| Name |
Status |
Filename |
Description |
| !NoLoad |
U |
winrecon.exe |
WinRecon
- surveillance software that creates records of
everything people do on a computer, ie, spying or
monitoring depending upon how you call it |
| $EnterNet |
U |
Enternet.exe |
Connection manager for the EnterNet
ISP. You can also use RASPPOE |
| %cmpmixtitle% |
? |
%cmpmixstr% |
Possibly
related to C-Media Mixer Control panel? |
| (*)API
Machine |
X |
winSOCKS.exe |
Homepage hijacker, see here
(* = any digit) |
| (*)Run |
X |
win32API.exe |
Homepage hijacker, see here
(* = any digit) |
| (Default) |
X |
media_driver.exe |
Added as a result of the TUPEG
VIRUS! |
| (Default) |
X |
Shania.vbs |
Added as a result of the SHANIA
VIRUS! |
| (Default) |
X |
NOTEPAD.exe |
Added as the result of the RUSTY
VIRUS! Note - not to be confused with the valid Windows
"NOTEPAD" text editor |
| (default) |
X |
.exe |
Added as a result of the BLACKMAL
VIRUS! |
| *JanisRuckenbrodII |
X |
janis.com |
Added as a result of the POPS
VIRUS! |
| *StateMgr |
Y |
statemgr.exe |
Windows ME default for System
Restore. Do NOT disable! |
| ,main
drive Loader |
X |
wininfo.exe |
Suspected malware as it appears in 3
different registry locations - see here |
| .NET
config |
? |
sysmon32.exe |
?? |
| /l:eng |
N |
N/A |
Related to the Dell OEM version of
the Sound Blaster Audigy 2 sound card. If this item is
listed and checked in startup, the System32 Folder will
appear on every startup |
| 000StTHK |
U |
000StTHK.exe |
Toshiba Hot key functionality for
the function keys (Fn-Esc, Fn-F1 (lock), Fn-F2, Fn-F3,
Fn-F4, Fn-F5 (switching between laptop and CRT display
output), etc...) |
| 00THotkey |
U |
00THotKey.exe |
For Toshiba Satellite notebook
series to use the front buttons, play, stop, next, prev. |
| 123456 |
X |
rundll32.exe shell32.dll,
Control_RunDLL ...123456.cpl |
Added as a result of the KITRO.C
(or DANDI.A)
VIRUS! 123456 can be any random 3 to 6 digit number |
| 12Ghosts
Popup-Killer |
U |
12popup.exe |
12Ghosts
Popup-Killer |
| 17779Proj2002 |
? |
N/A |
?? |
| 1: |
N |
hpdrv.exe |
HP utility for monitoring when and
how many recoveries have been done |
| 1A:MacVisionTrayMonitor |
N |
TrayMonitor.exe |
Comes with the MacVision program for
monitoring tray icons (Note : program is by Stardock) |
| 1A:Stardock
MCP |
Y |
mcpserver.exe |
Master Control Program for Stardock
apps, in development. People should leave it running if
they're using any of the Stardock applications, as it's
important for the above two and likely to become
important for others (like WindowBlinds) as time goes on |
| 1A:Stardock
TrayMonitor |
Y |
TrayServer.exe |
For monitoring tray icons - if
disabled icons will not be displayed in ObjectBar or
DesktopX |
| 1CmailS |
? |
NETMAIL.EXE |
?? |
| 1on1 |
X |
1on1.exe |
Adult content dialler |
| 1Srv32 |
U |
SpyAgent4.exe |
SpyTech SpyAgent
monitoring software. "Spy software that allows you
to monitor EVERYTHING users do on your PC." |
