Added by the Troj/Agent-OBM Trojan.

Added by various versions of NTRU Cryptosystem software by SecurityInnovation. Preinstalled on many computers, TCG Software Stack (TSS) is a library that allows access to the Trusted Platform Module security chip which is on many motherboards.  It is used primarily by applications such as Wave Embassy Suite.  If you are not using the Trusted Platform Module, this service can be disabled.

Preinstalled on certain Dell laptops, the Smith Micro Connection Manager Service is within the Connection Manager module and is responsible for WiFi security, automatically switching networks, and other aspects of wireless connections.  Note that the Connection Manager Module and therefore the Smith Micro Connection Manager may be installed on other computers and have file paths unique to those computers.

Developed by Broadcom, this file is preinstalled on certain computers with fingerprint readers.  This file is the Host Control Service for fingerprint processing.  Not needed if you don't use the fingerprint reader.

This service is preinstalled on some Dell computers and is part of Dell ControlPoint software  and manages support for the Dell ControlPoint button.  Necessary if you want to use this software.

Developed by Intel, the Alert Standard Format agent sends and receives e-mails among computers on a network concerning computer and network management.  If your computer is a stand-alone computer, this service is not needed.

This service manages the scheduled virus scans for the  Avira AntiVir Personal Free Antivirus antivirus program.

Added by the Troj/Agent-NWQ.

Added by the Troj/Mdrop-CRA Trojan. This infection should not be confused with the legitimate C:\Windows\System32\alg.exe executable.

Preinstalled on certain computers, this file is the service for Sony's FeliCa Reader/Writer (Scroll to the bottom for PC usage and also click on the link there for more specifics).  For personal computers, this technology, among other tasks, enables users to pay for online games and on-demand video.

Windows service that enables installation, modification, and removal of Windows updates and optional components. If this service is disabled, install or uninstall of Windows updates might fail for this computer.

Provides system support for NVIDIA Stereoscopic 3D driver.

This Windows service enables the download, installation and enforcement of digital licenses for Windows and Windows applications. If the service is disabled, the operating system and licensed applications may run in a notification mode. It is strongly recommended that you not disable the Software Protection service.

This Windows service receives trap messages generated by local or remote Simple Network Management Protocol (SNMP) agents and forwards the messages to SNMP management programs running on this computer. If this service is stopped, SNMP-based programs on this computer will not receive SNMP trap messages. If this service is disabled, any services that explicitly depend on it will fail to start.

The startup of this Windows service signals other services that the Security Accounts Manager (SAM) is ready to accept requests. Disabling this service will prevent other services in the system from being notified when the SAM is ready, which may in turn cause those services to fail to start correctly. This service should not be disabled.

In Windows 2003 and earlier versions of Windows, the Remote Procedure Call (RPC) Locator service manages the RPC name service database. In Windows Vista and later versions of Windows, this service does not provide any functionality and is present for application compatibility.

Windows service that provides protected storage for sensitive data, such as passwords, to prevent access by unauthorized services, processes, or users.

Windows service that enables remote users and 64-bit processes to query performance counters provided by 32-bit DLLs. If this service is stopped, only local users and 32-bit processes will be able to query performance counters provided by 32-bit DLLs.

Windows service that securely enables the creation, management, and disclosure of digital identities.

The Windows CNG key isolation service is hosted in the LSA process. The service provides key process isolation to private keys and associated cryptographic operations as required by the Common Criteria. The service stores and uses long-lived keys in a secure process complying with Common Criteria requirements.

Windows service that adds, modifies, and removes applications provided as a Windows Installer (*.msi) package. If this service is disabled, any services that explicitly depend on it will fail to start.

Windows service that provides ability to share TCP ports over the net.tcp protocol.

Windows service that saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports.

Oops!Backup backup software service.

Windows service that is responsible for running portions of Microsoft Office Diagnostics.

Provides system and desktop level support to the NVIDIA display driver

Service used by various CD/DVD Drive vendors and software for interacting with the installed CD/DVD drive.

Google Updater keeps your Google software up to date. If Google Updater Service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work.

Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it.

This Windows service is responsible for applying settings configured by administrators for the computer and users through the Group Policy component. If the service is stopped or disabled, the settings will not be applied and applications and components will not be manageable through Group Policy. Any components or applications that depend on the Group Policy component might not be functional if the service is stopped or disabled.

Please note that this service is launched by svchost.exe, but the actual application is what is listed as the filename.

Windows service that optimizes performance of Windows Presentation Foundation (WPF) applications by caching commonly used font data. WPF applications will start this service if it is not already running. It can be disabled, though doing so will degrade the performance of WPF applications.

Windows service that optimizes performance of applications by caching commonly used font data. Applications will start this service if it is not already running. It can be disabled, though doing so will degrade application performance.

