs Compaq internet setup wizard and offers you to signup from ISP list
[compaq jes drivers]
Filename=winjes.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotxr.html" target= blank>SDBOT-XR</a> WORM!
[compaq knowledge center]
Filename=silent.exe & matcli.exe
Confirmed=U
Description="matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, state, etc and gets written to a log file while silent.exe executes matcli.exe quietly in the background. Compaq Knowledge Center is required to run with the Help and Support program. If you uncheck Compaq Knowledge Center and and then run help and Support it will add another Compaq Knowledge Center in the startup menu. If you remove the Compaq Knowledge Center in the add/remove program some help menus in help and support will not be available like Fix my Presario, Preference, and Contact Technical Support". You decide
[compaq message server]
Filename=COMPAQ-RBA.EXE
Confirmed=N
Description=Applies to the CPQBootPerfDB entry as well. These files generate some kind of server or servlet that attempts to connect with Compaq online. They are like Trojans, but fairly harmless. They send information on the "Compaq Advisor/Compaq Message Screener" application that comes with every Compaq computer and provide feedback on how computer users use the Message Advisor. These messages appear occasionally and instruct and advise users on their computer and its use. They generally attempt to get you (these messages) to connect to Compaq's website. They may be safely disabled via (1) MSCONFIG or (2) Start -> Programs -> Compaq Advisor -> Advisor Settings under the "advanced" tab. Not required and can cause problems
[compaq pk daemon]
Filename=cpqkl.exe
Confirmed=U
Description=For Compaq laptops for programming user configurable keys. Not required unless you use them
[compaq print fax]
Filename=cpqa1000.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.BCV&VSect=T" target=_blank>SDBOT.BCV</a> WORM! Please take note of the difference between the legitimate Compaq Fax Utility Name (A1000 Settings Utility) and the name (Compaq Print Fax) used by this worm
[compaq service drivers 32]
Filename=compq32.exe
Confirmed=X
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
[compaq service drivrs]
Filename=copq.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target= blank>RBOT</a> WORM!
[compaq services drivers]
Filename=ndt32.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.CQZ&VSect=T" target=_blank>RBOT.CQZ</a> WORM!
[compaq sound drivers for windows]
Filename=sounddr.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotxg.html" target=_blank>SDBOT-XG</a> WORM!
[compaq video cd watcher]
Filename=??
Confirmed=N
Description=For Compaq PC's. MPEG viewer
[compaqhw comp manager]
Filename=cpqhcm.exe
Confirmed=?
Description=<font color="#FF0000">Running on a Compaq laptop - any ideas?</font>
[compaqprintray]
Filename=printray.exe
Confirmed=N
Description=Puts printer icon in the System Tray. When this option is disabled you will no longer be able to access the Control Program or Printer Driver directly from your desktop
[compaqs service driver]
Filename=copypad32.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.CSO&VSect=T" target=_blank>SDBOT.CSO</a> WORM!
[compaqs service drivers]
Filename=compqs.exe
Confirmed=X
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
[compaqsystray]
Filename=cpqpscp.exe
Confirmed=N
Description=Compaq System Tray icon
[compatibility service process]
Filename=regsvs.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.yn.html" target="_blank">GAOBOT.YN</a> WORM!
[compd service drivrs]
Filename=codq.exe
Confirmed=X
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
[computing technologie firewall]
Filename=lsauth.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotwx.html" target= blank>SDBOT-WX</a> WORM!
[comsmdexe]
Filename=comsmd.exe
Confirmed=N
Description=3Com tray icon
[comtry web searcher]
Filename=wstray.exe
Confirmed=X
Description=Comtry MP3 Downloader related - spyware
[comxt]
Filename=comxt.exe
Confirmed=X
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/trojan.comxt.html" target="_blank">COMXT</a> TROJAN!
[config]
Filename=service.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.israz.b@mm.html" target="_blank">ISRAZ.B</a> WORM!
[config loadation]
Filename=iEEexplore.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.h.html" target="_blank">SDBOT.H</a> TROJAN!
[config loadatiorin]
Filename=I3Explorer.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.h.html" target="_blank">SDBOT.H</a> TROJAN!
[config loader for microsoft windows]
Filename=mwincfg32.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.BD" target="_blank">AGOBOT.BD</a> WORM!
[config loader2]
Filename=explores.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.bt.html" target="_blank">GAOBOT.BT</a> WORM!
[config loadr]
Filename=winsys32.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobothn.html" target=_blank>AGOBOT-HN</a> WORM!
[config33.exe]
Filename=Config33.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.T" target=_blank>SDBOT.T</a> TROJAN!
[configgloader]
Filename=cart322.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.dj.html" target="_blank">GAOBOT.DJ</a> WORM!
[configservices]
Filename=Config.exe
Confirmed=N
Description=Part of initial setup on a Compaq PC
[configsetup]
Filename=configsetup32.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotafp.html" target=_blank>AGOBOT-AFP</a> WORM!
[configuration default]
Filename=Wuxat.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32spybotca.html" target=_blank>SPYBOT-CA</a> WORM!
[configuration file]
Filename=Winset32.exe
Confirmed=X
Description=Added by the FLUX.101 TROJAN!
[configuration loader]
Filename=syscfg32.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.b.html" target="_blank">SDBOT.B</a> TROJAN!
[configuration loader10]
Filename=ip7.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotanz.html" target=_blank>AGOBOT-ANZ</a> WORM!
[configuration loading service]
Filename=wscel.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotwj.html" target= blank>SDBOT-WJ</a> WORM!
[configuration service]
Filename=suchost.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.treb.html" target="_blank">TREB</a> TROJAN!
[configuration services]
Filename=mswords.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotym.html" target=_blank>SDBOT-YM</a> WORM!
[configuration wizard]
Filename=Cfgwiz32.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_HCKTCK.2K.C" target="_blank">HACKTACK</a> TROJAN! Not to be confused with the legitimate MS "ISDN Configuration Wizard" (Cfgwiz32.exe)
[configuration32 loader32]
Filename=winamp32.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotbic.html" target=_blank>SDBOT-BIC</a> WORM!
[confloader]
Filename=sysconf16.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsdbotfb.html" target=_blank>SDBOT-FB</a> TROJAN!
[conmgr]
Filename=conmgr.exe
Confirmed=N
Description=Starts Winfax pro at startup
[conmgr.exe]
Filename=conmgr.exe
Confirmed=U
Description=Connection Manager as used by Earthlink and others. If you need this to ensure a proper connection but don't want to connect at startup try creating your own shortcut
[connect2party]
Filename=connect2party.exe
Confirmed=X
Description=Adult content dialler
[connection manager]
Filename=CManager.exe
Confirmed=N
Description=SBC Yahoo DSL service connection manager. You can connect from the network connections. Users having problems with this have been advised to uninstall the connection manager via Add/Remove Programs and it won't affect the service
[connectivity tool]
Filename=[path to trojan]
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlitebote.html" target=_blank>LITEBOT-E</a> TROJAN!
[cons]
Filename=consol32.exe
Confirmed=X
Description=Hijacker - redirects to a p0rn portal, where foistware like ISTBar gets stealth installed
[conscorr]
Filename=conscorr.exe
Confirmed=X
Description=<a href="http://research.sunbelt-software.com/threat_display.cfm?name=VX2.Transponder&threatid=12517&search=vx2" target=_blank>VX2.Transponder</a> parasite updater/installer related
[console de gerenciamento microsoft]
Filename=csrss.exe
Confirmed=X
Description=Unidentified malware! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target=_blank>csrss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a System\Level4 subfolder
[contacte]
Filename=contacte.exe
Confirmed=?
Description=<font color="#FF0000">Some kind of driver?</font>
[content connector]
Filename=[random filename].exe
Confirmed=X
Description=Added by the <a href="http://sophos.com/virusinfo/analyses/trojdialery.html" target=_blank>DIALER-Y</a> TROJAN! Note - uses a random filename and random folders. Usually the folder containing the file is a Temp folder
[contentdownload]
Filename=rundll32.exe MSA64CHK.dll, DllMostrar
Confirmed=X
Description=<a href="http://research.sunbelt-software.com/threat_display.cfm?name=MatrixDialer&threatid=14914&search=MatrixDialer" target=_blank>MatrixDialer</a> related
Description=Related to an <a href="http://www.asus.com/" target=_blank>Asus</a> WLAN card
[controladores]
Filename=[path to trojan]
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojtelefoa.html" target=_blank>TELEFO-A</a> TROJAN!
[controlcenter2.0]
Filename=brctrcen.exe
Confirmed=N
Description=Brother scanner 'Control Center' application - can be started manually
[controlcentretray]
Filename=XWCTray.exe
Confirmed=N
Description=System Tray access for the Xerox ControlCentre 2.0 software for their range of printers, copiers, faxes, etc
[controlled resource system service]
Filename=crss.exe
Confirmed=X
Description=Added by the <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/crss/" target=_blank>AGOBOT.GH</a> WORM!
[controller]
Filename=WFXCTL32.EXE
Confirmed=N
Description=From Symantec's TalkWorks Pro and WinFax. Appears if you chose to have the program appear in the taskbar (System Tray) during installation and displays a yellow fax/telephone icon. Available via Start -> Programs
[controlservicemgr]
Filename=csmsv.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagentxc.html" target=_blank>AGENT-XC</a> TROJAN!
[cookie cop 2]
Filename=CookieCop.exe
Confirmed=U
Description=<a href="http://www.pcmag.com/article/0,2997,a=20844,00.asp" target="_blank">Cookie Cop 2</a> from PC Magazine - cookie manager. Allows you to decide which internet sites can add "cookies" related to their sites for the next time you return
[cookie pal]
Filename=CPBRWTCH.EXE
Confirmed=U
Description=Kookaburra Softwares <a href="http://www.pcmag.com/article/0,2997,s=1626&a=12703,00.asp" target="_blank">Cookie Pal</a> cookie manager. Allows you to decide which internet sites can add "cookies" related to their sites for the next time you return
[cookiejar]
Filename=Cookiejar.exe
Confirmed=U
Description=<a href="http://www.jasons-toolbox.com/cookiejar.asp" target="_blank">Cookie Jar</a> cookie manager from Jason's Toolbox. Allows you to decide which internet sites can add "cookies" related to their sites for the next time you return
Description=<a href="http://www.analogx.com/contents/download/network/cookie.htm" target="_blank">CookieWall</a> from Analog X. Allows you to decide which internet sites can add "cookies" related to their sites for the next time you return
[cool desk]
Filename=cdesk.exe
Confirmed=U
Description=<a href="http://www.shelltoys.com/" target="_blank">Cool Desk</a> is a virtual desktops manager. "Ever you wished to have several screens on your computer? Cool Desk creates up to 9 virtual desktops and offers you to have different windows on each of them". Not required but may be of use to you
[cooldownloads]
Filename=rundll32.exe MSA64CHK.dll, DllMostrar
Confirmed=X
Description=<a href="http://research.sunbelt-software.com/threat_display.cfm?name=MatrixDialer&threatid=14914&search=MatrixDialer" target=_blank>MatrixDialer</a> related
[coolmp3]
Filename=rundll32.exe MSA64CHK.dll, DllMostrar
Confirmed=X
Description=<a href="http://research.sunbelt-software.com/threat_display.cfm?name=MatrixDialer&threatid=14914&search=MatrixDialer" target=_blank>MatrixDialer</a> related
[coolswitch]
Filename=taskswitch.exe
Confirmed=U
Description=ALT+TAB replacement Powertoy for Windows XP - enhances the graphics displayed when you want to switch between programs running full-screen
[coolwallpaper]
Filename=cwm_tray.exe
Confirmed=N
Description=<a href="http://coolwallpaper.com/download/index2.html" target=_blank>Cool Wallpaper</a> software allows you to manage high quality photos as desktop wallpaper and screen savers
Description=Copernic <a href="http://www.copernic.com/en/products/desktop-search/index.html" target=_blank>Desktop Search</a> - "Easily search your entire hard drive in less than a second to pinpoint the right file, e-mail, music or pictures"
[copernicperusertaskmgr]
Filename=CopernicPerUserTaskMgr.exe
Confirmed=U
Description=Automatic tasking feature of Copernic Pro multi-search engine tool
[copy handler]
Filename=Copy Handler.exe
Confirmed=U
Description=<a href="http://copyhandler.com/" target= blank>Copy Handler</a> lets you copy between hard disks, floppies, local networks, CDs, and many other storage media. Copy Handler gives you the power to pause, resume, restart, and cancel during the copying and moving processes
[copyright]
Filename=mwcpyrt.exe
Confirmed=N
Description=Displays copyright information on IBM ThinkPads
[corel colleagues & contacts reminders]
Filename=cffrem.exe
Confirmed=N
Description=<a href="http://www.corel.com/printoffice_v1/ccc.htm" target="_blank">Corel Colleagues & Contracts</a> - all-in-one organizer for scheduling meetings, maintaining addresses, etc. Part of Corel Print Office
[corel desktop application director]
Filename=dadx.exe
Confirmed=N
Description=The Desktop Application Director (DAD) gives you easy access to all Corel applications - x represents ther version number. Available via Start -> Programs
[corel family & friends reminders]
Filename=CFFREM.EXE
Confirmed=N
Description=<a href="http://www.corel.com/products/graphicsandpublishing/phmagic/CFF.htm" target="_blank">Corel Family & Friends</a> - all-in-one calender, address book and list manager. Part of Corel Print House Magic
[corel registration]
Filename=Remind32.exe
Confirmed=N
Description=If you don't want to register Corel products and be reminded about it every 2 weeks disable it
[corel registration reminder]
Filename=Remind32.exe
Confirmed=N
Description=If you don't want to register Corel products and be reminded about it every 2 weeks disable it
[corel reminder]
Filename=NAVBROWSER.EXE
Confirmed=N
Description=If you don't want to register Corel products and be reminded about it every 2 weeks disable it
[corelcentral 10]
Filename=I_26dadCC.exe
Confirmed=N
Description=<a href="http://www3.corel.com/cgi-bin/gx.cgi/AppLogic+FTContentServer?pagename=Corel/Product/Feature&fid=CC1ZX1WPOP4" target="_blank">CorelCENTRAL 10</a> - personal information manager (PIM). Supplied as part of Corel WordPerfect Office 2002. Available via Start -> Programs
[coreldraw toolbox]
Filename=CorelDraw.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotvz.html" target= blank>SDBOT-VZ</a> WORM!
[coresrv]
Filename=coresrv.exe
Confirmed=X
Description=Some IRC trojans/worms use this - see <a href="http://lockdowncorp.com/bots/" target="_blank">here</a> for more information
[coresys]
Filename=coresys.exe
Confirmed=?
Description=<font color="#FF0000">??</font>
[correctconnect]
Filename=CConnect.exe
Confirmed=N
Description=Broadband ISP diagnostic tool - as used by NTL and Cox Communications. Shortcut available
[cosine]
Filename=cosine.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotsw.html" target=_blank>RBOT-SW</a> WORM!
Description=Country selection for a PCtel HSP56 based modem. Often found in OEM (Dell,Compaq, HP, etc) systems for their modems included on the motherboard or as a separate card. Once you've set the modem up to the chosen country it's not required
[countryselection]
Filename=pctptt.exe
Confirmed=N
Description=Country selection for a PCtel HSP56 based modem. Often found in OEM (Dell,Compaq, HP, etc) systems for their modems included on the motherboard or as a separate card. Once you've set the modem up to the chosen country it's not required
[coupon offers]
Filename=??
Confirmed=?
Description=<font color="#FF0000">??</font>
[couponica]
Filename=couponica.exe
Confirmed=X
Description=Adware - see <a href="http://vil.nai.com/vil/content/v_100077.htm#top" target="_blank">here</a>
[cp]
Filename=CopyProtectionNotifier.exe
Confirmed=?
Description=Related to <a href="http://www.emuzed.com/application.html" target=_blank>Emuzed</a> Systems and Middleware. Comes included with Windows XP Media Edition
[cp32not]
Filename=CP32BTN.EXE
Confirmed=U
Description=For the programmable "one-touch" buttons on HP laptops (and others?). Safe to disable if you don't use these buttons
[cp4hpot]
Filename=OneTouch.EXE
Confirmed=U
Description=One Touch keyboard driver. Required if you use the additional keys
[cpa9p2pserver]
Filename=CPA9P2PS.exe
Confirmed=?
Description=<font color="#FF0000">Found on a Compaq Presario but what is it?</font>
[cpatr10]
Filename=CPATR10.EXE
Confirmed=U
Description=Dritek/Compal ATR10 Easy Button driver. Used on certain laptops (e.g. Toshiba, Compaq) to translate special hotkeys such as Play/Pause and Constrast
[cpbrwtch]
Filename=CPBrWtch.exe
Confirmed=U
Description=Kookaburra Softwares <a href="http://www.pcmag.com/article/0,2997,s=1626&a=12703,00.asp" target="_blank">Cookie Pal</a> cookie manager. Allows you to decide which internet sites can add "cookies" related to their sites for the next time you return
[cpd_exe]
Filename=CPD.EXE
Confirmed=Y
Description=Firewall bundled with McAfee VirusScan 6.*
[cplbtq00]
Filename=CplBTQ00.EXE
Confirmed=N
Description=Related to <a href="http://castlecops.com/startuplist-8891.html" target=_blank>EZbutton</a>
[cpldbl10]
Filename=CPLDBL10.exe
Confirmed=N
Description=Related to the <a href="http://castlecops.com/s8891-EzButton_EXE.html" target=_blank>EZbutton</a> quick launcher
[cportpatch]
Filename=cppatch.exe
Confirmed=?
Description=<font color="#FF0000">CPortPatch is a utility is required for Dell laptops that are using a docking station. Is it needed though?</font>
[cpqacdc]
Filename=CPQAcDc.exe
Confirmed=Y
Description=Compaq PowerCon power management software for laptops
[cpqalert]
Filename=CPQAlert.exe
Confirmed=U
Description=Compaq's Insight Manager Agent - a tool that allows for "fault, performance, and configuration management". Recommended for corporate users only. It's best removed if installed but not wanted, rather than disabled at startup. See <a href="http://www.compaq.com/products/servers/management/cim-description.html" target="_blank">here</a> for more information
[cpqbootperfdb]
Filename=CPQBootPerfDB.EXE
Confirmed=N
Description=See the entry for Compaq Message Server
[cpqcalib]
Filename=CPQCalib.exe
Confirmed=Y
Description=Compaq PowerCon power management software for laptops
[cpqdfwag]
Filename=CpqDfwAg.exe
Confirmed=N
Description=For Compaq PC's. Runs Compaq diagnostics on every boot
[cpqeasyacc]
Filename=cpqeadm.exe
Confirmed=U
Description=For Compaq PC's. Allows the use of programmable keys on mulimedia keyboards. Required if you use the additional keys
[cpqeaui]
Filename=cpqeaui.exe
Confirmed=U
Description=For Compaq PC's. Allows the use of programmable keys on mulimedia keyboards. Required if you use the additional keys
[cpqek]
Filename=kcpqek.exe
Confirmed=U
Description=For Compaq PC's. <a href="http://h18000.www1.hp.com/support/techpubs/whitepapers/13W1-1200a-wwen.html" target="_blank"> Easy Access</a> button support for the keyboard
[cpqinet runtime service]
Filename=CpqInet.exe
Confirmed=U
Description=For Compaq PC's. Allows AOL and Compuserve to use the <a href="http://h18000.www1.hp.com/support/techpubs/whitepapers/13W1-1200a-wwen.html" target="_blank"> Easy Access</a> buttons for the internet. Is not required if you don't use the ISP providers
[cpqinkagent]
Filename=cpqinkag.exe
Confirmed=N
Description=That is the Compaq Ink Agent for some inkjet printers, it lets users know when their ink cartridges are getting close to empty (by how many pages they have printed)
[cpqns]
Filename=cpqnpcss.exe
Confirmed=U
Description=Related to Compaq.Net - not required if you don't use that
[cpqset]
Filename=Cpqset.exe
Confirmed=N
Description=Default settings software in Hewlett Packard notebook
[cpqstutfix]
Filename=stutfix.exe
Confirmed=Y
Description=For Compaq PC's. Fixes audio stutter problems for ESS Maestro soundcards. You can download it <a href="files/StutFix.exe">here</a>. This is a Compaq originated file and has been verified as free from viruses by McAfree/Norton
[cpr]
Filename=cpr
Confirmed=X
Description=Adroar.com adware downloader
[cpu manager]
Filename=cpumgr.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.pandem.b.worm.html" target="_blank">PANDEM.B</a> WORM!
[cpu temp control]
Filename=wuitgurd.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotahv.html" target=_blank>RBOT-AHV</a> WORM!
[cpu watcher]
Filename=rundll32.exe [path] cpu.dll,load
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderlo.html" target=_blank>DLOADER-LO</a> TROJAN!
[cpu windows status]
Filename=cpustats.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
[cpucool]
Filename=Cpucool.exe
Confirmed=U
Description=Program to keep the processor cool when idle in "overclocked" systems. Also available via Start -> Settings -> Control Panel
[cpusave]
Filename=Cpusave.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html" target="_blank">GEMA</a> TROJAN!
[cpusave32]
Filename=Cpusave32.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html" target="_blank">GEMA</a> TROJAN!
[cpyt]
Filename=hidep.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojmirjacka.html" target=_blank>MIRJACK-A</a> TROJAN!
[cqlyg]
Filename=world_cup_.bat
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BAT_WCUP.A" target="_blank">WCUP.A</a> WORM!
[cqscp2p server]
Filename=??
Confirmed=?
Description=<font color="#FF0000">"Compaq printer utility which is required in the startup menu in order to make the printer work correctly". Personally I doubt whether it is actually needed</font>
[cqscp2ps]
Filename=??
Confirmed=?
Description=<font color="#FF0000">"Compaq printer utility which is required in the startup menu in order to make the printer work correctly". Personally I doubt whether it is actually needed</font>
Description=<a href="http://www.reallusion.com/crazytalk/default.asp" target="_blank">CrazyTalk</a> from Reallusion - "the worlds only facial animation tool that gives you the power to create talking animated images from a single photograph, complete with emotions." Can apparently be installed without your knowledge as well as being a legitimate download in it's own right from sites such as TUCOWS
[crc32stats dependencies]
Filename=Crc32stats.exe
Confirmed=X
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/w32.mytob.gt@mm.html" target=_blank>MYTOB.GT</a> WORM!
[creata mail]
Filename=JMSrvr.exe
Confirmed=U
Description=<a href="http://www.bluemountain.com/mail/index.pd" target=_blank>Creata_Mail</a>. Smileys, stationary and more for you email. Required if you want to access the program from Outlook or Outlook Express
[create a monster]
Filename=createAMonster.exe
Confirmed=X
Description=Kudd.com CreateAMonster. Reportedly stealth installed and <a href="http://sarc.com/avcenter/venc/data/adware.look2me.html" target=_blank>Look2Me</a> adware related
[createcd]
Filename=Createcd.exe
Confirmed=N
Description=Adaptec Easy CD Creator system tray application (pre version 5). Available via Start -> Programs
[createcd50]
Filename=Createcd50.exe
Confirmed=N
Description=Adaptec Easy CD Creator version 5 system tray application. Available via Start -> Programs
[creative agp wizard]
Filename=agpwiz.exe
Confirmed=N
Description=Part of Creative's BlasterControl
[creative launcher]
Filename=CTLauncher.exe
Confirmed=N
Description=For Creative Soundblaster Live! series soundcards. Adds a quick-launch bar to the top of the display and a System Tray icon. Available via Start -> Programs
[creative mediasource go]
Filename=CTCMSGo.exe
Confirmed=N
Description=Creative <a href="http://www.soundblaster.com/mediasource/" target="_blank"> MediaSource</a> playbacks music in DVD-Audio, MP3, WMA, WAV and other media formats
[creative pci audio configuration utility]
Filename=starter.exe
Confirmed=N
Description=System Tray icon to configure a Creative Soundblaster PCI soundcard. Not required and re-instates itself when un-checked. Try one of the solutions on <a href="http://www.pacs-portal.co.uk/startup_pages/starter_exe.htm" target="_blank">this</a> special page. Similar to EnsoniqMixer
[creative service for cdrom access]
Filename=Ctsvccda.exe
Confirmed=N
Description=Resident program for Creative's PlayCenter included with Soundblaster Audigy sound cards - speeds up detection of some media CDs if the system doesn't natively support them. Available via Start -> Programs
[creative webcam tray]
Filename=Camtray.exe
Confirmed=N
Description=Creative WebCam tray control - can be started manually
[creative.exe]
Filename=Creative.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.prolin.worm.html" target="_blank">PROLIN</a> WORM!
[creativediscnotifier]
Filename=CTNOTIFY.EXE
Confirmed=N
Description=For Creative Soundblaster Live! series soundcards. Detects when you insert a CD-ROM, DVD-ROM, etc. Available via Start -> Settings -> Control Panel
[creativemixer]
Filename=CTMIX32.EXE
Confirmed=U
Description=Creative soundcard System Tray access to, for example, volume slider controls as normally provided by the "speaker" icon. Not required unless you adjust any settings otherwise available via the standard icon
[critical update check]
Filename=battlenet.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdelflb.html" target=_blank>DELF-LB</a> TROJAN!
[crnsava]
Filename=scrnsave.pif
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotzv.html" target=_blank>SDBOT-ZV</a> WORM!
[cronos]
Filename=MARCO!.SCR
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.G" target="_blank">OPASERV.G</a> WORM!
[crossmenu]
Filename=CrossMenu
Confirmed=X
Description=Toshiba CrossMenu Utility - allows the user to create their own menus
[crs]
Filename=crs.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobottj.html" target=_blank>AGOBOT-TJ</a> WORM!
[crusty]
Filename=dmcpl.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.rusty@m.html" target="_blank">RUSTY</a> WORM!
[cryptdlg]
Filename=cryptdlg.exe
Confirmed=X
Description=Added by an unidentified TROJAN!
[cryptographic service]
Filename=******.exe [* = random char]
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.korgo.w.html" target="_blank">KORGO.W</a> or <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.korgo.x.html" target="_blank">KORGO.X</a> or <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39581" target="_blank">KORGO.AB</a> WORMS!
[crystal 3d audio control]
Filename=CWD3DSND.EXE
Confirmed=?
Description=Crystal 3D Audio sound driver. <font color="#FF0000">Is it required?</font>
[csarem]
Filename=spqmdmui.exe
Confirmed=N
Description=Compaq modem country selection
[csav_checkviruses]
Filename=vchk.exe
Confirmed=Y
Description=Part of <a href="http://www.authentium.com/solutions/products/commandantivirus.cfm" target="_blank">Command AntiVirus</a>
[csc]
Filename=csc.exe
Confirmed=U
Description=Command line compiler for Microsoft C# it gets installed with the .NET SDK
[cscrs value]
Filename=cscrs.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaaa.html" target=_blank>RBOT-AAA</a> WORM!
[cscrs value check]
Filename=MsPMSPSd.exe
Confirmed=X
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
[csinject.exe]
Filename=CSINJECT.EXE
Confirmed=U
Description=Part of Quarterdeck/Norton CleanSweep. For a full description see <a href="http://service1.symantec.com/SUPPORT/cleansweep.nsf/docid/1999022413295728" target="_blank">here</a>. An excerpt - "Csinject must be loaded in order for Smart Sweep to automatically monitor installations and properly track registry changes."
[csm win updates]
Filename=csm.exe
Confirmed=X
Description=Added by the <a href="http://vil.nai.com/vil/content/v_135435.htm" target=_blank>ZOTOB.B</a> WORM!
[csoftok]
Filename=softok.exe
Confirmed=X
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/trojan.pws.qqpass.g.html" target= blank>QQPASS.G</a> TROJAN!
[csrsc]
Filename=csrsc.exe
Confirmed=X
Description=Added by an unidentified VIRUS, WORM or TROJAN!
[csrss loader]
Filename=csrsss.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.TX" target=_blank>AGOBOT.TX</a> WORM!
[csrss.exe]
Filename=csrss.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.dalbug.worm.html" target=_blank>DALBUG</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target=_blank>csrss.exe</a> process which is always located in the Winnt\System32 or Windows\System32 folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
[csrsslevel4]
Filename=csrss.exe
Confirmed=X
Description=Unidentified malware. Note - this file is placed in a C:\Windows\System\Level4 folder, and should NOT be confused with the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target=_blank>csrss.exe</a> process which is always located in the Winnt\System32 or Windows\System32 folder and should NOT figure in Msconfig/Startup!
[csrssu]
Filename=CSRSSU.exe
Confirmed=X
Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant - hijacking to Slawsearch.com. Also detected as the <a href="http://www.sophos.com/virusinfo/analyses/trojcwse.html" target= blank>CWS-E</a> TROJAN!
[csrssw]
Filename=CSRSSW.EXE
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojcwsf.html" target= blank>CWS-F</a> TROJAN!
[csrswin]
Filename=[trojan filename]
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.winshell.50.html" target="_blank">WINSHELL.50</a> TROJAN!
[csrsx]
Filename=[trojan filename]
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.winshell.50.b.html" target="_blank">WINSHELL.50.B</a> TROJAN!
[css server]
Filename=CSSServer.exe
Confirmed=U
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/spyware.comspysyssvr.html" target=_blank>ComSpySysSvr</a> surveillance software. Uninstall this software unless you put it there yourself
[csschedulecheck]
Filename=SCHWIZEX.EXE
Confirmed=Y
Description=Part of <a href="http://www.imaginelan.com/configsafe/index.html" target="_blank"> ConfigSafe</a> - lets you identify changes to the registry, INI files, System asset files, system hardware, network connections, and operating system versions - provides a restore function. This part takes a snapshot of your system following a healthy re-boot
[csss]
Filename=Csss.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.balick.trojan.html" target="_blank">BALICK</a> TROJAN!
[css_central]
Filename=CSS_1631.EXE
Confirmed=U
Description=CSS Communication Agent (95 Host) from <a href="http://www.commandcom.com/enterprise/csscntrl.html" target="_blank">Command Software Systems</a> "CSS Central?provides administrators with a powerfully proactive tool to effectively manage and maintain the anti-virus strategy from a centralized console."
[csv10p70]
Filename=CSv10P070.exe
Confirmed=X
Description=<a href="http://doxdesk.com/parasite/ClearSearch.html" target=_blank>ClearSearch</a> adware related
[csv7p26]
Filename=CSV7P26.exe
Confirmed=X
Description=<a href="http://doxdesk.com/parasite/ClearSearch.html" target=_blank>ClearSearch</a> adware related
[csv7p70]
Filename=CSV7P070.exe
Confirmed=X
Description=<a href="http://doxdesk.com/parasite/ClearSearch.html" target=_blank>ClearSearch</a> adware related
[csv7p91]
Filename=CSV7P91.exe
Confirmed=X
Description=<a href="http://doxdesk.com/parasite/ClearSearch.html" target=_blank>ClearSearch</a> adware related
[ct]
Filename=ct.exe
Confirmed=Y
Description=ct.exe is a file is for the HP Learning Adventure software and if you use this software it is required to run it
[ct control settings]
Filename=CTSVCCD.EXE
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotys.html" target=_blank>RBOT-YS</a> WORM!
[ctavtray]
Filename=CTAvTray.exe
Confirmed=N
Description=For Creative Soundblaster Live! series soundcards. Plays the EAX animation on start-up and adds a System Tray icon for it. Available via AudioHQ
[ctcmonitor]
Filename=CTCMonitor.exe
Confirmed=U
Description=<a href="http://www.clicktoconvert.com/Features/features.html" target=_blank>Click-to-Convert</a> - document-to-HTML or doc-to-PDF converter. Only required if you are going to use the File -> Print method of using Click-to-Convert. If converting directly from MS Office, it is not required
[ctflog manager]
Filename=ctflog.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_DONBOMB.A&VSect=P" target=_blank>DONBOMB.A</a> TROJAN!
[ctfm0n.exe]
Filename=CTFM0N.exe
Confirmed=X
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/trojan.startpage.p.html" target=_blank>STARTPAGE.P</a> TROJAN!
[ctfmon32]
Filename=CTFMON32.EXE
Confirmed=X
Description=CoolWebSearch <a href="http://cwshredder.net/cwshredder/cwschronicles.html#ctfmon32" target=_blank>Ctfmon32</a> parasite variant - also detected as the <a href="http://www.sophos.com/virusinfo/analyses/trojcwse.html" target= blank>CWS-E</a> TROJAN!
[ctfmonss]
Filename=CTFMONSS.EXE
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojcwsf.html" target= blank>CWS-F</a> TROJAN!
[ctfnom]
Filename=rundIl32.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlegmiraw.html" target=_blank>LEGMIR-AW</a> TROJAN!
[ctime]
Filename=[path to trojan]
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.httpdos.html" target="_blank">HTTPDOS</a> TROJAN!
[ctin10]
Filename=CTin10.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.bancos.e.html" target="_blank">BANCOS.E</a> TROJAN!
[ctnmrun]
Filename=ctnmrun.exe
Confirmed=U
Description=Detects the Creative NOMAD jukebox/MP3 player at the time it is attached to USB and starts the needed application (Creative PlayCentre 2) that you use to copy MP3 files to and from it. This is required if you want PlayCentre 2 to take control of the NOMAD once connected
[ctpdpsrv]
Filename=CTPDPSRV.EXE
Confirmed=?
Description=Printer driver (in the WINDOWSSystem32spoolDRIVERSW32X86 folder).<font color="#FF0000"> Is it required?</font>
[ctregrun]
Filename=CTRegRun.exe
Confirmed=N
Description=For Creative Soundblaster Live! series soundcards. Reminds you to register your card with Creative
[ctrlvol]
Filename=CtrlVol.exe
Confirmed=U
Description=Volume control key on Acer, Fujitsu and other laptops
[ctstartup]
Filename=CTEaxSpl.exe
Confirmed=N
Description=Splash screen with sound on every boot up. Installed with a Sound Blaster Audigy soundcard
[ctsysvol]
Filename=CTSYSVOL.exe
Confirmed=U
Description=Creative sound card volume controls
[cttdpsrv]
Filename=cttdpsrv.exe
Confirmed=?
Description=<font color="#FF0000">??</font>
[ctupdate]
Filename=ctupdclt.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotabg.html" target= blank>RBOT-ABG</a> WORM!
Description=Associated with the Surf Sidekick adware and should be removed
[cu2]
Filename=VCMain.exe
Confirmed=X
Description=Associated with the Surf Sidekick adware and should be removed
[cuagentexe]
Filename=Cuagent.exe
Confirmed=Y
Description=<a href="http://www.command.co.uk/html/products/csav/index.cfm">Command Antivirus</a> related
[cuo]
Filename=cuo.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_BUGBEAR.A" target="_blank">BUGBEAR.A</a> WORM!
[current security config]
Filename=csecure.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotamo.html" target=_blank>RBOT-AMO</a> WORM!
[cursor]
Filename=Screendragon_VS_Taskbar.exe
Confirmed=N
Description=<a href="http://www.screendragon.com/" target="_blank">ScreenDragon</a> video player
[cursorxp]
Filename=CursorXP.exe
Confirmed=N
Description=<a href="http://www.stardock.com/products/cursorxp/" target="_blank">CursorXP</a> from Stardock - tool for creating mouse cursors
[customizer2000]
Filename=logon.exe
Confirmed=U
Description=Automatic logon feature of <a href="http://www.hot-shareware.com/utilities/customizer-2000/" target="_blank">Customizer 2000</a> - "a special utility which is designed to optimize Win9x/ME performance. The program lets you explore the many hidden settings in Windows, and make changes"
[cutemx]
Filename=CuteMX.EXE
Confirmed=N
Description=File sharing utility
[cvmonitor.exe]
Filename=cvmonitor.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.BV" target="_blank">SDBOT.BV</a> WORM!
[cvpnd]
Filename=cvpnd.exe
Confirmed=Y
Description=Sub-system used by Cisco VPN client for making a connection to a remote IPSec server
[cw]
Filename=cw4.exe
Confirmed=U
Description=<a href="http://www.zemericks.com/products/chatwatch/index.asp" target=_blank>Chat Watch</a> "is a monitoring and logging software for online chat and instant messaging programs"
Description=Part of IBM's <a href="http://www-1.ibm.com/servers/eserver/iseries/access/" target="_blank">iSeries</a> (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. Checks the software version on your PC to that of the iSeries it is connected to. Not required - and can be turned off in the Client Access properties. It's a waste of resources
[cwbinhlp]
Filename=cwbinhlp.exe
Confirmed=N
Description=Client Access Help Registry Update Function - part of IBM's <a href="http://www-1.ibm.com/servers/eserver/iseries/access/" target="_blank">iSeries</a> (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. It only updates the help files on your PC to match the level of the attached iSeries
[cwbsvstr]
Filename=cwbsvstr.exe
Confirmed=N
Description=Part of IBM's <a href="http://www-1.ibm.com/servers/eserver/iseries/access/" target="_blank">iSeries</a> (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. Useful if you are going to access the iSeries through Windows Explorer to move files back and forth between Windows folders and iSeries folders. This is a tool that is only used by Client Access administrators (usually) so it is not required - a waste of resources
[cwbwlwiz]
Filename=cwbwlwiz.exe
Confirmed=?
Description=Welcome wizard launcher - Part of IBM's <a href="http://www-1.ibm.com/servers/eserver/iseries/access/" target="_blank">iSeries</a> (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. <font color="#FF0000">What does it do and is it required?</font>
Description=<a href="http://www.contentwatch.com/products/contentprotect.php" target=_blank>ContentProtect</a> from ContentWatch - internet filter
[cxmon]
Filename=Hpi_Monitor.exe
Confirmed=N
Description=Autodetects when a HP camera is attached to the computer and launches the "HP Photoimaging Software". Available via Start -> Programs
[cyber]
Filename=cyberchk.exe
Confirmed=N
Description=Part of Belkins "Multimedia Cleaning Kit" and is
[cyber trio]
Filename=showmode.exe
Confirmed=U
Description=From G-Tek Technologies. Allows you to set the PC in one of three modes, Standard, Enhanced and Kiddo. Standard is full function, Enhanced prevents accidental damage and Kiddo is a play environment for kids. Pre-installed on some Packard Bell PCs
Description=<a href="http://www.cyberlat.com/ramcleaner/" target="_blank">CyberLat RAM Cleaner</a> - memory optimizer. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See <a href="http://www.aumha.org/a/memmgmt.htm" target="_blank">this</a> article and make up your own mind
[cybermedia agent]
Filename=CMAGENT.EXE
Confirmed=N
Description=Part of CyberMedia's Oil Change program. Not normally required. Note - if you have TextBridge, CyberMedia Agent may attach itself to TextBridge and cause TextBridge to crash everything if this is disabled
[cyberwolf]
Filename=CyberWolf.exe
Confirmed=X
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/w32.hllw.kickin.a@mm.html" target="_blank"> KICKIN.A</a> (or <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_CYDOG.C" target="_blank">CYDOG.C</a>) WORM!
[cydoor]
Filename=CD_Load.exe
Confirmed=X
Description=Adware. Check <a href="http://www.cexx.org/cydoor.htm" target="_blank">here</a> for information about Cy-Door and <a href="http://www.lavasoft.de/software/adaware/" target="_blank">here</a> for a program that can remove it
[cydoorupdate]
Filename=CD_Load.exe
Confirmed=X
Description=Adware. Check <a href="http://www.cexx.org/cydoor.htm" target="_blank">here</a> for information about Cy-Door and <a href="http://www.lavasoft.de/software/adaware/" target="_blank">here</a> for a program that can remove it
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobfn.html" target=_blank>MYTOB-FN</a> WORM!
[d-link air usb utility]
Filename=AirCFG.exe
Confirmed=Y
Description=D-Link wireless PCI adapter related
[d-link air utility]
Filename=AirCFG.exe
Confirmed=Y
Description=D-Link wireless PCI adapter related
[d-link airplus dwl-650+ utility]
Filename=WLANMON.exe
Confirmed=N
Description=D-Link Air Plus Wireless PC modem connection monitor
[d-link airplus g]
Filename=AirGCFG.exe
Confirmed=Y
Description=D-Link Airplus Wireless Router driver
[d066uutility]
Filename=D066UUTY.EXE
Confirmed=N
Description=TWAIN driver for the CanoScan D660U flatbed scanner. Start scanning via your scanner management software
[d3dupdate.exe]
Filename=bbeagle.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.a@mm.html" target="_blank">BEAGLE.A</a> WORM!
[d4]
Filename=D4.exe
Confirmed=U
Description=<a href="http://www.thinkman.com/dimension4/index.html" target="_blank">Dimension 4</a> - network time synchronization freeware - starts-up, adjusts the system clock, then shuts down
[daconfigexe]
Filename=daconfig.exe
Confirmed=N
Description=3Com NIC Diagnostics. Available via Start -> Programs
[dadapp]
Filename=dadapp.exe
Confirmed=Y
Description="DadApp is the SW utility that controls the programmable buttons on Dell Laptops. Not required, but should be left in because it can create a hassle and doesn't always restore functionality to those buttons once unchecked and rechecked" - direct from Dell
[daemon tools-1033]
Filename=Daemon.exe
Confirmed=U
Description=<a href="http://www.daemon-tools.net/main.htm" target="_blank">Daemon Tools</a> - used to map an image-file (.iso, .bin etc) to a virtual CD/DVD-drive
[daily planner]
Filename=dayplan.exe
Confirmed=N
Description=Daily Planner - discontinued, and now part of <a href="http://www.kmcsonline.com/index.html" target="_blank">KMCS Deluxe System Suite</a>. Tool to plan your days, and check activities off as you complete them
[daily weather forecast]
Filename=weather.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderip.html" target= blank>DLOADER-IP</a> TROJAN!
[damedware services]
Filename=dwdrce.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaoj.html" target=_blank>RBOT-AOJ</a> WORM!
[dancer]
Filename=DncLE.exe
Confirmed=U
Description=Part of Microsoft Plus! Digital Media Edition - see <a href="http://www.microsoft.com/windows/plus/dme_more/moreupdates.asp" target=_blank>here</a>
[dap]
Filename=DAP.exe
Confirmed=N
Description=<a href="http://www.speedbit.com/" target="_blank">Download Accelerator Plus</a> from Speedbit. Download manager for resuming downloads, amongst other features. Available via Start -> Programs. Note that the free version is adware based
[darkdevil.grasiele.br]
Filename=Grasiele.VBS
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/vbs.lembra@mm.html" target="_blank">LEMBRA</a> WORM!
[darkness lsass]
Filename=LsasS23.exe
Confirmed=X
Description=Added by an unidentified WORM or TROJAN!
[dashie]
Filename=N/A
Confirmed=?
Description=<font color="#FF0000">Could be related to "Dash Power Shopping" tool bar in IE?</font>
[dasxdads]
Filename=fsdqd.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.biq.html" target="_blank">GAOBOT.BIQ</a> WORM!
[data lifeguard]
Filename=BACKWE~1.EXE
Confirmed=N
Description=Data LifeGuard diagnostic tools for Western Digital's series of hard drives
[data lifeguard lifeline lite installer]
Filename=DLGLI.EXE
Confirmed=N
Description=Backweb installer - see <a href="http://www.cexx.org/dlgli.htm" target="_blank"> here</a>
[data restore service]
Filename=prq8.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.kelvir.ai.html" target= blank>KELVIR.AI</a> WORM!
[data789]
Filename=Regedit.exe ....data789.tmp
Confirmed=X
Description=Homepage hijacker
[database mysql]
Filename=[path] repcale.exe [path] beird.exe
Confirmed=X
Description=Added by a variant of the <a href="http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_RANDON.AN" target=_blank>RANDON.AN</a> WORM!
[datacaching]
Filename=FlashKsk.exe
Confirmed=N
Description=<a href="http://www.smartdisk.com" target="_blank">SmartMedia Card</a> management from the installation of a SanDisk reader for a camera's SmartMedia card and also adds the "Unplug and Eject Hardware" System Tray icon
[datalayer]
Filename=DataLayer.exe
Confirmed=U
Description=Nokia PC Suite 5 - "A collection of powerful tools that you can use to manage your phone features and data." Synchronize the phone with, for example Outlook. You can also use it to browse your phone, edit the phone list and so on
[dataviz inc messenger]
Filename=DvzIncMsgr.exe
Confirmed=X
Description=Installed with <a href="http://www.dataviz.com/products/documentstogo/" target= blank>DataViz</a> "Documents to Go" software
[dataviz messenger]
Filename=DvzMsgr.exe
Confirmed=N
Description=<a href="http://www.dataviz.com/products/documentstogo/" target="_blank">DataViz Documents to Go</a> - "allows you to use your Word, Excel and PowerPoint files on your handheld anywhere, anytime. In addition, it now synchronizes e-mail with attachments, PDF files, pictures and Excel-like charts"
[datcheck]
Filename=datcheck.exe
Confirmed=X
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/keypanic.trojan.html" target="_blank">KEYPANIC</a> TROJAN!
[date manager]
Filename=datemanager.exe
Confirmed=X
Description=<a href="http://www.date-manager.com/" target="_blank">Date Manager</a> - calender program. Spyware/adware based provided by The Gator Corporation
[datechecker]
Filename=N/A
Confirmed=?
Description=<font color="#FF0000">Could be related to <a href="http://www.simtel.net/pub/pd/9379.html" target="_blank">this</a>?</font>
[datemakerintl]
Filename=DateMakerIntl.exe
Confirmed=X
Description=Premium rate adult content dialler
[daupdate]
Filename=DAupdate.exe
Confirmed=X
Description=NavEnhance adware
[daw9532.exe]
Filename=DAW9532.EXE
Confirmed=?
Description=Loaded during installation of some 3Com network cards. Enables their DynamicAccess desktop management software. <font color="#FF0000">Is it required?</font>
[daytoday]
Filename=DAYTODAY.EXE
Confirmed=U
Description=<a href="http://www.locutuscodeware.com/daytoday.htm" target="_blank">DayToday</a> from RoboMagic Software Corp. Displays the date on the taskbar
[dazel delivery agent]
Filename=DcDaemon.exe
Confirmed=U
Description=Control and send documents, etc, to any destination - see <a href="http://www.clickly.com/ISSVDO4Z/EN/user/proddet.html?P=888" target="_blank">here</a>
[dbserv]
Filename=dbserv.exe
Confirmed=N
Description=Database Server for Norton Ghost on Win2k Pro. Ghost works fine when it is disabled
[dce manager]
Filename=dcemgr.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.tumag.html" target="_blank">TUMAG</a> TROJAN!
[dcfssvc]
Filename=dcfssvc.exe
Confirmed=U
Description=Associated with digital cameras and can cause problems which disappear if disabled. If this program is unchecked in startup, your camera will not cause your computer to open a pop-up window when you connect it. Leave enabled if you can't load pictures from your camera/dock - Kodak's dock is an example
[dcfssve]
Filename=dcfssvc.exe
Confirmed=U
Description=Associated with digital cameras and can cause problems which disappear if disabled. If this program is unchecked in startup, your camera will not cause your computer to open a pop-up window when you connect it. Leave enabled if you can't load pictures from your camera/dock - Kodak's dock is an example
[dcom system patch]
Filename=Microsoft.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RANDEX.MS&VSect=P" target=_blank>RANDEX.MS</a> WORM!
[ddcactivemenu]
Filename=DDCActiveMenu.exe
Confirmed=N
Description=Digital Distribution Channel - formally part of the WildTangent on-line games delivery service. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case
[ddcm]
Filename=DDCMan.exe
Confirmed=N
Description=Digital Distribution Channel - formally part of the WildTangent on-line games delivery service. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case
[ddcman]
Filename=DDCMan.exe
Confirmed=N
Description=Digital Distribution Channel - formally part of the WildTangent on-line games delivery service. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.gutta.html" target=_blank>GUBED</a> TROJAN!
[debugger]
Filename=dbg32.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobfw.html" target=_blank>MYTOB-FW</a> WORM!
[debugmonitor]
Filename=debugmonitor.exe
Confirmed=X
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/w32.mydoom.bg@mm.html" target=_blank>MYDOOM.BG</a> WORM!
[deeenes]
Filename=DeeEnEs.exe
Confirmed=U
Description=<a href="http://www.palacio-cristal.com/products/DeeEnEs/" target=_blank>DeeEnEs</a> - automatically updates a dynamic IP address when it changes
[deejay]
Filename=forboo.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotay.html" target="_blank">FORBOT-AY</a> WORM!
[default system research]
Filename=vhchost.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.tarno.i.html" target="_blank">TARNO.I</a> TROJAN!
[default web browser]
Filename=IexpIore.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojoblivionb.html" target="_blank">OBLIVION.B</a> TROJAN! Note - do not confuse "IexpIore.exe" with "iexplore.exe" (Internet Explorer), the first has a captial "i" in place of lower case "L"
Description=Detects out-of-date virus definitions for Norton Anti-Virus Corporate Edition and runs the Defwatch Wizard. Only required if you don't update the virus definitions manually on a regular basis
[delay]
Filename=delayrun.exe
Confirmed=U
Description=On HP PCs this program is used to help prevent conflicts or timing issues on fast computers
[delayrun]
Filename=delayrun.exe
Confirmed=U
Description=On HP PCs this program is used to help prevent conflicts or timing issues on fast computers
[delcab]
Filename=deltreew.exe C:\cabs
Confirmed=?
Description=<font color="#FF0000">??<font>
[delete me]
Filename=worm.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.doomhunter.html" target="_blank">DOOMHUNTER</a> WORM!
[dell alert]
Filename=DAMon.exe
Confirmed=N
Description="Dell Alert" utility, that's supposed to make interaction with Support easier
Description=Dell taskbar icon allowing you to quickly change settings
[dell wireless manager ui]
Filename=WLTRAY
Confirmed=U
Description=Installed alongside Dell Wireless WLAN Card and provides additional configuration options for these devices
[delldmi]
Filename=delldmi.exe
Confirmed=?
Description=<font color="#FF0000">Possibly part of <a href="http://docs.us.dell.com/docs/software/smcliins/cli60/en/ug/intro.htm" target="_blank">Dell OpenManage Client Instrumentation</a> - software that allows remote management application programs to access information about, monitor the status of or change the state of the client computer, such as shutting it down remotely. Uses the DMI and/or common information model (CIM) protocols, which are systems management protocols defined by industry standards?</font>
[dellmmkb]
Filename=DELLMMKB.EXE
Confirmed=U
Description=Multimedia keyboard control for Dell based PCs - only required if you use the multimedia keys
[dellsc]
Filename=dellsc.exe
Confirmed=N
Description=Dell Solution Center - web-based troubleshooting tools and educational offerings
Description=Added to the startup list after installing a Creative SoundBlaster Audigy soundcard. <font color="#FF0000">Deletes temporary files once an installation is complete?</font>
[delttray]
Filename=deltray.exe
Confirmed=N
Description=System Tray access to the control panel for the M-Audio <a href="http://www.midiman.net/products/m-audio/delta44.php" target="_blank">Delta 44</a> PCI Analog Recording Interface. Available via a desktop shortcut, Start -> Programs or Start -> Settings -> Control Panel
[demon]
Filename=demon.exe
Confirmed=?
Description=Part of the French Wanadoo ADSL extense pack. <font color="#FF0000"> What does it do and is it required?</font>
[deneca]
Filename=Virus salvado
Confirmed=X
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/w97m.deluz.html" target= blank>DELUZ</a> VIRUS!
[depfrez]
Filename=frzstate.exe
Confirmed=U
Description=<a href="http://www.winselect.com/pages/deepfreeze/dpfrz_info.htm?B13=More+Info" target="_blank">Deep Freeze</a> from Hyper Technologies. "Freezes" the current software configuration so that an a re-boot all changes made refer back to their original settings. Not required for most users - more likely to be used by system administrators, for example
[description of shortcuts]
Filename=*.exe
Confirmed=?
Description=<font color="#FF0000">* seems to be a sequence of alphanumerics that can be different, i.e., 1960F8A9, 4EBD23F5, etc. Each of these files would appear to be a shortcut, i.e., 4EBD23F5 is actually Works Calender Reminder (found via a registry search)</font>
Description=Provides transparent icon text backgrounds and coloured icon text
[deskflag]
Filename=Deskflag.exe
Confirmed=N
Description=<a href="http://www.deskflag.com/" target="_blank">DeskFlag</a> - animated USA flag on the desktop
[deskmateautoupdate]
Filename=DeskMateAutoUpdate.exe
Confirmed=X
Description=DeskMates: Virtual scantily clad girls enhance your desktop. <a href="http://www.pestpatrol.com/PestInfo/b/bargainbuddy.asp" target=_blank>BargainBuddy</a> adware related
[desksite cma]
Filename=cma.exe
Confirmed=U
Description=<a href="http://www.desksitemusic.com/" target="_blank">DeskSite CMA siftware</a> - "retrieves new content from the DeskSite Data Center"
[desktop architect]
Filename=DATRAY.EXE
Confirmed=N
Description=Desktop theme manager available <a href="http://download.com.com/3000-2326-5630015.html?tag=list" target="_blank">here</a> - for managing the desktop appearance, fonts, sounds, etc
[desktop plant]
Filename=AZARE10S.PLT
Confirmed=N
Description=Vritual plant from <a href="http://www.desksoft.com/DesktopPlant.htm" target="_blank">here</a> - this version is an Azalea, there are others so the filename may be different
[desktop search]
Filename=desktop.exe
Confirmed=X
Description=iSearch "Desktop Search" hijacker
[desktop service centre]
Filename=DSC.exe
Confirmed=?
Description=OptusNet DSL or Dial-Up connection software - <font color="#FF0000">is it required?</font>
[desktop weather]
Filename=THE WEATHER CHANNEL.exe
Confirmed=N
Description=<a href="http://www.weather.com/services/desktop.html?from=tutorial" target="_blank">Desktop Weather</a> by The Weather Channel - provides current temperature, conditions, alerts, etc
[desktopmgr]
Filename=desktopmgr.exe
Confirmed=N
Description=Synchronisation manager for the cradles for the <a href="http://www.rim.net/products/index.shtml" target="_blank">Research In Motion</a> range of wireless handhelds, including the "Blackberry"
[desktopupdate]
Filename=rundll32.exe MSA64CHK.dll, DllMostrar
Confirmed=X
Description=<a href="http://research.sunbelt-software.com/threat_display.cfm?name=MatrixDialer&threatid=14914&search=MatrixDialer" target=_blank>MatrixDialer</a> related
[desktopx]
Filename=DESKTOPX.EXE
Confirmed=U
Description=A program that replaces the regular Desktop and Taskbar, and can be changed to the user's liking
[deskup]
Filename=deskup.exe
Confirmed=N
Description=Adds Iomega Zip drive icons to the desktop
[destroyb11]
Filename=destroyb11.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdelfko.html" target=_blank>DELF-KO</a> TROJAN!
[detector]
Filename=detector.exe
Confirmed=N
Description=USB port detector for LG scanners. Sits in the System Tray, and when it detects the scanner through the USB port, you can run the scanner software from the tray. It is not required at all, since you can use the scan software from almost any photo editing software
[deventagent]
Filename=eventagt.exe
Confirmed=U
Description=DEvent Agent Module client - part of Dell OpenManage and used for server management. Only required if you use this
[device configuration loader]
Filename=msdvc32.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target=_blank>AGOBOT/GAOBOT</a> WORM!
[device detector]
Filename=DevDetect.exe
Confirmed=U
Description=Watches for external digital imaging products being connected from <a href="http://www.acdsystems.com/English/index.htm" target="_blank">ACD Systems</a>
[device detector 2]
Filename=DevDtct2.exe
Confirmed=N
Description=Installed by various Olympus products, this program detects the active connection of a speech device (voice recorder, etc) to a USB port then runs specific client software used to access that device. The DevDtct2 process has a "high" priority level which can negatively impact system resources
[devicediscovery]
Filename=hpotdd01.exe
Confirmed=U
Description=Detection of new imaging, printing and other peripherals on HP machines such as USB printers, cameras and Bluetooth products. "This program is a non-essential process, but should not be terminated unless suspected to be causing problems"
[devices]
Filename=olesvr.exe
Confirmed=U
Description=Salfeld <a href="http://www.salfeld.com/parental_control_overwiew.htm" target="_blank">Child Control 2003</a> - parental control software
[devicewin]
Filename=[path to trojan]
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankeraev.html" target=_blank>BANKER-AEV</a> TROJAN!
[devldr16]
Filename=devldr16.exe
Confirmed=U
Description=Associated with some Creative Labs sound cards. Provides audio support for DOS applications. Not needed if you don't have those. Required if you use "Sound Play Control" and "Sound Recorder". To disable: (1) Disable via MSCONFIG (2) Start -> Settings -> Control Panel -> System -> Device Manager then disable "Creative SB16 Emulation" under Creative Miscellaneous Devices
[devldr16.exe]
Filename=devldr16.exe
Confirmed=U
Description=Associated with some Creative Labs sound cards. Provides audio support for DOS applications. Not needed if you don't have those. Required if you use "Sound Play Control" and "Sound Recorder". To disable: (1) Disable via MSCONFIG (2) Start -> Settings -> Control Panel -> System -> Device Manager then disable "Creative SB16 Emulation" under Creative Miscellaneous Devices
Description=eAcceleration Stop-Sign related - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm#ss_note" target="_blank">note</a>
[dhcp server]
Filename=regsvr.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotpr.html" target=_blank>RBOT-PR</a> WORM!
[dhcpagnt]
Filename=dhcpagnt.exe
Confirmed=Y
Description=Intel DSL modem driver - leave enabled or you'll have to re-install the drivers
[dhnuxb]
Filename=DHNUXB.exe
Confirmed=?
Description=<font color="#FF0000">??</font>
[diagent]
Filename=diagent.exe
Confirmed=N
Description=System Tray access for Creative Diagnostics for the Creative SoundBlaster series soundcards. Available via Start -> Programs
[dial22]
Filename=dlm.exe
Confirmed=X
Description=Adult content dialler
[dial33]
Filename=dlm.exe
Confirmed=X
Description=Adult content dialler
[dialer]
Filename=rundll32.exe msa32chk.dll
Confirmed=X
Description=Unidentfied malware
[dialer control]
Filename=dc.exe
Confirmed=U
Description=<a href="http://www.dialer-control.de/" target="_blank">Dialer-Control</a>. Detects and protects from premium rate p0rn diallers
[dialer detect]
Filename=dd.exe
Confirmed=U
Description=<a href="http://www.dialerdetect.nl/english/main.htm" target=_blank>DialerDetect</a> detects stealth installed premium rate diallers, and sounds the alarm when such a connection is being installed without you knowing it
[dialgo sdk]
Filename=PhoneAnswer.exe
Confirmed=U
Description=Dialgo Wave Modem ActiveX - "Telephone Answering Machine for scripting your own professional call center business scripts using a voice modem. Features Caller-ID, Wave Playback, Wave Recording, Digit Monitoring, POP3 e-mail Manipulation, Speech Recognition and Synthesis"
[dialnet]
Filename=mxt32.exe
Confirmed=X
Description=Adult content dialler
[dialog box assistant]
Filename=OSDEx.exe
Confirmed=N
Description=<a href="http://www.dualitysoft.com/osdex/" target="_blank">Dialog Box Assistant</a> from Duality Software. Helps with the standard Open and Save As dialog boxes by showing recently used files and folders
[dialog helper]
Filename=PDDLGHLP.EXE
Confirmed=N
Description=Dialog Helper from <a href="http://www.ontrack.com/powerdesk/">PowerDesk Pro</a> by Ontrack. Helps with the standard Open and Save As dialog boxes by showing recently used files and folders. Available via Start -> Programs
[dialup network application]
Filename=Rnaap.exe
Confirmed=X
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
[diamondview]
Filename=Diamondview.exe
Confirmed=?
Description=Manulife Financial Insurance program. <font color="#FF0000">Is it required at startup?<font>
[diecox]
Filename=csrss.exe
Confirmed=X
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100826.htm" target="_blank">ATM.GEN</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target="_blank">csrss.exe</a> process, which should not appear in Msconfig/Startup!
[diesel]
Filename=Recalculate.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.lazar.html" target=_blank>LAZAR</a> TROJAN!
[dietk]
Filename=DietK.exe
Confirmed=U
Description=<a href="http://www.dietk.com/" target="_blank">DietK</a> - add-on for Kazaa Media Desktop; "removes all adware and popups, built in Download Accelerator, makes searches faster and helps produce more results"
[digicell]
Filename=DigiCell.exe
Confirmed=U
Description=MSI DigiCell - "the most useful and powerful utility that MSI has spent much research and efforts to develop, helps users to monitor and configure all the integrated peripherals of the system, such as audio program, power management, MP3 files management and communication / 802.11g WLAN settings. Moreover, with this unique utility, you will be able to activate the MSI well-known features, Live Update and Core Center"
[digid]
Filename=DigitalSound.exe
Confirmed=X
Description=Adware downloader
[digital dashboard]
Filename=devgulp.exe
Confirmed=N
Description=For Compaq PC's. Loads Digital Dashboard options
[digital line detect]
Filename=DLG.exe
Confirmed=N
Description=Detects whether your are plugged into a digital telephone line and displays the information graphically. Installed by Dell (and maybe others) and is included with all Connexant V.92 and Broadcom modems
[digital river ebot]
Filename=downlo~1.exe
Confirmed=N
Description=Digital River Systems EBOT for downloading software from their site. In some cases, if you purchase software online for a download from a software manufacturer, you will be sent to this online company's site for the download after the purchase is complete. Read more <a href="http://groups.google.com/groups?hl=en&threadm=39727D1B.3754C1D1%40concentric.net&rnum=3&prev=/groups%3Fq%3DDigital%2BRiver%2BeBot%26btnG%3DGoogle%2BSearch%26hl%3Den" target="_blank">here</a>
Description=InstallShield's DigitalWizard - free, complete Digital Content Management Solution that makes it easy to experience digital content
[digitalwizard monitor]
Filename=dwMon.exe
Confirmed=N
Description=InstallShield's DigitalWizard - free, complete Digital Content Management Solution that makes it easy to experience digital content
[digservices]
Filename=DIGServices
Confirmed=U
Description=Created by Disney but licensed to ESPN for watching videos
[digstream]
Filename=digstream.exe
Confirmed=N
Description=DIGStream Cache Manager - part of <a href="http://espn.go.com/motion/download.html" target="_blank">ESPN Motion</a> and <a href="http://disney.go.com/guestservices/disneymotion/about.html" target="_blank"> Disney Motion</a> that periodically check for new videos and indication they're available in the System Tray. Starting ESPN Motion/Disney Motion starts digstream automatically
[dimension]
Filename=Dimension.exe
Confirmed=U
Description=Dimension - a program which lets you customize MSN messenger such as adding animated and coloured nicknames, personal toast creator, war tools (login flooder), and allows viewing and interacting with the raw MSN protocol
[dimension4]
Filename=d4.exe
Confirmed=U
Description=<a href="http://www.thinkman.com/dimension4/index.html" target="_blank">Dimension 4</a> - network time synchronization freeware - starts-up, adjusts the system clock, then shuts down
[dino3]
Filename=dino3.exe
Confirmed=X
Description=Related to Jurassic Park III and enables a dinosaur to walk across the screen. Also generates adverts and classified as adware as a result
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.cake.html" target="_blank">CAKE</a> WORM!
[direct settings]
Filename=sdchost.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdaemonii.html" target=_blank>DAEMONI-I</a> TROJAN!
[direct update]
Filename=DUControl.exe
Confirmed=U
Description=<a href="http://www.directupdate.net/" target="_blank">DirectUpdate</a> dynamic DNS updater
[direct x direct3d]
Filename=dxd3d.exe
Confirmed=X
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
[direct x opengl]
Filename=dxopengl.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotcj.html" target=_blank>RBOT-CJ</a> WORM!
[direct3d.exe]
Filename=direct3d.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojcertiff.html" target=_blank>CERTIF-F</a> TROJAN!
[directcd]
Filename=DirectCD.exe
Confirmed=N
Description=DirectCD primarily allows you to drag and drop files onto a suitably formatted CD-RW disc. Unless you use this on a frequent basis it isn't required and is available via Start -> Programs. Start the program before inserting a DirectCD formatted CD-RW in the drive. A re-boot is recommended if you close Adaptec DirectCD before re-opening it again later
[directs.exe]
Filename=directs.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.o@mm.html" target="_blank">BEAGLE.O</a> or <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.r@mm.html" target="_blank">BEAGLE.R</a> or <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.s@mm.html" target="_blank">BEAGLE.S</a> or <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.t@mm.html" target="_blank">BEAGLE.T</a> WORMS!
[directvdsl]
Filename=Directvdsl.exe
Confirmed=U
Description=Starts DirectTV DSL modem at boot up. Can also be started manually
[directx 32]
Filename=directx32.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target=_blank>AGOBOT/GAOBOT</a> WORM!
[directx for microsoft?windows]
Filename=fservice.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojproratp.html" target=_blank>PRORAT-P</a> TROJAN!
[directx shell driver]
Filename=[path to trojan]
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojmarktmanb.html" target=_blank>MARKTMAN-B</a> TROJAN!
[directx video driver]
Filename=dxterm5.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32wilaba.html" target=_blank>WILAB-A</a> TROJAN!
[directx64]
Filename=DirectXset.exe
Confirmed=X
Description=Added by the <a href="http://vil.nai.com/vil/content/v_100098.htm" target="_blank">BROWNEY.A</a> WORM!
[directx9 diag]
Filename=dx9diag.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotalt.html" target=_blank>RBOT-ALT</a> WORM!
[dirkey]
Filename=Dirkey.exe
Confirmed=U
Description=<a href="http://www.protonfx.com/dirkey/" target="_blank">Dirkey</a> - small utility that allows you to bookmark up to 9 folders by using the Ctrl+Alt+1..9 shortcut keys in an Open/Save File dialog or in Windows Explorer. After this the Ctrl+1..9 shortcut keys can be used in the same or another window to go to any of the 9 bookmarked folders
[disable ehci]
Filename=nousb20.exe
Confirmed=?
Description=<font color="#FF0000">??</font>
[discoveg]
Filename=discoveg.exe
Confirmed=?
Description=<font color="#FF0000">??</font>
[discoverdeskshop]
Filename=Deskshop.exe
Confirmed=N
Description=<a href="http://www.dealchecker.com/doc.cfm?OID=1091" target="_blank">Discover Deskshop</a> - single use "virtual" credit card
[disk manager]
Filename=diskver.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.AQT" target=_blank>RBOT.AQT</a> WORM!
[disk master]
Filename=[trojan name]
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.dister.html" target="_blank">DISTER</a> TROJAN! - a spam relayer
[diskcheck]
Filename=msdarkend.exe
Confirmed=X
Description=Added by an unidentified WORM or TROJAN!
[diskeepersystray]
Filename=DkIcon.exe
Confirmed=N
Description=<a href="http://www.executive.com/defrag/defrag.asp" target=_blank>DisKeeper</a> defragmentation software - can be started manually
[diskinf]
Filename=diskinf.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A" target="_blank">CRYPTER.A</a> TROJAN!
[diskmon.exe]
Filename=DISKMON.EXE
Confirmed=?
Description=<font color="#FF0000">??</font>
[disknag]
Filename=disknag.exe
Confirmed=N
Description=Dell program that reminds you to make your backup diskettes
[disk_monitor]
Filename=Disk_Monitor.exe
Confirmed=U
Description=Multi-media, Smartmedia, Compact Flash card reader for reading digital camera cards. Device is recognised as internal USB disk drive. Necessary if camera cards are to be recognised as soon as they are inserted into the reader
[display]
Filename=The_Eye.exe
Confirmed=U
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/spyware.comspysyssvr.html" target=_blank>ComSpySysSvr</a> surveillance software. Uninstall this software unless you put it there yourself
[display drivers]
Filename=cssrs.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.FX" target="_blank">AGOBOT.FX</a> WORM!
[display settings]
Filename=hptasks.exe
Confirmed=N
Description=Allows for the adjustment of the display for LCD screen, CRT Monitor and TV output on HP computers
[displaytrayicon]
Filename=TrayIcon.exe
Confirmed=N
Description=System Tray access to display properties for ABIT graphics cards. Unless you change your desktop resolution, etc regularily use Control Panel -> Display
[disspy]
Filename=disspy.exe
Confirmed=U
Description=<a href="http://www.h-desk.com/new/Features.13.0.html" target= blank>Disspy</a> spyware detection and removal software
[distiller assistant 3.01]
Filename=DISTASST.EXE
Confirmed=N
Description=From Adobe. Creates PDF universal files for Acrobat Reader. Available via Start -> Programs
[distributed.net client]
Filename=DNETC.EXE
Confirmed=U
Description=Dsitributed computing projects client from <a href="http://distributed.net/" target="_blank">Distributed.net</a> where numerous computers are used to share a projects workload - similar to SETI@Home and Folding@Home. Also prone to being distributed by <a href="http://distributed.net/trojans.html.en" target="_blank">viruses</a>
[ditask.exe]
Filename=DiTask.exe
Confirmed=N
Description=Associated with an <a href="http://www.eicon.com/worldwide/default.htm" target="_blank">Eicon Networks</a> ISDN or ADSL modem. System Tray icon which shows you the status of your lines (free, occupied with incoming or outgoing call). Available via Start -> Programs
[divamon.exe]
Filename=Divamon.exe
Confirmed=?
Description=Associated with an <a href="http://www.eicon.com/worldwide/default.htm" target=_blank>Eicon Networks</a> Diva ISDN or ADSL modem - <font color="#FF0000">what does it do and is it required?</font>
[divx mediaplayer 7.0]
Filename=Dr.DivX.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.aladinz.g.html" target="_blank">ALADINZ.G</a> TROJAN!
[divx player]
Filename=DivXPlayer.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
[divx updater]
Filename=DivX.Exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.naldem.html" target="_blank">NALDEM</a> TROJAN or MASTAK VIRUS!
[divx4 codec]
Filename=devldr32.exe
Confirmed=X
Description=Added by an unidentfied VIRUS! Note - this is not the legitimate Creative Labs <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/devldr32/F412" target=_blank>devldr32.exe</a> file
[djregfix]
Filename=regedit /s c:\hpdjregfix.reg
Confirmed=N
Description=DJRegFix showed up first in WinME as a "clever" way to ensure that all Hewlett-Packard DeskJet printers actually worked with WinME - since most were having major problems. This "utility" adds the functionality and compatibility HP forgot to add in its WinME drivers
[dkservice]
Filename=DkService.exe
Confirmed=Y
Description=From Executive Software's Diskeeper defragmenting utility - a replacement for Windows Disk Defragmenter. It's recommended to leave this enabled, otherwise you could have problems starting it manually.
[dktime]
Filename=dktime.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/downloader.lunii.html" target="_blank">LUNII</a> TROJAN!
[dkware lptt01]
Filename=dkware.exe
Confirmed=X
Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "DonkeySoft" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a ref="http://www.wilderssecurity.net/specialinfo/rapidblaster.html#removal" target="_blank"> here</a>
[dkware ml097e]
Filename=dkware.exe
Confirmed=X
Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "DonkeySoft" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a ref="http://www.wilderssecurity.net/specialinfo/rapidblaster.html#removal" target="_blank"> here</a>
[dkzzixm]
Filename=dkzzixm.exe
Confirmed=?
Description=<font color="#FF0000">??</font>
[dla]
Filename=tfswctrl.exe
Confirmed=Y
Description=Drive letter access to a UDF packet writer for CD-RW - from HP, Veritas an others. Similar to Roxio's DirectCD and does the same thing. From HP - "This is a needed file as it controles the readability of the Combo drives. Without this file loading the end user will be able to burn CD's but wont be able to read them. The drive itself will be able to read store bought master Cd's without the file but not burnt ones"
[dlatray]
Filename=Dlatray.exe
Confirmed=N
Description=System Tray access to DLA - Drive letter access to HP's and Veritas' version of DirectCD. Does the same thing as DirectCD. From HP - "This is a needed file as it controles the readability of the Combo drives. Without this file loading the end user will be able to burn CD's but wont be able to read them. The drive itself will be able to read store bought master Cd's without the file but not burnt ones"
[dlbcserv]
Filename=dlbcserv.exe
Confirmed=?
Description=Related to a Dell Photo Printer - <font color="#FF0000">what does it do and is it required?</font>
[dlder]
Filename=dlder.exe
Confirmed=X
Description=Advertising spyware. Considered to be one oft the worst - even creating a fake "explorer.exe" file. Can be installed via versions of "Grokster", "Lime Wire" and "KaZaA" amongst other file-sharing utilities (see <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.dlder.html" target="_blank">here</a>). Reported in the past as a virus
[dldir1]
Filename=caKe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.cake.html" target="_blank">CAKE</a> WORM!
[dlforcerexe]
Filename=DLForcerEXE.exe
Confirmed=?
Description=<font color="#FF0000">??</font>
[dlf_00000b00]
Filename=Vcdlf.exe
Confirmed=N
Description=Known to cause problems with "Out of memory" errors (see <a href="http://support.microsoft.com/default.aspx?scid=kb;EN-US;q303045" target="_blank">here</a>).<font color="#FF0000"> Otherwise, it's purpose is unknown</font>
[dlg]
Filename=DLGCHBW.exe
Confirmed=N
Description=Backweb part of Data LifeGuard - diagnostic tools for Western Digital's series of hard drives. Automatically detects an internet connection and downloads any available updates
[dlhelperexe]
Filename=WATCH.exe
Confirmed=N
Description=Download helper distributed with some software that allows the software installation to redirect download locations. Not required once the installation is finished
[dlhelperexe.exe]
Filename=N/A
Confirmed=X
Description=Downloader for Microgaming/Casino software - stealth installed
[dlhost]
Filename=dlhost.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojexphooka.html" target=_blank>EXPHOOK-A</a> TROJAN!
[dlink system tray]
Filename=dlnetst.exe
Confirmed=U
Description=Related to <a href="http://www.dlink.com/products/?pid=284" target=_blank>D-Link</a> DGE-530T PCI card for servers and workstations
[dlite]
Filename=dllmanager.exe
Confirmed=X
Description=Added by the <a href="http://es.trendmicro-europe.com/consumer/security_info/ve_detail.php?Vname=WORM_WOOTBOT.DN" target=_blank>WOOTBOT.DN</a> WORM!
[dll boot loader on startup (do not remove this)]
Filename=[various filenames]
Confirmed=X
Description=Added by an unidentified TROJAN!
[dll manager]
Filename=dllmngr32.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
[dll service manager]
Filename=[path to worm]
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.rpcbot.f.html" target="_blank">RPCBOT.F</a> TROJAN!
[dllcacherv2]
Filename=dllcachev2.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.lateda.html" target=_blank>LATEDA</a> TROJAN!
[dlldmt]
Filename=dlldmt.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojcrypterc.html" target="_blank">CRYPTER.C</a> TROJAN!
[dllexecutable]
Filename=[path to file]
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32vbsp.html" target= blank>VB-SP</a> WORM!
[dllhostxp.exe]
Filename=dllhostxp.exe
Confirmed=X
Description=Browser hijacker and adware downloader
[dllloader]
Filename=lssas.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbdoorje.html" target=_blank>JE</a> WORM!
[dlload]
Filename=killer.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojkillavfk.html" target=_blank>KILLAV-FK</a> TROJAN!
[dllreg]
Filename=dllreg.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A" target="_blank">CRYPTER.A</a> TROJAN!
[dllservice32]
Filename=dllsvc32.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.VX" target=_blank>AGOBOT.VX</a> WORM!
[dlsp2mx]
Filename=dlsp2mx.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/dialmpbb.html" target=_blank>MPB-B</a> DIALER! An uninstall option can be accessed via the Add or Remove Programs dialog in the Windows Control Panel. The software is listed as "dlsp2mx"
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/downloader.dluca.d.html" target="_blank">DLUCA.D</a> TROJAN!
[dm mgr]
Filename=dm_mgr.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.jittar.html" target="_blank">JITTAR</a> TROJAN!
[dmc]
Filename=dmc.exe
Confirmed=X
Description=Added by Trojan-Downloader.Win32.Dluca.bv TROJAN!
