What is ?

Tip: Click here to run a free scan on errors.

The table below includes any processes that may be associated with , from which further information can be found by clicking on the process title. The icon beside the information can be used to quickly determine if this is a safe file in combination with the key below:


This file is normally safe to leave running.	In most cases, this file is not required to run on startup and can be run manually.	Warning, this file may be a virus, spyware, resource hog and running it is not recommended.	This file may or may not be necessary to load on startup, depending on your circumstances.	No information is available for this item.

Processes:

File Type	Process Name and Information
	!1_pgaccount DiamondCS ProcessGuard security software - stops malicious worms and trojans from being executed silently in the background, as well as a variety of other attacks. You will see one instant of pgaccount.exe for every active account on your system, and this is essential for PG to work properly
	!1_ProcessGuard_Startup DiamondCS ProcessGuard security software - stops malicious worms and trojans from being executed silently in the background, as well as a variety of other attacks
	!AVG Anti-Spyware Part of AVG Anti-Spyware from Grisoft
	!ewido Part of Ewido anti-spyware
	!NoLoad WinRecon keystroke logger/monitoring program - remove unless you installed it yourself!
	$EnterNet Connection manager for the EnterNet ISP. You can also use RASPPOE
	$sys$cmp Added by the RYKNOS.B TROJAN! Attempts to utilize the Sony Rootkit A.K.A. SecurityRisk.First4DRM security risk to hide itself on the compromised computer
	$sys$crash Added by the WELOMOCH TROJAN!
	$sys$crash Added by the WELOMOCH TROJAN!
	$sys$crash Added by the WELOMOCH TROJAN!
	$sys$drv Added by the RYKNOS TROJAN! Attempts to utilize the Sony Rootkit A.K.A. SecurityRisk.First4DRM security risk to hide itself on the compromised computer
	$sys$momomomochin Added by the WELOMOCH TROJAN!
	$sys$momomomochin Added by the WELOMOCH TROJAN!
	$sys$momomomochin Added by the WELOMOCH TROJAN!
	$sys$umaiyo Added by the WELOMOCH TROJAN!
	$sys$umaiyo Added by the WELOMOCH TROJAN!
	$sys$umaiyo Added by the WELOMOCH TROJAN!
	$Volumouse$ Volumouse from Nirsoft. "Provides you a quick and easy way to control the sound volume on your system - simply by rolling the wheel of your wheel mouse"
	$WindowsRegKey%update Added by the RBOT-EZ WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System%
	%cmpmixtitle% Possibly related to C-Media Mixer Control panel?
	%FP%012-L2TP fts.exe 012.Net.il Israeli ISP software front-end
	%FP%012-L2TP FWPortal.exe 012.Net.il Israeli ISP dial-up software
	%FP%1776 Internet fts.exe 1776 Internet US ISP software ISP software front-end
	%FP%1776 Internet FWPortal.exe 1776 Internet US ISP dial-up software
	%FP%AIRTEL fts.exe Bharti Airtel Broadband - Indian ISP software front-end
	%FP%Barak013 fts.exe Barak013 Israeli ISP software front-end
	%FP%Barak013 FWPortal.exe Barak013 Israeli ISP dial-up software
	%FP%Friendly fts.exe Friendly ISP software front-end
	µTorrent µTorrent - BitTorrent client for Windows sporting a very small footprint. It was designed to use as little cpu, memory and space as possible while offering all the functionality expected from advanced clients
	*()API Machine** Homepage hijacker, see here (* = any digit)
	*()Run** Homepage hijacker, see here (* = any digit)
	(Default) Added by the TUPEG VIRUS! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank
	(Default) Added by the SHANIA BACKDOOR! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank
	(Default) Added by the RUSTY WORM! Note - not to be confused with the valid Windows "NOTEPAD" text editor! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank
	(Default) Added by the BLACKMAL WORM! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run and HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blank
	(Default) Added by the BLACKMAL.C WORM! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank
	(Default) Added by the BLACKMAL.C WORM! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank
	(Default) Added by the EVILSOCK.10 TROJAN! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank
	(Default) Adware, CoolWebSearch parasite related - detected by Kaspersky as the VB.DU TROJAN! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank
	(Default) Added by the CDTRAY TROJAN! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank
	(Default) Added by the PROXY-GG TROJAN! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank
	(Default) Added by the DREMN-B TROJAN! Note - this malware actually changes the value data of the "(Default)" key in HKCU\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank
	(Default) Unidentified adware. Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run and HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blank
	(default) Added by the HESIVE.B TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted
	(Default) Added by the RBOT-GAI WORM! Note - this malware actually changes the value data of the "(Default)" key in HKCU\Run, HKLM\Run and HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blank
	(Default) Added by the DOWNLD-ABF TROJAN!
	(Default) Added by the QUADRULE.A WORM! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank
	(Default) Detected by Kaspersky as the AGENT.AY TROJAN! See here. Note - this is not a valid McAfee program and is located in %System%. This malware actually changes the value data of the "(Default)" key in HKLM\Run and HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blank
	(Default) Detected by Trend Micro as the VB.HEI TROJAN! See here. Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run and HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blank
	(L4r1$$4) (4nt1) (V1ruz) Added by the ASSIRAL.B WORM!
	*Bandook Added by an unidentified TROJAN - see here
	*JanisRuckenbrodII Added by the POPS WORM!
	*Microsoft Update Added by the STMU TROJAN!
	*Microsoft Update Added by the STMU TROJAN!
	*Microsoft Update Added by the STMU TROJAN!
	*Microsoft Update Added by the STMU TROJAN!
	*Microsoft Update Added by the STMU TROJAN!
	*MS Setup Virtumondo adware, also known as the VUNDO TROJAN!
	*MSConfig32 Detected by F-secure as the OBFUSCATED.GP TROJAN!
	*Restore Part of Windows System Restore and added as a RunOnce registry entry. Leave alone
	*Security Center Added by the SDBOT.BRO WORM!
	*StateMgr Windows ME default for System Restore. Do NOT disable!
	*WerKernelReporting Part of Windows Error Reporting technology (WER) for Vista. WER captures software crash and hang data from end-users who agree to report it - see here
	*windows update Added by the RBOT-QU WORM!
	*windows update Added by the RBOT-PG WORM!
	*windows update Added by the SPYBOT.HUR WORM!
	*windows update Added by the RBOT-PO WORM!
	*windows update Added by the RBOT-SY WORM!
	*windows update Added by the SPYBOT.PR WORM!
	*windows update Added by the SDBOT.AVD WORM!
	*windows update Added by the RBOT.AOS WORM!
	*windows update Added by a variant of the RBOT WORM!
	*Windows [filename] Checker Added by the KEDEBE-B WORM!
	*WindowsAudio Added by the AGENT-TH WORM!
	*WinLogon Added by the VUNDO TROJAN!
	*winstats Added by the GARGAFX TROJAN!
	wuauclt.exe Added by a variant of the RBOT-UG WORM! Note - in the filename represents a random char; variants spotted: wxmct.exe, wtmsv.exe, wxmst.exe, wmsvc.exe and so on...
	,main drive Loader Suspected malware as it appears in 3 different registry locations - see here
	-=+(L4r1$$4)+=-(4nt1)-=+(V1ru$)=-+ Added by the ASSIRAL.B WORM!
	-FreedomNeedsReboot Internet Security Suite used by ISPs to protect customers against many attacks
	.. Added by the DLOADR-ASH TROJAN!
	.mscdr Added by the WEBUS.C TROJAN!
	.mscdr Added by the WEBUS.D TROJAN!
	.mscdsr Added by the CR TROJAN!
	.mscsbl Added by the CMQ TROJAN!
	.msfupdate Added by the ALLOCUP.A WORM!
	.mssecure Added by the DDOS_BOXED.X TROJAN!
	.NET config ??
	.NET. Added by the DELF.AYF WORM!
	.norton Added by the BOXED-H TROJAN!
	.nvsvc Added by the IRCBOT-FP TROJAN! Note - this is not the legitimate smss.exe process which should not normally figure in Msconfig/Startup!
	.nvsvcb Added by the BOXED.CG TROJAN!
	.Prog Added by the NEVEG.B or NEVEG.C WORMS! Note - this is not the legitimate services.exe process, which should not appear in Msconfig/Startup!
	.Prog Added by the NEVEG.A WORM! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup!
	.protected Smitfraud variant
	.svchost Added by the WEBUS.F TROJAN! Note - this worm replaces the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup!
	.TEXTCONV Added by the WEBUS TROJAN! Note - this worm replaces the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup!
	.TEXTCONV Added by the WEBUS.B TROJAN! Note - this is not the legitimate lsass.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the System folder
	.WMAudio Added by the WEBUS TROJAN! Note - this worm replaces the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup!
	.WMAudio Added by the WEBUS.B TROJAN! Note - this is not the legitimate lsass.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the System folder

File Name Search:

[#] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Y] [Z]

Process Name Search:

[#] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Y] [Z]