Windows Services list
Windows Processes list
Complete list of unknown services
(add a flag)last updated 1-Dec-2005 (by Cnaan Aviv)
(add a flag)| Name: | System Idle Process  |
| Description: | The system idle process, is getting CPU time when the system is idle. Doing nothing. The System (NOP). |
| Obligatory: | YES |
| System: | YES |
| Developer: | Microsoft |
| External info: | Win32 Services book |
| Name: | System |
| Description: | The operation system process. |
| Obligatory: | YES |
| System: | YES |
| Developer: | Microsoft |
| Removal: | N/A (emmm...uninstall windows?) |
| External info: | Win32 Services book |
| Name: | smss.exe |
| Description: | The operation system process. |
| Obligatory: | YES |
| System: | YES |
| Developer: | Microsoft |
| Removal: | N/A (emmm...uninstall windows?) |
| External info: | Win32 Services book |
| Name: | csrss.exe |
| Description: | Client-Server run-time server subsystem. |
| Obligatory: | YES |
| System: | YES |
| Developer: | Microsoft |
| Name: | winlogon.exe |
| Description: | Handles logon authentication. |
| Obligatory: | YES |
| System: | YES |
| Developer: | Microsoft |
| Name: | services.exe |
| Description: | A catch-all for many system services. Handles DHCP client, DNS queries, browser services, plug-and- play, messenger, and time services |
| Obligatory: | YES |
| System: | YES |
| Developer: | Microsoft |
| Name: | svchost.exe |
| Description: | A generic program that DLL-based services are executed under. Multiple services can be in each svchost.exe that is running (more than one can run at a time) Services: COM+ Event System (EventSystem) Internet Authentication Service (IAS) Internet Connection Sharing (SharedAccess) Network Connections (NetMan) Remote Access Auto Connection Manager (RasAuto) Remote Access Connection Manager (RasMan) Remote Procedure Call (RPCSS) Removable Storage (Ntmssvc) Routing and Remote Access (RemoteAccess) System Event Notification (SENS) Telephony (TapiSrv) |
| Obligatory: | YES |
| System: | YES |
| Developer: | Microsoft |
| Removal: | N/A but check the registry for this: [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Svchost] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Svchost] the Registry key in Windows XP for Svchost.exe is HKLM\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\SvcHost, thanks to Ed Tittel |
| Name: | SPOOLSV.EXE |
| Description: | Printer spooler service |
| Obligatory: | NO |
| System: | YES |
| Developer: | Microsoft |
| Removal: | Remove printers from (settings -> printers) |
| Name: | navapw32.exe |
| Description: | Norton anti-virus program check for windows32 |
| Obligatory: | NO |
| System: | NO |
| Developer: | Symantec |
| Removal: | Remove the norton antivirus program |
| Link: | Inside norton Anti-Virus |
| Name: | NAVAPSVC.EXE |
| Description: | Norton anti-virus service |
| Obligatory: | NO |
| System: | NO |
| Developer: | Symantec |
| Removal: | Remove the norton antivirus program from (settings -> control panel -> add/remove programs) |
| Link: | Inside norton Anti-Virus |
| Name: | defwatch.exe |
| Description: | New Norton anti-virus program check for WINNT |
| Obligatory: | NO |
| System: | NO |
| Developer: | Symantec |
| Removal: | Remove the norton antivirus program, or just stop it from the tray icon |
| Link: | Inside norton Anti-Virus |
| Name: | alertsvc.exe |
| Description: | This one is in charge of alerting whenever NAV detects a virus |
| Obligatory: | NO |
| System: | NO |
| Developer: | Symantec |
| Removal: | Remove NAV |
| Link: | Inside norton Anti-Virus |
| Name: | PSSVC.EXE |
| Description: | Also Norton anti-virus something i don't know exactly Giquello Says it's AutoShutdown/ThermalShutdown Service for Windows NT and Windows 95/98. Thanks. |
| Obligatory: | NO |
| System: | NO |
| Developer: | Symantec |
| Removal: | Remove the norton antivirus program from (settings -> control panel -> add/remove programs) |
| Link: | Inside norton Anti-Virus |
| Name: | regsvc.exe |
| Description: | Registry service, primarily for allowing remote registry manipulation |