[dmildr]
Filename=dmildr.exe
Confirmed=N
Description=Part of <a href="http://docs.us.dell.com/docs/software/smcliins/cli60/en/ug/intro.htm" target="_blank">Dell OpenManage Client Instrumentation</a> - software that allows remote management application programs to access information about, monitor the status of or change the state of the client computer, such as shutting it down remotely. Uses the DMI and/or common information model (CIM) protocols, which are systems management protocols defined by industry standards. Available via Start -> Programs
[dmisl]
Filename=DMISL.EXE
Confirmed=N
Description=DMI (Desktop Management Interface) Service Layer for Intel TokenExpress network card software. DMI support for the Intel network card managed through the Desktop Management Interface. See <a href="http://support.intel.com/support/tokenexpress/pro/11601.htm" target="_blank">here</a> for more information
[dmislapp]
Filename=DMISLAPP.exe
Confirmed=N
Description=DMI (Desktop Management Interface) Service Layer for Intel TokenExpress network card software. DMI support for the Intel network card managed through the Desktop Management Interface. See <a href="http://support.intel.com/support/tokenexpress/pro/11601.htm" target=_blank>here</a> for more information
[dmsvc32]
Filename=Dmsvc32.exe
Confirmed=X
Description=Added by the <a href="http://es.trendmicro-europe.com/enterprise/security_info/ve_detail.php?VName=WORM_AGOBOT.ABU&VSect=T" target=_blank>AGOBOT.ABU</a> WORM!
[dmtdll]
Filename=dmtdll.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojcrypterc.html" target="_blank">CRYPTER.C</a> TROJAN!
[dmxlauncher]
Filename=DMXLauncher.exe
Confirmed=U
Description=Part of Dell's Media Experience, a multimedia suite which offers the user functionality to organise and play music and digital video files
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/trojan.mitglieder.p.html" target=_blank>MITGLIEDER.P</a> TROJAN!
[dnar]
Filename=Dnar.exe
Confirmed=X
Description=Unknown, except that it is not necessary. Tends to phone home a lot. DMI related - see <a href="http://www.spywareinfo.com/yabbse/index.php?board=10;action=display;threadid=1137;start=0" target="_blank">here</a>
[dne binding watchdog]
Filename=rundll dnes.dll, DnDneCheckBindings
Confirmed=Y
Description=Deterministic NDIS Extender (DNE). DNE is an NDIS-compliant module which appears to be a network device driver to all protocol stacks and a protocol driver to all network device drivers. Part of Gilat Communications internet satellite systems. Required if you have this system. Also installed by Winproxy - a proxy program for sharing internet connections through one computer. Required if you want it to work
[dne dun watchdog]
Filename=rundll dnes.dll, DnDneCheckDUN13
Confirmed=Y
Description=Deterministic NDIS Extender (DNE). DNE is an NDIS-compliant module which appears to be a network device driver to all protocol stacks and a protocol driver to all network device drivers. Part of Gilat Communications internet satellite systems. Required if you have this system. Also installed by Winproxy - a proxy program for sharing internet connections through one computer. Required if you want it to work
[dns resolver]
Filename=dnsrslve.exe
Confirmed=X
Description=Added by the <a href="http://sophos.com/virusinfo/analyses/w32rbotws.html" target=_blank>RBOT-WS</a> WORM!
[dns service]
Filename=dnsresolver.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotpq.html" target=_blank>RBOT-PQ</a> WORM!
[dns2goclient]
Filename=dns2goclient.exe
Confirmed=?
Description=<a href="http://dns2go.deerfield.com/" target="_blank">DNS2Go</a> is a Domain Name System that will make your computer accessible anytime, anywhere by associating a domain name of your choice to your currently assigned IP address. <font color="#FF0000">Is it required?</font>
[dnscacheboost]
Filename=dnsping.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdnsbusta.html" target= blank>DNSBUST-A</a> TROJAN!
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_DOTOR.A" target="_blank">DOTOR.A</a> WORM!
[documagix init]
Filename=PWATCH.EXE
Confirmed=N
Description=<a href="http://www.documagix.com/" target="_blank">PaperMaster</a> is an application for the PC designed to automate the process of organizing, archiving, and retrieving digital versions of files. Start manually if needed
[doggy style]
Filename=MsPMSPSd.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotaap.html" target=_blank>SDBOT-AAP</a> WORM!
[dogstart]
Filename=GSDOGST.EXE
Confirmed=X
Description=Added by an unidentified VIRUS, WORM or TROJAN! A possibility is a trojan known as PENIS
[doing]
Filename=doing.exe
Confirmed=?
Description=<font color="#FF0000">??</font>
[doit.exe]
Filename=doit.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotek.html" target= blank>FORBOT-EK</a> WORM!
[don't panic]
Filename=dontpanicdemodp.exe
Confirmed=U
Description=30-day trial version of <a href="http://www.panicware.com/product_dp.html" target="_blank">Don't Panic</a> privacy software from Panicware. "Clean up Internet tracks and quickly hide personal documents with this privacy suite."
[don't panic pop-up stopper]
Filename=dpps2.exe
Confirmed=U
Description=<a href="http://www.panicware.com/product_companion.html" target="_blank">Pop-Up Stopper Companion</a> from Panicware. Pop-up blocker integrated into the IE toolbar. Note that the Pro version doesn't load in startup as it is installed as an Internet Explorer toolbar. Can cause problems with IE if you use WinXP and uninstall Service Pack 1. Uninstalling the software leaves it in the startup group
[dopus]
Filename=dopus.exe
Confirmed=U
Description=<a href="http://gpsoft.com.au/Intro.html" target="_blank">Directory Opus</a> - a file manager from GPSoft
[dos]
Filename=dos64.exe
Confirmed=X
Description=Adware downloader trojan
[dos prompt loader]
Filename=cygwin.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotvv.html" target= blank>SDBOT-VV</a> WORM!
[dosbat]
Filename=??
Confirmed=?
Description=<font color="#FF0000">??</font>
[douwantit]
Filename=duwi.exe
Confirmed=N
Description=DoUWantIt - online shopping assistant. Start it manually
[download accelerator plus 5.0]
Filename=DAP.exe
Confirmed=N
Description=<a href="http://www.speedbit.com/" target="_blank">Download Accelerator Plus</a> from Speedbit. Download manager for resuming downloads, amongst other features. Available via Start -> Programs. Note that the free version is adware based
Description=<a href="http://www.forty.com/" target="_blank">Download Wonder</a> from Forty Software. Download manager for resuming downloads, amongst other features
[downloadaccelerator]
Filename=DAP.EXE
Confirmed=N
Description=<a href="http://www.speedbit.com/" target="_blank">Download Accelerator Plus</a> from Speedbit. Download manager for resuming downloads, amongst other features. Available via Start -> Programs. Note that the free version is adware based
[downloadlegalmusic]
Filename=rundll32.exe MSA64CHK.dll, DllMostrar
Confirmed=X
Description=<a href="http://research.sunbelt-software.com/threat_display.cfm?name=MatrixDialer&threatid=14914&search=MatrixDialer" target=_blank>MatrixDialer</a> related
Description=<a href="http://www.professionalsatellite.com/html/direcway_dw4000_features.html" target="_blank">DirecWay</a> from DirectTV satellite based high-speed internet access
[dpconfig]
Filename=DPConfig.exe
Confirmed=N
Description=Compuware DevPartner Studio Configuration Utility, a tool for software developers - System Tray access to configure the utility's analysis. Not required at startup, can be launched from the Start Menu programs group when needed
[dpcproxy]
Filename=dpcproxy.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojgoldenpa.html" target="_blank">GOLDENP-A</a> TROJAN!
[dpcproxyloadonstartup]
Filename=dpcstart.exe
Confirmed=Y
Description=<a href="http://www.professionalsatellite.com/html/direcway_dw4000_features.html" target="_blank">DirecWay</a> from DirectTV satellite based high-speed internet access
[dpi]
Filename=dpi.exe
Confirmed=X
Description=<a href="http://www.spywareguide.com/product_show.php?id=727" target=_blank>Delfin Media Viewer</a> or "Promulgate" adware
[dpnsvr32]
Filename=dpnsvr32.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojaolpassb.html" target=_blank>AOLPASS-B</a> TROJAN!
[dpps2]
Filename=dpps2.exe
Confirmed=U
Description=<a href="http://www.panicware.com/product_companion.html" target="_blank">Pop-Up Stopper Companion</a> from Panicware. Pop-up blocker integrated into the IE toolbar. Note that the Pro version doesn't load in startup as it is installed as an Internet Explorer toolbar. Can cause problems with IE if you use WinXP and uninstall Service Pack 1. Uninstalling the software leaves it in the startup group
[dps]
Filename=dps.exe
Confirmed=X
Description=<a href="http://doxdesk.com/parasite/SmartestSearch.html" target= blank>SmartestSearch</a> parasite - poses as a foistware, bogus adware/spyware remover called "scumware-remover"
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbdoorjm.html" target=_blank>JM</a> TROJAN!
[dregfix]
Filename=ph_finder.exe
Confirmed=?
Description=<font color="#FF0000">??</font>
[drgtodsc]
Filename=DrgToDsc.exe
Confirmed=N
Description=Part of Roxio EasyCD Creator 6.0 - places the Roxio Drag-to-Disc icon in you system tray. "Easily drag and drop files for burning to CD or DVD. Disc formatting and burning will happen automatically". Not required for Roxio to work properly
[dried.exe]
Filename=dried.exe
Confirmed=?
Description=<font color="#FF0000">??</font>
[driveled]
Filename=OODLed.exe
Confirmed=N
Description=<a href="http://www.oosoft.de/english/products/oodl/" target="_blank">O&O DriveLED</a> - displays your HDD LED on your monitor. Start manually
[driver]
Filename=gbot.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_JUNTADOR.K" target="_blank">JUNTADOR.K</a> TROJAN!
[driver32]
Filename=Scam32.exe
Confirmed=X
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/w32.sircam.worm@mm.html" target="_blank"> SIRCAM</a> WORM!
[drivercheck]
Filename=svchost.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdelfkr.html" target=_blank>DELF-KR</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a C:\DriverLoad folder
[driverdb]
Filename=svcmdx32.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.berpi.html" target=_blank>BERPI</a> TROJAN!
[driverload]
Filename=svchost.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdelfkr.html" target=_blank>DELF-KR</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a C:\DriverLoad folder
[driverpath]
Filename=system32.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojprorats.html" target=_blank>PRORAT-S</a> TROJAN!
[driveselect]
Filename=driveselect.exe
Confirmed=N
Description=DVD X Copy XPress by 321 Studios. Creates a pop-up at Windows startup that asks for the DVD drive to be selected. Available via Start -> Programs
[drkly16j]
Filename=rundll32.exe drkly16j.dll, ServiceCheck
Confirmed=U
Description=<a href="http://www.kidswatch.com/" target=_blank>KidsWatch Time Control</a> parental control software
[drmon smartagent]
Filename=SmartAgt.exe
Confirmed=U
Description=Part of the network monitoring program group for 3Com NIC cards. See <a href="http://support.3com.com/infodeli/tools/netmgt/rmonprob/product/drmon/chap1.htm" target="_blank">here</a> for more info
[drmu]
Filename=W95Mm.exe
Confirmed=X
Description=Homepage hijacker installing a toolbar: http://tdko.com/. Lop.com in disguise. See this <a href="http://www.lavasoft.nu/cgi-bin/forums/ikonboard.cgi?s=3d69d34f399dffff;act=ST;f=14;t=304;st=0" target="_blank">thread</a>
[drocher]
Filename=d.exe
Confirmed=X
Description=Adult content dialler
[drvddll.exe]
Filename=drvddll.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.ap@mm.html" target="_blank">BEAGLE.AP</a> WORM!
[drvddll_exe]
Filename=drvddll.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.x@mm.html" target="_blank">BEAGLE.X</a> WORM!
[drvlistnr]
Filename=DrvListnr.exe
Confirmed=?
Description=Analog Devices SoundMAX soundcard related.<font color="#FF0000"> What does it do and is it required?</font>
[drvlsnr]
Filename=drvlsnr.exe
Confirmed=U
Description=Compaq/ADI SoundMAX integrated digital audio controller related. May solve a problem if your sound cuts out unexpectedly
[drvnetw]
Filename=drvnetw.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbroggerb.html" target=_blank>BROGGER-B</a> TROJAN!
[drvr32h]
Filename=drvr32h.exe
Confirmed=X
Description=Added by an unidentified VIRUS, WORM or TROJAN!
[drvrmanager]
Filename=drvrquery32.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/bat.boohoo.worm.html" target="_blank">BOOHOO</a> WORM!
[drvsys.exe]
Filename=drvsys.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.w@mm.html" target="_blank">BEAGLE.W</a> WORM!
[drvupd]
Filename=rundll32 ..drvupd.inf
Confirmed=X
Description=Hijacker - drvupd.inf file installs a "searchforge.com" hijack
[drweb antivirus]
Filename=DRWEBAV.EXE
Confirmed=X
Description=Added by an unidentified WORM or TROJAN!
[drwebscheduler]
Filename=Drwebscd.exe
Confirmed=Y
Description=<a href="http://www.sald.com/" target="_blank">Dr. Web</a> antivirus related - scheduler that allows you to manage an automatic launch of applications, in particular the antivirus scanner or the update subsystem
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.spymon.html" target=_blank>SPYMON</a> TROJAN!
[ds clock]
Filename=dsclock.exe
Confirmed=U
Description=Digital desktop clock including synchronization with atomic servers - see <a href="http://www.dualitysoft.com/dsclock/" target="_blank">here</a>
[dsa]
Filename=dsa.exe
Confirmed=X
Description=Homepage hijacker - redirecting to downseek.com
[dsacass]
Filename=[path to file]
Confirmed=X
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/backdoor.ranky.m.html" target=_blank>RANKY.M</a> TROJAN!
Description=Anti-spyware from Dell. Seems that after Dell found out certain applications being installed from DVD's would report back information about what customers were watching, they decided to implement an anti-spyware service. Run manually before installation starts
[dskcompat]
Filename=Dskcompat.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html" target="_blank">GEMA</a> TROJAN!
[dsl monitor]
Filename=spdstrm.exe
Confirmed=N
Description=Comes with Efficient Networks DSL Modems. Little red/green/yellow flashing icon in system tray
[dslagentexe]
Filename=DSLagent.exe
Confirmed=Y
Description=Used in conjunction with USB connected ADSL modems from <a href="http://www.eicon.com/worldwide/default.htm" target="_blank">Eicon Networks</a> (as used by BT for its Broadband internet service for example). Required for a permanent ADSL connection
[dslmon]
Filename=dslmon.exe
Confirmed=Y
Description=Sagem DSL modem related. Apparently needed to detect the modem
[dslstatexe]
Filename=dslstat.exe
Confirmed=U
Description=System tray connection status for ADSL modems from Eicon Networks (as used by BT Broadband for example)
[dsservice]
Filename=dmrss.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotxx.html" target=_blank>AGOBOT-XX</a> WORM!
[dsssgens]
Filename=dssagens.exe
Confirmed=?
Description=<font color="#FF0000">??</font>
[du meter]
Filename=DUMETER.EXE
Confirmed=N
Description=<a href="http://www.dumeter.com/main.php" target="_blank">Hagel Technologies</a> internet bandwidth monitor
[duck]
Filename=duck.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotavg.html" target=_blank>AGOBOT-AVG</a> WORM!
[dumeter services]
Filename=dumeter.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotaeq.html" target=_blank>SDBOT-AEQ</a> WORM!
[dumprep 0 -k]
Filename=dumprep 0 -k
Confirmed=N
Description=Used in connection with memory dumps - you can disable these by - right clicking on My Computer, selecting Properties and then the Advanced tab. Click on the Settings button in 'Startup and Recovery'. In the bottom pane - under 'Write debugging information' - click on the down arrow and then select 'None' - OK your way out
[dumprep 0 -u]
Filename=dumprep 0 -u
Confirmed=N
Description=Used in connection with memory dumps - you can disable these by - right clicking on My Computer, selecting Properties and then the Advanced tab. Click on the Settings button in 'Startup and Recovery'. In the bottom pane - under 'Write debugging information' - click on the down arrow and then select 'None' - OK your way out
[dun_services3]
Filename=dun3.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.sokiron.html" target=_blank>SOKIRON</a> TROJAN!
[duweculey]
Filename=yujixit.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.BRP&VSect=P" target=_blank>SDBOT.BRP</a> WORM!
[dvd43]
Filename=DVD43_Tray.exe
Confirmed=N
Description=<a href="http://www.dvdidle.com/dvd43.htm" target="_blank">DVD43</a> is "a small tool that integrates into Windows and overrides CSS copy-protection found on DVD movies"
[dvd98]
Filename=windvd98.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.cult.p@mm.html" target="_blank">CULT.P</a> WORM!
[dvdbitset]
Filename=DVDBitSet.exe
Confirmed=U
Description=DVD+RW Drive/Disc Compatibility Setting. Installed with HP DVD+RW drives to enhance compatibility with existing readers. You can also set a DVD+RW default drive write mode which is always used
[dvdcheck]
Filename=DVDCheck.exe
Confirmed=?
Description=Related to an <a href="http://www.intervideo.com/jsp/Home.jsp" target=_blank>Intervideo</a> program. <font color="#FF0000">What does it do and is it required in startup?</font>
[dvdcompat]
Filename=Dvdcompat.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html" target="_blank">GEMA</a> TROJAN!
[dvdlauncher]
Filename=DVDLauncher.exe
Confirmed=N
Description=A process belonging to the Cyberlink PowerCinema video viewing software which allows you to play DVDs upon insertion. Non-essential process - and is installed for ease of use
[dvdsentry]
Filename=DSentry.exe
Confirmed=N
Description=Anti-spyware from Dell. Seems that after Dell found out certain applications being installed from DVD's would report back information about what customers were watching, they decided to implement an anti-spyware service. Run manually before installation starts
[dvdtray]
Filename=DVDTray.exe
Confirmed=N
Description=HP CD/DVD Tray icon installed with the DVD writer software. Periodically checks for new drive firmware
[dvdupgrade]
Filename=DVDUpgrd.exe
Confirmed=N
Description=Microsoft program to upgrade your DVD decoder program - see <a href="http://support.microsoft.com/default.aspx?scid=kb;en;306331" target=_blank>Q306331</a>. Available via Start -> Programs
[dvp95]
Filename=Dvp95.exe
Confirmed=Y
Description=Scan engine for <a href="http://www.f-secure.com/index.shtml" target="_blank">F-Secure</a> and Command antivirus software based on the <a href="http://www.f-prot.com" target="_blank">F-Prot AntiVirus</a> engine
[dvpapi9x]
Filename=DVPAPI9X.exe
Confirmed=Y
Description=Command AntiVirus for Windows 95/98/Me
[dvpinitexe]
Filename=Dvpinit.exe
Confirmed=Y
Description=<a href="http://www.command.co.uk/html/products/csav/index.cfm">Command Antivirus</a> related
[dvprpt]
Filename=Dvprpt.exe
Confirmed=Y
Description=<a href="http://www.command.co.uk/html/products/csav/index.cfm">Command Antivirus</a> real time protection
[dvraudio]
Filename=dvraudio.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojcrypterc.html" target="_blank">CRYPTER.C</a> TROJAN!
[dvsfss]
Filename=fbsfsdrs.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotqa.html" target="_blank">SDBOT-QA</a> WORM!
[dvsync]
Filename=dvsync.exe
Confirmed=U
Description=DVSync is the program that allows you to synchronize your daVinciÆs PDA's data with your Personal Information Manager on the PC
[dvx]
Filename=wsxsvc.exe
Confirmed=X
Description=<a href="http://www.spywareguide.com/product_show.php?id=727" target=_blank>Delfin Media Viewer</a> or "Promulgate" adware variant
Description=DWHeartbeatMonitor.exe is installed alongside the Weather.com instant messaging utility. This is a non-essential process. Disabling or enabling this is down to user preference
[dwlclient]
Filename=support.exe
Confirmed=N
Description=Download manager for Dell support alerts
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_DEXTER.A" target="_blank">DEXTER.A</a> WORM!
[dx8compat]
Filename=Dx8compat.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html" target="_blank">GEMA</a> TROJAN!
[dxdiags.exe]
Filename=dxdiags.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojcertifg.html" target=_blank>CERTIF-G</a> TROJAN!
[dxdll32]
Filename=ntxdll.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.cpx.html" target=_blank>GAOBOT.CPX</a> WORM!
[dxdllregexe]
Filename=dxdllreg.exe
Confirmed=N
Description=Created when you select "Yes" to check the "WHQL Digital signatures" in the DirectX9 files at the first time you open it
[dxload]
Filename=DX3DRndr.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.gibe.b@mm.html" target="_blank">GIBE.B</a> WORM!
[dxm6patch_981116]
Filename=p_981116.exe
Confirmed=N
Description=Win32 cabinet self extractor. More info <a href="http://groups.google.com/groups?hl=en&threadm=OpHhSjpd%24GA.249%40cppssbbsa04&rnum=18&prev=/groups%3Fq%3DP_981116.exe%26hl%3Den%26start%3D10%26sa%3DN" target="_blank">here</a>
[dxmsrv]
Filename=dxmsrv.exe
Confirmed=X
Description=Added by an unidentified WORM or TROJAN!
[dxsty]
Filename=Dxsty.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html" target="_blank">GEMA</a> TROJAN!
[dxupdate.exe]
Filename=Dxupdate.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.mafeg.html" target="_blank">MAFEG</a> WORM!
[dxvid]
Filename=dxvid.exe
Confirmed=X
Description=Added by Trojan-Downloader.Win32.Dluca.by TROJAN!
[dyfuca]
Filename=optimize.exe
Confirmed=X
Description=Adult content dialler - see <a href="http://www.sophos.com/virusinfo/analyses/dialdyfucaa.html" target="_blank">here</a>
[dyfuca active alert]
Filename=actalert.exe
Confirmed=X
Description=Adult content dialler - see <a href="http://www.sophos.com/virusinfo/analyses/dialdyfucaa.html" target="_blank">here</a>
[dynamic link library loader]
Filename=Loader32.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.kol.html" target=_blank>KOL</a> TROJAN!
[dyndns updater]
Filename=DynDNS.exe
Confirmed=U
Description=Dynamic DNS IP address updater tool, used as a client for Dynamic DNS service providers such as http://www.DynDNS.org
[dyndns-updater traytool]
Filename=ddutray.exe
Confirmed=N
Description=<a href="http://www.dyndns.org/services/dyndns/" target="_blank">DynDNS</a> updater tray icon - allows easy configuration of the Dynamic DNSSM service. Can be run manually
[dynhttp dns binary]
Filename=dynizari.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target= blank>RBOT</a> WORM!
[dynsite]
Filename=DynSite.exe
Confirmed=U
Description=<a href="http://noeld.com/download.htm" target=_blank>DynSite</a> - dynamic DNS client, also called an automatic IP updater
[dynu basic client]
Filename=dynubas.exe
Confirmed=U
Description=<a href="http://www.dynu.com/" target=_blank>Dynu</a> online dynamic IP update client. Useful when using a dial up modem
[dzkillme]
Filename=DZSAVEME.EXE
Confirmed=?
Description=<font color="#FF0000">??</font>
[e-card]
Filename=ecard.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.yodi.html" target="_blank">YODI</a> WORM!
[e-color]
Filename=IconMgr.Exe
Confirmed=U
Description=Sets the colour of your monitor when running games that recognise E-Color so that you get 'what the game designer intended' when you see the game. Also allows monitor callibration through a program called 3-Deep. If you play a lot of games it can be useful. Can be disabled from starting up from within the program
[e6taskpanel]
Filename=TaskPanl.exe
Confirmed=N
Description=Earthlink Task Panel - part of <a href="http://www.earthlink.net/home/software/" target="_blank">Earthlink TotalAccess 2003</a> internet access software. Quick access to internet, E-mail and web-space
[eabconfg.cpl]
Filename=EabServr.exe
Confirmed=U
Description=Easy Access Buttons control panel on Compaq laptops. Only required if you use the extra keys
Description=For Compaq PC's. <a href="http://h18000.www1.hp.com/support/techpubs/whitepapers/13W1-1200a-wwen.html" target="_blank"> Easy Access</a> button support for the keyboard
[eac_cnry]
Filename=canary.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojcanary.html" target="_blank"> CANARY</a> TROJAN!
[eac_rnvdl]
Filename=ANTIVIRUS_INSTALL.EXE
Confirmed=?
Description=<font color="#FF0000">??</font>
[eanthology_install.exe]
Filename=eanthology_install.exe
Confirmed=N
Description=eAcceleration Stop-Sign related - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm#ss_note" target="_blank">note</a>
[eanth_critical_update_alert]
Filename=sys_alert.exe
Confirmed=N
Description=eAcceleration Stop-Sign related - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm#ss_note" target=_blank>note</a>
[eanth_system_patcher]
Filename=sys_alert.exe
Confirmed=N
Description=eAcceleration Stop-Sign related - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm#ss_note" target="_blank">note</a>
[earthlink toolbar 5.0]
Filename=etoolbar.exe
Confirmed=N
Description=EarthLink Toolbar is a tool to help you get to all of the resources of the internet. EarthLink 5.0 Setup adds a few basic buttons to the Toolbar, but you can delete these or add more buttons any time
[easy key]
Filename=easykey.exe
Confirmed=U
Description=For programming of the built-in functions keys on some laptops (and maybe desktops). Required if these are used
[easy start button]
Filename=esb.exe
Confirmed=N
Description=Provides functionality on certain laptops that have additional keys. Not required unless you use the extra keys
[easy-printtoolbox]
Filename=BJPSMAIN.EXE
Confirmed=U
Description=A utility to launch the applications that are bundled with a Canon bubblejet printer
[easyav]
Filename=EasyAV.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.s@mm.html" target="_blank">NETSKY.S</a> or <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.t@mm.html" target="_blank">NETSKY.T</a> WORMS!
[easydates]
Filename=EasyDates.exe
Confirmed=X
Description=Premium rate adult content dialler
[easydates_nl]
Filename=EasyDates_nl.exe
Confirmed=X
Description=Adult content dialler
[easykey]
Filename=easykey.exe
Confirmed=U
Description=For programming of the built-in functions keys on some laptops (and maybe desktops). Required if these are used
[easykeyboardlogger]
Filename=EasyKeyboardLogger
Confirmed=U
Description=<a href="http://www.symantec.com/avcenter/venc/data/spyware.easykeylogger.html" target=blank>EasyKeyLogger</a> ?keystroke logger/monitoring program. Given a "U" recommendation because it depends if you intentionally installed it. If you didn't treat it as "X" and uninstall or remove
[easymessage]
Filename=em2.exe
Confirmed=U
Description=Easy Messenger, instant messenger for MSN, AOL, ICQ, and Yahoo. See <a href="http://www.easymessage.net/" target="_blank">here</a>
[easysearchbar]
Filename=ESBUpdate.exe
Confirmed=X
Description=EasySearchBar adware downloader
[easyserv]
Filename=Server.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.easyserv.html" target="_blank">EASYSERV</a> TROJAN!
[easysync pro]
Filename=XCPCMenu.exe
Confirmed=U
Description=<a href="http://www.lotus.com/products/easysyncpro.nsf" target="_blank">EasySync Pro</a> is a Lotus program for synchronizing a PDA with Lotus Notes
[easytuneiii]
Filename=EasyTune.exe
Confirmed=U
Description=Tuning (overclocking) utility for Gigabyte motherboards. Shortcut available
[easytuneiv]
Filename=ET4Tray.exe
Confirmed=U
Description=Tuning (overclocking) utility for Gigabyte motherboards. Shortcut available
[easywww]
Filename=easywww2.exe
Confirmed=X
Description=Added by an unidentified VIRUS, WORM or TROJAN!
Description=<a href="http://pages.ebay.com/ebay_toolbar/" target="_blank">eBay Toolbar</a> - reportes as spyware as it "phones home"
[ebaytoolbar]
Filename=eBayTBDaemon.exe
Confirmed=U
Description=<a href="http://pages.ebay.com/ebay_toolbar/" target=_blank>eBay</a> toolabar related - also contains eBay account Guard which monitors for fraudulent eBay sites
[eboard]
Filename=Eboard.exe
Confirmed=U
Description=eMachines multimedia keyboard manager. Required if you use the extra keys
[ebot]
Filename=DownloadWizard.exe
Confirmed=N
Description=<a href="http://www.ebot.com/index.html" target="_blank">eBot</a> from Digital River - "helps ensure your computer always has the latest technology, fixes, add-ons, upgrades and 'cool stuff'." Can optionally be installed with software such as Net Nanny internet filtering software. Available via Start -> Programs
[ecpe]
Filename=ECPE.EXE
Confirmed=?
Description=<font color="#FF0000">??</font>
[edexter]
Filename=edexter.exe
Confirmed=N
Description=<a href="http://www.pyrenean.com/edexter.php" target=_blank>eDexter</a> supplements internet filtering by substituting local images for filtered images in order to prevent browser stalls and other annoyances. Can be activated manually when starting the browser
[editpad]
Filename=editpad.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojconsperb.html" target="_blank">CONSPER-B</a> TROJAN!
[edloader]
Filename=DTLoader.exe
Confirmed=N
Description=Effective Desktop from MiniStars Software - desktop management software no longer being supported
[edonkey2000]
Filename=edonkey2000.exe
Confirmed=U
Description=File sharing network - not recommended as the free version of this application should be avoided as it installs, without permission, New.Net, Webhancer, WebSearch Toolbar and WinTools
[edrestore]
Filename=??
Confirmed=U
Description=<a href="http://www.easydesksoftware.com/spoint.htm" target="_blank">Set Point</a> from Easy Desk Software - "small utility that automatically sets System Restore points for WinME/XP"
[educational writer]
Filename=[random filename]
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotlz.html" target="_blank">RBOT-LZ</a> WORM!
[edwizard]
Filename=Edwizard.exe
Confirmed=U
Description=<a href="http://www.ediport.hu/_sgeasy.html" target="_blank">SafeGuard Easy</a> - "provides total company-wide protection for sensitive information on laptops and workstations. Boot protection, pre-boot user authentication and hard disk encryption using powerful algorithms guarantee against unauthorized access and hacker attacks"
[efax tray menu]
Filename=HotTray.exe
Confirmed=N
Description=eFax Messenger Tray Menu system tray icon for eFax Messenger Plus. Available via Start -> Programs. Disabling instructions available <a href="http://www.efax.com/help/index.asp" target="_blank">here</a>
[efax.com tray menu]
Filename=HotTray.exe
Confirmed=N
Description=eFax Messenger Tray Menu system tray icon for eFax Messenger Plus. Available via Start -> Programs. Disabling instructions available <a href="http://www.efax.com/help/index.asp" target="_blank">here</a>
[efaxs lptt01]
Filename=efaxs.exe
Confirmed=X
Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "efaxs" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a ref="http://www.wilderssecurity.net/specialinfo/rapidblaster.html#removal" target="_blank"> here</a>
[efaxs ml097e]
Filename=efaxs.exe
Confirmed=X
Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "efaxs" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a ref="http://www.wilderssecurity.net/specialinfo/rapidblaster.html#removal" target="_blank"> here</a>
[efpap.exe]
Filename=Efpap.exe
Confirmed=U
Description=<a href="http://www.softstack.com/fileprotpro.html" target="_blank">Easy File & Folder Protector</a>. Deny access to certain files and folders, or to hide them securely from viewing and searching
[ehtray]
Filename=ehtray.exe
Confirmed=U
Description=Windows XP <a href="http://msdn.microsoft.com/library/en-us/MedctrSDK/htm/formoreinformation.asp" target=_blank>Media Center Edition</a> 2005. Enables the user to access Windows Messenger from within Media Center
[ei10.exe]
Filename=ei10.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotnk.html" target=_blank>AGOBOT-NK</a> WORM!
[eicon networkslan_daemon]
Filename=watch.exe
Confirmed=U
Description=Associated with an <a href="http://www.eicon.com/worldwide/default.htm" target="_blank">Eicon Networks</a> ISDN or ADSL modem. Watch protocols your connection with numbers and duration. You need callvu.exe (from Start Menu) to see your connection statistics. You can manually start watch.exe before you go online. Needs diinfo.exe (started by DiTask) to work correctly which can be started manually
[eicon technologylan_daemon]
Filename=watch.exe
Confirmed=U
Description=Associated with an <a href="http://www.eicon.com/worldwide/default.htm" target="_blank">Eicon Networks</a> ISDN or ADSL modem. Watch protocols your connection with numbers and duration. You need callvu.exe (from Start Menu) to see your connection statistics. You can manually start watch.exe before you go online. Needs diinfo.exe (started by DiTask) to work correctly which can be started manually
[eixfi]
Filename=china.bat
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BAT_WCUP.A" target="_blank">WCUP.A</a> WORM!
[elbycheck]
Filename=ElbyCheck.exe
Confirmed=U
Description=From <a href="http://www.elby.org/english/corp/index.htm" target="_blank">Elaborate Bytes</a> who make CloneCD - monitors the installed filters of CD-ROMs/DVD-ROMs. Note - under Win2K removing this from startup causes the CD drive in the computer to not be recognized in the OS and after rechecking it prompts that the driver has been corrupted and asks you to restart the computer to fix it
[electron microscope]
Filename=EMIII.exe
Confirmed=U
Description=Electron Microscope or <a href="http://www.em-dc.com/" target=_blank>EM</a> - is a program used to track Stanford's distributed computing program client called Folding at Home, <a href="http://folding.stanford.edu/" target=_blank>FAH</a>. It will monitor up to 50 clients and give you the details about each client's progress as the FAH client runs. EM will also show you what each change in the protein looks like as the process continues
[element]
Filename=Element.txt
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.elem.trojan.html" target="_blank">ELEM</a> TROJAN!
[element furth]
Filename=[path] repcale.exe [path] palsp.exe
Confirmed=X
Description=Added by a variant of the <a href="http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_RANDON.AN" target=_blank>RANDON.AN</a> WORM!
[elm]
Filename=Elmenv.exe
Confirmed=N
Description=ViaTech eLicense for securing, distributing and selling music online
Description=Allows you to totally customize your ELSA graphics card settings, including overclocking the GPU
[elsacapictl]
Filename=Rcapi.exe
Confirmed=Y
Description=Assumed to stand for Remote Common Application Programming Interface (RCAPI), this was installed with an Elsa Microlink ISDN modem. If it is not there you can not bring up the dialog box which is sometimes needed to reset the modem
[elsachipguard]
Filename=elsavect.exe
Confirmed=U
Description=ChipGuard for ELSA graphics cards - monitoring solution which monitors both the GPU temperature and fan speed, and will halt the system if either are at dangerous levels and restore the default clock speeds upon reboot. Leave enabled if overclocking
[ema.exe]
Filename=EMA.EXE
Confirmed=N
Description=Time management system which helps you to manage your time and appointments
[emachines eboard]
Filename=Eboard.exe
Confirmed=U
Description=eMachines multimedia keyboard manager. Required if you use the extra keys
[emcryt sh3ars panagers]
Filename=[path to worm]
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotawi.html" target=_blank>RBOT-AWI</a> WORM!
[emoc0re]
Filename=emo.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotage.html" target= blank>AGOBOT-AGE</a> WORM!
[emsw.exe]
Filename=emsw.exe
Confirmed=X
Description=Attune HelpExpress - spyware. Disable and uninstall - see <a href="http://www.c-squad.org/hxdl.html" target="_blank">here</a>
[emule]
Filename=emule.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotalz.html" target=_blank>RBOT-ALZ</a> WORM!
Description=Logitech Mouseware driver. Needed to support some additional functionality of Logitech mice/trackballs such as "SmartMove". If you disable it and find you don't need it leave it disabled
[en4060c taskbar]
Filename=en4060ct.exe
Confirmed=N
Description=Comes with Efficient Networks DSL Modems. Little red/green/yellow flashing icon in system tray
[encapsulated command tool]
Filename=wintr.com
Confirmed=?
Description=<font color="#FF0000">??</font>
[encarta dictionary quickshelf]
Filename=QSHLFED.EXE
Confirmed=N
Description=<font color="#FF0000">Provides quick access to Encarta's Dictionary features?</font>
[encmonitor]
Filename=monitor.exe
Confirmed=N
Description=The Encompass Monitor. This program is the Connect Direct Program. It is more trouble than it is worth and few use it
[encoder agent]
Filename=WMENCAGT.EXE
Confirmed=N
Description=MS Windows Media Encoder, which already has a shortcut in the Start Menu if installed
[encompass_encmontr]
Filename=ENCMONTR.EXE
Confirmed=U
Description=Optional simple browser from Yahoo (Encompass)
Description=<a href="http://www.securitysoft.com/new601/cs_home.htm" target=_blank>Cyber Sentinel</a> - internet filtering software
[engutil]
Filename=EngUtil.exe
Confirmed=Y
Description=Part of Roxio EasyCD Creator 6.0 - corrects any modification made to the Roxio Engine, it exits after checking
[enh win updt]
Filename=enhupdt.exe
Confirmed=X
Description=Adware downloader - recognized by <a href="http://www.kaspersky.com/personalpro" target=_blank>Kaspersky</a> antivirus as Trojan-Downloader.Win32.OneClickNetSearch.h
[enhance32]
Filename=enhance32.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A" target="_blank">CRYPTER.A</a> TROJAN!
[enigmapopupstop]
Filename=EnigmaPopupStop.exe
Confirmed=N
Description=Part of Enigma SpyHunter - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm#sh_note" target="_blank">note</a>
[ensapserver2_0]
Filename=APSERVER.EXE
Confirmed=?
Description=Intel AnyPoint Wireless II Home Network related. <font color="#FF0000"> What does it do and is it required?</font>
[ensmix32.exe]
Filename=ENSMIX32.EXE
Confirmed=?
Description=Sound card driver. <font color="#FF0000"> Is it required?</font>
[ensoniqmixer]
Filename=starter.exe
Confirmed=U
Description=Puts the Ensoniq mixer in system tray. From Ensoniq Technologies "Our mixer is a critical part of the soundcard as it fixes sound problems and replaces the MS mixer which can no longer be used". If you find you don't need it - try one of the solutions on <a href="all/starter_exe.htm" target="_blank">this</a> special page. Similar to Creative PCI Audio Configuration Utility
[enumerate service]
Filename=wsys.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.manifest.trojan.html" target="_blank">MANIFEST</a> TROJAN!
Description=eOne Manager, provides access to the buttons on the keyboard and on the front of the console for the eMachines eOne PC
[epoxusdm]
Filename=USDM.EXE
Confirmed=U
Description=<a href="http://www.epox.com.tw/eng/index.php" target=_blank>EPoX</a> Universal Serial Data Monitor - a diagnostics tool that shows Temps, Fan Speeds, Voltages...etc
[eprint 4.0 service]
Filename=EPRINT4.EXE
Confirmed=N
Description=A component of the "LEADTOOLS <a href="http://www.eprintdriver.com/" target=_blank>ePrint</a> File Conversion Software - Convert ANY file to and from over 150 document and image formats including searchable PDF, DOC, HTML, TXT , Multi-page TIFF, JPG, GIF, PNG and many more!" Can be started manually
Description=Supposed to keep an Epson printer ready for quick printing. Users report little difference whether it is on or not
[epson cardmonitor]
Filename=EPSON CardMonitor1.0.exe
Confirmed=U
Description=Monitors the PCMCIA memory card slot on EPSON cameras and printers and launches PhotoStarter or PhotoPrint
[epson stylus c44 series]
Filename=E_S10IC2.EXE
Confirmed=U
Description=Epson Stylus C44 Series printer monitor - for checking ink levels, etc
[epson stylus c46 series]
Filename=E_S4I0T1.EXE
Confirmed=U
Description=Epson Stylus C46 Series printer monitor - for checking ink levels, etc
[epson stylus c62 series]
Filename=E-S0BIC1.EXE
Confirmed=U
Description=Required for an interface to some versions of MS Word to ensure that some fonts are printed correctly. Start it manually if required
[epson stylus c82 series]
Filename=e_s0hic1.EXE
Confirmed=U
Description=Required for an interface to some versions of MS Word to ensure that some fonts are printed correctly. Start it manually if required
[epson stylus photo rx420 series]
Filename=E_FATI9CE.EXE
Confirmed=U
Description=Related to the EPSON Stylus Photo RX420 Series printer/scanner/copier
[epsonphotostarter]
Filename=EPSON_PhotoStarter.exe
Confirmed=U
Description=Only needed if you want to make full use of the capabilities of an Epson printer that included this
[equipmen]
Filename=Equipmen.exe
Confirmed=?
Description=<font color="#FF0000">??</font>
[eraser]
Filename=eraser.exe
Confirmed=U
Description=<a href="http://www.heidi.ie/eraser/" target=_blank>Eraser</a> allows for complete removal of data from your hard drive
[erecoveryservice]
Filename=check.exe
Confirmed=U
Description=Acer Notebook related. Acer eRecovery allows the user to restore the operating system or backup the current system profile, thus ensuring system integrity
[ereg]
Filename=reg32.exe
Confirmed=N
Description=EReg is a software registration tool incorporated on products such as those by Br°derbund, Connectix, Hewlett-Packard, The Learning Company, and Sierra. Needless to say you don't need it
[erfgddfk]
Filename=wind2ll2.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.cq@mm.html" target=_blank>BEAGLE.CQ</a> WORM!
[erghgjhgdr]
Filename=windlhhl.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.bg@mm.html" target=_blank>BEAGLE.BG</a> WORM!
[erghgjhjgdr]
Filename=windlhhl.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.bg@mm.html" target=_blank>BEAGLE.BG</a> or <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.bh@mm.html" target=_blank>BEAGLE.BH</a> or <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.bi@mm.html" target=_blank>BEAGLE.BI</a> or <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.bj@mm.html" target=_blank>BEAGLE.BJ</a> WORMS!
[erm]
Filename=erm.exe
Confirmed=?
Description=<font color="#FF0000">??</font>
[eros.exe]
Filename=eros.exe
Confirmed=X
Description=Adult content dailler
[error nuker]
Filename=ErrorNuker.exe
Confirmed=N
Description=<a href="http://www.errornuker.com/" target= blank>ErrorNuker</a> registry cleaner - only required if you want the application to run a scan at startup. The program can be launched manually if required
[errorguard]
Filename=ErrorGuard.exe
Confirmed=X
Description=Spyware remover of dubious repute
[erthegdr]
Filename=windll2.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.cg@mm.html" target=_blank>BEAGLE.CG</a> WORM!
[erthgdr2]
Filename=svc23.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_BAGLE.CG&VSect=P" target=_blank>BAGLE.CG</a> WORM!
[erts0749]
Filename=ERTS0749.exe
Confirmed=?
Description=IBM Warranty Notification - <font color="#FF0000">presumably it's a reminder to either register or that warranty is about to expire?</font>
[esafe protect]
Filename=ESPWatch.exe
Confirmed=Y
Description=<a href="http://www.esafe.com/esafe/default.asp?cf=tl" target="_blank">eSafe</a> from Aladdin - internet security for gateway and E-mail servers
[esb]
Filename=esb.exe
Confirmed=U
Description=Easy Start Button - provides functionality on certain laptops that have additional keys. Not required unless you use the extra keys
Description=<a href="http://www.mspl.net/antivirus/escan/escan.asp" target="_blank">eScan</a> antivirus updater - allows users to automatically download updates and set the auto time interval for downloads
[escorcher]
Filename=escorcher.exe
Confirmed=X
Description=Part of <a href="http://www.escorcher.com/" target="_blank">eScorcher</a> anti-virus software - responsible for performing virus checks and deletions. Used to collect information about the user and therefore treated as spyware - now the web-site is dead
[esftp]
Filename=esftp.exe
Confirmed=N
Description=<a href="http://esftp.com/features.html" target="_blank">ESftp</a> - FTP client for transfering files between a local PC and another remote computer
[esoh]
Filename=Esoh123.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.FF" target=_blank>AGOBOT.FF</a> WORM!
[especial]
Filename=Deneca.bat
Confirmed=X
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/w97m.deluz.html" target= blank>DELUZ</a> VIRUS!
[espn bottomline]
Filename=bline.exe
Confirmed=N
Description=ESPN BottomLine. "You can dock the BottomLine to the top or bottom of your screen or drag it around on your desktop, without even worrying about a browser. As long you keep the BottomLine running, you will continue to receive live scores and breaking news, and by clicking on any score or news item, you will be taken directly to the corresponding page on ESPN.com for a full break down."
[ess daemon]
Filename=Essd.exe
Confirmed=?
Description=Related to an ESS based soundacard. <font color="#FF0000">Is it required?</font>
[essapm]
Filename=essapm.exe
Confirmed=?
Description=ESS Solo soundcard driver. <font color="#FF0000">Is it required?</font>
[essdc]
Filename=essdc.exe
Confirmed=Y
Description=Related to an ESS Solo soundcard. Seems as though it's required
[essndsys]
Filename=ESSNDSYS.EXE
Confirmed=?
Description=Related to an ESS based soundacard. <font color="#FF0000">Is it required?</font>
[essolo]
Filename=ESSOLO.exe
Confirmed=Y
Description=Sound card driver that re-instates itself every time it's removed
[esspk]
Filename=esspk.exe
Confirmed=Y
Description=ESS Technology modem speaker driver file. Required to get on-line with this modem
[essspkphone]
Filename=essspk.exe
Confirmed=U
Description=ESS Technologies Call waiting, which gets installed by the drivers for V92 modems based on ESS Technologies chipsets
[esupinit]
Filename=eSupCmd.exe
Confirmed=?
Description=Related to <a href="http://support.com/solutions/overview/solutions_overview.shtml" target=_blank>SupportSoft</a> "Real-Time Service Management software". <font color="#FF0000">What does it do and is it required?</font>
[etb tester]
Filename=etbtest.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotabr.html" target= blank>RBOT-ABR</a> WORM!
Description=Marketing software from <a href="http://www.etraffic.com/" target="_blank">TopMoxie</a>
[etrust ez firewall]
Filename=efpeadm.exe
Confirmed=Y
Description=<a href="http://www1.my-etrust.com/products/Firewall.cfm" target="_blank">eTrust EZ Firewall</a>
[etrust pestpatrol active protection]
Filename=PPActiveDetection.exe
Confirmed=U
Description=<a href="http://www.pestpatrol.com/" target=_blank>PestPatrol</a> real-time protection feature. "Stops spyware before it infects your system"
[etrustcipe]
Filename=ezdsmain.exe
Confirmed=Y
Description=<a href="http://www1.my-etrust.com/products/info/Deskshield/4?CFID=6909348&CFTOKEN=43ce20d%2D0001f1aa%2Df6e5%2D1d77%2Dbe1e%2D2f0eac14303f" target="_blank">eTrust EZ Deskshield</a> from Computer Associates. Protects against malicious email attachments and unauthorized use of email by detecting and blocking unusual behavior
[etunnel]
Filename=winfw.exe
Confirmed=X
Description=Added by an unidentified TROJAN!
[euroglot]
Filename=EuroGlot.exe
Confirmed=U
Description=<a href="http://www.euroglotonline.nl/en/default.html" target="_blank">Euroglot</a> - "multilanguage translating system, available in the languages Dutch, English, French, German, Spanish and Italian"
[event log]
Filename=eventlog.exe
Confirmed=?
Description=<font color="#FF0000">??</font>
[event planner reminders]
Filename=PLNRnote.exe
Confirmed=N
Description=Sierra Event Planner tray icon
[event reminder]
Filename=pmremind.exe
Confirmed=N
Description=A calendar/alarm program that installs with Br°derbund Printmaster
[eventapplicationcmd]
Filename=smschk.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojircbotao.html" target=_blank>IRCBOT-AO</a> TROJAN!
[eventlistener]
Filename=EvLstnr.exe
Confirmed=U
Description=Used with a Nikon digital camera to recognize when the camera is plugged in
[eventmgr]
Filename=eventmgr.exe
Confirmed=N
Description=Used with a Microtek scanner. Manages the scanner's button events. Available via Start -> Programs
[evidence cleaner]
Filename=ecleaner.exe
Confirmed=U
Description=<a href="http://www.evidence-cleaner.net/" target= blank>Evidence Cleaner</a> cleans up tracks left by your PC and Internet activities
[evidence eliminator]
Filename=ee.exe
Confirmed=N
Description=<a href="http://www.evidence-eliminator.com/product.shtml" target="_blank">Evidence Eliminator</a> - cover the tracks of your browsing habits and E-mails if you think you need to. Run manually on a regular basis
[evil]
Filename=Evil.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.mytob.jm@mm.html" target=_blank>MYTOB.JM</a> WORM!
[evntsvc]
Filename=evntsc.exe
Confirmed=N
Description=Application Scheduler installed along with <a href="http://www.real.com/" target="_blank">RealOne Player</a>. Once installed, it runs independently of RealOne Player. See <a href="http://www.mikescomputerinfo.com/TkBellExe.htm" target="_blank">here</a> for more information, including how to disable it. Also see evntsvc and Realsched. Note that eventsvc.exe no longer appears to be in a newer version. To disable "tkbell.exe" in the new version (1) Start RealOne Player (2) Tools -> Preferences (3) Automatic services in the Categories pane (4) Uncheck all options and then OK
[evolosta]
Filename=EVOLOSTA.EXE
Confirmed=U
Description=Evolo Status Monitor for wireless network cards. Allows a user to enter a specific access-point mode SSID, peer-to-peer mode channel, link speed, WEP encryption options, and has enable/disable and rescan buttons. It is not needed if using Windows XP or higher, as they have this built-in to the control panel. Also, if the user is very sure that there is ONLY ONE network available to connect to, then they can remove this. If it is not in startup, and the user needs to run it, they can simply type EVOLOSTA in the Start -> Run dialog to run it
[evthtm]
Filename=evthtm.exe
Confirmed=X
Description=Premium rate adult content dialler
[ew message server]
Filename=msg32.exe
Confirmed=U
Description=Conexant (older versions are Brooktree) Wavestream Message Server - associated with Conexant based audio devices
[eware startup]
Filename=iWareStart.exe
Confirmed=N
Description=<a href="http://www.eware.com/about/index.asp" target="_blank">eWare</a> iWare task bar. Not required
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.nuclear.html" target=_blank>NUCLEAR</a> TROJAN! Note - this trojan file is found in the Windows\NR or Winnt\NR folder
[excite platform]
Filename=Exlaunch.exe
Confirmed=N
Description=Loads an Icon in the startup tray that allows you to receive service update notices for Excite@Home if you desire (note that since Excite@Home appears to be winding down this becomes irrelevant). May also allow you to kill the Excite Toolbar that automatically loads in Internet Explorer
[excite private messenger pipe]
Filename=x8impipe.exe
Confirmed=?
Description=<font color="#FF0000">??</font>
[exciteassistantexe]
Filename=ASSISTANT.EXE
Confirmed=N
Description=With Excite Assistant, you can access a wide variety of online information, including email, news, and stock quotes without having to have a browser window open
Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "Exe" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a ref="http://www.wilderssecurity.net/specialinfo/rapidblaster.html#removal" target="_blank"> here</a>
[exe ml097e]
Filename=exe.exe
Confirmed=X
Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "Exe" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a ref="http://www.wilderssecurity.net/specialinfo/rapidblaster.html#removal" target="_blank"> here</a>
[execfg4]
Filename=execfg4.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.electron.html" target="_blank">ELECTRON</a> WORM!
[execute]
Filename=delfolders.exe
Confirmed=?
Description=<font color="#FF0000">??</font>
[exename32]
Filename=Warm.scr
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.scold@mm.html" target="_blank">SCOLD</a> WORM!
[exgiwsl]
Filename=exgiwsl.exe
Confirmed=?
Description=<font color="#FF0000">??</font>
[exitkiller]
Filename=Ekiller.exe
Confirmed=U
Description=<a href="http://www.exitkiller.net/" target="_blank">Exit Killer</a> - automatically closes pop-up windows in your browser
[exmon]
Filename=hpimoniter.exe
Confirmed=?
Description=<font color="#FF0000">Some kind of hp digital camera maybe or a photo smart connection probe?</font>
[expl0re.exe]
Filename=EXPL0RE.EXE
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojpopnoa.html" target=_blank>POPNO-A</a> TROJAN! Note that the filename is spelled using the digit "0" instead of the uppercase letter "o"
[expl0rer soft]
Filename=expl0rer.pif
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaqr.html" target=_blank>RBOT-AQR</a> WORM!
[expler]
Filename=Updadv.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojqqpassn.html" target=_blank>QQPASS-N</a> TROJAN!
[explkw]
Filename=expup.exe
Confirmed=X
Description=Keywords hijacker
[explore manager]
Filename=explore.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_DONBOMB.A&VSect=P" target=_blank>DONBOMB.A</a> TROJAN!
[explore.exe]
Filename=Explore.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.graybird.g.html" target="_blank">GRAYBIRD.G</a> TROJAN!
[exploreff.exe]
Filename=exploreff.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.finfanse.html" target=_blank>FINFANSE</a> TROJAN!
[explorer lptt01]
Filename=explorer.exe
Confirmed=X
Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "explorer" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a ref="http://www.wilderssecurity.net/specialinfo/rapidblaster.html#removal" target="_blank"> here</a>. Note - this is not the legitimate Windows Explorer (explorer.exe) which would only be in startups if you added it manually!
[explorer microsoft system]
Filename=explore.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
[explorer ml097e]
Filename=explorer.exe
Confirmed=X
Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "explorer" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a ref="http://www.wilderssecurity.net/specialinfo/rapidblaster.html#removal" target="_blank"> here</a>. Note - this is not the legitimate Windows Explorer (explorer.exe) which would only be in startups if you added it manually!
[explorer updater]
Filename=IEXPLORE.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotwo.html" target=_blank>SDBOT-WO</a> WORM! Note - this is not the legitimate Internet Explorer <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/iexplore/" target=_blank>iexplore.exe</a> process which is always located in the Program Files\Internet Explorer folder and should not normally figure in Msconfig/Startup! This file is located in the System (9x/Me) or System32 (NT/2K/XP) folder
[explorer.exe]
Filename=explorer.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagentew.html" target=_blank>AGENT-EW</a> or <a href="http://www.sophos.com/virusinfo/analyses/trojpwscy.html" target=_blank>PWS-CY</a> TROJANS! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would only be in startups if you added it manually. This one is located in the System (9x/Me) or System32 (NT/2K/XP) folder
[exporet]
Filename=winset.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojqqpassi.html" target=_blank>QQPASS-I</a> TROJAN!
[exshow95]
Filename=EXSHOW95.exe
Confirmed=U
Description=Support software for some of the Kensington mice. Provides access to extra features like those available with enhanced Logitech and MS devices
[external dependencies]
Filename=External.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.mytob.ec@mm.html" target=_blank>MYTOB.EC</a> WORM!
[extradns]
Filename=ExtraDNS.exe
Confirmed=U
Description=<a href="http://www.extratools.com/" target="_blank">ExtraDNS</a> - DNS configuration tool
Description=eTrust <a href="http://www3.ca.com/Solutions/Product.asp?ID=3243" target=_blank>EZ Armor</a> Internet Security
[ezagent]
Filename=ezagent.exe
Confirmed=N
Description=<a href="http://www.asus.com/products/vga/tvfm/overview.htm" target="_blank">EzVCR</a> recording software for the ASUS TV FM card. Available via Start -> Programs
[ezbutton]
Filename=EzButton.EXE
Confirmed=N
Description=EZbutton is a quick launcher for the Media player app that comes with certain laptops. Typically installed in a C:\Program Files\EzButton folder
[ezdesk]
Filename=EZDESK.EXE
Confirmed=N
Description=Utility that remembers icon locations for each user and resolution. Available <a href="http://members.aol.com/EzDesk95/" target="_blank">here</a>
[ezejmnap]
Filename=EzEjMnAp.exe
Confirmed=N
Description=For IBM Thinkpad Notebooks. Quote: "The IBM ThinkPad EasyEject Utility makes removing multiple devices from your computer faster and easier by enabling you to stop more than one device at once, rather than stopping each device individually". Available via Start -> Programs
Description=Epson Stylus C44 Series printer monitor - for checking ink levels, etc
[e_s23]
Filename=E_SICN03.exe
Confirmed=U
Description=Epson printer status monitor - for checking ink levels, etc.
[e_s4i2f1]
Filename=E_S4I2F1.exe
Confirmed=N
Description=Epson Status Monitor 3 for the Epson Stylus Photo R300 (and probably others) printers - monitors the status of a print job spooled to that printer
[e_s4i2g1]
Filename=E_S4I2G1.EXE
Confirmed=N
Description=Related to the Epson Stylus CX5400 printer/scanner/copier - not required
[e_soeic1]
Filename=E_SOEIC1.exe
Confirmed=U
Description=Epson Stylus printer monitor - for checking ink levels, etc.
Description=<a href="http://www.f-prot.com">F-Prot</a> anti-virus background scanner by F-Risk Software
[f1tray.exe]
Filename=F1TRAY.EXE
Confirmed=U
Description=System Tray icon for FusionOneÆs <a href="http://www.mightyphone.com/" target=_blank>MightyPhone</a> software. "MightyPhone is a concept for wirelessly synchronizing the data on your mobile phone with your web-based or PC based organizer"
[f607]
Filename=f607.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.urat.b.html" target="_blank">URAT.B</a> TROJAN!
[f73cdc8ee94e]
Filename=btsendto.exe
Confirmed=X
Description=Associated with mysearchnow.com/searchbar.html
[familykeylogger]
Filename=cisvc.exe
Confirmed=U
Description=<a href="http://www.spyarsenal.com/familykeylogger/" target="_blank">Family Keylogger</a> - is your best choice, if you want to know what other users on your machine are typing". Given a "U" recommendation because it depends if you intentionally installed it. If you didn't treat it as "X" and uninstall or remove
[fantasia injector]
Filename=wincfg.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.US&VSect=P" target=_blank>AGOBOT.US</a> WORM!
[fapmon]
Filename=fapmon.exe
Confirmed=?
Description=<a href="http://www.copperhead.cc/fap.html" target="_blank">Fair Access Policy</a> monitor for DirecPC/DirecWay internet access
[farmmext]
Filename=farmmext.exe
Confirmed=X
Description=<a href="http://research.sunbelt-software.com/threat_display.cfm?name=VX2.Transponder&threatid=12517&search=vx2" target=_blank>VX2.Transponder</a> parasite updater/installer related
[fash]
Filename=Fash.exe
Confirmed=X
Description=Unidentified adware
[fast]
Filename=fast.exe
Confirmed=N
Description=Installs as part of Windows XP PowerToys as an option for very-fast user switching (allowing a keystoke to switch users instead of using the login screen). It is only used for the hot-key switch and yet it hogs 1.5 megs of memory in two separate processes (one run by the user & one by the system). Optional install in PowerToys
Description=Reported by Kaspersky Anti-Virus as Trojan-Downloader.Win32.Delf.ks This file may be found in the System folder on 9x machines, however as of this writing it has only been seen in the System32 folder
[fast search]
Filename=svcnv.exe
Confirmed=X
Description=Homepage, Startpage hijacker. Possible variant of Trojan-Downloader.Win32.Delf
[fastcache]
Filename=fc.exe
Confirmed=U
Description=<a href="http://www.analogx.com/contents/download/network/fc.htm" target="_blank">FastCache</a> from AnalogX - speeds up browsing by resolving DNS requests locally
[fasttrack accelerator]
Filename=SPEED UP.EXE
Confirmed=N
Description=<a href="http://www.sharemonkey.com/fta/index.php" target="_blank">FastTrack Accelerator</a> - "speedup" utility for programs that use the FastTrack network such as KaZaA Media Desktop, Grokster and Morpheus
[fastuser]
Filename=fast.exe
Confirmed=N
Description=Installs as part of Windows XP PowerToys as an option for very-fast user switching (allowing a keystoke to switch users instead of using the login screen). It is only used for the hot-key switch and yet it hogs 1.5 megs of memory in two separate processes (one run by the user & one by the system). Optional install in PowerToys
[fastusr]
Filename=fast.exe
Confirmed=N
Description=Installs as part of Windows XP PowerToys as an option for very-fast user switching (allowing a keystoke to switch users instead of using the login screen). It is only used for the hot-key switch and yet it hogs 1.5 megs of memory in two separate processes (one run by the user & one by the system). Optional install in PowerToys
[fatpipe]
Filename=DHCP
Confirmed=U
Description=Software enabling high speed internet browsing (2-4 times faster) and internet connection sharing for up to 5 users
[fatpipe dialer]
Filename=fpdialer.exe
Confirmed=U
Description=Dailler for Fatpipe - software enabling high speed internet browsing (2-4 times faster) and internet connection sharing for up to 5 users
[fatrecov]
Filename=fatrecov.exe
Confirmed=U
Description=SCKeyLog.j ?keystroke logger/monitoring program. Given a "U" recommendation because it depends if you intentionally installed it. If you didn't treat it as "X" and uninstall or remove
[faxcenterserver]
Filename=fm3032.exe
Confirmed=U
Description=<a href="http://www.data-tech.com/content/fax.aspx" target=_blank>FaxMan</a> integrates complete fax send and receive support into Windows applications without requiring additional fax software. Incorporated into software by Lexmark, MCI, Lotus, My Software, Broderbund, Traffic Software and many others
[faxtalk callcontrol 6.0]
Filename=FTClCtrl.EXE
Confirmed=N
Description=This allows the software to handle incoming and outgoing communications without requiring the FaxTalk Communicator application to be loaded into memory. Can be started manually
[fbdirect]
Filename=FBDirect.exe
Confirmed=U
Description=Software that monitors the status of a Visioneer OneTouch scanner button and allows you to scan, fax, copy, print, and easily communicate by simply dragging and dropping scans on your PaperPort Desktop!. The **** represents the model, 5300, 7600, etc. Available via Start -> Programs
[fbi]
Filename=FBISM.exe
Confirmed=?
Description=<font color="#FF0000">Compaq related but what does it do?</font>
[fc]
Filename=runfc.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.campurf@mm.html" target="_blank">CAMPURF</a> WORM!
Description=Added by either <a href="http://securityresponse.symantec.com/avcenter/venc/data/adware.fchelp.html" target=_blank>FCHelp</a> adware or a variant of it
[fdd system]
Filename=Fdd.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobfo.html" target=_blank>MYTOB-FO</a> WORM!
[fdr command module]
Filename=sp2.exe
Confirmed=X
Description=Added by the <a href="http://www.virus-buster.com/en/viruslab/descriptions/sdbot.wp?VBSESSION=aa76c5b7d679e7a1eb5abe8b697fb08e" target=_blank>SDBOT.WP</a> WORM!
[fd_sap]
Filename=FD.exe
Confirmed=U
Description=Reported to be the autopassword program from the Sony Microvault thumb drive
[feelalright]
Filename=mirc.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32ircfloodm.html" target=_blank>IRCFLOOD-M</a> WORM!
[feelitdevicemanager]
Filename=feelitdm.exe
Confirmed=U
Description=Associated with Immersion TouchSense devices (Logitech Wingman Force Feedback Mouse and possibly other peripherals)
[fegoze]
Filename=SVCH0ST.EXE
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.graybird.d.html" target=_blank>GRAYBIRD.D</a> VIRUS! Note - the filename has the digit 0 rather then the uppercase "o"
[fekio startups]
Filename=fnksvc32.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotov.html" target= blank>AGOBOT-OV</a> WORM!
[fellowes proxy]
Filename=R3proxy.exe
Confirmed=U
Description=Installed with Fellowes EasyPoint mouse software. Not necessary for normal functioning of Fellowes mice but it is necessary to use the extended features of all Fellowes mice
[fen startups]
Filename=fensvc32.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.ccf.html" target=_blank>RANDEX.CCF</a> WORM!
[ferrariwallpaper]
Filename=FerrariWP.exe
Confirmed=U
Description=Calendar that replaces the default desktop background image. It comes with every Acer Ferrari 3000 laptop. Also downloadable for members of www.ferrari.com
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.ranky.j.html" target=_blank>RANKY.J</a> TROJAN!
[fhpage]
Filename=shdochp.exe
Confirmed=X
Description=Added by the <a href="http://www.pctools.com/mrc/infections/id/Trojan.Downloader.Delf.KS/" target=_blank>DELF-Ks</a> TROJAN!
[fhstart]
Filename=shdocsvc.exe
Confirmed=X
Description=Added by the <a href="http://www.pctools.com/mrc/infections/id/Trojan.Downloader.Delf.KS/" target=_blank>DELF-Ks</a> TROJAN!
[fhtisxk]
Filename=fhtisxk.exe
Confirmed=U
Description=XtraKeys - keylogger (monitoring program). Given a "U" recommendation because it depends if you intentionally installed it. If you didn't treat it as "X" and uninstall or remove via Spybot S&D (for example)
[fieldforms sync]
Filename=SyncService.exe
Confirmed=U
Description=Resco <a href="http://www.resco-net.com/enterprise/fieldforms/" target="_blank">FieldForms</a>. A solution for building of mobile forms that can be viewed or filled in on the run, on a wide range of mobile devices. Supports Microsoft Access databases, and provides for synchronization of other data as well
[fiendlytype]
Filename=csrss.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.webus.html" target="_blank">WEBUS</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target="_blank">csrss.exe</a> process, which should not appear in Msconfig/Startup!
[file]
Filename=abcdefg.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.kelvir.dd.html" target=_blank>KELVIR.DD</a> WORM!
[file indexing service]
Filename=msfindfile.exe
Confirmed=?
Description=<font color="#FF0000">New version of MS FindFast and still a resource hog?</font>
[file laoder configuration]
Filename=rnd32.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BQJ&VSect=T" target=_blank>RBOT.BQJ</a> WORM!
[file system]
Filename=taskmqrs.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=41911" target=_blank>TOXBOT/CODBOT</a> WORM!
[file system service]
Filename=wmiprvsc.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagobothz.html" target="_blank">AGOBOT-HZ</a> TROJAN!
[file0_0]
Filename=MD1.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderor.html" target=_blank>DLOADER-OR</a> TROJAN!
[file1]
Filename=Dia Claro.htm
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderor.html" target=_blank>DLOADER-OR</a> TROJAN!
[filefreedom_plugin]
Filename=wtm.exe
Confirmed=N
Description=<a href="http://www.filefreedom.com/" target="_blank">FileFreedom</a> peer-to-peer sharing program
[filemanager32]
Filename=Wscript.exe ..ChkMgr32.vbs
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/vbs.notup.a@mm.html" target="_blank">NOTUP.A</a> WORM!
[filesoft]
Filename=Wscript.exe UpdataFiles.vbs
Confirmed=X
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/vbs.sst.b@mm.html" target="_blank">SST.B</a> WORM!
[filtergate]
Filename=filtergate.exe
Confirmed=U
Description=<a href="http://www.filtergate.com/" target="_blank">Filtergate</a> internet filtering software - filters sounds, popup ads, background sound and other unnecessary website items
[filterguard]
Filename=Filtrgrd.exe
Confirmed=U
Description=An icon located in the lower left of the screen and looks like a lifesaver. This icon is a ôshort-cut?to access the basic features of SOS-Guardian, SOS-KidProof Lite, SOS Best Defense and SOS Pro such as Internet filtering utility. You can access this menu by ôright-clicking?on the icon
[find]
Filename=find.exe
Confirmed=X
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/w32.opanki.html" target=_blank>OPANKI</a> WORM!
[find fast]
Filename=Findfast.exe
Confirmed=X
Description=Complete utter waste of space! Part of MS Office - searches disk drives for Office file types to make opening them easier
[find virus launch program]
Filename=fvlaunch.exe
Confirmed=Y
Description=Part of <a target="_blank" href="http://www.drsolomon.com/">Dr. Solomon's Antivirus</a>
[findhack]
Filename=[path to trojan]
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32kelvirba.html" target=_blank>KELVIR-BA</a> TROJAN!
[fineprint dispatcher vx]
Filename=FPDISPxA.EXE
Confirmed=N
Description=<a href="http://www.softwarelabs.com/fp/fineprint.htm" target="_blank">FinePrint</a> - virtual printer for use with any printer. Search for "dispatcher" <a href="http://www.softwarelabs.com/fp/fp-faq.htm" target="_blank"> here</a> for more information. If removed, it will re-install when program is run - hence the Y recommendation
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotatp.html" target=_blank>RBOT-ATP</a> WORM! Note - this is not the popular <a href="http://www.mozilla.com/firefox/" target=_blank>FireFox</a> web browser and is located in the System (9x/Me) or System32 (NT/2K/XP) folder
[firefox service drivers]
Filename=ssmss.exe
Confirmed=X
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
[firefox startup drivers]
Filename=wuaclt.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BYX&VSect=T" target=_blank>RBOT.BYX</a> WORM!
[firewall policy]
Filename=MidiDef32.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojpiebota.html" target=_blank>PIEBOT-A</a> TROJAN!
[firewall sp2 system]
Filename=sys32Conf.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotabt.html" target= blank>Rbot-ABT</a> WORM!
[firewall update system1]
Filename=WinedowsUpdater1.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaru.html" target=_blank>RBOT-ARU</a> WORM!
[firewall updater]
Filename=msnupdateit.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaaq.html" target=_blank>RBOT-AAQ</a> WORM!
[firewallstartup]
Filename=Firewallstartup.exe
Confirmed=U
Description=<a href="http://www.innovative-sol.com/products.htm#firewall" target=_blank>Innovative Startup Firewall</a> - "designed to protect your computer from programs that install themselves in the StartUp area of your Windows without asking for your approval. Innovative StartUp Firewall will help you keep your computer clean, fast and in itÆs best shape"
[firewallsvr]
Filename=FirewallSvr.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.x@mm.html" target="_blank">NETSKY.X</a> or <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.y@mm.html" target="_blank">NETSKY.Y</a> WORMS!
[firewall_anti]
Filename=firewall_anti.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojnetdenyb.html" target=_blank>NETDENY-B</a> TROJAN!
[firewire driver]
Filename=samx.exe
Confirmed=X
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/backdoor.sdbot.ae.html" target=_blank>SDBOT.AE</a> WORM!
[firewire service]
Filename=nvscv32.exe
Confirmed=X
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
[firewire services]
Filename=nvcsv32.exe
Confirmed=X
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html" target= blank>SPYBOT</a> WORM!
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/vbsgormleza.html" target=_blank>GORMLEZ-A</a> WORM!
[fix-it]
Filename=mxtask.exe
Confirmed=Y
Description=Part of Ontrack's Fix-it Utilities Suite. Loads a System Tray icon that lets you access the full program. Needed if you run the crash guard, intellicluster, anti-virus, or autoupdater. Otherwise not required
[fix-it av]
Filename=memcheck.exe
Confirmed=Y
Description=Part of Ontrack's Fix-it Utilities Suite anti-virus. Performs a quick check of memory for signs of any virus. Exits afterward and returns all resources used in one user's experience. Not required but could be left without a drain on resources
[fjmenu]
Filename=FjMenu.exe
Confirmed=U
Description=From the "Fujitsu Menu" tray icon you have instant access to the Control Panel, Tablet pc keyboard, Tablet and pen settings, Fujitsu display controls, brightness control, sounds and audio devices, capture screen, capture window, organize favorites, power options, printers and faxes, LCD brightness MIN, LCD brightness MAX, Enable/disable Button Panel and the Fujitsu menu settings, which are customizable
[fksysmon]
Filename=fksysmon.exe
Confirmed=N
Description=<a href="http://www.fkware.com/sysmon/index.html" target="_blank">fkWrae SysMon</a> - system monitor - "displays the current memory consumption, CPU and resource usage, date, time, Windows uptime, IP address and a lot more"
Description=Supplied with EasyDisk USB pen devices. The utility manages the encryption and compressed folders options. It will create these folders if running on the USB key without permission, which is a pain. No need for it if you do not want these features
[flashget download manager]
Filename=Flashget.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotagz.html" target=_blank>RBOT-AGZ</a> WORM!
Description=CD player - part of the <a href="http://www.microsoft.com/windows95/downloads/contents/WUToys/W95PwrToysSet/Default.asp" target="_blank">Win95 Power Toys</a>
[flmk08kb]
Filename=MMKEYBD.EXE
Confirmed=U
Description=Multimedia keyboard manager. Required if you use the additional keys
[flmoffice4dmouse]
Filename=moffice.exe
Confirmed=U
Description=Mouse properties for Logytech Typhoon Office Mouse
[flmtrustkb]
Filename=KbdAp32A.exe
Confirmed=?
Description=Keyboard utility for a Trust brand keyboard.<font color="#FF0000"> What does it do and is it required?</font>
Description=Added by of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.endool.html" target="_blank">ENDOOL</a> TROJAN!
[floppy master]
Filename=[path to trojan]
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojzonitf.html" target=_blank>ZONIT-F</a> TROJAN!
[flow go tv]
Filename=flogotv.exe
Confirmed=?
Description=<font color="#FF0000">??</font>
[flps]
Filename=flps.vbs
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/vbs.bryon@mm.html" target="_blank">BYRON</a> WORM!
[flpycntl]
Filename=flpycntl.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojcrypterc.html" target="_blank">CRYPTER.C</a> TROJAN!
[flsvci]
Filename=FLSVCI.exe
Confirmed=?
Description=<font color="#FF0000">??</font>
[fltprocess]
Filename=msinet.exe
Confirmed=Y
Description=Part of <a href="http://www.cyberpatrol.com/">Cyber Patrol</a> internet filtering software to restrict access to certain types of material on the internet. It can be disabled but do not ask how it's done
[flyswatdesktop]
Filename=flydesk.exe
Confirmed=X
Description=Advertising spyware
[fmctrltray]
Filename=Fmctrl.EXE
Confirmed=U
Description=Genius SM-Live Control Panel. Enhances audio output through Genius sound cards (makes a big difference and worth the 3MB Ram used)
[fmnwebassist]
Filename=fmnwebassist.exe
Confirmed=X
Description=Adware popup generator
[fmstart]
Filename=Fmstart.exe
Confirmed=U
Description=<a href="http://www.gfi.com/faxmaker/" target="_blank">GFI FAXmaker</a> - native fax connector for Microsoft Exchange Server or for networks, allows all users to send and receive faxes right from their desktop
[fmsz]
Filename=fmsz.exe
Confirmed=X
Description=Added by the <a href="http://www.pestpatrol.com/pestinfo/f/fmsz.asp" target="_blank">FMSZ</a> TROJAN!
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.manifest.trojan.html" target="_blank">MANIFEST</a> TROJAN!
[folder view]
Filename=folderview.exe
Confirmed=U
Description=<a href="http://www.folderview.com/folderview/" target=_blank>Folder View</a> enhances the Windows file Explorer by making all folders you need available in a single click
[folding@home]
Filename=WINFAH.EXE
Confirmed=N
Description=Folding@Home is a distributed computing project which studies protein folding, misfolding, aggregation, and related diseases - must be running in order to access the internet to upload to the servers. Available via Start -> Programs
[fonesyncsystemtray]
Filename=FoneSyncSystemTray.exe
Confirmed=N
Description=System Tray icon for Nokia FoneSync utility for the 7160/7190 mobiles. Useful to send data from/to the cell phone and the computer. You can use it to backup data or even to input data through the computer keyboard (which naturally is much more comfortable). Run manually when required
[fontfix]
Filename=fontfix.exe
Confirmed=X
Description=Added by an unidentified VIRUS, WORM or TROJAN!
[fontsloader]
Filename=ldfnt32.hta
Confirmed=X
Description=Unidentified malware
[fontview]
Filename=FONTVIEW.EXE
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.T" target="_blank">OPASERV.T</a> WORM!
[foobin lptt01]
Filename=adaware.exe
Confirmed=X
Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "foo1" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a ref="http://www.wilderssecurity.net/specialinfo/rapidblaster.html#removal" target="_blank"> here</a>
[foobin ml097e]
Filename=adaware.exe
Confirmed=X
Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "foo1" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a ref="http://www.wilderssecurity.net/specialinfo/rapidblaster.html#removal" target="_blank"> here</a>
[foolproof]
Filename=fpwinldr.exe
Confirmed=Y
Description=<a href="http://www.smartstuff.com/fps/fpsinfo.html" target="_blank">FoolProof Security</a> PC security software from SmartStuff
[foolproofsweep]
Filename=??
