Name/Startup Item Command Comments Tested
Xsystem32.exeAdded by the AGOBOT-KU WORM! Note - has a blank entry under the Startup Item/Name fieldNo
Xpathex.exeAdded by the MKMOOSE-A WORM! Note - has a blank entry under the Startup Item/Name fieldNo
Xsvchost.exeAdded by the DELF-UX TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%. Note - has a blank entry under the Startup Item/Name fieldNo
XMSPF.EXEAdded by a variant of the SDBOT WORM! This file is located in the Winnt or Windows folder. Note - has a blank entry under the Startup Item/Name fieldNo
Xdllvirtual.exeAdded by the DADOBRA-IW TROJAN! Note - has a blank entry under the Startup Item/Name fieldNo
Xdllvirtual.dllAdded by the DADOBRA-IW TROJAN! Note - has a blank entry under the Startup Item/Name fieldNo
Xdllvirtual.jsAdded by the DADOBRA-IW TROJAN! Note - has a blank entry under the Startup Item/Name fieldNo
Xajsha5.exeAdded by the SPYBOT-NX WORM! Note - has a blank entry under the Startup Item/Name fieldNo
Xne.exeAdded by the IRCBOT-ZL TROJAN! Note - has a blank entry under the Startup Item/Name fieldNo
Xiexpl0re.exeAdded by the RBOT-SD WORM! Note - has a blank entry under the Startup Item/Name fieldNo
Xgbpm.exeAdded by the DLOADR.ZZD WORM! Note - has a blank entry under the Startup Item/Name fieldNo
Xregedit.exe /s appboost.regAdded by the APPIX.D WORM! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run and HKCU\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blank. The Windows registry editor (regedit.exe) is a legitimate Microsoft file located in %Windir% and shouldn't be deleted. The file "appboost.reg" is located in %Windir%No
Y!!!AntiHookAntiHook.exeAntiHook - the "ultimate Host Intrusion Prevention System (HIPS) for protection against Malicious Software"No
Y!1_pgaccountpgaccount.exeDiamondCS ProcessGuard security software - stops malicious worms and trojans from being executed silently in the background, as well as a variety of other attacks. You will see one instant of pgaccount.exe for every active account on your system, and this is essential for PG to work properlyNo
Y!1_ProcessGuard_Startupprocguard.exeDiamondCS ProcessGuard security software - stops malicious worms and trojans from being executed silently in the background, as well as a variety of other attacksNo
Y!AVG Anti-Spywareavgas.exeSystem Tray access to and notifications for AVG Anti-Spyware 7.5. This has now been superseded by AVG Anti-Virus which includes Anti-SpywareYes
Y!ewidoewido.exeSystem Tray access to and notifications for Ewido Anti-Spyware 4.0. Ewido is now part of AVG Technologies so this has been superseded by AVG Anti-Virus which includes Anti-SpywareYes
N!NoLoadwinrecon.exeWinRecon keystroke logger/monitoring program - remove unless you installed it yourself!No
U$EnterNetEnternet.exeConnection manager for the EnterNet ISP. You can also use RASPPOENo
X$sys$cmp$sys$xp.exeAdded by the RYKNOS.B TROJAN! Attempts to utilize the Sony Rootkit A.K.A. SecurityRisk.First4DRM security risk to hide itself on the compromised computerNo
X$sys$crash$sys$sonyTimer.exeAdded by the WELOMOCH TROJAN!No
X$sys$crash$sys$sos$sys$.exeAdded by the WELOMOCH TROJAN!No
X$sys$crash$sys$WeLoveMcCOL.exeAdded by the WELOMOCH TROJAN!No
X$sys$drv$sys$drv.exeAdded by the RYKNOS TROJAN! Attempts to utilize the Sony Rootkit A.K.A. SecurityRisk.First4DRM security risk to hide itself on the compromised computerNo
X$sys$momomomochin$sys$sonyTimer.exeAdded by the WELOMOCH TROJAN!No
X$sys$momomomochin$sys$sos$sys$.exeAdded by the WELOMOCH TROJAN!No
X$sys$momomomochin$sys$WeLoveMcCOL.exeAdded by the WELOMOCH TROJAN!No
X$sys$umaiyo$sys$sonyTimer.exeAdded by the WELOMOCH TROJAN!No
X$sys$umaiyo$sys$sos$sys$.exeAdded by the WELOMOCH TROJAN!No
X$sys$umaiyo$sys$WeLoveMcCOL.exeAdded by the WELOMOCH TROJAN!No
U$Volumouse$volumouse.exeVolumouse from Nirsoft. "Provides you a quick and easy way to control the sound volume on your system - simply by rolling the wheel of your wheel mouse"No
X$WindowsRegKey%updateIEXPLORE.EXEAdded by the RBOT-EZ WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System%No
?%cmpmixtitle%%cmpmixstr%Possibly related to C-Media Mixer Control panel?No
N%FP%012-L2TP fts.exefts.exe012.Net.il Israeli ISP software front-endNo
U%FP%012-L2TP FWPortal.exeFWPortal.exe012.Net.il Israeli ISP dial-up softwareNo
N%FP%1776 Internet fts.exefts.exe1776 Internet US ISP software ISP software front-endNo
U%FP%1776 Internet FWPortal.exeFWPortal.exe1776 Internet US ISP dial-up softwareNo
N%FP%AIRTEL fts.exefts.exeBharti Airtel Broadband - Indian ISP software front-endNo
N%FP%Barak013 fts.exefts.exeBarak013 Israeli ISP software front-endNo
U%FP%Barak013 FWPortal.exeFWPortal.exeBarak013 Israeli ISP dial-up softwareNo
N%FP%Friendly fts.exefts.exeFriendly ISP software front-endNo
X%Temp%%Temp%\delwdef2008.batWinDefender 2008 rogue privacy program - not recommended, removal instructions hereNo
X%Windir%\winnl.exewinnl.exeAdded by the KIDKITI TROJAN!No
X%Windir%\winnm.exewinnm.exeAdded by the KIDKITI TROJAN!No
X Services.dllsmss.exeAdded by the SOBER-L WORM! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\msagent\system and note the space at the beginning of the "Startup Item" fieldNo
X WinCheckservices.exeAdded by the SOBER.V WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\ConnectionStatus\Microsoft and note the space at the beginning of the "Startup Item" fieldNo
X WinDataservices.exeAdded by the SOBER-AD WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\PoolData and note the space at the beginning of the "Startup Item" fieldNo
X Windowsservices.exeAdded by the SOBER.X WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\WinSecurity and note the space at the beginning of the "Startup Item" fieldNo
X WinINetservices.exeAdded by the SOBER.R WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\ConnectionStatus and note the space at the beginning of the "Startup Item" fieldNo
X WinStartservices.exeAdded by the SOBER.O WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\Connection Wizard\Status and note the space at the beginning of the "Startup Item" fieldNo
X winsystem.syssmss.exeAdded by the SOBER.K WORM! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\msagent\win32 and note the space at the beginning of the "Startup Item" fieldNo
NµTorrentuTorrent.exeµTorrent - file sharing client for Windows sporting a very small footprint from BitTorrent, Inc. Designed to use as little cpu, memory and space as possible while offering all the functionality expected from advanced clients. For more information about the protocol see here. As µTorrent is a peer-to-peer (P2P) file-sharing client used to distribute large amounts of data between multiple users make sure you have good, up-to-date virus protection and check any downloadsYes
Xϵͳע�ï½ï¿½ï¿½zhuruqi.exeAdded by the QHOST.V TROJAN!No
X'AdwarePro''AdwarePro'.exeAdWarePro rogue security software - not recommendedNo
X@RUNDLL.EXEAdded by the SPYBOT-DN WORM! Note - this is NOT the Win9x/Me system file of the same name as described hereNo
X@sysload.exeAdded by the DELF-EL TROJAN!No
X\IEService.exeIEService.exeFastFind adware variantNo
X\Pribi.exePribi.exeFastFind adware variantNo
X\SysInitsvchost.exeAdded by the STARTPA-BD TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %ProgramFiles%\Common FilesNo
X\tools.exetools.exeFastFind adware variantNo
Y'Ashampoo AntiSpyWare 2 Guard'AntiSpyWare2Guard.exePart of Ashampoo® AntiSpyWare 2 from Ashampoo GmbH & Co. KG. This part is the realtime monitor that looks for changes on the users system such as BHO, Winsock LSPs, Windows Hosts file, Autostart entries, etcYes
X(*)API MachinewinSOCKS.exeHomepage hijacker, see here (* = any digit)No
X(*)Runwin32API.exeHomepage hijacker, see here (* = any digit)No
X(Default)media_driver.exeAdded by the TUPEG VIRUS! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blankNo
X(Default)Shania.vbsAdded by the SHANIA BACKDOOR! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blankNo
X(Default)NOTEPAD.exeAdded by the RUSTY WORM! Note - not to be confused with the valid Windows "NOTEPAD" text editor! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blankNo
X(Default)[random filename].exeAdded by the BLACKMAL WORM! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run and HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blankNo
X(Default)twunk_32.exeAdded by the BLACKMAL.C WORM! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blankNo
X(Default)winhelp.exeAdded by the BLACKMAL.C WORM! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blankNo
X(Default)spolsvr2.exeAdded by the EVILSOCK.10 TROJAN! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blankNo
X(Default)winbas12.exeAdware, CoolWebSearch parasite related - detected by Kaspersky as the VB.DU TROJAN! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blankNo
X(Default)Systrsy.exeAdded by the CDTRAY TROJAN! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blankNo
X(Default)llsass.exeAdded by the PROXY-GG TROJAN! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blankNo
X(Default)syspol.exeAdded by the DREMN-B TROJAN! Note - this malware actually changes the value data of the "(Default)" key in HKCU\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blankNo
X(default)winlog.exeAdded by the RBOT-CVY WORM! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run and HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blankNo
X(default)rundll32.exe [path to DLL file],Do98WorkAdded by the HESIVE.B TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. Note - this malware actually changes the value data of the "(Default)" key in HKCU\Run, HKLM\Run and HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blankNo
X(Default)winligom.exeAdded by the RBOT-GAI WORM! Note - this malware actually changes the value data of the "(Default)" key in HKCU\Run, HKLM\Run and HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blankNo
X(Default)5640.exeAdded by the DOWNLD-ABF TROJAN! Note - this malware actually changes the value data of the "(Default)" key in HKCU\Run, HKLM\Run and HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blankNo
X(Default)QQUpdate.exeAdded by the QUADRULE.A WORM! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blankNo
X(Default)Mcafee.exeAdded by the AGENT.AY TROJAN! Note - this is not a valid McAfee program and is located in %System%. This malware actually changes the value data of the "(Default)" key in HKCU\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blankNo
X(Default)fada.exeAdded by the VB.HEI TROJAN! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run, HKLM\RunServices and HKCU\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blankNo
X(Default)Default.exeAdded by the AUTORUN.BUK WORM! Note - this malware actually changes the value data of the "(Default)" key in HKLM\RunOnce & HKCU\RunOnce in order to force Windows to launch it at boot. The name field in MSConfig may be blankNo
X(Default)KEYBOARD.exeAdded by the AUTORUN.BUK WORM! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blankNo
X(Default)msarti.comAdded by the SILLYFDC.CJ WORM! Note - this malware actually changes the value data of the "(Default)" key in HKLM\..\Policies\Explorer\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blankNo
X(Default)msnupdate.exeAdded by the RBOT-GWT BACKDOOR! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run & HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blankNo
X(Default)xtreme.exeAdded by the DROPR-CZ TROJAN! Note - this malware actually changes the value data of the "(Default)" key in HKLMRun in order to force Windows to launch it at boot. The name field in MSConfig may be blankNo
X(default)WINLOGON.EXEAdded by the DELF-LP TROJAN! Note - this malware actually changes the value data of the "(default)" key in HKCU\Policies\Explorer\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blankNo
X(Default)diagcfg.exeAdded by the GWGIRL BACKDOOR! Note - this malware actually changes the value data of the "(Default)" key in HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blankNo
X(L4r1$$4) (4nt1) (V1ruz)SP00Lsv32.pifAdded by the ASSIRAL.B WORM!No
X*Bandookmsdll.exeAdded by an unidentified TROJAN - see hereNo
X*Intelli Mouse Pro Version 2.0B*ncsjapi32.exeAdded by the BUZUS-O WORM!No
X*JanisRuckenbrodIIjanis.comAdded by the POPS WORM!No
X*loadfaxloadfax.exeAdded by the WINFLUX-C BACKDOOR!No
X*Microsoft Updatectxma.exeAdded by the STMU TROJAN!No
X*Microsoft Updatecxma.exeAdded by the STMU TROJAN!No
X*Microsoft Updatewstcl.exeAdded by the STMU TROJAN!No
X*Microsoft Updatewucxt.exeAdded by the STMU TROJAN!No
X*Microsoft Updatewuytc.exeAdded by the STMU TROJAN!No
X*MS Setup[random filename]Virtumondo adware, also known as the VUNDO TROJAN!No
X*MSConfig32aecache.exeDetected by F-Secure as the OBFUSCATED.GP TROJAN!No
Y*Restorerstrui.exePart of Windows System Restore and added as a RunOnce registry entry. Leave aloneNo
X*Security Centersecctr.exeAdded by the SDBOT.BRO WORM!No
Y*StateMgrstatemgr.exeWindows ME default for System Restore. Do NOT disable!No
N*WerKernelReportingWerFault.exePart of Windows Error Reporting technology (WER) for Vista. WER captures software crash and hang data from end-users who agree to report it - see hereNo
X*windows updatewrauclt.exeAdded by the RBOT-QU WORM!No
X*windows updatewuanclt.exeAdded by the RBOT-PG WORM!No
X*windows updatewuaucrlt.exeAdded by the SPYBOT.HUR WORM!No
X*windows updatewuraclt.exeAdded by the RBOT-PO WORM!No
X*windows updatewurauclt.exeAdded by the RBOT-SY WORM!No
X*windows updatewsctl.exeAdded by the SPYBOT.PR WORM!No
X*windows updatewkmst.exeAdded by the SDBOT.AVD WORM!No
X*windows updatewscxt.exeAdded by the RBOT.AOS WORM!No
X*windows updatewaurclt.exeAdded by a variant of the RBOT WORM!No
X*windows updatewuaruclt.exeAdded by the RBOT-TF WORM!No
X*windows updatewruaclt.exeAdded by the RBOT-QP BACKDOOR!No
X*windows updatewruauclt.exeAdded by the RBOT-SF WORM!No
X*windows updatewuacrlt.exeAdded by the RBOT-QI WORM!No
X*windows updatewuruclt.exeAdded by the RBOT-TA WORM!No
X*Windows [filename] Checker[filename]Added by the KEDEBE-B WORM!No
X*WindowsAudiosystemupd.exeAdded by the AGENT-TH WORM!No
X*WinLogon[trojan path] ren time:[random number]Added by the VUNDO TROJAN!No
X*winsocksmsnmess.exeAdded by the PWS-ABU TROJAN!No
X*winstatswinstats.exeAdded by the GARGAFX TROJAN!No
X*wmstuwmstu.exeAdded by the RBOT-TV WORM!No
X*wuauclt.exew****.exe [* = random char]Added by a variant of the RBOT-UG WORM! Note - * in the filename represents a random char; variants spotted: wxmct.exe, wtmsv.exe, wxmst.exe, wmsvc.exe and so on...No
X*zggjmydzggjmyd.exeAdded by the AFCORE.O BACKDOOR!No
X,main drive Loaderwininfo.exeSuspected malware as it appears in 3 different registry locations - see hereNo
X-=+(L4r1$$4)+=-(4nt1)-=+(V1ru$)=-+ISASS.exeAdded by the ASSIRAL.B WORM!No
Y-FreedomNeedsRebootZkRunOnceR.exeInternet Security Suite used by ISPs to protect customers against many attacksNo
X..ABC2007.exeAdded by the DLOADR-ASH TROJAN!No
X.mscdrlassa.exeAdded by the WEBUS.C TROJAN! No
X.mscdrlsvchost.exeAdded by the WEBUS.D TROJAN!No
X.mscdsrlsvchost.exeAdded by the BDOOR-CR BACKDOOR!No
X.mscsblsvhost.exeAdded by the CMQ TROJAN!No
X.mscsblSVCHOST.EXEAdded by the BOROBOT-A TROJAN! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup!No
X.msfupdatemsveup.exeAdded by the ALLOCUP.A WORM!No
X.mssecuremssecure.exeAdded by the DDOS_BOXED.X TROJAN!No
?.NET configsysmon32.exe??No
X.Net Recoveryrundll32.exe dotnetfx.dll,repairAdded by the DELEZIUM VIRUS! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "winsys16_070813.dll" file is found in %System%No
X.NET.msnmgnr.exeAdded by the DELF.AYF WORM!No
X.nortonrchost.exeAdded by the BOXED-H TROJAN!No
X.nvsvcsmss.exeAdded by the IRCBOT-FP TROJAN! Note - this is not the legitimate smss.exe process which should not normally figure in Msconfig/Startup! No
X.nvsvcbsmssb.exeAdded by the BOXED.CG TROJAN!No
X.Progservices.exeAdded by the NEVEG.B or NEVEG.C WORMS! Note - this is not the legitimate services.exe process, which should not appear in Msconfig/Startup!No
X.Progwinlogon.exeAdded by the NEVEG.A WORM! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup!No
X.protectedN/ASmitfraud variantNo
X.servicewinlgon.exeAdded by the BDOOR-BX BACKDOOR!No
X.svchostCSRSS.EXEAdded by the WEBUS.F TROJAN! Note - this worm replaces the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup!No
X.TEXTCONVcsrss.exeAdded by the WEBUS TROJAN! Note - this is not the legitimate csrss.exe process which should not normally figure in Msconfig/Startup!No
X.TEXTCONVlsass.exeAdded by the WEBUS.B TROJAN! Note - this is not the legitimate lsass.exe process which should not normally figure in Msconfig/Startup!No
X.WMAudiocsrss.exeAdded by the WEBUS TROJAN! Note - this is not the legitimate csrss.exe process which should not normally figure in Msconfig/Startup!No
X.WMAudiolsass.exeAdded by the WEBUS.B TROJAN! Note - this is not the legitimate lsass.exe process which should not normally figure in Msconfig/Startup!No
N/l:engN/ARelated to the Dell OEM version of the Sound Blaster Audigy 2 sound card. If this item is listed and checked in startup, the System32 Folder will appear on every startup. A patch is available - filename R75304.EXE - that fixes the issue. You can find that file at support.dell.com by typing that name in the 'Search' box available there. It addresses the root of the problem in Creative's software and corrects it. Unfortunately there is no direct link to the file, but it's easily available using the search functionNo
N/sN/ARelated to the Dell OEM version of the Sound Blaster Audigy 2 sound card. If this item is listed and checked in startup, the System32 Folder will appear on every startup. A patch is available - filename R75304.EXE - that fixes the issue. You can find that file at support.dell.com by typing that name in the 'Search' box available there. It addresses the root of the problem in Creative's software and corrects it. Unfortunately there is no direct link to the file, but it's easily available using the search functionNo
U000pit.exePrivateEye surveillance software. Uninstall this software unless you put it there yourselfNo
X000hpdllhoshpdllhost.exeLZIO.com adware downloaderNo
U000StTHK000StTHK.exeToshiba Hot key functionality for the function keys (Fn-Esc, Fn-F1 (lock), Fn-F2, Fn-F3, Fn-F4, Fn-F5 (switching between laptop and CRT display output), etc...)No
X0050726-007-i32-10050726-007-i32-1.exeAdded by the BANCBAN-EC TROJAN!No
X007-Anti-Spyware.exe007-Anti-Spyware.exe007 Anti-Spyware rogue security software - not recommendedNo
?00DSKSVR00desksaver.exe saskdaPart of Advanced Desktop Shield, Easy Desktop Keeper, 1st Desktop Guard and Desktop Layout Keeper (and maybe others) - which give you the ability to save, restore, manage and lock your desktop layout that includes files and folders located on your desktop, placement of desktop icons, desired wallpaper and screen saver. The exact purpose of this startup entry is unknown at presentYes
U00DSKSVR01desksaver.exe traySystem Tray access to Advanced Desktop Shield, Easy Desktop Keeper, 1st Desktop Guard and Desktop Layout Keeper (and maybe others) - which give you the ability to save, restore, manage and lock your desktop layout that includes files and folders located on your desktop, placement of desktop icons, desired wallpaper and screen saver. Disabling via the program's own options will leave this startup entry but it will not run - "desksaver.exe" does however run as it's also used as a serviceYes
U00ERSRRRNKYeraser.exePart of Evidence Exterminator, 1st Evidence Remover and Evidence Destructor (and maybe others) - the same file for the same version being used by all programs. Security tools that ensure your security and privacy by destroying all hidden activity information on demand, according to a schedule or on each boot/shutdown. This entry provides System Tray access to the main program for on demand cleaning and is required if any automatic cleaning has been scheduled. Located in %ProgramFiles%\Evidence Exterminator, %ProgramFiles%\1st Evidence Remover, %ProgramFiles%\Evidence Destructor or maybe othersYes
?00notify33NetBrowser.exePart of Best Network Security, 1st Network Admin and Corporate Network Security (and maybe others) - network-based password-protected security software that lets you impose access restrictions to all your PC workstations you have in your corporate network to stop users from tampering with them. The exact purpose of this startup entry is unknown at presentYes
Y00PCTFWFirewallGUI.exeSystem Tray access to PC Tools Firewall Plus from PC Tools - which "is a powerful personal firewall for Windows that protects your computer from intruders and controls the network traffic in and out of your PC"Yes
?00saskdanewlock.exe saskdaPart of Access Manager, 1st Security Agent, Security Administrator and PC Security Tweaker (and maybe others) - which let you control which users are allowed to access your PC and the level of access each user may have. You can choose to tweak access to lots of Control Panel applet functions, including Display, Network, Passwords, Printers, System, Add/Remove Programs, etc. The exact purpose of this startup entry is unknown at present but it appears to be related to the "Screen Lock" featureYes
Y00TCrdMainTCrdMain.exeRelated to the flash card slot on a Toshiba laptop. Ending this process will disable access to the flash cardsNo
U00THotkey00THotKey.exeFor Toshiba Satellite notebook series to use the front buttons, play, stop, next, prev.No
U00THotkeysystem32THotkey.exeFor Toshiba Satellite notebook series to use the front buttons, play, stop, next, prevNo
U0190 WarnerWARN0190.EXEAnti-dialer program (Germany)No
U0900 WarnerWARN0900.EXEAnti-dialer program (Germany)No
X0mcamcap0mcamcap.exeAdded by the COSIAM-H TROJAN! No
X0utlook Express*****.exe [* = random char]Added by the RBOT-CC WORM! Note the first letter is actually the digit "0" and not a capital "o"No
X0_AVD32xzboot.exeAdded by the AGENT-IWI TROJAN!No
X11.exeAdded by the ESTEEMS TROJAN!No
X1lsass.scrAdded by the BANCOS.V TROJAN! No
X1svchost.scrAdded by the BANCOS.X TROJAN!No
X1mrcmgr.exeAdded by the BANKER.RQK TROJAN!No
X1KHATRA.exeAdded by the AUTOIT-BP WORM!No
X1addit.exeAdded by the SDBOT-RI WORM!No
N1&1 EasyLoginEasyLogin.exe1&1 EasyLogin - quick access to webhost 1&1's Control Panel, Web-Mail and other applications via the System TrayNo
X1-sukarnosukarno.exeAdded by the BRONTOK-CR WORM!No
U101Clips101Clips.exe101Clips - "the simplest of all multi-clipboard programs. Just have it running minimized and it captures everything you cut or copy from other programs. It keeps the last 25"No
X1029BB4B-16A9-4E77-AA3D-96930BD68EECsysockeu.exeAdded by the FAKEALERT-AH TROJAN!No
X10Base-Texplore.exeAdded by the AGOBOT-IJ WORM!No
X1111swapmgr.exe1111swapmgr.exeAdded by the BDOOR-IC BACKDOOR!No
X123wintask.exeAdded by the LEGMIR-AY TROJAN!No
X1234klsjdc uiar924c afsxgnsvuxct.exeAdded by the FAKEALERT-AM TROJAN!No
X1234klsjdc uiar924c afsysvtypkbjx.exeAdded by the FAKEALERT-AM TROJAN!No
X123MonitorSpywareFreeMonitor.exe1-2-3 Spyware Free rogue spyware remover - not recommended, see hereNo
U12Ghosts Backup12backup.exe12Ghosts Backup - "Automatic Backups, HyperBackup for Multiple Versions, Registry Backup"No
U12Ghosts Clip12clip.exe12Ghosts Clip - "Screen shots made easy"No
U12Ghosts JustAWindow12window.exe12Ghosts JustAWindow - "Cover annoying ads, animated gifs, things you don't want to see"No
U12Ghosts Popup-Killer12popup.exe12Ghosts Popup-KillerNo
U12Ghosts SaveLayout12autosl.exe12Ghosts SaveLayout - "Always (always!) keep the layout of your desktop icons"No
U12Ghosts SetColor12color.exe12Ghosts SetColor - "Change your desktop icon text colors, also to transparent"No
U12Ghosts ShowTime12showtime.exe12Ghosts Showtime - "Enhance the clock in your tray with font formatting, colors, date, time zones"No
U12Ghosts Synchronize12sync.exe12Ghosts Synchronize - "Sync PC clock with an atomic clock over the Internet"No
U12Ghosts Tower12tower.exe12Ghosts Tower - "Quickly access and manage all Ghosts (included in all packages)"No
U12Ghosts TrayProtect12srvc.exe12Ghosts TrayProtect - "Hide tray icons, restore after a crash"No
U12Ghosts Wash12wash.exe12Ghosts Wash - "Protect your privacy, clear browser history, delete and overwrite cache files"No
N12Voip12Voip.exe12Voip - free internet telephony utility using the VoIP (Voice over Internet Protocol). Call online friends for free and regular phones either for free (limited use) or low rates. One of a number provided by Betamax - the others generally have different rate plans. Similar to the more popular SkypeYes
U1455 Scan2PCScan2pc.exeScan to PC application for the scanning function of the Samsung SCX1455 multifunction printerNo
?17779Proj2002N/A??No
X180adsolution180adsolution.exe180solutions adwareNo
X180ax180ax.exe180Search adwareNo
X180ClientStubInstallstubinstaller****.exe [* = digit]180Solutions adware relatedNo
X180ClientStubInstall[path to trojan]180Solutions adware relatedNo
X180ClientStubInstall******.tmp [* = random digit/char]180Solutions adware relatedNo
X180sa180sa.exe180Search adwareNo
X1916435341.exe1916435341.exeAdded by the DLOADR-AXU TROJAN!No
X196_150_ni196_150_ni.exeWinFixer web installer - "foistware", pretending to be system optimization, protection and recovery software - stealth installed, see hereNo
X197_150_ni_3197_150_ni_3.exeWinFixer web installer - "foistware", pretending to be system optimization, protection and recovery software - stealth installed, see hereNo
X197_150_ni_7197_150_ni_7.exeWinFixer web installer - "foistware", pretending to be system optimization, protection and recovery software - stealth installed, see hereNo
N1:hpdrv.exeHP utility for monitoring when and how many recoveries have been doneNo
U1A:MacVisionTrayMonitorTrayMonitor.exePart of MacVision by Jeff Bargmann - an discontinued program that makes your PC's desktop look and feel incredibly like that of a Macintosh OS8 computer. Handler that puts the icons that are in your system tray into the MacVision taskbar, beside the clockNo
Y1A:Stardock MCPmcpserver.exeMaster Control Program for Stardock apps, in development. People should leave it running if they're using any of the Stardock applicationsNo
Y1A:Stardock TrayMonitorTrayServer.exeFor monitoring tray icons - if disabled icons will not be displayed in ObjectBar or DesktopXNo
U1cla1cla.exe1 Click & Lock from Softstack.com - "a system tray security utility you can use to secure your desktop when you step away from your PC. It's secure and very easy-to-use. Just define a password, and select Lock to hide and deny access to your desktop to anyone without the proper password." The same program as Access Lock and Access Controller (and maybe others) - the same file for the same version is used by all programs but the filename is different in each caseYes
U1cla.exe1cla.exe1 Click & Lock from Softstack.com - "a system tray security utility you can use to secure your desktop when you step away from your PC. It's secure and very easy-to-use. Just define a password, and select Lock to hide and deny access to your desktop to anyone without the proper password." The same program as Access Lock and Access Controller (and maybe others) - the same file for the same version is used by all programs but the filename is different in each caseYes
?1CmailSNETMAIL.EXE??No
X1on11on1.exeAdult content diallerNo
U1Srv32SpyAgent4.exeSpyTech SpyAgent monitoring software. "Spy software that allows you to monitor EVERYTHING users do on your PC."No
X1u71u7.exeAdded by the MURBAC-A TROJAN!No
U1Win32CfgSpyBuddy.exeSpyBuddy from ExploreAnywhere, Inc - is the "dependable computer monitoring solution that will reveal what your child or employee is really doing on the computer"No
U1Win32CfgKeyloggerpro.exeKeyloggerpro keystroke logger/monitoring program - remove unless you installed it yourself!No
X1WinCfg32WebMailSpy.exeWebMailSpy spywareNo
X2-suhartosuharto.exeAdded by the BRONTOK-CR WORM!No
X2020Downloadermssvr.exe2020Search ToolbarNo
X2177F056-0AA6-4D6C-A944-13F71F341C29sysokuaw.exeAdded by the FAKEALERT-AH TROJAN!No
U2335dn Scan2PCScan2pc.exeScan to PC application for the scanning function of the Dell 2335 multifunction laser printerNo
U24Online ClientCyberoamClient.exeRelated to Cyberroam from Elitecore Technologies LtdNo
X250kg250kg.exeAdded by the AUTORUN-TI WORM!No
X252winmgr.exeAdded by the LEGMIR-AT TROJAN!No
X27slsorve.exeAdded by the SLSORVE-A TROJAN!No
X27csrss32.exeAdded by the SLSORVE-D TROJAN!No
X27msm32.exeAdded by the SLSORVE-E TROJAN!No
X2k6 updatzcrss3.exeAdded by the RBOT-CPD WORM!No
X2Searchmain.exe2Search adwareNo
X2thousandbuck[path to file]Added by the RANKY.L TROJAN!No
U2wSysTray2portalmon.exe2Wire Homeportal user interfaceNo
X3-habibiehabibie.exeAdded by the BRONTOK-CR WORM!No
U3170 Scan2PCScan2pc.exeScan to PC application for the scanning function of the Samsung CLX3170 multifunction laser printerNo
X32-bit Thunking servicethunk32.exeAdded by the DERDERO.A WORM!No
X32.exenvscv32.exeAdded by the AGENT-LOL TROJAN!No
X333svchost.exeAdded by the JD-A TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "Syswm1i" directoryNo
X360antiarp[path to trojan]Added by the PASTA.AIB TROJAN!No
Y36X Raid ConfigurerJMRaidSetup.exeJMB36x series RAID configuration utility from JMicron Technology for their PCI Express to SATA II and PATA Host ControllersNo
X3868253238682532.exeAdded by the AGENT-MCM TROJAN!No
X388529725448AutomaticUpdates.exeAdded by the SDBOT-DEN WORM!No
?39ELTFH25Z8SKFEzg1q5.exeSeems to be associated with software by Resplendence SP ?No
Y3c1807pd3cmlink.exe 3cpipe-3c1807pd3Com WinModem driver. See here for more WinModem informationNo
Y3capplnk3capplnk.exeUS Robotics Modem driverNo
N3cdminic3CDMINIC.EXE3Com DMI (DynamicAccess Desktop Management Interface) Agent associated with 3Com network cardsNo
Y3CM Link3cmcnkw.exeRequired for a US Robotics WinModem as it provides the link to Windows - won't work without itNo
Y3Cmlink3CmlinkW.exeFor a US Robotics WinModem. Provides the link to Windows as the CPU does the processing on WinModems - won't work without it. See here for more WinModem informationNo
?3Com LauncherLauncher.exeRelated to networking products from 3Com Corporation. What does it do and is it required?No
N3ComDMIAgent3CDMINIC.EXE3Com DMI (DynamicAccess Desktop Management Interface) Agent associated with 3Com network cardsNo
Y3cpipe-USRpdAUSRmlnkA.exeModem driver files from US RoboticsNo
X3D Text3D Text.scrAdded by the JERMY.A WORM!No
U3Deep Control Panel3DeepCTL.EXE3Deep® from E-Color corrects lighting, shading and color for all your 2D and 3D games. Now superseded by 3DxWizzard™No
X3Dfx AccGFXACC.EXEAdded by the GIBE WORM! No
N3dfx Task Manager3dfxMan.exeSystem Tray application for 3dfx Voodoo 3/4/5 functions. Available via Start -> ProgramsNo
Y3dfx Tools3dfxCmn.dllUpdates the registry with information that can't be held for Voodoo 3/4/5 series graphics cards. Important for owners of these cardsNo
Y3dfxv2ps.dll3dfxv2ps.dllUpdates the registry with info that can't be held for 3dfx Voodoo 2 video cards. Important for owners of these cardsNo
?3Dlabs Taskbar Display Manager3DLman.exe3DLabs graphics driver related. System Tray access to display settings?No
U3DLabsHelperDemon3dldemon.exeDirectly from the programs author "It is a tiny program that is installed by the Permedia2/3 and probably other Oxygen-series cards. Normally it sits in the background doing nothing at all (sleeping on a semaphore), so it should take zero CPU time and virtually zero memory, since it will all be paged out to the hard drive." In most cases it can be safely disabledNo
Y3DMouse.EXE3DMouse.EXEDritek System Inc. 3D Mouse driverNo
X3d_sound3d_sound.exeAdded by the RIADOS-A TROJAN!No
X3P_UDEC_IAIAInstall.exeInstaller for the Internet Antivirus and Internet Antivirus Pro rogue security software - not recommended, removal instructions hereNo
U3qdctl.exe3qdctl.exeProvided with Terratec 128i PCI and similar sound cards. Loads a sound profile at bootup, restoring volume and other audio settings to a pre-determined default. Similar to Creative Lab's AudioHQNo
Y3ware 3DM3dm.exeMonitors status of the disk array on 3ware IDE RAID controllersNo
X4-gusdurgusdur.exeAdded by the BRONTOK-CR WORM!No
X456655explorer.exeAdded by the BIFROSE-DE TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%No
X4684735485910netdll32.exeAdded by the SDBOT-DEV WORM!No
X49U5T1N449U5T1N4.exeAdded by the KORRON.B WORM!No
X4da92ad5.exe4da92ad5.exeAdded by the DLOADR-WZ TROJAN!No
X4k51k44k51k4.exeAdded by the BRONTOK-BH WORM!No
U4oDKHost.exeVerisign Kontiki Delivery Management System - Windows-based client software that enables secure delivery of content to users' desktopsNo
X4wd!!!Natal!.pifAdded by the OPASERV.AI WORM!No
U4x26 Scan2PCScan2pc.exeScan to PC application for the scanning function of the Samsung SCX4x26 multifunction laser printersNo
U4x28 Scan2PCScan2pc.exeScan to PC application for the scanning function of the Samsung SCX4x28 multifunction laser printersNo
X5-1-61-96members-area.exeAdult content diallerNo
X5-2-46-1125-2-46-112.exeAdult content pop-up dialler. Removal instructions hereNo
X5-megawatimegawati.exeAdded by the BRONTOK-CR WORM!No
X55278grepclient1.exeAdded by the LINEAGE-S TROJAN!No
X5p4m[path to trojan]Added by the LITEBOT-C TROJAN!No
X5whgue215whgue21.exeClearSearch adwareNo
X6-susilo bsby.exeAdded by the BRONTOK-CR WORM!No
U6200 Scan2PCScan2pc.exeScan to PC application for the scanning function of the Samsung CLX6200 multifunction laser printerNo
X65438761234587528rkgnd.exeANG AntiVirus 09 rogue security software - not recommended, removal instructions hereNo
X666Ska.exeAdded by the PIPES TROJAN!No
X678lsas32.exeAdded by the SLSORVE-B TROJAN!No
X756349DC-6D9E-4F2A-9B24-269661F073C3sysoghcx.exeAdded by the FAKEALERT-AH TROJAN!No
X76112549345328287angpd.exeANG AntiVirus 09 rogue security software - not recommended, removal instructions hereNo
X7f8ez****.exe 9idfDetected by NOD32 as the SMALL.ALI TROJAN! Note - it creates a number of extra z****.dll files in the %System% folderNo
X7X29C2X78Ysyss_.exeAdded by the AGENT-GMS TROJAN!No
U802.11b+g USB Wireless LAN UtilityZDWlan.exe802.11b+g USB Wireless LAN UtilityNo
U802.11g MIMO Wireless UtilityRaUI.exeWireless configuration utility for Railink 802.11g MIMO based productsNo
U802.11g Wireless AdatperMonitor.exeRelated to wireless card (802.11) adapter/standard. System Tray icon that provides a shortcut to "Wireless Connection Status" and allows to turn WL on and off. Supplier unknown. Adapter is miss-spelledNo
X8254502482545024.exeAdded by the AGENT-MBV TROJAN!No
X852EBF20-A95D-4F1F-B9C2-B2CD24350F3Esysodkcs.exeAdded by the FAKEALERT-AH TROJAN!No
X98D0CE0C16B1rundll32.exe D0CE0C16B1, D0CE0C16B1BrowserAid/BrowserPal foistware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
X9mwinlog0n.exeAdded by the LEGMIR-AQK TROJAN!No
X9UmxQPSiTJMbANVUKZ.exeAdded by the AGENT-LMN TROJAN!No
Y9xadiras9xadiras.exeAllied Telesyn AT series router/modem related - apparently requiredNo
X9xHtProtectAVprotect9x.exeAdded by the NETSKY.M WORM!No
X;Rundll[filename]Added by the PWSLEGMIR.E TROJAN!No
X?ekio Startups?nksvc32.exeAdded by the AGOBOT-OV WORM where ? is a random character No
X@regedit -s win.dllAdded by the SEEKER.K TROJAN! Note that regedit is the the legitimate Windows Registry Editor and shouldn't be deleted. The "win.dll" file is located in %Windir%No
X@iexpl0res.exeAdded by the RBOT.AEX WORM!No
X@wincms.exeAdded by the RBOT.CBR WORM!No
X@winsys32.exeAdded by the DELF.CP BACKDOOR! Note that the entry under the Startup Item/Name field my be blankNo
N@Hoc ToolbarAtHoc.exeOne-click activated browsing toolbar used by various web-sites. See here for more infoNo
N@lohareminder.exeRegistration reminder for @loha@home E-mail utilityNo
Y@OnlineArmor GUIoaui.exeSystem Tray access to and main user interface for the Online Armor range of security tools from Tall Emu Pty Ltd. The free version incorporates a firewall, limited startup manager, tamper protection and keylogger detection whilst paid versions add features such as a mail/web shield, phishing filter and anti-malwareYes
X@tour_ww@tour_ww[1].exeAdult content diallerNo
Xaa.exeCommercials file that registers itself in the system registry and redirects IE to a certain commercial websiteNo
Xajesse.exeAdded by the MELO-A WORM!No
XaMsSvrdll.vbsAdded by the MUTAFROG!INF WORM!No
XA New Windows Updaterw32NTupdt.exeAdded by the MYTOB.BM WORM!No
NA NoteA Note.exe"A Note is a program that lets you create post-it like notes on your Microsoft Windows desktop"No
UA Verizon AppVERIZO~1.EXEPart of Verizon Online Support ManagerNo
Ya2guard.exeSystem Tray access to and Anti-Malware Guard feature of Emsisoft Anti-Malware from Emsi Software GmbH - which provides "comprehensive PC protection against viruses, trojans, spyware, adware, worms, bots, keyloggers and rootkits". Previously known as "a-squared Antitrojan" and "a-squared Anti-Malware"No
Ya-squareda2guard.exeSystem Tray access to and Anti-Malware Guard feature of Emsisoft Anti-Malware from Emsi Software GmbH - which provides "comprehensive PC protection against viruses, trojans, spyware, adware, worms, bots, keyloggers and rootkits". Previously known as "a-squared Antitrojan" and "a-squared Anti-Malware"Yes
Ya-squareda2adguard.exeSystem Tray access to and Background Guard feature of Emsisoft Anti-Dialer from Emsi Software GmbH - which "provides a complete defense against Dialers"Yes
Ya-squared Anti-Dialera2adguard.exeSystem Tray access to and Background Guard feature of Emsisoft Anti-Dialer from Emsi Software GmbH - which "provides a complete defense against Dialers"Yes
Ya-winpoet-servicewinpppoverethernet.exeWinPoET is the industry's first Windows-based PPP over Ethernet client. Developed by iVasion, WinPoET is attractive to equipment providers, modem suppliers, RBOCs and ISPs. For more info read here. It uses dial-up networking for new high-speed internet customers who are more familiar with analogue modems. If unchecked in MSCONFIG it reports Error 360 - Hardware Error in dial-up networkingNo
UA1000 Settings Utilitycpqa1000.exeCompaq A1000 Print Fax All-in-One copy scan printer software. Required in the Startup in order to scan, print, copy and fax. Only required if you use these featuresNo
Ya2adguarda2adguard.exeSystem Tray access to and Background Guard feature of Emsisoft Anti-Dialer from Emsi Software GmbH - which "provides a complete defense against Dialers"Yes
?a2dservicea2dservice.exeRelated to the Air2Data Wireless HISA (High-Speed Internet Access) service. What does it do and is it required?No
Ya2guarda2guard.exeSystem Tray access to and Anti-Malware Guard feature of Emsisoft Anti-Malware from Emsi Software GmbH - which provides "comprehensive PC protection against viruses, trojans, spyware, adware, worms, bots, keyloggers and rootkits". Previously known as "a-squared Antitrojan" and "a-squared Anti-Malware"Yes
UA4ProxyA4Proxy.exeAnonymity 4 Proxy - local proxy server that makes you anonymous when visiting web sitesNo
XA5118r_default32142.pifAdded by the BRONTOK-AK WORM and variants!No
XA5118rj6321422.exeAdded by the BRONTOK-AK WORM and variants!No
XA70F6A1D-0195-42a2-934C-D8AC0F7C08EBrundll32.exe E6F1873B.DLL, D9EBC318CBrowserAid/BrowserPal foistware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
Xa9z1eizA1eatulabov.exeAdded by the AGENT-GWD TROJAN!No
Xaa bbcc dde effgghh jjupdate.exeAdded by a variant of the IRCBOT BACKDOOR!No
Xaaaaaa.exeAdded by the POISON.PG BACKDOOR!No
?AAACLEANAAACLEAN.INF??No
?AAAKeyboard????No
NAAATraySaverTraySaver.exeSystem Tray management utility from Mike Lin which allows you to hide, show, restore icons that are lost in an Explorer crash, remove dead tray icons, minimize any window to the System TrayNo
Xaacmeyfaacmeyf.exeAdded by the AF.20 TROJAN!No
XAaepopar.exePurityScan/Clickspring adwareNo
UAAKaak.exeAdvanced Anti-Keylogger - "Anti-spy software to prohibit operation of any keyloggers currently in use or presently being developed anywhere"No
UaaLDISCN32LDISCN32.EXELANDesk® Management Suite software componentNo
UaaLDTaskCompletionamclient.EXELANDesk® Management Suite software componentNo
XAAMSFree702Avengine.comAdded by the DELF.LJ TROJAN!No
XAAMSFree702sys.exeAdded by the BACKDOOR-CPC TROJAN!No
XAaouamee.exePurityScan adwareNo
XAappadprot.exeAdBlaster adwareNo
Xaaprotect[path to trojan]Added by the BANCBAN-MJ TROJAN!No
XAASSKK2LSASS.EXEAdded by the SILLYFDC.BDB WORM! Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %AppData%No
?aauclientACNUpdater.exeAppears to be related to software from Accenture.comNo
UAAWAd-Aware.exeAd-Aware SE Personal from Lavasoft - popular spyware/adware removal tool. Now superseded by Ad-Aware 2008 FreeNo
UAAWTrayAAWTray.exeSystem Tray access to Ad-aware from Lavasoft - popular spyware/adware removal toolNo
?ab EazySchedulerezsched.exe??No
Xabassabass.exeAdded by a variant of the Storm/Nuwar/Zhelatin WORM! See here for an exampleNo
NABBYY Community AgentCAGENT.EXEInstalled with the Optical Character Recognition (OCR) software that comes bundled with a Compaq A3000 all-in-one printer/scanner. Its function appears to be to link you to the internet in an attempt to buy the 5.0 version of the softwareNo
UABCkeylogger.exeKeystroke logger/monitoring program - remove unless you installed it yourself! No
Xabcdefghabcdefgh.exeEPJ TROJAN! No
UABIT uGuruuGuru.exeABIT µGuru - on motherboards incorporating the µGuru processor this provides quick access to "hardware monitoring, overclocking, BIOS flashing and audio tweaking"No
NABITEQabiteq.exeMonitoring utility for ABIT Motherboards. Displays system voltages, temperatures and fan speedsNo
XAboxAbox.exeAdultbox adwareNo
XAbrada WIN32abrada.exeAdded by the DERMON-G TROJAN! No
YABRegmonABregmon.exePart of the ArcaVir antivirus suite from Polish company Arcabit. What does this part do?No
UAbsolute Shielddseraser.exeAbsolute Shield Evidence Eliminator - internet history eraser No
UAbsolute StartUp monitorASMon.exeAbsolute Startup - startup monitor from F-Group SoftwareNo
UAbsoluteShield Internet Erasercseraser.exeAbsoluteShield Internet Eraser - "protects your privacy by cleaning up all the tracks of your Internet and computer activities" No
XABsrabsr.exeAdded by the AUTOUPDER TROJAN!No
Xabsrmwsvm.exeSeekSeek search hijacker related - see here No
Xabtump3serch.exeLoads the executable for Lop.com - final versionNo
Xabtulopsearch.exeLoads the executable for Lop.com - beta versionNo
UAbyssusrazerhid.exeRazer Abyssus gaming mouse driver - required if you use the additional features and programmed keys/macrosNo
UAbyssWebServerabyssws.exeAbyss web serverNo
XAc97Soundsnddrv.exeAdded by the VB.AXG TROJAN!No
Uacaaca.exeAccess Controller - "a desktop locking security utility you can use to protect your desktop when you are not near your PC. To activate protection, define a password in Options, and select the Lock command. Password protection can be automatically activated on boot or with a click of an icon in the system tray." The same program as 1 Click & Lock and Access Lock (and maybe others) - the same file for the same version is used by all programs but the filename is different in each caseYes
Uaca.exeaca.exeAccess Controller - "a desktop locking security utility you can use to protect your desktop when you are not near your PC. To activate protection, define a password in Options, and select the Lock command. Password protection can be automatically activated on boot or with a click of an icon in the system tray." The same program as 1 Click & Lock and Access Lock (and maybe others) - the same file for the same version is used by all programs but the filename is different in each caseYes
UAcBtnMgr_X63AcBtnMgr_X63.exe"Lexmark Scan & Copy Control Program" for the Lexmark X63 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etcNo
UAcBtnMgr_X63.exeAcBtnMgr_X63.exe"Lexmark Scan & Copy Control Program" for the Lexmark X63 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etcNo
UAcBtnMgr_X73AcBtnMgr_X73.exe"Lexmark Scan & Copy Control Program" for the Lexmark X73 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etcNo
UAcBtnMgr_X83AcBtnMgr_X83.exe"Lexmark Scan & Copy Control Program" for the Lexmark X83 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etcNo
UAcBtnMgr_X84-X85AcBtnMgr_X84-X85.exe"Lexmark Scan & Copy Control Program" for the Lexmark X84-X85 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etcNo
Uaccacc.exeAdvanced Call Center - "full-featured yet easy-to-use answering machine software for your voice modem"No
XACCDEFRAGINFO[path to worm]Added by the DARBY-O WORM!No
UAccelerateaccelerate.exeWebroot Accelerate - allows you to optimize Windows network registry settings in order to boost surfing speeds. Leave this enabled if you find it improves your connectionNo
YAccelerometerStAccelerometerSt.exeHP 3D DriveGuard uses a digital accelerometer protects your disk drive by parking and halting I/O requests if you drop your PC or if you move your PC with the display lid closedNo
YAccelerometerSysTrayAppletAccelerometerSt.exeHP 3D DriveGuard uses a digital accelerometer protects your disk drive by parking and halting I/O requests if you drop your PC or if you move your PC with the display lid closedNo
UAccess ConnectionsACTray.exeSystem Tray access to the ThinkVantage Access Connections connectivity-assistant program for IBM/Lenovo ThinkPad or 3000 Family notebook computers - "allowing users to seamlessly switch between wired and wireless environments, managing security settings, printers, home page and other location-specific settings automatically"Yes
XAccess Control Appwinsto.exeAdded by the AGENT.DGO TROJAN!No
NAccess IBM Message Centeribmmessages.exe"The Access IBM Message Center displays messages to inform you about helpful software that may be pre-installed on your PC. The Message Center can also provide messages about new updates available from the IBM Support Center to keep your computer current"Yes
NAccess Ramp Monitorarmon32.exeMonitors your progress on the internet; hang-ups, connection speeds, internet congestion and traffic flow. It prevents some games from running also. To disable the Access Ramp Monitor (1) Open Windows Explorer (2) Open the Program Files folder (3) Open the MindSpring folder (4) Open the AccessRamp folder (5) Double-click on the ARMCfg32.exe file (6) Uncheck Enable Dialup Monitor and click OK (7) Restart the computer and try againNo
XAccess WebControl[path to file]Added by the PPDOOR-M TROJAN!No
UAccessManagerAccessMgr.exePart of SmartPipes SecureSite software. "SecureSite enables rapid turnup and enhanced administration of VPNs. It automates and simplifies tasks for VPN design and policy management, access control management, and key management"No
XAccessMedia P2P Loaderamp2pl.exeMy AccessMedia toolbar related, stealth installed!No
UAccessoriesPlusclockplus.exeClock Plus, part of Accessories Plus allows you to select from dozens of alternatives for the Windows clockNo
NAccessRamp Monitor01ARMon32a.exeFrom a visitor "Just wanted to provide you with some info on Access Ramp software installed with Verizon DSL accounts in those areas that use the Winpoet PPPoE software. The Access Ramp TSRs are installed as part of IP Insight software (can't remember the software maker). You can decline to install IP Insight during Winpoet setup, or go into Add/Remove programs uninstall IP Insight by hand if it's already installed. It really doesn't do a darn thing for you. It was intended to help DSL techs monitor QoS, but the backend part was never implemented (at least as of earlier this year). This will not affect the user's ability or inability to access their DSL service"No
NAccessRampLAN01ARUpld32.exeVersion of the AccessRamp Monitor01 entry for LAN connections - a history uploader. The key in turning it off is a file named ARUCfg32.exe. This file (ARUCfg32.exe) does not show up in the startup process. If you have this file, you can execute it and remove all the monitoring activities it does. Removing all the checks in all the boxes (both tabs) still calls ARUpld32.exe to start when you start the dial up. You can block it from sending info if you have Zone Alarm installed. Renaming the extension of ARUCfg32.exe to ARUCfg32.exe1 works. The ARUpld32.exe is not loaded when launching the dial up client. Written by IP Insight and also included with Earthlink Total Access 2003No
Yaccrdsubaccrdsub.exeActivIdentity ActivClient - security software from ActivIdentity Corporation which "enables organizations to secure workstations with smart cards and smart USB tokens while enforcing strong authentication for desktop access and network login"No
UAcctMgrAcctMgr.exeNorton™ Password Manager - part of Norton SystemWorks 2004 - stores passwords and other personal information, and retrieves the data needed for email logins, shopping orders, banking, and other online activities - all from the safety of your own PCNo
NAccuWeather.com® DesktopAccuWeatherDesktop.exeDesktop weather from AccuWeatherNo
NAccuWeatherDesktopAlertsAccuWeatherDesktopAlerts.exeWeather alerts for AccuWeather.com Desktop which "provides you with the most accurate, late-breaking weather conditions for the United States"No
Xaccwizz.exeaccwizz.exeAdded by the RULAND.A WORM!No
Xaccwizzz.exeaccwizzz.exeAdded by the RULAND.A WORM!No
NACDaemonACDaemon.exeUsed to serve notice of product information and updates when running ArcSoft products such as TotalMedia, PhotoStudio 6 and Print Creations. Set the associated ArcSoft Connect Daemon (ACService.exe) service to Manual (via Start → Control Panel → Administrative Tools → Services) and run this entry manually via the Start menu when requiredYes
Xacdllib3bcdlmem.exeAdded by the MAILBOT-BA TROJAN!No
NACDSeeACDSee8Pro.exeACDSee 8 photo software. Organize, manage, enhance, and share all your valued photo memoriesNo
?Ace bowsAce bows.exe??No
NAceGain LiveUpdateLiveUpdate.exe"AceGain LiveUpdate can help to automate and optimize product updates. AceGain LiveUpdate will automatically detect new patch updates, driver updates or full product updates and automatically download and install them according to user configuration"No
UAcer Assist Launcherlauncher.exeAcer Assist - program that provides information about new updates or notices from AcerNo
UAcer eAP Launch ToolEAPLAU~1.EXEEmpowering Technology Launcher, installed on Acer computerNo
?Acer Empowering Technology MonitorSysMonitor.exePart of Acer Empowering Technology. What does it do and is it required?No
UAcer ePower ManagementAcer ePower Management.exePart of Acer Empowering Technology. "Acer ePower Management is a straightforward interface that allows users to select from pre-configured power usage profiles, or to create their own customized profiles"No
UAcer ePower ManagementePowerTray.exeAcer® PowerSmart Manager power management utility included on some models in the Aspire range of notebooks. Also appears as the Packard Bell PowerSave power management utility included on some of their notebook models - as Packard Bell is now owned by AcerNo
UAcer ePower ManagementePowerTrayLauncher.exeLauncher for the Acer® PowerSmart Manager power management utility included on some models in the Aspire range of notebooksNo
UAcer ePresentation HPDePresentation.exePart of Acer Empowering Technology. Allows you to manage both internal and external displaysNo
YAcer Launch ToolAlaunchPart of Acer eRecovery - "a powerful utility that does away with the need for recovery disks provided by the manufacturer, and also acts as a versatile standalone backup and recovery manager". This entry isn't normally running but once eRecovery starts it's used to re-install the software included with the systemYes
NAcer Product RegistrationACE1.exeAcer Product Registration - remove when registration is completedNo
NAcer Tour ReminderReminder.exePopup reminder to take the tour of your new Acer laptopNo
UAcerGotoAcerGoto.exeAcer Computer "Goto Drive" Cold Swap Driver - a swappable second disk drive provides convenient backup of large files, or easy importation of data from user's previous computerNo
UAcerNotebookManageralmxptray.exeSystem Tray access on some Acer Notebooks to give faster access to system settingsNo
UAcerPowerkeyPowerkey.exePowerKey utility for Acer TravelMate notebook PCs. Allows the user to quickly switch between different power schemes by pressing Fn+F3No
XAcess2007aaccess2007a.exeAdded by the GAOBOT.PQA WORM!No
XAceu[random filename]PurityScan adwareNo
YacEventServacevtsrv.exeActivCard Gold from ActivIdentity, Inc. Smart card-based strong authentication software - for photo IDs, proximity badges for facility access and as digital identification and authenticationNo
UAClntUsrAClntUsr.exeAltiris AClient Service Windows Tray IconNo
NAcme.PCHButtonpchbutton.exeUsed by HP Instant SupportNo
YACMONACMON.exeASUS Splendid "is a breathtaking innovation that brings the video viewing experience on PC to the next level. Built into the driver of ASUS graphics cards, Splendid Video Enhancing Technology detects activation and usage of video applications and automatically optimizes image quality for the best visual result"No
UACMonitor_X63ACMonitor_X63.exeButton monitor for the Lexmark X63 all-in-one multifunction printer/copier/scanner. Works in conjunction with the "Lexmark Scan & Copy Control Program" button manager whose filename is "AcBtnMgr_X63.exe"No
UACMonitor_X63.exeACMonitor_X63.exeButton monitor for the Lexmark X63 all-in-one multifunction printer/copier/scanner. Works in conjunction with the "Lexmark Scan & Copy Control Program" button manager whose filename is "AcBtnMgr_X63.exe"No
UACMonitor_X73ACMonitor_X73.exeButton monitor for the Lexmark X73 all-in-one multifunction printer/copier/scanner. Works in conjunction with the "Lexmark Scan & Copy Control Program" button manager whose filename is "AcBtnMgr_X73.exe"No
UACMonitor_X83ACMonitor_X83.exeButton monitor for the Lexmark X83 all-in-one multifunction printer/copier/scanner. Works in conjunction with the "Lexmark Scan & Copy Control Program" button manager whose filename is "AcBtnMgr_X83.exe"No
UACMonitor_X84-X85ACMonitor_X84-X85.exeButton monitor for the Lexmark X84-X85 all-in-one multifunction printer/copier/scanner. Works in conjunction with the "Lexmark Scan & Copy Control Program" button manager whose filename is "AcBtnMgr_X84-X85.exe"No
Xacocashfastdown.exeAdult content diallerNo
XacocashFASTFOWN.EXEAdult content diallerNo
UAcombo3dmouseAcombo3d.exeMouse driver - required if you use non-standard Windows driver featuresNo
XAcontiaconti.exeAdult content diallerNo
Uacousticacoustic.exeControl panel program for Philips Acoustic Edge soundcard. Not required unless changed settings aren't retainedNo
Nacpartagpart11.exeProgram for finding trucks on-lineNo
XAcrobatacrmon32.exeAdded by the SMALL-ECT TROJAN!No
UAcrobat AssistantAcroTray.exeEssential for creating PDF files with Adobe Acrobat and Acrobat Distiller. For Win9x/Me systems you can run this file manually beforehand. For WinXP systems this file must run at startup. Hence the "U" recommendationNo
UAcrobat Assistant 7.0Acrotray.exeEssential for creating PDF files with Adobe Acrobat and Acrobat Distiller. For Win9x/Me systems you can run this file manually beforehand. For WinXP systems this file must run at startup. Hence the "U" recommendationNo
UAcrobat Assistant 8.0Acrotray.exeEssential for creating PDF files with Adobe Acrobat and Acrobat Distiller. For Win9x/Me systems you can run this file manually beforehand. For WinXP systems this file must run at startup. Hence the "U" recommendationNo
XAcrobat Readacroup32.exeAdded by the VANBOT-BQ TROJAN!No
NAcrobat Speed Launchacrobat_sl.exeSpeeds up the time it takes to load Adobe's Acrobat PDF creation and management tool. From version 7.0 onwardsNo
UACROMOUSEACROMAPP.exeRelated to ACROMOUSE Laser mouse controlNo
UAcronis Popup BlockerRunDll32.exe [path] Blocker.dll, RunPart of Acronis Privacy Expert - anti-spyware and security suite No
UAcronis Scheduler Helperschedhlp.exePart of Acronis True Image backup software. Co-operates with the "schedul2.exe" service to perform backup/restore tasks correctly. Required if you want to use True Image to do some real backup/restore tasks - not if you only want to explore/mount imagesNo
UAcronis Scheduler2 Serviceschedhlp.exePart of Acronis True Image - backup software. Co-operates with the "schedul2.exe" service to perform backup/restore tasks correctly. Required if you want to use True Image to do some real backup/restore tasks - not if you only want to explore/mount imagesNo
UAcronis True ImageTimounterMonitor.exePart of Acronis True Image backup software. Monitor for the backup archive explorer for moving and viewing files within an archiveNo
NAcronis True Image MonitorTrueImageMonitor.exePart of Acronis True Image - backup software. Can be disabled without affecting TrueImageNo
NAcronis TrueImage MonitorTrueImageMonitor.exePart of Acronis True Image - backup software. Can be disabled without affecting TrueImageNo
NAcronis*True*Image MonitorTrueImageMonitor.exePart of Acronis True Image - backup software. Can be disabled without affecting TrueImageNo
UAcronisTimounterMonitorTimounterMonitor.exePart of Acronis True Image backup software. Monitor for the backup archive explorer for moving and viewing files within an archiveNo
NAcronisTrueImage MonitorTrueImageMonitor.exePart of Acronis True Image - backup software. Can be disabled without affecting TrueImageNo
XAcroreadAcroRD32.exeAdded by the DLOADR-BDK TROJAN! Note - this is not the popular Adobe ReaderNo
XAcroreadGoogleUpdate.exeAdded by the AGENT-JGI TROJAN! Note - this is not the valid Google program which is normally located in %AppData%\Google\Update. This version resides in %Temp%No
UAct! PreloaderAct8.exeSage Software's ACT! "enables individuals and small business customers to instantly access key contact and customer information, manage and prioritize activities, and track all contact-related communications so you can grow productive business relationships"No
NAction Manager 32am32.exeAssociated with a Plustech scanner. Small utility that runs in the background for doing fax/copy/etc. Available via Start -> ProgramsNo
?ActionAgentactionagent.exe"A COM server that runs on the client as part of the Dell OpenManage Client Instrumentation 6.x package; provides a simple method for a remote administrator to perform actions on the instrumented client". Is it required?No
NActivationActivation.exePart of Microsoft MoneyNo
UActivboardMMKeybd.exePackard Bell ActiveBoard keyboard - multimedia keyboard manager. Required if you use the additional keys and want to see the status of the Num Lock, Caps Lock, Scroll Lock keysNo
UACTIVBOARDABoard.exePackard Bell ActiveBoard keyboard - multimedia keyboard manager. Required if you use the additional keys and want to see the status of the Num Lock, Caps Lock, Scroll Lock keysNo
XActive Bit Stationabs.exeAdded by the MYTOB.BZ WORM!No
NActive CPUacpu.exeActive CPU - "easy to use tool for Windows 95/98/ME/NT/2000 that enables you to watch a graphical representation of your CPU's activity"No
UActive Desktop CalendarADC.EXEXemiComputers Active Desktop CalendarNo
UActive Email Monitoraem25.exeActive Email Monitor checks multiple accounts for email, serves as a SPAM filter and can also protect you from harmful items that can be sent via emailNo
XActive Securityasecurity.exeActive Security rogue security software - not recommended, removal instructions hereNo
UActive shieldActiveshield.exeActive Shield is "an heuristic screen that actively protects your computer from trojans, spyware, adware, trackware, dialers, keyloggers, and even some special kinds of viruses"No
XActiveDesktopsystray32.exeAdded by the DABOOM WORM!No
XACTIVEDSACTIVEDS.EXEAdded by the OPASERV.T WORM!No
NActiveEyesActiveEyes.exeActiveEyes from TFI Technology is a small utility that you can use to liven up your desktop. It follows your mouse around and can tell you how far your cursor has travelled or point out where the cursor is. It's small, it's free and comes with a range of options and animations. Not needed - if unavailable via Start -> Programs, create your own shortcutNo
UActiveKeys.AAB635BD7D054a37A576akeys.exe"Active Keys is a powerful yet easy-to-use tool for creating and managing keyboard shortcuts for any system action"No
UActiveMenuActiveMenu.exeWild Tangent demo games that come with some HP computers. Unchecking it can prevent the games from running occasionally. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the caseNo
UActivePlusactiveplus.exeInteractive Agents Plugin for Messenger Plus! (MSN Messenger add-on)No
XActiveScan AntivirusActiveScan.exeAdded by the RBOT-FKQ WORM!No
XActiveScript32nod.exeAdded by the SOHANA-AJ WORM!No
YActiveShieldmcvsshld.exeActiveShield - background scanner for older versions of McAfee VirusScan and the now obsolete McAfee VirusScan Online which scans files in the background as and when they are accessed, including scanning E-mails via the McAfee VirusScan E-mail Scan Module (McVSEscn.exe)Yes
NActiveSpeedAS.exeAscentive ActiveSpeed internet optimizer - not recommended, see here and hereNo
XActiveSyncwcescom32.exeAdded by the MANCSYN-E TROJAN!No
NActiveWordsAWMonitor.exeActiveWords from ActiveWord Systems, Inc. Like macro programs, ActiveWords sits in the background and watches as you type. When it recognizes that you've typed an ActiveWord, it takes the associated action, such as replacing your keystrokes with the text you've definedNo
XActiveX File Registration Servicefilereg.exeAdded by the RBOT-DVD WORM!No
XActiveX Streamermsgfix.exeAdded by the SDBOT.NQ WORM!No
XActiveXUpdatesvcss.exeAdded by a variant of the DEDLER.C TROJAN!No
UActivityactik.exeActivityKey keystroke logger/monitoring program - remove unless you installed it yourself!No
NActivSurfbackweb*****.exePackard Bell ActivSurf - automatically detects an internet connection and downloads any available updatesNo
UActMakerActMak25.exe"ActMaker mouse and keyboard toolkit can record the daily operation of your computer and reduce your workload. You don't need to do any coding, nor are you required to know a lot about the computer"No
UActMakerActMaker25.exeActMaker mouse and keyboard toolkit can record the daily operation of your computer and reduce your workload No
UACTrayACTray.exeSystem Tray access to the ThinkVantage Access Connections connectivity-assistant program for IBM/Lenovo ThinkPad or 3000 Family notebook computers - "allowing users to seamlessly switch between wired and wireless environments, managing security settings, printers, home page and other location-specific settings automatically"Yes
UActual Window ManagerActualWindowManagerCenter.exeActual Window Manager from Actual Tools - "an innovative desktop organization application which introduces unconventional window controls and also automatic general window operations making your work more productive, convenient and enjoyable"No
UActual Window MinimizerActualWindowMinimizerCenter.exeActual Window Minimizer - "allows minimizing any window to task tray notification area or to the edge of the screen" No
XACTX1v1201.exeAdded by the VB.IS TROJAN!No
UACUACU.exeAtheros wireless Client UtilityNo
UACU_QSBACU.exeAtheros wireless Client UtilityNo
UACWLIconACWLIcon.exePart of the ThinkVantage Access Connections connectivity-assistant program for IBM/Lenovo ThinkPad or 3000 Family notebook computers - "allowing users to seamlessly switch between wired and wireless environments, managing security settings, printers, home page and other location-specific settings automatically." This is the System Tray icon giving notifications of and access to the Wireless Connection StatusYes
UAd Arrestadarrest.exeAd Arrest IE popup killer from GameFoolsNo
UAd Blockerblocker.exeAd Blocker - blocks popups, and also removes banners, image ads and flash adsNo
UAd Blocker ProAd Blocker Pro.exeAd Away popup and banner removerNo
UAd MuncherAdMunch.exeAd Muncher removes adverts, pop-ups and general annoyances in your browser, file-sharing and messenger programs. Causes conflicts with Outlook, game sites and web-building applicationsNo
?Ad Online Guideadonlineguide.exe??No
UAd-AwareAd-Aware.exeAd-Aware from Lavasoft - popular spyware/adware removal toolNo
XAd-AwareAd-Aware.exeAdded by the RBOT-ADJ WORM! Note - this is not the popular Ad-Aware spware/adware removal tool and is located in %System%No
XAd-Eliminatorad-eliminator.exeAd-Eliminator rogue spyware remover - not recommended, see hereNo
UAd-MuncherADMUNCH.EXEAd Muncher removes adverts, pop-ups and general annoyances in your browser, file-sharing and messenger programs. Causes conflicts with Outlook, game sites and web-building applicationsNo
UAd-Protectad-protect.exeAd-Protect spyware and spam monitoring tool No
UAd-watchAd-watch.exePart of Lavasoft Ad-aware Plus - realtime spyware-monitor watching your memory and registry for spyware that tries to install or change your systemNo
UAD2KClientAD2KClient.exeActive Disk from Iomega - allows software applications to be run directly from compatible removable media such as Zip®, Rev, FireWire, USB and Mini flash. Required if you wish the applications to launch on insertion of a diskNo
NAdaptec DirectCDDirectcd.exeDirectCD primarily allows you to drag and drop files onto a suitably formatted CD-RW disc. Unless you use this on a frequent basis it isn't required and is available via Start -> Programs. Start the program before inserting a DirectCD formatted CD-RW in the drive. A re-boot is recommended if you close Adaptec DirectCD before re-opening it again later No
NAdaptecDirectCDDirectcd.exeDirectCD primarily allows you to drag and drop files onto a suitably formatted CD-RW disc. Unless you use this on a frequent basis it isn't required and is available via Start -> Programs. Start the program before inserting a DirectCD formatted CD-RW in the drive. A re-boot is recommended if you close Adaptec DirectCD before re-opening it again laterNo
XAdAwarewini.exeAdded by the RBOT-XN WORM!No
UAdaware BootupAd-aware.exeAd-Aware from Lavasoft - popular spyware/adware removal toolNo
XAdaware lptt01adaware.exeRapidBlaster variant (in a "Adaware" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here. Note - this is not the valid Lavasoft AdawareNo
XAdaware ml097eadaware.exeRapidBlaster variant (in a "Adaware" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here. Note - this is not the valid Lavasoft AdawareNo
UAdBinAdBin.exeAdBin - "Free and easy solution to managing your Window's hosts file. A fun way to block ads"No
XAdd**.exe [* = random char]Add**.exe [* = random char]CoolWebSearch/HomeSearch adware - for examples, see this logNo
XAdd**32.exe [* = random char]Add**32.exe [* = random char]CoolWebSearch/HomeSearch adware - for examples, see this logNo
XAddClassAddClass.exeCoolWebSearch Addclass parasite variantNo
XAddClass[Installation_Path]Added by the STARTPAGE.F hijackerNo
XAddClass[path to trojan]Added by the SECDL-A TROJAN!No
UAdDeleteAdDelete.exeBanner advertisment blockerNo
XAdDestroyerAdDestroyer.exeVirtual Bouncer - malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove, so definitely qualifies as unsolicited commercial software in itself. It also has an update feature that can download and execute arbitrary code. Warning - choose "custom" uninstall as "automatic" may remove other programs - see hereNo
XAdditional GuardWI[random characters].exeAdditional Guard rogue security software - not recommended, removal instructions hereNo
XADDITIONAL Servicespkgadd.exeAdded by a variant of the IRCBOT TROJAN!No
?addproxyaddproxy.exeRelated to Adobe PhotoshopNo
XAddrPlus3[path] stup.exe [path] Adplus.dll Rundll32TCent adwareNo
?ADGADG.exe SoundBlaster Audigy related?No
NADGJdetADGJDet.exeAdded with SoundBlaster Live! or Audigy soundcards for headphone autodetectionNo
Yadi CleanUpCleanUp.exeUtility that only runs once after installing the drivers for Analog Devices SoundMax integrated soundcards to clean-up the files no longer required once the installation is complete. Other programs/drivers may use the same filename for the same purpose. In this case, the file is located in %System% and is listed under the HKLM\RunOnce registry keyYes
Yadi DSndUpDSndUp.exeUtility that only runs once after installing the drivers for Analog Devices SoundMax integrated soundcards. It's exact purpose is unknown at the present time but from the filename it's probably used to configure the default or generic speaker arrangement for the system it's used onYes
XaDiradirss.exeAdded by the SPAMSRV-E TROJAN!No
YAdirasAdiras.exeADSL USB modem relatedNo
Xadirkaadirka.exeAdded by the TIBS-QT TROJAN!No
XAdKillerAD Defender.exePart of the Advanced Spyware Remover rogue spyware remover - not recommended, see hereNo
Xadlhidppsncc32.exeAdded by the SLAPER.AI TROJAN!No
XADM Library Loaderadmlib32.exeAdded by a variant of the SDBOT TROJAN!No
XAdmanager ControllerAdManCtl.exeAdware, probably a Windupdates variantNo
XAdmilli ServiceAdmilliServ.exeWindupdates adware variantNo
XAdministratorsvchost.scrAdded by the NOVACAL TROJAN!No
XAdministratorwinlogon.exeAdded by the RUBBLE-C WORM! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup!No
XAdministrator di DagoDago.exeAdded by the PUNYA-B WORM!No
XAdminSoftsysfile.vbsAdded by the STARGRUB-A WORM!No
?ADMTray.exeadmtray.exePart of Acer Empowering Technology. What does it do and is it required?No
XAdobeAdobe.exeAdded by an unidentified VIRUS, WORM or TROJAN!No
XAdobesysconfig.exeAdded by an unidentified WORM or TROJAN!No
Xadobegam.exeAdded by an unidentified WORM or TROJAN!No
XAdobesysbat32.exeAdded by the LOWZONES.T TROJAN!No
XAdobezteam.exeAdded by an unidentified TROJAN!No
NAdobe AcrobatREADER~1.EXESpeeds up the time it takes to load the Adobe Reader PDF document reader. "The Speed Launcher quickly opens and closes all of the files that Acrobat or Adobe Reader will use when the application starts. Opening and closing the files allows your virus protection software to check these programs and add them to its list of safe files" - see here. Not required for Adobe Reader to function properlyNo
NAdobe AcrobatReader_sl.exeSpeeds up the time it takes to load the Adobe Reader PDF document reader. "The Speed Launcher quickly opens and closes all of the files that Acrobat or Adobe Reader will use when the application starts. Opening and closing the files allows your virus protection software to check these programs and add them to its list of safe files" - see here. Not required for Adobe Reader to function properlyYes
XAdobe Acrobat Distiller Applicationacrotray.exeAdded by the RANDEX.DFJ WORM!No
XAdobe Acrobat Reader CFG[random filename]Added by a variant of the RBOT WORM!No
NAdobe Acrobat Speed Launcheracrobat_sl.exeSpeeds up the time it takes to load Adobe's Acrobat PDF creation and management tool. From version 7.0 onwardsNo
NAdobe ARMAdobeARM.exeAdobe Reader Manager (ARM) - update/download manager added with Adobe Reader from version 9.2. Taken from the Adobe user forums - "AdobeARM.exe is a part of new Adobe AcrobatReader updater. If you manage updates yourself, it is absolutely safe to remove it from Run registry" - see hereNo
XAdobe Filter Platformafilterplatform.exeAdded by the RBOT-OP WORM!No
XAdobe Flash PlayerAdobeFP.exeAdded by the AUTORUN-BBP WORM!No
UAdobe Gamma LoaderAdobe Gamma Loader.exeAdjusts monitor colours across all programs, including Photoshop. It is needed by some graphics professionals who want their monitor calibrated. Most home users will not need it. In my case I can verify this as Photoshop loads fineYes
UAdobe Gamma Loader.exeAdobe Gamma Loader.exeAdjusts monitor colours across all programs, including Photoshop. It is needed by some graphics professionals who want their monitor calibrated. Most home users will not need it. In my case I can verify this as Photoshop loads fineNo
NAdobe Photo Downloaderapdproxy.exePart of Adobe's Photoshop Album or Photoshop Elements packages - starts each time you connect an external image device to your PC (see here)No
NAdobe Reader Speed LaunchReader_sl.exeSpeeds up the time it takes to load the Adobe Reader PDF document reader. "The Speed Launcher quickly opens and closes all of the files that Acrobat or Adobe Reader will use when the application starts. Opening and closing the files allows your virus protection software to check these programs and add them to its list of safe files" - see here. Not required for Adobe Reader to function properlyYes
NAdobe Reader Speed LaunchREADER~1.EXESpeeds up the time it takes to load the Adobe Reader PDF document reader. "The Speed Launcher quickly opens and closes all of the files that Acrobat or Adobe Reader will use when the application starts. Opening and closing the files allows your virus protection software to check these programs and add them to its list of safe files" - see here. Not required for Adobe Reader to function properlyNo
NAdobe Reader Speed LauncherReader_sl.exeSpeeds up the time it takes to load the Adobe Reader PDF document reader. "The Speed Launcher quickly opens and closes all of the files that Acrobat or Adobe Reader will use when the application starts. Opening and closing the files allows your virus protection software to check these programs and add them to its list of safe files" - see here. Not required for Adobe Reader to function properlyYes
UAdobe Reader SynchronizerAdobeCollabSync.exeAdobe Synchronizer - installed along with Adobe Reader 8.x. "Synchronizer is a small application that runs in the background, providing synchronization of document reviews and Tracker subscriptions so that your data is available when you need it." See the link for more informationNo
XAdobe Reader UpdatersAdobeAMC.exeAdded by the PROLACO-F WORM!No
XAdobe Reader32Acrord32.exeAdded by the RBOT-BLC WORM! Note - this is not the popular Adobe ReaderNo
UAdobe Version Cue CS2VersionCueCS2Tray.exeFile manager that's part of Adobe Creative Suite 2 - "find files fast, track versions across applications, link files together, and share them in creative collaboration without fear of overwriting someone else's work"No
XAdobeAadobes.exeAdded by the FLOOD.BA TROJAN!No
NAdobeARMAdobeARM.exeAdobe Reader Manager (ARM) - update/download manager added with Adobe Reader from version 9.2. Taken from the Adobe user forums - "AdobeARM.exe is a part of new Adobe AcrobatReader updater. If you manage updates yourself, it is absolutely safe to remove it from Run registry" - see hereNo
XAdobeFontsfonts.htaBrowser hijacker - redirecting to Hugesearch.netNo
XAdobeManagerrundtl.exeAdded by the INJECT.IB TROJAN!No
Xadobemgradobemgr.exeAdded by the ADCLICKER TROJAN!No
XAdobeReadermsni.exeAdded by the RBOT.DAO TROJAN!No
XAdobeReaderPromsnxpsp.exeAdded by the RBOT-ASK or RBOT-AUS WORMS!No
XAdobeReaderProntkernell32.exeAdded by the RBOT-ATY WORM!No
XAdobeReaderPromsnserve.exeAdded by the SDBOT-AKH WORM!No
XAdobeReaderProupdt.exeAdded by the IRCBOT-VQ WORM!No
XAdobeReaderProrruxdkf.exeAdded by the RBOT.ADF BACKDOOR!No
XAdobeReaderProsvxhost.exeAdded by a variant of the RBOT WORM - see hereNo
XAdobeReaderProwinslog.exeAdded by a variant of the RBOT WORM!No
XAdobeReaderProlxlfsprrj.exeAdded by the RBOT.BDZ BACKDOOR!No
XAdobeReaderProcbdzfrsl.exeAdded by the RBOT.AZQ BACKDOOR!No
XAdobeReaderProsubset.exeAdded by the RBOT.OCU WORM!No
XAdobeReaderProwinini.exeAdded by a variant of the RBOT WORM!No
XAdobeReaderProrvdjlefr.exeAdded by the RBOT-CQZ WORM!No
XAdobeReaderProspoolss.exeAdded by the SDBOT-AKZ WORM!No
XAdobeReaderProlssas.exeAdded by the RBOT-CLB WORM!No
XAdobeReaderPromsnservex.exeAdded by the RBOT.AKM BACKDOOR!No
XAdobeReaderPromsnsrcdv.exeAdded by the INJECT-H WORM!No
XAdobeReaderProchkdisk.exeAdded by the RBOT-BDV WORM!No
XAdobeReaderProservice.exeAdded by the RBOT-BCA WORM!No
XAdobeReaderProfessionalmsx64.exeAdded by the RBOT-GAT WORM!No
XAdobeReaderProssysmsn.exeAdded by the RBOT-BGH WORM!No
XAdobes Updatesddosw.exeAdded by the BACKDR-DC BACKDOOR!No
NAdobeUpdaterAdobeUpdater.exeAutomatic updater for Adobe software - run manuallyNo
NAdobeVersionCueVersionCueTray.exe"An exclusive feature of the Adobe® Creative Suite, Version Cue™ helps you find files fast, track multiple versions of your files, and share your files for creative collaboration"No
?Adobe_ID0EYTHMVERSIO~2.EXEPart of an Adobe product. What does it do and is it required?No
XAdobe_Readeracrotray.exeAdded by the AGENT-LNS TROJAN! Note that the legitimate Adobe file (if installed) would normally be found in %ProgramFiles%\Adobe%\%ProgramName% (where %ProgramName% is Acrobat 9.0\Acrobat or Acrobat 7.0\Distillr for example) whereas this one is located in %ProgramFiles%\AdobeNo
XAdobe_RLXccwap.exeAdded by the BCKDR-RCL TROJAN!No
Xadodemasteradodemaster.exeDownloader of Korean origin, detected as ADOD.28672No
XAdope File Managerlsasv.exeAdded by an unidentified WORM or TROJAN!No
Xadpadp.exeSpyware installed by Net2Phone, Limewire, Cydoor, Grokster, KaZaa, etcNo
XAdPopupdcf5678.exeAdded by the AGENT-FZ TROJAN!No
Xadprotadprot.exeAdBlaster adwareNo
NADQuickAccessAdtray.exeAfter Dark for Windows. Screen saver creation program produced before screen savers became integrated into Win95No
XADriverwindrv.exeAdded by the DELF.WG TROJAN!No
XAdRoarUpdateARUpdate.exeAdRoar adware updaterNo
XAdRotator.Application[path to csrss.exe]Added by the SMALL-AQ TROJAN! Note - this worm replaces the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup!No
XAdRotator.Applicationservices.exeFakeMessage/AdRotator adware. Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in an "Inetsrv" subfolderNo
XADS Adware RemoverADS Adware Remover.exeADS Adware Remover, rogue adware remover - not recommended, removal instructions hereNo
XAdsAlertAdsAlert.exeAdsAlert rogue security software - not recommendedNo
XAdsBlockerstopAds.exeAdsBlocker - detected by NOD32 as DIALER.DW!No
UAdsCleanerAdsCleaner.exe"AdsCleaner is a powerful ad blocking software designed to stop ads (block banners ad, kill popup), guard your online privacy"No
UADServiceADService.exePart of Active Disk from Iomega - allows software applications to be run directly from an Iomega Zip® disk. Required if you wish the applications to launch on insertion of a disk. Appears as a service in XP/Vista and under the "RunServices" registry key in Win98/MENo
UAdsGoneAdsgone.exeAdsGone - pop-up stopperNo
NADSL Diagnostic Toolsmapiicon.exeSystem tray access to ADSL modem diagnostic tools. Available via Start -> ProgramsNo
?ADSLSYSTEMTRAYSystemtrayV100B.exeApparently Annex A ADSL modem related. What does it do and is it required?No
YAdslTaskBarrundll32.exe stmctrl.dll, TaskBarISP software, initializes DSL modemNo
XAdslTaskBarstaskmng.exeAdded by the RBOT-AXZ WORM!No
?ADSL_A2A2InstalledAssociated with an Integrated Telecom Express (ITeX) ADSL driver installation. What does it do and is it required?No
YADSMTrayADSMTray.exeASUS Data Security Manager provides password protected data encryption on ASUS notebooksNo
Uadsnweadsnwe.exeEmailSpyMonitor E-mail surveillance software. Uninstall this software unless you put it there yourselfNo
Uadsnwkadsnwk.exeKeylogger Spy Monitor keystroke logger/monitoring program - remove unless you installed it yourself!No
Uadsnwsadsnws.exeScreenSpyMonitor surveillance software. Uninstall this software unless you put it there yourselfNo
Uadsnwyadsnwy.exeYahoo! Messenger Spy Monitor - "spyware program that records Yahoo! Instant Messenger information on the computer and saves it to a log file". Uninstall this software unless you put it there yourselfNo
UaDSProcMngraDSProcMngr.exePart of PC Tools Disk Suite from PC Tools - which "is an all-in-one hard-disk management utility that integrates disk optimization, defragmentation and backup tools in one easy to use package". Proxy (or agent) for the Disk Suite Service. Based upon my experience, if this is disabled it does not appear to adversely affect on-demand or scheduled tasks but has a "U" recommendation as it's function isn't fully knownYes
YADSSADSS.exeADSS is part of Access Denied security and privacy software (Access Denied Security Server) that monitors power status and provides some other services for Screen Guard. Important to keep its running while using Access DeniedNo
Xadstartupautomove.exeAdlogix adware variantNo
XAdstartupAdstartup.exeAdlogix adwareNo
XAdStatus ServiceAdStatServ.exeWindUpdates AdStatus Service adwareNo
UAdSubtractadsub.exeAdSubtract blocks ads, cookies, pop-up windows, animations, music, and more. Can be disabled from within AdSubtract. Available via the Start menu. Superseded by Trend Micro AntiSpyware which was subsequently discontinuedNo
Xadtech2005adtech2005.exeDetected by Kaspersky as the STARTPAGE.AW TROJAN!No
Xadtech2006adtech2006.exeDetected by Kaspersky as the VB.KC WORM!No
XAdtools ServiceAdTools.exeWindupdates AdwareNo
?ADUadu.exeRelated to Cisco Aironet wireless products. What does it do and is it required?No
XAdultXAdultX.exeAdult content dialler and hijackerNo
XAdult_ChatAdult_Chat.exeAdult content diallerNo
XAdult_Chat1Adult_Chat1.exeAdult content diallerNo
XAdUpdatersysupudt.exeUnidentified adware downloader/updaterNo
UADUserMonADUserMon.exePart of Active Disk from Iomega - allows software applications to be run directly from an Iomega Zip® disk. Required if you wish the applications to launch on insertion of a diskNo
XAdvanced DHTML Enableexo32.exeAdded by the RANCK-FI TROJAN!No
XAdvanced DHTML Enable[path to trojan]Added by the AGENT.GLQ TROJAN!No
XAdvanced Internet Protocolcerf.exeAdded by a variant of the SPYBOT WORM!No
XAdvanced Protection Systemadvpsys.exeAdded by a variant of the RBOT WORM!No
XAdvanced Spyware RemoverAsr.exeAdvanced Spyware Remover rogue spyware remover - not recommended, see hereNo
XAdvanced Spyware Remover ProAsr.exeAdvanced Spyware Remover rogue spyware remover - not recommended, see hereNo
UAdvanced SystemCare 3AWC.exeAdvanced SystemCare from IObit - "helps protect, optimize, clean, and repair your computer and Registry." The PRO version adds automation, anti-spyware, privacy protection and performance tune-upsNo
XAdvanced Tool Checksadvchks.exeAdded by a variant of the RBOT WORM!No
NAdvanced Tools CheckADVCHK.EXEChecks when you install a new version of a Norton product that you have uninstalled all previous versions. Serves as a reminder if you forgetNo
UAdvanced Uninstaller PRO Installation Monitormonitor.exeInnovative Solutions Advanced Uninstaller PRO - "easy-to-use suite for uninstalling applications and keeping your computer fast, clean, and in its best shape"No
XAdvancedCleaner FreeUADC.exeAdvancedCleaner rogue security software - not recommended, removal instructions hereNo
Xadvanceddefenderadvanceddefender.exeAdvanced Defender rogue security software - not recommended, removal instructions hereNo
XAdvancedPrivacyGuardapg.exeAdvancedPrivacyGuard rogue privacy program - not recommended, removal instructions hereNo
XAdvancedPrivacySuiteAPS.exeAdvancedPrivacySuite rogue privacy program - not recommended, removal instructions hereNo
XAdVantageAdVantage.exeMediaAdVantage adwareNo
XAdVantage SetupAdVantageSetup.exeMeMedia.Advantage adware - optionally installed with older versions of the DAEMON Tools Lite CD emulation tool (if you don't uncheck the "DAEMON Tools sponsor ad module" option during install) and possibly othersYes
Xadvap32[path to trojan]Added by the MUTANT.AT TROJAN!No
XAdvapiAdvapi.exeAdded by the NETDEVIL.12 WORM!No
NADVCHKADVCHK.EXEChecks when you install a new version of a Norton product that you have uninstalled all previous versions. Serves as a reminder if you forgetNo
UAdvertising KillerAkiller.exeAdvertising Killer - popup stopperNo
Xadvmon32advmon32.exeAdded by a variant of the CRYPTER.C TROJAN!No
UAdware Agentadware agent.exeAdware Agent popup blockerNo
XAdware PunisherAdwarePunisher.exeAdware Punisher rogue spyware remover - not recommended, removal instructions hereNo
XAdware Punisher MonitorAdwarePunisher_monitor.exeAdware Punisher rogue spyware remover - not recommended, removal instructions hereNo
XAdware SpyAdwareSpy.exeAdwareSpy rogue adware remover - not recommended, removal instructions hereNo
UAdwareAlertAdwareAlert.ExeAdware program, previously not recommended (see here). It has now been delisted, so make sure you have the latest versionNo
XAdwareDeleteadwaredelete.exeAdwareDelete rogue adware remover - not recommended, removal instructions hereNo
XAdwareKiller_schedulesschedules.exeEAdwareKiller rogue spyware remover - not recommended, see hereNo
XAdwareKiller_traytray.exeEAdwareKiller rogue spyware remover - not recommended, see hereNo
XAdwareProMFCAd-Ware Pro.exeAd-Ware Pro rogue security software - not recommendedNo
XAdwareProMFCAntiTrojan Pro.exeAntiTrojan Pro rogue security software - not recommended. Variant of Ad-Ware ProNo
XAdwareProtectorAdwareProtector.exePart of rogue security tools, including SystemDoctor, ErrorSafe and WinFixerNo
XAdwareRemover2007AdwareRemover2007.exeAdwareRemover2007 rogue security software - not recommended, removal instructions hereNo
XAdwareSpyAdwareSpy4.exeAdwareSpy rogue adware remover - not recommended, removal instructions hereNo
XAdware_ProNETAdware_Pro.exeAdware Pro rogue security software - not recommended, removal instructions hereNo
XAdwarz Spy RemoverADWARZ.EXEAdded by the SPYBOT-EV WORM!No
UAEFltrs ApplicationAESTFltr.exePart of the XP installation of the AudioCommander user interface for Andrea USB devices - including features such as noise cancellation, graphic equalizer, echo Cancellation and beam forming. The exact purpose of this entry is unknown at present - hence the "U" recommendationYes
?Aeiwlsta.exeAeiwlsta.exeIBM High Rate Wireless LAN Adapter driver. Is it required?No
NAELaunchAELaunch.exeAudio Applications Launcher for the Philips Acoustic Edge soundcardNo
XAERVICESNAERVICESN.exeAdded by the RANDON-AO WORM!No
UAESTFltrAESTFltr.exePart of the XP installation of the AudioCommander user interface for Andrea USB devices - including features such as noise cancellation, graphic equalizer, echo Cancellation and beam forming. The exact purpose of this entry is unknown at present - hence the "U" recommendationYes
NAeXAgentLogonAeXAgentActivate.exeAltiris Agent transmits information about your machine for the purpose of asset management and deploymentNo
?AeXSWDUsrAeXSWDUsr.exeAltiris Express NS Client Manager software. Is it required?No
UAEZBProcaptezbp.exeIBM Aptiva keyboard customizer - enables certain special buttons on keyboard for CD operation, volume control, and few quickstart buttons. Keyboard will work without it but you lose the special functionsNo
UAFAFilterwindefault.exeAFAFilter - internet filter softwareNo
Xafmsmsgsafmsmsgs.exeAdded by the DLOADR-CUX TROJAN!No
Xafskfask8fsfjasj8.exeAdded by the ONLINEG-L TROJAN!No
NAGEIA PhysX SysTrayTrayIcon.exeSystem Tray access to display properties for AGEIA PhysX graphics cards. Unless you change your desktop resolution, etc, regularily use Control Panel -> Display Properties or right-click on the desktopNo
NAgentAgent.exeCyberlink's Power VCR II 3.0 is a TV tuner recording utility. If you want to schedule recordings you'll need this, otherwise can be disabled. Available via Start -> Programs No
XAgentalsys.exeAdded by the DREF-V VIRUS!No
Xagentppl.exeAdded by the DREF-U VIRUS!No
XAgent Browser[random filename]Added by the PPdoor.M-bdr backdoor TROJAN!No
XAgent Explorer[random filename]Unidentified adwareNo
Xagent.exeagent.exePart of rogue security tools, including Privacy Center, Privacy Components and Control CenterNo
?AgenteRemupd.exePart of an older version of Panda Antivirus. Is this an update reminder (guess because of the name), virus definition update reminder or something similar?No
Xagentsvragentsvr.exeDetected by Kaspersky as Monker.A adware. Note - do not confuse with the Microsoft Agent Server application of the same name as described here - the legitimate file will always be located in the Windows\Msagent folderNo
UAgere SoftModem Messaging AppletAGRSMMSG.exeInstalled with the drivers for internal software modems based upon Lucent/Agere Systems chipsets - required if you use the SoftModem Assistant to configure the modemYes
UAgfaCLnkAgfaCLnk.exeFor Agfa digital cameras connected via USB. Enables Windows to access the contents of the memory stick (while the stick's still on the camera) via a virtual driveNo
Xagpagp32.exeAdded by the GAOBOT.SY WORM!No
UAGRSMMSGAGRSMMSG.exeInstalled with the drivers for internal software modems based upon Lucent/Agere Systems chipsets - required if you use the SoftModem Assistant to configure the modemYes
NAGSatelliteAGSatellite.exeProgram from AudioGalaxy that lets you download some MP3s from their server. Available via Start -> ProgramsNo
Uahfpahfp.exeAdvanced Hide Folders - "is powerful security program that allows you to hide any number of files or folders. It is very useful to keep your personal data from others". Starts via a registry "RunServices" key on Windows 98/Me and as a service on Windows 2K/XPNo
Uahfprogahfp.exeAdvanced Hide Folders - "is powerful security program that allows you to hide any number of files or folders. It is very useful to keep your personal data from others". Starts via a registry "RunServices" key on Windows 98/Me and as a service on Windows 2K/XPNo
YAHNSDAhnSD.exeAhnLab V3 antivirus updater - leave enabled unless you manually update on a regular basisNo
?AHNUEAHNUE.exe??No
XAhorreMemoriaSysRep.exeAhorreMemoria rogue system error and cleaning utility - not recommended. A member of the ErrClean familyNo
Xahostahost.exeAdded by a variant of the SDBOT WORM!No
NAHQInitahqinit.exePart of AudioHQ for the Soundblaster Live!. Appears as though it makes the AudioHW toolbar drop down from the top of the desktop and isn't requiredNo
XAhstiebs.exePurityScan adwareNo
XAHU[path to worm]Added by the ANACON-B WORM!No
XAHUANACON.EXEAdded by the NACO.A WORM!No
Xahui32.exeahui32.exeAdded by the CERTIF-M TROJAN!No
UAi Gear HelpGearHelp.exeIncluded with some ASUS motherboards (such as the Maximus Extreme & Striker II Extreme), AI Gear "is a utility designed to configure and support all ASUS EPU (Energy Processing Unit) features." Provides system performance profiles to adjust CPU frequency and voltage for different computing needs. Part of AI Suite No
UAi NapAiNap.exeIncluded with some ASUS motherboards (such as the Maximus Extreme & Striker II Extreme), "AI Nap allows you to minimize the power consumption of your computer whenever you are away. Enable this feature for minimum power consumption and quieter system opearation." Part of AI SuiteNo
UAi Quicker HelpAsRc.exeASUS DH Remote media portal launcher for their Digital Home range of motherboards that are designed for users to control the computer at a distance away, such as the M2N DH. "ASUS DH Remote is a convenient PC remote controller that gives users unprecedented control over their PCs from the comfort of their couches"No
XAicatuaa.exePurityScan adwareNo
XAidattuh.exePurityScan adwareNo
XAidaeetu.exePurityScan adwareNo
?AidemHotKeyDVMAIN.EXEKeyboard relatedNo
?AidemHotKeyKEYAPP.EXEKeyboard relatedNo
Uaiepkaiepk2.exeAnother IE Popup Killer - pop-up stopperNo
NAIMaim.exeAOL Instant Messenger. If connected to the internet, automatically runs up AIM. Convenience more than anything. Available via Start -> ProgramsNo
UAIMAIM+.exeAIM plus - a free add-on to AOL's Instant Messenger for Windows from Big-O SoftwareNo
XAIM Instant Message Cookies[random filename]Added by the RBOT-AFV WORM!No
NAIM LoggerAIMLogger.exeAIM Logger - saves AIM (AOL Instant Messenger) conversations to log files. Can be started when you are using AIMNo
XAim Pluginaimplugin.exeAdded by the GUAP-F WORM!No
XAim Quick StartAim.exeAdded by the FORBOT-BB WORM! Note - this is not the popular AOL Instant Messenger utilityNo
XAIM reminderAIM reminder.exeAdded by the BUDDY.E TROJAN!No
NAim6AOLLaunch.exeAOL Instant Messenger - start it when you want to use itNo
NAim6aim6.exeAOL Instant Messenger - start it when you want to use itNo
XAIM95 Startupaim95.exeAdded by the AGOBOT.AEE WORM!No
Xaimaol lptt01aimaol.exeRapidBlaster variant (in a "Aimaol" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see hereNo
Xaimaol ml097eaimaol.exeRapidBlaster variant (in a "Aimaol" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see hereNo
Uaimb.exe" -haimb.exeIMSufSentinel is a spy program which can record IM conversations, log keystrokes, record URLs visited, and take screenshots. If you didn't install this yourself remove itNo
NAimingClickAimingClick.exeAimingClick from AimingTech. Web searching tool. Available via Start -> ProgramsNo
UAimMonitorAimMonitor.exeAIM Monitor Sniffer surveillance software for the AIM instant messenger. Uninstall this software unless you put it there yourselfNo
UAIMProaimpro.exeAIM Pro - secure instant messaging, video conferencing, on-line meetings and desktop and file sharingNo
NAIMster??Peer to Peer (P2P) file sharing client that runs over the AOL Instant Messenger network. Available via Start -> ProgramsNo
NAIMWDInstallAIMWDInstall.exeVersion of the WildTangent on-line games installer that came with versions of AOL Instant Messenger. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the caseNo
YAiptek Graphics Tablet (USB)atwtusb.exeUSB interface for Aiptek Graphics Tablet (USB)No
?Air2Dataa2dservice.exeRelated to the Air2Data Wireless HISA (High-Speed Internet Access) service. What does it do and is it required?No
Xaircityaircity.exeRelated to "Prutect" malware from e2GiveNo
YAirGCFGAirGCFG.exeDriver and configuration utility for a number of wireless routers and adapters from D-LinkNo
YAirNCFGAirNCFG.exeDriver and configuration utility for a number of wireless routers and adapters from D-LinkNo
YAirPlusCFGAirPlusCFG.exeDriver and configuration utility for a number of wireless routers and adapters from D-LinkNo
UAirPort Base Station AgentAPAgent.exeAirport Base Station Agent utility for Apple's AirPort wi-fi basestations. "Wireless solution for home, school, and business. As it blankets your space with a blazing-fast, secure wireless network, it opens up a world of possibilities for home entertainment, backups, printing, and more"No
UAJC Active BackupAJCActBk.exeAJC Active Backup from AJC Software - "Instantly backup files you change on your PC and keep multiple versions to undo"No
XAKEYNAMEWinServ.exeAdded by the EVILBOT.C TROJAN!No
Uakeysakeys.exe"Active Keys is a powerful yet easy-to-use tool for creating and managing keyboard shortcuts for any system action"No
Xakgkagaksad9fsakfask9.exeAdded by the ONLINEG-M TROJAN!No
UAKillerakiller.exeAdvertising Killer - popup stopperNo
Ualaala.exeAccess Lock - "an easy-to-use system-tray security utility you can use to secure your desktop when you are away from your computer. Just configure the program, define a password and double click the Access Lock system-tray icon every time you need to disable and hide your desktop." The same program as 1 Click & Lock and Access Controller (and maybe others) - the same file for the same version is used by all programs but the filename is different in each caseYes
Uala.exeala.exeAccess Lock - "an easy-to-use system-tray security utility you can use to secure your desktop when you are away from your computer. Just configure the program, define a password and double click the Access Lock system-tray icon every time you need to disable and hide your desktop." The same program as 1 Click & Lock and Access Controller (and maybe others) - the same file for the same version is used by all programs but the filename is different in each caseYes
UAlarm ManagerAlarmapp.exePalm alarm event reminder that coordinates what is on your Palm with settings on your desktopNo
?AlarmWatcherAlarmWatcher.exeAssociated with SynTPEnh and SynTPLpr which are from Synaptics for touchpads on laptops. What does it do and is it required?No
YAlaunchAlaunchPart of Acer eRecovery - "a powerful utility that does away with the need for recovery disks provided by the manufacturer, and also acts as a versatile standalone backup and recovery manager". This entry isn't normally running but once eRecovery starts it's used to re-install the software included with the systemYes
NAlbum Fast StartABMTSR.EXEScanner software, not required for scanner to workNo
?AlcFDMonitorALCFDRTM.EXERealTek related - Real-Time SPDIF-in Monitor for nVidia chipset - is it required in startup?No
?ALCFDRTM16ALCFDRTM16.comRealTek related - Real-Time SPDIF-in Monitor for nVidia chipset - is it required in startup?No
XAlchemAlchem.exeClickAlchemy adwareNo
UAlcmtrALCMTR.EXERealtek Azalia Audio - Event Monitor, installed with the XP/2K drivers for on-board Realtek HD audio codecs. Some users believe that Realtek uses this file in order to gather data about the customer but it's exact purpose is unknown and it doesn't run on an ALC885 based test system or try to access the internet. Some users report problems with their on-board sound if this is disabled - hence the "U" recommendationYes
XAlcmtrMalware Doctor.exeMalwareDoc rogue security software - not recommended, removal instructions hereNo
NAlcoholAlcohol.exeAlcohol 120% - "a powerful Windows CD and DVD burning software that makes it easy to create backups of DVDs and CDs. In addition, the program lets you store your most used CDs as images on your computer, so you can call them up at the click of a button". The original can be stored in a safe place and the loading times are significantly reduced as the virtual drive is much fasterYes
NAlcohol 120%Alcohol.exeAlcohol 120% - "a powerful Windows CD and DVD burning software that makes it easy to create backups of DVDs and CDs. In addition, the program lets you store your most used CDs as images on your computer, so you can call them up at the click of a button". The original can be stored in a safe place and the loading times are significantly reduced as the virtual drive is much fasterYes
NAlcohol Soft Development Teamaxcmd.exePart of Alcohol 120% - "a powerful Windows CD and DVD burning software that makes it easy to create backups of DVDs and CDs. In addition, the program lets you store your most used CDs as images on your computer, so you can call them up at the click of a button". This entry automatically re-loads a disk image in the virtual CD/DVD drive on a system rebootYes
NAlcohol.exe AutorunAlcohol.exeAlcohol 120% - "a powerful Windows CD and DVD burning software that makes it easy to create backups of DVDs and CDs. In addition, the program lets you store your most used CDs as images on your computer, so you can call them up at the click of a button". The original can be stored in a safe place and the loading times are significantly reduced as the virtual drive is much fasterYes
NAlcoholAutomountaxcmd.exePart of Alcohol 120% - "a powerful Windows CD and DVD burning software that makes it easy to create backups of DVDs and CDs. In addition, the program lets you store your most used CDs as images on your computer, so you can call them up at the click of a button". This entry automatically re-loads a disk image in the virtual CD/DVD drive on a system rebootYes
?Alcom PCL CaptureFMW_PCAP.EXE??No
Xalcomrg.exealcomrg.exeAdded by the SDBOT-DNT WORM!No
UAlcWzrdALCWZRD.EXERealTek AlcWzrd Application, installed with the drivers for on-board Realtek HD audio codecs. On an ALC885 based test system it runs only once after the drivers have been installed and the startup entry is then removed. Disabling it appears to have no ill effects but it's exact purpose is unknown - hence the "U" recommendationYes
UAlcxMonitorAlcxmntr.exeInstalled with hardware drivers for a Realtek AC97 audio device. It's believed that Realtek uses this file in order to gather data about the customer. Some users report problems with their on-board sound if this is disabled - hence the "U" recommendationNo
Xaldefr ere servicetay0x.exeAdded by the RBOT-XS WORM!No
Xalerteralerter.exeMAHA.F spywareNo
XAlevirAlevir.exeAdded by the OPASERV-A WORM! No
XAlevirOld[worm filename]Added by the OPASERV WORM! No
NAlexaalexa.exeRelated to Alexa. Note - collects and stores information about the web pages you view, the data you enter in online forms and search programs and, with versions 5.0 and higher, the products you purchase online whilst using the toolbar. Although Alexa state's they do not attempt to analyze the data it may collect about you to determine who you are, some of your information collected by the software is personally identifiable. Please read the Privacy Policy. Not RecommendedNo
XAlexaToolbaralt.exeIdentified by Ewido Security Suite (Ewido is now part of AVG Technologies) as the DELF.EB TROJAN!No
XAlfaCleanerAlfaCleaner.exeAlphaCleaner is now a stealth install using exploits on unpatched systems. Seen alongside RazeSpyware No
UAlfaClock ClassicAlfaClock.exeAlfaClock Free Edition from AlfaSoft Research Labs - "enhances your taskbar clock (tray clock) with fully customizable clock display, alarms, time synchronization and more"No
UAlfaClock2AlfaClock2.exeAlfaClock2 from AlfaSoft Research Labs -"enhances your tray clock functionality. Of course, you can customize the look, adjusting fonts, colors, backgrounds and more. But, the main goal of this program is to extend your tray clock functionality"No
?ALFY AccelleratorAlfyAC~1.exe??No
Xalgalg.exeAdded by the SDBOT-DJC WORM!No
XALG.EXEiexplorer .exeAdded by the DEMOTRY-B WORM!No
XALG32ALG32.EXEAdded by the STARTPAGE.K hijackerNo
Xalgchk.exealgchk.exeDetected by Kaspersky as the VB.ATE TROJAN!No
XALGUALGU.EXEAdded by the CWS-I TROJAN!No
XALGU.exeALGU.exeAdded by the STARTPAGE.O TROJAN!No
Xalgv.exealgv.exeAdded by the AUTORUN-BEA WORM!No
UALi5289ALi5289.exeRelated to Uli Integrated Drivers from Uli Electronics IncNo
NAlias SketchBook SnapshotALIASS~2.EXEScreen-capture utility for Alias SketchbookNo
NAlienAutopsyTest_BS.exeAlienware computer technical support softwareNo
YALiSndMgrALiSndMg.exeALi AC97 Sound driverNo
?AliUSBfixGREENMK.exeMay be realted to a USB 2.0 PCI card - the IOgear GIC220OU?No
XAlive SYstemscchost.exeAdded by the TOFDROP-B TROJAN!No
XAlive SYstemscchostc.exeAdded by the TOFDROP-B TROJAN!No
Xalkasr?????.exeAdded by the BALKART TROJAN!No
UAll Aboard Statusstswin.exeAll Aboard! Internet Connection Sharing status iconNo
XAll Sea screen saverTaskTray.exeFree screensaver, installs lots of foistware - remove itNo
XAll Sea web linkFWLink.exeFree screensaver, installs lots of foistware - remove itNo
NAllerCalcAllerCalc.exeAllerCalc is an expression calculator which allows you to directly enter an expression to be evaluated. Can be started manuallyNo
XAllopassw[path to trojan]Added by the RANKY.CU TROJAN!No
UAllSeeingEyease.exeAll-Seeing_Eye security software - "monitors everything that takes place on your computer, and alerts the user as soon as anything suspicious or out-of-the-ordinary is happening, providing the user with alternatives for possible actions"No
UallSnapallSnap.exe"allSnap is a small system tray app that makes all top level windows automatically align like they do in programs such as Winamp or Photoshop"No
UALLTEL DSL Check-up Centermatcli.exe"matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". ALLTEL DSL Check-up Center is required to run with the Help and Support program. If you uncheck ALLTEL DSL Check-up Center and then run Help and Support it will add another ALLTEL DSL Check-up Center in the startup menu. If you remove this software in "add/remove programs" some help menus in help and support will not be available. You decideNo
UAllToTrayALLTOTRAY.EXEAlltoTray from DNTSoft - minimize any program to your System Tray No
XALMcsrss32.exeAdded by the ANACON-D VIRUS!No
XALManacon32.exeAdded by the ANACON-C WORM!No
XAlogrithm Link Queuealq.exeAdded by a variant of the SDBOT WORM!No
UAlogservAlogserv.exeFrom McAfee VirusScan for logging scanning activities. In some cases, if left running it can cause CPU % usage to go between 5-95% or go to and stay at 100%. Disabling it impacts on the reported last scan date. It is reported to cause jerky graphics response in many games. As of version 6, this is a critical component of McAfee and disabling it can cause a PC to lock upNo
UALPassALPass.exeALPass password managerNo
Xalphasvchost.exeAdded by a variant of the DELF.IT TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! The location of this file variesNo
XAlphaAntalpha.exeAlpha Antivirus rogue security software - not recommended, removal instructions hereNo
XAlphaAVAlphaAV.exeAlpha Antivirus rogue security software - not recommended, removal instructions hereNo
YAlps Electric USB ServerMonserv.exeAlps Electric USB Server - required according to this article No
UAlpsPointApoint.exeTouchpad software for laptop PC's. For instance it is found on the Panasonic and Sony Vaio machines and allows part of the touchpad to be used for document or Web-page scrolling. Required for proper functioning of the pointing software but not required for the laptop to workNo
UALServALServ.exeUtility that enables a user to control the volume and surround sound and select Pro Logic/Stereo on 2 satellite speakers and subwoofer of old Altec Lansing speaker systems. The right-side speaker has 4 controls on top providing same functionalityNo
Xalt CTRL Shiftet3rd.exeAdded by the SDBOT-RH BACKDOOR!No
XALTER DATA[path] repcale.exe [path] beird.exeAdded by the IRCFLOOD.CD TROJAN! Both files are located in %System%\ccdewNo
XAltnetpoints manager.exeAltnet TopSearch adwareNo
XAltnetPointsManagerpoints manager.exeAltnet TopSearch adwareNo
UAltoMB_serviceAltoMBsrv.exeAlto Memory Booster from Alto Software - boost the computers performance via more intelligent and efficient memory management. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mindNo
UALTOOLSAccessL.exeALTools family of PC utilities No
XAltPaymentsAltPayments.exeWeirdOnTheWeb adwareNo
NALU Scheduler ServiceALUSchedulerSvc.exeSymantec LiveUpdate scheduler for programs such as Norton AV or Internet SecurityNo
UALUAlertALUNotify.exeNotification reminder for Symantec's LiveUpdate. Leave enabled unless you manually run LiveUpdate on a regular basisNo
NAluria Security CenterSecurityCenter.exeAluria Software's spyware removal tool - we can't really recommend this product as Aluria have recently partnered with WhenU, the well known adware company, see hereNo
UAluria's Pop-Up Stoppereps.exeAluria Pop-StopperNo
NAluria's Spyware EliminatorASE.exeAluria Software's spyware removal tool - we can't really recommend this product as Aluria have recently partnered with WhenU, the well known adware company, see hereNo
UAlwaysOnTopMakerAlwaysOnTopMaker.exeAlways On Top Maker - utilty to enable an application to always be displayed "on top" of others on the desktopNo
UAlwaysReady Power Message APPARPWRMSG.EXE"Away Mode" feature added with Update Rollup 2 for Windows XP Media Center Edition 2005 that allows the computer to appear off to the user while it continues to perform tasks that do not require user input, such as recording television and viewing Media Center Extender sessions. For more information see hereNo
XAmazingTensAmazingTens.exePremium rate adult content diallerNo
UAMD PowerNow!GemBack.exeAMD PowerNow! - "an innovative solution available on all AMD mobile processor-based notebooks that can effectively increase notebook battery life, while delivering performance on demand"No
Yamd_dc_optamd_dc_opt.exeAMD Dual-Core Optimizer - "can help improve some PC gaming video performance by compensating for those applications that bypass the Windows API for timing by directly using the RDTSC (Read Time Stamp Counter) instruction"No
NAmerica Onlineaoltray.exeAdds the AOL icon in the System Tray (*.* denotes version if present) for versions of AOL up to and including 9.0. Start AOL via the desktop or quick launch shortcuts or via Start → All ProgramsYes
NAmerica Online *.* Tray Iconaoltray.exeAdds the AOL icon in the System Tray (*.* denotes version if present) for versions of AOL up to and including 9.0. Start AOL via the desktop or quick launch shortcuts or via Start → All ProgramsYes
NAME_CSArundll32 amecsa.cpl, RUN_DLLLoads ADSL modem Control Panel appletNo
UAmIcoSinglunAmIcoSinglun.exeSingle LUN Icon Utility - System Tray access/notification for card readers using controllers from Alcor Micro which incorporate Single LUN, such as the AU6336, AU6439 and AU6431No
XAmie Release V6.9Dservices.exeAdded by the VB-EAN TROJAN! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
Xamircivilsvchost.exe…Added by the AMIRECIVEL WORM!No
UAModemLockDownModemLockDown.exeModemLockDown - allows you to supervise internet access by disabling the modem, protects againt dialers accessing dial-up connections, etcNo
YAmonAMON.EXEMonitoring part of Eset's NOD32 virus-scannerNo
YAmonitoramon.exeTiny Personal FirewallNo
UAMO_Taskplaner.exeAMO_Taskplaner.exePart of Ashampoo® Magical Optimizer from Ashampoo GmbH & Co. KG - which removes stagnant and unnecessary hard drive files, deletes Internet tracks and streamlines the registry by erasing invalid and orphaned entries. The Taskplaner automates this system optimization according to the user defined schedule and gives System Tray access to the main programYes
UAMO_TA~1AMO_Taskplaner.exePart of Ashampoo® Magical Optimizer from Ashampoo GmbH & Co. KG - which removes stagnant and unnecessary hard drive files, deletes Internet tracks and streamlines the registry by erasing invalid and orphaned entries. The Taskplaner automates this system optimization according to the user defined schedule and gives System Tray access to the main programYes
UAMO_TA~1.EXEAMO_TA~1.EXEPart of Ashampoo® Magical Optimizer from Ashampoo GmbH & Co. KG - which removes stagnant and unnecessary hard drive files, deletes Internet tracks and streamlines the registry by erasing invalid and orphaned entries. The Taskplaner automates this system optimization according to the user defined schedule and gives System Tray access to the main programYes
UAMP WinOFFwinoff.exeWinOFF is " a utility designed to shut down Windows computers automatically, in a fully configurable way"No
UAMSGAmsg.exePart of the IBM ThinkVantage Productivity Center. "The Message Center sends automatic notification on ThinkVantage Technologies integrated with your system. Once you're online"No
Xamsgupdateams.exeAdded by a variant of the MAILBOT TROJAN!No
NAMSNamsn.exeaMSN Messenger is a multiplatform MSN messenger cloneNo
Xamsnamsn.exeAdded by the BANKER-BNZ TROJAN!No
Xamvaamvo.exeAdded by the SILLYFDC-BR WORM!No
NAnapod Manageranamgr.exeAnapod Explorer from Red Chair Software "is the most advanced Windows iPod® software available, offering iPod® management through full Windows Explorer integration under My Computer"No
Xanbv32nabv32.exeAdded by the TITOG.C WORM!No
XAndware DefenceZsoft32.exeAdded by the GAOBOT.OO WORM!No
Xangeleyesmsdll.exeAdded by the VB.PI TROJAN!No
Xanhtaaakacsde.exeAdded by the FRETHOG-B TROJAN!No
Xanimalssanimalss.exeAdded by the AGOBOT-VE WORM!No
YANIWZCS2ServiceWZCSLDR2.exeALPHA Networks wireless driverNo
?ANIWZCSServiceWZCSLDR.exeD-Link wireless PCI adapter related. In some cases reported to cause excessive CPU activityNo
?AnnotateCheckAnnCheck.exeGenius Wizard Pen Tablet driver related. Is it required?No
NAnnouncementsAnnclist.exeMS WebTV for Windows. Used to display TV on your PC via a compatible video card with in-built tuner (such as ATI All-In-Wonder). If you don't use it - uninstall itNo
NAnntextAnntext.exeCaere Pagekeeper text annotation serverNo
UAnonymityGatewayAnonymity Gateway.exeAnonymity Gateway - privacy protection tool that conceals IP address preventing your surfing habits and your internet activity form being tracked by websites or Internet Service ProvidersNo
UAnonymizer Total Net ShieldAnonTns.exeAnonymizer Total Net Shield - ID protection and privacy softwareNo
YANONYMIZER_SPYWAREKILLERSpyWareKiller.exeAnonymizer Spyware Killer, which was superseded by Anti-Spyware but is now discontinuedNo
YANONYMIZER_SPYWAREKILLERAnonAntiSpyware.exeAnonymizer Anti-Spyware - now discontinuedNo
UAnother Internet Explorer Popup Killeraiepk2.exeAnother IE Popup Killer - pop-up stopperNo
Xansjava[path to worm]Added by the RANDON-AN WORM!No
XAnskyaPYSKY.NET.exeAdded by the DLOADER-MW TROJAN!No
XAnswer ProblemdSAFsqs.exeAdded by the SDBOT-SC WORM!No
UAnswerToolAnswerTool.exeAnswerTool - save your E-mail replies in AnswerTool, then reuse them again and again No
XAntiIsass.exeAdded by the BROPIA.K WORM! No
XAnti Spam Servicespamsvc.exeAdded by the MYTOB-BK WORM!No
NAnti-Blaxx ManagerAnti-Blaxx.exeAnti-Blaxx - bypass blacklistings from different copy protections bypassing methods like virtual CD or DVD drives No
UAnti-keylogger checkantikey.exeAnti-keylogger - protects against keylogger programs monitoring your keystrokesNo
UAnti-Trojan-WatchATWatch.exeAnti-Trojan Watch - trojan detectorNo
XAnti-Virusvpms.exeAdded by a variant of the SLAPER TROJAN!No
XAnti-Virus[random filename].exeAdded by the CAPROBAD-A TROJAN!No
XAnti-Virus Product Sync[unprintable character][3 characters]log.exeAdded by the KEDEBE.D WORM!No
XAnti-Virus Updateavupdate.exeAdded by the TIOTUA-CO WORM!No
XAnti-Virus Update Scheduler[path to trojan]Added by the SPAMMIT-A TROJAN!No
XAnti-Virus Update Schedulerwinsp3.exeMalware - detected by Kaspersky as the AGENT.FP TROJAN!No
XAnti-Virus Update Scheduler V1.39.12R[path to trojan]Added by the HEPLANE or STAPREW.B TROJANS! - different filenames have been spotted; examples: msvc.exe, kaspersky.exe, nrton.exe, wins.exe, gah32.exe, 1.tmp, syste.exe, alg.exe, socks.exe, winxpsp2.exe, tek9.exe, sks.exe, hihi.exe, s.exe, xps2.exe, dns2.exe, ikav32.exe and more...No
XAntiAdd.exeAntiAdd.exeAntiAdd rogue security software - not recommended, removal instructions here. A member of the AntiAID familyNo
XAntiAIDAntiAID.exeAntiAID rogue security software - not recommended, removal instructions here. There are number of variants in this family sharing the same user interface - see hereNo
XAntiCareMainAntiCare.exeAntiCare rogue security software - not recommendedNo
XAntiClickerSVCHST32.EXEAdded by the CBH TROJAN!No
Uantidialer.co.ukDialer_Watcher.exeDialer_Watcher is an application that allows you to detect dialers on your computerNo
YAntiFreezeAntiFreeze.exeAntiFreeze from Resplendence Software Projects - "offers a last recourse when you find your computer in a hung state". If your system has hung and AntiFreeze is running, a hotkey combination will suspend all but critical processes and allow you to save or recover your workYes
Xantihostahr.exeAdded by the BANCBAN-QJ TROJAN!No
Xantikewingate32.exeAdded by a variant of the RBOT WORM! See hereNo
XAntiKeepAntiKeep.exeAntiKeep rogue security software - not recommended, removal instructions here. A member of the AntiAID familyNo
XAntiKeep.exeAntiKeep.exeAntiKeep rogue security software - not recommended, removal instructions here. A member of the AntiAID familyNo
XAntiMalwareAntiMalware.exeAntiMalware rogue security software - not recommended, removal instructions hereNo
XAntimalware Doctor.exeAntimalware Doctor.exeAntimalware Doctor rogue security software - not recommended, removal instructions hereNo
XAntiMalwareGuardamg.exeAntiMalwareGuard rogue security software - not recommended, removal instructions hereNo
XAntiMalwareSuiteAMS.exeAntiMalwareSuite rogue security software - not recommended, removal instructions hereNo
XAntiMalware_ProNETAntiMalware_Pro.exeAntiMalware Pro rogue security software - not recommended, removal instructions hereNo
UAntiPopUpAntiPopUp.exeAntiPopUp for IE - pop-up stopperNo
XAntiSpionagepgs.exeAntiSpionage, German rogue security software - not recommended. A member of the AVSystemCare familyNo
XAntiSpionagePropgs.exeAntiSpionagePro, German rogue security software - not recommended. A member of the AVSystemCare familyNo
XantispyANTIVIR.exeIE AntiVirus rogue security software - not recommended, removal instructions hereNo
XantispyANTIVIRUS.exeIE AntiVirus rogue security software - not recommended, removal instructions hereNo
Xantispyieav.exeIE AntiVirus rogue security software - not recommended, removal instructions hereNo
Xantispyscan.exeIE AntiVirus rogue security software - not recommended, removal instructions hereNo
XAntiSpy2008AntiSpy2008.exeAntispy 2008 rogue spyware remover - not recommended, removal instructions hereNo
XAntiSpyBossasb32.exeAntiSpyBoss rogue security software - not recommended, removal instructions hereNo
XAntiSpyCheckAntiSpyCheck.exeAntiSpyCheck rogue spyware remover - not recommended, removal instructions hereNo
XAntiSpyCheck 2.1AntiSpyCheck 2.1.exeAntiSpyCheck rogue spyware remover - not recommended, removal instructions hereNo
XAntiSpyCheck 2.1.0AntiSpyCheck.exeAntiSpyCheck rogue spyware remover - not recommended, removal instructions hereNo
XAntiSpyControlpgs.exeAntiSpyControl rogue security software - not recommended, removal instructions here. A member of the AVSystemCare familyNo
XAntiSpyGoldenAntiSpyGolden 5.1.exeAntiSpyGolden rogue spyware remover - not recommendedNo
XAntiSpyGolden 5.1AntiSpyGolden 5.1.exeAntiSpyGolden rogue spyware remover - not recommendedNo
XAntiSpyGuardAntiSpyGuard.exeAntiSpyGuard rogue security software - not recommended, removal instructions hereNo
XAntiSpyKitAntiSpyKit 5.3.exeAntiSpyKit rogue spyware remover - not recommended, removal instructions hereNo
XAntiSpyKit 5.2AntiSpyKit 5.2.exeAntiSpyKit rogue spyware remover - not recommended, removal instructions hereNo
XAntiSpyKit 5.3AntiSpyKit 5.3.exeAntiSpyKit rogue spyware remover - not recommended, removal instructions hereNo
XAntiSpyMonAntiSpyMon.exeAntispyware Protector rogue security software - not recommendedNo
Xantispysoldierantispysoldier.exeAntiSpyware Soldier rogue spyware remover - not recommended, removal instructions hereNo
XAntispySpiderantispyspider.exeAntiSpySpider rogue spyware remover - not recommended, removal instructions hereNo
XAntispyStormAntispyStorm.exeAntispyStorm rogue security software - not recommended, removal instructions hereNo
XAntiSpywareAntiSpyware.exeAntiSpywareApp rogue spyware remover - not recommended, see hereNo
XAntiSpyware ProAntiSpyware Pro.exeAntiSpyware Pro 2009 rogue spyware remover - not recommended, removal instructions hereNo
XAntispyware PRO XPasproxp.exeAntiSpyware Pro XP rogue spyware remover - not recommended, removal instructions hereNo
XAntispyware-2008.exeAntispyware-2008.exeAntiSpyware 2008 rogue security software - not recommended, removal instructions hereNo
YAntiSpyWare2GuardAntiSpyWare2Guard.exePart of Ashampoo® AntiSpyWare 2 from Ashampoo GmbH & Co. KG. This part is the realtime monitor that looks for changes on the users system such as BHO, Winsock LSPs, Windows Hosts file, Autostart entries, etcYes
XAntiSpyware3000.exeantispyware.exeAntiSpyware 3000 rogue spyware remover - not recommended, removal instructions hereNo
XAntiSpywareBotAntiSpywareBot.exeAntiSpywareBot rogue spyware remover - not recommended, removal instructions hereNo
XAntiSpywareControlpgs.exeAntiSpywareControl rogue security software - not recommended, removal instructions here. A member of the AVSystemCare familyNo
XAntispywareDAntispywareD.exeAntiSpywareDeluxe rogue security software - not recommended, removal instructions hereNo
XAntiSpywareExpertase.exeAntiSpywareExpert rogue security software - not recommended, removal instructions hereNo
XAntiSpywareGuardasg.exeAntiSpywareGuard rogue spyware remover - not recommended, removal instructions hereNo
XAntiSpywareMasterasm.exeAntiSpywareMaster rogue security software - not recommended, removal instructions hereNo
XAntiSpywareShieldAntiSpywareShield.exeAntiSpywareShield rogue security software - not recommended, removal instructions hereNo
XAntiSpywareSuitepgs.exeAntiSpywareSuite rogue security software - not recommended. A member of the AVSystemCare familyNo
XAntiSpywareXP 2009AntiSpywareXP2009.exeAntiSpywareXP 2009 rogue spyware remover - not recommended, removal instructions hereNo
XAntiSpyZoneAntiSpyZone.exeAntiSpyZone rogue spyware remover - not recommendedNo
XAntiSpyZone 4.5AntiSpyZone 4.5.exeAntiSpyZone rogue spyware remover - not recommendedNo
XAntiSpyZone 4.6AntiSpyZone 4.6.exeAntiSpyZone rogue spyware remover - not recommendedNo
XAntiSpyZone 4.9AntiSpyZone 4.9.exeAntiSpyZone rogue spyware remover - not recommendedNo
XAntiSpyZone 5.1AntiSpyZone 5.1.exeAntiSpyZone rogue spyware remover - not recommendedNo
XAntiSpyZone 5.4AntiSpyZone 5.4.exeAntiSpyZone rogue spyware remover - not recommendedNo
XAntiTroyAntiTroy.exeAntiTroy rogue security software - not recommended, removal instructions here. A member of the AntiAID familyNo
XAntiTroy.exeAntiTroy.exeAntiTroy rogue security software - not recommended, removal instructions here. A member of the AntiAID familyNo
XAntiVer2008pgs.exeAntiVer2008, French rogue security software - not recommended. A member of the AVSystemCare familyNo
XAntiVermeansAntiVermeans.exeVariant of the Antivermins rogue security software - not recommended, removal instructions hereNo
XAntiVerminsAntiVermins.exeAntivermins rogue security software - not recommended, removal instructions hereNo
XAntiVermins 3.0AntiVermins 3.0.exeAntivermins rogue security software - not recommended, removal instructions hereNo
XAntiVermins 3.3AntiVermins 3.3.exeAntivermins rogue security software - not recommended, removal instructions hereNo
XAntiVerminserAntiVerminser.exeVariant of the Antivermins rogue security software - not recommended, removal instructions hereNo
XAntiVerminsProAntiVerminspro.exeAntivermins rogue security software - not recommended, removal instructions hereNo
Xantiviirusantiviirus.exeAdded by a variant of the AGENT.KEU TROJAN!No
XAntivirsvchst.exeAdded by the RAGRUK-A TROJAN!No
XAntiVirscvhost.exeAdded by the AGENT-DSF TROJAN!No
XAntiVirwinlog.exeAdded by the IRCBOT-TJ TROJAN!No
XAntiVirsmss.exeAdded by the DWNLDR-GWE TROJAN! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %ProgramFiles%No
YAntiVir XPAVwin.exeAntiVir® PersonalEdition Classic - antivirusNo
XAntivir64Antivir64.exeAntivir64 rogue spyware remover - not recommended, removal instructions hereNo
XAntiviralGoldenAntiviralGolden.exeAntiviralGolden rogue security software - not recommended, removal instructions hereNo
XAntiVirGear 3.7AntiVirGear 3.7.exeAntiVirGear rogue security software - not recommended, removal instructions hereNo
XAntiVirGear 3.8AntiVirGear 3.8.exeAntiVirGear rogue security software - not recommended, removal instructions hereNo
XAntiVirProtectAntiVirProtect.exeAntiVirProtect rogue security software - not recommended, removal instructions hereNo
XAntivirusav.exeAdded by the SINKIN TROJAN! Resets IE start page to realphx.comNo
XAntivirusmaja.exeAdded by the NETSKY.H WORM!No
XAntivirusiexpl0res.exeAdded by an unidentified WORM or TROJAN!No
XAntiViruskaspery.exeAdded by a variant of the RBOT WORM!No
XAntiVirusAntiVirus.exeAdded by the BANKER-EHB TROJAN!No
XAntivirusAntvrs.exeAntiVirus 2008 rogue security software - not recommended, removal instructions hereNo
XAntivirusavm.exeAntivirus Master rogue security software - not recommended, removal instructions hereNo
XAntivirusvav.exeVista Antivirus 2008 rogue security software - not recommended, removal instructions hereNo
XAntivirusaav.exeAdvanced Antivirus rogue security software - not recommended, removal instructions hereNo
XANTIVIRUSAVS.exeAntivirus Sentry rogue security software - not recommended, removal instructions hereNo
XANTIVIRUSmicroAV.exeMicro Antivirus 2009 rogue security software - not recommended, removal instructions hereNo
XAntivirusMSA.exeMS Antivirus rogue security software - not recommended, removal instructions hereNo
XANTIVIRUSUltraAV.exeUltra Antivirus 2009 rogue security software - not recommended, removal instructions hereNo
XAntivirusxpa.exeXpert Antivirus Enterprise rogue security software - not recommended, removal instructions hereNo
XAntivirusSPP.exeSpyware Preventer rogue security software - not recommended, removal instructions hereNo
XAntivirussav.exeSystem Antivirus 2008 rogue security software - not recommended, removal instructions hereNo
XAntivirusuav.exeUltimate Antivirus 2008 rogue security software - not recommended, removal instructions hereNo
XAntiviruswav.exeWindows Antivirus 2008 rogue security software - not recommended, removal instructions hereNo
XAntivirusavt.exeAntivirus rogue security software - not recommended, removal instructions hereNo
XAntivirus 2009av2009.exeAntiVirus'09 rogue security software - not recommended, removal instructions hereNo
XAntivirus 2009 plusAntivirus 2009 plus.exeAntiVirus Plus rogue security software - not recommended, removal instructions hereNo
XAntivirus Agent Proaap.exeAntivirus Agent Pro rogue security software - not recommended, removal instructions hereNo
XAntivirus Installer[path to trojan]Added by the BADGENT-A TROJAN!No
XAntivirus PC 2009avpc2009.exeAntivirus PC 2009 rogue security software - not recommended, removal instructions hereNo
XAntivirus Pro 2009AntivirusPro2009.exeAntiVirus Plus rogue security software - not recommended, removal instructions hereNo
XAntivirus Pro 2010AntivirusPro_2010.exeAntivirus Pro 2010 rogue security software - not recommended, removal instructions hereNo
XAntiVirus Processvirprot.exeAdded by a variant of the SDBOT WORM!No
XAntivirus Protection Servicesccapp2.exeAdded by the RBOT.EXI WORM!No
XAntiVirus Updateupdates.exeAdded by the RBOT-JF WORM!No
XAntiVirus Updateantivirus.exeAdded by the RBOT-IF WORM!No
XAntivirus Updatesavupdchk.exeAdded by the AGOBOT-IP WORM!No
XAntivirus-2008.exeAntivirus-2008.exeAntivirus 2008 rogue security software - not recommended. Detected by Sophos as the FAKEAV-BK TROJAN!No
Xantivirus-2008pro.exeantivirus-2008pro.exeAntivirus 2008 PRO rogue security software - not recommended. Detected by Sophos as the FAKEAV-AW TROJAN!No
XAntivirus-GoldenAntivirus-Golden.exeAntivirus-Golden rogue security software - not recommendedNo
XAntivirus.exeAntivirus.exeAntivirus rogue security software - not recommended, removal instructions hereNo
XAntivirus2008yantvrs.exeAntiVirus 2008 rogue security software - not recommended, removal instructions hereNo
Xantivirus32antivirus.exeAdded by the SPYBOT.KAI WORM!No
XAntivirusBESTInstaller.exeInstaller for the AntivirusBEST rogue security software - not recommended. Removal instructions hereNo
XAntivirusBESTabest.exeAntivirusBEST rogue security software - not recommended, removal instructions hereNo
XAntivirusDocAntivirusDoc.exeAntivirusDoc rogue security software - not recommended, removal instructions hereNo
XAntivirusFiablepgs.exeAntivirusFiable, French rogue security software - not recommended. A member of the AVSystemCare familyNo
XAntivirusForAllpgs.exeAntivirusForAll rogue security software - not recommended, removal instructions here. A member of the AVSystemCare familyNo
XAntivirusGoldAntivirusGold.exeAntivirusGold rogue security software - not recommended, removal instructions hereNo
XAntivirusGold 5.1AntivirusGold 5.1.exeAntivirusGold rogue security software - not recommended, removal instructions hereNo
XAntiVirusLab2009AntiVirusLab2009.exeAntivirus Lab 2009 rogue security software - not recommended, removal instructions hereNo
XAntivirusOrdipgs.exeAntivirusOrdi, French rogue security software - not recommended. A member of the AVSystemCare familyNo
XAntivirusPCPakkepgs.exeAntivirusPCPakke, Danish rogue security software - not recommended. A member of the AVSystemCare familyNo
XAntivirusPCSuitepgs.exeAntivirusPCSuite rogue security software - not recommended, removal instructions here. A member of the AVSystemCare familyNo
XAntiviruspertuttipgs.exeAntiviruspertutti rogue security software - not recommended. A member of the AVSystemCare familyNo
XAntiVirusProAntiVirusPro.exeAnti Virus Pro rogue security software - not recommendedNo
XAntiVirusProMFCAntivirus Pro.exeAntiVirus Pro rogue security software - not recommendedNo
?AntiVirusProtectionqumk.exe??No
XAntivirusProtectionantivirusprotection.exeAntivirus Protection rogue security software - not recommended, removal instructions hereNo
XAntivirusschermpgs.exeAntivirusscherm, Dutch rogue security software - not recommended. A member of the AVSystemCare familyNo
XAntivirusXP.exeAntivirusXP.exeAntivirus XP Pro rogue security software - not recommended, removal instructions hereNo
XAntiVirus_ProNETAntiVirus_Pro.exeAntiVirusPro rogue security software - not recommended, removal instructions hereNo
XAntiVituSBase.exeAdded by the BAS.A WORM!No
Xantiwareelite***32.exe [*** = random char]Added by the DLOADER-HW TROJAN!No
UAntiWindowsMessengerAntiMsMsg.exeAnti-Windows_Messenger is a small application that prevents Windows Messenger from remaining resident in memoryNo
XAntiWorm2008pgs.exeAntiWorm2008 rogue security software - not recommended. A member of the AVSystemCare familyNo
Xanti_trojanti_troj.exeMalware installed by different rogue security software including SpyKillerPro. Also detected as the LODEAR.D TROJAN!No
UAnVirAnVir.exeAnVir Task Manager - "is a tool that controls everything running on computer and provides Windows enhancements that help in every-day work". Monitors and manages startup programs, processes and services. Also includes system tweaks, security risks, tray icons for monitoring CPU/memory/HDD and other utilitiesYes
UAnVir Security SuiteAnVir.exeAnVir Security Suite - "is a tool that controls everything running on computer and provides Windows enhancements that help in every-day work". Monitors and manages startup programs, processes and services. Also includes system tweaks, security risks, tray icons for monitoring CPU/memory/HDD and other utilities. This version includes an antivirus scanner and anti-rootkit toolYes
UAnVir Task ManagerAnVir.exeAnVir Task Manager - "is a tool that controls everything running on computer and provides Windows enhancements that help in every-day work". Monitors and manages startup programs, processes and services. Also includes system tweaks, security risks, tray icons for monitoring CPU/memory/HDD and other utilitiesYes
UAnVir Task Manager FreeAnVir.exeAnVir Task Manager Free - "is a tool that controls everything running on computer and provides Windows enhancements that help in every-day work". Monitors and manages startup programs, processes and services. Also includes system tweaks, security risks, tray icons for monitoring CPU/HDD and other utilitiesYes
UAnVir Task Manager ProAnVir.exeAnVir Task Manager Pro - "is a tool that controls everything running on computer and provides Windows enhancements that help in every-day work". Monitors and manages startup programs, processes and services. Also includes system tweaks, security risks, tray icons for monitoring CPU/memory/HDD and other utilitiesYes
Uanvshellanvshell.exeSystem Tray tool for ASUS video cards. If disabled you lose all the ASUS specific video card options in Control Panel -> Display Properties -> Advanced as well as the System Tray shortcuts toolbarNo
XAnvTrgrAnvTrgr.exeAntivirusTrigger rogue security software - not recommended, removal instructions hereNo
UAny To-Do Listanytodo.exeAny To-Do List "the ultimate software solution to keep yourself organized and reminded" No
?anycom bluetoothftflauncher.exeAssociated with an Anycom bluetooth wireless card. What does it do and is it required?No
UAnyDVDAnyDVD.exeAnyDVD - descrambles DVD-Movies automatically in the background and the DVD appears unprotected and region code free. Also removes prohibited operations from the DVD such as skipping adverts - hence the "U" recommendationNo
UAnyDVDAnyDVDtray.exeSystem Tray access to AnyDVD from SlySoft - which descrambles DVD-Movies automatically in the background and the DVD appears unprotected and region code free. Also removes prohibited operations from the DVD such as skipping advertsNo
XanythingATITAX.exeAdded by the FORBOT-DP WORM!No
UAnyTimeAtw.exeAnyTime Organizer Deluxe from Individual Software Inc - "all the tools you need to organize your calendar, to-do list, and address book are combined in a familiar interface with hundreds of printable calendars, detailed expense reports, and a full range of programmable alarms"No
UAnyTime OrganizerAtDem.exeAnyTime Organizer Deluxe from Individual Software Inc - "all the tools you need to organize your calendar, to-do list, and address book are combined in a familiar interface with hundreds of printable calendars, detailed expense reports, and a full range of programmable alarms"No
UAnyTime OrganizerAtw.exeAnyTime Organizer Deluxe from Individual Software Inc - "all the tools you need to organize your calendar, to-do list, and address book are combined in a familiar interface with hundreds of printable calendars, detailed expense reports, and a full range of programmable alarms"No
NAO TrayAOTray.ExeSystem Tray application for AOpen soundcards. Can be run manually via Start -> Settings -> Control PanelNo
Yaolavp.exeAOL's Active Virus Shield (by Kaspersky) - found in an AOLActive Virus Shield sub-directoryNo
NAOLAOL.exeFast Start loads the AOL integrated email, instant messenger and web browser software in the background when you turn on your computer. This feature lets you quickly open AOLYes
XAOL 9.0 OptimizedAOLClient.exeAdded by the SPYBOTER.A TROJAN!No
UAOL Broadband Check-Upmatcli.exe"matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". The AOL Self Support Tool is required to run with the Help and Support program. If you uncheck AOL and and then run Help and Support it will add another AOL entry in the startup menu. If you remove this software in "add/remove programs" some help menus in help and support will not be available. You decideNo
UAOL Companioncompanion.exeThe AOL Companion is a small window that appears when you connect to the service using verison 8.0 and early builds of version 9.0. "Use the Companion to quickly get to your favourite features, including your Buddy List, Favourite Places, Address Book, and more!"Yes
XAol Configuration Loaderaimsng.exeAdded by the SDBOT-XE WORM!No
NAOL Fast StartAOL.exeFast Start loads the AOL integrated email, instant messenger and web browser software in the background when you turn on your computer. This feature lets you quickly open AOLYes
XAOL Instant Messangeraim.exeAdded by the SDBOT-YT WORM! Note - this is not the popular AOL Instant Messenger utilityNo
XAOL Instant Messengaraol.exeAdded by the AGOBOT-FN WORM!No
XAOL Instant MessengerAlM.EXEAdded by unidentified malware. Note - there ia a lower case "L" between the A and M in the filenameNo
XAol Instant Messengeraolmsg.exeAdded by the KELVIR.AL WORM!No
XAOL Instant Messengeraimsgr.exeAdded by the IRCBOT.N TROJAN!No
XAOL Instant Messenger 7.213aim9283.exeAdded by the SDBOT-ZF WORM!No
XAOL Instant Messenger dll runtimeMSAOL32dll.exeAdded by the RBOT-ATA WORM!No
XAol Instant Messenger Fixaolfix.exeAdded by the SDBOT-ABJ WORM!No
XAOL Messenger[random filename]Added by an unidentified VIRUS, WORM or TROJAN!No
XAOL Messengeraolmsngr.exeAdded by the SDBOT-JF WORM!No
XAOL Messenger OptimizedAOLOpt.exeAdded by the AOLOPT TROJAN! No
NAOL Service LibrariesAOLSoftware.exeQuoted from AOL Beta Team, "Manages a component essential to the operation of most current AOL software, client or not. You should be able to remove it from Startup (it'll just load when Explorer is launched, which will extend load time a bit), but do leave it on your system"Yes
XAOL Services Hostsaolserviceshosts.exeAdded by an unidentified WORM or TROJAN!No
UAOL Spyware ProtectionAOLSP Scheduler.exeAOL's spyware protection programNo
UAOL TopSpeedMonitoraoltsmon.exeAOL's TopSpeed "web-acceleration technology speeds up your web-browsing experience by storing and reusing elements of web pages that you visit, so pages appear much quicker on your next visit". Most important for those users who still access AOL via dial-up. Starts via a registry "RunServices" key on Windows 98/Me and as a service on Windows 2K/XP/VistaNo
YAolAcsDaemon1Acsd.exeAOL Connectivity Service - automatically restores the connection to AOL should you lose it while online. Negates having to go through the procedure of signing back on manually. This version is obsolete and has been replaced by AOLACSD.EXE so update your version of AOL. Starts via a registry "RunServices" key on Windows 98/Me and as a service on Windows 2K/XP/VistaNo
YAolAcsDaemon1AOLACSD.EXEAOL Connectivity Service - automatically restores the connection to AOL should you lose it while online. Negates having to go through the procedure of signing back on manually. Starts via a registry "RunServices" key on Windows 98/Me and as a service on Windows 2K/XP/VistaNo
?AOLCCACCAgnt.exeAOL ISP software related, file located in a "AOL Computer Check-Up" folder. What does it do and is it required?No
XAolConconfig.comAdded by the TAPLAK WORM!No
NAOLDialerAOLDial.exeAOL ISP software dialer - can be activated through a desktop shortcutNo
NAolFixAolFix.exeRun on Gateway Astra computers, and maybe a few others. Designed to repair a bad registry key in Gateway computers that would not allow AOL to run correctly. Not seen much any more and should only run onceNo
XAOLRegKey32AOREGSVR512.EXEUnidentified malware - see here No
?AOLSAVAOLAgent.exeAOL ISP related. What does it do and is it required?No
NAOLSoftwareAOLSoftware.exeQuoted from AOL Beta Team, "Manages a component essential to the operation of most current AOL software, client or not. You should be able to remove it from Startup (it'll just load when Explorer is launched, which will extend load time a bit), but do leave it on your system"Yes
XAOLSPYWAREREMOVER32AOLSPYWARECLEANER32.EXEAdded by the SPYBOT-HJ WORM!No
XAOLStartAOLStart.exeAdded by the KRAIMER.12 TROJAN!No
Xaolupdater.exeaolupdater.exeAdded by a variant of the IRCBOT TROJAN!No
XAornumaornum.exeInstalled along with iWon Prize Machine. Based upon their privacy statement this can be regarded as spywareNo
NAOTrayAOTray.ExeSystem Tray application for AOpen soundcards. Can be run manually via Start -> Settings -> Control PanelNo
Xaoueisysrtmvs.exeChivio dialerNo
YAPC UPS StatusDisplay.exeAPC PowerChute® Personal Edition status iconNo
XAPcDefenderAPcDefender.exeAPcDefender rogue security software - not recommended, removal instructions here. A member of the AntiAID familyNo
XAPCProtect.exeAPCProtect.exeAPCProtect rogue security software - not recommended, removal instructions here. A member of the AntiAID familyNo
XAPcSafeAPcSafe.exeAPcSafe rogue security software - not recommended, removal instructions here. A member of the AntiAID familyNo
XAPcSecureAPcSecure.exeAPcSecure rogue security software - not recommended, removal instructions here. A member of the AntiAID familyNo
UAPC_SERVICEmainserv.exeAPC PowerChute® Personal Edition - "safe system shutdown software with sophisticated power management functions." Appears as a service in XP/Vista and under the "RunServices" registry key in Win98No
Yapc_trayapc_tray.exePart of the APC UPS software loaded with the BACK-UPS CS 350 unit. Required to monitor the APC unit in case of power failureNo
XAPD123APD123.exePacerD Media/Pacimedia.com adwareNo
Xaphexaphex.exeAdded by the IRCBOT-OH TROJAN!No
XApi**.exe [* = random char]Api**.exe [* = random char]CoolWebSearch/HomeSearch adware - for examples, see this logNo
XApi**32.exe [* = random char]Api**32.exe [* = random char]CoolWebSearch/HomeSearch adware - for examples, see this logNo
XAPI32api32.exeAdded by the IRCBOT-B TROJAN!No
XAPIClasslexplore_.exeAdded by the MSNOPT-A TROJAN!No
XAPIMonapimonx.exeAdded by the TIBSER.A downloader TROJAN!No
XAPIMonwinapix.exeAdded by a variant of the TIBSER.A downloader TROJAN!No
XAPIMonmsreg.exeAdded by the DROPPER.Z TROJAN!No
Xapisvc.exeapisvc.exeAdded by a variant of the LAMEBOT TROJAN!No
UAPLAPL.exeSage Software's ACT! The application pre-loader (apl.exe) is a self contained executable that pre-loads the necessary .NET framework and ACT! 2005 assemblies. This pre-loading of assemblies enhances ACT! startup, view load and dialog load times in some areas of the applicationNo
Xapmanager.exeapmanager.exeAP Manager ransomware download manager - not recommended, removal instructions hereNo
?Apmsrv9xAPMSRV9X.EXEIntel AnyPoint Wireless II Home Network related. Now discontinued. What does it do and is it required?No
UApointApoint.exeTouchpad software for laptop PC's. For instance it is found on the Panasonic and Sony Vaio machines and allows part of the touchpad to be used for document or Web-page scrolling. Required for proper functioning of the pointing software but not required for the laptop to workNo
XApp**32.exe [* = random char]App**32.exe [* = random char]CoolWebSearch/HomeSearch adware - for examples, see this logNo
XApp.EXEName[path to worm]Added by the BODIRU WORM!No
XApPache SystemApPache.exeAdded by the RBOT-YP BACKDOOR!No
UAppconvAppCon.exeVital Application Console - part of POS-partner 2000 point-of-sale software from Vital. This is the taskbar icon and is enabled at startup by the "Auto-start when OS starts" option. Required for a connection to be establishedNo
Xappconnappconn.exeAdded by the CARGAO WORM!No
UAppExtenderAppExtCB.exeLoads the Confimax add-in for popular E-mail programs to confirm E-mails have been sent and receivedNo
Xappis.exeappis.exeAdded by the AGENT-BC TROJAN!No
NAppleSyncNotifierAppleSyncNotifier.exeFrom WinPatrol PLUS by BillP Studios - "This file installs with iTunes and is used when syncing your iPhone, iTouch, iPod, etc." See here for more informationNo
XAppletINITINITIATE.EXEAdded by the AGOBOT.XV TROJAN!No
YApplicationmdmsetsp.exeAztech Labs modem driverNo
XApplicationcsrss.exeAdded by the BEAGLE.EG WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
XApplication Adapterabvsvc.exeAdded by the CHECKOUT WORM!No
UApplication ExplorerNaldesk.exeNovell Zenworks Application Explorer Executable. "For almost all users the Novell ZENworks agent (either Application Launcher or Application Explorer) will be run via the user's login script on each successful login. ZENworks is used to periodically deliver software updates and is also used to install the remote management components." No
UApplication ExplorerNalView.exeApplication Explorer - file manager type access to Novell Application Launcher for installing and updating network residing applicationsNo
XApplication Explorerappexplr.exeAdded by the AGENT-NMO TROJAN!No
XApplication In SystemSnxmsh.exeAdded by the AGENT-LNV TROJAN!No
NApplication LauncherApplication Launcher.exeSystem Tray access to the Sony Ericsson PC Suite and HTC Sync mobile phone management utilities. Run manually via the Start Menu (or optional desktop shortcut) before connecting the phoneYes
XApplication Layer Browserabgsvc.exeAdded by the ULPM.FX TROJAN!No
XApplication Layer Gateway Servicealgs.exeAdded by the LINKBOT.M WORM!No
XApplication Layer Scheduleragtsvc.exeAdded by the IRCBOT.BJJ BACKDOOR!No
XApplication Layer Servicesavrsvc.exeAdded by the IRCBOT.BJM BACKDOOR!No
XApplication Manageracnsvc.exeAdded by a variant of the IRCBOT TROJAN!No
XApplication Managerapnsvc.exeAdded by the SMALLTRO.FN TROJAN!No
XApplicationProtocolRunsmsbvl32.exeAdded by the IRCBOT-CX TROJAN!No
UAppPlusAppPlus.exeAppPlus - "menu bar or tray launcher that docks to your desktop, floats or sits in your System Tray. Create graphic/text-based buttons that launch any number of programs, Websites, e-mail addresses or folders (which open in the AppPlus Menu System)"No
XAPRfxlzxconf.exeAdded by the AGENT-DML TROJAN!No
YApvxdAPVXDWIN.EXEPart of Panda Antivirus and Internet Security. Required to enable permanent virus protectionNo
YApvxdwinAPVXDWIN.EXEPart of Panda Antivirus and Internet Security. Required to enable permanent virus protectionNo
YAPVXDWINClShield.exe"Panda ClientShield with TruPrevent is designed for companies that want the best protection for their workstations. It protects against viruses and other known and unknown threats including spam, spyware, dangerous or time-wasting content, phishing scams, hackers and intruders"No
YApwheelApwheel.exeWheel support for an Alps mouseNo
Xapyginapyginsimenu.exeAdded by the SDBOT.BTR WORM!No
UAQ3HelperStartUpAQ3HEL~1.EXEScreenScenes "Aquatica Water Worlds" screensaver. The freeware version comes with GAIN branded ads (pop-ups and others). ScreenScenes do however offer you the option of doing away with the ads by purchasing the screensaver for a whopping $30. Please note that Claria Corporation no longer support GAIN-Supported software - see hereNo
Xaqadcup.exeaqadcup.exeAdded by the AGENT.BG WORM!No
YAqua DockAqua Dock.exeAqua Dock - 'free program that allows you to have an "OS X" style, nice animated launchbar/taskbar on your screen that reacts to your mouse when you mouse over it. Users can customize the look of each item on the dock and set various animation options for when the mouse is over an item on the dock. It is very easy to configure'No
XAqujyjax[path to file]Added by the RANCK-CQ TROJAN!No
XAqujyjaxaqujyjax.exeAdded by the SDBOT-YC WORM!No
Xara-key[random filename]Added by the ANTINNY WORM!No
?ArabLionZ DriveArabLionZ.Drive.exeArabLionZ Drive - part of ArabLionZ XP Tools. What does it do and is it required?No
YArcaCheckArcaCheck.exePart of the ArcaVir antivirus suite from Polish company Arcabit. What does this part do?No
NArcadeDeluxeAgentArcadeDeluxeAgent.exePart of the re-branded version of CyberLink's PowerCinema digital home entertainment software included on some Acer systems. Equivalent to the PCMAgent.exe entry and speeds up the launch of the main program. Only required on slower/older systems and if disabled it loads when required via an instance of svchost.exeNo
Xarcaderockstararcaderockstar32.exeArcade Rockstar (now Gamevance) - free arcade games and prize tournaments. The program itself is clean, but the TOS and privacy statement say that you agree to allow the program to track/report your surfing and put popup advertising on your computerNo
XArchivearchive.exeAdware - detected by Kaspersky as the CENTIM.A TROJAN!No
XARCHIVE CONTROLfixupdattr.exeAdded by the MYTOB.GU WORM!No
NArcSoft ConnectACDaemon.exeUsed to serve notice of product information and updates when running ArcSoft products such as TotalMedia, PhotoStudio 6 and Print Creations. Set the associated ArcSoft Connect Daemon (ACService.exe) service to Manual (via Start → Control Panel → Administrative Tools → Services) and run this entry manually via the Start menu when requiredYes
NArcSoft Connection ServiceACDaemon.exeUsed to serve notice of product information and updates when running ArcSoft products such as TotalMedia, PhotoStudio 6 and Print Creations. Set the associated ArcSoft Connect Daemon (ACService.exe) service to Manual (via Start → Control Panel → Administrative Tools → Services) and run this entry manually via the Start menu when requiredYes
NARCSolo RecoveryN/ABackup software by Computer Associates - no longer supportedNo
UArctosarazerhid.exeRazer Arctosa gaming keyboard driver - required if you use the additional features and programmed keys/macrosNo
UArdamax Keyloggerakl.exeArdakey keystroke logger/monitoring program - remove unless you installed it yourself!No
Naresares.exe"Ares is a free open source file sharing program that enables users to share any digital file including images, audio, video, software, documents, etc"No
NaresliteAresLite.exe"Ares is a free open source file sharing program that enables users to share any digital file including images, audio, video, software, documents, etc"No
UArgentum Backupab.exeArgentum Backup - a small backup program that lets you easily back up your documents and foldersNo
Xargq32csrss_32.exeAdded by the RBOT-CPM WORM!No
XAritimaaritima.exeAdded by the ARITIM WORM!No
XArman[path to worm]Added by the IRCBOT-TG WORM!No
UARMOR2NETArmor2net.exeRelated to Armor2net personal firewall (possibly contains or is related to a product known as ArmorWall - which is a known rogue, see here - hence the "U" recommendation)No
XArmorDefenderArmorDefender.exeArmorDefender rogue security software - not recommended, removal instructions hereNo
Uarmy logoreadmename.exeTorrent101 potentially unwanted torrent client application that installs a Browser Helper Object and displays advertisementsNo
Xaromisaromis.exeAdded by the NUWAR.JQ WORM!No