| Obligatory: | NO |
| System: | YES |
| Developer: | Microsoft |
| Removal: | Stop remote registry services |
| Link: | Windows 2000 Registry |
| Name: | mstask.exe |
| Description: | Task scheduling service |
| Obligatory: | NO |
| System: | YES |
| Developer: | Microsoft |
| Name: | winmgmt.exe |
| Description: | Windows Management Instrumentation (WMI) functionality (eh?) |
| Obligatory: | NO |
| System: | YES |
| Developer: | Microsoft |
| Name: | mspmspsv.exe |
| Description: | Windows Pre-Message security protocol service, i think. I have a strong belive it belongs to windows media player. WMDM PMSP Service. This Service is added during installation of Windows Media Player 7 (Or newer). WMDM (Windows Media Device Manager) PMSP (Pre-Message Security Protocol) is a feature of the Windows Media Format SDK, which supports the SDMI (Secure Digital Music Initiative) for packaging copyrighted music. Applications developed with WMDM will enable users to copy their music compact disc (CD) collection, as well as protected music downloaded from the Web, to SDMI-compliant portable music players & SDMI-compliant portable storage devices (such as flash memory cards). If you are intending to transfers music to SDMI-compliant portable devices (I know of no such devices existing currently) then set this to Automatic, otherwise you may safely leave this set to Manual. Thanks to Patrick Gagnon, Seth Hanford & Chanur Silvarian for their help with information about this Service.Thanks to Jason A. |
| Obligatory: | NO |
| System: | NO |
| Developer: | Microsoft |
| Link: | http://superiemand.com/etc/Windows%202000%20Services%20Tweak%20guide.htm |
| Name: | inetinfo.exe |
| Description: | Internet Information Services (IIS) service - web servers will see this service utilized heavily |
| Obligatory: | NO |
| System: | NO |
| Developer: | Microsoft |
| Removal: | Remove IIS, or stop it's service |
| Link: | Internet Information Services Administration |
| Name: | explorer.exe |
| Description: | The Windows 2000 shell; basically the GUI for Windows 2000 |
| Obligatory: | YES |
| System: | YES |
| Developer: | Microsoft |
| Removal: | Close the system |
| Name: | MAPISP32.EXE |
| Description: | Mail API Service, i belive... |
| Obligatory: | NO |
| System: | NO |
| Developer: | Microsoft |
| Removal: | Stop the service, or outlook |
| Link: |
Cdo and Mapi Programming With Visual Basic Mapi, Sapi, and Tapi : Developer's Guide |
| Name: | winampa.exe |
| Description: | Someone told me it's the WinAmp (music program) small tray Icon, but i'm not sure. Its the winamp agent, it makes sure no other programs steal the .mp3 extension.. you can deselect itduring install (Thanks to Arne S). The Winamp agent can be disabled from within Winamp in it's preferences. It is not at all critical unless you are a digital DJ and can't afford having another media player messing with file associations. Winamp can correct associations at startup without Winamp Agent being active anyway, so most users will not need it. (Thanks to Bruce J). |
| Obligatory: | NO |
| System: | NO |
| Developer: | WinAmp (NullSoft) |
| Removal: | The Winamp agent can be disabled from within Winamp in it's preferences, When in Winamp, hit control-P, go to setup - agent, then uncheck maintain file associations. |
| Link: | MP3 power with WinAmp |
| Name: | fwenc.exe |
| Description: | user portion of SecuRemote,part of FireWall and VPN architecture |
| Obligatory: | NO |
| System: | NO |
| Developer: | CheckPoint (FireWall) (VPN) |
| Removal: | Remove Secure remote, or stop it from running |
| Link: | Essential Checkpoint Firewall-1: An Installation, Configuration, and Troubleshooting Guide |
| Name: | SSEXP.EXE |
| Description: | Not a service, it's the Microsoft Source Safe |
| Obligatory: | NO |
| System: | NO |
| Developer: | Microsoft |
| Removal: | Close the Source Safe |
| Name: | taskmgr.exe |
| Description: | Not a service, it's the windows task manager program for viewing running processes |
| Obligatory: | NO |
| System: | YES |