Confirmed=Y
Description=Part of <a href="http://www.smartstuff.com/fps/fpsinfo.html" target="_blank">FoolProof Security</a> PC security software from SmartStuff
[forbes]
Filename=ForbesAlerts.exe
Confirmed=N
Description=Forbes Business News Alerts - displays business news headlines in a little window on the screen
[forceshow]
Filename=rundll32.exe QaBar.dll, ForceShowBar
Confirmed=X
Description=<a href="http://research.sunbelt-software.com/threat_display.cfm?name=AdultLinks.QBar&threatid=10158&search=QAbar" target=_blank>AdultLinks.QBar</a> parasite related
[forget me not]
Filename=AGRemind.exe
Confirmed=N
Description=Calendar reminder part of <font color="#FF0000"><a href="http://www.broderbund.com/SubCategory.asp?CID=107" target="_blank">American Greetings?CreataCard?/a></font>
[fortis secure layer config]
Filename=cseinst.exe
Confirmed=U
Description=Fortis Bank Home Banking part. Installed during the installation of the software necessary to run the Home Banking. According to Fortis Bank this will not in any way be harmful to the system or relay system information
[fotostation easy autolaunch]
Filename=FotoStation Easy AutoLaunch.exe
Confirmed=N
Description=Installed with a Nikon digital camera. Used to collect photos uploaded from camera program NkVwMon.exe. If your camera is not connected (via USB port) you do not need this program loaded either
[foul px]
Filename=FoulPX.exe
Confirmed=U
Description=Foul PX, Optusnet usage stat checker
[fourthday]
Filename=FourthDay.exe
Confirmed=U
Description=<a href="http://www.starstonesoftware.com/fourthday.htm" target="_blank">The Fourth Day</a> - "astronomical clock and almanac for your system tray"
[foxrxjh]
Filename=foxrxjh.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojgwghostt.html" target=_blank>GWGHOST-T</a> TROJAN!
[foxwudy9912]
Filename=service.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancosbt.html" target= blank>BANCOS-BT</a> TROJAN!
[fp loader]
Filename=loadfp.exe
Confirmed=Y
Description=<a href="http://www.smartstuff.com/fps/fpsinfo.html" target="_blank">FoolProof Security</a> - PC security software from SmartStuff
[fpwgmwzd]
Filename=FPWGMWZD.exe
Confirmed=?
Description=<font color="#FF0000">??</font>
[fpx]
Filename=mnmsrvc.exe
Confirmed=N
Description=Remote Desktop Sharing service part of Microsoft's Netmeeting allowing users to share items on their screens across remote locations
[france]
Filename=svchost.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.mimail.l@mm.html" target=_blank>MIMAIL.L</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
[fraps]
Filename=fraps.exe
Confirmed=U
Description=Fraps Real-Time Video Capture software
[free download manager]
Filename=fdm.exe
Confirmed=N
Description="Free Download Manager" - see <a href="http://www.freedownloadmanager.org/" target="_blank">here</a>
[free downloads monitor]
Filename=fdcmon.exe
Confirmed=?
Description=<font color="#FF0000">??</font>
[free ram optimizer]
Filename=fro.exe
Confirmed=U
Description=<a href="http://www.acelogix.com/freeware.html" target=_blank>Free Ram Optimizer</a> monitors your memory, and frees up ram if it falls below a certain minimum. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/ME. See <a href="http://www.aumha.org/a/memmgmt.htm" target="_blank">this</a> article and make up your own mind
[freedom]
Filename=Freedom.exe
Confirmed=Y
Description=Zero Knowledge <a href="http://www.freedom.net/" target="_blank">Freedom</a> - Anti-Virus, Personal Firewall and Parental Control, it also blocks ads, safeguards your personal information, encrypts your passwords, and much more
[freemem pro]
Filename=FMEMPRO.EXE
Confirmed=U
Description=FreeMem Pro - memory optimizer. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See <a href="http://www.aumha.org/a/memmgmt.htm" target="_blank">this</a> article and make up your own mind
[freememvn2]
Filename=FreeMem.exe
Confirmed=U
Description=FreeMem - memory optimizer. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See <a href="http://www.aumha.org/a/memmgmt.htm" target="_blank">this</a> article and make up your own mind
[freemp3download]
Filename=rundll32.exe MSA64CHK.dll, DllMostrar
Confirmed=X
Description=<a href="http://research.sunbelt-software.com/threat_display.cfm?name=MatrixDialer&threatid=14914&search=MatrixDialer" target=_blank>MatrixDialer</a> related
[freeram xp]
Filename=FreeRAM XP Pro *.exe
Confirmed=U
Description=<a href="http://www.yourwaresolutions.com/software.html#framxpro" target="_blank">FreeRAM XP Pro</a> - memory optimizer where * represents the version. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See <a href="http://www.aumha.org/a/memmgmt.htm" target="_blank">this</a> article and make up your own mind
[freestyle]
Filename=lockx.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotath.html" target=_blank>RBOT-ATH</a> WORM!
Description=<a href="http://www.softcows.com/fresh_desktop.htm" target=_blank>Fresh Desktop</a> is a utility that lets you manage vast collections of wallpapers for your desktop with ease. When run on bootup it changes the desktop wallpaper at startup or at specified intervals
[freshclam]
Filename=freshclam.exe
Confirmed=N
Description=Auto update agent of the open source <a href="http://www.clamwin.com/" target=_blank>Clamwin</a> virus scanner
[frguk]
Filename=shdrkmck.exe
Confirmed=?
Description=<font color="#FF0000">??</font>
[fridaysinhellinstaller]
Filename=FridaysInHellInstaller.exe
Confirmed=?
Description=<font color="#FF0000">??</font>
[friendlytype]
Filename=lsass.exe
Confirmed=X
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/trojan.webus.b.html" target=_blank>WEBUS.B</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/" target=_blank>lsass.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the System folder
[friendlywebquick-launch]
Filename=SELFCERT.EXE
Confirmed=N
Description=selfcert.exe is a stand alone program for creating your own digital certificates for macros - the .exe is installed as an extra basically by clicking on MS Office in add/remove programs and selecting remove - also I would do away with the FriendlyWebQuickLaunchBar as well
[frisk fp-scheduler]
Filename=F-Sched.exe
Confirmed=U
Description=Scheduler for <a href="http://www.f-prot.com/" target="_blank"> F-Prot</a> anitvirus software. Leave enabled unless you scan manually on a regular basis
[fritz!dsl startcenter]
Filename=StCenter.exe
Confirmed=?
Description=FRITZ! ISP software "StartCenter" User interface that allows you to manage, tweak and diagnose many aspects of your internet connection - <font color="#FF0000">is it required?</font>
[fritz!webprotect]
Filename=FwebProt.exe
Confirmed=U
Description=Firewall included in FRITZ! ISP DSL software
[fromine winpopup]
Filename=winpopup.exe
Confirmed=N
Description=Instant Messenger program
[frsk]
Filename=frsk.exe
Confirmed=X
Description=Unidentified adware downloader trojan
[frw_exe]
Filename=FRW.EXE
Confirmed=Y
Description=<a href="http://www.claymania.com/rate-conseal.html" target="_blank">ConSeal Signal9</a> firewall - now McAfee Personal firewall
[frxmxins]
Filename=frxmxins.exe
Confirmed=Y
Description=ATI 3D Studio MAX/VIZ driver
[fs agent]
Filename=fagent.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojvolverb.html" target=_blank>VOLVER-B</a> TROJAN!
[fsaa]
Filename=fsaa.exe
Confirmed=Y
Description=<a href="http://www.f-secure.com/products/anti-virus/fsav2005/" target=_blank>F-Secure</a> antivirus Authentication Agent - creates and stores private keys used by a client to access servers
[fscboss]
Filename=FSCBoss.exe
Confirmed=N
Description=<a href="http://freestorenow.com/dollardriven/makingmoney.html" target=_blank>Free Store Club</a> shop online software
[fsdpsrv]
Filename=FSDPSRV.exe
Confirmed=?
Description=<font color="#FF0000">??</font>
[fsh]
Filename=svcnva.exe
Confirmed=X
Description=Malware, detected by <a href="http://www.ewido.net/en/" target=_blank>Ewido Security Suite</a> as TrojanDownloader.Delf.ks
[fsp]
Filename=fsp.exe
Confirmed=U
Description=<a href="http://www.baxbex.com/foldershield.html" target="_blank">Folder Shield</a> - hide entire directories and thus prevent access by anyone else to your personal files and documents
[fspr]
Filename=FolderShield.exe
Confirmed=Y
Description=<a href="http://www.baxbex.de/foldershield.html" target="_blank">Folder Shield</a> - hide personal files and folders
[fsscrctl]
Filename=FSScrCtl.exe
Confirmed=N
Description=Screen saver control applet used by the "Stardust Screen Saver Toolkit" and "SolidWorks Screen Saver"
[fsserv]
Filename=fserv.exe
Confirmed=U
Description=<a target="_blank" href="http://www.bysoft.se/sureshot/farsighter/manual.html">Farsighter Server</a> - monitors a remote computer invisibly by streaming video to a viewer on your computer. You will know exactly what is happening on the remote computer as you see it in real-time
Description=<a href="http://www.sharing-file.com/" target=_blank>Easy File Sharing Web Server</a> is a Windows program that allows you to host a secure peer-to-peer and web-based file sharing system without any additional software or services
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
[ftpgraber]
Filename=FTPGraber.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderdt.html" target=_blank>DLOADER-DT</a> TROJAN!
[ftpmanager]
Filename=FTPDM.exe
Confirmed=N
Description="<a href="http://www.robust.ws/ftpdm.html" target=_blank>Robust FTP</a> is a Windows-based file transfer client application that transfers files between a userÆs local PC and another, remote computer system connected via a modem and telephone lines or by a local-area network (with upload transfer resume and download transfer resume)". Can be started manually
[ftpqueue]
Filename=Ftpsched.exe
Confirmed=U
Description=Part of <a href="http://www.ipswitch.com/Products/WS_FTP/" target="_blank">WS_FTP Pro</a> from Ipswitch. Queueing facility for scheduling FTP transfers
[fujitsu menu]
Filename=FjMnuIco.exe
Confirmed=U
Description=From the "Fujitsu Menu" tray icon you have instant access to the Control Panel, Tablet pc keyboard, Tablet and pen settings, Fujitsu display controls, brightness control, sounds and audio devices, capture screen, capture window, organize favorites, power options, printers and faxes, LCD brightness MIN, LCD brightness MAX, Enable/disable Button Panel and the Fujitsu menu settings, which are customizable
[fukerservice]
Filename=fukerz.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdrivola.html" target=_blank>DRIVOL-A</a> TROJAN!
[fwdmon.exe]
Filename=fwdmon.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojproxys.html" target=_blank>PROXY-S</a> TROJAN!
[fwenc.exe]
Filename=fwenc.exe
Confirmed=Y
Description=<a target="_blank" href="http://www.checkpoint.com/products/protect/vpn-1_srsc.html">Check Point SecuRemote VPN client</a> - "dynamic and fixed IP addressing for all ISP services - dial-up, cable modem, or DSL - the ideal solution for telecommuters and mobile workers"
[fwr command module]
Filename=fwr.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotpp.html" target="_blank">SDBOT-PP</a> WORM!
[fwrastrc]
Filename=fwrastrc.exe
Confirmed=N
Description=Dial-up software for Friendly Technologies/1NationOnLine free ISP
[fwservice]
Filename=fwservice
Confirmed=N
Description=eAcceleration Stop-Sign related - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm#ss_note" target="_blank">note</a>
[fx]
Filename=ieloader.exe
Confirmed=X
Description=Added by the SMALL.RR TROJAN!
[fxredir]
Filename=fxredir.exe
Confirmed=U
Description=Canon MultiPASS fax redirector
[f~a]
Filename=ra32.exe
Confirmed=X
Description=Added by the <a href="http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=101037&affid=125" target=_blank>CAY</a> TROJAN!
[g.exe]
Filename=g.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.graybird.q.html" target=_blank>GRAYBIRD.Q</a> TROJAN!
[g00123]
Filename=[worm filename]
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.bugbros@mm.html" target="_blank">BUGBROS</a> WORM!
[g0mez]
Filename=G0mez.vbs
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/vbsgormleza.html" target=_blank>GORMLEZ-A</a> WORM!
[g3]
Filename=GSMedia3.exe
Confirmed=X
Description=Malware downloader - detected by <a href="http://www.kaspersky.com/personalpro" target=_blank>Kaspersky</a> antivirus as Trojan.Win32.VB.ux
[g3dctl]
Filename=g3dctl.exe
Confirmed=?
Description=<font color="#FF0000">??</font>
[gadu-gadu]
Filename=gg.exe
Confirmed=N
Description=Polish language Instant Messaging client
[gadwin printscreen]
Filename=PrintScreen.exe
Confirmed=N
Description=Gadwin <a href="http://www.gadwin.com/printscreen/" target="_blank">PrintScreen</a> - utility to capture, print or save the current window
[gaelicum.exe]
Filename=GAELICUM.EXE
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojpentaa.html" target=_blank>PENTA-A</a> TROJAN!
Description=<a href="http://gaim.sourceforge.net/" target=_blank>Gaim</a> is an instant messenger client with capability to connect to AIM, ICQ, MSN Messenger, Yahoo, IRC, Jabber, Gadu-Gadu and Zephyr networks
[gainward]
Filename=TBPanel.exe
Confirmed=U
Description=Configuration utility for Gainward graphics cards. Not required unless you use non-default settings. Available via Start -> Settings -> Control Panel
[game]
Filename=shit.exe
Confirmed=X
Description=Added by the Netclap Gold backdoor TROJAN!
[game device]
Filename=JOYUPDRV.EXE
Confirmed=N
Description=Genius game controller profile activator
Description=<a href="http://help.kontiki.com/enduser/group.jsp;jsessionid=2C47C896EA1784C5321FD3E6845E8157?node=2846" target="_blank">Kontiki Delivery Manager</a> - Windows-based client software that enables secure delivery of content to users' desktops
[gameutil.exe]
Filename=gameutil.exe
Confirmed=U
Description=Part of Redline RegTweak as supplied with Sapphire ATI graphics cards. You can configure different overlclocking settings on a per game basis and this sets those conditions following a re-boot
[gammahotkeys]
Filename=setgamma.exe
Confirmed=U
Description=Part of the <a href="http://radeontweaker.sourceforge.net/" target="_blank">RadeonTweaker</a> program for adjusting ATI Radeon graphics cards. Allows you to adjust the gamma (or brightness) when playing a full-screen game without switching back to the desktop
[gasrv]
Filename=gaSrv.exe
Confirmed=X
Description=Adware downloader, identified by <a href="http://www.pandasoftware.com/home/default.asp" target=_blank>Panda</a> antivirus as Trojan.Downloader.ALQ
[gasrve]
Filename=gaSrve.exe
Confirmed=X
Description=Adware downloader, identified by <a href="http://www.pandasoftware.com/home/default.asp" target= blank>Panda</a> antivirus as Trj/Downloader.ALQ
[gate personal firewall]
Filename=Systpl.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.ADC&VSect=P" target=_blank>RBOT.ADC</a> WORM
[gator]
Filename=gator.exe
Confirmed=X
Description=<a href="http://www.doxdesk.com/parasite/Gator.html" target=_blank>Gator</a> eWallet - also see <a href="http://www.symantec.com/avcenter/venc/data/adware.gatorewallet.html" target=_blank>here</a>
[gator ewallet]
Filename=gator.exe
Confirmed=X
Description=<a href="http://www.gator.com/about/" target="_blank">Gator eWallet</a> from The Gator Corporation. Spyware - see <a href="http://www.pchell.com/support/gator.shtml" target="_blank">here</a> for removal instructions
[gazeldisplay]
Filename=gsyno.exe
Confirmed=U
Description=<a href="http://www.bt.com/homehighway/more_info.htm">BT Digital Access USB</a> - Gazel ISDN installation System Tray icon
[gbtray]
Filename=GBTray.exe
Confirmed=U
Description=System Tray icon access to Roxio's (nee Adaptec) <a href="http://www.roxio.com/en/products/goback/index.jhtml"> GoBack</a> software which allows you to revert back to a previously working state on you hard drive if you install a new program and your system goes faulty - performing the same functions with extra features as System Restore on WinMe/XP systems. Disable before running Scandisk or Defrag. Not required for WinMe/XP users, recommended for Win9x/NT/2K users
[gcasdtserv]
Filename=gcasDtServ.exe
Confirmed=X
Description=Added by an unidentified WORM or TROJAN. Note - this is not related to Microsoft Antispyware which has a process bearing the same name which doesnÆt appear as a startup
[gcc reminder]
Filename=gccrem.exe
Confirmed=?
Description=Associated with <a href="http://www.arcamax.com/products/oem/ogccreator.htm" target="_blank">AcraMax Greeting Card Creator</a>. <font color="#FF0000">Is it a registration reminder?</font>
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.ranky.k.html" target=_blank>RANKY.K</a> TROJAN!
[gdien32]
Filename=gdien32.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsingup.html" target=_blank>SINGU-P</a> TROJAN!
[gdmgr.exe]
Filename=gdmgr.exe
Confirmed=U
Description=<a href="http://securityresponse.symantec.com/avcenter/venc/data/spyware.guardmon.html" target=_blank>GuardMon</a> is a commercial surveillance software program designed to monitor all forms of user activity on a computer
[gdrive]
Filename=GDriver.exe
Confirmed=N
Description=Found on IBM systems. All it does is set the CDROM drive letter to G:. Set your drive letter manually via Start -> Settings -> Control Panel -> System -> Device Manager
[gearbox]
Filename=confsvr.exe
Confirmed=N
Description=NTL's Gearbox software for configuring internet connections with their NTLWorld software - does a similar job to the Internet Connection Wizard which can be used instead using the dial-up details available <a href="http://www.ntlworld.com/help/settings.htm" target="_blank">here</a>
[gearsec]
Filename=gearsec.exe
Confirmed=N
Description=Installed by Apple Quicktime package - iPod/iTunes CDRW support. Can be disabled if you only require Quicktime player
[gedzac]
Filename=GEDZAC.exe
Confirmed=X
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/w32.hllw.gemel.html" target="_blank">GEMEL</a> WORM!
[gemstrmw]
Filename=GemStRmW.exe
Confirmed=N
Description=For a GemPlus smart card reader. If it doesn't start automatically when you insert the smart card, start it manually
[gene usb monitor]
Filename=USBMonit.exe
Confirmed=U
Description=Monitors USB ports for insertion of Sandisk USB flashdrives
[general lptt01]
Filename=general.exe
Confirmed=X
Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "General" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a ref="http://www.wilderssecurity.net/specialinfo/rapidblaster.html#removal" target="_blank"> here</a>
[general ml097e]
Filename=general.exe
Confirmed=X
Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "General" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a ref="http://www.wilderssecurity.net/specialinfo/rapidblaster.html#removal" target="_blank"> here</a>
[generic host proccess for windows]
Filename=SVCHOSTS.EXE
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32spybotgq.html" target= blank>SPYBOT-GQ</a> WORM!
[generic host process2 system backup]
Filename=scvhost2.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotbah.html" target=_blank>RBOT-BAH</a> WORM!
[generic host process326a system backup]
Filename=scvhost326a.exe
Confirmed=X
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
[generic host service]
Filename=lshost.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.LU&VSect=T" target="_blank">RBOT.LU</a> WORM!
[generic services process]
Filename=regsvc32.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.sy.html" target="_blank">GAOBOT.SY</a> WORM!
[genie usb monitor]
Filename=USBmonitor.exe
Confirmed=Y
Description=Port monitor for an external USB hard drive. Required to enable access to the drive
[geography tx 1.0 nt]
Filename=CompuSpeed.vbs
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/vbsnewleya.html" target= blank>NEWLEY-A</a> WORM!
[gerenciamento de arquivos do windows]
Filename=Winmod32.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderwg.html" target=_blank>DLOADER-WG</a> TROJAN!
[gestionnaire de disques universel]
Filename=sysoobe.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojtoadera.html" target=_blank>TOADER-A</a> TROJAN!
[get smile]
Filename=getsmile.exe
Confirmed=N
Description=Puts smilie faces in your E-mail. Run manually when required
[getright tray icon]
Filename=GETRIGHT.EXE
Confirmed=N
Description=GetRight from Headlight Software - download manager for resuming downloads and choosing multiple download locations. The freeware version is/was spyware. The registered version isn't if you don't install the Aureate/Radiate software. Available via Start -> Programs
[getthemusic]
Filename=rundll32.exe MSA64CHK.dll, DllMostrar
Confirmed=X
Description=<a href="http://research.sunbelt-software.com/threat_display.cfm?name=MatrixDialer&threatid=14914&search=MatrixDialer" target=_blank>MatrixDialer</a> related
[getwin]
Filename=winB_.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankerhs.html" target=_blank>BANKER-HS</a> TROJAN!
[ghoststartservice]
Filename=GhostStartService.exe
Confirmed=N
Description=Required to run the Windows based wizard in <a href="http://www.symantec.com/sabu/ghost/ghost_personal/" target="_blank">Norton Ghost</a> - added from the 2003 version. Will start automatically when you run the wizard
[ghoststarttrayapp]
Filename=GhostStartTrayApp.exe
Confirmed=N
Description=System Tray access to <a href="http://www.symantec.com/sabu/ghost/ghost_personal/" target="_blank">Norton Ghost</a> - added from the 2003 version
[ghostsurfdelsatellite]
Filename=DeleteSatellite.exe
Confirmed=?
Description=<a href="http://www.tenebril.com/products/ghostsurf/spycatcher.html" target=_blank>SpyCatcher</a> spyware remover related. <font color="#FF0000">What does it do and is it required?</font>
[gigabit.exe]
Filename=gigabit.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.u@mm.html" target="_blank">BEAGLE.U</a> WORM!
[gigabyte]
Filename=Cheatle.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllp.shodi.b.html" target="_blank">SHODI.B</a> VIRUS!
[gilat som enumerator]
Filename=dllhost.exe
Confirmed=Y
Description=For Gilat Communications internet satellite systems - associated with SkyBlaster modem. Required if you have this system
[gilatftc]
Filename=ftc.exe
Confirmed=Y
Description=For Gilat Communications internet satellite systems - associated with SkyBlaster modem. Required if you have this system
[ginadll]
Filename=ntgina.dll
Confirmed=X
Description=Added by the <a href="http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?VName=WORM_ANIG.A" target="_blank">ANIG.A</a> WORM!
[gisdnlog]
Filename=gisdnlog.exe
Confirmed=?
Description=<a href="http://www.bt.com/homehighway/more_info.htm">BT Digital Access USB</a>
[glass2k]
Filename=Glass2k.exe
Confirmed=U
Description="<a href="http://www.chime.tv/products/glass2k.shtml" target="_blank">Glass2k</a> is a small little program that allows Win2K/XP users to make any window transparent"
[glf network lan monitor]
Filename=NPFMNTOR.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotagy.html" target=_blank>RBOT-AGY</a> WORM!
Description=Reported by Kaspersky Anti-Virus as IM-Worm.Win32.VB.q, may be related to the <a href="http://www.sophos.co.uk/virusinfo/analyses/w32attechc.html" target=_blank>ATTECH-C</a> WORM!
[globalscape]
Filename=[random filename]
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaym.html" target=_blank>RBOT-AYM</a> WORM!
[glsett32]
Filename=smsiexec.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojoptixd.html" target=_blank>OPTIX-D</a> TROJAN!
[gluon]
Filename=gluon.exe
Confirmed=?
Description=<font color="#FF0000">In a gluon/bin sub-directory</font>
[glv]
Filename=glv.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderng.html" target= blank>DLOADER-NG</a> TROJAN!
[gmouse]
Filename=Gmouse.exe
Confirmed=Y
Description=Amouse mouse driver - required if you use non-standard Windows driver features
[gnetmous]
Filename=gnetmous.exe
Confirmed=U
Description=<a href="http://www.geniusnet.com.tw/product/mouse/netscroll+.htm" target="_blank">Genius NetScroll+</a> mouse driver - required if you use non-standard Windows driver features
[gnub]
Filename=gnub.exe
Confirmed=?
Description=<font color="#FF0000">??</font>
[go!zilla]
Filename=gozilla.exe
Confirmed=X
Description=Download manager for resuming downloads and choosing multiple download locations. Advertising spyware
[go!zilla monster downloads]
Filename=Go.exe
Confirmed=X
Description=Download manager for resuming downloads and choosing multiple download locations. Advertising spyware
[goback polling service]
Filename=GBPoll.exe
Confirmed=U
Description=Roxio's (nee Adaptec) <a href="http://www.roxio.com/en/products/goback/index.jhtml"> GoBack</a> software which allows you to revert back to a previously working state on you hard drive if you install a new program and your system goes faulty - performing the same functions with extra features as System Restore on WinMe/XP systems. Disable before running Scandisk or Defrag. Not required for WinMe/XP users, recommended for Win9x/NT/2K users
[goback tray icon]
Filename=GBTray.exe
Confirmed=U
Description=System Tray icon access to Roxio's (nee Adaptec) <a href="http://www.roxio.com/en/products/goback/index.jhtml"> GoBack</a> software which allows you to revert back to a previously working state on you hard drive if you install a new program and your system goes faulty - performing the same functions with extra features as System Restore on WinMe/XP systems. Disable before running Scandisk or Defrag. Not required for WinMe/XP users, recommended for Win9x/NT/2K users
[gog]
Filename=GOG.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllp.philis.b.html" target="_blank">PHILIS.B</a> VIRUS!
Description=Goldensoft CD Ghost related - turns a computer into a 200X-speed CD-ROM tower. Working from the hard drive, users can simultaneously access as many as 23 virtual CD-ROM drives at a speed of 200X for true multitasking
[golum]
Filename=services.exe
Confirmed=X
Description=Added by the GOLUM.A TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process, which should not appear in Msconfig/Startup!
[golumm]
Filename=services.exe
Confirmed=X
Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant - also detected as the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderet.html" target= blank>DLOADER-ET</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target=_blank>services.exe</a> process, which should not appear in Msconfig/Startup!
[google]
Filename=google.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotamw.html" target=_blank>RBOT-AMW</a> WORM!
[google desktop search]
Filename=GoogleDesktop.exe
Confirmed=N
Description=<a href="http://desktop.google.com/about.html" target=_blank>Google Desktop Search</a> - "a desktop search application that provides full text search over your email, computer files, chats, and the web pages you've viewed. By making your computer searchable, Google Desktop Search puts your information easily within your reach and frees you from having to manually organize your files, emails, and bookmarks"
[google earth]
Filename=[random filename]
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaxk.html" target=_blank>RBOT-AXK</a> TROJAN!
[google earth viewer]
Filename=GOOGLEMAPS.EXE
Confirmed=N
Description=<a href="http://earth.google.com/" target=_blank>Google Earth</a> "combines satellite imagery, maps and the power of Google Search to put the world's geographic information at your fingertips"
[google intrenet explorer]
Filename=google.pif
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotara.html" target=_blank>RBOT-ARA</a> WORM!
[google toolbar]
Filename=ggtb32.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotrr.html" target= blank>AGOBOT-RR</a> WORM!
[googledcclient]
Filename=GoogleDCC.exe
Confirmed=N
Description=<a target="_blank" href="http://toolbar.google.com/dc/faq_dc.html#about1">Google Compute Client</a> - only present if you installed the Google Toolbar with "Google Compute" client active. Does complex calculations in the background when idle. If you want to turn it off go to your browser, click on the little double-helix on the Google Toolbar, and click "Stop Computing"
[googletalk]
Filename=googletalk.exe
Confirmed=U
Description=<a href="http://www.google.com/talk/" target=_blank>Google Talk</a> "enables you to call or send instant messages to your friends for free-anytime, anywhere in the world". Can be launched manually
[gotomypc]
Filename=g2svc.exe
Confirmed=U
Description=<a href="https://www.gotomypc.com/ad/corp/home" target="_blank">ExpertCity GoToMyPc</a> logon - web-based remote-access solution that allows individuals and companies to register their computers online and then securely access those computers from any web browser
[gotsmiley]
Filename=GotSmiley.exe
Confirmed=X
Description=<a href="http://www.doxdesk.com/parasite/Gator.html" target=_blank>Gator</a> GotSmiley - adware based, also see <a href="http://www.symantec.com/avcenter/venc/data/adware.gotsmiley.html" target=_blank>here</a>
[gouday.exe]
Filename=readme.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.c@mm.html" target="_blank">BEAGLE.C</a> WORM!
[gra]
Filename=gra.exe
Confirmed=N
Description=Looks at system resources at startup and warns you if they have dropped. Contains links to the Disk Clean Up, Defrag and Start Up Menu. It does have a link to a startup configuration utility. Similar to msconfig but can keep a list of disabled apps. Not really necessary. Only appears if you load the Gateway Startup Utility
[gramdate]
Filename=2Stop.exe
Confirmed=?
Description=<font color="#FF0000">??</font>
[graphic driver]
Filename=smss32.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
[graphic loader]
Filename=ntvdm32.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
[gravis appawareloader]
Filename=dbserver.exe
Confirmed=U
Description=Looks like it's associated with <a href="http://www.gravis.com/" target="_blank"> Gravis</a> game controllers and the Keyset Manager, allowing the user to program the buttons for games that don't support them
[gravis xperience driver support]
Filename=Grxp4exe.exe
Confirmed=U
Description=Driver for <a href="http://www.gravis.com/" target="_blank">Gravis</a> game controllers such as the Eliminator Aftershock. Must be loaded if you run the supplied application software for the controller to be recognized. Start it manually via a shortcut if not used
[grdsys32]
Filename=GrdSys32.exe
Confirmed=?
Description=X-Stream ISP software. Offers free Net access funded by on-screen ads. <font color="#FF0000">Is it required or can you create your own dial-up networking connection to use on demand?</font>
[greetings workshop]
Filename=GWREMIND.EXE
Confirmed=N
Description=You really want to be reminded about somebody's birthday at the expense of resources?
[gremier]
Filename=wscript.exe gpremier.vbs
Confirmed=X
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/vbs.gpremier@mm.html" target="_blank">GPREMIER</a> WORM!
[gremlin]
Filename=intrenat.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.doomjuice.html" target="_blank">DOOMJUICE</a> WORM!
[grokster]
Filename=Grokster.exe
Confirmed=N
Description=<a href="http://www.pestpatrol.com/PestInfo/G/Grokster.asp" target=_blank>Grokster</a> Peer-To-Peer File Sharing program
[grpconv]
Filename=grpconv.exe
Confirmed=N
Description=Microsoft Windows Program Group Converter - used by installers (ONLY in the RunOnce keys) - provides the translation of groups and group items to folders and links. Also see <a href="http://support.microsoft.com/?kbid=119941" target= blank>this</a> MS Knowledge Base article
Description=ADSL modem monitor from <a href="http://www.eicon.com/worldwide/default.htm" target="_blank">Eicon Networks</a> (as used by BT for its Broadband internet service for example). Can safely be disabled without affecting the connection - all this does is give an indication of connectivity and access to the diagnostic facilities
[gsifinal]
Filename=rundll32 gspndll.dll, postInstall final
Confirmed=?
Description=USB DSL modem related - [what does it do and is it required in startup?</font>
[gsorganizer]
Filename=GSOrganizer.exe
Confirmed=N
Description=<a href="http://www.tgslabs.com/index.php3" target="_blank">GoldenSection Organizer</a> - personal information manager
Description=Gator spyware component - see <a href="http://www.cexx.org/gator.htm" target=_blank>here</a>
[gsv]
Filename=gsv.exe
Confirmed=X
Description=Added by the ROBAL 1.0 backdoor TROJAN!
[gtwatch]
Filename=gtwatch.exe
Confirmed=N
Description=Associated with a Mustec scanner and not required
[guard]
Filename=Guard.exe
Confirmed=U
Description=Related to <a href="http://www.phoenix.com/" target=_blank>Phoenix Technologies</a> Core Managed Environment (cME) Integration and Certification program
[guardian]
Filename=CMGrdian.exe
Confirmed=N
Description=McAfee's QuickClean, an offline version of the one in their online Clinic. Normally run offline and not needed. Incidentally, incorporates more cleanup programs than the likes of WinOptimizer and System Mechanic
[gurunet]
Filename=GuruNet.exe
Confirmed=U
Description=<a href="http://www.gurunet.com/what_tools.jsp" target=_blank>GuruNet</a> lets you click on any word on your screen to get the relevant information you want
[gustavved]
Filename=[filename].exe
Confirmed=X
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/w32.opaserv.h.worm.html" target="_blank">OPASERV.H</a> WORM!
[gvagfxj]
Filename=rundll32 ...gvagfxj.dll
Confirmed=X
Description=Unidentified adware, spyware or virus
[gw port controller]
Filename=PORTCT95.EXE
Confirmed=Y
Description=From a visitor - "I must keep it active in start up or my Lexmark printer and RCA Cam program cannot discover a working port to work". From the file properties, the file is known as "Smart Thru Fax Drive Spy" and is supplied by Samsung
[gwinkmonitor]
Filename=GWInkMonitor.exe
Confirmed=N
Description=Gateway ink monitor - makes an annoying popup that says your printer may be running out of ink, do you want to buy some!
[gwmdmmsg]
Filename=GWMDMMSG.exe
Confirmed=N
Description=Used with internal modems on Gateway and vprMatrix PCs. This is the "GTW modem messaging applet" and is not required for the modem to work correctly
[gwmdmpi]
Filename=GWMDMpi.exe
Confirmed=U
Description=Used with internal modems on Gateway PCs such as the 450SX Notebook. Required for audio settings to be maintained and does not remain in memory once run. See <a href="http://support.gateway.com/support/drivers/moreinfo.asp?readmeURL=ftp%3A//ftp.gateway.com/pub/hardware_support/drivers/win_xp/portable/450sx4/7512994.txt" target="_blank">here</a> for more information
[gwum]
Filename=gwum.exe
Confirmed=U
Description=Gigabyte utility manager. Loads if you have a Gigabyte motherboard and got a full bundle of utilities installed. Monitors CPU, fans, BIOS etc. Only used by system "tweakers"
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojfeutelc.html" target=_blank>FEUTEL-C</a> TROJAN!
[g_server1.2.exe]
Filename=G_Server1.2.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojgraybirdz.html" target=_blank>GRAYBIRD-Z</a> TROJAN!
[h/pc connection agent]
Filename=WCESCOMM.EXE
Confirmed=U
Description=Active sync for use with Windows CE based palm PC
[h4te service drivers]
Filename=h4te.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
[hachimitsu-lemon]
Filename=hachimitsu-lemon.exe
Confirmed=X
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/trojan.hachilem.html" target=_blank>HACHILEM</a> TROJAN!
[hagent]
Filename=avp.exe
Confirmed=X
Description=Added by the "Herman Agent" remote access TROJAN!
[halifaxhowardcluster]
Filename=skinkers.exe
Confirmed=U
Description=<a href="http://www.skinkers.com/clients.html" target="_blank">Howard the Weatherman</a> desktop client from Halifax by Skinkers - marketing/messaging tool. Leave enabled if you want to receive messages
[hamfrontpanel]
Filename=hampanel.exe
Confirmed=U
Description=Displays a panel simulating modem lights for the Intel HaM internal modem. The lights are useful as a reminder to disconnect from the net if you are likely to forget, but otherwise pointless
[handy backup 3.9]
Filename=hbagent.exe
Confirmed=U
Description=<a href="http://www.handybackup.com/" target="_blank">Handy Backup</a> - automatic backup of your critical data to virtually any type of storage media including CD-RW devices and remote FTP servers
[hardware doctor]
Filename=Hwdoctor.exe
Confirmed=U
Description=Winbond Hardware Doctor - as included on some motherboard using Winbond's hardware monitoring chips. Displays fan speeds, voltages, temperatures. Only required if you're concerned about your system temperature - typically for "overclocked" systems
[hardware monitor service]
Filename=mshms.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojwollfa.html" target=_blank>WOLLF-A</a> TROJAN!
[hardware sensors monitor]
Filename=hmonitor.exe
Confirmed=U
Description=Utility to monitor fan speed and temperatures - similar to Motherboard Monitor. Only required if you're concerned about your system temperature - typically for "overclocked" systems
[hare]
Filename=hare.exe
Confirmed=U
Description=<a href="http://www.foxpop.ndirect.co.uk/pc/dachshund_03.htm" target="_blank">Hare</a> - improve and optimize performance of desktop/laptop PCs
[hatape]
Filename=[path to trojan]
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankerqf.html" target=_blank>BANKER-QF</a> TROJAN!
[hawkeye]
Filename=HAWK_95.EXE
Confirmed=U
Description=Control Panel application for the old Number Nine graphics cards to change resolution, colour depth, etc. Available via Start -> Programs
[hawkeye iv control panel]
Filename=HAWK_32.EXE
Confirmed=U
Description=Control Panel application for the old Number Nine graphics cards to change resolution, colour depth, etc. Available via Start -> Programs
[hbinst]
Filename=Hbinst.exe
Confirmed=X
Description=<a href="http://www.hotbar.com/" target="_blank">Hotbar</a> enhances the surfing experience offering a variety of innovative and fresh skins to the browser while providing users worldwide with access to various services of added value and fun. Also regarded as adware/spyware due to it's adds and browsing habits information gathering - see <a href="http://www.safersite.com/pestinfo/H/HotBar_Adware.asp" target="_blank">here</a>
[hc reminder]
Filename=hc.exe
Confirmed=N
Description=For Compaq PC's. Help Compiler, crunches help database, will run without being in startup when needed
[hcdetect]
Filename=HCDetect.exe
Confirmed=N
Description=MS HomeClick Network - simple home network setup and configuration program included with 3Com HomeConnect home networking products. Runs in the background for network printer notification, detection, and Internet Connection Sharing (ICS) taskbar icon. Not required - network can be set-up manually, also has a known memory leak problem
[hcenter]
Filename=tgcmd.exe
Confirmed=U
Description=See also TgAddServer. This part ensures the software is installed correctly (similar to an installation wizard) as reported by Cox. Regarded as spyware by some as it has the ability to retrieve user information. Whether it does so depends upon the provider. One Toshiba user reports problems with hibernate on his laptop if disabled - hence the "U" recommendation
[hclean32.exe]
Filename=hclean32.exe
Confirmed=X
Description=<a href="http://research.sunbelt-software.com/threat_display.cfm?name=Misc.WareOut&threatid=40280&search=wareout" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
[hcontrol]
Filename=hcontrol.exe
Confirmed=U
Description=Hotkeys on an ASUS Notebook. Only required if you use the additional keys
[hdashcut]
Filename=HDAShCut.exe
Confirmed=N
Description=High definition audio page shortcut - not required
[hdaudio driver 1.0]
Filename=[random filename].exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojteadoord.html" target=_blank>TEADOOR-D</a> TROJAN!
[hdaudio driver 2.0]
Filename=[random filename].exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojteadoore.html" target=_blank>TEADOOR-E</a> TROJAN!
[hddhealth]
Filename=hddhealth.exe
Confirmed=U
Description=<a href="http://www.panterasoft.com/" target=_blank>HDD Health</a> is a "full-featured failure-prediction agent for machines using Windows 95, 98, NT, Me, 2000 and XP. Sitting in the system tray, it monitors hard disks and alerts you to impending failure"
[hddlife]
Filename=HDDlife.exe
Confirmed=U
Description=<a href="http://www.hddlife.com/" target=_blank>HDDlife</a> checks the health of your hard drives at regular intervals and informs you about the results of these checks
[hdhelp]
Filename=tbhdhelp.exe
Confirmed=?
Description=Associated with Philips <a href="http://www.consumer.philips.com/global/b2c/ce/catalog/subcategory.jhtml;jsessionid=4ORTA0KYTJOWWCRQNFJRX1YKGBUEWHAW?subCatId=SOUNDCARDS&groupId=PCSTUFF&divId=0" target="_blank">Edge</a> series soundcards. <font color="#FF0000">Is it required?</font>
[hdtray]
Filename=HDtray.exe
Confirmed=N
Description=Philips Edge Series Control Panel Tray Utility - system tray icon for a Philips <a href="http://www.consumer.philips.com/global/b2c/ce/catalog/subcategory.jhtml;jsessionid=4ORTA0KYTJOWWCRQNFJRX1YKGBUEWHAW?subCatId=SOUNDCARDS&groupId=PCSTUFF&divId=0" target="_blank">Edge</a> series soundcards. Available via Start -> Settings -> Control Panel
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/w32.mydoom.bo@mm.html" target= blank>MYDOOM.BO</a> WORM!
[hellbot3]
Filename=coolbot.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MYTOB.AB&VSect=T" target=_blank>MYTOB.AB</a> WORM!
[hellodolly]
Filename=shost.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.yodo@mm.html" target="_blank">YODO</a> WORM!
[help]
Filename=helpext.exe
Confirmed=?
Description=<font color="#FF0000">??</font>
[help temp files]
Filename=netreg.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotem.html" target= blank>FORBOT-EM</a> WORM!
[helpctl.exe]
Filename=helpctl.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.gaslide.html" target="_blank">GASLIDE</a> TROJAN!
[helper.dll]
Filename=[path] rundll32.exe [path] helper.dll
Confirmed=X
Description=CnsMin "<a href="http://217.115.153.73/parasite/CnsMin.html" target="_blank">Chinese Keywords</a>" hijacker related
[helpexp.exe]
Filename=HelpExp.exe
Confirmed=X
Description=Attune HelpExpress - spyware. Disable and uninstall - see <a href="http://www.c-squad.org/hxdl.html" target="_blank">here</a>
[helpmanager]
Filename=spoler.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.j.html" target="_blank">RANDEX.J</a> WORM!
[helpw]
Filename=helpw.exe
Confirmed=X
Description=Adware downloader
[hen]
Filename=[filename].exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.tarno.g.html" target="_blank">TARNO.G</a> TROJAN!
[heomstool]
Filename=heomstool.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.heoms.html" target=_blank>HEOMS</a> TROJAN!
[hercunes]
Filename=softhost.exe
Confirmed=X
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/w32.garroch@mm.html" target=_blank>GARROCH</a> WORM!
[hermes messenger]
Filename=DGDRHE~1.EXE
Confirmed=U
Description=A LAN messenger alternative to WinPopUp - <a href="http://www.dgdr.com/hermes/" target="_blank">Digital Dreams Software</a>
[hewlett packard manager]
Filename=hpmanager.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.mytob.ke@mm.html" target=_blank>MYTOB.KE</a> WORM! Note - this is not a valid Hewlett-Packard program
[hewlett packard recorder]
Filename=Remind32.exe
Confirmed=N
Description=HP multifunction registration
[hf]
Filename=Hf.exe
Confirmed=U
Description=<a href="http://www.fspro.net/hf/" target="_blank">Hide Folders</a> - hide your folders so only you can view them
[hf security]
Filename=hfsecure.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotti.html" target=_blank>AGOBOT-TI</a> WORM!
[hffsrv]
Filename=hffsrv.exe
Confirmed=U
Description=<a href="http://www.softstack.com/hff.html" target=_blank>Hide Files & Folders</a> is a "password-protected security utility working at the Windows kernel level allowing you to password-protect files and folders, or to hide them securely from viewing and searching"
[hfxp]
Filename=hfxp.exe
Confirmed=U
Description=<a href="http://www.fspro.net/hfxp/" target=_blank>Hide Folders XP</a> - hide your folders so only you can view them
[hgqhp.exe]
Filename=hgqhp.exe
Confirmed=X
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/trojan.flush.f.html" target=_blank>FLUSH.F</a> TROJAN!
[hgtxpei]
Filename=FirstReboot.exe
Confirmed=N
Description=Herucles Audio tool for the Hercules Game Theater XP soundcard. Available via Start -> Settings -> Control Panel
[hibermonitor]
Filename=HCount.exe
Confirmed=?
Description=<font color="#FF0000">??</font>
[hibernation]
Filename=hib32.exe
Confirmed=U
Description=Reduces the power consumption when the laptop isn't being used to preserve battery power. Similar programs on other laptops reduce the processor clock rate, etc. Required if you run of battery regularly
[hid.exe]
Filename=hid.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.ratsou.b.html" target="_blank">RATSOU.B</a> TROJAN!
[hideoe]
Filename=HideOE.exe
Confirmed=U
Description=<a href="http://www.r2.com.au/software.php?page=2&show=hideoe&PHPSESSID=2256bb0c52a103fac2bd9a885f0ca787" target=_blank>HideOE</a> - allows you to 'hide' Outlook Express or minimize it to the System Tray
[hiderun.exe]
Filename=Hiderun.exe and svhost.exe and pro.gif
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/bat.boohoo.worm.html" target="_blank">BOOHOO</a> WORM!
[hidestyle]
Filename=Ante Browse Trust.exe
Confirmed=X
Description=IE toolbar taking you to Lop.com. If the exe is running, end it and remove the "Stupidmore" directory from C:\Program Files
[hidserv]
Filename=hidserv.exe
Confirmed=U
Description=This is the <a href="http://www.microsoft.com/hwdev/tech/input/audctrl.asp" target="_blank">Human Interface Device Server</a> for Win98SE/2000/Me/XP, it is required only if you are using USB Audio Devices you can disable via Msconfig. See <a href="http://www.microsoft.com/hwdev/hid/audctrl.htm" target="_blank">here</a>. Typical examples are USB multimedia keyboards with volume control and web-ready keyboards. For example - loaded by default with MS DSS80 Speakers because they have Volume, Mute and Bass controls on the speaker. Some users may experience problems disabling this - if this is the case then re-enable it. Equivalent to MMHid in Win98. On HP Computers, HIDSERV is the controller for the keyboard sound controls on the USB and PS/2 keyboards
[high definition audio property page shortcut]
Filename=HDAudPropShortcut.exe
Confirmed=N
Description=Realtek audio card related - probably adds the odd feature to one of the "Sounds" Control Panel applet tabs - doesn't appear to be required
[hijackthis startup scan]
Filename=HijackThis.exe
Confirmed=U
Description=<a href="http://www.spywareinfo.com/~merijn/downloads.html" target= blank>HijackThis</a> lists the contents of key areas of the Registry and hard drive areas that are used by both legitimate programmers and hijackers. The program is continually updated to detect and remove new hijacks. It does not target specific programs and URLs, only the methods used by hijackers to force you onto their sites. As a result, false positives are imminent, and unless you're sure about what you're doing, you always should consult with knowledgable folks before deleting anything. Required if you'd like HijackThis to run a scan at startup, and show the results when new items are found (if so, check the appropriate box in the "Config" section")
[hijsrv32]
Filename=hijsrv.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankgermd.html" target=_blank>BANKGERM-D</a> TROJAN!
[historykill]
Filename=histkill.exe
Confirmed=N
Description=HistoryKill removes your web surfing path by removing the URL drop-list history, detailed history file, cache, and cookies in both IE and Netscape Navigator browsers. Available via Start -> Programs
[hitq]
Filename=HitQ.exe
Confirmed=X
Description=Hijacker, for more information see <a href="http://www.talkaboutshareware.com/group/alt.comp.freeware/messages/289755.html" target=_blank>here</a>
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.hiva.html" target="_blank">HIVA</a> TROJAN!
[hk]
Filename=hk.exe
Confirmed=U
Description=<a href="http://www.symantec.com/avcenter/venc/data/spyware.keyloggerexp.html" target=blank>KeyLoggerExp</a> ?keystroke logger/monitoring program. Given a "U" recommendation because it depends if you intentionally installed it. If you didn't treat it as "X" and uninstall or remove
[hkcmd]
Filename=hkcmd.exe
Confirmed=N
Description=Installed by the Intel 810 and 815 chipset graphic drivers. If the user wishes to have "HotKey" access to Intel's customised graphics properties, it is required, otherwise not. It can be disabled via the Display Properties in the Control Panel
[hkeyok]
Filename=runlli32.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojqqpassu.html" target=_blank>QQPASS-U</a> TROJAN!
[hklm\run]
Filename=windowsupdate.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotbj.html" target=_blank>FORBOT-BJ</a> WORM! (where HKLM\Run represents HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run)
[hkserv]
Filename=HKserv.exe
Confirmed=U
Description=Keyboard manager program required to use programmable power and function keys on some laptops such as the Sony PCG R505TS
[hkss]
Filename=hkss.exe
Confirmed=U
Description=Compaq HotKey Support - multimedia keyboard support
Description=Added by the <a href="http://vil.nai.com/vil/content/v_135291.htm" target=_blank>QLOWZONES-27</a> TROJAN!
[hll data parameter]
Filename=hllcxpa.exe
Confirmed=X
Description=Added by the <a href="http://es.trendmicro-europe.com/smb/security_info/virus_encyclopedia.php?s=1&VName=WORM_RBOT.AFG" target=_blank>RBOT.AFG</a> WORM!
[hmi powersystem]
Filename=hmisvc32.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.czz.html" target=_blank>RANDEX.CZZ</a> WORM!
[hml powersource]
Filename=hmlsvc32.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotxl.html" target= blank>SDBOT-XL</a> WORM!
[hmonitor]
Filename=Hmonitor.exe
Confirmed=U
Description=Hardware sensor monitoring program. Only required if you overclock your system and want to check on the status
[hmv powersource]
Filename=hmusvc32.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotyw.html" target=_blank>SDBOT-YW</a> WORM!
[ho2stdll.exe]
Filename=ho2stdll.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankerho.html" target=_blank>BANKER-HO</a> TROJAN!
[hoi services]
Filename=holsvc32.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotsf.html" target= blank>AGOBOT-SF</a> WORM!
[holiday lights]
Filename=Holiday Lights.exe
Confirmed=N
Description=<a href="http://www.tigertech.com/hlights.html" target="_blank">Holiday Lights</a> from Tiger Technologies. Festive desktop enhancement that adds lights. Available via Start -> Programs
[hollaback]
Filename=slvhosts.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.BMO&VSect=P" target=_blank>SDBOT.BMO</a> WORM!
[home theater schsvr]
Filename=SchSvr.exe
Confirmed=N
Description=<a href="http://www.intervideo.com" target="_blank">WinScheduler</a> is installed with Home Theater Remote Control for WinDVD from Intervideo. If you want to schedule recordings from your TV tuner card, you will need it. Available via Start -> Programs
[homealarm]
Filename=HomeAlarm.exe
Confirmed=U
Description=<a href="http://www.softshape.com/cham/" target="_blank">Chameleon Clock</a> - system tray clock replacement
[homecentre wakeup]
Filename=LGWAKEUP.EXE
Confirmed=?
Description=<font color="#FF0000">Associated with the no longer supported Xerox HomeCentre printer/scanner</font>
[homeland network]
Filename=HomelandNetwork.exe
Confirmed=X
Description=<a href="http://www.homelandnetwork.com/index.html" target=_blank>Homeland Network</a> Notifier - pops ads, see their <a href="http://homelandnetwork.com/privacy.html" target=_blank>privacy policy</a>
[honor]
Filename=honor.exe
Confirmed=?
Description=<font color="#FF0000">??</font>
[hook99startup]
Filename=hk2re.exe
Confirmed=U
Description="<a href="http://thunder.prohosting.com/~ladi/e_hook.html" target="_blank">Hook99</a> enables the user to customize the start button. You can change or remove the text and replace the Windows flag on button with icon of your choice. Supports Windows icons, bitmaps and can extract icons from executables and libraries. Hook99 can also make the background of desktop icons captions transparent"
[hooksys]
Filename=HookSys.exe
Confirmed=U
Description=<a href="http://www.rocketdownload.com/details/secu/6889.htm" target="_blank">SurfinGuard Pro</a> - protects against all malicious code delivered through executables, scripting files, ActiveX and Java
[horngtech4d]
Filename=bally4d.exe
Confirmed=Y
Description=HorngTech 4D mouse driver
[host process]
Filename=mame.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotapo.html" target=_blank>RBOT-APO</a> WORM!
[hostdll.exe]
Filename=hostdll.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankerbo.html" target=_blank>BANKER-BO</a> TROJAN!
[hostren.exe]
Filename=Hostren.exe
Confirmed=X
Description=Added by PWS.BANKER.F, a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojbankerbo.html" target=_blank>BANKER-BO</a> TROJAN!
[hostsvc syse]
Filename=HostSVC.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotanz.html" target=_blank>RBOT-ANZ</a> WORM!
[hot corners]
Filename=Hotc.exe
Confirmed=U
Description=<a href="http://www.southbaypc.com/HotCorners/" target="_blank">Hot Corners</a> - "lets you quickly activate or disable your screen saver by moving the mouse into a given corner of the screen"
[hot key kbd 2690 daemon]
Filename=SK9910DM.exe
Confirmed=U
Description=Multimedia keyboard manager - required if you use any special keys
[hot key keybd 9910 daemon]
Filename=SK9910DM.exe
Confirmed=U
Description=Multimedia keyboard manager - required if you use any special keys
[hot party 22]
Filename=hotpart22.exe
Confirmed=?
Description=<font color="#FF0000">??</font>
[hotaction_hr]
Filename=hotaction_hr.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/dialsiteiconb.html" target=_blank>SITEICON-B</a> DIALER! An uninstall option can be accessed via the Add or Remove Programs dialog in the Windows Control Panel. The software is listed as "HotAction_hr"
[hotfix updat]
Filename=svdhost32.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.zw.html" target="_blank">GAOBOT.ZW</a> WORM!
[hotide]
Filename=hotide.exe
Confirmed=U
Description=HotIDE allows Acer TravelMate owners to hot-swap external drives without switching of their notebooks
[hotkeyapp]
Filename=HotkeyApp.exe
Confirmed=U
Description=Programmable keys on Acer, Fujitsu and other laptops
[hotkeyscmds]
Filename=hkcmd.exe
Confirmed=N
Description=Installed by the Intel 810 and 815 chipset graphic drivers. If the user wishes to have "HotKey" access to Intel's customised graphics properties, it is required, otherwise not. It can be disabled via the Display Properties in the Control Panel
[hotpix]
Filename=hotpix.exe
Confirmed=X
Description=Adult content dialler
[hotplug]
Filename=hotplug.exe
Confirmed=X
Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=39574" target="_blank">SILLYDL</a> TROJAN!
[hotsync manager]
Filename=hotsync.exe
Confirmed=N
Description=Installed when connecting a Palm HotSync cradle up to a USB port. The Blue and Red Arrow Icon that enables Palm / Handspring Synchronizing. Available via Start -> Programs
[hotwetlove]
Filename=hotwetlove.exe
Confirmed=X
Description=Adult content dialler. Will not uninstall - components have to be manually deleted
Description=HP LaserJet 1000 related. <font color="#FF0000">Is it a driver or automatic firmware update (based upon the filename)?</font>
[hp autoindexer]
Filename=hppautoindexer.exe
Confirmed=U
Description=Installed by HP multi-function printer driver software, related to PC faxing. If you are not using the PC faxing feature you can go ahead and disable these services from the startup
[hp cd writer]
Filename=hpcdtray.exe
Confirmed=N
Description=System Tray access to a HP CD-Writer's functions. Available via Start -> Programs
[hp cd-dvd]
Filename=hpcdtray.exe
Confirmed=N
Description=System Tray access to a HP CD-Writer's functions. Available via Start -> Programs
[hp cd-writer]
Filename=hpcdtray.exe
Confirmed=N
Description=System Tray access to a HP CD-Writer's functions. Available via Start -> Programs
[hp center]
Filename=BACKWEB-*****.exe
Confirmed=X
Description=See <a href="http://h10025.www1.hp.com/ewfrf/wc/genericDocument?cc=us&docname=bph05170&lc=en&jumpid=reg_R1002_USEN#bph05170_G5" target="_blank">here</a> - "messaging service that automatically sends you support information, tips, ideas, and special offers from HP and our partners, especially designed for HP and Compaq desktop computer owners". Applies to certain HP Pavilion desktop computers between Fall 2001 and Spring 2003. * can be any digit
[hp center ui]
Filename=ShadowBar.exe
Confirmed=N
Description=User Interface for HP Center - see <a href="http://www.sysinfo.org/startuplist.php?filter=BACKWEB-******.exe" target="_blank">here</a>
[hp component manager]
Filename=hpcmpmgr.exe
Confirmed=N
Description=Checks the internet for updated drivers/utilities for your HP product - update manually. Disabling will remove the error "Windows can't shutdown the computer because hpcmpmgr.exe can't be ended"
[hp deskjet]
Filename=HP_DeskJet_500.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com.au/virusinfo/analyses/w32forbotda.html" target=_blank>FORBOT-DA</a> WORM!
[hp display settings]
Filename=hpdisply.exe
Confirmed=U
Description=Sets default display settings. Unchecking this item has been reported to cure a "Problem sending command to keyboard" error message
Description=Improves the startup time of HP Image Zone. If you disable it, HP Image Zone takes a long time to start up only the first time you run it. Subsequent startups are much faster than the first time
[hp info express]
Filename=??
Confirmed=N
Description=On HP PCs, allows the computer to automatically receive notifications from HP over the Internet. Associated with BackWeb
[hp instant support]
Filename=matcli.exe
Confirmed=U
Description="matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, state, etc and gets written to a log file". HP Instant Support is required to run with the Help and Support program. If you uncheck HP Instant Support and and then run Help and Support it will add another HP Instant Support in the startup menu. If you remove the HP Instant Support in the add/remove program some help menus in help and support will not be available. You decide
[hp internet center]
Filename=SURFBRD.EXE
Confirmed=N
Description=Loads the HP Internet center surfboard on startup. HP Internet Center allows you to customize the multimedia keys on the fly without having to go the Control Panel --> Keyboards to change them
[hp jetdiscovery]
Filename=HPJETDSC.EXE
Confirmed=N
Description=HP JetAdmin software which monitors printing jobs on a network environment
[hp jetspeed autostart]
Filename=AUTOSTART.EXE
Confirmed=N
Description=Autostart executable for the old multiplayer game HP Jetspeed
[hp laser jet director]
Filename=hppdirector.exe
Confirmed=U
Description=System Tray icon that opens various functions such as copy, fax, email, scan, copy plus, etc. Right-click on it and you see a few options such as the preceding bar plus About, Help, ToolBox, Exit, etc
[hp network registry agent]
Filename=hpnra.exe
Confirmed=?
Description=<font color="#FF0000">??</font>
[hp parallel port test]
Filename=hppt.exe
Confirmed=N
Description=Associated with a HP ScanJet scanner
[hp photo manager]
Filename=HPPhotoManager.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.AXU&VSect=T" target=_blank>SDBOT.AXU</a> WORM!
[hp port resolver]
Filename=hpbpro.exe
Confirmed=?
Description=<font color="#FF0000">??</font>
[hp precision scan]
Filename=hpmdlbwx.exe
Confirmed=N
Description=HP multifunction scanner software. Available from HP Office Jet R Toolbox so not required
[hp presentation ready]
Filename=PresRdy.exe
Confirmed=N
Description=HP Omnibook related: "Press a dedicated button above the keyboard and the system will instantly load your presentation software and change the screen resolution to match your display device"
[hp psc 2000 series]
Filename=hpobnz08.exe
Confirmed=U
Description=System Tray icon indicating when the printer is ready. Can be started manually with HP Director but takes time to start
[hp recordnow]
Filename=??
Confirmed=U
Description=From HP "Software for the CD writer. Do not prevent from starting unless the CD writer is never going to be used."
[hp scanpatch]
Filename=HPScanFix.exe
Confirmed=U
Description=Program that starts up and automatically fixes earlier versions of the Scanjet 5100c software. If a Scanjet 5100C scanner is not going to be used, then it is safe to remove or prevent from starting
[hp scanpicture]
Filename=hpsplmwa.exe
Confirmed=N
Description=HP multifunction scanner software. Available from HP Office Jet R Toolbox so not required
[hp schedindexer]
Filename=hppschedindexer.exe
Confirmed=U
Description=Installed by HP multi-function printer driver software, related to PC faxing. If you are not using the PC faxing feature you can go ahead and disable these services from the startup
[hp service drivers]
Filename=hdsys.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotze.html" target=_blank>SDBOT-ZE</a> WORM!
Description=Supplied with HP CD-RW drives - stores information about CD contents on your hard drive. Available via Start -> Programs or Desktop Icon
[hp status]
Filename=hpstatus.exe
Confirmed=N
Description=HP Printer Status and Alerts
[hp status server]
Filename=hpboid.exe
Confirmed=?
Description=Copied during installation of HP Inkjet Printer Drivers in Win2K/XP. <font color="#FF0000">What does it do and is it required?</font>
[hp tv now]
Filename=HpTvNow.exe
Confirmed=U
Description=Application supplied with HP notebooks. It activates the S-Video port and is said to improve the quality of the output signal (resolution/timeouts)
[hp updates]
Filename=??
Confirmed=N
Description=On HP PCs, allows the computer to automatically receive notifications from HP over the Internet. Associated with BackWeb
[hp visualize init]
Filename=HpVisIni.exe
Confirmed=?
Description=HP Visualize software related. <font color="#FF0000">What does it do and is it required?</font>
[hp-aio flight]
Filename=Remind32.exe
Confirmed=N
Description=HP multifunction registration
[hpaiodevice]
Filename=hpodev07.exe
Confirmed=N
Description=Direct from HP - "Device Objects Server - detects all device events and handles all ongoing communication on the device. Loads in the Startup group (except when "portable" is chosen during installation)". Related to various HP all-in-one printer/scanner/copier devices. They print and copy fine with those files disabled, and the icon installed on the desktop that points to "hpodir07.exe" works just fine if you need to use the scanner
[hpaiodevice(hp officejet g series)]
Filename=hpoavn07.exe
Confirmed=?
Description=HP Printer related, reportedly lets file transfers from an HP device pass files through Windows firewall. <font color="#FF0000">Is it required?</font>
[hpaiodevice(hp psc 900 series) -1]
Filename=hpobrt07.exe
Confirmed=N
Description=Installed with a Hewlett Packard 900 series colour printer, scanner, fax, photo card slot printer, copier. Assumed to perform an identical function to the hpaiodevice entry
[hpaio_printfoldermgr]
Filename=hpoopm07.exe
Confirmed=N
Description=Directly from HP: "This process has one purpose - detects if the device moves to a different port, and notifies other processes to look on the new port." For various HP all-in-one printer/scanner/copier devices. They print and copy fine with those files disabled, and the HP icon installed on the desktop that points to "hpodir07.exe" works just fine if you need to use the scanner
[hpcmpmgr]
Filename=hpcmpmgr.exe
Confirmed=N
Description=Checks the internet for updated drivers/utilities for your HP product - update manually. Disabling will remove the error "Windows can't shutdown the computer because hpcmpmgr.exe can't be ended"
[hpfsched]
Filename=hpfsched.exe
Confirmed=N
Description=HPFSCHED is a small TSR that will remind you to clean the cartridges in your DeskJet from time to time in order to keep print quality high. It can be removed from the run line in win.ini if you do not want that feature
[hpgamesactivemenu]
Filename=ActiveMenu.exe
Confirmed=U
Description=Wild Tangent demo games that come with some HP computers. Unchecking it can prevent the games from running occasionally. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case
[hpgs2wnd]
Filename=hpgs2wnd.exe
Confirmed=N
Description="HP's exclusive <a href="http://www.hp.com/peripherals2/scanjet_info/share-to-web/index.htm" target="_blank">Share-to-Web</a> software makes it easy to share content with others through our affiliate Internet websites."<font color="#FF0000"> </font>Available via Start -> Programs
[hpha1mon]
Filename=Hpha1mon.exe
Confirmed=U
Description=Media card reader for some HP series printers allowing them to read digital camera memory cards directly. Only needed if you use this feature
[hphaxmon]
Filename=HPHAxMON.EXE
Confirmed=U
Description=Media card reader for some HP series printers allowing them to read digital camera memory cards directly. Only needed if you use this feature and known to cause system crashes in some cases. "x" can be 1, 2 or 3 and depends upon driver version. Replaced by HPHmon** (where ** is the version number) from version 4 onwards
[hphmon03]
Filename=hphmon03.exe
Confirmed=U
Description=Related to the Hewlett-Packard Photosmart's configuration and diagnostics module
[hphmon04]
Filename=hphmon04.exe
Confirmed=U
Description=Media card reader for some HP series printers allowing them to read digital camera memory cards directly. Only needed if you use this feature
[hphmon05]
Filename=hphmon05.exe
Confirmed=?
Description=<font color="#FF0000">??</font>
[hphmon06]
Filename=hphmon06.exe
Confirmed=U
Description=Related to the Hewlett Packard software HP Photosmart printer, it provides easy access to flash card reading functions. This program is not essential to the running of the system. Your choice
[hphome]
Filename=hphome.js
Confirmed=X
Description=Homepage hijacker
[hphupd04]
Filename=hphupd04.exe
Confirmed=N
Description=HP Photosmart software update checker and wizard launcher. Available via Start -> Programs
[hphupd05]
Filename=hphupd05.exe
Confirmed=?
Description=<font color="#FF0000">??</font>
[hphupd06]
Filename=hphupd06.exe
Confirmed=N
Description=Belongs to the HP Photosmart application and is responsible for keeping this software upto date. This program is not essential to the running of the system
[hpjsiroute]
Filename=hpjsira.exe
Confirmed=?
Description=<font color="#FF0000">Related to HP laserjet printers and IP addresses. An IP address is appended to the name field - ie "hpjsiroute192.168.1.2"</font>
[hpl services]
Filename=hmlsvc32.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotsi.html" target=_blank>AGOBOT-SI</a> WORM and variants!
[hplamp]
Filename=HPLAMP.EXE
Confirmed=Y
Description=HP Scanner Utility that controls your scannerÆs light bulb. Needed if it's switched on. Also refer <a href="http://www.hp.com/cgi-bin/cposupport/get_doc.pl?SNI=hpscanjet320506&LC=scanners&Tfile=nps05042" target="_blank">here</a> for troubleshooting
[hplampc]
Filename=hplampc.exe
Confirmed=U
Description=HP Scanner Lamp Utility - fixes an issue with the scanner lamp not going off
[hplaptopgamesactivemenu]
Filename=ActiveMenu.exe
Confirmed=U
Description=Wild Tangent demo games that come with some HP computers. Unchecking it can prevent the games from running occasionally. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case
[hplj config]
Filename=SetConfig.exe
Confirmed=Y
Description=Connects system to networked HP printer.
[hplogifinder]
Filename=hp_finder.exe
Confirmed=U
Description=HP LogiFinder helps detect and allows the use of the centre button for the Logitech mouse. Can be disabled if not used
[hpmmkbd]
Filename=HpMmKbd.exe
Confirmed=U
Description=HPÆs multimedia keyboard driver which enables the end-user to use the automation features of the HP multimedia keyboard
[hpnt]
Filename=hpdll.exe
Confirmed=X
Description=Malware - detected by <a href="http://www.kaspersky.com/personalpro" target=_blank>Kaspersky</a> antivirus as Trojan-Downloader.Win32.VB.ku
[hpodblia]
Filename=hpodblia.exe
Confirmed=N
Description=HP OfficeJet Scan Button Monitor on a multi-function printer/copier/scanner. Start your scanning software manually
[hpoddt01.exe]
Filename=N/A
Confirmed=N
Description=Installed by the "HP Photo and Imaging Director" software. If you ask for the imaging software, this program will be started
[hpodlb08]
Filename=hpodlb08.exe
Confirmed=N
Description=HP OfficeJet Scan Button Monitor on a multi-function printer/copier/scanner. Start your scanning software manually
[hpotdd01.exe]
Filename=hpotdd01.exe
Confirmed=Y
Description=Detection of new imaging, printing and other peripherals on HP machines such as USB printers, cameras and Bluetooth products. "This program is a non-essential process, but should not be terminated unless suspected to be causing problems"
[hpppta]
Filename=HPPPTA.exe
Confirmed=Y
Description=HP parallel port driver for certain hardware
[hpprinter]
Filename=hpserver.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojcmjspyw.html" target=_blank>CMJSPY-W</a> TROJAN!
Description=Power save related for HP Scanners. Many users have complained of system freezes with it running but it stops the light from remaining on all the time. Try <a href="http://www.hp.com">www.hp.com</a>, pick your OS option under the SUPPORT tab, follow the instructions and you will find an updated lamp control patch
[hpqcmon]
Filename=hpqcmon.exe
Confirmed=?
Description=<font color="#FF0000">From HP and related to digital imaging</font>
[hpscanmonitor]
Filename=hpsjvxd.exe
Confirmed=U
Description=HP scanning software that enables you to scan images from your scanner. Needed if you're using the scanner
Description=HP ScanJet Button Manager. It allows users of the HPScanJet scanners to indicate what the buttons on the scanner will do automatically if pushed. Not required at startup, unless the scanner is used every day, such as in a business environment
[hpstart]
Filename=hpstart.wsf
Confirmed=N
Description=This a script used by HP that runs the first time one of their computers is started. Can't imagine why it would be starting up after the first boot
[hpsysconf1]
Filename=[random filename]
Confirmed=X
Description=Added by a variant of the <a href="http://de.trendmicro-europe.com/enterprise/security_info/ve_detail.php?id=59209&VName=TROJ_VIVIA.A&VSect=T" target="_blank">VIVIA.A</a> TROJAN!
[hpsysdrv]
Filename=hpsysdrv.exe
Confirmed=U
Description=This item keeps track of how many times the system has been recovered and the times of the first and last recoveries done on the system. Leaving unchecked will sometimes prevent the Keyboard Manager program from detecting that the computer is an HP. Since this program/driver was only made to run on HP, if it can't tell that it is an HP it will not run. If unchecked, it can prevent the running of the Application Recovery CDs, the use of the multimedia keys, and the HP Instant Support. Also seen that without it running, the Riptide Sound card that was installed on some older HP computers stops working
[hpu]
Filename=ProvenTactics.exe
Confirmed=N
Description=<a href="http://www.proventactics.com/" target="_blank">Proven Internet Marketing</a> software
[hpwirelessassistant]
Filename=HP Wireless Assistant.exe
Confirmed=U
Description=The HP Wireless Assistant is a user application that provides a way to control the enablement of individual wireless devices (such as Bluetooth or WLAN devices) and that shows the state of the radios for these wireless devices
[hpzts04]
Filename=hpzts04.exe
Confirmed=N
Description=Hewlett Packard printer toolbox shortcut that resides in the system tray
[hp_dla]
Filename=dlatray.exe
Confirmed=N
Description=On HP PCs, tray icon for dla - which provides drive letter access to HP's and Veritas' version of DirectCD
[hr]
Filename=Hr.exe
Confirmed=U
Description=<a href="http://sarc.com/avcenter/venc/data/spyware.hiddenrecorder.html" target=_blank>HiddenRecorder</a> periodically takes screenshots of the computer. If you didn't install this yourself remove it
[href.ocx]
Filename=regsvr32.exe ....HREF.OCX
Confirmed=U
Description=HREF.OCX is an ActiveX control developed by xFX JumpStart and used to provide HTML-alike clickable links on Windows-based programs such as <a href="http://software.xfx.net/utilities/popupkiller/index.php" target="_blank">PopUpKiller</a>
[hrn_qtv]
Filename=hrnsvc32.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotaet.html" target=_blank>SDBOT-AET</a> WORM!
[hslab logger]
Filename=logger.exe
Confirmed=U
Description=<a href="http://sarc.com/avcenter/venc/data/spyware.hslablogger.html" target=_blank>HSLABLogger</a> logs user activity and Internet activity. The gathered information can be sent to a predetermined email address. If you didn't install this yourself uninstall it
[hstrans]
Filename=hstrans.exe
Confirmed=U
Description=Homescan Internet Transporter - part of <a href="http://www2.acnielsen.com/products/cps_homescan.shtml" target=_blank>ACNielson Homescan</a>. Recognizes when the ACNielsen Homescan Scanner is attached to the computer and allows it to transmit scanner information to ACNielsen
[hti]
Filename=npdor.exe
Confirmed=U
Description=Appears in startup if you have chosen to participate in on survey by <a href="http://www.npdor.com/" target="_blank"> NPD Online Research</a>. Required for the survey to work correctly. Otherwise not required
[html help system]
Filename=hhs.pif
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotatb.html" target=_blank>RBOT-ATB</a> WORM!
[html32 help system]
Filename=hhs32.pif
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotate.html" target=_blank>RBOT-ATE</a> WORM!
[htpatch]
Filename=htpatch.exe
Confirmed=U
Description=HTpatch.exe is part of the SiS AGP patch - BUT unless your processor (and motherboard) supports HyperThreading (HT) and this feature is enabled it will actually SLOW your graphics card by around 6%
[htprotect]
Filename=AVprotect.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.l@mm.html" target="_blank">NETSKY.L</a> WORM!
[http://www.lienvandekelder.com]
Filename=Lien Van de Kelder.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobeq.html" target=_blank>MYTOB-EQ</a> WORM!
[http://www.lienvandekelder.com/]
Filename=LienVandeKelder.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobeo.html" target=_blank>MYTOB-EO</a> WORM!
[https-ssl]
Filename=https.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.moega.d.html" target="_blank">MOEGA.D</a> WORM!
[huhdir]
Filename=huhdir.exe
Confirmed=?
Description=<font color="#FF0000">??</font>
[huigezi]
Filename=HgzServer.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.graybird.c.html" target="_blank">GRAYBIRD.C</a> TROJAN!
[hvid]
Filename=Hvid.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html" target="_blank">GEMA</a> TROJAN!
[hwinst]
Filename=N/A
Confirmed=Y
Description=For Gilat Communications internet satellite systems. Gilat rescue (Satellite system restore). Required if you have this system. Can cause a BSOD (blue screen of death) if left out
[hwp]
Filename=system_wc.exe
Confirmed=X
Description=Added by <a href="http://www.symantec.com/avcenter/venc/data/adware.eziin.html" target=_blank>Eziin</a> adware
[hxadsec]
Filename=[path to trojan]
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojadclickap.html" target=_blank>ADCLICK-AP</a> TROJAN!
[hxdl.exe]
Filename=HXDL.EXE
Confirmed=X
Description=Attune HelpExpress - spyware. Disable and uninstall - see <a href="http://www.c-squad.org/hxdl.html" target="_blank">here</a>
[hxiul.exe]
Filename=HXIUL.EXE
Confirmed=X
Description=Attune HelpExpress - spyware. Disable and uninstall - see <a href="http://www.c-squad.org/hxdl.html" target="_blank">here</a>
[hydarvisiondesktopmanager]
Filename=desk95.exe
Confirmed=U
Description=ATI's HydraVision desktop management software, allowing for multi-monitor support, as included in ATI HydraVision versions 2.5 and earlier. Has been reported to cause problems, such as <a href="http://support.microsoft.com/?id=810937" target=_blank>this one</a>. HydraVision can be uninstalled through Add/Remove Programs
[hydravisiondesktopmanager]
Filename=desk98.exe
Confirmed=U
Description=ATI/Appian HydraVision Desktop Manager software - monitors and regulates window and dialog box placement according to user preferences when using a multi monitor setup
[hydravisionviewport]
Filename=viewport.exe
Confirmed=U
Description=ATI/Appian HydraVision Desktop Manager software - monitors and regulates window and dialog box placement according to user preferences when using a multi monitor setup
[hyper start]
Filename=instantmsgrs.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotnh.html" target=_blank>RBOT-NH</a> WORM!
[i-worm.gigu]
Filename=uGiG.eXe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.gink.worm.html" target="_blank">GINK</a> WORM!
[i/o controllers]
Filename=svcnet.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojtibikb.html" target=_blank>TIBIK-B</a> TROJAN!
[i386]
Filename=I386.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.mypower.b@mm.html" target="_blank"> MYPOWER</a> WORM!
[i81shell]
Filename=I81SHELL.exe
Confirmed=?
Description=<font color="#FF0000">Appears to be related to drivers for an Intel 810 graphics chipset on an ASUS motherboard</font>
[i8kfangui]
Filename=i8kfangui.exe
Confirmed=U
Description=Graphical interface for fan speed control
[iaanotif]
Filename=iaanotif.exe
Confirmed=U
Description=IAA Event Monitor User Notification Tool - part of <a href="http://www.intel.com/support/chipsets/iaa/" target="_blank"> Intel?Application Accelerator</a> - "a performance software package for desktop PCs using select Intel?chipsets" that "replaces the ATA drivers that come with Windows with drivers optimized for desktop and mobile PCs." If you use the RAID version it's required to notify you if a RAID 1 disk has failed
[iamapp]
Filename=iamapp.exe
Confirmed=Y
Description=AtGuard personal firewall engine. As Atguard was bought by Symantec some time ago, it's now the Norton Personal Firewall executable as well
[iamnacho on irc.musirc.com is a homosexual!]
Filename=XBox64.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.y.html" target="_blank">RANDEX.Y</a> WORM!
[iap]
Filename=iap.exe
Confirmed=?
Description=<font color="#FF0000">Possibly part of <a href="http://docs.us.dell.com/docs/software/smcliins/cli60/en/ug/intro.htm" target="_blank">Dell OpenManage Client Instrumentation</a> - software that allows remote management application programs to access information about, monitor the status of or change the state of the client computer, such as shutting it down remotely?</font>
[ias]
Filename=ias.exe
Confirmed=U
Description=<a href="http://www.symantec.com/avcenter/venc/data/spyware.invisibleaspy.html" target= blank>InvisibleASpy</a> keystroke logger/monitoring program - remove unless you installed it yourself!