NAROReminderaro.exeAdvanced Registry Optimizer - "scan, identify, clean and repair errors in your Windows registry with a single click". Reminder that states that you are in trial modeNo
UArovax AntiSpywarearovaxantispyware.exePart of Arovax AntiSpyware from Arovax, LLC - that offers an "innovating, powerful, speedy and extremely easy to use Spyware protection program". Runs a system scan when Windows starts and adds a System Tray iconYes
YArovax ShieldArovaxShield.exePart of Arovax Shield from Arovax, LLC - that "detects and notifies you about all major online threats trying to penetrate your system, isolates & blocks them". Runs the main program in the background and adds a System Tray iconYes
Uarovaxantispywarearovaxantispyware.exePart of Arovax AntiSpyware from Arovax, LLC - that offers an "innovating, powerful, speedy and extremely easy to use Spyware protection program". Runs a system scan when Windows starts and adds a System Tray iconYes
YArovaxShieldArovaxShield.exePart of Arovax Shield from Arovax, LLC - that "detects and notifies you about all major online threats trying to penetrate your system, isolates & blocks them". Runs the main program in the background and adds a System Tray iconYes
UARPWRMSGARPWRMSG.EXE"Away Mode" feature added with Update Rollup 2 for Windows XP Media Center Edition 2005 that allows the computer to appear off to the user while it continues to perform tasks that do not require user input, such as recording television and viewing Media Center Extender sessions. For more information see hereNo
UArteraarteraui.exeArtera Turbo Internet Accelerator - "surf faster, boost download speed". Only required if you find it helps improve your performanceNo
XArucerrundll32 Arucer.dll,ArucerProvides support for the Energizer UsbCharger (Energizer UsbCharger.exe) utility that detects and shows the charging status for the Energizer® Duo USB/mains battery charger. Note - it appears that the product has now been withdrawn from the Energizer product line-up after it was discovered that this file contains the ARUGIZER TROJANNo
XArucer Dynamic Link Libraryrundll32 Arucer.dll,ArucerProvides support for the Energizer UsbCharger (Energizer UsbCharger.exe) utility that detects and shows the charging status for the Energizer® Duo USB/mains battery charger. Note - it appears that the product has now been withdrawn from the Energizer product line-up after it was discovered that this file contains the ARUGIZER TROJANNo
?AS00 Gear511Gear511.exeSoftware for Netgear wireless network cards. Unknown whether it is required for the wireless card to run but does not seem to be a resource hog. Not required for laptop to run if the wireless network card will not be used. Is it at all required?No
NAS00_Gear511Gear511.exeNetgear wireless LAN configuration utilityNo
UAS00_WN511BWN511B.exeNetgear RangeMax NEXT wireless adapter configuration utilityNo
?AS00_WPN511WPN511.exeNetgearRev MFC Application - software for Netgear wireless network cards - what does it do and is it required in startup?No
Xasamasam.exeAdded by the FAKEAV-BGU TROJAN!No
XASC-AntiSpywareWinCleaner.exeWinCleaner 2009 rogue security software - not recommended, removal instructions hereNo
XASC-AntiSpywareWinAntivirus.exeWin Antivirus Vista/XP rogue security software - not recommended, removal instructions hereNo
Xasc32asc 2.1.exeAntiSpyCheck rogue spyware remover - not recommended, removal instructions hereNo
XasccacAasacsqgl.exeAdded by the MULTIDRP.AA TROJAN!No
XASDdASDd.exeAntiSpywareDeluxe rogue security software - not recommended, removal instructions hereNo
XASDPLUGINdsldbaccess.exeAsdPlug premium rate adult content dialerNo
XASDPLUGINcanada.exeAsdPlug premium rate adult content dialerNo
XASDPLUGINfrance.exeAsdPlug premium rate adult content dialerNo
XASDPLUGINfullgames.exeAsdPlug premium rate adult content dialerNo
XASDPLUGIN100171be.exeAsdPlug premium rate adult content dialerNo
XASDPLUGIN100176br.exeAsdPlug premium rate adult content dialerNo
XASDPLUGINadult1.exeAsdPlug premium rate adult content dialerNo
XASDPLUGINAustria.exeAsdPlug premium rate adult content dialerNo
XASDPLUGINbelgium_nm.exeAsdPlug premium rate adult content dialerNo
XASDPLUGINczech.exeAsdPlug premium rate adult content dialerNo
XASDPLUGINdbaccess.exeAsdPlug premium rate adult content dialerNo
XASDPLUGINdslgeaccess.exeAsdPlug premium rate adult content dialerNo
XASDPLUGINFinland.exeAsdPlug premium rate adult content dialerNo
XASDPLUGINgeaccess.exeAsdPlug premium rate adult content dialerNo
XASDPLUGINmexico.exeAsdPlug premium rate adult content dialerNo
XASDPLUGINnetherlands.exeAsdPlug premium rate adult content dialerNo
XASDPLUGINturkey.exeAsdPlug premium rate adult content dialerNo
XASDPLUGINuk_nm.exeAsdPlug premium rate adult content dialerNo
XASDPLUGINXadult1.exeAsdPlug premium rate adult content dialerNo
XASDPLUGINtemp532.exeAsdPlug premium rate adult content dialerNo
Xasdsaxcxz13dasxcsx13.exeAdded by the LEGMIR-ARF TROJAN!No
Xasdxxwinrpc32.exeAdded by the AGOBOT.VO WORM!No
NASE SchedulerASE Scheduler.exeAluria Software's spyware removal tool - we can't really recommend this product as Aluria have recently partnered with WhenU, the well known adware company, see here and hereNo
YAshampoo AntiSpyWare 2AntiSpyWare2Guard.exePart of Ashampoo® AntiSpyWare 2 from Ashampoo GmbH & Co. KG. This part is the realtime monitor that looks for changes on the users system such as BHO, Winsock LSPs, Windows Hosts file, Autostart entries, etcYes
YAshampoo AntiSpyWare 2 GuardAntiSpyWare2Guard.exePart of Ashampoo® AntiSpyWare 2 from Ashampoo GmbH & Co. KG. This part is the realtime monitor that looks for changes on the users system such as BHO, Winsock LSPs, Windows Hosts file, Autostart entries, etcYes
YAshampoo AntiVirus ServiceGuardGui.exeSystem Tray access to the main user interface for Ashampoo® AntiVirus from Ashampoo GmbH & Co. KG.Yes
UAshampoo Core Tunerct.exeAshampoo® Core Tuner from Ashampoo GmbH & Co. KG - a utility which helps you to get the most out of a multi-processor (or dual core) computer. "For instant results you just need to select Auto-Optimize to optimize all the programs you are running or Boost to give more power to a single program". This entry loads Core Tuner with Windows (required if you use any optimized profiles) and gives System Tray accessYes
YAshampoo FireWallFireWall.exeAshampoo® Firewall FREE from Ashampoo GmbH & Co. KGYes
YAshampoo FireWall PROFireWall.exeAshampoo® Firewall PRO from Ashampoo GmbH & Co. KGYes
UAshampoo HDD Control GuardHDDControlGuard.exePart of Ashampoo® HDD Control from Ashampoo GmbH & Co. KG - a hard drive monitoring utility which also incorporates defragmentation and cleaners for browsing history and unnecessary files. This entry loads the Ashampoo HDD Control Guard component on startup which runs in the background and monitors the hard drives and provides System Tray accessYes
UAshampoo Magical DefragaDefragCtrl.exeSystem Tray access to the main user interface for Ashampoo® Magical Defrag from Ashampoo GmbH & Co. KG - which "runs in the background as a service, defragmenting when necessary to keep the hard disk tidy"Yes
UAshampoo Magical Optimizer TaskplanerAMO_TA~1.EXEPart of Ashampoo® Magical Optimizer from Ashampoo GmbH & Co. KG - which removes stagnant and unnecessary hard drive files, deletes Internet tracks and streamlines the registry by erasing invalid and orphaned entries. The Taskplaner automates this system optimization according to the user defined schedule and gives System Tray access to the main programYes
UAshampoo Magical Optimizer TaskplanerAMO_Taskplaner.exePart of Ashampoo® Magical Optimizer from Ashampoo GmbH & Co. KG - which removes stagnant and unnecessary hard drive files, deletes Internet tracks and streamlines the registry by erasing invalid and orphaned entries. The Taskplaner automates this system optimization according to the user defined schedule and gives System Tray access to the main programYes
Nashampoo Magical UnInstallMagicalUnInstall.exeAshampoo® Magical UnInstall from Ashampoo GmbH & Co. KG - which monitors each new program installation, saving a log of the current configuration and using this as a reference to completely uninstall it if you chose to do so at a later dateYes
UAshampoo PopUpBlockerPopUpKiller.exeAshampoo popup blocker, part of Magical Security (was Privacy Protector Plus)No
Nashampoo UnInstaller WatcherUIWatcher.exePart of the Ashampoo® UnInstaller series from Ashampoo GmbH & Co. KG - including UnInstaller Platinum 2, UnInstaller 3 and UnInstaller 4. These monitor and record program installations and allows you to remove them completely, so that no trace is left. This is the installion monitor that sits in the System Tray and detects the launch of installation programsYes
YashAvastashAvast.exePart of Avast antivirusNo
Xashcapservirsess.exeSpySure spywareNo
XashDip.exeashDip.exeAdded by the DROPR-CZ TROJAN!No
YashDispashDisp.exeSystem Tray access to and notifications for the version 4.* series of antivirus products from avast! - giving left-click access to the On-Access Scanner, right-click access to other options and event notificationsYes
XashDsp.exeashDsp.exeAdded by a variant of the SDBOT WORM!No
XASHLTAshlt.exeAshlt adwareNo
YashMaiSvashmaisv.exeE-mail scanning part of avast! Antivirus. Starts via a registry "Run" key on Windows 98/Me and as a service on Windows 2K/XP/VistaNo
XAsiaeasm.exePurityScan adwareNo
XAsicfcicfca.exeAdded by the AGENT.AAJE WORM!No
UAsioRegregsvr32.exe ctasio.dllASIO (Audio Stream In/Out) drivers for the SoundBlaster Audigy 2 series soundcards - for recording and home project studios. Required if you use this functionalityNo
UAsioThk32Regrregsvr32.exe ctasio.dllASIO (Audio Stream In/Out) drivers for the SoundBlaster Audigy 2 series soundcards - for recording and home project studios. Required if you use this functionalityNo
UASKrundll32.exe [path] ASK.dll rdlStealth Keylogger keystroke logger/monitoring program - remove unless you installed it yourself! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
XaslAslru.exeAdded by the BANCOS-CU TROJAN!No
UASMASMonitor.exeActive Security Monitor from AOL - helps you determine how vulnerable your PC is to computer viruses, spyware and other dangers and learn what steps you can take to improve your protectionNo
UAsmw Soft Popups Burnerpopups burner.exePopup blocker, part of Asmw Soft PC OptimizerNo
Xasnconsolemsasn.exeAdded by the RBOT.EVU TROJAN!No
XASocksrvSocksA.exeAdded by the VB.CBW WORM!No
Xasp-srvcasp-srvc.exeAdded by the AGOBOT-KG WORM!No
XASP.NET State Servicecsrss.exeAdded by the DLOADER-QI TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
XASP.NET State Servicecrsass.exeAdded by the BANLOAD-M TROJAN!No
XASP.NET State Serviceservicos..exeAdded by the DADOBRA-I TROJAN!No
Nasp4trayasp4tray.exeSystem Tray application for Aureal Vortex based soundcards. Can be run manually via Start -> Settings -> Control PanelNo
?AspireServiceAspireService.exeFound on Acer laptops, the process name for this entry is "Win32 Service for Control Board and Remote Control" and it's part of Acer eMode Management. What does it do and is it required?No
YAspireTimeMachineacertmb.exeSystem recovery software supplied with some Acer notebook PCs. Similar to GoBack and the restore program in WinXP, allowing you to restore a PC back to a working state with minimal re-entryNo
XASpyCASpyC.exeAntiSpyCheck rogue spyware remover - not recommended, removal instructions hereNo
Xasr64_ldm.exeasr64_ldm.exeAdded by the Dr. Guard rogue security software - not recommended, removal instructions hereNo
Xasrupdate.exeasrupdate.exeAdded by the VB.ATZ TROJAN!No
XAss and tittiesCMD32.EXEAdded by the SDBOT-GG BACKDOOR!No
XassistseASSISTSE.EXECnsMin (Chinese Keywords) hijacker relatedNo
XASTASTAdded by the VB.AH TROJAN!No
XASTAST.exeAutoStarter parasite No
UASTARTastart.exeASUS TweakEnable - restores manually changed settings for ASUS based video cards such as overclocking. Only required if you use non-standard settingsNo
XAStartAStartAdded by the VB.AH TROJAN!No
NasTrayAstray.exeVoyetra Audio Station - part of Voyetra's Ultimate MP3 & CD Manager. MP3 and digital music jukebox/organizerNo
NAstroAstro.exeChecks for updates to Quicken on a system rebootNo
XAstrumAstrum.exeAstrum Antivirus Pro rogue security software - not recommended, removal instructions hereNo
Xasusasus.exeAdded by the RBOT-OC WORM!No
?ASUS Camera ScreenSaverASScrProlog.exeEither a valid program on some ASUS laptops - such as the F3 and F5 series or unsafe, according to PREVX and InCode Solutions. Can any ASUS owners with this file confirm? File is located in %Windir%No
NASUS Live UpdateALU.exeASUS Live Update utility for their motherboardsNo
NASUS ProbeAsusProb.exeASUS video card fan/thermal monitor - only required if you overclock your card or live in a hot areaNo
?ASUS Screen Saver ProtectorASScrPro.exeEither a valid program on some ASUS laptops - such as the F3 and F5 series or unsafe, according to PREVX and InCode Solutions. Can any ASUS owners with this file confirm? File is located in %Windir%No
UASUS SmartDoctorVGAProbe.exeASUS video card fan/thermal monitorNo
UASUS TweakEnableastart.exeASUS TweakEnable - restores manually changed settings for ASUS based video cards such as overclocking. Only required if you use non-standard settingsNo
?AsusACPIServerAsAcpiSvr.exePart of the ACPI driver for the Asus Eee PC range. What does it do and is it required?No
UAsusEPCMonitorAsEPCMon.exePart of the ACPI driver for the Asus Eee PC range. Manages the Fn function keys and "on screen display"No
NASUSGamerOSDGamerOSD.exeGamerOSD by ASUSTek - for "real-time overclocking, benchmarking and video capturing in any PC game". Free for ASUS graphics cards, 30-day trial for non-ASUS graphics cardsNo
NASUSKeyV38SHELL.EXESystem tray Icon for quickly changing video modesNo
?AsusStartupHelpAsRunHelp.exeUnknown ASUS motherboard utility. What does it do and is it required?No
Xasussvcasussvc.exeAdded by the AGENT-FPB TROJAN!No
UAsusTrayAsTray.exePart of the ACPI driver for the Asus Eee PC range. Watches the sensors of the motherboard such as power and temperatureNo
UasustweakenableATweak.exeASUS TweakEnable - restores manually changed settings for ASUS based video cards such as overclocking. Only required if you use non-standard settingsNo
NASUSWebStorageASUSWSDashBoard.exeSystem Tray access to ASUS Webstorage online backup and sharing utility which is pre-installed on some ASUS systems or available for free (with 1GB available) for others. Disable unless you want to automatically backup and sync your files every time your system startsYes
NAsusWSDashBoardASUSWSDashBoard.exeSystem Tray access to ASUS Webstorage online backup and sharing utility which is pre-installed on some ASUS systems or available for free (with 1GB available) for others. Disable unless you want to automatically backup and sync your files every time your system startsYes
NASWDPASWDP.exeMLS Pulse - real estate software. Keeps the home buyer/seller continually informed on the status of his/her local/regional real estate marketNo
XASWnkaswnk.exeAdult content diallerNo
UAT&T Self Support Toolmatcli.exeAT&T Resolution Assistant. "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, state, etc and gets written to a log file". Resolution Assistant is required to run with the Help and Support program. If you uncheck AT&T Self Support Tool and then run Help and Support it will add another in the startup menu. If you remove Resolution Assistant via add/remove programs some menus in help and support will not be available. You decideNo
UAT-WatchATWatch.exeAnti-Trojan Watch - trojan detectorNo
Xatapidrvatapidrv.exeAdded by the AGOBOT-SL WORM!No
Uatchkatchk.exeAMT Status Message from Intel. Users can manage this, read the article. See here for more information on Intel AMTNo
Xatf.exepgs.exePart of the PCSecureSystem rogue security software - not recommended. A member of the AVSystemCare familyNo
Xatf_reinstallatf.exePart of the AVSystemCare rogue security software - not recommended. See hereNo
UAthanAthan.exeAthan - an application that calculates and reminds the five daily Islamic prayer times for anywhere in the worldNo
UATI 2D ComponentAti2mdxx.exeInstalled with the drivers for some ATI based discrete graphics cards and on-board/mobile chipsets. After testing it's exact function isn't known at this time and it doesn't appear to be running even with the startup entry enabled - hence the "U" recommendationYes
XATI Active Graphics Card Monitoratievx.exeAdded by the IRCBOT-TL WORM!No
XATI AS Filtermsnse.exeAdded by the RBOT-CCY WORM! Note - modifies the HOSTS file by appending numerous lines, preventing access to the virus cleaning websitesNo
NATI CATALYST System TrayCLI.exe SystemTraySystem Tray access to ATI's Catalyst™ Control Center. Note that this has "SystemTray" appended to CLI.exe in the "Command" column of MSCONFIG. Not required to run the control center - which is available via a right-click on the desktopNo
XAti Control Panelatiphexx.EXEAdded by the RBOT-BR WORM!No
XATI Cpanelatiphexx.exeAdded by the AGOBOT-NV WORM!No
UATI Desktop ComponentATIPTAXX.EXEInstalled with the drivers for some ATI based discrete graphics cards and on-board/mobile chipsets. Provides System Tray access to display settings (including desktop resolution, color depth and multi-display schemes), help and troubleshooting. Unless you often change your display settings this isn't really required as all the settings are available via the system Control Panel under "Display"Yes
NATI DeviceDetectATIDtct.EXEUtility meant for future use of the ATI TV WONDER USB 2.0 video driver and can be disabledNo
XATI DisplayATIDisplay.exeAdded by the BDOOR-AFH BACKDOOR!No
XATI Display Driveratixd.exeAdded by the RBOT-FOV WORM!No
XAti Display Settingsatividx.exeAdded by the RBOT-GAS WORM!No
NATI GART Set-up UtilityAtigart.exeProgram that checks the motherboard chipset and determines which GART driver bundle to install on ATI video cards. If you have one, once installed it shouldn't be neededNo
UATI Launchpadlaunchpd.exeConvenient way to start all your Multimedia Center applications (DVD, Video CD, CD Audio, File Player). You can right-click LaunchPad, and uncheck Load on Startup in the menuNo
XATI Rage3d ProAtiRage4dPro.exeAdded by the AGOBOT-OG WORM!No
YATI Remote ControlATIRW.exeATI Remote Wonder™ - PC wireless remote control driver. Required if you use itNo
YATI Remote ControlATIX10.exeATI Remote Wonder™ - PC wireless remote control driver. Required if you use itNo
NATI SchedulerAtisched.exeComponent that remains resident in memory and automatically launches the ATI VIDEO PLAYER at a user selected time and date. Delete the shortcut in the Start -> Programs -> Startup folder as well. Functions could re-enable the program to load at start-up and re-introduce the shortcut. Try it and seeNo
NATI Task ApplicationAtitkad.exeSystem Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Start -> Settings -> Control Panel -> DisplayNo
NATI Task Application (Atikey)Atitask.exeSystem Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Start -> Settings -> Control Panel -> DisplayNo
UATI Technologies Inc. HydraVision Desktop ManagerHydraDM.exePart of HYDRAVISION - ATI's software for managing mutliple displays and virtual desktops. This is the HYDRAVISION Desktop Manager - which "customizes the behaviour of windows and dialog boxes, allows you to set up Hotkeys for navigation in multiple display configurations and applies special effects like transparency and shadows to you desktop"Yes
UATI Technologies Inc. HydraVision ViewportHydraMD.exePart of HYDRAVISION - ATI's software for managing mutliple displays and virtual desktops. This is HYDRAVISION MultiDesk - which "creates, organizes and arranges up to nine active multi-monitor desktop combinations and allows you to cycle between them with a mouse." There is an optional System Tray icon or a hotkey can be configured to cycle through the desktopsYes
XATI Technology Startuptechstart.exeAdded by the RBOT-AEU WORM!No
XATI Video Driver Controlatigfx.exeAdded by the RBOT-FWL WORM!No
XATI Video Driver Controlbtorrent.exeAdded by a variant of the IRCBOT TROJAN!No
XATI Video Driver Controls[path to worm]Added by the SDBOT-DDS WORM!No
XATI VIDEO REGKEYati2vid.exeAdded by the SDBOT.UR WORM!No
?Ati2cwxxAti2cwxx.exeFor some ATI video cards. Probably used to access features and may not be required - for example the ATI Radeon works fine without itNo
XAti2evxxAti2evxx.comAdded by the BACKDOOR-CPC TROJAN!No
Xati2f104ati2f104.exeAdded by the DLOADR-BBW TROJAN!No
UAti2mdxxAti2mdxx.exeInstalled with the drivers for some ATI based discrete graphics cards and on-board/mobile chipsets. After testing it's exact function isn't known at this time and it doesn't appear to be running even with the startup entry enabled - hence the "U" recommendationYes
NATICCCcli.exe runtimeATI's Catalyst™ CONTROL CENTER. Required if you want to change graphics settings on a regular basis but you must have internet access and Microsoft's .NET framework installed. Note that this has "runtime" appended to cli.exe in the "Command" column of MSCONFIG. Recommend that start the program manually via Start → Programs → ATI Catalyst Control Center → Advanced → Restart Runtime as it can cause problems when starting WindowsNo
NATICCCCLIStart.exePuts the ATI Catalyst™ Control Center Icon/Shortcut on the System Tray - available via Start → ProgramsNo
XAtiCpanelatiphexx.exeAdded by the AGOBOT.IL WORM!No
Xaticpaxx.exeaticpaxx.exeAdded by the RBOT-XP WORM!No
UAtiCwdAtiCwd.exeThis utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video cardNo
UAtiCwdAtiCwd32.exeThis utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video cardNo
UAtiCwdAti2cwad.exeThis utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video cardNo
UAtiCwd32AtiCwd.exeThis utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video cardNo
UAtiCwd32AtiCwd32.exeThis utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video cardNo
UAtiCwd32Ati2cwad.exeThis utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video cardNo
XAtiDisplayDrvatidrvxx.exeAdded by the RBOT-VZ WORM!No
XatidriverreaIplayer.exeAdded by the WARPIGS-E WORM! Note the uppercase "I" in the filename, rather than a lower case "L"No
NAtiGartAtigart.exeProgram that checks the motherboard chipset and determines which GART driver bundle to install on ATI video cards. If you have one, once installed it shouldn't be neededNo
NAtiKeyAtiKey32.exeSystem Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Start -> Settings -> Control Panel -> DisplayNo
NAtiKeyatiptkad.exeSystem Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Control Panel → DisplayNo
NAtikeyAtitask.exeSystem Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Start -> Settings -> Control Panel -> DisplayNo
UATIMACEMACE.exeATI Technologies Control Centre - installed alongside ATI graphics hardware and provides additional configuration options for these devices in the Managed Access to Catalyst™ Environment (MACE) componentNo
UATIModeChangeAti2mdxx.exeInstalled with the drivers for some ATI based discrete graphics cards and on-board/mobile chipsets. After testing it's exact function isn't known at this time and it doesn't appear to be running even with the startup entry enabled - hence the "U" recommendationYes
XAtiPanelatip.exeAdded by the TACTSLAY.U TROJAN!No
Xatipatxxatipatxx.exeAdded by the SMALL-ED TROJAN!No
NATIPOLABati2evxx.exeHotkey handler for ATI desktop and mobile graphics chipsets. Users report that most of the hotkeys aren't well documented, they aren't therefore used and it can consume lots of CPU resources on some computers. Unless you use the hotkeys leave it disabled. Starts via a registry "Run" key on Windows 98/Me and as a service on Windows 2K/XP/VistaNo
UATIPOLABati2evae.exeATI Polling Program - part of the ATI graphics driver e.g. on some Fujitsu-Siemens NotebooksNo
NATIPOLLati2evxx.exeHotkey handler for ATI desktop and mobile graphics chipsets. Users report that most of the hotkeys aren't well documented, they aren't therefore used and it can consume lots of CPU resources on some computers. Unless you use the hotkeys leave it disabled. Starts via a registry "Run" key on Windows 98/Me and as a service on Windows 2K/XP/VistaNo
UAtiPTAAti2ptxx.exeControl panel for the ATI series of video cards allowing access to such features as display resolution, colour depth, etc. Available via Start -> Settings -> Control Panel -> Display. Some users may need it if they have optimised their settingsNo
UATIPTAATIPTAXX.EXEInstalled with the drivers for some ATI based discrete graphics cards and on-board/mobile chipsets. Provides System Tray access to display settings (including desktop resolution, color depth and multi-display schemes), help and troubleshooting. Unless you often change your display settings this isn't really required as all the settings are available via the system Control Panel under "Display"Yes
UAtiPTAAtiptaab.exeControl panel for the ATI series of video cards allowing access to such features as display resolution, colour depth, etc. Available via Start → Settings → Control Panel → Display. Some users may need it if they have optimised their settingsNo
UAtiPTAAAAti2ptxx.exeControl panel for the ATI series of video cards allowing access to such features as display resolution, colour depth, etc. Available via Start -> Settings -> Control Panel -> Display. Some users may need it if they have optimised their settingsNo
UAtiPTAAAATIPTAXX.EXEInstalled with the drivers for some ATI based discrete graphics cards and on-board/mobile chipsets. Provides System Tray access to display settings (including desktop resolution, color depth and multi-display schemes), help and troubleshooting. Unless you often change your display settings this isn't really required as all the settings are available via the system Control Panel under "Display"No
UatiptaxxAti2ptxx.exeControl panel for the ATI series of video cards allowing access to such features as display resolution, colour depth, etc. Available via Start -> Settings -> Control Panel -> Display. Some users may need it if they have optimised their settingsNo
UATIPTAXXATIPTAXX.EXEInstalled with the drivers for some ATI based discrete graphics cards and on-board/mobile chipsets. Provides System Tray access to display settings (including desktop resolution, color depth and multi-display schemes), help and troubleshooting. Unless you often change your display settings this isn't really required as all the settings are available via the system Control Panel under "Display"Yes
Xatiptextatiptext.exeAdded by the COSIAM-A TROJAN!No
UAtiQiPclAtiQiPcl.exeUsed for hardware DVD decoding on ATI video cards supporting this feature. Not required unless you regularly play DVD'sNo
YATIRmtWndrATIX10.exeATI Remote Wonder™ - PC wireless remote control driver. Required if you use itNo
UATISmartati2s9ag.exeATI's "SMARTGART", which is included with the Catalyst™ drivers. When the system boots, it runs a couple of bus tests & tries to apply the most stable settingsNo
UAtiSoundcsrss.exeWinSpy surveillance software. Uninstall this software unless you put it there yourself. Note - this is not the same file as the csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "ComRoot" subfolderNo
Xatisrc2windfind.exeAdded by the WINDFIND-A TROJAN! No
XATITechActive.exeAdded by the ROAMER-A TROJAN!No
Uatitrayatitray.exeATI Tray Tools - allows quick access to ATI graphics card settingsNo
UAtiTrayToolsatitray.exeATI Tray Tools - allows quick access to ATI graphics card settingsNo
XatiupdateATIUPDATE5.EXEAdded by the DEBESKI.A TROJAN!No
Xatiupdatemsshed32.exeAdded by the DELF.EP downloader TROJAN!No
XATIUpdateratiupdxx.exeAdded by the RBOT-ABX WORM!No
XAtiupdplatiupdpl.exeAdded by the SMALL.AOS TROJAN!No
Xativopenativopen.exePremium rate adult content diallerNo
YATIX10atix10.exeATI Remote Wonder™ - PC wireless remote control driver. Required if you use itNo
UATKMEDIADMEDIA.EXEDriver for the media buttons on the front of some Asus laptops, such as Forward,back,stop,pause etcNo
UATKOSD2ATKOSD2.exeOn-screen display utility bundled with laptops from ASUS. If this utility is not installed then you will not be able to properly use other AsusTek utilities such as Splendid and Power GearNo
XAtl**.exe [* = random char]Atl**.exe [* = random char]CoolWebSearch/HomeSearch adware - for examples, see this logNo
XAtl**32.exe [* = random char]Atl**32.exe [* = random char]CoolWebSearch/HomeSearch adware - for examples, see this logNo
XATM Controladpn.exeAdded by the MMS.A WORM!No
NATnotesatnotes.exeLoads the ATnotes program for virtual sticky notes for your desktop. Available via Start -> ProgramsNo
UAtomic Time SynchronizerTimeSync.exeTimeSync - lets you synchronize your computer's clock with any internet atomic clockNo
XAtomic-x27Atomic-x27.exeAdded by the KATOMIK-A WORM!No
XAtomic-x27CAtomicpartC.exeAdded by the KATOMIK-A WORM!No
UAtomic.exeAtomic.exeAtomic Clock Sync - synchronizes your computer's time with the NIST time serverNo
NAtomicaatomica.exeAtomica runs from the System Tray and allows the user to find out more about a word or phrase on any screen by pointing at it with the mouse and clicking button one while holding down the Alt keyNo
UAtomicTimeATOMICTIME.EXEAtomicTime - utility that synchronizes your PC clock to an atomic clockNo
UAtomSyncatomsync.exeAtomSync - "this NTP client synchronizes your PC clock with an internet atomic time server or with a time server on your LAN"Yes
UAtrackatrack.exeNew feature of Norton Internet Security (NIS) and Norton Personal Firewall (NPF) 3.0 is the Alert Tracker, an instant notification feature. The Alert Tracker displays information about events as they happen. This way, when a rule has been triggered or an access to the Internet made, you know about it immediately rather than finding out about it when you check your logs or notice that the NIS icon indicates a security alertNo
UAtrayAtray.exeActive Tray is a utility which lets you configure the system tray. You can also create your own tray iconsNo
UATSpoolerAppsTraka.exeDeskTopScout keystroke logger/monitoring program - remove unless you installed it yourself!No
UATTBroadbandUpdateSAUpdate.exeBig Brother from Quest Software. System and network monitorNo
UATTRedUpdateAutoUpdate.exeAdditional item added to start-ups after AT&T took over the now bankrupt Excite@home high-speed internet service. Included for automatically downloading and installing updates. Leave it unless you plan to regularly run it to check for updatesNo
XAttuneClientEngineattune_ce.exeAveo Attune automated helpdesk software - adware/spywareNo
XAttuneContentUpdaterattune_cu.exeAveo Attune automated helpdesk software - adware/spywareNo
XAttuneDiscoveryattune_di.exeAveo Attune automated helpdesk software - adware/spywareNo
XAttunelAttunel.exeAveo Attune automated helpdesk software - adware/spywareNo
XAttuneSystrayattune_st.exeAveo Attune automated helpdesk software - adware/spywareNo
NaTuneratuner.exeaTuner - tweak tool for GeForce based graphics cardsNo
Yatwtusbatwtusb.exeUSB interface for Aiptek Graphics Tablet (USB)No
XAtxBrwIexplor.exe"Pop Marketing" adwareNo
UauDealioAu.exeDealio Toolbar is a free shopping comparison toolbar that allows users to search for a wide range of consumer productsNo
UAU AgentAUagent.exeAu Agent from Zilab Software. Win2K/NT enhancement tool. Allows you to run applications under any security context without closing the whole logon session to process a new logonNo
Xau.exeau.exeAdded by the BEAGLE.B WORM!No
YAUCBPNPaucbnpn.exeAdaptec USB CardBus Safe-Eject - driver for the Adaptec USB 2.0 CardBus which provides USB 2.0 ports for laptop users via a PCMCIA card slotNo
XAucompatAucompat.exeAdded by the GEMA TROJAN!No
XAudcntraudcntr.exeAdded by the GEMA TROJAN!No
?AudCtrlRunDll32 AudCtrl.dll, RCMonitorAudio control panel?No
Xaudi32audi32.exeAdded by the RANCK-FL TROJAN!No
XAUDIOSOUND.exeAdded by the PLOYB-A TROJAN!No
XAudio Device Managerwinfp.exeAdded by the IRCBOT-XS WORM!No
XAudio Device ManagerWinNT.exeAdded by the IRCBOT.USP BACKDOOR!No
XAudio Device ManagerWNDXP.exeAdded by the IRCBOT.AJL BACKDOOR!No
XAudio Device Managersfhgj.exeAdded by the IRCBOT-ZA BACKDOOR!No
XAudio HD Driver[random.exe]Added by the AGENT-OAL TROJAN!No
Xaudiocfg.exeaudiocfg.exeAdded by the VB.ATE WORM!No
XAudiocntlaudiocntl.exeAdded by a variant of the CRYPTER.C TROJAN!No
NAudioCommanderAudioCommander.exeSystem Tray access to the AudioCommander user interface for Andrea USB devices - including features such as noise cancellation, graphic equalizer, echo Cancellation and beam formingYes
NAudioCommander ApplicationAudioCommander.exeSystem Tray access to the AudioCommander user interface for Andrea USB devices - including features such as noise cancellation, graphic equalizer, echo Cancellation and beam forming. This entry is taken from the XP version of Windows DefenderYes
NAudioCommanderVistaAudioCommander.exeSystem Tray access to the AudioCommander user interface for Andrea USB devices - including features such as noise cancellation, graphic equalizer, echo Cancellation and beam forming. This entry is taken from the registry "Run" key in the Vista versionYes
NAudioDeckADeck.exeADeck.exe is a system tray application for VIA's sound cards which offers quick access to a number of sound card related itemsNo
XAudiodrvaudiodrv.exeAdded by the CRYPTER-C TROJAN!No
UAudioDrvEmulatorDLLML.exe AudDrvEm.dllRelated to Creative DLL Module Loader for the Sound Blaster X-Fi (and maybe others). This program is non-essential process to the running of the system, but should not be terminated unless suspected to be causing problemsNo
NAudioHQAhqtb.exeFor Creative Soundblaster Live! series soundcards. System tray application for SB Live! functions. Available via Start -> ProgramsNo
XAudioHQaudiohq.exeAdded by the BANKER-EHK TROJAN!No
NAudioHQUAHQTBU.EXESystem Tray application installed with the drivers for Creative Labs SoundBlaster Live! Can be run from Start -> Programs No
Xaudioinfaudioinf.exeAdded by a variant of the CRYPTER.C TROJAN!No
XAudioManExplorer.sm1Added by the HUPIGON.IFZ BACKDOOR!No
Xaudlmne32dcmsxe.exeAdded by the MAILBOT-CF TROJAN!No
XAudoi Device Loadersmssv.exeAdded by the AGOBOT-ZY WORM!No
XaugmsgAUGMSG.EXEAdded by the SPYBOT-CO WORM!No
Xauloadplxmplprogsm.exeAdded by the SLAPER.K TROJAN!No
XAUNPS2RUNDLL32 AUNPS2.DLL, _Run@16AUNPS adwareNo
Xaupdsymcsvc.exeAdded by the ABWIZ.D TROJAN!No
Xaupdsysvcs.exeAdded by the ABWIZ.C TROJAN!No
Xaupdsywsvcs.exeAdded by the ORSE-M TROJAN!No
YAureal A3D Interactive Audiosa3dsrv.exeFor Aureal based 3D soundcards. A3D sound features won't work with this disabledNo
YAureal A3D Interactive Audio InitA3dInit.exeFor Aureal based 3D soundcards. A3D sound features won't work with this disabledNo
UAuslogics BoostSpeedboostspeed.exeSystem Tray access to Auslogics BoostSpeed system optimization utility - which allows you to "Start programs faster. Speed up computer start time. Increase Internet speed, optimize your Internet Explorer, Firefox and E-mail programs"Yes
UAuslogics BoostSpeed 4boostspeed.exeSystem Tray access to Auslogics BoostSpeed 4 system optimization utility - which "Start programs faster. Speed up computer start time. Increase Internet speed, optimize your Internet Explorer, Firefox and E-mail programs"Yes
Xausvcausvc.exeAdded by the AUTOUPDER TROJAN!No
XAuth Starter Identstartauth.exeAdded by the RBOT-WP WORM!No
YAuthentic-ID Toolbarwintmr.exeSystem Tray access to Child Control parental control software by SalfieldNo
YAuthentic-ID Toolbarrundll32.exe [path] ToolbarATL.dll, LoadTrayIconAuthentic-ID Toolbar - website authentication utility. Warns you when a site is recognized for phishing or isn't authentic, for exampleNo
Xauthzauthz.exeAdded by an unidentified VIRUS, WORM or TROJAN!No
Xautowin32.exeAdded by an unidentified TROJAN! See hereNo
Xautoauto.exeAdded by the DOQ.GEN.Y BACKDOOR!No
XAuto CD-ROM Startupcdaccess.exeAdded by the SPYBOT.BLA WORM!No
UAuto EPSON PictureMate Deluxe on XE_FATI9TA.EXEEpson Status Monitor 3 for the PictureMate Deluxe compact photo printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus C45 Series on XE_S4I3T1.EXEEpson Status Monitor 3 for the Stylus C45 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus C48 Series on XE_S10IC2.EXEEpson Status Monitor 3 for the Stylus C48 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus C48 Series on XE_S4I091.EXEEpson Status Monitor 3 for the Stylus C48 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus C60 Series on XE_S10IC2.EXEEpson Status Monitor 3 for the Stylus C60 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus C62 Series on XE_S10IC2.EXEEpson Status Monitor 3 for the Stylus C62 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus C64 Series on XE_S4I2C1.EXEEpson Status Monitor 3 for the Stylus C64 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus C82 Series on XE_S0HIC1.EXEEpson Status Monitor 3 for the Stylus C82 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus C84 Series on XE_S4I2D1.EXEEpson Status Monitor 3 for the Stylus C84 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus C87 Series on XE_FATIABL.EXEEpson Status Monitor 3 for the Stylus C87 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus CX3200 on XE_S10IC2.EXEEpson Status Monitor 3 for the Stylus CX3200 printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus CX3500 Series on XE_FATI9 BL.EXEEpson Status Monitor 3 for the Stylus CX3500 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus CX3600 Series on XE_FATI9BE.EXEEpson Status Monitor 3 for the Stylus CX3600 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus CX3700 Series on XE_FATIACP.EXEEpson Status Monitor 3 for the Stylus CX3700 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus CX3800 Series on XE_FATIACA.EXEEpson Status Monitor 3 for the Stylus CX3800 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus CX4200 Series on XE_FATIAEA.EXEEpson Status Monitor 3 for the Stylus CX4200 Series printer - for monitoring printer status, checking ink levels, etc, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus CX4500 Series on XE_FATI9AP.EXEEpson Status Monitor 3 for the Stylus CX4500 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus CX4600 Series on XE_FATI9AA.EXEEpson Status Monitor 3 for the Stylus CX4600 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus CX4800 Series on XE_FATIADA.EXEEpson Status Monitor 3 for the Stylus CX4800 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus CX5000 Series on XE_FATIBVA.EXEEpson Status Monitor 3 for the Stylus CX5000 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus CX5400 on XE_S4I2G1.EXEEpson Status Monitor 3 for the Stylus CX5400 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus CX5500 Series on XE_FATICAP.EXEEpson Status Monitor 3 for the Stylus CX5500 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus CX6000 Series on XE_FATIBIA.EXEEpson Status Monitor 3 for the Stylus CX6000 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus CX6400 on XE_S4I2L1.EXEEpson Status Monitor 3 for the Stylus CX6400 printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus CX6600 Series on XE_FATI9EE.EXEEpson Status Monitor 3 for the Stylus CX6600 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus CX6600 Series on XE_FATI9EA.EXEEpson Status Monitor 3 for the Stylus CX6600 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus CX7400 Series on XE_FATICDA.EXEEpson Status Monitor 3 for the Stylus CX7400 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus CX7800 Series on XE_FATIAFA.EXEEpson Status Monitor 3 for the Stylus CX7800 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus CX9400Fax Series on XE_FATICFA.EXEEpson Status Monitor 3 for the Stylus CX9400Fax Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus D78 Series on XE_FATIBGE.EXEEpson Status Monitor 3 for the Stylus D78 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus D88 Series on XE_FATIABE.EXEEpson Status Monitor 3 for the Stylus D88 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus DX3800 Series on XE_FATIACE.EXEEpson Status Monitor 3 for the Stylus DX3800 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus DX4800 Series on XE_FATIADE.EXEEpson Status Monitor 3 for the Stylus DX4800 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus DX6000 Series on XE_FATIBIE.EXEEpson Status Monitor 3 for the Stylus DX6000 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus Photo 1400 Series on XE_FATIBUA.EXEEpson Status Monitor 3 for the Stylus Photo 1400 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus Photo 820 Series on XE_S10IC2.EXEEpson Status Monitor 3 for the Stylus Photo 820 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus Photo R1800 on XE_FATI9LA.EXEEpson Status Monitor 3 for the Stylus Photo R1800 printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus Photo R200 Series on XE_S4I2H1.EXEEpson Status Monitor 3 for the Stylus Photo R200 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus Photo R200 Series on XE_S4I0H2.EXEEpson Status Monitor 3 for the Stylus Photo R200 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus Photo R220 Series on XE_FATIAIE.EXEEpson Status Monitor 3 for the Stylus Photo R220 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus Photo R2400 on XE_FATI9SA.EXEEpson Status Monitor 3 for the Stylus Photo R2400 printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus Photo R2400 on XE_FATI9SE.EXEEpson Status Monitor 3 for the Stylus Photo R2400 printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus Photo R260 Series on XE_FATIBNA.EXEEpson Status Monitor 3 for the Stylus Photo R260 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus Photo R280 Series on XE_FATICKA.EXEEpson Status Monitor 3 for the Stylus Photo R280 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus Photo R300 Series on XE_S4I2F1.EXEEpson Status Monitor 3 for the Stylus Photo R300 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus Photo R300 Series on XE_S4I0F2.EXEEpson Status Monitor 3 for the Stylus Photo R300 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus Photo R320 Series on XE_FATI9FA.EXEEpson Status Monitor 3 for the Stylus Photo R320 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus Photo R340 Series on XE_FATIAJE.EXEEpson Status Monitor 3 for the Stylus Photo R340 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus Photo R800 on XE_FATI9YE.EXEEpson Status Monitor 3 for the Stylus Photo R800 printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus Photo RX420 Series on XE_FATI9CE.EXEEpson Status Monitor 3 for the Stylus Photo RX420 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus Photo RX500 on XE_S4I2K1.EXEEpson Status Monitor 3 for the Stylus Photo RX500 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus Photo RX600 on XE_S4I2M1.EXEEpson Status Monitor 3 for the Stylus Photo RX600 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus Photo RX680 Series on XE_FATICJA.EXEEpson Status Monitor 3 for the Stylus Photo RX680 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus Photo RX700 Series on XE_FATI9IA.EXEEpson Status Monitor 3 for the Stylus Photo RX700 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
UAuto EPSON Stylus Pro 7600 on XE_S10IC2.EXEEpson Status Monitor 3 for the Stylus Pro 7600 printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etcNo
XAuto File System Conversion Utilityscricon.exeAdded by the SDBOT.EYB WORM!No
Xauto repair systemqualityx.exeAdded by an unidentified WORM or TROJAN - probably a SPYBOT variantNo
UAuto Run Software for Photo FramePhotoManager.exeManagement software for Philips digital PhotoFrame range. Used to edit photos and transfer them directly from a PC via a USB cable. Start manually when you connect the deviceYes
XAuto Scroll LoaderASCRLL.EXEAdded by the SPYBOT-T WORM!No
XAuto Startdosin.exeAdded by the SDBOT-GO BACKDOOR!No
XAuto Startsndvol32.exeAdded by the SLINBOT.AX BACKDOOR!No
XAuto Startwindos.exeAdded by the SLINBOT.BO BACKDOOR!No
UAuto SwitchTASKBAR.exeRelated to 2-port Bitronics AutoSwitch kit from BelkinNo
NAuto T Barautotbar.exeIf you disable the HP VIEW toolbar in IE and rearrange the toolbars on a reboot they will be back as they were before if this is left enabledNo
XAuto UpdatWindowsSys32.exeAdded by a variant of the FORBOT WORM!No
XAuto updatcrcss.exeAdded by the SDBOT.AAG WORM!No
XAuto updatSysDebug.exeAdded by the FORBOT-BA WORM!No
XAuto UpdateAUP.exeAdded by an unididentified WORM or TROJAN!No
XAuto Updatedma.exeAdded by the RBOT-AVO WORM!No
XAuto Updatesvchost.exeAdded by the DUMARDI-A TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
XAuto Updaterasclt.exeAdded by the SLINBOT.CJ BACKDOOR!No
XAuto Updatessvchost.exeAdded by the CHEUKO-A TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
XAuto WinUpdatetaskmrg.exeAdded by the RBOT-AFA WORM!No
XAutoAdministratorSERVICES.EXEAdded by the PUNYA-A WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Root%\Application Data\WINDOWSNo
UAutobarautobar.exeConnect buttons on the keyboard for internet direct access, etc. on HP computersNo
NAutoCADacstart17.exePreloads part of AutoCAD into disk cache at startup to speed up the launch of the main program when needed. Not required as most AutoCAD users tend to either open the program once and leave it open or open it occasionally to check drawingsYes
NAutoCAD Startup Acceleratoracstart16.exePreloads part of AutoCAD into disk cache at startup to speed up the launch of the main program when needed. Not required as most AutoCAD users tend to either open the program once and leave it open or open it occasionally to check drawingsNo
NAutoCAD Startup Acceleratoracstart17.exePreloads part of AutoCAD into disk cache at startup to speed up the launch of the main program when needed. Not required as most AutoCAD users tend to either open the program once and leave it open or open it occasionally to check drawingsYes
Xautochkrundll32.exe autochk.dll,_IWMPEvents@16Added by the OPACHKI.A TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "autochk.dll" file is found in %System%No
Xautochkrundll32.exe protect.dll,_IWMPEvents@16Added by the OPACHKI.A TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "protect.dll" file is found in %UserProfile%No
Uautoclkautoclk.exeAutoclik is a Windows utility "that allows you to perform all mouse activity with absolutely no clicking"No
XAutoDiscovery/AutoPurge (ADAP) Servicewmiadapi.exeAdded by the RBOT.FLT WORM!No
NAutoEAAhqrun.exeFor Creative Soundblaster Live! series soundcards. Specify for any audio application what audio preset to automatically associate with currently active speaker output. Available via AudioHQNo
XAUTOEXEAUTOEXE.exeAdded by the SEMAPI-A WORM!No
Xautoloadcftmon.exeAdded by the SOCKS-E WORM!No
Xautoloadspooll.exeAdded by the SILLYFDC WORM!No
Xautoloadwindowsupdate.exeAdded by the POLYCRYP.DY TROJAN! No
Xautoloadspool.exeAdded by the AGENT-GSG TROJAN!No
XAutoloaderaproposclientApropos_Client_Loader.exeAproposMedia adwareNo
XAutoloaderaproposclientcxtpls_loader.exeAproposMedia adwareNo
XAutoLoaderEnvoloAutoUpdaterauto_update_loader.exeEnvolo/AproposMedia adware updaterNo
NAutoMate Task Serviceautomate.exeTask scheduler for Unisyn Automate 4 task automation/macro running software. Available via a desktop shortcut or Start → ProgramsNo
UAutoMate5Am5HkWnd.exe"Automate is the Leading Software for Automation of front and back-office business processes.It provides all the tools necessary to completely automate business processes, regardless of their complexity"No
UAutoMate6AMEM.exeAutoMate 6 for automating repetitive tasksNo
XAutomated Windows Updateswauclt.exeAdded by the GAOBOT.AJD WORM!No
XAutomatic Defrag Managerdefrag.exeAdded by the RBOT-AKE WORM!No
XAutomatic Media UpdateCACHE.RVDAdded by an unidentified WORM/TROJAN!No
XAutomatic Media UpdateHPLNT32.RVDAdded by an unidentified WORM/TROJAN!No
XAutomatic Microsoft Windows Updatersuchost.exeAdded by the RBOT-EQ WORM! No
XAutomatic Updatesalgs.exeAdded by the IRCBOT-AAM TROJAN!No
XAutomatic Windows UpdaterUpdate.exeAdded by the GAOBOT.AO WORM!No
NAutomatically launches the United Devices Agent when you start your computerUD.EXEThe United Devices Agent can recycle your PC's unused resources and use them to perform valuable scientific and medical research without disturbing your usual computer use - similar to SETI@home but for medical research. Available via Start > ProgramsNo
XautoMewscript.exe solution.vbsAdded by the VBS.SASAN WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted. The "solution.vbs" file is found in %Windir%No
XautoMewscript.exe samok.vbsAdded by the SAMOK-A WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted. The "samok.vbs" file is located in %Windir%No
XAutopdateAutopdate.exeAdded by the RBOT-AGL WORM!No
NAUTOPROPREGPROP.EXE WMPADDIN.DLLBoth the files are in the MS Office/Bots/FP_WMP directory. Apparently, it registers the FrontPage WiMP extensionNo
XAutoProtectAutoProtect.vbsAdded by the KILLBAT-C WORM!No
XAUTOPROTECTUnavapq32.exeAdded by an unidentified WORM or TROJAN!No
Xautorepairdexs.exeAdded by a variant of the SDBOT WORM!No
Xautornautorn.exeAdded by the SILLYFDC.BCY WORM!No
UAutoroute SMTPAutoSmtp.exeAutoroute SMTP - "automatic switching between SMTP servers depending on what network you are currently working in." You need to have two Internet service providersNo
Xautorunautorun.exeAdded by the AUTOM-B WORM!No
Xautorunsxs.exeAdded by the SMALLVBS-A WORM!No
Xautorunwinmain.exeAdded by a variant of the DELF.CNS TROJAN!No
XAutoRunallrs.exeAdded by the MUDROP.LJ TROJAN!No
Xautorundemo[path to trojan]Added by the AGENT-FPX TROJAN!No
XAUTORUN_VALAntiSpyCheck 2.1.exeAntiSpyCheck rogue spyware remover - not recommended, removal instructions hereNo
XAUTORUN_VALasc 2.1.exeAntiSpyCheck rogue spyware remover - not recommended, removal instructions hereNo
?AutoShutdownpssvc.exeUtility to fix vCard Export in MS Outlook 2000 - although why are these together?No
UAutoSizerAUTOSIZER.EXEAutoSizer - utility that automatically maximizes windows when they're openedNo
NAutoSpellautospel.exeAutoSpell - spell checker (version 6.*)No
NAutoSpell 5ASWATC32.EXEAutoSpell - spell checkerNo
UAutoSysautosys.exeWinguardian surveillance software. Uninstall this software unless you put it there yourselfNo
Nautotbarautotbar.exeIf you disable the HP VIEW toolbar in IE and rearrange the toolbars on a reboot they will be back as they were before if this is left enabledNo
NAutoTKitAUTOTKIT.EXEOn HP PC's. Unclear what purpose it serves - but there's a known issue with Internet Explorer Toolbar settings not being saved with it enabledNo
Nautoupdautoupd.exeRaxco Software auto update utilityNo
Xautoupdautoupd.exeAdded by an unidentified VIRUS, WORM or TROJAN! - found in a folder of the same nameNo
Xautoupdaterundll32 DATADX.DLL,SHStartAdded by a variant of the QOOLOGIC TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "DATADX.DLL" file is found in %System%No
Xautoupdaterundll32 SUPDATE.DLL,SHStartAdded by a variant of the QOOLOGIC TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "SUPDATE.DLL" file is found in %System%No
XAutoUpdatesmss.exeAdded by WINSPY.88! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\debug64No
XAutoupdate Servicekaka.exeAdded by the SYMPE-B TROJAN!No
XAutoupdate Service[path to trojan]Added by the AGENT-CB TROJAN!No
XAutoUpdate32services.exeAdded by WINSPY.88! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\debug64No
XAutoUpdateraupdate.exeTinybar variantNo
XAutoUpdaterAutoUpdate.exePeopleonPage foistwareNo
Xautoupdatev2[path to file]Added by the DROPPER-BM TROJAN!No
Xautoupdatev2autoupdatev2.exeDetected by Kaspersky as the AGENT.FQ TROJAN!No
XAutoVirusProtectionciscv.exeAdded by a variant of the RBOT WORM!No
Xauto__antiav__keyantiav_exe.exeAdded by the BAGLEDI-AA TROJAN!No
Xauto__hloader__keyhloader_exe.exeAdded by the BAGLE.AB TROJAN!No
Xaux.exeaux.exeAdded by the ZINS TROJAN!No
XauxAudioDeviceaux32.exeAdded by the AIZU WORM!No
NAUXXTRAYau30setp.exeSystem Tray application for Aureal Vortex based soundcards. Can be run manually via Start -> Settings -> Control PanelNo
XAVUPDATE-28062004.exe[25 blank spaces].vbsAdded by the MIDFIN WORM!No
XAVAntivir.exeAntivir rogue security software - not recommended, removal instructions hereNo
Xavexpressav.exeExpress Antivirus 2009 rogue security software - not recommended, removal instructions hereNo
XAV AntiSpywareava.exeAV AntiSpyware rogue security software - not recommended, removal instructions hereNo
XAV CareAvCare.exeAvCare rogue security software - not recommended, removal instructions hereNo
XAV Clientpatch31345.exeAdded by the MYDOOM.AD WORM!No
XAV Industrypatch31345.exeAdded by the MYDOOM.AD WORM!No
XAV UpDateUpdate.exeAdded by the FUROOT-A TROJAN!No
XAV7antivirus7.exeAntivirus7 rogue security software - not recommended, removal instructions hereNo
NAvaFindAvaFind.exeAvaFind file search utilityNo
Xavagent3974chnb8895.exeAntiVirus ransomware security software - not recommended, removal instructions hereNo
XAVantivirusAvconsol.exeAdded by the MSNVB-D WORM!No
Xavasttroyan.exeAdded by the SMALL.CZ TROJAN!No
XAvasthmu8399.exeAdded by the VB-ECZ TROJAN!No
YAvast!ashServ.exeMain part of avast! Antivirus - including the resident protection, virus chest and scheduler. Starts via a registry "Run" key on Windows 98/Me and as a service on Windows 2K/XP/VistaNo
Yavast!ashDisp.exeSystem Tray access to and notifications for the version 4.* series of antivirus products from avast! - giving left-click access to the On-Access Scanner, right-click access to other options and event notificationsYes
Yavast! AntivirusashDisp.exeSystem Tray access to and notifications for the version 4.* series of antivirus products from avast! - giving left-click access to the On-Access Scanner, right-click access to other options and event notificationsYes
Yavast! AntivirusavastUI.exeSystem Tray access to and notifications for the version 5.* series of antivirus and internet security products from avast! - giving left-click access to the main user interface, right-click access to other options and event notificationsYes
Yavast! Web ScannerAshwebsv.exeWeb scanning part of avast! Antivirus. Starts via a registry "Run" key on Windows 98/Me and as a service on Windows 2K/XP/VistaNo
YAvast32Astart32.exePart of Avast! anti-virus softwareNo
Yavast5avastUI.exeSystem Tray access to and notifications for the version 5.* series of antivirus and internet security products from avast! - giving left-click access to the main user interface, right-click access to other options and event notificationsYes
YavastUIavastUI.exeSystem Tray access to and notifications for the version 5.* series of antivirus and internet security products from avast! - giving left-click access to the main user interface, right-click access to other options and event notificationsYes
Xavcavmon.exeAdded by an unidentified TROJAN!No
UAvconsoleEXEAvconsol.exeFrom McAfee VirusScan up to version 4.x and Dr Solomon's VirusScan. Used to schedule regular scans. If you don't have scans scheduled you don't need itNo
XAvengineAvengine.comAdded by the DELF.LJ TROJAN!No
XAveoAttuneatmdlusr.exeAveo Attune automated helpdesk software - adware/spywareNo
UAVFX EngineStartFX.exeAdvanced Video FX - supported by a number of Creative Web Cameras. "Have more fun by adding a wide range of special effects and backgrounds to your video chat with Advanced Video FX"No
XAvGsvchost323.exeAdded by the RBOT-ZA WORM!No
YAVG Anti-Spywareavgas.exeSystem Tray access to and notifications for AVG Anti-Spyware 7.5. This has now been superseded by AVG Anti-Virus which includes Anti-SpywareYes
YAVG Anti-Virus systemavgcc.exeSystem Tray access to and notifications for the 7.* series of anti-virus products from AVG Technologies. If this entry is disabled, the core product functions will work properly but you will lose quick access to the Control Center and miss notifications of potential problems and updatesYes
YAVG Anti-Virus Systemavgemc.exeE-mail scanner for the 7.* series of anti-virus products from AVG Technologies. This process scans incoming and outgoing E-mails for viruses and other malware. From version 7.1 onwards this entry only appears in 9x/Me as a startup entry, it loads as a service in 2K and higherYes
YAVG Anti-Virus Systemavgw.exeThis entry is included with the 7.* series of anti-virus products from AVG Technologies. Once installed (or on first run for a different user) it runs the configuration sequence to set up the product and doesn't run on subsequent restartsYes
XAvg Antivirusicpldrvx.exeAdded by the BANKER.BYU TROJAN!No
XAVG AntiVirus Scanneravgscnx.exeAdded by the SILLYFDC.BBE WORM! Note - this is not a legitimate AVG entryNo
XAVG AntiVirus Updateravgwusv.exeAdded by the SILLYFDC.BAX WORM! Note - this is not a legitimare AVG entryNo
XAVG Grisoft Updaterupdater.exeAdded by the AGOBOT-OT WORM!No
YAVG IDSAVGIDSUI.exeSystem Tray access to and notifications for AVG Identity Protection - identity theft prevention which is available as a stand-alone product or included with AVG Internet Security. "Always-on identity theft prevention for Windows from one of the world's most trusted security companies. Shop and ensure safe surfing of the web, make yourself secure in the knowledge that your passwords, account information, credit card numbers, social security numbers and other valuables are safe from identity thieves." It also loads the background activity monitoring process (AVGIDSMonitor.exe)Yes
UAVG Internet Securityavgtray.exeSystem Tray access to and notifications for the range of internet security products from AVG Technologies - including Internet Security, Anti-Virus and their free products such as Anti-Virus Free and LinkScanner®. If this entry is disabled, the core product functions will work properly but you will lose quick access to the main window and miss notifications of potential problems and updatesYes
YAVG7_AMSVRAVGAMSVR.EXEThis is the AVG7 Alert Manager for the 7.* series of anti-virus products from AVG Technologies. It is essential for both scheduled activities (such as automatic updates and scans) and for displaying alerts and reports via the Control Center (avgcc.exe). Appears in 9x/Me as a startup entry and as a service in 2K and higherNo
YAVG7_CCavgcc.exeSystem Tray access to and notifications for the 7.* series of anti-virus products from AVG Technologies. If this entry is disabled, the core product functions will work properly but you will lose quick access to the Control Center and miss notifications of potential problems and updatesYes
YAVG7_EMCavgemc.exeE-mail scanner for the 7.* series of anti-virus products from AVG Technologies. This process scans incoming and outgoing E-mails for viruses and other malware. From version 7.1 onwards this entry only appears in 9x/Me as a startup entry, it loads as a service in 2K and higherYes
YAVG7_Runavgw.exeThis entry is included with the 7.* series of anti-virus products from AVG Technologies. Once installed (or on first run for a different user) it runs the configuration sequence to set up the product and doesn't run on subsequent restartsYes
UAVG8_TRAYavgtray.exeSystem Tray access to and notifications for the 8.* series of internet security products from AVG Technologies - including Internet Security, Anti-Virus and their free products such as Anti-Virus Free and LinkScanner®. If this entry is disabled, the core product functions will work properly but you will lose quick access to the main window and miss notifications of potential problems and updatesYes
UAVG9_TRAYavgtray.exeSystem Tray access to and notifications for the 9.* series of internet security products from AVG Technologies - including Internet Security, Anti-Virus and their free products such as Anti-Virus Free and LinkScanner®. If this entry is disabled, the core product functions will work properly but you will lose quick access to the main window and miss notifications of potential problems and updatesYes
Yavgamsvr.exeAvgamsvr.exeThis is the AVG7 Alert Manager for the 7.* series of anti-virus products from AVG Technologies. It is essential for both scheduled activities (such as automatic updates and scans) and for displaying alerts and reports via the Control Center (avgcc.exe). Appears in 9x/Me as a startup entry and as a service in 2K and higherNo
Yavgasavgas.exeSystem Tray access to and notifications for AVG Anti-Spyware 7.5. This has now been superseded by AVG Anti-Virus which includes Anti-SpywareYes
Yavgccavgcc.exeSystem Tray access to and notifications for the 7.* series of anti-virus products from AVG Technologies. If this entry is disabled, the core product functions will work properly but you will lose quick access to the Control Center and miss notifications of potential problems and updatesYes
Yavgcc32avgcc32.exeSystem Tray access to and notifications for the 6.* (and maybe earlier) series of anti-virus products from AVG Technologies. Also enables scheduled tests, Outlook E-mail plug-in and automatic updatesNo
YAVGCtrlAVGCtrl.exePart of AntiVir® PersonalEdition Classic antivirusNo
Yavgemcavgemc.exeE-mail scanner for the 7.* series of anti-virus products from AVG Technologies. This process scans incoming and outgoing E-mails for viruses and other malware. From version 7.1 onwards this entry only appears in 9x/Me as a startup entry, it loads as a service in 2K and higherYes
YavgfwsrvAVGFWSRV.EXEIntegrated firewall for the 7.* series of anti-virus products from AVG Technologies. Protects the users computer from outside attacks, typically from the internet. Starts via a registry "RunServices" key on Windows 98/Me and as a service on Windows 2K/XP/VistaNo
YAVGIDSAVGIDSUI.exeSystem Tray access to and notifications for AVG Identity Protection - identity theft prevention which is available as a stand-alone product or included with AVG Internet Security. "Always-on identity theft prevention for Windows from one of the world's most trusted security companies. Shop and ensure safe surfing of the web, make yourself secure in the knowledge that your passwords, account information, credit card numbers, social security numbers and other valuables are safe from identity thieves." It also loads the background activity monitoring process (AVGIDSMonitor.exe)Yes
YAVGIDSUIAVGIDSUI.exeSystem Tray access to and notifications for AVG Identity Protection - identity theft prevention which is available as a stand-alone product or included with AVG Internet Security. "Always-on identity theft prevention for Windows from one of the world's most trusted security companies. Shop and ensure safe surfing of the web, make yourself secure in the knowledge that your passwords, account information, credit card numbers, social security numbers and other valuables are safe from identity thieves." It also loads the background activity monitoring process (AVGIDSMonitor.exe)Yes
Yavgmsvr.exeavgmsvr.exeAVG Anti-Virus 7.0 relatedNo
YAVGntAVGnt.exeAntiVir® PersonalEdition Classic antivirus. System Tray icon and control programNo
YAvgserv9.exeAvgserv9.exeBackground monitoring and scanning for the 6.* (and maybe earlier) series of anti-virus products from AVG Technologies when running on 9x/Me. Loaded from the "RunServices" registry keyNo
XAVGTantivirusGT.exeAntivirusGT rogue security software - not recommended, removal instructions hereNo
Uavgtrayavgtray.exeSystem Tray access to and notifications for the range of internet security products from AVG Technologies - including Internet Security, Anti-Virus and their free products such as Anti-Virus Free and LinkScanner®. If this entry is disabled, the core product functions will work properly but you will lose quick access to the main window and miss notifications of potential problems and updatesYes
YAVGuardAVGuard.exeAntiVir® PersonalEdition Classic antivirus. Background task which scans files transparentlyNo
Xavguard3876000b09274b.exeAntiVirus ransomware security software - not recommended, removal instructions hereNo
YAVG_CCavgcc32.exeSystem Tray access to and notifications for the 6.* (and maybe earlier) series of anti-virus products from AVG Technologies. Also enables scheduled tests, Outlook E-mail plug-in and automatic updatesNo
YAVG_EMCAVGEMC.exeAVG Anti-Virus 7.0 Email Cleaner. Scans incoming and outgoing email for virusesNo
YAVG_RegCleanerAVGREGCL.exeBoot time registry cleaner for the 7.* series of anti-virus products from AVG Technologies - for checking the registry for virus additions and other security problemsNo
Xavidrvdrvsc.exeDetected by Kaspersky as the AGENT.PH TROJAN!No
XAvimgtAvimgt.exeAdded by the GEMA TROJAN!No
XAvimgt32Avimgt32.exeAdded by the GEMA TROJAN!No
YavinitAVINIT9X.EXECommand Antivirus relatedNo
XAvira Anti-Virus Pro 2008explorear.exeAdded by an unidentified WORM or TROJAN!No
XAvirTrAvirTr.exeAntivirusTrigger rogue security software - not recommended, removal instructions hereNo
YAVK Mail CheckerAVKPop.exeeXtendia AVK AntiVirus email checker No
YAVKBarAVKBar.exeGData AntiVirusKit Anti-virusNo
YAVKTrayAVKTray.exeSystem Tray access to the antivirus part of G Data range of internet security productsNo
YAvMaiSrvAvmaisrv.exePart of Avast! anti-virus software - E-mail scannerNo
XAVManagercsrss.exeAdded by the AUTORUN-DV WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ~A~m~B~u~R~a~D~u~L~ subfolderNo
?AvMenuAVMenu.exePart of the ArcaVir antivirus suite from Polish company Arcabit. What does this part do and is it required?No
YAVMWlanClientwlangui.exeRelated to broadband products from avm.deNo
Xavnortformatsys.exeAdded by the SERFLOG.A WORM!No
Xavnortmsmbw.exeAdded by the SERFLOG.A WORM!No
Xavnortserbw.exeAdded by the SERFLOG.A WORM!No
Yavpavp.exeKaspersky anti-virus and AOL's Active Virus Shield (by Kaspersky) - found in either a Kaspersky or AOL sub-directoryNo
XAVP[path to trojan]Added by the MUTBO-A TROJAN!No
Xavpavp.exeDetected by Kaspersky as the ALPHABET.B TROJAN!No
Xavpwin*.tmp.exe [* is a number]Added by a variant of the ALPHABET TROJAN!No
Xavpxar6000v7.exeDetected by Kaspersky as the ALPHABET.B TROJAN!No
XAVP-SEavp-32.exeAdded by the AGOBOT.FS WORM!No
Xavpaavpo.exeAdded by the LEGMIR-ARK TROJAN!No
Yavpccavpcc.exeKaspersky Labs anti-virusNo
XavplAntivirus.exeAntiVirus Plasma rogue security software - not recommended, removal instructions hereNo
XAvpMAvpM.exeAdded by the STARTPAGE-ID TROJAN! Note - this is not the popular Kaspersky antivirus and this file is located in %Windir%\pchealth\UploadLB\ConfigNo
Xavpmsavpms.exeAdded by the ONLINEGAMES.CPV TROJAN!No
XAvpravpr.exeAdded by the MYDOOM.AF WORM!No
XAVPSrvAVPSrv.exeAdded by the ONLINE-GEN TROJAN!No
Xavptask[path to trojan]Added by the NOFERE-G TROJAN!No
Xavptaskexpl0rer.exeAdded by the AGENT.JJO TROJAN!No
XAvptaskrund1132.exeAdded by the AGENT.PKZ TROJAN!No
XAvpWxWErcx.exeDetected by Kaspersky as a variant of the AGENT.A TROJAN!No
XAvril Lavigne - Muse[random filename]Added by the AVRIL-A WORM!No
Xavrlabsavrlabs.exeVirusResponse Lab 2009 rogue security software - not recommendedNo
Xavscanavscan.exeAdded by the SILLYFDC.BCR WORM! The file is in the users %Temp% directoryNo
XAVScanwinav.exeUnidentfied rogue security softwareNo
XAvScanavscan.exeAntivirus System PRO and Spyware Protect 2009 rogue security software. The file is located in %ProgramFiles%\<rogue name>No
XavscanUsbconeted.exeAdded by the PROVIS-A TROJAN!No
YAVSCHED32AVSched32.exeAntiVir® PersonalEdition Classic - antivirusNo
YAVSchedScanSCHSC9X.EXECommand Antivirus relatedNo
XAVSchedulerAVSCHSVC.EXEPart of the WinAntiVirus Pro 2005 rogue security software when installed in Win98/Me - not recommended, removal instructions hereNo
XAVSeguropgs.exeAVSeguro, Spanish rogue security software - not recommended. A member of the AVSystemCare familyNo
XAvSerdsm.exeAdded by the SERFLOG.B WORM!No
XAvSermsmpatch.exeAdded by the SERFLOG.B WORM!No
XAvSersvosm.exeAdded by the SERFLOG.B WORM!No
XAvSersysup.exeAdded by the SERFLOG.B WORM!No
Xavserve.exeavserve.exeAdded by the SASSER WORM!No
Xavserve2.exeavserve2.exeAdded by the SASSER.B or SASSER.C WORMS!No
Xavserve3.exeavserve3.exeAdded by the SASSER.G WORM!No
UAVStation premiumAVStation agent.exeRelated to Samsung AV Station - instant playback of music, photos, videosNo
XAVSTRTnavpsrvc.exeAdded by the FORBOT-EF WORM!No
XAVSystemCarepgs.exeAVSystemCare rogue security software - not recommended. There are number of variants in this family sharing the same filename and user interface - see hereNo
Xavtapiavtapi.exeAdded by the AGENT.AM TROJAN! Note - example names include "XviD", "Winamp Remote", "Windows Media Player" and "Futuremark"No
NAvtrayAvtray.exeCommand Antivirus tray iconNo
XAVTrayAVTray.exePart of the WinAntiVirus Pro 2005 rogue security software when installed in Win98/Me - not recommended, removal instructions hereNo
XAVupdate32 UpdateAVupdate32.exeAdded by the RBOT.CNI TROJAN!No
?AVWLPSTAAVWLPSTA.exePRISM Status Tray Applet - but what is it for and is it required?No
YAVWUpd32AVWUPD32.EXEAntiVir® PersonalEdition Classic - updaterNo
Yavx communicatorxcommsur.exeAnti-virus part of BitDefender virus scanner/firewallNo
YAvxliveavxlive.exeBullguard or BitDefender antivirusNo
Yavxlniavxinit.exeAnti-virus part of BitDefender virus scanner/firewallNo
?Avxnews????No
UAwatchAwatch.exeDiagnosis tool that monitors DSL connections, installed alongside DSL drivers from AVM Fritz's range of modem productsNo
UAwaySchAwaySch.EXEPart of the IBM ThinkVantage Productivity Center. "The Away Manager application allows you preselect and run routine tasks to maintain your system's performance"No
UAWCAWC.exeAdvanced SystemCare from IObit - "helps protect, optimize, clean, and repair your computer and Registry." The PRO version adds automation, anti-spyware, privacy protection and performance tune-upsNo
Nawhost32awhost32.exePart of Symantec's pcAnywhere remote PC management software. Provides an automatic startup of the client PC in host mode in conjuction with a host-definition file, so system administrators can access the machine. Can cause a 10% reduction in speed and not recommendedNo
UAWMONAd-Watch.exePart of Lavasoft Ad-aware Plus - realtime spyware-monitor watching your memory and registry for spyware that tries to install or change your systemNo
UAWMONAd-Monitor.exeF-Secure Anti-SpywareNo
XAwoasmmo.exePurityScan adwareNo
XAwolaAwola.exeAwola rogue spyware remover - not recommendedNo
XAwola6Awola6.exeAwola AntiSpyware 6.0 rogue spyware remover - not recommended, removal instructions hereNo
Uawpliteawplite.exeAllWallpapers Lite desktop wallpaper changerNo
?AWUSGSTAAWUSGSTA.exeReportedly related to a USB Wifi Adapter - is it required at startup? No
UawxDToolsawxDTools.dll, awxRegisterDllAwxDTools related - a Windows Shell-Extension for the Daemon-Tools. It extends the context-menu of ImageFiles supported by Daemon-Tools (i.e.: *.cue, *.iso, *.ccd ...)No
Naxcmdaxcmd.exePart of Alcohol 120% - "a powerful Windows CD and DVD burning software that makes it easy to create backups of DVDs and CDs. In addition, the program lets you store your most used CDs as images on your computer, so you can call them up at the click of a button". This entry automatically re-loads a disk image in the virtual CD/DVD drive on a system rebootYes
?AxFilterRundll32 AXFILTER.DLL, Rundll32??No
UAXIS Print System DriverScannerDriverScanner.exePart of AXIS Print System from AXIS Communications - "adds printer discovery, printer driver installation printing on Windows platforms. Printing is enabled by AXIS Print Monitor, which is one of the components. Another component in AXIS Print System is AXIS IP Installer." Now discontinuedNo
UAXIS Print System DriverServerDriverServer.exePart of AXIS Print System from AXIS Communications - "adds printer discovery, printer driver installation printing on Windows platforms. Printing is enabled by AXIS Print Monitor, which is one of the components. Another component in AXIS Print System is AXIS IP Installer." Now discontinuedNo
UAXIS Print System TrayIconTrayIcon.exeSystem Tray access to AXIS Print System from AXIS Communications - "adds printer discovery, printer driver installation printing on Windows platforms. Printing is enabled by AXIS Print Monitor, which is one of the components. Another component in AXIS Print System is AXIS IP Installer." Now discontinuedNo
XAXPDefenderAXPDefender.exeAdvanced XP Defender rogue security software - not recommended, removal instructions hereNo
XAXPFixerAXPFixer.exeAdvancedXPFixer rogue security software - not recommended, removal instructions hereNo
XAXVenoreAXVenore.exeAdded by an unidentified TROJAN - see hereNo
UAzMixerSelAzMixerSel.exeRelated to Realtek_Azalia Mixer SelectorNo
Yazmodemazexe.exeAztech Labs modem driverNo
XA_M_P_NETAntiMalwarePro.exeAntiMalware Pro rogue security software - not recommended, removal instructions hereNo
?a_vpdvpd.exeLocated in an IBMTOOLS\VPD sub-directory. What does it do and is it required?No
NB'sCLiPBSCLIP.exeCD recording utility that comes with a lot of CDR/CDRW drives and isn't requiredNo
Xb.exeb.exeAdded by the SDBOT.BND WORM!No
NB.Readerremin.exeBirthday Reminder 5.0 - as the name impliesNo
Xb3dBDEsecureinstall.exeB3d Projector foistware - periodically trys to access the internet. (1) Uninstall it via Start -> Settings -> Control Panel -> Add/Remove Programs. (2) Remove the BDEsecureinstall.exe if still present in the "System" directory. (3) Disable and ideally delete it from the registry. (4) Remove the "BDE" directory and all its contentsNo
Xb3dUpdateZupdate.exeAssociated with B3d Projector foistware - see hereNo
Yb9B9.exeFireTrust Benign - allows you to receive e-mail which is safe from viruses, worms, scripts, web bugs, privacy threats and other security risks, without affecting your e-mail. "Benign neutralizes or strips out the code that makes viruses, worms, scripts and other potentially harmful things run"Yes
Xb99msmm.exeClientMan parasite variantNo
Xbabsvchst32.exeAdded by the AGENT.Q TROJAN!No
Xbabeierundll32 cnbabe.dll, dllstartupCommonName Toolbar spyware. To uninstall see hereNo
NBabylon ClientBabylon.exeBabylon-Pro is a powerful information tool that instantly provides relevant information, translations & conversions for any word or value you click on"No
NBabylon TranslatorBabylon.exe"Babylon-Pro is a powerful information tool that instantly provides relevant information, translations & conversions for any word or value you click on"No
XBack UpdatesUninstall.log.vbsAdded by the YPSAN.D WORM!No
UBack2zipBack2zip.exeBack2zip is a simple and elegant backup solution which uses the industry's most powerful ZIP and ZIP-64 technologies to constantly monitor your documents and make sure that they are always properly backed upNo
XBackdoor.NuAgentagent.exeAdded by the AGENT-DP TROJAN!No
XBackground Intelligent Transfer Service[path] rundll32.exeAdded by the VB-ZD TROJAN! Note - this is not the legitimate rundll32.exe process, which is found in %Windir% (98/ME) or %System% (NT/2K/XP)No
UBackgroundSwitcherbgswitch.exeOriginally included with Microsoft's XP PowerToys (but now withdrawn - see here, Background Switcher allows your desktop background to periodically changeNo
UBackgroundSwitcherBackgroundSwitcher.exeJohn's Background Switcher (or JBS for short) periodically changes the background image on your computer (like every hour or every day) to something interestingNo
NBackpack UDFbpudfmon.exeBackpack UDF packet writing software for Microssolutions' Back Pack external CD-RW drive. Similar to DirectCD. Run manually before insert an appropriately formatted CD-RW diskNo
Xbackup[path to worm]Added by the AGOBOT-H WORM!No
UBackup NOW! SchedulerSchdlr32.exeScheduled backups for the NTI Backup Now archiving utility. If a backup job has been scheduled, this entry places an icon in the System Tray and will automatically load the main program and execute the backup at the set time - as long as the backup media is presentYes
XBackup Onesmbguard.exeAdded by the SDBOT-MI WORM!No
XBackup Servicebackup.svcUnidentified adwareNo
XBackUp Windows 2009[random].exeAdded by the AGENT-LUJ TROJAN!No
UBackup4all OTB AgentB4AOTB.exe"Backup4all is an award-winning data backup software for Windows. This backup utility was designed to protect your valuable data from partial or total loss by automating backup tasks, password protecting and compressing it to save storage space"No
UBackupExecSchedulerbesch.exeVeritas "Back Up My PC" softwareNo
?BackupNotifybackupnotify.exeHP Digital Imaging related. What does it do and is it required?No
NBackWebbackweb.exeAutomatically detects an internet connection and downloads any available updates. Typical on Compaq and HP PC's but not restricted to those OEM's. Resource hog and often causes malfunctions. Available via Start -> ProgramsNo
NbackWeb-8876480backweb-8876480.exeInstalled with older versions of the software for Logitech products. Automatically checks for software upgrades and new products, services and special offers from LogitechYes
NBackworkBackwork.exeBackwork trojan detectorNo
UBACPI10bacpi10a.exeKnown as "PowerKey" - a minimalist keyboard driver that allows power management keys on BTC keyboards to function properly in older OS's (i.e. Win9x/NT4). Also adds an icon to the system trayNo
NBacsTrayBacsTray.exeBroadcom Advanced Control Suite - for modems and set top boxes based upon Broadcom chipsets. Not required unless you have networking problemsNo
XBADDATEBADDATE.EXEAdded by an unidentified VIRUS, WORM or TROJAN!No
XBadxHELLRAIDER.EXEAdded by the MINDCTRL.A BACKDOOR!No
XBagleAVcsrss.exeAdded by the NETSKY.AB WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
XBakraIEHost.EXEAdded by the MULTIDR-AH TROJAN!No
XbalSYSMONMS.EXEAdded by the FAKEALERT TROJAN!No
XBand-Aid[path to file]Added by the RANKY.O TROJAN!No
Ubandmonbandmon.exeRokario Bandwidth MonitorNo
XBandookali.exeAdded by the EXEMAS-B TROJAN!No
NBandwidth Meter ProBandwidthMeterPro.exeSystem Tray access to Bandwidth Meter Pro - "an easy-to-use network software for bandwidth usage monitoring and reporting. It monitors traffic of all network connections on your computer and displays graphical and numerical download and upload speeds in real-time"Yes
UBandwidth Monitor ProBandwidth Monitor Pro.exeBandwidth Monitor Pro - utililty to track your current download/upload limit that may be set by your ISP No
NBandwidthMeterProBandwidthMeterPro.exeSystem Tray access to Bandwidth Meter Pro - "an easy-to-use network software for bandwidth usage monitoring and reporting. It monitors traffic of all network connections on your computer and displays graphical and numerical download and upload speeds in real-time"Yes
UBanpopup by PratikBanpopup.exeBanpopup - popup killerNo
Xbantoolbantool.exeMalware installed by different rogue security software including SpyKillerProNo
Xbantoolie_ban.exeDetected as the VB.PO TROJAN!No
XBanyak_KerjaanTukang.exeAdded by the SILLYFDC.BDM WORM!No
XBar Ding loltAnaliz.exeAdded by the RBOT-RP WORM!No
Xbargainsbargains.exeBargainBuddy adwareNo
Xbargainsbargainbuddy.exeBargainBuddy adwareNo
XBaRloNdDiLhepservices.exeAdded by the AUTORUN.DIB WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ~A~m~B~u~R~a~D~u~L~� subfolderNo
?Bart Stationstation.sbrtRelated to PeoplePC ISP. May be a dialler for dial-up accounts?No
UBart StationPPCOLink.exeDialer for PeoplePC ISPNo
XBarThemebartent32.exeAdded by the AGOBOT-UG WORM!No
NbascstrayBascsTray.exeBroadcom Advanced Control Suite - for modems and set top boxes based upon Broadcom chipsets. Not required unless you have networking problemsNo
XBastioneAntiviruspgs.exeBastioneAntivirus, Italian rogue security software - not recommended. A member of the AVSystemCare familyNo
XBatsecure2.batAdded by the ZCREW.C TROJAN!No
NBatchreg1N/APart of the Windows System Recovery process. Added to the registry via Msbatch.inf. The existence of this key or process after the last reboot during installation indicates an unsuccessful installation, as that key should be deleted automatically. See hereNo
UBatInfExrundll32.exe [path] BatInfEx.dll,BMMAutonomicMonitorPart of the Battery MaxiMiser and Power Management Features set for some IBM/Lenovo Thinkpad notebooks. This entry is needed for the battery information and monitoring program as well as the Battery Maximizer WizardYes
UBatLogExrundll32.exe [path] BatLogEx.DLL,StartBattLogPart of the Battery MaxiMiser and Power Management Features set for some IBM/Lenovo Thinkpad notebooks. This entry logs changes in battery conditions such as charging, discharging, life, etcYes
XBatSrvbatserv2.exeDetected by Kaspersky as the LOCKSY.M WORM!No
UBattery Scopebatmgr.exeMonitors battery levels on a notebook/laptop PCNo
UBatteryBarbatterybar.exeBatteryBar - displays battery usage, and the current percentage of battery power leftNo
Ybatterymiserbatterymiser.exeBattery Miser power management utility for LG NotebooksNo
YBatteryMiser 5BatteryMiser5.exeBattery Miser 5 power management utility for LG NotebooksNo
XBatzBackBatzBack.scrAdded by the BACKZAT WORM!No
UBAUSBBAUSB.exeBoston Acoustics Audio, USB driverNo
Xbawindobawindo.exeAdded by the BEAGLE.AR or BEAGLE.AU WORMS!No
UBayden SlickRunsr.exe"SlickRun is a floating command line utility for Windows. It gives you almost instant access to any program or website. SlickRun allows you to create command aliases (known as MagicWords), so C:\Program Files\Outlook Express\msimn.exe becomes MAIL"Yes
UBayMgrDockApp.exeHot-swappable drive management on laptops allowing you to change drives without closing down Windows. Only required if you frequently swap bay devicesNo
UBayswapbayswap.exeHot-swappable drive management on Compaq Notebooks which allows you to swap drives without closing down Windows. Only required if you frequently swap bay devicesNo
UBayswap2TbUpdate.exeHot-swappable drive management on Compaq Notebooks which allows you to swap drives without closing down Windows. Only required if you frequently swap bay devicesNo
NBBC AlertsBBC_Alerts.exeBBC Alerts - "You can now have all the latest news and sports headlines delivered straight to your desktop with the new BBC Alerts service"No
UBBC News alertsskinkers.exeBBC News Desktop Alerts service - see here. Desktop alert and breaking news e-mail services let you find out about all the latest news as it happensNo
?BBDialBT Broadband.exePart of BT Broandband - is it required?No
NBBLauncher.exeBBLauncher.exeBounceBack Professional - back-up softwareNo
NbbSysTraybbSysTray.exePhilips CD-RW related - "the 'Blue Button' feature gives users the chance to receive convenient online support for their possible device problems or questions"No
Ubbuibbui.exeAOL DSL status monitor displaying a red/green icon indicating if you have a connectionNo
Ubcabca.exeBeClean Agent - registry, history, temp files, etc cleanerNo
UBCDetectbcdetect.exeBcdetect.exe searches the system to make sure Creative drivers are installed for the video card. It loads the BlasterControl when the drivers are detected. Your choice - try it and seeNo
YBCMDMMSGbcmdmmsg.exeBCM voicemodem driver. Required for dial-up if you have one of these modemsNo
UBCMHalrundll32.exe bcmhal9x.dll, bcinitBlasterControl for Creative video cards - controls for desktop settings, monitor configuration, colour adjustments and performance tuning. May be needed to retain settingsNo
YBCMSMMSGBCMSMMSG.exeBCM voicemodem driver. Required for dial-up if you have one of these modemsNo
?bcmwltrybcmwltry.exeBroadcom Corporation Wireless Network Tray Applet. Is it required?No
NBCNTbcnt.exeAWS Weatherbug related. What does it do?No
XBCPCbcpc.exeBroadcastPC adware variantNo
Xbcpc_cbcpc_c.exeBroadcastPC adware variantNo
UBCSSyncBCSSync.exePart of SharePoint Server 2010 which is part of the Microsoft Office 2010 suite. "Business Connectivity Services (BCS) uses a cache to store a copy of the external data required by the BCS solutions deployed on the Office client. A process called BCSSync.EXE runs on the client and provides automatic cache refresh and data synchronization of the entity instances." For more information - see hereNo
UBCTweakbctweak.exeBlasterControl for Creative video cards - controls for desktop settings, monitor configuration, colour adjustments and performance tuning. May be needed to retain settingsNo
XBcvsrv32bcvsrv32.exeAdded by the GAOBOT.BQJ WORM!No
XBcvsrv32he3.exeAdded by the AGOBOT.AKB WORM!No
XBcvsrv32msxml22.exeAdded by the AGOBOT.AKH WORM!No
XBcvsrv32msc32.exeAdded by the AGOBOT.AKD WORM!No
XBcvsrv32msbvd32.exeAdded by the AGOBOT-SR WORM!No
XBcvsrv32system2.exeAdded by the AGOBOT-PU BACKDOOR!No
NBCWipeTMbcwipetm.exeBCWipe Task Manager - scheduler for BCWipe so that it runs at convenient times. You can set a time for running the task, as well as special options for the task. Run manually when neededNo
XBDdc.exeAdded by the RASDOOR-A TROJAN!No
YBDAgentbdagent.exeBitDefender Agent - for BitDefender internet security products. Maintains settings (for all users) and provides alerts and System Tray access to the main program. Note - for the System Tray icon to be displayed the Terminal Services service must be set to either "Manual" or "Automatic". It can also be licensed by other products such as versions of The Shield Deluxe from PCSecurityShield (see here) - who's reputation is poorYes
Xbdfgergggasw.exeAdded by the SDBOT-RT WORM!No
YBDMConBdmcon.exeBitDefender antivirusNo
YBDNewsAgentbdnagent.exeBitDefender antivirus - updaterNo
YBDOESRVbdoesrv.exeBitdefender 8 antivirus and firewallNo
UBDRegionbrs.exePart of Cyberlink's CyberLink's PowerDVD Blu-ray and DVD player. Allows the user to change the region coding of their player (as long as it isn't hardware coded) up to a maximum of 5 timesYes
YBDSwitchAgentbdswitch.exeBitdefender 8 antivirus and firewallNo
YBDWizRegbdwizreg.exeConfiguration wizard for BitDefender internet security products. Only runs once the product has been installed. Guides you through the steps necessary to configure the BitDefender modules, applies settings to cover your requirements and security needs and takes the first actions to making your computer virus-freeYes
UBearFlixBearFlix.exeBearFlix is optimized for the fast download of video filesNo
NBearSharebearshare.exeBearShare file sharing client. Versions known to include spyware - see hereNo
UBeatNik Internet ClockBeatNik.exeBeatNik Internet Clock is a Windows clock add-on that supports 'skins'. It can also synchronize your computer's clock with an atomic clockNo
XBeawversaqevre.exeAdded by a variant of the RANKY TROJAN!No
XBedreigingsMonitoorpgs.exeBedreigingsMonitoor rogue security software - not recommended. A member of the AVSystemCare familyNo
XBeegees Updatebeegees.exeAdded by the SDBOT-ADK WORM!No
?BEEIbeei.exe??No
UBeFasterbefaster3.exeBeFaster internet connection optimization toolNo
Xbegins0.exeAdded by the MYTOB-HE WORM!No
?BEHLBEHL.exe??No
?BEHLOBEHLO.exe??No
Ubeidsystemtraybeidsystemtray.exeRelated to Belgium Identity Card card readerNo
UBelgacomsprtcmd.exe /P BelgacomSelf-help support tool for Belgacom broadband users (provided by SupportSoft, Inc). Identifies and automatically fixes typical problems that may occur with your high-speed internet serviceNo
UBelkin F5D8013 N Wireless Notebook Card UtilityBelkinwcui.exeWireless configuration utility for the Belkin F5D8013 N Wireless Notebook CardNo
UBelkin F5D8053 N Wireless USB Adapter UtilityBelkinwcui.exeWireless configuration utility for the Belkin F5D8053 N Wireless USB AdapterNo
UBelkin F5D8073 N Wireless ExpressCard Adapter UtilityBelkinwcui.exeWireless configuration utility for the Belkin F5D8073 N Wireless ExpressCard AdapterNo
NBelkin PCMCIA WLAN Monitormonitorbk.exeBelkin USB Network Adapter Management utility - can be started manuallyNo
UBelkin Wireless G Notebook Card Client UtilityBelkinwcui.exeWireless configuration utility for the Belkin F5D701F Wireless G Notebook CardNo
UBelkin Wireless USB UtilityBelkinwcui.exeWireless configuration utility for the Belkin F5D7050 Wireless G USB AdapterNo
UBelkin Wireless UtilityBelkinwcui.exeWireless configuration utility for some Belkin cards such as the F5D7000 Wireless G Desktop CardNo
UBellSouthAlertManager.exeBellSouthAlertManager.exeRelated to BellSouth Alert ManagerNo
UBelNotifyrundll32.exe [path] NPBelv32.dll, RunDll32_BelNotify"BelTech from Belarc enables licensees to offer automated, Web-based problem resolution to their end-users. BelTech allows the end-user to simply go to a web page and automatically resolve their problem or point them to the right solution. BelTech Manager allows non-programmers to rapidly and easily deploy and maintain this service"No
?BELORVBIBELORVBI.exe??No
?Belsta.exeBelsta.exeConfiguration tool for Belkin wireless network cards. Required to change the card's configuration. Is it required for correct operation once the confuiguration is changed?No
XBeltBelt.exeVX2.Transponder parasite updater/installer relatedNo
XBenadril Alert Toolbenadrilalert.exePlug-in for WeatherBug advising when pollen count in your area is high - prompting you to buy BenadrilNo
XBeschermingsToolSysRep.exeBeschermingsTool, Dutch rogue system error and cleaning utility - not recommended. A member of the ErrClean familyNo
UBestCrypt Auto OpenBestCrypt.exeBestCrypt from Jetico, Inc. "Keeps your confidential data in a strongly encrypted form on your disk and provides you with transparent access"No
XBestPopUpKillerBestPopupKiller.exePopup killer by Swanksoft - not recommended, see hereNo
XBestsellerAntiviruspgs.exeBestsellerAntivirus rogue security software - not recommended, removal instructions here. A member of the AVSystemCare familyNo
UBestSync 2008BestSyncApp.exeSystem Tray access to BestSync® 2008 from Risefly Software - "a professional utility for synchronizing files between your local folders and Network Drives, FTP servers, Removable Media (such as an USB disk)"No
XBeSys[path to file]BeSys adwareNo
Xbetasvchost.exeAdded by a variant of the DELF.IT TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! The location of this file variesNo
XBF4Pbf4p.exeAdded by the IRCBOT.GEN WORM!No
Xbfxtray[path to trojan]Added by the AGENT-GEB TROJAN!No
Ybgbullguard.exeBullguard antivirus and firewall. The P2P version is free with KaZaA Media Desktop and GroksterNo
UBGInfoBginfo.exeBGinfo automatically displays relevant information about a Windows computer on the desktop's background, such as the computer name, IP address, service pack version, and moreNo
UBgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}NMBgMonitor.exeAssociated with Nero Scout, added by version 7 of the Nero digital media suite (CD & DVD burning, authoring, etc). Thanks to Help2Go.com, if you feel this is draining more resources that necessary you can disable it by clicking hereNo
YBGNewsAgentbgnewsag.exeBullGuard antivirus updater No
Xbgoomain.exebgoomain.exeBaigoo.a malwareNo
Nbgsmsndbgsmsnd.exePrinter driver to generate PDF files from any programNo
XBharatayudaGNB.exeAdded by the BHARAT.A WORM!No
NBHOCopBHOCop.exePC Magazine's BHO Cop that lets you see what browser helper objects are installed. Useful for detecting spywareNo
UBHODemon 2.0BHODemon.exeBHODemon "protects you from unknown Browser Helper Objects (BHOs), by letting you enable/disable them individually. When running, it also monitors your Registry and alerts you when a BHO is installed. Best of all, BHODemon knows about the most common BHOs - the good ones, and the not-so-good ones!". If you prefer forgoing resident protection, the application can also be run on demandNo
UBHRBHR.exeBrowser Hijack Retaliator - recovers your browser after it has been hijacked by spyware, adware, etcNo
UBI1HelperStartUpBI1HEL~1.EXEScreenScenes "Beach Islands" screensaver. The freeware version comes with GAIN branded ads (pop-ups and others). ScreenScenes do however offer you the option of doing away with the ads by purchasing the screensaver for a whopping $30. Please note that Claria Corporation no longer support GAIN-Supported software - see hereNo
XBIERundll32.exe [path] BDSrHook.dll, Rundll32BDplugin parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
XBIGbiggy.exeAdded by the DELBOT-AG WORM!No
NBigDog303VM303_STI.EXEVmicro webcam USB utility - allows the webcam to initiate data transfer to a program. Create a shortcut and start it manually when neededNo
NBigDog305VM305_STI.EXEVmicro webcam USB utility - allows the webcam to initiate data transfer to a program. Create a shortcut and start it manually when neededNo
?BigDogPathVM_STI.EXEBundled with some software for digital cameras that use a USB connection - what does it do and is it required?No
XBigfileSearchBigfileSearch.exeBigfileSearch adware. File located in %Program Files%\BigfileSearchNo
NbigfixBIGFIX.EXEBigFix can automatically download and read technical support information provided by computer and software manufacturers and other technical support experts (published in the form of Fixlet® Messages) and can automatically check your computer for bugs, configuration conflicts, and security holes. Should only be started manually as it's a resource hogYes
Xbiglowbiglow.exeAdded by a variant of the Storm/Nuwar/Zhelatin WORM! See here for an exampleNo
Xbigorisbigoris.exeAdded by the DORF-AZ TROJAN!No
UBigPond ToolbarbpumTray.exeTelstra BigPond Toolbar - "Introducing the free and easy to use BigPond Toolbar that is designed to make your internet experience and managing your Telstra internet account a whole lot easier"No
NBigPondCablebpcable.exeTelstra Bigpond Cable login software - can be started manually No
YBigPondWirelessBroadbandCMBigPond_CM.exeRelated to BigPond_Wireless_Broadband Service by TelstraNo
Xbikinibikini.exeAdded by the LOWZONE-CX TROJAN!No
NBilbulonBilbulon.exeBilbulon from EcoSoft - swaps text from Hebrew to another language and back. It helps correct typing mistakes which occur if you forget to switch to a different language before starting to type"No
XBillGatesLoh.exeBillGatesLoh.exeAdded by the AGENT-FZO TROJAN!No
NBillminderBillmind.exeCan be setup in Quicken to remind user of due payments. Available via Start -> ProgramsNo
Xbin32hpuppstub.exePrecisionPop adwareNo
NBing Barmswinext.exeBing Bar - the latest incarnation of the MSN Toolbar from version 5.* onwards. This entry loads the toolbar into memory at start-up before you open your internet browser. Not required - it will load with the browser and remains in memory after the browser is closedYes
XbingdianBingdian.vbsAdded by the BINGD WORM!No
?Bingo Charmcharms.exeSome kind of screen icon kind of like desk flag, but it gives you a choice of icons?No
UBiomenumenusw.exeRelated to Sony VAIO - passwords, encryption, and a biometric fingerprint sensorNo
UBionix Wallpaper 5Bionix Wallpaper 5.exeBioniX Wallpaper Changer - "the most advanced wallpaper changer/wallpaper manager software in the world"No
UBioniXWallpaperBionix Wallpaper 5beta.exeBioniX Wallpaper Changer - "the most advanced wallpaper changer/wallpaper manager software in the world"No
UBioniXWallpaperBioniX Wallper.exeBioniX Wallpaper Changer - "the most advanced wallpaper changer/wallpaper manager software in the world"No
UBioniXWallpaperBionixWallpaper5.exeBioniX Wallpaper Changer - "the most advanced wallpaper changer/wallpaper manager software in the world"No
XBiosBios32.exeAdded by an unidentified VIRUS, WORM or TROJAN!No
Xbiosbios.exeAdded by the BANCBAN-PW TROJAN!No
XBIOS XP Loader[random filename]Added by the RBOT-IC WORM!No
XBIOS1BIOS1.EXEAdded by the OPASERV.T WORM!No
?BIOVCIPBIOVCIP.exe??No
?BisonHKBisonHK.exeRelated to a Bison webcam - which is used on notebooks from a number of manufacturers including Acer, Asus, Lenovo & Samsung. What does it do and is it required?No
YBisonInst0402BR040286.exeDriver for integrated notebook webcams from Bison Electronics Inc - such as the Acer Crystal EyeNo
NBitCometBitComet.exeBitComet P2P client - can be launched from Start -> ProgramsNo
YBitDefender 12bdwizreg.exeConfiguration wizard for BitDefender internet security products. Only runs once the product has been installed. Guides you through the steps necessary to configure the BitDefender modules, applies settings to cover your requirements and security needs and takes the first actions to making your computer virus-freeYes
YBitDefender 2009IEShow.exeAnti-phishing component of BitDefender internet security products. Anti-phishing prevents sensitive data such as usernames, passwords and credit card details being acquired by web-sites and E-mails masquerading as a trustworthy sources. This entry is from the 2009 versions. It can also be licensed by other products such as versions of The Shield Deluxe from PCSecurityShield (see here) - who's reputation is poorYes
YBitDefender 2009bdagent.exeBitDefender Agent - for BitDefender internet security products. Maintains settings (for all users) and provides alerts and System Tray access to the main program. Note - for the System Tray icon to be displayed the Terminal Services service must be set to either "Manual" or "Automatic". It can also be licensed by other products such as versions of The Shield Deluxe from PCSecurityShield (see here) - who's reputation is poorYes
YBitDefender Antiphishing HelperIEShow.exeAnti-phishing component of BitDefender internet security products. Anti-phishing prevents sensitive data such as usernames, passwords and credit card details being acquired by web-sites and E-mails masquerading as a trustworthy sources. It can also be licensed by other products such as versions of The Shield Deluxe from PCSecurityShield (see here) - who's reputation is poorYes
XBitDefender AntivirusBITDEFENDERX.EXEAdded by a variant of the SPYBOT WORM!No
YBitDefender Communicatorxcommsvr.exeBitDefender antivirusNo
UBitDefender for MSN Messengermsnmon.exeBitdefender anti-virus for MSN Messenger - no longer supported at the BitDefender websiteNo
UBitDefender for Yahoo! Messengeryahmon.exeBitdefender anti-virus for Yahoo! Messenger - no longer supported at the BitDefender websiteNo
YBitDefender Live! Initbdinit.exeBitDefender antivirusNo
YBitDefender Scan Serverbdss.exeBitDefender antivirusNo
YBitDefender Virus Shieldvsserv.exeBitDefender antivirusNo
Ybitdefenderliveavxlive.exeMain program of BitDefender virus scanner/firewallNo
UBitDefender_P2P_StartupBitDefender_P2P_Startup.exeBitdefender anti-virus for P2P clients - no longer supported at the BitDefender websiteNo
XBittorrentbittorrent.exeAdded by the RJUMP-D WORM! Note - do not confuse with the legitimate BitTorrent file-sharing client which is normally located in %ProgramFiles%\BitTorrent. This one is located in %Windir%No
NBitTorrentbittorrent.exeBitTorrent file sharing client - from BitTorrent, Inc. For more information about the protocol see here. As BitTorrent is a peer-to-peer (P2P) file-sharing client used to distribute large amounts of data between multiple users make sure you have good, up-to-date virus protection and check any downloadsYes
NBitTorrent DNAbtdna.exe"BitTorrent DNA is a FREE content delivery service based on the BitTorrent protocol which brings the power of user-contributed bandwidth to traditional content publishers while leaving publishers in full control of their files". Now a stand-alone product where the user creates the download, DNA used to be included with and used by earlier versions of the main BitTorrent client. As files are downloaded via a file-sharing network make sure you have good, up-to-date virus protection and check any downloads. Start manually via Control Panel → DNAYes
Nbittorrent.exebittorrent.exeBitTorrent file sharing client - from BitTorrent, Inc. For more information about the protocol see here. As BitTorrent is a peer-to-peer (P2P) file-sharing client used to distribute large amounts of data between multiple users make sure you have good, up-to-date virus protection and check any downloadsYes
NBitWare Print Monitorbwprnmon.exeFaxServe network fax softwareNo
NBJ Printer Status MonitorCjstsr.exeCanon BJ printer status monitorNo
NBJ Status Monitor 5xxCJSTRxx.EXECanon printer status monitor - where "xx" is different depending upon the version. Not required as you can check the printer status via My Computer -> PrintersNo
Nbjcfdcdf.exeBroadJump Client Foundation. Broadband troubleshooting software installed by various companies. Not required and you can remove it via Add/Remove programsNo
UBJLaunchEXEBJLaunch.exeMemory Card Utility for the Canon i470D, i475D and i905D photo printers - which allows "your computer to access the memory card reader feature of your printer"No
UBJPD HID ControlTVMon.exeRelated to Canon Photo viewerNo
NBlackBerryAutoUpdateRIMAutoUpdate.exeAutomatic updates for BlackBerry smartphones, provided by Research In Motion. Run manually when requiredNo
NBlackICE PC Protectionblackice.exeLoads the user interface for the BlackICE PC Protection (was Defender) firewall. From the parent site - '(the user interface) starts in the "Startup" menu and adds itself to the taskbar. The user interface is independent from the rest of the system and only displays the output or reconfigures the system. It does not need to be running for the rest of the system to run.' BlackICE was supported by IBM Internet Security Systems (formerly just ISS) when them acquired the NetworkICE parent but is no longer available. See also LoadBlackDNo
NBlackIce Utilityblackice.exeLoads the user interface for the BlackICE PC Protection (was Defender) firewall. From the parent site - '(the user interface) starts in the "Startup" menu and adds itself to the taskbar. The user interface is independent from the rest of the system and only displays the output or reconfigures the system. It does not need to be running for the rest of the system to run.' BlackICE was supported by IBM Internet Security Systems (formerly just ISS) when them acquired the NetworkICE parent but is no longer available. See also LoadBlackDNo
Ubladsblads.exeA Tweak-XP component, blocks advertisement banners in Internet Explorer. Can be enabled/disabled via Tweak-XP / Internet TweaksNo
Xblah servicewinupdate.exeAdded by the GAOBOT.BIA WORM!No
Xblah servicewinsysengine.exeAdded by the RBOT-KI WORM!No
Xblah serviceinternet.exeAdded by a variant of the RBOT WORM!No
Xblah servicesmnp.exeAdded by the RBOT.IZ WORM! No
Xblah servicemsnmsgrr.exeAdded by the RBOT.PZ WORM!No
Xblah servicetazkmgr.exeAdded by the RBOT.UA WORM!No
Xblah serviceFaLeH.exeAdded by the RBOT-AES WORM!No
Xblah servicemicrosoft.exeAdded by a variant of the RBOT WORM!No
Xblah serviceevosys.exeAdded by a variant of the RBOT WORM!No
Xblah servicewin32.exeAdded by the RBOT-AXO WORM!No
XBlah serviceCCAPPS32.EXEAdded by the RBOT.TV WORM!No
Xblah servicesiczw.exeAdded by the RBOT-GMP WORM!No
Xblahh servicemsengine.exeAdded by a variant of the RBOT WORM!No
Xblahx servicemsnjompa.exeAdded by the SDBOT.AML WORM!No
XBlank AntiViriAUT0EXEC.BAT StartUpAdded by the BRONTOK-CJ WORM!No
NBlazeChangerFBZPaper.exeEmber graphic file viewer, manager, and touch-up systemNo
?BlazeServoToolMediaDetector.exeRelated to BlazeDVD from BlazeVideo - which "is leading powerful and easy-to-use DVD player software." What does it do and is it required?No
Nbldbubgbldbubg.exePart of Dell Alerts which provides customers with an update on latest updates for his/her systemNo
XBLFblf.exeAdded by the DELBOT-M WORM!No
Ublinkxblinkx.exeBlinkx Desktop "Smart Folders" softwareNo
NBlitzz BWI715WLANmon.exeBlitzz Technology BWI715 Wireless PC modem connection monitorNo
XBLMessagingIntegrationblengine.exeBuddyLinks adwareNo
UBlockAdsblads.exeA Tweak-XP component, blocks advertisement banners in Internet Explorer. Can be enabled/disabled via Tweak-XP / Internet TweaksNo
XBlockCheckerBlock-checker.exeBlockChecker adwareNo
XBlockDefenseBlockDefense.exeBlockDefense rogue security software - not recommended, removal instructions here. A member of the WiniGuard familyNo
XBlocker System611 MonitoringPopUpBlocker611.exeAdded by the RBOT.BLJ WORM!No
XBlockKeeperBlockKeeper.exeBlockKeeper rogue security software - not recommended, removal instructions here. A member of the WiniGuard familyNo
XBlockProtector.exeBlockProtector.exeBlockProtector rogue security software - not recommended, removal instructions here. A member of the WiniGuard familyNo
XBlockScannerBlockScanner.exeBlockScanner rogue security software - not recommended. A member of the WiniGuard familyNo
NBlockTrackerBlockTracker.exeIf present on a HP machine it tracks all the processes and logs them to a blocklog.txt fileNo
XBlockWatcherBlockWatcher.exeBlockWatcher rogue security software - not recommended, removal instructions here. A member of the WiniGuard familyNo
UBLOGrundll32.exe [path] BatLogEx.DLL,StartBattLogPart of the Battery MaxiMiser and Power Management Features set for some IBM/Lenovo Thinkpad notebooks. This entry logs changes in battery conditions such as charging, discharging, life, etcYes
Ublsloaderblsloader.exeBellSouth ISP Internet ToolsNo
Xblssblss.exeAdded by the BLARUL TROJAN!No
NBLSTAPPblstapp.exePuts access to Creative's BlasterControl in the System TrayNo
NBlubsterBlubster.exeRelated to Blubster Music sharing serviceNo
UBlue Frogbluefrog.exeBlue Frog by Blue Security Inc. - actively fights spam by posting complaints on the sites advertised by the spam you receiveNo
XBlue Service[path to trojan]Added by the BANCOS-BCW TROJAN!No
?BlueLight_uoltrayexec.exeRelated to BlueLight Internet. What does it do and is it required?No
UBlueSoleilBLUESO~1.EXEBlueSoleil Bluetooth wireless manager from IVT CorporationNo
UBlueSpace NEBlueSpaceNE.exe"BlueSpace NE is a utility program used to run the Bluetooth function on VAIO computers that support the Bluetooth function or on VAIO computers connected to the Bluetooth USB adapter". Shortcut available via Start -> ProgramsNo
XBluetooth Configbtwindin32.exeAdded by the SDBOT-DFN WORM!No
UBluetooth Connection AssistantLBTWiz.exeBluetooth connection manager for Logitech based bluetooth wireless productsNo
?Bluetooth HCI MonitorRunDll32 HCIMNTR.DLL,RunCheckHCIModeRelated to the Bluetooth short-range wireless communications technology. For more information on Bluetooth see here. What does it do and is it required?No
UBluetoothAuthenticationAgentrundll32.exe irprops.cpl,,BluetoothAuthenticationAgentIf your system has Bluetooth (either integrated or via an adapter) and use's Microsoft's support software/drivers, this entry is required in order to successfully "pair" your system with a Bluetooth device (such as a mobile phone, PDA, headset) using this wireless protocol (via a PIN). Should you get the error message, "Rundll irprops.cpl missing entry Bluetooth authentication agent", click here for more informationYes
UBluetoothAuthenticationAgentrundll32.exe bthprops.cpl,,BluetoothAuthenticationAgentIf your system has Bluetooth (either integrated or via an adapter) and use's Microsoft's support software/drivers, this entry is required in order to successfully "pair" your system with a Bluetooth device (such as a mobile phone, PDA, headset) using this wireless protocol (via a PIN)Yes
Ublueyonder Instant Support Toolmatcli.exeBlueyonder Instant Support Tool. "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, state, etc and gets written to a log file". Blueyonder Instant Support Tool is required to run with the Help and Support program. If you uncheck it and then run Help and Support it will add another in the startup menu. If you remove Blueyonder Instant Support Tool via add/remove programs some menus in help and support will not be available. You decideNo
Xbmbm.exePart of the AVSystemCare rogue security software and other members of this family. See here for more examplesNo
NBMail InstallationFTP_back.exePart of iMesh - a file sharing system. Reported by Norton AntiVirus as a trojan. Once deleted does not prevent file sharing working. Older versions of iMesh re-instate this but the newer versions do notNo
XBmanBMan1.exeAbcsearch.com/DealHelper adware variantNo
UBMMGAGRunDll32 [path] pwrmonit.dll,StartPwrMonitorPart of the Battery MaxiMiser and Power Management Features set for some IBM/Lenovo Thinkpad notebooks. This entry displays the battery gauge icon in the Taskbar (not the System Tray). Provides shortcuts to the proprietary power saving settings and to a battery information windowYes
NBMMLREFBMMLREF.EXEPart of the Battery MaxiMiser and Power Management Features set for some IBM/Lenovo Thinkpad notebooks. The purpose of this entry is unknown at present. It doesn't normally appear to be running if left enabled at startup and it doesn't run if the Battery MaxiMiser Wizard is open - hence the "N" statusYes
NBMMLREF.EXEBMMLREF.EXEPart of the Battery MaxiMiser and Power Management Features set for some IBM/Lenovo Thinkpad notebooks. The purpose of this entry is unknown at present. It doesn't normally appear to be running if left enabled at startup and it doesn't run if the Battery MaxiMiser Wizard is open - hence the "N" statusYes
UBMMMONWNDrundll32.exe [path] BatInfEx.dll,BMMAutonomicMonitorPart of the Battery MaxiMiser and Power Management Features set for some IBM/Lenovo Thinkpad notebooks. This entry is needed for the battery information and monitoring program as well as the Battery Maximizer WizardYes
XBMNbm.exePart of VirtualPCGuard, VirusGuardPlus and other members of the AVSystemCare family of rogue security software suites. See here for more examplesNo
XBMNstrpmon.exePart of CleanPCTool, CleanupTool and other members of the ErrClean rogue system error and cleaning utility and other members of this family. See here for more examplesNo
XBMNdcmon.exeSystemDoctor rogue security software - not recommended, removal instructions hereNo
UBMO MasterCard WalletEWALLET.EXEThe wallet conveniently stores billing, shipping and payment information on your PCNo
XBmonqbmonq.exeAdded by the CLICKER.HZ TROJAN!No
NBMupdateBMupdate.exeRelated to the BookmarkCentral entry. Typically added after downloading drivers for Visioneer scanners for example, and you install the driver self-installNo
Xbmwbmw.exeAdded by the AGOBOT.BBV BACKDOOR!No
Xbmzbmz.exe180Search adwareNo
XBndt32Bndt32.exeAdded by the LACON WORM!No
XBnexe[random filename]Added by the KITRO.D (or ARGEN.A) WORM!No
UBO1HelperStartUpBO1HEL~1.EXEScreenScenes "Butterfly Oasis" screensaver. The freeware version comes with GAIN branded ads (pop-ups and others). ScreenScenes do however offer you the option of doing away with the ads by purchasing the screensaver for a whopping $30. Please note that Claria Corporation no longer support GAIN-Supported software - see hereNo
UBO1HelperStartUpBo1helper.exeScreenScenes "Butterfly Oasis" screensaver. The freeware version comes with GAIN branded ads (pop-ups and others). ScreenScenes do however offer you the option of doing away with the ads by purchasing the screensaver for a whopping $30. Please note that Claria Corporation no longer support GAIN-Supported software - see hereNo
XBoarddata[path] repcale.exe [path] palsp.exeAdded by a variant of the RANDON.AN WORM! Both files are often located in %System%No
Xboat32boat32.exeAdded by a variant of the RBOT WORM!No
Xbobycsrs.scrAdded by the BANCBAN-PC TROJAN!No
Xbobynetburn.scrAdded by the BANCBAN-OX TROJAN!No
Xboby.Isass.scrAdded by the BANCBAN-OH TROJAN! No
YBOC-412BOC412.exeNSClean (now Comodo) BOClean anti-malware software - "Protect yourself from online identity theft. The greatest threat on the Internet today is having your personal information hijacked remotely". Version 4.12No
YBOC-420BOC420.exeNSClean (now Comodo) BOClean anti-malware software - "Protect yourself from online identity theft. The greatest threat on the Internet today is having your personal information hijacked remotely". Version 4.20No
YBOC-421BOC421.exeNSClean (now Comodo) BOClean anti-malware software - "Protect yourself from online identity theft. The greatest threat on the Internet today is having your personal information hijacked remotely". Version 4.21No
YBOC-422BOC422.exeNSClean (now Comodo) BOClean anti-malware software - "Protect yourself from online identity theft. The greatest threat on the Internet today is having your personal information hijacked remotely". Version 4.22No
YBOC-423BOC423.exeComodo BOClean anti-malware software - "Protect yourself from online identity theft. The greatest threat on the Internet today is having your personal information hijacked remotely". Version 4.23No
YBOC-424BOC424.exeComodo BOClean anti-malware software - "Protect yourself from online identity theft. The greatest threat on the Internet today is having your personal information hijacked remotely". Version 4.24No
YBOC-425BOC425.exeComodo BOClean anti-malware software - "Protect yourself from online identity theft. The greatest threat on the Internet today is having your personal information hijacked remotely". Version 4.25No
YBOC-426BOC426.exeComodo BOClean anti-malware software - "Protect yourself from online identity theft. The greatest threat on the Internet today is having your personal information hijacked remotely". Version 4.26No
YBOC-427BOC427.exeComodo BOClean anti-malware software - "Protect yourself from online identity theft. The greatest threat on the Internet today is having your personal information hijacked remotely". Version 4.27No
YBOCleanautostartBoclean.exeNSClean's BOClean anti-trojan softwareNo
UBOINC Managerboincmgr.exeBOINC manager - "controls the use of your computer's disk, network, and processor resources"No
UBoingo Wireless UtilityIcon###XXX#X#.exeStarts the Boingo Wireless utility, used to detect and login into Boingo wireless hotspots. The filename may be autogenerated when installing, two different variations along the lines listed here, where # is a number and X is a letter. Shortcut available via Start -> ProgramsNo
Xbolenjabolenja.exeAdded by the WANTVI.BF TROJAN!No
Xbolenjxbolenjx.exeAdded by the ELDYCOW.O TROJAN!No
Xboler.exesyser.exeAdded by the RBOT-AYS WORM!No
UbombshelBOMB32.EXEPart of McAfee Nuts & Bolts. Protects your Windows system from application failure and crashes - similar to Norton Crashguard. Your choice - may cause problemsNo
XBonzi Buddy??Bonzi Buddy adware - see here for removal instructionsNo
XBONZI Task SwitcherTaskswitch.exeAdded by the SPYBOT.DTR WORM!No
Xbooboo.exeAdware downloader - detected by Kaspersky as the FAVADD.O TROJAN!No
XBookedSpaceRunDLL32.EXE bs2.dll,DllRunBookedSpace parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "bs2.dll" file is located in %Windir%No
UBookmarkbookmark.exeSystem Tray access to Power Favorites by Desksware - which "is a bookmark manager for Windows that helps you organize and synchronize your bookmarks. It takes bookmarks from Internet Explorer, Firefox or Opera, merges them into one file, and automatically synchronizes them between computers. You can use it to detect dead links and duplicates if you have many bookmarks"Yes
UBookmark.exebookmark.exeSystem Tray access to Power Favorites by Desksware - which "is a bookmark manager for Windows that helps you organize and synchronize your bookmarks. It takes bookmarks from Internet Explorer, Firefox or Opera, merges them into one file, and automatically synchronizes them between computers. You can use it to detect dead links and duplicates if you have many bookmarks"Yes
NBookmarkCentralBMLauncher.exeBookmark Express - "offers a more flexible way to manage Web site bookmarks, regardless of which browser you use"No
NBookMarkSinksyncit.exeBookmark synchronization utilityNo
NBookMarkSyncsyncit.exeSync2IT BookMarkSync - "real-time automatic synchronization service that allows you to access your bookmarks, favorites and favorite files from any computer or any browser". Only installed with the users explicit permission and generally only remains running if the user decides to subscribe to the service. If it is no longer required it should be uninstalled to prevent a large number of clients 'checking in' to the server that have no chance of synchronizingNo
NBookMarkSync2Itsync2it.exeSync2IT BookMarkSync - "real-time automatic synchronization service that allows you to access your bookmarks, favorites and favorite files from any computer or any browser". Only installed with the users explicit permission and generally only remains running if the user decides to subscribe to the service. If it is no longer required it should be uninstalled to prevent a large number of clients 'checking in' to the server that have no chance of synchronizingNo
UBoost XP Servicebxservice.exeBoost XP from Systweak - WinXP tweaking utilityNo
UBoostSpeedboostspeed.exeSystem Tray access to Auslogics BoostSpeed 4 system optimization utility - which "Start programs faster. Speed up computer start time. Increase Internet speed, optimize your Internet Explorer, Firefox and E-mail programs"Yes
Xbootboot.exeAdded by the PUPPET-A TROJAN! Located in the %System%No
UBootBoot.exePart of Acer Empowering Technology. "Acer ePower Management is a straightforward interface that allows users to select from pre-configured power usage profiles, or to create their own customized profiles". Located in Acer\Empowering Technology\ePowerNo
XBoot Checkbootchk.exeAdded by the DELBOT-AB WORM!No
XBoot Clientbootcli.exeAdded by the IRCBOT-ACF BACKDOOR! No
XBoot Configbootconfig.exeAdded by the FLOOD-EV TROJAN!No
XBoot Kbootk.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XBoot ManagerNjgal.exeAdded by the KILO TROJAN!No
XBoot Managerbootmng.exeAdded by a variant of the SPYBOT WORM!No
XBoot Serverbootserver.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XBoot Servicebootservice.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XBoot Servicebootsv.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XBoot Verifybootvfy.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XBootCfgInstall.log.vbsAdded by the YPSAN.D WORM!No
XBootCleansmartdrv.exeAdded by the LURKA-A VIRUS!No
XBootCTRLbootctrl.exeAdded by an unidentified WORM or TROJAN!No
XBootLoaderBootLoader.exe.vbsAdded by the WATERWORKS WORM!No
Xbootpd.exebootpd.exeAdded by the AGENT-DT TROJAN!No
?Boots Insert DetectInsDetect.exePart of Boots Picture Suite. Detects a digital camera is plugged into a USB port or when a memory card with photos is inserted?No
XBootsCfgwscript.exe [path] Date.POP.vbsAdded by the KUULLIO WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deletedNo
XBootsCfgwscript.exe [path] All Users.vbsAdded by the SPILTRON WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deletedNo
XBootsCfgwscript.exe [path] All Users.vbeAdded by the SPILTRON WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deletedNo
XBootsCfgwscript.exe Install.log.vbsAdded by the YPSAN.E WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted. The "Install.log.vbs" file is located in %System%No
XbootsecNAVSSE.exeAdded by the FORBOT-CY WORM!No
YBootSkin Startup JobsBootSkin.exeStardock BootSkin is a program that allows users to change their Windows 2000 and Windows XP boot screensNo
UBootStatusBOOTST~1.EXEVisual Basic program that pops up a small window on startup telling you how many times the machine has been booted that day. Once you exit it, it has no more effect on resourcesNo
UBootWarnBootWarn.exeFrom here: "Norton AntiVirus Boot Warning. This program is installed as a startup item when you install Norton AntiVirus, and also sometimes when you do a LiveUpdate which updates Norton AntiVirus significantly enough that a reboot is needed to complete the installation. We believe its purpose to be to warn the end-user that he must reboot his PC before using Norton AntiVirus in those cases when a reboot did not happen with the result that Norton AntiVirus did not fully complete its installation or software updating. Recommendation : Start Norton AntiVirus from "Start → Programs → Norton AntiVirus". If Norton AntiVirus comes up without problems, then fix this entry from the Msconfig Startup tab - it was left behind by mistake and is no longer needed now that Norton AntiVirus is fully installed and opens without error messages"No
Xboot_reg[path to file]Added by the BANCBAN-CA TROJAN!No
Xboot_regsvchot.exeAdded by the BANCBAN-BQ TROJAN! No
XBortMedViruspgs.exeBortMedVirus rogue security software - not recommended. A member of the AVSystemCare familyNo
Uborzoiblg.exeBorzoi surveillance software. Uninstall this software unless you put it there yourselfNo
NBose Wave/PC Monitorwavepcmonitor.exeSystem Tray access for this system (more info on the system here). Available via Start -> ProgramsNo
XBossIdeawinlogin.exeAdded by the LINEAGE-I TROJAN!No
?BostonBoston.exePart of the Boston Acoustics USB speaker systems. What does it do and is it required?No
XBot Loadersvchostt.exeAdded by the GAOBOT.ALV WORM!No
XBouncer RunStartupbouncer.exeVirtual Bouncer - malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove, so definitely qualifies as unsolicited commercial software in itself. It also has an update feature that can download and execute arbitrary code. Warning - choose "custom" uninstall as "automatic" may remove other programs - see hereNo
XBouncer RunStartupLiveUpdate.exeVirtual Bouncer - malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove, so definitely qualifies as unsolicited commercial software in itself. It also has an update feature that can download and execute arbitrary code. Warning - choose "custom" uninstall as "automatic" may remove other programs - see hereNo
Xboy lovers of bsdilikeboys.exeAdded by the MYTOB.LY WORM!No
Ubpcpost.exebpcpost.exeMS TV Viewer Post Setup Program. Part of MS WebTV for Windows. Used to display TV on your PC via a compatible video card with in-built tuner (such as ATI All-In-Wonder). If you don't use it - uninstall itNo
XBPCV2BPCV2.exeBroadcastPC adwareNo
XBPCv2 rebpc2 re inst.exeBroadcastPC adware variantNo
UBPKbpk.exeBlazing Tools Perfect Keylogger keystroke logger/monitoring program - remove unless you installed it yourself! No
NBPServerG6FTPSrv.exeBulletProof FTP ServerNo
UBQTray.exeBQTray.exeSystem Tray access to BurnQuick CD burning software. Only required if you use the queueing facility, hence the U recommendation. Create your own desktop shortcut to start manuallyNo
XBrasilBrasil.exeAdded by the OPASERV.E WORM!No
XBrasilBRASIL.PIFAdded by the OPASERV.E WORM!No
XBrasilOld[worm filename]Added by the OPASERV.P WORM!No
Xbrastkbrastk.exeAdded by the DORF-BV TROJAN!No
XBrave-SentryBraveSentry.exeBraveSentry rogue security software - not recommended, removal instructions hereNo
XBraveSentryBraveSentry.exeBraveSentry rogue security software - not recommended, removal instructions hereNo
Xbraviaxbraviax.exeAdded by the FAKEALER.LE TROJAN!No
XBrcttrdb.exeDetected by Kaspersky as the PURITYSCAN.Y TROJAN!No
UBreak_ReminderBREAK REMINDER.exeBreak Reminder - Remind yourself to take breaks to prevent computer related injuries. See hereNo
YBredbandsbolagetservicecenter.exeRelated to the Brebband Swedish Broadband providerNo
XBregbcre.exeBroadcastPC adware variantNo
XBregbptre.exeBroadcastPC adware variantNo
XBregbreg.exeBroadcastPC adwareNo
XBridgerundll32.exe [path] Bridge.dll,LoadFlingstone.com browser hijacker. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
YBrindys BriTrayBRITRAY.EXEMain process for the following applications: GEDEX, SICARIO, BRINOTES, BRIRESPA, SICURE, TRASGO, UNDOCS, FRESH & BRIFAME (all of them from Brindys Software). Performs the following tasks [un]installation, web software autoupdate, notification windows, interprocess communication, tray bar icons & menus, alarms (brinotes), and common web launching from the mentioned applications. Can be stopped safely once run if so desiredNo
UBrmfRmPABrmfRmPA.exeBrother resource manager - needed for a Brother MFC printer/copiert/scanner and PC to properly communicateNo
Ubroadband medicmatcli.exeNTL's Broadband Medic. "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". Broadband Medic is required to run with the Help and Support program. If you uncheck Broadband Medic and then run Help and Support it will add another in the startup menu. If you remove Broadband Medic via add/remove program some menus in Help and Support will not be available. You decideNo
NBroadband Wizardbbwiz.exeStarts Broadband Wizard so it runs in the System Tray. This application tests and optimizes your Cable or DSL connection. Available via Start -> ProgramsNo
NBroadCamRunbroadCam.exeBroadCam is an easy to use video streamer designed to broadcast live video using a webcam (or other camera) and microphoneNo
UBroadcom Wireless Manager UIbcmntray.exeRelated to Broadcom Network Adapters for additional configuration options for these devices. Should not be terminated unless suspected to be causing problemsNo
NBroadcom Wireless Manager UIwltray.exeSystem tray access to wireless LAN card configuration options No
XBron-SpizaetusCVT.exeAdded by the RONTOKBRO WORM!No
XBron-SpizaetusnorBtok.exeAdded by the RONTOKBRO.B WORM!No
XBron-Spizaetus[path to file]Added by the BRONTOK-F WORM!No
XBron-Spizaetusbronstab.exeAdded by the RONTOKBRO.C WORM!No
XBron-Spizaetuseksplorasi.exeAdded by the RONTOKBRO.J WORM!No
XBron-SpizaetusElnorB.exeAdded by the RONTOKBRO.D WORM!No
XBron-Spizaetussempalong.exeAdded by the BRONTOK-E WORM!No
XBron-SpizaetusRakyatKelaparan.exeAdded by the BRONTOK-J or BRONTOK-L WORMS!No
XBron-Spizaetus-5118REPMkomodo-6321422.exeAdded by the BRONTOK-R WORM!No
XBron-Spizaetus-cfgmktoqbbm-qotkmgfc.exeAdded by the BRONTOK-M WORM!No
XBron-Spizaetus-cfgmmnrubbm-urnmmgfc.exeAdded by the BRONTOK-N WORM!No
XBRoNToKBRoNToK.exeAdded by the BRONTOK-CG WORM!No
XBrowseProxyFindService.exeActual Names (AdvSearch) Internet Keywords parasiteNo
Xbrowsermsgaol.exeAdded by the TACTSLAY.C TROJAN!No
Xbrowsers_menu.exeAdded by the TACTSLAY.C TROJAN!No
Xbrowserbrowse.exeAdded by the TACTSLAY.C TROJAN!No
Xbrowserdeamon.exeAdded by the TACTSLAY.C TROJAN!No
Xbrowser aidbrowseraid.exeBrowserAid/BrowserPal foistwareNo
XBrowser Help SvcBHSV.EXEAdded by the RBOT-AVQ WORM!No
YBrowser Hijack Blasterbhblaster.exeBrowser Hijack Blaster - protects your system from browser hijackers and spyware that alters your IE settings. Now replaced by SpywareGuardNo
UBrowser LauncherCommandr.exeLogitech internet keyboard "Commander" software - loads the software for the shortcut keys on the keyboard. Not required unless you want to use the short cut keysNo
XBrowser Paladblck.exeBrowserAid/BrowserPal foistwareNo
UBrowser SentinelBrowserSentinel.exeBrowser Sentinel - notifies you if a program wants to penetrate into Internet explorer, add itself to the Windows auto-run list or change your home pageNo
XBrowserUpdateSched[random filename]ZenoSearch adware variantNo
NBrowserWebCheckloadwc.exeChecks to make sure that IE is still your default browserNo
XBrO_AcTBrO-AcT.exeAdded by the SILLYFDC-D WORM!No
Ubrsbrs.exePart of Cyberlink's PowerDVD Blu-ray and DVD player. Allows the user to change the region coding of their player (as long as it isn't hardware coded) up to a maximum of 5 timesYes
Xbrwdiag[path to worm]Added by the STRATIO-BN WORM!No
XBS Mediaplayerbsplyr.exeAdded by the RBOT-OU WORM!No
NBS Playerbsplayer.exeBSplayer - A video player used to play avi, mpg, wmv and other multimedia filesNo
NBsCLiPBSCLIP.exeCD recording utility that comes with a lot of CDR/CDRW drives and isn't requiredNo
?BsMntBsMnt.exeRelated to a Bison webcam - which is used on notebooks from a number of manufacturers including Acer, Asus, Lenovo & Samsung. What does it do and is it required?No
XBsoft lppt01Bsoft.exeRapidBlaster variant (in a "BelmontSoft" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see hereNo
Nbsplayerbsplayer.exeBSplayer - a video player used to play avi, mpg, wmv and other multimedia filesNo
XBsRteMemoteXZZ.exeAdded by the AUTORUN-AJU WORM!No
XBSserverFileKan.exeAdded by the VB.CBW WORM!No
XBSVCHOSTSVCH0ST.EXEAdded by the VOXOM TROJAN! Notice the digit "0" in the filename rather than the upper case "o"No
XBsx3RunDLL32.EXE bs3.dll,DllRunBookedSpace parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "bs3.dll" file is located in %Windir%No
XBT[path to trojan]Added by the LITEBOT-B TROJAN!No
UBT Broadband Basic Helpmatcli.exe"matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". BT Broadband Help is required to run with the Help and Support program. If you uncheck BT Broadband Help and and then run Help and Support it will add another BT Broadband Help in the startup menu. If you remove this software in "add/remove programs" some help menus in help and support will not be available. You decideNo
UBT Broadband Desktop Helpmatcli.exe"matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". BT Broadband Help is required to run with the Help and Support program. If you uncheck BT Broadband Help and and then run Help and Support it will add another BT Broadband Help in the startup menu. If you remove the BT Broadband Help in the add/remove program some help menus in help and support will not be available. You decideNo
UBT Broadband Helpmatcli.exe"matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". BT Broadband Help is required to run with the Help and Support program. If you uncheck BT Broadband Help and and then run Help and Support it will add another BT Broadband Help in the startup menu. If you remove the BT Broadband Help in the add/remove program some help menus in help and support will not be available. You decideNo
XBT00003*abcdefg23.exeAdded by the VB-VT TROJAN where * = 5,6 or 7!No
XBT00003*hiklmnop27.exeAdded by the VB-VT TROJAN where * = 2,3 or 4!No
Ubtbb_wcm_McciTrayAppMcciTrayApp.exeSystem tray access to Motive's Broadband 2.0 configuration and repair utilityNo
UBtcMaestroKMaestro.exeMultimedia keyboard manager. Required if you use the multimedia keysNo
Nbtdnabtdna.exe"BitTorrent DNA is a FREE content delivery service based on the BitTorrent protocol which brings the power of user-contributed bandwidth to traditional content publishers while leaving publishers in full control of their files". Now a stand-alone product where the user creates the download, DNA used to be included with and used by earlier versions of the main BitTorrent client. As files are downloaded via a file-sharing network make sure you have good, up-to-date virus protection and check any downloads. Start manually via Control Panel → DNAYes
Nbtdna.exebtdna.exe"BitTorrent DNA is a FREE content delivery service based on the BitTorrent protocol which brings the power of user-contributed bandwidth to traditional content publishers while leaving publishers in full control of their files". Now a stand-alone product where the user creates the download, DNA used to be included with and used by earlier versions of the main BitTorrent client. As files are downloaded via a file-sharing network make sure you have good, up-to-date virus protection and check any downloads. Start manually via Control Panel → DNAYes
?btinstbtinst.exeAssociated with an Anycom bluetooth wireless card. What does it do and is it required?No
UBTModemProtectionBTModemProtection.exeBT Privacy Online modem protection software, see hereNo
Xbtmsre.exebtmsre.exeAdded by the SDBOT.AM WORM!No
UBTopenworldDialBTYahoo.exeBT Yahoo! internet connection manager No
?BTSETBOOTKEYBTSetBootKey.exeRelated to a USB Bluetooth adaptor. What does it do and is it required?No
UBtStartbtstart.exeBroadcom (formerly WIDCOMM) Bluetooth Connectivity SoftwareNo
UBTTrayBTTray.exeSystem tray icon which shows the status of a Bluetooth wireless module (either integrated or via an adapter). Most systems with such a module installed can enable/disable the module and the icon changes from blue/white to blue/red when the module is turned off. Also allows access to explore bluetooth places, setup wizard, advanced configuration, quick connect and shutdown device. This entry is required in order to successfully "pair" your system with a Bluetooth device (such as a mobile phone, PDA, headset) using this wireless protocol (via a PIN)Yes
YBTUSRBDGBtUsrBdg.exeUsed with a Mitsumi USB Bluetooth adaptor (and maybe others)No
YBTUSRBDGFBtUsrBdg.exeUsed with a Mitsumi USB Bluetooth adaptor (and maybe others)No
XBTVbtv.exeBroadcastPC adwareNo
XBtvCbtvclean.exeBroadcastPC adwareNo
YBubbleBubble.exePart of Windows SteadyState, which is designed to make life easier for people who set up and maintain shared computers - enabling the system administrator to prevent users from making changes to the system configuration, windows desktop, restricting program access, etc. It's intended for shared user environments such as internet cafés, libraries and schools but can be used in any environment. Bubble allows notification messages to appear on a computer managed by Windows SteadyStateYes
NBuddyizerBuddyizer.exePart of the AIMster Peer to Peer (P2P) file sharing application that runs over the AOL Instant Messenger networkNo
NBudgetSipBudgetSip.exeBudgetSip - internet telephony utility using the VoIP (Voice over Internet Protocol). Call online friends for free and regular phones either for free (limited use) or low rates. One of a number provided by Betamax - the others generally have different rate plans. Similar to the more popular SkypeYes
UBUFFALO Power Save Utility for HDHDManage.exePower Save utility for Buffalo backup hard discsNo
YBufferZoneCLIENTGUI.EXEBufferZone from Trustware - "is the only security software that creates a separate environment allowing you unlimited freedom to enjoy all Internet activities without the fear of external threats"No
NBug EliminatorBug_Elim.exeBug Eliminator - "performs a complete health check on your computer safely, securely, and silently!"No
XBugsDestroyerSysRep.exeBugsDestroyer rogue system error and cleaning utility - not recommended, removal instructions here. A member of the ErrClean familyNo
Ubugwatcher servicebugwatcher.exeBugtoaster is a service that sends reports on system/program crashes (certain types) back to Bugtoaster. They relay information to program authors and provide, if available, any known solutions to the crashes. It doesn't take up any room in memory, just activates in the event of certain program failuresNo
NBuildBUbldbubg.exePart of Dell Alerts which provides customers with an update on latest updates for his/her systemNo
XBuildLabservices.exeAdded by the NEVEG.B or NEVEG.C WORMS! Note - this is not the legitimate services.exe process, which should not appear in Msconfig/Startup!No
XBuildLabwinlogon.exeAdded by the NEVEG.A WORM! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup!No
XBuildLabscsrss.exeAdded by the WEBUS TROJAN! Note - this is not the legitimate csrss.exe process which should not normally figure in Msconfig/Startup!No
XBuildLabslsass.exeAdded by the WEBUS.B TROJAN! Note - this is not the legitimate lsass.exe process which should not normally figure in Msconfig/Startup!No
Xbulkbulk.exeAdded by the AGOBOT-ACR WORM!No
UBulldog Serviceupsd.exeBelkin's Bulldog Plus control software which runs under Windows 95 or later and monitors the UPS (Uninterrupted Power Supply) via a serial or USB linkNo
NBulletProof FTP Serverbpftpserver.exeBulletProof FTP ServerNo
YBullGuardmgui.exePart of Bullguard antivirusNo
YBullGuardBullGuard.exePart of BullGuard antivirusNo
UBullGuard Updateavxlive.exePart of Bullguard antivirus. Leave enabled unless you manually update virus definitionsNo
YBullGuard XCommXCOMMSVR.EXEPart of Bullguard antivirusNo
YBullGuardInitAVXINIT.EXEPart of Bullguard antivirusNo
YBullguardoptInbulldownload.exePart of Bullguard antivirusNo
XBullsEyebargains.exeBargainBuddy adwareNo
XBullsEye Networkbargains.exeBargainBuddy adwareNo
?BullsEye TrackerBeTrack.exeBullseye - intelligent research assistantNo
XBunxbeagle.exeAdded by the LEBREAT-E WORM!No
Xbuohxqtfswbgcjydr.exeAdded by the AGENT-NRC TROJAN!No
Xburitosburitos.exeIdentified as a variant of the Downloader.FraudLoad.C malwareNo
NBurnQuick QueueBQTray.exeSystem Tray access to BurnQuick CD burning software. Only required if you use the queueing facility, hence the U recommendation. Create your own desktop shortcut to start manuallyNo
UButton Serverbttnserv.exeFound on a Compaq PC, for the extra buttons on the keyboard for the speaker volume, media player, sleep and internet buttons. If the buttons aren't used on the keyboard or your's doesn't have them, then it isn't requiredNo
NButtonKeyButtonKey.exeCyberView TWAIN driver for the Pacific Image range of 35mm film scanners. Enables the one touch scanning button and places an icon an the System Tray. Use your scanners software or run it manually by creating a shortcutNo
NBuzmeBmui.exeBuzme by RingCentral, Inc - internet call waiting. Intercepts telephone calls like an answering machine and plays the voice message on your PC. Only required when you're on-line and via dial-up modemNo
UBuzMeRCUI.exeDisplay Client for the BuzMe Internet Call Waiting ServiceNo
UBuzof.exebuzof.exeBuzof from Basta Computing "enables you to automatically answer, close or minimize virtually any recurring window including messages, prompts, and dialog boxes"No
XBVWORSFMbvworsfm.exeAdded by the DLUCA-AD TROJAN!No
XBwddwss[path to trojan]Added by the RANKY.BD TROJAN!No
Nbwprnmon.exebwprnmon.exeFaxServe network fax softwareNo
Xbxproxybxproxy.exeAdded by the BXPROXY TROJAN!No
Xbxproxy[random].dllSoftStop rogue security software - not recommendedNo
Xbxsx5RunDLL32.EXE bsx5.dll,DllRunBookedSpace parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "bsx5.dll" file is located in %Windir%No
Xbxxs5RunDLL32.EXE bxxs5.dll,dllrunBookedSpace parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "bxxs5.dll" file is located in %Windir%No
XBymer.ScannerWininit.exeAdded by the BYMER WORM!No
XBymer.ScannerMsinit.exeAdded by the BYMER WORM!No
UBySoft FreeRAMFreeRAM.exe"Bysoft FreeRAM is a program that frees up ram manually or automatically. It shows current memory status , memory load and CPU usage graphically". MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mindNo
XByteDefenderByteDefender.exeByteDefender rogue security software - not recommended, removal instructions hereNo
?BZEnvironmentVariableCollectorBZEnvironmentVariableCollector.exePart of BlazentAgent from Blazent who provide "outsourcing governance automation for IT Outsourcing (ITO) relationships". What does it do and is it required?No
?BZUtilizationCollectorBZUtilizationCollector.exePart of BlazentAgent from Blazent who provide "outsourcing governance automation for IT Outsourcing (ITO) relationships". What does it do and is it required?No
Xcc:\archiv~1\win.comAdded by the CUYDOC TROJAN!No
UC-Media Echo ControlEchoCtrl.exeC-Media produce audio chipsets that are often found on popular motherboards with on-board audio. You may need it if you use the echo control feature of C-Media Mixer No
NC-Media MixerMixer.exeC-Media produce audio chipsets that are often found on popular motherboards with on-board audio. Provides System Tray access to change audio settings. Available via Start -> Settings -> Control Panel or Start -> ProgramsNo
UC2KCYB2K.EXECYBERsitter 2000 or 2001 - anti-adult content filter primarily. Required if you want the sites you visit filtered without having to load the software every time you launch your browserNo
Uc32cs2c32cs2.exeCyber Sentinel - internet filtering softwareNo
XC7[path to worm]Added by the MEDIAKILL.A WORM!No
UC:\Program Files\dfjdkjfdkjfldjf\dfjdkjfdkjfldjf\winlogin.exeCritProc.exeKeyProwler keystroke logger/monitoring program - remove unless you installed it yourself!No
UC:\Program Files\NetMeter\NetMeter.exeNetMeter.exe"Net Meter is a small, customizable network bandwidth monitoring program for Win9x/Me/NT4/2K/XP. NetMeter is and will always stay freeware. The program has been tested extensively on Win2K/XP, but it should work just as well on all other Win32 operating systems"No
XC:\WINDOWS\asam.exeasam.exeAdded by the PEACOMM.E TROJAN!No
XC:\WINDOWS\IEXPLOR.EXEIEXPLOR.EXE"Pop Marketing" adwareNo
XC:\WINDOWS\system32\SetupCmd.exeSetupCmd.exeDetected by Kaspersky as the AGENT.AAW TROJAN!No
XC:\WINDOWS\WinTask.exeWinTask.exe"Pop Marketing" adwareNo
UCA-AMAgentamagent.exeUnicenter Asset Management is a solution for proactively managing IT assets in a business environment. It provides full-featured asset tracking capabilities through automated discovery, hardware inventory, network inventory, software inventory, configuration management, software usage monitoring, license management and extensive cross-platform reportingNo
YCaAvTrayCAVTray.exeeTrust™ EZ Antivirus system tray application from Computer AssociatesNo
XCabchkCabchk.exeAdded by the GEMA TROJAN!No
XCabchk32Cabchk32.exeAdded by the GEMA TROJAN!No
XCABCInstallCABCInstall.exeIgnite Technologies (was CABC) content delivery softwareNo
XCable Modem AdapterWindowsSec.exeAdded by the WOOTBOT.A WORM!No
UCacheBoosttrayicon.exeCacheBoost "optimizes the System Cache-Management of Windows XP/2000/NT and Windows .Net Servers, resulting in a performance boost"No
XCacheLoader[path to trojan]Added by the DLOADER-NZ TROJAN!No
NCachemanCacheman.exeFreeware disk cache tweaker from Outer Technologies. Should only be run once and not loaded at start-upNo
YCacheMgrCacheMgr.exeSophos Antivirus Remote UpdateNo
UCacheSentry ProCacheSentry Pro.exe"CacheSentry Pro is a program that takes over the management of the Internet Explorer (and AOL) web browser cache"No
NCACStartercacstart.exeCash A Check - check writing softwareNo
UCaddais BackupOnDemandBODMon.exeCaddais BackupOnDemand - "runs in the background and monitors your important files for changes. Within seconds of changing, modified files are automatically backed up to an archive location"No
UCadenzaCdzSvc.exeCadenza mNotes for Palm and Pocket PC enables users to access Lotus Notes on their mobile devicesNo
UCADScads.exeCyber Sentinel - internet filtering softwareNo
UCafeStationCafeStation.exe"CafeSuite is the solution for your internet cafe. Our software provides you with ameans to control the workstations, manage customer database, sell products and generate detailed reports and statistics" No
Ycafwccafw.exeCA Personal Firewall - part of the CA Internet Security SuiteNo
NCAgentCAgent.exeAbbyy Fine Reader OCR (Optical Character Recognition) software for scanning and converting documentsNo
XcAgOu[filename].htaAdded by the KAKWORM WORM!No
NCahootWebcardCahootWebcard.exe"The Cahoot Webcard is a virtual card that allows you to use your Cahoot credit card online without ever having to expose your real card numbers over the web. It works by generating one-off transaction numbers as a substitute for your real cahoot credit card details". Run manually when neededNo
Xcaidiysetupdiynetsetupuni.exeDIYNet adwareNo
YCAISafeisafe.exePart of Computer Associates eTrust EZ AntivirusNo
UCaISSDTcaissdt.exeComputer Associates Dashboard Tray applet No
NCal Reminder Shortcutcalrem.exeProduces a pop-up reminder of events scheduled using the MS Office CalendarNo
Xcalcrundll32.exe [path] ntuser.dll,_IWMPEvents@0Added by the OPACHKI.A TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "ntuser.dll" file is located in %UserProfile%No
Xcalcrundll32.exe calc.dll,_IWMPEvents@0Added by the OPACHKI.A TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "calc.dll" file is located in %System%No
XCalc Microsoft Windowswincalc.exeAdded by an unidentified WORM or TROJAN!No
XCALC32CALC32.EXEAdded by the SPYBOT-EC WORM!No
XCalcSciencecscientist.exeAdded by the SDBOT.ACQ WORM!No
UCalendarCalendar.exeThis entry can be added by PlainSight Desktop Calendar and older versions of Desktop iCalendar from Desksware and the older Calendar 200X - which is no longer supported by or available from the authorYes
?Calendar 200X Monitorcalmonitor.exeBackground task for Calendar 200X by Joel Graffman - which is no longer supported or available from it's author. The exact purpose of this startup entry is unknown at present but it appears to be related to the Calendar 200X Reminder entry - as disabling that entry via the program also disables this oneYes
NCalendar 200X Remindercalendar.exePart of Calendar 200X by Joel Graffman - which is no longer supported or available from it's author. Displays reminders for holidays, anniversaries, tasks, etc. Disabling this entry via the program also disables the Calendar 200X Monitor entryYes
?Calendar MonitorcalmonitorBackground task for Calendar 200X by Joel Graffman - which is no longer supported or available from it's author. The exact purpose of this startup entry is unknown at presentYes
UCalendarscopecs.exeCalendarscope calendar softwareNo
Xcalkcalk.exeAdded by the STARTPA-FH TROJAN!No
XCall Function System32sddriver.exeAdded by a variant of the SDBOT TROJAN!No
XCall32Call32.exeAdded by the SPAMMIT-H TROJAN!No
YCallBumpingcbpopw.exeRelated to the Gazel 128 PCI ISDN adapter. Required if you use itNo
UCallCenter Main ApplicationV3calmcp.exe"V3 Inc. CallCenter is a free 32-bit, integrated fax, voicemail and data communications application with a simple to use interface providing fax send and receive functionality, basic (single mailbox) answering machine capability, and sophistcated data communications." Main applicationNo
UCallCenter Printer InterfaceV3faxecp.exe"V3 Inc. CallCenter is a free 32-bit, integrated fax, voicemail and data communications application with a simple to use interface providing fax send and receive functionality, basic (single mailbox) answering machine capability, and sophistcated data communications." Fax printerNo
NCallControlftctrl32.exeFaxTalk Messenger Pro is a Windows TAPI based 32-bit application. When installed, the software automatically loads FaxTalk CallControl when you start Windows. When FaxTalk CallControl is running, any TAPI compliant application can request to use the modem from WindowsNo
?calmonitorcalmonitor.exeBackground task for Calendar 200X by Joel Graffman - which is no longer supported or available from it's author. The exact purpose of this startup entry is unknown at present but it appears to be related to the Calendar 200X Reminder entry - as disabling that entry via the program also disables this oneYes
?calmonitorcalmonitorBackground task for Calendar 200X by Joel Graffman - which is no longer supported or available from it's author. The exact purpose of this startup entry is unknown at presentYes
NCamCheckCamCheck.exeNuCam camera software relatedNo
UCamenoCameno.exeCameno is a program which brings tabbed windows to MSN Messenger 6.0 and aboveNo
UCamera Assistant Softwaretraybar.exeCamera Assistant Software utility for Toshiba laptops - allows you to take pictures with and control the integrated WebCamNo
UCamera DetectorCAMDET~*.EXEACDSee Auto Device Detector detects when a device is connected to your PC and gives you the option to acquire images from it automaticallyNo
UCamera DetectorCamdetect.exeACDSee Auto Device Detector detects when a device is connected to your PC and gives you the option to acquire images from it automaticallyNo
UCamera DetectorDEVDET~*.EXEACDSee Auto Device Detector detects when a device is connected to your PC and gives you the option to acquire images from it automaticallyNo
?CameraApplicationLauncherCameraApplicationLaunchpadLauncher.exeSupports the integrated webcam on IBM/Lenovo Thinkpad notebooks. What does it do and is it required?No
UCameraAssistantCameraAssistant.exeEntry added when you install versions of the Logitech QuickCam webcam software and used to configure and tweak your webcam settings. Includes support for the Quick Assistant - which launches when a video application (such as video conferencing in an instant messaging client) accesses to camera so you can quickly fine tune face tracking and zoom, for example. If you don't use the camera on a daily basis create your own shortcut and run it manually when requiredYes
NCamio Viewer xIXApplet.exeImage viewing program that comes with digital cameras. Shows pictures that are in the camera before downloading them. "x" in the name is the versionNo
?CamMonitorhpqcmon.exeFrom HP and related to digital imagingNo
YCamWizardCamWizrd.exeLaunches the Logitech Camera Wizard on the first reboot after installing versions of Logitech QuickCam webcam softwareYes
NCanadaCanada.exeKnown to be a dialler - but is it maliscous or clean?No
UCanarycanary-std.exeCanary keystroke logger/monitoring program - remove unless you installed it yourself!No
Xcandycommand32.exeAdded by the RBOT-LV WORM!No
