| Name |
Filename |
Status |
Description |
|
CallControl
|
ftctrl32.exe
|
N
|
FaxTalk Messenger Pro is a Windows TAPI based 32-bit application. When installed, the software automatically loads FaxTalk CallControl when you start Windows. When FaxTalk CallControl is running, any TAPI compliant application can request to use the modem from Windows
|
|
CallBumping
|
cbpopw.exe
|
Y
|
Associated with the Gazel 128 PCI ISDN adapter. This program is required if you use the ISDN adapter. |
|
Bymer.Scanner
|
Wininit.exe
|
X
|
Added by the W32.HLLW.Bymer worm! Please note that this infection should not be confused with the legitimate Windows file located at %System%\wininit.exe. You should only think this file is an infection if you also have a Run entry containing the name listed in this page. |
|
bxxs5
|
bxxs5.dll
|
X
|
|
|
BullsEye Network
|
bargains.exe
|
X
|
|
|
BuildBU
|
bldbubg.exe
|
N
|
A process associated with Dell alerts that notifies the user when updates are available. Not required, but users may find it helpful
|
|
Browser Pal
|
adblck.exe
|
X
|
|
|
BPK
|
bpk.exe
|
U
|
Blazing Tools Perfect Keylogger (monitoring program). Given a "U" recommendation because it depends if you intentionally installed it. If you didn't treat it as "X" and uninstall or remove |
|
BlueToothAuthentication Agent
|
irprops.cpl
|
U
|
Associated with BlueTooth software, and registers the "Infrared Port properties" Control Panel applet. Should you get the error message, "Rundll irprops.cpl missing entry Bluetooth authentication agent", click here here for more information. In case you no longer have BlueTooth support installed, and don't need it, simply uncheck the entry in Msconfig > Startup |
|
bldbubg
|
bldbubg.exe
|
N
|
A process associated with Dell alerts that notifies the user when updates are available. Not required, but users may find it helpful.
|
|
blah service
|
tazkmgr.exe
|
X
|
Added by the RBOT.UA WORM! |
|
blah service
|
msnmsgrr.exe
|
X
|
Added by the RBOT.PZ WORM! |
|
blah service
|
smnp.exe
|
X
|
Added by the RBOT.IZ WORM! |
|
blah service
|
internet.exe
|
X
|
Added by a variant of the RBOT WORM! |
|
blah service
|
winsysengine.exe
|
X
|
Added by the RBOT-KI WORM! |
|
blah service
|
winupdate.exe
|
X
|
Added by the GAOBOT.BIA WORM! |
|
BJCFD
|
CFD.exe
|
N
|
BroadJump Client Foundation. Broadband troubleshooting software installed by various companies. Not required and you can remove it via Add/Remove programs
|
|
bg
|
bullguard.exe
|
Y
|
Bullguard antivirus and firewall. The P2P version is free with KaZaA Media Desktop and Grokster
|
|
BDSwitchAgent
|
bdswitch.exe
|
Y
|
Bitdefender 8 antivirus and firewall
|
|
BDOESRV
|
bdoesrv.exe
|
Y
|
Bitdefender 8 antivirus and firewall
|
|
BDNewsAgent
|
bdnagent.exe
|
Y
|
BitDefender antivirus - updater.
|
|
BDMCon
|
Bdmcon.exe
|
Y
|
|
|
bargains
|
bargains.exe
|
X
|
|
|
BackupNotify
|
backupnotify.exe
|
N
|
Displays tray balloon backup reminder for HP Image Zone Plus.
|
|
AVWLPSTA
|
AVWLPSTA.exe
|
U
|
PRISM Status Tray Applet. This is a Prism wireless network applet designed to scan for wireless access points and connect to them. It is often furnished with notebook computers featuring built-in wireless networking. It is a very handy tool, and functionally superior in many ways to XP's equivalent interface, though much less attractive to the eye.
|
|
avserve.exe
|
avserve.exe
|
X
|
Added by the SASSER WORM! |
|
AVG_EMC
|
AVGEMC.exe
|
Y
|
AVG Anti-Virus 7.0 Email Cleaner. Scans incoming and outgoing email for viruses
|
|
AVG7_EMC
|
AVGEMC.exe
|
Y
|
AVG Anti-Virus 7.0 Email Cleaner. Scans incoming and outgoing email for viruses
|
|
AVG7_CC
|
AVGCC.exe
|
Y
|
AVG Anti-Virus 7.0 Control Center. Allows you to manage and control all AVG Anti-Virus components, settings and updates
|
|
avast!
|
ashDisp.exe
|
Y
|
Part of Avast! anti-virus software |
|
Avast!