[iashlpr]
Filename=IASHLPR.EXE
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.T" target="_blank">OPASERV.T</a> WORM!
[ibin]
Filename=[path to trojan]
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojperdac.html" target=_blank>PERDA-C</a> TROJAN!
[ibm]
Filename=ibm.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlegmirah.html" target=_blank>LEGMIR-AH</a> TROJAN!
[ibm warranty notification]
Filename=ERTS0749.exe
Confirmed=?
Description=IBM Warranty Notification - <font color="#FF0000">presumably it's a reminder to either register or that warranty is about to expire?</font>
[ibmmessages]
Filename=ibmmessages.exe
Confirmed=N
Description=Allows IBM to push messages onto users' computers. Quote: "The Access IBM Message Center can display messages to inform you about software and solutions available from IBM as well as messages from IBM eSupport"
[ibmmon.exe]
Filename=Ibmmon.exe
Confirmed=?
Description=<font color="#FF0000">??</font>
[ibmpmsvc]
Filename=ibmpmsvc.exe
Confirmed=U
Description=Power management driver for IBM laptops. Provides support for the use of four keys on the thinkpad keyboard with blue key tops - Fn, F3, F4 & F12 - which have specific functions to control the standby and hibernate buttons. Not required if you don't plan to go into standy or hibernate modes
[ibmultrabayhotswapcplloader]
Filename=IBMBAY2N.EXE
Confirmed=U
Description=Supports hot swapping in Thinkpad UltraBay Option on IBM ThinkPad laptops
[ibmultrabayhotswapsound]
Filename=IBMBAYSN.EXE
Confirmed=?
Description=<font color="#FF0000">Supports hot swapping in Thinkpad UltraBay Option on IBM ThinkPad laptops. Is it needed though - does it just play a sound?</font>
[ibwin background process]
Filename=IBackground.exe
Confirmed=U
Description=<a href="http://www.ibackup.com/ibwin_new.htm" target=_blank>IBackup</a> for Windows
[ibwin monitor]
Filename=IBMonitor.exe
Confirmed=U
Description=<a href="http://www.ibackup.com/ibwin_new.htm" target=_blank>IBackup</a> for Windows
[icabar]
Filename=icabar.exe
Confirmed=Y
Description=Related to Citrix MetaFrame
[icasserv]
Filename=icasServ.exe
Confirmed=X
Description=Browser hijacker, redirecting to Searchforfree.info. Also detected as the <a href="http://www.sophos.com/virusinfo/analyses/trojicaserva.html" target= blank>ICASERV-A</a> TROJAN!
[iccontrol]
Filename=iccontrol.exe
Confirmed=X
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/dialer.iccontrol.html" target=_blank>ICcontrol</a> premium rate adult content dialer
Description=Sound related and can be disabled without affecting performance although advanced sound features may be sacrificed. <font color="#FF0000">May be related to Compaq PC's with "SoundMAX integrated Digital Audio" (Analog Devices Inc.) devices</font>
[icifati]
Filename=yujixit.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.ZZH&VSect=P" target=_blank>SDBOT.ZZH</a> WORM!
[iclean]
Filename=iClean.exe
Confirmed=U
Description=<a href="http://www.nsclean.com/ieclean.html" target="_blank">IEClean</a> - "advanced, comprehensive package of tools which perform a number of functions to allow you to control your online privacy"
[icm]
Filename=ICM.EXE
Confirmed=Y
Description=Starts Internet Call Manager dialog box and/or taskbar icons at bootup. This is a subscription program from internetcallmanager.com that monitors a dialup phone line for incoming calls and handles voicemail
[icn]
Filename=NAG.EXE
Confirmed=N
Description=<a href="http://www.rocketdownload.com/Details/Inte/4948.htm" target="_blank">iChoose</a> - shopping browser enhancement that alerts you to cheaper deals for goods you want to buy, if they exist
[ico]
Filename=ICO.EXE
Confirmed=N
Description=Found on a Sony Vaio laptop and seems to be related to Mouse Suite 98 Daemon according to the properties. Appears to cause a behaviour where the desktop suddenly flips back up when playing DirectX associated games
[icon animation]
Filename=HDE.EXE
Confirmed=N
Description=Part of McAfee Nuts & Bolts. Provides entertaining animation of your desktop icons
[icon hearit 95]
Filename=hearit95.exe
Confirmed=N
Description=Audio desktop customization utility from Moon Valley Software. Resource hog
[icon hearit 98]
Filename=hearit98.exe
Confirmed=N
Description=Audio desktop customization utility from Moon Valley Software. Resource hog
[icon lptt01]
Filename=icon.exe
Confirmed=X
Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "Icon" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a ref="http://www.wilderssecurity.net/specialinfo/rapidblaster.html#removal" target="_blank"> here</a>
[icon ml097e]
Filename=icon.exe
Confirmed=X
Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "Icon" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a ref="http://www.wilderssecurity.net/specialinfo/rapidblaster.html#removal" target="_blank"> here</a>
[iconclnt]
Filename=iconclnt.exe
Confirmed=Y
Description=APC PowerChute Tray Icon. Associated with the <a href="#UPS"> UPS</a> listing
[icondesk]
Filename=ICONDESK.EXE
Confirmed=U
Description=Small utility which will allow you the option of hiding or showing your desktop icons
[iconfig.exe]
Filename=Iconfig.exe
Confirmed=N
Description=Icon for LS-120 "Superdisk"
[iconfigloader]
Filename=DIIhost.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.ao.html" target="_blank">GAOBOT.AO</a> WORM!
[iconoid]
Filename=Iconoid.exe
Confirmed=N
Description=<a href="http://www.sillysot.com/index.html" target="_blank">Iconoid</a> is a desktop icon manager
[iconsaver]
Filename=Iconsaver.exe
Confirmed=N
Description=<a href="http://www.iconsaver.com/index.html" target="_blank">IconSaver</a> is a desktop icon manager
[icq]
Filename=ICQNET.vbs
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/vbsgormleza.html" target=_blank>GORMLEZ-A</a> WORM!
[icq center]
Filename=[path to worm]
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.randin.html" target="_blank">RANDIN</a> WORM!
[icq chat service]
Filename=icqjdhs.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target= blank>RBOT</a> WORM!
[icq hacking pro]
Filename=ICQpro.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_NETSPY" target="_blank">NETSPY</a> TROJAN!
[icq lite]
Filename=ICQLite.exe
Confirmed=N
Description=<a target="_blank" href="http://www.icq.com/download/">ICQ Lite</a> - compact version of the popular messaging program
[icq lite messenger]
Filename=[random filename]
Confirmed=X
Description=Added by an unidentified VIRUS, WORM or TROJAN! Unlike the legitimate ICQ Lite executable, which will be located in the ICQLITE folder in Program Files, this particular impostor is located in the Windows or Winnt\System32 directory
[icq messenger 2002]
Filename=ICQ2002.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotabl.html" target=_blank>SDBOT-ABL</a> WORM!
[icq net]
Filename=winlogon.exe
Confirmed=X
Description=Added by variants of the NETSKY WORMS! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/winlogon/" target="_blank">winlogon.exe</a> process which should not appear in Msconfig/Startup!
[icq plus]
Filename=vplus.exe
Confirmed=N
Description=<a href="http://www.icqplus.org" target="_blank">ICQ Plus</a> is a freeware utility makes your ICQ skinnable (change the look). Available via Start -> Programs
[icqnet]
Filename=winlogon.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32netskyc.html" target=_blank>NETSKY-C</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/winlogon/" target=_blank>winlogon.exe</a> process, which should not appear in Msconfig/Startup and is always located in the System32 folder. This file is placed in the Windows or Winnt folder
[icrosof avps32 control]
Filename=av32.pif
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotavc.html" target=_blank>RBOT-AVC</a> WORM!
[icrosoft visual]
Filename=plscx.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotayo.html" target=_blank>RBOT-AYO</a> WORM!
[icrosoft visual interdevc]
Filename=zvslmqb.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotayp.html" target=_blank>RBOT-AYP</a> WORM!
[icrosoft windows dll services configuration]
Filename=poker3.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotaer.html" target=_blank>SDBOT-AER</a> WORM!
[icrosoftf avpx control]
Filename=avpx.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotayn.html" target=_blank>RBOT-AYN</a> WORM!
[icsdclt]
Filename=rundll32.exe Icsdclt.dll, ICSClient
Confirmed=U
Description=Internet Connection Sharing allows more than one computer to simultaneously access the internet with a single connection. Also required when networking two machines
[icserver]
Filename=Icserver.exe
Confirmed=N
Description=Intel Intercast viewer software. Gives access to selected internet pages which are broadcasted by several TV stations
[icsmgr]
Filename=ICSMGR.EXE
Confirmed=Y
Description=Monitors DNS and DHCP requests for ICS (Internet Connection Sharing). Needed if youÆre sharing the internet on various computers
[ic_key_3]
Filename=spvic.exe
Confirmed=N
Description=<a href="http://www.instantchess.com/?SN=Z4dMzyutgpE9Pspv&ABT=3" target="_blank">Instant Chess</a> related
[id commander]
Filename=IDCom.exe
Confirmed=N
Description=Caller ID utility for identifying incoming telephone numbers
[ida]
Filename=IDA.EXE
Confirmed=?
Description=<font color="#FF0000">HP related - in a Program FilesHewlett-PackardPC COE folder</font>
[ide]
Filename=ide.exe
Confirmed=X
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/backdoor.assasin.f.html" target="_blank">ASSASIN.F</a> TROJAN!
[ide loader]
Filename=IDElibr32.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.xilon.trojan.html" target="_blank">XILON</a> TROJAN! Related to the game "Diablo II"
[idecntl]
Filename=idecntl.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojcrypterc.html" target="_blank">CRYPTER.C</a> TROJAN!
[idesktop]
Filename=idesktop.exe
Confirmed=U
Description=<a href="http://www.immersion.com/products/ce/generaldownloads.shtml" target="_blank">Immersion TouchWare Desktop</a> software for devices such as the Logitech iFeel Mouse
Description=Added with WinXP SP1. Usually only found in internal builds only to indicate the current build being used. Can cause slow network logon problems
[ie configure]
Filename=explorer.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlineagec.html" target=_blank>Lineage-C</a> TROJAN! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would only be in startups if you added it manually
[ie doctor]
Filename=IEDoctor.exe
Confirmed=U
Description=IE Doctor Toolbar - "IE Doctor can help you to Repair IE easily, protect IE and OE from all malicious changes. It can Repair the HomePage, context menu, IE toolbar button, startup items, Favorites, typed URLs and the entire Internet Options"
[ie java update]
Filename=iejava.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagenthd.html" target=_blank>AGENT-HD</a> TROJAN!
Description=<a href="http://www.jiisoft.com/iemaximizer/" target=_blank>IE New Window Maximizer</a> - automatically maximize new Internet Explorer and Outlook Express windows
[ie runtime]
Filename=wini.exe
Confirmed=X
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/w32.picrate.b@mm.html" target=_blank>PICRATE.B</a> WORM!
[ie runtimes]
Filename=winis.exe
Confirmed=X
Description=Added by the a href="http://www.sophos.com/virusinfo/analyses/w32rbotadz.html" target=_blank>RBOT-ADZ</a> TROJAN!
[ieagent update check]
Filename=iewatch.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.bomka.html" target=_blank>BOMKA</a> TROJAN!
[iecleanaux]
Filename=Ieboot6.exe
Confirmed=U
Description=<a href="http://www.nsclean.com/ieclean.html" target="_blank">IEClean</a> by Kevin McAleavy - cookie manager, cache cleaner, history cleaner, etc. Performs cleaning tasks at startup
[iedll]
Filename=iedll.exe
Confirmed=X
Description=Homepage hijacker, redirecting to coolwwwsearch.com
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.spex.worm.html" target="_blank"> SPEX</a> or <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.spex.b.worm.html" target="_blank"> SPEX.B</a> WORMS!
[iesar]
Filename=Iesar.exe
Confirmed=X
Description=Browser hijacker - redirecting to an adult web page
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.nemog.c.html" target="_blank">NEMOG.C</a> TROJAN!
[ietsr]
Filename=ietsr.exe
Confirmed=N
Description=<a href="http://www.nsclean.com/ieclean.html" target="_blank">IEClean</a> by Kevin McAleavy - cookie manager, cache cleaner, history cleaner, etc
[iexpl0rer]
Filename=IEXPL0RER.EXE
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotql.html" target= blank>AGOBOT-QL</a> WORM!
[iexpl0res]
Filename=iexpl0res.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.AEX&VSect=T" target=_blank>RBOT.AEX</a> WORM! Note - this malware actually changes the default value data of the Registry "Run" key in order to force Windows to launch it at boot
[iexploit]
Filename=Iexploit.html
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/vbs.inker.b@mm.html" target=_blank>INKER.B</a> WORM!
[iexplore services]
Filename=iexplore.exe
Confirmed=X
Description=Added by an unidentified VIRUS, WORM or TROJAN! Note - this is not the legitimate Internet Explorer <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/iexplore/" target=_blank>iexplore.exe</a> process which is always located in the Program Files\Internet Explorer folder and should not normally figure in Msconfig/Startup!
[iexplorer lptt01]
Filename=iexplorer.exe
Confirmed=X
Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "iexplorer" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a ref="http://www.wilderssecurity.net/specialinfo/rapidblaster.html#removal" target="_blank"> here</a>
[iexplorer ml097e]
Filename=iexplorer.exe
Confirmed=X
Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "iexplorer" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a ref="http://www.wilderssecurity.net/specialinfo/rapidblaster.html#removal" target="_blank"> here</a>
[iexplorer.exe]
Filename=Iexplorer.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancbanen.html" target=_blank>BANCBAN-EN</a> TROJAN!
[iexplorer32 java scripting]
Filename=IExplore32b.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.ABO&VSect=P" target=_blank>RBOT.ABO</a> WORM!
[iexplorer32c java scripting]
Filename=IExplore32cb.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM RBOT.ABN&VSect=P" target= blank>RBOT.ABN</a> WORM!
[iexplorer6 java scripting]
Filename=IExplore326.exe
Confirmed=X
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
[iexplorer7 java scripting]
Filename=IExplore327.exe
Confirmed=X
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
[ifsplash.exe]
Filename=IFSplash.exe
Confirmed=U
Description=I-FORCE driver for force feedback steering wheel
[igfxtray]
Filename=igfxtray.exe
Confirmed=N
Description=Quick access to the control panel via a System Tray icon for graphics based upon the Intel chipsets (ie, i810). These chipsets are often included on motherboards. Available via Start -> Settings -> Control Panel
Description=Drive Letter Searcher, <a href="http://www.redchairsoftware.com/irivium/" target=_blank>iRiver</a> iHP-100 iHP and H Series player related - <font color="#FF0000">does it need to start with Windows every time?</font>
Description=Added by an unidentified TROJAN or adware
[iiwiper]
Filename=Systemwiper.exe
Confirmed=N
Description=<a href="http://nn101.virtualave.net/clean.html" target="_blank">System Wiper</a> from iI Software - allows you to clear the history of your activites from you computer. Run manually on a regular basis
[ij75p2pserver]
Filename=IJ75P2PS.EXE
Confirmed=Y
Description=Printer utility which is required in order to make the printer work correctly
[ike service 95]
Filename=IKEService.exe
Confirmed=Y
Description=Associated with <a href="http://www.pgpi.org/" target="_blank">PGP</a>. The PGP Tray can be
[ikeyworks]
Filename=IKEYMAIN.EXE
Confirmed=U
Description=<a href="http://www.a4tech.com/a4techenglish/index.html" target="_blank">A4Tech</a> wireless keyboard driver and utility
[illegal]
Filename=Mplayer.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_HOLAR.C" target="_blank">HOLAR.C</a> (or <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.galil@mm.html" target="_blank">GALIL</a>) WORM! Note - this should not be comfused with Windows Media Player which has the same filename
[illegal.exe]
Filename=Mplayer.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_HOLAR.C" target="_blank">HOLAR.C</a> (or <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.galil@mm.html" target="_blank">GALIL</a>) WORM! Note - this should not be comfused with Windows Media Player which has the same filename
[ilo_office_manager]
Filename=IntEdReg.exe /OFFMAN
Confirmed=?
Description=<a href="http://www.intense.co.uk/" target="_blank">Intense Educational Ltd</a> - Language Office Software. <font color="#FF0000">Is it required?</font>
[ilyric]
Filename=iLyric.exe
Confirmed=U
Description=<a href="http://www.ilyric.net/winamp.html" target=_blank>iLyric</a> plugin for Winamp media player. Allows you to retrieve the lyrics for your songs with the press of a button
[im start center]
Filename=iM_Tray.exe
Confirmed=N
Description=Installed with the Sound Blaster Audigy range of soundcards. A radio tuner installed if the user chooses during installation. Available via Start -> Programs -> iM Networks -> iM Radio Tuner
Description=Part of McAfee Nuts & Bolts. Image/Restore can recover from drives that have been accidentally formatted or completely erased, if Image was recently run
[image transfer]
Filename=SonyTray.exe
Confirmed=N
Description=Sony Image Transfer software provides direct image transfer from your digital camera to a PC - can be started manually
[imagefox]
Filename=imagefox.exe
Confirmed=U
Description=<a href="http://www.acdsystems.com/English/Products/ImageFox/index.htm?LAN=EnglishX20" target="_blank">ImageFox 2.0</a> is an "add-on" graphics previewer for most Windows Open/Save As dialog boxes
[imagemgt32]
Filename=Imagemgt32.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html" target="_blank">GEMA</a> TROJAN!
[imagepath]
Filename=taskbarmngr.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotxb.html" target=_blank>SDBOT-XB</a> WORM!
[imapi]
Filename=load.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdowndela.html" target=_blank>DOWNDEL-A</a> TROJAN!
[imarkup client]
Filename=iUtil.exe
Confirmed=N
Description=Enables the <a href="http://www.imarkup.com/products/imarkup_client.asp" target=blank>iMarkup Client</a> web page annotation utility to run in the background and be available in systray. Shortcut available via Start -> Programs
[imclass]
Filename=Svhosl.exe
Confirmed=X
Description=Added by an unidentified WORM or TROJAN!
[imekrig]
Filename=imekrig.exe
Confirmed=N
Description=Part of MS <a href="http://www.microsoft.com/windows/ie/downloads/recommended/ime/default.asp" target="_blank">Input Method Editor</a> which is used to ease the input of Asian characters in MS Office (Chinese, Japanese and this one is Korean)
[imekrmig6.1]
Filename=IMEKRMIG.EXE
Confirmed=N
Description=Part of MS <a href="http://www.microsoft.com/windows/ie/downloads/recommended/ime/default.asp" target="_blank">Input Method Editor</a> which is used to ease the input of Asian characters in MS Office (Chinese, Japanese and this one is Korean)
[imesh]
Filename=??
Confirmed=N
Description=<a href="http://www.imesh.com" target="_blank">Imesh</a> is a file sharing system
[imesh auto update]
Filename=??
Confirmed=N
Description=Update check for the <a href="http://www.imesh.com" target=_blank>Imesh</a> file sharing system. Turn the update off under "options"
[imevtmgr.exe]
Filename=IMEvtMgr.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojkeylogar.html" target=_blank>KEYLOG-AR</a> TROJAN!
[imgicon]
Filename=ImgIcon.exe
Confirmed=U
Description=Displays Iomega icons in Explorer/My Computer, ejects Zip disks on shutdown and displays a special delete confirmation box when deleting files on an Iomega drive. Available via Start -> Programs. If you disable it remember to eject disks first before powering the drive down - hence the "U" recommendation. Note - FreeCell may not run with ImgIcon running
[imgit]
Filename=[path to file]
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankerem.html" target=_blank>BANKER-EM</a> TROJAN!
[imgstart]
Filename=ImgStart.exe
Confirmed=N
Description=Used by Iomega drives. Details of its purpose can be found <a href="http://pw2.netcom.com/~deepone/zipjaz/ioware.html#startup" target="_blank">here</a>. Available via Start -> Programs
[immcheck.exe]
Filename=immcheck.exe
Confirmed=?
Description=<font color="#FF0000">Related to I-FORCE driver for force feedback steering wheel?</font>
[imol]
Filename=IMOLApp.exe
Confirmed=U
Description=IncrediMail for Office <a href="http://www.incredimail.com/english/help/sysadmin.html" target=_blank>Outlook Add-On</a>
[imonitor]
Filename=Plguni.exe
Confirmed=N
Description=<a href="http://www.mcafee.com/myapps/qc3/default.asp" target="_blank">McAfee QuickClean 3.0</a> - removes internet clutter and unwanted programs
[imstart]
Filename=IMStart.exe
Confirmed=U
Description=<a href="http://www.intermute.com/products/index.html" target=_blank>InterMute</a> security software related
Description=Ahead <a href="http://www.nero.com/" target=_blank>InCD</a> packet writing software - similar to DirectCD. For Nero 5.0 or 5.5 (InCD3), it does not need to start with Windows. You can run InCD.exe manually before inserting an appropriately formatted CD-RW (CD-MRW) disk. For Nero 6.0, 6.3 or 6.6 (InCD4), it does need to start with Windows. It does not function correctly when you try to run it manually, and you will not have write access to MRW (Mount Rainier) formatted CD-RW (CD-MRW) or DVD-MRW disks. To regain write access and other features, InCD 4 must start with Windows
[incmail]
Filename=IncMail.exe
Confirmed=N
Description=<a href="http://www.incredimail.com/english/index.html" target="_blank">IncrediMail</a> is an advanced, feature-rich email program that offers you an unprecedented interactive experience. Unique multimedia features will enable you to tailor your email experience so that it fits your mood and personality
[incontrol desktop manager]
Filename=DMHKEY.EXE
Confirmed=N
Description=For Diamond Multimedia video cards. Allows System Tray access to desktop utilities such as screen resolution. Available via Start -> Programs
[index service]
Filename=dllhost32.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.CH&VSect=P" target=_blank>AGOBOT.CH</a> WORM!
[index washer]
Filename=WashIdx.exe
Confirmed=U
Description=<a href="http://www.webroot.com/products/windowwasher/" target="_blank">Windows Washer</a> from Webroot Software. Useful utility that deletes safe to remove files, cookies, browsing history, etc. Available via from Start -> Programs. Disable within the program options - otherwise it is re-enabled in MSCONFIG
[indexindicator]
Filename=Indexindicator.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.lazar.html" target=_blank>LAZAR</a> TROJAN!
[indexsearch]
Filename=IndexSearch.exe
Confirmed=N
Description=Associated with PaperPort scanner software from ScanSoft
[ine]
Filename=svchosts.exe
Confirmed=X
Description=Added by the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=41546" target= blank>RBOT.BNL</a> WORM!
[inet database]
Filename=Inetdbs.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.qeds@mm.html" target=_blank>QEDS</a> WORM!
[inetapi]
Filename=Netapi.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_NETDEVIL.14" target="_blank">NETDEVIL.14</a> TROJAN!
[inetcntrl]
Filename=inetcntrl.exe
Confirmed=U
Description=Bsafe Online - internet filter
[inetconf]
Filename=inetconf.exe
Confirmed=?
Description=<font color="#FF0000">??</font>
[inetd]
Filename=INETD32.EXE
Confirmed=U
Description=<a href="http://www.hummingbird.com/products/nc/inetd/index.html" target="_blank">Windows Inet Daemon</a> from Hummingbird Communications. "Hummingbird Inetd has the advanced ability to conserve PC resources by listening for connection requests and launching server daemons". Provides PCs with the full functionality of a UNIX workstation
[inetinfo.exe]
Filename=inetinfo.exe
Confirmed=U
Description=Executable used by MS Internet Information Server (IIS). If it's running, then so is IIS. Useful in knowing whether you require the patch for the Code Red worm. Comes with PWS (Personal Web Server) or NT4 and handles ASP-, PHP code (+ more)
[inetinfomon manager]
Filename=inetinfomon.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_DONBOMB.A&VSect=P" target=_blank>DONBOMB.A</a> TROJAN!
[inetmgr]
Filename=inetmgr.exe
Confirmed=X
Description=Actual Names <a href="http://www.pestpatrol.com/pestinfo/a/actualnames.asp" target="_blank">(AdvSearch)</a> Internet Keywords parasite
[inetmsn]
Filename=msnet.exe
Confirmed=X
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.html" target="_blank">SDBOT</a> TROJAN!
[info select]
Filename=is.exe
Confirmed=U
Description=<a href="http://www.miclog.com/isover.htm" target="_blank">Info Select</a> from Micro Logic - personal information manager
[info32x]
Filename=Info32x.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html" target="_blank">GEMA</a> TROJAN!
[infopenmsn]
Filename=InfoPenIM.exe
Confirmed=U
Description=<a href="http://www.infopen.com.tw/english/es/" target=_blank>InfoPenMSN</a> is a MSN Messenger plugin that allows you to send data written/drawn by hand
[infoplay.exe]
Filename=Infoplay.exe
Confirmed=?
Description=<font color="#FF0000">Written by New Media Properties, LLC and you're asked if you want to download and install it if you visit one of their search engine <a href="http://www.allyoursearch.com/" target="_blank">websites</a> (which I chose not to). What does it do and is it needed?</font>
[information update]
Filename=iu.exe
Confirmed=X
Description=Reported by Kaspersky Anti-Virus as Downloader.Win32.Centim.ch TROJAN! Note - the file associated with this is located in the Program Files\Information Update folder
[infra-red monitor]
Filename=IRMON.EXE
Confirmed=U
Description=System Tray access to infra-red devices. Not required unless you use infra-red devices
[infus]
Filename=infus.exe
Confirmed=X
Description=Adult content dialler
[infuzer]
Filename=Infuzer.exe
Confirmed=U
Description=<a href="http://www.infuzer.com/IDC/features/" target="_blank">Infuzer</a> - "is a service that copies dates from the web or an email straight to your electronic calendar". Beware of the following adware trait - "Infuzer provides web site owners with a unique opportunity to communicate with their visitors in a way that is useful and relevant to them, as well as increasing return visits and brand awareness, and providing new e-commerce opportunities"
[infwin]
Filename=infwin.exe
Confirmed=X
Description=<a href="http://research.sunbelt-software.com/threat_display.cfm?name=VX2.Transponder&threatid=12517&search=vx2" target=_blank>VX2.Transponder</a> parasite updater/installer related
[init32]
Filename=Init32.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.winex.a.trojan.html" target=_blank>WINEX.A</a> TROJAN!
[initial page]
Filename=install.exe
Confirmed=X
Description=EasySearch browser hijack installer
[initialize8x8]
Filename=8x8_init.exe
Confirmed=Y
Description=Tool that initializes a Pinnacle PCTV card - maybe in capture or in showing overlay
[injob]
Filename=injobs.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.binjo.html" target=_blank>BINJO</a> TROJAN!
[ink monitor]
Filename=InkMonitor.exe
Confirmed=N
Description=Associated with Epson (and maybe other) printers. Tells you when the ink's running low and asks if you want to buy another cartridge on-line
[inkwatch]
Filename=InkWatch.exe
Confirmed=N
Description=Associated with Canon (and maybe other) printers. Tells you when the ink's running low and asks if you want to buy another cartridge on-line
[inorpc]
Filename=InoRpc.exe
Confirmed=Y
Description=Associated with <a href="http://www1.my-etrust.com/?CFID=6909348&CFTOKEN=43ce20d-0001f1aa-f6e5-1d77-be1e-2f0eac14303f" target="_blank">eTrust Antivirus/InoculateIT</a>
[inort]
Filename=InoRT9x.exe
Confirmed=Y
Description=Associated with the Realtime Monitor of <a href="http://www1.my-etrust.com/?CFID=6909348&CFTOKEN=43ce20d-0001f1aa-f6e5-1d77-be1e-2f0eac14303f" target="_blank">eTrust Antivirus/InoculateIT</a> version 6 virus scanners from Computer Associates. For NT/2K/XP users you may need a patch if seeing high CPU useage - see <a href="http://support.ca.com/techbases/ilnt/31103.html" target="_blank">here</a>
[inotask]
Filename=InoTask.exe
Confirmed=U
Description=Scheduled scans and signature updates for <a href="http://www1.my-etrust.com/?CFID=6909348&CFTOKEN=43ce20d-0001f1aa-f6e5-1d77-be1e-2f0eac14303f" target="_blank">eTrust Antivirus/InoculateIT</a> version 6 virus scanners from Computer Associates. Leave enabled unless you manually update signatures or perform routine scans. If enabled it can result in high CPU useage when performing updates - see <a href="http://support.ca.com/techbases/ilnt/31103.html" target="_blank">here</a>
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancbanhg.html" target=_blank>BANCBAN-HG</a> TROJAN!
[install pending files]
Filename=sifxinst.exe
Confirmed=?
Description=Uninstall program for <a href="http://www.lanovation.com/" target="_blank">Lanovation's</a> Prism Deploy and Prism Pack adminstrators software deployement tools. For specific information see <font color="#FF0000"><a href="http://www.lanovation.com/support/docs/General/rollbackfiles_prism.htm" target="_blank">here</a>. Is it required?</font>
[installaurealdemos]
Filename=InstallAurealDemos.js
Confirmed=N
Description=Used to initialize the Aureal A3D demos InstallShield wizard
[installbuddy]
Filename=Ibtna.exe
Confirmed=U
Description=<a href="http://www.bluenomad.com/ib/prod_installbuddy_details.html" target="_blank">InstallBuddy</a> - automatically translates and installs your desktop documents, such as Adobe PDF, HTML, Microsoft Word, Excel and PowerPoint files, to your Palm organizer when you HotSync
[installed shell32.dll]
Filename=Office.exe...
Confirmed=X
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.lovgate@mm.html" target="_blank">LOVGATE</a> WORM!
[installer]
Filename=dial.exe
Confirmed=X
Description=Malware - detected by <a href="http://www.kaspersky.com/personalpro" target=_blank>Kaspersky</a> antivirus as the AGENT.MM TROJAN!
[installnaiproduct]
Filename=SETUP.EXE
Confirmed=?
Description=<font color="#FF0000">Could be related to Network Associates Inc who own the McAfee VirusScan product amongst others. This was found in a directory called "VSC". Could it be an installation that failed and "SETUP.EXE" was left to run at startup as an error?</font>
[installs sp2]
Filename=[path] repcale.exe [path] palsp.exe
Confirmed=X
Description=Added by a variant of the <a href="http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_RANDON.AN" target=_blank>RANDON.AN</a> WORM!
[installstub]
Filename=installstub.exe
Confirmed=U
Description=Tool for Outlook and Outlook Express from <a href="www.plaxo.com" target="_blank">Plaxo</a> for organising and keeping contacts organised and updated and providing online access to your contacts and access from PDA or mobile phone
[instance 001]
Filename=[path to worm]
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32alasroua.html" target=_blank>Alasrou-A</a> WORM!
[instant update center]
Filename=reminder.exe
Confirmed=N
Description=From Broderbund's PrintMaster 10. It is an event reminder (for calendar dates, etc). Delete from the startup using Startup Manager program because it keeps re-checking itself when using MSCONFIG. PrintMaster 11 uses filename PMremind.exe - it has to be unchecked in startup in the same manner
[instantaccess]
Filename=INSTAN~1.EXE
Confirmed=N
Description=From TextBridge Pro 9.0 OCR scanner software. Available via Start -> Programs
[instantdrive]
Filename=InstantDrive.exe
Confirmed=U
Description=<a href="http://www.pinnaclesys.com" target="_blank">Pinnacle Systems</a> (ex VOB) InstantDrive - creates a virtual CD-ROM drive on the computerÆs hard drive. Part of InstantCD/DVD burning software
[instantpleasure]
Filename=instantpleasure.exe
Confirmed=X
Description=Adult content dialler
[instantpleasurexxx]
Filename=instantpleasurexxx.exe
Confirmed=X
Description=Adult content dialler
[instanttray]
Filename=PCLETray.exe
Confirmed=N
Description=<a href="http://www.pinnaclesys.com/ProductPage_n.asp?Product_ID=1431&Langue_ID=7" target=_blank>Pinnacle InstantCD/DVD</a> disc creation software. Tray icon enabling a pop-up menu that lets you call up any of Instant CD/DVD's tools with one click. Can be started manually
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotadn.html" target=_blank>SDBOT-ADN</a> WORM!
[intel active monitor]
Filename=imontray.exe
Confirmed=U
Description=System tray monitoring of fans, temperature, voltage, etc for Intel motherboards. Only needed if you "overclock" or live in hot environment. Can also cause problems when running on a laptop if you change PCMCIA cards
[intel file transfer]
Filename=xfr.exe
Confirmed=U
Description=Part of Intel's LANDesk Management Suite 6 and the Common Base Agent (CBA) - used for communicating between the core server and managed clients
[intel pds]
Filename=pds.exe
Confirmed=U
Description=Intel Ping Discovery Service (PDS). Part of Intel's LANDesk Management Suite 6 and the Common Base Agent (CBA) - used for communicating between the core server and managed clients. Will start the dial-up if installed and enabled
[intel proset tray icon]
Filename=promon.exe
Confirmed=N
Description=System Tray icon for Intel PRO series ethernet adapters giving access to the diagnostic features
[intel service drivers]
Filename=msconfig16.exe
Confirmed=X
Description=Added by the <a href="http://www.superadblocker.com/M/MSCONFIG16.EXE-6417.html" target=_blank>MSCONFIG16</a> TROJAN!
[intel system works]
Filename=iis.exe
Confirmed=X
Description=Added by the <a href="http://ae.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_RBOT.QGA" target=_blank>RBOT.QGA</a> WORM!
[intel32.exe]
Filename=intel32.exe
Confirmed=X
Description=Added by a variant of the SmitFraud alias <a href="http://www.sophos.com/virusinfo/analyses/trojfakealec.html" target=_blank>FAKEALE-C</a> TROJAN!
Description=Advertisingvision adware! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/smss/" target=_blank>smss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
[intelliflag_be.exe]
Filename=Intelliflag_be.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/spyware.intelliflag.html" target=_blank>Intelliflag</a> SPYWARE!
[intellipoint]
Filename=point32.exe
Confirmed=U
Description=<a href="http://www.microsoft.com/intellipoint/" target="_blank">Microsoft Intellipoint</a> software for their Intellimouse series of mice - required if you use non-standard Windows driver features
[intellitype]
Filename=type32.exe
Confirmed=U
Description=For MS programmable keyboards. If you disable Intellitype in Startup, any "Hot Keys" that are changed by the user to perform functions other than default settings, defer back to their default settings unless you have changed them
[intelmem]
Filename=IntelMEM.exe
Confirmed=U
Description=Related to connection events on an Intel chipset based modem. It can alert you if the telephone line is being used when you're trying to get online (when you're using dial-up). It can also alert you if your modem line is disconnected. Furthermore, it can alert you if you have made a wrong connection with your modem line
[intelprocnumutility]
Filename=cpunumber.exe
Confirmed=U
Description=Intel Processor Serial Number Control Utility allows you to enable and disable the processor serial number capability of an Intel PIII processor. You can find more information here. System Tray icon providing the user with a visual state indication. You can find more information <a href="http://www.intel.com/support/processors/pentiumiii/psu.htm" target="_blank">here</a>
[intelwireless]
Filename=ifrmewrk.exe
Confirmed=Y
Description=Associated with the Intel PRO/Set Wireless software
[intel?common user interface]
Filename=igfxtray.exe
Confirmed=N
Description=Quick access to the control panel via a System Tray icon for graphics based upon the Intel chipsets (ie, i810). These chipsets are often included on motherboards. Available via Start -> Settings -> Control Panel
[intense registry service]
Filename=IntEdReg.exe /CHECK
Confirmed=?
Description=<a href="http://www.intense.co.uk/" target="_blank">Intense Educational Ltd</a> - Language Office Software. <font color="#FF0000">Is it required?</font>
[interceptedsystem]
Filename=[path to worm]
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32anaconb.html" target=_blank>ANACON-B</a> WORM!
[intercheck monitor]
Filename=Icmon.exe
Confirmed=Y
Description=Part of <a href="http://www.sophos.com/products/software/" target="_blank">Sophos</a> ant-virus sofware
[interdll]
Filename=Interdll.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.delf.family.html" target="_blank">DELF</a> family of TROJANS!
[internalsystray]
Filename=Kazza.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?ID=16106" target="_blank">OPTIX</a> TROJAN! Note - unlike the valid KaZaA executable, this is located in C:\Windows\System (Win9x/Me), C:\Winnt\System32 (WinNT/2K), or C:\Windows\System32 (WinXP)
[internat conf]
Filename=bootconf.exe
Confirmed=X
Description=Homepage hijacker, redirecting to coolwwwsearch.com; see for example <a href="http://boards.cexx.org/viewtopic.php?p=2464#2464" target="_blank"> here</a>
[internct]
Filename=WinSocks5.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.graybird.f.html" target="_blank">GRAYBIRD.F</a> TROJAN!
[internet config]
Filename=svchosts.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.html" target="_blank">SDBOT</a> TROJAN!
[internet content publisher]
Filename=ICP.EXE
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotud.html" target=_blank>RBOT-UD</a> WORM!
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.evianc.html" target="_blank">EVIAN.C</a> WORM!
[internet explore microsoft]
Filename=lEXPLORE.EXE
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaof.html" target=_blank>RBOT-AOF</a> WORM! Note - the filename is spelled with a lowercase "L" in place of an uppercase "i"
[internet explorer security]
Filename=iexplore.pif
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotalq.html" target=_blank>RBOT-ALQ</a> WORM!
[internet history eraser]
Filename=HERASER.exe
Confirmed=U
Description=<a href="http://www.internet-history-eraser.com/index.html" target="_blank">Internet History Eraser</a> - deletes your browsing tracks
[internet loader1]
Filename=MSInstall61.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.kwbot.b.worm.html" target="_blank">KWBOT.B</a> WORM!
[internet send]
Filename=More log.exe
Confirmed=X
Description=Unidentfied adware
[internet servises]
Filename=winz32.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.kwbotz.worm.html" target="_blank">KWBOT.Z</a> WORM!
[internet sharing server]
Filename=iss_srvr.exe
Confirmed=Y
Description=<a target="_blank" href="http://www.intel.com/products/desk_lap/hm_sm_office/index.htm">Intel AnyPoint</a> internet sharing software
[internet suspention]
Filename=story.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.HV&VSect=T" target=_blank>WOOTBOT.HV</a> WORM!
[internet sweeper]
Filename=Sweeper.exe
Confirmed=N
Description=<a href="http://www.bmesite.com/" target="_blank">Internet Sweeper</a> - removes unnecessart left over files after browsing the internet
[internet timer]
Filename=ITIMER.exe
Confirmed=U
Description=Shareware dial-up connection call cost calculator from <a href="http://www.ratsoft.freeserve.co.uk/" target="_blank">Ratsoft</a>
[internet washer pro]
Filename=iw.exe
Confirmed=X
Description=<a href="http://www.internetwasher.com/" target="_blank">Internet Washer</a> manages temporary browser files, cookies, etc - a 'trial' Internet Washer Pro seems to have been widely stealth-installed around March 2003
[internet2 optimizer]
Filename=wkfix.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
[internetwasherpro]
Filename=iw.exe
Confirmed=X
Description=<a href="http://www.internetwasher.com/" target="_blank">Internet Washer</a> manages temporary browser files, cookies, etc - a 'trial' Internet Washer Pro seems to have been widely stealth-installed around March 2003
[internet_servises]
Filename=winz32.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.q.html" target="_blank">SDBOT.Q</a> TROJAN!
[internodeusage]
Filename=mum.exe
Confirmed=U
Description=Australian ISP's free monthly download meter
[internt]
Filename=Internt.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.peeper.html" target="_blank">PEEPER</a> or <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.carufax.a.html" target="_blank">CARUFAX.A</a> TROJANS!
[intersoft msngr]
Filename=intersoftmsngr.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotnw.html" target=_blank>AGOBOT-NW</a> WORM!
[intertrust quick start]
Filename=it_cpq~1.exe
Confirmed=N
Description=<a href="http://www.intertrust.com/index.html" target="_blank">InterTrust</a> offers something known as Digital Rights Management to control legal software download and other E-commerce related business
[interu]
Filename=WINDRV.EXE
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_IRCINTER.A" target="_blank">IRCINTER.A</a> TROJAN!
[interwarn]
Filename=interwarn.exe
Confirmed=U
Description=<a href="http://www.interwarn.com/interwarn.html" target="_blank">InterWARN</a> by Storm Alert Inc. Provides customized, automated access to critical weather and civil emergency information from the US National Weather Service. Required if audio and screen crawler alerts are desired. Also available via Start -> Programs
[intespention]
Filename=IEXPLORE.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotfl.html" target=_blank>FORBOT-FL</a> WORM! Note - this is not the legitimate Internet Explorer <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/iexplore/" target=_blank>iexplore.exe</a> process which is always located in the Program Files\Internet Explorer folder and should not normally figure in Msconfig/Startup! This file is located in the System (9x/Me) or System32 (NT/2K/XP) folder
[intmgr]
Filename=Intmgr.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html" target="_blank">GEMA</a> TROJAN!
[intranet]
Filename=SYS32CFG.EXE
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32spybotdw.html" target=_blank>SPYBOT-DW</a> WORM!
[intrenat]
Filename=Intrenat.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.lemir.e.html" target="_blank">LEMIR.E</a> TROJAN!
[introducing media manager]
Filename=SPLASHA.EXE
Confirmed=N
Description=<a href="http://www.frontpageworld.com/frontpagetools/mediamanager/default.htm" target="_blank">MS Media Manager</a> tour. Not required
[introduction-registration]
Filename=??
Confirmed=N
Description=For Compaq PC's. Should only run first time, PC Introduction & Compaq registration
[intruderalert]
Filename=ia99.exe
Confirmed=X
Description=<a href="http://www.safersite.com/PestInfo/db/i/internetalert.asp" target="_blank">Intruder Alert '99</a> from Bonzi - spyware
Description=<a href="http://www.iomega-europe.com/eu/category.asp?catalog%5Fname=Iomega&category%5Fname=Iomega+Automatic+Backup&Page=1" target="_blank">Iomega Automatic Backup</a> - automatic backups for use with Iomega portable HDD
[iomega automatic backup 1.0.1]
Filename=ibackup.exe
Confirmed=U
Description=<a href="http://www.iomega-europe.com/eu/category.asp?catalog%5Fname=Iomega&category%5Fname=Iomega+Automatic+Backup&Page=1" target="_blank">Iomega Automatic Backup</a> - automatic backups for use with Iomega portable HDD
[iomega backup scheduler]
Filename=dtiom98.exe
Confirmed=N
Description=Used by Iomega drives. Details of its purpose can be found <a href="http://pw2.netcom.com/~deepone/zipjaz/ioware.html#startup" target="_blank">here</a>. Available via Start -> Programs
[iomega disk icons]
Filename=IMGICON.EXE
Confirmed=U
Description=Displays Iomega icons in Explorer/My Computer, ejects Zip disks on shutdown and displays a special delete confirmation box when deleting files on an Iomega drive. Available via Start -> Programs. If you disable it remember to eject disks first before powering the drive down - hence the "U" recommendation. Note - FreeCell may not run with ImgIcon running
[iomega drive icons]
Filename=IMGICON.EXE
Confirmed=U
Description=Displays Iomega icons in Explorer/My Computer, ejects Zip disks on shutdown and displays a special delete confirmation box when deleting files on an Iomega drive. Available via Start -> Programs. If you disable it remember to eject disks first before powering the drive down - hence the "U" recommendation. Note - FreeCell may not run with ImgIcon running
[iomega imiconxp]
Filename=imiconxp.exe
Confirmed=U
Description=Iomega <a href="http://www.iomega.com/software/revsystemsw.html" target=_blank>REV System</a> Software - allows your Iomega REV drive to interact with the operating system via the Iomega REV UDF file system, and provides drag-and-drop file access, access and write protection, and formatting of the disks
[iomega quicksync]
Filename=Quicksync.exe
Confirmed=?
Description=<font color="#FF0000">??</font>
[iomega startup options]
Filename=IMGSTART.EXE
Confirmed=N
Description=Used by Iomega drives. Details of its purpose can be found <a href="http://pw2.netcom.com/~deepone/zipjaz/ioware.html#startup" target="_blank">here</a>. Available via Start -> Programs
[iomega watch]
Filename=IOWATCH.EXE
Confirmed=N
Description=Used by Iomega drives. Available via Start -> Programs
[iomegaware]
Filename=COMMANDER.EXE
Confirmed=N
Description=Used by Iomega drives. Details of its purpose can be found <a href="http://pw2.netcom.com/~deepone/zipjaz/ioware.html#startup" target="_blank">here</a>. Available via Start -> Programs
[iomon98.exe]
Filename=Iomon98.exe
Confirmed=U
Description=PC-Cillin 98 real time virus check. Can cause floppy disk accesses to hang
[ip stack]
Filename=ipstack.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.CW" target="_blank">AGOBOT.CW</a> WORM!
[ipalm]
Filename=mon.exe
Confirmed=N
Description=Installed with a Panasonic <a href="http://www.panasonic.com/consumer_electronics/digital_cameras/ipalm.asp" target="_blank">iPalm</a> digital camera. Used to uploaded photos from the camera. If your camera is not connected (via USB port) you do not need this program loaded
[ipc connection]
Filename=ipcconn.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaeg.html" target=_blank>RBOT-AEG</a> WORM!
[ipcfg.exe]
Filename=ipcfg.exe
Confirmed=X
Description=Adware - recognized by McAfee antivirus as a variant of the <a href="http://vil.mcafeesecurity.com/vil/content/v_130215.htm" target=_blank>AdClicker-BM</a> trojan
[ipctrl]
Filename=ipcon32.exe
Confirmed=X
Description=Added by an unidentified VIRUS, WORM or TROJAN!
[ipfw]
Filename=ipwf.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderyf.html" target=_blank>DLOADER-YF</a> TROJAN!
[ipinsightlan 01]
Filename=ipclient.exe
Confirmed=X
Description=Installed with Verizon DSL accounts. IP Insight is a Quality of Service monitor and diagnostic tool that isn't required - see <a href="http://www.dslreports.com/faq/1247" target="_blank">here</a> for more information. This one constantly "phones home" and wastes resource - hence the "X" status
[ipinsightmonitor 01]
Filename=ipmon32.exe
Confirmed=N
Description=Installed with Verizon DSL accounts. IP Insight is a Quality of Service monitor and diagnostic tool that isn't required - see <a href="http://www.dslreports.com/faq/1247" target="_blank">here</a> for more information
[ipinst]
Filename=N/A
Confirmed=Y
Description=For Gilat Communications internet satellite systems. Gilat rescue (Satellite system restore). Required if you have this system. Can cause a BSOD (blue screen of death) if left out
[ipmon.exe]
Filename=ipmon.exe
Confirmed=X
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/backdoor.recerv.html" target="_blank">RECERV</a> or <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.r3c.b.html" target="_blank">R3C.B</a> TROJANS!
[ipnuker]
Filename=Ipnuker.vbs
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/vbs.inker.b@mm.html" target=_blank>INKER.B</a> WORM!
[ipodmanager]
Filename=iPodManager.exe
Confirmed=U
Description=Apple iPod Management software for the iPod MP3 player. Allows updating, formating, restoring and other functions associated with iPods
[ipodwatcher]
Filename=iPodWatcher.exe
Confirmed=?
Description=Associated with Apple's iPod MP3 player. <font color="#FF0000">Detects when the iPod is connected?</font>
[ipot usb service driver]
Filename=hpsebc087.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotwa.html" target= blank>SDBOT-WA</a> WORM!
[ipot usb service drv32]
Filename=hpsebc08.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotwh.html" target=_blank>SDBOT-WH</a> WORM!
[ipreg]
Filename=ipreg.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojzagabanh.html" target=_blank>ZAGABAN-H</a> TROJAN!
[iprint tray]
Filename=iprntctl.exe
Confirmed=N
Description=Novell?<a href="http://www.novell.com/products/netware/printing/quicklook.html" target=_blank>iPrint</a> - based on Novell Distributed Print Services - enables you to send documents to printers located throughout the Net
[iprotectyou]
Filename=ip.exe
Confirmed=U
Description=<a href="http://www.softforyou.com/ip-index.html" target="_blank">iProtectYou</a> - internet filtering/parental control and network monitoring software
Description=<a href="http://www.microsoft.com/windows2000/server/evaluation/news/bulletins/l2tpclient.asp" target="_blank">Microsoft L2TP/IPSec VPN Client</a> for Win98/Me/NT. Secure technology for making remote access virtual private network (VPN) connections across public networks such as the Internet
[iptable configuration]
Filename=Winipcfgs.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
[iptray]
Filename=iptray.exe
Confirmed=U
Description=Intel Desktop Utility module - provides system info such as estimated cpu temp, fan speed, etc
[ipv6 helper driver]
Filename=csass.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.TC" target=_blank>AGOBOT.TC</a> WORM!
[ipv6 stun service]
Filename=netstun.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.GEN" target=_blank>SDBOT</a> WORM!
[ipw]
Filename=IPW.exe
Confirmed=N
Description=<a href="http://www.actiontec.com/index.php" target=_blank>Internet Phone Wizard</a> from Actiontec - Voice over IP (VoIP) that allows you to "make and receive free Internet calls on your regular phone" whilst "at the same time, make and receive regular (landline) calls on your phone"
[ipwf]
Filename=ipwf.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.schoeberl.html" target=_blank>SCHOEBERL</a> TROJAN!
[iqes.exe]
Filename=iqes.exe
Confirmed=?
Description=<font color="#FF0000">??</font>
[irassync]
Filename=irasyncd.exe
Confirmed=X
Description=Added by <a href="http://research.sunbelt-software.com/threat_display.cfm?name=Adw.NewAds.IRASSync&threatid=42624" target=_blank>IRASSync</a> ADWARE!
[irc session]
Filename=sessionmgr.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotace.html" target=_blank>SDBOT-ACE</a> WORM!
[ireike]
Filename=IreIKE.exe
Confirmed=Y
Description=<a href="http://www.microsoft.com/windows2000/server/evaluation/news/bulletins/l2tpclient.asp" target="_blank">Microsoft L2TP/IPSec VPN Client</a> for Win98/Me/NT. Secure technology for making remote access virtual private network (VPN) connections across public networks such as the Internet
[iris active monitor]
Filename=winmon32.exe
Confirmed=N
Description=Iris Antivirus - discontinued, replace with good alternative
[iris antivirus active monitor]
Filename=WIMMUN32.exe
Confirmed=N
Description=Iris Antivirus - discontinued, replace with good alternative
[iriver autodb]
Filename=MLService.exe
Confirmed=U
Description=Associated with the <a href="http://www.iriver.com/" target=_blank>iRiver</a> Music Manager
[iriver updater]
Filename=Updater.exe
Confirmed=N
Description=Updates for the <a href="http://www.iriver.com/" target="_blank">iRiver Music Manager</a> - used with their digital music players
[irmon]
Filename=IRMON.EXE
Confirmed=U
Description=System Tray access to infra-red devices. Not required unless you use infra-red devices
[irpmonitor]
Filename=itcnmon.exe
Confirmed=?
Description=<font color="#FF0000">??</font>
[irxfer]
Filename=IrXfer.exe
Confirmed=U
Description=Microsoft Infrared Transfer application
[is cfgwiz]
Filename=cfgwiz.exe
Confirmed=N
Description=Norton Internet Security configuration wizard
[isass]
Filename=Isass.exe
Confirmed=X
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/backdoor.futro.html" target=_blank>FUTRO</a> TROJAN!
[isdbdc]
Filename=isdbdc.exe
Confirmed=N
Description=For Compaq PC's. May install properties in dial-up networking when you register with an ISP
[isdeleteme]
Filename=isDel.bat
Confirmed=U
Description=Used by Norton Internet Security to remove certain files and directories on reboot when uninstalling their product
[isdn monitor]
Filename=Linksts.exe
Confirmed=N
Description=Tray icon which gets installed when you install the drivers for Asuscom internal ISDN modem cards (or rebadged Asuscom ISDN cards, such as MRi). This icon enables you to monitor or configure your ISDN card. Once you have configured your ISDN card correctly, you will never need to use this icon
[isdnwatch]
Filename=IWatch.exe
Confirmed=U
Description=<a href="http://www.avm.de/en/press/announcements/2003/2003_05_19_1.php3" target="_blank">FRITZ!X ISDNWatch</a> - "dialing filter for more security and control on the ISDN PC. The PC is doubly protected against dialer programs and premium-service numbers: ISDNWatch allows the user to block calls to and from both individual numbers and whole number blocks"
[ishelp]
Filename=help.exe
Confirmed=U
Description=<a href="http://sarc.com/avcenter/venc/data/spyware.ispy.html" target=_blank>ISpy</a> is a security risk that logs keystrokes and captures screenshots. If you didn't install this yourself uninstall it
[ishield]
Filename=iShield.exe
Confirmed=U
Description=GuardWare <a href="http://www.guardwareinc.com/ishield/isaboutus.html" target=_blank>iShield</a> blocks pornographic images when you surf the Internet on your computer using a web browser
[islp2sta]
Filename=ISLP2STA.EXE
Confirmed=Y
Description=A process from Cisco Systems Inc associated with Windows Update for wireless NIC drivers
[isp.com high speed]
Filename=slipgui.exe
Confirmed=Y
Description=User interface for <a href="http://www.slipstream.com/our_solutions/value-added.html" target=_blank>Slipstream</a> - internet acceleration through compression/decompression techniques, intelligent cacheing on the server side, and real-time conversion of large/high-bandwidth images to less bulky pix. Used by popular ISPs such as IceNet, Wanadoo, Terra, OnSpeed, United Online and AOL Canada. Required if the user's account is locked in to that proxy server
[ispynow]
Filename=ispynow.exe
Confirmed=U
Description=<a href="http://www.ispynow.com/" target="_blank">iSpyNOW</a> - remote monitoring and surveillance software
[israfel]
Filename=Israfel.vbs
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/vbs.gaggle.d.html" target="_blank">GAGGLE.D</a> or <a href="http://securityresponse.symantec.com/avcenter/venc/data/vbs.gaggle.e.html" target="_blank">GAGGLE.E</a> WORMS!
[isreminder]
Filename=ISPopup.exe
Confirmed=N
Description=Related to GuardWare <a href="http://castlecops.com/s11820-iShield.html" target=_blank>iShield</a> - this is the registration reminder for the trial version, so not required in startup
[issenc32svr]
Filename=issEnc32.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
[isstart]
Filename=ISStart.exe
Confirmed=U
Description=LogitechGalleryRepair/LogitechVideoRepair - part of Logitech Image Studio - installed with Logitech QuickCam cameras. Required from version 8.11 onwards if you use the software to take pictures and capture videos, not if you don't. Also not required for versions up to and including 7.30 and after version 8.30 - hence the "U" rather than "Y" recommendation
[issvc]
Filename=ISSVC.exe
Confirmed=Y
Description=Part of Norton Internet Security Suite
Description=InstallShield Update Service Scheduler. Automatically searches for and performs any updates to the software so youÆre always working with the most current version
[isusscheduler]
Filename=issch.exe
Confirmed=N
Description=InstallShield Update Service Scheduler. Automatically searches for and performs any updates to the software so youÆre always working with the most current version
[isystem]
Filename=isystem.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojchorusa.html" target=_blank>CHORUS-A</a> TROJAN! Searchforfree browser hijacker
[itk]
Filename=Itk.exe
Confirmed=U
Description=<a href="http://www.itksoft.com/index.asp" target="_blank">In The Know</a> - surveillance software that creates records of everything people do on a computer, ie, spying or monitoring depending upon how you call it
[itouch]
Filename=iTouch.exe
Confirmed=U
Description=iTouch loads the iTouch configuration program for Logitech keyboards. ItÆs needed if your keyboard has shortcut buttons and if you use them. ItÆs also needed if your keyboard does not have the num lock, caps lock, and scroll lock lights on it and you use the on-screen displays for num lock, caps lock, and scroll lock
[itsdeductiblepopup]
Filename=ItsDeductible.exe
Confirmed=N
Description=<a href="http://www.itsdeductible2.com/" target="_blank">ItsDeductible</a> from Income Dynamics. Calculates your noncash donations quickly and easily. This startup entry checks a registry entry for the next 'PopUp' date and if it is a past or current date displays a program related tip
[itunes helper]
Filename=iTunesHelper.exe
Confirmed=Y
Description=Installed with Apple's iTunes for Windows. Uses ~3-4MB of memory and if disabled in MSCONFIG or deleted from the registry it will re-instate itself after running iTunes a few times - hence the reluctant Y recommendation
[ituneshelper]
Filename=iTunesHelper.exe
Confirmed=Y
Description=Installed with Apple's iTunes for Windows. Uses ~3-4MB of memory and if disabled in MSCONFIG or deleted from the registry it will re-instate itself after running iTunes a few times - hence the reluctant Y recommendation
[iusage]
Filename=netdet.exe
Confirmed=N
Description=<a href="http://members.tripod.com/gauravdhup0/iumos.html" target="_blank">Internet Usage Monitor</a> - utility to calculate the cost and time on the internet via dial-up
[ivpservicemgr]
Filename=ivpsvmgr.exe
Confirmed=N
Description=Toshiba IVP Service Manager application which appears as a red satellite dish icon in the System Tray. This is ToshibaÆs equivalent to the Windows Automatic Update feature as, whenever you are connected to the Internet, it will check for Windows updates and Toshiba updates
[iw controlcenter]
Filename=iwctrl.exe
Confirmed=N
Description=<a href="http://www.pinnaclesys.com/" target="_blank">Pinnacle Systems</a> InstantWrite enables you to use your CD-R, CD-RW and DVD-RAM drive just like a hard disk or floppy disk. You can drag and drop files, create new directories right on your CD-R, CD-RW or DVD-RAM. Maybe required if you use this feature on a regular basis
[iwctrl]
Filename=iwctrl.exe
Confirmed=U
Description=<a href="http://www.pinnaclesys.com/" target="_blank">Pinnacle Systems</a> InstantWrite enables you to use your CD-R, CD-RW and DVD-RAM drive just like a hard disk or floppy disk. You can drag and drop files, create new directories right on your CD-R, CD-RW or DVD-RAM. Maybe required if you use this feature on a regular basis
[ixplore]
Filename=ixplore.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsdbotcy.html" target=_blank>SDBOT-CY</a> TROJAN!
[ixproxy]
Filename=[path to trojan]
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojxorpixa.html" target=_blank>XORPIX-A</a> TROJAN!
[iyelejiv]
Filename=yujixit.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.BJK&VSect=P" target=_blank>SDBOT.BJK</a> WORM!
[ize]
Filename=N/A
Confirmed=?
Description=<font color="#FF0000">??</font>
[j2 tray menu]
Filename=HotTray.exe
Confirmed=N
Description=eFax Messenger Tray Menu system tray icon for eFax Messenger Plus. Available via Start -> Programs. Disabling instructions available <a href="http://www.efax.com/help/index.asp" target="_blank">here</a>
[ja cfg util v2]
Filename=jacfg2.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotal.html" target=_blank>RBOT-AL</a> WORM!
[jammer]
Filename=jammer.exe
Confirmed=U
Description=<a href="http://www.agnitum.com/products/jammer/" target="_blank">Jammer</a> by Agnitum - "Jammer is the last word in Internet security. It combines a user-friendly interface with very sophisticated and powerful security measures that protect your Windows system while you are surfing the web"
[jammer2nd]
Filename=Jammer2nd.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.z@mm.html" target="_blank">NETSKY.Z</a> WORM!
[java applet]
Filename=javaup.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotacf.html" target=_blank>SDBOT-ACF</a> WORM!
[java auto update]
Filename=ujm.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotadh.html" target=_blank>SDBOT-ADH</a> WORM!
[java runtimes]
Filename=iexplore.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.killav.b.html" target=_blank>KILLAV.B</a> WORM! Note - this is not the legitimate Internet Explorer <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/iexplore/" target=_blank>iexplore.exe</a> process which is always located in the Program Files\Internet Explorer folder and should not normally figure in Msconfig/Startup! This file is located in a Winnt\Java\Java folder
[java virtual machine]
Filename=javaw.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
[javascript debugging service]
Filename=JsDbgMan.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.derdero.e@mm.html" target=_blank>DERDEO.E</a> WORM!
[javaupdate0.07]
Filename=[filename]
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.jupdate.html" target=_blank>JUPDATE</a> TROJAN!
[javaupdatesched]
Filename=jusched32.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbckdrckb.html" target=_blank>CKB</a> TROJAN!
[javavm]
Filename=java.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.mydoom.m@mm.html" target="_blank">MYDOOM.M</a> or <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.mydoom.n@mm.html" target="_blank">MYDOOM.N</a> or other variants of the MYDOOM WORMS! Note - not to be confused with the valid Windows "java.exe" which resides in C:\Windows\System (Win9x/Me), C:\Winnt\System32 (WinNT/2K) or C:\Windows\System32 (WinXP) as this resides in C:\Windows or C:\Winnt
[jawa32]
Filename=jawa32.exe
Confirmed=X
Description=Added by the <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/aqadcup/" target="_blank">AGENT.BG</a> WORM!
[jawa322]
Filename=jawa32.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/jawa32/" target=_blank>AGENT.BG</a> trojan
[jb]
Filename=Jiffybar.exe
Confirmed=N
Description="Get Paid As You surf" application
[jet detection]
Filename=ADGJDet.exe
Confirmed=N
Description=Added with SoundBlaster Live! or Audigy soundcards for headphone autodetection
[jetadmin discovery indicator]
Filename=HPJETDSC.EXE
Confirmed=Y
Description=HP JetAdmin software for HP JetDirect Print Servers. HPJETDSC.EXE is the file necessary for the JetAdmin Discovery Indicator (paper airplane in the taskbar). It gets launched automatically through the registry, and remains active to control the Discovery Indicator
[jete]
Filename=yujixit.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.BRT&VSect=P" target=_blank>SDBOT.BRT</a> WORM!
[jijbl]
Filename=ezlwy.bat
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.reddw@mm.html" target="_blank">REDDW</a> WORM!
[jobhisinit]
Filename=JobHisInit.exe
Confirmed=U
Description=Used by Ricoh network printers to enable network printing from the client
[jog serve]
Filename=JogServ2.exe
Confirmed=U
Description="Jog Dial" on a Sony Vaio laptop. The dial can select various functions such as control audio. Needed if you use its features
[jogserv2]
Filename=JogServ2.exe
Confirmed=U
Description="Jog Dial" on a Sony Vaio laptop. The dial can select various functions such as control audio. Needed if you use its features
Description=Checks with Sun's Java updates site to see if newer Java versions are available. Visit <a href="http://java.sun.com" target="_blank"> http://java.sun.com</a> or just run the Java Plug-In Control Panel
[jushed32.exe]
Filename=jushed32.exe
Confirmed=X
Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant - also detected as the <a href="http://www.sophos.com/virusinfo/analyses/trojbiztenl.html" target= blank>BIZTEN-L</a> TROJAN!
[jutsu]
Filename=jutsu.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotls.html" target=_blank>RBOT-LS</a> WORM!
Description=jv16 PowerTools 2005 - <a href="http://www.macecraft.com/pt2005/privacyprotector/" target= blank>Privacy Protector</a> allows you to protect your privacy by clearing the unwanted history items and cookies from you computer every time you startup your computer
[jv16pt network resident]
Filename=jv16pt_network.exe
Confirmed=U
Description=<a href="http://www.vtoy.fi/jv16/shtml/powertools.shtml" target="_blank">jv16 PowerTools</a>' network resident program. Only needed if you are using the program's network features
[jvdnlssn]
Filename=fljzsshc.exe
Confirmed=X
Description=Flingstone.com adware - and its Golden Palace Casino program
[jvm0.12]
Filename=[random filename]
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojteadoora.html" target= blank>TEADOOR-A</a> TROJAN!
[jvm0.14]
Filename=[random filename]
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojteadoorb.html" target=_blank>TEADOOR-B</a> TROJAN!
[jzi16]
Filename=jzi16.exe
Confirmed=?
Description=<font color="#FF0000">??</font>
[k2ps_full.task]
Filename=K2ps_full.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_JUNTADOR.K" target="_blank">JUNTADOR.K</a> TROJAN!
[k6cpu.exe]
Filename=K6CPU.EXE
Confirmed=N
Description=Authenticates CPU as K6 in system properties
[kadoc]
Filename=[random filename].exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.staprew.html" target=_blank>STAPREW</a> TROJAN!
[kak]
Filename=kak.hta
Confirmed=X
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/wscript.kakworm.html" target="_blank">KAKWORM</a> WORM!
[kalibump]
Filename=Kalibump.exe
Confirmed=U
Description=Used with the now unsupported <a href="http://www.kali.net/" target="_blank">Kali</a> software for on-line gaming. This is used to automatically bump up the priority of WinProxy to GREATLY improve game speed when using a SOCKS proxy
[kana reminder]
Filename=Reminder.exe
Confirmed=N
Description=<a href="http://www.istop.com/~phartana/reminder/" target="_blank">Kana Reminder</a> is a program which can be used to set a reminder to be triggered at a specified time
[karen's once-a-day ii]
Filename=PTOAD.exe
Confirmed=U
Description="Have a job that should be run exactly once each day? <a href="http://www.karenware.com/powertools/ptoad.asp" target=_blank>Karen's Once-A-Day II</a> is just what you need!" Scheduler that lets you specify progams, web pages and files that be run or opened automatically, the first time
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html" target=_blank>SPYBOT</a> WORM!
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
[kasperskyav]
Filename=kaspersky.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.mimail.t@mm.html" target="_blank">MIMAIL.T</a> WORM! Note - this has nothing to do with the real Kaspersky AntiVirus
[kasperskyaveng]
Filename=Kasperskyaveng.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.v@mm.html" target="_blank">NETSKY.V</a> WORM!
[kavfox]
Filename=win1ogoin.exe
Confirmed=X
Description=Added by <a href="http://www.sophos.com/virusinfo/analyses/trojgwghostm.html" target=_blank>GWGHOST-M</a> TROJAN!
[kavpersonal]
Filename=svchost.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlineagev.html" target=_blank>LINEAGE-V</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
[kavpersonal50]
Filename=Kav.exe
Confirmed=Y
Description=<a href="http://www.kaspersky.com/personal" target="_blank">Kaspersky</a> Anti-Virus Personal 5.0
[kavpersonal90]
Filename=wscntfy.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankerfz.html" target=_blank>BANKER-FZ</a> TROJAN!
[kavpfw]
Filename=KavPFW.exe
Confirmed=Y
Description=<a href="http://www.kingsoft.com/en/" target=_blank>KingSoft</a> Personal Firewall
[kavruns]
Filename=Windll.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.trynoma.html" target="_blank">TRYNOMA</a> TROJAN!
[kavstart]
Filename=KAVStart.exe
Confirmed=Y
Description=<a href="http://www.kingsoft.com/en/" target=_blank>KingSoft</a> Personal Firewall
[kavutil]
Filename=[worm filename]
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.wintoo.b.worm.html" target="_blank">WINTOO.B</a> WORM!
[kazaa]
Filename=kazaa.exe
Confirmed=N
Description=KAZAA is a file-sharing program which unfortunately being ad-based includes "Cy-door" adware. Check <a href="http://www.cexx.org/cydoor.htm" target="_blank">here</a> for information about "Cy-door" and <a href="http://www.lavasoft.de/software/adaware/" target="_blank">here</a> for a program that can remove it
[kazaa download accelerator updater (required)]
Filename=regsvr32 [path] kdp****.dll [* = random char]
Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "kazaa" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a ref="http://www.wilderssecurity.net/specialinfo/rapidblaster.html#removal" target="_blank"> here</a>. Note - this is not the valid KaZaA file sharing program which has the same executable name
[kazaa ml097e]
Filename=kazaa.exe
Confirmed=X
Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "kazaa" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a ref="http://www.wilderssecurity.net/specialinfo/rapidblaster.html#removal" target="_blank"> here</a>. Note - this is not the valid KaZaA file sharing program which has the same executable name
[kazaacuf]
Filename=9
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.kitro.d.worm.html" target="_blank"> KITRO.D</a> (or <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_ARGEN.A&VSect=T" target="_blank">ARGEN.A</a>) WORM!
[kazaalite]
Filename=kazaalite.exe
Confirmed=N
Description=<a href="http://www.webattack.com/get/kazaalite.shtml" target="_blank">Kazaalite</a> is a file sharing client - not to be confused with the original Kazaa program. Unlike the original, this one does not contain any advertising or tracking mechanisms
[kazoom]
Filename=KaZooM.Exe
Confirmed=N
Description=KaZoom from <a href="http://www.bluehavenmedia.com/" target="_blank"> Blue Haven Media</a> - "add-on application that automatically speeds up the download process and finds the files you want with far more power than regular KaZaA searches"
[kb891711]
Filename=KB891711.exe
Confirmed=Y
Description=Installed by the Windows KB891711 critical update, see <a href="http://www.microsoft.com/technet/security/Bulletin/MS05-002.mspx" target=_blank>this</a> security bulletin - this file reportedly needs to continue running in order to patch the vulnerability, at least until a more practical solution is found. There have however been reports of fatal exception errors in systems running Windows 98, and in such a case Microsoft advises to either uninstall the patch (Add/Remove Programs) or prevent it from running at startup
[kbd]
Filename=KBD.EXE
Confirmed=U
Description=Multimedia keyboard manager. Required if you use the multimedia keys
[kbd mediacenter]
Filename=MEDIACTR.EXE
Confirmed=U
Description=Multimedia keyboard manager. Required if you use the multimedia keys
[kbddrv32]
Filename=kbddrv32.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A" target="_blank">CRYPTER.A</a> TROJAN!
[kbddrvinf]
Filename=kbddrvinf.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A" target="_blank">CRYPTER.A</a> TROJAN!
[kceasy]
Filename=KCeasy.exe
Confirmed=N
Description=<a href="http://kceasy.com/about/" target=_blank>KCeasy</a> - a Windows peer-to-peer filesharing application which uses <a href="http://www.encyclopedia-online.info/GiFT_P2P" target=_blank>giFT</a> as its 'back end' foundation. The networks currently supported are OpenFT and Gnutella
[kclient]
Filename=kstatus.exe
Confirmed=U
Description=KClient Kerberos client software for Win32 systems. It provides the libraries and utilities needed to use Kerberos-based PC applications developed by Computing Services such as KWeb and NiftyTelnet
[kdx]
Filename=KHost.exe
Confirmed=N
Description=KonTiki <a href="http://help.kontiki.com/enduser/group.jsp;jsessionid=445B8C402E10C9AFBC8E053A3BBC395C?node=1829" target="_blank">Secure Delivery Plug In</a> related. "The Kontiki Delivery Management System (DMS) is a secure delivery network for distribution of video, software, audio, documents, and other digital media. The Kontiki DMS enables enterprises to efficiently publish, secure, deliver and track digital media to employees, partners, and customers"
[ke9801]
Filename=DriBat32.exe
Confirmed=U
Description=<a href="http://www.reset.bg/ke9801.htm" target="_blank">KE-9801</a> multimedia keyboard - required if you use the multimedia keys
[keenvalue]
Filename=Keenvalue.exe
Confirmed=X
Description=<a href="http://www.infobeat.com/infobar/terms.html" target="_blank">Keenvalue</a> spyware - see <a href="http://www.dslreports.com/forum/remark,6752007~root=security,1~mode=flat" target="_blank">here</a>
[kemailkb]
Filename=KEMailKb.EXE
Confirmed=U
Description=Controls the buttons at the top of the <a href="http://www.mic-innovations.com/micro_inv/large_image_pages/kb650i.htm" target="_blank"> Micro Innovations 650i Internet Access Keyboard</a>. If you disable it you cannot use the buttons - like volume control or shut down
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/pwsteal.tarno.j.html" target="_blank">TARNO.J</a> TROJAN!
[kernal fault check]
Filename=ntosrkl.exe
Confirmed=X
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
[kernctl32]
Filename=rundll32 kctl32.dll, initialize
Confirmed=X
Description=Added by the AGENT.AT TROJAN!
[kernel 32]
Filename=SKERNEL32.com
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32semapia.html" target= blank>SEMAPI-A</a> WORM
[kernel faults]
Filename=ftphost.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BHU&VSect=P" target=_blank>RBOT.BHU</a> WORM!
[kernel loader]
Filename=ntkrnl.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.cervivec.a@mm.html" target="_blank">CERVIVEC.A</a> WORM!
[kernel manager]
Filename=krnlmgr.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_JUNY.A&VSect=P" target=_blank>JUNY.A</a> TROJAN!
[kernel system daemon]
Filename=ACTIVAT0R.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.aw.html" target="_blank">RANDEX.AW</a> WORM!
[kernel12.exe]
Filename=kernel12.exe
Confirmed=X
Description=Added by an unidentified WORM or TROJAN!
[kernel32dll]
Filename=guardpc.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotcu.html" target=_blank>FORBOT-CU</a> WORM!
[kernelcheck]
Filename=sys****.exe [* = digit]
Confirmed=X
Description=Added by an unidentified TROJAN!
[kernelfaultchk]
Filename=sms.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.deadhat.html" target="_blank">DEADHAT</a> WORM! Do not confuse with the valid "kernelfaultcheck" which runs "dumprep 0 -k" or "dumprep 0 -u"
[kernell]
Filename=systems.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.tarno.c.html" target="_blank">TARNO.C</a> TROJAN!
[kernell32]
Filename=Kernell.dll
Confirmed=X
Description=Added by the <a href="http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=TROJ_DESTINY.A" target="_blank">DESTINY.A</a> TROJAN!
[kernelw]
Filename=Kernelw32.exe
Confirmed=X
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/w32.hllw.indor.e@mm.html" target="_blank">INDOR.E</a> WORM!
[kernel_check]
Filename=wmiprvse.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sonebotb.html" target=_blank>SONEBOT-B</a> WORM!
[key logger]
Filename=csrss.exe
Confirmed=X
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/w32.buchon.a@mm.html" target=_blank>BUCHON.A</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target=_blank>csrss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the root folder - normally C:
[key text]
Filename=KeyText.exe
Confirmed=N
Description=<a href="http://www.mjmsoft.com/keytext.htm" target="_blank">Key Text 2000</a> from MJMSoft Design - utility to automate repetitive keyboard tasks. Available via Start -> Programs
[key1]
Filename=Rlid.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.lixy.html" target="_blank">LIXY</a> TROJAN!
[keyaccess]
Filename=keyacc32.exe
Confirmed=Y
Description=KeyServer KeyAccess client software - "when the KeyServer program is launched, the KeyServer process becomes active so license requests from client computers can be serviced. Without KeyAccess, a keyed program cannot run, so license control is very secure"
[keybdcntl]
Filename=keybdcntl.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojcrypterc.html" target="_blank">CRYPTER.C</a> TROJAN!
[keyboard manager]
Filename=MMKeybd.exe
Confirmed=U
Description=Multimedia keyboard manager. Required if you use the additional keys
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbdoorgp.html" target= blank>GP</a> TROJAN!
[keymaestro]
Filename=kmaestro.exe
Confirmed=U
Description=Multimedia keyboard manager. Required if you use the multimedia keys
[keymap]
Filename=keymap.exe
Confirmed=U
Description=System Tray utility and background task used by games produced by Kesmai (published by Interactive Magic) and which enables you to program keys to do specific actions during the game
Description=<a href="http://www.pestpatrol.com/KeyPatrol/" target="_blank">KeyPatrol</a> - detects Key Loggers ("keyboard loggers" or "keyloggers") using both behavioral and pattern-matching algorithms
[keyserv]
Filename=keyserv.exe
Confirmed=X
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/spyware.keythief.html" target=_blank>KeyThief</a> SPYWARE!
[keystroke]
Filename=keystroke.exe
Confirmed=U
Description=<a href="http://sarc.com/avcenter/venc/data/spyware.quicklaunch.html" target=_blank>QuickLaunch</a> is a surveillance software program that logs keystrokes and captures screenshots. If you didn't install this yourself remove it
[keywallet]
Filename=KWallet.exe
Confirmed=U
Description="<a href="http://www.keywallet.com/index.php" target="_blank">KeyWallet</a> is a useful and convenient desktop utility that spares you the trouble of filling in your logins, passwords and other personal data manually"
[kfienq]
Filename=masbl.bat
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.kifer.html" target="_blank">KIFER</a> TROJAN!