XcandynetTaskmsg.exeAdded by the RBOT-NA WORM!No
UCANoeCANoe32.exeCANoe from Vector Informatik. Development and test tool for Engine Control Units (ECU) based upon the CAN, LIN, MOST, FlexRay, Ethernet and J1708 bus systemsNo
UCanon MultiPASS Status Monitormonitr32.exeCannon Multi-Pass status monitor - your choiceNo
?Canon PC1200 iC D600 iR1200G Status WindowCAPM1LAK.EXECannon printer related - is it required in startup?No
NCanon Printer Monitor BJCxxxCjstlst.exeTrayicon for Canon printer. xxx denotes model. Available via Start -> ProgramsNo
UCanonMyPrinterBJMyPrt.exePrinter software for Canon Bubblejet printersNo
UCanonSolutionMenuCNSLMAIN.exeCanon's Solution Menu dialog box leads you quickly toward documentation, utilities, and help filesNo
?CAP3ONCAP3ONN.EXECanon driver, purpose unknown. Is it required in startup?No
Ycapfasemcapfasem.exeCA Personal Firewall - part of the CA Internet Security SuiteNo
NCapfaxcapfax.exePhoneTools fax softwareNo
Ucapfupgradecapfupgrade.exeCA Personal Firewall - part of the CA Internet Security SuiteNo
UCAPingCAPing.exeCitibank Citianywhere softwareNo
YCaponCapon.exeCanon printer driverNo
YCaponCaponn.exeCanon printer driverNo
XCaptcha7rundll captcha.dllAdded by the TINY.WRE TROJAN!No
XCaptionMgr32crssr.exeAdded by the ZAR.A WORM!No
Xcapturecapture.exeAdded by the THEEF-B TROJAN!No
NCapture Express 2000capexp.exeCapture Express - screen capture utilityNo
UCaptureAssistantCaptureAssistant.exeCapture Assistant "is a convenient and easy-to-use text and graphics capture tool". It allows you to capture text, font information, graphics, etcYes
NCaptureBatCapture.exe!Quick Screen Capture from EtruSoft Inc. - "allows you to take screenshots from any part of your screen in more than 10 ways, and save images in BMP/JPG/GIF formats"No
NCarbonite BackupCarboniteUI.exe"Carbonite's online backup service starts automatically and works quietly and continuously in the background protecting your data"No
NCard MonitorREGCNT09.exeFor the USB connection on a Panasonic PV-DV701 Digital Camcorder. Available via Start -> ProgramsNo
?CardScan AutoSyncCSyncCfg.exeRelated to the CardScan business card reader range of products. May be related to synchronization with E-mail software and mobile devices (see here)?No
XCare20Care20.exeTopMoxie adwareNo
UCare2GTUCare2GTU.exeCare2 Green Thumbs-Up (from the Care2 site). Every online purchase helps environmental causes; tells you how eco-friendly a company really is, thanks to over 200 company profiles from Coop America. Saves 1 square foot of rainforest every day you use it. If it works and you like it, keep itNo
Ucarpservcarpserv.exeAssociated with Zoltrix and Conexant modems - enables the internal modem speaker, allowing you to listen to the dial-up sounds for exampleYes
XCARPserverCARPserver.exeAdded by the BANKER-AN TROJAN!No
UCARPservicecarpserv.exeAssociated with Zoltrix and Conexant modems - enables the internal modem speaker, allowing you to listen to the dial-up sounds for exampleYes
Xcartao[path to file]Added by the DLOADER-QD TROJAN!No
Xcartaoconflicted.exeAdded by the DADOBRA-DV TROJAN!No
Xcartaokilling.exeAdded by the DLOADER-QN TROJAN!No
Xcartaocartao.exeAdded by the BANKER-FA TROJAN!No
XCAS Clientcasclient.exeCasinoClient adwareNo
XCas2Stubcas2stub.exeCasinoClient adwareNo
UCasAgntCasAgnt.exeProgram by Extended Systems which allows you to sync your Casio PDA with your PCNo
XCasdvqwabmqnzkg.exeAdded by the RANDEX.BE WORM!No
Xcaseyvideocaseyvideo.exeMalware causing adult content popupsNo
Xcaseyvideo[*] [* = digit]caseyvideo[*].exe [* = digit]Malware causing adult content popupsNo
XCashBackcashback.exePart of eXact Advertising Software, consisting of "CashBack by BargainBuddy", BullsEye Network and NaviSearchNo
XCashFiestaCashfiesta.exeCASHFIESTA.A pay-per-surf adwareNo
NCashsurfers Cashbar NavigatorCashbar.ExeCashsurfers CashBar Navigator - "The CashBar rotates banner advertisements once per minute and provides you with access to up to date special offers and deals"No
XCashToolbarMSCStat.exeAdded by the DOWNLOADER-MY TROJAN!No
XCashToolbarsvchost.exeBrowserAid/CashToolbar adware! Note - this is not the legitimate svchost.exe process which should not normally figure in Msconfig/Startup!No
XCasino Royalejamesbond.exeAdded by the RBOT-FZO WORM!No
XCassandra[10 to 14 random char]THD.EXEAdded by the KREPPER-AI TROJAN!No
XCassandracassandra.exeSuperSpider hijacker - a CoolWebSearch parasite variant. Also detected as a variant of the KREPPER TROJAN!No
XCasStubcasstub.exeAdded by the CASS-A TROJAN!No
XCatalyst Control Centreatixvdm.exeAdded by the RBOT.DMW TROJAN!No
Xcatsrvcatsrv.exeAdded by the PAPLOK TROJAN!No
YCAVRIDCAVRID.exeeTrust™ EZ Antivirus Real Time Infection Report from Computer AssociatesNo
YCAVSCAVS.exeCheyenne (now eTrust) antivirusNo
XCAZNOVASCAZNOVAS.exeAdded by the CAZNO TROJAN!No
XCBACK.EXECBACK.EXEAdded by the PENTA-A TROJAN!No
UcbInterfacecbInterface.exeSystem Tray access to Cobian Backup versions 8 thru 10 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program using the default settings as service on an NT based OS (NT/2K/XP/Vista). If you don't have regularly scheduled backups then choose the startup installation option and run it manually when requiredYes
Xcbvcsurretnd.exeAdded by the FRETHOG-C WORM!No
UCBWAttnCBWAttn.exeRequired for Bitware to answer incoming faxes, can cause sleep mode problemsNo
UCBWHostCBWHost.exeRequired for Bitware to answer incoming faxes, can cause sleep mode problemsNo
?CBWUserCBWDial.exeAssociated with Bitware that integrates fax, voice, pager, and data communications on your desktopNo
XCC2KUIcomet.exeComet Cursor adwareNo
Xccagent.execcagent.exeControl Center and Control Components rogue security software - not recommended, removal instructions here and hereNo
XCcaoregedit.exeProbably a variant of MediaTickets adware. Note - this is not the valid Windows registry editor which resides in %Windir% and will not figure in Msconfig/Startup! This version resides in a "mduu" subfolder, which may changeNo
YccAppccApp.exePart of earlier versions of Norton AntiVirus - Auto-protect and E-mail check will not function without thisYes
XccApp[random filename]Added by the OBSORB TROJAN! Note the random filename compared to the valid Norton AntiVirusNo
XccAppWMADZ.EXEAdded by the RBOT-LJ WORM!No
XccApp.EXEAdded by the RBOT-LJ WORM!No
XccAppgcasServ.exeAdded by a variant of the RBOT WORM! Do not confuse with the Microsoft AntiSpyware executable of the same nameNo
XccAppexample.exeTwoSeven spywareNo
XccApprsvcrhost.exeAdded by the TACTSLAY.A TROJAN!No
XccApprexpIorer.exeAdded by the TACTSLAY.A TROJAN!No
XccApproutIook.exeAdded by the TACTSLAY.A TROJAN!No
XccApprsvcshost.exeAdded by the TACTSLAY.A TROJAN!No
XccAppsservices.exeAdded by the NEVEG.B or NEVEG.C WORMS! Note - this is not the legitimate services.exe process, which should not appear in Msconfig/Startup!No
XccAppswinlogon.exeAdded by the NEVEG.A WORM! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup!No
XccAppsN/AAdded by the KANGAROO-A TROJAN!No
XccAppsccApps.exeAdded by the KANGAROO-B WORM!No
XccctpHistoryJMTi.exeAdded by the GANBATE.A WORM!No
UCCD ManagerDDS.EXEProject Labs Century CD manager for their CD/DVD storage deviceNo
NCcdecoderundll32.exe streamci, StreamingDeviceSetupPart of the closed caption decdoder/MS VBI codec. Should only run onceNo
XccDHCP32ccDHCP32.exeAdded by the AGOBOT-HJ WORM!No
YCCDoctorLogonTestingccdoctor.exeChecks your system to make sure it's configured properly for running IBM Rational ClearCase, a source code management tool. ClearCase is fairly sophisticated so there are a lot of system-related things that can cause it grief. If you run ClearCase you should not disable this as it provides a valuable service, but technically it isn't required to use the ClearCase productNo
YccenterCCenter.exeRAV AntiVirus No
YCcEvtMgrccEvtMgr.exePart of Norton AntiVirus 2003. Event manager for scheduling weekly scans and or automatic virus updates. Used to start automatically via "ccApp" and was not required as a seperate entry but a recent update changed thisNo
XccEvtMrg.execcEvtMrg.exeAdded by the RBOT.GZ WORM!No
XccExecutebootcfg1.exeAdded by the NEMSI-B VIRUS!No
XccHelpccHelp.htaSearchq adwareNo
UCCleanerCCleaner.exeCCleaner from Piriform Ltd. - "is a freeware system optimization, privacy and cleaning tool". Features include removing unused files, cleaning internet history, managing startup programs and a fully featured registry cleanerYes
XccpAppscsrss.exeAdded by the WEBUS TROJAN! Note - this is not the legitimate csrss.exe process which should not normally figure in Msconfig/Startup!No
XccpAppslsass.exeAdded by the WEBUS.B TROJAN! Note - this is not the legitimate lsass.exe process which should not normally figure in Msconfig/Startup!No
UccProxyCCPROXY.EXEPart of Norton Internet Security, proxy server that is used to support the parental controls. If you turn parental controls off at user level the process is not loaded. Reported to cause excessive CPU usageNo
XccPrxy.execcPrxy.exeAdded by the SHIPUP-H WORM!No
YCcPxySvcCCPXYSVC.exePart of Norton's AntiVirus 2003, Internet Security and Firewall products. E-mail proxy service - required for E-mail scanning and the firewallNo
Xccregexplorer.exeAdded by the ZCREW BACKDOOR! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%No
YccRegVfyccRegVfy.exePart of earlier versions of Norton AntiVirus - "ccRegVfy.exe is responsible for checking the integrity of the NAV registry entries to make sure that the information has not been changed by a malicious threat or a hack"Yes
XccRegVfYexpIorer.exeAdded by the TACTSLAY.A TROJAN!No
XccRegVfYsvcrhost.exeAdded by the TACTSLAY.A TROJAN!No
XccRegVfYsvcshost.exeAdded by the TACTSLAY.A TROJAN!No
XccRegVfYoutIook.exeAdded by the TACTSLAY.A TROJAN!No
Xccrssmsdtc.exeAdded by the STAP-C WORM!No
YccSetMgrccSetMgr.exePart of Norton AntiVirus 2004. What does it do?No
XccStartccStart.exeAdded by the AGOBOT-IR WORM!No
XccStartccInfo.exeAdded by the AGOBOT-GQ BACKDOOR!No
XccSvcHst.execcSvcHst.exeAdded by the SDBOT-DIW WORM!No
Xccsvit.execcsvit.exeAdded by the STARTPA-HP TROJAN!No
Ucctraycctray.exePart of CA Internet Security SuiteNo
XccUpdateccUpdate.exeAdded by the AGOBOT.YS WORM!No
UccUpdMgrccUpdMgr.exeIn Loco Parentis remote surveillance software. Uninstall this software unless you put it there yourself!No
UCCUTRAYICONCCU_TrayIcon.exeRelated to Traybar Launcher from Intel Corporation belonging to Intel® Viiv®No
UccWasheraolwasher.exeWebroot Cache & Cookie Washer - cleaning browser tracks, including cache, cookies, history, mail trash, drop-down address bar, auto-complete forms and downloaded program files for IE, Netscape and AOLNo
UCCWC7aac.exeMoleculesoft Cache, Cookie & Windows Cleaner. No longer supported but available for freeNo
UCCWC7Iidxl.exeMoleculesoft Cache, Cookie & Windows Cleaner. No longer supported but available for freeNo
UCCWC7sstealth.exeMoleculesoft Cache, Cookie & Windows Cleaner. No longer supported but available for freeNo
YCCWinTraywintmr.exeSystem Tray access to Child Control parental control software by SalfieldNo
XccwPinopenS.exeAdded by the DELF-AJE TROJAN!No
NCD Storage Mastercdstorager.exeCD Storage Master - a program designed to catalog CD information, boasts a number of handy features for organizing your collectionNo
UCD-DVD Lock for Win95/98/Me/2k/XPCDVAgent.exeLoads CD-DVD Lock from Ixis Research, Ltd - which is "intended for restricting read or write access to removable media devices such as CD, DVD, floppy and flash, as well as for restricting access to certain partitions of hard disk drives. You can restrict access by two ways: hide your devices from viewing or lock access to them". If disabled, hidden and locked drives still retain their original status so the user will only be able to change their status them via the main UIYes
Xcd1cd1.exePremium rate adult content diallerNo
NCDANTSRVCDANTSRV.exeC-Dilla License Management software. Used for any program that uses C-dilla Protection, example: 3D Studio Max 4.x. It loads as a service automatically but is not needed unless you run said program. Can be started and stopped manuallyNo
XCdcompatCdcompat.exeAdded by the GEMA TROJAN!No
Xcddrv32cddrv32.exeAdded by a variant of the CRYPTER.C TROJAN!No
NCDInterceptorcdi.exeCD indexer for measuring the speed of CD playersNo
Ycdloadercdloader2.exeFrom MagicJack - "A softphone device that allows you to attach an analog phone into the PC so you can have a traditional-style phone system in your house without any monthly charge"No
UCDLoadersb32mon.exePart of the SpyBuddy keystroke logger/monitoring program - see here. Remove unless you installed it yourself!No
Xcdmmslpoklpllsm.exeAdded by the TEDIJINI-A TROJAN!No
XCdnCtrcdnup.exeCNNIC Update pestNo
Xcdoosoftherss.exeAdded by the SILLYFDC.BCT WORM!No
Xcdoosoftolhrwef.exeAdded by the AUTORUN-AAG WORM!No
XCDriverwindrv.exeAdded by the DELF.WG TROJAN!No
XCDriversvchost.exeAdded by a variant of the DELF.IT TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! The location of this file variesNo
XCdrom Controllercdromcntrl.exeAdded by the BATTRY-A TROJAN!No
Xcdscds.exeAdded by the SPYMON TROJAN!No
XCDSpeed.exeCDSpeed.exeAdded by the IRCBOT.AEX BACKDOOR!No
NCDTrayCDTray.exeOn HP PCs, this is the small CD icon next to the timeNo
UCDVAgentCDVAgent.exeLoads CD-DVD Lock from Ixis Research, Ltd - which is "intended for restricting read or write access to removable media devices such as CD, DVD, floppy and flash, as well as for restricting access to certain partitions of hard disk drives. You can restrict access by two ways: hide your devices from viewing or lock access to them". If disabled, hidden and locked drives still retain their original status so the user will only be able to change their status them via the main UIYes
UCeEKEYCeEKey.exeHot Key utility included on Toshiba Satellite laptopsNo
UCeEPOWERcepmtray.exeToshiba's Power Management Utility - allows the user to setup different profiles for both AC power and Battery Power on laptops. Contols CPU speed, Monitor Shut Off, Hard Drive Shut-Off, Monitor Brightness, System Stand-by and System Hibernate timesNo
?CeicCeic.exe??No
XCekirge[path to worm]Added by the KERGEZ.A WORM!No
Xcenter[random name]32.exeAdded by the BOFRA.A WORM!No
XCentralProcessortaskimgr.exeAdded by the BANCOS.J TROJAN!No
?CEPAwsot.exe??No
XCerbDivXx.exeAdded by the KEYLOG-LV TROJAN!No
UCertificateRegistrationSafeSignCertReg.exeSafeSign Certificate Registration Utility for Microsoft Crypto applicationsNo
UCertRegcertreg.exeRelated to Gemplus Card Reader No
YCertStoreInitCertStoreInitAladdin eToken authentication and password managementNo
Ycerttoolcerttool.exePart of Client Security Software for IBM\Lenovo notebooks. If you have configured the software via the associated wizard this will need to be running if you want to mount password protected areas of the disk (created with SafeGuard PrivateDisk), use the password manager or file/folder encryption optionsYes
NCesarFTP FTP Serverserver.exeCesarFTPd - FTP serverNo
Xcesmain.dllRundll32.exe [path] cmail.dll, Rundll32CnsMin (Chinese Keywords) hijacker related. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
XCEventMgrCell.exeAdded by the BIFROSE-AK TROJAN!No
NCFDCFD.exeBroadJump Client Foundation. Broadband troubleshooting software installed by various companies. Not required and you can remove it via Add/Remove programsNo
XCFDStartWinMuschi.exeWINMUSCHI diallerNo
NcfFncEnabler.execfFncEnabler.exeToshiba "Config Free" wireless network manager on their range of laptopsNo
Xcfgboostcfgboot.exeAdded by an unidentified WORM or TROJAN!No
Ycfgintprcfgintpr.exeConfiguration Interpreter - part of Tiny Personal Firewall V4No
Xcfgmgr51RunDLL32.EXE cfgmgr51.dll,DllRunBookedSpace parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "cfgmgr51.dll" file is located in %Windir%No
Xcfgmgr52RunDLL32.EXE cfgmgr52.dll,DllRunBookedSpace parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "cfgmgr52.dll" file is located in %Windir%No
Ncfgwizcfgwiz.exeIntroduced with Norton Anti-Virus 2002, this is a real resource hog. Many NAV users will find they can live without loading itNo
UCFi ShellToys Utility ManagerCFiShlMan.exeManager for CFi ShellToys from Cool Focus International Ltd - which "puts all the tools you need right where you need them - just a click away on your context menu. Right-click one or more files or folders, the desktop or the window background for instant access to 50 context-sensitive shell extensions"No
?cFosDNTcFosDNT.execFos DSL Modem driver related. What does it do and is it required?No
?cFosInst_Checkcfosinst.execFos DSL Modem driver related. What does it do and is it required?No
UcFosSpeedcFosSpeed.execFos Software Internet acceleration program related. Note - may be necessary for the software to work properlyNo
UCFSServ.exeCFSServ.exeBelongs to Toshiba's configfree utility and searches for Wireless DevicesNo
Xcftmonsfcmonit.exeAdded by a variant of the AGENT.ERG TROJAN!No
XcftmonWindowsUpdate.exeAdded by the AGENT.AQK BACKDOOR!No
Xcftmon32taskmgr*.exe [* = number]Added by the SOWSAT.C and SOWSAT.J WORMS!No
XCftmon32afd.exeAdded by the AUTORUN-AUB WORM! The "afd.exe" file is located in %Windir%No
XCftmon32afd.exeAdded by the SCAR.AYWK TROJAN! The "afd.exe" file is located in %AppData%No
Xcfycfy.exeSurfenhance.com SearchForIt adware variantNo
XCGI Firewall ScriptCGIAGENT.EXEAdded by the BROPIA-U WORM!No
UCGServercgserver.exeAssociated with an Eicon Networks ISDN or ADSL modem. Call Guard Server (CGserver) watches your modem and blocks incoming or outgoing calls. You need cgard.exe (from Startmenu) to configure cgserver with rules and telephone numbers. Good against unwanted dialer programsNo
XCgtask Servicescgtask.exeAdded by the LALA.B TROJAN!No
XCgywincgywin32.exeAdded by the RBOT-AEI WORM!No
UChamClockChamClock.exeChameleon Clock - system tray clock replacementNo
Xchange-me-nowmsgfix1.exeAdded by the SDBOT.ZD WORM!No
UChangeICONSPMSMON.EXECard reader related program. Note - may cause problems with My Computer loading at startup. Disabling through MsConfig seems to solve the problemNo
?ChangeLineschngline.exe??No
XChansonsMP3rundll32.exe MSA64CHK.dll,DllMostrarMatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
YCharter High-Speed Security Suitefspex.exeCharter High-Speed Security Suite - security software in collaboration with F-SecureNo
XChat loginchatlogin.exeAdded by the ANTINNY.F WORM!No
NChatangoChatango.exeChatango - "allows people to be connected in real time through their Web browsers. Include your Chatango contact link or button when you create eBay auctions, blogs, personal websites, Friendster profiles, and your visitors will be able to contact you instantly, without downloading anything, or registering. Alo use it to send email to your friends, allowing them to respond to you in real time!." The 'MessageCatcher' icon in the System Tray notifies you when you get a message. When you get a message, a little alert pops up, which you can click on and start chatting immediatelyNo
UChatStatChatStat.exeChatStat from ChatStat Technologies, Inc. Provides live chat assistance in up to 16 languages allows your operators to be more productiveNo
NChcenterchcenter.exeIMSI HiJaak - "the easiest way to convert, capture, and manage all your graphic files"No
XChckupNetverchk.exeCovert Sys Exec malware variantNo
Xchcp.exechcp.exeAdded by the SDBOT.BMH BACKDOOR!No
Xche32che.ocx.vbsAdded by the ADENU-B VIRUS!No
XCheatleGigaByte.exeAdded by the SHODI.B VIRUS!No
Ucheatmonitorstart.exeCheatMonitor surveillance software. Uninstall this software unless you put it there yourselfNo
XCheckCheck.exeAdded by the VB-DRN WORM!No
NCheck for One Touch Updatewiseupdt.exeChecks for updates for Visioneer OneTouch scannersNo
NCheck for TWS UpdatesWiseUpdt.exeInteractive Brokers - check for update to their standalone Java-based trading platformNo
UCheck Messengercmesseng.exeCheck Messenger from Qchex.com - program that helps you manage the activity of your Qchex account. Qchex appear to be no longer in buisnessNo
UCheck&GetCheck&Get.exeCheck&Get from ActiveURLs. Manages your browser bookmarks and favorites. Monitors Web sites for changes and updates, captures and highlights the changed contentsNo
NCheckCustomWorksUpdateCheckCWupdate.exeUpdate checker, part of CustomWorks - "customize any embroidery designs to design your own unique creations"No
UCheckDialerChkDial.exeAdded by the CheckDialer modem connection monitoring toolNo
XCheckdiskmscas.exeAdded by the VAGON-A TROJAN!No
XCheckFaultKernelmswdm.exeAdded by the SMALL-CSK TROJAN!No
UCheckItToolBox.exeCheckIt Toolbox from WinCheckIt Diagnostic Software. Toolbox automatically backs up critical system files (such as .ini files and the Windows Registry), and performs a check on various system parameters at intervals you specifyNo
UCheckIt 86CheckIt86.exeCheckIt 86 popup blockerNo
YCheckMsgPlusMsgPlusH.dll, VerifyInstallationAdded by MSN Messenger Plus, a third party extension to MSN Messenger. This is the auto-update feature - see here for more info.No
Xcheckrunelite***32.exe [* = random char]EliteBar adware No
Xcheckrunelitelsj32.exeAdded by the MULTIDR-ER TROJAN!No
XCheckScan32regload16.exeAdded by the AEBOT.K WORM!No
?checktimect.exeFound in the HPSelectFrontend directory on a HP machine. What is it's purpose and is it required?No
YCheckVCRIOMagic.exeDriver for the I/OMagic Personal Video Recorder (DR-PCTV100)No
XCheckWinPerfperfinfo.exeAdded by a variant of the IRCBOT TROJAN!No
UCherryKeyManKeyMan.exeMultimedia keyboard manager for the Cherry keyboard series. Only required if you use any of the special keysNo
XchiCkiechiCkie.exeAdded by the CHIKO WORM!No
UChicoSyswebtmr.exeChild Control parental control softwareNo
UChikkaDefaultChikkaLauncher.exeChikka PC text messanger and IM clientNo
UChilyClientChilyClient.exeChily Employee Activity Monitoring surveillance software. Uninstall this software unless you put it there yourselfNo
Xchina11msnCHINA11MSN.EXEAdded by the ENVID.O WORM!No
XChinagnqvasdd.exeAdded by the SDBOT-SE WORM!No
UChineseStarcstar.exeChinese language support softwareNo
UCHIPDRIVEPinManagersokscmpn.exeChipDrive Smartcard softwareNo
UCHIPDRIVESmartcardManagerSCMgr.exeChipDrive Smartcard softwareNo
XCHK Diskerchkdsker.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XCHK NTchkntf.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
NCHKADMINCHKADMIN.EXECompaq Network Management System. When running, it places an icon in the system tray titled "Intelligent Manageability"No
XChkDiskchk_disk.exeAdded by an unidentified WORM or TROJAN!No
Xchkdrviemon.exeDetected by Symantec as the ADCLICKER TROJAN!No
Xchkdskautoexec.batAdded by the ANPES WORM!No
UChkMailChkMail.exeMail-checking program supplied with Acer notebooksNo
UChoiceMailCHOICEMAIL.EXEChoiceMail from DigiPortal Software. Block spam with an Email firewallNo
XChokeChoke.exe -blahhhAdded by the CHOKE WORM!No
Xchoperunlli32.exeAdded by the QQPASS-U TROJAN!No
Xchostsvchostsv.exeAdded by the BANPAES.C TROJAN!No
UCHotKeymhotkey.exeEnables special keys on Chicony keyboards. Special combinations include Internet, E-mail, vol+, vol-, mute, etc. Only required for extended featuresNo
UCHotKeyMK9805.EXEEnables special keys on Chicony keyboards. Special combinations include Internet, E-mail, vol+, vol-, mute, etc. Only required for extended featuresNo
UCHotKeyzHotkey.exeEnables special keys on Chicony keyboards. Special combinations include Internet, E-mail, vol , vol-, mute, etc. Only required for extended featuresNo
NChristmas Music PlayerTTEST6.EXE"Christmas Music Player brings the music of the Christmas Holiday to your desktop"No
?ChromeMarkkeysh.exeRelated to this. Don't know what keysh.exe does though and if it's requiredNo
?ChronitelInitTVCHTVINIT.EXE??No
Uchronochrono.exeChronograph is a simple utility that synchronizes internal computer clock to the atomic time. Chronograph automatically maintains correct time using atomic clock servers of the National Institute of Standards and Technology (NIST)." Shows seconds and shows the date without having to hover the mouse. Shows a calendar when hovered overNo
XCi ServsSysTuwin.exeAdded by the AGENT-NIQ TROJAN!No
XCi Svrcisvr.exeAdded by the IRCBOT.AWN BACKDOOR!No
Xci1gntci1gnt.exeDetected by Kaspersky as the AGENT.DHU TROJAN!No
XCiaBackdoormsldr.comAdded by a VIRUS!No
Xcihost.execihost.exeAdded by the LINST TROJAN!No
NCIJxP2PSERVERCIJxP2PS.EXECompaq printer utility which is required in order to make the printer work correctly - "x" depends upon the model, ie, for IJ300 x=3, for IJ700 x=7No
YCingular Communication ManagerCingularCCM.exeCingular Communication Manager - now taken over by AT&T. "provides a robust set of wireless communication tools for businesses and individuals. With wireless access to email, the Internet, business applications and corporate intranets, mobile users can be more productive while they're out of the office"No
XCinnabd Prompt32CmdPrompt32.pifAdded by the ASSIRAL-B WORM!No
NCIOche7e1~1.exeChatItOut webcam chat programNo
XCiodiagDECCONF.EXEAdded by the STRAT.EL TROJAN!No
XCirebonPunyaXXrocks.exeAdded by the BHARAT.A WORM!No
XCisco Systems[path to worm]Added by the AUTORUN.UHR WORM!No
UCisco Systems VPN Clientipsecdialer.exeCisco VPN Client - lets local users gain Administrator privileges on the operating systemNo
UCisco Systems VPN Clientvpngui.exeSets up IPSec communications for Cisco's VPN ClientNo
NCISrvr ProgramCISRVR.EXERelated to internet setup on Compaq PC'sNo
XCissiCissi.exeAdded by the CISSI.A WORM!No
UCitiUCSCitiUCS.exeCitibank Virtual Account Numbers - "With this free service for Citi cardmembers, you never have to give out your real credit card number online"No
NCitiVANCitiVAN.exeOption from Citibank to change a credit card number in a random fashion for each purchase. The number will only be used once and never againNo
Xcjbcjb.exeAdded by the AGENT.ALZE TROJAN! No
Xcjbcjb*.exeAdded by a variant of the AGENT.ALZE TROJAN - where * is a random digit and the file is located in %ProgramFiles%\cjbNo
XCJETCJet.exeFFToolBar adware toolbarNo
YCjstcomCjstcom.exeCanon printer BJ status language monitorNo
YClamWinClamTray.exeClamWin antivirusNo
XClassesint1.exe"Switch" premium rate adult content dialler variantNo
XClassesintl.exe"Switch" premium rate adult content dialler variantNo
XClassesrun_21.exe"Switch" premium rate adult content dialler variantNo
XClassessrv.exe"Switch" premium rate adult content dialler variantNo
XClassessrv2.exe"Switch" premium rate adult content dialler variantNo
XClassesMSTAR2.EXE"Switch" premium rate adult content dialler variantNo
XClassesmstart.exe"Switch" premium rate adult content dialler variantNo
UClauerUpdateClUpdate.exeAutomatic updates for the software supporting the Clau-ACCV and Clauer-idCAT digital certificate USB keysNo
Xclcbt.execlcbt.exeAdded by the AGENT.CBA TROJAN!No
Xclcl3clcl3.exeAdded by the AGENT.ES TROJAN!No
Xclcl7clcl7.exeAdded by a variant of the Covert Sys Exec TROJAN!No
UCLCLSetCLCL.exeCLCL clipboard caching utilityNo
NClean Access AgentCCAAgent.exeCisco Clean Access Agent from Cisco Systems, IncNo
XClean Mgrcleanmg.exeAdded by the IRCBOT.BBO BACKDOOR!No
XClean upservice.exeAdded by the AGENT-FPY TROJAN!No
XCleanatorCleanator.exeCleanator rogue privacy program - not recommended, removal instructions hereNo
?CleanEasyImgcleanall.exe??No
XCleaner2009 FreewareUCLN.exeCleaner2009 rogue privacy program - not recommended, removal instructions hereNo
XCleanPCToolSysRep.exeCleanPCTool rogue system error and cleaning utility - not recommended, removal instructions here. A member of the ErrClean familyNo
?CleanRegPathCleanReg.exeApparently Annex A ADSL modem related. What does it do and is it required?No
UCleanSweep Smart Sweep- Internet SweepCsinsm32.exeAutomatic logging of installs from Norton CleanSweep - available via Start -> ProgramsNo
NCleanSweep Useage WatchCSUSEM32.EXEQuarterdeck/Norton CleanSweep component - tracks how often you use files and alerts you to files that have not been used for a specified period of timeNo
Xcleansweep.execleansweep.exeAdded by the AGENT-NEU TROJAN!No
UCleanTempCLEANT~1.EXECleanTemp - deletes the contents of the TEMP directory when Windows starts and then closes - using no memoryNo
UCleanTempCleanTemp.exeCleanTemp - deletes the contents of the TEMP directory when Windows starts and then closes - using no memoryNo
NCleanupONICTASK.EXEInternet Cleanup from Allume Systems (used to be by OnTrack) - cleans up tracks left by browsing the internetNo
YCleanUpmcappins.exeUsed by older versions of McAfee internet security related products to clean up installation files that are no longer required once the product is installed. This entry will normally only appear once the product has been installed before the system is rebootedYes
YCleanUpCleanUp.exeUtility that only runs once after installing the drivers for Analog Devices SoundMax integrated soundcards to clean-up the files no longer required once the installation is complete. Other programs/drivers may use the same filename for the same purpose. In this case, the file is located in %System% and is listed under the HKLM\RunOnce registry keyYes
XCleanUp AntivirusCU[random characters].exeCleanup Antivirus rogue security software - not recommended, removal instructions hereNo
XCleanUp3launcher.exe CleanUp3Up.exeCleanUp3 rogue security software - not recommended, removal instructions here. Both files are located in %ProgramFiles%\CleanUp3No
?CleanupProgramcleanup.exeSony Vaio related - what does it do and is it required? Located in a C:\Sonysys folderNo
XCleanupToolSysRep.exeCleanupTool rogue system error and cleaning utility - not recommended. A member of the ErrClean familyNo
Xclean_serviceclean_service.cmdAdded by the REFAZ WORM!No
UCleverKeysCK.exeCleverKeys - "is free software that provides instant access to definitions at Dictionary.com, synonyms at Thesaurus.com, facts at Reference.com and more - from almost all Windows programs, including word processors, Web browsers and most e-mail programs"No
Xclfmonclfmon.exeAdded by the TACTSLAY.E TROJAN!No
Xclfmonnvsvca32.exeAdded by the TACTSLAY.E TROJAN!No
Xclfmon.execlfmon.exeAdded by the AGENT-BJ TROJAN!No
NCLHomeMediaServerCLHomeMediaServer.exeSystem Tray access to the CyberLink Live remote media access service Yes
XCli Confgcliconfig.exeAdded by a variant of the SPYBOT WORM! See hereNo
XCLI Servicesclisrv.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
NClick Radio Tunerclickr~1.exeClickRadio - subscription service playing radio music via the internetNo
NClick Tray CalendarClickT~1.EXEClickTray Calendar - shows holidays, reminders of various anniversaries,tasks etcNo
NClickMeClickMe.exeClickM "JOKE" programNo
UClickoffClickoff.exeClickoff automatically dismisses annoying dialog boxesNo
NClickSight Launchercs.exeLauncher for the ClickSight® marketing tool from ClickStream Technologies - which "is a patented data-collection technology that helps independent software vendors understand the current and future usage of their product"No
XClickTheButtonCTB.EXEClickTheButton adwareNo
XClickTheButtoncsrss.exeClickTheButton adware. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "drivers" subfolderNo
XClickTheButtoncd_load.exeAdded by the DOWNLOADER-MY TROJAN!No
XCLICONFGCLICONFG.EXEAdded by the OPASERV.T WORM!No
?Client Access API Daemoncwbappcd.exePart of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. What does it do and is it required?No
NClient Access Check Versioncwbckver.exePart of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. Checks the software version on your PC to that of the iSeries it is connected to. Not required - and can be turned off in the Client Access properties. It's a waste of resourcesNo
?Client Access Express Welcomecwbwlwiz.exeWelcome wizard launcher - Part of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. What does it do and is it required?No
NClient Access Help Updatecwbinhlp.exeClient Access Help Registry Update Function - part of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. It only updates the help files on your PC to match the level of the attached iSeriesNo
?Client Access PC5250 Soundpcssnd.exePart of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. "The Client Access Express PC5250 emulator provides desktop users with a graphical user interface for existing iSeries applications" - see here. What does it do and is it required?No
NClient Access ServiceCwbSvStr.ExePart of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. Useful if you are going to access the iSeries through Windows Explorer to move files back and forth between Windows folders and iSeries folders. This is a tool that is only used by Client Access administrators (usually) so it is not required - a waste of resourcesNo
?Client Access Taskbarcwbuitsk.exePart of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. What does it do and is it required?No
XClient Agentipxwping.exeAdded by the PPDOOR-N TROJAN!No
XClient Agentphotes.exeAdded by the PPDOOR-P TROJAN!No
XClient Agent[path to file]Added by the PPDOOR-J TROJAN!No
?Client agent for ARCserveW95AGENT.EXEPart of Brightstor ARCserve Backup from Computer Associates. What does it do and is it required?No
XClient for Microsoft Networksmsclient32.exeAdded by the SDBOT-BXQ WORM!No
NClient Security Solutioncssauth.exePart of Thinkvantage Client Security Solution for Lenovo ThinkPad notebooks and ThinkCentre desktops. Once configured via the associated setup screens this loads via winlogon.exe (and loads the password manager) and therefore disabling this entry has no effectYes
XClient Server Control Process[path to trojan]Added by the AGENT-HR TROJAN! No
XClient Server Run Time Proccesscsrsrv.exeAdded by a variant of the SDBOT WORM!No
XClient Server Runtime[path to worm]Added by the POEBOT-KR WORM!No
XClient Server Runtime Processcsrsss.exeAdded by the SDBOT-LD WORM!No
XClient Server Runtime Processcsrs.exeAdded by the LINKBOT.M WORM!No
XClient Server Runtime Processsmmss.exeBackdoor TROJAN! Possible SDBOT-GEN variantNo
XClient Updatewup.exeAdded by the OPANKI.O WORM!No
YCliente DLODLOClientu.exePart of the backup suites from VERITAS - Backup Exec and NetBackup. Both have now been replaced by their Symantec equivalents since they acquired VERITAS in 2005No
XClientMan1mscman.exeClientMan parasite variant No
NClik Status Monitortoolsclickstat.exePart of Iomega Tools to let you know whether an Iomega PocketZip (nee Clik) removable drive cartridge is installedNo
XClip Service Managerclipmg.exeAdded by the DELF.DXJ TROJAN!No
XClip Servicerclipsrvc.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XClip Srvclipsv.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
Xclipboard.execlipboard.exeAdded by an unidentified WORM or TROJAN!No
NClipbook ServiceClipsrv.exeSupports Windows XP ClipBook Viewer, which allows pages to be seen by remote ClipBooksNo
Uclipdiaryclipdiary.exeClipdiary from Softvoile - "Free Clipboard Manager for keeping the clipboard history"No
NClipMate5xClipMt5x.exeClip Mate 5.x by Thornsoft. Utility that allows you to store more than one item in the clipboard. Available via Start -> ProgramsNo
NClipmate6CLIPMT60.EXEClip Mate 6 by Thornsoft. Utility that allows you to store more than one item in the clipboard. Available via Start -> ProgramsNo
NClipMate7ClipMate.exeClip Mate 7 by Thornsoft - utility that allows you to store more than one item in the clipboard No
NClipomaticClipomatic.exeMike Lin's Clipomatic is a clipboard cache program - it remembers what was copied to the clipboard even after new data is copied, and allows you to retrieve the old dataNo
NClipsrvClipsrv.exeSupports Windows XP ClipBook Viewer, which allows pages to be seen by remote ClipBooksNo
XClipSrvclipserv.exeAdded by the SDBOT-AAV and SDBOT-AFE WORMS!No
XClipSrvCLIPBRD3D.EXEAdded by the MOFEI-D WORM!No
XClipsvcclipsv.exeAdded by the BLACKHOLE.F BACKDOOR!No
NClipTrakClipTrak.exeClipTrak - clipboard extenderNo
NClipTrakkerClipTrakker.exeCliptrakker - clipboard extenderNo
NCLISTARTCLIStart.exePuts the ATI Catalyst™ Control Center Icon/Shortcut on the System Tray - available via Start → ProgramsNo
Xclkhost[path to trojan]Added by the WIXUD-B TROJAN!No
NCLMemoSysTrayCLMemoSysTray.exeSystem Tray access to YouMemo from CyberLink - which "is an extremely intuitive way to write notes and reminders in a fun and easy environment" and is "designed specifically as a multi-touch application supporting the latest touch hardware"Yes
NCLMemoSysTray ApplicationCLMemoSysTray.exeSystem Tray access to YouMemo from CyberLink - which "is an extremely intuitive way to write notes and reminders in a fun and easy environment" and is "designed specifically as a multi-touch application supporting the latest touch hardware"Yes
UCLMFrontPanelclmpanel.exeSystem tray status/display/configuration utility for a number of modems. Can be disabled by right-clicking on the tray icon. If disabled, connection status is lostNo
UCLMLServerCLMLSvc.exeCyberLink MediaLibrary Service - installed with Power2Go and PowerCinema from CyberLink and used to manage the media libraries, providing advanced file search, browsing and tracking. Also included with versions of PowerCinema bundled (and re-branded) with systems from Acer, Dell, ASUS and others. Some report it uses excessive system and memory resourcesYes
UCLMLServer for HP TouchSmartCLMLSvc.exeCyberLink MediaLibrary Service - included with the version of CyberLink's PowerCinema installed on the HP Touchsmart range of desktops and notebooks and used to manage the media libraries, providing advanced file search, browsing and tracking. Some report it uses excessive system and memory resourcesNo
UCLMLSvcCLMLSvc.exeCyberLink MediaLibrary Service - installed with Power2Go and PowerCinema from CyberLink and used to manage the media libraries, providing advanced file search, browsing and tracking. Also included with versions of PowerCinema bundled (and re-branded) with systems from Acer, Dell, ASUS and others. Some report it uses excessive system and memory resourcesYes
?clnwallrundll.exe setupx.dll, InstallHinfSection ..delwall.inf??No
Xclock[various filenames]LiveChat Adware - known file names include: mssetup.exe, kstatus.exe, spoolsv.exe, sptsupd.exe, osk.exe, msswchx.exe, netdde.exe, msbkup.exeNo
XClock Manageramsngr.exeAdded by the SDBOT-XM TROJAN!No
XClockSyncSync.exeClockSync - synchronizes your system clock with an internet time server. It's by WhenU, the makers of the Save Now spyware, and they're usually seen in tandem, so it's advised to replace it with one of may spyware free alternatives availableNo
UClockWiseCLOCKWISE.EXEClockWise - produced by R J Software - a time utility. It is a schedueler not only for dates, but you can choose it to run programs at any time. It also updates the time by connecting to an atomic clock server. This is a spyware-free alternative to ClockSyncNo
UClocXClocX.exeClocX - places a clock on the desktop that can be moved and then changed into a calendar plus you can set alarms etc?No
UCloneCDCloneCDTray.exeSystem tray for the now discontinued CloneCD. The only useful option is "Hide CDR Media" only available via this tray. Has additional unknown functions in later versionsNo
UCloneCDElbyCDFLElbyCheck.exeFrom Elaborate Bytes who make CloneCD - monitors the installed filters of CD-ROMs/DVD-ROMs. Note - under Win2K removing this from startup causes the CD drive in the computer to not be recognized in the OS and after rechecking it prompts that the driver has been corrupted and asks you to restart the computer to fix itNo
UCloneCDTrayCloneCDTray.exeSystem tray for the now discontinued CloneCD. The only useful option is "Hide CDR Media" only available via this tray. Has additional unknown functions in later versionsNo
?Clotusorgreg0prtStart.exe [path] Orgprt.exeIBM Lotus SmartSuite related. In a LotusOrgReg folder. Unclear what exactly it does?No
?CLPushUpdateCLPushUpdate.exePart of the CyberLink Live remote media access service. It's exact purpose isn't know at present but it may be related to automatic updatesYes
XClremmdc.exeAdded by the PURSCAN-AI TROJAN!No
XClrSchLoader[path to file]ClearSearch adwareNo
XCLSIDcom.exeAdult content diallerNo
XCLSIDdll.exeAdult content diallerNo
XCLSIDmsgplus.exeAdult content diallerNo
XCLSIDplugin.exeAdult content diallerNo
XCLSIDsed.exeAdult content diallerNo
XCLSIDmsgplus.exePremium rate adult content dialer. Note - this is NOT the MSN Messenger 'MessengerPlus' extension No
XCLSRSSLSACS.EXEAdded by the SILLYFDC-X WORM!No
Xcls_pack.execls_pack.exeAdded by the Malware Defense rogue security software. Also detected as the FAKEAV-AQB TROJAN!No
UClUpdateClUpdate.exeAutomatic updates for the software supporting the Clau-ACCV and Clauer-idCAT digital certificate USB keysNo
?CM-SmWizardSmWizard.exeSmartWizard MFC Application - associated with C-Media who produce audio chipsets commonly used for on-board sound on motherboards. What does it do and is it required?No
Ucmacma.exeDeskSite CMA siftware - "retrieves new content from the DeskSite Data Center"No
XCMAPPcmappclient.exeCasClient adware - also detected as the CMAPP TROJAN!No
NCmaudioRundll32 cmicnfg.cpl, CMICtrlWndSystem tray control panel for C-Media based soundcards - often included on popular motherboards with in-built audio. Available via Start -> Settings -> Control PanelNo
XCmdcmd32.exeAdded by the TANKED WORM!No
Xcmd32configs.exeHijacker, also detected as the QURL-2 TROJAN!No
Xcmd64cmd64.exeCoolWebSearch Msconfd parasite variantNo
Xcmdbcscmdbcs.exeAdded by the LINEAG-GKW TROJAN!No
Xcmdconcmdcon.exeAdded by the CRYPTER.A TROJAN!No
Xcmdsvtsqn.dllAdded by a variant of the VUNDO TROJAN!No
XCmdShell.exeCmdShell.exeAdded by the BCKDR-QHY BACKDOOR!No
XCMEcme.exePart of Gator advertising spyware - see here for removal instructions. Please note that Claria Corporation no longer support GAIN-Supported software - see hereNo
XCmeSYSCMEsys.exePart of Gator advertising spyware - see here for removal instructions. Please note that Claria Corporation no longer support GAIN-Supported software - see hereNo
XCmeUPDCMEupd.exePart of Gator advertising spyware - see here for removal instructions. Please note that Claria Corporation no longer support GAIN-Supported software - see hereNo
XCMFibulaCMFibula.exeCASClient adwareNo
NCmFlywaveNameCmFlywav.exeDriver for Linksys Wireless-G Music Bridge No
UCMGrdianCMGrdian.exeMcAfee Guardian shortcut menu on the System Tray (looks like a castle) given access to Internet Security, Browser Buddy, File Guardian and help. Included with older versions of McAfee Internet Security and possibly othersNo
UCMGShieldUICMGShieldUI.exeUI for CMG (CREDANT Mobile Guardian) Shield from Credant Technologies. "The CMG Shield resides on devices and external media to enforce security policies even if the device is disconnected from the network." Used to protect sensitive corporate on laptops, handhelds, smartphones, USB drives and CD-DVDsNo
XCMManCMMan.exeAdded by the CMAPP TROJAN!No
XCmmon32Syscmmon32.exeAdded by the SMALL.CL TROJAN!No
Xcmonitorstartupmon.exeSystemDoctor rogue security software - not recommended, removal instructions hereNo
Xcmonitorpasmon.exeSystemDoctor rogue security software - not recommended, removal instructions hereNo
UCmPCIaudioRunDll32 CMICNFG3.CPL, CMICtrlWndRegisters the Control Panel applet for a C-Media PCI sound cardNo
UCMPDPSRVCMPDPSRV.EXEPrinter Driver Plus from ViewAhead Technology (formerly DeviceGuys, Inc.). "Printer Driver Plus seamlessly integrates all the necessary components of a printer driver, plus more". Installed with some Compaq and Lexmark printersNo
XCmpntDevices2.exeAdded by the TOMPAI-D TROJAN!No
XCmpntmainsv.exeAdded by the TOMPAI-C TROJAN!No
Xcmrsfcmrsf.exeAdded by the DELF-HU TROJAN!No
Xcmrsscmrss.exeAdded by the DELF.DU TROJAN!No
Xcmrsscrmss.exeAdded by the DLOADER-EK TROJAN!No
Xcmrss[path to trojan]Added by the DLOADER-QQ TROJAN!No
Xcmrstcmrst.exeAdded by the BANCOS.S TROJAN!No
Xcmrstcmrst.scrAdded by the DLOADER-FP TROJAN!No
Xcmsiserver.exeAdded by the DLOADER-WK TROJAN!No
XCMSallycallmesally.exeAdded by the CASAL.A TROJAN!No
UCMSETTINGSctmn.exePart of NetNanny Chat MonitorNo
Xcmsoundvcpdll.exeAdded by the TCXMEDI-D downloader TROJAN!No
Xcmsoundvcsystem.exeAdded by the TCXMEDI-D downloader TROJAN!No
Xcmsssystem.exeAdded by a variant of the RBOT WORM!No
Xcmssappiexplore_.exeAdded by the BANCBAN-CQ TROJAN!No
Xcmssappiexplore.exeAdded by the BANCBAN-GF TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
XcmssSystemProcesscsmss.exeAdded by the AGENT-CO TROJAN! No
XcmssSystemProcessmcsmss.exeAdded by the PROXYSER-F TROJAN!No
XcmssSystemProcesscsms.exeAdded by the AGENT-Y TROJAN!No
XCMSystemCMSystem.exeCASClient adwareNo
Xcmt101cmt101.exeAdded by a variant of the CRYPTER.C TROJAN!No
?CmUCRRunCmUCReye.exeRelated to Medion Display Information. What does it do and is it required?No
Xcmutilcmutil.exeAdded by the AGENT-DFN TROJAN!No
Xcmx32cmx32.exeAdded by the GEMA.D TROJAN!No
XCn323cnfrm33.exeAdded by the MIMAIL.G WORM!No
XCn911ODBCJET.exeAdded by the BIFROSE-PR TROJAN!No
XCNBABECNBABE.EXEAppears to be spyware added by KAZAA (and maybe others) that displays pop-up ads whilst you're browsingNo
Ncnetkontiki.exeKontiki Delivery Manager - Windows-based client software that enables secure delivery of content to users' desktopsNo
YcnfgCavCMain.exePart of Comodo AntivirusNo
XCnfrm32cnfrm.exeAdded by the MIMAIL.D WORM!No
XCnsMaxInternat.exeAdded by the POINTEX TROJAN! Note - the real internat.exe resides in %windir%\system (where %windir% is the Windows directory - C:\Windows or C:\Winnt) whereas this version resides in %windir%No
XCnsMinRundll32.exe [path] CNSMIN.DLL, Rundll32CnsMin (Chinese Keywords) hijacker related. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
YCnwiDeviceAgentcnwida.exePart of the Canon imagePROGRAF W8400 printer management softwareNo
YCnxAdslLCnxAdslL.exeDLink, Zoom, or Conexant modem driverNo
Xcnxdmqjeehalxqqtssd.exeAdded by the AGENT-OEC TROJAN!No
NCnxDslTaskBarCnxDslTb.exeConnexant DSL Taskbar as used on Acess Runner and Samsung AHT-E310 ADSL modemsNo
UCobBUCobBU.exeCobian Backup versions 6 and 7 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (NT/2K/XP). If you don't have regularly scheduled backups then choose the startup option and run it manually when requiredYes
UCobianCobian.exeCobian Backup versions 8 thru 10 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (NT/2K/XP/Vista). If you don't have regularly scheduled backups then choose the startup option and run it manually when requiredYes
UCobian BackupcbInterface.exeSystem Tray access to Cobian Backup 10 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program using the default settings as service on an NT based OS (NT/2K/XP/Vista). If you don't have regularly scheduled backups then choose the startup installation option and run it manually when requiredYes
UCobian BackupCobBU.exeCobian Backup 6 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (NT/2K/XP). If you don't have regularly scheduled backups then choose the startup option and run it manually when requiredYes
UCobian Backup 10Cobian.exeCobian Backup 10 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (XP/Vista/7). If you don't have regularly scheduled backups then choose the startup option and run it manually when requiredYes
UCobian Backup 10 InterfacecbInterface.exeSystem Tray access to Cobian Backup 10 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program using the default settings as service on an NT based OS (NT/2K/XP/Vista). If you don't have regularly scheduled backups then choose the startup installation option and run it manually when requiredYes
UCobian Backup 6CobBU.exeCobian Backup 6 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (NT/2K/XP). If you don't have regularly scheduled backups then choose the startup option and run it manually when requiredYes
UCobian Backup 7CobBU.exeCobian Backup 7 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (NT/2K/XP). If you don't have regularly scheduled backups then choose the startup option and run it manually when requiredYes
UCobian Backup 7 ApplicationCobBU.exeCobian Backup 7 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (NT/2K/XP). If you don't have regularly scheduled backups then choose the startup option and run it manually when requiredYes
UCobian Backup 7 Interfacecobui.exeSystem Tray access to Cobian Backup 7 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program using the default settings as service on an NT based OS (NT/2K/XP). If you don't have regularly scheduled backups then choose the startup installation option and run it manually when requiredYes
UCobian Backup 8Cobian.exeCobian Backup 8 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (NT/2K/XP/Vista). If you don't have regularly scheduled backups then choose the startup option and run it manually when requiredYes
UCobian Backup 8 interfacecbInterface.exeSystem Tray access to Cobian Backup 8 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program using the default settings as service on an NT based OS (NT/2K/XP/Vista). If you don't have regularly scheduled backups then choose the startup installation option and run it manually when requiredYes
UCobian Backup 9Cobian.exeCobian Backup 9 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (NT/2K/XP/Vista). If you don't have regularly scheduled backups then choose the startup option and run it manually when requiredYes
UCobian Backup 9 interfacecbInterface.exeSystem Tray access to Cobian Backup 9 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program using the default settings as service on an NT based OS (NT/2K/XP/Vista). If you don't have regularly scheduled backups then choose the startup installation option and run it manually when requiredYes
UCobian Backup AmanitacbInterface.exeSystem Tray access to Cobian Backup 9 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program using the default settings as service on an NT based OS (NT/2K/XP/Vista). If you don't have regularly scheduled backups then choose the startup installation option and run it manually when requiredYes
UCobian Backup AmanitaCobian.exeCobian Backup 9 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (NT/2K/XP/Vista). If you don't have regularly scheduled backups then choose the startup option and run it manually when requiredYes
UCobian Backup Black MooncbInterface.exeSystem Tray access to Cobian Backup 8 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program using the default settings as service on an NT based OS (NT/2K/XP/Vista). If you don't have regularly scheduled backups then choose the startup installation option and run it manually when requiredYes
UCobian Backup Black MoonCobian.exeCobian Backup 8 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (NT/2K/XP/Vista). If you don't have regularly scheduled backups then choose the startup option and run it manually when requiredYes
UCobian Backup BoletusCobian.exeCobian Backup 10 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (XP/Vista/7). If you don't have regularly scheduled backups then choose the startup option and run it manually when requiredYes
UCobian Backup Interface 6cobui.exeSystem Tray access to Cobian Backup 6 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program using the default settings as service on an NT based OS (NT/2K/XP). If you don't have regularly scheduled backups then choose the startup installation option and run it manually when requiredYes
Ucobuicobui.exeSystem Tray access to Cobian Backup versions 6 and 7 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program using the default settings as service on an NT based OS (NT/2K/XP). If you don't have regularly scheduled backups then choose the startup installation option and run it manually when requiredYes
Xcodecdirectx.execodecdirectx.exeAdded by the BANLOA-AZY TROJAN!No
XCodeCleanCCIntro.exeCodeClean rogue security software - not recommendedNo
UCodename Dashboarddashboard.exeCodename: Dashboard - "an application that resides at the side of your screen. Built on the Microsoft .NET Framework, it is a host for interchangeable components through which C.D. allows you to have any information you want, on your desktop, all the time"No
?COEMsgDisplayCOEMsgDisplay.exePart of HP's PC Common Operating Environment (PC COE) project. Located in %ProgramFiles%\Hewlett-Packard\PC COE. What does it do and is it required?No
Xcof.updit[random filename]Added by a variant of the SDBOT WORM!No
UCognizanceTSrundll32.exe [path] AsTsVcc.dll, RegisterModuleCognizance Corp Identity And Access Management suite No
XColdlife -icmpSystray.exeAdded by the FLOOD.AV TROJAN! Note - this is not the legitimate systray.exe processNo
NCollaborationHostp2phost.exeSigns a user into the People Near Me feature at login in Windows 7 and Vista. People Near Me enables you to use certain peer-to-peer (P2P) programs on a network - that "identifies people nearby who are using computers and allows those people to send you invitations for programs such as Windows Meeting Space. They can only invite you to participate in programs that are installed on your computer." Available via Start → Control PanelYes
Ucolorealcoloreal.exeMakes colours sharper and brighter, but will only work with coloreal capable monitorsNo
NColorificHgcctl95.exeColorific® from E-Color - "delivers accurate gamma and color temperature across your entire system - monitor to printer and digital camera to monitor." Now superseded by ColorWizzard™No
NColorific Control PanelHgcctl95.exeColorific® from E-Color - "delivers accurate gamma and color temperature across your entire system - monitor to printer and digital camera to monitor." Now superseded by ColorWizzard™No
XCOM Servicemscom32.comAdded by the BEASTY.H TROJAN!No
XCOM Servicemsynvr.comAdded by the BEASTY.G TROJAN!No
XCOM Servicemsjclh.comAdded by the BEASTY.E TROJAN!No
XCOM Servicemsdrce.comAdded by the BEASTY.I TROJAN!No
XCOM Servicemsflyx.comAdded by the BEASTDO-O TROJAN!No
XCOM Servicemskwda.comAdded by the AGENT-JIX TROJAN!No
XCOM+ Event SystemDRWTSN16.EXEAdded by the LOVGATE.AB WORM!No
XCOM+ EventSystem ServicesECSERVER.EXEAdded by a variant of the SDBOT WORM!No
XCom+ Syscsrs.exeAdded by the FORBOT-BT WORM! No
XCOM+ System Applicationlsas.exeAdded by the AGOBOT-MO WORM!No
XCOM+ System Applicationslsas.exeAdded by the AGOBOT.SE WORM!No
XCOM++ Systemexploier.exeAdded by the LOVGATE.Z WORM!No
XCOM++ Systemsuchost.exeAdded by the LOVGATE-F WORM!No
XCOM++ Systemsvchost.exe...Added by a variant of the LOVGATE WORM!No
NCOM-IPCOMIP.EXECOM-IP Virtual Modem Driver (COM-IP Creates a Fake Serial Port that allows you to use older DOS Based Communications Programs over Telnet. Type atdt host.domain.com instead of atdt 5551212)No
Ucom.codeode.cactusspamfiltercactusspamfilter.exeCactus Spam - free easy-to-use spam blockerNo
Ucom.codeode.privacymantraprivacymantra.exe"Privacy Mantra keeps your computer clean from online and offline tracks"No
UComAgentComAgent.exeComAgent - MDaemon's instant messaging clientNo
Xcombo.execombo.exeAdded by the CHIMO-C TROJAN!No
Xcombop.execombop.exeAdded by the BOWFEED-A TROJAN!No
XComcast Networkribiva.exeAdded by a variant of the IRC TROJAN!No
XComcastSUPPORTtgkill.exeComcast (the cable folks who are replacing @home in some parts of the USA) have struck a deal with Tioga to provide an "enhanced" support and self-repairing tool. This is "beta" at present and was made available to download by mistake at present. Remove via Start -> Settings -> Add/Remove ProgramsNo
XCOMCFGcomcfg.exeAdded by the TOADCOM.A TROJAN!No
Xcomctl32comctl32.exeAdware - detected by Kaspersky as the AGENT.AM TROJAN!No
UCOMDRV32svdhost.exeOrvell Monitoring 2003 surveillance software. Uninstall this software unless you put it there yourself. Note - asks for permission to contact the IP address of http://www.protectcom.com/No
UComm Drivercommh32.exeG Data "PC Spion". PC monitoring and surveilling software, captures all users activity on the PC, see here. Disable/remove if you didn't install it yourself!No
XCommandsystem.exeAdded by the GATECRASH.A or GATECRASH.B TROJANS! No
XCommandGotit.exeAdded by the TITOG WORM!No
XCOMMANDcommand.exeAdded by the QQPASS.E TROJAN!No
Xcommandjavaw.exeAdded by the AGOBOT-LG WORM!No
XCommand Prompt32CmdPrompt32.pifAdded by the ASSIRAL.B WORM!No
UCommand WorkStation 4cws 4.exeEFI's Command WorkStation makes "managing demanding workflows easier by centralizing job management. The software automatically identifies the Fiery servers on the network and offers customization options for displaying information" - for high-end print environmentsNo
Xcommand32command32.exeAdded by the LINEADI-A TROJAN!No
NCommCtrcommctr.exe"Net2Phone CommCenter is the latest in Internet voice technology allowing you to place calls easily all over the world right from your PC!". Available via Start -> ProgramsNo
YCommon ClientccApp.exePart of earlier versions of Norton AntiVirus - Auto-protect and E-mail check will not function without thisYes
YCommon ClientccRegVfy.exePart of earlier versions of Norton AntiVirus - "ccRegVfy.exe is responsible for checking the integrity of the NAV registry entries to make sure that the information has not been changed by a malicious threat or a hack"Yes
XCommon Filestwain.exeAdded by the AGENT.BEA TROJAN!No
NCommonSDKRoxWatchTray9.exeSystem Tray access to managing the "Watched Folders", "LiveShares" and "MediaSpace" features of the Roxio Easy Media Creator 9 multimedia suite. All of these options are available from the Media Manager utility. The "Watched Folders" feature monitors specified locations for new pictures, songs and videos being added and makes them available to the Media Manager - if you have 512MB of memory or less available it's recommended you also disable the associated "Roxio Hard Drive Watcher 9 (RoxWatch9)" service as well as the combination has been known to use significant amount of memory and cause other problemsYes
XCommonServicewinup.exeAdded by the DLOADR-BJJ TROJAN!No
YCommunications_HelperCommunications_Helper.exeEntry added when you install versions of the Logitech QuickCam webcam software. Used to interface your webcam with third party chat and voice programs such as instant messaging clients and Skype. Also, if it's disabled the camera will not work - at least not in the QuickCapture modeYes
YCommunications_Helper.exeCommunications_Helper.exeEntry added when you install versions of the Logitech QuickCam webcam software. Used to interface your webcam with third party chat and voice programs such as instant messaging clients and Skype. Also, if it's disabled the camera will not work - at least not in the QuickCapture modeYes
YCOMMUNICATORCommunicator.exePart of Microsoft Office Communicator, which is an integrated communications client that allows information workers to communicate in real time using a range of different communication options, including instant messaging (IM), voice, and videoNo
UComodo FirewallCPF.exeComodo FirewallNo
YCOMODO Firewall Procfp.exeComodo Firewall ProNo
UComodo Launch Pad TrayCLPTray.exeSystem Tray access to LaunchPad as bundled with Comodo's freebie offerings such as Comodo Anti-Virus. Some allege that LaunchPad is impossible-to-uninstall adware, or worse - see hereNo
YCOMODO Memory Firewallcmf.exe"Comodo Memory Firewall is a buffer overflow detection and prevention tool which provides the ultimate defence against one of the most serious and common attack types on the Internet - the buffer overflow attack"No
UCompanion Modulecompanion.exeThe AOL Companion is a small window that appears when you connect to the service using verison 8.0 and early builds of version 9.0. "Use the Companion to quickly get to your favourite features, including your Buddy List, Favourite Places, Address Book, and more!"Yes
XCompanionWizardcompwiz.exePart of WinAntiVirusPro 2007 rogue security software (and possibly others) - not recommended, see hereNo
UCompaq AlerterCPQAlert.exeCompaq's Insight Manager Agent - a tool that allows for "fault, performance, and configuration management". Recommended for corporate users only. It's best removed if installed but not wanted, rather than disabled at startup. See here for more informationNo
NCompaq Computer Corp SCCenter ModuleSCCENTER.EXEFor Compaq PC's. Part of BackwebNo
?Compaq Computer SecurityRundll32.exe SECURE32.CPL, Service??No
NCompaq ConnectionsCOMPAQ~1.EXESee here - "messaging service that automatically sends you support information, tips, ideas, and special offers from HP and our partners, especially designed for HP and Compaq desktop computer owners"No
NCompaq ConnectionsBackWeb-1940576.exeSee here - "messaging service that automatically sends you support information, tips, ideas, and special offers from HP and our partners, especially designed for HP and Compaq desktop computer owners". * can be any digitNo
NCompaq ConnectionsCompaq Connections.exeSee here - "messaging service that automatically sends you support information, tips, ideas, and special offers from HP and our partners, especially designed for HP and Compaq desktop computer owners"No
NCompaq DMIcpqdmi.exeCompaq version of the Desktop Management InterfaceNo
XCompaq DriversF1rewalls.exeAdded by the SDBOT-WD WORM!No
NCompaq Internet Setupinetwizard.exeFor Compaq PC's. Runs Compaq internet setup wizard and offers you to signup from ISP listNo
XCompaq Jes Driverswinjes.exeAdded by the SDBOT-XR WORM!No
UCompaq Knowledge Centersilent.exe & matcli.exe"matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, state, etc and gets written to a log file while silent.exe executes matcli.exe quietly in the background. Compaq Knowledge Center is required to run with the Help and Support program. If you uncheck Compaq Knowledge Center and and then run help and Support it will add another Compaq Knowledge Center in the startup menu. If you remove the Compaq Knowledge Center in the add/remove program some help menus in help and support will not be available like Fix my Presario, Preference, and Contact Technical Support". You decideNo
NCompaq Message ServerCOMPAQ-RBA.EXEApplies to the CPQBootPerfDB entry as well. These files generate some kind of server or servlet that attempts to connect with Compaq online. They are like Trojans, but fairly harmless. They send information on the "Compaq Advisor/Compaq Message Screener" application that comes with every Compaq computer and provide feedback on how computer users use the Message Advisor. These messages appear occasionally and instruct and advise users on their computer and its use. They generally attempt to get you (these messages) to connect to Compaq's website. They may be safely disabled via (1) MSCONFIG or (2) Start -> Programs -> Compaq Advisor -> Advisor Settings under the "advanced" tab. Not required and can cause problemsNo
UCompaq PK Daemoncpqkl.exeFor Compaq laptops for programming user configurable keys. Not required unless you use themNo
XCompaq Print Faxcpqa1000.exeAdded by the SDBOT.BCV WORM! Please take note of the difference between the legitimate Compaq Fax Utility Name (A1000 Settings Utility) and the name (Compaq Print Fax) used by this wormNo
XCompaq Service Driverssysteminfos.exeAdded by the SDBOT-XC WORM!No
XCompaq Service Driverscompq.exeAdded by a variant of the SDBOT WORM!No
XCompaq Service Driversnavapqwa.exeAdded by the SDBOT.BBQ WORM!No
XCompaq Service Driversamsn.exeAdded by a variant of the SDBOT WORM!No
XCompaq Service Driverscompqs.exeAdded by a variant of the SDBOT WORM!No
XCompaq Service Driversmsnt.exeAdded by the SDBOT.CQL WORM!No
XCompaq Service DriversNtKernelSystem.exeAdded by a variant of the SDBOT WORM!No
XCompaq Service Driverswincmd.exeAdded by the RBOT.ATV WORM!No
XCompaq Service Driverswind32.exeAdded by a variant of the SDBOT WORM!No
XCompaq Service Driverswinmsn.exeAdded by a variant of the SDBOT WORM!No
XCompaq Service Driverscompaq.exeAdded by the SDBOT-AFU WORM!No
XCompaq Service Driversmsnsvc.exeAdded by the RBOT.BKT WORM!No
XCompaq Service Driversntsys32.exeAdded by the RBOT.CIW WORM!No
XCompaq Service Driverswinsvc.exeAdded by the SDBOT-AGD WORM!No
XCompaq Service Drivers 32compq32.exeAdded by a variant of the SDBOT WORM!No
XCompaq Service Drivrscopq.exeAdded by a variant of the RBOT WORM!No
XCompaq Services Driversndt32.exeAdded by the RBOT.CQZ WORM!No
XCompaq Sound Drivers For WINDOWSsounddr.exeAdded by the SDBOT-XG WORM!No
NCompaq Video CD Watcher??For Compaq PC's. MPEG viewerNo
XCompaq32 Service Driversms32.exeAdded by the SDBOT.BWH WORM!No
XCompaq32 Service Driversmsconfig32.exeAdded by the SDBOT-ADC WORM!No
XCompaq32 Service Driversmsnt32.exeAdded by the RBOT.BVF WORM!No
?CompaqHW Comp Managercpqhcm.exeRunning on a Compaq laptop - any ideas?No
NCompaqPrinTrayprintray.exePuts printer icon in the System Tray. When this option is disabled you will no longer be able to access the Control Program or Printer Driver directly from your desktopNo
XCompaqs Service Drivercopypad32.exeAdded by the SDBOT.CSO WORM!No
XCompaqs Service Driverscompqs.exeAdded by a variant of the SDBOT WORM!No
NCompaqSystraycpqpscp.exeCompaq System Tray iconNo
XCompatibility Service Processregsvs.exeAdded by the GAOBOT.YN WORM!No
XCompd Service Drivrscodq.exeAdded by a variant of the SDBOT WORM!No
XCompliant[worm filename]Added by the RBOT-LB WORM!No
XComPlus Applicationstwain.exeAdded by the AGENT.AQO TROJAN!No
UComproRemoteComproRemote.exeVideoMate TV tuner and capture card - remote control driver No
UComproSchedulerDTVComproSchedulerDTV.exeVideoMate TV tuner and capture card - scheduler No
UCompuSpyCompuSpy.exeCompuSpy surveillance software. Uninstall this software unless you put it there yourselfNo
UCompuSpy KeyLoggercswin2008.exeCompuSpy surveillance software. Uninstall this software unless you put it there yourselfNo
XComputer Defender 2009cd2009.exeComputer Defender 2009 rogue security software - not recommended, removal instructions hereNo
XComputing Technologie Firewalllsauth.exeAdded by the SDBOT-WX WORM!No
NCOMSMDEXEcomsmd.exe3Com tray iconNo
XComStartTrojan Guarder.exeTrojanGuarder rogue security software - not recommendedNo
XComTry Web Searcherwstray.exeComtry MP3 Downloader related - spywareNo
Xcomxtcomxt.exeAdded by the COMXT TROJAN!No
Xcon[path to trojan]Added by the BRAVE-A TROJAN! No
?Concurreconcurre.exe??No
XConducteurPriveGDC.exeConducteurPrive rogue privacy tool - not recommended. A member of the PCPrivacyTool familyNo
XConfgbootconfig.exeAdded by the VB-ERB WORM!No
XConfidentSurfGDC.exeConfidentSurf rogue privacy tool - not recommended. A member of the PCPrivacyTool familyNo
XConfidentUserSRP.exeConfidentUser rogue system error and cleaning utility - not recommendedNo
XConfigservice.exeAdded by the ISRAZ.B WORM!No
XConfigWinService32.exeAdded by the CRUTCHA-A TROJAN!No
XConfigwinconfig.exeAdded by the GIP.113.B1 TROJAN!No
XConfigCONFIG.EXEAdded by the PSWGIP.B TROJAN!No
XConfigTaskUpdate.exeAdded by the MDROP-BRO TROJAN!No
XConfig LoadationiEEexplore.exeAdded by the SDBOT.H TROJAN!No
XConfig LoadatiorinI3Explorer.exeAdded by the SDBOT.H TROJAN!No
XConfig Loadersvchosl.exeAdded by the GAOBOT.P WORM!No
XConfig Loadersysldr32.exeAdded by the GAOBOT WORM!No
XConfig Loaderscvhost.exeAdded by the GAOBOT.AE or GAOBOT.AO WORMS!No
XConfig Loadersvhost.exeAdded by a variant of the AGOBOT/GAOBOT WORM!No
XConfig Loadersvchost2.exeAdded by the AGOBOT.XE WORM!No
XConfig Loader[worm filename]Added by the AGOBOT-AE WORM!No
XConfig LoaderSYSMGR.EXEAdded by the AGOBOT.C WORM!No
XConfig Loaderwincrt32.exeAdded by the AGOBOT-AW WORM!No
XConfig Loaderrpcfix.exeAdded by the AGOBOT-R BACKDOOR!No
XConfig Loadersvchos1.exeAdded by the AGOBOT-R BACKDOOR!No
XConfig Loader for Microsoft Windowsmwincfg32.exeAdded by the AGOBOT.BD WORM!No
XConfig Loader2explores.exeAdded by the GAOBOT.BT WORM!No
XConfig Loadrwinsys32.exeAdded by the AGOBOT-HN WORM!No
XConfig33.exeConfig33.exeAdded by the SDBOT.T TROJAN! No
XConfiggLoadercart322.exeAdded by the GAOBOT.DJ WORM!No
UConfigSafeCFGSAFE.EXEConfigSafe - lets you identify changes to the registry, INI files, System asset files, system hardware, network connections, and operating system versions -- provides a restore function. Your choiceNo
UConfigSafeAUTOCHK.EXEConfigSafe - lets you identify changes to the registry, INI files, System asset files, system hardware, network connections, and operating system versions -- provides a restore function. Your choiceNo
NConfigServicesConfig.exePart of initial setup on a Compaq PCNo
Xconfigsetupconfigsetup32.exeAdded by the AGOBOT-AFP WORM!No
XConfigurationexplorer32.exeAdded by the SDBOT-ML WORM!No
Xconfigurationapphost.exeAdded by the SDBOT-VP WORM!No
XConfigurationntsys32.exeAdded by the SDBOT-LN WORM!No
XConfigurationmsgfixs.exeAdded by the SDBOT-NN WORM!No
XConfigurationeiexplorer32.exeAdded by the SDBOT.TK WORM!No
XConfigurationntsyst32.exeAdded by the SDBOT-LT TROJAN!No
XConfiguration DefaultWuxat.exeAdded by the SPYBOT-CA WORM! No
XConfiguration Driverscghost.exeAdded by the SDBOT-DLA WORM!No
XConfiguration FileWinset32.exeAdded by the FLUX.101 TROJAN! No
XConfiguration Loadedwupdated.exeAdded by the MOEGA or MOEGA.AG or MOEGA.AP WORMS!No
XConfiguration Loadedlssas.exeAdded by a variant of the SDBOT WORM!No
XConfiguration Loadediexploree.exeAdded by the SDBOT-KC WORM!No
XConfiguration Loaderaim95.exeAdded by the LOADCFG or SDBOT TROJANS!No
XConfiguration Loadercmd32.exeAdded by the LOADCFG or SDBOT TROJANS!No
XConfiguration Loadersyscfg32.exeAdded by the SDBOT.B BACKDOOR!No
XConfiguration Loaderservice5.exeAdded by the GAOBOT.AF WORM!No
XConfiguration Loaderlfass.exeAdded by a variant of the AGOBOT/GAOBOT WORM!No
XConfiguration Loadersycfg34.exeAdded by the GAOBOT.AN WORM!No
XConfiguration Loaderwincrt32.exeAdded by the GAOBOT.BF WORM!No
XConfiguration Loaderwindex.exeAdded by the GAOBOT.BZ WORM!No
XConfiguration Loaderdosrun32.exeAdded by the GAOBOT.AO WORM!No
XConfiguration LoaderService.exeAdded by the GAOBOT.AO WORM!No
XConfiguration LoaderServicess.exeAdded by the GAOBOT.AO WORM!No
XConfiguration Loadersw32.exeAdded by the AGOBOT.BQ WORM!No
XConfiguration LoaderSystem.exeAdded by the GAOBOT.AO WORM!No
XConfiguration LoaderWinreg.exeAdded by the GAOBOT.AO WORM!No
XConfiguration Loadersysinfo.exeAdded by the GAOBOT.FQ WORM! No
XConfiguration Loadermicrosoft.exeAdded by the GAOBOT.JB WORM!No
XConfiguration Loaderconfgldr.exeAdded by the GAOBOT.GEN!POLY WORM!No
Xconfiguration loaderwinicfg32.exeAdded by the GAOBOT.RQ WORM!No
XConfiguration Loadersvhst.exeAdded by the GAOBOT.YC WORM!No
XConfiguration Loadermsgfix.exeAdded by the GAOBOT.AUS or SDBOT.J or SDBOT-QG WORMS!No
XConfiguration Loadermsnss.exeAdded by the GAOBOT.AUS WORM!No
XConfiguration LoaderIEXPL0RE.EXEAdded by the SDBOT BACKDOOR! Note the number "0" in the filenameNo
XConfiguration Loaderloadcfg32.exeAdded by the SDBOT BACKDOOR! Note the number "0" in the filenameNo
XConfiguration LoaderMSTasks.exeAdded by the LOADCFG or SDBOT TROJANS!No
XConfiguration Loadersystemry.exeAdded by a variant of the AGOBOT/GAOBOT WORM!No
XConfiguration LoaderccSort.exeAdded by the AGOBOT.SR WORM!No
XConfiguration Loadersmss32.exeAdded by the AGOBOT.MB WORM!No
XConfiguration Loaderwincffg.exeAdded by the AGOBOT.A3 WORM!No
XConfiguration Loaderseru32.exeAdded by the SDBOT-VR WORM!No
XConfiguration Loaderbotss.exeAdded by the SDBOT-XS WORM!No
XConfiguration Loaderldasp.exeAdded by the AGOBOT.BH WORM!No
XConfiguration Loadermsgcfgsrv.exeAdded by a variant of the AGOBOT/GAOBOT WORM!No
XConfiguration Loadersmsai.exeAdded by the SDBOT-YE WORM!No
XConfiguration Loadersvupdate.exeAdded by the RANDEX.DXP WORM!No
XConfiguration Loadercrcss.exeAdded by the AGOBOT.ADG WORM!No
XConfiguration Loaderlexplore.exeAdded by the RBOT-AGX WORM! Note - the executable is spelt with a lower case "L" rather than an lower or upper case "i" which is the case with Internet ExplorerNo
XConfiguration Loaderscvhost.exeAdded by the AGOBOT-AAE and SDBOT.AR WORMS!No
XConfiguration Loadersvchost.exeAdded by the PARADROP-A WORM! Note - this is not the legitimate svchost.exe process which should not normally figure in Msconfig/Startup!No
XConfiguration Loadersvchost2.exeAdded by the AGOBOT.JR WORM!No
XConfiguration Loaderdezi.exeAdded by the SDBOT-OB WORM!No
XConfiguration Loadermouse.exeAdded by a variant of the AGOBOT/GAOBOT WORM!No
XConfiguration Loadermsg.exeAdded by the SDBOT.BT WORM!No
XConfiguration LoaderWinHelper.exeAdded by a variant of the AGOBOT/GAOBOT WORM!No
XConfiguration Loaderextrac.exeAdded by the SDBOT-AFP WORM!No
XConfiguration LoaderDVD-Player.exeAdded by a variant of the SDBOT WORM!No
XConfiguration LoaderIEXPLORE.EXEAdded by the SDBOT-KW WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System%No
XConfiguration Loaderwincore.exeAdded by the SDBOT.BHE WORM!No
XConfiguration Loaderconfigldr.exeAdded by the AGOBOT-PP TROJAN!No
XConfiguration Loaderahnhst.exeAdded by the AGOBOT.MX WORM!No
XConfiguration Loaderntdm.exeAdded by the AGOBOT.RV WORM!No
XConfiguration Loadermsnmsgr.exeAdded by the SDBOT-SO WORM! Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %System%No
XConfiguration Loadersvschost.exeAdded by the SDBOT-NS WORM!No
XConfiguration Loaderwump.exeAdded by the AGOBOT-BU BACKDOOR!No
XConfiguration LoaderWinSys32ys.exeAdded by the SDBOT.BCS WORM!No
XConfiguration Loadercvcd.exeAdded by the AGOBOT-DH BACKDOOR!No
XConfiguration Loaderasnclt32.exeAdded by the AGOBOT-EB BACKDOOR!No
XConfiguration Loadersoundconf.exeAdded by the AGOBOT-MH WORM!No
XConfiguration Loaderwin32exec.exeAdded by the SDBOT-LA WORM!No
XConfiguration Loadermservs.exeAdded by the SDBOT-NM WORM!No
XConfiguration Loaderupdate.exeAdded by the SDBOT-OS WORM!No
XConfiguration LoaderFILENAME.EXEAdded by the AGOBOT-DQ WORM!No
XConfiguration Loaderexplore.exeAdded by the GAOBOT.GW WORM!No
XConfiguration Loadermsgfixy.exeAdded by the SLINBOT.QW BACKDOOR!No
XConfiguration Loaderwinfix.exeAdded by the SDBOT-MA WORM!No
XConfiguration Loaderscvh0st.exeAdded by the AGOBOT-AX WORM!No
XConfiguration Loadermsrun.exeAdded by the AGOBOT-Y WORM!No
XConfiguration Loaderwaudclt.exeAdded by the AGOBOT-AN WORM!No
XConfiguration Loader 2confuldr.exeAdded by the AGOBOT-FC WORM!No
XConfiguration Loader ServiceWinsys32.exeAdded by the RBOT-YV WORM!No
XConfiguration Loader Servicedevl32.exeAdded by the SDBOT-XY WORM!No
XConfiguration Loader10ip7.exeAdded by the AGOBOT-ANZ WORM!No
XConfiguration Loadingsvchos1.exeAdded by the GAOBOT.DK WORM!No
XConfiguration Loadingconfigldr.exeAdded by the AGOBOT-EC WORM!No
XConfiguration Loading Servicewscel.exeAdded by the SDBOT-WJ WORM!No
XConfiguration Loadriexplore.exeeAdded by an unidentified WORM or TROJAN!No
XConfiguration ManagerCNFGLD32.EXEAdded by the SDBOT TROJAN!No
XConfiguration ManagerCnfgldr.exeAdded by the SDBOT TROJAN!No
XConfiguration Managercfg32.exeBookedSpace parasite. Note - the "cfg32.exe" file is located in %Windir%No
XConfiguration Serveciesewins.exeAdded by the SDBOT-COH WORM!No
XConfiguration Servicesuchost.exeAdded by the TREB TROJAN!No
XConfiguration Servicesmswords.exeAdded by the SDBOT-YM WORM!No
XConfiguration UpdateUPDT32V2.EXEAdded by the SPYBOT-AA BACKDOOR!No
XConfiguration updateUPDT32V4.EXEAdded by the SPYBOT-AM BACKDOOR!No
NConfiguration UtilityCONFIG.EXEControls linksys wireless connection. Available from the DesktopNo
UConfiguration Utilitywlanutil.exeNetGear Wireless LAN configuration utility for the MA311 802.11b (and maybe other cards)No
XConfiguration WizardCfgwiz32.exeAdded by a variant of the HACKTACK TROJAN! Not to be confused with the legitimate MS "ISDN Configuration Wizard" (Cfgwiz32.exe)No
XConfiguration32 Loader32winamp32.exeAdded by the SDBOT-BIC WORM!No
XConfigurations Ascltasclt.exeAdded by the SDBOT-MX WORM!No
XCONFIGUREvantivir62.exeAdded by the AGOBOT-ZD BACKDOOR!No
UConfigUtilityConfigUtility.exeWireless management utility for the HWC54G Hi-Speed Wireless-G CardBus Card from Hawking Technologies, IncNo
XConfigVirservices.exeAdded by the AUTORUN-DV WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ~A~m~B~u~R~a~D~u~L~ subfolderNo
XConfLoadersysconf16.exeAdded by the SDBOT-FB TROJAN!No
Xconime.execonime.exeAdded by the AVENDOG WORM! Note - this is not the legitimate Console IME process of the same filename which is located in %System%No
NConmgrconmgr.exeStarts Winfax pro at startupNo
UConMgr.execonmgr.exeConnection Manager as used by Earthlink and others. If you need this to ensure a proper connection but don't want to connect at startup try creating your own shortcutNo
Xconmswfconrnbne.exeAdded by the SDBOT-DEX WORM!No
UConnect KasambaKasamba.exe"Finding the expert help that you need is easy on Kasamba. With more than 30,000 registered experts in over 600 categories to choose from, chances are, we`ll have just the right professional in the exact area of expertise that you need"No
XConnect2Partyconnect2party.exeAdult content diallerNo
NCONNECTAuto UpdateCONNECTScheduler.exeAutomatic update scheduler for the Sony CONNECT Player originally supplied with their range of USB or hard disk based MP3 players and used in conjunction with the CONNECT Music store download service - now replaced by SonicStage CPYes
NCONNECTAUTrayAppCONNECTAUTrayApp.exeSystem Tray access to change update settings for the Sony CONNECT Player originally supplied with their range of USB or hard disk based MP3 players and used in conjunction with the CONNECT Music store download service - now replaced by SonicStage CPYes
UConnection KeeperConKeepM.exe"Connection Keeper is an invaluable time-saving tool for dial-up users. This free program simulates Internet browsing (at a random interval) to prevent your connection from appearing idle, thus preventing your ISP from dropping your connection due to inactivity"No
NConnection ManagerCManager.exeSBC Yahoo DSL service connection manager. You can connect from the network connections. Users having problems with this have been advised to uninstall the connection manager via Add/Remove Programs and it won't affect the serviceNo
XConnectivity Tool[path to trojan]Added by the LITEBOT-E TROJAN!No
XConnectorSYS.EXENunci premium rate dialerNo
XConnectorsms.EXEAdded by the ExDial-B premium rate adult content dialerNo
NCONNECTSchedulerCONNECTScheduler.exeAutomatic update scheduler for the Sony CONNECT Player originally supplied with their range of USB or hard disk based MP3 players and used in conjunction with the CONNECT Music store download service - now replaced by SonicStage CPYes
XConsconsol32.exeHijacker - redirects to an adult content portal, where foistware like ISTBar gets stealth installedNo
Xconscorrconscorr.exeVX2.Transponder parasite updater/installer relatedNo
XConsole de Gerenciamento Microsoftcsrss.exeUnidentified malware! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "Level4" subfolderNo
XConsole de Gerenciamento Microsoftcsrss.exeAdded by the BANCBAN-ET TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "Central de Segurança" subfolderNo
UConsumer InputConsumerInput.exeConsumer Input Toolbar. Opt-in market research monitoring you browsing habits - see the FAQNo
UConsumer Input Rewarded with MyPoints, Consumer InputConsumerInputRewardedwithMyPoints, ConsumerInput.exeConsumer Input Toolbar. Opt-in market research monitoring you browsing habits - see the FAQNo
UConsumer Input Rewarded with MyPoints, Consumer Input UpdateConsumerInputRewardedwithMyPoints, ConsumerInputUa.exeConsumer Input Toolbar. Opt-in market research monitoring you browsing habits - see the FAQNo
?Contactecontacte.exeSome kind of driver?No
XContent connector[random filename].exeAdded by the DIALER-Y TROJAN! Note - uses a random filename and random folders. Usually the folder containing the file is a Temp folderNo
XContent List Management Subsystemclmss.exeAdded by the SPYBOT-EL WORM!No
XContent Servicewinserv[LETTER].exePurityScan adwareNo
XContentDownloadrundll32.exe MSA64CHK.dll,DllMostrarMatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
XContentEraserGDC.exeContentEraser rogue privacy tool - not recommended, removal instructions here. A member of the PCPrivacyTool familyNo
XContentServicewinservn.exePurityScan adware - see hereNo
UContentTransferWMDetector.exeContentTransferWMDetector.exePart of Sony's Content Transfer Software which "provides an easy way to transfer music, video, photos, and podcasts to the Walkman® playerNo
XContinueInstallbpsinstall.exeBrowserAid/BrowserPal foistwareNo
XContraviroContraviro.exeContraviro rogue security software - not recommended, removal instructions hereNo
XContraVirusContraVirusPro.exeContraVirus rogue security software - not recommended, removal instructions hereNo
XContraVirusContraVirus.exeContraVirus rogue security software - not recommended, removal instructions hereNo
XControlrundll32.exe ctrlpan.dll, Restore ControlPanelCoolWebSearch Msconfd parasite variantNo
UControl CenterCenter.exeAssociated with Hawking Technologies, Inc wireless products. Located in %Program Files%\Hawking\WLAN Card UtilitiesNo
XControl handler***********.exe [* = random char]CoolWebSearch parasite variantNo
XControl handlerahjinst.exeCoolWebSearch parasite variantNo
XControl handler[10 to 14 random char]THD.EXEAdded by the KREPPER-AI TROJAN!No
Ncontrol panelsmctrlw.exeSystem Tray icon for a Silicon Motion LynxEM based PCI Graphics CardNo
XControl PanelSystem.exeAdded by the DANI TROJAN!No
Xcontrol panel software servicecprs.exeAdded by the RBOT-FPI WORM!No
XControladores[path to trojan]Added by the TELEFO-A TROJAN!No
YControlCenterctlcntr.exePart of Lenovo's (IBM) ThinkVantage Fingerprint Software - used on laptops and keyboards with integrated fingerprint readersNo
NControlCenter2.0brctrcen.exeBrother scanner 'Control Center' application - can be started manually No
NControlCentreTrayXWCTray.exeSystem Tray access for the Xerox ControlCentre 2.0 software for their range of printers, copiers, faxes, etcNo
XControlled Resource System Servicecrss.exeAdded by the AGOBOT.GH WORM!No
NControllerWFXCTL32.EXEFrom Symantec's TalkWorks Pro and WinFax. Appears if you chose to have the program appear in the taskbar (System Tray) during installation and displays a yellow fax/telephone icon. Available via Start -> ProgramsNo
XControlPanelrundll32 internat.dll, LoadKeyboardProfileCoolWebSearch parasite variantNo
XControlPanelhost32.exe internat.dll, LoadKeyboardProfileAdded by a vairant of the DELF.DW TROJAN!No
XControlPanelcmd32.exe internat.dll,LoadKeyboardProfileAdded by the DLOADER-HF TROJAN. Note - the "cmd32.exe" file is found in %System%No
XControlPanelsystemctrl.exe internet.dll, LoadNetworkProfileBrowser hijacker, also detected as STARTPA-FXNo
XControlPanel[path to executable] internat.dll,LoadKeyboardProfileAdded by the BIZVES-A TROJAN!No
XControlPanelpopcorn.exe internat.dll, LoadKeyboardProfileAdded by the BIZVES-B TROJAN!No
XControlPanelpopcorn64.exe rundll.dll, LoadMouseProfileAdded by the DLOADER-OI TROJAN!No
XControlPanelpopcorn72.exe rundll.dll, LoadMouseProfileAdded by the DLOADER-RA TROJAN!No
XControlPanelsvcc.exe internat.dll,LoadKeyboardProfileWorldSearch adware - re-directing searches to "world-search.biz". Note - the "private.exe" file is found in %System%No
XControlPanelpopcorn320.exe rundll.dll, LoadMouseProfileAdded by a variant of the DLOADER-RA TROJAN!No
XControlPanelprivate.exe internat.dll,LoadMouseCarpetProfileAdded by the CLICKER-AZ TROJAN! Creates the files sdfff, fdsf and zxczxc. In %System% creates the files d.exe, s.exe and r.exe. Note - the "private.exe" file is found in %System%No
XControlPaneltwink64.exe internat.dll,LoadKeyboardProfileAdded by the DLOADER-BW TROJAN. Note - the "twink64.exe" file is found in %System%No
XControlServiceMgrcsmsv.exeAdded by the AGENT-XC TROJAN!No
UCookie Cop 2CookieCop.exeCookie Cop 2 from PC Magazine - cookie manager. Allows you to decide which internet sites can add "cookies" related to their sites for the next time you returnNo
UCookie PalCPBRWTCH.EXEKookaburra Software's Cookie Pal cookie manager. Allows you to decide which internet sites can add "cookies" related to their sites for the next time you returnNo
UCookieJarCookiejar.exeCookie Jar cookie manager from Jason's Toolbox. Allows you to decide which internet sites can add "cookies" related to their sites for the next time you return. No longer being actively supportedNo
UCookiePatrolCookiePatrol.exeCookiePatrol - cookie interceptor stopping spyware cookies that used to be part of PestPatrol before CA's aquisitionNo
UCookieWallcookie.exeCookieWall from Analog X. Allows you to decide which internet sites can add "cookies" related to their sites for the next time you returnNo
Xcookwcookw.exePart of the ErrClean rogue system error and cleaning utility - not recommended. See hereNo
UCool Deskcdesk.exeCool Desk is a virtual desktops manager. "Ever you wished to have several screens on your computer? Cool Desk creates up to 9 virtual desktops and offers you to have different windows on each of them". Not required but may be of use to youNo
XCoolDownloadsrundll32.exe MSA64CHK.dll,DllMostrarMatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
UCoolMonCoolMon.exe"CoolMon monitors vital system stats and almost anything else you wish to display on the desktop"No
XCoolMP3rundll32.exe MSA64CHK.dll,DllMostrarMatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
UCoolSwitchtaskswitch.exeALT+TAB replacement Powertoy for Windows XP - enhances the graphics displayed when you want to switch between programs running full-screenNo
NCoolwallpapercwm_tray.exeCool Wallpaper software allows you to manage high quality photos as desktop wallpaper and screen saversNo
Xcoolwebprogramclrssn.exeCoolWebSearch Smartsearch parasite variantNo
NCopernic Desktop SearchDesktopSearch.exeCopernic Desktop Search - "Easily search your entire hard drive in less than a second to pinpoint the right file, e-mail, music or pictures"No
UCopernic Desktop Search 2DesktopSearchService.exeCopernic Desktop Search - search agentNo
UCopernicPerUserTaskMgrCopernicPerUserTaskMgr.exeAutomatic tasking feature of Copernic Pro multi-search engine toolNo
UCopperheadrazerhid.exeRazer Copperhead gaming mouse driver - required if you use the additional features and programmed keys/macrosNo
UCopy handlerCopy Handler.exeCopy Handler lets you copy between hard disks, floppies, local networks, CDs, and many other storage media. Copy Handler gives you the power to pause, resume, restart, and cancel during the copying and moving processesNo
NCopyrightmwcpyrt.exeDisplays copyright information on IBM ThinkPadsNo
XCore Process Aplicationccapl.exeAdded by the QHOSTS.G TROJAN!No
XCore Process Aplication x16ccapl16.exeAdded by the SPYBOT.AFT WORM!No
XCore Process Aplication x32ccapl32.exeAdded by the SRAMLER.E TROJAN!No
XCore System Hardwaresyscorehd.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
UCoreCenterCoreCenter.exeMSI Core Center - motherboard utility for monitoring CPU speed, voltages, temperatures and fans speeds as well as overclockingNo
UCoreCenterCORECE~1.EXEMSI Core Center - motherboard utility for monitoring CPU speed, voltages, temperatures and fans speeds as well as overclockingNo
XCoreguard Antivirus 2009Coreguard 2009.exeCoreguard Antivirus 2009 rogue security software - not recommended, removal instructions hereNo
NCorel Colleagues & Contacts Reminderscffrem.exeCorel Colleagues & Contracts - all-in-one organizer for scheduling meetings, maintaining addresses, etc. Part of the now defunct Corel Print OfficeNo
NCorel Desktop Application Directordadx.exeThe Desktop Application Director (DAD) gives you easy access to all Corel applications - x represents ther version number. Available via Start -> ProgramsNo
NCorel Family & Friends remindersCFFREM.EXECorel Family & Friends - all-in-one calender, address book and list manager. Part of the now defunct Corel Print House MagicNo
NCorel Photo DownloaderMediaDetect.exeRelated to Corel Photo Album No
NCorel RegistrationRemind32.exeIf you don't want to register Corel products and be reminded about it every 2 weeks disable itNo
NCorel Registration ReminderRemind32.exeIf you don't want to register Corel products and be reminded about it every 2 weeks disable itNo
NCorel ReminderNAVBROWSER.EXEIf you don't want to register Corel products and be reminded about it every 2 weeks disable itNo
NCorel ReminderNAVBrowser.exeRegistration reminder for CorelDRAW 10No
NCorelCENTRAL 10I_26dadCC.exeCorelCENTRAL 10 - personal information manager (PIM). Supplied as part of Corel WordPerfect Office 2002. Available via Start -> ProgramsNo
NCorelDRAW Graphics Suite 11bRegistration.exeRegistration wizard for version 11b of the CorelDRAW® Graphics Suite design softwareNo
XCorelDraw ToolboxCorelDraw.exeAdded by the SDBOT-VZ WORM!No
NCorelMedia FoldersIndexer8MFindexer.exePart of CorelDraw bundles for indexing media files - similar to "fast find" in MS OfficeNo
NCorelMedia FoldersIndexer8MFINDE~1.EXEPart of CorelDraw bundles for indexing media files - similar to "fast find" in MS OfficeNo
XCoreSrvcoresrv.exeSome IRC trojans/worms use this - see here for more informationNo
?CORESYScoresys.exe??No
XCorporate Microsoft Updateuptask.exeAdded by the RBOT-GVB WORM!No
NCorrectConnectCConnect.exeBroadband ISP diagnostic tool - as used by NTL and Cox Communications. Shortcut availableNo
Xcosinecosine.exeAdded by the RBOT-SW WORM!No
UCostAwareniIPCApp.exeNetInternals CostAware - download quota measuring toolNo
XCounterstrike Service Agentczrzns.exeAdded by the MEDBOT.AR WORM!No
NCountry Selectpctptt.exeCountry selection for a PCtel HSP56 based modem. Often found in OEM (Dell,Compaq, HP, etc) systems for their modems included on the motherboard or as a separate card. Once you've set the modem up to the chosen country it's not requiredNo
NCountrySelectionpctptt.exeCountry selection for a PCtel HSP56 based modem. Often found in OEM (Dell,Compaq, HP, etc) systems for their modems included on the motherboard or as a separate card. Once you've set the modem up to the chosen country it's not requiredNo
?Coupon Offers????No
Xcouponicacouponica.exeAdware - see hereNo
?CPCopyProtectionNotifier.exeRelated to Emuzed Systems and Middleware. Comes included with Windows XP Media EditionNo
UCP32NOTCP32BTN.EXEFor the programmable "one-touch" buttons on HP laptops (and others?). Safe to disable if you don't use these buttonsNo
UCP4HPOTOneTouch.EXESupports the additional multimedia keys on HP/Compaq laptops which give single button press access to standard functions such as Mail, Search, Internet, Quick Lock and Help and Support or user programmed alternatives. Required if you use these additional keysNo
NCP888M1CP888M1.EXERelated to EZbutton quick launcher for the Media player app that comes with certain laptopsNo
?CPA9P2PSERVERCPA9P2PS.exeFound on a Compaq Presario but what is it?No
Xcpanelwinlogin32.exeAdded by the RBOT-FOY WORM!No
UCPATR10CPATR10.EXEDritek/Compal ATR10 Easy Button driver. Used on certain laptops (e.g. Toshiba, Compaq) to translate special hotkeys such as Play/Pause and ConstrastNo
UCPBrWtchCPBrWtch.exeKookaburra Software's Cookie Pal cookie manager. Allows you to decide which internet sites can add "cookies" related to their sites for the next time you returnNo
XCPCmscl0ckCPCmsclock.ExEAdded by the IRCFLOOD.BF TROJAN!No
YCPD_EXECPD.EXEFirewall bundled with McAfee VirusScan 6.*No
Xcpldeamon.exeAdded by the TACTSLAY.C TROJAN!No
Xcplmsgaol.exeAdded by the TACTSLAY.C TROJAN!No
Xcpls_menu.exeAdded by the TACTSLAY.C TROJAN!No
Xcplbrowse.exeAdded by the TACTSLAY.C TROJAN!No
NCplBTQ00CplBTQ00.EXERelated to EZbutton quick launcher for the Media player app that comes with certain laptopsNo
NCPLDBL10CPLDBL10.exeRelated to EZbutton quick launcher for the Media player app that comes with certain laptopsNo
UCPLDFL10CPLDFL10.EXEPart of the EzButton feature on some Toshiba (and maybe others) laptops which support additional buttonsNo
Xcpntmgcwincomp.exeAdded by the WINTRIM.A TROJAN!No
Xcpntmgcsimcss.exeAdded by the MAGICON.A TROJAN!No
Xcpntmgcnavpmc.exeAdded by the SIMCSS TROJAN!No
Xcpntmgcwinmgts.exeAdded by the WINTRIM-B TROJAN!No
?CPortPatchcppatch.exeCPortPatch is a utility is required for Dell laptops that are using a docking station. Is it needed though?No
Xcppc[path to trojan]Added by the VB-NV BACKDOOR!No
YCPQAcDcCPQAcDc.exeCompaq PowerCon power management software for laptopsNo
UCPQAlertCPQAlert.exeCompaq's Insight Manager Agent - a tool that allows for "fault, performance, and configuration management". Recommended for corporate users only. It's best removed if installed but not wanted, rather than disabled at startup. See here for more informationNo
NCPQBootPerfDBCPQBootPerfDB.EXESee the entry for Compaq Message ServerNo
YCPQCalibCPQCalib.exeCompaq PowerCon power management software for laptopsNo
NCPQDFWAGCpqDfwAg.exeFor Compaq PC's. Runs Compaq diagnostics on every bootNo
UCPQEASYACCcpqeadm.exeFor Compaq PC's. Allows the use of programmable keys on mulimedia keyboards. Required if you use the additional keysNo
UCPQEASYACCStartEAK.exeEasy Access Button Support for Compaq PCs. Allows the use of programmable keys on multimedia keyboards. Required if you use the additional keysNo
UCPQEASYACCSTARTDRV.exeFor Compaq PC's. Allows the use of programmable keys on mulimedia keyboards. Required if you use the additional keysNo
Ucpqeauicpqeaui.exeFor Compaq PC's. Allows the use of programmable keys on mulimedia keyboards. Required if you use the additional keysNo
Ucpqekkcpqek.exeFor Compaq PC's. Easy Access button support for the keyboardNo
XCPQHotKeyshotkeysvc.exeAdded by the RBOT-XA WORM!No
UCPQInet Runtime ServiceCpqInet.exeFor Compaq PC's. Allows AOL and Compuserve to use the Easy Access buttons for the internet. Is not required if you don't use the ISP providersNo
NCPQINKAGENTcpqinkag.exeThat is the Compaq Ink Agent for some inkjet printers, it lets users know when their ink cartridges are getting close to empty (by how many pages they have printed)No
Ucpqnscpqnpcss.exeRelated to Compaq.Net - not required if you don't use thatNo
NCpqsetCpqset.exeDefault settings software in Hewlett Packard notebookNo
YCPQSTUTFIXstutfix.exeFor Compaq PC's. Fixes audio stutter problems for ESS Maestro soundcards. You can download it here. This is a Compaq originated file and has been verified as free from viruses by McAfree/NortonNo
UCPQTEAMcpqteam.exeThis program is bundled with HP servers. When loaded a system tray icon will be available that launches the HP Network Configuration ToolNo
XcprcprAdroar.com adware downloaderNo
Xcprocsvccproc.exeAdded by MSIL.AGENT.C TROJAN!No
XCPU Idlecpuidlexp.exeAdded by the AGOBOT-BW WORM!No
UCpu Level Up helpCpuLevelUpHelp.exeIncluded with some ASUS motherboards (such as the Maximus Extreme & Striker II Extreme), "the CPU Level Up application allows you to overclock immediately with OC profile presets in Windows without the hassle of booting the BIOS." Part of AI SuiteNo
XCPU Managercpumgr.exeAdded by the PANDEM.B WORM!No
UCPU Power MonitorCpuPowerMonitor.exeIncluded with some ASUS motherboards (such as the Maximus Extreme & Striker II Extreme). Associated with the "Energy Saving" feature of AI Gear - which "is a utility designed to configure and support all ASUS EPU (Energy Processing Unit) features." Part of AI Suite No
XCPU Temp Controlwuitgurd.exeAdded by the RBOT-AHV WORM!No
XCPU Watcherrundll32.exe cpu.dll,loadAdded by the DLOADER-LO TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "cpu.dll" file is located in %Windir%No
XCPU Windows Statuscpustats.exeAdded by a variant of the RBOT WORM!No
UCPUcoolCpucool.exeProgram to keep the processor cool when idle in "overclocked" systems. Also available via Start -> Settings -> Control PanelNo
NCPUMonCPUMon.exe"CPUMon continuously displays the updated system statistics in a floating window as well as in system tray area"No
XCpusaveCpusave.exeAdded by the GEMA TROJAN!No
XCpusave32Cpusave32.exeAdded by the GEMA TROJAN!No
XCPVHOST Settingscpvhost.exeAdded by a variant of the SDBOT TROJAN!No
Xcpythidep.exeAdded by the MIRJACK-A TROJAN!No
Xcqlygworld_cup_.batAdded by the WCUP.A WORM!No
?CQSCP2PSCQSCP2PS.EXE"Compaq printer utility which is required in the startup menu in order to make the printer work correctly". Is it actually required?No
?CQSCP2PSERVERCQSCP2PS.EXE"Compaq printer utility which is required in the startup menu in order to make the printer work correctly". Is it actually required?No
XCr**.exe [* = random char]Cr**.exe [* = random char]CoolWebSearch/HomeSearch adware - for examples, see this logNo
XCr**32.exe [* = random char]Cr**32.exe [* = random char]CoolWebSearch/HomeSearch adware - for examples, see this logNo
Ucracked_windows1cracked_windows1.exeCracked Windows popup killerNo
Xcrash0001restorecrashwin32.batAdded by the AGENT-ZC TROJAN!No
XCrashDump[path to trojan]Added by the DROPPER.EAT TROJAN!No
NCrazyTalk Serverundll32.exe CrazyTalk.dll, DIIServeMediaFileCrazyTalk from Reallusion - "the worlds only facial animation tool that gives you the power to create talking animated images from a single photograph, complete with emotions." Can apparently be installed without your knowledge as well as being a legitimate download in it's own right from sites such as TUCOWSNo
UCRBroadCastingCRBroadCasting.exeCardReader2 from On Track Inovations Ltd. USB Card Reader No
XCRC Value Verifiercrsss32.exeAdded by a variant of the RBOT WORM!No
XCRC Value VerifierCrsss64.exeAdded by the RBOT-NY WORM!No
XCRC Value Verifiersvchost32.exeAdded by the RBOT-OA WORM!No
XCRC Value Verifiercrsss.exeAdded by the SPYBOT.UK WORM!No
XCrc32stats DependenciesCrc32stats.exeAdded by the MYTOB.GT WORM!No
XCRCSScrcss.exeAdded by the IRCBOT-TH WORM!No
UCreata MailJMSrvr.exeCreata_Mail. Smileys, stationary and more for you email. Required if you want to access the program from Outlook or Outlook Express No
XCreate A MonstercreateAMonster.exeKudd.com CreateAMonster. Reportedly stealth installed and Look2Me adware relatedNo
NCreateCDCreatecd.exeAdaptec Easy CD Creator system tray application (pre version 5). Available via Start -> ProgramsNo
NCreateCD50Createcd50.exeAdaptec Easy CD Creator version 5 system tray application. Available via Start -> ProgramsNo
NCreateCD_Reminderreminder.exeReminder to create system recovery CD/DVDs on a Sony Vaio laptop or desktopNo
XCreates stractures for system managementstacture.exeAdded by the SDBOT-DHS WORM!No
NCreative AGP Wizardagpwiz.exePart of Creative's BlasterControlNo
XCreative Audio Driverscreative.exeAdded by the RBOT-FKR WORM!No
NCreative DetectorCTDetect.exeAuto-detect and play a DVD when using a Creative Soundblaster Audigy2 soundcard. Uses about 2.2 MB of memory. Disable it by heading to the MediaSource DVD Audio Player, selecting Tools, then uncheck the Auto Start box. It should not start up automatically againNo
NCreative LauncherCTLauncher.exeFor Creative Soundblaster Live! series soundcards. Adds a quick-launch bar to the top of the display and a System Tray icon. Available via Start -> ProgramsNo
UCreative Live! Cam ManagerCTLCMgr.exeCreative Live! Cam ManagerNo
UCreative MediaSource GoCTCMSGo.exeCreative MediaSource Go! is a combination of a short-cut bar and launcher for the Creative MediaSource™ player/organizer - which "enables you to manage your entire digital music collection on both your computer and your Creative portable music player effortlessly"No
UCreative MediaSource GoCTCMSGoU.exeCreative MediaSource Go! is a combination of a short-cut bar and launcher for the Creative MediaSource™ player/organizer - which "enables you to manage your entire digital music collection on both your computer and your Creative portable music player effortlessly" No
NCreative PCI Audio Configuration Utilitystarter.exeSystem Tray icon to configure a Creative Soundblaster PCI soundcard. Not required and re-instates itself when un-checked. Try one of the solutions on this special page. Similar to EnsoniqMixerNo
NCreative Software UpdateAutoUpdate.exeAuto-updater for Creative Labs softwareNo
NCreative WebCam TrayCamtray.exeCreative WebCam tray control - can be started manually No
XCreative.exeCreative.exeAdded by the PROLIN WORM!No
NCreativeDiscNotifierCTNOTIFY.EXEFor Creative Soundblaster Live! series soundcards. Detects when you insert a CD-ROM, DVD-ROM, etc. Available via Start -> Settings -> Control PanelNo
UCreativeMixerCTMIX32.EXECreative soundcard System Tray access to, for example, volume slider controls as normally provided by the "speaker" icon. Not required unless you adjust any settings otherwise available via the standard iconNo
?CreativeTaskSchedulerCTSched.exeCreative Task Scheduler. What does it do and is it required?No
XCreditCopCreditCopUp.exeCreditCop rogue security software - not recommended, removal instructions hereNo
XCreditCop2CreditCop2Up.exeCreditCop rogue security software - not recommended, removal instructions hereNo
XCrisysTec SentrySentry.exeCrisysTec Sentry rogue privacy program - not recommendedNo
XCritical Error Safe32GetWaylayer32.exeAdded by the RBOT.IAL WORM!No
XCritical Update Checkbattlenet.exeAdded by the DELF-LB TROJAN!No
NCriticalUpdateWucrtupd.exeMS Windows Critical Update Notification. If you want to keep Windows up-to-date, check the Windows Update siteNo
XCriticalUpdatewucrtupd.exeAdded by the NOALA.B WORM! Note - this file is located in %Windir%, and must not be confused with the legitimate Windows process of the same name as described hereNo
Xcrmssrlt[random filename]Added by a variant of the SLAPER TROJAN!No
XCrnsavascrnsave.pifAdded by the SDBOT-ZV WORM!No
XcronosMARCO!.SCRAdded by the OPASERV.G WORM!No
XCrossMenuCrossMenuToshiba CrossMenu Utility - allows the user to create their own menusNo
UCrossMenuCrossMenu.exeToshiba CrossMenu Utility - allows the user to create their own menusNo
XCRP386 Networkingcrp386.exeAdded by the IRCBOT.N TROJAN!No
Xcrscrs.exeAdded by the AGOBOT-TJ WORM!No
Xcrsmonsiomssls.exeAdded by the BACKDR-AU TROJAN!No
XCRSSCRSS.exeAdded by the AGOBOT-RM WORM!No
XCRSSlssas.exeAdded by an unidentified WORM or TROJAN!No
Xcrssscrsss.exeAdded by the AUTORUN.FM WORM!No
XCRSSXP SysInfocrssxp.exeAdded by a variant of the SDBOT TROJAN!No
XCrustydmcpl.exeAdded by the RUSTY WORM!No
Xcryptdlgcryptdlg.exeAdded by an unidentified TROJAN!No
NCryptLoadRouterClient.exeCryptLoad download managerNo
Ucryptoexpertcexpert.exeCryptoExpert from SecureAction Research. Advanced on the fly encryption systemNo
XCryptographic Service******.exe [* = random char]Added by the KORGO.W or KORGO.X or KORGO.AB WORMS!No
?Crystal 3D Audio ControlCWD3DSND.EXECrystal 3D Audio sound driver. Is it required?No
XCStsc.exeCyber Security rogue security software - not recommended, removal instructions hereNo
XCS Updatecopy /Y [path] ActivationManager.dll.upd [path] ActivationManager.dllAdded by an unidentified malwareNo
NcsaRemspqmdmui.exeCompaq modem country selection No
YCSAV_CheckVirusesvchk.exeCommand Antivirus relatedNo
Ucsccsc.exeCommand line compiler for Microsoft C# it gets installed with the .NET SDKNo
Xcscriptscscripts.exeAdded by the BDOOR-AAP BACKDOOR!No
XCSCRS Valuecscrs.exeAdded by the RBOT-AAA WORM!No
XCSCRS Value CheckMsPMSPSd.exeAdded by a variant of the SDBOT WORM!No
XCseccs.exeCyber Security rogue security software - not recommended, removal instructions hereNo
Ncsecwizcsecwiz.exeSetup wizard for the Client Security Software for IBM\Lenovo notebooks. This entry only runs once, after the software has been installed and the notebook rebooted for the first time. If the wizard isn't completed a shortcut is available via the Start menu until it isYes
Xcserv32cserv32.exeAdded by the STRATION.EC WORM!No
XCsimPlayerCsimPlayer.exeAdded by the KOOBFACE-AD WORM!No
UCSINJECT.EXECSINJECT.EXEPart of Quarterdeck/Norton CleanSweep. "Csinject must be loaded in order for Smart Sweep to automatically monitor installations and properly track registry changes"No
Xcsm Win Updatescsm.exeAdded by the ZOTOB.B WORM!No
XCSNetManagerXpisass.exeAdded by the HIDER-O TROJAN!No
Xcsoftoksoftok.exeAdded by the QQPASS.G TROJAN!No
Xcsoscsos.exeAdded by the SDBOT-DFE WORM!No
Xcsrcscsrcs.exeAdded by the AGENT-HUA TROJAN!No
Xcsrscsrs.exeAdded by the GAOBOT.GEN!POLY WORM!No
Xcsrsccsrsc.exeAdded by the SILLYDC WORM!No
XCSRSSCSRSS.EXESearch page hijacker, redirecting to h**p://www.search-aide.com/. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup!No
XCsrsscsrss.exeAdded by the CHOD WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a random subfolderNo
Xcsrsscsrss.exeAdded by the KEYLOG-AQ KEYLOGGER! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
Xcsrsscsrss.exeAdded by the CHODE-J WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a random subfolderNo
Xcsrssmsmsgs.exeAdded by the CHODE-J BACKDOOR! Note - this malware uses MSN Messenger (which is located in %Program Files%\Messenger) in the background to propogate itself No
Xcsrssnwiz.exeAdded by the CHODE-J WORM!No
Ucsrsscsrss.exeBeyondKeylog surveillance software. Uninstall this software unless you put it there yourself. Note - this is not the same file as the csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %ProgramFiles%\SupremtecNo
XCsrssCSRSS.EXEAdded by the PUNYA-B WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in C:\Documents and Settings\Administrator\Local Settings\Application Data\WINDOWSNo
Xcsrssssms.exeAdded by an unidentified malwareNo
XCsrss Hostcsrhost.exeAdded by the IRCBOT.BIZ WORM!No
XCSRSS Loadercsrsss.exeAdded by the AGOBOT.TX WORM!No
Xcsrss.execsrss.exeAdded by the DALBUG WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
XcsrssLevel4csrss.exeUnidentified malware! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "Level4" subfolderNo
XCSRSSUCSRSSU.exeCoolWebSearch parasite variant - hijacking to Slawsearch.com. Also detected as the CWS-E TROJAN!No
XCSRSSWCSRSSW.EXEAdded by the CWS-F TROJAN!No
XCSRSWIN[trojan filename]Added by the WINSHELL.50 TROJAN!No
XCSRSX[trojan filename]Added by the WINSHELL.50.B TROJAN!No
Xcsrvsscsrvss.exeAdded by a variant of the SDBOT TROJAN!No
UCSS ServerCSSServer.exeComSpySysSvr surveillance software. Uninstall this software unless you put it there yourselfNo
Ncssauthcssauth.exePart of Thinkvantage Client Security Solution for Lenovo ThinkPad notebooks and ThinkCentre desktops. Once configured via the associated setup screens this loads via winlogon.exe (and loads the password manager) and therefore disabling this entry has no effectYes
Ncssauthecssauthe.exePart of Thinkvantage Client Security Solution for IBM/Lenovo ThinkPad notebooks and ThinkCentre desktops. Once configured via the associated setup screens this loads via winlogon.exe (and loads the password manager) and therefore disabling this entry has no effectNo
YCSScheduleCheckSCHWIZEX.EXEPart of ConfigSafe - lets you identify changes to the registry, INI files, System asset files, system hardware, network connections, and operating system versions - provides a restore function. This part takes a snapshot of your system following a healthy re-bootNo
Xcssrscssrs.exeAdded by the BANCBAN-DW TROJAN!No
Xcssrss.execssrss.exeMalware installed by different rogue security software including SpyKillerProNo
XcsssCsss.exeAdded by the BALICK TROJAN!No
UCSS_CentralCSS_1631.EXECSS Communication Agent (95 Host) from Command Software Systems (now Authentium). "CSS Central™ provides administrators with a powerfully proactive tool to effectively manage and maintain the anti-virus strategy from a centralized console"No
XCSV10P1CSP001.exeClearSearch adwareNo
XCSV10P70CSv10P070.exeClearSearch adwareNo
XCSV7P26CSV7P26.exeClearSearch adwareNo
XCSV7P70CSV7P070.exeClearSearch adwareNo
XCSV7P91CSV7P91.exeClearSearch adwareNo
Ucsvdeacsvdea.exeSpyArsenalLog surveillance software. Uninstall this software unless you put it there yourselfNo
Xcsvhost.execsvhost.exeAdded by the CIMUZ-BD TROJAN!No
Yctct.exect.exe is a file is for the HP Learning Adventure software and if you use this software it is required to run itNo
XCT Control SettingsCTSVCCD.EXEAdded by the RBOT-YS WORM!No
UCTAPR2CTAPR2.exeConsole Launcher for the Creative Sound Blaster X-Fi seriesNo
NCTAVTrayCTAvTray.exeFor Creative Soundblaster Live! series soundcards. Plays the EAX animation on start-up and adds a System Tray icon for it. Available via AudioHQNo
UCTCheckCTCheck.exeAssociated with the ZEN range of MP3 players from Creative Technology Ltd. A visitor recommended the "U" status but what does it do?No
UCTCMonitorCTCMonitor.exeClick-to-Convert - document-to-HTML or doc-to-PDF converter. Only required if you are going to use the File -> Print method of using Click-to-Convert. If converting directly from MS Office, it is not requiredNo
XCTDriverundll32.exe drvmod.dll,startupAdded by a variant of the OP DIALER! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "drvmod.dll" file is found in %System%No
NCTDVDDetCTDVDDet.exeAuto-detect and play a DVD when using a Creative Soundblaster Audigy2 soundcard. Uses about 2.2 MB of memory. Disable it by heading to the MediaSource DVD Audio Player, selecting Tools, then uncheck the Auto Start box. It should not start up automatically againNo
XCTF Device Loaderctfmond.exeAdded by the AGOBOT-FO WORM!No
Xctf.exectf.exeAdded by a variant of the BIFROSE TROJAN!No
Xctflog managerctflog.exeAdded by the DONBOMB.A TROJAN!No
XCTFM0N.exeCTFM0N.exeAdded by the STARTPAGE.P TROJAN! Notice the digit "0" in both columns rather than the upper case "o"No
Xctfmencssrs.exeAdded by the STARTP-DC TROJAN!No
Xctfmgrctfmgr.exeAdded by the PWS-ATU TROJAN!No
Xctfmomctfnom.exeAdded by the BCKDR-QTA BACKDOOR!No
Uctfmonctfmon.exeSupports multiple languages and alternative method inputs in Windows and MS Office. The language bar is displayed alongside the System Tray if more than one keyboard layout is enabled (for switching input languages) or, for example, if speech is selected as an alternative input for MS Office or Notepad. Required to support advanced text services (such as right to left text) for East Asian users. Can be disabled via Start → Control Panel → Regional and Language Options → Languages → Text Services and Input Languages → Details → Advanced → System Configuration → Turn off advanced text services (which also turns off the language bar). See also here and here. Can also cause problems with some other programs if left enabled - see here for such an exampleYes
Xctfmontaskmgr32*.exe [* = number]Added by the SOWSAT.B WORM!No
Xctfmoncftmon.exeAdded by the DELIVE-A BACKDOOR! Note - this is not the legitimate ctfmon.exe process associated with alternate text inputs which is always located in %System%. This one is located in %Windir%No
XctfmonmIRC.dllAdded by the DELBOT-E TROJAN!No
XctfmonWinConst.exeAdded by the ASSASIN-G TROJAN!No
UCTFMonctfmon.exeFamily KeyLogger keystroke logger/monitoring program - remove unless you installed it yourself! Note - this is not the legitimate ctfmon.exe process associated with alternate text inputs which is always located in %System%. This one is located in a "CTF" sub-folderNo
Xctfmonmsnmsgr.exeAdded by the BDOOR-JV BACKDOOR! Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %System%No
XCTFMONwscript.exe /E:vbs winjpg.jpgAdded by the RUNAUTO.F WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted. The "winjpg.jpg" file is located in %System%No
XCTFMONwscript.exe /E:vbs regedit.sysAdded by the VBSAUTO-A WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted. The "regedit.sys" file is located in %System%No
XCTFMONwin.exeAdded by the VBS.RUNAUTO.G WORM!No
XCtfmonwmisys.exeAdded by the IRCBOT-ADS WORM! No
XctfmonWinUP.exeAdded by the BANKER-VV TROJAN!No
Xctfmonctfmon.exeAdded by the AUTORUN-G WORM! Note - this is not the legitimate ctfmon.exe process associated with alternate language and method inputs which is always located in %System%. This one is located in a "1046" sub-folderNo
XCTFMON.CPLCTFM0N.CMDDetected by Symantec as the SILLYFDC WORM! See hereNo
XCtfmon.exectfmon32.exeCoolWebSearch Ctfmon32 parasite variantNo
Xctfmon.exectfmon.exeAdded by the RAIDYS TROJAN! Note - this overwrites the legitimate ctfmon.exe process associated with alternate text inputs which is located in %System%No
Xctfmon.exemsupdate32.exeSpy Sheriff/SpywareNO malware, also detected as the SPYHOAX-A TROJAN, pretends to be a spyware remover! - file names spotted sofar include VXH8JKDQ2.EXE, NS6281400.so, CVXH8JKDQ2.EXE, down3.exe, sefe.exe, winstall.exe, and tool2.exeNo
Uctfmon.exectfmon.exeSupports multiple languages and alternative method inputs in Windows and MS Office. The language bar is displayed alongside the System Tray if more than one keyboard layout is enabled (for switching input languages) or, for example, if speech is selected as an alternative input for MS Office or Notepad. Required to support advanced text services (such as right to left text) for East Asian users. Can be disabled via Start → Control Panel → Regional and Language Options → Languages → Text Services and Input Languages → Details → Advanced → System Configuration → Turn off advanced text services (which also turns off the language bar). See also here and here. Can also cause problems with some other programs if left enabled - see here for such an exampleYes
Xctfmon.exectfmon.exe eminem.exeAdded by the BHARAT.A WORM!No
XCTFMON.EXEsvchost.exeAdded by the JUEGO-B WORM! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
XCTFMON32CTFMON32.EXECoolWebSearch Ctfmon32 parasite variant - also detected as the CWS-E TROJAN!No
Xctfmon32[random filename].exeAdded by the RBOT-GSN WORM!No
Xctfmon32taskmgr32*.exe [* = digit]Added by the SOWSAT.C WORM!No
Xctfmonactfmona.exeAdded by the DLOADR-BME TROJAN!No
XCTFMONSSCTFMONSS.EXEAdded by the CWS-F TROJAN!No
Xctfmoonmicrosoftconfigurator.exeAdded by the DELF-ALS TROJAN!No
Xctfmunctfmun.exeAdded by the AGENT.ACEZ TROJAN!No
Xctfnnonctfmon.exeAdded by the TURKOJAN.IL BACKDOOR! Note - this is not the legitimate ctfmon.exe process associated with alternate text inputs which is always located in %System%. This one is located in %Windir%No
XctfnomrundIl32.exeAdded by the LEGMIR-AW TROJAN!No
Xctfnom.exeSVOHOST.exeAdded by the DIGIDOR-A TROJAN!No
Xctfnom.exeOSRSS.exeAdded by the DLOADER-UQ TROJAN!No
Xcthelpcthelp.exeAdded by the SDBOT TROJAN!No
UCTHELPERCTHELPER.EXECTHELPER is a background task that is a plug-in manager for Creative drivers. The theory is that 3rd party manufacturers can use the CTHELPER plug-in interface to produce drivers, add-on features, and fixes that will integrate with a tighter fit with Creative's sound drivers and utilities. Given its purpose CTHELPER would normally be classified as a "leave alone" background task. It also allows Creative speaker setup to be synchronized with Windows Control Panel speaker setting. Without it running that check box in Creative speaker setting is not functional (settings are not in sync). Unfortunately there are often problems with CTHELPER, most notably that it can use 100% of CPU time so it's best left disabled unless you need itNo
XCTHelpercthelper.exeAdded by the RBOT-XB WORM! Note - do not confuse with the Creative application of the same name described hereNo
XCTHELPERsvhost.exeAdded by the SDBOT-RZ WORM!No
XCTime[path to trojan]Added by the HTTPDOS TROJAN!No
XCTin10CTin10.exeAdded by the BANCOS.E TROJAN!No
XCtModuleCtModule.exeAdded by the CLICKER-EG TROJAN!No
XCTMON.EXEcfmon.exeAdded by the CLCKR-AN TROJAN!No
UCTNMRUNctnmrun.exeDetects the Creative NOMAD jukebox/MP3 player at the time it is attached to USB and starts the needed application (Creative PlayCentre 2) that you use to copy MP3 files to and from it. This is required if you want PlayCentre 2 to take control of the NOMAD once connectedNo
?CTPDPSRVCTPDPSRV.EXECompaq A3000 printer driver (in the %System%\spool\DRIVERS\W32\X86 folder). Is it required?No
NCTPerformanceUtilityCTPowUti.exeRelated to Creative PowerSysTrayApp. This program is a non-essential process, but should not be terminated unless suspected to be causing problemsNo
Xctpmonctpmon.exeRegistry Cleaner rogue - not recommended, removal instructions hereNo
NCTRegRunCTRegRun.exeFor Creative Soundblaster Live! series soundcards. Reminds you to register your card with CreativeNo
UCtrlVolCtrlVol.exeVolume control key on Acer, Fujitsu and other laptopsNo
?CTSchedCTSched.exeCreative Task Scheduler. What does it do and is it required?No
NCTStartupCTEaxSpl.exeSplash screen with sound on every boot up. Installed with a Sound Blaster Audigy soundcardNo
UCTSVolFECTSVolFE.exeCreative Labs Mixer applet for the Sound Blaster AudigyNo
UCTSVolFE.exeCTSVolFE.exeCreative Labs Mixer applet for the Sound Blaster AudigyNo
NCTSyncU.exeCTSyncU.exeCreative Sync Manager - synchronizes music tracks on your computer with your playerNo
UCTsysVolCTSYSVOL.exeCreative sound card volume controlsNo
?cttdpsrvcttdpsrv.exe??No
XCTUpdatectupdclt.exeAdded by the RBOT-ABG WORM!No
NCTxfiHlpCTXFIHLP.EXEAdded by the installation of a Creative Labs X-Fi sound card. This particular process provides the help functionality for your card No
NCTXFIREGCTxfiReg.exeCreative Labs sound card driver related. It appears that it isn't required and maybe registration relatedNo
XCtykd[path to file]SMALL.SN spywareNo
NCTZDetec.exeCTZDetec.exeAuto-detect feature of Creative Media Lite which assists you in managing your music, ripping CDs and transferring other stored music to your Zen Stone MP3 playerNo
XCU1VCClient.exeAssociated with the Surf Sidekick adware and should be removedNo
XCU2VCMain.exeAssociated with the Surf Sidekick adware and should be removedNo
YcuagentExeCuagent.exeCommand Antivirus relatedNo
XCueX44Dago.exeAdded by the PUNYA-B WORM!No
XCueX44_stil_hereWINLOGON.EXEAdded by the PUNYA-A WORM! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup!No
Xcuocuo.exeAdded by the BUGBEAR.A WORM!No
XCurrent Security Configcsecure.exeAdded by the RBOT-AMO WORM!No
XCurrent32msnpla.exeAdded by the SDBOT-DIS WORM!No
XCurrentVersionrecyclebin.exeAdded by the AUTORUN-AZX WORM!No
NCurseClientCurseClient.exeCurseClient add-on manager for World of Warcraft and Warhammer Online gamesNo
NcursorScreendragon_VS_Taskbar.exeScreenDragon video playerNo
UCursorGizmoCursorGizmo.exeCursor Gizmo - cursor management utilityNo
NCursorXPCursorXP.exeCursorXP from Stardock - tool for creating mouse cursorsNo
UCurtainCurtain.exeCurtain (from Chaotic Visions) - "is a Windows utility which gives you the power to hide any window or group of windows to your system tray"No
UCustomizer2000logon.exeAutomatic logon feature of Customizer 2000 - "a special utility which is designed to optimize Win9x/ME performance. The program lets you explore the many hidden settings in Windows, and make changes"No
NCuteMXCuteMX.EXEFile sharing utilityNo
XCvfjxANACON.EXEAdded by the NACO.A WORM!No
XcvhnykzxkeepSafe.exeAdded by the KILLAV.KAX TROJAN!No
Xcvmonitor.execvmonitor.exeAdded by the SDBOT.BV WORM!No
Xcvmsyslpdsdservss.exeAdded by the MAILBOT-BY TROJAN!No
YCVPNDcvpnd.exeSub-system used by Cisco VPN client for making a connection to a remote IPSec serverNo
UCWcw4.exeChat Watch "is a monitoring and logging software for online chat and instant messaging programs"No
UCWatchcw.exeChatWatch - chat monitoring toolNo
Ncwbckvercwbckver.exePart of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. Checks the software version on your PC to that of the iSeries it is connected to. Not required - and can be turned off in the Client Access properties. It's a waste of resourcesNo
Ncwbinhlpcwbinhlp.exeClient Access Help Registry Update Function - part of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. It only updates the help files on your PC to match the level of the attached iSeriesNo
Ncwbsvstrcwbsvstr.exePart of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. Useful if you are going to access the iSeries through Windows Explorer to move files back and forth between Windows folders and iSeries folders. This is a tool that is only used by Client Access administrators (usually) so it is not required - a waste of resourcesNo
?cwbwlwizcwbwlwiz.exeWelcome wizard launcher - Part of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. What does it do and is it required?No
?Cwcdschk.exeCwcdschk.exeIBM Thinkpad related?No
Ucwcptraycwcptray.exeRelated to ContentWatch Parental Control internet filterNo
Xcwingllibatllsimm.exeAdded by a variant of the SDBOT WORM!No
Xcwriterucookw.exePart of the ErrClean rogue system error and cleaning utility and other members of this family. See here for more examplesNo
Xcwritercwriter.exePart of PcRaiser, SystemOptimizer2008, VelocidadSimple and other rogue optimization utilities - not recommendedNo
Ucwupdatecwupdate.exeContentProtect from ContentWatch - internet filterNo
Xcximddlldfrmmd.exeAdded by the BUZUS.CQMU TROJAN!No
NCXMonHpi_Monitor.exeAutodetects when a HP camera is attached to the computer and launches the "HP Photoimaging Software". Available via Start -> ProgramsNo
Xcybansoscyban.exeAdded by the TATERF-V WORM!No
NCybercyberchk.exePart of Belkins "Multimedia Cleaning Kit" and is automatically installed when you run their optical disk drive cleaning utility - to remind you to clean your drive after "x" amount of time has passedNo
UCyber Trioshowmode.exeFrom G-Tek Technologies. Allows you to set the PC in one of three modes, Standard, Enhanced and Kiddo. Standard is full function, Enhanced prevents accidental damage and Kiddo is a play environment for kids. Pre-installed on some Packard Bell PCsNo
UCyber-Defender 2003uwcdsvr.exeCyber Defender 2003No
NCyber-shot Viewer Media Check ToolSPUVolumeWatcher.exePart of the Sony Picture Uility software supplied with Sony Cyber-shot digital cameras. Automatically invokes an import process if the camera is connected and has media on itYes
NCyber-shot Viewer Media Check ToolSPUVOL~1.EXEPart of the Sony Picture Utility software supplied with Sony Cyber-shot digital cameras. Automatically invokes an import process if the camera is connected and has media on itYes
Xcyberfree.exe****.dat [* = random char]Unidentified adwareNo
UCyberhawkCHTray.exeCyberhawk from Novatix. Protects against viruses, spyware, identity theftNo
UCyberLat Ram CleanerCLRamCleaner.exeCyberLat RAM Cleaner - memory optimizer. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mindNo
UCyberLat Ram CleanerCyberLat Ram Cleaner 1.1.exeCyberLat RAM Cleaner - memory optimizer. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mindNo
Ucyberlink brsbrs.exePart of Cyberlink's PowerDVD Blu-ray and DVD player. Allows the user to change the region coding of their player (as long as it isn't hardware coded) up to a maximum of 5 timesYes
NCyberLink LiveCLHomeMediaServer.exeSystem Tray access to the CyberLink Live remote media access service Yes
?CyberLink LiveCLPushUpdate.exePart of the CyberLink Live remote media access service. It's exact purpose isn't know at present but it may be related to automatic updatesYes
UCyberLink MediaLibrary ServiceCLMLSvc.exeInstalled with Power2Go and PowerCinema from CyberLink and used to manage the media libraries, providing advanced file search, browsing and tracking. Also included with versions of PowerCinema bundled (and re-branded) with systems from Acer, Dell, ASUS and others. Some report it uses excessive system and memory resourcesYes
NCyberLink PlayMoviePMVService.exePreloads movie related parts of CyberLink's PowerCinema digital home entertainment software to speed up the launch of that feature. Only required on slower/older systemsYes
NCyberLink PowerCinemaPCMAgent.exePreloads parts of CyberLink's PowerCinema digital home entertainment software to speed up the launch of the main program. Only required on slower/older systems and if disabled it loads when required via an instance of svchost.exeYes
NCyberlink PowerCinema 3.0PCMService.exePart of Cyberlink's PowerCinema - which can be used to watch movies, play music and even watch TV in a central location. Commonly, PC manufacturers will base their own multimedia player/organizer on PowerCinema (such as Dell's Media Experience and Acer's Arcade Deluxe). Disabling this entry will not prevent PowerCinema working and doing so can prevent problems such as the screensaver not starting or a laptop not entering standby/hibernation/sleep-modeYes
NCyberLink TV EnhanceTVEService.exePreloads TV related parts of CyberLink's PowerCinema digital home entertainment software to speed up the launch of that feature. Only required on slower/older systemsYes
NCyberLink YouCam TrayYouCamTray.exeSystem Tray access to YouCam from CyberLink - effects software for webcamsYes
NCyberMedia AgentCMAGENT.EXEPart of CyberMedia's Oil Change program. Not normally required. Note - if you have TextBridge, CyberMedia Agent may attach itself to TextBridge and cause TextBridge to crash everything if this is disabledNo
UCyberPatrolNewcphq.exe"CyberPatrol is one of the most powerful and popular client-based, browser independent, Internet safety software solutions for Windows-based standalone PCs available today"No
XCyberWolfCyberWolf.exeAdded by the KICKIN.A (or CYDOG.C) WORM!No
XCyDoorCD_Load.exeAdware. Check here for information about Cy-Door and here for a program that can remove itNo
XCydoorUpdateCD_Load.exeAdware. Check here for information about Cy-Door and here for a program that can remove itNo
?CYNHKeyCYNHKey.exe??No
NCyphTrayCyphTray.exeCypherus - encryption softwareNo
UCypressLinkMonCypressLinkMon.exeRelated to CypressViewer from Siemens that "allows ACUSON Cypress cardiovascular system PLUS users to store, view, and analyze Cypress system PLUS studies on a standard Windows PC"No
XD SYSTEMdd.exeAdded by the MYTOB-FN WORM!No
YD-Link Air USB UtilityAirCFG.exeD-Link Air USB wireless driver and configuration utilityNo
YD-Link Air UtilityAirCFG.exeD-Link Air PCI wireless driver and configuration utilityNo
ND-Link AirPlus DWL-650+ UtilityWLANMON.exeD-Link Air Plus Wireless PC modem connection monitorNo
YD-Link AirPlus GAirGCFG.exeD-Link Airplus G wireless router driver and configuration utilityNo
YD-Link AirPlus G Wireless UtilityAirPlus.exeD-Link AirPlus G wireless configuration and monitoring utilityNo
YD-Link AirPlus XtremeGAirPlusCFG.exeD-Link AirPlus Xtreme G wireless access point driver and configuration utilityNo
YD-Link D-Link DWA-125AirGCFG.exeD-Link DWA-125 Wireless 150 USB adapter driver and configuration utilityNo
YD-Link D-Link RangeBooster N DWA-140AirNCFG.exeD-Link DWA-140 RangeBooster N USB adapter driver and configuration utilityNo
YD-Link D-Link Wireless 108G DWA-120AirPlusCFG.exeD-Link DWA-120 Wireless 108G USB adapter driver and configuration utilityNo
YD-Link D-Link Wireless 108G DWA-520AirPlusCFG.exeD-Link DWA-520 Wireless 108G desktop adapter driver and configuration utilityNo
YD-Link D-Link Wireless G DWA-110AirGCFG.exeD-Link DWA-110 Wireless G USB adapter driver and configuration utilityNo
YD-Link D-Link Wireless G DWA-510AirGCFG.exeD-Link DWA-510 Wireless G desktop adapter driver and configuration utilityNo
YD-Link D-Link Wireless N Dual Band DWA-160AirNCFG.exeD-Link DWA-160 Xtreme N Dual Band USB adapter driver and configuration utilityNo
YD-Link D-Link Wireless N DWA-130AirNCFG.exeD-Link DWA-130 Wireless N USB adapter driver and configuration utilityNo
YD-Link D-Link Xtreme N Dual Band DWA-160AirNCFG.exeD-Link DWA-160 Xtreme N Dual Band USB adapter driver and configuration utilityNo
YD-Link RangeBooster G WDA-2320AirPlusCFG.exeD-Link WDA-2320 RangeBooster G desktop adapter driver and configuration utilityNo
YD-Link RangeBooster G WUA-2340AirPlusCFG.exeD-Link WUA-2340 RangeBooster G USB adapter driver and configuration utilityNo
YD-Link Wireless G WDA-1320AirGCFG.exeD-Link WDA-1320 Wireless G desktop adapter driver and configuration utilityNo
YD-Link Wireless G WUA-1340AirGCFG.exeD-Link WUA-1340 Wireless G USB adapter driver and configuration utilityNo
ND066UUtilityD066UUTY.EXETWAIN driver for the CanoScan D660U flatbed scanner. Start scanning via your scanner management softwareNo
XD3**.exe [* = random char]D3**.exe [* = random char]CoolWebSearch/HomeSearch adware - for examples, see this logNo
XD3**32.exe [* = random char]D3**32.exe [* = random char]CoolWebSearch/HomeSearch adware - for examples, see this logNo
Xd3dupdate.exebbeagle.exeAdded by the BEAGLE.A WORM!No
UD4D4.exeDimension 4 - network time synchronization freeware - starts-up, adjusts the system clock, then shuts downNo
Xd9fw5i91pd9fw5i91p.exeAdded by the AGENT-GIW BACKDOOR!No
Xdabrunrundll32.exe dabapi.dll,Rundll32SinaUpdateCenter adware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "dabapi.dll" file is found in %System%No
NDACONFIGEXEdaconfig.exe3Com NIC Diagnostics. Available via Start -> ProgramsNo
YDadAppdadapp.exe"DadApp is the SW utility that controls the programmable buttons on Dell Laptops. Not required, but should be left in because it can create a hassle and doesn't always restore functionality to those buttons once unchecked and rechecked" - direct from DellNo
NDaemonDAEMON32.EXEPre-loads game profiles for MS Sidewinder game controllers prior to release 2.0 of the software. Recommend upgrade. Available via Start -> ProgramsNo
Ndaemondaemon.exeOlder version of Daemon Tools Lite from DT Soft Ltd - used to create an image of a CD/DVD/Blu-ray disc and mount the created image-file (.iso, .bin, etc) to a virtual CD/DVD/Blu-ray drive. The original can be stored in a safe place and the loading times are significantly reduced as the virtual drive is much faster. Required on later revisions if you use the automount feature to reload images on a reboot. This version is free for personal use and has a limited feature setYes
XDaemondaemon.exe c daemon2.exeAdded by the SELOTIMA.A WORM!No
NDAEMON Toolsdaemon.exeOlder version of Daemon Tools Lite from DT Soft Ltd - used to create an image of a CD/DVD/Blu-ray disc and mount the created image-file (.iso, .bin, etc) to a virtual CD/DVD/Blu-ray drive. The original can be stored in a safe place and the loading times are significantly reduced as the virtual drive is much faster. This version is free for personal use and has a limited feature setYes
NDAEMON Tools Litedaemon.exeOlder version of Daemon Tools Lite from DT Soft Ltd - used to create an image of a CD/DVD/Blu-ray disc and mount the created image-file (.iso, .bin, etc) to a virtual CD/DVD/Blu-ray drive. The original can be stored in a safe place and the loading times are significantly reduced as the virtual drive is much faster. Required on later revisions if you use the automount feature to reload images on a reboot. This version is free for personal use and has a limited feature setYes
NDAEMON Tools LiteDTlite.exeDaemon Tools Lite from DT Soft Ltd - used to create an image of a CD/DVD/Blu-ray disc and mount the created image-file (.iso, .bin, etc) to a virtual CD/DVD/Blu-ray drive. The original can be stored in a safe place and the loading times are significantly reduced as the virtual drive is much faster. Required if you use the automount feature to reload images on a reboot. This version is free for personal use and has a limited feature setYes
NDAEMON Tools ProDTAgent.exeSystem Tray access to DAEMON Tools Pro from DT Soft Ltd - used to create an image of a CD/DVD/Blu-ray disc and mount the created image-file (.iso, .bin, etc) to a virtual CD/DVD/Blu-ray drive. The original can be stored in a safe place and the loading times are significantly reduced as the virtual drive is much faster. Required if you use the automount feature to reload images on a rebootYes
NDAEMON Tools Pro AgentDTProAgent.exeSystem Tray access to an older version of DAEMON Tools Pro from DT Soft Ltd - used to create an image of a CD/DVD/Blu-ray disc and mount the created image-file (.iso, .bin, etc) to a virtual CD/DVD/Blu-ray drive. The original can be stored in a safe place and the loading times are significantly reduced as the virtual drive is much faster. Required if you use the automount feature to reload images on a rebootYes
NDAEMON Tools Pro AgentDTAgent.exeSystem Tray access to DAEMON Tools Pro from DT Soft Ltd - used to create an image of a CD/DVD/Blu-ray disc and mount the created image-file (.iso, .bin, etc) to a virtual CD/DVD/Blu-ray drive. The original can be stored in a safe place and the loading times are significantly reduced as the virtual drive is much faster. Required if you use the automount feature to reload images on a rebootYes
NDAEMON Tools-1033daemon.exeOlder version of Daemon Tools Lite from DT Soft Ltd - used to create an image of a CD/DVD/Blu-ray disc and mount the created image-file (.iso, .bin, etc) to a virtual CD/DVD/Blu-ray drive. The original can be stored in a safe place and the loading times are significantly reduced as the virtual drive is much faster. This version is free for personal use and has a limited feature setYes
Xdagofault.exeAdded by the PUNYA-A WORM!No
NDaily Plannerdayplan.exeDaily Planner - discontinued, and now part of KMCS Deluxe System Suite. Tool to plan your days, and check activities off as you complete themNo
XDaily Weather Forecastweather.exeAdded by the DLOADER-IP TROJAN!No
XDamedWare Servicesdwdrce.exeAdded by the RBOT-AOJ WORM!No
XDanBtR270414DanBtR270414.exeAdded by the VB-NIB WORM!No
UDancerDncLE.exePart of Microsoft Plus! Digital Media Edition - see hereNo
XDanton*[random filename]Added by the DANTON TROJAN! where * = random numberNo
NDapDAP.exeDownload Accelerator Plus from Speedbit. Download manager for resuming downloads, amongst other features. Available via Start -> Programs. Note that the free version is adware basedNo
Xdarkimgst.scrAdded by the BANCOS.U TROJAN!No
Xdarkimgrt.scrAdded by the BANCBAN-FH TROJAN!No
Xdarkcsrs.scrAdded by the BANCBAN-GT or BANCBAN-GU TROJANS!No
XDarkDevil.Grasiele.BRGrasiele.VBSAdded by the LEMBRA WORM!No
XDarKNesS LsasSLsasS23.exeAdded by an unidentified WORM or TROJAN!No
XDASDS VSAVdjsdsabdw.exeAdded by the SDBOT-RE WORM!No
?DashBarStatedashIE??No
?DashIEN/ACould be related to "Dash Power Shopping" tool bar in IE?No
Xdaskaskfsak6dsfids6.exeAdded by the ONLINEG-J TROJAN!No
Xdaskgfkkcx15dasdsaads15.exeAdded by the ONLINEG-Q TROJAN!No
Xdasxdadsfsdqd.exeAdded by the GAOBOT.BIQ WORM!No
XDataSystem.dat.vbsAdded by the BISCUIT.A WORM!No
Xdatamsngs.exeAdded by the RBOT-ADQ WORM!No
XData Filevdehost.exeAdded by the SDBOT-DOS TROJAN!No
XData Layer 2datalayer.exeAdded by the RBOT-BNF WORM! Note - do not confuse with the legitimate Nokia file sharing the same filename - this one is located in %System%No
NData LifeGuardBACKWE~1.EXEData LifeGuard diagnostic tools for Western Digital's series of hard drivesNo
NData LifeGuard LifeLine Lite installerDLGLI.EXEBackweb installer - see hereNo
XData Protectiondatprot.exeData Protection rogue security software - not recommended, removal instructions hereNo
XData Restore Serviceprq8.exeAdded by the KELVIR.AI WORM!No
XData789Regedit.exe ....data789.tmpHomepage hijackerNo
XDATABASE MySql[path] repcale.exe [path] beird.exeAdded by the RANDON-AL WORM! Both files are often located in %System%\qswsNo
NDataCachingFlashKsk.exeSmartMedia Card management from the installation of a SanDisk reader for a camera's SmartMedia card and also adds the "Unplug and Eject Hardware" System Tray iconNo
XDataHealerDataHealer.exeDataHealer rogue security software - not recommended, removal instructions hereNo
UDataKeeperDataKeeper.exePowerQuest DataKeeper (now owned by Symantec) backup softwareNo
YDataLayerDataLayer.exePart of Nokia PC Suite version 5 - which "is a free PC software product that allows you to connect your Nokia device to a PC and access mobile content as if the device and the PC were one." Required by the Nokia status/connection monitor (NclTray.exe)Yes
YDataLayerDATALA~1.EXEPart of Nokia PC Suite version 5 - which "is a free PC software product that allows you to connect your Nokia device to a PC and access mobile content as if the device and the PC were one." Required by the Nokia status/connection monitor (NclTray.exe)No
NDataViz Inc MessengerDvzIncMsgr.exeInstalled with DataViz "Documents to Go" softwareNo
NDataViz MessengerDvzMsgr.exeDataViz Documents to Go - "allows you to use your Word, Excel and PowerPoint files on your handheld anywhere, anytime. In addition, it now synchronizes e-mail with attachments, PDF files, pictures and Excel-like charts"No
XDatcheckdatcheck.exeAdded by the KEYPANIC TROJAN!No
XDate Managerdatemanager.exeDate Manager - calender program. Spyware/adware based provided by The Gator Corporation. Please note that Claria Corporation no longer support GAIN-Supported software - see hereNo
?DatecheckerN/ACould be related to this?No
XDateMakerIntlDateMakerIntl.exePremium rate adult content diallerNo
XDateMngrDATEMNGR.EXEAdded by the SPYBOT-BR BACKDOOR!No
XDAupdateDAupdate.exeNavEnhance adwareNo
?DAW9532.exeDAW9532.EXELoaded during installation of some 3Com network cards. Enables their DynamicAccess desktop management software. Is it required?No
UDayTodayDAYTODAY.EXEDayToday from RoboMagic Software Corp. Displays the date on the taskbarNo
UDAZEL Delivery AgentDcDaemon.exeControl and send documents, etc, to any destination. The Dazel Corporation has now been taken over by HPNo
Xdbar_starterstarter.exeDeskbar adware - adds a search bar to your Windows taskbar which performs searches on www.w-w-w-dot-com.comNo
XDbgHlp32DbgHlp32.exeAdded by the WINKO.AO WORM!No
UDBISQL9dbisqlg.exeRelated to SQL Anywhere from Sybase. A comprehensive package providing data management and data exchange technologiesNo
Ndbservdbserv.exeDatabase Server for Norton Ghost on Win2k Pro. Ghost works fine when it is disabledNo
Xdcdc.exeAdded by the COIDUNG-A WORM!No
Xdc2k5SVIQ.EXEAdded by the COIDUNG-A WORM!No
UDC300 Monitorcmonitor.exeMonitor for a Acer DC300 digital cameraNo
XDC6dc6_startupmon.exePart of the WinAntiVirus Pro 2006 rogue security software - not recommended, removal instructions hereNo
XDC6cwDC6cw.exePart of the DriveCleaner rogue security software - not recommended, removal instructions hereNo
XDC6_Checkuwasdc.exePart of the WinAntiSpyware 2006 and WinAntiSpyware 2007 rogue spyware removers - not recommendedNo
XDC6_checkdc6_startupmon.exePart of the WinAntiVirus Pro 2006 rogue security software - not recommended, removal instructions hereNo
Xdc6_checkdcmon.exeSystemDoctor rogue security software - not recommended, removal instructions hereNo
Xdccdcc_.exeAdded by the AGENT-GBJ TROJAN!No
XDCE Managerdcemgr.exeAdded by the TUMAG TROJAN!No
UDCfssvcdcfssvc.exeAssociated with digital cameras and can cause problems which disappear if disabled. If this program is unchecked in startup, your camera will not cause your computer to open a pop-up window when you connect it. Leave enabled if you can't load pictures from your camera/dock - Kodak's dock is an exampleNo
Udcfssvedcfssvc.exeAssociated with digital cameras and can cause problems which disappear if disabled. If this program is unchecked in startup, your camera will not cause your computer to open a pop-up window when you connect it. Leave enabled if you can't load pictures from your camera/dock - Kodak's dock is an exampleNo
XDCOM Server[path to trojan]Added by the AGENT-CCQ BACKDOOR!No
XDcom System PatchMicrosoft.exeAdded by the RANDEX.MS WORM!No
Xdcsmdcsm.exePart of the PrivacyProtector and DriveCleaner rogue security tools No
NDDCActiveMenuDDCActiveMenu.exeDigital Distribution Channel - formally part of the WildTangent on-line games delivery service. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the caseNo
NDDCMDDCMan.exeDigital Distribution Channel - formally part of the WildTangent on-line games delivery service. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the caseNo
NDDCManDDCMan.exeDigital Distribution Channel - formally part of the WildTangent on-line games delivery service. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the caseNo
Xddeprocddeproc.exeWebcelerator from eAcceleration speeds your Web browsing by both remembering where you have been and anticipating where you will go. Only needed if you find it improves web browsing. Now no longer available and supported and when available was classed as spyware - see hereNo
UddhelperW815DM.EXEEnuff Parental Control Software by AkrontechNo
XDDiallerDDialler.exeAdult content diallerNo
Xddivmwa[random filename]Added by a variant of the SLAPER TROJAN!No
UDDLAgentDDLAgent.exeLoads Hide and Protect any Drives - which "can be used to restrict read or write access to removable media devices such as CD, DVD, floppy, flash and USB drives. You can also restrict access to partitions of hard disk drives". If disabled, hidden and locked drives still retain their original status so the user will only be able to change their status them via the main UIYes
Uddoctorv2sprtcmd.exe /P ddoctorv2Comcast Desktop Doctor (provided by SupportSoft, Inc) is a free self-help tool for Comcast broadband users. Identifies and automatically fixes typical problems that may occur with your high-speed internet serviceNo
XDDriverwindrv.exeAdded by the DELF.WG TROJAN!No
XDDriversvchost.exeAdded by a variant of the DELF.IT TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! The location of this file variesNo
?DDTN/A??No
UDDWMonddwmon.exeDirect Disc Writer Event Monitor from TOSHIBANo
Xde32gende32gen.exeAdded by a variant of the CRYPTER.C TROJAN!No
NDeadAIMrundll32.exe DeadAIM.ocm, ExportedCheckODLsDeadAIM - feature enhancing product for AOL's Instant Messenger programNo
XDeadKittyDeadKitty.exeAdded by the DEADCAT-A WORM!No
XDealHelperBrwsrdhbrwsr.exeDealHelper adwareNo
XDealHelperDowndownload.exeDealHelper adwareNo
XDealHelperUpdateDHUpdt.exeDealHelper adwareNo
XDeath.exeDeath.exeAdded by the DELF-ERW TROJAN!No
UDeathAdderrazerhid.exeRazer DeathAdder gaming mouse driver - required if you use the additional features and programmed keys/macrosNo
XDebugDebugW32.exeAdded by the GUBED TROJAN!No
XDebugSMSS.exeDreamAd adware. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
XDebuggerdbg32.exeAdded by the MYTOB-FW WORM!No
XDebuggerexplorer32dbg.exeAdded by the CWS-M TROJAN!No
XDebuggeriexplore_dbg.exeAdded by the CWS-M TROJAN!No
Xdebuggerhelp.pifAdded by the DELF-DRA WORM!No
XDebugMonitordebugmonitor.exeAdded by the MYDOOM.BG WORM!No
UDeeEnEsDeeEnEs.exeDeeEnEs - automatically updates a dynamic IP address when it changesNo
Xdeejayforboo.exeAdded by the FORBOT-AY WORM!No
XDeewooncntnkwd.exeZenoSearch adware variantNo
XDefaultexplore.vbsAdded by the ALLEM WORM!No
XDefaultmtask.vbeAdded by the ALLEM WORM!No
Xdefaultshell32.exeAdded by the BINGHE TROJAN!No
XDefault_default.pifAdded by the RUBBLE-C WORM!No
Udefaultmskbw.exePC Surveillance PRO surveillance software. Uninstall this software unless you put it there yourselfNo
UDefault ManagerDefMgr.exePart of MSN Toolbar from version 4.* onwards (renamed "Bing Bar" from version 5.* onwards) which includes the Bing search engine. Via Start → All Programs → Microsoft Default Manager you can elect to keep Bing as the default search engine and set it to notify you of any changes to your browsers default settings. Not required if you choose not to use BingYes
XDefault System Researchvhchost.exeAdded by the TARNO.I TROJAN!No
XDefault web browserIexpIore.exeAdded by the OBLIVION.B TROJAN! Note - do not confuse "IexpIore.exe" with "iexplore.exe" (Internet Explorer), the first has a captial "i" in place of lower case "L"No
XDefaultConfigurationdefaultconfh.exeAdded by the AGOBOT-JC WORM!No
XDefault_Page_URLhttp://find.naupoint.comNaupoint browser hijackerNo
XDefault_Search_URLhttp://find.naupoint.comNaupoint browser hijackerNo
XDefendAPcDefendAPc.exeDefendAPc rogue security software - not recommended, removal instructions here. A member of the AntiAID familyNo
Xdefenderdefender25.exeDollarRevenue adwareNo
Xdefenderdfndref_7.exeDollarRevenue adwareNo
Xdefender[path to trojan]Added by the VB-BAQ TROJAN!No
XDefensaAntiMalwarepgs.exeDefensaAntiMalware, Spanish rogue security software - not recommended. A member of the AVSystemCare familyNo
XDefense Centerdefcnt.exeDefense Center rogue security software - not recommended, removal instructions hereNo
XDefenseNetSurfageGDC.exeDefenseNetSurfage rogue privacy tool - not recommended. A member of the PCPrivacyTool familyNo
?deferguidefergui.exeRelated to IBM Standard Software Installer. What does it do and is it required?No
UDefMgrDefMgr.exePart of MSN Toolbar from version 4.* onwards (renamed "Bing Bar" from version 5.* onwards) which includes the Bing search engine. Via Start → All Programs → Microsoft Default Manager you can elect to keep Bing as the default search engine and set it to notify you of any changes to your browsers default settings. Not required if you choose not to use BingYes
Xdefragm_checkdefragment.exeCoolWebSearch parasite variantNo
Xdefragsyssvchost.exeAdded by the BIFROSE-TH TROJAN! Note - this is not the legitimate svchost.exe process which should normally figure in Msconfig/Startup!No
UDefragTaskBardefragTaskBar.exeSystem Tray access to Ashampoo® Magical Defrag 2 from Ashampoo GmbH & Co. KG - which "works is similar to a screensaver. Whenever the computer is idle the program cuts in automatically and starts cleaning up your hard disk"Yes
UdefragTaskBar.exedefragTaskBar.exeSystem Tray access to Ashampoo® Magical Defrag 2 from Ashampoo GmbH & Co. KG - which "works is similar to a screensaver. Whenever the computer is idle the program cuts in automatically and starts cleaning up your hard disk"Yes
Udefwatchdefwatch.exeDetects out-of-date virus definitions for Norton Anti-Virus Corporate Edition and runs the Defwatch Wizard. Only required if you don't update the virus definitions manually on a regular basisNo
UDeko550Deko550.exeAssociated with the Deko550 entry-level SD real-time graphics system from Avid TechnologyNo
UDelaydelayrun.exeOn HP PCs this program is used to help prevent conflicts or timing issues on fast computersNo
XDelayLoadmsprint.exeAdded by a variant of the Win32.Agent.ryo malware - see hereNo
UDelayrundelayrun.exeOn HP PCs this program is used to help prevent conflicts or timing issues on fast computersNo
NDelayShredShrCL.EXEMcAfee Shredder - not required at startup. You can run it manually via McAfee Security CenterNo
?delcabdeltreew.exe C:\cabs??No
XDelete Meworm.exeAdded by the DOOMHUNTER WORM!No
UDeleteHistoryFreedhf.exeDelete History Free - "Privacy protection software for deleting Internet surfing and other computer activity tracks from your PC" No
?Delivery CenterDeliveryCenter.exe??No
UDell AIO Printer A920dlbkbmgr.exeSystem Tray application for the Dell Photo AIO Printer 920 that enables scan or fax functions to run directly from the printer via the buttonsNo
UDell AIO Printer A940dlbabmgr.exeSystem Tray application for the Dell Photo AIO Printer 940 that enables scan or fax functions to run directly from the printer via the buttonsNo
UDell AIO Printer A960dlbfbmgr.exeSystem Tray application for the Dell Photo AIO Printer 960 that enables scan or fax functions to run directly from the printer via the buttonsNo
NDell AlertDAMon.exe"Dell Alert" utility, that's supposed to make interaction with Support easierNo
UDell DataSafe SchedulerDataSafeOnlineScheduler.exeScheduler for Dell DataSafe™ Online which "helps protect your music, photos and other important files by placing backup copies on a secure storage site using your internet connection"No
UDell PanelMgrSSMMgr.exeMonitors ink levels, paper present and other parameters for some Dell printersNo
UDell Photo AIO Printer 922dlbtbmgr.exeSystem Tray application for the Dell Photo AIO Printer 922 that enables scan or fax functions to run directly from the printer via the buttonsNo
UDell Photo AIO Printer 942dlbubmgr.exeSystem Tray application for the Dell Photo AIO Printer 942 that enables scan or fax functions to run directly from the printer via the buttonsNo
UDell Photo AIO Printer 962dlbxmon.exeDellPhoto AIO Printer 962 Device MonitorNo
NDell QuickSetquickset.exeDell taskbar icon allowing you to quickly change settingsNo
YDell Webcam CentralWebcamDell.exeDell Webcam Central - webcam management software controlling aspects such as picture control, anti-motion blur and face trackingNo
NDELL Webcam ManagerDellWMgr.exeDell Webcam Manager - Webcam management software provided on Dell PCsNo
NDell Wireless Manager UIwltray.exeSystem tray access to wireless LAN card configuration options No
YDellAutomatedPCTuneUpPTAgnt.exePC TuneUp from Dell - "silently monitors your system, automatically running needed maintenance during idle time to keep you at peak performance"No