| 1Win32Cfg |
U |
SpyBuddy.exe |
SpyBuddy
monitoring software |
| 1Win32Cfg |
U |
Keyloggerpro.exe |
KeyloggerPro
- monitoring software |
| 2020Downloader |
X |
mssvr.exe |
2020Search Toolbar related. Reported
to be auto-installed |
| 2wSysTray |
U |
2portalmon.exe |
2Wire
Homeportal user interface |
| 39ELTFH25Z8SKF |
? |
Ezg1q5.exe |
Seems to be
associated with software by Resplendence
SP ? |
| 3c1807pd |
Y |
3cmlink.exe 3cpipe-3c1807pd |
3Com WinModem driver. See here
for more WinModem information |
| 3capplnk |
Y |
3capplnk.exe |
US Robotics Modem driver |
| 3cdminic |
N |
3CDMINIC.EXE |
3Com DMI (DynamicAccess Desktop
Management Interface) Agent associated
with 3Com network cards |
| 3CM
Link |
? |
3cmcnkw.exe |
?? |
| 3Cmlink |
Y |
3CmlinkW.exe |
For a US Robotics WinModem. Provides
the link to Windows as the CPU does the processing on
WinModems - won't work without it. See here
for more WinModem information |
| 3ComDMIAgent |
N |
3CDMINIC.EXE |
3Com DMI (DynamicAccess Desktop
Management Interface) Agent associated
with 3Com network cards |
| 3cpipe-USRpdA |
Y |
USRmlnkA.exe |
Modem driver files from US Robotics |
| 3D
Text |
N |
3D Text.scr |
Added as a result of the JERMY.A
VIRUS! |
| 3Deep
Control Panel |
U |
3DeepCTL.EXE |
From LightSurf
Technologies (nee E-Color) - 3Deep
corrects lighting, shading and color for all your 2D and
3D games |
| 3Dfx
Acc |
X |
GFXACC.EXE |
Added as a result of the GIBE
VIRUS! |
| 3dfx
Task Manager |
N |
3dfxMan.exe |
System Tray application for 3dfx
Voodoo 3/4/5 functions. Available via Start ->
Programs |
| 3dfx
Tools |
Y |
3dfxCmn.dll |
Updates the registry with
information that can't be held for Voodoo 3/4/5 series
graphics cards. Important for owners of these cards |
| 3dfxv2ps.dll |
Y |
3dfxv2ps.dll |
Updates the registry with info that
can't be held for 3dfx Voodoo 2 video cards. Important
for owners of these cards |
| 3Dlabs
Taskbar Display Manager |
? |
3DLman.exe |
3DLabs graphics driver related. System
Tray access to display settings? |
| 3DLabsHelperDemon |
U |
3dldemon.exe |
Directly from the programs author
"It is a tiny program that is installed by the
Permedia2/3 and probably other Oxygen-series cards.
Normally it sits in the background doing nothing at all
(sleeping on a semaphore), so it should take zero CPU
time and virtually zero memory, since it will all be
paged out to the hard drive." In most cases it can
be safely disabled |
| 3qdctl.exe |
U |
3qdctl.exe |
Provided with Terratec 128i PCI and
similar sound cards. Loads a sound profile at bootup,
restoring volume and other audio settings to a
pre-determined default. Similar to Creative Lab's
AudioHQ |
| 3ware
3DM |
Y |
3dm.exe |
Monitors status of the disk array on
3ware IDE RAID controllers |
| 4wd!!! |
X |
Natal!.pif |
Added as a result of the OPASERV.AI
VIRUS! |
| 5-1-61-96 |
X |
members-area.exe |
Adult content dialler |
| 5-2-46-112 |
X |
5-2-46-112.exe |
Adult content pop-up dialler.