[khooker]
Filename=khooker.exe
Confirmed=N
Description=SiS Keyboard Daemon. System Tray utility which gets installed by the drivers of the latter day SiS VGA cards. Can cause errors at startup and isn't required
[kickmon.exe]
Filename=KICKMON.EXE
Confirmed=U
Description=KeepItClean - utility that deletes safe to remove files, cookies, browsing history, etc. This is the scheduler - if you don't schedule clean-ups it isn't required
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojmdropbb.html" target=_blank>MDROP-BB</a> TROJAN!
[kinberlink]
Filename=Kinberlink.exe
Confirmed=N
Description=<a href="http://www.kinberlin.com/kinberlink/index.asp" target="_blank">Kinberlink</a> network messaging. Available via Start -> Programs
[kk loader]
Filename=loadkk.exe
Confirmed=U
Description=<a href="http://www.keykey.com/index1.html" target="_blank">KeyKey XP Professional</a> from KeyKey.com. "Monitor Instant Messages, Chats, Emails, Web Site URLs, Passwords, Computer Programs, Start Up and Shut Down time and much more completely undetected to the user."
[kkm service]
Filename=kkm.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32nanpyi.html" target=_blank>NANPY-I</a> WORM!
[kl antifunlove]
Filename=flcss.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.funlove.4099.html" target=_blank>FUNLOVE.4099</a> WORM!
[klog]
Filename=Keyspy.exe
Confirmed=U
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/hacktool.keyloggpro.b.html" target=_blank>KeyLoggPro.B</a> keystroke logger/monitoring program - remove unless you installed it yourself
[km9801u]
Filename=MMHotKey.exe
Confirmed=U
Description=Multimedia key handling for the relevant type of Turbo-Media keyboard. Shortcut available. Note that with this running it can crash DirectX8/9 under WinXP when a game switches to full-screen
[kmw_run.exe]
Filename=kmw_run.exe
Confirmed=U
Description=Kensington MouseWorks - mouse/trackball software. Not required unles you use any special features
[kmw_show.exe]
Filename=kmw_show.exe
Confirmed=U
Description=Kensington MouseWorks - mouse/trackball software. Not required unles you use any special features
[kodak batch transfer]
Filename=pezdow1.exe
Confirmed=N
Description=Part of "Kodak Picture Easy" software for digital cameras. Includes the display of an icon in the System Tray to quickly transfer photos to a PC
[kodak easyshare software]
Filename=EasyShare.exe
Confirmed=U
Description=Software bundled with Kodak digital cameras to manage the connection between the PC and the Camera. Can be started manually
[kodak picture transfer software]
Filename=pts.exe
Confirmed=N
Description=Looks for Kodak camera connection and media insertion. Available via Start -> Programs
[kodak software updater]
Filename=backweb*****.exe
Confirmed=N
Description=Software updater for <a href="http://www.kodak.com/global/en/digital/easyShare/indexFlash.jhtml" target="_blank">Kodak Easyshare</a> digital cameras
[kodakccs]
Filename=KodakCCS.exe
Confirmed=Y
Description=Kodak DC File System Driver
[komunikator]
Filename=tlen.exe
Confirmed=U
Description=<a href="http://tlen.pl/" target=_blank>Tlen</a> - a Polish language instant messaging client
[konni symbol autostart]
Filename=KonniSymbol.exe
Confirmed=N
Description=Gives configuration access to <a href="http://www.besoftware.com/index.html" target="_blank">RagTime Solo</a> professional business publishing software. RagTime Solo is the private user version of RagTime 5
[kontiki]
Filename=kontiki.exe
Confirmed=N
Description=<a href="http://help.kontiki.com/enduser/group.jsp;jsessionid=2C47C896EA1784C5321FD3E6845E8157?node=2846" target="_blank">Kontiki Delivery Manager</a> - Windows-based client software that enables secure delivery of content to users' desktops
[kpdrv4xp]
Filename=KPDrv4XP.exe
Confirmed=Y
Description=MediaKey USB Keypad Driver
[krec32]
Filename=krec32.exe
Confirmed=U
Description=StarrCommander Pro Keystroke logging software
[krnlcheck]
Filename=csrss.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.botnachala.html" target=_blank>BOTNACHALA</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target=_blank>csrss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Windows or Winnt folder
[krnlmod]
Filename=Krnlmod.exe
Confirmed=U
Description=Keylogger - see <a href="http://www.pestpatrol.com/PestInfo/W/Windows_Keylogger.asp" target="_blank">here</a>. Given a "U" recommendation because it depends if you intentionally installed it. If you didn't, treat it as "X" and uninstall or remove
[ksrv32]
Filename=Ksrv32.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotpi.html" target=_blank>AGOBOT-PI</a> WORM!
[ktax auto loader]
Filename=ktax.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotmz.html" target=_blank>SDBOT-MZ</a> WORM!
[ktchnsnk]
Filename=ktchnsnk.exe
Confirmed=U
Description=HP program found with the Office Jet 500/600/700 series which initializes the Office Jet manager each time the computer is booted up or rebooted
[kv2005]
Filename=word.EXE
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojvbiw.html" target=_blank>IW</a> TROJAN!
[kv3000]
Filename=lover.vbe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/vbs.zsyang.b@mm.html" target="_blank">ZSYANG.B</a> WORM!
Description=Provides Mixer and Control functionality to KxProject Audio driver for EMU10k based soundcards
[kx509]
Filename=kx509_kfwk5.exe
Confirmed=U
Description=<a href="http://www.mcmcse.com/win2k/guides/kerberos.shtml" target=_blank>Kerberos</a> Secure Authentication for Windows
[kyk control settings]
Filename=KYSVCXD.EXE
Confirmed=X
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
[kym control settings]
Filename=phqghum.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BQD&VSect=P" target=_blank>RBOT.BQD</a> WORM!
[l4r1$$a]
Filename=L4r1$$a.pif
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32assiralc.html" target= blank>ASSIRAL-C</a> WORM!
[lan driver]
Filename=landriver32.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BT&VSect=P" target=_blank>RBOT.BT</a> WORM!
Description=Monitors any traffic that is using a LAN adapter (Ethernet or Token ring network card)
[laokey.exe]
Filename=LaoKey.exe
Confirmed=U
Description=Lao Script for Windows <a href="http://www.tavultesoft.com/lswin/" target= blank>(LSWin)</a> is an extension to the Windows operating system to allow Lao language to be used with many different Windows-based applications
[laplink scheduler]
Filename=Llsched.exe
Confirmed=U
Description=Utility that automatically performs file transfers as unattended background operations
[larissa anti virus]
Filename=LARISSA_ANTI_VIRUS.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.klassir.html" target=_blank>KLASSIR</a> TROJAN!
[lasb]
Filename=ewat.exe
Confirmed=?
Description=<font color="#FF0000">??</font>
[laserma]
Filename=Ermasys32.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32lermaa.html" target=_blank>LERMA-A</a> WORM!
[lasiaf32]
Filename=RePEAtLD.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.repeatld.html" target="_blank">REPEATLD</a> WORM!
[lastinst]
Filename=N/A
Confirmed=Y
Description=For Gilat Communications internet satellite systems. Gilat rescue (Satellite system restore). Required if you have this system. Can cause a BSOD (blue screen of death) if left out
[later]
Filename=later.exe
Confirmed=?
Description=<font color="#FF0000">??</font>
[launapp]
Filename=LaunApp.exe
Confirmed=U
Description=Part of Acer Launch Manager - programmable keys on such laptops as the TravelMate 610
[launcg]
Filename=launcg.exe
Confirmed=?
Description=<font color="#FF0000">??</font>
[launch ai booster]
Filename=OverClk.exe
Confirmed=U
Description=ASUS <a href="http://www.asuscom.de/pub/ASUS/mb/sock478/p4p800/AIBooster_u.pdf" target=_blank>Ai Booster</a> is an application that allows you to overclock the CPU either manually or automatically without the hassle of entering the BIOS Setup
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaui.html" target=_blank>RBOT-AUI</a> WORM!
[launch yahoopops! at windows startup]
Filename=YAHOOPOPS.EXE
Confirmed=N
Description=<a href="http://yahoopops.sourceforge.net/" target="_blank">YahooPOPs</a> - enables free POP3/SMTP access to Yahoo! Mail through a service on localhost that emulates the web interface. Available via Start -> Programs
[launchap]
Filename=LaunchAp.exe
Confirmed=U
Description=Programmable keys on Acer, Fujitsu and other laptops
[launchapp]
Filename=Alaunch.exe
Confirmed=U
Description=<a href="http://global.acer.com/" target="_blank">Acer</a> Launch tool utility on laptops
[launchboard]
Filename=lnchbrd.exe
Confirmed=U
Description="LaunchBoard software from Darwin turns your keyboard into a remote control for the Internet and your computer! With LaunchBoard 2.0, you can customize up to 38 keys on your PC keyboard to instantly launch Web Sites, start applications, perform custom macros, handle Windows shortcuts, store passwords, and perform loads of other customizable functions"
[lavasoft ad-aware]
Filename=Ad-Aware.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotso.html" target=_blank>RBOT-SO</a> WORM! Note - this is not the popular <a href="http://www.lavasoft.de/software/adaware/" target="_blank">Ad-aware</a> spware/adware removal tool
[lavasoft adwatch]
Filename=Ad-watch.exe
Confirmed=U
Description=Part of Lavasoft <a href="http://www.lavasoft.de/software/adaware/" target="_blank">Ad-aware Plus</a> - realtime spyware-monitor watching your memory and registry for spyware that tries to install or change your system
[laxmsp32.exe]
Filename=laxmsp32.exe
Confirmed=Y
Description=Lexmark Scan and Copy Control Program for the X63 (and maybe others) printer/scanner. Required for the scanner to work
[laz]
Filename=Kernn.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancosln.html" target= blank>BANCOS-LN</a> WORM!
[lcdc]
Filename=LCDC.exe
Confirmed=U
Description=<a href="http://www.lcdc.cc/about.htm" target="_blank">LCDC</a> is an application that displays various information on your LCD or VFD screen. The number of things that LCDC can do is expandable by Plugins
[lcdplayer]
Filename=LCDPlyer.exe
Confirmed=Y
Description=Related to <a href="http://www.superadblocker.com/" target=_blank>SuperAdBlocker</a>
[lcfep]
Filename=lcfep.exe
Confirmed=N
Description=Tivoli æTME?System Tray icon - "'lcfep' is the program that displays statistics about the Endpoint. Apparently stopping/removing this process has no impact on the Endpoint itself which will continue to function normally"
[lcidconfig]
Filename=lcidchng.exe
Confirmed=?
Description=<font color="#FF0000">??</font>
[lclock]
Filename=lclock.exe
Confirmed=U
Description=<a href="http://www.softpedia.com/get/Desktop-Enhancements/Clocks-Time-Management/LClock.shtml" target=_blank>LClock</a> is a program that makes the Windows' clock look like a Windows Longhorn Clock
[lcvga]
Filename=lcvga.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojhostola.html" target=_blank>HOSTOL-A</a> TROJAN!
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojchorusa.html" target=_blank>CHORUS-A</a> TROJAN! Searchforfree browser hijacker
[led tray]
Filename=LEDTRAY.EXE
Confirmed=U
Description=Installs a USB compact flash card reader or drive on start-up. The device is distributed by Microtech and is made by a company called SnapShot. Required if you want the reader to work
Description=Lexmark printer button manager. Required for correct operation
[lexmark 3100 series]
Filename=lxbrbmgr.exe
Confirmed=Y
Description=Lexmark printer button manager. Required for correct operation
[lexmark x6100 series]
Filename=lxbfbmgr.exe
Confirmed=Y
Description=Lexmark X6100 printer button manager - required for correct operation
[lexmark xxx button manager]
Filename=AcBtnMgr_Xxx.exe
Confirmed=Y
Description=Associated with the Lexmark Xxx (where "xx" is the model) all-in-one printer/scanner/copier. Required for correct operation
[lexmark xxx button monitor]
Filename=ACMonitor_Xxx.exe
Confirmed=Y
Description=Associated with the Lexmark Xxx (where "xx" is the model) all-in-one printer/scanner/copier. Required for correct operation
[lexmarkprintray]
Filename=printray.exe
Confirmed=N
Description=Lexmark Printer icon in the System Tray for quick access. Not required - uncheck via Printer configuration rather than MSCONFIG. Can also be listed as PrinTray
[lexplore]
Filename=lexplore.exe
Confirmed=X
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/w32.bropia.html" target=_blank>BROPIA</a> WORM! Note - the executable is spelt with a lower case "L" rather than an lower or upper case "i" which is the case with Internet Explorer
[lexpps]
Filename=lexpps.exe
Confirmed=N
Description=For Lexmark printers. From Lexmark: "This enables bi-directional printing over a peer to peer network. If the printer is connected directly to your PC, the file is not used, (or should not be used) at all". It is known that firewalls can however alert you to "lexpps.exe" requesting server privileges
[lexstart]
Filename=lexstart.exe
Confirmed=U
Description=Lexmark printer software may add Lexstart.exe in the startup folder to handle print commands that you send to the printer. Sometimes required for the printer to work correctly - not in the case of a Lexmark Z42 for instance
[lfh]
Filename=Lfh.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojzaurgaa.html" target= blank>ZAURGA-A</a> TROJAN!
[lfsndmng]
Filename=lfsndmng.exe
Confirmed=U
Description=<a href="http://www.lightningfax.com/products/lightningfax/features.htm" target="_blank">LightningFAX Enterprise Fax Server</a> - "puts faxing at the fingertips of networked enterprise users. It enables rapid, secure sending and Direct-To-Desktop Delivery of mission-critical documents"
Description=Part of the <a href="http://www.elicense.com/" target=_blank>eLicense</a> Copy Protection scheme employed by some software and games. When this service is not running, the eLicense wrapper is unable to extract and execute the program
[licctrl]
Filename=rundll32.exe [path] MMFS.DLL, Service
Confirmed=U
Description=Part of the eLicense Copy Protection scheme employed by some software and games. When this service is not running, the eLicense wrapper is unable to extract and execute the program
[life firewall update1]
Filename=FireWall-Update1.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotars.html" target=_blank>RBOT-ARS</a> WORM!
[lifedrive manager]
Filename=LifeDriveMgr.exe
Confirmed=N
Description=Keeps the Palm <a href="http://www.palm.com/us/products/mobilemanagers/lifedrive/" target=blank>LifeDrive Manager</a> utility in the systray. Shortcut available via Start -> Programs
[lifescape media detector]
Filename=PicasaMediaDetector.exe
Confirmed=N
Description=Media detector for <a href="http://www.picasa.net/" target="_blank">Picasa</a>'s automatic photo organizer
[lify]
Filename=yujixit.exe
Confirmed=X
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
[lightning download]
Filename=Lightning.exe
Confirmed=U
Description=<a href="http://www.lightningdownload.com/index.shtml" target=_blank>Lightning Download</a> download manager. Can be launched manually, but will need to start up if you want it to "catch clicks" off Internet Explorer
[limewire]
Filename=LimeWire.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotagh.html" target=_blank>RBOT-AGH</a> WORM!
[limewire x.x]
Filename=LimeWire.exe
Confirmed=N
Description=<a href="http://www.limewire.com/" target="_blank">LimeWire</a> - Peer to Peer (P2P) file-sharing client. x.x represents the version number. Note - as with all P2P sharing programs they are susceptible to various forms of malware
[limpet]
Filename=explorer16.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotajd.html" target=_blank>RBOT-AJD</a> WORM!
[line speed meter v3.0]
Filename=LineSpeedMeter.exe
Confirmed=N
Description=<a href="http://www.tcpiq.com/tcpiq/linespeed/Default.asp" target="_blank">LineSpeedMeter</a> - detect the download and upload speed of your internet connection
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlowzonebi.html" target=_blank>LOWZONE-BI</a> TROJAN!
[linux]
Filename=Linux.vbs
Confirmed=X
Description=Added by the <a href="http://vil.nai.com/vil/content/v_98684.htm" target="_blank">LOVELETTER.AS</a> VIRUS!
[liquidview]
Filename=lviewj.exe
Confirmed=U
Description=Liquid View lets you increase the legibility of the Microsoft Windows interface regardless of your display's native resolution. The software lets you increase the size of items that are hard to read on your monitor
[lisa]
Filename=Lisa.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/dialscomd.html" target= blank>SCOM-D</a> premium rate adult content dialler
[list checker 32 bit]
Filename=list32.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaho.html" target=_blank>RBOT-AHO</a> WORM!
[litebot]
Filename=[path to trojan]
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlitebota.html" target=_blank>LITEBOT-A</a> TROJAN!
[live menu]
Filename=Dllcmd32.exe
Confirmed=N
Description=eFax Send button for eFax Messenger Plus. Available via Start -> Programs Disabling instructions available <a href="http://www.efax.com/help/index.asp" target="_blank">here</a>
[livemonitor]
Filename=LMonitor.exe
Confirmed=N
Description=MSI Live Update - auto-detects and suggests the latest BIOS/Driver/Utilities information
[livenote]
Filename=Livenote.exe
Confirmed=N
Description=Asus graphics card driver live update feature
[livesexcams]
Filename=LiveSexCams.exe
Confirmed=X
Description=Premium rate adult content dialler
[livre]
Filename=Dibane.bat
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w97m.banedi.html" target=_blank>BANEDI</a> VIRUS!
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojproxygg.html" target=_blank>PROXY-GG</a> TROJAN! Note - this malware actually changes the default value data of the registry "Run" key in order to force Windows to launch it at boot. Name field may be empty
[lm status]
Filename=LMSTATUS.EXE
Confirmed=N
Description=Xerox WorkCenter XE - language monitor status application
[lma manager]
Filename=lmamanager.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32tilebotad.html" target=_blank>TILEBOT-AD</a> WORM!
[lmapl]
Filename=lMAPl.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotre.html" target= blank>AGOBOT-RE</a> WORM!
[lmgrosd]
Filename=OSDCtrl.exe
Confirmed=U
Description=OSD (on-screen-display) utility - part of Acer Launch Manager. Gives you control to customize the monitor to your liking...from sound, brightness, contrast, horizontal and vertical positions, phase, pixel clock, color and language
[lmonitor]
Filename=LMonitor.exe
Confirmed=N
Description=MSI Live Update - auto-detects and suggests the latest BIOS/Driver/Utilities information
[lmpdpsrv]
Filename=lmpdpsrv.exe
Confirmed=?
Description=<font color="#FF0000">Related to a Lexmark printer/scanner. Printer sharing server? Is it required?</font>
[lmrt]
Filename=lmrt.exe
Confirmed=X
Description=Unidentified adware
[lmstatus]
Filename=LMSTATUS.EXE
Confirmed=N
Description=Xerox WorkCenter XE - language monitor status application
[lmu]
Filename=LMU.exe
Confirmed=X
Description=Downloader trojan, recognized by <a href="http://www.kaspersky.com/personalpro" target=_blank>Kaspersky</a> antivirus as Agent.bg
[lnternet explorer]
Filename=AMSNDMGR.EXE
Confirmed=X
Description=Added by the <a href="http://http://securityresponse.symantec.com/avcenter/venc/data/w32.kwbot.r.worm.html" target="_blank">KWBOT.R</a> WORM! Note that the "l" is a lower case "L" and not an upper case "I"
[load wb]
Filename=LOADWB.EXE
Confirmed=U
Description=Part of Stardock's <a href="http://www.windowblinds.net/" target="_blank">WindowBlinds</a> custom desktop program. "WindowBlinds is the first utility of its kind. It extends Win98/NT/2K/XP to have a fully skinnable user interface. You can change the style of title bars, buttons, toolbars and much more". If you use it - keep it if not then uninstall it
[load-guard]
Filename=Wscript.exe LGuarg.exe.vbs
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/vbs.yeno.b@mm.html" target=_blank>YENO.B</a> and <a href="http://securityresponse.symantec.com/avcenter/venc/data/vbs.yeno.c@mm.html" target=_blank>YENO.C</a> WORMS!
[loadab1]
Filename=explorer.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlineageaj.html" target="_blank">LINEAGE-AJ</a> TROJAN! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would only be in startups if you added it manually. This one is located in the Program Files folder
[loadblackd]
Filename=blackd.exe
Confirmed=Y
Description=This is the "intrusion detection system" of the <a href="http://blackice.iss.net/product_pc_protection.php" target="_blank">BlackICE PC Protection</a> (was Defender) firewall which loads independently of the "user interface" (BlackICE Utility)
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.T" target="_blank">OPASERV.T</a> WORM!
[loadmecq0]
Filename=explorer.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.mumuboy.c.html" target="_blank">MUMUBOY.C</a> TROJAN! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would only be in startups if you added it manually. This one is located in the Program Files folder
[loadmecq3]
Filename=rundll32.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlegmiras.html" target=_blank>LEGMIR-AS</a> TROJAN!
[loadmect1]
Filename=explorer.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlineagel.html" target= blank>LINEAGE-L</a> TROJAN! Note - the valid "explorer.exe" will always be located in C:\Windows or C:\Winnt whereas this one is found in the C:\Program Files folder!
[loadmsvcmm]
Filename=msvcmm32.exe
Confirmed=N
Description=Auto-update for <a href="http://www.movielink.com/" target="_blank">Movielink</a> - internet movie rental System Tray access
[loadorderverification]
Filename=[random filename]
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_TRON.A" target="_blank">TRON.A</a> TROJAN!
[loadout manager]
Filename=nost_LM.exe
Confirmed=U
Description=Manager for the Belkin Nostromo n50 SpeedPad game controller - see <a href="http://catalog.belkin.com/IWCatProductPage.process?Merchant_Id=1&Product_Id=107727" target="_blank"> here</a>
[loadpfw]
Filename=wmimgr.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32qedsb.html" target=_blank>QEDS-B</a> WORM!
Description=Installed with MSN Explorer and loads the <a href="http://support.microsoft.com/default.aspx?scid=KB;EN-US;q309418" target="_blank"> MSN Queue Manager</a>. Required to enable the WU AutoUpdate feature. Note that disabling this can sometimes prevent internet sharing working on Win2K Pro SP2. Reports also suggest that removing it will re-enable internet access - hence the "users choice" recommendation. If you have problems leave it, otherwise I recommend you disable it
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.delf.b.html" target="_blank">DELF.B</a> TROJAN! where [filename] is the infected file
[local area network]
Filename=OpenGL.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
[local internet connection]
Filename=LIC.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotya.html" target= blank>SDBOT-YA</a> WORM!
[local internet web drivers for win32]
Filename=phqghume.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsmalldp.html" target= blank>SMALL-DP</a> TROJAN!
[local security authority servce]
Filename=lssas.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32poebott.html" target=_blank>POEBOT-T</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/" target=_blank>lsass.exe</a> process
[local service]
Filename=Intenat.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojnuclearj.html" target=_blank>NUCLEAR-J</a> TROJAN!
[locator service]
Filename=[filename]
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotky.html" target=_blank>AGOBOT-KY</a> TROJAN!
[lock my pc]
Filename=lockpc.exe
Confirmed=U
Description=<a href="http://www.fspro.net/lmpc/" target=_blank>Lock_My_PC</a> - a tool for quick computer locking when you leave it unattended. It shows a lock screen, disables Windows hot keys and mouse
[login]
Filename=winlog.exe
Confirmed=U
Description=Salfeld <a href="http://www.salfeld.com/parental_control_overwiew.htm" target="_blank">Child Control 2003</a> - parental control software
[login screen saver]
Filename=login.scr
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotavn.html" target=_blank>RBOT-AVN</a> WORM!
[login service]
Filename=[path to file]
Confirmed=X
Description=Added by the <a href="https://www.europe.f-secure.com/v-descs/migmaf.shtml" target="_blank">MIGMAF</a> TROJAN!
[loginpassport]
Filename=Lgnpsp32.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.redist.c@mm.html" target="_blank">REDIST.C</a> WORM!
[logitech]
Filename=Logitech.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BJH&VSect=P" target=_blank>RBOT.BJH</a> WORM!
[logitech camera]
Filename=Soundcane.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.MUC&VSect=T" target=_blank>SDBOT.MUC</a> WORM!
[logitech desktop controller]
Filename=wrcam.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target= blank>RBOT</a> WORM!
[logitech hardware abstraction layer]
Filename=Khalmnpr.exe
Confirmed=U
Description=For a Logitech Bluetooth wireless mouse. Part of SetPoint that sets the Windows mouse sensitivity to minimum. The idea is that you will use the SetPoint Control Panel to adjust your mouse sensitivity. This setting is maintained separately from the Windows setting, but is combined with the Windows setting to determine the final sensitivity. For this reason, KHALMNPR sets the Windows setting to 0 so it doesn't alter the one you set in SetPoint
[logitech setpoint]
Filename=KEM.exe
Confirmed=U
Description=Keyboard and mouse drivers and utilities for Logitech's latest products - supersedes iTouch and MouseWare on their older products. Required if you use special features such as multimedia keys
[logitech utility]
Filename=Logi_MwX.exe
Confirmed=U
Description=Logitech Mouseware driver. Needed to support some additional functionality of Logitech mice/trackballs such as "SmartMove". If you disable it and find you don't need it leave it disabled
[logitech wakeup]
Filename=lgwakeup.exe
Confirmed=N
Description=Loads at startup and monitors the scanner. When a document is inserted in the scanner the wakeup program feeds the document a fraction of a inch into the scanner and then it launches the control center software. From the control center you can select whether to fax or copy or print the scanned documents. If you uncheck the Logitech wakeup software from the startup it no longer launches the control center or feeds the document a fraction of an inch. You can manually launch the control center software via Start ->Programs and still be able to scan images
[logitech wireless]
Filename=logitechwls.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobbs.html" target=_blank>MYTOB-BS</a> WORM!
[logitechgalleryrepair]
Filename=ISStart.exe
Confirmed=U
Description=LogitechGalleryRepair/LogitechVideoRepair - part of Logitech Image Studio - installed with Logitech QuickCam cameras. Required from version 8.11 onwards if you use the software to take pictures and capture videos, not if you don't. Also not required for versions up to and including 7.30 and after version 8.30 - hence the "U" rather than "Y" recommendation
[logitechimagestudiotray]
Filename=LogiTray.exe
Confirmed=N
Description=Logitech Image Studio - installed with Logitech QuickCams
[logitechs]
Filename=Logitechs.exe
Confirmed=X
Description=Added by the <a href="http://uk.trendmicro-europe.com/enterprise/vinfo/encyclopedia.php?LYstr=VMAINDATA&vNav=1&VName=WORM_SDBOT.BWE" target=_blank>SDBOT.BWE</a> WORM!
[logitechsoftwareupdate]
Filename=ManifestEngine.exe
Confirmed=?
Description=Updater, part of Logitech Image Studio - installed with Logitech QuickCam cameras. Probably not required
[logitechvideorepair]
Filename=ISStart.exe
Confirmed=U
Description=LogitechGalleryRepair/LogitechVideoRepair - part of Logitech Image Studio - installed with Logitech QuickCam cameras. Required from version 8.11 onwards if you use the software to take pictures and capture videos, not if you don't. Also not required for versions up to and including 7.30 and after version 8.30 - hence the "U" rather than "Y" recommendation
[logitechvideotray]
Filename=LogiTray.exe
Confirmed=N
Description=Logitech Image Studio - installed with Logitech QuickCams
[logitray]
Filename=LogiTray.exe
Confirmed=N
Description=Logitech Image Studio - installed with Logitech QuickCams
[logi_mwx]
Filename=Logi_MwX.exe
Confirmed=U
Description=Logitech Mouseware driver. Needed to support some additional functionality of Logitech mice/trackballs such as "SmartMove". If you disable it and find you don't need it leave it disabled
[logo]
Filename=[path to trojan]
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderrh.html" target=_blank>DLOADER-RH</a> TROJAN!
Description=Added by the <a href="http://ae.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=BKDR_ZINS.A" target=_blank>ZINS.A</a> TROJAN!
[logonstudio]
Filename=logonstudio.exe
Confirmed=U
Description=WinCustomize <a href="http://www.stardock.com/products/logonstudio/" target="_blank">LogonStudio</a> - "Allows Windows XP users to edit, change, and apply new logon screens. LogonStudio comes built with a visual editor to make it easy to create your own logons which can then be uploaded to websites to be used by others users"
[logwatch]
Filename=logwat95.exe
Confirmed=U
Description=Licensing patch for products installed on NT by Computer Associates such as eTrust. Detects and updates old versions of lic98.dll - see <a href="http://support.ca.com/Download/patches/licenseit/LO51215.html" target="_blank">here</a>. Not required if you already have a newer version or the patch has been applied
[longos]
Filename=WIWT.EXE
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankercd.html" target=_blank>BANKER-CD</a> TROJAN!
[look 'n' stop]
Filename=looknstop.exe
Confirmed=Y
Description=<a href="http://www.looknstop.com/En/index2.htm">Look 'n' Stop</a> personal firewall
[looknmeet]
Filename=Agent.exe
Confirmed=N
Description=<a href="http://217.22.55.178/rdl/lnm_v4.3/nl/index.html" target=_blank>LooknMeet</a> dating service
[lookup_sys]
Filename=lookupsys.exe
Confirmed=X
Description=P04n trojan
[lotus organizer easyclip]
Filename=easyclip.exe
Confirmed=N
Description="The Easy Clip icon automates the collection of information from sources such as e-mail to create an Organizer address, appointment, task or Notepad page." Available via Start -> Programs
[lotus quickstart]
Filename=smartctr.exe
Confirmed=N
Description=Lotus central application, called SmartCenter, which runs on the Windows desktop. SmartCenter toolbar stretches across the top or, optionally, the bottom of the screen. Uses a lot of resources. Available via Start -> Programs
[lotus suitestart]
Filename=suitest.exe
Confirmed=U
Description=Puts the individual Lotus components in the system tray taskbar when you start Windows. Can be disabled via MSCONFIG -> Startup as "Lotus SuiteStart 97 Edition". All individual components available via Start -> Programs
[lowversionsupport]
Filename=[filename]
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.lastras.html" target="_blank">LASTRAS</a> TROJAN!
[lpr]
Filename=Lpr123.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/spyware.rempsteal.html" target=_blank>REMPSTEAL</a> password stealer TROJAN!
[lpr123]
Filename=Lpr123.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/spyware.rempsteal.html" target=_blank>REMPSTEAL</a> password stealer TROJAN!
[lps]
Filename=Lps.exe
Confirmed=U
Description=Local Port Scanner - "With LPS you're able to check your computer for open or listening ports"
[lptask]
Filename=lptask.exe
Confirmed=U
Description=<a href="http://www.sanegroup.com/sanegroup/lppro.html" target="_blank">Program Lock It And Protect Pro</a> - lock and protect your folders from being opened, moved or deleted
[lrbz utility 32]
Filename=lrbz32.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotjq.html" target=_blank>AGOBOT-JQ</a> WORM!
[ls120 superdisk]
Filename=??
Confirmed=N
Description=Supposed to accelerate transfer rate on LS-120, contributes to system lockups
[lsa service]
Filename=LSASS.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.ahker.g@mm.html" target= blank>AHKER.G</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/" target="_blank">lsass.exe</a> process, which should not appear in Msconfig/Startup!
[lsa services]
Filename=lsa2srv.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32tamec.html" target=_blank>TAME-C</a> WORM!
[lsa shell (export version)]
Filename=LSASS.exe
Confirmed=X
Description=Added by several variants of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AHKER.K&VSect=P" target=_blank>AHKER</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/" target=_blank>lsass.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
[lsass 32]
Filename=ISASS32.pif
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32assiralc.html" target= blank>ASSIRAL-C</a> WORM!
[lsass authority]
Filename=lshosts32.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsdbotuy.html" target= blank>SDBOT-UY</a> TROJAN!
[lsass daemon]
Filename=LSASSd.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target=_blank>AGOBOT/GAOBOT</a> WORM!
[lsass service]
Filename=lsass2.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target=_blank>AGOBOT/GAOBOT</a> WORM!
[lsass2k update]
Filename=lsass2k.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
[lsass64bit.exe]
Filename=lsass64BiT.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotck.html" target=_blank>FORBOT-CK</a> WORM!
[lsassig]
Filename=lsassig.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancosec.html" target=_blank>BANCOS-EC</a> TROJAN!
[lsasss]
Filename=lsasss.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojgeekmya.html" target=_blank>GEEKMY-A</a> TROJAN!
[lsasss.exe]
Filename=lsasss.exe
Confirmed=X
Description=Added by the <a href="http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?VName=WORM_SASSER.E" target="_blank">SASSER.E</a> WORM!
[lsburnwatcher]
Filename=lsburnwatcher.exe
Confirmed=N
Description=Used for automatically updating HP programs
[lsess]
Filename=lsess.exe
Confirmed=X
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/w32.sinnaka.a@mm.html" target=_blank>SINNAKA.A</a> WORM!
[lsmass]
Filename=lsmass.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojwallopb.html" target=_blank>WALLOP-B</a> TROJAN!
[lsmss.exe]
Filename=lsmss.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojproxygg.html" target=_blank>PROXY-GG</a> TROJAN!
[lspfix]
Filename=LSPmonitor.exe
Confirmed=N
Description=eAcceleration Stop-Sign related - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm#ss_note" target=_blank>note</a>
[lspins]
Filename=igps.exe
Confirmed=X
Description=Reported as the VB.KC TROJAN by Kapersky Anti-Virus
[lspmonitor]
Filename=LSPmonitor.exe
Confirmed=N
Description=eAcceleration Stop-Sign related - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm#ss_note" target=_blank>note</a>
[lssass]
Filename=lssas.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.RL" target=_blank>AGOBOT.RL</a> WORM!
Description=Modem On Hold utility - manages incoming/outgoing voice calls on a single phone line while being connected to the internet
[ltmsg]
Filename=ltmsg.exe
Confirmed=Y
Description=One of the "popular" WinModem series. WinModems use software rather than hardware - hence putting a load on the CPU. Needed if you have it for loading the drivers. See <a href="http://808hi.com/56k/winmodems.asp" target="_blank">here</a> for more WinModem information
[ltsmmsg]
Filename=LTSMMSG.exe
Confirmed=N
Description=Lucent Tech. Soft Modem Messaging application - may be found on Fujitsu Lifebook, Acer and Sony Vaio notebooks, maybe others too
[ltsmsg]
Filename=Shell32.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.lemir.b.html" target="_blank">LEMIR.B</a> TROJAN!
[ltt2]
Filename=rundll32.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlineagebi.html" target=_blank>LINEAGE-BI</a> TROJAN!
[ltwinmodem1]
Filename=ltmsg.exe
Confirmed=Y
Description=One of the "popular" WinModem series. WinModems use software rather than hardware - hence putting a load on the CPU. Needed if you have it for loading the drivers. See <a href="http://808hi.com/56k/winmodems.asp" target="_blank">here</a> for more WinModem information
[luguard]
Filename=LUGuard.exe
Confirmed=U
Description=PC-Duo <a href="http://www.vector-networks.com/pc-duo-enterprise/remote-control.php" target=_blank>Remote Control</a> enables your help desk technicians to take instant control of any remote desktop PC at any location across the LAN, WAN or internet
[lusetup]
Filename=LUSetup.exe
Confirmed=Y
Description=Symantec <a href="http://service1.symantec.com/support/sharedtech.nsf/docid/1999051911110813" target=_blank>LiveUpdate installer</a> - required to install a new version of the application. Will only run once, and the entry is automatically deleted after a reboot
[lvcoms]
Filename=lvcoms.exe
Confirmed=U
Description=Lvcomm server. Related to Logitech Quick Cam - works fine without it but it is needed for the Logitech ImageStudio software to connect to the camera
[lvcomsx]
Filename=LVCOMSX.EXE
Confirmed=U
Description=It provides extra functionality for Logitech multimedia webcam devices. It is non-essential to the running of the system, but should not be terminated unless suspected to be causing problems
[lwinst run profiler]
Filename=lwtest.exe
Confirmed=N
Description=Logitech Wingman Profiler for the Logitech joysticks. Available via Start -> Programs
[lxamsp32]
Filename=lxamsp32.exe
Confirmed=?
Description=<font color="#FF0000">Associated with a Lexmark Printer - is it required?</font>
[lxbbmgr]
Filename=LXbbmgr.exe
Confirmed=?
Description=<font color="#FF0000">Lexmark printer button manager? Is it required?</font>
[lxblksk]
Filename=LXBLKsk.exe
Confirmed=?
Description=Lexmark related. <font color="#FF0000">What does it do, and is it required?</font>
[lxbrbmgr]
Filename=lxbrbmgr.exe
Confirmed=Y
Description=Lexmark printer button manager. Required for correct operation
[lxbrksk]
Filename=LXBRKsk.exe
Confirmed=?
Description=Lexmark printer related. <font color="#FF0000">What does it do and is it required?</font>
Description=Lexmark printer related - <font color="#FF0000">what does it do and is it required?</font>
[lxsupmon]
Filename=LXSUPMON.EXE
Confirmed=N
Description=Lexmark Printer. The printer should work fine without it
[lycosinside]
Filename=Lyc_SysTray.exe
Confirmed=?
Description=<a href="http://email.about.com/gi/dynamic/offsite.htm?zi=1/XJ&sdn=email&zu=http://mail.lycos.com/" target=_blank>Lycos eMail</a> related - <font color="#FF0000">what does it do and is it required?</font>
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotbjn.html" target= blank>SDBOT-BJN</a> WORM!
[m-soft office]
Filename=M-soft Office.hta
Confirmed=X
Description=HTA file which creates an executable on the hard drive which subsequently proceeds to download files from a malware site!
[m1cr0s0ft s3rcurity]
Filename=systemconfig.exe
Confirmed=X
Description=Added by the <a href="http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_RBOT.BKB" target=_blank>RBOT.BKB</a> WORM!
[m1cr0s0ft upd4t4zs]
Filename=update32.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotmi.html" target=_blank>RBOT-MI</a> WORM!
[m32info]
Filename=m32info.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A" target="_blank">CRYPTER.A</a> TROJAN!
[m3tray]
Filename=m3tray.exe
Confirmed=N
Description=<a href="http://www.movielink.com/" target="_blank">Movielink</a> - internet movie rental System Tray access
[macfee security patch]
Filename=Mpfsheild.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotnp.html" target=_blank>RBOT-NP</a> WORM!
[machine update soft]
Filename=wusas.exe
Confirmed=X
Description=Added by an unidfentified WORM!
[maclic]
Filename=MacLic.exe
Confirmed=N
Description=Part of <a href="http://www.dataviz.com/products/conversionsplus/index.html" target="_blank">Conversions Plus</a> from DataViz - allowing PC and MAC owners to share disks
[macname]
Filename=MacName.exe
Confirmed=N
Description=Part of <a href="http://www.dataviz.com/products/conversionsplus/index.html" target="_blank">Conversions Plus</a> from DataViz - allowing PC and MAC owners to share disks
[macromedia critical updater]
Filename=rarww.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
[macromedia dreamweaver xm]
Filename=macdwXM.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotri.html" target=_blank>AGOBOT-RI</a> WORM!
[macromedia drive]
Filename=Iexplor32.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
[mad.exe]
Filename=MAD.EXE
Confirmed=Y
Description=MAD.exe is the MS Exchange 5.5 System Attendant and can also consume a large amount of resources - resolved by the latest Exchange 5.5 Service Pack. Also part of Exchange 2000 Server but does it have the same problems?. Apparently you need to leave this running but is it needed at start-up?
[madexe]
Filename=LaunchRA.exe
Confirmed=N
Description=Dell Resolution Assistant
[mafwtaskbarapp]
Filename=MAFWTray.exe
Confirmed=U
Description=Drivers for the M-Audio Firewire Audiophile - Interface
[magicdsk]
Filename=MAGICDSK.EXE
Confirmed=U
Description=Magic DeskTop is a small and novel utility which will allow you the option of hiding or showing your desktop icons
[magitime]
Filename=Magitime.exe
Confirmed=N
Description=<a href="http://www.geocities.com/magistone/magitime.htm" target="_blank">Magitime</a> - connection tracking utility which monitors online time, expense, data transfer
[mail.com]
Filename=mcalert.exe
Confirmed=?
Description=<a href="http://mail01.mail.com/" target="_blank">Mail.com</a> - free web-mail service. <font color="#FF0000">Does mcalert.exe notify you when new mail has arrived?</font>
[mailbell]
Filename=mailbell.exe
Confirmed=U
Description=<a href="http://www.emtec.com/mailbell/" target="_blank">MailBell</a> e-mail notification tool that will notify you about new messages arrived to your mailbox. Works with both POP3 mailboxes and web-mail based systems. You should be able to set your mail system to check all accounts at regular intervals anyway if you prefer (in Outlook for instance)
[mailbox verifier]
Filename=mboxvrfy.exe
Confirmed=U
Description=<a href="http://" target="_blank">Mailbox Verifier (MV)</a> is free software that will notify you about new messages arrived to your mailbox. Only works with POP3 mailboxes (not web-mail based systems). You should be able to set your mail system to check all accounts at regular intervals anyway if you prefer (in Outlook for instance)
[mailcleaner]
Filename=MAILCLEANER.EXE
Confirmed=X
Description=MailCleaner "protect your computer from viruses sent to your machine via the popular e-Mail reader Incredimail. In addition the program will check all incoming files downloaded by Internet Explorer, Netscape Navigator, ICQ and iMesh" - not recommended as it bundles <a href="http://www.doxdesk.com/parasite/Gator.html" target=_blank>Gator</a> adware
[mailman.exe]
Filename=mailman.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojcertife.html" target=_blank>CERTIF-E</a> TROJAN!
[mailscan dispatcher]
Filename=Launch.exe
Confirmed=Y
Description=<a href="http://www.mspl.net/antivirus/mailscan/ms4adv.asp" target="_blank">MailScan</a> Dispatcher splits each e-mail message into various components such as the header, body and attachment. Compressed formats (ZIP, ARJ, etc.) are scanned for viruses and cleaned
[mail_check]
Filename=Mail_Check.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_PANOIL.C" target="_blank">PANOIL.C</a> WORM!
[main]
Filename=main.exe
Confirmed=U
Description=<a href="http://www.spycop.com/" target="_blank">SpyCop</a> surveillance software detection - checks to see when your machine was last scanned and if it was more than a week asks if you want to scan
[main executable (hp)]
Filename=HP05T0R5.exe
Confirmed=?
Description=<font color="#FF0000">HP (Hewlett-Packard) related. Maybe related to printers. Now - what does it do?</font>
[main16]
Filename=main16.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A" target="_blank">CRYPTER.A</a> TROJAN!
[main32]
Filename=main32.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A" target="_blank">CRYPTER.A</a> TROJAN!
[mainstart]
Filename=svcmfte32.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojstinxa.html" target=_blank>STINX-A</a> TROJAN!
[mainviewex]
Filename=mainviewex.exe
Confirmed=X
Description=Added by the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=40493" target=_blank>GEMA.D</a> TROJAN!
[major microsoft windows driver boot loader]
Filename=bpool.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.mytob.aj@mm.html" target=_blank>MYTOB.AJ</a> WORM!
[manageprotocolctrl]
Filename=csmsv.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.looksky.b.html" target=_blank>LOOKSKY.B</a> TROJAN!
[mania win restore]
Filename=RESWIN.EXE
Confirmed=N
Description=Pinball Mania for Windows from 21st Century Entertainment LTD (1995). Runs briefly at start-up then terminates. Available via Start -> Programs
[mantis]
Filename=[filename]
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.mantibe.html" target="_blank">MANTIBE</a> VIRUS!
[mapidrv]
Filename=mpisvc.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.mipsiv.html" target="_blank">MIPSIV</a> TROJAN!
[mapisvc32]
Filename=mapisvc32.exe
Confirmed=X
Description=Added by the KX VIRUS and also recognised by Symantec as <a href="http://securityresponse.symantec.com/avcenter/venc/data/adware.fapi.html" target="_blank"> FPAI</a> adware
[mark the service]
Filename=xxtra32.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.APP&VSect=T" target=_blank>SDBOT.APP</a> WORM!
[martini]
Filename=pinmart.exe
Confirmed=X
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
[mascro soft sdk updates2]
Filename=SDKrepair2.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.BXM&VSect=P" target=_blank>SDBOT.BXM</a> WORM!
[masqform.exe]
Filename=masqform.exe
Confirmed=N
Description=PureEdge Viewer 6.0, reportedly associated with viewing and text editing US Air Force electronic forms
[mass storage check registry]
Filename=rundll32.exe MSDServ.dll, check registry
Confirmed=N
Description=Used with a USB based smartmedia card reader
[master volume spy]
Filename=MASTERVOLUMESPY.EXE
Confirmed=U
Description=Volume control for the Gateway Destination "DestiVu" media interface
[matrixscreen]
Filename=[filename]
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.matrixscreen.html" target=_blank>MATRIXSCREEN</a> TROJAN!
[matrixscreensaver]
Filename=mss.exe
Confirmed=X
Description=Malware, see <a href="http://www.spywareinfo.com/forums/index.php?s=&act=ST&f=11&t=7278" target="_blank"> here</a>
[matrox color control]
Filename=hgcctl95.exe
Confirmed=N
Description=For Matrox video cards. Quick access to changing colors
[matrox control center]
Filename=mgactrl.exe
Confirmed=N
Description=For Matrox video cards. Quick access to settings
[matrox diagnostic]
Filename=mgadiag.exe
Confirmed=N
Description=For Matrox video cards. Quick access to diagnostics
[matrox powerdesk]
Filename=PDesk.exe
Confirmed=N
Description=For Matrox video cards. Quick access to tweak your card to your liking
[matrox powerdesk 8]
Filename=Matrox.PowerDesk.exe /silent
Confirmed=N
Description=For Matrox video cards. Quick access to tweak your card to your liking
[matrox quickdesk]
Filename=mgaqdesk.exe
Confirmed=N
Description=For Matrox video cards. Quick access to tweak your card to your liking
[maxalerts]
Filename=max.exe
Confirmed=X
Description=Bonzi MaxALERT - spyware
[maxtorcombo]
Filename=ComboButton.exe
Confirmed=Y
Description=Required to be able to use the Maxtor OneTouch button on your external Maxtor harddrive. It is used to start up backup software (Retrospect)
[maxtorreg]
Filename=AUTOREG.EXE
Confirmed=U
Description=Part of <a href="http://www.netsizzle.net/sysagent.asp" target="_blank">SYSagent</a> - small utility for retrieving all the hardware and software information required by anyone administering a machine and/or the network it's a part of
Description=Motherboard Monitor 4 - only needed if you overclock your system and want to keep a check on system temperatures/voltages/etc. Available via Start -> Programs
[mbm 5]
Filename=MBM5.exe
Confirmed=U
Description=<a href="http://mbm.livewiredev.com/" target=_blank>Motherboard Monitor 5</a> - only needed if you overclock your system and want to keep a check on system temperatures/voltages/etc. Available via Start -> Programs
Description=<a href="http://mbprobe.livewiredev.com/about.html" target="_blank">MBProbe</a> - only needed if you overclock your system and want to keep a check on system temperatures/voltages/etc. Available via Start -> Programs
[mcafee]
Filename=McAffeAv.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_NETSKY.AL&VSect=P" target=_blank>NETSKY.AL</a> WORM!
[mcafee anti scan]
Filename=NortonScn.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
[mcafee antivirus]
Filename=McAfeeAV.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
[mcafee antivirus monitoring system326]
Filename=VSStatmn326.exe
Confirmed=X
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
[mcafee antivirus monitoring system32mn]
Filename=VSStatmn32.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
[mcafee antivirus protection]
Filename=mcafeeAV.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target= blank>RBOT</a> WORM!
[mcafee auto protect]
Filename=mcafeshield.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotuh.html" target=_blank>RBOT-UH</a> WORM!
[mcafee firewall]
Filename=CPD.EXE
Confirmed=Y
Description=Firewall bundled with McAfee VirusScan 6.*. Can also be listed as CPD_EXE
[mcafee guardian]
Filename=CMGRDIAN.EXE
Confirmed=N
Description=McAfee's QuickClean, an offline version of the one in their online Clinic. Normally run offline and not needed. Incidentally, incorporates more cleanup programs than the likes of WinOptimizer and System Mechanic
[mcafee quickclean imonitor]
Filename=Plguni.exe
Confirmed=N
Description=<a href="http://www.mcafee.com/myapps/qc3/default.asp" target=_blank>McAfee QuickClean 3.0</a> - removes internet clutter and unwanted programs
[mcafee software intrenet]
Filename=mcafee.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotatr.html" target=_blank>RBOT-ATR</a> WORM! Note - this is not a valid McAfee program
[mcafee windows protection]
Filename=mcafee32.exe
Confirmed=X
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html" target=_blank>SPYBOT</a> WORM!
[mcafee winguage]
Filename=??
Confirmed=N
Description=Part of McAfee Nuts & Bolts. "WinGuage is a dynamic reporting tool that constantly monitors your use of Windows and your applications, to alert you to potential problems before they become serious". Resource hog. Available via Start -> Programs
[mcafee.instantupdate.monitor]
Filename=RuLaunch.exe
Confirmed=U
Description=Instant Updater for McAfee's VirusScan, Internet Security, Quick Clean, Uninstaller and Firewall products. In the case of VirusScan leave it enabled unless you update manually on a regular basis
[mcafeescanplus]
Filename=McAfeeScanPlus.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.mepcod.html" target=_blank>Backdoor.Mepcod</a> TROJAN! This trojan file does not belong to any McAfee Antivirus Software and is found in the Windows or Winnt folder
[mcafeeupdaterui]
Filename=UpdaterUI.exe
Confirmed=Y
Description=Associated with McAfee Enterprise 7.0.0. - background process
[mcafeevirusscanservice]
Filename=Avsynmgr.exe
Confirmed=Y
Description=From McAfee VirusScan version 5.x. Runs VirusScan System Tray (Vsstat.exe), WebScanX (Webscanx.exe), VirusScan System Scan (Vshwin32.exe) and VirusScan Console (Avconsol.exe) under one application
[mcafeewebscanx]
Filename=WebScanX.exe
Confirmed=Y
Description=From McAfee VirusScan up to version 4.x. Provides functionality for VShield Download Scan and Internet Filter modules. Enables internet scanning. Guards against malicious ActiveX programs, etc
[mcaffe antivirus]
Filename=Mcafeescn.exe
Confirmed=X
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html" target="_blank">SPYBOT</a> WORM!
[mcagentexe]
Filename=mcagent.exe
Confirmed=U
Description=From McAfee VirusScan On-line. The Agent is a red M icon that appears in the Windows system tray or Notification Area (if you're running Windows XP). If you don't see the agent icon, VirusScan Online may not be installed
[mcappins.exe]
Filename=mcappins.exe
Confirmed=?
Description=McAfee Application Installer.<font color="#FF0000"> </font><font color="#FF0000">What does it do and is it required?</font>
[mchanger]
Filename=MChanger.exe
Confirmed=N
Description=Media Changer - utility that allows you to change wallpapers, sounds, themes, etc
Description=McAfee antivirus related. <font color="#FF0000">What does it do and is it required?</font>
[mcrosoftr update]
Filename=Mcrosoftr.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
[mcvsrte]
Filename=mcvsrte.exe
Confirmed=Y
Description=Part of McAfee's <a href="http://us.mcafee.com/root/product.asp?productid=msc" target="_blank">SecurityCenter</a>. Must remain checked but one user reports Windows glitches with no response from McAfee as to why
[mcvsshld]
Filename=mcvsshld.exe
Confirmed=Y
Description=McAfee VirusScan On-line. See also the McAgentExe entry
[mcx update]
Filename=wisp.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaqh.html" target=_blank>RBOT-AQH</a> WORM!
[mcx updte]
Filename=scorti.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotarp.html" target=_blank>RBOT-ARP</a> WORM!
[mdac_runonce]
Filename=runonce.exe
Confirmed=N
Description=Associated with MS Data Access Components (MDAC). Sometimes left over after installation - not required. NOTE :- don't delete "runonce.exe".
[mddiskprotect.exe]
Filename=MDDiskProtect.exe
Confirmed=N
Description=MediaFour <a href="http://www.mediafour.com/products/macdrive6/" target= blank>MacDrive</a> for Windows - easily open, edit and save files from Mac-formatted disks, format Mac disks and burn Mac CDs and DVDs!
[mdetect]
Filename=[path to trojan]
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.spabot.html" target="_blank">SPABOT</a> TROJAN!
[mdm7]
Filename=mdm.exe
Confirmed=U
Description=Used by developers for debugging. Those who have encountered it have unchecked it with no degradation in performance. May cause your computer to "hang" if you have MS Visual Studio installed and this disabled because it appears to take over error handling - hence the U recommendatioon. Can also be listed as Machine Debug Manager. See <a href="http://support.microsoft.com/default.aspx?scid=kb;en-us;321410" target="_blank"> here</a> to disable
[mdmdll]
Filename=mdmdll.exe
Confirmed=X
Description=Added by the <a href="http://www.pestpatrol.com/PestInfo/t/trojandownloader_win32_crypter.asp" target=_blank>CRYPTER</a> TROJAN!
[mdmdll32]
Filename=mdmdll32.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojcrypterc.html" target="_blank">CRYPTER.C</a> TROJAN!
[mds.exe]
Filename=mds.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojmadsa.html" target= blank>MADS-A</a> TROJAN!
[mdwmdmsp]
Filename=mdwmdmsp.exe
Confirmed=X
Description=Adware - recognized by <a href="http://www.kaspersky.com/personalpro" target=_blank>Kaspersky</a> antivirus and others as TrojanDownloader.Win32.Agent.am
Description=<a href="http://www.pcpitstop.com/news/dave/2005-07.asp" target=_blank>180Solutions</a> Windupdates adware variant - also see <a href="http://www.pcpitstop.com/news/dave/2005-07.asp" target=_blank>here</a>
[media load]
Filename=msn32.exe
Confirmed=X
Description=Added by a unidentified WORM or TROJAN!
[media manager indexer]
Filename=AIRSVCU.EXE
Confirmed=U
Description=Part of MS Visual InterDev, Media Manager is an easy media file management system that works in conjunction with Windows Explorer. The Media Manager Indexer is a program that indexes all the information about your media files and puts it into a database. For more information see <a href="http://www.cug.edu.cn/fwzn/wlzx/wlfw/vid/USINGVID/0-7897/0-7897-0762-4/ch09.htm" target="_blank">here</a>
[media player update]
Filename=xpsp1mfh.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
[media plug x.1.2]
Filename=msdm.exe
Confirmed=X
Description=Added by the MULDROP.352 VIRUS!
[media software updater]
Filename=sscs.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotabe.html" target= blank>RBOT-ABE</a> WORM!
[media x services]
Filename=MSNGRx.exe
Confirmed=X
Description=Added by the <a href="http://de.trendmicro-europe.com/enterprise/security_info/ve_detail.php?VName=WORM_RBOT.AUL" target=_blank>RBOT.AUL</a> WORM!
[media-xp-service-pack3]
Filename=msnzx.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotacw.html" target=_blank>SDBOT-ACW</a> WORM!
[media32]
Filename=[path to trojan]
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojpurscanz.html" target=_blank>PURSCAN-Z</a> TROJAN!
[mediaface integration]
Filename=Sethook.exe
Confirmed=N
Description=Fellowes Neato?cd label design software. "Launch NEATO's MediaFACE II label making software directly from the productname toolbar"
[mediafour mac volume notifications]
Filename=Macvntfy.exe
Confirmed=U
Description=<a href="http://www.mediafour.com/products/xplay/" target="_blank">Mediafour Xplay</a> - allows you to use an Apple iPod digital music player with a PC running Windows. If not used regularily start manually before connecting the iPod
[mediafour xplay tray notification icon]
Filename=Xptryicn.exe
Confirmed=U
Description=<a href="http://www.mediafour.com/products/xplay/" target=_blank>Mediafour Xplay</a> - allows you to use an Apple iPod digital music player with a PC running Windows. If not used regularily start manually before connecting the iPod
[mediakey]
Filename=MediaKey.exe
Confirmed=U
Description=<a href="http://www.futurepowerusa.com/support/kb_911/help/overview.htm" target="_blank">Multimedia keyboard</a> manager. Required if you use the multimedia keys
Description=Media Ring Talk, voice recognition software, Resource hog. Available via Start -> Programs
[mediaxpservicepack]
Filename=mxpsp.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.CDT&VSect=T" target=_blank>SDBOT.CDT</a> WORM!
[media_driver]
Filename=media_driver.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.tupeg.html" target=_blank>TUPEG</a> VIRUS! Note - this malware actually changes the default value data of the Registry "Run" key in order to force Windows to launch it at boot. Name field may be empty
[media_manager]
Filename=mediaman.exe
Confirmed=X
Description=<a target="_blank" href="http://www.mini-player.com/">Mini-Player</a>, IMESH related foistware, see <a target="_blank" href="http://www.spywareinfo.com/yabbse/index.php?board=10;action=display;threadid=2633;start=0#msg20371">here</a>
[media_stub]
Filename=stub.exe
Confirmed=X
Description=<a target="_blank" href="http://www.mini-player.com/">Mini-Player</a>, IMESH related foistware, see <a target="_blank" href="http://www.spywareinfo.com/yabbse/index.php?board=10;action=display;threadid=2633;start=0#msg20371">here</a>
[megapanel]
Filename=HSTrans.exe
Confirmed=U
Description=Homescan Internet Transporter - part of <a href="http://www2.acnielsen.com/products/cps_homescan.shtml" target=_blank>ACNielson Homescan</a>. Recognizes when the ACNielsen Homescan Scanner is attached to the computer and allows it to transmit scanner information to ACNielsen
[members area]
Filename=******.exe [* = random digit]
Confirmed=X
Description=Premium rate adult content dialer
[memconfig]
Filename=SetupIE.com
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.taplak.html" target="_blank">TAPLAK</a> WORM!
[memmonster]
Filename=memmnstr.exe
Confirmed=U
Description=<a href="http://www.daolnwod.com/memmonster_2923.htm" target=_blank>MemMonster</a> - memory optimizer. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See <a href="http://www.aumha.org/a/memmgmt.htm" target="_blank">this</a> article and make up your own mind
[memokit]
Filename=MK.EXE
Confirmed=U
Description=Memory optimizer. It loads from startup group and it goes off as soon as the program (memokit.exe) is loaded in the System Tray. Mk.exe does not run while the memokit.exe is running. Probably loads a flash screen at startup and shutdown that stays on screen less than 5 seconds and gives you a button to push to purchase the full version. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See <a href="http://www.aumha.org/a/memmgmt.htm" target="_blank">this</a> article and make up your own mind
[memory]
Filename=outlookrem.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.nopir.c.html" target=_blank>NOPIR.C</a> WORM!
[memory check]
Filename=memore.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.killav.c.html" target="_blank">KILLAV.C</a> TROJAN!
Description=Memory optimizer. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See <a href="http://www.aumha.org/a/memmgmt.htm" target="_blank">this</a> article and make up your own mind
[memoryboost]
Filename=MemoryBoost.exe
Confirmed=U
Description=<a href="http://www.tenebril.com/consumer/memboost/" target=_blank>MemoryBoost</a> - memory optimizing program made by Tenebril Inc. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/ME. See <a href="http://www.aumha.org/a/memmgmt.htm" target=_blank>this</a> article and make up your own mind
[memorymeter]
Filename=MemoryMeter.exe
Confirmed=X
Description=Autoinstalling spyware by <a href="http://www.totalvelocity.com/" target="_blank">Total Velocity</a>
[memreader.exe]
Filename=memreader.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotty.html" target=_blank>AGOBOT-TY</a> WORM!
[memreaload]
Filename=MEMreaload.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.lazar.html" target=_blank>LAZAR</a> TROJAN!
[memscanner]
Filename=MemScanner.exe
Confirmed=N
Description=Part of Enigma SpyHunter - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm#sh_note" target="_blank">note</a>
[memturbo]
Filename=memturbo.exe
Confirmed=U
Description=<a href="http://www.memturbo.com/" target="_blank">MemTurbo</a> memory optimizer. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See <a href="http://www.aumha.org/a/memmgmt.htm" target="_blank">this</a> article and make up your own mind
[menusnap]
Filename=MenuSnap.exe
Confirmed=N
Description=<a href="http://www.rietta.com/menusnap/" target="_blank">MenuSnap</a> from Rietta Solutions. Utility that re-orders your Start Menu items alphabetically. You may not want this utility if you're able to do this manually by selecting Start -> Programs and right-clicking and choosing "Sort by Name" if availabe
[message queuing]
Filename=msmqs.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.freefors.html" target="_blank">FREEFORS</a> TROJAN!
Description=<a href="http://www.ograhl.com/en/messageblocker/" target="_blank">Message Blocker</a> - "prevents Outlook Express from loading images or other content from the internet without confirmation, as well as executing scripts when displaying a formatted email message"
[messenger block]
Filename=msngrblock.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.patoo@mm.html" target="_blank">PATOO</a> WORM!
[messenger protocol]
Filename=netsender.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotacc.html" target=_blank>SDBOT-ACC</a> WORM!
[messenger start-up]
Filename=Msgran.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.gramos.html" target="_blank">GRAMOS</a> WORM!
[messenger6]
Filename=command.pif
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.inzae.b@mm.html" target=_blank>INZAE.B</a> WORM!
[messengerdiscovery]
Filename=MessengerDiscovery.exe
Confirmed=U
Description=<a href="http://www.messengerdiscovery.com/" target=_blank>MessengerDiscovery</a> is a MSN Messenger add-on - adding over 70 new features
[messengerplus]
Filename=MsgPlus.exe
Confirmed=N
Description=<a href="http://www.msgplus.net/" target=_blank>MessengerPlus</a> - third party MSN Messenger extension that adds a number of useful features. Bundles the hard to remove C2Media <a href="http://inetexplorer.mvps.org/data/messenger_plus.htm" target=_blank>LOP</a> adware. The software does offer you a choice during setup - make sure to install MessengerPlus WITHOUT that "sponsor program"!
[messengerplus2]
Filename=MsgPlus.exe
Confirmed=N
Description=<a href="http://www.msgplus.net/" target=_blank>MessengerPlus</a> - third party MSN Messenger extension that adds a number of useful features. Bundles the hard to remove C2Media <a href="http://inetexplorer.mvps.org/data/messenger_plus.htm" target=_blank>LOP</a> adware. The software does offer you a choice during setup - make sure to install MessengerPlus WITHOUT that "sponsor program"!
[messengerplus3]
Filename=MsgPlus.exe
Confirmed=N
Description=<a href="http://www.msgplus.net/" target=_blank>MessengerPlus</a> - third party MSN Messenger extension that adds a number of useful features. Bundles the hard to remove C2Media <a href="http://inetexplorer.mvps.org/data/messenger_plus.htm" target=_blank>LOP</a> adware. The software does offer you a choice during setup - make sure to install MessengerPlus WITHOUT that "sponsor program"!
[metalrock (irc.musirc.com) has sex with printers]
Filename=metalrock-is-gay.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RANDEX.Q" target=_blank>RANDEX.Q</a> WORM!
[meuprograma]
Filename=accwizz.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.ruland.a@mm.html" target=_blank>RULAND.A</a> WORM!
[mfgboot]
Filename=??
Confirmed=?
Description=<font color="#FF0000">??</font>
[mfilter]
Filename=MNeck.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.de/virusinfo/analyses/trojclickerag.html" target=_blank>CLICKER-AG</a> TROJAN!
Description=MATROX Graphics card related. <font color="#FF0000">What does it do and is it required?</font>
[mga quickdesk]
Filename=MGAQDESK.EXE
Confirmed=N
Description=For Matrox video cards. Quick access to tweak your card to your liking
[mgabg]
Filename=Mgabg.exe
Confirmed=?
Description=Matrox BIOS Guard. <font color="#FF0000">What does it do and is it required?</font>
[mga_cd_install]
Filename=mgasetup.exe
Confirmed=N
Description=Matrox Millennium video driver. Not required once drivers installed
[mgmtapi]
Filename=mgmtapi.exe
Confirmed=X
Description=Unidentified malware
[mhdogstart]
Filename=mhdogst.EXE
Confirmed=X
Description=Added by an unidentified VIRUS, WORM or TROJAN! A possibility is a trojan known as PENIS
[mhinit]
Filename=MHINIT.EXE
Confirmed=N
Description=Part of the Cybermedia Clean Sweep package
[mickey mouse cereal]
Filename=[random filename].exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.ranky.q.html" target=_blank>RANKY.Q</a> TROJAN!
[micr update]
Filename=soundblaster.exe
Confirmed=X
Description=Added by the <a href="http://no.trendmicro-europe.com/enterprise/security_info/ve_detail.php?VName=WORM_SDBOT.NP" target="_blank">SDBOT.NP</a> WORM!
[micr0s0ft ms d0s]
Filename=msdx.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaon.html" target=_blank>RBOT-AON</a> WORM!
[micro process]
Filename=appconf.exe
Confirmed=X
Description=Added by an unidentified WORM or TROJAN!
[micro update]
Filename=dailin.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rboter.html" target=_blank>RBOT-ER</a> WORM!
[microangelo desktop]
Filename=Muamgr.exe
Confirmed=U
Description=Quick access to MicroAngelo 5.0. It can make the background of the icon text transparent and also change the color of the shortcut's text to a color you want. Very useful, if you have a wallpaper. Available via Start -> Programs
[microattunedownload]
Filename=atmdlusr.exe
Confirmed=N
Description=Application Launcher, MS Office application. USR (US Robotics) modem auto updater. May be a sub-set of Attune
[microcq0]
Filename=explorer.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlineageak.html" target="_blank">LINEAGE-AK</a> TROJAN! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would only be in startups if you added it manually. This one is located in the Program Files folder
[microdialler]
Filename=atdialler1.exe
Confirmed=U
Description=Part of the <a href="https://www.freeserve.com/time/anytimereg/migration/?redirect=int" target="_blank">Freeserve Connection Kit</a> - changes the dial-up for Freeserve AnyTime if access problems are encountered
[microedsoft toolbar]
Filename=Smoked.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaln.html" target=_blank>RBOT-ALN</a> WORM!
[microfinder lptt01]
Filename=mcf.exe
Confirmed=X
Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "mcf" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a ref="http://www.wilderssecurity.net/specialinfo/rapidblaster.html#removal" target="_blank"> here</a>
[microfinder ml097e]
Filename=mcf.exe
Confirmed=X
Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "mcf" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a ref="http://www.wilderssecurity.net/specialinfo/rapidblaster.html#removal" target="_blank"> here</a>
[microfot update]
Filename=winldx32.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
[microft exploerer]
Filename=spoolsac.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotamd.html" target=_blank>RBOT-AMD</a> WORM!
[microft update 32]
Filename=winssx.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaqs.html" target=_blank>RBOT-AQS</a> WORM!
[microload]
Filename=[random filename]
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.darby.html" target="_blank">DARBY</a> WORM!
[micromedia flash update]
Filename=wdfmrg.exe
Confirmed=X
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
[microoft timing]
Filename=pupdate.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target= blank>RBOT</a> WORM!
[microsft confige 32]
Filename=msaconfigurez.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.CLC&VSect=P" target=_blank>RBOT.CLC</a> WORM!
[microsft mx update support]
Filename=taskmngrs.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotauz.html" target=_blank>RBOT-AUZ</a> WORM!
[microsft windows updates]
Filename=mwupdate32.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=41911" target=_blank>TOXBOT/CODBOT</a> WORM!
[microsof value]
Filename=nmatt.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
[microsof windows host]
Filename=svhost32.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.co.jp/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.ADY" target=_blank>RBOT.ADY</a> WORM!
[microsof winlog host]
Filename=wilogon32.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.XC" target=_blank>RBOT.XC</a> WORM!
[microsofot x386 system monitor]
Filename=system32.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.M" target="_blank">WOOTBOT.M</a> WORM!
[microsoft associates, inc.]
Filename=iexplorer.exe
Confirmed=X
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.lovgate@mm.html" target="_blank">LOVGATE</a> WORM!
[microsoft (c) html application host]
Filename=[random filename]
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotyb.html" target= blank>RBOT-YB</a> WORM!
[microsoft .net confingurator]
Filename=msnconf.exe
Confirmed=X
Description=Added by an unidentified VIRUS, WORM or TROJAN!
[microsoft 16bit update]
Filename=wuapdate16.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.CZ" target="_blank">RBOT.CZ</a> WORM!
[microsoft 64 bit runtime updater]
Filename=wupdt64.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
[microsoft activex debugger nt]
Filename=[path to trojan]
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancosdo.html" target=_blank>BANCOS-DO</a> TROJAN!
[microsoft adservice]
Filename=[random filename]
Confirmed=X
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
[microsoft agent]
Filename=mdss32.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojkeylogag.html" target=_blank>KEYLOG-AG</a> TROJAN!
[microsoft alg32 protocol]
Filename=alg32.exe
Confirmed=X
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html" target=_blank>SPYBOT</a> WORM!
[microsoft announcement listener]
Filename=Annclist.exe
Confirmed=N
Description=MS WebTV for Windows. Used to display TV on your PC via a compatible video card with in-built tuner (such as ATI All-In-Wonder). If you don't use it - uninstall it
[microsoft ansti update]
Filename=msie.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotle.html" target="_blank">RBOT-LE</a> WORM!
[microsoft antispyware]
Filename=Bazzi.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AHKER.J&VSect=P" target=_blank>AHKER.J</a> WORM!
[microsoft aol instant messenger]
Filename=MSAOL32.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaai.html" target=_blank>RBOT-AAI</a> WORM!
[microsoft aol32 protocol]
Filename=aol32.exe
Confirmed=X
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html" target=_blank>SPYBOT</a> WORM!
[microsoft application manager]
Filename=msapl32.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbropiaae.html" target=_blank>BROPIA-AE</a> TROJAN!
[microsoft authority service]
Filename=lsass.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32kaleld.html" target=_blank>KALEL-D</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/" target="_blank">lsass.exe</a> process, which should not appear in Msconfig/Startup!
[microsoft auto update]
Filename=winupdate.exe
Confirmed=X
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/backdoor.bmbot.html" target="_blank">BMBOT</a> TROJAN!
[microsoft automatic update serivce]
Filename=msautou.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaob.html" target=_blank>RBOT-AOB</a> WORM!
[microsoft automatic updater]
Filename=Explorer.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotsg.html" target="_blank">RBOT-SG</a> WORM! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would only be in startups if you added it manually. This one is located in the System32 subfolder
[microsoft autoupdater]
Filename=svhost.exe
Confirmed=X
Description=Added by the <a href="http://es.trendmicro-europe.com/consumer/security_info/ve_detail.php?Vname=WORM_RBOT.QG" target="_blank">RBOT.QG</a> WORM!
[microsoft bool value]
Filename=MV2.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
[microsoft boot system cfg32]
Filename=actboost.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.bropia.r.html" target=_blank>BROPIA.R</a> WORM!
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
[microsoft client]
Filename=mshost.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotand.html" target=_blank>RBOT-AND</a> WORM!
[microsoft client pc]
Filename=spoolsrv.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaqm.html" target=_blank>RBOT-AQM</a> WORM!
[microsoft command line]
Filename=wincmd.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
[microsoft conf ldr]
Filename=sysconf.exe
Confirmed=X
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.html" target="_blank">SDBOT</a> TROJAN!
[microsoft confgkeys]
Filename=wurmgrd32.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotarx.html" target=_blank>RBOT-ARX</a> WORM!
[microsoft config 32]
Filename=msconfigx32.exe
Confirmed=X
Description=Reported as the MSCONFIGX32 TROJAN! Possible Rbot variant
[microsoft config 32bit]
Filename=mscnfg32.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotz.html" target=_blank>RBOT-Z</a> WORM!
[microsoft config file]
Filename=config.exe
Confirmed=X
Description=Added by the KILLFILES.GR TROJAN! This is malware that will attempt to delete all system dlls!
[microsoft configs 32]
Filename=msgconfigrs.exe
Confirmed=X
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
[microsoft configure 32]
Filename=msgconfigre.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target=_blank>GAOBOT/AGOBOT</a> WORM!
[microsoft connection manager monitor]
Filename=cmmon.pif
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotakv.html" target=_blank>RBOT-AKV</a> WORM!
[microsoft control center]
Filename=crtl.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotvx.html" target= blank>RBOT-VX</a> WORM!
[microsoft core support]
Filename=MSxUP32.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotanr.html" target=_blank>RBOT-ANR</a> WORM!
[microsoft corp updates]
Filename=wupdates.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotauu.html" target=_blank>RBOT-AUU</a> WORM!
[microsoft crs fix serv]
Filename=wincrs.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.BWF&VSect=P" target=_blank>SDBOT.BWF</a> WORM!
[microsoft csrss32 protocol]
Filename=csrss32.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target=_blank>AGOBOT/GAOBOT</a> WORM!
[microsoft csrss386 protocol]
Filename=csrss386.exe
Confirmed=X
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html" target=_blank>SPYBOT</a> WORM!
[microsoft cvrt]
Filename=mscvrt32.exe
Confirmed=X
Description=Added by an unidentified VIRUS, WORM or TROJAN!
[microsoft data helper]
Filename=cihost.exe
Confirmed=X
Description=Malware, possibly a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.linst.html" target="_blank">LINST</a> TROJAN
[microsoft data machine]
Filename=csdata32.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
[microsoft database handler]
Filename=mssql32.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.ax.html" target="_blank">RANDEX.AX</a> WORM!
[microsoft datalog application]
Filename=msdata.exe
Confirmed=X
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
[microsoft dde control]
Filename=wupades.exe
Confirmed=X
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
[microsoft ddes control]
Filename=Erun.pif
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotamu.html" target=_blank>RBOT-AMU</a> WORM!
[microsoft debug service]
Filename=dbgbgr.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target= blank>RBOT</a> WORM!
[microsoft decryption technology]
Filename=Msfenoe.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32spybotdg.html" target=_blank>SPYBOT-DG</a> WORM!
[microsoft desktop manager]
Filename=msdesk32.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
[microsoft dev]
Filename=iexplorer32.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target=_blank>AGOBOT/GAOBOT</a> WORM!
[microsoft development debugger]
Filename=msdev.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
[microsoft device manager]
Filename=msdevmgr32.exe
Confirmed=X
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/backdoor.lateda.b.html" target=_blank>LATEDA.B</a> TROJAN!
[microsoft dll]
Filename=fumeta.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaug.html" target=_blank>RBOT-AUG</a> WORM!
[microsoft dll extensions]
Filename=SystemDll.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotadv.html" target=_blank>RBOT-ADV</a> WORM!
[microsoft dll management]
Filename=windll.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotmt.html" target=_blank>RBOT-MT</a> WORM!
[microsoft dll printer manager]
Filename=dllpt.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.BIH&VSect=P" target=_blank>SDBOT.BIH</a> WORM!
[microsoft dllset32]
Filename=dllset32.exe
Confirmed=X
Description=Added by the <a href="http://uk.trendmicro-europe.com/consumer/security_info/ve_detail.php?Vname=WORM_RBOT.OZ" target=_blank>RBOT.OZ</a> WORM!
[microsoft dns query]
Filename=msdns.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.GEN" target=_blank>WOOTBOT</a> WORM!
[microsoft document]
Filename=krisp.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotrq.html" target=_blank>SDBOT-RQ</a> WORM!
[microsoft driver]
Filename=faet.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
[microsoft driver manager]
Filename=mswindrv.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotez.html" target=_blank>FORBOT-EZ</a> WORM!
[microsoft driver update]
Filename=Mshome.exe
Confirmed=X
Description=Added by the SDBOT.BL WORM!
[microsoft drivers]
Filename=WSconf.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.GEN" target=_blank>SDBOT</a> WORM!
[microsoft ergopack]
Filename=wserb32.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotri.html" target=_blank>RBOT-RI</a> WORM!
[microsoft ev32 service]
Filename=MSev32.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
[microsoft excel]
Filename=msexcel.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbottq.html" target=_blank>RBOT-TQ</a> WORM!
[microsoft excell]
Filename=wuamngr32.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotqh.html" target=_blank>RBOT-QH</a> WORM!
[microsoft executing]
Filename=microsoft.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.UV" target=_blank>AGOBOT.UV</a> WORM!
[microsoft explorexp protocol]
Filename=explorexp.exe
Confirmed=X
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html" target=_blank>SPYBOT</a> WORM!
[microsoft file demand manager]
Filename=wmgrdf.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
[microsoft find fast]
Filename=Findfast.exe
Confirmed=X
Description=Complete utter waste of space! Part of MS Office - searches disk drives for Office file types and creates an index to make opening them easier
[microsoft firewall]
Filename=firewallsp2.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotmc.html" target="_blank">RBOT-MC</a> WORM!