?DellDMIdelldmi.exePossibly part of Dell OpenManage Client Instrumentation - software that allows remote management application programs to access information about, monitor the status of or change the state of the client computer, such as shutting it down remotely. Uses the DMI and/or common information model (CIM) protocols, which are systems management protocols defined by industry standards?No
UDELLMMKBDELLMMKB.EXEMultimedia keyboard control for Dell based PCs - only required if you use the multimedia keysNo
NDellSCdellsc.exeDell Solution Center - web-based troubleshooting tools and educational offeringsNo
UDellSupportDSAgnt.exeDell Support Agent offers additional support and update features for your Dell computer or laptopNo
UDellSupportCentersprtcmd.exe /P DellSupportCenterDell Support Center (provided by SupportSoft, Inc) is a free self-help tool for Dell users. Identifies and automatically fixes typical problems that may occur with your high-speed internet serviceNo
UDellTouchMMKeybd.exeDell multimedia keyboard manager. Required if you use the additional keysNo
UDellTouchDELLMMKB.EXEMultimedia keyboard control for Dell based PCs - only required if you use the multimedia keysNo
?DellTransferAgentTransferAgent.exeFound on Dell computers. What does it do and is it required?No
Xdelmsbbdelmsbb.exe180Search adwareNo
Xdelolhiquooc.exeAdded by the BDOOR-AMP TROJAN!No
Xdelsaapdelsaap.exeNCase adwareNo
?delstartdelstart.exeReportedly part of BT ISP software - what does it do and is it required in startup?No
Xdelsubmitrundll32.exe advpack.dll, DelNodeRunDLL32 submit.exeCoolWebSearch parasite variantNo
UDeltaIITaskbarAppDeltaIITray.exeSystem Tray access to the Delta Control Panel for the M-Audio Delta series of PCI audio cardsNo
?DelTmpDelTemp.exeAdded to the startup list after installing a Creative SoundBlaster Audigy soundcard. Deletes temporary files once an installation is complete?No
NDeltTraydeltray.exeSystem Tray access to the control panel for the M-Audio Delta 44 PCI Analog Recording Interface. Available via a desktop shortcut, Start -> Programs or Start -> Settings -> Control PanelNo
XDeluxeCommunicationsDxc.exeDeluxe Communications adware - successor to SurfSideKickNo
XDELXP Protocoldelxp.exeAdded by a variant of the SDBOT WORM!No
Xdemm386.exedemm386.exeAdded by the RBOT-EO WORM!No
?demondemon.exePart of the French Wanadoo ADSL extense pack. What does it do and is it required?No
XDenecaVirus salvadoAdded by the DELUZ VIRUS!No
XDepassxXfsa.exeAdded by the SDBOT-SK WORM!No
UDepFrezfrzstate.exeDeep Freeze from Faronics Coporation. "Freezes" the current software configuration so that an a re-boot all changes made refer back to their original settings. Not required for most users - more likely to be used by system administrators, for exampleNo
XderyheruxckeepSafe.exeAdded by the KILLAV.KAX TROJAN!No
XDescargaBromasrundll32.exe MSA64CHK.dll,DllMostrarMatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
?Description of Shortcuts*.exe* seems to be a sequence of alphanumerics that can be different, i.e., 1960F8A9, 4EBD23F5, etc. Each of these files would appear to be a shortcut, i.e., 4EBD23F5 is actually Works Calender Reminder (found via a registry search)No
XDesiredesires.exeAdult content diallerNo
?desk-top-servicedesk-top-service.exe??No
XDeskAd ServiceDeskAdServ.exeDeskAd.Service adwareNo
NDeskColorDESKCOLOR.EXEProvides transparent icon text backgrounds and coloured icon textNo
NDeskflagDeskflag.exeDeskFlag - animated USA flag on the desktopNo
XDeskMateAutoUpdateDeskMateAutoUpdate.exeDeskMates: Virtual scantily clad girls enhance your desktop. BargainBuddy adware relatedNo
Udeskmechdeskmech.exePart of Desktop Maestro from PC Tools - which "combines the features of our award winning products, Registry Mechanic and Privacy Guardian to ensure that you have the range of tools at your fingertips to ensure optimal system performance, stability and user privacy". This entry is created when Desktop Maestro is installed on XP and loads the System Tray icon and runs a registry scan at startup - if either are enabledYes
Udesksaverdesksaver.exePart of Advanced Desktop Shield, Easy Desktop Keeper, 1st Desktop Guard and Desktop Layout Keeper (and maybe others) - which give you the ability to save, restore, manage and lock your desktop layout that includes files and folders located on your desktop, placement of desktop icons, desired wallpaper and screen saver. Located in %ProgramFiles%\[program name]. For more details please see the 00DSKSVR01 or 00DSKSVR00 entriesYes
UDeskSaverDeskSaver.exeDeskSaver from Headway Creative - utility that allows you "to backup and to restore the icons position easily on the Windows desktop". The Pro version also includes a "Taskbar Economizer" which minimizes an open window to the System Tray instead of the taskbar. Located in %ProgramFiles%\Headway Creative\DeskSaverYes
UDeskSaver ProDeskSaver.exeDeskSaver Pro from Headway Creative - utility that allows you "to backup and to restore the icons position easily on the Windows desktop". Includes a "Taskbar Economizer" which minimizes an open window to the System Tray instead of the taskbar. Located in %ProgramFiles%\Headway Creative\DeskSaverYes
Udesksaver.exedesksaver.exePart of Advanced Desktop Shield, Easy Desktop Keeper, 1st Desktop Guard and Desktop Layout Keeper (and maybe others) - which give you the ability to save, restore, manage and lock your desktop layout that includes files and folders located on your desktop, placement of desktop icons, desired wallpaper and screen saver. Located in %ProgramFiles%\[program name]. For more details please see the 00DSKSVR01 or 00DSKSVR00 entriesYes
UDesksite CMAcma.exeDeskSite CMA siftware - "retrieves new content from the DeskSite Data Center"No
UDeskSlideDeskSlide.exe"DeskSlide is utility for automating wallpaper changes on your desktop"No
UDeskSpacedeskspace.exeDeskSpace desktop management utility from Otaku Software Pty Ltd - which "gives you more space for your windows and icons. You can eliminate desktop clutter by arranging your windows and icons across up to six desktops, all easily reachable by navigating a desktop cube"Yes
UDeskSpaceDESKSP~1.EXEDeskSpace desktop management utility from Otaku Software Pty Ltd - which "gives you more space for your windows and icons. You can eliminate desktop clutter by arranging your windows and icons across up to six desktops, all easily reachable by navigating a desktop cube"Yes
XDesktoprundll32.exe msconfd.dll,Restore ControlPanelAdded by the BOOKMARKER TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "msconfd.dll" file is found in %System%No
Xdesktopdesktop.exeAdded by the SDBOT.MD WORM!No
XDesktopDesktop.comAdded by the VB-DRN WORM!No
Xdesktopdesktop.ini.vbsIE-Title malwareNo
NDesktop ArchitectDATRAY.EXEDesktop theme manager available here - for managing the desktop appearance, fonts, sounds, etcNo
YDesktop ArmorDesktopArmor.exeDesktop Armor from Headlight Software - "watches dozens and dozens of important settings on your computer and warns you if any program has changed them" including those made by malwareYes
UDesktop CalendarDesktop Calendar.exeDesktop Calendar - "Desktop Calendar is a highly customizable calendar program that turns your desktop into a traditional wall calendar, by rotating the background image on a monthly basis"No
XDesktop Defender 2010Desktop Defender 2010.exeDesktop Defender 2010 rogue security software - not recommended, removal instructions hereNo
UDesktop iCalendarCalendar.exeOlder version of Desktop iCalendar/Desktop iCalendar Lite by Desksware which include support for Google Calendar and add weather, tasks and appointments to your desktopYes
UDesktop iCalendarDesktop iCalendar Lite.exeDesktop iCalendar Lite by Desksware - "is a free desktop calendar for Windows. It allows you to manage your events, to-do list on desktop. It allows subscribing public Google Calendar, such as holidays, election or NBA. It is full customizable. A build in skin editor makes it easy to set the skin by your own taste"Yes
UDesktop iCalendarDesktop iCalendar.exeDesktop iCalendar by Desksware - "is a handy desktop calendar for Windows. It stays on your desktop and shows the days of the current month. It can sync with your Google Calendar, share calendars with your family and friends. It also uses high-quality fonts, looks pretty, and has lots of skins"Yes
UDesktop iCalendar LiteDesktop iCalendar Lite.exeDesktop iCalendar Lite by Desksware - "is a free desktop calendar for Windows. It allows you to manage your events, to-do list on desktop. It allows subscribing public Google Calendar, such as holidays, election or NBA. It is full customizable. A build in skin editor makes it easy to set the skin by your own taste"Yes
UDesktop iCalendar Lite.exeDesktop iCalendar Lite.exeDesktop iCalendar Lite by Desksware - "is a free desktop calendar for Windows. It allows you to manage your events, to-do list on desktop. It allows subscribing public Google Calendar, such as holidays, election or NBA. It is full customizable. A build in skin editor makes it easy to set the skin by your own taste"Yes
UDesktop iCalendar.exeDesktop iCalendar.exeDesktop iCalendar by Desksware - "is a handy desktop calendar for Windows. It stays on your desktop and shows the days of the current month. It can sync with your Google Calendar, share calendars with your family and friends. It also uses high-quality fonts, looks pretty, and has lots of skins"Yes
UDesktop Maestrodeskmech.exePart of Desktop Maestro from PC Tools - which "combines the features of our award winning products, Registry Mechanic and Privacy Guardian to ensure that you have the range of tools at your fingertips to ensure optimal system performance, stability and user privacy". This entry is created when Desktop Maestro is installed on XP and loads the System Tray icon and runs a registry scan at startup - if either are enabledYes
UDesktop Maestro Vista TrayRMTray.exePart of Desktop Maestro from PC Tools - which "combines the features of our award winning products, Registry Mechanic and Privacy Guardian to ensure that you have the range of tools at your fingertips to ensure optimal system performance, stability and user privacy". This entry is created when Desktop Maestro is installed on Vista and loads the System Tray icon (deskmech.exe) on runs a registry scan at startup - if either are enabledYes
NDesktop PlantAZARE10S.PLTVritual plant from here - this version is an Azalea, there are others so the filename may be differentNo
XDesktop Searchdesktop.exeiSearch adwareNo
XDesktop Security 2010Desktop Security 2010.exeDesktop Security 2010 rogue security software - not recommended, removal instructions hereNo
NDesktop Service CentreDSC.exeOptusNet DSL or Dial-Up connection softwareNo
NDesktop WeatherTHE WEATHER CHANNEL.exeDesktop Weather by The Weather Channel - provides current temperature, conditions, alerts, etcNo
NDesktop Weather 3THE WEATHER CHANNEL.exeDesktop Weather 3 by The Weather Channel - provides current temperature, conditions, alerts, etcNo
NDesktop Weather 3THEWEA~1.EXEDesktop Weather 3 by The Weather Channel - provides current temperature, conditions, alerts, etcNo
YDesktopArmorDesktopArmor.exeDesktop Armor from Headlight Software - "watches dozens and dozens of important settings on your computer and warns you if any program has changed them" including those made by malwareYes
UDesktopIconToyDesktopIconToy.exe"Desktop Icon Toy is an easy to use desktop icon enhancement tool, which allows you to make many funny but useful patterns out of your windows desktop icons"No
UDesktopMaestrodeskmech.exePart of Desktop Maestro from PC Tools - which "combines the features of our award winning products, Registry Mechanic and Privacy Guardian to ensure that you have the range of tools at your fingertips to ensure optimal system performance, stability and user privacy". This entry is created when Desktop Maestro is installed on XP and loads the System Tray icon and runs a registry scan at startup - if either are enabledYes
UDesktopMaestroRMTray.exePart of Desktop Maestro from PC Tools - which "combines the features of our award winning products, Registry Mechanic and Privacy Guardian to ensure that you have the range of tools at your fingertips to ensure optimal system performance, stability and user privacy". This entry is created when Desktop Maestro is installed on Vista and loads the System Tray icon (deskmech.exe) on runs a registry scan at startup - if either are enabledYes
Ndesktopmgrdesktopmgr.exeSynchronisation manager for the cradles for the Research In Motion range of wireless handhelds, including the "Blackberry"No
XDesktopUpdaterundll32.exe MSA64CHK.dll,DllMostrarMatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
UDesktopXDESKTOPX.EXEA program that replaces the regular Desktop and Taskbar, and can be changed to the user's likingNo
Ndeskupdeskup.exeAdds Iomega Zip drive icons to the desktopNo
Udesp2kdesp2k.exePart of the Turbo Analyzer tool from LightComm Brazil Telecom that analyzes and corrects ADSL configurationsNo
Xdestroy11destroy11.exeAdded by the DELF-KO TROJAN!No
Xdestroyb11destroyb11.exeAdded by the DELF-KO TROJAN!No
Udetectidetect.exeiNTERNET Turbo from Clasys Ltd. "It accelerates any Windows 95/98/Me/NT/2000/XP internet connection in seconds". If you find it helps your connectivity leave it enabledNo
?detectturbodetect.exe??No
NDetectordetector.exeUSB port detector for LG scanners. Sits in the System Tray, and when it detects the scanner through the USB port, you can run the scanner software from the tray. It is not required at all, since you can use the scan software from almost any photo editing softwareNo
UDetectorAppDetectorApp.exeRelated to Roxio MyDVD (was Sonic) DVD authoring softwareNo
XDeus CleanerDCleaner.exeDeus Cleaner rogue system cleaner utility - not recommendedNo
?DevconDefaultDBREADREGAppears to be related to older Creative Soundblaster soundcardsNo
XDevelopment Environmentdevenv.exeAdded by the DELBOT-AH WORM!No
UDEventAgenteventagt.exeDEvent Agent Module client - part of Dell OpenManage and used for server management. Only required if you use thisNo
Xdevenvsmvss.exeAdded by the DEDLER-G TROJAN!No
XDevice Configuration Loadermsdvc32.exeAdded by a variant of the AGOBOT/GAOBOT WORM! No
UDevice DetectorDevDetect.exeACDSee Auto Device Detector detects when a device is connected to your PC and gives you the option to acquire images from it automaticallyNo
NDevice Detector 2DevDtct2.exeInstalled by various Olympus products, this program detects the active connection of a speech device (voice recorder, etc) to a USB port then runs specific client software used to access that device. The DevDtct2 process has a "high" priority level which can negatively impact system resourcesNo
XDevice Hardwaredevicehnd.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XDevice IO Systemdeviceio.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XDevice Managementwnsystem.exeAdded by the AGOBOT-LH WORM!No
XDevice Managerwfxmgr.exeAdded by the RBOT.AJU WORM!No
XDevice Securitydvcsecure.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XDevice Security Driverdevicesec.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XDevice Security Managerdvcsecure.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
UDeviceDiscoveryhpotdd01.exeDetection of new imaging, printing and other peripherals on HP machines such as USB printers, cameras and Bluetooth productsNo
XDevicePathProyecto1.exeAdded by the GRUEL WORM!No
XDevicePathRoot.exeAdded by the GRUEL WORM!No
UDevicesolesvr.exeSalfeld Child Control - parental control softwareNo
XDevicewin[path to trojan]Added by the BANKER-AEV TROJAN!No
Udevldr16devldr16.exeAssociated with some Creative Labs sound cards. Provides audio support for DOS applications. Not needed if you don't have those. Required if you use "Sound Play Control" and "Sound Recorder". To disable: (1) Disable via MSCONFIG (2) Start → Settings → Control Panel → System → Device Manager then disable "Creative SB16 Emulation" under Creative Miscellaneous DevicesNo
Udevldr16.exedevldr16.exeAssociated with some Creative Labs sound cards. Provides audio support for DOS applications. Not needed if you don't have those. Required if you use "Sound Play Control" and "Sound Recorder". To disable: (1) Disable via MSCONFIG (2) Start -> Settings -> Control Panel -> System -> Device Manager then disable "Creative SB16 Emulation" under Creative Miscellaneous DevicesNo
?Devlogdevlog.exeApparently mainboard/chipset related, by a French company called AS Media - what exactly is it, and is it requiredNo
Xdfgfdgrergd[path to trojan]Added by the RANKY.CK TROJAN!No
XDfqwSfSffsqsd.exeAdded by the SDBOT-SH WORM!No
?DGJMDGJM.exe??No
Xdgtstartdgtstart.exeDigitalNames.g adwareNo
Udguarddguard.exeeAcceleration Stop-Sign security software related. Previously not recommended, see hereNo
XDHCPsmss.exeAdded by the WINSPY.AG TROJAN! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\displayNo
XDHCP Serverregsvr.exeAdded by the RBOT-PR WORM!No
XDHCP32services.exeAdded by the WINSPY.AG TROJAN! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\displayNo
Ydhcpagntdhcpagnt.exeIntel DSL modem driver - leave enabled or you'll have to re-install the driversNo
XDhcpCepPYJJKIME.exeAdded by the AGENT-BXQ TROJAN!No
?DHNUXBDHNUXB.exe??No
XDI2[path to file]BroadcastPC adwareNo
Ndiagentdiagent.exeSystem Tray access for Creative Diagnostics for the Creative SoundBlaster series soundcards. Available via Start -> ProgramsNo
XDiagnosticdiagnostic.exeAdded by the ALPHA-C TROJAN!No
XDiagnostic Agentdiagent.exeAdded by the AGOBOT-CW WORM!No
XDiagnostic Manager[path to trojan]Added by the AGENT-JPS TROJAN!No
XDiagnosticConfigurationdiagcfg.exeAdded by the GWGIRL BACKDOOR!No
XDial22dlm.exeAdult content diallerNo
XDial33dlm.exeAdult content diallerNo
XDialerrundll32.exe MSA32CHK.dll,RegMatrixDialer/Lanzar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA32CHK.dll" file is located in %System%No
UDialer Controldc.exeDialer-Control. Detects and protects from premium rate adult content diallersNo
UDialer Detectdd.exeDialerDetect detects stealth installed premium rate diallers, and sounds the alarm when such a connection is being installed without you knowing it No
UDialgo SDKPhoneAnswer.exeDialgo Wave Modem ActiveX - "Telephone Answering Machine for scripting your own professional call center business scripts using a voice modem. Features Caller-ID, Wave Playback, Wave Recording, Digit Monitoring, POP3 e-mail Manipulation, Speech Recognition and Synthesis"No
XDialNetmxt32.exeAdult content diallerNo
NDialog Box AssistantOSDEx.exeDialog Box Assistant from Duality Software. Helps with the standard Open and Save As dialog boxes by showing recently used files and foldersNo
NDialog HelperPDDLGHLP.EXEDialog Helper from PowerDesk Pro by Ontrack. Helps with the standard Open and Save As dialog boxes by showing recently used files and folders. Available via Start -> ProgramsNo
XDialUp Network ApplicationRnaap.exeAdded by a variant of the SDBOT WORM!No
XDiam prlaeroqedrhg.exeAdded by the SDBOT-DEU WORM!No
?Diamond Delivery CenterDeliveryCenter.exe??No
UDiamondbackrazerhid.exeRazer Diamondback 3G gaming mouse driver - required if you use the additional features and programmed keys/macrosNo
?DiamondviewDiamondview.exeManulife Financial Insurance program. Is it required at startup?No
XDIECOXcsrss.exeAdded by a variant of the ATM.GEN TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup!No
XDieselRecalculate.exeAdded by the LAZAR TROJAN!No
UDietKDietK.exeDiet Kazaa add-on for Kazaa Media Desktop - "removes all adware and popups, built in Download Accelerator, makes searches faster and helps produce more results" No
UDigiCellDigiCell.exeMSI DigiCell - "the most useful and powerful utility that MSI has spent much research and efforts to develop, helps users to monitor and configure all the integrated peripherals of the system, such as audio program, power management, MP3 files management and communication / 802.11g WLAN settings. Moreover, with this unique utility, you will be able to activate the MSI well-known features, Live Update and Core Center"No
XDigiDDigitalSound.exeAdware downloader No
NDigiGuideCLIENT.EXETV guide and reminderNo
NDigiGuideclient01.exeTV guide and reminderNo
UDigisoft AntiDialerAntiDialer.exeDigisoft AntiDialerNo
UDigiSrvDigiSrv.exeRelated to camera software from DigitalDreamsNo
NDigital Dashboarddevgulp.exeFor Compaq PC's. Loads Digital Dashboard optionsNo
NDigital Line DetectDLG.exeDetects whether your are plugged into a digital telephone line and displays the information graphically. Installed by Dell (and maybe others) and is included with all Connexant V.92 and Broadcom modemsNo
YDigital Patrol Update 5update.exeDigital Patrol - "a powerful anti trojan scanner, which detects and eliminates more than 180'000 Trojan Horses and Spywares. Digital Patrol detects viruses, trojans, worms, spyware, malicious ActiveX controls and Java applets"No
XDigital Protectiondigprot.exeDigital Protection rogue security software - not recommended, removal instructions hereNo
NDigital River eBotdownlo~1.exeDigital River Systems EBOT for downloading software from their site. In some cases, if you purchase software online for a download from a software manufacturer, you will be sent to this online company's site for the download after the purchase is complete. Read more hereNo
XDigitalNamesDigitalNamesStart.exeDigitalNames spyware variantNo
NDigitalWizardISWizard.exeInstallShield's DigitalWizard - free, complete Digital Content Management Solution that makes it easy to experience digital contentNo
NDigitalWizard MonitordwMon.exeInstallShield's DigitalWizard - free, complete Digital Content Management Solution that makes it easy to experience digital contentNo
UDIGServicesDIGServicesCreated by Disney but licensed to ESPN for watching videosNo
NDIGServicesDIGServices.exeCreated by Disney but licensed to ESPN for watching videosNo
NDIGStreamdigstream.exeDIGStream Cache Manager - part of ESPN Motion and Disney Motion that periodically check for new videos and indication they're available in the System Tray. Starting ESPN Motion/Disney Motion starts digstream automaticallyNo
UDimensionDimension.exeDimension - a program which lets you customize MSN messenger such as adding animated and coloured nicknames, personal toast creator, war tools (login flooder), and allows viewing and interacting with the raw MSN protocolNo
UDimension4d4.exeDimension 4 - network time synchronization freeware - starts-up, adjusts the system clock, then shuts downNo
XDino3dino3.exeRelated to Jurassic Park III and enables a dinosaur to walk across the screen. Also generates adverts and classified as adware as a resultNo
XDinstdinst.exeIMIServer/IEPlugin adwareNo
XDiomacdfdafbfd.exeAdded by the MULDROP.F TROJAN!No
XDir1caKeAdded by the CAKE WORM!No
XDirect settingssdchost.exeAdded by the DAEMONI-I TROJAN!No
UDirect UpdateDUControl.exeDirectUpdate dynamic DNS updaterNo
XDirect X Direct3Ddxd3d.exeAdded by a variant of the SDBOT WORM! No
XDirect X Opengldxopengl.exeAdded by a variant of the RBOT-CJ WORM! No
Xdirect3d.exedirect3d.exeAdded by the CERTIF-F TROJAN!No
NDirectCDDirectCD.exeDirectCD primarily allows you to drag and drop files onto a suitably formatted CD-RW disc. Unless you use this on a frequent basis it isn't required and is available via Start -> Programs. Start the program before inserting a DirectCD formatted CD-RW in the drive. A re-boot is recommended if you close Adaptec DirectCD before re-opening it again laterNo
XDirector Videobtnmgern.exeAdded by the MYTOB-KL WORM!No
YDirectory Opus Desktop Dblclkdopusrt.exeDirectory Opus - an advanced file manager. "Directory Opus goes beyond the simple file manager metaphor, and offers you a complete replacement for Windows Explorer and many other utility programs for handling FTP, ZIP, viewing files and images, running slideshows and more"No
Xdirects.exedirects.exeAdded by the BEAGLE.O or BEAGLE.R or BEAGLE.S or BEAGLE.T WORMS!No
UDIRECTVDSLDirectvdsl.exeStarts DirectTV DSL modem at boot up. Can also be started manuallyNo
XDirectXddhelp32.exeAdded by the BIONET.318 TROJAN! Note - not the DirectX helper which is ddhelp.exeNo
XdirectxDirectx.exeAdded by the SDBOT.D TROJAN!No
XdirectxSqlexploit.exeAdded by the SDBOT.D TROJAN!No
XDirectXDirectX.exeAdded by the BLAXE or LOGPOLE WORMS!No
XdirectxNTCmd.exeAdded by the SDBOT.D TROJAN!No
XdirectxPipeCmd.exeAdded by the SDBOT.D TROJAN!No
XDirectX 32directx32.exeAdded by a variant of the AGOBOT/GAOBOT WORM!No
XDirectX Driverstdhost.exeAdded by the SDBOT.GVJ BACKDOOR!No
XDirectX For Microsoft Windowsdtxservice.exeAdded by the PROGENT TROJAN!No
XDirectX for Microsoft WindowsFservice.exeAdded by the PRORAT TROJAN!No
XDirectX for Microsoft WindowsSservice.exeAdded by the PRORAT TROJAN!No
XDirectX For Microsoft® Windowsfservice.exeAdded by the PRORAT-L TROJAN!No
XDirectX For Microsoft® Windowsfservice.exeAdded by the PRORAT-P TROJAN!No
XDirectX shell driver[path to trojan]Added by the MARKTMAN-B TROJAN!No
XDirectx Startup Driversdirect.exeAdded by the RBOT.UXL WORM!No
XDirectX Video Driverdxterm5.exeAdded by the WILAB-A TROJAN! No
Xdirectx.exe[path to trojan]Added by the DELF-FW BACKDOOR!No
XDirectX64DirectXset.exeAdded by the BROWNEY.A WORM!No
XDirectX9direct3d.exeAdded by the AGENT.EAK TROJAN!No
XDirectX9svchost32.exeAdded by the RBOT.AQG WORM!No
XDirectX9 Diagdx9diag.exeAdded by the RBOT-ALT WORM!No
XDirecXDirecX.exeAdded by the AGOBOT-HU BACKDOOR!No
UDirkeyDirkey.exeDirkey - small utility that allows you to bookmark up to 9 folders by using the Ctrl+Alt+1..9 shortcut keys in an Open/Save File dialog or in Windows Explorer. After this the Ctrl+1..9 shortcut keys can be used in the same or another window to go to any of the 9 bookmarked foldersNo
XDirLockDirLock.exeAdded by the AUTORUN-APL WORM!No
XDirLockerdirlock.exeAdded by the AUTORUN-AMS WORM!No
?Disable EHCInousb20.exe??No
XDisableKeybaordRundll32.exe Keyboard,DisableAdded by the VB-HE TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
XDisableMouseRundll32.exe Mouse,DisableAdded by the VB-HE TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
NDisc DetectorCtNotify.exeFor Creative sound cards. Detects when you insert a CD, DVD, etcNo
?disc detectorqnetquestnotifty.exe??No
?discovegdiscoveg.exe??No
?DISCoverDISCover.exeRelated to DISCover Drop from Digital Interactive Systems Corporation. What does it do and is it required?No
NDiscoverDeskshopDeskshop.exeDiscover Deskshop - single use "virtual" credit cardNo
UDiscUpdateManagerDiscUpdMgr.exeDisc Update Manager for Digital interactive's DISCover Console. Provider of on-demand video gamesNo
NDiscUpdateManagerDiscUpdateMgr.exeDISCover from Digital Interactive Systems Corporation Inc. "The company's patented Drop 'n' Play technology provides a simple, console-like experience when playing PC titles allowing for seamless play of CD/DVD-based games while its unique Parental Control system incorporates ESRB ratings to help users limit access to younger players"No
UDiscWizardMonitor.exeDiscWizardMonitor.exeSeagate DiscWizard - hard disk utility for Seagate's SATA and PATA (IDE) drivesNo
XDisk Checkchkdsk32.exeAdded by the IM TROJAN!No
UDisk CleanerDiskCleaner.ExeHard disk management part of TuneUp Utilities from TuneUp Distribution GmbHNo
XDisk Defragmentation Loaderpmsvcr.exeAdded by a variant of the IRCBOT TROJAN!No
XDisk Essensial Toolsdetsvc.exeAdded by a variant of the IRCBOT TROJAN!No
XDisk Keeper[path to trojan]Added by the SMALL-VE TROJAN!No
XDisk KeeperSECURITY.EXEDaosearch adwareNo
XDisk Managerdiskver.exeAdded by the RBOT.AQT WORM!No
XDisk Master[trojan name]Added by the DISTER TROJAN! - a spam relayerNo
XDisk Panel Configurationdpcsvc.exeAdded by the IRCBOT.BSQ BACKDOOR! No
XDisk Panel Setupnpcsvc.exeAdded by a variant of the IRCBOT TROJAN!No
XDiskCheckmsdarkend.exeAdded by an unidentified WORM or TROJAN!No
Xdiskchkdiskmon32.exeAdded by the RBOT-BBI WORM!No
XDiskCleanMainDiskClean.exeDiskClean rogue security software - not recommended, removal instructions hereNo
NDiskeeperSystrayDkIcon.exeDisKeeper defragmentation software - can be started manuallyNo
Xdiskinfdiskinf.exeAdded by the CRYPTER.A TROJAN!No
?DISKMON.EXEDISKMON.EXE??No
NDisknagdisknag.exeDell program that reminds you to make your backup diskettesNo
XDiskRetterSysRep.exeDiskRetter, German rogue system error and cleaning utility - not recommended. A member of the ErrClean familyNo
XDiskstartCode.exeAdult content diallerNo
XDiskstartcat.exeMS-Connect diallerNo
XDiskstarthit.exeAdult content diallerNo
XDiskstartSnt.exeAdult content diallerNo
UDiskSuiteaDSProcMngr.exePart of PC Tools Disk Suite from PC Tools - which "is an all-in-one hard-disk management utility that integrates disk optimization, defragmentation and backup tools in one easy to use package". Proxy (or agent) for the Disk Suite Service. Based upon my experience, if this is disabled it does not appear to adversely affect on-demand or scheduled tasks but has a "U" recommendation as it's function isn't fully knownYes
UDisk_MonitorDisk_Monitor.exeMulti-media, Smartmedia, Compact Flash card reader for reading digital camera cards. Device is recognised as internal USB disk drive. Necessary if camera cards are to be recognised as soon as they are inserted into the readerNo
Xdisnisadisnisa.exeAdded by the DORF-AE WORM!No
XDispatcherdispatcher.exeAdded by the DLOADR-AS TROJAN!No
Xdispenterdispenter.exeAdded by the AGENT-MKK TROJAN!No
UdisplayThe_Eye.exeComSpySysSvr surveillance software. Uninstall this software unless you put it there yourselfNo
XDisplaybackup.exeAdded by the BRONTOK-CR WORM!No
XDisplay Driverscssrs.exeAdded by the AGOBOT.FX WORM!No
NDisplay Settingshptasks.exeAllows for the adjustment of the display for LCD screen, CRT Monitor and TV output on HP computersNo
UDisplayFusionDisplayFusion.exeDisplayFusion from Binary Fortress Software - "is a fantastic application that can make your dual monitor (or triple monitor or more) life much, much easier! From allowing you to use a different wallpaper on each monitor, to integrating with Flickr for image searching, to providing hotkeys for managing your application windows"No
NDisplayTrayIconTrayIcon.exeSystem Tray access to display properties for ABIT graphics cards. Unless you change your desktop resolution, etc regularily use Control Panel -> DisplayNo
UDisspydisspy.exeDisspy spyware detection and removal softwareNo
XDist-FBGeneveGDC.exeNettoyeurDePC French rogue privacy tool - not recommended. A member of the PCPrivacyTool familyNo
NDistiller Assistant 3.01DISTASST.EXEFrom Adobe. Creates PDF universal files for Acrobat Reader. Available via Start -> ProgramsNo
XDistributed File SystemDfsvc.exeAdded by the MYFIP.A or MYFIP.K WORMS!No
XDistributed File Systemkernel32dll.exeAdded by the MYFIP-C or MYFIP.K WORMS!No
XDistributed File Systemblade.exeAdded by the MYFIP.AC WORM!No
XDistributed File Systemwin.exeAdded by the MYFIP.AB WORM!No
XDistributed Link Trackingascvt.exeAdded by the AGOBOT-GH BACKDOOR!No
Udistributed.net clientDNETC.EXEDsitributed computing projects client from Distributed.net where numerous computers are used to share a projects workload - similar to SETI@Home and Folding@Home. Also prone to being distributed by virusesNo
YDitdit.exe"Drive Icon and Label Utility" - assigns drive icons and names to flash memory cards. Required, otherwise the drives aren't foundNo
XDitdit.exeAdded by the LAZAR-A TROJAN! Note - this is located in %System%No
NDiTask.exeDiTask.exeAssociated with an Eicon Networks ISDN or ADSL modem. System Tray icon which shows you the status of your lines (free, occupied with incoming or outgoing call). Available via Start -> ProgramsNo
?Divamon.exeDivamon.exeAssociated with an Eicon Networks Diva ISDN or ADSL modem - what does it do and is it required?No
Xdivxdivxenc.exeAdded by the SPBOT.B TROJAN!No
XDivxcodll.exeAdded by the GRAVEBOT-A TROJAN!No
XDivX MediaPlayer 7.0Dr.DivX.exeAdded by the ALADINZ.G TROJAN!No
XDivX PlayerDivXPlayer.exeAdded by a variant of the RBOT WORM!No
XDivX UpdaterDivX.ExeAdded by the NALDEM TROJAN or MASTAK VIRUS!No
XDIVX Video PlayerDIVXPloyer.exeAdded by an unidentified WORM or TROJAN!No
XDivx4 codecdevldr32.exeAdded by an unidentfied VIRUS! Note - this is not the legitimate Creative Labs devldr32.exe fileNo
XDivXCodecNEWMAIL.exeAdded by the DELF-RQ BACKDOOR!No
?Dixons Insert DetectInsDetect.exePart of Dixons Picture Suite. Detects a digital camera is plugged into a USB port or when a memory card with photos is inserted?No
Xdjdsdvqwavjdhdg.exeAdded by the SDBOT-EF BACKDOOR!No
NDJRegFixregedit /s c:\hp\djregfix.regDJRegFix showed up first in WinME as a "clever" way to ensure that all Hewlett-Packard DeskJet printers actually worked with WinME - since most were having major problems. This "utility" adds the functionality and compatibility HP forgot to add in its WinME driversNo
?DJSNetCNDJSNetCN.exe"Symantec Licensing Detect Internet Connection", part of Norton Antivirus. What does it do and is it required?No
Xdjtopr1150.exedjtopr1150.exeWebRebates adwareNo
XdKerneldKernel.exeAdded by the DECOY-A WORM!No
YDkServiceDkService.exeFrom Executive Software's Diskeeper defragmenting utility - a replacement for Windows Disk Defragmenter. It's recommended to leave this enabled, otherwise you could have problems starting it manually.No
XDKTimedktime.exeAdded by the LUNII TROJAN!No
XDkware lptt01dkware.exeRapidBlaster variant (in a "DonkeySoft" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see hereNo
XDkware ml097edkware.exeRapidBlaster variant (in a "DonkeySoft" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see hereNo
?dkzzixmdkzzixm.exe??No
Ydlatfswctrl.exeDrive letter access to a UDF packet writer for CD-RW - from HP, Veritas an others. Similar to Roxio's DirectCD and does the same thing. From HP - "This is a needed file as it controles the readability of the Combo drives. Without this file loading the end user will be able to burn CD's but wont be able to read them. The drive itself will be able to read store bought master Cd's without the file but not burnt ones"Yes
YDLADLACTRLW.EXEDrive letter access to a UDF packet writer for CD-RW - from HP, Veritas and others. Similar to Roxio's DirectCD and does the same thing. From HP - "This is a needed file as it controles the readability of the Combo drives. Without this file loading the end user will be able to burn CD's but wont be able to read them. The drive itself will be able to read store bought master Cd's without the file but not burnt ones"Yes
YDLACTRLWDLACTRLW.EXEDrive letter access to a UDF packet writer for CD-RW - from HP, Veritas and others. Similar to Roxio's DirectCD and does the same thing. From HP - "This is a needed file as it controles the readability of the Combo drives. Without this file loading the end user will be able to burn CD's but wont be able to read them. The drive itself will be able to read store bought master Cd's without the file but not burnt ones"Yes
YDLACTRLW.EXEDLACTRLW.EXEDrive letter access to a UDF packet writer for CD-RW - from HP, Veritas and others. Similar to Roxio's DirectCD and does the same thing. From HP - "This is a needed file as it controles the readability of the Combo drives. Without this file loading the end user will be able to burn CD's but wont be able to read them. The drive itself will be able to read store bought master Cd's without the file but not burnt ones"Yes
NDlaTrayDlatray.exeSystem Tray access to DLA - Drive letter access to HP's and Veritas' version of DirectCD. Does the same thing as DirectCD. From HP - "This is a needed file as it controles the readability of the Combo drives. Without this file loading the end user will be able to burn CD's but wont be able to read them. The drive itself will be able to read store bought master Cd's without the file but not burnt ones"No
Ndlbcservdlbcserv.exeRelated to Dell Photo Printers and provides additional configuration options for these devicesNo
YDLBTCATSrundll32 [path] DLBTtime.dll, _RunDLLEntry@16Resolves a timing problem where a Dell service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)No
YDLBUCATSrundll32 [path] DLBUtime.dll, _RunDLLEntry@16Resolves a timing problem where a Dell service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)No
YDLBXCATSrundll32 [path] DLBXtime.dll, _RunDLLEntry@16Resolves a timing problem where a Dell service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)No
YDLCCCATSrundll32 [path] DLCCtime.dll,_RunDLLEntry@16Resolves a timing problem where a Dell service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll). If you use the 964 printer, Dell recommends leaving dlcctime.dll in place as it fixes compatibility issues on some Dell systems. If you receive an error message on system startup that reads: "Error in C:\WINDOWS\System32\spool\drivers\W32\x86\3DLCCtime.dll Missing entry: RunDLLEntry" Dell offers help hereNo
Udlccmon.exedlccmon.exeDell Photo AIO Printer 924 device monitorNo
YDLCDCATSrundll32 [path] DLCDtime.dll, _RunDLLEntry@16Resolves a timing problem where a Dell service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)No
Udlcdmon.exedlcdmon.exeDell Photo AIO Printer 944 device monitorNo
YDLCFCATSrundll32 [path] DLCFtime.dll, _RunDLLEntry@16Resolves a timing problem where a Dell service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)No
YDLCGCATSrundll32 [path] DLCGtime.dll, _RunDLLEntry@16Resolves a timing problem where a Dell service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)No
Udlcgmon.exedlcgmon.exeDell Photo AIO Printer 810 device monitorNo
YDLCICATSrundll32 [path] DLCItime.dll, _RunDLLEntry@16Resolves a timing problem where a Dell service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)No
Xdlcipscldcpavss.exeAdded by the MAILBOT-CB TROJAN!No
YDLCJCATSrundll32 [path] DLCJtime.dll, _RunDLLEntry@16Resolves a timing problem where a Dell service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)No
Udlcjmon.exedlcjmon.exeDell Photo AIO Printer 964 device monitorNo
YDLCQCATSrundll32 [path] DLCQtime.dll, _RunDLLEntry@16Resolves a timing problem where a Dell service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)No
Udlcqmon.exedlcqmon.exeDell Photo AIO Printer 966 device monitorNo
YDLCXCATSrundll32 [path] DLCXtime.dll, _RunDLLEntry@16Resolves a timing problem where a Dell service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)No
Udlcxmon.exedlcxmon.exeDell Photo AIO Printer 926 device monitorNo
Xdlderdlder.exeDlder spyware. Also creates a fake "explorer.exe" file and can be installed via versions of Grokster, Lime Wire and KaZaA file-sharing utilitiesNo
XDlDir1caKeAdded by the CAKE WORM!No
Udldtamondldtamon.exeDell AIO Printer V305 device monitorNo
Udldtmondldtmon.exeDell AIO Printer V305 device monitorNo
Udldtmon.exedldtmon.exeDell AIO Printer V305 device monitorNo
?DLForcerExeDLForcerEXE.exe??No
NDLF_00000B00Vcdlf.exeKnown to cause problems with "Out of memory" errors (see here). Otherwise, it's purpose is unknownNo
NDLGDLGCHBW.exeBackweb part of Data LifeGuard - diagnostic tools for Western Digital's series of hard drives. Automatically detects an internet connection and downloads any available updatesNo
NDLHelperEXEWATCH.exeDownload helper distributed with some software that allows the software installation to redirect download locations. Not required once the installation is finishedNo
XDLHelperEXE.exeN/ADownloader for Microgaming/Casino software - stealth installedNo
Xdlhostdlhost.exeAdded by the EXPHOOK-A TROJAN!No
XDLINK dfe drivers for Windows NTwindfe.exeAdded by the RANDEX.AK WORM!No
UDLink System Traydlnetst.exeRelated to D-Link DGE-530T PCI card for servers and workstationsNo
XDlitedllmanager.exeAdded by the WOOTBOT.DN WORM!No
XDll Boot Loader on Startup (do not remove this)[various filenames]Added by an unidentified TROJAN!No
XDll Linksvchoist.exeAdded by the AUTOSKY WORM!No
XDll Linksvchost.exeAdded by the AUTOSKY WORM! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in Documents and Settings\<User>\Favourites folderNo
XDLL Managerdllmngr32.exeAdded by a variant of the RBOT WORM!No
XDLL Service Manager[path to worm]Added by the RPCBOT.F TROJAN!No
Xdll services[random filename].exeAdded by a variant of the SDBOT WORM!No
XDLL32dllmem32.exeAdded by the KWBOT.E WORM!No
XDLL32dllhost.dllAdded by the SUCLOVE.A WORM!No
XDllbin32dllsysbin.exeAdded by the SLINBOT.FU BACKDOOR!No
Xdllcache.exedllcache.exeAdded by the VISPAT.A WORM!No
XDllCacherv2dllcachev2.exeAdded by the LATEDA TROJAN!No
Xdllcvss[random filename]Added by a variant of the SLAPER TROJAN!No
Xdlldmtdlldmt.exeAdded by a variant of the CRYPTER.C TROJAN!No
XDllExecutable[path to file]Added by the VB-SP WORM!No
Xdllhelpdllhelp.exeAdded by the STARTPAGE.DQ hijackerNo
Xdllhelpdllhlp.exeAdded by the Downloader-HI TROJAN! No
XDLLHostdllhst.exeAdded by the DELBOT-AC WORM!No
XDllHostdllhost.exeAdded by the PROSTI.AA BACKDOOR! Note - this is not the legitimate dllhost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\InfNo
Xdllhostxp.exedllhostxp.exeBrowser hijacker and adware downloaderNo
XDllLoaderlssas.exeAdded by the BDOOR-JE BACKDOOR!No
XDlloadkiller.exeAdded by the KILLAV-FK TROJAN!No
Xdllregdllreg.exeAdded by the CRYPTER.A TROJAN!No
XDLLService32dllsvc32.exeAdded by the AGOBOT.VX WORM!No
XDLLUPDATE32dllupdate32.exeAdded by the AGOBOT.IA WORM!No
NDLM.exeDLM.exeIGN Download Manager has become a requirement for downloading files through FilePlanet.com. It is based on Internet Explorer and it installs through an ActiveX-plugin, hence Internet Explorer must be installed beforehand and downloads has to be initialized through that browserNo
NdlmMgrAdobeDownloadManager.exeAdobe Download Manager - "can prevent you from having to start from the beginning should your download process be interrupted, and it offers a level of service not possibleNo
YDLO AgentDLOClientu.exePart of the backup suites from VERITAS - Backup Exec and NetBackup. Both have now been replaced by their Symantec equivalents since they acquired VERITAS in 2005No
UDLPSPDLPSP.EXEDell laser printer status monitorNo
Xdlsp2mxdlsp2mx.exeAdded by the MPB-B DIALER! An uninstall option can be accessed via the Add or Remove Programs dialog in the Windows Control Panel. The software is listed as "dlsp2mx"No
?DLTdlt.exe??No
Xdlucadluca.exeAdded by the DLUCA.C TROJAN!No
Xdluxdedluxde.exeAll-In-One-Telcom (adult content dialler) variantNo
XDluxjpDluxjp.exeAdded by the DLUCA.D TROJAN!No
XDm Hrlpns.exeAdded by the IRCBOT.WORM.61673 WORM!No
XDM mgrdm_mgr.exeAdded by the JITTAR TROJAN!No
Xdm***.exe [* = random char]dm***.exe [* = random char]Wareout - malware masquerading as a spyware and dialer removerNo
NDMASchedulerDMAScheduler.exeRelated to DigitalMedia Plus Archiver. This program is non-essential process to the running of the program, but should not be terminated unless suspected to be causing problemsNo
XDMCdmc.exeAdded by Trojan-Downloader.Win32.Dluca.bv TROJAN!No
UDMHotKeyDMLoader.exeHotKey access to the Samsung Display Manager on laptops and ultra-mobiles that support it - such as the M55 and Q1No
NDMILDRdmildr.exePart of Dell OpenManage Client Instrumentation - software that allows remote management application programs to access information about, monitor the status of or change the state of the client computer, such as shutting it down remotely. Uses the DMI and/or common information model (CIM) protocols, which are systems management protocols defined by industry standards. Available via Start -> ProgramsNo
Xdmimedmime.exeMalware installed by different rogue security software including SpyKillerProNo
NDMISLDMISL.EXEDMI (Desktop Management Interface) Service Layer for Intel TokenExpress network card software. DMI support for the Intel network card managed through the Desktop Management Interface. See here for more informationNo
NDMISLAPPDMISLAPP.exeDMI (Desktop Management Interface) Service Layer for Intel TokenExpress network card software. DMI support for the Intel network card managed through the Desktop Management Interface. See here for more informationNo
?dmjaydmjay.exe??No
Xdmloaderdmloader.exeAdded by a variant of the RBOT WORM!No
XDmsvc32Dmsvc32.exeAdded by the AGOBOT.ABU WORM!No
Xdmtdlldmtdll.exeAdded by a variant of the CRYPTER.C TROJAN!No
UDmwClientdmwclient.exeDMW "anti-cheating" software for online gamingNo
UDMXLauncherDMXLauncher.exePart of Dell's Media Experience, a multimedia suite which offers the user functionality to organise and play music and digital video filesNo
Xdm[3 random letters].exedm[3 random letters].exeAdded by the RUINDEM TROJAN!No
XDM_serverdmserver.exeComet Cursor adwareNo
Xdm_service[path to file]Added by the MITGLIEDER.P TROJAN!No
NDNAbtdna.exe"BitTorrent DNA is a FREE content delivery service based on the BitTorrent protocol which brings the power of user-contributed bandwidth to traditional content publishers while leaving publishers in full control of their files". Now a stand-alone product where the user creates the download, DNA used to be included with and used by earlier versions of the main BitTorrent client. As files are downloaded via a file-sharing network make sure you have good, up-to-date virus protection and check any downloads. Start manually via Control Panel → DNAYes
Xdnamd140113.a.Stub.EXEAdded by the STUB_A TROJAN!No
NDnarDnar.exeInstalled on some Dell workstations and DMI related. Tries to access the internet and is known to not be required - but what does it do?No
YDNE Binding Watchdogrundll dnes.dll, DnDneCheckBindingsDeterministic NDIS Extender (DNE). DNE is an NDIS-compliant module which appears to be a network device driver to all protocol stacks and a protocol driver to all network device drivers. Part of Gilat Communications internet satellite systems. Required if you have this system. Also installed by Winproxy - a proxy program for sharing internet connections through one computer. Required if you want it to workNo
YDNE DUN Watchdogrundll dnes.dll, DnDneCheckDUN13Deterministic NDIS Extender (DNE). DNE is an NDIS-compliant module which appears to be a network device driver to all protocol stacks and a protocol driver to all network device drivers. Part of Gilat Communications internet satellite systems. Required if you have this system. Also installed by Winproxy - a proxy program for sharing internet connections through one computer. Required if you want it to workNo
XDNHelper32DNHlp32.exeAdded by an unidentified WORM or TROJAN!No
XDNSmc-58-12-0000080.exeShorty adware - also detected as the AGENT.FD TROJAN!No
XDNSmc-58-12-0000093.exeShorty adware - also detected as the AGENT.FD TROJAN!No
XDNSmc-110-12-0000079.exeShorty adware - also detected as the AGENT.FD TROJAN!No
XDNSmc-58-12-0000120.exeShorty adware - also detected as the AGENT.FD TROJAN!No
XDNSmc-58-12-0000140.exeShorty adware - also detected as the AGENT.FD TROJAN!No
XDNS[worm filename]Added by the BCKDR-CQG BACKDOOR! No
XDNS Config servicewin32.exeAdded by the RBOT-TL WORM!No
XDns Resolverdnsrslve.exeAdded by the RBOT-WS WORM!No
XDNS Servicednsresolver.exeAdded by the RBOT-PQ WORM!No
XDNS Servicednssvc.exeAdded by the DELBOT-Z WORM!No
?DNS2GoClientdns2goclient.exeDNS2Go is a Domain Name System that will make your computer accessible anytime, anywhere by associating a domain name of your choice to your currently assigned IP address. Is it required?No
NDNS7reminderEreg.exe Ereg.iniRegistration reminder for versions of Nuance (ScanSoft) Dragon NaturallySpeakingNo
XDnsCacheWscript.exe dns_cache.vbsAdded by the AUTORUN-AWI WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted. The "dns_cache.vbs" file is located in %System%No
XDNSCacheBoostdnsping.exeAdded by the DNSBUST-A TROJAN!No
Xdnscleanerdnscleaner.exeCoolWebSearch parasite variantNo
XDNSEDNSE.exePart of rogue security tools, including WinAntiVirus Pro 2007, PcTurboPro and SystemDoctorNo
XDnsUpdater[malware filename].exeAdded by the DNSCHANG.XT TROJAN!No
?DNXVCdnxvc.exe??No
Xdocdoc.exeAdded by the AGOBOT-BJ WORM!No
XDocTorDoctor.exeAdded by the DOTOR.A WORM!No
XDoctor Antivirus 2008antvr.exeDoctor Antivirus 2008 rogue security software - not recommended, removal instructions hereNo
NDocuMagix InitPWATCH.EXEPaperMaster is an application for the PC designed to automate the process of organizing, archiving, and retrieving digital versions of files. Start manually if neededNo
UDocument Managerdocmgr.exeWave Systems Corp. Document Manager - "provides secure storage and management capabilities for file and folder level encryption"No
XDoggy StyleMsPMSPSd.exeAdded by the SDBOT-AAP WORM!No
XDOGStartGSDOGST.EXEAdded by an unidentified VIRUS, WORM or TROJAN! A possibility is a trojan known as PENISNo
?Doingdoing.exe??No
Xdoit.exedoit.exeAdded by the FORBOT-EK WORM!No
XDokterFixSysRep.exeDokterFix, Dutch rogue system error and cleaning utility - not recommended. A member of the ErrClean familyNo
XDomain Name Resolve Servicednsresolver.exeAdded by the KIMAN.A WORM!No
XDomPlayer Servicewakeservice.exeDomPlayer adwareNo
UDon't Panicdontpanicdemodp.exe30-day trial version of Don't Panic privacy software from Panicware. "Clean up Internet tracks and quickly hide personal documents with this privacy suite."No
UDon't Panic Pop-Up Stopperdpps2.exePop-Up Stopper Companion from Panicware. Pop-up blocker integrated into the IE toolbar. Note that the Pro version doesn't load in startup as it is installed as an Internet Explorer toolbar. Can cause problems with IE if you use WinXP and uninstall Service Pack 1. Uninstalling the software leaves it in the startup groupNo
UDon't Panic!DP.EXEDon't Panic! privacy software from Panicware. "Clean up Internet tracks and quickly hide personal documents with this privacy suite"No
XDontworrymysaym.exeAdded by the SDBOT-RC WORM!No
UDopusdopus.exeDirectory Opus - a file manager from GPSoftNo
Xdorfgweuret463.exeAdded by the AUTORUN-AFV WORM!No
NDoroServerDoroServer.exeDoro PDF Writer from The SZ Development. All what you need for creating pdf filesNo
Xdosdos64.exeAdware downloader trojanNo
XDos Prompt Loadercygwin.exeAdded by the SDBOT-VV WORM!No
?Dosbat????No
XDot1XCfgDot1XCfg.exeAdded by the AGOBOT.EA TROJAN!No
UDoubleDesktopdd.exe"DoubleDesktop is a smart and elegant system tray utility that effectively doubles the width of your Windows desktop" No
NDoUWantItduwi.exeDoUWantIt - online shopping assistant. Start it manuallyNo
XDowmingzuDowmingzu.dll.vbsAdded by the SOLOW-E WORM!No
Xdownhlp32.exeAdded by the DLOADER.BG TROJAN!No
Xdown[trojan filename]Added by the SMALL-QJ TROJAN!No
UDown2HomeDown2Home.exeDown2Home - "monitors your ADSL/Cablemodem/Dialup traffic and provides you with usefull statistics about the amount of data your PC has transferred" No
NDownload Accelerator Manager Free Editiondam.exeDownload Accelerator Manager Free Edition from Tensons CorpNo
NDownload Accelerator Plus 5.0DAP.exeDownload Accelerator Plus from Speedbit. Download manager for resuming downloads, amongst other features. Available via Start -> Programs. Note that the free version is adware basedNo
XDownload PlusDownloadPlus.exeDownloadPlus adwareNo
NDownload WonderDownloadWonder.exeDownload Wonder from Forty Software. Download manager for resuming downloads, amongst other featuresNo
NDownloadAcceleratorDAP.EXEDownload Accelerator Plus from Speedbit. Download manager for resuming downloads, amongst other features. Available via Start -> Programs. Note that the free version is adware basedNo
XDownloadLegalMusicrundll32.exe MSA64CHK.dll,DllMostrarMatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
XDownloadMP3rundll32.exe MSA64CHK.dll,DllMostrarMatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
XDownloadsAndMP3rundll32.exe MSA64CHK.dll,DllMostrarMatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
XDownloadWaredw.exeDownloadWare adwareNo
XDownloadWare EngineDwe.exeDownloadWare adwareNo
Xdownsdowns.exeAdded by the BCKDR-MNR TROJAN!No
XDownxzDownxz.batAdded by the MYDOOM.W WORMNo
YDpAgentdpagent.exePart of the DigitalPersona range of fingerprint authentication applications - which are use to replace passwords with fingerprint recognition. Included on some Dell laptop models (such as the Vostro 1720) for exampleNo
NDPAgntDPAgnt.exedigitalPersona fingerprint scannerNo
YDPASDPASNT.exeDefenderPro AntiSpy spyware remover - now incorporated Defender Pro 15-in-1 and 5-in-1No
YDPASUpdateDPASAutoUpdate.exeAutomatic updates for DefenderPro AntiSpy spyware remover - now incorporated Defender Pro 15-in-1 and 5-in-1No
YDpcnavdpcnav.exeDirecWay from DirectTV (now HughesNet) - satellite based high-speed internet accessNo
NDPConfigDPConfig.exeCompuware DevPartner Studio Configuration Utility, a tool for software developers - System Tray access to configure the utility's analysis. Not required at startup, can be launched from the Start Menu programs group when neededNo
Xdpcproxydpcproxy.exeAdded by the GOLDENP-A TROJAN!No
YDPCProxyLoadOnStartupdpcstart.exeDirecWay from DirectTV (now HughesNet) - satellite based high-speed internet accessNo
YDpcstartdpcstart.exeDirecWay from DirectTV (now HughesNet) - satellite based high-speed internet accessNo
Xdpidpi.exeDelfin Media Viewer or "Promulgate" adwareNo
Xdpnsvr32dpnsvr32.exeAdded by the AOLPASS-B TROJAN!No
Udpps2dpps2.exePop-Up Stopper Companion from Panicware. Pop-up blocker integrated into the IE toolbar. Note that the Pro version doesn't load in startup as it is installed as an Internet Explorer toolbar. Can cause problems with IE if you use WinXP and uninstall Service Pack 1. Uninstalling the software leaves it in the startup groupNo
Xdpsdps.exeSmartestSearch parasite - poses as a foistware, bogus adware/spyware remover called "scumware-remover" No
Ndptrackerdptracker.exeCamTrack webcam software that enhances the way people video chat No
UDpUtilTEDTray.exeMain executable for TOSHIBA DualPoint Utility Main Module. It is a system tray icon program that provides configuration options for dual pointing deviceNo
XdpzProtectn.vbeAdded by the RUNAUTO.H WORM!No
XDR service[path to worm]Added by the RBOT-CZT WORM!No
XDr. Guarddrguard.exeDr. Guard rogue security software - not recommended, removal instructions hereNo
NDrag'n'Drop_AutolaunchAutolaunch.exeIomega HotBurn - CD-RW burning softwareNo
NDrag-to-DiscDrgToDsc.exeSystem Tray access to Roxio Drag-to-Disc - part of the Roxio Easy CD & DVD Creator and Easy Media Creator series of CD/DVD tools. "Easily drag and drop files for burning to CD or DVD. Disc formatting and burning will happen automatically". Not required for Roxio to work properly and available via the Start menuYes
?DragDropDragDrop.exe??No
NDragnDrop_AutolaunchAutolaunch.exeIomega HotBurn - CD-RW burning softwareNo
XDRam Monitor 23tskman3.exeAdded by a variant of the RBOT WORM!No
XDRam prmaessor[random filename]Added by the RBOT.CSG WORM!No
XDRam prosesor[random filename]Added by the SPYBOT.EE WORM!No
XDRam prosessor[random filename]Added by the RBOT.CSG WORM!No
XDRam prosessorplscd.exeAdded by the RBOT.CYA WORM!No
XDRam prosessorHWAPI.exeAdded by a variant of the RBOT WORM! Note - this is not the McAfee HackerWatch process which has the same filenameNo
XDRam prosessorWindowsUpdate.exeAdded by the RBOT-BBZ WORM!No
XDRam prosessormsupdate.exeAdded by the DELF-FAW TROJAN!No
XDRam prosessorwinupl.exeAdded by the RBOT-BCQ WORM!No
XDRam rar procwinupdaterar.exeAdded by a variant of the IRCBOT TROJAN!No
XDRam rare procupdaterarwin.exeAdded by the RBOT-GQW WORM!No
XDRan posessorDAP.exeAdded by a variant of the SDBOT WORM!No
XDrAntispyDrAntispy.exeDrAntiSpy rogue security software - not recommendedNo
XDrCacheMSTDC.EXEAdded by the BDOOR-JM BACKDOOR!No
Xdreamsserver.exeAdded by a variant of the SDBOT WORM!No
XDrefIWSysDrefIWv2.exeAdded by the DREF-C WORM!No
XDrefIWSysDref.exeAdded by the DREF-D WORM!No
?dregfixph_finder.exe??No
NDrgToDscDrgToDsc.exeSystem Tray access to Roxio Drag-to-Disc - part of the Roxio Easy CD & DVD Creator and Easy Media Creator series of CD/DVD tools. "Easily drag and drop files for burning to CD or DVD. Disc formatting and burning will happen automatically". Not required for Roxio to work properly and available via the Start menuYes
?dried.exedried.exe??No
Xdrin[path to trojan]Added by the SMALL.DPB TROJAN!No
XDriveCleaner 2006 FreeUDC2006.exeDriveCleaner rogue security software - not recommended, removal instructions hereNo
XDriveCleaner FreeUDC.exeDriveCleaner rogue security software - not recommended, removal instructions hereNo
XDriveDefenderGDC.exeDriveDefender rogue privacy tool - not recommended. A member of the PCPrivacyTool familyNo
UDriveIconsDriveIcon.exeDrive Icons from Realtek - shows a specific icon for each card type for their card reader controllersNo
UDriveLEDOODLed.exeO&O DriveLED - hard disk monitoring and crash preventionNo
XDrivergbot.exeAdded by the JUNTADOR.K TROJAN!No
XDriver32Scam32.exeAdded by the SIRCAM WORM!No
XDriverChecksvchost.exeAdded by the DELF-KR TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "DriverLoad" sub-directory of the Root folder (C:\), (D:\), etcNo
XDriverConfdvrconf.exeAdded by the AGOBOT-IY WORM!No
XDriverDBsvcmdx32.exeAdded by the BERPI TROJAN!No
XDriverLoadsvchost.exeAdded by the DELF-KR TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "DriverLoad" sub-directory of the Root folder (C:\), (D:\), etcNo
UDriverMagicLogondmschedule.exePart of DriverMagic - "the easiest way to locate device drivers"No
NDriverMaxdevices.exeDriverMax from Innovative Solutions - "a new tool that allows you to download the latest driver updates for your computer. No more searching for rare drivers on discs or on the web or inserting one installation CD after the other"No
XDriverModulecsrnvrt.exeAdded by the IRCBOT.I TROJAN!No
XDriverPathsystem32.exeAdded by the PRORAT-S TROJAN!No
XDrivers for Internet Exploreraccesweb.exeAdded by the STARTPAGE.FW TROJAN!No
XDrives swapAV1i.exeAnti-Virus Number-1 rogue security software - not recommended, removal instructions hereNo
NDriveSelectdriveselect.exeDVD X Copy XPress by 321 Studios. Creates a pop-up at Windows startup that asks for the DVD drive to be selected. Available via Start -> Programs No
XDriveSystemmaxpaynowti1.exeAdded by the TIBS.AZT TROJAN!No
Udrkly16jrundll32.exe drkly16j.dll, ServiceCheckKidsWatch Time Control parental control softwareNo
XDRM Upgradedrmupgd.exeAdded by the IRCBOT.AWU BACKDOOR!No
UdRMON SmartAgentSmartAgt.exePart of the network monitoring program group for 3Com NIC cards. See here for more infoNo
Xdrmsrv32stmhosts.exeAdded by the AGENT.AGWU TROJAN!No
XdrmuW95Mm.exeHomepage hijacker installing a toolbar: http://tdko.com/. Lop.com in disguiseNo
XDrmupgdsDrmupgds.exeMaxfiles adwareNo
Xdrocherd.exeAdult content diallerNo
XDropSpam Lifestyledslifestyle.exeDropspam adwareNo
XDrProtectionDrProtection.exeDrProtection rogue security software - not recommendedNo
Xdrvddll.exedrvddll.exeAdded by the BEAGLE.AP WORM!No
XDrvddll_exedrvddll.exeAdded by the BEAGLE.X WORM!No
UDrvIconDrvIcon.exe"Vista Drive Icon changes the drive icons shown in Windows "My Computer", to a nearly Vista drive icon, showing the drive's free space with a smooth colored horizontal bar"No
?DrvListnrDrvListnr.exeAnalog Devices SoundMAX soundcard related. What does it do and is it required?No
Udrvlsnrdrvlsnr.exeCompaq/ADI SoundMAX integrated digital audio controller related. May solve a problem if your sound cuts out unexpectedlyNo
UDrvMon.exeDrvMon.exeAlcor drive monitor softwareNo
Xdrvnetwdrvnetw.exeAdded by the BROGGER-B TROJAN!No
Xdrvr32hdrvr32h.exeAdded by an unidentified VIRUS, WORM or TROJAN!No
Xdrvrmanagerdrvrquery32.exeAdded by the BOOHOO WORM!No
XDrvStartHPMedia.exeAdded by the BANCBAN-QE TROJAN!No
Xdrvsys.exedrvsys.exeAdded by the BEAGLE.W WORM!No
Xdrvsyskithidr.exeAdded by the BAGLE.HR WORM!No
Xdrvsyskithldrrr.exeAdded by the BAGLE.QU TROJAN!No
Xdrvupdrundll32 ..drvupd.infHijacker - drvupd.inf file installs a "searchforge.com" hijackNo
Xdrv_st_keyhidn.exeAdded by the BEAGLE.FF WORM!No
XDrWatsondrwatson_.exeAdded by the LOHAV-S TROJAN!No
XDrWatsondrwatson_32.exeAdded by the LOHAV-S TROJAN!No
XDrWeb AntivirusDRWEBAV.EXEAdded by an unidentified WORM or TROJAN!No
YDrwebschedulerDrwebscd.exeDrWeb antivirus related - scheduler that allows you to manage an automatic launch of applications, in particular the antivirus scanner or the update subsystemNo
XDR_SDR_S.exeIstBar adwareNo
Xdsds.exeAdded by the SPYMON TROJAN!No
UDS Clockdsclock.exeDigital desktop clock including synchronization with atomic servers - see hereNo
XdS35DLLffqca.exeAdded by the SDBOT-KV WORM!No
Xdsadsa.exeHomepage hijacker - redirecting to downseek.comNo
XDSAcass[path to file]Added by the RANKY.M TROJAN!No
Xdsadlsa14dsakfsak14.exeAdded by the ONLINEG-P TROJAN!No
XDSBDSB.exeEnergyPlugin adwareNo
Udscactivatedsca.exeDell Support Agent offers additional support and update features for your Dell computer or laptopNo
Xdsdzz.exeAdded by the RBOT-FOX WORM!No
NDSentryDSentry.exeAnti-spyware from Dell. Seems that after Dell found out certain applications being installed from DVD's would report back information about what customers were watching, they decided to implement an anti-spyware service. Run manually before installation startsNo
XdsfghjgjkeepSafe.exeAdded by the KILLAV.KAX TROJAN!No
Xdsgblcsass.exeAdded by the AGENT.TGZ BACKDOOR!No
XDsidp-******.exeAdded by an unidentified adware where ****** are random charactersNo
XDsidp-him.exeAdded by the MULTIDR-AH TROJAN!No
XDskcompatDskcompat.exeAdded by the GEMA TROJAN!No
UDSKEYDsKey.exePart of PC PhoneHome - "secretly sends an invisible email message to an email address of your choice containing the physical location of your computer every time you get an Internet connection". Security software from Brigadoon Security Group for tracking down lost/stolen computersNo
XDSKEY[path to trojan]Added by the STARTER-G TROJAN!No
NDSL Monitorspdstrm.exeComes with Efficient Networks DSL Modems. Little red/green/yellow flashing icon in system trayNo
YDSLagentexeDSLagent.exeUsed in conjunction with USB connected ADSL modems from Eicon Networks (as used by BT for its Broadband internet service for example). Required for a permanent ADSL connectionNo
Ydslmondslmon.exeSagem DSL modem related. Apparently needed to detect the modem No
UDSLSTATEXEdslstat.exeSystem tray connection status for ADSL modems from Eicon Networks (as used by BT Broadband for example)No
XDsmSerdsm.exeAdded by the SERFLOG.B WORM!No
XDsmSermsmpatch.exeAdded by the SERFLOG.B WORM!No
XDsmSersvosm.exeAdded by the SERFLOG.B WORM!No
XDsmSersysup.exeAdded by the SERFLOG.B WORM!No
YDSndUpDSndUp.exeUtility that only runs once after installing the drivers for Analog Devices SoundMax integrated soundcards. It's exact purpose is unknown at the present time but from the filename it's probably used to configure the default or generic speaker arrangement for the system it's used onYes
XDsplObjectswindspl.exeAdded by the BEAGLE.DN WORM!No
XDSSdssagent.exeRegistration reminder for Mattel Interactive (Broderbund) applications and games. Spyware as it sends encrypted emails about the system back to the originators of the program. Also a resource hog. See here for more infoNo
XDSS[path to trojan]Added by the DSSDOOR-C TROJAN!No
XDSServicedmrss.exeAdded by the AGOBOT-XX WORM!No
?DSSSGENSdssagens.exe??No
Xdstiosysplsitctl.exeAdded by the MAILBOT-BX TROJAN!No
XDSystemDriverwindrv.exeAdded by the DELF.WG TROJAN!No
UDT 11Mbps WLAN PC Card StationDTCARDMonitor.exe11Mbps PC Card based wireless LAN connection monitor - possibly from Deutsche TelekomNo
UDT 11Mbps WLAN USB StationDTUSBMonitor.exe11Mbps USB based wireless LAN connection monitor - possibly from Deutsche TelekomNo
UDT HPWDTHtml.exeHP My Display from HP. Rebranded version of Display Tune from Portrait Displays, Inc. - which "is the perfect software utility to initially set-up and adjust your display to achieve its optimum performance. All adjustments are made through a simple graphical user interface"No
UDT TaskDTHtml.exeDisplay Tune from Portrait Displays, Inc. - which "is the perfect software utility to initially set-up and adjust your display to achieve its optimum performance. All adjustments are made through a simple graphical user interface." Also licensed and renamed by manufacturers such as Gateway (EzTune), HP (HP My Display), Hyundai ImageQuest (ImageTune), LG (forteManager) and ViewSonic (PerfectSuite™ Plus)No
NDTAgentDTAgent.exeSystem Tray access to DAEMON Tools Pro from DT Soft Ltd - used to create an image of a CD/DVD/Blu-ray disc and mount the created image-file (.iso, .bin, etc) to a virtual CD/DVD/Blu-ray drive. The original can be stored in a safe place and the loading times are significantly reduced as the virtual drive is much faster. Required if you use the automount feature to reload images on a rebootYes
NDTliteDTlite.exeDaemon Tools Lite from DT Soft Ltd - used to create an image of a CD/DVD/Blu-ray disc and mount the created image-file (.iso, .bin, etc) to a virtual CD/DVD/Blu-ray drive. The original can be stored in a safe place and the loading times are significantly reduced as the virtual drive is much faster. Required if you use the automount feature to reload images on a reboot. This version is free for personal use and has a limited feature setYes
NDU MeterDUMETER.EXEHagel Technologies internet bandwidth monitorNo
UDualCoreCenterStartUpDualCoreCenter.exeUnified control center for overclocking both the graphics card and the CPU, but for the program to have its full functionality you must have an MSI mainboard with a CoreCell chipNo
?Duane Reade Insert DetectInsDetect.exePart of Duane Read Picture Suite & Digital Image Pack. Detects a digital camera is plugged into a USB port or when a memory card with photos is inserted?No
Xduckduck.exeAdded by the AGOBOT-AVG WORM!No
NDulux WeatherShield WeatherDeskweather.exeDulux WeatherShield WeatherDesk - latest weather information from across AustraliaNo
XDumeter Servicesdumeter.exeAdded by the SDBOT-AEQ WORM!No
XDumpDump.exeAdded by the ZIMUSE WORM!No
Xdumprepspoolc.exeDetected by Kaspersky as a variant of the AGENT.CXF TROJAN!No
Xdumprepdump-k.exeAdded by the BUZUS-U WORM!No
Xdumprepdump.exeAdded by the CODOX-A WORM!No
Ndumprep 0 -kdumprep 0 -kUsed in connection with memory dumps - you can disable these by - right clicking on My Computer, selecting Properties and then the Advanced tab. Click on the Settings button in 'Startup and Recovery'. In the bottom pane - under 'Write debugging information' - click on the down arrow and then select 'None' - OK your way outNo
Ndumprep 0 -udumprep 0 -uUsed in connection with memory dumps - you can disable these by - right clicking on My Computer, selecting Properties and then the Advanced tab. Click on the Settings button in 'Startup and Recovery'. In the bottom pane - under 'Write debugging information' - click on the down arrow and then select 'None' - OK your way outNo
XDUN_SERVICES3dun3.exeAdded by the SOKIRON TROJAN!No
XDuweculeyyujixit.exeAdded by the SDBOT.BRP WORM!No
XDuwee wong CerbonCirebons.exeAdded by the BHARAT.A WORM!No
XDVAScvssdfaAsSDdwd.exeAdded by the LIOTEN.IP TROJAN!No
UDVD Device Lock for Win95/98/Me/2k/XPDDLAgent.exeLoads Hide and Protect any Drives - which "can be used to restrict read or write access to removable media devices such as CD, DVD, floppy, flash and USB drives. You can also restrict access to partitions of hard disk drives". If disabled, hidden and locked drives still retain their original status so the user will only be able to change their status them via the main UIYes
XDVD Upgradedvdupgd.exeAdded by a variant of the IRCBOT BACKDOOR!No
Ndvd43DVD43_Tray.exeDVD43 is "a small tool that integrates into Windows and overrides CSS copy-protection found on DVD movies"No
UDVD43DVD43.exeDVD43 is a small tool that overrides CSS copy-protection found on DVD moviesNo
Xdvd98windvd98.exeAdded by the CULT.P WORM!No
NDVD@ccessDVDAccess.exePart of DVD Studio Pro from Apple Inc. - "The DVD@CCESS feature allows you to add additional interactivity to your DVD title when it is played on a computer"No
?DVDAgentDVDAgent.exeFound on the HP Touchsmart range of desktops and notebooks. What does it do and is it required?No
UDVDBitSetDVDBitSet.exeDVD+RW Drive/Disc Compatibility Setting. Installed with HP DVD+RW drives to enhance compatibility with existing readers. You can also set a DVD+RW default drive write mode which is always usedNo
?DVDCheckDVDCheck.exeRelated to an Intervideo program. What does it do and is it required in startup?No
XDvdcompatDvdcompat.exeAdded by the GEMA TROJAN!No
NDVDLauncherDVDLauncher.exePart of Cyberlink's Power Cinema - allows you to play DVDs upon insertion No
NDVDSentryDSentry.exeAnti-spyware from Dell. Seems that after Dell found out certain applications being installed from DVD's would report back information about what customers were watching, they decided to implement an anti-spyware service. Run manually before installation startsNo
NDVDTrayDVDTray.exeHP CD/DVD Tray icon installed with the DVD writer software. Periodically checks for new drive firmwareNo
NDVDUpgradeDVDUpgrd.exeMicrosoft program to upgrade your DVD decoder program - see Q306331. Available via Start -> ProgramsNo
NDVDXGhostDVDGhost.EXEDVD Ghost - "utility to make your software DVD players and DVD copy/backup softwares restriction-free, and copy/backup DVD to hard disk" No
UdvHighMemcfgmng32.exeRelated to PureSight PC - designed to offer maximum flexibility and choice as families manage their internet useNo
YDvp95Dvp95.exeScan engine for F-Secure and Command antivirus software based on the F-Prot AntiVirus engineNo
Ydvpapi9xDVPAPI9X.exeCommand AntiVirus for Windows 95/98/MeNo
YDvpInitExeDvpinit.exeCommand Antivirus relatedNo
YdvprptDvprpt.exeCommand Antivirus relatedNo
Xdvraudiodvraudio.exeAdded by a variant of the CRYPTER.C TROJAN!No
Xdvsfssfbsfsdrs.exeAdded by the SDBOT-QA WORM!No
UDVSyncdvsync.exeDVSync is the program that allows you to synchronize your daVinci's PDA's data with your Personal Information Manager on the PCNo
XDvVideo32dvvid32.exeAdded by the TINY.FD TROJAN! No
XDvxwsxsvc.exeDelfin Media Viewer or "Promulgate" adware variantNo
Xdwdw.exeDownloadWare adwareNo
NDW4Weather.exeDesktop Weather 4 by The Weather Channel - provides current temperature, conditions, alerts, etcNo
NDW4DesktopWeather.exeDesktop Weather 4 by The Weather Channel - provides current temperature, conditions, alerts, etcNo
NDW6DesktopWeather.exeDesktop Weather 6 by The Weather Channel - provides current temperature, conditions, alerts, etcNo
UDWHeartbeatMonitorDWHeartbeatMonitor.exeDWHeartbeatMonitor.exe is installed alongside the Weather.com instant messaging utility. This is a non-essential process. Disabling or enabling this is down to user preferenceNo
NDwlClientsupport.exeDownload manager for Dell support alertsNo
Xdwqblwppx.exe[random].exeOkcashbackmall adwareNo
Xdwqblwpvl.exe[random].exeOkcashbackmall adwareNo
Xdwqblwrsq.exe[random].exeOkcashbackmall adwareNo
UDWQueuedReportingdwtrig20.exeUsed to launch Microsoft Error Reporting (DW20.exe) - if, for example, there have been an error downloading malware definition updates for Windows Defender - which gives the user the chance to send the error report to Microsoft to improve their softwareYes
NdwStartFireWall.exeThe Shield firewall from pcsecurityshield.com. Not recommended by some (see here) and there are better free alternatives out there such as Zone Alarm. Located in %ProgramFiles%\PCSecurityShield\The Shield FirewallNo
Udwtrig20dwtrig20.exeUsed to launch Microsoft Error Reporting (DW20.exe) - if, for example, there have been an error downloading malware definition updates for Windows Defender - which gives the user the chance to send the error report to Microsoft to improve their softwareYes
XDW_Startrwwnw64d.exeZenoSearch adware variantNo
XDxsys*.exe [* = random number]Added by the DEXTER.A WORM!No
XDx8compatDx8compat.exeAdded by the GEMA TROJAN!No
Xdxdiag diagnosemsidxdia.exeAdded by a variant of the RBOT WORM!No
Xdxdiags.exedxdiags.exeAdded by the CERTIF-G TROJAN!No
XDxDialogdxdlg32.exeAdded by the VB-CXT TROJAN!No
Xdxdll32ntxdll.exeAdded by the GAOBOT.CPX WORM!No
NDXDllRegExedxdllreg.exeCreated when you select "Yes" to check the "WHQL Digital signatures" in the DirectX9 files at the first time you open itNo
XDxLoadDX3DRndr.exeAdded by the GIBE.B WORM!No
NDXM6Patch_981116p_981116.exeWin32 cabinet self extractor. More info hereNo
Xdxmsrvdxmsrv.exeAdded by an unidentified WORM or TROJAN!No
XDxstyDxsty.exeAdded by the GEMA TROJAN!No
XDxupdate.exeDxupdate.exeAdded by the MAFEG WORM!No
Xdxviddxvid.exeAdded by the DLUCA-Y TROJAN!No
XDyFuCAoptimize.exeAdult content dialler - see hereNo
XDyFuCA Active Alertactalert.exeAdult content dialler - see hereNo
XDynamic DHCPdydhcp.exeAdded by the RINBOT.B TROJAN!No
XDynamic Dns Binarydynitora.exeAdded by the RBOT-WT WORM!No
XDynamic Dns BinaryCMD16.EXEAdded by the RBOT-XM WORM!No
XDynamic Dns Binarywinxp34.exeAdded by a variant of the RBOT WORM!No
XDynamic Dns BinaryWinHelpcfn.exeAdded by a variant of the RBOT WORM!No
XDynamic Link Library loaderLoader32.exeAdded by the KOL TROJAN!No
UDynDNS UpdaterDynDNS.exeDynamic DNS IP address updater tool, used as a client for Dynamic DNS service providers such as http://www.DynDNS.orgNo
NDynDNS-Updater Traytoolddutray.exeDynDNS updater tray icon - allows easy configuration of the Dynamic DNSSM service. Can be run manuallyNo
XDynHttp Dns Binarydynizari.exeAdded by a variant of the RBOT WORM!No
UDynSiteDynSite.exeDynSite - dynamic DNS client, also called an automatic IP updaterNo
UDynu Basic Clientdynubas.exeDynu online dynamic IP update client. Useful when using a dial up modem No
?DZKillMeDZSAVEME.EXE??No
UD_V_Tdvt.exeDICOM Validation Tool - "DICOM is increasingly being used as the standard communication mechanism when integrating various medical products in a hospital environment"No
?D_V_Tdvt.exeInstallation could be a crack/hack to NOD32 - see here. Seen and removed in many logs. Investigate it further and if the file C:\d_v_t.reg is present then it should be fixed. Not to be confused with the DICOM entry hereNo
XE-Cardecard.exeAdded by the YODI WORM!No
UE-colorIconMgr.ExeSets the colour of your monitor when running games that recognise E-Color so that you get 'what the game designer intended' when you see the game. Also allows monitor callibration through a program called 3-Deep. If you play a lot of games it can be useful. Can be disabled from starting up from within the programNo
NE-Color RegistrationSonnReg.exeRegistration for Colorific® and 3Deep® monitor calibration sofware from E-Color. Now superseded by ColorWizzard™ and 3DxWizzard™No
XE-nrgyPlusE-nrgyPlus.exeEnergyplus - tracks internet activity including websites visited and queries made at popular search engines. This information along with some system information is sent to a remote siteNo
Ue-Surveiller Stationestation.exeESurveiller - surveillance software. Uninstall this software unless you put it there yourselfNo
UE06DXLRD_7604703EDICT.EXERelated to Microsoft Encarta dictionary functionsNo
NE6TaskPanelTaskPanl.exeEarthlink Task Panel - part of Earthlink TotalAccess 2003 internet access software. Quick access to internet, E-mail and web-spaceNo
NEA CoreCore.exeElectronic Arts EA Link software - "gives you a secure yet simple way to download EA PC games and patches, as well as other exclusive content"No
Ueabconfg.cplEabServr.exeEasy Access Buttons control panel on Compaq laptops. Only required if you use the extra keysNo
XEac Downloaddownload.exeWebcelerator from eAcceleration speeds your Web browsing by both remembering where you have been and anticipating where you will go. Only needed if you find it improves web browsing. Now no longer available and supported and when available was classed as spyware - see hereNo
UEACLEANeaclean.exeFor Compaq PC's. Easy Access button support for the keyboardNo
XEac_Cnrycanary.exeAdded by the CANARY TROJAN!No
?Eac_rnvdlANTIVIRUS_INSTALL.EXE??No
YEAFRCliStartEAFRCliStart.exeRelated to Encryption Anywhere hard disk encryption products from GuardianEdgeNo
UEanthologyAppEANTHO~1.EXEeAcceleration Stop-Sign security software related. Previously not recommended, see hereNo
UEanthologyAppeanthology.exeeAcceleration Stop-Sign security software related. Previously not recommended, see hereNo
Ueanthology_install.exeeanthology_install.exeeAcceleration Stop-Sign security software related. Previously not recommended, see hereNo
Ueanth_critical_update_alertsys_alert.exeeAcceleration Stop-Sign security software related. Previously not recommended, see hereNo
Ueanth_critical_update_alertEANTHO~1.EXEeAcceleration Stop-Sign security software related - previously not recommended (see here). It has now been delisted, so make sure you have the latest versionNo
Ueanth_system_patchersys_alert.exeeAcceleration Stop-Sign security software related. Previously not recommended, see hereNo
NEapcisetupsbsetup.exeRockwell RipTide soundcard application software. Sound works without itNo
NEAPCISETUPwizard.exePart of the Creative Sounblaster PIC Installation Wizard. Probably left as a result of a failed installationNo
YEarthlink Protection Control Centerelnk_pcc.exeEarthLink Protection Control Center - "powerful, integrated security program makes it easier than ever to protect yourself against viruses, spyware, and hackers-all from one convenient location"No
NEarthLink ToolBar 5.0etoolbar.exeEarthLink Toolbar is a tool to help you get to all of the resources of the internet. EarthLink 5.0 Setup adds a few basic buttons to the Toolbar, but you can delete these or add more buttons any timeNo
NEasy CD CreatorRoxAssist.exeRoxio Assistant is designed to correct engine initialization errors in Easy CD & DVD Creator 6. If the engine does not initialize, the applications in Easy CD & DVD Creator will not recognize your recorder. After running this program you should receive the message "Engine initialized successfully with full recorder support". If this doesn't happen you may have to add support for newer drives using Roxio Updater, check for product updates and even re-install the software. See this thread for more informationYes
UEasy Keyeasykey.exeFor programming of the built-in functions keys on some laptops (and maybe desktops). Required if these are usedNo
NEasy Start Buttonesb.exeProvides functionality on certain laptops that have additional keys. Not required unless you use the extra keysNo
UEasy-PrintToolBoxBJPSMAIN.EXEA utility to launch the applications that are bundled with a Canon bubblejet printerNo
XEasyAVEasyAV.exeAdded by the NETSKY.S or NETSKY.T WORMS!No
XEasyDatesEasyDates.exePremium rate adult content dialler No
XEasyDates_gbEasyDates_gb.exe"Edate-A" premium rate adult content diallerNo
XEasyDates_nlEasyDates_nl.exeAdult content diallerNo
UEasyKeyeasykey.exeFor programming of the built-in functions keys on some laptops (and maybe desktops). Required if these are usedNo
UEasyKeyboardLoggerEasyKeyboardLogger.exeEasyKeyLogger keystroke logger/monitoring program - remove unless you installed it yourself! No
UEasyLinkAdvisorLinksysAgent.exeLinksys EasyLink Advisor - "the free application that provides and easy way to setup, view, manage, and repair your network"No
XEasyMessageem2.exe180solutions adwareNo
NEasyNetworkMcENUI.exeMcAfee's EasyNetwork user interface - "enables secure file sharing, simplifies file transfers, and automates printer sharing among the computers in your home network." Part of McAfee's security products such as Total Protection and Internet SecurityYes
XEasySearchBarESBUpdate.exeEasySearchBar adware downloaderNo
XeasyServServer.exeAdded by the EASYSERV TROJAN!No
XEasySpywareCleanerEasySpywareCleaner.exeEasySpywareCleaner rogue spyware remover - not recommended, removal instructions hereNo
UEasySync ProXCPCMenu.exe"IBM® Lotus® EasySync® Pro is a personal productivity solution that provides data synchronization between your IBM Lotus Notes® desktop and handheld devices running PalmOS and Windows CE/Pocket PC operating systems"No
UEasySync Pro - 3CmPlmAutoDet.exe3Com Palm PC specific translator for IBM® Lotus® EasySync® Pro - "a personal productivity solution that provides data synchronization between your IBM Lotus Notes® desktop and handheld devices running PalmOS and Windows CE/Pocket PC operating systems"No
UEasySync Pro - LtNts4NtsAgent.exeLotus Notes 4 specific translator for IBM® Lotus® EasySync® Pro - "a personal productivity solution that provides data synchronization between your IBM Lotus Notes® desktop and handheld devices running PalmOS and Windows CE/Pocket PC operating systems"No
UEasySync Pro - PocketPCAUTODE~1.EXEWindows Mobile Pocket PC specific translator for IBM® Lotus® EasySync® Pro - "a personal productivity solution that provides data synchronization between your IBM Lotus Notes® desktop and handheld devices running PalmOS and Windows CE/Pocket PC operating systems"No
UEasySync Pro - PocketPCAutoDetect.exeWindows Mobile Pocket PC specific translator for IBM® Lotus® EasySync® Pro - "a personal productivity solution that provides data synchronization between your IBM Lotus Notes® desktop and handheld devices running PalmOS and Windows CE/Pocket PC operating systems"No
UEasyTuneIIIEasyTune.exeTuning (overclocking) utility for Gigabyte motherboards. Shortcut availableNo
UEasyTuneIVET4Tray.exeTuning (overclocking) utility for Gigabyte motherboards. Shortcut availableNo
UEasyTuneVGUI.exeTuning (overclocking) utility for Gigabyte motherboards. Shortcut availableNo
Xeasywwweasywww2.exeAdded by an unidentified VIRUS, WORM or TROJAN!No
UeAudioeAudio.exePart of Acer Empowering Technology. Acer eAudio Management provides centralized control over notebook audio and specialized audio modes for movies, music and gamesNo
XEbatesMoeMoneyMakerwjview ...CodeEbates adwareNo
XEbatesMoeMoneyMaker0EbatesMoeMoneyMaker0.exeEbates adwareNo
XeBay ToolbarEBAYTBAR.EXEeBay Toolbar - reportes as spyware as it "phones home"No
UeBayToolbareBayTBDaemon.exeeBay toolabar related - also contains eBay account Guard which monitors for fraudulent eBay sitesNo
Xebmmmebatesmmmv.exeEbates adwareNo
UeBoardEboard.exeeMachines multimedia keyboard manager. Required if you use the extra keysNo
NeBotDownloadWizard.exeeBot from Digital River - "helps ensure your computer always has the latest technology, fixes, add-ons, upgrades and 'cool stuff'." Can optionally be installed with software such as Net Nanny internet filtering software. Available via Start -> ProgramsNo
UEC21EZQ.EXERelated to EC21 "the world's largest B2B marketplace to facilitate online trades between exporters and importers from all around the world"No
UECentergtb.exeDell E-Center/Google Toolbar relatedNo
NECenterEULALauncher.exeEnd User License Agreement (EULA) launcher - related to Dell E-Center/Google ToolbarNo
Xeckoclaro.exeAdded by the DLOADR-AQJ TROJAN!No
?ecpeECPE.EXE??No
UeDataSecurity LoadereDSloader.exePart of Acer Empowering Technology. "Acer eDataSecurity Management is a handy file encryption utility that protects files from being accessed by unauthorized persons, using passwords and advanced encryption algorithms"No
Nedexteredexter.exeeDexter supplements internet filtering by substituting local images for filtered images in order to prevent browser stalls and other annoyances. Can be activated manually when starting the browserNo
?EDFcsndiscfcsn.exeRelated to Hewlett-Packard's Discovery Agent. What does it do and is it required?No
Xeditpadeditpad.exeAdded by the CONSPER-B TROJAN!No
NEDLoaderDTLoader.exeEffective Desktop from MiniStars Software - desktop management software no longer being supportedNo
UeDonkey2000edonkey2000.exeFile sharing network - not recommended as the free version of this application should be avoided as it installs, without permission, New.Net, Webhancer, WebSearch Toolbar and WinToolsNo
UEDRestore??Set Point from Easy Desk Software - "small utility that automatically sets System Restore points for WinME/XP"No
Xeducational writer[random filename]Added by the RBOT-LZ WORM!No
UEdwizardEdwizard.exeSafeGuard Easy - "provides total company-wide protection for sensitive information on laptops and workstations. Boot protection, pre-boot user authentication and hard disk encryption using powerful algorithms guarantee against unauthorized access and hacker attacks"No
XEDxMC110Isass.exeAdded by the VB-NIA WORM!No
XEdzy AntiVirusdppsfa.exeAdded by a variant of the RBOT WORM!No
XEechhoor.exePurityScan adwareNo
UEee DockingEee Docking.exeIntuitive shortcuts for easy access to digital content, services, and useful software on the Asus Eee PC rangeNo
NEEventManagerEEventManager.exePart of the Epson Creativity Suite supplied with their multi-function printer/scanners, Event Manager launches File Manager or PageManager for EPSON automatically when you press the B&W Start or Color Start button on the control panel in Scan modeNo
XEfata[random 5 characters].exeAdded by the FLUKAN-D WORM!No
UeFax 4.1J2GDllCmd.exeDLL Command Utility for version 4.1 of eFax Messenger from j2 Global Communications, Inc. - which "is powerful Internet fax software that makes it easy to create, annotate, sign, zoom and print faxes from any computer"No
UeFax 4.1J2GTray.exeSystem Tray access to version 4.1 of eFax Messenger from j2 Global Communications, Inc. - which "is powerful Internet fax software that makes it easy to create, annotate, sign, zoom and print faxes from any computer"No
UeFax 4.2J2GDllCmd.exeDLL Command Utility for version 4.2 of eFax Messenger from j2 Global Communications, Inc. - which "is powerful Internet fax software that makes it easy to create, annotate, sign, zoom and print faxes from any computer"No
UeFax 4.2J2GTray.exeSystem Tray access to version 4.2 of eFax Messenger from j2 Global Communications, Inc. - which "is powerful Internet fax software that makes it easy to create, annotate, sign, zoom and print faxes from any computer"No
UeFax 4.3J2GDllCmd.exeDLL Command Utility for version 4.3 of eFax Messenger from j2 Global Communications, Inc. - which "is powerful Internet fax software that makes it easy to create, annotate, sign, zoom and print faxes from any computer"No
UeFax 4.3J2GTray.exeSystem Tray access to version 4.3 of eFax Messenger from j2 Global Communications, Inc. - which "is powerful Internet fax software that makes it easy to create, annotate, sign, zoom and print faxes from any computer"No
UeFax 4.4J2GDllCmd.exeDLL Command Utility for version 4.4 of eFax Messenger from j2 Global Communications, Inc. - which "is powerful Internet fax software that makes it easy to create, annotate, sign, zoom and print faxes from any computer"No
UeFax 4.4J2GTray.exeSystem Tray access to version 4.4 of eFax Messenger from j2 Global Communications, Inc. - which "is powerful Internet fax software that makes it easy to create, annotate, sign, zoom and print faxes from any computer"No
UeFax DllCmdJ2GDllCmd.exeDLL Command Utility for eFax Messenger from j2 Global Communications, Inc. - which "is powerful Internet fax software that makes it easy to create, annotate, sign, zoom and print faxes from any computer"No
UeFax DllCmd 3.5J2GDllCmd.exeDLL Command Utility for version 3.5 of eFax Messenger from j2 Global Communications, Inc. - which "is powerful Internet fax software that makes it easy to create, annotate, sign, zoom and print faxes from any computer"No
UeFax DllCmd 4.0J2GDllCmd.exeDLL Command Utility for version 4.0 of eFax Messenger from j2 Global Communications, Inc. - which "is powerful Internet fax software that makes it easy to create, annotate, sign, zoom and print faxes from any computer"No
UeFax Live Menu 3.3J2GDllCmd.exeDLL Command Utility for version 3.3 of eFax Messenger from j2 Global Communications, Inc. - which "is powerful Internet fax software that makes it easy to create, annotate, sign, zoom and print faxes from any computer"No
NeFax Tray MenuHotTray.exeeFax Messenger Tray Menu system tray icon for eFax Messenger Plus. Available via Start -> Programs. Disabling instructions available hereNo
UeFax Tray MenuJ2GTray.exeSystem Tray access to eFax Messenger from j2 Global Communications, Inc. - which "is powerful Internet fax software that makes it easy to create, annotate, sign, zoom and print faxes from any computer"No
UeFax Tray Menu 3.3J2GTray.exeSystem Tray access to version 3.3 of eFax Messenger from j2 Global Communications, Inc. - which "is powerful Internet fax software that makes it easy to create, annotate, sign, zoom and print faxes from any computer"No
UeFax Tray Menu 3.5J2GTray.exeSystem Tray access to version 3.5 of eFax Messenger from j2 Global Communications, Inc. - which "is powerful Internet fax software that makes it easy to create, annotate, sign, zoom and print faxes from any computer"No
UeFax Tray Menu 4.0J2GTray.exeSystem Tray access to version 4.0 of eFax Messenger from j2 Global Communications, Inc. - which "is powerful Internet fax software that makes it easy to create, annotate, sign, zoom and print faxes from any computer"No
NeFax.com Tray MenuHotTray.exeeFax Messenger Tray Menu system tray icon for eFax Messenger Plus. Available via Start -> Programs. Disabling instructions available hereNo
Xefaxs lptt01efaxs.exeRapidBlaster variant (in a "efaxs" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see hereNo
Xefaxs ml097eefaxs.exeRapidBlaster variant (in a "efaxs" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see hereNo
UEFI Hot Foldershffw.exe"EFI Hot Folders improves productivity by simplifying the printing of PostScript and PDF files into a select, drag, and drop process. Once users create Hot Folders with different printing and finishing parameters, files are printed without opening an application or print driver menu." Part of EFI's high-end printing solutionsNo
UEFI Job Monitor[path] efjm.dll,runRicoh Imagio Printer/Scanner driver status monitorNo
UEfpap.exeEfpap.exeEasy File & Folder Protector. Deny access to certain files and folders, or to hide them securely from viewing and searchingNo
Xegikugunapolecy.exeAdded by the SDBOT.AOE WORM!No
NEgisTec In-Product ServiceEgisUpdate.exeSoftware updater for Biometrics Solutions and Data Security products from EgisTec IncYes
NEgisTec In-Product ServicePmmUpdate.exeSoftware updater for Biometrics Solutions and Data Security products from EgisTec IncYes
NEgisTecLiveUpdateEgisUpdate.exeSoftware updater for biometric and data encryption products from EgisTec IncNo
NEgisTecPMMUpdatePmmUpdate.exeSoftware updater for Biometrics Solutions and Data Security products from EgisTec IncYes
NEgisUpdateEgisUpdate.exeSoftware updater for Biometrics Solutions and Data Security products from EgisTec IncYes
Yeguiegui.exeUser interface for ESET NOD32 Antivirus and Smart SecurityNo
XehSchedehSched.exeAdded by the SDBOT-DHF WORM!No
UehTrayehtray.exeMedia Center Tray Applet - part of Windows Media Center on XP MCE, Vista and Windows 7 (where it doesn't run as a startup). Allows Windows Media Center to be started by pressing the green button on a remote control and also displays System Tray notifications, such as recording status (successful or non-successful), EPG download notification, etcYes
UehTray.exeehTray.exeMedia Center Tray Applet - part of Windows Media Center on XP MCE, Vista and Windows 7 (where it doesn't run as a startup). Allows Windows Media Center to be started by pressing the green button on a remote control and also displays System Tray notifications, such as recording status (successful or non-successful), EPG download notification, etcYes
Xei10.exeei10.exeAdded by the AGOBOT-NK WORM!No
UEicon NetworksLAN_DAEMONwatch.exeAssociated with an Eicon Networks ISDN or ADSL modem. Watch protocols your connection with numbers and duration. You need callvu.exe (from Start Menu) to see your connection statistics. You can manually start watch.exe before you go online. Needs diinfo.exe (started by DiTask) to work correctly which can be started manuallyNo
UEicon TechnologyLAN_DAEMONwatch.exeAssociated with an Eicon Networks ISDN or ADSL modem. Watch protocols your connection with numbers and duration. You need callvu.exe (from Start Menu) to see your connection statistics. You can manually start watch.exe before you go online. Needs diinfo.exe (started by DiTask) to work correctly which can be started manuallyNo
Xeixfichina.batAdded by the WCUP.A WORM!No
XeKerberoseKerberos.exeeKerberos rogue security software - not recommendedNo
UELBERTRicoh_S2PScan2pc.exeScan to PC application for the scanning function of the Ricoh MFP Type 104 multifunction printerNo
UELBERT_S2PScan2pc.exeScan to PC application for the scanning function of the Samsung SCX-5x30 Series multifunction printersNo
UElbycheckElbyCheck.exeFrom Elaborate Bytes who make CloneCD - monitors the installed filters of CD-ROMs/DVD-ROMs. Note - under Win2K removing this from startup causes the CD drive in the computer to not be recognized in the OS and after rechecking it prompts that the driver has been corrupted and asks you to restart the computer to fix itNo
UElectron MicroscopeEMIII.exeElectron Microscope or EM - is a program used to track Stanford's distributed computing program client called Folding at Home, FAH. It will monitor up to 50 clients and give you the details about each client's progress as the FAH client runs. EM will also show you what each change in the protein looks like as the process continues No
XElementElement.txtAdded by the ELEM TROJAN!No
Xelement furth[path] repcale.exe [path] palsp.exeAdded by a variant of the RANDON.AN WORM! Both files are often located in %System%\vertNo
UeLerteLert.exeeLert Emergency Notification System by Kennected Software - "is an internet based public notification system designed to get emergency and non-emergency information out to the public quickly, efficiently and securely"No
Xelitemediaelitemediapop.exeAdded by the LOWZONE-BB TROJAN! Also known as Elitebar/EliteToolbar/EliteSidebar adware No
XEliteProtectorEliteProtector.exeEliteProtector rogue spyware remover - not recommended, removal instructions hereNo
?ElkCtrlElkCtrl.exeEntry added when you install versions of the Logitech QuickCam webcam software. It's exact purpose is unknown at the present timeYes
NelmElmenv.exeViaTech eLicense for securing, distributing and selling music onlineNo
XELNKProxysmproxy.exeSurfmonkey adwareNo
UELSA WINman SuiteWinmsuit.exeAllows you to totally customize your ELSA graphics card settings, including overclocking the GPUNo
YElsaCapiCtlRcapi.exeAssumed to stand for Remote Common Application Programming Interface (RCAPI), this was installed with an Elsa Microlink ISDN modem. If it is not there you can not bring up the dialog box which is sometimes needed to reset the modemNo
UELSAChipGuardelsavect.exeChipGuard for ELSA graphics cards - monitoring solution which monitors both the GPU temperature and fan speed, and will halt the system if either are at dangerous levels and restore the default clock speeds upon reboot. Leave enabled if overclockingNo
UELSBLaunchELSBLaunch.exeEarthLink SpamBlockerNo
NEMA.exeEMA.EXETime management system which helps you to manage your time and appointmentsNo
UeMachines eBoardEboard.exeeMachines multimedia keyboard manager. Required if you use the extra keysNo
YEmail Protectionemlproxy.exeAntiVirus Quick Heal - E-mail protectionNo
YEmailScanmcvsescn.exeRelated to McAfee AntiVirus suite - used to automatically scan incoming e-mails No
XeMakeSVEMAKESV.EXE"Switch" adult content dialerNo
XeMakeSVEMAKE2B.EXE"Switch" adult content dialerNo
UEMBASSY Trust Suite Secure UpdateAutoUpdate.exeUpdates for Wave Systems Corp. Embassy Trust Suite - "delivers advanced levels of security to the client PC using the TPM security chip found on most enterprise PCs today"No
XeMCryT Sh3ars Panagers[path to worm]Added by the RBOT-AWI WORM!No
XeMessengeremsn.exeAdded by the RBOT.AHO BACKDOOR!No
UEMMeterEMMeter.exe"Express Meter lets you track and manage software usage so you can avoid purchasing and supporting applications that aren't being used, and prevent the use of unauthorized programs"No
Xemoc0reemo.exeAdded by the AGOBOT-AGE WORM!No
UEmouseEmouse.exeGenius mouse driver - required if you use non-standard Windows driver featuresNo
Uemozeemoze.exeemoze pcConnector - "Push your personal & business emails, contacts & calendar directly to your mobile device!"No
Xempine121307.exeDelfin Media Viewer adware relatedNo
Xempine121307.Stub.exeDelfin Media Viewer adware relatedNo
?Empowering Technology LaunchereAPLauncher.exePart of Acer Empowering Technology. What does it do and is it required?No
?EmpoweringTechnologyFramework.Launcher.exePart of Acer Empowering Technology. What does it do and is it required?No
Xemre1emre1.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
YEmsisoft Anti-Malwarea2guard.exeSystem Tray access to and Anti-Malware Guard feature of Emsisoft Anti-Malware from Emsi Software GmbH - which provides "comprehensive PC protection against viruses, trojans, spyware, adware, worms, bots, keyloggers and rootkits". Previously known as "a-squared Antitrojan" and "a-squared Anti-Malware" Yes
Xemsw.exeemsw.exeAttune HelpExpress - spyware. Disable and uninstall - see hereNo
Xemuleemule.exeAdded by the RBOT-ALZ WORM! Note - do not confuse with the legitimate eMule peer-to-peer (P2P) file-sharing program which is normally located in %ProgramFiles%\eMule. This one is located in %System%No
NeMuleemule.exeeMule - "one of the biggest and most reliable peer-to-peer file sharing clients around the world. Thanks to it's open source policy many developers are able to contribute to the project, making the network more efficient with each release". As eMule is a is a peer-to-peer (P2P) file-sharing client used to distribute large amounts of data between multiple users make sure you have good, up-to-date virus protection and check any downloadsYes
NeMuleAutoStartemule.exeeMule - "one of the biggest and most reliable peer-to-peer file sharing clients around the world. Thanks to it's open source policy many developers are able to contribute to the project, making the network more efficient with each release". As eMule is a is a peer-to-peer (P2P) file-sharing client used to distribute large amounts of data between multiple users make sure you have good, up-to-date virus protection and check any downloadsYes
NeMusicClient SystrayeMusicClient.exeeMusic MP3 download softwareNo
UEM_EXECEM_EXEC.EXELogitech Mouseware driver. Needed to support some additional functionality of Logitech mice/trackballs such as "SmartMove". If you disable it and find you don't need it leave it disabledYes
NEN4060C Taskbaren4060ct.exeComes with Efficient Networks DSL Modems. Little red/green/yellow flashing icon in system trayNo
XenBrowser[name of file]WINBO adwareNo
?encapsulated command toolwintr.com??No
NEncarta Dictionary QuickshelfQSHLFED.EXEProvides quick access to Encarta's Dictionary features?No
NENCMONITORmonitor.exeThe Encompass Monitor. This program is the Connect Direct Program. It is more trouble than it is worth and few use itNo
NEncoder AgentWMENCAGT.EXEMS Windows Media Encoder, which already has a shortcut in the Start Menu if installedNo
UEncompass_ENCMONTRENCMONTR.EXEOptional simple browser from Yahoo (Encompass)No
?ENCSurfsurfboard.exe??No
NEnergizer FileSaverEnergizer FileSaver.exeEnergizer FileSaver - UPS back-up utility for Energizer UPS products. From their Tech Support staff this is known to have a memory leak since it's release - with no fix planned! It will grab 2-5 handles per second and crash the average system in less than 3 days - therefore not recommendedNo
XEnergyPlugInEnergyPlugin.exeEnergyPlugin adware variantNo
Uenginecs2enginecs2.exeCyber Sentinel - internet filtering softwareNo
YEngUtilEngUtil.exePart of the Roxio Easy CD & DVD Creator and Easy Media Creator series of CD/DVD tools - corrects any modification made to the Roxio Engine, it exits after checkingYes
XEnh Win Updtenhupdt.exeAdware - detected by Kaspersky as the ONECLICKNETSEARCH.H TROJAN!No
Xenhance32enhance32.exeAdded by the CRYPTER.A TROJAN!No
NEnigmaPopupStopEnigmaPopupStop.exePart of Enigma SpyHunter - not recommended, see hereNo
?ENSApServer2_0APSERVER.EXEIntel AnyPoint Wireless II Home Network related. Now discontinued. What does it do and is it required?No
?ENSMIX32.EXEENSMIX32.EXESound card driver. Is it required?No
UEnsoniqMixerstarter.exePuts the Ensoniq mixer in system tray. From Ensoniq Technologies "Our mixer is a critical part of the soundcard as it fixes sound problems and replaces the MS mixer which can no longer be used". If you find you don't need it - try one of the solutions on this special page. Similar to Creative PCI Audio Configuration UtilityNo
UEntbloess 2Entbloess2.exeRelated to Window-Switcher (now Reflex Vision) - it allows you to see previews of all your open applications via a single keystroke in a manner similar to Apple's Exposé, for Windows 2K/XPNo
UEnterprise HarmonyrsMenu.exeEnterprise Harmony 99 for CASIO - synchronization software for use with Microsoft® Outlook 97/98/2000No
UEnterprise Harmony '99rsMenu.exeEnterprise Harmony 99 for CASIO - synchronization software for use with Microsoft® Outlook 97/98/2000No
XEnterprise SuiteWE[random characters].exeEnterprise Suite rogue security software - not recommended, removal instructions hereNo
UEnterra Icon KeeperIcnKeepr.exeIcon Keeper - "tool to save and restore icon positions on the desktop" No
XEntraOciorundll32.exe MSA64CHK.dll,DllMostrarMatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
XEnumerate Servicewsys.exeAdded by the MANIFEST TROJAN!No
YEnvyHFCPLEnMixCPL.exeVIA Envy24 PCI Audio Controller driverNo
UeonemngeOneMng.exeeOne Manager, provides access to the buttons on the keyboard and on the front of the console for the eMachines eOne PCNo
UEOUAppEOUWiz.exeIntel ProSET Wireless related - provides additional configuration options for these devicesNo
UEOUWizEOUWiz.exeIntel ProSET Wireless related - provides additional configuration options for these devicesNo
UEPGServiceToolEPGClient.exeElectronic Programme Guide (EPG) for the WinTV range of TV Tuners from HauppaugeNo
UEPGServiceToolEPGCLI~1.EXEElectronic Programme Guide (EPG) for the WinTV range of TV Tuners from HauppaugeNo
UEPM-DMepm-dm.exeDevice Manager - part of Acer Empowering Technology. "Acer ePower Management is a straightforward interface that allows users to select from pre-configured power usage profiles, or to create their own customized profiles"No
UePowerManagementePM.exePart of Acer Empowering Technology. "Acer ePower Management is a straightforward interface that allows users to select from pre-configured power usage profiles, or to create their own customized profiles"No
UePower_DMCePower_DMC.exePart of Acer Empowering Technology. "Acer ePower Management is a straightforward interface that allows users to select from pre-configured power usage profiles, or to create their own customized profiles"No
UEPoXUSDMUSDM.EXEEPoX Universal Serial Data Monitor - a diagnostics tool that shows Temps, Fan Speeds, Voltages...etcNo
NePrint 3.0 ServiceEPRINT3.EXELEADTOOLS ePrint file conversion software - "convert any file to and from over 150 document and image formats including searchable PDF, DOC, HTML, TXT, Multi-page TIFF, JPG, GIF, PNG and many more!" Can be started manually No
NePrint 4.0 ServiceEPRINT4.EXEA component of the "LEADTOOLS ePrint File Conversion Software - Convert ANY file to and from over 150 document and image formats including searchable PDF, DOC, HTML, TXT , Multi-page TIFF, JPG, GIF, PNG and many more!" Can be started manuallyNo
UePrompterePrompter.exeePrompter - E-mail notification softwareNo
NEPSe_srcv02.exeAccording to the Epson info: "Use this utility to automatically check for errors and also check the level of ink remaining." This utility can also be started on demand when about to print as follows: File menu > Print to bring up the print dialog box. Click on the Properties button which will bring up a display with 4 tabs. Click the Utility tab to get a list of utilities that can be executed including the Status Monitor 3 Environment CheckNo
NEPSe_srcv03.exeAccording to the Epson info: "Use this utility to automatically check for errors and also check the level of ink remaining." This utility can also be started on demand when about to print as follows: File menu > Print to bring up the print dialog box. Click on the Properties button which will bring up a display with 4 tabs. Click the Utility tab to get a list of utilities that can be executed including the Status Monitor 3 Environment CheckNo
XEpsilon Squaredvmmreg32.exeAdded by the AGENT.MVC TROJAN!No
NEPSON Background MonitorSTMS.EXESupposed to keep an Epson printer ready for quick printing. Users report little difference whether it is on or notNo
UEPSON CardMonitorEPSON CardMonitor1.0.exeMonitors the PCMCIA memory card slot on EPSON cameras and printers and launches PhotoStarter or PhotoPrintNo
UEPSON PictureMate DeluxeE_FATI9TA.EXEEpson Status Monitor 3 for the PictureMate Deluxe compact photo printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Status Monitor 3E_[various].EXEEpson Status Monitor 3 for their range of printer and AIO devices - for monitoring printer status, checking ink levels, etcNo
NEPSON Status Monitor 3 Environment Checke_srcv03.exeAccording to the Epson info: "Use this utility to automatically check for errors and also check the level of ink remaining." This utility can also be started on demand when about to print as follows: File menu > Print to bring up the print dialog box. Click on the Properties button which will bring up a display with 4 tabs. Click the Utility tab to get a list of utilities that can be executed including the Status Monitor 3 Environment CheckNo
NEPSON Status Monitor 3 Environment Checke_srcv02.exeAccording to the Epson info: "Use this utility to automatically check for errors and also check the level of ink remaining." This utility can also be started on demand when about to print as follows: File menu > Print to bring up the print dialog box. Click on the Properties button which will bring up a display with 4 tabs. Click the Utility tab to get a list of utilities that can be executed including the Status Monitor 3 Environment CheckNo
NEPSON Status Monitor 3 Environment Check 2e_srcv03.exeAccording to the Epson info: "Use this utility to automatically check for errors and also check the level of ink remaining." This utility can also be started on demand when about to print as follows: File menu > Print to bring up the print dialog box. Click on the Properties button which will bring up a display with 4 tabs. Click the Utility tab to get a list of utilities that can be executed including the Status Monitor 3 Environment CheckNo
NEPSON Status Monitor 3 Environment Check 2e_srcv02.exeAccording to the Epson info: "Use this utility to automatically check for errors and also check the level of ink remaining." This utility can also be started on demand when about to print as follows: File menu > Print to bring up the print dialog box. Click on the Properties button which will bring up a display with 4 tabs. Click the Utility tab to get a list of utilities that can be executed including the Status Monitor 3 Environment CheckNo
UEPSON Stylus C120 SeriesE_FATICCA.EXEEpson Status Monitor 3 for the Stylus C120 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus C40 SeriesE_S10IC2.EXEEpson Status Monitor 3 for the Stylus C40 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus C41 SeriesE_S10IC2.EXEEpson Status Monitor 3 for the Stylus C41 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus C42 SeriesE_S10IC2.EXEEpson Status Monitor 3 for the Stylus C42 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus C43 SeriesE_S08IC1.EXEEpson Status Monitor 3 for the Stylus C43 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus C43 SeriesE_S10IC2.EXEEpson Status Monitor 3 for the Stylus C43 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus C44 SeriesE_S10IC2.EXEEpson Status Monitor 3 for the Stylus C44 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus C45 SeriesE_S4I3T1.EXEEpson Status Monitor 3 for the Stylus C45 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus C46 SeriesE_S4I0T1.EXEEpson Status Monitor 3 for the Stylus C46 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus C48 SeriesE_S4I091.EXEEpson Status Monitor 3 for the Stylus C48 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus C60 SeriesE_S10IC2.EXEEpson Status Monitor 3 for the Stylus C60 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus C61 SeriesE_S10IC2.EXEEpson Status Monitor 3 for the Stylus C61 Series printer - for monitoring printer status, checking ink levels, etcNo
UEpson Stylus C62 SeriesE-S0BIC1.EXEEpson Status Monitor 3 for the Stylus C62 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus C62 SeriesE_S10IC2.EXEEpson Status Monitor 3 for the Stylus C62 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus C63 SeriesE_S10IC2.EXEEpson Status Monitor 3 for the Stylus C63 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus C64 SeriesE_S10IC2.EXEEpson Status Monitor 3 for the Stylus C64 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus C64 SeriesE_S4I2C1.EXEEpson Status Monitor 3 for the Stylus C64 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus C66 SeriesE_S4I0S2.EXEEpson Status Monitor 3 for the Stylus C66 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus C67 SeriesE_FATIAAL.EXEEpson Status Monitor 3 for the Stylus C67 Series printer - for monitoring printer status, checking ink levels, etcNo
UEpson Stylus C82 SeriesE_S0HIC1.EXEEpson Status Monitor 3 for the Stylus C82 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus C82 SeriesE_S10IC2.EXEEpson Status Monitor 3 for the Stylus C82 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus C84 SeriesE_S10IC2.EXEEpson Status Monitor 3 for the Stylus C84 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus C84 SeriesE_S4I2D1.EXEEpson Status Monitor 3 for the Stylus C84 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus C87 SeriesE_FATIABL.EXEEpson Status Monitor 3 for the Stylus C87 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus CX2900 SeriesE_FATIBFP.EXEEpson Status Monitor 3 for the Stylus CX2900 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus CX3100E_S10IC2.EXEEpson Status Monitor 3 for the Stylus CX3100 printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus CX3200E_S10IC2.EXEEpson Status Monitor 3 for the Stylus CX3200 printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus CX3500 SeriesE_FATI9 BL.EXEEpson Status Monitor 3 for the Stylus CX3500 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus CX3600 SeriesE_FATI9BE.EXEEpson Status Monitor 3 for the Stylus CX3600 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus CX3700 SeriesE_FATIACP.EXEEpson Status Monitor 3 for the Stylus CX3700 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus CX3800 SeriesE_FATIACA.EXEEpson Status Monitor 3 for the Stylus CX3800 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus CX3900 SeriesE_FATIBEP.EXEEpson Status Monitor 3 for the Stylus CX3900 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus CX4200 SeriesE_FATIAEA.EXEEpson Status Monitor 3 for the Stylus CX4200 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus CX4500 SeriesE_FATI9AP.EXEEpson Status Monitor 3 for the Stylus CX4500 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus CX4600 SeriesE_FATI9AA.EXEEpson Status Monitor 3 for the Stylus CX4600 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus CX4700 SeriesE_FATIADL.EXEEpson Status Monitor 3 for the Stylus CX4700 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus CX4800 SeriesE_FATIADA.EXEEpson Status Monitor 3 for the Stylus CX4800 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus CX5000 SeriesE_FATIBVA.EXEEpson Status Monitor 3 for the Stylus CX5000 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus CX5400E_S4I2G1.EXEEpson Status Monitor 3 for the Stylus CX5400 printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus CX5500 SeriesE_FATICAP.EXEEpson Status Monitor 3 for the Stylus CX5500 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus CX6000 SeriesE_FATIBIA.EXEEpson Status Monitor 3 for the Stylus CX6000 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus CX6500 SeriesE_FATI9EP.EXEEpson Status Monitor 3 for the Stylus CX6500 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus CX6600 SeriesE_FATI9EE.EXEEpson Status Monitor 3 for the Stylus CX6600 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus CX6600 SeriesE_FATI9EA.EXEEpson Status Monitor 3 for the Stylus CX6600 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus CX7000F SeriesE_FATIBKA.EXEEpson Status Monitor 3 for the Stylus CX7000F Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus CX7400 SeriesE_FATICDA.EXEEpson Status Monitor 3 for the Stylus CX7400 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus CX7800 SeriesE_FATIAFA.EXEEpson Status Monitor 3 for the Stylus CX7800 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus CX8300 SeriesE_FATICEP.EXEEpson Status Monitor 3 for the Stylus CX8300 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus CX8400 SeriesE_FATICEA.EXEEpson Status Monitor 3 for the Stylus CX8400 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus CX9300F SeriesE_FATICFP.EXEEpson Status Monitor 3 for the Stylus CX9300F Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus CX9400Fax SeriesE_FATICFA.EXEEpson Status Monitor 3 for the Stylus CX9400Fax Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus D68 SeriesE_FATIAAE.EXEEpson Status Monitor 3 for the Stylus D68 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus D78 SeriesE_FATIBGE.EXEEpson Status Monitor 3 for the Stylus D78 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus D88 SeriesE_FATIABE.EXEEpson Status Monitor 3 for the Stylus D88 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus DX3800 SeriesE_FATIACE.EXEEpson Status Monitor 3 for the Stylus DX3800 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus DX4000 SeriesE_FATIBEE.EXEEpson Status Monitor 3 for the Stylus DX4000 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus DX4400 SeriesE_FATICAE.EXEEpson Status Monitor 3 for the Stylus DX4400 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus DX4800 SeriesE_FATIADE.EXEEpson Status Monitor 3 for the Stylus DX4800 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus DX5000 SeriesE_FATIBVE.EXEEpson Status Monitor 3 for the Stylus DX5000 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus DX6000 SeriesE_FATIBIE.EXEEpson Status Monitor 3 for the Stylus DX6000 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus DX7000F SeriesE_FATIBKE.EXEEpson Status Monitor 3 for the Stylus DX7000F Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus DX7400 SeriesE_FATICDE.EXEEpson Status Monitor 3 for the Stylus DX7400 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus DX8400 SeriesE_FATICEE.EXEEpson Status Monitor 3 for the Stylus DX8400 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus Photo 1400 SeriesE_FATIBUA.EXEEpson Status Monitor 3 for the Stylus Photo 1400 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus Photo 2200E_S10IC2.EXEEpson Status Monitor 3 for the Stylus Photo 2200 printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus Photo 825E_S10IC2.EXEEpson Status Monitor 3 for the Stylus Photo 825 printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus Photo 925E_S10IC2.EXEEpson Status Monitor 3 for the Stylus Photo 925 printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus Photo R1800E_FATI9LA.EXEEpson Status Monitor 3 for the Stylus Photo R1800 printer - for monitoring printer status, checking ink levels, etc, etcNo
UEPSON Stylus Photo R200 SeriesE_S4I0H2.EXEEpson Status Monitor 3 for the Stylus Photo R200 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus Photo R220 SeriesE_S6I2I1.EXEEpson Status Monitor 3 for the Stylus Photo R220 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus Photo R220 SeriesE_FATIAIE.EXEEpson Status Monitor 3 for the Stylus Photo R220 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus Photo R240 SeriesE_FATIAHE.EXEEpson Status Monitor 3 for the Stylus Photo R240 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus Photo R2400E_FATI9SA.EXEEpson Status Monitor 3 for the Stylus Photo R2400 printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus Photo R2400E_FATI9SE.EXEEpson Status Monitor 3 for the Stylus Photo R2400 printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus Photo R260 SeriesE_FATIBNA.EXEEpson Status Monitor 3 for the Stylus Photo R260 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus Photo R280 SeriesE_FATICKA.EXEEpson Status Monitor 3 for the Stylus Photo R280 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus Photo R285 SeriesE_FATICKE.EXEEpson Status Monitor 3 for the Stylus Photo R285 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus Photo R300 SeriesE_S4I2F1.EXEEpson Status Monitor 3 for the Stylus Photo R300 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus Photo R300 SeriesE_S10IC2.EXEEpson Status Monitor 3 for the Stylus Photo R300 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus Photo R300 SeriesE_S4I0F2.EXEEpson Status Monitor 3 for the Stylus Photo R300 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus Photo R320 SeriesE_FATI9FA.EXEEpson Status Monitor 3 for the Stylus Photo R320 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus Photo R340 SeriesE_FATIAJE.EXEEpson Status Monitor 3 for the Stylus Photo R340 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus Photo R380 SeriesE_FATIBOA.EXEEpson Status Monitor 3 for the Stylus Photo R380 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus Photo R800E_FATI9YE.EXEEpson Status Monitor 3 for the Stylus Photo R800 printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus Photo RX420 SeriesE_FATI9CE.EXEEpson Status Monitor 3 for the Stylus Photo RX420 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus Photo RX430 SeriesE_FATI9CP.EXEEpson Status Monitor 3 for the Stylus Photo RX430 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus Photo RX500E_S4I2K1.EXEEpson Status Monitor 3 for the Stylus Photo RX500 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus Photo RX530 SeriesE_FATIAGP.EXEEpson Status Monitor 3 for the Stylus Photo RX530 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus Photo RX600E_S4I2M1.EXEEpson Status Monitor 3 for the Stylus Photo RX600 printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus Photo RX640 SeriesE_FATIAME.EXEEpson Status Monitor 3 for the Stylus Photo RX640 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus Photo RX680 SeriesE_FATICJA.EXEEpson Status Monitor 3 for the Stylus Photo RX680 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus Photo RX700 SeriesE_FATI9IA.EXEEpson Status Monitor 3 for the Stylus Photo RX700 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus Pro 4000E_S10IC2.EXEEpson Status Monitor 3 for the Stylus Pro 4000 printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus Pro 7600E_S10IC2.EXEEpson Status Monitor 3 for the Stylus Pro 7600 printer - for monitoring printer status, checking ink levels, etcNo
UEPSON Stylus SX200 SeriesE_FATIEFE.EXEEpson Status Monitor 3 for the Stylus SX200 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON SX100 SeriesE_FATIEDE.EXEEpson Status Monitor 3 for the SX100 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON TX100 SeriesE_FATIEDP.EXEEpson Status Monitor 3 for the TX100 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON WorkForce 30 SeriesE_FATIEEA.EXEEpson Status Monitor 3 for the WorkForce 30 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON WorkForce 500 SeriesE_FATIEQA.EXEEpson Status Monitor 3 for the WorkForce 500 Series printer - for monitoring printer status, checking ink levels, etcNo
UEPSON WorkForce 600 SeriesE_FATIEKA.EXEEpson Status Monitor 3 for the WorkForce 600 Series printer - for monitoring printer status, checking ink levels, etcNo
UEpsonPhotoStarterEPSON_PhotoStarter.exeOnly needed if you want to make full use of the capabilities of an Epson printer that included thisNo
XEptrnopdb.exeAdded by an unidentified WORM or TROJAN!No
XEQAdviceEQAdvice.exeNewAds1 adware No
XEQArticleEQArticle.exeEQArticle adwareNo
?EquipmenEquipmen.exe??No
Xeraseplgeraseplg.exeAdded by the GENOME.AQUV TROJAN!No
UErasereraser.exeEraser - "an advanced security tool for Windows which allows you to completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns". This entry starts the Scheduler with Windows and provides a System Tray icon for on-demand access. Located in %ProgramFiles%\EraserYes
Uerasereraser.exePart of Evidence Exterminator, 1st Evidence Remover and Evidence Destructor (and maybe others) - the same file for the same version being used by all programs. Security tools that ensure your security and privacy by destroying all hidden activity information on demand, according to a schedule or on each boot/shutdown. This entry provides System Tray access to the main program for on demand cleaning and is required if any automatic cleaning has been scheduled. Located in %ProgramFiles%\Evidence Exterminator, %ProgramFiles%\1st Evidence Remover, %ProgramFiles%\Evidence Destructor or maybe othersYes
Ueraser.exeeraser.exePart of Evidence Exterminator, 1st Evidence Remover and Evidence Destructor (and maybe others) - the same file for the same version being used by all programs. Security tools that ensure your security and privacy by destroying all hidden activity information on demand, according to a schedule or on each boot/shutdown. This entry provides System Tray access to the main program for on demand cleaning and is required if any automatic cleaning has been scheduled. Located in %ProgramFiles%\Evidence Exterminator, %ProgramFiles%\1st Evidence Remover, %ProgramFiles%\Evidence Destructor or maybe othersYes
YeRecoveryServicecheck.exeNow part of Acer Empowering Technology. "Acer eRecovery Management is a powerful utility that does away with the need for recovery disks provided by the manufacturer, and also acts as a versatile standalone backup and recovery manager". Whilst the exact purpose of this entry isn't known it runs and closes so leave it enabled in case it's requiredYes
UeRecoveryServiceMonitor.exePart of Acer Empowering Technology. "Acer eRecovery Management is a powerful utility that does away with the need for recovery disks provided by the manufacturer, and also acts as a versatile standalone backup and recovery manager"No
UeRecoveryServiceeRAgent.exePart of Acer Empowering Technology. "Acer eRecovery Management is a powerful utility that does away with the need for recovery disks provided by the manufacturer, and also acts as a versatile standalone backup and recovery manager"No
NEregreg32.exeEReg is a software registration tool incorporated on products such as those by Broderbund, Connectix, Hewlett-Packard, The Learning Company, and Sierra. Needless to say you don't need itNo
Xerfgddfkwind2ll2.exeAdded by the BEAGLE.CQ WORM!No
Xerghgjhgdrwindlhhl.exeAdded by the BEAGLE.BG WORM!No
Xerghgjhjgdrwindlhhl.exeAdded by the BEAGLE.BG or BEAGLE.BH or BEAGLE.BI or BEAGLE.BJ WORMS!No
?ermerm.exe??No
XErocaEroca.exeInsider.i adwareNo
Xeros.exeeros.exeAdult content daillerNo
XErrCleanSysRep.exeErrClean rogue system error and cleaning utility - not recommended. There are number of variants in this family sharing the same filename and user interface - see hereNo
XErreurChasseurSysRep.exeErreurChasseur, French rogue system error and cleaning utility - not recommended. A member of the ErrClean familyNo
NError NukerErrorNuker.exeErrorNuker registry cleaner - only required if you want the application to run a scan at startup. The program can be launched manually if requiredNo
XError Safeers.exeErrorSafe rogue system error and cleaning utility - not recommendedNo
XError Safe Freeuers.exeErrorSafe rogue system error and cleaning utility - not recommendedNo
XErrorFixErrorFix.exeErorrFix rogue system error and cleaning utility - not recommended, see here for a blog where a support person admits they lie in order to secure a saleNo
XErrorGuardErrorGuard.exeErrorGuard rogue spyware remover - not recommended, removal instructions hereNo
Xerrorhandlererrorhandler.exeErrorHandler adware No
XErrorProtector Freeertmain.exeErrorProtector rogue system error and cleaning utility - not recommendedNo
XErrorRepairToolErrorRepairTool.exeErrorRepairTool rogue system error and cleaning utility - not recommendedNo
XErrorSafeers.exeErrorSafe rogue system error and cleaning utility - not recommendedNo
XErrorSafeFreeUERS.exeErrorSafe rogue system error and cleaning utility - not recommendedNo
XErrorWizErrorWiz.exeErrorWiz rogue system error and cleaning utility - not recommended, removal instructions hereNo
XERSers_startupmon.exePart of the WinAntiVirus Pro 2006 rogue security software - not recommended, removal instructions hereNo
XERScwERScw.exePart of the ErrorSafe rogue system error and cleaning utility - not recommendedNo
XERS_checkers_startupmon.exePart of the WinAntiVirus Pro 2006 rogue security software - not recommended, removal instructions hereNo
XERS_Checkuwasers.exePart of the WinAntiSpyware 2006 and WinAntiSpyware 2007 rogue spyware removers - not recommendedNo
Xerthegdrwindll2.exeAdded by the BEAGLE.CG WORM!No
Xerthgdrwindll.exeAdded by the BEAGLE.AO or BEAGLE.AQ WORMS!No
Xerthgdrsvc.exeAdded by the BEAGLE.BN or BEAGLE.BP WORM!No
Xerthgdr2svc23.exeAdded by the BAGLE.CG WORM!No
?ERTS0749ERTS0749.exeIBM Warranty Notification - presumably it's a reminder to either register or that warranty is about to expire?No
Xertyuoprttrwq.exeAdded by the AUTORUN-APA WORM!No
UERUNT AutoBackupAUTOBACK.EXEERUNT backup utility - when added to the user's startup folder automatically backs up the registry each time the system boots, resulting in numerous backups that can be restoredNo
Xerwghjjrjtucbcg.exeAdded by the SMALL.CUL TROJAN!No
UES Current Services[FILE NAME].exe123Keylogger surveillance software. Uninstall this software unless you put it there yourselfNo
YeSafe ProtectESPWatch.exeeSafe from Aladdin - internet security for gateway and E-mail serversNo
UESBesb.exeEasy Start Button - provides functionality on certain laptops that have additional keys. Not required unless you use the extra keysNo
YeScan MonitorAVKWCTL9X.EXEMicroWorld eScan antivirusNo
UeScan Scheduleravkserv.exeMicroWorld eScan antivirus schedulerNo
UeScan UpdaterTrayicos.exeMicroWorld eScan antivirus updater - allows users to automatically download updates and set the auto time interval for downloadsNo
XEScorcherescorcher.exePart of eScorcher anti-virus software - responsible for performing virus checks and deletions. Used to collect information about the user and therefore treated as spyware - now the web-site is deadNo
XEservicesvchost.exeAdded by the MULAR.A WORM! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %ProgramFiles%\Common Files\System\EServiceNo
NESFTPesftp.exeESftp - FTP client for transfering files between a local PC and another remote computerNo
UeSnipsClientGW.exeeSnips Client Gateway from eSnipsNo
XEsohEsoh123.exeAdded by the AGOBOT.FF WORM! No
XEspecialDeneca.batAdded by the DELUZ VIRUS!No
XEsphortu.exePurityScan adwareNo
NESPN BottomLinebline.exeESPN BottomLine. "You can dock the BottomLine to the top or bottom of your screen or drag it around on your desktop, without even worrying about a browser. As long you keep the BottomLine running, you will continue to receive live scores and breaking news, and by clicking on any score or news item, you will be taken directly to the corresponding page on ESPN.com for a full break down."No
?ESS DaemonEssd.exeRelated to an ESS based soundacard. Is it required?No
?essapmessapm.exeESS Solo soundcard driver. Is it required?No
YEssdcessdc.exeRelated to an ESS Solo soundcard. Seems as though it's requiredNo
?ESSNDSYSESSNDSYS.EXERelated to an ESS based soundacard. Is it required?No
YESSOLOESSOLO.exeSound card driver that re-instates itself every time it's removedNo
Yesspkesspk.exeESS Technology modem speaker driver file. Required to get on-line with this modemNo
UEssSpkPhoneessspk.exeESS Technologies Call waiting, which gets installed by the drivers for V92 modems based on ESS Technologies chipsetsNo
?eSupIniteSupCmd.exeRelated to SupportSoft (aka Support.com) "Real-Time Service Management software". What does it do and is it required?No
XEsutitydeosutityde.exeAdded by the SDBOT.BQD WORM!No
XETB Testeretbtest.exeAdded by the RBOT-ABR WORM!No
Xetbrunelit***32.exe [* = random char]EliteBar adwareNo
UeTCertMangereTCrtMng.exeeToken Certificate Manager from Aladdin Knowledge Systems, Inc. A USB-based authentication, providing strong user authentication and password management solutionsNo
UETDWareETDCtrl.exeElantech smart-pad touchpad driver for the Asus Eee PC rangeNo
Xeth0 driverexec.exeAdded by the SPYBOT-Z WORM!No
NEthernettcaudiag.exe3Com NIC Installation/Diagnostic MFC application. Diagnostics may be run from the Start -> ProgramsNo
Xethernetairftp.exeAdded by a variant of the SDBOT WORM!No
Xethernetmsnger.exeAdded by a variant of the SDBOT WORM!No
Xethernetmsftp.exeAdded by the SDBOT.BXJ WORM!No
Xethernet adaptercsrmss.exeAdded by a variant of the RBOT WORM!No
XEthernet Drivercmsrrs.exeAdded by a variant of the RBOT WORM!No
XEthernet Driverssmrrs.exeAdded by the RBOT-AAK WORM!No
XEthernet Driversethernet.exeAdded by the GAOBOT.CEZ WORM!No
XEthernet Linkingethernet.exeAdded by a variant of the IRCBOT TROJAN!No
XEtrafficJavaRun.exeTopMoxie adwareNo
XeTrustRealTimeMon.exeAdded by the DELF-EPG TROJAN!No
YeTrust EZ Firewallefpeadm.exeeTrust EZ FirewallNo
UeTrust PestPatrol Active ProtectionPPActiveDetection.exePestPatrol real-time protection feature. "Stops spyware before it infects your system"No
XeTrust Realtime Monitorrealmon.exeAdded by the LAZAR.B TROJAN!No
YeTrustCIPEezdsmain.exeeTrust EZ Deskshield from Computer Associates. Protects against malicious email attachments and unauthorized use of email by detecting and blocking unusual behaviorNo
XeTunnelwinfw.exeAdded by an unidentified TROJAN!No
UEudoraEudora.exeEudora from Qualcomm allows you to receive and send Internet e-mailsNo
XEUP Serviceeupsvc.exeAdded by the DELBOT-Q WORM!No
UEuroGlotEuroGlot.exeEuroglot - "multilanguage translating system, available in the languages Dutch, English, French, German, Spanish and Italian"No
?Event Logeventlog.exe??No
NEvent Planner RemindersPLNRNote.exePart of Sierra/Hallmark Card Studio - System Tray notification of events such as birthdays and anniversaries that you've scheduled with the customizable Event PlannerNo
NEvent Planner Reminders Tray IconPLNRnote.exePart of Sierra/Hallmark Card Studio - System Tray notification of events such as birthdays and anniversaries that you've scheduled with the customizable Event PlannerNo
NEvent Reminderpmremind.exeEvent reminder for calendar dates, etc from Broderbund PrintMaster. Disable using the program's own option (if available) or a startup manager as it will re-instate if disabled via MSConfigNo
XEventApplicationCmdsmschk.exeAdded by the IRCBOT-AO TROJAN!No
UEVENTLISTENEREvLstnr.exeUsed with a Nikon digital camera to recognize when the camera is plugged inNo
Neventmgreventmgr.exeUsed with a Microtek scanner. Manages the scanner's button events. Available via Start -> ProgramsNo
Xeventwvreventwvr.exeAdded by the COSIAM_G TROJAN! No
?EverioServiceEverioService.exeRelated to the Cyberlink software supplied with JVC's Everio camcorders. What does it do and is it required?No
UEVGAPrecisionEVGAPrecision.exeEVGA Precision overclocking utility - "allows you to fine tune your EVGA graphics card for the maximum performance possible, with Core/Shader/Memory clock tuning, real time monitoring support including in-game, Logitech Keyboard LCD Display support, and compatibility with almost all EVGA graphics cards." Also works with many other brands of NVIDIA GeForce based graphics cardsYes
UEvidence Cleanerecleaner.exeEvidence Cleaner cleans up tracks left by your PC and Internet activitiesNo
NEvidence Eliminatoree.exeEvidence Eliminator - cover the tracks of your browsing habits and E-mails if you think you need to. Run manually on a regular basisNo
XEvilEvil.exeAdded by the MYTOB.JM WORM!No
Nevntsvcevntsc.exeApplication Scheduler installed along with RealOne Player. Once installed, it runs independently of RealOne Player. See here for more information, including how to disable it. Also see evntsvc and Realsched. Note that eventsvc.exe no longer appears to be in a newer version. To disable "tkbell.exe" in the new version (1) Start RealOne Player (2) Tools -> Preferences (3) Automatic services in the Categories pane (4) Uncheck all options and then OKNo
UEVOLOSTAEVOLOSTA.EXEEvolo Status Monitor for wireless network cards. Allows a user to enter a specific access-point mode SSID, peer-to-peer mode channel, link speed, WEP encryption options, and has enable/disable and rescan buttons. It is not needed if using Windows XP or higher, as they have this built-in to the control panel. Also, if the user is very sure that there is ONLY ONE network available to connect to, then they can remove this. If it is not in startup, and the user needs to run it, they can simply type EVOLOSTA in the Start -> Run dialog to run itNo
UEvoluent Mouse ManagerEvoMouExec.exeMouse manager for Evoluent VertcialMouseNo
XEvtHtmevthtm.exeAdded by the DLUCA-EJ TROJAN!No
UEvtMgr6Setpoint.exeLogitech SetPoint control software for their range of wired and wireless keyboards and pointing devices (mice, trackballs, etc). Required if you want to use the advanced features or modify the default settings of these devices and located in %ProgramFiles%\Logitech\SetpointYes
UEW Message Servermsg32.exeConexant (older versions are Brooktree) Wavestream Message Server - associated with Conexant based audio devicesNo
NeWare StartupiWareStart.exeeWare iWare task bar. Not requiredNo
Yewidoewido.exeSystem Tray access to and notifications for Ewido Anti-Spyware 4.0. Ewido is now part of AVG Technologies so this has been superseded by AVG Anti-Virus which includes Anti-SpywareYes
Yewido anti-spywareewido.exeSystem Tray access to and notifications for Ewido Anti-Spyware 4.0. Ewido is now part of AVG Technologies so this has been superseded by AVG Anti-Virus which includes Anti-SpywareYes
Xewrgetujgeurge.exeAdded by the AUTOINF-AK WORM!No
XEwthtasn.exePurityScan adwareNo
Xewupdaterewupdater.exeEasyWebSearch adware updaterNo
Xexample[random filename].exeAdded by the NUCLEAR BACKDOOR! Note - this trojan file is located in %Windir%\NRNo
NExcite PlatformExlaunch.exeLoads an Icon in the startup tray that allows you to receive service update notices for Excite@Home if you desire (note that since Excite@Home appears to be winding down this becomes irrelevant). May also allow you to kill the Excite Toolbar that automatically loads in Internet ExplorerNo
?Excite Private Messenger Pipex8impipe.exe??No
NExciteAssistantEXEASSISTANT.EXEWith Excite Assistant, you can access a wide variety of online information, including email, news, and stock quotes without having to have a browser window openNo
Xexdl.exeexdl.exeBargainBuddy adwareNo
Xexe lptt01exe.exeRapidBlaster variant (in a "Exe" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see hereNo
Xexe ml097eexe.exeRapidBlaster variant (in a "Exe" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see hereNo
Xexecfg4execfg4.exeAdded by the ELECTRON WORM!No
XExecUserExecUser.exeAdded by a variant of the RBOT WORM!No
?Executedelfolders.exe??No
XExeName32Warm.scrAdded by the SCOLD WORM!No
XExFilterRundll32.exe [path] cdnspie.dll, ExecFilterCNNIC Update pestNo
?exgiwslexgiwsl.exe??No
UExif LauncherExiflaquickdcr.exeUSB mass storage driver used by some digital cameras such as the Fuji Finepix. Only required if you use it regularlyNo
UExif LauncherQuickDCF.exeUSB mass storage driver used by some digital cameras such as the Fuji Finepix. Only required if you use it regularlyNo
UExitKillerEkiller.exeExit Killer - automatically closes pop-up windows in your browserNo
?exmonhpimoniter.exeSome kind of hp digital camera maybe or a photo smart connection probe?No
XExnexn.exeAdded by the IRCBOT.RJ WORM!No
Xexo.exeexo.exeAdded by the AGOBOT.ALD WORM!No
Xexp1orer.exeexp1orer.exeAdded by the DLOAD-FG TROJAN! Notice the digit "1" used in both the startup entry and filename, rather than a lower case "L"No
XExpatch[random filename]Added by the PWSLMIR-G TROJAN!No
Xexpcrt[random filename]Added by a variant of the SLAPER TROJAN!No
XExpertAntivirusExpertAntivirus.exeExpertAntivirus rogue security software - not recommended, removal instructions hereNo
XEXPL0RE.EXEEXPL0RE.EXEAdded by the POPNO-A TROJAN! Note that the filename is spelled using the digit "0" instead of the uppercase letter "o"No
XExpl0rer softexpl0rer.pifAdded by the RBOT-AQR WORM!No
XexplerUpdadv.exeAdded by the QQPASS-N TROJAN!No
XExplkwexpup.exeKeywords hijackerNo
Xexplord.exeexplord.exeAdded by the DLOADR-AYW TROJAN!No
Xexploreexplore.exeAdded by any number of VIRUSES, WORMS or TROJANS!No
XExploreExplorer.exeAdded by the IRC.FLOOD.G BACKDOOR! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%No
XExploreexplore.exeAdult content diallerNo
XExplorePLORE.EXEAdded by the FORBOT-P WORM!No
Xexplore managerexplore.exeAdded by the DONBOMB.A TROJAN!No
Xexplore.exeExplore.exeAdded by the GRAYBIRD.G TROJAN!No
Xexploreff.exeexploreff.exeAdded by the FINFANSE TROJAN!No
Xexplorep.exeexplorep.exeAdded by the LINEAG-I TROJAN!No
Uexplorerexplorer.exeStarts Windows Explorer. Unless this has been manually added to startups or added by another program it could be a virus such as PE_BISTRO or DVLDR or MYDOOM.C. Note that it is also not the explorer.exe task/service you'll see when via CTRL+ALT+DELNo
Xexplorerwscript.exe [filename]Sneaky way to start any VBS script. Many viruses use VBS files. Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deletedNo
XExplorershellexpl.exeAdded by the SHELDOR TROJAN!No
Xexplorerexpl32.exeAdded by the RATSOU TROJAN!No
XExplorer[path to worm]Added by the AUTEX WORM!No
XExplorershellexp.exeAdded by the AGENT-ZY TROJAN!No
XEXPLOREREXPL0RER.EXEAdded by the BEASTDO-Y TROJAN! Note the "0" in the filename rather than upper case "o"No
XEXPLORERsys.exeAdded by the SILLYFDC-A TROJAN!No
XExplorerconfig_.comAdded by the FLOPPY-D WORM!No
XExplorerdrv.exeAdded by the SMALL-FD TROJAN!No
Xexplorer[path to trojan]Added by the AGENT-EU TROJAN!No
Xexplorerexplorer.exeAdded by the KEYLOG-AK TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%\serviceNo
XEXPLOREREXPLORER.exeAdded by the NETHIEF-P TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%\ShellExtNo
Xexplorerexplorer.exeAdded by the BLOCKEY-A TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%\configNo
XexplorerYinstall.exePurityScan/Clickspring adwareNo
XExplorerWindows Explorer.exeAdded by the SILLYFDC-I WORM!No
XExplorerexplorar.vbsAdded by the DESKTO-A WORM!No
XExplorerTXP1atform.exeAdded by the FUJACKS.CA VIRUS!No
Xexplorersystem.exeAdded by the AGENT-FI TROJAN!No
XExplorermsrstart.exeAdded by the SOPICLICK TROJAN!No
Xexplorermain.vbeAdded by the SHUSH-A WORM!No
XExplorer 2238[path to trojan]Added by the AGENT-CPI TROJAN!No
XExplorer Loaderexplr32.exeAdded by the AGOBOT.N WORM!No
XExplorer Loaderexplorerl.exeAdded by the SDBOT-ADI WORM!No
XExplorer lptt01explorer.exeRapidBlaster variant (in a "explorer" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here.Note - this is not the legitimate Windows Explorer (explorer.exe) which would not normally appear in Msconfig/Startup unless you added it manually!No
XEXPLORER MICROSOFT SYSTEMexplore.exeAdded by a variant of the RBOT WORM!No
XExplorer ml097eexplorer.exeRapidBlaster variant (in a "explorer" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here.Note - this is not the legitimate Windows Explorer (explorer.exe) which would not normally appear in Msconfig/Startup unless you added it manually!No
XExplorer softexplorer.pifAdded by the RBOT-APK WORM!No
XExplorer softexplorer.comAdded by the RBOT-ARM WORM!No
XExplorer UpdaterIEXPLORE.exeAdded by the SDBOT-WO WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System%No
Xexplorer.exeexplorer.exeAdded by the AGENT-EW or PWS-CY TROJANS! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%No
Xexplorer.exeexplorer.exeAdded by the DELF-ACL TROJAN! Note - the legitimate Windows Explorer (explorer.exe) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %ProgramFiles%No
XExplorer.execsrss.exeAdded by the JUEGO-B WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %AppData%\MicrosoftNo
XExplorer32Expl32.exeAdded by the HACKTACK.B TROJAN!No
XExplorer32explorer6s4.exeAdded by the Downloader.Win32.Small.biq TROJAN!No
XExplorer32efsdfgxg.exeAdded by the CLICKER-Y TROJAN!No
XExplorer5config_.comAdded by the VB.CBG WORM!No
XExplorer6.1.EXEExplorer.exeAdded by the MYDOOM.B WORM! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually!No
Xexplorerf.exeexplorerf.exeAdded by the AGENT-GDZ TROJAN!No
XExplorerRunconime.exeAdded by the DLDR-G TROJAN! Note - this is not the legitimate Console IME process of the same filename which is located in %System%. This one is located in %Temp%No
XExplorerTaskexplorer.exeAdded by the ZCREW-B BACKDOOR! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in the "Fonts" sub-folderNo
XExploreUpdSched[random filename]ZenoSearch adware variantNo
Xexporetwinset.exeAdded by the QQPASS-I TROJAN!No
UExpress ClickYesClickYes.exe"Express ClickYes is a handy tool that runs in the system tray automatically clicks the Yes button for the Outlook Security security prompt, that asks you to confirm mail sending from third party applications"No
UExshow95EXSHOW95.exeSupport software for some of the Kensington mice. Provides access to extra features like those available with enhanced Logitech and MS devicesNo
NExtender Resource MonitorRMSysTry.exeRelated to Windows Media Center from MicrosoftNo
XExternal DependenciesExternal.exeAdded by the MYTOB.EC WORM!No
XExtra AntivirusExtraAV.exeExtra Antivirus rogue security software - not recommended, removal instructions hereNo
UExtraDNSExtraDNS.exeExtraDNS - DNS configuration toolNo
NExtraFilmHemmaAgentAgent.exeExtraFilm Photo AssistantNo
?Extranet AutoDialAutoExt.exeNortel Networks Contivity Extranet Switching SoftwareNo
?ExxtremeHelperDemonexxdemon.exeCreative Exxtreme graphics card related?No
NEye Tide Launcheroneeyetideone.exeNascar wallpaperNo
XEYORENotepad.scrAdded by the GIMLET-A WORM!No
YEZ Firewallca.exeeTrust EZ Armor Internet SecurityNo
UEZ-DUB FinderEZ-DUB.exeSupport software for the Lite-On EZ-DUB external DVD writer from Lite-On IT CorporationNo
Nezagentezagent.exeEzVCR recording software for the ASUS TV FM card. Available via Start -> ProgramsNo
NEzButtonEzButton.EXEEZbutton is a quick launcher for the Media player app that comes with certain laptopsNo
NEZDeskEZDESK.EXEUtility that remembers icon locations for each user and resolution. Available hereNo
UEZEJMNAPEzEjMnAp.ExeEasyEject Utility for IBM/Lenovo Thinkpad notebooks. Quote: "The IBM ThinkPad EasyEject Utility makes removing multiple devices from your computer faster and easier by enabling you to stop more than one device at once, rather than stopping each device individually." Configuration and performing of EasyEject actions is available via Fn+F9 key combination on some modelsYes
NEZEJTRAYEZEJTRAY.EXESystem Tray access to the EasyEject Utility for IBM/Lenovo Thinkpad notebooks. Quote: "The IBM ThinkPad EasyEject Utility makes removing multiple devices from your computer faster and easier by enabling you to stop more than one device at once, rather than stopping each device individually." Configuration and performing of EasyEject actions is available via Fn+F9 key combination on some modelsYes
NezHelperezHelper.exePart of the ezPeer+ ezHelper music sharing program.No
XezLife[random name].dllEZLife adwareNo
XeZmmodmmod.exeeZula TopText adwareNo
?EZNORUNEZNORUN.EXEEasy Internet related?No
NEzPrintezprint.exeLexmark Fast Pics - helps users of their printers to enhance, print and manage their photos quickly and easilyNo
YezPS_PxezSP_PxEngine.exeEngine that allows PrimoDVD from Veritas (was Prassi) and Drag'n Drop CD from Easy Systems (and maybe others) to record and protects against other software overwriting the settingsNo
YezPS_PxezSP_Px.exeEngine that allows PrimoDVD from Veritas (was Prassi) and Drag'n Drop CD from Easy Systems (and maybe others) to record and protects against other software overwriting the settingsNo
YezShieldProtector for PxezSP_Px.exeEngine that allows PrimoDVD from Veritas (was Prassi) and Drag'n Drop CD from Easy Systems (and maybe others) to record and protects against other software overwriting the settingsNo
YezShieldProtector for PxezSP_PxEngine.exeEngine that allows PrimoDVD from Veritas (was Prassi) and Drag'n Drop CD from Easy Systems (and maybe others) to record and protects against other software overwriting the settingsNo
UEZSMART Appezsmart.exeEZ-S.M.A.R.T. hard drive monitoring software from StorageSoft - appears to be no longer supportedNo
UEzTunedthtml.exeEzTune from Gateway. Rebranded version of Display Tune from Portrait Displays, Inc. - which "is the perfect software utility to initially set-up and adjust your display to achieve its optimum performance. All adjustments are made through a simple graphical user interface"No
XezulaeZmmod.exeeZula TopText adwareNo
XeZulaMaineZulaMain.exeeZula TopText adwareNo
XeZuluMaineZuluMain.exeComes with "KaZaA" installation. Advertising Spyware. Not required but KaZaA won't workNo
XeZWOwo.exeeZula TopText adwareNo
UE_S10IC2E_S10IC2.EXEEpson Status Monitor 3 for the Stylus C44 Series printer - for monitoring printer status, checking ink levels, etcNo
UE_S23E_SICN03.exeEpson printer status monitor - for checking ink levels, etc.No
UE_S4I2F1E_S4I2F1.EXEEpson Status Monitor 3 for the Stylus Photo R300 Series printer - for monitoring printer status, checking ink levels, etcNo
UE_S4I2G1E_S4I2G1.EXEEpson Status Monitor 3 for the Stylus CX5400 printer - for monitoring printer status, checking ink levels, etcNo
UE_SOEIC1E_SOEIC1.exeEpson Status Monitor 3 - for monitoring printer status, checking ink levels, etcNo
UE_S[numbers][path] E_[various].EXE [path] E_S[numbers].tmpTemporary entry related to Epson Status Monitor 3 for their range of printer and AIO devices - for monitoring printer status, checking ink levels, etcNo
Xfftkclean.exeFlashEnhancer adwareNo
UF-PROT Antivirus Tray applicationFProtTray.exeSystem Tray access to F-PROT AntivirusNo
XF-Secure 2005svchost.exeAdded by the BIFROSE-CH TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
YF-Secure 2006fspex.exeF-Secure Anti-Virus automatic updaterNo
YF-Secure Automatic UpdateF-Secure Automatic Update.exeAutomatically checks for updates for internet security software from F-Secure CorporationNo
XF-Secure Gatekeeper[malware name].exeAdded by the NUWAR.AXQ WORM!No
UF-Secure Management AgentFSMA32.EXEF-Secure antivirus - F-Secure Policy Manager provides tools for administering F-Secure software productsNo
YF-Secure ManagerFSM32.EXEF-Secure antivirus - carry out scheduled virus scans automaticallyNo
YF-Secure Startup WizardFSSW.EXEF-Secure antivirusNo
YF-Secure TNBTNBUtil.exeF-Secure antivirusNo
YF-StopWF-StopW.exeF-Prot anti-virus background scanner by F-Risk SoftwareNo
Uf1Tray.exeF1TRAY.EXESystem Tray icon for FusionOne's MightyPhone software. "MightyPhone is a concept for wirelessly synchronizing the data on your mobile phone with your web-based or PC based organizer"No
?f23mxinsf23mxinsRelated to the now discontinued ATI Fire GL3 graphics card. What does it do and is it required?No
Xf2install.exef2install.exeAdded by the IEFEAT-I TROJAN!No
UF5D7050v3Belkinwcui.exeWireless configuration utility for the Belkin F5D7050 Wireless G USB AdapterNo
UF5D8001Belkinwcui.exeWireless configuration utility for the Belkin F5D8001 N1 Wireless Desktop CardNo