| Developer: | Microsoft |
| Removal: | Close the task manager |
| Name: | Icq.exe |
| Description: | Aservice and a program. ICQ Instant Messaging program. |
| Obligatory: | NO |
| System: | NO |
| Developer: | ICQ, AOL, Mirablis |
| Removal: | Configure ICQ not to run on startup, or remove it. |
| Name: | MDM.EXE |
| Description: | The Microsoft Machine Debug Manager, a bit buggy program. |
| Obligatory: | NO |
| System: | NO |
| Developer: | Microsoft |
| Removal: | Part of the RPCSS.exe and other services. |
| Link: | http://www.cexx.org/rpcss.htm |
| Name: | Mediadet.exe |
| Description: | SoundBlaster CDROM and music, Creative Media. Creative Labs Disc Detector background application which gets installed with some Creative Labs sound card drivers. Disc Detector detects when you insert a CD in your CD-ROM drive and then automatically starts the appropriate application for it. You can determine whether it should open in Creative PlayCenter, or some other audio player. (Thanks to Ernie) |
| Obligatory: | NO |
| System: | NO |
| Developer: | Microsoft / CreativeLabs SB |
| Removal: | Just stop it Windows does this very well already. It beggars belief that Creative Labs should have thought it a great idea to clutter the System Tray with an application that duplicates what Windows already does well. As with Creative’s CTNOTIFY, we recommend you disable MEDIADET. To do so, open the "Disc Detector" icon in the Control Panel and uncheck "Enable Disc Detector" in the General tab. (Thanks to Ernie) |
| Link: | http://msdn.microsoft.com/library/default.asp?url=/library/en-us/directx9_c/directx/htm/mediadetobject.asp - how to use mediadet object |
| Name: | internat.exe |
| Description: | Microsoft says its Installs international information for Office2000 on your computer but i don't trust them,if so why is it a service. Additional information from Li H. Says: "internat.exe" is the language input system, for instance, if u want to type chinese in ur compter, u will find this. This one is the small system-tray icon that allows you to change the input-locales |
| Obligatory: | NO |
| System: | YES |
| Developer: | Microsoft |
| Removal: | don't use multilangual system |
| Name: | Ctmix32.exe |
| Description: | Sound BalsterCreative Mixer service.for volume control. stays in tray icon. |
| Obligatory: | NO |
| System: | NO |
| Developer: | Creative Labs |
| Removal: | Just stop it and remove it from startup |
| Name: | CTNotify.exe |
| Description: | Sound BalsterCreative Mixer service.for volume control. stays in tray icon. |
| Obligatory: | NO |
| System: | NO |
| Developer: | Creative Labs |
| Removal: | Just stop it and remove it from startup |
| Name: | WinVNC.exe |
| Description: | VNC (Virtual Network Computing) - a program to control a computer from far, over the LAN and WAN, very suspicious if you did not installed it.A well written program, not a trojan or a virus, but means that other people cancontrol the computer. |
| Obligatory: | NO |
| System: | NO |
| Developer: | www.uk.research.att.com/vnc (AT&T Labs Cambridge) |
| Removal: | Stop it from processes list. Delete it from ProgramFiles\vnc. Remove from registrey. |
| Name: | AGSatellite.exe |
| Description: | AudioGalaxy client program. Uses for sharing mp3 files. Use with caution, open port (xxxx) and share your files with other users. It is a good program butcheck whichdirectories are being shared by it. |
| Obligatory: | NO |
| System: | NO |
| Developer: | www.audiogalaxy.com |
| Removal: | stop it from processes list. Delete it from ProgramFiles\vnc. Remove from registrey. |
| Name: | SpeedKey.exe Type32 |
| Description: | Microsoft IntelliType Pro. I think, but i'm not sure, and i have no idea wht it does. It's the program that runs your programmable hotkeys. It was always running when I had Win98SE but when I upgraded to Win XP I had to download a newer version. I haven't seen Speedkey in my Task Manager since, even though my hotkeys are working. Thanks to Arcavius Maximus Type32 - it is name in WinXP. |
| Obligatory: | NO |
| System: | NO |