Removal instructions here |
| 666 |
X |
Ska.exe |
Added as a result of the NETBUS
VIRUS! |
| 9xHtProtect |
X |
AVprotect9x.exe |
Added as a result of the NETSKY.M
VIRUS! |
| ;Rundll |
X |
|
Added as a result of the PWSLEGMIR.E
VIRUS! |
|
|
X |
Regsrv32.com |
Added as a result of the SOUTHGHOST
VIRUS! |
|
|
X |
App.exe |
Added as a result of the WAXPOW
VIRUS! where <filename> is the executed filename |
|
|
X |
Svchosts.exe |
Added as a result of the SDBOT.N
VIRUS! where <name> can be random |
|
|
X |
wincpu.exe |
Added as a result of an unidentified
VIRUS! |
|
|
X |
elf.exe |
Elf is a hacker program, tied to a
trojan server |
| @ |
X |
regedit -s ..win.dll |
Added as a result of the SEEKER.K
VIRUS! |
| @Hoc
Toolbar |
N |
AtHoc.exe |
One-click activated browsing toolbar
used by various web-sites. See here
for more info |
| @loha |
N |
reminder.exe |
Registration reminder for @loha@home
E-mail utility |
| @tour_ww |
X |
@tour_ww[1].exe |
Adult content dialler |
| a |
X |
a.exe |
Commercials file that registers
itself in the system registry and redirects IE to a
certain commercial website |
| a-winpoet-service |
Y |
winpppoverethernet.exe |
WinPoET is the industry's first
Windows-based PPP over Ethernet client. Developed by
iVasion, WinPoET is attractive to equipment providers,
modem suppliers, RBOCs and ISPs. For more info read here.
It uses dial-up networking for new high-speed internet
customers who are more familiar with analogue modems. If
unchecked in MSCONFIG it reports Error 360 - Hardware
Error in dial-up networking |
| A1000
Settings Utility |
U |
cpqa1000.exe |
Compaq A1000 Print Fax All-in-One
copy scan printer software. Required in the Startup in
order to scan, print, copy and fax. Only required if you
use these features |
| A4Proxy |
U |
A4Proxy.exe |
Anonymity
4 Proxy - local proxy server that makes you
anonymous when visiting web sites |
| AAACLEAN |
? |
AAACLEAN.INF |
?? |
| AAAKeyboard |
? |
?? |
?? |
| AAATraySaver |
N |
TraySaver.exe |
System Tray management utility from Mike
Lin which allows you to hide, show, restore icons
that are lost in an Explorer crash, remove dead tray
icons, minimize any window to the System Tray |
| AAK |
U |
aak.exe |
Advanced
Anti-Keylogger - "Anti-spy software to prohibit
operation of any keyloggers currently in use or
presently being developed anywhere" |
| ab
EazyScheduler |
? |
ezsched.exe |
?? |
| ABBYY
Community Agent |
N |
CAGENT.EXE |
Installed with the Optical Character
Recognition (OCR) software that comes bundled with a
Compaq A3000 all-in-one printer/scanner. Its function
appears to be to link you to the internet in an attempt
to buy the 5.0 version of the software |
| ABC |
X |
keylogger.exe |
Monitors keystrokes so you can check
if someone has typed anything while your away from your
PC. Reported as spyware by SpyCop
in their FAQ |
| Absolute
Shield |
U |
dseraser.exe |
Absolute
Shield/Evidence Eliminator - iternet history eraser |
| Absolute
StartUp monitor |
U |
ASMon.exe |
Absolute
Startup - startup monitor from F-Group Software |
| ABsr |
X |
absr.exe |
Added as a result of the AUTOUPDER
VIRUS! |
| absr |
X |
mwsvm.exe |
SeekSeek search hijacker related -
as seen here |
| abtu |
X |
mp3serch.exelopsearch.exe |
Loads the executable for Lop.com.