UF5D8011Belkinwcui.exeWireless configuration utility for the Belkin F5D8011 N1 Wireless Notebook CardNo
UF5D8055v1Belkinwcui.exeWireless configuration utility for the Belkin F5D8055 Wireless N+ USB AdapterNo
UF5D8071Belkinwcui.exeWireless configuration utility for the Belkin F5D8071 N1 Wireless ExpressCardNo
UF5D9010Belkinwcui.exeWireless configuration utility for the Belkin F5D9010 Wireless G+ MIMO USB Network AdapterNo
UF5D9050Belkinwcui.exeWireless configuration utility for the Belkin F5D9050 Wireless G+ MIMO USB Network AdapterNo
Xf607f607.exeAdded by the URAT.B TROJAN!No
Xf73cdc8ee94ebtsendto.exeAssociated with mysearchnow.com/searchbar.html No
Xf94mggfhfghodftdf[path to trojan]Added by the SMALL.JHZ TROJAN!No
UFabrik Ultimate Backup Statusfabrikhomestat.exeStatus monitor for Fabrik Ultimate Backup from Fabrik Inc. "No matter what happens to the drive on your desk - a spilled drink, a curious toddler, a theft or a natural disaster - you know your files are still safe and secure on Fabrik Ultimate Backup's off-site servers"No
XFaltCheckallps.exeAdded by the AGENT.RAP TROJAN!No
UFamilyKeyLoggercisvc.exeFamily Keylogger keystroke logger/monitoring program - remove unless you installed it yourself! Located in %ProgramFiles%\FamilyKeyLoggerNo
XFantasia injectorwincfg.exeAdded by the AGOBOT.US WORM!No
?fapmonfapmon.exeFair Access Policy monitor for DirecPC/DirecWay internet accessNo
Xfarkrishfarkrish.exeAdded by a variant of the Storm/Nuwar/Zhelatin WORM! See here for an exampleNo
Xfarmmextfarmmext.exeVX2.Transponder parasite updater/installer relatedNo
XFashFash.exeUnidentified adwareNo
Xfaslkakj11kjgagklj11.exeAdded by the LEGMIE-ARE TROJAN!No
Nfastfast.exeInstalls as part of Windows XP PowerToys as an option for very-fast user switching (allowing a keystoke to switch users instead of using the login screen). It is only used for the hot-key switch and yet it hogs 1.5 megs of memory in two separate processes (one run by the user & one by the system). Optional install in PowerToysNo
XfastA-fast.exeA-fast Antivirus rogue security software - not recommended, removal instructions hereNo
XFast Antivirus 2009FastAV.exeFast Antivirus rogue security software - not recommended, removal instructions hereNo
NFAST DefragFAST2.EXEFastDefrag defragmenting softwareNo
XFast Homesvcnvt.exeDetected by Kaspersky as the DELF.KS TROJAN! This file may be found in the System folder on 9x machines, however as of this writing it has only been seen in the System32 folderNo
XFast Searchsvcnv.exeHomepage, Startpage hijacker. Possible variant of Trojan-Downloader.Win32.DelfNo
XFast startNtut.exeAdware - deteced by Kaspersky as the FAVADD.I TROJAN!No
XFast startsvcnt.exeAdware - detected by Kaspersky as a variant of the FAVADD TROJAN!No
UFastCachefc.exeFastCache from AnalogX - speeds up browsing by resolving DNS requests locallyNo
XFastDownloadsrundll32.exe MSA64CHK.dll,DllMostrarMatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
Xfastsmellfastsmell.exeAdded by a variant of the Storm/Nuwar/Zhelatin WORM! See here for an exampleNo
XFastStartntnut32.exeAdded by the STARTPAGE.L TROJAN!No
XFastStartsvcnut.exeBrowser hijacker - a variant of the STARTPAGE.L TROJAN!No
XFastStartsvcnut32.exeBrowser hijacker - a variant of the STARTPAGE.L TROJAN!No
NFastTrack AcceleratorSPEED UP.EXEFastTrack Accelerator - "speedup" utility for programs that use the FastTrack network such as KaZaA Media Desktop, Grokster and MorpheusNo
XFASTTRACKNETVISIONNETVISION.exeDialCar-Z premium rate dialerNo
UFastTVSyncFastTVSync.exePart of InterVideo (now Corel) DVD Copy - "fast DVD copying and file conversion software. In just three steps, you can copy videos to most DVD formats, or convert them for smooth, flawless viewing on your PSP® or iPod®. With broad format support and unique CopyLater™ technology, DVD Copy saves you time and ensures high-quality output like no other copying software"No
NFastUserfast.exeInstalls as part of Windows XP PowerToys as an option for very-fast user switching (allowing a keystoke to switch users instead of using the login screen). It is only used for the hot-key switch and yet it hogs 1.5 megs of memory in two separate processes (one run by the user & one by the system). Optional install in PowerToysNo
NFastUsrfast.exeInstalls as part of Windows XP PowerToys as an option for very-fast user switching (allowing a keystoke to switch users instead of using the login screen). It is only used for the hot-key switch and yet it hogs 1.5 megs of memory in two separate processes (one run by the user & one by the system). Optional install in PowerToysNo
XfaTfaT.exeAdded by the BANKER-DFP TROJAN!No
Xfat.exefat.exePart of the WinAntiVirus Pro 2006 and WinAntiVirus Pro 2007 rogue security programs - not recommended, removal instructions here and hereNo
XFat32 Microsoftfat32.exeAdded by the RBOT-EL WORM!No
UFatPipeDHCPSoftware enabling high speed internet browsing (2-4 times faster) and internet connection sharing for up to 5 usersNo
UFatpipe Dialerfpdialer.exeDailler for Fatpipe - software enabling high speed internet browsing (2-4 times faster) and internet connection sharing for up to 5 usersNo
Ufatrecovfatrecov.exeSCKeyLog.j keystroke logger/monitoring program - remove unless you installed it yourself! No
UFavoriteSyncFavoriteSync.exeFavoriteSync keeps the same set of Internet Explorer Favorites on several computers in syncNo
UFaxCenterServerfm3032.exeFaxMan integrates complete fax send and receive support into Windows applications without requiring additional fax software. Incorporated into software by Lexmark, MCI, Lotus, My Software, Broderbund, Traffic Software and many othersNo
UFaxCenterServer4_in_1fm3032.exeFaxMan integrates complete fax send and receive support into Windows applications without requiring additional fax software. Incorporated into software by Lexmark, MCI, Lotus, My Software, Broderbund, Traffic Software and many othersNo
UFaxCtrl.exeASMediaProxyServer.exePart of Avaya's Contact Center Express - "a multi-channel, high-volume software solution from Avaya designed specifically for the intelligent routing and computer telephony integration (CTI) needs of medium-sized contact centers"No
NFaxTalk CallControl 6.0FTClCtrl.EXEThis allows the software to handle incoming and outgoing communications without requiring the FaxTalk Communicator application to be loaded into memory. Can be started manuallyNo
UFBDirectFBDirect.exeSoftware that monitors the status of a Visioneer OneTouch scanner button and allows you to scan, fax, copy, print, and easily communicate by simply dragging and dropping scans on your PaperPort Desktop!No
?FBIFBISM.exeCompaq related but what does it do?No
XFBSearchFastBrowserSearchProtection.exeFast Browser Search/Search Guard Plus parasite - installed with "Make the Web Better" applications such as My Web Tattoo, My Face LOL and Google Easy Money Kit. See here and here for more informationNo
XFBSearchSearchGuardPlus.exeFast Browser Search/Search Guard Plus parasite - installed with "Make the Web Better" applications such as My Web Tattoo, My Face LOL and Google Easy Money Kit. See here and here for more informationNo
XFBSSAie3sh.exeFast Browser Search/Search Guard Plus parasite - installed with "Make the Web Better" applications such as My Web Tattoo, My Face LOL and Google Easy Money Kit. See here and here for more informationNo
Xfcrunfc.exeAdded by the CAMPURF WORM!No
XFCEngineFCEngine.exeCASClient adwareNo
XFCHelpFCHelp.exeAdded by either FCHelp adware or a variant of itNo
XFCManFCMan.exeFCHelp adwareNo
XFdaemon securityfsecur.exeAdded by the SDBOT.KXO WORM!No
XFDD SYSTEMFdd.exeAdded by the MYTOB-FO WORM!No
XfddddHOMEdxxatp.exeAdded by the RANKY.AA TROJAN!No
XFdr Command Modulesp2.exeAdded by the SDBOT.WP WORM!No
XFDriverwindrv.exeAdded by the DELF.WG TROJAN!No
UFD_SAPFD.exeReported to be the autopassword program from the Sony Microvault thumb driveNo
XFeCPYfecpy.exeFlashEnhancer adwareNo
Ufeedreader.exefeedreader.exe"Feedreader is a freeware Windows application that reads and displays Internet newsfeeds aka ATOM and RSS feeds based on XML"No
Xfeelalrightmirc.exeAdded by the IRCFLOOD-M WORM!No
UFEELitDeviceManagerfeelitdm.exeAssociated with Immersion TouchSense devices (Logitech Wingman Force Feedback Mouse and possibly other peripherals)No
XfegozeSVCH0ST.EXEAdded by the GRAYBIRD.D VIRUS! Note - the filename has the digit 0 rather then the uppercase "o"No
UFellowes ProxyR3proxy.exeInstalled with Fellowes EasyPoint mouse software. Not necessary for normal functioning of Fellowes mice but it is necessary to use the extended features of all Fellowes miceNo
XFen Startupsfensvc32.exeAdded by the RANDEX.CCF WORM!No
XFenio Startupsfnesvc32.exeAdded by the AGOBOT-OS BACKDOOR!No
UFerrariWallPaperFerrariWP.exeCalendar that replaces the default desktop background image. It comes with every Acer Ferrari 3000 laptop. Also downloadable for members of www.ferrari.comNo
XFestPlattenCleanerSysRep.exeFestPlattenCleaner, German rogue system error and cleaning utility - not recommended. A member of the ErrClean familyNo
XFestplattenReinigerGDC.exeFestplattenReiniger, German rogue privacy tool - not recommended. A member of the PCPrivacyTool familyNo
Xff[path to worm]Added by the RBOT-XL WORM!No
Xffsvhost32.exeAdded by the LINEAG-AFF TROJAN!No
Xffeqfqsdqddss.exeAdded by the SDBOT-SG WORM!No
XffeqOMEvcvsav.exeAdded by the RANKY.AB TROJAN!No
Xffisffisearch.exeiSearch adwareNo
Yffprsrvffprsrv.exeFile and Folder Privacy - is a "system security utility you can use to password-protect or hide your files and folders with a click of mouse. The program will always prompt to enter your access password when protection is enabled and a user is trying to access a protected file or folder". If this entry is disabled, any files/folders that are protected/hidden will no longer be accessible without first accessing the main programYes
Yffprsrv.exeffprsrv.exeFile and Folder Privacy - is a "system security utility you can use to password-protect or hide your files and folders with a click of mouse. The program will always prompt to enter your access password when protection is enabled and a user is trying to access a protected file or folder". If this entry is disabled, any files/folders that are protected/hidden will no longer be accessible without first accessing the main programYes
Yffpsrvffpsrv.exeFile & Folder Protector - "great easy-to-use password-protected security utility lets you password-protect certain files and folders, or to hide them securely from viewing and searching just with a click of mouse". If this entry is disabled, any files/folders that are protected/hidden will no longer be accessible without first accessing the main programYes
Yffpsrv.exeffpsrv.exeFile & Folder Protector - "great easy-to-use password-protected security utility lets you password-protect certain files and folders, or to hide them securely from viewing and searching just with a click of mouse". If this entry is disabled, any files/folders that are protected/hidden will no longer be accessible without first accessing the main programYes
UFG1_00frntgate.exeFrontGate MX - e-mail spam blockerNo
?fgl23DoubleScreenHooksf23happ.exeRelated to the now discontinued ATI Fire GL3 graphics card. What does it do and is it required?No
XfGQEGqHOMEgwwgtp.exeAdded by the RANKY.J TROJAN!No
XFHPageshdochp.exeAdded by the WINHOUND TROJAN!No
XFHStartshdocsvc.exeAdded by the WINHOUND TROJAN!No
UFhtisxkfhtisxk.exeXtraKeys keystroke logger/monitoring program - remove unless you installed it yourself! No
XFhzepgyiHELLRAIDER.EXEAdded by the MINDCTRL.A BACKDOOR!No
UFieldForms SyncSyncService.exeResco FieldForms. A solution for building of mobile forms that can be viewed or filled in on the run, on a wide range of mobile devices. Supports Microsoft Access databases, and provides for synchronization of other data as wellNo
XFiendlyTypecsrss.exeAdded by the WEBUS TROJAN! Note - this is not the legitimate csrss.exe process which should not normally figure in Msconfig/Startup!No
XFILEabcdefg.exeAdded by the KELVIR.DD WORM!No
?file indexing servicemsfindfile.exeNew version of MS FindFast and still a resource hog?No
Xfile laoder configurationrnd32.exeAdded by the RBOT.BQJ WORM!No
XFile Mapping Serviceshp-1003.exeAdded by the RBOT.FAN WORM!No
XFile Protection Monitorfilemon.exeAdded by a variant of the RBOT WORM!No
XFile Systemtaskmqrs.exeAdded by a variant of the TOXBOT/CODBOT WORM!No
XFile Systemtaskmqr.exeAdded by the RBOT.BWQ WORM!No
XFile System Servicewmiprvsc.exeAdded by the AGOBOT-HZ TROJAN!No
XFile-Sharing Wizardshwizard.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XFile0_0MD1.exeAdded by the DLOADER-OR TROJAN!No
XFile1Dia Claro.htmAdded by the DLOADER-OR TROJAN!No
XFileFreedom_Pluginwtm.exeFileFreedom peer-to-peer sharing programNo
Nfilehippo.comUpdateChecker.exeChecks for new releases available in the popular FileHippo.com repository for any software you may already have installed on your computer. Run manually when requiredYes
NFileHippo.com Update CheckerUpdateChecker.exeChecks for new releases available in the popular FileHippo.com repository for any software you may already have installed on your computer. Run manually when requiredYes
XFileManager32Wscript.exe ChkMgr32.vbsAdded by the NOTUP.A WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted. The "ChkMgr32.vbs" file is located in %System%No
Xfilenfilen.exeAdded by the VBNAM-A WORM!No
Xfilenamefilename.exeAdded by the VB.FSY TROJAN!No
Xfilename processkerneldll.exeAdded by the AGOBOT-PO WORM!No
Xfilename processexplore.exeAdded by the AGOBOT-QN WORM!No
Xfilename processRundil16.exeAdded by the GAOBOT.ZX WORM!No
XFiles Driversdphost.exeAdded by the SDBOT-DKZ WORM!No
XFiles Driversfdhost.exeAdded by the AGOBOT-AJC BACKDOOR!No
XFileSoftWscript.exe UpdataFiles.vbsAdded by the SST.B WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted. The "UpdataFiles.vbs" file is located in %Windir%No
Xfilit[path to trojan]Added by the PERDA-G BACKDOOR!No
UFilmLoopFilmLoopService.exeRelated to FilmLoop - a photocasting network. Share your pictures with your family and friendsNo
UFilterGatefiltergate.exeFiltergate internet filtering software - filters sounds, popup ads, background sound and other unnecessary website itemsNo
UFilterguardFiltrgrd.exeAn icon located in the lower left of the screen and looks like a lifesaver. This icon is a "short-cut" to access the basic features of SOS-Guardian, SOS-KidProof Lite, SOS Best Defense and SOS Pro such as Internet filtering utility. You can access this menu by "right-clicking" on the iconNo
XFilterProgramGDC.exeFilterProgram rogue privacy tool - not recommended, removal instructions here. A member of the PCPrivacyTool familyNo
XFindfind.exeAdded by the OPANKI WORM!No
NFind FastFindfast.exeFrom older versions of MS Office - searches disk drives for Office file types and creates an index to make opening them easier. When indexing is in progress it can use lots of CPU time and memory - especially on slower/older machinesNo
YFind Virus Launch Programfvlaunch.exePart of Dr. Solomon's AntivirusNo
Xfindfastfindfast.exeAdded by the DLOADER.PFR TROJAN! Note - the is not the legitimate file of the same name installed with older versions of MS OfficeNo
Xfindfast.exefindfast.exeIdentified as the RUNDIS.A TROJAN! Note - the is not the legitimate file of the same name installed with older versions of MS OfficeNo
XFindHack[path to worm]Added by the KELVIR-BA WORM!No
UFinePrint Dispatcher v4fpdisp4a.exeFinePrint Dispatcher - handles the spooling of print jobs to the FinePrint printer. Version 4.x of the software. "FinePrint saves ink, paper, time and money by controlling and enhancing printed output"No
UFinePrint Dispatcher v4fpdisp4.exeFinePrint Dispatcher - handles the spooling of print jobs to the FinePrint printer. Version 4.x of the software. "FinePrint saves ink, paper, time and money by controlling and enhancing printed output"No
UFinePrint Dispatcher v5fpdisp5a.exeFinePrint Dispatcher - handles the spooling of print jobs to the FinePrint printer. Version 5.x of the software. "FinePrint saves ink, paper, time and money by controlling and enhancing printed output"No
NFineReader7NewsReaderProAbbyyNewsReader.exeABBYY FineReader OCR software - version 7No
UFingerPrintSoftwarefpapp.exeSupports the fingerprint reader on selected IBM/Lenovo Thinkpad notebooksNo
XFire Wall services[random filename]Added by the IRCBOT-QY WORM!No
XFire Wall serviceswnlmzsfhobi.exeAdded by the IRCBOT-QY WORM!No
XFire Well service[random].exeAdded by the RBOT-FJU WORM!No
?FireBox Control PanelFireBox.exeControl panel for the Presonus FireBox firewire based music recording system. Is it required?No
XFireExplore UpdateFireExplore.exeAdded by a variant of the RBOT WORM!No
XFireFoxfirefox.exeAdded by the RBOT-ATP WORM! Note - this is not the popular FireFox web browser and is located in %System%No
XFirefox Plugin Managerfirefoxpgm.exeAdded by the MSNPHOTO.E WORM!No
UFirefox PreloaderFirefoxPreloader.exeFirefox Preloader - "a utility that is designed to load parts of Mozilla Firefox into memory before it is used to improve the its startup time". Even on fast machines Firefox can take a while to loadYes
XFireFox Service Driversssmss.exeAdded by a variant of the SDBOT WORM!No
XFireFox Startup Driverswuaclt.exeAdded by the RBOT.BYX WORM!No
Xfirefox.exefirefox.exeAdded by the BANKER-EBO TROJAN! Note - this is not the popular FireFox web browser and is located in %System%No
YFirePodFIREPOD.EXEDriver for the PreSonus FP10 (formerly FirePod) Firewire recording systemNo
XFiresWallservices[random].exeAdded by the RBOT-FJT WORM!No
YFiretrust BenignB9.exeFireTrust Benign - allows you to receive e-mail which is safe from viruses, worms, scripts, web bugs, privacy threats and other security risks, without affecting your e-mail. "Benign neutralizes or strips out the code that makes viruses, worms, scripts and other potentially harmful things run"Yes
XFirevall Administratingrndll.exeAdded by the PUSHBOT-B WORM!No
Xfirewalfirewal.exeAdded by the BANCBAN-QY TROJAN!No
XFirewall wmlaunch .exeAdded by the ELIPTER.A or ELIPTER.B WORMS! Note the space at the beginning of the filenameNo
XFirewallwmlaunch .exeAdded by the ELIPTER.D WORM!No
XFirewallSP2 UPDATE.exeAdded by the ELITPER.E WORM!No
XFirewallFirewall.batAdded by the YPSAN.G WORM!No
Xfirewallfw_304.exeAdded by the BDOOR-JQ BACKDOOR!No
XFirewallctfmon.exeAdded by a variant of the IRCBOT BACKDOOR! Note - this is not the legitimate ctfmon.exe process associated with alternate text inputs which is always located in %System%. This one is located in %Windir%No
Xfirewallspoolsv.exeAdded by the DIZAN.F VIRUS!No
Xfirewallfirewall.exeAdded by the SURO-A TROJAN!No
Xfirewall 2008logoneui.exeAdded by the SILLYFDC WORM!No
XFirewall Administratinginfocard.exeAdded by the AUTORUN-AYV WORM! Note - this is not the valid InfoCard Service which is part of the .NET Framework from Microsoft and uses the same filenameNo
XFirewall auto setupwinlogon.exeAdded by the AGENT-EDB TROJAN! Note - this is not the legitimate winlogon.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Temp%No
XFirewall auto setup[path to trojan]Added by the AGENT-GLY TROJAN!No
XFirewall configReadMe.exeAdded by the SILLYFDC.BBT WORM!No
XFirewall Controlssys32.exeAdded by the SDBOT-DGI WORM!No
XFirewall PolicyMidiDef32.exeAdded by the PIEBOT-A TROJAN!No
XFirewall Sp2 systemsys32Conf.exeAdded by the RBOT-ABT WORM!No
XFirewall Update System1WinedowsUpdater1.exeAdded by the RBOT-ARU WORM!No
XFirewall Updatermsnupdateit.exeAdded by the RBOT-AAQ WORM!No
XFirewall.exeFirewall.exeAdded by the AGENT.AGL BACKDOOR! Located in %System%No
YFireWall.exeFireWall.exeAshampoo® Firewall PRO and Ashampoo® Firewall FREE from Ashampoo GmbH & Co. KG. Located in an Ashampoo related sub-directory of %ProgramFiles%Yes
XFirewallActiviescsrss.exeAdded by the BANKER-AQ TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "3041" subfolderNo
YFirewallGUIFirewallGUI.exeSystem Tray access to PC Tools Firewall Plus from PC Tools - which "is a powerful personal firewall for Windows that protects your computer from intruders and controls the network traffic in and out of your PC"Yes
UFirewallStartupFirewallstartup.exeInnovative Startup Firewall - "designed to protect your computer from programs that install themselves in the StartUp area of your Windows without asking for your approval. Innovative StartUp Firewall will help you keep your computer clean, fast and in it's best shape"No
XFirewallSvrFirewallSvr.exeAdded by the NETSKY.X or NETSKY.Y WORMS!No
Xfirewall_antifirewall_anti.exeAdded by the NETDENY-B TROJAN!No
XFireWire Driversamx.exeAdded by the SDBOT.AE WORM!No
XFireWire Servicenvscv32.exeAdded by a variant of the SDBOT WORM!No
XFireWire Servicesnvcsv32.exeAdded by a variant of the SPYBOT WORM!No
XFirstFinddir.exeAdded by the DELF-EZD TROJAN!No
XFirst Home Pagehttp://find.naupoint.comNaupoint browser hijackerNo
?First Principle Groupfpg.exeRelated to the E-Players Card from First Principle GroupNo
XFIXWinFIX1.0.vbsAdded by the GORMLEZ-A WORM!No
XFix ToolFix-Tool.exeFix Tool rogue system error and cleaning utility - not recommendedNo
YFix-itmxtask.exePart of Ontrack's Fix-it Utilities Suite. Loads a System Tray icon that lets you access the full program. Needed if you run the crash guard, intellicluster, anti-virus, or autoupdater. Otherwise not requiredNo
YFix-it AVmemcheck.exePart of Ontrack's Fix-it Utilities Suite anti-virus. Performs a quick check of memory for signs of any virus. Exits afterward and returns all resources used in one user's experience. Not required but could be left without a drain on resourcesNo
XFixnicevcvw.exeAdded by the SDBOT TROJAN!No
Xfjdslssdfdmat2.exeAdded by the SLAPEW.C TROJAN!No
UFjMenuFjMenu.exeFrom the "Fujitsu Menu" tray icon you have instant access to the Control Panel, Tablet pc keyboard, Tablet and pen settings, Fujitsu display controls, brightness control, sounds and audio devices, capture screen, capture window, organize favorites, power options, printers and faxes, LCD brightness MIN, LCD brightness MAX, Enable/disable Button Panel and the Fujitsu menu settings, which are customizableNo
UFJTWAIN SetupFjtwSetup.exeFujitsu scanner utilityNo
NFJUPDNV_Chitosefjdvrupd.exeDriver update for a Fujitsu Siemens Lifebook laptopNo
XFKS v2.0msngr.exeAdded by an unidentified WORM or TROJAN!No
NfkSysMonfksysmon.exefkWrae SysMon - system monitor - "displays the current memory consumption, CPU and resource usage, date, time, Windows uptime, IP address and a lot more"No
XFlaCPYflacpy.exeFlashEnhancer adwareNo
XFlash Driver[path to trojan]Added by the AGENT.CWVT TROJAN! No
XFlash Media%%%%%.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XFlash Media%%%.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XFlash Media[path to trojan]Added by the IRCBOT.AUR TROJAN! No
XFlash Media^ ^^^ %% % ^% ^%%^ %^ .exeAdded by a variant of the IRCBOT BACKDOOR!No
XFlash Media^^% ^ %%% %^%%%^%%^%^% % ^^%% % %^^^^ ^%%^%% .exeAdded by a variant of the IRCBOT BACKDOOR!No
XFlash Media^^^^^.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XFlash Media^^^^^^.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XFlash Mediaservices.exeAdded by a variant of the IRCBOT BACKDOOR! See here. Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Temp%No
XFlash Mediazrpk��'�'%''msn'�%'fix''.exeAdded by a variant of the IRCBOT BACKDOOR!No
XFlash Media % ^% ^^^ %^% %% ^ ^ %%% ^% %^ % %^^.exeAdded by a variant of the IRCBOT BACKDOOR! Note the space at the beginning of the filenameNo
XFlash Media^%%^%%%^% %^ ^ .exeAdded by a variant of the IRCBOT BACKDOOR!No
XFlash Media%^^%^^% %^^^^ .exeAdded by a variant of the IRCBOT BACKDOOR!No
XFlash Media^%^^^%% ^ ^ %^^^^^ %^ ^%^^ ^%^^^^^ %^ ^^^%^%%.exeAdded by a variant of the IRCBOT BACKDOOR!No
XFlash Media%^% ^ %^%% ^ % ^%%^^ %^^%^%^ ^%% %^.exeAdded by a variant of the IRCBOT BACKDOOR!No
XFlash Media%%%%%%^^ ^ .exeAdded by a variant of the IRCBOT BACKDOOR!No
XFlash Mediaskxs��'�'%''msn'�%'fix''.exeAdded by the AGENT.ZOY TROJAN!No
XFlash Media ^ %%^%^%.exeAdded by the FLUSH.A TROJAN! Note the space at the beginning of the filenameNo
XFlash Media %% % ^^ % %% ^%^^ ^^^ % ^%% ^ ^.exeAdded by a variant of the IRCBOT BACKDOOR! See here. Note the space at the beginning of the filenameNo
XFlash Media^ ^ % ^ % % ^ ^ ^%% ^% %%^^.exeAdded by the IRCBOT.BAW BACKDOOR!No
XFlash Player2[path to worm]Added by the IRCBOT.PD WORM!No
?FLASH32-flash32.exe??No
XFlash32FLASH32.COMAdded by the STARTER-F TROJAN!No
UFlashEncFlashEnc.exeSupplied with EasyDisk USB pen devices. The utility manages the encryption and compressed folders options. It will create these folders if running on the USB key without permission, which is a pain. No need for it if you do not want these featuresNo
NFlashgetFlashGet.exeFlashGet download managerNo
XFlashget Download ManagerFlashget.exeAdded by the RBOT-AGZ WORM!No
XFlashGuardFlashGuard.exeAdded by the AUTOIT.AL WORM!No
UFlashMuteFlashMute.exe"FlashMute is a tool which allows you to mute/unmute Flash Movies loaded in a browser exclusively, or alternatively all sounds produced by the browser"No
NFlashPath MonitorSDSTAT.EXESystem Tray icon that you can't get rid of - and does not need to run!. Tells you the battery status in the floppy disk adapter for the smartmedia cards. Available via Start -> ProgramsNo
NFlashPath MonitorFLSHSTAT.EXESystem Tray icon that you can't get rid of - and does not need to run!. Tells you the battery status in the floppy disk adapter for the smartmedia cards. Available via Start -> ProgramsNo
NFlashPath StatusSDSTAT.EXESystem Tray icon that you can't get rid of - and does not need to run!. Tells you the battery status in the floppy disk adapter for the smartmedia cards. Available via Start -> ProgramsNo
NFlashPath StatusFLSHSTAT.EXESystem Tray icon that you can't get rid of - and does not need to run!. Tells you the battery status in the floppy disk adapter for the smartmedia cards. Available via Start -> ProgramsNo
XFlashy BotFlashy.exeAdded by the GLUPZY.A WORM!No
XFlash_Player_Installying.exeConstructor VC2000 malwareNo
XFlenCPYflencpy.exeFlashEnhancer adwareNo
UFlexicdFlexicd.exeCD player - part of the Win95 Power ToysNo
UFlingRunfling.exeFling - free FTP software from NCH SoftwareNo
UFLMBROWSERMOUSEmouse32A.exeMouse utility for a Trust brand (and possibly others) mouse. If you disable this entry you will not be able to use any of the non-standard functions of the mouseNo
UFLMK08KBMMKEYBD.EXEMultimedia keyboard manager. Required if you use the additional keysNo
UFLMK08KBKbdAp32A.exeKeyboard utility for a Medion brand (and possibly others) keyboard. If you disable this entry you will not be able to use any of the keyboard hotkeys or other non-standard functions on the keyboardNo
UFLMLABTECMOUSEmouse32A.exeMouse utility for a Labtec brand (and possibly others) mouse. If you disable this entry you will not be able to use any of the non-standard functions of the mouseNo
UFLMMEDIONMOUSEmouse32a.exeMouse utility for a Medion branded Fellowes mouseNo
UFLMOFFICE4DMOUSEmoffice.exeMouse utility for a Labtec brand (and possibly others) mouse. If you disable this entry you will not be able to use any of the non-standard functions of the mouseNo
UFLMOFFICE4DMOUSEmouse32a.exeMouse utility for a Micro Innovations brand (and possibly others) mouse. If you disable this entry you will not be able to use any of the non-standard functions of the mouseNo
UFLMTRUSTKBKbdAp32A.exeKeyboard utility for a Trust brand keyboard. If you disable this entry you will not be able to use any of the keyboard hotkeys or other non-standard functions on the keyboardNo
UFLMTRUSTMOUSEmouse32a.exeMouse utility for a Trust brand (and possibly others) mouse. If you disable this entry you will not be able to use any of the non-standard functions of the mouseNo
XFlnCPYflncpy.exeFlashEnhancer adwareNo
XFLooDNeTFLooDeR.exeAdded by the ENDOOL TROJAN!No
XFloppy Master[path to trojan]Added by the ZONIT-F TROJAN!No
?Flow Go TVflogotv.exe??No
Xflpsflps.vbsAdded by the BYRON WORM!No
Xflpycntlflpycntl.exeAdded by the CRYPTER.C TROJAN!No
?FLSVCIFLSVCI.exe??No
YFltProcessmsinet.exePart of Cyber Patrol internet filtering software to restrict access to certain types of material on the internet. It can be disabled but do not ask how it's doneNo
XFlyswatDesktopflydesk.exeAdvertising spywareNo
UFmctrlTrayFmctrl.EXEGenius SM-Live Control Panel. Enhances audio output through Genius sound cards (makes a big difference and worth the 3MB Ram used)No
Xfmnwebassistfmnwebassist.exeAdware popup generatorNo
UFMStartFmstart.exeGFI FAXmaker - native fax connector for Microsoft Exchange Server or for networks, allows all users to send and receive faxes right from their desktopNo
XFMSZfmsz.exeAdded by the FMSZ TROJAN!No
Xfnmwebassistfnmwebassist.exeWinPL adware No
?FocusFocus.exeISDN configuration wizard?No
Xfofficenm.exeAdded by the DELF-CB TROJAN!No
XFolder Servicewssdtu.exeAdded by the MANIFEST TROJAN!No
UFolder Viewfolderview.exeFolder View enhances the Windows file Explorer by making all folders you need available in a single clickNo
UFolderClone v*.*.*folderclone.exeFolderclone backup and synchronization softwareNo
XFolderRaper[path to worm]Added by the VB.GOZ WORM!No
UFolderShareFolderShare.exe"FolderShare allows you to create a private peer-to-peer network that will help you to synchronize files across multiple devices and access or share files with colleagues and friends"No
NFolding@homeWINFAH.EXEFolding@Home is a distributed computing project which studies protein folding, misfolding, aggregation, and related diseases - must be running in order to access the internet to upload to the servers. Available via Start -> ProgramsNo
NFoneSyncSystemTrayFoneSyncSystemTray.exeSystem Tray icon for Nokia FoneSync utility for the 7160/7190 mobiles. Useful to send data from/to the cell phone and the computer. You can use it to backup data or even to input data through the computer keyboard (which naturally is much more comfortable). Run manually when requiredNo
XFontboot.exeAdded by the AGENT-LZW TROJAN!No
XFont Viewerfontviewer.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XFontFixfontfix.exeAdded by an unidentified VIRUS, WORM or TROJAN!No
NfontnavFontNav.exeFont Navigator from Bitstream Inc. - a font management utilityNo
XFontsLoaderldfnt32.htaUnidentified malwareNo
XFONTVIEWFONTVIEW.EXEAdded by the OPASERV.T WORM!No
UFooBar 1.0FooBar.exeFooBar - "combines fifteen high-quality productivity tools in a single toolbar that floats on your desktop or runs in the Windows task bar"No
Xfoobin lptt01adaware.exeRapidBlaster variant (in a "foo1" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see hereNo
Xfoobin ml097eadaware.exeRapidBlaster variant (in a "foo1" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see hereNo
Xfoolfool.exeAdded by the SILLYFDC.BCV WORM!No
YFoolProoffpwinldr.exeFoolProof Security PC security software from SmartStuffNo
YFoolProofSweep??Part of FoolProof Security PC security software from SmartStuffNo
NForbesForbesAlerts.exeForbes Business News Alerts - displays business news headlines in a little window on the screenNo
XForceShowrundll32.exe QaBar.dll,ForceShowBarAdultLinks.QBar parasite related! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "QaBar.dll" file is found in %System%No
NForget Me NotAGRemind.exeCalendar reminder part of Broderbund's American Greetings® CreataCard®No
UforteManagerdthtml.exeforteManager from LG. Rebranded version of Display Tune from Portrait Displays, Inc. - which "is the perfect software utility to initially set-up and adjust your display to achieve its optimum performance. All adjustments are made through a simple graphical user interface"No
YFortiClientFortiClient.exeFortinet security systems are the new generation of real time network protection systemsNo
UFortis Secure Layer Configcseinst.exeFortis Bank Home Banking part. Installed during the installation of the software necessary to run the Home Banking. According to Fortis Bank this will not in any way be harmful to the system or relay system informationNo
Xfotosfotos.exeAdded by the BANKER-FP TROJAN!No
NFotoStation Easy AutoLaunchFotoStation Easy AutoLaunch.exeInstalled with a Nikon digital camera. Used to collect photos uploaded from camera program NkVwMon.exe. If your camera is not connected (via USB port) you do not need this program loaded eitherNo
UFoul PXFoulPX.exeFoul PX, Optusnet usage stat checkerNo
UFourthDayFourthDay.exeThe Fourth Day - "astronomical clock and almanac for your system tray"No
XFoWilCofowilco.exeAdded by the WOOTBOT.CR WORM!No
Xfoxdhfoxdhend.exeAdded by the MENGHUAN TROJAN!No
Xfoxdhfoxdh.exeAdded by the GWGHOST-Q TROJAN!No
Xfoxrxjhfoxrxjh.exeAdded by the GWGHOST-T TROJAN!No
Xfoxwudy9912service.exeAdded by the BANCOS-BT TROJAN!No
YFP Loaderloadfp.exeFoolProof Security - PC security software from SmartStuffNo
Nfpassistfpassist.exePart of FreePDF (was FreePDF XP) - a utility used to create Adobe compatible PDF files from virtually any Windows application. This executable needs to be running when you want to send a printer output to a PDF file via the FreePDF virtual printerYes
?FPWGMWZDFPWGMWZD.exe??No
NFpxmnmsrvc.exeRemote Desktop Sharing service part of Microsoft's Netmeeting allowing users to share items on their screens across remote locationsNo
Xfqorstub_113_4_0_4_0.exeTargetSaver adware No
XFrameWork 2.5FrameWork.exeAdded by the RBOT-FMW WORM! Note - can terminate AV related processesNo
XFramework module libraryinfocard.exeAdded by the BUZUS.AYX TROJAN!No
XFramework Windowsfrmwrk32.exeAdded by the FAKEAV-KS TROJAN!No
XFrancesvchost.exeAdded by the MIMAIL.L WORM! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
NFrapsFRAPS.EXEFraps® by Beepa Pty Ltd - is "a universal Windows application that can be used with games using DirectX or OpenGL graphic technology". It can show how many Frames Per Second (FPS) you are getting, allow you to take a screenshot with a single keypress or record a videoYes
NFree Download Managerfdm.exe"Free Download Manager" - see hereNo
?Free Downloads Monitorfdcmon.exe??No
NFree DVD DirectFreeDVDDirect.exeFree DVD Direct - provides a program to access a peer-to-peer (P2P) file-sharing network (see here)No
UFree Key Loggerfreekeylogger.exeFree Key Logger keystroke logger/monitoring program - remove unless you installed it yourself!No
UFree Ram Optimizerfro.exeFree Ram Optimizer monitors your memory, and frees up ram if it falls below a certain minimum. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/ME. See this article and make up your own mindNo
Xfree-save[path to risk]Freesave security risk that tracks and sends browser information and visited websites on the computer. Uninstall this software unless you put it there yourselfNo
XFreeAttentioneqsefeqe.exeAdded by an unidentified WORM or TROJAN!No
NFreebie NotesFreebieNotes.exeFreebie Notes by Power Soft - create electronic notes (stickers)No
NFreeCallFreeCall.exeFreeCall - free internet telephony utility using the VoIP (Voice over Internet Protocol). Call online friends for free and regular phones either for free (limited use) or low rates. One of a number provided by Betamax - the others generally have different rate plans. Similar to the more popular SkypeYes
YFreedomFreedom.exeFreedom Internet Security & Privacy - anti-virus, personal firewall and parental control. It also blocks ads, safeguards your personal information, encrypts your passwords, and much more. No longer available for saleNo
UFreeMem ProFMEMPRO.EXEFreeMem Pro - memory optimizer. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mindNo
UFreeMemVn2FreeMem.exeFreeMem - memory optimizer. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mindNo
XFreeMP3downloadrundll32.exe MSA64CHK.dll,DllMostrarMatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
NFreePDF Assistantfpassist.exePart of FreePDF (was FreePDF XP) - a utility used to create Adobe compatible PDF files from virtually any Windows application. This executable needs to be running when you want to send a printer output to a PDF file via the FreePDF virtual printerNo
NFreePDF_Assistantfpassist.exePart of FreePDF (was FreePDF XP) - a utility used to create Adobe compatible PDF files from virtually any Windows application. This executable needs to be running when you want to send a printer output to a PDF file via the FreePDF virtual printerYes
UFreeRAM XPFreeRAM XP Pro *.exeFreeRAM XP Pro - memory optimizer where * represents the version. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mindNo
UFreeRAM XPFreeRAM XP Pro.exeFreeRAM XP Pro - memory optimizer. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mindNo
Xfreestylelockx.exeAdded by the RBOT-ATH WORM!No
Ufreesurferfs20.exeEMS Free Surfer mk II - pop-up stopperNo
Xfreexstylelockbar.exeAdded by the LOXBOT.D WORM!No
Xfreexstylelockbr.exeAdded by the LOXBOT.C WORM!No
Xfreinstpgs.exePart of the AVSystemCare rogue security software and other members of this family. See here for more examplesNo
UFresh Desktopfreshdesktop.exeFresh Desktop is a utility that lets you manage vast collections of wallpapers for your desktop with ease. When run on bootup it changes the desktop wallpaper at startup or at specified intervalsNo
Nfreshclamfreshclam.exeAuto update agent of the open source Clamwin virus scanner No
?frgukshdrkmck.exe??No
?FridaysInHellInstallerFridaysInHellInstaller.exe??No
XFriendlyTypelsass.exeAdded by the WEBUS.B TROJAN! Note - this is not the legitimate lsass.exe process which should not normally figure in Msconfig/Startup!No
XFriendlyTypeNameservices.exeAdded by the NEVEG.B or NEVEG.C WORMS! Note - this is not the legitimate services.exe process, which should not appear in Msconfig/Startup!No
XFriendlyTypeNamewinlogon.exeAdded by the NEVEG.A WORM! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup!No
NFriendlyWebQuick-LaunchSELFCERT.EXEselfcert.exe is a stand alone program for creating your own digital certificates for macros - the .exe is installed as an extra basically by clicking on MS Office in add/remove programs and selecting remove - also I would do away with the FriendlyWebQuickLaunchBar as wellNo
UFRISK FP-SchedulerF-Sched.exeScheduler for F-Prot anitvirus software. Leave enabled unless you scan manually on a regular basisNo
?FRITZ!DSL StartcenterStCenter.exeFRITZ! ISP software "StartCenter" User interface that allows you to manage, tweak and diagnose many aspects of your internet connection - is it required?No
UFRITZ!webProtectFwebProt.exeFirewall included in FRITZ! ISP DSL softwareNo
NFromine WinPopupwinpopup.exeInstant Messenger programNo
Xfroodytimoty.exeAdded by an unidentified malwareNo
XFrskfrsk.exeUnidentified adware downloader trojanNo
Xfrunderc32xz.exeAdded by an unidentified TROJAN!No
YFRW_EXEFRW.EXEConSeal Signal9 firewall - now McAfee Personal firewallNo
Yfrxmxinsfrxmxins.exeATI 3D Studio MAX/VIZ driverNo
XFS Agentfagent.exeAdded by the VOLVER-B TROJAN!No
XFS6519FS6519.dll.vbsAdded by the SOLOW.B WORM!No
Yfsaafsaa.exeF-Secure antivirus Authentication Agent - creates and stores private keys used by a client to access serversNo
NFSCBossFSCBoss.exeFree Store Club shop online softwareNo
?FSDPSRVFSDPSRV.exe??No
Xfsdsft[path to backdoor]Added by the RANKY.S BACKDOOR!No
XFSHsvcnva.exeIdentified by Ewido Security Suite (Ewido is now part of AVG Technologies) as the DELF.KA TROJAN!No
Ufspfsp.exeFolder Shield - hide entire directories and thus prevent access by anyone else to your personal files and documentsNo
YfsprFolderShield.exeFolder Shield - hide personal files and foldersNo
NFSScrCtlFSScrCtl.exeScreen saver control applet used by the "Stardust Screen Saver Toolkit" and "SolidWorks Screen Saver"No
Ufsservfserv.exeFarsighter Server - monitors a remote computer invisibly by streaming video to a viewer on your computer. You will know exactly what is happening on the remote computer as you see it in real-timeNo
Ufssuifsui.exeSystem Tray access to and notifications from Windows Live Family Safety - optionally installed as part of Windows Live Essentials. "With Family Safety, you decide how your kids experience the Internet. Limit searches, monitor and block or allow websites, and decide who your kids can communicate with in Windows Live Spaces, Messenger, or Hotmail". Note - disabling this entry does not disable Family Safety and prevent it monitoring a users activity or restricting accessYes
Ufssuifssui.exeSystem Tray access to and notifications from Windows Live OneCare Family Safety - part of the Live OneCare range and now superseded by Windows Live Family Safety which is part of Windows Live Essentials. Allows you to decide how your kids experience the Internet by limiting searches, monitoring and blocking/allowing websites and deciding who your kids can communicate with in Messenger or Hotmail. Note - disabling this entry does not disable Family Safety and prevent it monitoring a users activity or restricting accessYes
Xfstsvcrundll32.exe fstsvc.dll,startAdded by the AKBOT-AA WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "fstsvc.dll" file is found in %System%No
Ufsuifsui.exeSystem Tray access to and notifications from Windows Live Family Safety - optionally installed as part of Windows Live Essentials. "With Family Safety, you decide how your kids experience the Internet. Limit searches, monitor and block or allow websites, and decide who your kids can communicate with in Windows Live Spaces, Messenger, or Hotmail". Note - disabling this entry does not disable Family Safety and prevent it monitoring a users activity or restricting accessYes
XFSWFSW.exeFreeScratchAndWin parasiteNo
UFSWebServerfsws.exeEasy File Sharing Web Server is a Windows program that allows you to host a secure peer-to-peer and web-based file sharing system without any additional software or servicesNo
Xftkftkclean.exeFlashEnhancer adwareNo
XFtkCPYftkcpy.exeFlashEnhancer adwareNo
UFtLnSOP_setupFtLnSOP.exeFujitsu scanner utilityNo
UFTMSFLT(USB)FTMSFLTU.EXEFujitsu's Touch Panel Message NotifierNo
XFTP FOR WINDOWSftpwin32.exeAdded by a variant of the RBOT WORM!No
XFTPGraberFTPGraber.exeAdded by the DLOADER-DT TROJAN! No
NFTPManagerFTPDM.exe"Robust FTP is a Windows-based file transfer client application that transfers files between a user's local PC and another, remote computer system connected via a modem and telephone lines or by a local-area network (with upload transfer resume and download transfer resume)". Can be started manuallyNo
UFtpqueueFtpsched.exePart of WS_FTP Pro from Ipswitch. Queueing facility for scheduling FTP transfersNo
?FtpServer.exeFtpServer.exePart of the Sharpdesk from Sharp Electronics. "A desktop-based, personal document management application that lets users browse, edit, search, compose, process, and forward both scanned and native electronic documents". What does it do and is it required?No
Uftutil2rundll32.exe ftutil2.dll, SetWriteCacheModeRelated to Promise Technology's FastTrak SX4030/4060 PCI ATA Raid 5 controller (and possibly others)No
XFUFUvirus.exeAdded by the VB-EJC TROJAN!No
XFuckD3w4FuckD3w4.exeAdded by the BRONTOK-DI WORM!No
XFuckerfucker.vbsAdded by the CATCHER-A WORM!No
UFujitsu Hotkey UtilityIndicatorUty.exeFujitsu Hotkey Utility displays icons on the screen when you use hotkeys on a Fujitsu Siemens Lifebook, eg, when you press the hotkey for muting the sound, a loudspeaker icon with a cross on it is displayedNo
UFujitsu MenuFjMnuIco.exeFrom the "Fujitsu Menu" tray icon you have instant access to the Control Panel, Tablet pc keyboard, Tablet and pen settings, Fujitsu display controls, brightness control, sounds and audio devices, capture screen, capture window, organize favorites, power options, printers and faxes, LCD brightness MIN, LCD brightness MAX, Enable/disable Button Panel and the Fujitsu menu settings, which are customizableNo
Xfukerservicefukerz.exeAdded by a variant of the RBOT WORM!No
XFUKLBARbar.exePurityScan adwareNo
NFullAudioWMPImporter.exeUsed to import settings from Windows Media Player into Music Now software (from www.musicnow.com - which is no longer available) and possibly othersNo
XFunFun.exeAdded by the COIDUNG-A WORM!No
NFusionHdtvTrayFusionHdtvTray.exeFusionTrayAgent - main executable for DVICO FusionHDTV software. It adds an icon to system tray that allows you to easily access Fusion HDTV softwareNo
UFusionRCFusionRC.exeRemote control manager for DVICO FusionHDTVNo
UFusionRemoteFusionRc.exeRemote control manager for DVICO FusionHDTVNo
NFusionTrayAgentFusionHdtvTray.exeFusionTrayAgent - main executable for DVICO FusionHDTV software. It adds an icon to system tray that allows you to easily access Fusion HDTV softwareNo
Xfvekfvek.exeAdded by the DRIVOL-A TROJAN!No
YFveNotifyfveNotify.exeWindows Vista - BitLocker Drive Encryption Notification Utility. Available with Enterprise and Ultimate versions of Vista, "BitLocker prevents a thief who boots another operating system or runs a software hacking tool from breaking Windows Vista file and system protections or performing offline viewing of the files stored on the protected drive" - see hereNo
XFW Managerfwcheck.exeAdded by the DELBOT-H WORM!No
XFWDMON.EXEfwdmon.exeAdded by the PROXY-S TROJAN!No
Yfwenc.exefwenc.exeCheck Point SecuRemote VPN client - "dynamic and fixed IP addressing for all ISP services - dial-up, cable modem, or DSL - the ideal solution for telecommuters and mobile workers"No
XFwr Command Modulefwr.exeAdded by the SDBOT-PP WORM!No
Nfwrastrcfwrastrc.exeDial-up software for Friendly Technologies/1NationOnLine free ISPNo
UfwservicefwserviceeAcceleration Stop-Sign security software related. Previously not recommended, see hereNo
XFXieloader.exeAdded by the SMALL.RR TROJAN!No
XFxoekmmiyhart.exeAdded by the SDBOT-CZQ WORM!No
Ufxredirfxredir.exeCanon MultiPASS fax redirectorNo
Xfzgsvhost32.exeAdded by the DLOADER.BDK TROJAN!No
Xf~ara32.exeAdded by the CAY TROJAN!No
Xg.exeg.exeAdded by the GRAYBIRD.Q TROJAN!No
XG00123[worm filename]Added by the BUGBROS WORM!No
XG0mezG0mez.vbsAdded by the GORMLEZ-A WORM!No
XG3GSMedia3.exeMalware downloader - detected by Kaspersky as the VB.UX TROJAN!No
?g3dctlg3dctl.exe??No
XG4G[random filename]Detected as Trojan-Downloader.Win32.VB.fkiNo
UG6FTP Server Tray MonitorG6FTPTray.exeSystem Tray monitoring tool for Gene6 FTP Server - "an advanced FTP server software for Windows developed specifically for security and high performance requirements"No
Xga6pcwga6pcw.exePart of the AVSystemCare rogue security software and other members of this family. See here for more examplesNo
Xgabougoolnounina.exeAdded by the AGENT-JVX TROJAN!No
Xgacgac.exePart of VirusVakt, Swedish rogue security software - not recommended. A member of the AVSystemCare familyNo
?GACServiceGACService.exeRelated to a Gemplus product. What does it do and is it required?No
Xgadcomgadcom.exeAdded by the AGENT-HIC TROJAN!No
Xgadkgak12fsafsakx12.exeAdded by the ONLINEG-N TROJAN!No
NGadu-Gadugg.exePolish language Instant Messaging clientNo
NGadwin PrintScreenPrintScreen.exeGadwin PrintScreen - utility to capture, print or save the current windowNo
XGAELICUM.EXEGAELICUM.EXEAdded by the PENTA-A TROJAN!No
Xgah95on6gah95on6.exeShopAtHome/SAHagent adwareNo
Ugaimgaim.exeGaim is an instant messenger client with capability to connect to AIM, ICQ, MSN Messenger, Yahoo, IRC, Jabber, Gadu-Gadu and Zephyr networksNo
UGainwardTBPanel.exeConfiguration utility for Gainward graphics cards. Not required unless you use non-default settings. Available via Start -> Settings -> Control PanelNo
Xgameshit.exeAdded by the Netclap Gold backdoor TROJAN!No
Xgamepatcher.scrAdded by the PSW-ED TROJAN!No
NGame DeviceJOYUPDRV.EXEGenius game controller profile activatorNo
XGame HouseGameHouse.exeAdded by the DELF-DRA WORM!No
NGameDriveGDTask.exeGameDrive from FarStone - virtual CD/DVD drive emulator that allows you to run your PC games without the disc. Available via Start → ProgramsNo
XGames Accelerationsvshost.exeEasySearch adwareNo
XGames Acceleration[path to trojan]Added by the SMUTSRCH-A TROJAN!No
XGames Accelerationsvshost1.exeAdded by the DLOADR-AWD TROJAN!No
XGames toolbarrundll32.exe [path] tbGame.dll DllShowTBTopconverting.com/180Search "Games Toolbar" adware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
NGameSpotkontiki.exeKontiki Delivery Manager - Windows-based client software that enables secure delivery of content to users' desktopsNo
NGameTrackerGTLite.exeGameTracker - "Keep track of and launch all your games from one application with the Game Tracker Client. Instantly announce on your profile and to your friends what game and on which server you are playing!"No
Ugameutil.exegameutil.exePart of Redline RegTweak as supplied with Sapphire ATI graphics cards. You can configure different overlclocking settings on a per game basis and this sets those conditions following a re-bootNo
Xgammasvchost.exeAdded by a variant of the DELF.IT TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! The location of this file variesNo
UGammaHotKeyssetgamma.exePart of the RadeonTweaker program for adjusting ATI Radeon graphics cards. Allows you to adjust the gamma (or brightness) when playing a full-screen game without switching back to the desktopNo
Xgangstagangsta.exeAdded by the RIMA.A BACKDOOR!No
UGARO Status Monitorcnwism.exePrint monitor for certain Canon printersNo
XgaSrvgaSrv.exeDetected by Panda as the DOWNLOADER.ALQ TROJAN! Adware downloaderNo
XgaSrvegaSrve.exeDetected by Panda as the DOWNLOADER.ALQ TROJAN! Adware downloaderNo
XGate Personal FirewallSystpl.exeAdded by the RBOT.ADC WORMNo
NGateway Extended WarrantyGWCares.exeGateway Extended Warranty reminderNo
XGatorgator.exeGator eWallet adware. Please note that Claria Corporation no longer support GAIN-Supported software - see hereNo
XGator eWalletgator.exeGator eWallet adware. Please note that Claria Corporation no longer support GAIN-Supported software - see hereNo
XGay_Sexy_**Gay_Sexy_**.exePremium rate adult content dialler (where * is a random char)No
UGazelDisplaygsyno.exeBT Digital Access USB - Gazel ISDN installation System Tray iconNo
YGBMHome7AgentGBMAgent.exeGenie Backup Manager Home 7 - backup softwareNo
YGBMLite7AgentGBMAgent.exeGenie Backup Manager Lite 7 - backup softwareNo
YGBMPro7AgentGBMAgent.exeGenie Backup Manager Pro 7 - backup softwareNo
YGBSpaceManSpaceMan.exeGreenBorder - secure your browsing activities on the internetNo
UGBTrayGBTray.exeSystem Tray icon access to Roxio's (nee Adaptec) GoBack software which allows you to revert back to a previously working state on you hard drive if you install a new program and your system goes faulty - performing the same functions with extra features as System Restore on WinMe/XP systems. Disable before running Scandisk or Defrag. Not required for WinMe/XP users, recommended for Win9x/NT/2K usersNo
XgCacgcac.exeAdded by the TACTSLAY.U TROJAN!No
XgcasDtServgcasDtServ.exeAdded by an unidentified WORM or TROJAN. Note - this is not related to Microsoft Antispyware which has a process bearing the same name which doesn't appear as a startupNo
YgcasServgcasServ.exeGiant Antipsyware - now superseded by Microsoft's Windows DefenderNo
XgcasServrealsched.exeAdded by a variant of the TACTSLAY.A TROJAN! Note - this is not the legitimate RealOne Player (realsched.exe) application of the same nameNo
?GCC Remindergccrem.exeAssociated with AcraMax Greeting Card Creator. Is it a registration reminder?No
NGCSGrabClipSave.exeGrabClipSave screen capture toolNo
Xgcwgcw.exePart of BestsellerAntivirus, PCSecureSystem and other members of the AVSystemCare family of rogue security software suites. See here for more examplesNo
Xgdagdgajsbbsbw.exeAdded by the SDBOT-QX WORM!No
XGDAX[path to backdoor]Added by the RANKY.K TROJAN!No
XgdcwGDCW.exePart of ContentEraser, WinAnonymous and other members of the PCPrivacyTool rogue privacy tool and other members of this family. See here for more examplesNo
XGddlibrundll32.exe gddlib.dll,startAdded by the AKBOT.EG WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "gddlib.dll" file is found in %System%No
YGDFirewallTrayGDFirewallTray.exeSystem Tray access to the firewall part of G Data range of internet security productsNo
Xgdien32gdien32.exeAdded by the SINGU-P TROJAN!No
Xgdimxgdimx.exeMPB-D dialer. Note - provides an uninstall option which can be accessed via the Add or Remove Programs dialog in the Windows Control Panel. The software is listed as "gdimx"No
UGDMgr.exegdmgr.exeGuardMon is a commercial surveillance software program designed to monitor all forms of user activity on a computerNo
NGDriveGDriver.exeFound on IBM systems. All it does is set the CDROM drive letter to G:. Set your drive letter manually via Start -> Settings -> Control Panel -> System -> Device ManagerNo
NGearboxconfsvr.exeNTL's Gearbox software for configuring internet connections with their NTLWorld software - does a similar job to the Internet Connection Wizard which can be used instead using the dial-up details available hereNo
NGEARsecgearsec.exeInstalled by Apple Quicktime package - iPod®/iTunes® CDRW support. Can be disabled if you only require Quicktime playerNo
XGEDZACGEDZAC.exeAdded by the GEMEL WORM! No
XGekio Startupsgnksvc32.exeAdded by the AGOBOT.AFJ WORM!No
NGemStRmWGemStRmW.exeFor a GemPlus smart card reader. If it doesn't start automatically when you insert the smart card, start it manuallyNo
Xgencrootgencroot.exeAdded by the SDBOT-AED WORM!No
UGene USB MonitorUSBMonit.exeMonitors USB ports for insertion of Sandisk USB flashdrivesNo
XGeneral AntivirusGenAvir.exeGeneral Antivirus rogue security software - not recommended, removal instructions hereNo
Xgeneral lptt01general.exeRapidBlaster variant (in a "General" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see hereNo
Xgeneral ml097egeneral.exeRapidBlaster variant (in a "General" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see hereNo
XGeneric Hostwauclt.exeAdded by the SDBOT-DNL WORM!No
XGeneric host proccess for windowsSVCHOSTS.EXEAdded by the SPYBOT-GQ WORM!No
XGeneric Host ProcessSCHOST.EXEAdded by the RBOT-NC WORM! No
XGeneric Host Processsvchost.exeAdded by the DLOADER-NX TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
XGeneric Host Processcamacttiv.exeDetected by AVG as the CIADOOR.13 TROJAN!No
XGeneric Host Processlsassw.exeAdded by the AGOBOT-N WORM!No
XGeneric Host Process for Win Servicesmscvs.exeAdded by a variant of the SDBOT WORM!No
XGeneric Host Process for Win32 Servicesvlhost.exeAdded by the WOOTBOT.EX WORM!No
XGeneric Host Process for Win32 Servicerpchost.exeAdded by the IRCBOT.DCN WORM!No
XGeneric Host Process for Win32 Servicesntspcv.exeAdded by the SDBOT.S TROJAN!No
XGeneric Host Process for Win32 Servicesintspvc.exeAdded by the DINFOR.D WORM!No
XGeneric Host Process for Win32 Serviceswinsvc.exeAdded by the SDBOT-O WORM!No
XGeneric Host Process for Win32 Servicesbazzi.exeAdded by the AHKER.E WORM!No
XGeneric Host Process for Win32 Serviceswinsvc32.exeAdded by the SDBOT-P WORM!No
XGeneric Host Process for Win32 Serviceslspsvc.exeAdded by the MUMU.C WORM!No
XGeneric Host Process for Win32 ServicesSPSVC.EXEAdded by the SDBOT.DA WORM!No
XGeneric Host Process for Win32 Servicessvchost32.exeAdded by the AGOBOT.ALH WORM!No
XGeneric Host Process for Win32 Servicessvñhîst.exeAdded by the DLOADER.AK TROJAN!No
XGeneric Host Process for Win32 Serviceswinlogon.exeAdded by a variant of the IRCBOT BACKDOOR! See here. Note - this is not the legitimate winlogon.exe process which is always located in %System% and should not normally figure in Msconfig/Startup!No
XGeneric Host Process For Win32 Servicesmtsc32.exeAdded by the VB-CPL TROJAN!No
XGeneric Host Process for WinXP Servicesmshelp.exeAdded by the AGENT-GQP TROJAN!No
XGeneric Host Process2 System Backupscvhost2.exeAdded by the RBOT-BAH WORM!No
XGeneric Host Process326a System Backupscvhost326a.exeAdded by a variant of the SDBOT WORM!No
XGeneric Host Servicelshost.exeAdded by the RBOT.LU WORM!No
XGeneric Service Processregsvc32.exeAdded by the GAOBOT.UJ or GAOBOT.UL WORMS!No
XGeneric Service Processserv1ces.exeAdded by the AGOBOT-JK WORM!No
XGeneric Service Processnvsvc.exeAdded by the AGOBOT.BY WORM! Note - this is not the valid NVIDIA Driver Helper Service and is located in %System%No
XGeneric Service Processsrvhost.exeAdded by the AGOBOT-FX WORM!No
XGeneric Service Processregsvr32.exeAdded by the AGOBOT-AGD WORM!No
XGeneric Service ProcessSRCHOST.EXEAdded by the AGOBOT-DG WORM!No
XGeneric Service Processsvrhost.exeAdded by the AGOBOT-FB WORM!No
XGeneric Services Processregsvc32.exeAdded by the GAOBOT.SY WORM!No
XGenericHostXPWinLoaderXP.exeAdded by the BDOOR-ACX BACKDOOR!No
YGenie USB MonitorUSBmonitor.exePort monitor for an external USB hard drive. Required to enable access to the driveNo
XGenius Mose Driversvghost.exeAdded by a variant of the SPYBOT WORM! See hereNo
NGenMCLaunchermcLauncher.exeGenesys Meeting Center - "On-demand integrated audio and web meetings"No
Xgenserv pathsdqdqg.exeAdded by the SDBOT-RF WORM!No
XGeography TX 1.0 NTCompuSpeed.vbsAdded by the NEWLEY-A WORM!No
XGerenciamento de arquivos do WindowsWinmod32.exeAdded by the DLOADER-WG TROJAN!No
Xgerman.exewinsystems.exeAdded by the BAGLEDl-AE TROJAN!No
Xgerman.exewintems.exeAdded by the BAGLE-AS TROJAN!No
Xgescwgescw.exePart of BeschermingsTool, SysDepannage and other members of the ErrClean rogue system error and cleaning utility and other members of this family. See here for more examplesNo
XGestionnaire de disques universelsysoobe.exeAdded by the TOADER-A TROJAN!No
NGet Smilegetsmile.exePuts smilie faces in your E-mail. Run manually when requiredNo
XGet-Torrent Servicewakeservice.exeGet-Torrent bittorrent client - Installs LOP adwareNo
YGetcaInfoMyCa.exeMonitor for a Belkin USB Wireless adapterNo
UGetITGetIT.exe"HP GET-IT (Graduate Entrepreneurship Training through Information Technologies) empowers under- or unemployed young people with business and IT skills - helping them find a job or start their own businesses"No
XGetitAllrundll32.exe MSA64CHK.dll,DllMostrarMatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
XGetModule18GetModule18.exeInternet Speed Monitor adware related - see example hereNo
XGetModule19GetModule19.exeInternet Speed Monitor adware related - see example hereNo
XGetModule20GetModule20.exeInternet Speed Monitor adware related - see example hereNo
XGetModule21GetModule21.exeInternet Speed Monitor adware related - see example hereNo
XGetModule23GetModule23.exeInternet Speed Monitor adware relatedNo
XGetModule24GetModule24.exeInternet Speed Monitor adware related - see example hereNo
XGetModule25GetModule25.exeInternet Speed Monitor adware related - see example hereNo
XGetModule27GetModule27.exeInternet Speed Monitor adware relatedNo
XGetModule29GetModule29.exeInternet Speed Monitor adware related - see example hereNo
XGetModule30GetModule30.exeInternet Speed Monitor adware relatedNo
XGetMP3rundll32.exe MSA64CHK.dll,DllMostrarMatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
XGetPack18GetPack18.exeInternet Speed Monitor adware related - see example hereNo
XGetPack19GetPack19.exeInternet Speed Monitor adware related - see example hereNo
XGetPack20GetPack20.exeInternet Speed Monitor adware related - see example hereNo
XGetPack21GetPack21.exeInternet Speed Monitor adware related - see example hereNo
XGetPack22GetPack22.exeInternet Speed Monitor adware relatedNo
XGetPack23GetPack23.exeInternet Speed Monitor adware relatedNo
XGetPack24GetPack24.exeInternet Speed Monitor adware related - see example hereNo
XGetPack25GetPack25.exeInternet Speed Monitor adware relatedNo
UGetRightGetRight.exeGetRight from Headlight Software - shareware download manager for resuming downloads and choosing multiple download locations. The Pro version adds uploading and other features. Earlier 4.x versions included ads, which could be disabled if you chose not to install the Aureate/Radiate software in the registered version - see here. Start it manually unless you want to intercept download links from your browserYes
UGetRight - Tray Icongetright.exeEntry added with older versions of the GetRight download manager from Headlight Software, Inc. Start it manually unless you want to intercept download links from your browserYes
XGetTheMusicrundll32.exe MSA64CHK.dll,DllMostrarMatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
UGetting started with MacDriveMDGetStarted.exeMacDrive 7 from Mediafour Corporation - "enables anyone using Windows Vista, XP, and 2003 Server to seamlessly access Mac disks (HFS/HFS+) of all types, including CDs, DVDs, hard drives, floppy, Zip, Jaz, and more!"No
XgetwinwinB_.exeAdded by the BANKER-HS TROJAN!No
Xgf1.0.0.2ggf.exeAdded by the EDFON.A TROJAN!No
Xgfxtrayrundll32 ctccw32.dll,findwndAdded by the AGENT.AOU BACKDOOR! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted, The "ctccw32.dll" is located in %System%No
XGhost AntivirusGhostAV.exeGhost Antivirus rogue security software - not recommended, removal instructions hereNo
XGhost Relay[random filename]Added by the DNSCHANG.EK TROJAN!No
UGhostSecuritySuitegss.exeGhost Security Suite - protect the registry from unauthorized reading and modification and other tools No
NGhostStartServiceGhostStartService.exeRequired to run the Windows based wizard in Norton Ghost - added from the 2003 version. Will start automatically when you run the wizardNo
NGhostStartTrayAppGhostStartTrayApp.exeSystem Tray access to Norton Ghost - added from the 2003 versionNo
YGhostSurfDelSatelliteDeleteSatellite.exePart of SpyCatcher spyware remover from Tenebril. Prevents rogue programs from sending personal information to a remote user via the Internet. If you use SpyCatcher with real time scanning, you'll want to leave this file in place No
Xgigabit.exegigabit.exeAdded by the BEAGLE.U WORM!No
XGigaByteCheatle.exeAdded by the SHODI.B VIRUS!No
UGiganews AcceleratorGiganewsAccelerator.exeGiganews Accelerator from Giganews, Inc. - "a software-based news proxy which will allow you to compress headers and enable 256-bit SSL encryption, regardless of whether or not SSL is supported natively by your news client"No
YGilat SOM Enumeratordllhost.exeFor Gilat Communications internet satellite systems - associated with SkyBlaster modem. Required if you have this systemNo
YGilatFTCftc.exeFor Gilat Communications internet satellite systems - associated with SkyBlaster modem. Required if you have this systemNo
Xgimmygames[path to trojan]Added by the DLOADR-LN TROJAN!No
Xgimmysmileysgimmysmileys.exeGimmySmileys adwareNo
XGinaDllntgina.dllAdded by the ANIG.A WORM!No
?GisdnLoggisdnlog.exeBT Digital Access USBNo
UGlass2kGlass2k.exe"Glass2k is a small little program that allows Win2K/XP users to make any window transparent"No
XGLF Network Lan MonitorNPFMNTOR.exeAdded by the RBOT-AGY WORM!No
YGlideGlidew32.exeCirque touchpad driverNo
XGlobal StartupWinDash.EXEDetected by Kaspersky as the VB.Q WORM!No
XGlobalFlagACERACER.exeAdded by the VB.BL WORM!No
XGlobalFlagimglogimglog.exeAdded by the AGENT-GYK TROJAN!No
XGlobalSCAPE[random filename]Added by the RBOT-AYM WORM!No
UGlobeTrotter Connectglobetrotter connect.exeGlobeTrotter Connect - easy-to-use software application that "simplifies the management of Windows-based broadband Internet connections to WWAN networks, worldwide, automatically configuring connection to the service provider according to the SIM card inserted"No
XGlock Suite 1.1glock32.exeAdded by the TINY.GV TROJAN!No
XGLSetIT32msiexec16.exeAdded by the OPTIX PRO TROJAN!No
XGLSetIT32isass.exeAdded by a variant of the OPTIX PRO TROJAN!No
XGLSetT32smsiexec.exeAdded by the OPTIX-D TROJAN!No
?gluongluon.exeIn a gluon/bin sub-directoryNo
Xglvglv.exeAdded by the DLOADER-NG TROJAN!No
XGMedia2GSM2.exeMalware downloader - detected by Kaspersky as the VB.UX TROJAN!No
XGMedia2GSMedia3.exeMalware downloader - detected by Kaspersky as the VB.UX TROJAN!No
YGmouseGmouse.exeAmouse mouse driver - required if you use non-standard Windows driver featuresNo
XGmsvc32gmsvc32.exeAdded by the AGOBOT.ABN WORM!No
UGnetmousgnetmous.exeGenius mouse driver - required if you use non-standard Windows driver featuresNo
UGNETMOUSEgnetmouse.exeGenius mouse driver - required if you use non-standard Windows driver featuresNo
XGNP Generic Host Processsvchost.exeAdded by the ZAPCHAS-F BACKDOOR! Note - this is not the legitimate svchost.exe process which should not normally figure in Msconfig/Startup!No
?gnubgnub.exe??No
Xgocvir.exeAdded by the SILOV-A WORM!No
XGo And Startsvdll32.exeAdded by the RBOT.AI BACKDOOR!No
XGo!Zillagozilla.exeDownload manager for resuming downloads and choosing multiple download locations. Advertising spywareNo
XGo!Zilla Monster DownloadsGo.exeDownload manager for resuming downloads and choosing multiple download locations. Advertising spywareNo
UGoBackGBMenu.exeRoxio's (nee Adaptec) GoBack software which allows you to revert back to a previously working state on you hard drive if you install a new program and your system goes faulty - performing the same functions with extra features as System Restore on WinMe/XP systems. Disable before running Scandisk or Defrag. Not required for WinMe/XP users, recommended for Win9x/NT/2K usersNo
UGoBackGBTray.exeSystem Tray icon access to Roxio's (nee Adaptec) GoBack software which allows you to revert back to a previously working state on you hard drive if you install a new program and your system goes faulty - performing the same functions with extra features as System Restore on WinMe/XP systems. Disable before running Scandisk or Defrag. Not required for WinMe/XP users, recommended for Win9x/NT/2K usersNo
UGoBack Polling ServiceGBPoll.exeRoxio's (nee Adaptec) GoBack software which allows you to revert back to a previously working state on you hard drive if you install a new program and your system goes faulty - performing the same functions with extra features as System Restore on WinMe/XP systems. Disable before running Scandisk or Defrag. Not required for WinMe/XP users, recommended for Win9x/NT/2K usersNo
UGoBack Tray IconGBTray.exeRoxio's (nee Adaptec) GoBack software which allows you to revert back to a previously working state on you hard drive if you install a new program and your system goes faulty - performing the same functions with extra features as System Restore on WinMe/XP systems. Disable before running Scandisk or Defrag. Not required for WinMe/XP users, recommended for Win9x/NT/2K usersNo
XGOGGOG.exeAdded by the PHILIS.B VIRUS!No
Xgoidrgoidr.exeGoidr adwareNo
XGoldenAntiSpypgs.exeGoldenAntiSpy rogue security software - not recommended. A member of the AVSystemCare familyNo
UGoldensoft_MndlSvrMndlSvr.exeGoldensoft CD Ghost related - turns a computer into a 200X-speed CD-ROM tower. Working from the hard drive, users can simultaneously access as many as 23 virtual CD-ROM drives at a speed of 200X for true multitaskingNo
XGolumservices.exeAdded by the GOLUM.A TROJAN! Note - this is not the legitimate services.exe process, which should not appear in Msconfig/Startup!No
Xgolummservices.exeAdded by the DLOADER-ET TROJAN! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "golumm" subfolderNo
Xgoodbadvir.exeAdded by the SILOV-B WORM!No
Xgooglegoogle.exeAdded by the RBOT-AMW WORM!No
UGoogle DesktopGoogleDesktop.exeGoogle Desktop - "a desktop search application that provides full text search over your email, files, music, photos, chats, Google Mail, web pages that you've viewed and more. By making your computer searchable, Google Desktop puts your information easily within your reach and frees you from having to manually organise your files, emails and bookmarks"Yes
UGoogle Desktop SearchGoogleDesktop.exeGoogle Desktop - "a desktop search application that provides full text search over your email, files, music, photos, chats, Google Mail, web pages that you've viewed and more. By making your computer searchable, Google Desktop puts your information easily within your reach and frees you from having to manually organise your files, emails and bookmarks"Yes
XGoogle Earth[random filename]Added by the RBOT-AXK TROJAN!No
NGoogle Earth ViewerGOOGLEMAPS.EXEGoogle Earth "combines satellite imagery, maps and the power of Google Search to put the world's geographic information at your fingertips"No
UGoogle IME AutoupdaterGooglePinyinDaemon.exeGoogle Pinyin Input Method Editor (IME) - allows a user to input Chinese characters by entering the pinyin of a Chinese character (with or without tone, depending on the system) and then presenting the user with a list of possible characters with that pronunciationNo
Xgoogle Intrenet Explorergoogle.pifAdded by the RBOT-ARA WORM!No
UGoogle Quick Search BoxGoogleQuickSearchBox.exePart of Google Toolbar (from version 6 onwards) for IE. The Quick Search Box sits between the "Start" button and Quick Launch toolbar and "lets you easily search both your computer and the Web from a slick-looking search box that comes up only when you need it"Yes
XGoogle serviceGooglesetup.exeAdded by the IRCBOT-RJ WORM!No
XGoogle Service FRGO0GLEFREE.EXEAdded by a variant of the SPYBOT WORM!No
Xgoogle toolbarggtb32.exeAdded by the AGOBOT-RR WORM!No
NGoogle UpdateGoogleUpdate.exeUpdate manager for the range of tools available from Google - such as the Chrome web browser and Picasa photo manager. Located in %AppData%\Google\UpdateNo
XGoogle UpdateGoogleUpdate.exeAdded by the BUZUS.DBFM TROJAN! Note - this is not the valid Google program which is normally located in %AppData%\Google\Update. This version resides in %System%No
NGoogle UpdaterGOOGLE~1.EXEDownloads and installs updates for Google applications (Google Earth, Google Desktop, etc.)No
NGoogle UpdaterGoogleUpdater.exeDownloads and installs updates for Google applications (Google Earth, Google Desktop, etc.)No
XGoogleBot.exeGoogleBot.exeAdded by the GB TROJAN!No
NGoogleDCClientGoogleDCC.exeGoogle Compute Client - only present if you installed the Google Toolbar with "Google Compute" client active. Does complex calculations in the background when idle. If you want to turn it off go to your browser, click on the little double-helix on the Google Toolbar, and click "Stop Computing". No longer supportedNo
UGoogleDesktopGoogleDesktop.exeGoogle Desktop - "a desktop search application that provides full text search over your email, files, music, photos, chats, Google Mail, web pages that you've viewed and more. By making your computer searchable, Google Desktop puts your information easily within your reach and frees you from having to manually organise your files, emails and bookmarks"Yes
UGoogleQuickSearchBoxGoogleQuickSearchBox.exePart of Google Toolbar (from version 6 onwards) for IE. The Quick Search Box sits between the "Start" button and Quick Launch toolbar and "lets you easily search both your computer and the Web from a slick-looking search box that comes up only when you need it"Yes
Ugoogletalkgoogletalk.exeGoogle Talk "enables you to call or send instant messages to your friends for free-anytime, anywhere in the world". Can be launched manuallyNo
UGoogleToolbarNotifierGoogleToolbarNotifier.exePart of Google Toolbar (from version 4 onwards) for IE. "Google Toolbar Notifier allows you to set Google as your default search engine and prevents your search settings from being changed without your consent. An icon in your system tray blinks if the Notifier identifies an attempt to change your default search engine. You can click the icon to get more details and allow the change". There was a bug in earlier versions where disabling the option resulted in the entry still running at startup but this has now been resolvedYes
XGoogleUpdater3GoogleMapper.exeAdded by the ROUTROBOT WORM!No
Xgotnewupdate000.exegotnewupdate000.exeAdded by the FAKEAV-BGA TROJAN!No
UGoToMyPCg2svc.exeExpertCity GoToMyPc logon - web-based remote-access solution that allows individuals and companies to register their computers online and then securely access those computers from any web browserNo
UGoTrustedGoTrusted Secure Tunnel.exe"GoTrusted is the fast, easy way to secure your PC's Internet data and protect your privacy"No
XGotSmileyGotSmiley.exeGotSmiley - ad supported program that provides the user with smileys for use in emails. Not recommended. Please note that Claria Corporation no longer support GAIN-Supported software - see hereNo
Xgouday.exereadme.exeAdded by the BEAGLE.C WORM!No
XgovuraropeRundll32.exe retasevo.dll,sAdded by the BHO-HG TROJAN! The "retasevo.dll" file is found in %System%No
XGP Updatergpupdater.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XGPLv3[random name].dllVundo adwareNo
Xgpmcewindow.exeAdded by the VB.CK WORM! No
Xgqgqqgergqgeqegl.exeAdded by the SDBOT-CLJ WORM!No
NGRAgra.exeLooks at system resources at startup and warns you if they have dropped. Contains links to the Disk Clean Up, Defrag and Start Up Menu. It does have a link to a startup configuration utility. Similar to msconfig but can keep a list of disabled apps. Not really necessary. Only appears if you load the Gateway Startup UtilityNo
?gramdate2Stop.exe??No
XGraphic Driversmss32.exeAdded by a variant of the RBOT WORM!No
XGraphic Loaderntvdm32.exeAdded by a variant of the RBOT WORM!No
XGraphic Updateopenglx.exeAdded by the IRCBOT.AMU WORM!No
XGraphics_default.pifAdded by the AUTOSKY WORM!No
XGraphics adapter servicewindll.exeAdded by the ATNAS.A WORM!No
UGravis Appawareloaderdbserver.exeLooks like it's associated with Gravis game controllers and the Keyset Manager, allowing the user to program the buttons for games that don't support themNo
UGravis Xperience Driver SupportGrxp4exe.exeDriver for Gravis game controllers such as the Eliminator Aftershock. Must be loaded if you run the supplied application software for the controller to be recognized. Start it manually via a shortcut if not usedNo
?GrdSys32GrdSys32.exeX-Stream ISP software. Offers free Net access funded by on-screen ads. Is it required or can you create your own dial-up networking connection to use on demand?No
XGreasyPalmUpdateGreasyPalmUpdate.exeSearchFast adwareNo
XGreatDefenderGreatDefender.exeGreatDefender rogue security software - not recommended, removal instructions here. A member of the AntiAID familyNo
XGreatDefender.exeGreatDefender.exeGreatDefender rogue security software - not recommended, removal instructions here. A member of the AntiAID familyNo
XGreatDownloadsrundll32.exe MSA64CHK.dll,DllMostrarMatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
NGreetings WorkshopGWREMIND.EXEYou really want to be reminded about somebody's birthday at the expense of resources?No
Xgremierwscript.exe gpremier.vbsAdded by the GPREMIER WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted. The "gpremier.vbs" file is located in %System%No
XGremlinintrenat.exeAdded by the DOOMJUICE WORM!No
Xgrgtgvgb.exe[random].exeAdded by the AGENT-EBF TROJAN!No
Xgrindersgrinders.exeAdded by a variant of the Storm/Nuwar/Zhelatin WORM! See here for an exampleNo
NGroksterGrokster.exeGrokster Peer-To-Peer File Sharing programNo
YGroove Virtual OfficeGroove.exe"Groove Virtual Office uses a peer-to-peer networking model to connect users in Groove Workspaces. In these workspaces geographically dispersed coworkers can do almost everything they could do in the same office. They can hold online meetings, store files and folders, save threaded discussions, scribble on whiteboards, share calendars, and track project information and timelines." Formerly by Groove Networks - now owned by Microsoft and part of MS OfficeNo
UGrooveMonitorGrooveMonitor.exePart of MS Office Groove - a stand-alone product or included with the Enterprise/Ultimate versions of MS Office 2007. "A collaboration software program that helps teams work together dynamically and effectively, even if team members work for different organizations, work remotely, or work offline". GrooveMonitor is responsible for synchronizing the Groove workspaces between the users PC and those of other workspace participants. If you don't use Groove to collaborate with co-workers you can safely disable this entryYes
UGrooveMonitor UtilityGrooveMonitor.exePart of MS Office Groove - a stand-alone product or included with the Enterprise/Ultimate versions of MS Office 2007. "A collaboration software program that helps teams work together dynamically and effectively, even if team members work for different organizations, work remotely, or work offline". GrooveMonitor is responsible for synchronizing the Groove workspaces between the users PC and those of other workspace participants. If you don't use Groove to collaborate with co-workers you can safely disable this entryYes
UGroupWise PDA Connect - 3CmPlmAutoDet.exe3Com Palm PC specific translator for the GroupWise PDA Connect PDA synchronisation utility from NovellNo
UGroupWise PDA Connect - GrpWseAgnt.exeGroupWise PDA Connect PDA synchronisation utility - from NovellNo
UGroupWise PDA Connect - PocketPCAUTODE~1.EXEWindows Mobile Pocket PC specific translator for the GroupWise PDA Connect PDA synchronisation utility from NovellNo
UGroupWise PDA Connect - ScheduleSyncSCHEDU~1.EXEScheduleSync specific translator for the GroupWise PDA Connect PDA synchronisation utility from NovellNo
NGrpConvgrpconv.exeMicrosoft Windows Program Group Converter - used by installers (ONLY in the RunOnce keys) - provides the translation of groups and group items to folders and links. Also see this MS Knowledge Base articleNo
XGsAdsgms2.exePacerD_Media/Pacimedia.com adwareNo
?GscbcGscbc.exe??No
Xgshpzzgshp.vbsHomepage hi-jackerNo
NGsiconexeGsicon.exeADSL modem monitor from Eicon Networks (as used by BT for its Broadband internet service for example). Can safely be disabled without affecting the connection - all this does is give an indication of connectivity and access to the diagnostic facilitiesNo
?GsiFinalrundll32 gspndll.dll,postInstall finalUSB DSL modem related. What does it do and is it required?No
?GSISETUP[path] GsiInst.exe INSTALL [path] V205Res 13BT Voyager ADSL modem related - what does it do and is it required?No
NGSOrganizerGSOrganizer.exeGoldenSection Organizer (now WinOrganizer - personal information manager)No
Xgssomaticgssomatic.exeSearchcentrix hijackerNo
YgStartgStart.exegStart GPS software from GarminNo
XGStartupGMT.exeGator spyware component - see here. Please note that Claria Corporation no longer support GAIN-Supported software - see hereNo
Xgsvgsv.exeAdded by the ROBAL 1.0 backdoor TROJAN!No
XGTGT.EXEAdded by the SDBOT-AJ WORM!No
XGT15J4R49Vcpuserv.exeIdentified as a variant of the Trojan.Win32.Radi.gu malwareNo
UGTVEpgGTVEpg.exePart of Got All Media - control your TV tuner and other utilities from your PCNo
UGTVRecGTVRec.exePart of Got All Media - control your TV tuner and other utilities from your PCNo
NGtwatchgtwatch.exeAssociated with a Mustec scanner and not requiredNo
Xgtydfiisca.exeAdded by the CLAGGER-BB TROJAN!No
Xgtydfiscca.exeAdded by the DWNLDR-GTK TROJAN!No
Xgtydfggrrgg.exeAdded by the DLOADR-AZK TROJAN!No
UGuardGuard.exeRelated to Phoenix Technologies Core Managed Environment (cME) Integration and Certification programNo
XGuard ProVH339.exeGuard Pro rogue security software - not recommended, removal instructions hereNo
XGuardCenterGuardCenter.exeGuardCenter rogue security software - not recommendedNo
YGuardGui ApplicationGuardGui.exeSystem Tray access to the main user interface for Ashampoo® AntiVirus from Ashampoo GmbH & Co. KG.Yes
UGuardianCMGrdian.exeMcAfee Guardian shortcut menu on the System Tray (looks like a castle) given access to Internet Security, Browser Buddy, File Guardian and help. Included with older versions of McAfee Internet Security and possibly othersNo
UGuardian PC Security ToolsPfft.exeBoomerang Software's Guardian PC Security Tools - now rebranded as the eXtendia Security Suite No
XGuardPcs.exeGuardPcs.exeGuardPcs rogue security software - not recommended, removal instructions here. A member of the AntiAID familyNo
XGuardWWWGuardWWW.exeGuardWWW rogue security software - not recommended, removal instructions here. A member of the AntiAID familyNo
Xguarnsetguarnset.exeAdlogix adwareNo
Xgummygummy.exeAdded by the VANEBOT-AQ WORM!No
XGURLgurl.exeGURLWatcher spywareNo
UGuruNetGuruNet.exeGuruNet lets you click on any word on your screen to get the relevant information you wantNo
XGustavVED[filename].exeAdded by the OPASERV.H WORM!No
Xgvagfxjrundll32 ...gvagfxj.dllUnidentified adware, spyware or virusNo
Ygw port controllerPORTCT95.EXEFrom a visitor - "I must keep it active in start up or my Lexmark printer and RCA Cam program cannot discover a working port to work". From the file properties, the file is known as "Smart Thru Fax Drive Spy" and is supplied by SamsungNo
NGWInkMonitorGWInkMonitor.exeGateway ink monitor - makes an annoying popup that says your printer may be running out of ink, do you want to buy some!No
Xgwizntsystem.exeAdded by the NITWIZ.A TROJAN!No
Xgwizarpl.exeDetected by F-Prot as W32/Downloader-Sml-basedNo
NGWMDMMSGGWMDMMSG.exeUsed with internal modems on Gateway and vprMatrix PCs. This is the "GTW modem messaging applet" and is not required for the modem to work correctlyNo
UGWMDMpiGWMDMpi.exeUsed with internal modems on Gateway PCs such as the 450SX Notebook. Required for audio settings to be maintained and does not remain in memory once run. See here for more informationNo
Ugwumgwum.exeGigabyte utility manager. Loads if you have a Gigabyte motherboard and got a full bundle of utilities installed. Monitors CPU, fans, BIOS etc. Only used by system "tweakers"No
?gyygyy.exePossibly Gator (and therefore spyware) related?No
XG_HostgHost.exeAdded by the AUTOIT-BP WORM!No
XG_Server.exeG_Server.exeAdded by the FEUTEL-C TROJAN!No
XG_Server1.2.exeG_Server1.2.exeAdded by the GRAYBIRD-Z TROJAN!No
UH/PC Connection AgentWCESCOMM.EXEConnection manager for Microsoft ActiveSync - mobile device synchronization software for Windows XP (and earlier), supporting mobile devices based upon the Windows CE OS (such as Pocket PC, Handheld PC and Windows Mobile). Automatically launches ActiveSync (if enabled) when the mobile device is connected. If disabled it will re-instate the next time ActiveSync runs - hence the reluctant "U" recommendationYes
YH2Ocledx.exeRelated to copyright protection products by SyncroSoftNo
UH2OWIBUCXWibu.exeRelated to CodeMeter from WIBU-SYSTEMS AG. Software protection hardwareNo
Xh4te Service Driversh4te.exeAdded by a variant of the RBOT WORM!No
UHaburazerhid.exeMicrosoft Habu (by Razer) gaming mouse driver - required if you use the additional features and programmed keys/macrosNo
Xhachimitsu-lemonhachimitsu-lemon.exeAdded by the HACHILEM TROJAN!No
XHackMuFptHackMuFpt.exeAdded by the SCLOG-AG TROJAN!No
Xhagentavp.exeAdded by the "Herman Agent" remote access TROJAN!No
XHalflifehalflife2.exeAdded by the AGOBOT-OC BACKDOOR! Note - this file is not associated with Valve Corporation's Half-Life 2 gameNo
UHalifaxHowardClusterskinkers.exe"Howard the Weatherman" desktop client from Halifax by Skinkers - marketing/messaging tool. Leave enabled if you want to receive messagesNo
YHamachihamachi.exeLogMeIn Hamachi remote control and VPN softwareNo
UHaMFrontPanelhampanel.exeDisplays a panel simulating modem lights for the Intel HaM internal modem. The lights are useful as a reminder to disconnect from the net if you are likely to forget, but otherwise pointlessNo
UHandy Backup 3.9hbagent.exeHandy Backup - automatic backup of your critical data to virtually any type of storage media including CD-RW devices and remote FTP serversNo
XHanUpdatehanz.exeAdded by the RBOT-GLJ WORM!No
NHard Disk SentinelHDSentinel.exeHard Disk Sentinel - a multi-OS hard disk drive monitoring application. Its goal is to find, test, diagnose and repair hard disk drive problems, display hard disk health, performance degradations and failuresNo
XHard drive Controllerhdcontroller.exeAdded by the KIMAN.B WORM!No
XHardDriveGuardSysRep.exeHardDriveGuard rogue system error and cleaning utility - not recommended, removal instructions here. A member of the ErrClean familyNo
UHardware DoctorHwdoctor.exeWinbond Hardware Doctor - as included on some motherboard using Winbond's hardware monitoring chips. Displays fan speeds, voltages, temperatures. Only required if you're concerned about your system temperature - typically for "overclocked" systemsNo
XHardware Monitor Servicemshms.exeAdded by the WOLLF-A TROJAN!No
XHardware Profilehxdef.exeAdded by the LOVGATE.AB WORM!No
XHardware Profilehxdef.exe...Added by the LOVGATE.Z WORM!No
UHardware Sensors Monitorhmonitor.exeUtility to monitor fan speed and temperatures - similar to Motherboard Monitor. Only required if you're concerned about your system temperature - typically for "overclocked" systemsNo
XHardware Shell DetectionWinHSD.exeAdded by a variant of the RBOT WORM!No
UHarehare.exeHare - improve and optimize performance of desktop/laptop PCsNo
UHarmony 98 - CasioOrgCasAgnt.exeEnterprise Harmony 98 for CASIO - synchronization software for use with Microsoft® Outlook 97/98/2000No
XHataDuzelticisiSysRep.exeHataDuzelticisi, Turkish rogue system error and cleaning utility - not recommended. A member of the ErrClean familyNo
XHATAPE[path to trojan]Added by the BANKER-QF TROJAN!No
UHawkEyeHAWK_95.EXEControl Panel application for the old Number Nine graphics cards to change resolution, colour depth, etc. Available via Start -> ProgramsNo
UHawkEye IV Control PanelHAWK_32.EXEControl Panel application for the old Number Nine graphics cards to change resolution, colour depth, etc. Available via Start -> ProgramsNo
UHawking HWU54G UtilityHWU54G.exeWireless management utility for the HWU54G Mini Wireless-G USB Adapter from Hawking Technologies, IncNo
UHawking Wireless UtilityHWU8DD.exeWireless management utility for the HWU8DD Hi-Gain™ USB Wireless-G Dish Adapter from Hawking Technologies, IncNo
XHbinstHbinst.exeHotbar adwareNo
NHC Reminderhc.exeFor Compaq PC's. Help Compiler, crunches help database, will run without being in startup when neededNo
NHCDetectHCDetect.exeMS HomeClick Network - simple home network setup and configuration program included with 3Com HomeConnect home networking products. Runs in the background for network printer notification, detection, and Internet Connection Sharing (ICS) taskbar icon. Not required - network can be set-up manually, also has a known memory leak problemNo
Xhcenhcen.exeAdded by the SMALL.LR TROJAN!No
Uhcentertgcmd.exePart of software from SupportSoft (aka Support.com) provided to manufacturers and ISPs that allows them to offer on-line support - to update drivers, fix faults, etc. Also see the TgAddServer entry. This part ensures the software is installed correctly (similar to an installation wizard) as reported by Cox. Regarded as spyware by some as it has the ability to retrieve user information. Whether it does so depends upon the provider. One Toshiba user reports problems with hibernate on his laptop if disabled - hence the "U" recommendation"No
Uhcenterhcenter.exeBellsouth help center. Part of software from SupportSoft (aka Support.com) provided to manufacturers and ISPs that allows them to offer on-line support - to update drivers, fix faults, etc. Also see the TgAddServer entry. This part ensures the software is installed correctly (similar to an installation wizard) as reported by Cox. Regarded as spyware by some as it has the ability to retrieve user information. Whether it does so depends upon the provider. One Toshiba user reports problems with hibernate on his laptop if disabled - hence the "U" recommendation"No
Xhchoshchos.exeAdded by the SCAR.BVBM TROJAN!No
Xhclean32.exehclean32.exeWareout - malware masquerading as a spyware and dialer removerNo
UHcontrolhcontrol.exeHotkeys on an ASUS Notebook. Only required if you use the additional keysNo
Xhcontrol32.exehcontrol32.exeAdded by the VB-EUF WORM!No
UHControlUserHControlUser.exeHotkeys on an ASUS Notebook. Only required if you use the additional keysNo
Nhcsystrayhc_tray.exeKuma Notifier for the Shootout! game from the History Channel. "It lets you know whenever there's a new episode that's been released or an announcement from the Kuma team. Just click it to get up-to-the-minute game and event information"No
NHD Audio Control PanelRtHDVCpl.exeRealtek HD Audio Manager, installed with the Vista drivers for on-board Realtek HD audio codecs. Unless you have the default (but optional) System Tray icon enabled, the only purpose this entry serves is to detect and allow you to configure any devices plugged into the jacks - such as headphones and a microphone. With the System Tray icon enabled it will also inform you when devices are removed and give you access to the Sound Manager and other multimedia functions. The Sound Manager is also available via the Control Panel and this entry is therefore only required if you regularly change sound schemesYes
NHDAShCutHDAShCut.exeHigh definition audio page shortcut for Realtek audio devices - not requiredNo
UHDAudDeckHDAudioCPL.exeVista control panel for VIA Vinyl HD Audio Codecs from VIA Technologies, Inc - such as the VT1708BNo
UHDAudDeckHDeck.exeXP control panel for VIA Vinyl HD Audio Codecs from VIA Technologies, Inc - such as the VT1708BNo
XHDAudiohda.exeAdded by the TACTSLAY.U TROJAN!No
XHDAudio Driver 1.0[random filename].exeAdded by the TEADOOR-D TROJAN!No
XHDAudio Driver 2.0[random filename].exeAdded by the TEADOOR-E TROJAN!No
UHDDControlGuardHDDControlGuard.exePart of Ashampoo® HDD Control from Ashampoo GmbH & Co. KG - a hard drive monitoring utility which also incorporates defragmentation and cleaners for browsing history and unnecessary files. This entry loads the Ashampoo HDD Control Guard component on startup which runs in the background and monitors the hard drives and provides System Tray accessYes
UHDDControlGuard.exeHDDControlGuard.exePart of Ashampoo® HDD Control from Ashampoo GmbH & Co. KG - a hard drive monitoring utility which also incorporates defragmentation and cleaners for browsing history and unnecessary files. This entry loads the Ashampoo HDD Control Guard component on startup which runs in the background and monitors the hard drives and provides System Tray accessYes
UHDDHealthhddhealth.exeHDD Health is a "full-featured failure-prediction agent for machines using Windows 95, 98, NT, Me, 2000 and XP. Sitting in the system tray, it monitors hard disks and alerts you to impending failure" No
UHDDlifeHDDlife.exeHDDlife checks the health of your hard drives at regular intervals and informs you about the results of these checksNo
?HDhelptbhdhelp.exeAssociated with Philips Edge series soundcards. Is it required?No
Xhdlfoe df98ndfsvchots.exeAdded by a variant of the RBOT WORM!No
Xhdlpscom[8 random letters].exeAdded by the RBOT-FUL WORM!No
XHDriveSweeperHDriveSweeper.exeHDriveSweeper rogue privacy program - not recommended, removal instructions hereNo
NHDtrayHDtray.exePhilips Edge Series Control Panel Tray Utility - system tray icon for a Philips Edge series soundcards. Available via Start -> Settings -> Control PanelNo
Xhe3bbcffrundll32.exe he3bbcff.dll,EnableRunDLL32LZIO.com adware downloader. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "he3bbcff.dll" file is found in %System%No
Xhe3e3fc4rundll32.exe he3e3fc4.dll, EnableRunDLL32LZIO.com adware downloader. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "he3e3fc4.dll" file is found in %System%No
XHekio StartupsHnksvc32.exeAdded by the AGOBOT-QE WORM!No
XHELLBOT TEST1hellbot.exeAdded by the MYDOOM.BO WORM!No
XHELLBOT3coolbot.exeAdded by the MYTOB.AB WORM!No
Xhellfiresvchost.exeAdded by the LEOX.D TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
Xhellodollyshost.exeAdded by the YODO WORM!No
XHelloInthello3.exeAdded by the CASAL.A TROJAN!No
Xhelloservhelloserv.exeAdded by the ZHELATI.BHA WORM!No
Xhelloworldnb32ext2.exeAdded by the MYDOOM.BV WORM!No
Xhelloworldnb32ext3.exeAdded by the MYTOB.JT WORM!No
Xhelloworld3nb32ext4.exeAdded by the RITDOOR.A WORM!No
?Helphelpext.exe??No
Xhelphelp.scrAdded by the BANCOS-BBU TROJAN!No
XHelpWizardnil.exeAdded by the BANCOS-BCZ TROJAN!No
XHelplshost.exeIdentified as a variant of the Trojan-Clicker.Win32.Delf.aro malwareNo
XHelp Temp Filesnetreg.exeAdded by the FORBOT-EM WORM!No
XHelp Temp Filesemp32.exeAdded by the FORBOT-EC WORM!No
UHelpCentersprtcmd.exe /P HelpCenterSelf-help support tool for BellSouth's FastAccess® DSL (now owned by AT&T) broadband service (provided by SupportSoft, Inc). Identifies and automatically fixes typical problems that may occur with your high-speed internet serviceNo
UHelpCenter4.1sprtcmd.exe /P HelpCenter4.1Self-help support tool for BellSouth's FastAccess® DSL (now owned by AT&T) broadband service (provided by SupportSoft, Inc). Identifies and automatically fixes typical problems that may occur with your high-speed internet serviceNo
Xhelpctl.exehelpctl.exeAdded by the GASLIDE TROJAN!No
XHelpereschlp.exeAdded by the BLASTER.T WORM!No
XHELPERgreece_nm.exeAsdPlug premium rate adult content dialer variantNo
XHELPERNetherlands.exeAsdPlug premium rate adult content dialer variantNo
XHELPERnew_zealand.exeAsdPlug premium rate adult content dialer variantNo
XHELPERsweden.exeAsdPlug premium rate adult content dialer variantNo
XHELPERcanada.exeAsdPlug premium rate adult content dialer variantNo
XHELPERfrance.exeAsdPlug premium rate adult content dialer variantNo
XHELPERtemp532.exeAsdPlug premium rate adult content dialer variantNo
Xhelper.dllrundll32.exe [path] helper.dllCnsMin (Chinese Keywords) hijacker related. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
XHelpExp.exeHelpExp.exeAttune HelpExpress - spyware. Disable and uninstall - see hereNo
Xhelpmanagerspoler.exeAdded by the RANDEX.J WORM!No
Xhelpohelpo.exeAdded by the BANLOA-BU TROJAN!No
Xhelpwhelpw.exeAdware downloader No
Xhen[filename].exeAdded by the TARNO.G TROJAN!No
Xheomstoolheomstool.exeAdded by the HEOMS TROJAN!No
YHEProtectHSockPE.exePart of the AntiSpam function of the HAURI ViRobot Desktop internet security suiteNo
?HerculesCamServiceCamService.exeRelated to the Hercules Dualpix HD Webcam. What does it do and is it required?No
XhErcUnessofthost.exeAdded by the GARROCH WORM!No
Xherjekherjek.exeAdded by the NUWAR.APJ WORM!No
UHermes MessengerDGDRHE~1.EXEA LAN messenger alternative to WinPopUp - Digital Dreams SoftwareNo
XHewlett Packard Managerhpmanager.exeAdded by the MYTOB.KE WORM! Note - this is not a valid Hewlett-Packard programNo
NHewlett Packard RecorderRemind32.exeHP multifunction registrationNo
UHfHf.exeHide Folders - hide your folders so only you can view themNo
XHF Securityhfsecure.exeAdded by the AGOBOT-TI WORM!No
XhfdtubvnxkeepSafe.exeAdded by the KILLAV.KAX TROJAN!No
Yhffsrvhffsrv.exeHide Files & Folders - "great easy-to-use password-protected security utility working at Windows kernel level you can use to password-protect certain files and folders, or to hide them securely from viewing and searching just with a click of mouse". If this entry is disabled, any files/folders that are protected/hidden will no longer be accessible without first accessing the main programYes
Yhffsrv.exehffsrv.exeHide Files & Folders - "great easy-to-use password-protected security utility working at Windows kernel level you can use to password-protect certain files and folders, or to hide them securely from viewing and searching just with a click of mouse". If this entry is disabled, any files/folders that are protected/hidden will no longer be accessible without first accessing the main programYes
Uhfxphfxp.exeHide Folders XP - hide your folders so only you can view themNo
XhgkytwekeepSafe.exeAdded by the KILLAV.KAX TROJAN!No
Xhgqhp.exehgqhp.exeAdded by the FLUSH.F TROJAN!No
NHGTXPEIFirstReboot.exeHerucles Audio tool for the Hercules Game Theater XP soundcard. Available via Start -> Settings -> Control PanelNo
XHhjg5jfd93dftdfwinlogan.exeAdded by the ERTFOR.A TROJAN!No
Xhhtnsnrnxntup.exeAdded by a variant of the ORCU.B TROJAN!No
?HiberMonitorHCount.exe??No
UHibernationhib32.exeReduces the power consumption when the laptop isn't being used to preserve battery power. Similar programs on other laptops reduce the processor clock rate, etc. Required if you run of battery regularlyNo
XHid.exehid.exeAdded by the RATSOU.B TROJAN!No
UHide and Protect any Drives for Win95/98/Me/2k/XPHPDAgent.exeLoads Hide and Protect any Drives - which allows you to "Protect Hard drive, CD, DVD, floppy and flash, and deny access to partitions of your hard drives. Stop unauthorized software installations and data leak by removable media". If disabled, hidden and locked drives still retain their original status so the user will only be able to change their status them via the main UIYes
Xhidenhiden.exeAdded by the AGENT-IW TROJAN!No
UHideOEHideOE.exeHideOE - allows you to 'hide' Outlook Express or minimize it to the System TrayNo
XHideRun.exeHiderun.exe and svhost.exe and pro.gifAdded by the BOOHOO WORM!No
XHideStyleAnte Browse Trust.exeIE toolbar taking you to Lop.com. If the exe is running, close it and remove the %ProgramFiles%\Stupidmore directoryNo
UHidetools Spy Monitorwmispe.exeHideTools Spy Monitor surveillance software. Uninstall this software unless you put it there yourselfNo
Uhidservhidserv.exeThis is the Human Interface Device Server for Win98SE/2000/Me/XP, it is required only if you are using USB Audio Devices you can disable via Msconfig. See here. Typical examples are USB multimedia keyboards with volume control and web-ready keyboards. For example - loaded by default with MS DSS80 Speakers because they have Volume, Mute and Bass controls on the speaker. Some users may experience problems disabling this - if this is the case then re-enable it. Equivalent to MMHid in Win98. On HP Computers, HIDSERV is the controller for the keyboard sound controls on the USB and PS/2 keyboardsNo
XHidup_SusahPembantu.exeAdded by the SILLYFDC.BDM WORM!No
Xhid_startgzmrotate.dllAdRotator/IconAds adwareNo
UHigh Definition Audio Property Page ShortcutCHDAudPropShortcut.exeRealtek audio card related. Probably adds the odd feature to one of the "Sounds" Control Panel applet tabs - doesn't appear to be requiredNo
NHigh Definition Audio Property Page ShortcutHDAShCut.exeHigh definition audio page shortcut for Realtek audio devices - not requiredNo
UHigh Definition Audio Property Page ShortcutCHDAudPropShortcut.exeRealtek audio card related. Probably adds the odd feature to one of the "Sounds" Control Panel applet tabs - doesn't appear to be requiredNo
XHighKey1HighKey1.exeDetected by AVG as GENERIC12.LHE - see hereNo
YHighPoint ATA RAID Management Softwareraidman.exeHighPoint RAID management - hard disk striping/mirroring utility for increased performance and reliability. See here for more information on RAIDNo
XHighspeeddownloaderSetupClickHere.EXEHomepage hijacker, redirecting to "turbo-search101.com" - see hereNo
UHijackThisHijackThis.exe"HijackThis is a free utility which quickly scans your Windows computer to find settings that may have been changed by spyware, malware or other unwanted programs". This option is added when you select Config → "Run HijackThis scan at startup..." once a scan has been performed No
UHijackThis startup scanHijackThis.exe"HijackThis is a free utility which quickly scans your Windows computer to find settings that may have been changed by spyware, malware or other unwanted programs". This option is added when you select Config → "Run HijackThis scan at startup..." once a scan has been performed No
XHijSrv32hijsrv.exeAdded by the BANKGERM-D TROJAN!No
Xhimem.exe[path to worm]Added by the STRATION-FW WORM!No
XHistoriaLout.GDC.exeHistoriaLout. rogue privacy tool - not recommended. A member of the PCPrivacyTool familyNo
NHistoryKillhistkill.exeHistoryKill removes your web surfing path by removing the URL drop-list history, detailed history file, cache, and cookies in both IE and Netscape Navigator browsers. Available via Start -> ProgramsNo
UHitman Pro SurfRight Helpersrhelper.exeHitman Pro - a utility to start a number of Security Protection software. They can be started individualy No
XHitQHitQ.exeHijacker, for more information see hereNo
UHitwarePKLiteHITWAR~1.EXEHitware Popup Killer LiteNo
XHIVHIV.exeAdded by the HIVA TROJAN!No
Uhkhk.exeKeyLoggerExp keystroke logger/monitoring program - remove unless you installed it yourself!No
Uhkcmdhkcmd.exeHot Key handler for Intel desktop and mobile motherboard chipsets with integrated graphics. With this enabled, you can access settings like graphics properties and screen rotation via pre-programmed key combinations - such as CTRL+ALT+F12 which displays the graphics properties (otherwise available via a right-click on the desktop or the Control Panel). Different chipset versions may have different pre-programmed settings and in some cases these may be programmableYes
XHKCUserver.exeAdded by the AGENT-NLT TROJAN!No
XHKEYokrunlli32.exeAdded by the QQPASS-U TROJAN!No
XHKLMserver.exeAdded by the AGENT-NLT TROJAN!No
XHKLM\\Runsvhost.exeAdded by the FORBOT-AO BACKDOOR (where HKLM\\Run represents HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run)!No
XHKLM\Runwindowsupdate.exeAdded by the FORBOT-BJ WORM (where HKLM\Run represents HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run)!No
UhkservHKserv.exeKeyboard manager program required to use programmable power and function keys on some laptops such as the Sony PCG R505TSNo
Uhksshkss.exeCompaq HotKey Support - multimedia keyboard supportNo
XHLcleanuphlsetup2.exeLinkReplacer/FFinder adwareNo
Xhldrrrhldrrr.exeAdded by the BAGLE-KF WORM!No
Xhlhtxo.exehlhtxo.exeAdded by the QLOWZONES-27 TROJAN!No
XHLL Data Parameterhllcxpa.exeAdded by the RBOT.AFG WORM!No
XHMI PowerSystemhmisvc32.exeAdded by the RANDEX.CZZ WORM!No
XHML PowerSourcehmlsvc32.exeAdded by the SDBOT-XL WORM!No
UHmonitorHmonitor.exeHardware sensor monitoring program. Only required if you overclock your system and want to check on the statusNo
XHMV PowerSourcehmusvc32.exeAdded by the SDBOT-YW WORM!No
Xho2stdll.exeho2stdll.exeAdded by the BANKER-HO TROJAN!No
Xhohohhahaournik.comAdded by the IRCFLOOD.AL BACKDOOR!No
XHOI Servicesholsvc32.exeAdded by the AGOBOT-SF WORM!No
NHoliday LightsHoliday Lights.exeHoliday Lights from Tiger Technologies. Festive desktop enhancement that adds lights. Available via Start -> ProgramsNo
XHollabackslvhosts.exeAdded by the SDBOT.BMO WORM!No
XHome Antivirus 2010HomeAntivirus2010.exeHome Antivirus 2010 rogue security software - not recommended, removal instructions hereNo
NHome Theater SchSvrSchSvr.exeWinScheduler is installed with Home Theater Remote Control for WinDVD from Intervideo. If you want to schedule recordings from your TV tuner card, you will need it. Available via Start -> ProgramsNo
UHomeAlarmHomeAlarm.exeChameleon Clock - system tray clock replacementNo
XHomeAntivirus 2009HomeAntivirus2009.exeHomeAntivirus 2009 rogue security software - not recommended, removal instructions hereNo
XHomeAVhomeav.exeHome Personal Antivirus rogue security software - not recommended, removal instructions hereNo
?HomeCentre WakeUpLGWAKEUP.EXEAssociated with the no longer supported Xerox HomeCentre printer/scannerNo
UHomeKeyLoggerKeyLogger.exeSpyKeySpy surveillance software. Uninstall this software unless you put it there yourselfNo
XHomeland NetworkHomelandNetwork.exeHomeland Network Notifier - pops adsNo
Xhomepage.monitor.exeisamonitor.exeAdded by the ZLOB.MEDIA-CODEC TROJAN! This purports to be a Windows Media Player upgrade (with names such as "iCodecPack", "X Password Manager" and "Media-Codec") to allow the user to view adult oriented videos on certain websites - but actually downloads and installs additional malware on the user's machine. Various directories and filenames are used - see the link for detailsNo
UHondaHelperHondaHelper.exePart of Honda Music Link which allows you to use your Honda's audio system's controls to play and search for music on your iPod® in you carNo
?Honorhonor.exe??No
UHook99startuphk2re.exe"Hook99 enables the user to customize the start button. You can change or remove the text and replace the Windows flag on button with icon of your choice. Supports Windows icons, bitmaps and can extract icons from executables and libraries. Hook99 can also make the background of desktop icons captions transparent"No
UHookSysHookSys.exeSurfinGuard Pro from Finjan - internet protection software, protects against all malicious code delivered through executables, scripting files, ActiveX and JavaNo
UHornetMonitorMntrHrnt.exeHornet Monitor - monitoring system that detects and responds to unauthorized access attempts and sources of channel interference on any local DSSS networkNo
YHorngTech4Dbally4d.exeHorngTech 4D mouse driverNo
XHostN/AAdded by the POPDIS or STARTPAGE.F TROJANS!No
Xhosthelp.exeIESearchToolbar parasite. Identified by Ewido Security Suite (Ewido is now part of AVG Technologies) as the DELF.LF TROJAN!No
XHost Processmame.exeAdded by the RBOT-APO WORM!No
XHost Processsvchost.exeAdded by the IRCBOT.AGF BACKDOOR! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in the Fonts directoryNo
XHost Process for Windows Taskstaskhost.exeAdded by the BREDO-AI WORM! Note - this is not the valid Windows 7 process which has the same filename and the file description is also "Host Process for Windows Tasks". It is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
Xhostdll.exehostdll.exeAdded by the BANKER-BO TROJAN!No
UHostManagerAOLHostManager.exeManages a component essential to the operation of most current AOL software. If you remove it from startup it will load when IE is launched, increasing launching timeNo
NHostManagerAOLSoftware.exeQuoted from AOL Beta Team, "Manages a component essential to the operation of most current AOL software, client or not. You should be able to remove it from Startup (it'll just load when Explorer is launched, which will extend load time a bit), but do leave it on your system"Yes
XHostname Manager Serverhost32srv.exeAdded by a variant of the RBOT WORM!No
XHostren.exeHostren.exeAdded by PWS.BANKER.F, a variant of the BANKER-BO TROJAN!No
Xhostservhostserv.exeAdded by the RBOT.BPZ WORM!No
Xhostservwiz98.exeAdded by a variant of the SDBOT WORM!No
UHostsFileMgrwinHostsEdit.exeAdBin from Gilmore Software Development. An easy solution to managing your Window's hosts fileNo
UHostsManhm.exe"HostsMan is a freeware application that lets you manage your Hosts file with ease". It is mainly intended to block specific domains (mostly advertising servers) by redirecting them to localhost, but can also be used to add any other domain/Ip combination that you want to be included in the HOSTS fileNo
XHostSrvsachostx.exeAdded by the LOOKSKY.H WORM! Drops multiple files in %System%No
XHostSrvsachostx.exeAdded by the LOOKSKY.A or LOOKSKY.F or LOOKSKY.G WORMS!No
XHostSrvsachostx.exe...Added by the LOOKSKY.E WORM!No
XHostSVC syseHostSVC.exeAdded by the RBOT-ANZ WORM!No
XHot 8.0 Livehot.exeAdded by the BANKER.EIE TROJAN!No
UHot CornersHotc.exeHot Corners - "lets you quickly activate or disable your screen saver by moving the mouse into a given corner of the screen"No
XHOT FIXGothic.exeAdded by the SDBOT.FIR WORM!No
XHOT FIXfilename.exeAdded by the SDBOT-DKM WORM!No
XHOT FIXE0chis.exeAdded by the HUPIGON.JTY TROJAN!No
XHOT FIXQOching.exeAdded by the WOOTBOT.VH WORM!No
XHOT FIXView.exeAdded by the WOOTBOT.BN WORM!No
XHOT FIXwindsys2.exeAdded by the AGOBOT.AOI BACKDOOR!No
XHot InsideHottest Story Ever.exeAdded by the BHARAT.A WORM!No
UHot Key Kbd 2690 DaemonSK2690DM.EXEMulti-function keyboard driver. Allows the use of programmable keys on mulimedia keyboards. Required if you use the additional keysNo
UHot Key Kbd 9910 DaemonSK9910DM.exeMulti-function keyboard driver. Allows the use of programmable keys on mulimedia keyboards. Required if you use the additional keysNo
?Hot Party 22hotpart22.exe??No
XHotAction_hrhotaction_hr.exeAdded by the SITEICON-B DIALER! An uninstall option can be accessed via the Add or Remove Programs dialog in the Windows Control Panel. The software is listed as "HotAction_hr"No
XHotbarHbinst.exeHotbar adwareNo
XHotbarHbOEAddOn.exeHotbar adwareNo
XHotbarOEOEAddOn.exeHotbar adwareNo
XHotbarSAHotbarSA.exeHotbar adwareNo
Xhotdlllremote.cmdAdded by the BANKER-EHG TROJAN!No
Xhotdlllvmmreg32.exeBANKER.DX spywareNo
Xhotefixmsnmanegers.exeAdded by the IRCBRUTE.AS TROJAN!No
Xhotfixmsnnmaneger.exeAdded by the WOOTBOT.AF WORM!No
XHotfix Updatsvdhost32.exeAdded by the GAOBOT.ZW WORM!No
UHOTFOON2hotfoon4.exeRelated to Hotfoon - a developer and provider of Internet Telephony technology based on LTP (Lightweight Telephony Protocol)No
UHotIDEhotide.exeHotIDE allows Acer TravelMate owners to hot-swap external drives without switching of their notebooksNo
UHotkeyAppHotkeyApp.exeProgrammable keys on Acer, Fujitsu and other laptopsNo
UHotKeysCmdshkcmd.exeHot Key handler for Intel desktop and mobile motherboard chipsets with integrated graphics. With this enabled, you can access settings like graphics properties and screen rotation via pre-programmed key combinations - such as CTRL+ALT+F12 which displays the graphics properties (otherwise available via a right-click on the desktop or the Control Panel). Different chipset versions may have different pre-programmed settings and in some cases these may be programmableYes
XHotKeysCmds[path to worm]Added by the PAHATIA-A WORM!No
XHotPixhotpix.exeAdult content diallerNo
Xhotplughotplug.exeAdded by the SILLYDL TROJAN!No
UHotplughot_plug.exeRelated to the SiS_Hot_Plug_Application. Enables automated driver loading for hotpluggable devices. If this service is stopped, hotplug devices will no longer functionNo
NHotSync Managerhotsync.exeInstalled when connecting a Palm HotSync cradle up to a USB port. The Blue and Red Arrow Icon that enables Palm / Handspring Synchronizing. Available via Start → ProgramsNo
Xhotwetlovehotwetlove.exeAdult content dialler. Will not uninstall - components have to be manually deletedNo
XHot_KissHot_Kiss.exeAdult content diallerNo
XHot_TartsHot_Tarts.exeAdult content diallerNo
XHot_Tarts_**Hot_Tarts_**.exePremium rate adult content dialer (where * is a random char)No
XHot_Tarts_AuHot_Tarts_Au.exePremium rate adult content diallerNo
XHot_Tarts_mcHot_Tarts_mc.exeHotTarts adult content dialer No
UHoverDeskHoverDesk.exeHoverDesk - desktop replacement softwareNo
XHPmon.exeAdded by the SILLYFDC WORM!No
?hp 1000 firmwarefwdl.exeHP LaserJet 1000 related. Is it a driver or automatic firmware update (based upon the filename)?No
UHP AutoIndexerhppautoindexer.exeInstalled by HP multi-function printer driver software, related to PC faxing. If you are not using the PC faxing feature you can go ahead and disable these services from the startupNo
NHP CD Writerhpcdtray.exeSystem Tray access to a HP CD-Writer's functions. Available via Start -> ProgramsNo
NHP CD-DVDhpcdtray.exeSystem Tray access to a HP CD-Writer's functions. Available via Start -> ProgramsNo
NHP CD-Writerhpcdtray.exeSystem Tray access to a HP CD-Writer's functions. Available via Start -> ProgramsNo
Xhp centerBACKWEB-*****.exeSee here - "messaging service that automatically sends you support information, tips, ideas, and special offers from HP and our partners, especially designed for HP and Compaq desktop computer owners". Applies to certain HP Pavilion desktop computers between Fall 2001 and Spring 2003. * can be any digitNo
Nhp center UIShadowBar.exeUser Interface for HP Center - see hereNo
NHP Component Managerhpcmpmgr.exeChecks the internet for updated drivers/utilities for your HP product - update manually. Disabling will remove the error "Windows can't shutdown the computer because hpcmpmgr.exe can't be ended"No
XHP DeskjetHP_DeskJet_500.exeAdded by the FORBOT-DA WORM!No
XHP Desktopccappms.exeAdded by the SDBOT-TG WORM!No
UHP Digital Imaging Monitorhpqtra08.exeSystem Tray access to HP Director. Required if you prefer to use the all-in-one buttons to manually scan documents or transfer photos froma camera, for exampleNo
UHP Display Settingshpdisply.exeSets default display settings. Unchecking this item has been reported to cure a "Problem sending command to keyboard" error messageNo
NHP Envy Guides AutoPlayhpdocstart.exeRelated to the HP Envy series of laptops. Based upon the entry name, we assume this automatically launches the product guides and isn't required - can a user confirm this?No
UHP Gaming Keyboardrazerhid.exeHP VoodooDNA Gaming Keyboard (powered by Razer) driver - required if you use the additional features and programmed keys/macrosNo
UHP Health Check ScheduleHPHC_Scheduler.exeHP Health Check Scheduler from Hewlett-PackardNo
?HP IDSchedulerHPIDSCHD.exeHP Instant Delivery SchedulerNo
NHP Image Zone Fast Starthpqthb08.exeImproves the startup time of HP Image Zone. If you disable it, HP Image Zone takes a long time to start up only the first time you run it. Subsequent startups are much faster than the first timeNo
NHP Info Express??On HP PCs, allows the computer to automatically receive notifications from HP over the Internet. Associated with BackWebNo
UHP Instant Supportmatcli.exe"matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, state, etc and gets written to a log file". HP Instant Support is required to run with the Help and Support program. If you uncheck HP Instant Support and and then run Help and Support it will add another HP Instant Support in the startup menu. If you remove the HP Instant Support in the add/remove program some help menus in help and support will not be available. You decideNo
NHP Internet CenterSURFBRD.EXELoads the HP Internet center surfboard on startup. HP Internet Center allows you to customize the multimedia keys on the fly without having to go the Control Panel --> Keyboards to change themNo
NHP JetDiscoveryHPJETDSC.EXEHP JetAdmin software which monitors printing jobs on a network environmentNo
NHP JetSpeed AutostartAUTOSTART.EXEAutostart executable for the old multiplayer game HP JetspeedNo
UHP Laser Jet Directorhppdirector.exeSystem Tray icon that opens various functions such as copy, fax, email, scan, copy plus, etc. Right-click on it and you see a few options such as the preceding bar plus About, Help, ToolBox, Exit, etcNo
?HP Network Registry Agenthpnra.exe??No
?HP OfficeJet Series xxx StartupHPOSTR03.EXExxx represents the series number - such as 700. What does it do and it it required?No
?HP OfficeJet Series xxx StartupHPOstr05.exexxx represents the series number - such as 700. What does it do and it it required?No
NHP Parallel Port Testhppt.exeAssociated with a HP ScanJet scannerNo
XHP Photo ManagerHPPhotoManager.exeAdded by the SDBOT.AXU WORM!No
NHP Photosmart Premier Fast Starthpqthb08.exeImproves the startup time of HP Image Zone. If you disable it, HP Image Zone takes a long time to start up only the first time you run it. Subsequent startups are much faster than the first timeNo
?HP Port Resolverhpbpro.exe??No
NHP Precision Scanhpmdlbwx.exeHP multifunction scanner software. Available from HP Office Jet R Toolbox so not requiredNo
NHP Presentation ReadyPresRdy.exeHP Omnibook related: "Press a dedicated button above the keyboard and the system will instantly load your presentation software and change the screen resolution to match your display device"No
Uhp psc 2000 Serieshpobnz08.exeSystem Tray icon indicating when the printer is ready. Can be started manually with HP Director but takes time to startNo
UHP RecordNow??From HP "Software for the CD writer. Do not prevent from starting unless the CD writer is never going to be used."No
UHP ScanPatchHPScanFix.exeProgram that starts up and automatically fixes earlier versions of the Scanjet 5100c software. If a Scanjet 5100C scanner is not going to be used, then it is safe to remove or prevent from startingNo
NHP ScanPicturehpsplmwa.exeHP multifunction scanner software. Available from HP Office Jet R Toolbox so not requiredNo
UHP SchedIndexerhppschedindexer.exeInstalled by HP multi-function printer driver software, related to PC faxing. If you are not using the PC faxing feature you can go ahead and disable these services from the startupNo
XHP Service Drivershdsys.exeAdded by the SDBOT-ZE WORM!No
?hp Silent ServiceHpSrvUI.exeHP relatedNo
NHP Simple TraxHpcron.exeSupplied with HP CD-RW drives - stores information about CD contents on your hard drive. Available via Start -> Programs or Desktop IconNo
NHP software updateHPWuSchd2.exeHP software updates. If a shortcut doesn't exist create your own and run it manuallyNo
NHP software updateHPWuSchd.exeHP software updates. If a shortcut doesn't exist, create your own and run it manuallyNo
NHP Statushpstatus.exeHP Printer Status and AlertsNo
?HP Status Serverhpboid.exeCopied during installation of HP Inkjet Printer Drivers in Win2K/XP. What does it do and is it required?No
UHP TV NowHpTvNow.exeApplication supplied with HP notebooks. It activates the S-Video port and is said to improve the quality of the output signal (resolution/timeouts)No
XHP Update AssistantHPAware.exeAdded by the MRO TROJAN! No
NHP Updates??On HP PCs, allows the computer to automatically receive notifications from HP over the Internet. Associated with BackWebNo
?HP Visualize InitHpVisIni.exeHP Visualize software related. What does it do and is it required?No
NHP-Aio FlightRemind32.exeHP multifunction registrationNo
UHPADVISORHPAdvisor.exeHP Total Care Advisor - a suite of help and hardware check programs to help you check the health of your PCsNo
Nhpaiodevicehpodev07.exeDirect from HP - "Device Objects Server - detects all device events and handles all ongoing communication on the device. Loads in the Startup group (except when "portable" is chosen during installation)". Related to various HP all-in-one printer/scanner/copier devices. They print and copy fine with those files disabled, and the icon installed on the desktop that points to "hpodir07.exe" works just fine if you need to use the scannerNo
?HPAiODevice(hp officejet g series)hpoavn07.exeHP Printer related, reportedly lets file transfers from an HP device pass files through Windows firewall. Is it required?No
NHPAiODevice(hp psc 900 series) -1hpobrt07.exeInstalled with a Hewlett Packard 900 series colour printer, scanner, fax, photo card slot printer, copier. Assumed to perform an identical function to the hpaiodevice entryNo
NHPAIO_PrintFolderMgrhpoopm07.exeDirectly from HP: "This process has one purpose - detects if the device moves to a different port, and notifies other processes to look on the new port." For various HP all-in-one printer/scanner/copier devices. They print and copy fine with those files disabled, and the HP icon installed on the desktop that points to "hpodir07.exe" works just fine if you need to use the scannerNo
UHPBootOpHPBootOp.exe"HP Boot Optimizer intelligently and dynamically launches software during startup, based on available resources, to improve startup performance"No
?HPCam_MenuMUIStartMenu.exePart of the MediaSmart software for HP webcams - based upon software from CyberLink. Like similar MUIStartMenu.exe entries, it probably unloads after running at startupNo
Xhpcmdcmd.exeAdded by the ADCLICK-DS TROJAN!No
Nhpcmpmgrhpcmpmgr.exeChecks the internet for updated drivers/utilities for your HP product - update manually. Disabling will remove the error "Windows can't shutdown the computer because hpcmpmgr.exe can't be ended"No
UHPDAgentHPDAgent.exeLoads Hide and Protect any Drives - which allows you to "Protect Hard drive, CD, DVD, floppy and flash, and deny access to partitions of your hard drives. Stop unauthorized software installations and data leak by removable media". If disabled, hidden and locked drives still retain their original status so the user will only be able to change their status them via the main UIYes
Xhpdeskjethpdeskjet.exeAdded by the GENOME.AQUV TROJAN!No
UHPDJ Taskbar Utilityhpztsb01.exeHP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printerNo
UHPDJ Taskbar Utilityhpztsb02.exeHP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printerNo
UHPDJ Taskbar Utilityhpztsb04.exeHP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printerNo
UHPDJ Taskbar Utilityhpztsb05.exeHP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printerNo
UHPDJ Taskbar Utilityhpztsb07.exeHP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printerNo
UHPDJ Taskbar Utilityhpztsb09.exeHP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printerNo
UHPDJ Taskbar Utilityhpztsb06.exeHP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printerNo
UHPDJ Taskbar Utilityhpztsb08.exeHP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printerNo
UHPDJ Taskbar Utilityhpztsb03.exeHP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printerNo
UHPDJ Taskbar Utilityhpztsb10.exeHP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printerNo
UHPDJ Taskbar Utilityhpztsb11.exeHP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printerNo
UHPDJ Taskbar Utilityhpztsb12.exeHP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printerNo
UHPDJ Taskbar Utilityhpztsb13.exeHP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printerNo
Nhpfschedhpfsched.exeHPFSCHED is a small TSR that will remind you to clean the cartridges in your DeskJet from time to time in order to keep print quality high. It can be removed from the run line in win.ini if you do not want that featureNo
UHPGamesActiveMenuActiveMenu.exeWild Tangent demo games that come with some HP computers. Unchecking it can prevent the games from running occasionally. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the caseNo
Nhpgs2wndhpgs2wnd.exeShare-to-Web - HP-created software and Internet-based application that enables easy uploading and sharing of photos via affiliated photo-sharing Web sites. Available via Start → ProgramsNo
UHpha1monHpha1mon.exeSupports the memory card reader on some HP Photosmart and AIO (all-in-one) printers - displaying a System Tray icon for the drive and allowing you to transfer files directly via the SAVE button. This verison is applicable for version 2.0 to 2.3 drivers - see here. Known to cause 100% CPU load in some cases. Only needed if you use this featureNo
UHpha2monHpha2mon.exeSupports the memory card reader on some HP Photosmart and AIO (all-in-one) printers - displaying a System Tray icon for the drive and allowing you to transfer files directly via the SAVE button. This verison is applicable for version 3.1 to 3.2 drivers - see here. Known to cause 100% CPU load in some cases. Only needed if you use this featureNo
UHpha3monHpha3mon.exeSupports the memory card reader on some HP Photosmart and AIO (all-in-one) printers - displaying a System Tray icon for the drive and allowing you to transfer files directly via the SAVE button. This verison is applicable for version 3.3.138 to 3.4.13 drivers - see here. Known to cause 100% CPU load in some cases. Only needed if you use this featureNo
UHPHmon03hphmon03.exeSupports the memory card reader on some HP Photosmart and AIO (all-in-one) printers - displaying a System Tray icon for the drive and allowing you to transfer files directly via the SAVE button. Known to cause 100% CPU load in some cases. Only needed if you use this featureNo
UHPHmon04hphmon04.exeSupports the memory card reader on some HP Photosmart and AIO (all-in-one) printers - displaying a System Tray icon for the drive and allowing you to transfer files directly via the SAVE button. This verison is applicable for version 4.0 to 4.2 drivers - see here. Known to cause 100% CPU load in some cases. Only needed if you use this featureNo
Uhphmon05hphmon05.exeSupports the memory card reader on some HP Photosmart and AIO (all-in-one) printers - displaying a System Tray icon for the drive and allowing you to transfer files directly via the SAVE button. This verison is applicable for version 5.0 to 5.3 drivers - see here. Known to cause 100% CPU load in some cases. Only needed if you use this featureNo
UHPHmon06hphmon06.exeSupports the memory card reader on some HP Photosmart and AIO (all-in-one) printers - displaying a System Tray icon for the drive and allowing you to transfer files directly via the SAVE button. This verison is applicable for version 6.0 drivers - see here. Known to cause 100% CPU load in some cases. Only needed if you use this featureNo
XHphomehphome.jsHomepage hijackerNo
NHPHUPD04hphupd04.exeHP software update checker and wizard launcher. Available via Start -> ProgramsNo
NHPHUPD05hphupd05.exeHP software update checker and wizard launcher. Available via Start -> ProgramsNo
NHPHUPD06hphupd06.exeHP software update checker and wizard launcher. Available via the Start menuNo
NHPHUPD07hphupd07.exeHP software update checker and wizard launcher. Available via Start -> ProgramsNo
NHPHUPD08hphupd08.exeHP software update checker and wizard launcher. Available via Start -> ProgramsNo
?hpjsiroutehpjsira.exeRelated to HP laserjet printers and IP addresses. An IP address is appended to the name field - ie "hpjsiroute192.168.1.2"No
XHPl Serviceshmlsvc32.exeAdded by the AGOBOT-SI WORM and variants!No
YHpLampHPLAMP.EXEHP Scanner Utility that controls your scanners light bulb. Needed if it's switched onNo
Uhplampchplampc.exeHP Scanner Lamp Utility - fixes an issue with the scanner lamp not going offNo
UHPLaptopGamesActiveMenuActiveMenu.exeWild Tangent demo games that come with some HP computers. Unchecking it can prevent the games from running occasionally. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the caseNo
YHPLJ ConfigSetConfig.exeConnects system to networked HP printer.No
UHPLogiFinderhp_finder.exeHP LogiFinder helps detect and allows the use of the centre button for the Logitech mouse. Can be disabled if not usedNo
UHpMmKbdHpMmKbd.exeHP's multimedia keyboard driver which enables the end-user to use the automation features of the HP multimedia keyboardNo
UHPMVTrayHPMVTray.exeHP Media Vault Networked Storage Device - System Tray management utilityNo
XHPNThpdll.exeMalware downloader - detected by Kaspersky as the VB.KU TROJAN!No
Nhpodbliahpodblia.exeHP OfficeJet Scan Button Monitor on a multi-function printer/copier/scanner. Start your scanning software manuallyNo
Nhpoddt01.exeN/AInstalled by the "HP Photo and Imaging Director" software. If you ask for the imaging software, this program will be startedNo
Uhpoddt01.exehpotdd01.exeDetection of new imaging, printing and other peripherals on HP machines such as USB printers, cameras and Bluetooth productsNo
Nhpodlb08hpodlb08.exeHP OfficeJet Scan Button Monitor on a multi-function printer/copier/scanner. Start your scanning software manuallyNo
Yhpppthpppt.exeRelated to the drivers for HP ScanJet scannersNo
YhppptaHPPPTA.exeHP parallel port driver for certain hardwareNo
XHpPrinterhpserver.exeAdded by the CMJSPY-W TROJAN!No
NHPPROPTYHPPROPTY.EXEHP LaserJet ToolboxNo
UHPPWRSAVHPPWRSAV.EXEPower save related for HP Scanners. Many users have complained of system freezes with it running but it stops the light from remaining on all the time. Try www.hp.com, pick your OS option under the SUPPORT tab, follow the instructions and you will find an updated lamp control patchNo
?hpqcmonhpqcmon.exeFrom HP and related to digital imagingNo
?hpqSRMonhpqSRMon.exeRelated to HP Digital Imaging products. What does it do and is it required?No
UHPSCANMonitorhpsjvxd.exeHP scanning software that enables you to scan images from your scanner. Needed if you're using the scannerNo
?hpScannerFirstBootscannerfb.exeHP scanner relatedNo
XhpSdwxmarkGaddw.exeAdded by the SDBOT-RB WORM!No
Nhpsjbmgrhpsjbmgr.exeHP ScanJet Button Manager. It allows users of the HPScanJet scanners to indicate what the buttons on the scanner will do automatically if pushed. Not required at startup, unless the scanner is used every day, such as in a business environmentNo
NHPStarthpstart.wsfThis a script used by HP that runs the first time one of their computers is started. Can't imagine why it would be starting up after the first bootNo
Xhpsysconf1[random filename]Added by a variant of the VIVIA.A TROJAN!No
Uhpsysdrvhpsysdrv.exeThis item keeps track of how many times the system has been recovered and the times of the first and last recoveries done on the system. Leaving unchecked will sometimes prevent the Keyboard Manager program from detecting that the computer is an HP. Since this program/driver was only made to run on HP, if it can't tell that it is an HP it will not run. If unchecked, it can prevent the running of the Application Recovery CDs, the use of the multimedia keys, and the HP Instant Support. Also seen that without it running, the Riptide Sound card that was installed on some older HP computers stops workingNo
Xhptoolshptools.exeAdded by a variant of the SDBOT WORM!No
Xhptoolsmicrosoft.exeAdded by a variant of the SDBOT WORM!No
NHPUProvenTactics.exeProven Internet Marketing softwareNo
UhpWirelessAssistantHP Wireless Assistant.exeThe HP Wireless Assistant is a user application that provides a way to control the enablement of individual wireless devices (such as Bluetooth or WLAN devices) and that shows the state of the radios for these wireless devicesNo
UhpWirelessAssistantHPWAMain.exeWireless application bundled with HP computers that allows you to control different settings on the computer's wireless devices such as Bluetooth and WLANNo
NHPZTS04hpzts04.exeHewlett Packard printer toolbox shortcut that resides in the system trayNo
Uhpztsb02hpztsb02.exeHP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printerNo
Uhpztsb04hpztsb04.exeHP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printerNo
Uhpztsb05hpztsb05.exeHP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printerNo
Uhpztsb07hpztsb07.exeHP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer No
Uhpztsb09hpztsb09.exeHP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printerNo
Uhpztsbolhpztsbol.exeHP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printerNo
NHP_dladlatray.exeOn HP PCs, tray icon for dla - which provides drive letter access to HP's and Veritas' version of DirectCDNo
XHP_runnerfront.exeAdded by the SILLYFDC WORM!No
XHQI Serviceshqisvc32.exeAdded by the AGOBOT-RO WORM!No
XHQI Serviceshqlsvc32.exeAdded by the AGOBOT-RP WORM!No
Nhqtrayhqtray.exeVMware Host Network Access Status Tray Application - part of both VMware Player (from version 2.0) and Workstation (until version 6.5) - which allow you to "run multiple operating systems simultaneously on a single PC." It's function is uknown at present and it displays no tray icon as the name suggests. Can be disabled without affecting the operation of either productYes
UHRHr.exeHiddenRecorder periodically takes screenshots of the computer. If you didn't install this yourself remove itNo
UHREF.OCXregsvr32.exe ....HREF.OCXHREF.OCX is an ActiveX control developed by xFX JumpStart and used to provide HTML-alike clickable links on Windows-based programs such as PopUpKillerNo
Xhriiexpl0re.exeAdded by the DLOADER.MAQ TROJAN! Note the number "0" in the filenameNo
XHrn_qtvhrnsvc32.exeAdded by the SDBOT-AET WORM!No
XHservicemsservice.exeAdded by the AUTORUN-KL WORM!No
Xhsimisearch.exeUnidentified malwareNo
Xhsimsexgame.exeUnidentified malwareNo
Xhsimtoolbar.exeUnidentified malwareNo
UHSLAB Loggerlogger.exeHSLABLogger logs user activity and Internet activity. The gathered information can be sent to a predetermined email address. If you didn't install this yourself uninstall itNo
UHSONHSON.exeToshiba HotStart button support for instant-on entertainment on their laptopsNo
UHSTranshstrans.exeHomescan Internet Transporter - part of ACNielson Homescan. Recognizes when the ACNielsen Homescan Scanner is attached to the computer and allows it to transmit scanner information to ACNielsenNo
?HsuGuiControlHsuGuiControl.exePart of the Starband Internet satellite client. What does it do and is it required?No
UhsysHSYS.EXEKeylogger Express keystroke logger/monitoring program - remove unless you installed it yourself!No
UHtinpdor.exeAppears in startup if you have chosen to participate in on survey by NPD Online Research. Required for the survey to work correctly. Otherwise not requiredNo
XHTML Help Systemhhs.pifAdded by the RBOT-ATB WORM!No
XHTML32 Help Systemhhs32.pifAdded by the RBOT-ATE WORM!No
UHTpatchhtpatch.exeHTpatch.exe is part of the SiS AGP patch - BUT unless your processor (and motherboard) supports HyperThreading (HT) and this feature is enabled it will actually SLOW your graphics card by around 6%No
XHtProtectAVprotect.exeAdded by the NETSKY.L WORM!No
Xhtssv32.exehtssv32.exeAdded by a variant of the SDBOT TROJAN!No
XHTTP Tunneling Servermstunnel.exeAdded by the RBOT.EDL WORM!No
Xhttp://www.lienvandekelder.beLienVandeKelder.exeAdded by the MYTOB-AZ WORM!No
Xhttp://www.lienvandekelder.beLien Van de Kelder.exeAdded by the MYTOB-AP WORM and variants!No
Xhttp://www.lienvandekelder.beLien Vande Kelder.exeAdded by the MYTOB-AQ WORM!No
Xhttp://www.lienvandekelder.beLien vd Kelder.exeAdded by the MYTOB-M WORM!No
Xhttp://www.lienvandekelder.beLien.exeAdded by the MYTOB-CZ WORM!No
Xhttp://www.lienvandekelder.beLientjeuh.exeAdded by the MYTOB-P WORM!No
Xhttp://www.lienvandekelder.beLienVdK.exeAdded by the MYTOB-U WORM!No
Xhttp://www.lienvandekelder.beVan de Kelder Lien.exeAdded by the MYTOB-BF WORM!No
Xhttp://www.lienvandekelder.beWe Love Lien Van de Kelder.exeAdded by the MYTOB-CV WORM!No
Xhttp://www.lienvandekelder.comLien Van de Kelder.exeAdded by the MYTOB-EQ WORM!No
Xhttp://www.lienvandekelder.com/LienVandeKelder.exeAdded by the MYTOB-EO WORM!No
Xhttpdc_pan.exeAdded by a variant of the DELF-A TROJAN!No
Xhttpddeamon.exeAdded by the TACTSLAY.C TROJAN!No
Xhttpdmsgaol.exeAdded by the TACTSLAY.C TROJAN!No
Xhttpds_menu.exeAdded by the TACTSLAY.C TROJAN!No
Xhttpdbrowse.exeAdded by the TACTSLAY.C TROJAN!No
Xhttpddeamon.exeAdded by the TACTSLAY.C TROJAN!No
Xhttps-sslhttps.exeAdded by the MOEGA.D WORM!No
UHughesNet Toolsmatcli.exe"matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". HughesNet Tools is required to run with the Help and Support program. If you uncheck HughesNet Tools and then run Help and Support it will add another HughesNet Tools in the startup menu. If you remove the HughesNet Tools in the add/remove program some help menus in help and support will not be available. You decideNo
?huhdirhuhdir.exe??No
XhuigeziHgzServer.exeAdded by the GRAYBIRD.C TROJAN!No
XhuigeziSP00LSV.EXEAdded by the GRAYBIRD.J BACKDOOR! Note the digit "0" in the commandNo
XHvewsveqmgANACON.EXEAdded by the NACO.A WORM!No
XHvidHvid.exeAdded by the GEMA TROJAN!No
XHWINFO*HWINFO*Added by the PUROL WORM! where * is a random characterNo
YHWinstN/AFor Gilat Communications internet satellite systems. Gilat rescue (Satellite system restore). Required if you have this system. Can cause a BSOD (blue screen of death) if left outNo
XHwpsystem_wc.exeEziin adwareNo
Xhwshws.exeAdded by the STARTPA-CT TROJAN!No
UHWSetupHWSetup.exe hwSetUP"Toshiba Hardware Setup is the Toshiba configuration management tool available through Windows." Allows the user to change BIOS, hard disk, memory, boot disk priority and other settingsNo
Xhxadsec[path to trojan]Added by the ADCLICK-AP TROJAN!No
XHXDL.EXEHXDL.EXEAttune HelpExpress - spyware. Disable and uninstall - see hereNo
XHXIUL.EXEHXIUL.EXEAttune HelpExpress - spyware. Disable and uninstall - see hereNo
UHydarVisionDesktopManagerdesk95.exeATI's HydraVision desktop management software, allowing for multi-monitor support, as included in ATI HydraVision versions 2.5 and earlier. Has been reported to cause problems, such as this one. HydraVision can be uninstalled through Add/Remove ProgramsNo
UHydraDMHydraDM.exePart of HYDRAVISION - ATI's software for managing mutliple displays and virtual desktops. This is the HYDRAVISION Desktop Manager - which "customizes the behaviour of windows and dialog boxes, allows you to set up Hotkeys for navigation in multiple display configurations and applies special effects like transparency and shadows to you desktop"Yes
UHydraMDHydraMD.exePart of HYDRAVISION - ATI's software for managing mutliple displays and virtual desktops. This is HYDRAVISION MultiDesk - which "creates, organizes and arranges up to nine active multi-monitor desktop combinations and allows you to cycle between them with a mouse." There is an optional System Tray icon or a hotkey can be configured to cycle through the desktopsYes
UHydraVisionDesktopManagerdesk98.exeATI/Appian HydraVision Desktop Manager software - monitors and regulates window and dialog box placement according to user preferences when using a multi monitor setupNo
UHydraVisionDesktopManagerHydraDM.exePart of HYDRAVISION - ATI's software for managing mutliple displays and virtual desktops. This is the HYDRAVISION Desktop Manager - which "customizes the behaviour of windows and dialog boxes, allows you to set up Hotkeys for navigation in multiple display configurations and applies special effects like transparency and shadows to you desktop"Yes
UHydraVisionViewportviewport.exeATI/Appian HydraVision Desktop Manager software - monitors and regulates window and dialog box placement according to user preferences when using a multi monitor setupNo
UHydraVisionViewPortHydraMD.exePart of HYDRAVISION - ATI's software for managing mutliple displays and virtual desktops. This is HYDRAVISION MultiDesk - which "creates, organizes and arranges up to nine active multi-monitor desktop combinations and allows you to cycle between them with a mouse." There is an optional System Tray icon or a hotkey can be configured to cycle through the desktopsYes
XHyper Filesphfhost.exeAdded by the AGENT-JQO TROJAN!No
XHyper Startinstantmsgrs.exeAdded by the RBOT-NH WORM! No
XI am not Ranky. I am eTunnel!msyervice.exeAdded by an unidentified WORM or TROJAN!No
XI am not Ranky. I am eTunnel!winsys.exeAdded by an unidentified WORM or TROJAN!No
XI am not Ranky. I am eTunnel!disney.exeAdded by an unidentified WORM or TROJAN!No
XI just want to say I love Milko and I need a drinksvchost.exeAdded by the CHIKO WORM! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in Documents and Settings\Administrator\Local Settings\Application DataNo
XI-Worm.GiGuuGiG.eXeAdded by the GINK WORM!No
XI/O Controllerssvcnet.exeAdded by the TIBIK-B TROJAN!No
XI386I386.exeAdded by the MYPOWER WORM!No
?I81SHELLI81SHELL.exeAppears to be related to drivers for an Intel 810 graphics chipset on an ASUS motherboardNo
Ui8kfanguii8kfangui.exeGraphical interface for fan speed controlNo
UIAAnotifIaanotif.exePart of Intel® Matrix Storage Manager (formally known as Intel® Application Accelerator and Intel® Application Accelerator RAID Edition). Used in conjunction with the event monitor service (IAANTMON - Iaantmon.exe) to display event notifications (such as RAID volume status changes, HDD I/O errors or HDD SMART event) via a System Tray icon when an event occurs. Via this icon you can then choose to launch the Intel Matrix Storage Console or ignore the current alertYes
Yiamappiamapp.exeAtGuard personal firewall engine. As Atguard was bought by Symantec some time ago, it's now the Norton Personal Firewall executable as wellNo
XIamnacho On Irc.MusIrc.com Is a Homosexual!XBox64.exeAdded by the RANDEX.Y WORM!No
?IaNvSrvIaNvSrv.exeRelated to the option ROM part of the Intel® Matrix Storage Manager. Located in %ProgramFiles%\Intel\Intel Matrix Storage Manager\OROM\aNvSrv. What does it do and is it required?No
?Iapiap.exePossibly part of Dell OpenManage Client Instrumentation - software that allows remote management application programs to access information about, monitor the status of or change the state of the client computer, such as shutting it down remotely?No
Uiasias.exeInvisibleASpy keystroke logger/monitoring program - remove unless you installed it yourself!No
XIASHLPRIASHLPR.EXEAdded by the OPASERV.T WORM!No
Xibin[path to trojan]Added by the PERDA-C TROJAN!No
Xibmibm.exeAdded by the LEGMIR-AH TROJAN!No
YIBM Client Securitycerttool.exePart of Client Security Software for IBM\Lenovo notebooks. If you have configured the software via the associated wizard this will need to be running if you want to mount password protected areas of the disk (created with SafeGuard PrivateDisk), use the password manager or file/folder encryption optionsYes
NIBM Client Security Softwarecsecwiz.exeSetup wizard for the Client Security Software for IBM\Lenovo notebooks. This entry only runs once, after the software has been installed and the notebook rebooted for the first time. If the wizard isn't completed a shortcut is available via the Start menu until it isYes
XIBM Keyboard Driverikeybdrv.exeAdded by the SDBOT.IC TROJAN!No
YIBM Password Managerpwmgr.exePart of Client Security Software for IBM\Lenovo notebooks - IBM® Client Security Password Manager "enables you to manage your sensitive and easy-to-forget login information, such as user IDs, passwords, and other personal information, with IBM Client Security. The IBM Client Security Password Manager stores all information through the IBM Security Chip so that your UVM user authentication policy controls access to your secure applications and Web sites." Can also be used with or without the Fingerprint Reader on select modelsYes
NIBM RecordNow!RecordNow.exeIBM customized version of the RecordNow! CD-writing utility from Sonic SolutionsYes
UIBM ThinkPad EasyEject Support ApplicationEzEjMnAp.ExeEasyEject Utility for IBM/Lenovo Thinkpad notebooks. Quote: "The IBM ThinkPad EasyEject Utility makes removing multiple devices from your computer faster and easier by enabling you to stop more than one device at once, rather than stopping each device individually." Configuration and performing of EasyEject actions is available via Fn+F9 key combination on some modelsYes
NIBM ThinkPad EasyEject Tray UtilityEZEJTRAY.EXESystem Tray access to the EasyEject Utility for IBM/Lenovo Thinkpad notebooks. Quote: "The IBM ThinkPad EasyEject Utility makes removing multiple devices from your computer faster and easier by enabling you to stop more than one device at once, rather than stopping each device individually." Configuration and performing of EasyEject actions is available via Fn+F9 key combination on some modelsYes
NIBM ThinkPad Tray UtilityTP98TRAY.EXESystem Tray access to the ThinkPad Configuration utility for IBM/Lenovo ThinkPad notebooks. "The ThinkPad Configuration utility is a control center to configure your ThinkPad hardware. With this utility, you can setup or change your device configurations for ThinkPad hardware and options"Yes
UIBM ThinkPad UtilityNPDTray.exeSystem Tray access to Presentation Director for IBM/Lenovo Thinkpad notebooks - which allows you to create and quickly select between various single and mulitple display options. Scheme selection and settings are also available via Fn+F7 key combination on some modelsYes
UIBM TrackPoint Accessibility Featurestp4ex.exeSupports accessibility features for the TrackPoint stick and associated buttons on IBM/Lenovo ThinkPad notebooks. If features such as "Click Sound", "Button Lock" and "Cross Hair cursor" are enabled this entry will run at startup. If none of the accessibility features are used it remains as a startup entry but doesn't runYes
?IBM Warranty NotificationERTS0749.exeIBM Warranty Notification - presumably it's a reminder to either register or that warranty is about to expire?No
Nibmmessagesibmmessages.exe"The Access IBM Message Center displays messages to inform you about helpful software that may be pre-installed on your PC. The Message Center can also provide messages about new updates available from the IBM Support Center to keep your computer current"Yes
?Ibmmon.exeIbmmon.exe??No
UIbmpmsvcibmpmsvc.exePower management driver for IBM laptops. Provides support for the use of four keys on the thinkpad keyboard with blue key tops - Fn, F3, F4 & F12 - which have specific functions to control the standby and hibernate buttons. Not required if you don't plan to go into standy or hibernate modesNo
?IBMPRCibmprc.exeIBM application - what does it do and is it required?No
UIBMUltraBayHotSwapCPLLoaderIBMBAY2N.EXESupports hot swapping in Thinkpad UltraBay Option on IBM ThinkPad laptopsNo
?IBMUltraBayHotSwapSoundIBMBAYSN.EXESupports hot swapping in Thinkpad UltraBay Option on IBM ThinkPad laptops. Is it needed though - does it just play a sound?No
YIBM_PWMGRpwmgr.exePart of Client Security Software for IBM\Lenovo notebooks - IBM® Client Security Password Manager "enables you to manage your sensitive and easy-to-forget login information, such as user IDs, passwords, and other personal information, with IBM Client Security. The IBM Client Security Password Manager stores all information through the IBM Security Chip so that your UVM user authentication policy controls access to your secure applications and Web sites." Can also be used with or without the Fingerprint Reader on select modelsYes
XIbsibs.exeAdded by the HIDEDIAL-B TROJAN!No
UIBWin Background processIBackground.exeIBackup for WindowsNo
UIBWin MonitorIBMonitor.exeIBackup for WindowsNo
YIcaBaricabar.exeRelated to Citrix MetaFrameNo
UiCalendarCalendar.exeOlder version of Desktop iCalendar/Desktop iCalendar Lite by Desksware which include support for Google Calendar and add weather, tasks and appointments to your desktopYes
XicasServicasServ.exeBrowser hijacker, redirecting to Searchforfree.info. Also detected as the ICASERV-A TROJAN!No
Xicccomp[8 random letters].exeAdded by the ZHELATIN.EQ WORM!No
XICcontroliccontrol.exeICcontrol premium rate adult content dialerNo
Xicdd7ee6rundll32.exe icdd7ee6.dll,EnableRunDLL32LZIO.com adware downloader. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "icdd7ee6.dll" file is found in %System%No
Xicddefffrundll32.exe icddefff.dll,EnableRunDLL32LZIO.com adware downloader. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "icddefff.dll" file is found in %System%No
YICFmfp.exeMcAfee Family Protection - which 'is easy-to-use and built to empower parents to say "yes" to their children's online interests while protecting them as they learn and explore' and "protects children of all ages from exposure to inappropriate content, social networking risks, strangers, and other threats"Yes
NICH Syntheusexe.exeSound related and can be disabled without affecting performance although advanced sound features may be sacrificed. May be related to Compaq PC's with "SoundMAX integrated Digital Audio" (Analog Devices Inc.) devicesNo
Xicifatiyujixit.exeAdded by the SDBOT.ZZH WORM!No
UiCleaniClean.exeIEClean - "advanced, comprehensive package of tools which perform a number of functions to allow you to control your online privacy"No
UICMICM.EXEStarts Internet Call Manager dialog box and/or taskbar icons at bootup. This is a subscription program from internetcallmanager.com that monitors a dialup phone line for incoming calls and handles voicemailNo
XICManagementmsic32.exeAdded by the MSIC BACKDOOR!No
NiCnNAG.EXEiChoose - shopping browser enhancement that alerts you to cheaper deals for goods you want to buy, if they exist. Not related to the Mac icon program of the same nameNo
UICOICO.EXEFound on some Sony Vaio, IBM Thinkpad and Dell (and possibly other) laptops and seems to be related to Mouse Suite 98 Daemon according to the properties. Required on the Dell Inspirion 530 as without it the Dell mouse suite does not load and mouse settings are not retained on a reboot. Appears to cause a behaviour where the desktop suddenly flips back up when playing DirectX associated gamesNo
NIcon AnimationHDE.EXEPart of McAfee Nuts & Bolts. Provides entertaining animation of your desktop iconsNo
NIcon Hearit 95hearit95.exeAudio desktop customization utility from Moon Valley Software. Resource hogNo
NIcon Hearit 98hearit98.exeAudio desktop customization utility from Moon Valley Software. Resource hogNo
XIcon lptt01icon.exeRapidBlaster variant (in a "Icon" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see hereNo
XIcon ml097eicon.exeRapidBlaster variant (in a "Icon" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see hereNo
Yiconcacheicon.batRelated to the Vista Customization PackNo
YICONCLNTiconclnt.exeAPC PowerChute® Personal Edition tray iconNo
UICONDESKICONDESK.EXESmall utility which will allow you the option of hiding or showing your desktop iconsNo
NIconfig.exeIconfig.exeIcon for LS-120 "Superdisk"No
XiConfigLoaderDIIhost.exeAdded by the GAOBOT.AO WORM!No
NIconoidIconoid.exeIconoid is a desktop icon managerNo
NIconsaverIconsaver.exeIconSaver is a desktop icon managerNo