| Developer: | Microsoft |
| Removal: | stop it from processes list. |
| Name: | atiptaxx.exe |
| Description: | AtiPTA - I belive it is connected to the ATI Monitor or Sound Card, but i'm not sure. Zamorski G. J. Updated me: As near as we can tell this allows access to the specialized setting for the ATI Radeon cards when you click on the "advanced" button under display properties. To get rid of it update your registry according to the key below. Delete it from the "run" key in the registry as well so it will not start on boot. I can't find anything wrong with disabling it. As near as I can tell you can access all the functions through a different set of APIs. |
| Obligatory: | NO |
| System: | NO |
| Developer: | ATI Radeon |
| Removal: | [HKEY_LOCAL_MACHINE\SOFTWARE\ATI Technologies\Desktop\] "NoAtipta"=1 |
| Name: | Apache.exe |
| Description: | Apache Web Server Service, HTTP Server. If you didn't install it, i recomend you to check beacouse your HTTP port 80 is open. (It is the best web server written). Serge reminded me that this service might appear a few times in the task lisk. The reason is that Apache forks another process for connections. |
| Obligatory: | NO |
| System: | NO |
| Developer: | www.apache.org |
| Removal: | stop it from processes list, stop it in the registrey. you may delete the files, usually in "c:\program files\apache group". |
| Link: | Apache Server 2.0: A Beginner's Guide |
| Name: | mysqld-nt.exe |
| Description: | MySQL Database service |
| Obligatory: | NO |
| System: | NO |
| Developer: | www.mysql.org |
| Removal: | stop it from processes list. uninstall it. |
| External info: | Managing & Using MySQL |
| Name: | ntvdm.exe |
| Description: | Basically a virtual machine program to allow 16-bit programs to execute (or maybe NT - Virtual Device Manager) |
| Obligatory: | NO |
| System: | YES |
| Developer: | Microsoft |
| Removal: | stop it from processes list |
| External info: | Win32 Services book |
| Name: | hidserv.exe |
| Description: | Stands for Human Interface Device Service. Deals with keyboards, mice, etc. connected through the USB bus. |
| Obligatory: | NO |
| System: | YES |
| Developer: | Microsoft |
| Removal: | stop it from processes list |
| Link: | Win32 Services book |
| Name: | webtool.exe |
| Description: | Use this Tool to implement HTTP (Hypertext Transfer Protocol) controls and HTTPS (HTTP with Secure Socket Layer Encryption) controls. I'm really not sure this is what it is. It might also be a program that spy on where you surf. Scott W. updated me: "Microsoft Web Application Stress Tool". It never appeared until I installed that utility, and it's in that utilities folder only. |
| Obligatory: | NO |
| System: | NO |
| Developer: | N/A |
| Removal: | stop it from processes list |
| External info: | Win32 Services book |
| Name: | msdtc.exe |
| Description: | Microsoft Distributed Transaction Coordinator service |
| Obligatory: | NO |
| System: | YES |
| Developer: | Microsoft |
| Removal: | stop it from processes list |
| External info: | Win32 Services book |
| Name: | termsvc.exe |
| Description: | Terminal Services service, used to allow remote administration and even program execution. Be caution if you find it running with out you knowing about it. |
| Obligatory: | NO |
| System: | YES |
| Developer: | Microsoft |
| Removal: | stop it from processes list |
| External info: | Win32 Services book |
| Name: | dns.exe |
| Description: | The DNS (Domain Naming Service) service. |
| Obligatory: | NO |
| System: | YES |
| Developer: | Microsoft |
| Removal: | stop it from processes list, stop it from running at startup. |
| External info: | DNS on Windows 2000 |
| Name: | tcpsvcs.exe |
| Description: | Simple TCP/IP services, such as DHCP and WINS. Only present on servers hosting those services |
| Obligatory: | NO |
| System: | YES |
| Developer: | Microsoft |
| Removal: | stop it from processes list, stop TCP/IP connection |
| External info: | Internetworking with TCP/IP Vol.1: Principles, Protocols, and Architecture |
| Name: | ismserv.exe |