mp3serch.exe is the final version whilst lopsearch.exe
is the beta version |
| AbyssWebServer |
U |
abyssws.exe |
Abyss
web server |
| AcBtnMgr_Xxx |
Y |
AcBtnMgr_Xxx.exe |
Associated with the Lexmark Xxx
(where "xx" is the model) all-in-one
printer/scanner/copier. Required for correct operation |
| acc |
U |
acc.exe |
Advanced
Call Center - "full-featured yet easy-to-use
answering machine software for your voice modem" |
| Accelerate |
U |
accelerate.exe |
Webroot Accelerate
- allows you to optimize Windows network registry
settings in order to boost surfing speeds. Leave this
enabled if you find it improves your connection |
| Access
Ramp Monitor |
N |
armon32.exe |
Monitors your progress on the
internet; hang-ups, connection speeds, internet
congestion and traffic flow. It prevents some games from
running also. To disable the Access Ramp Monitor (1)
Open Windows Explorer (2) Open the Program Files folder
(3) Open the MindSpring folder (4) Open the AccessRamp
folder (5) Double-click on the ARMCfg32.exe file (6)
Uncheck Enable Dialup Monitor and click OK (7) Restart
the computer and try again |
| AccessRamp
Monitor01 |
N |
ARMon32a.exe |
From a visitor "Just wanted to
provide you with some info on Access Ramp software
installed with Verizon DSL accounts in those areas that
use the Winpoet PPPoE software. The Access Ramp TSRs are
installed as part of IP Insight software (can't remember
the software maker). You can decline to install IP
Insight during Winpoet setup, or go into Add/Remove
programs uninstall IP Insight by hand if it's already
installed. It really doesn't do a darn thing for you. It
was intended to help DSL techs monitor QoS, but the
backend part was never implemented (at least as of
earlier this year). This will not affect the user's
ability or inability to access their DSL service." |
| AccessRampLAN01 |
N |
ARUpld32.exe |
Version of the above for LAN
connections - a history uploader. The key in turning it
off is a file named ARUCfg32.exe. This file
(ARUCfg32.exe) does not show up in the startup process.
If you have this file, you can execute it and remove all
the monitoring activities it does. Removing all the
checks in all the boxes (both tabs) still calls
ARUpld32.exe to start when you start the dial up. You
can block it from sending info if you have Zone Alarm
installed. Renaming the extension of ARUCfg32.exe to
ARUCfg32.exe1 works. The ARUpld32.exe is not loaded when
launching the dial up client. Written by IP Insight and
also included with Earthlink Total Access 2003 |
| AcctMgr |
U |
AcctMgr.exe |
Norton™ Password Manager - part of
Norton
SystemWorks 2004 - stores passwords and other
personal information, and retrieves the data needed for
email logins, shopping orders, banking, and other online
activities—all from the safety of your own PC |
| AccuWeather.com®
Desktop |
N |
?? |
Desktop weather from AccuWeather.com |
| AcerNotebookManager |
U |
almxptray.exe |
System Tray access on some Acer
Notebooks to give faster access to system settings |
| AcerPowerkey |
U |
Powerkey.exe |
PowerKey utility for Acer TravelMate
notebook PCs. Allows the user to quickly switch between
different power schemes by pressing Fn+F3 |
| ACMonitor_Xxx |
Y |
ACMonitor_Xxx.exe |
Associated with the Lexmark Xxx
(where "xx" is the model) all-in-one
printer/scanner/copier. Required for correct operation |
| acocash |
X |
fastdown.exefastfown.exe |
Adult content dialler |
| Acombo3dmouse |
U |
Acombo3d.exe |
Mouse driver - required if you use
non-standard Windows driver features |
| Aconti |
X |
aconti.exe |
Adult content dialler |
| acoustic |
U |
acoustic.exe |
Control panel program for Philips Acoustic
Edge soundcard. Not required unless changed settings
aren't retained |
| acpart |
N |
agpart11.exe |
Program for finding trucks on-line |
| Acrobat
Assistant |
U |
ACROTRAY.EXE |
Used to create PDF files with
Acrobat Distiller. For Win9x/Me systems you can run this
file manually beforehand. For WinXP systems this file
must run at startup. Hence the "U"
recommendation |
| Acronis
Scheduler2 Service |
U |
schedhlp.exe |
Part of Acronis
True Image - backup software. Co-operates with the
"schedul2.exe" servuce to perform
backup/restore tasks correctly. Required if you want to
use TrueImage to do some real backup/restore tasks - not
if you only want to explore/mount images |
| Acronis
TrueImage Monitor |
N |
TrueImageMonitor.exe |
Part of Acronis
True Image - backup software. Can be disabled
without affecting TrueImage |
| Action
Manager 32 |
N |
am32.exe |
Associated with a Plustech scanner.
Small utility that runs in the background for doing
fax/copy/etc. Available via Start -> Programs |