[microsoft firewall client]
Filename=ISATRAY.EXE
Confirmed=Y
Description=MS Internet Security and Acceleration Server - see <a href="http://www.microsoft.com/isaserver/default.mspx" target=_blank>here</a>
[microsoft games]
Filename=gamemanager.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.AHQ&VSect=P" target=_blank>SPYBOT.AHQ</a> WORM!
[microsoft generic update manager]
Filename=wupdate.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotawc.html" target=_blank>RBOT-AWC</a> TROJAN!
[microsoft gina v encryption]
Filename=MSGINAV.EXE
Confirmed=X
Description=Added by an unidentified VIRUS, WORM or TROJAN!
[microsoft greetings reminders]
Filename=MHPRMIND.EXE
Confirmed=N
Description=Microsoft Home Publishing greetings reminder
[microsoft greetings workshop reminder]
Filename=Gwremind.exe
Confirmed=N
Description=You really want to be reminded about somebody's birthday at the expense of resources?
[microsoft greetings reminder]
Filename=MHPRMINF.EXE
Confirmed=N
Description=You really want to be reminded about somebody's birthday at the expense of resources?
[microsoft help support]
Filename=mshelp32.exe
Confirmed=X
Description=Addded by the <a href="http://www.sophos.com/virusinfo/analyses/w32kelvirbf.html" target=_blank>KELVIR-BF</a> WORM!
[microsoft help svc]
Filename=msnmngr.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotpq.html" target="_blank">SDBOT-PQ</a> WORM!
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
[microsoft hosting service]
Filename=WINHOSTING.EXE
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.AEV&VSect=P" target=_blank>RBOT.AEV</a> WORM!
[microsoft hosts service]
Filename=Isass.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
[microsoft hotmail monitor]
Filename=mshotmon.exe
Confirmed=U
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MYTOB.LY&VSect=P" target=_blank>MYTOB.LY</a> WORM!
[microsoft hyptertext helper]
Filename=mshtha.exe
Confirmed=X
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html" target=_blank>SPYBOT</a> WORM!
[microsoft idcn]
Filename=mshe1p.exe
Confirmed=X
Description=Added by an unidentified TROJAN!
[microsoft ie]
Filename=Iexplore.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotag.html" target=_blank>FORBOT-AG</a> WORM! Note - this is not the legitimate Internet Explorer <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/iexplore/" target=_blank>iexplore.exe</a> process which is always located in the Program Files\Internet Explorer folder and should not normally figure in Msconfig/Startup! This file is located in the System (9x/Me) or System32 (NT/2K/XP) folder
[microsoft ie execute shell]
Filename=IEExec.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.aladinz.n.html" target="_blank">ALADINZ.N</a> TROJAN!
[microsoft ie sasser]
Filename=ISASS.EXE
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.MX&VSect=P" target=_blank>SDBOT.MX</a> WORM!
[microsoft inc.]
Filename=iexplorer.exe
Confirmed=X
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.lovgate@mm.html" target="_blank">LOVGATE</a> WORM!
[microsoft incroporate]
Filename=mfs.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotanf.html" target=_blank>RBOT-ANF</a> WORM!
[microsoft inet xp..]
Filename=teekids.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.c.worm.html" target="_blank">BLASTER.C</a> WORM!
[microsoft instant messenger]
Filename=msngmsngr32.exe
Confirmed=X
Description=Added by the <a href="http://www.viruslist.com/en/viruses/encyclopedia?virusid=24975" target=_blank>SPYBOTER.GEN</a> TROJAN!
[microsoft int service]
Filename=MsIntSrv.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
[microsoft intellitype pro]
Filename=speedkey.exe
Confirmed=U
Description=Additional keyboard shortcuts on MS programmable keyboard
[microsoft internal antivirus systems]
Filename=dIlhost.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaev.html" target=_blank>RBOT-AEV</a> WORM!
[microsoft internet exp]
Filename=iiexplorer.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotkx.html" target="_blank">RBOT-KX</a> WORM!
[microsoft internet firewall manager]
Filename=GMT16.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.at.html" target="_blank">RANDEX.AT</a> WORM!
[microsoft internet services]
Filename=Smss32.exe
Confirmed=X
Description=Added by the <a href="http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_RBOT.MS" target="_blank">RBOT.MS</a> WORM!
[microsoft java windows update]
Filename=[filename]
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotdz.html" target=_blank>RBOT-DZ</a> WORM!
[microsoft javavm]
Filename=msjarun.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotjw.html" target="_blank">RBOT-JW</a> WORM!
[microsoft kernel]
Filename=Windows_kernel32.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.ae@mm.html" target=_blank>NETSKY.AE</a> WORM!
[microsoft lan32 protocol]
Filename=lanXp.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotss.html" target= blank>RBOT-SS</a> WORM!
[microsoft lmhosting service]
Filename=lmhosts.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotrc.html" target=_blank>RBOT-RC</a> WORM!
[microsoft locals 332]
Filename=[random filename]
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotku.html" target="_blank">RBOT-KU</a> WORM!
[microsoft login]
Filename=winlogin.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotajp.html" target=_blank>RBOT-AJP</a> WORM!
[microsoft lsa layer]
Filename=MSLSA32.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotakz.html" target=_blank>RBOT-AKZ</a> WORM!
[microsoft lsass386 protocol]
Filename=scvhost32.exe
Confirmed=X
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html" target=_blank>SPYBOT</a> WORM!
[microsoft lv]
Filename=[path to file]
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbdoorbdl.html" target= blank>BDL</a> TROJAN!
[microsoft machine]
Filename=winjava.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target=_blank>AGOBOT/GAOBOT</a> WORM!
[microsoft macro protection subssy]
Filename=msacroprots386.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotpn.html" target="_blank">RBOT-KE</a> WORM!
[microsoft management]
Filename=lmas.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotcz.html" target=_blank>FORBOT-CZ</a> WORM!
[microsoft manager]
Filename=msmanager.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MYTOB.LF&VSect=P" target=_blank>MYTOB.LF</a> WORM!
[microsoft map pc]
Filename=mappc.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
[microsoft mapped pc]
Filename=mappedpc.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
[microsoft media]
Filename=winmplayers.exe
Confirmed=X
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html" target=_blank>SPYBOT</a> WORM!
[microsoft media player 9]
Filename=msmedia32.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotado.html" target=_blank>RBOT-ADO</a> WORM!
[microsoft mediascope]
Filename=winmes.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotxu.html" target=_blank>RBOT-XU</a> WORM!
[microsoft message machine]
Filename=msmesg32.exe
Confirmed=X
Description=Added by the <a href="http://se.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_SPYBOT.BI" target=_blank>SPYBOT.BI</a> WORM!
[microsoft messenger management controls]
Filename=msmgmctl.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotapa.html" target=_blank>RBOT-APA</a> WORM!
[microsoft messenger service]
Filename=msmsg32.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BOK&VSect=P" target=_blank>RBOT.BOK</a> WORM!
[microsoft messenger xp]
Filename=MSMSN32.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotzp.html" target=_blank>RBOT-ZP</a> WORM!
[microsoft microp protocol]
Filename=wdgmr32.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
[microsoft movie maker]
Filename=Mmaker.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.ircbot.c.html" target="_blank">IRCBOT.C</a> TROJAN! Note that this is not a valid Microsoft program
[microsoft msgplus32 protocol]
Filename=msgplus32.exe
Confirmed=X
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html" target=_blank>SPYBOT</a> WORM!
[microsoft msngr32 protocol]
Filename=msngr32.exe
Confirmed=X
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html" target=_blank>SPYBOT</a> WORM!
[microsoft msnseru]
Filename=msnseru.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotapb.html" target=_blank>RBOT-APB</a> WORM!
[microsoft msnst]
Filename=msnst32.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
[microsoft msupdate]
Filename=SpoolSvc.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsxtba.html" target="_blank">SXTB-A</a> TROJAN!
[microsoft neser experience]
Filename=nese.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotyh.html" target=_blank>RBOT-YH</a> WORM!
[microsoft netmeeting associates, inc.]
Filename=NetMeeting.exe
Confirmed=X
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.lovgate@mm.html" target="_blank">LOVGATE</a> WORM!
[microsoft netview component v5.1]
Filename=msnv32.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.f.html" target="_blank">RANDEX.F</a> WORM!
[microsoft network daemon for win32]
Filename=Netd32.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.r.html" target="_blank">SDBOT.R</a> TROJAN!
[microsoft network host]
Filename=svc0host.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotaen.html" target=_blank>SDBOT-AEN</a> WORM!
[microsoft network services controller]
Filename=mmsvc32.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32nanpya.html" target=_blank>NANPY-A</a> WORM!
[microsoft networking agent for sp2]
Filename=msnac32.exe
Confirmed=X
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/w32.spybot.pen.html" target=_blank>SPYBOT.PEN</a> WORM!
[microsoft notepad]
Filename=notepad.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
[microsoft nt update]
Filename=winexec32.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
[microsoft office fast cache]
Filename=Fastboot.exe
Confirmed=N
Description=Part of MS Office 95 (v7.0). According to <a href="http://support.microsoft.com/default.aspx?scid=kb;en-us;Q132755" target=_blank>this</a> it improves the performance. Most likely a predecessor of MS Find Fast and can be disabled
[microsoft office onenote 2003 quick launch]
Filename=ONENOTEM.EXE
Confirmed=U
Description=ONENOTEM.EXE is a part of the note taking program that ships with Microsoft Office 2003. It's required for the side note windows to work
[microsoft office shortcut bar]
Filename=Msoffice.exe
Confirmed=N
Description=Alternative shortcuts to the Start -> Programs way of running applications installed as part of MS Office. Some people prefer it but a better way is to create Desktop Shortcuts if you want access these programs quickly
[microsoft office start]
Filename=winupdates.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.bc.html" target="_blank">GAOBOT.BC</a> WORM!
[microsoft office studio]
Filename=scvhvst.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.cst.html" target=_blank>RANDEX.CST</a> WORM!
[microsoft officexp]
Filename=officeXP.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_KILLAV.MA&VSect=P" target=_blank>KILLAV.MA</a> WORM!
[microsoft opeions]
Filename=IEXwe.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
[microsoft pc health remote assistance file open & save controls]
Filename=sfrcdlg32.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotavy.html" target=_blank>RBOT-AVY</a> WORM!
[microsoft pci manager]
Filename=mspci.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www.malwareblog.com/?p=143" target=_blank>SDBOT</a> WORM!
[microsoft personal firewalls]
Filename=bakw.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotks.html" target="_blank">RBOT-KS</a> WORM!
[microsoft proc driver32]
Filename=msprc.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.GEN" target=_blank>WOOTBOT</a> WORM!
[microsoft procedure call]
Filename=MSPCALL.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
[microsoft pstcp32 data]
Filename=pstcp32.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
[microsoft qmgr]
Filename=msnqmgr.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojircbots.html" target=_blank>IRCBOT-S</a> TROJAN!
[microsoft rdll]
Filename=sysconf32.exe
Confirmed=X
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.html" target="_blank">SDBOT</a> TROJAN!
[microsoft registry]
Filename=csrse.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotpc.html" target=_blank>RBOT-PC</a> WORM!
[microsoft remote secure service]
Filename=MSRSS.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
[microsoft restore]
Filename=scrgrd.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.BR" target=_blank>SPYBOT.BR</a> WORM!
[microsoft rundll]
Filename=windos.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotwf.html" target= blank>SDBOT-WF</a> WORM!
[microsoft runtime]
Filename=CfgDll32.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.bd.html" target="_blank">RANDEX.BD</a> WORM!
[microsoft scanreg]
Filename=microsoftscanreg.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_FRANRIV.A" target="_blank">FRANRIV.A</a> WORM!
[microsoft scvhost32 protocol]
Filename=scvhost32.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
[microsoft sddce contol]
Filename=taskmnegr.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaum.html" target=_blank>RBOT-AUM</a> WORM!
[microsoft sdk temp]
Filename=sdktemp.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotanp.html" target=_blank>RBOT-ANP</a> WORM!
[microsoft sdkp3]
Filename=mswinsdq.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotary.html" target=_blank>RBOT-ARY</a> WORM!
[microsoft secure messenger.net service]
Filename=securitychk.exe
Confirmed=X
Description=Added by the <a href="http://uk.trendmicro-europe.com/consumer/security_info/ve_detail.php?Vname=WORM_SDBOT.VT" target="_blank">SDBOT.VT</a> WORM!
[microsoft security]
Filename=winService.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
[microsoft security center]
Filename=savservices.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotanu.html" target=_blank>RBOT-ANU</a> WORM!
[microsoft security controlers]
Filename=fxsecues.exe
Confirmed=X
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
[microsoft security gmanagers]
Filename=[random filename]
Confirmed=X
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.TU&VSect=P" target=_blank>RBOT.TU</a> WORM! Note - this is not the Winamp media player executable (WinAmpa.exe)
[microsoft security panager]
Filename=[filename]
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotanl.html" target=_blank>RBOT-ANL</a> WORM!
[microsoft server application]
Filename=Sound.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotne.html" target=_blank>RBOT-NE</a> WORM!
[microsoft server base]
Filename=lass.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
[microsoft service controller]
Filename=services.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32kaleld.html" target=_blank>KALEL-D</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process, which should not appear in Msconfig/Startup!
[microsoft service host process]
Filename=svchost.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_KRYNOS.B&VSect=P" target=_blank>KRYNOS.B</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "Help" subfolder of the Winnt or Windows folder
[microsoft service pack]
Filename=WindowsSP.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotrf.html" target=_blank>RBOT-RF</a> WORM!
[microsoft service pack2.1]
Filename=svchost2.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
[microsoft services unitd]
Filename=MSU32.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
[microsoft servicez manager]
Filename=servicemgrz.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotasn.html" target=_blank>RBOT-ASN</a> WORM!
[microsoft session manager subsystem]
Filename=smss.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32kaleld.html" target=_blank>KALEL-D</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/smss/" target="_blank">smss.exe</a> process which should NOT appear in Msconfig/Startup!
[microsoft sidewinder game controller software]
Filename=SWTRAY.EXE
Confirmed=N
Description=MS SideWinder game controller system tray icon. Available via Start -> Programs
[microsoft sinsup]
Filename=odjiwjf.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotdn.html" target= blank>RBOT-DN</a> WORM!
[microsoft software update]
Filename=nmon.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.HZ" target="_blank">RBOT.HZ</a> WORM!
[microsoft sound driver]
Filename=sound32.exe
Confirmed=X
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html" target="_blank">SPYBOT</a> WORM!
[microsoft sound technology]
Filename=winsound.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotagg.html" target=_blank>RBOT-AGG</a> WORM!
[microsoft sound volume tool]
Filename=mssvol.exe
Confirmed=N
Description=This is a Blue version of the yellow speaker icon on the system tray and is used to edit advanced Sound Features that the MS DSS80 Speakers add. Should be accessible via Start -> Settings -> Control Panel
[microsoft sourcesafe]
Filename=csrss.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.webus.html" target="_blank">WEBUS</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target="_blank">csrss.exe</a> process, which should not appear in Msconfig/Startup!
[microsoft special offer]
Filename=infoebay.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target= blank>RBOT</a> WORM!
[microsoft spool server for win32]
Filename=spoolsrv.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.h.html" target="_blank">RANDEX.H</a> WORM!
[microsoft ssisvri32 protocol]
Filename=ssisvri.exe
Confirmed=X
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html" target=_blank>SPYBOT</a> WORM!
[microsoft standard executions library]
Filename=win32lib.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotauk.html" target=_blank>RBOT-AUK</a> WORM!
[microsoft sum32]
Filename=sum32.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotyw.html" target= blank>RBOT-YW</a> WORM!
[microsoft support]
Filename=sys32ms.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotahi.html" target=_blank>RBOT-AHI</a> WORM!
[microsoft system]
Filename=msupdtm.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.pkc.html" target=_blank>SPYBOT.PKC</a> WORM!
[microsoft system backup]
Filename=[random filename]
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotagm.html" target=_blank>RBOT-AGM</a> WORM!
[microsoft system debug]
Filename=services32.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.AKH&VSect=P" target=_blank>RBOT.AKH</a> WORM!
[microsoft system dll services configuration]
Filename=windir32.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotacy.html" target=_blank>SDBOT-ACY</a> TROJAN!
[microsoft system nt]
Filename=svhost.exe
Confirmed=X
Description=Added by the <a href="http://www.enciclopediavirus.com/virus/vervirus.php?id=1446&alerta=1" target=_blank>SDBOT.COU</a> WORM!
[microsoft system restore configuration]
Filename=CBRSS.EXE
Confirmed=X
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html" target="_blank">SPYBOT</a> WORM!
[microsoft system update]
Filename=sysupdate.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.DG&VSect=P" target=_blank>SDBOT.DG</a> WORM!
[microsoft system32 update]
Filename=cmsrg.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgn.html" target=_blank>RBOT-GN</a> WORM!
[microsoft taskmanager updater]
Filename=keyboard.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotalu.html" target=_blank>RBOT-ALU</a> WORM!
[microsoft telecom center]
Filename=tellecom.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
[microsoft telecoma center]
Filename=tellcoma.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotawx.html" target=_blank>RBOT-AWX</a> WORM!
[microsoft time manager]
Filename=dveldr.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbothq.html" target="_blank">RBOT-HQ</a> WORM!
[microsoft toolbar]
Filename=key.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaew.html" target=_blank>RBOT-AEW</a> WORM!
[microsoft transfer file server]
Filename=mtfs.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro-middleeast.com/enterprise/security_info/ve_detail.php?VName=WORM_RBOT.AFE&VSect=T" target=_blank>RBOT.AFE</a> WORM!
[microsoft tray]
Filename=[random filename]
Confirmed=X
Description=Added by the <a href="http://www.vsantivirus.com/back-delf-bz.htm" target="_blank">DELF.BZ</a> TROJAN!
[microsoft u]
Filename=wuamkopxp.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotahc.html" target=_blank>RBOT-AHC</a> WORM!
[microsoft uma update]
Filename=MSuma32.exe
Confirmed=X
Description=Added by the <a href="http://es.trendmicro-europe.com/enterprise/security_info/ve_detail.php?id=60738&VName=WORM_RBOT.FS&VSect=T" target=_blank>RBOT.FS</a> WORM!
[microsoft unpaccker system]
Filename=unpak32.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
[microsoft unpack system]
Filename=winrarx.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
[microsoft update 23]
Filename=NtKernelSystem.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
[microsoft update 33]
Filename=init.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotatt.html" target=_blank>RBOT-ATT</a> WORM!
[microsoft update configuration]
Filename=WIN32SNC.EXE
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotai.html" target=_blank>RBOT-AI</a> WORM!
[microsoft update control]
Filename=Ms64.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
[microsoft update debugger]
Filename=wincfg32.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.ZC&VSect=T" target=_blank>SPYBOT.ZC</a> WORM!
[microsoft update dll]
Filename=rxxhost.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
[microsoft update emulator]
Filename=kern-mxe.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
[microsoft update loader]
Filename=[random filename]
Confirmed=X
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
[microsoft update loaders 2006]
Filename=winusersystem32.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target=_blank>AGOBOT/GAOBOT</a> WORM!
[microsoft update mechene]
Filename=Updatez.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com.au/virusinfo/analyses/w32rbotgi.html" target=_blank>RBOT-GI</a> WORM!
[microsoft update module]
Filename=rundll24.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotps.html" target=_blank>RBOT-PS</a> WORM!
[microsoft update process]
Filename=wmipcvse.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagobotjf.html" target=_blank>AGOBOT-JF</a> TROJAN!
[microsoft update security patch]
Filename=mssecurityupdatepatch.exe
Confirmed=X
Description=Added by the AGENT.EF TROJAN!
[microsoft update server]
Filename=mssrv.exe
Confirmed=X
Description=Added by an unidentified VIRUS, WORM or TROJAN!
[microsoft update time]
Filename=wuam.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotm.html" target="_blank">RBOT-M</a> WORM!
[microsoft update usb2]
Filename=wuammgrd32.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotadt.html" target=_blank>RBOT-ADT</a> WORM!
[microsoft update v2.6]
Filename=lxxex.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
[microsoft update win32a]
Filename=winupdate32a.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotlo.html" target="_blank">RBOT-LO</a> WORM!
[microsoft update win32x]
Filename=winupdate32x.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotajn.html" target=_blank>RBOT-AJN</a> WORM!
[microsoft updater]
Filename=Winsys32.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
[microsoft updater resources]
Filename=WinFixd32.exe
Confirmed=X
Description=Added by the <a href="http://ae.trendmicro-europe.com/smb/security_info/ve_detail.php?Vname=WORM_SPYBOT.CA" target=_blank>SPYBOT.CA</a> WORM!
[microsoft updater32]
Filename=lsass.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.ar.html" target="_blank">RANDEX.AR</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/" target="_blank">Lsass.exe</a> system file should normally NOT figure in Msconfig/Startup!
[microsoft updaters pros]
Filename=WINDLL32XP.EXE
Confirmed=X
Description=Added by the SPYBOTTER.GEN VIRUS!
[microsoft updates 2 usb]
Filename=wgafixer.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
[microsoft updates 5 usb]
Filename=sp3fixer.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotads.html" target=_blank>RBOT-ADS</a> WORM!
[microsoft updates resources]
Filename=WinFixIDs.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
[microsoft updating client]
Filename=websvc.exe
Confirmed=X
Description=Added by the <a href="http://it.trendmicro-europe.com/enterprise/security_info/ve_detail.php?id=59772&VName=WORM_RBOT.AQ&VSect=T" target=_blank>RBOT.AQ</a> WORM!
[microsoft updating machine]
Filename=sysc0de.exe
Confirmed=X
Description=Added by the <a href="http://it.trendmicro-europe.com/consumer/security_info/ve_detail.php?Vname=WORM_RBOT.RB" target=_blank>RBOT.RB</a> WORM!
[microsoft updatting]
Filename=miroupdate.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
[microsoft updote]
Filename=[random filename]
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotarc.html" target=_blank>RBOT-ARC</a> WORM!
[microsoft upmachine]
Filename=doezs.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BCT&VSect=P" target=_blank>RBOT.BCT</a> WORM!
[microsoft upnp update]
Filename=msie.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotlq.html" target="_blank">RBOT-LQ</a> WORM!
[microsoft uptodate driver (32-bits)]
Filename=[random filename].exe
Confirmed=X
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/w32.spybot.lxj.html" target=_blank>SPYBOT.LXJ</a> WORM!
[microsoft usb2 driver]
Filename=crmss.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotvk.html" target= blank>RBOT-VK</a> WORM!
[microsoft utility startup]
Filename=OSA9.exe
Confirmed=N
Description=Application which launches common MS Office components to help speed up the launch of Office programs. It's somewhat of a resource hog, and some users claim there's no difference with or without it but it usually isn't required. Note - if you make use of the Microsoft Office Shortcut Bar outside an office program this application will need to be enabled for it to show
[microsoft vertupdate]
Filename=MSvert32.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobcy.html" target=_blank>MYTOB-CY</a> WORM!
[microsoft video capture controls]
Filename=MSsrvs32.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotaak.html" target=_blank>SDBOT-AAK</a> WORM!
[microsoft video controls]
Filename=tskmsgr.exe
Confirmed=X
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html" target="_blank">SPYBOT</a> WORM!
[microsoft virual machine]
Filename=sms.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotsp.html" target=_blank>RBOT-SP</a> WORM!
[microsoft visual studio]
Filename=plscdksxg.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotawv.html" target=_blank>RBOT-AWV</a> WORM!
[microsoft visual studio vsa]
Filename=varpc32.exe
Confirmed=X
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html" target="_blank">SPYBOT</a> WORM!
[microsoft web device]
Filename=wdevice.exe
Confirmed=X
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
[microsoft webserver]
Filename=svctrl.exe
Confirmed=U
Description=Personal web server program which enables you to create and host a web server from your computer. Not required for most people
[microsoft wind0ws updater]
Filename=winsupdater.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
[microsoft windows 128bit subsystem]
Filename=system12.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojranckcz.html" target=_blank>RANCK-CZ</a> TROJAN!
[microsoft windows 16bit]
Filename=mswinn16.exe
Confirmed=X
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html" target=_blank>SPYBOT</a> WORM!
[microsoft windows 2000]
Filename=Winupdsdgm.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.ao.html" target="_blank">GAOBOT.AO</a> WORM!
[microsoft windows 32bit]
Filename=mswinn32.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
[microsoft windows 64 bit]
Filename=mswin32.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
[microsoft windows control]
Filename=mswctl32.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.JP" target=_blank>RBOT.JP</a> WORM!
[microsoft windows csrss]
Filename=csrss.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32kalela.html" target=_blank>KALEL-A</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target="_blank">csrss.exe</a> process, which should not appear in Msconfig/Startup!
[microsoft windows dhcp]
Filename=___r.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.maslan.a@mm.html" target=_blank>MASLAN.A</a> or <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.maslan.c@mm.html" target=_blank>MASLAN.C</a> WORMS!
[microsoft windows dll 32-bit]
Filename=msncheck32.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotxx.html" target= blank>SDBOT-XX</a> WORM!
[microsoft windows dll services]
Filename=mwindll.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotvx.html" target= blank>SDBOT-VX</a> WORM!
[microsoft windows dllhandler]
Filename=bitpaint.exe
Confirmed=X
Description=Added by the <a href="http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?id=82113&VName=WORM_SDBOT.AHG&VSect=T" target=_blank>SDBOT.AHG</a> WORM!
[microsoft windows dvr]
Filename=windvr.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaxd.html" target=_blank>RBOT-AXD</a> WORM!
[microsoft windows explorer]
Filename=iexplorer.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target= blank>RBOT</a> WORM!
[microsoft windows files loader]
Filename=cgy32win.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaxr.html" target=_blank>RBOT-AXR</a> WORM!
[microsoft windows game updater]
Filename=msgame32.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
[microsoft windows kernel services]
Filename=winkrnl386.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.zebroxy.html" target="_blank">ZEBROXY</a> TROJAN!
[microsoft windows loader]
Filename=wloader.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target=_blank>AGOBOT/GAOBOT</a> WORM!
[microsoft windows logon process]
Filename=winlogon.exe
Confirmed=X
Description=Added by the <a href="http://sophos.com/virusinfo/analyses/trojproxyserr.html" target=_blank>PROXYSER-R</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/winlogon/" target=_blank>winlogon.exe</a> process, which should not appear in Msconfig/Startup and is always located in the System32 folder. This worm file is placed in the Winnt or Windows folder
[microsoft windows secure server]
Filename=rpcxWindows.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotll.html" target="_blank">RBOT-LL</a> WORM!
[microsoft windows secure update]
Filename=rpcxwinupdt.exe
Confirmed=X
Description=Added by an unidentified WORM or TROJAN!
[microsoft windows securety]
Filename=wurguar.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotky.html" target=_blank>RBOT-KY</a> WORM!
[microsoft windows service]
Filename=winsys.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotadp.html" target=_blank>RBOT-ADP</a> WORM!
[microsoft windows service pack]
Filename=winspkn.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotayd.html" target=_blank>RBOT-AYD</a> WORM!
[microsoft windows session manager subsystem]
Filename=smss.exe
Confirmed=X
Description=Added by the <a href="http://sophos.com/virusinfo/analyses/trojproxyserr.html" target=_blank>PROXYSER-R</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/smss/" target=_blank>smss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
[microsoft windows storage machine service]
Filename=winms.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotahk.html" target=_blank>RBOT-AHK</a> WORM!
[microsoft windows system service manager]
Filename=winsvc.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.LR&VSect=P" target=_blank>SPYBOT.LR</a> WORM!
[microsoft windows task manger]
Filename=Mstosk.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotww.html" target="_blank">SDBOT-WW</a> WORM!
[microsoft windows updata]
Filename=scvhost.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
[microsoft windows update application]
Filename=wuap.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
[microsoft windows update logon]
Filename=win-logon.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
[microsoft windows update service]
Filename=wupdmgr32.exe
Confirmed=X
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/dos.autocat.html" target="_blank">DOS.AUTOCAT</a> TROJAN!
[microsoft windows updaterd]
Filename=log32zx.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.mydoom.w@mm.html" target="_blank">MYDOOM.W</a> WORM!
[microsoft windows updates]
Filename=explorer32.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.VQ&VSect=T" target=_blank>SDBOT.VQ</a> WORM!
[microsoft windows w32 services]
Filename=mssw32.exe
Confirmed=X
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html" target=_blank>SPYBOT</a> WORM!
[microsoft windows winsass management]
Filename=winsass.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotapw.html" target=_blank>RBOT-APW</a> WORM!
[microsoft windows workstation]
Filename=devcode.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotawl.html" target=_blank>RBOT-AWL</a> WORM!
[microsoft windows xp configuration loader]
Filename=m32svco.exe
Confirmed=X
Description=Added by the <a href="http://us.mcafee.com/virusInfo/default.asp?id=description&virus k=132310" target= blank>SDBOT.WORM.48548</a>
[microsoft wings32 protocol]
Filename=WinSGR32.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotapu.html" target=_blank>RBOT-APU</a> WORM!
[microsoft winrar]
Filename=winrar.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaec.html" target=_blank>RBOT-AEC</a> WORM!
[microsoft winsock]
Filename=mswinsck.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotank.html" target=_blank>RBOT-ANK</a> WORM!
[microsoft winsock service]
Filename=msusvc.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotans.html" target=_blank>RBOT-ANS</a> WORM!
[microsoft winsock wrapper]
Filename=ws2_32s.exe
Confirmed=X
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html" target=_blank>SPYBOT</a> WORM!
[microsoft winupdates]
Filename=serm32.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.GE&VSect=T" target="_blank">RBOT.GE</a> WORM!
[microsoft wm]
Filename=mswm32.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbckdram.html" target=_blank>BCKDR-AM</a> TROJAN!
[microsoft word]
Filename=BootSector.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target=_blank>AGOBOT/GAOBOT</a> WORM!
[microsoft works calendar reminders]
Filename=wkcalrem.exe
Confirmed=N
Description=Produces a pop-up reminder of events scheduled using the MS Works Calendar
[microsoft works portfolio]
Filename=WksSb.exe
Confirmed=N
Description=The Works Portfolio tool lets you collect and organize text and pictures from the Web or your favorite program.Can be prevented from starting from a setting within Portfolio
[microsoft works update detection]
Filename=wkdetect.exe
Confirmed=N
Description=Checks for updates to MS Works
[microsoft world service]
Filename=winworld.exe
Confirmed=X
Description=Added by an unidentified IRC worm with backdoor capability!
[microsoft wxdate]
Filename=Syswu32.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.HZ&VSect=T" target=_blank>SPYBOT.HZ</a> WORM!
[microsoft x update]
Filename=wuamkoppnp.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotani.html" target=_blank>RBOT-ANI</a> WORM!
[microsoft xdaemon 2.0]
Filename=xdaemon.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.delf.d.html" target="_blank">DELF.D</a> TROJAN!
[microsoft xml service]
Filename=msxmlx.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.KS" target="_blank">RBOT.KS</a> WORM!
[microsoft xp systems loader]
Filename=winsystem32xp.exe
Confirmed=X
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/w32.kelvir.w.html" target=_blank>KELVIR.W</a> WORM!
[microsoft xp systems loaders]
Filename=win32xpsys.exe
Confirmed=X
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/w32.spybot.nyt.html" target=_blank>SPYBOT.NYT</a> WORM!
[microsoft xpsp protocol]
Filename=xp386.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
[microsoft's system module]
Filename=Sysmodule.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbdoorfj.html" target= blank>FJ</a> TROJAN!
[microsoft--updates]
Filename=sxvhost.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotfh.html" target="_blank">RBOT-FH</a> WORM!
[microsoft-software]
Filename=****.exe [* = random char]
Confirmed=X
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
[microsoft-update]
Filename=wngard.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotjv.html" target="_blank">RBOT-JV</a> WORM!
[microsoft-updates]
Filename=svxhost.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotct.html" target="_blank">RBOT-CT</a> WORM!
[microsoft420]
Filename=microsoft420.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MENACE.B" target="_blank">MENACE.B</a> WORM!
[microsoft64]
Filename=antiv.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.sober@mm.html" target=_blank>SOBER</a> WORM!
[microsoftf ddes contdll]
Filename=rune.pif
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotagf.html" target=_blank>RBOT-AGF</a> WORM!
[microsoftf ddes contrdl]
Filename=runm.pif
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotafq.html" target=_blank>RBOT-AFQ</a> WORM!
[microsoftkeysds]
Filename=lass32.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
[microsoftks]
Filename=Drivers.bat
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojshutdownf.html" target=_blank>SHUTDOWN-F</a> TROJAN!
[microsoftm eegs cuntrol]
Filename=loor.pif
Confirmed=X
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
[microsoftmsn32.exe]
Filename=microsoftmsn32.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojcertifc.html" target=_blank>CERTIF-C</a> TROJAN!
[microsoftmultimediatask]
Filename=Mmtask.exe
Confirmed=X
Description=Adware downloader - not the valid MusicMatch Jukebox which shares the same filename
[microsoftnetwork daemon for win32]
Filename=NETD32.EXE
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.f.html" target="_blank">RANDEX.F</a> WORM!
[microsoftoem]
Filename=smvss.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdedlerg.html" target=_blank>DEDLER-G</a> TROJAN!
[microsofts security manager]
Filename=****.exe [**** = random char]
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotwh.html" target=_blank>RBOT-WH</a> TROJAN!
[microsofts service]
Filename=lcsrv16.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
[microsofts updates]
Filename=lsasss.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaex.html" target=_blank>RBOT-AEX</a> WORM!
[microsoftsourcesafe]
Filename=lsass.exe
Confirmed=X
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/trojan.webus.b.html" target=_blank>WEBUS.B</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/" target=_blank>lsass.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the System folder
[microsoftsys]
Filename=SPOOLSYS.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.tarno.n.html" target=_blank>TARNO.N</a> TROJAN!
[microsoftupdates]
Filename=[path to trojan]
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdelflo.html" target=_blank>DELF-LO</a> TROJAN!
[microsoftvalue]
Filename=syscnfg.exe
Confirmed=X
Description=Added by an unidentified VIRUS, WORM or TROJAN! "syscnfg.exe" is found in C:\windows\fonts (or C:\winnt\fonts) directory where no *.exe files should reside
[microsoftvirus]
Filename=sysoverload.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotal.html" target="_blank">FORBOT-AL</a> WORM!
[microsoftwindows]
Filename=[various filenames]
Confirmed=X
Description=MagicSearch - a <a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant
[microsoft?pid lex]
Filename=PIDLex.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.niovadoor.html" target="_blank">NIOVADOOR</a> TROJAN!
[microsoft?activex debugger nt]
Filename=setdebugnt.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancoscz.html" target=_blank>BANCOS-CZ</a> TROJAN!
[microsoft?system mapper]
Filename=SysMap.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.mapsy.html" target="_blank">MAPSY</a> TROJAN!
[microszoft update mach1nezs]
Filename=svchst.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rboted.html" target=_blank>RBOT-ED</a> WORM!
[microzoft_ofiz]
Filename=KdzEregli.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.amus.a@mm.html" target="_blank">AMUS.A</a> WORM!
[micrsoft cfg 32]
Filename=lrbzus32.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM AGOBOT.GEN" target= blank>AGOBOT/GAOBOT</a> WORM!
[micrsoft internet explorer]
Filename=IEXPL0RE.EXE
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaqv.html" target=_blank>RBOT-AQV</a> WORM! Note the number "0" in the filename
[micsorosft security center]
Filename=wcnsfty.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotahu.html" target=_blank>RBOT-AHU</a> WORM!
[mightyfax controller]
Filename=MFNTCTL.EXE
Confirmed=N
Description=<a href="http://www.rkssoftware.com/mightyfax/overview.html" target="_blank">Mighty FAX</a> from RKS Software - "installs a printer driver so that you can fax directly from Windows software"
Description=Starts <a href="http://www.musicmatch.com/" target=_blank>Musicmatch Jukebox</a> at bootup - can be started manually
[mincer]
Filename=Mincer.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/wm97mincemea.html" target=_blank>MINCEME-A</a> WORM!
[minibug]
Filename=MINIBUG.EXE
Confirmed=X
Description=Displays ads inside Weatherbug - see <a href="http://spybot.safer-networking.de/index.php?lang=en&page=knowledgebase/threats/spybots-minibug" target="_blank">here</a>
[minifert.exe]
Filename=MINIFERT.EXE
Confirmed=N
Description=Part of Backweb
[minilog]
Filename=MINILOG.EXE
Confirmed=U
Description=If you don't have ZoneAlarm or ZoneAlarm Pro running you don't need this. This must be enabled if programs such as VisualZone Report utility or ZoneLog Analyzer are in use
[minimavis]
Filename=MiniMavis.exe
Confirmed=N
Description=Mavis Beacon typing tutor
[minimo]
Filename=[path to file]
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojmosuckx.html" target= blank>MOSUCK-X</a> TROJAN!
[mininote]
Filename=MININOTE.EXE
Confirmed=N
Description=<a href="http://www.fookes.com/software/mininote.htm" target="_blank">Mini NoteTab</a> was the first in the family of "NoteTab" text and HTML editors from Fookes Software
[miniphone]
Filename=glophone.exe
Confirmed=?
Description=<a href="http://www.voiceglo.com/" target=_blank>VoiceGlo</a> Glophone Voice over Internet Protocol (VOIP) communications software - "an affordable and convenient way to call friends and family throughout the world using a dial-up or broadband Internet connection on your computer" - <font color="#FF0000">is it required in startup?</font>
[miniport]
Filename=usb2chk.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlazara.html" target=_blank>LAZAR-A</a> TROJAN!
[miniportrt]
Filename=miniport_mp.exe
Confirmed=X
Description=Malware - see <a href="http://www.protext.com/support/Miniport_mpVirus.htm" target=_blank>here</a>
[miniserver.exe]
Filename=MiniServer.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlittlewe.html" target=_blank>LITTLEW-E</a> TROJAN!
Description=Added by the <a href="http://uk.trendmicro-europe.com/consumer/security_info/ve_detail.php?Vname=WORM_RBOT.QH" target=_blank>RBOT.QH</a> WORM!
[mircosoft dns service]
Filename=svchost.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojircbotak.html" target=_blank>IRCBOT-AK</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "drivers" subfolder
[mircosoft update]
Filename=wuampkd.exe
Confirmed=X
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
[mircrosoft svchost32]
Filename=svchost32.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotazw.html" target=_blank>RBOT-AZW</a> WORM!
[mircrosoft windows config dll]
Filename=rundllc32b.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotzy.html" target=_blank>RBOT-ZY</a> WORM!
[mirovideo tray tool]
Filename=misitray.exe
Confirmed=N
Description=Tool for quickly changing options for miro/Pinnacle capture cards during capture/playback/output. When this program is closed, another program (mv-ctrl) is also closed, but mv-ctrl does not have its own EXE file. Only needed when using the capture card, e.g. for the above actions
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotawy.html" target=_blank>RBOT-AWY</a> WORM!
[miscrosoft windows explorer]
Filename=IEEXPLORER.exe
Confirmed=X
Description=Reported as the SDBOT.YX WORM!
[misictrl]
Filename=misiCTRL.exe
Confirmed=?
Description=<a href="http://www.video-drivers.com/drivers/26/26750.htm" target="_blank">Miro</a> video driver related.<font color="#FF0000"> Is it required?</font>
[misitray]
Filename=misiTRAY.exe
Confirmed=?
Description=<a href="http://www.video-drivers.com/drivers/26/26750.htm" target="_blank">Miro</a> video driver related.<font color="#FF0000"> Is it required?</font>
[mismo]
Filename=win32x.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotjp.html" target=_blank>RBOT-JP</a> WORM!
[mixer]
Filename=Mixer.exe
Confirmed=N
Description=C-Media Mixer - C-Media produce audio chipsets that are often found on popular motherboards with on-board audio. Provides System Tray access to change audio settings. Available via Start -> Settings -> Control Panel or Start -> Programs
[mixghost]
Filename=mixghost.exe
Confirmed=N
Description=Management software for Altec Lansing speakers. If a change is needed, the user can launch it from the Start menu
[ml00!.exe]
Filename=ml00!.exe
Confirmed=X
Description=Malware, detected by <a href="http://www.pandasoftware.com/products/titanium2005/" target= blank>Panda</a> antivirus as Trj/Downloader.BWD
[ml1helperstartup]
Filename=ML1Helper.exe
Confirmed=U
Description=ScreenScenes <a href="http://www.screenscenes.com/index.html" target=_blank>Midnight Lake</a> screensaver. The freeware version comes with <a href="http://www.cexx.org/gator.htm" target=_blank>Gator</a> branded ads (pop-ups and others). ScreenScenes do however offer you the option of doing away with the ads by purchasing the screensaver for a whopping $30...
[mload]
Filename=lxmstart.exe
Confirmed=X
Description=Added by an unidentified VIRUS, WORM or TROJAN!
[mm install]
Filename=setup.exe
Confirmed=?
Description=<font color="#FF0000">Possibly <a href="http://www.moneysoft.co.uk/" target="_blank">Money Manager</a> from Moneysoft?</font>
[mmb2]
Filename=explorer.exe
Confirmed=X
Description=Added by an unidentified WORM or TROJAN! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would only be in startups if you added it manually. This one is located in the System or System32 subfolders
[mmc]
Filename=inisys.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32oscaboti.html" target=_blank>OSCABOT-I</a> WORM!
[mmcndmgr]
Filename=mmcndmgr.exe
Confirmed=X
Description=Added by an unidentified VIRUS, WORM or TROJAN!
[mmcwinmgmt]
Filename=winmgmt.exe
Confirmed=N
Description=Used for Enterprise Management. If you are not an IT Administrator you don't need it to be running. Also runs from the PCHealth "scheduler" - refer <a href="http://groups.google.com/groups?q=PCHealth+pchschd.exe&hl=en&selm=eeuEENQ6AHA.1484@tkmsftngp03&rnum=1" target="_blank">here</a>
[mmerefresh]
Filename=MMERefresh.exe
Confirmed=U
Description=Part of <a href="http://www.digidesign.com/" target="_blank">Digidesgin</a> Protools. Refreshes your midi ports on the 002(R) (the 002R is a hardware audio/midi converter connected to your computer via firewire). Must be running in order to use the MIDI functionality of the Digi002R
[mmgsvc]
Filename=mmgsvc.exe
Confirmed=X
Description=Mmgsvc spyware
[mmhid]
Filename=mmhid.dll
Confirmed=U
Description=This is the <a href="http://www.microsoft.com/hwdev/tech/input/audctrl.asp" target="_blank">Human Interface Device Server</a> for Win98, it is required only if you are using USB Audio Devices you can disable via Msconfig. See <a href="http://www.microsoft.com/hwdev/hid/audctrl.htm" target="_blank">here</a>. Typical examples are USB multimedia keyboards with volume control and web-ready keyboards. For example - loaded by default with MS DSS80 Speakers because they have Volume, Mute and Bass controls on the speaker. Some users may experience problems disabling this - if this is the case then re-enable it. Equivalent to Hidserv in Win98SE/2000/Me/XP
[mmhk]
Filename=mmhk.exe
Confirmed=?
Description=<font color="#FF0000">A driver found on a Compaq Presario 800T notebook. Possibly something to do with multimedia hot keys?</font>
[mmhotkey]
Filename=MMHotKey.exe
Confirmed=N
Description=Multimedia key handling for the relevant type of Turbo-Media keyboard. Shortcut available. Note that with this running it can crash DirectX8/9 under WinXP when a game switches to full-screen
[mmkeybd]
Filename=MMKeybd.exe
Confirmed=U
Description=Multimedia keyboard manager. Required if you use the additional keys
Description=Mpact Mediaware Properties Taskbar Icon - multimedia software icon for Chromatic Research Mpact video cards
[mmrun]
Filename=mmrun.exe
Confirmed=?
Description=<font color="#FF0000">??</font>
[mmsys]
Filename=recover.exe
Confirmed=?
Description=<font color="#FF0000">??</font>
[mmsystem]
Filename=RunDll32
Confirmed=X
Description=Added by the FUNNER-A WORM!
[mmtask service]
Filename=mmtask.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbackgata.html" target="_blank">BACKGAT.A</a> TROJAN! Not the valid MusicMatch Jukebox which has the same filename
[mmtray2k]
Filename=MMTray2K.exe
Confirmed=N
Description=Part of <a href="http://www.morgan-multimedia.com/" target="_blank"> Morgan Multimedia Codecs</a>. Only required when the codecs are used
[mmtraylsi]
Filename=MMTrayLSI.exe
Confirmed=N
Description=Part of <a href="http://www.morgan-multimedia.com/" target="_blank"> Morgan Multimedia Codecs</a>. Only required when the codecs are used
Description=<a href="http://research.sunbelt-software.com/threat_display.cfm?name=VX2.Transponder&threatid=12517&search=vx2" target=_blank>VX2.Transponder</a> parasite updater/installer related
[mnpol]
Filename=mnpol.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/downloader.dluca.b.html" target=_blank>DLUCA.B</a> TROJAN!
[mns]
Filename=MNS.exe
Confirmed=U
Description=<a href="http://www.mobilenetswitch.com/" target=_blank>Mobile Net Switch</a> enables you to use your computer on more then one network with the click of a button. It allows you to automatically select the correct drive mappings, printer settings, IP settings and much more
[mnsvc]
Filename=mnsvc.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.autoupder.html" target="_blank">AUTOUPDER</a> TROJAN!
[mnsvcsp]
Filename=mnsvcsp.exe
Confirmed=X
Description=Added by an unidentified VIRUS, WORM or TROJAN!
[mobsync]
Filename=mobsync.exe
Confirmed=N
Description=MS Syncrhonization Manager - updates the network copy of materials that were edited offline, such as documents, calendars, and e-mail messages
[mobsync32.exe]
Filename=mobsync32.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.finero.html" target="_blank">FINERO</a> TROJAN!
[mod]
Filename=muamger.exe
Confirmed=N
Description=MicroAngelo On Display from <a href="http://www.impactsoft.com/muangelo/ondisplay/prodinfo.htm" target="_blank">Impact Software</a> lets you customize Windows icons. With a few exceptions, you can customize icons by right-clicking on them
[modem]
Filename=locatesvc.exe
Confirmed=X
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html" target=_blank>SPYBOT</a> WORM!
[modem driverz updates]
Filename=mdmdrv.exe
Confirmed=X
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
[modembtr]
Filename=MODEMBTR.EXE
Confirmed=U
Description=Modem Booster from <a href="http://inklineglobal.com/" target="_blank">inKline Global</a> to improve ISP connections
[modeminf]
Filename=Modeminf.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojcrypterc.html" target="_blank">CRYPTER.C</a> TROJAN!
[modemonhold]
Filename=MOH.EXE
Confirmed=U
Description=NetWaiting Modem-on-Hold Application
[modemutility]
Filename=mdmsetpe.exe
Confirmed=N
Description=System Tray configuration icon for Aztech modems
[modularconfig]
Filename=syscnfg.exe
Confirmed=X
Description=Added by an unidentified VIRUS, WORM or TROJAN! "syscnfg.exe" is found in C:\windows\fonts (or C:\winnt\fonts) directory where no *.exe files should reside
[module call initialize]
Filename=RUNDLL32.EXE reg.dll, ondll_reg
Confirmed=X
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.lovgate@mm.html" target="_blank">LOVGATE</a> WORM!
[money express]
Filename=moneyexpress.exe
Confirmed=N
Description=Part of MS Money. Available via Start -> Programs
[moneystartup]
Filename=Money Startup.exe
Confirmed=N
Description=Microsoft Money
[moneystartup10.0]
Filename=Activation.exe
Confirmed=N
Description=Part of MS Money 2002. Available via Start -> Programs
[monitor]
Filename=monitor.exe
Confirmed=X
Description=Browser hijacker, redirecting to NCM Search
[monitor apache servers]
Filename=ApacheMonitor.exe
Confirmed=U
Description=Part of the Apache Web Server package. Useful only if you're running such a server on your PC. Available via Start -> Programs
[monitor helper]
Filename=monitor.exe
Confirmed=U
Description=<a href="http://www.symantec.com/avcenter/venc/data/spyware.mylittlespy.html" target= blank>MyLittleSpy</a> keystroke logger/monitoring program - remove unless you installed it yourself!
[monitoring service]
Filename=svchost.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.cone.c@mm.html" target=_blank>CONE.C</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "tasks" subfolder of the Winnt or Windows folder
[monitormgt]
Filename=Monitormgt.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html" target="_blank">GEMA</a> TROJAN!
[monitorsd]
Filename=SDMonitor.exe
Confirmed=X
Description=Spyware remover - not recommended, search for "spywaredetector.net" <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target=_blank>here</a>
[monpluginsrivcs]
Filename=n3monap23.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
[monstersoundtray]
Filename=Freectrl.exe
Confirmed=N
Description=Diamond Multimedia sound card control panel
[montest]
Filename=vccxzq.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotea.html" target=_blank>SDBOT-EA</a> WORM!
[moodbook]
Filename=mb.exe
Confirmed=U
Description=<a href="http://www.moodbook.com/" target=_blank>MoodBook</a> is a free Windows utility that brings art to your desktop
[moon phase]
Filename=moon.exe
Confirmed=N
Description=<a href="http://www.locutuscodeware.com" target="_blank">Moon Phase</a> - tray icon that indicates the phases of the moon
[morpheus]
Filename=morpheus.exe
Confirmed=N
Description=MusicCity Networks' Morpheus - another peer-to-peer client based on Kazaa. Notable in that this one doesn't seem to install the adware that clog the Kazaa download. They claim they are adware free, and a visitor quotes "I have seen no instance of any since using it"
[morphstb]
Filename=morphstb.exe
Confirmed=X
Description=Adware downloader - detected by <a href="http://www.kaspersky.com/personalpro" target= blank>Kaspersky</a> antivirus as Trojan-Downloader.Win32.Stubby.c
[mosearch]
Filename=mosearch.exe
Confirmed=X
Description=Fast Search in Office XP - similar to the new revision of the Find Fast feature in Office 2000. Fast Search uses the Indexing Services in Office XP to create a catalog of Office files on your computer's hard disk. As with Find Fast - a waste of resources. If it can't be disabled via MSCONFIG try <a href="http://support.microsoft.com/support/kb/articles/Q282/1/06.asp" target="_blank">here</a>
[motherboard sounds]
Filename=Sounds.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaap.html" target=_blank>RBOT-AAP</a> WORM!
[motivemonitor]
Filename=motmon.exe
Confirmed=U
Description=Found on HP/Dell and Compaq systems (and maybe others). MotiveMonitor is usedáthe suppliers on-line support and allows the agent at the far end to do harddrive/ram/video/etc tests on the computer. Can cause some users problems with IE and Netscape by disabling this - in this case leave it to run. You may also wish to leave it alone if the PC is still within the support period from the manufcaturer. For most users it's not required
[motivesb]
Filename=MotiveSB.exe
Confirmed=N
Description=System tray icon for the Virtual Assistant from <a href="http://www.attbi.com/" target="_blank">AT&T Broadband</a>, used to communicate internet problems via the network rather than telephone. Available via desktop shortcut or Start -> Programs - not required
[motmon]
Filename=motmon.exe
Confirmed=U
Description=Found on HP/Dell and Compaq systems (and maybe others). MotiveMonitor is usedáthe suppliers on-line support and allows the agent at the far end to do harddrive/ram/video/etc tests on the computer. Can cause some users problems with IE and Netscape by disabling this - in this case leave it to run. You may also wish to leave it alone if the PC is still within the support period from the manufcaturer. For most users it's not required
Description=From McAfee VirusScan version 5.x. Creates back-up sets of critical files in a separate area of a hard drive. If you make regular back-ups it's not needed and can be painful during system start
[mouse]
Filename=mouse.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotahj.html" target=_blank>RBOT-AHJ</a> WORM!
[mouse 32a]
Filename=Mouse32A.exe
Confirmed=N
Description=Mouse driver to control mouse functions from Azona. Available via Start -> Programs
[mouse suite 98 daemon]
Filename=pelmiced.exe
Confirmed=N
Description=Mouse driver. Appears to cause a behaviour where the desktop suddenly flips back up when playing DirectX associated games
[mousebut]
Filename=mousebut.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A" target="_blank">CRYPTER.A</a> TROJAN!
[mousecntl]
Filename=mousecntl.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojcrypterc.html" target="_blank">CRYPTER.C</a> TROJAN!
[mousecount]
Filename=MC.exe
Confirmed=N
Description=<a href="http://www.kittyfeet.com/mousecount.htm" target="_blank">MouseCount</a> by Kittyfeet Software. "Utility for counting how many times us computer junkies click our mouse in a given session/day/week/month/year." Not required
[mouseimp]
Filename=MImpHost.exe
Confirmed=U
Description=MouseImp Pro - "A reliable assistant that turns your mouse into a simple, native but powerful controlling device"
[mousinfo]
Filename=mousinfo.exe
Confirmed=U
Description=MS mouse information tool - for troubleshooting mouse problems
Description=Auto-update for <a href="http://www.movielink.com/" target="_blank">Movielink</a> - internet movie rental System Tray access
[movienetworks]
Filename=MovieNetworks.exe
Confirmed=X
Description=<a href="http://www.movienetworks.com/" target="_blank">MovieNetworks</a> will connect you by DOMESTIC PREMIUM RATE TELEPHONE NUMBER 900-xxx-xxxx. So you get xxx rated pictures and junk. And it will allow you to stay on the internet on their line and $$$ and remove the C:\Program Files\MovieNetworks directory
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.GEN" target=_blank>SDBOT</a> WORM!
[mp tcloaxs]
Filename=mptcloaxs.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RANDEX.CT" target="_blank">RANDEX.CT</a> WORM!
[mp3 loader]
Filename=Sysdata.EXE
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32avettea.html" target=_blank>AVETTE-A</a> VIRUS!
[mpeo]
Filename=Csinsm32.exe
Confirmed=U
Description=Automatic logging of installs from Norton CleanSweep - available via Start -> Programs
[mpftray]
Filename=MpfTray.exe
Confirmed=Y
Description=McAfee Personal Firewall
[mpl32 driver]
Filename=MPL32.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojloonym.html" target="_blank">LOONY-M</a> TROJAN!
[mplay64]
Filename=mplay64.exe
Confirmed=X
Description=Added by the <a href="http://www.superadblocker.com/M/MPLAY64.EXE-6741.html" target=_blank>MPLAY64</a> TROJAN!
[mplsetup]
Filename=MplSetup.exe
Confirmed=U
Description=Used by Ricoh network printers to enable network printing from the client
[mpm manager]
Filename=MPM.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_DONBOMB.A&VSect=P" target=_blank>DONBOMB.A</a> TROJAN!
[mpower]
Filename=MPower.exe
Confirmed=U
Description=<a href="http://www.mindbeat.com/" target="_blank">MPower</a> from MindBeat. "Defragments and frees your RAM giving more stability to your system and avoiding needless use of swap file. Willl also benchmark (speed test) your hard disk drives and your CPU load". MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See <a href="http://www.aumha.org/a/memmgmt.htm" target="_blank">this</a> article and make up your own mind
[mpr msg]
Filename=mprmsg32.exe
Confirmed=X
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/w32.mytob.cf@mm.html" target= blank>MYTOB.CF</a> WORM!
[mprexe]
Filename=MPREXE.EXE
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.T" target="_blank">OPASERV.T</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/mprexe/" target="_blank"> Mprexe.exe</a> system file
[mprexe.exe]
Filename=mprexe.exe
Confirmed=Y
Description=WIN32 Network Service Interface Process. MPREXE.exe enables the computer to have multiple clients/protocols for networks. There are some problems with it sometimes though - see <a href="http://support.microsoft.com/directory/article.asp?ID=KB;EN-US;Q178084" target="_blank">here</a> and <a href="http://www.ohsu.edu/win95/html/mprexe.html" target="_blank">here</a>. Note - why some people have it listed in start-up programs I don't know but I was asked to include it here. It automatically runs in the background. NOTE : sometimes it will appear in start-ups if you have a virus
[mprhtml]
Filename=MprHTML.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_VAGRNOCK.12" target="_blank">VAGRNOCKER</a> TROJAN!
[mprocessor]
Filename=mprocessor.exe
Confirmed=X
Description=InstallDollars.com foistware
[mpsexe]
Filename=mscifapp.exe
Confirmed=U
Description=McAfee.com Privacy Service - "combines personal identifiable information (PII) protection with online advertisement blocking and content filtering"
[mpsonn]
Filename=MpsOnn.exe
Confirmed=Y
Description=Canon printer driver
[mpt]
Filename=MPT.exe
Confirmed=?
Description=<font color="#FF0000">??</font>
[mptask services]
Filename=mptask.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.lala.html" target="_blank">LALA</a> or <a href="http://vil.nai.com/vil/content/v_99788.htm" target="_blank">AOT</a> TROJANS!
[mptbox]
Filename=MPTBOX.EXE
Confirmed=N
Description=Cannon Multi-Pass toolbox - a button bar
[mptsgsvc.exe]
Filename=mptsgsvc.exe
Confirmed=X
Description=<a href="http://www.f-secure.com/v-descs/hacktool.shtml" target= blank>Hacker Tool</a> - detected by <a href="http://tds.diamondcs.com.au/" target= blank>TDS-3</a> antitrojan as "HackTool.Win32.Hidd.j"
[mpxtray]
Filename=mpxptray.exe
Confirmed=N
Description=Windows Media Player PowerToy which is run from the taskbar. It can be used to hide Windows Media Player (when in use) and choose various standard buttons (play/pause, next,previous) etc
[mp_status_monitor]
Filename=monitr32.exe
Confirmed=U
Description=Cannon Multi-Pass status monitor - your choice
[mqbkup]
Filename=mqbkup.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.opaserv.k.worm.html" target="_blank">OPASERV.K</a> WORM!
[mrtmngr]
Filename=mrtMngr.exe
Confirmed=N
Description=Maintenance Release Task Manager for IntuitÆs QuickBooks or Quicken
[mru-blaster scheduler]
Filename=scheduler.exe
Confirmed=U
Description=<a href="http://www.wilderssecurity.com/mrublaster.html" target="_blank">MRU-Blaster</a> scheduler - detects and cleans MRU (most recently used) lists on your computer
[mru-blaster silent clean]
Filename=mrublaster.exe
Confirmed=N
Description=<a href="http://www.wilderssecurity.com/mrublaster.html" target="_blank">MRU-Blaster</a> - performs silent cleaning of MRU lists at boot
[mrublaster]
Filename=indexcleaner.exe
Confirmed=U
Description=<a href="http://www.wilderssecurity.com/mrublaster.html" target=_blank>MRU-Blaster</a> related - runs once in order to delete the index.dat file in the Temporary Internet Files and/or Cookies folder
[ms auto-ipsec protection]
Filename=MSASP32.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaer.html" target=_blank>RBOT-AER</a> WORM!
[ms autoloader 32]
Filename=MSAuto32.exe
Confirmed=X
Description=Added by the <a href="http://ae.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_SPYBOT.BD" target=_blank>SPYBOT.BD</a> WORM!
[ms builders]
Filename=Wupated.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotss.html" target=_blank>AGOBOT-SS</a> WORM!
[ms config service]
Filename=Msloader32.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotkj.html" target="_blank">RBOT-KJ</a> WORM!
[ms config v13]
Filename=lrbz32.exe
Confirmed=U
Description=Added by the <a href="http://www.sarc.com/avcenter/venc/data/w32.gaobot.aol.html" target=_blank>GAOBOT.AOL</a> WORM!
[ms database]
Filename=MSDATA32.EXE
Confirmed=X
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BCX&VSect=T" target=_blank>RBOT.BCX</a> WORM!
[ms dvd directx dll drivers]
Filename=mdxdl.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotxi.html" target= blank>SDBOT-XI</a> WORM!
[ms dvd directx sound drivers]
Filename=msdrvdx.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotxj.html" target= blank>SDBOT-XJ</a> WORM!
[ms explorer]
Filename=mexplore.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.yaha.ae@mm.html" target="_blank">YAHA.AE</a> WORM!
[ms html location class]
Filename=MSHTML32.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotyd.html" target= blank>RBOT-YD</a> WORM!
[ms internet executor 32]
Filename=MSIXEC32.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaeq.html" target=_blank>RBOT-AEQ</a> WORM!
[ms lsass startup]
Filename=lsass135.exe
Confirmed=X
Description=Added by the <a href="http://ae.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_RBOT.WM" target=_blank>RBOT.WM</a> WORM!
[ms management console]
Filename=mms.exe
Confirmed=?
Description=<font color="#FF0000">Suspicious as the Microsoft Management Console is "mmc.exe" and doesn't normally run at startup</font>
[ms microsoft socket deamon]
Filename=MSSCKD32.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
[ms network control]
Filename=mswin.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.dumba.html" target="_blank">DUMBA</a> TROJAN!
[ms ownage]
Filename=winPE.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotajl.html" target=_blank>RBOT-AJL</a> WORM!
[ms plus inc]
Filename=wpad.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytoban.html" target=_blank>MYTOB-AN</a> WORM!
[ms processe manager]
Filename=msproc.exe
Confirmed=X
Description=Added by the <a href="http://be.trendmicro-europe.com/enterprise/security_info/ve_detail.php?VName=WORM_RBOT.ATO&VSect=T" target=_blank>RBOT.ATO</a> WORM!
[ms real player]
Filename=RealPlyr.exe
Confirmed=X
Description=Added by the <a href="http://de.trendmicro-europe.com/consumer/vinfo/encyclopedia.php?LYstr=VMAINDATA&vNav=1&VName=WORM_RBOT.MR" target=_blank>RBOT.MR</a> WORM!
[ms registry service]
Filename=MSRMS32.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotakp.html" target=_blank>RBOT-AKP</a> WORM!
[ms remote procedure call]
Filename=msrpc32.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotql.html" target=_blank>RBOT-QL</a> WORM!
[ms screen saver]
Filename=scrsave.scr
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotagt.html" target=_blank>RBOT-AGT</a> WORM!
[ms security]
Filename=systm.pif
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaqn.html" target=_blank>RBOT-AQN</a> WORM!
[ms security authority service]
Filename=lsass.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32kalelb.html" target=_blank>KALEL-B</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/" target=_blank>lsass.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the System folder
[ms security hotfix]
Filename=service5.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.ag.html" target="_blank">GAOBOT.AG</a> WORM!
[ms service]
Filename=msservice.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotzg.html" target= blank>RBOT-ZG</a> WORM!
[ms sound config 16bit]
Filename=sndcfg16.exe
Confirmed=X
Description=Added by the <a href="http://www.f-secure.com/v-descs/sdbot_mb.shtml" target="_blank">SDBOT.MB</a> TROJAN!
[ms sound drivers]
Filename=msdrv.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotwr.html" target=_blank>SDBOT-WR</a> WORM!
[ms spool32]
Filename=MS SPOOL32.EXE
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.assasin.html" target="_blank">ASASSIN</a> TROJAN!
[ms sys restore]
Filename=sysrestore.exe
Confirmed=X
Description=Added by the <a href="http://es.trendmicro-europe.com/enterprise/security_info/ve_detail.php?id=66436&VName=WORM_RBOT.XM&VSect=T" target=_blank>RBOT.XM</a> WORM!
[ms sys security]
Filename=mswin.pif
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotapj.html" target=_blank>RBOT-APJ</a> WORM!
[ms system security]
Filename=mswin32.pif
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaox.html" target=_blank>RBOT-AOX</a> WORM!
[ms task manager]
Filename=tskmgr.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.CCD&VSect=Sn" target=_blank>SDBOT.CCD</a> WORM!
[ms taskbars]
Filename=taskbars.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotacv.html" target=_blank>SDBOT-ACV</a> WORM!
[ms taskmanager]
Filename=tskmgr.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaka.html" target=_blank>RBOT-AKA</a> WORM!
[ms unix]
Filename=navupdate64.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
[ms update]
Filename=syshost.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32evamanf.html" target="_blank">EVAMAN-F</a> WORM!
[ms updating utility]
Filename=msupdater.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotxr.html" target= blank>RBOT-XR</a> WORM!
[ms usb 2.0 windows support]
Filename=msusb32.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
[ms valud loader]
Filename=Svhots.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotsp.html" target=_blank>AGOBOT-SP</a> WORM!
[ms window update]
Filename=******.exe [* = random character]
Confirmed=X
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
[ms windows aol driver]
Filename=MSAOLdrv.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotasp.html" target=_blank>RBOT-ASP</a> WORM!
[ms windows data list process]
Filename=MSDATLST.exe
Confirmed=X
Description=Added by an unidentified WORM or TROJAN!
[ms windows procces 32]
Filename=msprocces.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaez.html" target=_blank>RBOT-AEZ</a> WORM!
[ms windows process class]
Filename=MSPRCSS32.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotyq.html" target= blank>RBOT-YQ</a> WORM!
[ms windows process init]
Filename=MSWPI32.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotasq.html" target=_blank>RBOT-ASQ</a> WORM!
[ms windows security updater]
Filename=updater.pif
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaky.html" target=_blank>RBOT-AKY</a> WORM!
[ms windows update]
Filename=scguard.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotyz.html" target= blank>RBOT-YZ</a> WORM!
[ms wins binary]
Filename=ign32.pif
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotasb.html" target=_blank>RBOT-ASB</a> WORM!
[ms-dos boot service]
Filename=Boot32.pif
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotamf.html" target=_blank>RBOT-AMF</a> WORM!
[ms-dos security service]
Filename=ms-dos.pif
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotamr.html" target=_blank>RBOT-AMR</a> WORM!
[ms-dos windows service]
Filename=MS-DOS.PIF
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotajw.html" target=_blank>RBOT-AJW</a> WORM!
[ms-html]
Filename=[random filename]
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_LATINUS.15" target="_blank">LATINUS.15</a> TROJAN!
[ms-runkey]
Filename=arr.exe
Confirmed=X
Description=MS-Connect dialler/hijacker
[ms7531]
Filename=ms7531.exe
Confirmed=X
Description=Homepage hijacker
[msacm]
Filename=msacm.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32opaservo.html" target="_blank">OPASERV-O</a> WORM!
[msadcheck]
Filename=msadcheck32.exe
Confirmed=X
Description=Browser hijacker, redirecting to search-system.com
[msadmin]
Filename=jdbgmrg.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_DASMIN.A" target="_blank">DASMIN.A</a> TROJAN! Note - this is not the valid JDBGMGR.EXE file - see <a href="http://vil.mcafee.com/dispVirus.asp?virus_k=99436" target="_blank">here</a>
[msagentxp]
Filename=MSAgentXP.exe
Confirmed=X
Description=Reported by <a href="http://www.ewido.net/en/" target=_blank>Ewido Security Suite</a> as TrojanDownloader.Reqlook.c
[msaim]
Filename=msaolim.exe
Confirmed=U
Description=<a href="http://www.symantec.com/avcenter/venc/data/spyware.messagespy.html" target= blank>MessageSpy</a> keystroke logger/monitoring program - remove unless you installed it yourself!
[msappts32]
Filename=msappts32.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojelburroa.html" target=_blank>ELBURRO-A</a> TROJAN!
[msbackups]
Filename=backups.exe
Confirmed=X
Description=Added by <a href="http://www.sophos.com/virusinfo/analyses/trojbanloadtl.html" target=_blank>BANLOAD-TL</a> TROJAN!
[msbb]
Filename=msbb.exe
Confirmed=X
Description=Advertising spyware
[msbcs]
Filename=msbcs.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdadobrag.html" target=_blank>DADOBRA-G</a> TROJAN!
[msbootmgr.exe]
Filename=MsBootMgr.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.verify.html" target=_blank>VERIFY</a> TROJAN!
[msbsc]
Filename=[path to trojan]
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankerdf.html" target=_blank>BANKER-DF</a> TROJAN!
[mschoexe]
Filename=suge.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
[msci]
Filename=mcinfo.exe
Confirmed=?
Description=McAfee Internet Security related. <font color="#FF0000">What does it do and is it required?</font>
Description=Part of the SafeChildNet internet filtering program - required if you use it
[mscnt]
Filename=mscnt.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdlucac.html" target=_blank>DLUCA-C</a> TROJAN!
[mscolour]
Filename=mscolour.exe
Confirmed=X
Description=Added by the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?ID=40574" target=_blank>GEMA</a> TROJAN!
[mscommx]
Filename=mscommx.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
[msconfg32.exe]
Filename=MSCONFG32.EXE
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.optix.04.c.html" target="_blank">OPTIX.04.C</a> TROJAN!
[msconfig lptt01]
Filename=msconfig.exe
Confirmed=X
Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "msconfig" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a ref="http://www.wilderssecurity.net/specialinfo/rapidblaster.html#removal" target="_blank"> here</a>. Note - this is not the valid Windows Msconfig which has the same executable name
Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "msconfig" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a ref="http://www.wilderssecurity.net/specialinfo/rapidblaster.html#removal" target="_blank"> here</a>. Note - this is not the valid Windows Msconfig which has the same executable name
[msconfig service]
Filename=MSupdate32.exe
Confirmed=X
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html" target="_blank">SPYBOT</a> WORM!
[msconfig45]
Filename=MSConfig45.exe
Confirmed=X
Description=Added by the <a href="http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?id=56539&VName=BKDR_SDBOT.OJ" target="_blank">SDBOT.OJ</a> TROJAN!
[msconfigr]
Filename=jdbgmrg.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_DASMIN.C" target="_blank">DASMIN.C</a> TROJAN! Note - this is not the valid JDBGMGR.EXE file - see <a href="http://vil.mcafee.com/dispVirus.asp?virus_k=99436" target="_blank">here</a>
[msconfigreminder]
Filename=msconfig.exe
Confirmed=N
Description=Entry that appears when you uncheck an item in the MSConfig Startup group, and will disappear if on the next reboot you select the option to not be reminded that you are running in Selective Startup mode
[msconfigs]
Filename=MsConfigs.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_ALCAN.A" target=_blank>ALCAN.A</a> WORM!
[mscontrol28]
Filename=crsss.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.AJX&VSect=P" target=_blank>SPYBOT.AJX</a> WORM!
[mscontrol31]
Filename=winnsyst.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.CFY&VSect=P" target=_blank>RBOT.CFY</a> WORM!
[mscontrol3d1]
Filename=isasse.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.CGU&VSect=P" target=_blank>RBOT.CGU</a> WORM!
[mscore]
Filename=syscnfg.exe
Confirmed=X
Description=Added by an unidentified VIRUS, WORM or TROJAN! "syscnfg.exe" is found in C:\windows\fonts (or C:\winnt\fonts) directory where no *.exe files should reside
[mscsgs]
Filename=MSCSGS.EXE
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.zezer.worm.html" target="_blank">ZEZER</a> WORM!
[mscsgs32]
Filename=MSCSGS32.EXE
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.zezer.worm.html" target="_blank">ZEZER</a> WORM!
[mscsvc.exe]
Filename=mscsvc.exe
Confirmed=X
Description=Added by the <a href="http://www.sarc.com/avcenter/venc/data/pwsteal.bancos.t.html" target= blank>BANCOS.T</a> TROJAN!
[msctrl32]
Filename=Msctrl32.scr
Confirmed=X
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/w32.hllw.redist@mm.html" target="_blank">REDIST</a> WORM!
[mscvt]
Filename=MSCVT.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.slideshow.html" target="_blank">SLIDESHOW</a> WORM!
[msdcom]
Filename=MSDcom.exe
Confirmed=X
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
[msdirect.exe]
Filename=msdirect.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojcertifl.html" target=_blank>CERTIF-L</a> TROJAN!
[msdll]
Filename=syscnfg.exe
Confirmed=X
Description=Added by an unidentified VIRUS, WORM or TROJAN! "syscnfg.exe" is found in C:\windows\fonts (or C:\winnt\fonts) directory where no *.exe files should reside
[msdmxm]
Filename=msdmxm.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaddc.html" target=_blank>DLOAD-DC</a> TROJAN!
[msdn]
Filename=nese.exe
Confirmed=X
Description=Added by the SDBOT.AHY WORM!
[msdn help]
Filename=msdn.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.AIB&VSect=P" target=_blank>AGOBOT.AIB</a> WORM!
[msdos security service]
Filename=msdos.pif
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotamp.html" target=_blank>RBOT-AMP</a> WORM!
[msdos service]
Filename=MSDOS.PIF
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaiy.html" target=_blank>RBOT-AIY</a> WORM!
[msdos windows service]
Filename=MSDOS.PIF
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotakf.html" target=_blank>RBOT-AKF</a> WORM!
[msdos32]
Filename=Msdos32.pif
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.recory@mm.html" target="_blank">RECORY</a> WORM!
[msdos423]
Filename=msdos423.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MENACE.A" target="_blank">MENACE.A</a> WORM!
[msdosdrv]
Filename=msdosdrv.exe
Confirmed=N
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.bacros.html" target=_blank>BACROS</a> WORM!
[msdtc]
Filename=msdtc.exe
Confirmed=N
Description=MS Distributed Transaction Coordinator - handles transactions across multiple servers and is installed by MS Personal Web Server and MS SQL Server
[msemu32]
Filename=Msemu32.exe
Confirmed=X
Description=Unidentified spyware/adware/hijacker
[mservices.exe]
Filename=mservices.exe
Confirmed=X
Description=Added by the <a href="http://it.trendmicro-europe.com/smb/security_info/ve_detail.php?Vname=WORM_SDBOT.WJ" target=_blank>SDBOT.WJ</a> WORM!
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.cayam@mm.html" target="_blank">CAYAM</a> WORM!
[msfindosa.exe]
Filename=msfindosa.exe
Confirmed=X
Description=Added by the <a href="http://vil.nai.com/vil/content/v_99960.htm" target="_blank">DOWNLOADER-BS</a> TROJAN!
[msftp service config]
Filename=r3grun.exe
Confirmed=X
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
[msfwavtsm]
Filename=FTPDev.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotacf.html" target= blank>RBOT-ACF</a> WORM!
[msg fixage]
Filename=msgfixed.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.ZD" target=_blank>SDBOT.ZD</a> WORM!
[msgapi]
Filename=[path to file]
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdedlerd.html" target="_blank">DEDLER-D</a> TROJAN!
[msgb1]
Filename=msgb1.exe
Confirmed=X
Description=Added by the DLUCA.GEN TROJAN!
[msgcenterexe]
Filename=RealOneMessageCenter.exe
Confirmed=N
Description=RealNetworks <a href="http://www.real.com/" target=_blank>RealPlayer</a> related - disabling this application will not affect Real Player in any way
[msgex32]
Filename=msgex32.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32appfleta.html" target=_blank>APPFLET-A</a> WORM!
[msgmgr]
Filename=[path to worm]
Confirmed=X
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/w32.babybear@mm.html" target="_blank">BABYBEAR</a> WORM!
[msgserv_]
Filename=Syss.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/fanta.trojan.html" target=_blank>FANTA</a> TROJAN!
[msgsm32]
Filename=msgsm32.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotasg.html" target=_blank>RBOT-ASG</a> WORM!
[msgsrv16]
Filename=Msgsrv16.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.delf.family.html" target="_blank">DELF</a> family of TROJANS!
[msgsrv32.exe]
Filename=msgsrv32.exe
Confirmed=Y
Description=Windows 32-bit VxD Message Server. For more information on its function and why it's needed, see <a href="http://support.microsoft.com/support/kb/articles/q138/7/08.asp" target="_blank">here</a>. Note - why some people have it listed in start-up programs I don't know but I was asked to include it here. It automatically runs in the background
[msgsvcmgr32]
Filename=cmdzxdll.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaek.html" target=_blank>RBOT-AEK</a> WORM!
[msgsvr32]
Filename=msgsvr32.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.deadhat.b.html" target="_blank">DEADHAT.B</a> WORM! Note - not to be confused with the valid "msgsrv32.exe" file which resides in the same directory (C:\Windows\System) on a Win9x/Me machine
[msgtag]
Filename=MSGTAG.exe
Confirmed=U
Description=<a href="http://www.msgtag.com/home/" target=_blank>MSGTAG</a> is an application that tells you when your emails have been received and opened
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=PE_MAGISTR.A" target="_blank">MAGISTR.A</a> VIRUS!
[msident]
Filename=msident.exe
Confirmed=X
Description=Unidentified adware or trojan
[msidle]
Filename=msidle.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32opaservo.html" target="_blank">OPASERV-O</a> WORM!
[msidle32.exe]
Filename=MsIdle32.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.verify.html" target=_blank>VERIFY</a> TROJAN!