Please note that this service is launched by svchost.exe, but the actual application is what is listed as the filename.

Allows you to share Flip videos on popular social media sites.

The FileZilla FTP Server.

Windows service that publishes this computer and resources attached to this computer so they can be discovered over the network. If this service is stopped, network resources will no longer be published and they will not be discovered by other computers on the network.

Please note that this service is launched by svchost.exe, but the actual application is what is listed as the filename.

The FDPHOST Windows service hosts the Function Discovery (FD) network discovery providers. These FD providers supply network discovery services for the Simple Services Discovery Protocol (SSDP) and Web Services – Discovery (WS-D) protocol. Stopping or disabling the FDPHOST service will disable network discovery for these protocols when using FD. When this service is unavailable, network services using FD and relying on these discovery protocols will be unable to find network devices or resources.

Please note that this service is launched by svchost.exe, but the actual application is what is listed as the filename.

Windows service that enables you to send and receive faxes, utilizing fax resources available on this computer or on the network.

Related to the Lenovo Fingerprint reader.

Added by the Troj/Mdrop-CQL Trojan.

Added by the Troj/Agent-NNB Trojan.

Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start.

Please note that this service is launched by svchost.exe, but the actual application is what is listed as the filename.

This service manages events and event logs. It supports logging events, querying events, subscribing to events, archiving event logs, and managing event metadata. It can display events in both XML and plain text format. Stopping this service may compromise security and reliability of the system.

Please note that this service is launched by svchost.exe, but the actual application is what is listed as the filename.

Starts and stops recording of TV programs within Windows Media Center.

Windows Media Center Service for TV and FM broadcast reception.

Provides the core file encryption technology used to store encrypted files on NTFS file system volumes. If this service is stopped or disabled, applications will be unable to access encrypted files.

The Extensible Authentication Protocol (EAP) service provides network authentication in such scenarios as 802.1x wired and wireless, VPN, and Network Access Protection (NAP). EAP also provides application programming interfaces (APIs) that are used by network access clients, including wireless and VPN clients, during the authentication process. If you disable this service, this computer is prevented from accessing networks that require EAP authentication.

Please note that this service is launched by svchost.exe, but the actual application is what is listed as the filename.

Manages secure network connections for the Juniper VPN client.

The Diagnostic Policy Service enables problem detection, troubleshooting and resolution for Windows components. If this service is stopped, diagnostics will no longer function.

Please note that this service is launched by svchost.exe, but the actual application is what is listed as the filename.

The Wired AutoConfig (DOT3SVC) service is responsible for performing IEEE 802.1X authentication on Ethernet interfaces. If your current wired network deployment enforces 802.1X authentication, the DOT3SVC service should be configured to run for establishing Layer 2 connectivity and/or providing access to network resources. Wired networks that do not enforce 802.1X authentication are unaffected by the DOT3SVC service.

Please note that this service is launched by svchost.exe, but the actual application is what is listed as the filename.

The DNS Client service (dnscache) caches Domain Name System (DNS) names and registers the full computer name for this computer. If the service is stopped, DNS names will continue to be resolved. However, the results of DNS name queries will not be cached and the computer's name will not be registered. If the service is disabled, any services that explicitly depend on it will fail to start.

Please note that this service is launched by svchost.exe, but the actual application is what is listed as the filename.

Registers and updates IP addresses and DNS records for this computer. If this service is stopped, this computer will not receive dynamic IP addresses and DNS updates. If this service is disabled, any services that explicitly depend on it will fail to start.

Please note that this service is launched by svchost.exe, but the actual application is what is listed as the filename.

Provides Disk Defragmentation Capabilities.

Please note that this service is launched by svchost.exe, but the actual application is what is listed as the filename.

The DCOMLAUNCH service launches COM and DCOM servers in response to object activation requests. If this service is stopped or disabled, programs using COM or DCOM will not function properly. It is strongly recommended that you have the DCOMLAUNCH service running.

Please note that this service is launched by svchost.exe, but the actual application is what is listed as the filename.

Added by the Troj/Meredrop-M Trojan.

Added by the W32/Autorun-BCL removable media worm.

Added by the Troj/Keylog-MG keylogger.

Part of Symantec/Norton security products.

Related to AVG anti-virus.

Digital management system for Dragon Age: Origins downloadable content. If this service is disable downloadable content for Dragon Age: Origins will no longer function.

Creative Labs audio driver.

Windows service that performs maintenance activities on the Offline Files cache, responds to user logon and logoff events, implements the internals of the public API, and dispatches interesting events to those interested in Offline Files activities and changes in cache state.

Please note that this service is launched by svchost.exe, but the actual application is what is listed as the filename.

Windows service that provides four management services: Catalog Database Service, which confirms the signatures of Windows files and allows new programs to be installed; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; Automatic Root Certificate Update Service, which retrieves root certificates from Windows Update and enable scenarios such as SSL; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.