|
ashserv.exe
|
Y
|
Main executable for Avast antivirus. |
|
Auto updat and other names
|
crsrs.exe
|
X
|
Added by the FORBOT-AK WORM! |
|
AtiPTA
|
Atiptaxx.exe
|
U
|
Control panel for the ATI series of video cards allowing access to such features as display resolution, colour depth, etc. Available via Start -> Settings -> Control Panel -> Display. Some users may need it if they have optimised their settings
|
|
ATIPOLL
|
ati2evxx.exe
|
U
|
ATI External Event Utility EXE Module. This task can comsume lots of CPU resournces on some computers, but it can help with graphics card problems. Leave enabled unless it consumes too many CPU resources
|
|
ATIPOLAB
|
ati2evxx.exe
|
U
|
ATI External Event Utility EXE Module. This task can comsume lots of CPU resournces on some computers, but it can help with graphics card problems. Leave enabled unless it consumes too many CPU resources
|
|
ATICCC
|
cli.exe
|
U
|
ATI's CATALYST™ CONTROL CENTER. Required if you want to change graphics settings on a regular basis but you must have internet access and Microsoft's .NET framework installed. Note that this has "runtime" appended to cli.exe in the "Command" column of MSCONFIG. If not you can start the program manually via Start -> Programs -> ATI Catalyst Control Center -> Advanced -> Restart Runtime
|
|
Ati2mdxx
|
Ati2mdxx.exe
|
N
|
For ATI video cards. System Tray access to display mode changing
|
|
ASUS Probe
|
AsusProb.exe
|
N
|
ASUS video card fan/thermal monitor - only required if you overclock your card or live in a hot area
|
|
AsioReg
|
ctasio.dll
|
U
|
ASIO (Audio Stream In/Out) drivers for the SoundBlaster Audigy 2 series soundcards - for recording and home project studios. Required if you use this functionality.
|
|
ASHLT
|
Ashlt.exe
|
X
|
Adware - leads back to an ad server
|
|
Ashampoo PopUpBlocker
|
PopUpKiller.exe
|
U
|
Ashampoo popup blocker, part of Privacy Protector Plus - see here |
|
areslite
|
AresLite.exe
|
N
|
Ares Lite Edition is "a Windows program that enables peer-to-peer file-sharing on the Ares P2P network. As a member of the P2P community you can search and download any file shared by other users. You can meet new friends in Ares chatrooms while you download"
|
|
ares
|
ares.exe
|
N
|
Ares is "a Windows program that enables peer-to-peer file-sharing on the Ares P2P network. As a member of the P2P community you can search and download any file shared by other users. You can meet new friends in Ares chatrooms while you download"
|
|
Apoint
|
Apoint.exe
|
U
|
Touchpad software for laptop PC's. For instance it is found on the Panasonic machines and allows part of the touchpad to be used for document or Web-page scrolling. Required for proper functioning of the pointing software but not required for the laptop to work
|
|
APC UPS Status
|
Display.exe
|
Y
|
|
|
AME_CSA
|
amecsa.cpl
|
N
|
Loads ADSL modem Control Panel applet
|
|
ALServ
|
ALServ.exe
|
Y
|
Used to control the volume on the 2 satellite speakers and subwoofer of older Altec Lansing speaker systems.
|
|
Alexa
|
Alexa.exe
|
N
|
Alexa Toolbar "is a downloadable toolbar that helps you navigate the Internet as you surf, by instantly providing you with related information about the site you're viewing". Available via Start -> Programs
|
|
AlcxMonitor
|
Alcxmntr.exe
|
X
|
Realtek AC97 Audio - Event Monitor. Sypware file used surreptitiously monitor one's actions. It is not a sinister one, like remote control programs, but is being used by Realtek to gather data about customers
|
|
alcmtr
|
ALCMTR.EXE
|
X
|
Realtek AC97 Audio - Event Monitor. "Sypware" file used surreptitiously monitor one
|
|
AGRSMMSG
|
AGRSMMSG.exe
|
Y
|
IBM AMR modem driver
|
|
adstartup
|
Adstartup.exe
|
X
|
|
|
Adobe Reader Speed Launch
|
reader_sl.exe
|
N
|
Speeds up the time it takes to load the Adobe Reader application. Your choice, but not required for Adobe Reader to function properly |
|
AddClass
|
AddClass.exe
|
X
|
|
|
Active shield
|
Activeshield.exe
|
X
|
Active Shield is "an heuristic screen that actively protects your computer from trojans, spyware, adware, trackware, dialers, keyloggers, and even some special kinds of viruses". Considered a security risk by Symantec. |
|
Acronis TrueImage Monitor
|
TrueImageMonitor.exe
|
N
|
Part of Acronis True Image - backup software. Can be disabled without affecting TrueImage. |
|
Acronis Scheduler2 Service
|
schedhlp.exe
|
U
|
Part of Acronis True Image - backup software. Co-operates with the "schedul2.exe" servuce to perform backup/restore tasks correctly. Required if you want to use TrueImage to do some real backup/restore tasks - not if you only want to explore/mount images. |
|
Aconti
|
aconti.exe
|
X
|
Adult content dialler
|
|
AceGain LiveUpdate
|
LiveUpdate.exe
|
N
|
AceGain_LiveUpdate. "AceGain LiveUpdate provides a fully managed and customizable LiveUpdate platform that seamlessly integrates with a game. As soon as an update is made available, AceGain manages the alert, download and installation as well as version control and user network preferences."
