Quick Reference guide:
List of common Running Processes Win XP legit files
C:\WINDOWS\System32\smss.exe <<< Session Manager Subsystem: starts, manages & deletes user sessions.
C:\WINDOWS\System32\winlogon.exe <<< Windows NT logon utility that manages user logons and logoffs..
C:\WINDOWS\System32\services.exe <<< Used for starting, stopping and interacting with the system services.
C:\WINDOWS\System32\csrss.exe <<< Client/Server Runtime Server Subsystem: handles Windows and graphics functions for all subsystems
C:\WINDOWS\system32\lsass.exe <<< MS Local Security Authentication Server: handles aspects of security administration
C:\WINDOWS\system32\cisvc.exe <<< Windows Content Indexing service
C:\WINDOWS\System32\svchost.exe <<< Generic Host process for services that run from dynamic link libraries(DLL's).
C:\WINDOWS\System32\svchost.exe <<< 2nd Generic Host process used to load services that use DLL's.
C:\WINDOWS\system32\spoolsv.exe <<< manages spooled fax and print jobs
C:\WINDOWS\system32\msdtc.exe <<< MS Distributed Transaction Coordinator manages transactions across multiple servers.
C:\WINDOWS\System32\svchost.exe <<< 3rd Generic Host process used to load services that use DLL's.
C:\WINDOWS\System32\llssrv.exe <<< MS License Logging Service logs the licensing data for NT Servers
C:\WINDOWS\System32\taskmgr.exe <<< Windows Task Manager: displays all running system processes
C:\WINDOWS\System32\rundll32.exe <<< Run a DLL as an App
C:\WINDOWS\Explorer.EXE <<< Windows Program Manager or Windows Explorer- handles the Windows Graphical Shell including the Start menu, taskbar, desktop, and File Manager
C:\WINDOWS\System32\mmc.exe <<< Management Console: displays the management plugin's in Control Panel i.e. Device Manager etc .
C:\WINDOWS\system32\ntvdm.exe <<< NT Virtual DOS Machine, which simulates a 16-bit environment for MS-DOS and 16-bit Windows applications.
C:\WINDOWS\system32\Wowexec.exe <<< system compatibility process hosting 16-bit apps on Win32-based operating systems
C:\WINDOWS\system32\ctfmon.exe <<< handles the Alternative User Input Text Processor & the MS Office Language Bar.
C:\WINDOWS\System32\svchost.exe <<< 4th Generic Host process used to load services that use DLL's.
C:\WINDOWS\system32\wuauclt.exe <<< component of the Windows automatic updater (in ME and XP)
C:\WINDOWS\system32\nddeagnt.exe <<< Network Dynamic Data Exchange Agent
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE <<< Microsoft Internet Explorer web browser
C:\HijackThis\HijackThis.exe
If you have any of the above processes running on your system, be assured that they are safe. You might not have all of them depending on what you are running or you can have a different process that is not listed above.
List of common Running Processes Win XP legit files
C:\WINDOWS\System32\smss.exe <<< Session Manager Subsystem: starts, manages & deletes user sessions.
C:\WINDOWS\System32\winlogon.exe <<< Windows NT logon utility that manages user logons and logoffs..
C:\WINDOWS\System32\services.exe <<< Used for starting, stopping and interacting with the system services.
C:\WINDOWS\System32\csrss.exe <<< Client/Server Runtime Server Subsystem: handles Windows and graphics functions for all subsystems
C:\WINDOWS\system32\lsass.exe <<< MS Local Security Authentication Server: handles aspects of security administration
C:\WINDOWS\system32\cisvc.exe <<< Windows Content Indexing service
C:\WINDOWS\System32\svchost.exe <<< Generic Host process for services that run from dynamic link libraries(DLL's).
C:\WINDOWS\System32\svchost.exe <<< 2nd Generic Host process used to load services that use DLL's.
C:\WINDOWS\system32\spoolsv.exe <<< manages spooled fax and print jobs
C:\WINDOWS\system32\msdtc.exe <<< MS Distributed Transaction Coordinator manages transactions across multiple servers.
C:\WINDOWS\System32\svchost.exe <<< 3rd Generic Host process used to load services that use DLL's.
C:\WINDOWS\System32\llssrv.exe <<< MS License Logging Service logs the licensing data for NT Servers
C:\WINDOWS\System32\taskmgr.exe <<< Windows Task Manager: displays all running system processes
C:\WINDOWS\System32\rundll32.exe <<< Run a DLL as an App
C:\WINDOWS\Explorer.EXE <<< Windows Program Manager or Windows Explorer- handles the Windows Graphical Shell including the Start menu, taskbar, desktop, and File Manager
C:\WINDOWS\System32\mmc.exe <<< Management Console: displays the management plugin's in Control Panel i.e. Device Manager etc .
C:\WINDOWS\system32\ntvdm.exe <<< NT Virtual DOS Machine, which simulates a 16-bit environment for MS-DOS and 16-bit Windows applications.
C:\WINDOWS\system32\Wowexec.exe <<< system compatibility process hosting 16-bit apps on Win32-based operating systems
C:\WINDOWS\system32\ctfmon.exe <<< handles the Alternative User Input Text Processor & the MS Office Language Bar.
C:\WINDOWS\System32\svchost.exe <<< 4th Generic Host process used to load services that use DLL's.
C:\WINDOWS\system32\wuauclt.exe <<< component of the Windows automatic updater (in ME and XP)
C:\WINDOWS\system32\nddeagnt.exe <<< Network Dynamic Data Exchange Agent
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE <<< Microsoft Internet Explorer web browser
C:\HijackThis\HijackThis.exe
If you have any of the above processes running on your system, be assured that they are safe. You might not have all of them depending on what you are running or you can have a different process that is not listed above.