XICQICQNET.vbsAdded by the GORMLEZ-A WORM!No
XICQsyscdd2.exeAdded by the SDBOT-ON BACKDOOR!No
XICQ Agenticq6.exeAdded by the AGENT-FZJ TROJAN!No
XICQ Center[path to worm]Added by the RANDIN WORM!No
XICQ Chat Serviceicqjdhs.exeAdded by a variant of the RBOT WORM!No
XICQ Hacking ProICQpro.exeAdded by a variant of the NETSPY TROJAN!No
NICQ LiteICQLite.exeICQ Lite - compact version of the popular messaging programNo
Xicq litescvhost.exeAdded by the AGENT-DSF TROJAN!No
Xicq litewinlog.exeAdded by the IRCBOT-TJ TROJAN!No
XICQ Lite MessengerICQLITE.EXEAdded by an unidentified VIRUS, WORM or TROJAN! The legitimate ICQ Lite executable is located in %ProgramFiles%\ICQLITE whereas this one is located in %System%No
XICQ Messenger 2002ICQ2002.exeAdded by the SDBOT-ABL WORM!No
XICQ Netwinlogon.exeAdded by variants of the NETSKY WORMS! Note - this is not the legitimate winlogon.exe process which should not appear in Msconfig/Startup!No
NICQ Plusvplus.exeICQ Plus is a freeware utility makes your ICQ skinnable (change the look). Available via Start -> ProgramsNo
XIcqBetawebcamupdate.exeAdded by an unidentified TROJAN!No
UICQMonitorICQMonitor.exeICQ Monitor Sniffer surveillance software for the ICQ instant messenger. Uninstall this software unless you put it there yourselfNo
XICQMsn[path to trojan]Added by the RANCK-AH TROJAN! The most common example is "cbfks.exe" located in %System%No
XICQNetwinlogon.exeAdded by the NETSKY-C WORM! Note - this is not the legitimate winlogon.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
Xicrosof Avps32 Controlav32.pifAdded by the RBOT-AVC WORM!No
Xicrosoft Visualplscx.exeAdded by the RBOT-AYO WORM!No
Xicrosoft Visual InterDevczvslmqb.exeAdded by the RBOT-AYP WORM!No
Xicrosoft Windows DLL Services Configurationpoker3.exeAdded by the SDBOT-AER WORM!No
Xicrosoftf Avpx Controlavpx.exeAdded by the RBOT-AYN WORM!No
UICSDCLTrundll32.exe Icsdclt.dll, ICSClientInternet Connection Sharing allows more than one computer to simultaneously access the internet with a single connection. Also required when networking two machinesNo
NICServerIcserver.exeIntel Intercast viewer software. Gives access to selected internet pages which are broadcasted by several TV stationsNo
YICSMGRICSMGR.EXEMonitors DNS and DHCP requests for ICS (Internet Connection Sharing). Needed if you're sharing the internet on various computersNo
XICU-SuckerService32.exeAdded by the ILLNOTIFIER.D TROJAN!No
NIC_KEY_3spvic.exeInstant Chess relatedNo
NID CommanderIDCom.exeCaller ID utility for identifying incoming telephone numbersNo
XID8525ID8525.exeAdded by the ID8525.A TROJAN!No
XID8525id85255.exeAdded by the ID8525.A TROJAN!No
?IDAIDA.EXEPart of HP's PC Common Operating Environment (PC COE) project. Located in %ProgramFiles%\Hewlett-Packard\PC COE. What does it do and is it required?No
XIDEide.exeAdded by the ASSASIN.F TROJAN!No
XIDE LoaderIDElibr32.exeAdded by the XILON TROJAN! Related to the game "Diablo II"No
Xidecntlidecntl.exeAdded by a variant of the CRYPTER.C TROJAN!No
UiDesktopidesktop.exeImmersion TouchWare Desktop software for devices such as the Logitech iFeel MouseNo
Xidlesam[8 random letters].exeAdded by the ZHELATIN.EQ WORM!No
NIDManIDMan.exeInternet Download Manager - download files faster, schedule and resumeNo
Xidmlssp[random filename]Added by a variant of the SLAPER TROJAN!No
UIDriveE StartupIDrvieEStartup.exeIDrive from Pro Softnet Corporation - free full featured online backup up to 2GB with the option of paying for more storage space and managing multiple accountsNo
XIDTemplatesIDTemplate.exeAdded by the BRONTOK-H WORM!No
NIDW Logging Toolidwlog.exeAdded with WinXP SP1. Usually only found in internal builds only to indicate the current build being used. Can cause slow network logon problemsNo
XIE configureexplorer.exeAdded by the LINEAGE-C TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually!No
UIE DoctorIEDoctor.exeIE Doctor Toolbar - "IE Doctor can help you to Repair IE easily, protect IE and OE from all malicious changes. It can Repair the HomePage, context menu, IE toolbar button, startup items, Favorites, typed URLs and the entire Internet Options"No
XIE Java Updateiejava.exeAdded by the AGENT-HD TROJAN!No
XIE Menu Extension toolbarrundll32.exe [path] tbextn.dll DllShowTBTopconverting.com/180Search "IEMenuExtension" toolbar. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
UIE New Window Maximizeriemaximizer.exeIE New Window Maximizer - automatically maximize new Internet Explorer and Outlook Express windowsNo
XIE Runtimewini.exeAdded by the PICRATE.B WORM!No
XIE Runtimewinlogo.exeAdded by the RBOT-AMJ WORM!No
XIE Runtimeswinis.exeAdded by the RBOT-ADZ TROJAN!No
XIE**.exe [* = random char]IE**.exe [* = random char]CoolWebSearch/HomeSearch adware - for examples, see this logNo
XIE**32.exe [* = random char]IE**32.exe [* = random char]CoolWebSearch/HomeSearch adware - for examples, see this logNo
XIE-Bariebar.exeDesktopMedia adwareNo
XIE-Securityiescan.exeIE-Security rogue spyware remover - not recommended, removal instructions hereNo
XIE-Securitywdscan.exeIE-Security rogue spyware remover - not recommended, removal instructions hereNo
XIE6wkstmg.exeAdded by a variant of the SDBOT WORM!No
XIE6ssmss.exeAdded by the GAOBOT.DXO WORM!No
XIE6porn.pifAdded by the RBOT-ATF WORM!No
XIE6winsnt.exeAdded by the RBOT-GOV WORM!No
XIEACCESStemp532.exeAsdPlug premium rate adult content dialer variantNo
XIEACCESSsurfya.exeIEAccess premium rate adult content dialer variantNo
XIEAgent update checkiewatch.exeAdded by the BOMKA TROJAN!No
XIECacheIECache.exeDetected by Bitdefender as the DELF.OFC TROJAN! See hereNo
Niecheckiecheck.exeIntegrity checker for IconEdit2 icon editor. It serves for IconEdit2 internal tasks only and can be safely deleted from the system if you are running the latest version of IconEdit2No
XIECheckMSDTCs.exeAdded by the TIRBOT-D WORM!No
XIECheckxpssl.exeAdded by the TIRBOT-E WORM!No
XIECheckmssvp.exeAdded by the TIRBOT-G WORM!No
UIECleanAuxIeboot6.exeIEClean by Kevin McAleavy - cookie manager, cache cleaner, history cleaner, etc. Performs cleaning tasks at startupNo
Xiedlliedll.exeHomepage hijacker, redirecting to coolwwwsearch.comNo
XIEDriverIEDriver.exeIEDriver adware. Can be installed as part of peer-to-peer file sharing software called URLBlazeNo
XIEDriverxplore.exeIeDriver adware variantNo
XIEDriverTD.exeIeDriver adware variantNo
Xiedwa104iedwa104.exeAdded by the DLOADR-BBW TROJAN!No
XIEengineIEeng.exeSTARTPAG.AI hijackerNo
XIEexplorer AUpdateIEexplore32.exeAdded by the RBOT-GRE WORM!No
XIEFeaturesIEFeatures.exeAdded by the POPMON.A TROJAN! - also known as PopMonster adwareNo
XIEFeaturesInternetfeatures.exeAdded by the POPMON.A TROJAN! - also known as PopMonster adwareNo
XIefxTrayIefxTray.exeAdded by the RILER-H TROJAN!No
Xieharv.exeieharv.exeAdded by the BANKER-HH TROJAN!No
XIehelpersyslaunch.exeOutwar adware downloaderNo
Xiel2cde8rundll32.exe iel2cde8.dll,EnableRunDLL32LZIO.com adware downloader. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "iel2cde8.dll" file is found in %System%No
Xielcaaberundll32.exe ielcaabe.dll,EnableRunDLL32LZIO.com adware downloader. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "ielcaabe.dll" file is found in %System%No
XIELoader32iexplore32.exeAdded by the SPEX or SPEX.B WORMS!No
XIesarIesar.exeBrowser hijacker - redirecting to an adult web pageNo
XIesearch.exeIesearch.exeLookNSearch adwareNo
UIEServerIEServer.exeHB Screen Spy surveillance software. Uninstall this software unless you put it there yourselfNo
XIESetIExplorer.dllAdded by the PWS-BLUEDIT TROJAN!No
Xiesetupi.exeiesetupi.exeAdded by a variant of the RBOT WORM!No
YIEShowIEShow.exeAnti-phishing component of BitDefender internet security products. Anti-phishing prevents sensitive data such as usernames, passwords and credit card details being acquired by web-sites and E-mails masquerading as a trustworthy sources. It can also be licensed by other products such as versions of The Shield Deluxe from PCSecurityShield (see here) - who's reputation is poorYes
Xiestartiexp1orer.exeAdded by the NEMOG.C TROJAN!No
Nietsrietsr.exeIEClean by Kevin McAleavy - cookie manager, cache cleaner, history cleaner, etcNo
XieupdateMCP****.exe [**** = random char]Added by the ASOXY TROJAN!No
Xieupdatemcpdll32.exeAdware downloader trojanNo
Xieupdate[random filename]Added by the AGENT-C BACKDOOR!No
Xieupdatesieupdates.exeAdded by a number of TROJANS such as DWNLDR-HGI and AGENT-HGA and the Antivirus 2009 rogue security software - see hereNo
XIEWinservwinserv.exeAdded by the BANKER-MY TROJAN!No
XIEXPL0RERIEXPL0RER.EXEAdded by the AGOBOT-QL WORM! Note the filename has a "0" rather than an upper case "o"No
Xiexploiexplor.exeAdded by the SIDEA TROJAN!No
XIExploersvshosts.exeAdded by the IRCBOT.BT TROJAN!No
XIexploitIexploit.htmlAdded by the INKER.B WORM!No
Xiexplor.exeiexplor.exeAdded by an unidentified WORM or TROJAN! See hereNo
XIexploreiexplore.exeAdded by the BOXER TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System%No
XIEXPLOREiexplore.exeAdded by the APHEXDOOR TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
XIExploreIEXPLORE.EXEAdded by the DLOADER-YZ TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in a "Custom" subfolderNo
XIEXPLOREIEXPLORE.EXEAdded by the BANKER-BWE TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System%No
XiExplore Iniie4uini.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XIexplore Servicesiexplore.exeAdded by the LITHIUM BACKDOOR! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup!No
XIEXPLORE.EXE[path to trojan]Added by the BANCOS-CJ TROJAN!No
XIEXPLORE.EXEgoot.exeAdded by the BIFROSE-C TROJAN!No
XIExplorerIexplor32.exeAdded by the BDOOR-BY BACKDOOR!No
XIExplorerIExplorer.EXEAdded by the BANCOS-CH TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe)No
XIEXPLORERmsiecfg.exeAdded by the BDOOR-JU BACKDOOR or BANCBAN-IP TROJAN!No
XIexplorerexplorer.exeAdded by the ZAPCHAS-AC TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%No
Xiexplorer lptt01iexplorer.exeRapidBlaster variant (in a "iexplorer" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see hereNo
Xiexplorer ml097eiexplorer.exeRapidBlaster variant (in a "iexplorer" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see hereNo
XIexplorer.exeIexplorer.exeAdded by the BANCBAN-EN TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe)No
XIExplorer32 Java ScriptingIExplore32b.exeAdded by the RBOT.ABO WORM!No
XIExplorer32c Java ScriptingIExplore32cb.exeAdded by the RBOT.ABN WORM!No
XIExplorer6 Java ScriptingIExplore326.exeAdded by a variant of the SDBOT WORM!No
XIExplorer7 Java ScriptingIExplore327.exeAdded by a variant of the SDBOT WORM!No
XIexplorerr.exeIexplorerr.exeAdded by the BANKER-EUT TROJAN! The file is located in %Windir%\Sun\Java\Deployment\logsNo
XIexplorerr.exeIexplorerr.exeAdded by the BANKER.AOVZ TROJAN! The file is located in %Windir%\msagent\gfNo
XIExplorerServiceWinSock.exeAdded by the AGENT.KIU TROJAN!No
XiExpresseriexpresser.exeAdded by the SLENFBOT.AP WORM!No
Xifpipf.exeAdded by the CLAGGER-AG TROJAN!No
Xifperx[random filename]Added by a variant of the SLAPER TROJAN!No
Xifperxxmliwvug.exeAdded by the SLAPER.U TROJAN!No
UIFSplash.exeIFSplash.exeI-FORCE driver for force feedback steering wheelNo
UIFXSPMGTifxspmgt.exePart of the Infineon Security Platform Software - which supports the on-board TPM security device included with some laptops from suppliers such as Acer, ASUS, HP and SonyNo
Xigamatuekor.exeAdded by the SDBOT.AQ TROJAN!No
Xigamatuatecaca.exeAdded by the IRCBOT.R WORM!No
Uigfxhkcmdhkcmd.exeHot Key handler for Intel desktop and mobile motherboard chipsets with integrated graphics. With this enabled, you can access settings like graphics properties and screen rotation via pre-programmed key combinations - such as CTRL+ALT+F12 which displays the graphics properties (otherwise available via a right-click on the desktop or the Control Panel). Different chipset versions may have different pre-programmed settings and in some cases these may be programmableYes
Uigfxpersigfxpers.exeInstalled with the graphics drivers for Intel desktop and mobile motherboard chipsets with integrated graphics. It's purpose or function isn't known at present but testing with it disabled would appear to indicate it isn't required - hence the recommended "U" statusYes
Xigfxtrassvchots.exeAdded by the AUTORUN-AIW WORM!No
UIgfxTrayigfxtray.exeSystem Tray access to display settings for Intel desktop and mobile motherboard chipsets with integrated graphics. With this enabled, you can access settings like graphics properties and hot key settings via the icon on the System Tray. Different chipset versions may have different options available. These options are normally also available via the system Control Panel - under Display (XP) or Personalization and Appearance (Vista)Yes
?IglpbvIglpbv.exe??No
Nigndlm.exeDLM.exeIGN Download Manager has become a requirement for downloading files through FilePlanet.com. It is based on Internet Explorer and it installs through an ActiveX-plugin, hence Internet Explorer must be installed beforehand and downloads has to be initialized through that browserNo
Xigsex2xigsex2x.exeNewDial premium rate adult content diallerNo
XIGuardPc.exeIGuardPc.exeIGuardPc rogue security software - not recommended, removal instructions here. A member of the AntiAID familyNo
?iHP-100iHPDetect.exeDrive Letter Searcher, iRiver iHP-100 iHP and H Series player related - does it need to start with Windows every time?No
XiilcIILC.EXEHomepage hijackerNo
XIinliptl.exePurityScan adwareNo
XIISADMINSsystems.exeAdded by the AGOBOT.U WORM!No
Xiisversiisvers.exeAdded by an unidentified TROJAN or adwareNo
Xiiuyvyuuzcx.exeAdded by the AGENT-EOF TROJAN!No
NiIWiperSystemwiper.exeSystem Wiper from iI Software - allows you to clear the history of your activites from you computer. Run manually on a regular basisNo
YIJ75P2PSERVERIJ75P2PS.EXEPrinter utility which is required in order to make the printer work correctlyNo
UIJNetworkScanUtilityCNMNSUT.EXENetwork utility available for some Canon scanners and multifunction devices. Allows the device to see computers on a network and those computers running the utility to control scanning via the Control Panel on the scanner - which saves you having to run back and forth between the scanner and your computerNo
YIKE Service 95IKEService.exeAssociated with PGP. The PGP Tray can be disabled, but without IKESERVICE you won't be able to de- or encrypt anythingNo
UiKeyWorksIKEYMAIN.EXEA4Tech wireless keyboard driver and utilityNo
UIKLrundll32.exe [path] IKL.dllIKL surveillance software. Uninstall this software unless you put it there yourselfNo
Xilassslsass.exeAdded by the INJECT-GZ TROJAN! Note - the legitimate lsass.exe process should not normally figure in Msconfig/Startup!No
NiLikeilikesidebar.exeiLike Sidebar for iTunes and Windows Media PlayerNo
XiLLeGaLMplayer.exeAdded by the HOLAR.C (or GALIL) WORM! Note - this should not be comfused with Windows Media Player which has the same filenameNo
XiLLeGaL.exeMplayer.exeAdded by the HOLAR.C (or GALIL) WORM! Note - this should not be comfused with Windows Media Player which has the same filenameNo
XilortgdgkeepSafe.exeAdded by the KILLAV.KAX TROJAN!No
?ILO_Office_ManagerIntEdReg.exe /OFFMANIntense Educational Ltd - Language Office Software. Is it required?No
UiLyriciLyric.exeiLyric plugin for Winamp media player. Allows you to retrieve the lyrics for your songs with the press of a button No
NiM Start CenteriM_Tray.exeInstalled with the Sound Blaster Audigy range of soundcards. A radio tuner installed if the user chooses during installation. Available via Start -> Programs -> iM Networks -> iM Radio TunerNo
XImagerundll32 [path] [trojan filename],InstallAdded by the WINSHOW.Y TROJAN!No
YImage & RestoreIMAGE32.exePart of McAfee Nuts & Bolts. Image/Restore can recover from drives that have been accidentally formatted or completely erased, if Image was recently runNo
XImage Remote Playerssysvn.exeAdded by a variant of the IRCBOT BACKDOOR!No
NImage TransferSonyTray.exeSony Image Transfer software provides direct image transfer from your digital camera to a PC - can be started manuallyNo
UImageDrive-{hex numbers}ImageDrive.exeNero ImageDrive from Ahead - virtual CD/DVD drive softwareNo
UImagefoximagefox.exeImageFox 2.0 (formerly available from ACDSee) is an "add-on" graphics previewer for most Windows Open/Save As dialog boxesNo
XImagemgt32Imagemgt32.exeAdded by the GEMA TROJAN!No
XImagePathtaskbarmngr.exeAdded by the SDBOT-XB WORM!No
UImageTunedthtml.exeImageTune from Hyundai ImageQuest. Rebranded version of Display Tune from Portrait Displays, Inc. - which "is the perfect software utility to initially set-up and adjust your display to achieve its optimum performance. All adjustments are made through a simple graphical user interface"No
XIMAPIload.exeAdded by the DOWNDEL-A TROJAN!No
NiMarkup ClientiUtil.exeEnables the iMarkup Client web page annotation utility to run in the background and be available in systray. Shortcut available via Start -> ProgramsNo
UImatioimation.exeImation Disk Manager - enables you to create a password protected area on your Imation USB flash driveNo
Ximchatimchat.exeAdded by a variant of the IRCBOT TROJAN!No
XIMClassSvhosl.exeAdded by an unidentified WORM or TROJAN!No
Ximcsslxmliwvug.exeAdded by the SLAPER.U TROJAN!No
XIMEconime.exeAdded by the DLDR-G TROJAN! Note - this is not the legitimate Console IME process of the same filename which is located in %System%. This one is located in %Windir%No
Nimekrmigimekrmig.exePart of MS Input Method Editor which is used to ease the input of Asian characters in MS Office (Chinese, Japanese and this one is Korean)No
NIMEKRMIG6.1IMEKRMIG.EXEPart of MS Input Method Editor which is used to ease the input of Asian characters in MS Office (Chinese, Japanese and this one is Korean)No
NImesh??Imesh is a file sharing systemNo
NImesh Auto Update??Update check for the Imesh file sharing system. Turn the update off under "options"No
XIMEvtMgr.exeIMEvtMgr.exeAdded by the KEYLOG-AR TROJAN!No
UImgIconImgIcon.exeDisplays Iomega icons in Explorer/My Computer, ejects Zip disks on shutdown and displays a special delete confirmation box when deleting files on an Iomega drive. Available via Start -> Programs. If you disable it remember to eject disks first before powering the drive down - hence the "U" recommendation. Note - FreeCell may not run with ImgIcon runningNo
Ximgit[path to file]Added by the BANKER-EM TROJAN!No
NImgStartImgStart.exeUsed by Iomega drives. Details of its purpose can be found here. Available via Start -> ProgramsNo
NImgTaskImgtask.exeRelated to the WalletPix digital photo album. "On some computers, the Wallet Pix device will leave behind a memory-resident file called ImgTask.exe. This file will be located in the operating system directory on your computer (typically %Windir%). You can remove this file at any time and it will not impact your computer's performance or functionality. The file will be restored each time you plug in the Wallet Pix though"No
UIMJPMIGIMJPMIG.EXEMicrosoft's Input Method Editor for the Japanese language which is used to both display and enable the input of characters in e-mails, documents, web forms and other files - should you need to. Found on PCs where East Asian languages have been installed through the Regional and Language options icon in the Control PanelYes
XIMJPMIG6.1HelpCat.exeAdded by the BESVERIT WORM!No
UIMJPMIG8.1IMJPMIG.EXEMicrosoft's Input Method Editor for the Japanese language which is used to both display and enable the input of characters in e-mails, documents, web forms and other files - should you need to. Found on PCs where East Asian languages have been installed through the Regional and Language options icon in the Control PanelYes
XIMJPMIG8.2msime82.exeAdded by the VB-CYG WORM!No
XIMJPMIG8.2msime80.exeAdded by the VB-CYJ TROJAN!No
?immcheck.exeimmcheck.exeRelated to I-FORCE driver for force feedback steering wheel?No
XImMsntimed.exeAdded by the WEBDOR.AK TROJAN!No
UIMOLIMOLApp.exeIncrediMail for Office Outlook Add-OnNo
UImonitorPlguni.exePart of McAfee's QuickClean - which removes internet clutter and unwanted programs. This entry monitor changes made to the registry so that they can be undone later using QuickClean - such as removing programs. QuickClean is now integrated into their Total Protection, Internet Security and AntiVirus Plus products primarily as a file cleaner/shredder and no longer supports program removalNo
Ximonitor[path to trojan]Added by the IMONI-A TROJAN!No
UIMONTRAYimontray.exeSystem tray monitoring of fans, temperature, voltage, etc for Intel motherboards. Only needed if you "overclock" or live in hot environment. Can also cause problems when running on a laptop if you change PCMCIA cardsNo
XimPlayokimPlayok.exeAdded by the CUTWAIL TROJAN!No
XIMprocessIM-svr.EXEIMNames adwareNo
UImScInstImScInst.exeMicrosoft's Input Method Editor which is used to both display and enable the input of characters from East Asian and Right-to-left (e.g. Arabic) languages in e-mails, documents and other files - should you need to. Found on PCs where these languages have been installed through the Regional and Language options icon in the Control PanelYes
UImScInst.exeImScInst.exeMicrosoft's Input Method Editor which is used to both display and enable the input of characters from East Asian and Right-to-left (e.g. Arabic) languages in e-mails, documents and other files - should you need to. Found on PCs where these languages have been installed through the Regional and Language options icon in the Control PanelYes
UIMStartIMStart.exeInterMute security software relatedNo
UIMVUIMVUClient.exeIMVU chat client that allows you to create "your own avatars who chat in animated 3D scenes"No
Ximwinsrvcacpmonsrv.exeAdded by the SLAPER.E TROJAN!No
XIMwireimwireup.exeSafeSurfing adware variant No
Ximxecsvbrun70sp4.exeAdded by the AGOBOT.ALA WORM!No
Xim_autornim_1.exeAdded by the IMAV.A WORM!No
Xim_autornim_2.exeAdded by the BAGLEDL-BO TROJAN!No
YInCDincd.exeAhead InCD packet writing software - similar to DirectCD. For Nero 5.0 or 5.5 (InCD3), it does not need to start with Windows. You can run InCD.exe manually before inserting an appropriately formatted CD-RW (CD-MRW) disk. For Nero 6.0, 6.3 or 6.6 (InCD4), it does need to start with Windows. It does not function correctly when you try to run it manually, and you will not have write access to MRW (Mount Rainier) formatted CD-RW (CD-MRW) or DVD-MRW disks. To regain write access and other features, InCD 4 must start with WindowsNo
NIncMailIncMail.exe"IncrediMail is an advanced, feature-rich email program that offers you an unprecedented interactive experience. Unique multimedia features will enable you to tailor your email experience so that it fits your mood and personality"No
Xincognitoincognito.exeAdded by an unidentified WORM or TROJAN! See hereNo
NInControl Desktop ManagerDMHKEY.EXEFor Diamond Multimedia video cards. Allows System Tray access to desktop utilities such as screen resolution. Available via Start -> ProgramsNo
XIncredible KeyloggerAdvKeylog.exeIncredibleKeylogger spywareNo
NIncredimailincredimail.exe"IncrediMail is an advanced, feature-rich email program that offers you an unprecedented interactive experience. Unique multimedia features will enable you to tailor your email experience so that it fits your mood and personality"No
NIncredimailIncMail.exe"IncrediMail is an advanced, feature-rich email program that offers you an unprecedented interactive experience. Unique multimedia features will enable you to tailor your email experience so that it fits your mood and personality"No
XIndex Servicedllhost32.exeAdded by the AGOBOT.CH WORM!No
UIndex WasherWashIdx.exeWindow Washer from Webroot Software. Useful utility that deletes safe to remove files, cookies, browsing history, etc. Available via from Start -> Programs. Disable within the program options - otherwise it is re-enabled in MSCONFIGNo
?IndexerIndexer.exePart of the Sharpdesk from Sharp Electronics. "A desktop-based, personal document management application that lets users browse, edit, search, compose, process, and forward both scanned and native electronic documents". What does it do and is it required?No
XIndexindicatorIndexindicator.exeAdded by the LAZAR TROJAN!No
NIndexSearchIndexSearch.exePart of Nuance (ScanSoft) PaperPort - "scan, organize, find and share all of your documents including paper, PDF, application files and photographs". Creates an index of files associated with PaperPort for easy searchingNo
UIndexTrayIndexTray.exePart of Sharpdesk from Sharp Electronics. "A desktop-based, personal document management application that lets users browse, edit, search, compose, process, and forward both scanned and native electronic documents"No
UIndicatorUtyIndicatorUty.exeFujitsu Hotkey Utility displays icons on the screen when you use hotkeys on a Fujitsu Siemens Lifebook, eg, when you press the hotkey for muting the sound, a loudspeaker icon with a cross on it is displayedNo
UIndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}NMIndexStoreSvr.exeIndexing service that catalogs all the media on your computer so that the files are available to all of the programs in the Nero suite of applicationsNo
Xinesvchosts.exeAdded by the RBOT.BNL WORM!No
XINETinetsync.exeMeplex adwareNo
XInet DataBaseInetdbs.exeAdded by the QEDS WORM!No
XInet Deliveryinetdl.exeInet Delivery adwareNo
XInet Deliveryinetdl_2.exeInet Delivery adwareNo
XInetapiNetapi.exeAdded by the NETDEVIL.14 TROJAN!No
XInetChkms[random value].exeAdded by the AGENT-IRL TROJAN!No
Uinetcntrlinetcntrl.exeBsafe Online - internet filterNo
?InetConfinetconf.exe??No
UInetdINETD32.EXEWindows Inet Daemon from Hummingbird Communications. "Hummingbird Inetd has the advanced ability to conserve PC resources by listening for connection requests and launching server daemons". Provides PCs with the full functionality of a UNIX workstationNo
Uinetinfo.exeinetinfo.exeExecutable used by MS Internet Information Server (IIS). If it's running, then so is IIS. Useful in knowing whether you require the patch for the Code Red worm. Comes with PWS (Personal Web Server) or NT4 and handles ASP-, PHP code (+ more)No
Xinetinfomon managerinetinfomon.exeAdded by the DONBOMB.A TROJAN!No
Xinetmgrinetmgr.exeActual Names (AdvSearch) Internet Keywords parasiteNo
XInetMSNmsnet.exeAdded by a variant of the SDBOT TROJAN!No
XInetServiceswsock32.exeAdded by the WOCK32-A TROJAN!No
Xinetsys[path to trojan]Added by the DELF-NV TROJAN!No
Xinfamous.exewmplayer.exeAdded by unknown malware. WMPLAYER.EXE is stored in the location and uses the same name as Windows Media Player but that valid Windows program doesn't load at startupNo
XInfeStopInfeStopRemover.exeInfeStop rogue spyware remover - not recommended, removal instructions hereNo
Xinfosmss.exeAdded by the VB.EIW WORM! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %System%\inetsrvNo
XINFO DATAapc.exeAdded by the RANDON.B WORM!No
UInfo Selectis.exeInfo Select from Micro Logic - personal information managerNo
XInfo32xInfo32x.exeAdded by the GEMA TROJAN!No
XInfoDatarundll32.exe ********.dll,realset [* = random char]Added by the VUNDO TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The random DLL file is found in %System%No
Xinfoguardrinfoguardrun.exeInfoGuard rogue security software - not recommended, removal instructions hereNo
UInfoPenMSNInfoPenIM.exeInfoPenMSN is a MSN Messenger plugin that allows you to send data written/drawn by hand No
?Infoplay.exeInfoplay.exeWritten by New Media Properties, LLC and you're asked if you want to download and install it if you visit one of their search engine websites (which I chose not to). What does it do and is it needed?No
XInformation Updateiu.exeDetected by Kaspersky as the CENTIM.CH TROJAN!No
UInfra-red MonitorIRMON.EXESystem Tray access to infra-red devices. Not required unless you use infra-red devicesNo
Xinfusinfus.exeAdult content diallerNo
UInfuzerInfuzer.exeInfuzer - "is a service that copies dates from the web or an email straight to your electronic calendar". Beware of the following adware trait - "Infuzer provides web site owners with a unique opportunity to communicate with their visitors in a way that is useful and relevant to them, as well as increasing return visits and brand awareness, and providing new e-commerce opportunities"No
Xinfwininfwin.exeVX2.Transponder parasite updater/installer relatedNo
XInit[path to trojan]Added by the DROPPER.EAT TROJAN!No
XInit32Init32.exeAdded by the WINEX.A TROJAN!No
XInitial Pageinstall.exeEasySearch browser hijack installer No
YInitialize8x88x8_init.exeTool that initializes a Pinnacle PCTV card - maybe in capture or in showing overlayNo
Xinixsminix32.exeAdded by the AGENT.CKQX TROJAN!No
Xinjobinjobs.exeAdded by the BINJO TROJAN!No
NInk MonitorInkMonitor.exeAssociated with Epson (and maybe other) printers. Tells you when the ink's running low and asks if you want to buy another cartridge on-lineNo
NInkWatchInkWatch.exeAssociated with Canon (and maybe other) printers. Tells you when the ink's running low and asks if you want to buy another cartridge on-lineNo
XInomsnmoo.exeAdded by the RBOT-DPM WORM!No
YInoRPCInoRpc.exeAssociated with eTrust Antivirus/InoculateITNo
YInoRTInoRT9x.exeAssociated with the Realtime Monitor of eTrust Antivirus/InoculateIT version 6 virus scanners from Computer Associates. For NT/2K/XP users you may need a patch if seeing high CPU useageNo
UInoTaskInoTask.exeScheduled scans and signature updates for eTrust Antivirus/InoculateIT version 6 virus scanners from Computer Associates. Leave enabled unless you manually update signatures or perform routine scans. If enabled it can result in high CPU useage when performing updatesNo
XiNoticeiservice.exeAdded by a variant of an MSN worm that tries to lure people to an infected site by using nude pictures and videosNo
?insCOA5insCOA5.exe??No
XInsiderInsider.exeAdded by the AGENT.KMC TROJAN!No
UInstaAlertInstaAlert.exe"Kayako InstaAlert allows you to receive realtime alerts whenever a ticket gets updated under the assigned departments. The application displays popups as and when the tickets are created or replied to allowing you to answer your customer requests and issues promptly"No
XInstafinderinstafinder.exeTopSearch.D adwareNo
XInstaFinderKInstaFinderK inst.exeInstaFinder adwareNo
XInstallInstall.exeAdded by the BANCBAN-HG TROJAN!No
XInstall part IIupdates.exeAdded by the RELFEERWORM!No
?Install Pending Filessifxinst.exeUninstall program for Lanovation's Prism Deploy and Prism Pack adminstrators software deployement tools. For specific information see here. Is it required?No
xinstall32install32.exeAdded by the NUCLEAR.DG BACKDOOR!No
NInstallAurealDemosInstallAurealDemos.jsUsed to initialize the Aureal A3D demos InstallShield wizardNo
UInstallBuddyIbtna.exeInstallBuddy - automatically translates and installs your desktop documents, such as Adobe PDF, HTML, Microsoft Word, Excel and PowerPoint files, to your Palm organizer when you HotSyncNo
XInstallCleanerInstallCleaner.exeAdded by the ANYHOMB.F TROJAN!No
XInstalled shell32.dllOffice.exe...Added by the LOVGATE.AO WORM!No
XInstalled shell32.dllOffice.exeAdded by the LOVGATE.E WORM!No
XInstallerdial.exeMalware - detected by Kaspersky as the AGENT.MM TROJAN!No
?InstallNAIProductSETUP.EXECould be related to Network Associates Inc who own the McAfee VirusScan product amongst others. This was found in a directory called "VSC". Could it be an installation that failed and "SETUP.EXE" was left to run at startup as an error?No
XInstallProgram[path to trojan]Added by the AGENT-HHU TROJAN!No
XInstallProvidernewsoftware2007install.exePart of WinAntiVirusPro 2007 and Privacy Protector rogue security software (and possibly others) - not recommendedNo
XInstalls SP2[path] repcale.exe [path] palsp.exeAdded by a variant of the RANDON.AN WORM! Both files are located in %System%\qpalspNo
XInstalls SP4[path] repcale.exe [path] p0rd.exeAdded by the RANDON-AK WORM! Both files are located in %System%\ekrlgcNo
UInstallstubinstallstub.exeTool for Outlook and Outlook Express from Plaxo for organising and keeping contacts organised and updated and providing online access to your contacts and access from PDA or mobile phoneNo
XInstance 001[path to worm]Added by the ALASROU-A WORM!No
XInstant Accessrundll32.exe EGDHTML_1023.dll, InstantAccessInstantAccess premium rate adult content dialler variant. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
XInstant Accessrundll32.exe eg_auth_****.dll, InstantAccess [**** = digits]InstantAccess premium rate adult content dialler variant. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
XInstant Accessrundll32.exe EGCOMLIB_****.dll, InstantAccess [**** = digits]InstantAccess premium rate adult content dialler variant. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
XInstant Accessrundll32.exe EGCOMSERVICE_****.dll, InstantAccess [**** = digits]InstantAccess premium rate adult content dialler variant. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
XInstant Accessrundll32.exe p2esocks_****.dll, InstantAccess [**** = digits]InstantAccess premium rate adult content dialler variant. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
XInstant Accessmwsrvacc.exeInstantAccess premium rate adult content dialerNo
XInstant Accesslinewsrv.exeInstantAccess premium rate adult content dialer variantNo
XInstant Buzz DaemonIBDaemon.exeInstant Buzz adwareNo
XInstant Messenger Serviceimservice.exeDetected by Kaspersky as the HEUR TROJAN!No
Xinstant messengersinstantmsgtr.exeAdded by the AGOBOT-PC BACKDOOR!No
NInstant Update Centerreminder.exeEvent reminder for calendar dates, etc from Broderbund PrintMaster. Disable using the program's own option (if available) or a startup manager as it will re-instate if disabled via MSConfigNo
UInstant Wireless Configuration UtilityWUSB11cfg.exeUtility used by the LINKSYS LINKSYS wireless USB Adapter (WUSB11) and indicates when a wireless access connection is made by a screen colour change. Also used for configurationNo
UInstant Wireless Configuration UtilityWPC11Cfg.exeUtility used by the LINKSYS wireless USB Adapter (WUSB11) and indicates when a wireless access connection is made by a screen colour change. Also used for configurationNo
NInstantAccessINSTAN~1.EXEFrom TextBridge Pro 9.0 OCR scanner software. Available via Start -> ProgramsNo
UInstantDriveInstantDrive.exePinnacle Systems (ex VOB) InstantDrive - creates a virtual CD-ROM drive on the computer's hard drive. Part of InstantCD/DVD burning softwareNo
XInstantPleasureinstantpleasure.exeAdult content diallerNo
XInstantPleasureXXXinstantpleasurexxx.exeAdult content diallerNo
NInstantTrayPCLETray.exePinnacle InstantCD/DVD disc creation software. Tray icon enabling a pop-up menu that lets you call up any of Instant CD/DVD's tools with one click. Can be started manuallyNo
Xinstitinstit.batAdded by the OPASERV.H WORM!No
XinstitINSTIT.BATAdded by the OPASERV.K WORM!No
?InstUtlR.exeInstUtlR.exe??No
XInSysSecureInSysSecure.exeInSysSecure rogue security software - not recommended, removal instructions here. A member of the AntiAID familyNo
Xintdctrridctup20.exeSafeSurfing adware variant No
XIntec Service Driversmsmsgrs.exeAdded by the SDBOT-ADN WORM!No
XIntec Service Drivers[path to worm]Added by the RBOT-GLU WORM!No
XIntec Service Driverswing32.exeAdded by the RBOT.HAZ WORM!No
XIntec Service Driversmsmsgredss.exeAdded by the SDBOT-AGL WORM!No
XIntec Services Driverrswinrvc.exeAdded by a variant of the SDBOT WORM!No
XIntec Services Driversmsupdate22e.exeAdded by the RBOT-CGC WORM!No
UIntegardTrayIntegardTray.exeSystem Tray access to Integardparental control software from Race River CorpNo
UIntel Active Monitorimontray.exeSystem tray monitoring of fans, temperature, voltage, etc for Intel motherboards. Only needed if you "overclock" or live in hot environment. Can also cause problems when running on a laptop if you change PCMCIA cardsNo
XIntel Audio Studio V2.0fmideploy.exeDetected by VBA32 as the BIFROSE.ADR TROJAN!No
XIntel Drivercsrs.exeAdded by a variant of the SDBOT WORM!No
UIntel File Transferxfr.exePart of Intel's LANDesk Management Suite 6 and the Common Base Agent (CBA) - used for communicating between the core server and managed clientsNo
XIntel Management Services v32mstime32.exeAdded by the AUTORUN-AYG WORM!No
UIntel PDSpds.exeIntel Ping Discovery Service (PDS). Part of Intel's LANDesk Management Suite 6 and the Common Base Agent (CBA) - used for communicating between the core server and managed clients. Will start the dial-up if installed and enabledNo
XIntel Physical Routine 1.2Astnetlib.exeAdded by the BACKDR-AS BACKDOOR!No
UIntel Product Number UtilityIntelProcNumUtility.exeIntel Processor Serial Number Control Utility allows you to enable and disable the processor serial number capability of an Intel PIII processor. You can find more information here. System Tray icon providing the user with a visual state indication. You can find more information hereNo
NIntel PROSet Tray Iconpromon.exeSystem Tray icon for Intel PRO series ethernet adapters giving access to the diagnostic featuresNo
XIntel Service Driversmsconfig16.exeAdded by the MSCONFIG16 TROJAN!No
XIntel system toolhookdump.exeAdded by the SPYRE-H TROJAN!No
XIntel system toolwinnook.exeAdded by the SPYRE-C TROJAN!No
XIntel system toolsvehost.exeAdded by the AGENT-EBT TROJAN!No
XIntel system worksiis.exeAdded by the RBOT.QGA WORM!No
UIntel(R) Common User Interfaceigfxtray.exeSystem Tray access to display settings for Intel desktop and mobile motherboard chipsets with integrated graphics. With this enabled, you can access settings like graphics properties and hot key settings via the icon on the System Tray. Different chipset versions may have different options available. These options are normally also available via the system Control Panel - under Display (XP) or Personalization and Appearance (Vista)Yes
UIntel(R) Common User Interfacehkcmd.exeHot Key handler for Intel desktop and mobile motherboard chipsets with integrated graphics. With this enabled, you can access settings like graphics properties and screen rotation via pre-programmed key combinations - such as CTRL+ALT+F12 which displays the graphics properties (otherwise available via a right-click on the desktop or the Control Panel). Different chipset versions may have different pre-programmed settings and in some cases these may be programmableYes
UIntel(R) Common User Interfaceigfxpers.exeInstalled with the graphics drivers for Intel desktop and mobile motherboard chipsets with integrated graphics. It's purpose or function isn't known at present but testing with it disabled would appear to indicate it isn't required - hence the recommended "U" statusYes
Xintel32.exeintel32.exeAdded by the SmitFraud alias SPYJACK-B TROJAN!No
UIntelAPMClientamclient.exeLANDesk® Management Suite software componentNo
NIntelAudioStudioIntelAudioStudio.exe"Intel Audio Studio combines Intel® High Definition audio hardware features with Sonic Focus* Audio Refinement and Dolby* technologies to provide you with a comprehensive tool that puts you in control of your audio experience". Audio utility supplied with some Intel motherboardsNo
XInteliSyssmss.exeAdvertisingvision adware. Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
Xintell32.exeintell32.exeAdded by the SmitFraud alias Desktophijack.C TROJAN!No
Xintell321.exeintell321.exeAdded by the SPYJACK-B TROJAN! No
XIntelli Mouse Pro Version 2.0Bncsjapi32.exeAdded by the BUZUS-O WORM!No
XIntelliflag_be.exeIntelliflag_be.exeIntelliflag spywareNo
UIntelliPointpoint32.exeMicrosoft IntelliPoint utility (up to version 5.4) - required to support the programmable buttons and additional features on Microsoft's range of mice, If this entry is disabled, any programmed buttons or program-specific settings will not be supportedYes
UIntelliPointipoint.exeMicrosoft IntelliPoint utility (from version 5.5) - required to support the programmable buttons and additional features on Microsoft's range of mice, If this entry is disabled, any programmed buttons or program-specific settings will not be supportedYes
UIntellitypetype32.exeMicrosoft IntelliType Pro utility (up to version 5.4) - required to support the multimedia keys, programmed keys and key macros on Microsoft's range of keyboards. If this entry is disabled, any programmed keys or actions will not be supported and keys will not function as expected in applications with advanced text services enabledNo
UIntelMEMIntelMEM.exeRelated to connection events on an Intel chipset based modem. It can alert you if the telephone line is being used when you're trying to get online (when you're using dial-up). It can also alert you if your modem line is disconnected. Furthermore, it can alert you if you have made a wrong connection with your modem lineNo
XIntelprcAas3lovu.exeAdded by the SILLYFDC-CG WORM!No
UIntelProcNumUtilitycpunumber.exeIntel Processor Serial Number Control Utility allows you to enable and disable the processor serial number capability of an Intel PIII processor. You can find more information here. System Tray icon providing the user with a visual state indication. You can find more information hereNo
YIntelWirelessifrmewrk.exeAssociated with the Intel PRO/Set Wireless softwareNo
UIntelZeroConfigZCfgSvc.exeZero Config MFC Application, part of Intel's ProSET utilities and installed by the drivers for many of Intel wireless network cards - essential to the proper functioning of many of the Intel ProSET utilities (but not all) and these System Tray ProSET utilities are a must if you are using your wireless connection, if only so you know when the signal is fading or dropping. The problem is that, in some PCs, ZCFGSVC can be incredibly badly behaved : taking up to 100% of CPU time and therefore resulting in an extremely slow PC, preventing the installation of software or Windows updates, or causing "Not Responding" or "End this Program" shutdown problems. If you experience this, try first the very latest drivers from Intel or your laptop manufacturer. If that still does not solve the problem and you have WinXP/2003, try setting the "Wireless Zero Configuration" service to disabledNo
?Intense Registry ServiceIntEdReg.exe /CHECKIntense Educational Ltd - Language Office Software. Is it required?No
XInterceptedSystem[path to worm]Added by the ANACON-B WORM!No
YInterCheck MonitorIcmon.exePart of Sophos ant-virus sofwareNo
YInterCheckMonitorICMON.EXEPart of Sophos anti-virus sofwareNo
XInterdllInterdll.exeAdded by the DELF family of TROJANS!No
XInternal[trojan filename]Added by the SMOTHER and TRANSLAT TROJANS!No
XInternalregedit.exe /s c[month number]Added by the FORTNIGHT.D TROJAN! Note that the Windows registry editor (regedit.exe) is a legitimate Microsoft file located in %Windir% and shouldn't be deleted. The file "c[month number]" is located in %Windir%, ie, C:\Windows\c10No
XInternal Memory Filesysintmemory.exeAdded by the RBOT-GKT WORM!No
XInternalSystrayKazza.exeAdded by the OPTIXPRO.12.C BACKDOOR! Note - unlike the valid KaZaA executable, this is located in %System%No
Xinternatinternat.exeAdded by the LYDRA-F TROJAN! Note - the real internat.exe resides in %windir%\system (where %windir% is the Windows directory - C:\Windows or C:\Winnt) whereas this version resides in %windir%No
XInternatsystray.exeAdded by the ALADINZ.P TROJAN! Note - this is not the legitimate systray.exe process. If you right-click on the real systray.exe the "Properties" reveal it to be a Microsoft fileNo
XInternatmsgsrv32.exeAdded by the NYRUBOT-A BACKDOOR! Note - this is not the legitimate msgsvr32.exe process on a Win9x/Me system which should not appear in MSConfig/startup!No
XInternat[trojan filename]Added by the CMJSPY-Y TROJAN!No
XInternat Confbootconf.exeHomepage hijacker, redirecting to coolwwwsearch.com; see for example hereNo
Ninternat.exeinternat.exeMicrosoft language selection icon in system tray, located in the System (Win98/Me) or System32 (WinNT/2K/XP) folderNo
XInternat.exeinternat.exeAdded by the NETSNAKE TROJAN! Note - the real internat.exe resides in %windir%system (Win98/Me) or %windir%System32 (WinNT/2K/XP) (where %windir% is the Windows directory - C:\Windows or C:\Winnt) and has a "?" icon wheras this version resides in %windir% and has a ZIP iconNo
XinternctWinSocks5.exeAdded by the GRAYBIRD.F TROJAN!No
Xinternetsmss.exeAdded by the MIFENG-K TROJAN! Note - this is not the legitimate smss.exe process which should NOT appear in Msconfig/Startup!No
XInternetInternet.exeAdded by the PWS-CS TROJAN!No
XInternetrecruit.exeAdded by the RBOT-AJG WORM!No
Xinternet[trojan filename].exeAdded by the MIFENG-D TROJAN!No
XInternetwinlogom.exeAdded by a variant of the SDBOT WORM!No
XInternetnteusodp.exeAdded by the RBOT-GFJ WORM!No
Xinternetwinsas32.exeAdded by a variant of the SDBOT WORM!No
Xinternetlsass.exeAdded by the DSPY-A TROJAN! Note - this is not the legitimate lsass.exe process which should not normally figure in Msconfig/Startup!No
XInternetalm7tas.exeAdded by a variant of the RBOT WORM!No
XInternetwins.exeAdded by the RBOT.AAYF WORM!No
UInternet Answering MachineIAMNET~1.EXEFrom Callwave. It offers a free utility to monitor your incoming phonecalls if you only have a single telephone line for internet accessNo
UInternet Answering MachineIAM.exeFrom Callwave - offers a free utility to monitor your incoming phonecalls if you only have a single telephone line for internet accessNo
XInternet AntivirusIAvir.exeInternet Antivirus rogue security software - not recommended, removal instructions hereNo
XInternet Antivirus ProIAPro.exeInternet Antivirus Pro rogue security software - not recommended, removal instructions hereNo
XInternet Application DriverexpIorer.exeAdded by the IRCBOT-WK TROJAN!No
UInternet Call DirectorICD.EXETELUS Internet Call Director (ICD) provides Internet users with real-time call notification while connected to the InternetNo
UInternet Call ManagerICM.EXEStarts Internet Call Manager dialog box and/or taskbar icons at bootup. This is a subscription program from internetcallmanager.com that monitors a dialup phone line for incoming calls and handles voicemailNo
XInternet Configsvchosts.exeAdded by the SDBOT TROJAN!No
XInternet Connection Wizardstisvsq.exeEasySearch adwareNo
XInternet Connection Wizard[path to trojan]Added by the SMUTSRCH-A TROJAN!No
XInternet Connection Wizardstisvsq1.exeAdded by the DLOADR-AWD TROJAN!No
XInternet Content PublisherICP.EXEAdded by the RBOT-UD WORM!No
UInternet Disk CleanerCLEARH~1.EXE"Internet Disk Cleaner from Elongsoft "protects your privacy by cleaning up all Internet tracks and past computer activities"No
UInternet Download Acceleratorida.exeInternet Download Accelerator download manager No
XInternet download manager serviceidman.exeAdded by the RBOT-BMS WORM!No
XInternet Exploere Servicesurlmon32.dll.exeAdded by the EVIAN.C WORM!No
XInternet Explore MicrosoftlEXPLORE.EXEAdded by the RBOT-AOF WORM! Note - the executable is spelt with a lower case "L" rather than an lower or upper case "i" which is the case with Internet ExplorerNo
XInternet Exploreriexplorer.exeAdded by the LORSIS WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe)No
XInternet ExplorerIEXPLORE.EXEAdded by the RBOT-EY WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System%No
XInternet ExplorerIExplorer.exeAdded by the NETHIEF-O BACKDOOR! Note - this is not the legitimate Internet Explorer (iexplore.exe)No
XInternet Explorerhttp.exeAdded as part of a new potential CWS infection, and part of a suite of programs that installs a web server, php, ftp server, socks, and mail server on your computer without your knowledge. These files are known to be part of an infection that transmits information about your bank accounts, passwords, and other financial information. It should be deleted immediately, you should enable your firewall, and you should contact your financial services in order to report the issue and to have your passwords changedNo
XInternet Exploreriexpiore.exeAdded by the RBOT-AZC WORM!No
XInternet ExplorerIEPLORE32.EXEAdded by the AGOBOT-CU WORM!No
XInternet Explorertwain.exeAdded by the AGENT.BEA TROJAN!No
XInternet Explorer Agentiexplorer.exeAdded by the AGENT-BH TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe)No
XInternet Explorer Auto-Updateupdt32v5.exeAdded by the SPYBOT-AB BACKDOOR!No
XInternet Explorer ConfigurationIEXPLORE.EXEAdded by the SDBOT-UL WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System%No
XInternet Explorer Securityiexplore.pifAdded by the RBOT-ALQ WORM!No
XInternet Explorer Sys32isys32.exeAdded by the IRCBOT-ADA WORM!No
XInternet Explorer Updaterlexbac.exeAdded by the DOWNLOAD TROJAN!No
XInternet Explorer Updateriexplorer.exeAdded by the REUR.B WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe)No
XInternet Explorer6IEexplore.exeAdded by the RBOT.AGC WORM. Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System%No
XInternet Explorer6.0IEXPLORE.EXEAdded by the RBOT.ENZ WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System%No
XInternet Firewall Layertsqla.exeAdded by a variant of the SPYBOT WORM!No
UInternet History EraserHERASER.exeInternet History Eraser - deletes your browsing tracksNo
XInternet Loader1MSInstall61.exeAdded by the KWBOT.B WORM!No
XInternet Mail and Newsmsqdevl.exeEasySearch adwareNo
XInternet Mail and News[path to trojan]Added by the SMUTSRCH-A TROJAN!No
XInternet Mail and Newsmsqdevl1.exeAdded by the DLOADR-AWD TROJAN!No
XInternet Optimizeroptimize.exeInternet Optimizer parasite - detected by Sophos as the DLUCA-G TROJAN and variantsNo
XInternet Protocol Configuration Loaderipcl32.exeAdded by the SDBOT TROJAN!No
XInternet Security 2010IS2010.exeInternet Security 2010 rogue security software - not recommended, removal instructions hereNo
XInternet Security Servicemsq32.exeAdded by the RBOT-GFP WORM!No
XInternet Security Servicemsq23.exeAdded by the RBOT-GQL WORM!No
XInternet Security Servicemsql23.exeAdded by the RBOT-GML WORM!No
XInternet Security Servicemysqlwin32.exeAdded by the RBOT.UX TROJAN! No
XInternet Security Serviceexpllorer.exeAdded by the REFROSO.AFF TROJAN!No
XInternet SendMore log.exeUnidentfied adwareNo
XInternet Serverinetsrv.exeAdded by the STARTPA-EM TROJAN!No
XInternet Serviceintersvc.exeAdded by the SPYBOT-DE WORM!No
Xinternet servicesyscfg32.exeAdded by the RBOT-QS WORM!No
Xinternet servicessvhost.exeAdded by a variant of the RBOT WORM!No
Xinternet servicesvho0st98.exeAdded by the RBOT.EAT WORM!No
XInternet Servicessystemdev.exeAdded by the SDBOT-PW WORM!No
XInternet Servicesinternet.exeAdded by the MYTOB.BT WORM!No
XInternet Servicesinterserv.exeAdded by the RBOT.BNT WORM!No
XInternet ServicesNetsvc.exeAdded by the MYTOB.MN WORM!No
XINTERNET SERVISESwinz32.exeAdded by the KWBOT.Z WORM!No
YInternet Sharing Serveriss_srvr.exeIntel AnyPoint internet sharing software. Now discontinuedNo
XInternet Suspentionstory.exeAdded by the WOOTBOT.HV WORM!No
NInternet SweeperSweeper.exeInternet Sweeper - removes unnecessart left over files after browsing the internetNo
UInternet TimerITIMER.exeShareware dial-up connection call cost calculator from RatsoftNo
XInternet Washer Proiw.exeInternet Washer manages temporary browser files, cookies, etc - a 'trial' Internet Washer Pro seems to have been widely stealth-installed around March 2003No
XInternet.exeInternet.exeAdded by the MAGICCALL VIRUS!No
Xinternet.exeyinyin3345.vbsAdded by the YINI MACRO!No
XInternet2 Optimizerwkfix.exeAdded by a variant of the RBOT WORM!No
NInternetCallsInternetCalls.exeInternetCalls - free internet telephony utility using the VoIP (Voice over Internet Protocol). Call online friends for free and regular phones either for free (limited use) or low rates. One of a number provided by Betamax - the others generally have different rate plans. Similar to the more popular SkypeYes
XInternetExplorer2windows.exeAdded by the SDBOT-CZP WORM!No
XInternetExplorer32iexplore32.exeAdded by the RBOT-GRA WORM!No
XInternetGetConnectedStatewinupdate.exeAdded by the SDBOT-JN WORM!No
XInternetGetConnectedStateExwinupdate.exeAdded by the SDBOT-JN WORM!No
XInternetShieldINTERN~1.EXEInternetShield rogue security software - not recommended, see hereNo
XInternetShieldInternetShield.exeInternetShield rogue security software - not recommended, see hereNo
UInternetSpyInternetSpy.exeInternet Spy - freeware keylogger that tracks all visited websites including the date and exact time these sites were visited. The information is stored in a file that may be accessed by the person who knows where it is saved. Remove unless you installed it yourself!No
XInternetWasherProiw.exeInternet Washer manages temporary browser files, cookies, etc - a 'trial' Internet Washer Pro seems to have been widely stealth-installed around March 2003No
XInternet_Explorermicrosoft.exeAdded by the BANKER-EUQ TROJAN!No
XInternet_Explorer.exeInternet_Explorer.exeAdded by the BANKER-END TROJAN!No
XINTERNET_SERVISESwinz32.exeAdded by the SDBOT.Q TROJAN!No
XInternet_SpeedupCable Accelerator.exeAdded by the SPEEDUP-A WORM!No
UInternodeUsagemum.exeAustralian ISP's free monthly download meterNo
XInterntInternt.exeAdded by the PEEPER or CARUFAX.A TROJANS!No
XInters Configuration LoaderRCL0ADERS.exeAdded by the SDBOT-KX WORM!No
XIntersoft Msngrintersoftmsngr.exeAdded by the AGOBOT-NW WORM!No
NInterTrust Quick Startit_cpq~1.exeInterTrust offers something known as Digital Rights Management to control legal software download and other E-commerce related businessNo
XInterUWINDRV.EXEAdded by the IRCINTER.A TROJAN!No
NIntervideo Win Cinema ManagerWinCinemaMgr.exeWinCinema Manager is needed when using the WinDVD Remote Control for WinDVD from Intervideo. Available via Start -> ProgramsNo
NIntervideo Win Cinema ManagerWINCIN~1.EXEWinCinema Manager is needed when using the WinDVD Remote Control for WinDVD from Intervideo. Available via Start -> ProgramsNo
NIntervideo WinCinema ManagerWinCinemaMgr.exeWinCinema Manager is needed when using the WinDVD Remote Control for WinDVD from Intervideo. Available via Start -> ProgramsNo
NIntervideo WinCinema ManagerWINCIN~1.EXEWinCinema Manager is needed when using the WinDVD Remote Control for WinDVD from Intervideo. Available via Start -> ProgramsNo
NIntervideo WinSchedulerWinScheduler.exeWinScheduler is installed with WinDVD Remote Control for WinDVD from Intervideo. If you want to schedule recordings from your TV tuner card, you will need it. Available via Start -> ProgramsNo
NIntervideo WinSchedulerSchSvr.exeWinScheduler is installed with WinDVD Remote Control for WinDVD from Intervideo. If you want to schedule recordings from your TV tuner card, you will need it. Available via Start -> ProgramsNo
NInterVoipInterVoip.exeInterVoip - free internet telephony utility using the VoIP (Voice over Internet Protocol). Call online friends for free and regular phones either for free (limited use) or low rates. One of a number provided by Betamax - the others generally have different rate plans. Similar to the more popular SkypeYes
UInterWARNinterwarn.exeInterWARN by Storm Alert Inc. Provides customized, automated access to critical weather and civil emergency information from the US National Weather Service. Required if audio and screen crawler alerts are desired. Also available via Start -> ProgramsNo
XIntespentionIEXPLORE.exeAdded by the FORBOT-FL WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System%No
XIntmgrIntmgr.exeAdded by the GEMA TROJAN!No
XintranetSYS32CFG.EXEAdded by the SPYBOT-DW WORM!No
XIntranetintranet.exeAdded by the CHIMOZ.AC TROJAN!No
XIntranetschost.exeAdded by the RBOT.SV BACKDOOR!No
XIntranet Explorer[random filename]Added by the POEBOT.DK BACKDOOR!No
XIntrenatIntrenat.exeAdded by the LEMIR.E TROJAN!No
NIntroducing Media ManagerSPLASHA.EXEMS Media Manager tour. Not requiredNo
NIntroduction-Registration??For Compaq PC's. Should only run first time, PC Introduction & Compaq registrationNo
XIntruderAlertia99.exeIntruder Alert '99 from Bonzi - spywareNo
XIntSys1[path to trojan]Added by the BANLOA-ASE TROJAN!No
YIntuit SyncManagerIntuitSyncManager.exeSynchronizes local Intuit Quickbooks data with online data - "Use the Intuit Sync Manager to find the status of your latest QuickBooks data sync, manage sync frequency, and stop or start syncs at any time". See here for more informationNo
UInventory ScanLDISCN32.EXELANDesk® Management Suite software componentNo
XIoadqmMedia Player.exeAdded by the HAWAWI WORM!No
NiobiiobiClient.exeiobi Home - a mail/voice service by VerizonNo
Yiolo AntiVirusioloAV.exeiolo AntiVirusNo
Yiolo Personal FirewallioloFW.exeiolo Personal FirewallNo
UIolo Task AgentTask_Agent.exeIolo System Mechanic Task Agent. Scheduled maintenanceNo
Niolo Utility BarSMUtilityBar.exeIolo System Mechanic Utility Bar - can be launched manuallyNo
UioloDelayModuledelay.exePart of Iolo System Mechanic. Used to delay the start of an application which loads automatically as Windows loadsNo
UIomega Active DiskAD2KClient.exeActive Disk from Iomega - allows software applications to be run directly from compatible removable media such as Zip®, Rev, FireWire, USB and Mini flash. Required if you wish the applications to launch on insertion of a diskNo
UIomega Automatic Backupibackup.exeIomega Automatic Backup - automatic backups for use with Iomega portable HDDNo
UIomega Automatic Backup 1.0.1ibackup.exeIomega Automatic Backup - automatic backups for use with Iomega portable HDDNo
NIomega Backup Schedulerdtiom98.exeUsed by Iomega drives. Details of its purpose can be found here. Available via Start -> ProgramsNo
UIomega Disk IconsIMGICON.EXEDisplays Iomega icons in Explorer/My Computer, ejects Zip disks on shutdown and displays a special delete confirmation box when deleting files on an Iomega drive. Available via Start -> Programs. If you disable it remember to eject disks first before powering the drive down - hence the "U" recommendation. Note - FreeCell may not run with ImgIcon runningNo
UIomega Drive IconsIMGICON.EXEDisplays Iomega icons in Explorer/My Computer, ejects Zip disks on shutdown and displays a special delete confirmation box when deleting files on an Iomega drive. Available via Start -> Programs. If you disable it remember to eject disks first before powering the drive down - hence the "U" recommendation. Note - FreeCell may not run with ImgIcon runningNo
UIomega ImIconXPimiconxp.exeIomega REV System Software - allows your Iomega REV drive to interact with the operating system via the Iomega REV UDF file system, and provides drag-and-drop file access, access and write protection, and formatting of the disksNo
?Iomega QuickSyncQuicksync.exe??No
NIomega Startup OptionsIMGSTART.EXEUsed by Iomega drives. Details of its purpose can be found here. Available via Start -> ProgramsNo
NIomega WatchIOWATCH.EXEUsed by Iomega drives. Available via Start -> ProgramsNo
NIomegaWareCOMMANDER.EXEUsed by Iomega drives. Details of its purpose can be found here. Available via Start -> ProgramsNo
XIomega_loaderIomega_loader.exeAdded by the ANTINNY.F WORM!No
UIomon98.exeIomon98.exePC-Cillin 98 real time virus check. Can cause floppy disk accesses to hangNo
Xioroxxo microsoft suxsystem32.exeAdded by a variant of the RBOT WORM!No
XIPIP.EXEAdded by the AGOBOT-QO WORM!No
UIP Changer 2.0IPChanger.exeIP Changer 2.0 from Plustech Inc - network configuration management toolNo
XIP Packet Redirect Serviceipredirect.exeAdded by the FORBOT.SM WORM!No
XIP Stackipstack.exeAdded by the AGOBOT.CW WORM!No
XIP**.exe [* = random char]IP**.exe [* = random char]CoolWebSearch/HomeSearch adware - for examples, see this logNo
XIP**32.exe [* = random char]IP**32.exe [* = random char]CoolWebSearch/HomeSearch adware - for examples, see this logNo
NiPalmmon.exeInstalled with a Panasonic iPalm digital camera. Used to upload photos from the camera. If your camera is not connected (via USB port) you do not need this program loadedNo
XIPC Connectionipcconn.exeAdded by the RBOT-AEG WORM!No
XIPC Spool Managerwnmgre.exeAdded by the SDBOT-ZC WORM!No
XIPC Spool Managerwinspec.exeAdded by the SDBOT-BLU WORM!No
Xipcfg.exeipcfg.exeAdware - detected by McAfee as a variant of the ADCLICKER-BM TROJAN!No
XIPClearlauncher.exe IpClearUp.exeIPClear rogue security software - not recommended, removal instructions here. Both files are located in %ProgramFiles%\IPClearNo
XIPConfigsvcxnv32.exeAdded by the HACARMY.E TROJAN!No
XIPConfigsvcxnw32.exeAdded by a variant of the HACARMY.E TROJAN!No
XIPConfigipconfigs.exeAdded by the HACARMY.C BACKDOOR!No
XIpCtrlipcon32.exeAdded by an unidentified VIRUS, WORM or TROJAN! No
XIPFWipwf.exeAdded by the DLOADER-YF TROJAN!No
?IPHSendIPHSend.exeAOL related. What does it do and is it required?No
NIPInSightLAN 01IPClient.exeIP Insight is a Quality of Service monitor and diagnostic tool that isn't required - see here for more information. Included with services from BellSouth, Visual Networks and others. If you have more that one such service installed there may be two or more entries - i.e., IPInSightLAN 02, etcNo
NIPInSightMonitor 01IPMon32.exeIP Insight is a Quality of Service monitor and diagnostic tool that isn't required - see here for more information. Included with services from BellSouth, Visual Networks and others. If you have more that one such service installed there may be two or more entries - i.e., IPInSightMonitor 02, etcNo
YIPinstN/AFor Gilat Communications internet satellite systems. Gilat rescue (Satellite system restore). Required if you have this system. Can cause a BSOD (blue screen of death) if left outNo
XIPLog Securityiplogsec.exeAdded by the IRCBOT.GP BACKDOOR!No
?iPlusAgent2iAgent2.exeRelated to iriver portable media products. What does it do and is it required?No
Xipmon.exeipmon.exeAdded by the RECERV or R3C.B TROJANS!No
XIpNetworkipnetwork.exeMaxifiles adwareNo
XIpnukerIpnuker.vbsAdded by the INKER.B WORM!No
NIPO3IP Operator 2005.exeIP Operator 2005 - found on LG Electronics Notebook. The applet makes network connections easier to view and manage than does the standard Windows Network Connections tool. The WLAN module is easy to turn on or off with the press of a single buttonNo
XIpod Help[9 random letters].exeAdded by a variant of the RBOT WORM!No
XiPOD USB DriverIPODUSB.EXEAdded by a variant of the RBOT WORM!No
XiPod USB ServiceiPODService.exeAdded by a variant of the RBOT WORM! Do not confuse with the Apple iPod process of the same name. The legitimate iPod file will always be located in the %ProgramFiles%\iPod\bin folder and is implemented as a system service, thus not listed in Msconfig/Startup!No
NiPodderiPodder.exeiPodder (now known as Juice) - a free utility that "allows you to select and download audio files from anywhere on the Internet to your desktop". This entry is present if you choose the option to add it to the startup group during installationYes
UiPodManageriPodManager.exeApple iPod® management software for the iPod® player - updates, formating, restoring and other functions associated with the iPod®No
?iPodWatcheriPodWatcher.exeAssociated with Apple's iPod® player. Detects when the iPod® is connected?No
Uipointipoint.exeMicrosoft IntelliPoint utility (from version 5.5) - required to support the programmable buttons and additional features on Microsoft's range of mice, If this entry is disabled, any programmed buttons or program-specific settings will not be supportedYes
XIPOT Service Driverscompaq.exeAdded by a variant of the FUROOTKIT TROJAN!No
XIPOT USB Service DRIVERhpsebc087.exeAdded by the SDBOT-WA WORM!No
XIPOT USB Service DRV32hpsebc08.exeAdded by the SDBOT-WH WORM!No
NIPPDetectIPP4Detect.exePart of Presto! Mr.Photo - "an ideal program for creating, sharing, and manag-ing digital images and videos" No
Xipregipreg.exeAdded by the ZAGABAN-H TROJAN!No
?iPrint LPT Redirectornipplpte.exeRelated to Novell iPrint - "a printing solution that enables you to send documents to printers located throughout the Net." Is it required?No
NiPrint Trayiprntctl.exeNovell® iPrint - based on Novell Distributed Print Services - enables you to send documents to printers located throughout the NetNo
UiProtectYouip.exeiProtectYou - internet filtering/parental control and network monitoring softwareNo
XipruniPY.exeiProtectYou spywareNo
XIPSEC Configurationwsupdate.exeAdded by the AGOBOT-IQ WORM!No
XiPSec7ipsec7.exeAdded by the AGENT.AHVR TROJAN!No
UipsecdialerIPSECD~1.EXECisco VPN Client - lets local users gain Administrator privileges on the operating systemNo
Uipsecdialeripsecdialer.exeCisco VPN Client - lets local users gain Administrator privileges on the operating systemNo
YIPSecMonIPSecMon.exeMicrosoft L2TP/IPSec VPN Client for Win98/Me/NT. Secure technology for making remote access virtual private network (VPN) connections across public networks such as the InternetNo
XIPTable ConfigurationWinipcfgs.exeAdded by a variant of the RBOT WORM!No
Niptrayiptray.exeSystem Tray access to Intel Desktop Utilities - "provides you with the means to monitor system temperatures, voltages, fan speeds, and hard drive health; view detailed system information, and test your system hardware for common errors"No
XIPv6 Helper Drivercsass.exeAdded by the AGOBOT.TC WORM!No
XIPv6 STUN Servicenetstun.exeAdded by a variant of the SDBOT WORM!No
NIPWIPW.exeInternet Phone Wizard from Actiontec - Voice over IP (VoIP) that allows you to "make and receive free Internet calls on your regular phone" whilst "at the same time, make and receive regular (landline) calls on your phone"No
Nipwusbipw.exeRelated to Internet Phone Wizard from Actiontec - Voice over IP (VoIP) that allows you to "make and receive free Internet calls on your regular phone" whilst "at the same time, make and receive regular (landline) calls on your phone"No
Xipwfipwf.exeAdded by the SCHOEBERL TROJAN!No
XIpWinsipwins.exeIPWins adwareNo
Xipxwshelipxwshel.exeAdded by the WAREZOV.DG WORM!No
Xipyjywoniz.exeAdded by the SDBOT.BQD WORM!No
?IQES.exeiqes.exe??No
Xiqmanager.exeiqmanager.exeIQ-Manager ransomware copyright scanner - not recommended, removal instructions hereNo
UIr41_32.axregsvr32.exe Ir41_32.axIntel® Indeo® video 4.4 Decompression Filter related. The "Ir41_32.ax" file is located in %System%No
Xirassyncirasyncd.exeIRASSync adwareNo
Xirc sessionsessionmgr.exeAdded by the SDBOT-ACE WORM!No
YIREIKEIreIKE.exeMicrosoft L2TP/IPSec VPN Client for Win98/Me/NT. Secure technology for making remote access virtual private network (VPN) connections across public networks such as the InternetNo
NIridiumTimeWizardiridium.exeIridium TimeWizard - a small program for finding out the time in different parts of the worldNo
NiRis Active Monitorwinmon32.exeIris Antivirus - discontinued, replace with good alternativeNo
NiRiS AntiVirus Active MonitorWIMMUN32.exeIris Antivirus - discontinued, replace with good alternativeNo
UIRIS_S2PScan2pc.exeScan to PC application for the scanning function of the Samsung CLX-3160 Series multifunction laser printerNo
UIRIS_XRX_S2PScan2pc.exeScan to PC application for the scanning function of the Xerox Phaser 6110MFP multifunction laser printerNo
?iRiver AutoDBMLService.exePart of the iRiver AutoDB music management utility for some of their music players which appears to be based upon (or is a rebranded version of) MoodLogic - which has now been discontinued. some users claim it is worthless, prone to lock-ups, and slow as a turtle but what does it do and is it required?No
NiRiver UpdaterUpdater.exeUpdater for the iRiver AutoDB music management utility for some of their music players which appears to be based upon (or is a rebranded version of) MoodLogicNo
UIrMonIRMON.EXESystem Tray access to infra-red devices. Not required unless you use infra-red devicesNo
?IRPMonitoritcnmon.exe??No
XIRQ Assigning AgentIRQconf.exeAdded by the SDBOT-CSV WORM!No
Xirssyncdirssyncd.exeSafeSurfing adware variantNo
XIrwftp[path to trojan]Added by the BANCOS-AP TROJAN! No
Xirwftpiexplorer.exeAdded by the BANKER-AN TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe)No
Xirwftpftpmon.exeAdded by the BANCBAN-BO TROJAN!No
UIrXferIrXfer.exeMicrosoft Infrared Transfer applicationNo
Xir_ftpir_ftp.exeAdded by the IRFTP TROJAN!No
Xir_ftpirwftp.exeAdded by the BANCOS.H TROJAN!No
NIS CfgWizcfgwiz.exeNorton Internet Security configuration wizardNo
XiSafeAViSafeAV.exeiSafe AntiVirus rogue security software - not recommended, removal instructions hereNo
Xisamini.exeisamonitor.exeAdded by the ZLOB.MEDIA-CODEC TROJAN! This purports to be a Windows Media Player upgrade (with names such as "iCodecPack", "X Password Manager" and "Media-Codec") to allow the user to view adult oriented videos on certain websites - but actually downloads and installs additional malware on the user's machine. Various directories and filenames are used - see the link for details. The most popular for this example appears to be "Video ActiveX Object"No
Xisamonitor.exeisamonitor.exeAdded by the ZLOB.MEDIA-CODEC TROJAN! This purports to be a Windows Media Player upgrade (with names such as "iCodecPack", "X Password Manager" and "Media-Codec") to allow the user to view adult oriented videos on certain websites - but actually downloads and installs additional malware on the user's machine. Various directories and filenames are used - see the link for detailsNo
XIsassIsass.exeAdded by the FUTRO TROJAN!No
XIsassRenascimentoIssas.exeAdded by the BANKER.GAX TROJAN!No
UISBMgr.exeISBMgr.exeRelated to Sony ISB UtilityNo
Xiscchiscch.exeAdded by the LCPRANK-A WORM!No
Nisdbdcisdbdc.exeFor Compaq PC's. May install properties in dial-up networking when you register with an ISPNo
UisDeleteMeisDel.batUsed by Norton Internet Security to remove certain files and directories on reboot when uninstalling their productNo
NISDN MonitorLinksts.exeTray icon which gets installed when you install the drivers for Asuscom internal ISDN modem cards (or rebadged Asuscom ISDN cards, such as MRi). This icon enables you to monitor or configure your ISDN card. Once you have configured your ISDN card correctly, you will never need to use this iconNo
UISDNwatchIWatch.exeFRITZ!X ISDNWatch - "dialing filter for more security and control on the ISDN PC. The PC is doubly protected against dialer programs and premium-service numbers: ISDNWatch allows the user to block calls to and from both individual numbers and whole number blocks"No
XiSecurity appletrundll32.exe iSecurity.cpl,SecurityMonitorAdded by the DLOADER.UZO TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
Xish-b.exeish-b.exeAdded by the IRCBOT-ACZ TROJAN! No
UISHelphelp.exeISpy is a security risk that logs keystrokes and captures screenshots. If you didn't install this yourself uninstall itNo
UiShieldiShield.exe"GuardWare iShield blocks pornographic images when you surf the Internet on your computer using a web browser"No
Xishost.exeishost.exeAdded by the DLOADR-XJ TROJAN!No
YISLP2STAISLP2STA.EXEA process from Cisco Systems Inc associated with Windows Update for wireless NIC driversNo
XISMModuleISMModule.exeInternet Speed Monitor C adware related - see example hereNo
XISMModule2ISMModule2.exeInternet Speed Monitor C adware related - see example hereNo
XISMModule3ISMModule3.exeInternet Speed Monitor C adwareNo
XISMModule4ISMModule4.exeInternet Speed Monitor A adware relatedNo
XISMModule6ISMModule6.exeInternet Speed Monitor C adware related - see example hereNo
XISMModule7ISMModule7.exeInternet Speed Monitor C adware related - see example hereNo
XISMModule8ISMModule8.exeInternet Speed Monitor C adware relatedNo
XISMPack5ISMPack5.exeInternet Speed Monitor C adware related - see example hereNo
XISMPack6ISMPack6.exeInternet Speed Monitor C adware related - see example hereNo
XISMPack7ISMPack7.exeInternet Speed Monitor C adwareNo
XISMPack8ISMPack8.exeInternet Speed Monitor C adware related - see example hereNo
YISP.COM High Speedslipgui.exeUser interface for Slipstream - internet acceleration through compression/decompression techniques, intelligent cacheing on the server side, and real-time conversion of large/high-bandwidth images to less bulky pix. Used by popular ISPs such as IceNet, Wanadoo, Terra, OnSpeed, United Online and AOL Canada. Required if the user's account is locked in to that proxy serverNo
XISPSERVICEpsycho.exeAdded by the IRCFLOOD-O TROJAN!No
XISPSERVICEwintmp.exeAdded by the IRCBOT.GP BACKDOOR!No
UiSpyNOWispynow.exeiSpyNOW - remote monitoring and surveillance softwareNo
XIsrafelIsrafel.vbsAdded by the GAGGLE.D or GAGGLE.E WORMS!No
NIsReminderISPopup.exeRelated to GuardWare iShield - this is the registration reminder for the trial version, so not required in startupNo
XISSinet.exeMeplex adwareNo
Nisschissch.exeInstallShield is used by a number of software producers to install their programs and manage software updates. This entry runs scheduled searches for and performs any updates to supported installed software so you're always working with the most current version. Manually check for software updates for installed programs on a regular basisYes
Xissearch.exeissearch.exeAdded by the ZLOB-QF TROJAN!No
XissEnc32SvrissEnc32.exeAdded by a variant of the RBOT WORM!No
NISSI EZUpdate Serviceissimsvc.exePart of IBM Global Services - used internally by IBM for automatic updating of software and Microsoft patchingNo
UISStartISStart.exeInstalled with Logitech's QuickSmart, ImageStudio and QuickCam (older versions) webcam software. The exact purpose of this startup entry is unknown at present, with opinions varying from: (i) adding a tray icon when a camera is connected - apparently no longer the case, (ii) repairing a problem with the image gallery and (iii) being required with some versions to take pictures and capture videosYes
YISSVCISSVC.exePart of Norton Internet Security SuiteNo
YISS_Certtoolcerttool.exePart of Client Security Software for IBM\Lenovo notebooks. If you have configured the software via the associated wizard this will need to be running if you want to mount password protected areas of the disk (created with SafeGuard PrivateDisk), use the password manager or file/folder encryption optionsYes
XIST Serviceistsvc.exeISTBar adwareNo
Xist service uninstall[random filename]ISTBar adware relatedNo
Xistinstall zazzer.exeistinstall zazzer.exeUnidentified adware downloader/installerNo
YISTraypctsTray.exeSystem Tray access to both PC Tools Internet Security suite and Spyware Doctor antispyware from PC ToolsYes
NISUSPMISUSPM.exeInstallShield is used by a number of software producers to install their programs and manage software updates. This entry searches for and performs any updates to supported installed software so you're always working with the most current version. Manually check for software updates for installed programs on a regular basisYes
NISUSPM StartupISUSPM.exeInstallShield is used by a number of software producers to install their programs and manage software updates. This entry searches for and performs any updates to supported installed software so you're always working with the most current version. Manually check for software updates for installed programs on a regular basisYes
NISUSSchedulerissch.exeInstallShield is used by a number of software producers to install their programs and manage software updates. This entry runs scheduled searches for and performs any updates to supported installed software so you're always working with the most current version. Manually check for software updates for installed programs on a regular basisYes
UISW.exeISW.exeRelated to Internet Security Wizard from AT&T (formerly BellSouth Premium Internet Security) alerts users about any potential security threats. It should not be uninstalled unless the user wants to completely remove all traces of AT&T Internet Security SuiteNo
Xisxaisxa.exeAdded by the SMALL-EIV TROJAN!No
NiSysCleaneriSysCleaner.exeiSysCleaner - a simple tool that searches for junk files on your computer and allows you to delete them. Simple cleaning maintenance can be done by the userNo
Xisystemisystem.exeAdded by the CHORUS-A TROJAN! Searchforfree browser hijackerNo
XItalUitalfds.exeAdded by a TROJAN - see hereNo
UItkItk.exeIn The Know - surveillance software that creates records of everything people do on a computer, ie, spying or monitoring depending upon how you call itNo
Uitk.exeitk.exeInsert ToggleKey by Mike Lin. ITK sounds a tone whenever you press InsertNo
UiTouchiTouch.exeLoads the iTouch configuration settings for supported Logitech keyboards. It's required if your keyboard has shortcut buttons and you use them or have reconfigured them for different functions. It's also required if your keyboard does not have the num lock, caps lock, and scroll lock lights on it and you use the on-screen display indications for theseYes
NItsDeductiblePopUpItsDeductible.exeItsDeductible from Income Dynamics. Calculates your noncash donations quickly and easily. This startup entry checks a registry entry for the next 'PopUp' date and if it is a past or current date displays a program related tipNo
XITUNESitune.exeAdded by the RBOT-ZU WORM!No
XITUNESitunes.exeAdded by a variant of the RBOT WORM! Note - do not confuse with the legitimate Apple iTunes process with the same filename which is always located in %ProgramFiles%\iTunes. This one is located in %System%No
XItunesdials.exeDetected by Kaspersky as the AGENT.MM TROJAN!No
XItunesitunes.exeAdded by the OSCABOT-L WORM! Note - do not confuse with the legitimate Apple iTunes process with the same filename which is always located in %ProgramFiles%\iTunes. This one is located in %Windir%No
YiTunes HelperiTunesHelper.exeInstalled with Apple's iTunes for Windows. Uses ~3-4MB of memory and if disabled in MSCONFIG or deleted from the registry it will re-instate itself after running iTunes a few times - hence the reluctant Y recommendationNo
XiTunes MusiciTunesHelper32.exeAdded by the SDBOT.CHK WORM!No
XiTunesAgentita.exeAdded by the TACTSLAY.U TROJAN!No
Xitunesffitunesff.exeAdded by the EB adult premium dialerNo
YiTunesHelperiTunesHelper.exeInstalled with Apple's iTunes for Windows. Uses ~3-4MB of memory and if disabled in MSCONFIG or deleted from the registry it will re-instate itself after running iTunes a few times - hence the reluctant Y recommendationNo
Uitypeitype.exeMicrosoft IntelliType Pro utility (from version 5.5) - required to support the multimedia keys, programmed keys and key macros on Microsoft's range of keyboards. If this entry is disabled, any keys or key combinations that are changed by the user to perform functions other than default settings, defer back to their default settings and supported keys will not function in applications with advanced text services enabledYes
NIusagenetdet.exeInternet Usage Monitor - utility to calculate the cost and time on the internet via dial-upNo
Xiut75uzcx.exeAdded by the DLOADER-AXV TROJAN!No
Xiviv.exePart of the Internet Antivirus and Internet Antivirus Pro rogue security software - not recommended, removal instructions hereNo
XivHosttaskManager.exeAdded by a variant of the SPYBOT WORM! See hereNo
XivHost[6 random letters].exeAdded by a variant of the SPYBOT WORM! See examples here and hereNo
NIVPServiceMgrivpsvmgr.exeToshiba IVP Service Manager application which appears as a red satellite dish icon in the System Tray. This is Toshiba's equivalent to the Windows Automatic Update feature as, whenever you are connected to the Internet, it will check for Windows updates and Toshiba updatesNo
Xivy.exeivy.exeAdded by the AGENT-ENZ TROJAN!No
NIW ControlCenteriwctrl.exePinnacle Systems InstantWrite enables you to use your CD-R, CD-RW and DVD-RAM drive just like a hard disk or floppy disk. You can drag and drop files, create new directories right on your CD-R, CD-RW or DVD-RAM. Maybe required if you use this feature on a regular basisNo
Uiwctrliwctrl.exePinnacle Systems InstantWrite enables you to use your CD-R, CD-RW and DVD-RAM drive just like a hard disk or floppy disk. You can drag and drop files, create new directories right on your CD-R, CD-RW or DVD-RAM. Maybe required if you use this feature on a regular basisNo
UIW_Drop_Iconiwctrl.exePinnacle Systems InstantWrite enables you to use your CD-R, CD-RW and DVD-RAM drive just like a hard disk or floppy disk. You can drag and drop files, create new directories right on your CD-R, CD-RW or DVD-RAM. Maybe required if you use this feature on a regular basisNo
Xixploreixplore.exeAdded by the SDBOT-CY TROJAN!No
Xixploresixplores.exeAdded by the SDBOT-CE WORM!No
Xixproxy[path to trojan]Added by the XORPIX-A TROJAN!No
Xixssoixsso.exeAdded by the AGENT.AM TROJAN! Note - example names include "XviD", "Winamp Remote", "Windows Media Player" and "Futuremark"No
Xiyelejivyujixit.exeAdded by the SDBOT.BJK WORM!No
?IZEN/A??No
Nj2 Tray MenuHotTray.exeeFax Messenger Tray Menu system tray icon for eFax Messenger Plus. Available via Start -> Programs. Disabling instructions available hereNo
XJA Cfg Util v2jacfg2.exeAdded by the RBOT-AL WORM!No
XJA Config 32Awesome32.exeAdded by a variant of the SDBOT WORM!No
UJammerjammer.exeJammer by Agnitum - "Jammer is the last word in Internet security. It combines a user-friendly interface with very sophisticated and powerful security measures that protect your Windows system while you are surfing the web"No
XJammer2ndJammer2nd.exeAdded by the NETSKY.Z WORM!No
Xjavaremote.cmdAdded by the BANKER-EHG TROJAN!No
Xjavasystem.exeAdded by a variant of the IRCBOT BACKDOOR!No
XJava (VM) v6.9jav.batAdded by the AGENT-GZK TROJAN!No
XJava appletjavaup.exeAdded by the SDBOT-ACF WORM!No
XJava Applicationvssmf32.exeAdded by the SPIGOT BACKDOOR!No
XJava Auto Updateujm.exeAdded by the SDBOT-ADH WORM!No
XJava developer Script Browsejusched.exeAdded by the VB-ESK TROJAN! Note that this is not the legitimate Sun Microsystems file (of the same name) which is usually located in %Program Files%\Java\version number\bin. This one is located in %Windir%No
XJava Expresssjehost.exeAdded by the SDBOT-DNJ WORM!No
XJava Runtime Environmentjbuild.exeAdded by the DELBOT-J WORM!No
XJava Runtime Valuerunjava.exeAdded by the RBOT-DDJ WORM!No
XJava Runtimesiexplore.exeAdded by the KILLAV.B WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This file is located in a %Windir%\Java\Java folderNo
XJava SofteJava32.comAdded by the RBOT.ECN WORM!No
XJava updatejavaqs.exeAdded by the SWARLEY.A WORM!No
XJava Updatekeeper.exeAdded by the AGENT-DIS TROJAN!No
XJava Updatesvchost.exe.exeAdded by the AGENT-LBS TROJAN!No
XJava Updatehostwww.exe.exeAdded by the AGENT-MFH TROJAN!No
XJava Virtual Machinejavaw.exeAdded by a variant of the RBOT WORM!No
XJava VM v6.9.2jav.batAdded by the DWNLDR-HLM TROJAN!No
XJava VM v6.91jav.batAdded by the DWNLDR-HLL TROJAN!No
NJava(TM) Platform SE 6jusched.exeChecks with Sun's Java updates site to see if newer Java versions are available. Either visit the Java download page or click on Start → Control Panel → Java → Update → Update NowYes
NJava(TM) Platform SE 6 U*jusched.exeChecks with Sun's Java updates site to see if newer Java versions are available. Either visit the Java download page or click on Start → Control Panel → Java → Update → Update Now. U* represents the update version, i.e., 6.0 Update 11Yes
NJava(TM) Platform SE Auto Updater 2 0jusched.exeChecks with Sun's Java updates site to see if newer Java versions are available. Either visit the Java download page or click on Start → Control Panel → Java → Update → Update NowYes
XJava**.exe [* = random char]Java**.exe [* = random char]CoolWebSearch/HomeSearch adware - for examples, see this logNo
XJava**32.exe [* = random char]Java**32.exe [* = random char]CoolWebSearch/HomeSearch adware - for examples, see this logNo
Xjava-pluginjavasctp.exeAdded by the VB.AMX TROJAN!No
XJava32 Configuration Loadermsnmesgr.exeAdded by a variant of the RBOT WORM!No
XJavaCoreJavaCore.exeAdded by the MATCASH TROJAN!No
XJavascriptjscript.exeAdded by the DELBOT-AD WORM!No
XJavaScript Debugging ServiceJsDbgMan.exeAdded by the DERDERO.E WORM!No
XJavaScriptMsxrsMsxrs.exeAdded by the VB.BL WORM!No
XJavaTraytraymgr.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XJavaUpdate0.07[filename]Added by the JUPDATE TROJAN!No
XJavaUpdateSchedjusched32.exeAdded by the BCKDR-CKB BACKDOOR!No
XJavaVMjava.exeAdded by the MYDOOM.M WORM and variants! Note - not to be confused with the valid Windows "java.exe" which is located in %System% as this is located in %Windir%No
Xjavawsa.exejavawsa.exeAdded by the BANK-Y TROJAN!No
Xjawa32jawa32.exeAdded by the AGENT.BG WORM!No
XJawa322jawa32.exeAdded by a variant of the AGENT.BG trojan No
NJBJiffybar.exe"Get Paid As You surf" applicationNo
Xjcidls[random filename]Added by a variant of the SLAPER TROJAN!No
XJDK55WFMZYcdx.exeAdded by the MONDER.RON TROJAN!No
?Jessops Insert DetectInsDetect.exePart of Jessops Picture Suite. Detects a digital camera is plugged into a USB port or when a memory card with photos is inserted?No
NJet DetectionADGJDet.exeAdded with SoundBlaster Live! or Audigy soundcards for headphone autodetectionNo
YJetAdmin Discovery IndicatorHPJETDSC.EXEHP JetAdmin software for HP JetDirect Print Servers. HPJETDSC.EXE is the file necessary for the JetAdmin Discovery Indicator (paper airplane in the taskbar). It gets launched automatically through the registry, and remains active to control the Discovery IndicatorNo
Xjeteyujixit.exeAdded by the SDBOT.BRT WORM!No
XJfwehnrtghgfjrs.exeAdded by the SDBOT-IJ WORM!No
Xjfziemjfziem.exeAdded by the AGENT-NPL WORM!No
Xjiahussvchqs.exeAdded by the WOWPWS-AL TROJAN!No
Xjijblezlwy.batAdded by the REDDW WORM!No
Xjkdfj94kgdftdfwinlogan.exeAdded by the ZLOB.BZ TROJAN!No
UJMB36X ConfigureJMRaidTool.exeJMB36x series RAID configuration utility from JMicron Technology for their PCI Express to SATA II and PATA Host ControllersNo
YJMB36X ConfigureJMRaidSetup.exeJMB36x series RAID configuration utility from JMicron Technology for their PCI Express to SATA II and PATA Host ControllersNo
UJMB36X IDE SetupJMInsIDE.exeJMB36x series IDE (or Parallel ATA) configuration utility from JMicron Technology for their PCI Express to SATA II and PATA Host ControllersNo
UJMB36X IDE SetupxInsIDE.exeJMB36x series IDE (or Parallel ATA) configuration utility from JMicron Technology for their PCI Express to SATA II and PATA Host Controllers. This is normally located in %Windir%\RaidToolNo
Xjmudkve.dllrundll32.exe jmudkve.dll,mzrwkwfAdded by the AGENT-DJD TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "jmudkve.dll" file is found in %System%No
XJnskdfmf9eldfdcsrssc.exeAdded by the AGENT.EBC TROJAN!No
UJob-oversigttaskmon.exeTask Monitor (on Danish language versions of Windows) - checks the disk-access patterns of programs when they are started and stores this information in log files in the Applog folder. Task Monitor also records the number of times you use a program. Task Monitor also records the number of times you use a program. The Disk Defragmenter tool uses this information to optimize your hard disk so that programs that you use frequently are loaded faster. Not required - but can be useful. Note: for Norton Anti-Virus 2002 users, loading TaskMonitor will typically solve many, if not most, of those annoying IE scripting errors (per Symantec's Knowledgebase)No
UJobHisInitJobHisInit.exeUsed by Ricoh network printers to enable network printing from the clientNo
UJog ServeJogServ2.exe"Jog Dial" on a Sony Vaio laptop. The dial can select various functions such as control audio. Needed if you use its featuresNo
UJogServ2JogServ2.exe"Jog Dial" on a Sony Vaio laptop. The dial can select various functions such as control audio. Needed if you use its featuresNo
Xjohkjhsrvd.exeAdded by a variant of the SLAPER TROJAN!No
Xjohn315srrvc.exeAdded by a variant of the MAILBOT-BI TROJAN!No
Xjohnj315srvc.exeAdded by a variant of the MAILBOT-BI TROJAN!No
Xjohnj3155srvcc.exeAdded by a variant of the MAILBOT-BI TROJAN!No
Xjohnj3cdsrvdc.exeAdded by a variant of the SLAPER TROJAN!No
UJomantharazerhid.exeBelkin n52te (powered by Razer) gaming keypad driver - required if you use the additional features and programmed keys/macrosNo
Xjon315[path to trojan]Added by the MAILBOT-BI TROJAN!No
?jotlmillenzje.exe??No
UJOYTECH USB Neo S ControllerJoytechNeoSTrayIcon.exeSystem Tray access to Joytech Neo S PC gamepad controller softwareNo
Xjpgdiag[path to worm]Added by the STRATION-AN WORM!No
Xjpupdjpupd.exeAdded by the DIALER.CM TROJAN!No
XJregJreg2b.exeFlashEnhancer adwareNo
Xjucheckjucheck.exeAdded by the SCRIMGE.O WORM!No
XJufualtwinxp2.exeAdded by the SDBOT-AAB WORM!No
XJufualtsvhost.exeAdded by the SDBOT-ADJ WORM!No
XJufualtjava2.exeAdded by the SDBOT.AOE WORM!No
NJuiceJuice.exeJuice - a free utility that "allows you to select and download audio files from anywhere on the Internet to your desktop". This entry is present if you choose the option to add it to the startup group during installationYes
NJuno_uoltrayexec.exeJuno ISP software - not requiredNo
XJuPojupos.exeAdded by the SDBOT-CAG WORM!No
Njuschedjusched.exeChecks with Sun's Java updates site to see if newer Java versions are available. Either visit the Java download page or click on Start → Control Panel → Java → Update → Update NowYes
Xjusched[path to trojan]Added by the BANKER-BWR TROJAN!No
Xjuschedjusched.exeAdded by the BANKER-BOV TROJAN! Note that this is not the legitimate Sun Microsystems file (of the same name) which is usually located in %Program Files%\Java\version number\bin. This one is located in %System%No
Xjushed32.exejushed32.exeCoolWebSearch parasite variant - also detected as the BIZTEN-L TROJAN!No
Xjusodlsevere.exeAdded by the QQPASS.48436 TROJAN!No
UJussDropUtilityJussDrop.exeRelated to DropShots Inc. A subscription based service for family to connect, converse and share photos and videosNo
NJustVoipJustVoip.exeJustVoip - free internet telephony utility using the VoIP (Voice over Internet Protocol). Call online friends for free and regular phones either for free (limited use) or low rates. One of a number provided by Betamax - the others generally have different rate plans. Similar to the more popular SkypeYes
Xjutsujutsu.exeAdded by the RBOT-LS WORM!No
Ujv16 PT TempFileToolTempTool.exejv16 PowerTools File Cleaner - "allows you to find obsolete and left-over temporary files"No
Ujv16PT - Privacy ProtectorTask.jvbjv16 PowerTools Privacy Protector - "allows you to protect your privacy by automatically clearing out all the unwanted history items and cookies from you computer, every time you start your computer"No
UJv16pt Network Residentjv16pt_network.exejv16 PowerTools network resident program. Only needed if you are using the program's network featuresNo
XJvcHostjvcsvc32.exeAdded by the AGOBOT-AIU WORM!No
Xjvdnlssnfljzsshc.exeFlingstone.com adware - and its Golden Palace Casino programNo
XJVM0JVM0.exeAdded by the BANLOA-AX TROJAN!No
XJVM0.12[random filename]Added by the TEADOOR-A TROJAN!No
XJVM0.14[random filename]Added by the TEADOOR-B TROJAN!No
Xjvms.exejvms.exeAdded by the ORCU.B TROJAN!No
Xjvsoftj3ewro.exeAdded by the ONLINEG.AFU WORM!No
XJW Managerjwmngr.exeAdded by the DELBOT-G WORM!No
Xjxef1104jxef1104.exeAdded by the XIPI-A WORM!No
XJXL Radiojxl.exeAdded by the RBOT-EBE WORM!No
Ujx_KeyRundll32 JXKey.dll,Rundll32MainBoolospy keystroke logger/monitoring program - remove unless you installed it yourself!No
Xjysyqm[random filename]ZenoSearch adware variantNo
?Jzi16jzi16.exe??No
Xjzvfvsqpcjzvfvsqpc.exeAdded by the AGENT-GWP BACKDOOR!No
XK2ps_full.taskK2ps_full.exeAdded by the JUNTADOR.K TROJAN!No
NK6CPU.EXEK6CPU.EXEAuthenticates CPU as K6 in system propertiesNo
XkaaSVCHHS.exeAdded by the AGENT-JKP TROJAN!No
XKadoc[random filename].exeAdded by the STAPREW TROJAN!No
UKADxMainKADxMain.exeSystem Tray access to IntelliSonic Speech Enhancement - by Knowles Acoustics. Designed to render speech from a user selectable direction, while canceling interfering speech from other directions, thus minimizing the effects of environmental noise and eliminating acoustic echo feedback. Found on some Dell and Fujitsu Seimens laptopsNo
Xkakkak.htaAdded by the KAKWORM WORM!No
UKalenderKalender.exeUK's Kalender "helps you organizing your dates and tasks and reminds you of upcoming events"No
UKalibumpKalibump.exeUsed with the now unsupported Kali software for on-line gaming. This is used to automatically bump up the priority of WinProxy to GREATLY improve game speed when using a SOCKS proxyNo
Xkalvsyskalv****.exe [* = random char]EliteBar adwareNo
Xkalvsyskalv***32.exe [* = random char]EliteBar adwareNo
Xkamsoftckvo.exeAdded by the GAMANIA-BW TROJAN!No
NKana ReminderReminder.exeKana Reminder is a program which can be used to set a reminder to be triggered at a specified timeNo
UKaren's Once-A-Day IIPTOAD.exe"Have a job that should be run exactly once each day? Karen's Once-A-Day II is just what you need!" Scheduler that lets you specify progams, web pages and files that be run or opened automatically, the first timeNo
UKASPOESpamTest.exeKaspersky Anti-SpamNo
XKasper AntivirusKASPERANTIVIRUS.EXEAdded by a variant of the SPYBOT WORM!No
YKaspersky Anti-HackerKAVPF.exeKaspersky Anti-Hacker personal firewall - no longer availableNo
YKaspersky Anti-Virus MonitorAvpM.exeKaspersky Anti-Virus Lite - no longer availableNo
XKaspersky AntivirusKasperskyAV.exeAdded by a variant of the RBOT WORM!No
XKaspersky Email Securityjavaupd.exeAdded by the SWARLEY.A WORM!No
Xkaspersky32kasperskyLabs32.exeAdded by the RBOT-GOT WORM!No
XKasperskyAvkaspersky.exeAdded by the MIMAIL.T WORM! Note - this has nothing to do with the real Kaspersky anti-virusNo
XKasperskyAVEngKasperskyaveng.exeAdded by the NETSKY.V WORM!No
XKATKAT.vbsAdded by the SOAD-D WORM!No
UKatMouseKatMouse.exeKatMouse - utility to enhance the functionality of mice with a scroll wheel, offering 'universal' scrolling, etcNo
Ykavavp.exeKaspersky anti-virus and AOL's Active Virus Shield (by Kaspersky) - found in either a Kaspersky or AOL sub-directoryNo
Xkavakavo.exeAdded by the LINEAG-GLG TROJAN!No
XKAVFOXwin1ogoin.exeAdded by the GWGHOST-M TROJAN!No
Xkavirkavir.exeAdded by a variant of the Storm/Nuwar/Zhelatin WORM! See here for an exampleNo
XKAVPersonalsvchost.exeAdded by the LINEAGE-V TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
YKAVPersonal50Kav.exeKaspersky Anti-Virus Personal 5.0No
XKAVPersonal90wscntfy.exeAdded by the BANKER-FZ TROJAN!No
YKavPFWKavPFW.exeKingSoft Personal FirewallNo
XKavRunsWindll.exeAdded by the TRYNOMA TROJAN!No
Xkavssvchost.exeAdded by the AGENT-GLC TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
YKavStartKAVStart.exeKingSoft Personal FirewallNo
Ykavsvckavsvc.exeKaspersky antivirusNo
XKavSvc******.exe reg_run [* = random char]Added by the QOOLOGIC TROJAN!No
Xkavsvc[random 6 char filename]Added by the QOOLOGIC TROJAN! Uses random file names (examples: nzkklz.exe, rzazzi.exe, ivpaan.exe)No
XKAVutil[worm filename]Added by the WINTOO.B WORM!No
NKAZAAkazaa.exeKAZAA is a file-sharing program which unfortunately being ad-based includes "Cy-door" adware. Check here for information about "Cy-door" and here for a program that can remove itNo
NKAZAA[path] kpp.exe [path] kazaalite.kppSystem Tray access to later versions of the Kazaa Lite P2P file sharing utility - namely the K++ and Resurrection variants. Kazaa Lite is the unauthorized modification of the original Kazaa Media Desktop - with the malware removedNo
XKazaa Download Accelerator Updater (required)regsvr32 kdp****.dll [* = random char]SafeguardProtect/Veevo hijacker. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The random DLL file is found in %System%No
XKazaa lptt01kazaa.exeRapidBlaster variant (in a "kazaa" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here. Note - this is not the valid KaZaA file sharing program which has the same executable nameNo
XKazaa ml097ekazaa.exeRapidBlaster variant (in a "kazaa" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here. Note - this is not the valid KaZaA file sharing program which has the same executable nameNo
XKAZAACuf9Added by the KITRO.D (or ARGEN.A) WORM! No
Nkazaalitekazaalite.exeKazaalite is a file sharing client - not to be confused with the original Kazaa program. Unlike the original, this one does not contain any advertising or tracking mechanismsNo
NKaZooMKaZooM.ExeKaZoom from Blue Haven Media - "add-on application that automatically speeds up the download process and finds the files you want with far more power than regular KaZaA searches"No
XkbAUTO.txtAdded by the BRONTOK-CV WORM!No
YKB891711KB891711.exeInstalled by the Windows KB891711 critical update, see this security bulletin - this file reportedly needs to continue running in order to patch the vulnerability, at least until a more practical solution is found. There have however been reports of fatal exception errors in systems running Windows 98, and in such a case Microsoft advises to either uninstall the patch (Add/Remove Programs) or prevent it from running at startupNo
YKB918547KB918547.EXEBug-fix for a Microsoft graphics rendering engine vulnerability - see here. Windows 98/Me onlyNo
YKB926239rundll32.exe apphelp.dll, ShimFlushCacheMicrosoft KB926239 fix. Windows Media Player 10 may close unexpectedly on a Windows XP-based computerNo
UKBDKBD.EXEMultimedia keyboard manager. Required if you use the multimedia keysNo
UKBDKbdStub.EXEKey Watcher from HP - watches for Multimedia Keys on HP keyboardsNo
UKBD MediaCenterMEDIACTR.EXEMultimedia keyboard manager. Required if you use the multimedia keysNo
Xkbddrv32kbddrv32.exeAdded by the CRYPTER.A TROJAN!No
Xkbddrvinfkbddrvinf.exeAdded by the CRYPTER.A TROJAN!No
NKCeasyKCeasy.exeKCeasy - a Windows peer-to-peer filesharing application which uses giFT as its 'back end' foundation. The networks currently supported are OpenFT and GnutellaNo
UKClientkstatus.exeKClient Kerberos client software for Win32 systems. It provides the libraries and utilities needed to use Kerberos-based PC applications developed by Computing Services such as KWeb and NiftyTelnetNo
XKcrnerKcrner.exeAdded by the LINEAG-AIL TROJAN!No
Xkdmsx[8 random letters].exeAdded by the SDBOT.AIJ BACKDOOR!No
NkdxKHost.exeVerisign Kontiki Delivery Management System - Windows-based client software that enables secure delivery of content to users' desktopsNo
UKE9801DriBat32.exeKE9801 multimedia keyboard driver - required if you use the multimedia keysNo
XKeenvalueKeenvalue.exeKeenVal adwareNo
XKeepCopKeepCop.exeKeepCop rogue security software - not recommended, removal instructions here. A member of the AntiAID familyNo
XKeepCop.exeKeepCop.exeKeepCop rogue security software - not recommended, removal instructions here. A member of the AntiAID familyNo
Xkeiopkeiop.exeAdded by the VB-ERU TROJAN!No
Xkellliser.exeAdded by the AGENT.AUTP TROJAN!No
UKEMailKbKEMailKb.EXEControls the buttons at the top of the Micro Innovations 650i Internet Access Keyboard. If you disable it you cannot use the buttons - like volume control or shut downNo
?Kemetkemet.exe??No
UKeNotifyKeNotify.exeToshiba utility found on their laptops. This program is responsible for the Toshiba LapTop Help 'FlashCards' utility that sits at the top of the screen giving easy access to the 'F keys' alternative functions such as Lock,Power Mode,Sleep etcNo
XkERekERe.exeAdded by the BRONTOK-BT WORM!No
UKerio VPN Clientkvpnclient.exeKerio VPN ClientNo
Xkern64dll[random filename]Added by the TARNO.J TROJAN!No
XKernal Fault Checkntosrkl.exeAdded by a variant of the SDBOT WORM!No
Xkernctl32rundll32 kctl32.dll, initializeAdded by the AGENT.AT TROJAN!No
XKerne0223Kerne0223.exeAdded by the LEGMIR-ZA TROJAN!No
XKernelbboy.exeAdded by the MUMU.B WORM!No
XKernelservices.exeAdded by the FOOZ-A TROJAN! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
Xkernelkernel.exeAdded by the MATCASH.CF TROJAN!No
XKernelUpdate.exeAdded by the DELF-FN TROJAN!No
XKERNEL 32SKERNEL32.comAdded by the SEMAPI-A WORMNo
UKernel and Hardware Abstraction LayerKHALMNPR.EXEPart of Logitech's SetPoint control software for their range of wired and wireless keyboards and pointing devices (mice, trackballs, etc). When using SetPoint to adjust the mouse sensitivity it is maintained separately from the Windows setting, but is combined with the Windows setting to determine the final sensitivity. For this reason, this entry sets the Windows setting to 0 so it doesn't affect the one you set in SetPoint and then unloads. A separate instance of KHALMNPR.EXE loads via the main Setpoint.exe program to control communication between your radio/bluetooth wireless mouse/keyboard and SetPointYes
XKernel Faultsftphost.exeAdded by the RBOT.BHU WORM!No
XKernel Loaderntkrnl.exeAdded by the CERVIVEC.A WORM!No
XKernel Managerkrnlmgr.exeAdded by the JUNY.A TROJAN!No
XKernel Safe Modesmss.exeAdded by the 78CRACK-A TROJAN! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
XKernel Servicesservice32.exeAdded by the PRX-B TROJAN!No
Xkernel system daemonACTIVAT0R.exeAdded by the RANDEX.AW WORM!No
Xkernel12.exekernel12.exeAdded by an unidentified WORM or TROJAN!No
Xkernel32kern32.exeAdded by the BADTRANS.A WORM!No
XKernel32Kernel32.exeAdded by a number of VIRUSES, WORMS and TROJANS!No
Xkernel32kernel.dliAdded by the NETDEVIL.B TROJAN!No
XKernel32Kernel.dllAdded by the REDLOF.M VIRUS!No
Xkernel32kernel32.dlIAdded by the NETDEVIL.15 TROJAN!No
XKernel32krnl32.exeAdded by the EPON WORM!No
XKernel32Kernel32.winAdded by the GAGGLE.D or GAGGLE.E WORMS!No
XKernel32kernel32s.exeAdded by the BCKDR-CIC BACKDOOR!No
Xkernel32kernel32.dll.vbsAdded by the WEKODE-A WORM!No
XKernel32svchosts.exeAdded by an unidentified WORM or TROJAN!No
XKernel32svchost.exeAdded by an unidentified WORM or TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %System%\driversNo
Xkernel32dllguardpc.exeAdded by the FORBOT-CU WORM!No
Xkernel32sys.dllIEXPLORER.exeAdded by the RBOT-MK WORM!No
XKernel32_sysdampersysdamp.exeAdded by an unidentified WORM or TROJAN! See hereNo
Xkernel44.dlltaskkill /f /fi "PID ge 0" /im *Added by the VBS.LIDO WORM!No
XKernelChecksys****.exe [* = digit]Added by an unidentified TROJAN!No
XKernelCheckwinser.exeAdded by the TSPY_LMIR.SL TROJAN!No
XKernelConfigdestiny32.exeAdded by the AGOBOT.AMB WORM!No
Nkernelfaultcheckdumprep 0 -kUsed in connection with memory dumps - you can disable these by - right clicking on My Computer, selecting Properties and then the Advanced tab. Click on the Settings button in 'Startup and Recovery'. In the bottom pane - under 'Write debugging information' - click on the down arrow and then select 'None' - OK your way outNo
Nkernelfaultcheckdumprep 0 -uUsed in connection with memory dumps - you can disable these by - right clicking on My Computer, selecting Properties and then the Advanced tab. Click on the Settings button in 'Startup and Recovery'. In the bottom pane - under 'Write debugging information' - click on the down arrow and then select 'None' - OK your way outNo
XKernelFaultCheckptool32.exeAdded by the LEGMIR-BN TROJAN!No
XKernelFaultCheckmsime.exeAdded by the TINY-P TROJAN!No
XKernelFaultChecktell32.exeAdded by the LEGMIR-BF TROJAN!No
XKernelFaultCheckwinabc3.exeAdded by the NUBYS-A VIRUS!No
XKernelFaultCheckwinbin.exeAdded by the DLOADR-AAX TROJAN!No
XKernelFaultChksms.exeAdded by the DEADHAT WORM! Do not confuse with the valid "kernelfaultcheck" which runs "dumprep 0 -k" or "dumprep 0 -u"No
XKernellsystems.exeAdded by the TARNO.C TROJAN!No
XKernell32Kernell.dllAdded by the DESTINY.A TROJAN!No
XKernellAppscsrss.exeAdded by the BANCBAN-AC TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "System" subfolderNo
XKernellAppslexplore.exeAdded by the BANCBAN-BS TROJAN! Note - the executable is spelt with a lower case "L" rather than an lower or upper case "i" which is the case with Internet ExplorerNo
XKernellAppssvshosti.exeAdded by the BANCBAN-V TROJAN!No
XKernellApps32smss.exeAdded by the BANCBAN-AN TROJAN! Note - this is not the legitimate smss.exe process which should not normally figure in Msconfig/Startup!No
XKernelRuntime[path to worm]Added by the MYTOB-JO WORM! No
XKernelwKernelw32.exeAdded by the INDOR.E WORM!No
XKernel_checkwmiprvse.exeAdded by the SONEBOT-B WORM! Note - this is not the legitimate wmiprvse.exe process which is always located in the %System%\wbem folder and should not normally figure in Msconfig/Startup!No
Xkeysysxp.exeAdded by the BEAGLE.AB WORM!No
Xkeysys_xp.exeAdded by the BEAGLE.AC WORM!No
Xkeywinxp.exeAdded by the BEAGLE.AG WORM!No
XKey Loggercsrss.exeAdded by the BUCHON.A WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in the root folder (ie, C:\)No
NKey TextKeyText.exeKey Text 2000 from MJMSoft Design - utility to automate repetitive keyboard tasks. Available via Start -> ProgramsNo
XKey1Rlid.exeAdded by the LIXY TROJAN!No
?Key2serve.exe??No
Xkey2winlog.exeAdded by the BAGLEDI-AL TROJAN!No
YKeyAccesskeyacc32.exeKeyServer KeyAccess client software - "when the KeyServer program is launched, the KeyServer process becomes active so license requests from client computers can be serviced. Without KeyAccess, a keyed program cannot run, so license control is very secure"No
XKeybdcntlkeybdcntl.exeAdded by a variant of the CRYPTER.C TROJAN!No
?KeybdUtilityHotKey.exeLocated in a LG Software\LG OSD directory. Related to function keys on and LG Electronics system?No
UKeyBoardKeyboard.exeLabtec keyboard utility No
Xkeyboardkeyboard*.exe [* = number]Detected by Kaspersky as the VB.ZG TROJAN!No
Xkeyboardkybrdef_7.exeDollarRevenue adwareNo
Xkeyboard[path to trojan]Added by the DLOADR-AOZ TROJAN!No
XKeyboardlsass.exeAdded by the AGENT.US WORM! Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %CommonAppData%\FearghusNo
NKeyboard CustomizerTpKmapAp.exePart of the Keyboard Customizer Utility for IBM/Lenovo Thinkpad notebooks. This is the main user interface for the utility but it doesn't normally seem to be running if enabled at startup. Also, it doesn't appear to need to be running for custom key combinations to work (via TpKmapMn.exe)Yes
UKeyboard ManagerMMKeybd.exeMultimedia keyboard manager. Required if you use the additional keysNo
YKeyboard Preload CheckPreload.exeMillenium Multi-Function Keyboard driverNo
?Keyboard StatusKeyStat.exeMultimedia keyboard manager for Medion desktop and notebook PCs? Located in %ProgramFiles%\Medion\KeyStatNo
Xkeyboard_enumkeyboard_enum.exeAdded by the BDOOR-GP BACKDOOR!No
Ukeyhookkeyhook.exeHotkey manager for Silicon Integrated Systems (SiS) based graphics chipsets - disable unless you use hotkeysYes
UKeyMaestrokmaestro.exeMultimedia keyboard manager. Required if you use the multimedia keysNo
Ukeymapkeymap.exeSystem Tray utility and background task used by games produced by Kesmai (published by Interactive Magic) and which enables you to program keys to do specific actions during the gameNo
Xkeymgrldrrundll32 setupapi, InstallHinfSection... keymgr3.infCoolWebSearch Oemsyspnp parasite variantNo
UKeyPatrolKeyPatrol.exeKeyPatrol - key logger detector using both behavioral and pattern-matching algorithms that used to be part of PestPatrol before CA's aquisitionNo
Ukeyplusplusstartk.exeKey++ Invisible Spy Keylogger keystroke logger/monitoring program - remove unless you installed it yourself!No
Xkeyservkeyserv.exeKeyThief spywareNo
UKeyspan Digital Media RemoteKDMRdmn.exeRemote control driver for Keyspan Digital Media Remote devicesNo
Ukeystrokekeystroke.exeQuickLaunch surveillance software. Uninstall this software unless you put it there yourselfNo
UKeyWalletKWallet.exe"KeyWallet is a useful and convenient desktop utility that spares you the trouble of filling in your logins, passwords and other personal data manually"No
XKf3pn4myclient.exeAdded by the VBINJ-S TROJAN!No
Xkfienqmasbl.batAdded by the KIFER TROJAN!No
Xkgjdi27kgjdie27.exeAdded by the SDBOT.AP BACKDOOR!No
XKgjgrnnypbw.exeAdded by the QuickLinks/Forethought adwareNo
UKHALMNPRKHALMNPR.EXEPart of Logitech's SetPoint control software for their range of wired and wireless keyboards and pointing devices (mice, trackballs, etc). When using SetPoint to adjust the mouse sensitivity it is maintained separately from the Windows setting, but is combined with the Windows setting to determine the final sensitivity. For this reason, this entry sets the Windows setting to 0 so it doesn't affect the one you set in SetPoint and then unloads. A separate instance of KHALMNPR.EXE loads via the main Setpoint.exe program to control communication between your radio/bluetooth wireless mouse/keyboard and SetPointYes
XKHATARNAK LoaderKHATARNAK.exeAdded by the AUTORUN.ACO WORM!No
Nkhookerkhooker.exeSiS Keyboard Daemon. System Tray utility which gets installed by the drivers of the latter day SiS VGA cards. Can cause errors at startup and isn't requiredNo
XKiamat Sudah Dekat_16_04ISASS.exeAdded by the PAHATIA.B WORM!No
UKICKMON.EXEKICKMON.EXEKeepItClean - utility that deletes safe to remove files, cookies, browsing history, etc. This is the scheduler - if you don't schedule clean-ups it isn't requiredNo
UKill PopupKillPopup.exeKillPopup - pop-up stopperNo
XKillAndCleanKillAndClean.exeKillAndClean rogue spyware remover - not recommended, removal instructions hereNo
Xkimochiz.exekimochiz.exeAdded by the MDROP-BB TROJAN!No
NKinberlinkKinberlink.exeKinberlink network messaging. Available via Start -> ProgramsNo
XKinofilmoff.NetReklamer.exeAdded by the AGENT-NGX TROJAN!No
Xkisspingy.exeAdded by a variant of the IRCBOT BACKDOOR! The file is located in a random subfolder of %ProgramFiles%No
XKIT3hpprintqueue.exeAdded by the ADCLICK-DS TROJAN!No
UKK Loaderloadkk.exeKeyKey XP Professional from KeyKey.com. "Monitor Instant Messages, Chats, Emails, Web Site URLs, Passwords, Computer Programs, Start Up and Shut Down time and much more completely undetected to the user."No
XKKM Servicekkm.exeAdded by the NANPY-I WORM!No
XKL AntiFunLoveflcss.exeAdded by the FUNLOVE.4099 VIRUS!No
UKLogKeyspy.exeKeyLoggPro.B keystroke logger/monitoring program - remove unless you installed it yourself! No
Xklop[path to file]Added by the AGENT-WQ TROJAN!No
Xklop[random].tmpFound with Trojan.Win32.StartPage.aw. Possibly a variant of the AGENT-WQ TROJAN! No
Uklprun32dll.exePAL PC Spy - key recorder and screen capture utility which controls and monitors everything that happens on your pc and onlineNo
Uklpexplorer.exeComSurveilSys keystroke logger/monitoring program - remove unless you installed it yourself!No
UKM9801UMMHotKey.exeMultimedia key handling for the relevant type of Turbo-Media keyboard. Shortcut available. Note that with this running it can crash DirectX8/9 under WinXP when a game switches to full-screenNo
Ukmw_run.exekmw_run.exeKensington MouseWorks - mouse/trackball software. Not required unles you use any special featuresNo
Ukmw_show.exekmw_show.exeKensington MouseWorks - mouse/trackball software. Not required unles you use any special featuresNo
XKnowledgeBase GUIwppewafaj.exeAdded by the RBOT-GRZ WORM!No
UKN_PanelAppPanelApp.exeKnowledgePanel online survey softwareNo
NKodak Batch Transferpezdow1.exePart of "Kodak Picture Easy" software for digital cameras. Includes the display of an icon in the System Tray to quickly transfer photos to a PCNo
UKodak EasyShare softwareEasyShare.exeSoftware bundled with Kodak digital cameras to manage the connection between the PC and the Camera. Can be started manuallyNo
NKodak Picture Easy *.* Batch TransferPezDownload.exePart of "Kodak Picture Easy" software for digital cameras. Includes the display of an icon in the System Tray to quickly transfer photos to a PC. *.* represents the versionNo
NKodak Picture Transfer Softwarepts.exeLooks for Kodak camera connection and media insertion. Available via Start -> ProgramsNo
NKodak Software Updaterbackweb*****.exeSoftware updater for Kodak Easyshare digital camerasNo
NKODAK Software UpdaterKodak Software Updater.exeSoftware updater for Kodak Easyshare digital camerasNo
YKodakCCSKodakCCS.exeKodak DC File System DriverNo
UKomunikatortlen.exeTlen - a Polish language instant messaging clientNo
UKONICA MINOLTA magicolor 2400W STDMSTMON_S.EXEKonica Minolta Magicolor 2400W colour printer monitorNo
NKonni Symbol AutostartKonniSymbol.exeGives configuration access to RagTime Solo professional business publishing software. RagTime Solo is the private user version of RagTime 5No
Nkontikikontiki.exeKontiki Delivery Manager - Windows-based client software that enables secure delivery of content to users' desktopsNo
YKPDrv4XPKPDrv4XP.exeMediaKey USB Keypad DriverNo
YKPFW32.EXEKPFW32.EXEKingSoft Personal FirewallNo
YKPFWSvc.EXEKPFWSvc.EXEKingSoft Personal FirewallNo
XKr0n1CKr0n1C.exeAdded by the BRONTOK-BO WORM!No
Xkragkrag.exeAdded by the AGENT-FOW WORM!No
UKraidmanKraidman.exe"Toshiba RAID Support is a Toshiba EasyGuard feature that uses RAID Level 1 technology to minimise downtime by protecting against data loss and ensuring quick data recovery" - for Toshiba laptopsNo
UKraitrazerhid.exeRazer Krait gaming mouse driver - required if you use the additional features and programmed keys/macrosNo
UKREC32krec32.exeStarrCommander Pro Keystroke logging softwareNo
XKRNLKernl32.exeAdded by the ZOMBY.B TROJAN!No
XKrnlcheckcsrss.exeAdded by the BOTNACHALA TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
UKrnlmodKrnlmod.exeKeystroke logger/monitoring program - remove unless you installed it yourself! No
UKryptel Component StartKicker.exeKryptel encryption softwareNo
Xksrlnhmzxatgso.exeAdded by the DLOADER-LI TROJAN!No
XKsrv32Ksrv32.exeAdded by the AGOBOT-PI WORM!No
XKTAX Auto Loaderktax.exeAdded by the SDBOT-MZ WORM!No
Uktchnsnkktchnsnk.exeHP program found with the Office Jet 500/600/700 series which initializes the Office Jet manager each time the computer is booted up or rebootedNo
YKTPWarektp.exeRelated to KTP Ware TSR Enhancements from ELANTECHNo
XKV2005word.EXEAdded by the VB-IW TROJAN!No
Xkv3000lover.vbeAdded by the ZSYANG.B WORM!No
Xkvasoftkva8wr.exeAdded by the ONLINEG.ICC WORM!No
Xkvern16.dllregsvr32.exe kvern16.dllDailyWinner adware. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The "kvern16.dll" file is found in %System%No
Xkviurskav.exeAdded by the SILLYFDC.BBJ WORM!No
XKvmSecure.exeKvmSecure.exeKvmSecure rogue security software - not recommended, removal instructions hereNo
XKvsc3Kvsc3.exeAdded by the PWS-ANM TROJAN!No
XKV_HOSTcxjx.exeAdded by the LEGMIR-BB TROJAN!No
Xkw3eef76rundll32.exe kw3eef76.dll,EnableRunDLL32LZIO.com adware downloader. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "kw3eef76.dll" file is found in %System%No
NkX Mixerkxmixer.exeProvides Mixer and Control functionality to KxProject Audio driver for EMU10k based soundcardsNo
UKX509kx509_kfwk5.exeKerberos Secure Authentication for WindowsNo
Xkxvakxvo.exeAdded by the AUTORUN-DY WORM!No
?KYE_Showiconshwicon.exeCard reader for memory cards from digital cameras. Is it required? No
XKYK Control SettingsKYSVCXD.EXEAdded by a variant of the RBOT WORM!No
XKYM Control Settingsphqghum.exeAdded by the RBOT.BQD WORM!No
XL0adersfaxneti.exeAdded by a variant of the SDBOT TROJAN!No
Xl44sys**freecellAdded by the VBS.LIDO WORM - where ** is a number between 1 and 12No
Xl44sys**iexploreAdded by the VBS.LIDO WORM - where ** is a number between 65 and 76No
Xl44sys**winmineAdded by the VBS.LIDO WORM - where ** is a number between 33 and 44No
XL4r1$$aL4r1$$a.pifAdded by the ASSIRAL-C WORM!No
ULachesisrazerhid.exeRazer Lachesis gaming mouse driver - required if you use the additional features and programmed keys/macrosNo
ULaCie BackupLaCieBackup.exeLaCie '1-Click' backup software for their range of mobile hard drivesNo
Ulaimaimlite.exe"AIM Lite is a reference application for testing some new client technology developed here at AOL®, with the goal of being a simple, fun, light IM client"No
XlaltinL90112201.Stub.exeDelfin Media Viewer adware relatedNo
Xlameshit[path to trojan]Added by the LOWZONE-H TROJAN!No
XLANdhcp.exeAdded by the RBOT-GYI WORM!No
XLanLan.exeAdded by the DELF-IT TROJAN!No
XLAN Driverlandriver32.exeAdded by the RBOT.BT WORM!No
Xlanbruplanbrup.exeSafeSurfing adwareNo
NLancement rapide d'Adobe Readerreader_sl.exeSpeeds up the time it takes to load the Adobe Reader PDF document reader. "The Speed Launcher quickly opens and closes all of the files that Acrobat or Adobe Reader will use when the application starts. Opening and closing the files allows your virus protection software to check these programs and add them to its list of safe files" - see here. Not required for Adobe Reader to function properly. French versionNo
ULANDeskInventoryClientLDIScn32.exeLANDesk® Management Suite software componentNo
NLanguageLanguage.exePart of CyberLink's PowerDVD Blu-ray and DVD player. Detects the Windows language version at startup and changes some of the language settings in PowerDVD accordingly. Although it unloads after running, unless the PC has multi-national users then leave it disabledYes
NLanguage ApplicationLanguage.exePart of CyberLink's PowerDVD Blu-ray and DVD player. Detects the Windows language version at startup and changes some of the language settings in PowerDVD accordingly. Although it unloads after running, unless the PC has multi-national users then leave it disabledYes
ULanguageMonitorOplmsb01.exeOKI Printer language support monitorNo
NLanguageShortcutLanguage.exePart of CyberLink's PowerDVD Blu-ray and DVD player prior to version 8. Detects the Windows language version at startup and changes some of the language settings in PowerDVD accordingly. Although it unloads after running, unless the PC has multi-national users then leave it disabledYes
XLanGuardlanguard.exeAdware downloader - also detected as the SECONDT-C TROJAN!No
XLanGuard[path to trojan]Added by the DLOADER-VO TROJAN!No
Xlanmanwrk.exelanmanwrk.exeAdded by the AGENT.AIA TROJAN!No
ULANMessage ProLANMES~1.exeLANMessage Pro - "a powerful tool for communicating with other people on your office/home network"No
ULanSpeed2LanSpeed2.exeMonitors any traffic that is using a LAN adapter (Ethernet or Token ring network card)No
?LantronixRedirectorred32.exeRelated to either the Secure Com Port Redirector or Com Port Redirector from Latronix. What does it do and is it required?No
?LanzarL2007[path] setup.exe??No
ULaoKeyLaoKey.exeLao Script for Windows (LSWin) is an extension to the Windows operating system to allow Lao language to be used with many different Windows-based applicationsNo
ULaplink PDASync 3.0 - LtNts4NtsAgnt.exeLaplink PDASync for (IBM) Lotus Notes 4 - PDA synchronisation utilityNo
ULaplink PDASync 3.1 - PocketPCAUTODE~1.EXELaplink PDASync for Windows Mobile Pocket PC - PDA synchronisation utilityNo
ULaplink PDASync 3.1 - ScheduleSyncScheduleSync.exeLaplink PDASync for ScheduleSync - PDA synchronisation utilityNo
ULapLink schedulerLlsched.exeUtility that automatically performs file transfers as unattended background operationsNo
XLaptop AccessSage.exeAdded by the SDBOT-NB WORM!No
XLarLlass.exeAdded by the INOR-A TROJAN!No
Xlar[trojan filename]Added by the ROXY.C TROJAN!No
XLARISSA ANTI VIRUSLARISSA_ANTI_VIRUS.exeAdded by the KLASSIR TROJAN!No
?Lasbewat.exe??No
XLaserJetspoolvs.exeAdded by the DLOADER.PFR TROJAN! This is not the file of the same name from older versions of MS Office - see the link for the locationNo
XLasErmaErmasys32.exeAdded by the LERMA-A WORM!No
XLAsIAf32RePEAtLD.exeAdded by the REPEATLD WORM!No
Xlasselasse.exeAdded by the NTOS TROJAN!No
YLASTinstN/AFor Gilat Communications internet satellite systems. Gilat rescue (Satellite system restore). Required if you have this system. Can cause a BSOD (blue screen of death) if left outNo
?Laterlater.exe??No
ULaunAppLaunApp.exePart of Acer Launch Manager - programmable keys on such laptops as the TravelMate 610No
?Launcglauncg.exe??No
ULaunch Ai BoosterOverClk.exeIncluded with some ASUS motherboards (such as the Maximus Extreme & Striker II Extreme), "AI Booster allows you to overclock the CPU speed in Windows without the hassle of booting the BIOS." Part of AI SuiteNo
NLaunch ApplicationLaunchApplication.exeSystem Tray access to Nokia PC Suite - which "is a free PC software product that allows you to connect your Nokia device to a PC and access mobile content as if the device and the PC were one." This allows you (amongst other options) to backup your devices contents to your PC, use it to connect to the internet, transfer files and synchronize contacts, etc. Available from the start menuYes
NLaunch Context 5.0Launch.exeContext - electronic dictionaryNo
ULaunch K9K9.exeK9 by Robert Keir - "an email filtering application that works in conjunction with your regular POP3 email program and automatically classifies incoming emails as spam (junk email) or non-spam without the need for maintaining dozens of rules or constant updates to be downloaded. It uses intelligent statistical analysis that can result in extremely high accuracy over time"No
YLaunch LCDMonLCDMon.exePart of the GamePanel Software for the Logitech G-Series of gaming keyboards. This the LCD control panel driver on models where it's included such as the G15 and G19No
ULaunch LGDCoreLGDCore.exePart of the GamePanel Software for the Logitech G-Series of gaming keyboards. This is the keyboard driver and if it's disabled you will lose access to special features and programmed keysNo
?Launch LgDeviceAgentLgDevAgt.exePart of the GamePanel Software for the Logitech G-Series of gaming keyboards. What does it do and is it required?No
ULaunch ManagerQtZgAcer.EXEAcer Launch Manager - on Acer laptops it supports the dedicated multimedia buttons and allows users to configure their function. If the optional WLAN module and Bluetooth radio are installed the associated buttons can set their operating stateYes
XLaunch Norton AntiVirus 2000jorgf.exeAdded by the RBOT-AUI WORM!No
ULaunch PC Probe IIProbe2.exeIncluded with some ASUS motherboards (such as the Maximus Extreme & Striker II Extreme), PC Probe II monitors, detects and alerts you if there are any problems with fan rotation, CPU temperature, system volatages and othersNo
NLaunch YahooPOPs! at Windows startupYAHOOPOPS.EXEYahooPOPs - enables free POP3/SMTP access to Yahoo! Mail through a service on localhost that emulates the web interface. Available via Start -> ProgramsNo
ULaunchApLaunchAp.exeProgrammable keys on Acer, Fujitsu and other laptopsNo
YLaunchAppAlaunchPart of Acer eRecovery - "a powerful utility that does away with the need for recovery disks provided by the manufacturer, and also acts as a versatile standalone backup and recovery manager". This entry isn't normally running but once eRecovery starts it's used to re-install the software included with the systemYes
NLaunchApplicationLaunchApplication.exeSystem Tray access to Nokia PC Suite - which "is a free PC software product that allows you to connect your Nokia device to a PC and access mobile content as if the device and the PC were one." This allows you (amongst other options) to backup your devices contents to your PC, use it to connect to the internet, transfer files and synchronize contacts, etc. Available from the start menuYes
ULaunchboardlnchbrd.exe"LaunchBoard software from Darwin turns your keyboard into a remote control for the Internet and your computer! With LaunchBoard 2.0, you can customize up to 38 keys on your PC keyboard to instantly launch Web Sites, start applications, perform custom macros, handle Windows shortcuts, store passwords, and perform loads of other customizable functions"No
XLauncherlauncher.exeSpyware component related to DownloadWare and found in %ProgramFiles%\KFHNo
NLauncherrelaunch.exeAudio Applications Launcher for the Philips Rythmic Edge soundcard (the Philips Rhythmic Edge is the same as the Thunderbird PCI soundcard - see TBtray). Available via Start -> ProgramsNo
ULauncherlauncher.exePC Angel recovery program from SoftThinks. Located in %Windir%\SMINSTNo
ULauncherLauncher.exeSpeedUpMyPC 2009 from Uniblue - which "lets you monitor and control all your PC resources with easy, one click instructions. System settings, internet usage, disk clutter, RAM and CPU are all automatically scanned, cleaned and optimized for peak performance." Located in %ProgramFiles%\Uniblue\SpeedUpMyPCYes
?LaunchListLaunchList2.exePart of Pinnacle Studio video editing suite. What does it do and is it required?No
ULaunchU3LaunchU3.exeU3 LaunchPad system software for U3 smart flash drives. Provides password protected access to applications and personal settings installed and saved on a U3 enabled drive - allowing the user to effectively treat any Windows Vista/XP/2000 PC as though it's their own PCNo
XLavasoft Ad-AwareAd-Aware.exeAdded by the RBOT-SO WORM! Note - this is not the popular Ad-Aware spware/adware removal tool and is located in %System%No
ULavasoft AdwatchAd-watch.exePart of Lavasoft Ad-aware Plus - realtime spyware-monitor watching your memory and registry for spyware that tries to install or change your systemNo
XLayersecurity ServicemonitorLSSMON.EXEAdded by the BANKER.ZAQ TROJAN!No
Xlayersldmhostplsrvc.exeAdded by a variant of the SDBOT WORM!No
XLazKernn.exeAdded by the BANCOS-LN WORM!No
XLBTWiz.exeLBTWiz.exeAdded by the SDBOT-DHY WORM! Note - this is not the legitimate Logitech file which is normally located in %Program Files%\Logitech\SetPoint or %Program Files%\SetPoint. This one is located in %Windir%No
XLcassLcass.exeAdded by the SILLYFDC-W WORM!No
ULCD SmartieLCDSmartie.exe"LCD Smartie is software for Windows that you can use to show lots of different types of information on your LCD/VFD." Typically used by the PC modding community to display statistics such as CPU temp, fan/cooler speed, etc on an LCD displayNo
ULCDCLCDC.exeLCDC is an application that displays various information on your LCD or VFD screen. The number of things that LCDC can do is expandable by PluginsNo
YLCDMonLCDMon.exePart of the GamePanel Software for the Logitech G-Series of gaming keyboards. This the LCD control panel driver on models where it's included such as the G15 and G19No
YLCDPlayerLCDPlyer.exeRelated to SuperAdBlockerNo
Nlcfeplcfep.exeTivoli 'TME' System Tray icon - "'lcfep' is the program that displays statistics about the Endpoint. Apparently stopping/removing this process has no impact on the Endpoint itself which will continue to function normally"No
?LCIDConfiglcidchng.exe??No
ULClocklclock.exeLClock is a program that makes the Windows' clock look like a Windows Longhorn ClockNo
Xlcvgalcvga.exeAdded by the HOSTOL-A TROJAN! No
Xldld.exeCoolWebSearch Tooncomics parasite affiliate variant - redirects to fastwebfinder.comNo
NLDMbackweb-8876480.exeInstalled with older versions of the software for Logitech products. Automatically checks for software upgrades and new products, services and special offers from LogitechYes
NLDMLogitechDesktopMessenger.exeInstalled with the software for Logitech products. Automatically checks for software upgrades and new products, services and special offers from LogitechNo
Xldriverldriver.exeAdded by the CHORUS-A TROJAN! Searchforfree browser hijackerNo
ULED TRAYLEDTRAY.EXEInstalls a USB compact flash card reader or drive on start-up. The device is distributed by Microtech and is made by a company called SnapShot. Required if you want the reader to workNo
UledpointerCNYHKey.exeChicony Electronics Multimedia Keyboard Hotkey DriverNo
NLeechGetLeechGet.exeLeechGet download managerNo
Xleemanleeman.exeAdded by the COSIAM-D TROJAN!No
ULELALinksys EasyLink Advisor.exeSystem Tray access to Linksys EaasyLink Advisor - which "is designed to set up your home network. LELA can locate computers, routers, storage, cameras and printers as well as other devices connected to your network". Included with their newest routersNo
XLEMSRVlemsrv.exeAdded by the IRCBOT-TC TROJAN!No
ULENOVO.TPFNF6RTPFNF6R.exeSupports the Fn+F6 hotkey combination on IBM/Lenovo Thinkpad notebooks which mutes the microphoneNo
NLenovoOobeOffersLenovoOobeOffers.exeDisplays product upgrades/offers from Lenovo on the first run of a new notebook/desktop. "Oobe" refers to the "Out of box experience"No
XLetsRock[path to trojan]Added by the RANKY.Y BACKDOOR!No
XLetsSearchLetsSearch.exeBrowserAid/BrowserPal foistwareNo
XLetum[path to worm]Added by the LETUM.A WORM!No
ULexmark 1200 Serieslxczbmgr.exe"Lexmark Scan & Copy Control Program" for the Lexmark 1200 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etcNo
ULexmark 2200 Serieslxbvbmgr.exe"Lexmark Scan & Copy Control Program" for the Lexmark 2200 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etcNo
ULexmark 3100 Serieslxbrbmgr.exe"Lexmark Scan & Copy Control Program" for the Lexmark 3100 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etcNo
ULexmark 4200 Serieslxbmbmgr.exe"Lexmark Scan & Copy Control Program" for the Lexmark 4200 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etcNo
ULexmark 5000 Series Fax Serverfm3032.exeFaxMan integrates complete fax send and receive support into Windows applications without requiring additional fax softwareNo
ULexmark 5200 serieslxbtbmgr.exe"Lexmark Scan & Copy Control Program" for the Lexmark 5200 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etcNo
ULexmark 5400 Series Fax Serverfm3032.exeFaxMan integrates complete fax send and receive support into Windows applications without requiring additional fax softwareNo
ULexmark 6500 Series Fax Serverfm3032.exeFaxMan integrates complete fax send and receive support into Windows applications without requiring additional fax softwareNo
ULexmark 7600 Series Fax Serverfm3032.exeFaxMan integrates complete fax send and receive support into Windows applications without requiring additional fax softwareNo
ULexmark 9300 Series Fax Serverfm3032.exeFaxMan integrates complete fax send and receive support into Windows applications without requiring additional fax softwareNo
XLexmark Printlexmark.exeAdded by a variant of the SPYBOT WORM! See hereNo
ULexmark X1100 Serieslxbkbmgr.exe"Lexmark Scan & Copy Control Program" for the Lexmark X1100 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etcNo
ULexmark X125 Settings UtilityLEX125SU.exeSettings utility for the Lexmark X125 printerNo
ULexmark X5100 Serieslxbabmgr.exe"Lexmark Scan & Copy Control Program" for the Lexmark X5100 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etcNo
ULexmark X5400 Series Fax Serverfm3032.exeFaxMan integrates complete fax send and receive support into Windows applications without requiring additional fax softwareNo
ULexmark X6100 Serieslxbfbmgr.exe"Lexmark Scan & Copy Control Program" for the Lexmark X6100 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etcNo
ULexmark X63 Button ManagerAcBtnMgr_X63.exe"Lexmark Scan & Copy Control Program" for the Lexmark X63 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etcNo
ULexmark X63 Button MonitorACMonitor_X63.exeButton monitor for the Lexmark X63 all-in-one multifunction printer/copier/scanner. Works in conjunction with the "Lexmark Scan & Copy Control Program" button manager whose filename is "AcBtnMgr_X63.exe"No
ULexmark X73 Button ManagerAcBtnMgr_X73.exe"Lexmark Scan & Copy Control Program" for the Lexmark X73 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etcNo
ULexmark X73 Button MonitorACMonitor_X73.exeButton monitor for the Lexmark X73 all-in-one multifunction printer/copier/scanner. Works in conjunction with the "Lexmark Scan & Copy Control Program" button manager whose filename is "AcBtnMgr_X73.exe"No
ULexmark X74-X75lxbbbmgr.exe"Lexmark Scan & Copy Control Program" for the Lexmark X74-X75 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etcNo
ULexmark X83 Button ManagerAcBtnMgr_X83.exe"Lexmark Scan & Copy Control Program" for the Lexmark X83 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etcNo
ULexmark X83 Button MonitorACMonitor_X83.exeButton monitor for the Lexmark X83 all-in-one multifunction printer/copier/scanner. Works in conjunction with the "Lexmark Scan & Copy Control Program" button manager whose filename is "AcBtnMgr_X83.exe"No
ULexmark X84-X85 Button ManagerAcBtnMgr_X84-X85.exe"Lexmark Scan & Copy Control Program" for the Lexmark X84-X85 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etcNo
ULexmark X84-X85 Button MonitorACMonitor_X84-X85.exeButton monitor for the Lexmark X84-X85 all-in-one multifunction printer/copier/scanner. Works in conjunction with the "Lexmark Scan & Copy Control Program" button manager whose filename is "AcBtnMgr_X84-X85.exe"No
NLexmarkPrinTrayprintray.exeLexmark Printer icon in the System Tray for quick access. Not required - uncheck via Printer configuration rather than MSCONFIG. Can also be listed as PrinTrayNo
XLexmark_X79-55lsasss.exeAdded by the ZONEBAC TROJAN!No
Xlexplorelexplore.exeAdded by the BROPIA WORM! Note - the executable is spelt with a lower case "L" rather than an lower or upper case "i" which is the case with Internet ExplorerNo
Nlexppslexpps.exeFor Lexmark printers. From Lexmark: "This enables bi-directional printing over a peer to peer network. If the printer is connected directly to your PC, the file is not used, (or should not be used) at all". It is known that firewalls can however alert you to "lexpps.exe" requesting server privilegesNo
ULexStartlexstart.exeLexmark printer software may add Lexstart.exe in the startup folder to handle print commands that you send to the printer. Sometimes required for the printer to work correctly - not in the case of a Lexmark Z42 for instanceNo
XLfhLfh.exeAdded by the ZAURGA-A TROJAN!No
ULfsndmnglfsndmng.exeLightningFAX Enterprise Fax Server - "puts faxing at the fingertips of networked enterprise users. It enables rapid, secure sending and Direct-To-Desktop Delivery of mission-critical documents"No
ULG Direct Media Button ServiceLGDMEBTN.exeSupports the Direct Media button on LG Notebooks that support it - such as the S1 PRO EXPRESS DUAL. Pressing this button launches the application for watching movies or listening to musicNo
NLG Intelligent Updateautoupdate.exeAutomatic update utility for LG NotebooksNo
ULG Intelligent Updategiljabistart.exeRelated to LG Electronics system updatesNo
NLG MagnifierMagnifyingGlass.exeScreen area magnifying utility for LG NotebooksNo
ULGDCoreLGDCore.exePart of the GamePanel Software for the Logitech G-Series of gaming keyboards. This is the keyboard driver and if it's disabled you will lose access to special features and programmed keysNo
?LgDevAgtLgDevAgt.exePart of the GamePanel Software for the Logitech G-Series of gaming keyboards. What does it do and is it required?No
XlgfxTraylgfxTray.exeAdded by the TAKEOBEL WORM! Note - the filename has a lower case "L" rather than an upper case "i" at the beginning and should not be confused with the valid Intel graphics file "igfxtray.exe"No
Xlgmlgm.exeAdded by the ACID-F WORM!No
ULGODDFUfwupdate.exeAuto firmware update program for LG Electronics CD-ROM/DVD writerNo
?LGSR_MenuMUIStartMenu.exePart of the LG Electronics re-branded version of CyberLink's PowerRecover protection and recovery software. The exact purpose of this entry is unknown at present but it unloads from memory once runNo
ULgWDskTpLgWDskTp.exeLogitech Wireless Desktop mouse and keyboard software. There is an icon for this program on the taskbar next to the clockNo
Nlhttsengrundll32.exe ..lhttseng.inf, RemoveCabinetLeft over after installation of the British English version of the Lernout & Hauspie Text To Speech (TTS) EngineNo
Xli-multi****li-multi****.exeAdult web-dialler - **** is randomNo
Xli-rcash00001vldial.exeAdded by the Vl TROJAN! No
Xli-speed****dlres.exeAdult web-dialler - **** is randomNo
Xli-thund****li-thund****.exeAdult web-dialler - **** is randomNo
Xli-vita****li-vita****.exeAdult web-dialler - **** is randomNo
Xli01f948rundll32.exe li01f948.dll,EnableRunDLL32LZIO.com adware downloader. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "li01f948.dll" file is found in %System%No
XLibreSystemSysRep.exeLibreSystem, French rogue system error and cleaning utility - not recommended. A member of the ErrClean familyNo
Xlibtecrundll32.exe libtec.dll,startAdded by the AKBOT-AI WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "libtec.dll" file is found in %System%No
NLicCrtlrunservice.exePart of the eLicense Copy Protection scheme employed by some software and games. When this service is not running, the eLicense wrapper is unable to extract and execute the programNo
ULicCtrlrundll32.exe MMFS.DLL, ServicePart of the eLicense Copy Protection scheme employed by some software and games. When this service is not running, the eLicense wrapper is unable to extract and execute the program. Note that the "MMFS.DLL" file is located in the Winnt or Windows folderNo
XLicense Managerlicense_manager.exeMediaPipe peer-to-peer file swapping program also reported as a hijackerNo
Xlichlich.exeAdded by the QLOWZON-BN TROJAN!No
ULidPolicypwrschem.exeA utility for configuring certain HP notebook models to enter Standby mode when the lid is closed only when running on batteryNo
XLife FireWall Update1FireWall-Update1.exeAdded by the RBOT-ARS WORM!No
XLife Personal FirewallFirewallingV10.exeAdded by the RBOT-BKF WORM!No
?LifeCamLifeExp.exeRelated to Microsoft's LifeCam series of webcams. What does it do and is it required?No
ULifeChatLifeChat.exeSupport software for Microsoft's "LifeChat" headsets - which are optimized for use with Windows Live MessengerNo
NLifeDrive ManagerLifeDriveMgr.exeKeeps the Palm LifeDrive Manager utility in the systray. Shortcut available via Start -> ProgramsNo
ULifeDrive? ManagerLifeDriveMgrTray.exeSystem Tray utility for the Palm LifeDrive Mobile ManagerNo
?LifeExpLifeExp.exeRelated to Microsoft's LifeCam series of webcams. What does it do and is it required?No
NLifeScape Media DetectorPicasaMediaDetector.exeMedia detector for Picasa's automatic photo organizerNo
Xlifyyujixit.exeAdded by a variant of the SDBOT WORM!No
?LightFrame 3LightFrameV3.exeSupport software for Philips range of LCD Monitors that support LightFrame™ - which "reduces eye strain by surrounding your monitor frame with blue light that stimulates your visual senses for improved concentration and promotes an overall feeling of wellbeing". What does it do and is it required?No
ULightningLightning.exeLightning Download from Headlight Software - shareware download manager for resuming downloads. Start it manually unless you want to intercept download links from your browserYes
ULightning DownloadLightning.exeLightning Download from Headlight Software - shareware download manager for resuming downloads. Start it manually unless you want to intercept download links from your browserYes
NLightscribeLightScribeControlPanel.exeSystem Tray access to the LightScribe Control Panel for CD/DVD writers based upon HP's LightScribe laser-etching process - which allows you to burn a label straight onto specially coated blank disks. Part of the main LightScribe System Software (LSS)Yes
NLightScribe Control PanelLightScribeControlPanel.exeSystem Tray access to the LightScribe Control Panel for CD/DVD writers based upon HP's LightScribe laser-etching process - which allows you to burn a label straight onto specially coated blank disks. Part of the main LightScribe System Software (LSS)Yes
NLightScribeControlPanelLightScribeControlPanel.exeSystem Tray access to the LightScribe Control Panel for CD/DVD writers based upon HP's LightScribe laser-etching process - which allows you to burn a label straight onto specially coated blank disks. Part of the main LightScribe System Software (LSS)Yes
?LightSensorAppALSMON.exe??No
Xliibrliibr.exeAdded by a variant of the Storm/Nuwar/Zhelatin WORM!No
XLimewireLimeWire.exeAdded by the RBOT-AGH WORM!No
NLimeWire On StartupLimeWire.exeLimeWire - Peer to Peer (P2P) file-sharing client. Note - as with all P2P sharing programs they are susceptible to various forms of malwareNo
NLimeWire x.xLimeWire.exeLimeWire - Peer to Peer (P2P) file-sharing client. x.x represents the version number. Note - as with all P2P sharing programs they are susceptible to various forms of malwareNo
Xlimewirepro.exelimewirepro.exeAdded by the IRCBOT-WA WORM!No
XLimpetexplorer16.exeAdded by the RBOT-AJD WORM!No
NLine Speed Meter V3.0LineSpeedMeter.exeLineSpeedMeter - detect the download and upload speed of your internet connectionNo
ULingvo LauncherLvagent.exeABBYY Lingvo Electronic DictionariesNo
ULingvoTrainingTutor.exeABBYY Lingvo Electronic DictionariesNo
XLinkerLinkMaker.exeLinks adwareNo
Xlinkslinks.exeAdded by the LOWZONE-BI TROJAN!No
XLinkSafenessLinkSafeness.exeLinkSafeness rogue security software - not recommended, removal instructions here. A member of the AntiAID familyNo
NLinkstslinksts.exeTray icon which gets installed when you install the drivers for Asuscom internal ISDN modem cards (or rebadged Asuscom ISDN cards, such as MRi). This icon enables you to monitor or configure your ISDN card. Once you have configured your ISDN card correctly, you will never need to use this iconNo
XLinksys Modem Driverslinksys.exeAdded by the IRCBOT.VD WORM!No
Xlinkyuulinkuyy.exeAdded by the DLOADER.MC TROJAN!No
XLinuxLinux.vbsAdded by the LOVELETTER.AS VIRUS!No
ULiquidViewlviewj.exe"Liquid View lets you increase the legibility of the Microsoft Windows interface regardless of your display's native resolution. The software lets you increase the size of items that are hard to read on your monitor"No
XLisaLisa.exeAdded by the SCOM-D premium rate adult content diallerNo
XList checker 32 BITlist32.exeAdded by the RBOT-AHO WORM!No
XLitebot[path to trojan]Added by the LITEBOT-A TROJAN!No
NLIULIU.exeLogitech Internet Update. Used to update drivers/software for Logitech's Wingman, QuickCam, etc devices. Reports claim it doesn't work very well and you can manually update the files anywayNo
NLIURubicon.exeLogitech Internet Update. Used to update drivers/software for Logitech's Wingman, QuickCam, etc devices. Reports claim it doesn't work very well and you can manually update the files anywayNo
NLive MenuDllcmd32.exeeFax Send button for eFax Messenger Plus. Available via Start -> Programs Disabling instructions available hereNo
XLive Messangerlivemsgr.exeAdded by the RBOT.BXX WORM!No
XLive Messangerwllmsngr.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XLive PC CareLP[random characters].exeLive PC Care rogue security software - not recommended, removal instructions hereNo
?live rdrloadloud.exe??No
XLive Security SuiteLiveSS.exeLive Security Suite rogue security software - not recommended, removal instructions hereNo
XLive update monitorsrvany32.exeAdded by the AGOBOT.AFM WORM!No
Xlive update monitorumxlu32.exeAdded by the AGOBOT.ADK WORM!No
XLive Windows Messenger Versionmsnmessage7.7.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XLive Windows Messenger Versionmsnmsngrlive.exeAdded by a variant of the IRCBOT BACKDOOR!No
XLive-Helplmns.exeAdded by the RBOT-GHE WORM!No
XLive-Messenger.exeLive-Messenger.exeAdded by the SILLYP2P WORM!No
XLiveAntispyLiveAntispy.exeLiveAntispy rogue security software - not recommended, removal instructions hereNo
Xlivekeywebgrade.exeLiveKeys adware. File located in %Program Files%\livekey\livekeysNo
Xlivekeyswebgrade.exeLiveKeys adware. File located in %Program Files%\livekey\livekeysNo
NLiveMonitorLMonitor.exeMSI Live Update - auto-detects and suggests the latest BIOS/Driver/Utilities informationNo
NLiveNoteLivenote.exeAsus graphics card driver live update featureNo
XLiveProtectLiveProtect.exeSystem Live Protect rogue security software - not recommended, removal instructions hereNo
XLiveSexCamsLiveSexCams.exePremium rate adult content diallerNo
ULiveUpdateLiveUpdate.exeWeb-update utility as used by various types of software - see hereNo
XLiveUpdate[Windows username]05.exeAdded by the LINEAGE TROJAN!No
XLiveUpdatesmss.exeAdded by the VB.BAU BACKDOOR! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\isasNo
NLiveUpdateCopyer.exeSamsung PC Studio is a Windows-based PC program package that you can use easily to manage personal data and multimedia files by connecting a Samsung Electronics Mobile phone (GSM/GPRS/UMTS) to your PC. You can launch the update manually - see the instructions here for exampleNo
XLiveUpdate32services.exeAdded by the VB.BAU BACKDOOR! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\isasNo
XLivreDibane.batAdded by the BANEDI VIRUS!No
XLjxrundll32.exeAdded by the LINEAG-ABD TROJAN! Note - this is not the legitimate rundll32.exe process, which is found in %Windir% (98/ME) or %System% (NT/2K/XP). This one is located in %Windir%\infNo
Xlk3h1[path to file]Added by the MOSUCK-G TROJAN!No
Xllajyn_dflljyn081020.exeAdded by the AUTORUN-MR WORM!No
Xlljy_dfllzjy[random digits].exeAdded by the AUTORUN-GT WORM!No
?LLMODCL2rundll.exe setupx.dll, InstallHinfSection ..LLMODCL2.INF??No
NLM StatusLMSTATUS.EXEXerox WorkCenter XE - language monitor status applicationNo
XLMA Managerlmamanager.exeAdded by the TILEBOT-AD WORM!No
ULManagerQtZgAcer.EXEAcer Launch Manager - on Acer laptops it supports the dedicated multimedia buttons and allows users to configure their function. If the optional WLAN module and Bluetooth radio are installed the associated buttons can set their operating stateYes
ULManagerQtZpAcer.exeAcer Launch Manager - on Acer laptops it supports the dedicated multimedia buttons and allows users to configure their function. If the optional WLAN module and Bluetooth radio are installed the associated buttons can set their operating stateNo
ULManagerHotkeyApp.exeProgrammable keys on Acer, Fujitsu and other laptopsNo
ULManagerQtaET2S.EXEAcer Launch Manager - on Acer laptops, provides configurability for the special keys on their range of multimedia keyboards No
ULManagerCPLBCL53.EXESystem Tray icon found on Acer Travelmate laptops that allow you control access to the Internet and email buttons and other computer configurationsNo
ULmanagerLManager.exeAcer Launch Manager - manages configuration of the multimedia keys on their range of notebooks, netbooks and desktopsNo
XlMAPllMAPl.exeAdded by the AGOBOT-RE WORM!No
ULMgrOSDOSDCtrl.exeOSD (on-screen-display) utility - part of Acer Launch Manager. Gives you control to customize the monitor to your liking...from sound, brightness, contrast, horizontal and vertical positions, phase, pixel clock, color and languageNo
NLMonitorLMonitor.exeMSI Live Update - auto-detects and suggests the latest BIOS/Driver/Utilities informationNo
?lmpdpsrvlmpdpsrv.exeRelated to a Lexmark printer/scanner. Printer sharing server? Is it required?No
Xlmrtlmrt.exeUnidentified adwareNo
NLMSTATUSLMSTATUS.EXEXerox WorkCenter XE - language monitor status applicationNo
YLMSXXDLMSXXD.exeDriver for Xerox XD series printer/copiers No
XlmuLMU.exeDetected by Kaspersky as the AGENT.BG TROJAN!No
Xlmxyzwhq.exelmxyzwhq.exeAdded by the AGENT-GEX TROJAN!No
Xlnternet ExplorerAMSNDMGR.EXEAdded by the KWBOT.R WORM! Note that the "l" is a lower case "L" and not an upper case "I"No
Xlnternet UpdatelExplore.exeAdded by the RBOT-GRH WORM! Note - the executable is spelt with a lower case "L" rather than an lower or upper case "i" which is the case with Internet ExplorerNo
Xlnwin.exelnwin.exeAdded by the DLOADR-ATC TROJAN!No
Xloadmdm.exeAdded by the BINGHE TROJAN! Note - this is not the legitimate Machine Debug Manager (mdm.exe) process which is located in %ProgramFiles%\Common Files\Microsoft Shared\VS7Debug (98/Me/XP/Vista) or C:\WINDOWS\SYSTEM (Me only)No
Xloadmsgsr32.exeAdded by the SDBOT-QR WORM!No
Xload[path to worm]Added by the KELVIR.AI WORM!No
XLoadMyGame.exeAdded by the LAMEYEAR-A WORM!No
Xload_Kerne1.exeAdded by the LINEAGE-AN TROJAN!No
XloadInternat.exeAdded by the WOWCRAFT TROJAN!No
Xloadrundll32.exeAdded by the WOWCRAFT TROJAN!No
Xloadsvhost32.exeAdded by the WOWCRAFT TROJAN!No
Xloadsvchsot.exeAdded by the GWGHOST-O TROJAN!No
Xloadexplorer.exeAdded by the LINEAGE-OZ TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%No
XloadKerne121.exeAdded by the LINEAGE-ON TROJAN!No
XloadKerne1211.exeAdded by the LINEAGE-DY TROJAN!No
Xloadrundl132.exeAdded by the LOOKED-CK WORM!No
Xloadctftpscr32.exeAdded by the AGENT-FPN TROJAN!No
XLoadwin32.exeAdded by the RUBBLE-A WORM!No
XloadQQ.exeAdded by the QUADRULE.A WORM! Note - this is not the Tencent QQ Asian instant messanger program which is located in %Windir%No
XloadWinExplorer.exeAdded by the VB.EIW WORM!No
XloadSystemfile.dll.vbsAdded by an unidentified WORM or TROJAN! See hereNo
XloadKHATRA.exeAdded by the ORBINA-A WORM!No
XLoad ServiceSvHost.exeAdded by the PESIN-D WORM!No