[msidll]
Filename=winmp.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
[msiew]
Filename=mseiw.exe
Confirmed=X
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/trojan.littlog.html" target=_blank>LITTLOG</a> TROJAN!
[msimn32]
Filename=MSIMN32.EXE
Confirmed=X
Description=Hijacker - recognized by <a href="http://www.kaspersky.com/personalpro" target=_blank>Kaspersky</a> antivirus as Trojan.Agent.cx
[msin]
Filename=MSin.exe
Confirmed=?
Description=<font color="#FF0000">??</font>
[msinet]
Filename=Msinet.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaoa.html" target=_blank>RBOT-AOA</a> WORM!
[msinstall]
Filename=smvss.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdedlerg.html" target=_blank>DEDLER-G</a> TROJAN!
[msjava service]
Filename=xpcd.exe
Confirmed=X
Description=Added by the <a href="http://de.trendmicro-europe.com/consumer/security_info/ve_detail.php?VName=WORM_SDBOT.VM&VSect=T" target="_blank">SDBOT.VM</a> WORM!
[mskagentexe]
Filename=MskAgent.exe
Confirmed=U
Description=Part of <a href="http://us.mcafee.com/root/package.asp?pkgid=156" target="_blank">McAfee Spamkiller</a>
[mskces32]
Filename=[random filename]
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.cloner.html" target="_blank">CLONER</a> TROJAN!
[mskdetectorexe]
Filename=MSKDetct.exe
Confirmed=U
Description=Part of <a href="http://us.mcafee.com/root/package.asp?pkgid=156" target="_blank">McAfee Spamkiller</a>
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.kaemon.html" target=_blank>KAEMON</a> TROJAN!
[mskserverexe]
Filename=MSKSrvr.exe
Confirmed=U
Description=Part of McAfee <a href="http://us.mcafee.com/root/package.asp?pkgid=156" target=_blank>Spamkiller</a>
[mslagent]
Filename=mslagent.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojwintrimf.html" target=_blank>WINTRIM-F</a> TROJAN!
[mslarissa]
Filename=MSLARISSA.pif
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.assiral.b@mm.html" target=_blank>ASSIRAL.B</a> WORM!
[mslib32]
Filename=mswatch32.exe
Confirmed=?
Description=<font color="#FF0000">??</font>
[mslog]
Filename=MicrosoftLog.exe
Confirmed=X
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
[mslogon lptt01]
Filename=mslogon.exe
Confirmed=X
Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "Mslogon" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a ref="http://www.wilderssecurity.net/specialinfo/rapidblaster.html#removal" target="_blank"> here</a>
[mslogon ml097e]
Filename=mslogon.exe
Confirmed=X
Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "Mslogon" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a ref="http://www.wilderssecurity.net/specialinfo/rapidblaster.html#removal" target="_blank"> here</a>
[msmanager]
Filename=msmgr32.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.yaha.af@mm.html" target="_blank">YAHA.AF</a> WORM!
[msmanager32]
Filename=msmngr32.exe
Confirmed=X
Description=Added by the <a href="http://www.us.sophos.com/virusinfo/analyses/w32randonr.html" target="_blank">RANDON-R</a> (or <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_WOMANIZ.A" target="_blank">WOMANIZ.A</a>) WORM!
[msmautoprotect]
Filename=msmssgs.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbifroseaj.html" target= blank>BIFROSE-AJ</a> TROJAN!
[msmcafeee]
Filename=Avsynmgr32e.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.framar.html" target="_blank">FRAMAR</a> TROJAN!
[msmcafeeh]
Filename=Avsynmgr32h.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.frango.html" target="_blank">FRANGO</a> TROJAN!
[msmcafees]
Filename=Avsynmgr32S.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.volac.html" target="_blank">VOLAC</a> or <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.volac.dr.html" target="_blank">VOLAC.DR</a> TROJANS!
[msmessnger]
Filename=msnupd.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotady.html" target=_blank>RBOT-ADY</a> WORM!
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankerie.html" target=_blank>BANKER-IE</a> TROJAN!
[msmntjbe]
Filename=MSMNTJBE.EXE
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancosef.html" target=_blank>Bancos-EF</a> TROJAN!
[msmntjng]
Filename=MSMNTJNG.EXE
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojgraberg.html" target=_blank>GRABER-G</a> TROJAN!
[msmntmts]
Filename=MSMNTMTS.EXE
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankergz.html" target=_blank>BANKER-GZ</a> TROJAN!
[msmon]
Filename=msmon.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=40493" target=_blank>GEMA.D</a> TROJAN!
[msmovies]
Filename=MsMovies.exe
Confirmed=X
Description=Malware - detected by <a href="http://www.kaspersky.com/personalpro" target=_blank>Kaspersky</a> antivirus as Trojan-Dropper.Win32.WinAD.h
[msmqintcert]
Filename=regsvr32 /s mqrt.dll
Confirmed=?
Description=Microsoft Message Queue Server - Internal Certificate - see <a href="http://www.microsoft.com/msmq/" target="_blank">here</a> for more info and <a href="http://support.microsoft.com/default.aspx?scid=kb;en-us;230050" target="_blank">here</a> for a potential problem.<font color="#FF0000"> Is it required?</font>
[msmsgr]
Filename=msmsgss.exe
Confirmed=X
Description=Reported by Kaspersky Anti-Virus as RBOT.AJJ
[msmsgsrv]
Filename=msmsgsrv.exe
Confirmed=X
Description=Added by the <a href="http://vil.nai.com/vil/content/v 132938.htm" target= blank>CQO</a> TROJAN!
[msmsgsvc]
Filename=MSMSGSVC.exe
Confirmed=X
Description=Browser hijacker, identified by some antiviruses as a variant of the StartPage.QC TROJAN!
[msmsngr]
Filename=msmsngr.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32dopbotb.html" target=_blank>DOPBOT-B</a> WORM!
[msn 9.0 plus]
Filename=[random letters].exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaly.html" target=_blank>RBOT-ALY</a> WORM!
[msn administration for windows]
Filename=msnadp32.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_BROPIA.W&VSect=P" target=_blank>BROPIA.W</a> WORM!
[msn ang]
Filename=cssrss.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotce.html" target=_blank>FORBOT-CE</a> WORM!
[msn beta]
Filename=service.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.AUU&VSect=P" target=_blank>RBOT.AUU</a> WORM!
[msn config]
Filename=msngf.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotqg.html" target=_blank>RBOT-QG</a> WORM!
[msn configuration loader]
Filename=msngms.exe
Confirmed=X
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/w32.kelvir.t.html" target=_blank>KELVIR.T</a> WORM!
[msn funny images]
Filename=imsngsr.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobottt.html" target=_blank>AGOBOT-TT</a> WORM!
[msn internet access]
Filename=trayclnt.exe
Confirmed=N
Description=Quick way to connect to MSN internet service - replaces "MSN Quick View" from V5.6 onwards
[msn message background loader]
Filename=msnmesg.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
[msn messages]
Filename=msnmesg.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotacn.html" target=_blank>RBOT-ACN</a> WORM!
[msn messanger]
Filename=msnmsng.exe
Confirmed=X
Description=Added by the <a href="http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_SDBOT.XN" target="_blank">SDBOT.XN</a> WORM!
[msn messeng]
Filename=windns.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
[msn messenge]
Filename=IExplorer.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdelfll.html" target=_blank>DELF-LL</a> TROJAN!
[msn messenger 32]
Filename=msniu.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotawb.html" target=_blank>RBOT-AWB</a> WORM!
[msn messenger 323]
Filename=msniu3.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaxb.html" target=_blank>RBOT-AXB</a> WORM!
[msn messenger 6.2]
Filename=tyd.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
[msn messenger service]
Filename=mssgs.exe
Confirmed=X
Description=Added by an unidentified TROJAN! Note - this is not the real MSN Messenger, see this <a href="http://forums.techguy.org/showthread.php?s=&threadid=109054" target="_blank">thread</a>
[msn messenger service starter]
Filename=msnmgsr.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaos.html" target=_blank>RBOT-AOS</a> WORM!
[msn messenger update]
Filename=msnupdate.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target= blank>RBOT</a> WORM!
[msn messenger user controls]
Filename=msmsgr.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.kelvir.hi.html" target=_blank>KELVIR.HI</a> WORM!
[msn messengers]
Filename=MSNMSGR.EXE
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.KX&VSect=T" target="_blank">RBOT.KX</a> WORM!
[msn mmissenger]
Filename=mssmmspgr.exe
Confirmed=X
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/w32.kelvir.aj.html" target=_blank>KELVIR.AJ</a> WORM!
[msn patch]
Filename=msndp.exe
Confirmed=X
Description=Added by the <a href="http://uk.trendmicro-europe.com/smb/security_info/ve_detail.php?Vname=WORM_RBOT.AAI" target=_blank>RBOT.AAI</a> WORM!
[msn patches]
Filename=msndr.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.GEN" target=_blank>SDBOT</a> WORM!
[msn plus updater]
Filename=msnplus.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotmu.html" target=_blank>RBOT-MU</a> WORM!
[msn processe manager]
Filename=msni32.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotadx.html" target=_blank>RBOT-ADX</a> WORM!
[msn quick view]
Filename=Msndc.exe
Confirmed=N
Description=Quick way to connect to MSN internet service
[msn registry loader]
Filename=msmnwin.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.kelvir.fk.html" target=_blank>KELVIR.FK</a> WORM!
[msn service updates]
Filename=winproc.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32kelvirbb.html" target=_blank>KELVIR-BB</a> WORM!
[msn service utilities]
Filename=nkn.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32kelvirbc.html" target=_blank>KELVIR-BC</a> WORM!
[msn start]
Filename=msnmsgr7.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotph.html" target=_blank>RBOT-PH</a> WORM!
[msn update manager (sp2)]
Filename=MSMSGS.EXE
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotnl.html" target=_blank>AGOBOT-NL</a> WORM!
[msn update service]
Filename=userx.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.mytob.jf@mm.html" target=_blank>MYTOB.JF</a> WORM!
[msn updaters]
Filename=virtualmemory.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotjk.html" target="_blank">RBOT-JK</a> WORM!
[msn.exe]
Filename=son.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojstartpags.html" target=_blank>STARTPA-GS</a> TROJAN!
[msn32 x service]
Filename=MSN32x.EXE
Confirmed=X
Description=Added by an unidentified WORM!
[msn8m startup]
Filename=msn8m.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
[msnager32]
Filename=svchostt.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_WOMANIZ.E&VSect=P" target=_blank>WOMANIZ.E</a> TROJAN!
[msnappau]
Filename=msnappau.exe
Confirmed=N
Description=Updater for the MSN toolbar that can be downloaded onto IE. Calls home every day or so to "update" the toolbar
[msnarrator]
Filename=msnarrator.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_NARAT.A" target="_blank">NARAT.A</a> TROJAN! - also identified as <a href="http://securityresponse.symantec.com/avcenter/venc/data/adware.mpgcom.html" target="_blank">MPGCOM Toolbar</a> adware
[msnavwh]
Filename=MSWkwrH.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32anava.html" target= blank>ANAV-A</a> WORM!
[msndrvsys]
Filename=msndrvsys.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbroggerd.html" target=_blank>BROGGER-D</a> TROJAN!
[msnet]
Filename=msnet.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.boa.html" target="_blank">BOA</a> WORM!
[msnfixer]
Filename=msnfixjs.js
Confirmed=?
Description=<font color="#FF0000">Located in the HPbinmsnfix directory of a HP PC</font>
[msngrabber]
Filename=MSNgrabber.exe
Confirmed=X
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/w32.envid.a@mm.html" target=_blank>ENVID.A</a> WORM!
[msngta32]
Filename=msngta32.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
[msnia]
Filename=MSNIASVC.EXE
Confirmed=N
Description=Added with MSN version 9. Resets certain internet settings upon bootup and can't be disabled via MSCONFIG
[msnload32.exe]
Filename=msnload32.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.bancos.m.html" target="_blank">BANCOS.M</a> TROJAN!
[msnmesenger]
Filename=Main.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.prorat.html" target="_blank">PRORAT</a> TROJAN!
[msnmsg.exe]
Filename=mscmd32.exe
Confirmed=X
Description=Added by a variant of the AGENT.AH TROJAN!
[msnmsgq32]
Filename=msnmsgq.exe
Confirmed=X
Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target= blank>TACTSLAY.H</a> TROJAN!
[msnmsgr32-.exe]
Filename=msnmsgr-.exe
Confirmed=X
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html" target="_blank">SPYBOT</a> WORM!
[msnmsgr5]
Filename=MSNMSGR5.exe
Confirmed=X
Description=Added by the <a href="http://uk.trendmicro-europe.com/enterprise/security_info/virus_encyclopedia.php?s=1&VName=WORM_RBOT.PQ" target="_blank">RBOT.PQ</a> WORM!
[msnmsgre]
Filename=swef.bat
Confirmed=X
Description=IRC backdoor TROJAN or WORM!
[msnmsgrr]
Filename=swin.bat
Confirmed=X
Description=IRC backdoor TROJAN or WORM!
[msnmsgrs1]
Filename=swed.bat
Confirmed=X
Description=IRC backdoor TROJAN or WORM!
[msnmsgs.exe]
Filename=msnmsgs.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankerhk.html" target=_blank>BANKER-HK</a> TROJAN! Note - not to be confused with msmsgs.exe, the well known MSN Instant Messaging application!
[msnmsgsgs]
Filename=msnmsgsgs.exe
Confirmed=X
Description=Added by the "Catal" alias Spy.Delitall.B backdoor TROJAN!
[msnpluginsrivcs]
Filename=n3vasap23.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
[msnsched2]
Filename=msnsched2.exe
Confirmed=X
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/w32.spybot.nnt.html" target=_blank>SPYBOT.NNT</a> WORM!
[msnservice]
Filename=MSNService.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.carpet.c.html" target="_blank">CARPET.C</a> WORM!
[msnsgs]
Filename=msnsgs.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojcheukob.html" target=_blank>CHEUKO-B</a> TROJAN!
[msnshed]
Filename=msnshed.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotyn.html" target= blank>RBOT-YN</a> WORM!
[msnsysrestore]
Filename=pc32.exe
Confirmed=X
Description=Added by a variant of the MASTAK VIRUS!
[msntoolbaar]
Filename=msnmsgesc.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BMF&VSect=P" target=_blank>RBOT.BMF</a> WORM!
[msobject32]
Filename=MSObject32.js
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/js.pun.trojan.html" target="_blank">PUN</a> TROJAN!
[msoffice32]
Filename=msjcf.exe
Confirmed=X
Description=Added by the <a href="http://www.us.sophos.com/virusinfo/analyses/trojrakera.html" target=_blank>RAKER-A</a> TROJAN!
[msoffwz]
Filename=msoffwz.EXE
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancbanhq.html" target=_blank>BANCBAN-HQ</a> TROJAN!
[msoleath32]
Filename=winss.exe
Confirmed=X
Description=Added by the <a href="http://vil.nai.com/vil/content/v_100491.htm" target=_blank>KATHER</a> TROJAN!
[msoobd]
Filename=MSOOBD.EXE
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=PE_MAGISTR.A" target="_blank">MAGISTR.A</a> VIRUS!
[mspaint.exe]
Filename=check32.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagentah.html" target=_blank>AGENT.AH</a> TROJAN!
[mspatch69]
Filename=[path to trojan]
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.mprox.html" target="_blank">MPROX</a> TROJAN!
[mspatch89]
Filename=cnqmax.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.p.html" target="_blank">RANDEX.P</a> WORM!
[msping]
Filename=msping.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.floodblack.html" target=_blank>FLOODBLACK</a> TROJAN!
[msping.exe]
Filename=msping.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbdoormz.html" target=_blank>MZ</a> TROJAN!
[mspluginsrvc]
Filename=p3.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotwv.html" target= blank>RBOT-WV</a> WORM!
[msplus]
Filename=msplus32.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobam.html" target=_blank>MYTOB-AM</a> or <a href="http://www.sophos.com/virusinfo/analyses/w32mytobcl.html" target=_blank>MYTOB-CL</a> WORMS!
[mspp system update 64]
Filename=wiaadmgr.exe
Confirmed=X
Description=Reported by Kaspersky Anti-Virus as the RANKY.GEN TROJAN!
[mspqfile]
Filename=MSA****.TMP
Confirmed=X
Description=Homepage hijacker. See <a href="http://www.spywareinfo.com/yabbse/index.php?board=11;action=display;threadid=776;start=10" target="_blank">here</a> for more information. **** can be anything
[msprotect.exe]
Filename=MSprotect.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=PE_DABYREV.A" target="_blank">DABYREV.A</a> VIRUS!
[mspy2002]
Filename=ImScInst.exe
Confirmed=N
Description=Part of Microsoft's Input Message Editor (IME) for translating Japanese/Chinese text in IE, Outlook and Word
[msr]
Filename=msr.exe
Confirmed=X
Description=Added by the <a href="http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_AGOBOT.RT" target=_blank>AGOBOT.RT</a> WORM!
[msrc]
Filename=Msrc.exe
Confirmed=X
Description=Added by the KRYPTONIC GHOST TROJAN!
[msreg.exe]
Filename=msrege.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.zinx.html" target="_blank">ZINX</a> TROJAN!
[msreg32 loader]
Filename=msreg32.exe
Confirmed=X
Description=Added by the <a href="http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?VName=WORM_AGOBOT.IU&VSect=T" target=_blank>AGOBOT.IU</a> WORM!
[msregit]
Filename=Msgp.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_KRYPGHOS.13" target="_blank">KRYPGHOS.13</a> TROJAN!
[msregsvc]
Filename=regsvc32.exe
Confirmed=X
Description=Homepage hijacker that changes your homepage to an adult content site
[msresear]
Filename=[path to trojan]
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojweasywb.html" target=_blank>WEASYW-B</a> TROJAN!
[msrundll]
Filename=msrund1l32.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.binghe.html" target=_blank>BINGHE</a> TROJAN!
[msrunocx32]
Filename=msrunocx32.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.skus.html" target="_blank">SKUS</a> WORM!
[msscdl]
Filename=MSSCDLL.exe
Confirmed=U
Description=<a href="http://www.symantec.com/avcenter/venc/data/spyware.spycapture.html" target= blank>SpyCapture</a> keystroke logger/monitoring program - remove unless you installed it yourself!
[msserv]
Filename=msserv.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojblackloga.html" target=_blank>BLACKLOG-A</a> TROJAN!
[msserv32]
Filename=msserv32.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotack.html" target= blank>RBOT-ACK</a> WORM!
[msservice]
Filename=msserv.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hyd@mm.html" target="_blank">HYD</a> WORM!
[mssfos]
Filename=sfool.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.eus.html" target=_blank>RANDEX.EUS</a> WORM!
[mssgisg]
Filename=[path to file]
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.ranky.n.html" target=_blank>RANKY.N</a> TROJAN!
[msshow]
Filename=MSShow.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojqqrobm.html" target=_blank>QQROB-M</a> TROJAN!
[msshvc]
Filename=MSSHVC.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.nuffy.a.html" target="_blank">NUFFY.A</a> WORM!
[mssoul]
Filename=msmscc2.exe
Confirmed=X
Description=Added by the DAPIZL.A banker WORM! (A "banker worm" is designed to pillage banking information and send it back to the perpetrators!)
[mssp3]
Filename=mssp22.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojibankd.html" target=_blank>IBANK-D</a> TROJAN!
[mssql]
Filename=Mssql.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.html" target="_blank">SDBOT</a> TROJAN!
[msstart]
Filename=msstart.exe
Confirmed=X
Description=Added by the <a href="http://it.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=BKDR_LIVUP.C" target="_blank">LIVUP.C</a> TROJAN!
[msstask]
Filename=msstask.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.myparty@mm.html" target="_blank">MYPARTY</a> WORM!
[mssurfer lptt01]
Filename=mssurfer.exe
Confirmed=X
Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "surfer" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a ref="http://www.wilderssecurity.net/specialinfo/rapidblaster.html#removal" target="_blank"> here</a>
[mssurfer ml097e]
Filename=mssurfer.exe
Confirmed=X
Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "surfer" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a ref="http://www.wilderssecurity.net/specialinfo/rapidblaster.html#removal" target="_blank"> here</a>
[mssvc.exe]
Filename=MSSVC.EXE
Confirmed=Y
Description=<a href="http://www.stealthdisk.com/" target="_blank">Stealthdisk</a> - hides folders, files and applications. Will also encrypt them for better protection
[mssvc32]
Filename=mssvc32.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotme.html" target=_blank>AGOBOT-ME</a> WORM!
[mssys]
Filename=mssys.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.myss.b.html" target="_blank">MYSS.B</a> TROJAN!
[mssyslanhelper]
Filename=msmsgri32.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.d.html" target="_blank">RANDEX.D</a> WORM!
[mstapi]
Filename=Mstapi.exe
Confirmed=X
Description=Keylogger trojan
[mstaskbar 32]
Filename=tbsvc32.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BQZ&VSect=P" target=_blank>RBOT.BQZ</a> WORM!
[mstasks]
Filename=mstasks.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojmultidray.html" target=_blank>MULTIDR-AY</a> TROJAN!
[mstcgww]
Filename=MSTCGWW.EXE
Confirmed=?
Description=<font color="#FF0000">??</font>
[mstmon_n]
Filename=MSTMON_N.EXE
Confirmed=N
Description=Generates an error message on startup if a Konica Minolta printer is not turned on and ready
[mstmon_q]
Filename=MSTMON_Q.exe
Confirmed=N
Description=Generates an error message on startup if the Konica Minolta PagePro 1350W printer is not turned on and ready
[mstng32]
Filename=MSTng32.exe
Confirmed=X
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/w32.hllw.tang@mm.html" target="_blank">TANG</a> WORM!
[msupdate.exe]
Filename=N/A
Confirmed=X
Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant - resets home page to an adult content site
[msupdatedevkit]
Filename=axfd.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotzd.html" target= blank>SDBOT-ZD</a> WORM!
[msupdater system]
Filename=udpsys32.exe
Confirmed=X
Description=Added by the <a href="http://uk.trendmicro-europe.com/smb/security_info/ve_detail.php?id=66137&VName=WORM_RBOT.AAA&VSect=O" target=_blank>RBOT.AAA</a> WORM!
[msupdater.exe]
Filename=N/A
Confirmed=X
Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant. Installs the Winshow.dll browser plugin
[msupdater25]
Filename=lsasser.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotats.html" target=_blank>RBOT-ATS</a> WORM!
[msupdates]
Filename=msupdt.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotjo.html" target="_blank">RBOT-JO</a> WORM!
[msupdsrv]
Filename=msupdsrv.exe
Confirmed=X
Description=Browser hijacker, redirecting to a adult content site
[msurl]
Filename=msurl32.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A" target="_blank">CRYPTER.A</a> TROJAN!
[msuser32.exe]
Filename=msuser32.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.androv.html" target="_blank">ANDROV</a> TROJAN!
[msvbvm60]
Filename=MSVBVBM60.pif
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32scoldb.html" target= blank>SCOLD-B</a> WORM!
[msvcc]
Filename=msvchost.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.xombe.html" target="_blank">XOMBE</a> TROJAN!
[msvhost]
Filename=aig.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojaimbotbc.html" target=_blank>AIMBOT-BC</a> TROJAN!
[msvload32]
Filename=msvload32.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaci.html" target= blank>RBOT-ACI</a> WORM!
[msvsc32]
Filename=msdev.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgj.html" target=_blank>RBOT-GJ</a> WORM!
[msvsmt]
Filename=rpcxctx.exe
Confirmed=X
Description=Added by an unidentified WORM or TROJAN!
[msvsync]
Filename=videosync.exe
Confirmed=X
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html" target="_blank">SPYBOT</a> WORM!
[msvxd]
Filename=MSVXD.EXE
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_DATOM.A" target="_blank">DATOM.A</a> WORM!
[mswave]
Filename=mswave.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A" target="_blank">CRYPTER.A</a> TROJAN!
[mswavedll]
Filename=mswavedll.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojcrypterc.html" target="_blank">CRYPTER-C</a> TROJAN!
[mswheel]
Filename=mswheel.exe
Confirmed=U
Description=<a href="http://www.microsoft.com/intellipoint/" target="_blank">Microsoft Intellipoint</a> software for their Intellimouse series of mice - required if you use non-standard Windows driver features
[mswin]
Filename=mswin.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankercu.html" target=_blank>BANKER-CU</a> TROJAN!
[mswincfg]
Filename=Mswincfg32.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_CYBERSPY.D" target="_blank">CYBRSPY.D</a> TROJAN!
[mswindows drt drivers]
Filename=wsdrt32.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.ALT&VSect=T" target=_blank>RBOT.ALT</a> WORM!
[mswindows ssl drivers]
Filename=mssl32.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.API&VSect=T" target=_blank>SPYBOT.API</a> WORM!
[mswindows sysdate]
Filename=sysmsvc.exe
Confirmed=X
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/w32.spybot.fcd.html" target=_blank>SPYBOT.FCD</a> WORM!
[mswindows syspg]
Filename=mspg32.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbottb.html" target=_blank>RBOT-TB</a> WORM!
[mswindowsupdate]
Filename=Systern.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotafd.html" target=_blank>RBOT-AFD</a> WORM!
[mswinpid32]
Filename=mswinpid32.exe
Confirmed=X
Description=Added by the LAPOS.A TROJAN! This is a keylogger which emails back to China PayPal passwords and account information - thus allowing the perpetrators to steal PayPal funds in the name of the victim!
[mswinsrv]
Filename=MSWinSrv.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.mtron.html" target=_blank>MTRON</a> TROJAN!
[mswinsrv32]
Filename=MSWinSrv32.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojmtronb.html" target=_blank>MTRON-B</a> TROJAN!
[mswinupd]
Filename=winupd.exe
Confirmed=U
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderye.html" target=_blank>DLOADER-YE</a> or <a href="http://www.sophos.com/virusinfo/analyses/trojdloadraaa.html" target=_blank>DLOADR-AAA</a> or <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderzf.html" target=_blank>DLOADER-ZF</a> TROJAN!
[mswinupdate]
Filename=winupdate.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloadraaw.html" target=_blank>DLOADR-AAW</a> TROJAN!
[mswinvgr]
Filename=msvgr.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.mytob.le@mm.html" target=_blank>MYTOB.LE</a> WORM!
[mswkork service]
Filename=msework.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
[msword]
Filename=msword.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotadr.html" target=_blank>RBOT-ADR</a> WORM!
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotqq.html" target= blank>AGOBOT-QQ</a> WORM!
[msys lptt01]
Filename=msys.exe
Confirmed=X
Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "Msyss" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a ref="http://www.wilderssecurity.net/specialinfo/rapidblaster.html#removal" target="_blank"> here</a>
[msys32]
Filename=morfitwebentrance.exe
Confirmed=X
Description=<a href="http://www.morfit.com/Eng/" target="_blank">Morfit ADjectPager</a> - "uses home page rental technology for generating revenues". Homepage hi-jacker that re-defines your IE or Netscape start page as http://www.web-entrance.com/. Any installed application including this must be un-installed before you can reset your homepage
[msysdrv]
Filename=msdrv.exe
Confirmed=X
Description=Added by the VB.WF TROJAN!
[ms_anti_spyware]
Filename=mwfirewall.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.gamqowi.html" target=_blank>GAMQOWI</a> TROJAN!
[ms_larissa]
Filename=MS_LARISSA.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.assiral@mm.html" target=_blank>ASSIRAL</a> WORM!
[ms_netd_win32]
Filename=netd32.EXE
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.f.html" target="_blank">RANDEX.F</a> WORM!
[ms_setup.exe]
Filename=MS_SETUP.EXE
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.charge.html" target="_blank">CHARGE</a> TROJAN!
[ms_update check]
Filename=wdfmgr.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobottb.html" target=_blank>AGOBOT-TB</a> WORM!
[mtr2]
Filename=mtr2.exe
Confirmed=X
Description=Added by the KRYPTONIC GHOST TROJAN!
[mual]
Filename=mual.exe
Confirmed=U
Description=Millesky video mail updater and launcher
[muamgr]
Filename=muamgr.exe
Confirmed=U
Description=Quick access to MicroAngelo 5.0. It can make the background of the icon text transparent and also change the color of the shortcut's text to a color you want. Very useful, if you have a wallpaper. Available via Start -> Programs
[mufix]
Filename=mufix.exe
Confirmed=?
Description=Part of INFOConnect, web-based, enterprise client configuration, management, and deployment software, as used by ABSS (a financial management system used by the US military which will allow purchase request packages to be electronically submitted to contracting, and which also facilitates electronic receipt of items and EFT) - <font color="#FF0000">what does it do and is it required</font>
[multi-function keyboard]
Filename=GWHotkey.exe
Confirmed=U
Description=Software that sets up the Gateway AnyKey keyboard shortcuts (a series of buttons that allow one-click access to e-mail, browser, volume and CD/DVD controls, etc)
[multicam initializer]
Filename=MCamBoot.exe
Confirmed=U
Description=The MultiCAM Initializer is part of the MultiCAM software package provided by <a href="http://www.vistaimaging.com/multicam.htm" target="_blank">Vista Imaging</a> in order to run up to 10 USB ViCAM or 3Com Home Connect PC Digital cameras on a single computer. Clears itself from memory once initialized but can also be safely disabled
[multimedia codecs]
Filename=mcc.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloadermb.html" target=_blank>DLOADER-MB</a> TROJAN!
[multimedia kbd]
Filename=MMKeybd.exe
Confirmed=U
Description=Multimedia keyboard manager. Required if you use the additional keys
[multimedia keyboard]
Filename=MMKeybd.exe
Confirmed=U
Description=Multimedia keyboard manager. Required if you use the additional keys
[multiran]
Filename=multiran.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojcosiame.html" target=_blank>COSIAM-E</a> TROJAN!
[multires]
Filename=MultiRes.exe
Confirmed=U
Description=<a href="http://www.entechtaiwan.com/" target="_blank">MultiRes</a> - system tray utility allowing quick access to changing desktop resolutions and has the ability to lock the screen refresh rate in WinNT/2K/XP
[mups]
Filename=MUPS.exe
Confirmed=U
Description=Lauches the <a href="http://www.belkin.com/" target="_blank">Belkin</a> Bulldog Plus Service - required if you want to access the UPS advanced functions
[murphy shield]
Filename=lmgui.exe
Confirmed=Y
Description=Firewall part of <a href="http://www.bitdefender.com/" target="_blank">BitDefender</a> virus scanner/firewall
[music01 server]
Filename=Music01 Server.exe
Confirmed=N
Description=J River <a target="_blank" href="http://www.musicex.com/mediajukebox/">Media Jukebox</a>
[musirc (irc.music.com) client]
Filename=musirc4.71.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RANDEX.Q" target=_blank>RANDEX.Q</a> WORM!
Description=<a href="http://www.screenscenes.com/product.html?screensaver=MagicWaterfall" target=_blank>MagicWaterfall</a> screensaver. The freeware version comes with GAIN branded ads (pop-ups and others). ScreenScenes do however offer you the option of doing away with the ads by purchasing the screensaver for a whopping $30...
[mwavscan]
Filename=mwavscan.com
Confirmed=U
Description=MicroWorld Anti Virus Toolkit is a free anti-virus scanner that runs on-demand. You can choose to scan your entire system, including memory, services, starup items and registry, or only scan files in a specified folder or drive
[mwproeng]
Filename=MWProEng.exe
Confirmed=N
Description=Logitech Mouseware Pro software - only required when using special functions
Description=<a href="http://help.funwebproducts.com/ns/myway-websearch.html" target=blank>My Way Search/My Web Search Toolbar</a> - "browser search tool compatible with IE (4.x or above) and Netscape 4.x. The Toolbar displays algorithmic search results from Google, Ask Jeeves, Yahoo and LookSmart, along with sponsored listings, primarily from Google." Older versions had security issues but the current versions do not
[mwsvm]
Filename=mwsvm.exe
Confirmed=X
Description=SeekSeek search hijacker related - as seen <a href="http://www.net-integration.net/cgi-bin/forum/ikonboard.cgi?act=ST&f=32&t=6790&st=0&&#entry34543" target="_blank"> here</a>
[mxhlp32]
Filename=MxHLp32.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_VAGRNOCK.12" target="_blank">VAGRNOCKER</a> TROJAN!
[mxo auto loader]
Filename=MXOaldr.exe
Confirmed=U
Description=Maxtor includes a driver to bypass the Windows certified drivers check just when it detects an external drive. MXOaldr.exe is installed with the new driver and if disabled the button on a Maxtor OneTouch External Store no longer functions
[mxobg]
Filename=MXOALDR.EXE
Confirmed=U
Description=Maxtor includes a driver to bypass the Windows certified drivers check just when it detects an external drive. MXOaldr.exe is installed with the new driver and if disabled the button on a Maxtor OneTouch External Store no longer functions
[mxrunner]
Filename=MxRunner.exe
Confirmed=U
Description=<a href="http://www.aladdinsys.com/easyuninstall/" target="_blank">EasyUninstall</a> from Aladdin Systems (formerly by Ontrack)
[my agent]
Filename=msagent.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_NEGASMS.A" target="_blank">NEGASMS.A</a> TROJAN!
[my app]
Filename=SMSSvc.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_NEGASMS.A" target="_blank">NEGASMS.A</a> TROJAN!
Description=System tray notification for McAfee <a href="http://www.mcafeeasap.com/content/virusscan_asap/default.asp" target="_blank">VirusScan ASaP</a> on-line scanner. Not required to be protected but you lose notifications
[myav]
Filename=avpguard.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.j@mm.html" target="_blank">NETSKY.J</a> WORM!
[mycio agent service]
Filename=myagtsvc.exe
Confirmed=Y
Description=McAfee <a href="http://www.mcafeeasap.com/content/virusscan_asap/default.asp" target="_blank">VirusScan ASaP</a> Agent service
[mycio.com asap]
Filename=MyAgtTry.exe
Confirmed=U
Description=System tray notification for McAfee <a href="http://www.mcafeeasap.com/content/virusscan_asap/default.asp" target="_blank">VirusScan ASaP</a> on-line scanner. Not required to be protected but you lose notifications
[mycio.com splash]
Filename=Splash.exe
Confirmed=N
Description=Splash screen for McAfee <a href="http://www.mcafeeasap.com/content/virusscan_asap/default.asp" target="_blank">VirusScan ASaP</a> on-line scanner
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_HOLAR.A" target="_blank">HOLAR.A</a> WORM!
[mynetwatchman]
Filename=nwclient.exe
Confirmed=U
Description=Sends your firewall alerts to a <a href="http://www.mynetwatchman.com/" target="_blank">website</a>, which then filters them and forwards details of suspicious activities to the host ISP they originated from. Only needs to be running when your firewall is running
[mypointspointalert]
Filename=wjview ...MyPointsPointAlertrun.exe
Confirmed=X
Description="With MyPoints you can earn rewards from name-brand merchants. You can even earn vacations and frequent flyer miles". Dubious privacy policy
[myprint mileage]
Filename=mpm.exe
Confirmed=U
Description=Reports battery status on a portable printer
[myslscan]
Filename=msvc32.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forboteh.html" target=_blank>FORBOT-EH</a> WORM!
[mysoft]
Filename=winexplor.exe
Confirmed=X
Description=Browser hijacker, also detected as the <a href="http://www.sophos.com/virusinfo/analyses/trojstartpajr.html" target= blank>STARTPA-JR</a> TROJAN!
[mysoftware newsflash]
Filename=Newsflsh.exe
Confirmed=?
Description=<font color="#FF0000">??</font>
[myteksystrayexepath]
Filename=MyTekSystray.exe
Confirmed=U
Description=<a href="http://www.mytek.com.au/" target="_blank">MyTek</a> system tray - web site providing computer tech support in Australia
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojremadmc.html" target=_blank>REMADM-C</a> TROJAN!
[myvitalagent]
Filename=VtlAgent.exe
Confirmed=U
Description=<a href="http://www.qip.lucent.com/qip/spectra/invoke.cfm?id=FBAD6307%2D6CCA%2D4CC3%2D851F5D42DB652AB2&Method=DisplayDetails" target="_blank">MyVitalAgent</a> from Lucent Technologies. Replacement for Net.Medic, monitoring all popular internet transactions and alerting the user of the loaction of connection problems. Available via Start -> Programs
[mywebsearch email plugin]
Filename=mwsoemon.exe
Confirmed=U
Description=<a href="http://help.funwebproducts.com/ns/myway-websearch.html" target=blank>My Way Search/My Web Search Toolbar</a> - "browser search tool compatible with IE (4.x or above) and Netscape 4.x. The Toolbar displays algorithmic search results from Google, Ask Jeeves, Yahoo and LookSmart, along with sponsored listings, primarily from Google." Older versions had security issues but the current versions do not
[n2ptray]
Filename=Net2fone.exe
Confirmed=U
Description=An Internet telephony application. Needed only if you have an account at <a href="http://web.net2phone.com/" target="_blank">Net2Phone, Inc</a>
[nadaemon]
Filename=NADAEMON.EXE
Confirmed=N
Description=Program by <a href="http://www.netactive.com/" target="_blank">NetActive</a> which appears to be piggybacked onto some Nvidia graphics cards software. They seem to look after "digital rights management". One user reports disabling it has no detrimental affect - not required
[naggerrunkey]
Filename=nagger.exe
Confirmed=N
Description=Packard Bell Free Internet Signup screen
[naimagent_service]
Filename=EPOAgentnaimas32.exe
Confirmed=Y
Description=Networked version of McAfee VirusScan. Installs, configures and updates the software and DAT (virus definition) files on local computers from a network server. A resource hog but required for DAT updates and if disabled can also cause random freezes and error messages
[name]
Filename=Iexplorer0.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.threadsys.html" target="_blank">THREADSYS</a> TROJAN!
[namedpipe system]
Filename=namedpipe.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobfh.html" target=_blank>MYTOB-FH</a> TROJAN!
[nap32]
Filename=NAP32.exe
Confirmed=X
Description=Premium rate adult content dialler
[narrator]
Filename=******.exe [* = random char]
Confirmed=X
Description=Added by the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=43264" target=_blank>QOOLOGIC</a> TROJAN!
[natal]
Filename=Natal.scr
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.opaserv.ae.worm.html" target="_blank">OPASERV.AE</a> WORM!
[nav]
Filename=RuxDLL32.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.mapson.d.worm.html" target="_blank">MAPSON.D</a> WORM!
[nav auto prot]
Filename=navprot1.exe
Confirmed=X
Description=Added by the <a href="http://de.trendmicro-europe.com/enterprise/security_info/ve_detail.php?VName=WORM_RBOT.ZAC" target=_blank>RBOT.ZAC</a> WORM!
[nav auto update]
Filename=Navautoupdate.exe
Confirmed=X
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html" target="_blank">SPYBOT</a> WORM!
[nav cfgwiz]
Filename=cfgwiz.exe
Confirmed=N
Description=Introduced with Norton Anti-Virus 2002, this is a real resource hog. Many NAV users will find they can live without loading it
[nav configuration wizard]
Filename=cfgwiz.exe
Confirmed=N
Description=Introduced with Norton Anti-Virus 2002, this is a real resource hog. Many NAV users will find they can live without loading it
[nav defalert]
Filename=DefAlert.exe
Confirmed=U
Description=Norton Anti-Virus Definitions Alert. Warns you if virus definitions are out of date. Leave enabled unless you manually update virus definitions on a regular basis
[nav live update]
Filename=[path to worm]
Confirmed=X
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/w32.hllw.deborms.c.html" target="_blank">DEBORMS.C</a> WORM! Note - this is not a valid Norton Anti-Virus (NAV) function from Symantec
[nav scan service]
Filename=NAVSCAN32.EXE
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.VG" target="_blank">SDBOT.VG</a> WORM!
Description=Norton Anti-Virus's background scanning process
[naviscope]
Filename=naviscope.exe
Confirmed=U
Description=<a href="http://naviscope.com/" target="_blank">Naviscope</a> is a multipurpose browser enhancement that can speed up Web searches, lock out cookies, examine HTML send/receive headers, provide single-click network diagnostics, and much more
[navisearch]
Filename=nls.exe
Confirmed=X
Description=NaviSearch, eXact Advertising variant
[navman_20]
Filename=sysnav32.exe
Confirmed=X
Description=Hijacker, possibly a <a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant
[navp.exe]
Filename=navp.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotoe.html" target=_blank>AGOBOT-OE</a> WORM!
[navpass]
Filename=NavPass.exe
Confirmed=X
Description=Free system for gaining access to and downloading from adult content web-sites
[navscan]
Filename=[filename]
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.obsorb.html" target="_blank">OBSORB</a> TROJAN!
[navscan32.exe]
Filename=NAVSCAN32.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotdo.html" target=_blank>SDBOT-DO</a> WORM!
[navscanner32]
Filename=NAVSCANNER32.EXE
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.QC" target="_blank">RBOT.QC</a> WORM!
[navupd]
Filename=rundll32.exe navupd.dll, Startup
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.navu.html" target="_blank">NAVU</a> TROJAN!
[nav_update]
Filename=NAV_Update.exe
Confirmed=X
Description=Unidentified WORM or TROJAN!
[nawadll32]
Filename=nawadll32.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotzi.html" target=_blank>SDBOT-ZI</a> WORM!
[nawdll32]
Filename=nawdll32.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotzm.html" target=_blank>SDBOT-ZM</a> WORM!
[nb common dialog enhancements]
Filename=COMDLGEX.EXE
Confirmed=N
Description=Part of McAfee Nuts & Bolts. With Common Dialog Enhancements, you can add MRU list box to open dialogs
[nb start menu]
Filename=STARTM.EXE
Confirmed=N
Description=Part of McAfee Nuts & Bolts. Provides the same control as MSCONFIG and can be used instead if you have N&B
[nb windows patterns]
Filename=WINDBKGND.EXE
Confirmed=N
Description=Part of McAfee Nuts & Bolts. With Background Patterns, you can change background patterns of wizard and dialog windows
[nbj]
Filename=NBJ.exe
Confirmed=U
Description=Ahead Nero <a href="http://www.nero.com/en/631898241464531.html" target="_blank"> BackItUp</a> backup program. Only required for if you have scheduled back-ups
[nbkctrl]
Filename=NbkCtrl.exe
Confirmed=U
Description=Scheduling engine of <a href="http://www.no-panic.com/backup/n_backup.html" target="_blank"> NovaSTOR Backup</a> Service. Only required if scheduling is enabled and wanted - see <a href="http://www.no-panic.com/backup/tech_supt/nbackup7_commandline.html" target="_blank"> here</a>
[nbt system alias]
Filename=[path] repcale.exe [path] beird.exe
Confirmed=X
Description=Added by a variant of the <a href="http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_RANDON.AN" target=_blank>RANDON.AN</a> WORM!
[nbustrce1d]
Filename=nbustrce1D.exe
Confirmed=?
Description=Device driver, possibly CD/DVD - <font color="#FF0000">what exactly is it and is it required in startup?</font>
Description=Norton Change Directory - from the DOS days that allows the user to change directories on their machine without typing the complete path
[nclaunch]
Filename=NCLAUNCH.Exe
Confirmed=?
Description=Part of <a href="http://www.northcode.com/products/swfstudio/index.html" target="_blank">SWF Studio</a> from Northcode Inc - an extension to Flash. Bundled when you create a self-installing screen-saver on Win2K/XP. <font color="#FF0000">Is it required?</font>
[ncs_ss]
Filename=Csinsm32.exe
Confirmed=N
Description=Same as CleanSweep Smart Sweep-Internet Sweep
[nddeagnt]
Filename=NDDEAGNT.EXE
Confirmed=?
Description=WinNT default process. Network Dynamic Data Exchange (DDE) Agent, handles requests for network DDE services
[ndps]
Filename=DPMW32.EXE
Confirmed=U
Description=Novell Distributed Printer Services - part of Novell's <a href="http://www.novell.com/products/netware/" target="_blank">Netware</a> Client and <a href="http://www.novell.com/products/groupwise/" target="_blank"> Groupwise</a> products. Not required if you don't use this feature
Description=ConfigFree Tray on a Toshiba laptop. Tray utility for their network switching application which permits switching network devices and settings with a click on the tray icon. While it is not required, for people who span multiple networks and want an easy way to go from wired to wireless and change addresses and other network settings, it's a must have
[necbar]
Filename=Necbar.exe
Confirmed=N
Description=Nec Assistant; Ark's Navigator, a graphical interface for NEC computers
[necmfk]
Filename=necmfk.exe
Confirmed=Y
Description=NEC wireless keyboard driver
[necutray]
Filename=Necutray.exe
Confirmed=U
Description=Driver for external USB storage devices (hard drives, flsh disks, etc)
[neqprvfy.exe]
Filename=neqprvfy.exe
Confirmed=?
Description=<font color="#FF0000">Appears to be related to the downloading of some application - possibly verifying updates?</font>
[nero]
Filename=shch.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojbdooreb.html" target= blank>EB</a> TROJAN!
[nero checker]
Filename=nerocheck.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojproxyx.html" target=_blank>PROXY-X</a> TROJAN! Note - this is not related to "Nero Burning Rom" CD writing software
[nero updater.6.12]
Filename=wmp9.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotaag.html" target=_blank>AGOBOT-AAG</a> WORM!
[nero.ma]
Filename=***.exe [*** = 2 to 3 digits]
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.jonbarr.d@mm.html" target="_blank">JONBARR.D</a> WORM!
[neroautostartclient]
Filename=NeroASM.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.VG&VSect=T" target=_blank>AGOBOT.VG</a> WORM!
[nerofiltercheck]
Filename=NeroCheck.exe
Confirmed=U
Description=Associated with "Nero Burning Rom" CD writing software. Checks for driver issues
[neroloader]
Filename=NeroLoader.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancbanej.html" target=_blank>BANCBAN-EJ</a> TROJAN!
[neronettrayicon]
Filename=NNServiceCtrl.exe
Confirmed=N
Description=System tray access to <a href="http://www.nero.com/us/631898255953125.html" target="_blank">NeroNET</a> - Ahead Software's network-capable extension of their CD/DVD burning program. NeroNET allows a burner to be shared across a network
[neroupdater6.8]
Filename=winjava.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.co.jp/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.AMK" target=_blank>AGOBOT.AMK</a> WORM!
[net]
Filename=WINREG.EXE
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.assasin.d.html" target="_blank">ASSASIN.D</a> TROJAN!
[net accelerator]
Filename=NetAccelerator.exe
Confirmed=U
Description=<a href="http://www.rizalsoftware.com/" target="_blank">Rizal</a> NetAccelerator - "Optimizing Dial-Up, Lan, Cable, DSL, and Satellite connections do you want to speed up your Internet access up to 200% - 300% ???". Only required if you find it helps improve your performance
[net activity diagram]
Filename=nad.exe
Confirmed=U
Description=<a href="http://www.metaproducts.com/mp/mpProducts_Detail.asp?id=20" target="_blank">Net Activity Diagram</a> from MetaProducts. Monitors your computer internet activity. Available via Start -> Programs
[net bios stats]
Filename=ntbstats.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotzx.html" target=_blank>SDBOT-ZX</a> WORM!
[net-it launcher]
Filename=NILaunch.exe
Confirmed=N
Description=<a href="http://www.net-it.com/" target="_blank">Net-It</a> - web publishing software
[netaccelerator]
Filename=NetAccel.exe
Confirmed=U
Description=<a href="http://www.netaccelerator.net/" target="_blank">NetAccelerator</a> is a "software utility that optimizes your internet access up to 1200% faster!. NetAccelerator speeds all modems allowing you to download faster, browse faster, surf faster!. Only required if you find it helps improve your performance
[netadm7]
Filename=NETADM7.EXE
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.bancos.f.html" target="_blank">BANCOS.F</a> TROJAN!
[netapi]
Filename=Netapi.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_NETDEVIL.14" target="_blank">NETDEVIL.14</a> TROJAN!
[netapi32]
Filename=netapi32.exe
Confirmed=X
Description=Added by an unidentified TROJAN!
[netapp]
Filename=winserv.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SHADOWTHIEF" target="_blank">SHADOWTHIEF</a> TROJAN!
[netbios helper]
Filename=nbthlp.exe
Confirmed=X
Description=Added by the <a href="http://vil.nai.com/vil/content/v_134470.htm" target=_blank>BANKER.Y</a> TROJAN!
[netconfig]
Filename=netconfig.exe
Confirmed=X
Description=Added by the <a href="http://www.pestpatrol.com/PestInfo/n/netware_trojan_v1_0.asp" target="_blank">NETCONF</a> TROJAN!
[netcruiser dialer]
Filename=NCDialer.exe
Confirmed=U
Description=<a href="http://www.netcruiser-software.com/products.html" target="_blank">NetCruiser Dialer</a> from NetCruiser Software. "An Internet dialer and connection monitor with features to launch applications when a connection is detected, dial and hangup at predefined times and automatic redialing of dropped connections"
[netdaemon]
Filename=netdaemon /v
Confirmed=X
Description=Malware designed to "kill" a number of antispyware applications (SpyBot, Giant, SpyDoctor, SpySweeper, SpyHunter, Anvir, WinPatrol, and more)
[netdll32]
Filename=netdll32.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A" target="_blank">CRYPTER.A</a> TROJAN!
[netdllex]
Filename=netdllex.Exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A" target="_blank">CRYPTER.A</a> TROJAN!
[netdy]
Filename=VisualGuard.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.n@mm.html" target="_blank">NETSKY.N</a> or <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.w@mm.html" target="_blank">NETSKY.W</a> WORMS!
[netfp32.exe]
Filename=NETFP32.EXE
Confirmed=X
Description=Added by the AGENT.CD TROJAN!
[netfxupdate]
Filename=netfxupdate.exe
Confirmed=?
Description=<font color="#FF0000">Would appear to be a valid Microsoft .NET file (see <a href="http://support.microsoft.com/default.aspx?scid=kb;en-us;827801" target="_blank">here</a>) but <a href="http://www.techsupportforum.com/computer/topic/8189-1.html" target="_blank"> this</a> suggest's it's a trojan?</font>
[netfxupdate_v1.0.3705]
Filename=netfxupdate.exe
Confirmed=?
Description=<font color="#FF0000">Would appear to be a valid Microsoft .NET file (see <a href="http://support.microsoft.com/default.aspx?scid=kb;en-us;827801" target="_blank">here</a>) but <a href="http://www.techsupportforum.com/computer/topic/8189-1.html" target="_blank"> this</a> suggest's it's a trojan?</font>
[netguard]
Filename=NetGuard.exe
Confirmed=U
Description=FBM Software ZeroSpyware 2004 spyware detector and remover - real time monitor
[nethost.exe]
Filename=[path to file]
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojperdaj.html" target=_blank>PERDA-J</a> TROJAN!
[netlimiter]
Filename=Netlimiter.exe
Confirmed=U
Description=<a href="http://www.netlimiter.com/" target="_blank">Netlimiter</a> - "An internet traffic control tool to monitor applications which access the internet and actively control their internet traffic. Use it o set (download/upload) speed limits for applications or even single connection. NetLimiter also allows you to share your internet connection bandwidth among all applications running on your PC."
[netline user]
Filename=netchk.exe
Confirmed=N
Description=Netline supplies internet related products and services and this program identifies user ID and IP information. Found installed along with the Falcon 4 game, for example
[netlink]
Filename=netlink32.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.wo.html" target="_blank">GAOBOT.WO</a> WORM!
[netlogon]
Filename=userint.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotbc.html" target=_blank>SDBOT-BC</a> WORM!
[netmanagerservice]
Filename=ntss.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_BESTPICS.A" target="_blank">BESTPICS.A</a> TROJAN!
[netmon]
Filename=netmon.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.mimail.m@mm.html" target="_blank">MIMAIL.M</a> WORM!
[netmonw]
Filename=Netmonw.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbdoorfx.html" target=_blank>BDOOR-FX</a> TROJAN!
[netmsg]
Filename=netmsg.exe
Confirmed=U
Description=<a href="http://users.pandora.be/Grrrippp/" target=_blank>Net_Message</a> is a small tool to send messages across the network, using the Windows Messenger Service, so there is no client install required to receive the messages. It has a number of other features as well
Description=Malware, probably a <a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant
[netpersec]
Filename=NetPerSec.exe
Confirmed=N
Description=<a href="http://www.pcmag.com/article2/0,4149,1735,00.asp" target="_blank">NetPerSec</a> - measures the real-time speed of your Internet connection
[netpumper]
Filename=NetPumperIEProxy.exe
Confirmed=N
Description=<a href="http://www.netpumper.com/" target=_blank>NetPumper</a> download manager - bundles Cydoor and SaveNow adware, see <a href="http://www.kephyr.com/spywarescanner/library/netpumper/index.phtml" target=_blank>here</a>
[netreach]
Filename=nrcheck.exe
Confirmed=X
Description=Added by an unidentified VIRUS, WORM or TROJAN!
[netropa internet receiver]
Filename=Netropa.exe
Confirmed=X
Description=Netropa Internet Receiver. Shows a scrolling bar with the news. Major resource hog and flagged as spyware
[netrun]
Filename=NetRun.exe
Confirmed=U
Description=<a href="http://www.czarsoft.shorturl.com/" target="_blank">NetRun</a> - will 'RUN' a 'List' of programs only when a internet connection is detected, and close/kill the same 'List' when the connection is lost
[netscape messenger]
Filename=NETSCAPE.EXE
Confirmed=N
Description=In Netscape 6 (I know for sure with 6.2.1, maybe with 6.0) Netscape.exe is the main executable file for Netscape Navigator, Netscape Mail and News, and Netscape Messenger (the new name for the embedded AIM, no doubt to make it sound like Windows Messenger, the XP version of MSN Messenger). Basically, netscape.exe can be more than just Netscape Messenger, and Messenger can be more then just AIM in disguise, depending on the version of Netscape installed
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojqqpassdu.html" target=_blank>QQPASS-DU</a> TROJAN!
[netshow powerpoint helper]
Filename=NSPPTHLP.EXE
Confirmed=U
Description=If disabled, user created fonts can no longer be seen by other programs
[netstart]
Filename=svchost.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mkara.html" target=_blank>MKAR-A</a> VIRUS! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a NETSTART subfolder
[netstat live]
Filename=Nsl.exe
Confirmed=N
Description=AnalogX <a href="http://www.analogx.com/contents/download/network/nsl.htm" target="_blank">NetStat Live</a> - TCP/IP protocol monitor which can be used to see your exact throughput on both incoming and outgoing data
[netsv32]
Filename=netsv32.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotpx.html" target="_blank">SDBOT-PX</a> WORM!
[nettime]
Filename=NETTIME.EXE
Confirmed=U
Description=From a visitor - "This is the executable for NetTime. It is started from the registry when you check the box to start at startup. NetTime allows you to synchronize your computers' clock with a server on your local net or the internet using any of several protocols, e.g. NTP."
[netturbo]
Filename=netturbo.exe
Confirmed=U
Description=<a href="http://www.netturbo.com/" target="_blank">NetTurbo</a> from SharewareOnline.com. "Accelerate Your Internet Connections by up to 600%". If you find it helps your connectivity leave it enabled
[netunit32]
Filename=wunit32.exe
Confirmed=X
Description=Added by an unidentified WORM or TROJAN!
[netvisionpasse-partout]
Filename=Passe-partout.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/dialdialcarm.html" target=_blank>DIALCAR-M</a> DIALER!
[netwatch32]
Filename=netwatch.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.mimail.c@mm.html" target="_blank">MIMAIL.C</a> WORM!
[netword agent]
Filename=nwant33.exe
Confirmed=N
Description=An interesting browser utility that allows you to navigate by typing a single word or phrase (a "NetWord") related to what you're looking for into your browser's location field. It also puts an icon in the system tray icon that is a circle with the letter N in the center to access the menu faster. Available via Start -> Programs
[network]
Filename=csrs.exe
Confirmed=X
Description=Added by the <a href="http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?VName=WORM_AGOBOT.JJ" target="_blank">AGOBOT.JJ</a> WORM!
[network access]
Filename=winssh.exe
Confirmed=X
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
[network administration]
Filename=NAS.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.antilam.20.q.html" target="_blank">ANTILAM.20.Q</a> TROJAN!
[network administration service]
Filename=rsvc32.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.ABH" target=_blank>RBOT.ABH</a> WORM!
[network associates error reporting service]
Filename=TBMon.exe
Confirmed=U
Description=Network Associates Error Reporting Tool - tool traps errors and requests submission to NAI for the purpose of betatesting new software
[network connections]
Filename=internat.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojvbzd.html" target=_blank>ZD</a> TROJAN!
[network device driver]
Filename=msfirewall.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdelflb.html" target=_blank>DELF-LB</a> TROJAN!
[network device switch]
Filename=NetDevSW.exe
Confirmed=U
Description=Toshiba laptops with built-in Wi-Fi. Allows switching between Wi-Fi and internal ethernet. Only necessary if you have regular need to switch back and forward between these network interfaces. Located in Startup folder so make own shortcut to it and disable if not really necessary
[network host controller]
Filename=[path to trojan]
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.whisper.html" target="_blank">WHISPER</a> TROJAN!
[network security]
Filename=secsvc.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotalx.html" target=_blank>RBOT-ALX</a> WORM!
[networkassociates inc]
Filename=internet.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.lovgate@mm.html" target="_blank">LOVGATE</a> WORM!
[networkclient]
Filename=NetworkClient.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.lemur.html" target="_blank">LEMUR</a> WORM!
[networkkey]
Filename=netkey.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojircbotaj.html" target=_blank>IRCBOT-AJ</a> TROJAN!
[networks configurator]
Filename=NetConfs.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotox.html" target=_blank>RBOT-OX</a> WORM!
[networks controler]
Filename=Netsis.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotng.html" target=_blank>RBOT-NG</a> WORM!
[networksetup]
Filename=dlink.exe
Confirmed=N
Description=<a href="http://www.dlink.com/tech/faq/dlink-icon.htm" target="_blank">D-Link</a> System Tray icon
[netzip smart downloader]
Filename=npnzdad.exe
Confirmed=X
Description=Advertising spyware
[netzipfolders]
Filename=nzfprop.exe
Confirmed=N
Description=<a href="http://www.netzip.com/products/info_netzip_win.html?src=site,netzip,plugin,nzc" target="_blank">Netzip Classic</a> zip file manager
[neuromedia(iespeaker)]
Filename=NeuroMedia.exe
Confirmed=X
Description=Part of an older freeware version of <a href="http://www.iespeaker.com" target="_blank"> IESpeaker</a> - a program that allows you to listen to web pages. NeuroMedia.exe only downloads advertisments. Not included in the paid-for version currently available
[neurospeech oespeaker]
Filename=OEMonitor.exe
Confirmed=N
Description=Part of <a href="http://www.iespeaker.com" target="_blank"> OESpeaker</a> - a program that allows you to listen to long E-mails instead of reading them in Outlook Express. OEMonitor.exe checks whether OE is open or not
[new csnm manager]
Filename=csmn.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.BZS&VSect=P" target=_blank>SDBOT.BZS</a> WORM!
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlineageat.html" target=_blank>LINEAGE-AT</a> TROJAN! Note - This trojan file is found in the Windows\java or Winnt\java folder
[news service]
Filename=ispnews.exe
Confirmed=?
Description=<a href="http://www.f-secure.com/solutions/home.shtml" target="_blank">F-Secure</a> antivirus related. <font color="#FF0000" target="_blank">However, is this particular item required?</font>
[newsalrt]
Filename=NEWSALRT.EXE
Confirmed=N
Description=MSNBC News system tray utility to alert you to new news
[newsgroup lptt01]
Filename=newsgroup.exe
Confirmed=X
Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "newsgroup" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a ref="http://www.wilderssecurity.net/specialinfo/rapidblaster.html#removal" target="_blank"> here</a>
[newsgroup ml097e]
Filename=newsgroup.exe
Confirmed=X
Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "newsgroup" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a ref="http://www.wilderssecurity.net/specialinfo/rapidblaster.html#removal" target="_blank"> here</a>
[newsupd]
Filename=newsupd.exe
Confirmed=N
Description=For Creative Soundblaster Live! series soundcards. System tray application for News updates. Available via Start -> Programs. Also spyware - see <a href="http://cexx.org/newsupd.htm" target="_blank">here</a>.
Description=Appears in startup if you have chosen to participate in on survey by <a href="http://www.npdor.com/" target="_blank"> NPD Online Research</a>. Required for the survey to work correctly. Otherwise not required
[nforce tray options]
Filename=sstray.exe
Confirmed=N
Description=nVidia nForce Taskbar Utility - quick access to the nForce2 "Sound Storm" control panel and related utilitys
[ngclient]
Filename=ngctw32.exe
Confirmed=U
Description=Symantec Ghost Server software - needed for a "a Ghost multicast" (transfer images to multiple machines). Can be launched manually
Description=WinFixer web installer. Winfixer is "Foistware", pretending to be system optimization, protection and recovery software - stealth installed, see <a href="http://research.sunbelt-software.com/threat_display.cfm?name=misc.winsoftware.winfixer&threatid=40196" target=_blank>here</a>
[ni.uwfx5lp_0001_0802]
Filename=UWFX5LP_0001_0802NetInstaller.exe
Confirmed=X
Description=WinFixer web installer. Winfixer is "Foistware", pretending to be system optimization, protection and recovery software - stealth installed, see <a href="http://research.sunbelt-software.com/threat_display.cfm?name=misc.winsoftware.winfixer&threatid=40196" target=_blank>here</a>
[ni.uwfx5lp_0001_0803]
Filename=UWFX5LP_0001_0803NetInstaller.exe
Confirmed=X
Description=WinFixer web installer. Winfixer is "Foistware", pretending to be system optimization, protection and recovery software - stealth installed, see <a href="http://research.sunbelt-software.com/threat_display.cfm?name=misc.winsoftware.winfixer&threatid=40196" target=_blank>here</a>
[ni.uwfx5t]
Filename=UWFX5TNetInstaller.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdownldrbo.html" target=_blank>DOWNLDR-BO</a> TROJAN!
[ni.uwfx5v_0001_0802]
Filename=UWFX5V_0001_0802NetInstaller.exe
Confirmed=X
Description=WinFixer web installer. Winfixer is "Foistware", pretending to be system optimization, protection and recovery software - stealth installed, see <a href="http://research.sunbelt-software.com/threat_display.cfm?name=misc.winsoftware.winfixer&threatid=40196" target=_blank>here</a>
[nicedownloads]
Filename=rundll32.exe MSA64CHK.dll, DllMostrar
Confirmed=X
Description=<a href="http://research.sunbelt-software.com/threat_display.cfm?name=MatrixDialer&threatid=14914&search=MatrixDialer" target=_blank>MatrixDialer</a> related
[nielsen netratings]
Filename=insight.exe
Confirmed=N
Description=<a href="http://www.nielsen-netratings.com/mktg.jsp?section=ps" target="_blank">Nielsen NetRatings</a> - "Provides real-time research and analysis about Internet users, delivering the timely, actionable data you need to make critical business decisions on your competition, your Web siteÆs audience and your customers". <font color="#FF0000">Is it required?</font>
[nihomeam]
Filename=LiteClientAM.exe
Confirmed=U
Description=A managed web based internet security service that provides comprehensive & total protection for laptops/desktops - regardless of how, when or where they connect to the Internet. Made by <a href="http://www.netintelligence.com/" target=_blank>Netintelligence Ltd</a>
[niklaus]
Filename=nikLaus.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.niklas.html" target="_blank">NIKLAS</a> WORM!
[ninit]
Filename=NInit.exe
Confirmed=N
Description=Norton Uninstall Deluxe. Monitors programs being installed and logs them for removing later. Available via Start -> Programs for manual logging - not required
[nisserv]
Filename=NISSERV.EXE
Confirmed=Y
Description=Norton Personal Firewall
[nisum]
Filename=NISUM.EXE
Confirmed=Y
Description=Norton Personal Firewall
[nisvcloc]
Filename=niSvcLoc.exe
Confirmed=U
Description=Related to National Instruments Corp. <a href="http://www.ni.com/labview/" target=_blank>LabView</a>
[njg40]
Filename=NJG40.EXE
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.bancos.d.html" target="_blank">BANCOS.D</a> TROJAN!
[nkbmonitor]
Filename=NkbMonitor.exe
Confirmed=N
Description=Part of <a href="http://www.symantec.com/avcenter/venc/data/spyware.cmkeylogger.html" target=blank>Nikon PictureProject</a> - image management for Nikon digital cameras
[nkvmon.exe]
Filename=NkvMon.exe
Confirmed=N
Description=Nikon View 5 - for transferring pictures from Nikon digital cameras
[nkvwmon.exe]
Filename=NkVwMon.exe
Confirmed=N
Description=Nikon View - for transferring pictures from Nikon digital cameras
[nls keyboard]
Filename=keyboard.exe
Confirmed=X
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html" target=_blank>SPYBOT</a> WORM!
[nls monitor]
Filename=nlsmon.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaxj.html" target=_blank>RBOT-AXJ</a> WORM!
[nmbgmonitor]
Filename=NMBgMonitor.exe
Confirmed=?
Description=Associated with the Nero digital media suite - <font color="#FF0000">what does it do and is it required?</font>
[nmgr]
Filename=nnmgr.exe
Confirmed=X
Description=Added by the <a href="http://www.sarc.com/avcenter/venc/data/adware.fftoolbar.html" target=_blank>Adware.FFToolBar</a> adware toolbar
[nmssvc]
Filename=NMSSVC.EXE
Confirmed=?
Description=NIC Management Service - diagnostics program for Intel Pro family network cards
[nmsvc]
Filename=nmSvc.exe
Confirmed=Y
Description=<a href="http://www.covenanteyes.com/about.php" target="_blank">Covenant Eyes</a> - surveillance software that creates records of everything people do on a computer, ie, spying or monitoring depending upon how you call it. Disabling it means loss of internet connection until renabled - therefore required if you use it
[nmtaskbarservice]
Filename=nMtsk.exe
Confirmed=?
Description=Taskbar control for ISDN <a href="http://netmod.intracom.gr/" target=_blank>NetMod</a> modem. <font color="#FF0000">What does it do and is it required?</font>
[nnqcouu]
Filename=nnqcouu.exe
Confirmed=X
Description=<a href="http://www.geekstogo.com/forum/The_ABI_Network-t42642.html" target="_blank">The Abi Network</a> adware
[nnsvc]
Filename=nnsvc.exe
Confirmed=U
Description=<a href="http://www.netnanny.com/products/netnanny5/index.html" target="_blank">NetNanny</a> internet filter
[no credit card]
Filename=plugin-[random].exe
Confirmed=X
Description=Adult content pop-up dialler
[no-ip duc]
Filename=DUC20.exe
Confirmed=U
Description=Part of <a href="http://www.no-ip.com" target="_blank">http://www.no-ip.com</a> provided service. Keeps No-IP's dynamic nameserver (DNS) updated if and when your computer's (network's) dynamic IP-address changes so that you can run servers on computers with dynamic IP. Shortcut available
[noads]
Filename=NoAds.exe
Confirmed=U
Description=Blocks advertisement banners in Internet Explorer
[noadware]
Filename=NoAdware.exe
Confirmed=U
Description=NoAdware Adware/Spyware remover - initially considerered a "rogue" program - see <a href="http://www.adwarereport.com/mt/archives/000023.html" target=_blank>here</a>. Has since apparently mended its ways: see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm#naw_note" target=_blank>note</a>
[noadware3]
Filename=NoAdware3.exe
Confirmed=U
Description=NoAdware Adware/Spyware remover - initially considerered a "rogue" program - see <a href="http://www.adwarereport.com/mt/archives/000023.html" target=_blank>here</a>. Has since apparently mended its ways: see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm#naw_note" target=_blank>note</a>
[nocana]
Filename=[path to worm]
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32anaconb.html" target=_blank>ANACON-B</a> WORM!
[nod32 free antivirus]
Filename=nod32krn.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaao.html" target=_blank>RBOT-AAO</a> WORM! Note - not the popular free <a href="http://www.nod32.com/home/home.htm" target=_blank>Nod32</a> antivirus software, which shares the same filename
[nod32cc]
Filename=nod32cc.exe
Confirmed=U
Description=Control Center part of Eset's <a href="http://www.nod32.com/home/home.htm" target="_blank">NOD32</a> virus-scanner. Leave this enabled if you want to update your virus data files via the click of a button
[nod32kernel]
Filename=Nod32krn.exe
Confirmed=Y
Description=<a href="http://www.nod32.com/home/home.htm" target="_blank">Nod32</a> Antivirus Version 2
[nod32kui]
Filename=nod32kui.exe
Confirmed=Y
Description=<a href="http://www.nod32.com/home/home.htm" target="_blank">Nod32</a> Antivirus Version 2
[nod32pop3]
Filename=Pop3scan.exe
Confirmed=Y
Description=POP3 E-mail part of Eset's <a href="http://www.nod32.com/home/home.htm" target="_blank">NOD32</a> virus-scanner
[nod3d2 free antivirus]
Filename=N0D32KRN.EXE
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotabq.html" target= blank>RBOT-ABQ</a> WORM!
[nodemnger]
Filename=Nodemngr.exe
Confirmed=?
Description=<font color="#FF0000">Part of the Dell OpenManage Client installation - to allow Dell representatives to remote logon?</font>
[nodriver]
Filename=AUEKXRZ.EXE
Confirmed=X
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html" target="_blank">SPYBOT</a> WORM!
Description=Monitors the infrared port, the serial ports and the Bluetooth for a Nokia phone connection. It is installed by the Nokia PC Suite (and Nokia PC Connectivity SDK), and the tray icon shows if a phone has been connected. If you have a conflict with another program, such as TV tuner card remote control monitor, you can disable it, and run only when needed. Available via a desktop shortcut or Start -> Programs - not required
[nokia tray application]
Filename=NclTray.exe
Confirmed=U
Description=Nokia PC Suite 5 - "A collection of powerful tools that you can use to manage your phone features and data." Synchronize the phone with, for example Outlook. You can also use it to browse your phone, edit the phone list and so on
[nomad detector]
Filename=ctnmrun.exe
Confirmed=U
Description=Detects the Creative NOMAD jukebox/MP3 player at the time it is attached to USB and starts the needed application (Creative PlayCentre 2) that you use to copy MP3 files to and from it. This is required if you want PlayCentre 2 to take control of the NOMAD once connected
[nomdcheck]
Filename=nomdchek.exe
Confirmed=N
Description=Part of Intel's Native Audio
[nomtray]
Filename=nomtray.exe
Confirmed=U
Description=System Tray access to NetMotion Wireless options - including connectivity status (see <a href="http://www.netmotionwireless.com/support/technotes/2140.asp" target=_blank>here</a>)
[norman zanda]
Filename=ZLH.EXE
Confirmed=U
Description=System Tray icon for <a href="http://www.norman.com/" target="_blank">Norman Antivirus</a>
[norten software intrenet]
Filename=norten.pif
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotawa.html" target=_blank>RBOT-AWA</a> WORM!
[norton antivirus]
Filename=nortonav.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaye.html" target=_blank>RBOT-AYE</a> TROJAN! Note - this is not the real Norton AV!
[norton antivirus 2004]
Filename=SYMANTECAV2.EXE
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32spybotdy.html" target=_blank>SPYBOT-DY</a> WORM! Note - this is not the real Norton AV!
[norton antivirus 7.0a]
Filename=[path to file]
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojperdab.html" target=_blank>PERDA-B</a> or <a href="http://www.sophos.com/virusinfo/analyses/trojranckct.html" target=_blank>RANCK-CT</a> TROJANS!
[norton antivirus av]
Filename=FVProtect.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.p@mm.html" target="_blank">NETSKY.P</a> WORM! Note - this is not the popular AV software!
[norton antivirus sys]
Filename=NAVsys32.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.GEN" target=_blank>WOOTBOT</a> WORM!
[norton auto protect]
Filename=nava.exe
Confirmed=X
Description=Added by an unidentified WORM or TROJAN!
[norton av preload]
Filename=Premend.exe
Confirmed=?
Description=Norton Antivirus related. <font color="#FF0000"> What does it do and is it required</font>
[norton crashguard monitor]
Filename=cgmenu.exe
Confirmed=N
Description=Troublesome program that doesn't actually work with WinME so Norton removed it from SystemWorks 2001
[norton disk doctor]
Filename=Ndd32.exe
Confirmed=N
Description=Norton Disk Doctor from Norton Utilities. Automatically runs at start-up, checking for disk errors. Better than ScanDisk but can be started manually via Start -> Programs. Delete the shortcut in the Start -> Programs -> Startup folder as well
[norton drive protection]
Filename=msdt32.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotgb.html" target=_blank>FORBOT-GB</a> WORM! Note - this not a valid Norton program!
[norton email protect]
Filename=POPROXY.EXE
Confirmed=Y
Description=Proxy E-mail protection from Norton Anti-Virus (prior to 2002). If you have it installed, leave it enabled to automatically check for suspect attachments in E-mails that may contain viruses. It downloads the E-mail into poproxy, which serves as a proxy server on the local machine, before scanning it
[norton firewall]
Filename=[path to trojan]
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankeret.html" target=_blank>BANKER-ET</a> TROJAN!
[norton ghost 9.0]
Filename=GhostTray.exe
Confirmed=N
Description=<a href="http://www.symantec.com/sabu/ghost/ghost_personal/" target=_blank>Norton Ghost</a> tray icon - the application can be launched manually
[norton guard 32]
Filename=ntguard32.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
[norton live update server]
Filename=cpsdv.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.EW" target="_blank">AGOBOT.EW</a> TROJAN!
[norton navigator loader]
Filename=nnloader.exe
Confirmed=N
Description=An older Norton utility for file management under Windows 95. More information <a href="http://www.mg.co.za/mg/pc/history/dec10-nortnavigator.html" target="_blank">here</a>
[norton program scheduler event checker]
Filename=npscheck.exe
Confirmed=?
Description=<font color="#FF0000">Part of Norton Anti-Virus. What does it do? Apparently it can safely be disabled without causing problems. Can also be listed as NPS Event Checker</font>
[norton protect]
Filename=npprotect.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotww.html" target= blank>RBOT-WW</a> WORM!
[norton protect activies]
Filename=csrss.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankercz.html" target=_blank>BANKER-CZ</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target=_blank>csrss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "D5133" subfolder
[norton service driver]
Filename=wsul.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotabi.html" target= blank>RBOT-ABI</a> WORM!
[norton service process]
Filename=navapvc.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target=_blank>AGOBOT/GAOBOT</a> WORM!
[norton spysweeper autoupdate]
Filename=navsw.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotas.html" target="_blank">FORBOT-AS</a> WORM!
[norton system doctor]
Filename=Sysdoc32.exe
Confirmed=N
Description=Norton Disk Doctor from Norton Utilities. Automatically runs at start-up, major resource hog and best started manually form Start -> Programs. Delete the shortcut in the Start -> Programs -> Startup folder as well
[norton systemworks]
Filename=cfgwiz.exe
Confirmed=N
Description=Norton System Works configuration wizard. Reportedly a resource hog. Many users find they can live without loading it
[norton updated]
Filename=NVSV32.EXE
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.ABH&VSect=P" target=_blank>SDBOT.ABH</a> WORM!
[norton wizzard]
Filename=nwiz.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.zx.html" target="_blank">GAOBOT.ZX</a> or <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.adv.html" target="_blank">GAOBOT.ADV</a> WORMS! Note - this is not the valid nVidia application that shares the same name
[norton32]
Filename=norton32.exe
Confirmed=X
Description=Added by an unidentified VIRUS, WORM or TROJAN!
[nortonantivirus]
Filename=LSASS.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.pexmor@mm.html" target=_blank>PEXMOR</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/" target=_blank>lsass.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "Temp" subfolder of the Winnt or Windows folder. It also has nothing to do with Norton AV
[nortons av system]
Filename=scvchost.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
[nortonsantivirus]
Filename=ccEvtMngr.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojhzdoora.html" target=_blank>HZDOOR-A</a> TROJAN!
[nortonvplus]
Filename=svchost.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojroamera.html" target=_blank>ROAMER-A</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which should not normally figure in Msconfig/Startup!
[notebook maximizer]
Filename=maximizer_startup.exe
Confirmed=U
Description=Toshiba Notebook Maximizer software - adjust settings to save battery power and increase efficiency
[notebookmanager]
Filename=nbm.exe
Confirmed=?