Please note that this service is launched by svchost.exe, but the actual application is what is listed as the filename.

Provides licensing services for Creative Audio Engine.

Windows service that manages the configuration and tracking of Component Object Model (COM)+-based components. If the service is stopped, most COM+-based components will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.

Microsoft .NET Framework NGEN service. If you see this process running then it is precompiling .NET assemblies and will terminate itself when completed.

Windows service that copies user certificates and root certificates from smart cards into the current user's certificate store, detects when a smart card is inserted into a smart card reader, and, if needed, installs the smart card Plug and Play minidriver.

Please note that this service is launched by svchost.exe, but the actual application is what is listed as the filename.

Windows service that maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start.

Please note that this service is launched by svchost.exe, but the actual application is what is listed as the filename.

Added by Farstone's VirtualDrive CD emulation software.

A sound driver from Knowles Acoustics.

Related to Norton Internet Security 2008.

Microsoft service that manages firewall and Internet Protocol security (IPsec) policies and implements user mode filtering. Stopping or disabling the BFE service will significantly reduce the security of the system. It will also result in unpredictable behavior in IPsec management and firewall applications.

Please note that this service is launched by svchost.exe, but the actual application is what is listed as the filename.

Microsoft service that hosts the BitLocker Drive Encryption service. BitLocker Drive Encryption provides secure startup for the operating system, as well as full volume encryption for OS, fixed or removable volumes. This service allows BitLocker to prompt users for various actions related to their volumes when mounted, and unlocks volumes automatically without user interaction. Additionally, it stores recovery information to Active Directory, if available, and, if necessary, ensures the most recent recovery certificates are used. Stopping or disabling the service would prevent users from leveraging this functionality.

Please note that this service is launched by svchost.exe, but the actual application is what is listed as the filename.

Microsoft server that provides User Account Control validation for the installation of ActiveX controls from the Internet and enables management of ActiveX control installation based on Group Policy settings. This service is started on demand and if disabled the installation of ActiveX controls will behave according to default browser settings.

Please note that this service is launched by svchost.exe, but the actual application is what is listed as the filename.

Implements web scanning for avast! antivirus.

Implements mail scanning for avast! antivirus.

Manages and implements avast! antivirus services for this computer. This includes the resident protection, the virus chest and the scheduler.

Alternate command and filepath is:

%ProgramFiles%\AVAST Software\Avast\AvastSvc.exe

Microsoft service that manages audio devices for the Windows Audio service. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start

Please note that this service is launched by svchost.exe, but the actual application is what is listed as the filename.

Microsoft service that processes installation, removal, and enumeration requests for software deployed through Group Policy. If the service is disabled, users will be unable to install, remove, or enumerate software deployed through Group Policy. If this service is disabled, any services that explicitly depend on it will fail to start.

Please note that this service is launched by svchost.exe, but the actual application is what is listed as the filename.

Microsoft service that facilitates the running of interactive applications with additional administrative privileges. If this service is stopped, users will be unable to launch applications with the additional administrative privileges they may require to perform desired user tasks.

Please note that this service is launched by svchost.exe, but the actual application is what is listed as the filename.

A Microsoft Service that is used by AppLocker to determine and verify the identity of an applicaiton. Please note that this service is launched by svchost.exe, but the actual application is what is listed as the filename.

ArcSoft Connect provides product management and helpful updates for ArcSoft applications, which enables a better user experience. ArcSoft Connect will be automatically launched while running ArcSoft product, and its tray icon will display in system tray which locates at bottom right corner of the screen. You can click on this icon to view the ArcSoft Connect menu of each module.

Identified by Kaspersky Anti-virus as a variant of the Trojan.Win32.Inject.aogp malware.

Added by the Troj/Agent-MVX.

Added by the Troj/ServU-FZ backdoor FTP program.

Windows service that loads files to memory for later printing.

Microsoft service that supports pass-through authentication of account logon events for computers in a domain.

Virtual PC Host Bus Service driver.

Windows driver related to Storage volumes.

Windows driver related to volume management.

Windows driver for managing Windows volumes.

VMware Virtualization Driver.

VMware service that provides Network address translation for virtual networks.

VMware USB Arbitration Service. Allows USB devices plugged into the HOST to be usable by the guest.

VMware Parallel Port Driver. Allows VMware guests to print through the host's printer.

Allows VMware applications to use virtual networks.

Vmware DHCP service for virtual networks. This allows your Vmware guests to receive an IP address via DHCP.

VMware Bridge Protocol driver.

VMware Keyboard Driver.

VMware Virtual Machine Communication Interface (VMCI) Driver.

Vmware Driver that acts as a authorization and authentication service for starting and accessing virtual machines.