ULOAD WBLOADWB.EXEPart of Stardock's WindowBlinds custom desktop program. "WindowBlinds is the first utility of its kind. It extends Win98/NT/2K/XP to have a fully skinnable user interface. You can change the style of title bars, buttons, toolbars and much more". If you use it - keep it if not then uninstall itNo
XLoad-GuardWscript.exe LGuarg.exe.vbsAdded by the YENO.B and YENO.C WORMS! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted. The "LGuarg.exe.vbs" file is located in %Windir%No
XLOAD32Lorena.exeAdded by the MAPSON.C WORM!No
Xload32load32.exeAdded by the NIBU, BAMBO TROJANS and DUMARU WORM!No
Xload32l32x.exeAdded by the DUMARU.Z or DUMARU.Y or DUMARU.AD WORM!No
Xload321111a.exeAdded by the DUMARU.AH WORM!No
Xload32swchost.exeAdded by the TURTA.A WORM!No
Xload32netda.exeAdded by the NIBU.E TROJAN!No
Xload32winldra.exeAdded by the NIBU.J BACKDOOR or DUMARU-BI TROJAN! Note - also known as Srv.SSA-KeyLogger by Sunbelt Software which has developed a free removal tool for this keyloggerNo
Nload=adw30.exeAfter Dark for Windows - screen saver program. Popular before screen savers were integrated into Win95No
Uload=asistat.exeStatus monitor for an NEC SuperScript printerNo
?load=cfgsys32.exe??No
Uload=esspk.exeSpeakerphone capability through a soundcard for an ESS modemNo
Yload=hotkey.exeSolo 5300 display driver for Win2K on some Gateway laptopsNo
Nload=HPWHRC.EXELoads the Status Window software for the HP Laserjet printersNo
?load=WPSLOAD.EXEWindows printing system that comes with the setup for Canon BJC series on the manufacturer's diskNo
Nload=vi_grm.exeMonitor drivers for Trio2x/3x based video cards - displays control panel for quick access to display settingsNo
?load=WINOSCFG.EXECould it be something to do with configuring Windows on a new PC from an OEM supplier?No
Yload=wpshrc.exeRequired to prevent configuration errors on a Compaq LBP-660 and LBP-460 parallel port laser printers (and maybe others)No
Yload=Bfrecv.exeBitware modem driverNo
Xload=msater.exeAdded by the RETSAM TROJAN!No
Xload=shambl3r.exeAdded by the REMABL WORM!No
Xload=Spoolsv.exeAdded by the CIADOOR.B TROJAN! Note - this is not the legitimate spoolsv.exe which is always located in %System%. This one is located in %Windir%No
?Load=wtfeat.exeAssociated with the Wintab DigitizerNo
Yload=AICLIENT.EXEAsset Insight from Tangram - asset managing software. Required if an organisation is running a centrally administered asset management systemNo
Xload=hint.exeAdded by the ATAK WORM!No
Xload=win32exec.exeAdded by the BITTER WORM!No
Xload=a1g.exeAdded by the ATAK.B WORM!No
Xload=dapdll.exeAdded by the ATAK.E WORM!No
Xload=svhost32.exeAdded by the LINEAGE-AB TROJAN!No
Yload=01comm32.exeRelated to Elsa CommPro (Communicate Pro) access software for Microlink modems - this software contains answering machine and fax functions, plus a terminal program, a WWW-browser launch function, Internet telephony, and address management. Required if you use thoseNo
Xload=inetinfo.exeAdded by the PROXY-GG TROJAN!No
Xload=Kerne14.exeAdded by the LINEAGE-BA TROJAN!No
XLoadab1explorer.exeAdded by the LINEAGE-AJ TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %ProgramFiles%No
YLoadBlackDblackd.exe"Intrusion detection system" of the BlackICE PC Protection (was Defender) firewall which loads independently of the "user interface" (BlackICE Utility). BlackICE was supported by IBM Internet Security Systems (formerly just ISS) when them acquired the NetworkICE parent but is no longer available. Starts via a registry "RunServices" key on Windows 98/Me and as a service on Windows 2K/XP/VistaNo
ULoadBtnHndBtnHnd.exeFujitsu Siemens Lifebook laptops have some buttons on the case that can be programmed to execute specified programs (like hotkeys). The buttons can also be used as a combination lock inputNo
XLoadDBackUpBcTool.exeAdded by the GIBE WORM! No
Xloaddllloaddll.exeWinvest spywareNo
Xloaddr[path to trojan]Added by the AGENT-DIY TROJAN!No
YLoadDvpApi9xDVPAPI9X.exeCommand AntiVirus for Windows 95/98/MeNo
Xloaderloader.exeHomepage hijacker, redirecting to coolwwwsearch.com. Downloader for iedll.exeNo
XloaderWMPLAYER.EXEUnknown baddie - WMPLAYER.EXE is stored in the location and uses the same name as Windows Media Player but that valid Windows program doesn't load at startupNo
Xloader32sys*****.exe [***** = random digit]Added by the DOMCOM TROJAN!No
Xloader32Loader32.exeAdded by an unidentified TROJAN!No
XLoadersHeIp.exeAdded by the SDBOT-ADB WORM!No
Xloadfaxloadfax.exeAdded by the WINFLUX-C TROJAN!No
Xloadfaxloadfax.exeAdded by the WINFLUX-C BACKDOOR!No
XLoadFontsLoadFonts.vbsHomepage hijacker that changes your homepage to an adult content siteNo
XLoadFontsTahoma.vbsHomepage hijacker that changes your homepage to an adult content siteNo
ULoadFujitsuQuickTouchQuickTouch.exeMaps the keys on a Fujitsu Siemens Lifebook application panel to various programs and functionsNo
XLoadGolfCoursesLoadGolfCourses.exePlayMiniGolf.com foistware - stealth installed!No
XLoadhgrundll32.exeAdded by the LINEAG-ABX TROJAN!No
XLoadHTMLrundll32.exe regsvr32.exe,MShtmpreMatrixSearch adware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
XLoadingAgentZipLoader32.exeAdded by the OBLIVION TROJAN! This executable is one of the most common but there are moreNo
XLoadingAgentmsload32.exeAdded by the OBLIVION TROJAN! This executable is one of the most common but there are moreNo
XLoadManagermsload.exeAdded by the OPASERV.T WORM!No
XloadMecq0explorer.exeAdded by the MUMUBOY.C TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %ProgramFiles%No
XloadMecq3rundll32.exeAdded by the LEGMIR-AS TROJAN! Note - this is not the legitimate rundll32.exe process, which is found in %Windir% (98/ME) or %System% (NT/2K/XP). This one is located in the root folder (i.e., C:\)No
XloadMect1explorer.exeAdded by the LINEAGE-L TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %ProgramFiles%No
XloadMefsrundll32.exeAdded by the LEGMIR-JB TROJAN! Note - this is not the legitimate rundll32.exe process, which is found in %Windir% (98/ME) or %System% (NT/2K/XP). This one is located in %Windir%\infNo
XloadMefssmss32.exeAdded by the FLOOD-EL TROJAN!No
NLoadMSvcmmmsvcmm32.exeAuto-update for Movielink - internet movie rental System Tray accessNo
XLoadOrderVerification[random filename]Added by the TRON.A TROJAN!No
ULoadout Managernost_LM.exeManager for the Belkin Nostromo n50 SpeedPad game controller - see hereNo
XLoadPFWwmimgr.exeAdded by the QEDS-B WORM!No
XLoadPowerProfileASDAPI.EXEAdded by the CABRO TROJAN! Not to be confused with the valid LoadPowerProfile entry where the command is Rundll32.exe powrprof.dllNo
ULoadPowerProfileRundll32.exe powrprof.dllPower management specifics such as monitor shut-off, system standby, etc. Associated with power management and is listed twice - see here. Loads your selected power scheme. May not be required - depends upon whether you modify the default Control Panel -> Power Options settingsNo
XLoadPowerProfileRundll.exe powerprof.dllAdded by the LOXOSCAM TROJAN! Note - do not confuse with the valid LoadPowerProfile entry! Notice that the infected version uses "Rundll.exe" whereas the uninfected version uses "Rundll32.exe"No
XLoadPowerProfilerundl.exeAdded by the TOFAZZOL TROJAN! Not to be confused with the valid LoadPowerProfile entry where the command is Rundll32.exe powrprof.dllNo
XLoadPowerProfileRundll32.exeAdded by the MIROOT WORM! Note - do not confuse with the valid LoadPowerProfile entry which has "powrprof.dll" appended to the command/data lineNo
XLoadPowerSchemerundll32.exe powerprof.dll CheckPowerProfileUlubione adult content dialer. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
ULoadQMloadqm.exeInstalled with MSN Explorer and loads the MSN Queue Manager. Required to enable the WU AutoUpdate feature. Note that disabling this can sometimes prevent internet sharing working on Win2K Pro SP2. Reports also suggest that removing it will re-enable internet access - hence the "users choice" recommendation. If you have problems leave it, otherwise I recommend you disable itNo
Xloads.exeloads.exeMediaMotor adwareNo
Xloads.exemedload.exeMedload adwareNo
Xloads.exesuploads.exeAdded by the AGENT-BZ TROJAN! No
XLoadServiceRest In PeaceAdded by the KANGAROO-A WORM!No
XLoadServiceMaaf, tempatmu bukan di sinAdded by the KAGEN-A TROJAN!No
XLoadServiceVirusAdded by the CAGER.A WORM!No
XLoadSIPSrundll32.exe SIPSPI32.dll, SIPSPI32123Mania adware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "SIPSPI32.dll" file is found in the System folderNo
?LoadWatcherTest.exeReportedly part of a webcam surveillance program that's supposed to test SMTP dialling in the event of an alert? Is this correct?No
XLoadWatcherwatcher.exeWatcher spywareNo
Xloadwinwinset.exeAdded by the QQPASS-I TROJAN!No
Xloadwinwinsys.exeAdded by the QQPASS-J TROJAN!No
XLoadWindowsFileKernel32.exeAdded by the DELF.B TROJAN!No
XLoadWindowsFilewinreg.exeAdded by the HUPIGON.A BACKDOOR!No
XLocal Area NetworkOpenGL.exeAdded by a variant of the RBOT WORM!No
XLocal Authority Servicelsass.exeAdded by the MARKTMAN-C TROJAN! Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
XLocal Internet ConnectionLIC.exeAdded by the SDBOT-YA WORM!No
XLOCAL INTERNET WEB DRIVERS FOR WIN32phqghume.exeAdded by a variant of the RBOT WORM!No
XLocal Pagehttp://find.naupoint.comNaupoint browser hijackerNo
XLocal runole servicesrvc32.exeAdded by the SMALL-DP TROJAN!No
XLocal Security Authority Servcelssas.exeAdded by the POEBOT-T WORM!No
XLocal Security Authority Servicelssas.exeAdded by the POEBOT-J WORM!No
XLocal Security Authority ServiceIsass.exeAdded by the LINKBOT.M WORM!No
XLocal ServiceIntenat.exeAdded by the NUCLEAR-J TROJAN!No
XLocal Serviceservices.exeAdded by the P2PWORM-T WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\CursorsNo
XLocal-Settings-of-[User Name][User Name].exeAdded by the GAVGENT.A WORM!No
ULocalProxyproxy4free.exe"ProxyTools is a package of Perl network utilities designed mainly to assist those whose Internet access is censored, unreliable, or otherwise damaged. Uncensored access is provided to any outside service required (Usenet News, Web browsing, IRC, Socks etc.). Setup requires installation of Perl and some modules" No
XLocalSystemsvchost.exeEHU adware. Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup!No
XLocator Service[filename]Added by the AGOBOT-KY TROJAN!No
ULock My PClockpc.exeLock My PC - a tool for quick computer locking when you leave it unattended. It shows a lock screen, disables Windows hot keys and mouseNo
Xlofgyhlofgyh.exeAdded by the SDBOT-TP WORM!No
ULogan_S2PScan2pc.exeScan to PC application for the scanning function of the Samsung SCX-4500 Series multifunction printerNo
Xlogglogo_1.exeAdded by the PWFUZZ-A WORM!No
XLogical Disk Detectionmrisvc.exeAdded by the IRCBOT.AOW BACKDOOR!No
NLogiciel de transfert d'images KODAKpts.exeLooks for Kodak camera connection and media insertion. Available via Start -> ProgramsNo
ULoginwinlog.exeSalfeld Child Control - parental control softwareNo
Xlogin[path to trojan]Added by the HOTWORD-A TROJAN!No
XLoginLogin.exeAdded by the BANCBAN-AH TROJAN!No
XLoginlala.exeAdded by the BUGSPR-A TROJAN!No
XLogin Screen Saverlogin.scrAdded by the RBOT-AVN WORM!No
XLogin Service[path to file]Added by the MIGMAF TROJAN!No
XLoginPassportLgnpsp32.exeAdded by the REDIST.C WORM!No
Xloginui32loginui32.exeAdded by the LONGNU.A TROJAN!No
XLogitechLogitech.exeAdded by the RBOT.BJH WORM!No
YLogitechCommunications_Helper.exeEntry added when you install versions of the Logitech QuickCam webcam software. Used to interface your webcam with third party chat and voice programs such as instant messaging clients and Skype. Also, if it's disabled the camera will not work - at least not in the QuickCapture modeYes
NLogitech . Product RegistrationeReg.exeRegistration reminder from Leader Technologies for Logitech software such as SetPoint for their range of wired and wireless keyboards and pointing devices (mice, trackballs, etc)Yes
ULogitech BT WizardLBTWiz.exeBluetooth connection manager for Logitech based bluetooth wireless productsNo
XLogitech CameraSoundcane.exeAdded by the SDBOT.MUC WORM!No
?Logitech Camera SoftwareElkCtrl.exeEntry added when you install versions of the Logitech QuickCam webcam software. It's exact purpose is unknown at the present timeYes
ULogitech ClickSmartISStart.exeInstalled with Logitech's QuickSmart webcam software. The exact purpose of this startup entry is unknown at present, with opinions varying from: (i) adding a tray icon when a camera is connected - apparently no longer the case, (ii) repairing a problem with the image gallery and (iii) being required with some versions to take pictures and capture videosYes
ULogitech ClickSmartLogiTray.exeSystem Tray access to My Logitech Pictures, Camera Settings and other features for Logitech's QuickSmart webcam software. Create your own shortcut and run it manually when required unless you use it all the timeYes
ULogitech ClickSmartLVCOMS.EXEEntry added when you install Logitech ClickSmart webcam software. It allows the camera to be accessed by both the Logitech software and (amongst others) NetMeeting and Windows Movie Maker. If you don't use the camera on a daily basis create your own shortcut and run it manually when requiredYes
XLogitech DesktopApPache.exeAdded by the RBOT-YP WORM!No
XLogitech DesktopIPCONN.EXEAdded by the SDBOT-WE WORM!No
XLogitech Desktop Controllerwrcam.exeAdded by a variant of the RBOT WORM!No
NLogitech Desktop Messengersetup-8876480.exeInstaller for Logitech Desktop Messenger included with older versions of the software for Logitech products - which automatically checks for software upgrades and new products, services and special offers from LogitechNo
NLogitech Desktop Messengerldmconf.exeInstalled with older versions of the software for Logitech products. Configures the options for Logitech Desktop Messenger to activate notifications about software upgrades and/or new products, services and special offersYes
NLogitech Desktop MessengerLogitechDesktopMessenger.exeInstalled with the software for Logitech products. Automatically checks for software upgrades and new products, services and special offers from LogitechYes
NLogitech Desktop Messenger Agentldmconf.exeInstalled with older versions of the software for Logitech products. Configures the options for Logitech Desktop Messenger to activate notifications about software upgrades and/or new products, services and special offersNo
NLogitech Gaming SoftwareLWEMon.exePart of Logitech Gaming Software (formerly Wingman Software) for their range of game controllers. Starts the profiler (button configuration) and loads the last used profile at start-up - including System Tray access. Unless you're a hard-core gamer it's best to leave it disabled and load when neededYes
ULogitech Hardware Abstraction LayerKHALMNPR.EXEPart of Logitech's SetPoint control software for their range of wired and wireless keyboards and pointing devices (mice, trackballs, etc). When using SetPoint to adjust the mouse sensitivity it is maintained separately from the Windows setting, but is combined with the Windows setting to determine the final sensitivity. For this reason, this entry sets the Windows setting to 0 so it doesn't affect the one you set in SetPoint and then unloads. A separate instance of KHALMNPR.EXE loads via the main Setpoint.exe program to control communication between your radio/bluetooth wireless mouse/keyboard and SetPointYes
ULogitech Harmony RemoteHarmonyClient.exeLogitech Harmony advanced universal remoteNo
ULogitech Harmony Remote Software 7HARMON~1.EXELogitech Harmony Advanced Universal Remote controller softwareNo
ULogitech ImageStudioISStart.exeInstalled with Logitech's ImageStudio webcam software. The exact purpose of this startup entry is unknown at present, with opinions varying from: (i) adding a tray icon when a camera is connected - apparently no longer the case, (ii) repairing a problem with the image gallery and (iii) being required with some versions to take pictures and capture videosYes
ULogitech ImageStudioLogiTray.exeSystem Tray access to ImageStudio, Camera Settings and other features for Logitech's ImageStudio webcam software. Create your own shortcut and run it manually when required unless you use it all the timeYes
ULogitech ImageStudioLVCOMS.EXEEntry added when you install Logitech ImageStudio webcam software. It allows the camera to be accessed by both the Logitech software and (amongst others) NetMeeting and Windows Movie Maker. If you don't use the camera on a daily basis create your own shortcut and run it manually when requiredYes
ULogitech QuickCamCameraAssistant.exeEntry added when you install versions of the Logitech QuickCam webcam software and used to configure and tweak your webcam settings. Includes support for the Quick Assistant - which launches when a video application (such as video conferencing in an instant messaging client) accesses to camera so you can quickly fine tune face tracking and zoom, for example. If you don't use the camera on a daily basis create your own shortcut and run it manually when requiredYes
ULogitech QuickCamISStart.exeInstalled with older versions of Logitech's QuickCam webcam software. The exact purpose of this startup entry is unknown at present, with opinions varying from: (i) adding a tray icon when a camera is connected - apparently no longer the case, (ii) repairing a problem with the image gallery and (iii) being required with some versions to take pictures and capture videosYes
ULogitech QuickCamLogiTray.exeSystem Tray access to My Logitech Pictures, Camera Settings and other features for older versions of Logitech's QuickCam webcam software. Create your own shortcut and run it manually when required unless you use it all the timeYes
ULogitech QuickCamLVCOMS.EXEEntry added when you install older versions of Logitech QuickCam webcam software. It allows the camera to be accessed by both the Logitech software and (amongst others) NetMeeting and Windows Movie Maker. If you don't use the camera on a daily basis create your own shortcut and run it manually when requiredYes
ULogitech QuickCamLVComSX.exeEntry added when you install versions of the Logitech QuickCam webcam software - allows the full camera features (such as face tracking) to be accessed by both the Logitech software and (amongst others) NetMeeting and Windows Movie Maker. If you don't use the camera on a daily basis create your own shortcut and run it manually when requiredYes
NLogitech QuickCamManifestEngine.exeAutomatic updater for versions of Logitech QuickCam webcam software. Check for updates via the System Tray icon - see the LogitechVideoTray entryYes
ULogitech SetPointKEM.exeKeyboard and mouse drivers and utilities for Logitech's latest products - supersedes iTouch and MouseWare on their older products. Required if you use special features such as multimedia keysNo
ULogitech SetPointKHALMNPR.EXEPart of Logitech's SetPoint control software for their range of wired and wireless keyboards and pointing devices (mice, trackballs, etc). When using SetPoint to adjust the mouse sensitivity it is maintained separately from the Windows setting, but is combined with the Windows setting to determine the final sensitivity. For this reason, this entry sets the Windows setting to 0 so it doesn't affect the one you set in SetPoint and then unloads. A separate instance of KHALMNPR.EXE loads via the main Setpoint.exe program to control communication between your radio/bluetooth wireless mouse/keyboard and SetPointYes
ULogitech SetPointSetpoint.exeLogitech SetPoint control software for their range of wired and wireless keyboards and pointing devices (mice, trackballs, etc). Required if you want to use the advanced features or modify the default settings of these devices and located in %ProgramFiles%\Logitech\SetpointYes
ULogitech UtilityLogi_MwX.exeLogitech Mouseware driver. Needed to support some additional functionality of Logitech mice/trackballs such as "SmartMove". If you disable it and find you don't need it leave it disabledYes
NLogitech VidVid.exe"Logitech Vid™ is the fast, free and easy way to make a video call." Available as part of the Logitech Webcam Software or as a separate download. Run it manually when required unless you use it all the timeYes
NLogitech Wakeuplgwakeup.exeLoads at startup and monitors the scanner. When a document is inserted in the scanner the wakeup program feeds the document a fraction of a inch into the scanner and then it launches the control center software. From the control center you can select whether to fax or copy or print the scanned documents. If you uncheck the Logitech wakeup software from the startup it no longer launches the control center or feeds the document a fraction of an inch. You can manually launch the control center software via Start ->Programs and still be able to scan imagesNo
XLogitech Wirelesslogitechwls.exeAdded by the MYTOB-BS WORM!No
ULogitechCameraAssistantCameraAssistant.exeEntry added when you install versions of the Logitech QuickCam webcam software and used to configure and tweak your webcam settings. Includes support for the Quick Assistant - which launches when a video application (such as video conferencing in an instant messaging client) accesses to camera so you can quickly fine tune face tracking and zoom, for example. If you don't use the camera on a daily basis create your own shortcut and run it manually when requiredYes
?LogitechCameraService(E)ElkCtrl.exeEntry added when you install versions of the Logitech QuickCam webcam software. It's exact purpose is unknown at the present timeYes
YLogitechCommunicationsManagerCommunications_Helper.exeEntry added when you install versions of the Logitech QuickCam webcam software. Used to interface your webcam with third party chat and voice programs such as instant messaging clients and Skype. Also, if it's disabled the camera will not work - at least not in the QuickCapture modeYes
NLogitechDesktopMessengerLogitechDesktopMessenger.exeInstalled with the software for Logitech products. Automatically checks for software upgrades and new products, services and special offers from LogitechNo
ULogitechGalleryRepairISStart.exeInstalled with Logitech's ImageStudio webcam software. The exact purpose of this startup entry is unknown at present, with opinions varying from: (i) adding a tray icon when a camera is connected - apparently no longer the case, (ii) repairing a problem with the image gallery and (iii) being required with some versions to take pictures and capture videosYes
ULogitechImageStudioTrayLogiTray.exeSystem Tray access to ImageStudio, Camera Settings and other features for Logitech's ImageStudio webcam software. Create your own shortcut and run it manually when required unless you use it all the timeYes
NLogitechQuickCamRibbonQuickCam10.exeLoads versions of the Logitech QuickCam webcam software and is required to support features such as face tracking. If enabled, System Tray access is also available to the main user interface "ribbon" - otherwise you'll have to use the desktop shortcut or Start menu to display it. Run it manually when required unless you use it all the timeYes
NLogitechQuickCamRibbonLWS.exeLoads versions of the Logitech Webcam Software and is required to support features such as face tracking. If enabled, System Tray access is also available to the main user interface "ribbon" - otherwise you'll have to use the desktop shortcut or Start menu to display it. Run it manually when required unless you use it all the timeYes
NLogitechQuickCamRibbonQuickcam.exeLoads versions of the Logitech QuickCam webcam software and is required to support features such as face tracking. If enabled, System Tray access is also available to the main user interface "ribbon" - otherwise you'll have to use the desktop shortcut or Start menu to display it. Run it manually when required unless you use it all the timeYes
YLogitechRegisterVideoApplicationsInstallHelper.exeEntry added when you install versions of the Logitech QuickCam webcam software and used to register video applications that can use the webcam on the first reboot after installing the softwareYes
XLogitechsLogitechs.exeAdded by the SDBOT.BWE WORM!No
NLogitechSoftwareUpdateManifestEngine.exeAutomatic updater for versions of Logitech QuickCam webcam software. Check for updates via the System Tray icon - see the LogitechVideoTray entryYes
ULogitechVideoRepairISStart.exeInstalled with Logitech's QuickSmart and QuickCam (older versions) webcam software. The exact purpose of this startup entry is unknown at present, with opinions varying from: (i) adding a tray icon when a camera is connected - apparently no longer the case, (ii) repairing a problem with the image gallery and (iii) being required with some versions to take pictures and capture videosYes
ULogitechVideoTrayLogiTray.exeSystem Tray access to My Logitech Pictures, Camera Settings and other features for Logitech's QuickSmart and QuickCam (older versions) webcam software. Create your own shortcut and run it manually when required unless you use it all the timeYes
ULogitechVideo[inspector]InstallHelper.exeEntry added when you install versions of the Logitech QuickCam webcam software and used to monitor and register video applications that can use the webcam. It isn't normally running but you could disable it and re-enable it before you install supported applicationsYes
ULogiTrayLogiTray.exeSystem Tray access to My Logitech Pictures, Camera Settings and other features for Logitech's QuickSmart, ImageStudio and QuickCam (older versions) webcam software. Create your own shortcut and run it manually when required unless you use it all the timeYes
ULogi_MwXLogi_MwX.exeLogitech Mouseware driver. Needed to support some additional functionality of Logitech mice/trackballs such as "SmartMove". If you disable it and find you don't need it leave it disabledYes
ULogMeIn GUILogMeInSystray.exeRemotelyAnywhere is a remote administration and remote control solution for Windows. It allows access to the host computer via the network (the LAN, an intranet or the Internet) - and on the client side all you need is a web browser, a terminal emulator or a WAP-enabled phoneNo
ULogMeIn GUIragui.exeRemotelyAnywhere is a remote administration and remote control solution for Windows. It allows access to the host computer via the network (the LAN, an intranet or the Internet) - and on the client side all you need is a web browser, a terminal emulator or a WAP-enabled phoneNo
XLogo[path to trojan]Added by the DLOADER-RH TROJAN!No
YLogoffSCTUINotify.exePart of Windows SteadyState, which is designed to make life easier for people who set up and maintain shared computers - enabling the system administrator to prevent users from making changes to the system configuration, windows desktop, restricting program access, etc. It's intended for shared user environments such as internet cafés, libraries and schools but can be used in any environment. This entry displays the timeout messages on the restricted computer/account - which warns users how long they have until automatic log-off when they log-in and when there are only 2 minutes leftYes
ULogon LoaderLogonLoader.exeLogon Loader - customize boot & login screensNo
ULogon Loader RandomLogonLoader.exeLogon Loader - customize boot & login screensNo
XLogon<user>CSRSS.EXEAdded by the BRONTOK-BH WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in Documents and Settings\<User>\Local Settings\Application Data\WINDOWSNo
XLogon.exelogon.exeAdded by the ZINS.A TROJAN!No
XLogonAdministratorimoet.exeAdded by the RAHIWI.A WORM!No
XLogonAdministratorCSRSS.EXEAdded by the KORRON.B WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in Documents and Settings\<User>\Local Settings\Application Data\WINDOWSNo
ULogOnHookLogOnHook.exePart of McAfee Data Backup (now Online Backup) - which "takes the hassle out of manually backing up all of your valuable digital files - from Microsoft Outlook email and contacts to treasured family photos". Available as a stand-alone product or included in Internet Security and Total Protection. The exact purpose of this entry is unknown at present but it unloads after startupYes
XLogonrepclient1CSRSS.EXEAdded by the BRONTOK-BT WORM and variants! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in Documents and Settings\<User>\Local Settings\Application Data\WINDOWSNo
XLogonsaracsrss.exeAdded by the BRONTOK-BS WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in Documents and Settings\<User>\Local Settings\Application Data\WINDOWSNo
ULogonStudiologonstudio.exeWinCustomize LogonStudio - "Allows Windows XP users to edit, change, and apply new logon screens. LogonStudio comes built with a visual editor to make it easy to create your own logons which can then be uploaded to websites to be used by others users"No
XlogonUiInitRundll32.exe rgtndz.dllIdentified as a variant of the Trojan-Clicker.Win32.Agent.bqy malware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "rgtndz.dll" file is found in %System%No
XLogServicewincalc.exeAdded by the PAPROXY TROJAN!No
XLogServicelsass.exeAdded by the BDOOR-IU BACKDOOR! Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
XLogServicelsrss.exeAdded by the PAPROXY-D TROJAN!No
ULogServiceLogService.exeSmartKeylogger keystroke logger/monitoring program - remove unless you installed it yourself!No
ULogWatchlogwat95.exeLicensing patch for products installed on NT by Computer Associates such as eTrust. Detects and updates old versions of lic98.dll. Not required if you already have a newer version or the patch has been appliedNo
Xlololol_hideme_imhiddenlololol.exeAdded by the HIDEME-A TROJAN!No
XlongosWIWT.EXEAdded by the BANKER-CD TROJAN!No
YLook 'n' Stoplooknstop.exeLook 'n' Stop personal firewallNo
NLookNMeetAgent.exeLooknMeet dating serviceNo
XLookup_Syslookupsys.exeP04n trojanNo
XLosMejoresMP3rundll32.exe MSA64CHK.dll,DllMostrarMatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
XLotsOfGamesrundll32.exe MSA64CHK.dll,DllMostrarMatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
XLotsOfJokesrundll32.exe MSA64CHK.dll,DllMostrarMatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
NLotus Organizer EasyClipeasyclip.exe"The Easy Clip icon automates the collection of information from sources such as e-mail to create an Organizer address, appointment, task or Notepad page." Available via Start -> ProgramsNo
NLotus QuickStartsmartctr.exeLotus central application, called SmartCenter, which runs on the Windows desktop. SmartCenter toolbar stretches across the top or, optionally, the bottom of the screen. Uses a lot of resources. Available via Start -> ProgramsNo
ULotus SuiteStartsuitest.exePuts the individual Lotus components in the system tray taskbar when you start Windows. Can be disabled via MSCONFIG -> Startup as "Lotus SuiteStart 97 Edition". All individual components available via Start -> ProgramsNo
XLotusHlpLotusHlp.exeAdded by the WINKO.AO WORM!No
XLOVELOVE.EXEAdded by the VB-ZQ TROJAN!No
XLoveHebeAvistaAA.exeAdded by the LOZAVITA TROJAN!No
NLowRateVoipLowRateVoip.exeLowRateVoip - free internet telephony utility using the VoIP (Voice over Internet Protocol). Call online friends for free and regular phones either for free (limited use) or low rates. One of a number provided by Betamax - the others generally have different rate plans. Similar to the more popular SkypeYes
XLowRiskFileTypessysguard.exeAdded by the FAKEAV-UY TROJAN!No
XLowVersionSupport[filename]Added by the LASTRAS TROJAN!No
ULPMailCheckerLPMLCHK.exePart of Lenovo's ThinkVantage® Productivity Center on their ThinkPad notebooks or ThinkCentre desktops. Checks for incoming e-mail and blinks the ThinkVantage button LEDNo
ULPManagerLPMGR.exePart of Lenovo's (was IBM) ThinkVantage Productivity Center - "guides you to a host of information and tools to help you set up, understand, maintain, and enhance your ThinkPad® notebook or ThinkCentre® desktop"No
XLprLpr123.exeAdded by the REMPSTEAL password stealer TROJAN!No
XLpr123Lpr123.exeAdded by the REMPSTEAL password stealer TROJAN!No
ULPSLps.exeLocal Port Scanner - "With LPS you're able to check your computer for open or listening ports"No
ULPtasklptask.exeProgram Lock It And Protect Pro - lock and protect your folders from being opened, moved or deletedNo
XLRBZ Utility 32lrbz32.exeAdded by the AGOBOT-JQ WORM!No
NLS120 Superdisk??Supposed to accelerate transfer rate on LS-120, contributes to system lockupsNo
XLSAwfdmgr.exeAdded by the MYTOB.C WORM!No
XLSAlsa.exeAdded by the SDBOT-YV WORM!No
XLSAmsdn.exeAdded by an unidentified malwareNo
XLSA ServiceLSASS.exeAdded by the AHKER.G WORM! Note - this is not the legitimate lsass.exe process, which should not appear in Msconfig/Startup!No
Xlsa Serviceslsa2srv.exeAdded by the TAME-C WORM!No
XLSA Shell (Export Version)LSASS.exeAdded by the AHKER.K WORM and variants. Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
XLSA Shellulsass.exeAdded by the AUTORUN-CW WORM! Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %UserProfile%No
XLSAgentlsass.exeAdded by the AUTORUN-APL WORM! Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
XLsaManagerlsamgr.exeAdded by the BEAGLE.DR WORM!No
Xlsaslsas.exeAdded by the BIGFAIRY-C WORM!No
XLSAShelllsass.exeAdded by the DAPROSY WORM! Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
Xlsasslsass.exeAdded by the RATSOU.B TROJAN! Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\Debug\UserModeNo
Xlsassstart.batAdded by the ZCREW TROJAN!No
Xlsass[path to lsass.exe]Added by the ALADINZ.F TROJAN! Note - this is not the legitimate lasss.exe process which should NOT appear in Msconfig/Startup!No
Xlsasslsasrv.exeAdded by the MYDOOM.AG or MYDOOM.AS or MYDOOM.AU WORMS!No
XLsasswoekd.exeAdded by an unidentified WORM or TROJAN!No
Xlsasselite***32.exeEliteBar adwareNo
XLsassLsass.exeAdded by the ALCOP-B WORM! Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
XLsassLsass.exeAdded by the VOUMIT-A WORM! Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Root%\mirc32No
XLsasSSygate.exeAdded by the SDBOT.BCA WORM!No
XLsasskavmm.exeAdded by an unidentified WORM or TROJAN! NOTE - do NOT confuse with the legitimate Kaspersky antivirus module as described here. Contrary to this impostor, the legitimate file will always be located in the Kaspersky Lab folder in Program FilesNo
XLsassLSASS.EXEAdded by the PUNYA-B WORM! Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %AppData%No
XLSASS 32ISASS32.pifAdded by the ASSIRAL-C WORM!No
XLsass 32 Managerlsass32.exeAdded by the SDBOT.EOG WORM!No
Xlsass 32-biTlsass32.exeAdded by the RBOT.QGC WORM!No
XLSASS Authoritylshosts32.exeAdded by the SDBOT-UY TROJAN!No
XLSASS Authoritylsvhosts.exeAdded by the SDBOT.BCE WORM!No
XLSASS DaemonLSASSd.exeAdded by a variant of the AGOBOT/GAOBOT WORM!No
Xlsass servicelsass2.exeAdded by a variant of the AGOBOT/GAOBOT WORM!No
Xlsass16lsass16.exeAdded by the BANKER-BXX TROJAN!No
Xlsass2k Updatelsass2k.exeAdded by a variant of the RBOT WORM!No
XLSASS32Isass32.exeAdded by the KELVIR.M WORM!No
Xlsass32lsass32.exeAdded by the LYDRA-B TROJAN!No
Xlsass64BiT.exelsass64BiT.exeAdded by the FORBOT-CK WORM!No
Xlsassiglsassig.exeAdded by the BANCOS-EC TROJAN!No
Xlsassslsasss.exeAdded by the GEEKMY-A TROJAN!No
Xlsasss.exelsasss.exeAdded by the SASSER.E WORM!No
Ylsburnwatcherlsburnwatcher.exeHP software which helps one create labels after a music CD is burned using LightScribe discs. If you want to use LightScribe labeling, do not prevent from startingNo
YLSBWatcherlsburnwatcher.exeHP software which helps one create labels after a music CD is burned using LightScribe discs. If you want to use LightScribe labeling, do not prevent from startingNo
Xlsesslsess.exeAdded by the SINNAKA.A WORM!No
Xlsmasslsmass.exeAdded by the WALLOP-B TROJAN!No
Xlsmss.exelsmss.exeAdded by the PROXY-GG TROJAN!No
ULSPFixLSPmonitor.exeeAcceleration Stop-Sign security software related. Previously not recommended, see hereNo
Xlspinsigps.exeDetected by Kaspersky as the VB.KC TROJAN!No
ULSPmonitorLSPmonitor.exeeAcceleration Stop-Sign security software related. Previously not recommended, see hereNo
Xlssaslssas.exeAdded by the AUTORUN.CEY WORM!No
XLssas Monitoring StartupLSSAS.EXEAdded by the RBOT.XJ WORM!No
Xlssasslssas.exeAdded by the AGOBOT.RL WORM!No
XLSvrLSvr.exePowerStrip foistware. Note - this is not the same as the video tweaking utility of the same name hereNo
YLT DAEMONltdaemon.exeActs as a data spooler for the DSL modem (similar to a cache). Do not uncheck if the DSL modem is being usedNo
XLTCISIltcisi.exeAdded by the DELBOT-AP WORM!No
XLTCISIrckit.exeAdded by the IRCBOT-YJ BACKDOOR!No
ULtcyCfgApplyLtcyCfg.exePCI Latency Tool - "Utility to set PCI Latency and possibly prevent game stutter or improve FPS" for older AGP/PCI graphics cardsNo
XLTDMgrLTDMgr.exePowerStrip foistware. Note - this is not the same as the video tweaking utility of the same name hereNo
XLthodees.exePurityScan adwareNo
XLTM2MSGSRV32.EXEAdded by the LITMUS.A BACKDOOR! Note - this is not the legitimate msgsvr32.exe process on a Win9x/Me system which should not appear in MSConfig/startup! This one is located in %Windir%\LitmusNo
XLTM2MPGSRV32.EXEAdded by the LITMUS.201 TROJAN!No
XLTM2MSGSRV320.EXEAdded by the LITMUS.C TROJAN!No
XLTM2winupdate.exeAdded by the LITMUS.203 TROJAN!No
XLTM2bible.exeAdded by the LITMUS.203 TROJAN! No
XLTM2winscan.exeAdded by the LITMUS-B TROJAN!No
XLTM2lssas.exeAdded by a variant of the LITMUS TROJAN!No
XLTM2MSGSSV32.EXEAdded by the FC.C TROJAN!No
XLTM2msns6Added by the LITMUS.C TROJAN!No
XLTM2RundlI.exeAdded by the MULTIDRP.BG TROJAN!No
XLTM2SVCHOST32.exeAdded by the LITMUS.203B TROJAN!No
XLTM2SVCHOSTÿ.exeAdded by the DROPPERFL.A TROJAN!No
XLTM2winvers16.exeAdded by the SMALL.ND TROJAN!No
ULtMohLtmoh.exeModem On Hold utility - manages incoming/outgoing voice calls on a single phone line while being connected to the internetNo
YLTMSGltmsg.exeLucent Technologies (now Alcatel-Lucent) WinModem - which uses software rather than hardware, hence putting additional load on the CPU. Needed if you have it for loading the drivers. Popular before the advent of high-speed broadband and still used where broadband isn't available. See here for more WinModem informationNo
YLto ManagerDesktopLtoManager.exeRelated to Global Positioning System (GPS) found on HP iPAQ hw6500 unit and others No
NLTSMMSGLTSMMSG.exeLucent Tech. Soft Modem Messaging application - may be found on Fujitsu Lifebook, Acer and Sony Vaio notebooks, maybe others tooNo
XLTSMSGShell32.exeAdded by the LEMIR.B TROJAN!No
Xltssvcrundll32.exe ltssvc.dll,startAdded by the AKBOT-AG WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "ltssvc.dll" file is found in %System%No
XLTT2rundll32.exeAdded by the LINEAGE-BI TROJAN!No
YLTWinModem1ltmsg.exeLucent Technologies (now Alcatel-Lucent) WinModem - which uses software rather than hardware, hence putting additional load on the CPU. Needed if you have it for loading the drivers. Popular before the advent of high-speed broadband and still used where broadband isn't available. See here for more WinModem informationNo
Xltwobformatsys.exeAdded by the SERFLOG.A WORM!No
Xltwobmsmbw.exeAdded by the SERFLOG.A WORM!No
Xltwobserbw.exeAdded by the SERFLOG.A WORM!No
Xluacailuacai.exeAdded by the AUTOINF-AK WORM!No
YLUCENT TECHNOLOGIES ltmsgltmsg.exeLucent Technologies (now Alcatel-Lucent) WinModem - which uses software rather than hardware, hence putting additional load on the CPU. Needed if you have it for loading the drivers. Popular before the advent of high-speed broadband and still used where broadband isn't available. See here for more WinModem informationNo
XLucky charms CDmylcuky.exeAdded by the SDBOT-SP WORM!No
ULUGuardLUGuard.exePC-Duo Remote Control enables your help desk technicians to take instant control of any remote desktop PC at any location across the LAN, WAN or internetNo
Xluplup.exeAdded by the IRCBOT_GEN WORM! No
YLusetupLUSetup.exeSymantec LiveUpdate installer - required to install a new version of the application. Will only run once, and the entry is automatically deleted after a rebootNo
ULVCOMSLVCOMS.EXEEntry added when you install Logitech's ClickSmart, ImageStudio and QuickCam (older versions) webcam software. It allows the camera to be accessed by both the Logitech software and (amongst others) NetMeeting and Windows Movie Maker. If you don't use the camera on a daily basis create your own shortcut and run it manually when requiredYes
ULVCOMSXLVComSX.exeEntry added when you install versions of the Logitech QuickCam webcam software - allows the full camera features (such as face tracking) to be accessed by both the Logitech software and (amongst others) NetMeeting and Windows Movie Maker. If you don't use the camera on a daily basis create your own shortcut and run it manually when requiredYes
ULWBKEYBOARDKbdAp32A.exeKeyboard utility for a Labtec brand (and possibly others) keyboard. If you disable this entry you will not be able to use any of the keyboard hotkeys or other non-standard functions on the keyboardNo
ULWBMOUSElwbwheel.exeMouse driver - required if you use non-standard Windows driver featuresNo
ULWBMOUSEMOUSE32A.EXEMouse utility for a Lenovo brand (and possibly others) mouse. If you disable this entry you will not be able to use any of the non-standard functions of the mouseNo
NLWEMonLWEMon.exePart of Logitech Gaming Software (formerly Wingman Software) for their range of game controllers. Starts the profiler (button configuration) and loads the last used profile at start-up - including System Tray access. Unless you're a hard-core gamer it's best to leave it disabled and load when neededYes
NLwinst Run Profilerlwtest.exeLogitech Wingman Profiler for the Logitech joysticks. Available via Start -> ProgramsNo
Xlwjcjuti.exelwjcjuti.exeAdded by the DWNLDR-GTQ TROJAN!No
NLWSLWS.exeLoads versions of the Logitech Webcam Software and is required to support features such as face tracking. If enabled, System Tray access is also available to the main user interface "ribbon" - otherwise you'll have to use the desktop shortcut or Start menu to display it. Run it manually when required unless you use it all the timeYes
NLWS.exeLWS.exeLoads versions of the Logitech Webcam Software and is required to support features such as face tracking. If enabled, System Tray access is also available to the main user interface "ribbon" - otherwise you'll have to use the desktop shortcut or Start menu to display it. Run it manually when required unless you use it all the timeYes
Ylxamsp32lxamsp32.exeLexmark Scan and Copy Control Program for the X63 (and maybe others) printer/scanner. Required for the scanner to workNo
?LXbbmgrLXbbmgr.exeLexmark printer button manager? Is it required?No
?LXBLKskLXBLKsk.exeLexmark related. What does it do, and is it required?No
Ulxbrbmgrlxbrbmgr.exe"Lexmark Scan & Copy Control Program" for the Lexmark 3100 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etcNo
?LXBRKskLXBRKsk.exeLexmark printer related. What does it do and is it required? No
YLXBSCATSrundll32 [path] LXBStime.dll, _RunDLLEntry@16Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)No
YLXBTCATSrundll32 [path] LXBTtime.dll, _RunDLLEntry@16Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)No
Nlxbtmon.exelxbtmon.exeLexmark 5200 Series printer device monitorNo
YLXBUCATSrundll32 [path] LXBUtime.dll, _RunDLLEntry@16Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)No
Ulxbumon.exelxbumon.exeLexmark 6200 Series printer device monitorNo
YLXBXCATSrundll32 [path] LXBXtime.dll, _RunDLLEntry@16Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)No
Ulxbxmon.exelxbxmon.exeLexmark 7100 Series printer device monitorNo
YLXBYCATSrundll32 [path] LXBYtime.dll, _RunDLLEntry@16Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)No
Ulxbymon.exelxbymon.exeLexmark P910 Series printer device monitorNo
YLXCCCATSrundll32 [path] LXCCtime.dll, _RunDLLEntry@16Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)No
Ulxccmon.exelxccmon.exeLexmark 3300 Series printer device monitorNo
ULXCDCATSrundll32 [path] LXCDtime.dll, _RunDLLEntry@16Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)No
Nlxcdmon.exelxcdmon.exeLexmark 6300 Series printer device monitorNo
YLXCECATSrundll32 [path] LXCEtime.dll, _RunDLLEntry@16Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)No
Nlxcemon.exelxcemon.exeLexmark 4300 Series printer device monitorNo
YLXCFCATSrundll32 [path] LXCFtime.dll, _RunDLLEntry@16Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)No
YLXCGCATSrundll32 [path] LXCGtime.dll, _RunDLLEntry@16Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)No
Ulxcgmon.exelxcgmon.exeLexmark 2300 Series printer device monitorNo
YLXCJCATSrundll32 [path] LXCJtime.dll, _RunDLLEntry@16Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)No
Nlxcjmon.exelxcjmon.exeLexmark 8300 Series printer device monitorNo
YLXCQCATSrundll32 [path] LXCQtime.dll, _RunDLLEntry@16Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)No
Ulxcqmon.exelxcqmon.exeLexmark 9300 Series printer device monitorNo
YLXCRCATSrundll32 [path] LXCRtime.dll, _RunDLLEntry@16Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)No
Ulxcrmon.exelxcrmon.exeLexmark 2400 Series printer device monitorNo
YLXCTCATSrundll32 [path] LXCTtime.dll, _RunDLLEntry@16Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)No
Ulxctmon.exelxctmon.exeLexmark 5400 Series printer device monitorNo
YLXCYCATSrundll32 [path] LXCYtime.dll, _RunDLLEntry@16Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)No
Ulxcymon.exelxcymon.exeLexmark 3400 Series printer device monitorNo
YLXDBCATSrundll32 [path] LXDBtime.dll, _RunDLLEntry@16Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)No
Ulxdcamonlxdcamon.exeLexmark 1300 Series printer device monitorNo
YLXDCCATSrundll32 [path] LXDCtime.dll, _RunDLLEntry@16Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more detailsNo
Ulxdcmon.exelxdcmon.exeLexmark 1300 Series printer device monitorNo
Ulxddamonlxddamon.exeLexmark 2500 Series printer device monitorNo
YLXDDCATSrundll32 [path] LXDDtime.dll, _RunDLLEntry@16Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)No
Ulxddmon.exelxddmon.exeLexmark 2500 Series printer device monitorNo
Ulxdfamonlxdfamon.exeLexmark 6500 Series printer device monitorNo
Ulxdfmon.exelxdfmon.exeLexmark 6500 Series printer device monitorNo
Ulxdiamonlxdiamon.exeLexmark 3500-4500 Series printer device monitorNo
YLXDICATSrundll32 [path] LXDItime.dll, _RunDLLEntry@16Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)No
Ulxdimon.exelxdimon.exeLexmark 3500-4500 Series printer device monitorNo
Ulxdjamonlxdjamon.exeLexmark 1400 Series printer device monitorNo
ULXDJCATSrundll32 [path] LXDJtime.dll, _RunDLLEntry@16Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)No
Ulxdjmon.exelxdjmon.exeLexmark 1400 Series printer device monitorNo
Ulxdmamonlxdmamon.exeLexmark 5000 Series printer device monitorNo
Ulxdmmon.exelxdmmon.exeLexmark 5000 Series printer device monitorNo
Ulxdvamonlxdvamon.exeLexmark X5400 Series printer device monitorNo
Ulxdvmon.exelxdvmon.exeLexmark X5400 Series printer device monitorNo
Ulxdwamonlxdwamon.exeLexmark 7600 Series printer device monitorNo
Ulxdwmon.exelxdwmon.exeLexmark 7600 Series printer device monitorNo
NLXSUPMONLXSUPMON.EXELexmark printer related. The printer should work fine without it but what does it do?No
ULycosarazerhid.exeRazer Lycosa gaming keyboard driver - required if you use the additional features and programmed keys/macrosNo
?lycosInsideLyc_SysTray.exeLycos eMail related - what does it do and is it required?No
ULyraHD2TrayAppLYRAHD2TrayApp.exeRelated to RCA Lyra MP3 PlayerNo
XLzioMediaUpdaterLzioMediaUpdater.exeLZIO.com adware downloaderNo
?M Player Post Installerpostinstallm.exe??No
XM S DVD DirectX Dll Driversmsxdl.exeAdded by the SDBOT-BJN WORM!No
NM-Audio Delta Taskbar IconDeltTray.exeM-Audio Delta Control Panel for M-Audio brand Delta series audio cards. System Tray access to audio settings - available through Control Panel No
UM-Audio MobilePre Control Panel LauncherMPTask.exeControl Panel Launcher for MobilePre USB bus-powered preamp and audio interface from M-AudioNo
UM-Audio Taskbar IconDeltaIITray.exeSystem Tray access to the Delta Control Panel for the M-Audio Delta series of PCI audio cardsNo
XM-soft OfficeM-soft Office.htaHTA file which creates an executable on the hard drive which subsequently proceeds to download files from a malware site!No
XM1cr0s0ft S3rcuritysystemconfig.exeAdded by the RBOT.BKB WORM!No
XM1cr0s0ft Upd4t4zSupdate32.exeAdded by the RBOT-MI WORM! No
Xm32infom32info.exeAdded by the CRYPTER.A TROJAN!No
XM3Development_WhenUSave_InstallerM3Development_WhenUSave_Installer.exeWhenU.Save adwareNo
NM3Traym3tray.exeMovielink - internet movie rental System Tray accessNo
Xm66mlr66.exeAdded by the AGENT-ACR TROJAN!No
UMAAgentMAAgent.exeRelated to MarkAny - a solution to prevent is unauthorized distribution of information through Floppy, CD, email, etcNo
XMabochine Deybug Malnagerkdm.exeAdded by the SDBOT-SD WORM!No
UMacDriveMacDrive.exeMacDrive 7 & MacDrive 6 CrossStripe Edition from Mediafour Corporation - "a perfect way to share files between Mac OS and Windows." Version 6 is not Vista compatible but doesn "include support for striped Mac arrays created with ATTO ExpressStripe software." No
UMacDrive applicationMacDrive.exeMacDrive 7 from Mediafour Corporation - "enables anyone using Windows Vista, XP, and 2003 Server to seamlessly access Mac disks (HFS/HFS+) of all types, including CDs, DVDs, hard drives, floppy, Zip, Jaz, and more!"No
?MacDrive7.0.4TimeOutPatchTimeOutPatch.EXEPart of MacDrive 7 from Mediafour Corporation - "enables anyone using Windows Vista, XP, and 2003 Server to seamlessly access Mac disks (HFS/HFS+) of all types, including CDs, DVDs, hard drives, floppy, Zip, Jaz, and more!" Interim patch for an older version? Is it no longer required?No
XMacfee Security PatchMpfsheild.exeAdded by the RBOT-NP WORM! No
UMachine Debug ManagerMDM.EXEUsed by developers for debugging and is a component of several MS products including Office and Visual Studio. Those who have encountered it have unchecked it with no degradation in performance. It may cause your computer to "hang" if you have Visual Studio installed and this disabled because it appears to take over error handling - hence the U recommendation. For this entry it loads under the "RunServices" key in Me (located in C:\WINDOWS\SYSTEM). It also loads a service in XP/Vista (located in %ProgramFiles%\Common Files\Microsoft Shared\VS7Debug)No
XMachine Debug Managermsdn.exeAdded by a variant of the RBOT WORM!No
XMachine Debug Managermdm.exeAdded by the SDBOT-APE WORM! Note - this is not the legitimate Machine Debug Manager (mdm.exe) process which is located in %ProgramFiles%\Common Files\Microsoft Shared\VS7Debug (98/Me/XP/Vista) or %System% (Me only). This one is located in %Windir%No
XMachine Debug Managermdms.exeAdded by the SDBOT-CH WORM!No
XMachine Update Softwusas.exeAdded by an unidfentified WORM! No
XMachine Works, Inc.aecces.exeAdded by the VB-ELW TROJAN!No
Xmachine-debuggerWMIPRVSW.exeAdded by the AGOBOT.WW WORM!No
Xmachine-debuggermdmsv.exeAdded by the AGOBOT-BR WORM!No
XMachineTestCMagesta.exeAdded by the SDBOT-NE WORM!No
Xmackfy.exemsms.exeAdded by the SDBOT-DID WORM!No
NMacLicMacLic.exePart of Conversions Plus from DataViz - allowing PC and MAC owners to share disksNo
NMacLicenseMacLic.exePart of Conversions Plus from DataViz - allowing PC and MAC owners to share disksNo
NMacNameMacName.exePart of Conversions Plus from DataViz - allowing PC and MAC owners to share disksNo
XMacromedia 8Flash Player.exeAdded by the JAMBU-A WORM!No
XMacromedia Critical Updaterrarww.exeAdded by a variant of the RBOT WORM!No
XMacromedia Dreamweaver XMmacdwXM.exeAdded by the AGOBOT-RI WORM!No
XMacromedia DriveIexplor32.exeAdded by a variant of the RBOT WORM!No
XMacromedia Flash Updatescvhost.exeAdded by a variant of the RBOT WORM!No
UMacroPhonemacrophone.exeMacroPhone is a network based telephony application that "allows you to handle server based voice mail and fax functions for all users in your company" and "offers many related functions, like caller id display, call logging, call notification, mobil short message sending and flexible user rights management"Yes
UMacroPhone Clientmacrophone.exeMacroPhone is a network based telephony application that "allows you to handle server based voice mail and fax functions for all users in your company" and "offers many related functions, like caller id display, call logging, call notification, mobil short message sending and flexible user rights management"Yes
NMacrovision Update Serviceissch.exeInstallShield is used by a number of software producers to install their programs and manage software updates. This entry runs scheduled searches for and performs any updates to supported installed software so you're always working with the most current version. Manually check for software updates for installed programs on a regular basisYes
NMacrovision Update ServiceISUSPM.exeInstallShield is used by a number of software producers to install their programs and manage software updates. This entry searches for and performs any updates to supported installed software so you're always working with the most current version. Manually check for software updates for installed programs on a regular basisYes
UMACVNTFYMACVNTFY.EXEPart of MacDrive 6 CrossStripe Edition from Mediafour Corporation - "a perfect way to share files between Mac OS and Windows." Unlike the standard version of MacDrive 7, this version is not Vista compatible but does "include support for striped Mac arrays created with ATTO ExpressStripe software." No
YMAD.EXEMAD.EXEMAD.exe is the MS Exchange 5.5 System Attendant and can also consume a large amount of resources - resolved by the latest Exchange 5.5 Service Pack. Also part of Exchange 2000 Server but does it have the same problems?. Apparently you need to leave this running but is it needed at start-up?No
NMadExeLaunchRA.exePart of Dell Resolution Assistant - "a diagnostic program that allows you to contact Dell. When factory-installed by Dell, it allowed you to perform hardware and software diagnostics that provided alerts to potential problems and enabled real-time communication with Dell RA techs. You can now use RA only to contact Dell by e-mail"No
UMAFWTaskbarAppMAFWTray.exeDrivers for the M-Audio Firewire Audiophile - InterfaceNo
UMagenticMagentic.exeMagentic by Incredimail - wallpaper/screensaver managerNo
NMagicalUnInstallMagicalUnInstall.exeAshampoo® Magical UnInstall from Ashampoo GmbH & Co. KG - which monitors each new program installation, saving a log of the current configuration and using this as a reference to completely uninstall it if you chose to do so at a later dateYes
XMagicantispyMagicantispy.exeMagicantispy rogue spyware remover - not recommended, removal instructions hereNo
UMagicDiscMagicDisc.exeMagicISO - "very helpful utility designed for creating and managing virtual CD drives and CD/DVD discs"No
UMagicDskMAGICDSK.EXEMagic DeskTop is a small and novel utility which will allow you the option of hiding or showing your desktop iconsNo
UMagicFormationMagicFormation.exeMagicFormation from Tokyo Downstairs - a docking program that allows you to group icons in a ring anywhere on the desktop using mouse gestures to access things like My Documents, Notepad and Calculator. This entry appears when you select "Regist to startup" from the optionsYes
UMagicFormation.exeMagicFormation.exeMagicFormation from Tokyo Downstairs - a docking program that allows you to group icons in a ring anywhere on the desktop using mouse gestures to access things like My Documents, Notepad and Calculator. This entry appears when you select "Regist to startup" from the optionsYes
UMagicKeyboardPreMKBD.exeRelated to Samsung laptops. Provides ability to program keys to perform specific functionsNo
UMagicLinker3MagicLnk.exeThaiSoftware Thai DictionaryNo
NMagitimeMagitime.exeMagitime - connection tracking utility which monitors online time, expense, data transferNo
NMagUninstallMagicalUnInstall.exeAshampoo® Magical UnInstall from Ashampoo GmbH & Co. KG - which monitors each new program installation, saving a log of the current configuration and using this as a reference to completely uninstall it if you chose to do so at a later dateYes
Xmahmudmahmud.exeAdded by a variant of the Storm/Nuwar/Zhelatin WORM! See here for an exampleNo
UMail.commcalert.exeSystem Tray notification for new email from the Mail.com free web-mail serviceNo
UMailBellmailbell.exeMailBell "notifies you about new email without interrupting you when you type or work with the mouse in other programs"Yes
Umailbell.exemailbell.exeMailBell "notifies you about new email without interrupting you when you type or work with the mouse in other programs"Yes
XMailBlocker[path to trojan]Added by the AGENT-LRJ TROJAN!No
UMailbox Verifiermboxvrfy.exeMailbox Verifier (MV) is free software that will notify you about new messages arrived to your mailbox. Only works with POP3 mailboxes (not web-mail based systems). You should be able to set your mail system to check all accounts at regular intervals anyway if you prefer (in Outlook for instance)No
UMailCleanerMAILCLEANER.EXEMailCleaner "protect your computer from viruses sent to your machine via the popular e-Mail reader Incredimail. In addition the program will check all incoming files downloaded by Internet Explorer, Netscape Navigator, ICQ and iMesh". Not recommended as it bundles GAIN adware. Please note that Claria Corporation no longer support GAIN-Supported software - see hereNo
Xmailman.exemailman.exeAdded by the CERTIF-E TROJAN!No
YMailScan DispatcherLaunch.exeMicroWorld MailScan Dispatcher splits each e-mail message into various components such as the header, body and attachment. Compressed formats (ZIP, ARJ, etc.) are scanned for viruses and cleanedNo
XMailSkinnermailskinner.exeMailSkinner - an application by Electronic Group , notorious for its premium rate "drive by" installed adult content dialers (see here)No
UMailWasherProMAILWA~1.EXEMailWasher Pro anti-spam from FireTrustYes
UMailWasherProMailWasherPro.exeMailWasher Pro anti-spam from FireTrustYes
UMailWasherProMailWasher.exeMailWasher Pro anti-spam from FireTrustNo
XMail_CheckMail_Check.exeAdded by the PANOIL.C WORM!No
UMAINmain.exeSpyCop surveillance software detection - checks to see when your machine was last scanned and if it was more than a week asks if you want to scanNo
?Main Executable (HP)HP05T0R5.exeHP (Hewlett-Packard) related. Maybe related to printers. Now - what does it do?No
Xmain16main16.exeAdded by the CRYPTER.A TROJAN!No
Xmain32main32.exeAdded by the CRYPTER.A TROJAN!No
XMainDownloadsrundll32.exe MSA64CHK.dll,DllMostrarMatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
XMainStartsvcmfte32.exeAdded by the STINX-A TROJAN!No
Xmainviewexmainviewex.exeAdded by the GEMA.D TROJAN!No
Xmain_moduledrvmmx32.exeAdded by the DILA TROJAN!No
XMajor Microsoft Windows Driver Boot loaderbpool.exeAdded by the MYTOB.AJ WORM!No
XMalware Catcher 2009MCatcher.exeMalware Catcher 2009 rogue security software - not recommended, removal instructions hereNo
XMalware Cleaner[random numbers].exeMalware Cleaner rogue security software - not recommended, removal instructions hereNo
XMalware Defensemdefense.exeMalware Defense rogue security software - not recommended, removal instructions hereNo
XMalware Destructor 2009MD345d.exeMalware Destructor 2009 rogue security software - not recommended, removal instructions hereNo
XMalware ScannerMalScr.exeMalware Scanner rogue security software - not recommended, removal instructions hereNo
UMalware SweeperMalSwep.exeMalware Sweeper - "Protects the user from malicious malware and monitors the sanity of the running programs" No
XMalware-WipeMalware-Wipe.exeMalwareWipe rogue security software variant - not recommended, removal instructions hereNo
XMalware-WipedMalware-Wiped.exeMalwareWipe rogue security software variant - not recommended, removal instructions hereNo
XMalwareAlarmMalwareAlarm.exeMalwareAlarm rogue security software - not recommended, removal instructions hereNo
XMalwareBotMalwareBot.exeMalwareBot rogue security software - not recommended, removal instructions hereNo
XMalwareBurn 6.9MalwareBurn 6.9.exeMalwareBurn rogue security software - not recommended, removal instructions hereNo
XMalwareBurn 7.0MalwareBurn 7.0.exeMalwareBurn rogue security software - not recommended, removal instructions hereNo
XMalwareBurn 7.1MalwareBurn 7.1.exeMalwareBurn rogue security software - not recommended, removal instructions hereNo
XMalwareBurn 7.2MalwareBurn 7.2.exeMalwareBurn rogue security software - not recommended, removal instructions hereNo
XMalwareBurn 7.3MalwareBurn 7.3.exeMalwareBurn rogue security software - not recommended, removal instructions hereNo
YMalwarebytes' Anti-Malwarembamgui.exeSystem tray access to and realtime protection agent for the registered version of MalwareBytes' Anti-Malware - which is "considered to be the next step in the detection and removal of malware. In our product we have compiled a number of new technologies that are designed to quickly detect, destroy, and prevent malware." This entry also appears under the HKLM\RunOnce registry key during installationYes
YMalwarebytes' RogueRemover PRORogueRemoverPRO.exePart of Malwarebytes' RogueRemover PRO - the realtime "RogueMonitor will alert you before you download a rogue application keeping you safe and secure before trouble occurs." Now discontinued and the funtionality is included in Malwarebytes' Anti-MalwareYes
XMalwareCore 7.3MalwareCore 7.3.exeMalwareCore rogue security software - not recommended, removal instructions hereNo
XMalwareCore 7.4MalwareCore 7.4.exeMalwareCore rogue security software - not recommended, removal instructions hereNo
XMalwareCrushMalwareCrush.exeMalwareCrush rogue security software - not recommended, removal instructions hereNo
Xmalwaredefmalwaredef.exeMalware Defender 2009 rogue security software - not recommended, removal instructions hereNo
XMalwareMonitorMalwareMonitor.exeMalwareMonitor rogue security software - not recommendedNo
XMalwareProMFCMalwarePro.exeMalwarePro rogue security software - not recommended, removal instructions hereNo
XMalwareRemovalMalwareRemoval.exeAdded by a fake version of Microsoft's Malicious Software Removal Tool - removal instructions hereNo
XMalwareRemovalBotMalwareRemovalBot.exeMalwareRemovalBot rogue security software - not recommended, removal instructions hereNo
XMalwareStopperMalwareStopper.exeMalware Stopper rogue security software - not recommendedNo
XMalwaresWipedsMalwareWipeds.exeMalwareWipe rogue security software variant - not recommended, removal instructions hereNo
XMalwareWar 7.3MalwareWar 7.3.exeMalwareWar rogue security software - not recommended, removal instructions hereNo
XMalwareWipeMalwareWipe.exeMalwareWipe rogue security software - not recommended, removal instructions hereNo
XMalwareWipedMalwareWiped.exeMalwareWipe rogue security software variant - not recommended, removal instructions hereNo
XMalwareWiped 5.5MalwareWiped 5.5.exeMalwareWipe rogue security software variant - not recommended, removal instructions hereNo
XMalwareWiped 5.6MalwareWiped 5.6.exeMalwareWipe rogue security software variant - not recommended, removal instructions hereNo
XMalwareWiped 5.7MalwareWiped 5.7.exeMalwareWipe rogue security software variant - not recommended, removal instructions hereNo
XMalwareWiped 5.8MalwareWiped 5.8.exeMalwareWipe rogue security software variant - not recommended, removal instructions hereNo
XMalwareWiped 6.1MalwareWiped 6.1.exeMalwareWipe rogue security software variant - not recommended, removal instructions hereNo
XMalwareWiped 6.2MalwareWiped 6.2.exeMalwareWipe rogue security software variant - not recommended, removal instructions hereNo
XMalwareWiped 6.3MalwareWiped 6.3.exeMalwareWipe rogue security software variant - not recommended, removal instructions hereNo
XMalwareWiped 6.4MalwareWiped 6.4.exeMalwareWipe rogue security software variant - not recommended, removal instructions hereNo
XMalwareWiped 6.9MalwareWiped 6.9.exeMalwareWipe rogue security software variant - not recommended, removal instructions hereNo
XMalwareWipedsMalwareWipeds.exeMalwareWipe rogue security software variant - not recommended, removal instructions hereNo
XMalwareWipeProMalwareWipePro.exeMalwareWipe rogue security software variant - not recommended, removal instructions hereNo
XMalwareWiperMalwareWiper.exeMalwareWipe rogue security software variant - not recommended, removal instructions hereNo
XMalWarriorMalWarrior.exeMalWarrior rogue security software - not recommended, removal instructions hereNo
YMamutumamutu.exeBackground Guard feature of Mamutu from Emsi Software GmbH - which provides behaviour rather than signature based protection that "recognizes new and unknown Trojans, Worms and Viruses (Zero-Day attacks), without daily updates". The Background Guard "recognizes and blocks all potentially dangerous programs before they can cause any damage"Yes
YMamutu Guardmamutu.exeBackground Guard feature of Mamutu from Emsi Software GmbH - which provides behaviour rather than signature based protection that "recognizes new and unknown Trojans, Worms and Viruses (Zero-Day attacks), without daily updates". The Background Guard "recognizes and blocks all potentially dangerous programs before they can cause any damage"Yes
UManageDesk LiteManageDesk Lite.exeManageDesk Lite from Managebytes Desktop management software. Each desktop is a separate working space for you to useNo
XManageProtocolCtrlcsmsv.exeAdded by the LOOKSKY.B TROJAN!No
Xmanagermanager.exeDetected by Kaspersky as the SMALL.CVT TROJAN!No
UManager Monitormonitor.exeMindStorm AnalyzerPro from Secure Associates. "A security management tool for customers easy to manage report and analyze security events across heterogeneous security devices" No
XManagment Service[random filename]Added by the RBOT.BIS TROJAN!No
NMania Win RestoreRESWIN.EXEPinball Mania for Windows from 21st Century Entertainment LTD (1995). Runs briefly at start-up then terminates. Available via Start -> ProgramsNo
NManifestEngineManifestEngine.exeAutomatic updater for versions of Logitech QuickCam webcam software. Check for updates via the System Tray icon - see the LogitechVideoTray entryYes
Xmanrotcemanrotce.exeAdded by unidentified malwareNo
XMantis[filename]Added by the MANTIBE VIRUS!No
XMapEDCMapEDC.exeAdded by the WaveRevenue-McBoo TROJAN!No
XMapiDrvmpisvc.exeAdded by the MIPSIV TROJAN!No
Xmapisvc32mapisvc32.exeAdded by the KX VIRUS and also recognised by Symantec as FPAI adwareNo
XMapiyashaMapiyasha.exeAdded by the SILLYFDC-DM WORM!No
UMaple_S2PScan2pc.exeScan to PC application for the scanning function of the Samsung CLX-216x Series multifunction printersNo
Xmark the servicexxtra32.exeAdded by the SDBOT.APP WORM!No
XMartinipinmart.exeAdded by a variant of the SDBOT WORM!No
XMascro soft SDK updates2SDKrepair2.exeAdded by the SDBOT.BXM WORM!No
Xmaskridermaskrider2001.vbsAdded by the SOLOW-G WORM!No
Umasqform.exemasqform.exePureEdge Viewer - provides automation framework to manage and deploy XML forms-based processes for e-business and e-government systems. PureEdge was taken over by IBM (see here) and the product became Workplace Forms No
NMass storage check registryrundll32.exe MSDServ.dll, check registryUsed with a USB based smartmedia card readerNo
XMastersvcghost.exeAdded by the IRCBOT.RB TROJAN!No
XMaster Card Updaate 32Mastercard32.exeAdded by a variant of the RBOT WORM!No
UMaster Volume SpyMASTERVOLUMESPY.EXEVolume control for the Gateway Destination "DestiVu" media interfaceNo
XMasterBoot Switchpopupkill.exeAdded by a variant of the RBOT WORM!No
UMatadormlfbuddy.exeMailFrontier - anti-spam applicationNo
UMatadormantispm.exeMailFrontier Desktop (Matador) email spam blocker softwareNo
UMatrix Screen Lockermatrix.exeMatrix Screen Locker is a system tray application that allows for quick and secure PC lock when you wish. The screen does a "matrix style" scrolling characters effect when the lock is runningNo
XMatrixScreen[filename]Added by the MATRIXSCREEN TROJAN!No
XMatrixScreenSavermss.exeUnidentified malwareNo
NMatrox Color Controlhgcctl95.exeFor Matrox video cards. Quick access to changing colorsNo
NMatrox Control Centermgactrl.exeFor Matrox video cards. Quick access to settingsNo
NMatrox Diagnosticmgadiag.exeFor Matrox video cards. Quick access to diagnosticsNo
NMatrox PowerdeskPDesk.exe"Matrox PowerDesk software provides extra multi-display desktop management controls"No
NMatrox PowerDesk 8matrox.powerdesk.exe"Matrox PowerDesk software provides extra multi-display desktop management controls"No
NMatrox PowerDesk SEMatrox.PowerDesk SE.exeMatrox PowerDesk SE - multi-display desktop management controlsNo
NMatrox QuickDeskmgaqdesk.exeFor Matrox video cards. Quick access to tweak your card to your likingNo
XMAV_checkmav_startupmon.exePart of the WinAntiVirus Pro 2007 rogue security software - not recommended, removal instructions hereNo
Xmav_startupmonmav_startupmon.exePart of the WinAntiVirus Pro 2007 rogue security software - not recommended, removal instructions hereNo
XMaxAlertsmax.exeBonzi MaxALERT - spywareNo
XMaxAntiSpyMaxAntiSpy.exeMaxAntispy Russian rogue spyware remover - not recommendedNo
UMaxBackSchedulemaxbackservice.exeBackup scheduler for the Maxtor (now Seagate) range of external hard drives - part of Maxtor Quick StartNo
UMaxBlastMonitorMaxBlastMonitor.exeMaxblast hard drive utility for Maxtor (Seagate) drivesNo
XMaxsizedgqasqs.exeAdded by the LIOTEN.IR WORM!No
YMaxtorComboComboButton.exeRequired to be able to use the Maxtor OneTouch button on your external Maxtor harddrive. It is used to start up backup software (Retrospect)No
UMaxtorOneTouchOneTouch.exeMaxtor OneTouch Hard Drives/OneTouch Family hard disk backup softwareNo
UMaxtorRegAUTOREG.EXEPart of SYSagent - small utility for retrieving all the hardware and software information required by anyone administering a machine and/or the network it's a part ofNo
YMayaPanMayaPan.ExeAudiotrak Maya soundcard driverNo
Xmb2np[random filename]Added by the IRCBOT.TJ WORM!No
Ymbamguimbamgui.exeSystem tray access to and realtime protection agent for the registered version of MalwareBytes' Anti-Malware - which is "considered to be the next step in the detection and removal of malware. In our product we have compiled a number of new technologies that are designed to quickly detect, destroy, and prevent malware." This entry also appears under the HKLM\RunOnce registry key during installationYes
XMbarInstall[random filename]Mirar adwareNo
NMBFreeSubliminalMessageSoftwareMBFreeSubliminalMessageSoftware.exe"MB Subliminal Message Software is a wonderful personality development program that reaches out to your subconscious mind and creates a positive impact. This program aims at helping you increase your confidence and program your mind to set goals and be able to achieve them"No
UMBkLogOnHookLogOnHook.exePart of McAfee Data Backup (now Online Backup) - which "takes the hassle out of manually backing up all of your valuable digital files - from Microsoft Outlook email and contacts to treasured family photos". Available as a stand-alone product or included in Internet Security and Total Protection. The exact purpose of this entry is unknown at present but it unloads after startupYes
UMBM 4MBM4.exeMotherboard Monitor 4 - only needed if you overclock your system and want to keep a check on system temperatures/voltages/etc. Available via Start -> ProgramsNo
UMBM 5MBM5.exeMotherboard Monitor 5 - only needed if you overclock your system and want to keep a check on system temperatures/voltages/etc. Available via Start -> ProgramsNo
UMBMonRundll32 CTMBHA.DLL,MBMonCreative Filter AudioControlMB Module - installed with the Creative Audigy line of sound cards and processors. Can be disabled without causing a problemNo
UMBNetmbnet.exeMBNet (Portugal) Credit Card Processing softwareNo
UMBProbembrpobe.exeMBProbe - only needed if you overclock your system and want to keep a check on system temperatures/voltages/etc. Available via Start -> ProgramsNo
Xmbsmon32mbsmon32.exeMicro Bill Systems Billing Software - "is a potentially unwanted application that uses aggressive billing and collection service techniques to demand payment for Web site access after a three-day trial period has elapsed. It has been reported that these techniques may even result in a user no longer being able to browse the Internet"No
Xmbssm32mbssm32.exeMicro Bill Systems Billing Software - "is a potentially unwanted application that uses aggressive billing and collection service techniques to demand payment for Web site access after a three-day trial period has elapsed. It has been reported that these techniques may even result in a user no longer being able to browse the Internet"No
Xmbssm32monstu.exeDetected by AVG as the AGENT.CNM TROJAN - see hereNo
XMCwintrims.exeAdded by the WINTRIM TROJAN!No
XMCMAGICON.EXEAdded by the MAGICON.A TROJAN!No
XMCN/AAdded by the SIMCSS TROJAN!No
XMCWINTRIM.EXEAdded by the WINTRIM.A TROJAN!No
XMcAfeeMcAffeAv.exeAdded by the NETSKY.AL WORM!No
XmcafeeWin32.dll.vbsAdded by the CATCHER-B WORM!No
XMcafee Anti ScanNortonScn.exeAdded by a variant of the RBOT WORM!No
XMcAfee AntivirusMcAfeeAV.exeAdded by a variant of the RBOT WORM!No
XMcAfee Antivirus 32MCAFEEAV32.EXEAdded by the SPYBOT-EH WORM!No
XMcafee Antivirus Monitoring System326VSStatmn326.exeAdded by a variant of the SDBOT WORM!No
XMcafee Antivirus Monitoring System32mnVSStatmn32.exeAdded by a variant of the RBOT WORM!No
XMcAfee Antivirus ProtectionmcafeeAV.exeAdded by a variant of the RBOT WORM!No
YMcAfee Application Installermcappins.exeUsed by older versions of McAfee internet security related products to clean up installation files that are no longer required once the product is installed. This entry will normally only appear once the product has been installed before the system is rebootedYes
XMcafee Auto Protectmcafeshield.exeAdded by the RBOT-UH WORM!No
UMcAfee BackupMcAfeeDataBackup.exeMcAfee Online Backup (formerly Data Backup) - "takes the hassle out of manually backing up all of your valuable digital files - from Microsoft Outlook email and contacts to treasured family photos". Available as a stand-alone product or included in Internet Security and Total ProtectionYes
UMcAfee Backup and RestoreMcAfeeDataBackup.exeMcAfee Online Backup (formerly Data Backup) - "takes the hassle out of manually backing up all of your valuable digital files - from Microsoft Outlook email and contacts to treasured family photos". Available as a stand-alone product or included in Internet Security and Total ProtectionYes
UMcAfee Data BackupLogOnHook.exePart of McAfee Data Backup (now Online Backup) - which "takes the hassle out of manually backing up all of your valuable digital files - from Microsoft Outlook email and contacts to treasured family photos". Available as a stand-alone product or included in Internet Security and Total Protection. The exact purpose of this entry is unknown at present but it unloads after startupYes
UMcAfee Data BackupMcAfeeDataBackup.exeMcAfee Data Backup (now Online Backup) - "takes the hassle out of manually backing up all of your valuable digital files - from Microsoft Outlook email and contacts to treasured family photos". Available as a stand-alone product or included in Internet Security and Total ProtectionYes
YMcAfee Desktop Firewall TrayFireTray.exeMcAfee Desktop FirewallNo
YMcAfee Family Protectionmfp.exeMcAfee Family Protection - which 'is easy-to-use and built to empower parents to say "yes" to their children's online interests while protecting them as they learn and explore' and "protects children of all ages from exposure to inappropriate content, social networking risks, strangers, and other threats"Yes
YMcAfee FirewallCPD.EXEFirewall bundled with McAfee VirusScan 6.*. Can also be listed as CPD_EXENo
UMcAfee GuardianCMGrdian.exeMcAfee Guardian shortcut menu on the System Tray (looks like a castle) given access to Internet Security, Browser Buddy, File Guardian and help. Included with older versions of McAfee Internet Security and possibly othersNo
YMcAfee Managed Desktop AgentMYAGTSVC.EXEPart of the now obsolete McAfee Managed VirusScan anti-virus and anti-spyware security tool for small businesses. Starts via a registry "RunServices" key on Windows 98/Me and as a service on Windows NT/2K/XPNo
UMcAfee Managed Services TrayStartMyagtTry.exeSystem tray notification for the now obsolete McAfee Managed VirusScan anti-virus and anti-spyware security tool for small businesses. Not required to be protected but you lose notificationsNo
UMcAfee Online BackupMOBKstat.exeSystem Tray access to McAfee Online Backup (formerly Data Backup) - "takes the hassle out of manually backing up all of your valuable digital files - from Microsoft Outlook email and contacts to treasured family photos". Available as a stand-alone product or included in Internet Security and Total ProtectionYes
UMcAfee Online Backup StatusMOBKstat.exeSystem Tray access to McAfee Online Backup (formerly Data Backup) - "takes the hassle out of manually backing up all of your valuable digital files - from Microsoft Outlook email and contacts to treasured family photos". Available as a stand-alone product or included in Internet Security and Total ProtectionYes
XMcAfee Online virus Scanneravp.exeAdded by the RBOT-GCV WORM! Not to be confused with Kaspersky anti-virus and AOL's Active Virus Shield (by Kaspersky) - found in either a Kaspersky or AOL sub-directoryNo
XMcAfee Online Virus Scannernzm.exeAdded by the IRCBOT.XV WORM!No
UMcAfee QuickClean ImonitorPlguni.exePart of McAfee's QuickClean - which removes internet clutter and unwanted programs. This entry monitor changes made to the registry so that they can be undone later using QuickClean - such as removing programs. QuickClean is now integrated into their Total Protection, Internet Security and AntiVirus Plus products primarily as a file cleaner/shredder and no longer supports program removalNo
YMcAfee SecurityCentermcagent.exeMcAfee SecurityCenter is the main support center for McAfee's range of internet security products such as Total Protection, Internet Security and VirusScan. As well as providing System Tray access (via the "M" icon) for product configuration it also communicates with McAfee's servers to manage updates and virus alertsYes
YMcAfee SecurityCenterMcUpdate.exeAutomatic virus definition and software updates/upgrades for older versions of McAfee VirusScan and the now obsolete McAfee VirusScan OnlineYes
Xmcafee Software Intrenetmcafee.exeAdded by the RBOT-ATR WORM! Note - this is not a valid McAfee programNo
UMcAfee SpamKillerMskAgent.exeMcAfee SpamKiller - rule-based and list-based spam filter. Available as a stand-alone product or included in older versions of Internet Security and Total ProtectionYes
YMcAfee VirusScanmcmnhdlr.exePart of older versions of McAfee VirusScan and the now obsolete McAfee VirusScan Online. When Windows boots it checks whether a virus scan is necessary before you do anything with your PC. Typically, this would be the case if a scan was scheduled at boot-up or if a virus was found during a previous scan and VirusScan determined a scan should be run at this timeYes
YMcAfee VirusScanmcvsshld.exeActiveShield - background scanner for older versions of McAfee VirusScan and the now obsolete McAfee VirusScan Online which scans files in the background as and when they are accessed, including scanning E-mails via the McAfee VirusScan E-mail Scan Module (McVSEscn.exe)Yes
YMcAfee VirusScanoasclnt.exeOn-access real-time scanner for older versions of McAfee VirusScan and the now obsolete McAfee VirusScan Online which scans files for malware as you access, create, copy or download themYes
XMcafee VirusScan Managermvcsvm.exeAdded by the SILLYFDC.BBV TROJAN!No
XMcAfee Windows Protectionmcafee32.exeAdded by a variant of the SPYBOT WORM!No
NMcAfee Winguage??Part of McAfee Nuts & Bolts. "WinGuage is a dynamic reporting tool that constantly monitors your use of Windows and your applications, to alert you to potential problems before they become serious". Resource hog. Available via Start → ProgramsNo
UMcAfee.InstantUpdate.MonitorRuLaunch.exeInstant Updater for McAfee's VirusScan, Internet Security, Quick Clean, Uninstaller and Firewall products. In the case of VirusScan leave it enabled unless you update manually on a regular basisNo
UMcAfeeDataBackupMcAfeeDataBackup.exeMcAfee Online Backup (formerly Data Backup) - "takes the hassle out of manually backing up all of your valuable digital files - from Microsoft Outlook email and contacts to treasured family photos". Available as a stand-alone product or included in Internet Security and Total ProtectionYes
YMcAfeeFireTrayFiretray.exeMcAfee Desktop FirewallNo
XMCAFEEIPSsetup.exeAdded by the WHITEWELL TROJAN!No
XMcAfeeScanPlusMcAfeeScanPlus.exeAdded by the MEPCOD TROJAN! This trojan file does not belong to any McAfee Antivirus Software and is found in %Windir%\systemNo
YMcAfeeUpdaterUIUpdaterUI.exeMcAfee common updater user interfaceNo
YMcAfeeUpdaterUIUdaterUI.exeUpdater user interface for McAfee's VirusScan Enterprise corporate anti-virus and anti-spyware security toolNo
YMcAfeeVirusScanServiceAvsynmgr.exeFrom McAfee VirusScan version 5.x. Runs VirusScan System Tray (Vsstat.exe), WebScanX (Webscanx.exe), VirusScan System Scan (Vshwin32.exe) and VirusScan Console (Avconsol.exe) under one applicationNo
YMcAfeeWebscanXWebScanX.exeFrom McAfee VirusScan up to version 4.x. Provides functionality for VShield Download Scan and Internet Filter modules. Enables internet scanning. Guards against malicious ActiveX programs, etcNo
XMcaffe AntivirusMcafeescn.exeAdded by a variant of the SPYBOT WORM!No
XMCAFFE FLD LOADERMCAFFEFLD.EXEAdded by the RBOT-PY WORM!No
XMcaffeemcsheild.exeAdded by the RBOT-FDP WORM!No
Ymcagentmcagent.exeMcAfee SecurityCenter is the main support center for McAfee's range of internet security products such as Total Protection, Internet Security and VirusScan. As well as providing System Tray access (via the "M" icon) for product configuration it also communicates with McAfee's servers to manage updates and virus alertsYes
YMCAgentExemcagent.exeMcAfee SecurityCenter is the main support center for McAfee's range of internet security products such as Total Protection, Internet Security and VirusScan. As well as providing System Tray access (via the "M" icon) for product configuration it also communicates with McAfee's servers to manage updates and virus alertsYes
Ymcagent_exemcagent.exeMcAfee SecurityCenter is the main support center for McAfee's range of internet security products such as Total Protection, Internet Security and VirusScan. As well as providing System Tray access (via the "M" icon) for product configuration it also communicates with McAfee's servers to manage updates and virus alertsYes
Ymcappinsmcappins.exeUsed by older versions of McAfee internet security related products to clean up installation files that are no longer required once the product is installed. This entry will normally only appear once the product has been installed before the system is rebootedYes
Xmceipww[8 random letters].exeAdded by the ZHELATIN.EQ WORM!No
NMcENUIMcENUI.exeMcAfee's EasyNetwork user interface - "enables secure file sharing, simplifies file transfers, and automates printer sharing among the computers in your home network." Part of McAfee's security products such as Total Protection and Internet SecurityYes
NMChangerMChanger.exeMedia Changer - utility that allows you to change wallpapers, sounds, themes, etcNo
UMCI USB IconUSBIcon.exeMCI USB software used for managing a USB card readerNo
NMcLogLch_exeMcLogLch.exeRelated to McAfee security suite. This is a non-essential program, but should not be disabled unless suspected to be causing problemsNo
XMCM3mcm3.exeShopAtHome/SAHagent adware variantNo
Ymcmnhdlrmcmnhdlr.exePart of older versions of McAfee VirusScan and the now obsolete McAfee VirusScan Online. When Windows boots it checks whether a virus scan is necessary before you do anything with your PC. Typically, this would be the case if a scan was scheduled at boot-up or if a virus was found during a previous scan and VirusScan determined a scan should be run at this timeYes
NMCPLaunchMCPLaunch.exeLauncher for Message Center Plus "which alerts you when conditions arise on your computer that require your attention" on IBM/Lenovo ThinkCentre desktops, Thinkpad notebooks and Value Line systems. Message Center Plus will periodically scan a Lenovo server for new messages that are appropriate for your system and never collects or transmits any information about you or your computerYes
NMcRegWizmcregwiz.exeProduct registration wizard for McAfee's range of internet security toolsNo
XMcrosoftr UpdateMcrosoftr.exeAdded by a variant of the RBOT WORM!No
YMcShld9xmcshld9x.exeWindow 9x/Me on-access scanner for older McAfee's internet security products such as VirusScan and VirusScan Online which scans files in real-time for malware as you access, create, copy or download themNo
XMcsoftgfeqzvq.exeAdded by the SDBOT-NV WORM!No
YMCTskShdmctskshd.exePart of older versions of McAfee's internet security products such as VirusScan and VirusScan Online and used to schedule tasks such as automatic updates, virus scans, etc. Starts via a registry "Run" key on Windows 98/Me and as a service on Windows 2K/XP/VistaNo
Ymcui_exemcagent.exeMcAfee SecurityCenter is the main support center for McAfee's range of internet security products such as Total Protection, Internet Security and VirusScan. As well as providing System Tray access (via the "M" icon) for product configuration it also communicates with McAfee's servers to manage updates and virus alertsYes
YMcUpdateMcUpdate.exeAutomatic virus definition and software updates/upgrades for older versions of McAfee VirusScan and the now obsolete McAfee VirusScan OnlineYes
YMCUpdateExeMcUpdate.exeAutomatic virus definition and software updates/upgrades for older versions of McAfee VirusScan and the now obsolete McAfee VirusScan OnlineYes
YMcVsRtemcvsrte.exePart of older versions of McAfee's internet security products such as VirusScan and VirusScan Online. Starts via a registry "RunServices" key on Windows 98/Me and as a service on Windows 2K/XP/VistaNo
Ymcvsshldmcvsshld.exeActiveShield - background scanner for older versions of McAfee VirusScan and the now obsolete McAfee VirusScan Online which scans files in the background as and when they are accessed, including scanning E-mails via the McAfee VirusScan E-mail Scan Module (McVSEscn.exe)Yes
XMCX Updatewisp.exeAdded by the RBOT-AQH WORM!No
XMCX Updtescorti.exeAdded by the RBOT-ARP WORM!No
XMD IE Pluginmd.exeMarketdart spywareNo
XMD IE Pluginwiny.exeAdwareNo
Nmdac_runoncerunonce.exeAssociated with MS Data Access Components (MDAC). Sometimes left over after installation - not required. NOTE :- don't delete "runonce.exe".No
UMDDiskProtectMDDiskProtect.exePart of MacDrive 6 CrossStripe Edition from Mediafour Corporation - "a perfect way to share files between Mac OS and Windows." Unlike the standard version of MacDrive 7, this version is not Vista compatible but does "include support for striped Mac arrays created with ATTO ExpressStripe software." No
UMDDiskProtect.exeMDDiskProtect.exePart of MacDrive 6 CrossStripe Edition from Mediafour Corporation - "a perfect way to share files between Mac OS and Windows." Unlike the standard version of MacDrive 7, this version is not Vista compatible but does "include support for striped Mac arrays created with ATTO ExpressStripe software." No
Xmdetect[path to trojan]Added by the SPABOT TROJAN!No
UMDGetStartedMDGetStarted.exeMacDrive 7 from Mediafour Corporation - "enables anyone using Windows Vista, XP, and 2003 Server to seamlessly access Mac disks (HFS/HFS+) of all types, including CDs, DVDs, hard drives, floppy, Zip, Jaz, and more!"No
UMDGetStarted.exeMDGetStarted.exeMacDrive 7 from Mediafour Corporation - "enables anyone using Windows Vista, XP, and 2003 Server to seamlessly access Mac disks (HFS/HFS+) of all types, including CDs, DVDs, hard drives, floppy, Zip, Jaz, and more!"No
XMdmMdm.vbsAdded by the WHITEHO VIRUS or TRAPPY WORM!No
Xmdmmdm.exeAdded by the LYDRA-F TROJAN! ! Note - this is not the legitimate Machine Debug Manager (mdm.exe) process which is located in %ProgramFiles%\Common Files\Microsoft Shared\VS7Debug (98/Me/XP/Vista) or C:\WINDOWS\SYSTEM (Me only). This one is located in %Windir%No
XMDM Rock 4[8 random letters].exeAdded by the SDBOT.CHG BACKDOOR!No
UMDM7MDM.EXEUsed by developers for debugging and is a component of several MS products including Office and Visual Studio. Those who have encountered it have unchecked it with no degradation in performance. It may cause your computer to "hang" if you have Visual Studio installed and this disabled because it appears to take over error handling - hence the U recommendation. For this entry it loads under the "RunServices" key in 98/Me. It also loads as a service in XP/Vista. In both cases it's located in %ProgramFiles%\Common Files\Microsoft Shared\VS7DebugNo
XMdmdllmdmdll.exeAdded by the CRYPTER TROJAN!No
XMdmdll32mdmdll32.exeAdded by a variant of the CRYPTER.C TROJAN!No
XMDNMDNS.exeAdded by the SPYBOT.JPB WORM!No
XMDNMDNZ.exeAdded by the RBOT.AQD WORM!No
XMDNMDN.exeAdded by the RBOT.AOA WORM!No
XMDNSservice.exeMirar adware variantNo
Xmds.exemds.exeAdded by the MADS-A TROJAN!No
UMDSA Sentinel Xsmss.exeSentinelX surveillance software. Uninstall this software unless you put it there yourself. Note - this is not the same file as the smss.exe process which is always located in %System%. This one is located in %ProgramFiles%\MDSA SoftwareNo
?MDS_MenuMUIStartMenu.exePart of MediaShow and MediaEspresso (formerly MediaShow Expresso) from CyberLink. The exact purpose of this entry is unknown at present but it unloads from memory once runYes
Xmdwmdmspmdwmdmsp.exeAdware - detected by Kaspersky as the AGENT.AM TROJAN!No
NMECAMeca.exeMeca cross-platform communications technology, branded messengers will connect with AOL, MSN, Yahoo!, and ICQ usersNo
XMedGSMEDGS1.exePacerD_Media/Pacimedia.com adwareNo
XMedia AccessMediaAccK.exeWindUpdates MediaPass adwareNo
XMedia Adapterbitblt.exeAdded by the HANSAH-A WORM!No
UMedia Card Companion MonitorMCC Monitor.exeMonitor for Media Card Companion from ArcSoft. "Automates the tedious processes associated with downloading and sharing files from digital cameras, card readers, and other removable media"No
UMedia Codec Update Serviceupdate.exeWindows Essentials Codec Pack 1.0 is a collection of the most commonly needed video and audio codecs. This program allows keeps these codecs updatedNo
XMedia GatewayMediaGateway.exeWindUpdates MediaPass adwareNo
XMedia Loadmsn32.exeAdded by a unidentified WORM or TROJAN!No
UMedia Manager IndexerAIRSVCU.EXEPart of MS Visual InterDev, Media Manager is an easy media file management system that works in conjunction with Windows Explorer. The Media Manager Indexer is a program that indexes all the information about your media files and puts it into a databaseNo
XMedia PassMediaPassK.exeWindUpdates MediaPass adwareNo
XMedia PassMediaPass.exeWindUpdates MediaPass adwareNo
XMedia Playermedia.exeAdded by the FLDMEDIA-A TROJAN!No
XMedia Playerwmplayer.exeAdded by a variant of the AGOBOT.BM WORM! Note - this is not the valid Windows Media Player as the file is located in %System% rather than %ProgramFiles%\Windows Media PlayerNo
XMedia PlayerSysdll.exeAdded by the BANKER-BR TROJAN!No
XMedia PlayerSysnet.exeAdded by the BANKER.MW TROJAN!No
XMedia Playeriexplorer.exeAdded by the BANKER.MW TROJAN!No
XMedia Player Updatexpsp1mfh.exeAdded by a variant of the RBOT WORM!No
XMedia Plug x.1.2msdm.exeAdded by the MULDROP.352 VIRUS!No
XMedia Servermsdts.exeAdded by a variant of the IRCBOT TROJAN!No
XMedia Servicemsn64.exeAdded by the SPYBOT.EV WORM!No
XMedia servicemsnmsgxr.exeAdded by the SDBOT.TF WORM!No
XMedia serviceSYSTEM64.EXEAdded by the RBOT.QV WORM!No
XMedia servicenotpad.exeAdded by a variant of the AGOBOT/GAOBOT WORM!No
XMedia Services[filename].exeAdded by the AGENT-BA BACKDOOR!No
XMedia Software UPdatersscs.exeAdded by the RBOT-ABE WORM!No
XMedia Transfer Protocalsmsstc.exeAdded by a variant of the IRCBOT TROJAN!No
XMedia X ServicesMSNGRx.exeAdded by the RBOT.AUL WORM!No
XMedia-XP-Service-Pack3msnzx.exeAdded by the SDBOT-ACW WORM!No
XMEDIA32[path to trojan]Added by the PURSCAN-Z TROJAN!No
UMediaButtonsMediaButtons.exeSupports the eject button on the front on the Dell Studio Hybrid desktop. If disabled, the user will have to eject the CD/DVD by opening My Computer, right-clicking on the drive and selecting "Eject" from the available optionsNo
Xmediacodec.exemediacodec.exeAdded by the VSCODEC PRO TROJAN!No
NMediaFace IntegrationSethook.exeFellowes Neato® cd label design software. "Launch NEATO's MediaFACE II label making software directly from the productname toolbar"No
UMediafour Mac Volume NotificationsMACVNTFY.EXEPart of MacDrive 6 CrossStripe Edition from Mediafour Corporation - "a perfect way to share files between Mac OS and Windows." Unlike the standard version of MacDrive 7, this version is not Vista compatible but does "include support for striped Mac arrays created with ATTO ExpressStripe software." No
UMediafour MacDriveMacDrive.exeMacDrive 7 & MacDrive 6 CrossStripe Edition from Mediafour Corporation - "a perfect way to share files between Mac OS and Windows." Version 6 is not Vista compatible but doesn "include support for striped Mac arrays created with ATTO ExpressStripe software." No
UMediafour MacDriveMDDiskProtect.exePart of MacDrive 6 CrossStripe Edition from Mediafour Corporation - "a perfect way to share files between Mac OS and Windows." Unlike the standard version of MacDrive 7, this version is not Vista compatible but does "include support for striped Mac arrays created with ATTO ExpressStripe software." No
UMediafour MacDriveMDGetStarted.exeMacDrive 7 from Mediafour Corporation - "enables anyone using Windows Vista, XP, and 2003 Server to seamlessly access Mac disks (HFS/HFS+) of all types, including CDs, DVDs, hard drives, floppy, Zip, Jaz, and more!"No
UMediafour XPlay Tray Notification IconXptryicn.exeMediafour Xplay - allows you to use an Apple iPod digital music player with a PC running Windows. If not used regularily start manually before connecting the iPodNo
UMediafour XPlay Tray Notification IconXptryicn.exeXplay 2 from Mediafour Corporation - "expands what you can do with any iPod, including the iPhone and touch, and a Windows computer." No longer supportedNo
UMediafourGettingStartedWithMacDrive6MacDrive.exeMacDrive 6 CrossStripe Edition from Mediafour Corporation - "a perfect way to share files between Mac OS and Windows." Unlike the standard version of MacDrive 7, this version is not Vista compatible but does "include support for striped Mac arrays created with ATTO ExpressStripe software." No
UMediaKeyMediaKey.exeMultimedia keyboard manager. Required if you use the multimedia keysNo
UMediaLifeServiceMediaLifeService.exeRelated to MediaPlay Cordless Mouse from LogitechNo
XMediaLoadsdw.exeMedialoads adwareNo
XMediaLoads Installerdw.exeMedialoads adwareNo
NMediaMonitorMediam~1.exeInstalled by Smartdisk MVP CD burning software. Software will work fine without itNo
Xmediamotor.exemmups.exeAdded by the AGENT-BY TROJAN! No
XMediaPathProyecto1.exeAdded by the GRUEL WORM!No
XMediaPathRoot.exeAdded by the GRUEL WORM!No
XMediaPipe P2P Loadermpp2pl.exeMediaPipe peer-to-peer file swapping program also reported as a hijackerNo
Xmediaplayer.exemediaplayer.exeAdded by the BANKER-EUT TROJAN! The file is located in %Windir%\Sun\Java\Deployment\logsNo
Xmediaplayer.exemediaplayer.exeAdded by the BANKER.AOVZ TROJAN! The file is located in %Windir%\msagent\gfNo
XMediaPlayeSMediaPlayer_update.exeAdded by the STARTER-K TROJAN!No
Xmediapluscash.exemediapluscash.exeMediaGateway adwareNo
NMediaRing Talkmrtalk.exeMedia Ring Talk, voice recognition software, Resource hog. Available via Start -> ProgramsNo
?MediaSyncMediaSync.exeFound on Acer laptops, the process name for this entry is "Media Synchronizer" and it's part of Acer eConsole. What does it do and is it required?No
XMediaXPServicePackmxpsp.exeAdded by the SDBOT.CDT WORM!No
Xmedia_managermediaman.exeMini-Player, IMESH related foistwareNo
Xmedia_stubstub.exeMini-Player, IMESH related foistwareNo
UMEDICsprtcmd.exe /P MEDICSelf-help support tool for an unidentified high-speed internet provider (provided by SupportSoft, Inc). Identifies and automatically fixes typical problems that may occur with your high-speed internet serviceNo
XMedichimedichi.exeAdded by the VIRANTIX.B TROJAN!No
XMedichi2medichi2.exeAdded by the VIRANTIX.B TROJAN!No
Umedicsp2sprtcmd.exe /P medicsp2Self-help support tool for an unidentified high-speed internet provider (provided by SupportSoft, Inc). Identifies and automatically fixes typical problems that may occur with your high-speed internet serviceNo
?MedionVFDMdionLCM.exeRelated to Medion Display Information. What does it do and is it required?No
XMeeting Connectioncomsutil.exeAdded by the PPDOOR-E TROJAN!No
XMeeting Connectionwowdache.exeAdded by the PPDOOR-D TROJAN!No
XMeeting Connectionhgakdl32.exeLooks like a variant of the PPDOOR-E TROJAN!No
UMegaPanelHSTrans.exeHomescan Internet Transporter - part of ACNielson Homescan. Recognizes when the ACNielsen Homescan Scanner is attached to the computer and allows it to transmit scanner information to ACNielsenNo
XMegaVirusKitpgs.exeMegaVirusKit rogue security software - not recommended. A member of the AVSystemCare familyNo
?meidntpavqgdpfrs.exe??No
Xmelg34mdmd.exeAdded by an unidentified WORM or TROJAN - see hereNo
Xmelg3445mdmdd.exeAdded by a variant of the RBOT WORM!No
Xmem32mem32.exeAdded by the AGENT-FWF WORM!No
XMembers area******.exe [* = random digit]Premium rate adult content dialerNo
XMemConfigSetupIE.comAdded by the TAPLAK WORM!No
NMementoMemento.exeMemento - simple app to keep text notes on your desktopNo
UMemMonstermemmnstr.exeMemMonster - memory optimizer. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mindNo
UMemoKitMK.EXEMemory optimizer. It loads from startup group and it goes off as soon as the program (memokit.exe) is loaded in the System Tray. Mk.exe does not run while the memokit.exe is running. Probably loads a flash screen at startup and shutdown that stays on screen less than 5 seconds and gives you a button to push to purchase the full version. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mindNo
Xmemoryoutlookrem.exeAdded by the NOPIR.C WORM!No
XMemory Allocation Hostcihost.exeDetected by Avast as a variant of the IRCBOT-CHZ WORM!No
XMemory Allocation Serverciserv.exeAdded by an unidentified malwareNo
XMemory Allocation Servicescisrv.exeAdded by the IRCBOT.FC BACKDOOR!No
XMemory Checkmemore.exeAdded by the KILLAV.C TROJAN!No
XMemory managerhimem32.exeAdded by the MANCSYN TROJAN!No
XMemory Managermemorymanager.pifAdded by the DELF-JJ TROJAN!No
XMemory relocation servicereloc32.exeAdded by the RELFEERWORM!No
XMemory Servicefreememory.exeAdded by the RBOT.GEN WORM!No
NMemory Stick MonitorMSTAT.exeUsed with the Sony floppy disk adapter for memory sticks, showing if there is a stick in the computerNo
UMemory Stick MonitorMSstat.exeSony/SmartDisk memorystick-floppydisk-adapter software - allows you to read memorysticks in a normal floppydriveNo
XMemory WatcherMemoryWatcher.exeMemoryWatcher spywareNo
UMemory+tfimemsr.exeMemory optimizer. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mindNo
UMemoryBoostMemoryBoost.exeMemoryBoost - memory optimizing program made by Tenebril Inc. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/ME. See this article and make up your own mindNo
UMemoryCardManagerMemCard.exeMemory Card Manager - for removable memory cards found on Dell or Lexmark photo printers No
XMemoryManager[random name].dllVirtumondo adware relatedNo
XMemoryMeterMemoryMeter.exeMemoryMeter - bundled with TVMedia adwareNo
UMemoryZipperPlusmemzip.exeMemory Zipper Plus - "optimizes the memory management of your system and boost-up its performance amazingly!" No
Xmemreader.exememreader.exeAdded by the AGOBOT-TY WORM!No
XMEMrealoadMEMreaload.exeAdded by the LAZAR TROJAN!No
XMemScannerMemScanner.exePart of Enigma SpyHunter - not recommended, see noteNo
UMemTurbomemturbo.exeMemTurbo memory optimizer. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mindNo
XMenaceFighterGDC.exeMenaceFighter rogue privacy tool - not recommended. A member of the PCPrivacyTool familyNo
XMenaceSecurepgs.exeMenaceSecure rogue security software - not recommended. A member of the AVSystemCare familyNo
NMenuSnapMenuSnap.exeMenuSnap from Rietta Solutions. Utility that re-orders your Start Menu items alphabetically. You may not want this utility if you're able to do this manually by selecting Start -> Programs and right-clicking and choosing "Sort by Name" if availabeNo
NMercoraMercoraClient.exeMercora MusicSearch "Search, find and listen to music on the world's largest jukebox, built by people just like you". Note - if you subscribe make sure you read the Privacy PolicyNo
NMessage Center PlusMCPLaunch.exeLauncher for Message Center Plus "which alerts you when conditions arise on your computer that require your attention" on IBM/Lenovo ThinkCentre desktops, Thinkpad notebooks and Value Line systems. Message Center Plus will periodically scan a Lenovo server for new messages that are appropriate for your system and never collects or transmits any information about you or your computerYes
XMessage Queuingmsmqs.exeAdded by the FREEFORS TROJAN!No
NMessagerStarter FreeserveStartMessager.exeFreeserve MessengerNo
UMessage_Blockermessageblock.exeMessage Blocker - "prevents Outlook Express from loading images or other content from the internet without confirmation, as well as executing scripts when displaying a formatted email message"No
XMessangertrillian.exeAdded by the RBOT.CKI WORM!No
XMessangerdeamon.exeAdded by the TACTSLAY.C TROJAN!No
XMessangermsgaol.exeAdded by the TACTSLAY.C TROJAN!No
XMessangers_menu.exeAdded by the TACTSLAY.C TROJAN!No
XMessangerbrowse.exeAdded by the TACTSLAY.C TROJAN!No
XMessengermessenger.exeAdded by the KUTEX TROJAN!No
XMessengerntsubsys.exeAdded by the SDBOT.BGE WORM!No
XMessengerWmsngr.exeAdded by a variant of the RBOT WORM!No
YMessengerSCANMSG.EXEAntiVirus Quick Heal - virus protectionNo
NMessengerMsnMsgr.exeWindows Live Messenger (was MSN Messenger) utility - available via the Start menu. Disable by clicking on the "Show menu" icon and select Tools → Options → General → deselect "Automatically run Windows Live Messenger when I log on to Windows". This is the Windows Defender/Vista MSConfig entry for version 8.* Yes
NMessengermsmsgs.exeWindows Messenger instant messenger utility included with Windows 2K/XP. Available via the Start menu. Go to Windows Messenger → Tools → Options → Preferences and uncheck "Run this program when Windows starts"Yes
XMessengermsnmsgrr.exeAdded by the RBOT-GYK WORM!No
NMessenger (Yahoo!)YahooMessenger.exeSystem Tray access to the Yahoo! Messenger instant messengerYes
XMessenger Blockmsngrblock.exeAdded by the PATOO WORM!No
XMessenger Explorerm41n.exeAdded by the SDBOT-SA BACKDOOR!No
XMessenger Gatewaymsmgs.exeAdded by the AGENT-IGK TROJAN!No
XMessenger Protocolnetsender.exeAdded by the SDBOT-ACC WORM!No
XMessenger Servicemsmsgs.exeAdded by the SDBOT-ZB WORM! Note - this particular msmsgs.exe file is located in %System% and should not be mistaken for the MSN Messenger file of the same name which is located in %Program Files%\MessengerNo
XMessenger Servicenvhost.exeAdded by the JLOK-A WORM!No
XMessenger Service Updatersvshost.exeAdded by the MYTOB.GC WORM!No
XMessenger Sharing Controlmnwsvc.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XMessenger start-upMsgran.exeAdded by the GRAMOS WORM!No
XMessenger6command.pifAdded by the INZAE.B WORM!No
XMessenger91messengersystem.exeAdded by the RBOT-FPF WORM!No
UMessengerDiscoveryMessengerDiscovery.exeMessengerDiscovery is a MSN Messenger add-on - adding over 70 new features. Now superseded by MessengerDiscovery Live - with support added for Windows LiveNo
NMessengerPlusMsgPlus.exeMessengerPlus - third party MSN Messenger extension that adds a number of useful features. Bundles the hard to remove C2Media LOP adware. The software does offer you a choice during setup - make sure to install MessengerPlus WITHOUT that "sponsor program"!No
NMessengerPlus2MsgPlus.exeMessengerPlus - third party MSN Messenger extension that adds a number of useful features. Bundles the hard to remove C2Media LOP adware. The software does offer you a choice during setup - make sure to install MessengerPlus WITHOUT that "sponsor program"!No
NMessengerPlus3MsgPlus.exeMessengerPlus - third party MSN Messenger extension that adds a number of useful features. Bundles the hard to remove C2Media LOP adware. The software does offer you a choice during setup - make sure to install MessengerPlus WITHOUT that "sponsor program"!No
XmessengerskinnerMessengerSkinner.exeMessenger Skinner malware - uses a rootkit to hide executable filesNo
Xmessnger[worm filename]Added by the DELODER WORM!No
XmessngerDvldr32.exeAdded by the DELODER.A WORM!No
NMetacafeMetacafeAgent.exeMetacafe - video sharing on the web. Note - if you subscribe make sure you read the Privacy Policy No
XMeTaLRoCk (irc.musirc.com) has sex with printersmetalrock-is-gay.exeAdded by the RANDEX.Q WORM!No
XMeuProgramaaccwizz.exeAdded by the RULAND.A WORM!No
XMfc**.exe [* = random char]Mfc**.exe [* = random char]CoolWebSearch/HomeSearch adware - for examples, see this logNo
XMfc**32.exe [* = random char]Mfc**32.exe [* = random char]CoolWebSearch/HomeSearch adware - for examples, see this logNo
?mfgboot????No
Xmfhsornwnduyregsvr32.exe gisyflngpshcvuakv.dllPro AntiSpyware 2009 rogue spyware remover - not recommended, removal instructions here. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The "gisyflngpshcvuakv.dll" file is found in %System%No
XmFilterMNeck.exeAdded by the CLICKER-AG TROJAN!No
Xmfin32mfin32.exeMyFreeInternetUpdate - adware downloaderNo
Ymfpmfp.exeMcAfee Family Protection - which 'is easy-to-use and built to empower parents to say "yes" to their children's online interests while protecting them as they learn and explore' and "protects children of all ages from exposure to inappropriate content, social networking risks, strangers, and other threats"Yes
UMFP PanelMgrSSMMgr.exeMonitors ink levels, paper present and other parameters for some printersNo
YMFP Server AgentMFPAgent.exeMulti Function Printer (MFP) Server Agent for Belkin's Wirless G All-in-One Print Server and ZyXEL's NPS-520No
UMFP1815_S2PScan2pc.exeScan to PC application for the scanning function of the Dell Laser MFP 1815 multifunction printerNo
XMfqneqfebvdddwq.exeAdded by the RANDEX.AP WORM!No
?MGA HookMgahook.exeMATROX Graphics card related. What does it do and is it required?No
NMGA QuickdeskMGAQDESK.EXEFor Matrox video cards. Quick access to tweak your card to your likingNo
UMgabgMgabg.exeMatrox BIOS Guard - monitors a Matrox card's BIOS, and will reflash it when needed. Cards like the G400 have a nasty habit of losing their BIOS, especially on poor power supplies. If you make an emergency BIOS disk with the utility in their BIOS package, you can disable Mgabg.exe and just use the crash disk if/when neededNo
Ymgavctrlmgavrtcl.exePart of older versions of McAfee's internet security products such as VirusScan and VirusScan OnlineNo
Ymgavrtclexemgavrtcl.exePart of older versions of McAfee's internet security products such as VirusScan and VirusScan OnlineNo
Ymgavrtclexemgavrte.exePart of older versions of McAfee's internet security products such as VirusScan and VirusScan OnlineNo
NMGA_CD_Installmgasetup.exeMatrox Millennium video driver. Not required once drivers installedNo
Xmgmtapimgmtapi.exeUnidentified malwareNo
XMgsgi servicewkzfn.exeAdded by the AGOBOT-AHL WORM!No
UMGSysCtrlMGSysCtrlPart of the System Control Manager for MSI notebooks - displays animations for hot key commands (such as turning the wirelss card on/off)No
XMHDOGStartmhdogst.EXEAdded by an unidentified VIRUS, WORM or TROJAN! A possibility is a trojan known as PENISNo
NMHINITMHINIT.EXEPart of the Cybermedia Clean Sweep packageNo
Xmhs3mhs3.exeAdded by the PWS-ALZ TROJAN!No
XMi7sft sdceb0yz.exeAdded by the RBOT.CWG WORM!No
XMi7sft sdceMNSQ.exeAdded by the RBOT.DMU WORM!No
XMi7sft sdcescorti.exeAdded by the RBOT.ELC WORM!No
XMickey Mouse Cereal[random filename].exeAdded by the RANKY.Q TROJAN!No
XMicosoft Data Corerunservice.exeAdded by the IRCBOT.BK WORM!No
XMicosoft Data Core stuffsvshosts.exeAdded by the RBOT.FZA WORM!No
XMicosoft Startupsyscall.exeAdded by the SDBOT-JI WORM!No
XMicosoft Startupsystall.exeAdded by the SDBOT-GM BACKDOOR!No
XMicosoftartupshrl.exeAdded by the SDBOT-JQ WORM!No
XMicr Updatesoundblaster.exeAdded by the SDBOT.NP WORM!No
XMicr Update Systemupwin.exeAdded by the SDBOT.YS WORM!No
XMicr0s0ft Ms D0smsdx.exeAdded by the RBOT-AON WORM!No
XMicr0s0ft Upd4t4zsvchost32.exeAdded by the RBOT.ALF WORM!No
XMicrcoft Exploererspoolsal.exeAdded by the RBOT-AKK WORM!No
XMicrcoft Exploerersvchose.exeAdded by the RBOT-ASL WORM!No
XMicrcoft Updatspoolsae.exeAdded by the RBOT-AIB WORM!No
XMicrcoft Updatspoolsaex.exeAdded by the RBOT-AJM WORM!No
XMicrcoft UpdatInternet.exeAdded by the RBOT-ANA WORM!No
XMicrcsoft Certificate Servicescflmon.exeAdded by the RBOT-FWV WORM!No
XMicro CRC Protocolscrc32.exeAdded by a variant of the SDBOT WORM!No
XMicro Office[path to trojan]Added by the BANCBAN-QC TROJAN!No
XMicro Processappconf.exeAdded by an unidentified WORM or TROJAN!No
XMicro Updatedailin.exeAdded by the RBOT-ER WORM!No
NMicroangelo DesktopMuamgr.exeUsing MicroAngelo On Display, you can easily select the icon images that you prefer rather than the default icons displayed by Windows. On Display provides a consistent and elegant method to customize the icon display for almost every icon on your systemNo
NmicroAttuneDownloadatmdlusr.exeApplication Launcher, MS Office application. USR (US Robotics) modem auto updater. May be a sub-set of AttuneNo
UMicroBrewMicroBrew2.exeRelated to Bluebeam PDF printer support. Prints AutoCAD .dwgs to PDF'sNo
XMicroCQ0explorer.exeAdded by the LINEAGE-AK TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %ProgramFiles%No
UMicroDialleratdialler1.exePart of the Freeserve Connection Kit - changes the dial-up for Freeserve AnyTime if access problems are encounteredNo
XMicroedSoft ToolbarSmoked.exeAdded by the RBOT-ALN WORM!No
XMicrofinder lptt01mcf.exeRapidBlaster variant (in a "mcf" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see hereNo
XMicrofinder ml097emcf.exeRapidBlaster variant (in a "mcf" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see hereNo
XMicrofot Updatewinldx32.exeAdded by a variant of the RBOT WORM!No
XMicroft Exploererspoolsac.exeAdded by the RBOT-AMD WORM!No
XMicroft Update 32winssx.exeAdded by the RBOT-AQS WORM!No
XMicroLoad[random filename]Added by the DARBY WORM!No
XMicromedia Flash Updatewdfmrg.exeAdded by a variant of the SDBOT WORM!No
XMicromedia Flash Updatexptxt.exeAdded by the RBOT-GAB WORM!No
XMicroMix32WinCon.exeAdded by the VB-ECC TROJAN!No
XMicrooft Timingpupdate.exeAdded by a variant of the RBOT WORM!No
XMICROSFT ANTIVIRUS UPDATE SUPPORT[random 10-letter filename].EXEAdded by the RBOT-AQA WORM!No
XMICROSFT ANTIVIRUS UPDATE SUPPORTMSGUPDATED.EXEAdded by the RBOT-APZ WORM!No
XMicrosft Conf 32msaconf.exeAdded by the RBOT.EYA WORM!No
XMicrosft Confige 32msaconfigurez.exeAdded by the RBOT.CLC WORM!No
XMicrosft Corporation Version 2001.12.4414comrel.exeAdded by a variant of the SDBOT TROJAN!No
XMicrosft Corporation Version 2002.12.2414comserv.exeAdded by a variant of the SLAPER TROJAN!No
XMICROSFT MX UPDATE SUPPORTtaskmngrs.exeAdded by the RBOT-AUZ WORM!No
XMICROSFT MX UPDATE SUPPORTwinmx32.EXEAdded by the IRCBOT-FD WORM!No
XMICROSFT RAMA UPDATE SUPPORT[random filename]Added by the RBOT-ASM or RBOT-AUW WORMS!No
XMICROSFT RAMA UPDATE SUPPORTMSN32.EXEAdded by the RBOT-AWJ WORM!No
XMICROSFT RAMA UPDATE SUPPORTmtakthmyn.EXEAdded by the RBOT-AUJ WORM!No
XMICROSFT RAMA UPDATE SUPPORTMSGUPDAT32.EXEAdded by the RBOT-BBB WORM!No
XMicrosft Remote Procedure Daemonmsrpcd.exeAdded by a variant of the IRCBOT BACKDOOR!No
XMicrosft Security Monitor Processcmh.exeAdded by the EGGDROP.V WORM!No
XMicrosft Security Monitor Processmssmppp.exeAdded by a variant of the IRCBOT BACKDOOR!No
XMicrosft Security Monitor Processmssmpp.exeAdded by the SDBOT-DJW WORM!No
XMicrosft Updtessarvice.exeAdded by a variant of the SDBOT WORM!No
XMicrosft Upgraed[random filename].exeAdded by a variant of the SDBOT WORM!No
XMicrosft Windows Adapter 5.1.3013[random filename]Added by the SMALL.HIT TROJAN!No
Xmicrosft windows updatesmwupdate32.exeAdded by a variant of the TOXBOT/CODBOT WORM!No
XMicrosof Valuenmatt.exeAdded by a variant of the RBOT WORM!No
XMicrosof Windows Hostsvhost32.exeAdded by the RBOT.ADY WORM!No
XMicrosof Winlog Hostwilogon32.exeAdded by the RBOT.XC WORM! No
XMicrosofot x386 System Monitorsystem32.exeAdded by the WOOTBOT.M WORM!No
Xmicrosoftsvchost.exeAdded by the ASTEF or RESPAN WORMS! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup!No
Xmicrosoftmicrosoft.htaHTA file which creates an executable on the hard drive which subsequently proceeds to download files from a malware site!No
XMicrosoftwin32.exeAdded by the DARKMOON TROJAN!No
XMicrosoftiexplore.exeAdded by the QQROB-R TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System%No
XMicrosoftsvchost.exeAdded by the ADUYO-A TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
XMicrosoftwuauclt.exeAdded by the QQROB-AAQ TROJAN! Note - this is not the legitimate wuauclt.exe process, which should not appear in Msconfig/Startup!No
XMicrosoftguard.exeAdded by a variant of the SDBOT WORM!No
XMicrosoftwcsntfy.exeAdded by the AGOBOT-AHT WORM!No
XMicrosoftssmss.exeAdded by the RBOT-FZF WORM!No
XMicrosoftlsass.ppfAdded by the RBOT-GAA WORM!No
XMicrosoftmsvchost.exeAdded by the RBOT-GAW WORM!No
XMicrosoftmixers.exeAdded by the AGOBOT-AHU WORM!No
XMicrosoftmsmsger.exeAdded by a variant of the SDBOT WORM!No
XMicrosoftMSUPDATE.exeAdded by an unidentified WORM or TROJAN!No
XMicrosoftradnom.exeAdded by the RBOT-GHO WORM!No
XMicrosoftrtvcscan.exeAdded by the RBOT-GGU WORM!No
XMicrosofttaskbar.exeAdded by a variant of the RBOT WORM!No
XMicrosoftupdater.exeAdded by the RBOT-GHP WORM!No
XMicrosoftwindl32.exeAdded by the SDBOT-DCZ WORM!No
XMicrosoftaim.exeAdded by the RBOT-GRY WORM! Note - this is not the popular AOL Instant Messenger utilityNo
XMicrosoftExplorerr.exeAdded by the IRCBOT-WG TROJAN!No
XMicrosoftkasperskyLive32.exeAdded by the RBOT-GRT WORM!No
XMicrosoftmsngerf.exeAdded by the RBOT-GLW WORM!No
XMicrosoftnetsrv.exeAdded by the RBOT-GOS WORM!No
XMicrosoftrundll.exeAdded by the RBOT-GSJ WORM! Note - this is NOT the Win9x/Me system file of the same name as described hereNo
XMicrosoftWinSecUp.exeAdded by the RBOT-GPL WORM!No
XMicrosoftwsim32.exeAdded by the RBOT-GTL WORM!No
XMicrosoftwplayer.exeAdded by the IRCBOT-ABP TROJAN!No
XMicrosoftmdms.exeAdded by the AGENT-GHY TROJAN!No
XMicrosoftExplorer.exeAdded by a variant of the RBOT WORM! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%No
XMicrosoftinstall.exeAdded by a variant of the IRCBOT BACKDOOR!No
XMicrosoftinternetdat.exeAdded by the RBOT.ETY BACKDOOR!No
XMicrosoftntsvr.exeAdded by a variant of the RBOT WORM!No
XMicrosoftschost.exeAdded by the RBOT.FEH BACKDOOR!No
XMicrosoftsoundvol32.exeAdded by the RBOT.CIJ BACKDOOR!No
XMicrosoftsqlservice.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XMicrosoftsvhost.exeAdded by a variant of the IRCBOT BACKDOOR!No
XMicrosoftwinampaa.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XMicrosoftwinline.exeAdded by the AGENT.KT TROJAN!No
XMicrosoftsystem32.exeAdded by the IRCBOT-ZZ WORM!No
XMicrosoftwinsys32.exeAdded by the RBOT-GSQ WORM!No
XMicrosoftwinnn.exeAdded by the RANDEX.GGP WORM!No
XMicrosoftsymtea.exeAdded by the SPYBOT.AMTE WORM!No
XMicrosoftMicrosoftCorporation.exeAdded by the KILLFILES.AED TROJAN!No
XMicrosoftfirefox.exeAdded by the RBOT-GVJ TROJAN! Note - this is not the popular FireFox web browser and is located in %System%No
XMicrosoft Associates, Inc.iexplorer.exeAdded by the LOVGATE.Z WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe)No
XMicrosoft (C) HTML Application host[random filename]Added by the RBOT-YB WORM!No
XMicrosoft (R) Windows Configuration Backup Servicesvchost.exeAdded by the RANKY.X TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in either a "config", "mapping" or "security" subfolder of %Windir%No
XMicrosoft (R) Windows DLL Loaderrundll32.exeAdded by the RANKY.W TROJAN! Note - this is not the legitimate rundll32.exe process, which is found in %Windir% (98/ME) or %System% (NT/2K/XP). This one is located in %Windir%\dllNo
XMicrosoft (R) Windows Network Latency Controller1.tmpAdded by a generic password stealer TROJAN - see hereNo
XMicrosoft (R) Windows Network Latency Controllernlc.exeAdded by a generic password stealer TROJAN - see hereNo
XMicrosoft (R) Windows Network Latency Controllersp2vc.exeAdded by a generic password stealer TROJAN - see hereNo
XMicrosoft (R) Windows Network Security Management Servicensms.exeAdded by the RANKY.LC TROJAN!No
XMicrosoft (R) Windows Protected Content Restoration Serviceservices.exeAdded by the AGENT.AGV BACKDOOR! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\etcNo
XMicrosoft (R) Windows Protocol Deployment Manager[random].tmpAdded by an unidentified WORM or TROJAN!No
XMicrosoft (R) Windows TCP/IP Socket Driver[path to trojan]Added by the PROXY-DD TROJAN!No
XMicrosoft (R) Windows TCP/IP Socket Layerservices.exeAdded by the RBOT.ARM WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\winsockNo
XMicrosoft (R) Windows Update Servicewuauclt.exeAdded by a variant of the SDBOT WORM! Note - this is not the legitimate wuauclt.exe process, which should not appear in Msconfig/Startup!No
XMicrosoft (R) Windows Vista/NT Runtime Compatibility Servicenrcs.exeAdded by the RANKY.X TROJAN!No
XMicrosoft .NET Confinguratormsnconf.exeAdded by an unidentified VIRUS, WORM or TROJAN!No
XMicrosoft 16Bit Updatewuapdate16.exeAdded by the RBOT.CZ WORM!No
XMicrosoft 64 Bit Runtime Updaterwupdt64.exeAdded by a variant of the RBOT WORM!No
UMicrosoft ActiveSyncWCESCOMM.EXEConnection manager for Microsoft ActiveSync - mobile device synchronization software for Windows XP (and earlier), supporting mobile devices based upon the Windows CE OS (such as Pocket PC, Handheld PC and Windows Mobile). Automatically launches ActiveSync (if enabled) when the mobile device is connected. If disabled it will re-instate the next time ActiveSync runs - hence the reluctant "U" recommendationYes
XMicrosoft ActiveX Debugger NT[path to trojan]Added by the BANCOS-DO TROJAN!No
XMicrosoft Admin ProtocalMSADNIN.exeAdded by a variant of the RBOT WORM!No
XMicrosoft ADservice[random filename]Added by a variant of the RBOT WORM!No
XMicrosoft Agentmdss32.exeAdded by the KEYLOG-AG TROJAN!No
XMicrosoft Agentsvch0st.exeAdded by the VB-DRO WORM!No
XMicrosoft ALG32 Protocolalg32.exeAdded by a variant of the SPYBOT WORM!No
XMicrosoft ALGXP Protocolalg32.exeAdded by a variant of the SDBOT WORM!No
XMicrosoft allmmall.exeWopla.ac malware variantNo
NMicrosoft Announcement ListenerAnnclist.exeMS WebTV for Windows. Used to display TV on your PC via a compatible video card with in-built tuner (such as ATI All-In-Wonder). If you don't use it - uninstall itNo
XMicrosoft Ansti Updatemsie.exeAdded by the RBOT-LE WORM!No
XMicrosoft Anti Virus Controllermsavc.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XMicrosoft Anti Virus Controllermsavc32.exeAdded by the SDBOT.EPW BACKDOOR!No
XMicrosoft Anti-Spy[random filename]Added by a variant of the SDBOT WORM!No
XMicrosoft AntiSpywareBazzi.exeAdded by the AHKER.J WORM!No
XMicrosoft AntiSpywareKT06.pifAdded by the IRCBOT.GEN WORM!No
XMicrosoft AOL Instant MessengerMSAOL32.exeAdded by the RBOT-AAI WORM!No
XMicrosoft AOL32 Protocolaol32.exeAdded by a variant of the SPYBOT WORM!No
XMicrosoft Application Centermappc.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Application Managermsapl32.exeAdded by the BROPIA-AE TROJAN!No
XMicrosoft AUT UpdateMSlti32.exeAdded by the RBOT-X WORM!No
XMicrosoft AUT UpdateMSlti16.exeAdded by the RBOT.EB WORM!No
XMicrosoft Authority Servicelsass.exeAdded by the KALEL-D WORM! Note - this is not the legitimate lsass.exe process, which should not appear in Msconfig/Startup!No
XMicrosoft auto updatewinupdate.exeAdded by the BMBOT TROJAN!No
XMicrosoft Auto UpdateWINHLP16.EXEAdded by the RBOT.GY WORM!No
XMicrosoft auto updatewuauclt.exeAdded by the CULT-B TROJAN! Note - this is not the legitimate wuauclt.exe process, which should not appear in Msconfig/Startup!No
XMicrosoft Automatic Update Serivcemsautou.exeAdded by the RBOT-AOB WORM!No
XMicrosoft Automatic UpdaterExplorer.exeAdded by the RBOT-SG WORM! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%No
XMicrosoft AutoUpdatersvhost.exeAdded by the RBOT.QG WORM!No
XMicrosoft Bool ValueMV2.exeAdded by a variant of the RBOT WORM!No
XMicrosoft boot system cfg32actboost.exeAdded by the BROPIA.R WORM!No
UMicrosoft Broadband NetworkingMSBNTray.exeMicrosoft Broadband Networking Tray ApplicationNo
XMicrosoft Browser ServicesBrwsr32.exeAdded by a variant of the IRCBOT TROJAN!No
XMicrosoft Browser ServicesBrwsr64.exeAdded by a variant of the IRCBOT TROJAN!No
XMicrosoft Buffer Appmsbuffer.exeAdded by the SLINBOT.NQ BACKDOOR!No
XMicrosoft Cab Managerexec.exeAffilred adwareNo
XMicrosoft Cab Managercab.exeAdded by the DELF-JJ TROJAN!No
XMicrosoft Calculatorcalc.exeAdded by a variant of the IRCBOT TROJAN!No
XMicrosoft checkerMsPMSPTv.exeAdded by a variant of the SDBOT WORM!No
XMicrosoft Clientmshost.exeAdded by the RBOT-AND WORM!No
XMicrosoft Clientmsclient.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XMicrosoft Client Pcspoolsrv.exeAdded by the RBOT-AQM WORM!No
XMicrosoft Client/Server Runtime Server Subsystemcsrs.exeAdded by a variant of the AGOBOT/GAOBOT WORM!No
XMicrosoft Client/Server Runtime Server Subsystemcsrssa.exeAdded by a variant of the AGOBOT/GAOBOT WORM!No
XMicrosoft Com Port Managersvdhost.exeAdded by the SDBOT-NI WORM!No
XMicrosoft Command Csshost.exeAdded by the RBOT-CMK WORM!No
XMicrosoft Command Cwinhost32.exeAdded by the SDBOT-BBA WORM!No
XMicrosoft Command Linewincmd.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Conf Ldrsysconf.exeAdded by a variant of the SDBOT TROJAN!No
XMicrosoft ConfgKeyswurmgrd32.exeAdded by the RBOT-ARX WORM!No
XMicrosoft Configmsconf.exeAdded by the RBOT.PV WORM!No
XMicrosoft ConfigMSCONF.EXEAdded by the RBOT-LG WORM!No
XMicrosoft Config 32msconfigx32.exeReported as the MSCONFIGX32 TROJAN! Possible Rbot variantNo
XMicrosoft Config 32bitmscnfg32.exeAdded by the RBOT-Z WORM!No
XMicrosoft Config Fileconfig.exeAdded by the KILLFILES.GR TROJAN! This is malware that will attempt to delete all system dlls!No
XMicrosoft Config Loadermsconfig32.exeAdded by the AGOBOT.XX WORM!No
XMicrosoft Config Loadermsrun32.exeAdded by the AGOBOT-DY WORM!No
XMicrosoft Config Loadermsconf32.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Configoration Servicemsconfigs.exeAdded by the RBOT-ETT WORM!No
XMicrosoft Configs 32msgconfigrs.exeAdded by a variant of the SDBOT WORM!No
XMicrosoft Configuewemsconfiguwe.exeAdded by the SDBOT-BPK WORM!No
XMicrosoft Configurationmsconfig32.exeAdded by the SDBOT.MQ WORM!No
XMicrosoft Configuration 35microsot1.exeAdded by an unidentified TROJAN!No
XMicrosoft Configuration Wizardtaskmrg.exeAdded by the SDBOT-MX TROJAN!No
XMicrosoft Configure 32msgconfigre.exeAdded by a variant of the AGOBOT/GAOBOT WORM!No
XMicrosoft Connection Manager Monitorcmmon.pifAdded by the RBOT-AKV WORM!No
XMicrosoft Control Centercrtl.exeAdded by the RBOT-VX WORM!No
XMicrosoft Core SupportMSxUP32.exeAdded by the RBOT-ANR WORM!No
XMicrosoft Core Support[random filename]Added by a variant of the RBOT TROJAN!No
XMicrosoft Corpsvchost.exeAdded by the PUSHBOT.QD WORM! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
XMicrosoft Corpsvchosts.exeAdded by the CEEINJEC-E TROJAN!No
XMicrosoft Corp SQL Certificatessqlcer.exeAdded by the ZYBOT-C WORM!No
XMicrosoft Corp SSL Certificateswindowz.exeAdded by the RBOT-GCZ WORM!No
XMicrosoft Corp TLS Certificatesmsauth.exeAdded by the RBOT-GAC WORM!No
XMicrosoft Corp Updateswupdates.exeAdded by the RBOT-AUU WORM!No
XMicrosoft Corp. Critical Servicescsrs.exeAdded by the RBOT-GTJ WORM!No
XMicrosoft Corp. Host Servicessvchosl.exeAdded by the RBOT-FMZ WORM!No
XMicrosoft Corporaticn SQL Handlersqlhandler.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Corporation[random filename]Added by various VIRUSES, WORMS & TROJANS!No
XMicrosoft Corporationjview.exeAdded by the RBOT-AOD WORM!No
XMicrosoft Corporation Svchost Servicemssvc.exeAdded by a variant of the SDBOT WORM! See hereNo
XMicrosoft Corporation Svchost Servicemswsc.exeAdded by the AGENT.MAB TROJAN!No
XMicrosoft Corporation SYM monitormssym.exeAdded by the RBOT-GDB WORM!No
XMicrosoft CP Web Managerwebcp.exeAdded by the IRCBOT.HP TROJAN!No
XMicrosoft CPU Over Heat ManagerCPU.exeAdded by a variant of the IRCBOT TROJAN!No
XMicrosoft CPXP Protocolcpxp.exeAdded by the RBOT.ATP WORM!No
XMicrosoft Critical Servicessvhhost.exeAdded by the AGOBOT-AJA WORM!No
XMicrosoft Crs Fix Servwincrs.exeAdded by the SDBOT.BWF WORM!No
XMicrosoft CRT Monitor Managercrtmon.exeAdded by the ROBOTON.A WORM!No
XMicrosoft CSRSS Servicensmscrs.exeAdded by the RBOT-BPT WORM!No
XMicrosoft CSRSS32 Protocolcsrss32.exeAdded by a variant of the AGOBOT/GAOBOT WORM!No
XMicrosoft CSRSS386 Protocolcsrss386.exeAdded by a variant of the SPYBOT WORM!No
UMicrosoft CTF Loaderctfmon.exeSupports multiple languages and alternative method inputs in Windows and MS Office. The language bar is displayed alongside the System Tray if more than one keyboard layout is enabled (for switching input languages) or, for example, if speech is selected as an alternative input for MS Office or Notepad. Required to support advanced text services (such as right to left text) for East Asian users. Can be disabled via Start → Control Panel → Regional and Language Options → Languages → Text Services and Input Languages → Details → Advanced → System Configuration → Turn off advanced text services (which also turns off the language bar). See also here and here. Can also cause problems with some other programs if left enabled - see here for such an exampleYes
XMicrosoft Cvrtmscvrt32.exeAdded by an unidentified VIRUS, WORM or TROJAN!No
XMicrosoft Data Helpercihost.exeMalware, possibly a variant of the LINST TROJANNo
XMicrosoft Data Machinecsdata32.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Database Handlermssql32.exeAdded by the RANDEX.AX WORM!No
XMicrosoft Datalog Applicationmsdata.exeAdded by a variant of the SDBOT WORM!No
XMicrosoft DDE Controlwupades.exeAdded by a variant of the SDBOT WORM!No
XMicrosoft DDEs ControlErun.pifAdded by the RBOT-AMU WORM!No
XMicrosoft Debug Manager Consolemdm32.exeAdded by the AGOBOT-AQ WORM!No
XMicrosoft Debug Servicedbgbgr.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Decryption TechnologyMsfenoe.exeAdded by the SPYBOT-DG WORM! No
UMicrosoft Default ManagerDefMgr.exePart of MSN Toolbar from version 4.* onwards (renamed "Bing Bar" from version 5.* onwards) which includes the Bing search engine. Via Start → All Programs → Microsoft Default Manager you can elect to keep Bing as the default search engine and set it to notify you of any changes to your browsers default settings. Not required if you choose not to use BingYes
XMicrosoft Desktop Managermsdesk32.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Deviexplorer32.exeAdded by a variant of the AGOBOT/GAOBOT WORM!No
XMicrosoft Development Debuggermsdev.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Development Servicesmsdevelop.exeAdded by the RBOT-FWS WORM!No
XMicrosoft Device Managermsdevmgr32.exeAdded by the LATEDA.B TROJAN!No
XMicrosoft Device Managermscmtl32.exeAdded by the AGENT.BMQ BACKDOOR!No
XMicrosoft Device Managersvcswin.exeAdded by the IRCBOT-YH TROJAN!No
XMicrosoft Diagnostic[random filename]Added by the ACEBOT TROJAN!No
XMicrosoft Diagnosticmsdiag32.exeAdded by the RBOT-UC WORM!No
XMicrosoft Digital Clockmsclock.exeAdded by the NACKBOT-D WORM!No
XMicrosoft Digital Cryptorsmdigits.exeAdded by the SDBOT.LM WORM!No
XMicrosoft DirectXSpoolserv.exeAdded by the DINFOR WORM!No
XMicrosoft DirectXrasmngr.exeAdded by a variant of the RBOT WORM!No
XMicrosoft DirectXPDSched.exeAdded by the SDBOT.CN WORM! No
XMicrosoft DirectXwuamgrd.exeAdded by the SDBOT.MY WORM!No
XMicrosoft DirectXtime123.exeAdded by the SDBOT.MD WORM!No
XMicrosoft Directxdirectxat.exeAdded by the SDBOT-BXF WORM! Note - disables autostart for the SharedAccess service and deactivates the Microsoft Internet Connection Firewall (ICF)No
XMicrosoft DirectXwupdate.exeAdded by the RBOT-L WORM!No
XMicrosoft Directx clickdirectxclick.exeAdded by a variant of the RBOT-GHT WORM!No
XMicrosoft Directx clicksdirectxclickers.exeAdded by the RBOT-GHT WORM!No
XMicrosoft Directx pushdirectxpushup.exeAdded by a variant of the RBOT-GHT WORM!No
XMicrosoft Directxspdirectxbt.exeAdded by a variant of the RBOT-GHT WORM!No
XMicrosoft Directxspnewdirectxnew.exeAdded by a variant of the RBOT-GHT WORM!No
XMicrosoft DirktorWin[random filename]Added by the SPYBOT.GEN3 TROJAN!No
XMicrosoft Disk Scannerscansdisk.exeAdded by the WOOTBOT.DT WORM!No
XMicrosoft DLLfumeta.exeAdded by the RBOT-AUG WORM!No
XMicrosoft Dllrunapidll.exeAdded by the RBOT-GRG WORM!No
XMicrosoft DLL Authentificationdllsecure.exeAdded by a variant of the IRCBOT TROJAN!No
XMicrosoft DLL ExtensionsSystemDll.exeAdded by the RBOT-ADV WORM!No
XMicrosoft dll Host Servicewkssr.exeAdded by a variant of the SDBOT WORM!No
XMicrosoft DLL Host Servicedllmemhost.exeAdded by a variant of the IRCBOT TROJAN!No
XMicrosoft DLL Host Servicesvcdllhst.exeAdded by the AGENT.EAK TROJAN!No
XMicrosoft dll Host Servicesvchost.exeAdded by the RBOT.BMS BACKDOOR! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
XMicrosoft DLL Librarywinlib32.exeAdded by the ATNAS.A WORM!No
XMicrosoft Dll Managementwindll.exeAdded by the RBOT-MT WORM! No
XMicrosoft Dll Managermicrosoft32dll.exeAdded by the SHEUR.LH TROJAN!No
XMicrosoft DLL Managerdllmgr.exeAdded by the SDBOT-KJ WORM!No
XMicrosoft DLL Monitordllmon32.exeAdded by the AGENT.WP WORM!No
XMicrosoft DLL Monitordllmon64.exeAdded by a variant of the IRCBOT TROJAN!No
XMicrosoft DLL Monitordllmonitor.exeAdded by a variant of the IRCBOT TROJAN!No
XMicrosoft Dll Printer Managerdllpt.exeAdded by the SDBOT.BIH WORM!No
XMicrosoft DLL Serviceservicedll.exeAdded by the IRCBOT.OX BACKDOOR!No
XMicrosoft DLL Servicesvcdll.exeAdded by a variant of the SPYBOT WORM!No
XMicrosoft DLL Sourcedllsrc.exeAdded by a variant of the IRCBOT TROJAN!No
XMicrosoft DLL Verifierfile.exeAdded by the RBOT-AED WORM!No
XMicrosoft DLL Verifierchkfile.exeAdded by the RBOT-AOC WORM!No
XMicrosoft DLL Verifiercsrssv.exeAdded by the RBOT-ATK WORM!No
XMicrosoft DLL Verifiermscon.exeAdded by the SDBOT.EAH WORM!No
XMicrosoft DLL Verifierwinavguard.exeAdded by the SDBOT.AAD WORM!No
XMicrosoft DLL Verifierwns.exeAdded by the SPYBOT-LA WORM!No
XMicrosoft DLLSet32dllset32.exeAdded by the RBOT.OZ WORM!No
XMicrosoft DNS Host Resolutionhostres.exeAdded by the AGOBOT-MK BACKDOOR!No
XMicrosoft DNS Querymsdns.exeAdded by the AGENT-BS TROJAN!No
XMicrosoft DNSxmdnex.exeAdded by the DELBOT-AI WORM!No
XMicrosoft Documentkrisp.exeAdded by the SDBOT-RQ WORM!No
XMicrosoft Domain Controllermstc.exeAdded by the NUGACHE.A WORM!No
XMicrosoft Driverfaet.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Driver Controlwindrv.exeAdded by the SDBOT.FW WORM!No
XMicrosoft Driver Managermswindrv.exeAdded by the FORBOT-EZ WORM!No
XMicrosoft Driver Setupmsddrv42.exeAdded by the PALEVO WORM!No
XMicrosoft Driver SetupJwrb.exeAdded by the AUTORUN-AOB WORM!No
XMicrosoft Driver Setupdllhost.exeAdded by the AUTORUN-AOZ WORM!No
XMicrosoft Driver Setupsysmngsr322.exeAdded by the BUZUS-AS TROJAN!No
XMicrosoft Driver Setupw7services.exeAdded by the AUTORUN-ARJ WORM!No
XMicrosoft Driver Setupmslsrv32.exeAdded by the SDBOT-DPF TROJAN!No
XMicrosoft Driver Setupccdrive32.exeAdded by the AGENT-LYL TROJAN!No
XMicrosoft Driver Setupcidrive32.exeAdded by the AGENT-NES TROJAN!No
XMicrosoft Driver Setupwndrive32.exeAdded by the AGENT-NRS TROJAN!No
XMicrosoft driver updateMshome.exeAdded by the SDBOT.BL WORM!No
XMicrosoft DriversWSconf.exeAdded by a variant of the SDBOT WORM!No
XMicrosoft ErgoPackwserb32.exeAdded by the RBOT-RI WORM!No
XMicrosoft EV32 ServiceMSev32.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Event EngineEvtEngn.exeAdded by the RBOT-XV WORM!No
XMicrosoft Excelmsexcel.exeAdded by the RBOT-TQ WORM!No
XMicrosoft Excelemsmsgs.exeAdded by the AGENT.AJQG TROJAN! Note - this particular msmsgs.exe file is located in %System% and should not be mistaken for the MSN Messenger file of the same name which is located in %Program Files%\MessengerNo
XMicrosoft Excellwuamngr32.exeAdded by the RBOT-QH WORM!No
XMicrosoft Executingmicrosoft.exeAdded by the AGOBOT.UV WORM!No
XMicrosoft Explorersvapache.exeAdded by the RBOT-VR WORM!No
XMicrosoft Explorerexplorer.scrAdded by the RBOT-ADH WORM!No
XMicrosoft Explorerexplorer.pifAdded by the SDBOT-ACX WORM!No
XMicrosoft Explorerexplorer.exeAdded by the POEBOT-LY WORM! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%No
XMicrosoft Explorer Servicemsexplore.exeAdded by the IRCBOT.AYB BACKDOOR!No
XMicrosoft explorer Updateinternal.exeAdded by an unidentified WORM or TROJAN!No
XMicrosoft Explorer(64)explorer64.exeAdded by the SPYBOT-R WORM!No
XMicrosoft Explorer2system.exeAdded by the IRCBOT.BS TROJAN!No
XMicrosoft Explorer2nome.exeAdded by the RANDEX.AA WORM!No
XMicrosoft Explorer2bitchbot.exeAdded by the SDBOT.EV WORM!No
XMicrosoft EXPLOREXP Protocolexplorexp.exeAdded by a variant of the SPYBOT WORM!No
XMicrosoft Featuresms32cfg.exeAdded by the RBOT.HO WORM!No
XMicrosoft Featuresmsie.exeAdded by a variant of the RBOT WORM!No
XMicrosoft File Demand Managerwmgrdf.exeAdded by a variant of the RBOT WORM!No
NMicrosoft Find FastFindfast.exeFrom older versions of MS Office - searches disk drives for Office file types and creates an index to make opening them easier. When indexing is in progress it can use lots of CPU time and memory - especially on slower/older machinesYes
XMicrosoft Firewallfirewallsp2.exeAdded by the RBOT-MC WORM!No
YMICROSOFT FIREWALL CLIENTISATRAY.EXEMS Internet Security and Acceleration Server - see hereNo
XMicrosoft FixUppevblbvr.exeAdded by the RBOT.DWK WORM!No
XMicrosoft FixUpwnpzjpuw.exeAdded by a variant of the SDBOT WORM!No
Xmicrosoft frontpagetwain.exeAdded by the AGENT.AQO TROJAN!No
XMicrosoft Gamesgamemanager.exeAdded by the SPYBOT.AHQ WORM!No
XMicrosoft Generic Update Managerwupdate.exeAdded by the RBOT-AWC TROJAN!No
XMicrosoft Genetic Procresssvchost.exeAdded by a variant of the SDBOT WORM!No
XMicrosoft Genuine Logonmsnmsg.exeAdded by the IRCBOT-XH WORM!No
XMicrosoft Genuine Logonsvchost.exeAdded by the SDBOT.EXT WORM! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
XMicroSoft Getway Dire[random filename]Added by the IRCBRUTE.AM WORM!No
XMicroSoft Getway mqbol[12 random letters].exeAdded by the RBOT.GBA WORM!No
XMicrosoft Gina V EncryptionMSGINAV.EXEAdded by an unidentified VIRUS, WORM or TROJAN!No
NMicrosoft Greetings ReminderMHPRMINF.EXEYou really want to be reminded about somebody's birthday at the expense of resources?No
NMicrosoft Greetings RemindersMHPRMIND.EXEMicrosoft Home Publishing greetings reminderNo
NMicrosoft Greetings Workshop ReminderGwremind.exeYou really want to be reminded about somebody's birthday at the expense of resources?No
XMicrosoft HDCP for NTmsdhcp.exeAdded by a variant of the RBOT WORM!No
XMicrosoft HDCP for NT and Win9xmsdhcprs.exeAdded by a variant of the PEERBOT WORM!No
XMicrosoft Helpsvh0st.exeAdded by a variant of the SPYBOT WORM!No
XMicrosoft Helpsvchosl.exeAdded by the AGENT-GPX TROJAN!No
XMicrosoft Help Supportmshelp32.exeAddded by the KELVIR-BF WORM!No
XMicrosoft Help SVCmsnmngr.exeAdded by the SDBOT-PQ WORM!No
XMicrosoft Help Systemmshelp32.exeCoolWebSearch parasite variantNo
XMicrosoft Helpdesk Sidemshelpdsk.exeAdded by the SPYBOT.ANJJ WORM!No
XMicrosoft Host Protocolsvhost.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Hosting ServiceWINHOSTING.EXEAdded by the RBOT.AEV WORM!No
XMicrosoft Hosts ServiceIsass.exeAdded by a variant of the RBOT WORM!No
Xmicrosoft hotmail monitormshotmon.exeAdded by the MYTOB-FL WORM!No
XMicrosoft hren1mmhren1.exeAdded by a variant of the AGENT.IWW TROJAN!No
XMicrosoft Hyptertext Helpermshtha.exeAdded by a variant of the SPYBOT WORM!No
XMicrosoft IDCNmshe1p.exeAdded by an unidentified TROJAN!No
XMicrosoft IEIexplore.exeAdded by the FORBOT-AG WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System%No
XMicrosoft IE Execute shellIEExec.exeAdded by the ALADINZ.N TROJAN!No
XMicroSoft IE SasserISASS.EXEAdded by the SDBOT.MX WORM!No
XMicrosoft IISsyshost.exeAdded by the FRANCETTE WORM!No
XMicrosoft IIS[filename]Added by the FRANCETTE-S WORM!No
UMicrosoft IME 2002IMJPMIG.EXEMicrosoft's Input Method Editor for the Japanese language which is used to both display and enable the input of characters in e-mails, documents, web forms and other files - should you need to. Found on PCs where East Asian languages have been installed through the Regional and Language options icon in the Control PanelYes
XMicrosoft Inc.iexplorer.exeAdded by the LOVGATE.E WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe)No
XMicrosoft Inc.iexplorer.exe...Added by the LOVGATE.AO WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe)No
XMicrosoft Incroporatemfs.exeAdded by the RBOT-ANF WORM!No
XMicrosoft Inet Xp..teekids.exeAdded by the BLASTER.C WORM!No
XMicrosoft Informationsecurenet.exeAdded by the SDBOT.AJM WORM!No
XMicrosoft Information Checkmicrosoft.exeAdded by the IRCBOT.AUH TROJAN!No
XMicrosoft Initialization Serviceinitsvc.exeAdded by the IRCBOT.AXK BACKDOOR!No
XMicrosoft Initialization Servicesinitserv.exeAdded by the IRCBOT-ABO TROJAN!No
XMicrosoft Install Shield Servicesrundll64Added by the RBOT-FSH WORM!No
XMicrosoft Installshieldnundll32.exeAdded by the AGOBOT-AHZ WORM!No
XMicrosoft Instant Messengermsngmsngr32.exeAdded by the SPYBOTER.GEN TROJAN!No
XMicrosoft Int ServiceMsIntSrv.exeAdded by a variant of the RBOT WORM!No
UMicrosoft IntelliPointipoint.exeMicrosoft IntelliPoint utility (from version 5.5) - required to support the programmable buttons and additional features on Microsoft's range of mice, If this entry is disabled, any programmed buttons or program-specific settings will not be supportedYes
UMicrosoft IntelliPointpoint32.exeMicrosoft IntelliPoint utility (up to version 5.4) - required to support the programmable buttons and additional features on Microsoft's range of mice, If this entry is disabled, any programmed buttons or program-specific settings will not be supportedYes
UMicrosoft Intellitype Prospeedkey.exeAdditional keyboard shortcuts on MS programmable keyboardNo
UMicrosoft IntelliType Proitype.exeMicrosoft IntelliType Pro utility (from version 5.5) - required to support the multimedia keys, programmed keys and key macros on Microsoft's range of keyboards. If this entry is disabled, any programmed keys or actions will not be supported and keys will not function as expected in applications with advanced text services enabledYes
UMicrosoft IntelliType Protype32.exeMicrosoft IntelliType Pro utility (up to version 5.4) - required to support the multimedia keys, programmed keys and key macros on Microsoft's range of keyboards. If this entry is disabled, any programmed keys or actions will not be supported and keys will not function as expected in applications with advanced text services enabledYes
XMicrosoft Internal AntiVirus SystemsdIlhost.exeAdded by the RBOT-AEV WORM!No
XMicrosoft Internel Corporatnetvhost.exeAdded by a variant of the IRCBOT BACKDOOR!No
XMicrosoft Internel Corporatsmbvhost.exeAdded by a variant of the IRCBOT BACKDOOR!No
XMicrosoft Internetexpl0rer.exeAdded by a variant of the SPYBOT WORM!No
XMicrosoft Internetwindows32.exeAdded by the SDBOT-F WORM!No
XMicrosoft Internetwincfg16.exeAdded by a variant of the SDBOT WORM!No
XMicrosoft Internet Acceleration Utilityiau.exeEasySearch adwareNo
XMicrosoft Internet Acceleration Utility[path to file]Added by the AGENT-CX TROJAN!No
XMicrosoft Internet Acceleration Utility[path to trojan]Added by the SMUTSRCH-A TROJAN!No
XMicrosoft Internet Antivirus Protectionantivirus.exeDetected by Kaspersky as the IRCBOT.BSK TROJAN!No
XMicrosoft Internet Dumping Protocolinetdump.exeAdded by the IRCBOT.BLL BACKDOOR!No
XMicrosoft Internet Expiiexplorer.exeAdded by the RBOT-KX WORM!No
XMicrosoft Internet Exploreriexplore.exeAdded by the POEBOT-J WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System%No
XMicrosoft Internet Exploreriexplorer.exeAdded by the SDBOT-XN WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe)No
XMicrosoft Internet Explorercrsys32.exeAdded by the RBOT.UZ WORM!No
XMicrosoft Internet Explorermovies.exeAdded by the BANCOS-DZ TROJAN!No
XMicrosoft Internet Explorersvzhost.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Internet Explorermccagent.exeAdded by the DLOADER-UD TROJAN!No
XMicrosoft Internet Explorersysini.exeAdded by the DELF-LN TROJAN!No
XMicrosoft Internet Explorersvchost.exeAdded by the IRCBOT-AK TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "drivers" subfolderNo
XMicrosoft Internet ExplorerlEXPLORE.EXEAdded by the RBOT-AMM WORM! Note - the executable is spelt with a lower case "L" rather than an lower or upper case "i" which is the case with Internet ExplorerNo
XMicrosoft Internet Explorersvchosts.exeAdded by the BANCBAN-U TROJAN!No
XMicrosoft Internet Explorer[path to trojan]Added by the BANCBAN-AS TROJAN!No
XMicrosoft Internet Explorermsngrt.exeAdded by the SDBOT-GU BACKDOOR!No
XMicrosoft Internet Explorer_svchost.exeAdded by the TINY.LX TROJAN!No
XMicrosoft Internet Explorersmiissm.exeAdded by the DELF-KK TROJAN!No
XMicrosoft Internet Explorer Managerie.exeAdded by a variant of the IRCBOT TROJAN!No
XMicrosoft Internet Explorer Updateieupdate.exeAdded by the SHEUR.MH TROJAN!No
XMicrosoft Internet Firewallfirewall.exeAdded by the IRCBOT.MD BACKDOOR! Located in %System%No
XMicrosoft Internet Firewall ManagerGMT16.exeAdded by the RANDEX.AT WORM!No
XMicrosoft Internet Firewall Updateupdater.exeAdded by a variant of the IRCBOT TROJAN!No
XMicrosoft Internet ServicesSmss32.exeAdded by the RBOT.MS WORM!No
XMicrosoft Internet Syncinginetsync.exeAdded by the IRCBOT.BLL BACKDOOR!No
XMicrosoft Intrenet Explorergoaw.pifAdded by the RBOT-API WORM!No
XMicrosoft Intrenet ExplorerSoundsyst.exeAdded by the RBOT-AQU WORM!No
XMicrosoft Intrenet Explorercnsg.pifAdded by the RBOT-ARO WORM!No
XMicrosoft Intrenet Explorerwcumrg.exeAdded by the SDBOT-AFD WORM!No
XMicrosoft IPCsystem.exeAdded by the NULLBOT TROJAN!No
XMicrosoft IPCsvshost.exeAdded by an unidentified VIRUS, WORM or TROJAN!No
XMicrosoft IT Updatewin64.exeAdded by the RBOT.GA WORM!No
XMicrosoft IT Update[random filename]Added by a variant of the RBOT WORM!No
XMicrosoft IT UpdateIEserv.exeAdded by a variant of the RBOT WORM!No
XMicrosoft IT Updatemsupdate.exeAdded by the RBOT-FE WORM!No
XMicrosoft IT Updatewinn43.exeAdded by a variant of the RBOT WORM!No
XMicrosoft IT Updatesvchsst.exeAdded by the RBOT-DH WORM!No
XMicrosoft IT Updatewin43.exeAdded by the RBOT-SA WORM!No
XMicrosoft IT Updatewindows.exeAdded by the RBOT-JM WORM!No
XMicrosoft IT Updatewinsyst32.exeAdded by the RBOT-FC WORM!No
XMicrosoft IT UpdateRhost32.exeAdded by a variant of the IRCBOT TROJAN!No
XMicrosoft Java Virtual MachineMsConfiG.exeAdded by the FORBOT-DV WORM! Note - this is not the legitimate msconfig.exe which should only appear in Msconfig/Startup if you leave the warning box unchecked after changing an Msconfig entry and rebootingNo
XMicrosoft Java Virtual Machinemsjvm.exeAdded by a variant of the SDBOT WORM!No
XMicrosoft Java Virtual Machinejavavm.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Java Virtual Machinemsjavarxp.exeAdded by the FORBOT-DL WORM!No
XMicrosoft Java Virtual Machinewinscr32.exeAdded by a variant of the WOOTBOT WORM!No
XMicrosoft Java Windows Update[filename]Added by the RBOT-DZ WORM!No
XMicrosoft JavaVMmsjarun.exeAdded by the RBOT-JW WORM!No
XMicrosoft KernelWindows_kernel32.exeAdded by the NETSKY.AE WORM!No
XMicrosoft Keyboard Enhance 2.0.iasrecst.exeAdded by the BCKDR-QIL BACKDOOR!No
XMicrosoft Keyboard Enhance V2.0iasrecst.exeDetected by F-Prot as the DOWNLOADER2.AILI TROJAN!No
XMicrosoft Kinetik Svcmsftksvc.exeAdded by the AGENT.AGDO TROJAN!No
XMicrosoft LAN32 ProtocollanXp.exeAdded by the RBOT-SS WORM!No
XMicroSoft Legal ServiceSrb0ty.exeAdded by the SPYBOT.HW WORM!No
XMicroSoft Legal Syst3m32Syst3m32.exeAdded by the RBOT.UYL WORM!No
XMicrosoft Lmhosting Servicelmhosts.exeAdded by the RBOT-RC WORM!No
XMicrosoft Loaderwinsdnz.exeAdded by the RBOT-JJ WORM!No
XMicrosoft Locals 332[random filename]Added by the RBOT-KU WORM!No
XMicrosoft Locals466xagwxzy.exeAdded by the SPYBOT.EL WORM!No
UMicrosoft Location FinderLocationFinder.exeMicrosoft Location Finder "is a client-side application that turns a regular WiFi enabled laptop, Tablet or PC into a location determining device without the addition of any separate hardware"No
XMicrosoft Loginwinlogin.exeAdded by the RBOT-AJP WORM!No
XMicrosoft Loginswinlogins.exeAdded by the SPYBOT.BCZ WORM!No
XMicrosoft Logon User Interfacelogonnui.exeAdded by the RBOT-BCC WORM!No
XMicrosoft LSA layerMSLSA32.exeAdded by the RBOT-AKZ WORM!No
XMicrosoft Lsass CenterIsass.exeAdded by a variant of the SDBOT WORM!No
XMicrosoft Lsass Centertelecomes.exeAdded by a variant of the RBOT WORM! See hereNo
XMicrosoft Lsass Managerlsass.exeAdded by a variant of the SDBOT WORM! Note - this is not the legitimate lsass.exe process, which should not appear in Msconfig/Startup!No
XMicrosoft Lsass Servicewintcp32.exeAdded by a variant of the IRCBOT TROJAN!No
XMicrosoft LSASS386 Protocolscvhost32.exeAdded by a variant of the SPYBOT WORM!No
XMicrosoft LV[path to file]Added by the BDOOR-BDL BACKDOOR!No
XMicrosoft Machinewinjava.exeAdded by a variant of the AGOBOT/GAOBOT WORM!No
XMicrosoft machineblah.exeAdded by a variant of the RBOT WORM!No
XMicrosoft machinescvhost.exeAdded by the RBOT.AEU TROJAN!No
XMicrosoft Machineupdata.exeAdded by the RBOT-DJ WORM!No
XMicrosoft Machinetemp.exeAdded by the RBOT-FSQ WORM!No
XMicrosoft Machinewinxp43.exeAdded by the RBOT-IA WORM!No
XMicrosoft machinearcpack.scr.exeAdded by the RBOT.ADF BACKDOOR!No
XMicrosoft Machine Scriptiexplorersis.exeAdded by the RBOT-CMH WORM!No
XMicrosoft MachineUpdatesetempes.exeAdded by the RBOT.EWN BACKDOOR!No
XMicrosoft Macro Protection SubSsymsacroprots386.exeAdded by the RBOT-KE WORM!No
XMicrosoft Macro Protection Subsystemsmsmacroprotxz.exeAdded by a variant of the SPYBOT WORM!No
XMicrosoft Macro Protection SubsystemsMsmacroprot32.exeAdded by the RBOT.KN WORM! No
XMicrosoft Manage Servicessychost.exeAdded by the SLENFBOT.AD WORM!No
XMicrosoft Manage Servicesschost.exeAdded by the SLENFBOT.B WORM!No
XMicrosoft Managementlmas.exeAdded by the FORBOT-CZ WORM!No
XMicrosoft Management Consolelssas.exeEasySearch adwareNo
XMicrosoft Management Console[path to trojan]Added by the SMUTSRCH-A TROJAN!No
XMicrosoft Management Consolelssas1.exeAdded by the DLOADR-AWD TROJAN!No
XMicrosoft Managermsmanager.exeAdded by the MYTOB.LF WORM!No
XMicrosoft Map PCmappc.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Mapped PCmappedpc.exeAdded by a variant of the RBOT WORM!No
XMicrosoft mediawinmplayers.exeAdded by a variant of the SPYBOT WORM!No
UMicrosoft Media Center Tray AppletehTray.exeMedia Center Tray Applet - part of Windows Media Center on XP MCE, Vista and Windows 7 (where it doesn't run as a startup). Allows Windows Media Center to be started by pressing the green button on a remote control and also displays System Tray notifications, such as recording status (successful or non-successful), EPG download notification, etcYes