Description=<font color="#FF0000">Associated with Acer notebook PCs. What does it do and is it required?</font>
[notepad]
Filename=NOTEPAD.exe
Confirmed=X
Description=Added as the result of the RUSTY VIRUS! Note - not to be confused with the valid Windows "NOTEPAD" text editor! This malware actually changes the default value data of the Registry "Run" key in order to force Windows to launch it at boot. Name field may be empty
[notepad lptt01]
Filename=notepad.exe
Confirmed=X
Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "Notepad" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a ref="http://www.wilderssecurity.net/specialinfo/rapidblaster.html#removal" target="_blank"> here</a>. Note - this is not Windows Notepad which has the same executable name
[notepad ml097e]
Filename=notepad.exe
Confirmed=X
Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "Notepad" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a ref="http://www.wilderssecurity.net/specialinfo/rapidblaster.html#removal" target="_blank"> here</a>. Note - this is not Windows Notepad which has the same executable name
[notepad2.exe]
Filename=popuper.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojpupere.html" target= blank>PUPER-E</a> TROJAN!
[notes]
Filename=notepaad.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BME&VSect=P" target=_blank>RBOT.BME</a> WORM!
[notification utility]
Filename=altpayV2.exe
Confirmed=X
Description=Reported by <a href="http://www.ewido.net/en/" target=_blank>Ewido Security Suite</a> as WeirWeb ADWARE!
[novaportal single user service]
Filename=NPSU.exe
Confirmed=?
Description=<font color="#FF0000">??</font>
[novastorschedulerd]
Filename=SCHENGD.EXE
Confirmed=U
Description=NovaStor NovaBACKUP Scheduler - back-up utility. If you don't have regularly scheduled back-ups you don't need it
[noypi_kang_astig]
Filename=Exit to DosPrompt.pif
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.filukin.a@mm.html" target=_blank>FILUKIN.A</a> WORM!
[npf value]
Filename=NPFMONTR.exe
Confirmed=X
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html" target=_blank>SPYBOT</a> WORM!
[npfmonitor]
Filename=NPFMntor.exe
Confirmed=?
Description=Norton AntiVirus Firewall Install Monitor. <font color="#FF0000">What does it do and is it required?</font>
[nprotect]
Filename=nprotect.exe
Confirmed=U
Description=Norton Protected Recycle Bin from Norton Utilities. Adds an extra layer of safety before you remove deleted files from the Recycled Bin. Can be listed twice which is valid - see <a href="http://service1.symantec.com/SUPPORT/nunt.nsf/e35d98be79cddc2785256951004d59cd/b6cb75a0d23fd6fb8825662f00734a64?OpenDocument&src=bar_sc" target="_blank"> here</a>
[nps event checker]
Filename=npscheck.exe
Confirmed=?
Description=<font color="#FF0000">Part of Norton Anti-Virus. What does it do? Apparently it can safely be disabled without causing problems. Can also be listed as </font>Norton Program Scheduler Event Checker
[ns]
Filename=ns.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agoboths.html" target=_blank>AGOBOT-HS</a> WORM!
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaddc.html" target=_blank>DLOAD-DC</a> TROJAN!
[nsdcmd services]
Filename=nsdcmdav.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target=_blank>AGOBOT/GAOBOT</a> WORM!
[nsdcmd vid process]
Filename=nsdcmdwin.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target=_blank>AGOBOT/GAOBOT</a> WORM!
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotml.html" target=_blank>AGOBOT-ML</a> WORM!
[nsengine]
Filename=Nsengine.exe
Confirmed=U
Description=Scheduling engine of <a href="http://www.no-panic.com/backup/n_backup.html" target="_blank"> NovaSTOR Backup</a> Service. Only required if scheduling is enabled and wanted - see <a href="http://www.no-panic.com/backup/tech_supt/nbackup7_commandline.html" target="_blank"> here</a>
[nshelper]
Filename=aexnsinstallhelper.exe
Confirmed=U
Description=Altiris Express Notification Server Install helper - monitors integrity of the installation
[nssysconf]
Filename=[random filename]
Confirmed=X
Description=Added by the <a href="http://de.trendmicro-europe.com/enterprise/security_info/ve_detail.php?id=59209&VName=TROJ_VIVIA.A&VSect=T" target="_blank">VIVIA.A</a> TROJAN!
[nstat]
Filename=netstat.exe
Confirmed=X
Description=Adult content dialler
[nsupdate]
Filename=NSupdate.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/diallaetb.html" target=_blank>Dial/Laet-B</a> premium rate dialer!
Description=Adware, probably <a href="http://sarc.com/avcenter/venc/data/adware.look2me.html" target=_blank>VX2/Look2Me</a> related
[nsvdr]
Filename=nsvdr.exe
Confirmed=X
Description=Adult content dialler
[nsys]
Filename=nsys.exe
Confirmed=U
Description=<a href="http://www.symantec.com/avcenter/venc/data/spyware.netspy.html" target= blank>NetSpy</a> keystroke logger/monitoring program - remove unless you installed it yourself!
[nsys32]
Filename=nsys32.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotsu.html" target=_blank>AGOBOT-SU</a> WORM!
[nsystemmonitor]
Filename=Symmon.exe
Confirmed=N
Description=Norton Uninstall Deluxe - monitors programs being installed and logs them for removing later. Available via Start -> Programs for manual logging
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.donk.b.html" target="_blank">DONK.B</a> or <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.donk.c.html" target="_blank">DONK.C</a> or <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.donk.l.html" target="_blank">DONK.L</a> or <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.donk.m.html" target="_blank">DONK.M</a> or <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.donk.o.html" target="_blank">DONK.O</a> WORMS!
[nt microsoft svcd]
Filename=ntvsvcd.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
[nt security]
Filename=rundll32.com
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotajc.html" target=_blank>RBOT-AJC</a> WORM!
[nt service]
Filename=NTOKSRNL.EXE
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaag.html" target=_blank>RBOT-AAG</a> WORM!
[nt services]
Filename=ntsvc.exe
Confirmed=X
Description=Added by the <a href="http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_AGOBOT.VJ" target="_blank">AGOBOT.VJ</a> WORM!
[nt virtual machine]
Filename=[path to file]
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32scaerbota.html" target= blank>SCAERBOT-A</a> WORM!
[nt-virtual device manager]
Filename=ntvdmn.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotaaa.html" target=_blank>SDBOT-AAA</a> WORM!
[ntcheck]
Filename=mapserver.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojtompaib.html" target=_blank>TOMPAI-B</a> WORM!
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagentcu.html" target=_blank>AGENT-CU</a> TROJAN!
[ntdll]
Filename=ntdll.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.bionet.404.html" target="_blank">BIONET.404</a> TROJAN!
[ntdlm]
Filename=csrss.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.hale.html" target=_blank>HALE</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target=_blank>csrss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "Qossrv" subfolder
[ntech.patchs]
Filename=[trojan filename]
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.lemir.g.html" target="_blank">LEMIR.G</a> TROJAN!
[ntechin]
Filename=n20050308.exe
Confirmed=X
Description=Adware, probably <a href="http://sarc.com/avcenter/venc/data/adware.look2me.html" target=_blank>VX2/Look2Me</a> related
[ntfs16]
Filename=ntfs16.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotly.html" target="_blank">RBOT-LY</a> WORM!
[ntfsclup]
Filename=NTFSCLUP.EXE
Confirmed=Y
Description=Part of ConfigSafe- "checks if an ntfssos restore has been performed since it was last run. It exits immediately after running. 99+% of the time it will only execute about a dozen instructions before exiting"
[ntfsmonitorpro]
Filename=ntfs64.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forboteb.html" target=_blank>FORBOT-EB</a> WORM!
[ntldr]
Filename=ntldr.exe
Confirmed=X
Description=Browser hijacker to search-control.com (TrojanDropper.Win32.Small.ig). In addition to Registry changes found by HijackThis, also creates the following system files: C:\WINDOWS\SYSTEM\ntldr.exe, C:\m.exe, C:\WINDOWS\Search-For-You.url, C:\n.bat, C:\q.exe, C:\r.bat
[ntlfreedom]
Filename=rundll32 [path] RyDial.dll, QuickStart
Confirmed=N
Description=<a href="http://secure.ntlfreedom.com/bundled/bundle_DialUp.aspx" target="_blank">NTL Freedom</a> dial-up ISP software - not required
[ntp server]
Filename=[path to trojan]
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.ranky.f.html" target="_blank">RANKY.F</a> TROJAN!
[ntrayfw]
Filename=ntrayfw.exe
Confirmed=Y
Description=Software interface for NVIDIA ActiveArmor - hardware firewall built into nVidia nForce motherboard chipsets
[ntrtc]
Filename=ntrtc.exe
Confirmed=N
Description=Dell year 2000 tool to deal with non-standard applications. Only required on older Dell PCs that may need this support - see <a href="http://www.euro.dell.com/countries/ae/enu/bsd/topics/y2k_rtctest.htm" target="_blank">here</a>
[ntset32]
Filename=services.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojwinspyc.html" target=_blank>WINSPY-C</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "dll32" subfolder of the Windows or Winnt folder
[ntsmod]
Filename=ntsmod.exe
Confirmed=X
Description=Adware downloader/installer, probably <a href="http://sarc.com/avcenter/venc/data/adware.look2me.html" target=_blank>VX2/Look2Me</a> related - also detected as the WIN32.VB.RL TROJAN!
[ntsocket]
Filename=NoeWinnt.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojatakae.html" target="_blank">ATAKA-E</a> TROJAN!
[ntsrv.exe]
Filename=NTsrv.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojservuo.html" target=_blank>SERVU-O</a> TROJAN!
[ntune]
Filename=nTune.exe
Confirmed=U
Description=nVidia <a href="http://www.nvidia.com/object/ntune_2.00.23.html" target="_blank">nTune</a> - motherboard monitoring and overclocking utility for nVidia nForce chipset based motherboards
[ntupd32]
Filename=ntupd32.exe
Confirmed=X
Description=Unidentified adware/spyware
[ntupdate]
Filename=dnsvc.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbottc.html" target=_blank>SDBOT-TC</a> WORM!
[ntupdater]
Filename=[path to trojan]
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdigarixd.html" target=_blank>DIGARIX-D</a> TROJAN!
[ntvdm]
Filename=NTVDM.EXE
Confirmed=U
Description=Windows NT Virtual DOS Machine (NTVDM) for running 16-bit tasks on the 32-bit OS's (Windows NT, 2K and XP). Required if hardware on a machine with these OS's needs 16-bit DOS drivers. You can find a bit more about NTVDM <a href="http://support.microsoft.com/default.aspx?scid=kb;en-us;Q264320" target="_blank">here</a>
[ntvdmd]
Filename=ntvdmd.exe
Confirmed=X
Description=Adware downloader - also detected as the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderyp.html" target=_blank>DLOADER-YP</a> TROJAN!
[ntvdscm]
Filename=ntvdscm.exe
Confirmed=X
Description=Added by the <a href="http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?id=66002&VName=TROJ_SCKEYLOG.O&VSect=O" target="_blank">SCKEYLOG.O</a> TROJAN!
[nutcsetupenviron]
Filename=ncoeenv.exe
Confirmed=Y
Description=Used by the <a href="http://www.mkssoftware.com/products/tk/ds_tkedev.asp" target="_blank">MKS Toolkit for Enterprise Developers</a> product. NuTCracker is a Unix runtime environment for Windows, so disabling this would be unwise if you are using NuTCracker or any 3rd party package that is using it. Since you might not know what is actually using it it's probably best left alone
[nvagnt]
Filename=nvagNT.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotrv.html" target= blank>AGOBOT-RV</a> WORM!
[nvc win32]
Filename=nvcvc.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotadd.html" target=_blank>RBOT-ADD</a> WORM!
[nvclock]
Filename=rundll32 nvclock.dll, fnNvclock
Confirmed=?
Description=<font color="#FF0000">Overclocking utility for nVidia based graphics cards?</font>
[nvcolorinit]
Filename=rundll32.exe NvQtwk.dll, NvColorInit
Confirmed=?
Description=<font color="#FF0000">Associated with Nvidia based graphics cards</font>
[nvcom]
Filename=NVCOM.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotsb.html" target= blank>AGOBOT-SB</a> WORM!
[nvcpldaemon32]
Filename=anvshell32.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojvbxu.html" target=_blank>XU</a> TROJAN!
[nvcpldeamon]
Filename=nvdisp.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojpeepviei.html" target=_blank>PEEPVIE-I</a> TROJAN!
[nvcpldmn]
Filename=NAVSVC.EXE
Confirmed=X
Description=Added by an unidentified VIRUS, WORM or TROJAN!
[nvctrl.exe]
Filename=nvctrl.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.zlob.g.html" target=_blank>ZLOB.G</a> TROJAN!
[nvd32 lptt01]
Filename=nvd32.exe
Confirmed=X
Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "nvd32" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a ref="http://www.wilderssecurity.net/specialinfo/rapidblaster.html#removal" target="_blank"> here</a>
[nvd32 ml097e]
Filename=nvd32.exe
Confirmed=X
Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "nvd32" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a ref="http://www.wilderssecurity.net/specialinfo/rapidblaster.html#removal" target="_blank"> here</a>
[nvid]
Filename=[8 random charachters]
Confirmed=X
Description=Unidentified adware
[nvid32]
Filename=Nvid32.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html" target="_blank">GEMA</a> TROJAN!
[nvidex32]
Filename=Nvidex32.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html" target="_blank">GEMA</a> TROJAN!
[nvidia activearmor]
Filename=ntrayfw.exe
Confirmed=Y
Description=Software interface for NVIDIA ActiveArmor - hardware firewall built into nVidia nForce motherboard chipsets
[nvidia control daemon]
Filename=nksvc32.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotov.html" target=_blank>AGOBOT-OV</a> WORM!
[nvidia control panel]
Filename=ncsvc32.exe
Confirmed=X
Description=Added by an unidentified VIRUS, WORM or TROJAN!
[nvidia driver]
Filename=MSPMSPSU.EXE
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.Y" target="_blank">WOOTBOT.Y</a> WORM!
[nvidia drivers]
Filename=nVidiaDrvers.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotafx.html" target=_blank>SDBOT-AFX</a> WORM! Note - this is not related to any nVidia based motherboard or graphics card
[nvidia nforce apu1 utilities]
Filename=NVATray.exe
Confirmed=N
Description=nVidia's nForce Audio Processing Unit (<a href="http://www.nvidia.com/object/apu.html" target="_blank">APU</a>)- "provides 3D positional audio and DirectX 8.0 compatibility, and encodes and decodes Dolby Digital 5.1 audio in real time"
[nvidia ntune]
Filename=nTune.exe
Confirmed=U
Description=nVidia <a href="http://www.nvidia.com/object/ntune_2.00.23.html" target="_blank">nTune</a> - motherboard monitoring and overclocking utility for nVidia nForce chipset based motherboards
[nvidia system utility]
Filename=NVSystemUtility.exe
Confirmed=U
Description=<a href="http://www.nvidia.com/object/sysutility 1.0.html" target= blank>NVidia System Utility</a> lets you adjust bus speeds, hardware voltages, memory controller timings, and fan speed as well as additional settings to increase performance aggressiveness and hardware voltages. Will also display a dynamic graph of CPU and system temperatures, hardware voltages, and memory bus speeds
[nvidia32]
Filename=nvidia32.exe
Confirmed=X
Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant - also detected as the <a href="http://www.sophos.com/virusinfo/analyses/trojhostsb.html" target= blank>HOSTS-B</a> TROJAN!
[nvidiaquicktweak]
Filename=rundll32.exe NvQtwk.dll, NvTaskbarInit
Confirmed=N
Description=System Tray icon used to manage settings for nVidia based graphics cards. May be required for some 3D applications to recognize your card correctly - such as the game "Everquest". Otherwise, settings can be changed manually via Display Properties
[nvidll32]
Filename=nvidll32.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotxk.html" target= blank>RBOT-XK</a> WORM!
[nview]
Filename=rundll32.exe nview.dll, nViewLoadHook
Confirmed=U
Description=This is a DLL to enable multiple display monitors on a single computer. It can be a cause of numerous problems on some computers
[nviload32]
Filename=nviload32.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotvt.html" target=_blank>SDBOT-VT</a> WORM!
[nvinitialize]
Filename=rundll32.exe NvQtwk.dll, NvXTInit
Confirmed=N
Description=Thought to enable the clock frequency option on nVidia control panels. You can overclock without leaving this enabled
[nvirundll]
Filename=nvirundll.exe
Confirmed=X
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/w32.spybot.nps.html" target=_blank>SPYBOT.NPS</a> WORM!
[nvjxue]
Filename=nvjxue.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32eyevegj.html" target=_blank>EYEVEG-J</a> WORM!
[nvmax]
Filename=NVmax.exe
Confirmed=Y
Description=NVmax is a old tweaking utility for NVidia graphics cards. In the startup list if the user chooses to overclock their card
Description=System Tray icon used to manage settings for nVidia based graphics cards. May be required for some 3D applications to recognize your card correctly - such as the game "Everquest". Otherwise, settings can be changed manually via Display Properties
[nvmediacenter]
Filename=RunDLL32.exe NvMCTray.dll, NvTaskbarInit
Confirmed=U
Description=System Tray icon used to manage settings for nVidia based graphics cards. May be required for some 3D applications to recognize your card correctly - such as the game "Everquest". Otherwise, settings can be changed manually via Display Properties
[nvmixertray]
Filename=NVMixerTray.exe
Confirmed=N
Description=System Tray access to audio controls from nVidia's motherboard ForceWare software
[nvmsgdwn]
Filename=NVMSGDWN.EXE
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojgraberd.html" target=_blank>GRABER-D</a> TROJAN!
[nvquicktweak]
Filename=rundll32.exe NvQtwk.dll, NvTaskbarInit
Confirmed=N
Description=System Tray icon used to manage settings for nVidia based graphics cards. May be required for some 3D applications to recognize your card correctly - such as the game "Everquest". Otherwise, settings can be changed manually via Display Properties
[nvraidservice]
Filename=nvraidservice.exe
Confirmed=N
Description=nVidia <a href="http://www.nvidia.com/object/feature_raid.html" target="_blank">NVRaid</a> - hard disk striping/mirroring utility for increased performance and reliability. Doesn't seem to be required if you have a <a href="http://data-recovery.lsoft.net/concept_raid.html" target="_blank">RAID</a> setup as there is no performance difference without it
[nvrt]
Filename=nvrt.exe
Confirmed=N
Description=NVRefreshTool is a utility that will automatically detect the maximum refresh rate at each resolution that your monitor supports
[nvrtclk]
Filename=NVRTClk.exe
Confirmed=?
Description=Related to a Gigabyte video card. <font color="#FF0000">What does it do, and is it required?</font>
[nvsvca32]
Filename=nvsvca32.exe
Confirmed=X
Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target= blank>TACTSLAY.E</a> TROJAN!
[nvsystem32]
Filename=nvscv32.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotno.html" target=_blank>AGOBOT-NO</a> WORM!
[nvupdater]
Filename=nwiz32.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
[nvxpldeamon]
Filename=xstyles.exe
Confirmed=X
Description=Added by the SMALL.AJ VIRUS!
[nwereboot]
Filename=dummy.exe
Confirmed=?
Description=<font color="#FF0000">??</font>
[nwiz]
Filename=nwiz.exe
Confirmed=N
Description=Associated with the newer versions of nVidia graphics cards drivers. Allows you to immensely improve desktop layouts by setting preferences and optimizations. However, this isn't necessary for the operation of your system
[nwiz32]
Filename=nwiz32.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsinbanka.html" target=_blank>SINBANK-A</a> TROJAN!
[nwpopup]
Filename=Nwpopup.exe
Confirmed=Y
Description=Broadcast message handler part of <a href="http://www.novell.com/products/netware/" target=_blank>Novell Netware</a> that displays server, printer and other messages
[nwrecmsg]
Filename=nwrecmsg.exe
Confirmed=U
Description=Broadcast message handler part of <a href="http://www.novell.com/products/netware/" target=_blank>Novell Netware</a> that displays server, printer and other messages - can cause crashes
[nwss]
Filename=Sp0.exe
Confirmed=X
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/spyware.spyoutside.html" target=_blank>SpyOutside</a> surveillance software. Uninstall this software unless you put it there yourself
[nwtray]
Filename=nwtray.exe
Confirmed=Y
Description=<a href="http://www.novell.com/products/netware/" target="_blank">Novell Netware</a>. Displays the red "N" tray icon which can be disabled (by right-click on the icon) but is also needed by the client
[oadaemon]
Filename=oadaemon.exe
Confirmed=?
Description=Background process that establishes connection with a C3-1000 scanner and watch general status of the device and for scanner button presses. <font color="#FF0000">Can it be started manually?</font>
[oahstifr]
Filename=oahstifr.exe
Confirmed=Y
Description=Comes with <a href="http://www.hypertextstudio.com" target="_blank">HyperTextStudio</a>. From the supplier - "The Osserver maintains the database for HyperText Studio projects - absolutely vital, it verifies all the links etc in a site. It runs as a service in NT, 2K and XP but needs to start up in Win 9.x so you'll see a DOS box for a short while during boot up."
[oakstart]
Filename=OAKSTART.EXE
Confirmed=U
Description=Sets the spindown timeout and access speeds at startup and displays a splash screen for CD-RW.
[oaktask]
Filename=OAKTASK.EXE
Confirmed=N
Description=Taskbar utility for a "control panel" for a CD-RW
[oasclnt]
Filename=oasclnt.exe
Confirmed=U
Description=McAfee VirusScan On-Access Scan Client service
[object store server]
Filename=osserver.exe
Confirmed=Y
Description=Comes with <a href="http://www.hypertextstudio.com" target="_blank">HyperTextStudio</a>. From the supplier - "The Osserver maintains the database for HyperText Studio projects - absolutely vital, it verifies all the links etc in a site. It runs as a service in NT, 2K and XP but needs to start up in Win 9.x so you'll see a DOS box for a short while during boot up."
[objtjprx]
Filename=objtjprx.exe
Confirmed=?
Description=<font color="#FF0000">??</font>
[obsver]
Filename=obsver.exe
Confirmed=?
Description=Part of <a href="http://www.lingoware.com/english/" target=_blank>LingoWare</a> translating software - <font color="#FF0000">what does it do and is it required?</font>
[ocaudioini]
Filename=OCAudioIni.exe
Confirmed=N
Description=<a href="http://www.streamware-dev.com/products.html" target="_blank">One-click Audio Converter</a> - allows you to convert files of multiple audio formats right from Windows Explorer
[ocraware]
Filename=ocraware.exe
Confirmed=N
Description=<u>O</u>ptical <u>C</u>haracter <u>R</u>ecognition software as part of OmniPage Limited Edition - supplied with some scanners. Scan directly into most word processor applications, such as Word, WordPerfect, etc. Available via Start -> Programs
[ocx32]
Filename=ocx32.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.astef.html" target="_blank">ASTEF</a> or <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.repsan.html" target="_blank">RESPAN</a> WORMS!
[ocxupdt32]
Filename=ocxupdt32.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotif.html" target=_blank>AGOBOT-IF</a> WORM!
[od]
Filename=SYSCNTR.EXE
Confirmed=X
Description=HotVideo dialler
[od-matrxx]
Filename=od-matrxx.exe
Confirmed=X
Description=Adult dialler - xx can be any number
[od-stndxx]
Filename=od-stndxx.exe
Confirmed=X
Description=Adult dialler - xx can be any number
[od-teenxx]
Filename=od-teenxx.exe
Confirmed=X
Description=Adult dialler - xx can be any number
[odbc backup]
Filename=fdxxl.exe
Confirmed=U
Description=G Data "PC Spion" - monitoring and surveillance software, captures all users activity on the PC, see <a href="http://www.chip.de/artikel/c_artikel_8806643.html" target=_blank>here</a>. Disable/remove if you didn't install it yourself!
[oddworldz.exe]
Filename=oddworldz.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojmultidreg.html" target=_blank>MULTIDR-EG</a> TROJAN!
[odometer]
Filename=Odometer.EXE
Confirmed=N
Description=Mouse odometer - tracks how far your pointer/arrow has traveled on the screen. Shortcut available
[odspconfig]
Filename=ODSPConfig.exe
Confirmed=U
Description=<a href="http://securityresponse.symantec.com/avcenter/venc/data/spyware.dsktopsurveil.html" target= blank>DsktopSurveil</a> surveillance software - get rid of it unless you installed it yourself!
[oeloader]
Filename=Oeloader.exe
Confirmed=X
Description=Xupiter <a href="http://research.sunbelt-software.com/threat_display.cfm?name=Xupiter&threatid=12203&search=OrbitExplorer" target=_blank>OrbitExplorer</a> toolbar related. Drive-by foistware. Use Spybot S&D, Adware or similar to detect and remove and to prevent it re-installing in the future see <a href="http://www.alanluber.com/pcfearfactor/officialxupiterpage.htm" target=_blank>here</a>
[oem tools 32]
Filename=tres32.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.QB&VSect=T" target="_blank">RBOT.QB</a> WORM!
[oem32 tools]
Filename=sres32.exe
Confirmed=X
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html" target="_blank">SPYBOT</a> WORM!
[oemcleanup]
Filename=oemreset.exe
Confirmed=N
Description=Resets OEM installation settings at bootup. Not required unless you're new to PC's
[oemreset]
Filename=oemreset.exe
Confirmed=U
Description=Resets OEM installation settings at bootup. Not required unless you're new to PC's
[oemrunonce]
Filename=oemrun.exe
Confirmed=U
Description=Windows Millennium file - used by setup when installing the OEM 'express' version of the operating system. Uncheck after setup has finished
[oeplugin]
Filename=bxOEPlugin.exe
Confirmed=U
Description=<a href="http://www.baxbex.com/nohtml.html" target=_blank>noHTML</a> for Outlook Express is an add-on that protects Outlook Express from email viruses and email scripts by converting incoming email messages from HTML format to simple text
Description=<a href="http://www.ajsystems.com/oexhome.html" target="_blank">Express Assist</a> from AJSystems.com. Utility for use with Outlook Express to backup, restore, synchronize amongst others
[offer companion]
Filename=offers.exe
Confirmed=X
Description=Adware
[offers]
Filename=offers.exe
Confirmed=X
Description=Adware
[officedeamon]
Filename=msorunner.exe
Confirmed=X
Description=Added by a variant of the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target= blank>TACTSLAY</a> TROJAN!
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.HE&VSect=P" target=_blank>WOOTBOT.HE</a> WORM!
[office_update]
Filename=[path to trojan]
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderzb.html" target=_blank>DLOADER-ZB</a> TROJAN!
Description=Autodetects when a digital camera is attached to a USB port and launches <a href="http://www.ofoto.com/DownloadClient30.jsp?UV=673857175481_20140377403&US=0&c=f_on">OfotoNow</a> image software. Available via Start -> Programs
Description=From CyberMedia/Network Associates. Checks for updates to software installed on your PC. Available via Start -> Programs
[oim]
Filename=oim.exe
Confirmed=?
Description=<font color="#FF0000">Related to the <a href="http://www.o2.co.uk/about/0,,600,00.html" target="_blank">O2</a> (was "genie") mobile phone service. What does it do and is it required?</font>
[oki lpr utility]
Filename=okilpr.exe
Confirmed=U
Description=OKI printer utility
[ole]
Filename=[filename]
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/keylogger.stawin.html" target="_blank">STAWIN</a> or <a href="http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.tarno.d.html" target="_blank">TARNO.D</a> TROJANS!
Description=Adware downloader - recognized by <a href="http://www.kaspersky.com/personalpro" target=_blank>Kaspersky</a> antivirus as TrojanDownloader.Agent.am
[oledb service]
Filename=runoledb32.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojspyreb.html" target=_blank>SPYRE.B</a> TROJAN!
[olehelp]
Filename=olehelp.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.bookmarker.d.html" target="_blank">BOOKMARKER.D</a> or <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.bookmarker.g.html" target="_blank">BOOKMARKER.G</a> TROJANS!
[oleloader]
Filename=ole32.exe
Confirmed=X
Description=Added by the DELF.BR TROJAN!
[olesvr]
Filename=olesvr.exe
Confirmed=U
Description=Salfeld <a href="http://www.salfeld.com/parental_control_overwiew.htm" target="_blank">Child Control 2003</a> - parental control software
[olive system]
Filename=Szchost.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.mercurycas.a.html" target="_blank">MERCURYCAS.A</a> TROJAN!
[olympic]
Filename=IE4321.exe
Confirmed=X
Description=Adult content premium rate dialer - also detected as SMALL.CZ
[omf4]
Filename=OMF4.EXE
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.freemega.html" target="_blank">FREEMEGA</a> TROJAN!
[omgstartup]
Filename=omgstartup.exe
Confirmed=N
Description=Sony program called OpenMG Jukebox - player and music organizer
[omnihttpd]
Filename=ohttpd.exe
Confirmed=U
Description=<a href="http://www.omnicron.ca/httpd/" target="_blank">OmniHTTPd</a> web server from Omnicron
[omnipage]
Filename=Opware32.exe
Confirmed=N
Description=Part of <a href="http://www.scansoft.com/omnipage/">OmniPage Pro</a> from Scansoft (was Caere) - "the fastest, easiest way to turn paper documents into digital files you can edit." Opware32.exe links Word, via OLE, with OmniPage. If running, a user can call up OmniPage from inside of Word and ask it to scan something, via "File, Acquire Page." Also some of OmniPage's Options dialog boxes are accessible from within Word. Only required by novices and is Available via Start -> Programs
Description=By Netropa for HP and other brands. Same group as KBD MediaCenter & Touch Manager. Pressing a "hot key" on such a keyboard brings a corresponding panel on the screen for volume, etc. Nice but not required if you don't adjust things regularly - can also freeze
[once]
Filename=help.exe
Confirmed=X
Description=Identified as the DELF.LF by <a href="http://www.ewido.net/en/" target=_blank>Ewido Security Suite</a>
[onecareui]
Filename=winssnotify.exe
Confirmed=Y
Description=Related to <a href="http://www.windowsonecare.com/" target=_blank>Windows OneCare Live</a> from Microsoft
[onetouch monitor]
Filename=OneTouchMon.exe
Confirmed=N
Description=For Visioneer OneTouch scanners. System tray access to the control panel for the scanner
[onflow]
Filename=onflow.exe
Confirmed=X
Description=Onflow is a internet company that offers an online advertising program. Not required - uninstall
[online cdrom]
Filename=Active acid.exe
Confirmed=?
Description=<font color="#FF0000">??</font>
[online service]
Filename=svchost.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hostidel.trojan.b.html" target="_blank">HOSTIDEL.B</a> or <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hostidel.trojan.c.html" target="_blank">HOSTIDEL.C</a> or <a href="http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.tarno.b.html" target="_blank">TARNO.B</a> TROJANS! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target="_blank">svchost.exe</a> process which should NOT appear in Msconfig/Startup!
[onlinepcfix smoothsurfer]
Filename=SS.exe
Confirmed=U
Description=<a href="http://www.smooth-surfer.com/" target="_blank">Smooth-Surfer</a> - blocks banners, ads, popups, and cleans MRU and Recent file lists
[onlinetime]
Filename=onlinetime.exe
Confirmed=N
Description=<a target="_blank" href="http://www.freedownloadscenter.com/Network_and_Internet/Online_Timers/OnlineTimer_Pro.html">OnlineTimer</a> - monitors your Windows dial-up network and logs the time you spend online as well as the resulting costs
Description=Registration reminder for <a href="http://www.scansoft.com/omnipage/" target="_blank">OmniPage Pro 12</a> from ScanSoft
[open service drivers]
Filename=opiater.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
[opengl drivers]
Filename=0penGLD.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32yimpa.html" target=_blank>YIMP-A</a> WORM!
[openoffice.org x]
Filename=QUICKS~1.EXE
Confirmed=N
Description=Displays <a href="http://www.openoffice.org/" target="_blank">OpenOffice</a> quick start applet in System tray. Right clicking on the icon allows rapid starting up of components of the OpenOffice suite. Available via Start -> Programs. Will automatically be started when any OpenOffice component is started from Start -> Programs. A resource hog (takes > 16 MB of memory). "x" represents the version number
[openwares liveupdate]
Filename=LiveUpdate.exe
Confirmed=U
Description=Web-update utility as used by various types of software - see <a href="http://liveupdate.openwares.org/" target="_blank">here</a>
Description=<a href="http://www.opistat.com/mp/index.html" target="_blank">OpiStat</a> is a European Research Institute whose goal is to understand consumer needs and opinions better
[opqfile]
Filename=regedit.exe /s ...rad03FA6.tmp
Confirmed=X
Description=Unsavoury program that resets your homepage every time you restart - uncheck in MSCONFIG and delete it via a registry edit
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotacj.html" target= blank>RBOT-ACJ</a> WORM!
[optimizer]
Filename=iexplore.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.evivinc.html" target=_blank>EVEVINC</a> TROJAN! Note - this is not the legitimate Internet Explorer <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/iexplore/" target=_blank>iexplore.exe</a> process which is always located in the Program Files\Internet Explorer folder and should not normally figure in Msconfig/Startup! This file is located in the System (9x/Me) or System32 (NT/2K/XP) folder
[optimum online]
Filename=Netsurf.exe
Confirmed=N
Description=<a href="http://www.optimumonline.com/index.jhtml;jsessionid=5LMI3XSXKRAYYCQLARQCF3QKBMCGCI5G?pageType=what" target="_blank">Optimum Online</a> ISP software. Not required, just window dressing & advertising from Optimum
[optional web drivers for win32]
Filename=phqghume.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
[optus cable data monitor]
Filename=datamonitor.exe
Confirmed=U
Description=Allows Optus customers to monitor their actual data usage against Optus' "data allowance limits"
[optusnetusage]
Filename=OptusNet Usage Meter.exe
Confirmed=U
Description=Designed specifically for OptusNet users who wish to have their connection monitored on a frequent basis. It can also estimate when you are going to hit your usage limit, and how far over your suggested limit you should be
[opware12]
Filename=Opware12.exe
Confirmed=N
Description=<a href="http://www.scansoft.com/omnipage/" target="_blank">OmniPage Pro 12</a> from ScanSoft
[opware14]
Filename=Opware14.exe
Confirmed=N
Description=ScanSoft's <a href="http://www.scansoft.com/omnipage/" target=_blank>OmniPage Pro 14</a> - If running, a user can call up OmniPage from inside of Word and ask it to scan something, via "File, Acquire Page." Also some of OmniPage's Options dialog boxes are accessible from within Word. Only required by novices and is available via Start -> Programs
[opwarese2]
Filename=OpwareSE2.exe
Confirmed=N
Description=ScanSoft's <a href="http://www.scansoft.com/omnipage/" target=_blank>OmniPage_Pro_14</a> - If running, a user can call up OmniPage from inside of Word and ask it to scan something, via "File, Acquire Page." Also some of OmniPage's Options dialog boxes are accessible from within Word. Only required by novices and is Available via Start -> Programs
[orbitupdate]
Filename=update.exe
Confirmed=X
Description=Xupiter <a href="http://research.sunbelt-software.com/threat_display.cfm?name=Xupiter&threatid=12203&search=OrbitExplorer" target=_blank>OrbitExplorer</a> toolbar related. Drive-by foistware. Use Spybot S&D, Adware or similar to detect and remove and to prevent it re-installing in the future see <a href="http://www.alanluber.com/pcfearfactor/officialxupiterpage.htm" target=_blank>here</a>
[orbitview]
Filename=view.exe
Confirmed=X
Description=Xupiter <a href="http://research.sunbelt-software.com/threat_display.cfm?name=Xupiter&threatid=12203&search=OrbitExplorer" target=_blank>OrbitExplorer</a> toolbar related. Drive-by foistware. Use Spybot S&D, Adware or similar to detect and remove and to prevent it re-installing in the future see <a href="http://www.alanluber.com/pcfearfactor/officialxupiterpage.htm" target=_blank>here</a>
[org5.exe]
Filename=org5.exe
Confirmed=?
Description=Lotus Organizer 5 application file, Lotus Organizer software. <font color="#FF0000">What does it do and is it required?</font>
[orgycam]
Filename=OrgyCam.exe
Confirmed=X
Description=Adult content dialler
[origrage128tweaker]
Filename=RAGE128TWEAK.EXE
Confirmed=U
Description=Third party tweaker for ATI Rage 128 Video cards from <a href="http://www.rageunderground.com">http://www.rageunderground.com</a>
[orinoco]
Filename=Cmluc.exe
Confirmed=U
Description=Client Manager software for an <a href="http://www.orinocowireless.com/" target="_blank">ORiNOCO</a> wireless LAN card
[os security]
Filename=mswind32.pif
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotasu.html" target=_blank>RBOT-ASU</a> WORM!
[osa]
Filename=winword.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32kangarooa.html" target=_blank>KANGAROO-A</a> TROJAN!
[osa32]
Filename=NTOSA32.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.anig.html" target="_blank">ANIG</a> WORM!
[osd]
Filename=OSD.exe
Confirmed=U
Description=By Netropa for HP and other brands. Same group as KBD MediaCenter & Touch Manager. Pressing a "hot key" on such a keyboard brings a corresponding panel on the screen for volume, etc. Nice but not required if you don't adjust things regularly - can also freeze
Description=<a href="http://www.somix.com/products/ostivity.php" target="_blank">OStivity</a> - "a desktop and server hardware and software asset/inventory solution for small to enterprise sized organizations that need to quickly gain knowledge of 'what's installed' without having to manually touch every computer in the company. The next time the computer logs into the network, a complete inventory (software and hardware) is taken of the system"
[otcx]
Filename=otcxxh.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.carool.html" target="_blank">CAROOL</a> TROJAN!
[outlook]
Filename=outlook.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotru.html" target=_blank>SDBOT-RU</a> WORM!
[outlook express config]
Filename=*****.exe [* = random char]
Confirmed=X
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
[outlook express protocol]
Filename=look.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotacs.html" target=_blank>RBOT-ACS</a> WORM!
[outlooks]
Filename=InSane.exe
Confirmed=X
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/trojan.swoop.html" target= blank>SWOOP</a> TROJAN!
[outpost firewall]
Filename=outpost.exe
Confirmed=Y
Description=<a href="http://www.agnitum.com/products/outpost/" target="_blank">Outpost</a> personal firewall
[outpostupdate]
Filename=outpostupdate.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojcosiamc.html" target=_blank>COSIAM-C</a> TROJAN!
[outwar]
Filename=syslaunch.exe
Confirmed=X
Description=Outwar adware downloader
[ovcj]
Filename=ovcj.exe
Confirmed=?
Description=<font color="#FF0000">??</font>
[overnet]
Filename=Overnet.exe
Confirmed=N
Description=<a href="http://www.overnet.com/" target="_blank">Overnet</a> peer-to-peer (P2P) file sharing program
[ovyriwi]
Filename=telace.exe
Confirmed=X
Description=Added by the <a href="http://uk.trendmicro-europe.com/enterprise/vinfo/encyclopedia.php?LYstr=VMAINDATA&vNav=1&VName=WORM_SDBOT.BVS" target=_blank>SDBOT.BVS</a> WORM!
[owccardbustray]
Filename=ocbtray.exe
Confirmed=U
Description=Icon in the system tray for safely removing PCMCIA cards. Only required if you have a laptop or desktop which includes a PCMCIA card interface
[owcwebcamdv]
Filename=wcdvtray.exe
Confirmed=U
Description=<a href="http://www.orangemicro.com/webcamdv.html" target="_blank">WebCamDV</a> from Orange Micro, Inc - enables the user to use a DV camera connected via Firewire as a Webcam
[owmngr]
Filename=OWMngr.exe
Confirmed=X
Description=OnWebMedia advertising foistware - see <a href="http://www.f-secure.com/v-descs/checkin.shtml" target="_blank"> here</a> for exactly what to look for
[oz2]
Filename=oz2.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.mydoom.w@mm.html" target="_blank">MYDOOM.W</a> WORM!
[p0w3rf1y]
Filename=svchost.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbdoormm.html" target=_blank>MM</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
[p17helper]
Filename=Rundll32 P17.dll, P17Helper
Confirmed=?
Description=<a href="http://www.soundblaster.com/resources/read.asp?articleid=60&cat=2" target=_blank>ASIO</a> driver for the Sound Blaster Audigy & Audigy 2 series sound card - <font color="#FF0000">is it required in startup?</font>
[p2p networking2]
Filename=P2P Networking2.exe
Confirmed=X
Description=P2P Networking2.exe is an advertising program by Joltid. This process monitors your browsing habits and distributes the data back to the author's servers for analysis. This also prompts advertising popups. This program is a registered security risk and should be removed immediately
[p2p networking3]
Filename=P2P Networking3.exe
Confirmed=N
Description=P2P Networking, a component bundled with Kazaa that enables other applications to use Peer-to-Peer functionality. Not required - see <a href="http://www.kephyr.com/spywarescanner/library/p2pnetworking/index.phtml" target="_blank">here</a>
[p2pnetwork]
Filename=p2pnetwork.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_ALCAN.A" target=_blank>ALCAN.A</a> WORM!
[p2pnetworking]
Filename=p2pnetworking.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotafl.html" target=_blank>RBOT-AFL</a> WORM!
[p3p4chk]
Filename=P3p4chk.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html" target="_blank">GEMA</a> TROJAN!
[p4mx4]
Filename=p4mx4.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A" target="_blank">CRYPTER.A</a> TROJAN!
Description=Packard Bell EverSafe software. <font color="#FF0000">What does it do, and is it required?</font>
[padtouch]
Filename=PadExe.exe
Confirmed=N
Description=Toshiba Touch and Launch - offers easy movement and freedom of programs navigation with TouchPad
[pagekeeper jobs]
Filename=pkjobs.exe
Confirmed=U
Description=PageKeeper Jobs is a separate PageKeeper program that handles the analysis of new documents and keeps track of the location and content of current documents in PageKeeper. Pagekeeper comes bundled with scanners such has HP, Microtek, etc
[pagekeeper lite]
Filename=pkjobs.exe
Confirmed=U
Description=PageKeeper Jobs is a separate PageKeeper program that handles the analysis of new documents and keeps track of the location and content of current documents in PageKeeper. Pagekeeper comes bundled with scanners such has HP, Microtek, etc
[pagent]
Filename=PAgent.exe
Confirmed=X
Description=Scans your hard drive for the popular P2P file-sharing applications BearShare, Grokster, Kazaa, Limewire and Morpheus. After searching the entire local filesystem for any files with those names it connects to the DownloadWare servers and tells it what, if anything, is found. See <a href="http://and.doxdesk.com/parasite/DownloadWare.html" target="_blank">here</a> for more info
[pagis scheduler]
Filename=Monitor.exe
Confirmed=N
Description=Scheduler for the <a href="http://www.scansoft.com/pagis/" target="_blank">Pagis</a> scanning suite from Scansoft.
[pagmstart]
Filename=client.exe
Confirmed=?
Description=<font color="#FF0000">Possibly related to <a href="http://www.pagm.com/default.asp" target="_blank">this</a>?</font>
[pagoo]
Filename=PAGOO.EXE
Confirmed=N
Description=<a href="http://www.pagoo.com/cc.asp" target="_blank">Pagoo</a> - internet call waiting. Intercepts telephone calls like an answering machine and plays the voice message on your PC. Only required when you're on-line and via dial-up modem
[paint.exe]
Filename=shnlog.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojpupera.html" target= blank>PUPER-A</a> TROJAN!
[paintingroom evidence monitor]
Filename=paintingroom.exe
Confirmed=X
Description=Paintingroom.com smiley software - not recommended as the site tries to drop a trojan on you...
[paintingroom smile monitor]
Filename=paintingroom.exe
Confirmed=X
Description=Paintingroom.com smiley software - not recommended as the site tries to drop a trojan on you...
[palm multiuser config]
Filename=Configtool.exe
Confirmed=?
Description=<font color="#FF0000">MultiUser configuration for a Palm PDA device?. Is it required?</font>
[palm.exe]
Filename=Palm.exe
Confirmed=N
Description=<a href="http://www.palm.com/support/downloads/win_desktop.html" target="_blank">Palm Desktop Software</a> for use with Palm handheld devices. Available via Start -> Programs
[palmone registration]
Filename=register.exe
Confirmed=N
Description=Registration reminder for <a href="http://www.palm.com/us/" target=blank>Palm</a> products
[palnetaware]
Filename=pnetaware.exe
Confirmed=X
Description=PalTalk adware - as included in Morpheus, see <a href="http://www.pestpatrol.com/pestinfo/m/morpheus.asp" target="_blank">here</a> towards the bottom of the page
[paltalknetaware.exe]
Filename=PALNETAW~1.EXE
Confirmed=N
Description=Voice chat program. This program stores all buddy list info apparently on the server itself so you never lose your buddy list should you need to reinstall the program due for whatever reason or even reformat. Available via Start -> Programs. Delete the shortcut in Start -> Programs -> StartUp as well otherwise it will be reinstated
[pamela.exe]
Filename=pamela.exe
Confirmed=U
Description=<a href="http://www.pamela-systems.com/" target=_blank>Pamela</a> is a plug-in or add-on that adds features to <a href="http://www.skype.com/" target=_blank>Skype</a> peer to peer voice service
[panda antispam server service]
Filename=PasSrv.exe
Confirmed=U
Description=AntiSpam software, part of Panda <a href="http://enterprises.pandasoftware.com/products/platinum_is2005/" target=_blank>Platinum Internet Security</a>
[panda cleaner]
Filename=pavdr.exe
Confirmed=Y
Description=Panda Antivirus related - possibly Panda <a href="http://www.pandasoftware.com/products/activescan/com/activescan principal.htm" target= blank>ActiveScan</a>
Description=<a href="http://www.pandasoftware.com/" target="_blank">Panda Antivirus</a> scan scheduler. Required if this is your virus scanner program and you have scans scheduled on a regular basis. I recommend that you scan manually so you don't need this but if you tend to forget then leave it
[panda software intrenet]
Filename=panda.pif
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotatz.html" target=_blank>RBOT-ATZ</a> WORM!
[pandaavengine]
Filename=PandaAVEngine.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.r@mm.html" target="_blank">NETSKY.R</a> WORM!
[pandascheduler]
Filename=pavsched.exe
Confirmed=U
Description=<a href="http://www.pandasoftware.com/" target="_blank">Panda Antivirus</a> scan scheduler. Required if this is your virus scanner program and you have scans scheduled on a regular basis. I recommend that you scan manually so you don't need this but if you tend to forget then leave it
[pantera]
Filename=pantera.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.AYN&VSect=P" target=_blank>SDBOT.AYN</a> WORM!
[paperport]
Filename=runppdrv.exe
Confirmed=N
Description=Loads the drivers associated with monitoring scanner status associated with PaperPort software. Can be a resource hog - see <a href="http://groups.google.com/groups?q=runppdrv.exe&hl=en&rnum=7&selm=6v04nv%24q3l%241%40supernews.com" target="_blank">here</a>
[paperport ptd]
Filename=pptd40nt.exe
Confirmed=N
Description="PaperPort" software associated with scanners
[paperquote system tray icon]
Filename=PQTRAY.EXE
Confirmed=N
Description=PaperQuote is a "wallpaper" changer with daily quotes that are either for inspiration or motivation
[parallel tasking]
Filename=ptask.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsmallcj.html" target= blank>SMALL-CJ</a> TROJAN!
[partseal]
Filename=PartSeal.exe
Confirmed=U
Description=System backup for Sony Vaio PCs. Adds a recovery mechanism for users over and above any System Restore features - allowing users to revert a drive back to the state it was when bought form the factory by hitting F10. The user obviously loses any data stored if not backed-up elsewhere
Description=<a href="http://www.progency.com/pastelister.html" target="_blank">PasteLister</a> - clipboard extender. Start manually when required
[patch]
Filename=patch.exe
Confirmed=X
Description=Added by the <a href="http://www.dark-e.com/archive/trojans/netbusworm/index.shtml" target="_blank"> NETBUS</a> WORM!
[patches value]
Filename=WinGamed.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.BR" target="_blank">SDBOT.BR</a> WORM!
[path]
Filename=lide.exe
Confirmed=?
Description=<font color="#FF0000">??</font>
[pathname]
Filename=pathname.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irccontact.html" target=_blank>IRCCONTACT</a> TROJAN!
[pathnvidiatv]
Filename=patchnvidiaTVout.exe
Confirmed=?
Description=Appears to be related to Nvidia Gigabyte Video card. Typical file location is the Program Files\Gigabyte\Nvidia folder
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojstartpayr.html" target=_blank>STARTPA-YR</a> TROJAN!
[pbagent]
Filename=pbagent.exe
Confirmed=U
Description=<a href="http://www.symantec.com/avcenter/venc/data/spyware.probot.html" target= blank>Probot</a> keystroke logger/monitoring program - remove unless you installed it yourself!
[pbkscheduler]
Filename=PBKScheduler.exe
Confirmed=U
Description=Scheduler for CyberLink <a href="http://www.cyberlink.com/multi/products/main_29_ENU.html" target=_blank>PowerBackup</a> - archiving/backup utility
[pc alert iii]
Filename=alert.exe
Confirmed=U
Description=MSI PC Alert III - allows you to view your system and cpu temperature, fan rpm and more. Only required if you overclock
[pc booster]
Filename=pcbooster.exe
Confirmed=U
Description=<a href="http://www.inklineglobal.net/products/pcb/index.html" target="_blank">PC Booster</a> from inKline Global - "easy-to-use computer system optimizer that gives your system the extra speed and stability you want while ensuring that your computer is kept clean and in tip-top condition"
[pc dynamics sdwmon32]
Filename=sdwmon32.exe
Confirmed=U
Description=<a href="http://www.pcdynamics.com/SafeHousePP/" target=_blank>SafeHouse</a> "Personal Privacy" protects and hides your private and personal photos, videos, files and folders by making them "invisible" and encrypted
[pc-config32]
Filename=corona.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32coronexa.html" target="_blank">CORONEX.A</a> WORM!
[pcanywhere agent]
Filename=pcamgt.exe
Confirmed=U
Description=Part of <a href="http://www.symantec.com/pcanywhere/Consumer/index.html" target= blank>pcAnywhere</a> 9.0 or later. This process listens for incoming PC Anywhere connections if your PC is configured as a PC Anywhere host
[pcbg]
Filename=PCBODYGUARD.EXE
Confirmed=Y
Description=<a href="http://www.calluna.com/pcbody.html" target="_blank">PC Bodyguard</a> from Calluna - protects system files and settings from being deleted, modified, etc
[pcbodyguard]
Filename=PCBODYGUARD.EXE
Confirmed=Y
Description=<a href="http://www.calluna.com/pcbody.html" target="_blank">PC Bodyguard</a> from Calluna - protects system files and settings from being deleted, modified, etc
[pcboost]
Filename=PcBoost.exe
Confirmed=U
Description=<a href="http://www.pgware.com/" target=_blank>PCBoost</a> from PGWARE, LLC increases computer performance by allocating higher portions of CPU power to active applications and games
[pccclient.exe]
Filename=PCCClient.exe
Confirmed=Y
Description=PC-Cillin 2002 antivirus software
[pccguide.exe]
Filename=pccguide.exe
Confirmed=Y
Description=PC-Cillin 2002 antivirus software
[pcciomon.exe]
Filename=PCCIOMON.EXE
Confirmed=Y
Description=PC-Cillin 2000 antivirus software. This is the actual virus-scanner
[pcclient.exe]
Filename=PCClient.exe
Confirmed=Y
Description=Trend Micro <a href="http://www.trendmicro.com/en/products/desktop/pc-cillin/evaluate/overview.htm" target="_blank">PC-Cillin</a> Internet Security
[pccpfw]
Filename=PccPfw.exe
Confirmed=Y
Description=Trend Micro <a href="http://www.trendmicro.com.au/pccillin/" target=_blank>PC-Cillin</a> personal firewall
[pcctlcom]
Filename=Pcctlcom.exe
Confirmed=Y
Description=Trend Micro <a href="http://www.trendmicro.com/en/products/desktop/pc-cillin/evaluate/overview.htm" target=_blank>PC-cillin</a> Internet Security
[pcdrealtime]
Filename=realtime.exe
Confirmed=N
Description=Apparently the monitoring device for PC Doctor Online. It provides a "free" examination on system files (i.e. registry), reports the number of errors it finds, and invites you to "order" the fee-based fixes from its web site
[pcexplode]
Filename=specialfile.exe
Confirmed=X
Description=Added by the <a href="http://it.trendmicro-europe.com/consumer/security_info/ve_detail.php?Vname=WORM_RBOT.RH" target="_blank">RBOT.RH</a> WORM!
[pchbutton]
Filename=PCHbutton.exe
Confirmed=N
Description=Used by HP Instant Support
[pchealth]
Filename=pchschd.exe
Confirmed=N
Description=This is a "scheduler" and does not turn off PC Health. For more information refer <a href="http://groups.google.com/groups?q=PCHealth%2Bpchschd.exe&hl=en&selm=eeuEENQ6AHA.1484%40tkmsftngp03&rnum=1" target="_blank">here</a>
[pcheasysearch]
Filename=STUpdate.exe
Confirmed=X
Description=PCH EasySearch bar
[pcimodem]
Filename=pcimodem.exe
Confirmed=?
Description=Associated with Lucent based Aztech MDP7800-U PCI modems. <font color="#FF0000">Is it required?</font>
[pclepci]
Filename=ppe.exe
Confirmed=U
Description=Pinnacle Systems <a href="http://www.pinnaclesys.com/docsupport1.asp?division_id=1&langue_id=2&product_id=469&product_name=Studio%20version%207&page_id=146" target="_blank">PCI Performance Enhancer</a>. "This tool helps to increase the PCI Busmaster performance of all Pinnacle PCI boards."
[pclk]
Filename=PClK.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlegmirbl.html" target=_blank>LEGMIR-BL</a> TROJAN!
[pcmcia resource monitor]
Filename=nvp2pmon.exe
Confirmed=?
Description=NVIDIA nForce P2P Driver. <font color="#FF0000">What does it do and is it required?</font>
[pcmmrealtime]
Filename=pcmm.exe
Confirmed=U
Description=<a href="http://www.pcmightymax.net/cgi-bin/view.cgi//index.html" target="_blank">PC MightyMax</a> - diagnostic program that identifies and fixes problems. However, some users report it does the opposite and messes up their systems (see <a href="http://www.techspot.com/vb/topic21210.html" target="_blank">here</a>) and they also have problems removing it (see <a href="http://www.bullguard.com/forum/9/PC-MightyMax-removal_8719.html" target="_blank">here</a>)
[pcmservice]
Filename=PCMService.exe
Confirmed=?
Description=<font color="#FF0000">In a DellMedia Experience sub-directory</font>
[pcprot]
Filename=crcss.exe
Confirmed=X
Description=Added by an unidentified WORM!
[pcqmqgn.exe]
Filename=pcqmqgn.exe
Confirmed=?
Description=<font color="#FF0000">??</font>
[pcrecsa]
Filename=PCRecSA.exe
Confirmed=U
Description=Part of the IBM/XPoint Rapid Restore backup utility. If you choose, you can use it to create a "clean" backup of your hard drive. The process involves the software partitioning your hard drive, making a compressed image of the working drive which will then allow you to revert to that should you need to
Description=Runs as part of <a href="http://pcmonitor.com/" target="_blank">PCMonitor</a> which is a program for monitoring your activity on your system. It makes screen dumps and key logging. It can hang-up your system because the screen dump page gets VERY big
[pcsv]
Filename=pcsvc.exe
Confirmed=X
Description=<a href="http://www.spywareguide.com/product_show.php?id=727" target=_blank>Delfin Media Viewer</a> or "Promulgate" adware
[pctavapp]
Filename=PCTAV.exe
Confirmed=Y
Description=Related to <a href="http://www.pctools.com/anti-virus/" target=_blank>PC TOOLS</a> Antivirus software
[pctspk]
Filename=pctspk.exe
Confirmed=U
Description=Used for modems based upon PC-TEL chipsets. Normally used for some Voice and Speakerphone functions and also for some Power management options. If you remove it you may not be able to use any of those functions
[pctvoice]
Filename=pctvoice.exe
Confirmed=U
Description=The program PCTVoice is used by the modem to interface with your computer and also used for some V.80 functions for Video Conferencing. if you uncheck it, it comes back. ItÆs better to leave it
[pcwatch]
Filename=pcwatch.exe
Confirmed=U
Description=Added by <a href="http://www.sarc.com/avcenter/venc/data/spyware.pcwatch.html" target=_blank>PCWatch</a> surveillance software. Uninstall this software if you did not install it yourself
[pda commander]
Filename=stisvc32.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobottx.html" target=_blank>AGOBOT-TX</a> WORM!
[pdascan]
Filename=pdascan.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotqy.html" target= blank>AGOBOT-QY</a> WORM!
[pdengine]
Filename=PDEngine.exe
Confirmed=U
Description=<a href="http://www.raxco.com/products/perfectdisk2k/" target="_blank">PerfectDisk</a> from Raxco - disk defragmenter. Only required if you schedule disk defragmenting at re-boot
[pdexplo]
Filename=PDEXPLO.EXE
Confirmed=N
Description=<a href="http://www.ontrack.com/powerdesk/">PowerDesk Pro</a> by Ontrack. Enhanced desktop and file manager. Available via Start -> Programs
[pdf converter registry controller]
Filename=RegistryController.exe
Confirmed=?
Description=ScanSoft <a href="http://www.scansoft.com/pdfconverter/" target=_blank>PDF_Converter</a> related - <font color="#FF0000">what does it do and is it required?</font>
[pdffactory pro dispatcher v1]
Filename=fppdis1.exe
Confirmed=N
Description="With <a href="http://www.fineprint.com/software/index.html" target="_blank">pdfFactory</a> you can create PDF documents from any program printing to the virtual PDF printer". Available via a desktop shortcut or Start -> Programs
[pdfsaver3]
Filename=pdfSaver3.exe
Confirmed=N
Description=<a href="http://www.docu-track.com/home/prod_user/pdfxchange_pro/" target=_blank>PDF-XChange</a> - create Adobe compatible PDF files from virtually any Windows software such as MS Word, Excel, AutoCAD, MS Publisher etc
[pdirect]
Filename=PDirect.exe
Confirmed=N
Description=IBM Presentation Director software
[pdp server]
Filename=ctpdpsrvr.exe
Confirmed=U
Description=Included and setup with the drivers for my Compaq A3000 all-in-one printer/scanner - maybe for networking. Works fine without it - but may be needed when used over a network
[pdvdserv]
Filename=PDVDServ.exe
Confirmed=U
Description=Remote Control background application for CyberLink's PowerDVD version 5 and above. Enables you to use a remote control with your DVD drive if your drive came with one. Not required if you don't have a remote control, or don't wish to use one
[pe2ckfnt se]
Filename=chkfont.exe
Confirmed=N
Description=Used to check whether the fonts are installed properly on your computer or not for a scanner. If you don't want to execute it, you can uncheck it in the startup menu
[peeramid]
Filename=PService.exe
Confirmed=?
Description=In a "Koptimizer" folder in Program Files. <font color="#FF0000">What does it do and is it required?</font>
[pent@value 3.2]
Filename=Pent@VALUE.exe
Confirmed=U
Description=Pent@VALUE Digital Satellite Internet PC Receiver
[peqbl100]
Filename=PEQBL100.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.envid.d@mm.html" target=_blank>ENVID.D</a> WORM!
Description=Print engine used by Corel WordPerfect 7 and Presentations 7
[perfomance monitor]
Filename=davcsync.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32lamuda.html" target=_blank>LAMUD-A</a> WORM!
[perfomance settings]
Filename=svchost.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojtofgerap.html" target=_blank>TOFGER-AP</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in the Winnt or Windows folder
[persfw]
Filename=PersFw.exe
Confirmed=Y
Description=<a href="http://www.kerio.com/us/kpf_home.html" target="_blank">Kerio</a> or <a href="http://www.tinysoftware.com/home/tiny2?la=EN" target="_blank">Tiny</a> Personal Firewall
[persistence]
Filename=igfxpers.exe
Confirmed=N
Description=Associated with the Common User Interface module for Intel graphics cards
[personal computer]
Filename=scvhost.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaje.html" target=_blank>RBOT-AJE</a> WORM!
[personal firwall]
Filename=ptmedsrv.exe
Confirmed=X
Description=Added by the <a href="http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_SDBOT.XY" target=_blank>SDBOT.XY</a> WORM!
[pervasive.sql workgroup engine]
Filename=W3dbsmgr.exe
Confirmed=U
Description=Database Service Manager for Pervasive SQL 2000 Workgroup edition. Required if you use Pervasive SQL but it's recommended you start it manually before using it as it has a tendancy to crash/freeze if loaded with other applications at startup
[pestpatrol control center]
Filename=PPControl.exe
Confirmed=U
Description=<a href="http://www.pestpatrol.com/PPControl/" target="_blank">PestPatrol Control Terminal</a> - launches <a href="http://www.pestpatrol.com/default.asp" target="_blank">PestPatrol</a> features such as PPMemCheck and CookiePatrol
[pestpatrolcl]
Filename=PestPatrolCL.exe
Confirmed=?
Description=<a href="http://www.pestpatrol.com/" target= blank>PestPatrol's</a> command line scanner, combines with the Windows Task scheduler and is required in cases where schedules for regular scanning are set
[petit larousse 2001]
Filename=HIPL2000Popup.exe
Confirmed=U
Description=Popup dictionary tool
[pex sound driver]
Filename=Today's Results.vbs
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32trodea.html" target=_blank>TRODE-A</a> WORM!
[pex sound driver 2]
Filename=Today's Results.vbs
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32trodea.html" target=_blank>TRODE-A</a> WORM!
Description=PGPsdkServ.exe is the new SDK service which is responsible for performing all PGP key management and cryptographic functions. This functionality was moved into a service to allow multiple modules simultaneous read/write access to the keyrings, among other things. As you can imagine, it is necessary for PGPsdkServ to be running in order to perform practically any PGP functionality
[pgpservice]
Filename=pgpservice.exe
Confirmed=U
Description=PGPservice.exe has two main purposes: (1) it handles a large part of the PGPnet functionality (along with the PGPnet driver) and (2) it allows efficient access to the PGP preferences database. The individual PGP modules normally access the preferences through PGPservice, but they are capable of a "fall-back" mode where they can handle such access on their own. Thus, if you are not running PGPnet, you may not immediately notice much of a difference if you disable PGPservice. If you are running PGPnet, you will notice a big difference
[pgptray]
Filename=pgptray.exe
Confirmed=N
Description=PGP 7.x. Provides icon tray shortcuts to PGP programs from Network Associates. Available via Start -> Programs
[pgstub.exe]
Filename=[various filenames]
Confirmed=X
Description=Unidentified adware
[pgtaff]
Filename=pgtaff.exe
Confirmed=X
Description=AdRotator adware variant
[phime2002a]
Filename=TINTSETP.EXE
Confirmed=N
Description=Part of Microsoft's Input Message Editor (IME) for translating Japanese/Chinese text in IE, Outlook and Word
[phime2002async]
Filename=TINTSETP.EXE
Confirmed=N
Description=Part of Microsoft's Input Message Editor (IME) for translating Japanese/Chinese text in IE, Outlook and Word
[phime2oo2asyst]
Filename=[path to trojan]
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdbdoorb.html" target=_blank>DBDOOR-B</a> TROJAN!
[phonefree version 6.2]
Filename=PHONEF??.EXE
Confirmed=U
Description=An Internet telephony application. Complicated registration and ad banners tailored to your profile - see <a href="http://www.phonefree.com/" target="_blank">here</a>
[photo express calendar checker se]
Filename=CALCHECK.EXE
Confirmed=N
Description=If you create multiple Weekly/Monthly/Yearly calendars to use as your wallpaper, Photo Express will replace the wallpaper automatically. Photo Express 2.0 has a calendar checker which checks the date on your system and updates your wallpaper accordingly
[photo loader supervisory]
Filename=Plauto.exe
Confirmed=N
Description=Casio's Photo Loader software. Hook up your camera to the USB port, and it pops up and asks you if you want to load your pictures
[photoshow deluxe media manager]
Filename=mssysmgr.exe
Confirmed=N
Description=Simple Star <a href="http://www.simplestar.com/site_html/index.php" target=blank>PhotoShow Deluxe</a> photo editing and organizing software, makes it easy to send and share digital photos. Bundled with software from Nero, ComCast, SnapFish, MacroMedia and others
[photowise quicklink]
Filename=quicklnk.exe
Confirmed=N
Description=Agfa PhotoWise - "PhotoWise QuickLinkTM lets you drag and drop photos right from the camera into your document (applications must be OLE-compliant). Use PhotoWise to print contact sheets and photographic prints. Create slide shows, screen savers, wallpaper and more."
[pic system]
Filename=picx.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MYTOB.LL&VSect=P" target=_blank>MYTOB.LL</a> WORM!
[picasa media detector]
Filename=PicasaMediaDetector.exe
Confirmed=N
Description=Media detector for <a href="http://www.picasa.net/" target="_blank">Picasa</a>'s automatic photo organizer
[picasanet]
Filename=Hello.exe
Confirmed=N
Description=<a href="http://www.hello.com/index.php" target=_blank>Hello</a> is an application that allows Blogger users to post digital photos and captions directly to their personal weblogs, or blogs
[pickatag]
Filename=pickatag.exe
Confirmed=N
Description=<a href="http://home.wanadoo.nl/jeroen/software.html" target="_blank">Pick-a-tag</a> - "Freeware utility for random selection of your taglines. This utility randomly picks a tagline out of a list of taglines. It will create a signature file which your mailer can use to place under your messages"
[picprtr]
Filename=PICPRTR.EXE
Confirmed=N
Description=Program for viewing and measuring a variety of 3D CAD data formats
Description=System Tray access to <a href="http://www.picturebuzz.com" target="_blank">PictureBUZZ</a> on-line printing software from Streetwise Software. If you use the software set the page you use as a favourite in your browser and run it manually
[pidunhk]
Filename=PIDUNHK.EXE
Confirmed=U
Description=Part of the Prodigy Internet software - part of the dialer/DUN. Presumably needed for users of that service otherwise you may not be able to connect, although you may try creating your own shortcut and see what happens
[piiserviceoe]
Filename=N/A
Confirmed=U
Description=<a href="http://www.giantcompany.com/" target=_blank>Spam Inspector</a> (nee Postal Inspector) from The Giant Company or <a href="http://www.sunbelt-software.com/product.cfm?id=930" target=_blank>iHateSpam</a> from Sunbelt Software - spam filter add-ons for OE
[pilif]
Filename=pilif.exe
Confirmed=X
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/w32.fili@mm.html" target="_blank">FILI</a> WORM!
[pinger]
Filename=pinger.exe
Confirmed=N
Description=Pinger is the resident program for Toshiba updates. Periodically checks to see if there are any software/driver upgrades for your particular computer model. If it finds any, it posts a notification
[pingtimeout institution]
Filename=pingchek.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotvy.html" target=_blank>SDBOT-VY</a> WORM!
[pinnacledrivercheck]
Filename=PSDrvCheck.exe
Confirmed=Y
Description=Part of <a href="http://www.pinnaclesys.com/" target="_blank">Pinnacle Systems</a> InstantCD/DVD and InstantCopy CD/DVD copying software that verifies drive settings. Once loaded it doesn't use any resources so you can leave it enabled
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobff.html" target=_blank>MYTOB-FF</a> WORM!
[piracy]
Filename=SysUtil.exe
Confirmed=N
Description=Software Piracy Alert feature bundled with <a href="http://www.pgware.com/products/gamegain/" target=_blank>PGWare</a> software. Cries foul when it detects an 'illegal' version. The alerts are reported to disappear as soon as the software is correctly registered. There are privacy issues though: "The Software includes a feature that assigns a unique order number to GameGain based on purchase information. The Software reports this number to us via the internet either when you run the Software or enter the registration number, or both. The Software may also identify and report to us your IP address, date and time of installation, registration and/or use. We use this information strictly to count the number of installations, detect unauthorized access or piracy of the Software, and develop rough statistical data regarding the geographic location of our users"
[pivotsoftware]
Filename=wpctrl.exe
Confirmed=N
Description=PivotPro from <a href="http://www.portrait.com/" target="_blank"> Portrait Studios</a> - allows a screen to be rotated to match rotated LCD screens, for example). Shortcut available via Display Properties
[pixel32]
Filename=Pixel32.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html" target="_blank">GEMA</a> TROJAN!
[pixelpwr32]
Filename=Pixelpwr32.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html" target="_blank">GEMA</a> TROJAN!
[pixelsvr]
Filename=Pixelsvr.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html" target="_blank">GEMA</a> TROJAN!
[pjwebcam]
Filename=pjWebCam.exe
Confirmed=U
Description=Webcam automation software that saves regular photos from webcam and can also act as HTTP server
[pk guard]
Filename=pkguard32.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.guapim.html" target=_blank>GUAPIM</a> WORM!
[pk services]
Filename=pksvc.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotbw.html" target=_blank>FORBOT-BW</a> WORM!
[pktanything]
Filename=PocketCompanion.exe
Confirmed=U
Description=<a href="http://www.o2pocket.com/pocketanythinginfo" target=_blank>PocketAnything</a> lets you save anything on your computer to your mobile, with one click
[planlµgningsagent]
Filename=mstask.exe
Confirmed=U
Description=Windows Task Scheduler (on Danish language versions of Windows) - displayed as a box with a stopwatch in the System Tray. Required if you have regularly scheduled tasks like defragmenting, ScanDisk, weekly virus scans and so on
[playboy]
Filename=playavi.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.gamanlock.html" target=_blank>GAMANLOCK</a> TROJAN!
[pleapcpucpl]
Filename=pleapu.exe
Confirmed=U
Description=<a href="http://www.powerleap.com/Products/ccp.htm" target="_blank">CPU Control Panel</a> for the Powerleap CPU upgrade
[plffap]
Filename=HotfixQ0306270.exe
Confirmed=?
Description=Prolific Technology Inc. USB Flash Disk driver - <font color="#FF0000">is it required in startup?</font>
[plguni]
Filename=Plguni.exe
Confirmed=N
Description=<a href="http://www.mcafee.com/myapps/qc3/default.asp" target="_blank">McAfee QuickClean 3.0</a> - removes internet clutter and unwanted programs
[plmg.exe]
Filename=plmg.exe
Confirmed=U
Description=Paragon Last Minute Bidder - auction assistant software
[ploader]
Filename=umsd.exe
Confirmed=?
Description=USB Mass Storage Disk related tray icon. <font color="#FF0000">Is it required?</font>
[plob]
Filename=kernel.com
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_OPTIXPRO.12" target="_blank">OPTIXPRO.12</a> TROJAN!
[plook]
Filename=plook.exe
Confirmed=X
Description=AffiliateTarget.com alias <a href="http://www.symantec.com/avcenter/venc/data/adware.plook.html" target=_blank>PLook</a> adware
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotid.html" target=_blank>RBOT-ID</a> WORM!
[pluto! pager]
Filename=srvhandle.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.redplut.html" arget=_blank>REDPLUT</a> VIRUS!
[plxstart]
Filename=PLXSTART.EXE
Confirmed=U
Description=Sets the spindown timeout and access speeds at startup and displays the "Plextor Manager 2000" splash screen for Plextor CD-RW.
[plxtask]
Filename=PLXTASK.EXE
Confirmed=N
Description=Taskbar utility for a "control panel" for a Plextor CD-RW. Has MVP 2000 (audio CD player), DiscDupe 2000 (self explanatory CD copying program) and AudioCapture 2000 (rips audio CDs into MP3 or WAV files)
[pm32ctrl]
Filename=pwr32crtl.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A" target="_blank">CRYPTER.A</a> TROJAN!
[pm32info]
Filename=pm32info.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A" target="_blank">CRYPTER.A</a> TROJAN!
[pmc]
Filename=764.exe
Confirmed=X
Description=Adult content dialler
[pmcqt]
Filename=pmcqt.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdlucav.html" target=_blank>DLUCA-V</a> TROJAN!
[pmedia]
Filename=winsrvc.exe
Confirmed=X
Description=Internet marketing sofware from <a href="http://www.permissionedmedia.com/" target="_blank">Permissioned Media Inc.</a> as used in E-Card FriendGreetings foistware - see <a href="http://vil.nai.com/vil/content/v_99760.htm" target="_blank">here</a>. Treated by Trend as the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_FRIENDGRT.B" target="_blank">FRIENDGRT.B</a> WORM!
[pmproxy]
Filename=PmProxy.exe
Confirmed=?
Description=Associated with Analog Devices "SoundMAX" audio chipset - often built-in to motherboards. <font color="#FF0000">What does it do and is it required?</font>
Description=According to the web site <a href="http://www.personalmoneytree.com/" target=_blank>Personal Money Tree</a> is an automatic cash rebate program. Note: Not recommended
[pmtshoot]
Filename=pmtshoot.exe
Confirmed=N
Description=MS tool for troubleshooting power management problems
[pmxinit]
Filename=pmxinit.exe
Confirmed=U
Description=Restores user display preferences Kyro2 based graphics cards. Not required unless you change the default settings - such as gamma
[pnagent]
Filename=PNAgent.exe
Confirmed=N
Description=<a href="http://www.phatnoise.com/products/software/music_manager.php" target="_blank">PhatNoise Music Manager</a> - manages WMA, MP3, WAV, etc music files
[pnp]
Filename=wuaaclt.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32lilbrea.html" target=_blank>LILBRE-A</a> WORM!
[pnp driver]
Filename=playboy.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotfr.html" target=_blank>FORBOT-FR</a> WORM!
[pnp fix]
Filename=[worm filename]
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotakq.html" target=_blank>RBOT-AKQ</a> WORM!
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.doep.a.html" target="_blank">DOEP.A</a> WORM!
[pofatch]
Filename=nstrue.exe
Confirmed=X
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.randexz.html" target="_blank">RANDEX.Z</a> WORM!
[point32]
Filename=point32.exe
Confirmed=U
Description=<a href="http://www.microsoft.com/intellipoint/" target="_blank">Microsoft Intellipoint</a> software for their Intellimouse series of mice - required if you use non-standard Windows driver features
[pointer]
Filename=point32.exe
Confirmed=U
Description=<a href="http://www.microsoft.com/intellipoint/" target="_blank">Microsoft Intellipoint</a> software for their Intellimouse series of mice - required if you use non-standard Windows driver features
[pollon]
Filename=pollone.exe
Confirmed=X
Description=Added by the <a href="http://se.trendmicro-europe.com/smb/security_info/ve_detail.php?Vname=WORM_SPYBOT.FW" target=_blank>SPYBOT.FW</a> WORM!
[polo.exe]
Filename=polo.exe
Confirmed=X
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagentpe.html" target=_blank>AGENT-PE</a> TROJAN!
[pop]
Filename=PopSrv***.exe
Confirmed=X
Description=<a href="http://www.pchell.com/support/peopleonpage.shtml" target="_blank">PeopleonPage</a> foistware, bundled with Grokster where *** are random digits
Description=<a href="http://www.popupstopper.net/product_dpps.html" target="_blank">Pop-Up Stopper</a> Companion from Panicware. Pop-up blocker integrated into the IE toolbar. Note that the Pro version doesn't load in startup as it is installed as an Internet Explorer toolbar. Can cause problems with IE if you use WinXP and uninstall Service Pack 1. Uninstalling the software leaves it in the startup group
[pop-up_blocker]
Filename=Popup.exe
Confirmed=U
Description=A <a href="http://www.totalidea.com/frameset-tweakxp.htm" target=_blank>Tweak-XP</a> component, blocks advertisement pop-up windows in Internet Explorer. Can be enabled/disabled via Tweak-XP -> Internet Tweaks
Description=<a href="http://www.jsmadeeasy.com/archive/shellutilities/" target="_blank">PopOpen</a> makes your windows spring open with animation effects
[poproxy]
Filename=POPROXY.EXE
Confirmed=Y
Description=Proxy E-mail protection from Norton Anti-Virus (prior to 2002). If you have it installed, leave it enabled to automatically check for suspect attachments in E-mails that may contain viruses. It downloads the E-mail into poproxy, which serves as a proxy server on the local machine, before scanning it
Description=<a href="http://www.meaya.com/" target="_blank">Popup Ad Filter</a> - pop-up killer
[popup blocker system]
Filename=PopUpBlocker.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
[popup blocker system326a monitoring]
Filename=PopUpBlocker6a.exe
Confirmed=X
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.AUH&VSect=P" target=_blank>RBOT.AUH</a> WORM!
[popup blocker system8 monitoring]
Filename=PopUpBlocker8.exe
Confirmed=X
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
[popup blocker updater]
Filename=regsvr32 veev****.dll [**** = random char]