| Description: | Intersite Messaging (IsmServ) |
| Obligatory: | NO |
| System: | YES |
| Developer: | Microsoft |
| Removal: | stop it from processes list |
| External info: | Win32 Services book |
| Name: | isssrv.exe |
| Description: | The License Logging Service, which keeps track of software licensing - need a bit of checking, how exactly does it works??? |
| Obligatory: | NO |
| System: | YES |
| Developer: | Microsoft |
| Removal: | stop it from processes list |
| External info: | Win32 Services book |
| Name: | ntfrs.exe |
| Description: | The Windows 2000 File Replication Service. Used on Domain Controllers and servers participating in DFS |
| Obligatory: | NO |
| System: | YES |
| Developer: | Microsoft |
| Removal: | stop it from processes list |
| External info: | Win32 Services book |
| Name: | locator.exe |
| Description: | The RPC Locator service. Remote Procedure Call. |
| Obligatory: | NO |
| System: | YES |
| Developer: | Microsoft |
| Removal: | stop it from processes list |
| External info: | Win32 Services book |
| Name: | ups.exe |
| Description: | UPS (Uninterruptible Power Supply) service, which communicates with backup batteries, mostly represent in laptop computers. |
| Obligatory: | NO |
| System: | YES |
| Developer: | Microsoft |
| Removal: | stop it from processes list |
| External info: | Win32 Services book |
| Name: | dfssvc.exe |
| Description: | Distributed File System (DFS) service |
| Obligatory: | NO |
| System: | YES |
| Developer: | Microsoft |
| Removal: | stop it from processes list, check for file sharing properties |
| External info: | Win32 Services book |
| Name: | rpcss.exe |
| Description: | Remote Procedure Call Service, maybe can be used to access your computer and invoke calls |
| Obligatory: | NO |
| System: | YES |
| Developer: | Microsoft |
| Removal: | stop it from processes list |
| Link: | http://www.cexx.org/rpcss.htm |
| External info: | The Art of distrebuted applications |
| Name: | savenow.exe |
| Description: | malicious something - slow the computer |
| Obligatory: | NO |
| System: | NO |
| Developer: | N/A |
| Removal: | stop in processes list and then delete from \program files\ directory |
| External info: | Win32 Services book |
| Name: | Ndetect.exe |
| Description: | Automatically detect when you are connected to the Internet and runs the ICQ. |
| Obligatory: | NO |
| System: | NO |
| Developer: | Mirabilis ICQ, AOL |
| Removal: | right click on systray icon and exit, remove from registry or remove ICQ |
| External info: | Win32 Services book |
| Name: | rundll.exe |
| Description: | A very good question what it does exactly, but i belive it runs dlls (wow) and loads them to memory |
| Obligatory: | NO |
| System: | YES |
| Developer: | Microsoft |
| Removal: | N/A |
| External info: | Win32 Services book |
| Name: | pwstray.exe |
| Description: | Microsoft's Personal Web Server, an application which allows PCs to behave as web servers allows you to test your .asp pages on your own PC without having to load them onto the internet). Available via Start - Programs. I would say it is suspicious, opens your port 80 and actually turn your computer as a web server, note that if you don't need it, it is better to remove it. |
| Obligatory: | NO |
| System: | YES |
| Developer: | Microsoft |
| Removal: | N/A |
| External info: | Win32 Services book |
| Name: | starter.exe |
| Description: | Not sure but i think it starts the internet connection service when you start the Internet Explorer.Mr. A. Brzostowicz Informs me that this is part of the Creative Labs Live install. (thanks) |
| Obligatory: | NO |
| System: | NO |
| Developer: | Microsoft |
| Removal: | Changes in the registry: HKEY_LOCAL_MACHINE\SOFTWARE\PBR\FMedia\2.0\Internet - "Application Path/Module" |
| External info: | Win32 Services book |
| Name: | systray.exe |
| Description: | System Tray Services. Provides the Volume Control, PC Card Status and Power Management icons that reside in the System Tray. SYSTRAY.EXE may be disabled if none of these services are required. It will launch as and when required if you later enable the icons. If you need these items they're available via Start -> Settings -> Control Panel Note i heard there is a virus/trojan replacing this service |