|
|
A4Proxy
|
A4Proxy.exe
|
U
|
Anonymity 4 Proxy - local proxy server that makes you anonymous when visiting web sites
|
|
5-2-46-112
|
5-2-46-112.exe
|
X
|
Adult content pop-up dialler. Removal instructions here |
|
3D Text
|
3D Text.scr
|
X
|
Added by the JERMY.A WORM! |
|
180ax
|
180ax.exe
|
X
|
|
|
12Ghosts Popup-Killer
|
12popup.exe
|
U
|
|
|
123456
|
123456.cpl
|
X
|
Added by the KITRO.C (or DANDI.A) WORM! 123456 can be any random 3 to 6 digit number. Please not that C:\Windows\System32\shell32.dll is a legitimate file and should not be deleted. |
|
.mscdr
|
lassa.exe
|
X
|
Added by the WEBUS.C TROJAN! |
|
,main drive Loader
|
wininfo.exe
|
X
|
Suspected malware as it appears in 3 different registry locations - see here |
|
*WinLogon
|
[trojan path]
|
X
|
Added by the VUNDO TROJAN! |
|
*windows update
|
wuraclt.exe
|
X
|
Added by the RBOT-PO WORM! |
|
*windows update
|
wuaucrlt.exe
|
X
|
Added by the SPYBOT.HUR WORM! |
|
*windows update
|
wuanclt.exe
|
X
|
Added by the RBOT-PG WORM! |
|
*windows update
|
wrauclt.exe
|
X
|
Added by the RBOT-QU WORM! |
|
*StateMgr
|
statemgr.exe
|
Y
|
Windows ME default for System Restore. Do NOT disable!
|
|
*JanisRuckenbrodII
|
janis.com
|
X
|
|
|
(default)
|
winhelp.exe
|
X
|
Added by the BLACKMAL.C WORM! |
|
(default)
|
twunk_32.exe
|
X
|
Added by the BLACKMAL.C WORM! |
|
(default)
|
[random filename].exe
|
X
|
Added by the BLACKMAL WORM! |
|
(Default)
|
NOTEPAD.exe
|
X
|
Added by the RUSTY WORM! Note - not to be confused with the valid Windows "NOTEPAD" text editor |
|
(Default)
|
Shania.vbs
|
X
|
Added by the SHANIA TROJAN! |
|
(Default)
|
media_driver.exe
|
X
|
Added by the TUPEG VIRUS! |
|
(*)Run
|
win32API.exe
|
X
|
Homepage hijacker. (* = any digit)
|
|
(*)API Machine
|
winSOCKS.exe
|
X
|
Homepage hijacker. (* = any digit)
|
|
%FP%Barak013 FWPortal.exe
|
FWPortal.exe
|
U
|
Barak013 ISP software
|
|
%FP%Barak013 fts.exe
|
fts.exe
|
N
|
Part of the Friendly technologies PPPOE DSL Driver. This is customized for use with the Barak013 ISP.
|
|
%FP%1776 Internet FWPortal.exe
|
FWPortal.exe
|
U
|
1776 Internet ISP software.
|
|
%FP%1776 Internet fts.exe
|
fts.exe
|
N
|
Part of the Friendly technologies PPPOE DSL Driver. This is customized for use with the 1776 Internet ISP.
|
|
%FP%012-L2TP FWPortal.exe
|
FWPortal.exe
|
U
|
012.Net ISP software.
|
|
%FP%012-L2TP fts.exe
|
fts.exe
|
N
|
Part of the Friendly technologies PPPOE DSL Driver. This is customized for use with the 012.Net ISP.
|
|
%cmpmixtitle%
|
Unknown
|
N
|
Possibly related to C-Media Mixer Control panel?
|
|
$WindowsRegKey%update
|
IEXPLORE.EXE
|
X
|
Added by the RBOT-EZ WORM! Note - this is not the legitimate Internet Explorer ( iexplore.exe) process, which should not appear in Msconfig/Startup unless you add it manually! |
|
$EnterNet
|
Enternet.exe
|
?
|
Connection manager for the EnterNet ISP. You can also use RASPPOE |
|
!NoLoad
|
winrecon.exe
|
N
|
WinRecon - surveillance software that creates records of everything people do on a computer, ie, spying or monitoring depending upon how you call it
|
|
!1_ProcessGuard_Startup
|
procguard.exe
|
Y
|
DiamondCS ProcessGuard security software - stops malicious worms and trojans from being executed silently in the background, as well as a variety of other attacks |
|
!1_pgaccount
|
pgaccount.exe
|
Y
|
DiamondCS ProcessGuard security software - stops malicious worms and trojans from being executed silently in the background, as well as a variety of other attacks. You will see one instant of pgaccount.exe for every active account on your system, and this is essential for PG to work properly |
|
N/A
|
system32.exe
|
X
|
Added by the AGOBOT-KU WORM! Note - has a blank entry under the Startup Item/Name field |