DelphiFAQ Home Search:
General :: Windows :: Processes
Do you wonder what that long list of processes in your task manager comes from? Are all those programs running there really needed or are they a virus, adware, spyware.. recording all your keystrokes and then sending your passwords to a remote server? Read the articles below and learn about some of those processes.


This list is sorted by recent document popularity (not total page views).
New documents will first appear at the bottom.

Featured Article

What is FireDaemon.exe - harmless or a trojan?

Yesterday I came to my PC which runs 24x7 and found that explorer was not running.
My immediate thought that someone had broken into my PC messed with it and as a side effect, this person killed Explorer.

I looked in the task manager and found a strange task FireDaemon running. I found contradicting information on the web about this file. Some pages (around 4 of the 5 that I visited) say it is a legitimate tool that enables you to run a regular application as a service.
Only one web site said it was a back door (trojan horse).
I believe that the version of FireDaemon that I list below, is indeed a trojan horse.
It is called TR/Servuftp.B

I could not shut FireDaemon.exe down through the task manager.
I looked for FireDaemon on my disk and found it in

There were a bunch of other files that do not belong there. In fact, I believe that this whole folder should be empty.

I took a snapshot of this Windows installation a while ago and burned it on a CDROM.
I am writing this 9/12/2006 and this snapshot was actually taken on 2/10/2001.
Yes, 5 years and 7 months ago. But I have not installed much software since then.
Certainly no new hardware and most definitely no printers.
The folder was empty back then.

My conclusion was that I had to delete the files in this folder.

All except these 4 files were deleted in the first attempt: FireDaemon.exe BugSlayerUtil.dll libeay32.dll events.exe I terminated FireDaemon.exe using a process tool (pv.exe). Then I could delete it. I terminated events.exe (also using pv.exe) and then I could delete events.exe and the two DLLs.

I ran a virus scanner which found no problems now.

I still think someone may have had access to my machine and changed the admin password. I took a look in the list of users and found an account that I had not seen before (see posted picture below - user 'ctouu'.) I deleted that account. I don't remember why I would need an account ASPNET and deleted that one as well ;-)

  Volume in drive C has no label.
  Volume Serial Number is 046A-15F1
  Directory of C:\WINNT\system32\spool\PRINTERS
 09/01/2003  05:23a                   0 hexxed.txt
 02/10/2001  05:30p      <DIR>          ..
 02/10/2001  05:30p      <DIR>          .
 01/19/2004  04:09a                  15 hacked.bat
 10/22/2003  07:30p                  54 rmtxp.bat
 07/27/2004  02:29p                  75 make.bat
 05/25/2003  03:12a                 135
 05/26/2003  04:22a                 275 chgdir.dll
 09/11/2006  03:38p                 296 a3d.hlp~
 01/16/2005  11:34p                 327 osinstall.bat
 09/11/2006  03:38p                 348 a3d.hlp
 09/12/2006  05:53p                 616 ServUStartUpLog.txt
 01/30/2002  05:03p                 963 Servucert.key
 01/30/2002  05:03p                 973 Servucert.crt
 05/20/2006  09:43p               1,291 Wm.txt
 09/12/2006  05:53p               1,306 servudaemon.ini
 09/13/2002  04:01p               2,267 FireDaemon.dtd
 10/16/2004  05:27p               4,608 cygcrypt-0.dll
 03/11/1999  09:23p              10,752 BugSlayerUtil.dll
 12/26/2004  11:06p              13,729 hex.exe
 04/07/2003  12:26a              30,640 cygregex.dll
 11/30/2001  02:13p              36,864 TzoLibr.dll
 10/12/2002  08:55p              40,960 FireDaemon.exe
 03/14/2001  09:33p              62,464 ServUPerfCount.dll
 09/30/2003  12:58p              67,584 ssleay32.dll
 05/24/2003  04:23a             118,784 SvcAdmin.dll
 08/05/2003  05:53a             128,784 Imagehlp.dll
 10/16/2004  05:27p             442,249 cygwin1.dll
 01/15/2002  08:48a             675,840 libeay32.dll
 03/01/2004  01:46p             769,024 events.exe
 11/02/2001  09:23p             938,062 libxml2.dll
               29 File(s)      3,349,285 bytes
                2 Dir(s)   2,461,302,784 bytes free
 C:\WINNT\system32\spool\PRINTERS\*, Are you sure (Y/N)? y

Generated 8:02:05 on Jul 8, 2020