| Obligatory: | NO |
| System: | YES |
| Developer: | Microsoft |
| Link: | http://www.dark-e.com/archive/trojans/subseven/16/index.shtml |
| External info: | Win32 Services book |
| Name: | rnudll32.exe |
| Description: | Thanks to Li H. - i have no other confirmation to this. A trojan file, sits under WINDOWS\SYSTEM32\ [HKEY_USERS]-[S-1-5-21-1935655697-1563985-344-1060284298-500]-[SOFTWARE]- [MICROSOFT]-[INTERNET EXPLORER]-[EXPLORER BARS]- {C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}-[CONTAINING TEXTMRU] LOCOM~ file appear. |
| Obligatory: | NO |
| System: | NO |
| Removal: | delete it ! |
| External info: | Win32 Services book |
| Name: | LoadQM.exe |
| Description: | This program is the Microsoft MSN query manager, used with the chat program MSN Messenger.Disabling it from startup will not harm the software. In fact, it will free up some of your computer's resources. From MSConfig's startup tab you can simply uncheck the box next to loadqm.exe. |
| Obligatory: | NO |
| System: | NO |
| Developer: | Microsoft |
| Removal: | Remove from registry |
| External info: | Win32 Services book |
| Name: | mobsync.exe |
| Description: | This program is the Microsoft IE bug reportdaemon, usedto notify microsoft for any problems in installing Internet Explorer. I recomend to remove it, why do you need to give microsoft any information at all? |
| Obligatory: | NO |
| System: | NO |
| Developer: | Microsoft |
| Removal: | Remove from registry - delete for HD |
| Link: | microsoft mobsync.exe |
| External info: | Win32 Services book |
| Name: | cd_load.exe CD_Clint.dll |
| Description: | Advertising software. should be removed, beeing install by free softawre and may have the option to change your computer to a proxy server. |
| Obligatory: | NO |
| System: | NO |
| Developer: | Cydoor () |
| Removal: | What is CD-LOAD.EXE and do I need it? Its an AdWare using Cydoor's Ad Loader. The perpetrator is called Cd_load.exe and is located in C:\WINNT\SYSTEM32 (Windows NT4/2000) or C:\WINDOWS\SYSTEM (Windows 95/98/ME). Just search on the filename and remove it. To get rid of its registry entries, find and remove the following: Run Regedit and go to: HKEY_CURRENT_USER\Software and delete the "Cydoor" and "Cydoor Services" keys. Then go to: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run delete the "Cydoor"="CD_Load.exe" value. All the information you ever needed: http://www.cexx.org/cydoor.htm |
| External info: | Win32 Services book |
| Name: | Point32.exe |
| Description: | Microsoft IntelliPoint Mouse software. |
| Obligatory: | NO |
| System: | NO |
| Developer: | Microsoft |
| Removal: | just uninstall |
| External info: | Win32 Services book |
| Name: | promon.exe |
| Description: | Intel Pro100 + network card icon in the system tray by the clock. The tools typically display theLEDs on the NIC, and information about the link status, duplex mode, etc. None of the functionality of such agents is necessary or required. |
| Obligatory: | NO |
| System: | NO |
| Developer: | Intel |
| Removal: | remove from registry startup |
| External info: | Win32 Services book |
| Name: | FSscrCtl.exe |
| Description: | SouthWest Screen Saver control. To control your newly unnessacry screen saver you had installed to waste you nice new HD place. |
| Obligatory: | NO |
| System: | NO |
| Developer: | SSS - SouthWest Screen Saver |
| Removal: | Uninstall |
| Link: | More info is here - http://www.rickslighthouses.com/users_guide.htm |
| External info: | Win32 Services book |
| Name: | whAgent.exe |
| Description: | A bad advertising Trojan. It's monitors your Internet usage. According to the WebHancer website, the purpose of this program is as follows: "webHancer Customer Companion resides on the end-user's computer, where it transparently monitors Internet performance. webHancer Customer Companion measures overall network/site delay and the performance times experienced by actual end-users." It modify system files and may transfer information to other computer on the Internet. Remove it and read the link section for more information. It collects information baout your surfing habits. |