XMicrosoft Media Managermedman.exeAdded by the RBOT.EUZ WORM!No
XMicrosoft Media player 9msmedia32.exeAdded by the RBOT-ADO WORM!No
XMicrosoft media servicesIassd.exeAdded by a variant of the AGOBOT/GAOBOT WORM!No
XMicrosoft media serviceswinmplayer.exeAdded by the RBOT.ZO WORM!No
XMicrosoft MediaScopewinmes.exeAdded by the RBOT-XU WORM!No
XMicrosoft Memory Dumping Protocolmemdump.exeAdded by the IRCBOT.BJK BACKDOOR!No
XMicrosoft Memory Flow Cycleflowcycle.exeAdded by the IRCBOT.WAD BACKDOOR!No
XMicrosoft Memory Flow Cycleflowcycles.exeAdded by the WAREZOV.AAK WORM!No
XMicrosoft Message Machinemsmesg32.exeAdded by the SPYBOT.BI WORM!No
XMicrosoft Messenger Management Controlsmsmgmctl.exeAdded by the RBOT-APA WORM!No
XMicrosoft messenger sdmsngersd.exeAdded by an unidentified TROJAN!No
XMicrosoft Messenger Servicemsmsg32.exeAdded by the RBOT.BOK WORM!No
XMicrosoft Messenger XPMSMSN32.exeAdded by the RBOT-ZP WORM!No
XMicrosoft MicroP Protocolwdgmr32.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Ming Serviceming.exeAdded by the RBOT-AWS WORM!No
XMicrosoft Monitorsexplorers.exeAdded by the RBOT-FPV WORM!No
XMicrosoft Movie MakerMmaker.exeAdded by the IRCBOT.C TROJAN! Note that this is not a valid Microsoft programNo
XMicrosoft MSGPLUS32 Protocolmsgplus32.exeAdded by a variant of the SPYBOT WORM!No
XMicrosoft MSN 7 Servicesmsnmsg.exeAdded by a variant of the IRCBOT BACKDOOR!No
XMicrosoft MSN 7 Servicesmsnmsger.exeAdded by a variant of the IRCBOT BACKDOOR!No
XMicrosoft MSN Messengermsnmnsgr.exeAdded by a variant of the IRCBOT TROJAN!No
XMicrosoft Msn Messengermsmsgs.exeAdded by the BUZUS.AYX TROJAN! Note - this particular msmsgs.exe file is located in %System% and should not be mistaken for the MSN Messenger file of the same name which is located in %Program Files%\MessengerNo
XMicrosoft MSN Servicesmsnsm.exeAdded by the RBOT.ARV BACKDOOR!No
XMicrosoft MSNGR32 Protocolmsngr32.exeAdded by a variant of the SPYBOT WORM!No
XMicrosoft msnserumsnseru.exeAdded by the RBOT-APB WORM!No
XMicrosoft MsnSTmsnst32.exeAdded by a variant of the RBOT WORM!No
XMicrosoft MSUPDATESpoolSvc.exeAdded by the SXTB-A TROJAN!No
XMicrosoft Neser Experiencenese.exeAdded by the RBOT-YH WORM!No
XMicrosoft NetMeeting Associates, Inc.NetMeeting.exeAdded by the LOVGATE.AB WORM!No
XMicrosoft Netviewgesfm32.exeAdded by the RANDEX.C WORM!No
XMicrosoft Netviewmssvc32.exeAdded by an unidentified VIRUS, WORM or TROJAN!No
XMicrosoft Netview Component v5.1msnv32.exeAdded by the RANDEX.F WORM!No
XMicrosoft Networkmsnet.exeAdded by the MOCKBOT.A WORM!No
XMicrosoft NetworkNetworksystem.exeAdded by the SDBOT-AAI WORM!No
XMicrosoft Network Daemon for Win32Netd32.exeAdded by the SDBOT.R TROJAN!No
XMicrosoft Network Hostsvc0host.exeAdded by the SDBOT-AEN WORM!No
XMicrosoft Network Neighbourhoodnetworknbh.exeAdded by the RBOT.DMN WORM!No
XMicrosoft Network Services Controllermmsvc32.exeAdded by the NANPY-A WORM!No
XMicrosoft Networking Agent For SP2msnac32.exeAdded by the SPYBOT.PEN WORM!No
XMicrosoft Nod32 Servicenood32.exeAdded by the RBOT.EJP WORM!No
XMicrosoft Norotn Anti Virusmnhpot.exeAdded by the RBOT-GRO WORM!No
XMicrosoft Norton Antivirusnorton.exeAdded by a variant of the IRCBOT TROJAN!No
XMicrosoft NotePadnotepad.exeAdded by a variant of the RBOT WORM!No
XMicrosoft NT Driversntdrv.exeAdded by the SDBOT.AJN TROJAN! No
XMicrosoft NT Updatewinexec32.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Nvidia Videonvidia.exeAdded by a variant of the SDBOT WORM!No
NMicrosoft Officeosa.exeOn older versions of MS Office this launches common Office components to help speed up the launch of Office programs. On slower machines it can be a resource hog and some users claim there's no difference with or without it - but it usually isn't required. This must be left enabled if you use the Microsoft Office Shortcut Bar (MSOFFICE.EXE) and have set it to load at startup. Available via Start → All ProgramsYes
NMicrosoft OfficeMsoffice.exeFeature included with older versions of MS Office giving you access to common Office functions and optional shortcuts to Office (and other) programs. Some people prefer it but a better way is to create desktop shortcuts if you want access these features and programs quickly. Also available via Start → All ProgramsYes
XMicrosoft OfficeMSMSGR.exeAdded by the GAOBOT.BB WORM!No
NMicrosoft OfficeOsa9.exeOn older versions of MS Office this launches common Office components to help speed up the launch of Office programs. On slower machines it can be a resource hog and some users claim there's no difference with or without it - but it usually isn't required. This must be left enabled if you use the Microsoft Office Shortcut Bar (MSOFFICE.EXE) and have set it to load at startup. Available via Start → All ProgramsYes
XMicrosoft Officelserv.exeAdded by the SDBOT.MH WORM!No
XMicrosoft OfficeMicrosoft Office.htaHTA file which creates an executable on the hard drive which subsequently proceeds to download files from a malware site!No
XMicrosoft Officemsoicons.exeAdded by the RBOT-ZI WORM! - NOTE - do no confuse with the legitimate Msoicons.exe file described here. The latter wil not be listed among your startups!No
XMicrosoft OfficeNxcao.exeAdded by the RBOT-ZE WORM!No
XMicrosoft Officenxcxtpr.exeAdded by the RBOT-YG WORM!No
XMicrosoft Officesvxhost.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Officemsoffice32.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Officemsoff.exeAdded by the RAKER-C TROJAN!No
XMicrosoft Officemicrosoft.exeAdded by the BANKER-VF TROJAN!No
XMicrosoft Officemsvcp.exeAdded by the AGENT-XK TROJAN!No
XMicrosoft Officemsmsgr.exeAdded by the GAOBOT.BB WORM!No
XMicrosoft Officemdm.exeAdded by the IBOT-A TROJAN! Note - this is not the legitimate Machine Debug Manager (mdm.exe) process which is located in %ProgramFiles%\Common Files\Microsoft Shared\VS7Debug (98/Me/XP/Vista) or C:\WINDOWS\SYSTEM (Me only)No
UMicrosoft Office 2010BCSSync.exePart of SharePoint Server 2010 which is part of the Microsoft Office 2010 suite. "Business Connectivity Services (BCS) uses a cache to store a copy of the external data required by the BCS solutions deployed on the Office client. A process called BCSSync.EXE runs on the client and provides automatic cache refresh and data synchronization of the entity instances." For more information - see hereNo
NMicrosoft Office Fast CacheFastboot.exePart of MS Office 95 (v7.0). According to this it improves the performance. Most likely a predecessor of MS Find Fast and can be disabledNo
UMicrosoft Office GrooveGROOVE.EXESystem Tray access to and alerts for MS Office Groove - a stand-alone product or included with the Enterprise/Ultimate versions of MS Office 2007. "A collaboration software program that helps teams work together dynamically and effectively, even if team members work for different organizations, work remotely, or work offline". Users can create workspaces and invite other Groove users to share the workspace and when a document is edited within the workspace the changes made become available to all other users in the workspace when they come online - synchronized using LAN, WAN and the InternetYes
XMicrosoft Office Monitoralg2k.exeAdded by the SDBOT-CZO WORM!No
XMicrosoft Office Monitoraql32.exeAdded by the RBOT-GCY TROJAN!No
NMicrosoft Office OneNoteONENOTEM.EXESystem Tray access to MS Office OneNote 2003 & 2007 - an electronic notebook that allows you to create free-form notes, including text, graphics and audio/video. When running, ONENOTEM.EXE also enables the WINDOWS KEY combinations - such as WINDOWS KEY+N (new Side Note - 2007 only) and WINDOWS KEY+S (insert screen grab into a note). Leave the icon enabled in OneNote but move the shortcut from Start → All Programs → Startup to the desktop or elsewhere on the Start menu and run when neededYes
NMicrosoft Office OneNote 2003 Quick LaunchONENOTEM.EXESystem Tray access to MS Office OneNote 2003 - an electronic notebook that allows you to create free-form notes, including text, graphics and audio/video. When running, ONENOTEM.EXE also enables the WINDOWS KEY+S key combination to insert screen grab into a note. Leave the icon enabled in OneNote but move the shortcut from Start → All Programs → Startup to the desktop or elsewhere on the Start menu and run when neededYes
XMicrosoft Office quick launchOSA.exeAdded by the VBOT.A BACKDOOR! Note that OSA.exe was used in older versions of Office to launch common components to help speed up the launch but it is no longer normally used - see here. This file is located in a valid MS Office 2003 (aka Office 11) directory - %Program Files%\Microsoft Office\OFFICE11 - and may overwrite a valid fileNo
XMicrosoft Office Quick Launcheriau1.exeAdded by the DLOADR-AWD TROJAN!No
NMicrosoft Office Shortcut BarMsoffice.exeFeature included with older versions of MS Office giving you access to common Office functions and optional shortcuts to Office (and other) programs. Some people prefer it but a better way is to create desktop shortcuts if you want access these features and programs quickly. Also available via Start → All ProgramsYes
XMicrosoft Office Startwinupdates.exeAdded by the GAOBOT.BC WORM!No
NMicrosoft Office Startuposa.exeOn older versions of MS Office this launches common Office components to help speed up the launch of Office programs. On slower machines it can be a resource hog and some users claim there's no difference with or without it - but it usually isn't required. This must be left enabled if you use the Microsoft Office Shortcut Bar (MSOFFICE.EXE) and have set it to load at startup. Available via Start → All ProgramsNo
NMicrosoft Office StartupOsa9.exeOn older versions of MS Office this launches common Office components to help speed up the launch of Office programs. On slower machines it can be a resource hog and some users claim there's no difference with or without it - but it usually isn't required. This must be left enabled if you use the Microsoft Office Shortcut Bar (MSOFFICE.EXE) and have set it to load at startup. Available via Start → All ProgramsNo
XMicrosoft Office Studioscvhvst.exeAdded by the RANDEX.CST WORM!No
XMicrosoft OfficeToolsvchosts.exeAdded by the DUTAN.A WORM!No
XMicrosoft OfficeXPofficeXP.exeAdded by the KILLAV.MA WORM!No
XMicrosoft OfficeXPvcvsdf.exeAdded by the SDBOT-SF WORM!No
XMicrosoft Ofticemsmsgs.exeAdded by the IRCBOT.ALT WORM! Note - this particular msmsgs.exe file is located in %System% and should not be mistaken for the MSN Messenger file of the same name which is located in %Program Files%\MessengerNo
XMicroSoft OneCareFreeS3x.exeAdded by the SDBOT-DJT WORM!No
XMicrosoft OpeionsIEXwe.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Outlook Express Protocolsvchst.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Patch Updatebootini.exeAdded by the RBOT-FMN WORM!No
XMicrosoft PC Health Remote Assistance File Open & Save controlssfrcdlg32.exeAdded by the RBOT-AVY WORM!No
XMicrosoft PCHealth32[path to file]Added by the NICE-A TROJAN!No
XMicrosoft PCHealth32NDDENB.exeAdded by the PWSYAHOO-A TROJAN!No
XMicrosoft PCI Managermspci.exeAdded by the RBOT.BBG WORM!No
NMicrosoft People Near Mep2phost.exeSigns a user into the People Near Me feature at login in Windows 7 and Vista. People Near Me enables you to use certain peer-to-peer (P2P) programs on a network - that "identifies people nearby who are using computers and allows those people to send you invitations for programs such as Windows Meeting Space. They can only invite you to participate in programs that are installed on your computer." Available via Start → Control PanelYes
XMicrosoft Personal Firewallsbakw.exeAdded by the RBOT-KS WORM!No
XMicrosoft Problem Doctorwindr128.exeAdded by the SMALLTRO.EF TROJAN!No
XMicrosoft Problem Doctorwindr32.exeAdded by a variant of the SMALLTRO.EF TROJAN!No
XMicrosoft Problem Doctorwindr64.exeAdded by a variant of the SMALLTRO.EF TROJAN!No
XMicrosoft Proc Driver32msprc.exeAdded by a variant of the WOOTBOT WORM!No
XMicrosoft Procedure CallMSPCALL.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Process Managerprocess32.exeAdded by the CHECKOUT WORM!No
XMicrosoft Profile Managerprofile.exeAdded by a variant of the IRCBOT TROJAN!No
XMicrosoft Protection Subsystemsmsm32.exeAdded by the RBOT-JU WORM!No
XMicrosoft PSTCP32 Datapstcp32.exeAdded by a variant of the RBOT WORM!No
XMicrosoft QMGRmsnqmgr.exeAdded by the IRCBOT-S TROJAN!No
XMicrosoft quick launchOSA.exeAdded by a variant of the VBOT.A BACKDOOR! Note that OSA.exe was used in older versions of Office to launch common components to help speed up the launch but it is no longer normally used - see here. This file is located in a valid MS Office 2003 (aka Office 11) directory - %Program Files%\Microsoft Office\OFFICE11 - and may overwrite a valid fileNo
XMicrosoft RDLLsysconf32.exeAdded by a variant of the SDBOT TROJAN!No
XMicrosoft Redirect[path to file]Added by the BANKER-FW TROJAN!No
XMicrosoft Redirectsysten.exeAdded by the BANCOS-FO TROJAN!No
XMicrosoft Regestry Edit Managerregedit.exeAdded by the SHEUR.HC TROJAN! Note - this is not the valid Windows registry editor which resides in %Windir% and will not normally figure in Msconfig/Startup! This version resides in %System%No
XMicrosoft Regestry Managerregedit32.exeAdded by a variant of the IRCBOT.ARD WORM!No
XMicrosoft Regestry Managerregistry32.exeAdded by the IRCBOT.ARD WORM!No
XMicrosoft Registrosvchostt.exeAdded by the BANCOS-DH TROJAN! No
XMicrosoft Registrycsrse.exeAdded by the RBOT-PC WORM! No
XMicroSoft Remote Secure ServiceMSRSS.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Restorescrgrd.exeAdded by the SPYBOT.BR WORM!No
XMicrosoft Router Managerlinksys.exeAdded by a variant of the IRCBOT TROJAN!No
XMicrosoft Router Managerrouter.exeAdded by a variant of the IRCBOT TROJAN!No
XMicrosoft Rundllwindos.exeAdded by the SDBOT-WF WORM!No
XMicrosoft RuntimeCfgDll32.exeAdded by the RANDEX.BD WORM!No
XMicrosoft Safe Mode Managersafemode.exeAdded by the IRCBOT.HM BACKDOOR!No
XMicrosoft Scanregmicrosoftscanreg.exeAdded by the FRANRIV.A WORM!No
XMicrosoft SCVHOST32 Protocolscvhost32.exeAdded by a variant of the RBOT WORM!No
XMicrosoft sddcE Contoltaskmnegr.exeAdded by the RBOT-AUM WORM!No
XMicrosoft sddcE Contoltaskmn.exeAdded by the RBOT-BJZ WORM!No
XMicrosoft sdk tempsdktemp.exeAdded by the RBOT-ANP WORM!No
XMicrosoft SDKP3mswinsdq.exeAdded by the RBOT-ARY WORM!No
XMicrosoft SecureMessenger.NET ServiceAdded by the FORBOT-AM WORM!No
XMicrosoft Secure Messenger.NET Servicesecuritychk.exeAdded by the SDBOT.VT WORM!No
XMicrosoft SecuritywinService.exeAdded by a variant of the RBOT WORM!No
XMicrosoft security advisermssadv.exeMicrosoft Security Adviser rogue security software - not recommendedNo
XMicrosoft Security Centersavservices.exeAdded by the RBOT-ANU WORM!No
XMicrosoft Security Centerwcsntfy.exeAdded by the SDBOT.BYD WORM!No
XMicrosoft Security Controlersfxsecues.exeAdded by a variant of the SDBOT WORM!No
YMicrosoft Security Essentialsmsseces.exeSystem Tray access to a notifications from Microsoft Security Essentials which "provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software"Yes
XMicrosoft Security GManagers[random filename]Added by a variant of the SDBOT WORM!No
XMicrosoft Security Hot Fix Updatemshotfix.exeAffilred adwareNo
XMicrosoft Security Managementwinnt.exeAdded by the RBOT-MQ WORM! No
XMicrosoft Security Managementwinserv.exeAdded by the RBOT-MJ WORM!No
XMicrosoft Security Managementwinamp.exeAdded by a variant of the RBOT WORM! Note - this is NOT the popular Winamp media player which resides in a "Winamp" subdirectory of the Program Files directoryNo
XMicrosoft Security Managementwuauct1.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Security Managementbling.exeAdded by the RBOT.XL WORM!No
XMicrosoft Security Managementsp2fix.exeAdded by the RBOT.UB WORM!No
XMicrosoft Security Managerwinamp.exeAdded by the RBOT.TU WORM! Note - this is NOT the popular Winamp media player which is located in %ProgramFiles%\Winamp. This one is located in %System%No
XMicrosoft Security Monitor Processmssmp.exeAdded by the RBOT-FUB WORM!No
XMicrosoft Security Monitor Processmnsmp.exeAdded by a variant of the IRCBOT BACKDOOR!No
XMicrosoft Security Monitor Processmsmp.exeAdded by the RBOT.GKQ WORM!No
XMicrosoft Security Monitor Processmssm32.exeAdded by a variant of the IRCBOT TROJAN!No
XMicrosoft Security Monitor Processlsas.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XMicrosoft Security Monitor Processmsword.exeAdded by the VIRUT.P VIRUS!No
XMicrosoft Security Monitor Processservice.exeAdded by the DELF.BERW BACKDOOR!No
XMicrosoft Security Monitor Processsvcchost.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XMicrosoft Security Monitor Processwindowsupdate.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XMicrosoft Security Monitor Process[random filename]Added by variants of the RBOT WORM! See hereNo
XMicrosoft Security Monitor Processcom.exeAdded by a variant of the IRCBOT BACKDOOR!No
XMicrosoft Security Monitor Processexel.exeAdded by the SDBOT.AFX BACKDOOR!No
XMicrosoft Security Monitor Processfirewall.exeAdded by a variant of the IRCBOT BACKDOOR! Located in %System%No
XMicrosoft Security Monitor Processflash.exeAdded by the EGGDROP.EE BACKDOOR!No
XMicrosoft Security Monitor Processhel.exeAdded by the EGGDROP.V BACKDOOR!No
XMicrosoft Security Monitor ProcessHelpMe.exeAdded by the VB.BJO TROJAN!No
XMicrosoft Security Monitor Processkar.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XMicrosoft Security Monitor Processlindicracker.exeAdded by the BIFROSE.GR BACKDOOR!No
XMicrosoft Security Monitor Processmail.exeAdded by a variant of the IRCBOT BACKDOOR!No
XMicrosoft Security Monitor Processmmp.exeAdded by a variant of the IRCBOT BACKDOOR!No
XMicrosoft Security Monitor Processmssm32.exeAdded by a variant of the IRCBOT BACKDOOR!No
XMicrosoft Security Monitor Processmssmpi32.exeAdded by a variant of the RBOT WORM! See hereNo
XMicrosoft Security Monitor Processnitty.exeAdded by the RBOT.AEU BACKDOOR!No
XMicrosoft Security Monitor Processofice.exeAdded by the VIRUT.N VIRUS!No
XMicrosoft Security Monitor Processpoint.exeAdded by the IRCBOT.AVP BACKDOOR!No
XMicrosoft Security Monitor Processprinc.exeAdded by the HUPIGON.WTL TROJAN! No
XMicrosoft Security Monitor Processweb.exeAdded by the EGGDROP.V BACKDOOR!No
XMicrosoft Security Monitor Processwinsys32.exeAdded by the VIRUT.N VIRUS!No
XMicrosoft Security Monitor Processwinsyss32.exeAdded by the RBOT.AEU BACKDOOR!No
XMicrosoft Security Monitor Processword.exeAdded by the EGGDROP.DC BACKDOOR!No
XMicrosoft Security Panager[filename]Added by the RBOT-ANL WORM!No
XMicrosoft Security Panagers[random filename]Added by the RBOT-AIG WORM!No
XMicrosoft Security Panagerszzoboony.exeAdded by the RBOT-AOI WORM!No
XMicrosoft Security Pansasagersdgkztsqgn.exeAdded by the RBOT-BBJ WORM!No
XMicrosoft Security Processwininit.exeAdded by the RBOT-FKM WORM!No
XMicrosoft Security Systemmssecsys.exeAdded by the IRCBOT-WJ TROJAN!No
XMicrosoft Security Updatesecurity32.exeAdded by the DELF-JJ TROJAN!No
XMicrosoft Serverrserv.exeAdded by the AGOBOT.AVS WORM!No
XMicrosoft Server Applacationsmsnmsg.exeAdded by the AGOBOT.BBM WORM!No
XMicrosoft Server Applacationswuauct1.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Server Applacationslsasss.exeAdded by the RBOT-AQQ WORM!No
XMicrosoft Server ApplacationsQ8See.exeAdded by the SPYBOT.GEN3 TROJAN!No
XMicrosoft Server Applacationscli.exeAdded by the RBOT-GAQ WORM!No
XMicrosoft Server ApplicationSound.exeAdded by the RBOT-NE WORM! No
Xmicrosoft server baselass.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Server Processsvhst32.exeAdded by the BCKDR-QHR BACKDOOR!No
XMicrosoft Servicemicrohost.exeAdded by the RBOT-LC WORM!No
XMicrosoft Servicewinsvc.exeAdded by the SPYBOT-DB WORM!No
XMicrosoft Servicerundll.exeAdded by the POPO-A WORM! Note - this is NOT the Win9x/Me system file of the same name as described hereNo
XMicrosoft Serviceservice.exeAdded by the IRCBOT-XX BACKDOOR!No
XMicrosoft Servicewinspl.exeSpyman spywareNo
XMicrosoft servicecssrs.exeAdded by the STARTP-DC TROJAN!No
XMicrosoft Service 32mssvc32.exeAdded by a variant of the IRCBOT TROJAN!No
XMicrosoft Service 32sysddm32.exeAdded by the SDBOT.AKC WORM!No
XMicrosoft Service Access ManagerAccess.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XMicrosoft Service Bootsboot.exeAdded by a variant of the IRCBOT TROJAN!No
XMicrosoft Service Controllerservices.exeAdded by the KALEL-D WORM! Note - this is not the legitimate services.exe process, which should not appear in Msconfig/Startup!No
XMicrosoft Service Disk Cycledisksave.exeAdded by a variant of the IRCBOT TROJAN!No
XMicrosoft Service DriversSystem.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Service DriversVSADNIM.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Service Execution Managerexecute.exeAdded by a variant of the IRCBOT TROJAN! See hereNo
XMicrosoft Service firewall Managerfirewall.exeAdded by a variant of the SDBOT BACKDOOR! Located in %System%No
XMicrosoft Service Host Manager32svchost.exeAdded by a variant of the IRCBOT TROJAN!No
XMicrosoft Service Host Processsvchost.exeAdded by the KRYNOS.B WORM! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\HelpNo
XMicrosoft Service Informationmsnservices.exeAdded by the RBOT.ID WORM!No
XMicrosoft Service Login Managerwinlogin.exeAdded by a variant of the IRCBOT TROJAN!No
XMicrosoft Service Managerservice32.exeAdded by the IRCBOT.WDW BACKDOOR!No
XMicrosoft Service Managerwinsvc.exeAdded by a variant of the RBOT WORM! See hereNo
XMicrosoft Service PackWindowsSP.exeAdded by the RBOT-RF WORM!No
XMicrosoft Service Pack2.1svchost2.exeAdded by the RBOT.ASN BACKDOOR!No
XMicrosoft Service ToolsMStools1.exeAdded by the RBOT-BHT WORM!No
XMicrosoft Serviceslsserv.exeAdded by an unidentified VIRUS, WORM or TROJAN!No
XMicrosoft Serviceslssrv.exeAdded by the RBOT.CW WORM!No
XMicrosoft Servicesservices.exeAdded by the ALETS TROJAN! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
XMicrosoft Serviceslsrv.exeAdded by the RBOT-BK WORM!No
XMicrosoft Servicessvshost.exeAdded by the ALETS.B TROJAN!No
XMicrosoft Servicesbsc32.exeAdded by the BDOOR-AW BACKDOOR!No
XMicrosoft ServicesSmss32.exeAdded by the RBOT-AD WORM!No
XMicrosoft Servicessvssshost.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Servicesmodule.exeAdded by the LAVITS WORM!No
XMicrosoft Servicesmsmpserv.exeAdded by the IRCBOT.BKA BACKDOOR!No
XMicrosoft Services UnitdMSU32.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Servicez Managerservicemgrz.exeAdded by the RBOT-ASN WORM!No
XMicrosoft Session Manager Subsystemsmss.exeAdded by the KALEL-D WORM! Note - this is not the legitimate smss.exe process which should NOT appear in Msconfig/Startup!No
XMicrosoft Setup Initializazionlocalhost.exeAdded by a variant of the IRCBOT TROJAN!No
NMicrosoft Sidewinder Game Controller SoftwareSWTRAY.EXEMS SideWinder game controller system tray icon. Available via Start -> ProgramsNo
XMicrosoft Sinsupodjiwjf.exeAdded by the RBOT-DN WORM!No
XMicrosoft Softwaresysinfo33.exeAdded by the RBOT.LS WORM!No
Xmicrosoft software****.exe [* = random char]Added by an unidentified WORM or TROJAN!No
XMicrosoft softwarecdaccess.exeAdded by the RBOT.ABK WORM!No
XMicrosoft Software Updatenmon.exeAdded by the RBOT.HZ WORM!No
XMicrosoft Sound Driversound32.exeAdded by a variant of the SPYBOT WORM!No
XMicrosoft Sound Technologywinsound.exeAdded by the RBOT-AGG WORM!No
NMicrosoft Sound Volume Toolmssvol.exeThis is a Blue version of the yellow speaker icon on the system tray and is used to edit advanced Sound Features that the MS DSS80 Speakers add. Should be accessible via Start -> Settings -> Control PanelNo
XMicrosoft Soundssoundman.exeAdded by the RBOT-GCI WORM!No
XMicrosoft SpA Servicemsapps.exeAdded by the RBOT-VI WORM!No
XMicrosoft SpA Servicewin32.exeAdded by the RBOT.ATS WORM!No
XMicrosoft SpA ServiceWinupd32.exeAdded by the RBOT.LT WORM!No
XMicrosoft SpAr Servicewinsbsd32.exeAdded by the RBOT-RN WORM!No
XMicrosoft Special offerinfoebay.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Spool ** Servicespool**.exeAdded by a variant of the IRCBOT TROJAN - where ** represents a 2 digit numberNo
XMicrosoft Spool Server for Win32spoolsrv.exeAdded by the RANDEX.H WORM!No
XMicrosoft Spool Svcspoolsvc32.exeAdded by a variant of the IRCBOT BACKDOOR!No
XMicrosoft Spooler ServicesSpoolsv.exeAdded by a variant of the SPYBOT WORM! See hereNo
XMicroSoft ssadsadas3s1eXtream.exeAdded by the SPYBOT.ZK TROJAN!No
XMicroSoft ssadssjdhasjadas3s1kdjfsdklfjsl.exeAdded by the SDBOT.AEX WORM!No
XMicroSoft ssas3s1SADASDA.exeAdded by the RBOT.URF WORM!No
XMicrosoft SSISVRI32 Protocolssisvri.exeAdded by a variant of the SPYBOT WORM!No
XMicrosoft Standard Executions Librarywin32lib.exeAdded by the RBOT-AUK WORM!No
XMicrosoft standard protectorwinsocks5.exeAdded by the SMALL.CF TROJAN!No
XMicrosoft standard protector[path to trojan]Added by the STOX-C TROJAN!No
XMicrosoft standard protectorsocks.exeAdded by the TIBS.VQ TROJAN!No
XMicrosoft startupwmpIayer.exeAdded by the IRCBOT.ACI TROJAN!No
XMicrosoft Startup Managersysservice.exeAdded by the AVALANEC TROJAN!No
NMicrosoft Sticky Notesstikynot.exeMicrosoft Sticky Notes - virtual sticky notes tool from Windows Vista. This implementation of the popular yellow "Post-It" tool is part of the Tablet PC features and allows you to enter either handwriting (via a pen or mouse) or record a voice note. AVailable via Start → All ProgramsYes
XMicrosoft Stuff you knowwinslogin.exeAdded by a variant of the SDBOT WORM!No
XMicrosoft Sum32sum32.exeAdded by the RBOT-YW WORM!No
XMicrosoft Supportsys32ms.exeAdded by the RBOT-AHI WORM!No
Xmicrosoft supportsvchostt.exeAdded by the AGOBOT.AWN WORM!No
XMicrosoft SVCmssvc.exeAdded by the BIFROSE-UQ TROJAN!No
XMicrosoft Svchost local serviceswinoem.exeAdded by the RBOT-FPE WORM!No
XMicrosoft Svchost local servicesnzm23.exeAdded by the RBOT-GMC WORM!No
XMicrosoft Svchost local servicesmsnserver.exeAdded by the RBOT-GPM WORM!No
XMicrosoft Syn ManagerManager.exeAdded by the SDBOT.BEF WORM!No
XMicrosoft Synchronization Managerasgard.exeAdded by the SDBOT-AEA WORM!No
XMicrosoft Synchronization Managerbot.exeAdded by the SDBOT.IH WORM!No
XMicrosoft Synchronization Managernetscape.exeAdded by the RANDEX.AE WORM!No
XMicrosoft Synchronization Managerslhost.exeAdded by the SDBOT.YH WORM!No
XMicrosoft Synchronization Managersvhost.exeAdded by the SDBOT-PY WORM!No
XMicrosoft Synchronization ManagerWinLoginnn.exeAdded by the SPYBOT.FO WORM!No
XMicrosoft Synchronization Managerwinupdate.exeAdded by the SDBOT.ER WORM!No
XMicrosoft Synchronization ManagerxXx.exeAdded by the SDBOT-KZ WORM!No
XMicrosoft Synchronization Manageraapie.exeAdded by the SDBOT-OZ WORM!No
XMicrosoft Synchronization Manager___synmgr.exeAdded by the MASLAN.A or MASLAN.C WORMS!No
XMicrosoft Synchronization Manageral.exeAdded by the OPTXPRO.132 TROJAN!No
XMicrosoft Synchronization Managerwin.exeAdded by the SDBOT.AK WORM!No
XMicrosoft Synchronization Managerjava.exeAdded by a variant of the SDBOT WORM!No
XMicrosoft Synchronization Managersvchosts.exeAdded by the SDBOT-LM WORM!No
XMicrosoft Synchronization Managerwinlogon32.exeAdded by the SDBOT.AEU WORM!No
XMicrosoft Synchronization Managersvxhost.exeAdded by the SDBOT-ZU WORM!No
XMicrosoft Synchronization Managerwincfg32.exeAdded by the SDBOT.DO WORM!No
XMicrosoft Synchronization Managerscreen.exeAdded by the SDBOT-ACO WORM!No
XMicrosoft Synchronization Managerdevldr32.exeAdded by a variant of the RBOT WORM! Note - do not confuse with the legitimate Creative Labs devldr32.exe fileNo
XMicrosoft Synchronization Managerexplorer.exeAdded by the SDBOT-AEA WORM! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%No
XMicrosoft Synchronization Managerfirewire.exeAdded by the SDBOT-AFC WORM!No
XMicrosoft Synchronization Managerwmedia.exeAdded by the SDBOT.BFC WORM!No
XMicrosoft Synchronization Managerwin932.exeAdded by the SDBOT.AH WORM!No
XMicrosoft Synchronization Managermircup.exeAdded by the SDBOT.BQD WORM!No
UMicrosoft Synchronization Managermobsync.exeMicrosoft Synchronization Manager for 2K/XP - used to update network copies of materials that were edited offline, such as documents, calendars, and e-mail messages. Available via Start → All Programs → Synchronize, this entry appears if you select Setup → "When I log on to my computer"Yes
XMicrosoft Synchronization Manageralien.exeAdded by the SDBOT-MV BACKDOOR!No
XMicrosoft Synchronization Managermicrosoft.exeAdded by the SDBOT-OM WORM!No
XMicrosoft Synchronization Manager 2svhostc.exeAdded by the SLINBOT.ST WORM!No
XMicroSoft sys32sysmsgr32.exeAdded by a variant of the SPYBOT WORM! See hereNo
XMicroSoft sys3s1h4ckn3t.exeAdded by the RBOT.QTY WORM!No
XMicrosoft Systemmsupdtm.exeAdded by the SPYBOT.PKC WORM!No
XMicrosoft Systemmssys32.exeAdded by the PETTICK.A WORM!No
XMicrosoft Systemsys.exeAdded by the RBOT.AKI WORM!No
XMicrosoft Systemwinamp1.exeAdded by the SDBOT-UF WORM!No
XMicrosoft System Administrationsystem.exeAdded by a variant of the IRCBOT BACKDOOR!No
XMicrosoft System Backup[random filename]Added by the RBOT-AGM WORM!No
XMicrosoft System CheckupCool.exeAdded by the DONK.B WORM!No
XMicrosoft System CheckupWnetlib.exeAdded by the DONK.C WORM!No
XMicrosoft System Checkupdbnetlib.exeAdded by the DONK.L WORM!No
XMicrosoft System CheckupKeymgr.exeAdded by the DONK.M WORM!No
XMicrosoft System Checkupinetman.exeAdded by the DONK.O WORM!No
XMicrosoft System Checkupntsysmgr.exeAdded by the DONK.S WORM!No
XMicrosoft System Checkupntsysman.exeAdded by the SDBOT-QW WORM! No
XMicrosoft System Checkuplibsysmgr.exeAdded by the SDBOT-CAF WORM!No
XMicrosoft System Checkupsysmgr.exeAdded by the SDBOT-OO TROJAN!No
XMicrosoft System Checkupnetapi32.exeAdded by the DONK-E WORM!No
XMicrosoft System Checkupwnetmgr.exeAdded by the DONK.Q WORM!No
XMicrosoft System Checkuplibsys32.exeAdded by the SDBOT-ACK WORM!No
XMicrosoft System Checkupnetlogin32.exeAdded by the SDBOT-GN BACKDOOR!No
NMicrosoft System Configuration Utilitymsconfig.exeEntry that appears when you uncheck an item in the MSConfig Startup group and will disappear if on the next reboot you select the option to not be reminded that you are running in Selective Startup mode. Located in %System% (98/Me/Vista) or %Windir%\PCHealth\HelpCtr\Binaries (XP)Yes
XMicrosoft System Debugservices32.exeAdded by the RBOT.AKH WORM!No
XMicrosoft System DLL Services Configurationwindir32.exeAdded by the SDBOT-ACY TROJAN!No
XMicrosoft System Filesvchots.exeAdded by the RBOT.BYU WORM!No
XMicrosoft System Firewall 2006.2msmsgr.exeAdded by a variant of the SDBOT WORM!No
XMicrosoft System Firewall 2006.2msnmsgr.exeAdded by a variant of the SDBOT WORM! Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %System%No
XMicrosoft System Firewall 2006.2reg32.exeAdded by a variant of the SDBOT WORM!No
XMicrosoft System Initmtmnr0.exeAdded by the SDBOT.BR TROJAN!No
XMicrosoft System Monitormonsys.exeAdded by the IRCBOT-YV TROJAN!No
XMicrosoft System Monitorsystem.exeAdded by the IRCBOT.AUT BACKDOOR!No
XMicrosoft System NTsvhost.exeAdded by the SDBOT.COU WORM!No
XMicrosoft System Restore ConfigurationCBRSS.EXEAdded by a variant of the SPYBOT WORM!No
XMicrosoft System Saver[path to worm]Added by the RBOT.BSK WORM! No
XMicrosoft System Security AgentMSTSA.EXEAdded by the RBOT.CCM WORM!No
XMicrosoft System Servicednservice.exeAdded by a variant of the IRCBOT TROJAN!No
XMicrosoft System Servicetaskmgr1.exeAdded by a variant of the SPYBOT WORM! See hereNo
XMicrosoft System ServicewinIogon2.exeAdded by a variant of the IRCBOT TROJAN!No
XMicrosoft System Service Devicemssdh.exeAdded by a variant of the IRCBOT TROJAN!No
XMicrosoft System Servicesmsnmgsr.exeAdded by the KELVIR.K WORM!No
XMicrosoft System Servicesmsmsgr.exeAdded by the RBOT-ZH WORM!No
XMicrosoft System Updatesysupdate.exeAdded by the SDBOT.DG WORM!No
XMicrosoft system Valuesys57.exeAdded by a variant of the RBOT WORM!No
XMicrosoft System32 Updatecmsrg.exeAdded by the RBOT-GN WORM!No
XMicrosoft Task Manager Daemonspoolsrv.exeAdded by the SDBOT.FLL WORM!No
XMicrosoft Task Messenger Configtaskmgsr.exeAdded by the SDBOT-JK WORM!No
XMicrosoft task tray monitorctray.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Task32 Protocoltaskmgr32.exeAdded by a variant of the SDBOT WORM!No
XMicrosoft Taskmanager Updaterkeyboard.exeAdded by the RBOT-ALU WORM!No
XMicrosoft TCP Protocolwintcp32.exeAdded by a variant of the IRCBOT TROJAN!No
XMicrosoft TCP Servicescvhost.exeAdded by the AGOBOT-L WORM!No
XMicrosoft TCP/IP Connection Monitorsvchost32.exeAdded by the RBOT.KS WORM!No
XMicrosoft Telecom Centertellecom.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Telecoma Centertellcoma.exeAdded by the RBOT-AWX WORM!No
XMicrosoft Telecoms Centertelcoms.exeAdded by the IRCBOT.GEN WORM! No
XMicrosoft Telecoms Centerxpfilesys.exeAdded by the RBOT.BCJ TROJAN!No
XMicrosoft Telecoms Centerwinupn.exeAdded by a variant of the SDBOT WORM!No
XMicrosoft Telecoms Centersvcchost.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Time Managerdveldr.exeAdded by the RBOT-HQ WORM!No
XMicroSoft Toolbarkey.exeAdded by the RBOT-AEW WORM!No
XMicrosoft Transfer File Servermtfs.exeAdded by the RBOT.AFE WORM!No
XMicrosoft Tray[random filename]Added by the DELF.BZ TROJAN!No
XMicrosoft TTL Verifiermsttl.exeAdded by the RBOT-GAP WORM!No
XMicrosoft Uwuamkopxp.exeAdded by the RBOT-AHC WORM!No
XMicrosoft UMA UpdateMSuma32.exeAdded by the RBOT.FS WORM!No
XMICROSOFT UNPACCKER SYSTEMunpak32.exeAdded by a variant of the RBOT WORM!No
XMICROSOFT UNPACK SYSTEMwinrarx.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Updatservices.exeAdded by the MSIL.ELASROFAH TROJAN! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %ProgramFiles%\Internet ExplorerNo
XMicrosoft Updat3mswkst32.exeAdded by a variant of the RBOT WORM!No
XMicrosoft UpdateMicrosoft.exeAdded by the GAOBOT.AFJ WORM!No
XMicrosoft Updatemssmgrd.exeAdded by the SDBOT.JT WORM!No
XMicrosoft Updatemvsc.exeAdded by the SPYBOT.DAZ WORM!No
XMicrosoft Updateascdl.exeAdded by the GAOBOT.SY WORM!No
XMicrosoft UpdateIsac.exeAdded by the RBOT-AU WORM!No
XMicrosoft Updateautomgr32.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Updatemediap.exeAdded by a variant of the RBOT WORM!No
XMicrosoft UpdateMicrosoftx.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Updatemsconfg.exeAdded by the RBOT.H WORM!No
XMicrosoft UpdateMslti32.exeAdded by the RBOT-LX WORM!No
XMicrosoft Updatemuamgrd.exeAdded by a variant of the AGOBOT/GAOBOT WORM!No
XMicrosoft Updatenavmgrd.exeAdded by the SDBOT.DP TROJAN!No
XMicrosoft UpdateSmss32.exeAdded by the RBOT-CB WORM!No
XMicrosoft Updatesys32cfg.exeAdded by the RBOT.DR WORM!No
XMicrosoft UpdateVPC32.EXEAdded by the AGOBOT.XM WORM!No
XMicrosoft Updatewinsys32.exeAdded by the RBOT.BD WORM!No
XMicrosoft Updatewuamgrd.exeAdded by the RBOT-LK WORM!No
XMicrosoft Updatewuammgr32.exeAdded by the RBOT-AW WORM!No
XMicrosoft Updatewudmate.exeAdded by the RBOT.AP WORM!No
XMicrosoft Updatemsawindows.exeAdded by the GAOBOT.AFJ WORM!No
XMicrosoft Updatemsiwin84.exeAdded by the GAOBOT.AFJ WORM!No
XMicrosoft Updatewuamgrd32.exeAdded by the RBOT.ZB WORM! No
XMicrosoft UpdateNAV.exeAdded by the RBOT-IV WORM!No
XMicrosoft Updatesystemi32.exeAdded by a variant of the SPYBOT WORM!No
XMicrosoft Updatexpupdate.exeAdded by the RBOT-QE WORM!No
XMicrosoft Updatewebm.exeAdded by the SDBOT.WK WORM!No
XMicrosoft Updatewuagrd.exeAdded by the RBOT-FK WORM!No
XMicrosoft Updateaaupdt.exeAdded by the RBOT-RQ WORM!No
XMicrosoft Updatelsac.exeAdded by the GAOBOT.XW WORM!No
XMicrosoft UpdateMupdate.exeAdded by the RBOT-AG WORM!No
XMicrosoft Updateprowind32.exeAdded by a variant of the AGOBOT/GAOBOT WORM!No
XMicrosoft Updatesnlogsvc.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Updatesvhost.exeAdded by the RBOT-PI WORM!No
XMicrosoft Updatewauguard.exeAdded by the RBOT.AEE WORM!No
XMicrosoft Updatewinscv.exeAdded by the RBOT-BH WORM!No
XMicrosoft Updatewinsys.exeAdded by the RBOT-GV WORM!No
XMicrosoft Updatewserv32.exeAdded by the RBOT.AF WORM!No
XMicrosoft Updatewtm32.exeAdded by the RBOT-AQ WORM!No
XMicrosoft Updatewumgrd.exeAdded by the SDBOT-KY WORM!No
XMicrosoft Updatewuampd.exeAdded by the RBOT-UT WORM!No
XMicrosoft Updatemsupdate32.exeAdded by a variant of the SPYBOT WORM!No
XMicrosoft UpdateBotnet.exeAdded by the RBOT.AFL WORM!No
XMicrosoft Updatesghost.exeAdded by the SDBOT.AKV WORM!No
XMicrosoft Updateupdate_w.exeAdded by the RBOT-EW WORM!No
XMicrosoft Updatewindows24.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Updatewingrd32.exeAdded by the RBOT-DW WORM!No
XMicrosoft Updatewssvr.exeAdded by the RBOT-OD WORM!No
XMicrosoft Updatewuamagr32.exeAdded by the SPYBOT.CG WORM!No
XMicrosoft UpdateWinUpdate32.exeAdded by the RBOT-TI WORM!No
XMicrosoft Updatewkfix.exeAdded by the RBOT-ABZ WORM!No
XMicrosoft UpdateKkk.exeAdded by the RBOT-AHL WORM!No
XMicrosoft Updatemcupdate.exeAdded by the RBOT.XT WORM! Note - this file is located in %System% and should not be confused with the McAfee antivirus executable as described hereNo
XMicrosoft UpdateMicr0s0ft.exeAdded by the AGOBOT.AAR WORM!No
XMicrosoft UpdateMsnmsngr.exeAdded by the RBOT.BQS WORM!No
XMicrosoft Updatemsupdate32.exeAdded by the SPYBOT.LZ WORM!No
XMicrosoft Updatescvhost.exeAdded by the RBOT-AEM WORM!No
XMicrosoft Updatesvghost.exeAdded by the RBOT.BUJ WORM! No
XMicrosoft Updatesys.exeAdded by the RBOT-AJ WORM!No
XMicrosoft Updateup2dat5.exeAdded by a variant of the SDBOT WORM!No
XMicrosoft Updatewinamp.exeAdded by a variant of the RBOT WORM! Note - this is NOT the popular Winamp media playerNo
XMicrosoft Updatewin-mang.exeAdded by the RBOT-AFK WORM!No
XMicrosoft Updatewinupdater.exeAdded by the RBOT.BIN WORM!No
XMicrosoft Updatewuamk0032.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Updatewuamk032.exeAdded by the RBOT-AHD WORM!No
XMicrosoft Updatewuamk0p32.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Updatewuamkop.exeAdded by the RBOT-AFI WORM!No
XMicrosoft Updatewuamkop32.exeAdded by the RBOT.BGU WORM!No
XMicrosoft Updatewuampkd.exeAdded by the SDBOT.BBX WORM!No
XMicrosoft Updatesvzhost.exeAdded by the RBOT.OX WORM!No
XMicrosoft Updatewin32.exeAdded by a variant of the SDBOT WORM!No
XMicrosoft Updatewininit.exeAdded by the RBOT-AKR WORM!No
XMicrosoft Updatewuamgrd3.exeAdded by the RBOT-AMC WORM! No
XMicrosoft UpdateWudates.exeAdded by the RBOT-BBG WORM!No
XMicrosoft Updatems.exeAdded by the SDBOT.CC WORM!No
XMicrosoft Updatewuagmsd.exeAdded by the RBOT-AX WORM!No
XMicrosoft Updatecmss.exeAdded by the RBOT-ATQ WORM!No
XMicrosoft Updatewuamgrb.exeAdded by the RBOT-AZE WORM!No
XMicrosoft UpdateWINDOC.EXEAdded by the SDBOT.PF WORM!No
XMicrosoft Updatephqghumea.exeAdded by the SDBOT.AFO WORM!No
XMicrosoft Updatesystem32.exeAdded by the RBOT.IS WORM!No
XMicrosoft Updatebling.exeAdded by the RBOT-AVK WORM!No
XMicrosoft UpdateSygate.exeAdded by a variant of the SDBOT WORM!No
XMicrosoft Updateupdate.exeAdded by a variant of the SDBOT WORM!No
XMicrosoft UpdateWinDrv32.exeAdded by the RBOT.EGW WORM!No
XMicrosoft Updatedevmks32.exeAdded by a variant of the RBOT WORM!No
XMicrosoft updatewinupdate.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Updatemsupdate.exeAdded by the BOROBOT-I TROJAN!No
XMicrosoft Updatemixer.exeAdded by the RBOT-AIR WORM!No
XMicrosoft Updatetaskmgr32.exeAdded by the RBOT-CV WORM!No
XMicrosoft Updatedrive.exeAdded by the BIFROSE-PN WORM!No
XMicrosoft Updatewangard.exeAdded by the RBOT-LH WORM!No
XMICROSOFT UPDATEWUAGTRD.EXEAdded by the RBOT-CJ WORM!No
XMicrosoft Updatespool.exeAdded by the AGENT-GJC TROJAN! No
XMicrosoft Updatebnmveqfts.exeAdded by the BANLOAD.KWQ TROJAN!No
XMicrosoft UpdatedqbxhupdtAdded by a variant of the SDBOT WORM! See hereNo
XMicrosoft Updateenule.exeAdded by the IRCBOT.DU BACKDOOR!No
XMicrosoft Updateexplorer.exeAdded by the RBOT.AEU BACKDOOR! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%No
XMicrosoft Updateimchemaoa.exeAdded by the BANLOAD.KWQ TROJAN!No
XMicrosoft Updatelivemessenger.comAdded by the ADLOAD-LN TROJAN!No
XMicrosoft Updatemsnmsgl.exeAdded by a variant of the SPYBOT WORM! See hereNo
XMicrosoft UpdatennwyaupdtAdded by the RBOT.RHK BACKDOOR!No
XMicrosoft Updatentservice.exeAdded by the AGENT-DIS TROJAN!No
XMicrosoft Updaterundll32.dllAdded by the CIADOOR.GN BACKDOOR!No
XMicrosoft Updatewuamgrdx.exeAdded by a variant of the SPYBOT WORM! See hereNo
XMicrosoft Updatewutr.exeAdded by the SPYBOT.AAR WORM!No
XMicrosoft UpdateSetPoints.exeAdded by a variant of the IRCBOT BACKDOOR!No
XMicrosoft Updatesystem.exeAdded by a variant of the RBOT WORM! See hereNo
XMicrosoft Updateservice.exeAdded by a variant of the RBOT WORM! See hereNo
XMicrosoft Updatemsgn.exeAdded by the RBOT.RQ BACKDOOR!No
XMicrosoft Updatewuamgrd16.exeAdded by the RBOT-BQ WORM!No
XMicrosoft Updatewindows32.exeAdded by the RBOT-BHQ WORM!No
XMicrosoft Updatewinsyst.exeAdded by the RBOT-DL WORM!No
XMicrosoft Update 23NtKernelSystem.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Update 23spoolvs.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Update 32explore32.exeAdded by the SPYBOT.CYM WORM!No
XMicrosoft Update 32MSupdate32.exeAdded by a variant of the SPYBOT WORM!No
XMicrosoft Update 32wininit.exeAdded by the RBOT-ANY WORM!No
XMicrosoft Update 32wininit32.exeAdded by the RBOT-AKJ WORM!No
XMicrosoft Update 32[path to file]Added by the RBOT-AJJ WORM!No
XMicrosoft Update 32mscnfg.exeAdded by the RBOT-ALM WORM!No
XMicrosoft Update 32servic.exeAdded by the RBOT-AXN WORM!No
XMicrosoft Update 32winitXP32.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Update 32mssetup32.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Update 32wiit.exeAdded by the RBOT-AMS WORM!No
XMicrosoft Update 32explorer.exeAdded by the RBOT-ARF WORM! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%No
XMicrosoft Update 32network.exeAdded by the RBOT-ARZ WORM!No
XMicrosoft Update 32om4r.exeAdded by the RBOT-AQP WORM!No
XMicrosoft Update 32winin.exeAdded by the RBOT-ARR WORM!No
XMicrosoft Update 32wuinit.exeAdded by the AGOBOT-UE WORM!No
XMicrosoft Update 32neta.exeAdded by the RBOT-AMI WORM!No
XMicrosoft Update 32spoolvs.exeAdded by the RBOT-BBQ WORM!No
XMicrosoft Update 32rundll32.exeAdded by the RBOT.AIE BACKDOOR! Note that this BACKDOOR modifies the file rundll32.exe, which is otherwise a legitimate Microsoft file used to launch DLL file typesNo
XMicrosoft Update 32taskMangr.exeAdded by the RBOT.AIE BACKDOOR!No
XMicrosoft Update 32winssx.exeAdded by the RBOT-ARW WORM!No
XMicrosoft Update 33init.exeAdded by the RBOT-ATT WORM!No
XMicrosoft Update 64 BITwininit32.exeAdded by the RBOT-AHE WORM!No
XMicrosoft Update 64 BITwinman32.exeAdded by the RBOT-AKI WORM!No
XMicrosoft Update 64 BITschvost.exeAdded by the RBOT.CAU WORM!No
XMicrosoft Update 64 BITwinl32xe.exeAdded by the RBOT-AQO WORM!No
XMicrosoft Update Clinicsvsipconfig.exeAdded by the RBOT.BR WORM!No
XMICROSOFT UPDATE CONFIGURATIONWIN32SNC.EXEAdded by the RBOT-AI WORM!No
XMicrosoft Update ControlMs64.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Update Debuggerwincfg32.exeAdded by the SPYBOT.ZC WORM!No
XMicrosoft Update Deviceflolo.exeAdded by a variant of the SPYBOT WORM! See hereNo
XMicrosoft Update Device Driverswuauclt.exeAdded by a variant of the SDBOT WORM! Note - this is not the legitimate wuauclt.exe process, which should not appear in Msconfig/Startup!No
XMicrosoft Update DLLrxxhost.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Update Driversexplorers.exeAdded by a variant of the SDBOT WORM!No
XMicrosoft Update Emulatorkern-mxe.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Update Emulatorwuaddsff.exeAdded by the RBOT-GX WORM!No
XMicrosoft Update Eventsvnhost.exeAdded by the AGOBOT-GW BACKDOOR!No
XMicrosoft Update Loader[random filename]Added by a variant of the RBOT WORM!No
XMicrosoft Update Loaders 2005winusers.exeAdded by the RBOT-AIQ WORM!No
XMicrosoft Update Loaders 2006winusersystem32.exeAdded by a variant of the AGOBOT/GAOBOT WORM!No
XMicrosoft Update Machineexpl0rer.exeAdded by the SDBOT.OK WORM!No
XMicrosoft Update Machinerxhost.exeAdded by the RBOT.FC WORM!No
XMicrosoft Update Machineservicz.exeAdded by the RBOT-HU WORM!No
XMicrosoft Update MachineSP2.exeAdded by the SPYBOT.FP WORM!No
XMicrosoft Update Machinewinini.exeAdded by the RBOT-KV WORM!No
XMicrosoft Update Machinexvshost.exeAdded by the RBOT.QP WORM!No
XMicrosoft Update Machinememstat.exeAdded by the RBOT-OM WORM! No
XMicrosoft Update Machinentce.exeAdded by the RBOT-FA WORM! No
XMicrosoft Update Machinesystem03.exeAdded by the RBOT-NM WORM! No
XMicrosoft Update Machinewuawx.exeAdded by the RBOT-CE WORM! No
XMicrosoft Update Machinezonealarm.exeAdded by the RBOT-BZ WORM! Note - this is not the valid Zone Labs firewall program! No
XMicrosoft Update Machinesystemll.exeAdded by the RBOT-JT WORM! No
XMicrosoft Update Machinewinupdt.exeAdded by the RBOT-FP WORM! No
XMicrosoft Update Machinesvshost.exeAdded by the RBOT.AK WORM! No
XMicrosoft Update Machinewuamgd.exeAdded by the SDBOT.HQ WORM!No
XMicrosoft Update Machinewupdt32x.exeAdded by a variant of the SDBOT WORM! No
XMicrosoft Update Machine[worm filename]Added by the RBOT-GWD WORM!No
XMicrosoft Update Machinelinux.exeAdded by the RBOT-IM WORM!No
XMicrosoft Update Machinelmrss.exeAdded by the RBOT-DY WORM!No
XMicrosoft Update Machinewindowsu.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Update Machinewininigo.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Update Machinewinmgr.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Update MachineWinmsixp32.exeAdded by the RBOT.DN WORM!No
XMicrosoft Update MachineWinregs32.exeAdded by the RBOT.DN WORM!No
XMicrosoft Update Machinewinxpini.exeAdded by the RBOT-OB WORM!No
XMicrosoft Update Machinewuamgrd.exeAdded by the RBOT-HE WORM!No
XMicrosoft Update Machinewuagrd.exeAdded by the RBOT-GF WORM!No
XMicrosoft Update MachineLANWAKE.EXEAdded by the RBOT-QZ WORM!No
XMicrosoft Update Machinescvhost.exeAdded by the RBOT-GS WORM!No
XMicrosoft Update Machinewinhost.exeAdded by the RBOT-GK WORM!No
XMicrosoft Update Machinewinss.exeAdded by the RBOT.JU WORM!No
XMicrosoft Update MachineWUAMGRDXS.EXEAdded by the RBOT-GL WORM!No
XMicrosoft Update Machinecrss32.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Update Machinelsasse.exeAdded by the RBOT-DI WORM!No
XMicrosoft Update Machineqwerty.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Update Machinerxxhost.exeAdded by the RBOT.EP WORM!No
XMicrosoft Update Machineservicez.exeAdded by the SPYBOT.BI WORM!No
XMicrosoft Update Machinespoolserv.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Update MachineSystemnt.exeAdded by the RBOT.DA WORM!No
XMicrosoft Update Machinesystemse.exeAdded by the RBOT-BD WORM!No
XMicrosoft Update Machinetaskmngrs.exeAdded by the RBOT-CR WORM!No
XMicrosoft Update Machinewindowsup.exeAdded by the RBOT-FV WORM!No
XMicrosoft Update Machinewuamgard.exeAdded by the SPYBOT.CS WORM!No
XMicrosoft Update Machinewupdate32.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Update Machinesystem.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Update MachineTMEMSER.EXEAdded by the RBOT-NQ WORM!No
XMicrosoft Update Machinewinnie.exeAdded by the RBOT-ACD WORM!No
XMicrosoft Update Machinewinortho.exeAdded by the RBOT-NW WORM!No
XMicrosoft Update Machinewins32.exeAdded by the RBOT.EZ WORM!No
XMicrosoft Update Machineserviz.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Update MachineTASKMAN4.EXEAdded by a variant of the RBOT WORM!No
XMicrosoft Update Machinewftestb.exeAdded by the RBOT-AFZ WORM!No
XMicrosoft Update MachineWin32.exeAdded by the SDBOT.UV WORM!No
XMicrosoft Update Machinewindns.exeAdded by the RBOT.EF WORM!No
XMicrosoft Update MachineMSOICONS.EXEAdded by the RBOT.AWS WORM! Note - do no confuse with the legitimate Msoicons.exe file described here. The latter should not normally figure in Msconfig/Startup!No
XMicrosoft Update MachineWINSVC32.EXEAdded by the RBOT.CU WORM!No
XMicrosoft Update Machinentsystem.exeAdded by the RBOT.GF WORM!No
XMicrosoft Update Machinewinupdte.exeAdded by the RBOT-GKL WORM!No
XMicrosoft Update Machinejkfrnz.exeAdded by the RBOT-GOZ WORM!No
XMicrosoft Update Machinewlimyc.exeAdded by the RBOT-GQN WORM!No
XMicrosoft Update Machinexagwxzy.exeAdded by the RBOT.S WORM!No
XMicrosoft Update Machinejkydxg.exeAdded by the RBOT.AEA BACKDOOR!No
XMicrosoft Update Machineopmmve.exeAdded by the KOLABC.DES WORM!No
XMicrosoft Update Machinepaxrxo.exeAdded by the PUSHBOT.A WORM!No
XMicrosoft Update Machinepsmszw.exeAdded by the KOLABC.CC WORM!No
XMicrosoft Update Machinesyadpo.exeAdded by the CIADOOR.GN BACKDOOR!No
XMicrosoft Update Machinesystemi.exeAdded by the BUZUS.JKU TROJAN!No
XMicrosoft Update Machinethvfyq.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Update Machineubthec.exeAdded by the AGENT.AWZ TROJAN!No
XMicrosoft Update Machinewinmngr.exeAdded by the RBOT.GKQ BACKDOOR!No
XMicrosoft Update Machinegbhglj.exeAdded by the IRCBOT-ZJ TROJAN!No
XMicrosoft Update Machinewuamgdr.exeAdded by the RBOT-IO BACKDOOR!No
XMicrosoft Update Machinenlczty.exeAdded by the RBOT-GUR WORM!No
XMicrosoft Update Machinewinftp32.exeAdded by the RBOT-JX WORM!No
XMicrosoft Update ManagerWINRLS.EXEAdded by the RBOT-AF WORM!No
XMicrosoft Update Managersvshost.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Update Managerscvhost.exeAdded by the AGOBOT.AXJ WORM!No
XMicrosoft Update Managerscvideo.exeAdded by the SDBOT-CVP TROJAN!No
XMicrosoft Update MecheneUpdatez.exeAdded by the RBOT-GI WORM!No
XMicrosoft Update Modulerundll24.exeAdded by the RBOT-PS WORM!No
XMicrosoft Update Processwmipcvse.exeAdded by the AGOBOT-JF TROJAN!No
XMicrosoft Update Security Patchmssecurityupdatepatch.exeAdded by the AGENT.EF TROJAN! No
XMicrosoft Update Servermssrv.exeAdded by an unidentified VIRUS, WORM or TROJAN!No
XMicrosoft Update Servicecsrss32.exeAdded by the AGOBOT-HC WORM!No
XMicrosoft Update Servicemswin32.exeAdded by a variant of the SPYBOT WORM!No
XMicrosoft update servicesystemm.exeAdded by a variant of the SDBOT WORM!No
XMicrosoft Update SERVICEphqghum.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Update Servicemsupdate.pifAdded by the RBOT-AQB WORM!No
XMicrosoft Update Servicewmiprvre.exeAdded by the AGOBOT-NN WORM!No
XMicrosoft Update Serviceswcsnfty.exeAdded by the RBOT-AGK WORM!No
XMicrosoft Update Serviceswsnfty.exeAdded by the RBOT-AFU WORM!No
XMicrosoft Update Timewuam.exeAdded by the RBOT-M WORM!No
XMicrosoft Update USB2wuammgrd32.exeAdded by the RBOT-ADT WORM!No
XMicrosoft Update v2.6lxxex.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Update Win32awinupdate32a.exeAdded by the RBOT-LO WORM!No
XMicrosoft Update Win32xwinupdate32x.exeAdded by the RBOT-AJN WORM!No
XMicrosoft Update32wuamgrd32.exeAdded by the RBOT-PU WORM!No
XMicrosoft Updaterwinsys32.exeAdded by the RBOT.RL WORM!No
XMicrosoft Updatermsconsole.exeAdded by a variant of the IRCBOT TROJAN!No
XMicrosoft Updatersvhost.exeAdded by the AGENT.CDF TROJAN!No
XMicrosoft Updatervbcjlg.exeAdded by a variant of the SPYBOT WORM! See hereNo
XMicrosoft Updaterwuamgrds.exeAdded by the RBOT.A WORM!No
XMicrosoft Updaterwinupdate.exeAdded by the AGENT-KIR TROJAN!No
XMicrosoft Updater ResourcesWinFixd32.exeAdded by the SPYBOT.CA WORM!No
XMicrosoft Updater v2[path to worm]Added by the AUTORUN-BCI WORM!No
XMicrosoft UPDATER32lsass.exeAdded by the RANDEX.AR WORM! Note - this is not the legitimate Lsass.exe system file should normally NOT figure in Msconfig/Startup!No
XMicrosoft UPDATER32LSASS32.EXEAdded by the RANDEX.AR WORM!No
XMicrosoft Updaterstskmgr.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Updaterssysconfigs.exeAdded by the RBOT-DF TROJAN!No
XMicrosoft Updaters ProsWINDLL32XP.EXEAdded by the SPYBOTTER.GEN VIRUS!No
XMicrosoft Updatessystemc32.exeAdded by the RBOT-GR WORM!No
XMicrosoft Updateswkssvr.exeAdded by the RBOT.R WORM!No
XMicrosoft Updateswkssvrs.exeAdded by the RBOT-EB WORM!No
XMicrosoft Updateswuamgrd.exeAdded by the RBOT-CO WORM!No
XMicrosoft Updateswtemp32.exeAdded by the RBOT-AHQ WORM!No
XMicrosoft Updatessvehost.exeAdded by the RBOT-GRW WORM!No
XMicrosoft Updatessvshost.exeAdded by the AGOBOT-AIW WORM!No
XMicrosoft Updatessvdhost.exeAdded by the RBOT-GVH WORM!No
XMicrosoft Updatesservice.exeAdded by the POISON.HPT BACKDOOR!No
XMicrosoft Updates[worm filename]Added by the AGOBOT-AIZ WORM!No
XMicrosoft Updateswgcptsud.exeAdded by the RBOT-GTF WORM!No
XMicrosoft Updateswinit.exeAdded by the SDBOT-CSB WORM!No
XMicrosoft Updates 2 USBwgafixer.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Updates 5 USBsp3fixer.exeAdded by the RBOT-ADS WORM!No
XMicrosoft UpdateS Machinewgrd.exeAdded by the RBOT-FI WORM!No
XMicrosoft Updates ResourcesWinFixIDs.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Updatingnavguard.exeAdded by the RBOT.HW WORM!No
XMicrosoft Updatingsyswr.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Updatingwuamguards.exeAdded by the RBOT-BY WORM!No
XMicrosoft Updating Clientwebsvc.exeAdded by the RBOT.AQ WORM!No
XMicrosoft Updating Machinesysc0de.exeAdded by the RBOT.RB WORM!No
XMicrosoft Updattingmiroupdate.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Updote[random filename]Added by the RBOT-ARC WORM!No
XMicrosoft UpMachinedoezs.exeAdded by the RBOT.BCT WORM!No
XMicrosoft upnp Updatemsie.exeAdded by the RBOT-LQ WORM!No
XMicrosoft uptime Servicesysuptime.exeAdded by the RBOT-ACG WORM!No
XMicrosoft uptime Servicesycuptime.exeAdded by the RBOT-AHY WORM!No
XMicrosoft UpToDate Driver (32-bits)[random filename].exeAdded by the SPYBOT.LXJ WORM!No
XMicrosoft Urlmonurlmon.exeAdded by the AGENT-GOO TROJAN!No
XMicrosoft USA Plugusaplug.exeAdded by the RBOT-DVC WORM!No
XMicrosoft USB Windows2 Driverusbautotuner.exeAdded by the SILLYFDC.BCL WORM!No
XMicrosoft USB2 Drivercrmss.exeAdded by the RBOT-VK WORM!No
XMicrosoft usnsvc Serviceusnsvc.exeAdded by a variant of the KOBOT-C WORM!No
NMicrosoft Utility StartupOSA9.exeOn older versions of MS Office this launches common Office components to help speed up the launch of Office programs. On slower machines it can be a resource hog and some users claim there's no difference with or without it - but it usually isn't required. This must be left enabled if you use the Microsoft Office Shortcut Bar (MSOFFICE.EXE) and have set it to load at startup. Available via Start → All ProgramsNo
XMicrosoft Valuesigfkishc.exeAdded by the RBOT-GLO WORM!No
XMicrosoft VertupdateMSvert32.exeAdded by the MYTOB-CY WORM!No
XMicrosoft Video Capture ControlsMSsrvs32.exeAdded by the SDBOT-AAK WORM!No
XMicrosoft Video Controlstskmsgr.exeAdded by a variant of the SPYBOT WORM!No
XMicrosoft Video Drivervideodrv.exeAdded by the SDBOT-AGP WORM!No
XMicrosoft Viewer Monitor Managerviewmon.exeAdded by the XPAK.A TROJAN!No
XMicrosoft Virtual Service Managervservice32.exeAdded by the MSNWORM.T WORM!No
XMicrosoft Virual Machinesms.exeAdded by the RBOT-SP WORM!No
XMicrosoft Vista Upgrade Validation Servicecfmon.exeAdded by a variant of the IRCBOT BACKDOOR!No
XMicrosoft Visual Applicationvpcrtf.exeAdded by the IRCBOT-XJ TROJAN!No
XMicrosoft Visual Applicationwinsyshp.exeAdded by the DELF-EXT WORM!No
XMicrosoft Visual Debugermdm.exeAdded by the SDBOT-DOO WORM! Note - this is not the legitimate Machine Debug Manager (mdm.exe) process which is located in %ProgramFiles%\Common Files\Microsoft Shared\VS7Debug (98/Me/XP/Vista) or C:\WINDOWS\SYSTEM (Me only)No
XMicrosoft Visual SourceSafeservices.exeAdded by the NEVEG.B or NEVEG.C WORMS! Note - this is not the legitimate services.exe process, which should not appear in Msconfig/Startup!No
XMicrosoft Visual SourceSafewinlogon.exeAdded by the NEVEG.A WORM! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup!No
XMicroSoft Visual SPigxdfdfds.comAdded by the SDBOT.GAV WORM!No
XMicroSoft Visual SP2igfxsrvc32.exeAdded by the SDBOT.GAV WORM!No
XMicrosoft Visual Studioplscdksxg.exeAdded by the RBOT-AWV WORM!No
XMicrosoft Visual Studio VSAvarpc32.exeAdded by a variant of the SPYBOT WORM!No
XMicrosoft Web CP Managerwebcp32.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XMicrosoft Web Devicewdevice.exeAdded by a variant of the SDBOT WORM!No
XMicrosoft web updatewebmsn.exeAdded by the RBOT-EMQ WORM!No
UMicrosoft Webserversvctrl.exePersonal web server program which enables you to create and host a web server from your computer. Not required for most peopleNo
XMicrosoft Win Corp TLS Verificationmswintls.exeAdded by the RBOT-GCT WORM!No
XMicrosoft Win UpdateWinUP.exeAdded by the RBOT-BPR WORM!No
XMicrosoft WIN32 DOSMSdos32.exeAdded by a variant of the SDBOT WORM!No
XMicrosoft WIN32 SecurityMSsec32.exeAdded by the RBOT-DOQ TROJAN!No
XMicroSoft Wind0ws Updaterwinsupdater.exeAdded by a variant of the RBOT WORM!No
XMicroSoft Window Updaterwinsupdater.exeAdded by the RBOT-ZZ WORM!No
XMicrosoft Windowsmstask0.exeAdded by the SDBOT.FQ WORM!No
XMicrosoft WindowsatupAdded by a variant of the RBOT WORM!No
XMicrosoft WindowsMicrosoft Windows.htaHTA file which creates an executable on the hard drive which subsequently proceeds to download files from a malware site!No
XMicrosoft Windowsexplorar.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Windows[path to file]Added by the BDOOR-LI BACKDOOR!No
XMicrosoft Windowsbootini.exeAdded by the VANEBOT-K WORM!No
XMicrosoft WindowsKernel.exeAdded by the EDIBARA-A VIRUS!No
XMicrosoft WindowsKernel.vbsAdded by the EDIBARA-A VIRUS!No
XMicrosoft Windowspwjbvphi.exeAdded by the RBOT-GQK WORM!No
XMicrosoft Windowswindets.comAdded by the FLOOD-EQ TROJAN!No
XMicrosoft Windows (D)iexplore.exeIdentified as a variant of the TrojanSpy.Agent malwareNo
XMicrosoft Windows 128bit Subsystemsystem12.exeAdded by the RANCK-CZ TROJAN!No
XMicrosoft Windows 16Bitmswinn16.exeAdded by a variant of the SPYBOT WORM!No
XMicrosoft Windows 2000Winupdsdgm.exeAdded by the GAOBOT.AO WORM!No
XMicrosoft Windows 32 Updatewin32update.exeAdded by a variant of the IRCBOT TROJAN!No
XMicrosoft Windows 32Bitmswinn32.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Windows 64 Bitmswin32.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Windows Adapter 5.1.3214[worm filename].exeAdded by the STRAT.GEN-3 WORM!No
XMicrosoft Windows Autowxcknautowxckn.exeAdded by the RBOT.DYZ BACKDOOR!No
XMicrosoft Windows Client Firewallmsclt.exeAdded by the VANEBOT-F WORM!No
XMicrosoft Windows Communicator for NT/XPwincomm.exeAdded by the RBOT.ATH WORM!No
XMicrosoft Windows Config 32win32conf.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Windows Controlmswctl32.exeAdded by the RBOT.JP WORM!No
XMicrosoft Windows CSRSScsrss.exeAdded by the KALEL-A WORM! Note - this worm replaces the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup!No
NMicrosoft Windows Desktop Search System TrayWindowsSearch.exeSystem Tray access to Windows Desktop Search for XP from Microsoft - which adds additional search options including a search box on the Taskbar. This version (3.0.1) also includes the Windows Search (WSearch) service which indexes files and e-mails items so you can quickly find words and phrases. Disabling this entry does not affect the normal operation and this is the Windows Defender entryYes
NMicrosoft Windows Desktop Search Tool Tray AdminWindowsSearch.exeSystem Tray access to Windows Desktop Search for XP from Microsoft - which adds additional search options including a search box on the Taskbar. For this version (2.6.*), this entry also runs the indexing function at startup which indexes files and e-mails items so you can quickly find words and phrases. Disabling this entry does not affect the normal operation and indexing will occur when you next perform a search. This is the Windows Defender entryYes
XMicrosoft Windows DHCP___r.exeAdded by the MASLAN.A or MASLAN.C WORMS!No
XMicrosoft Windows DLL 32-BITmsncheck32.exeAdded by the SDBOT-XX WORM!No
XMicrosoft Windows DLL Servicesmwindll.exeAdded by the SDBOT-VX WORM!No
XMicrosoft Windows DLL Services Configurationnewdll.exeAdded by the SDBOT-ZR WORM!No
XMicrosoft Windows DLL Services Configurationnewdll2.exeAdded by the SDBOT-ABD WORM!No
XMicrosoft Windows DLL Services Configurationpoker.exeAdded by the SDBOT-ZY WORM!No
XMicrosoft Windows DLL Services Configurationpoker3.exeAdded by the SDBOT-AAH WORM!No
XMicrosoft Windows DLL Services Configurationproxy.exeAdded by the SDBOT-ZL WORM!No
XMicrosoft Windows DLL Services Configurationwindir32.exeAdded by the SDBOT.BHF WORM!No
XMicrosoft Windows DLL Services Configurationwindir32a.exeAdded by a variant of the SDBOT.BHF WORM!No
XMicrosoft Windows DLL Services Configurationwindll32.exeAdded by the SDBOT.BHD WORM!No
XMicrosoft Windows DLL Services ConfigurationwinDSL.exeAdded by the SDBOT-ZG WORM!No
XMicrosoft Windows DLL Services Configurationdllmanager32.exeAdded by the SDBOT-BTU WORM!No
XMicrosoft Windows DLLHandlerbitpaint.exeAdded by the SDBOT.AHG WORM!No
XMicrosoft Windows Driverswindrv.exeAdded by a variant of the SDBOT WORM!No
XMicrosoft Windows DVRwindvr.exeAdded by the RBOT-AXD WORM!No
XMicrosoft Windows Expl0rerexpl0rer.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XMicrosoft Windows Exploreriexplorer.exeAdded by a variant of the RBOT WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe)No
XMicrosoft Windows Explorerexplorewin.exeAdded by the IRCBOT.WORM.212480.H WORM!No
XMicrosoft Windows ExpressMicrosoft UpdateAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XMicrosoft Windows Expresswebsploit.exeAdded by a variant of the SPYBOT WORM! See hereNo
XMicrosoft Windows Expresswindowslogonb.exeAdded by the SDBOT.ABOO WORM!No
XMicrosoft Windows Files Loadercgy32win.exeAdded by the RBOT-AXR WORM!No
XMicrosoft Windows Game Updatermsgame32.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Windows GUIWindowz.exeAdded by the RANDEX.AEV WORM!No
XMicrosoft Windows GUImsmonk32.exeAdded by the SDBOT-PE WORM!No
XMicrosoft Windows Kernel Serviceswinkrnl386.exeAdded by the ZEBROXY TROJAN!No
XMicrosoft Windows Keyboard servicekeyboard.exeAdded by the RBOT-CRF WORM!No
XMicrosoft Windows Loaderwloader.exeAdded by a variant of the AGOBOT/GAOBOT WORM!No
XMicrosoft Windows Logon Processwinlogon.exeAdded by the PROXYSER-R TROJAN! Note - this is not the legitimate winlogon.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
XMicrosoft Windows Media Playermediaplayer.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Windows Media Playerwimp.exeAdded by the RBOT-FN WORM!No
UMicrosoft Windows Media Player Network Sharing Service Configuration ApplicationWMPNSCFG.exeNetwork sharing tool for Windows Media Player 11 for XP & Vista. When using WMP 11 on home network you can choose to share your favorite music, videos, and pictures to others on the network. This entry is used to notify users when new media rendering devices are found on the network (including media players and other PCs running Windows Media Player 11) - see here for a more detailed explanationYes
XMicrosoft Windows MSSTmstf.exeAdded by the SDBOT-AJV WORM!No
XMicrosoft Windows Registry Servicewregistry.exeAdded by the AGOBOT.AKG WORM!No
NMicrosoft Windows Search System TrayWindowsSearch.exeSystem Tray access to Windows Search 4.0 for XP from Microsoft - which adds additional search options including a search box on the Taskbar. This version also includes the Windows Search (WSearch) service which indexes files and e-mails items so you can quickly find words and phrases. Disabling this entry does not affect the normal operationYes
XMicrosoft Windows Securewindocs.exeAdded by a variant of the SDBOT WORM!No
XMicrosoft Windows Securewindocs.exeAdded by a variant of the SDBOT WORM!No
XMicrosoft Windows Secure ServerrpcxWindows.exeAdded by the RBOT-LL WORM!No
XMicrosoft Windows Secure Updaterpcxwinupdt.exeAdded by an unidentified WORM or TROJAN!No
XMicrosoft Windows Securetywurguar.exeAdded by the RBOT-KY WORM!No
XMicrosoft Windows Securityspvsper.exeAdded by a variant of the SDBOT WORM!No
XMicrosoft Windows Securitywscndrives.exeAdded by the RBOT-AJK WORM!No
XMicrosoft Windows Servicewinsys.exeAdded by the RBOT-ADP WORM!No
XMicrosoft Windows Service Packwinspkn.exeAdded by the RBOT-AYD WORM!No
XMicrosoft Windows Servicesmsw32.exeAdded by the RBOT-FWQ WORM!No
XMicrosoft Windows ServicesSersices.exeAdded by the SDBOT-NO WORM!No
XMicrosoft Windows Services Edtssvvcchhoosst.exeAdded by the RBOT-FYF TROJAN!No
XMicrosoft Windows Services Edtdllrun32.exeAdded by the RBOT-GAF WORM!No
XMicrosoft Windows Session Manager Subsystemsmss.exeAdded by the PROXYSER-R TROJAN! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
UMicrosoft Windows SidebarSidebar.exeWindows Sidebar is a pane on the side of the Microsoft Windows Vista desktop where you can keep your gadgets organized and always available. In Windows 7 this feature is known as Desktop Gadgets and each gadget can be placed anywhere on the desktop. If the file isn't located in %ProgramFiles%\Windows Sidebar or you're using other versions of Windows it could be part of the Searchcentrix hijackerYes
XMicrosoft Windows Socketx32 Serviceswinsockx32.exeAdded by the RBOT-FWT WORM!No
XMicrosoft Windows Soundsvghost.exeAdded by a variant of the SPYBOT WORM! See hereNo
XMicrosoft Windows Soundsvshost.exeAdded by the RBOT.RNE BACKDOOR!No
XMicrosoft Windows Soundsvuhost.exeAdded by the KOLAB.XC WORM!No
XMicrosoft Windows Sound Driverssounddrivers.exeAdded by the SLENFBOT.ABU WORM!No
XMicrosoft Windows Storage Machine Servicewinms.exeAdded by the RBOT-AHK WORM!No
XMicrosoft Windows SVCHOSTSVCHOST.exeAdded by the VB.KV WORM! Note - this is not the legitimate svchost.exe process which should not normally figure in Msconfig/Startup!No
XMicrosoft Windows Systemsrwhost.exeAdded by the RBOT-AWU WORM!No
XMicrosoft Windows Systemsyshost.exeAdded by the RBOT-ASW WORM!No
XMicrosoft Windows SystemSystem.exeAdded by the VB.KV WORM!No
XMicrosoft Windows System Kernelkernel32.exeAdded by a variant of the IRCBOT TROJAN!No
XMicrosoft Windows System Service Managerwinsvc.exeAdded by the SPYBOT.LR WORM!No
XMicrosoft Windows Task Managementmstasks.exeAdded by a variant of the SDBOT WORM!No
XMicrosoft Windows Task MangerMstosk.exeAdded by the SDBOT-WW WORM!No
XMicrosoft Windows Tasks Managementtaskmng.exeAdded by the RBOT-FXK WORM!No
XMicrosoft Windows Updatascvhost.exeAdded by the RBOT.CEM BACKDOOR!No
XMicrosoft Windows Updatawindows.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Windows Updata[5 random letters].exeAdded by a variant of the RBOT WORM!No
XMicrosoft Windows Updaterundlls.exeAdded by the HABRACK WORM!No
XMicrosoft Windows Updatemsoffice2.exeAdded by the RBOT-GB WORM!No
XMicrosoft Windows Updatespools.exeAdded by the SDBOT.TD WORM!No
XMicrosoft Windows Updatesvchos.exeAdded by the SDBOT.AC WORM!No
XMicrosoft Windows Updatesvcshost.exeAdded by the FORBOT-CF WORM! No
XMicrosoft Windows Updatesvmhost.exeAdded by the FORBOT-CH WORM! No
XMicrosoft Windows Updatesvshost.exeAdded by the WOOTBOT.CJ WORM!No
XMicrosoft Windows Updatemsnmessenger.exeAdded by the SDBOT.AJ WORM!No
XMicrosoft Windows Updatemsnwun.exeAdded by the SDBOT-RM WORM!No
XMicrosoft Windows Updatescvvhost.exeAdded by the FORBOT-DH WORM!No
XMicrosoft Windows Updateswwhost.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Windows UpdateMSNMSGR.EXEAdded by the SDBOT-WM WORM! Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %System%No
XMicrosoft Windows Updatesvzhost.exeAdded by the FORBOT-EV WORM!No
XMicrosoft Windows Updatesccvhost.exeAdded by a variant of the SDBOT WORM!No
XMicrosoft Windows Updatescrhost.exeAdded by the RBOT-AOW WORM!No
XMicrosoft Windows Updatemnswinsx.exeAdded by the RBOT-AWH WORM!No
XMICROSOFT Windows updatepdate.exeAdded by the RBOT.BZT WORM!No
XMicrosoft Windows Updatesrshost.exeAdded by a variant of the SDBOT WORM!No
XMicrosoft Windows Updaterhost32.exeAdded by a variant of the IRCBOT TROJAN!No
XMicrosoft Windows Updatewindowsupdate.exeAdded by the AGOBOT.ON WORM!No
XMicrosoft Windows Updateservcs.exeAdded by the SDBOT.AL BACKDOOR!No
XMicrosoft Windows Updatesyssinfos.exeAdded by the RBOT-FWR WORM!No
XMicrosoft Windows Update Applicationwuap.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Windows Update Clientcsrss.exeAdded by the KEBEDE-G WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\Systems32No
XMicrosoft Windows Update Clientservices.exeAdded by the AUTORUN.DVE WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
XMicrosoft Windows Update Logonwin-logon.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Windows Update Servicewupdmgr32.exeAdded by the DOS.AUTOCAT TROJAN!No
XMicrosoft Windows Update Servicemsnmsg.exeAdded by a variant of the IRCBOT BACKDOOR!No
XMicrosoft Windows Update x86[various filenames]Added by a variant of the RBOT WORM! Filenames seen include (but are not limited to firefox.exe, opera.exe, taskmrg.exe, aim.exe, Winxdiag.exe and usnesvc.exeNo
XMicrosoft Windows Update XP64********.exe [* = random char]Added by a variant of the RBOT WORM!No
XMicrosoft Windows Update XP64updatexp64.exeAdded by the SDBOT-AIM WORM!No
XMicrosoft Windows Update XP64Lcuninst.exeAdded by a variant of the SDBOT WORM!No
XMicrosoft Windows Update XP64mzhxlixm.exeAdded by a variant of the SDBOT WORM!No
XMicrosoft Windows Updaterwinupdgm.exeAdded by the GAOBOT.BI WORM!No
XMicrosoft Windows UpdaterWINIUPDATES.EXEAdded by the RBOT-KK WORM!No
XMicrosoft Windows UpdaterWINUPDATE.EXEAdded by the RBOT-LI WORM!No
XMicrosoft Windows UpdaterTMNTSrv.exeAdded by a variant of the RBOT WORM!No
XMicrosoft Windows Updaterwin32upd.exeAdded by the RBOT-EC WORM!No
XMicrosoft Windows Updatermsnupdateit.exeAdded by the AGOBOT-RL WORM!No
XMicrosoft Windows Updaterwindates.exeAdded by the SDBOT.TE WORM!No
XMicrosoft Windows Updaterspoolvs.exeAdded by the RBOT.ACQ WORM!No
XMicrosoft Windows Updatersuvhost.exeAdded by a variant of the SDBOT WORM!No
XMicrosoft Windows Updaterwinfix.exeAdded by the RBOT-CM WORM!No
XMicrosoft Windows updaterDlog32zx.exeAdded by the MYDOOM.W WORM!No
XMicrosoft Windows Updatesexplorer32.exeAdded by the SDBOT.VQ WORM! No
XMicrosoft Windows Updateswsap32.exeAdded by a variant of the SDBOT WORM!No
XMicrosoft Windows Updating Systemmsresource.exeAdded by the RBOT-EAM WORM!No
XMicrosoft Windows Visual V2.0msiutil.exeAdded by the DELF.JPH TROJAN!No
XMicrosoft Windows W32 Servicesmssw32.exeAdded by a variant of the SPYBOT WORM!No
XMicrosoft Windows WinSaSS Managementwinsass.exeAdded by the RBOT-APW WORM!No
XMicrosoft Windows WKS Servicegt.exeAdded by the SDBOT.IR BACKDOOR!No
XMicrosoft Windows WKS Servicemstask0.exeAdded by the SDBOT.FV WORM!No
XMicrosoft Windows Workstationdevcode.exeAdded by the RBOT-AWL WORM!No
XMicrosoft Windows XP Configuration Loaderm32svco.exeAdded by the SDBOT.WORM!.48548 WORM!No
XMicrosoft Windows XP/2K Explorerwinexplorer.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XMicrosoft Winedows startupWinKey.exeAdded by a variant of the SDBOT WORM! See hereNo
XMicrosoft Winedows UpdateingNinKey.exeAdded by a variant of the SPYBOT WORM! See hereNo
XMicrosoft Winedows WinServiPodFix.exeAdded by a variant of the RBOT WORM!No
XMicrosoft WINGS32 ProtocolWinSGR32.exeAdded by the RBOT-APU WORM!No
XMicrosoft WinRaRwinrar.exeAdded by the RBOT-AEC WORM!No
XMicrosoft Winsockmswinsck.exeAdded by the RBOT-ANK WORM!No
XMicrosoft Winsock Servicemsusvc.exeAdded by the RBOT-ANS WORM!No
XMicrosoft Winsock Wrapperws2_32s.exeAdded by a variant of the SPYBOT WORM!No
XMicrosoft Winsock32 Systemwinsock32.exeAdded by the SPYBOT.AKKC WORM!No
XMicrosoft WinSound[random filename]Added by a variant of the RBOT WORM!No
XMicrosoft winsupdaterWINSUPDATER.EXEAdded by the SPYBOTER.FB BACKDOOR!No
XMicrosoft WinUpdatemntcgf032.exeAdded by the RBOT-PF WORM!No
XMicrosoft WinUpdatesvh0st.exeAdded by the SPYBOT.DL WORM!No
XMicrosoft WinUpdatesyslx32.exeAdded by an unidentified VIRUS, WORM or TROJAN!No
XMicrosoft WinUpdatesyswin32.exeAdded by the RBOT-HO WORM!No
XMicrosoft WinUpdatespfix.exeAdded by a variant of the RBOT WORM!No
XMicrosoft WinUpdateWinamp61.exeAdded by a variant of the RBOT WORM!No
XMicrosoft WinUpdateWinupd32.exeAdded by the RBOT.MQ WORM!No
XMicrosoft WinUpdateWinNTinit32.exeAdded by the RBOT.VS WORM!No
XMicrosoft WinUpdatemsupdte.exeAdded by an unidentified TROJAN! See examples here & hereNo
XMicrosoft WinUpdatesserm32.exeAdded by the RBOT.GE WORM!No
XMicrosoft WMmswm32.exeAdded by the BCKDR-AM BACKDOOR!No
XMicrosoft WordBootSector.exeAdded by a variant of the AGOBOT/GAOBOT WORM!No
XMicrosoft Word Profissionalcsrss.exeAdded by the BANCBAN-DB TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "s1613" subfolderNo
XMicrosoft Word ProfissionalJava Plug In close.exeAdded by the BANKER-EL TROJAN!No
XMicrosoft Word Profissionalcsrss.exeAdded by the BANKER-DJ TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "protect" subfolderNo
XMicrosoft Word Profissionalcsrss.exeAdded by the BANKER-DP TROJAN! ! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "JavaVM" subfolderNo
NMicrosoft Works Calendar Reminderswkcalrem.exeIf you schedule an event at any time in Microsoft Works Calendar and set a reminder then a shortcut will be added to Start → All Programs → Startup so this reminder service loads every time Windows startsNo
NMicrosoft Works PortfolioWksSb.exeThe Works Portfolio tool lets you collect and organize text and pictures from the Web or your favorite program. The Works Portfolio provides a location where you can store items you want to later put into a document or other file. Can be prevented from starting from a setting within PortfolioNo
NMicrosoft Works Update Detectionwkdetect.exeChecks for updates to MS WorksNo
XMicrosoft World Servicewinworld.exeAdded by an unidentified IRC worm with backdoor capability! No
XMicrosoft WPCEmail[path to trojan]Added by the SNIFFER-N TROJAN!No
XMicrosoft WWW[path to trojan]Added by the AGENT-DRI TROJAN!No
XMicrosoft WxdateSyswu32.exeAdded by the SPYBOT.HZ WORM!No
XMicrosoft X Updatewuamkoppnp.exeAdded by the RBOT-ANI WORM!No
Xmicrosoft xdaemon 2.0xdaemon.exeAdded by the DELF.D TROJAN!No
XMicrosoft XML Servicemsxmlx.exeAdded by the RBOT.KS WORM!No
XMicrosoft Xp Systems loaderwinsystem32xp.exeAdded by the KELVIR.W WORM!No
XMicrosoft Xp Systems loaderswin32xpsys.exeAdded by the SPYBOT.NYT WORM!No
XMicrosoft XPSP Protocolxp386.exeAdded by a variant of the RBOT WORM!No
XMicrosoft xpsp2Networksystem.exeAdded by a variant of the SDBOT WORM!No
XMicrosoft xpsp2xpsp2.exeAdded by the SDBOT-YQ WORM!No
XMicrosoft©iexplore.exeAdded by the IRCBOT-ACO TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System%\dllcacheNo
XMicrosoft© PID LexPIDLex.exeAdded by the NIOVADOOR TROJAN!No
XMicrosoft© System MapperSysMap.exeAdded by the MAPSY TROJAN!No
XMicrosoft« ActiveX Debugger NTsetdebugnt.exeAdded by the BANCOS-CZ TROJAN!No
UMicrosoft® Windows Mobile® Device Centerwmdc.exeWindows Mobile Device Center - mobile device management/synchronization software for Windows7/Vista, supporting mobile devices based upon Windows Mobile 2003 or laterYes
UMicrosoft® Windows® Operating SystemSidebar.exeWindows Sidebar is a pane on the side of the Microsoft Windows Vista desktop where you can keep your gadgets organized and always available. In Windows 7 this feature is known as Desktop Gadgets and each gadget can be placed anywhere on the desktop. If the file isn't located in %ProgramFiles%\Windows Sidebar or you're using other versions of Windows it could be part of the Searchcentrix hijackerYes
UMicrosoft® Windows® Operating SystemehTray.exeMedia Center Tray Applet - part of Windows Media Center on XP MCE, Vista and Windows 7 (where it doesn't run as a startup). Allows Windows Media Center to be started by pressing the green button on a remote control and also displays System Tray notifications, such as recording status (successful or non-successful), EPG download notification, etcYes
NMicrosoft® Windows® Operating SystemRunDLL32.exe ehuihlp.dll,BootMediaCenterStarts Windows Media Center every time Vista (Home Premium or Ultimate) or Windows 7 (Home Premium, Professional or Ultimate) boots. Disable by unchecking the "Start Windows Media Center when Windows Starts" option via Windows Media Center → Tasks → Settings → General → Startup and Window BehaviourYes
NMicrosoft® Windows® Operating Systemrundll32.exe oobefldr.dll,ShowWelcomeCenterShows the Welcome Center every time you boot into Windows Vista - which "pulls all the tasks you'll most likely want to complete when you set up your computer into a single location"Yes
NMicrosoft® Windows® Operating Systemp2phost.exeSigns a user into the People Near Me feature at login in Windows 7 and Vista. People Near Me enables you to use certain peer-to-peer (P2P) programs on a network - that "identifies people nearby who are using computers and allows those people to send you invitations for programs such as Windows Meeting Space. They can only invite you to participate in programs that are installed on your computer." Available via Start → Control PanelYes
NMicrosoft® Windows® Operating Systemstikynot.exeMicrosoft Sticky Notes - virtual sticky notes tool from Windows Vista. This implementation of the popular yellow "Post-It" tool is part of the Tablet PC features and allows you to enter either handwriting (via a pen or mouse) or record a voice note. AVailable via Start → All ProgramsYes
UMicrosoft® Windows® Operating SystemWMPNSCFG.exeNetwork sharing tool for Windows Media Player 11 for XP & Vista. When using WMP 11 on home network you can choose to share your favorite music, videos, and pictures to others on the network. This entry is used to notify users when new media rendering devices are found on the network (including media players and other PCs running Windows Media Player 11) - see here for a more detailed explanationYes
NMicrosoft® Works 7.0wkcalrem.exeIf you schedule an event at any time in Microsoft Works Calendar and set a reminder then a shortcut will be added to Start → All Programs → Startup so this reminder service loads every time Windows startsYes
NMicrosoft® Works 8wkcalrem.exeIf you schedule an event at any time in Microsoft Works Calendar and set a reminder then a shortcut will be added to Start → All Programs → Startup so this reminder service loads every time Windows startsYes
XMicrosoft's System ModuleSysmodule.exeAdded by the BDOOR-FJ BACKDOOR!No
XMicrosoft(R) System Managersysmgr.exeAdded by the AGENT.QTR TROJAN!No
XMicrosoft--Updatessxvhost.exeAdded by the RBOT-FH WORM! No
XMicrosoft-software****.exe [* = random char]Added by a variant of the RBOT WORM!No
XMicrosoft-Updatewngard.exeAdded by the RBOT-JV WORM!No
XMicrosoft-Updatessvxhost.exeAdded by the RBOT-CT WORM!No
XMicrosoft.exe[random].exeAdded by a variant of the IRCBOT TROJAN!No
Xmicrosoft.exemicrosoft.exeAdded by the GOLDUN-GB TROJAN!No
XMicrosoft32win32sys.exeAdded by an unidentified WORM or TROJAN!No
Xmicrosoft420microsoft420.exeAdded by the MENACE.B WORM!No
XMicrosoft64antiv.exeAdded by the SOBER WORM!No
YMicrosoftAntiSpywareCleanergcASCleaner.exeMicrosoft Antipsyware - now superseded by Microsoft's Windows DefenderNo
XMicrosoftCorpflashsplayer.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XMicrosoftCorpjavaw.exeAdded by the BUZUS.BULO TROJAN!No
XMicrosoftCorpmsnrmgs.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XMicrosoftCorpregtray.exeAdded by the POISON.AHNW BACKDOOR!No
XMicrosoftCorpsecurebind.exeAdded by the INJECT TROJAN!No
XMicrosoftCorpsysdiag64.exeAdded by a the AUTOINF-AB WORM!No
XMicrosoftCorptraymgr.exeAdded by a variant of the IRCBOT BACKDOOR!No
XMicrosoftCorpupdate.exeAdded by the AUTORUN-ASG WORM!No
XMicrosoftCorpwupdate.exeAdded by the AGENT-LAY TROJAN!No
XMicrosoftDriverService32drsys32.exeAdded by the IRCBOT.AKX BACKDOOR!No
XMicrosoftf DDEs ContDLLrune.pifAdded by the RBOT-AGF WORM!No
XMicrosoftf DDEs ContrDLrunm.pifAdded by the RBOT-AFQ WORM!No
XMicrosoftf DDEs Controllxes.exeAdded by the RBOT.BOF WORM!No
XMicrosoftf DDEs Controlwees.exeAdded by a variant of the RBOT WORM!No
XMicrosoftf DDEs Controlsoff.pifAdded by the RBOT-AKH WORM!No
XMicrosoftf DDEs Controlwhy-.exeAdded by the RBOT-AMV WORM!No
XMicrosoftf DDEs Controlmsnn.exeAdded by the RBOT-AXT WORM!No
XMicrosoftf DDEs ControlFEnR.exeAdded by the RBOT-AIM WORM!No
XMicrosoftf DDEs Controlw33s.exeAdded by a variant of the RBOT WORM!No
XMicrosoftf DDEs Controlwaes.exeAdded by a variant of the RBOT WORM!No
XMicrosoftkeysdsystemproc.exeAdded by the FORBOT-BI WORM! No
XMicrosoftkeysdsystemwin32s.exeAdded by the WOOTBOT.CO WORM!No
XMicrosoftkeysdslass32.exeAdded by a variant of the RBOT WORM!No
XMicrosoftKsDrivers.batAdded by the SHUTDOWN-F TROJAN!No
Xmicrosoftm eegs cuntrolloor.pifAdded by a variant of the RBOT WORM!No
XMicrosoftMessengermsnserv.exeAdded by the DARKER.M WORM!No
XMicrosoftmsn32.exemicrosoftmsn32.exeAdded by the CERTIF-C TROJAN! No
XMicrosoftMultimediaTaskMmtask.exeAdware downloader - not the valid MusicMatch Jukebox which shares the same filenameNo
XMicrosoftNAPCflashsplayer.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XMicrosoftNAPCjavaw.exeAdded by the BUZUS.BULO TROJAN!No
XMicrosoftNAPCmsnrmgs.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XMicrosoftNAPCregtray.exeAdded by the POISON.AHNW BACKDOOR!No
XMicrosoftNAPCsecurebind.exeAdded by the INJECT TROJAN!No
XMicrosoftNAPCsysdiag64.exeAdded by a the AUTOINF-AB WORM!No
XMicrosoftNAPCtraymgr.exeAdded by a variant of the IRCBOT BACKDOOR!No
XMicrosoftNAPCupdate.exeAdded by the AUTORUN-ASG WORM!No
XMicrosoftNAPCwupdate.exeAdded by the AGENT-LAY TROJAN!No
XMicrosoftNetwork Daemon for Win32NETD32.EXEAdded by the RANDEX.F WORM!No
XMicrosoftOEMsmvss.exeAdded by the DEDLER-G TROJAN!No
XMicrosoftPersonalFirewallspoolsrv.exeAdded by the WOOTBOT.DO BACKDOOR!No
XMicrosoftROMDriverServicecdrss.exeAdded by the IRCBOT.BLF BACKDOOR!No
XMicroSoftRunMSCOMM.dllAdded by the AGENT-DJG TROJAN!No
XMicrosofts Help Servicesmsnmngr.exeAdded by the SDBOT-PJ WORM!No
XMicrosofts mediawinmplayd.exeAdded by an undidentified WORM or TROJAN!No
XMicrosofts mediawingtp.exeAdded by the RBOT-VO WORM!No
XMicrosofts MediaScopewinmep.exeAdded by the RBOT-WB WORM!No
XMicrosofts MediaScopewinmedplay.exeAdded by a variant of the RBOT WORM!No
XMicrosofts Security Manager****.exe [**** = random char]Added by the RBOT-WH TROJAN!No
XMicrosofts Servicelcsrv16.exeAdded by a variant of the RBOT WORM!No
XMicrosofts Updateslsasss.exeAdded by the RBOT-AEX WORM!No
XMicrosofts Updatezcmsssr.exeAdded by an unidentified VIRUS, WORM or TROJAN!No
XMicrosofts Updatezexploirez.exeAdded by a variant of the RBOT WORM!No
XMicrosoftServiceManagermstask32.exeAdded by the YAHA.P WORM!No
XMicrosoftServiceManagerWintsk32.exeAdded by the YAHA.U WORM!No
XMicrosoftServiceManagerEXPLORERE.EXEAdded by the YAHA.AB WORM!No
XMicrosoftServiceManagermsupdat.exeAdded by the YAHA.AA WORM!No
XMicrosoftShellShellcomm.exeAdded by the BANCBAN-QG TROJAN!No
XMicrosoftSourceSafecsrss.exeAdded by the WEBUS TROJAN! Note - this is not the legitimate csrss.exe process which should not normally figure in Msconfig/Startup!No
XMicrosoftSourceSafelsass.exeAdded by the WEBUS.B TROJAN! Note - this is not the legitimate lsass.exe process which should not normally figure in Msconfig/Startup!No
XMicrosoftSysSPOOLSYS.exeAdded by the TARNO.N TROJAN!No
XMicrosoftUpdatesyshelper.exeAdded by the WOOTBOT.AC WORM!No
XMicrosoftUpdateWinUp32.exeAdded by an unidentified VIRUS, WORM or TROJAN!No
XMicrosoftUpdateMicrosoftUpdate.exeAdded by the BANKER-EHC TROJAN!No
XMicrosoftUpdatewindll.exeAdded by the RBOT-IH WORM!No
XMicrosoftUpdateRBuilder.exeAdded by the DLOADR-BMV TROJAN!No
XMicrosoftUpdatesvhest.exeAdded by the RBOT-ES WORM!No
XMicrosoftUpdatedownnew.exeAdded by the TANTO-D TROJAN!No
XMicrosoftUpdates[path to trojan]Added by the DELF-LO TROJAN!No
XMicrosoftUpdatessyshelped.exeAdded by the FORBOT-AZ WORM!No
XMicrosoftValuesyscnfg.exeAdded by an unidentified VIRUS, WORM or TROJAN! "syscnfg.exe" is found in %Windir%\fonts\font2 where no *.exe files should resideNo
XMicrosoftvirussysoverload.exeAdded by the FORBOT-AL WORM!No
XMicrosoftWindows[various filenames]MagicSearch - a CoolWebSearch parasite variantNo
XMicrosoftWindowsa@26m.exeAdded by the KILLPAR-B TROJAN!No
XMicrosoftXP Service Pack 2servicepack2.exeAdded by the RBOT.EMC WORM!No
XMicrosoftz turn Controlaexl.exeAdded by the SDBOT.BCO WORM!No
XMicrosoftz turn Controlread.pifAdded by the RBOT-AFS WORM!No
XMicrosongsvchosts11.exeAdded by the SDBOT-EV WORM!No
XMicrosot NT Support[random filename].exeAdded by the RBOT-CTI WORM!No
XMicrosotufed Update 32windinit.exeAdded by the RBOT-CTJ WORM!No
XMicrost dds servicewsrss.exeAdded by an unidentified WORM or TROJAN!No
Xmicrosystemsnddrv.exeAdded by the VB.AXG TROJAN!No
XMicroszoft Update Mach1nezssvchst.exeAdded by the RBOT-ED WORM! No
UMicrotek Scanner FinderScannerFinder.exeMonitors whether a scanner is present. Provided with Microtek scannersNo
XMicrozoft_OfizKdzEregli.exeAdded by the AMUS.A WORM!No
XMicrsft Updesexagwxz.exeAdded by a variant of the IRCBOT BACKDOOR!No
XMicrsoft CFG 32lrbzus32.exeAdded by a variant of the AGOBOT/GAOBOT WORM!No
XMicrsoft DerSystemuqieelpb.exeAdded by the RBOT-GRI WORM!No
XMicrsoft Driverwindrive.exeAdded by the SDBOT.AF TROJAN!No
XMicrsoft Drivermsdriver.exeAdded by the SDBOT-XD WORM!No
XMicrsoft Driverwindrive32.exeAdded by the SLINBOT.TT BACKDOOR!No
XMicrsoft Internet ExplorerIEXPL0RE.EXEAdded by the RBOT-AQV WORM! Note the number "0" in the filenameNo
XMicsoft-Published-Softwareexplrer.exeAdded by the RBOT-GFL WORM!No
XMicsorosft Security Centerwcnsfty.exeAdded by the RBOT-AHU WORM!No
Xmig2mig2.exeAdded by the BRONTOK-BW WORM!No
NMightyFAX ControllerMFNTCTL.EXEMighty FAX from RKS Software - "installs a printer driver so that you can fax directly from Windows software"No
?MigrationVendorSetupCallerrundll32.exe migrate.dll, CallVendorSetupDlls??No
XMilitary Net KillerMNK.exeAdded by the MILLNET-A WORM!No
UMilShieldSlaveShieldWorker.exeMil Shield from Mil Incorporated. It protects your privacy by removing all tracks from your online or offline computer activitiesNo
NMimBootmimboot.exeStarts Musicmatch Jukebox at bootup - can be started manuallyNo
XMincerMincer.exeAdded by the MINCEME-A VIRUS!No
UMindfulMindful.exeMindful from Felitec inc. "Event reminder software with date and time tools in a simple to use system tray application"No
UMini-XPMini-XP.exeMinimizer-XP from Totalidea Software - adds an additional button in the top right-corner of any application window to allow you to quickly minimize it to the System Tray. No longer available from the author but still available from download sites such as Download.comYes
XMINIBUGMINIBUG.EXEDisplays ads inside Weatherbug - see hereNo
NMiniEYE-MiniREAD LaunchARLaunch.exeeyeQ - improve your reading speedNo
NMINIFERT.EXEMINIFERT.EXEPart of BackwebNo
UminilogMINILOG.EXEIf you don't have ZoneAlarm or ZoneAlarm Pro running you don't need this. This must be enabled if programs such as VisualZone Report utility or ZoneLog Analyzer are in useNo
NMiniMavisMiniMavis.exeMavis Beacon typing tutorNo
Xminimo[path to file]Added by the MOSUCK-X TROJAN!No
NMiniNoteMININOTE.EXEMini NoteTab was the first in the family of "NoteTab" text and HTML editors from Fookes SoftwareNo
NMiniphoneglophone.exeVoiceGlo Glophone - "an affordable and convenient way to call friends and family throughout the world using a dial-up or broadband Internet connection on your computer" using the VoIP (Voice over Internet Protocol). No longer availableNo
Xminiportusb2chk.exeAdded by the LAZAR-A TROJAN!No
XMiniPortRtminiport_mp.exeMalware - see hereNo
UMiniReminderMiniReminder.exe"MiniReminder is a small, fast, and simple program for Microsoft Windows to remind yourself of important yearly events, like birthdays, anniversaries, renewals, etc"No
XMiniServer.exeMiniServer.exeAdded by the LITTLEW-E TROJAN!No
Xminix32minix32.exeAdded by the AGENT.CKQX TROJAN!No
UMinMaxExtenderMmext.exeMinMaxExtender - window handling toolNo
XMioft Wiws Seice ent[worm filename].exeAdded by the RBOT-GIJ WORM!No
XMiosf Updatewimsqaad.exeAdded by the SDBOT.AG TROJAN!No
UMioSyncmioSync.exeRelated to Mio GPS navigation devicesNo
NMirabilis ICQNDetect.exeIf connected to the internet, automatically runs up ICQ. Convenience more than anything. ICQ can be started from Start -> ProgramsNo
NMirabilis ICQicq.exeIf connected to the internet, automatically runs up ICQ. Convenience more than anything. ICQ can be started from Start -> ProgramsNo
NMirabilis ICQICQNet.exeIf connected to the internet, automatically runs up ICQ. Convenience more than anything. ICQ can be started from Start -> ProgramsNo
UMiramar Systems, Inc.atmsg.exeMiramar PC/Mac networking softwareNo
NMiranda IMmiranda32.exeMiranda instant messaging clientNo
XMirate Sp 2 Informationmiratesp2.exeAdded by the RBOT.QH WORM!No
XMircosoft DNS Servicesvchost.exeAdded by the IRCBOT-AK TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "drivers" subfolderNo
XMircosoft Sockets SP2mssck.exeAdded by the MYTOB.ET WORM!No
XMircosoft Updatewuampkd.exeAdded by a variant of the SDBOT WORM!No
XMircosoft Windows Developer Enviromentdevenv.exeAdded by an unidentified WORM or TROJAN!No
XMircosoft Windows Developer Enviromentdevenv.exeAdded by the RBOT.AUJ BACKDOOR!No
XMircrosoft Svchost32svchost32.exeAdded by the RBOT-AZW WORM!No
XMircrosoft Technic HelpEditKey.exeAdded by the KOLABC.AS WORM!No
XMircrosoft Technic HelpRegKey.exeAdded by a variant of the SPYBOT WORM! See hereNo
XMircrosoft Windows Config DLLrundllc32b.exeAdded by the RBOT-ZY WORM!No
NmiroVIDEO Tray Toolmisitray.exeTool for quickly changing options for miro/Pinnacle capture cards during capture/playback/output. When this program is closed, another program (mv-ctrl) is also closed, but mv-ctrl does not have its own EXE file. Only needed when using the capture card, e.g. for the above actionsNo
UMirraMirra.Client.exeMirra Personal Server from Seagate Tech - "a powerful hardware/software solution that integrates high-capacity storage with content protection, remote access, sharing and multi-computer synchronization"No
UMirrorFolderShellmrfshl.exeMirrorFolder backup softwareNo
XMirsoft sdcEtaskmegr.exeAdded by the RBOT-AWY WORM!No
XMiscrosoft Windows ExplorerIEEXPLORER.exeReported as the SDBOT.YX WORM!No
?misiCTRLmisiCTRL.exeMiro video driver related. Is it required?No
?misiTRAYmisiTRAY.exeMiro video driver related. Is it required?No
XMismowin32x.exeAdded by the RBOT-JP WORM!No
XMistikotitaTuIpologistiGDC.exeMistikotitaTuIpologisti Greek rogue privacy tool - not recommended. A member of the PCPrivacyTool familyNo
NMixerMixer.exeC-Media Mixer - C-Media produce audio chipsets that are often found on popular motherboards with on-board audio. Provides System Tray access to change audio settings. Available via Start -> Settings -> Control Panel or Start -> ProgramsNo
NMixerselmixersel.exeConfiguration for Realtek audio devicesNo
NMixghostmixghost.exeManagement software for Altec Lansing speakers. If a change is needed, the user can launch it from the Start menuNo
XMJte32.exeAdded by the AGENT.HAA TROJANNo
Xmjcmjc.exeAdded by the AGENT.AKCI TROJAN!No
Umkb.exemkb.exeMomKnowsBest surveillance software. Uninstall this software unless you put it there yourselfNo
Xml00!.exeml00!.exeMalware, detected by Panda as the BWD TROJAN!No
UML1HelperStartUpML1HEL~1.EXEScreenScenes "Midnight Lake" screensaver. The freeware version comes with GAIN branded ads (pop-ups and others). ScreenScenes do however offer you the option of doing away with the ads by purchasing the screensaver for a whopping $30. Please note that Claria Corporation no longer support GAIN-Supported software - see hereNo
UML1HelperStartUpML1Helper.exeScreenScenes "Midnight Lake" screensaver. The freeware version comes with GAIN branded ads (pop-ups and others). ScreenScenes do however offer you the option of doing away with the ads by purchasing the screensaver for a whopping $30. Please note that Claria Corporation no longer support GAIN-Supported software - see hereNo
Xml34[path to trojan]Added by the MAILBOT-BH TROJAN!No
XMlcr0s0ftf DDEs C0ntr0iWAed.pifAdded by the RBOT-BJW WORM!No
XMlCROSOFT FEnRMlCROSOFT.EXEAdded by the GAOBOT.CII WORM! Note that both the name and command have a lower case "L"No
Xmlibsysmccomzcinc.exeAdded by the SDBOT-CXS WORM!No
Xmloadlxmstart.exeAdded by an unidentified VIRUS, WORM or TROJAN!No
?MM Installsetup.exePossibly Money Manager from Moneysoft?No
XMMB2explorer.exeAdded by an unidentified WORM or TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%No
XMMCinisys.exeAdded by the OSCABOT-I WORM!No
Xmmcndmgrmmcndmgr.exeAdded by an unidentified VIRUS, WORM or TROJAN!No
NMMCWINMGMTwinmgmt.exeUsed for Enterprise Management. If you are not an IT Administrator you don't need it to be running. Also runs from the PCHealth "scheduler" - refer hereNo
Xmmemdrvmmemdrv.exeSecondSight spyware. Note - SecondSight is spyware that captures keystrokes and screen shots, and logs user activity on the compromised computer. The risk can then send the logged information to a remote attacker via email, must be manually installedNo
UMMERefreshMMERefresh.exePart of Digidesgin Protools. Refreshes your midi ports on the 002(R) (the 002R is a hardware audio/midi converter connected to your computer via firewire). Must be running in order to use the MIDI functionality of the Digi002RNo
XMmessengermessenger.exeAdded by the AGOBOT.GM WORM!No
XMmgsvcmmgsvc.exeMmgsvc spyware No
UMMhidmmhid.dllThis is the Human Interface Device Server for Win98, it is required only if you are using USB Audio Devices you can disable via Msconfig. See here. Typical examples are USB multimedia keyboards with volume control and web-ready keyboards. For example - loaded by default with MS DSS80 Speakers because they have Volume, Mute and Bass controls on the speaker. Some users may experience problems disabling this - if this is the case then re-enable it. Equivalent to Hidserv in Win98SE/2000/Me/XPNo
?MMHKmmhk.exeA driver found on a Compaq Presario 800T notebook. Possibly something to do with multimedia hot keys?No
NMMHotKeyMMHotKey.exeMultimedia key handling for the relevant type of Turbo-Media keyboard. Shortcut available. Note that with this running it can crash DirectX8/9 under WinXP when a game switches to full-screenNo
XMMicrosoft Security Managementinetforn.exeAdded by the RBOT.AFZ WORM!No
UMMKeybdMMKeybd.exeMultimedia keyboard manager. Required if you use the additional keysNo
UMmmMmm.exeHace Mmm - free utility to configure your Windows menus and move and remove menu-items you never useNo
Xmmnext06trjdwnl.dllMalware installed by different rogue security software including SpyKillerPro and the XP AntiVirus seriesNo
Xmmodmmod.exeeZula TopText adwareNo
Nmmptim1mmpti.exeMpact Mediaware Properties Taskbar Icon - multimedia software icon for Chromatic Research Mpact video cardsNo
NMMReminderServiceMMReminderService.exeMind Manager from Mindjet - "easy way to organize ideas and information". Registration reminder No
?MMRunmmrun.exe??No
Xmmsassmmdmm.exeAdded by the SDBOT.SO WORM!No
Xmmsddlx[random filename]Added by a variant of the SLAPER TROJAN!No
?mmsysrecover.exe??No
XMMSystemrundll32.exe mmsystem.dll, RunDll32Added by the FUNNER-A WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "mmsystem.dll" file is found in %System% No
YMMTASKmmtask.tskA check on the file's properties reveals "Multimedia background task support module". MMTASK is a very simple 16-bit program used by certain multimedia drivers (which are still 16-bit on Win9x) to perform background processing. Some soundcards need this to support MIDI, etcNo
Nmmtaskmmtask.exePart of MusicMatch Jukebox - digital music player / CD burner and ripper / music organizer / playlist creatorNo
XMMtask Servicemmtask.exeAdded by the BACKGAT.A TROJAN! Not the valid MusicMatch Jukebox which has the same filenameNo
NMMTraymm_tray.exeMusicMatch Jukebox icon in the task tray - digital music player / CD burner and ripper / music organizer / playlist creatorNo
NMMTrayMMTray.exePart of Morgan Multimedia Codecs. Only required when the codecs are usedNo
NMMTray2KMMTray2K.exePart of Morgan Multimedia Codecs. Only required when the codecs are usedNo
NMMTrayLSIMMTrayLSI.exePart of Morgan Multimedia Codecs. Only required when the codecs are usedNo
?mmusrstpprocrun.exe??No
Xmmxp2passion.exemmxp2passion.exeMediaMotor adwareNo
Xmmxrunmsosa.exeAdded by an unidentified TROJAN or WORM! No
Xmmxrunmswinindex.exeTwoSeven spywareNo
Umm_servermm_server.exePart of MusicMatch Jukebox - digital music player / CD burner and ripper / music organizer / playlist creatorNo
Xmnklinsmnklins.exeVX2.Transponder parasite updater/installer relatedNo
XMNPolmnpol.exeAdded by the DLUCA.B TROJAN!No
UMNSMNS.exeMobile Net Switch enables you to use your computer on more then one network with the click of a button. It allows you to automatically select the correct drive mappings, printer settings, IP settings and much moreNo
Xmnsamnso.exeAdded by the LINEAG-AI TROJAN!No
Xmnsvcmnsvc.exeAdded by the AUTOUPDER TROJAN!No
Xmnsvcspmnsvcsp.exeAdded by an unidentified VIRUS, WORM or TROJAN!No
?mnuigomnu.exeWanadoo broadband ISP (now rebranded as Orange) related. What does it do and is it required?No
NMobile Connectivity SuiteApplication Launcher.exeSystem Tray access to the HTC Sync mobile phone management utility for models including the Hero, Magic and Tattoo. Used to synchronize your computer's Outlook contacts and calendar or your Outlook Express contacts with your phone and can be used to backup this information to your computer. Run manually via the Start Menu before connecting the phoneYes
UMobile Phone SuiteMobilePhoneSuite.exeLogitech Mobile Phone Suite No
Umobile PhoneToolsmPhonetools.exeMotorola Phone ToolsNo
UMobipocket Reader Notificationsreadernotify.exePart of Mobipocket Reader - "Store all your eBooks, eNews & self-published eDocs on your PC. Download eBooks in Mobi format from your favorite ebookstores to read on your smartphone, PDA, laptop or on your desktop PC"No
UMobipocket Web Companionwebcomp.exeRelated to Mobipocket eBook ReaderNo
Xmobiswing[random].exeMobis adwareNo
Umobsyncmobsync.exeMicrosoft Synchronization Manager for 2K/XP - used to update network copies of materials that were edited offline, such as documents, calendars, and e-mail messages. Available via Start → All Programs → Synchronize, this entry appears if you select Setup → "When I log on to my computer"Yes
XMOBSYNC32.EXEmobsync32.exeAdded by the FINERO TROJAN!No
NMODmuamgr.exeUsing MicroAngelo On Display, you can easily select the icon images that you prefer rather than the default icons displayed by Windows. On Display provides a consistent and elegant method to customize the icon display for almost every icon on your systemNo
XModemlocatesvc.exeAdded by a variant of the SPYBOT WORM!No
XModem Driverz Updatesmdmdrv.exeAdded by a variant of the SDBOT WORM!No
UMODEMBTRMODEMBTR.EXEModem Booster from inKline Global to improve ISP connectionsNo
XModeminfModeminf.exeAdded by a variant of the CRYPTER.C TROJAN!No
UModemOnHoldMOH.EXENetWaiting/Modem-on-Hold - allows you to place your Internet connection on hold while you take a voice call (if Call Waiting is supported by your phone company). See here for more informationNo
UModemOnHoldnetWaiting.exeNetWaiting/Modem-on-Hold - allows you to place your Internet connection on hold while you take a voice call (if Call Waiting is supported by your phone company). See here for more informationNo
NModemUtilitymdmsetpe.exeSystem Tray configuration icon for Aztech modemsNo
XModifiet Amateur HTPBwuaclt.exeAdded by the IRCBOT.AYS WORM!No
UModPS2ModPS2Key.exeHotkey drivers for Chicony keyboard. Required if you use the hotkeysNo
XModularConfigsyscnfg.exeAdded by an unidentified VIRUS, WORM or TROJAN! "syscnfg.exe" is found in %Windir%\fonts\font2 where no *.exe files should resideNo
XModule Call initializeRUNDLL32.EXE reg.dll, ondll_regAdded by the LOVGATE.C WORM!No
XModulo 00FE0F01 Host Internetsyschost.exeAdded by the DELF-KW TROJAN!No
XMonAppli[random filename]Added by the DELF.IF TROJAN! The most common filenames are isys32.exe & msnmsg.exeNo
XMonContenuassistantGDC.exeMonContenuassistant French rogue privacy tool - not recommended. A member of the PCPrivacyTool familyNo
NMoney Expressmoneyexpress.exePart of MS Money. Available via Start -> ProgramsNo
NMoneyAgentmoney express.exePart of MS Money. Available via Start -> ProgramsNo
NMoneyAgentmnyexpr.exeMicrosoft MoneyNo
NMoneyStartUpMoney Startup.exeMicrosoft MoneyNo
NMoneyStartUp10.0Activation.exePart of MS Money 2002. Available via Start -> ProgramsNo
Xmonitormonitor.exeBrowser hijacker, redirecting to NCM SearchNo
UMonitorSD Monitor.exe"Transfer data quickly between your memory card and your computer with SanDisk's Readers, Writers and Adapters"No
XMonitorexplor.exeAdded by the AGOBOT-EF BACKDOOR!No
?MonitorMonitor.exeRelated to the Philips SPC610NC & PixArt PAC207 webcams (and possibly others) and Leapfrog Connect Application. What does it do and is it required?No
UMonitor Apache ServersApacheMonitor.exePart of the Apache Web Server package. Useful only if you're running such a server on your PC. Available via Start -> ProgramsNo
XMonitor calibrationAV1i.exeAnti-Virus-1 rogue security software - not recommended, removal instructions hereNo
UMonitor Helpermonitor.exeMyLittleSpy keystroke logger/monitoring program - remove unless you installed it yourself!No
XMonitor Test[random filename]Added by the SDBOT-NC WORM!No
Xmonitor1amonitor1a.exeAdded by the MSNAGEN-A TROJAN!No
XMonitoring Servicesvchost.exeAdded by the CONE.C WORM! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\tasksNo
XMonitormgtMonitormgt.exeAdded by the GEMA TROJAN!No
UMonitorSDSDMonitor.exeSpyware Detector - spyware remover. Initially not recommended due to false positives but the later versions have since improved - see hereNo
Xmono.exemono.exeAdded by the SDBOT-DHV WORM!No
XMONPluginSrIvcsn3monap23.exeAdded by a variant of the RBOT WORM!No
NMonstersoundtrayFreectrl.exeDiamond Multimedia sound card control panelNo
XMonTestvccxzq.exeAdded by the SDBOT-EA WORM!No
UMoodBookmb.exeMoodBook is a free Windows utility that brings art to your desktop No
?MoodLogic ServiceMLService.exePart of the MoodLogic music management utility - which "automates the process of fixing and organizing digital music (MP3, WMA, and .wav) files in bulk. Once the tunes are organized, you can sort music by genre, artist, tempo, and mood (aggressive, mellow, upbeat, happy, romantic, sad), and create playlists accordingly". Now discontinued but what does it do and is it required?No
NMoodLogic UpdaterUpdater.exeUpdater for the MoodLogic music management utility - which "automates the process of fixing and organizing digital music (MP3, WMA, and .wav) files in bulk. Once the tunes are organized, you can sort music by genre, artist, tempo, and mood (aggressive, mellow, upbeat, happy, romantic, sad), and create playlists accordingly". Now discontinuedNo
?MoodLogicTVmtv.exeRelated to the integration between the MoodLogic music management utility and the TiVo Home Media Option (HMO). What does it do and is it required?No
Nmoon phasemoon.exeMoon Phase - tray icon that indicates the phases of the moonNo
XMooNlightMySqld-nt.cmdAdded by the BOBANDY-A WORM!No
UMoonymoony.exeMoony - ISDN software that lets you "always know who is calling or who called when you were away"Yes
XMoreContentrundll32.exe MSA64CHK.dll,DllMostrarMatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
XMoreResultsMoreResults.exeMoreResults adwareNo
NMorpheusmorpheus.exeMusicCity Networks' Morpheus - another peer-to-peer client based on Kazaa. Notable in that this one doesn't seem to install the adware that clog the Kazaa download. They claim they are adware free, and a visitor quotes "I have seen no instance of any since using it"No
Xmorphstbmorphstb.exeAdware - detected by Kaspersky as the STUBBY.C TROJAN!No
Xmosearchmosearch.exeFast Search in Office XP - similar to the new revision of the Find Fast feature in Office 2000. Fast Search uses the Indexing Services in Office XP to create a catalog of Office files on your computer's hard disk. As with Find Fast - a waste of resources. If it can't be disabled via MSCONFIG try hereNo
XMotherboard ConfigAti2xxx.exeAdded by the RBOT-AIK WORM!No
XMotherBoard SoundsSounds.exeAdded by the RBOT-AAP WORM!No
NMotive SmartBridgempbtn.exeSystem tray icon for the Virtual Assistant from AT&T Broadband, used to communicate internet problems via the network rather than telephone. Available via desktop shortcut or Start -> Programs - not requiredNo
NMotive SmartBridgeMotiveSB.exeSystem tray icon for the Virtual Assistant from AT&T Broadband, used to communicate internet problems via the network rather than telephone. Available via desktop shortcut or Start -> Programs - not requiredNo
NMotive SmartBridgeBTHelpNotifier.exeSystem tray icon for help from BT Broadband, used to communicate internet problems via the network rather than telephone. Available via desktop shortcut or Start -> Programs - not requiredNo
UMotiveMonitormotmon.exeFound on HP/Dell and Compaq systems (and maybe others). MotiveMonitor is used by the suppliers on-line support and allows the agent at the far end to do harddrive/ram/video/etc tests on the computer. Can cause some users problems with IE and Netscape by disabling this - in this case leave it to run. You may also wish to leave it alone if the PC is still within the support period from the manufacturer. For most users it's not requiredNo
NMotiveSBMotiveSB.exeSystem tray icon for the Virtual Assistant from AT&T Broadband, used to communicate internet problems via the network rather than telephone. Available via desktop shortcut or Start -> Programs - not requiredNo
UMotMonmotmon.exeFound on HP/Dell and Compaq systems (and maybe others). MotiveMonitor is used by the suppliers on-line support and allows the agent at the far end to do harddrive/ram/video/etc tests on the computer. Can cause some users problems with IE and Netscape by disabling this - in this case leave it to run. You may also wish to leave it alone if the PC is still within the support period from the manufacturer. For most users it's not requiredNo
Xmotoinmm15201518.Stub.exeDelfin Promulgate adware variantNo
UMotorola Desktop SuiteDesktopSuite.exeRelated to Motorola Desktop Suite - PC software managing Motorola mobiles such as the A1000No
UMotorola Desktop Suite mRouter ConfigmRouterConfig.exeConfiguration for Motorola's version of Intuwave's m-Router - "that enables easy connectivity between mobile devices and PCs across Bluetooth, Infrared, USB and serial cable connections". It was licensed and used by the Symbian OS but m-Router is no longer readily available since Intuwave went into administration in 2006No
UMotor_Tracking_ToolMTTool.exeSweex Motion Tracking Webcam utility. "The motion tracking function ensures that the camera can follow all your movements. So you can move and chat, without disappearing from view"No
UMount Safe & SoundFbmount.exeFrom McAfee VirusScan version 5.x. Creates back-up sets of critical files in a separate area of a hard drive. If you make regular back-ups it's not needed and can be painful during system startNo
Umount.exemount.exePart of "GiPo@FileUtilities - GiPo@Mount "Provides advanced substitutional and mounting services. It allows to attach a local drive to an empty folder on an NTFS volume (only for Windows 2000/XP) and to substitute a local folder for a drive letter"No
Xmousemouse.exeAdded by the RBOT-AHJ WORM!No
UMouse 32AMouse32A.exeMouse utility. If you disable this entry you will not be able to use any of the non-standard functions of the mouseNo
NMouse Suite 98 Daemonpelmiced.exeMouse driver. Appears to cause a behaviour where the desktop suddenly flips back up when playing DirectX associated gamesNo
UMouse Suite 98 DaemonICO.EXEFound on some Sony Vaio, IBM Thinkpad and Dell (and possibly other) laptops and seems to be related to Mouse Suite 98 Daemon according to the properties. Required on the Dell Inspirion 530 as without it the Dell mouse suite does not load and mouse settings are not retained on a reboot. Appears to cause a behaviour where the desktop suddenly flips back up when playing DirectX associated gamesNo
Xmousebutmousebut.exeAdded by the CRYPTER.A TROJAN!No
XMousecntlmousecntl.exeAdded by a variant of the CRYPTER.C TROJAN!No
NMouseCountMC.exeMouseCount by Kittyfeet Software. "Utility for counting how many times us computer junkies click our mouse in a given session/day/week/month/year." Not requiredNo
Xmousedrive.exeinstantmsgrs.exeAdded by the FORBOT-ER WORM!No
XMouseDrv[path to worm]Added by the ZOLOAD-B WORM!No
XMouseDrvupdate.exeAdded by the ZOTOB.N WORM!No
UmouseElfMC.exeGenius NetScroll mouse driver - required if you use non-standard Windows driver featuresNo
UmouseElfmouseElf.exeSystem Tray access to the mouse control panel for Genius Netscroll mice. Required if you use non-standard Windows driver featuresNo
UMouseImpMImpHost.exeMouseImp Pro - "A reliable assistant that turns your mouse into a simple, native but powerful controlling device"No
Xmousepadmousepad.exeAdded by the CLICKER TROJAN! No
UMouseWareLogi_MwX.exeLogitech Mouseware driver. Needed to support some additional functionality of Logitech mice/trackballs such as "SmartMove". If you disable it and find you don't need it leave it disabledYes
UMousinfomousinfo.exeMS mouse information tool - for troubleshooting mouse problemsNo
XMoussaEvil[path to file]Added by the MUSANUB-A WORM!No
XMoveSearchSearch.exePigSearch adwareNo
XMoveSearchzsearch.exePigSearch adwareNo
NMovielink Manager Uninstallmsvcmm32.exeAuto-update for Movielink - internet movie rental System Tray accessNo
XMovieMlmovie.exeAdded by the BEAGLE.DS WORM!No
Xmoviemkmoviemk.exeAdded by the DWNLDR-GTB TROJAN!No
XMovieNetworksMovieNetworks.exeMovieNetworks will connect you by a domestic premium rate telephone number 900-xxx-xxxx - so you get xxx rated pictures and junk and high internet costs. Remove the %ProgramFiles%\MovieNetworks directoryNo
XMovieplaceMovieplace.exeMoviePlace malwareNo
XMozilamozila.exeAdded by the DELBOT-AJ WORM!No
XMozila Firefoxfirebox.exeAdded by the RBOT-AIP WORM!No
XMozilla Firebird v0.8 Internet Browsernetstats.exeAdded by the IRCBOT.MC TROJAN!No
XMozilla FirefoxF1REF0X.EXEAdded by the SDBOT-UP BACKDOOR! Note that the filename has the numbers "1" and "0" in place of upper case "i" and "o" respectively No
XMozilla Firefoxfirefox.exeAdded by the AUTOTUN.POM WORM! Note - this is not the popular FireFox web browser and is located in %System%No
NMozilla Quick LaunchNetscp6.exeNetscape 6 and Mozilla browsersNo
NMozilla Quick LaunchMozilla.exeNetscape 6 and Mozilla browsersNo
XMozillacorpsystem.exeAdded by the SILLYFDC WORM!No
Nmozilla_cleanupxpicleanup.exeFirefox Mozilla cleans up after installation. It is invoked on a restart after installation, to remove the bits and pieces resulting from the installationNo
UMozy Statusmozystat.exeMozy - free backup at a secure, remote locationNo
XMP Servicesmpsvc.exeAdded by the WOOTBOT.EQ WORM!No
XMP Tcloakssmptclock.exeAdded by the NACKBOT-B WORM!No
XMP Tcloaxsmptcloaxs.exeAdded by the RANDEX.CT WORM!No
XMP Tclockvvmptclock.exeAdded by the NACKBOT-A WORM!No
XMP Tclockvvmptclock.exeAdded by the NACKBOT-A WORM!No
XMP Tclockvvmptclockvv.exeAdded by the RANDEX.CJ WORM!No
NMP3 CD ExtractorCD-Extractor.exe"MP3 CD Extractor is an audio CD to MP3 ripper which can extract Digital Audio tracks from Audio CDs into files on the hard disk"No
XMp3 LoaderSysdata.EXEAdded by the AVETTE-A VIRUS!No
XMP3Collectionrundll32.exe MSA64CHK.dll,DllMostrarMatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
XMP3downloadrundll32.exe MSA64CHK.dll,DllMostrarMatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
XMP3filesrundll32.exe MSA64CHK.dll,DllMostrarMatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
XMP3freeDownloadrundll32.exe MSA64CHK.dll,DllMostrarMatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
XMP3freeDownloadsrundll32.exe MSA64CHK.dll,DllMostrarMatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
XMP3nicerundll32.exe MSA64CHK.dll,DllMostrarMatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
XMP3Themesrundll32.exe MSA64CHK.dll,DllMostrarMatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
XMP3ToTheMaxrundll32.exe MSA64CHK.dll,DllMostrarMatrixDialer/Mostrar parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in %System%No
XMP4 Playermp4Player.exeMP4 Player allows you to view MP4 videos. Marked as undesirable due to the fact that it changes your homepage to a custom Google search engine, changes your browser's default search provider, and runs hidden in the background. Terms of use also state that it collects and tracks urls you visit in order to display relevant adsNo
XMPatrolPROMPatrolPRO.exeMalwarePatrol Pro rogue security software - not recommended, removal instructions hereNo
UMPEOCsinsm32.exeAutomatic logging of installs from Norton CleanSweep - available via Start -> ProgramsNo
YMPFExempf.exeMcAfee Personal FirewallNo
YMPFExeMpfTray.exeMcAfee Personal FirewallNo
YMPFTrayMpfTray.exeMcAfee Personal FirewallNo
XMPL32 driverMPL32.exeAdded by the LOONY-M TROJAN!No
XMPlay64mplay64.exeAdded by the MPLAY64 TROJAN!No
YmpLockDriveLockDrive.exeLockDrive from i8 Technologies makes selected folders and drives read only and can be used to prevent users downloading or copying data to portable drives and memory sticks - i.e., USB, Firewire, SATA, ZIP, etcNo
UMplSetupMplSetup.exeUsed by Ricoh network printers to enable network printing from the clientNo
XMPM ManagerMPM.exeAdded by the DONBOMB.A TROJAN!No
XMPNetmpn.exeAdded by the DELBOT-W WORM!No
UMPowerMPower.exeMPower from MindBeat. "Defragments and frees your RAM giving more stability to your system and avoiding needless use of swap file. Willl also benchmark (speed test) your hard disk drives and your CPU load". MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mindNo
Xmppddsmppdds.exeAdded by the PWS-AKZ TROJAN!No
Xmppdsmppds.exeLEGMIR.AQZ spywareNo
XMPR MSGmprmsg32.exeAdded by the MYTOB.CF WORM!No
XMPREXEMPREXE.EXEAdded by the OPASERV.T WORM! Note - this is not the legitimate Mprexe.exe system fileNo
YMPREXE.exemprexe.exeWIN32 Network Service Interface Process. MPREXE.exe enables the computer to have multiple clients/protocols for networks. There are some problems with it sometimes though - see here. Note - why some people have it listed in start-up programs I don't know but I was asked to include it here. It automatically runs in the background. NOTE : sometimes it will appear in start-ups if you have a virusNo
XMprHTMLMprHTML.exeAdded by a variant of the VAGRNOCKER TROJAN!No
Xmprocessormprocessor.exeInstallDollars.com foistwareNo
UMPSExemscifapp.exeMcAfee.com Privacy Service - "combines personal identifiable information (PII) protection with online advertisement blocking and content filtering"No
YMpsOnnMpsOnn.exeCanon printer driverNo
?MPTMPT.exe??No
XMPtask Servicesmptask.exeAdded by the LALA or AOT TROJANS!No
NMPTBoxMPTBOX.EXECannon Multi-Pass toolbox - a button barNo
Xmptsgsvc.exemptsgsvc.exeHacker Tool - detected by DiamondCS TDS-3 anti-trojan as "HackTool.Win32.Hidd.j"No
NMPXTraympxptray.exeWindows Media Player PowerToy which is run from the taskbar. It can be used to hide Windows Media Player (when in use) and choose various standard buttons (play/pause, next,previous) etcNo
UMP_STATUS_MONITORmonitr32.exeCannon Multi-Pass status monitor - your choiceNo
Xmqadscp3mqadscp3.exeAdded by the STRATION.CX WORM!No
Xmqbkupmqbkup.exeAdded by the OPASERV.K WORM!No
XMQT Svcmqtsvc.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
UmRouterConfigmRouterConfig.exeConfiguration for Intuwave's m-Router - "that enables easy connectivity between mobile devices and PCs across Bluetooth, Infrared, USB and serial cable connections". It was licensed and used by the Symbian OS but m-Router is no longer readily available since Intuwave went into administration in 2006No
Xmrsvctrmrsvctr.exeAdded by a variant of the SDBOT WORM!No
YMRTMRT.exeMicrosoft's Malicious Software Removal ToolNo
NmrtMngrmrtMngr.exeMaintenance Release Task Manager for Intuit's QuickBooks or QuickenNo
Xmrtwmrtw.exeFake MSRT rogue security software - not recommended, removal instructions here. This rogue imitates the legitimate Microsoft Malicious Software Removal Tool (MSRT)No
UMRU-Blaster Schedulerscheduler.exeScheduler for MRU-Blaster - "a program made to do one large task - detect and clean MRU (most recently used) lists on your computer"No
NMRU-Blaster Silent Cleanmrublaster.exeMRU-Blaster - performs silent cleaning of MRU lists at bootNo
UMRUBlasterindexcleaner.exeMRU-Blaster related - runs once in order to delete the index.dat file in the Temporary Internet Files and/or Cookies folderNo
XMr_CoolFace_GameEmma.exeAdded by the ROMARIO-A WORM!No
Xmssvhost32.exeAdded by the LEGMIR-AQO TROJAN!No
XMS Agent Protectionag1.exeAdded by the IRCBOT.AZ BACKDOOR!No
XMS AntiSpyware 2009msas2009.exeMS AntiSpyware 2009 rogue spyware remover - not recommended, removal instructions hereNo
XMS Auto-IPSec ProtectionMSASP32.exeAdded by the RBOT-AER WORM! No
XMS Autoloader 32MSAuto32.exeAdded by the SPYBOT.BD WORM!No
XMs BuildersWupated.exeAdded by the AGOBOT-SS WORM!No
XMS Configmsdconfig.exeAdded by the RBOT-CZH WORM!No
XMS Config Loadersvchos1.exeAdded by the AGOBOT.R WORM!No
XMS Config LoaderMSWin32bck.exeAdded by the GAOBOT.AA WORM!No
XMS Config Loadersvcrhost.exeAdded by a variant of the RBOT WORM!No
XMS Config ServiceMsloader32.exeAdded by the RBOT-KJ WORM!No
XMS Config Streammsasm.exeAdded by the AGOBOT-BA WORM!No
XMS Config v12mscfg12.exeAdded by the AGOBOT.YP WORM!No
XMS Config v13lrbz32.exeAdded by the GAOBOT.AOL WORM!No
XMS Config v13mscfg13.exeAdded by the AGOBOT.YQ WORM!No
XMs configsumsconfigsu.exeAdded by a variant of the SDBOT WORM!No
XMS ConfigurationMSFramer.exeAdded by the RANDEX.OL WORM!No
XMs Configurationmicrosoftsa32.exeAdded by the KELVIR.X WORM!No
XMS Configuration Utilitymsconfig32.exeAdded by the WOOTBOT.DY WORM!No
XMS DATABASEMSDATA32.EXEAdded by a variant of the SDBOT WORM!No
XMS Decryption Softwareactive.exeMediaTickets adware variantNo
XMS DirectX Sound Driversmsdrvdx.exeAdded by the RBOT.BCX WORM!No
XMS DLL Library Managerdllsys64.exeAdded by the RANKY TROJAN!No
XMS Domain Name Server DeamonMSDNSD32.exeAdded by the RBOT-CMZ WORM!No
XMS Domain Name SystemMSWDNS32.exeAdded by the RBOT-GKY WORM!No
XMS DVD DirectX Dll Driversmdxdl.exeAdded by the SDBOT-XI WORM!No
XMS DVD DirectX Sound Driversmsdrvdx.exeAdded by the SDBOT-XJ WORM!No
XMS Explorermexplore.exeAdded by the YAHA.AE WORM!No
XMS FIREWALLmsfrewall.exeAdded by the SDBOT-PU WORM!No
XMS FIREWALLmsfirewall.exeAdded by the SDBOT-QH WORM! No
XMS Hostmsthost.exeAdded by the SLENFBOT.AH WORM!No
XMS Host Managerivhost.exeAdded by the RBOT-BJN WORM!No
XMS Hostsmsthosts.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XMS HTMLmsHtml.exeAdded by the PESTDOOR.31 TROJAN!No
XMS HTMLmslat.exeAdded by the LATINUS.SVR TROJAN!No
XMS HTML Location ClassMSHTML32.exeAdded by the RBOT-YD WORM!No
XMS Initialmstinitial.exeAdded by the IRCBOT.ASP BACKDOOR!No
XMS Internet Executor 32MSIXEC32.exeAdded by the RBOT-AEQ WORM!No
XMS Internet ExploreMSIEx.exeAdded by a variant of the RBOT WORM!No
XMS Java Applets for Windows NT & XPjavaapplet.exeAdded by the RBOT.BHG WORM!No
XMS Java Applets for Windows NT, MEjavaapplets.exeAdded by the VANEBOT-B WORM!No
XMs Java for Windows 98, NT, ME & XPmsjavames.exeAdded by the RBOT.BHJ WORM!No
XMs Java for Windows 98, NT, XP & MEmsjavaxps.exeAdded by the BACKDOOR.GEN TROJAN!No
XMs Java for Windows NTMS32.exeAdded by the VANEBOT-H WORM!No
XMs Java for Windows NTmsi32java.exeAdded by the VANEBOT-I WORM!No
XMs Java for Windows NTmsjava.exeAdded by the VANEBOT-E WORM!No
XMs Java for Windows NTmsi32info.exeAdded by the RBOT.AFX WORM!No
XMS Java for Windows NT, XP & MExpjavams.exeAdded by the KASSBOT-V WORM!No
XMS Java for Windows XP & NTjavanet.exeAdded by the VANEBOT-A WORM!No
XMS Java Service Wrapper Windows NT & XPwrapper.exeAdded by the VANEBOT-D WORM!No
XMs Java Update For Windows NT/XPmsijavaupdt32.exeAdded by the RANDEX.AF WORM!No
XMS Java virtual machinejavavm.exeAdded by the RBOT.ABG WORM!No
XMS LARISSAMS_LARISSA.exeAdded by the ASSIRAL.B WORM!No
XMS lsass Startuplsass135.exeAdded by the RBOT.WM WORM!No
?MS management consolemms.exeSuspicious as the legitimate "Microsoft Management Console" is "mmc.exe" and not "mms.exe" and doesn't normally run at startupNo
XMS Microsoft Socket DeamonMSSCKD32.exeAdded by a variant of the RBOT WORM!No
XMS MSN Menssenger 7.0MSMSN7.exeAdded by the RBOT-ACA WORM!No
XMS MSN Menssenger 7.0MSEXPORT.exeAdded by a variant of the SDBOT WORM!No
XMS Network Controlmswin.exeAdded by the DUMBA TROJAN!No
XMS OfficeOffice10.exeAdded by the VB.DT TROJAN!No
Xms ownagewinPE.exeAdded by the RBOT-AJL WORM!No
XMS Paintmspainter.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XMS PLUS INCwpad.exeAdded by the MYTOB-AN WORM!No
XMs Processe Managermsproc.exeAdded by the RBOT.ATO WORM!No
XMS Real PlayerRealPlyr.exeAdded by the RBOT.MR WORM!No
XMS Registry ServiceMSRMS32.exeAdded by the RBOT-AKP WORM!No
XMS Remote Procedure Callmsrpc32.exeAdded by the RBOT-QL WORM!No
XMS Screen Saverscrsave.scrAdded by the RBOT-AGT WORM!No
XMS Securitysystm.pifAdded by the RBOT-AQN WORM!No
XMS Security Authority Servicelsass.exeAdded by the KALEL-B WORM! Note - this is not the legitimate lsass.exe process, which should not appear in Msconfig/Startup!No
XMS Security Hotfixservice5.exeAdded by the GAOBOT.AG WORM!No
XMS Security Update 993msident.exeAdded by a variant of the SDBOT WORM!No
XMS servicemsservice.exeAdded by the RBOT-ZG WORM!No
XMS Service Driverswinscv.exeAdded by the SDBOT-COG WORM!No
XMs sock for Windows NTwinser.exeAdded by a variant of the SDBOT WORM!No
XMS Sound Config 16bitsndcfg16.exeAdded by the SDBOT.MB TROJAN!No
XMs Sound Driversmsdrv.exeAdded by the SDBOT-WR WORM!No
Xms spool servicemsspooler.exeAdded by a variant of the RBOT WORM!No
XMs Spool32MS SPOOL32.EXEAdded by the ASASSIN TROJAN!No
XMS SyS Restoresysrestore.exeAdded by the RBOT.XM WORM!No
XMS Sys Securitymswin.pifAdded by the RBOT-APJ WORM!No
XMS System Call Functionmsscf32.exeAdded by the RBOT-GBZ WORM!No
XMs System ConfigMscfg.exeAdded by the SDBOT-CCR WORM!No
XMs System Configpcedit.exeAdded by a variant of the SDBOT WORM!No
XMS System Securitymswin32.pifAdded by the RBOT-AOX WORM!No
XMs task managertskmgr.exeAdded by the SDBOT.CCD WORM!No
XMS Task Manager 32[trojan filename] .exeAdded by the RANKY.NF TROJAN!No
XMS taskbarcrssr.exeAdded by the RBOT-AGO WORM!No
XMS taskbarnts.exeAdded by the RBOT-AGB WORM!No
XMS taskbartaskbars.exeAdded by the RBOT.BRW WORM!No
XMS Taskbarstaskbars.exeAdded by the SDBOT-ACV WORM!No
XMS taskmanagertskmgr.exeAdded by the RBOT-AKA WORM!No
XMS Timetimezone.exeAdded by the AGOBOT.ADY WORM!No
XMS UniXnavupdate64.exeAdded by the RBOT.CRZ BACKDOOR!No
XMS Unix Binarywin32ttb.exeAdded by the SPYBOT.OQ WORM!No
XMS Unix Binarymsmq2inst.exeAdded by the RBOT-YF WORM!No
XMS Unix Binarymsnupdate.exeAdded by the RBOT-AAM WORM!No
XMS Unix Binaryoutlookexpressupdate.exeAdded by the RBOT-YU WORM!No
XMS Unix BinaryWin32Update.exeAdded by the RBOT-BAS WORM!No
XMS Unix BinaryNorton2005Update.exeAdded by a variant of the RBOT WORM!No
XMS Unix Binarytrmupdate.exeAdded by the RBOT-ACC WORM!No
XMS Unix BinaryWinGuard.exeAdded by the RBOT-ACL WORM!No
XMS Unix Binarymsnq3insller.exeAdded by the RBOT.GXH BACKDOOR!No
XMS Updatesyshost.exeAdded by the EVAMAN-F WORM!No
XMS Update Service Prsvehost.exeAdded by the AGOBOT-LV BACKDOOR!No
XMs Update WinServices NT/XPwinservnt32.exeAdded by the VANEBOT-G WORM!No
XMS UPDATERupdate.exeAdded by the RBOT-VC WORM!No
XMS Updatesmscache.exeSpyware web downloaderNo
XMS Updatessyshosts.exeAdded by the MYDOOM.Y WORM!No
XMS Updatesaupd.exeSpyware web downloaderNo
XMS Updating Utilitymsupdater.exeAdded by the RBOT-XR WORM!No
XMS USB 2.0 Windows Supportmsusb32.exeAdded by a variant of the RBOT WORM!No
XMs Valud LoaderSvhots.exeAdded by the AGOBOT-SP WORM!No
XMS Win32 Network Serviceswindriver.exeAdded by the AGOBOT.ADH WORM!No
Xms window update******.exe [* = random character]Added by a variant of the RBOT WORM!No
XMS Windows AOL DriverMSAOLdrv.exeAdded by the RBOT-ASP WORM!No
XMS windows Data list processMSDATLST.exeAdded by an unidentified WORM or TROJAN!No
XMS Windows Executor ProcessMSEXECP32.exeAdded by a variant of the RBOT WORM!No
XMS Windows Local DirectoryMSWLD32.exeAdded by a variant of the RBOT WORM!No
XMS Windows procces 32msprocces.exeAdded by the RBOT-AEZ WORM!No
XMS Windows Process ClassMSPRCSS32.exeAdded by the RBOT-YQ WORM!No
XMS Windows Process InitMSWPI32.exeAdded by the RBOT-ASQ WORM!No
XMS Windows Security Updaterupdater.pifAdded by the RBOT-AKY WORM!No
XMS Windows System AlertMSWSA32.exeAdded by the RBOT-BFN WORM!No
XMS Windows TASK ServiceMSWTASK32.exeAdded by a variant of the RBOT WORM!No
XMS Windows Updatescguard.exeAdded by the RBOT-YZ WORM!No
XMS WINS Binaryign32.pifAdded by the RBOT-ASB WORM!No
XMS Winsockmsws2_32.exeAdded by the AKBOT-A TROJAN!No
Xms************* [* = random digit]ms*************.exe [* = random digit]WINBO adwareNo
XMs**.exe [* = random char]Ms**.exe [* = random char]CoolWebSearch/HomeSearch adware - for examples, see this logNo
XMs**32.exe [* = random char]Ms**32.exe [* = random char]CoolWebSearch/HomeSearch adware - for examples, see this logNo
XMS-Connectarr.exeAdult content dialler - see hereNo
XMS-Connectcdm.exeAdult content dialler - see hereNo
XMS-Connectgame.exeAdult content dialler - see hereNo
XMS-Connectmsite18.exeAdult content dialler - see hereNo
XMS-Connectweb.exeAdult content dialler - see hereNo
XMS-DOS Boot ServiceBoot32.pifAdded by the RBOT-AMF WORM!No
XMS-DOS Security Servicems-dos.pifAdded by the RBOT-AMR WORM!No
XMS-DOS ServiceMS-DOS.pifAdded by the RBOT-AII WORM!No
XMS-DOS Windows ServiceMS-DOS.PIFAdded by the RBOT-AJW WORM!No
XMS-HTML[random filename]Added by the LATINUS.15 TROJAN!No
XMS-patchmsconfig32.exeAdded by the RBOT-AUF WORM!No
XMS-patchmspatch32.exeAdded by the RBOT-AWF TROJAN!No
XMS-RunKeyarr.exeMS-Connect dialler/hijackerNo
Xms2srcms2src.exeAdded by a TROJAN - see here No
XMS32DLLachi.dll.vbsAdded by the ACHI-A TROJAN!No
XMS32DLLBha.dll.vbsAdded by the BUTSUR-A WORM!No
XMS32DLLMS32DLL.dll.vbsAdded by the ZODGILA WORM!No
XMS32DLLffqca.exeAdded by the SDBOT-YD WORM!No
XMS7531ms7531.exeHomepage hijackerNo
XMSACMmsacm.exeAdded by the OPASERV-O WORM!No
Xmsadcheckmsadcheck32.exeBrowser hijacker, redirecting to search-system.com No
XMSAdminjdbgmrg.exeAdded by the DASMIN.A TROJAN! Note - this is not the valid JDBGMGR.EXE file - see hereNo
XMSAgentmshtm.exeBrowser hijacker - redirecting to buldog-search.com No
XMSAgenthhnt.exeAGENT.JI spywareNo
XMSAgentXPMSAgentXP.exeIdentified by Ewido Security Suite (Ewido is now part of AVG Technologies) as the REQLOOK.C TROJAN!No
Umsaimmsaolim.exeMessageSpy keystroke logger/monitoring program - remove unless you installed it yourself!No
Xmsappts32msappts32.exeAdded by the ELBURRO-A TROJAN!No
YMSASCuiMSASCui.exeMain user interface for Microsoft's Windows Defender on XP/Vista - which "helps protect your computer against pop-ups, slow performance, and security threats caused by spyware and other unwanted software by detecting and removing known spyware from your computer". Used in conjunction with the associated service, this entry is always running and the user also has the option to always display the System Tray icon and monitor/control new startup programsYes
XMsAudioexplorer.exeAdded by the LEGMIR-BY TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%No
XMsAudioMsVM_STI.EXE RunDll32 cmicnfg.cpl, CMICtrlWndAdded by the LEGMIR-BY TROJAN! Note - this is not associated with C-Media based audio which uses a similar command entry (see here)No
Xmsavsc.exemsavsc.exeAdded by the AGENT.ANQ TROJAN!No
XMSbackupsbackups.exeAdded by the BANLOAD-TL TROJAN!No
Xmsbbmsbb.exe180Search adwareNo
XMsbb.exeMsbb.exeAdded by the SDBOT.QJ WORM!No
Xmsbcsmsbcs.exeAdded by the DADOBRA-G TROJAN!No
XMsBootMgr.exeMsBootMgr.exeAdded by the VERIFY TROJAN!No
Xmsbsc[path to trojan]Added by the BANKER-DF TROJAN!No
Xmscmsc.exeMaCatte Antivirus 2009 rogue security software - not recommended, removal instructions hereNo
Xmsccrtmsccrt.exeAdded by the PWS-ALA TROJAN!No
Xmscheckrundll32.exe wincheck071008.dll mymainAdded by the AGENT.ADXI TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "wincheck071008.dll" file is located in %System%No
Xmschkdf.exemschkdf.exeAdded by a variant of the SDBOT WORM!No
XMSChoExEsuge.exeAdded by a variant of the RBOT WORM!No
?mscimcinfo.exeMcAfee Internet Security related. What does it do and is it required?No
Xmscj.exemscj.exeAdded by the BACKDR-L BACKDOOR!No
Xmsclacmsclac.exeAdded by the SDBOT-JM WORM!No
Xmscleanmsvchost.exeAdded by the OPANKI-Q WORM!No
Xmscmanmscman.exeClientMan parasite variantNo
Xmscmsmscms.exeAdded by the AGENT-MS TROJAN!No
Umscnmscn.exePart of the SafeChildNet internet filtering program - required if you use itNo
XMscntmscnt.exeAdded by the DLUCA-C TROJAN!No
XMscolourmscolour.exeAdded by the GEMA TROJAN!No
XMSCommXmscommx.exeAdded by a variant of the RBOT WORM!No
XMsconf32Msconf32.exeAdded by the AGOBOT-NR WORM!No
XMSCONFG32.EXEMSCONFG32.EXEAdded by the OPTIX.04.C TROJAN!No
NMSConfigmsconfig.exeEntry that appears when you uncheck an item in the MSConfig Startup group and will disappear if on the next reboot you select the option to not be reminded that you are running in Selective Startup mode. Located in %System% (98/Me/Vista) or %Windir%\PCHealth\HelpCtr\Binaries (XP)Yes
XMSConfigMSCONFIG32.EXEAdded by the SPYBOT.B WORM!No
Xmsconfigmsconfig.exeCoolWebSearch MSConfig parasite variant. Note - this overwrites the legitimate msconfig.exe which should only appear in Msconfig/Startup if you leave the warning box unchecked after changing an Msconfig entry and rebootingNo
Xmsconfigmsconfig.exeAdded by the WINUR WORM! Note - this is not the legitimate msconfig.exe which should only appear in Msconfig/Startup if you leave the warning box unchecked after changing an Msconfig entry and rebooting. This one is located in c:\winrunNo
Xmsconfigwins.exeAdded by the RBOT.PF WORM!No
XMSConfigMSCONFIG35.EXEAdded by a variant of the SPYBOT WORM!No
Xmsconfigscvhost.exeAdded by the AGENT-DSF TROJAN!No
Xmsconfigwinlog.exeAdded by the IRCBOT-TJ TROJAN!No
XMsconfigicpldrvx.exeAdded by the BANLOAD.BFT TROJAN!No
Xmsconfigmsconfig.comAdded by the IRCBOT-SM WORM!No
Xmsconfigmsconfig.batAdded by the PAHATIA.B WORM!No
XMSConfiglssas.exeAdded by the AUTORUN.CEY WORM!No
XMSConfigxwpwqf.exeAdded by the AGENT-NEW TROJAN!No
XMSConfigoumy.exeAdded by the AGENT-NGD TROJAN!No
XMsconfig lptt01msconfig.exeRapidBlaster variant (in a "msconfig" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here. Note - this is not the valid Windows Msconfig which has the same executable nameNo
XMSConfig Managermsupdate.exeCoolWebSearch parasite variantNo
XMsconfig ml097emsconfig.exeRapidBlaster variant (in a "msconfig" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here. Note - this is not the valid Windows Msconfig which has the same executable nameNo
Xmsconfig serviceMSupdate32.exeAdded by a variant of the SPYBOT WORM!No
Xmsconfig.msconf.exeAdded by the BUZUS-AY WORM!No
Xmsconfig.exeproxy.exeAdded by a variant of the AGENT.AH downloader TROJAN!No
Xmsconfig.exeuline.exeAdded by a variant of the AGENT.AH downloader TROJAN!No
Xmsconfig38mssvcc.exeAdded by the RBOT-BJV WORM!No
XMSConfig45MSConfig45.exeAdded by the SDBOT.OJ TROJAN!No
XMSConfigrjdbgmrg.exeAdded by the DASMIN.C TROJAN! Note - this is not the valid JDBGMGR.EXE file - see hereNo
NMSConfigRemindermsconfig.exeEntry that appears when you uncheck an item in the MSConfig Startup group and will disappear if on the next reboot you select the option to not be reminded that you are running in Selective Startup mode. This particular entry is specific only to 98/Me and is located in %System%Yes
XMsConfigsMsConfigs.exeAdded by the ALCAN.A WORM!No
XMSConfigsRUNDLL64.dll.vbsAdded by the WEKODE-B WORM!No
Xmsconfiguratorctfsdk.exeAdded by the DELF-ALS TROJAN!No
XMSControl28crsss.exeAdded by the SPYBOT.AJX WORM!No
XMSControl31winnsyst.exeAdded by the RBOT.CFY WORM!No
XMSControl3d1isasse.exeAdded by the RBOT.CGU WORM!No
XMSCOREsyscnfg.exeAdded by an unidentified VIRUS, WORM or TROJAN! "syscnfg.exe" is found in %Windir%\fonts\font2 where no *.exe files should resideNo
?MSCRMStartupMicrosoft.Crm.Application.Hoster.exeRelated to Microsoft Dynamics CRM integrated solutions for Financial, Supply Chain and Customer Relationship Management. What does it do and is it required?No
XMscsgsMSCSGS.EXEAdded by the ZEZER WORM!No
XMscsgs32MSCSGS32.EXEAdded by the ZEZER WORM!No
Xmscsvc.exemscsvc.exeAdded by the BANCOS.T TROJAN!No
Xmsctfg32msctfg32.exeAdded by the RBOT-TJ WORM!No
Xmsctrl.exemsctrl.exeMicrosoft Security Adviser rogue security software - not recommendedNo
XMsctrl32Msctrl32.scrAdded by the REDIST WORM!No
XMSCVTMSCVT.exeAdded by the SLIDESHOW WORM!No
XMSDatablavadasq.exeAdded by the LIOTEN.IK WORM!No
Xmsdbgm.exemsdbgm.exeAdded by the CIMUZ-CQ TROJAN!No
XMSDcomMSDcom.exeAdded by a variant of the SDBOT WORM!No
Xmsdefendermsdefender.exeIdentified as a variant of the PAKES.CMD TROJAN! See here for an exampleNo
Xmsdefender.exemsdefender.exeAdded by the PAKES.ZL TROJAN!No
Xmsdevmsdev.exeAdded by the FORBOT-CR WORM!No
Xmsdevmsconfig.exeAdded by the AGOBOT.AAU WORM! Note - this is not the legitimate msconfig.exe which should only appear in Msconfig/Startup if you leave the warning box unchecked after changing an Msconfig entry and rebootingNo
Xmsdev controlmsdevctrl.exeAdded by the SPYBOT.N BACKDOOR!No
Xmsdir32msdir32.batAdded by the ROOKIE-A TROJAN!No
Xmsdirect.exemsdirect.exeAdded by the CERTIF-L TROJAN!No
XMSDLLsyscnfg.exeAdded by an unidentified VIRUS, WORM or TROJAN! "syscnfg.exe" is found in %Windir%\fonts\font2 where no *.exe files should resideNo
XMsdmxmmsdmxm.exeAdded by the DLUCA-DC TROJAN!No
XMSDNnese.exeAdded by the SDBOT.AHY WORM!No
XMSDN for Windows NTmsdn.exeAdded by a variant of the RBOT WORM!No
XMSDN for Windows NT & WinXPmsdnxp.exeAdded by the IRCBOT-PE WORM!No
XMSDN for Windows with NT'smsdn-nt.exeAdded by the RBOT-EWD WORM!No
XMSDN HELPmsdn.exeAdded by the AGOBOT.AIB WORM!No
XMSDNMess[path to trojan]Added by the RANKY.BA TROJAN!No
XMSDNNhelp.exeAdded by the AGENT-GBK TROJAN!No
XMSDOS Security Servicemsdos.pifAdded by the RBOT-AMP WORM!No
XMSDOS ServiceMSDOS.PIFAdded by the RBOT-AIY WORM!No
XMSDOS Windows ServiceMSDOS.PIFAdded by the RBOT-AKF WORM!No
XMsdos32Msdos32.pifAdded by the RECORY WORM!No
Xmsdos423msdos423.exeAdded by the MENACE.A WORM!No
XMSDosdrvmsdosdrv.exeAdded by the BACROS WORM!No
XMSDriverundll32.exe drvkoc.dllAdded by a variant of the OP DIALER! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "drvkoc.dll" file is found in %System%No
XMSDriverundll32.exe drvmod.dllAdded by a variant of the OP DIALER! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "drvmod.dll" file is found in %System%No
XMSDriverundll32.exe drvsoh.dllAdded by a variant of the OP DIALER! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "drvsoh.dll" file is found in %System%No
XMSDRVNetFilter.exeAdded by the INTERRUPDATE TROJAN!No
Xmsdrvctrlmsdrvctrl.exeAdded by the VIDCACH-A TROJAN!No
NMSDTCmsdtc.exeMS Distributed Transaction Coordinator - handles transactions across multiple servers and is installed by MS Personal Web Server and MS SQL ServerNo
XMsemu32Msemu32.exeUnidentified spyware/adware/hijackerNo
Xmsenngerl4m3r.exeAdded by the PROGENT-AF TROJAN!No
Xmsenngerournik.comAdded by the IRCFLOOD.AL BACKDOOR!No
Xmservseres.exeAdded by the AGENT-LIL WORM!No
Xmservices.exemservices.exeAdded by the SDBOT.WJ WORM!No
Xmsetsvchost.exeAdded by the BIZEX-F TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "mset" sub-directoryNo
XMsfindMsfind.exeCoolWebSearch parasite variantNo
XMSFind32msfind32.exeAdded by the CAYAM WORM!No
Xmsfindosa.exemsfindosa.exeAdded by the DOWNLOADER-BS TROJAN!No
XMSFTP Service Configr3grun.exeAdded by a variant of the SDBOT WORM!No
Xmsfw.exemsfw.exeMicrosoft Security Adviser rogue security software - not recommendedNo
XMSFWAVTSMFTPDev.exeAdded by the RBOT-ACF WORM!No
XMsg Fixagemsgfixed.exeAdded by the SDBOT.ZD WORM!No
XMsgApi[path to file]Added by the DEDLER-D TROJAN! The most common filenames seen are "csmss.exe" and "csmrs.exe", located in %System%No
Xmsgb1msgb1.exeAdded by the DLUCA.GEN TROJAN!No
NMsgCenterExeRealOneMessageCenter.exeRealNetworks RealPlayer related - disabling this application will not affect Real Player in any wayNo
Xmsgex32msgex32.exeAdded by the APPFLET-A WORM!No
Xmsginawuauclt2.exeAdded by the IYUS-H TROJAN!No
XMsgmgr[path to worm]Added by the BABYBEAR WORM!No
Xmsgmsgsperemption.exeAdded by the SDBOT-KU WORM!No
Xmsgserv_Syss.exeAdded by the FANTA TROJAN!No
Xmsgsm32msgsm32.exeAdded by the RBOT-ASG WORM!No
XMsgsrv16Msgsrv16.exeAdded by the DELF family of TROJANS!No
YMSGSRV32.exemsgsrv32.exeWindows 32-bit VxD Message Server. For more information on its function and why it's needed, see here. Note - why some people have it listed in start-up programs I don't know but I was asked to include it here. It automatically runs in the backgroundNo
XMsgsvc32[worm filename]Added by the NAUTICAL-A WORM!No
XMsgSvcMgr32cmdzxdll.exeAdded by the RBOT-AEK WORM!No
Xmsgsvr32msgsvr32.exeAdded by the DEADHAT.B WORM! Note - this is not the legitimate msgsvr32.exe process on a Win9x/Me system which should not appear in MSConfig/startup!No
UMSGTAGMSGTAG.exeMSGTAG is an application that tells you when your emails have been received and openedNo
XMsgtraysys16.exeAdded by an unknown VIRUS!No
XMshelp32mshelp32.exeCoolWebSearch parasite variantNo
Xmshmailmshmail.exeAdded by the INJECT.JDT TROJAN!No
XMshostsMshosts.exeAdded by the STARTPAG.CF TROJAN!No
XMSHT@MSHT@.EXEAdded by the MAGISTR.A VIRUS!No
Xmshtmllmshtmll.dllAdded by the DELF.BAS TROJAN!No
XMSI Configurationmsiconf.exeAdded by the AGENT.AKSZ TROJAN!No
Xmsiconf.exemsiconf.exeAdded by a variant of the FAKEALERT TROJAN!No
Xmsidlemsidle.exeAdded by the OPASERV-O WORM!No
XMsIdle32.exeMsIdle32.exeAdded by the VERIFY TROJAN!No
XMSIdllwinmp.exeAdded by a variant of the RBOT WORM!No
XMSIE ParsersMSIE32ab.exeAdded by the SDBOT.MV WORM!No
Xmsiemon.exemsiemon.exeMicrosoft Security Adviser rogue security software - not recommendedNo
Xmsiewmseiw.exeAdded by the LITTLOG TROJAN!No
XMSIEXECMSIEXEC32.exeAdded by the AINESEY.A WORM!No
XMSIEXECMSIEXEC.EXEAdded by the YOSENIO-A VIRUS!No
Xmsiexecsmsiexecs.exeAdded by the SILLYFDC.BBB WORM!No
Xmsiexecs.exemsiexecs.exeAdded by a variant of the SDBOT WORM!No
Xmsigdisk10.exeAdded by the BANBRA-KF TROJAN!No
XMsIMMs32MsIMMs32.exeONLINEG.GDJ spywareNo
Xmsimnmsimn.exeAdded by the AGOBOT.JL WORM!No
XMSIMN32MSIMN32.EXEAdded by the CWS-M TROJAN!No
?MSINMSin.exe??No
XMsinetMsinet.exeAdded by the RBOT-AOA WORM!No
XMSInfomsinfo.exeAdded by the ALADINZ.M TROJAN!No
XMSInfoAVBgle.exeAdded by the NETSKY.O WORM!No
XMSInstallsmvss.exeAdded by the DEDLER-G TROJAN!No
Xmsjava servicexpcd.exeAdded by the SDBOT.VM WORM!No
Xmsjdqsfddwqt.exeAdded by the SDBOT-PO WORM!No
UMskAgentMskAgent.exeMcAfee SpamKiller - rule-based and list-based spam filter. Available as a stand-alone product or included in older versions of Internet Security and Total ProtectionYes
UMskAgentexeMskAgent.exeMcAfee SpamKiller - rule-based and list-based spam filter. Available as a stand-alone product or included in older versions of Internet Security and Total ProtectionYes
XMSKCES32[random filename]Added by the CLONER TROJAN!No
UMSKDetectorExeMSKDetct.exePart of McAfee SpamkillerNo
XMSKernel32MSKernel32.vbsAdded by the LOVELETTER (I LOVE YOU) VIRUS!No
XMSkernel32System.exe 4820Added by the TUXDER BACKDOOR!No
UMSKExespamkiller.exeMcAfee SpamkillerNo
Xmskjmskj.exeAdded by the KAEMON TROJAN!No
Xmskridermaskrider.dll.vbsAdded by the SOLOW-F WORM!No
UMSKServerExeMSKSrvr.exePart of McAfee SpamkillerNo
Xmslagentmslagent.exeAdded by the WINTRIM-F TROJAN!No
XMSLARISSAMSLARISSA.pifAdded by the ASSIRAL.B WORM!No
?MSLIB32mswatch32.exe??No
Xmsliveupdatemsliveupdate.exeAdded by the AGOBOT.ALT WORM!No
XMSLogMicrosoftLog.exeAdded by a variant of the SDBOT WORM!No
XMslogon lptt01mslogon.exeRapidBlaster variant (in a "Mslogon" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see hereNo
XMslogon ml097emslogon.exeRapidBlaster variant (in a "Mslogon" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see hereNo
Xmsmmsm.scrAdded by the BANKER-EHJ TROJAN!No
Xmsmacro32msmacro32.exeIdentified as a variant of the AGENT.QB TROJAN!No
Xmsmacro32msmacro64.exeAdded by a variant of the BACKDOOR-DOQ TROJAN!No
XMsManagermsmgr32.exeAdded by the YAHA.AF WORM!No
Xmsmanager32msmngr32.exeAdded by the RANDON-R (or WOMANIZ.A) WORM!No
Xmsmautoprotectmsmssgs.exeAdded by the BIFROSE-AJ TROJAN!No
Xmsmcmscpbo.exeClientMan parasite variantNo
Xmsmcmsgdmf.exeClientMan parasite variantNo
Xmsmcmsongn.exeClientMan parasite variantNo
Xmsmcmsmc.exeClientMan parasite variantNo
Xmsmcms****.exe [* = random char]ClientMan parasite variantNo
XMSMcAfeeeAvsynmgr32e.exeAdded by the FRAMAR TROJAN!No
XMSMcAfeehAvsynmgr32h.exeAdded by the FRANGO TROJAN!No
XMSMcAfeeSAvsynmgr32S.exeAdded by the VOLAC or VOLAC.DR TROJANS!No
XMSMessngermsnupd.exeAdded by the RBOT-ADY WORM!No
?msmgrmsmgr.exe??No
XmsMGRrtkmsg.exeAdded by the SDBOT-BPY WORM!No
XMsmgtmsmgt.exeTotal Velocity adware/hijackerNo
Xmsmmimsmmi.exeAdded by the AGENT.RFR TROJAN!No
XMSMNTGNTMSMNTGNT.EXEAdded by the BANKER-IE TROJAN!No
XMSMNTJBEMSMNTJBE.EXEAdded by the BANCOS-EF TROJAN!No
XMSMNTJNGMSMNTJNG.EXEAdded by the GRABER-G TROJAN!No
XMSMNTMTSMSMNTMTS.EXEAdded by the BANKER-GZ TROJAN!No
Xmsmonmsmon.exeAdded by a variant of the GEMA.D TROJAN!No
XMsMon32MsMon32b.exeAdded by the SDBOT.O BACKDOOR!No
XMsMoviesMsMovies.exeAdded by the ALCRA-E WORM!No
?MsmqIntCertregsvr32 /s mqrt.dllMicrosoft Message Queue Server - Internal Certificate - see here for more info and here for a potential problem. Is it required?No
XMSMSGNER[4-8 random letters].exeAdded by the FOWLDO-GEN TROJAN!No
XMSMSGNERzzgf.exeAdded by the PWS-CCB TROJAN!No
XMSMSGNERfgozmox.exeAdded by the AGENT-EBJ BACKDOOR!No
Xmsmsgrmsmsgss.exeDetected by Kaspersky as the RBOT.AJJ WORM!No
NMSMSGSmsmsgs.exeWindows Messenger instant messenger utility included with Windows 2K/XP. Available via the Start menu. Go to Windows Messenger → Tools → Options → Preferences and uncheck "Run this program when Windows starts"Yes
XMsmsgsMsmsgs.exeAdded by the SILLYFDC-AP WORM! Note - this particular msmsgs.exe file is located in %System% and should not be mistaken for the MSN Messenger file of the same name which is located in %Program Files%\MessengerNo
XMSMsgsmsmessgs.exeAdded by the SMALL-EW TROJAN!No
Xmsmsgsmsmsgs.exeAdded by the SCLOG-AL TROJAN! Note - this particular msmsgs.exe file is located in %System% and should not be mistaken for the MSN Messenger file of the same name which is located in %Program Files%\MessengerNo
XMSMSGSwinlogon.exeAdded by the BRONTOK-BS WORM! Note - this is not the legitimate winlogon.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in Documents and Settings\<User>\Local Settings\Application Data\WINDOWSNo
Xmsmsgs.exeIEXPLORE.EXEAdded by the VB.FQX TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System%No
XMsMsgSrvmsmsgsrv.exeAdded by the CQO TROJAN!No
Xmsmsgss[path to trojan]Added by the RANKY.G BACKDOOR!No
XMSMsgSvcMSMSGSVC.exeBrowser hijacker, identified by some antiviruses as a variant of the StartPage.QC TROJAN! No
Xmsmsngrmsmsngr.exeAdded by the DOPBOT-B WORM!No
Xmsnsystem32.exeAdded by the KITRO.A WORM!No
Xmsnmsnmsg.exeAdded by the RBOT-GO WORM!No
XMSNmsnmsgs.exeAdded by the RBOT-KL WORM! Note - not to be confused with msmsgs.exe, the well known MSN Instant Messaging application!No
XMSNctfmoons.exeAdded by the SPYBOT.HI WORM!No
XMSNmsnmesengers.exeAdded by the RBOT-ME WORM!No
XMSNMSN.exeAdded by the MINIT WORM!No
XMSNmsnmsgr.exeAdded by the MYTOB or MYTOB.B WORMS! Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %System%No
Xmsnmsnsvc.exeAdded by a variant of the SDBOT WORM!No
XMSNmsn16.exeAdded by the SDBOT-VN WORM!No
XMSNmsnsgr.exeAdded by an unidentified WORM or TROJAN!No
XMSNinstall.exeAdded by the AGENT-GDO TROJAN!No
XMSNnetstats.exeAdded by the IRCBOT.UXP WORM!No
XMSNscvhost.exeAdded by the IRCBOT-ZW WORM!No
XMSNwdlrss.exeAdded by a variant of the SDBOT TROJAN!No
XMSNwkssvr.exeAdded by the PUSHBOT.S WORM!No
XMSNFixdriver.exeAdded by the SILLYFDC.BBY WORM!No
XMSNiTuneshelp.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XMSNlsass32.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XMSNmsscomd.exeAdded by a variant of the SPYBOT WORM! See hereNo
XMSNsystems.exeIdentified as a variant of the Backdoor.PosionIvy keylogging malwareNo
XMSNtaskngr.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XMSNwkssvrs.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XMSNwksvr.exeAdded by the IRCBOT-XU WORM!No
XMSNwmev.exeAdded by a variant of the SPYBOT WORM! See hereNo
XMSNkys7r.exeAdded by the AUTORUN-AR WORM!No
XMSNservices51651.exeAdded by the IRCBOT-AAL TROJAN!No
XMsnrundll32.exe ilss32.dll,networkAdded by the BANLO-E TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deletedNo
Xmsnwinlogon.exeAdded by the PROSTI.AA BACKDOOR! Note - this is not the legitimate winlogon.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\MediaNo
XMSNmsnmsgx.exeAdded by the RBOT-PZ WORM!No
XMSNmsservice.exeAdded by the IRCBOT-ABZ TROJAN! No
XMSNsmsss.exeAdded by the BUZUS-D WORM!No
XMSNsvchost.exeAdded by the PUSHBOT.FA WORM! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%No
XMsn 8.0 Livemsn.exeAdded by the BANKER.EIE TROJAN!No
XMSN 9.0 Plus[random letters].exeAdded by the RBOT-ALY WORM!No
XMSN Administration For Windowsmsnadp32.exeAdded by the BROPIA.W WORM!No
XMSN angcssrss.exeAdded by the FORBOT-CE WORM!No
XMSN Auto-Updatermsnaupdater.exeAdded by a variant of the IRCBOT BACKDOOR!No
XMSN Auto-Updatermsnupdates.exeAdded by the AUTORUN.WORM.GEN WORM!No
XMSN BETAservice.exeAdded by the RBOT.AUU WORM!No
XMSN Boostermsnbooster.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XMsn Bootmsnbootcfg.exeAdded by the IRCBOT.BFU BACKDOOR!No
XMSN Bootermsnbootcf.exeAdded by the DELF-FAS TROJAN!No
XMSN Checkermsnchecker.exeAdded by the SDBOT-AGB WORM!No
XMSN Client Managermsnclimgr.exeAdded by the AUTORUN-FV WORM!No
XMSN CNF Managermsncnfmgr.exeAdded by the VUNDO TROJAN!No
XMSN Communication Managermsncommgr.exeAdded by an unidentified WORM or TROJAN! See hereNo
XMsn Configmsngf.exeAdded by the RBOT-QG WORM!No
XMSN Configurationmsnconfig.exeAdded by a variant of the IRCBOT TROJAN!No
XMsn Configuration Loadermsngms.exeAdded by the KELVIR.T WORM!No
XMSN Configuration Loadermsmsncfg.exeAdded by the AGOBOT-KX BACKDOOR!No
XMSN CST Managermancstmgr.exeAdded by an unidentified WORM or TROJAN! See hereNo
XMSN Database Clientmsndbcli.exeAdded by an unidentified WORM or TROJAN! See hereNo
XMSN Debug Mgrmsndebugs.exeAdded by a variant of the IRCBOT TROJAN!No
XMSN Explorermsnexplorer.exeAdded by the AGENT-CAX TROJAN!No
XMSN Explorerexplorer..exeDropper for the Ciadoor.cb TROJAN!No
XMSN File & Folder Sharing Appmsnfileshare.exeAdded by an unidentified WORM or TROJAN! See hereNo
XMSN File Configurationmsnfilecfg.exeAdded by a variant of the IRCBOT BACKDOOR!No
XMSN File Sharingmsnusr.exeAdded by the SLENFBOT.AM WORM!No
XMSN File Sharing Wizardmsnsharewiz.exeAdded by a variant of the IRCBOT BACKDOOR!No
XMSN File Sharing!msnuser.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
XMSN Funny Imagesimsngsr.exeAdded by the AGOBOT-TT WORM!No
XMSN Gaming ZoneTwain.exeAdded by the AGENT.BEA TROJAN!No
XMSN Hostnmsnhostn.exeAdded by a variant of the IRCBOT BACKDOOR!No
NMSN Internet Accesstrayclnt.exeQuick way to connect to MSN internet service - replaces "MSN Quick View" from V5.6 onwardsNo
XMSN Live Clientmsnlvclient.exeAdded by the IRCBOT.AWF BACKDOOR!No
XMSN Live Messangermsnlivegs.exeAdded by the RBOT-FSG WORM!No
XMSN Managercvss.exeAdded by a variant of the SPYBOT WORM!No
XMSN Managermscmgr.exeUnidentified malware - causes multiple browser windows to openNo
XMSN Managerms