| Obligatory: | NO |
| System: | NO |
| Developer: | WebHancer / AudioGalaxy |
| Removal: | http://www.realenduser.com/utilities/download/filelist/ |
| Link: | http://www.cexx.org/webhancer.htm
http://www.computerhope.com/issues/ch000453.htm>http://www.computerhope.com/issues/ch000453.htm |
| External info: | Win32 Services book |
| Name: | userinit.exe |
| Description: | Operating system task, runs when you log into windows NT/2000 and establish user framework |
| Obligatory: | YES |
| System: | YES |
| Developer: | Microsoft |
| Removal: | user access |
| External info: | Win32 Services book |
| Name: | Gstartup.exe |
| Description: | Advertising program - better be removed |
| Obligatory: | NO |
| System: | NO |
| Developer: | N/A |
| External info: | Win32 Services book |
| Name: | GMT.exe CMEsys.exe GAIN.exe gator.exe |
| Description: | Advertising program - Gator GAIN (GMT.exe, CMESys.exe, GAIN_TRICKLER_*.EXE) - Pops up advertising, apparently a new Gator product. A security hole in some versions allows Web sites to install arbitrary software on your computer. This URL will detect GAIN. Gator recommends on its Web site to contact support(at)gator.com for removal instructions. Gator software may be quietly installed by drive-by download. |
| Obligatory: | NO |
| System: | NO |
| Developer: | Gator |
| Removal: | 1. Open Control Panel -> Add/Remove prograns, and Remove gator 2. Deletes from C:\Program Files\gator directory 3. Search the registry and delete remmaining evidance |
| Link: | About Gator |
| External info: | Win32 Services book |
| Name: | lsass.exe |
| Description: | LSA Shell (export version) - Local Security Authority Service - Windows Local Security Authority Server Process Handles Windows Security Mechanisms |
| Obligatory: | YES |
| System: | YES |
| Developer: | Micorsoft |
| External info: | Win32 Services book |
| Name: | snmp.exe |
| Description: | SNMP service (Simple Network Managment Protocol) |
| Obligatory: | NO |
| System: | YES |
| Developer: | Micorsoft |
| Removal: | Stop the snmp service from ControlPanel -> Services |
| External info: | Win32 Services book |
| Name: | nvsvc32.exe |
| Description: | NVIDIA Driver Helper Srvice |
| Obligatory: | NO |
| System: | NO |
| Developer: | nVidia |
| Removal: | Uninstall nVidia Drivers (not recommended unless you don’t have an nVidia video card, but then why would you install the drivers??) |
| Link: | www.nvidia.com site |
| External info: | Win32 Services book |
| Name: | free bonzai |
| Description: | free Bonzai malicious program, installs when imesh is installing or kazaa or other bad programs and create a link to freeBonzai site. |
| Obligatory: | NO |
| System: | NO |
| Developer: | free Bonzai yimach shmam |
| Removal: | Just delete the short cuts to the URL link site. Usually one on the desktop and the other one inside your "start" menu, just right click and delete |
| External info: | Win32 Services book |
| Name: | NewDotNet newDotNet4_50.dll newdotnet.dll |
| Description: | Very bad and malicious program that istall itself on your computer and messes with your network winsock2 parameters, it slows down your computer and network connection. Usually sneaks in when installing iMesh. |
| Obligatory: | NO |
| System: | NO |
| Developer: | newDotNet |
| Removal: | Very hard to be removed: 1. Best method is to use Add/Remove programs, and remove it. 2. Delete from C:\Program Files\NewDotNet directory - sometimes it is impossible, then you will have to reboot and sometime exit windows or stop TCP/IP connection. 3. Carefully when deleting from the registry, be sure to restore your right parameteres for winsock2, if you don't know how to do it, advise with your administrator. cexx newDotNet information |
| External info: | Win32 Services book |
| Name: | CommonName CNBabe.dll onflow cbebeie cneII.exe |
| Description: | Evil programs that changes your Internet Explorer settings and install itself on your HardDrive |
| Obligatory: | NO |
| System: | NO |
| Removal: | Removal: 1. Stop the process from the TaskManager. 2. Delete C:\Program Files\CommonName directory. 3. Search in the registry for CommonName and delete the appearnce. |
| Link: | Parasite infromation about CommonName |
| Name: | onflow flt.dll |
| Description: | Evil program - i don't know what it does. Better be removed. |
| Obligatory: | NO |
| System: | NO |
| Removal: | 1. Stop the process from the TaskManager. 2. Delete C:\Program Files\flt directory. 3. Search in the registry for flt.dll and delete the appearnce. 4. Carefull, fllt.dll is a good program, do not delete it |
| Name: | Hcontrol.exe |
| Description: | Come on , why do you need it? - it the hamster program |
| Obligatory: | NO |
| System: | NO |
| Developer: | Jurgen Haible - Hamster |
| External info: | Win32 Services book |
| Name: | Intel PDS pds.exe |
| Description: | Intel Ping Discovery Service (PDS). Part of Intel's LANDesk Management Suite 6 and the Common Base Agent (CBA) - used for communicating between the core server and managed clients. Will start the dial-up if installed and enabled. (Thanks to Mr. Wade) |
| Obligatory: | NO |
| System: | NO |
| Developer: | Intel |
| External info: | Win32 Services book |
| Name: | IBM TpKMapMn.ex |
| Description: | IBM Shortcut keyboard, e.g. "Ctrl-arrow up" for "volume up". Only required when using an external keyboard. Available via Start -> Programs |
| Obligatory: | NO |
| System: | NO |
| Developer: | IBM - ThinkPad |
| External info: | Win32 Services book - IBM-ThinkPad |
| Name: | ndisuio.sys |
| Description: | ndisuio.sys is a process belonging to the NDIS User Mode I/O (NDISUIO) NDIS protocol driver which offers support for wireless devices such as Bluetooth and the like. |
| Obligatory: | NO |
| System: | YES |
| Developer: | microsoft |
| Removal: | Does some one know how to? Currently i do it by the firewall. |
| Link: | Here are a few links having to do with this file: This was a thread here at Iceteks discussing about this file's strange network behavior.here NDIS User Mode I/O (NDISUIO) Version Dependencies here DHCP Does Not Obtain a New Address When EAP Reauthenticates Across Access Points with IP Subnets That Differ. here NDIS User-mode I/O Driver here |
| Name: | wisptis.exe |
| Description: | wisptis.exe means "Windows Ink Services Platform Tablet Input Subsystem". WISPTIS.EXE is a product which is installed alongside Microsoft office or comes packaged with Windows update. This process deals with 'Windows ink services' and tends to run alongside Adobe Acrobat Reader. |
| Obligatory: | NO |
| System: | YES |
| Developer: | Microsoft |
| Link: | link |
| External info: |
| Name: | smc.exe |
| Description: | Sygate Personal Firewall smc.exe is a part of the Sygate Secure Enterprise, more specifically the firewall product. This piece of software blocks attacks from Internet-bound viruses and hackers. |
| Obligatory: | YES |
| System: | NO |
| Developer: | Sygate |
| Link: | Sygate |
| External info: | Building Internet Firewalls (2nd Edition) |
| Name: | gcasServ.exe gcasDtServ.exe |
| Description: | gcasDtServ.exe gcasServ.exe is a process belonging to the Giant/Microsoft AntiSpyware product. Part of Microsoft AntiSpyware Suite. |
| Obligatory: | NO |
| System: | NO |
| Developer: | Giant/Microsoft |
| External info: | Book about Spywares |
 I suggest always checking the registry for really knowing what's
going on inside the system:Check which programs start when your computer starts: [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] Check which services start when your computer starts: [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] Check which services starts the svchost: [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Svchost] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Svchost] Windows 2000 Registry book Powered by Camica
|
